From 9347664622859c4a4ce099d12d5aaa3c841d3c0a Mon Sep 17 00:00:00 2001 From: Benjamin Sergeant Date: Thu, 19 Dec 2019 20:49:28 -0800 Subject: [PATCH] (cobra) Add TLS options to all cobra commands and classes. Add example to the doc. --- docs/CHANGELOG.md | 4 + docs/ws.md | 125 +++++++++++++++++- ixcobra/ixcobra/IXCobraConnection.cpp | 5 +- ixcobra/ixcobra/IXCobraConnection.h | 4 +- ixcobra/ixcobra/IXCobraMetricsPublisher.cpp | 6 +- ixcobra/ixcobra/IXCobraMetricsPublisher.h | 5 +- .../IXCobraMetricsThreadedPublisher.cpp | 6 +- .../ixcobra/IXCobraMetricsThreadedPublisher.h | 5 +- ixsnake/ixsnake/IXAppConfig.h | 4 + ixsnake/ixsnake/IXSnakeServer.cpp | 2 +- test/IXCobraChatTest.cpp | 43 +++--- test/IXCobraMetricsPublisherTest.cpp | 15 ++- ws/ws.cpp | 62 ++++++--- ws/ws.h | 21 ++- ws/ws_cobra_metrics_publish.cpp | 5 +- ws/ws_cobra_metrics_to_redis.cpp | 11 +- ws/ws_cobra_publish.cpp | 11 +- ws/ws_cobra_subscribe.cpp | 11 +- ws/ws_cobra_to_sentry.cpp | 11 +- ws/ws_cobra_to_statsd.cpp | 11 +- ws/ws_snake.cpp | 4 +- 21 files changed, 295 insertions(+), 76 deletions(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 5652c507..c42a8abc 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,6 +1,10 @@ # Changelog All notable changes to this project will be documented in this file. +## [7.6.0] - 2019-12-19 + +(cobra) Add TLS options to all cobra commands and classes. Add example to the doc. + ## [7.5.8] - 2019-12-18 (cobra-to-sentry) capture application version from device field diff --git a/docs/ws.md b/docs/ws.md index fcd38223..939b7fcf 100644 --- a/docs/ws.md +++ b/docs/ws.md @@ -243,6 +243,127 @@ Options: --transfer-timeout INT Transfer timeout ``` -## Cobra Client +## Cobra client and server -[cobra](https://github.com/machinezone/cobra) is a real time messenging server. ws has a sub-command to interact with cobra. +[cobra](https://github.com/machinezone/cobra) is a real time messenging server. ws has several sub-command to interact with cobra. There is also a minimal cobra compatible server named snake available. + +Below are examples on running a snake server and clients with TLS enabled (the server only works with the OpenSSL backend for now). + +First, generate certificates. + +``` +$ cd /path/to/IXWebSocket +$ cd ixsnake/ixsnake +$ bash ../../ws/generate_certs.sh +Generating RSA private key, 2048 bit long modulus +.....+++ +.................+++ +e is 65537 (0x10001) +generated ./.certs/trusted-ca-key.pem +generated ./.certs/trusted-ca-crt.pem +Generating RSA private key, 2048 bit long modulus +..+++ +.......................................+++ +e is 65537 (0x10001) +generated ./.certs/trusted-server-key.pem +Signature ok +subject=/O=machinezone/O=IXWebSocket/CN=trusted-server +Getting CA Private Key +generated ./.certs/trusted-server-crt.pem +Generating RSA private key, 2048 bit long modulus +...................................+++ +..................................................+++ +e is 65537 (0x10001) +generated ./.certs/trusted-client-key.pem +Signature ok +subject=/O=machinezone/O=IXWebSocket/CN=trusted-client +Getting CA Private Key +generated ./.certs/trusted-client-crt.pem +Generating RSA private key, 2048 bit long modulus +..............+++ +.......................................+++ +e is 65537 (0x10001) +generated ./.certs/untrusted-ca-key.pem +generated ./.certs/untrusted-ca-crt.pem +Generating RSA private key, 2048 bit long modulus +..........+++ +................................................+++ +e is 65537 (0x10001) +generated ./.certs/untrusted-client-key.pem +Signature ok +subject=/O=machinezone/O=IXWebSocket/CN=untrusted-client +Getting CA Private Key +generated ./.certs/untrusted-client-crt.pem +Generating RSA private key, 2048 bit long modulus +.....................................................................................+++ +...........+++ +e is 65537 (0x10001) +generated ./.certs/selfsigned-client-key.pem +Signature ok +subject=/O=machinezone/O=IXWebSocket/CN=selfsigned-client +Getting Private key +generated ./.certs/selfsigned-client-crt.pem +``` + +Now run the snake server. + +``` +$ export certs=.certs +$ ws snake --tls --port 8765 --cert-file ${certs}/trusted-server-crt.pem --key-file ${certs}/trusted-server-key.pem --ca-file ${certs}/trusted-ca-crt.pem +{ + "apps": { + "FC2F10139A2BAc53BB72D9db967b024f": { + "roles": { + "_sub": { + "secret": "66B1dA3ED5fA074EB5AE84Dd8CE3b5ba" + }, + "_pub": { + "secret": "1c04DB8fFe76A4EeFE3E318C72d771db" + } + } + } + } +} + +redis host: 127.0.0.1 +redis password: +redis port: 6379 +``` + +As a new connection comes in, such output should be printed + +``` +[2019-12-19 20:27:19.724] [info] New connection +id: 0 +Uri: /v2?appkey=_health +Headers: +Connection: Upgrade +Host: 127.0.0.1:8765 +Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=15; client_max_window_bits=15 +Sec-WebSocket-Key: d747B0fE61Db73f7Eh47c0== +Sec-WebSocket-Protocol: json +Sec-WebSocket-Version: 13 +Upgrade: websocket +User-Agent: ixwebsocket/7.5.8 macos ssl/OpenSSL OpenSSL 1.0.2q 20 Nov 2018 zlib 1.2.11 +``` + +To connect and publish a message, do: + +``` +$ export certs=.certs +$ cd /path/to/ws/folder +$ ls cobraMetricsSample.json +cobraMetricsSample.json +$ ws cobra_publish --endpoint wss://127.0.0.1:8765 --appkey FC2F10139A2BAc53BB72D9db967b024f --rolename _pub --rolesecret 1c04DB8fFe76A4EeFE3E318C72d771db --channel foo --cert-file ${certs}/trusted-client-crt.pem --key-file ${certs}/trusted-client-key.pem --ca-file ${certs}/trusted-ca-crt.pem cobraMetricsSample.json +[2019-12-19 20:46:42.656] [info] Publisher connected +[2019-12-19 20:46:42.657] [info] Connection: Upgrade +[2019-12-19 20:46:42.657] [info] Sec-WebSocket-Accept: rs99IFThoBrhSg+k8G4ixH9yaq4= +[2019-12-19 20:46:42.657] [info] Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=15; client_max_window_bits=15 +[2019-12-19 20:46:42.657] [info] Server: ixwebsocket/7.5.8 macos ssl/OpenSSL OpenSSL 1.0.2q 20 Nov 2018 zlib 1.2.11 +[2019-12-19 20:46:42.657] [info] Upgrade: websocket +[2019-12-19 20:46:42.658] [info] Publisher authenticated +[2019-12-19 20:46:42.658] [info] Published msg 3 +[2019-12-19 20:46:42.659] [info] Published message id 3 acked +``` + +To use OpenSSL on macOS, compile with `make ws_openssl`. First you will have to install OpenSSL libraries, which can be done with Homebrew. diff --git a/ixcobra/ixcobra/IXCobraConnection.cpp b/ixcobra/ixcobra/IXCobraConnection.cpp index 9d96992f..9553aa9f 100644 --- a/ixcobra/ixcobra/IXCobraConnection.cpp +++ b/ixcobra/ixcobra/IXCobraConnection.cpp @@ -7,6 +7,7 @@ #include "IXCobraConnection.h" #include #include +#include #include #include @@ -244,7 +245,8 @@ namespace ix const std::string& endpoint, const std::string& rolename, const std::string& rolesecret, - const WebSocketPerMessageDeflateOptions& webSocketPerMessageDeflateOptions) + const WebSocketPerMessageDeflateOptions& webSocketPerMessageDeflateOptions, + const SocketTLSOptions& socketTLSOptions) { _roleName = rolename; _roleSecret = rolesecret; @@ -257,6 +259,7 @@ namespace ix std::string url = ss.str(); _webSocket->setUrl(url); _webSocket->setPerMessageDeflateOptions(webSocketPerMessageDeflateOptions); + _webSocket->setTLSOptions(socketTLSOptions); } // diff --git a/ixcobra/ixcobra/IXCobraConnection.h b/ixcobra/ixcobra/IXCobraConnection.h index 4deb2fc9..6e57ad0d 100644 --- a/ixcobra/ixcobra/IXCobraConnection.h +++ b/ixcobra/ixcobra/IXCobraConnection.h @@ -20,6 +20,7 @@ namespace ix { class WebSocket; + struct SocketTLSOptions; enum CobraConnectionEventType { @@ -62,7 +63,8 @@ namespace ix const std::string& endpoint, const std::string& rolename, const std::string& rolesecret, - const WebSocketPerMessageDeflateOptions& webSocketPerMessageDeflateOptions); + const WebSocketPerMessageDeflateOptions& webSocketPerMessageDeflateOptions, + const SocketTLSOptions& socketTLSOptions); /// Set the traffic tracker callback static void setTrafficTrackerCallback(const TrafficTrackerCallback& callback); diff --git a/ixcobra/ixcobra/IXCobraMetricsPublisher.cpp b/ixcobra/ixcobra/IXCobraMetricsPublisher.cpp index 1283b57b..73220267 100644 --- a/ixcobra/ixcobra/IXCobraMetricsPublisher.cpp +++ b/ixcobra/ixcobra/IXCobraMetricsPublisher.cpp @@ -5,6 +5,7 @@ */ #include "IXCobraMetricsPublisher.h" +#include #include #include @@ -31,14 +32,15 @@ namespace ix const std::string& channel, const std::string& rolename, const std::string& rolesecret, - bool enablePerMessageDeflate) + bool enablePerMessageDeflate, + const SocketTLSOptions& socketTLSOptions) { // Configure the satori connection and start its publish background thread _cobra_metrics_theaded_publisher.start(); _cobra_metrics_theaded_publisher.configure(appkey, endpoint, channel, rolename, rolesecret, - enablePerMessageDeflate); + enablePerMessageDeflate, socketTLSOptions); } Json::Value& CobraMetricsPublisher::getGenericAttributes() diff --git a/ixcobra/ixcobra/IXCobraMetricsPublisher.h b/ixcobra/ixcobra/IXCobraMetricsPublisher.h index b8a813ba..09e15c8e 100644 --- a/ixcobra/ixcobra/IXCobraMetricsPublisher.h +++ b/ixcobra/ixcobra/IXCobraMetricsPublisher.h @@ -15,6 +15,8 @@ namespace ix { + struct SocketTLSOptions; + class CobraMetricsPublisher { public: @@ -43,7 +45,8 @@ namespace ix const std::string& channel, const std::string& rolename, const std::string& rolesecret, - bool enablePerMessageDeflate); + bool enablePerMessageDeflate, + const SocketTLSOptions& socketTLSOptions); /// Setter for the list of blacklisted metrics ids. /// That list is sorted internally for fast lookups diff --git a/ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.cpp b/ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.cpp index 1cf539e5..668b0d00 100644 --- a/ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.cpp +++ b/ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.cpp @@ -6,6 +6,7 @@ #include "IXCobraMetricsThreadedPublisher.h" #include +#include #include #include @@ -92,14 +93,15 @@ namespace ix const std::string& channel, const std::string& rolename, const std::string& rolesecret, - bool enablePerMessageDeflate) + bool enablePerMessageDeflate, + const SocketTLSOptions& socketTLSOptions) { _channel = channel; ix::WebSocketPerMessageDeflateOptions webSocketPerMessageDeflateOptions(enablePerMessageDeflate); _cobra_connection.configure(appkey, endpoint, rolename, rolesecret, - webSocketPerMessageDeflateOptions); + webSocketPerMessageDeflateOptions, socketTLSOptions); } void CobraMetricsThreadedPublisher::pushMessage(MessageKind messageKind) diff --git a/ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.h b/ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.h index 20bf44bb..d3701b30 100644 --- a/ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.h +++ b/ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.h @@ -18,6 +18,8 @@ namespace ix { + struct SocketTLSOptions; + class CobraMetricsThreadedPublisher { public: @@ -30,7 +32,8 @@ namespace ix const std::string& channel, const std::string& rolename, const std::string& rolesecret, - bool enablePerMessageDeflate); + bool enablePerMessageDeflate, + const SocketTLSOptions& socketTLSOptions); /// Start the worker thread, used for background publishing void start(); diff --git a/ixsnake/ixsnake/IXAppConfig.h b/ixsnake/ixsnake/IXAppConfig.h index e43243ba..ca61446c 100644 --- a/ixsnake/ixsnake/IXAppConfig.h +++ b/ixsnake/ixsnake/IXAppConfig.h @@ -9,6 +9,7 @@ #include #include #include +#include namespace snake { @@ -26,6 +27,9 @@ namespace snake // AppKeys nlohmann::json apps; + // TLS options + ix::SocketTLSOptions socketTLSOptions; + // Misc bool verbose; }; diff --git a/ixsnake/ixsnake/IXSnakeServer.cpp b/ixsnake/ixsnake/IXSnakeServer.cpp index 216dd2b1..a9c77549 100644 --- a/ixsnake/ixsnake/IXSnakeServer.cpp +++ b/ixsnake/ixsnake/IXSnakeServer.cpp @@ -20,7 +20,7 @@ namespace snake : _appConfig(appConfig) , _server(appConfig.port, appConfig.hostname) { - ; + _server.setTLSOptions(appConfig.socketTLSOptions); } // diff --git a/test/IXCobraChatTest.cpp b/test/IXCobraChatTest.cpp index 77603063..a6c5fc56 100644 --- a/test/IXCobraChatTest.cpp +++ b/test/IXCobraChatTest.cpp @@ -34,10 +34,10 @@ namespace }); } - class SatoriChat + class CobraChat { public: - SatoriChat(const std::string& user, + CobraChat(const std::string& user, const std::string& session, const std::string& endpoint); @@ -72,9 +72,9 @@ namespace std::mutex _logMutex; }; - SatoriChat::SatoriChat(const std::string& user, - const std::string& session, - const std::string& endpoint) + CobraChat::CobraChat(const std::string& user, + const std::string& session, + const std::string& endpoint) : _user(user) , _session(session) , _endpoint(endpoint) @@ -83,34 +83,34 @@ namespace { } - void SatoriChat::start() + void CobraChat::start() { - _thread = std::thread(&SatoriChat::run, this); + _thread = std::thread(&CobraChat::run, this); } - void SatoriChat::stop() + void CobraChat::stop() { _stop = true; _thread.join(); } - bool SatoriChat::isReady() const + bool CobraChat::isReady() const { return _connectedAndSubscribed; } - size_t SatoriChat::getReceivedMessagesCount() const + size_t CobraChat::getReceivedMessagesCount() const { return _receivedQueue.size(); } - bool SatoriChat::hasPendingMessages() const + bool CobraChat::hasPendingMessages() const { std::unique_lock lock(_queue_mutex); return !_publish_queue.empty(); } - Json::Value SatoriChat::popMessage() + Json::Value CobraChat::popMessage() { std::unique_lock lock(_queue_mutex); auto msg = _publish_queue.front(); @@ -121,7 +121,7 @@ namespace // // Callback to handle received messages, that are printed on the console // - void SatoriChat::subscribe(const std::string& channel) + void CobraChat::subscribe(const std::string& channel) { std::string filter; _conn.subscribe(channel, filter, [this](const Json::Value& msg) { @@ -151,7 +151,7 @@ namespace }); } - void SatoriChat::sendMessage(const std::string& text) + void CobraChat::sendMessage(const std::string& text) { Json::Value msg; msg["user"] = _user; @@ -166,16 +166,21 @@ namespace // Do satori communication on a background thread, where we can have // something like an event loop that publish, poll and receive data // - void SatoriChat::run() + void CobraChat::run() { // "chat" conf std::string appkey("FC2F10139A2BAc53BB72D9db967b024f"); std::string channel = _session; std::string role = "_sub"; std::string secret = "66B1dA3ED5fA074EB5AE84Dd8CE3b5ba"; + SocketTLSOptions socketTLSOptions; - _conn.configure( - appkey, _endpoint, role, secret, ix::WebSocketPerMessageDeflateOptions(true)); + _conn.configure(appkey, + _endpoint, + role, + secret, + ix::WebSocketPerMessageDeflateOptions(true), + socketTLSOptions); _conn.connect(); _conn.setEventCallback([this, channel](ix::CobraConnectionEventType eventType, @@ -280,8 +285,8 @@ TEST_CASE("Cobra_chat", "[cobra_chat]") ss << "ws://localhost:" << port; std::string endpoint = ss.str(); - SatoriChat chatA("jean", session, endpoint); - SatoriChat chatB("paul", session, endpoint); + CobraChat chatA("jean", session, endpoint); + CobraChat chatB("paul", session, endpoint); chatA.start(); chatB.start(); diff --git a/test/IXCobraMetricsPublisherTest.cpp b/test/IXCobraMetricsPublisherTest.cpp index daf2f6ab..9d08ae93 100644 --- a/test/IXCobraMetricsPublisherTest.cpp +++ b/test/IXCobraMetricsPublisherTest.cpp @@ -62,11 +62,14 @@ namespace gMessageCount = 0; ix::CobraConnection conn; + SocketTLSOptions socketTLSOptions; + conn.configure(APPKEY, endpoint, SUBSCRIBER_ROLE, SUBSCRIBER_SECRET, - ix::WebSocketPerMessageDeflateOptions(true)); + ix::WebSocketPerMessageDeflateOptions(true), + socketTLSOptions); conn.connect(); conn.setEventCallback([&conn](ix::CobraConnectionEventType eventType, @@ -202,9 +205,15 @@ TEST_CASE("Cobra_Metrics_Publisher", "[cobra]") ix::CobraMetricsPublisher cobraMetricsPublisher; + SocketTLSOptions socketTLSOptions; bool perMessageDeflate = true; - cobraMetricsPublisher.configure( - APPKEY, endpoint, CHANNEL, PUBLISHER_ROLE, PUBLISHER_SECRET, perMessageDeflate); + cobraMetricsPublisher.configure(APPKEY, + endpoint, + CHANNEL, + PUBLISHER_ROLE, + PUBLISHER_SECRET, + perMessageDeflate, + socketTLSOptions); cobraMetricsPublisher.setSession(uuid4()); cobraMetricsPublisher.enable(true); // disabled by default, needs to be enabled to be active diff --git a/ws/ws.cpp b/ws/ws.cpp index 8cd95ea0..6a191474 100644 --- a/ws/ws.cpp +++ b/ws/ws.cpp @@ -218,6 +218,7 @@ int main(int argc, char** argv) cobraSubscribeApp->add_option("--pidfile", pidfile, "Pid file"); cobraSubscribeApp->add_option("--filter", filter, "Stream SQL Filter"); cobraSubscribeApp->add_flag("-q", quiet, "Quiet / only display stats"); + addTLSOptions(cobraSubscribeApp); CLI::App* cobraPublish = app.add_subcommand("cobra_publish", "Cobra publisher"); cobraPublish->add_option("--appkey", appkey, "Appkey")->required(); @@ -229,6 +230,7 @@ int main(int argc, char** argv) cobraPublish->add_option("path", path, "Path to the file to send") ->required() ->check(CLI::ExistingPath); + addTLSOptions(cobraPublish); CLI::App* cobraMetricsPublish = app.add_subcommand("cobra_metrics_publish", "Cobra metrics publisher"); @@ -242,6 +244,7 @@ int main(int argc, char** argv) ->required() ->check(CLI::ExistingPath); cobraMetricsPublish->add_flag("--stress", stress, "Stress mode"); + addTLSOptions(cobraMetricsPublish); CLI::App* cobra2statsd = app.add_subcommand("cobra_to_statsd", "Cobra metrics to statsd"); cobra2statsd->add_option("--appkey", appkey, "Appkey"); @@ -256,6 +259,7 @@ int main(int argc, char** argv) cobra2statsd->add_flag("-v", verbose, "Verbose"); cobra2statsd->add_option("--pidfile", pidfile, "Pid file"); cobra2statsd->add_option("--filter", filter, "Stream SQL Filter"); + addTLSOptions(cobra2statsd); CLI::App* cobra2sentry = app.add_subcommand("cobra_to_sentry", "Cobra metrics to sentry"); cobra2sentry->add_option("--appkey", appkey, "Appkey")->required(); @@ -269,6 +273,7 @@ int main(int argc, char** argv) cobra2sentry->add_flag("-s", strict, "Strict mode. Error out when sending to sentry fails"); cobra2sentry->add_option("--pidfile", pidfile, "Pid file"); cobra2sentry->add_option("--filter", filter, "Stream SQL Filter"); + addTLSOptions(cobra2sentry); CLI::App* cobra2redisApp = app.add_subcommand("cobra_metrics_to_redis", "Cobra metrics to redis"); @@ -282,17 +287,19 @@ int main(int argc, char** argv) cobra2redisApp->add_option("--hostname", hostname, "Redis hostname"); cobra2redisApp->add_option("--port", redisPort, "Redis port"); cobra2redisApp->add_flag("-q", quiet, "Quiet / only display stats"); + addTLSOptions(cobra2redisApp); - CLI::App* runApp = app.add_subcommand("snake", "Snake server"); - runApp->add_option("--port", port, "Connection url"); - runApp->add_option("--host", hostname, "Hostname"); - runApp->add_option("--pidfile", pidfile, "Pid file"); - runApp->add_option("--redis_hosts", redisHosts, "Redis hosts"); - runApp->add_option("--redis_port", redisPort, "Redis hosts"); - runApp->add_option("--redis_password", redisPassword, "Redis password"); - runApp->add_option("--apps_config_path", appsConfigPath, "Path to auth data") + CLI::App* snakeApp = app.add_subcommand("snake", "Snake server"); + snakeApp->add_option("--port", port, "Connection url"); + snakeApp->add_option("--host", hostname, "Hostname"); + snakeApp->add_option("--pidfile", pidfile, "Pid file"); + snakeApp->add_option("--redis_hosts", redisHosts, "Redis hosts"); + snakeApp->add_option("--redis_port", redisPort, "Redis hosts"); + snakeApp->add_option("--redis_password", redisPassword, "Redis password"); + snakeApp->add_option("--apps_config_path", appsConfigPath, "Path to auth data") ->check(CLI::ExistingPath); - runApp->add_flag("-v", verbose, "Verbose"); + snakeApp->add_flag("-v", verbose, "Verbose"); + addTLSOptions(snakeApp); CLI::App* httpServerApp = app.add_subcommand("httpd", "HTTP server"); httpServerApp->add_option("--port", port, "Port"); @@ -314,6 +321,7 @@ int main(int argc, char** argv) proxyServerApp->add_option("--host", hostname, "Hostname"); proxyServerApp->add_option("--remote_host", remoteHost, "Remote Hostname"); proxyServerApp->add_flag("-v", verbose, "Verbose"); + addTLSOptions(proxyServerApp); CLI::App* minidumpApp = app.add_subcommand("upload_minidump", "Upload a minidump to sentry"); minidumpApp->add_option("--minidump", minidump, "Minidump path")->check(CLI::ExistingPath); @@ -408,16 +416,17 @@ int main(int argc, char** argv) else if (app.got_subcommand("cobra_subscribe")) { ret = ix::ws_cobra_subscribe_main( - appkey, endpoint, rolename, rolesecret, channel, filter, quiet); + appkey, endpoint, rolename, rolesecret, channel, filter, quiet, tlsOptions); } else if (app.got_subcommand("cobra_publish")) { - ret = ix::ws_cobra_publish_main(appkey, endpoint, rolename, rolesecret, channel, path); + ret = ix::ws_cobra_publish_main( + appkey, endpoint, rolename, rolesecret, channel, path, tlsOptions); } else if (app.got_subcommand("cobra_metrics_publish")) { ret = ix::ws_cobra_metrics_publish_main( - appkey, endpoint, rolename, rolesecret, channel, path, stress); + appkey, endpoint, rolename, rolesecret, channel, path, stress, tlsOptions); } else if (app.got_subcommand("cobra_to_statsd")) { @@ -431,22 +440,39 @@ int main(int argc, char** argv) statsdPort, prefix, fields, - verbose); + verbose, + tlsOptions); } else if (app.got_subcommand("cobra_to_sentry")) { - ret = ix::ws_cobra_to_sentry_main( - appkey, endpoint, rolename, rolesecret, channel, filter, dsn, verbose, strict, jobs); + ret = ix::ws_cobra_to_sentry_main(appkey, + endpoint, + rolename, + rolesecret, + channel, + filter, + dsn, + verbose, + strict, + jobs, + tlsOptions); } else if (app.got_subcommand("cobra_metrics_to_redis")) { - ret = ix::ws_cobra_metrics_to_redis( - appkey, endpoint, rolename, rolesecret, channel, filter, hostname, redisPort); + ret = ix::ws_cobra_metrics_to_redis(appkey, + endpoint, + rolename, + rolesecret, + channel, + filter, + hostname, + redisPort, + tlsOptions); } else if (app.got_subcommand("snake")) { ret = ix::ws_snake_main( - port, hostname, redisHosts, redisPort, redisPassword, verbose, appsConfigPath); + port, hostname, redisHosts, redisPort, redisPassword, verbose, appsConfigPath, tlsOptions); } else if (app.got_subcommand("httpd")) { diff --git a/ws/ws.h b/ws/ws.h index 861c181f..3e44a2fa 100644 --- a/ws/ws.h +++ b/ws/ws.h @@ -76,14 +76,16 @@ namespace ix const std::string& rolesecret, const std::string& channel, const std::string& filter, - bool quiet); + bool quiet, + const ix::SocketTLSOptions& tlsOptions); int ws_cobra_publish_main(const std::string& appkey, const std::string& endpoint, const std::string& rolename, const std::string& rolesecret, const std::string& channel, - const std::string& path); + const std::string& path, + const ix::SocketTLSOptions& tlsOptions); int ws_cobra_metrics_publish_main(const std::string& appkey, const std::string& endpoint, @@ -91,7 +93,8 @@ namespace ix const std::string& rolesecret, const std::string& channel, const std::string& path, - bool stress); + bool stress, + const ix::SocketTLSOptions& tlsOptions); int ws_cobra_to_statsd_main(const std::string& appkey, const std::string& endpoint, @@ -103,7 +106,8 @@ namespace ix int port, const std::string& prefix, const std::string& fields, - bool verbose); + bool verbose, + const ix::SocketTLSOptions& tlsOptions); int ws_cobra_to_sentry_main(const std::string& appkey, const std::string& endpoint, @@ -114,7 +118,8 @@ namespace ix const std::string& dsn, bool verbose, bool strict, - int jobs); + int jobs, + const ix::SocketTLSOptions& tlsOptions); int ws_cobra_metrics_to_redis(const std::string& appkey, const std::string& endpoint, @@ -123,7 +128,8 @@ namespace ix const std::string& channel, const std::string& filter, const std::string& host, - int port); + int port, + const ix::SocketTLSOptions& tlsOptions); int ws_snake_main(int port, const std::string& hostname, @@ -131,7 +137,8 @@ namespace ix int redisPort, const std::string& redisPassword, bool verbose, - const std::string& appsConfigPath); + const std::string& appsConfigPath, + const ix::SocketTLSOptions& tlsOptions); int ws_httpd_main(int port, const std::string& hostname, diff --git a/ws/ws_cobra_metrics_publish.cpp b/ws/ws_cobra_metrics_publish.cpp index 32b92bcd..d6dcb318 100644 --- a/ws/ws_cobra_metrics_publish.cpp +++ b/ws/ws_cobra_metrics_publish.cpp @@ -22,7 +22,8 @@ namespace ix const std::string& rolesecret, const std::string& channel, const std::string& path, - bool stress) + bool stress, + const ix::SocketTLSOptions& tlsOptions) { std::atomic sentMessages(0); std::atomic ackedMessages(0); @@ -37,7 +38,7 @@ namespace ix bool enablePerMessageDeflate = true; cobraMetricsPublisher.configure( - appkey, endpoint, channel, rolename, rolesecret, enablePerMessageDeflate); + appkey, endpoint, channel, rolename, rolesecret, enablePerMessageDeflate, tlsOptions); while (!cobraMetricsPublisher.isAuthenticated()) ; diff --git a/ws/ws_cobra_metrics_to_redis.cpp b/ws/ws_cobra_metrics_to_redis.cpp index 7c07a6cd..3e52ba50 100644 --- a/ws/ws_cobra_metrics_to_redis.cpp +++ b/ws/ws_cobra_metrics_to_redis.cpp @@ -25,11 +25,16 @@ namespace ix const std::string& channel, const std::string& filter, const std::string& host, - int port) + int port, + const ix::SocketTLSOptions& tlsOptions) { ix::CobraConnection conn; - conn.configure( - appkey, endpoint, rolename, rolesecret, ix::WebSocketPerMessageDeflateOptions(true)); + conn.configure(appkey, + endpoint, + rolename, + rolesecret, + ix::WebSocketPerMessageDeflateOptions(true), + tlsOptions); conn.connect(); // Display incoming messages diff --git a/ws/ws_cobra_publish.cpp b/ws/ws_cobra_publish.cpp index a5ad1dff..304921e0 100644 --- a/ws/ws_cobra_publish.cpp +++ b/ws/ws_cobra_publish.cpp @@ -22,7 +22,8 @@ namespace ix const std::string& rolename, const std::string& rolesecret, const std::string& channel, - const std::string& path) + const std::string& path, + const ix::SocketTLSOptions& tlsOptions) { std::ifstream f(path); std::string str((std::istreambuf_iterator(f)), std::istreambuf_iterator()); @@ -36,8 +37,12 @@ namespace ix } ix::CobraConnection conn; - conn.configure( - appkey, endpoint, rolename, rolesecret, ix::WebSocketPerMessageDeflateOptions(true)); + conn.configure(appkey, + endpoint, + rolename, + rolesecret, + ix::WebSocketPerMessageDeflateOptions(true), + tlsOptions); conn.connect(); // Display incoming messages diff --git a/ws/ws_cobra_subscribe.cpp b/ws/ws_cobra_subscribe.cpp index 86e7119e..18c97543 100644 --- a/ws/ws_cobra_subscribe.cpp +++ b/ws/ws_cobra_subscribe.cpp @@ -20,11 +20,16 @@ namespace ix const std::string& rolesecret, const std::string& channel, const std::string& filter, - bool quiet) + bool quiet, + const ix::SocketTLSOptions& tlsOptions) { ix::CobraConnection conn; - conn.configure( - appkey, endpoint, rolename, rolesecret, ix::WebSocketPerMessageDeflateOptions(true)); + conn.configure(appkey, + endpoint, + rolename, + rolesecret, + ix::WebSocketPerMessageDeflateOptions(true), + tlsOptions); conn.connect(); Json::FastWriter jsonWriter; diff --git a/ws/ws_cobra_to_sentry.cpp b/ws/ws_cobra_to_sentry.cpp index 98a06574..3befaa4a 100644 --- a/ws/ws_cobra_to_sentry.cpp +++ b/ws/ws_cobra_to_sentry.cpp @@ -28,11 +28,16 @@ namespace ix const std::string& dsn, bool verbose, bool strict, - int jobs) + int jobs, + const ix::SocketTLSOptions& tlsOptions) { ix::CobraConnection conn; - conn.configure( - appkey, endpoint, rolename, rolesecret, ix::WebSocketPerMessageDeflateOptions(true)); + conn.configure(appkey, + endpoint, + rolename, + rolesecret, + ix::WebSocketPerMessageDeflateOptions(true), + tlsOptions); conn.connect(); Json::FastWriter jsonWriter; diff --git a/ws/ws_cobra_to_statsd.cpp b/ws/ws_cobra_to_statsd.cpp index af863aa0..fb5327bc 100644 --- a/ws/ws_cobra_to_statsd.cpp +++ b/ws/ws_cobra_to_statsd.cpp @@ -66,11 +66,16 @@ namespace ix int port, const std::string& prefix, const std::string& fields, - bool verbose) + bool verbose, + const ix::SocketTLSOptions& tlsOptions) { ix::CobraConnection conn; - conn.configure( - appkey, endpoint, rolename, rolesecret, ix::WebSocketPerMessageDeflateOptions(true)); + conn.configure(appkey, + endpoint, + rolename, + rolesecret, + ix::WebSocketPerMessageDeflateOptions(true), + tlsOptions); conn.connect(); auto tokens = parseFields(fields); diff --git a/ws/ws_snake.cpp b/ws/ws_snake.cpp index 88cb1dfa..0c8f4605 100644 --- a/ws/ws_snake.cpp +++ b/ws/ws_snake.cpp @@ -43,7 +43,8 @@ namespace ix int redisPort, const std::string& redisPassword, bool verbose, - const std::string& appsConfigPath) + const std::string& appsConfigPath, + const SocketTLSOptions& socketTLSOptions) { snake::AppConfig appConfig; appConfig.port = port; @@ -51,6 +52,7 @@ namespace ix appConfig.verbose = verbose; appConfig.redisPort = redisPort; appConfig.redisPassword = redisPassword; + appConfig.socketTLSOptions = socketTLSOptions; // Parse config file auto str = readAsString(appsConfigPath);