增加SetVerifyCert函数，支持配置不校验服务端证书(默认校验) (#122)

chen-honggang · gavinhgchen · web-flow · commit b8b2575259fe · 2022-11-24T15:47:39.000+08:00
* 增加SetVerifyCert函数，支持配置不校验服务端证书(默认校验)

Co-authored-by: gavinhgchen &lt;gavinhgchen@tencent.com&gt;
diff --git a/include/op/file_copy_task.h b/include/op/file_copy_task.h
@@ -33,6 +33,7 @@ class FileCopyTask : public Poco::Runnable {
 
   void SetHeaders(const std::map<std::string, std::string>& headers);
 
+  void SetVerifyCert(bool verify_cert);
   void SetCaLocation(const std::string& ca_location);
 
   std::string GetErrMsg() const { return m_err_msg; }
@@ -54,6 +55,8 @@ class FileCopyTask : public Poco::Runnable {
   std::string m_err_msg;
   std::string m_etag;
   std::string m_last_modified;
+
+  bool m_verify_cert;
   std::string m_ca_location;
 };
 
diff --git a/include/op/file_download_task.h b/include/op/file_download_task.h
@@ -26,7 +26,9 @@ class FileDownTask : public Poco::Runnable {
                uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms,
                const SharedTransferHandler& handler = nullptr,
                uint64_t offset = 0, unsigned char* pbuf = NULL,
-               const size_t data_len = 0, const std::string& ca_lication = "");
+               const size_t data_len = 0, 
+               bool verify_cert = true,
+               const std::string& ca_lication = "");
 
   ~FileDownTask() {}
 
@@ -36,6 +38,7 @@ class FileDownTask : public Poco::Runnable {
 
   void SetDownParams(unsigned char* pdatabuf, size_t datalen, uint64_t offset);
 
+  void SetVerifyCert(bool verify_cert);
   void SetCaLocation(const std::string& ca_location);
 
   std::string GetTaskResp();
@@ -67,6 +70,7 @@ class FileDownTask : public Poco::Runnable {
   std::map<std::string, std::string> m_resp_headers;
   std::string m_err_msg;
 
+  bool m_verify_cert;
   std::string m_ca_location;
 
   SharedConfig m_config;
diff --git a/include/op/file_upload_task.h b/include/op/file_upload_task.h
@@ -14,20 +14,24 @@ class FileUploadTask : public Poco::Runnable {
  public:
   FileUploadTask(const std::string& full_url, uint64_t conn_timeout_in_ms,
                  uint64_t recv_timeout_in_ms, unsigned char* pbuf = NULL,
-                 const size_t data_len = 0, const std::string& ca_location = "");
+                 const size_t data_len = 0, 
+                 bool verify_cert = true,
+                 const std::string& ca_location = "");
 
   FileUploadTask(const std::string& full_url,
                  const std::map<std::string, std::string>& headers,
                  const std::map<std::string, std::string>& params,
                  uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms,
                  const SharedTransferHandler& handler,
+                 bool verify_cert = true,
                  const std::string& ca_location = "");
 
   FileUploadTask(const std::string& full_url,
                  const std::map<std::string, std::string>& headers,
                  const std::map<std::string, std::string>& params,
                  uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms,
                  unsigned char* pbuf = NULL, const size_t data_len = 0,
+                 bool verify_cert = true,
                  const std::string& ca_location = "");
 
   ~FileUploadTask() {}
@@ -68,6 +72,7 @@ class FileUploadTask : public Poco::Runnable {
 
   uint64_t GetPartNumber() const { return m_part_number; }
 
+  void SetVerifyCert(bool verify_cert);
   void SetCaLocation(const std::string& ca_location);
 
  private:
@@ -88,6 +93,7 @@ class FileUploadTask : public Poco::Runnable {
   uint64_t m_part_number;
   SharedTransferHandler m_handler;
 
+  bool m_verify_cert;
   std::string m_ca_location;
 };
 
diff --git a/include/op/object_op.h b/include/op/object_op.h
@@ -390,7 +390,8 @@ class ObjectOp : public BaseOp {
                     const std::string& range,
                     const std::map<std::string, std::string>& headers,
                     const std::map<std::string, std::string>& params,
-                    const std::string& ca_location, FileCopyTask* task);
+                    bool verify_cert,const std::string& ca_location, 
+                    FileCopyTask* task);
 
   /// \brief 检查是否可以走断点下载
   /// \param req  PutObjectByFile请求
diff --git a/include/request/base_req.h b/include/request/base_req.h
@@ -93,6 +93,9 @@ class BaseReq {
   void SetCaLocation(const std::string& ca_location) { m_ca_location = ca_location; }
   const std::string& GetCaLocation() const { return m_ca_location; }
 
+  void SetVerifyCert(bool verify_cert) { mb_verify_cert = verify_cert; }
+  bool GetVerifyCert() const { return mb_verify_cert; }
+
   /// \brief 输出请求的header和param信息
   std::string DebugString() const;
 
@@ -114,6 +117,7 @@ class BaseReq {
   bool mb_check_md5;    // default is true
   bool mb_check_crc64;  // default is false
 
+  bool mb_verify_cert;  // default is true
   std::string m_ca_location;
 };
 
diff --git a/include/util/http_sender.h b/include/util/http_sender.h
@@ -31,6 +31,7 @@ class HttpSender {
                          std::map<std::string, std::string>* resp_headers,
                          std::string* resp_body, std::string* err_msg,
                          bool is_check_md5 = false,
+                         bool is_verify_cert = true,
                          const std::string& ca_location = "");
 
   static int SendRequest(const SharedTransferHandler& handler,
@@ -44,6 +45,7 @@ class HttpSender {
                          std::map<std::string, std::string>* resp_headers,
                          std::ostream& resp_stream, std::string* err_msg,
                          bool is_check_md5 = false,
+                         bool is_verify_cert = true,
                          const std::string& ca_location = "");
 
   static int SendRequest(const SharedTransferHandler& handler,
@@ -56,6 +58,7 @@ class HttpSender {
                          std::map<std::string, std::string>* resp_headers,
                          std::string* resp_body, std::string* err_msg,
                          bool is_check_md5 = false,
+                         bool is_verify_cert = true,
                          const std::string& ca_location = "");
 
   static int SendRequest(const SharedTransferHandler& handler,
@@ -68,6 +71,7 @@ class HttpSender {
                          std::map<std::string, std::string>* resp_headers,
                          std::ostream& resp_stream, std::string* err_msg,
                          bool is_check_md5 = false,
+                         bool is_verify_cert = true,
                          const std::string& ca_location = "");
 
   static int SendRequest(const SharedTransferHandler& handler,
@@ -82,6 +86,7 @@ class HttpSender {
                          std::string* xml_err_str, std::ostream& resp_stream,
                          std::string* err_msg, uint64_t* real_byte,
                          bool is_check_md5 = false,
+                         bool is_verify_cert = true, 
                          const std::string& ca_location = "");
 };
 
diff --git a/src/op/base_op.cpp b/src/op/base_op.cpp
@@ -104,7 +104,7 @@ CosResult BaseOp::NormalAction(
   int http_code = HttpSender::SendRequest(nullptr,
       req.GetMethod(), dest_url, req_params, req_headers, req_body,
       req.GetConnTimeoutInms(), req.GetRecvTimeoutInms(), &resp_headers,
-      &resp_body, &err_msg, false, req.GetCaLocation());
+      &resp_body, &err_msg, false, req.GetVerifyCert(), req.GetCaLocation());
   if (http_code == -1) {
     result.SetErrorMsg(err_msg);
     return result;
@@ -185,7 +185,8 @@ CosResult BaseOp::DownloadAction(const std::string& host,
   int http_code = HttpSender::SendRequest(
       handler, req.GetMethod(), dest_url, req_params, req_headers, "",
       req.GetConnTimeoutInms(), req.GetRecvTimeoutInms(), &resp_headers,
-      &xml_err_str, os, &err_msg, &real_byte, req.CheckMD5(), req.GetCaLocation());
+      &xml_err_str, os, &err_msg, &real_byte, req.CheckMD5(), 
+      req.GetVerifyCert(), req.GetCaLocation());
   if (http_code == -1) {
     result.SetErrorMsg(err_msg);
     resp->ParseFromHeaders(resp_headers);
@@ -272,7 +273,7 @@ CosResult BaseOp::UploadAction(
   int http_code = HttpSender::SendRequest(
       handler, req.GetMethod(), dest_url, req_params, req_headers, is,
       req.GetConnTimeoutInms(), req.GetRecvTimeoutInms(), &resp_headers,
-      &resp_body, &err_msg, false, req.GetCaLocation());
+      &resp_body, &err_msg, false, req.GetVerifyCert(), req.GetCaLocation());
   if (http_code == -1) {
     result.SetErrorMsg(err_msg);
     return result;
diff --git a/src/op/file_copy_task.cpp b/src/op/file_copy_task.cpp
@@ -14,7 +14,8 @@ FileCopyTask::FileCopyTask(const std::string& full_url,
       m_conn_timeout_in_ms(conn_timeout_in_ms),
       m_recv_timeout_in_ms(recv_timeout_in_ms),
       m_is_task_success(false),
-      m_etag("") {}
+      m_etag(""),
+      m_verify_cert(true) {}
 
 bool FileCopyTask::IsTaskSuccess() const { return m_is_task_success; }
 
@@ -37,6 +38,10 @@ void FileCopyTask::SetHeaders(
   m_headers.insert(headers.begin(), headers.end());
 }
 
+void FileCopyTask::SetVerifyCert(bool verify_cert) {
+  m_verify_cert = verify_cert;
+}
+
 void FileCopyTask::SetCaLocation(const std::string& ca_location) {
   m_ca_location = ca_location;
 }
@@ -56,7 +61,7 @@ void FileCopyTask::CopyTask() {
     m_http_status = HttpSender::SendRequest(nullptr,
         "PUT", m_full_url, m_params, m_headers, "", m_conn_timeout_in_ms,
         m_recv_timeout_in_ms, &m_resp_headers, &m_resp, &m_err_msg,
-        false, m_ca_location);
+        false, m_verify_cert, m_ca_location);
 
     if (m_http_status != 200) {
       SDK_LOG_ERR("FileUpload: url(%s) fail, httpcode:%d, resp: %s",
diff --git a/src/op/file_download_task.cpp b/src/op/file_download_task.cpp
@@ -17,6 +17,7 @@ FileDownTask::FileDownTask(const std::string& full_url,
                            const SharedTransferHandler& handler,
                            uint64_t offset, unsigned char* pbuf,
                            const size_t data_len,
+                           bool verify_cert,
                            const std::string& ca_lication)
     : m_full_url(full_url),
       m_headers(headers),
@@ -30,6 +31,7 @@ FileDownTask::FileDownTask(const std::string& full_url,
       m_resp(""),
       m_is_task_success(false),
       m_real_down_len(0),
+      m_verify_cert(verify_cert),
       m_ca_location(ca_lication) {}
 
 void FileDownTask::run() {
@@ -45,6 +47,10 @@ void FileDownTask::SetDownParams(unsigned char* pbuf, size_t data_len,
   m_offset = offset;
 }
 
+void FileDownTask::SetVerifyCert(bool verify_cert) {
+  m_verify_cert = verify_cert;
+}
+
 void FileDownTask::SetCaLocation(const std::string& ca_location) {
   m_ca_location = ca_location;
 }
@@ -86,7 +92,7 @@ void FileDownTask::DownTask() {
     m_http_status = HttpSender::SendRequest(
           m_handler, "GET", m_full_url, m_params, m_headers, "",
           m_conn_timeout_in_ms, m_recv_timeout_in_ms, &m_resp_headers, &m_resp,
-          &m_err_msg, false, m_ca_location);
+          &m_err_msg, false, m_verify_cert, m_ca_location);
     //}
     //当实际长度小于请求的数据长度时httpcode为206
     if (m_http_status != 200 && m_http_status != 206) {
diff --git a/src/op/file_upload_task.cpp b/src/op/file_upload_task.cpp
@@ -12,7 +12,9 @@ namespace qcloud_cos {
 FileUploadTask::FileUploadTask(const std::string& full_url,
                                uint64_t conn_timeout_in_ms,
                                uint64_t recv_timeout_in_ms, unsigned char* pbuf,
-                               const size_t data_len, const std::string& ca_location)
+                               const size_t data_len, 
+                               bool verify_cert,
+                               const std::string& ca_location)
     : m_full_url(full_url),
       m_conn_timeout_in_ms(conn_timeout_in_ms),
       m_recv_timeout_in_ms(recv_timeout_in_ms),  
@@ -22,6 +24,7 @@ FileUploadTask::FileUploadTask(const std::string& full_url,
       m_is_task_success(false),
       m_is_resume(false),
       m_handler(NULL),
+      m_verify_cert(verify_cert),
       m_ca_location(ca_location) {}
 
 FileUploadTask::FileUploadTask(
@@ -30,6 +33,7 @@ FileUploadTask::FileUploadTask(
     const std::map<std::string, std::string>& params,
     uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms,
     const SharedTransferHandler& handler,
+    bool verify_cert,
     const std::string& ca_location)
     : m_full_url(full_url),
       m_headers(headers),
@@ -42,6 +46,7 @@ FileUploadTask::FileUploadTask(
       m_is_task_success(false),
       m_is_resume(false),
       m_handler(handler),
+      m_verify_cert(verify_cert),
       m_ca_location(ca_location) {}
 
 FileUploadTask::FileUploadTask(
@@ -50,6 +55,7 @@ FileUploadTask::FileUploadTask(
     const std::map<std::string, std::string>& params,
     uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms,
     unsigned char* pbuf, const size_t data_len,
+    bool verify_cert,
     const std::string& ca_location)
     : m_full_url(full_url),
       m_headers(headers),
@@ -62,6 +68,7 @@ FileUploadTask::FileUploadTask(
       m_is_task_success(false),
       m_is_resume(false),
       m_handler(NULL),
+      m_verify_cert(verify_cert),
       m_ca_location(ca_location) {}
 
 void FileUploadTask::run() {
@@ -117,6 +124,10 @@ void FileUploadTask::SetPartNumber(uint64_t part_number) {
   m_part_number = part_number;
 }
 
+void FileUploadTask::SetVerifyCert(bool verify_cert) {
+  m_verify_cert = verify_cert;
+}
+
 void FileUploadTask::SetCaLocation(const std::string& ca_location) {
   m_ca_location = ca_location;
 }
@@ -150,7 +161,7 @@ void FileUploadTask::UploadTask() {
     m_http_status = HttpSender::SendRequest(
         m_handler, "PUT", m_full_url, m_params, m_headers, body,
         m_conn_timeout_in_ms, m_recv_timeout_in_ms, &m_resp_headers, &m_resp,
-        &m_err_msg, false, m_ca_location);
+        &m_err_msg, false, m_verify_cert, m_ca_location);
     //}
 
     if (m_http_status != 200) {
diff --git a/src/op/object_op.cpp b/src/op/object_op.cpp
@@ -1015,7 +1015,8 @@ CosResult ObjectOp::Copy(const CopyReq& req, CopyResp* resp) {
 
         FileCopyTask* ptask = pptaskArr[task_index];
         FillCopyTask(upload_id, host, path, part_number, range,
-                     part_copy_headers, req.GetParams(), req.GetCaLocation(), ptask);
+                     part_copy_headers, req.GetParams(), 
+                     req.GetVerifyCert(), req.GetCaLocation(), ptask);
         tp.start(*ptask);
         part_numbers.push_back(part_number);
         ++part_number;
@@ -1262,6 +1263,7 @@ ObjectOp::MultiThreadDownload(const GetObjectByFileReq& req,
       left_size = file_size - offset;
       part_len = slice_size < left_size ? slice_size : left_size;
       ptask->SetDownParams(file_content_buf[task_index], part_len, offset);
+      ptask->SetVerifyCert(req.GetVerifyCert());
       ptask->SetCaLocation(req.GetCaLocation());
       tp.start(*ptask);
       vec_offset[task_index] = offset;
@@ -1456,7 +1458,8 @@ CosResult ObjectOp::MultiThreadUpload(
   for (int i = 0; i < pool_size; ++i) {
     pptaskArr[i] =
         new FileUploadTask(dest_url, headers, params, req.GetConnTimeoutInms(),
-                           req.GetRecvTimeoutInms(), handler, req.GetCaLocation());
+                           req.GetRecvTimeoutInms(), handler, 
+                           req.GetVerifyCert(), req.GetCaLocation());
   }
 
   SDK_LOG_DBG("upload data, url=%s, poolsize=%u, part_size=%" PRIu64
@@ -1627,7 +1630,8 @@ void ObjectOp::FillCopyTask(const std::string& upload_id,
                             uint64_t part_number, const std::string& range,
                             const std::map<std::string, std::string>& headers,
                             const std::map<std::string, std::string>& params,
-                            const std::string& ca_location, FileCopyTask* task_ptr) {
+                            bool verify_cert, const std::string& ca_location, 
+                            FileCopyTask* task_ptr) {
   std::map<std::string, std::string> req_params = params;
   req_params.insert(std::make_pair("uploadId", upload_id));
   req_params.insert(
@@ -1651,6 +1655,7 @@ void ObjectOp::FillCopyTask(const std::string& upload_id,
 
   task_ptr->SetParams(req_params);
   task_ptr->SetHeaders(req_headers);
+  task_ptr->SetVerifyCert(verify_cert);
   task_ptr->SetCaLocation(ca_location);
 }
 
diff --git a/src/request/base_req.cpp b/src/request/base_req.cpp
@@ -14,7 +14,8 @@ namespace qcloud_cos {
 #define COS_CPP_SDK_HTTP_HEADER_USER_AGENT "cos-cpp-sdk-" COS_CPP_SDK_VERSON
 
 BaseReq::BaseReq()
-    : m_is_https(false), mb_check_md5(true), mb_check_crc64(false) {
+    : m_is_https(false), mb_check_md5(true), 
+      mb_check_crc64(false), mb_verify_cert(true) {
   m_recv_timeout_in_ms = CosSysConfig::GetRecvTimeoutInms();
   m_conn_timeout_in_ms = CosSysConfig::GetConnTimeoutInms();
   AddHeader("User-Agent", COS_CPP_SDK_HTTP_HEADER_USER_AGENT);
diff --git a/src/util/http_sender.cpp b/src/util/http_sender.cpp
