OLD | NEW |
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 #include "bin/secure_socket.h" | 5 #include "bin/secure_socket.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
10 #include <stdio.h> | 10 #include <stdio.h> |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
182 } | 182 } |
183 | 183 |
184 | 184 |
185 void FUNCTION_NAME(SecureSocket_Handshake)(Dart_NativeArguments args) { | 185 void FUNCTION_NAME(SecureSocket_Handshake)(Dart_NativeArguments args) { |
186 Dart_EnterScope(); | 186 Dart_EnterScope(); |
187 GetFilter(args)->Handshake(); | 187 GetFilter(args)->Handshake(); |
188 Dart_ExitScope(); | 188 Dart_ExitScope(); |
189 } | 189 } |
190 | 190 |
191 | 191 |
| 192 void FUNCTION_NAME(SecureSocket_Renegotiate)(Dart_NativeArguments args) { |
| 193 Dart_EnterScope(); |
| 194 bool use_session_cache = |
| 195 DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 1)); |
| 196 bool request_client_certificate = |
| 197 DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 2)); |
| 198 bool require_client_certificate = |
| 199 DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 3)); |
| 200 GetFilter(args)->Renegotiate(use_session_cache, |
| 201 request_client_certificate, |
| 202 require_client_certificate); |
| 203 Dart_ExitScope(); |
| 204 } |
| 205 |
| 206 |
192 void FUNCTION_NAME(SecureSocket_RegisterHandshakeCompleteCallback)( | 207 void FUNCTION_NAME(SecureSocket_RegisterHandshakeCompleteCallback)( |
193 Dart_NativeArguments args) { | 208 Dart_NativeArguments args) { |
194 Dart_EnterScope(); | 209 Dart_EnterScope(); |
195 Dart_Handle handshake_complete = | 210 Dart_Handle handshake_complete = |
196 ThrowIfError(Dart_GetNativeArgument(args, 1)); | 211 ThrowIfError(Dart_GetNativeArgument(args, 1)); |
197 if (!Dart_IsClosure(handshake_complete)) { | 212 if (!Dart_IsClosure(handshake_complete)) { |
198 Dart_ThrowException(DartUtils::NewDartArgumentError( | 213 Dart_ThrowException(DartUtils::NewDartArgumentError( |
199 "Illegal argument to RegisterHandshakeCompleteCallback")); | 214 "Illegal argument to RegisterHandshakeCompleteCallback")); |
200 } | 215 } |
201 GetFilter(args)->RegisterHandshakeCompleteCallback(handshake_complete); | 216 GetFilter(args)->RegisterHandshakeCompleteCallback(handshake_complete); |
(...skipping 523 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
725 "Failed SSL_ConfigSecureServer call with certificate %s", | 740 "Failed SSL_ConfigSecureServer call with certificate %s", |
726 certificate_name); | 741 certificate_name); |
727 } | 742 } |
728 | 743 |
729 if (request_client_certificate) { | 744 if (request_client_certificate) { |
730 status = SSL_OptionSet(filter_, SSL_REQUEST_CERTIFICATE, PR_TRUE); | 745 status = SSL_OptionSet(filter_, SSL_REQUEST_CERTIFICATE, PR_TRUE); |
731 if (status != SECSuccess) { | 746 if (status != SECSuccess) { |
732 ThrowPRException("TlsException", | 747 ThrowPRException("TlsException", |
733 "Failed SSL_OptionSet(REQUEST_CERTIFICATE) call"); | 748 "Failed SSL_OptionSet(REQUEST_CERTIFICATE) call"); |
734 } | 749 } |
735 PRBool require_cert = require_client_certificate ? PR_TRUE : PR_FALSE; | 750 status = SSL_OptionSet(filter_, |
736 status = SSL_OptionSet(filter_, SSL_REQUIRE_CERTIFICATE, require_cert); | 751 SSL_REQUIRE_CERTIFICATE, |
| 752 require_client_certificate); |
737 if (status != SECSuccess) { | 753 if (status != SECSuccess) { |
738 ThrowPRException("TlsException", | 754 ThrowPRException("TlsException", |
739 "Failed SSL_OptionSet(REQUIRE_CERTIFICATE) call"); | 755 "Failed SSL_OptionSet(REQUIRE_CERTIFICATE) call"); |
740 } | 756 } |
741 } | 757 } |
742 } else { // Client. | 758 } else { // Client. |
743 if (SSL_SetURL(filter_, host_name) == -1) { | 759 if (SSL_SetURL(filter_, host_name) == -1) { |
744 ThrowPRException("TlsException", | 760 ThrowPRException("TlsException", |
745 "Failed SetURL call"); | 761 "Failed SetURL call"); |
746 } | 762 } |
(...skipping 18 matching lines...) Expand all Loading... |
765 "Failed SSL_GetClientAuthDataHook call"); | 781 "Failed SSL_GetClientAuthDataHook call"); |
766 } | 782 } |
767 } | 783 } |
768 } | 784 } |
769 | 785 |
770 // Install bad certificate callback, and pass 'this' to it if it is called. | 786 // Install bad certificate callback, and pass 'this' to it if it is called. |
771 status = SSL_BadCertHook(filter_, | 787 status = SSL_BadCertHook(filter_, |
772 BadCertificateCallback, | 788 BadCertificateCallback, |
773 static_cast<void*>(this)); | 789 static_cast<void*>(this)); |
774 | 790 |
775 PRBool as_server = is_server ? PR_TRUE : PR_FALSE; | 791 status = SSL_ResetHandshake(filter_, is_server); |
776 status = SSL_ResetHandshake(filter_, as_server); | |
777 if (status != SECSuccess) { | 792 if (status != SECSuccess) { |
778 ThrowPRException("TlsException", | 793 ThrowPRException("TlsException", |
779 "Failed SSL_ResetHandshake call"); | 794 "Failed SSL_ResetHandshake call"); |
780 } | 795 } |
781 | 796 |
782 // Set the peer address from the address passed. The DNS has already | 797 // Set the peer address from the address passed. The DNS has already |
783 // been done in Dart code, so just use that address. This relies on | 798 // been done in Dart code, so just use that address. This relies on |
784 // following about PRNetAddr: "The raw member of the union is | 799 // following about PRNetAddr: "The raw member of the union is |
785 // equivalent to struct sockaddr", which is stated in the NSS | 800 // equivalent to struct sockaddr", which is stated in the NSS |
786 // documentation. | 801 // documentation. |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
820 "Handshake error in server"); | 835 "Handshake error in server"); |
821 } else { | 836 } else { |
822 ThrowPRException("HandshakeException", | 837 ThrowPRException("HandshakeException", |
823 "Handshake error in client"); | 838 "Handshake error in client"); |
824 } | 839 } |
825 } | 840 } |
826 } | 841 } |
827 } | 842 } |
828 | 843 |
829 | 844 |
| 845 void SSLFilter::Renegotiate(bool use_session_cache, |
| 846 bool request_client_certificate, |
| 847 bool require_client_certificate) { |
| 848 SECStatus status; |
| 849 // The SSL_REQUIRE_CERTIFICATE option only takes effect if the |
| 850 // SSL_REQUEST_CERTIFICATE option is also set, so set it. |
| 851 request_client_certificate = |
| 852 request_client_certificate || require_client_certificate; |
| 853 |
| 854 status = SSL_OptionSet(filter_, |
| 855 SSL_REQUEST_CERTIFICATE, |
| 856 request_client_certificate); |
| 857 if (status != SECSuccess) { |
| 858 ThrowPRException("TlsException", |
| 859 "Failure in (Raw)SecureSocket.renegotiate request_client_certificate"); |
| 860 } |
| 861 status = SSL_OptionSet(filter_, |
| 862 SSL_REQUIRE_CERTIFICATE, |
| 863 require_client_certificate); |
| 864 if (status != SECSuccess) { |
| 865 ThrowPRException("TlsException", |
| 866 "Failure in (Raw)SecureSocket.renegotiate require_client_certificate"); |
| 867 } |
| 868 bool flush_cache = !use_session_cache; |
| 869 status = SSL_ReHandshake(filter_, flush_cache); |
| 870 if (status != SECSuccess) { |
| 871 if (is_server_) { |
| 872 ThrowPRException("HandshakeException", |
| 873 "Failure in (Raw)SecureSocket.renegotiate in server"); |
| 874 } else { |
| 875 ThrowPRException("HandshakeException", |
| 876 "Failure in (Raw)SecureSocket.renegotiate in client"); |
| 877 } |
| 878 } |
| 879 } |
| 880 |
| 881 |
830 void SSLFilter::Destroy() { | 882 void SSLFilter::Destroy() { |
831 for (int i = 0; i < kNumBuffers; ++i) { | 883 for (int i = 0; i < kNumBuffers; ++i) { |
832 Dart_DeletePersistentHandle(dart_buffer_objects_[i]); | 884 Dart_DeletePersistentHandle(dart_buffer_objects_[i]); |
833 delete[] buffers_[i]; | 885 delete[] buffers_[i]; |
834 } | 886 } |
835 Dart_DeletePersistentHandle(string_start_); | 887 Dart_DeletePersistentHandle(string_start_); |
836 Dart_DeletePersistentHandle(string_length_); | 888 Dart_DeletePersistentHandle(string_length_); |
837 Dart_DeletePersistentHandle(handshake_complete_); | 889 Dart_DeletePersistentHandle(handshake_complete_); |
838 Dart_DeletePersistentHandle(bad_certificate_callback_); | 890 Dart_DeletePersistentHandle(bad_certificate_callback_); |
839 free(client_certificate_name_); | 891 free(client_certificate_name_); |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
942 // Return a send port for the service port. | 994 // Return a send port for the service port. |
943 Dart_Handle send_port = Dart_NewSendPort(service_port); | 995 Dart_Handle send_port = Dart_NewSendPort(service_port); |
944 Dart_SetReturnValue(args, send_port); | 996 Dart_SetReturnValue(args, send_port); |
945 } | 997 } |
946 Dart_ExitScope(); | 998 Dart_ExitScope(); |
947 } | 999 } |
948 | 1000 |
949 | 1001 |
950 } // namespace bin | 1002 } // namespace bin |
951 } // namespace dart | 1003 } // namespace dart |
OLD | NEW |