Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add ssl engine #403

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions src/mqtt/ssl_options.h
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,15 @@ class ssl_options
/** Path to a directory containing CA certificates in PEM format */
string caPath_;

/** Key mode "ENG" for engine or "PEM" for pem format */
string keyType_;

/** ssl engine id */
string engineId_;

/** engine config file inorder to load engine*/
string engineConfFile_;

/**
* The list of cipher suites that the client will present to the
* server during the SSL handshake.
Expand Down Expand Up @@ -146,11 +155,15 @@ class ssl_options
* will present to the server during the SSL handshake.
* @param enableServerCertAuth True/False option to enable verification of
* the server certificate
* @param keyType privateKey mode ,choose "ENG" for engine, "PEM" for pem.
* @param engineId The SSL engine ID.
* @param engineConfFile engine config file for load engine.
* @param alpnProtos The ALPN protocols to try.
*/
ssl_options(const string& trustStore, const string& keyStore,
const string& privateKey, const string& privateKeyPassword,
const string& enabledCipherSuites, bool enableServerCertAuth,
const string& keyType, const string& engineId, const string& engineConfFile,
const std::vector<string> alpnProtos=std::vector<string>());
/**
* Argument constructor.
Expand All @@ -168,12 +181,16 @@ class ssl_options
* handshake.
* @param enableServerCertAuth True/False option to enable verification
* of the server certificate
* @param keyType privateKey mode ,choose "ENG" for engine, "PEM" for pem.
* @param engineId The SSL engine ID.
* @param engineConfFile engine config file for load engine.
* @param alpnProtos The ALPN protocols to try.
*/
ssl_options(const string& trustStore, const string& keyStore,
const string& privateKey, const string& privateKeyPassword,
const string& caPath,
const string& enabledCipherSuites, bool enableServerCertAuth,
const string& keyType, const string& engineId, const string& engineConfFile,
const std::vector<string> alpnProtos=std::vector<string>());
/**
* Copy constructor.
Expand Down Expand Up @@ -257,6 +274,21 @@ class ssl_options
* file in PEM format containing the client's private
* key.
*/
void set_key_mode(const string& keyType);
/**
* Sets the key mode for client's private key.
* @param keyType choose "ENG" for engine, "PEM" for pem.
*/
void set_engine_id(const string& engineId);
/**
* Sets the engine ID for SSL.
* @param engineId engineId for SSL.
*/
void set_engine_conf(const string& engineConfFile);
/**
* Sets the engine config file for SSL.
* @param engineConfFile engine config file for SSL.
*/
void set_private_key(const string& privateKey);
/**
* Sets the password to load the client's privateKey if encrypted.
Expand Down
42 changes: 39 additions & 3 deletions src/ssl_options.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,16 @@ ssl_options::ssl_options() : opts_(DFLT_C_STRUCT)
ssl_options::ssl_options(const string& trustStore, const string& keyStore,
const string& privateKey, const string& privateKeyPassword,
const string& enabledCipherSuites, bool enableServerCertAuth,
const string& keyType, const string& engineId, const string& engineConfFile,
const std::vector<string> alpnProtos /*=std::vector<string>()*/)
: opts_(DFLT_C_STRUCT),
trustStore_(trustStore),
keyStore_(keyStore),
privateKey_(privateKey),
privateKeyPassword_(privateKeyPassword),
enabledCipherSuites_(enabledCipherSuites)
enabledCipherSuites_(enabledCipherSuites),
keyType_(keyType), engineId_(engineId),
engineConfFile_(engineConfFile)
{
set_alpn_protos(alpnProtos);
update_c_struct();
Expand All @@ -50,14 +53,17 @@ ssl_options::ssl_options(const string& trustStore, const string& keyStore,
const string& privateKey, const string& privateKeyPassword,
const string& caPath,
const string& enabledCipherSuites, bool enableServerCertAuth,
const string& keyType, const string& engineId, const string& engineConfFile,
const std::vector<string> alpnProtos /*=std::vector<string>()*/)
: opts_(DFLT_C_STRUCT),
trustStore_(trustStore),
keyStore_(keyStore),
privateKey_(privateKey),
privateKeyPassword_(privateKeyPassword),
caPath_(caPath),
enabledCipherSuites_(enabledCipherSuites)
enabledCipherSuites_(enabledCipherSuites),
keyType_(keyType), engineId_(engineId),
engineConfFile_(engineConfFile)
{
set_alpn_protos(alpnProtos);
update_c_struct();
Expand All @@ -72,6 +78,8 @@ ssl_options::ssl_options(const ssl_options& other)
privateKeyPassword_(other.privateKeyPassword_),
caPath_(other.caPath_),
enabledCipherSuites_(other.enabledCipherSuites_),
keyType_(other.keyType_), engineId_(other.engineId_),
engineConfFile_(other.engineConfFile_),
errHandler_(other.errHandler_),
pskHandler_(other.pskHandler_),
protos_(other.protos_)
Expand All @@ -87,6 +95,8 @@ ssl_options::ssl_options(ssl_options&& other)
privateKeyPassword_(std::move(other.privateKeyPassword_)),
caPath_(std::move(other.caPath_)),
enabledCipherSuites_(std::move(other.enabledCipherSuites_)),
keyType_(std::move(other.keyType_)), engineId_(std::move(other.engineId_)),
engineConfFile_(std::move(other.engineConfFile_)),
errHandler_(std::move(other.errHandler_)),
pskHandler_(std::move(other.pskHandler_)),
protos_(std::move(other.protos_))
Expand All @@ -102,7 +112,9 @@ void ssl_options::update_c_struct()
opts_.privateKeyPassword = c_str(privateKeyPassword_);
opts_.CApath = c_str(caPath_);
opts_.enabledCipherSuites = c_str(enabledCipherSuites_);

opts_.keyType = c_str(keyType_);
opts_.engineId = c_str(engineId_);
opts_.engineConfFile = c_str(engineConfFile_);
if (errHandler_) {
opts_.ssl_error_cb = &ssl_options::on_error;
opts_.ssl_error_context = this;
Expand Down Expand Up @@ -196,6 +208,9 @@ ssl_options& ssl_options::operator=(const ssl_options& rhs)
pskHandler_ = rhs.pskHandler_;

protos_ = rhs.protos_;
keyType_ = rhs.keyType_;
engineId_ = rhs.engineId_;
engineConfFile_ = rhs.engineConfFile_;

update_c_struct();
return *this;
Expand All @@ -219,6 +234,9 @@ ssl_options& ssl_options::operator=(ssl_options&& rhs)
pskHandler_ = std::move(rhs.pskHandler_);

protos_ = std::move(rhs.protos_);
keyType_ = std::move(rhs.keyType_);
engineId_ = std::move(rhs.engineId_);
engineConfFile_ = std::move(rhs.engineConfFile_);

update_c_struct();
return *this;
Expand All @@ -238,6 +256,24 @@ void ssl_options::set_key_store(const string& keyStore)
opts_.keyStore = c_str(keyStore_);
}

void ssl_options::set_key_mode(const string& keyType)
{
keyType_ = keyType;
opts_.keyType = c_str(keyType_);
}

void ssl_options::set_engine_id(const string& engineId)
{
engineId_ = engineId;
opts_.engineId = c_str(engineId_);
}

void ssl_options::set_engine_conf(const string& engineConfFile)
{
engineConfFile_ = engineConfFile;
opts_.engineConfFile = c_str(engineConfFile_);
}

void ssl_options::set_private_key(const string& privateKey)
{
privateKey_ = privateKey;
Expand Down