feat: support client certificate authentication (related #363)

crates/openconnect/src/ffi/mod.rs

@@ -14,6 +14,8 @@ pub(crate) struct ConnectOptions {
   pub script: *const c_char,
   pub os: *const c_char,
   pub certificate: *const c_char,
+  pub sslkey: *const c_char,
+  pub key_password: *const c_char,
   pub servercert: *const c_char,
 
   pub csd_uid: u32,

crates/openconnect/src/ffi/vpn.c

@@ -63,6 +63,8 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
     INFO("OS: %s", options->os);
     INFO("CSD_USER: %d", options->csd_uid);
     INFO("CSD_WRAPPER: %s", options->csd_wrapper);
+    INFO("CERTIFICATE: %s", options->certificate);
+    INFO("SSLKEY: %s", options->sslkey);
     INFO("RECONNECT_TIMEOUT: %d", options->reconnect_timeout);
     INFO("MTU: %d", options->mtu);
     INFO("DISABLE_IPV6: %d", options->disable_ipv6);
@@ -80,6 +82,11 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
     openconnect_set_protocol(vpninfo, "gp");
     openconnect_set_hostname(vpninfo, options->server);
     openconnect_set_cookie(vpninfo, options->cookie);
+    openconnect_set_client_cert(vpninfo, options->certificate, options->sslkey);
+
+    if (options->key_password) {
+      openconnect_set_key_password(vpninfo, options->key_password);
+    }
 
     if (options->os) {
         openconnect_set_reported_os(vpninfo, options->os);

crates/openconnect/src/ffi/vpn.h

@@ -15,6 +15,8 @@ typedef struct vpn_options
     const char *script;
     const char *os;
     const char *certificate;
+    const char *sslkey;
+    const char *key_password;
     const char *servercert;
 
     const uid_t csd_uid;

crates/openconnect/src/vpn.rs

@@ -18,6 +18,8 @@ pub struct Vpn {
   script: CString,
   os: CString,
   certificate: Option<CString>,
+  sslkey: Option<CString>,
+  key_password: Option<CString>,
   servercert: Option<CString>,
 
   csd_uid: u32,
@@ -63,7 +65,10 @@ impl Vpn {
       user_agent: self.user_agent.as_ptr(),
       script: self.script.as_ptr(),
       os: self.os.as_ptr(),
+
       certificate: Self::option_to_ptr(&self.certificate),
+      sslkey: Self::option_to_ptr(&self.sslkey),
+      key_password: Self::option_to_ptr(&self.key_password),
       servercert: Self::option_to_ptr(&self.servercert),
 
       csd_uid: self.csd_uid,
@@ -110,6 +115,10 @@ pub struct VpnBuilder {
   user_agent: Option<String>,
   os: Option<String>,
 
+  certificate: Option<String>,
+  sslkey: Option<String>,
+  key_password: Option<String>,
+
   csd_uid: u32,
   csd_wrapper: Option<String>,
 
@@ -128,6 +137,10 @@ impl VpnBuilder {
       user_agent: None,
       os: None,
 
+      certificate: None,
+      sslkey: None,
+      key_password: None,
+
       csd_uid: 0,
       csd_wrapper: None,
 
@@ -152,6 +165,21 @@ impl VpnBuilder {
     self
   }
 
+  pub fn certificate<T: Into<Option<String>>>(mut self, certificate: T) -> Self {
+    self.certificate = certificate.into();
+    self
+  }
+
+  pub fn sslkey<T: Into<Option<String>>>(mut self, sslkey: T) -> Self {
+    self.sslkey = sslkey.into();
+    self
+  }
+
+  pub fn key_password<T: Into<Option<String>>>(mut self, key_password: T) -> Self {
+    self.key_password = key_password.into();
+    self
+  }
+
   pub fn csd_uid(mut self, csd_uid: u32) -> Self {
     self.csd_uid = csd_uid;
     self
@@ -199,7 +227,10 @@ impl VpnBuilder {
       user_agent: Self::to_cstring(&user_agent),
       script: Self::to_cstring(&script),
       os: Self::to_cstring(&os),
-      certificate: None,
+
+      certificate: self.certificate.as_deref().map(Self::to_cstring),
+      sslkey: self.sslkey.as_deref().map(Self::to_cstring),
+      key_password: self.key_password.as_deref().map(Self::to_cstring),
       servercert: None,
 
       csd_uid: self.csd_uid,