diff --git a/src/oatpp-mbedtls/Config.cpp b/src/oatpp-mbedtls/Config.cpp index 63fe9d4..9da912a 100644 --- a/src/oatpp-mbedtls/Config.cpp +++ b/src/oatpp-mbedtls/Config.cpp @@ -46,6 +46,7 @@ Config::Config() { mbedtls_entropy_init(&m_entropy); mbedtls_ctr_drbg_init(&m_ctr_drbg); mbedtls_x509_crt_init(&m_srvcert); + mbedtls_x509_crt_init(&m_clientcert); mbedtls_x509_crt_init(&m_cachain); mbedtls_pk_init(&m_privateKey); @@ -65,6 +66,7 @@ Config::~Config() { mbedtls_ctr_drbg_free(&m_ctr_drbg); mbedtls_x509_crt_free(&m_srvcert); + mbedtls_x509_crt_free(&m_clientcert); mbedtls_x509_crt_free(&m_cachain); mbedtls_pk_free(&m_privateKey); @@ -151,6 +153,64 @@ std::shared_ptr Config::createDefaultClientConfigShared(bool throwOnVeri } +std::shared_ptr Config::createDefaultClientConfigShared(bool throwOnVerificationFailed, std::string caRootCert, std::string clientCert, std::string privateKey) { + auto result = createShared(); + v_int32 res; + +#if defined(OATPP_MBEDTLS_DEBUG) + mbedtls_ssl_conf_dbg( &result->m_config, mbedtlsDebug, (void*)"Client" ); + mbedtls_debug_set_threshold( OATPP_MBEDTLS_DEBUG ); +#endif + + result->m_throwOnVerificationFailed = throwOnVerificationFailed; + + res = mbedtls_ssl_config_defaults(&result->m_config, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + if(res != 0) { + OATPP_LOGD("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]", "Error. Call to mbedtls_ssl_config_defaults() failed, return value=%d.", res); + throw std::runtime_error("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]: Error. Call to mbedtls_ssl_config_defaults() failed."); + } + + if (caRootCert.size()) + { + res = mbedtls_x509_crt_parse(&result->m_cachain, (const unsigned char *)caRootCert.data(), caRootCert.size()+1); + if (res != 0) { + OATPP_LOGD("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]", "Error. Call to mbedtls_x509_crt_parse() failed, return value=%d.", res); + throw std::runtime_error("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]: Error. Call to mbedtls_x509_crt_parse() failed."); + } + mbedtls_ssl_conf_authmode(&result->m_config, MBEDTLS_SSL_VERIFY_REQUIRED); + mbedtls_ssl_conf_ca_chain(&result->m_config, &result->m_cachain, nullptr ); + } else { + mbedtls_ssl_conf_authmode(&result->m_config, MBEDTLS_SSL_VERIFY_NONE); + } + mbedtls_ssl_conf_rng(&result->m_config, mbedtls_ctr_drbg_random, &result->m_ctr_drbg); + + if (clientCert.size()) + { + res = mbedtls_x509_crt_parse(&result->m_clientcert, (const unsigned char *)clientCert.data(), clientCert.size()+1); + if (res != 0) { + OATPP_LOGD("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]", "Error. Call to mbedtls_x509_crt_parse() failed, return value=%d.", res); + throw std::runtime_error("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]: Error. Call to mbedtls_x509_crt_parse() failed."); + } + } + + if (privateKey.size()) + { + res = mbedtls_pk_parse_key(&result->m_privateKey, (const unsigned char *)privateKey.data(), privateKey.size()+1, NULL, 0); + if (res != 0) { + OATPP_LOGD("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]", "Error. Call to mbedtls_pk_parse_key() failed, return value=%d.", res); + throw std::runtime_error("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]: Error. Call to mbedtls_pk_parse_key() failed."); + } + } + + res = mbedtls_ssl_conf_own_cert(&result->m_config, &result->m_clientcert, &result->m_privateKey); + if(res != 0) { + OATPP_LOGD("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]", "Error. Call to mbedtls_ssl_conf_own_cert() failed, return value=%d.", res); + throw std::runtime_error("[oatpp::mbedtls::Config::createDefaultClientConfigShared()]: Error. Call to mbedtls_ssl_conf_own_cert() failed."); + } + + return result; +} + mbedtls_ssl_config* Config::getTLSConfig() { return &m_config; } diff --git a/src/oatpp-mbedtls/Config.hpp b/src/oatpp-mbedtls/Config.hpp index d4d6072..d66eb89 100644 --- a/src/oatpp-mbedtls/Config.hpp +++ b/src/oatpp-mbedtls/Config.hpp @@ -49,6 +49,7 @@ class Config { mbedtls_entropy_context m_entropy; mbedtls_ctr_drbg_context m_ctr_drbg; mbedtls_x509_crt m_srvcert; + mbedtls_x509_crt m_clientcert; mbedtls_x509_crt m_cachain; mbedtls_pk_context m_privateKey; @@ -89,6 +90,16 @@ class Config { */ static std::shared_ptr createDefaultClientConfigShared(bool throwOnVerificationFailed = false, const char* caRootCertFile = nullptr); + /** + * Create default client config. + * @param throwOnVerificationFailed - throw error on server certificate + * @param caRootCert - string buffer containing the CA Root certificate to verify against + * @param clientCert - string buffer containing the client certificate + * @param privateKey - string buffer containing the private key + * @return - `std::shared_ptr` to Config. + */ + static std::shared_ptr createDefaultClientConfigShared(bool throwOnVerificationFailed, std::string caRootCert, std::string clientCert, std::string privateKey); + /** * Get underlying mbedtls_ssl_config. * @return - `mbedtls_ssl_config*`.