Implement mTLS authentication between client and server

client/config.vapi

@@ -0,0 +1,4 @@
+[CCode (cheader_filename = "config.h")]
+namespace Config {
+    public const string CERT_DIR;
+}

client/main.vala

@@ -1,29 +1,41 @@
 using Gtk;
 
 public class Connection {
-	private InetSocketAddress host;
 	public signal void response_received(uint8[] response);
 
-	public Connection() {
+	private TlsClientConnection tls_client;
+
+	public Connection() throws Error {
 		var loopback = new InetAddress.loopback(SocketFamily.IPV6);
-		host = new InetSocketAddress(loopback, 12888);
+		var host = new InetSocketAddress(loopback, 12888);
+
+		var db_type = TlsBackend.get_default().get_file_database_type();
+		const string ca_path = Config.CERT_DIR + "/ca.pem";
+		var db = Object.new(db_type, "anchors", ca_path) as TlsDatabase;
+		var cert =
+			new TlsCertificate.from_file(Config.CERT_DIR + "/client.pem");
+
+		var plain_client = new SocketClient();
+		var plain_connection = plain_client.connect(host);
+		tls_client = TlsClientConnection.new(plain_connection, host);
+
+		tls_client.set_database(db);
+		tls_client.set_certificate(cert);
+		tls_client.handshake();
 	}
 
 	public async void send(uint8[] message) throws Error {
-		var client = new SocketClient();
-		var conn = yield client.connect_async(host);
-		yield conn.output_stream.write_async(message);
-
+		yield tls_client.output_stream.write_async(message);
 		var response = new uint8[1024];
-		var len = yield conn.input_stream.read_async(response);
+		var len = yield tls_client.input_stream.read_async(response);
 		response_received(response[0:len]);
 	}
 }
 
 public class MainWindow : Gtk.ApplicationWindow {
 	private Connection connection;
+	private Gtk.Button send_button;
 	private Gtk.Label response_label;
-	private Gtk.Button connect_button;
 
 	public MainWindow(Gtk.Application app, Connection connection) {
 		Object(application: app);
@@ -35,7 +47,7 @@ public class MainWindow : Gtk.ApplicationWindow {
 		this.connection = connection;
 		connection.response_received.connect((response) => {
 				response_label.label = "Response: " + (string)response;
-		});
+			});
 
 		var box = new Gtk.Box(Gtk.Orientation.VERTICAL, 10);
 		box.margin_start = 10;
@@ -43,22 +55,22 @@ public class MainWindow : Gtk.ApplicationWindow {
 		box.margin_top = 10;
 		box.margin_bottom = 10;
 
-		connect_button = new Gtk.Button.with_label("Foo");
-		connect_button.clicked.connect(on_connect_clicked);
-		box.append(connect_button);
+		send_button = new Gtk.Button.with_label("Send");
+		send_button.clicked.connect(on_send_clicked);
+		box.append(send_button);
 
 		response_label = new Gtk.Label("");
 		response_label.wrap = true;
 		box.append(response_label);
 
 		set_child(box);
-						  
+
 		present();
 	}
 
-	private async void on_connect_clicked() {
+	private async void on_send_clicked() {
 		try {
-			yield connection.send("Bar".data);
+			yield connection.send("Foo".data);
 		} catch (Error e) {
 			response_label.label = "Error: " + e.message;
 		}
@@ -71,8 +83,13 @@ public class StudySystemClient : Gtk.Application {
 	}
 
 	protected override void activate() {
-		var connection = new Connection();
-		new MainWindow(this, connection);
+		try {
+			var connection = new Connection();
+			new MainWindow(this, connection);
+		} catch (Error e) {
+			stderr.printf("Failed to initialize connection: %s\n",
+						  e.message);
+		}
 	}
 
 	public static int main(string[] args) {

client/meson.build

@@ -10,9 +10,21 @@ add_project_arguments('-w', language: 'c')
 
 gtk_dep = dependency('gtk4')
 
+conf = configuration_data()
+conf.set_quoted(
+  'CONFIG_CERT_DIR',
+  join_paths(meson.project_source_root(), '..', 'test'))
+configure_file(
+  output: 'config.h',
+  configuration: conf
+)
+
 exe = executable(
   'study-system-client',
-  'main.vala',
+  [
+    'main.vala',
+    'config.vapi'
+  ],
   dependencies: [gtk_dep],
   c_args: ['-w']
 )