mirror of
https://github.com/siderolabs/talos.git
synced 2026-01-06 09:11:13 +01:00
cd9fb27434
Most of the work is to add proper test environment for more cases. Include a test for pulling an image Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
65 lines
1.3 KiB
Go
65 lines
1.3 KiB
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package httpdefaults
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"io/fs"
|
|
"os"
|
|
"sync"
|
|
|
|
"github.com/siderolabs/talos/pkg/machinery/constants"
|
|
)
|
|
|
|
var (
|
|
cachedPool *x509.CertPool
|
|
cachedSt fs.FileInfo
|
|
cacheMu sync.Mutex
|
|
)
|
|
|
|
// RootCAs provides a cached, but refreshed, list of root CAs.
|
|
//
|
|
// If loading certificates fails for any reason, function returns nil.
|
|
func RootCAs() *x509.CertPool {
|
|
st, err := os.Stat(constants.DefaultTrustedCAFile)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
// check if the file hasn't changed
|
|
cacheMu.Lock()
|
|
defer cacheMu.Unlock()
|
|
|
|
if cachedPool != nil && cachedSt != nil {
|
|
if cachedSt.ModTime().Equal(st.ModTime()) && cachedSt.Size() == st.Size() {
|
|
return cachedPool
|
|
}
|
|
}
|
|
|
|
pool := x509.NewCertPool()
|
|
|
|
contents, err := os.ReadFile(constants.DefaultTrustedCAFile)
|
|
if err == nil {
|
|
if pool.AppendCertsFromPEM(contents) {
|
|
cachedPool = pool
|
|
cachedSt = st
|
|
}
|
|
}
|
|
|
|
if cachedPool == nil {
|
|
return nil
|
|
}
|
|
|
|
return cachedPool.Clone()
|
|
}
|
|
|
|
// RootCAsTLSConfig provides a TLS configuration with the root CAs.
|
|
func RootCAsTLSConfig() *tls.Config {
|
|
return &tls.Config{
|
|
RootCAs: RootCAs(),
|
|
}
|
|
}
|