From d1fb34694cf449ee7ad49dffa44b10a9fb39bd7c Mon Sep 17 00:00:00 2001 From: Benjamin Sergeant Date: Sun, 29 Sep 2019 17:35:18 -0700 Subject: [PATCH] SocketTLSOptions: more methods (contributed by Matt DeBoer) --- ixwebsocket/IXSocketTLSOptions.cpp | 55 ++++++++++++++++++++++++++---- ixwebsocket/IXSocketTLSOptions.h | 20 ++++++++--- 2 files changed, 65 insertions(+), 10 deletions(-) diff --git a/ixwebsocket/IXSocketTLSOptions.cpp b/ixwebsocket/IXSocketTLSOptions.cpp index 4b47062b..bdb9ea0d 100644 --- a/ixwebsocket/IXSocketTLSOptions.cpp +++ b/ixwebsocket/IXSocketTLSOptions.cpp @@ -1,35 +1,78 @@ /* * IXSocketTLSOptions.h - * Author: Benjamin Sergeant + * Author: Matt DeBoer * Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved. */ #include "IXSocketTLSOptions.h" #include +#include namespace ix { - SocketTLSOptions::SocketTLSOptions() + const char* kTLSCAFileUseSystemDefaults = "SYSTEM"; + const char* kTLSCAFileDisableVerify = "NONE"; + const char* kTLSCiphersUseDefault = "DEFAULT"; + + bool SocketTLSOptions::isValid() const { #ifndef IXWEBSOCKET_USE_TLS - assert(false && "To use TLS features the library must be compiled with USE_TLS"); + _errMsg = "To use TLS features the library must be compiled with USE_TLS"; + return false; #endif + if (!_validated) + { + if (!certFile.empty() && !std::ifstream(certFile)) + { + _errMsg = "certFile not found: " + certFile; + return false; + } + if (!keyFile.empty() && !std::ifstream(keyFile)) + { + _errMsg = "keyFile not found: " + keyFile; + return false; + } + if (!caFile.empty() && caFile != kTLSCAFileDisableVerify && + caFile != kTLSCAFileUseSystemDefaults && !std::ifstream(caFile)) + { + _errMsg = "caFile not found: " + caFile; + return false; + } + + if (certFile.empty() != keyFile.empty()) + { + _errMsg = "certFile and keyFile must be both present, or both absent"; + return false; + } + + _validated = true; + } + return true; } - bool SocketTLSOptions::isUsingClientCert() const + bool SocketTLSOptions::hasCertAndKey() const { return !certFile.empty() && !keyFile.empty(); } bool SocketTLSOptions::isUsingSystemDefaults() const { - return caFile == "SYSTEM"; + return caFile == kTLSCAFileUseSystemDefaults; } bool SocketTLSOptions::isPeerVerifyDisabled() const { - return caFile != "NONE"; + return caFile == kTLSCAFileDisableVerify; } + bool SocketTLSOptions::isUsingDefaultCiphers() const + { + return ciphers.empty() || ciphers == kTLSCiphersUseDefault; + } + + const std::string& SocketTLSOptions::getErrorMsg() const + { + return _errMsg; + } } // namespace ix diff --git a/ixwebsocket/IXSocketTLSOptions.h b/ixwebsocket/IXSocketTLSOptions.h index 39307a82..1bfe9449 100644 --- a/ixwebsocket/IXSocketTLSOptions.h +++ b/ixwebsocket/IXSocketTLSOptions.h @@ -1,7 +1,7 @@ /* * IXSocketTLSOptions.h - * Author: Benjamin Sergeant - * Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved. + * Author: Matt DeBoer + * Copyright (c) 2019 Machine Zone, Inc. All rights reserved. */ #pragma once @@ -12,7 +12,9 @@ namespace ix { struct SocketTLSOptions { - SocketTLSOptions(); + public: + // check validity of the object + bool isValid() const; // the certificate presented to peers std::string certFile; @@ -23,10 +25,20 @@ namespace ix // leverage the system defaults, use 'NONE' to disable peer verification std::string caFile = "SYSTEM"; - bool isUsingClientCert() const; + std::string ciphers = "DEFAULT"; + + bool hasCertAndKey() const; bool isUsingSystemDefaults() const; bool isPeerVerifyDisabled() const; + + bool isUsingDefaultCiphers() const; + + const std::string& getErrorMsg() const; + + private: + mutable std::string _errMsg; + mutable bool _validated; }; } // namespace ix