in enclave_build/src/docker.rs [76:139]
fn get_credentials(&self) -> Result<RegistryAuth, DockerError> {
let image = self.docker_image.clone();
let host = if let Ok(uri) = Url::parse(&image) {
uri.host().map(|s| s.to_string())
} else {
// Some Docker URIs don't have the protocol included, so just use
// a dummy one to trick Url that it's a properly defined Uri.
let uri = format!("dummy://{}", image);
if let Ok(uri) = Url::parse(&uri) {
uri.host().map(|s| s.to_string())
} else {
None
}
};
if let Some(registry_domain) = host {
let config_file = self.get_config_file()?;
let config_json: serde_json::Value =
serde_json::from_reader(&config_file).map_err(|err| {
CredentialsError(format!("JSON was not well-formatted: {}", err.to_string()))
})?;
let auths = config_json.get("auths").ok_or_else(|| {
CredentialsError("Could not find auths key in config JSON".to_string())
})?;
if let Value::Object(auths) = auths {
for (registry_name, registry_auths) in auths.iter() {
if !registry_name.to_string().contains(®istry_domain) {
continue;
}
let auth = registry_auths
.get("auth")
.ok_or_else(|| {
CredentialsError("Could not find auth key in config JSON".to_string())
})?
.to_string();
let auth = auth.replace(r#"""#, "");
let decoded = base64::decode(&auth).map_err(|err| {
CredentialsError(format!("Invalid Base64 encoding for auth: {}", err))
})?;
let decoded = std::str::from_utf8(&decoded).map_err(|err| {
CredentialsError(format!("Invalid utf8 encoding for auth: {}", err))
})?;
if let Some(index) = decoded.rfind(':') {
let (user, after_user) = decoded.split_at(index);
let (_, password) = after_user.split_at(1);
return Ok(RegistryAuth::builder()
.username(user)
.password(password)
.build());
}
}
}
}
Err(CredentialsError(
"No credentials found for the current image".to_string(),
))
}