From 89da01fad09f789eef35322f86ffd7b585119069 Mon Sep 17 00:00:00 2001 From: Gayathri Date: Thu, 29 Mar 2018 16:12:37 +0530 Subject: [PATCH 1/2] Changed query dns retry logic & removed dns backoff retry --- src/connection.c | 54 +++++++++++++++++++++++++++--------------------- src/token.c | 30 +++------------------------ 2 files changed, 33 insertions(+), 51 deletions(-) diff --git a/src/connection.c b/src/connection.c index 645190e..e1d4c52 100644 --- a/src/connection.c +++ b/src/connection.c @@ -34,6 +34,7 @@ /*----------------------------------------------------------------------------*/ #define HTTP_CUSTOM_HEADER_COUNT 5 +#define INITIAL_CJWT_RETRY -2 /*----------------------------------------------------------------------------*/ /* File Scoped Variables */ /*----------------------------------------------------------------------------*/ @@ -105,7 +106,8 @@ int createNopollConnection(noPollCtx *ctx) char *jwt_server_url= NULL; char redirectURL[128]={'\0'}; int status=0; - int allow_insecure; + int allow_insecure = -1; + int jwt_status = INITIAL_CJWT_RETRY; int connErr=0; struct timespec connErr_start,connErr_end,*connErr_startPtr,*connErr_endPtr; connErr_startPtr = &connErr_start; @@ -125,29 +127,6 @@ int createNopollConnection(noPollCtx *ctx) ParodusPrint("BootTime In sec: %d\n", get_parodus_cfg()->boot_time); ParodusInfo("Received reboot_reason as:%s\n", get_parodus_cfg()->hw_last_reboot_reason); ParodusInfo("Received reconnect_reason as:%s\n", reconnect_reason); - allow_insecure = parse_webpa_url (get_parodus_cfg()->webpa_url, - server_Address, (int) sizeof(server_Address), - port, (int) sizeof(port)); - if (allow_insecure < 0) - return nopoll_false; // must have valid default url -#ifdef FEATURE_DNS_QUERY - if (get_parodus_cfg()->acquire_jwt) { - //query dns and validate JWT - int jwt_insecure = allow_insecure_conn( - server_Address, (int) sizeof(server_Address), - port, (int) sizeof(port)); - - //store server_Address as jwt_server_url to use it for JWT retry scenarios - jwt_server_url = strdup(server_Address); - if (jwt_server_url !=NULL) - ParodusInfo("JWT ON: jwt_server_url stored as %s\n", jwt_server_url); - - if (jwt_insecure >= 0) - allow_insecure = jwt_insecure; - } -#endif - ParodusInfo("server_Address %s\n",server_Address); - ParodusInfo("port %s\n", port); max_retry_sleep = (int) get_parodus_cfg()->webpa_backoff_max; ParodusPrint("max_retry_sleep is %d\n", max_retry_sleep ); @@ -177,6 +156,33 @@ int createNopollConnection(noPollCtx *ctx) } ParodusPrint("New backoffRetryTime value calculated as %d seconds\n", backoffRetryTime); noPollConn *connection; + //retry jwt validation on query dns failure + if((jwt_status == INITIAL_CJWT_RETRY) || (jwt_status == TOKEN_ERR_QUERY_DNS_FAIL)) + { + allow_insecure = parse_webpa_url (get_parodus_cfg()->webpa_url, + server_Address, (int) sizeof(server_Address), + port, (int) sizeof(port)); + if (allow_insecure < 0) + return nopoll_false; // must have valid default url +#ifdef FEATURE_DNS_QUERY + if (get_parodus_cfg()->acquire_jwt) { + //query dns and validate JWT + jwt_status = allow_insecure_conn( + server_Address, (int) sizeof(server_Address), + port, (int) sizeof(port)); + + //store server_Address as jwt_server_url to use it for JWT retry scenarios + jwt_server_url = strdup(server_Address); + if (jwt_server_url !=NULL) + ParodusInfo("JWT ON: jwt_server_url stored as %s\n", jwt_server_url); + + if (jwt_status >= 0) + allow_insecure = jwt_status; + } +#endif + ParodusInfo("server_Address %s\n",server_Address); + ParodusInfo("port %s\n", port); + } if(allow_insecure <= 0) { ParodusPrint("secure true\n"); diff --git a/src/token.c b/src/token.c index e4fb2bc..16d755e 100644 --- a/src/token.c +++ b/src/token.c @@ -482,9 +482,6 @@ int allow_insecure_conn(char *url_buf, int url_buflen, char *jwt_token, *key; cjwt_t *jwt = NULL; char dns_txt_record_id[TXT_REC_ID_MAXSIZE]; - int backoffRetryTime = 0; - int c=2; - int retry_count = 0; jwt_token = malloc (NS_MAXBUF); if (NULL == jwt_token) { @@ -495,32 +492,11 @@ int allow_insecure_conn(char *url_buf, int url_buflen, get_dns_txt_record_id (dns_txt_record_id); - /* Backoff retry when query_dns failure (pattern 3,7,15,31,63 .) */ - - while(retry_count<=5) - { - backoffRetryTime = (int) pow(2, c) -1; + ret = query_dns(dns_txt_record_id, jwt_token); + ParodusPrint("query_dns returns %d\n", ret); - ret = query_dns(dns_txt_record_id, jwt_token); - ParodusPrint("query_dns returns %d\n", ret); - - if(ret == 0) - { - retry_count = 0; - ParodusInfo("query_dns is success ..\n"); - break; - } - else - { - ParodusInfo("query_dns backoffRetryTime %d seconds\n", backoffRetryTime); - sleep(backoffRetryTime); - c++; - retry_count++; - } - } - if(ret){ - ParodusError("query_dns: failure ..\n"); + ParodusError("Failed in DNS query\n"); if (ret == TOKEN_ERR_MEMORY_FAIL){ insecure = ret; } From 0f71f45ca66bda3c105b5c3eb3dd387c37ccb621 Mon Sep 17 00:00:00 2001 From: Gayathri Date: Thu, 29 Mar 2018 19:47:00 +0530 Subject: [PATCH 2/2] Modified test cases to verify change in jwt validation logic --- tests/test_createConnection.c | 101 +++++++++++++++++++--------------- 1 file changed, 56 insertions(+), 45 deletions(-) diff --git a/tests/test_createConnection.c b/tests/test_createConnection.c index 57ca9a6..7a74ff6 100644 --- a/tests/test_createConnection.c +++ b/tests/test_createConnection.c @@ -27,6 +27,7 @@ #include "../src/ParodusInternal.h" #include "../src/connection.h" #include "../src/config.h" +#include "../src/token.h" #define SECURE_WEBPA_URL "https://127.0.0.1" #define UNSECURE_WEBPA_URL "http://127.0.0.1" @@ -239,15 +240,14 @@ void test_createSecureConnection() assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 0); expect_function_call (allow_insecure_conn); #endif - - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY @@ -309,16 +309,15 @@ void test_createConnection() set_parodus_cfg(cfg); assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 1); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - - expect_value(nopoll_conn_new_opts, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY @@ -367,15 +366,15 @@ void test_createConnectionConnNull() assert_non_null(ctx); -#ifdef FEATURE_DNS_QUERY - setGlobalJWTUrl ("127.0.0.2"); - will_return (allow_insecure_conn, 0); - expect_function_call (allow_insecure_conn); -#endif - will_return(getWebpaConveyHeader, (intptr_t)""); expect_function_call(getWebpaConveyHeader); +#ifdef FEATURE_DNS_QUERY + setGlobalJWTUrl ("127.0.0.2"); + will_return (allow_insecure_conn, -2); + expect_function_call (allow_insecure_conn); +#endif + expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY @@ -399,7 +398,7 @@ void test_createConnectionConnNull() #else expect_string(nopoll_conn_tls_new, (intptr_t)host_ip, HOST_IP); #endif - + will_return(nopoll_conn_tls_new, (intptr_t)NULL); expect_function_call(nopoll_conn_tls_new); @@ -408,6 +407,12 @@ void test_createConnectionConnNull() expect_function_call(getCurrentTime); +#ifdef FEATURE_DNS_QUERY + setGlobalJWTUrl ("127.0.0.2"); + will_return (allow_insecure_conn, TOKEN_ERR_QUERY_DNS_FAIL); + expect_function_call (allow_insecure_conn); +#endif + expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY expect_string(nopoll_conn_tls_new6, (intptr_t)host_ip, g_jwt_server_ip); @@ -448,6 +453,12 @@ void test_createConnectionConnNull() will_return(kill, 1); expect_function_call(kill); +#ifdef FEATURE_DNS_QUERY + setGlobalJWTUrl ("127.0.0.2"); + will_return (allow_insecure_conn, 0); + expect_function_call (allow_insecure_conn); +#endif + expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY @@ -509,15 +520,15 @@ void test_createConnNull_JWT_NULL() assert_non_null(ctx); -#ifdef FEATURE_DNS_QUERY - setGlobalJWTUrl (""); - will_return (allow_insecure_conn, 0); - expect_function_call (allow_insecure_conn); -#endif - will_return(getWebpaConveyHeader, (intptr_t)""); expect_function_call(getWebpaConveyHeader); +#ifdef FEATURE_DNS_QUERY + setGlobalJWTUrl (""); + will_return (allow_insecure_conn, TOKEN_ERR_MEMORY_FAIL); + expect_function_call (allow_insecure_conn); +#endif + expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY @@ -647,15 +658,15 @@ void test_createConnectionConnNotOk() set_parodus_cfg(cfg); assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 1); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_new_opts, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY @@ -744,15 +755,15 @@ void test_createConnNotOk_JWT_NULL() set_parodus_cfg(cfg); assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl (""); will_return (allow_insecure_conn, 1); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_new_opts, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY @@ -841,15 +852,15 @@ void test_createConnectionConnRedirect() set_parodus_cfg(cfg); assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 1); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_new_opts, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY expect_string(nopoll_conn_new_opts, (intptr_t)host_ip, g_jwt_server_ip); @@ -935,15 +946,15 @@ void test_createIPv4Connection() assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 0); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_tls_new, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY expect_string(nopoll_conn_tls_new, (intptr_t)host_ip, g_jwt_server_ip); @@ -984,15 +995,15 @@ void test_createIPv6Connection() assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 0); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY expect_string(nopoll_conn_tls_new6, (intptr_t)host_ip, g_jwt_server_ip); @@ -1035,15 +1046,15 @@ void test_createIPv6toIPv4Connection() assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 0); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY expect_string(nopoll_conn_tls_new6, (intptr_t)host_ip, g_jwt_server_ip); @@ -1111,15 +1122,15 @@ void test_createFallbackRedirectionConn() assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 0); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY expect_string(nopoll_conn_tls_new6, (intptr_t)host_ip, g_jwt_server_ip); @@ -1212,15 +1223,15 @@ void test_createIPv6FallbackRedirectConn() assert_non_null(ctx); + will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); + expect_function_call(getWebpaConveyHeader); + #ifdef FEATURE_DNS_QUERY setGlobalJWTUrl ("127.0.0.2"); will_return (allow_insecure_conn, 0); expect_function_call (allow_insecure_conn); #endif - will_return(getWebpaConveyHeader, (intptr_t)"WebPA-1.6 (TG1682)"); - expect_function_call(getWebpaConveyHeader); - expect_value(nopoll_conn_tls_new6, (intptr_t)ctx, (intptr_t)ctx); #ifdef FEATURE_DNS_QUERY expect_string(nopoll_conn_tls_new6, (intptr_t)host_ip, g_jwt_server_ip);