From aa938f05ca6c2e5cc21aca894a5289d82255d55d Mon Sep 17 00:00:00 2001 From: Tomasz Sowa Date: Wed, 21 Dec 2022 14:09:31 +0100 Subject: [PATCH] add methods to set a client certificate/key and the CA in the Http class --- winixd/utils/http.cpp | 51 +++++++++++++++++++++++++++++++++++++++++++ winixd/utils/http.h | 28 ++++++++++++++++++++++++ 2 files changed, 79 insertions(+) diff --git a/winixd/utils/http.cpp b/winixd/utils/http.cpp index 94b1a50..fcf070f 100644 --- a/winixd/utils/http.cpp +++ b/winixd/utils/http.cpp @@ -75,6 +75,12 @@ Http & Http::begin() verify_ssl_cert = true; forse_ssl_version = false; ssl_version = 0; + ca_path = nullptr; + ca_path_utf8.clear(); + client_cert = nullptr; + client_key = nullptr; + client_cert_utf8.clear(); + client_key_utf8.clear(); return *this; } @@ -466,6 +472,33 @@ void Http::verify_ssl(bool verify) } +void Http::set_ca_file(const wchar_t * path) +{ + ca_path = path; +} + + +void Http::set_ca_file(const std::wstring & path) +{ + ca_path = path.c_str(); +} + + +void Http::set_client_cert(const wchar_t * client_cert, const wchar_t * client_key) +{ + this->client_cert = client_cert; + this->client_key = client_key; +} + + +void Http::set_client_cert(const std::wstring & client_cert, const std::wstring & client_key) +{ + this->client_cert = client_cert.c_str(); + this->client_key = client_key.c_str(); +} + + + void Http::initialize_curl_if_needed() { @@ -571,6 +604,24 @@ bool Http::fetch_internal(Method method, const char * url, const std::string * i curl_easy_setopt(curl, CURLOPT_SSLVERSION, ssl_version); } + if( ca_path ) + { + pt::wide_to_utf8(ca_path, ca_path_utf8); + curl_easy_setopt(curl, CURLOPT_CAINFO, ca_path_utf8.c_str()); + } + + if( client_cert ) + { + pt::wide_to_utf8(client_cert, client_cert_utf8); + curl_easy_setopt(curl, CURLOPT_SSLCERT, client_cert_utf8.c_str()); + } + + if( client_key ) + { + pt::wide_to_utf8(client_key, client_key_utf8); + curl_easy_setopt(curl, CURLOPT_SSLKEY, client_key_utf8.c_str()); + } + // block the Expect: 100-continue header // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect // https://httpwg.org/specs/rfc7231.html#header.expect diff --git a/winixd/utils/http.h b/winixd/utils/http.h index c7f2cdd..fa43f1e 100644 --- a/winixd/utils/http.h +++ b/winixd/utils/http.h @@ -219,6 +219,28 @@ public: */ void verify_ssl(bool verify); + /* + * a path to the CA to verify the peer + * used with CURLOPT_CAINFO + * https://curl.se/libcurl/c/CURLOPT_CAINFO.html + * + * we do not copy the string but only get a pointer to its c_str() + */ + void set_ca_file(const wchar_t * path); + void set_ca_file(const std::wstring & path); + + /* + * set a client certificate and a private key + * + * used with: + * https://curl.se/libcurl/c/CURLOPT_SSLCERT.html + * https://curl.se/libcurl/c/CURLOPT_SSLKEY.html + * + * we do not copy the string but only get a pointer to its c_str() + */ + void set_client_cert(const wchar_t * client_cert, const wchar_t * client_key); + void set_client_cert(const std::wstring & client_cert, const std::wstring & client_key); + /* * in can be a null pointer * in such a case a body payload is not sent @@ -273,6 +295,12 @@ private: bool verify_ssl_cert; bool forse_ssl_version; long ssl_version; + const wchar_t * ca_path; + std::string ca_path_utf8; + const wchar_t * client_cert; + const wchar_t * client_key; + std::string client_cert_utf8; + std::string client_key_utf8; std::wstring temp_header; std::string temp_header_ascii;