proxygen: wangle::TLSCredProcessor Class Reference

#include <TLSCredProcessor.h>

Public Member Functions
	TLSCredProcessor ()

	TLSCredProcessor (std::chrono::milliseconds pollInterval)

	~TLSCredProcessor ()

void	setTicketPathToWatch (const std::string &ticketFile)

void	setCertPathsToWatch (std::set< std::string > certFiles)

void	addTicketCallback (std::function< void(wangle::TLSTicketKeySeeds)> callback)

void	addCertCallback (std::function< void()> callback)

void	stop ()

void	setPollInterval (std::chrono::milliseconds pollInterval)

Static Public Member Functions
static folly::Optional< wangle::TLSTicketKeySeeds >	processTLSTickets (const std::string &fileName)

Private Member Functions
void	ticketFileUpdated (const std::string &ticketFile) noexcept

void	certFileUpdated () noexcept

Private Attributes
std::unique_ptr< FilePoller >	poller_

std::string	ticketFile_

std::set< std::string >	certFiles_

std::vector< std::function< void(wangle::TLSTicketKeySeeds)> >	ticketCallbacks_

std::vector< std::function< void()> >	certCallbacks_

Detailed Description

A class that monitors files related to TLS credentials that fire callbacks when they change. Callbacks are fired in a background thread.

Definition at line 31 of file TLSCredProcessor.h.

Constructor & Destructor Documentation

wangle::TLSCredProcessor::TLSCredProcessor ( )

Definition at line 44 of file TLSCredProcessor.cpp.

45 : poller_(std::make_unique<FilePoller>(kCredentialPollInterval)) {}

wangle::TLSCredProcessor::poller_

std::unique_ptr< FilePoller > poller_

Definition: TLSCredProcessor.h:85

wangle::TLSCredProcessor::TLSCredProcessor ( std::chrono::milliseconds pollInterval )

explicit

Definition at line 47 of file TLSCredProcessor.cpp.

48 : poller_(std::make_unique<FilePoller>(pollInterval)) {}

wangle::TLSCredProcessor::poller_

std::unique_ptr< FilePoller > poller_

Definition: TLSCredProcessor.h:85

wangle::TLSCredProcessor::~TLSCredProcessor ( )

Definition at line 54 of file TLSCredProcessor.cpp.

References stop().

54 { stop(); }

wangle::TLSCredProcessor::stop

void stop()

Definition: TLSCredProcessor.cpp:50

Member Function Documentation

void wangle::TLSCredProcessor::addCertCallback ( std::function< void()> callback )

Definition at line 68 of file TLSCredProcessor.cpp.

References certCallbacks_, and folly::gen::move.

Referenced by TEST_F().

                                   {
   certCallbacks_.push_back(std::move(callback));
 }

void wangle::TLSCredProcessor::addTicketCallback ( std::function< void(wangle::TLSTicketKeySeeds)> callback )

Definition at line 63 of file TLSCredProcessor.cpp.

References folly::gen::move, and ticketCallbacks_.

Referenced by TEST_F().

                                                    {
   ticketCallbacks_.push_back(std::move(callback));
 }

void wangle::TLSCredProcessor::certFileUpdated ( )

privatenoexcept

Definition at line 107 of file TLSCredProcessor.cpp.

References certCallbacks_.

Referenced by setCertPathsToWatch().

                                                 {
   for (const auto& callback: certCallbacks_) {
     callback();
   }
 }

Optional< TLSTicketKeySeeds > wangle::TLSCredProcessor::processTLSTickets ( const std::string & fileName )

static

This parses a TLS ticket file with the tickets and returns a TLSTicketKeySeeds structure if the file is valid. The TLS ticket file is formatted as a json blob { "old": [ "seed1", ... ], "new": [ ... ], "current": [ ... ] } Seeds are aribitrary length secret strings which are used to derive ticket encryption keys.

Definition at line 113 of file TLSCredProcessor.cpp.

References folly::dynamic::count(), wangle::TLSTicketKeySeeds::currentSeeds, wangle::TLSTicketKeySeeds::newSeeds, folly::none, wangle::TLSTicketKeySeeds::oldSeeds, folly::parseJson(), folly::readFile(), string, folly::dynamic::type(), and folly::WARNING.

Referenced by main(), and ticketFileUpdated().

                                {
   try {
     std::string jsonData;
     if (!folly::readFile(fileName.c_str(), jsonData)) {
       LOG(WARNING) << "Failed to read " << fileName
                    << "; Ticket seeds are unavailable.";
       return folly::none;
     }
     folly::dynamic conf = folly::parseJson(jsonData);
     if (conf.type() != dynamic::Type::OBJECT) {
       LOG(WARNING) << "Error parsing " << fileName << " expected object";
       return folly::none;
     }
     TLSTicketKeySeeds seedData;
     if (conf.count("old")) {
       insertSeeds(conf["old"], seedData.oldSeeds);
     }
     if (conf.count("current")) {
       insertSeeds(conf["current"], seedData.currentSeeds);
     }
     if (conf.count("new")) {
       insertSeeds(conf["new"], seedData.newSeeds);
     }
     return seedData;
   } catch (const std::exception& ex) {
     LOG(WARNING) << "Parsing " << fileName << " failed: " << ex.what();
     return folly::none;
   }
 }

void wangle::TLSCredProcessor::setCertPathsToWatch ( std::set< std::string > certFiles )

Set cert related files to watch. This would include paths like cert, key, and CA. Cert callbacks will be fired if any of these change. Empty strings are ignored.

Definition at line 84 of file TLSCredProcessor.cpp.

References certFiles_, certFileUpdated(), folly::gen::move, and poller_.

Referenced by main(), setPollInterval(), and TEST_F().

                                                                       {
   for (const auto& path: certFiles_) {
     poller_->removeFileToTrack(path);
   }
   certFiles_ = std::move(certFiles);
   if (!certFiles_.empty()) {
     auto certChangedCob = [this]() { certFileUpdated(); };
     for (const auto& path: certFiles_) {
       poller_->addFileToTrack(path, certChangedCob);
     }
   }
 }

void wangle::TLSCredProcessor::setPollInterval ( std::chrono::milliseconds pollInterval )

Definition at line 56 of file TLSCredProcessor.cpp.

References certFiles_, poller_, setCertPathsToWatch(), setTicketPathToWatch(), and ticketFile_.

Referenced by TEST_F().

                                                                          {
   poller_->stop();
   poller_ = std::make_unique<FilePoller>(pollInterval);
   setTicketPathToWatch(ticketFile_);
   setCertPathsToWatch(certFiles_);
 }

void wangle::TLSCredProcessor::setTicketPathToWatch ( const std::string & ticketFile )

Set the ticket path to watch. Any previous ticket path will stop being watched. This is not thread safe.

Definition at line 73 of file TLSCredProcessor.cpp.

References poller_, ticketFile_, and ticketFileUpdated().

Referenced by main(), setPollInterval(), and TEST_F().

                                                                        {
   if (!ticketFile_.empty()) {
     poller_->removeFileToTrack(ticketFile_);
   }
   ticketFile_ = ticketFile;
   if (!ticketFile_.empty()) {
     auto ticketsChangedCob = [=]() { ticketFileUpdated(ticketFile); };
     poller_->addFileToTrack(ticketFile_, ticketsChangedCob);
   }
 }

void wangle::TLSCredProcessor::stop ( )

Definition at line 50 of file TLSCredProcessor.cpp.

References poller_.

Referenced by ~TLSCredProcessor().

                             {
   poller_->stop();
 }

void wangle::TLSCredProcessor::ticketFileUpdated ( const std::string & ticketFile )

privatenoexcept

Definition at line 97 of file TLSCredProcessor.cpp.

References processTLSTickets(), and ticketCallbacks_.

Referenced by setTicketPathToWatch().

                                           {
   auto seeds = processTLSTickets(ticketFile);
   if (seeds) {
     for (auto& callback : ticketCallbacks_) {
       callback(*seeds);
     }
   }
 }