nec-baas · rk0jima · Dec 17, 2019
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -24,6 +24,7 @@ set(serial 6.2.0)
 set(soserial 6)
 
 set(LIB_SOURCE_FILES
+    src/nb_http_options.cc
     src/nb_http_response.cc
     src/nb_json_array.cc
     src/nb_json_object.cc

diff --git a/functional_tests/CMakeLists.txt b/functional_tests/CMakeLists.txt
@@ -33,6 +33,7 @@ set(TEST_FILES
     ${CMAKE_CURRENT_SOURCE_DIR}/nb_file_bucket_ft.cc
     ${CMAKE_CURRENT_SOURCE_DIR}/nb_file_bucket_ft_m.cc
     ${CMAKE_CURRENT_SOURCE_DIR}/nb_api_gateway_ft.cc
+    ${CMAKE_CURRENT_SOURCE_DIR}/nb_http_options_ft.cc
     ${CMAKE_CURRENT_SOURCE_DIR}/durbility_ft.cc
     )
 

diff --git a/functional_tests/files/client_auth/.gitkeep b/functional_tests/files/client_auth/.gitkeep
diff --git a/functional_tests/files/server_auth/.gitkeep b/functional_tests/files/server_auth/.gitkeep
diff --git a/functional_tests/ft_data.cc b/functional_tests/ft_data.cc
@@ -55,4 +55,25 @@ const std::string kNoAclObjectBucketName = "noAclObjectBucket";
 
 // 空文字
 const std::string kEmpty = "";
+
+namespace ssl {
+// SSL認証評価用エンドポイント
+// クライアント認証を設定したサーバ
+const std::string kEndPointUrl = "https://XX.XX.XX.XX/api";
+
+const std::string kTenantId = "";
+const std::string kAppId = "";
+const std::string kAppKey = "";
+const std::string kMasterKey = "";
+const std::string kProxy = "";
+
+// 認証に必要なファイルはあらかじめ files 配下に配置する
+const std::string kSslCertFile = "client_auth/cert.pem";
+const std::string kSslKeyFile = "client_auth/key.pem";
+// 以下でハッシュ化した名前をつける
+// openssl x509 -hash -noout -in cacert.pem
+const std::string kSslCaCertFile = "server_auth/XXXXXXX.0";
+const std::string kSslCaCertDir = "server_auth";
+}
+
 } //namespace necbaas
diff --git a/functional_tests/ft_data.h b/functional_tests/ft_data.h
@@ -61,5 +61,21 @@ extern const std::string kNoAclObjectBucketName;
 
 // 空文字
 extern const std::string kEmpty;
+
+namespace ssl {
+extern const std::string kEndPointUrl;
+
+extern const std::string kTenantId;
+extern const std::string kAppId;
+extern const std::string kAppKey;
+extern const std::string kMasterKey;
+extern const std::string kProxy;
+
+extern const std::string kSslCertFile;
+extern const std::string kSslKeyFile;
+extern const std::string kSslCaCertFile;
+extern const std::string kSslCaCertDir;
+} //namespace ssl
+
 } //namespace necbaas
 #endif //NECBAAS_FTDATA_H
diff --git a/functional_tests/nb_http_options_ft.cc b/functional_tests/nb_http_options_ft.cc
@@ -0,0 +1,118 @@
+#include "gtest/gtest.h"
+#include "ft_data.h"
+#include "ft_util.h"
+#include "necbaas/nb_user.h"
+
+using std::string;
+using std::vector;
+using std::shared_ptr;
+
+namespace necbaas {
+
+namespace FTUtil {
+string CreateUser(shared_ptr<NbService> service, const string &user_name, const string &email, const string &password, const NbJsonObject &options);
+void CreateGroup(shared_ptr<NbService> service, const string &group);
+void UpdateGroup(shared_ptr<NbService> service, const string &group, const NbJsonObject &user_list);
+}
+
+namespace ssl {
+
+class NbHttpOptionsFT : public ::testing::Test {
+  protected:
+    static void SetUpTestCase() {
+        NbJsonObject users;
+        NbJsonArray user_list;
+        auto master_service = NbService::CreateService(kEndPointUrl, kTenantId, kAppId, kAppKey, kProxy);
+        master_service->SetHttpOptions(NbHttpOptions()
+                                           .SslVerifyPeer(false)
+                                           .SslCert(FTUtil::MakeFilePath(kSslCertFile))
+                                           .SslKey(FTUtil::MakeFilePath(kSslKeyFile)));
+
+        user_list.Append(FTUtil::CreateUser(master_service, kUserName, kEmail, kPassword, kOptions));
+        users.PutJsonArray("users", user_list);
+        FTUtil::CreateGroup(master_service, "group1");
+        FTUtil::UpdateGroup(master_service, "group1", users);
+    }
+    static void TearDownTestCase() {}
+
+    virtual void SetUp() {}
+    virtual void TearDown() {}
+};
+
+TEST_F(NbHttpOptionsFT, ClientAuthSslTest) {
+    shared_ptr<NbService> service = NbService::CreateService(kEndPointUrl, kTenantId, kAppId, kAppKey, kProxy);
+    service->SetHttpOptions(NbHttpOptions()
+        .SslVerifyPeer(false)
+        .SslCert(FTUtil::MakeFilePath(kSslCertFile))
+        .SslKey(FTUtil::MakeFilePath(kSslKeyFile)));
+
+    NbResult<NbUser> result = NbUser::LoginWithUsername(service, kUserName, kPassword);
+    // 通信成功でＯＫとする
+    ASSERT_TRUE(result.IsSuccess());
+    NbUser::Logout(service);
+}
+
+TEST_F(NbHttpOptionsFT, ClientAuthWrongCertTypeSslTest) {
+    shared_ptr<NbService> service = NbService::CreateService(kEndPointUrl, kTenantId, kAppId, kAppKey, kProxy);
+    service->SetHttpOptions(NbHttpOptions()
+                                .SslVerifyPeer(false)
+                                .SslCert(FTUtil::MakeFilePath(kSslCertFile))
+                                .SslKey(FTUtil::MakeFilePath(kSslKeyFile))
+                                .SslCertType("DER"));
+
+    NbResult<NbUser> result = NbUser::LoginWithUsername(service, kUserName, kPassword);
+    ASSERT_FALSE(result.IsSuccess());
+    NbUser::Logout(service);
+}
+
+TEST_F(NbHttpOptionsFT, VerifyPeerSslTest) {
+    shared_ptr<NbService> service = NbService::CreateService(kEndPointUrl, kTenantId, kAppId, kAppKey, kProxy);
+    service->SetHttpOptions(NbHttpOptions()
+                                .SslVerifyPeer(false)
+                                .SslCert(FTUtil::MakeFilePath(kSslCertFile))
+                                .SslKey(FTUtil::MakeFilePath(kSslKeyFile)));
+
+    NbResult<NbUser> result = NbUser::LoginWithUsername(service, kUserName, kPassword);
+    ASSERT_TRUE(result.IsSuccess());
+    NbUser::Logout(service);
+
+    service = NbService::CreateService(kEndPointUrl, kTenantId, kAppId, kAppKey, kProxy);
+    service->SetHttpOptions(NbHttpOptions()
+                                .SslVerifyPeer(true)
+                                .SslCert(FTUtil::MakeFilePath(kSslCertFile))
+                                .SslKey(FTUtil::MakeFilePath(kSslKeyFile)));
+    result = NbUser::LoginWithUsername(service, kUserName, kPassword);
+    ASSERT_FALSE(result.IsSuccess());
+    NbUser::Logout(service);
+}
+
+TEST_F(NbHttpOptionsFT, CaInfoSslTest) {
+    shared_ptr<NbService> service = NbService::CreateService(kEndPointUrl, kTenantId, kAppId, kAppKey, kProxy);
+    service->SetHttpOptions(NbHttpOptions()
+                                .SslVerifyPeer(true)
+                                .CaInfo(FTUtil::MakeFilePath(kSslCaCertFile))
+                                .SslCert(FTUtil::MakeFilePath(kSslCertFile))
+                                .SslKey(FTUtil::MakeFilePath(kSslKeyFile)));
+
+    NbResult<NbUser> result = NbUser::LoginWithUsername(service, kUserName, kPassword);
+    // 通信成功でＯＫとする
+    ASSERT_TRUE(result.IsSuccess());
+    NbUser::Logout(service);
+}
+
+TEST_F(NbHttpOptionsFT, CaPathSslTest) {
+    shared_ptr<NbService> service = NbService::CreateService(kEndPointUrl, kTenantId, kAppId, kAppKey, kProxy);
+    service->SetHttpOptions(NbHttpOptions()
+                                .SslVerifyPeer(true)
+                                .CaPath(FTUtil::MakeFilePath(kSslCaCertDir))
+                                .SslCert(FTUtil::MakeFilePath(kSslCertFile))
+                                .SslKey(FTUtil::MakeFilePath(kSslKeyFile)));
+
+    NbResult<NbUser> result = NbUser::LoginWithUsername(service, kUserName, kPassword);
+    // 通信成功でＯＫとする
+    ASSERT_TRUE(result.IsSuccess());
+    NbUser::Logout(service);
+}
+
+} //namespace ssl
+} //namespace necbaas
diff --git a/include/necbaas/internal/nb_http_request.h b/include/necbaas/internal/nb_http_request.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 NEC Corporation
+ * Copyright (C) 2017-2019 NEC Corporation
  */
 
 #ifndef NECBAAS_NBHTTPREQUEST_H
@@ -9,6 +9,7 @@
 #include <list>
 #include "necbaas/nb_http_request_method.h"
 #include "necbaas/nb_result_code.h"
+#include "necbaas/nb_http_options.h"
 
 namespace necbaas {
 
@@ -30,7 +31,7 @@ class NbHttpRequest {
      */
     NbHttpRequest(const std::string &url, const NbHttpRequestMethod &method,
                   const std::list<std::string> &headers, const std::string &body,
-                  const std::string &proxy);
+                  const std::string &proxy, const NbHttpOptions &http_options);
 
     /**
      * デストラクタ.
@@ -67,6 +68,12 @@ class NbHttpRequest {
      */
     const std::string &GetProxy() const;
 
+    /**
+     * CURLオプション取得.
+     * @return      Curlオプション
+     */
+    std::list<std::shared_ptr<curlpp::OptionBase>> GetHttpOptions() const;
+
     /**
      * ダンプ.
      * ログにHTTPリクエスト情報を出力する
@@ -78,6 +85,7 @@ class NbHttpRequest {
     const std::list<std::string> headers_{};    /*!< HTTPヘッダリスト */
     const std::string body_{};                  /*!< HTTPボディ       */
     const std::string proxy_{};                 /*!< Proxy URL        */
+    const NbHttpOptions http_options_{};        /*!< HTTPオプション   */
 };
 } //namespace necbaas
 

diff --git a/include/necbaas/internal/nb_http_request_factory.h b/include/necbaas/internal/nb_http_request_factory.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 NEC Corporation
+ * Copyright (C) 2017-2019 NEC Corporation
  */
 
 #ifndef NECBAAS_NBHTTPREQUESTFACTORY_H
@@ -9,6 +9,7 @@
 #include <map>
 #include "necbaas/nb_http_request_method.h"
 #include "necbaas/internal/nb_http_request.h"
+#include "necbaas/nb_http_options.h"
 
 namespace necbaas {
 
@@ -35,7 +36,8 @@ class NbHttpRequestFactory {
      * @param[in]   sessnon_token       セッショントークン
      */
     NbHttpRequestFactory(const std::string &end_point_url, const std::string &tenant_id, const std::string &app_id,
-                         const std::string &app_key, const std::string &sessnon_token, const std::string &proxy);
+                         const std::string &app_key, const std::string &sessnon_token, const std::string &proxy,
+                         const NbHttpOptions &http_options);
 
     /**
      * デストラクタ.
@@ -147,6 +149,7 @@ class NbHttpRequestFactory {
     const std::string app_key_;                                 /*!< アプリケーションキー */
     const std::string session_token_;                           /*!< セッショントークン */
     const std::string proxy_;                                   /*!< Proxy */
+    const NbHttpOptions http_options_;                          /*!< HTTPオプション */
 
     NbHttpRequestMethod request_method_{NbHttpRequestMethod::HTTP_REQUEST_TYPE_GET};
                                                                 /*!< HTTPメソッド */

diff --git a/include/necbaas/nb_http_options.h b/include/necbaas/nb_http_options.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2019 NEC Corporation
+ */
+
+#ifndef NECBAAS_NBHTTPOPTIONS_H
+#define NECBAAS_NBHTTPOPTIONS_H
+
+#include <string>
+#include <map>
+#include <memory>
+#include <curlpp/OptionBase.hpp>
+
+namespace necbaas {
+
+/**
+ * @class NbHttpOptions nb_http_options.h "necbaas/nb_http_options.h"
+ * HTTPオプション.
+ *
+ * <b>本クラスのインスタンスはスレッドセーフではない</b>
+ */
+class NbHttpOptions {
+    // ユーザにCURLオプションは露出せずNbHttpRequstのみにアクセスを許す
+    friend class NbHttpRequest;
+    friend class TestUtil;
+
+public:
+
+	/**
+     * SET CURLオプション.
+     */
+
+    NbHttpOptions &SslCert(const std::string &);
+    NbHttpOptions &SslCertType(const std::string &);
+    NbHttpOptions &SslCertPasswd(const std::string &);
+    NbHttpOptions &SslKey(const std::string &);
+    NbHttpOptions &SslKeyType(const std::string &);
+    NbHttpOptions &SslKeyPasswd(const std::string &);
+    NbHttpOptions &SslVerifyPeer(bool);
+    NbHttpOptions &CaInfo(const std::string &);
+    NbHttpOptions &CaPath(const std::string &);
+
+private:
+    typedef std::map<CURLoption, std::shared_ptr<curlpp::OptionBase>> options;
+
+    options GetOptions() const;
+    options options_;
+};
+
+}  // namespace necbaas
+#endif  // NECBAAS_NBHTTPOPTIONS_H
diff --git a/include/necbaas/nb_service.h b/include/necbaas/nb_service.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 NEC Corporation
+ * Copyright (C) 2017-2019 NEC Corporation
  */
 
 #ifndef NECBAAS_NBSERVICE_H
@@ -120,6 +120,12 @@ class NbService {
      */
     void ClearSessionToken();
 
+    /**
+     * HTTPアクセスのオプション設定.
+     * @param[in]   options    HTTPオプション
+     */
+    void SetHttpOptions(const NbHttpOptions &options);
+
     /**
      * <b>[内部処理用]</b>
      * @internal
@@ -159,6 +165,7 @@ class NbService {
     std::string endpoint_url_;              /*!< Endpoint URI */
     std::string tenant_id_;                 /*!< テナントID */
     std::string proxy_;                     /*!< Proxy URL */
+    NbHttpOptions http_options_;            /*!< HTTPオプション */
     NbSessionToken session_token_;          /*!< セッショントークン */
     NbRestExecutorPool rest_executor_pool_; /*!< REST Executorプール */
     std::mutex session_token_mutex_;        /*!< セッショントークン更新用Mutex */

diff --git a/src/internal/nb_http_request.cc b/src/internal/nb_http_request.cc
@@ -1,10 +1,11 @@
 /*
- * Copyright (C) 2017 NEC Corporation
+ * Copyright (C) 2017-2019 NEC Corporation
  */
 
 #include "necbaas/internal/nb_http_request.h"
 #include "necbaas/internal/nb_logger.h"
 #include "necbaas/internal/nb_constants.h"
+#include "necbaas/nb_http_options.h"
 
 namespace necbaas {
 
@@ -13,8 +14,8 @@ using std::list;
 using std::vector;
 
 NbHttpRequest::NbHttpRequest(const string &url, const NbHttpRequestMethod &method, const list<string> &headers,
-                             const string &body, const string &proxy)
-    : url_(url), method_(method), headers_(headers), body_(body), proxy_(proxy) {}
+                             const string &body, const string &proxy, const NbHttpOptions &http_options)
+    : url_(url), method_(method), headers_(headers), body_(body), proxy_(proxy), http_options_(http_options) {}
 
 NbHttpRequest::~NbHttpRequest() {}
 
@@ -28,6 +29,14 @@ const string &NbHttpRequest::GetBody() const { return body_; }
 
 const string &NbHttpRequest::GetProxy() const { return proxy_; }
 
+std::list<std::shared_ptr<curlpp::OptionBase>> NbHttpRequest::GetHttpOptions() const {
+    std::list<std::shared_ptr<curlpp::OptionBase>> options;
+    for (const auto &pair: http_options_.GetOptions()) {
+        options.push_back(pair.second);
+    }
+    return options;
+}
+
 void NbHttpRequest::Dump() const {
     if (!NbLogger::IsRestLogEnabled()) {
         // RESTログ有効時のみ実行