Open dee-kryvenko opened 3 months ago
We are stetting RSA256 as default signed methods https://github.com/goharbor/harbor/blob/d25f3556a94a687d58faeac1197dd5090b17ec29/src/core/service/token/authutils.go#L114 And errors occurs when using ParseRSAPrivateKeyFromPEM to passe the ECDSA signed private key https://github.com/goharbor/harbor/blob/d25f3556a94a687d58faeac1197dd5090b17ec29/src/pkg/token/options.go#L48C12-L48C28
Hmmm looks easy enough. Would you be interested in a PR?
Sure , we would like to consider this as a requirement. To enable this we need expose key signed method and change the default options properly. Probably not the common case for most of the users. Could you help me to learn the necessity of configure this algorithm?
This is just my default choice over RSA and I recon it will be more common into the future. I am wondering that the code could detect the type of certificate automatically without user input, even if through try-fail-retry...
True, will look into this and evaluate if there's any other impact ...
Expected behavior and actual behavior:
I was using cert-manager with this:
It generally works, components can communicate with each other, Portal is operational etc etc. But pulling public images or logging in with
docker login
do not work (note that in the currently released version i.e.v2.10.0
there is a separate issue https://github.com/goharbor/harbor/issues/20080 which makes symptoms entirely different, core returns 200 response with an empty token; this is what I get with my patch from https://github.com/goharbor/harbor/pull/20081):Core logs ():
Steps to reproduce the problem:
Try to pull public image or log in to Harbor using ECDSA certificate as internal tls CA.
Versions: Please specify the versions of following systems.
Additional context:
Slack thread: https://cloud-native.slack.com/archives/CC1E09J6S/p1709497679881159