tls support for pushing sbom

src/pkg/scan/util.go

@@ -15,7 +15,6 @@
 package scan
 
 import (
-	"crypto/tls"
 	"fmt"
 	"net/http"
 
@@ -30,24 +29,25 @@
 	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 
+	commonhttp "github.com/goharbor/harbor/src/common/http"
+	"github.com/goharbor/harbor/src/lib/log"
 	"github.com/goharbor/harbor/src/pkg/robot/model"
 	v1sq "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
 )
 
-// Insecure ...
-type Insecure bool
-
 // RemoteOptions ...
-func (i Insecure) RemoteOptions() []remote.Option {
+func RemoteOptions() []remote.Option {
 	tr := http.DefaultTransport.(*http.Transport).Clone()
-	tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: bool(i)}
+	if commonhttp.InternalEnableVerifyClientCert() {
+		tlsConfig, err := commonhttp.GetInternalTLSConfig()
+		if err != nil {
+			log.Errorf("SBOM client load cert file with err: %v", err)
+		}
+		tr.TLSClientConfig = tlsConfig
+	}
 	return []remote.Option{remote.WithTransport(tr)}
 }
 
-type referrer struct {
-	Insecure
-}
-
 // GenAccessoryArt composes the accessory oci object and push it back to harbor core as an accessory of the scanned artifact.
 func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[string]string, mediaType string, robot *model.Robot) (string, error) {
 	accArt, err := mutate.Append(empty.Image, mutate.Addendum{
@@ -92,7 +92,7 @@
 	if err != nil {
 		return "", err
 	}
-	opts := append(referrer{Insecure: true}.RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
+	opts := append(RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
 	if err := remote.Write(accRef, accArt, opts...); err != nil {
 		return "", err
 	}