Fix built with CPPREST_HTTP_CLIENT_IMPL=winhttp

sony · Mar 7, 2024 · b101b74 · b101b74
1 parent e6dbf74
commit b101b74
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 9 deletions.
diff --git a/Development/nmos/certificate_settings.h b/Development/nmos/certificate_settings.h
@@ -36,9 +36,11 @@ namespace nmos
             // one of the certificates must also be bound to each port e.g. using 'netsh add sslcert'
             const web::json::field_as_string_or certificate_chain_file{ U("certificate_chain_file"), U("") };
 
-            // client_certificate [registry, node]: an client certificate object, which has the full paths of private key file and certificate chain file
+            // client_certificate [registry, node]: a client certificate object, which has the full paths of private key file and certificate chain file
             // the value must be an object like { "private_key_file": "client-key.pem, "certificate_chain_file": "client-chain.pem" }
             // see private_key_file and certificate_chain_file above
+            // note: on windows, if C++ REST SDK is built with CPPREST_HTTP_CLIENT_IMPL=winhttp (reported as "client=winhttp" by nmos::get_build_settings_info)
+            // the certificate_chain_file must be in PKCS#12 format, storing the certificate chain and the private key
             const web::json::field_as_value_or client_certificate{ U("client_certificate"), web::json::value_of({ { private_key_file, U("") }, { certificate_chain_file, U("") } }) };
 
             // dh_param_file [registry, node]: Diffie-Hellman parameters file in PEM format for ephemeral key exchange support, or empty string for no support

diff --git a/Development/nmos/est_behaviour.cpp b/Development/nmos/est_behaviour.cpp
@@ -2,10 +2,6 @@
 
 #include <boost/algorithm/string.hpp> // for boost::to_upper_copy
 #include <time.h> // for tm and strptime
-#if (defined(_WIN32) || defined(__cplusplus_winrt)) && !defined(CPPREST_FORCE_HTTP_CLIENT_ASIO)
-#include <wincrypt.h>
-#include <winhttp.h>
-#endif
 #include "pplx/pplx_utils.h" // for pplx::complete_at
 #include "cpprest/http_client.h"
 #include "cpprest/json_validator.h"
@@ -21,6 +17,12 @@
 #include "nmos/slog.h"
 #include "nmos/thread_utils.h" // for wait_until, reverse_lock_guard
 #include "ssl/ssl_utils.h"
+#if (defined(_WIN32) || defined(__cplusplus_winrt)) && !defined(CPPREST_FORCE_HTTP_CLIENT_ASIO)
+#include <Windows.h>
+#include <wincrypt.h>
+#include <winhttp.h>
+#include "nmos/certificate_settings.h"
+#endif
 
 namespace nmos
 {
@@ -399,8 +401,10 @@ namespace nmos
                 config.set_nativehandle_options([=](web::http::client::native_handle hRequest)
                 {
                     // the client_certificate_file must be in PKCS #12 format
-                    // hmm, while executing WinHttpSendRequest, it failed with ERROR_WINHTTP_CLIENT_CERT_NO_PRIVATE_KEY(12185) : No credentials were available in the client certificate.
-                    const auto& client_certificate_file = nmos::experimental::fields::client_certificate_file(settings);
+                    // storing the certificate chain and the private key in a single encryptable file
+                    const auto client_certificate = nmos::experimental::fields::client_certificate(settings);
+                    const auto client_certificate_file = nmos::experimental::fields::certificate_chain_file(client_certificate);
+
                     if (!client_certificate_file.empty())
                     {
                         std::ifstream stream(client_certificate_file.c_str(), std::ios::in | std::ios::binary);
@@ -425,7 +429,7 @@ namespace nmos
                         }
                     }
                 });
-#endif //#if (defined(_WIN32) || defined(__cplusplus_winrt)) && !defined(CPPREST_FORCE_HTTP_CLIENT_ASIO)
+#endif
                 return config;
             }
 
@@ -1281,7 +1285,12 @@ namespace nmos
                 }
                 catch (const est_exception& e)
                 {
-                    slog::log<slog::severities::error>(gate, SLOG_FLF) << "Logic error to generate CSR: " << e.what();
+                    slog::log<slog::severities::error>(gate, SLOG_FLF) << "Logic error to generate CSR EST error: " << e.what();
+                    return false;
+                }
+                catch (const ssl::experimental::ssl_exception& e)
+                {
+                    slog::log<slog::severities::error>(gate, SLOG_FLF) << "Logic error to generate CSR SSL error: " << e.what();
                     return false;
                 }
                 catch (const std::exception& e)