Mercurial > hg > orthanc
comparison OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 4438:4a4e33c9082d
configuration options for DICOM TLS in Orthanc SCU
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 07 Jan 2021 16:53:35 +0100 |
parents | d9473bd5ed43 |
children | 82a314325351 |
comparison
equal
deleted
inserted
replaced
4437:d9473bd5ed43 | 4438:4a4e33c9082d |
---|---|
44 { | 44 { |
45 namespace Internals | 45 namespace Internals |
46 { | 46 { |
47 DcmTLSTransportLayer* InitializeDicomTls(T_ASC_Network *network, | 47 DcmTLSTransportLayer* InitializeDicomTls(T_ASC_Network *network, |
48 T_ASC_NetworkRole role, | 48 T_ASC_NetworkRole role, |
49 const std::string& ownPrivateKeyFile, | 49 const std::string& ownPrivateKeyPath, |
50 const std::string& ownCertificateFile, | 50 const std::string& ownCertificatePath, |
51 const std::string& trustedCertificatesFile) | 51 const std::string& trustedCertificatesPath) |
52 { | 52 { |
53 if (network == NULL) | 53 if (network == NULL) |
54 { | 54 { |
55 throw OrthancException(ErrorCode_NullPointer); | 55 throw OrthancException(ErrorCode_NullPointer); |
56 } | 56 } |
59 role != NET_REQUESTOR) | 59 role != NET_REQUESTOR) |
60 { | 60 { |
61 throw OrthancException(ErrorCode_ParameterOutOfRange, "Unknown role"); | 61 throw OrthancException(ErrorCode_ParameterOutOfRange, "Unknown role"); |
62 } | 62 } |
63 | 63 |
64 if (!SystemToolbox::IsRegularFile(trustedCertificatesFile)) | 64 if (!SystemToolbox::IsRegularFile(trustedCertificatesPath)) |
65 { | 65 { |
66 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with trusted certificates for DICOM TLS: " + | 66 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with trusted certificates for DICOM TLS: " + |
67 trustedCertificatesFile); | 67 trustedCertificatesPath); |
68 } | 68 } |
69 | 69 |
70 if (!SystemToolbox::IsRegularFile(ownPrivateKeyFile)) | 70 if (!SystemToolbox::IsRegularFile(ownPrivateKeyPath)) |
71 { | 71 { |
72 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own private key for DICOM TLS: " + | 72 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own private key for DICOM TLS: " + |
73 ownPrivateKeyFile); | 73 ownPrivateKeyPath); |
74 } | 74 } |
75 | 75 |
76 if (!SystemToolbox::IsRegularFile(ownCertificateFile)) | 76 if (!SystemToolbox::IsRegularFile(ownCertificatePath)) |
77 { | 77 { |
78 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own certificate for DICOM TLS: " + | 78 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own certificate for DICOM TLS: " + |
79 ownCertificateFile); | 79 ownCertificatePath); |
80 } | 80 } |
81 | 81 |
82 CLOG(INFO, DICOM) << "Initializing DICOM TLS for Orthanc " | 82 CLOG(INFO, DICOM) << "Initializing DICOM TLS for Orthanc " |
83 << (role == NET_ACCEPTOR ? "SCP" : "SCU"); | 83 << (role == NET_ACCEPTOR ? "SCP" : "SCU"); |
84 | 84 |
103 | 103 |
104 std::unique_ptr<DcmTLSTransportLayer> tls( | 104 std::unique_ptr<DcmTLSTransportLayer> tls( |
105 new DcmTLSTransportLayer(tmpRole /*opt_networkRole*/, NULL /*opt_readSeedFile*/, | 105 new DcmTLSTransportLayer(tmpRole /*opt_networkRole*/, NULL /*opt_readSeedFile*/, |
106 OFFalse /*initializeOpenSSL, done by Orthanc::Toolbox::InitializeOpenSsl()*/)); | 106 OFFalse /*initializeOpenSSL, done by Orthanc::Toolbox::InitializeOpenSsl()*/)); |
107 | 107 |
108 if (tls->addTrustedCertificateFile(trustedCertificatesFile.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) | 108 if (tls->addTrustedCertificateFile(trustedCertificatesPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) |
109 { | 109 { |
110 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with trusted certificates for DICOM TLS: " + | 110 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with trusted certificates for DICOM TLS: " + |
111 trustedCertificatesFile); | 111 trustedCertificatesPath); |
112 } | 112 } |
113 | 113 |
114 if (tls->setPrivateKeyFile(ownPrivateKeyFile.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) | 114 if (tls->setPrivateKeyFile(ownPrivateKeyPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) |
115 { | 115 { |
116 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with private key for DICOM TLS: " + | 116 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with private key for DICOM TLS: " + |
117 ownPrivateKeyFile); | 117 ownPrivateKeyPath); |
118 } | 118 } |
119 | 119 |
120 if (tls->setCertificateFile(ownCertificateFile.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) | 120 if (tls->setCertificateFile(ownCertificatePath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok) |
121 { | 121 { |
122 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with own certificate for DICOM TLS: " + | 122 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with own certificate for DICOM TLS: " + |
123 ownCertificateFile); | 123 ownCertificatePath); |
124 } | 124 } |
125 | 125 |
126 if (!tls->checkPrivateKeyMatchesCertificate()) | 126 if (!tls->checkPrivateKeyMatchesCertificate()) |
127 { | 127 { |
128 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " + | 128 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " + |
129 ownPrivateKeyFile + " vs. " + ownCertificateFile); | 129 ownPrivateKeyPath + " vs. " + ownCertificatePath); |
130 } | 130 } |
131 | 131 |
132 #if DCMTK_VERSION_NUMBER >= 364 | 132 #if DCMTK_VERSION_NUMBER >= 364 |
133 if (tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/) != TCS_ok) | 133 if (tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/) != TCS_ok) |
134 { | 134 { |