Mercurial > hg > orthanc
diff Core/HttpClient.cpp @ 2019:9c9332e486ca
HTTPS client certificates can be associated with Orthanc peers to enhance security over Internet
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Tue, 14 Jun 2016 17:53:23 +0200 |
parents | 0ae26237569a |
children | a0bd8cd55da7 |
line wrap: on
line diff
--- a/Core/HttpClient.cpp Tue Jun 14 15:51:00 2016 +0200 +++ b/Core/HttpClient.cpp Tue Jun 14 17:53:23 2016 +0200 @@ -349,6 +349,26 @@ CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_PROXY, proxy_.c_str())); } + // Set the HTTPS client certificate + if (!clientCertificateFile_.empty()) + { + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERTTYPE, "PEM")); + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERT, clientCertificateFile_.c_str())); + + if (!clientCertificateKeyPassword_.empty()) + { + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_KEYPASSWD, clientCertificateKeyPassword_.c_str())); + } + + // NB: If no "clientKeyFile_" is provided, the key must be + // prepended to the certificate file + if (!clientCertificateKeyFile_.empty()) + { + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEYTYPE, "PEM")); + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEY, clientCertificateKeyFile_.c_str())); + } + } + switch (method_) { case HttpMethod_Get: @@ -530,4 +550,32 @@ ThrowException(GetLastStatus()); } } + + + void HttpClient::SetClientCertificate(const std::string& certificateFile, + const std::string& certificateKeyFile, + const std::string& certificateKeyPassword) + { + if (certificateFile.empty()) + { + throw OrthancException(ErrorCode_ParameterOutOfRange); + } + + if (!Toolbox::IsRegularFile(certificateFile)) + { + LOG(ERROR) << "Cannot open certificate file: " << certificateFile; + throw OrthancException(ErrorCode_InexistentFile); + } + + if (!certificateKeyFile.empty() && + !Toolbox::IsRegularFile(certificateKeyFile)) + { + LOG(ERROR) << "Cannot open key file: " << certificateKeyFile; + throw OrthancException(ErrorCode_InexistentFile); + } + + clientCertificateFile_ = certificateFile; + clientCertificateKeyFile_ = certificateKeyFile; + clientCertificateKeyPassword_ = certificateKeyPassword; + } }