Add HTTP proxy support to iotcored

Allows MQTT connections on networks where all outbound communication
is gated by a proxy server.

Tested by running a deployment to a remote tinyproxy server.
Configure the network proxy by writing the following configuration
object to services/aws.greengrass.NucleusLite/configuration/networkProxy:
networkProxy: {
    noproxy: "192.168.1.1,*.example.com:80",
    proxy: {
        url: "http://www.myproxy.io:8888"
    }
}
These settings are equivalent to setting no_proxy and https_proxy
environment variables for OpenSSl

Author: cookpate

bins/ggdeploymentd/CMakeLists.txt

@@ -10,6 +10,7 @@ ggl_init_module(
        ggl-constants
        ggl-file
        ggl-http
+       ggl-uri
        ggl-json
        ggl-recipe
        ggl-semver

bins/iotcored/CMakeLists.txt

@@ -10,4 +10,5 @@ ggl_init_module(
        core_mqtt
        ggl-backoff
        ggl-file
+       ggl-uri
        PkgConfig::openssl)

bins/iotcored/bin/iotcored.c

@@ -5,7 +5,9 @@
 #include "iotcored.h"
 #include <argp.h>
 #include <ggl/error.h>
+#include <ggl/log.h>
 #include <ggl/version.h>
+#include <stdlib.h>
 
 __attribute__((visibility("default"))) const char *argp_program_version
     = GGL_VERSION;
@@ -57,6 +59,20 @@ static struct argp argp = { opts, arg_parser, 0, doc, 0, 0, 0 };
 int main(int argc, char **argv) {
     static IotcoredArgs args = { 0 };
 
+    // NOLINTBEGIN(concurrency-mt-unsafe)
+    char *proxy_uri = proxy_uri = getenv("https_proxy");
+    if (proxy_uri == NULL) {
+        proxy_uri = getenv("HTTPS_PROXY");
+    }
+    args.proxy_uri = proxy_uri;
+
+    char *no_proxy = getenv("no_proxy");
+    if (no_proxy == NULL) {
+        no_proxy = getenv("NO_PROXY");
+    }
+    args.no_proxy = no_proxy;
+    // NOLINTEND(concurrency-mt-unsafe)
+
     // NOLINTNEXTLINE(concurrency-mt-unsafe)
     argp_parse(&argp, argc, argv, 0, 0, &args);
 

bins/iotcored/include/iotcored.h

@@ -14,6 +14,8 @@ typedef struct {
     char *rootca;
     char *cert;
     char *key;
+    char *no_proxy;
+    char *proxy_uri;
 } IotcoredArgs;
 
 GglError run_iotcored(IotcoredArgs *args);

bins/iotcored/src/entry.c

@@ -8,14 +8,34 @@
 #include <ggl/buffer.h>
 #include <ggl/core_bus/gg_config.h>
 #include <ggl/error.h>
+#include <ggl/log.h>
 #include <ggl/object.h>
 #include <limits.h>
 #include <string.h>
+#include <stdbool.h>
 #include <stdint.h>
+#include <stdlib.h>
 
 #define MAX_ENDPOINT_LEN 128
 #define MAX_THINGNAME_LEN 128
 
+static bool getenv_copy(char *name, GglBuffer *destination) {
+    // NOLINTNEXTLINE(concurrency-mt-unsafe)
+    char *value = getenv(name);
+    if (value == NULL) {
+        return false;
+    }
+    GglBuffer source = ggl_buffer_from_null_term(value);
+    if (source.len >= destination->len) {
+        GGL_LOGW("%s too long.", name);
+        return false;
+    }
+    memcpy(destination->data, source.data, source.len);
+    destination->len = source.len;
+    destination->data[destination->len] = '\0';
+    return true;
+}
+
 GglError run_iotcored(IotcoredArgs *args) {
     if (args->cert == NULL) {
         static uint8_t cert_mem[PATH_MAX] = { 0 };
@@ -94,6 +114,61 @@ GglError run_iotcored(IotcoredArgs *args) {
         args->rootca = (char *) rootca_mem;
     }
 
+    static uint8_t proxy_uri_mem[PATH_MAX] = { 0 };
+    if (args->proxy_uri == NULL) {
+        GglBuffer proxy_uri = GGL_BUF(proxy_uri_mem);
+        if (getenv_copy("https_proxy", &proxy_uri)) {
+            args->proxy_uri = (char *) proxy_uri_mem;
+        } else if (getenv_copy("HTTPS_PROXY", &proxy_uri)) {
+            args->proxy_uri = (char *) proxy_uri_mem;
+        }
+    }
+    if (args->proxy_uri == NULL) {
+        GglBuffer proxy_uri = GGL_BUF(proxy_uri_mem);
+        proxy_uri.len -= 1;
+        GglError ret = ggl_gg_config_read_str(
+            GGL_BUF_LIST(
+                GGL_STR("services"),
+                GGL_STR("aws.greengrass.NucleusLite"),
+                GGL_STR("configuration"),
+                GGL_STR("networkProxy"),
+                GGL_STR("proxy"),
+                GGL_STR("url")
+            ),
+            &proxy_uri
+        );
+        if (ret == GGL_ERR_OK) {
+            args->proxy_uri = (char *) proxy_uri_mem;
+        }
+    }
+
+    static uint8_t no_proxy_mem[PATH_MAX] = { 0 };
+    if (args->no_proxy == NULL) {
+        GglBuffer no_proxy = GGL_BUF(no_proxy_mem);
+        if (getenv_copy("no_proxy", &no_proxy)) {
+            args->no_proxy = (char *) no_proxy_mem;
+        } else if (getenv_copy("NO_PROXY", &no_proxy)) {
+            args->no_proxy = (char *) no_proxy_mem;
+        }
+    }
+    if (args->no_proxy == NULL) {
+        GglBuffer no_proxy = GGL_BUF(no_proxy_mem);
+        no_proxy.len -= 1;
+        GglError ret = ggl_gg_config_read_str(
+            GGL_BUF_LIST(
+                GGL_STR("services"),
+                GGL_STR("aws.greengrass.NucleusLite"),
+                GGL_STR("configuration"),
+                GGL_STR("networkProxy"),
+                GGL_STR("noproxy"),
+            ),
+            &no_proxy
+        );
+        if (ret == GGL_ERR_OK) {
+            args->no_proxy = (char *) no_proxy_mem;
+        }
+    }
+
     GglError ret = iotcored_mqtt_connect(args);
     if (ret != GGL_ERR_OK) {
         return ret;