| Index: runtime/bin/tls_socket.cc
|
| diff --git a/runtime/bin/tls_socket.cc b/runtime/bin/tls_socket.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..40ece1f20001aebad5aca3e203694b2f3941f3c1
|
| --- /dev/null
|
| +++ b/runtime/bin/tls_socket.cc
|
| @@ -0,0 +1,453 @@
|
| +// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
| +// for details. All rights reserved. Use of this source code is governed by a
|
| +// BSD-style license that can be found in the LICENSE file.
|
| +
|
| +#include "bin/tls_socket.h"
|
| +
|
| +#include <errno.h>
|
| +#include <fcntl.h>
|
| +#include <sys/stat.h>
|
| +#include <stdio.h>
|
| +#include <string.h>
|
| +
|
| +#include <prinit.h>
|
| +#include <prerror.h>
|
| +#include <prnetdb.h>
|
| +#include <nss.h>
|
| +#include <ssl.h>
|
| +
|
| +#include "bin/builtin.h"
|
| +#include "bin/dartutils.h"
|
| +#include "bin/thread.h"
|
| +#include "bin/utils.h"
|
| +#include "bin/net/nss_memio.h"
|
| +#include "platform/utils.h"
|
| +
|
| +#include "include/dart_api.h"
|
| +
|
| +bool TlsFilter::library_initialized_ = false;
|
| +
|
| +static TlsFilter* NativePeer(Dart_NativeArguments args) {
|
| + TlsFilter* native_peer;
|
| +
|
| + Dart_Handle dart_this = HandleError(Dart_GetNativeArgument(args, 0));
|
| + ASSERT(Dart_IsInstance(dart_this));
|
| + HandleError(Dart_GetNativeInstanceField(dart_this, 0,
|
| + reinterpret_cast<intptr_t*>(&native_peer)));
|
| + return native_peer;
|
| +}
|
| +
|
| +
|
| +static void SetNativePeer(Dart_NativeArguments args, TlsFilter* native_peer) {
|
| + Dart_Handle dart_this = HandleError(Dart_GetNativeArgument(args, 0));
|
| + ASSERT(Dart_IsInstance(dart_this));
|
| + HandleError(Dart_SetNativeInstanceField(dart_this, 0,
|
| + reinterpret_cast<intptr_t>(native_peer)));
|
| +}
|
| +
|
| +
|
| +void FUNCTION_NAME(TlsSocket_Init)(Dart_NativeArguments args) {
|
| + Dart_EnterScope();
|
| + TlsFilter* native_peer = new TlsFilter;
|
| + Dart_Handle dart_this = Dart_GetNativeArgument(args, 0);
|
| + if (Dart_IsError(dart_this)) {
|
| + delete native_peer;
|
| + Dart_PropagateError(dart_this);
|
| + }
|
| + SetNativePeer(args, native_peer);
|
| + native_peer->Init(dart_this);
|
| +
|
| + Dart_SetReturnValue(args, Dart_Null());
|
| + Dart_ExitScope();
|
| +}
|
| +
|
| +
|
| +void FUNCTION_NAME(TlsSocket_Connect)(Dart_NativeArguments args) {
|
| + Dart_EnterScope();
|
| + NativePeer(args)->Connect();
|
| + Dart_SetReturnValue(args, Dart_Null());
|
| + Dart_ExitScope();
|
| +}
|
| +
|
| +
|
| +void FUNCTION_NAME(TlsSocket_Destroy)(Dart_NativeArguments args) {
|
| + Dart_EnterScope();
|
| + TlsFilter* native_peer = NativePeer(args);
|
| + SetNativePeer(args, NULL);
|
| + native_peer->Destroy();
|
| + delete native_peer;
|
| + Dart_SetReturnValue(args, Dart_Null());
|
| + Dart_ExitScope();
|
| +}
|
| +
|
| +
|
| +void FUNCTION_NAME(TlsSocket_RegisterHandshakeCallbacks)(
|
| + Dart_NativeArguments args) {
|
| + Dart_EnterScope();
|
| + Dart_Handle handshake_start = HandleError(Dart_GetNativeArgument(args, 1));
|
| + Dart_Handle handshake_finish = HandleError(Dart_GetNativeArgument(args, 2));
|
| + if (!Dart_IsClosure(handshake_start) ||
|
| + !Dart_IsClosure(handshake_finish)) {
|
| + Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
|
| + "Illegal argument to RegisterHandshakeCallbacks"));
|
| + }
|
| + NativePeer(args)->RegisterHandshakeCallbacks(handshake_start,
|
| + handshake_finish);
|
| + Dart_SetReturnValue(args, Dart_Null());
|
| + Dart_ExitScope();
|
| +}
|
| +
|
| +
|
| +void FUNCTION_NAME(TlsSocket_ProcessBuffer)(Dart_NativeArguments args) {
|
| + Dart_EnterScope();
|
| + Dart_Handle buffer_id_object = HandleError(Dart_GetNativeArgument(args, 1));
|
| + int64_t buffer_id = DartUtils::GetIntegerValue(buffer_id_object);
|
| + if (buffer_id < 0 || buffer_id >= TlsFilter::kNumBuffers) {
|
| + Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
|
| + "Illegal argument to ProcessBuffer"));
|
| + }
|
| +
|
| + intptr_t bytes_read =
|
| + NativePeer(args)->ProcessBuffer(static_cast<int>(buffer_id));
|
| + Dart_SetReturnValue(args, Dart_NewInteger(bytes_read));
|
| + Dart_ExitScope();
|
| +}
|
| +
|
| +
|
| +void FUNCTION_NAME(TlsSocket_SetCertificateDatabase)
|
| + (Dart_NativeArguments args) {
|
| + Dart_EnterScope();
|
| + Dart_Handle dart_pkcert_dir = HandleError(Dart_GetNativeArgument(args, 0));
|
| + // Check that the type is string, and get the UTF-8 C string value from it.
|
| + if (Dart_IsString(dart_pkcert_dir)) {
|
| + const char* pkcert_dir = NULL;
|
| + HandleError(Dart_StringToCString(dart_pkcert_dir, &pkcert_dir));
|
| + TlsFilter::InitializeLibrary(pkcert_dir);
|
| + } else {
|
| + Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
|
| + "Non-String argument to SetCertificateDatabase"));
|
| + }
|
| + Dart_SetReturnValue(args, Dart_Null());
|
| + Dart_ExitScope();
|
| +}
|
| +
|
| +void TlsFilter::Init(Dart_Handle dart_this) {
|
| + stringStart_ = HandleError(
|
| + Dart_NewPersistentHandle(Dart_NewString("start")));
|
| + stringLength_ = HandleError(
|
| + Dart_NewPersistentHandle(Dart_NewString("length")));
|
| +
|
| + InitializeBuffers(dart_this);
|
| + InitializePlatformData();
|
| +}
|
| +
|
| +
|
| +void TlsFilter::InitializeBuffers(Dart_Handle dart_this) {
|
| + // Create TlsFilter buffers as ExternalUint8Array objects.
|
| + Dart_Handle dart_buffers_object = HandleError(
|
| + Dart_GetField(dart_this, Dart_NewString("buffers")));
|
| + Dart_Handle dart_buffer_object = HandleError(
|
| + Dart_ListGetAt(dart_buffers_object, kReadPlaintext));
|
| + Dart_Handle tlsExternalBuffer_class = HandleError(
|
| + Dart_InstanceGetClass(dart_buffer_object));
|
| + Dart_Handle dart_buffer_size = HandleError(
|
| + Dart_GetField(tlsExternalBuffer_class, Dart_NewString("kSize")));
|
| + buffer_size_ = DartUtils::GetIntegerValue(dart_buffer_size);
|
| + if (buffer_size_ <= 0 || buffer_size_ > 1024 * 1024) {
|
| + Dart_ThrowException(
|
| + Dart_NewString("Invalid buffer size in _TlsExternalBuffer"));
|
| + }
|
| +
|
| + for (int i = 0; i < kNumBuffers; ++i) {
|
| + dart_buffer_objects_[i] = HandleError(
|
| + Dart_NewPersistentHandle(Dart_ListGetAt(dart_buffers_object, i)));
|
| + buffers_[i] = new uint8_t[buffer_size_];
|
| + Dart_Handle data = HandleError(
|
| + Dart_NewExternalByteArray(buffers_[i],
|
| + buffer_size_, NULL, NULL));
|
| + HandleError(
|
| + Dart_SetField(dart_buffer_objects_[i], Dart_NewString("data"), data));
|
| + }
|
| +}
|
| +
|
| +
|
| +void TlsFilter::RegisterHandshakeCallbacks(Dart_Handle start,
|
| + Dart_Handle finish) {
|
| + handshake_start_ = HandleError(Dart_NewPersistentHandle(start));
|
| + handshake_finish_ = HandleError(Dart_NewPersistentHandle(finish));
|
| +}
|
| +
|
| +
|
| +void TlsFilter::DestroyPlatformIndependent() {
|
| + for (int i = 0; i < kNumBuffers; ++i) {
|
| + Dart_DeletePersistentHandle(dart_buffer_objects_[i]);
|
| + }
|
| + Dart_DeletePersistentHandle(stringStart_);
|
| + Dart_DeletePersistentHandle(stringLength_);
|
| +}
|
| +
|
| +
|
| +class TlsFilterPlatformData {
|
| + public:
|
| + PRFileDesc* memio;
|
| +};
|
| +
|
| +
|
| +TlsFilter::TlsFilter() : in_handshake_(false) { }
|
| +
|
| +
|
| +void TlsFilter::InitializeLibrary(const char* pkcert_database) {
|
| + printf("Entering InitializeLibrary\n");
|
| + LockInitMutex();
|
| + if (!library_initialized_) {
|
| + PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
|
| + printf("%s\n", pkcert_database);
|
| +#ifdef CHROMIUM_NSS
|
| + // The Chromium version of the NSS libraries does not allow read-only here.
|
| + SECStatus status =
|
| + NSS_InitReadWrite(pkcert_database);
|
| +#else
|
| + SECStatus status =
|
| + NSS_Init(pkcert_database);
|
| +#endif
|
| + if (status == SECSuccess) {
|
| + printf("Successful NSS_Init call\n");
|
| + } else {
|
| + PRErrorCode pr_error = PR_GetError();
|
| + printf("Unsuccessful NSS_Init call. Error %d\n", pr_error);
|
| + }
|
| +
|
| + status = NSS_SetDomesticPolicy();
|
| + if (status == SECSuccess) {
|
| + printf("Successful NSS_SetDomesticPolicy call\n");
|
| + } else {
|
| + PRErrorCode pr_error = PR_GetError();
|
| + printf("Unsuccessful NSS_SetDomesticPolicy call. Error %d\n", pr_error);
|
| + }
|
| + } else {
|
| + printf("Called TlsFilter::InitializeLibrary more than once.\n");
|
| + }
|
| + UnlockInitMutex();
|
| + printf("Exiting InitializeLibrary\n");
|
| +}
|
| +
|
| +
|
| +void TlsFilter::InitializePlatformData() {
|
| + data_ = new TlsFilterPlatformData;
|
| + data_->memio = memio_CreateIOLayer(30000);
|
| +}
|
| +
|
| +
|
| +char host_entry_buffer[PR_NETDB_BUF_SIZE];
|
| +PRHostEnt host_entry;
|
| +PRNetAddr host_address;
|
| +PRFileDesc* my_socket;
|
| +
|
| +bool SECURITY = true;
|
| +SECStatus status;
|
| +
|
| +// Callback that always returns SECSuccess.
|
| +static SECStatus AlwaysSucceed(void* arg, PRFileDesc *fd,
|
| + PRBool check, PRBool server) {
|
| + return SECSuccess;
|
| +}
|
| +
|
| +void TlsFilter::Connect() {
|
| + printf("Entering InitSocket\n");
|
| + if (!in_handshake_) {
|
| + my_socket = data_->memio;
|
| +
|
| + my_socket = SSL_ImportFD(NULL, my_socket);
|
| + if (my_socket == NULL) {
|
| + printf("SSL_ImportFD failed.\n");
|
| + }
|
| +
|
| + if (SSL_SetURL(my_socket, "www.google.dk") == -1) {
|
| + printf("SetURL call failed\n");
|
| + }
|
| +
|
| + if (!SECURITY) {
|
| + status = SSL_OptionSet(my_socket, SSL_SECURITY, PR_FALSE);
|
| + }
|
| + if (status == SECSuccess) {
|
| + printf("Successful SSL_OptionSetDefault call\n");
|
| + } else {
|
| + PRErrorCode pr_error = PR_GetError();
|
| + printf("Unsuccessful SSL_OptionSetDefault call. Error %d\n", pr_error);
|
| + }
|
| +
|
| +#ifdef CHROMIUM_NSS
|
| + // Certificate chain verification is not yet working with Chromium NSS.
|
| + status = SSL_AuthCertificateHook(my_socket, AlwaysSucceed, NULL);
|
| + if (status == SECSuccess) {
|
| + printf("Successful SSL_AuthCertificateHook call\n");
|
| + } else {
|
| + PRErrorCode pr_error = PR_GetError();
|
| + printf("Unsuccessful SSL_AuthCertificateHook call. Error %d\n", pr_error);
|
| + }
|
| +#else
|
| + USE(AlwaysSucceed);
|
| +#endif
|
| +
|
| + status = SSL_ResetHandshake(my_socket, PR_FALSE);
|
| + if (status == SECSuccess) {
|
| + printf("Successful SSL_ResetHandshake call\n");
|
| + } else {
|
| + PRErrorCode pr_error = PR_GetError();
|
| + printf("Unsuccessful SSL_ResetHandshake call. Error %d\n", pr_error);
|
| + }
|
| +
|
| + // SetPeerAddress
|
| + PRNetAddr host_address;
|
| + char host_entry_buffer[PR_NETDB_BUF_SIZE];
|
| + PRHostEnt host_entry;
|
| + PRStatus rv = PR_GetHostByName("www.google.dk", host_entry_buffer,
|
| + PR_NETDB_BUF_SIZE, &host_entry);
|
| + if (rv == PR_SUCCESS) {
|
| + printf("Successful PR_GetHostByName call\n");
|
| + } else {
|
| + PRErrorCode pr_error = PR_GetError();
|
| + printf("Unsuccessful PR_GetHostByName call. Error %d\n", pr_error);
|
| + }
|
| +
|
| + int index = PR_EnumerateHostEnt(0, &host_entry, 443, &host_address);
|
| + if (index == -1 || index == 0) {
|
| + printf("Unsuccessful PR_EnumerateHostEnt call.\n");
|
| + }
|
| + if (host_address.inet.family == PR_AF_INET) {
|
| + printf("Got IP V4 address\n");
|
| + }
|
| +
|
| + memio_SetPeerName(my_socket, &host_address);
|
| +
|
| + data_->memio = my_socket;
|
| + }
|
| +
|
| + // Handshake
|
| + int er;
|
| + if ((er = SSL_ForceHandshake(my_socket)) == SECSuccess) {
|
| + printf("Successful SSL_ForceHandshake call\n");
|
| + if (in_handshake_) {
|
| + printf("Exiting handshake state\n");
|
| + HandleError(Dart_InvokeClosure(handshake_finish_, 0, NULL));
|
| + in_handshake_ = false;
|
| + }
|
| + } else {
|
| + printf("Unsuccessful SSL_ForceHandshake call\n");
|
| + PRErrorCode pr_error = PR_GetError();
|
| + printf("Error code %d %d\n", er, pr_error);
|
| + if (!in_handshake_) {
|
| + printf("Entering handshake state\n");
|
| + // int writable = ProcessBuffer(kWriteEncrypted);
|
| + // printf("ProcessBuffer(kWriteEncrypted) returns %d\n", writable);
|
| + HandleError(Dart_InvokeClosure(handshake_start_, 0, NULL));
|
| + in_handshake_ = true;
|
| + }
|
| + }
|
| +
|
| + if (!SECURITY) {
|
| + // Handshake doesn't happen.
|
| + HandleError(Dart_InvokeClosure(handshake_start_, 0, NULL));
|
| + HandleError(Dart_InvokeClosure(handshake_finish_, 0, NULL));
|
| + }
|
| +}
|
| +
|
| +
|
| +void TlsFilter::Destroy() {
|
| + DestroyPlatformIndependent();
|
| + // TODO(whesse): Destroy OpenSSL objects here.
|
| +}
|
| +
|
| +intptr_t TlsFilter::ProcessBuffer(int buffer_index) {
|
| + printf("Entering processBuffer(%d)\n", buffer_index);
|
| + Dart_Handle buffer_object = dart_buffer_objects_[buffer_index];
|
| + Dart_Handle start_object = HandleError(
|
| + Dart_GetField(buffer_object, stringStart_));
|
| + Dart_Handle length_object = HandleError(
|
| + Dart_GetField(buffer_object, stringLength_));
|
| + int64_t unsafe_start = DartUtils::GetIntegerValue(start_object);
|
| + int64_t unsafe_length = DartUtils::GetIntegerValue(length_object);
|
| + if (unsafe_start < 0 || unsafe_start >= buffer_size_ ||
|
| + unsafe_length < 0 || unsafe_length > buffer_size_) {
|
| + Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
|
| + "Illegal .start or .length on a _TlsExternalBuffer"));
|
| + }
|
| + intptr_t start = static_cast<intptr_t>(unsafe_start);
|
| + intptr_t length = static_cast<intptr_t>(unsafe_length);
|
| +
|
| + int bytes_sent = 0;
|
| + switch (buffer_index) {
|
| + case kReadPlaintext: {
|
| + int bytes_free = buffer_size_ - start - length;
|
| + bytes_sent = PR_Read(data_->memio,
|
| + buffers_[buffer_index] + start + length,
|
| + bytes_free);
|
| + printf(" plaintext bytes read %d (into %d)\n",
|
| + bytes_sent, bytes_free);
|
| + if (bytes_sent < 0) bytes_sent = 0;
|
| + break;
|
| + }
|
| +
|
| + case kWriteEncrypted: {
|
| + const uint8_t* buf1;
|
| + const uint8_t* buf2;
|
| + unsigned int len1;
|
| + unsigned int len2;
|
| + int bytes_free = buffer_size_ - start - length;
|
| + memio_Private* secret = memio_GetSecret(data_->memio);
|
| + memio_GetWriteParams(secret, &buf1, &len1, &buf2, &len2);
|
| + int bytes_to_send =
|
| + dart::Utils::Minimum(len1, static_cast<unsigned>(bytes_free));
|
| + if (bytes_to_send > 0) {
|
| + memmove(buffers_[buffer_index] + start + length, buf1, bytes_to_send);
|
| + bytes_sent = bytes_to_send;
|
| + }
|
| + bytes_to_send = dart::Utils::Minimum(len2,
|
| + static_cast<unsigned>(bytes_free - bytes_sent));
|
| + if (bytes_to_send > 0) {
|
| + memmove(buffers_[buffer_index] + start + length + bytes_sent, buf2,
|
| + bytes_to_send);
|
| + bytes_sent += bytes_to_send;
|
| + }
|
| + printf(" encrypted bytes written %d (into %d)\n",
|
| + bytes_sent, bytes_free);
|
| + if (bytes_sent > 0) {
|
| + memio_PutWriteResult(secret, bytes_sent);
|
| + }
|
| + break;
|
| + }
|
| +
|
| + case kReadEncrypted: {
|
| + if (length > 0) {
|
| + bytes_sent = length;
|
| + // NEW
|
| + memio_Private* secret = memio_GetSecret(data_->memio);
|
| + uint8_t* memio_buf;
|
| + int free_bytes = memio_GetReadParams(secret, &memio_buf);
|
| + if (free_bytes < bytes_sent) bytes_sent = free_bytes;
|
| + printf(" encrypted bytes read %d (out of %d)\n",
|
| + bytes_sent, static_cast<int>(length));
|
| + memmove(memio_buf,
|
| + buffers_[buffer_index] + start,
|
| + bytes_sent);
|
| + memio_PutReadResult(secret, bytes_sent);
|
| + }
|
| + break;
|
| + }
|
| +
|
| + case kWritePlaintext: {
|
| + if (length > 0) {
|
| + bytes_sent = PR_Write(data_->memio,
|
| + buffers_[buffer_index] + start,
|
| + length);
|
| + printf(" plaintext bytes written %d out of %d\n",
|
| + static_cast<int>(bytes_sent), static_cast<int>(length));
|
| + } else {
|
| + printf(" no plaintext bytes to write.\n");
|
| + }
|
| + if (bytes_sent < 0) bytes_sent = 0;
|
| + break;
|
| + }
|
| + }
|
| + return bytes_sent;
|
| +}
|
|
|
Chromium Code Reviews
Issue 10916081:
Add secure sockets to dart:io (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart