nfc: Record the SSL thumbprint for the host the (device) URL refers to

With this change we are recording the SSL thumbprint for the host the device URL refers to. This is done so that clients of the nfc wrapper can perform their own SSL verification using the recorded thumbprint if necessary. The thumbprint is stored in the FileItem struct, but the New constructor is not modified so as not to introduce any breaking changes. Please note that the thumbprint is recorded only for the import case, since that is the only necessary path for our internal usages.
vmware · Jun 4, 2024 · a554e04 · a554e04
1 parent 9a1b3c8
commit a554e04
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/nfc/lease.go b/nfc/lease.go
@@ -145,7 +145,11 @@ func (l *Lease) newLeaseInfo(li *types.HttpNfcLeaseInfo, items []types.OvfFileIt
 		// this is an import
 		for _, item := range items {
 			if device.ImportKey == item.DeviceId {
-				info.Items = append(info.Items, NewFileItem(u, item))
+				fi := NewFileItem(u, item)
+				fi.Thumbprint = device.SslThumbprint
+
+				info.Items = append(info.Items, fi)
+
 				break
 			}
 		}

diff --git a/nfc/lease_updater.go b/nfc/lease_updater.go
@@ -30,7 +30,9 @@ import (
 
 type FileItem struct {
 	types.OvfFileItem
-	URL *url.URL
+
+	URL        *url.URL
+	Thumbprint string
 
 	ch chan progress.Report
 }