OLD | NEW |
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 #ifndef BIN_SECURE_SOCKET_H_ | 5 #ifndef BIN_SECURE_SOCKET_H_ |
6 #define BIN_SECURE_SOCKET_H_ | 6 #define BIN_SECURE_SOCKET_H_ |
7 | 7 |
| 8 #ifdef DART_IO_SECURE_SOCKET_DISABLED |
| 9 #error "secure_socket.h can only be included on builds with SSL enabled" |
| 10 #endif |
| 11 |
8 #include <stdlib.h> | 12 #include <stdlib.h> |
9 #include <string.h> | 13 #include <string.h> |
10 #include <stdio.h> | 14 #include <stdio.h> |
11 #include <sys/types.h> | 15 #include <sys/types.h> |
12 | 16 |
13 #if !defined(DART_IO_SECURE_SOCKET_DISABLED) | 17 #include <openssl/bio.h> |
14 #include <prinit.h> | 18 #include <openssl/ssl.h> |
15 #include <prerror.h> | 19 #include <openssl/err.h> |
16 #include <prnetdb.h> | 20 #include <openssl/x509.h> |
17 #include <ssl.h> | |
18 #else | |
19 struct PRFileDesc; | |
20 #endif | |
21 | 21 |
22 #include "bin/builtin.h" | 22 #include "bin/builtin.h" |
23 #include "bin/dartutils.h" | 23 #include "bin/dartutils.h" |
24 #include "bin/socket.h" | 24 #include "bin/socket.h" |
25 #include "bin/thread.h" | 25 #include "bin/thread.h" |
26 #include "bin/utils.h" | 26 #include "bin/utils.h" |
27 | 27 |
28 namespace dart { | 28 namespace dart { |
29 namespace bin { | 29 namespace bin { |
30 | 30 |
| 31 /* These are defined in root_certificates.cc. */ |
| 32 extern const unsigned char* root_certificates_pem; |
| 33 extern unsigned int root_certificates_pem_length; |
| 34 |
31 /* | 35 /* |
32 * SSLFilter encapsulates the NSS SSL(TLS) code in a filter, that communicates | 36 * SSLFilter encapsulates the NSS SSL(TLS) code in a filter, that communicates |
33 * with the containing _SecureFilterImpl Dart object through four shared | 37 * with the containing _SecureFilterImpl Dart object through four shared |
34 * ExternalByteArray buffers, for reading and writing plaintext, and | 38 * ExternalByteArray buffers, for reading and writing plaintext, and |
35 * reading and writing encrypted text. The filter handles handshaking | 39 * reading and writing encrypted text. The filter handles handshaking |
36 * and certificate verification. | 40 * and certificate verification. |
37 */ | 41 */ |
38 class SSLFilter { | 42 class SSLFilter { |
39 public: | 43 public: |
40 // These enums must agree with those in sdk/lib/io/secure_socket.dart. | 44 // These enums must agree with those in sdk/lib/io/secure_socket.dart. |
41 enum BufferIndex { | 45 enum BufferIndex { |
42 kReadPlaintext, | 46 kReadPlaintext, |
43 kWritePlaintext, | 47 kWritePlaintext, |
44 kReadEncrypted, | 48 kReadEncrypted, |
45 kWriteEncrypted, | 49 kWriteEncrypted, |
46 kNumBuffers, | 50 kNumBuffers, |
47 kFirstEncrypted = kReadEncrypted | 51 kFirstEncrypted = kReadEncrypted |
48 }; | 52 }; |
49 | 53 |
50 SSLFilter() | 54 SSLFilter() |
51 : callback_error(NULL), | 55 : callback_error(NULL), |
| 56 ssl_(NULL), |
52 string_start_(NULL), | 57 string_start_(NULL), |
53 string_length_(NULL), | 58 string_length_(NULL), |
54 handshake_complete_(NULL), | 59 handshake_complete_(NULL), |
55 bad_certificate_callback_(NULL), | 60 bad_certificate_callback_(NULL), |
56 in_handshake_(false), | 61 in_handshake_(false), |
57 client_certificate_name_(NULL), | 62 hostname_(NULL) { } |
58 filter_(NULL) { } | |
59 | 63 |
60 void Init(Dart_Handle dart_this); | 64 void Init(Dart_Handle dart_this); |
61 void Connect(const char* host, | 65 void Connect(const char* hostname, |
62 const RawAddr& raw_addr, | 66 SSL_CTX* context, |
63 int port, | |
64 bool is_server, | 67 bool is_server, |
65 const char* certificate_name, | |
66 bool request_client_certificate, | 68 bool request_client_certificate, |
67 bool require_client_certificate, | 69 bool require_client_certificate, |
68 bool send_client_certificate, | 70 bool send_client_certificate, |
69 Dart_Handle protocols_handle); | 71 Dart_Handle protocols_handle); |
70 void Destroy(); | 72 void Destroy(); |
71 void Handshake(); | 73 void Handshake(); |
72 void GetSelectedProtocol(Dart_NativeArguments args); | 74 void GetSelectedProtocol(Dart_NativeArguments args); |
73 void Renegotiate(bool use_session_cache, | 75 void Renegotiate(bool use_session_cache, |
74 bool request_client_certificate, | 76 bool request_client_certificate, |
75 bool require_client_certificate); | 77 bool require_client_certificate); |
76 void RegisterHandshakeCompleteCallback(Dart_Handle handshake_complete); | 78 void RegisterHandshakeCompleteCallback(Dart_Handle handshake_complete); |
77 void RegisterBadCertificateCallback(Dart_Handle callback); | 79 void RegisterBadCertificateCallback(Dart_Handle callback); |
78 Dart_Handle bad_certificate_callback() { | 80 Dart_Handle bad_certificate_callback() { |
79 return Dart_HandleFromPersistent(bad_certificate_callback_); | 81 return Dart_HandleFromPersistent(bad_certificate_callback_); |
80 } | 82 } |
81 intptr_t ProcessReadPlaintextBuffer(int start, int end); | 83 int ProcessReadPlaintextBuffer(int start, int end); |
82 intptr_t ProcessWritePlaintextBuffer(int start1, int end1, | 84 int ProcessWritePlaintextBuffer(int start, int end); |
83 int start2, int end2); | 85 int ProcessReadEncryptedBuffer(int start, int end); |
84 intptr_t ProcessReadEncryptedBuffer(int start, int end); | 86 int ProcessWriteEncryptedBuffer(int start, int end); |
85 intptr_t ProcessWriteEncryptedBuffer(int start, int end); | |
86 bool ProcessAllBuffers(int starts[kNumBuffers], | 87 bool ProcessAllBuffers(int starts[kNumBuffers], |
87 int ends[kNumBuffers], | 88 int ends[kNumBuffers], |
88 bool in_handshake); | 89 bool in_handshake); |
89 Dart_Handle PeerCertificate(); | 90 Dart_Handle PeerCertificate(); |
90 static void InitializeLibrary(const char* certificate_database, | 91 static void InitializeLibrary(); |
91 const char* password, | |
92 bool use_builtin_root_certificates, | |
93 bool report_duplicate_initialization = true); | |
94 Dart_Handle callback_error; | 92 Dart_Handle callback_error; |
95 | 93 |
96 static CObject* ProcessFilterRequest(const CObjectArray& request); | 94 static CObject* ProcessFilterRequest(const CObjectArray& request); |
97 | 95 |
| 96 // The index of the external data field in _ssl that points to the SSLFilter. |
| 97 static int filter_ssl_index; |
| 98 |
| 99 // TODO(whesse): make private: |
| 100 SSL* ssl_; |
| 101 BIO* socket_side_; |
| 102 |
| 103 |
98 private: | 104 private: |
99 static const int kMemioBufferSize = 20 * KB; | |
100 static bool library_initialized_; | 105 static bool library_initialized_; |
101 static const char* password_; | |
102 static Mutex* mutex_; // To protect library initialization. | 106 static Mutex* mutex_; // To protect library initialization. |
103 | 107 |
104 uint8_t* buffers_[kNumBuffers]; | 108 uint8_t* buffers_[kNumBuffers]; |
105 int buffer_size_; | 109 int buffer_size_; |
106 int encrypted_buffer_size_; | 110 int encrypted_buffer_size_; |
107 Dart_PersistentHandle string_start_; | 111 Dart_PersistentHandle string_start_; |
108 Dart_PersistentHandle string_length_; | 112 Dart_PersistentHandle string_length_; |
109 Dart_PersistentHandle dart_buffer_objects_[kNumBuffers]; | 113 Dart_PersistentHandle dart_buffer_objects_[kNumBuffers]; |
110 Dart_PersistentHandle handshake_complete_; | 114 Dart_PersistentHandle handshake_complete_; |
111 Dart_PersistentHandle bad_certificate_callback_; | 115 Dart_PersistentHandle bad_certificate_callback_; |
112 bool in_handshake_; | 116 bool in_handshake_; |
113 bool is_server_; | 117 bool is_server_; |
114 char* client_certificate_name_; | 118 char* hostname_; |
115 PRFileDesc* filter_; | 119 X509_VERIFY_PARAM* certificate_checking_parameters_; |
116 | 120 |
117 static bool isBufferEncrypted(int i) { | 121 static bool isBufferEncrypted(int i) { |
118 return static_cast<BufferIndex>(i) >= kFirstEncrypted; | 122 return static_cast<BufferIndex>(i) >= kFirstEncrypted; |
119 } | 123 } |
120 void InitializeBuffers(Dart_Handle dart_this); | 124 void InitializeBuffers(Dart_Handle dart_this); |
121 void InitializePlatformData(); | 125 void InitializePlatformData(); |
122 | 126 |
123 DISALLOW_COPY_AND_ASSIGN(SSLFilter); | 127 DISALLOW_COPY_AND_ASSIGN(SSLFilter); |
124 }; | 128 }; |
125 | 129 |
126 } // namespace bin | 130 } // namespace bin |
127 } // namespace dart | 131 } // namespace dart |
128 | 132 |
129 #endif // BIN_SECURE_SOCKET_H_ | 133 #endif // BIN_SECURE_SOCKET_H_ |
OLD | NEW |