CTI client prototype

[AlexRuiz7]

Description

The Content Manager plugin will interact with an external web service (CTI) which exposes an HTTP REST API.

For such communication to happen, we need to design and implement a prototype of a Java HTTP client that implements the CTI API interface and understands the responses.

---
title: Content Manager - HTTP clients
---
classDiagram
    HTTPclient <|-- CTIclient
    HTTPclient <|-- CommandManagerClient

    class HTTPclient{
        <<abstract>>
        +request(method, payload, callback)
    }
    class CTIclient{
        -int apiUrl
        +getConsumerInfo()
        +getContextChanges(fromOffset: int, toOffset: int)
    }
    class CommandManagerClient{
        -int apiUrl
        +postCommand()
    }

Loading

Functional requirements

The CTI client will:

• fetch consumer information, such as its latest offset and snapshot URL.
• fetch the list of changes in a context.

Implementation restrictions

• The HTTP client is part of the Content Manager plugin.
• The URL of the CTI API must be masked (secure setting).
• Implementation of units tests.
• Implementation of error handling.

Plan

• HTTP client scaffolding.
• Fetch consumer information.
• Fetch changes in a context.
• Register of the CTI API URL as a secure string. regular setting

[f-galland]

We are going to take advantage of the code from a previous iteration of the content manager from the Wazuh Server team available here:

• https://github.com/wazuh/wazuh/tree/master/src/shared_modules/content_manager

The program uses a json object to gather its configuration, including the base URL and endpoint from the API.

The actionOrchestrator.hpp's run() method delegates handling of the request to the corresponding method:

• runOffsetUpdate()
  • Creates and triggers a new orchestration that updates the offset in the database
• runFileHashUpdate()
  • Performs a file hash update in the database with the specified hash. This comes in the json configuration
• runContentUpdate()
  • Triggers a new orchestration that updates the content.
  • If an offset download is requested and the current offset is '0', a snapshot will be downloaded with the full content to avoid downloading many offsets at once.
• runFullContentDownload()
  • Creates and triggers a new orchestration that downloads a snapshot from CTI.

[f-galland]

These methods in create a FactoryContentUpdater object and pass it the configuration.

The create() method within FactoryContentUpdater:

Creates the corresponding instances for the orchestration in charge of processing certain contents based on the config values.

It achieves this by instantiating FactoryDownloader, FactoryDecompressor, PubSubPublisher, FactoryVersionUpdater and FactoryCleaner.
These are the classes where the actual logic for handling the http requests and file management happens.