SNode.C
Loading...
Searching...
No Matches
net::config::ConfigTlsServer Class Reference

#include <ConfigTlsServer.h>

Inheritance diagram for net::config::ConfigTlsServer:
Collaboration diagram for net::config::ConfigTlsServer:

Public Types

using Tls = ConfigTlsServer

Public Member Functions

ConfigTlsServersetForceSni (bool forceSni=true)
bool getForceSni () const
ConfigTlsServeraddSniCerts (const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > &sniCerts)
ConfigTlsServeraddSniCert (const std::string &domain, const std::map< std::string, std::variant< std::string, bool, ssl_option_t > > &sniCert)
const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > & getSniCerts ()
Public Member Functions inherited from net::config::ConfigTls
ConfigTlssetInitTimeout (const utils::Timeval &newInitTimeout)
utils::Timeval getInitTimeout () const
ConfigTlssetShutdownTimeout (const utils::Timeval &newShutdownTimeout)
utils::Timeval getShutdownTimeout () const
ConfigTlssetCert (const std::string &cert)
std::string getCert () const
ConfigTlssetCertKey (const std::string &certKey)
std::string getCertKey () const
ConfigTlssetCertKeyPassword (const std::string &certKeyPassword)
std::string getCertKeyPassword () const
ConfigTlssetCaCert (const std::string &caCert)
std::string getCaCert () const
ConfigTlssetCaCertDir (const std::string &caCertDir)
std::string getCaCertDir () const
ConfigTlssetCaCertUseDefaultDir (bool set=true)
bool getCaCertUseDefaultDir () const
ConfigTlssetCaCertAcceptUnknown (bool set=true)
bool getCaCertAcceptUnknown () const
ConfigTlssetCipherList (const std::string &cipherList)
std::string getCipherList () const
ConfigTlssetSslOptions (ssl_option_t sslOptions)
ssl_option_t getSslOptions () const
ConfigTlssetNoCloseNotifyIsEOF (bool noCloseNotifyIsEOF=true)
bool getNoCloseNotifyIsEOF () const

Protected Member Functions

 ConfigTlsServer (ConfigInstance *instance)
 ~ConfigTlsServer () override
Protected Member Functions inherited from net::config::ConfigTls
 ConfigTls (net::config::ConfigSection *section)

Private Types

using Super = ConfigTls

Private Attributes

std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > defaultSniCerts
std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > configuredSniCerts
CLI::Option * sniCertsOpt = nullptr
CLI::Option * forceSniOpt = nullptr
Private Attributes inherited from net::config::ConfigSection
CLI::App * sectionSc = nullptr

Additional Inherited Members

Static Public Attributes inherited from net::config::ConfigTls
static constexpr std::string_view name {"tls"}
static constexpr std::string_view description {"Configuration of SSL/TLS behavior"}
Private Member Functions inherited from net::config::ConfigSection
template<typename T>
 ConfigSection (ConfigInstance *instance, T *sectionPtr, const std::string &group="Sections")
virtual ~ConfigSection ()
 ConfigSection (const ConfigSection &)=delete
 ConfigSection (ConfigSection &&)=delete
ConfigSectionoperator= (const ConfigSection &)=delete
ConfigSectionoperator= (ConfigSection &&)=delete
CLI::Option * addOption (const std::string &name, const std::string &description)
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName)
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, const CLI::Validator &additionalValidator)
template<typename ValueTypeT>
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue)
template<typename ValueTypeT>
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &additionalValidator)
template<typename ValueTypeT>
CLI::Option * addOptionFunction (const std::string &name, const std::function< void(const std::string &)> &optionFunction, const std::string &description)
CLI::Option * addFlag (const std::string &name, const std::string &description)
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName)
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, const CLI::Validator &additionalValidator)
template<typename ValueTypeT>
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue)
template<typename ValueTypeT>
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &additionalValidator)
CLI::Option * addFlagFunction (const std::string &name, const std::function< void()> &callback, const std::string &description, const std::string &typeName, const std::string &defaultValue)
CLI::Option * addFlagFunction (const std::string &name, const std::function< void()> &callback, const std::string &description, const std::string &typeName, const std::string &defaultValue, const CLI::Validator &validator)
CLI::Option * getOption (const std::string &name) const
void required (CLI::Option *opt, bool req=true)
void required (bool required=true)
bool getRequired () const
template<typename ValueType>
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue)
template<typename ValueType>
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue, const CLI::Validator &additionalValidator)
template<typename ValueType>
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue)
template<typename ValueType>
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue, const CLI::Validator &additionalValidator)
void setConfigurable (CLI::Option *option, bool configurable)

Detailed Description

Definition at line 61 of file ConfigTlsServer.h.

Member Typedef Documentation

◆ Super

using net::config::ConfigTlsServer::Super = ConfigTls
private

Definition at line 65 of file ConfigTlsServer.h.

◆ Tls

using net::config::ConfigTlsServer::Tls = ConfigTlsServer

Definition at line 68 of file ConfigTlsServer.h.

Constructor & Destructor Documentation

◆ ConfigTlsServer()

net::config::ConfigTlsServer::ConfigTlsServer ( ConfigInstance * instance)
explicitprotected

Definition at line 59 of file ConfigTlsServer.cpp.

60 : ConfigSection(instance, this)
61 , ConfigTls(this) {
62 sniCertsOpt = sectionSc //
63 ->add_option("--sni-cert",
64 configuredSniCerts,
65 "Server Name Indication (SNI) Certificates:\n"
66 "sni = SNI of the virtual server\n"
67 "<key> = {\n"
68 " Cert -> value:PEM-FILE [\"\"]\n"
69 " CertKey -> value:PEM-FILE [\"\"]\n"
70 " CertKeyPassword -> value:TEXT [\"\"]\n"
71 " CaCert -> value:PEM-FILE [\"\"]\n"
72 " CaCertDir -> value:PEM-CONTAINER-DIR [\"\"]\n"
73 " CaCertUseDefaultDir -> value:BOOLEAN [false]\n"
74 " CipherList -> value:CIPHER [\"\"]\n"
75 " SslOptions -> value:UINT [0]\n"
76 "}") //
77 ->type_name("sni <key> value [<key> value] ... [%% sni <key> value [<key> value] ...]")
78 ->default_str("[\"\" \"\" \"\" \"\"]");
79 if (sniCertsOpt->get_configurable()) {
80 sniCertsOpt->group(sectionSc->get_formatter()->get_label("Persistent Options"));
81 }
82
83 sniCertsOpt->default_function([this]() -> std::string {
84 std::string defaultValue;
85
86 for (const auto& [domain, sniCertConf] : defaultSniCerts) {
87 defaultValue += (!defaultValue.empty() ? "\"%%\" \"" : "\"") + domain + "\" ";
88
89 for (const auto& [key, value] : sniCertConf) {
90 defaultValue += "\"" + key + "\" ";
91
92 if (key == "Cert") {
93 defaultValue += "\"" + std::get<std::string>(value) + "\" ";
94 } else if (key == "CertKey") {
95 defaultValue += "\"" + std::get<std::string>(value) + "\" ";
96 } else if (key == "CertKeyPassword") {
97 defaultValue += "\"" + std::get<std::string>(value) + "\" ";
98 } else if (key == "CaCert") {
99 defaultValue += "\"" + std::get<std::string>(value) + "\" ";
100 } else if (key == "CaCertDir") {
101 defaultValue += "\"" + std::get<std::string>(value) + "\" ";
102 } else if (key == "CaCertUseDefaultDir") {
103 defaultValue += std::get<bool>(value) ? "\"true\" " : "\"false\" ";
104 } else if (key == "CipherList") {
105 defaultValue += "\"" + std::get<std::string>(value) + "\" ";
106 } else if (key == "SslOptions") {
107 defaultValue += "\"" + std::to_string(std::get<ssl_option_t>(value)) + "\" ";
108 }
109 }
110 }
111
112 defaultValue.pop_back();
113
114 return "[" + defaultValue + " \"\"]";
115 });
116
117 forceSniOpt = addFlag( //
118 "--force-sni{true}",
119 "Force using of the Server Name Indication",
120 "bool",
121 "false",
122 CLI::IsMember({"true", "false"}));
123
124 sectionSc->final_callback([this]() {
125 for (auto& [domain, sniMap] : configuredSniCerts) {
126 if (domain.empty()) {
127 sniCertsOpt //
128 ->clear();
129 sniMap.clear();
130 break;
131 }
132 for (auto& [key, value] : sniMap) {
133 if (key != "Cert" && //
134 key != "CertKey" && //
135 key != "CertKeyPassword" && //
136 key != "CaCert" && //
137 key != "CaCertDir" && //
138 key != "CaCertUseDefaultDir" && //
139 key != "CipherList" && //
140 key != "SslOptions") {
141 throw CLI::ConversionError("'" + key + "' of option '--" + sectionSc->get_parent()->get_name() + "." +
142 sectionSc->get_name() + ".sni-cert'",
143 "<key>");
144 }
145 }
146 }
147 });
148 }
net::config::ConfigSection::addFlag
CLI::Option * addFlag(const std::string &name, const std::string &description)
Definition ConfigSection.cpp:139
net::config::ConfigSection::ConfigSection
ConfigSection(ConfigInstance *instance, T *sectionPtr, const std::string &group="Sections")
Definition ConfigSection.hpp:99
net::config::ConfigTlsServer::configuredSniCerts
std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > configuredSniCerts
Definition ConfigTlsServer.h:87
net::config::ConfigTlsServer::defaultSniCerts
std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > defaultSniCerts
Definition ConfigTlsServer.h:86
net::config::ConfigTls::ConfigTls
ConfigTls(net::config::ConfigSection *section)
Definition ConfigTls.cpp:52

References net::config::ConfigSection::addFlag(), net::config::ConfigSection::ConfigSection(), net::config::ConfigTls::ConfigTls(), configuredSniCerts, defaultSniCerts, forceSniOpt, net::config::ConfigSection::sectionSc, and sniCertsOpt.

Here is the call graph for this function:

◆ ~ConfigTlsServer()

net::config::ConfigTlsServer::~ConfigTlsServer ( )
overrideprotected

Definition at line 150 of file ConfigTlsServer.cpp.

150 {
151 }

Member Function Documentation

◆ addSniCert()

ConfigTlsServer & net::config::ConfigTlsServer::addSniCert ( const std::string & domain,
const std::map< std::string, std::variant< std::string, bool, ssl_option_t > > & sniCert )

Definition at line 173 of file ConfigTlsServer.cpp.

174 {
175 defaultSniCerts[domain] = sniCert;
176 sniCertsOpt->capture_default_str();
177
178 return *this;
179 }

References defaultSniCerts, and sniCertsOpt.

◆ addSniCerts()

ConfigTlsServer & net::config::ConfigTlsServer::addSniCerts ( const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > & sniCerts)

Definition at line 165 of file ConfigTlsServer.cpp.

166 {
167 defaultSniCerts.insert(sniCerts.begin(), sniCerts.end());
168 sniCertsOpt->capture_default_str();
169
170 return *this;
171 }

References defaultSniCerts, and sniCertsOpt.

◆ getForceSni()

bool net::config::ConfigTlsServer::getForceSni ( ) const

Definition at line 161 of file ConfigTlsServer.cpp.

161 {
162 return forceSniOpt->as<bool>();
163 }

References forceSniOpt.

◆ getSniCerts()

const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > & net::config::ConfigTlsServer::getSniCerts ( )

Definition at line 181 of file ConfigTlsServer.cpp.

181 {
182 return configuredSniCerts.empty() ? defaultSniCerts : configuredSniCerts;
183 }

References configuredSniCerts, and defaultSniCerts.

Referenced by net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::getSslCtx().

Here is the caller graph for this function:

◆ setForceSni()

ConfigTlsServer & net::config::ConfigTlsServer::setForceSni ( bool forceSni = true)

Definition at line 153 of file ConfigTlsServer.cpp.

153 {
154 forceSniOpt //
155 ->default_val(forceSni ? "true" : "false")
156 ->clear();
157
158 return *this;
159 }

References forceSniOpt.

Member Data Documentation

◆ configuredSniCerts

std::map<std::string, std::map<std::string, std::variant<std::string, bool, ssl_option_t> > > net::config::ConfigTlsServer::configuredSniCerts
private

Definition at line 87 of file ConfigTlsServer.h.

Referenced by ConfigTlsServer(), and getSniCerts().

◆ defaultSniCerts

std::map<std::string, std::map<std::string, std::variant<std::string, bool, ssl_option_t> > > net::config::ConfigTlsServer::defaultSniCerts
private

Definition at line 86 of file ConfigTlsServer.h.

Referenced by addSniCert(), addSniCerts(), ConfigTlsServer(), and getSniCerts().

◆ forceSniOpt

CLI::Option* net::config::ConfigTlsServer::forceSniOpt = nullptr
private

Definition at line 90 of file ConfigTlsServer.h.

Referenced by ConfigTlsServer(), getForceSni(), and setForceSni().

◆ sniCertsOpt

CLI::Option* net::config::ConfigTlsServer::sniCertsOpt = nullptr
private

Definition at line 89 of file ConfigTlsServer.h.

Referenced by addSniCert(), addSniCerts(), and ConfigTlsServer().

The documentation for this class was generated from the following files: