From 3eadcfc5628ca6027222f4b2799ffed4a951c883 Mon Sep 17 00:00:00 2001
From: Juan Jose Nicola <juan.nicola@greenbone.net>
Date: Mon, 18 Dec 2023 14:01:12 +0100
Subject: [PATCH] Support authenticated connection to MQTT broker If
 notus-scanner options --mqtt-broker-user and `--mqtt-broker-password are
 given (or configured in the notus-scanner.toml configuration file), the
 connection will be authenticated. For this to work, MQTT broker must be
 configured with valid user and pass. This is disable per default.

SC-917
---
 notus/scanner/cli/parser.py | 19 +++++++++++++++++++
 notus/scanner/config.py     | 10 ++++++++++
 notus/scanner/daemon.py     |  7 +++++++
 3 files changed, 36 insertions(+)

diff --git a/notus/scanner/cli/parser.py b/notus/scanner/cli/parser.py
index 7de99f6..4345290 100644
--- a/notus/scanner/cli/parser.py
+++ b/notus/scanner/cli/parser.py
@@ -112,6 +112,25 @@ def __init__(self) -> None:
             type=int,
             help="Port of the MQTT broker. (default: %(default)s)",
         )
+        parser.add_argument(
+            "--mqtt-broker-username",
+            default=None,
+            type=str,
+            help=(
+                "Username to connect to MQTT broker for MQTT communication."
+                "Default %(default)s"
+            ),
+        )
+        parser.add_argument(
+            "--mqtt-broker-password",
+            default=None,
+            type=str,
+            help=(
+                "PASSWORD to connect to MQTT broker for MQTT communication."
+                "Default %(default)s"
+            ),
+        )
+
         parser.add_argument(
             "--disable-hashsum-verification",
             type=bool,
diff --git a/notus/scanner/config.py b/notus/scanner/config.py
index 8008844..32d52ad 100644
--- a/notus/scanner/config.py
+++ b/notus/scanner/config.py
@@ -41,6 +41,16 @@
         "NOTUS_SCANNER_MQTT_BROKER_ADDRESS",
         DEFAULT_MQTT_BROKER_ADDRESS,
     ),
+    (
+        "mqtt-broker-username",
+        "NOTUS_SCANNER_MQTT_BROKER_USERNAME",
+        None,
+    ),
+    (
+        "mqtt-broker-password",
+        "NOTUS_SCANNER_MQTT_BROKER_PASSWORD",
+        None,
+    ),
     (
         "mqtt-broker-port",
         "NOTUS_SCANNER_MQTT_BROKER_PORT",
diff --git a/notus/scanner/daemon.py b/notus/scanner/daemon.py
index d86f84b..02979c8 100644
--- a/notus/scanner/daemon.py
+++ b/notus/scanner/daemon.py
@@ -63,6 +63,8 @@ def on_hash_sum_verification_failure(
 def run_daemon(
     mqtt_broker_address: str,
     mqtt_broker_port: int,
+    mqtt_broker_username: str,
+    mqtt_broker_password: str,
     products_directory_path: Path,
     disable_hashsum_verification: bool,
 ):
@@ -87,6 +89,9 @@ def run_daemon(
         mqtt_broker_address=mqtt_broker_address,
         mqtt_broker_port=mqtt_broker_port,
     )
+    if mqtt_broker_username and mqtt_broker_password:
+        client.username_pw_set(mqtt_broker_username, mqtt_broker_password)
+
     daemon: MQTTDaemon
     try:
         daemon = MQTTDaemon(client)
@@ -130,6 +135,8 @@ def main():
     run_daemon(
         args.mqtt_broker_address,
         args.mqtt_broker_port,
+        args.mqtt_broker_username,
+        args.mqtt_broker_password,
         args.products_directory,
         args.disable_hashsum_verification,
     )