From bbb7945543f8583597a99720fb41e891c3af7411 Mon Sep 17 00:00:00 2001
From: Andy Doan <andy@foundries.io>
Date: Wed, 29 May 2019 21:25:38 -0500
Subject: [PATCH] aktualizr-lite: Support using TLS keys

This is a bit of an edge case, but I've found it useful to run
devices in the lite mode, but to still restrict who can access
the tuf/treehub repos via TLS.

Signed-off-by: Andy Doan <andy@foundries.io>
---
 src/aktualizr_lite/main.cc                   | 3 +++
 src/libaktualizr/primary/initializer.cc      | 6 +++++-
 src/libaktualizr/primary/initializer.h       | 3 ++-
 src/libaktualizr/primary/sotauptaneclient.cc | 7 +++++--
 src/libaktualizr/primary/sotauptaneclient.h  | 2 +-
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/aktualizr_lite/main.cc b/src/aktualizr_lite/main.cc
index 8aeba4b107..f7c3baf233 100644
--- a/src/aktualizr_lite/main.cc
+++ b/src/aktualizr_lite/main.cc
@@ -26,7 +26,9 @@ static int status_main(Config &config, const bpo::variables_map &unused) {
 static int list_main(Config &config, const bpo::variables_map &unused) {
   (void)unused;
   auto storage = INvStorage::newStorage(config.storage);
+  storage->importData(config.import);
   auto client = SotaUptaneClient::newDefaultClient(config, storage);
+  client->initialize(true);
   Uptane::HardwareIdentifier hwid(config.provision.primary_ecu_hardware_id);
 
   LOG_INFO << "Refreshing target metadata";
@@ -94,6 +96,7 @@ static std::unique_ptr<Uptane::Target> find_target(const std::shared_ptr<SotaUpt
 static int update_main(Config &config, const bpo::variables_map &variables_map) {
   auto storage = INvStorage::newStorage(config.storage);
   auto client = SotaUptaneClient::newDefaultClient(config, storage);
+  client->initialize(true);
   Uptane::HardwareIdentifier hwid(config.provision.primary_ecu_hardware_id);
 
   std::string version("latest");
diff --git a/src/libaktualizr/primary/initializer.cc b/src/libaktualizr/primary/initializer.cc
index 0a16ffddfd..8643018929 100644
--- a/src/libaktualizr/primary/initializer.cc
+++ b/src/libaktualizr/primary/initializer.cc
@@ -205,7 +205,7 @@ InitRetCode Initializer::initEcuRegister() {
 Initializer::Initializer(
     const ProvisionConfig& config_in, std::shared_ptr<INvStorage> storage_in,
     std::shared_ptr<HttpInterface> http_client_in, KeyManager& keys_in,
-    const std::map<Uptane::EcuSerial, std::shared_ptr<Uptane::SecondaryInterface> >& secondary_info_in)
+    const std::map<Uptane::EcuSerial, std::shared_ptr<Uptane::SecondaryInterface> >& secondary_info_in, bool lite_mode)
     : config_(config_in),
       storage_(std::move(storage_in)),
       http_client_(std::move(http_client_in)),
@@ -232,6 +232,10 @@ Initializer::Initializer(
       LOG_ERROR << "Shared credential provisioning failed. Aborting initialization.";
       return;
     }
+    if (lite_mode) {
+      success_ = true;
+      return;
+    }
 
     if (!initPrimaryEcuKeys()) {
       LOG_ERROR << "ECU key generation failed. Aborting initialization.";
diff --git a/src/libaktualizr/primary/initializer.h b/src/libaktualizr/primary/initializer.h
index ae5d1f3df9..9797040452 100644
--- a/src/libaktualizr/primary/initializer.h
+++ b/src/libaktualizr/primary/initializer.h
@@ -14,7 +14,8 @@ class Initializer {
  public:
   Initializer(const ProvisionConfig& config_in, std::shared_ptr<INvStorage> storage_in,
               std::shared_ptr<HttpInterface> http_client_in, KeyManager& keys_in,
-              const std::map<Uptane::EcuSerial, std::shared_ptr<Uptane::SecondaryInterface> >& secondary_info_in);
+              const std::map<Uptane::EcuSerial, std::shared_ptr<Uptane::SecondaryInterface> >& secondary_info_in,
+              bool lite_mode = false);
   bool isSuccessful() const { return success_; }
 
  private:
diff --git a/src/libaktualizr/primary/sotauptaneclient.cc b/src/libaktualizr/primary/sotauptaneclient.cc
index 62697eb7df..542e5f8704 100644
--- a/src/libaktualizr/primary/sotauptaneclient.cc
+++ b/src/libaktualizr/primary/sotauptaneclient.cc
@@ -292,14 +292,17 @@ Json::Value SotaUptaneClient::AssembleManifest() {
 
 bool SotaUptaneClient::hasPendingUpdates() { return storage->hasPendingInstall(); }
 
-void SotaUptaneClient::initialize() {
+void SotaUptaneClient::initialize(bool lite_mode) {
   LOG_DEBUG << "Checking if device is provisioned...";
   KeyManager keys(storage, config.keymanagerConfig());
-  Initializer initializer(config.provision, storage, http, keys, secondaries);
+  Initializer initializer(config.provision, storage, http, keys, secondaries, lite_mode);
 
   if (!initializer.isSuccessful()) {
     throw std::runtime_error("Fatal error during provisioning or ECU device registration.");
   }
+  if (lite_mode) {
+    return;
+  }
 
   EcuSerials serials;
   if (!storage->loadEcuSerials(&serials) || serials.size() == 0) {
diff --git a/src/libaktualizr/primary/sotauptaneclient.h b/src/libaktualizr/primary/sotauptaneclient.h
index a7b7d1d559..976d1cd095 100644
--- a/src/libaktualizr/primary/sotauptaneclient.h
+++ b/src/libaktualizr/primary/sotauptaneclient.h
@@ -41,7 +41,7 @@ class SotaUptaneClient {
                    std::shared_ptr<event::Channel> events_channel_in = nullptr);
   ~SotaUptaneClient();
 
-  void initialize();
+  void initialize(bool lite_mode = false);
   void addNewSecondary(const std::shared_ptr<Uptane::SecondaryInterface> &sec);
   result::Download downloadImages(const std::vector<Uptane::Target> &targets,
                                   const api::FlowControlToken *token = nullptr);