Percolate TLS setup errors (aws#45)

graebm · web-flow · commit e3690abc094e · 2019-07-15T12:56:59.000-07:00
diff --git a/include/aws/crt/io/TlsOptions.h b/include/aws/crt/io/TlsOptions.h
@@ -44,6 +44,9 @@ namespace Aws
                 TlsContextOptions(TlsContextOptions &&) noexcept;
                 TlsContextOptions &operator=(TlsContextOptions &&) noexcept;
 
+                explicit operator bool() const noexcept { return m_isInit; }
+                int LastError() const noexcept;
+
                 /**
                  * Initializes TlsContextOptions with secure by default options, with
                  * no client certificates.
@@ -92,7 +95,7 @@ namespace Aws
                  * Sets the list of alpn protocols, delimited by ';'. This string must remain in memory
                  * for the lifetime of this object.
                  */
-                void SetAlpnList(const char *alpnList) noexcept;
+                bool SetAlpnList(const char *alpnList) noexcept;
 
                 /**
                  * In client mode, this turns off x.509 validation. Don't do this unless you're testing.
@@ -111,9 +114,9 @@ namespace Aws
                  *
                  * These strings must remain in memory for the lifetime of this object.
                  */
-                void OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept;
+                bool OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept;
 
-                void OverrideDefaultTrustStore(const ByteCursor &ca) noexcept;
+                bool OverrideDefaultTrustStore(const ByteCursor &ca) noexcept;
 
               private:
                 aws_tls_ctx_options m_options;
diff --git a/include/aws/iot/MqttClient.h b/include/aws/iot/MqttClient.h
@@ -29,20 +29,24 @@ namespace Aws
         class AWS_CRT_CPP_API MqttClientConnectionConfig final
         {
           public:
-            MqttClientConnectionConfig() noexcept;
+            static MqttClientConnectionConfig CreateInvalid(int lastError) noexcept;
+
             MqttClientConnectionConfig(
                 const Crt::String &endpoint,
                 uint16_t port,
                 const Crt::Io::SocketOptions &socketOptions,
                 Crt::Io::TlsContext &&tlsContext);
 
             explicit operator bool() const noexcept { return m_context ? true : false; }
+            int LastError() const noexcept { return m_lastError; }
 
           private:
+            MqttClientConnectionConfig(int lastError) noexcept;
             Crt::String m_endpoint;
             uint16_t m_port;
             Crt::Io::TlsContext m_context;
             Crt::Io::SocketOptions m_socketOptions;
+            int m_lastError;
 
             friend class MqttClient;
         };
@@ -127,12 +131,16 @@ namespace Aws
              */
             MqttClientConnectionConfig Build() noexcept;
 
+            explicit operator bool() const noexcept { return m_lastError == 0; }
+            int LastError() const noexcept { return m_lastError; }
+
           private:
             Crt::Allocator *m_allocator;
             Crt::String m_endpoint;
             uint16_t m_portOverride;
             Crt::Io::SocketOptions m_socketOptions;
             Crt::Io::TlsContextOptions m_contextOptions;
+            int m_lastError;
         };
 
         /**
@@ -154,6 +162,7 @@ namespace Aws
 
           private:
             Crt::Mqtt::MqttClient m_client;
+            int m_lastError;
         };
     } // namespace Iot
-} // namespace Aws
+} // namespace Aws
diff --git a/samples/mqtt_pub_sub/main.cpp b/samples/mqtt_pub_sub/main.cpp
@@ -124,7 +124,10 @@ int main(int argc, char *argv[])
 
     if (!clientConfig)
     {
-        fprintf(stderr, "Client Configuration initialization failed with error %s\n", ErrorDebugString(LastError()));
+        fprintf(
+            stderr,
+            "Client Configuration initialization failed with error %s\n",
+            ErrorDebugString(clientConfig.LastError()));
         exit(-1);
     }
 
@@ -145,9 +148,9 @@ int main(int argc, char *argv[])
      */
     auto connection = mqttClient.NewConnection(clientConfig);
 
-    if (!*connection)
+    if (!connection)
     {
-        fprintf(stderr, "MQTT Connection Creation failed with error %s\n", ErrorDebugString(connection->LastError()));
+        fprintf(stderr, "MQTT Connection Creation failed with error %s\n", ErrorDebugString(mqttClient.LastError()));
         exit(-1);
     }
 
diff --git a/source/io/TlsOptions.cpp b/source/io/TlsOptions.cpp
@@ -22,6 +22,8 @@ namespace Aws
     {
         namespace Io
         {
+            int TlsContextOptions::LastError() const noexcept { return aws_last_error(); }
+
             TlsContextOptions::~TlsContextOptions()
             {
                 if (m_isInit)
@@ -115,36 +117,28 @@ namespace Aws
 
             bool TlsContextOptions::IsAlpnSupported() noexcept { return aws_tls_is_alpn_available(); }
 
-            void TlsContextOptions::SetAlpnList(const char *alpn_list) noexcept
+            bool TlsContextOptions::SetAlpnList(const char *alpn_list) noexcept
             {
-                if (m_isInit)
-                {
-                    aws_tls_ctx_options_set_alpn_list(&m_options, alpn_list);
-                }
+                AWS_ASSERT(m_isInit);
+                return aws_tls_ctx_options_set_alpn_list(&m_options, alpn_list) == 0;
             }
 
             void TlsContextOptions::SetVerifyPeer(bool verify_peer) noexcept
             {
-                if (m_isInit)
-                {
-                    aws_tls_ctx_options_set_verify_peer(&m_options, verify_peer);
-                }
+                AWS_ASSERT(m_isInit);
+                aws_tls_ctx_options_set_verify_peer(&m_options, verify_peer);
             }
 
-            void TlsContextOptions::OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept
+            bool TlsContextOptions::OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept
             {
-                if (m_isInit)
-                {
-                    aws_tls_ctx_options_override_default_trust_store_from_path(&m_options, caPath, caFile);
-                }
+                AWS_ASSERT(m_isInit);
+                return aws_tls_ctx_options_override_default_trust_store_from_path(&m_options, caPath, caFile) == 0;
             }
 
-            void TlsContextOptions::OverrideDefaultTrustStore(const ByteCursor &ca) noexcept
+            bool TlsContextOptions::OverrideDefaultTrustStore(const ByteCursor &ca) noexcept
             {
-                if (m_isInit)
-                {
-                    aws_tls_ctx_options_override_default_trust_store(&m_options, const_cast<ByteCursor *>(&ca));
-                }
+                AWS_ASSERT(m_isInit);
+                return aws_tls_ctx_options_override_default_trust_store(&m_options, const_cast<ByteCursor *>(&ca)) == 0;
             }
 
             void InitTlsStaticState(Aws::Crt::Allocator *alloc) noexcept { aws_tls_init_static_state(alloc); }
diff --git a/source/iot/MqttClient.cpp b/source/iot/MqttClient.cpp
@@ -20,40 +20,58 @@ namespace Aws
 {
     namespace Iot
     {
-        MqttClientConnectionConfig::MqttClientConnectionConfig() noexcept : m_port(0)
+        MqttClientConnectionConfig::MqttClientConnectionConfig(int lastError) noexcept
+            : m_port(0), m_lastError(lastError)
         {
             AWS_ZERO_STRUCT(m_socketOptions);
         }
 
+        MqttClientConnectionConfig MqttClientConnectionConfig::CreateInvalid(int lastError) noexcept
+        {
+            return MqttClientConnectionConfig(lastError);
+        }
+
         MqttClientConnectionConfig::MqttClientConnectionConfig(
             const Crt::String &endpoint,
             uint16_t port,
             const Crt::Io::SocketOptions &socketOptions,
             Crt::Io::TlsContext &&tlsContext)
             : m_endpoint(endpoint), m_port(port), m_context(std::move(tlsContext)), m_socketOptions(socketOptions)
         {
+            if (!m_context)
+            {
+                m_lastError = m_context.LastError();
+            }
         }
 
         MqttClientConnectionConfigBuilder::MqttClientConnectionConfigBuilder(
             const char *certPath,
             const char *pkeyPath,
             Crt::Allocator *allocator) noexcept
-            : m_allocator(allocator), m_portOverride(0)
+            : m_allocator(allocator), m_portOverride(0), m_lastError(0)
         {
-            m_contextOptions = Crt::Io::TlsContextOptions::InitClientWithMtls(certPath, pkeyPath, allocator);
             AWS_ZERO_STRUCT(m_socketOptions);
             m_socketOptions.connect_timeout_ms = 3000;
+            m_contextOptions = Crt::Io::TlsContextOptions::InitClientWithMtls(certPath, pkeyPath, allocator);
+            if (!m_contextOptions)
+            {
+                m_lastError = m_contextOptions.LastError();
+            }
         }
 
         MqttClientConnectionConfigBuilder::MqttClientConnectionConfigBuilder(
             const Crt::ByteCursor &cert,
             const Crt::ByteCursor &pkey,
             Crt::Allocator *allocator) noexcept
-            : m_allocator(allocator), m_portOverride(0)
+            : m_allocator(allocator), m_portOverride(0), m_lastError(0)
         {
-            m_contextOptions = Crt::Io::TlsContextOptions::InitClientWithMtls(cert, pkey, allocator);
             AWS_ZERO_STRUCT(m_socketOptions);
             m_socketOptions.connect_timeout_ms = 3000;
+            m_contextOptions = Crt::Io::TlsContextOptions::InitClientWithMtls(cert, pkey, allocator);
+            if (!m_contextOptions)
+            {
+                m_lastError = m_contextOptions.LastError();
+            }
         }
 
         MqttClientConnectionConfigBuilder &MqttClientConnectionConfigBuilder::WithEndpoint(const Crt::String &endpoint)
@@ -77,14 +95,26 @@ namespace Aws
         MqttClientConnectionConfigBuilder &MqttClientConnectionConfigBuilder::WithCertificateAuthority(
             const char *caPath) noexcept
         {
-            m_contextOptions.OverrideDefaultTrustStore(nullptr, caPath);
+            if (m_contextOptions)
+            {
+                if (!m_contextOptions.OverrideDefaultTrustStore(nullptr, caPath))
+                {
+                    m_lastError = m_contextOptions.LastError();
+                }
+            }
             return *this;
         }
 
         MqttClientConnectionConfigBuilder &MqttClientConnectionConfigBuilder::WithCertificateAuthority(
             const Crt::ByteCursor &cert) noexcept
         {
-            m_contextOptions.OverrideDefaultTrustStore(cert);
+            if (m_contextOptions)
+            {
+                if (!m_contextOptions.OverrideDefaultTrustStore(cert))
+                {
+                    m_lastError = m_contextOptions.LastError();
+                }
+            }
             return *this;
         }
 
@@ -123,6 +153,11 @@ namespace Aws
 
         MqttClientConnectionConfig MqttClientConnectionConfigBuilder::Build() noexcept
         {
+            if (m_lastError)
+            {
+                return MqttClientConnectionConfig::CreateInvalid(m_lastError);
+            }
+
             uint16_t port = m_portOverride;
 
             if (!m_portOverride)
@@ -137,7 +172,10 @@ namespace Aws
 
             if (port == 443 && Crt::Io::TlsContextOptions::IsAlpnSupported())
             {
-                m_contextOptions.SetAlpnList("x-amzn-mqtt-ca");
+                if (!m_contextOptions.SetAlpnList("x-amzn-mqtt-ca"))
+                {
+                    return MqttClientConnectionConfig::CreateInvalid(m_contextOptions.LastError());
+                }
             }
 
             return MqttClientConnectionConfig(
@@ -148,25 +186,42 @@ namespace Aws
         }
 
         MqttClient::MqttClient(Crt::Io::ClientBootstrap &bootstrap, Crt::Allocator *allocator) noexcept
-            : m_client(bootstrap, allocator)
+            : m_client(bootstrap, allocator), m_lastError(0)
         {
+            if (!m_client)
+            {
+                m_lastError = m_client.LastError();
+            }
         }
 
         std::shared_ptr<Crt::Mqtt::MqttConnection> MqttClient::NewConnection(
             const MqttClientConnectionConfig &config) noexcept
         {
+            if (!config)
+            {
+                m_lastError = config.LastError();
+                return nullptr;
+            }
+
             auto newConnection = m_client.NewConnection(
                 config.m_endpoint.c_str(),
                 config.m_port,
                 config.m_socketOptions,
                 config.m_context.NewConnectionOptions());
 
-            if (newConnection && newConnection->SetLogin("?SDK=CPPv2&Version=" AWS_CRT_CPP_VERSION, nullptr))
+            if (!newConnection)
+            {
+                m_lastError = m_client.LastError();
+                return nullptr;
+            }
+
+            if (!(*newConnection) || !newConnection->SetLogin("?SDK=CPPv2&Version=" AWS_CRT_CPP_VERSION, nullptr))
             {
-                return newConnection;
+                m_lastError = newConnection->LastError();
+                return nullptr;
             }
 
-            return nullptr;
+            return newConnection;
         }
     } // namespace Iot
 } // namespace Aws

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,10 @@ int main(int argc, char *argv[])`
`124`	`124`
`125`	`125`	`if (!clientConfig)`
`126`	`126`	`{`
`127`		`- fprintf(stderr, "Client Configuration initialization failed with error %s\n", ErrorDebugString(LastError()));`
	`127`	`+ fprintf(`
	`128`	`+ stderr,`
	`129`	`+ "Client Configuration initialization failed with error %s\n",`
	`130`	`+ ErrorDebugString(clientConfig.LastError()));`
`128`	`131`	`exit(-1);`
`129`	`132`	`}`
`130`	`133`
`@@ -145,9 +148,9 @@ int main(int argc, char *argv[])`
`145`	`148`	`*/`
`146`	`149`	`auto connection = mqttClient.NewConnection(clientConfig);`
`147`	`150`
`148`		`- if (!*connection)`
	`151`	`+ if (!connection)`
`149`	`152`	`{`
`150`		`- fprintf(stderr, "MQTT Connection Creation failed with error %s\n", ErrorDebugString(connection->LastError()));`
	`153`	`+ fprintf(stderr, "MQTT Connection Creation failed with error %s\n", ErrorDebugString(mqttClient.LastError()));`
`151`	`154`	`exit(-1);`
`152`	`155`	`}`
`153`	`156`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,8 @@ namespace Aws`
`22`	`22`	`{`
`23`	`23`	`namespace Io`
`24`	`24`	`{`
	`25`	`+ int TlsContextOptions::LastError() const noexcept { return aws_last_error(); }`
	`26`	`+`
`25`	`27`	`TlsContextOptions::~TlsContextOptions()`
`26`	`28`	`{`
`27`	`29`	`if (m_isInit)`
`@@ -115,36 +117,28 @@ namespace Aws`
`115`	`117`
`116`	`118`	`bool TlsContextOptions::IsAlpnSupported() noexcept { return aws_tls_is_alpn_available(); }`
`117`	`119`
`118`		`- void TlsContextOptions::SetAlpnList(const char *alpn_list) noexcept`
	`120`	`+ bool TlsContextOptions::SetAlpnList(const char *alpn_list) noexcept`
`119`	`121`	`{`
`120`		`- if (m_isInit)`
`121`		`- {`
`122`		`- aws_tls_ctx_options_set_alpn_list(&m_options, alpn_list);`
`123`		`- }`
	`122`	`+ AWS_ASSERT(m_isInit);`
	`123`	`+ return aws_tls_ctx_options_set_alpn_list(&m_options, alpn_list) == 0;`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`void TlsContextOptions::SetVerifyPeer(bool verify_peer) noexcept`
`127`	`127`	`{`
`128`		`- if (m_isInit)`
`129`		`- {`
`130`		`- aws_tls_ctx_options_set_verify_peer(&m_options, verify_peer);`
`131`		`- }`
	`128`	`+ AWS_ASSERT(m_isInit);`
	`129`	`+ aws_tls_ctx_options_set_verify_peer(&m_options, verify_peer);`
`132`	`130`	`}`
`133`	`131`
`134`		`- void TlsContextOptions::OverrideDefaultTrustStore(const char caPath, const char caFile) noexcept`
	`132`	`+ bool TlsContextOptions::OverrideDefaultTrustStore(const char caPath, const char caFile) noexcept`
`135`	`133`	`{`
`136`		`- if (m_isInit)`
`137`		`- {`
`138`		`- aws_tls_ctx_options_override_default_trust_store_from_path(&m_options, caPath, caFile);`
`139`		`- }`
	`134`	`+ AWS_ASSERT(m_isInit);`
	`135`	`+ return aws_tls_ctx_options_override_default_trust_store_from_path(&m_options, caPath, caFile) == 0;`
`140`	`136`	`}`
`141`	`137`
`142`		`- void TlsContextOptions::OverrideDefaultTrustStore(const ByteCursor &ca) noexcept`
	`138`	`+ bool TlsContextOptions::OverrideDefaultTrustStore(const ByteCursor &ca) noexcept`
`143`	`139`	`{`
`144`		`- if (m_isInit)`
`145`		`- {`
`146`		`- aws_tls_ctx_options_override_default_trust_store(&m_options, const_cast<ByteCursor *>(&ca));`
`147`		`- }`
	`140`	`+ AWS_ASSERT(m_isInit);`
	`141`	`+ return aws_tls_ctx_options_override_default_trust_store(&m_options, const_cast<ByteCursor *>(&ca)) == 0;`
`148`	`142`	`}`
`149`	`143`
`150`	`144`	`void InitTlsStaticState(Aws::Crt::Allocator *alloc) noexcept { aws_tls_init_static_state(alloc); }`