Commit 19ffc502 authored by Micha Mueller's avatar Micha Mueller
Browse files

Make cert-/key-/DH_param-files for HTTPS server configurable

parent 8e7a5588
......@@ -36,7 +36,6 @@ Dcdbpusher will check the given file-path for the global configuration file `glo
`global.conf` should have the following scheme:
```
global {
restAddr localhost:8000
mqttBroker localhost:1883
mqttprefix /00112233445566778899AABB0000
threads 24
......@@ -46,6 +45,13 @@ global {
cacheInterval 900
}
restAPI {
address localhost:8000
certificate path/to/file
privateKey path/to/file
dhFile path/to/file
}
plugins {
plugin sysfs {
......@@ -64,7 +70,6 @@ Explanation of the values:
| Value | Explanation |
|:----- |:----------- |
| global | Wrapper structure for the global values.
| restAddr | Define address and port where the REST API should run on. See the corresponding [section](#restApi) for more information.
| mqttBroker | Define address and port of the MQTT-broker which collects the messages (sensor values) send by dcdbpusher.
| mqttprefix | To not rewrite a full MQTT-topic for every sensor one can specify here a consistent prefix.
| threads | Specify how many threads should be created to handle the sensors async. Default value of threads is 1. Note that the MQTTPusher always starts an extra thread. So the actual number of started threads is always one more than defined here. Specifying not enough threads can result in a delay for some sensors until they are read.
......@@ -72,6 +77,11 @@ Explanation of the values:
| daemonize | Set to 'true' if dcdbpusher should run detached as daemon. Default is false.
| tempdir | One can specify a writeable directory where dcdbpusher can write its temporary and logging files to. Default is the current (' ./ ' ) directory.
| cacheInterval | Define a time interval in seconds. The last sensor readings within this time interval will be kept. This value can be overwritten by plugins.
| restAPI | Bundles all values related to the RestAPI. See the corresponding [section](#restApi) for more information on supported functionality.
| address | Define address and port where the REST API server should run on.
| certificate | Provide the (path and) file which the HTTPS server should use as certificate.
| privateKey | Provide the (path and) file which should be used as corresponding private key for the certificate. If private key and certificate are stored in the same file one should nevertheless provide the path to the cert-file here again.
| dhFile | Provide the (path and) file where Diffie-Hellman parameters for the key exchange are stored.
| | |
| plugins | In this section one can specify the plugins which should be used.
| plugin name | The plugin name is used to build the corresponding lib-name (e.g. sysfs --> libdcdbplugin_sysfs.1.0)
......@@ -85,7 +95,7 @@ Formats of the other sensor-specific config-files are explained in the correspon
## <a name="restApi">REST API</a>
Dcdbpusher provides some functionality to be controlled over a REST API. The API is by default hosted at port 8000 on the localhost but the address can be changed in the [`global.conf`](#GC).
Dcdbpusher runs a HTTPS server which provides some functionality to be controlled over a REST API. The API is by default hosted at port 8000 on the localhost but the address can be changed in the [`global.conf`](#GC).
Currently dcdbpusher allows to switch plugins on or off or to get the sensor reading average of the last values via the REST API. To switch plugins on or off, one has to send a `PUT` request of the form `host:port/pluginName/start|stop?authkey=YourToken` to the API. Requesting an average is done by sending a `GET` of the form `host:port/pluginName/sensorName/avg?authkey=YourToken`.
......
......@@ -10,10 +10,10 @@ global {
restAPI {
address localhost:8000
; certificate ../deps/openssl-1.0.2l/certs/demo/ca-cert.pem
; privateKey ../deps/openssl-1.0.2l/certs/demo/ca-cert.pem
; dhFile ../deps/openssl-1.0.2l/crypto/dh/dh2048.pem
;
certificate ../deps/openssl-1.0.2l/certs/demo/ca-cert.pem
privateKey ../deps/openssl-1.0.2l/certs/demo/ca-cert.pem
dhFile ../deps/openssl-1.0.2l/crypto/dh/dh2048.pem
; authkey qwertz {
; PUT
; GET
......
......@@ -110,6 +110,12 @@ bool Configuration::readGlobal() {
_global.restAPISettings.restPort = _global.restAPISettings.restHost.substr(pos+1);
_global.restAPISettings.restHost.erase(pos);
}
} else if (boost::iequals(global.first, "certificate")) {
_global.restAPISettings.certificate = global.second.data();
} else if (boost::iequals(global.first, "privateKey")) {
_global.restAPISettings.privateKey = global.second.data();
} else if (boost::iequals(global.first, "dhFile")) {
_global.restAPISettings.dhFile = global.second.data();
} else {
LOG(warning) << " Value \"" << global.first << "\" not recognized. Omitting";
}
......
......@@ -21,6 +21,9 @@
typedef struct {
std::string restHost;
std::string restPort;
std::string certificate;
std::string privateKey;
std::string dhFile;
} restAPISettings_t;
typedef struct {
......
......@@ -207,20 +207,19 @@ bool HttpsServer::requestHandler::check_authkey(const std::string& authkey) {
}
HttpsServer::HttpsServer(restAPISettings_t restAPISettings, pluginVector_t& plugins) :
_host(restAPISettings.restHost), _port(restAPISettings.restPort), _plugins(plugins), _handler(*this) {
_plugins(plugins), _handler(*this) {
std::shared_ptr<asio::ssl::context> ctx = std::make_shared<asio::ssl::context>(asio::ssl::context::sslv23);
ctx->set_options(asio::ssl::context::default_workarounds | asio::ssl::context::no_sslv3 | asio::ssl::context::single_dh_use);
// Set keys
// Currently we are only using the demo certificates provided by the OpenSSL lib...
// Set certificate, private key and DH parameters
//ctx->set_password_callback(HttpsServer::password_callback);
ctx->use_certificate_chain_file("../deps/openssl-1.0.2l/certs/demo/ca-cert.pem");
ctx->use_private_key_file("../deps/openssl-1.0.2l/certs/demo/ca-cert.pem", asio::ssl::context::pem);
ctx->use_tmp_dh_file("../deps/openssl-1.0.2l/crypto/dh/dh2048.pem");
ctx->use_certificate_chain_file(restAPISettings.certificate);
ctx->use_private_key_file(restAPISettings.privateKey, asio::ssl::context::pem);
ctx->use_tmp_dh_file(restAPISettings.dhFile);
server::options options(_handler);
_server = new server(options.address(_host).port(_port).context(ctx));
_server = new server(options.address(restAPISettings.restHost).port(restAPISettings.restPort).context(ctx));
}
HttpsServer::~HttpsServer() {
......
......@@ -66,8 +66,6 @@ private:
static std::string password_callback(std::size_t max_length, asio::ssl::context_base::password_purpose purpose);
*/
std::string _host;
std::string _port;
pluginVector_t& _plugins;
server* _server;
......
......@@ -281,6 +281,12 @@ int main(int argc, char** argv) {
LOG(info) << "RestAPI Settings:";
LOG(info) << " REST Server: " << globalSettings.restAPISettings.restHost << ":" << globalSettings.restAPISettings.restPort;
#ifdef DEBUG
LOG(info) << " Certificate: " << globalSettings.restAPISettings.certificate;
LOG(info) << " Private key file: " << globalSettings.restAPISettings.privateKey;
LOG(info) << " DH params from: " << globalSettings.restAPISettings.dhFile;
//asdf
#endif
//Init all sensors
LOG(info) << "Init sensors...";
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment