feat: Allow Hornet/SSL connection

Synchronize to the latest iota.c commit which allows tangle-accelerator
to connect to Hornet.

In this commit, tangle-accelerator will start to connect to IOTA full
node under SSL connection only.

close #649

WORKSPACE

@@ -15,13 +15,13 @@ git_repository(
 
 git_repository(
     name = "iota.c",
-    commit = "fd9d67989dc5161117b39a9a3351afcfb118bcad",
+    commit = "3f1c255bd6e7ccc19bd527a83fa4593d342cad32",
     remote = "https://github.com/iotaledger/iota.c.git",
 )
 
 git_repository(
     name = "org_iota_common",
-    commit = "c644b7715662dc7b73191ae964f4ede06ee6c975",
+    commit = "cf649803757abf48432d4fa60e9f27ac119bae5f",
     remote = "https://github.com/iotaledger/iota_common.git",
 )
 

accelerator/cli_info.h

@@ -58,6 +58,8 @@ typedef enum ta_cli_arg_value_e {
 
   /** LOGGER */
   QUIET,
+
+  CA_PEM,
 } ta_cli_arg_value_t;
 
 static struct ta_cli_argument_s {
@@ -75,6 +77,7 @@ static struct ta_cli_argument_s {
      "Determine thread pool size to process HTTP connections."},
     {"iri_host", required_argument, NULL, IRI_HOST_CLI, "IRI listening host"},
     {"iri_port", required_argument, NULL, IRI_PORT_CLI, "IRI listening port"},
+    {"CA_PEM", required_argument, NULL, CA_PEM, "The path to CA PEM file"},
     {"mqtt_host", required_argument, NULL, MQTT_HOST_CLI, "MQTT listening host"},
     {"mqtt_root", required_argument, NULL, MQTT_ROOT_CLI, "MQTT listening topic root"},
     {"iri_address", required_argument, NULL, IRI_ADDRESS_CLI, " List of IRI listening URL"},

accelerator/config.c

@@ -13,6 +13,28 @@
 #include "yaml.h"
 
 #define CONFIG_LOGGER "config"
+#define CA_PEM_LEN 1208
+#define DEFAULT_CA_PEM                                                   \
+  "-----BEGIN CERTIFICATE-----\r\n"                                      \
+  "MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\r\n" \
+  "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\r\n" \
+  "b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\r\n" \
+  "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\r\n" \
+  "b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\r\n" \
+  "ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\r\n" \
+  "9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\r\n" \
+  "IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\r\n" \
+  "VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\r\n" \
+  "93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\r\n" \
+  "jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\r\n" \
+  "AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\r\n" \
+  "A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\r\n" \
+  "U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\r\n" \
+  "N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\r\n" \
+  "o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\r\n" \
+  "5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\r\n" \
+  "rqXRfboQnoZsG4q5WTP468SQvvG5\r\n"                                     \
+  "-----END CERTIFICATE-----\r\n"
 
 static logger_id_t logger_id;
 
@@ -46,6 +68,7 @@ status_t cli_core_set(ta_core_t* const core, int key, char* const value) {
   iota_config_t* const iota_conf = &core->iota_conf;
   ta_cache_t* const cache = &core->cache;
   iota_client_service_t* const iota_service = &core->iota_service;
+  FILE* file = NULL;
   char* conf_file = core->conf_file;
 #ifdef DB_ENABLE
   db_client_service_t* const db_service = &core->db_service;
@@ -103,6 +126,19 @@ status_t cli_core_set(ta_core_t* const core, int key, char* const value) {
       }
       iota_service->http.port = ta_conf->iota_port_list[0];
       break;
+
+    case CA_PEM:
+      if ((file = fopen(value, "r")) == NULL) {
+        /* The specified configuration file does not exist */
+        ta_log_error("%s\n", ta_error_to_string(SC_CONF_FOPEN_ERROR));
+        return SC_CONF_FOPEN_ERROR;
+      }
+      char* temp_ca_pem_path = (char*)malloc(sizeof(char) * (CA_PEM_LEN + 1));
+      fread(temp_ca_pem_path, CA_PEM_LEN, 1, file);
+      iota_service->http.ca_pem = temp_ca_pem_path;
+      fclose(file);
+      break;
+
     case HEALTH_TRACK_PERIOD:
       strtol_temp = strtol(value, NULL, 10);
       if (strtol_p != value && errno != ERANGE && strtol_temp >= INT_MIN && strtol_temp <= INT_MAX) {
@@ -215,14 +251,15 @@ status_t cli_core_set(ta_core_t* const core, int key, char* const value) {
   return SC_OK;
 }
 
-status_t ta_set_iota_client_service(iota_client_service_t* service, char const* host, uint16_t port) {
+status_t ta_set_iota_client_service(iota_client_service_t* service, char const* host, uint16_t port,
+                                    char const* const ca_pem) {
   strncpy(service->http.path, "/", CONTENT_TYPE_MAX_LEN);
   strncpy(service->http.content_type, "application/json", CONTENT_TYPE_MAX_LEN);
   strncpy(service->http.accept, "application/json", CONTENT_TYPE_MAX_LEN);
   strncpy(service->http.host, host, HOST_MAX_LEN);
   service->http.port = port;
   service->http.api_version = 1;
-  service->http.ca_pem = NULL;
+  service->http.ca_pem = ca_pem ? ca_pem : DEFAULT_CA_PEM;
   service->serializer_type = SR_JSON;
   init_json_serializer(&service->serializer);
 
@@ -280,6 +317,7 @@ status_t ta_core_default_init(ta_core_t* const core) {
   strncpy(iota_service->http.content_type, "application/json", CONTENT_TYPE_MAX_LEN);
   strncpy(iota_service->http.accept, "application/json", CONTENT_TYPE_MAX_LEN);
   strncpy(iota_service->http.host, IRI_HOST, HOST_MAX_LEN);
+  iota_service->http.ca_pem = DEFAULT_CA_PEM;
   iota_service->http.port = IRI_PORT;
   iota_service->http.api_version = 1;
   iota_service->serializer_type = SR_JSON;

accelerator/config.h

@@ -50,7 +50,7 @@ extern "C" {
 #define MAX_HTTP_TPOOL_SIZE \
   (get_nprocs_conf() - get_nthds_per_phys_proc()) /** < Preserve at least one physical processor */
 #define IRI_HOST "localhost"
-#define IRI_PORT 14265
+#define IRI_PORT 443
 #define MAX_IRI_LIST_ELEMENTS 5
 #define DB_HOST "localhost"
 #define MILESTONE_DEPTH 3
@@ -196,12 +196,14 @@ void ta_core_destroy(ta_core_t* const core);
  * @param service[in] IOTA client service
  * @param host[in] host of connecting service
  * @param port[in] port of connecting service
+ * @param ca_pem[in] CA PEM path
  *
  * @return
  * - SC_OK on success
  * - non-zero on error
  */
-status_t ta_set_iota_client_service(iota_client_service_t* service, char const* host, uint16_t port);
+status_t ta_set_iota_client_service(iota_client_service_t* service, char const* host, uint16_t port,
+                                    char const* const ca_pem);
 
 #ifdef __cplusplus
 }

accelerator/core/apis.c

@@ -281,7 +281,8 @@ status_t api_send_transfer(const ta_core_t* const core, const iota_client_servic
   }
 
   // return transaction object
-  if (hash243_queue_push(&txn_obj_req->hashes, hash243_queue_peek(res->hash))) {
+  if (hash243_queue_count(res->hash) == 0 || hash243_queue_push(&txn_obj_req->hashes, hash243_queue_peek(res->hash))) {
+    ret = SC_CCLIENT_FAILED_RESPONSE;
     ta_log_error("%s\n", "hash243_queue_push failed");
     goto done;
   }

connectivity/http/http.c

@@ -415,12 +415,13 @@ static int ta_http_handler(void *cls, struct MHD_Connection *connection, const c
   if (http_req->answer_code == MHD_NO) {
     /* decide which API function should be called */
     iota_client_service_t iota_service;
-    ta_set_iota_client_service(&iota_service, api->core->iota_service.http.host, api->core->iota_service.http.port);
+    ta_set_iota_client_service(&iota_service, api->core->iota_service.http.host, api->core->iota_service.http.port,
+                               api->core->iota_service.http.ca_pem);
     http_req->answer_code =
         ta_http_process_request(api, &iota_service, url, http_req->request, &http_req->answer_string, options);
   }
-  response =
-      MHD_create_response_from_buffer(strlen(http_req->answer_string), http_req->answer_string, MHD_RESPMEM_MUST_COPY);
+  response = MHD_create_response_from_buffer(http_req->answer_string ? strlen(http_req->answer_string) : 0,
+                                             http_req->answer_string, MHD_RESPMEM_MUST_COPY);
   // Set response header
   MHD_add_response_header(response, MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, "*");
   if (options) {

connectivity/mqtt/duplex_callback.c

@@ -63,7 +63,8 @@ static status_t mqtt_request_handler(mosq_config_t *cfg, char *subscribe_topic,
     goto done;
   }
   iota_client_service_t iota_service;
-  ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port);
+  ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port,
+                             ta_core.iota_service.http.ca_pem);
 
   char *api_sub_topic = subscribe_topic + strlen(ta_core.ta_conf.mqtt_topic_root);
   if (api_path_matcher(api_sub_topic, "/tag/hashes") == SC_OK) {

tests/api/driver.c

@@ -48,7 +48,8 @@ void test_send_transfer(void) {
 
   for (size_t count = 0; count < TEST_COUNT; count++) {
     iota_client_service_t iota_service;
-    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port);
+    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port,
+                               ta_core.iota_service.http.ca_pem);
     test_time_start(&start_time);
     TEST_ASSERT_EQUAL_INT32(SC_OK, api_send_transfer(&ta_core, &iota_service, json, &json_result));
     test_time_end(&start_time, &end_time, &sum);
@@ -83,7 +84,8 @@ void test_send_trytes(void) {
 
   for (size_t count = 0; count < TEST_COUNT; count++) {
     iota_client_service_t iota_service;
-    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port);
+    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port,
+                               ta_core.iota_service.http.ca_pem);
     test_time_start(&start_time);
     TEST_ASSERT_EQUAL_INT32(SC_OK,
                             api_send_trytes(&ta_core.ta_conf, &ta_core.iota_conf, &iota_service, json, &json_result));
@@ -103,7 +105,8 @@ void test_find_transaction_objects(void) {
 
   for (size_t count = 0; count < TEST_COUNT; count++) {
     iota_client_service_t iota_service;
-    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port);
+    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port,
+                               ta_core.iota_service.http.ca_pem);
     test_time_start(&start_time);
     TEST_ASSERT_EQUAL_INT32(SC_OK, api_find_transaction_objects(&iota_service, json, &json_result));
     test_time_end(&start_time, &end_time, &sum);
@@ -120,7 +123,8 @@ void test_find_transactions_by_tag(void) {
   for (size_t count = 0; count < TEST_COUNT; count++) {
     test_time_start(&start_time);
     iota_client_service_t iota_service;
-    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port);
+    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port,
+                               ta_core.iota_service.http.ca_pem);
 
     TEST_ASSERT_EQUAL_INT32(SC_OK, api_find_transactions_by_tag(&iota_service, test_case.tag, &json_result));
     test_time_end(&start_time, &end_time, &sum);
@@ -136,7 +140,8 @@ void test_find_transactions_by_id(void) {
   for (size_t count = 0; count < TEST_COUNT; count++) {
     test_time_start(&start_time);
     iota_client_service_t iota_service;
-    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port);
+    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port,
+                               ta_core.iota_service.http.ca_pem);
 
     TEST_ASSERT_EQUAL_INT32(SC_OK, api_find_transactions_by_id(&iota_service, &ta_core.db_service,
                                                                identities[count].uuid_string, &json_result));
@@ -183,7 +188,8 @@ void test_find_transactions_obj_by_tag(void) {
     test_time_start(&start_time);
 
     iota_client_service_t iota_service;
-    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port);
+    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port,
+                               ta_core.iota_service.http.ca_pem);
 
     TEST_ASSERT_EQUAL_INT32(SC_OK, api_find_transactions_obj_by_tag(&iota_service, test_case.tag, &json_result));
     test_time_end(&start_time, &end_time, &sum);
@@ -214,7 +220,8 @@ void test_get_iri_status(void) {
     test_time_start(&start_time);
 
     iota_client_service_t iota_service;
-    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port);
+    ta_set_iota_client_service(&iota_service, ta_core.iota_service.http.host, ta_core.iota_service.http.port,
+                               ta_core.iota_service.http.ca_pem);
 
     TEST_ASSERT_EQUAL_INT32(SC_OK, api_get_iri_status(&iota_service, &json_result));
     test_time_end(&start_time, &end_time, &sum);

tests/api/driver_setting.py

@@ -30,7 +30,7 @@ def parse_cli_arg():
 
     logging.basicConfig(level=logging.DEBUG)
 
-    URL = f"http://{sys.argv[1]}"
+    URL = f"{sys.argv[1]}"
     TESTNET = (sys.argv[2].lower() == "testnet") or (sys.argv[2].lower() == "devnet")
     BAZEL_BUILD_CMDS = sys.argv[3]
     BAZEL_TEST_ARGS = sys.argv[4]