Allow flexible certificate configuration (#1541)

andrey-kashcheev · web-flow · commit fe80f1b3a880 · 2024-08-27T11:51:53.000+02:00
Now, all fields could be setup independently.
For example, only CA info, or client certificate.

Relates-To: HERESUP-978

Signed-off-by: Andrey Kashcheev &lt;ext-andrey.kashcheev@here.com&gt;
diff --git a/olp-cpp-sdk-core/src/http/curl/NetworkCurl.cpp b/olp-cpp-sdk-core/src/http/curl/NetworkCurl.cpp
@@ -696,11 +696,11 @@ ErrorCode NetworkCurl::SendImplementation(
 #ifdef OLP_SDK_CURL_HAS_SUPPORT_SSL_BLOBS
   if (ssl_certificates_blobs_) {
     curl_easy_setopt(curl_handle, CURLOPT_SSLCERT_BLOB,
-                     &ssl_certificates_blobs_->ssl_cert_blob);
+                     ssl_certificates_blobs_->ssl_cert_blob.get_ptr());
     curl_easy_setopt(curl_handle, CURLOPT_SSLKEY_BLOB,
-                     &ssl_certificates_blobs_->ssl_key_blob);
+                     ssl_certificates_blobs_->ssl_key_blob.get_ptr());
     curl_easy_setopt(curl_handle, CURLOPT_CAINFO_BLOB,
-                     &ssl_certificates_blobs_->ca_info_blob);
+                     ssl_certificates_blobs_->ca_info_blob.get_ptr());
   } else
 #endif
   {
@@ -1312,17 +1312,23 @@ void NetworkCurl::Run() {
 
 #ifdef OLP_SDK_CURL_HAS_SUPPORT_SSL_BLOBS
 void NetworkCurl::SetupCertificateBlobs() {
-  if (certificate_settings_.client_cert_file_blob.empty() ||
-      certificate_settings_.client_key_file_blob.empty() ||
+  if (certificate_settings_.client_cert_file_blob.empty() &&
+      certificate_settings_.client_key_file_blob.empty() &&
       certificate_settings_.cert_file_blob.empty()) {
     OLP_SDK_LOG_INFO(kLogTag, "No certificate blobs provided");
     return;
   }
 
-  auto setup_blob = [](struct curl_blob& blob, std::string& src) {
-    blob.data = const_cast<char*>(src.data());
-    blob.len = src.size();
-    blob.flags = CURL_BLOB_NOCOPY;
+  auto setup_blob = [](SslCertificateBlobs::OptionalBlob& blob,
+                       std::string& src) {
+    if (src.empty()) {
+      blob.reset();
+      return;
+    }
+    blob = SslCertificateBlobs::OptionalBlob::value_type{};
+    blob->data = const_cast<char*>(src.data());
+    blob->len = src.size();
+    blob->flags = CURL_BLOB_NOCOPY;
   };
 
   ssl_certificates_blobs_ = SslCertificateBlobs{};
@@ -1334,7 +1340,17 @@ void NetworkCurl::SetupCertificateBlobs() {
   setup_blob(ssl_certificates_blobs_->ca_info_blob,
              certificate_settings_.cert_file_blob);
 
-  OLP_SDK_LOG_INFO(kLogTag, "Certificate blobs provided");
+  auto to_log_str = [](const SslCertificateBlobs::OptionalBlob& blob) {
+    return blob ? "<provided>" : "<empty>";
+  };
+
+  OLP_SDK_LOG_INFO(kLogTag,
+                   "Certificate blobs provided, client_cert_blob="
+                       << to_log_str(ssl_certificates_blobs_->ssl_cert_blob)
+                       << ", client_key_blob="
+                       << to_log_str(ssl_certificates_blobs_->ssl_key_blob)
+                       << ", ca_info_blob="
+                       << to_log_str(ssl_certificates_blobs_->ca_info_blob));
 }
 #endif
 
diff --git a/olp-cpp-sdk-core/src/http/curl/NetworkCurl.h b/olp-cpp-sdk-core/src/http/curl/NetworkCurl.h
@@ -167,14 +167,16 @@ class NetworkCurl : public olp::http::Network,
    * @brief Blobs required for custom certificate validation.
    */
   struct SslCertificateBlobs {
+    using OptionalBlob = boost::optional<struct curl_blob>;
+
     /// Certificate blob.
-    struct curl_blob ssl_cert_blob;
+    OptionalBlob ssl_cert_blob;
 
     /// Private key blob.
-    struct curl_blob ssl_key_blob;
+    OptionalBlob ssl_key_blob;
 
     /// Certificate authority blob.
-    struct curl_blob ca_info_blob;
+    OptionalBlob ca_info_blob;
   };
 #endif
 
