feat(manufacturing-client): add https support

- changes on client side to support https request

Signed-off-by: Sarita Mahajan <[email protected]>

Author: sarmahaj

client-linuxapp/src/main.rs

@@ -149,7 +149,7 @@ async fn get_client_list(rv_entry: &RendezvousInterpretedDirective) -> Result<Ve
         service_client_list.push(fdo_http_wrapper::client::ServiceClient::new(
             ProtocolVersion::Version1_1,
             url,
-        ));
+        )?);
     }
     log::trace!("Client list: {:?}", service_client_list);
     Ok(service_client_list)
@@ -855,7 +855,7 @@ async fn perform_to2(
 ) -> Result<bool> {
     log::info!("Performing TO2 protocol, URL: {:?}", url);
 
-    let mut client = fdo_http_wrapper::client::ServiceClient::new(ProtocolVersion::Version1_1, url);
+    let mut client = fdo_http_wrapper::client::ServiceClient::new(ProtocolVersion::Version1_1, url)?;
 
     let nonce5 = match get_nonce(MessageType::TO1RVRedirect).await {
         Ok(nonce5) => nonce5,

http-wrapper/Cargo.toml

@@ -29,7 +29,7 @@ warp-sessions = { version = "1.0", optional = true }
 time = "0.3"
 
 # Client-side
-reqwest = { version = "0.11", optional = true, features = ["native-tls", "json"] }
+reqwest = { version = "0.11.21", optional = true, features = ["native-tls", "json", "__tls"] }
 url = { version = "2", optional = true }
 
 [features]

http-wrapper/src/client.rs

@@ -12,6 +12,8 @@ use fdo_data_formats::{
 
 use crate::EncryptionKeys;
 
+use std::env;
+
 #[derive(Debug, Error)]
 #[non_exhaustive]
 pub enum Error {
@@ -149,16 +151,26 @@ pub struct ServiceClient {
 }
 
 impl ServiceClient {
-    pub fn new(protocol_version: ProtocolVersion, base_url: &str) -> Self {
-        ServiceClient {
+    pub fn new(protocol_version: ProtocolVersion, base_url: &str) -> RequestResult<Self> {
+        let mut client_builder = reqwest::Client::builder();
+
+        if env::var("DEV_ENVIRONMENT").is_ok() {
+            log::debug!("DEV_ENVIRONMENT is set");
+            client_builder = client_builder.danger_accept_invalid_certs(true);
+        }
+
+        Ok(ServiceClient {  
             protocol_version,
             base_url: base_url.trim_end_matches('/').to_string(),
-            client: reqwest::Client::new(),
+            client: client_builder
+            .tls_info(true)
+          //  .danger_accept_invalid_certs(true)
+            .build()?,
             authorization_token: None,
             encryption_keys: EncryptionKeys::unencrypted(),
             last_message_type: None,
             non_interoperable_kdf_required: None,
-        }
+        })
     }
 
     pub fn non_interoperable_kdf_required(&self) -> Option<bool> {
@@ -211,14 +223,15 @@ impl ServiceClient {
         let to_send = to_send.serialize_data()?;
         let to_send = self.encryption_keys.encrypt(&to_send)?;
         log::trace!("Sending message: {:?}", hex::encode(&to_send));
-
-        let url = format!(
-            "{}/fdo/{}/msg/{}",
+     
+         let url = format!(
+            "{}/fdo/{}/msg/{}", 
             &self.base_url,
             self.protocol_version,
             OM::message_type() as u8
-        );
+        ); 
 
+        log::debug!("url: {}",url);
         let mut req = self
             .client
             .post(&url)

manufacturing-client/src/main.rs

@@ -349,7 +349,7 @@ async fn main() -> Result<()> {
                 keyref = KeyReference::str_key(args.key_ref)
                     .await
                     .context("Error determining key for DI")?;
-                client = ServiceClient::new(ProtocolVersion::Version1_1, &url);
+                client = ServiceClient::new(ProtocolVersion::Version1_1, &url)?;
             }
             Commands::NoPlainDI(args) => {
                 url = args.manufacturing_server_url;
@@ -369,7 +369,7 @@ async fn main() -> Result<()> {
                 }
 
                 log::debug!("Performing DIUN");
-                client = ServiceClient::new(ProtocolVersion::Version1_1, &url);
+                client = ServiceClient::new(ProtocolVersion::Version1_1, &url)?;
                 (keyref, mfg_string_type) = perform_diun(&mut client, diun_pub_key_verification)
                     .await
                     .context("Error performing DIUN")?;
@@ -400,7 +400,7 @@ async fn main() -> Result<()> {
 
         url = env::var("MANUFACTURING_SERVER_URL")
             .context("Please provide MANUFACTURING_SERVER_URL")?;
-        client = ServiceClient::new(ProtocolVersion::Version1_1, &url);
+        client = ServiceClient::new(ProtocolVersion::Version1_1, &url)?;
 
         let use_plain_di = match env::var("USE_PLAIN_DI") {
             Ok(val) => val == "true",

owner-onboarding-server/src/main.rs

@@ -150,7 +150,7 @@ async fn report_ov_to_rendezvous(
             );
 
             let mut rv_client =
-                fdo_http_wrapper::client::ServiceClient::new(ProtocolVersion::Version1_1, &rv_url);
+                fdo_http_wrapper::client::ServiceClient::new(ProtocolVersion::Version1_1, &rv_url)?;
 
             // Send: Hello, Receive: HelloAck
             let hello_ack: RequestResult<messages::v11::to0::HelloAck> = rv_client