support client certificates

connection.cpp

@@ -224,6 +224,15 @@ auto Connection::send_join(std::string_view channel) -> void
     write_irc("JOIN", channel);
 }
 
+auto Connection::send_whois(std::string_view arg1, std::string_view arg2) -> void
+{
+    if (arg2.empty()) {
+        write_irc("WHOIS", arg1);
+    } else {
+        write_irc("WHOIS", arg1, arg2);
+    }
+}
+
 auto Connection::on_authenticate(const std::string_view chunk) -> void
 {
     if (chunk != "+"sv)

connection.hpp

@@ -24,12 +24,15 @@ public:
 
 struct ConnectSettings
 {
+    using X509_Ref = Ref<X509, X509_up_ref, X509_free>;
+    using EVP_PKEY_Ref = Ref<EVP_PKEY, EVP_PKEY_up_ref, EVP_PKEY_free>;
+
     bool tls;
     std::string host;
     std::uint16_t port;
 
-    Ref<X509, X509_up_ref, X509_free> client_cert;
-    Ref<EVP_PKEY, EVP_PKEY_up_ref, EVP_PKEY_free> client_key;
+    X509_Ref client_cert;
+    EVP_PKEY_Ref client_key;
     std::string verify;
     std::string sni;
 
@@ -104,6 +107,8 @@ public:
     auto send_authenticate(std::string_view message) -> void;
     auto send_authenticate_encoded(std::string_view message) -> void;
     auto send_authenticate_abort() -> void;
+    auto send_whois(std::string_view, std::string_view = {}) -> void;
+
 };
 
 template <typename... Args>

main.cpp

@@ -1,21 +1,86 @@
+#include "bot.hpp"
+#include "c_callback.hpp"
+#include "client.hpp"
 #include "connection.hpp"
+#include "registration.hpp"
 #include "settings.hpp"
 
 #include <boost/asio.hpp>
 #include <boost/log/trivial.hpp>
 
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+#include <cstdio>
 #include <fstream>
 #include <iostream>
 #include <memory>
 
-#include "bot.hpp"
-#include "client.hpp"
-#include "registration.hpp"
-
 using namespace std::literals;
 
-auto start(boost::asio::io_context &io, const Settings &settings) -> void
+static auto log_openssl_errors(const std::string_view prefix) -> void
 {
+    auto err_cb = [prefix](const char *str, size_t len) -> int {
+        BOOST_LOG_TRIVIAL(error) << prefix << std::string_view{str, len};
+        return 0;
+    };
+    ERR_print_errors_cb(CCallback<decltype(err_cb)>::invoke, &err_cb);
+}
+
+static auto cert_from_file(const std::string &filename) -> ConnectSettings::X509_Ref
+{
+    ConnectSettings::X509_Ref cert;
+    if (const auto fp = fopen(filename.c_str(), "r"))
+    {
+        cert = PEM_read_X509(fp, nullptr, nullptr, nullptr);
+        if (cert.get() == nullptr)
+        {
+            log_openssl_errors("Reading certificate: "sv);
+        }
+        fclose(fp);
+    }
+    else
+    {
+        const auto err = strerror(errno);
+        BOOST_LOG_TRIVIAL(error) << "Opening certificate: " << err;
+    }
+    return cert;
+}
+
+static auto key_from_file(const std::string &filename) -> ConnectSettings::EVP_PKEY_Ref
+{
+    ConnectSettings::EVP_PKEY_Ref key;
+    if (const auto fp = fopen(filename.c_str(), "r"))
+    {
+        key = PEM_read_PrivateKey(fp, nullptr, nullptr, nullptr);
+        if (key.get() == nullptr)
+        {
+            log_openssl_errors("Reading private key: "sv);
+        }
+        fclose(fp);
+    }
+    else
+    {
+        const auto err = strerror(errno);
+        BOOST_LOG_TRIVIAL(error) << "Opening private key: " << err;
+    }
+    return key;
+}
+
+static auto start(boost::asio::io_context &io, const Settings &settings) -> void
+{
+    ConnectSettings::X509_Ref cert;
+    if (settings.use_tls && not settings.tls_certfile.empty())
+    {
+        cert = cert_from_file(settings.tls_certfile);
+    }
+
+    ConnectSettings::EVP_PKEY_Ref key;
+    if (settings.use_tls && not settings.tls_keyfile.empty())
+    {
+        key = key_from_file(settings.tls_keyfile);
+    }
+
     const auto connection = std::make_shared<Connection>(io);
     const auto client = Client::start(*connection);
     Registration::start(settings, client);
@@ -32,6 +97,7 @@ auto start(boost::asio::io_context &io, const Settings &settings) -> void
 
     client->sig_registered.connect([connection]() {
         connection->send_join("##glguy"sv);
+        connection->send_whois("bot"sv);
     });
 
     connection->sig_disconnect.connect(
@@ -54,10 +120,12 @@ auto start(boost::asio::io_context &io, const Settings &settings) -> void
         .host = settings.host,
         .port = settings.service,
         .verify = settings.tls_hostname,
+        .client_cert = std::move(cert),
+        .client_key = std::move(key),
     });
 }
 
-auto get_settings() -> Settings
+static auto get_settings() -> Settings
 {
     if (auto config_stream = std::ifstream{"config.toml"})
     {

settings.cpp

@@ -18,6 +18,8 @@ auto Settings::from_stream(std::istream &in) -> Settings
         .sasl_authzid = config["sasl_authzid"].value_or(std::string{}),
         .sasl_password = config["sasl_password"].value_or(std::string{}),
         .tls_hostname = config["tls_hostname"].value_or(std::string{}),
+        .tls_certfile = config["tls_certfile"].value_or(std::string{}),
+        .tls_keyfile = config["tls_keyfile"].value_or(std::string{}),
         .use_tls = config["use_tls"].value_or(false),
     };
 }

settings.hpp

@@ -18,6 +18,9 @@ struct Settings
     std::string sasl_password;
 
     std::string tls_hostname;
+    std::string tls_certfile;
+    std::string tls_keyfile;
+
     bool use_tls;
 
     static auto from_stream(std::istream &in) -> Settings;