Fix certificate chain loading

.gitignore

@@ -73,6 +73,7 @@ Thumbs.db
 
 coverage-html
 client/nymea-remoteproxy-client
+monitor/nymea-remoteproxy-monitor
 tests/test-offline/nymea-remoteproxy-tests-offline
 tests/test-online/nymea-remoteproxy-tests-online
 .crossbuilder/

debian/nymea-remoteproxy.service

@@ -6,7 +6,7 @@ Wants=network-online.target
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/nymea-remoteproxy -c /etc/nymea/nymea-remoteproxy.conf
+ExecStart=/usr/bin/nymea-remoteproxy -c /etc/nymea/nymea-remoteproxy.conf --verbose
 StandardOutput=journal
 StandardError=journal
 Restart=on-failure

libnymea-remoteproxy/engine.cpp

@@ -123,6 +123,11 @@ WebSocketServer *Engine::webSocketServer() const
     return m_webSocketServer;
 }
 
+MonitorServer *Engine::monitorServer() const
+{
+    return m_monitorServer;
+}
+
 Engine::Engine(QObject *parent) :
     QObject(parent)
 {
@@ -137,7 +142,7 @@ Engine::~Engine()
 void Engine::clean()
 {
     if (m_monitorServer) {
-        m_monitorServer->startServer();
+        m_monitorServer->stopServer();
         delete m_monitorServer;
         m_monitorServer = nullptr;
     }

libnymea-remoteproxy/engine.h

@@ -37,6 +37,7 @@ public:
     Authenticator *authenticator() const;
     ProxyServer *proxyServer() const;
     WebSocketServer *webSocketServer() const;
+    MonitorServer *monitorServer() const;
 
 private:
     explicit Engine(QObject *parent = nullptr);

libnymea-remoteproxy/monitorserver.cpp

@@ -15,6 +15,19 @@ MonitorServer::MonitorServer(const QString &serverName, QObject *parent) :
     connect(m_timer, &QTimer::timeout, this, &MonitorServer::onTimeout);
 }
 
+MonitorServer::~MonitorServer()
+{
+    stopServer();
+}
+
+bool MonitorServer::running() const
+{
+    if (!m_server)
+        return false;
+
+    return m_server->isListening();
+}
+
 QVariantMap MonitorServer::createMonitorData()
 {
     QVariantMap monitorData;
@@ -66,9 +79,10 @@ void MonitorServer::onMonitorDisconnected()
 
 void MonitorServer::startServer()
 {
+    qCDebug(dcMonitorServer()) << "Starting server on" << m_serverName;
     m_server = new QLocalServer(this);
     if (!m_server->listen(m_serverName)) {
-        qCWarning(dcMonitorServer()) << "Could not start local server for monitor on" << m_serverName;
+        qCWarning(dcMonitorServer()) << "Could not start local server for monitor on" << m_serverName << m_server->errorString();
         delete m_server;
         m_server = nullptr;
         return;

libnymea-remoteproxy/monitorserver.h

@@ -13,6 +13,9 @@ class MonitorServer : public QObject
     Q_OBJECT
 public:
     explicit MonitorServer(const QString &serverName, QObject *parent = nullptr);
+    ~MonitorServer();
+
+    bool running() const;
 
 private:
     QString m_serverName;

libnymea-remoteproxy/proxyconfiguration.cpp

@@ -32,6 +32,7 @@ bool ProxyConfiguration::loadConfiguration(const QString &fileName)
     setServerName(settings.value("name", "nymea-remoteproxy").toString());
     setWriteLogFile(settings.value("writeLogs", false).toBool());
     setLogFileName(settings.value("logFile", "/var/log/nymea-remoteproxy.log").toString());
+    setMonitorSocketFileName(settings.value("monitorSocket", "/tmp/nymea-remoteproxy.monitor").toString());
     setSslCertificateFileName(settings.value("certificate", "/etc/ssl/certs/ssl-cert-snakeoil.pem").toString());
     setSslCertificateKeyFileName(settings.value("certificateKey", "/etc/ssl/private/ssl-cert-snakeoil.key").toString());
     setSslCertificateChainFileName(settings.value("certificateChain", "").toString());
@@ -80,8 +81,10 @@ bool ProxyConfiguration::loadConfiguration(const QString &fileName)
             qCWarning(dcApplication()) << "Could not open certificate chain file:" << sslCertificateChainFileName() << certChainFile.errorString();
             return false;
         }
-        QSslCertificate certificate(&certKeyFile, QSsl::Pem);
-        sslConfiguration.setLocalCertificateChain( { certificate } );
+        QSslCertificate certificate(&certChainFile, QSsl::Pem);
+        sslConfiguration.setCaCertificates( QList<QSslCertificate>() << certificate );
+        certChainFile.close();
+        qCDebug(dcApplication()) << "Loaded successfully certificate chain" << sslCertificateKeyFileName();
     }
 
     m_sslConfiguration = sslConfiguration;
@@ -119,6 +122,16 @@ void ProxyConfiguration::setLogFileName(const QString &logFileName)
     m_logFileName = logFileName;
 }
 
+QString ProxyConfiguration::monitorSocketFileName() const
+{
+    return m_monitorSocketFileName;
+}
+
+void ProxyConfiguration::setMonitorSocketFileName(const QString &fileName)
+{
+    m_monitorSocketFileName = fileName;
+}
+
 QString ProxyConfiguration::sslCertificateFileName() const
 {
     return m_sslCertificateFileName;

libnymea-remoteproxy/proxyconfiguration.h

@@ -26,6 +26,9 @@ public:
     QString logFileName() const;
     void setLogFileName(const QString &logFileName);
 
+    QString monitorSocketFileName() const;
+    void setMonitorSocketFileName(const QString &fileName);
+
     QString sslCertificateFileName() const;
     void setSslCertificateFileName(const QString &fileName);
 
@@ -56,6 +59,7 @@ private:
     QString m_serverName;
     bool m_writeLogFile = false;
     QString m_logFileName = "/var/log/nymea-remoteproxy.log";
+    QString m_monitorSocketFileName;
     QString m_sslCertificateFileName = "/etc/ssl/certs/ssl-cert-snakeoil.pem";
     QString m_sslCertificateKeyFileName = "/etc/ssl/private/ssl-cert-snakeoil.key";
     QString m_sslCertificateChainFileName;

libnymea-remoteproxy/proxyserver.cpp

@@ -241,6 +241,7 @@ void ProxyServer::startServer()
     foreach (TransportInterface *interface, m_transportInterfaces) {
         interface->startServer();
     }
+    setRunning(true);
 }
 
 void ProxyServer::stopServer()
@@ -249,6 +250,7 @@ void ProxyServer::stopServer()
     foreach (TransportInterface *interface, m_transportInterfaces) {
         interface->stopServer();
     }
+    setRunning(false);
 }
 
 }

nymea-remoteproxy.conf

@@ -1,6 +1,7 @@
 name=nymea-remoteproxy
 writeLogs=false
 logFile=/var/log/nymea-remoteproxy.log
+monitorSocket=/tmp/nymea-remoteproxy.monitor
 certificate=/etc/ssl/certs/ssl-cert-snakeoil.pem
 certificateKey=/etc/ssl/private/ssl-cert-snakeoil.key
 certificateChain=

tests/test-offline/nymea-remoteproxy-tests-offline.cpp

@@ -34,11 +34,10 @@ void RemoteProxyOfflineTests::dummyAuthenticator()
 
     QVERIFY(runningSpy.count() == 1);
 
-    // Make sure the server is not running
+    // Make sure the server is running
     QVERIFY(Engine::instance()->running());
-
-    // Make sure the websocket server is not running
     QVERIFY(Engine::instance()->webSocketServer()->running());
+    QVERIFY(Engine::instance()->proxyServer()->running());
 
     // Create request
     QVariantMap params;
@@ -53,6 +52,13 @@ void RemoteProxyOfflineTests::dummyAuthenticator()
     cleanUpEngine();
 }
 
+void RemoteProxyOfflineTests::monitorServer()
+{
+    startServer();
+    QVERIFY(Engine::instance()->monitorServer()->running());
+
+}
+
 void RemoteProxyOfflineTests::webserverConnectionBlocked()
 {
     // Create a dummy server which blocks the port

tests/test-offline/nymea-remoteproxy-tests-offline.h

@@ -25,6 +25,7 @@ private slots:
     // Basic stuff
     void startStopServer();
     void dummyAuthenticator();
+    void monitorServer();
 
     // WebSocket connection
     void webserverConnectionBlocked();

tests/testbase/basetest.h

@@ -85,13 +85,10 @@ public slots:
                  .toLatin1().data());
     }
 
-
     inline void verifyAuthenticationError(const QVariant &response, Authenticator::AuthenticationError error = Authenticator::AuthenticationErrorNoError) {
         verifyError(response, "authenticationError", JsonTypes::authenticationErrorToString(error));
     }
 
-
-
 };
 
 #endif // BASETEST_H