| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2016, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. |
| 4 |
| 5 #ifndef BIN_SECURE_SOCKET_MACOS_H_ |
| 6 #define BIN_SECURE_SOCKET_MACOS_H_ |
| 7 |
| 8 #if !defined(BIN_SECURE_SOCKET_H_) |
| 9 #error Do not include secure_socket_macos.h directly. Use secure_socket.h. |
| 10 #endif |
| 11 |
| 12 #include <stdlib.h> |
| 13 #include <string.h> |
| 14 #include <stdio.h> |
| 15 #include <sys/types.h> |
| 16 |
| 17 #include <CoreFoundation/CoreFoundation.h> |
| 18 #include <Security/SecureTransport.h> |
| 19 #include <Security/Security.h> |
| 20 |
| 21 #include "bin/builtin.h" |
| 22 #include "bin/dartutils.h" |
| 23 #include "bin/socket.h" |
| 24 #include "bin/thread.h" |
| 25 #include "bin/utils.h" |
| 26 |
| 27 namespace dart { |
| 28 namespace bin { |
| 29 |
| 30 // Forward declaration of SSLContext. |
| 31 class SSLCertContext; |
| 32 |
| 33 // SSLFilter encapsulates the SecureTransport code in a filter that communicates |
| 34 // with the containing _SecureFilterImpl Dart object through four shared |
| 35 // ExternalByteArray buffers, for reading and writing plaintext, and |
| 36 // reading and writing encrypted text. The filter handles handshaking |
| 37 // and certificate verification. |
| 38 class SSLFilter { |
| 39 public: |
| 40 // These enums must agree with those in sdk/lib/io/secure_socket.dart. |
| 41 enum BufferIndex { |
| 42 kReadPlaintext, |
| 43 kWritePlaintext, |
| 44 kReadEncrypted, |
| 45 kWriteEncrypted, |
| 46 kNumBuffers, |
| 47 kFirstEncrypted = kReadEncrypted |
| 48 }; |
| 49 |
| 50 SSLFilter() |
| 51 : cert_context_(NULL), |
| 52 ssl_context_(NULL), |
| 53 peer_certs_(NULL), |
| 54 string_start_(NULL), |
| 55 string_length_(NULL), |
| 56 handshake_complete_(NULL), |
| 57 bad_certificate_callback_(NULL), |
| 58 in_handshake_(false), |
| 59 connected_(false), |
| 60 bad_cert_(false), |
| 61 is_server_(false), |
| 62 hostname_(NULL) { |
| 63 } |
| 64 |
| 65 ~SSLFilter(); |
| 66 |
| 67 // Callback called by the IOService. |
| 68 static CObject* ProcessFilterRequest(const CObjectArray& request); |
| 69 |
| 70 Dart_Handle Init(Dart_Handle dart_this); |
| 71 void Connect(Dart_Handle dart_this, |
| 72 const char* hostname, |
| 73 SSLCertContext* context, |
| 74 bool is_server, |
| 75 bool request_client_certificate, |
| 76 bool require_client_certificate); |
| 77 void Destroy(); |
| 78 OSStatus CheckHandshake(); |
| 79 void Renegotiate(bool use_session_cache, |
| 80 bool request_client_certificate, |
| 81 bool require_client_certificate); |
| 82 void RegisterHandshakeCompleteCallback(Dart_Handle handshake_complete); |
| 83 void RegisterBadCertificateCallback(Dart_Handle callback); |
| 84 Dart_Handle PeerCertificate(); |
| 85 |
| 86 private: |
| 87 static OSStatus SSLReadCallback(SSLConnectionRef connection, |
| 88 void* data, |
| 89 size_t* data_length); |
| 90 static OSStatus SSLWriteCallback(SSLConnectionRef connection, |
| 91 const void* data, |
| 92 size_t* data_length); |
| 93 |
| 94 static bool isBufferEncrypted(intptr_t i) { |
| 95 return static_cast<BufferIndex>(i) >= kFirstEncrypted; |
| 96 } |
| 97 Dart_Handle InitializeBuffers(Dart_Handle dart_this); |
| 98 |
| 99 intptr_t GetBufferStart(intptr_t idx) const; |
| 100 intptr_t GetBufferEnd(intptr_t idx) const; |
| 101 void SetBufferStart(intptr_t idx, intptr_t value); |
| 102 void SetBufferEnd(intptr_t idx, intptr_t value); |
| 103 |
| 104 OSStatus ProcessAllBuffers(intptr_t starts[kNumBuffers], |
| 105 intptr_t ends[kNumBuffers], |
| 106 bool in_handshake); |
| 107 OSStatus ProcessReadPlaintextBuffer(intptr_t start, |
| 108 intptr_t end, |
| 109 intptr_t* bytes_processed); |
| 110 OSStatus ProcessWritePlaintextBuffer(intptr_t start, |
| 111 intptr_t end, |
| 112 intptr_t* bytes_processed); |
| 113 |
| 114 // These calls can block on IO, and should only be invoked from |
| 115 // from ProcessAllBuffers from ProcessFilterRequest. |
| 116 OSStatus EvaluatePeerTrust(); |
| 117 OSStatus Handshake(); |
| 118 Dart_Handle InvokeBadCertCallback(SecCertificateRef peer_cert); |
| 119 |
| 120 SSLCertContext* cert_context_; |
| 121 SSLContextRef ssl_context_; |
| 122 CFArrayRef peer_certs_; |
| 123 |
| 124 // starts and ends filled in at the start of ProcessAllBuffers. |
| 125 // If these are NULL, then try to get the pointers out of |
| 126 // dart_buffer_objects_. |
| 127 uint8_t* buffers_[kNumBuffers]; |
| 128 intptr_t* buffer_starts_[kNumBuffers]; |
| 129 intptr_t* buffer_ends_[kNumBuffers]; |
| 130 intptr_t buffer_size_; |
| 131 intptr_t encrypted_buffer_size_; |
| 132 Dart_PersistentHandle string_start_; |
| 133 Dart_PersistentHandle string_length_; |
| 134 Dart_PersistentHandle dart_buffer_objects_[kNumBuffers]; |
| 135 Dart_PersistentHandle handshake_complete_; |
| 136 Dart_PersistentHandle bad_certificate_callback_; |
| 137 bool in_handshake_; |
| 138 bool connected_; |
| 139 bool bad_cert_; |
| 140 bool is_server_; |
| 141 char* hostname_; |
| 142 |
| 143 DISALLOW_COPY_AND_ASSIGN(SSLFilter); |
| 144 }; |
| 145 |
| 146 } // namespace bin |
| 147 } // namespace dart |
| 148 |
| 149 #endif // BIN_SECURE_SOCKET_MACOS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1721283002:
Implements secure sockets on Mac OS with SecureTransport API (Closed)
Base URL: git@github.com:dart-lang/sdk.git@master