Implement cookie per node, update lager+SSL config

- Implement cookie per node support including external cookie lookup - Update SSL configuration - Fix various issues
priestjim · Dec 21, 2018 · 9798c60 · 9798c60
1 parent 769dff1
commit 9798c60
Show file tree

Hide file tree

Showing 18 changed files with 202 additions and 144 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,9 @@ Below is a non-exhaustive list of changes between `gen_rpc` versions.
 - Deprecate support for Erlang < 21.0
 - Support monitoring nodes
 - Support EC SSL certificates
+- Support cookie per node configuration
+- Support external cookie validation mechanism
+- Support keepalive gen_server that actively keeps a client connection alive
 
 ## 2.1.0
 

diff --git a/TODO.md b/TODO.md
@@ -2,4 +2,4 @@
 
 This is a list of pending features or code technical debt for `gen_rpc`:
 
-N/A
+- Alternative Distribution Driver that transparently uses gen_rpc
diff --git a/priv/ec_ssl/ca.cert.pem b/priv/ec_ssl/ca.cert.pem
@@ -1,14 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIICOjCCAd+gAwIBAgIDALcKMAoGCCqGSM49BAMCMHQxCzAJBgNVBAYTAlVTMRMw
-EQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRAwDgYD
-VQQKDAdnZW5fcnBjMSYwJAYDVQQDDB1nZW5fcnBjIENlcnRpZmljYXRlIEF1dGhv
-cml0eTAeFw0xODEyMjEyMzA2MjBaFw0zODEyMTYyMzA2MjBaMHQxCzAJBgNVBAYT
-AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
-MRAwDgYDVQQKDAdnZW5fcnBjMSYwJAYDVQQDDB1nZW5fcnBjIENlcnRpZmljYXRl
-IEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEW4KqioyN4DIk33
-CpzgoQK+mg4zyKnWicN1aLG84ky0wHVWESdnIdK2wi3vo0/LHyiA0zCskShGMsPY
-XdDM2qOjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQW
-BBSTq10vS6KeXFyubf7hcis6BSDtfTAfBgNVHSMEGDAWgBSTq10vS6KeXFyubf7h
-cis6BSDtfTAKBggqhkjOPQQDAgNJADBGAiEAl/QdCTV1Bxt7HrYNAcjjCvD2rfca
-7FstJoeyKrMQisMCIQDajEboxeZfdFKqp9/RxFS6kZ3uZ5HXyBMDLSX6l1jbzw==
+MIICOTCCAd6gAwIBAgICMwwwCgYIKoZIzj0EAwIwdDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNV
+BAoMB2dlbl9ycGMxJjAkBgNVBAMMHWdlbl9ycGMgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MB4XDTE4MTIyMTIzMTUwNVoXDTM4MTIxNjIzMTUwNVowdDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x
+EDAOBgNVBAoMB2dlbl9ycGMxJjAkBgNVBAMMHWdlbl9ycGMgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpZT2IwQ8QcG0BMeY
+9OyzZN6lcTsNFpXv3dhEAsug8zhY5uUz1GVRWDFAtjrlFQ7mOERQHUlFiFXqRoYm
+2c/BTKNgMF4wDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYE
+FAF6LCa2P8J2MNb33CWg82MCfAgNMB8GA1UdIwQYMBaAFAF6LCa2P8J2MNb33CWg
+82MCfAgNMAoGCCqGSM49BAMCA0kAMEYCIQDGq0LtZ2O7ks0m+wc3a7qJN8WCyeAz
+vK8tGQOKLzTlSQIhAIMJcudk09EZt7cqtQUt5Fc6U8P9OsEPXe8WGginL/FU
 -----END CERTIFICATE-----
diff --git a/priv/ec_ssl/[email protected] b/priv/ec_ssl/[email protected]
@@ -1,16 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICczCCAhmgAwIBAgICfVowCgYIKoZIzj0EAwIwdDELMAkGA1UEBhMCVVMxEzAR
-BgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNV
-BAoMB2dlbl9ycGMxJjAkBgNVBAMMHWdlbl9ycGMgQ2VydGlmaWNhdGUgQXV0aG9y
-aXR5MB4XDTE4MTIyMTIzMDY1NloXDTM4MTIxNjIzMDY1NlowbzELMAkGA1UEBhMC
-VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x
-EDAOBgNVBAoMB2dlbl9ycGMxITAfBgNVBAMMGGdlbl9ycGNfbWFzdGVyQDEyNy4w
-LjAuMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGqGMcueq46aofqZXe74Wfll
-oUQ3+PrkbTzlZSghR3uO6fGbjrCqy//7LH8kpJMEd7xJiQkm1eoS5fNv0LUeyWCj
-gZ8wgZwwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMCMGA1UdEQQcMBqCGGdlbl9ycGNfbWFzdGVyQDEyNy4wLjAu
-MTAdBgNVHQ4EFgQUQ62gnNWgC+ZY8dO/852yG+V5YnYwHwYDVR0jBBgwFoAUk6td
-L0uinlxcrm3+4XIrOgUg7X0wCgYIKoZIzj0EAwIDSAAwRQIgDk6V1oViPdnPhPPc
-bngl0QM01yss89jc7Bhr9BykKtQCIQDbvTZGhh/Z7MzzUAZ99eirsmaX/4bG+WlJ
-8xSzgANbbg==
+MIICTTCCAfOgAwIBAgIDAI7gMAoGCCqGSM49BAMCMHQxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRAwDgYD
+VQQKDAdnZW5fcnBjMSYwJAYDVQQDDB1nZW5fcnBjIENlcnRpZmljYXRlIEF1dGhv
+cml0eTAeFw0xODEyMjEyMzE1MzNaFw0zODEyMTYyMzE1MzNaMG8xCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
+MRAwDgYDVQQKDAdnZW5fcnBjMSEwHwYDVQQDDBhnZW5fcnBjX21hc3RlckAxMjcu
+MC4wLjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASXE5wPPspbIS4IHn7xs3JJ
+hqqVtS710Ys9q2eNzKSkFJ9Av0mXKwhw8gsYbCyCZtEw89QV1Yzg2f8MARzfU6nG
+o3kwdzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwHQYDVR0OBBYEFB6s40nETDtvzmXuxeatcNdjTisVMB8GA1Ud
+IwQYMBaAFAF6LCa2P8J2MNb33CWg82MCfAgNMAoGCCqGSM49BAMCA0gAMEUCIHHt
+aCD+Ihp/ATDdapFL5fbYJPAI0Ah0bFdul5ip4ekQAiEA11BZwECTDQo1/I/58kQi
+E8y9hyoxh8FD/SzimQ7qZHY=
 -----END CERTIFICATE-----
diff --git a/priv/ec_ssl/[email protected] b/priv/ec_ssl/[email protected]
@@ -2,7 +2,7 @@
 BggqhkjOPQMBBw==
 -----END EC PARAMETERS-----
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIF4x8cU8IXkvLX2AsqSkAyW1QyvPwc0QajMe/p26tdKVoAoGCCqGSM49
-AwEHoUQDQgAEaoYxy56rjpqh+pld7vhZ+WWhRDf4+uRtPOVlKCFHe47p8ZuOsKrL
-//ssfySkkwR3vEmJCSbV6hLl82/QtR7JYA==
+MHcCAQEEIKegvLV7VLEr7dOKdsilVH06/edAt9Mcc+k3raAOtIM1oAoGCCqGSM49
+AwEHoUQDQgAElxOcDz7KWyEuCB5+8bNySYaqlbUu9dGLPatnjcykpBSfQL9JlysI
+cPILGGwsgmbRMPPUFdWM4Nn/DAEc31Opxg==
 -----END EC PRIVATE KEY-----
diff --git a/priv/ec_ssl/[email protected] b/priv/ec_ssl/[email protected]
@@ -1,16 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICcTCCAhegAwIBAgICUk4wCgYIKoZIzj0EAwIwdDELMAkGA1UEBhMCVVMxEzAR
-BgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNV
-BAoMB2dlbl9ycGMxJjAkBgNVBAMMHWdlbl9ycGMgQ2VydGlmaWNhdGUgQXV0aG9y
-aXR5MB4XDTE4MTIyMTIzMDcyMVoXDTM4MTIxNjIzMDcyMVowbjELMAkGA1UEBhMC
-VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x
-EDAOBgNVBAoMB2dlbl9ycGMxIDAeBgNVBAMMF2dlbl9ycGNfc2xhdmVAMTI3LjAu
-MC4xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErlcsM5lJg+SzFRqayZRsiQow
-AvowhkniRTWdzhFIwpDF+9bY0peZwRJjmDdiEWjWTheCTlC7vxhd8A5XKxsEtKOB
-njCBmzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwIgYDVR0RBBswGYIXZ2VuX3JwY19zbGF2ZUAxMjcuMC4wLjEw
-HQYDVR0OBBYEFCXjGbZN73TvhyVBAgHOnnDDGZzVMB8GA1UdIwQYMBaAFJOrXS9L
-op5cXK5t/uFyKzoFIO19MAoGCCqGSM49BAMCA0gAMEUCIQD9H7vcUcH9+C2/m7A4
-e8gtjrAZftmZiLvYyhX3bmDNxgIgXHEzICSgV95Wo/I1wuDxEdG8irNqFlE24ehy
-/QoPAQQ=
+MIICTDCCAfKgAwIBAgIDAMEGMAoGCCqGSM49BAMCMHQxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRAwDgYD
+VQQKDAdnZW5fcnBjMSYwJAYDVQQDDB1nZW5fcnBjIENlcnRpZmljYXRlIEF1dGhv
+cml0eTAeFw0xODEyMjEyMzE1MjJaFw0zODEyMTYyMzE1MjJaMG4xCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
+MRAwDgYDVQQKDAdnZW5fcnBjMSAwHgYDVQQDDBdnZW5fcnBjX3NsYXZlQDEyNy4w
+LjAuMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBmLXBysYtqQjvxAVxfihlQ5
+OTDCJNNADxa6uuaW4BElOIc4tWEzouN+yCCjxI4AMs3g/7RitHHwYt6bnAuY8Iyj
+eTB3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAdBgNVHQ4EFgQUCt8m+xW2pR3O6vx1zqBWmTH+Z5AwHwYDVR0j
+BBgwFoAUAXosJrY/wnYw1vfcJaDzYwJ8CA0wCgYIKoZIzj0EAwIDSAAwRQIgR1PV
+dClqz5h5W1RGHO2yffAqlCinWDzzCg2VO/1eD24CIQC7l0vlTGsoBtjhciGlI+ej
+S2Ravs4obm9OgS5YEIFPCw==
 -----END CERTIFICATE-----
diff --git a/priv/ec_ssl/[email protected] b/priv/ec_ssl/[email protected]
@@ -2,7 +2,7 @@
 BggqhkjOPQMBBw==
 -----END EC PARAMETERS-----
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIHYIK9+zg7Q6Gb3LtrzLpDcN1s30TlsmF+uH2c5L1BFFoAoGCCqGSM49
-AwEHoUQDQgAErlcsM5lJg+SzFRqayZRsiQowAvowhkniRTWdzhFIwpDF+9bY0peZ
-wRJjmDdiEWjWTheCTlC7vxhd8A5XKxsEtA==
+MHcCAQEEIGSRUX8RPDRYPL1RAn3LM2yIW56F2nuPH43PKo/JKKEJoAoGCCqGSM49
+AwEHoUQDQgAEGYtcHKxi2pCO/EBXF+KGVDk5MMIk00APFrq65pbgESU4hzi1YTOi
+437IIKPEjgAyzeD/tGK0cfBi3pucC5jwjA==
 -----END EC PRIVATE KEY-----
diff --git a/rebar3 b/rebar3
diff --git a/src/driver/gen_rpc_driver_ssl.erl b/src/driver/gen_rpc_driver_ssl.erl
@@ -30,7 +30,7 @@
         get_peer/1,
         send/2,
         activate_socket/1,
-        authenticate_server/1,
+        authenticate_to_server/2,
         authenticate_client/3,
         copy_sock_opts/2,
         set_controlling_process/2,
@@ -92,11 +92,10 @@ activate_socket(Socket) when is_tuple(Socket) ->
     ok.
 
 %% Authenticate to a server
--spec authenticate_server(ssl:sslsocket()) -> ok | {error, {badtcp | badrpc, term()}}.
-authenticate_server(Socket) ->
-    Cookie = erlang:get_cookie(),
-    NodeStr = erlang:atom_to_list(node()),
-    Packet = erlang:term_to_binary({gen_rpc_authenticate_connection, NodeStr, Cookie}),
+-spec authenticate_to_server(atom(), ssl:sslsocket()) -> ok | {error, {badtcp | badrpc, term()}}.
+authenticate_to_server(Node, Socket) ->
+    Cookie = gen_rpc_helper:get_cookie_per_node(Node),
+    Packet = erlang:term_to_binary({gen_rpc_authenticate_connection, node(), Cookie}),
     SendTO = gen_rpc_helper:get_send_timeout(undefined),
     RecvTO = gen_rpc_helper:get_call_receive_timeout(undefined),
     ok = set_send_timeout(Socket, SendTO),
@@ -135,45 +134,49 @@ authenticate_server(Socket) ->
 %% Authenticate a connected client
 -spec authenticate_client(ssl:sslsocket(), tuple(), binary()) -> ok | {error, {badtcp | badrpc, term()}}.
 authenticate_client(Socket, Peer, Data) ->
-    Cookie = erlang:get_cookie(),
     try erlang:binary_to_term(Data) of
-        {gen_rpc_authenticate_connection, Node, Cookie} ->
-            PeerCert = extract_peer_certificate(Socket),
-            {SocketResponse, AuthResult} = case ssl_verify_hostname:verify_cert_hostname(PeerCert, Node) of
-                {fail, AuthReason} ->
-                    ?log(error, "event=node_certificate_mismatch socket=\"~s\" peer=\"~s\" reason=\"~p\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), AuthReason]),
-                    {{gen_rpc_connection_rejected,node_certificate_mismatch}, {error,{badrpc,node_certificate_mismatch}}};
-                {valid, _Hostname} ->
-                    ?log(debug, "event=certificate_validated socket=\"~s\" peer=\"~s\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer)]),
-                    {gen_rpc_connection_authenticated, ok}
-            end,
-            Packet = erlang:term_to_binary(SocketResponse),
-            case send(Socket, Packet) of
-                {error, Reason} ->
-                    ?log(error, "event=transmission_failed socket=\"~s\" peer=\"~s\" reason=\"~p\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Reason]),
-                    {error, {badtcp,Reason}};
-                ok ->
-                    ?log(debug, "event=transmission_succeeded socket=\"~s\" peer=\"~s\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer)]),
-                    ok = activate_socket(Socket),
-                    AuthResult
+        {gen_rpc_authenticate_connection, Node, Cookie} when is_atom(Node), is_atom(Cookie) ->
+            ValidCookie = gen_rpc_helper:get_cookie_per_node(Node),
+            if
+                ValidCookie == Cookie ->
+                    PeerCert = extract_peer_certificate(Socket),
+                    NodeStr = gen_rpc_helper:to_string(Node),
+                    {SocketResponse, AuthResult} = case ssl_verify_hostname:verify_cert_hostname(PeerCert, NodeStr) of
+                        {fail, AuthReason} ->
+                            ?log(error, "event=node_certificate_mismatch socket=\"~s\" peer=\"~s\" node=\"~s\" reason=\"~p\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node, AuthReason]),
+                            {{gen_rpc_connection_rejected,node_certificate_mismatch}, {error,{badrpc,node_certificate_mismatch}}};
+                        {valid, _Hostname} ->
+                            ?log(debug, "event=certificate_validated socket=\"~s\" peer=\"~s\" node=\"~s\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node]),
+                            {gen_rpc_connection_authenticated, ok}
+                    end,
+                    Packet = erlang:term_to_binary(SocketResponse),
+                    case send(Socket, Packet) of
+                        {error, Reason} ->
+                            ?log(error, "event=transmission_failed socket=\"~s\" peer=\"~s\" node=\"~s\" reason=\"~p\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node, Reason]),
+                            {error, {badtcp,Reason}};
+                        ok ->
+                            ?log(debug, "event=transmission_succeeded socket=\"~s\" peer=\"~s\" node=\"~s\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node]),
+                            ok = activate_socket(Socket),
+                            AuthResult
+                    end;
+                true ->
+                    ?log(error, "event=invalid_cookie_received socket=\"~s\" peer=\"~s\" node=\"~s\"",
+                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node]),
+                    Packet = erlang:term_to_binary({gen_rpc_connection_rejected, invalid_cookie}),
+                    ok = case send(Socket, Packet) of
+                        {error, Reason} ->
+                            ?log(error, "event=transmission_failed socket=\"~s\" peer=\"~s\" node=\"~s\" reason=\"~p\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node, Reason]);
+                        ok ->
+                            ?log(debug, "event=transmission_succeeded socket=\"~s\" peer=\"~s\" node=\"~s\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node])
+                    end,
+                    {error, {badrpc,invalid_cookie}}
             end;
-        {gen_rpc_authenticate_connection, _Node, _IncorrectCookie} ->
-            ?log(error, "event=invalid_cookie_received socket=\"~s\" peer=\"~s\"",
-                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer)]),
-            Packet = erlang:term_to_binary({gen_rpc_connection_rejected, invalid_cookie}),
-            ok = case send(Socket, Packet) of
-                {error, Reason} ->
-                    ?log(error, "event=transmission_failed socket=\"~s\" peer=\"~s\" reason=\"~p\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Reason]);
-                ok ->
-                    ?log(debug, "event=transmission_succeeded socket=\"~s\" peer=\"~s\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer)])
-            end,
-            {error, {badrpc,invalid_cookie}};
         OtherData ->
             ?log(debug, "event=erroneous_data_received socket=\"~s\" peer=\"~s\" data=\"~p\"",
                  [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), OtherData]),
@@ -216,7 +219,7 @@ getstat(Socket, OptNames) ->
 %%% ===================================================
 merge_ssl_options(client, Node) ->
     {ok, ExtraOpts} = application:get_env(?APP, ssl_client_options),
-    NodeStr = atom_to_list(Node),
+    NodeStr = gen_rpc_helper:to_string(Node),
     DefaultOpts = lists:append(?SSL_DEFAULT_COMMON_OPTS, ?SSL_DEFAULT_CLIENT_OPTS),
     VerifyOpts = [{verify_fun, {fun ssl_verify_hostname:verify_fun/3,[{check_hostname,NodeStr}]}}|DefaultOpts],
     gen_rpc_helper:merge_sockopt_lists(ExtraOpts, VerifyOpts);

diff --git a/src/driver/gen_rpc_driver_tcp.erl b/src/driver/gen_rpc_driver_tcp.erl
@@ -28,7 +28,7 @@
         get_peer/1,
         send/2,
         activate_socket/1,
-        authenticate_server/1,
+        authenticate_to_server/2,
         authenticate_client/3,
         copy_sock_opts/2,
         set_controlling_process/2,
@@ -82,10 +82,10 @@ send(Socket, Data) when is_port(Socket), is_binary(Data) ->
     end.
 
 %% Authenticate to a server
--spec authenticate_server(port()) -> ok | {error, {badtcp | badrpc, term()}}.
-authenticate_server(Socket) ->
-    Cookie = erlang:get_cookie(),
-    Packet = erlang:term_to_binary({gen_rpc_authenticate_connection, Cookie}),
+-spec authenticate_to_server(atom(), port()) -> ok | {error, {badtcp | badrpc, term()}}.
+authenticate_to_server(Node, Socket) ->
+    Cookie = gen_rpc_helper:get_cookie_per_node(Node),
+    Packet = erlang:term_to_binary({gen_rpc_authenticate_connection, Node, Cookie}),
     SendTO = gen_rpc_helper:get_send_timeout(undefined),
     RecvTO = gen_rpc_helper:get_call_receive_timeout(undefined),
     ok = set_send_timeout(Socket, SendTO),
@@ -125,35 +125,38 @@ authenticate_server(Socket) ->
 %% Authenticate a connected client
 -spec authenticate_client(port(), tuple(), binary()) -> ok | {error, {badtcp | badrpc, term()}}.
 authenticate_client(Socket, Peer, Data) ->
-    Cookie = erlang:get_cookie(),
     try erlang:binary_to_term(Data) of
-        {gen_rpc_authenticate_connection, Cookie} ->
-            Packet = erlang:term_to_binary(gen_rpc_connection_authenticated),
-            Result = case send(Socket, Packet) of
-                {error, Reason} ->
-                    ?log(error, "event=transmission_failed socket=\"~s\" peer=\"~s\" reason=\"~p\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Reason]),
-                    {error, {badtcp,Reason}};
-                ok ->
-                    ?log(debug, "event=transmission_succeeded socket=\"~s\" peer=\"~s\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer)]),
-                    ok = activate_socket(Socket),
-                    ok
-            end,
-            Result;
-        {gen_rpc_authenticate_connection, _IncorrectCookie} ->
-            ?log(error, "event=invalid_cookie_received socket=\"~s\" peer=\"~s\"",
-                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer)]),
-            Packet = erlang:term_to_binary({gen_rpc_connection_rejected, invalid_cookie}),
-            ok = case send(Socket, Packet) of
-                {error, Reason} ->
-                    ?log(error, "event=transmission_failed socket=\"~s\" peer=\"~s\" reason=\"~p\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Reason]);
-                ok ->
-                    ?log(debug, "event=transmission_succeeded socket=\"~s\" peer=\"~s\"",
-                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer)])
-            end,
-            {error, {badrpc,invalid_cookie}};
+        {gen_rpc_authenticate_connection, Node, Cookie} when is_atom(Node), is_atom(Cookie) ->
+            ValidCookie = gen_rpc_helper:get_cookie_per_node(Node),
+            if
+                ValidCookie == Cookie ->
+                    Packet = erlang:term_to_binary(gen_rpc_connection_authenticated),
+                    Result = case send(Socket, Packet) of
+                        {error, Reason} ->
+                            ?log(error, "event=transmission_failed socket=\"~s\" peer=\"~s\" node=\"~s\" reason=\"~p\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node, Reason]),
+                            {error, {badtcp,Reason}};
+                        ok ->
+                            ?log(debug, "event=transmission_succeeded socket=\"~s\" peer=\"~s\" node=\"~s\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node]),
+                            ok = activate_socket(Socket),
+                            ok
+                    end,
+                    Result;
+                true ->
+                    ?log(error, "event=invalid_cookie_received socket=\"~s\" peer=\"~s\" node=\"~s\"",
+                         [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node]),
+                    Packet = erlang:term_to_binary({gen_rpc_connection_rejected, invalid_cookie}),
+                    ok = case send(Socket, Packet) of
+                        {error, Reason} ->
+                            ?log(error, "event=transmission_failed socket=\"~s\" peer=\"~s\" node=\"~s\" reason=\"~p\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node, Reason]);
+                        ok ->
+                            ?log(debug, "event=transmission_succeeded socket=\"~s\" peer=\"~s\" node=\"~s\"",
+                                 [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), Node])
+                    end,
+                    {error, {badrpc,invalid_cookie}}
+            end;
         OtherData ->
             ?log(debug, "event=erroneous_data_received socket=\"~s\" peer=\"~s\" data=\"~p\"",
                  [gen_rpc_helper:socket_to_string(Socket), gen_rpc_helper:peer_to_string(Peer), OtherData]),