First release of open-appsec source code

components/security_apps/orchestration/include/fog_authenticator.h

@@ -0,0 +1,301 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __FOG_AUTHENTICATOR_H__
+#define __FOG_AUTHENTICATOR_H__
+
+#include <chrono>
+#include <functional>
+#include <tuple>
+#include <vector>
+#include <algorithm>
+#include <map>
+#include "cereal/archives/json.hpp"
+
+#include "i_update_communication.h"
+#include "i_orchestration_tools.h"
+#include "i_agent_details.h"
+#include "i_orchestration_status.h"
+#include "i_messaging.h"
+#include "i_mainloop.h"
+#include "i_encryptor.h"
+#include "i_details_resolver.h"
+#include "i_rest_api.h"
+#include "i_time_get.h"
+#include "i_encryptor.h"
+#include "maybe_res.h"
+
+class FogAuthenticator
+        :
+    public I_UpdateCommunication,
+    Singleton::Consume<I_RestApi>,
+    Singleton::Consume<I_AgentDetails>,
+    Singleton::Consume<I_DetailsResolver>,
+    Singleton::Consume<I_OrchestrationStatus>,
+    Singleton::Consume<I_OrchestrationTools>,
+    Singleton::Consume<I_Encryptor>,
+    Singleton::Consume<I_MainLoop>,
+    Singleton::Consume<I_Messaging>,
+    Singleton::Consume<I_TimeGet>
+{
+    class AccessToken
+    {
+    public:
+        AccessToken(const std::string &token, std::chrono::seconds expiration);
+
+        std::chrono::seconds getRemainingTime() const;
+
+        const std::string & getToken() const { return token; }
+        uint getExpiration() const { return expiration.count(); }
+
+    private:
+        std::string token;
+        std::chrono::seconds expiration;
+        std::chrono::microseconds received_time;
+    };
+
+    class AccessTokenProvider : public ServerRest
+    {
+    public:
+        void doCall() override;
+        static std::function<Maybe<AccessToken>()> getAccessToken;
+
+    private:
+        S2C_PARAM(std::string, token);
+        S2C_PARAM(uint, expiration);
+    };
+
+public:
+    class RegistrationData
+    {
+        enum class AuthenticationType { Token, PresharedSecret, COUNT };
+
+    public:
+        RegistrationData() = default;
+        RegistrationData(const RegistrationData &) = default;
+        RegistrationData(const std::string &_env_token);
+
+        void serialize(cereal::JSONOutputArchive &out_ar) const;
+        void serialize(cereal::JSONInputArchive &in_ar);
+
+    private:
+        AuthenticationType type;
+        std::string data;
+    };
+
+    FogAuthenticator() = default;
+    ~FogAuthenticator() = default;
+
+    virtual void init();
+
+    static void preload();
+
+    Maybe<void> authenticateAgent() override;
+    void setAddressExtenesion(const std::string &extension) override;
+
+protected:
+    class UserCredentials
+    {
+    public:
+        UserCredentials() = default;
+        UserCredentials(const std::string &client_id, const std::string &shared_secret);
+
+        std::string getClientId() const { return client_id; }
+        std::string getSharedSecret() const { return shared_secret; }
+
+        void serialize(cereal::JSONOutputArchive &out_ar) const;
+        void serialize(cereal::JSONInputArchive &in_ar);
+
+    private:
+        std::string client_id;
+        std::string shared_secret;
+    };
+
+    void loadRequiredSecurityApps();
+    Maybe<AccessToken> getAccessToken(const UserCredentials &credentials) const;
+    Maybe<UserCredentials>
+    registerAgent(
+        const RegistrationData &reg_data,
+        const std::string &name,
+        const std::string &type,
+        const std::string &platform,
+        const std::string &architecture
+    ) const;
+
+    void initRestAPI();
+    Maybe<UserCredentials> getCredentials();
+
+    bool saveCredentialsToFile(const UserCredentials &credentials) const;
+    Maybe<UserCredentials> getCredentialsFromFile() const;
+    Maybe<RegistrationData> getRegistrationData();
+
+    std::string base64Encode(const std::string &in) const;
+    std::string buildBasicAuthHeader(const std::string &username, const std::string &pass) const;
+    std::string buildOAuth2Header(const std::string &token) const;
+
+    // This apps which the orchestrations requires them from Fog.
+    std::vector<std::string> required_security_apps;
+    std::string fog_address_ex                  = "";
+    std::string filesystem_prefix               = "";
+    std::string otp                             = "";
+    Maybe<UserCredentials> credentials          = genError("User credentials are empty");
+    Maybe<AccessToken> access_token             = genError("Access token was not received yet");
+    Maybe<RegistrationData> reg_data            = genError("Registration data is empty");
+    I_MainLoop::RoutineID routine               = 0;
+};
+
+class AdditionalMetaData
+{
+public:
+    AdditionalMetaData() = default;
+    AdditionalMetaData(const AdditionalMetaData &) = default;
+
+    AdditionalMetaData &
+    operator<<(const std::pair<std::string, std::string> &data)
+    {
+        additional_data.insert(data);
+        return *this;
+    }
+
+    void
+    serialize(cereal::JSONOutputArchive &out_ar) const
+    {
+        for (auto &data : additional_data) {
+            out_ar(cereal::make_nvp(data.first, data.second));
+        }
+    }
+
+private:
+    std::map<std::string, std::string> additional_data;
+};
+
+class RegistrationRequest : public ClientRest
+{
+private:
+    class MetaData
+    {
+    public:
+        MetaData() = default;
+        MetaData(
+            const std::string &_name,
+            const std::string &_type,
+            const std::string &_platform,
+            const std::string &_architecture,
+            const std::string &_agent_version)
+                :
+            name(_name),
+            type(_type),
+            platform(_platform),
+            architecture(_architecture),
+            agent_version(_agent_version)
+        {
+        }
+
+        void
+        serialize(cereal::JSONOutputArchive &out_ar) const
+        {
+            out_ar(
+                cereal::make_nvp("agentName",          name),
+                cereal::make_nvp("agentType",          type),
+                cereal::make_nvp("platform",           platform),
+                cereal::make_nvp("architecture",       architecture),
+                cereal::make_nvp("agentVersion",       agent_version),
+                cereal::make_nvp("additionalMetaData", additional_metadata)
+            );
+        }
+
+        AdditionalMetaData &
+        operator<<(const std::pair<std::string, std::string> &data)
+        {
+            return additional_metadata << data;
+        }
+
+    private:
+        std::string name;
+        std::string type;
+        std::string platform;
+        std::string architecture;
+        std::string agent_version;
+        AdditionalMetaData additional_metadata;
+    };
+
+public:
+    RegistrationRequest(
+        const FogAuthenticator::RegistrationData &reg_data,
+        const std::string &name,
+        const std::string &type,
+        const std::string &platform,
+        const std::string &architecture,
+        const std::string &agent_version)
+            :
+        authenticationData({ reg_data }),
+        metaData(MetaData(name, type, platform, architecture, agent_version))
+    {
+    }
+
+    AdditionalMetaData &
+    operator<<(const std::pair<std::string, std::string> &data)
+    {
+        return metaData.get() << data;
+    }
+
+    std::string getClientId() const { return client_id; }
+    std::string getSharedSecret() const { return shared_secret; }
+    std::string getAgentId() const { return agentId; }
+    std::string getProfileId() const { return profileId; }
+    std::string getTenantId() const { return tenantId; }
+
+private:
+    C2S_PARAM(std::vector<FogAuthenticator::RegistrationData>, authenticationData);
+    C2S_PARAM(MetaData, metaData);
+
+    S2C_PARAM(std::string, client_id);
+    S2C_PARAM(std::string, shared_secret);
+    S2C_PARAM(std::string, tenantId);
+    S2C_PARAM(std::string, profileId);
+    S2C_PARAM(std::string, agentId);
+};
+
+class PolicyVersionPatchRequest : public ClientRest
+{
+public:
+    PolicyVersionPatchRequest(const std::string &_policy_version)
+            :
+        policy_version(_policy_version)
+    {
+    }
+
+private:
+    C2S_LABEL_PARAM(std::string, policy_version, "policyVersion");
+};
+
+class TokenRequest : public ClientRest
+{
+public:
+    std::string getAccessToken()     const { return access_token; }
+    std::string getTokenType()       const { return token_type; }
+    std::string getUserId()          const { return user_id; }
+    std::string getScope()           const { return scope; }
+    std::string getJTI()             const { return jti; }
+    int getExpirationTime()     const { return expires_in; }
+
+private:
+    S2C_PARAM(int,    expires_in);
+    S2C_PARAM(std::string, jti);
+    S2C_PARAM(std::string, scope);
+    S2C_PARAM(std::string, token_type);
+    S2C_PARAM(std::string, access_token);
+    S2C_LABEL_PARAM(std::string, user_id, "uuid");
+};
+
+#endif // __FOG_AUTHENTICATOR_H__

components/security_apps/orchestration/include/fog_communication.h

@@ -0,0 +1,45 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __FOG_COMMUNICATION_H__
+#define __FOG_COMMUNICATION_H__
+
+#include <chrono>
+#include <functional>
+#include <tuple>
+#include <vector>
+#include "cereal/archives/json.hpp"
+
+#include "i_update_communication.h"
+#include "fog_authenticator.h"
+#include "i_orchestration_tools.h"
+#include "i_agent_details.h"
+#include "i_orchestration_status.h"
+#include "i_messaging.h"
+#include "i_mainloop.h"
+#include "i_encryptor.h"
+#include "i_details_resolver.h"
+#include "i_rest_api.h"
+#include "i_time_get.h"
+#include "i_encryptor.h"
+#include "maybe_res.h"
+
+class FogCommunication : public FogAuthenticator
+{
+public:
+    Maybe<void> getUpdate(CheckUpdateRequest &request) override;
+    Maybe<std::string> downloadAttributeFile(const GetResourceFile &resourse_file) override;
+    Maybe<void> sendPolicyVersion(const std::string &policy_version) const override;
+};
+
+#endif // __FOG_COMMUNICATION_H__

components/security_apps/orchestration/include/get_status_rest.h

@@ -0,0 +1,91 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __GET_STATUS_RES_H__
+#define __GET_STATUS_RES_H__
+
+#include "i_messaging_downloader.h"
+#include "i_messaging.h"
+#include "i_mainloop.h"
+#include "i_shell_cmd.h"
+#include "i_encryptor.h"
+#include "i_orchestration_status.h"
+#include "i_rest_api.h"
+#include "i_orchestration_tools.h"
+#include "i_downloader.h"
+#include "i_service_controller.h"
+#include "i_manifest_controller.h"
+#include "i_update_communication.h"
+#include "i_details_resolver.h"
+#include "i_shell_cmd.h"
+#include "i_agent_details.h"
+#include "i_environment.h"
+#include "i_tenant_manager.h"
+#include "i_package_handler.h"
+#include "component.h"
+
+class getStatusRest : public ServerRest
+{
+public:
+    void
+    doCall() override
+    {
+        auto i_orch_status = Singleton::Consume<I_OrchestrationStatus>::by<OrchestrationComp>();
+
+        policies = "";
+        settings = "";
+        for (auto &policy: i_orch_status->getServicePolicies()) {
+            policies = policies.get() + "\n    " + policy.first + ": " + policy.second;
+        }
+        for (auto &setting: i_orch_status->getServiceSettings()) {
+            settings = settings.get() + "\n    " + setting.first + ": " + setting.second;
+        }
+
+        last_update_attempt = i_orch_status->getLastUpdateAttempt();
+        last_update = i_orch_status->getUpdateTime();
+        last_update_status = i_orch_status->getUpdateStatus();
+        policy_version = i_orch_status->getPolicyVersion();
+        last_policy_update = i_orch_status->getLastPolicyUpdate();
+        last_manifest_update = i_orch_status->getLastManifestUpdate();
+        last_settings_update = i_orch_status->getLastSettingsUpdate();
+        registration_status = i_orch_status->getRegistrationStatus();
+        manifest_status = i_orch_status->getManifestStatus();
+        upgrade_mode = i_orch_status->getUpgradeMode();
+        fog_address = i_orch_status->getFogAddress();
+        agent_id = i_orch_status->getAgentId();
+        profile_id = i_orch_status->getProfileId();
+        tenant_id = i_orch_status->getTenantId();
+        registration_details = i_orch_status->getRegistrationDetails();
+    }
+
+private:
+    S2C_LABEL_PARAM(std::string, last_update_attempt, "Last update attempt");
+    S2C_LABEL_PARAM(std::string, last_update, "Last update");
+    S2C_LABEL_PARAM(std::string, last_update_status, "Last update status");
+    S2C_LABEL_PARAM(std::string, policy_version, "Policy version");
+    S2C_LABEL_PARAM(std::string, last_policy_update, "Last policy update");
+    S2C_LABEL_PARAM(std::string, last_manifest_update, "Last manifest update");
+    S2C_LABEL_PARAM(std::string, last_settings_update, "Last settings update");
+    S2C_LABEL_PARAM(std::string, registration_status, "Registration status");
+    S2C_LABEL_PARAM(std::string, manifest_status, "Manifest status");
+    S2C_LABEL_PARAM(std::string, upgrade_mode, "Upgrade mode");
+    S2C_LABEL_PARAM(std::string, fog_address, "Fog address");
+    S2C_LABEL_PARAM(std::string, agent_id, "Agent ID");
+    S2C_LABEL_PARAM(std::string, profile_id, "Profile ID");
+    S2C_LABEL_PARAM(std::string, tenant_id, "Tenant ID");
+    S2C_LABEL_PARAM(std::string, registration_details, "Registration details");
+    S2C_LABEL_PARAM(std::string, policies, "Service policy");
+    S2C_LABEL_PARAM(std::string, settings, "Service settings");
+};
+
+#endif // __GET_STATUS_RES_H__

components/security_apps/orchestration/include/hybrid_communication.h

@@ -0,0 +1,58 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __HYBRID_COMMUNICATION_H__
+#define __HYBRID_COMMUNICATION_H__
+
+#include <chrono>
+#include <functional>
+#include <tuple>
+#include <vector>
+#include "cereal/archives/json.hpp"
+
+#include "singleton.h"
+#include "i_update_communication.h"
+#include "fog_authenticator.h"
+#include "i_k8s_policy_gen.h"
+#include "i_orchestration_tools.h"
+#include "i_agent_details.h"
+#include "i_orchestration_status.h"
+#include "i_messaging.h"
+#include "i_mainloop.h"
+#include "i_encryptor.h"
+#include "i_details_resolver.h"
+#include "i_rest_api.h"
+#include "i_time_get.h"
+#include "i_encryptor.h"
+#include "maybe_res.h"
+
+class HybridCommunication
+        :
+    public FogAuthenticator,
+    Singleton::Consume<I_K8S_Policy_Gen>
+{
+public:
+    virtual void init() override;
+    Maybe<void> getUpdate(CheckUpdateRequest &request) override;
+    Maybe<std::string> downloadAttributeFile(const GetResourceFile &resourse_file) override;
+    Maybe<void> sendPolicyVersion(const std::string &policy_version) const override;
+    std::string getChecksum(const std::string &policy_version);
+
+private:
+    Maybe<std::string> getNewVersion();
+
+    std::string curr_version;
+    std::string curr_policy;
+};
+
+#endif // __HYBRID_COMMUNICATION_H__

components/security_apps/orchestration/include/local_communication.h

@@ -0,0 +1,43 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __LOCAL_COMMUNICATION_H__
+#define __LOCAL_COMMUNICATION_H__
+
+#include "i_update_communication.h"
+#include "i_orchestration_tools.h"
+#include "maybe_res.h"
+
+class LocalCommunication
+        :
+    public I_UpdateCommunication,
+    Singleton::Consume<I_OrchestrationTools>
+{
+public:
+    static void preload();
+
+    void init();
+
+    Maybe<void> authenticateAgent() override;
+    Maybe<void> getUpdate(CheckUpdateRequest &request) override;
+
+    Maybe<std::string> downloadAttributeFile(const GetResourceFile &resourse_file) override;
+    void setAddressExtenesion(const std::string &extension) override;
+    Maybe<void> sendPolicyVersion(const std::string &policy_version) const override;
+
+private:
+    std::string getChecksum(const std::string &file_path);
+    std::string filesystem_prefix = "";
+};
+
+#endif // __LOCAL_COMMUNICATION_H__

components/security_apps/orchestration/include/mock/mock_details_resolver.h

@@ -0,0 +1,46 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_DETAILS_RESOLVER_H__
+#define __MOCK_DETAILS_RESOLVER_H__
+
+#include <iostream>
+
+#include "i_details_resolver.h"
+#include "cptest.h"
+#include "maybe_res.h"
+
+std::ostream &
+operator<<(std::ostream &os, const Maybe<std::tuple<std::string, std::string, std::string>> &)
+{
+    return os;
+}
+
+class MockDetailsResolver
+        :
+    public Singleton::Provide<I_DetailsResolver>::From<MockProvider<I_DetailsResolver>>
+{
+public:
+    MOCK_METHOD0(getHostname,                Maybe<std::string>());
+    MOCK_METHOD0(getPlatform,                Maybe<std::string>());
+    MOCK_METHOD0(getArch,                    Maybe<std::string>());
+    MOCK_METHOD0(getAgentVersion,            std::string());
+    MOCK_METHOD0(isReverseProxy,             bool());
+    MOCK_METHOD0(isKernelVersion3OrHigher,   bool());
+    MOCK_METHOD0(isGwNotVsx,                 bool());
+    MOCK_METHOD0(getResolvedDetails,         std::map<std::string, std::string>());
+    MOCK_METHOD0(isVersionEqualOrAboveR8110, bool());
+    MOCK_METHOD0(parseNginxMetadata, Maybe<std::tuple<std::string, std::string, std::string>>());
+};
+
+#endif // __MOCK_DETAILS_RESOLVER_H__

components/security_apps/orchestration/include/mock/mock_downloader.h

@@ -0,0 +1,42 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_DOWNLOADER_H__
+#define __MOCK_DOWNLOADER_H__
+
+#include "cptest.h"
+#include "i_downloader.h"
+
+#include <string>
+
+class MockDownloader :
+    public Singleton::Provide<I_Downloader>::From<MockProvider<I_Downloader>>
+{
+public:
+    MOCK_CONST_METHOD3(
+        downloadFileFromFog,
+        Maybe<std::string>(const std::string &, Package::ChecksumTypes, const GetResourceFile &)
+    );
+
+    MOCK_CONST_METHOD2(
+        downloadVirtualFileFromFog,
+        Maybe<std::map<std::string, std::string>>(const GetResourceFile &, Package::ChecksumTypes)
+    );
+
+    MOCK_CONST_METHOD4(
+        downloadFileFromURL,
+        Maybe<std::string>(const std::string &, const std::string &, Package::ChecksumTypes, const std::string &)
+    );
+};
+
+#endif // __MOCK_DOWNLOADER_H__

components/security_apps/orchestration/include/mock/mock_manifest_controller.h

@@ -0,0 +1,28 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_MANIFEST_CONTROLLER_H__
+#define __MOCK_MANIFEST_CONTROLLER_H__
+
+#include "i_manifest_controller.h"
+#include "cptest.h"
+
+class MockManifestController :
+    public Singleton::Provide<I_ManifestController>::From<MockProvider<I_ManifestController>>
+{
+public:
+    MOCK_METHOD1(updateManifest, bool(const std::string &));
+    MOCK_METHOD0(loadAfterSelfUpdate, bool());
+};
+
+#endif // __MOCK_MANIFEST_CONTROLLER_H__

components/security_apps/orchestration/include/mock/mock_messaging_downloader.h

@@ -0,0 +1,39 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_MESSAGING_DOWNLOADER_H__
+#define __MOCK_MESSAGING_DOWNLOADER_H__
+
+#include "cptest.h"
+#include <string>
+
+#include "i_messaging_downloader.h"
+
+class MockMessagingDownloader
+        :
+    public Singleton::Provide<I_MessagingDownloader>::From<MockProvider<I_MessagingDownloader>>
+{
+public:
+    MOCK_METHOD4(
+        downloadFile,
+        bool(
+            const std::string &,
+            const std::string &,
+            OnCompleteCB,
+            const unsigned int
+        )
+    );
+};
+
+
+#endif // __MOCK_MESSAGING_DOWNLOADER_H__

components/security_apps/orchestration/include/mock/mock_orchestration_status.h

@@ -0,0 +1,63 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_ORCHESTRATION_STATUS_H__
+#define __MOCK_ORCHESTRATION_STATUS_H__
+
+#include "i_orchestration_status.h"
+#include "cptest.h"
+
+class MockOrchestrationStatus
+        :
+    public Singleton::Provide<I_OrchestrationStatus>::From<MockProvider<I_OrchestrationStatus>>
+{
+public:
+    MOCK_METHOD0(writeStatusToFile, void());
+    MOCK_METHOD0(recoverFields, void());
+    MOCK_METHOD1(setUpgradeMode, void(const std::string &));
+    MOCK_METHOD1(setAgentType, void(const std::string &));
+    MOCK_METHOD1(setRegistrationStatus, void(const std::string &));
+    MOCK_METHOD1(setFogAddress, void(const std::string &));
+    MOCK_METHOD1(setPolicyVersion, void(const std::string &));
+    MOCK_METHOD1(setIsConfigurationUpdated, void(EnumArray<OrchestrationStatusConfigType, bool> config_types));
+    MOCK_METHOD0(setLastUpdateAttempt, void());
+    MOCK_METHOD3(setAgentDetails, void(const std::string &, const std::string &, const std::string &));
+    MOCK_METHOD3(setFieldStatus,
+        void(const OrchestrationStatusFieldType &, const OrchestrationStatusResult &, const std::string &));
+    MOCK_METHOD4(setRegistrationDetails,
+        void(const std::string &, const std::string &, const std::string &, const std::string &)
+    );
+    MOCK_METHOD3(setServiceConfiguration,
+        void(const std::string &, const std::string &, const OrchestrationStatusConfigType &)
+    );
+    MOCK_CONST_METHOD0(getLastUpdateAttempt, const std::string&());
+    MOCK_CONST_METHOD0(getUpdateStatus, const std::string&());
+    MOCK_CONST_METHOD0(getUpdateTime, const std::string&());
+    MOCK_CONST_METHOD0(getLastManifestUpdate, const std::string&());
+    MOCK_CONST_METHOD0(getPolicyVersion, const std::string&());
+    MOCK_CONST_METHOD0(getLastPolicyUpdate, const std::string&());
+    MOCK_CONST_METHOD0(getLastSettingsUpdate, const std::string&());
+    MOCK_CONST_METHOD0(getUpgradeMode, const std::string&());
+    MOCK_CONST_METHOD0(getFogAddress, const std::string&());
+    MOCK_CONST_METHOD0(getRegistrationStatus, const std::string&());
+    MOCK_CONST_METHOD0(getAgentId, const std::string&());
+    MOCK_CONST_METHOD0(getProfileId, const std::string&());
+    MOCK_CONST_METHOD0(getTenantId, const std::string&());
+    MOCK_CONST_METHOD0(getManifestStatus, const std::string&());
+    MOCK_CONST_METHOD0(getManifestError, const std::string&());
+    MOCK_CONST_METHOD0(getServicePolicies, const std::map<std::string, std::string>&());
+    MOCK_CONST_METHOD0(getServiceSettings, const std::map<std::string, std::string>&());
+    MOCK_CONST_METHOD0(getRegistrationDetails, const std::string());
+};
+
+#endif // __MOCK_ORCHESTRATION_STATUS_H__

components/security_apps/orchestration/include/mock/mock_orchestration_tools.h

@@ -0,0 +1,58 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_ORCHESTRATION_TOOLS_H__
+#define __MOCK_ORCHESTRATION_TOOLS_H__
+
+#include "cptest.h"
+#include "i_orchestration_tools.h"
+
+template <typename T>
+std::ostream &
+operator<<(std::ostream &os, const std::vector<T> &)
+{
+    return os;
+}
+
+template <typename T, typename S>
+std::ostream &
+operator<<(std::ostream &os, const std::map<T, S> &)
+{
+    return os;
+}
+
+class MockOrchestrationTools
+        :
+    public Singleton::Provide<I_OrchestrationTools>::From<MockProvider<I_OrchestrationTools>>
+{
+public:
+    MOCK_CONST_METHOD1(loadPackagesFromJson, Maybe<std::map<std::string, Package>>(const std::string &));
+    MOCK_CONST_METHOD2(packagesToJsonFile,   bool(const std::map<std::string, Package> &, const std::string &));
+    MOCK_CONST_METHOD1(isNonEmptyFile,       bool(const std::string &));
+    MOCK_CONST_METHOD1(readFile,             Maybe<std::string>(const std::string &));
+    MOCK_CONST_METHOD2(writeFile,            bool(const std::string &, const std::string &));
+    MOCK_CONST_METHOD1(removeFile,           bool(const std::string &));
+    MOCK_CONST_METHOD2(copyFile,             bool(const std::string &, const std::string &));
+    MOCK_CONST_METHOD2(calculateChecksum,    Maybe<std::string>(Package::ChecksumTypes, const std::string &));
+    MOCK_CONST_METHOD2(
+        jsonObjectSplitter,
+        Maybe<std::map<std::string, std::string>>(const std::string &, const std::string &)
+    );
+    MOCK_CONST_METHOD1(doesFileExist,        bool(const std::string &));
+    MOCK_CONST_METHOD1(createDirectory,      bool(const std::string &));
+    MOCK_CONST_METHOD1(doesDirectoryExist,   bool(const std::string &));
+    MOCK_CONST_METHOD1(executeCmd,           bool(const std::string &));
+    MOCK_CONST_METHOD1(base64Encode,         std::string(const std::string &));
+    MOCK_CONST_METHOD1(base64Decode,         std::string(const std::string &));
+};
+#endif // __MOCK_ORCHESTRATION_TOOLS_H__

components/security_apps/orchestration/include/mock/mock_package_handler.h

@@ -0,0 +1,31 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_PACKAGE_HANDLER_H__
+#define __MOCK_PACKAGE_HANDLER_H__
+
+#include "i_package_handler.h"
+#include "cptest.h"
+
+class MockPackageHandler :
+    public Singleton::Provide<I_PackageHandler>::From<MockProvider<I_PackageHandler>>
+{
+public:
+    MOCK_CONST_METHOD3(installPackage, bool(const std::string &, const std::string &, bool));
+    MOCK_CONST_METHOD3(uninstallPackage, bool(const std::string &, const std::string &, const std::string &));
+    MOCK_CONST_METHOD2(preInstallPackage, bool(const std::string &, const std::string &));
+    MOCK_CONST_METHOD2(postInstallPackage, bool(const std::string &, const std::string &));
+    MOCK_CONST_METHOD2(updateSavedPackage, bool(const std::string &, const std::string &));
+    MOCK_CONST_METHOD2(shouldInstallPackage, bool(const std::string &, const std::string &));
+};
+#endif // __MOCK_PACKAGE_HANDLER_H__

components/security_apps/orchestration/include/mock/mock_service_controller.h

@@ -0,0 +1,62 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_SERVICE_CONTROLLER_H__
+#define __MOCK_SERVICE_CONTROLLER_H__
+
+#include "i_service_controller.h"
+
+#include "cptest.h"
+#include <string>
+
+class MockServiceController :
+    public Singleton::Provide<I_ServiceController>::From<MockProvider<I_ServiceController>>
+
+{
+public:
+    MOCK_CONST_METHOD0(getPolicyVersion, const std::string &());
+
+    MOCK_CONST_METHOD0(getUpdatePolicyVersion, const std::string &());
+
+    MOCK_METHOD4(
+        updateServiceConfiguration,
+        bool(
+            const std::string &new_policy_path,
+            const std::string &new_settings_path,
+            const std::vector<std::string> &new_data_files,
+            const std::string &tenant_id
+        )
+    );
+
+    MOCK_METHOD1(isServiceInstalled, bool(const std::string &service_name));
+
+    MOCK_METHOD4(
+        registerServiceConfig,
+        void(
+            const std::string &service_name,
+            PortNumber listening_port,
+            const std::vector<std::string> &expected_configurations,
+            const std::string &id
+        )
+    );
+
+    typedef std::map<std::string, PortNumber> ServicePortMap;
+    MOCK_METHOD0(getServiceToPortMap, ServicePortMap());
+    MOCK_METHOD2(updateReconfStatus, void(int id, ReconfStatus status));
+    MOCK_METHOD4(
+        startReconfStatus,
+        void(int id, ReconfStatus status, const std::string &serivce_name, const std::string &service_id)
+    );
+};
+
+#endif // __MOCK_SERVICE_CONTROLLER_H__

components/security_apps/orchestration/include/mock/mock_update_communication.h

@@ -0,0 +1,37 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MOCK_UPDATE_COMMUNICATION_H__
+#define __MOCK_UPDATE_COMMUNICATION_H__
+
+#include "i_update_communication.h"
+#include "cptest.h"
+
+std::ostream &
+operator<<(std::ostream &os, const CheckUpdateRequest &)
+{
+    return os;
+}
+
+class MockUpdateCommunication :
+    public Singleton::Provide<I_UpdateCommunication>::From<MockProvider<I_UpdateCommunication>>
+{
+public:
+    MOCK_METHOD0(authenticateAgent, Maybe<void>());
+    MOCK_METHOD1(getUpdate, Maybe<void>(CheckUpdateRequest &));
+    MOCK_METHOD1(downloadAttributeFile, Maybe<std::string>(const GetResourceFile &));
+    MOCK_METHOD1(setAddressExtenesion, void(const std::string &));
+    MOCK_CONST_METHOD1(sendPolicyVersion, Maybe<void>(const std::string &));
+};
+
+#endif // __MOCK_UPDATE_COMMUNICATION_H__

components/security_apps/orchestration/include/orchestration_policy.h

@@ -0,0 +1,38 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __ORCHESTRATION_POLICY_H__
+#define __ORCHESTRATION_POLICY_H__
+
+#include <string>
+#include "cereal/archives/json.hpp"
+
+class OrchestrationPolicy
+{
+public:
+    const std::string & getFogAddress() const;
+    const unsigned long & getSleepInterval() const;
+    const unsigned long & getErrorSleepInterval() const;
+
+    void serialize(cereal::JSONInputArchive & archive);
+
+    bool operator==(const OrchestrationPolicy &other) const;
+    bool operator!=(const OrchestrationPolicy &other) const;
+
+private:
+    std::string fog_address;
+    unsigned long sleep_interval;
+    unsigned long error_sleep_interval;
+};
+
+#endif // __ORCHESTRATION_POLICY_H__