2019-09-23 03:06:15 +02:00
|
|
|
/*
|
|
|
|
|
* IXSocketTLSOptions.h
|
2019-09-30 02:35:18 +02:00
|
|
|
* Author: Matt DeBoer
|
2019-09-30 05:09:51 +02:00
|
|
|
* Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
|
2019-09-23 03:06:15 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "IXSocketTLSOptions.h"
|
|
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
#include <assert.h>
|
2019-09-30 02:35:18 +02:00
|
|
|
#include <fstream>
|
2019-12-21 00:18:04 +01:00
|
|
|
#include <sstream>
|
2019-09-23 19:25:23 +02:00
|
|
|
|
2019-09-23 03:06:15 +02:00
|
|
|
namespace ix
|
|
|
|
|
{
|
2019-09-30 02:35:18 +02:00
|
|
|
const char* kTLSCAFileUseSystemDefaults = "SYSTEM";
|
|
|
|
|
const char* kTLSCAFileDisableVerify = "NONE";
|
|
|
|
|
const char* kTLSCiphersUseDefault = "DEFAULT";
|
|
|
|
|
|
|
|
|
|
bool SocketTLSOptions::isValid() const
|
2019-09-23 19:25:23 +02:00
|
|
|
{
|
2019-09-30 02:35:18 +02:00
|
|
|
if (!_validated)
|
|
|
|
|
{
|
|
|
|
|
if (!certFile.empty() && !std::ifstream(certFile))
|
|
|
|
|
{
|
|
|
|
|
_errMsg = "certFile not found: " + certFile;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (!keyFile.empty() && !std::ifstream(keyFile))
|
|
|
|
|
{
|
|
|
|
|
_errMsg = "keyFile not found: " + keyFile;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (!caFile.empty() && caFile != kTLSCAFileDisableVerify &&
|
|
|
|
|
caFile != kTLSCAFileUseSystemDefaults && !std::ifstream(caFile))
|
|
|
|
|
{
|
|
|
|
|
_errMsg = "caFile not found: " + caFile;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (certFile.empty() != keyFile.empty())
|
|
|
|
|
{
|
|
|
|
|
_errMsg = "certFile and keyFile must be both present, or both absent";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_validated = true;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
2019-09-23 03:06:15 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-30 02:35:18 +02:00
|
|
|
bool SocketTLSOptions::hasCertAndKey() const
|
2019-09-23 03:06:15 +02:00
|
|
|
{
|
|
|
|
|
return !certFile.empty() && !keyFile.empty();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool SocketTLSOptions::isUsingSystemDefaults() const
|
|
|
|
|
{
|
2019-09-30 02:35:18 +02:00
|
|
|
return caFile == kTLSCAFileUseSystemDefaults;
|
2019-09-23 03:06:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool SocketTLSOptions::isPeerVerifyDisabled() const
|
|
|
|
|
{
|
2019-09-30 02:35:18 +02:00
|
|
|
return caFile == kTLSCAFileDisableVerify;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool SocketTLSOptions::isUsingDefaultCiphers() const
|
|
|
|
|
{
|
|
|
|
|
return ciphers.empty() || ciphers == kTLSCiphersUseDefault;
|
2019-09-23 03:06:15 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-30 02:35:18 +02:00
|
|
|
const std::string& SocketTLSOptions::getErrorMsg() const
|
|
|
|
|
{
|
|
|
|
|
return _errMsg;
|
|
|
|
|
}
|
2019-12-21 00:18:04 +01:00
|
|
|
|
|
|
|
|
std::string SocketTLSOptions::getDescription() const
|
|
|
|
|
{
|
|
|
|
|
std::stringstream ss;
|
|
|
|
|
ss << "TLS Options:" << std::endl;
|
|
|
|
|
ss << " certFile = " << certFile << std::endl;
|
|
|
|
|
ss << " keyFile = " << keyFile << std::endl;
|
|
|
|
|
ss << " caFile = " << caFile << std::endl;
|
|
|
|
|
ss << " ciphers = " << ciphers << std::endl;
|
2019-12-23 21:25:25 +01:00
|
|
|
ss << " ciphers = " << ciphers << std::endl;
|
2019-12-21 00:18:04 +01:00
|
|
|
return ss.str();
|
|
|
|
|
}
|
2019-09-23 03:06:15 +02:00
|
|
|
} // namespace ix
|
