Update dependencies, fix compatibility with Hydra 1.10

2021-06-26 13:14:23 +02:00 · 2021-06-26 13:14:23 +02:00 · 8ebf81abe1
commit 8ebf81abe1
parent 4d10c0e9c5
10 changed files with 318 additions and 134 deletions
--- a/cmd/app/main.go
+++ b/cmd/app/main.go
@ -20,8 +20,10 @@ package main
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"encoding/base64"
 	"fmt"
+	"io/ioutil"
 	"net/http"
 	"time"

@ -93,11 +95,28 @@ func main() {
 		log.Infof("put the following in your resource_app.toml:\n%s", string(tomlData))
 	}

+	tlsClientConfig := &tls.Config{
+		MinVersion: tls.VersionTLS12,
+	}
+	if config.Exists("api-client.rootCAs") {
+		rootCAFile := config.MustString("api-client.rootCAs")
+		caCertPool := x509.NewCertPool()
+		pemBytes, err := ioutil.ReadFile(rootCAFile)
+		if err != nil {
+			log.Fatalf("could not read CA certificate file: %v", err)
+		}
+		caCertPool.AppendCertsFromPEM(pemBytes)
+		tlsClientConfig.RootCAs = caCertPool
+	}
+
+	apiTransport := &http.Transport{TLSClientConfig: tlsClientConfig}
+	apiClient := &http.Client{Transport: apiTransport}
+
 	if ctx, err = commonServices.DiscoverOIDC(ctx, logger, &commonServices.OidcParams{
 		OidcServer:       oidcServer,
 		OidcClientId:     oidcClientId,
 		OidcClientSecret: oidcClientSecret,
-		APIClient:        &http.Client{},
+		APIClient:        apiClient,
 	}); err != nil {
 		log.Fatalf("OpenID Connect discovery failed: %s", err)
 	}
--- a/cmd/idp/main.go
+++ b/cmd/idp/main.go
@ -70,7 +70,26 @@ func main() {
 	if err != nil {
 		logger.Fatalf("error parsing admin URL: %v", err)
 	}
-	clientTransport := client.New(adminURL.Host, adminURL.Path, []string{adminURL.Scheme})
+	tlsClientConfig := &tls.Config{MinVersion: tls.VersionTLS12}
+	if config.Exists("api-client.rootCAs") {
+		rootCAFile := config.MustString("api-client.rootCAs")
+		caCertPool := x509.NewCertPool()
+		pemBytes, err := ioutil.ReadFile(rootCAFile)
+		if err != nil {
+			log.Fatalf("could not read CA certificate file: %v", err)
+		}
+		caCertPool.AppendCertsFromPEM(pemBytes)
+		tlsClientConfig.RootCAs = caCertPool
+	}
+
+	tlsClientTransport := &http.Transport{TLSClientConfig: tlsClientConfig}
+	httpClient := &http.Client{Transport: tlsClientTransport}
+	clientTransport := client.NewWithClient(
+		adminURL.Host,
+		adminURL.Path,
+		[]string{adminURL.Scheme},
+		httpClient,
+	)
 	adminClient := hydra.New(clientTransport, nil)

 	ctx, err = services.InitDatabase(ctx, services.NewDatabaseParams(config.MustString("db.dsn")))