Add option to set the Certificate Authority (CA) Info option. (mrtazz#44)

tgoetze · mrtazz · commit 5c65335ea78e · 2016-04-20T12:35:14.000-04:00
* Add option to set the Certificate Authority (CA) Info option.
This is used when verifying a peer. See CURLOPT_CAINFO.
diff --git a/README.md b/README.md
@@ -50,7 +50,7 @@ timeouts or authentication, there is also a different, more configurable way.
 RestClient::init();
 
 // get a connection object
-RestClient::Connection conn* = new RestClient::Connection("http://url.com");
+RestClient::Connection* conn = new RestClient::Connection("http://url.com");
 
 // configure basic auth
 conn->SetBasicAuth("WarMachine68", "WARMACHINEROX");
@@ -73,6 +73,9 @@ conn->SetHeaders(headers)
 // append additional headers
 conn->AppendHeader("X-MY-HEADER", "foo")
 
+// if using a non-standard Certificate Authority (CA) trust file
+conn->SetCAInfoFilePath("/etc/custom-ca.crt")
+
 RestClient::Response r = conn->get("/get")
 RestClient::Response r = conn->post("/post", "text/json", "{\"foo\": \"bla\"}")
 RestClient::Response r = conn->put("/put", "text/json", "{\"foo\": \"bla\"}")
diff --git a/include/restclient-cpp/connection.h b/include/restclient-cpp/connection.h
@@ -122,6 +122,10 @@ class Connection {
     // (this will result in the UA "foo/cool restclient-cpp/VERSION")
     void SetUserAgent(const std::string& userAgent);
 
+    // set the Certificate Authority (CA) Info which is the path to file holding
+    // certificates to be used to verify peers. See CURLOPT_CAINFO
+    void SetCAInfoFilePath(const std::string& caInfoFilePath);
+
     std::string GetUserAgent();
 
     RestClient::Connection::Info GetInfo();
@@ -156,6 +160,7 @@ class Connection {
       std::string password;
     } basicAuth;
     std::string customUserAgent;
+    std::string caInfoFilePath;
     RequestInfo lastRequest;
     RestClient::Response performCurlRequest(const std::string& uri);
 };
diff --git a/source/connection.cc b/source/connection.cc
@@ -119,6 +119,18 @@ RestClient::Connection::SetUserAgent(const std::string& userAgent) {
   this->customUserAgent = userAgent;
 }
 
+/**
+ * @brief set custom Certificate Authority (CA) path
+ *
+ * @param caInfoFilePath - The path to a file holding the certificates used to
+ * verify the peer with. See CURLOPT_CAINFO
+ *
+ */
+void
+RestClient::Connection::SetCAInfoFilePath(const std::string& caInfoFilePath) {
+  this->caInfoFilePath = caInfoFilePath;
+}
+
 /**
  * @brief get the user agent to add to the request
  *
@@ -225,6 +237,11 @@ RestClient::Connection::performCurlRequest(const std::string& uri) {
   if (this->followRedirects == true) {
     curl_easy_setopt(this->curlHandle, CURLOPT_FOLLOWLOCATION, 1L);
   }
+  // if provided, supply CA path
+  if (!this->caInfoFilePath.empty()) {
+    curl_easy_setopt(this->curlHandle, CURLOPT_CAINFO,
+                     this->caInfoFilePath.c_str());
+  }
   res = curl_easy_perform(this->curlHandle);
   if (res != CURLE_OK) {
     if (res == CURLE_OPERATION_TIMEDOUT) {
diff --git a/test/test_connection.cc b/test/test_connection.cc
@@ -39,6 +39,16 @@ TEST_F(ConnectionTest, TestTimeout)
   EXPECT_EQ(28, res.code);
 }
 
+TEST_F(ConnectionTest, TestFailForInvalidCA)
+{
+  // set a non-existing file for the CA file and it should fail to verify the peer
+  conn->SetCAInfoFilePath("non-existent file");
+  RestClient::Response res = conn->get("/get");
+
+  EXPECT_EQ("Failed to query.", res.body);
+  EXPECT_EQ(-1, res.code);
+}
+
 TEST_F(ConnectionTest, TestDefaultUserAgent)
 {
   RestClient::Response res = conn->get("/get");
