Allow the scitokens library user to setup a custom CA file

scitokens · Oct 1, 2023 · 3b3698e · 3b3698e
1 parent fedce7d
commit 3b3698e
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/src/scitokens.cpp b/src/scitokens.cpp
@@ -17,6 +17,8 @@ std::atomic_int configurer::Configuration::m_expiry_delta{4 * 24 * 3600};
 // SciTokens cache home config
 std::shared_ptr<std::string> configurer::Configuration::m_cache_home =
     std::make_shared<std::string>("");
+std::shared_ptr<std::string> configurer::Configuration::m_tls_ca_file =
+    std::make_shared<std::string>("");
 
 SciTokenKey scitoken_key_create(const char *key_id, const char *alg,
                                 const char *public_contents,
@@ -1051,8 +1053,9 @@ int scitoken_config_set_str(const char *key, const char *value,
             }
             return -1;
         }
+    } else if (_key == "tls.ca_file") {
+       configurer::Configuration::set_tls_ca_file(value ? std::string(value) : "");
     }
-
     else {
         if (err_msg) {
             *err_msg = strdup("Key not recognized.");
@@ -1073,6 +1076,8 @@ int scitoken_config_get_str(const char *key, char **output, char **err_msg) {
     std::string _key = key;
     if (_key == "keycache.cache_home") {
         *output = strdup(configurer::Configuration::get_cache_home().c_str());
+    } else if (_key == "tls.ca_file") {
+        *output = strdup(configurer::Configuration::get_tls_ca_file().c_str());
     }
 
     else {

diff --git a/src/scitokens_internal.cpp b/src/scitokens_internal.cpp
@@ -79,6 +79,14 @@ SimpleCurlGet::GetStatus SimpleCurlGet::perform_start(const std::string &url) {
         throw CurlException("Failed to set CURLOPT_FOLLOWLOCATION.");
     }
 
+    auto ca_file = configurer::Configuration::get_tls_ca_file();
+    if (!ca_file.empty()) {
+        rv = curl_easy_setopt(m_curl.get(), CURLOPT_CAINFO, ca_file.c_str());
+        if (rv != CURLE_OK) {
+            throw CurlException("Failed to set CURLOPT_CAINFO.");
+        }
+    }
+
     {
         auto mres = curl_multi_add_handle(m_curl_multi.get(), m_curl.get());
         if (mres) {
@@ -1131,10 +1139,19 @@ configurer::Configuration::set_cache_home(const std::string dir_path) {
     return std::make_pair(true, "");
 }
 
+void
+configurer::Configuration::set_tls_ca_file(const std::string ca_file) {
+    m_tls_ca_file = std::make_shared<std::string>(ca_file);
+}
+
 std::string configurer::Configuration::get_cache_home() {
     return *m_cache_home;
 }
 
+std::string configurer::Configuration::get_tls_ca_file() {
+    return *m_tls_ca_file;
+}
+
 // bool configurer::Configuration::check_dir(const std::string dir_path) {
 //     struct stat info;
 //     return stat(dir_path.c_str(), &info) == 0 && (info.st_mode & S_IFDIR);

diff --git a/src/scitokens_internal.h b/src/scitokens_internal.h
@@ -44,11 +44,14 @@ class Configuration {
     static int get_expiry_delta() { return m_expiry_delta; }
     static std::pair<bool, std::string> set_cache_home(const std::string cache_home);
     static std::string get_cache_home();
+    static void set_tls_ca_file(const std::string ca_file);
+    static std::string get_tls_ca_file();
 
   private:
     static std::atomic_int m_next_update_delta;
     static std::atomic_int m_expiry_delta;
     static std::shared_ptr<std::string> m_cache_home;
+    static std::shared_ptr<std::string> m_tls_ca_file;
     // static bool check_dir(const std::string dir_path);
     static std::pair<bool, std::string>
     mkdir_and_parents_if_needed(const std::string dir_path);