feat: added configuration option to use either https or http.

wazuh · Oct 1, 2024 · 94b5ff2 · 94b5ff2
1 parent 954475b
commit 94b5ff2
Show file tree

Hide file tree

Showing 9 changed files with 41 additions and 20 deletions.
diff --git a/src/agent/communicator/include/communicator.hpp b/src/agent/communicator/include/communicator.hpp
@@ -54,5 +54,6 @@ namespace communicator
         std::shared_ptr<std::string> m_token;
         long long m_tokenExpTimeInSeconds = 0;
         std::unique_ptr<boost::asio::steady_timer> m_tokenExpTimer;
+        bool m_useHttps = true;
     };
 } // namespace communicator
diff --git a/src/agent/communicator/include/http_client.hpp b/src/agent/communicator/include/http_client.hpp
@@ -38,12 +38,14 @@ namespace http_client
         std::optional<std::string> AuthenticateWithUuidAndKey(const std::string& host,
                                                               const std::string& port,
                                                               const std::string& uuid,
-                                                              const std::string& key) override;
+                                                              const std::string& key,
+                                                              const bool useHttps) override;
 
         std::optional<std::string> AuthenticateWithUserPassword(const std::string& host,
                                                                 const std::string& port,
                                                                 const std::string& user,
-                                                                const std::string& password) override;
+                                                                const std::string& password,
+                                                                const bool useHttps) override;
 
     private:
         std::shared_ptr<IHttpResolverFactory> m_resolverFactory;

diff --git a/src/agent/communicator/include/ihttp_client.hpp b/src/agent/communicator/include/ihttp_client.hpp
@@ -18,6 +18,7 @@ namespace http_client
         std::string Host;
         std::string Port;
         std::string Endpoint;
+        bool Use_Https;
         std::string Token;
         std::string User_pass;
         std::string Body;
@@ -26,13 +27,15 @@ namespace http_client
                           const std::string& host,
                           const std::string& port,
                           const std::string& endpoint,
+                          const bool use_https,
                           const std::string& token = "",
                           const std::string& user_pass = "",
                           const std::string& body = "")
             : Method(method)
             , Host(host)
             , Port(port)
             , Endpoint(endpoint)
+            , Use_Https(use_https)
             , Token(token)
             , User_pass(user_pass)
             , Body(body)
@@ -42,7 +45,7 @@ namespace http_client
         bool operator==(const HttpRequestParams& other) const
         {
             return Method == other.Method && Host == other.Host && Port == other.Port && Endpoint == other.Endpoint &&
-                   Token == other.Token && User_pass == other.User_pass && Body == other.Body;
+                   Token == other.Token && User_pass == other.User_pass && Body == other.Body && Use_Https == other.Use_Https;
         }
     };
 
@@ -68,11 +71,13 @@ namespace http_client
         virtual std::optional<std::string> AuthenticateWithUuidAndKey(const std::string& host,
                                                                       const std::string& port,
                                                                       const std::string& uuid,
-                                                                      const std::string& key) = 0;
+                                                                      const std::string& key,
+                                                                      const bool useHttps) = 0;
 
         virtual std::optional<std::string> AuthenticateWithUserPassword(const std::string& host,
                                                                         const std::string& port,
                                                                         const std::string& user,
-                                                                        const std::string& password) = 0;
+                                                                        const std::string& password,
+                                                                        const bool useHttps) = 0;
     };
 } // namespace http_client
diff --git a/src/agent/communicator/include/ihttp_socket_factory.hpp b/src/agent/communicator/include/ihttp_socket_factory.hpp
@@ -12,6 +12,6 @@ namespace http_client
     {
     public:
         virtual ~IHttpSocketFactory() = default;
-        virtual std::unique_ptr<IHttpSocket> Create(const boost::asio::any_io_executor& executor) = 0;
+        virtual std::unique_ptr<IHttpSocket> Create(const boost::asio::any_io_executor& executor, const bool use_https) = 0;
     };
 } // namespace http_client
diff --git a/src/agent/communicator/src/communicator.cpp b/src/agent/communicator/src/communicator.cpp
@@ -41,12 +41,17 @@ namespace communicator
         {
             m_managerIp = getStringConfigValue("agent", "manager_ip");
             m_port = getStringConfigValue("agent", "agent_comms_api_port");
+            const std::string httpsEnabled =  getStringConfigValue("agent", "https_enabled");
+            if (httpsEnabled == "no") {
+                m_useHttps = false;
+                LogInfo("Using insecure connection.");
+            }
         }
     }
 
     boost::beast::http::status Communicator::SendAuthenticationRequest()
     {
-        const auto token = m_httpClient->AuthenticateWithUuidAndKey(m_managerIp, m_port, m_uuid, m_key);
+        const auto token = m_httpClient->AuthenticateWithUuidAndKey(m_managerIp, m_port, m_uuid, m_key, m_useHttps);
 
         if (token.has_value())
         {
@@ -96,7 +101,7 @@ namespace communicator
         };
 
         const auto reqParams =
-            http_client::HttpRequestParams(boost::beast::http::verb::get, m_managerIp, m_port, "/api/v1/commands");
+            http_client::HttpRequestParams(boost::beast::http::verb::get, m_managerIp, m_port, "/api/v1/commands", m_useHttps);
         co_await m_httpClient->Co_PerformHttpRequest(
             m_token, reqParams, {}, onAuthenticationFailed, onSuccess, loopCondition);
     }
@@ -157,7 +162,7 @@ namespace communicator
         };
 
         const auto reqParams = http_client::HttpRequestParams(
-            boost::beast::http::verb::post, m_managerIp, m_port, "/api/v1/events/stateful");
+            boost::beast::http::verb::post, m_managerIp, m_port, "/api/v1/events/stateful", m_useHttps);
         co_await m_httpClient->Co_PerformHttpRequest(
             m_token, reqParams, getMessages, onAuthenticationFailed, onSuccess, loopCondition);
     }
@@ -177,7 +182,7 @@ namespace communicator
         };
 
         const auto reqParams = http_client::HttpRequestParams(
-            boost::beast::http::verb::post, m_managerIp, m_port, "/api/v1/events/stateless");
+            boost::beast::http::verb::post, m_managerIp, m_port, "/api/v1/events/stateless", m_useHttps);
         co_await m_httpClient->Co_PerformHttpRequest(
             m_token, reqParams, getMessages, onAuthenticationFailed, onSuccess, loopCondition);
     }

diff --git a/src/agent/communicator/src/http_client.cpp b/src/agent/communicator/src/http_client.cpp
@@ -84,7 +84,7 @@ namespace http_client
 
         do
         {
-            auto socket = m_socketFactory->Create(executor);
+            auto socket = m_socketFactory->Create(executor, reqParams.Use_Https);
 
             const auto results = co_await resolver->AsyncResolve(reqParams.Host, reqParams.Port);
 
@@ -173,7 +173,7 @@ namespace http_client
 
             const auto results = resolver->Resolve(params.Host, params.Port);
 
-            auto socket = m_socketFactory->Create(io_context.get_executor());
+            auto socket = m_socketFactory->Create(io_context.get_executor(), params.Use_Https);
             socket->Connect(results);
 
             const auto req = CreateHttpRequest(params);
@@ -197,11 +197,12 @@ namespace http_client
     std::optional<std::string> HttpClient::AuthenticateWithUuidAndKey(const std::string& host,
                                                                       const std::string& port,
                                                                       const std::string& uuid,
-                                                                      const std::string& key)
+                                                                      const std::string& key,
+                                                                      const bool useHttps)
     {
         const std::string body = R"({"uuid":")" + uuid + R"(", "key":")" + key + "\"}";
         const auto reqParams = http_client::HttpRequestParams(
-            boost::beast::http::verb::post, host, port, "/api/v1/authentication", "", "", body);
+            boost::beast::http::verb::post, host, port, "/api/v1/authentication", useHttps, "", "", body);
 
         const auto res = PerformHttpRequest(reqParams);
 
@@ -219,7 +220,8 @@ namespace http_client
     std::optional<std::string> HttpClient::AuthenticateWithUserPassword(const std::string& host,
                                                                         const std::string& port,
                                                                         const std::string& user,
-                                                                        const std::string& password)
+                                                                        const std::string& password,
+                                                                        const bool useHttps)
     {
         std::string basicAuth {};
         std::string userPass {user + ":" + password};
@@ -229,7 +231,7 @@ namespace http_client
         boost::beast::detail::base64::encode(&basicAuth[0], userPass.c_str(), userPass.size());
 
         const auto reqParams = http_client::HttpRequestParams(
-            boost::beast::http::verb::post, host, port, "/security/user/authenticate", "", basicAuth);
+            boost::beast::http::verb::post, host, port, "/security/user/authenticate", useHttps, "", basicAuth);
 
         const auto res = PerformHttpRequest(reqParams);
 

diff --git a/src/agent/communicator/src/http_socket_factory.hpp b/src/agent/communicator/src/http_socket_factory.hpp
@@ -14,8 +14,12 @@ namespace http_client
     class HttpSocketFactory : public IHttpSocketFactory
     {
     public:
-        std::unique_ptr<IHttpSocket> Create(const boost::asio::any_io_executor& executor) override
+        std::unique_ptr<IHttpSocket> Create(const boost::asio::any_io_executor& executor,
+                                            const bool use_https) override
         {
+            if (use_https)
+                return std::make_unique<HttpsSocket>(executor);
+
             return std::make_unique<HttpSocket>(executor);
         }
     };

diff --git a/src/agent/configuration_parser/src/configuration_parser.cpp b/src/agent/configuration_parser/src/configuration_parser.cpp
@@ -22,7 +22,8 @@ namespace configuration
                 R"([agent]
                 server_mgmt_api_port = "55000"
                 agent_comms_api_port = "27000"
-                manager_ip = "localhost")",
+                manager_ip = "localhost"
+                https_enabled = "yes")",
                 toml::spec::v(1, 0, 0));
         }
     }

diff --git a/src/agent/src/register.cpp b/src/agent/src/register.cpp
@@ -16,9 +16,10 @@ namespace registration
         const configuration::ConfigurationParser configurationParser;
         const auto managerIp = configurationParser.GetConfig<std::string>("agent", "manager_ip");
         const auto managerPort = configurationParser.GetConfig<std::string>("agent", "server_mgmt_api_port");
+        const bool useHttps = !(configurationParser.GetConfig<std::string>("agent", "https_enabled") == "no");
 
         const auto token = httpClient.AuthenticateWithUserPassword(
-            managerIp, managerPort, userCredentials.user, userCredentials.password);
+            managerIp, managerPort, userCredentials.user, userCredentials.password, useHttps);
 
         if (!token.has_value())
         {
@@ -36,7 +37,7 @@ namespace registration
         }
 
         const auto reqParams = http_client::HttpRequestParams(
-            http::verb::post, managerIp, managerPort, "/agents", token.value(), "", bodyJson.dump());
+            http::verb::post, managerIp, managerPort, "/agents", useHttps, token.value(), "", bodyJson.dump());
 
         const auto res = httpClient.PerformHttpRequest(reqParams);