wsd: Unconditionally compile support-key-enabled code paths

Signed-off-by: Aron Budea <aron.budea@collabora.com>
Change-Id: Iec477c223f2dc75e0be8b472c8439ca9311d6aae

Makefile.am

@@ -294,6 +294,7 @@ coolstress_SOURCES = tools/Stress.cpp \
 coolconfig_SOURCES = tools/Config.cpp \
 		     tools/ConfigMigrationAssistant.cpp \
 		     common/DummyTraceEventEmitter.cpp \
+		     common/ConfigUtil.cpp \
 		     common/Crypto.cpp \
 		     common/Log.cpp \
 		     common/StringVector.cpp \

android/lib/src/main/cpp/CMakeLists.txt.in

@@ -7,8 +7,9 @@ add_library(androidapp SHARED
             androidapp.cpp
             ../../../../../common/Authorization.cpp
             ../../../../../common/ConfigUtil.cpp
-            ../../../../../common/FileUtil.cpp
             ../../../../../common/CommandControl.cpp
+            ../../../../../common/Crypto-stub.cpp
+            ../../../../../common/FileUtil.cpp
             ../../../../../common/Log.cpp
             ../../../../../common/MessageQueue.cpp
             ../../../../../common/TraceEvent.cpp

common/ConfigUtil.cpp

@@ -70,4 +70,14 @@ bool isSslEnabled()
     return false;
 #endif
 }
+
+bool isSupportKeyEnabled()
+{
+#if ENABLE_SUPPORT_KEY
+    return true;
+#else
+    return false;
+#endif
+}
+
 } // namespace config

common/ConfigUtil.hpp

@@ -49,4 +49,7 @@ bool getBool(const std::string& key, const bool def);
 /// Return true if SSL is enabled in the config and no fuzzing is enabled.
 bool isSslEnabled();
 
+/// Return true if build is support key enabled (ENABLE_SUPPORT_KEY is defined)
+bool isSupportKeyEnabled();
+
 } // namespace config

common/Crypto-stub.cpp

@@ -0,0 +1,28 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
+/*
+ * Copyright the Collabora Online contributors.
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include "Crypto.hpp"
+
+#include <Poco/DateTime.h>
+
+struct SupportKeyImpl {};
+
+SupportKey::SupportKey([[maybe_unused]] const std::string& key) {}
+
+SupportKey::~SupportKey() {}
+
+bool SupportKey::verify() { return true; }
+
+int SupportKey::validDaysRemaining() { return 0; }
+
+Poco::DateTime SupportKey::expiry() const { return Poco::DateTime(); }
+
+std::string SupportKey::data() const { return std::string(); }

common/Crypto.cpp

@@ -11,8 +11,6 @@
 
 #include <config.h>
 
-#if ENABLE_SUPPORT_KEY
-
 #include <Poco/DigestStream.h>
 #include <Poco/Base64Decoder.h>
 #include <Poco/DateTimeParser.h>
@@ -24,11 +22,22 @@
 
 #include "Log.hpp"
 #include "Crypto.hpp"
+#if ENABLE_SUPPORT_KEY
 #include "support-public-key.hpp"
+#endif
 
 using namespace Poco;
 using namespace Poco::Crypto;
 
+std::string getSupportPublicKey()
+{
+#if ENABLE_SUPPORT_KEY
+    return SUPPORT_PUBLIC_KEY;
+#else
+    return std::string();
+#endif
+}
+
 struct SupportKeyImpl
 {
     bool _invalid;
@@ -86,7 +95,7 @@ bool SupportKey::verify()
         return false;
     }
 
-    std::istringstream pubStream(SUPPORT_PUBLIC_KEY);
+    std::istringstream pubStream(getSupportPublicKey());
 
     try {
         RSAKey keyPub(&pubStream);
@@ -140,6 +149,4 @@ std::string SupportKey::data() const
     return _impl->_data;
 }
 
-#endif // ENABLE_SUPPORT_KEY
-
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

common/Crypto.hpp

@@ -11,8 +11,6 @@
 
 #pragma once
 
-#if ENABLE_SUPPORT_KEY
-
 #include <memory>
 
 struct SupportKeyImpl;
@@ -38,6 +36,4 @@ public:
     std::string data() const;
 };
 
-#endif
-
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

ios/Mobile.xcodeproj/project.pbxproj

@@ -23,6 +23,7 @@
 		BE18C7DE226DE09A001AD27E /* Branding in Resources */ = {isa = PBXBuildFile; fileRef = BE18C7DD226DE09A001AD27E /* Branding */; };
 		BE512CBA2518DE6E00921C15 /* libsqlite3.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = BE512CB92518DE6400921C15 /* libsqlite3.tbd */; };
 		BE55E0EB2653FCCB007DDF29 /* ConfigUtil.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */; };
+		BE55E0EB3653FCCB007DDF29 /* Crypto-stub.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */; };
 		BE5EB5C1213FE29900E0826C /* Log.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5B9213FE29900E0826C /* Log.cpp */; };
 		BE5EB5C2213FE29900E0826C /* SpookyV2.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5BA213FE29900E0826C /* SpookyV2.cpp */; };
 		BE5EB5C3213FE29900E0826C /* Session.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE5EB5BB213FE29900E0826C /* Session.cpp */; };
@@ -552,6 +553,7 @@
 		BE512CB92518DE6400921C15 /* libsqlite3.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsqlite3.tbd; path = usr/lib/libsqlite3.tbd; sourceTree = SDKROOT; };
 		BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ConfigUtil.cpp; sourceTree = "<group>"; };
 		BE55E0EA2653FCCB007DDF29 /* ConfigUtil.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ConfigUtil.hpp; sourceTree = "<group>"; };
+		BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Crypto-stub.cpp; sourceTree = "<group>"; };
 		BE58E129217F295B00249358 /* Log.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = Log.hpp; sourceTree = "<group>"; };
 		BE58E12A217F295B00249358 /* Png.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = Png.hpp; sourceTree = "<group>"; };
 		BE58E12B217F295B00249358 /* SigUtil.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SigUtil.hpp; sourceTree = "<group>"; };
@@ -2183,6 +2185,7 @@
 				BEABFC6724AC94C3004DE339 /* Authorization.hpp */,
 				BE55E0E92653FCCB007DDF29 /* ConfigUtil.cpp */,
 				BE55E0EA2653FCCB007DDF29 /* ConfigUtil.hpp */,
+				BE55E0EC2653FCCB007DDF29 /* Crypto-stub.cpp */,
 				BE5EB5C0213FE29900E0826C /* FileUtil.cpp */,
 				BE5EB5B9213FE29900E0826C /* Log.cpp */,
 				BE58E129217F295B00249358 /* Log.hpp */,
@@ -3678,6 +3681,7 @@
 				BE5EB5C5213FE29900E0826C /* MessageQueue.cpp in Sources */,
 				BE7228E22417BC9F000ADABD /* StringVector.cpp in Sources */,
 				BE55E0EB2653FCCB007DDF29 /* ConfigUtil.cpp in Sources */,
+				BE55E0EB3653FCCB007DDF29 /* Crypto-stub.cpp in Sources */,
 				BE5EB5E721401E0F00E0826C /* RequestVettingStation.cpp in Sources */,
 				BE5EB5F821401E0F00E0826C /* Storage.cpp in Sources */,
 				BE5EB5D621401E0F00E0826C /* Storage.cpp in Sources */,

tools/Config.cpp

@@ -33,6 +33,7 @@
 #include <Poco/Util/OptionSet.h>
 #include <Poco/Util/XMLConfiguration.h>
 
+#include <common/ConfigUtil.hpp>
 #include <Util.hpp>
 #include <Crypto.hpp>
 
@@ -131,11 +132,12 @@ void Config::displayHelp()
               << "Commands: " << std::endl
               << "    migrateconfig [--old-config-file=<path>] [--config-file=<path>] [--write]" << std::endl
               << "    anonymize [string-1]...[string-n]" << std::endl
-              << "    set-admin-password" << std::endl
+              << "    set-admin-password" << std::endl;
-#if ENABLE_SUPPORT_KEY
+    if (config::isSupportKeyEnabled())
-              << "    set-support-key" << std::endl
+    {
-#endif
+        std::cout << "    set-support-key" << std::endl;
-              << "    set <key> <value>" << std::endl
+    }
+    std::cout << "    set <key> <value>" << std::endl
               << "    generate-proof-key" << std::endl
               << "    update-system-template" << std::endl << std::endl;
 }
@@ -169,12 +171,13 @@ void Config::defineOptions(OptionSet& optionSet)
                         .repeatable(false)
                         .argument("number"));
 
-#if ENABLE_SUPPORT_KEY
+    if (config::isSupportKeyEnabled())
-    optionSet.addOption(Option("support-key", "", "Specify the support key [set-support-key].")
+    {
-                        .required(false)
+        optionSet.addOption(Option("support-key", "", "Specify the support key [set-support-key].")
-                        .repeatable(false)
+                            .required(false)
-                        .argument("key"));
+                            .repeatable(false)
-#endif
+                            .argument("key"));
+    }
 
     optionSet.addOption(Option("anonymization-salt", "", "Anonymize strings with the given 64-bit salt instead of the one in the config file.")
                         .required(false)
@@ -337,8 +340,7 @@ int Config::main(const std::vector<std::string>& args)
         return EX_UNAVAILABLE;
 #endif
     }
-#if ENABLE_SUPPORT_KEY
+    else if (config::isSupportKeyEnabled() && args[0] == "set-support-key")
-    else if (args[0] == "set-support-key")
     {
         std::string supportKeyString;
         if (SupportKeyStringProvided)
@@ -373,7 +375,6 @@ int Config::main(const std::vector<std::string>& args)
             changed = true;
         }
     }
-#endif
     else if (args[0] == "set")
     {
         if (args.size() == 3)

wasm/Makefile.am

@@ -23,6 +23,7 @@ online_SOURCES = \
 	wasmapp.cpp \
 	../common/Authorization.cpp \
 	../common/ConfigUtil.cpp \
+	../common/Crypto-stub.cpp \
 	../common/FileUtil.cpp \
 	../common/CommandControl.cpp \
 	../common/Log.cpp \

wsd/COOLWSD.cpp

@@ -400,8 +400,10 @@ void COOLWSD::writeTraceEventRecording(const std::string &recording)
 
 void COOLWSD::checkSessionLimitsAndWarnClients()
 {
-#if !ENABLE_SUPPORT_KEY
 #if !MOBILEAPP
+    if (config::isSupportKeyEnabled())
+        return;
+
     ssize_t docBrokerCount = DocBrokers.size() - ConvertToBroker::getInstanceCount();
     if (COOLWSD::MaxDocuments < 10000 &&
         (docBrokerCount > static_cast<ssize_t>(COOLWSD::MaxDocuments) || COOLWSD::NumConnections >= COOLWSD::MaxConnections))
@@ -419,7 +421,6 @@ void COOLWSD::checkSessionLimitsAndWarnClients()
         }
     }
 #endif
-#endif
 }
 
 void COOLWSD::checkDiskSpaceAndWarnClients(const bool cacheLastCheck)
@@ -2688,44 +2689,45 @@ void COOLWSD::innerInitialize(Application& self)
     setenv("LOK_HELP_URL", "", 1);
 #endif
 
-#if ENABLE_SUPPORT_KEY
+    if (config::isSupportKeyEnabled())
-    const std::string supportKeyString = getConfigValue<std::string>(conf, "support_key", "");
-
-    if (supportKeyString.empty())
     {
-        LOG_WRN("Support key not set, please use 'coolconfig set-support-key'.");
+        const std::string supportKeyString = getConfigValue<std::string>(conf, "support_key", "");
-        std::cerr << "Support key not set, please use 'coolconfig set-support-key'." << std::endl;
-        COOLWSD::OverrideWatermark = "Unsupported, the support key is missing.";
-    }
-    else
-    {
-        SupportKey key(supportKeyString);
 
-        if (!key.verify())
+        if (supportKeyString.empty())
         {
-            LOG_WRN("Invalid support key, please use 'coolconfig set-support-key'.");
+            LOG_WRN("Support key not set, please use 'coolconfig set-support-key'.");
-            std::cerr << "Invalid support key, please use 'coolconfig set-support-key'." << std::endl;
+            std::cerr << "Support key not set, please use 'coolconfig set-support-key'." << std::endl;
-            COOLWSD::OverrideWatermark = "Unsupported, the support key is invalid.";
+            COOLWSD::OverrideWatermark = "Unsupported, the support key is missing.";
         }
         else
         {
-            int validDays =  key.validDaysRemaining();
+            SupportKey key(supportKeyString);
-            if (validDays <= 0)
+
+            if (!key.verify())
             {
-                LOG_WRN("Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'.");
+                LOG_WRN("Invalid support key, please use 'coolconfig set-support-key'.");
-                std::cerr << "Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'." << std::endl;
+                std::cerr << "Invalid support key, please use 'coolconfig set-support-key'." << std::endl;
-                COOLWSD::OverrideWatermark = "Unsupported, the support key has expired.";
+                COOLWSD::OverrideWatermark = "Unsupported, the support key is invalid.";
             }
             else
             {
-                LOG_INF("Your support key is valid for " << validDays << " days");
+                int validDays =  key.validDaysRemaining();
-                COOLWSD::MaxConnections = 1000;
+                if (validDays <= 0)
-                COOLWSD::MaxDocuments = 200;
+                {
-                COOLWSD::OverrideWatermark.clear();
+                    LOG_WRN("Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'.");
+                    std::cerr << "Your support key has expired, please ask for a new one, and use 'coolconfig set-support-key'." << std::endl;
+                    COOLWSD::OverrideWatermark = "Unsupported, the support key has expired.";
+                }
+                else
+                {
+                    LOG_INF("Your support key is valid for " << validDays << " days");
+                    COOLWSD::MaxConnections = 1000;
+                    COOLWSD::MaxDocuments = 200;
+                    COOLWSD::OverrideWatermark.clear();
+                }
             }
         }
     }
-#endif
 
     if (COOLWSD::MaxConnections < 3)
     {

wsd/ClientRequestDispatcher.cpp

@@ -69,7 +69,7 @@ extern void cleanupDocBrokers();
 namespace
 {
 
-#if ENABLE_SUPPORT_KEY
+/// Used in support key enabled builds
 inline void shutdownLimitReached(const std::shared_ptr<ProtocolHandlerInterface>& proto)
 {
     if (!proto)
@@ -92,7 +92,6 @@ inline void shutdownLimitReached(const std::shared_ptr<ProtocolHandlerInterface>
         LOG_ERR("Error while shutting down socket on reaching limit: " << ex.what());
     }
 }
-#endif
 
 } // end anonymous namespace
 
@@ -166,11 +165,12 @@ findOrCreateDocBroker(DocumentBroker::ChildType type, const std::string& uri,
             LOG_WRN("Maximum number of open documents of "
                     << COOLWSD::MaxDocuments << " reached while loading new session [" << id
                     << "] for docKey [" << docKey << ']');
-#if ENABLE_SUPPORT_KEY
+            if (config::isSupportKeyEnabled())
-            const std::string error = Poco::format(PAYLOAD_UNAVAILABLE_LIMIT_REACHED,
+            {
-                                                   COOLWSD::MaxDocuments, COOLWSD::MaxConnections);
+                const std::string error = Poco::format(PAYLOAD_UNAVAILABLE_LIMIT_REACHED,
-            return std::make_pair(nullptr, error);
+                                                       COOLWSD::MaxDocuments, COOLWSD::MaxConnections);
-#endif
+                return std::make_pair(nullptr, error);
+            }
         }
 
         // Set the one we just created.
@@ -1673,10 +1673,11 @@ void ClientRequestDispatcher::handleClientWsUpgrade(const Poco::Net::HTTPRequest
         {
             LOG_INF("Limit on maximum number of connections of " << COOLWSD::MaxConnections
                                                                  << " reached.");
-#if ENABLE_SUPPORT_KEY
+            if (config::isSupportKeyEnabled())
-            shutdownLimitReached(ws);
+            {
-            return;
+                shutdownLimitReached(ws);
-#endif
+                return;
+            }
         }
 
         const std::string requestKey = requestDetails.getRequestKey();

wsd/DocumentBroker.cpp

@@ -935,11 +935,6 @@ bool DocumentBroker::download(
         }
     }
 
-#if ENABLE_SUPPORT_KEY
-    if (!COOLWSD::OverrideWatermark.empty())
-        watermarkText = COOLWSD::OverrideWatermark;
-#endif
-
     if (session)
     {
         LOG_DBG("Setting username ["
@@ -1126,7 +1121,10 @@ DocumentBroker::updateSessionWithWopiInfo(const std::shared_ptr<ClientSession>&
     const std::string username = wopiFileInfo->getUsername();
     const std::string userExtraInfo = wopiFileInfo->getUserExtraInfo();
     const std::string userPrivateInfo = wopiFileInfo->getUserPrivateInfo();
-    const std::string watermarkText = wopiFileInfo->getWatermarkText();
+    const std::string watermarkText =
+        (config::isSupportKeyEnabled() && !COOLWSD::OverrideWatermark.empty())
+        ? COOLWSD::OverrideWatermark
+        : wopiFileInfo->getWatermarkText();
     const std::string templateSource = wopiFileInfo->getTemplateSource();
 
     _isViewFileExtension = COOLWSD::IsViewFileExtension(wopiStorage->getFileExtension());

wsd/FileServer.cpp

@@ -1000,10 +1000,8 @@ std::string FileServerRequestHandler::getRequestPathname(const HTTPRequest& requ
     return path;
 }
 
-constexpr char BRANDING[] = "branding";
+constexpr std::string_view BRANDING = "branding";
-#if ENABLE_SUPPORT_KEY
+constexpr std::string_view SUPPORT_KEY_BRANDING_UNSUPPORTED = "branding-unsupported";
-constexpr char BRANDING_UNSUPPORTED[] = "branding-unsupported";
-#endif
 
 static const std::string ACCESS_TOKEN = "%ACCESS_TOKEN%";
 static const std::string ACCESS_TOKEN_TTL = "%ACCESS_TOKEN_TTL%";
@@ -1212,15 +1210,16 @@ FileServerRequestHandler::ResourceAccessDetails FileServerRequestHandler::prepro
     std::string brandCSS(Poco::format(linkCSS, responseRoot, std::string(BRANDING)));
     std::string brandJS(Poco::format(scriptJS, responseRoot, std::string(BRANDING)));
 
-#if ENABLE_SUPPORT_KEY
+    if (config::isSupportKeyEnabled())
-    const std::string keyString = config.getString("support_key", "");
-    SupportKey key(keyString);
-    if (!key.verify() || key.validDaysRemaining() <= 0)
     {
-        brandCSS = Poco::format(linkCSS, responseRoot, std::string(BRANDING_UNSUPPORTED));
+        const std::string keyString = config.getString("support_key", "");
-        brandJS = Poco::format(scriptJS, responseRoot, std::string(BRANDING_UNSUPPORTED));
+        SupportKey key(keyString);
+        if (!key.verify() || key.validDaysRemaining() <= 0)
+        {
+            brandCSS = Poco::format(linkCSS, responseRoot, SUPPORT_KEY_BRANDING_UNSUPPORTED);
+            brandJS = Poco::format(scriptJS, responseRoot, SUPPORT_KEY_BRANDING_UNSUPPORTED);
+        }
     }
-#endif
 
     Poco::replaceInPlace(preprocess, std::string("<!--%BRANDING_CSS%-->"), brandCSS);
     Poco::replaceInPlace(preprocess, std::string("<!--%BRANDING_JS%-->"), brandJS);
@@ -1592,17 +1591,18 @@ void FileServerRequestHandler::preprocessAdminFile(const HTTPRequest& request,
     std::string brandJS(Poco::format(scriptJS, responseRoot, std::string(BRANDING)));
     std::string brandFooter;
 
-#if ENABLE_SUPPORT_KEY
+    if (config::isSupportKeyEnabled())
-    const auto& config = Application::instance().config();
-    const std::string keyString = config.getString("support_key", "");
-    SupportKey key(keyString);
-
-    if (!key.verify() || key.validDaysRemaining() <= 0)
     {
-        brandJS = Poco::format(scriptJS, std::string(BRANDING_UNSUPPORTED));
+        const auto& config = Application::instance().config();
-        brandFooter = Poco::format(footerPage, key.data(), Poco::DateTimeFormatter::format(key.expiry(), Poco::DateTimeFormat::RFC822_FORMAT));
+        const std::string keyString = config.getString("support_key", "");
+        SupportKey key(keyString);
+
+        if (!key.verify() || key.validDaysRemaining() <= 0)
+        {
+            brandJS = Poco::format(scriptJS, SUPPORT_KEY_BRANDING_UNSUPPORTED);
+            brandFooter = Poco::format(footerPage, key.data(), Poco::DateTimeFormatter::format(key.expiry(), Poco::DateTimeFormat::RFC822_FORMAT));
+        }
     }
-#endif
 
     Poco::replaceInPlace(templateFile, std::string("<!--%BRANDING_JS%-->"), brandJS);
     Poco::replaceInPlace(templateFile, std::string("<!--%FOOTER%-->"), brandFooter);