getClientCertForHost returns a client certificate for a specific host (which may be "host:port" loaded from the gitconfig
(c *Client, host string)
| 71 | // getClientCertForHost returns a client certificate for a specific host (which may |
| 72 | // be "host:port" loaded from the gitconfig |
| 73 | func getClientCertForHost(c *Client, host string) (*tls.Certificate, error) { |
| 74 | hostSslKey, _ := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslKey") |
| 75 | hostSslCert, _ := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslCert") |
| 76 | |
| 77 | hostSslKey, err := tools.ExpandPath(hostSslKey, false) |
| 78 | if err != nil { |
| 79 | return nil, errors.Wrap(err, tr.Tr.Get("Error resolving key path %q", hostSslKey)) |
| 80 | } |
| 81 | |
| 82 | hostSslCert, err = tools.ExpandPath(hostSslCert, false) |
| 83 | if err != nil { |
| 84 | return nil, errors.Wrap(err, tr.Tr.Get("Error resolving cert path %q", hostSslCert)) |
| 85 | } |
| 86 | |
| 87 | cert, err := os.ReadFile(hostSslCert) |
| 88 | if err != nil { |
| 89 | tracerx.Printf("Error reading client cert file %q: %v", hostSslCert, err) |
| 90 | return nil, errors.Wrap(err, tr.Tr.Get("Error reading client cert file %q", hostSslCert)) |
| 91 | } |
| 92 | key, err := os.ReadFile(hostSslKey) |
| 93 | if err != nil { |
| 94 | tracerx.Printf("Error reading client key file %q: %v", hostSslKey, err) |
| 95 | return nil, errors.Wrap(err, tr.Tr.Get("Error reading client key file %q", hostSslKey)) |
| 96 | } |
| 97 | |
| 98 | block, _ := pem.Decode(key) |
| 99 | if block == nil { |
| 100 | return nil, errors.New(tr.Tr.Get("Error decoding PEM block from %q", hostSslKey)) |
| 101 | } |
| 102 | if x509.IsEncryptedPEMBlock(block) { |
| 103 | key, err = decryptPEMBlock(c, block, hostSslKey, key) |
| 104 | if err != nil { |
| 105 | tracerx.Printf("Unable to decrypt client key file %q: %v", hostSslKey, err) |
| 106 | return nil, errors.Wrap(err, tr.Tr.Get("Error reading client key file %q (not a PKCS#1 file?)", hostSslKey)) |
| 107 | } |
| 108 | } |
| 109 | |
| 110 | certobj, err := tls.X509KeyPair(cert, key) |
| 111 | if err != nil { |
| 112 | tracerx.Printf("Error reading client cert/key %v", err) |
| 113 | return nil, errors.Wrap(err, tr.Tr.Get("Error reading client cert/key")) |
| 114 | } |
| 115 | return &certobj, nil |
| 116 | } |
| 117 | |
| 118 | // getRootCAsForHostFromGitconfig returns a certificate pool for that |
| 119 | // specific host (which may be "host:port" or just "host") loaded from the |
no test coverage detected