From 32e3b5cacb9d87af6233cb8f91bfe88d4f6da80e Mon Sep 17 00:00:00 2001 From: "guruchandru.s" Date: Tue, 9 Jul 2024 15:15:49 -0700 Subject: [PATCH 1/2] OpenSSL Cert Support --- src/auth_token.c | 32 ++++++++++++++++++++++++++++++++ src/config.c | 46 +++++++++++++++++++++++++++++++++++++++++++++- src/config.h | 2 ++ 3 files changed, 79 insertions(+), 1 deletion(-) diff --git a/src/auth_token.c b/src/auth_token.c index 18468e84..dba2bd37 100644 --- a/src/auth_token.c +++ b/src/auth_token.c @@ -48,6 +48,12 @@ int getGlobalResponseCode() { return g_response_code; } + +void getConfigPwd(uint8_t **pPasswd, size_t *pPasswdSize) +{ + UNUSED(pPasswd); + UNUSED(pPasswdSize); +} /* * @brief Initialize curl object with required options. create newToken using libcurl. * @param[out] newToken auth token string obtained from JWT curl response @@ -67,6 +73,8 @@ int requestNewAuthToken(char *newToken, size_t len, int r_count) char webpa_interface[64]={'\0'}; double total; + uint8_t *pPasswd=NULL; + size_t pPasswdSize; struct token_data data; data.size = 0; data.data = newToken; @@ -111,6 +119,30 @@ int requestNewAuthToken(char *newToken, size_t len, int r_count) curl_easy_setopt(curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_WHATEVER); } + /* Set the SSL engine and SSL certificate type for the CURL request */ + if(get_parodus_cfg()->ssl_engine != NULL && strcmp(get_parodus_cfg()->ssl_engine, "NA") != 0) + { + curl_easy_setopt(curl, CURLOPT_SSLENGINE, get_parodus_cfg()->ssl_engine); + } + + if(get_parodus_cfg()->ssl_cert_type != NULL) + { + curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, get_parodus_cfg()->ssl_cert_type); + } + + if((get_parodus_cfg()->ssl_cert_type != NULL) && (strcmp(get_parodus_cfg()->ssl_cert_type, "pk12") == 0)) + { + getConfigPwd(&pPasswd, &pPasswdSize); + if(pPasswd != NULL && pPasswdSize > 0) + { + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPasswd); + } + else + { + ParodusError("Failed to get pPasswd for pk12\n"); + } + } + /* set the cert for client authentication */ curl_easy_setopt(curl, CURLOPT_SSLCERT, get_parodus_cfg()->client_cert_path); diff --git a/src/config.c b/src/config.c index fac309e5..0925e2e1 100644 --- a/src/config.c +++ b/src/config.c @@ -451,6 +451,8 @@ int parseCommandLine(int argc,char **argv,ParodusCfg * cfg) {"force-ipv6", no_argument, 0, '6'}, {"boot-time-retry-wait", required_argument, 0, 'w'}, {"client-cert-path", required_argument, 0, 'P'}, + {"ssl-engine", required_argument, 0, 'E'}, + {"ssl-cert-type", required_argument, 0, 'T'}, {"token-server-url", required_argument, 0, 'U'}, {"crud-config-file", required_argument, 0, 'C'}, {"connection-health-file", required_argument, 0, 'S'}, @@ -478,6 +480,8 @@ int parseCommandLine(int argc,char **argv,ParodusCfg * cfg) cfg->connection_health_file = NULL; cfg->close_reason_file = NULL; cfg->client_cert_path = NULL; + cfg->ssl_engine = NULL; + cfg->ssl_cert_type = NULL; cfg->token_server_url = NULL; cfg->cloud_status = NULL; cfg->cloud_disconnect = NULL; @@ -491,7 +495,7 @@ int parseCommandLine(int argc,char **argv,ParodusCfg * cfg) /* getopt_long stores the option index here. */ int option_index = 0; c = getopt_long (argc, argv, - "m:s:f:d:r:n:b:u:t:o:i:l:q:p:e:D:j:a:k:c:T:w:J:46:C:S:R:K:M", + "m:s:f:d:r:n:b:u:t:o:i:l:q:p:e:D:j:a:k:c:E:T:w:J:46:C:S:R:K:M", long_options, &option_index); /* Detect the end of the options. */ @@ -660,6 +664,16 @@ int parseCommandLine(int argc,char **argv,ParodusCfg * cfg) ParodusInfo("client_cert_path is %s\n", cfg->client_cert_path); break; + case 'E': + cfg->ssl_engine = strdup(optarg); + ParodusInfo("ssl_engine is %s\n",cfg->ssl_engine); + break; + + case 'T': + cfg->ssl_cert_type = strdup(optarg); + ParodusInfo("ssl_cert_type is %s\n",cfg->ssl_cert_type); + break; + case 'U': cfg->token_server_url = strdup(optarg); ParodusInfo("token_server_url is %s\n", cfg->token_server_url); @@ -752,6 +766,16 @@ void free_cfg(ParodusCfg *cfg) free(cfg->client_cert_path); cfg->client_cert_path = NULL; } + if(cfg->ssl_engine != NULL) + { + free(cfg->ssl_engine); + cfg->ssl_engine = NULL; + } + if(cfg->ssl_cert_type != NULL) + { + free(cfg->ssl_cert_type); + cfg->ssl_cert_type = NULL; + } if(cfg->crud_config_file != NULL) { free(cfg->crud_config_file); @@ -811,6 +835,8 @@ void setDefaultValuesToCfg(ParodusCfg *cfg) cfg->connection_health_file = NULL; cfg->close_reason_file = NULL; cfg->client_cert_path = NULL; + cfg->ssl_engine = NULL; + cfg->ssl_cert_type = NULL; cfg->token_server_url = NULL; #ifdef FEATURE_DNS_QUERY cfg->record_jwt_file = NULL; @@ -1002,6 +1028,24 @@ void loadParodusCfg(ParodusCfg * config,ParodusCfg *cfg) ParodusPrint("client_cert_path is NULL. set to empty\n"); } + if(config->ssl_engine != NULL) + { + cfg->ssl_engine = strdup(config->ssl_engine); + } + else + { + ParodusPrint("ssl_engine is NULL. set to empty\n"); + } + + if(config->ssl_cert_type != NULL) + { + cfg->ssl_cert_type = strdup(config->ssl_cert_type); + } + else + { + ParodusPrint("ssl_cert_type is NULL. set to empty\n"); + } + if(config->token_server_url != NULL) { cfg->token_server_url = strdup(config->token_server_url); diff --git a/src/config.h b/src/config.h index be8cba3c..281b68c3 100644 --- a/src/config.h +++ b/src/config.h @@ -104,6 +104,8 @@ typedef struct char token_acquisition_script[64]; char token_read_script[64]; char *client_cert_path; + char *ssl_engine; + char *ssl_cert_type; char *token_server_url; char *connection_health_file; char *close_reason_file; From ac965a3168c63b4c3ffd70d76fec7b5c11178246 Mon Sep 17 00:00:00 2001 From: "guruchandru.s" Date: Thu, 1 Aug 2024 12:19:00 -0700 Subject: [PATCH 2/2] Adding rdkconfig stub functions and their handling --- src/CMakeLists.txt | 6 ++++ src/auth_token.c | 63 +++++++++++++++++++++++++++++++++++++++-- src/config.c | 24 +++++++++++++++- src/config.h | 1 + src/rdkconfig_generic.c | 46 ++++++++++++++++++++++++++++++ src/rdkconfig_generic.h | 47 ++++++++++++++++++++++++++++++ 6 files changed, 183 insertions(+), 4 deletions(-) create mode 100644 src/rdkconfig_generic.c create mode 100644 src/rdkconfig_generic.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8b7af651..2fb747ee 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -17,6 +17,10 @@ set(SOURCES main.c mutex.c networking.c nopoll_helpers.c heartBeat.c nopoll_hand upstream.c downstream.c thread_tasks.c partners_check.c token.c event_handler.c crud_interface.c crud_tasks.c crud_internal.c close_retry.c auth_token.c privilege.c) +if (NOT BUILD_YOCTO) +set(SOURCES ${SOURCES} rdkconfig_generic.c) +endif (NOT BUILD_YOCTO) + if (ENABLE_SESHAT) set(SOURCES ${SOURCES} seshat_interface.c) else() @@ -52,6 +56,8 @@ target_link_libraries (parodus -lcjwt -lpthread -lrt + -lrdkconfig + -lsecure_wrapper ) if (FEATURE_DNS_QUERY) diff --git a/src/auth_token.c b/src/auth_token.c index dba2bd37..d4a0b179 100644 --- a/src/auth_token.c +++ b/src/auth_token.c @@ -32,6 +32,12 @@ #include #include +#ifndef BUILD_YOCTO +#include "rdkconfig_generic.h" +#else +#include "rdkconfig.h" +#endif + #define MAX_BUF_SIZE 256 #define CURL_TIMEOUT_SEC 25L #define MAX_CURL_RETRY_COUNT 3 @@ -51,9 +57,43 @@ int getGlobalResponseCode() void getConfigPwd(uint8_t **pPasswd, size_t *pPasswdSize) { - UNUSED(pPasswd); - UNUSED(pPasswdSize); + uint8_t *temp=NULL; + size_t tempSize; + int index = -1; + + if(rdkconfig_get(&temp, &tempSize, get_parodus_cfg()->ssl_reference_name)) + { + ParodusError("%s, Extraction failure for cert reference \n",__FUNCTION__); + return; + } + else + { + ParodusInfo("The value is %s and size is %zu\n", temp, tempSize); + *pPasswd = malloc(tempSize); + if (*pPasswd != NULL) + { + memcpy(*pPasswd, temp, tempSize); + index = strcspn(*pPasswd, "\t\r\n"); + ParodusInfo("The index size is %d\n", index); + if((index > 0) && (index <= tempSize)) + { + ParodusInfo("index value is %d and password is %s\n", index, *pPasswd); + (*pPasswd)[index] = '\0'; + } + *pPasswdSize = tempSize; + + if (rdkconfig_free(&temp, tempSize) == RDKCONFIG_FAIL) + { + ParodusError("%s, Memory deallocation failed \n",__FUNCTION__); + } + } + else + { + ParodusError("Failed to allocate memory for pPasswd\n"); + } + } } + /* * @brief Initialize curl object with required options. create newToken using libcurl. * @param[out] newToken auth token string obtained from JWT curl response @@ -130,11 +170,13 @@ int requestNewAuthToken(char *newToken, size_t len, int r_count) curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, get_parodus_cfg()->ssl_cert_type); } - if((get_parodus_cfg()->ssl_cert_type != NULL) && (strcmp(get_parodus_cfg()->ssl_cert_type, "pk12") == 0)) + if((get_parodus_cfg()->ssl_cert_type != NULL) && (strcmp(get_parodus_cfg()->ssl_cert_type, "P12") == 0)) { + ParodusInfo("Inside checking for P12\n"); getConfigPwd(&pPasswd, &pPasswdSize); if(pPasswd != NULL && pPasswdSize > 0) { + ParodusInfo("pPasswd value is %s and size is %zu\n", pPasswd, pPasswdSize); curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPasswd); } else @@ -142,6 +184,7 @@ int requestNewAuthToken(char *newToken, size_t len, int r_count) ParodusError("Failed to get pPasswd for pk12\n"); } } + ParodusInfo("After ssl part\n"); /* set the cert for client authentication */ curl_easy_setopt(curl, CURLOPT_SSLCERT, get_parodus_cfg()->client_cert_path); @@ -181,12 +224,26 @@ int requestNewAuthToken(char *newToken, size_t len, int r_count) { ParodusError("Failed response from auth token server %s\n", data.data); curl_easy_cleanup(curl); + if(pPasswd != NULL && pPasswdSize > 0) + { + if (rdkconfig_free(&pPasswd, pPasswdSize) == RDKCONFIG_FAIL) + { + ParodusError("%s, Memory deallocation failed \n",__FUNCTION__); + } + } data.size = 0; memset (data.data, 0, len); return -1; } } curl_easy_cleanup(curl); + if(pPasswd != NULL && pPasswdSize > 0) + { + if (rdkconfig_free(&pPasswd, pPasswdSize) == RDKCONFIG_FAIL) + { + ParodusError("%s, Memory deallocation failed \n",__FUNCTION__); + } + } } else { diff --git a/src/config.c b/src/config.c index 0925e2e1..d4c0e89b 100644 --- a/src/config.c +++ b/src/config.c @@ -453,6 +453,7 @@ int parseCommandLine(int argc,char **argv,ParodusCfg * cfg) {"client-cert-path", required_argument, 0, 'P'}, {"ssl-engine", required_argument, 0, 'E'}, {"ssl-cert-type", required_argument, 0, 'T'}, + {"ssl-reference-name", required_argument, 0, 'N'}, {"token-server-url", required_argument, 0, 'U'}, {"crud-config-file", required_argument, 0, 'C'}, {"connection-health-file", required_argument, 0, 'S'}, @@ -482,6 +483,7 @@ int parseCommandLine(int argc,char **argv,ParodusCfg * cfg) cfg->client_cert_path = NULL; cfg->ssl_engine = NULL; cfg->ssl_cert_type = NULL; + cfg->ssl_reference_name = NULL; cfg->token_server_url = NULL; cfg->cloud_status = NULL; cfg->cloud_disconnect = NULL; @@ -495,7 +497,7 @@ int parseCommandLine(int argc,char **argv,ParodusCfg * cfg) /* getopt_long stores the option index here. */ int option_index = 0; c = getopt_long (argc, argv, - "m:s:f:d:r:n:b:u:t:o:i:l:q:p:e:D:j:a:k:c:E:T:w:J:46:C:S:R:K:M", + "m:s:f:d:r:n:b:u:t:o:i:l:q:p:e:D:j:a:k:c:E:T:N:w:J:46:C:S:R:K:M", long_options, &option_index); /* Detect the end of the options. */ @@ -672,6 +674,11 @@ int parseCommandLine(int argc,char **argv,ParodusCfg * cfg) case 'T': cfg->ssl_cert_type = strdup(optarg); ParodusInfo("ssl_cert_type is %s\n",cfg->ssl_cert_type); + break; + + case 'N': + cfg->ssl_reference_name = strdup(optarg); + ParodusInfo("ssl_reference_name is %s\n",cfg->ssl_reference_name); break; case 'U': @@ -776,6 +783,11 @@ void free_cfg(ParodusCfg *cfg) free(cfg->ssl_cert_type); cfg->ssl_cert_type = NULL; } + if(cfg->ssl_reference_name != NULL) + { + free(cfg->ssl_reference_name); + cfg->ssl_reference_name = NULL; + } if(cfg->crud_config_file != NULL) { free(cfg->crud_config_file); @@ -837,6 +849,7 @@ void setDefaultValuesToCfg(ParodusCfg *cfg) cfg->client_cert_path = NULL; cfg->ssl_engine = NULL; cfg->ssl_cert_type = NULL; + cfg->ssl_reference_name = NULL; cfg->token_server_url = NULL; #ifdef FEATURE_DNS_QUERY cfg->record_jwt_file = NULL; @@ -1046,6 +1059,15 @@ void loadParodusCfg(ParodusCfg * config,ParodusCfg *cfg) ParodusPrint("ssl_cert_type is NULL. set to empty\n"); } + if(config->ssl_reference_name != NULL) + { + cfg->ssl_reference_name = strdup(config->ssl_reference_name); + } + else + { + ParodusPrint("ssl_reference_name is NULL. set to empty\n"); + } + if(config->token_server_url != NULL) { cfg->token_server_url = strdup(config->token_server_url); diff --git a/src/config.h b/src/config.h index 281b68c3..ed509dfd 100644 --- a/src/config.h +++ b/src/config.h @@ -106,6 +106,7 @@ typedef struct char *client_cert_path; char *ssl_engine; char *ssl_cert_type; + char *ssl_reference_name; char *token_server_url; char *connection_health_file; char *close_reason_file; diff --git a/src/rdkconfig_generic.c b/src/rdkconfig_generic.c new file mode 100644 index 00000000..6fb6367a --- /dev/null +++ b/src/rdkconfig_generic.c @@ -0,0 +1,46 @@ +/** + * Copyright 2024 Comcast Cable Communications Management, LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +/** + * @file rdkconfig_generic.c + * + * @description This file is to fetch authorization token during parodus cloud connection. + * + */ + +#include +#include + +#include "rdkconfig_generic.h" + +int rdkconfig_get( uint8_t **buf, size_t *buffsize, const char *reference ) +{ + /* This is stub function, No need implemetation */ + return RDKCONFIG_OK; +} + +int rdkconfig_set( const char *reference, uint8_t *buf, size_t buffsize ) +{ + /* This is stub function, No need implemetation */ + return RDKCONFIG_OK; +} + +int rdkconfig_free( uint8_t **buf, size_t buffsize ) +{ + free( *buf ); + *buf = NULL; + return RDKCONFIG_OK; +} diff --git a/src/rdkconfig_generic.h b/src/rdkconfig_generic.h new file mode 100644 index 00000000..24cbab15 --- /dev/null +++ b/src/rdkconfig_generic.h @@ -0,0 +1,47 @@ +/** + * Copyright 2024 Comcast Cable Communications Management, LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +/** + * @file partners_check.h + * + * @description This describes functions to validate partner_id. + * + */ + +#ifndef _RDKCONFIG_GENERIC_H_ +#define _RDKCONFIG_GENERIC_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define RDKCONFIG_OK 0 +#define RDKCONFIG_FAIL 1 + +int rdkconfig_get( uint8_t **buf, size_t *buffsize, const char *reference ); + +int rdkconfig_set( const char *reference, uint8_t *buf, size_t buffsize ); + +int rdkconfig_free( uint8_t **buf, size_t buffsize ); + +#ifdef __cplusplus +} +#endif + +#endif /* _RDKCONFIG_GENERIC_H_ */