Do not use the api_gateway.url.

Continue to use the old URLs provided by treehub.url and the ostree.server field of treehub.json. This is a partial revert of 6794911. Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>
advancedtelematic · Aug 9, 2019 · 6af8b37 · 6af8b37
1 parent fce6da4
commit 6af8b37
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 37 deletions.
diff --git a/docs/provisioning-methods-and-credentialszip.adoc b/docs/provisioning-methods-and-credentialszip.adoc
@@ -13,6 +13,7 @@ The following files are present in credentials.zip:
 [options="header"]
 |======================
 | Filename in zip | Purpose | Used by
+| api_gateway.url | URL for gateway to Director | garage-sign
 | treehub.json | URL and OAuth2 authentication for treehub and Uptane repo | garage-sign, garage-push, garage-deploy
 | client_auth.p12 | TLS client credentials for authentication with treehub | garage-push, garage-deploy
 | autoprov_credentials.p12 | TLS client credentials that are required when provisioning devices with shared credentials | aktualizr, aktualizr-cert-provider

diff --git a/src/sota_tools/server_credentials.cc b/src/sota_tools/server_credentials.cc
@@ -44,7 +44,6 @@ std::unique_ptr<std::stringstream> readArchiveFile(archive *a) {
 ServerCredentials::ServerCredentials(const boost::filesystem::path &credentials_path)
     : method_(AuthMethod::kNone), credentials_path_(credentials_path) {
   bool found_config = false;
-  bool use_api_gateway = false;
 
   std::unique_ptr<std::stringstream> json_stream;
 
@@ -68,10 +67,6 @@ ServerCredentials::ServerCredentials(const boost::filesystem::path &credentials_
       } else if (strcmp(filename, "client_auth.p12") == 0) {
         client_p12_ = readArchiveFile(a)->str();
         method_ = AuthMethod::kTls;
-      } else if (strcmp(filename, "api_gateway.url") == 0) {
-        use_api_gateway = true;
-        ostree_server_ = readArchiveFile(a)->str();
-        boost::trim_if(ostree_server_, boost::is_any_of(" \t\r\n"));
       } else if (strcmp(filename, "tufrepo.url") == 0) {
         repo_url_ = readArchiveFile(a)->str();
       } else {
@@ -82,45 +77,38 @@ ServerCredentials::ServerCredentials(const boost::filesystem::path &credentials_
     if (r != ARCHIVE_OK) {
       throw BadCredentialsArchive(std::string("Error closing zipped credentials file: ") + credentials_path.string());
     }
-    if (!(use_api_gateway && method_ == AuthMethod::kTls) && !found_config) {
+    if (!found_config) {
       throw BadCredentialsContent(std::string("treehub.json not found in zipped credentials file: ") +
                                   credentials_path.string());
     }
   } else {
     archive_read_free(a);
   }
 
-  if (use_api_gateway) {
-    repo_url_ = ostree_server_;
-  }
-
-  if (!(use_api_gateway && method_ == AuthMethod::kTls)) {
-    try {
-      ptree pt;
+  try {
+    ptree pt;
 
-      if (found_config) {
-        read_json(*json_stream, pt);
-      } else {
-        read_json(credentials_path.string(), pt);
-      }
+    if (found_config) {
+      read_json(*json_stream, pt);
+    } else {
+      read_json(credentials_path.string(), pt);
+    }
 
-      if (method_ == AuthMethod::kTls) {
-        // do nothing
-      } else if (optional<ptree &> ap_pt = pt.get_child_optional("oauth2")) {
-        method_ = AuthMethod::kOauth2;
-        auth_server_ = ap_pt->get<std::string>("server", "");
-        client_id_ = ap_pt->get<std::string>("client_id", "");
-        client_secret_ = ap_pt->get<std::string>("client_secret", "");
-      } else if (optional<ptree &> ba_pt = pt.get_child_optional("basic_auth")) {
-        method_ = AuthMethod::kBasic;
-        auth_user_ = ba_pt->get<std::string>("user", "");
-        auth_password_ = ba_pt->get<std::string>("password", "");
-      }
-      ostree_server_ = pt.get<std::string>("ostree.server", "");
-    } catch (const json_parser_error &e) {
-      throw BadCredentialsJson(std::string("Unable to read ") + credentials_path.string() +
-                               " as archive or json file.");
+    if (method_ == AuthMethod::kTls) {
+      // do nothing
+    } else if (optional<ptree &> ap_pt = pt.get_child_optional("oauth2")) {
+      method_ = AuthMethod::kOauth2;
+      auth_server_ = ap_pt->get<std::string>("server", "");
+      client_id_ = ap_pt->get<std::string>("client_id", "");
+      client_secret_ = ap_pt->get<std::string>("client_secret", "");
+    } else if (optional<ptree &> ba_pt = pt.get_child_optional("basic_auth")) {
+      method_ = AuthMethod::kBasic;
+      auth_user_ = ba_pt->get<std::string>("user", "");
+      auth_password_ = ba_pt->get<std::string>("password", "");
     }
+    ostree_server_ = pt.get<std::string>("ostree.server", "");
+  } catch (const json_parser_error &e) {
+    throw BadCredentialsJson(std::string("Unable to read ") + credentials_path.string() + " as archive or json file.");
   }
 }
 

diff --git a/tests/sota_tools/cert_generation/api_gateway.url b/tests/sota_tools/cert_generation/api_gateway.url
diff --git a/tests/sota_tools/cert_generation/generate-zips.sh b/tests/sota_tools/cert_generation/generate-zips.sh
@@ -12,10 +12,18 @@ DEST_DIR="$1"
 mkdir -p "$DEST_DIR"
 trap 'rm -rf "$DEST_DIR"' ERR
 
+TREEHUB="{\
+  \"ostree\": {\
+    \"server\": \"http://localhost:1443/\"\
+  }\
+}"
+
+echo $TREEHUB > "$DEST_DIR/treehub.json"
+
 cp "$SRC_DIR/client_good.p12" "$DEST_DIR/client_auth.p12"
-zip -j "$DEST_DIR/good.zip" "$DEST_DIR/client_auth.p12" "$SRC_DIR/api_gateway.url"
+zip -j "$DEST_DIR/good.zip" "$DEST_DIR/client_auth.p12" "$DEST_DIR/treehub.json"
 rm "$DEST_DIR/client_auth.p12"
 
 cp "$SRC_DIR/client_bad.p12" "$DEST_DIR/client_auth.p12"
-zip -j "$DEST_DIR/bad.zip" "$DEST_DIR/client_auth.p12" "$SRC_DIR/api_gateway.url"
+zip -j "$DEST_DIR/bad.zip" "$DEST_DIR/client_auth.p12" "$DEST_DIR/treehub.json"
 rm "$DEST_DIR/client_auth.p12"