diff --git a/include/op/file_copy_task.h b/include/op/file_copy_task.h index 61ab025..b2a6837 100644 --- a/include/op/file_copy_task.h +++ b/include/op/file_copy_task.h @@ -33,6 +33,7 @@ class FileCopyTask : public Poco::Runnable { void SetHeaders(const std::map& headers); + void SetVerifyCert(bool verify_cert); void SetCaLocation(const std::string& ca_location); std::string GetErrMsg() const { return m_err_msg; } @@ -54,6 +55,8 @@ class FileCopyTask : public Poco::Runnable { std::string m_err_msg; std::string m_etag; std::string m_last_modified; + + bool m_verify_cert; std::string m_ca_location; }; diff --git a/include/op/file_download_task.h b/include/op/file_download_task.h index e49290a..ec426be 100644 --- a/include/op/file_download_task.h +++ b/include/op/file_download_task.h @@ -26,7 +26,9 @@ class FileDownTask : public Poco::Runnable { uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, const SharedTransferHandler& handler = nullptr, uint64_t offset = 0, unsigned char* pbuf = NULL, - const size_t data_len = 0, const std::string& ca_lication = ""); + const size_t data_len = 0, + bool verify_cert = true, + const std::string& ca_lication = ""); ~FileDownTask() {} @@ -36,6 +38,7 @@ class FileDownTask : public Poco::Runnable { void SetDownParams(unsigned char* pdatabuf, size_t datalen, uint64_t offset); + void SetVerifyCert(bool verify_cert); void SetCaLocation(const std::string& ca_location); std::string GetTaskResp(); @@ -67,6 +70,7 @@ class FileDownTask : public Poco::Runnable { std::map m_resp_headers; std::string m_err_msg; + bool m_verify_cert; std::string m_ca_location; SharedConfig m_config; diff --git a/include/op/file_upload_task.h b/include/op/file_upload_task.h index e1a0632..e622552 100644 --- a/include/op/file_upload_task.h +++ b/include/op/file_upload_task.h @@ -14,13 +14,16 @@ class FileUploadTask : public Poco::Runnable { public: FileUploadTask(const std::string& full_url, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, unsigned char* pbuf = NULL, - const size_t data_len = 0, const std::string& ca_location = ""); + const size_t data_len = 0, + bool verify_cert = true, + const std::string& ca_location = ""); FileUploadTask(const std::string& full_url, const std::map& headers, const std::map& params, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, const SharedTransferHandler& handler, + bool verify_cert = true, const std::string& ca_location = ""); FileUploadTask(const std::string& full_url, @@ -28,6 +31,7 @@ class FileUploadTask : public Poco::Runnable { const std::map& params, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, unsigned char* pbuf = NULL, const size_t data_len = 0, + bool verify_cert = true, const std::string& ca_location = ""); ~FileUploadTask() {} @@ -68,6 +72,7 @@ class FileUploadTask : public Poco::Runnable { uint64_t GetPartNumber() const { return m_part_number; } + void SetVerifyCert(bool verify_cert); void SetCaLocation(const std::string& ca_location); private: @@ -88,6 +93,7 @@ class FileUploadTask : public Poco::Runnable { uint64_t m_part_number; SharedTransferHandler m_handler; + bool m_verify_cert; std::string m_ca_location; }; diff --git a/include/op/object_op.h b/include/op/object_op.h index 6e51694..48094a4 100644 --- a/include/op/object_op.h +++ b/include/op/object_op.h @@ -390,7 +390,8 @@ class ObjectOp : public BaseOp { const std::string& range, const std::map& headers, const std::map& params, - const std::string& ca_location, FileCopyTask* task); + bool verify_cert,const std::string& ca_location, + FileCopyTask* task); /// \brief 检查是否可以走断点下载 /// \param req PutObjectByFile请求 diff --git a/include/request/base_req.h b/include/request/base_req.h index ccdb318..c281496 100644 --- a/include/request/base_req.h +++ b/include/request/base_req.h @@ -93,6 +93,9 @@ class BaseReq { void SetCaLocation(const std::string& ca_location) { m_ca_location = ca_location; } const std::string& GetCaLocation() const { return m_ca_location; } + void SetVerifyCert(bool verify_cert) { mb_verify_cert = verify_cert; } + bool GetVerifyCert() const { return mb_verify_cert; } + /// \brief 输出请求的header和param信息 std::string DebugString() const; @@ -114,6 +117,7 @@ class BaseReq { bool mb_check_md5; // default is true bool mb_check_crc64; // default is false + bool mb_verify_cert; // default is true std::string m_ca_location; }; diff --git a/include/util/http_sender.h b/include/util/http_sender.h index df0a1c2..dfa17b1 100644 --- a/include/util/http_sender.h +++ b/include/util/http_sender.h @@ -31,6 +31,7 @@ class HttpSender { std::map* resp_headers, std::string* resp_body, std::string* err_msg, bool is_check_md5 = false, + bool is_verify_cert = true, const std::string& ca_location = ""); static int SendRequest(const SharedTransferHandler& handler, @@ -44,6 +45,7 @@ class HttpSender { std::map* resp_headers, std::ostream& resp_stream, std::string* err_msg, bool is_check_md5 = false, + bool is_verify_cert = true, const std::string& ca_location = ""); static int SendRequest(const SharedTransferHandler& handler, @@ -56,6 +58,7 @@ class HttpSender { std::map* resp_headers, std::string* resp_body, std::string* err_msg, bool is_check_md5 = false, + bool is_verify_cert = true, const std::string& ca_location = ""); static int SendRequest(const SharedTransferHandler& handler, @@ -68,6 +71,7 @@ class HttpSender { std::map* resp_headers, std::ostream& resp_stream, std::string* err_msg, bool is_check_md5 = false, + bool is_verify_cert = true, const std::string& ca_location = ""); static int SendRequest(const SharedTransferHandler& handler, @@ -82,6 +86,7 @@ class HttpSender { std::string* xml_err_str, std::ostream& resp_stream, std::string* err_msg, uint64_t* real_byte, bool is_check_md5 = false, + bool is_verify_cert = true, const std::string& ca_location = ""); }; diff --git a/src/op/base_op.cpp b/src/op/base_op.cpp index aba1837..66cf0a6 100644 --- a/src/op/base_op.cpp +++ b/src/op/base_op.cpp @@ -104,7 +104,7 @@ CosResult BaseOp::NormalAction( int http_code = HttpSender::SendRequest(nullptr, req.GetMethod(), dest_url, req_params, req_headers, req_body, req.GetConnTimeoutInms(), req.GetRecvTimeoutInms(), &resp_headers, - &resp_body, &err_msg, false, req.GetCaLocation()); + &resp_body, &err_msg, false, req.GetVerifyCert(), req.GetCaLocation()); if (http_code == -1) { result.SetErrorMsg(err_msg); return result; @@ -185,9 +185,12 @@ CosResult BaseOp::DownloadAction(const std::string& host, int http_code = HttpSender::SendRequest( handler, req.GetMethod(), dest_url, req_params, req_headers, "", req.GetConnTimeoutInms(), req.GetRecvTimeoutInms(), &resp_headers, - &xml_err_str, os, &err_msg, &real_byte, req.CheckMD5(), req.GetCaLocation()); + &xml_err_str, os, &err_msg, &real_byte, req.CheckMD5(), + req.GetVerifyCert(), req.GetCaLocation()); if (http_code == -1) { result.SetErrorMsg(err_msg); + resp->ParseFromHeaders(resp_headers); + result.SetXCosRequestId(resp->GetXCosRequestId()); return result; } @@ -270,7 +273,7 @@ CosResult BaseOp::UploadAction( int http_code = HttpSender::SendRequest( handler, req.GetMethod(), dest_url, req_params, req_headers, is, req.GetConnTimeoutInms(), req.GetRecvTimeoutInms(), &resp_headers, - &resp_body, &err_msg, false, req.GetCaLocation()); + &resp_body, &err_msg, false, req.GetVerifyCert(), req.GetCaLocation()); if (http_code == -1) { result.SetErrorMsg(err_msg); return result; diff --git a/src/op/file_copy_task.cpp b/src/op/file_copy_task.cpp index 38eadb4..efb38bf 100644 --- a/src/op/file_copy_task.cpp +++ b/src/op/file_copy_task.cpp @@ -14,7 +14,8 @@ FileCopyTask::FileCopyTask(const std::string& full_url, m_conn_timeout_in_ms(conn_timeout_in_ms), m_recv_timeout_in_ms(recv_timeout_in_ms), m_is_task_success(false), - m_etag("") {} + m_etag(""), + m_verify_cert(true) {} bool FileCopyTask::IsTaskSuccess() const { return m_is_task_success; } @@ -37,6 +38,10 @@ void FileCopyTask::SetHeaders( m_headers.insert(headers.begin(), headers.end()); } +void FileCopyTask::SetVerifyCert(bool verify_cert) { + m_verify_cert = verify_cert; +} + void FileCopyTask::SetCaLocation(const std::string& ca_location) { m_ca_location = ca_location; } @@ -56,7 +61,7 @@ void FileCopyTask::CopyTask() { m_http_status = HttpSender::SendRequest(nullptr, "PUT", m_full_url, m_params, m_headers, "", m_conn_timeout_in_ms, m_recv_timeout_in_ms, &m_resp_headers, &m_resp, &m_err_msg, - false, m_ca_location); + false, m_verify_cert, m_ca_location); if (m_http_status != 200) { SDK_LOG_ERR("FileUpload: url(%s) fail, httpcode:%d, resp: %s", diff --git a/src/op/file_download_task.cpp b/src/op/file_download_task.cpp index 5235e32..ab4a3b3 100644 --- a/src/op/file_download_task.cpp +++ b/src/op/file_download_task.cpp @@ -17,6 +17,7 @@ FileDownTask::FileDownTask(const std::string& full_url, const SharedTransferHandler& handler, uint64_t offset, unsigned char* pbuf, const size_t data_len, + bool verify_cert, const std::string& ca_lication) : m_full_url(full_url), m_headers(headers), @@ -30,6 +31,7 @@ FileDownTask::FileDownTask(const std::string& full_url, m_resp(""), m_is_task_success(false), m_real_down_len(0), + m_verify_cert(verify_cert), m_ca_location(ca_lication) {} void FileDownTask::run() { @@ -45,6 +47,10 @@ void FileDownTask::SetDownParams(unsigned char* pbuf, size_t data_len, m_offset = offset; } +void FileDownTask::SetVerifyCert(bool verify_cert) { + m_verify_cert = verify_cert; +} + void FileDownTask::SetCaLocation(const std::string& ca_location) { m_ca_location = ca_location; } @@ -86,7 +92,7 @@ void FileDownTask::DownTask() { m_http_status = HttpSender::SendRequest( m_handler, "GET", m_full_url, m_params, m_headers, "", m_conn_timeout_in_ms, m_recv_timeout_in_ms, &m_resp_headers, &m_resp, - &m_err_msg, false, m_ca_location); + &m_err_msg, false, m_verify_cert, m_ca_location); //} //当实际长度小于请求的数据长度时httpcode为206 if (m_http_status != 200 && m_http_status != 206) { diff --git a/src/op/file_upload_task.cpp b/src/op/file_upload_task.cpp index 88ec892..c06ec1a 100644 --- a/src/op/file_upload_task.cpp +++ b/src/op/file_upload_task.cpp @@ -12,7 +12,9 @@ namespace qcloud_cos { FileUploadTask::FileUploadTask(const std::string& full_url, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, unsigned char* pbuf, - const size_t data_len, const std::string& ca_location) + const size_t data_len, + bool verify_cert, + const std::string& ca_location) : m_full_url(full_url), m_conn_timeout_in_ms(conn_timeout_in_ms), m_recv_timeout_in_ms(recv_timeout_in_ms), @@ -22,6 +24,7 @@ FileUploadTask::FileUploadTask(const std::string& full_url, m_is_task_success(false), m_is_resume(false), m_handler(NULL), + m_verify_cert(verify_cert), m_ca_location(ca_location) {} FileUploadTask::FileUploadTask( @@ -30,6 +33,7 @@ FileUploadTask::FileUploadTask( const std::map& params, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, const SharedTransferHandler& handler, + bool verify_cert, const std::string& ca_location) : m_full_url(full_url), m_headers(headers), @@ -42,6 +46,7 @@ FileUploadTask::FileUploadTask( m_is_task_success(false), m_is_resume(false), m_handler(handler), + m_verify_cert(verify_cert), m_ca_location(ca_location) {} FileUploadTask::FileUploadTask( @@ -50,6 +55,7 @@ FileUploadTask::FileUploadTask( const std::map& params, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, unsigned char* pbuf, const size_t data_len, + bool verify_cert, const std::string& ca_location) : m_full_url(full_url), m_headers(headers), @@ -62,6 +68,7 @@ FileUploadTask::FileUploadTask( m_is_task_success(false), m_is_resume(false), m_handler(NULL), + m_verify_cert(verify_cert), m_ca_location(ca_location) {} void FileUploadTask::run() { @@ -117,6 +124,10 @@ void FileUploadTask::SetPartNumber(uint64_t part_number) { m_part_number = part_number; } +void FileUploadTask::SetVerifyCert(bool verify_cert) { + m_verify_cert = verify_cert; +} + void FileUploadTask::SetCaLocation(const std::string& ca_location) { m_ca_location = ca_location; } @@ -150,7 +161,7 @@ void FileUploadTask::UploadTask() { m_http_status = HttpSender::SendRequest( m_handler, "PUT", m_full_url, m_params, m_headers, body, m_conn_timeout_in_ms, m_recv_timeout_in_ms, &m_resp_headers, &m_resp, - &m_err_msg, false, m_ca_location); + &m_err_msg, false, m_verify_cert, m_ca_location); //} if (m_http_status != 200) { diff --git a/src/op/object_op.cpp b/src/op/object_op.cpp index e9776c8..5b5a5fe 100644 --- a/src/op/object_op.cpp +++ b/src/op/object_op.cpp @@ -1015,7 +1015,8 @@ CosResult ObjectOp::Copy(const CopyReq& req, CopyResp* resp) { FileCopyTask* ptask = pptaskArr[task_index]; FillCopyTask(upload_id, host, path, part_number, range, - part_copy_headers, req.GetParams(), req.GetCaLocation(), ptask); + part_copy_headers, req.GetParams(), + req.GetVerifyCert(), req.GetCaLocation(), ptask); tp.start(*ptask); part_numbers.push_back(part_number); ++part_number; @@ -1262,6 +1263,7 @@ ObjectOp::MultiThreadDownload(const GetObjectByFileReq& req, left_size = file_size - offset; part_len = slice_size < left_size ? slice_size : left_size; ptask->SetDownParams(file_content_buf[task_index], part_len, offset); + ptask->SetVerifyCert(req.GetVerifyCert()); ptask->SetCaLocation(req.GetCaLocation()); tp.start(*ptask); vec_offset[task_index] = offset; @@ -1456,7 +1458,8 @@ CosResult ObjectOp::MultiThreadUpload( for (int i = 0; i < pool_size; ++i) { pptaskArr[i] = new FileUploadTask(dest_url, headers, params, req.GetConnTimeoutInms(), - req.GetRecvTimeoutInms(), handler, req.GetCaLocation()); + req.GetRecvTimeoutInms(), handler, + req.GetVerifyCert(), req.GetCaLocation()); } SDK_LOG_DBG("upload data, url=%s, poolsize=%u, part_size=%" PRIu64 @@ -1627,7 +1630,8 @@ void ObjectOp::FillCopyTask(const std::string& upload_id, uint64_t part_number, const std::string& range, const std::map& headers, const std::map& params, - const std::string& ca_location, FileCopyTask* task_ptr) { + bool verify_cert, const std::string& ca_location, + FileCopyTask* task_ptr) { std::map req_params = params; req_params.insert(std::make_pair("uploadId", upload_id)); req_params.insert( @@ -1651,6 +1655,7 @@ void ObjectOp::FillCopyTask(const std::string& upload_id, task_ptr->SetParams(req_params); task_ptr->SetHeaders(req_headers); + task_ptr->SetVerifyCert(verify_cert); task_ptr->SetCaLocation(ca_location); } diff --git a/src/request/base_req.cpp b/src/request/base_req.cpp index 77b336d..d547dcc 100644 --- a/src/request/base_req.cpp +++ b/src/request/base_req.cpp @@ -14,7 +14,8 @@ namespace qcloud_cos { #define COS_CPP_SDK_HTTP_HEADER_USER_AGENT "cos-cpp-sdk-" COS_CPP_SDK_VERSON BaseReq::BaseReq() - : m_is_https(false), mb_check_md5(true), mb_check_crc64(false) { + : m_is_https(false), mb_check_md5(true), + mb_check_crc64(false), mb_verify_cert(true) { m_recv_timeout_in_ms = CosSysConfig::GetRecvTimeoutInms(); m_conn_timeout_in_ms = CosSysConfig::GetConnTimeoutInms(); AddHeader("User-Agent", COS_CPP_SDK_HTTP_HEADER_USER_AGENT); diff --git a/src/util/http_sender.cpp b/src/util/http_sender.cpp index 7631513..c715508 100644 --- a/src/util/http_sender.cpp +++ b/src/util/http_sender.cpp @@ -37,12 +37,14 @@ int HttpSender::SendRequest( const std::string& req_body, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, std::map* resp_headers, std::string* resp_body, - std::string* err_msg, bool is_check_md5, const std::string& ca_location) { + std::string* err_msg, bool is_check_md5, + bool is_verify_cert, const std::string& ca_location) { std::istringstream is(req_body); std::ostringstream oss; int ret = SendRequest(handler, http_method, url_str, req_params, req_headers, is, conn_timeout_in_ms, recv_timeout_in_ms, - resp_headers, oss, err_msg, is_check_md5, ca_location); + resp_headers, oss, err_msg, is_check_md5, + is_verify_cert, ca_location); *resp_body = oss.str(); return ret; } @@ -55,11 +57,13 @@ int HttpSender::SendRequest( const std::string& req_body, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, std::map* resp_headers, std::ostream& resp_stream, - std::string* err_msg, bool is_check_md5, const std::string& ca_location) { + std::string* err_msg, bool is_check_md5, + bool is_verify_cert, const std::string& ca_location) { std::istringstream is(req_body); int ret = SendRequest(handler, http_method, url_str, req_params, req_headers, is, conn_timeout_in_ms, recv_timeout_in_ms, - resp_headers, resp_stream, err_msg, is_check_md5, ca_location); + resp_headers, resp_stream, err_msg, is_check_md5, + is_verify_cert, ca_location); return ret; } @@ -70,11 +74,13 @@ int HttpSender::SendRequest( const std::map& req_headers, std::istream& is, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, std::map* resp_headers, std::string* resp_body, - std::string* err_msg, bool is_check_md5, const std::string& ca_location) { + std::string* err_msg, bool is_check_md5, + bool is_verify_cert, const std::string& ca_location) { std::ostringstream oss; int ret = SendRequest(handler, http_method, url_str, req_params, req_headers, is, conn_timeout_in_ms, recv_timeout_in_ms, - resp_headers, oss, err_msg, is_check_md5, ca_location); + resp_headers, oss, err_msg, is_check_md5, + is_verify_cert, ca_location); *resp_body = oss.str(); return ret; } @@ -86,7 +92,8 @@ int HttpSender::SendRequest( const std::map& req_headers, std::istream& is, uint64_t conn_timeout_in_ms, uint64_t recv_timeout_in_ms, std::map* resp_headers, std::ostream& resp_stream, - std::string* err_msg, bool is_check_md5, const std::string& ca_location) { + std::string* err_msg, bool is_check_md5, + bool is_verify_cert, const std::string& ca_location) { Poco::Net::HTTPResponse res; try { SDK_LOG_INFO("send request to [%s]", url_str.c_str()); @@ -97,9 +104,13 @@ int HttpSender::SendRequest( if (!ca_location.empty()) { load_default_ca = false; } + Poco::Net::Context::VerificationMode verify_mode = Poco::Net::Context::VERIFY_RELAXED; + if (!is_verify_cert) { + verify_mode = Poco::Net::Context::VERIFY_NONE; + } Poco::Net::Context::Ptr context = new Poco::Net::Context(Poco::Net::Context::CLIENT_USE, "", "", ca_location, - Poco::Net::Context::VERIFY_RELAXED, 9, load_default_ca, + verify_mode, 9, load_default_ca, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); session.reset(new Poco::Net::HTTPSClientSession(url.getHost(), url.getPort(), context)); @@ -302,7 +313,7 @@ int HttpSender::SendRequest( uint64_t recv_timeout_in_ms, std::map* resp_headers, std::string* xml_err_str, std::ostream& resp_stream, std::string* err_msg, uint64_t* real_byte, - bool is_check_md5, const std::string& ca_location) { + bool is_check_md5, bool is_verify_cert, const std::string& ca_location) { Poco::Net::HTTPResponse res; try { SDK_LOG_INFO("send request to [%s]", url_str.c_str()); @@ -313,9 +324,14 @@ int HttpSender::SendRequest( if (!ca_location.empty()) { load_default_ca = false; } + Poco::Net::Context::VerificationMode verify_mode = Poco::Net::Context::VERIFY_RELAXED; + if (!is_verify_cert) { + verify_mode = Poco::Net::Context::VERIFY_NONE; + } + Poco::Net::Context::Ptr context = new Poco::Net::Context(Poco::Net::Context::CLIENT_USE, "", "", ca_location, - Poco::Net::Context::VERIFY_RELAXED, 9, load_default_ca, + verify_mode, 9, load_default_ca, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); session.reset(new Poco::Net::HTTPSClientSession(url.getHost(), url.getPort(), context)); @@ -452,7 +468,9 @@ int HttpSender::SendRequest( *err_msg = "Md5 of response body is not equal to the etag in the header." " Body Md5= " + - md5_str + ", etag=" + etag; + md5_str + ", etag=" + etag + + ", recv-len=" + StringUtil::Uint64ToString(*real_byte) + + ", content-length=" + content_length_header; SDK_LOG_ERR("Check Md5 fail, %s", err_msg->c_str()); ret = -1; }