in internal/hostgacommunicator/vmsettings.go [76:105]
func (goalState *ImmediateExtensionGoalState) ValidateSignature() (bool, error) {
he, err := handlersettings.GetHandlerEnv()
if err != nil {
return false, errors.Wrap(err, "failed to parse handlerenv")
}
configFolder := he.HandlerEnvironment.ConfigFolder
// TODO: Check that certificate exists or download it if is missing
// Do we need to re-download or can we assume the cert is already there?
for _, s := range goalState.Settings {
if s.ProtectedSettingsBase64 == "" {
continue
}
if s.SettingsCertThumbprint == "" {
return false, errors.New("HandlerSettings has protected settings but no cert thumbprint")
}
// go two levels up where certs are placed (/var/lib/waagent)
crt := filepath.Join(configFolder, "..", "..", fmt.Sprintf("%s.crt", s.SettingsCertThumbprint))
prv := filepath.Join(configFolder, "..", "..", fmt.Sprintf("%s.prv", s.SettingsCertThumbprint))
if !fileExists(crt) || !fileExists(prv) {
message := fmt.Sprintf("Certificate %v needed by %v is missing from the goal state", s.SettingsCertThumbprint, s.ExtensionName)
return false, errors.New(message)
}
}
return true, nil
}