Jul 31st update

2025-09-29 19:24:26 +03:00 · 2024-07-31 17:15:35 +00:00
parent 705a5e6061
commit 384b59cc87
39 changed files with 1026 additions and 74 deletions
--- a/core/messaging/connection/connection.cc
+++ b/core/messaging/connection/connection.cc
@@ -90,6 +90,12 @@ public:
        if (metadata_flags.isSet(MessageConnectionConfig::IGNORE_SSL_VALIDATION)) {
            flags.setFlag(ConnectionFlags::IGNORE_SSL_VALIDATION);
        }
+        ca_path = metadata.getCaPath();
+        if (metadata.isDualAuth()) {
+            client_cert_path = metadata.getClientCertPath();
+            client_key_path = metadata.getClientKeyPath();
+            is_dual_auth = true;
+        }
    }

    void
@@ -263,20 +269,33 @@ private:

        SSL_CTX_set_verify(ssl_ctx.get(), SSL_VERIFY_PEER, nullptr);

-        auto defualt_cert_path = getFilesystemPathConfig() + "/certs/fog.pem";
-        auto cert_path = getConfigurationWithDefault(defualt_cert_path, "message", "Certificate chain file path");
-        const char *cert = cert_path.c_str();
+        if (is_dual_auth) {
+            dbgTrace(D_CONNECTION)
+                << "Setting dual authentication."
+                << "Client cert path: " << client_cert_path
+                << ", client key path: " << client_key_path;
+            if (SSL_CTX_use_certificate_file(ssl_ctx.get(), client_cert_path.c_str(), SSL_FILETYPE_PEM) <= 0) {
+                string error = ERR_error_string(ERR_get_error(), nullptr);
+                return genError("Error in setting client cert: " + error);
+            }

+            if (SSL_CTX_use_PrivateKey_file(ssl_ctx.get(), client_key_path.c_str(), SSL_FILETYPE_PEM) <= 0) {
+                string error = ERR_error_string(ERR_get_error(), nullptr);
+                return genError("Error in setting client key: " + error);
+            }
+        }
+
+        dbgTrace(D_CONNECTION) << "Setting CA authentication";
        auto details_ssl_dir = Singleton::Consume<I_AgentDetails>::by<Messaging>()->getOpenSSLDir();
        auto openssl_dir = details_ssl_dir.ok() ? *details_ssl_dir : "/usr/lib/ssl/certs/";
        auto configured_ssl_dir = getConfigurationWithDefault(openssl_dir, "message", "Trusted CA directory");
        const char *ca_dir = configured_ssl_dir.empty() ? nullptr : configured_ssl_dir.c_str();

-        if (SSL_CTX_load_verify_locations(ssl_ctx.get(), cert, ca_dir) != 1) {
+        if (SSL_CTX_load_verify_locations(ssl_ctx.get(), ca_path.c_str(), ca_dir) != 1) {
            return genError("Failed to load certificate locations");
        }

-        dbgDebug(D_CONNECTION) << "SSL context set successfully. Certificate: " << cert << ", CA dir: " << ca_dir;
+        dbgDebug(D_CONNECTION) << "SSL context set successfully. Certificate: " << ca_path << ", CA dir: " << ca_dir;
        return Maybe<void>();
    }

@@ -457,7 +476,6 @@ private:
        return BioConnectionStatus::SHOULD_NOT_RETRY;
    }

-
    Maybe<void>
    connectToHost()
    {
@@ -654,6 +672,10 @@ private:
    Flags<ConnectionFlags> flags;

    MessageProxySettings settings;
+    string ca_path = "";
+    string client_cert_path = "";
+    string client_key_path = "";
+
    string connect_message;
    string certificate;

@@ -666,6 +688,7 @@ private:

    bool lock = false;
    bool should_close_connection = false;
+    bool is_dual_auth = false;
 };

 Connection::Connection(const MessageConnectionKey &key, const MessageMetadata &metadata)
--- a/core/messaging/connection/connection_ut/connection_comp_ut.cc
+++ b/core/messaging/connection/connection_ut/connection_comp_ut.cc
@@ -89,6 +89,8 @@ TEST_F(TestConnectionComp, testSetAndGetConnection)
    Flags<MessageConnectionConfig> conn_flags;
    conn_flags.setFlag(MessageConnectionConfig::UNSECURE_CONN);
    MessageMetadata conn_metadata("127.0.0.1", 8080, conn_flags);
+    conn_metadata.setCAPath("ca.pem");
+    conn_metadata.setDualAuthenticationSettings("ca_client.pem", "private_client.key");
    auto maybe_connection = i_conn->establishConnection(conn_metadata, MessageCategory::LOG);
    ASSERT_TRUE(maybe_connection.ok());

--- a/core/messaging/messaging_comp/messaging_comp_ut/messaging_comp_ut.cc
+++ b/core/messaging/messaging_comp/messaging_comp_ut/messaging_comp_ut.cc
@@ -253,9 +253,13 @@ operator==(const MessageMetadata &one, const MessageMetadata &two)
        one.getConnectionFlags() == two.getConnectionFlags() &&
        one.getProxySettings() == two.getProxySettings() &&
        one.getExternalCertificate() == two.getExternalCertificate() &&
+        one.getCaPath() == two.getCaPath() &&
+        one.getClientCertPath() == two.getClientCertPath() &&
+        one.getClientKeyPath() == two.getClientKeyPath() &&
        one.getHeaders() == two.getHeaders() &&
        one.shouldBufferMessage() == two.shouldBufferMessage() &&
-        one.isProxySet() == two.isProxySet();
+        one.isProxySet() == two.isProxySet() &&
+        one.isDualAuth() == two.isDualAuth();
 }

 TEST_F(TestMessagingComp, testSetFogConnection)