proxygen
TLSCredProcessor.cpp
Go to the documentation of this file.
1 /*
2  * Copyright 2017-present Facebook, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #include <wangle/ssl/TLSCredProcessor.h>
17 
18 #include <folly/dynamic.h>
19 #include <folly/json.h>
20 #include <folly/FileUtil.h>
21 #include <folly/Memory.h>
22 
23 using namespace folly;
24 
25 namespace {
26 
27 constexpr std::chrono::milliseconds kCredentialPollInterval =
28  std::chrono::duration_cast<std::chrono::milliseconds>(
29  std::chrono::seconds(10));
30 
31 void insertSeeds(const folly::dynamic& keyConfig,
32  std::vector<std::string>& seedList) {
33  if (!keyConfig.isArray()) {
34  return;
35  }
36  for (const auto& seed : keyConfig) {
37  seedList.push_back(seed.asString());
38  }
39 }
40 }
41 
42 namespace wangle {
43 
44 TLSCredProcessor::TLSCredProcessor()
45  : poller_(std::make_unique<FilePoller>(kCredentialPollInterval)) {}
46 
47 TLSCredProcessor::TLSCredProcessor(std::chrono::milliseconds pollInterval)
48  : poller_(std::make_unique<FilePoller>(pollInterval)) {}
49 
50 void TLSCredProcessor::stop() {
51  poller_->stop();
52 }
53 
54 TLSCredProcessor::~TLSCredProcessor() { stop(); }
55 
56 void TLSCredProcessor::setPollInterval(std::chrono::milliseconds pollInterval) {
57  poller_->stop();
58  poller_ = std::make_unique<FilePoller>(pollInterval);
59  setTicketPathToWatch(ticketFile_);
60  setCertPathsToWatch(certFiles_);
61 }
62 
63 void TLSCredProcessor::addTicketCallback(
64  std::function<void(TLSTicketKeySeeds)> callback) {
65  ticketCallbacks_.push_back(std::move(callback));
66 }
67 
68 void TLSCredProcessor::addCertCallback(
69  std::function<void()> callback) {
70  certCallbacks_.push_back(std::move(callback));
71 }
72 
73 void TLSCredProcessor::setTicketPathToWatch(const std::string& ticketFile) {
74  if (!ticketFile_.empty()) {
75  poller_->removeFileToTrack(ticketFile_);
76  }
77  ticketFile_ = ticketFile;
78  if (!ticketFile_.empty()) {
79  auto ticketsChangedCob = [=]() { ticketFileUpdated(ticketFile); };
80  poller_->addFileToTrack(ticketFile_, ticketsChangedCob);
81  }
82 }
83 
84 void TLSCredProcessor::setCertPathsToWatch(std::set<std::string> certFiles) {
85  for (const auto& path: certFiles_) {
86  poller_->removeFileToTrack(path);
87  }
88  certFiles_ = std::move(certFiles);
89  if (!certFiles_.empty()) {
90  auto certChangedCob = [this]() { certFileUpdated(); };
91  for (const auto& path: certFiles_) {
92  poller_->addFileToTrack(path, certChangedCob);
93  }
94  }
95 }
96 
97 void TLSCredProcessor::ticketFileUpdated(
98  const std::string& ticketFile) noexcept {
99  auto seeds = processTLSTickets(ticketFile);
100  if (seeds) {
101  for (auto& callback : ticketCallbacks_) {
102  callback(*seeds);
103  }
104  }
105 }
106 
107 void TLSCredProcessor::certFileUpdated() noexcept {
108  for (const auto& callback: certCallbacks_) {
109  callback();
110  }
111 }
112 
113 /* static */ Optional<TLSTicketKeySeeds> TLSCredProcessor::processTLSTickets(
114  const std::string& fileName) {
115  try {
116  std::string jsonData;
117  if (!folly::readFile(fileName.c_str(), jsonData)) {
118  LOG(WARNING) << "Failed to read " << fileName
119  << "; Ticket seeds are unavailable.";
120  return folly::none;
121  }
122  folly::dynamic conf = folly::parseJson(jsonData);
123  if (conf.type() != dynamic::Type::OBJECT) {
124  LOG(WARNING) << "Error parsing " << fileName << " expected object";
125  return folly::none;
126  }
127  TLSTicketKeySeeds seedData;
128  if (conf.count("old")) {
129  insertSeeds(conf["old"], seedData.oldSeeds);
130  }
131  if (conf.count("current")) {
132  insertSeeds(conf["current"], seedData.currentSeeds);
133  }
134  if (conf.count("new")) {
135  insertSeeds(conf["new"], seedData.newSeeds);
136  }
137  return seedData;
138  } catch (const std::exception& ex) {
139  LOG(WARNING) << "Parsing " << fileName << " failed: " << ex.what();
140  return folly::none;
141  }
142 }
143 
144 }
wangle::TLSTicketKeySeeds::newSeeds
std::vector< std::string > newSeeds
Definition: TLSTicketKeySeeds.h:27
wangle::TLSCredProcessor::setTicketPathToWatch
void setTicketPathToWatch(const std::string &ticketFile)
Definition: TLSCredProcessor.cpp:73
wangle::TLSTicketKeySeeds::currentSeeds
std::vector< std::string > currentSeeds
Definition: TLSTicketKeySeeds.h:26
folly::readFile
bool readFile(int fd, Container &out, size_t num_bytes=std::numeric_limits< size_t >::max())
Definition: FileUtil.h:125
wangle::TLSCredProcessor::processTLSTickets
static folly::Optional< wangle::TLSTicketKeySeeds > processTLSTickets(const std::string &fileName)
Definition: TLSCredProcessor.cpp:113
folly::parseJson
dynamic parseJson(StringPiece range)
Definition: json.cpp:900
seed
static const int seed
Definition: FBStringBenchmark.cpp:37
wangle::TLSCredProcessor::certFiles_
std::set< std::string > certFiles_
Definition: TLSCredProcessor.h:87
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
std
STL namespace.
folly::dynamic::count
IfIsNonStringDynamicConvertible< K, std::size_t > count(K &&) const
Definition: dynamic-inl.h:843
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
folly::pushmi::__adl::noexcept
requires E e noexcept(noexcept(s.error(std::move(e))))
Definition: extension_points.h:40
folly::dynamic::isArray
bool isArray() const
Definition: dynamic-inl.h:498
wangle::TLSCredProcessor::poller_
std::unique_ptr< FilePoller > poller_
Definition: TLSCredProcessor.h:85
wangle::TLSCredProcessor::setPollInterval
void setPollInterval(std::chrono::milliseconds pollInterval)
Definition: TLSCredProcessor.cpp:56
wangle::TLSCredProcessor::certCallbacks_
std::vector< std::function< void()> > certCallbacks_
Definition: TLSCredProcessor.h:89
wangle::TLSCredProcessor::addCertCallback
void addCertCallback(std::function< void()> callback)
Definition: TLSCredProcessor.cpp:68
folly::make_unique
std::enable_if<!std::is_array< T >::value, std::unique_ptr< T > >::type make_unique(Args &&...args)
Definition: Memory.h:259
wangle::TLSCredProcessor::ticketCallbacks_
std::vector< std::function< void(wangle::TLSTicketKeySeeds)> > ticketCallbacks_
Definition: TLSCredProcessor.h:88
wangle::TLSCredProcessor::setCertPathsToWatch
void setCertPathsToWatch(std::set< std::string > certFiles)
Definition: TLSCredProcessor.cpp:84
string
const char * string
Definition: Conv.cpp:212
wangle::TLSTicketKeySeeds::oldSeeds
std::vector< std::string > oldSeeds
Definition: TLSTicketKeySeeds.h:25
folly::dynamic::type
Type type() const
Definition: dynamic-inl.h:514
wangle::TLSCredProcessor::ticketFileUpdated
void ticketFileUpdated(const std::string &ticketFile) noexcept
Definition: TLSCredProcessor.cpp:97
folly::none
constexpr None none
Definition: Optional.h:87
wangle::TLSCredProcessor::addTicketCallback
void addTicketCallback(std::function< void(wangle::TLSTicketKeySeeds)> callback)
Definition: TLSCredProcessor.cpp:63