Mercurial > hg > orthanc
comparison OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 4438:4a4e33c9082d
configuration options for DICOM TLS in Orthanc SCU
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Thu, 07 Jan 2021 16:53:35 +0100 |
| parents | d9473bd5ed43 |
| children | 82a314325351 |
comparison
equal
deleted
inserted
replaced
| 4437:d9473bd5ed43 | 4438:4a4e33c9082d |
|---|---|
| 44 { | 44 { |
| 45 namespace Internals | 45 namespace Internals |
| 46 { | 46 { |
| 47 DcmTLSTransportLayer* InitializeDicomTls(T_ASC_Network *network, | 47 DcmTLSTransportLayer* InitializeDicomTls(T_ASC_Network *network, |
| 48 T_ASC_NetworkRole role, | 48 T_ASC_NetworkRole role, |
| 49 const std::string& ownPrivateKeyFile, | 49 const std::string& ownPrivateKeyPath, |
| 50 const std::string& ownCertificateFile, | 50 const std::string& ownCertificatePath, |
| 51 const std::string& trustedCertificatesFile) | 51 const std::string& trustedCertificatesPath) |
| 52 { | 52 { |
| 53 if (network == NULL) | 53 if (network == NULL) |
| 54 { | 54 { |
| 55 throw OrthancException(ErrorCode_NullPointer); | 55 throw OrthancException(ErrorCode_NullPointer); |
| 56 } | 56 } |
| 59 role != NET_REQUESTOR) | 59 role != NET_REQUESTOR) |
| 60 { | 60 { |
| 61 throw OrthancException(ErrorCode_ParameterOutOfRange, "Unknown role"); | 61 throw OrthancException(ErrorCode_ParameterOutOfRange, "Unknown role"); |
| 62 } | 62 } |
| 63 | 63 |
| 64 if (!SystemToolbox::IsRegularFile(trustedCertificatesFile)) | 64 if (!SystemToolbox::IsRegularFile(trustedCertificatesPath)) |
| 65 { | 65 { |
| 66 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with trusted certificates for DICOM TLS: " + | 66 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with trusted certificates for DICOM TLS: " + |
| 67 trustedCertificatesFile); | 67 trustedCertificatesPath); |
| 68 } | 68 } |
| 69 | 69 |
| 70 if (!SystemToolbox::IsRegularFile(ownPrivateKeyFile)) | 70 if (!SystemToolbox::IsRegularFile(ownPrivateKeyPath)) |
| 71 { | 71 { |
| 72 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own private key for DICOM TLS: " + | 72 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own private key for DICOM TLS: " + |
| 73 ownPrivateKeyFile); | 73 ownPrivateKeyPath); |
| 74 } | 74 } |
| 75 | 75 |
| 76 if (!SystemToolbox::IsRegularFile(ownCertificateFile)) | 76 if (!SystemToolbox::IsRegularFile(ownCertificatePath)) |
| 77 { | 77 { |
| 78 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own certificate for DICOM TLS: " + | 78 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own certificate for DICOM TLS: " + |
| 79 ownCertificateFile); | 79 ownCertificatePath); |
| 80 } | 80 } |
| 81 | 81 |
| 82 CLOG(INFO, DICOM) << "Initializing DICOM TLS for Orthanc " | 82 CLOG(INFO, DICOM) << "Initializing DICOM TLS for Orthanc " |
| 83 << (role == NET_ACCEPTOR ? "SCP" : "SCU"); | 83 << (role == NET_ACCEPTOR ? "SCP" : "SCU"); |
| 84 | 84 |
| 103 | 103 |
| 104 std::unique_ptr<DcmTLSTransportLayer> tls( | 104 std::unique_ptr<DcmTLSTransportLayer> tls( |
| 105 new DcmTLSTransportLayer(tmpRole /*opt_networkRole*/, NULL /*opt_readSeedFile*/, | 105 new DcmTLSTransportLayer(tmpRole /*opt_networkRole*/, NULL /*opt_readSeedFile*/, |
| 106 OFFalse /*initializeOpenSSL, done by Orthanc::Toolbox::InitializeOpenSsl()*/)); | 106 OFFalse /*initializeOpenSSL, done by Orthanc::Toolbox::InitializeOpenSsl()*/)); |
| 107 | 107 |
| 108 if (tls->addTrustedCertificateFile(trustedCertificatesFile.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) | 108 if (tls->addTrustedCertificateFile(trustedCertificatesPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) |
| 109 { | 109 { |
| 110 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with trusted certificates for DICOM TLS: " + | 110 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with trusted certificates for DICOM TLS: " + |
| 111 trustedCertificatesFile); | 111 trustedCertificatesPath); |
| 112 } | 112 } |
| 113 | 113 |
| 114 if (tls->setPrivateKeyFile(ownPrivateKeyFile.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) | 114 if (tls->setPrivateKeyFile(ownPrivateKeyPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) |
| 115 { | 115 { |
| 116 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with private key for DICOM TLS: " + | 116 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with private key for DICOM TLS: " + |
| 117 ownPrivateKeyFile); | 117 ownPrivateKeyPath); |
| 118 } | 118 } |
| 119 | 119 |
| 120 if (tls->setCertificateFile(ownCertificateFile.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) | 120 if (tls->setCertificateFile(ownCertificatePath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) |
| 121 { | 121 { |
| 122 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with own certificate for DICOM TLS: " + | 122 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with own certificate for DICOM TLS: " + |
| 123 ownCertificateFile); | 123 ownCertificatePath); |
| 124 } | 124 } |
| 125 | 125 |
| 126 if (!tls->checkPrivateKeyMatchesCertificate()) | 126 if (!tls->checkPrivateKeyMatchesCertificate()) |
| 127 { | 127 { |
| 128 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " + | 128 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " + |
| 129 ownPrivateKeyFile + " vs. " + ownCertificateFile); | 129 ownPrivateKeyPath + " vs. " + ownCertificatePath); |
| 130 } | 130 } |
| 131 | 131 |
| 132 #if DCMTK_VERSION_NUMBER >= 364 | 132 #if DCMTK_VERSION_NUMBER >= 364 |
| 133 if (tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/) != TCS_ok) | 133 if (tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/) != TCS_ok) |
| 134 { | 134 { |