commit/9b9dfd7e60772525a8e73c805127fb458d68feb9/HTTPClientSSLContext_8h_source.html

#pragma once


#include <xrpl/basics/Log.h>

#include <xrpl/basics/contract.h>

#include <xrpl/beast/utility/Journal.h>

#include <xrpl/net/RegisterSSLCerts.h>


#include <boost/asio.hpp>

#include <boost/asio/ip/tcp.hpp>

#include <boost/asio/ssl.hpp>

#include <boost/format.hpp>


namespace xrpl {


class HTTPClientSSLContext

{

public:


    explicit HTTPClientSSLContext(

        std::string const& sslVerifyDir,

        std::string const& sslVerifyFile,

        bool sslVerify,

        beast::Journal j,

        boost::asio::ssl::context_base::method method = boost::asio::ssl::context::sslv23)

        : ssl_context_{method}, j_(j), verify_{sslVerify}

    {

        boost::system::error_code ec;


        if (sslVerifyFile.empty())

        {

            registerSSLCerts(ssl_context_, ec, j_);


            if (ec && sslVerifyDir.empty())

                Throw<std::runtime_error>(

                    boost::str(boost::format("Failed to set_default_verify_paths: %s") % ec.message()));

        }

        else

        {

            ssl_context_.load_verify_file(sslVerifyFile);

        }


        if (!sslVerifyDir.empty())

        {

            ssl_context_.add_verify_path(sslVerifyDir, ec);


            if (ec)

                Throw<std::runtime_error>(boost::str(boost::format("Failed to add verify path: %s") % ec.message()));

        }

    }


    boost::asio::ssl::context&


    context()

    {

        return ssl_context_;

    }


    bool


    sslVerify() const

    {

        return verify_;

    }


    template <

        class T,

        class = std::enable_if_t<

            std::is_same<T, boost::asio::ssl::stream<boost::asio::ip::tcp::socket>>::value ||

            std::is_same<T, boost::asio::ssl::stream<boost::asio::ip::tcp::socket&>>::value>>

    boost::system::error_code


    preConnectVerify(T& strm, std::string const& host)

    {

        boost::system::error_code ec;

        if (!SSL_set_tlsext_host_name(strm.native_handle(), host.c_str()))

        {

            ec.assign(static_cast<int>(::ERR_get_error()), boost::asio::error::get_ssl_category());

        }

        else if (!sslVerify())

        {

            strm.set_verify_mode(boost::asio::ssl::verify_none, ec);

        }

        return ec;

    }


    template <

        class T,

        class = std::enable_if_t<

            std::is_same<T, boost::asio::ssl::stream<boost::asio::ip::tcp::socket>>::value ||

            std::is_same<T, boost::asio::ssl::stream<boost::asio::ip::tcp::socket&>>::value>>

    boost::system::error_code


    postConnectVerify(T& strm, std::string const& host)

    {

        boost::system::error_code ec;


        if (sslVerify())

        {

            strm.set_verify_mode(boost::asio::ssl::verify_peer, ec);

            if (!ec)

            {

                strm.set_verify_callback(

                    std::bind(&rfc6125_verify, host, std::placeholders::_1, std::placeholders::_2, j_), ec);

            }

        }


        return ec;

    }


    static bool


    rfc6125_verify(std::string const& domain, bool preverified, boost::asio::ssl::verify_context& ctx, beast::Journal j)

    {

        if (boost::asio::ssl::host_name_verification(domain)(preverified, ctx))

            return true;


        JLOG(j.warn()) << "Outbound SSL connection to " << domain << " fails certificate verification";

        return false;

    }


private:

    boost::asio::ssl::context ssl_context_;

    beast::Journal const j_;

    bool const verify_;

};


}  // namespace xrpl

std::string

std::bind
T bind(T... args)

std::string::c_str
T c_str(T... args)

beast::Journal
A generic endpoint for log messages.
Definition Journal.h:40

beast::Journal::warn
Stream warn() const
Definition Journal.h:312

xrpl::HTTPClientSSLContext
Definition HTTPClientSSLContext.h:16

xrpl::HTTPClientSSLContext::preConnectVerify
boost::system::error_code preConnectVerify(T &strm, std::string const &host)
invoked before connect/async_connect on an ssl stream to setup name verification.
Definition HTTPClientSSLContext.h:80

xrpl::HTTPClientSSLContext::postConnectVerify
boost::system::error_code postConnectVerify(T &strm, std::string const &host)
invoked after connect/async_connect but before sending data on an ssl stream - to setup name verifica...
Definition HTTPClientSSLContext.h:107

xrpl::HTTPClientSSLContext::verify_
bool const verify_
Definition HTTPClientSSLContext.h:146

xrpl::HTTPClientSSLContext::rfc6125_verify
static bool rfc6125_verify(std::string const &domain, bool preverified, boost::asio::ssl::verify_context &ctx, beast::Journal j)
callback invoked for name verification - just passes through to the asio host_name_verification (rfc6...
Definition HTTPClientSSLContext.h:134

xrpl::HTTPClientSSLContext::ssl_context_
boost::asio::ssl::context ssl_context_
Definition HTTPClientSSLContext.h:144

xrpl::HTTPClientSSLContext::HTTPClientSSLContext
HTTPClientSSLContext(std::string const &sslVerifyDir, std::string const &sslVerifyFile, bool sslVerify, beast::Journal j, boost::asio::ssl::context_base::method method=boost::asio::ssl::context::sslv23)
Definition HTTPClientSSLContext.h:18

xrpl::HTTPClientSSLContext::sslVerify
bool sslVerify() const
Definition HTTPClientSSLContext.h:57

xrpl::HTTPClientSSLContext::context
boost::asio::ssl::context & context()
Definition HTTPClientSSLContext.h:51

xrpl::HTTPClientSSLContext::j_
beast::Journal const j_
Definition HTTPClientSSLContext.h:145

std::string::empty
T empty(T... args)

std::enable_if_t

std::is_same

xrpl
Use hash_* containers for keys that do not need a cryptographically secure hashing algorithm.
Definition algorithm.h:5

xrpl::registerSSLCerts
void registerSSLCerts(boost::asio::ssl::context &, boost::system::error_code &, beast::Journal j)
Register default SSL certificates.
Definition RegisterSSLCerts.cpp:19