From nobody Fri Nov 21 10:08:32 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1762441296; cv=none;
	d=zohomail.com; s=zohoarc;
	b=NR23sijTsdbZJLublWkIdtys1RY8pOg2RjrtNMnhrx/oR//io6MZFkIW+FHcz/+uOI3LifqoKte1IFlciSW/D+FnZUx/OnkBtJ3A90R1Q/8sUnNTkfpVm7WWBVCICuWv4a0wwbq8tGg5njhOO3LlAawOA/Wb+WRz9xswwmQFt+M=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1762441296;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=hhj6uIN7K7Ssy1Cenk9iT/Z3Vt28606B/ZOvx+utOW0=;
	b=KMWGvliK3q1vNpxxBN7kUU12uewVYMYnLaVh/Vnfh6mLnnfoSpZKxAmuFwHeN6Lpyv8RDTST6xYL9OlgEU6ija684rIBOwKJKb86M771ihOE0rxuaBtUY8W4/O8wS+t2QUIvUk9ESsu9uUVyVYG06bzdcH8HHUeJp6VGfd0aIfc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1762441288790888.326224610438;
 Thu, 6 Nov 2025 07:01:28 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 7FB0D417D3; Thu,  6 Nov 2025 10:01:22 -0500 (EST)
Received: from [172.19.199.29] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id E85CC44205;
	Thu,  6 Nov 2025 09:53:41 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id AEC7043DF6; Thu,  6 Nov 2025 09:51:06 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest
 SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id EE53A41988
	for <devel@lists.libvirt.org>; Thu,  6 Nov 2025 09:51:05 -0500 (EST)
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-643-R5uYuYl-OHi9EC72NvvSPA-1; Thu,
 06 Nov 2025 09:51:04 -0500
Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 8155218002CC
	for <devel@lists.libvirt.org>; Thu,  6 Nov 2025 14:51:03 +0000 (UTC)
Received: from toolbx.redhat.com (unknown [10.42.28.39])
	by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id B33901800240;
	Thu,  6 Nov 2025 14:51:02 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1762440665;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=hhj6uIN7K7Ssy1Cenk9iT/Z3Vt28606B/ZOvx+utOW0=;
	b=h2pIXTBUCvpT0VbIiXcdO6pjYRcmJOyL8+Lat7rqHaAA2xExnfAyK4NfwkcwTjr9PXJDlF
	kYEb57nuISMAMntdpfmfjUPitYjxieglcVRDjt3CavN4ubohhmsfWGZVPBDrx1/VoHtA0H
	MlZA1t73L+wAAJu1wPQQumOroKWitWU=
X-MC-Unique: R5uYuYl-OHi9EC72NvvSPA-1
X-Mimecast-MFC-AGG-ID: R5uYuYl-OHi9EC72NvvSPA_1762440663
To: devel@lists.libvirt.org
Subject: [PATCH 08/10] rpc: reduce duplication when locating credentials
Date: Thu,  6 Nov 2025 14:50:48 +0000
Message-ID: <20251106145050.1851526-9-berrange@redhat.com>
In-Reply-To: <20251106145050.1851526-1-berrange@redhat.com>
References: <20251106145050.1851526-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: QK5xXHCyfOZFAsezSDylTpMy-qVuAJUhdx_Iko4V26o_1762440663
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 2UZLNMD23RTR643NGU47OY3BRWJFP6YV
X-Message-ID-Hash: 2UZLNMD23RTR643NGU47OY3BRWJFP6YV
X-MailFrom: berrange@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/2UZLNMD23RTR643NGU47OY3BRWJFP6YV/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?=
 <devel@lists.libvirt.org>
Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1762441300189154100

From: Daniel P. Berrang=C3=A9 <berrange@redhat.com>

The three different APIs for locating credentials differ only in
what directories they search and their policy for missing files.
Their code can be collapsed onto a single helper method. This
will greatly facilitate the subsequent patch that expands the
logic to locate many certificate files.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/rpc/virnettlsconfig.c | 103 ++++++++++++++++++++------------------
 1 file changed, 53 insertions(+), 50 deletions(-)

diff --git a/src/rpc/virnettlsconfig.c b/src/rpc/virnettlsconfig.c
index 1479eb01ae..59cb8c2566 100644
--- a/src/rpc/virnettlsconfig.c
+++ b/src/rpc/virnettlsconfig.c
@@ -248,35 +248,58 @@ static int virNetTLSConfigEnsureIdentity(char **cert,=
 char **key,
 }
=20
=20
-int virNetTLSConfigCustomCreds(const char *pkipath,
-                               bool isServer,
-                               char **cacert,
-                               char **cacrl,
-                               char **cert,
-                               char **key)
+static int virNetTLSConfigCreds(const char *cacertdir,
+                                const char *cacrldir,
+                                const char *certdir,
+                                const char *keydir,
+                                bool isServer,
+                                bool allowMissingCA,
+                                bool allowMissingIdentity,
+                                char **cacert,
+                                char **cacrl,
+                                char **cert,
+                                char **key)
 {
-    VIR_DEBUG("Locating creds in custom dir %s", pkipath);
-    virNetTLSConfigTrust(pkipath,
-                         pkipath,
+    virNetTLSConfigTrust(cacertdir,
+                         cacrldir,
                          cacert,
                          cacrl);
=20
-    if (virNetTLSConfigEnsureTrust(cacert, cacrl, false) < 0)
+    if (virNetTLSConfigEnsureTrust(cacert, cacrl, allowMissingCA) < 0)
         return -1;
=20
     virNetTLSConfigIdentity(isServer,
-                            pkipath,
-                            pkipath,
+                            certdir,
+                            keydir,
                             cert,
                             key);
=20
-
-    if (virNetTLSConfigEnsureIdentity(cert, key, !isServer) < 0)
+    if (virNetTLSConfigEnsureIdentity(cert, key, allowMissingIdentity) < 0)
         return -1;
=20
     return 0;
 }
=20
+
+int virNetTLSConfigCustomCreds(const char *pkipath,
+                               bool isServer,
+                               char **cacert,
+                               char **cacrl,
+                               char **cert,
+                               char **key)
+{
+    VIR_DEBUG("Locating creds in custom dir %s", pkipath);
+
+    return virNetTLSConfigCreds(pkipath, pkipath,
+                                pkipath, pkipath,
+                                isServer,
+                                false,
+                                !isServer,
+                                cacert, cacrl,
+                                cert, key);
+}
+
+
 int virNetTLSConfigUserCreds(bool isServer,
                              char **cacert,
                              char **cacrl,
@@ -287,24 +310,13 @@ int virNetTLSConfigUserCreds(bool isServer,
=20
     VIR_DEBUG("Locating creds in user dir %s", pkipath);
=20
-    virNetTLSConfigTrust(pkipath,
-                         pkipath,
-                         cacert,
-                         cacrl);
-
-    if (virNetTLSConfigEnsureTrust(cacert, cacrl, true) < 0)
-        return -1;
-
-    virNetTLSConfigIdentity(isServer,
-                            pkipath,
-                            pkipath,
-                            cert,
-                            key);
-
-    if (virNetTLSConfigEnsureIdentity(cert, key, true) < 0)
-        return -1;
-
-    return 0;
+    return virNetTLSConfigCreds(pkipath, pkipath,
+                                pkipath, pkipath,
+                                isServer,
+                                true,
+                                true,
+                                cacert, cacrl,
+                                cert, key);
 }
=20
 int virNetTLSConfigSystemCreds(bool isServer,
@@ -315,22 +327,13 @@ int virNetTLSConfigSystemCreds(bool isServer,
 {
     VIR_DEBUG("Locating creds in system dir %s", LIBVIRT_PKI_DIR);
=20
-    virNetTLSConfigTrust(LIBVIRT_CACERT_DIR,
-                         LIBVIRT_CACRL_DIR,
-                         cacert,
-                         cacrl);
-
-    if (virNetTLSConfigEnsureTrust(cacert, cacrl, false) < 0)
-        return -1;
-
-    virNetTLSConfigIdentity(isServer,
-                            LIBVIRT_CERT_DIR,
-                            LIBVIRT_KEY_DIR,
-                            cert,
-                            key);
-
-    if (virNetTLSConfigEnsureIdentity(cert, key, !isServer) < 0)
-        return -1;
-
-    return 0;
+    return virNetTLSConfigCreds(LIBVIRT_CACERT_DIR,
+                                LIBVIRT_CACRL_DIR,
+                                LIBVIRT_CERT_DIR,
+                                LIBVIRT_KEY_DIR,
+                                isServer,
+                                false,
+                                !isServer,
+                                cacert, cacrl,
+                                cert, key);
 }
--=20
2.51.1