Merge pull request #590 from atsign-foundation/sec_context

feat:support for optional decryptPackets parameter
atsign-foundation · Jul 25, 2022 · f606426 · f606426
2 parents f4166c9 + 2d9e277
commit f606426
Show file tree

Hide file tree

Showing 9 changed files with 90 additions and 7 deletions.
diff --git a/at_client/lib/src/client/remote_secondary.dart b/at_client/lib/src/client/remote_secondary.dart
@@ -26,8 +26,14 @@ class RemoteSecondary implements Secondary {
     _atSign = AtUtils.formatAtSign(atSign)!;
     _preference = preference;
     privateKey ??= preference.privateKey;
+    SecureSocketConfig secureSocketConfig = SecureSocketConfig();
+    secureSocketConfig.decryptPackets = preference.decryptPackets;
+    secureSocketConfig.pathToCerts = preference.pathToCerts;
+    secureSocketConfig.tlsKeysSavePath = preference.tlsKeysSavePath;
     atLookUp = AtLookupImpl(atSign, preference.rootDomain, preference.rootPort,
-        privateKey: privateKey, cramSecret: preference.cramSecret);
+        privateKey: privateKey,
+        cramSecret: preference.cramSecret,
+        secureSocketConfig: secureSocketConfig);
   }
 
   /// Executes the command returned by [VerbBuilder] build command on a remote secondary server.

diff --git a/at_client/lib/src/manager/monitor.dart b/at_client/lib/src/manager/monitor.dart
@@ -9,7 +9,6 @@ import 'package:at_client/src/preference/monitor_preference.dart';
 import 'package:at_client/src/response/default_response_parser.dart';
 import 'package:at_client/src/util/network_util.dart';
 import 'package:at_commons/at_builders.dart';
-import 'package:at_commons/at_commons.dart';
 import 'package:at_lookup/at_lookup.dart';
 import 'package:at_utils/at_logger.dart';
 import 'package:crypton/crypton.dart';
@@ -278,7 +277,10 @@ class Monitor {
 
     //2. create a connection to secondary server
     var outboundConnection =
-        await _monitorOutboundConnectionFactory.createConnection(secondaryUrl);
+        await _monitorOutboundConnectionFactory.createConnection(secondaryUrl,
+            decryptPackets: _preference.decryptPackets,
+            pathToCerts: _preference.pathToCerts,
+            tlsKeysSavePath: _preference.tlsKeysSavePath);
     return outboundConnection;
   }
 
@@ -408,12 +410,19 @@ class MonitorConnectivityChecker {
 }
 
 class MonitorOutboundConnectionFactory {
-  Future<OutboundConnection> createConnection(String secondaryUrl) async {
+  Future<OutboundConnection> createConnection(String secondaryUrl,
+      {decryptPackets, pathToCerts, tlsKeysSavePath}) async {
     var secondaryInfo = _getSecondaryInfo(secondaryUrl);
     var host = secondaryInfo[0];
     var port = secondaryInfo[1];
 
-    var secureSocket = await SecureSocket.connect(host, int.parse(port));
+    SecureSocketConfig secureSocketConfig = SecureSocketConfig();
+    secureSocketConfig.decryptPackets = decryptPackets;
+    secureSocketConfig.pathToCerts = pathToCerts;
+    secureSocketConfig.tlsKeysSavePath = tlsKeysSavePath;
+
+    SecureSocket secureSocket = await SecureSocketUtil.createSecureSocket(
+        host, port, secureSocketConfig);
     return OutboundConnectionImpl(secureSocket);
   }
 

diff --git a/at_client/lib/src/preference/at_client_preference.dart b/at_client/lib/src/preference/at_client_preference.dart
@@ -61,6 +61,16 @@ class AtClientPreference {
   int fileEncryptionChunkSize = 4096;
 
   Duration monitorHeartbeatInterval = Duration(seconds: 10);
+
+  ///[OptionalParameter] when set to true logs TLS Keys to file.
+  bool decryptPackets = false;
+
+  ///[OptionalParameter] location where the TLS keys will be saved when [decryptPackets] is set to true
+  String? tlsKeysSavePath;
+
+  ///[OptionalParameter] path to trusted certificates. Required to create security context.
+  String? pathToCerts;
+
 }
 
 @Deprecated("Use SyncService")

diff --git a/at_client/pubspec.yaml b/at_client/pubspec.yaml
@@ -33,6 +33,11 @@ dependencies:
   meta: ^1.7.0
 
 #dependency_overrides:
+#  at_lookup:
+#    git:
+#      url: https://github.com/atsign-foundation/at_libraries.git
+#      path: at_lookup
+#      ref: sec_socket_util
 #  at_persistence_spec:
 #    git:
 #      url: https://github.com/atsign-foundation/at_server.git

diff --git a/at_client/test/monitor_test.dart b/at_client/test/monitor_test.dart
@@ -45,9 +45,13 @@ void main() {
   var fakeSecondaryUrl = "monitor_test:12345";
   var fakePrivateKey =
       'MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCDVMetuYSlcwNdS1yLgYE1oBEXaCFZjPq0Lk9w7yjKOqKgPCWnuVVly5+GBkYPYN3mPXbi/LHy3SqVM/8s5srxa+C8s5jk2pQI6BgG/RW59XM6vrGuw0pUQoL0bMyQxtR8XAFVgd54iDcgp4ZPLEH6odAgBraAtkIEpfwSwtMaWJCaS/Yn3q6ZoVOxL+O7DHD2dJWmwwjAJyDqEDeeNVuNHWnmj2ZneVXDnsY4fOR3IZdcGArM28FFcFIM6Q0K6XGiLGvJ2pYPywtzwARFChYJTBJYhNNLRgT+MUvx8fbNa6mMnnXQmagh/YvYwmyIUVQK1EhFNZIgezX9xdmIgS+FAgMBAAECggEAEq0z2FjRrFW23MWi25QHNAEXbSS52WpbHNSZJ45bVqcQCYmEMV4B7wAOJ5kszXMRG3USOyWEiO066Q0D9Pa9VafpxewkiicrdjjLcfL76/4j7O7BhgDvyRvMU8ZFMTGVdjn/VpGpeaqlbFdmmkvI9kOcvXE28wb4TIDuYBykuNI6twRqiaVd1LkKg9yoF0DGfSp8OHGWm/wz5wwnNYT6ofTbgV3gSGKOrLf4rC1swHh1VoNXiaYKQQFo2j23vGznC+hVJy8kAkSTMvRy4+SrZ+0MtYrNt0CI9n4hw79BNzwAd0kfJ5WCsYL6MaF8Giyym3Wl77KoiriwRF7cGCEnAQKBgQDWD+l1b6D8QCmrzxI1iZRoehfdlIlNviTxNks4yaDQ/tu6TC/3ySsRhKvwj7BqFYj2A6ULafeh08MfxpG0MfmJ+aJypC+MJixu/z/OXhQsscnR6avQtVLi9BIZV3EweyaD/yN/PB7IVLuhz6E6BV8kfNDb7UFZzrSSlvm1YzIdvQKBgQCdD5KVbcA88xkv/SrBpJcUME31TIR4DZPg8fSB+IDCnogSwXLxofadezH47Igc1CifLSQp4Rb+8sjVOTIoAXZKvW557fSQk3boR3aZ4CkheDznzjq0vY0qot4llkzHdiogaIUdPDwvYBwERzc73CO3We1pHs36bIz70Z3DRF5BaQKBgQC295jUARs4IVu899yXmEYa2yklAz4tDjajWoYHPwhPO1fysAZcJD3E1oLkttzSgB+2MD1VOTkpwEhLE74cqI6jqZV5qe7eOw7FvTT7npxd64UXAEUUurfjNz11HbGo/8pXDrB3o5qoHwzV7RPg9RByrqETKoMuUSk1FwjPSr9efQKBgAdC7w4Fkvu+aY20cMOfLnT6fsA2l3FNf2bJCPrxWFKnLbdgRkYxrMs/JOJTXT+n93DUj3V4OK3036AsEsuStbti4ra0b7g3eSnoE+2tVXl8q6Qz/rbYhKxR919ZgZc/OVdiPbVKUaYHFYSFHmKgHO6fM8DGcdOALUx/NoIOqSTxAoGBALUdiw8iyI98TFgmbSYjUj5id4MrYKXaR7ndS/SQFOBfJWVH09t5bTxXjKxKsK914/bIqEI71aussf5daOHhC03LdZIQx0ZcCdb2gL8vHNTQoqX75bLRN7J+zBKlwWjjrbhZCMLE/GtAJQNbpJ7jOrVeDwMAF8pK+Put9don44Gx';
-
+  var fakeCertsLocation = '/home/ubuntu/Desktop/cert.pem';
+  var fakeTlsKeysSavePath = '/home/ubuntu/Desktop/cert.pem';
   AtClientPreference atClientPreference = AtClientPreference();
   atClientPreference.privateKey = fakePrivateKey;
+  atClientPreference.decryptPackets = true;
+  atClientPreference.tlsKeysSavePath = fakeTlsKeysSavePath;
+  atClientPreference.pathToCerts = fakeCertsLocation;
 
   group('Monitor constructor and start tests', () {
     setUp(() {
@@ -68,7 +72,11 @@ void main() {
       when(() => mockOutboundConnection.getSocket())
           .thenAnswer((_) => mockSocket);
       when(() => mockMonitorOutboundConnectionFactory.createConnection(
-          fakeSecondaryUrl)).thenAnswer((_) async => mockOutboundConnection);
+              fakeSecondaryUrl,
+              decryptPackets: true,
+              tlsKeysSavePath: fakeTlsKeysSavePath,
+              pathToCerts: fakeCertsLocation))
+          .thenAnswer((_) async => mockOutboundConnection);
       when(() => mockSocket.listen(any(),
           onError: any(named: "onError"),
           onDone: any(named: "onDone"))).thenAnswer((Invocation invocation) {

diff --git a/at_end2end_test/pubspec.yaml b/at_end2end_test/pubspec.yaml
@@ -17,6 +17,12 @@ dependencies:
 #      path: at_commons
 #      ref: trunk
 
+#  at_lookup:
+#    git:
+#      url: https://github.com/atsign-foundation/at_libraries.git
+#      path: at_lookup
+#      ref: sec_socket_util
+
 dev_dependencies:
   pedantic: ^1.10.0
   test: ^1.16.0
diff --git a/at_functional_test/pubspec.yaml b/at_functional_test/pubspec.yaml
@@ -17,6 +17,12 @@ dependencies:
 #      path: at_commons
 #      ref: trunk
 
+#  at_lookup:
+#    git:
+#      url: https://github.com/atsign-foundation/at_libraries.git
+#      path: at_lookup
+#      ref: sec_socket_util
+
 dev_dependencies:
   test: ^1.17.2
   lints: ^1.0.1

diff --git a/at_functional_test/test/testData/cert.pem b/at_functional_test/test/testData/cert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFLDCCBBSgAwIBAgISBAAOlxS2nBvkxSahxke0Vb4dMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMjA3MTUwNjQxMTFaFw0yMjEwMTMwNjQxMTBaMB0xGzAZBgNVBAMT
+EnZpcC52ZS5hdHNpZ24uem9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL6sK1lj/xk61tqJbU+BjKLFcXmCrpidsgOjTuIaNyGzlA2A9ct9Paoh5cQ5
+jVlDptOaCq7YJ1B0OmO13nPPRkMNkm/cleQh3L0KOESSriSr+wOzs2nXxHas+7US
+U3bU5aRotvptozifQcgAUJKVgKBgicG2yJlDDJK1R6ZyifnHRmiOX/7z/06ecD2d
+KW3ujOfL+PLJtJXELdklHXw4vrXMAyw+p+2BL26sX5L0QWuBZGYwyoGnesQaOgiG
+xOomxES8kM7dUiU8h2B07V9Lc0BxPz7M/xekyKOnd8VbxTSpfpE9T7lQN+ZP3Mvg
+S5t8o6UEasq7Ln1JwC/z6W8oAp8CAwEAAaOCAk8wggJLMA4GA1UdDwEB/wQEAwIF
+oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+BgNVHQ4EFgQU7ksCkNm7UkeELC1L1V7c/Cgt+EkwHwYDVR0jBBgwFoAUFC6zF7dY
+VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw
+Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy
+Lm9yZy8wHQYDVR0RBBYwFIISdmlwLnZlLmF0c2lnbi56b25lMEwGA1UdIARFMEMw
+CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
+cHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAQcjK
+sd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAGCAM3tnwAABAMASDBGAiEA
+tqW+egsIjkdyQjt1LfSA85xbXfxf2eH2zhSp9HJBmIUCIQDFLbp7V+023Dgh7L+Z
+NoE7aq6XcAq0/KAQDLwbRPALGwB3AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr
+8vxw/m1HAAABggDN7bUAAAQDAEgwRgIhAMrqNRh7iwgocoGh1N/ds1RZG0dc9aFR
+g0wZvO69DkdhAiEAxaEaPU/a1DVYbFrPYaMTWVBLMFYb/LvUxFS++rhC2BMwDQYJ
+KoZIhvcNAQELBQADggEBAGD5bM5L4I43fCpzXze9L1bhAUKDskxgADaACI2s/Ri4
+BvyoDBkk2Qyut6WlOXS1f0QwCr7GS9KEihETKbR+rRypVBM5VKSNkHbH3C451LwC
+WnhizWBqDpcNBWGe1CjvG9ouRpuBbrCqh6OoJuABfULmejN9nPynA2EpiOFJEGg5
+MfR+PuQ8i7qNOzIHaPfjnDHU4ld//qSnO4H6mP7miOqm3iWTxPeMqKslcyEdjDdB
+ReHQB8lkdZ+N/i1ecvAbbzjn68NvMm9bo9B9nT2LNr1HEJj3KF10R2DvFIz3GyOP
+S9ffV+eYSxNCS/TlPOggYi/z1a2Xs0Kwe4spm+DQ8lY=
+-----END CERTIFICATE-----
diff --git a/at_functional_test/test/test_utils.dart b/at_functional_test/test/test_utils.dart
@@ -10,6 +10,9 @@ class TestUtils {
     preference.isLocalStoreRequired = true;
     preference.privateKey = demo_credentials.pkamPrivateKeyMap[atsign];
     preference.rootDomain = 'vip.ve.atsign.zone';
+    preference.decryptPackets = true;
+    preference.pathToCerts = 'test/testData/cert.pem';
+    preference.tlsKeysSavePath = 'test/tlsKeysFile';
     return preference;
   }
 }