From 034c1cfb9dcd6ba1b7a242ebfbabde80858a91fc Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Sat, 16 Aug 2014 13:27:04 +0300
Subject: [PATCH] make http usage for registry explicit

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)

Conflicts:
	daemon/config.go
	daemon/daemon.go
	graph/pull.go
	graph/push.go
	graph/tags.go
	registry/registry.go
	registry/service.go
---
 docs/registry.go | 49 ++++++++++++++++++++++++++++++++++++++++++++++++
 docs/service.go  |  2 +-
 2 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/docs/registry.go b/docs/registry.go
index 0b3ec12b..8599d368 100644
--- a/docs/registry.go
+++ b/docs/registry.go
@@ -213,6 +213,55 @@ func ResolveRepositoryName(reposName string) (string, string, error) {
 	return hostname, reposName, nil
 }
 
+// this method expands the registry name as used in the prefix of a repo
+// to a full url. if it already is a url, there will be no change.
+func ExpandAndVerifyRegistryUrl(hostname string, secure bool) (endpoint string, err error) {
+	if strings.HasPrefix(hostname, "http:") || strings.HasPrefix(hostname, "https:") {
+		// if there is no slash after https:// (8 characters) then we have no path in the url
+		if strings.LastIndex(hostname, "/") < 9 {
+			// there is no path given. Expand with default path
+			hostname = hostname + "/v1/"
+		}
+		if _, err := pingRegistryEndpoint(hostname); err != nil {
+			return "", errors.New("Invalid Registry endpoint: " + err.Error())
+		}
+		return hostname, nil
+	}
+
+	// use HTTPS if secure, otherwise use HTTP
+	if secure {
+		endpoint = fmt.Sprintf("https://%s/v1/", hostname)
+	} else {
+		endpoint = fmt.Sprintf("http://%s/v1/", hostname)
+	}
+	_, err = pingRegistryEndpoint(endpoint)
+	if err != nil {
+		//TODO: triggering highland build can be done there without "failing"
+		err = fmt.Errorf("Invalid registry endpoint '%s': %s ", endpoint, err)
+		if secure {
+			err = fmt.Errorf("%s. If this private registry supports only HTTP, please add `--insecure-registry %s` to the daemon's arguments.", err, hostname)
+		}
+		return "", err
+	}
+	return endpoint, nil
+}
+
+// this method verifies if the provided hostname is part of the list of
+// insecure registries and returns false if HTTP should be used
+func IsSecure(hostname string, insecureRegistries []string) (secure bool) {
+	secure = true
+	for _, h := range insecureRegistries {
+		if hostname == h {
+			secure = false
+			break
+		}
+	}
+	if hostname == IndexServerAddress() {
+		secure = true
+	}
+	return
+}
+
 func trustedLocation(req *http.Request) bool {
 	var (
 		trusteds = []string{"docker.com", "docker.io"}
diff --git a/docs/service.go b/docs/service.go
index f7b35300..334e7c2e 100644
--- a/docs/service.go
+++ b/docs/service.go
@@ -40,7 +40,7 @@ func (s *Service) Auth(job *engine.Job) engine.Status {
 	job.GetenvJson("authConfig", authConfig)
 	// TODO: this is only done here because auth and registry need to be merged into one pkg
 	if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() {
-		endpoint, err := NewEndpoint(addr)
+		endpoint, err := NewEndpoint(addr, true)
 		if err != nil {
 			return job.Error(err)
 		}