input: Load CertStore with a user-defined store name

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>

Author: cosmo0920

include/fluent-bit/flb_input.h

@@ -448,6 +448,10 @@ struct flb_input_instance {
     char *tls_min_version;               /* Minimum protocol version of TLS */
     char *tls_max_version;               /* Maximum protocol version of TLS */
     char *tls_ciphers;                   /* TLS ciphers */
+#if defined(FLB_SYSTEM_WINDOWS)
+    char *tls_win_certstore_name;            /* CertStore Name (Windows) */
+    int tls_win_use_enterprise_certstore;    /* Use enmterprise CertStore */
+#endif
 
     struct mk_list *tls_config_map;
 

src/flb_input.c

@@ -123,6 +123,16 @@ struct flb_config_map input_global_properties[] = {
         0, FLB_FALSE, 0,
         "Enable threading on an input"
     },
+    {
+        FLB_CONFIG_MAP_STR, "tls.windows.certstore_name", NULL,
+        0, FLB_FALSE, 0,
+        "Sets the certstore name on an input (Windows)"
+    },
+    {
+        FLB_CONFIG_MAP_STR, "tls.windows.use_enterprise_store", NULL,
+        0, FLB_FALSE, 0,
+        "Sets whether using enterprise certstore or not on an input (Windows)"
+    },
 
     {0}
 };
@@ -391,6 +401,10 @@ struct flb_input_instance *flb_input_new(struct flb_config *config,
         instance->tls_crt_file          = NULL;
         instance->tls_key_file          = NULL;
         instance->tls_key_passwd        = NULL;
+# if defined(FLB_SYSTEM_WINDOWS)
+        instance->tls_win_certstore_name = NULL;
+        instance->tls_win_use_enterprise_certstore = FLB_FALSE;
+# endif
 #endif
 
         /* Plugin requires a co-routine context ? */
@@ -668,6 +682,15 @@ int flb_input_set_property(struct flb_input_instance *ins,
     else if (prop_key_check("tls.ciphers", k, len) == 0) {
         flb_utils_set_plugin_string_property("tls.ciphers", &ins->tls_ciphers, tmp);
     }
+# if defined(FLB_SYSTEM_WINDOWS)
+    else if (prop_key_check("tls.windows.certstore_name", k, len) == 0 && tmp) {
+        flb_utils_set_plugin_string_property("tls.windows.certstore_name", &ins->tls_win_certstore_name, tmp);
+    }
+    else if (prop_key_check("tls.windows.use_enterprise_store", k, len) == 0 && tmp) {
+        ins->tls_win_use_enterprise_certstore = flb_utils_bool(tmp);
+        flb_sds_destroy(tmp);
+    }
+# endif
 #endif
     else if (prop_key_check("storage.type", k, len) == 0 && tmp) {
         /* Set the storage type */
@@ -826,6 +849,12 @@ void flb_input_instance_destroy(struct flb_input_instance *ins)
         flb_sds_destroy(ins->tls_ciphers);
     }
 
+#if defined(FLB_SYSTEM_WINDOWS)
+    if (ins->tls_win_certstore_name) {
+        flb_sds_destroy(ins->tls_win_certstore_name);
+    }
+#endif
+
     /* release the tag if any */
     flb_sds_destroy(ins->tag);
 
@@ -1260,6 +1289,36 @@ int flb_input_instance_init(struct flb_input_instance *ins,
                 return -1;
             }
         }
+
+#if defined (FLB_SYSTEM_WINDOWS)
+        if (ins->tls_win_use_enterprise_certstore) {
+            ret = flb_tls_set_certstore_name(ins->tls, ins->tls_win_use_enterprise_certstore);
+            if (ret == -1) {
+                flb_error("[input %s] error set up to use enterprise certstore in TLS context",
+                          ins->name);
+
+                return -1;
+            }
+        }
+
+        if (ins->tls_win_certstore_name) {
+            ret = flb_tls_set_certstore_name(ins->tls, ins->tls_win_certstore_name);
+            if (ret == -1) {
+                flb_error("[input %s] error specify certstore name in TLS context",
+                          ins->name);
+
+                return -1;
+            }
+
+            ret = flb_tls_load_system_certificates(ins->tls);
+            if (ret == -1) {
+                flb_error("[input %s] error set up to load certstore with a user-defined name in TLS context",
+                          ins->name);
+
+                return -1;
+            }
+        }
+#endif
     }
 
     struct flb_config_map *m;