From 69a82f32910db103026dfdb9772f07f546166255 Mon Sep 17 00:00:00 2001 From: ales stibal Date: Sat, 20 Apr 2024 19:45:22 +0200 Subject: [PATCH] add authenticated API endpoint to reload custom certificates - /api/do/ssl/custom/reload json is returned with the status and count of installed certificates --- src/service/httpd/do/do_comands.hpp | 63 ++++++++++++++++++++++ src/service/httpd/handlers/dispatchers.cpp | 13 +++++ 2 files changed, 76 insertions(+) create mode 100644 src/service/httpd/do/do_comands.hpp diff --git a/src/service/httpd/do/do_comands.hpp b/src/service/httpd/do/do_comands.hpp new file mode 100644 index 0000000..8e57844 --- /dev/null +++ b/src/service/httpd/do/do_comands.hpp @@ -0,0 +1,63 @@ +/* + Smithproxy- transparent proxy with SSL inspection capabilities. + Copyright (c) 2014, Ales Stibal , All rights reserved. + + Smithproxy is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + Smithproxy is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with Smithproxy. If not, see . + + Linking Smithproxy statically or dynamically with other modules is + making a combined work based on Smithproxy. Thus, the terms and + conditions of the GNU General Public License cover the whole combination. + + In addition, as a special exception, the copyright holders of Smithproxy + give you permission to combine Smithproxy with free software programs + or libraries that are released under the GNU LGPL and with code + included in the standard release of OpenSSL under the OpenSSL's license + (or modified versions of such code, with unchanged license). + You may copy and distribute such a system following the terms + of the GNU GPL for Smithproxy and the licenses of the other code + concerned, provided that you include the source code of that other code + when and as the GNU GPL requires distribution of source code. + + Note that people who make modified versions of Smithproxy are not + obligated to grant this special exception for their modified versions; + it is their choice whether to do so. The GNU General Public License + gives permission to release a modified version without this exception; + this exception also makes it possible to release a modified version + which carries forward this exception. +*/ + +#include + +#include +#include +#include + + +static nlohmann::json json_do_ssl_custom_reload(struct MHD_Connection * connection, std::string const& meth, std::string const& req) { + + using namespace jsonize; + + auto& store = SSLFactory::factory(); + auto lc_ = std::scoped_lock(store.lock()); + + store.cache_custom().clear(); + auto ret = store.load_custom_certificates(); + + return { + {"result", ret }, + {"count", store.cache_custom().size()}, + }; + +} + diff --git a/src/service/httpd/handlers/dispatchers.cpp b/src/service/httpd/handlers/dispatchers.cpp index f051a6c..2118f43 100644 --- a/src/service/httpd/handlers/dispatchers.cpp +++ b/src/service/httpd/handlers/dispatchers.cpp @@ -5,6 +5,8 @@ #include #include +#include + #include #include #include @@ -93,6 +95,17 @@ namespace sx::webserver::dispatchers { server.addController(&handler); } + for(auto const& meth: {"GET", "POST"}) { + static Http_Responder handler( + meth, + "/api/do/ssl/custom/reload", + authorized::token_protected(json_do_ssl_custom_reload) + ); + handler.Content_Type = "application/json"; + server.addController(&handler); + } + + } void controller_add_uni(lmh::WebServer &server) {