implement server bindings

Author: cwaldren-ld

.github/workflows/server.yml

@@ -28,7 +28,7 @@ jobs:
           run_tests: false
       - name: 'Launch test service as background task'
         run: $TEST_SERVICE_BINARY $TEST_SERVICE_PORT 2>&1 &
-      - uses: launchdarkly/gh-actions/actions/[email protected].0
+      - uses: launchdarkly/gh-actions/actions/[email protected].2
         with:
           # Inform the test harness of test service's port.
           test_service_port: ${{ env.TEST_SERVICE_PORT }}

contract-tests/server-contract-tests/src/entity_manager.cpp

@@ -120,6 +120,14 @@ std::optional<std::string> EntityManager::create(ConfigParams const& in) {
         }
     }
 
+    if (in.tls) {
+        auto builder = config::builders::TlsBuilder();
+        if (in.tls->skipVerifyPeer) {
+            builder.SkipVerifyPeer(*in.tls->skipVerifyPeer);
+        }
+        config_builder.HttpProperties().Tls(std::move(builder));
+    }
+
     auto config = config_builder.Build();
     if (!config) {
         LD_LOG(logger_, LogLevel::kWarn)

contract-tests/server-contract-tests/src/main.cpp

@@ -21,7 +21,7 @@ int main(int argc, char* argv[]) {
     launchdarkly::Logger logger{
         std::make_unique<ConsoleBackend>("server-contract-tests")};
 
-    const std::string default_port = "8123";
+    std::string const default_port = "8123";
     std::string port = default_port;
     if (argc == 2) {
         port =
@@ -42,6 +42,8 @@ int main(int argc, char* argv[]) {
         srv.add_capability("server-side-polling");
         srv.add_capability("inline-context");
         srv.add_capability("anonymous-redaction");
+        srv.add_capability("tls:verify-peer");
+        srv.add_capability("tls:skip-verify-peer");
 
         net::signal_set signals{ioc, SIGINT, SIGTERM};
 

libs/common/src/config/http_properties_builder.cpp

@@ -124,6 +124,8 @@ built::HttpProperties HttpPropertiesBuilder<SDK>::Build() const {
 }
 
 template class TlsBuilder<config::shared::ClientSDK>;
+template class TlsBuilder<config::shared::ServerSDK>;
+
 template class HttpPropertiesBuilder<config::shared::ClientSDK>;
 template class HttpPropertiesBuilder<config::shared::ServerSDK>;
 }  // namespace launchdarkly::config::shared::builders

libs/server-sdk/include/launchdarkly/server_side/bindings/c/config/builder.h

@@ -22,6 +22,8 @@ typedef struct _LDServerConfigBuilder* LDServerConfigBuilder;
 typedef struct _LDServerDataSourceStreamBuilder*
     LDServerDataSourceStreamBuilder;
 typedef struct _LDServerDataSourcePollBuilder* LDServerDataSourcePollBuilder;
+typedef struct _LDServerHttpPropertiesTlsBuilder*
+    LDServerHttpPropertiesTlsBuilder;
 
 /**
  * Constructs a client-side config builder.
@@ -117,8 +119,8 @@ LDServerConfigBuilder_Events_Enabled(LDServerConfigBuilder b, bool enabled);
  * that a previously-indexed context may cause generation of a redundant
  * index event.
  * @param b Server config builder. Must not be NULL.
- * @param context_keys_capacity Maximum unique context keys to remember. The default
- * is 1000.
+ * @param context_keys_capacity Maximum unique context keys to remember. The
+ * default is 1000.
  */
 LD_EXPORT(void)
 LDServerConfigBuilder_Events_ContextKeysCapacity(LDServerConfigBuilder b,
@@ -349,6 +351,51 @@ LDServerConfigBuilder_HttpProperties_Header(LDServerConfigBuilder b,
                                             char const* key,
                                             char const* value);
 
+/**
+ * Sets the TLS options builder. The builder is consumed; do not free it.
+ * @param b Server config builder. Must not be NULL.
+ * @param tls_builder The TLS options builder. Must not be NULL.
+ */
+LD_EXPORT(void)
+LDServerConfigBuilder_HttpProperties_Tls(
+    LDServerConfigBuilder b,
+    LDServerHttpPropertiesTlsBuilder tls_builder);
+
+/**
+ * Creates a new TLS options builder for the HttpProperties builder.
+ *
+ * If not passed into the HttpProperties
+ * builder, must be manually freed with LDServerHttpPropertiesTlsBuilder_Free.
+ *
+ * @return New builder for TLS options.
+ */
+LD_EXPORT(LDServerHttpPropertiesTlsBuilder)
+LDServerHttpPropertiesTlsBuilder_New(void);
+
+/**
+ * Frees a TLS options builder. Do not call if the builder was consumed by
+ * the HttpProperties builder.
+ *
+ * @param b Builder to free.
+ */
+LD_EXPORT(void)
+LDServerHttpPropertiesTlsBuilder_Free(LDServerHttpPropertiesTlsBuilder b);
+
+/**
+ * Configures TLS peer certificate verification. Peer verification
+ * is enabled by default.
+ *
+ * Disabling peer verification is not recommended unless a specific
+ * use-case calls for it.
+ *
+ * @param b Server config builder. Must not be NULL.
+ * @param skip_verify_peer False to skip verification.
+ */
+LD_EXPORT(void)
+LDServerHttpPropertiesTlsBuilder_SkipVerifyPeer(
+    LDServerHttpPropertiesTlsBuilder b,
+    bool skip_verify_peer);
+
 /**
  * Disables the default SDK logging.
  * @param b Server config builder. Must not be NULL.

libs/server-sdk/include/launchdarkly/server_side/config/builders/all_builders.hpp

@@ -23,5 +23,6 @@ using AppInfoBuilder = launchdarkly::config::shared::builders::AppInfoBuilder;
 using EventsBuilder =
     launchdarkly::config::shared::builders::EventsBuilder<SDK>;
 using LoggingBuilder = launchdarkly::config::shared::builders::LoggingBuilder;
+using TlsBuilder = launchdarkly::config::shared::builders::TlsBuilder<SDK>;
 
 }  // namespace launchdarkly::server_side::config::builders

libs/server-sdk/src/bindings/c/builder.cpp

@@ -48,6 +48,11 @@ using namespace launchdarkly::server_side::config::builders;
 #define FROM_CUSTOM_PERSISTENCE_BUILDER(ptr) \
     (reinterpret_cast<LDPersistenceCustomBuilder>(ptr))
 
+#define TO_TLS_BUILDER(ptr) (reinterpret_cast<TlsBuilder*>(ptr))
+
+#define FROM_TLS_BUILDER(ptr) \
+    (reinterpret_cast<LDServerHttpPropertiesTlsBuilder>(ptr))
+
 LD_EXPORT(LDServerConfigBuilder)
 LDServerConfigBuilder_New(char const* sdk_key) {
     LD_ASSERT_NOT_NULL(sdk_key);
@@ -332,6 +337,37 @@ LDServerConfigBuilder_HttpProperties_Header(LDServerConfigBuilder b,
     TO_BUILDER(b)->HttpProperties().Header(key, value);
 }
 
+LD_EXPORT(void)
+LDServerConfigBuilder_HttpProperties_Tls(
+    LDServerConfigBuilder b,
+    LDServerHttpPropertiesTlsBuilder tls_builder) {
+    LD_ASSERT_NOT_NULL(b);
+    LD_ASSERT_NOT_NULL(tls_builder);
+
+    TO_BUILDER(b)->HttpProperties().Tls(*TO_TLS_BUILDER(tls_builder));
+
+    LDServerHttpPropertiesTlsBuilder_Free(tls_builder);
+}
+
+LD_EXPORT(void)
+LDServerHttpPropertiesTlsBuilder_SkipVerifyPeer(
+    LDServerHttpPropertiesTlsBuilder b,
+    bool skip_verify_peer) {
+    LD_ASSERT_NOT_NULL(b);
+
+    TO_TLS_BUILDER(b)->SkipVerifyPeer(skip_verify_peer);
+}
+
+LD_EXPORT(LDServerHttpPropertiesTlsBuilder)
+LDServerHttpPropertiesTlsBuilder_New(void) {
+    return FROM_TLS_BUILDER(new TlsBuilder());
+}
+
+LD_EXPORT(void)
+LDServerHttpPropertiesTlsBuilder_Free(LDServerHttpPropertiesTlsBuilder b) {
+    delete TO_TLS_BUILDER(b);
+}
+
 LD_EXPORT(void)
 LDServerConfigBuilder_Logging_Disable(LDServerConfigBuilder b) {
     LD_ASSERT_NOT_NULL(b);

libs/server-sdk/src/data_systems/background_sync/sources/polling/polling_data_source.cpp

@@ -57,6 +57,11 @@ PollingDataSource::PollingDataSource(
       request_(MakeRequest(data_source_config, endpoints, http_properties)),
       timer_(ioc),
       sink_(nullptr) {
+    if (http_properties.Tls().VerifyMode() ==
+        launchdarkly::config::shared::built::TlsOptions::VerifyMode::
+            kVerifyNone) {
+        LD_LOG(logger_, LogLevel::kDebug) << "TLS peer verification disabled";
+    }
     if (polling_interval_ < data_source_config.min_polling_interval) {
         LD_LOG(logger_, LogLevel::kWarn)
             << "Polling interval too frequent, defaulting to "

libs/server-sdk/src/data_systems/background_sync/sources/streaming/streaming_data_source.cpp

@@ -104,6 +104,12 @@ void StreamingDataSource::StartAsync(
         client_builder.header(key, value);
     }
 
+    if (http_config_.Tls().VerifyMode() ==
+        launchdarkly::config::shared::built::TlsOptions::VerifyMode::
+            kVerifyNone) {
+        client_builder.skip_verify_peer(true);
+    }
+
     auto weak_self = weak_from_this();
 
     client_builder.receiver([weak_self](launchdarkly::sse::Event const& event) {

libs/server-sdk/tests/server_c_bindings_test.cpp

@@ -250,3 +250,19 @@ TEST(ClientBindings, LazyLoadDataSource) {
 
     LDStatus_Free(status);
 }
+
+TEST(ClientBindings, TlsConfiguration) {
+    LDServerConfigBuilder cfg_builder = LDServerConfigBuilder_New("sdk-123");
+
+    LDServerHttpPropertiesTlsBuilder tls =
+        LDServerHttpPropertiesTlsBuilder_New();
+    LDServerHttpPropertiesTlsBuilder_SkipVerifyPeer(tls, true);
+
+    LDServerConfigBuilder_HttpProperties_Tls(cfg_builder, tls);
+
+    LDServerConfig config;
+    LDStatus status = LDServerConfigBuilder_Build(cfg_builder, &config);
+
+    ASSERT_FALSE(LDStatus_Ok(status));
+    LDStatus_Free(status);
+}