From e7aba11d058de140df4e4188ecf83bd6d81287b5 Mon Sep 17 00:00:00 2001 From: Eric Mertens Date: Mon, 27 Jan 2025 18:55:19 -0800 Subject: [PATCH] support client certificates --- connection.cpp | 9 ++++++ connection.hpp | 9 ++++-- main.cpp | 80 ++++++++++++++++++++++++++++++++++++++++++++++---- settings.cpp | 2 ++ settings.hpp | 3 ++ 5 files changed, 95 insertions(+), 8 deletions(-) diff --git a/connection.cpp b/connection.cpp index aced5c4..3fe36e7 100644 --- a/connection.cpp +++ b/connection.cpp @@ -224,6 +224,15 @@ auto Connection::send_join(std::string_view channel) -> void write_irc("JOIN", channel); } +auto Connection::send_whois(std::string_view arg1, std::string_view arg2) -> void +{ + if (arg2.empty()) { + write_irc("WHOIS", arg1); + } else { + write_irc("WHOIS", arg1, arg2); + } +} + auto Connection::on_authenticate(const std::string_view chunk) -> void { if (chunk != "+"sv) diff --git a/connection.hpp b/connection.hpp index 2fa69d0..cb022fb 100644 --- a/connection.hpp +++ b/connection.hpp @@ -24,12 +24,15 @@ public: struct ConnectSettings { + using X509_Ref = Ref; + using EVP_PKEY_Ref = Ref; + bool tls; std::string host; std::uint16_t port; - Ref client_cert; - Ref client_key; + X509_Ref client_cert; + EVP_PKEY_Ref client_key; std::string verify; std::string sni; @@ -104,6 +107,8 @@ public: auto send_authenticate(std::string_view message) -> void; auto send_authenticate_encoded(std::string_view message) -> void; auto send_authenticate_abort() -> void; + auto send_whois(std::string_view, std::string_view = {}) -> void; + }; template diff --git a/main.cpp b/main.cpp index ad7cc89..b3db702 100644 --- a/main.cpp +++ b/main.cpp @@ -1,21 +1,86 @@ +#include "bot.hpp" +#include "c_callback.hpp" +#include "client.hpp" #include "connection.hpp" +#include "registration.hpp" #include "settings.hpp" #include #include +#include +#include + +#include #include #include #include -#include "bot.hpp" -#include "client.hpp" -#include "registration.hpp" - using namespace std::literals; -auto start(boost::asio::io_context &io, const Settings &settings) -> void +static auto log_openssl_errors(const std::string_view prefix) -> void { + auto err_cb = [prefix](const char *str, size_t len) -> int { + BOOST_LOG_TRIVIAL(error) << prefix << std::string_view{str, len}; + return 0; + }; + ERR_print_errors_cb(CCallback::invoke, &err_cb); +} + +static auto cert_from_file(const std::string &filename) -> ConnectSettings::X509_Ref +{ + ConnectSettings::X509_Ref cert; + if (const auto fp = fopen(filename.c_str(), "r")) + { + cert = PEM_read_X509(fp, nullptr, nullptr, nullptr); + if (cert.get() == nullptr) + { + log_openssl_errors("Reading certificate: "sv); + } + fclose(fp); + } + else + { + const auto err = strerror(errno); + BOOST_LOG_TRIVIAL(error) << "Opening certificate: " << err; + } + return cert; +} + +static auto key_from_file(const std::string &filename) -> ConnectSettings::EVP_PKEY_Ref +{ + ConnectSettings::EVP_PKEY_Ref key; + if (const auto fp = fopen(filename.c_str(), "r")) + { + key = PEM_read_PrivateKey(fp, nullptr, nullptr, nullptr); + if (key.get() == nullptr) + { + log_openssl_errors("Reading private key: "sv); + } + fclose(fp); + } + else + { + const auto err = strerror(errno); + BOOST_LOG_TRIVIAL(error) << "Opening private key: " << err; + } + return key; +} + +static auto start(boost::asio::io_context &io, const Settings &settings) -> void +{ + ConnectSettings::X509_Ref cert; + if (settings.use_tls && not settings.tls_certfile.empty()) + { + cert = cert_from_file(settings.tls_certfile); + } + + ConnectSettings::EVP_PKEY_Ref key; + if (settings.use_tls && not settings.tls_keyfile.empty()) + { + key = key_from_file(settings.tls_keyfile); + } + const auto connection = std::make_shared(io); const auto client = Client::start(*connection); Registration::start(settings, client); @@ -32,6 +97,7 @@ auto start(boost::asio::io_context &io, const Settings &settings) -> void client->sig_registered.connect([connection]() { connection->send_join("##glguy"sv); + connection->send_whois("bot"sv); }); connection->sig_disconnect.connect( @@ -54,10 +120,12 @@ auto start(boost::asio::io_context &io, const Settings &settings) -> void .host = settings.host, .port = settings.service, .verify = settings.tls_hostname, + .client_cert = std::move(cert), + .client_key = std::move(key), }); } -auto get_settings() -> Settings +static auto get_settings() -> Settings { if (auto config_stream = std::ifstream{"config.toml"}) { diff --git a/settings.cpp b/settings.cpp index d4ee951..dd879ed 100644 --- a/settings.cpp +++ b/settings.cpp @@ -18,6 +18,8 @@ auto Settings::from_stream(std::istream &in) -> Settings .sasl_authzid = config["sasl_authzid"].value_or(std::string{}), .sasl_password = config["sasl_password"].value_or(std::string{}), .tls_hostname = config["tls_hostname"].value_or(std::string{}), + .tls_certfile = config["tls_certfile"].value_or(std::string{}), + .tls_keyfile = config["tls_keyfile"].value_or(std::string{}), .use_tls = config["use_tls"].value_or(false), }; } diff --git a/settings.hpp b/settings.hpp index f716920..5b57abc 100644 --- a/settings.hpp +++ b/settings.hpp @@ -18,6 +18,9 @@ struct Settings std::string sasl_password; std::string tls_hostname; + std::string tls_certfile; + std::string tls_keyfile; + bool use_tls; static auto from_stream(std::istream &in) -> Settings;