Kurlyk
Loading...
Searching...
No Matches
SocketClient.hpp
Go to the documentation of this file.
1#pragma once
2#ifndef _KURLYK_SIMPLE_WEB_SOCKET_CLIENT_WSS_HPP
3#define _KURLYK_SIMPLE_WEB_SOCKET_CLIENT_WSS_HPP
4
13
14#include <client_ws.hpp>
15
16#ifdef ASIO_STANDALONE
17#include <asio/ssl.hpp>
18#else
19#include <boost/asio/ssl.hpp>
20#endif
21
22namespace SimpleWeb {
23 using WSS = asio::ssl::stream<asio::ip::tcp::socket>;
24
30 template <>
31 class SocketClient<WSS> : public SocketClientBase<WSS> {
32 public:
33
41 SocketClient(const std::string &server_port_path, bool verify_certificate = true,
42 const std::string &certification_file = std::string(), const std::string &private_key_file = std::string(),
43 const std::string &verify_file = std::string())
44 : SocketClientBase<WSS>::SocketClientBase(server_port_path, 443),
45# if defined(ASIO_STANDALONE) && (ASIO_VERSION >= 101300 || BOOST_ASIO_VERSION >= 101300)
46 context(asio::ssl::context::tls_client) {
47 // Disabling TLS 1.0 and 1.1 (see RFC 8996)
48 context.set_options(asio::ssl::context::no_tlsv1);
49 context.set_options(asio::ssl::context::no_tlsv1_1);
50# else
51 context(asio::ssl::context::tlsv12) {
52# endif
53
54 if(certification_file.size() > 0 && private_key_file.size() > 0) {
55 context.use_certificate_chain_file(certification_file);
56 context.use_private_key_file(private_key_file, asio::ssl::context::pem);
57 }
58
59 if(verify_certificate) {
60# if defined(ASIO_STANDALONE) && (ASIO_VERSION >= 101300 || BOOST_ASIO_VERSION >= 101300)
61 context.set_verify_callback(asio::ssl::host_name_verification(host));
62# else
63 context.set_verify_callback(asio::ssl::rfc2818_verification(host));
64# endif
65 }
66
67 if(verify_file.size() > 0) {
68 context.load_verify_file(verify_file);
69 } else {
70 //context.set_default_verify_paths();
71 add_root_certificates();
72 }
73
74 if(verify_certificate) {
75 context.set_verify_mode(asio::ssl::verify_peer);
76 } else {
77 context.set_verify_mode(asio::ssl::verify_none);
78 }
79 };
80
81 private:
82
87 void add_root_certificates() {
88 X509_STORE* store = ::SSL_CTX_get_cert_store(context.native_handle());
89 HCERTSTORE hCertStore = CertOpenSystemStore(0LL, "ROOT");
90 if (!hCertStore) {
91 return;
92 }
93
94 PCCERT_CONTEXT certContext = nullptr;
95 while (true) {
96 certContext = CertEnumCertificatesInStore(hCertStore, certContext);
97 if (!certContext) {
98 break;
99 }
100 X509* x509 = d2i_X509(nullptr, (const unsigned char**)&certContext->pbCertEncoded,
101 certContext->cbCertEncoded);
102 if (x509) {
103 X509_STORE_add_cert(store, x509);
104 X509_free(x509);
105 }
106 }
107 CertFreeCertificateContext(certContext);
108 CertCloseStore(hCertStore, 0);
109 }
110
111 protected:
112 asio::ssl::context context;
113
119 void connect() override {
120 LockGuard connection_lock(connection_mutex);
121 auto connection = this->connection = std::shared_ptr<Connection>(new Connection(handler_runner, config.timeout_idle, *io_service, context));
122 connection_lock.unlock();
123
124 std::pair<std::string, std::string> host_port;
125 if(config.proxy_server.empty())
126 host_port = {host, std::to_string(port)};
127 else {
128 auto proxy_host_port = parse_host_port(config.proxy_server, 8080);
129 host_port = {proxy_host_port.first, std::to_string(proxy_host_port.second)};
130 }
131
132 auto resolver = std::make_shared<asio::ip::tcp::resolver>(*io_service);
133 connection->set_timeout(config.timeout_request);
134 async_resolve(*resolver, host_port, [this, connection, resolver](const error_code &ec, resolver_results results) {
135 connection->cancel_timeout();
136 auto lock = connection->handler_runner->continue_lock();
137 if(!lock)
138 return;
139 if(!ec) {
140 connection->set_timeout(this->config.timeout_request);
141 asio::async_connect(connection->socket->lowest_layer(), results, [this, connection, resolver](const error_code &ec, async_connect_endpoint /*endpoint*/) {
142 connection->cancel_timeout();
143 auto lock = connection->handler_runner->continue_lock();
144 if(!lock)
145 return;
146 if(!ec) {
147 asio::ip::tcp::no_delay option(true);
148 error_code ec;
149 connection->socket->lowest_layer().set_option(option, ec);
150
151 if(!this->config.proxy_server.empty()) {
152 auto streambuf = std::make_shared<asio::streambuf>();
153 std::ostream ostream(streambuf.get());
154 auto host_port = this->host + ':' + std::to_string(this->port);
155 ostream << "CONNECT " + host_port + " HTTP/1.1\r\n"
156 << "Host: " << host_port << "\r\n";
157 if(!this->config.proxy_auth.empty())
158 ostream << "Proxy-Authorization: Basic " << Crypto::Base64::encode(this->config.proxy_auth) << "\r\n";
159 ostream << "\r\n";
160 connection->set_timeout(this->config.timeout_request);
161 asio::async_write(connection->socket->next_layer(), *streambuf, [this, connection, streambuf](const error_code &ec, std::size_t /*bytes_transferred*/) {
162 connection->cancel_timeout();
163 auto lock = connection->handler_runner->continue_lock();
164 if(!lock)
165 return;
166 if(!ec) {
167 connection->set_timeout(this->config.timeout_request);
168 connection->in_message = std::shared_ptr<InMessage>(new InMessage());
169 asio::async_read_until(connection->socket->next_layer(), connection->in_message->streambuf, "\r\n\r\n", [this, connection](const error_code &ec, std::size_t /*bytes_transferred*/) {
170 connection->cancel_timeout();
171 auto lock = connection->handler_runner->continue_lock();
172 if(!lock)
173 return;
174 if(!ec) {
175 if(!ResponseMessage::parse(*connection->in_message, connection->http_version, connection->status_code, connection->header))
176 this->connection_error(connection, make_error_code::make_error_code(errc::protocol_error));
177 else {
178 if(connection->status_code.compare(0, 3, "200") != 0)
179 this->connection_error(connection, make_error_code::make_error_code(errc::permission_denied));
180 else
181 this->handshake(connection);
182 }
183 } else
184 this->connection_error(connection, ec);
185 });
186 } else
187 this->connection_error(connection, ec);
188 });
189 } else
190 this->handshake(connection);
191 } else
192 this->connection_error(connection, ec);
193 });
194 } else
195 this->connection_error(connection, ec);
196 });
197 }
198
206 void handshake(const std::shared_ptr<Connection> &connection) {
207 SSL_set_tlsext_host_name(connection->socket->native_handle(), this->host.c_str());
208
209 connection->set_timeout(this->config.timeout_request);
210 connection->socket->async_handshake(asio::ssl::stream_base::client, [this, connection](const error_code &ec) {
211 connection->cancel_timeout();
212 auto lock = connection->handler_runner->continue_lock();
213 if(!lock)
214 return;
215 if(!ec)
216 upgrade(connection);
217 else
218 this->connection_error(connection, ec);
219 });
220 }
221 }; // SocketClient
222
223} // namespace SimpleWeb
224
225#endif // _KURLYK_SIMPLE_WEB_SOCKET_CLIENT_WSS_HPP
SimpleWeb::SocketClient< WSS >::add_root_certificates
void add_root_certificates()
Adds root certificates from the system to the SSL context.
Definition SocketClient.hpp:87
SimpleWeb::SocketClient< WSS >::connect
void connect() override
Initiates the connection process.
Definition SocketClient.hpp:119
SimpleWeb::SocketClient< WSS >::handshake
void handshake(const std::shared_ptr< Connection > &connection)
Performs the SSL/TLS handshake.
Definition SocketClient.hpp:206
SimpleWeb::SocketClient< WSS >::SocketClient
SocketClient(const std::string &server_port_path, bool verify_certificate=true, const std::string &certification_file=std::string(), const std::string &private_key_file=std::string(), const std::string &verify_file=std::string())
Constructs a WebSocket client with SSL/TLS support.
Definition SocketClient.hpp:41
SimpleWeb::WSS
asio::ssl::stream< asio::ip::tcp::socket > WSS
Definition SocketClient.hpp:23