persist controller list in zid files

CZiti.xcodeproj/project.pbxproj

@@ -57,7 +57,7 @@
 		5AB8309E247432C40089AF93 /* ZitiError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB8308F247432C40089AF93 /* ZitiError.swift */; };
 		5AB8309F247432C40089AF93 /* ZitiIntercept.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83090247432C40089AF93 /* ZitiIntercept.swift */; };
 		5AB830A0247432C40089AF93 /* ZitiKeychain.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83091247432C40089AF93 /* ZitiKeychain.swift */; };
-		5AB830A1247432C40089AF93 /* ZitiConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83092247432C40089AF93 /* ZitiConfig.swift */; };
+		5AB830A1247432C40089AF93 /* ZitiServiceConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83092247432C40089AF93 /* ZitiServiceConfig.swift */; };
 		5AB830A2247432C40089AF93 /* ZitiUnretained.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83093247432C40089AF93 /* ZitiUnretained.swift */; };
 		5AB830A3247432C40089AF93 /* ZitiLog.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83094247432C40089AF93 /* ZitiLog.swift */; };
 		5AB830A4247432C40089AF93 /* ZitiUrlClientConfigV1.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83095247432C40089AF93 /* ZitiUrlClientConfigV1.swift */; };
@@ -71,7 +71,7 @@
 		5AB830AC2474330D0089AF93 /* ZitiError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB8308F247432C40089AF93 /* ZitiError.swift */; };
 		5AB830AD247433110089AF93 /* ZitiIntercept.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83090247432C40089AF93 /* ZitiIntercept.swift */; };
 		5AB830AE247433150089AF93 /* ZitiKeychain.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83091247432C40089AF93 /* ZitiKeychain.swift */; };
-		5AB830AF247433190089AF93 /* ZitiConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83092247432C40089AF93 /* ZitiConfig.swift */; };
+		5AB830AF247433190089AF93 /* ZitiServiceConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83092247432C40089AF93 /* ZitiServiceConfig.swift */; };
 		5AB830B02474331C0089AF93 /* ZitiUnretained.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83093247432C40089AF93 /* ZitiUnretained.swift */; };
 		5AB830B1247433200089AF93 /* ZitiLog.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83094247432C40089AF93 /* ZitiLog.swift */; };
 		5AB830B2247433230089AF93 /* ZitiUrlClientConfigV1.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5AB83095247432C40089AF93 /* ZitiUrlClientConfigV1.swift */; };
@@ -221,7 +221,7 @@
 		5AB8308F247432C40089AF93 /* ZitiError.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZitiError.swift; sourceTree = "<group>"; };
 		5AB83090247432C40089AF93 /* ZitiIntercept.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZitiIntercept.swift; sourceTree = "<group>"; };
 		5AB83091247432C40089AF93 /* ZitiKeychain.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZitiKeychain.swift; sourceTree = "<group>"; };
-		5AB83092247432C40089AF93 /* ZitiConfig.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZitiConfig.swift; sourceTree = "<group>"; };
+		5AB83092247432C40089AF93 /* ZitiServiceConfig.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZitiServiceConfig.swift; sourceTree = "<group>"; };
 		5AB83093247432C40089AF93 /* ZitiUnretained.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZitiUnretained.swift; sourceTree = "<group>"; };
 		5AB83094247432C40089AF93 /* ZitiLog.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZitiLog.swift; sourceTree = "<group>"; };
 		5AB83095247432C40089AF93 /* ZitiUrlClientConfigV1.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZitiUrlClientConfigV1.swift; sourceTree = "<group>"; };
@@ -454,7 +454,7 @@
 				5AB83096247432C40089AF93 /* ZitiUrlProtocol.swift */,
 				5AB83090247432C40089AF93 /* ZitiIntercept.swift */,
 				5AB83091247432C40089AF93 /* ZitiKeychain.swift */,
-				5AB83092247432C40089AF93 /* ZitiConfig.swift */,
+				5AB83092247432C40089AF93 /* ZitiServiceConfig.swift */,
 				5AB83095247432C40089AF93 /* ZitiUrlClientConfigV1.swift */,
 				5AB83098247432C40089AF93 /* ZitiTunnelClientConfigV1.swift */,
 				5A8B0C1C2594119900182437 /* ZitiTunnelServerConfigV1.swift */,
@@ -718,7 +718,7 @@
 			files = (
 				5AB830A0247432C40089AF93 /* ZitiKeychain.swift in Sources */,
 				5A8B0B81258FEA9A00182437 /* ZitiService.swift in Sources */,
-				5AB830A1247432C40089AF93 /* ZitiConfig.swift in Sources */,
+				5AB830A1247432C40089AF93 /* ZitiServiceConfig.swift in Sources */,
 				5AB8309E247432C40089AF93 /* ZitiError.swift in Sources */,
 				5AB830A7247432C40089AF93 /* ZitiTunnelClientConfigV1.swift in Sources */,
 				5AB830A5247432C40089AF93 /* ZitiUrlProtocol.swift in Sources */,
@@ -753,7 +753,7 @@
 			files = (
 				5AB830AE247433150089AF93 /* ZitiKeychain.swift in Sources */,
 				5A8B0B82258FEA9A00182437 /* ZitiService.swift in Sources */,
-				5AB830AF247433190089AF93 /* ZitiConfig.swift in Sources */,
+				5AB830AF247433190089AF93 /* ZitiServiceConfig.swift in Sources */,
 				5AB830AC2474330D0089AF93 /* ZitiError.swift in Sources */,
 				5AB830B52474332E0089AF93 /* ZitiTunnelClientConfigV1.swift in Sources */,
 				5AB830B3247433270089AF93 /* ZitiUrlProtocol.swift in Sources */,

README.md

@@ -150,7 +150,7 @@ See also the documentation included in the `CZiti` module available in the `Xcod
 
 Note that that `CZiti` is not built for Bitcode, and when building for a device the __Build Settings - Build Options__ should set `Enable Bitcode` to `No`. 
 
-Note that `CZiti` depends on `libresolv.9.tbd`, and requires access to outbound network connections and the Apple Keychain.
+Note that `CZiti` depends on `libresolv.9.tbd` and `libz.1.tbd` when linking, and requires access to outbound network connections and the Apple Keychain at runtime.
 
 ## Via `Swift Package Manager` 
 See [ziti-sdk-swift-dist](https://github.com/openziti/ziti-sdk-swift-dist) for access to `CZiti.xcframework` built from this repository and made available as a `.binaryTarget`.

build_all.sh

@@ -33,6 +33,7 @@ function build_tsdk {
    cmake -DCMAKE_BUILD_TYPE=${cmake_build_type} \
       ${clang_asan_flags} \
       -DTLSUV_TLSLIB=openssl \
+      -DVCPKG_INSTALL_OPTIONS="--debug" \
       -DEXCLUDE_PROGRAMS=ON \
       -DZITI_TUNNEL_BUILD_TESTS=OFF \
       -DCMAKE_TOOLCHAIN_FILE="${toolchain}" \

lib/Ziti.swift

@@ -149,11 +149,11 @@ import CZitiPrivate
     ///
     /// - Parameters:
     ///     - id: Usually the `sub` field from the  one-time enrollment JWT.  Used by `Ziti` to store and retrieve identity-related items in the Keychain`
-    ///     - ztAPI: scheme, host, and port used to communicate with Ziti controller
-    ///     - name: name assocaited with this identity in Ziti. 
+    ///     - ztAPIs: array of URLs (scheme, host, and port) used to communicate with Ziti controllers
+    ///     - name: name assocaited with this identity in Ziti.
     ///     - caPool: CA pool verified as part of enrollment that can be used to establish trust with of the  Ziti controller
-    @objc public init(_ id:String, _ ztAPI:String, name:String?, caPool:String?) {
-        self.id = ZitiIdentity(id:id, ztAPI:ztAPI, name:name, ca:caPool)
+    @objc public init(_ id:String, _ ztAPIs:[String], name:String?, caPool:String?) {
+        self.id = ZitiIdentity(id:id, ztAPIs:ztAPIs, name:name, ca:caPool)
         privateLoop = true
         loop = UnsafeMutablePointer<uv_loop_t>.allocate(capacity: 1)
         loop.initialize(to: uv_loop_t())
@@ -345,7 +345,7 @@ import CZitiPrivate
                 ca = dropFirst("pem:", idCa)
             }
 
-            let zid = ZitiIdentity(id: subj, ztAPI: resp.ztAPI, ca: ca)
+            let zid = ZitiIdentity(id: subj, ztAPIs: resp.ztAPIs, ca: ca)
             log.info("Enrolled id:\(subj) with controller: \(zid.ztAPI)", function:"enroll()")
 
             enrollCallback(zid, nil)
@@ -429,7 +429,13 @@ import CZitiPrivate
         }
 
         // set up the ziti_config with our cert, etc.
-        var ctrls:model_list = model_list.init() // todo get controllers list
+        var ctrls:model_list = model_list()
+        id.ztAPIs?.forEach { c in
+            let ctrlPtr = UnsafeMutablePointer<Int8>.allocate(capacity: c.count + 1)
+            ctrlPtr.initialize(from: c, count: c.count + 1)
+            model_list_append(&ctrls, ctrlPtr)
+        }
+
         var zitiCfg = ziti_config(
             controller_url: ctrlPtr,
             controllers: ctrls,
@@ -451,6 +457,17 @@ import CZitiPrivate
             caPEMPtr!.deallocate()
         }
 
+        withUnsafeMutablePointer(to: &ctrls) { ctrlListPtr in
+            var i = model_list_iterator(ctrlListPtr)
+            while i != nil {
+                let ctrlPtr = model_list_it_element(i)
+                if let ctrl = UnsafeMutablePointer<CChar>(OpaquePointer(ctrlPtr)) {
+                    ctrl.deallocate()
+                }
+                i = model_list_it_next(i)
+            }
+        }
+
         ziti_log_init_wrapper(loop)
 
         var zitiOpts = ziti_options(disabled: id.startDisabled ?? false,
@@ -463,7 +480,7 @@ import CZitiPrivate
                                 pq_process_cb: postureChecks?.processQuery != nil ? Ziti.onProcessQuery : nil,
                                 pq_domain_cb: postureChecks?.domainQuery != nil ? Ziti.onDomainQuery : nil,
                                 app_ctx: self.toVoidPtr(),
-                                events: ZitiContextEvent.rawValue | ZitiRouterEvent.rawValue | ZitiServiceEvent.rawValue | ZitiAuthEvent.rawValue | ZitiAPIEvent.rawValue,
+                                events: ZitiContextEvent.rawValue | ZitiRouterEvent.rawValue | ZitiServiceEvent.rawValue | ZitiAuthEvent.rawValue | ZitiConfigEvent.rawValue,
                                 event_cb: Ziti.onEvent)
 
         zitiStatus = ziti_context_set_options(self.ztx, &zitiOpts)
@@ -919,13 +936,9 @@ import CZitiPrivate
         let event = ZitiEvent(mySelf, cEvent)
 
         // update ourself
-        if event.type == ZitiEvent.EventType.ApiEvent {
-            if !event.apiEvent!.newControllerAddress.isEmpty {
-                mySelf.id.ztAPI = event.apiEvent!.newControllerAddress
-            }
-            if !event.apiEvent!.newCaBundle.isEmpty {
-                mySelf.id.ca = event.apiEvent!.newCaBundle
-            }
+        if event.type == ZitiEvent.EventType.ConfigEvent {
+            mySelf.id.ztAPI = event.configEvent!.controller_url
+            mySelf.id.ca = event.configEvent!.caBundle
         }
 
         mySelf.eventCallbacksLock.lock()

lib/ZitiEnroller.swift

@@ -56,9 +56,9 @@ import CZitiPrivate
         /**
          * URL of controller returned on successful enrollment attempt
          */
-        public let ztAPI:String, id:Identity
-        init(ztAPI:String, id:Identity) {
-            self.ztAPI = ztAPI
+        public let ztAPIs:[String], id:Identity
+        init(ztAPIs:[String], id:Identity) {
+            self.ztAPIs = ztAPIs
             self.id = id
         }
     }
@@ -127,9 +127,9 @@ import CZitiPrivate
         enrollData.pointee.privatePem_c = UnsafeMutablePointer<Int8>.allocate(capacity: privatePem.count + 1)
         enrollData.pointee.privatePem_c!.initialize(from: privatePem.cString(using: .utf8)!, count: privatePem.count + 1)
 
-        var enroll_opts = ziti_enroll_opts(jwt: enrollData.pointee.jwtFile_c,
-                                           enroll_key: enrollData.pointee.privatePem_c,
-                                           enroll_cert: nil, enroll_name: nil, jwt_content: nil, use_keychain: false)
+        var enroll_opts = ziti_enroll_opts(url: nil, token: enrollData.pointee.jwtFile_c,
+                                           key: enrollData.pointee.privatePem_c,
+                                           cert: nil, name: nil, use_keychain: false)
         let status = ziti_enroll(&enroll_opts, loop, ZitiEnroller.on_enroll, enrollData)
         guard status == ZITI_OK else {
             let errStr = String(cString: ziti_errorstr(status))
@@ -233,6 +233,20 @@ import CZitiPrivate
             enrollData.pointee.enrollmentCallback?(nil, nil, ze)
             return
         }
+
+        var controllers:[String] = []
+        var ctrlList = zc.controllers
+        withUnsafeMutablePointer(to: &ctrlList) { ctrlListPtr in
+            var i = model_list_iterator(ctrlListPtr)
+            while i != nil {
+                let ctrlPtr = model_list_it_element(i)
+                if let ctrl = UnsafeMutablePointer<CChar>(OpaquePointer(ctrlPtr)) {
+                    let ctrlStr = String(cString: ctrl)
+                    controllers.append(ctrlStr)
+                }
+                i = model_list_it_next(i)
+            }
+        }
         guard let ztAPI = String(cString: zc.controller_url, encoding: .utf8) else {
             let errStr = "Invaid ztAPI response"
             log.error(errStr, function:"on_enroll()")
@@ -244,7 +258,7 @@ import CZitiPrivate
         let id = EnrollmentResponse.Identity(cert: cert,
                                              key: String(cString: zc.id.key, encoding: .utf8),
                                              ca: String(cString: zc.id.ca, encoding: .utf8))
-        let enrollResp = EnrollmentResponse(ztAPI: ztAPI, id: id)
+        let enrollResp = EnrollmentResponse(ztAPIs: controllers, id: id)
         enrollData.pointee.enrollmentCallback?(enrollResp, enrollData.pointee.subj, nil)
     }
 

lib/ZitiEvent.swift

@@ -42,7 +42,7 @@ import CZitiPrivate
         case Auth = 0x08     // ZitiAuthEvent.rawValue
 
         /// Indicates an `ApiEvent`
-        case ApiEvent = 0x10 // ZitiApiEvent.rawValue
+        case ConfigEvent = 0x10 // ZitiConfigEvent.rawValue
 
         /// Generates a string describing the event
         /// - returns: String describing the event
@@ -61,8 +61,8 @@ import CZitiPrivate
             /// Indicates `AuthEvent`
             case .Auth:     return ".Auth"
 
-            /// Indicates `ApiEvent`
-            case .ApiEvent: return ".ApiEvent"
+            /// Indicates `ConfigEvent`
+            case .ConfigEvent: return ".ConfigEvent"
 
             /// Indicates unrecognized event
             case .Invalid:  return ".Invalid"
@@ -264,27 +264,51 @@ import CZitiPrivate
         }
     }
 
-    /// Encapsulation of Ziti SDK C's API Event
-    @objc public class ApiEvent : NSObject {
+    /// Encapsulation of Ziti SDK C's Config Event
+    @objc public class ConfigEvent : NSObject {
 
-        /// New controller address
-        @objc public let newControllerAddress:String
-        @objc public let newCaBundle:String
-        init( _ cEvent:ziti_api_event) {
+        /// Controller address
+        @objc public let controller_url:String // todo enapsulate ziti_config_s ?
+        @objc public let controllers:[String]
+        @objc public let cfgSource:String
+
+        @objc public let caBundle:String // todo encapsulate ziti_id_cfg_s?
+
+        init( _ cEvent:ziti_config_event) {
             var str = ""
-            if let cStr = cEvent.new_ctrl_address {
+            if let cStr = cEvent.config.pointee.controller_url {
                 str = String(cString: cStr)
             }
             if !str.starts(with: "https://") {
                 str.insert(contentsOf: "https://", at: str.startIndex)
             }
-            newControllerAddress = str
+            controller_url = str
 
+            var cfgSourceStr = ""
+            if let cStr = cEvent.config.pointee.cfg_source {
+                cfgSourceStr = String(cString: cStr)
+            }
+            cfgSource = cfgSourceStr
+
             var caStr = ""
-            if let cStr = cEvent.new_ca_bundle {
+            if let cStr = cEvent.config.pointee.id.ca {
                 caStr = String(cString: cStr)
             }
-            newCaBundle = caStr
+            caBundle = caStr
+
+            var ctrlsArray:[String] = []
+            var ctrlList = cEvent.config.pointee.controllers
+            withUnsafeMutablePointer(to: &ctrlList) { ctrlListPtr in
+                var i = model_list_iterator(ctrlListPtr)
+                while i != nil {
+                    let ctrlPtr = model_list_it_element(i)
+                    if let ctrl = UnsafeMutablePointer<CChar>(OpaquePointer(ctrlPtr)) {
+                        ctrlsArray.append(String(ctrl.pointee))
+                    }
+                    i = model_list_it_next(i)
+                }
+            }
+            controllers = ctrlsArray
         }
     }
 
@@ -304,7 +328,7 @@ import CZitiPrivate
     @objc public var authEvent:AuthEvent?
 
     /// Populated based on event `type`
-    @objc public var apiEvent:ApiEvent?
+    @objc public var configEvent:ConfigEvent?
 
     init(_ ziti:Ziti, _ cEvent:UnsafePointer<ziti_event_t>) {
         self.ziti = ziti
@@ -317,8 +341,8 @@ import CZitiPrivate
             routerEvent = RouterEvent(cEvent.pointee.router)
         } else if type == .Auth {
             authEvent = AuthEvent(cEvent.pointee.auth)
-        } else if type == .ApiEvent {
-            apiEvent = ApiEvent(cEvent.pointee.api)
+        } else if type == .ConfigEvent {
+            configEvent = ConfigEvent(cEvent.pointee.cfg)
         } else {
             log.error("unrecognized event type \(cEvent.pointee.type.rawValue)")
         }
@@ -354,8 +378,11 @@ import CZitiPrivate
             str += "   providers: (\(e.providers.count))\n\(ZitiEvent.jwtSignerArrToStr(e.providers))"
         }
 
-        if let e = apiEvent {
-            str += "   newControllerAddress: \(e.newControllerAddress)\n"
+        if let e = configEvent {
+            str += "   controller_url: \(e.controller_url)\n"
+            str += "   controllers: \(e.controllers))\n"
+            str += "   cfgSource: \(e.cfgSource)\n"
+            str += "   caBundle: \(e.caBundle)\n"
         }
         return str
     }

lib/ZitiHostConfigV1.swift

@@ -16,7 +16,7 @@ limitations under the License.
 import Foundation
 
 /// Class representation of host.v1 service configuration
-public class ZitiHostConfigV1 : Codable, ZitiConfig {
+public class ZitiHostConfigV1 : Codable, ZitiServiceConfig {
     static var configType = "host.v1"
 
     enum CodingKeys: String, CodingKey {

lib/ZitiIdentity.swift

@@ -37,6 +37,9 @@ import Foundation
     /// scheme, host, and port used to communicate with Ziti controller
     @objc public var ztAPI:String
 
+    /// scheme, host. and port of all controllers in cluster
+    @objc public var ztAPIs:[String]?
+
     /// name assocaited with this identity in Ziti.
     ///
     /// Note that this name is unknown until a session with Ziti is active
@@ -55,9 +58,10 @@ import Foundation
     ///     - ztAPI: URL for accessing Ziti controller API
     ///     - name: name currently configured for this identity
     ///     - ca: CA pool that can be used to verify trust of the Ziti controller
-    @objc public init(id:String, ztAPI:String, name:String?=nil, ca:String?=nil) {
+    @objc public init(id:String, ztAPIs:[String], name:String?=nil, ca:String?=nil) {
         self.id = id
-        self.ztAPI = ztAPI
+        self.ztAPI = ztAPIs.first ?? ""
+        self.ztAPIs = ztAPIs
         self.name = name
         self.ca = ca
     }

lib/ZitiInterceptConfigV1.swift

@@ -16,7 +16,7 @@ limitations under the License.
 import Foundation
 
 /// Class representation of intercept.v1 service configuration
-public class ZitiInterceptConfigV1 : Codable, ZitiConfig {
+public class ZitiInterceptConfigV1 : Codable, ZitiServiceConfig {
     static var configType = "intercept.v1"
 
     /// Class representing port range to intercept