Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-30 22:34:13 -05:00
Code Issues Activity

fix(sync): search for certificates in sync certDir

Browse source 
instead of expecting certain filenames

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
This commit is contained in:
Petu Eusebiu 2024-07-22 13:46:14 +03:00
parent 26be383aae
commit 9316f99274
No known key found for this signature in database
GPG key ID: B8FB63EBB7A6B21F
2 changed files with 66 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
errors/errors.go
View file

@ -172,4 +172,5 @@ var (
ErrInvalidSearchQuery = errors.New("invalid search query") ErrInvalidSearchQuery = errors.New("invalid search query")
ErrImageNotFound = errors.New("image not found") ErrImageNotFound = errors.New("image not found")
ErrAmbiguousInput = errors.New("input is not specific enough") ErrAmbiguousInput = errors.New("input is not specific enough")
ErrMissingCertificate = errors.New("missing certificate file")
) )

70
pkg/extensions/sync/httpclient/client.go
View file

@ -7,7 +7,9 @@ import (
"io" "io"
"net/http" "net/http"
"net/url" "net/url"
"os"
"path/filepath" "path/filepath"
"slices"
"strings" "strings"
"sync" "sync"
"time" "time"
@ -123,14 +125,14 @@ func (httpClient *Client) SetConfig(config Config) error {
} }
if config.CertDir != "" { if config.CertDir != "" {
clientCert, clientKey, rootCA, err := getCertFiles(config.CertDir, httpClient.log)
// only configure the default cert file names if the CertDir was specified. // only configure the default cert file names if the CertDir was specified.
if err == nil {
clientOpts.CertOptions = common.HTTPClientCertOptions{ clientOpts.CertOptions = common.HTTPClientCertOptions{
// filepath is the recommended library to use for joining paths ClientCertFile: clientCert,
// taking into account the underlying OS. ClientKeyFile: clientKey,
// ref: https://stackoverflow.com/a/39182128 RootCaCertFile: rootCA,
ClientCertFile: filepath.Join(config.CertDir, common.ClientCertFilename), }
ClientKeyFile: filepath.Join(config.CertDir, common.ClientKeyFilename),
RootCaCertFile: filepath.Join(config.CertDir, common.CaCertFilename),
} }
} }
@ -480,3 +482,59 @@ func needsRetryWithUpdatedScope(err error, resp *http.Response) (bool, challenge
return false, params return false, params
} }
func getCertFiles(dir string, log log.Logger) (string, string, string, error) {
var clientCert, clientKey, rootCA string
files, err := os.ReadDir(dir)
if err != nil {
log.Error().Err(err).Str("dir", dir).Msg("failed to read sync extension certDir")
return "", "", "", err
}
for _, file := range files {
fullPath := filepath.Join(dir, file.Name())
if strings.HasSuffix(file.Name(), ".crt") {
rootCA = fullPath
}
if base, ok := strings.CutSuffix(file.Name(), ".cert"); ok {
clientCert = filepath.Join(dir, file.Name())
keyFile := base + ".key"
clientKey = filepath.Join(dir, keyFile)
if !hasFile(files, keyFile) {
log.Error().Err(zerr.ErrMissingCertificate).Str("dir", dir).
Str("missing key", keyFile).Str("certificate", clientCert).Msg("missing key for client certificate")
return "", "", "", zerr.ErrMissingCertificate
}
break
}
if base, ok := strings.CutSuffix(file.Name(), ".key"); ok {
clientKey = filepath.Join(dir, file.Name())
certFile := base + ".cert"
clientCert = filepath.Join(dir, certFile)
if !hasFile(files, certFile) {
log.Error().Err(zerr.ErrMissingCertificate).Str("dir", dir).
Str("key", clientKey).Str("missing certificate", certFile).Msg("missing client certificate for key")
return "", "", "", zerr.ErrMissingCertificate
}
break
}
}
return clientCert, clientKey, rootCA, nil
}
func hasFile(files []os.DirEntry, name string) bool {
return slices.ContainsFunc(files, func(f os.DirEntry) bool {
return f.Name() == name
})
}