From 944f0b54be5dc17db7b5c8fed86e1ad0e06873f6 Mon Sep 17 00:00:00 2001
From: Maciej Mis <maciej.mis@intel.com>
Date: Tue, 13 Dec 2022 13:36:23 +0100
Subject: [PATCH 1/2] Implementation of new config file.

Signed-off-by: Maciej Mis <maciej.mis@intel.com>
---
 device_key/https-server.crt |  15 -----
 device_key/https-server.key |   9 ---
 src/config/config.go        | 124 ++++++++++++++++++++++++++++++++++++
 src/config/config.yml       |  34 ++++++++++
 src/go.mod                  |   4 +-
 src/go.sum                  |   2 +
 src/main.go                 |  74 +++++++--------------
 7 files changed, 185 insertions(+), 77 deletions(-)
 delete mode 100644 device_key/https-server.crt
 delete mode 100644 device_key/https-server.key
 create mode 100644 src/config/config.go
 create mode 100644 src/config/config.yml

diff --git a/device_key/https-server.crt b/device_key/https-server.crt
deleted file mode 100644
index e6cdef1..0000000
--- a/device_key/https-server.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICTTCCAdSgAwIBAgIJAI95JJ9uQ7fzMAoGCCqGSM49BAMCMGUxCzAJBgNVBAYT
-AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAllZGdlLWNvcmUxLTAr
-BgkqhkiG9w0BCQEWHmRpbmVzaF9iZWx3YWxrYXJAZWRnZS1jb3JlLmNvbTAeFw0x
-OTA4MDIxODIyNDNaFw0yOTA3MzAxODIyNDNaMGUxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAllZGdlLWNvcmUxLTArBgkqhkiG9w0B
-CQEWHmRpbmVzaF9iZWx3YWxrYXJAZWRnZS1jb3JlLmNvbTB2MBAGByqGSM49AgEG
-BSuBBAAiA2IABEfiwuwCRJzUEqktyKlFLxjTvXRTlMELJAXWAf8xrNokaKvyrBgQ
-GrrT3ZOzh0eBBdEVQGHMz3NoC6A7Ah0YX3Cj97jByXRsdkd6Fc+sebBsWsLknXaf
-IEXqrr5X6FCL/qNQME4wHQYDVR0OBBYEFDrLvdRrXUgGjUwcgmufH0bAgvOUMB8G
-A1UdIwQYMBaAFDrLvdRrXUgGjUwcgmufH0bAgvOUMAwGA1UdEwQFMAMBAf8wCgYI
-KoZIzj0EAwIDZwAwZAIwLuIZYzChsLb64GTBZ8Dpa+6NFAfbd/RB7s2k8yEASGik
-UXpqe+RFosqhnGqmZz3JAjAxDodCrKaVfcH1BLTLZTZfm1scajT1JvplPKcOgzrn
-kghLMxTd2Sz61YMip8DjqPs=
------END CERTIFICATE-----
diff --git a/device_key/https-server.key b/device_key/https-server.key
deleted file mode 100644
index 885cd84..0000000
--- a/device_key/https-server.key
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN EC PARAMETERS-----
-BgUrgQQAIg==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDD/m1fZcHwvpGNRq6KjraovQAvmadWhs8jA4HGX6PGMibHydTpJy0g2
-UcXz5UijTjKgBwYFK4EEACKhZANiAARH4sLsAkSc1BKpLcipRS8Y0710U5TBCyQF
-1gH/MazaJGir8qwYEBq6092Ts4dHgQXRFUBhzM9zaAugOwIdGF9wo/e4wcl0bHZH
-ehXPrHmwbFrC5J12nyBF6q6+V+hQi/4=
------END EC PRIVATE KEY-----
diff --git a/src/config/config.go b/src/config/config.go
new file mode 100644
index 0000000..8f78fd9
--- /dev/null
+++ b/src/config/config.go
@@ -0,0 +1,124 @@
+package config
+
+import (
+	"fmt"
+	"github.com/google/uuid"
+	"github.com/sirupsen/logrus"
+	"gopkg.in/yaml.v3"
+	"io/ioutil"
+	"net/url"
+	"os"
+)
+
+// Config struct holds configuration of Device Manager
+type Config struct {
+	Host               string   `yaml:"Host"`
+	Port               string   `yaml:"Port"`
+	UserName           string   `yaml:"UserName"`
+	Password           string   `yaml:"Password"`
+	RootServiceUUID    string   `yaml:"RootServiceUUID"`
+	OdimURL            string   `yaml:"OdimURL"`
+	OdimUserName       string   `yaml:"OdimUserName"`
+	OdimPassword       string   `yaml:"OdimPassword"`
+	TLSConf            *TLSConf `yaml:"TLSConf"`
+	RSAPrivateKeyPath  string   `yaml:"RSAPrivateKeyPath"`
+	RSAPublicKeyPath   string   `yaml:"RSAPublicKeyPath"`
+	PKIRootCAPath      string   `yaml:"PKIRootCACertificatePath"`
+	PKIPrivateKeyPath  string   `yaml:"PKIPrivateKeyPath"`
+	PKICertificatePath string   `yaml:"PKICertificatePath"`
+	PKIRootCA          []byte
+	PKIPrivateKey      []byte
+	PKICertificate     []byte
+}
+
+// TLSConf holds TLS configuration
+type TLSConf struct {
+	MinVersion uint16 `yaml:"MinVersion"`
+	MaxVersion uint16 `yaml:"MaxVersion"`
+}
+
+// LoadConfiguration loads Device Manager configuration from env path variable DM_CONFIG_FILE_PATH
+func LoadConfiguration() (*Config, error) {
+	config := new(Config)
+
+	if configPath := os.Getenv("DM_CONFIG_FILE_PATH"); configPath != "" {
+		if configData, err := ioutil.ReadFile(configPath); err == nil {
+			_ = yaml.Unmarshal(configData, config)
+		} else {
+			logrus.Fatalf("cannot load configuration file: %s", err)
+		}
+	} else {
+		logrus.Fatal("missing DM_CONFIG_FILE_PATH env")
+	}
+
+	if err := loadCerts(config); err != nil {
+		return config, err
+	}
+
+	return config, validateConfig(config)
+}
+
+func loadCerts(config *Config) error {
+	var err error
+	if config.PKICertificate, err = ioutil.ReadFile(config.PKICertificatePath); err != nil {
+		return fmt.Errorf("value check failed for CertificatePath:%s with %v", config.PKICertificatePath, err)
+	}
+	if config.PKIPrivateKey, err = ioutil.ReadFile(config.PKIPrivateKeyPath); err != nil {
+		return fmt.Errorf("value check failed for PrivateKeyPath:%s with %v", config.PKIPrivateKeyPath, err)
+	}
+	if config.PKIRootCA, err = ioutil.ReadFile(config.PKIRootCAPath); err != nil {
+		return fmt.Errorf("value check failed for RootCACertificatePath:%s with %v", config.PKIRootCAPath, err)
+	}
+
+	return nil
+}
+
+func validateConfig(config *Config) error {
+	if config.Host == "" {
+		return fmt.Errorf("missing value for Host")
+	}
+
+	if config.Port == "" {
+		return fmt.Errorf("missing value for Port")
+	}
+
+	if config.UserName == "" {
+		return fmt.Errorf("missing value for Username")
+	}
+
+	if config.Password == "" {
+		return fmt.Errorf("missing value for Password")
+	}
+
+	if config.RootServiceUUID == "" {
+		return fmt.Errorf("missing value for RootServiceUUID")
+	} else if _, err := uuid.Parse(config.RootServiceUUID); err != nil {
+		return err
+	}
+
+	if config.OdimURL == "" {
+		return fmt.Errorf("missing value for OdimURL")
+	} else if _, e := url.Parse(config.OdimURL); e != nil {
+		return e
+	}
+
+	if config.OdimUserName == "" {
+		return fmt.Errorf("missing value for OdimUserName")
+	}
+
+	if config.OdimPassword == "" {
+		return fmt.Errorf("missing value for OdimPassword")
+	}
+
+	if config.TLSConf == nil {
+		return fmt.Errorf("missing TLSConf, setting default value")
+	}
+	if config.TLSConf.MinVersion == 0 || config.TLSConf.MinVersion == 0x0301 || config.TLSConf.MinVersion == 0x0302 {
+		return fmt.Errorf("configured TLSConf.MinVersion is wrong")
+	}
+	if config.TLSConf.MaxVersion == 0 || config.TLSConf.MaxVersion == 0x0301 || config.TLSConf.MaxVersion == 0x0302 {
+		return fmt.Errorf("configured TLSConf.MaxVersion is wrong")
+	}
+
+	return nil
+}
diff --git a/src/config/config.yml b/src/config/config.yml
new file mode 100644
index 0000000..36715d5
--- /dev/null
+++ b/src/config/config.yml
@@ -0,0 +1,34 @@
+### Device Manager configuration file
+Host: odimra.local
+Port: 45003
+
+RSAPrivateKeyPath: "/etc/plugincert/odimra_rsa.private"
+RSAPublicKeyPath: "/etc/plugincert/odimra_rsa.public"
+
+PKIRootCACertificatePath: "/etc/plugincert/rootCA.crt"
+PKIPrivateKeyPath: "/etc/plugincert/odimra_server.key"
+PKICertificatePath: "/etc/plugincert/odimra_server.crt"
+
+TLSConf:
+  ### Supported TLS versions:
+  #	VersionTLS12 = 0x0303
+  #	VersionTLS13 = 0x0304
+  MinVersion: 0x0303
+  MaxVersion: 0x0303
+
+### Basic Authentication
+UserName: admin
+Password: O01bKrP7Tzs7YoO3YvQt4pRa2J_R6HI34ZfP4MxbqNIYAVQVt2ewGXmhjvBfzMifM7bHFccXKGmdHvj3hY44Hw==
+
+### Redfish service root UUID for Device Manager
+RootServiceUUID: 99999999-9999-9999-9999-999999999999
+
+# Configuration for ODIM's NB interface
+OdimURL: https://odimra.local:45000
+OdimUserName: admin
+###
+# OdimPassword variable contains encoded and encrypted password matching to the OdimUserName
+# Raw password would be encoded and encrypted using following command:
+# echo -n "MySecretPassword" |openssl pkeyutl -encrypt -inkey private.key -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512|openssl base64 -A
+##
+OdimPassword: #password#
diff --git a/src/go.mod b/src/go.mod
index be1275c..88c04fd 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -5,11 +5,13 @@ go 1.13
 require (
 	github.com/Shopify/sarama v1.28.0
 	github.com/golang/protobuf v1.4.3
+	github.com/google/uuid v1.1.2
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.8.0
 	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
 	google.golang.org/grpc v1.36.0
-	google.golang.org/protobuf v1.25.0
+	google.golang.org/protobuf v1.25.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 )
diff --git a/src/go.sum b/src/go.sum
index b175ebc..a3234c6 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -45,6 +45,7 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
@@ -72,6 +73,7 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/magefile/mage v1.10.0 h1:3HiXzCUY12kh9bIuyXShaVe529fJfyqoVM42o/uom2g=
 github.com/magefile/mage v1.10.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/pierrec/lz4 v2.6.0+incompatible h1:Ix9yFKn1nSPBLFl/yZknTp8TU5G4Ps0JDmguYK6iH1A=
 github.com/pierrec/lz4 v2.6.0+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
diff --git a/src/main.go b/src/main.go
index 6f87325..4880e0d 100644
--- a/src/main.go
+++ b/src/main.go
@@ -21,12 +21,8 @@
 package main
 
 import (
-	"crypto/tls"
-	"sync"
-
-	"io/ioutil"
+	"devicemanager/config"
 	"net"
-	"net/http"
 	"os"
 	"os/signal"
 	"strconv"
@@ -35,15 +31,11 @@ import (
 
 	manager "devicemanager/proto"
 
-	"github.com/Shopify/sarama"
-
 	logrus "github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
 )
 
 var (
-	//lock ...
-	lock sync.Mutex
 	//managerTopic ...
 	managerTopic = "manager"
 )
@@ -70,33 +62,6 @@ func (s *Server) startGrpcServer() {
 	}
 }
 
-func (s *Server) handleEvents(w http.ResponseWriter, r *http.Request) {
-	signals := make(chan os.Signal, 1)
-	signal.Notify(signals, os.Interrupt)
-	logrus.Info(" IN Handle Event  ")
-	if r.Method == "POST" {
-		Body, err := ioutil.ReadAll(r.Body)
-		if err != nil {
-			logrus.Errorf("Error getting HTTP data %s", err)
-		}
-		defer r.Body.Close()
-		message := &sarama.ProducerMessage{
-			Topic: managerTopic,
-			Value: sarama.StringEncoder(Body),
-		}
-		s.dataproducer.Input() <- message
-	}
-}
-
-func (s *Server) runServer() {
-	logrus.Info("Starting HTTP Server")
-	http.HandleFunc("/", s.handleEvents)
-	err := http.ListenAndServeTLS(GlobalConfig.Local, "https-server.crt", "https-server.key", nil)
-	if err != nil {
-		panic(err)
-	}
-}
-
 func (s *Server) vlidateDeviceRegistered(deviceIPAddress string) bool {
 	if len(s.devicemap) != 0 {
 		for device := range s.devicemap {
@@ -163,24 +128,29 @@ func init() {
 	Formatter.TimestampFormat = "02-01-2006 15:04:05.000000"
 	Formatter.FullTimestamp = true
 	logrus.SetFormatter(Formatter)
-	logrus.Info("log Connecting to broker:")
-	logrus.Info("log Listening to  http server ")
-	//sarama.Logger = log.New()
+	logrus.SetLevel(logrus.DebugLevel)
 }
 
 func main() {
-	logrus.Info("Starting Device-management Container")
-	ParseCommandLine()
-	ProcessGlobalOptions()
-	ShowGlobalOptions()
-	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-	s := Server{
-		devicemap: make(map[string]*device),
+	// Verify user ID.
+	if os.Geteuid() == 0 {
+		logrus.Fatal("Device Manager should not run with root privileges")
+	}
+	logrus.Info("Starting Device Manager")
+
+	if _, err := config.LoadConfiguration(); err != nil {
+		logrus.Fatal("error while loading config", err)
+	} else {
+		ParseCommandLine()
+		ProcessGlobalOptions()
+		ShowGlobalOptions()
+		s := Server{
+			devicemap: make(map[string]*device),
+		}
+		go s.startGrpcServer()
+		quit := make(chan os.Signal, 10)
+		signal.Notify(quit, os.Interrupt)
+		sig := <-quit
+		logrus.Infof("Shutting down:%d", sig)
 	}
-	go s.runServer()
-	go s.startGrpcServer()
-	quit := make(chan os.Signal, 10)
-	signal.Notify(quit, os.Interrupt)
-	sig := <-quit
-	logrus.Infof("Shutting down:%d", sig)
 }

From 2d18abb6dce890ec04ef6eda3054fc758f9083eb Mon Sep 17 00:00:00 2001
From: Maciej Mis <maciej.mis@intel.com>
Date: Thu, 5 Jan 2023 13:00:42 +0100
Subject: [PATCH 2/2] Removed unnecessary variables from config.

Signed-off-by: Maciej Mis <maciej.mis@intel.com>
---
 src/config/config.go  | 21 +--------------------
 src/config/config.yml | 13 -------------
 2 files changed, 1 insertion(+), 33 deletions(-)

diff --git a/src/config/config.go b/src/config/config.go
index 8f78fd9..4d94dae 100644
--- a/src/config/config.go
+++ b/src/config/config.go
@@ -6,7 +6,6 @@ import (
 	"github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v3"
 	"io/ioutil"
-	"net/url"
 	"os"
 )
 
@@ -17,12 +16,7 @@ type Config struct {
 	UserName           string   `yaml:"UserName"`
 	Password           string   `yaml:"Password"`
 	RootServiceUUID    string   `yaml:"RootServiceUUID"`
-	OdimURL            string   `yaml:"OdimURL"`
-	OdimUserName       string   `yaml:"OdimUserName"`
-	OdimPassword       string   `yaml:"OdimPassword"`
 	TLSConf            *TLSConf `yaml:"TLSConf"`
-	RSAPrivateKeyPath  string   `yaml:"RSAPrivateKeyPath"`
-	RSAPublicKeyPath   string   `yaml:"RSAPublicKeyPath"`
 	PKIRootCAPath      string   `yaml:"PKIRootCACertificatePath"`
 	PKIPrivateKeyPath  string   `yaml:"PKIPrivateKeyPath"`
 	PKICertificatePath string   `yaml:"PKICertificatePath"`
@@ -96,23 +90,10 @@ func validateConfig(config *Config) error {
 		return err
 	}
 
-	if config.OdimURL == "" {
-		return fmt.Errorf("missing value for OdimURL")
-	} else if _, e := url.Parse(config.OdimURL); e != nil {
-		return e
-	}
-
-	if config.OdimUserName == "" {
-		return fmt.Errorf("missing value for OdimUserName")
-	}
-
-	if config.OdimPassword == "" {
-		return fmt.Errorf("missing value for OdimPassword")
-	}
-
 	if config.TLSConf == nil {
 		return fmt.Errorf("missing TLSConf, setting default value")
 	}
+
 	if config.TLSConf.MinVersion == 0 || config.TLSConf.MinVersion == 0x0301 || config.TLSConf.MinVersion == 0x0302 {
 		return fmt.Errorf("configured TLSConf.MinVersion is wrong")
 	}
diff --git a/src/config/config.yml b/src/config/config.yml
index 36715d5..19b196d 100644
--- a/src/config/config.yml
+++ b/src/config/config.yml
@@ -2,9 +2,6 @@
 Host: odimra.local
 Port: 45003
 
-RSAPrivateKeyPath: "/etc/plugincert/odimra_rsa.private"
-RSAPublicKeyPath: "/etc/plugincert/odimra_rsa.public"
-
 PKIRootCACertificatePath: "/etc/plugincert/rootCA.crt"
 PKIPrivateKeyPath: "/etc/plugincert/odimra_server.key"
 PKICertificatePath: "/etc/plugincert/odimra_server.crt"
@@ -22,13 +19,3 @@ Password: O01bKrP7Tzs7YoO3YvQt4pRa2J_R6HI34ZfP4MxbqNIYAVQVt2ewGXmhjvBfzMifM7bHFc
 
 ### Redfish service root UUID for Device Manager
 RootServiceUUID: 99999999-9999-9999-9999-999999999999
-
-# Configuration for ODIM's NB interface
-OdimURL: https://odimra.local:45000
-OdimUserName: admin
-###
-# OdimPassword variable contains encoded and encrypted password matching to the OdimUserName
-# Raw password would be encoded and encrypted using following command:
-# echo -n "MySecretPassword" |openssl pkeyutl -encrypt -inkey private.key -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512|openssl base64 -A
-##
-OdimPassword: #password#