-
Notifications
You must be signed in to change notification settings - Fork 190
/
Copy pathssl_config.cc
112 lines (100 loc) · 3.83 KB
/
ssl_config.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/**
* @file ssl_config.cc
*
* @section LICENSE
*
* The MIT License
*
* @copyright Copyright (c) 2023 TileDB, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* @section DESCRIPTION
*
* This file includes definitions of the SSLConfig class.
*/
#include "tiledb/sm/filesystem/ssl_config.h"
#include "tiledb/common/logger.h"
#include "tiledb/platform/cert_file.h"
namespace tiledb::sm {
SSLConfig::SSLConfig()
: ca_file_("")
, ca_path_("")
, verify_(true) {
}
SSLConfig::SSLConfig(const Config& cfg)
: ca_file_("")
, ca_path_("")
, verify_(true) {
// Look up our ca_file and ca_path configuration options
auto ca_file = cfg.get<std::string>("ssl.ca_file");
if (ca_file.has_value()) {
ca_file_ = ca_file.value();
}
auto ca_path = cfg.get<std::string>("ssl.ca_path");
if (ca_path.has_value()) {
ca_path_ = ca_path.value();
}
if constexpr (tiledb::platform::PlatformCertFile::enabled) {
// If neither ca_file or ca_path are set, we look for a system default
// CA file on Linux platforms.
if (ca_file_.empty() && ca_path_.empty()) {
ca_file_ = tiledb::platform::PlatformCertFile::get();
}
}
auto verify = cfg.get<bool>("ssl.verify");
if (verify.has_value()) {
verify_ = verify.value();
}
}
S3SSLConfig::S3SSLConfig(const Config& cfg)
: SSLConfig(cfg) {
// Support the old s3 configuration values if they are
// configured by the user.
// Only set ca_file_ if vfs.s3.ca_file is a non-empty string
auto ca_file = cfg.get<std::string>("vfs.s3.ca_file");
if (ca_file.has_value() && !ca_file.value().empty()) {
LOG_WARN(
"The 'vfs.s3.ca_file' configuration option has been replaced "
"with 'ssl.ca_file'. Make sure that you update your configuration "
"because 'vfs.s3.ca_file' will eventually be removed.");
ca_file_ = ca_file.value();
}
// Only set ca_path_ if vfs.s3.ca_path is a non-empty string
auto ca_path = cfg.get<std::string>("vfs.s3.ca_path");
if (ca_path.has_value() && !ca_path.value().empty()) {
LOG_WARN(
"The 'vfs.s3.ca_path' configuration option has been replaced "
"with 'ssl.ca_path'. Make sure that you update your configuration "
"because 'vfs.s3.ca_path' will eventually be removed.");
ca_path_ = ca_path.value();
}
// Only override what was found in `ssl.verify` if `vfs.s3.verify_ssl` is
// set to false (i.e., non-default). Otherwise this will always ignore the
// ssl.verify value.
auto verify = cfg.get<bool>("vfs.s3.verify_ssl");
if (verify.has_value() && !verify.value()) {
LOG_WARN(
"The 'vfs.s3.verify_ssl' configuration option has been replaced "
"with 'ssl.verify'. Make sure that you update your configuration "
"because 'vfs.s3.verify_ssl' will eventually be removed.");
verify_ = verify.value();
}
}
} // namespace tiledb::sm