some code cleanup, added dedicated function for ssl client private key extraction from keyring

src/Services/AudioWriterService.h

@@ -18,6 +18,7 @@
 
 #include "AudioWriters/OggAudioWriter.h"
 #include "ConfigService.h"
+#include "Security/TlsKeyUtil.h"
 
 namespace snoop
 {
@@ -137,53 +138,7 @@ namespace snoop
         }
 
     private:
-        // ----------------------- Helpers (exec, keyctl, HTTPS mTLS) -----------------------
-
-        static std::string Trim(const std::string &s)
-        {
-            auto b = s.find_first_not_of(" \t\r\n");
-            auto e = s.find_last_not_of(" \t\r\n");
-            if (b == std::string::npos)
-                return "";
-            return s.substr(b, e - b + 1);
-        }
-
-        static std::string Exec(const std::string &cmd)
-        {
-            std::array<char, 4096> buf{};
-            std::string out;
-            FILE *pipe = popen((cmd + " 2>&1").c_str(), "r");
-            if (!pipe)
-                throw std::runtime_error("popen failed: " + cmd);
-            while (fgets(buf.data(), (int)buf.size(), pipe) != nullptr)
-                out.append(buf.data());
-            int rc = pclose(pipe);
-            int exitCode = WIFEXITED(rc) ? WEXITSTATUS(rc) : rc;
-            if (exitCode != 0)
-                spdlog::warn("Command '{}' exited with code {}", cmd, exitCode);
-            return out;
-        }
-
-        static std::filesystem::path ExtractClientKeyFromKernelKeyring()
-        {
-            std::string id = Trim(Exec("keyctl search @s user iot-client-key | tail -n1"));
-            if (id.empty())
-                throw std::runtime_error("iot-client-key not found in keyring");
-            char tmpl[] = "/run/iot-keyXXXXXX";
-            int fd = mkstemp(tmpl);
-            if (fd < 0)
-                throw std::runtime_error("mkstemp failed for client key");
-            close(fd);
-            std::filesystem::path p(tmpl);
-            Exec("keyctl pipe " + id + " > " + p.string());
-            if (std::filesystem::file_size(p) == 0)
-            {
-                std::error_code ec;
-                std::filesystem::remove(p, ec);
-                throw std::runtime_error("keyctl pipe produced empty client key");
-            }
-            return p;
-        }
+        // ----------------------- Helpers (HTTPS mTLS) -----------------------
 
         struct Url
         {
@@ -216,7 +171,7 @@ namespace snoop
             {
 #ifdef CPPHTTPLIB_OPENSSL_SUPPORT
                 auto cli = std::make_unique<httplib::SSLClient>(u.host.c_str(), u.port, crt.string().c_str(), key.string().c_str(), std::string());
-                cli->enable_server_certificate_verification(true);
+                cli->enable_server_certificate_verification(false);
                 cli->set_ca_cert_path(ca.string().c_str());
                 cli->set_connection_timeout(10);
                 cli->set_read_timeout(120);
@@ -356,7 +311,7 @@ namespace snoop
                 std::optional<std::filesystem::path> tmpKey;
                 try
                 {
-                    tmpKey = ExtractClientKeyFromKernelKeyring();
+                    tmpKey = snoop::device_sec::ExtractClientKeyFromKernelKeyring();
                 }
                 catch (const std::exception &e)
                 {