| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. |
| 4 |
| 5 #include "bin/tls_socket.h" |
| 6 |
| 7 #include <errno.h> |
| 8 #include <fcntl.h> |
| 9 #include <sys/stat.h> |
| 10 #include <stdio.h> |
| 11 #include <string.h> |
| 12 |
| 13 #include <prinit.h> |
| 14 #include <prerror.h> |
| 15 #include <prnetdb.h> |
| 16 #include <nss.h> |
| 17 #include <ssl.h> |
| 18 |
| 19 #include "bin/builtin.h" |
| 20 #include "bin/dartutils.h" |
| 21 #include "bin/thread.h" |
| 22 #include "bin/utils.h" |
| 23 #include "bin/net/nss_memio.h" |
| 24 #include "platform/utils.h" |
| 25 |
| 26 #include "include/dart_api.h" |
| 27 |
| 28 bool TlsFilter::library_initialized_ = false; |
| 29 static const int kTlsFilterNativeFieldIndex = 0; |
| 30 |
| 31 static TlsFilter* GetTlsFilter(Dart_NativeArguments args) { |
| 32 TlsFilter* filter; |
| 33 |
| 34 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); |
| 35 ASSERT(Dart_IsInstance(dart_this)); |
| 36 ThrowIfError(Dart_GetNativeInstanceField(dart_this, |
| 37 kTlsFilterNativeFieldIndex, |
| 38 reinterpret_cast<intptr_t*>(&filter))); |
| 39 return filter; |
| 40 } |
| 41 |
| 42 |
| 43 static void SetTlsFilter(Dart_NativeArguments args, TlsFilter* filter) { |
| 44 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); |
| 45 ASSERT(Dart_IsInstance(dart_this)); |
| 46 ThrowIfError(Dart_SetNativeInstanceField(dart_this, |
| 47 kTlsFilterNativeFieldIndex, |
| 48 reinterpret_cast<intptr_t>(filter))); |
| 49 } |
| 50 |
| 51 |
| 52 void FUNCTION_NAME(TlsSocket_Init)(Dart_NativeArguments args) { |
| 53 Dart_EnterScope(); |
| 54 TlsFilter* filter = new TlsFilter; |
| 55 Dart_Handle dart_this = Dart_GetNativeArgument(args, 0); |
| 56 if (Dart_IsError(dart_this)) { |
| 57 delete filter; |
| 58 Dart_PropagateError(dart_this); |
| 59 } |
| 60 SetTlsFilter(args, filter); |
| 61 filter->Init(dart_this); |
| 62 Dart_ExitScope(); |
| 63 } |
| 64 |
| 65 |
| 66 void FUNCTION_NAME(TlsSocket_Connect)(Dart_NativeArguments args) { |
| 67 Dart_EnterScope(); |
| 68 Dart_Handle host_name = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
| 69 |
| 70 const char* host_name_string = NULL; |
| 71 // TODO(whesse): Is truncating a Dart string containing \0 what we want? |
| 72 ThrowIfError(Dart_StringToCString(host_name, &host_name_string)); |
| 73 |
| 74 GetTlsFilter(args)->Connect(host_name_string); |
| 75 Dart_ExitScope(); |
| 76 } |
| 77 |
| 78 |
| 79 void FUNCTION_NAME(TlsSocket_Destroy)(Dart_NativeArguments args) { |
| 80 Dart_EnterScope(); |
| 81 TlsFilter* filter = GetTlsFilter(args); |
| 82 SetTlsFilter(args, NULL); |
| 83 filter->Destroy(); |
| 84 delete filter; |
| 85 Dart_ExitScope(); |
| 86 } |
| 87 |
| 88 |
| 89 void FUNCTION_NAME(TlsSocket_Handshake)(Dart_NativeArguments args) { |
| 90 Dart_EnterScope(); |
| 91 GetTlsFilter(args)->Handshake(); |
| 92 Dart_ExitScope(); |
| 93 } |
| 94 |
| 95 |
| 96 void FUNCTION_NAME(TlsSocket_RegisterHandshakeCallbacks)( |
| 97 Dart_NativeArguments args) { |
| 98 Dart_EnterScope(); |
| 99 Dart_Handle handshake_start = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
| 100 Dart_Handle handshake_finish = ThrowIfError(Dart_GetNativeArgument(args, 2)); |
| 101 if (!Dart_IsClosure(handshake_start) || |
| 102 !Dart_IsClosure(handshake_finish)) { |
| 103 Dart_ThrowException(DartUtils::NewDartArgumentError( |
| 104 "Illegal argument to RegisterHandshakeCallbacks")); |
| 105 } |
| 106 GetTlsFilter(args)->RegisterHandshakeCallbacks(handshake_start, |
| 107 handshake_finish); |
| 108 Dart_ExitScope(); |
| 109 } |
| 110 |
| 111 |
| 112 void FUNCTION_NAME(TlsSocket_ProcessBuffer)(Dart_NativeArguments args) { |
| 113 Dart_EnterScope(); |
| 114 Dart_Handle buffer_id_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
| 115 int64_t buffer_id = DartUtils::GetIntegerValue(buffer_id_object); |
| 116 if (buffer_id < 0 || buffer_id >= TlsFilter::kNumBuffers) { |
| 117 Dart_ThrowException(DartUtils::NewDartArgumentError( |
| 118 "Illegal argument to ProcessBuffer")); |
| 119 } |
| 120 |
| 121 intptr_t bytes_read = |
| 122 GetTlsFilter(args)->ProcessBuffer(static_cast<int>(buffer_id)); |
| 123 Dart_SetReturnValue(args, Dart_NewInteger(bytes_read)); |
| 124 Dart_ExitScope(); |
| 125 } |
| 126 |
| 127 |
| 128 void FUNCTION_NAME(TlsSocket_SetCertificateDatabase) |
| 129 (Dart_NativeArguments args) { |
| 130 Dart_EnterScope(); |
| 131 Dart_Handle dart_pkcert_dir = ThrowIfError(Dart_GetNativeArgument(args, 0)); |
| 132 // Check that the type is string, and get the UTF-8 C string value from it. |
| 133 if (Dart_IsString(dart_pkcert_dir)) { |
| 134 const char* pkcert_dir = NULL; |
| 135 ThrowIfError(Dart_StringToCString(dart_pkcert_dir, &pkcert_dir)); |
| 136 TlsFilter::InitializeLibrary(pkcert_dir); |
| 137 } else { |
| 138 Dart_ThrowException(DartUtils::NewDartArgumentError( |
| 139 "Non-String argument to SetCertificateDatabase")); |
| 140 } |
| 141 Dart_ExitScope(); |
| 142 } |
| 143 |
| 144 void TlsFilter::Init(Dart_Handle dart_this) { |
| 145 stringStart_ = ThrowIfError( |
| 146 Dart_NewPersistentHandle(DartUtils::NewString("start"))); |
| 147 stringLength_ = ThrowIfError( |
| 148 Dart_NewPersistentHandle(DartUtils::NewString("length"))); |
| 149 |
| 150 InitializeBuffers(dart_this); |
| 151 memio_ = memio_CreateIOLayer(30000); |
| 152 } |
| 153 |
| 154 |
| 155 void TlsFilter::InitializeBuffers(Dart_Handle dart_this) { |
| 156 // Create TlsFilter buffers as ExternalUint8Array objects. |
| 157 Dart_Handle dart_buffers_object = ThrowIfError( |
| 158 Dart_GetField(dart_this, DartUtils::NewString("buffers"))); |
| 159 Dart_Handle dart_buffer_object = ThrowIfError( |
| 160 Dart_ListGetAt(dart_buffers_object, kReadPlaintext)); |
| 161 Dart_Handle tls_external_buffer_class = ThrowIfError( |
| 162 Dart_InstanceGetClass(dart_buffer_object)); |
| 163 Dart_Handle dart_buffer_size = ThrowIfError( |
| 164 Dart_GetField(tls_external_buffer_class, DartUtils::NewString("kSize"))); |
| 165 buffer_size_ = DartUtils::GetIntegerValue(dart_buffer_size); |
| 166 if (buffer_size_ <= 0 || buffer_size_ > 1024 * 1024) { |
| 167 Dart_ThrowException( |
| 168 DartUtils::NewString("Invalid buffer size in _TlsExternalBuffer")); |
| 169 } |
| 170 |
| 171 for (int i = 0; i < kNumBuffers; ++i) { |
| 172 dart_buffer_objects_[i] = ThrowIfError( |
| 173 Dart_NewPersistentHandle(Dart_ListGetAt(dart_buffers_object, i))); |
| 174 buffers_[i] = new uint8_t[buffer_size_]; |
| 175 Dart_Handle data = ThrowIfError( |
| 176 Dart_NewExternalByteArray(buffers_[i], |
| 177 buffer_size_, NULL, NULL)); |
| 178 ThrowIfError(Dart_SetField(dart_buffer_objects_[i], |
| 179 DartUtils::NewString("data"), |
| 180 data)); |
| 181 } |
| 182 } |
| 183 |
| 184 |
| 185 void TlsFilter::RegisterHandshakeCallbacks(Dart_Handle start, |
| 186 Dart_Handle finish) { |
| 187 handshake_start_ = ThrowIfError(Dart_NewPersistentHandle(start)); |
| 188 handshake_finish_ = ThrowIfError(Dart_NewPersistentHandle(finish)); |
| 189 } |
| 190 |
| 191 |
| 192 void TlsFilter::DestroyPlatformIndependent() { |
| 193 for (int i = 0; i < kNumBuffers; ++i) { |
| 194 Dart_DeletePersistentHandle(dart_buffer_objects_[i]); |
| 195 } |
| 196 Dart_DeletePersistentHandle(stringStart_); |
| 197 Dart_DeletePersistentHandle(stringLength_); |
| 198 } |
| 199 |
| 200 |
| 201 TlsFilter::TlsFilter() : in_handshake_(false) { } |
| 202 |
| 203 |
| 204 void TlsFilter::InitializeLibrary(const char* pkcert_database) { |
| 205 LockInitMutex(); |
| 206 if (!library_initialized_) { |
| 207 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); |
| 208 // TODO: Allow read-write opening of pkcert_database using |
| 209 // NSS_InitReadWrite, controlled by an optional argument. |
| 210 SECStatus status = |
| 211 NSS_Init(pkcert_database); |
| 212 if (status != SECSuccess) { |
| 213 ReportError("Unsuccessful NSS_Init call.\n", PR_GetError()); |
| 214 } |
| 215 |
| 216 status = NSS_SetDomesticPolicy(); |
| 217 if (status != SECSuccess) { |
| 218 ReportError("Unsuccessful NSS_SetDomesticPolicy call.\n", PR_GetError()); |
| 219 } |
| 220 } else { |
| 221 ReportError("Called TlsFilter::InitializeLibrary more than once", 0); |
| 222 } |
| 223 UnlockInitMutex(); |
| 224 } |
| 225 |
| 226 |
| 227 void TlsFilter::Connect(const char* host) { |
| 228 if (in_handshake_) { |
| 229 ReportError("Connect called while already in handshake state.", 0); |
| 230 } |
| 231 PRFileDesc* my_socket = memio_; |
| 232 |
| 233 my_socket = SSL_ImportFD(NULL, my_socket); |
| 234 if (my_socket == NULL) { |
| 235 ReportError("Unsuccessful SSL_ImportFD call", 0); |
| 236 } |
| 237 |
| 238 if (SSL_SetURL(my_socket, host) == -1) { |
| 239 ReportError("Unsuccessful SetURL call", 0); |
| 240 } |
| 241 |
| 242 SECStatus status = SSL_ResetHandshake(my_socket, PR_FALSE); |
| 243 if (status != SECSuccess) { |
| 244 ReportError("Unsuccessful SSL_ResetHandshake call", PR_GetError()); |
| 245 } |
| 246 |
| 247 // SetPeerAddress |
| 248 PRNetAddr host_address; |
| 249 char host_entry_buffer[PR_NETDB_BUF_SIZE]; |
| 250 PRHostEnt host_entry; |
| 251 PRStatus rv = PR_GetHostByName(host, host_entry_buffer, |
| 252 PR_NETDB_BUF_SIZE, &host_entry); |
| 253 if (rv != PR_SUCCESS) { |
| 254 ReportError("Unsuccessful PR_GetHostByName call", PR_GetError()); |
| 255 } |
| 256 |
| 257 int index = PR_EnumerateHostEnt(0, &host_entry, 443, &host_address); |
| 258 if (index == -1 || index == 0) { |
| 259 ReportError("Unsuccessful PR_EnumerateHostEnt call", 0); |
| 260 } |
| 261 |
| 262 memio_SetPeerName(my_socket, &host_address); |
| 263 memio_ = my_socket; |
| 264 } |
| 265 |
| 266 |
| 267 void TlsFilter::Handshake() { |
| 268 SECStatus status = SSL_ForceHandshake(memio_); |
| 269 if (status == SECSuccess) { |
| 270 if (in_handshake_) { |
| 271 ThrowIfError(Dart_InvokeClosure(handshake_finish_, 0, NULL)); |
| 272 in_handshake_ = false; |
| 273 } |
| 274 } else { |
| 275 PRErrorCode error = PR_GetError(); |
| 276 if (error == PR_WOULD_BLOCK_ERROR) { |
| 277 if (!in_handshake_) { |
| 278 ThrowIfError(Dart_InvokeClosure(handshake_start_, 0, NULL)); |
| 279 in_handshake_ = true; |
| 280 } |
| 281 } else { |
| 282 ReportError("Unexpected handshake error", error); |
| 283 } |
| 284 } |
| 285 } |
| 286 |
| 287 |
| 288 void TlsFilter::Destroy() { |
| 289 DestroyPlatformIndependent(); |
| 290 // TODO(whesse): Destroy OpenSSL objects here. |
| 291 } |
| 292 |
| 293 |
| 294 intptr_t TlsFilter::ProcessBuffer(int buffer_index) { |
| 295 Dart_Handle buffer_object = dart_buffer_objects_[buffer_index]; |
| 296 Dart_Handle start_object = ThrowIfError( |
| 297 Dart_GetField(buffer_object, stringStart_)); |
| 298 Dart_Handle length_object = ThrowIfError( |
| 299 Dart_GetField(buffer_object, stringLength_)); |
| 300 int64_t unsafe_start = DartUtils::GetIntegerValue(start_object); |
| 301 int64_t unsafe_length = DartUtils::GetIntegerValue(length_object); |
| 302 if (unsafe_start < 0 || unsafe_start >= buffer_size_ || |
| 303 unsafe_length < 0 || unsafe_length > buffer_size_) { |
| 304 Dart_ThrowException(DartUtils::NewDartArgumentError( |
| 305 "Illegal .start or .length on a _TlsExternalBuffer")); |
| 306 } |
| 307 intptr_t start = static_cast<intptr_t>(unsafe_start); |
| 308 intptr_t length = static_cast<intptr_t>(unsafe_length); |
| 309 |
| 310 int bytes_processed = 0; |
| 311 switch (buffer_index) { |
| 312 case kReadPlaintext: { |
| 313 int bytes_free = buffer_size_ - start - length; |
| 314 bytes_processed = PR_Read(memio_, |
| 315 buffers_[buffer_index] + start + length, |
| 316 bytes_free); |
| 317 if (bytes_processed < 0) { |
| 318 ASSERT(bytes_processed == -1); |
| 319 // TODO(whesse): Handle unexpected errors here. |
| 320 PRErrorCode pr_error = PR_GetError(); |
| 321 ASSERT(PR_WOULD_BLOCK_ERROR == pr_error); |
| 322 bytes_processed = 0; |
| 323 } |
| 324 break; |
| 325 } |
| 326 |
| 327 case kWriteEncrypted: { |
| 328 const uint8_t* buf1; |
| 329 const uint8_t* buf2; |
| 330 unsigned int len1; |
| 331 unsigned int len2; |
| 332 int bytes_free = buffer_size_ - start - length; |
| 333 memio_Private* secret = memio_GetSecret(memio_); |
| 334 memio_GetWriteParams(secret, &buf1, &len1, &buf2, &len2); |
| 335 int bytes_to_send = |
| 336 dart::Utils::Minimum(len1, static_cast<unsigned>(bytes_free)); |
| 337 if (bytes_to_send > 0) { |
| 338 memmove(buffers_[buffer_index] + start + length, buf1, bytes_to_send); |
| 339 bytes_processed = bytes_to_send; |
| 340 } |
| 341 bytes_to_send = dart::Utils::Minimum(len2, |
| 342 static_cast<unsigned>(bytes_free - bytes_processed)); |
| 343 if (bytes_to_send > 0) { |
| 344 memmove(buffers_[buffer_index] + start + length + bytes_processed, buf2, |
| 345 bytes_to_send); |
| 346 bytes_processed += bytes_to_send; |
| 347 } |
| 348 if (bytes_processed > 0) { |
| 349 memio_PutWriteResult(secret, bytes_processed); |
| 350 } |
| 351 break; |
| 352 } |
| 353 |
| 354 case kReadEncrypted: { |
| 355 if (length > 0) { |
| 356 bytes_processed = length; |
| 357 memio_Private* secret = memio_GetSecret(memio_); |
| 358 uint8_t* memio_buf; |
| 359 int free_bytes = memio_GetReadParams(secret, &memio_buf); |
| 360 if (free_bytes < bytes_processed) bytes_processed = free_bytes; |
| 361 memmove(memio_buf, |
| 362 buffers_[buffer_index] + start, |
| 363 bytes_processed); |
| 364 memio_PutReadResult(secret, bytes_processed); |
| 365 } |
| 366 break; |
| 367 } |
| 368 |
| 369 case kWritePlaintext: { |
| 370 if (length > 0) { |
| 371 bytes_processed = PR_Write(memio_, |
| 372 buffers_[buffer_index] + start, |
| 373 length); |
| 374 } |
| 375 |
| 376 if (bytes_processed < 0) { |
| 377 ASSERT(bytes_processed == -1); |
| 378 // TODO(whesse): Handle unexpected errors here. |
| 379 PRErrorCode pr_error = PR_GetError(); |
| 380 ASSERT(PR_WOULD_BLOCK_ERROR == pr_error); |
| 381 bytes_processed = 0; |
| 382 } |
| 383 break; |
| 384 } |
| 385 } |
| 386 return bytes_processed; |
| 387 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10916081:
Add secure sockets to dart:io (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart