Implement top level credential handler in Config

openxpki · Jun 29, 2020 · 0f192a3 · 0f192a3
1 parent e46a6ae
commit 0f192a3
Showing 1 changed file with 34 additions and 1 deletion.
diff --git a/core/server/OpenXPKI/Config.pm b/core/server/OpenXPKI/Config.pm
@@ -43,6 +43,12 @@ has backend => (
     },
 );
 
+has credential_backend => (
+    is => 'rw',
+    isa => 'Bool',
+    default => 0
+    );
+
 # Here we do the chain loading of a serialized/signed config
 sub BUILD {
     my $self = shift;
@@ -69,6 +75,30 @@ sub BUILD {
         $self->backend( $conn );
     }
 
+    # If the node credential is defined on the top level we make assume
+    # it contains a connector specification to create a globally available
+    # node to receive passwords from
+    if ($self->backend()->exists('credentials')) {
+        my $conn = $self->backend();
+        my $meta = $conn->get_meta('credentials');
+        if ($meta->{TYPE} ne "hash" || !$conn->exists('credentials.class')) {
+            warn "Found credential node but it does not look like a connector specification"
+        } else {
+            # There is a dragon inside! We read the connector details and
+            # afterwards delete the node and write back the preinitialized
+            # connector. This makes assumptions on the internal cache and might
+            # also not work with other backend classes.
+            $self->credential_backend(1);
+            my $cc = $self->get_connector('credentials');
+            $self->_init_cache();
+            # as it is not allowed to change the type we need to unset it first
+            $conn->set('credentials' => undef);
+            # now we directly attach the connector to it
+            $conn->set('credentials' => $cc);
+            Log::Log4perl->get_logger('system')->info("Added credential connector");
+        }
+    }
+
     # check if the system node is present
     $self->backend()->exists('system') || die "Loaded config does not contain system node.";
 
@@ -98,9 +128,12 @@ before '_route_call' => sub {
 
     ##! 16: "_route_call interception on $location "
     # system or realm acces - no prefix
-    if ( substr ($location, 0, 6) eq 'system' || substr($location, 0, 5) eq 'realm' ) {
+    if ( substr ($location, 0, 6) eq 'system' || substr($location, 0, 5) eq 'realm') {
         ##! 16: "_route_call: system or explicit realm value, reset connector offsets"
         $self->PREFIX('');
+    } elsif (substr($location, 0, 11) eq "credentials" && $self->credential_backend()) {
+        ##! 16: "_route_call: request for credential"
+        $self->PREFIX('');
     } else {
         my $session = CTX('session');
         # there is no realm during init - hide tree by setting non existing prefix