From 3b3698e439ae19dfaeafa7b464e648eb5b0740fb Mon Sep 17 00:00:00 2001 From: Brian Bockelman Date: Sun, 1 Oct 2023 12:21:16 -0500 Subject: [PATCH] Allow the scitokens library user to setup a custom CA file --- src/scitokens.cpp | 7 ++++++- src/scitokens_internal.cpp | 17 +++++++++++++++++ src/scitokens_internal.h | 3 +++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/src/scitokens.cpp b/src/scitokens.cpp index daae600..9553ea0 100644 --- a/src/scitokens.cpp +++ b/src/scitokens.cpp @@ -17,6 +17,8 @@ std::atomic_int configurer::Configuration::m_expiry_delta{4 * 24 * 3600}; // SciTokens cache home config std::shared_ptr configurer::Configuration::m_cache_home = std::make_shared(""); +std::shared_ptr configurer::Configuration::m_tls_ca_file = + std::make_shared(""); SciTokenKey scitoken_key_create(const char *key_id, const char *alg, const char *public_contents, @@ -1051,8 +1053,9 @@ int scitoken_config_set_str(const char *key, const char *value, } return -1; } + } else if (_key == "tls.ca_file") { + configurer::Configuration::set_tls_ca_file(value ? std::string(value) : ""); } - else { if (err_msg) { *err_msg = strdup("Key not recognized."); @@ -1073,6 +1076,8 @@ int scitoken_config_get_str(const char *key, char **output, char **err_msg) { std::string _key = key; if (_key == "keycache.cache_home") { *output = strdup(configurer::Configuration::get_cache_home().c_str()); + } else if (_key == "tls.ca_file") { + *output = strdup(configurer::Configuration::get_tls_ca_file().c_str()); } else { diff --git a/src/scitokens_internal.cpp b/src/scitokens_internal.cpp index a75d9f4..79b8f98 100644 --- a/src/scitokens_internal.cpp +++ b/src/scitokens_internal.cpp @@ -79,6 +79,14 @@ SimpleCurlGet::GetStatus SimpleCurlGet::perform_start(const std::string &url) { throw CurlException("Failed to set CURLOPT_FOLLOWLOCATION."); } + auto ca_file = configurer::Configuration::get_tls_ca_file(); + if (!ca_file.empty()) { + rv = curl_easy_setopt(m_curl.get(), CURLOPT_CAINFO, ca_file.c_str()); + if (rv != CURLE_OK) { + throw CurlException("Failed to set CURLOPT_CAINFO."); + } + } + { auto mres = curl_multi_add_handle(m_curl_multi.get(), m_curl.get()); if (mres) { @@ -1131,10 +1139,19 @@ configurer::Configuration::set_cache_home(const std::string dir_path) { return std::make_pair(true, ""); } +void +configurer::Configuration::set_tls_ca_file(const std::string ca_file) { + m_tls_ca_file = std::make_shared(ca_file); +} + std::string configurer::Configuration::get_cache_home() { return *m_cache_home; } +std::string configurer::Configuration::get_tls_ca_file() { + return *m_tls_ca_file; +} + // bool configurer::Configuration::check_dir(const std::string dir_path) { // struct stat info; // return stat(dir_path.c_str(), &info) == 0 && (info.st_mode & S_IFDIR); diff --git a/src/scitokens_internal.h b/src/scitokens_internal.h index 3705104..a629096 100644 --- a/src/scitokens_internal.h +++ b/src/scitokens_internal.h @@ -44,11 +44,14 @@ class Configuration { static int get_expiry_delta() { return m_expiry_delta; } static std::pair set_cache_home(const std::string cache_home); static std::string get_cache_home(); + static void set_tls_ca_file(const std::string ca_file); + static std::string get_tls_ca_file(); private: static std::atomic_int m_next_update_delta; static std::atomic_int m_expiry_delta; static std::shared_ptr m_cache_home; + static std::shared_ptr m_tls_ca_file; // static bool check_dir(const std::string dir_path); static std::pair mkdir_and_parents_if_needed(const std::string dir_path);