mirror/icwmp
1
0
Fork 0
mirror of https://dev.iopsys.eu/bbf/icwmp.git synced 2025-12-10 07:44:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added support for mutual authentication

Browse source 
- Added uci option to define client certificate and key for mutual authentication
This commit is contained in:
Vivek Kumar Dutta 2025-03-09 09:21:16 +00:00 committed by IOPSYS Dev
parent 70ad69d6d0
commit e8f5876b87
No known key found for this signature in database
6 changed files with 63 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
docs/api/uci/cwmp.md
View file

@ -371,6 +371,40 @@
<div class="td_row_even">if set to **1**, the cwmp client will be enabled. </div> <div class="td_row_even">if set to **1**, the cwmp client will be enabled. </div>
</td> </td>
</tr> </tr>
<tr>
<td class="td_row_odd">
<div class="td_row_odd">client_cert_path</div>
</td>
<td class="td_row_odd">
<div class="td_row_odd">string</div>
</td>
<td class="td_row_odd">
<div class="td_row_odd">no</div>
</td>
<td class="td_row_odd">
<div class="td_row_odd"></div>
</td>
<td class="td_row_odd">
<div class="td_row_odd">Full path client perm certificate, icwmp will send this certificate to ACS server for authentication.</div>
</td>
</tr>
<tr>
<td class="td_row_even">
<div class="td_row_even">client_key_path</div>
</td>
<td class="td_row_even">
<div class="td_row_even">string</div>
</td>
<td class="td_row_even">
<div class="td_row_even">no</div>
</td>
<td class="td_row_even">
<div class="td_row_even"></div>
</td>
<td class="td_row_even">
<div class="td_row_even">Full path of client key pem file</div>
</td>
</tr>
<tr> <tr>
<td class="td_row_odd"> <td class="td_row_odd">
<div class="td_row_odd">manufacturer</div> <div class="td_row_odd">manufacturer</div>

14
schemas/uci/cwmp.json
View file

@ -131,6 +131,20 @@
"default": "1", "default": "1",
"description": "if set to **1**, the cwmp client will be enabled. " "description": "if set to **1**, the cwmp client will be enabled. "
}, },
{
"name": "client_cert_path",
"type": "string",
"required": "no",
"default": "",
"description": "Full path client perm certificate, icwmp will send this certificate to ACS server for authentication."
},
{
"name": "client_key_path",
"type": "string",
"required": "no",
"default": "",
"description": "Full path of client key pem file"
},
{ {
"name": "manufacturer", "name": "manufacturer",
"type": "string", "type": "string",

3
src/common.h
View file

@ -170,7 +170,8 @@ typedef struct config {
char auto_cdu_result_type[BUF_SIZE_16]; char auto_cdu_result_type[BUF_SIZE_16];
char auto_cdu_fault_code[BUF_SIZE_16]; char auto_cdu_fault_code[BUF_SIZE_16];
char default_wan_iface[BUF_SIZE_32]; char default_wan_iface[BUF_SIZE_32];
char cpe_client_cert[BUF_SIZE_256];
char cpe_client_key[BUF_SIZE_256];
} config; } config;
struct deviceid { struct deviceid {

5
src/config.c
View file

@ -76,8 +76,13 @@ int get_preinit_config()
cwmp_ctx.conf.supported_amd_version = cwmp_ctx.conf.amd_version; cwmp_ctx.conf.supported_amd_version = cwmp_ctx.conf.amd_version;
get_uci_path_value(NULL, UCI_CPE_CERT_PATH, cwmp_ctx.conf.cpe_client_cert, BUF_SIZE_256);
get_uci_path_value(NULL, UCI_CPE_KEY_PATH, cwmp_ctx.conf.cpe_client_key, BUF_SIZE_256);
CWMP_LOG(DEBUG, "CWMP CONFIG - default wan interface: %s", cwmp_ctx.conf.default_wan_iface); CWMP_LOG(DEBUG, "CWMP CONFIG - default wan interface: %s", cwmp_ctx.conf.default_wan_iface);
CWMP_LOG(DEBUG, "CWMP CONFIG - amendement version: %d", cwmp_ctx.conf.amd_version); CWMP_LOG(DEBUG, "CWMP CONFIG - amendement version: %d", cwmp_ctx.conf.amd_version);
CWMP_LOG(DEBUG, "CWMP CONFIG - cpe cert path: %s", cwmp_ctx.conf.cpe_client_cert);
CWMP_LOG(DEBUG, "CWMP CONFIG - cpe key path: %s", cwmp_ctx.conf.cpe_client_key);
return CWMP_OK; return CWMP_OK;
} }

2
src/config.h
View file

@ -22,6 +22,8 @@
#define UCI_CPE_DEFAULT_WAN_IFACE "cwmp.cpe.default_wan_interface" #define UCI_CPE_DEFAULT_WAN_IFACE "cwmp.cpe.default_wan_interface"
#define UCI_CPE_INCOMING_RULE "cwmp.cpe.incoming_rule" #define UCI_CPE_INCOMING_RULE "cwmp.cpe.incoming_rule"
#define UCI_CPE_AMD_VERSION "cwmp.cpe.amd_version" #define UCI_CPE_AMD_VERSION "cwmp.cpe.amd_version"
#define UCI_CPE_CERT_PATH "cwmp.cpe.client_cert_path"
#define UCI_CPE_KEY_PATH "cwmp.cpe.client_key_path"
int cwmp_get_deviceid(); int cwmp_get_deviceid();
int cwmp_config_reload(); int cwmp_config_reload();

6
src/http.c
View file

@ -117,6 +117,12 @@ static void http_set_security_options()
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
} }
if (CWMP_STRLEN(cwmp_ctx.conf.cpe_client_cert) != 0 && file_exists(cwmp_ctx.conf.cpe_client_cert) &&
CWMP_STRLEN(cwmp_ctx.conf.cpe_client_key) != 0 && file_exists(cwmp_ctx.conf.cpe_client_key)) {
curl_easy_setopt(curl, CURLOPT_SSLCERT, cwmp_ctx.conf.cpe_client_cert);
curl_easy_setopt(curl, CURLOPT_SSLKEY, cwmp_ctx.conf.cpe_client_key);
}
} }
static void http_set_connection_options() static void http_set_connection_options()