Add a getter to allow access to the gnutls_session_t. (#233)

bcsgh · web-flow · commit c5cf5eaa8983 · 2021-06-09T12:27:31.000-07:00
* Add a getter to allow access to the gnutls_session_t.

* Placate lint.

* Placate lint, some more.

* Document get_tls_session.

* Add http_request::has_tls_session to allow checking if http_request::get_tls_session is safe to call.

* Spelling and grammer.
diff --git a/README.md b/README.md
@@ -563,6 +563,8 @@ The `http_request` class has a set of methods you will have access to when imple
 * _**const std::string** get_pass() **const**:_ Returns the `password` as self-identified through basic authentication. The content of the password header will be parsed only if basic authentication is enabled on the server (enabled by default).
 * _**const std::string** get_digested_user() **const**:_ Returns the `digested user` as self-identified through digest authentication. The content of the user header will be parsed only if digest authentication is enabled on the server (enabled by default).
 * _**bool** check_digest_auth(**const std::string&** realm, **const std::string&** password, **int** nonce_timeout, **bool*** reload_nonce) **const**:_ Allows to check the validity of the authentication token sent through digest authentication (if the provided values in the WWW-Authenticate header are valid and sound according to RFC2716). Takes in input the `realm` of validity of the authentication, the `password` as known to the server to compare against, the `nonce_timeout` to indicate how long the nonce is valid and `reload_nonce` a boolean that will be set by the method to indicate a nonce being reloaded. The method returns `true` if the authentication is valid, `false` otherwise.
+* _**gnutls_session_t** get_tls_session() **const**:_ Tests if there is am underlying TLS state of the current request.
+* _**gnutls_session_t** get_tls_session() **const**:_ Returns the underlying TLS state of the current request for inspection. (It is an error to call this if the state does not exist.)
 
 #### Example of handler reading arguments from a request
     #include <httpserver.hpp>
diff --git a/src/http_request.cpp b/src/http_request.cpp
@@ -212,6 +212,19 @@ const std::string http_request::get_digested_user() const {
     return digested_user;
 }
 
+#ifdef HAVE_GNUTLS
+bool http_request::has_tls_session() const {
+    const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_GNUTLS_SESSION);
+    return (conninfo != nullptr);
+}
+
+gnutls_session_t http_request::get_tls_session() const {
+    const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_GNUTLS_SESSION);
+
+    return static_cast<gnutls_session_t>(conninfo->tls_session);
+}
+#endif  // HAVE_GNUTLS
+
 const std::string http_request::get_requestor() const {
     const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_CLIENT_ADDRESS);
 
diff --git a/src/httpserver/http_request.hpp b/src/httpserver/http_request.hpp
@@ -27,6 +27,10 @@
 
 #include <microhttpd.h>
 
+#ifdef HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+#endif  // HAVE_GNUTLS
+
 #include <stddef.h>
 #include <algorithm>
 #include <iosfwd>
@@ -183,6 +187,20 @@ class http_request {
          return version;
      }
 
+#ifdef HAVE_GNUTLS
+     /**
+      * Method used to check if there is a TLS session.
+      * @return the TLS session
+      **/
+      bool has_tls_session() const;
+
+     /**
+      * Method used to get the TLS session.
+      * @return the TLS session
+      **/
+      gnutls_session_t get_tls_session() const;
+#endif  // HAVE_GNUTLS
+
      /**
       * Method used to get the requestor.
       * @return the requestor
