EOSIO/eos#2586

- consolidate http(s) parameters and http_client management in a new http_client_plugin for any appbase-based app

EOSIO/eos#2586
- consolidate http(s) parameters and http_client management in a new http_client_plugin for any appbase-based app
9769fcde · Bart Wyatt · 18637552 · 9769fcde · 9769fcde · 9769fcde
8 changed file
--- a/plugins/CMakeLists.txt
+++ b/plugins/CMakeLists.txt
@@ -2,6 +2,7 @@ add_subdirectory(bnet_plugin)
 add_subdirectory(net_plugin)
 add_subdirectory(net_api_plugin)
 add_subdirectory(http_plugin)
+add_subdirectory(http_client_plugin)
 add_subdirectory(chain_plugin)
 add_subdirectory(chain_api_plugin)
 add_subdirectory(producer_plugin)

--- a/plugins/http_client_plugin/CMakeLists.txt
+++ b/plugins/http_client_plugin/CMakeLists.txt
+file(GLOB HEADERS "include/eosio/http_client_plugin/*.hpp")
+add_library( http_client_plugin
+             http_client_plugin.cpp
+             ${HEADERS} )
+
+target_link_libraries( http_client_plugin appbase fc )
+target_include_directories( http_client_plugin PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/include" )
--- a/plugins/http_client_plugin/http_client_plugin.cpp
+++ b/plugins/http_client_plugin/http_client_plugin.cpp
+/**
+ *  @file
+ *  @copyright defined in eos/LICENSE.txt
+ */
+#include <eosio/http_client_plugin/http_client_plugin.hpp>
+#include <boost/algorithm/string/predicate.hpp>
+#include <fstream>
+
+namespace eosio {
+
+http_client_plugin::http_client_plugin():my(new http_client()){}
+http_client_plugin::~http_client_plugin(){}
+
+void http_client_plugin::set_program_options(options_description&, options_description& cfg) {
+   cfg.add_options()
+      ("https-client-root-cert", boost::program_options::value<vector<string>>()->composing()->multitoken(),
+       "PEM encoded trusted root certificate (or path to file containing one) used to validate any TLS connections made.  (may specify multiple times)\n")
+      ("https-client-validate-peers", boost::program_options::value<bool>()->default_value(true),
+       "true: validate that the peer certificates are valid and trusted, false: ignore cert errors")
+      ;
+
+}
+
+void http_client_plugin::plugin_initialize(const variables_map& options) {
+   if ( options.count("https-client-root-cert") ) {
+      const std::vector<std::string> root_pems = options["https-client-root-cert"].as<std::vector<std::string>>();
+      for (const auto& root_pem : root_pems) {
+         std::string pem_str = root_pem;
+         if (!boost::algorithm::starts_with(pem_str, "-----BEGIN CERTIFICATE-----\n")) {
+            try {
+               auto infile = std::ifstream(pem_str);
+               std::stringstream sstr;
+               sstr << infile.rdbuf();
+               pem_str = sstr.str();
+               FC_ASSERT(boost::algorithm::starts_with(pem_str, "-----BEGIN CERTIFICATE-----\n"), "File does not appear to be a PEM encoded certificate");
+            } catch (const fc::exception& e) {
+               elog("Failed to read PEM ${f} : ${e}", ("f", root_pem)("e",e.to_detail_string()));
+            }
+         }
+
+         try {
+            my->add_cert(pem_str);
+         } catch (const fc::exception& e) {
+            elog("Failed to read PEM : ${e} \n${pem}\n", ("pem", pem_str)("e",e.to_detail_string()));
+         }
+      }
+   }
+
+   my->set_verify_peers(options.at("https-client-validate-peers").as<bool>());
+}
+
+void http_client_plugin::plugin_startup() {
+
+}
+
+void http_client_plugin::plugin_shutdown() {
+
+}
+
+}
--- a/plugins/http_client_plugin/include/eosio/http_client_plugin/http_client_plugin.hpp
+++ b/plugins/http_client_plugin/include/eosio/http_client_plugin/http_client_plugin.hpp
+/**
+ *  @file
+ *  @copyright defined in eos/LICENSE.txt
+ */
+#pragma once
+#include <appbase/application.hpp>
+#include <fc/network/http/http_client.hpp>
+
+namespace eosio {
+   using namespace appbase;
+   using fc::http_client;
+
+   class http_client_plugin : public appbase::plugin<http_client_plugin>
+   {
+      public:
+        http_client_plugin();
+        virtual ~http_client_plugin();
+
+        APPBASE_PLUGIN_REQUIRES()
+        virtual void set_program_options(options_description&, options_description& cfg) override;
+
+        void plugin_initialize(const variables_map& options);
+        void plugin_startup();
+        void plugin_shutdown();
+
+        http_client& get_client() {
+           return *my;
+        }
+
+      private:
+        std::unique_ptr<http_client> my;
+   };
+
+}
--- a/plugins/producer_plugin/CMakeLists.txt
+++ b/plugins/producer_plugin/CMakeLists.txt
@@ -5,6 +5,6 @@ add_library( producer_plugin
             ${HEADERS}
           )

-target_link_libraries( producer_plugin chain_plugin appbase eosio_chain eos_utilities )
+target_link_libraries( producer_plugin chain_plugin http_client_plugin appbase eosio_chain eos_utilities )
 target_include_directories( producer_plugin
                            PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/include" "${CMAKE_CURRENT_SOURCE_DIR}/../chain_interface/include" )
--- a/plugins/producer_plugin/include/eosio/producer_plugin/producer_plugin.hpp
+++ b/plugins/producer_plugin/include/eosio/producer_plugin/producer_plugin.hpp
@@ -6,6 +6,7 @@
 #pragma once

 #include <eosio/chain_plugin/chain_plugin.hpp>
+#include <eosio/http_client_plugin/http_client_plugin.hpp>

 #include <appbase/application.hpp>

@@ -15,7 +16,7 @@ using boost::signals2::signal;

 class producer_plugin : public appbase::plugin<producer_plugin> {
 public:
-   APPBASE_PLUGIN_REQUIRES((chain_plugin))
+   APPBASE_PLUGIN_REQUIRES((chain_plugin)(http_client_plugin))

   struct runtime_options {
      fc::optional<int32_t> max_transaction_time;

--- a/plugins/producer_plugin/producer_plugin.cpp
+++ b/plugins/producer_plugin/producer_plugin.cpp
@@ -11,7 +11,6 @@
 #include <fc/io/json.hpp>
 #include <fc/smart_ref_impl.hpp>
 #include <fc/scoped_exit.hpp>
-#include <fc/network/http/http_client.hpp>

 #include <boost/asio.hpp>
 #include <boost/date_time/posix_time/posix_time.hpp>
@@ -25,7 +24,6 @@
 #include <boost/multi_index/hashed_index.hpp>
 #include <boost/multi_index/ordered_index.hpp>
 #include <boost/signals2/connection.hpp>
-#include <boost/algorithm/string/predicate.hpp>

 namespace bmi = boost::multi_index;
 using bmi::indexed_by;
@@ -155,8 +153,6 @@ class producer_plugin_impl : public std::enable_shared_from_this<producer_plugin
      fc::optional<scoped_connection>                          _accepted_block_connection;
      fc::optional<scoped_connection>                          _irreversible_block_connection;

-      fc::http_client                                          _http_client;
-
      /*
       * HACK ALERT
       * Boost timers can be in a state where a handler has not yet executed but is not abortable.
@@ -434,8 +430,6 @@ void producer_plugin::set_program_options(
          "   KEOSD:<data>           \tis the URL where keosd is available and the approptiate wallet(s) are unlocked")
         ("keosd-provider-timeout", boost::program_options::value<int32_t>()->default_value(5),
          "Limits the maximum time (in milliseconds) that is allowd for sending blocks to a keosd provider for signing")
-         ("trusted-root-cert", boost::program_options::value<vector<string>>()->composing()->multitoken(),
-          "PEM encoded trusted root certificate (or path to file containing one) used to validate any TLS connections made.  (may specify multiple times)\n")
         ;
   config_file_options.add(producer_options);
 }
@@ -490,7 +484,7 @@ make_keosd_signature_provider(const std::shared_ptr<producer_plugin_impl>& impl,
         fc::variant params;
         fc::to_variant(std::make_pair(digest, pubkey), params);
         auto deadline = impl->_keosd_provider_timeout_us.count() >= 0 ? fc::time_point::now() + impl->_keosd_provider_timeout_us : fc::time_point::maximum();
-         return impl->_http_client.post_sync(keosd_url, params, deadline).as<chain::signature_type>();
+         return app().get_plugin<http_client_plugin>().get_client().post_sync(keosd_url, params, deadline).as<chain::signature_type>();
      } else {
         return signature_type();
      }
@@ -545,28 +539,6 @@ void producer_plugin::plugin_initialize(const boost::program_options::variables_
      }
   }

-   if ( options.count("trusted-root-cert") ) {
-      const std::vector<std::string> root_pems = options["trusted-root-cert"].as<std::vector<std::string>>();
-      for (const auto& root_pem : root_pems) {
-         if (boost::algorithm::starts_with(root_pem, "-----BEGIN CERTIFICATE-----\n")) {
-            try {
-               my->_http_client.add_cert(root_pem);
-            } catch (const fc::exception& e) {
-               elog("Failed add PEM literal\n${p} : ${e}", ("p", root_pem)("e",e.to_detail_string()));
-            }
-         } else {
-            try {
-               auto infile = std::ifstream(root_pem);
-               std::stringstream sstr;
-               sstr << infile.rdbuf();
-               my->_http_client.add_cert(sstr.str());
-            } catch (const fc::exception& e) {
-               elog("Failed to read PEM ${f} : ${e}", ("f", root_pem)("e",e.to_detail_string()));
-            }
-         }
-      }
-   }
-
   my->_keosd_provider_timeout_us = fc::milliseconds(options.at("keosd-provider-timeout").as<int32_t>());

   my->_max_transaction_time_ms = options.at("max-transaction-time").as<int32_t>();

--- a/programs/nodeos/CMakeLists.txt
+++ b/programs/nodeos/CMakeLists.txt
@@ -56,7 +56,7 @@ target_link_libraries( nodeos
        PRIVATE -Wl,${whole_archive_flag} txn_test_gen_plugin        -Wl,${no_whole_archive_flag}
        PRIVATE -Wl,${whole_archive_flag} db_size_api_plugin         -Wl,${no_whole_archive_flag}
        PRIVATE -Wl,${whole_archive_flag} producer_api_plugin        -Wl,${no_whole_archive_flag}
-        PRIVATE chain_plugin http_plugin producer_plugin
+        PRIVATE chain_plugin http_plugin producer_plugin http_client_plugin
        PRIVATE eosio_chain fc ${CMAKE_DL_LIBS} ${PLATFORM_SPECIFIC_LIBS} )

 if(TARGET sql_db_plugin)