1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
// SPDX-License-Identifier: Apache-2.0
#include "vis-config.hpp"
#include <iostream>
#include <iomanip>
#include <sstream>
#include <boost/property_tree/ptree.hpp>
#include <boost/property_tree/ini_parser.hpp>
#include <boost/filesystem.hpp>
namespace property_tree = boost::property_tree;
namespace filesystem = boost::filesystem;
#define DEFAULT_CLIENT_KEY_FILE "/etc/kuksa-val/Client.key"
#define DEFAULT_CLIENT_CERT_FILE "/etc/kuksa-val/Client.pem"
#define DEFAULT_CA_CERT_FILE "/etc/kuksa-val/CA.pem"
inline
void load_string_file(const filesystem::path& p, std::string& str)
{
std::ifstream file;
file.exceptions(std::ifstream::failbit | std::ifstream::badbit);
file.open(p, std::ios_base::binary);
std::size_t sz = static_cast<std::size_t>(filesystem::file_size(p));
str.resize(sz, '\0');
file.read(&str[0], sz);
}
VisConfig::VisConfig(const std::string &hostname,
const unsigned port,
const std::string &clientKey,
const std::string &clientCert,
const std::string &caCert,
const std::string &authToken,
bool verifyPeer) :
m_hostname(hostname),
m_port(port),
m_clientKey(clientKey),
m_clientCert(clientCert),
m_caCert(caCert),
m_authToken(authToken),
m_verifyPeer(verifyPeer),
m_verbose(0),
m_valid(true)
{
// Potentially could do some certificate validation here...
}
VisConfig::VisConfig(const std::string &appname) :
m_valid(false)
{
std::string config("/etc/xdg/AGL/");
config += appname;
config += ".conf";
char *home = getenv("XDG_CONFIG_HOME");
if (home) {
config = home;
config += "/AGL/";
config += appname;
config += ".conf";
}
std::cout << "Using configuration " << config << std::endl;
property_tree::ptree pt;
try {
property_tree::ini_parser::read_ini(config, pt);
}
catch (std::exception &ex) {
std::cerr << "Could not read " << config << std::endl;
return;
}
const property_tree::ptree &settings =
pt.get_child("vis-client", property_tree::ptree());
m_hostname = settings.get("server", "localhost");
std::stringstream ss;
ss << m_hostname;
ss >> std::quoted(m_hostname);
if (m_hostname.empty()) {
std::cerr << "Invalid server hostname" << std::endl;
return;
}
m_port = settings.get("port", 8090);
if (m_port == 0) {
std::cerr << "Invalid server port" << std::endl;
return;
}
// Default to disabling peer verification for now to be able
// to use the default upstream KUKSA.val certificates for
// testing. Wrangling server and CA certificate generation
// and management to be able to verify will require further
// investigation.
m_verifyPeer = settings.get("verify-server", false);
std::string keyFileName = settings.get("key", DEFAULT_CLIENT_KEY_FILE);
std::stringstream().swap(ss);
ss << keyFileName;
ss >> std::quoted(keyFileName);
ss.str("");
if (keyFileName.empty()) {
std::cerr << "Invalid client key filename" << std::endl;
return;
}
load_string_file(keyFileName, m_clientKey);
if (m_clientKey.empty()) {
std::cerr << "Invalid client key file" << std::endl;
return;
}
std::string certFileName = settings.get("certificate", DEFAULT_CLIENT_CERT_FILE);
std::stringstream().swap(ss);
ss << certFileName;
ss >> std::quoted(certFileName);
if (certFileName.empty()) {
std::cerr << "Invalid client certificate filename" << std::endl;
return;
}
load_string_file(certFileName, m_clientCert);
if (m_clientCert.empty()) {
std::cerr << "Invalid client certificate file" << std::endl;
return;
}
std::string caCertFileName = settings.get("ca-certificate", DEFAULT_CA_CERT_FILE);
std::stringstream().swap(ss);
ss << caCertFileName;
ss >> std::quoted(caCertFileName);
if (caCertFileName.empty()) {
std::cerr << "Invalid CA certificate filename" << std::endl;
return;
}
load_string_file(caCertFileName, m_caCert);
if (m_caCert.empty()) {
std::cerr << "Invalid CA certificate file" << std::endl;
return;
}
std::string authTokenFileName = settings.get("authorization", "");
std::stringstream().swap(ss);
ss << authTokenFileName;
ss >> std::quoted(authTokenFileName);
if (authTokenFileName.empty()) {
std::cerr << "Invalid authorization token filename" << std::endl;
return;
}
load_string_file(authTokenFileName, m_authToken);
if (m_authToken.empty()) {
std::cerr << "Invalid authorization token file" << std::endl;
return;
}
m_verbose = 0;
std::string verbose = settings.get("verbose", "");
std::stringstream().swap(ss);
ss << verbose;
ss >> std::quoted(verbose);
if (!verbose.empty()) {
if (verbose == "true" || verbose == "1")
m_verbose = 1;
if (verbose == "2")
m_verbose = 2;
}
m_valid = true;
}
|
