Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(245)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: runtime/bin/tls_socket.cc

Issue 10916081: Add secure sockets to dart:io (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: Switch to system of patched libraries in dart:io for new TlsSocket class. Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« runtime/bin/dartutils.cc ('K') | « runtime/bin/tls_socket.h ('k') | runtime/bin/tls_socket_impl.dart » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file.
4
5 #include "bin/tls_socket.h"
6
7 #include <errno.h>
8 #include <fcntl.h>
9 #include <sys/stat.h>
10 #include <stdio.h>
11 #include <string.h>
12
13 #include <prinit.h>
14 #include <prerror.h>
15 #include <prnetdb.h>
16 #include <nss.h>
17 #include <ssl.h>
18
19 #include "bin/builtin.h"
20 #include "bin/dartutils.h"
21 #include "bin/thread.h"
22 #include "bin/utils.h"
23 #include "bin/net/nss_memio.h"
24 #include "platform/utils.h"
25
26 #include "include/dart_api.h"
27
28 bool TlsFilter::library_initialized_ = false;
29
30 static TlsFilter* NativePeer(Dart_NativeArguments args) {
31 TlsFilter* native_peer;
32
33 Dart_Handle dart_this = HandleError(Dart_GetNativeArgument(args, 0));
34 ASSERT(Dart_IsInstance(dart_this));
35 HandleError(Dart_GetNativeInstanceField(dart_this, 0,
36 reinterpret_cast<intptr_t*>(&native_peer)));
37 return native_peer;
38 }
39
40
41 static void SetNativePeer(Dart_NativeArguments args, TlsFilter* native_peer) {
42 Dart_Handle dart_this = HandleError(Dart_GetNativeArgument(args, 0));
43 ASSERT(Dart_IsInstance(dart_this));
44 HandleError(Dart_SetNativeInstanceField(dart_this, 0,
45 reinterpret_cast<intptr_t>(native_peer)));
46 }
47
48
49 void FUNCTION_NAME(TlsSocket_Init)(Dart_NativeArguments args) {
50 Dart_EnterScope();
51 TlsFilter* native_peer = new TlsFilter;
52 Dart_Handle dart_this = Dart_GetNativeArgument(args, 0);
53 if (Dart_IsError(dart_this)) {
54 delete native_peer;
55 Dart_PropagateError(dart_this);
56 }
57 SetNativePeer(args, native_peer);
58 native_peer->Init(dart_this);
59
60 Dart_SetReturnValue(args, Dart_Null());
61 Dart_ExitScope();
62 }
63
64
65 void FUNCTION_NAME(TlsSocket_Connect)(Dart_NativeArguments args) {
66 Dart_EnterScope();
67 NativePeer(args)->Connect();
68 Dart_SetReturnValue(args, Dart_Null());
69 Dart_ExitScope();
70 }
71
72
73 void FUNCTION_NAME(TlsSocket_Destroy)(Dart_NativeArguments args) {
74 Dart_EnterScope();
75 TlsFilter* native_peer = NativePeer(args);
76 SetNativePeer(args, NULL);
77 native_peer->Destroy();
78 delete native_peer;
79 Dart_SetReturnValue(args, Dart_Null());
80 Dart_ExitScope();
81 }
82
83
84 void FUNCTION_NAME(TlsSocket_RegisterHandshakeCallbacks)(
85 Dart_NativeArguments args) {
86 Dart_EnterScope();
87 Dart_Handle handshake_start = HandleError(Dart_GetNativeArgument(args, 1));
88 Dart_Handle handshake_finish = HandleError(Dart_GetNativeArgument(args, 2));
89 if (!Dart_IsClosure(handshake_start) ||
90 !Dart_IsClosure(handshake_finish)) {
91 Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
92 "Illegal argument to RegisterHandshakeCallbacks"));
93 }
94 NativePeer(args)->RegisterHandshakeCallbacks(handshake_start,
95 handshake_finish);
96 Dart_SetReturnValue(args, Dart_Null());
97 Dart_ExitScope();
98 }
99
100
101 void FUNCTION_NAME(TlsSocket_ProcessBuffer)(Dart_NativeArguments args) {
102 Dart_EnterScope();
103 Dart_Handle buffer_id_object = HandleError(Dart_GetNativeArgument(args, 1));
104 int64_t buffer_id = DartUtils::GetIntegerValue(buffer_id_object);
105 if (buffer_id < 0 || buffer_id >= TlsFilter::kNumBuffers) {
106 Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
107 "Illegal argument to ProcessBuffer"));
108 }
109
110 intptr_t bytes_read =
111 NativePeer(args)->ProcessBuffer(static_cast<int>(buffer_id));
112 Dart_SetReturnValue(args, Dart_NewInteger(bytes_read));
113 Dart_ExitScope();
114 }
115
116
117 void FUNCTION_NAME(TlsSocket_SetCertificateDatabase)
118 (Dart_NativeArguments args) {
119 Dart_EnterScope();
120 Dart_Handle dart_pkcert_dir = HandleError(Dart_GetNativeArgument(args, 0));
121 // Check that the type is string, and get the UTF-8 C string value from it.
122 if (Dart_IsString(dart_pkcert_dir)) {
123 const char* pkcert_dir = NULL;
124 HandleError(Dart_StringToCString(dart_pkcert_dir, &pkcert_dir));
125 TlsFilter::InitializeLibrary(pkcert_dir);
126 } else {
127 Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
128 "Non-String argument to SetCertificateDatabase"));
129 }
130 Dart_SetReturnValue(args, Dart_Null());
131 Dart_ExitScope();
132 }
133
134 void TlsFilter::Init(Dart_Handle dart_this) {
135 stringStart_ = HandleError(
136 Dart_NewPersistentHandle(Dart_NewString("start")));
137 stringLength_ = HandleError(
138 Dart_NewPersistentHandle(Dart_NewString("length")));
139
140 InitializeBuffers(dart_this);
141 InitializePlatformData();
142 }
143
144
145 void TlsFilter::InitializeBuffers(Dart_Handle dart_this) {
146 // Create TlsFilter buffers as ExternalUint8Array objects.
147 Dart_Handle dart_buffers_object = HandleError(
148 Dart_GetField(dart_this, Dart_NewString("buffers")));
149 Dart_Handle dart_buffer_object = HandleError(
150 Dart_ListGetAt(dart_buffers_object, kReadPlaintext));
151 Dart_Handle tlsExternalBuffer_class = HandleError(
152 Dart_InstanceGetClass(dart_buffer_object));
153 Dart_Handle dart_buffer_size = HandleError(
154 Dart_GetField(tlsExternalBuffer_class, Dart_NewString("kSize")));
155 buffer_size_ = DartUtils::GetIntegerValue(dart_buffer_size);
156 if (buffer_size_ <= 0 || buffer_size_ > 1024 * 1024) {
157 Dart_ThrowException(
158 Dart_NewString("Invalid buffer size in _TlsExternalBuffer"));
159 }
160
161 for (int i = 0; i < kNumBuffers; ++i) {
162 dart_buffer_objects_[i] = HandleError(
163 Dart_NewPersistentHandle(Dart_ListGetAt(dart_buffers_object, i)));
164 buffers_[i] = new uint8_t[buffer_size_];
165 Dart_Handle data = HandleError(
166 Dart_NewExternalByteArray(buffers_[i],
167 buffer_size_, NULL, NULL));
168 HandleError(
169 Dart_SetField(dart_buffer_objects_[i], Dart_NewString("data"), data));
170 }
171 }
172
173
174 void TlsFilter::RegisterHandshakeCallbacks(Dart_Handle start,
175 Dart_Handle finish) {
176 handshake_start_ = HandleError(Dart_NewPersistentHandle(start));
177 handshake_finish_ = HandleError(Dart_NewPersistentHandle(finish));
178 }
179
180
181 void TlsFilter::DestroyPlatformIndependent() {
182 for (int i = 0; i < kNumBuffers; ++i) {
183 Dart_DeletePersistentHandle(dart_buffer_objects_[i]);
184 }
185 Dart_DeletePersistentHandle(stringStart_);
186 Dart_DeletePersistentHandle(stringLength_);
187 }
188
189
190 class TlsFilterPlatformData {
191 public:
192 PRFileDesc* memio;
193 };
194
195
196 TlsFilter::TlsFilter() : in_handshake_(false) { }
197
198
199 void TlsFilter::InitializeLibrary(const char* pkcert_database) {
200 printf("Entering InitializeLibrary\n");
201 LockInitMutex();
202 if (!library_initialized_) {
203 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
204 printf("%s\n", pkcert_database);
205 #ifdef CHROMIUM_NSS
206 // The Chromium version of the NSS libraries does not allow read-only here.
207 SECStatus status =
208 NSS_InitReadWrite(pkcert_database);
209 #else
210 SECStatus status =
211 NSS_Init(pkcert_database);
212 #endif
213 if (status == SECSuccess) {
214 printf("Successful NSS_Init call\n");
215 } else {
216 PRErrorCode pr_error = PR_GetError();
217 printf("Unsuccessful NSS_Init call. Error %d\n", pr_error);
218 }
219
220 status = NSS_SetDomesticPolicy();
221 if (status == SECSuccess) {
222 printf("Successful NSS_SetDomesticPolicy call\n");
223 } else {
224 PRErrorCode pr_error = PR_GetError();
225 printf("Unsuccessful NSS_SetDomesticPolicy call. Error %d\n", pr_error);
226 }
227 } else {
228 printf("Called TlsFilter::InitializeLibrary more than once.\n");
229 }
230 UnlockInitMutex();
231 printf("Exiting InitializeLibrary\n");
232 }
233
234
235 void TlsFilter::InitializePlatformData() {
236 data_ = new TlsFilterPlatformData;
237 data_->memio = memio_CreateIOLayer(30000);
238 }
239
240
241 char host_entry_buffer[PR_NETDB_BUF_SIZE];
242 PRHostEnt host_entry;
243 PRNetAddr host_address;
244 PRFileDesc* my_socket;
245
246 bool SECURITY = true;
247 SECStatus status;
248
249 // Callback that always returns SECSuccess.
250 static SECStatus AlwaysSucceed(void* arg, PRFileDesc *fd,
251 PRBool check, PRBool server) {
252 return SECSuccess;
253 }
254
255 void TlsFilter::Connect() {
256 printf("Entering InitSocket\n");
257 if (!in_handshake_) {
258 my_socket = data_->memio;
259
260 my_socket = SSL_ImportFD(NULL, my_socket);
261 if (my_socket == NULL) {
262 printf("SSL_ImportFD failed.\n");
263 }
264
265 if (SSL_SetURL(my_socket, "www.google.dk") == -1) {
266 printf("SetURL call failed\n");
267 }
268
269 if (!SECURITY) {
270 status = SSL_OptionSet(my_socket, SSL_SECURITY, PR_FALSE);
271 }
272 if (status == SECSuccess) {
273 printf("Successful SSL_OptionSetDefault call\n");
274 } else {
275 PRErrorCode pr_error = PR_GetError();
276 printf("Unsuccessful SSL_OptionSetDefault call. Error %d\n", pr_error);
277 }
278
279 #ifdef CHROMIUM_NSS
280 // Certificate chain verification is not yet working with Chromium NSS.
281 status = SSL_AuthCertificateHook(my_socket, AlwaysSucceed, NULL);
282 if (status == SECSuccess) {
283 printf("Successful SSL_AuthCertificateHook call\n");
284 } else {
285 PRErrorCode pr_error = PR_GetError();
286 printf("Unsuccessful SSL_AuthCertificateHook call. Error %d\n", pr_error);
287 }
288 #else
289 USE(AlwaysSucceed);
290 #endif
291
292 status = SSL_ResetHandshake(my_socket, PR_FALSE);
293 if (status == SECSuccess) {
294 printf("Successful SSL_ResetHandshake call\n");
295 } else {
296 PRErrorCode pr_error = PR_GetError();
297 printf("Unsuccessful SSL_ResetHandshake call. Error %d\n", pr_error);
298 }
299
300 // SetPeerAddress
301 PRNetAddr host_address;
302 char host_entry_buffer[PR_NETDB_BUF_SIZE];
303 PRHostEnt host_entry;
304 PRStatus rv = PR_GetHostByName("www.google.dk", host_entry_buffer,
305 PR_NETDB_BUF_SIZE, &host_entry);
306 if (rv == PR_SUCCESS) {
307 printf("Successful PR_GetHostByName call\n");
308 } else {
309 PRErrorCode pr_error = PR_GetError();
310 printf("Unsuccessful PR_GetHostByName call. Error %d\n", pr_error);
311 }
312
313 int index = PR_EnumerateHostEnt(0, &host_entry, 443, &host_address);
314 if (index == -1 || index == 0) {
315 printf("Unsuccessful PR_EnumerateHostEnt call.\n");
316 }
317 if (host_address.inet.family == PR_AF_INET) {
318 printf("Got IP V4 address\n");
319 }
320
321 memio_SetPeerName(my_socket, &host_address);
322
323 data_->memio = my_socket;
324 }
325
326 // Handshake
327 int er;
328 if ((er = SSL_ForceHandshake(my_socket)) == SECSuccess) {
329 printf("Successful SSL_ForceHandshake call\n");
330 if (in_handshake_) {
331 printf("Exiting handshake state\n");
332 HandleError(Dart_InvokeClosure(handshake_finish_, 0, NULL));
333 in_handshake_ = false;
334 }
335 } else {
336 printf("Unsuccessful SSL_ForceHandshake call\n");
337 PRErrorCode pr_error = PR_GetError();
338 printf("Error code %d %d\n", er, pr_error);
339 if (!in_handshake_) {
340 printf("Entering handshake state\n");
341 // int writable = ProcessBuffer(kWriteEncrypted);
342 // printf("ProcessBuffer(kWriteEncrypted) returns %d\n", writable);
343 HandleError(Dart_InvokeClosure(handshake_start_, 0, NULL));
344 in_handshake_ = true;
345 }
346 }
347
348 if (!SECURITY) {
349 // Handshake doesn't happen.
350 HandleError(Dart_InvokeClosure(handshake_start_, 0, NULL));
351 HandleError(Dart_InvokeClosure(handshake_finish_, 0, NULL));
352 }
353 }
354
355
356 void TlsFilter::Destroy() {
357 DestroyPlatformIndependent();
358 // TODO(whesse): Destroy OpenSSL objects here.
359 }
360
361 intptr_t TlsFilter::ProcessBuffer(int buffer_index) {
362 printf("Entering processBuffer(%d)\n", buffer_index);
363 Dart_Handle buffer_object = dart_buffer_objects_[buffer_index];
364 Dart_Handle start_object = HandleError(
365 Dart_GetField(buffer_object, stringStart_));
366 Dart_Handle length_object = HandleError(
367 Dart_GetField(buffer_object, stringLength_));
368 int64_t unsafe_start = DartUtils::GetIntegerValue(start_object);
369 int64_t unsafe_length = DartUtils::GetIntegerValue(length_object);
370 if (unsafe_start < 0 || unsafe_start >= buffer_size_ ||
371 unsafe_length < 0 || unsafe_length > buffer_size_) {
372 Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
373 "Illegal .start or .length on a _TlsExternalBuffer"));
374 }
375 intptr_t start = static_cast<intptr_t>(unsafe_start);
376 intptr_t length = static_cast<intptr_t>(unsafe_length);
377
378 int bytes_sent = 0;
379 switch (buffer_index) {
380 case kReadPlaintext: {
381 int bytes_free = buffer_size_ - start - length;
382 bytes_sent = PR_Read(data_->memio,
383 buffers_[buffer_index] + start + length,
384 bytes_free);
385 printf(" plaintext bytes read %d (into %d)\n",
386 bytes_sent, bytes_free);
387 if (bytes_sent < 0) bytes_sent = 0;
388 break;
389 }
390
391 case kWriteEncrypted: {
392 const uint8_t* buf1;
393 const uint8_t* buf2;
394 unsigned int len1;
395 unsigned int len2;
396 int bytes_free = buffer_size_ - start - length;
397 memio_Private* secret = memio_GetSecret(data_->memio);
398 memio_GetWriteParams(secret, &buf1, &len1, &buf2, &len2);
399 int bytes_to_send =
400 dart::Utils::Minimum(len1, static_cast<unsigned>(bytes_free));
401 if (bytes_to_send > 0) {
402 memmove(buffers_[buffer_index] + start + length, buf1, bytes_to_send);
403 bytes_sent = bytes_to_send;
404 }
405 bytes_to_send = dart::Utils::Minimum(len2,
406 static_cast<unsigned>(bytes_free - bytes_sent));
407 if (bytes_to_send > 0) {
408 memmove(buffers_[buffer_index] + start + length + bytes_sent, buf2,
409 bytes_to_send);
410 bytes_sent += bytes_to_send;
411 }
412 printf(" encrypted bytes written %d (into %d)\n",
413 bytes_sent, bytes_free);
414 if (bytes_sent > 0) {
415 memio_PutWriteResult(secret, bytes_sent);
416 }
417 break;
418 }
419
420 case kReadEncrypted: {
421 if (length > 0) {
422 bytes_sent = length;
423 // NEW
424 memio_Private* secret = memio_GetSecret(data_->memio);
425 uint8_t* memio_buf;
426 int free_bytes = memio_GetReadParams(secret, &memio_buf);
427 if (free_bytes < bytes_sent) bytes_sent = free_bytes;
428 printf(" encrypted bytes read %d (out of %d)\n",
429 bytes_sent, static_cast<int>(length));
430 memmove(memio_buf,
431 buffers_[buffer_index] + start,
432 bytes_sent);
433 memio_PutReadResult(secret, bytes_sent);
434 }
435 break;
436 }
437
438 case kWritePlaintext: {
439 if (length > 0) {
440 bytes_sent = PR_Write(data_->memio,
441 buffers_[buffer_index] + start,
442 length);
443 printf(" plaintext bytes written %d out of %d\n",
444 static_cast<int>(bytes_sent), static_cast<int>(length));
445 } else {
446 printf(" no plaintext bytes to write.\n");
447 }
448 if (bytes_sent < 0) bytes_sent = 0;
449 break;
450 }
451 }
452 return bytes_sent;
453 }
OLDNEW
« runtime/bin/dartutils.cc ('K') | « runtime/bin/tls_socket.h ('k') | runtime/bin/tls_socket_impl.dart » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698