SNode.C
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Static Private Member Functions | Private Attributes | List of all members
net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT > Class Template Reference

#include <ConfigSocketServer.h>

Inheritance diagram for net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >:
Collaboration diagram for net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >:

Public Member Functions

SSL_CTX * getSslCtx ()
 
SSL_CTX * getSniCtx (const std::string &serverNameIndication)
 
- Public Member Functions inherited from net::config::ConfigInstance
 ConfigInstance (ConfigInstance &)=delete
 
 ConfigInstance (ConfigInstance &&)=delete
 
ConfigInstanceoperator= (ConfigInstance &)=delete
 
ConfigInstanceoperator= (ConfigInstance &&)=delete
 
Role getRole ()
 
const std::string & getInstanceName () const
 
void setInstanceName (const std::string &instanceName)
 
bool getDisabled () const
 
void setDisabled (bool disabled=true)
 
- Public Member Functions inherited from net::config::ConfigTlsServer
ConfigTlsServersetForceSni (bool forceSni=true)
 
bool getForceSni () const
 
ConfigTlsServeraddSniCerts (const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > &sniCerts)
 
ConfigTlsServeraddSniCert (const std::string &domain, const std::map< std::string, std::variant< std::string, bool, ssl_option_t > > &sniCert)
 
const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > & getSniCerts ()
 
- Public Member Functions inherited from net::config::ConfigTls
ConfigTlssetInitTimeout (const utils::Timeval &newInitTimeout)
 
utils::Timeval getInitTimeout () const
 
ConfigTlssetShutdownTimeout (const utils::Timeval &newShutdownTimeout)
 
utils::Timeval getShutdownTimeout () const
 
ConfigTlssetCert (const std::string &cert)
 
std::string getCert () const
 
ConfigTlssetCertKey (const std::string &certKey)
 
std::string getCertKey () const
 
ConfigTlssetCertKeyPassword (const std::string &certKeyPassword)
 
std::string getCertKeyPassword () const
 
ConfigTlssetCaCert (const std::string &caCert)
 
std::string getCaCert () const
 
ConfigTlssetCaCertDir (const std::string &caCertDir)
 
std::string getCaCertDir () const
 
ConfigTlssetCaCertUseDefaultDir (bool set=true)
 
bool getCaCertUseDefaultDir () const
 
ConfigTlssetCaCertAcceptUnknown (bool set=true)
 
bool getCaCertAcceptUnknown () const
 
ConfigTlssetCipherList (const std::string &cipherList)
 
std::string getCipherList () const
 
ConfigTlssetSslOptions (ssl_option_t sslOptions)
 
ssl_option_t getSslOptions () const
 
ConfigTlssetNoCloseNotifyIsEOF (bool noCloseNotifyIsEOF=true)
 
bool getNoCloseNotifyIsEOF () const
 

Protected Member Functions

 ConfigSocketServer (const std::string &name)
 
 ~ConfigSocketServer () override
 
- Protected Member Functions inherited from net::config::ConfigInstance
 ConfigInstance (const std::string &instanceName, Role role)
 
virtual ~ConfigInstance ()
 
- Protected Member Functions inherited from net::config::ConfigTlsServer
 ConfigTlsServer (ConfigInstance *instance)
 
- Protected Member Functions inherited from net::config::ConfigTls
 ConfigTls (ConfigInstance *instance)
 
- Protected Member Functions inherited from net::config::ConfigSection
 ConfigSection (ConfigInstance *instance, const std::string &name, const std::string &description)
 
 ConfigSection (const ConfigSection &)=delete
 
 ConfigSection (ConfigSection &&)=delete
 
ConfigSectionoperator= (const ConfigSection &)=delete
 
ConfigSectionoperator= (ConfigSection &&)=delete
 
CLI::Option * addOption (const std::string &name, const std::string &description)
 
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName)
 
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, const CLI::Validator &additionalValidator)
 
template<typename ValueTypeT >
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue)
 
template<typename ValueTypeT >
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &additionalValidator)
 
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName)
 
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, const CLI::Validator &additionalValidator)
 
template<typename ValueTypeT >
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue)
 
template<typename ValueTypeT >
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &additionalValidator)
 
CLI::Option * addFlagFunction (const std::string &name, const std::function< void()> &callback, const std::string &description, const std::string &typeName, const std::string &defaultValue)
 
CLI::Option * addFlagFunction (const std::string &name, const std::function< void()> &callback, const std::string &description, const std::string &typeName, const std::string &defaultValue, const CLI::Validator &validator)
 
void required (CLI::Option *opt, bool req=true)
 
bool required () const
 
template<typename ValueType >
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue)
 
template<typename ValueType >
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue, const CLI::Validator &additionalValidator)
 
template<typename ValueType >
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue)
 
template<typename ValueType >
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue, const CLI::Validator &additionalValidator)
 

Static Private Member Functions

static int clientHelloCallback (SSL *ssl, int *al, void *arg)
 

Private Attributes

SSL_CTX * sslCtx = nullptr
 
std::list< SSL_CTX * > sniCtxs
 
std::map< std::string, SSL_CTX * > sniCtxMap
 

Additional Inherited Members

- Public Types inherited from net::config::ConfigInstance
enum class  Role { SERVER , CLIENT }
 
using Instance = ConfigInstance
 
- Public Types inherited from net::config::ConfigTlsServer
using Tls = ConfigTlsServer
 
- Protected Attributes inherited from net::config::ConfigSection
CLI::App * section = nullptr
 

Detailed Description

template<typename ConfigSocketServerBaseT>
class net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >

Definition at line 59 of file ConfigSocketServer.h.

Constructor & Destructor Documentation

◆ ConfigSocketServer()

template<typename ConfigSocketServerBase >
net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::ConfigSocketServer ( const std::string &  name)
explicitprotected

Definition at line 58 of file ConfigSocketServer.hpp.

59 : net::config::ConfigInstance(name, net::config::ConfigInstance::Role::SERVER)
60 , ConfigSocketServerBase(this)
61 , net::config::ConfigTlsServer(this) {
62 }

References net::config::ConfigInstance::SERVER.

Referenced by net::in::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::in6::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::l2::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::rc::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), and net::un::stream::tls::config::ConfigSocketServer::ConfigSocketServer().

Here is the caller graph for this function:

◆ ~ConfigSocketServer()

template<typename ConfigSocketServerBase >
net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::~ConfigSocketServer ( )
overrideprotected

Definition at line 65 of file ConfigSocketServer.hpp.

65 {
66 if (sslCtx != nullptr) {
67 core::socket::stream::tls::ssl_ctx_free(sslCtx);
68 }
69
70 for (SSL_CTX* sniCtx : sniCtxs) {
71 if (sniCtx != nullptr) {
72 core::socket::stream::tls::ssl_ctx_free(sniCtx);
73 }
74 }
75 }
core::socket::stream::tls::ssl_ctx_free
void ssl_ctx_free(SSL_CTX *ctx)
Definition ssl_utils.cpp:295

References net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxs, core::socket::stream::tls::ssl_ctx_free(), and net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sslCtx.

Here is the call graph for this function:

Member Function Documentation

◆ clientHelloCallback()

template<typename ConfigSocketServerBaseT >
static int net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::clientHelloCallback ( SSL *  ssl,
int *  al,
void *  arg 
)
staticprivate

◆ getSniCtx()

template<typename ConfigSocketServerBase >
SSL_CTX * net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::getSniCtx ( const std::string &  serverNameIndication)

Definition at line 162 of file ConfigSocketServer.hpp.

162 {
163 LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: Lookup for sni='" << serverNameIndication << "' in sni certificates";
164
165 SSL_CTX* sniCtx = nullptr;
166
167 std::map<std::string, SSL_CTX*>::iterator sniPairIt = std::find_if(
168 sniCtxMap.begin(), sniCtxMap.end(), [&serverNameIndication, this](const std::pair<std::string, SSL_CTX*>& sniPair) -> bool {
169 LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: .. " << sniPair.first.c_str();
170 return core::socket::stream::tls::match(sniPair.first.c_str(), serverNameIndication.c_str());
171 });
172
173 if (sniPairIt != sniCtxMap.end()) {
174 LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: found for " << serverNameIndication << " -> '" << sniPairIt->first << "'";
175 sniCtx = sniPairIt->second;
176 } else {
177 LOG(WARNING) << getInstanceName() << " SSL/TL SNI: not found for " << serverNameIndication;
178 }
179
180 return sniCtx;
181 }
net::config::ConfigInstance::getInstanceName
const std::string & getInstanceName() const
Definition ConfigInstance.cpp:110
net::config::stream::tls::ConfigSocketServer::sniCtxMap
std::map< std::string, SSL_CTX * > sniCtxMap
Definition ConfigSocketServer.h:77

References net::config::ConfigInstance::getInstanceName(), core::socket::stream::tls::match(), and net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxMap.

Here is the call graph for this function:

◆ getSslCtx()

template<typename ConfigSocketServerBase >
SSL_CTX * net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::getSslCtx ( )

Definition at line 78 of file ConfigSocketServer.hpp.

78 {
79 if (sslCtx == nullptr) {
80 core::socket::stream::tls::SslConfig sslConfig(true);
81
82 sslConfig.instanceName = getInstanceName();
83
84 sslConfig.cert = getCert();
85 sslConfig.certKey = getCertKey();
86 sslConfig.password = getCertKeyPassword();
87 sslConfig.caCert = getCaCert();
88 sslConfig.caCertDir = getCaCertDir();
89 sslConfig.cipherList = getCipherList();
90 sslConfig.sslOptions = getSslOptions();
91 sslConfig.caCertUseDefaultDir = getCaCertUseDefaultDir();
92 sslConfig.caCertAcceptUnknown = getCaCertAcceptUnknown();
93
94 sslCtx = core::socket::stream::tls::ssl_ctx_new(sslConfig);
95 }
96
97 if (sniCtxMap.empty()) {
98 std::map<std::string, SSL_CTX*> sslSans = core::socket::stream::tls::ssl_get_sans(sslCtx);
99
100 sniCtxMap.insert(sslSans.begin(), sslSans.end());
101
102 for (const auto& [sni, ctx] : sniCtxMap) {
103 LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (M) sni for '" << sni << "' from master certificate installed";
104 }
105
106 for (const auto& [domain, sniCertConf] : getSniCerts()) {
107 if (!domain.empty()) {
108 core::socket::stream::tls::SslConfig sslConfig(true);
109
110 sslConfig.instanceName = getInstanceName();
111
112 for (const auto& [key, value] : sniCertConf) {
113 if (key == "Cert") {
114 sslConfig.cert = std::get<std::string>(value);
115 } else if (key == "CertKey") {
116 sslConfig.certKey = std::get<std::string>(value);
117 } else if (key == "CertKeyPassword") {
118 sslConfig.password = std::get<std::string>(value);
119 } else if (key == "CaCert") {
120 sslConfig.caCert = std::get<std::string>(value);
121 } else if (key == "CaCertDir") {
122 sslConfig.caCertDir = std::get<std::string>(value);
123 } else if (key == "CaCertUseDefaultDir") {
124 sslConfig.caCertUseDefaultDir = std::get<bool>(value);
125 } else if (key == "CaCertAcceptUnknown") {
126 sslConfig.caCertAcceptUnknown = std::get<bool>(value);
127 } else if (key == "CipherList") {
128 sslConfig.cipherList = std::get<std::string>(value);
129 } else if (key == "SslOptions") {
130 sslConfig.sslOptions = std::get<ssl_option_t>(value);
131 }
132 }
133
134 SSL_CTX* newCtx = core::socket::stream::tls::ssl_ctx_new(sslConfig);
135
136 if (newCtx != nullptr) {
137 sniCtxs.push_back(newCtx);
138 sniCtxMap.insert_or_assign(domain, newCtx);
139
140 LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (E) sni for '" << domain << "' explicitly installed";
141
142 for (const auto& [san, ctx] : core::socket::stream::tls::ssl_get_sans(newCtx)) {
143 sniCtxMap.insert_or_assign(san, ctx);
144
145 LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (S) sni for '" << san << "' from SAN installed";
146 }
147 } else {
148 LOG(WARNING) << getInstanceName() << " SSL/TLS: Can not create SNI_SSL_CTX for domain '" << domain << "'";
149 }
150 }
151 }
152 LOG(TRACE) << getInstanceName() << " SSL/TLS: SNI list result:";
153 for (const auto& [sni, ctx] : sniCtxMap) {
154 LOG(TRACE) << " " << sni;
155 }
156 }
157
158 return sslCtx;
159 }
net::config::ConfigTlsServer::getSniCerts
const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > & getSniCerts()
Definition ConfigTlsServer.cpp:173
net::config::ConfigTls::getCaCertDir
std::string getCaCertDir() const
Definition ConfigTls.cpp:191
net::config::ConfigTls::getCaCert
std::string getCaCert() const
Definition ConfigTls.cpp:179
net::config::ConfigTls::getCipherList
std::string getCipherList() const
Definition ConfigTls.cpp:227
net::config::ConfigTls::getSslOptions
ssl_option_t getSslOptions() const
Definition ConfigTls.cpp:239
net::config::ConfigTls::getCaCertAcceptUnknown
bool getCaCertAcceptUnknown() const
Definition ConfigTls.cpp:215
net::config::ConfigTls::getCaCertUseDefaultDir
bool getCaCertUseDefaultDir() const
Definition ConfigTls.cpp:203
net::config::ConfigTls::getCertKey
std::string getCertKey() const
Definition ConfigTls.cpp:155
net::config::ConfigTls::getCert
std::string getCert() const
Definition ConfigTls.cpp:143
net::config::ConfigTls::getCertKeyPassword
std::string getCertKeyPassword() const
Definition ConfigTls.cpp:167
core::socket::stream::tls::ssl_get_sans
std::map< std::string, SSL_CTX * > ssl_get_sans(SSL_CTX *sslCtx)
Definition ssl_utils.cpp:220
core::socket::stream::tls::ssl_ctx_new
SSL_CTX * ssl_ctx_new(const SslConfig &sslConfig)
Definition ssl_utils.cpp:113
core::system::socket
int socket(int domain, int type, int protocol)
Definition socket.cpp:52
core
Definition Timer.h:59

References core::socket::stream::tls::SslConfig::caCert, core::socket::stream::tls::SslConfig::caCertAcceptUnknown, core::socket::stream::tls::SslConfig::caCertDir, core::socket::stream::tls::SslConfig::caCertUseDefaultDir, core::socket::stream::tls::SslConfig::cert, core::socket::stream::tls::SslConfig::certKey, core::socket::stream::tls::SslConfig::cipherList, net::config::ConfigTls::getCaCert(), net::config::ConfigTls::getCaCertAcceptUnknown(), net::config::ConfigTls::getCaCertDir(), net::config::ConfigTls::getCaCertUseDefaultDir(), net::config::ConfigTls::getCert(), net::config::ConfigTls::getCertKey(), net::config::ConfigTls::getCertKeyPassword(), net::config::ConfigTls::getCipherList(), net::config::ConfigInstance::getInstanceName(), net::config::ConfigTlsServer::getSniCerts(), net::config::ConfigTls::getSslOptions(), core::socket::stream::tls::SslConfig::instanceName, core::socket::stream::tls::SslConfig::password, net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxMap, net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxs, core::socket::stream::tls::ssl_ctx_new(), core::socket::stream::tls::ssl_get_sans(), core::socket::stream::tls::SslConfig::SslConfig(), net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sslCtx, and core::socket::stream::tls::SslConfig::sslOptions.

Here is the call graph for this function:

Member Data Documentation

◆ sniCtxMap

template<typename ConfigSocketServerBaseT >
std::map<std::string, SSL_CTX*> net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxMap
private

Definition at line 77 of file ConfigSocketServer.h.

Referenced by net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::getSniCtx(), and net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::getSslCtx().

◆ sniCtxs

template<typename ConfigSocketServerBaseT >
std::list<SSL_CTX*> net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxs
private

Definition at line 76 of file ConfigSocketServer.h.

Referenced by net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::getSslCtx(), and net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::~ConfigSocketServer().

◆ sslCtx

template<typename ConfigSocketServerBaseT >
SSL_CTX* net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sslCtx = nullptr
private

Definition at line 75 of file ConfigSocketServer.h.

Referenced by net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::getSslCtx(), and net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::~ConfigSocketServer().

The documentation for this class was generated from the following files: