From 40f406165057bc3bf3b85bb2ca4c5fb3ac42ede3 Mon Sep 17 00:00:00 2001
From: Shifty <shiftysheep@protonmail.com>
Date: Tue, 6 Dec 2022 14:46:26 -0700
Subject: [PATCH] Fixing TLS connectivity by writing temp files early and
 storing filenames instead

---
 docker_challenges/__init__.py | 65 ++++++++++-------------------------
 1 file changed, 19 insertions(+), 46 deletions(-)

diff --git a/docker_challenges/__init__.py b/docker_challenges/__init__.py
index 190ef35..534f9e1 100644
--- a/docker_challenges/__init__.py
+++ b/docker_challenges/__init__.py
@@ -118,9 +118,21 @@ def docker_config():
             except:
                 print(traceback.print_exc())
                 client_key = ''
-            if len(ca_cert) != 0: b.ca_cert = ca_cert
-            if len(client_cert) != 0: b.client_cert = client_cert
-            if len(client_key) != 0: b.client_key = client_key
+            if len(ca_cert) != 0: 
+                tmpca = tempfile.NamedTemporaryFile(mode="wb",dir="/tmp", delete=False)
+                tmpca.write(ca_cert)
+                tmpca.seek(0)
+                b.ca_cert = tmpca.name
+            if len(client_cert) != 0:
+                tmpcert = tempfile.NamedTemporaryFile(mode="wb",dir="/tmp", delete=False)
+                tmpcert.write(client_cert)
+                tmpcert.seek(0)
+                b.client_cert = tmpcert.name
+            if len(client_key) != 0: 
+                tmpkey = tempfile.NamedTemporaryFile(mode="wb",dir="/tmp", delete=False)
+                tmpkey.write(client_key)
+                tmpkey.seek(0)
+                b.client_key = tmpkey.name
             b.hostname = request.form['hostname']
             b.tls_enabled = request.form['tls_enabled']
             if b.tls_enabled == "True":
@@ -218,9 +230,9 @@ def do_request(docker, url, headers=None, method='GET'):
     try:
         if tls:
             if (method == 'GET'):
-                r = requests.get(url=f"%s{url}" % URL_TEMPLATE, cert=get_client_cert(docker), verify=False, headers=headers)
+                r = requests.get(url=f"%s{url}" % URL_TEMPLATE, cert=(docker.client_cert, docker.client_key), verify=False, headers=headers)
             elif (method == 'DELETE'):
-                r = requests.delete(url=f"%s{url}" % URL_TEMPLATE, cert=get_client_cert(docker), verify=False, headers=headers)
+                r = requests.delete(url=f"%s{url}" % URL_TEMPLATE, cert=(docker.client_cert, docker.client_key), verify=False, headers=headers)
         else:
             if (method == 'GET'):
                 r = requests.get(url=f"%s{url}" % URL_TEMPLATE, headers=headers)
@@ -231,28 +243,6 @@ def do_request(docker, url, headers=None, method='GET'):
         r = []
     return r
 
-
-def get_client_cert(docker):
-    try:
-        ca = docker.ca_cert
-        client = docker.client_cert
-        ckey = docker.client_key
-        ca_file = tempfile.NamedTemporaryFile(delete=False)
-        ca_file.write(ca)
-        ca_file.seek(0)
-        client_file = tempfile.NamedTemporaryFile(delete=False)
-        client_file.write(client)
-        client_file.seek(0)
-        key_file = tempfile.NamedTemporaryFile(delete=False)
-        key_file.write(ckey)
-        key_file.seek(0)
-        CERT = (client_file.name, key_file.name)
-    except:
-        print(traceback.print_exc())
-        CERT = None
-    return CERT
-
-
 # For the Docker Config Page. Gets the Current Repositories available on the Docker Server.
 def get_repositories(docker, tags=False, repos=False):
     r = do_request(docker, '/images/json?all=1')
@@ -293,23 +283,6 @@ def create_container(docker, image, team, portbl):
         prefix = 'http'
     else:
         prefix = 'https'
-        try:
-            ca = docker.ca_cert
-            client = docker.client_cert
-            ckey = docker.client_key
-            ca_file = tempfile.NamedTemporaryFile(delete=False)
-            ca_file.write(ca)
-            ca_file.seek(0)
-            client_file = tempfile.NamedTemporaryFile(delete=False)
-            client_file.write(client)
-            client_file.seek(0)
-            key_file = tempfile.NamedTemporaryFile(delete=False)
-            key_file.write(ckey)
-            key_file.seek(0)
-            CERT = (client_file.name, key_file.name)
-        except:
-            print(traceback.print_exc())
-            return []
     host = docker.hostname
     URL_TEMPLATE = '%s://%s' % (prefix, host)
     needed_ports = get_required_ports(docker, image)
@@ -331,10 +304,10 @@ def create_container(docker, image, team, portbl):
     headers = {'Content-Type': "application/json"}
     data = json.dumps({"Image": image, "ExposedPorts": ports, "HostConfig": {"PortBindings": bindings}})
     if tls:
-        r = requests.post(url="%s/containers/create?name=%s" % (URL_TEMPLATE, container_name), cert=CERT,
+        r = requests.post(url="%s/containers/create?name=%s" % (URL_TEMPLATE, container_name), cert=(docker.client_cert, docker.client_key),
                       verify=False, data=data, headers=headers)
         result = r.json()
-        s = requests.post(url="%s/containers/%s/start" % (URL_TEMPLATE, result['Id']), cert=CERT, verify=False,
+        s = requests.post(url="%s/containers/%s/start" % (URL_TEMPLATE, result['Id']), cert=(docker.client_cert, docker.client_key), verify=False,
                           headers=headers)
     else:
         r = requests.post(url="%s/containers/create?name=%s" % (URL_TEMPLATE, container_name),