From 4f413fe86e33836dc99b5d9629efaca27f924493 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Mon, 26 Jun 2023 15:00:44 +0300 Subject: [PATCH] [#1] treesvc: Properly check for secure transport Signed-off-by: Evgenii Stratonikov --- pkg/network/address.go | 2 +- pkg/network/group.go | 2 +- pkg/network/tls.go | 4 ++-- pkg/network/tls_test.go | 2 +- pkg/services/tree/cache.go | 4 +--- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/pkg/network/address.go b/pkg/network/address.go index 0208829801..8ad285725d 100644 --- a/pkg/network/address.go +++ b/pkg/network/address.go @@ -47,7 +47,7 @@ func (a Address) URIAddr() string { panic(fmt.Errorf("could not get host addr: %w", err)) } - if !a.isTLSEnabled() { + if !a.IsTLSEnabled() { return host } diff --git a/pkg/network/group.go b/pkg/network/group.go index c18feac276..a6de0653e2 100644 --- a/pkg/network/group.go +++ b/pkg/network/group.go @@ -57,7 +57,7 @@ func (x AddressGroup) Len() int { // Less returns true if i-th address in AddressGroup supports TLS // and j-th one doesn't. func (x AddressGroup) Less(i, j int) bool { - return x[i].isTLSEnabled() && !x[j].isTLSEnabled() + return x[i].IsTLSEnabled() && !x[j].IsTLSEnabled() } // Swap swaps i-th and j-th addresses in AddressGroup. diff --git a/pkg/network/tls.go b/pkg/network/tls.go index de2c93694c..9aac89c47e 100644 --- a/pkg/network/tls.go +++ b/pkg/network/tls.go @@ -11,8 +11,8 @@ const ( // tls var is used for (un)wrapping other multiaddrs around TLS multiaddr. var tls, _ = multiaddr.NewMultiaddr("/" + tlsProtocolName) -// isTLSEnabled searches for wrapped TLS protocol in multiaddr. -func (a Address) isTLSEnabled() bool { +// IsTLSEnabled searches for wrapped TLS protocol in multiaddr. +func (a Address) IsTLSEnabled() bool { for _, protoc := range a.ma.Protocols() { if protoc.Code == multiaddr.P_TLS { return true diff --git a/pkg/network/tls_test.go b/pkg/network/tls_test.go index 25775eaf16..d93ea6a128 100644 --- a/pkg/network/tls_test.go +++ b/pkg/network/tls_test.go @@ -24,6 +24,6 @@ func TestAddress_TLSEnabled(t *testing.T) { err := addr.FromString(test.input) require.NoError(t, err) - require.Equal(t, test.wantTLS, addr.isTLSEnabled(), test.input) + require.Equal(t, test.wantTLS, addr.IsTLSEnabled(), test.input) } } diff --git a/pkg/services/tree/cache.go b/pkg/services/tree/cache.go index 97218da088..ef0c4b4657 100644 --- a/pkg/services/tree/cache.go +++ b/pkg/services/tree/cache.go @@ -4,7 +4,6 @@ import ( "context" "errors" "fmt" - "strings" "sync" "time" @@ -100,8 +99,7 @@ func dialTreeService(ctx context.Context, netmapAddr string) (*grpc.ClientConn, ), } - // FIXME(@fyrchik): ugly hack #1322 - if !strings.HasPrefix(netAddr.URIAddr(), "grpcs:") { + if netAddr.IsTLSEnabled() { opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials())) }