Skip to content

[C][Client] Support SSL client authentication for the c client #5719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 30, 2020
Merged

[C][Client] Support SSL client authentication for the c client #5719

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6431d41
[C][Client] Support SSL client authentication
ityuhui Mar 26, 2020
fbd25d7
[C][Client] Support SSL client authentication, update sample
ityuhui Mar 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 52 additions & 14 deletions modules/openapi-generator/src/main/resources/C-libcurl/apiClient.c.mustache
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ apiClient_t *apiClient_create() {
curl_global_init(CURL_GLOBAL_ALL);
apiClient_t *apiClient = malloc(sizeof(apiClient_t));
apiClient->basePath = strdup("{{{basePath}}}");
apiClient->caPath = NULL;
apiClient->sslConfig = NULL;
apiClient->dataReceived = NULL;
apiClient->response_code = 0;
{{#hasAuthMethods}}
Expand All @@ -35,7 +35,7 @@ apiClient_t *apiClient_create() {
}

apiClient_t *apiClient_create_with_base_path(const char *basePath
, const char *caPath
, sslConfig_t *sslConfig
{{#hasAuthMethods}}
{{#authMethods}}
{{#isApiKey}}
Expand All @@ -52,10 +52,10 @@ apiClient_t *apiClient_create_with_base_path(const char *basePath
apiClient->basePath = strdup("{{{basePath}}}");
}

if(caPath){
apiClient->caPath = strdup(caPath);
if(sslConfig){
apiClient->sslConfig = sslConfig;
}else{
apiClient->caPath = NULL;
apiClient->sslConfig = NULL;
}

apiClient->dataReceived = NULL;
Expand Down Expand Up @@ -92,9 +92,6 @@ void apiClient_free(apiClient_t *apiClient) {
if(apiClient->basePath) {
free(apiClient->basePath);
}
if(apiClient->caPath) {
free(apiClient->caPath);
}
{{#hasAuthMethods}}
{{#authMethods}}
{{#isBasic}}
Expand Down Expand Up @@ -132,6 +129,33 @@ void apiClient_free(apiClient_t *apiClient) {
curl_global_cleanup();
}

sslConfig_t *sslConfig_create(const char *clientCertFile, const char *clientKeyFile, const char *CACertFile, int insecureSkipTlsVerify) {
sslConfig_t *sslConfig = calloc(1, sizeof(sslConfig_t));
if ( clientCertFile ) {
sslConfig->clientCertFile = strdup(clientCertFile);
}
if ( clientKeyFile ) {
sslConfig->clientKeyFile = strdup(clientKeyFile);
}
if ( CACertFile ) {
sslConfig->CACertFile = strdup(CACertFile);
}
sslConfig->insecureSkipTlsVerify = insecureSkipTlsVerify;
}

void sslConfig_free(sslConfig_t *sslConfig) {
if ( sslConfig->clientCertFile ) {
free(sslConfig->clientCertFile);
}
if ( sslConfig->clientKeyFile ) {
free(sslConfig->clientKeyFile);
}
if ( sslConfig->CACertFile ){
free(sslConfig->CACertFile);
}
free(sslConfig);
}

void replaceSpaceWithPlus(char *stringToProcess) {
for(int i = 0; i < strlen(stringToProcess); i++) {
if(stringToProcess[i] == ' ') {
Expand Down Expand Up @@ -388,13 +412,27 @@ void apiClient_invoke(apiClient_t *apiClient,
}
}

if( strstr(apiClient->basePath, "https") != NULL ){
if (apiClient->caPath) {
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(handle, CURLOPT_CAINFO, apiClient->caPath);
if ( strstr(apiClient->basePath, "https") != NULL ) {
if ( apiClient->sslConfig ) {
if( apiClient->sslConfig->clientCertFile ) {
curl_easy_setopt(handle, CURLOPT_SSLCERT, apiClient->sslConfig->clientCertFile);
}
if( apiClient->sslConfig->clientKeyFile ) {
curl_easy_setopt(handle, CURLOPT_SSLKEY, apiClient->sslConfig->clientKeyFile);
}
if( apiClient->sslConfig->CACertFile ) {
curl_easy_setopt(handle, CURLOPT_CAINFO, apiClient->sslConfig->CACertFile);
}
if ( 1 == apiClient->sslConfig->insecureSkipTlsVerify ) {
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 0L);
} else {
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 2L);
}
} else {
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, false);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, false);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 0L);
}
}

Expand Down
16 changes: 14 additions & 2 deletions modules/openapi-generator/src/main/resources/C-libcurl/apiClient.h.mustache
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,17 @@
#include "../include/list.h"
#include "../include/keyValuePair.h"

typedef struct sslConfig_t {
char *clientCertFile; /* client certificate */
char *clientKeyFile; /* client private key */
char *CACertFile; /* CA certificate */
int insecureSkipTlsVerify ; /* 0 -- verify server certificate */
/* 1 -- skip ssl verify for server certificate */
} sslConfig_t;

typedef struct apiClient_t {
char *basePath;
char *caPath;
sslConfig_t *sslConfig;
void *dataReceived;
long response_code;
{{#hasAuthMethods}}
Expand Down Expand Up @@ -39,7 +47,7 @@ typedef struct binary_t
apiClient_t* apiClient_create();

apiClient_t* apiClient_create_with_base_path(const char *basePath
, const char *caPath
, sslConfig_t *sslConfig
{{#hasAuthMethods}}
{{#authMethods}}
{{#isApiKey}}
Expand All @@ -53,6 +61,10 @@ void apiClient_free(apiClient_t *apiClient);

void apiClient_invoke(apiClient_t *apiClient,char* operationParameter, list_t *queryParameters, list_t *headerParameters, list_t *formParameters,list_t *headerType,list_t *contentType, char *bodyParameters, char *requestType);

sslConfig_t *sslConfig_create(const char *clientCertFile, const char *clientKeyFile, const char *CACertFile, int insecureSkipTlsVerify);

void sslConfig_free(sslConfig_t *sslConfig);

char *strReplace(char *orig, char *rep, char *with);

char *base64encode(const void *b64_encode_this, int encode_this_many_bytes);
Expand Down
16 changes: 14 additions & 2 deletions samples/client/petstore/c/include/apiClient.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,17 @@
#include "../include/list.h"
#include "../include/keyValuePair.h"

typedef struct sslConfig_t {
char *clientCertFile; /* client certificate */
char *clientKeyFile; /* client private key */
char *CACertFile; /* CA certificate */
int insecureSkipTlsVerify ; /* 0 -- verify server certificate */
/* 1 -- skip ssl verify for server certificate */
} sslConfig_t;

typedef struct apiClient_t {
char *basePath;
char *caPath;
sslConfig_t *sslConfig;
void *dataReceived;
long response_code;
list_t *apiKeys;
Expand All @@ -27,14 +35,18 @@ typedef struct binary_t
apiClient_t* apiClient_create();

apiClient_t* apiClient_create_with_base_path(const char *basePath
, const char *caPath
, sslConfig_t *sslConfig
, list_t *apiKeys
);

void apiClient_free(apiClient_t *apiClient);

void apiClient_invoke(apiClient_t *apiClient,char* operationParameter, list_t *queryParameters, list_t *headerParameters, list_t *formParameters,list_t *headerType,list_t *contentType, char *bodyParameters, char *requestType);

sslConfig_t *sslConfig_create(const char *clientCertFile, const char *clientKeyFile, const char *CACertFile, int insecureSkipTlsVerify);

void sslConfig_free(sslConfig_t *sslConfig);

char *strReplace(char *orig, char *rep, char *with);

char *base64encode(const void *b64_encode_this, int encode_this_many_bytes);
Expand Down
66 changes: 52 additions & 14 deletions samples/client/petstore/c/src/apiClient.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ apiClient_t *apiClient_create() {
curl_global_init(CURL_GLOBAL_ALL);
apiClient_t *apiClient = malloc(sizeof(apiClient_t));
apiClient->basePath = strdup("http://petstore.swagger.io/v2");
apiClient->caPath = NULL;
apiClient->sslConfig = NULL;
apiClient->dataReceived = NULL;
apiClient->response_code = 0;
apiClient->apiKeys = NULL;
Expand All @@ -23,7 +23,7 @@ apiClient_t *apiClient_create() {
}

apiClient_t *apiClient_create_with_base_path(const char *basePath
, const char *caPath
, sslConfig_t *sslConfig
, list_t *apiKeys
) {
curl_global_init(CURL_GLOBAL_ALL);
Expand All @@ -34,10 +34,10 @@ apiClient_t *apiClient_create_with_base_path(const char *basePath
apiClient->basePath = strdup("http://petstore.swagger.io/v2");
}

if(caPath){
apiClient->caPath = strdup(caPath);
if(sslConfig){
apiClient->sslConfig = sslConfig;
}else{
apiClient->caPath = NULL;
apiClient->sslConfig = NULL;
}

apiClient->dataReceived = NULL;
Expand All @@ -62,9 +62,6 @@ void apiClient_free(apiClient_t *apiClient) {
if(apiClient->basePath) {
free(apiClient->basePath);
}
if(apiClient->caPath) {
free(apiClient->caPath);
}
if(apiClient->apiKeys) {
listEntry_t *listEntry = NULL;
list_ForEach(listEntry, apiClient->apiKeys) {
Expand All @@ -86,6 +83,33 @@ void apiClient_free(apiClient_t *apiClient) {
curl_global_cleanup();
}

sslConfig_t *sslConfig_create(const char *clientCertFile, const char *clientKeyFile, const char *CACertFile, int insecureSkipTlsVerify) {
sslConfig_t *sslConfig = calloc(1, sizeof(sslConfig_t));
if ( clientCertFile ) {
sslConfig->clientCertFile = strdup(clientCertFile);
}
if ( clientKeyFile ) {
sslConfig->clientKeyFile = strdup(clientKeyFile);
}
if ( CACertFile ) {
sslConfig->CACertFile = strdup(CACertFile);
}
sslConfig->insecureSkipTlsVerify = insecureSkipTlsVerify;
}

void sslConfig_free(sslConfig_t *sslConfig) {
if ( sslConfig->clientCertFile ) {
free(sslConfig->clientCertFile);
}
if ( sslConfig->clientKeyFile ) {
free(sslConfig->clientKeyFile);
}
if ( sslConfig->CACertFile ){
free(sslConfig->CACertFile);
}
free(sslConfig);
}

void replaceSpaceWithPlus(char *stringToProcess) {
for(int i = 0; i < strlen(stringToProcess); i++) {
if(stringToProcess[i] == ' ') {
Expand Down Expand Up @@ -342,13 +366,27 @@ void apiClient_invoke(apiClient_t *apiClient,
}
}

if( strstr(apiClient->basePath, "https") != NULL ){
if (apiClient->caPath) {
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(handle, CURLOPT_CAINFO, apiClient->caPath);
if ( strstr(apiClient->basePath, "https") != NULL ) {
if ( apiClient->sslConfig ) {
if( apiClient->sslConfig->clientCertFile ) {
curl_easy_setopt(handle, CURLOPT_SSLCERT, apiClient->sslConfig->clientCertFile);
}
if( apiClient->sslConfig->clientKeyFile ) {
curl_easy_setopt(handle, CURLOPT_SSLKEY, apiClient->sslConfig->clientKeyFile);
}
if( apiClient->sslConfig->CACertFile ) {
curl_easy_setopt(handle, CURLOPT_CAINFO, apiClient->sslConfig->CACertFile);
}
if ( 1 == apiClient->sslConfig->insecureSkipTlsVerify ) {
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 0L);
} else {
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 2L);
}
} else {
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, false);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, false);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 0L);
}
}

Expand Down