Merge pull request #18 from irisnet/ht/TLS

grpcOption增加TLS的配置项

types/config.go

@@ -1,10 +1,12 @@
 package types
 
 import (
+	"crypto/x509"
 	"fmt"
 	"os"
 
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 
 	"github.com/irisnet/core-sdk-go/common/crypto"
 	"github.com/irisnet/core-sdk-go/types/store"
@@ -333,9 +335,25 @@ func WSAddrOption(wsAddr string) Option {
 	}
 }
 
-func GRPCOptions(gRPCOptions []grpc.DialOption) Option {
+func GRPCOptions(gRPCOptions []grpc.DialOption, TLS bool, rpcAddr string) Option {
 	return func(cfg *ClientConfig) error {
-		cfg.GRPCOptions = gRPCOptions
+		if !TLS {
+			cfg.GRPCOptions = gRPCOptions
+			return nil
+		}
+
+		certificateList, err := GetTLSCertPool(rpcAddr)
+		if err != nil {
+			panic(err)
+		}
+
+		roots := x509.NewCertPool()
+		for i := range certificateList {
+			roots.AddCert(certificateList[i])
+		}
+		cert := credentials.NewClientTLSFromCert(roots, "")
+		cfg.GRPCOptions = append(gRPCOptions, grpc.WithTransportCredentials(cert))
+
 		return nil
 	}
 }

types/utils.go

@@ -1,8 +1,13 @@
 package types
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/binary"
 	"encoding/json"
+	"errors"
+	"net/http"
+	"strings"
 	"time"
 )
 
@@ -73,3 +78,28 @@ func CopyBytes(bz []byte) (ret []byte) {
 	copy(ret, bz)
 	return ret
 }
+
+// GetTLSCertPool get certificates from target server
+func GetTLSCertPool(gateWayURL string) ([]*x509.Certificate, error) {
+	if !strings.Contains(strings.ToLower(gateWayURL), "https://") {
+		return nil, errors.New("this function requires HTTPS protocol")
+	}
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	client := &http.Client{Transport: tr}
+
+	resp, err := client.Get(gateWayURL)
+	defer func() {
+		closeErr := resp.Body.Close()
+		if err == nil {
+			err = closeErr
+		}
+	}()
+
+	if err != nil {
+		return nil, err
+	}
+
+	return resp.TLS.PeerCertificates, err
+}