Chromium Code Reviews Chromium Code Reviews
Issue 2903743002:
Porting SecureSocket to use BoringSSL on OSX (Closed)
| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2017, the Dart project authors. Please see the AUTHORS file | |
| 2 // for details. All rights reserved. Use of this source code is governed by a | |
| 3 // BSD-style license that can be found in the LICENSE file. | |
| 4 | |
| 5 #ifndef RUNTIME_BIN_SECURITY_CONTEXT_H_ | |
| 6 #define RUNTIME_BIN_SECURITY_CONTEXT_H_ | |
| 7 | |
| 8 #include <openssl/ssl.h> | |
| 9 #include <openssl/x509.h> | |
| 10 | |
| 11 #include "bin/lockers.h" | |
| 12 #include "bin/reference_counting.h" | |
| 13 #include "bin/socket.h" | |
| 14 | |
| 15 namespace dart { | |
| 16 namespace bin { | |
| 17 | |
| 18 // Forward declaration | |
| 19 class SSLFilter; | |
|
zra
2017/06/06 19:16:27
Is this needed?
bkonyi
2017/06/06 19:51:39
Yes, since secure_socket_filter.h includes this fi
| |
| 20 | |
| 21 class SSLCertContext : public ReferenceCounted<SSLCertContext> { | |
| 22 public: | |
| 23 static const intptr_t kApproximateSize; | |
| 24 static const int kSecurityContextNativeFieldIndex = 0; | |
| 25 static const int kX509NativeFieldIndex = 0; | |
| 26 | |
| 27 explicit SSLCertContext(SSL_CTX* context) | |
| 28 : ReferenceCounted(), | |
| 29 context_(context), | |
| 30 alpn_protocol_string_(NULL), | |
| 31 trust_builtin_(false) {} | |
| 32 | |
| 33 ~SSLCertContext() { | |
| 34 SSL_CTX_free(context_); | |
| 35 if (alpn_protocol_string_ != NULL) { | |
| 36 free(alpn_protocol_string_); | |
| 37 } | |
| 38 } | |
| 39 | |
| 40 static int CertificateCallback(int preverify_ok, X509_STORE_CTX* store_ctx); | |
| 41 | |
| 42 static SSLCertContext* GetSecurityContext(Dart_NativeArguments args); | |
| 43 static const char* GetPasswordArgument(Dart_NativeArguments args, | |
| 44 intptr_t index); | |
| 45 static void SetAlpnProtocolList(Dart_Handle protocols_handle, | |
| 46 SSL* ssl, | |
| 47 SSLCertContext* context, | |
| 48 bool is_server); | |
| 49 | |
| 50 void SetTrustedCertificatesBytes(Dart_Handle cert_bytes, | |
| 51 const char* password); | |
| 52 | |
| 53 void SetClientAuthoritiesBytes(Dart_Handle client_authorities_bytes, | |
| 54 const char* password); | |
| 55 | |
| 56 int UseCertificateChainBytes(Dart_Handle cert_chain_bytes, | |
| 57 const char* password); | |
| 58 | |
| 59 void TrustBuiltinRoots(); | |
| 60 | |
| 61 SSL_CTX* context() const { return context_; } | |
| 62 | |
| 63 uint8_t* alpn_protocol_string() const { return alpn_protocol_string_; } | |
| 64 | |
| 65 void set_alpn_protocol_string(uint8_t* protocol_string) { | |
| 66 if (alpn_protocol_string_ != NULL) { | |
| 67 free(alpn_protocol_string_); | |
| 68 } | |
| 69 alpn_protocol_string_ = protocol_string; | |
| 70 } | |
| 71 | |
| 72 bool trust_builtin() const { return trust_builtin_; } | |
| 73 | |
| 74 void set_trust_builtin(bool trust_builtin) { trust_builtin_ = trust_builtin; } | |
| 75 | |
| 76 void RegisterCallbacks(SSL* ssl); | |
| 77 | |
| 78 private: | |
| 79 void AddCompiledInCerts(); | |
| 80 void LoadRootCertFile(const char* file); | |
| 81 void LoadRootCertCache(const char* cache); | |
| 82 | |
| 83 SSL_CTX* context_; | |
| 84 uint8_t* alpn_protocol_string_; | |
| 85 | |
| 86 bool trust_builtin_; | |
| 87 | |
| 88 DISALLOW_COPY_AND_ASSIGN(SSLCertContext); | |
| 89 }; | |
| 90 | |
| 91 | |
| 92 class X509Helper : public AllStatic { | |
| 93 public: | |
| 94 static Dart_Handle GetSubject(Dart_NativeArguments args); | |
| 95 static Dart_Handle GetIssuer(Dart_NativeArguments args); | |
| 96 static Dart_Handle GetStartValidity(Dart_NativeArguments args); | |
| 97 static Dart_Handle GetEndValidity(Dart_NativeArguments args); | |
| 98 static Dart_Handle WrappedX509Certificate(X509* certificate); | |
| 99 }; | |
| 100 | |
| 101 } // namespace bin | |
| 102 } // namespace dart | |
| 103 | |
| 104 #endif // RUNTIME_BIN_SECURITY_CONTEXT_H_ | |
| OLD | NEW |
