From a8ccd2b153dff5343347ff77e8bd4a53b319f469 Mon Sep 17 00:00:00 2001
From: andres-portainer <91705312+andres-portainer@users.noreply.github.com>
Date: Thu, 15 Dec 2022 16:16:29 -0300
Subject: [PATCH] feat(filestore): add function to save mTLS certificates
 (#8206)

---
 api/filesystem/filesystem.go | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/api/filesystem/filesystem.go b/api/filesystem/filesystem.go
index c060225cd..1304486e1 100644
--- a/api/filesystem/filesystem.go
+++ b/api/filesystem/filesystem.go
@@ -62,6 +62,10 @@ const (
 	SSLKeyFilename = "key.pem"
 	// SSLCACertFilename represents the CA ssl certificate file name for mTLS
 	SSLCACertFilename = "ca-cert.pem"
+
+	MTLSCertFilename   = "mtls-cert.pem"
+	MTLSCACertFilename = "mtls-ca-cert.pem"
+	MTLSKeyFilename    = "mtls-key.pem"
 )
 
 // ErrUndefinedTLSFileType represents an error returned on undefined TLS file type
@@ -663,6 +667,14 @@ func (service *Service) GetDefaultSSLCertsPath() (string, string) {
 	return service.wrapFileStore(certPath), service.wrapFileStore(keyPath)
 }
 
+func defaultMTLSCertPathUnderFileStore() (string, string, string) {
+	certPath := JoinPaths(SSLCertPath, MTLSCertFilename)
+	caCertPath := JoinPaths(SSLCertPath, MTLSCACertFilename)
+	keyPath := JoinPaths(SSLCertPath, MTLSKeyFilename)
+
+	return certPath, caCertPath, keyPath
+}
+
 // StoreSSLCertPair stores a ssl certificate pair
 func (service *Service) StoreSSLCertPair(cert, key []byte) (string, string, error) {
 	certPath, keyPath := defaultCertPathUnderFileStore()
@@ -767,3 +779,27 @@ func CreateFile(path string, r io.Reader) error {
 	_, err = io.Copy(out, r)
 	return err
 }
+
+func (service *Service) StoreMTLSCertificates(cert, caCert, key []byte) (string, string, string, error) {
+	certPath, caCertPath, keyPath := defaultMTLSCertPathUnderFileStore()
+
+	r := bytes.NewReader(cert)
+	err := service.createFileInStore(certPath, r)
+	if err != nil {
+		return "", "", "", err
+	}
+
+	r = bytes.NewReader(caCert)
+	err = service.createFileInStore(caCertPath, r)
+	if err != nil {
+		return "", "", "", err
+	}
+
+	r = bytes.NewReader(key)
+	err = service.createFileInStore(keyPath, r)
+	if err != nil {
+		return "", "", "", err
+	}
+
+	return service.wrapFileStore(certPath), service.wrapFileStore(caCertPath), service.wrapFileStore(keyPath), nil
+}