From 1188bd89b9968d9ebd0e5b3b10536397f83361b8 Mon Sep 17 00:00:00 2001
From: Daniel Jiang <jiangd@vmware.com>
Date: Wed, 10 Oct 2018 17:51:02 +0800
Subject: [PATCH] Use secure transport to access HTTP endpoint

In various parts of the code, we used insecure transport in http Client
when we assume the endpoint is http.  This causes complaints form
security scanner.  We should use secure transport in such cases.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
---
 src/common/utils/notary/helper.go        | 2 +-
 src/jobservice/job/impl/utils/utils.go   | 2 +-
 src/replication/replicator/replicator.go | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/common/utils/notary/helper.go b/src/common/utils/notary/helper.go
index 74c3a36c8..1c6b3f361 100644
--- a/src/common/utils/notary/helper.go
+++ b/src/common/utils/notary/helper.go
@@ -89,7 +89,7 @@ func GetTargets(notaryEndpoint string, username string, fqRepo string) ([]Target
 	authorizer := &notaryAuthorizer{
 		token: t.Token,
 	}
-	tr := registry.NewTransport(registry.GetHTTPTransport(true), authorizer)
+	tr := registry.NewTransport(registry.GetHTTPTransport(), authorizer)
 	gun := data.GUN(fqRepo)
 	notaryRepo, err := client.NewFileCachedNotaryRepository(notaryCachePath, gun, notaryEndpoint, tr, mockRetriever, trustPin)
 	if err != nil {
diff --git a/src/jobservice/job/impl/utils/utils.go b/src/jobservice/job/impl/utils/utils.go
index 9aae48fc2..c1d855dfe 100644
--- a/src/jobservice/job/impl/utils/utils.go
+++ b/src/jobservice/job/impl/utils/utils.go
@@ -72,7 +72,7 @@ func BuildBlobURL(endpoint, repository, digest string) string {
 // GetTokenForRepo is used for job handler to get a token for clair.
 func GetTokenForRepo(repository, secret, internalTokenServiceURL string) (string, error) {
 	credential := httpauth.NewSecretAuthorizer(secret)
-	t, err := auth.GetToken(internalTokenServiceURL, true, credential,
+	t, err := auth.GetToken(internalTokenServiceURL, false, credential,
 		[]*token.ResourceActions{{
 			Type:    "repository",
 			Name:    repository,
diff --git a/src/replication/replicator/replicator.go b/src/replication/replicator/replicator.go
index 9e3fdeb34..21e320314 100644
--- a/src/replication/replicator/replicator.go
+++ b/src/replication/replicator/replicator.go
@@ -98,7 +98,7 @@ func (d *DefaultReplicator) Replicate(replication *Replication) error {
 					"repository":            repository,
 					"tags":                  tags,
 					"src_registry_url":      url,
-					"src_registry_insecure": true,
+					"src_registry_insecure": false,
 					// "src_token_service_url":"",
 					"dst_registry_url":      target.URL,
 					"dst_registry_insecure": target.Insecure,