bugfix: set tls config if existed when dfget downloads from the source station

zcc35357949 · zcc35357949 · commit 1bb19a68f29e · 2019-09-29T11:41:26.000+08:00
Signed-off-by: zhouchencheng &lt;zhouchencheng@bilibili.com&gt;
diff --git a/dfget/core/downloader/back_downloader/back_downloader.go b/dfget/core/downloader/back_downloader/back_downloader.go
@@ -102,7 +102,7 @@ func (bd *BackDownloader) Run() error {
 	bd.tempFileName = f.Name()
 	defer f.Close()
 
-	if resp, err = httputils.HTTPGet(bd.URL, netutils.ConvertHeaders(bd.cfg.Header)); err != nil {
+	if resp, err = httputils.HTTPGetWithTLS(bd.URL, netutils.ConvertHeaders(bd.cfg.Header), 0, bd.cfg.Cacerts, bd.cfg.Insecure); err != nil {
 		return err
 	}
 	defer resp.Body.Close()
diff --git a/pkg/httputils/http_util.go b/pkg/httputils/http_util.go
@@ -18,8 +18,11 @@ package httputils
 
 import (
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"net/http"
 	"reflect"
@@ -210,16 +213,37 @@ func Do(url string, headers map[string]string, timeout time.Duration) (string, e
 
 // HTTPGet sends an HTTP GET request with headers.
 func HTTPGet(url string, headers map[string]string) (*http.Response, error) {
-	return HTTPWithHeaders("GET", url, headers, 0)
+	return HTTPWithHeaders("GET", url, headers, 0, nil)
 }
 
 // HTTPGetTimeout sends an HTTP GET request with timeout.
 func HTTPGetTimeout(url string, headers map[string]string, timeout time.Duration) (*http.Response, error) {
-	return HTTPWithHeaders("GET", url, headers, timeout)
+	return HTTPWithHeaders("GET", url, headers, timeout, nil)
+}
+
+// HTTPGetWithTLS sends an HTTP GET request with TLS config.
+func HTTPGetWithTLS(url string, headers map[string]string, timeout time.Duration, cacerts []string, insecure bool) (*http.Response, error) {
+	roots := x509.NewCertPool()
+	appendSuccess := false
+	for _, certPath := range cacerts {
+		certBytes, err := ioutil.ReadFile(certPath)
+		if err != nil {
+			return nil, err
+		}
+		appendSuccess = appendSuccess || roots.AppendCertsFromPEM(certBytes)
+	}
+
+	tlsConfig := &tls.Config{
+		InsecureSkipVerify: insecure,
+	}
+	if appendSuccess {
+		tlsConfig.RootCAs = roots
+	}
+	return HTTPWithHeaders("GET", url, headers, timeout, tlsConfig)
 }
 
 // HTTPWithHeaders sends an HTTP request with headers and specified method.
-func HTTPWithHeaders(method, url string, headers map[string]string, timeout time.Duration) (*http.Response, error) {
+func HTTPWithHeaders(method, url string, headers map[string]string, timeout time.Duration, tlsConfig *tls.Config) (*http.Response, error) {
 	req, err := http.NewRequest(method, url, nil)
 	if err != nil {
 		return nil, err
@@ -229,7 +253,16 @@ func HTTPWithHeaders(method, url string, headers map[string]string, timeout time
 		req.Header.Add(k, v)
 	}
 
-	c := &http.Client{}
+	var transport http.RoundTripper
+	if tlsConfig != nil {
+		transport = &http.Transport{
+			TLSClientConfig: tlsConfig,
+		}
+	}
+
+	c := &http.Client{
+		Transport: transport,
+	}
 	if timeout > 0 {
 		c.Timeout = timeout
 	}

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ func (bd *BackDownloader) Run() error {`
`102`	`102`	`bd.tempFileName = f.Name()`
`103`	`103`	`defer f.Close()`
`104`	`104`
`105`		`- if resp, err = httputils.HTTPGet(bd.URL, netutils.ConvertHeaders(bd.cfg.Header)); err != nil {`
	`105`	`+ if resp, err = httputils.HTTPGetWithTLS(bd.URL, netutils.ConvertHeaders(bd.cfg.Header), 0, bd.cfg.Cacerts, bd.cfg.Insecure); err != nil {`
`106`	`106`	`return err`
`107`	`107`	`}`
`108`	`108`	`defer resp.Body.Close()`