From adba870534bdcdd11f0f344e66090be8e2cd9ae4 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Fri, 20 Jan 2023 01:51:35 +0100 Subject: [NET] Refactor TLS configuration. Use a TLSOptions configuration object which is created via static functions. - "TLSOptions.client": uses the standard CA and common name verification. - "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified) - "TLSOptions.server": is the standard server configuration (chain + key) This will allow us to expand the TLS configuration options to include e.g. mutual authentication without bloating the classes that uses StreamPeerTLS and PacketPeerDTLS as underlying peers. --- scene/main/http_request.cpp | 21 +++++++++++++-------- scene/main/http_request.h | 8 +++++--- 2 files changed, 18 insertions(+), 11 deletions(-) (limited to 'scene/main') diff --git a/scene/main/http_request.cpp b/scene/main/http_request.cpp index 46ba7e67eb..0d53f740db 100644 --- a/scene/main/http_request.cpp +++ b/scene/main/http_request.cpp @@ -33,7 +33,7 @@ #include "scene/main/timer.h" Error HTTPRequest::_request() { - return client->connect_to_host(url, port, use_tls, validate_tls); + return client->connect_to_host(url, port, use_tls ? tls_options : nullptr); } Error HTTPRequest::_parse_url(const String &p_url) { @@ -96,7 +96,7 @@ String HTTPRequest::get_header_value(const PackedStringArray &p_headers, const S return value; } -Error HTTPRequest::request(const String &p_url, const Vector &p_custom_headers, bool p_tls_validate_domain, HTTPClient::Method p_method, const String &p_request_data) { +Error HTTPRequest::request(const String &p_url, const Vector &p_custom_headers, HTTPClient::Method p_method, const String &p_request_data) { // Copy the string into a raw buffer. Vector raw_data; @@ -108,10 +108,10 @@ Error HTTPRequest::request(const String &p_url, const Vector &p_custom_h memcpy(w, charstr.ptr(), len); } - return request_raw(p_url, p_custom_headers, p_tls_validate_domain, p_method, raw_data); + return request_raw(p_url, p_custom_headers, p_method, raw_data); } -Error HTTPRequest::request_raw(const String &p_url, const Vector &p_custom_headers, bool p_tls_validate_domain, HTTPClient::Method p_method, const Vector &p_request_data_raw) { +Error HTTPRequest::request_raw(const String &p_url, const Vector &p_custom_headers, HTTPClient::Method p_method, const Vector &p_request_data_raw) { ERR_FAIL_COND_V(!is_inside_tree(), ERR_UNCONFIGURED); ERR_FAIL_COND_V_MSG(requesting, ERR_BUSY, "HTTPRequest is processing a request. Wait for completion or cancel it before attempting a new one."); @@ -127,8 +127,6 @@ Error HTTPRequest::request_raw(const String &p_url, const Vector &p_cust return err; } - validate_tls = p_tls_validate_domain; - headers = p_custom_headers; if (accept_gzip) { @@ -590,10 +588,16 @@ void HTTPRequest::_timeout() { _defer_done(RESULT_TIMEOUT, 0, PackedStringArray(), PackedByteArray()); } +void HTTPRequest::set_tls_options(const Ref &p_options) { + ERR_FAIL_COND(p_options.is_null() || p_options->is_server()); + tls_options = p_options; +} + void HTTPRequest::_bind_methods() { - ClassDB::bind_method(D_METHOD("request", "url", "custom_headers", "tls_validate_domain", "method", "request_data"), &HTTPRequest::request, DEFVAL(PackedStringArray()), DEFVAL(true), DEFVAL(HTTPClient::METHOD_GET), DEFVAL(String())); - ClassDB::bind_method(D_METHOD("request_raw", "url", "custom_headers", "tls_validate_domain", "method", "request_data_raw"), &HTTPRequest::request_raw, DEFVAL(PackedStringArray()), DEFVAL(true), DEFVAL(HTTPClient::METHOD_GET), DEFVAL(PackedByteArray())); + ClassDB::bind_method(D_METHOD("request", "url", "custom_headers", "method", "request_data"), &HTTPRequest::request, DEFVAL(PackedStringArray()), DEFVAL(HTTPClient::METHOD_GET), DEFVAL(String())); + ClassDB::bind_method(D_METHOD("request_raw", "url", "custom_headers", "method", "request_data_raw"), &HTTPRequest::request_raw, DEFVAL(PackedStringArray()), DEFVAL(HTTPClient::METHOD_GET), DEFVAL(PackedByteArray())); ClassDB::bind_method(D_METHOD("cancel_request"), &HTTPRequest::cancel_request); + ClassDB::bind_method(D_METHOD("set_tls_options", "client_options"), &HTTPRequest::set_tls_options); ClassDB::bind_method(D_METHOD("get_http_client_status"), &HTTPRequest::get_http_client_status); @@ -654,6 +658,7 @@ void HTTPRequest::_bind_methods() { HTTPRequest::HTTPRequest() { client = Ref(HTTPClient::create()); + tls_options = TLSOptions::client(); timer = memnew(Timer); timer->set_one_shot(true); timer->connect("timeout", callable_mp(this, &HTTPRequest::_timeout)); diff --git a/scene/main/http_request.h b/scene/main/http_request.h index add4e9538d..9a91171eaf 100644 --- a/scene/main/http_request.h +++ b/scene/main/http_request.h @@ -68,8 +68,8 @@ private: String url; int port = 80; Vector headers; - bool validate_tls = false; bool use_tls = false; + Ref tls_options; HTTPClient::Method method; Vector request_data; @@ -125,8 +125,8 @@ protected: static void _bind_methods(); public: - Error request(const String &p_url, const Vector &p_custom_headers = Vector(), bool p_tls_validate_domain = true, HTTPClient::Method p_method = HTTPClient::METHOD_GET, const String &p_request_data = ""); //connects to a full url and perform request - Error request_raw(const String &p_url, const Vector &p_custom_headers = Vector(), bool p_tls_validate_domain = true, HTTPClient::Method p_method = HTTPClient::METHOD_GET, const Vector &p_request_data_raw = Vector()); //connects to a full url and perform request + Error request(const String &p_url, const Vector &p_custom_headers = Vector(), HTTPClient::Method p_method = HTTPClient::METHOD_GET, const String &p_request_data = ""); //connects to a full url and perform request + Error request_raw(const String &p_url, const Vector &p_custom_headers = Vector(), HTTPClient::Method p_method = HTTPClient::METHOD_GET, const Vector &p_request_data_raw = Vector()); //connects to a full url and perform request void cancel_request(); HTTPClient::Status get_http_client_status() const; @@ -161,6 +161,8 @@ public: void set_http_proxy(const String &p_host, int p_port); void set_https_proxy(const String &p_host, int p_port); + void set_tls_options(const Ref &p_options); + HTTPRequest(); }; -- cgit v1.2.3