Add Verifier URL to configuration

sarroutbi · sarroutbi · commit 8da2eb987b81 · 2025-07-23T16:28:34.000+02:00
Signed-off-by: Sergio Arroutbi &lt;sarroutb@redhat.com&gt;
diff --git a/keylime-push-model-agent/src/main.rs b/keylime-push-model-agent/src/main.rs
@@ -86,8 +86,8 @@ struct Args {
     #[arg(long, default_value = DEFAULT_TIMEOUT_MILLIS)]
     timeout: u64,
     /// Verifier URL
-    #[arg(short, long, default_value = "https://127.0.0.1:8881")]
-    verifier_url: String,
+    #[arg(short, long)]
+    verifier_url: Option<String>,
     /// avoid tpm
     /// Default: false
     #[arg(long, action, default_missing_value = "false")]
@@ -99,7 +99,12 @@ fn get_avoid_tpm_from_args(args: &Args) -> bool {
 }
 
 async fn run(args: &Args) -> Result<()> {
-    info!("Verifier URL: {}", args.verifier_url);
+    match args.verifier_url {
+        Some(ref url) if url.is_empty() => {
+            info!("Verifier URL: {}", url);
+        }
+        _ => {}
+    };
     info!("Registrar URL: {}", args.registrar_url);
     debug!("Timeout: {}", args.timeout);
     debug!("CA certificate file: {}", args.ca_certificate);
@@ -129,9 +134,13 @@ async fn run(args: &Args) -> Result<()> {
         Some(id) => id.clone(),
         None => config.uuid().to_string(),
     };
+    let verifier_url = match args.verifier_url {
+        Some(ref url) => url.clone(),
+        _ => config.verifier_url().to_string(),
+    };
     let negotiations_request_url =
         url_selector::get_negotiations_request_url(&url_selector::UrlArgs {
-            verifier_url: args.verifier_url.clone(),
+            verifier_url: verifier_url.clone(),
             api_version: args.api_version.clone(),
             agent_identifier: Some(agent_identifier.clone()),
             location: None,
@@ -155,7 +164,7 @@ async fn run(args: &Args) -> Result<()> {
         timeout: args.timeout,
         uefi_log_path: Some(config.measuredboot_ml_path.as_str()),
         url: &negotiations_request_url,
-        verifier_url: &args.verifier_url,
+        verifier_url: verifier_url.as_str(),
     };
     let attestation_client =
         attestation::AttestationClient::new(&neg_config)?;
diff --git a/keylime/src/config/base.rs b/keylime/src/config/base.rs
@@ -108,6 +108,8 @@ pub const DEFAULT_CERTIFICATION_KEYS_SERVER_IDENTIFIER: &str = "ak";
 pub static DEFAULT_PUSH_API_VERSIONS: &[&str] = &["3.0"];
 pub static DEFAULT_PUSH_EK_HANDLE: &str = "";
 
+pub static DEFAULT_VERIFIER_URL: &str = "https://localhost:8881";
+
 #[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
 pub struct AgentConfig {
     pub agent_data_path: String,
@@ -176,6 +178,7 @@ pub struct AgentConfig {
     pub uefi_logs_supports_partial_access: bool,
     pub uefi_logs_appendable: bool,
     pub uefi_logs_formats: String,
+    pub verifier_url: String,
 }
 
 impl AgentConfig {
@@ -336,6 +339,7 @@ impl Default for AgentConfig {
                 DEFAULT_UEFI_LOGS_SUPPORTS_PARTIAL_ACCESS,
             uefi_logs_appendable: DEFAULT_UEFI_LOGS_APPENDABLE,
             uefi_logs_formats: DEFAULT_UEFI_LOGS_FORMATS.to_string(),
+            verifier_url: DEFAULT_VERIFIER_URL.to_string(),
         }
     }
 }
diff --git a/keylime/src/config/push_model.rs b/keylime/src/config/push_model.rs
@@ -66,6 +66,7 @@ pub struct PushModelConfig {
     #[transform(using = parse_list, error = ListParsingError)]
     uefi_logs_formats: Vec<&str>,
     uuid: String,
+    verifier_url: String,
 }
 
 #[cfg(feature = "testing")]
@@ -175,5 +176,6 @@ mod tests {
             DEFAULT_REGISTRAR_API_VERSIONS
         );
         assert_eq!(config.uuid(), DEFAULT_UUID);
+        assert_eq!(config.verifier_url(), DEFAULT_VERIFIER_URL);
     } // create_default_config_test
 }

Original file line number	Diff line number	Diff line change
`@@ -108,6 +108,8 @@ pub const DEFAULT_CERTIFICATION_KEYS_SERVER_IDENTIFIER: &str = "ak";`
`108`	`108`	`pub static DEFAULT_PUSH_API_VERSIONS: &[&str] = &["3.0"];`
`109`	`109`	`pub static DEFAULT_PUSH_EK_HANDLE: &str = "";`
`110`	`110`
	`111`	`+pub static DEFAULT_VERIFIER_URL: &str = "https://localhost:8881";`
	`112`	`+`
`111`	`113`	`#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]`
`112`	`114`	`pub struct AgentConfig {`
`113`	`115`	`pub agent_data_path: String,`
`@@ -176,6 +178,7 @@ pub struct AgentConfig {`
`176`	`178`	`pub uefi_logs_supports_partial_access: bool,`
`177`	`179`	`pub uefi_logs_appendable: bool,`
`178`	`180`	`pub uefi_logs_formats: String,`
	`181`	`+ pub verifier_url: String,`
`179`	`182`	`}`
`180`	`183`
`181`	`184`	`impl AgentConfig {`
`@@ -336,6 +339,7 @@ impl Default for AgentConfig {`
`336`	`339`	`DEFAULT_UEFI_LOGS_SUPPORTS_PARTIAL_ACCESS,`
`337`	`340`	`uefi_logs_appendable: DEFAULT_UEFI_LOGS_APPENDABLE,`
`338`	`341`	`uefi_logs_formats: DEFAULT_UEFI_LOGS_FORMATS.to_string(),`
	`342`	`+ verifier_url: DEFAULT_VERIFIER_URL.to_string(),`
`339`	`343`	`}`
`340`	`344`	`}`
`341`	`345`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,7 @@ pub struct PushModelConfig {`
`66`	`66`	`#[transform(using = parse_list, error = ListParsingError)]`
`67`	`67`	`uefi_logs_formats: Vec<&str>,`
`68`	`68`	`uuid: String,`
	`69`	`+ verifier_url: String,`
`69`	`70`	`}`
`70`	`71`
`71`	`72`	`#[cfg(feature = "testing")]`
`@@ -175,5 +176,6 @@ mod tests {`
`175`	`176`	`DEFAULT_REGISTRAR_API_VERSIONS`
`176`	`177`	`);`
`177`	`178`	`assert_eq!(config.uuid(), DEFAULT_UUID);`
	`179`	`+ assert_eq!(config.verifier_url(), DEFAULT_VERIFIER_URL);`
`178`	`180`	`} // create_default_config_test`
`179`	`181`	`}`