SocketTLSOptions: more methods (contributed by Matt DeBoer)

2019-09-29 17:35:18 -07:00 · 2019-09-29 17:35:18 -07:00 · d1fb34694c
commit d1fb34694c
parent d1fc31b894
2 changed files with 65 additions and 10 deletions
--- a/ixwebsocket/IXSocketTLSOptions.cpp
+++ b/ixwebsocket/IXSocketTLSOptions.cpp
@ -1,35 +1,78 @@
 /*
 *  IXSocketTLSOptions.h
- *  Author: Benjamin Sergeant
+ *  Author: Matt DeBoer
 *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
 */

 #include "IXSocketTLSOptions.h"

 #include <assert.h>
+#include <fstream>

 namespace ix
 {
-    SocketTLSOptions::SocketTLSOptions()
+    const char* kTLSCAFileUseSystemDefaults = "SYSTEM";
+    const char* kTLSCAFileDisableVerify = "NONE";
+    const char* kTLSCiphersUseDefault = "DEFAULT";
+
+    bool SocketTLSOptions::isValid() const
    {
 #ifndef IXWEBSOCKET_USE_TLS
-        assert(false && "To use TLS features the library must be compiled with USE_TLS");
+        _errMsg = "To use TLS features the library must be compiled with USE_TLS";
+        return false;
 #endif
+        if (!_validated)
+        {
+            if (!certFile.empty() && !std::ifstream(certFile))
+            {
+                _errMsg = "certFile not found: " + certFile;
+                return false;
+            }
+            if (!keyFile.empty() && !std::ifstream(keyFile))
+            {
+                _errMsg = "keyFile not found: " + keyFile;
+                return false;
+            }
+            if (!caFile.empty() && caFile != kTLSCAFileDisableVerify &&
+                caFile != kTLSCAFileUseSystemDefaults && !std::ifstream(caFile))
+            {
+                _errMsg = "caFile not found: " + caFile;
+                return false;
+            }
+
+            if (certFile.empty() != keyFile.empty())
+            {
+                _errMsg = "certFile and keyFile must be both present, or both absent";
+                return false;
+            }
+
+            _validated = true;
+        }
+        return true;
    }

-    bool SocketTLSOptions::isUsingClientCert() const
+    bool SocketTLSOptions::hasCertAndKey() const
    {
        return !certFile.empty() && !keyFile.empty();
    }

    bool SocketTLSOptions::isUsingSystemDefaults() const
    {
-        return caFile == "SYSTEM";
+        return caFile == kTLSCAFileUseSystemDefaults;
    }

    bool SocketTLSOptions::isPeerVerifyDisabled() const
    {
-        return caFile != "NONE";
+        return caFile == kTLSCAFileDisableVerify;
    }

+    bool SocketTLSOptions::isUsingDefaultCiphers() const
+    {
+        return ciphers.empty() || ciphers == kTLSCiphersUseDefault;
+    }
+
+    const std::string& SocketTLSOptions::getErrorMsg() const
+    {
+        return _errMsg;
+    }
 } // namespace ix
--- a/ixwebsocket/IXSocketTLSOptions.h
+++ b/ixwebsocket/IXSocketTLSOptions.h
@ -1,7 +1,7 @@
 /*
 *  IXSocketTLSOptions.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
+ *  Author: Matt DeBoer
+ *  Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
 */

 #pragma once
@ -12,7 +12,9 @@ namespace ix
 {
    struct SocketTLSOptions
    {
-        SocketTLSOptions();
+    public:
+        // check validity of the object
+        bool isValid() const;

        // the certificate presented to peers
        std::string certFile;
@ -23,10 +25,20 @@ namespace ix
        // leverage the system defaults, use 'NONE' to disable peer verification
        std::string caFile = "SYSTEM";

-        bool isUsingClientCert() const;
+        std::string ciphers = "DEFAULT";
+
+        bool hasCertAndKey() const;

        bool isUsingSystemDefaults() const;

        bool isPeerVerifyDisabled() const;
+
+        bool isUsingDefaultCiphers() const;
+
+        const std::string& getErrorMsg() const;
+
+    private:
+        mutable std::string _errMsg;
+        mutable bool _validated;
    };
 } // namespace ix