SNode.C
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Static Private Member Functions | Private Attributes | List of all members
net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT > Class Template Reference

#include <ConfigSocketServer.h>

Inheritance diagram for net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >:
Collaboration diagram for net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >:

Public Member Functions

SSL_CTX * getSslCtx ()
 
SSL_CTX * getSniCtx (const std::string &serverNameIndication)
 
- Public Member Functions inherited from net::config::ConfigInstance
 ConfigInstance (ConfigInstance &)=delete
 
 ConfigInstance (ConfigInstance &&)=delete
 
ConfigInstanceoperator= (ConfigInstance &)=delete
 
ConfigInstanceoperator= (ConfigInstance &&)=delete
 
Role getRole ()
 
const std::string & getInstanceName () const
 
void setInstanceName (const std::string &instanceName)
 
bool getDisabled () const
 
void setDisabled (bool disabled=true)
 
- Public Member Functions inherited from net::config::ConfigTlsServer
ConfigTlsServersetForceSni (bool forceSni=true)
 
bool getForceSni () const
 
ConfigTlsServeraddSniCerts (const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > &sniCerts)
 
ConfigTlsServeraddSniCert (const std::string &domain, const std::map< std::string, std::variant< std::string, bool, ssl_option_t > > &sniCert)
 
const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > & getSniCerts ()
 
- Public Member Functions inherited from net::config::ConfigTls
ConfigTlssetInitTimeout (const utils::Timeval &newInitTimeout)
 
utils::Timeval getInitTimeout () const
 
ConfigTlssetShutdownTimeout (const utils::Timeval &newShutdownTimeout)
 
utils::Timeval getShutdownTimeout () const
 
ConfigTlssetCert (const std::string &cert)
 
std::string getCert () const
 
ConfigTlssetCertKey (const std::string &certKey)
 
std::string getCertKey () const
 
ConfigTlssetCertKeyPassword (const std::string &certKeyPassword)
 
std::string getCertKeyPassword () const
 
ConfigTlssetCaCert (const std::string &caCert)
 
std::string getCaCert () const
 
ConfigTlssetCaCertDir (const std::string &caCertDir)
 
std::string getCaCertDir () const
 
ConfigTlssetCaCertUseDefaultDir (bool set=true)
 
bool getCaCertUseDefaultDir () const
 
ConfigTlssetCaCertAcceptUnknown (bool set=true)
 
bool getCaCertAcceptUnknown () const
 
ConfigTlssetCipherList (const std::string &cipherList)
 
std::string getCipherList () const
 
ConfigTlssetSslOptions (ssl_option_t sslOptions)
 
ssl_option_t getSslOptions () const
 
ConfigTlssetNoCloseNotifyIsEOF (bool noCloseNotifyIsEOF=true)
 
bool getNoCloseNotifyIsEOF () const
 

Protected Member Functions

 ConfigSocketServer (const std::string &name)
 
 ~ConfigSocketServer () override
 
- Protected Member Functions inherited from net::config::ConfigInstance
 ConfigInstance (const std::string &instanceName, Role role)
 
virtual ~ConfigInstance ()
 
- Protected Member Functions inherited from net::config::ConfigTlsServer
 ConfigTlsServer (ConfigInstance *instance)
 
- Protected Member Functions inherited from net::config::ConfigTls
 ConfigTls (ConfigInstance *instance)
 
- Protected Member Functions inherited from net::config::ConfigSection
 ConfigSection (ConfigInstance *instance, const std::string &name, const std::string &description)
 
 ConfigSection (const ConfigSection &)=delete
 
 ConfigSection (ConfigSection &&)=delete
 
ConfigSectionoperator= (const ConfigSection &)=delete
 
ConfigSectionoperator= (ConfigSection &&)=delete
 
CLI::Option * addOption (const std::string &name, const std::string &description)
 
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName)
 
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, const CLI::Validator &additionalValidator)
 
template<typename ValueTypeT >
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue)
 
template<typename ValueTypeT >
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &additionalValidator)
 
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName)
 
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, const CLI::Validator &additionalValidator)
 
template<typename ValueTypeT >
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue)
 
template<typename ValueTypeT >
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueTypeT defaultValue, const CLI::Validator &additionalValidator)
 
CLI::Option * addFlagFunction (const std::string &name, const std::function< void()> &callback, const std::string &description, const std::string &typeName, const std::string &defaultValue)
 
CLI::Option * addFlagFunction (const std::string &name, const std::function< void()> &callback, const std::string &description, const std::string &typeName, const std::string &defaultValue, const CLI::Validator &validator)
 
void required (CLI::Option *opt, bool req=true)
 
bool required () const
 
template<typename ValueType >
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue)
 
template<typename ValueType >
CLI::Option * addOption (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue, const CLI::Validator &additionalValidator)
 
template<typename ValueType >
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue)
 
template<typename ValueType >
CLI::Option * addFlag (const std::string &name, const std::string &description, const std::string &typeName, ValueType defaultValue, const CLI::Validator &additionalValidator)
 

Static Private Member Functions

static int clientHelloCallback (SSL *ssl, int *al, void *arg)
 

Private Attributes

SSL_CTX * sslCtx = nullptr
 
std::list< SSL_CTX * > sniCtxs
 
std::map< std::string, SSL_CTX * > sniCtxMap
 

Additional Inherited Members

- Public Types inherited from net::config::ConfigInstance
enum class  Role { SERVER , CLIENT }
 
using Instance = ConfigInstance
 
- Public Types inherited from net::config::ConfigTlsServer
using Tls = ConfigTlsServer
 
- Protected Attributes inherited from net::config::ConfigSection
CLI::App * section = nullptr
 

Detailed Description

template<typename ConfigSocketServerBaseT>
class net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >

Definition at line 37 of file ConfigSocketServer.h.

Constructor & Destructor Documentation

◆ ConfigSocketServer()

template<typename ConfigSocketServerBase >
net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::ConfigSocketServer ( const std::string & name)
explicitprotected

Definition at line 36 of file ConfigSocketServer.hpp.

37 : net::config::ConfigInstance(name, net::config::ConfigInstance::Role::SERVER)
38 , ConfigSocketServerBase(this)
39 , net::config::ConfigTlsServer(this) {
40 }

◆ ~ConfigSocketServer()

template<typename ConfigSocketServerBase >
net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::~ConfigSocketServer ( )
overrideprotected

Definition at line 43 of file ConfigSocketServer.hpp.

43 {
44 if (sslCtx != nullptr) {
45 core::socket::stream::tls::ssl_ctx_free(sslCtx);
46 }
47
48 for (SSL_CTX* sniCtx : sniCtxs) {
49 if (sniCtx != nullptr) {
50 core::socket::stream::tls::ssl_ctx_free(sniCtx);
51 }
52 }
53 }
core::socket::stream::tls::ssl_ctx_free
void ssl_ctx_free(SSL_CTX *ctx)
Definition ssl_utils.cpp:273

Member Function Documentation

◆ clientHelloCallback()

template<typename ConfigSocketServerBaseT >
static int net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::clientHelloCallback ( SSL * ssl,
int * al,
void * arg )
staticprivate

◆ getSniCtx()

template<typename ConfigSocketServerBase >
SSL_CTX * net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::getSniCtx ( const std::string & serverNameIndication)

Definition at line 140 of file ConfigSocketServer.hpp.

140 {
141 LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: Lookup for sni='" << serverNameIndication << "' in sni certificates";
142
143 SSL_CTX* sniCtx = nullptr;
144
145 std::map<std::string, SSL_CTX*>::iterator sniPairIt = std::find_if(
146 sniCtxMap.begin(), sniCtxMap.end(), [&serverNameIndication, this](const std::pair<std::string, SSL_CTX*>& sniPair) -> bool {
147 LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: .. " << sniPair.first.c_str();
148 return core::socket::stream::tls::match(sniPair.first.c_str(), serverNameIndication.c_str());
149 });
150
151 if (sniPairIt != sniCtxMap.end()) {
152 LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: found for " << serverNameIndication << " -> '" << sniPairIt->first << "'";
153 sniCtx = sniPairIt->second;
154 } else {
155 LOG(WARNING) << getInstanceName() << " SSL/TL SNI: not found for " << serverNameIndication;
156 }
157
158 return sniCtx;
159 }
net::config::ConfigInstance::getInstanceName
const std::string & getInstanceName() const
Definition ConfigInstance.cpp:88
net::config::stream::tls::ConfigSocketServer::sniCtxMap
std::map< std::string, SSL_CTX * > sniCtxMap
Definition ConfigSocketServer.h:55

◆ getSslCtx()

template<typename ConfigSocketServerBase >
SSL_CTX * net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::getSslCtx ( )

Definition at line 56 of file ConfigSocketServer.hpp.

56 {
57 if (sslCtx == nullptr) {
58 core::socket::stream::tls::SslConfig sslConfig(true);
59
60 sslConfig.instanceName = getInstanceName();
61
62 sslConfig.cert = getCert();
63 sslConfig.certKey = getCertKey();
64 sslConfig.password = getCertKeyPassword();
65 sslConfig.caCert = getCaCert();
66 sslConfig.caCertDir = getCaCertDir();
67 sslConfig.cipherList = getCipherList();
68 sslConfig.sslOptions = getSslOptions();
69 sslConfig.caCertUseDefaultDir = getCaCertUseDefaultDir();
70 sslConfig.caCertAcceptUnknown = getCaCertAcceptUnknown();
71
72 sslCtx = core::socket::stream::tls::ssl_ctx_new(sslConfig);
73 }
74
75 if (sniCtxMap.empty()) {
76 std::map<std::string, SSL_CTX*> sslSans = core::socket::stream::tls::ssl_get_sans(sslCtx);
77
78 sniCtxMap.insert(sslSans.begin(), sslSans.end());
79
80 for (const auto& [sni, ctx] : sniCtxMap) {
81 LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (M) sni for '" << sni << "' from master certificate installed";
82 }
83
84 for (const auto& [domain, sniCertConf] : getSniCerts()) {
85 if (!domain.empty()) {
86 core::socket::stream::tls::SslConfig sslConfig(true);
87
88 sslConfig.instanceName = getInstanceName();
89
90 for (const auto& [key, value] : sniCertConf) {
91 if (key == "Cert") {
92 sslConfig.cert = std::get<std::string>(value);
93 } else if (key == "CertKey") {
94 sslConfig.certKey = std::get<std::string>(value);
95 } else if (key == "CertKeyPassword") {
96 sslConfig.password = std::get<std::string>(value);
97 } else if (key == "CaCert") {
98 sslConfig.caCert = std::get<std::string>(value);
99 } else if (key == "CaCertDir") {
100 sslConfig.caCertDir = std::get<std::string>(value);
101 } else if (key == "CaCertUseDefaultDir") {
102 sslConfig.caCertUseDefaultDir = std::get<bool>(value);
103 } else if (key == "CaCertAcceptUnknown") {
104 sslConfig.caCertAcceptUnknown = std::get<bool>(value);
105 } else if (key == "CipherList") {
106 sslConfig.cipherList = std::get<std::string>(value);
107 } else if (key == "SslOptions") {
108 sslConfig.sslOptions = std::get<ssl_option_t>(value);
109 }
110 }
111
112 SSL_CTX* newCtx = core::socket::stream::tls::ssl_ctx_new(sslConfig);
113
114 if (newCtx != nullptr) {
115 sniCtxs.push_back(newCtx);
116 sniCtxMap.insert_or_assign(domain, newCtx);
117
118 LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (E) sni for '" << domain << "' explicitly installed";
119
120 for (const auto& [san, ctx] : core::socket::stream::tls::ssl_get_sans(newCtx)) {
121 sniCtxMap.insert_or_assign(san, ctx);
122
123 LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (S) sni for '" << san << "' from SAN installed";
124 }
125 } else {
126 LOG(WARNING) << getInstanceName() << " SSL/TLS: Can not create SNI_SSL_CTX for domain '" << domain << "'";
127 }
128 }
129 }
130 LOG(TRACE) << getInstanceName() << " SSL/TLS: SNI list result:";
131 for (const auto& [sni, ctx] : sniCtxMap) {
132 LOG(TRACE) << " " << sni;
133 }
134 }
135
136 return sslCtx;
137 }
net::config::ConfigTlsServer::getSniCerts
const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > & getSniCerts()
Definition ConfigTlsServer.cpp:151
net::config::ConfigTls::getCaCertDir
std::string getCaCertDir() const
Definition ConfigTls.cpp:169
net::config::ConfigTls::getCaCert
std::string getCaCert() const
Definition ConfigTls.cpp:157
net::config::ConfigTls::getCipherList
std::string getCipherList() const
Definition ConfigTls.cpp:205
net::config::ConfigTls::getSslOptions
ssl_option_t getSslOptions() const
Definition ConfigTls.cpp:217
net::config::ConfigTls::getCaCertAcceptUnknown
bool getCaCertAcceptUnknown() const
Definition ConfigTls.cpp:193
net::config::ConfigTls::getCaCertUseDefaultDir
bool getCaCertUseDefaultDir() const
Definition ConfigTls.cpp:181
net::config::ConfigTls::getCertKey
std::string getCertKey() const
Definition ConfigTls.cpp:133
net::config::ConfigTls::getCert
std::string getCert() const
Definition ConfigTls.cpp:121
net::config::ConfigTls::getCertKeyPassword
std::string getCertKeyPassword() const
Definition ConfigTls.cpp:145
core::socket::stream::tls::ssl_get_sans
std::map< std::string, SSL_CTX * > ssl_get_sans(SSL_CTX *sslCtx)
Definition ssl_utils.cpp:198
core::socket::stream::tls::ssl_ctx_new
SSL_CTX * ssl_ctx_new(const SslConfig &sslConfig)
Definition ssl_utils.cpp:91
core::system::socket
int socket(int domain, int type, int protocol)
Definition socket.cpp:30
core
Definition Timer.h:37

Member Data Documentation

◆ sniCtxMap

template<typename ConfigSocketServerBaseT >
std::map<std::string, SSL_CTX*> net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxMap
private

Definition at line 55 of file ConfigSocketServer.h.

◆ sniCtxs

template<typename ConfigSocketServerBaseT >
std::list<SSL_CTX*> net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxs
private

Definition at line 54 of file ConfigSocketServer.h.

◆ sslCtx

template<typename ConfigSocketServerBaseT >
SSL_CTX* net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sslCtx = nullptr
private

Definition at line 53 of file ConfigSocketServer.h.

The documentation for this class was generated from the following files: