Skip to content

Commit

Permalink
feat: Add file existence checks for TLS files
Browse files Browse the repository at this point in the history
  • Loading branch information
@thesimplekid
thesimplekid committed Mar 10, 2025
1 parent bfab02f commit ba81e75
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 6 deletions.
34 changes: 31 additions & 3 deletions crates/cdk-payment-processor/src/proto/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,38 @@ impl PaymentProcessorClient {
let addr = format!("{}:{}", addr, port);
let channel = if let Some(tls_dir) = tls_dir {
// TLS directory exists, configure TLS
let server_root_ca_cert = std::fs::read_to_string(tls_dir.join("ca.pem"))?;

// Check for ca.pem
let ca_pem_path = tls_dir.join("ca.pem");
if !ca_pem_path.exists() {
let err_msg = format!("CA certificate file not found: {}", ca_pem_path.display());
tracing::error!("{}", err_msg);
return Err(anyhow!(err_msg));
}

// Check for client.pem
let client_pem_path = tls_dir.join("client.pem");
if !client_pem_path.exists() {
let err_msg = format!(
"Client certificate file not found: {}",
client_pem_path.display()
);
tracing::error!("{}", err_msg);
return Err(anyhow!(err_msg));
}

// Check for client.key
let client_key_path = tls_dir.join("client.key");
if !client_key_path.exists() {
let err_msg = format!("Client key file not found: {}", client_key_path.display());
tracing::error!("{}", err_msg);
return Err(anyhow!(err_msg));
}

let server_root_ca_cert = std::fs::read_to_string(&ca_pem_path)?;
let server_root_ca_cert = Certificate::from_pem(server_root_ca_cert);
let client_cert = std::fs::read_to_string(tls_dir.join("client.pem"))?;
let client_key = std::fs::read_to_string(tls_dir.join("client.key"))?;
let client_cert = std::fs::read_to_string(&client_pem_path)?;
let client_key = std::fs::read_to_string(&client_key_path)?;
let client_identity = Identity::from_pem(client_cert, client_key);
let tls = ClientTlsConfig::new()
.ca_certificate(server_root_ca_cert)
Expand Down
36 changes: 33 additions & 3 deletions crates/cdk-payment-processor/src/proto/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,39 @@ impl PaymentProcessorServer {
let server = match tls_dir {
Some(tls_dir) => {
tracing::info!("TLS configuration found, starting secure server");
let cert = std::fs::read_to_string(tls_dir.join("server.pem"))?;
let key = std::fs::read_to_string(tls_dir.join("server.key"))?;
let client_ca_cert = std::fs::read_to_string(tls_dir.join("ca.pem"))?;

// Check for server.pem
let server_pem_path = tls_dir.join("server.pem");
if !server_pem_path.exists() {
let err_msg = format!(
"TLS certificate file not found: {}",
server_pem_path.display()
);
tracing::error!("{}", err_msg);
return Err(anyhow::anyhow!(err_msg));
}

// Check for server.key
let server_key_path = tls_dir.join("server.key");
if !server_key_path.exists() {
let err_msg = format!("TLS key file not found: {}", server_key_path.display());
tracing::error!("{}", err_msg);
return Err(anyhow::anyhow!(err_msg));
}

// Check for ca.pem
let ca_pem_path = tls_dir.join("ca.pem");
if !ca_pem_path.exists() {
let err_msg =
format!("CA certificate file not found: {}", ca_pem_path.display());
tracing::error!("{}", err_msg);
return Err(anyhow::anyhow!(err_msg));
}

let cert = std::fs::read_to_string(&server_pem_path)?;
let key = std::fs::read_to_string(&server_key_path)?;
let client_ca_cert = std::fs::read_to_string(&ca_pem_path)?;

let client_ca_cert = Certificate::from_pem(client_ca_cert);
let server_identity = Identity::from_pem(cert, key);
let tls_config = ServerTlsConfig::new()
Expand Down

0 comments on commit ba81e75

Please sign in to comment.