refactor: move tls-cert to coreArgs

2025-08-23 15:40:43 -04:00
parent ff4c9dc421
commit a8348b1ccb
10 changed files with 24 additions and 27 deletions
--- a/src/lib/deskflow/App.h
+++ b/src/lib/deskflow/App.h
@ -130,8 +130,7 @@ private:
 #endif
 constexpr static auto s_helpGeneralArgs = //
    "  -1, --no-restart         do not try to restart on failure.\n"
-    "*     --restart            restart the server automatically if it fails.\n"
-    "      --tls-cert           specify the path to the TLS certificate file.\n";
+    "*     --restart            restart the server automatically if it fails.\n";

 constexpr static auto s_helpVersionArgs = //
    "  -h, --help               display this help and exit.\n";
--- a/src/lib/deskflow/ArgParser.cpp
+++ b/src/lib/deskflow/ArgParser.cpp
@ -139,8 +139,6 @@ bool ArgParser::parseGenericArgs(int argc, const char *const *argv, int &i) cons
    // HACK: stop error happening when using portable (deskflowp)
  } else if (isArg(i, argc, argv, nullptr, "--client")) {
    // HACK: stop error happening when using portable (deskflowp)
-  } else if (isArg(i, argc, argv, nullptr, "--tls-cert", 1)) {
-    argsBase().m_tlsCertFile = argv[++i];
  } else if (isArg(i, argc, argv, nullptr, "--prevent-sleep")) {
    argsBase().m_preventSleep = true;
  } else {
--- a/src/lib/deskflow/ArgsBase.h
+++ b/src/lib/deskflow/ArgsBase.h
@ -50,9 +50,6 @@ public:
  /// @brief Will cause the application to exit with fail code when set to true
  bool m_shouldExitFail = false;

-  /// @brief Contains the location of the TLS certificate file
-  std::string m_tlsCertFile;
-
  /// @brief Stop this computer from sleeping
  bool m_preventSleep = false;

--- a/src/lib/deskflow/CoreArgParser.cpp
+++ b/src/lib/deskflow/CoreArgParser.cpp
@ -79,6 +79,10 @@ void CoreArgParser::parse()
        );
    Settings::setValue(Settings::Security::TlsEnabled, value);
  }
+
+  if (m_parser.isSet(CoreArgs::tlsCertOption)) {
+    Settings::setValue(Settings::Security::Certificate, m_parser.value(CoreArgs::tlsCertOption));
+  }
 }

 [[noreturn]] void CoreArgParser::showHelpText() const
--- a/src/lib/deskflow/CoreArgs.h
+++ b/src/lib/deskflow/CoreArgs.h
@ -41,6 +41,9 @@ struct CoreArgs
  inline static const auto secureOption =
      QCommandLineOption("secure", "Enable TLS encryption (default: true)", "value");

+  inline static const auto tlsCertOption =
+      QCommandLineOption("tls-cert", "Use file in place of default TLS certificate path", "file");
+
  inline static const auto options = {helpOption, versionOption,  configOption,  interfaceOption, portOption,
-                                      nameOption, logLevelOption, logFileOption, secureOption};
+                                      nameOption, logLevelOption, logFileOption, secureOption,  tlsCertOption};
 };
--- a/src/lib/gui/core/CoreProcess.cpp
+++ b/src/lib/gui/core/CoreProcess.cpp
@ -485,14 +485,6 @@ bool CoreProcess::addServerArgs(QStringList &args)
  // bizarrely, the tls cert path arg was being given to the core client.
  // since it's not clear why (it is only needed for the server), this has now
  // been moved to server args.
-  if (Settings::value(Settings::Security::TlsEnabled).toBool()) {
-    if (TlsUtility tlsUtility(this); !tlsUtility.persistCertificate()) {
-      qCritical("failed to persist tls certificate");
-      return false;
-    }
-    args << "--tls-cert" << Settings::value(Settings::Security::Certificate).toString();
-  }
-
  return true;
 }

--- a/src/lib/net/SecureListenSocket.cpp
+++ b/src/lib/net/SecureListenSocket.cpp
@ -44,14 +44,8 @@ std::unique_ptr<IDataSocket> SecureListenSocket::accept()
    setListeningJob();

    // default location of the TLS cert file in users dir
-    std::string certificateFilename = Settings::value(Settings::Security::Certificate).toString().toStdString();
-
-    // if the tls cert option is set use that for the certificate file
-    if (!ArgParser::argsBase().m_tlsCertFile.empty()) {
-      certificateFilename = ArgParser::argsBase().m_tlsCertFile;
-    }
-
-    if (!secureSocket->loadCertificates(certificateFilename)) {
+    if (const auto certificateFilename = Settings::value(Settings::Security::Certificate).toString().toStdString();
+        !secureSocket->loadCertificates(certificateFilename)) {
      return nullptr;
    }

--- a/src/unittests/deskflow/ArgParserTests.cpp
+++ b/src/unittests/deskflow/ArgParserTests.cpp
@ -238,13 +238,12 @@ void ArgParserTests::client_commonArgs()
 {
  deskflow::ClientArgs clientArgs;
  clientArgs.m_enableLangSync = false;
-  const int argc = 4;
-  std::array<const char *, argc> kLangCmd = {"stub", "--tls-cert", "tlsCertPath", "--prevent-sleep"};
+  const int argc = 2;
+  std::array<const char *, argc> kLangCmd = {"stub", "--prevent-sleep"};

  m_parser.parseClientArgs(clientArgs, argc, kLangCmd.data());

  QVERIFY(clientArgs.m_preventSleep);
-  QCOMPARE(clientArgs.m_tlsCertFile, "tlsCertPath");
 }

 void ArgParserTests::client_setAddress()
--- a/src/unittests/deskflow/CoreArgParserTests.cpp
+++ b/src/unittests/deskflow/CoreArgParserTests.cpp
@ -150,4 +150,14 @@ void CoreArgParserTests::secure_1()
  QVERIFY(Settings::value(Settings::Security::TlsEnabled).toBool());
 }

+void CoreArgParserTests::tlsCert()
+{
+  QStringList args = {"stub", "client", "--tls-cert", "certFile"};
+
+  CoreArgParser parser(args);
+  parser.parse();
+
+  QCOMPARE(Settings::value(Settings::Security::Certificate).toString(), "certFile");
+}
+
 QTEST_MAIN(CoreArgParserTests)
--- a/src/unittests/deskflow/CoreArgParserTests.h
+++ b/src/unittests/deskflow/CoreArgParserTests.h
@ -27,6 +27,7 @@ private Q_SLOTS:
  void secure_true();
  void secure_0();
  void secure_1();
+  void tlsCert();

 private:
  inline static const QString m_settingsPath = QStringLiteral("tmp/test");