summaryrefslogtreecommitdiffstats
path: root/vnfs/VES5.0/evel/evel-library
diff options
context:
space:
mode:
authorGokul Singaraju <goksing@gmail.com>2017-12-19 12:31:40 -0500
committerGokul Singaraju <goksing@gmail.com>2017-12-19 12:32:04 -0500
commita19bd423c1e4d2f5552bab090ba2650c38fa7192 (patch)
treef084cc45de2186ec51254e32fec6995fc3d3bb2c /vnfs/VES5.0/evel/evel-library
parent722be323a2e68989a87801d03e1b92cdd0c085e3 (diff)
Implement TLS over HTTP
Issue-ID: CERT-10 Change-Id: I25421331f249ea0a33fe9280534df8e66d08463f Signed-off-by: Gokul Singaraju <goksing@gmail.com>
Diffstat (limited to 'vnfs/VES5.0/evel/evel-library')
-rw-r--r--vnfs/VES5.0/evel/evel-library/code/evel_library/evel.c58
-rw-r--r--vnfs/VES5.0/evel/evel-library/code/evel_library/evel.h14
-rw-r--r--vnfs/VES5.0/evel/evel-library/code/evel_library/evel_event_mgr.c125
-rw-r--r--vnfs/VES5.0/evel/evel-library/code/evel_library/evel_internal.h16
4 files changed, 213 insertions, 0 deletions
diff --git a/vnfs/VES5.0/evel/evel-library/code/evel_library/evel.c b/vnfs/VES5.0/evel/evel-library/code/evel_library/evel.c
index 246ed5de..c6ead7ad 100644
--- a/vnfs/VES5.0/evel/evel-library/code/evel_library/evel.c
+++ b/vnfs/VES5.0/evel/evel-library/code/evel_library/evel.c
@@ -67,8 +67,15 @@ char *functional_role = NULL;
* @param path The optional path (may be NULL).
* @param topic The optional topic part of the URL (may be NULL).
* @param secure Whether to use HTTPS (0=HTTP, 1=HTTPS)
+ * @param cert_file_path Path to client certificate file
+ * @param key_file_path Path to client key file
+ * @param ca_info Path to CA cert file
+ * @param ca_file_path Path to CA cert files
+ * @param verify_peer SSL verification of peer 0 or 1
+ * @param verify_host SSL verification of host 0 or 1
* @param username Username for Basic Authentication of requests.
* @param password Password for Basic Authentication of requests.
+ * @param source_ip The ip of node we represent (NULL for default ip).
* @param source_type The kind of node we represent.
* @param role The role this node undertakes.
* @param verbosity 0 for normal operation, positive values for chattier
@@ -83,8 +90,15 @@ EVEL_ERR_CODES evel_initialize(const char * const fqdn,
const char * const path,
const char * const topic,
int secure,
+ const char * const cert_file_path,
+ const char * const key_file_path,
+ const char * const ca_info,
+ const char * const ca_file_path,
+ long verify_peer,
+ long verify_host,
const char * const username,
const char * const password,
+ const char * const source_ip,
EVEL_SOURCE_TYPES source_type,
const char * const role,
int verbosity
@@ -134,6 +148,42 @@ EVEL_ERR_CODES evel_initialize(const char * const fqdn,
}
EVEL_INFO("API transport is: %s", secure ? "HTTPS" : "HTTP");
+ if( secure ) {
+ assert( verify_peer >= 0 );
+ assert( verify_host >= 0 );
+ if (cert_file_path != NULL)
+ {
+ EVEL_INFO("Client cert is: %s", cert_file_path);
+ }
+ else
+ {
+ EVEL_INFO("No Client cert");
+ }
+ if (key_file_path != NULL)
+ {
+ EVEL_INFO("Key file is: %s", key_file_path);
+ }
+ else
+ {
+ EVEL_INFO("No Key file");
+ }
+ if (ca_file_path != NULL)
+ {
+ EVEL_INFO("Client CA certs path is: %s", ca_file_path);
+ }
+ else
+ {
+ EVEL_INFO("No CA certs path");
+ }
+ if (ca_info != NULL)
+ {
+ EVEL_INFO("Client CA cert file is: %s", ca_info);
+ }
+ else
+ {
+ EVEL_INFO("No CA cert file");
+ }
+ }
EVEL_INFO("Event Source Type is: %d", source_type);
EVEL_INFO("Functional Role is: %s", role);
EVEL_INFO("Log verbosity is: %d", verbosity);
@@ -200,6 +250,14 @@ EVEL_ERR_CODES evel_initialize(const char * const fqdn,
/***************************************************************************/
rc = event_handler_initialize(event_api_url,
throt_api_url,
+ source_ip,
+ secure,
+ cert_file_path,
+ key_file_path,
+ ca_info,
+ ca_file_path,
+ verify_peer,
+ verify_host,
username,
password,
verbosity);
diff --git a/vnfs/VES5.0/evel/evel-library/code/evel_library/evel.h b/vnfs/VES5.0/evel/evel-library/code/evel_library/evel.h
index 6b7a8720..1c0bea74 100644
--- a/vnfs/VES5.0/evel/evel-library/code/evel_library/evel.h
+++ b/vnfs/VES5.0/evel/evel-library/code/evel_library/evel.h
@@ -1401,8 +1401,15 @@ typedef struct copyright {
* @param path The optional path (may be NULL).
* @param topic The optional topic part of the URL (may be NULL).
* @param secure Whether to use HTTPS (0=HTTP, 1=HTTPS).
+ * @param cert_file_path Path to client certificate file
+ * @param key_file_path Path to client key file
+ * @param ca_info Path to CA info
+ * @param ca_file_path Path to CA file
+ * @param verify_peer SSL verification of peer 0 or 1
+ * @param verify_host SSL verification of host 0 or 1
* @param username Username for Basic Authentication of requests.
* @param password Password for Basic Authentication of requests.
+ * @param source_ip The ip of node we represent.(NULL for default ip)
* @param source_type The kind of node we represent.
* @param role The role this node undertakes.
* @param verbosity 0 for normal operation, positive values for chattier
@@ -1417,8 +1424,15 @@ EVEL_ERR_CODES evel_initialize(const char * const fqdn,
const char * const path,
const char * const topic,
int secure,
+ const char * const cert_file_path,
+ const char * const key_file_path,
+ const char * const ca_info,
+ const char * const ca_file_path,
+ long verify_peer,
+ long verify_host,
const char * const username,
const char * const password,
+ const char * const source_ip,
EVEL_SOURCE_TYPES source_type,
const char * const role,
int verbosity
diff --git a/vnfs/VES5.0/evel/evel-library/code/evel_library/evel_event_mgr.c b/vnfs/VES5.0/evel/evel-library/code/evel_library/evel_event_mgr.c
index 187a7090..5c6ca4b3 100644
--- a/vnfs/VES5.0/evel/evel-library/code/evel_library/evel_event_mgr.c
+++ b/vnfs/VES5.0/evel/evel-library/code/evel_library/evel_event_mgr.c
@@ -114,6 +114,14 @@ static char * evel_batch_api_url;
* to be.
* @param[in] throt_api_url
* The URL where the Throttling API is expected to be.
+ * @param[in] source_ip Source IP of VES Agent
+ * @param[in] secure Whether Using http or https
+ * @param[in] cert_file_path Path to Client Certificate file
+ * @param[in] key_file_path Path to Client key file
+ * @param[in] ca_info Path to CA info file
+ * @param[in] ca_file_path Path to CA file
+ * @param[in] verify_peer Using peer verification or not 0 or 1
+ * @param[in] verify_host Using host verification or not 0 or 1
* @param[in] username The username for the Basic Authentication of requests.
* @param[in] password The password for the Basic Authentication of requests.
* @param verbosity 0 for normal operation, positive values for chattier
@@ -121,6 +129,14 @@ static char * evel_batch_api_url;
*****************************************************************************/
EVEL_ERR_CODES event_handler_initialize(const char * const event_api_url,
const char * const throt_api_url,
+ const char * const source_ip,
+ int secure,
+ const char * const cert_file_path,
+ const char * const key_file_path,
+ const char * const ca_info,
+ const char * const ca_file_path,
+ long verify_peer,
+ long verify_host,
const char * const username,
const char * const password,
int verbosity)
@@ -128,6 +144,7 @@ EVEL_ERR_CODES event_handler_initialize(const char * const event_api_url,
int rc = EVEL_SUCCESS;
CURLcode curl_rc = CURLE_OK;
char batch_api_url[EVEL_MAX_URL_LEN + 1] = {0};
+ char local_address[64];
EVEL_ENTER();
@@ -241,6 +258,114 @@ EVEL_ERR_CODES event_handler_initialize(const char * const event_api_url,
}
/***************************************************************************/
+ /* configure local ip address if provided */
+ /* Default ip if NULL */
+ /***************************************************************************/
+ if( source_ip != NULL )
+ {
+ snprintf(local_address,sizeof(local_address),source_ip);
+ if( local_address[0] != '\0' )
+ {
+ curl_rc = curl_easy_setopt(curl_handle,
+ CURLOPT_INTERFACE,
+ local_address);
+ if (curl_rc != CURLE_OK)
+ {
+ rc = EVEL_CURL_LIBRARY_FAIL;
+ log_error_state("Failed to initialize libCURL with the local address. "
+ "Error code=%d (%s)", curl_rc, curl_err_string);
+ goto exit_label;
+ }
+ }
+ }
+
+ /***************************************************************************/
+ /* configure SSL options for HTTPS transfers */
+ /***************************************************************************/
+ if( secure )
+ {
+ if( cert_file_path != NULL )
+ {
+ curl_rc = curl_easy_setopt(curl_handle,
+ CURLOPT_SSLCERT,
+ cert_file_path);
+ if (curl_rc != CURLE_OK)
+ {
+ rc = EVEL_CURL_LIBRARY_FAIL;
+ log_error_state("Failed to initialize libCURL with the client cert. "
+ "Error code=%d (%s)", curl_rc, curl_err_string);
+ goto exit_label;
+ }
+ }
+
+ if( key_file_path != NULL )
+ {
+ curl_rc = curl_easy_setopt(curl_handle,
+ CURLOPT_SSLKEY,
+ key_file_path);
+ if (curl_rc != CURLE_OK)
+ {
+ rc = EVEL_CURL_LIBRARY_FAIL;
+ log_error_state("Failed to initialize libCURL with the client key. "
+ "Error code=%d (%s)", curl_rc, curl_err_string);
+ goto exit_label;
+ }
+ }
+
+ if( ca_info != NULL )
+ {
+ curl_rc = curl_easy_setopt(curl_handle,
+ CURLOPT_CAINFO,
+ ca_info);
+ if (curl_rc != CURLE_OK)
+ {
+ rc = EVEL_CURL_LIBRARY_FAIL;
+ log_error_state("Failed to initialize libCURL with the CA cert file. "
+ "Error code=%d (%s)", curl_rc, curl_err_string);
+ goto exit_label;
+ }
+ }
+
+ if( ca_file_path != NULL )
+ {
+ curl_rc = curl_easy_setopt(curl_handle,
+ CURLOPT_CAPATH,
+ ca_file_path);
+ if (curl_rc != CURLE_OK)
+ {
+ rc = EVEL_CURL_LIBRARY_FAIL;
+ log_error_state("Failed to initialize libCURL with the CA cert path. "
+ "Error code=%d (%s)", curl_rc, curl_err_string);
+ goto exit_label;
+ }
+ }
+
+ curl_rc = curl_easy_setopt(curl_handle,
+ CURLOPT_SSL_VERIFYPEER,
+ verify_peer);
+ if (curl_rc != CURLE_OK)
+ {
+ rc = EVEL_CURL_LIBRARY_FAIL;
+ log_error_state("Failed to initialize libCURL with SSL Server verification. "
+ "Error code=%d (%s)", curl_rc, curl_err_string);
+ goto exit_label;
+ }
+ curl_rc = curl_easy_setopt(curl_handle,
+ CURLOPT_SSL_VERIFYHOST,
+ verify_host);
+ if (curl_rc != CURLE_OK)
+ {
+ rc = EVEL_CURL_LIBRARY_FAIL;
+ log_error_state("Failed to initialize libCURL with Client host verification. "
+ "Error code=%d (%s)", curl_rc, curl_err_string);
+ goto exit_label;
+ }
+
+ }
+
+
+
+ /***************************************************************************/
/* some servers don't like requests that are made without a user-agent */
/* field, so we provide one. */
/***************************************************************************/
diff --git a/vnfs/VES5.0/evel/evel-library/code/evel_library/evel_internal.h b/vnfs/VES5.0/evel/evel-library/code/evel_library/evel_internal.h
index 46f71af1..dd4b4b7c 100644
--- a/vnfs/VES5.0/evel/evel-library/code/evel_library/evel_internal.h
+++ b/vnfs/VES5.0/evel/evel-library/code/evel_library/evel_internal.h
@@ -174,6 +174,14 @@ typedef struct evel_throttle_spec {
* to be.
* @param[in] throt_api_url
* The URL where the Throttling API is expected to be.
+ * @param[in] source_ip Source IP of VES Agent
+ * @param[in] secure Whether Using http or https
+ * @param[in] cert_file_path Path to Client Certificate file
+ * @param[in] key_file_path Path to Client key file
+ * @param[in] ca_info Path to CA info file
+ * @param[in] ca_file_path Path to CA file
+ * @param[in] verify_peer Using peer verification or not
+ * @param[in] verify_host Using host verification or not
* @param[in] username The username for the Basic Authentication of requests.
* @param[in] password The password for the Basic Authentication of requests.
* @param verbosity 0 for normal operation, positive values for chattier
@@ -181,6 +189,14 @@ typedef struct evel_throttle_spec {
*****************************************************************************/
EVEL_ERR_CODES event_handler_initialize(const char * const event_api_url,
const char * const throt_api_url,
+ const char * const source_ip,
+ int secure,
+ const char * const cert_file_path,
+ const char * const key_file_path,
+ const char * const ca_info,
+ const char * const ca_file_path,
+ long verify_peer,
+ long verify_host,
const char * const username,
const char * const password,
int verbosity);