Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add multi-certificate authentication to client #60

Merged
merged 1 commit into from
Mar 14, 2024
Merged

Add multi-certificate authentication to client #60

merged 1 commit into from
Mar 14, 2024

Conversation

hwipl
Copy link
Contributor

@hwipl hwipl commented Mar 13, 2024

Add the command line arguments "-user-cert" and "-user-key" to oc-client and the options "UserCertificate" and "UserKey" to the client config to support multi-certificate authentication.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 13, 2024
edited
Loading

Test Result

🙌 254 Tests pass

Test Details

🟢 TestAddrMonStartStop (0.00s)
🟢 TestAddrMonUpdates (0.00s)
🟢 TestNewAddrMon (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestNewMessage (0.00s)
🟢 TestNewOK (0.00s)
🟢 TestNewError (0.00s)
🟢 TestReadMessageErrors (0.00s)
🟢 TestWriteMessageErrors (0.00s)
🟢 TestReadWriteMessage (0.00s)
🟢 TestRequestType (0.00s)
🟢 TestRequestData (0.00s)
🟢 TestRequestReply (0.00s)
🟢 TestRequestError (0.00s)
🟢 TestRequestCloseErrors (0.00s)
🟢 TestRequestClose (0.00s)
🟢 TestServerHandleRequest (0.00s)
🟢 TestServerSetSocketOwner (0.00s)
🟢 TestServerSetSocketGroup (0.00s)
🟢 TestServerSetSocketPermissions (0.00s)
🟢 TestServerStartStop (0.00s)
🟢 TestServerRequests (0.00s)
🟢 TestNewServer (0.00s)
🟢 TestListServers (0.00s)
🟢 TestConnectVPN (0.00s)
🟢 TestDisconnectVPN (0.00s)
🟢 TestReconnectVPN (0.00s)
🟢 TestGetStatus (0.00s)
🟢 TestMonitor (0.00s)
🟢 TestRun (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestCPDProbeCheck (0.00s)
🟢 TestCPDProbeCheck/stop_during_probe (0.00s)
🟢 TestCPDProbeCheck/redirect_without_url (0.00s)
🟢 TestCPDProbeCheck/invalid_server (0.00s)
🟢 TestCPDProbeCheck/invalid_content_length (0.00s)
🟢 TestCPDHandleProbeRequest (0.00s)
🟢 TestCPDHandleProbeReport (0.00s)
🟢 TestCPDHandleTimer (0.00s)
🟢 TestCPDStartStop (0.00s)
🟢 TestCPDHosts (0.00s)
🟢 TestCPDProbe (0.00s)
🟢 TestCPDProbe/not_detected (0.00s)
🟢 TestCPDProbe/detected (0.00s)
🟢 TestCPDResults (0.00s)
🟢 TestNewCPD (0.00s)
🟢 TestPrepareFolders (0.00s)
🟢 TestRun (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestConfigLoad (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestDaemonErrors (0.00s)
🟢 TestNewDaemon (0.00s)
🟢 TestVPNConfigUpdateValid (0.00s)
🟢 TestVPNConfigUpdateJSON (0.00s)
🟢 TestNewVPNConfigUpdate (0.00s)
🟢 TestRequestWaitClose (0.00s)
🟢 TestDaemonConnectErrors (0.00s)
🟢 TestDaemonConnect (0.00s)
🟢 TestDaemonDisconnectErrors (0.00s)
🟢 TestDaemonDisconnect (0.00s)
🟢 TestServiceStartStop (0.00s)
🟢 TestServiceRequests (0.00s)
🟢 TestServiceSetProperty (0.00s)
🟢 TestNewService (0.00s)
🟢 TestDevMonStartStop (0.00s)
🟢 TestDevMonUpdates (0.00s)
🟢 TestNewDevMon (0.00s)
🟢 TestConfigResolvConfDirs (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestDNSMonStartEvents (0.00s)
🟢 TestDNSMonStartStop (0.01s)
🟢 TestDNSMonUpdates (0.00s)
🟢 TestNewDNSMon (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestProxyHandleRequest (0.00s)
🟢 TestProxyStartStop (0.00s)
🟢 TestProxyReports (0.00s)
🟢 TestProxySetRemotes (0.00s)
🟢 TestProxySetWatches (0.00s)
🟢 TestNewProxy (0.00s)
🟢 TestRemotesAdd (0.00s)
🟢 TestRemotesRemove (0.00s)
🟢 TestRemotesFlush (0.00s)
🟢 TestRemotesGet (0.00s)
🟢 TestNewRemotes (0.00s)
🟢 TestReportString (0.00s)
🟢 TestReportWaitDone (0.00s)
🟢 TestNewReport (0.00s)
🟢 TestWatchesAdd (0.00s)
🟢 TestWatchesAddTemp (0.00s)
🟢 TestWatchesRemove (0.00s)
🟢 TestWatchesCleanTemp (0.00s)
🟢 TestWatchesFlush (0.00s)
🟢 TestWatchesContains (0.00s)
🟢 TestNewWatches (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestConfigCheckExecutables (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestRunCmd (0.00s)
🟢 TestRunCmdOutput (0.01s)
🟢 TestRunIP (0.00s)
🟢 TestRunIPLink (0.00s)
🟢 TestRunIPAddress (0.00s)
🟢 TestRunIP4Route (0.00s)
🟢 TestRunIP6Route (0.00s)
🟢 TestRunIP4Rule (0.00s)
🟢 TestRunIP6Rule (0.00s)
🟢 TestRunSysctl (0.00s)
🟢 TestRunNft (0.00s)
🟢 TestRunResolvectl (0.00s)
🟢 TestRunResolvectlOutput (0.00s)
🟢 TestSetExecutables (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestConnectStartStop (0.00s)
🟢 TestConnectSavePidFile (0.00s)
🟢 TestConnectConnect (0.00s)
🟢 TestConnectDisconnect (0.00s)
🟢 TestConnectEvents (0.00s)
🟢 TestNewConnect (0.00s)
🟢 TestCleanupConnect (0.00s)
🟢 TestProfileMonHandleEvent (0.00s)
🟢 TestProfileMonStartEvents (0.00s)
🟢 TestProfileMonStartStop (0.00s)
🟢 TestProfileMonUpdates (0.00s)
🟢 TestNewProfileMon (0.00s)
🟢 TestSleepMonHandleSignal (0.00s)
🟢 TestSleepMonStartEvents (0.00s)
🟢 TestSleepMonStartErrors (0.00s)
🟢 TestSleepMonStartStop (0.00s)
🟢 TestSleepMonEvents (0.00s)
🟢 TestNewSleepMon (0.00s)
🟢 TestAddressesAdd (0.00s)
🟢 TestAddressesRemove (0.00s)
🟢 TestAddressesGet (0.00s)
🟢 TestNewAddresses (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestDevicesAdd (0.00s)
🟢 TestDevicesRemove (0.00s)
🟢 TestDevicesGetReal (0.00s)
🟢 TestDevicesGetVirtual (0.00s)
🟢 TestDevicesGetAll (0.00s)
🟢 TestNewDevices (0.00s)
🟢 TestExcludesAddStatic (0.00s)
🟢 TestExcludesAddDynamic (0.00s)
🟢 TestExcludesRemove (0.00s)
🟢 TestExcludesCleanup (0.00s)
🟢 TestExcludesStartStop (0.00s)
🟢 TestNewExcludes (0.00s)
🟢 TestSplitRoutingHandleDeviceUpdate (0.00s)
🟢 TestSplitRoutingHandleAddressUpdate (0.00s)
🟢 TestSplitRoutingHandleDNSReport (0.00s)
🟢 TestSplitRoutingStartStop (0.00s)
🟢 TestSplitRoutingDNSReports (0.00s)
🟢 TestNewSplitRouting (0.00s)
🟢 TestCleanup (0.00s)
🟢 TestAllowDevsAdd (0.00s)
🟢 TestAllowDevsRemove (0.00s)
🟢 TestNewAllowDevs (0.00s)
🟢 TestAllowHostsAdd (0.00s)
🟢 TestAllowHostsRemove (0.00s)
🟢 TestAllowHostsStartStop (0.00s)
🟢 TestAllowHostsUpdate (1.01s)
🟢 TestNewAllowHosts (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestFilterFunctionsErrors (0.00s)
🟢 TestTrafPolHandleDeviceUpdate (0.00s)
🟢 TestTrafPolHandleDNSUpdate (0.00s)
🟢 TestTrafPolHandleCPDReport (0.00s)
🟢 TestTrafPolStartEvents (0.02s)
🟢 TestTrafPolStartStop (0.00s)
🟢 TestNewTrafPol (0.00s)
🟢 TestCleanup (0.00s)
🟢 TestRunClient (0.04s)
🟢 TestRun (0.00s)
🟢 TestCreateConfigSplit (0.00s)
🟢 TestCreateConfigUpdate (0.00s)
🟢 TestParseEnvironmentSplit (0.00s)
🟢 TestParseDNSSplitExcXML (0.00s)
🟢 TestParseBypassVSubnetsXML (0.00s)
🟢 TestGetPostAuthXML (0.00s)
🟢 TestParseDNSSplitExc (0.00s)
🟢 TestParseBypassVSubnets (0.00s)
🟢 TestParseDisableAlwaysOnVPN (0.00s)
🟢 TestParseEnvironment (0.00s)
🟢 TestSetupVPNDevice (0.00s)
🟢 TestTeardownVPNDevice (0.00s)
🟢 TestVPNSetupSetupDNS (0.00s)
🟢 TestVPNSetupTeardownDNS (0.00s)
🟢 TestVPNSetupCheckDNSProtocols (0.00s)
🟢 TestVPNSetupCheckDNSServers (0.00s)
🟢 TestVPNSetupCheckDNSDomain (0.00s)
🟢 TestVPNSetupEnsureDNS (0.00s)
🟢 TestVPNSetupStartStop (0.00s)
🟢 TestVPNSetupSetupTeardown (2.00s)
🟢 TestVPNSetupEvents (0.00s)
🟢 TestNewVPNSetup (0.00s)
🟢 TestCleanup (0.00s)
🟢 TestDBusClientSetGetConfig (0.00s)
🟢 TestDBusClientSetGetEnv (0.00s)
🟢 TestDBusClientSetGetLogin (0.00s)
🟢 TestDBusClientPing (0.00s)
🟢 TestDBusClientQuery (0.00s)
🟢 TestDBusClientSubscribe (0.00s)
🟢 TestDBusClientAuthenticate (0.00s)
🟢 TestDBusClientConnect (0.00s)
🟢 TestDBusClientDisconnect (0.00s)
🟢 TestNewDBusClient (0.00s)
🟢 TestNewClient (0.00s)
🟢 TestConfigCopy (0.00s)
🟢 TestConfigEmpty (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestConfigExpand (0.00s)
🟢 TestNewConfig (0.00s)
🟢 TestLoadConfig (0.00s)
🟢 TestLoadUserSystemConfig (0.00s)
🟢 TestLoginInfoCopy (0.00s)
🟢 TestLoginInfoValid (0.00s)
🟢 TestLoginInfoParseLine (0.00s)
🟢 TestFromJSON (0.00s)
🟢 TestDNSRemotes (0.00s)
🟢 TestSplitDNSExcludes (0.00s)
🟢 TestConfigCopy (0.00s)
🟢 TestConfigEmpty (0.00s)
🟢 TestConfigEqual (0.00s)
🟢 TestConfigValid (0.00s)
🟢 TestConfigJSON (0.00s)
🟢 TestNew (0.00s)
🟢 TestNewFromJSON (0.00s)
🟢 TestTrustedNetworkTrusted (0.00s)
🟢 TestTrustedNetworkString (0.00s)
🟢 TestConnectionStateConnected (0.00s)
🟢 TestConnectionStateString (0.00s)
🟢 TestOCRunningRunning (0.00s)
🟢 TestOCRunningString (0.00s)
🟢 TestStatusCopy (0.00s)
🟢 TestJSON (0.00s)
🟢 TestNew (0.00s)
🟢 TestProfileGetAllowedHosts (0.00s)
🟢 TestProfileGetVPNServers (0.00s)
🟢 TestProfileGetVPNServerHostNames (0.00s)
🟢 TestProfileGetTNDServers (0.00s)
🟢 TestProfileGetTNDHTTPSServers (0.00s)
🟢 TestProfileGetAlwaysOn (0.00s)
🟢 TestProfileEqual (0.00s)
🟢 TestNewProfile (0.00s)
🟢 TestLoadProfile (0.00s)
🟢 TestLoadSystemProfile (0.00s)

Coverage

Total coverage: 🟩🟩🟩🟥 79.0%

Coverage Details
Coverage File Uncovered Lines
🟥🟥🟥🟥 0.0% /cmd/oc-client/main.go 8-10
🟥🟥🟥🟥 0.0% /cmd/oc-daemon-vpncscript/main.go 8-10
🟥🟥🟥🟥 0.0% /cmd/oc-daemon/main.go 8-10
🟩🟩🟩🟥 88.2% /internal/addrmon/addrmon.go 46-48, 67-69, 86-89, 102-104
🟩🟩🟩🟩 100.0% /internal/api/config.go
🟩🟩🟩🟩 100.0% /internal/api/message.go
🟩🟩🟩🟩 100.0% /internal/api/request.go
🟩🟩🟩🟥 86.6% /internal/api/server.go 29-30, 71-71, 91-96, 114-117, 138-141, 170-172, 176-178, 201-203
🟩🟩🟩🟥 92.5% /internal/client/client.go 68-74, 120-122, 129-131, 135-138, 156-158, 232-234
🟩🟩🟩🟥 94.9% /internal/client/cmd.go 36-38, 39-41, 247-252
🟩🟩🟩🟩 100.0% /internal/cpd/config.go
🟩🟩🟩🟩 98.5% /internal/cpd/cpd.go 179-181
🟩🟩🟥🟥 73.5% /internal/daemon/cmd.go 108-134
🟩🟩🟩🟩 100.0% /internal/daemon/config.go
🟥🟥🟥🟥 2.3% /internal/daemon/daemon.go 70-462, 477-794
🟩🟩🟩🟥 89.5% /internal/daemon/vpnconfigupdate.go 42-44, 53-55
🟩🟩🟩🟩 97.4% /internal/dbusapi/service.go 200-213, 389-389
🟩🟩🟩🟥 86.0% /internal/devmon/devmon.go 36-36, 82-92, 109-111, 142-144
🟩🟩🟩🟩 100.0% /internal/dnsmon/config.go
🟩🟩🟩🟥 86.8% /internal/dnsmon/dnsmon.go 47-49, 59-62, 88-90, 94-96
🟩🟩🟩🟩 100.0% /internal/dnsproxy/config.go
🟩🟩🟩🟥 89.9% /internal/dnsproxy/proxy.go 76-78, 87-89, 98-100, 123-128, 132-134
🟩🟩🟩🟩 100.0% /internal/dnsproxy/remotes.go
🟩🟩🟩🟩 100.0% /internal/dnsproxy/report.go
🟩🟩🟩🟩 97.3% /internal/dnsproxy/watches.go 90-92
🟩🟩🟩🟩 100.0% /internal/execs/config.go
🟩🟩🟩🟩 100.0% /internal/execs/execs.go
🟩🟩🟩🟩 100.0% /internal/ocrunner/config.go
🟩🟩🟩🟩 100.0% /internal/ocrunner/connect.go
🟩🟩🟩🟥 87.8% /internal/profilemon/profilemon.go 30-30, 57-59, 66-70, 97-99, 103-105
🟩🟩🟩🟩 100.0% /internal/sleepmon/sleepmon.go 30-30
🟩🟩🟩🟩 100.0% /internal/splitrt/addresses.go
🟩🟩🟩🟩 100.0% /internal/splitrt/config.go
🟩🟩🟩🟩 100.0% /internal/splitrt/devices.go
🟩🟩🟩🟩 95.0% /internal/splitrt/excludes.go 150-152, 155-157
🟩🟩🟩🟩 100.0% /internal/splitrt/filter.go
🟩🟩🟩🟩 100.0% /internal/splitrt/route.go
🟩🟩🟩🟩 95.2% /internal/splitrt/splitrt.go 254-257, 260-264
🟩🟩🟩🟩 100.0% /internal/trafpol/allowdevs.go
🟩🟩🟩🟥 94.6% /internal/trafpol/allowhosts.go 27-29, 94-96, 217-221, 230-232
🟩🟩🟩🟩 100.0% /internal/trafpol/config.go
🟩🟩🟩🟩 100.0% /internal/trafpol/filter.go
🟩🟩🟩🟥 84.4% /internal/trafpol/trafpol.go 136-138, 143-145, 153-159
🟩🟩🟩🟥 85.7% /internal/vpncscript/client.go 25-27, 33-35, 39-41
🟩🟩🟩🟥 83.3% /internal/vpncscript/cmd.go 59-61, 74-79
🟩🟩🟩🟥 83.0% /internal/vpncscript/config.go 24-26, 33-35, 52-54, 72-74, 89-91, 111-113, 120-122, 127-129, 143-145, 152-154, 159-161, 185-187, 190-192, 195-197, 200-202, 205-207, 210-212, 227-229
🟩🟩🟩🟩 100.0% /internal/vpncscript/env.go
🟩🟩🟩🟩 97.5% /internal/vpnsetup/vpnsetup.go 63-63, 124-126, 128-130, 135-137, 374-374, 444-444
🟩🟩🟩🟥 94.4% /pkg/client/client.go 125-127, 180-183, 191-201, 297-304, 360-360, 504-516, 531-535
🟩🟩🟩🟩 100.0% /pkg/client/config.go
🟩🟩🟩🟩 100.0% /pkg/logininfo/logininfo.go
🟩🟩🟩🟩 100.0% /pkg/vpnconfig/config.go
🟩🟩🟩🟩 100.0% /pkg/vpnstatus/status.go
🟩🟩🟩🟩 100.0% /pkg/xmlprofile/profile.go
🟥🟥🟥🟥 0.0% /tools/dbusclient/main.go 14-162
🟥🟥🟥🟥 0.0% /tools/devmon/main.go 11-19
🟥🟥🟥🟥 0.0% /tools/dnsproxy/main.go 22-85

@hwipl hwipl requested review from jandd and malaupa March 13, 2024 16:34
jandd
jandd reviewed Mar 13, 2024
View reviewed changes
Copy link
Contributor

@jandd jandd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A hint that -user-cert/-user-key is only supported when using openconnect >= 9 might be a good idea.

@hwipl hwipl force-pushed the feature/add-multi-certificate-authentication branch from f418ddc to 684779d Compare March 14, 2024 10:02
@hwipl
Add multi-certificate authentication to client
db39ba4 
Add the command line arguments "-user-cert" and "-user-key" to oc-client
and the options "UserCertificate" and "UserKey" to the client config to
support multi-certificate authentication.

Signed-off-by: hwipl <[email protected]>
@hwipl hwipl force-pushed the feature/add-multi-certificate-authentication branch from 684779d to db39ba4 Compare March 14, 2024 14:37
@hwipl
Copy link
Contributor Author

hwipl commented Mar 14, 2024

A hint that -user-cert/-user-key is only supported when using openconnect >= 9 might be a good idea.

Yes, I added a note to both command line arguments that OpenConnect v9.00 or higher is required.

@hwipl hwipl merged commit 0ddad25 into main Mar 14, 2024
2 checks passed
@hwipl hwipl deleted the feature/add-multi-certificate-authentication branch March 14, 2024 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jandd jandd jandd approved these changes

@malaupa malaupa Awaiting requested review from malaupa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hwipl @jandd