Skip to content

Commit 3c08df4

Browse files
aghiles-aitaghiles-ait
authored
refactor(secret-provider-agent): replace env variables with cmdline arguments (#42)
* refactor: make sbsEndpoint a cmdline argument * refactor: make appId a cmdline argument * chore: add control on atoi applied to port
1 parent c68b1b1 commit 3c08df4

File tree

1 file changed

+40
-36
lines changed

1 file changed

+40
-36
lines changed

cvmassistants/secretprovider/secret-provider-agent/src/secret_provider_agent.c

Lines changed: 40 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ char* get_secret_from_sbs_through_rats_tls(rats_tls_log_level_t log_level,
5151
bool mutual,
5252
char* ip,
5353
int port,
54-
bool appid_flag) {
54+
char* app_id) {
5555

5656
bool validation_error = false;
5757
if (attester_type == NULL || strlen(attester_type) >= ENCLAVE_ATTESTER_TYPE_NAME_SIZE) {
@@ -89,20 +89,13 @@ char* get_secret_from_sbs_through_rats_tls(rats_tls_log_level_t log_level,
8989
rats_tls_conf_t conf;
9090
memset(&conf, 0, sizeof(conf));
9191

92-
char* app_id;
9392
claim_t custom_claims[1];
94-
if (appid_flag) {
95-
app_id = getenv("appId");
96-
if (NULL != app_id) {
97-
custom_claims[0].name = "appId";
98-
custom_claims[0].value = (uint8_t*)app_id;
99-
custom_claims[0].value_size = strlen(app_id);
100-
conf.custom_claims = (claim_t*)custom_claims;
101-
conf.custom_claims_length = 1;
102-
} else {
103-
LOG_ERROR("Could not read the app_id from env");
104-
return NULL;
105-
}
93+
if (app_id != NULL) {
94+
custom_claims[0].name = "appId";
95+
custom_claims[0].value = (uint8_t*)app_id;
96+
custom_claims[0].value_size = strlen(app_id);
97+
conf.custom_claims = (claim_t*)custom_claims;
98+
conf.custom_claims_length = 1;
10699
}
107100

108101
conf.log_level = log_level;
@@ -229,36 +222,24 @@ int main(int argc, char** argv) {
229222
setvbuf(stdout, NULL, _IONBF, 0);
230223
char* secret = "";
231224
LOG_INFO("Try to get key from SBS");
232-
char* sbs_endpoint = getenv("sbsEndpoint");
233-
if (NULL == sbs_endpoint) {
234-
LOG_ERROR("SBS mode must config sbsEndpoint environment variable");
235-
return -1;
236-
}
237-
238-
LOG_DEBUG("Config of SBS endpoint is %s", sbs_endpoint);
239225

240226
char* secret_save_path = NULL;
227+
char* sbs_endpoint = NULL;
241228
char* srv_ip = NULL;
242229
char* str_port = NULL;
243230
int port;
244231

245-
srv_ip = strtok(sbs_endpoint, ":");
246-
str_port = strtok(NULL, ":");
247-
if (NULL == str_port) {
248-
LOG_ERROR("sbsEndpoint format error, eg: 127.0.0.1:5443");
249-
return -1;
250-
}
251-
port = atoi(str_port);
252-
char* const short_options = "a:v:t:c:ml:fs:h";
232+
char* const short_options = "a:v:t:c:ml:s:i:e:h";
253233
struct option long_options[] = {
254234
{"attester", required_argument, NULL, 'a'},
255235
{"verifier", required_argument, NULL, 'v'},
256236
{"tls", required_argument, NULL, 't'},
257237
{"crypto", required_argument, NULL, 'c'},
258238
{"mutual", no_argument, NULL, 'm'},
259239
{"log-level", required_argument, NULL, 'l'},
260-
{"appId", no_argument, NULL, 'f'},
261240
{"savePath", required_argument, NULL, 's'},
241+
{"appId", required_argument, NULL, 'i'},
242+
{"sbsEndpoint", required_argument, NULL, 'e'},
262243
{"help", no_argument, NULL, 'h'},
263244
{0, 0, 0, 0}};
264245

@@ -267,7 +248,7 @@ int main(int argc, char** argv) {
267248
char* tls_type = "";
268249
char* crypto_type = "";
269250
bool mutual = true;
270-
bool appid_flag = false;
251+
char* app_id = NULL;
271252
int opt;
272253
do {
273254
opt = getopt_long(argc, argv, short_options, long_options, NULL);
@@ -298,12 +279,15 @@ int main(int argc, char** argv) {
298279
else if (!strcasecmp(optarg, "off"))
299280
log_level = RATS_TLS_LOG_LEVEL_NONE;
300281
break;
301-
case 'f':
302-
appid_flag = true;
282+
case 'i':
283+
app_id = optarg;
303284
break;
304285
case 's':
305286
secret_save_path = optarg;
306287
break;
288+
case 'e':
289+
sbs_endpoint = optarg;
290+
break;
307291
case -1:
308292
break;
309293
case 'h':
@@ -321,8 +305,9 @@ int main(int argc, char** argv) {
321305
" --port/-p set the listening tcp port\n"
322306
" --debug-enclave/-D set to enable enclave debugging\n"
323307
" --verdictd/-E set to connect verdictd based on EAA protocol\n"
324-
" --appId/-f need to add appid to claims\n"
325-
" --savePath/-s save secret to local path"
308+
" --appId/-i value set the appId value to add to claims\n"
309+
" --savePath/-s save secret to local path\n"
310+
" --sbsEndpoint/-e set the SBS endpoint (format: IP:PORT)\n"
326311
" --help/-h show the usage\n");
327312
exit(-1);
328313
default:
@@ -332,6 +317,25 @@ int main(int argc, char** argv) {
332317

333318
LOG_INFO("Selected log level %d", log_level);
334319

320+
if (sbs_endpoint == NULL) {
321+
LOG_ERROR("SBS mode must provide sbsEndpoint argument (--sbsEndpoint/-e)");
322+
return -1;
323+
}
324+
325+
LOG_DEBUG("Config of SBS endpoint is %s", sbs_endpoint);
326+
327+
srv_ip = strtok(sbs_endpoint, ":");
328+
str_port = strtok(NULL, ":");
329+
if (NULL == str_port) {
330+
LOG_ERROR("sbsEndpoint format error, eg: 127.0.0.1:5443");
331+
return -1;
332+
}
333+
port = atoi(str_port);
334+
if (port == 0) {
335+
LOG_ERROR("Port is invalid, got %s", str_port);
336+
return -1;
337+
}
338+
335339
if (secret_save_path == NULL) {
336340
LOG_ERROR("Path to store secret locally is missing");
337341
return -1;
@@ -344,7 +348,7 @@ int main(int argc, char** argv) {
344348

345349
secret = get_secret_from_sbs_through_rats_tls(log_level, attester_type, verifier_type,
346350
tls_type, crypto_type, mutual, srv_ip,
347-
port, appid_flag);
351+
port, app_id);
348352
if (secret == NULL) {
349353
LOG_ERROR("Get secret from SBS failed");
350354
return -1;

0 commit comments

Comments
 (0)