Skip to content

Commit

Permalink
Use into-docker/pem-reader (#39)
Browse files Browse the repository at this point in the history
  • Loading branch information
lispyclouds committed Feb 15, 2021
1 parent 5b3bb20 commit b69ba99
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 40 deletions.
7 changes: 4 additions & 3 deletions deps.edn
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
; You should have received a copy of the GNU Lesser General Public License
; along with clj-docker-client. If not, see <http://www.gnu.org/licenses/>.

{:deps {clj-commons/clj-yaml {:mvn/version "0.7.106"}
metosin/jsonista {:mvn/version "0.3.1"}
unixsocket-http {:mvn/version "1.0.6"}}
{:deps {clj-commons/clj-yaml {:mvn/version "0.7.106"}
metosin/jsonista {:mvn/version "0.3.1"}
uunixsocket-http/unixsocket-http {:mvn/version "1.0.6"}
into-docker/pem-reader {:mvn/version "1.0.0-SNAPSHOT"}}
:paths ["src" "resources"]}
3 changes: 2 additions & 1 deletion project.clj
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@
:dependencies [[clj-commons/clj-yaml "0.7.106"]
[metosin/jsonista "0.3.1"]
[unixsocket-http "1.0.6"]
[com.squareup.okhttp3/okhttp-tls "4.9.0"]]
[com.squareup.okhttp3/okhttp-tls "4.9.0"]
[into-docker/pem-reader "1.0.0-SNAPSHOT"]]
:plugins [[lein-ancient "0.6.15"]]
:global-vars {*warn-on-reflection* true}
:profiles {:kaocha {:dependencies [[lambdaisland/kaocha "1.0.732"]]}
Expand Down
64 changes: 28 additions & 36 deletions src/clj_docker_client/core.clj
Original file line number Diff line number Diff line change
Expand Up @@ -15,45 +15,36 @@

(ns clj-docker-client.core
(:require [clojure.string :as s]
[clojure.java.io :as io]
[jsonista.core :as json]
[pem-reader.core :as pem]
[clj-docker-client.requests :as req]
[clj-docker-client.specs :as spec])
(:import [okhttp3 OkHttpClient$Builder]
[java.security KeyStore]
[javax.net.ssl KeyManagerFactory TrustManagerFactory SSLContext]
[java.security.cert CertificateFactory X509Certificate]))
(:import [okhttp3.tls
HandshakeCertificates$Builder
HeldCertificate]
[okhttp3 OkHttpClient$Builder]
[java.security KeyPair]
[java.security.cert X509Certificate]))

(defn read-cert
[path]
(-> path
pem/read
:certificate))

(defn make-builder-fn
[{:keys [ca key password]}]
(let [password (.toCharArray ^String password)
key-store (KeyStore/getInstance "PKCS12")
stream (-> key
io/file
io/input-stream)
key-store (doto key-store
(.load stream password))
kmf (doto (KeyManagerFactory/getInstance (KeyManagerFactory/getDefaultAlgorithm))
(.init key-store password))
stream (-> ca
io/file
io/input-stream)
ca-pub-key (.generateCertificate (CertificateFactory/getInstance "X.509") stream)
trusted-store (doto (KeyStore/getInstance (KeyStore/getDefaultType))
(.load nil)
(.setCertificateEntry (.getName (.getSubjectX500Principal ^X509Certificate ca-pub-key))
ca-pub-key))
tmf (doto (TrustManagerFactory/getInstance (TrustManagerFactory/getDefaultAlgorithm))
(.init trusted-store))
trust-managers (.getTrustManagers tmf)
ssl-context (doto (SSLContext/getInstance "TLS")
(.init (.getKeyManagers kmf)
trust-managers
nil))]
[{:keys [ca cert key]}]
(let [{:keys [public-key private-key]} (pem/read key)
key-pair (KeyPair. public-key private-key)
held-cert (HeldCertificate. key-pair (read-cert cert))
handshake-certs (-> (HandshakeCertificates$Builder.)
(.addTrustedCertificate (read-cert ca))
(.heldCertificate held-cert (into-array X509Certificate []))
(.build))]
(fn [^OkHttpClient$Builder builder]
(.sslSocketFactory builder
(.getSocketFactory ssl-context)
(aget trust-managers 0)))))
(.sslSocketFactory handshake-certs)
(.trustManager handshake-certs)))))

(defn ^:deprecated connect
"Deprecated but still there for compatibility reasons."
Expand Down Expand Up @@ -151,13 +142,14 @@
:as as
:throw-exception? throw-exception?})
try-json-parse #(try
(json/read-value % (json/object-mapper {:decode-key-fn true}))
(json/read-value % json/keyword-keys-object-mapper)
(catch Exception _ %))]
(case as
(:socket :stream) response
(try-json-parse response))))

(comment
(require '[clojure.java.io :as io])
(.getPath (java.net.URI. "unix:///var/run/docker.sock"))
(req/connect* {:uri "unix:///var/run/docker.sock"})
(req/fetch {:conn (req/connect* {:uri "unix:///var/run/docker.sock"})
Expand All @@ -180,9 +172,9 @@
(def http-tls-ping
(client {:category :_ping
:conn {:uri "https://localhost:8000"
:mtls {:ca "ca.pem"
:key "mtls.p12"
:password ""}}}))
:mtls {:ca "ca.pem"
:key "key.pem"
:cert "cert.pem"}}}))
(invoke http-tls-ping {:op :SystemPing})

(def ping
Expand Down

0 comments on commit b69ba99

Please sign in to comment.