Skip to content

Commit

Permalink
Add ca check, secure connection, renew certificates
Browse files Browse the repository at this point in the history
  • Loading branch information
@jbdalido
jbdalido committed Oct 27, 2014
1 parent 7b74553 commit 56782aa
Show file tree
Hide file tree
Showing 5 changed files with 88 additions and 48 deletions.
21 changes: 15 additions & 6 deletions client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ package docker
import (
"bytes"
"crypto/tls"
"crypto/x509"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -136,8 +137,8 @@ func NewClient(endpoint string) (*Client, error) {
// NewClient returns a Client instance ready for SSL communications with the givens
// server endpoint, key and certificates . It will use the latest remote API version
// available in the server.
func NewTLSClient(endpoint string, cert, key string) (*Client, error) {
client, err := NewVersionnedTLSClient(endpoint, cert, key, "")
func NewTLSClient(endpoint string, cert, key, ca string) (*Client, error) {
client, err := NewVersionnedTLSClient(endpoint, cert, key, ca, "")
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -170,7 +171,7 @@ func NewVersionedClient(endpoint string, apiVersionString string) (*Client, erro

// NewClient returns a Client instance ready for SSL communications with the givens
// server endpoint, key and certificates, using a specific remote API version.
func NewVersionnedTLSClient(endpoint string, cert, key, apiVersionString string) (*Client, error) {
func NewVersionnedTLSClient(endpoint string, cert, key, ca, apiVersionString string) (*Client, error) {
u, err := parseEndpoint(endpoint)
if err != nil {
return nil, err
Expand All @@ -189,9 +190,17 @@ func NewVersionnedTLSClient(endpoint string, cert, key, apiVersionString string)
if err != nil {
return nil, err
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{tlsCert},
InsecureSkipVerify: true,
tlsConfig := &tls.Config{Certificates: []tls.Certificate{tlsCert}}
if ca != "" {
cert, err := ioutil.ReadFile(ca)
if err != nil {
return nil, err
}
caPool := x509.NewCertPool()
if !caPool.AppendCertsFromPEM(cert) {
return nil, errors.New("Could not add RootCA pem")
}
tlsConfig.RootCAs = caPool
}
tr := &http.Transport{
TLSClientConfig: tlsConfig,
Expand Down
17 changes: 15 additions & 2 deletions client_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,9 @@ func TestNewAPIClient(t *testing.T) {
func TestNewTSLAPIClient(t *testing.T) {
certPath := "testing/data/cert.pem"
keyPath := "testing/data/key.pem"
caPath := "testing/data/ca.pem"
endpoint := "https://localhost:4243"
client, err := NewTLSClient(endpoint, certPath, keyPath)
client, err := NewTLSClient(endpoint, certPath, keyPath, caPath)
if err != nil {
t.Fatal(err)
}
Expand Down Expand Up @@ -86,8 +87,9 @@ func TestNewVersionedClient(t *testing.T) {
func TestNewTLSVersionedClient(t *testing.T) {
certPath := "testing/data/cert.pem"
keyPath := "testing/data/key.pem"
caPath := "testing/data/ca.pem"
endpoint := "https://localhost:4243"
client, err := NewVersionnedTLSClient(endpoint, certPath, keyPath, "1.14")
client, err := NewVersionnedTLSClient(endpoint, certPath, keyPath, caPath, "1.14")
if err != nil {
t.Fatal(err)
}
Expand All @@ -102,6 +104,17 @@ func TestNewTLSVersionedClient(t *testing.T) {
}
}

func TestNewTLSVersionedClientInvalidCA(t *testing.T) {
certPath := "testing/data/cert.pem"
keyPath := "testing/data/key.pem"
caPath := "testing/data/key.pem"
endpoint := "https://localhost:4243"
_, err := NewVersionnedTLSClient(endpoint, certPath, keyPath, caPath, "1.14")
if err == nil {
t.Errorf("Expected invalid ca at %s", caPath)
}
}

func TestNewClientInvalidEndpoint(t *testing.T) {
cases := []string{
"htp://localhost:3243", "http://localhost:a", "localhost:8080",
Expand Down
18 changes: 18 additions & 0 deletions testing/data/ca.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC1TCCAb+gAwIBAgIQMnCIDK+T0tpdM1ni9QwCLTALBgkqhkiG9w0BAQswFjEU
MBIGA1UEChMLQm9vdDJEb2NrZXIwHhcNMTQxMDI3MjIyNzQwWhcNMTcxMDExMjIy
NzQwWjAWMRQwEgYDVQQKEwtCb290MkRvY2tlcjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANbAldnLVSBDRrX3I22uiweBptUsOUyCes5Z3stybrIoqziu
9TfsKmyOHaN/Ua5dNwcZHH84KsQ51+GLmqUGMWFuUXoW7esPaMpILP62/1HQDcdc
RQSouG2s4Xqto0ZetfazxgGk0Wg0HhHM5rm6/h87RQDGtMmhuC9MvFMC9N3LK43u
M/q0VMIdEIqSH5MkfI0Ari8Cu+KaYBVDTCXBcmOoQSQTPrBZSVJL5JGj3agyazah
FPusV/RAoPWDb73mfQFDqtPCJIV8YOGw0hiYRQNxiT4psWqHEmxh6G7CiiNqEqtJ
+hRN6ogWrjh93ccw+zOPJqvg7j3InypMMypL+UkCAwEAAaMjMCEwDgYDVR0PAQH/
BAQDAgCkMA8GA1UdEwEB/wQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQABCuOLcz7i
9i2mBwUlQdVOW11EJ/W34UnI7j4pOvGJJDLvdKob62qikO07w6xjclcbLaLce4ru
oopM6wToXqQgQyvYipjXnm5QwqbsJRUQFUEW0eTfbed/OUQJ/m4Ht+eF+YVL8g0d
mfYR4Wg4x+DnB8IioqVRx1WXJHXYWD6vKCCZIlbGnui6wQI3K2Kv5fcbu8Dvr3km
Gg0QG9TzQPRGXOn+EtrPPWRIR+ZEYQUcLDYVAHX9wDUQ3ECe+YQj9KzApDvHbvL+
I8rbM1fJz1+cJLR80ekz8wtBiXu2nxX8fZ4szLNa9Wvebhil4jLkbKPu56SLruJ2
CB5mZqp6bpR0
-----END CERTIFICATE-----
30 changes: 15 additions & 15 deletions testing/data/cert.pem
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC5zCCAdGgAwIBAgIQCgv4X0oEszvG5IgOt41FMTALBgkqhkiG9w0BAQswFjEU
MBIGA1UEChMLQm9vdDJEb2NrZXIwHhcNMTQxMDI3MTA1NjI4WhcNMTcxMDExMTA1
NjI4WjAWMRQwEgYDVQQKEwtCb290MkRvY2tlcjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMDOmTcQzYlCl/2unakn0vlpA3sYcKy967pRcHEjdmBU9N+k
tDnimeZCnGURTjNpJF9SHKlaFYQBfWkxL4vOR91ecCJpl+omFVFI8vqqUasHvfOv
Eyf2u36PL6cfMlh6KmuTXgYPK7m6PF9cabG6pCLkilXQBTfbel4J0Yq+dE1GQRu6
6sRrxiE478djjGUFXC0rLfmnanRvlrb+WSeSl9g9L7Ec9UNqp8Xw48Xzvoby06t4
CLt7E+bzbQabsKkhWRI8/WCzxnxmW38mPHtk5dxVOGGCX8uCH/iCCwBW+2IQVafX
2ujPN/Sr59wpyy7qzgpOuco7FH0Et5BYPNluPbkCAwEAAaM1MDMwDgYDVR0PAQH/
MIIC5zCCAdGgAwIBAgIQbTzSi4A/xBKzGaX8AIFx1jALBgkqhkiG9w0BAQswFjEU
MBIGA1UEChMLQm9vdDJEb2NrZXIwHhcNMTQxMDI3MjIyNzQ0WhcNMTcxMDExMjIy
NzQ0WjAWMRQwEgYDVQQKEwtCb290MkRvY2tlcjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL4mBplmkNjGAKlvTXDRYFzd5LvdEN3YXyvAb/SPv+bXKIBw
p9FDCASljYyPw6g7W2ODWoMYHHwM+DxLBrGhcLyOgeAoUwCt/KMZ5oc+XXcXpsXF
LZgVDl7+hILJSnTYw3Uk/4I3k7QLjYuyy7FwjadUda+T5Vb8ksgdaDzSCRjBMFhv
VS+Rx7OyL3Z05dPlTI7HxW1t2Uz7+Akd0bSiU0r7eLfdNkW+osEuqjcMlvfPGmKR
rcFYb8k6UfVT1Wa9mQzVYzxgwoLTBJ5zVfZ1GHYy+URMzo21AxiLiKPsQZdQ5rz1
L0YYnzY5aQ6J1u9KgbsQgzdPTsvGslwZASUyIGcCAwEAAaM1MDMwDgYDVR0PAQH/
BAQDAgCAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwCwYJKoZI
hvcNAQELA4IBAQBWqDpjgospE9/wz5Leeu+5ux9IcUCGoVEJAetK823ErsVUBxMH
zATY6O93NCNFMsLaH3b21Iee5o+jB3m289DrvxbJKO2/HZzgiCLLfQwiP+RC1kZQ
0/LrfjPDMR3KZKL6TVufGK5oiO9IdGByiI7dEeOF8bidCAlx8Y7lLD8JQIFcgTdT
hPWue1rr/80BIgQoob7NgdPVOPHa533iDwRyO+NBVUpulGuge7MenosrKZkhAzjP
k4D81ph5GnMTzAxnHDg/G0W1adJBat4HEyjbd0iawpxuSbu3edcxz8zFyMqCiUjF
RHhDzgWvLBss31K1b4b+Uu/6bRpopEKX/4Q2
hvcNAQELA4IBAQB552cwXOXgSOs6joDvFperhmIQPJF3D/4eZElKb4zPhYfYNXrV
NBIZUdNjni0g6pofrfcajZu9WTxn7JiNj8YP+ku/u62PtBl+Yjaok27Fu7SfpzRm
T/5ZFOm0VmfI1wZaQ4E7KUQW7zFmaKkflpUTeF2cq6w/lIU+pmK9dt/dSx0mmmdL
emiIMQ+g2kYuT30eJyYBVJHQ2+D1txaxioJQV0CE72/IglldPddaWwYKnyd25IRn
2TnsZ6n4Q1oI7/ShLesKAZo3QfM6jNfKcgrXUyXTFCHmjxLBaSf4cQ/SEI1P7Ag9
heWJwRGgo5Wwty/vucREKcF1plRl63SSmpO1
-----END CERTIFICATE-----
50 changes: 25 additions & 25 deletions testing/data/key.pem
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwM6ZNxDNiUKX/a6dqSfS+WkDexhwrL3rulFwcSN2YFT036S0
OeKZ5kKcZRFOM2kkX1IcqVoVhAF9aTEvi85H3V5wImmX6iYVUUjy+qpRqwe9868T
J/a7fo8vpx8yWHoqa5NeBg8rubo8X1xpsbqkIuSKVdAFN9t6XgnRir50TUZBG7rq
xGvGITjvx2OMZQVcLSst+adqdG+Wtv5ZJ5KX2D0vsRz1Q2qnxfDjxfO+hvLTq3gI
u3sT5vNtBpuwqSFZEjz9YLPGfGZbfyY8e2Tl3FU4YYJfy4If+IILAFb7YhBVp9fa
6M839Kvn3CnLLurOCk65yjsUfQS3kFg82W49uQIDAQABAoIBADreWbWQcdEY/iM8
r3K4cBgq0h9BhRWZH2JR/0zsEPa0udeXCFgsMeU2LV5GfGQCFFLuVUX39V3Kvqnh
lKzRHOwgK4i2SOX7HsMkzNtwKWNZB8xhhi3Ljc/ElD4orkyJcG5MHocnFqisjkZn
hvX3EKp+sSYmT5GQd7pCsTH1mLkG1J1IU+JiH7WcVCquqTLEwJ81Szo/XWEgu0ek
OxYKcjHc6SQ79zx5KBBt5NfDq2GdRz4mOWBXtbWQJEI5NzLnUqktgokAIl/6X+KZ
/ld2JVZcjzaBAqXd5x3lo0dowo+m9yoPYutPUr/uDVbeiGFe0S7L48Vb8uNKcq6b
MNMjuQkCgYEA5IwhRBNzmA7dxRAKDsFBWfMRYAuzJRyX1MUgb1Fg6GtHQac6u09a
DHPKHB1vGLWuy2o80HdLb3xFYPDvWg3679sQPYpKZarUyNH9pwu3sR/vuIy4/GAq
LjtqgkX/V4mOD/RaG6nDbxCG9V25E0HZSKzWrKQhAgLSfcELtQed5f8CgYEA1/dy
VZIcdiDwuhgPAgkDzi7efNl6EjauLFTlRfJ5U5BITst2W4SnNMXOYquBW5+rV6jD
lIBAP2hhAaPx3bsGaC+FpJsxu+hbdS/8yr3JwEg0z/Tr3XwSDZSAP1shwPVtsJDW
zbg/4ShMYvAZri22RRhRj5oeKbhhsMBOdPUkjEcCgYEA1tefweXjKRL4iHIOclZa
/5qOP9JfwkhBtkLkvaArT/Dg2CfC/yeWB9SlLo7Ay+KmgRPKPVGXOSMB+SIkbmxr
8yPj/WXNkArp4in8nxZVxIy4Ba1Li/s+S52Q/wucAAcP45GZTx3j2LkZlPhYrXCe
OEI5v6q+WKycgJiDT9bsKLMCgYAuLXWgAF7fj0mJsO08lSrgIjtmXKXyUQjK59gi
Ladti7M6Tdzf0qxh502q4VsGeUyMsMQo84dJR4s+a4yiyYOkMU0VFi37LMKpevpF
a3FBEO9h68+nCwldJ/yID3dXJ+MtVrrnP9dA0HoMyaPkD1gizAFcgCqk5wzUWzor
XeNTrwKBgQCESLW3rfdv5qv0IF4h5pDfuP2CPCBlPbWQ7n+Hstm1Qm2OH83sZs6h
gNIilNDFVkJX6rMzduNcWtrcZdHPKC3yPEmkt55dQo+l4CrQf1Y9O56ZJ76IonJ3
QjC4TIGqUKuT4MV5CQZjmMpKaTRZjcv5jSvOHttdggAu3dP/IIWxuw==
MIIEowIBAAKCAQEAviYGmWaQ2MYAqW9NcNFgXN3ku90Q3dhfK8Bv9I+/5tcogHCn
0UMIBKWNjI/DqDtbY4NagxgcfAz4PEsGsaFwvI6B4ChTAK38oxnmhz5ddxemxcUt
mBUOXv6EgslKdNjDdST/gjeTtAuNi7LLsXCNp1R1r5PlVvySyB1oPNIJGMEwWG9V
L5HHs7IvdnTl0+VMjsfFbW3ZTPv4CR3RtKJTSvt4t902Rb6iwS6qNwyW988aYpGt
wVhvyTpR9VPVZr2ZDNVjPGDCgtMEnnNV9nUYdjL5REzOjbUDGIuIo+xBl1DmvPUv
RhifNjlpDonW70qBuxCDN09Oy8ayXBkBJTIgZwIDAQABAoIBAC5J731UfJpoySx2
DfIS5lR1KAObs0luLOznsdllTSAS7KcnxZKpsMAA1U6MiOLhYEP/a/9R1U1VkvCK
ixye4mTkhDVfW6VktYW2/mmaAwLE3TJz57+IELGLYBK+kcOUKTDRSuoWQXyo+1Iw
uml9rt43L1cIt+HPJqRUlFWKA/DkWsicql5N++dl4jy81ySOuoq9CYHL+fbk8n2+
8hzQEmBxnMeUq06pzd0BSEfcKXwgMAvjmNYNM0LOX9WweksxJkCpwdzklRrnctAW
pxRG6VTAfYp98AOIHYvgymdBnF52XEYITJGSyrpaSHcsFoI2aXCEEb+WOrkcAMFH
ygKcWYECgYEA8tG1+QjFYal6Zkua0bqLICDjdiDyCFf9A55J1Tag3Ujuvr3zXqL2
alMedScBO4OIZhWq5ODMJs85AfAcMh4PRh5s1pwKx1Easru4xRIFiJyWFAUiMce+
dTr7Y7Ku20BYWndt+xgsPm4oUJLCOocfY+hCQhIQummaXhNMdUwNlIcCgYEAyHhj
PZ3CQQwlmGjFzFF70hkcXvp/B3/5D0R0avUpTOvwNXru5g5Waa23SoOZ/Fw2VaCB
8Guiod8++88rQB/Fsi8jagU6D5z2pchC4AyNIAvGpJCoNqHTPEFEsN0mXRBbMBBw
N1OT7UuQjZCZRlzbb95VrfnS7+vWWzIZ3jDH7SECgYBRbDDxCRfm38XDd6a6nSr5
4w1jFzkRwy98fx+S93aJvWMRYvCw00R98tFLx4CKTFj4oltj1F2gxev/0lwiEiJd
CObGMB0NKQ0i0f/rVVe1r4xDulT1DF25QcX6cHhh3PnDnDis8jYj2Rx7qDqpFZZZ
EhDlxtkFKVQyJ5aD3rTPEQKBgELKcW4XAKCBdokn5zbisxlVynEOjoImLgnbKdp0
4hTByx9WXQADKOE+woGuBQDijCvNNV2vztiVs7tb07Iio9BxCiCJq0WGa1ritP1G
0UIrCjzMAW9qTSGXMVan59870tXZtDmKvA9kjL3NvnOF/opwDiXPxWqwLZPmxl2T
7RhhAoGBALIODH3obZRXKsdY6LVPuM/g848UL6GwxYPcQR6E4NGxWn+2GjkeLlKJ
GE0nvI2ELFpVNTUf/82FXIkrGrmfxhQHTjWKK5tglOSrvQcGWgUHw069L9TR3nNm
wtPJ0voB7r5ZotC8AOJbn75OhNoOpGjzIO80cyI5ahqeiudd43/q
-----END RSA PRIVATE KEY-----

0 comments on commit 56782aa

Please sign in to comment.