From 917f099751e6a5e041a814e8dccbd21484cb59d7 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Thu, 23 Jun 2022 13:19:25 +0200
Subject: [PATCH] Error out if LDAP CA cert is not valid

If the configured LDAP CA cert can not be successfully loaded to the
Pool let the creation of the Graph Service fail.
---
 extensions/graph/pkg/server/http/server.go | 4 ++++
 extensions/graph/pkg/service/v0/service.go | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/extensions/graph/pkg/server/http/server.go b/extensions/graph/pkg/server/http/server.go
index d61a17f6a..ed208ad22 100644
--- a/extensions/graph/pkg/server/http/server.go
+++ b/extensions/graph/pkg/server/http/server.go
@@ -59,6 +59,10 @@ func Server(opts ...Option) (http.Service, error) {
 		svc.EventsPublisher(publisher),
 	)
 
+	if handle == nil {
+		return http.Service{}, errors.New("could not initialize graph service")
+	}
+
 	{
 		handle = svc.NewInstrument(handle, options.Metrics)
 		handle = svc.NewLogging(handle, options.Logger)
diff --git a/extensions/graph/pkg/service/v0/service.go b/extensions/graph/pkg/service/v0/service.go
index 2386a21c6..ee31660a8 100644
--- a/extensions/graph/pkg/service/v0/service.go
+++ b/extensions/graph/pkg/service/v0/service.go
@@ -106,10 +106,13 @@ func NewService(opts ...Option) Service {
 				certs := x509.NewCertPool()
 				pemData, err := ioutil.ReadFile(options.Config.Identity.LDAP.CACert)
 				if err != nil {
-					options.Logger.Error().Msgf("Error initializing LDAP Backend: '%s'", err)
+					options.Logger.Error().Err(err).Msgf("Error initializing LDAP Backend")
+					return nil
+				}
+				if !certs.AppendCertsFromPEM(pemData) {
+					options.Logger.Error().Msgf("Error initializing LDAP Backend. Adding CA cert failed")
 					return nil
 				}
-				certs.AppendCertsFromPEM(pemData)
 				tlsConf.RootCAs = certs
 			}