From f0599d59eb37b67434b0e174a94260fe0912e9f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20St=C3=BCrz?= Date: Thu, 16 Aug 2018 18:15:14 +0200 Subject: [PATCH] Fix certificate chain loading --- .gitignore | 1 + debian/nymea-remoteproxy.service | 2 +- libnymea-remoteproxy/engine.cpp | 7 ++++++- libnymea-remoteproxy/engine.h | 1 + libnymea-remoteproxy/monitorserver.cpp | 16 +++++++++++++++- libnymea-remoteproxy/monitorserver.h | 3 +++ libnymea-remoteproxy/proxyconfiguration.cpp | 17 +++++++++++++++-- libnymea-remoteproxy/proxyconfiguration.h | 4 ++++ libnymea-remoteproxy/proxyserver.cpp | 2 ++ nymea-remoteproxy.conf | 1 + .../nymea-remoteproxy-tests-offline.cpp | 12 +++++++++--- .../nymea-remoteproxy-tests-offline.h | 1 + tests/testbase/basetest.h | 3 --- 13 files changed, 59 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 5b30fa3..ea27b3b 100644 --- a/.gitignore +++ b/.gitignore @@ -73,6 +73,7 @@ Thumbs.db coverage-html client/nymea-remoteproxy-client +monitor/nymea-remoteproxy-monitor tests/test-offline/nymea-remoteproxy-tests-offline tests/test-online/nymea-remoteproxy-tests-online .crossbuilder/ diff --git a/debian/nymea-remoteproxy.service b/debian/nymea-remoteproxy.service index af023ee..37b348c 100644 --- a/debian/nymea-remoteproxy.service +++ b/debian/nymea-remoteproxy.service @@ -6,7 +6,7 @@ Wants=network-online.target [Service] Type=simple -ExecStart=/usr/bin/nymea-remoteproxy -c /etc/nymea/nymea-remoteproxy.conf +ExecStart=/usr/bin/nymea-remoteproxy -c /etc/nymea/nymea-remoteproxy.conf --verbose StandardOutput=journal StandardError=journal Restart=on-failure diff --git a/libnymea-remoteproxy/engine.cpp b/libnymea-remoteproxy/engine.cpp index 7aaab15..db02b1f 100644 --- a/libnymea-remoteproxy/engine.cpp +++ b/libnymea-remoteproxy/engine.cpp @@ -123,6 +123,11 @@ WebSocketServer *Engine::webSocketServer() const return m_webSocketServer; } +MonitorServer *Engine::monitorServer() const +{ + return m_monitorServer; +} + Engine::Engine(QObject *parent) : QObject(parent) { @@ -137,7 +142,7 @@ Engine::~Engine() void Engine::clean() { if (m_monitorServer) { - m_monitorServer->startServer(); + m_monitorServer->stopServer(); delete m_monitorServer; m_monitorServer = nullptr; } diff --git a/libnymea-remoteproxy/engine.h b/libnymea-remoteproxy/engine.h index 25354f5..416a01f 100644 --- a/libnymea-remoteproxy/engine.h +++ b/libnymea-remoteproxy/engine.h @@ -37,6 +37,7 @@ public: Authenticator *authenticator() const; ProxyServer *proxyServer() const; WebSocketServer *webSocketServer() const; + MonitorServer *monitorServer() const; private: explicit Engine(QObject *parent = nullptr); diff --git a/libnymea-remoteproxy/monitorserver.cpp b/libnymea-remoteproxy/monitorserver.cpp index 5ee58cd..1f042fc 100644 --- a/libnymea-remoteproxy/monitorserver.cpp +++ b/libnymea-remoteproxy/monitorserver.cpp @@ -15,6 +15,19 @@ MonitorServer::MonitorServer(const QString &serverName, QObject *parent) : connect(m_timer, &QTimer::timeout, this, &MonitorServer::onTimeout); } +MonitorServer::~MonitorServer() +{ + stopServer(); +} + +bool MonitorServer::running() const +{ + if (!m_server) + return false; + + return m_server->isListening(); +} + QVariantMap MonitorServer::createMonitorData() { QVariantMap monitorData; @@ -66,9 +79,10 @@ void MonitorServer::onMonitorDisconnected() void MonitorServer::startServer() { + qCDebug(dcMonitorServer()) << "Starting server on" << m_serverName; m_server = new QLocalServer(this); if (!m_server->listen(m_serverName)) { - qCWarning(dcMonitorServer()) << "Could not start local server for monitor on" << m_serverName; + qCWarning(dcMonitorServer()) << "Could not start local server for monitor on" << m_serverName << m_server->errorString(); delete m_server; m_server = nullptr; return; diff --git a/libnymea-remoteproxy/monitorserver.h b/libnymea-remoteproxy/monitorserver.h index 6db6ff4..2193a39 100644 --- a/libnymea-remoteproxy/monitorserver.h +++ b/libnymea-remoteproxy/monitorserver.h @@ -13,6 +13,9 @@ class MonitorServer : public QObject Q_OBJECT public: explicit MonitorServer(const QString &serverName, QObject *parent = nullptr); + ~MonitorServer(); + + bool running() const; private: QString m_serverName; diff --git a/libnymea-remoteproxy/proxyconfiguration.cpp b/libnymea-remoteproxy/proxyconfiguration.cpp index 6af1578..217272b 100644 --- a/libnymea-remoteproxy/proxyconfiguration.cpp +++ b/libnymea-remoteproxy/proxyconfiguration.cpp @@ -32,6 +32,7 @@ bool ProxyConfiguration::loadConfiguration(const QString &fileName) setServerName(settings.value("name", "nymea-remoteproxy").toString()); setWriteLogFile(settings.value("writeLogs", false).toBool()); setLogFileName(settings.value("logFile", "/var/log/nymea-remoteproxy.log").toString()); + setMonitorSocketFileName(settings.value("monitorSocket", "/tmp/nymea-remoteproxy.monitor").toString()); setSslCertificateFileName(settings.value("certificate", "/etc/ssl/certs/ssl-cert-snakeoil.pem").toString()); setSslCertificateKeyFileName(settings.value("certificateKey", "/etc/ssl/private/ssl-cert-snakeoil.key").toString()); setSslCertificateChainFileName(settings.value("certificateChain", "").toString()); @@ -80,8 +81,10 @@ bool ProxyConfiguration::loadConfiguration(const QString &fileName) qCWarning(dcApplication()) << "Could not open certificate chain file:" << sslCertificateChainFileName() << certChainFile.errorString(); return false; } - QSslCertificate certificate(&certKeyFile, QSsl::Pem); - sslConfiguration.setLocalCertificateChain( { certificate } ); + QSslCertificate certificate(&certChainFile, QSsl::Pem); + sslConfiguration.setCaCertificates( QList() << certificate ); + certChainFile.close(); + qCDebug(dcApplication()) << "Loaded successfully certificate chain" << sslCertificateKeyFileName(); } m_sslConfiguration = sslConfiguration; @@ -119,6 +122,16 @@ void ProxyConfiguration::setLogFileName(const QString &logFileName) m_logFileName = logFileName; } +QString ProxyConfiguration::monitorSocketFileName() const +{ + return m_monitorSocketFileName; +} + +void ProxyConfiguration::setMonitorSocketFileName(const QString &fileName) +{ + m_monitorSocketFileName = fileName; +} + QString ProxyConfiguration::sslCertificateFileName() const { return m_sslCertificateFileName; diff --git a/libnymea-remoteproxy/proxyconfiguration.h b/libnymea-remoteproxy/proxyconfiguration.h index 411a7c7..f8cb629 100644 --- a/libnymea-remoteproxy/proxyconfiguration.h +++ b/libnymea-remoteproxy/proxyconfiguration.h @@ -26,6 +26,9 @@ public: QString logFileName() const; void setLogFileName(const QString &logFileName); + QString monitorSocketFileName() const; + void setMonitorSocketFileName(const QString &fileName); + QString sslCertificateFileName() const; void setSslCertificateFileName(const QString &fileName); @@ -56,6 +59,7 @@ private: QString m_serverName; bool m_writeLogFile = false; QString m_logFileName = "/var/log/nymea-remoteproxy.log"; + QString m_monitorSocketFileName; QString m_sslCertificateFileName = "/etc/ssl/certs/ssl-cert-snakeoil.pem"; QString m_sslCertificateKeyFileName = "/etc/ssl/private/ssl-cert-snakeoil.key"; QString m_sslCertificateChainFileName; diff --git a/libnymea-remoteproxy/proxyserver.cpp b/libnymea-remoteproxy/proxyserver.cpp index 891cee9..12fe613 100644 --- a/libnymea-remoteproxy/proxyserver.cpp +++ b/libnymea-remoteproxy/proxyserver.cpp @@ -241,6 +241,7 @@ void ProxyServer::startServer() foreach (TransportInterface *interface, m_transportInterfaces) { interface->startServer(); } + setRunning(true); } void ProxyServer::stopServer() @@ -249,6 +250,7 @@ void ProxyServer::stopServer() foreach (TransportInterface *interface, m_transportInterfaces) { interface->stopServer(); } + setRunning(false); } } diff --git a/nymea-remoteproxy.conf b/nymea-remoteproxy.conf index c75cda8..15ee723 100644 --- a/nymea-remoteproxy.conf +++ b/nymea-remoteproxy.conf @@ -1,6 +1,7 @@ name=nymea-remoteproxy writeLogs=false logFile=/var/log/nymea-remoteproxy.log +monitorSocket=/tmp/nymea-remoteproxy.monitor certificate=/etc/ssl/certs/ssl-cert-snakeoil.pem certificateKey=/etc/ssl/private/ssl-cert-snakeoil.key certificateChain= diff --git a/tests/test-offline/nymea-remoteproxy-tests-offline.cpp b/tests/test-offline/nymea-remoteproxy-tests-offline.cpp index 6b056a3..481d122 100644 --- a/tests/test-offline/nymea-remoteproxy-tests-offline.cpp +++ b/tests/test-offline/nymea-remoteproxy-tests-offline.cpp @@ -34,11 +34,10 @@ void RemoteProxyOfflineTests::dummyAuthenticator() QVERIFY(runningSpy.count() == 1); - // Make sure the server is not running + // Make sure the server is running QVERIFY(Engine::instance()->running()); - - // Make sure the websocket server is not running QVERIFY(Engine::instance()->webSocketServer()->running()); + QVERIFY(Engine::instance()->proxyServer()->running()); // Create request QVariantMap params; @@ -53,6 +52,13 @@ void RemoteProxyOfflineTests::dummyAuthenticator() cleanUpEngine(); } +void RemoteProxyOfflineTests::monitorServer() +{ + startServer(); + QVERIFY(Engine::instance()->monitorServer()->running()); + +} + void RemoteProxyOfflineTests::webserverConnectionBlocked() { // Create a dummy server which blocks the port diff --git a/tests/test-offline/nymea-remoteproxy-tests-offline.h b/tests/test-offline/nymea-remoteproxy-tests-offline.h index cd3914a..fafb505 100644 --- a/tests/test-offline/nymea-remoteproxy-tests-offline.h +++ b/tests/test-offline/nymea-remoteproxy-tests-offline.h @@ -25,6 +25,7 @@ private slots: // Basic stuff void startStopServer(); void dummyAuthenticator(); + void monitorServer(); // WebSocket connection void webserverConnectionBlocked(); diff --git a/tests/testbase/basetest.h b/tests/testbase/basetest.h index 11336df..21876d9 100644 --- a/tests/testbase/basetest.h +++ b/tests/testbase/basetest.h @@ -85,13 +85,10 @@ public slots: .toLatin1().data()); } - inline void verifyAuthenticationError(const QVariant &response, Authenticator::AuthenticationError error = Authenticator::AuthenticationErrorNoError) { verifyError(response, "authenticationError", JsonTypes::authenticationErrorToString(error)); } - - }; #endif // BASETEST_H