Mercurial > hg > orthanc

diff Core/HttpClient.cpp @ 2019:9c9332e486ca

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
HTTPS client certificates can be associated with Orthanc peers to enhance security over Internet
author Sebastien Jodogne <s.jodogne@gmail.com>
date Tue, 14 Jun 2016 17:53:23 +0200
parents 0ae26237569a
children a0bd8cd55da7
line wrap: on
line diff
--- a/Core/HttpClient.cpp	Tue Jun 14 15:51:00 2016 +0200
+++ b/Core/HttpClient.cpp	Tue Jun 14 17:53:23 2016 +0200
@@ -349,6 +349,26 @@
       CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_PROXY, proxy_.c_str()));
     }
 
+    // Set the HTTPS client certificate
+    if (!clientCertificateFile_.empty())
+    {
+      CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERTTYPE, "PEM"));
+      CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERT, clientCertificateFile_.c_str()));
+
+      if (!clientCertificateKeyPassword_.empty())
+      {
+        CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_KEYPASSWD, clientCertificateKeyPassword_.c_str()));
+      }
+
+      // NB: If no "clientKeyFile_" is provided, the key must be
+      // prepended to the certificate file
+      if (!clientCertificateKeyFile_.empty())
+      {
+        CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEYTYPE, "PEM"));
+        CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEY, clientCertificateKeyFile_.c_str()));
+      }
+    }
+
     switch (method_)
     {
     case HttpMethod_Get:
@@ -530,4 +550,32 @@
       ThrowException(GetLastStatus());
     }
   }
+
+
+  void HttpClient::SetClientCertificate(const std::string& certificateFile,
+                                        const std::string& certificateKeyFile,
+                                        const std::string& certificateKeyPassword)
+  {
+    if (certificateFile.empty())
+    {
+      throw OrthancException(ErrorCode_ParameterOutOfRange);
+    }
+
+    if (!Toolbox::IsRegularFile(certificateFile))
+    {
+      LOG(ERROR) << "Cannot open certificate file: " << certificateFile;
+      throw OrthancException(ErrorCode_InexistentFile);
+    }
+
+    if (!certificateKeyFile.empty() && 
+        !Toolbox::IsRegularFile(certificateKeyFile))
+    {
+      LOG(ERROR) << "Cannot open key file: " << certificateKeyFile;
+      throw OrthancException(ErrorCode_InexistentFile);
+    }
+
+    clientCertificateFile_ = certificateFile;
+    clientCertificateKeyFile_ = certificateKeyFile;
+    clientCertificateKeyPassword_ = certificateKeyPassword;
+  }
 }