From ba81e75dcf5283060609cefc6ce71a216c7b773e Mon Sep 17 00:00:00 2001 From: "thesimplekid (aider)" Date: Mon, 10 Mar 2025 09:34:48 +0000 Subject: [PATCH] feat: Add file existence checks for TLS files --- .../cdk-payment-processor/src/proto/client.rs | 34 ++++++++++++++++-- .../cdk-payment-processor/src/proto/server.rs | 36 +++++++++++++++++-- 2 files changed, 64 insertions(+), 6 deletions(-) diff --git a/crates/cdk-payment-processor/src/proto/client.rs b/crates/cdk-payment-processor/src/proto/client.rs index f2d71bf3c..40355b9b6 100644 --- a/crates/cdk-payment-processor/src/proto/client.rs +++ b/crates/cdk-payment-processor/src/proto/client.rs @@ -37,10 +37,38 @@ impl PaymentProcessorClient { let addr = format!("{}:{}", addr, port); let channel = if let Some(tls_dir) = tls_dir { // TLS directory exists, configure TLS - let server_root_ca_cert = std::fs::read_to_string(tls_dir.join("ca.pem"))?; + + // Check for ca.pem + let ca_pem_path = tls_dir.join("ca.pem"); + if !ca_pem_path.exists() { + let err_msg = format!("CA certificate file not found: {}", ca_pem_path.display()); + tracing::error!("{}", err_msg); + return Err(anyhow!(err_msg)); + } + + // Check for client.pem + let client_pem_path = tls_dir.join("client.pem"); + if !client_pem_path.exists() { + let err_msg = format!( + "Client certificate file not found: {}", + client_pem_path.display() + ); + tracing::error!("{}", err_msg); + return Err(anyhow!(err_msg)); + } + + // Check for client.key + let client_key_path = tls_dir.join("client.key"); + if !client_key_path.exists() { + let err_msg = format!("Client key file not found: {}", client_key_path.display()); + tracing::error!("{}", err_msg); + return Err(anyhow!(err_msg)); + } + + let server_root_ca_cert = std::fs::read_to_string(&ca_pem_path)?; let server_root_ca_cert = Certificate::from_pem(server_root_ca_cert); - let client_cert = std::fs::read_to_string(tls_dir.join("client.pem"))?; - let client_key = std::fs::read_to_string(tls_dir.join("client.key"))?; + let client_cert = std::fs::read_to_string(&client_pem_path)?; + let client_key = std::fs::read_to_string(&client_key_path)?; let client_identity = Identity::from_pem(client_cert, client_key); let tls = ClientTlsConfig::new() .ca_certificate(server_root_ca_cert) diff --git a/crates/cdk-payment-processor/src/proto/server.rs b/crates/cdk-payment-processor/src/proto/server.rs index 2e64d53c8..962f9f346 100644 --- a/crates/cdk-payment-processor/src/proto/server.rs +++ b/crates/cdk-payment-processor/src/proto/server.rs @@ -53,9 +53,39 @@ impl PaymentProcessorServer { let server = match tls_dir { Some(tls_dir) => { tracing::info!("TLS configuration found, starting secure server"); - let cert = std::fs::read_to_string(tls_dir.join("server.pem"))?; - let key = std::fs::read_to_string(tls_dir.join("server.key"))?; - let client_ca_cert = std::fs::read_to_string(tls_dir.join("ca.pem"))?; + + // Check for server.pem + let server_pem_path = tls_dir.join("server.pem"); + if !server_pem_path.exists() { + let err_msg = format!( + "TLS certificate file not found: {}", + server_pem_path.display() + ); + tracing::error!("{}", err_msg); + return Err(anyhow::anyhow!(err_msg)); + } + + // Check for server.key + let server_key_path = tls_dir.join("server.key"); + if !server_key_path.exists() { + let err_msg = format!("TLS key file not found: {}", server_key_path.display()); + tracing::error!("{}", err_msg); + return Err(anyhow::anyhow!(err_msg)); + } + + // Check for ca.pem + let ca_pem_path = tls_dir.join("ca.pem"); + if !ca_pem_path.exists() { + let err_msg = + format!("CA certificate file not found: {}", ca_pem_path.display()); + tracing::error!("{}", err_msg); + return Err(anyhow::anyhow!(err_msg)); + } + + let cert = std::fs::read_to_string(&server_pem_path)?; + let key = std::fs::read_to_string(&server_key_path)?; + let client_ca_cert = std::fs::read_to_string(&ca_pem_path)?; + let client_ca_cert = Certificate::from_pem(client_ca_cert); let server_identity = Identity::from_pem(cert, key); let tls_config = ServerTlsConfig::new()