MEDIUM: Add support for the crt-store section

With all its keywords: crt-base, key-base and load.

init.go

@@ -44,6 +44,7 @@ type ConfiguredParsers struct {
 	Ring                  *Parsers
 	LogForward            *Parsers
 	FCGIApp               *Parsers
+	CrtStore              *Parsers
 	// spoe parsers
 	SPOEAgent   *Parsers
 	SPOEGroup   *Parsers
@@ -93,4 +94,5 @@ func (p *configParser) initParserMaps() {
 	p.Parsers[Ring] = map[string]*Parsers{}
 	p.Parsers[LogForward] = map[string]*Parsers{}
 	p.Parsers[FCGIApp] = map[string]*Parsers{}
+	p.Parsers[CrtStore] = map[string]*Parsers{}
 }

parser.go

@@ -46,6 +46,7 @@ const (
 	Ring       Section = "ring"
 	LogForward Section = "log-forward"
 	FCGIApp    Section = "fcgi-app"
+	CrtStore   Section = "crt-store"
 	// spoe sections
 	SPOEAgent   Section = "spoe-agent"
 	SPOEGroup   Section = "spoe-group"

parsers/crt-store-load.go

@@ -0,0 +1,117 @@
+/*
+Copyright 2024 HAProxy Technologies
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package parsers
+
+import (
+	"strings"
+
+	"github.com/haproxytech/config-parser/v5/common"
+	"github.com/haproxytech/config-parser/v5/errors"
+	"github.com/haproxytech/config-parser/v5/types"
+)
+
+type LoadCert struct {
+	data        []types.LoadCert
+	preComments []string // comments that appear before the actual line
+}
+
+func (p *LoadCert) parseError(line string) *errors.ParseError {
+	return &errors.ParseError{Parser: "LoadCert", Line: line}
+}
+
+func (p *LoadCert) parse(line string, parts []string, comment string) (*types.LoadCert, error) {
+	if len(parts) < 3 {
+		return nil, p.parseError(line)
+	}
+	if parts[0] != "load" {
+		return nil, p.parseError(line)
+	}
+
+	load := new(types.LoadCert)
+
+	for i := 1; i < len(parts); i++ {
+		element := parts[i]
+		switch element {
+		case "crt":
+			CheckParsePair(parts, &i, &load.Certificate)
+		case "alias":
+			CheckParsePair(parts, &i, &load.Alias)
+		case "key":
+			CheckParsePair(parts, &i, &load.Key)
+		case "ocsp":
+			CheckParsePair(parts, &i, &load.Ocsp)
+		case "issuer":
+			CheckParsePair(parts, &i, &load.Issuer)
+		case "sctl":
+			CheckParsePair(parts, &i, &load.Sctl)
+		case "ocsp-update":
+			i++
+			load.OcspUpdate = new(bool)
+			if parts[i] == "on" {
+				*load.OcspUpdate = true
+			} else if parts[i] != "off" {
+				return nil, p.parseError(line)
+			}
+		}
+	}
+	load.Comment = comment
+
+	// crt is mandatory
+	if load.Certificate == "" {
+		return nil, p.parseError(line)
+	}
+
+	return load, nil
+}
+
+func (p *LoadCert) Result() ([]common.ReturnResultLine, error) {
+	if len(p.data) == 0 {
+		return nil, errors.ErrFetch
+	}
+
+	result := make([]common.ReturnResultLine, len(p.data))
+	sb := new(strings.Builder)
+
+	for i, load := range p.data {
+		sb.Reset()
+		sb.WriteString("load")
+		CheckWritePair(sb, "crt", load.Certificate)
+		CheckWritePair(sb, "alias", load.Alias)
+		CheckWritePair(sb, "key", load.Key)
+		CheckWritePair(sb, "ocsp", load.Ocsp)
+		CheckWritePair(sb, "issuer", load.Issuer)
+		CheckWritePair(sb, "sctl", load.Sctl)
+		CheckWritePair(sb, "ocsp-update", fmtOnOff(load.OcspUpdate))
+
+		result[i] = common.ReturnResultLine{
+			Data:    sb.String(),
+			Comment: load.Comment,
+		}
+	}
+
+	return result, nil
+}
+
+func fmtOnOff(b *bool) string {
+	if b == nil {
+		return ""
+	}
+	if *b {
+		return "on"
+	}
+	return "off"
+}

reader.go

@@ -342,6 +342,16 @@ func (p *configParser) ProcessLine(line string, parts []string, comment string,
 					if p.Options.Log {
 						p.Options.Logger.Tracef("%log-forward section %s active", p.Options.LogPrefix, data.Name)
 					}
+				case "crt-store":
+					parserSectionName := parser.(*extra.Section) //nolint:forcetypeassert
+					rawData, _ := parserSectionName.Get(false)
+					data := rawData.(*types.Section) //nolint:forcetypeassert
+					config.CrtStore = p.getCrtStoreParser()
+					p.Parsers[CrtStore][data.Name] = config.CrtStore
+					config.Active = config.CrtStore
+					if p.Options.Log {
+						p.Options.Logger.Tracef("%scrt-store section %s active", p.Options.LogPrefix, data.Name)
+					}
 				case "snippet_beg":
 					config.Previous = config.Active
 					config.Active = &Parsers{

section-parsers.go

@@ -48,6 +48,7 @@ func (p *configParser) createParsers(parser map[string]ParserInterface, sequence
 	addParser(parser, &sequence, &extra.Section{Name: "ring"})
 	addParser(parser, &sequence, &extra.Section{Name: "log-forward"})
 	addParser(parser, &sequence, &extra.Section{Name: "fcgi-app"})
+	addParser(parser, &sequence, &extra.Section{Name: "crt-store"})
 	if !p.Options.DisableUnProcessed {
 		addParser(parser, &sequence, &extra.UnProcessed{})
 	}
@@ -938,3 +939,12 @@ func (p *configParser) getLogForwardParser() *Parsers {
 	addParser(parser, &sequence, &simple.Timeout{Name: "client"})
 	return p.createParsers(parser, sequence)
 }
+
+func (p *configParser) getCrtStoreParser() *Parsers {
+	parser := map[string]ParserInterface{}
+	sequence := []Section{}
+	addParser(parser, &sequence, &simple.Word{Name: "crt-base"})
+	addParser(parser, &sequence, &simple.Word{Name: "key-base"})
+	addParser(parser, &sequence, &parsers.LoadCert{})
+	return p.createParsers(parser, sequence)
+}

tests/configs/haproxy.cfg.go

@@ -166,6 +166,12 @@ cache foobar
   total-max-size 4
   max-age 240
 
+crt-store tpm2
+  crt-base /c
+  key-base /k
+  load crt example.com.pem alias example
+  load crt lol.pem
+
 frontend healthz from A
   mode http
   monitor-uri /healthz