SWC-DB  v0.5.12 C++ documentations
SWC-DB© (Super Wide Column Database) - High Performance Scalable Database (https://github.com/kashirin-alex/swc-db)
ConfigSSL.cc
Go to the documentation of this file.
1 /*
2  * SWC-DB© Copyright since 2019 Alex Kashirin <kashirin.alex@gmail.com>
3  * License details at <https://github.com/kashirin-alex/swc-db/#license>
4  */
5 
6 
9 #include <fstream>
10 
11 
12 namespace SWC { namespace Comm {
13 
14 SWC_SHOULD_NOT_INLINE
15 ConfigSSL::ConfigSSL(const Config::Settings& settings, bool is_client)
16  : nets_v4(), nets_v6(), subject_name(),
17  ctx(is_client
18  ? asio::ssl::context::tlsv13_client
19  : asio::ssl::context::tlsv13_server) {
20  set_networks(settings.get_strs("swc.comm.ssl.secure.network"), is_client);
21 
22  std::string ciphers = settings.get_str("swc.comm.ssl.ciphers", "");
23  if(!ciphers.empty())
24  SSL_CTX_set_cipher_list(
25  ctx.native_handle(), ciphers.c_str());
26 
27  const std::string pathbase(settings.get_str("swc.cfg.path"));
28  std::string ca;
29  if(settings.has("swc.comm.ssl.ca"))
30  load_file(pathbase, settings.get_str("swc.comm.ssl.ca"), ca);
31  if(ca.empty()) {
32  ctx.set_default_verify_paths();
33  } else {
34  ctx.add_certificate_authority(
35  asio::const_buffer(ca.data(), ca.length()));
36  }
37 
38 
39  if(is_client) {
40  ctx.set_options(
41  asio::ssl::context::no_compression
42  | asio::ssl::context::no_sslv2
43  | asio::ssl::context::no_sslv3
44  | asio::ssl::context::no_tlsv1
45  | asio::ssl::context::no_tlsv1_1
46  | asio::ssl::context::no_tlsv1_2
47  );
48  subject_name = settings.get_str("swc.comm.ssl.subject_name", "");
49  if(!subject_name.empty())
50  ctx.set_verify_mode(asio::ssl::verify_peer);
51 
52  } else {
53  ctx.set_options(//asio::ssl::context::default_workarounds |
54  asio::ssl::context::no_compression
55  | asio::ssl::context::no_sslv2
56  | asio::ssl::context::no_sslv3
57  | asio::ssl::context::no_tlsv1
58  | asio::ssl::context::no_tlsv1_1
59  | asio::ssl::context::no_tlsv1_2
60  | asio::ssl::context::single_dh_use
61  | SSL_OP_NO_TICKET
62  | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
63  | SSL_OP_CIPHER_SERVER_PREFERENCE
64  );
65 
66  std::string crt;
67  load_file(pathbase, settings.get_str("swc.comm.ssl.crt"), crt);
68  ctx.use_certificate(
69  asio::const_buffer(crt.data(), crt.length()), asio::ssl::context::pem);
70 
71  std::string key;
72  load_file(pathbase, settings.get_str("swc.comm.ssl.key"), key);
73  ctx.use_rsa_private_key(
74  asio::const_buffer(key.data(), key.length()), asio::ssl::context::pem);
75  }
76 
77  /*
78  SSL_CTX_set_ecdh_auto(ctx.native_handle(), 1);
79  SSL_CTX_set_tmp_dh(
80  ctx.native_handle(), EC_KEY_new_by_curve_name (NID_X9_62_prime256v1));
81  ctx.use_tmp_dh_file("dh2048.pem");
82  ctx.set_verify_mode(
83  asio::ssl::verify_client_once | asio::ssl::verify_fail_if_no_peer_cert);
84  */
85 }
86 
87 
89  bool with_local) {
90  // option. tmp nets-config
91  asio::error_code ec;
92  Resolver::get_networks(networks, nets_v4, nets_v6, ec);
93  if(ec)
95  "Bad Network in swc.comm.ssl.secure.network error(%s)",
96  ec.message().c_str());
97  if(!with_local) // option pass
98  return;
99 
100  // option tmp nets-local for srv by the binded endpoints
101  int err = Error::OK;
103  if(err)
105  "Bad Network in swc.comm.ssl.secure.network error(%s)",
106  Error::get_text(err));
107  /* option
108  includes and excludes subnets/racks in secure-networks
109  clear nets-wide not in nets-local
110  mv nets-wide to nets_v4, nets_v6
111  */
112 }
113 
114 
117  SocketPlain& socket) const {
118  auto conn = make_connection(app_ctx, socket);
119  if(!subject_name.empty())
120  conn->set_verify(asio::ssl::host_name_verification(subject_name));
121  return conn;
122 }
123 
126  SocketPlain& socket,
127  asio::error_code& ec) const {
128  auto conn = make_client(app_ctx, socket);
129  conn->handshake(SocketSSL::client, ec);
130  return conn;
131 }
132 
133 void ConfigSSL::load_file(const std::string& pathbase,
134  std::string filepath, std::string& to) const {
135  to.clear();
136  int err = Error::OK;
137  try {
138  if(filepath.front() != '.' && filepath.front() != '/')
139  filepath = pathbase + filepath;
140 
141  std::ifstream istrm(filepath, std::ios::binary | std::ios::ate);
142  if(istrm.is_open()) {
143  if(size_t len = istrm.tellg()) {
144  to.resize(len);
145  istrm.seekg(0);
146  istrm.read(to.data(), to.length());
147  }
148  istrm.close();
149  } else {
151  }
152  } catch(...) {
154  err = e.code();
155  }
156  if(err) {
157  SWC_THROWF(Error::CONFIG_BAD_VALUE, "Bad File '%s' error=%d(%s)",
158  filepath.c_str(), err, Error::get_text(err));
159  }
160 }
161 
162 
163 }}
SWC::Error::Exception::code
constexpr SWC_CAN_INLINE int code() const noexcept
Definition: Exception.h:51
SWC::Config::Properties::get_strs
Strings get_strs(const char *name) const
Definition: Properties.h:85
SWC::Comm::Resolver::get_networks
void get_networks(const Config::Strings &networks, Networks &nets, asio::error_code &ec)
Definition: Resolver.cc:264
SWC::Comm::ConfigSSL::subject_name
std::string subject_name
Definition: ConfigSSL.h:57
SWC::Comm::Resolver::get_local_networks
void get_local_networks(int &err, Networks_v4 &nets_v4, Networks_v6 &nets_v6)
Definition: Resolver.cc:287
Settings.h
SWC::Comm::ConnHandlerSSL::Ptr
std::shared_ptr< ConnHandlerSSL > Ptr
Definition: ConnHandler.h:299
SWC::Error::get_text
const char * get_text(const int err) noexcept
Definition: Error.cc:173
SWC::Comm::ConfigSSL::nets_v6
Networks_v6 nets_v6
Definition: ConfigSSL.h:56
SWC::Error::CONFIG_BAD_CFG_FILE
@ CONFIG_BAD_CFG_FILE
Definition: Error.h:79
SWC::Comm::ConfigSSL::ctx
asio::ssl::context ctx
Definition: ConfigSSL.h:58
SWC::Comm::SocketPlain
asio::ip::tcp::socket SocketPlain
Definition: ConnHandler.h:25
SWC::Comm::ConfigSSL::ConfigSSL
ConfigSSL(const Config::Settings &settings, bool is_client=true)
Definition: ConfigSSL.cc:15
ConfigSSL.h
SWC::Comm::AppContext::Ptr
std::shared_ptr< AppContext > Ptr
Definition: AppContext.h:23
SWC::Error::OK
@ OK
Definition: Error.h:45
SWC::Comm::ConfigSSL::make_client
ConnHandlerSSL::Ptr make_client(AppContext::Ptr &app_ctx, SocketPlain &socket) const
Definition: ConfigSSL.cc:116
SWC_CURRENT_EXCEPTION
#define SWC_CURRENT_EXCEPTION(_msg_)
Definition: Exception.h:119
SWC
The SWC-DB C++ namespace 'SWC'.
Definition: main.cc:12
SWC::Config::Properties::has
bool SWC_PURE_FUNC has(const char *name) const noexcept
Definition: Properties.cc:82
SWC_THROWF
#define SWC_THROWF(_code_, _fmt_,...)
Definition: Exception.h:136
SWC::Config::Settings
Definition: Settings.h:25
SWC::Comm::ConnHandlerPtr
std::shared_ptr< ConnHandler > ConnHandlerPtr
Definition: AppContext.h:17
SWC::Error::CONFIG_BAD_VALUE
@ CONFIG_BAD_VALUE
Definition: Error.h:81
SWC::Core::Vector< std::string >
SWC::Config::Properties::get_str
std::string get_str(const char *name) const
Definition: Properties.h:77
SWC::Comm::ConfigSSL::set_networks
void set_networks(const Config::Strings &networks, bool with_local)
Definition: ConfigSSL.cc:88
SWC::Common::Files::Schema::filepath
std::string filepath(cid_t cid)
Definition: Schema.h:34
SWC::Comm::ConfigSSL::load_file
void load_file(const std::string &pathbase, std::string filepath, std::string &to) const
Definition: ConfigSSL.cc:133
SWC::Comm::ConfigSSL::nets_v4
Networks_v4 nets_v4
Definition: ConfigSSL.h:55
SWC::Error::Exception
Definition: Exception.h:21
SWC::Comm::ConfigSSL::make_connection
ConnHandlerSSL::Ptr make_connection(AppContext::Ptr &app_ctx, SocketPlain &socket) const
Definition: ConfigSSL.h:39