#include <ConfigSocketServer.h>

Inheritance diagram for net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >:

Collaboration diagram for net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >:

Public Types
using	Instance = net::config::ConfigInstance
using	Tls = net::config::ConfigTlsServer
Public Types inherited from net::config::ConfigInstance
enum class	Role { SERVER , CLIENT }
using	Instance = ConfigInstance

Public Member Functions
SSL_CTX *	getSslCtx ()
SSL_CTX *	getSniCtx (const std::string &serverNameIndication)
Public Member Functions inherited from net::config::ConfigInstance
	ConfigInstance (ConfigInstance &)=delete
	ConfigInstance (ConfigInstance &&)=delete
ConfigInstance &	operator= (ConfigInstance &)=delete
ConfigInstance &	operator= (ConfigInstance &&)=delete
const std::string &	getInstanceName () const
ConfigInstance *	setInstanceName (const std::string &instanceName)
bool	getDisabled () const
ConfigInstance *	setDisabled (bool disabled=true)
ConfigInstance *	configurable (bool configurable)
ConfigInstance *	setOnDestroy (const std::function< void(ConfigInstance *)> &onDestroy)
Public Member Functions inherited from utils::SubCommand
	SubCommand (const SubCommand &)=delete
	SubCommand (SubCommand &&)=delete
SubCommand &	operator= (const SubCommand &)=delete
SubCommand &	operator= (SubCommand &&)=delete
virtual	~SubCommand ()
std::string	getName () const
std::string	version () const
CLI::Option *	setConfig (const std::string &defaultConfigFile) const
CLI::Option *	setLogFile (const std::string &defaultLogFile) const
CLI::Option *	setVersionFlag (const std::string &version) const
bool	hasParent () const
SubCommand *	getParent () const
SubCommand *	allowExtras (bool allow=true)
SubCommand *	required (bool required=true, bool force=true)
SubCommand *	required (SubCommand *subCommand, bool required=true)
SubCommand *	required (CLI::Option *option, bool required=true)
bool	getRequired () const
SubCommand *	needs (SubCommand *subCommand, bool needs=true)
SubCommand *	disabled (SubCommand *subCommand, bool disabled=true)
SubCommand *	setRequireCallback (const std::function< void(void)> &callback)
SubCommand *	finalCallback (const std::function< void()> &finalCallback)
std::string	configToStr () const
std::string	help (const CLI::App *helpApp, const CLI::AppFormatMode &mode) const
void	addSubCommandApp (std::shared_ptr< utils::AppWithPtr > subCommand)
template<typename NewSubCommand, typename... Args>
NewSubCommand *	newSubCommand (Args &&... args)
template<typename RequestedSubCommand>
RequestedSubCommand *	getSubCommand ()
template<typename RequestedSubCommand>
RequestedSubCommand *	getSubCommand () const
CLI::Option *	getOption (const std::string &name) const
CLI::Option *	addOption (const std::string &name, const std::string &description, const std::string &typeName, const CLI::Validator &validator) const
template<typename ValueTypeT>
CLI::Option *	addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &validator) const
template<typename ValueTypeT>
CLI::Option *	addOptionVariable (const std::string &name, ValueTypeT &variable, const std::string &description, const std::string &typeName, const CLI::Validator &additionalValidator) const
template<typename ValueTypeT>
CLI::Option *	addOptionVariable (const std::string &name, ValueTypeT &variable, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &additionalValidator) const
CLI::Option *	addOptionFunction (const std::string &name, const std::function< void(const std::string &)> &callback, const std::string &description, const std::string &typeName, const CLI::Validator &validator) const
template<typename ValueTypeT>
CLI::Option *	addOptionFunction (const std::string &name, const std::function< void(const std::string &)> &callback, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &validator) const
CLI::Option *	addFlag (const std::string &name, const std::string &description, const std::string &typeName, const CLI::Validator &validator) const
template<typename ValueTypeT>
CLI::Option *	addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &validator) const
CLI::Option *	addFlagFunction (const std::string &name, const std::function< void()> &callback, const std::string &description, const std::string &typeName, const CLI::Validator &validator) const
CLI::Option *	addFlagFunction (const std::string &name, const std::function< void()> &callback, const std::string &description, const std::string &typeName, const std::string &defaultValue, const CLI::Validator &validator) const
Public Member Functions inherited from net::config::ConfigTlsServer
ConfigTlsServer *	setForceSni (bool forceSni=true)
bool	getForceSni () const
ConfigTlsServer *	addSniCerts (const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > &sniCerts)
ConfigTlsServer *	addSniCert (const std::string &domain, const std::map< std::string, std::variant< std::string, bool, ssl_option_t > > &sniCert)
const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > &	getSniCerts () const
Public Member Functions inherited from net::config::ConfigTls
ConfigTls *	setInitTimeout (const utils::Timeval &newInitTimeout)
utils::Timeval	getInitTimeout () const
ConfigTls *	setShutdownTimeout (const utils::Timeval &newShutdownTimeout)
utils::Timeval	getShutdownTimeout () const
ConfigTls *	setCert (const std::string &cert)
std::string	getCert () const
ConfigTls *	setCertKey (const std::string &certKey)
std::string	getCertKey () const
ConfigTls *	setCertKeyPassword (const std::string &certKeyPassword)
std::string	getCertKeyPassword () const
ConfigTls *	setCaCert (const std::string &caCert)
std::string	getCaCert () const
ConfigTls *	setCaCertDir (const std::string &caCertDir)
std::string	getCaCertDir () const
ConfigTls *	setCaCertUseDefaultDir (bool set=true)
bool	getCaCertUseDefaultDir () const
ConfigTls *	setCaCertAcceptUnknown (bool set=true)
bool	getCaCertAcceptUnknown () const
ConfigTls *	setCipherList (const std::string &cipherList)
std::string	getCipherList () const
ConfigTls *	setSslOptions (ssl_option_t sslOptions)
ssl_option_t	getSslOptions () const
ConfigTls *	setNoCloseNotifyIsEOF (bool noCloseNotifyIsEOF=true)
bool	getNoCloseNotifyIsEOF () const
Public Member Functions inherited from net::config::ConfigSection
template<typename T>
	ConfigSection (ConfigInstance instance, T sectionPtr, const std::string &group="Sections")
	~ConfigSection () override
	ConfigSection (const ConfigSection &)=delete
	ConfigSection (ConfigSection &&)=delete
ConfigSection &	operator= (const ConfigSection &)=delete

Protected Member Functions
	ConfigSocketServer (const std::string &name)
	~ConfigSocketServer () override
Protected Member Functions inherited from net::config::ConfigInstance
	ConfigInstance (const std::string &instanceName, Role role)
	~ConfigInstance () override
Protected Member Functions inherited from utils::SubCommand
	SubCommand (SubCommand *parent, std::shared_ptr< utils::AppWithPtr > appWithPtr, const std::string &group, bool final=false)
template<typename ConcretSubCommand>
	SubCommand (SubCommand parent, ConcretSubCommand concretSubCommand, const std::string &group, bool final=false)
void	parse (int argc, char *argv[]) const
SubCommand *	description (const std::string &description)
SubCommand *	footer (const std::string &footer)
void	removeSubCommand ()
template<typename ValueTypeT>
CLI::Option *	setDefaultValue (CLI::Option *option, const ValueTypeT &value, bool clear=true) const
CLI::Option *	setConfigurable (CLI::Option *option, bool configurable) const
Protected Member Functions inherited from net::config::ConfigTlsServer
	ConfigTlsServer (ConfigInstance *instance)
	~ConfigTlsServer () override
Protected Member Functions inherited from net::config::ConfigTls
template<typename ConcretConfigTls>
	ConfigTls (ConfigInstance *instance, ConcretConfigTls section)
	~ConfigTls () override

Static Private Member Functions
static int	clientHelloCallback (SSL ssl, int al, void *arg)

Private Attributes
SSL_CTX *	sslCtx = nullptr
std::list< SSL_CTX * >	sniCtxs
std::map< std::string, SSL_CTX * >	sniCtxMap

Additional Inherited Members
Static Public Member Functions inherited from net::config::ConfigInstance
static CLI::App *	getHelpTriggerApp ()
static CLI::App *	getShowConfigTriggerApp ()
static CLI::App *	extracted ()
static CLI::App *	getCommandlineTriggerApp ()
Static Public Attributes inherited from net::config::ConfigTls
static constexpr std::string_view	NAME {"tls"}
static constexpr std::string_view	DESCRIPTION {"Configuration of SSL/TLS behavior"}
Static Protected Member Functions inherited from utils::SubCommand
static CLI::App *	getHelpTriggerApp ()
static CLI::App *	getShowConfigTriggerApp ()
static CLI::App *	getCommandlineTriggerApp ()
Protected Attributes inherited from utils::SubCommand
CLI::Option *	helpOpt = nullptr
Static Protected Attributes inherited from utils::SubCommand
static std::shared_ptr< CLI::Formatter >	sectionFormatter = makeSectionFormatter()
static std::map< std::string, std::string >	aliases
static CLI::App *	helpTriggerApp = nullptr
static CLI::App *	showConfigTriggerApp = nullptr
static CLI::App *	commandlineTriggerApp = nullptr

Detailed Description

template<typename ConfigSocketServerBaseT>
class net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >

Definition at line 59 of file ConfigSocketServer.h.

Member Typedef Documentation

◆ Instance

template<typename ConfigSocketServerBaseT>

using net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::Instance = net::config::ConfigInstance

Definition at line 69 of file ConfigSocketServer.h.

◆ Tls

template<typename ConfigSocketServerBaseT>

using net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::Tls = net::config::ConfigTlsServer

Definition at line 70 of file ConfigSocketServer.h.

Constructor & Destructor Documentation

◆ ConfigSocketServer()

template<typename ConfigSocketServerBase>

net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::ConfigSocketServer ( const std::string & name )

explicitprotected

Definition at line 58 of file ConfigSocketServer.hpp.

        : net::config::ConfigInstance(name, net::config::ConfigInstance::Role::SERVER)
        , ConfigSocketServerBase(this)
        , net::config::ConfigTlsServer(this) {
    }

References net::config::ConfigInstance::SERVER.

Referenced by net::in6::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::in::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::l2::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::rc::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), and net::un::stream::tls::config::ConfigSocketServer::ConfigSocketServer().

Here is the caller graph for this function:

◆ ~ConfigSocketServer()

template<typename ConfigSocketServerBase>

net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::~ConfigSocketServer ( )

overrideprotected

Definition at line 65 of file ConfigSocketServer.hpp.

                                                                    {
        if (sslCtx != nullptr) {
            core::socket::stream::tls::ssl_ctx_free(sslCtx);
        }
 
        for (SSL_CTX* sniCtx : sniCtxs) {
            if (sniCtx != nullptr) {
                core::socket::stream::tls::ssl_ctx_free(sniCtx);
            }
        }
    }

Member Function Documentation

◆ clientHelloCallback()

template<typename ConfigSocketServerBaseT>

int net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::clientHelloCallback	(	SSL *	ssl,
		int *	al,
		void *	arg )

staticprivate

◆ getSniCtx()

template<typename ConfigSocketServerBase>

SSL_CTX * net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::getSniCtx ( const std::string & serverNameIndication )

Definition at line 162 of file ConfigSocketServer.hpp.

                                                                                                        {
        LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: Lookup for sni='" << serverNameIndication << "' in sni certificates";
 
        SSL_CTX* sniCtx = nullptr;
 
        std::map<std::string, SSL_CTX*>::iterator sniPairIt = std::find_if(
            sniCtxMap.begin(), sniCtxMap.end(), [&serverNameIndication, this](const std::pair<std::string, SSL_CTX*>& sniPair) -> bool {
                LOG(TRACE) << getInstanceName() << " SSL/TLS SNI:  .. " << sniPair.first.c_str();
                return core::socket::stream::tls::match(sniPair.first.c_str(), serverNameIndication.c_str());
            });
 
        if (sniPairIt != sniCtxMap.end()) {
            LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: found for " << serverNameIndication << " -> '" << sniPairIt->first << "'";
            sniCtx = sniPairIt->second;
        } else {
            LOG(WARNING) << getInstanceName() << " SSL/TL SNI: not found for " << serverNameIndication;
        }
 
        return sniCtx;
    }

References net::config::ConfigInstance::getInstanceName(), logger::LogMessage::LogMessage(), core::socket::stream::tls::match(), sniCtxMap, logger::TRACE, and logger::WARNING.

Here is the call graph for this function:

◆ getSslCtx()

template<typename ConfigSocketServerBase>

SSL_CTX * net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::getSslCtx ( )

Definition at line 78 of file ConfigSocketServer.hpp.

                                                                   {
        if (sslCtx == nullptr) {
            core::socket::stream::tls::SslConfig sslConfig(true);
 
            sslConfig.instanceName = getInstanceName();
 
            sslConfig.cert = getCert();
            sslConfig.certKey = getCertKey();
            sslConfig.password = getCertKeyPassword();
            sslConfig.caCert = getCaCert();
            sslConfig.caCertDir = getCaCertDir();
            sslConfig.cipherList = getCipherList();
            sslConfig.sslOptions = getSslOptions();
            sslConfig.caCertUseDefaultDir = getCaCertUseDefaultDir();
            sslConfig.caCertAcceptUnknown = getCaCertAcceptUnknown();
 
            sslCtx = core::socket::stream::tls::ssl_ctx_new(sslConfig);
        }
 
        if (sniCtxMap.empty()) {
            std::map<std::string, SSL_CTX*> sslSans = core::socket::stream::tls::ssl_get_sans(sslCtx);
 
            sniCtxMap.insert(sslSans.begin(), sslSans.end());
 
            for (const auto& [sni, ctx] : sniCtxMap) {
                LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (M) sni for '" << sni << "' from master certificate installed";
            }
 
            for (const auto& [domain, sniCertConf] : getSniCerts()) {
                if (!domain.empty()) {
                    core::socket::stream::tls::SslConfig sslConfig(true);
 
                    sslConfig.instanceName = getInstanceName();
 
                    for (const auto& [key, value] : sniCertConf) {
                        if (key == "Cert") {
                            sslConfig.cert = std::get<std::string>(value);
                        } else if (key == "CertKey") {
                            sslConfig.certKey = std::get<std::string>(value);
                        } else if (key == "CertKeyPassword") {
                            sslConfig.password = std::get<std::string>(value);
                        } else if (key == "CaCert") {
                            sslConfig.caCert = std::get<std::string>(value);
                        } else if (key == "CaCertDir") {
                            sslConfig.caCertDir = std::get<std::string>(value);
                        } else if (key == "CaCertUseDefaultDir") {
                            sslConfig.caCertUseDefaultDir = std::get<bool>(value);
                        } else if (key == "CaCertAcceptUnknown") {
                            sslConfig.caCertAcceptUnknown = std::get<bool>(value);
                        } else if (key == "CipherList") {
                            sslConfig.cipherList = std::get<std::string>(value);
                        } else if (key == "SslOptions") {
                            sslConfig.sslOptions = std::get<ssl_option_t>(value);
                        }
                    }
 
                    SSL_CTX* newCtx = core::socket::stream::tls::ssl_ctx_new(sslConfig);
 
                    if (newCtx != nullptr) {
                        sniCtxs.push_back(newCtx);
                        sniCtxMap.insert_or_assign(domain, newCtx);
 
                        LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (E) sni for '" << domain << "' explicitly installed";
 
                        for (const auto& [san, ctx] : core::socket::stream::tls::ssl_get_sans(newCtx)) {
                            sniCtxMap.insert_or_assign(san, ctx);
 
                            LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (S) sni for '" << san << "' from SAN installed";
                        }
                    } else {
                        LOG(WARNING) << getInstanceName() << " SSL/TLS: Can not create SNI_SSL_CTX for domain '" << domain << "'";
                    }
                }
            }
            LOG(TRACE) << getInstanceName() << " SSL/TLS: SNI list result:";
            for (const auto& [sni, ctx] : sniCtxMap) {
                LOG(TRACE) << "  " << sni;
            }
        }
 
        return sslCtx;
    }

Here is the call graph for this function:

Member Data Documentation

◆ sniCtxMap

template<typename ConfigSocketServerBaseT>

std::map<std::string, SSL_CTX*> net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxMap

private

Definition at line 80 of file ConfigSocketServer.h.

Referenced by getSniCtx(), and getSslCtx().

◆ sniCtxs

template<typename ConfigSocketServerBaseT>

std::list<SSL_CTX*> net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxs

private

Definition at line 79 of file ConfigSocketServer.h.

Referenced by getSslCtx().

◆ sslCtx

template<typename ConfigSocketServerBaseT>

SSL_CTX* net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sslCtx = nullptr

private

Definition at line 78 of file ConfigSocketServer.h.

Referenced by getSslCtx(), and net::config::stream::tls::ConfigSocketServer< net::in6::stream::config::ConfigSocketServer >::~ConfigSocketServer().

The documentation for this class was generated from the following files:

net/config/stream/tls/ConfigSocketServer.h
net/config/stream/tls/ConfigSocketServer.hpp

SNode.C

Public Types

Public Member Functions

Protected Member Functions

Static Private Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Member Typedef Documentation

◆ Instance

◆ Tls

Constructor & Destructor Documentation

◆ ConfigSocketServer()

◆ ~ConfigSocketServer()

Member Function Documentation

◆ clientHelloCallback()

◆ getSniCtx()

◆ getSslCtx()

Member Data Documentation

◆ sniCtxMap

◆ sniCtxs

◆ sslCtx