MCPcopy
hub / github.com/git-lfs/git-lfs / getClientCertForHost

Function getClientCertForHost

lfshttp/certs.go:73–116  ·  view source on GitHub ↗

getClientCertForHost returns a client certificate for a specific host (which may be "host:port" loaded from the gitconfig

(c *Client, host string)

Source from the content-addressed store, hash-verified

71// getClientCertForHost returns a client certificate for a specific host (which may
72// be "host:port" loaded from the gitconfig
73func getClientCertForHost(c *Client, host string) (*tls.Certificate, error) {
74 hostSslKey, _ := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslKey")
75 hostSslCert, _ := c.uc.Get("http", fmt.Sprintf("https://%v/", host), "sslCert")
76
77 hostSslKey, err := tools.ExpandPath(hostSslKey, false)
78 if err != nil {
79 return nil, errors.Wrap(err, tr.Tr.Get("Error resolving key path %q", hostSslKey))
80 }
81
82 hostSslCert, err = tools.ExpandPath(hostSslCert, false)
83 if err != nil {
84 return nil, errors.Wrap(err, tr.Tr.Get("Error resolving cert path %q", hostSslCert))
85 }
86
87 cert, err := os.ReadFile(hostSslCert)
88 if err != nil {
89 tracerx.Printf("Error reading client cert file %q: %v", hostSslCert, err)
90 return nil, errors.Wrap(err, tr.Tr.Get("Error reading client cert file %q", hostSslCert))
91 }
92 key, err := os.ReadFile(hostSslKey)
93 if err != nil {
94 tracerx.Printf("Error reading client key file %q: %v", hostSslKey, err)
95 return nil, errors.Wrap(err, tr.Tr.Get("Error reading client key file %q", hostSslKey))
96 }
97
98 block, _ := pem.Decode(key)
99 if block == nil {
100 return nil, errors.New(tr.Tr.Get("Error decoding PEM block from %q", hostSslKey))
101 }
102 if x509.IsEncryptedPEMBlock(block) {
103 key, err = decryptPEMBlock(c, block, hostSslKey, key)
104 if err != nil {
105 tracerx.Printf("Unable to decrypt client key file %q: %v", hostSslKey, err)
106 return nil, errors.Wrap(err, tr.Tr.Get("Error reading client key file %q (not a PKCS#1 file?)", hostSslKey))
107 }
108 }
109
110 certobj, err := tls.X509KeyPair(cert, key)
111 if err != nil {
112 tracerx.Printf("Error reading client cert/key %v", err)
113 return nil, errors.Wrap(err, tr.Tr.Get("Error reading client cert/key"))
114 }
115 return &certobj, nil
116}
117
118// getRootCAsForHostFromGitconfig returns a certificate pool for that
119// specific host (which may be "host:port" or just "host") loaded from the

Callers 1

TransportMethod · 0.85

Calls 5

ExpandPathFunction · 0.92
WrapFunction · 0.92
NewFunction · 0.92
decryptPEMBlockFunction · 0.85
GetMethod · 0.65

Tested by

no test coverage detected