isc-projects
diff --git a/‎src/bin/agent/ca_messages.mes
Lines changed: 1 addition & 1 deletion b/‎src/bin/agent/ca_messages.mes
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/bin/agent/ca_process.cc
Lines changed: 22 additions & 5 deletions b/‎src/bin/agent/ca_process.cc
Lines changed: 22 additions & 5 deletions
diff --git a/‎src/bin/agent/tests/Makefile.am
Lines changed: 1 addition & 0 deletions b/‎src/bin/agent/tests/Makefile.am
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/bin/agent/tests/ca_controller_unittests.cc
Lines changed: 302 additions & 1 deletion b/‎src/bin/agent/tests/ca_controller_unittests.cc
Lines changed: 302 additions & 1 deletion
@@ -55,7 +55,7 @@ address and port over a TLS channel.
 
 % CTRL_AGENT_HTTP_SERVICE_REUSED reused HTTP service bound to address %1:%2
 This informational message indicates that the server has reused existing
-HTTPS service on the specified address and port.
+HTTP service on the specified address and port.
 
 % CTRL_AGENT_HTTP_SERVICE_STARTED HTTP service bound to address %1:%2
 This informational message indicates that the server has started HTTP service
 
@@ -139,14 +139,31 @@ CtrlAgentProcess::configure(isc::data::ConstElementPtr config_set,
         // Search for the specific connection and reuse the existing one if found.
         auto it = sockets_.find(std::make_pair(server_address, server_port));
         if (it != sockets_.end()) {
-            auto listener = getHttpListener();
+            auto listener = it->second->listener_;
             if (listener) {
                 // Reconfig keeping the same address and port.
                 if (listener->getTlsContext()) {
-                    LOG_INFO(agent_logger, CTRL_AGENT_HTTPS_SERVICE_REUSED)
-                        .arg(server_address.toText())
-                        .arg(server_port);
-                } else {
+                    if (ctx->getTrustAnchor().empty()) {
+                        // Can not switch from HTTPS to HTTP
+                        LOG_INFO(agent_logger, CTRL_AGENT_HTTPS_SERVICE_REUSED)
+                            .arg(server_address.toText())
+                            .arg(server_port);
+                    } else {
+                        // Apply TLS settings each time.
+                        TlsContextPtr tls_context;
+                        TlsContext::configure(tls_context,
+                                              TlsRole::SERVER,
+                                              ctx->getTrustAnchor(),
+                                              ctx->getCertFile(),
+                                              ctx->getKeyFile(),
+                                              ctx->getCertRequired());
+                        // Overwrite the authentication setup and the http headers in the response creator config.
+                        it->second->config_->setAuthConfig(ctx->getAuthConfig());
+                        it->second->config_->setHttpHeaders(ctx->getHttpHeaders());
+                        getIOService()->post([listener, tls_context]() { listener->setTlsContext(tls_context); });
+                    }
+                } else if (!ctx->getTrustAnchor().empty()) {
+                    // Can not switch from HTTP to HTTPS
                     LOG_INFO(agent_logger, CTRL_AGENT_HTTP_SERVICE_REUSED)
                         .arg(server_address.toText())
                         .arg(server_port);
 
@@ -30,6 +30,7 @@ AM_CPPFLAGS += -DTEST_DATA_BUILDDIR=\"$(abs_top_builddir)/src/bin/agent/tests\"
 AM_CPPFLAGS += -DINSTALL_PROG=\"$(abs_top_srcdir)/install-sh\"
 AM_CPPFLAGS += -DCFG_EXAMPLES=\"$(abs_top_srcdir)/doc/examples/agent\"
 AM_CPPFLAGS += -DSYNTAX_FILE=\"$(abs_srcdir)/../agent_parser.yy\"
+AM_CPPFLAGS += -DTEST_CA_DIR=\"$(abs_top_srcdir)/src/lib/asiolink/testutils/ca\"
 
 AM_CXXFLAGS = $(KEA_CXXFLAGS)
 
 
@@ -21,6 +21,7 @@
 
 #include <unistd.h>
 
+using namespace isc::asiolink;
 using namespace isc::asiolink::test;
 using namespace isc::agent;
 using namespace isc::data;
@@ -402,7 +403,7 @@ TEST_F(CtrlAgentControllerTest, unsuccessfulConfigUpdate) {
 // Tests that it is possible to update the configuration in such a way that the
 // listener configuration remains the same. The server should continue using the
 // listener instance it has been using prior to the reconfiguration.
-TEST_F(CtrlAgentControllerTest, noListenerChange) {
+TEST_F(CtrlAgentControllerTest, noListenerChangeHttp) {
     // This configuration should be used to override the initial configuration.
     const char* second_config =
         "{"
@@ -420,6 +421,8 @@ TEST_F(CtrlAgentControllerTest, noListenerChange) {
         "  }"
         "}";
 
+    const HttpListener* listener_ptr = 0;
+
     // This check callback is called before the shutdown.
     auto check_callback = [&] {
         CtrlAgentProcessPtr process = getCtrlAgentProcess();
@@ -428,6 +431,8 @@ TEST_F(CtrlAgentControllerTest, noListenerChange) {
         // Check that the HTTP listener still exists after reconfiguration.
         ConstHttpListenerPtr listener = process->getHttpListener();
         ASSERT_TRUE(listener);
+        ASSERT_EQ(listener_ptr, listener.get());
+        ASSERT_FALSE(listener->getTlsContext());
         EXPECT_TRUE(process->isListening());
 
         EXPECT_EQ("127.0.0.1", listener->getLocalAddress().toText());
@@ -439,6 +444,202 @@ TEST_F(CtrlAgentControllerTest, noListenerChange) {
     // Schedule SIGHUP signal to trigger reconfiguration.
     TimedSignal sighup(getIOService(), SIGHUP, 200);
 
+    IntervalTimer timer(getIOService());
+    timer.setup([&] {
+        CtrlAgentProcessPtr process = getCtrlAgentProcess();
+        ASSERT_TRUE(process);
+        ConstHttpListenerPtr listener = process->getHttpListener();
+        ASSERT_TRUE(listener);
+        listener_ptr = listener.get();
+        ASSERT_FALSE(listener->getTlsContext());
+    }, 50, IntervalTimer::ONE_SHOT);
+
+    // Start the server.
+    time_duration elapsed_time;
+    runWithConfig(valid_agent_config, 500,
+                  static_cast<const TestCallback&>(check_callback),
+                  elapsed_time);
+
+    CtrlAgentCfgContextPtr ctx = getCtrlAgentCfgContext();
+    ASSERT_TRUE(ctx);
+
+    // The server should use a correct listener configuration.
+    EXPECT_EQ("127.0.0.1", ctx->getHttpHost());
+    EXPECT_EQ(8081, ctx->getHttpPort());
+
+    // The forwarding configuration should have been updated.
+    testUnixSocketInfo("dhcp4", "/second/dhcp4/socket");
+    testUnixSocketInfo("dhcp6", "/second/dhcp6/socket");
+
+    CtrlAgentProcessPtr process = getCtrlAgentProcess();
+    ASSERT_TRUE(process);
+    ConstHttpListenerPtr listener = process->getHttpListener();
+    ASSERT_FALSE(listener);
+    EXPECT_FALSE(process->isListening());
+}
+
+// Tests that it is possible to update the configuration in such a way that the
+// listener configuration remains the same. The server should continue using the
+// listener instance it has been using prior to the reconfiguration.
+TEST_F(CtrlAgentControllerTest, noListenerChangeHttps) {
+    // This configuration should be used to override the initial configuration.
+    string ca_dir(string(TEST_CA_DIR));
+    ostringstream agent_st;
+    agent_st << "{"
+             << "  \"http-host\": \"127.0.0.1\","
+             << "  \"http-port\": 8081,"
+             << "  \"trust-anchor\": \"" << ca_dir << "/kea-ca.crt\", \n"
+             << "  \"cert-file\": \"" << ca_dir << "/kea-server.crt\", \n"
+             << "  \"key-file\": \"" << ca_dir << "/kea-server.key\", \n"
+             << "  \"control-sockets\": {"
+             << "    \"dhcp4\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/first/dhcp4/socket\""
+             << "    },"
+             << "    \"dhcp6\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/first/dhcp6/socket\""
+             << "    }"
+             << "  }"
+             << "}";
+
+    ostringstream second_config_st;
+    second_config_st << "{"
+             << "  \"http-host\": \"127.0.0.1\","
+             << "  \"http-port\": 8081,"
+             << "  \"trust-anchor\": \"" << ca_dir << "/kea-ca.crt\", \n"
+             << "  \"cert-file\": \"" << ca_dir << "/kea-server.crt\", \n"
+             << "  \"key-file\": \"" << ca_dir << "/kea-server.key\", \n"
+             << "  \"control-sockets\": {"
+             << "    \"dhcp4\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/second/dhcp4/socket\""
+             << "    },"
+             << "    \"dhcp6\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/second/dhcp6/socket\""
+             << "    }"
+             << "  }"
+             << "}";
+
+    const HttpListener* listener_ptr = 0;
+    TlsContext* context = 0;
+
+    // This check callback is called before the shutdown.
+    auto check_callback = [&] {
+        CtrlAgentProcessPtr process = getCtrlAgentProcess();
+        ASSERT_TRUE(process);
+
+        // Check that the HTTP listener still exists after reconfiguration.
+        ConstHttpListenerPtr listener = process->getHttpListener();
+        ASSERT_TRUE(listener);
+        ASSERT_EQ(listener_ptr, listener.get());
+        ASSERT_TRUE(listener->getTlsContext());
+        // The TLS settings have been applied
+        ASSERT_NE(context, listener->getTlsContext().get());
+        EXPECT_TRUE(process->isListening());
+
+        EXPECT_EQ("127.0.0.1", listener->getLocalAddress().toText());
+        EXPECT_EQ(8081, listener->getLocalPort());
+    };
+
+    // Schedule reconfiguration.
+    scheduleTimedWrite(second_config_st.str(), 100);
+    // Schedule SIGHUP signal to trigger reconfiguration.
+    TimedSignal sighup(getIOService(), SIGHUP, 200);
+
+    IntervalTimer timer(getIOService());
+    timer.setup([&] {
+        CtrlAgentProcessPtr process = getCtrlAgentProcess();
+        ASSERT_TRUE(process);
+        ConstHttpListenerPtr listener = process->getHttpListener();
+        ASSERT_TRUE(listener);
+        listener_ptr = listener.get();
+        ASSERT_TRUE(listener->getTlsContext());
+        context = listener->getTlsContext().get();
+    }, 50, IntervalTimer::ONE_SHOT);
+
+    // Start the server.
+    time_duration elapsed_time;
+    runWithConfig(agent_st.str(), 500,
+                  static_cast<const TestCallback&>(check_callback),
+                  elapsed_time);
+
+    CtrlAgentCfgContextPtr ctx = getCtrlAgentCfgContext();
+    ASSERT_TRUE(ctx);
+
+    // The server should use a correct listener configuration.
+    EXPECT_EQ("127.0.0.1", ctx->getHttpHost());
+    EXPECT_EQ(8081, ctx->getHttpPort());
+
+    // The forwarding configuration should have been updated.
+    testUnixSocketInfo("dhcp4", "/second/dhcp4/socket");
+    testUnixSocketInfo("dhcp6", "/second/dhcp6/socket");
+
+    CtrlAgentProcessPtr process = getCtrlAgentProcess();
+    ASSERT_TRUE(process);
+    ConstHttpListenerPtr listener = process->getHttpListener();
+    ASSERT_FALSE(listener);
+    EXPECT_FALSE(process->isListening());
+}
+
+// Verify that the reload will reuse listener
+TEST_F(CtrlAgentControllerTest, ignoreHttpToHttpsSwitch) {
+    string ca_dir(string(TEST_CA_DIR));
+
+    // This configuration should be used to override the initial configuration.
+    ostringstream second_config_st;
+    second_config_st << "{"
+             << "  \"http-host\": \"127.0.0.1\","
+             << "  \"http-port\": 8081,"
+             << "  \"trust-anchor\": \"" << ca_dir << "/kea-ca.crt\", \n"
+             << "  \"cert-file\": \"" << ca_dir << "/kea-server.crt\", \n"
+             << "  \"key-file\": \"" << ca_dir << "/kea-server.key\", \n"
+             << "  \"control-sockets\": {"
+             << "    \"dhcp4\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/second/dhcp4/socket\""
+             << "    },"
+             << "    \"dhcp6\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/second/dhcp6/socket\""
+             << "    }"
+             << "  }"
+             << "}";
+
+    const HttpListener* listener_ptr = 0;
+
+    // This check callback is called before the shutdown.
+    auto check_callback = [&] {
+        CtrlAgentProcessPtr process = getCtrlAgentProcess();
+        ASSERT_TRUE(process);
+
+        // Check that the HTTP listener still exists after reconfiguration.
+        ConstHttpListenerPtr listener = process->getHttpListener();
+        ASSERT_TRUE(listener);
+        ASSERT_EQ(listener_ptr, listener.get());
+        ASSERT_FALSE(listener->getTlsContext());
+        EXPECT_TRUE(process->isListening());
+
+        EXPECT_EQ("127.0.0.1", listener->getLocalAddress().toText());
+        EXPECT_EQ(8081, listener->getLocalPort());
+    };
+
+    // Schedule reconfiguration.
+    scheduleTimedWrite(second_config_st.str(), 100);
+    // Schedule SIGHUP signal to trigger reconfiguration.
+    TimedSignal sighup(getIOService(), SIGHUP, 200);
+
+    IntervalTimer timer(getIOService());
+    timer.setup([&] {
+        CtrlAgentProcessPtr process = getCtrlAgentProcess();
+        ASSERT_TRUE(process);
+        ConstHttpListenerPtr listener = process->getHttpListener();
+        ASSERT_TRUE(listener);
+        listener_ptr = listener.get();
+        ASSERT_FALSE(listener->getTlsContext());
+    }, 50, IntervalTimer::ONE_SHOT);
+
     // Start the server.
     time_duration elapsed_time;
     runWithConfig(valid_agent_config, 500,
@@ -463,6 +664,106 @@ TEST_F(CtrlAgentControllerTest, noListenerChange) {
     EXPECT_FALSE(process->isListening());
 }
 
+// Verify that the reload will reuse listener
+TEST_F(CtrlAgentControllerTest, ignoreHttpsToHttpSwitch) {
+    string ca_dir(string(TEST_CA_DIR));
+    ostringstream agent_st;
+    agent_st << "{"
+             << "  \"http-host\": \"127.0.0.1\","
+             << "  \"http-port\": 8081,"
+             << "  \"trust-anchor\": \"" << ca_dir << "/kea-ca.crt\", \n"
+             << "  \"cert-file\": \"" << ca_dir << "/kea-server.crt\", \n"
+             << "  \"key-file\": \"" << ca_dir << "/kea-server.key\", \n"
+             << "  \"control-sockets\": {"
+             << "    \"dhcp4\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/first/dhcp4/socket\""
+             << "    },"
+             << "    \"dhcp6\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/first/dhcp6/socket\""
+             << "    }"
+             << "  }"
+             << "}";
+
+    // This configuration should be used to override the initial configuration.
+    ostringstream second_config_st;
+    second_config_st << "{"
+             << "  \"http-host\": \"127.0.0.1\","
+             << "  \"http-port\": 8081,"
+             << "  \"control-sockets\": {"
+             << "    \"dhcp4\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/second/dhcp4/socket\""
+             << "    },"
+             << "    \"dhcp6\": {"
+             << "      \"socket-type\": \"unix\","
+             << "      \"socket-name\": \"/second/dhcp6/socket\""
+             << "    }"
+             << "  }"
+             << "}";
+
+    const HttpListener* listener_ptr = 0;
+    TlsContext* context = 0;
+
+    // This check callback is called before the shutdown.
+    auto check_callback = [&] {
+        CtrlAgentProcessPtr process = getCtrlAgentProcess();
+        ASSERT_TRUE(process);
+
+        // Check that the HTTP listener still exists after reconfiguration.
+        ConstHttpListenerPtr listener = process->getHttpListener();
+        ASSERT_TRUE(listener);
+        ASSERT_EQ(listener_ptr, listener.get());
+        ASSERT_TRUE(listener->getTlsContext());
+        // The TLS settings have not changed
+        ASSERT_EQ(context, listener->getTlsContext().get());
+        EXPECT_TRUE(process->isListening());
+
+        EXPECT_EQ("127.0.0.1", listener->getLocalAddress().toText());
+        EXPECT_EQ(8081, listener->getLocalPort());
+    };
+
+    // Schedule reconfiguration.
+    scheduleTimedWrite(second_config_st.str(), 100);
+    // Schedule SIGHUP signal to trigger reconfiguration.
+    TimedSignal sighup(getIOService(), SIGHUP, 200);
+
+    IntervalTimer timer(getIOService());
+    timer.setup([&] {
+        CtrlAgentProcessPtr process = getCtrlAgentProcess();
+        ASSERT_TRUE(process);
+        ConstHttpListenerPtr listener = process->getHttpListener();
+        ASSERT_TRUE(listener);
+        listener_ptr = listener.get();
+        ASSERT_TRUE(listener->getTlsContext());
+        context = listener->getTlsContext().get();
+    }, 50, IntervalTimer::ONE_SHOT);
+
+    // Start the server.
+    time_duration elapsed_time;
+    runWithConfig(agent_st.str(), 500,
+                  static_cast<const TestCallback&>(check_callback),
+                  elapsed_time);
+
+    CtrlAgentCfgContextPtr ctx = getCtrlAgentCfgContext();
+    ASSERT_TRUE(ctx);
+
+    // The server should use a correct listener configuration.
+    EXPECT_EQ("127.0.0.1", ctx->getHttpHost());
+    EXPECT_EQ(8081, ctx->getHttpPort());
+
+    // The forwarding configuration should have been updated.
+    testUnixSocketInfo("dhcp4", "/second/dhcp4/socket");
+    testUnixSocketInfo("dhcp6", "/second/dhcp6/socket");
+
+    CtrlAgentProcessPtr process = getCtrlAgentProcess();
+    ASSERT_TRUE(process);
+    ConstHttpListenerPtr listener = process->getHttpListener();
+    ASSERT_FALSE(listener);
+    EXPECT_FALSE(process->isListening());
+}
+
 // Tests that registerCommands actually registers anything.
 TEST_F(CtrlAgentControllerTest, registeredCommands) {
     ASSERT_NO_THROW(initProcess());