Skip to content
This repository has been archived by the owner on Sep 22, 2024. It is now read-only.

Commit

Permalink
feat: also store client cert with ca in chain
Browse files Browse the repository at this point in the history
  • Loading branch information
Christoph Bühler committed Aug 11, 2022
1 parent b4e09bd commit 68d2628
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
9 changes: 9 additions & 0 deletions src/storage/kubernetes.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ const DOWNWARD_API_ENV: &str = "POD_NAMESPACE";
const DOWNWARD_API_FILE: &str = "/var/run/secrets/kubernetes.io/serviceaccount/namespace";

const SECRET_CERT: &str = "cert";
const SECRET_CERT_WITH_CA: &str = "cert_with_ca";
const SECRET_KEY: &str = "key";
const SECRET_CHAIN: &str = "chain";
const SECRET_CA: &str = "ca";
Expand Down Expand Up @@ -122,10 +123,18 @@ impl Storage for KubernetesStorage {
certificate: &[u8],
key: &[u8],
) -> Result<(), Box<dyn std::error::Error>> {
let (mut ca, _) = self.get_ca().await?;
self.modify_secret(|secret| {
let data = secret.data.get_or_insert_with(BTreeMap::default);
data.insert(SECRET_CERT.to_string(), ByteString(certificate.to_vec()));
data.insert(SECRET_KEY.to_string(), ByteString(key.to_vec()));

let mut total = Vec::new();
let mut certificate = certificate.to_vec();
total.append(&mut certificate);
total.append(&mut ca);

data.insert(SECRET_CERT_WITH_CA.to_string(), ByteString(total));
})
.await?;

Expand Down
6 changes: 6 additions & 0 deletions src/storage/local.rs
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,17 @@ impl Storage for LocalStorage {
certificate: &[u8],
key: &[u8],
) -> Result<(), Box<dyn std::error::Error>> {
let (ca, _) = self.get_ca().await?;
let cert_path = Path::new(LOCAL_DATA_PATH).join("cert.crt");
let mut cert_with_ca =
File::create(Path::new(LOCAL_DATA_PATH).join("cert_with_ca.crt")).await?;
let key_path = Path::new(LOCAL_DATA_PATH).join("cert.key");
write(cert_path, certificate).await?;
write(key_path, key).await?;

cert_with_ca.write_all(certificate).await?;
cert_with_ca.write_all(ca.as_slice()).await?;

Ok(())
}

Expand Down

0 comments on commit 68d2628

Please sign in to comment.