workaround botan backend init failure on MacOS (#303)

marty1885 · web-flow · commit b395cea265a1 · 2023-11-26T14:13:21.000+08:00
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
@@ -63,14 +63,22 @@ jobs:
             buildname: 'ubuntu-20.04/gcc - OpenSSL'
             triplet: x64-linux
             compiler: gcc_64
+            tls_provider: openssl
           - os: ubuntu-20.04
             buildname: 'ubuntu-20.04/gcc'
             triplet: x64-linux
             compiler: gcc_64
+            tls_provider: none
           - os: macos-latest
             buildname: 'macos/clang'
             triplet: x64-osx
             compiler: clang_64
+            tls_provider: openssl
+          - os: macos-latest
+            buildname: 'macos/clang - Botan'
+            triplet: x64-osx
+            compiler: clang_64
+            tls_provider: botan
 
     steps:
     - name: Checkout Trantor source code
@@ -82,20 +90,14 @@ jobs:
     - name: (macOS) Install dependencies
       if: runner.os == 'macOS'
       run: |
-        brew install c-ares openssl spdlog
+        brew install c-ares openssl spdlog botan
 
-    - name: (Linux) Install dependencies - OpenSSL
-      if: matrix.buildname == 'ubuntu-20.04/gcc - OpenSSL'
-      run: |
-        # Installing packages might fail as the github image becomes outdated
-        sudo apt update
-        sudo apt install openssl libssl-dev dos2unix libspdlog-dev libfmt-dev
     - name: (Linux) Install dependencies
-      if: matrix.buildname == 'ubuntu-20.04/gcc'
+      if: matrix.os == 'Linux'
       run: |
         # Installing packages might fail as the github image becomes outdated
         sudo apt update
-        sudo apt install dos2unix libspdlog-dev libfmt-dev
+        sudo apt install openssl libssl-dev dos2unix libspdlog-dev libfmt-dev
     - name: install gtest
       run: |
         wget https://github.com/google/googletest/archive/refs/tags/v1.13.0.tar.gz
@@ -113,7 +115,7 @@ jobs:
       run: |
         mkdir build
         cd build
-        cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE -DBUILD_TESTING=on -DUSE_SPDLOG=ON
+        cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE -DBUILD_TESTING=on -DUSE_SPDLOG=ON -DTRANTOR_USE_TLS=${{ matrix.tls_provider }}
 
     - name: Build
       working-directory: ${{env.GITHUB_WORKSPACE}}
diff --git a/trantor/net/inner/tlsprovider/BotanTLSProvider.cc b/trantor/net/inner/tlsprovider/BotanTLSProvider.cc
@@ -27,7 +27,8 @@ static std::once_flag sessionManagerInitFlag;
 static std::shared_ptr<Botan::AutoSeeded_RNG> sessionManagerRng;
 static std::shared_ptr<Botan::TLS::Session_Manager_In_Memory> sessionManager;
 static thread_local std::shared_ptr<Botan::AutoSeeded_RNG> rng;
-static Botan::System_Certificate_Store certStore;
+static std::unique_ptr<Botan::System_Certificate_Store> systemCertStore;
+static std::once_flag systemCertStoreInitFlag;
 
 using namespace trantor;
 
@@ -231,15 +232,20 @@ struct BotanTLSProvider : public TLSProvider,
         if (channel_ && channel_->is_active())
         {
             channel_->close();
-            channel_ = nullptr;
         }
     }
 
     virtual void startEncryption() override
     {
         auto certStorePtr = contextPtr_->certStore.get();
         if (certStorePtr == nullptr)
-            certStorePtr = &certStore;
+        {
+            std::call_once(systemCertStoreInitFlag, []() {
+                systemCertStore =
+                    std::make_unique<Botan::System_Certificate_Store>();
+            });
+            certStorePtr = systemCertStore.get();
+        }
         credsPtr_ = std::make_shared<Credentials>(contextPtr_->key,
                                                   contextPtr_->cert.get(),
                                                   certStorePtr);
@@ -255,12 +261,14 @@ struct BotanTLSProvider : public TLSProvider,
         });
         if (rng == nullptr)
             rng = std::make_shared<Botan::AutoSeeded_RNG>();
+
+        auto fakeThis = std::shared_ptr<BotanTLSProvider>(this, [](auto) {});
         if (contextPtr_->isServer)
         {
             // TODO: Need a more scalable way to manage session validation rules
             validationPolicy_->requireClientCert_ =
                 contextPtr_->requireClientCert;
-            channel_ = std::make_unique<Botan::TLS::Server>(shared_from_this(),
+            channel_ = std::make_unique<Botan::TLS::Server>(std::move(fakeThis),
                                                             sessionManager,
                                                             credsPtr_,
                                                             validationPolicy_,
@@ -275,7 +283,7 @@ struct BotanTLSProvider : public TLSProvider,
             if (policyPtr_->getUseOldTLS())
                 LOG_WARN << "Old TLS not supported by Botan (only >= TLS 1.2)";
             channel_ = std::make_unique<Botan::TLS::Client>(
-                shared_from_this(),
+                std::move(fakeThis),
                 sessionManager,
                 credsPtr_,
                 validationPolicy_,
diff --git a/trantor/utils/Utilities.cc b/trantor/utils/Utilities.cc
@@ -58,6 +58,98 @@
 #include <memory>
 #include <trantor/utils/Logger.h>
 
+#if __cplusplus < 201103L || __cplusplus >= 201703L
+static std::wstring utf8Toutf16(const std::string &utf8Str)
+{
+    std::wstring utf16Str;
+    utf16Str.reserve(utf8Str.length());  // Reserve space to avoid reallocations
+
+    for (size_t i = 0; i < utf8Str.length();)
+    {
+        wchar_t unicode_char;
+
+        // Check the first byte
+        if ((utf8Str[i] & 0b10000000) == 0)
+        {
+            // Single-byte character (ASCII)
+            unicode_char = utf8Str[i++];
+        }
+        else if ((utf8Str[i] & 0b11100000) == 0b11000000)
+        {
+            if (i + 1 >= utf8Str.length())
+            {
+                // Invalid UTF-8 sequence
+                // Handle the error as needed
+                return L"";
+            }
+            // Two-byte character
+            unicode_char = ((utf8Str[i] & 0b00011111) << 6) |
+                           (utf8Str[i + 1] & 0b00111111);
+            i += 2;
+        }
+        else if ((utf8Str[i] & 0b11110000) == 0b11100000)
+        {
+            if (i + 2 >= utf8Str.length())
+            {
+                // Invalid UTF-8 sequence
+                // Handle the error as needed
+                return L"";
+            }
+            // Three-byte character
+            unicode_char = ((utf8Str[i] & 0b00001111) << 12) |
+                           ((utf8Str[i + 1] & 0b00111111) << 6) |
+                           (utf8Str[i + 2] & 0b00111111);
+            i += 3;
+        }
+        else
+        {
+            // Invalid UTF-8 sequence
+            // Handle the error as needed
+            return L"";
+        }
+
+        utf16Str.push_back(unicode_char);
+    }
+
+    return utf16Str;
+}
+
+static std::string utf16Toutf8(const std::wstring &utf16Str)
+{
+    std::string utf8Str;
+    utf8Str.reserve(utf16Str.length() * 3);
+
+    for (size_t i = 0; i < utf16Str.length(); ++i)
+    {
+        wchar_t unicode_char = utf16Str[i];
+
+        if (unicode_char <= 0x7F)
+        {
+            // Single-byte character (ASCII)
+            utf8Str.push_back(static_cast<char>(unicode_char));
+        }
+        else if (unicode_char <= 0x7FF)
+        {
+            // Two-byte character
+            utf8Str.push_back(
+                static_cast<char>(0xC0 | ((unicode_char >> 6) & 0x1F)));
+            utf8Str.push_back(static_cast<char>(0x80 | (unicode_char & 0x3F)));
+        }
+        else
+        {
+            // Three-byte character
+            utf8Str.push_back(
+                static_cast<char>(0xE0 | ((unicode_char >> 12) & 0x0F)));
+            utf8Str.push_back(
+                static_cast<char>(0x80 | ((unicode_char >> 6) & 0x3F)));
+            utf8Str.push_back(static_cast<char>(0x80 | (unicode_char & 0x3F)));
+        }
+    }
+
+    return utf8Str;
+}
+#endif  // __cplusplus
+
 namespace trantor
 {
 namespace utils
@@ -81,11 +173,7 @@ std::string toUtf8(const std::wstring &wstr)
                           NULL,
                           NULL);
 #elif __cplusplus < 201103L || __cplusplus >= 201703L
-    // Note: Introduced in c++11 and deprecated with c++17.
-    // Revert to C99 code since there no replacement yet
-    strTo.resize(3 * wstr.length(), 0);
-    auto nLen = wcstombs(&strTo[0], wstr.c_str(), strTo.length());
-    strTo.resize(nLen);
+    strTo = utf16Toutf8(wstr);
 #else  // c++11 to c++14
     std::wstring_convert<std::codecvt_utf8<wchar_t>, wchar_t> utf8conv;
     strTo = utf8conv.to_bytes(wstr);
@@ -104,11 +192,7 @@ std::wstring fromUtf8(const std::string &str)
     ::MultiByteToWideChar(
         CP_UTF8, 0, &str[0], (int)str.size(), &wstrTo[0], nSizeNeeded);
 #elif __cplusplus < 201103L || __cplusplus >= 201703L
-    // Note: Introduced in c++11 and deprecated with c++17.
-    // Revert to C99 code since there no replacement yet
-    wstrTo.resize(str.length(), 0);
-    auto nLen = mbstowcs(&wstrTo[0], str.c_str(), wstrTo.length());
-    wstrTo.resize(nLen);
+    wstrTo = utf8Toutf16(str);
 #else  // c++11 to c++14
     std::wstring_convert<std::codecvt_utf8<wchar_t>, wchar_t> utf8conv;
     try
