SocketTLSOptions: more methods (contributed by Matt DeBoer)

ixwebsocket/IXSocketTLSOptions.cpp

@@ -1,35 +1,78 @@
 /*
  *  IXSocketTLSOptions.h
- *  Author: Benjamin Sergeant
+ *  Author: Matt DeBoer
  *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
  */
 
 #include "IXSocketTLSOptions.h"
 
 #include <assert.h>
+#include <fstream>
 
 namespace ix
 {
-    SocketTLSOptions::SocketTLSOptions()
+    const char* kTLSCAFileUseSystemDefaults = "SYSTEM";
+    const char* kTLSCAFileDisableVerify = "NONE";
+    const char* kTLSCiphersUseDefault = "DEFAULT";
+
+    bool SocketTLSOptions::isValid() const
     {
 #ifndef IXWEBSOCKET_USE_TLS
-        assert(false && "To use TLS features the library must be compiled with USE_TLS");
+        _errMsg = "To use TLS features the library must be compiled with USE_TLS";
+        return false;
 #endif
+        if (!_validated)
+        {
+            if (!certFile.empty() && !std::ifstream(certFile))
+            {
+                _errMsg = "certFile not found: " + certFile;
+                return false;
+            }
+            if (!keyFile.empty() && !std::ifstream(keyFile))
+            {
+                _errMsg = "keyFile not found: " + keyFile;
+                return false;
+            }
+            if (!caFile.empty() && caFile != kTLSCAFileDisableVerify &&
+                caFile != kTLSCAFileUseSystemDefaults && !std::ifstream(caFile))
+            {
+                _errMsg = "caFile not found: " + caFile;
+                return false;
+            }
+
+            if (certFile.empty() != keyFile.empty())
+            {
+                _errMsg = "certFile and keyFile must be both present, or both absent";
+                return false;
+            }
+
+            _validated = true;
+        }
+        return true;
     }
 
-    bool SocketTLSOptions::isUsingClientCert() const
+    bool SocketTLSOptions::hasCertAndKey() const
     {
         return !certFile.empty() && !keyFile.empty();
     }
 
     bool SocketTLSOptions::isUsingSystemDefaults() const
     {
-        return caFile == "SYSTEM";
+        return caFile == kTLSCAFileUseSystemDefaults;
     }
 
     bool SocketTLSOptions::isPeerVerifyDisabled() const
     {
-        return caFile != "NONE";
+        return caFile == kTLSCAFileDisableVerify;
     }
 
+    bool SocketTLSOptions::isUsingDefaultCiphers() const
+    {
+        return ciphers.empty() || ciphers == kTLSCiphersUseDefault;
+    }
+
+    const std::string& SocketTLSOptions::getErrorMsg() const
+    {
+        return _errMsg;
+    }
 } // namespace ix

ixwebsocket/IXSocketTLSOptions.h

@@ -1,7 +1,7 @@
 /*
  *  IXSocketTLSOptions.h
- *  Author: Benjamin Sergeant
+ *  Author: Matt DeBoer
- *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
+ *  Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
  */
 
 #pragma once
@@ -12,7 +12,9 @@ namespace ix
 {
     struct SocketTLSOptions
     {
-        SocketTLSOptions();
+    public:
+        // check validity of the object
+        bool isValid() const;
 
         // the certificate presented to peers
         std::string certFile;
@@ -23,10 +25,20 @@ namespace ix
         // leverage the system defaults, use 'NONE' to disable peer verification
         std::string caFile = "SYSTEM";
 
-        bool isUsingClientCert() const;
+        std::string ciphers = "DEFAULT";
+
+        bool hasCertAndKey() const;
 
         bool isUsingSystemDefaults() const;
 
         bool isPeerVerifyDisabled() const;
+
+        bool isUsingDefaultCiphers() const;
+
+        const std::string& getErrorMsg() const;
+
+    private:
+        mutable std::string _errMsg;
+        mutable bool _validated;
     };
 } // namespace ix