Skip to content

Commit

Permalink
Clean file url before assigning to runtime params
Browse files Browse the repository at this point in the history
Signed-off-by: Alex Rohozneanu <[email protected]>
  • Loading branch information
Alex Rohozneanu committed Oct 10, 2024
1 parent e6af23b commit 472124d
Showing 1 changed file with 20 additions and 19 deletions.
39 changes: 20 additions & 19 deletions cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -292,18 +292,31 @@ func initRuntime(ctx context.Context, params runCmdParams, args []string, addrSe
"1.3": tls.VersionTLS13,
}

cert, err := loadCertificate(params.tlsCertFile, params.tlsPrivateKeyFile)
tlsCertFilePath, err := fileurl.Clean(params.tlsCertFile)
if err != nil {
return nil, fmt.Errorf("invalid certificate file path: %w", err)
}
tlsPrivateKeyFilePath, err := fileurl.Clean(params.tlsPrivateKeyFile)
if err != nil {
return nil, fmt.Errorf("invalid certificate private key file path: %w", err)
}
tlsCACertFilePath, err := fileurl.Clean(params.tlsCACertFile)
if err != nil {
return nil, fmt.Errorf("invalid CA certificate file path: %w", err)
}

cert, err := loadCertificate(tlsCertFilePath, tlsPrivateKeyFilePath)
if err != nil {
return nil, err
}

params.rt.CertificateFile = params.tlsCertFile
params.rt.CertificateKeyFile = params.tlsPrivateKeyFile
params.rt.CertificateFile = tlsCertFilePath
params.rt.CertificateKeyFile = tlsPrivateKeyFilePath
params.rt.CertificateRefresh = params.tlsCertRefresh
params.rt.CertPoolFile = params.tlsCACertFile
params.rt.CertPoolFile = tlsCACertFilePath

if params.tlsCACertFile != "" {
pool, err := loadCertPool(params.tlsCACertFile)
if tlsCACertFilePath != "" {
pool, err := loadCertPool(tlsCACertFilePath)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -424,15 +437,7 @@ func historyPath() string {

func loadCertificate(tlsCertFile, tlsPrivateKeyFile string) (*tls.Certificate, error) {
if tlsCertFile != "" && tlsPrivateKeyFile != "" {
tlsCertFilePath, err := fileurl.Clean(tlsCertFile)
if err != nil {
return nil, fmt.Errorf("invalid certificate file path: %w", err)
}
tlsPrivateKeyFilePath, err := fileurl.Clean(tlsPrivateKeyFile)
if err != nil {
return nil, fmt.Errorf("invalid certificate private key file path: %w", err)
}
cert, err := tls.LoadX509KeyPair(tlsCertFilePath, tlsPrivateKeyFilePath)
cert, err := tls.LoadX509KeyPair(tlsCertFile, tlsPrivateKeyFile)
if err != nil {
return nil, err
}
Expand All @@ -445,10 +450,6 @@ func loadCertificate(tlsCertFile, tlsPrivateKeyFile string) (*tls.Certificate, e
}

func loadCertPool(tlsCACertFile string) (*x509.CertPool, error) {
tlsCACertFile, err := fileurl.Clean(tlsCACertFile)
if err != nil {
return nil, err
}
caCertPEM, err := os.ReadFile(tlsCACertFile)
if err != nil {
return nil, fmt.Errorf("read CA cert file: %v", err)
Expand Down

0 comments on commit 472124d

Please sign in to comment.