Load overlay certs to internal vars (cloud passthrough)

include/cloud_request.h

@@ -1,6 +1,8 @@
 #ifndef __CLOUD_REQUEST_H__
 #define __CLOUD_REQUEST_H__
 
+#define HTTP_CLIENT_PRIVATE_CONTEXT void *sourceCtx;
+
 #include <stdbool.h>
 #include <stdint.h>
 #include "http/http_client.h"

include/settings.h

@@ -421,6 +421,7 @@ setting_item_t *settings_get_by_name_ovl(const char *item, const char *overlay_n
  */
 const char *settings_get_string(const char *item);
 const char *settings_get_string_ovl(const char *item, const char *overlay_name);
+const char *settings_get_string_id(const char *item, uint8_t settingsId);
 
 /**
  * @brief Sets the value of a string setting item.
@@ -452,4 +453,7 @@ bool settings_set_float_ovl(const char *item, float value, const char *overlay_n
 
 char *settings_sanitize_box_id(const char *input_id);
 
+void settings_load_all_certs();
+void settings_load_certs_id(uint8_t settingsId);
+
 #endif

include/tls_adapter.h

@@ -13,5 +13,6 @@ extern TlsCache *tlsCache;
 extern YarrowContext yarrowContext;
 
 void tls_context_key_log_init(TlsContext *context);
+error_t load_cert(const char *dest_var, const char *src_file, const char *src_var, uint8_t settingsId);
 
 #endif

src/cloud_request.c

@@ -49,19 +49,9 @@ error_t httpClientTlsInitCallback(HttpClientContext *context,
         return error;
 
     // TODO fix code duplication with server.c
-    settings_t *settings;
-    char_t *subject = tlsContext->client_cert_subject;
-    if (tlsContext != NULL && osStrlen(subject) == 15)
-    {
-        char_t *commonName = strdup(&subject[2]);
-        commonName[osStrlen(commonName) - 1] = '\0';
-        settings = get_settings_cn(commonName);
-        free(commonName);
-    }
-    else
-    {
-        settings = get_settings();
-    }
+    req_cbr_t *cbr_ctx = context->sourceCtx;
+    client_ctx_t *client_ctx = ((cbr_ctx_t *)cbr_ctx->ctx)->client_ctx;
+    settings_t *settings = client_ctx->settings;
 
     const char *client_ca = settings->internal.client.ca;
     const char *client_crt = settings->internal.client.crt;
@@ -137,6 +127,7 @@ int_t cloud_request(const char *server, int port, bool https, const char *uri, c
                server, port);
 
     httpClientInit(&httpClientContext);
+    httpClientContext.sourceCtx = cbr;
     error_t error;
     if (https)
     {

src/settings.c

@@ -8,6 +8,7 @@
 #include "debug.h"
 #include "settings.h"
 #include "mutex_manager.h"
+#include "tls_adapter.h"
 
 #include "fs_port.h"
 
@@ -696,12 +697,14 @@ void settings_load_ovl(bool overlay)
         for (uint8_t i = 1; i < MAX_OVERLAYS; i++)
         {
             settings_generate_internal_dirs(&Settings_Overlay[i]);
+            settings_load_certs_id(i);
             Settings_Overlay[i].internal.config_changed = false;
         }
     }
     else
     {
         settings_generate_internal_dirs(get_settings());
+        settings_load_certs_id(0);
 
         if (Settings_Overlay[0].configVersion < CONFIG_VERSION)
         {
@@ -992,17 +995,20 @@ bool settings_set_float_ovl(const char *item, float value, const char *overlay_n
 
 const char *settings_get_string(const char *item)
 {
-    return settings_get_string_ovl(item, NULL);
+    return settings_get_string_id(item, 0);
 }
-
 const char *settings_get_string_ovl(const char *item, const char *overlay_name)
+{
+    return settings_get_string_id(item, get_overlay_id(overlay_name));
+}
+const char *settings_get_string_id(const char *item, uint8_t settingsId)
 {
     if (!item)
     {
         return NULL;
     }
 
-    setting_item_t *opt = settings_get_by_name_ovl(item, overlay_name);
+    setting_item_t *opt = settings_get_by_name_id(item, settingsId);
     if (!opt || opt->type != TYPE_STRING)
     {
         return NULL;
@@ -1094,4 +1100,24 @@ char *settings_sanitize_box_id(const char *input_id)
     *dst = '\0'; // null terminate the string
 
     return new_str;
+}
+
+void settings_load_all_certs()
+{
+    for (size_t id = 0; id < MAX_OVERLAYS; id++)
+    {
+        settings_load_certs_id(id);
+    }
+}
+void settings_load_certs_id(uint8_t settingsId)
+{
+    if (get_settings_id(settingsId)->internal.config_used)
+    {
+        load_cert("internal.server.ca", "core.server_cert.file.ca", "core.server_cert.data.ca", settingsId);
+        load_cert("internal.server.crt", "core.server_cert.file.crt", "core.server_cert.data.crt", settingsId);
+        load_cert("internal.server.key", "core.server_cert.file.key", "core.server_cert.data.key", settingsId);
+        load_cert("internal.client.ca", "core.client_cert.file.ca", "core.client_cert.data.ca", settingsId);
+        load_cert("internal.client.crt", "core.client_cert.file.crt", "core.client_cert.data.crt", settingsId);
+        load_cert("internal.client.key", "core.client_cert.file.key", "core.client_cert.data.key", settingsId);
+    }
 }

src/tls_adapter.c

@@ -351,18 +351,18 @@ error_t tls_adapter_deinit()
     return NO_ERROR;
 }
 
-error_t load_cert(const char *dest_var, const char *src_file, const char *src_var)
+error_t load_cert(const char *dest_var, const char *src_file, const char *src_var, uint8_t settingsId)
 {
     /* check if the source setting contains a cert */
-    const char *src_var_val = settings_get_string(src_var);
+    const char *src_var_val = settings_get_string_id(src_var, settingsId);
 
     if (src_var_val && strlen(src_var_val))
     {
-        settings_set_string(dest_var, src_var_val);
+        settings_set_string_id(dest_var, src_var_val, settingsId);
     }
     else
     {
-        const char *src_filename = settings_get_string(src_file);
+        const char *src_filename = settings_get_string_id(src_file, settingsId);
         if (!src_filename)
         {
             TRACE_ERROR("Failed to look up '%s'\r\n", src_file);
@@ -377,7 +377,7 @@ error_t load_cert(const char *dest_var, const char *src_file, const char *src_va
             TRACE_ERROR("Loading cert '%s' failed\r\n", src_filename);
             return error;
         }
-        settings_set_string(dest_var, serverCert);
+        settings_set_string_id(dest_var, serverCert, settingsId);
         free(serverCert);
     }
 
@@ -410,13 +410,7 @@ error_t tls_adapter_init()
     }
 
     TRACE_INFO("Loading certificates...\r\n");
-
-    load_cert("internal.server.ca", "core.server_cert.file.ca", "core.server_cert.data.ca");
-    load_cert("internal.server.crt", "core.server_cert.file.crt", "core.server_cert.data.crt");
-    load_cert("internal.server.key", "core.server_cert.file.key", "core.server_cert.data.key");
-    load_cert("internal.client.ca", "core.client_cert.file.ca", "core.client_cert.data.ca");
-    load_cert("internal.client.crt", "core.client_cert.file.crt", "core.client_cert.data.crt");
-    load_cert("internal.client.key", "core.client_cert.file.key", "core.client_cert.data.key");
+    settings_load_certs_id(0);
 
     // TLS session cache initialization
     tlsCache = tlsInitCache(8);