Allow specifying a keyfile with cert-based authentication (#398)

* Add cert based authentication Add certificate based authentication * Add certificate based authentication * Addressed review comments Addressed review comments * Update messaging.py redundant check on un verified context
2021-11-09 12:53:19 -08:00 · 2021-11-09 12:53:19 -08:00 · 288b029ce7
--- a/docs/user-guide/Authentication.md
+++ b/docs/user-guide/Authentication.md
@ -1,6 +1,8 @@
 # Authentication

-RESTler supports token-based authentication.  
+RESTler supports token-based and certificate based authentication.
+
+**Token based authentication**

 The user must provide a separate program to generate tokens, which implements the authentication method required by the API.  This will be invoked in a separate process by RESTler to obtain and regularly refresh tokens.  When invoked, this program must print metadata about the tokens on the first line, followed by each token and the required token header on a separate line for each application.  For example:

@ -30,4 +32,8 @@ Note: in the above example, there are two different applications.  This is only

 **Token values in logs**

-RESTler has logic to prevent token values from being written to the network logs.  It is recommended to check the RESTler network logs and make sure that the token values are, indeed,  successfully omitted from the logs. 
+RESTler has logic to prevent token values from being written to the network logs.  It is recommended to check the RESTler network logs and make sure that the token values are, indeed,  successfully omitted from the logs. 
+                
+**Certificate based authentication**
+                
+A Certificate and corresponding keys can be used as an authentication mechanism. See the SettingsFile.md for the settings that should be used to specify a certificate. If both the keyfile and certificate path are valid, RESTler will attempt to use it during the SSL handshake. 
--- a/docs/user-guide/SettingsFile.md
+++ b/docs/user-guide/SettingsFile.md
@ -32,6 +32,11 @@ Path to your X.509 certificate file in PEM format.

 If provided and valid, RESTler will attempt to use it during the SSL handshake.

+### client_certificate_key_path: str (default None)
+Path to your key file in a txt file.
+
+If provided and valid, RESTler will attempt to use it during the SSL handshake.
+
 ### custom_bug_codes: list(str)
 List of status codes that will be flagged as bugs.

--- a/restler/engine/transport_layer/messaging.py
+++ b/restler/engine/transport_layer/messaging.py
@ -55,10 +55,13 @@ class HttpSock(object):
                    context = ssl.create_default_context()
                if Settings().client_certificate_path:
                    context.load_cert_chain(
-                        certfile=Settings().client_certificate_path
+                        certfile = Settings().client_certificate_path,
+                        keyfile = Settings().client_certificate_key_path,
                    )
-                with socket.create_connection((target_ip, target_port or 443)) as sock:
+                      
+                with socket.create_connection((target_ip, target_port or 443)) as sock:                  
                    self._sock = context.wrap_socket(sock, server_hostname=host)
+
            else:
                self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                self._sock.connect((target_ip, target_port or 80))
--- a/restler/restler_settings.py
+++ b/restler/restler_settings.py
@ -364,6 +364,8 @@ class RestlerSettings(object):

        ## Path to Client Cert for Certificate Based Authentication
        self._client_certificate_path = SettingsArg('client_certificate_path', str, None, user_args)
+        ## Path to Client Cert Key for Certificate Based Authentication
+        self._client_certificate_key_path = SettingsArg('client_certificate_key_path', str, None, user_args)
        ## List of endpoints whose resource is to be created only once - Will be set with other per_resource settings
        self._create_once_endpoints = SettingsListArg('create_once', str, None, val_convert=str_to_hex_def)
        ## List of status codes that will be flagged as bugs
@ -469,6 +471,10 @@ class RestlerSettings(object):
    @property
    def client_certificate_path(self):
        return self._client_certificate_path.val
+    
+    @property
+    def client_certificate_key_path(self):
+        return self._client_certificate_key_path.val

    @property
    def connection_settings(self):