generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-14 06:55:49 +02:00
Code Issues Projects Releases Wiki Activity

sources from main repository

Browse Source
This commit is contained in:
Guenter Obiltschnig
2006-12-22 10:06:10 +00:00
parent 851bd49554
commit 5dc1336af8
103 changed files with 11293 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp Normal file
View File

@@ -0,0 +1,58 @@
//
// AcceptCertificateHandler.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: AcceptCertificateHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/AcceptCertificateHandler.h"
#include "Poco/Net/CertificateHandlerFactory.h"
namespace Poco {
namespace Net {
AcceptCertificateHandler::AcceptCertificateHandler(bool server):InvalidCertificateHandler(server)
{
}
AcceptCertificateHandler::~AcceptCertificateHandler()
{
}
POCO_REGISTER_CHFACTORY(NetSSL_API, AcceptCertificateHandler)
} } // namespace Poco::Net

66
NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp Normal file
View File

@@ -0,0 +1,66 @@
//
// CertificateHandlerFactory.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: CertificateHandlerFactory
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/CertificateHandlerFactory.h"
#include "Poco/Net/SSLManager.h"
namespace Poco {
namespace Net {
CertificateHandlerFactory::CertificateHandlerFactory()
{
}
CertificateHandlerFactory::~CertificateHandlerFactory()
{
}
CertificateHandlerFactoryRegistrar::CertificateHandlerFactoryRegistrar(const std::string& name, CertificateHandlerFactory* pFactory)
{
SSLManager::instance().certificateHandlerFactoryMgr().setFactory(name, pFactory);
}
CertificateHandlerFactoryRegistrar::~CertificateHandlerFactoryRegistrar()
{
}
} } // namespace Poco::Net

85
NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp Normal file
View File

@@ -0,0 +1,85 @@
//
// CertificateHandlerFactoryMgr.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: CertificateHandlerFactoryMgr
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/CertificateHandlerFactoryMgr.h"
namespace Poco {
namespace Net {
CertificateHandlerFactoryMgr::CertificateHandlerFactoryMgr()
{
}
CertificateHandlerFactoryMgr::~CertificateHandlerFactoryMgr()
{
}
void CertificateHandlerFactoryMgr::setFactory(const std::string& name, CertificateHandlerFactory* pFactory)
{
bool success = _factories.insert(make_pair(name, Poco::SharedPtr<CertificateHandlerFactory>(pFactory))).second;
if (!success)
delete pFactory;
poco_assert(success);
}
bool CertificateHandlerFactoryMgr::hasFactory(const std::string& name) const
{
return _factories.find(name) != _factories.end();
}
const CertificateHandlerFactory* CertificateHandlerFactoryMgr::getFactory(const std::string& name) const
{
FactoriesMap::const_iterator it = _factories.find(name);
if (it != _factories.end())
return it->second;
else
return 0;
}
void CertificateHandlerFactoryMgr::removeFactory(const std::string& name)
{
_factories.erase(name);
}
} } // namespace Poco::Net

78
NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp Normal file
View File

@@ -0,0 +1,78 @@
//
// ConsoleCertificateHandler.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: ConsoleCertificateHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/ConsoleCertificateHandler.h"
#include <iostream>
#include "Poco/Net/CertificateHandlerFactory.h"
namespace Poco {
namespace Net {
ConsoleCertificateHandler::ConsoleCertificateHandler(bool server):InvalidCertificateHandler(server)
{
}
ConsoleCertificateHandler::~ConsoleCertificateHandler()
{
}
void ConsoleCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert)
{
const X509Certificate& aCert = errorCert.certificate();
std::cout << " Certificate:\n";
std::cout << "----------------\n";
std::cout << " IssuerName: \t" << aCert.issuerName() << "\n";
std::cout << " SubjectName:\t" << aCert.subjectName() << "\n\n";
std::cout << "The certificate yielded the error: " << errorCert.errorMessage() << "\n\n";
std::cout << "The error occurred at in the certificate chain at position " << errorCert.errorDepth() << "\n";
std::cout << "Accept the certificate? (y,n)";
char c;
std::cin >> c;
if (c == 'y' || c == 'Y')
errorCert.setIgnoreError(true);
else
errorCert.setIgnoreError(false);
}
POCO_REGISTER_CHFACTORY(NetSSL_API, ConsoleCertificateHandler)
} } // namespace Poco::Net

129
NetSSL_OpenSSL/src/Context.cpp Normal file
View File

@@ -0,0 +1,129 @@
//
// Context.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/Context.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: Context
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/Context.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/SSLException.h"
#include "Poco/File.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
using Poco::File;
namespace Poco {
namespace Net {
Context::Context(
const std::string& privateKeyFile,
const std::string& caLocation,
bool isServerContext,
VerificationMode verMode,
int verificationDepth,
bool loadCAFromDefaultPath,
const std::string& cypherList):_pSSLContext(0), _mode(verMode), _server(isServerContext)
{
_pSSLContext = SSL_CTX_new(SSLv23_method());
SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPasswdCallback);
File aFile(caLocation);
int errCode = 0;
if (aFile.isDirectory())
errCode = SSL_CTX_load_verify_locations(_pSSLContext, 0, caLocation.c_str());
else
errCode = SSL_CTX_load_verify_locations(_pSSLContext, caLocation.c_str(), 0);
if (errCode != 1)
{
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
throw SSLContextException(std::string("Failed to load CA file/directory from ") + caLocation);
}
if (loadCAFromDefaultPath)
{
errCode = SSL_CTX_set_default_verify_paths(_pSSLContext);
if (errCode != 1)
{
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
throw SSLContextException(std::string("Failed to load CA file/directory from default location"));
}
}
errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, privateKeyFile.c_str());
if (errCode != 1)
{
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
throw SSLContextException(std::string("Error loading certificate from file ") + privateKeyFile);
}
File tmp(privateKeyFile);
poco_assert (tmp.exists());
errCode = SSL_CTX_use_PrivateKey_file(_pSSLContext, privateKeyFile.c_str(), SSL_FILETYPE_PEM);
if (errCode != 1)
{
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
throw SSLContextException(std::string("Error loading private key from file ") + privateKeyFile);
}
int flags = (int)verMode;
if (verMode == VERIFY_STRICT || verMode == VERIFY_ONCE)
flags |= SSL_VERIFY_PEER;
if (serverContext())
SSL_CTX_set_verify(_pSSLContext, flags, &SSLManager::verifyServerCallback);
else
SSL_CTX_set_verify(_pSSLContext, flags, &SSLManager::verifyClientCallback);
SSL_CTX_set_verify_depth(_pSSLContext, verificationDepth);
SSL_CTX_set_mode(_pSSLContext, SSL_MODE_AUTO_RETRY);
}
Context::~Context()
{
if (_pSSLContext)
{
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
}
}
} } // namespace Poco::Net

175
NetSSL_OpenSSL/src/HTTPSClientSession.cpp Normal file
View File

@@ -0,0 +1,175 @@
//
// HTTPSClientSession.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/HTTPSClientSession.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
// Module: HTTPSClientSession
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/HTTPSClientSession.h"
#include "Poco/Net/SecureStreamSocket.h"
#include "Poco/Net/SecureStreamSocketImpl.h"
#include "Poco/Net/HTTPRequest.h"
#include "Poco/Net/HTTPResponse.h"
#include "Poco/Net/HTTPHeaderStream.h"
#include "Poco/Net/HTTPStream.h"
#include "Poco/Net/HTTPFixedLengthStream.h"
#include "Poco/Net/HTTPChunkedStream.h"
#include "Poco/Net/NetException.h"
#include "Poco/NumberFormatter.h"
using Poco::NumberFormatter;
using Poco::IllegalStateException;
namespace Poco {
namespace Net {
HTTPSClientSession::HTTPSClientSession():
HTTPClientSession(SecureStreamSocket())
{
setPort(Utility::HTTPS_PORT);
}
HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket):
HTTPClientSession(socket)
{
setPort(Utility::HTTPS_PORT);
}
HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port):
HTTPClientSession(SecureStreamSocket())
{
setHost(host);
setPort(port);
}
HTTPSClientSession::~HTTPSClientSession()
{
}
std::ostream& HTTPSClientSession::sendRequest(HTTPRequest& request)
{
deleteResponseStream();
bool keepAlive = getKeepAlive();
if (connected() && !keepAlive)
close();
if (!connected())
reconnect();
request.setKeepAlive(keepAlive);
request.setHost(getHost(), getPort());
{
HTTPHeaderOutputStream hos(*this);
setReconnect(keepAlive);
request.write(hos);
setReconnect(false);
setExpectResponseBody(request.getMethod() != HTTPRequest::HTTP_HEAD);
}
if (request.getChunkedTransferEncoding())
setRequestStream(new HTTPChunkedOutputStream(*this));
else if (request.getContentLength() != HTTPMessage::UNKNOWN_CONTENT_LENGTH)
setRequestStream(new HTTPFixedLengthOutputStream(*this, request.getContentLength()));
else if (request.getMethod() == HTTPRequest::HTTP_GET || request.getMethod() == HTTPRequest::HTTP_HEAD)
setRequestStream(new HTTPFixedLengthOutputStream(*this, 0));
else
setRequestStream(new HTTPOutputStream(*this));
return *getRequestStream();
}
std::istream& HTTPSClientSession::receiveResponse(HTTPResponse& response)
{
deleteRequestStream();
do
{
response.clear();
HTTPHeaderInputStream his(*this);
try
{
response.read(his);
}
catch (MessageException&)
{
if (networkException())
networkException()->rethrow();
else
throw;
}
}
while (response.getStatus() == HTTPResponse::HTTP_CONTINUE);
if (!getExpectResponseBody())
setResponseStream(new HTTPFixedLengthInputStream(*this, 0));
else if (response.getChunkedTransferEncoding())
setResponseStream(new HTTPChunkedInputStream(*this));
else if (response.getContentLength() != HTTPMessage::UNKNOWN_CONTENT_LENGTH)
setResponseStream(new HTTPFixedLengthInputStream(*this, response.getContentLength()));
else
setResponseStream(new HTTPInputStream(*this));
return *getResponseStream();
}
std::string HTTPSClientSession::getHostInfo() const
{
std::string result("https://");
result.append(getHost());
result.append(":");
result.append(NumberFormatter::format(getPort()));
return result;
}
void HTTPSClientSession::connect(const SocketAddress& address)
{
if (!getProxyHost().empty())
{
StreamSocket& aSock = socket();
SecureStreamSocketImpl* pImplSock = dynamic_cast<SecureStreamSocketImpl*>(aSock.impl());
poco_check_ptr (pImplSock);
pImplSock->setTunnelEndPoint(getHost(), getPort());
}
HTTPSession::connect(address);
}
} } // namespace Poco::Net

77
NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp Normal file
View File

@@ -0,0 +1,77 @@
//
// HTTPSSessionInstantiator.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
// Module: HTTPSSessionInstantiator
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/HTTPSSessionInstantiator.h"
#include "Poco/Net/HTTPSessionFactory.h"
#include "Poco/Net/HTTPSClientSession.h"
namespace Poco {
namespace Net {
HTTPSSessionInstantiator::HTTPSSessionInstantiator()
{
}
HTTPSSessionInstantiator::~HTTPSSessionInstantiator()
{
}
HTTPClientSession* HTTPSSessionInstantiator::createClientSession(const Poco::URI& uri)
{
poco_assert (uri.getScheme() == "https");
HTTPSClientSession* pSession = new HTTPSClientSession(uri.getHost(), uri.getPort());
pSession->setProxy(proxyHost(), proxyPort());
return pSession;
}
void HTTPSSessionInstantiator::registerInstantiator()
{
HTTPSessionFactory::defaultFactory().registerProtocol("https", new HTTPSSessionInstantiator);
}
void HTTPSSessionInstantiator::unregisterInstantiator()
{
HTTPSessionFactory::defaultFactory().unregisterProtocol("https");
}
} } // namespace Poco::Net

128
NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp Normal file
View File

@@ -0,0 +1,128 @@
//
// HTTPSStreamFactory.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
// Module: HTTPSStreamFactory
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/HTTPSStreamFactory.h"
#include "Poco/Net/HTTPSClientSession.h"
#include "Poco/Net/HTTPIOStream.h"
#include "Poco/Net/HTTPRequest.h"
#include "Poco/Net/HTTPResponse.h"
#include "Poco/Net/NetException.h"
#include "Poco/URI.h"
#include "Poco/URIStreamOpener.h"
#include "Poco/UnbufferedStreamBuf.h"
using Poco::URIStreamFactory;
using Poco::URI;
using Poco::URIStreamOpener;
using Poco::UnbufferedStreamBuf;
namespace Poco {
namespace Net {
HTTPSStreamFactory::HTTPSStreamFactory():
_proxyPort(HTTPSession::HTTP_PORT)
{
}
HTTPSStreamFactory::HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort):
_proxyHost(proxyHost),
_proxyPort(proxyPort)
{
}
HTTPSStreamFactory::~HTTPSStreamFactory()
{
}
std::istream* HTTPSStreamFactory::open(const URI& uri)
{
poco_assert (uri.getScheme() == "https");
URI resolvedURI(uri);
HTTPClientSession* pSession = 0;
try
{
int redirects = 0;
do
{
pSession = new HTTPSClientSession(resolvedURI.getHost(), resolvedURI.getPort());
pSession->setProxy(_proxyHost, _proxyPort);
std::string path = resolvedURI.getPathAndQuery();
if (path.empty()) path = "/";
HTTPRequest req(HTTPRequest::HTTP_GET, path, HTTPMessage::HTTP_1_1);
pSession->sendRequest(req);
HTTPResponse res;
std::istream& rs = pSession->receiveResponse(res);
bool moved = (res.getStatus() == HTTPResponse::HTTP_MOVED_PERMANENTLY ||
res.getStatus() == HTTPResponse::HTTP_FOUND ||
res.getStatus() == HTTPResponse::HTTP_SEE_OTHER);
if (moved)
{
resolvedURI.resolve(res.get("Location"));
delete pSession;
++redirects;
}
else if (res.getStatus() == HTTPResponse::HTTP_OK)
{
return new HTTPResponseStream(rs, pSession);
}
else throw HTTPException(res.getReason(), uri.toString());
}
while (redirects < MAX_REDIRECTS);
throw HTTPException("Too many redirects", uri.toString());
}
catch (...)
{
delete pSession;
throw;
}
}
void HTTPSStreamFactory::registerFactory()
{
std::string https("https");
URIStreamOpener::defaultOpener().registerStreamFactory(https, new HTTPSStreamFactory);
}
} } // namespace Poco::Net

67
NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp Normal file
View File

@@ -0,0 +1,67 @@
//
// InvalidCertificateHandler.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: InvalidCertificateHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/InvalidCertificateHandler.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Delegate.h"
using Poco::Delegate;
namespace Poco {
namespace Net {
InvalidCertificateHandler::InvalidCertificateHandler(bool handleErrorsOnServerSide): _handleErrorsOnServerSide(handleErrorsOnServerSide)
{
if (_handleErrorsOnServerSide)
SSLManager::instance().ServerVerificationError += Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate);
else
SSLManager::instance().ClientVerificationError += Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate);
}
InvalidCertificateHandler::~InvalidCertificateHandler()
{
if (_handleErrorsOnServerSide)
SSLManager::instance().ServerVerificationError -= Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate);
else
SSLManager::instance().ClientVerificationError -= Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate);
}
} } // namespace Poco::Net

66
NetSSL_OpenSSL/src/KeyConsoleHandler.cpp Normal file
View File

@@ -0,0 +1,66 @@
//
// KeyConsoleHandler.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: KeyConsoleHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/KeyConsoleHandler.h"
#include "Poco/Net/PrivateKeyFactory.h"
#include <iostream>
namespace Poco {
namespace Net {
KeyConsoleHandler::KeyConsoleHandler(bool server):PrivateKeyPassphraseHandler(server)
{
}
KeyConsoleHandler::~KeyConsoleHandler()
{
}
void KeyConsoleHandler::onPrivateKeyRequested(const void* pSender, std::string& privateKey)
{
std::cout << "Please enter the pass-phrase for the private key: ";
std::cin >> privateKey;
}
POCO_REGISTER_KEYFACTORY(NetSSL_API, KeyConsoleHandler)
} } // namespace Poco::Net

79
NetSSL_OpenSSL/src/KeyFileHandler.cpp Normal file
View File

@@ -0,0 +1,79 @@
//
// KeyFileHandler.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/KeyFileHandler.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: KeyFileHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/KeyFileHandler.h"
#include "Poco/Net/PrivateKeyFactory.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/File.h"
#include "Poco/Util/LayeredConfiguration.h"
#include "Poco/Util/Application.h"
#include "Poco/Util/OptionException.h"
namespace Poco {
namespace Net {
const std::string KeyFileHandler::CFG_PRIV_KEY_FILE("privateKeyPassphraseHandler.options.password");
KeyFileHandler::KeyFileHandler(bool server):PrivateKeyPassphraseHandler(server)
{
}
KeyFileHandler::~KeyFileHandler()
{
}
void KeyFileHandler::onPrivateKeyRequested(const void* pSender, std::string& privateKey)
{
Poco::Util::LayeredConfiguration& config = Poco::Util::Application::instance().config();
std::string prefix = serverSide() ? SSLManager::CFG_SERVER_PREFIX : SSLManager::CFG_CLIENT_PREFIX;
if (!config.hasProperty(prefix+CFG_PRIV_KEY_FILE))
{
throw Poco::Util::EmptyOptionException(std::string("Missing Configuration Entry: ") + prefix+CFG_PRIV_KEY_FILE);
}
privateKey = config.getString(prefix+CFG_PRIV_KEY_FILE);
}
POCO_REGISTER_KEYFACTORY(NetSSL_API,KeyFileHandler)
} } // namespace Poco::Net

66
NetSSL_OpenSSL/src/PrivateKeyFactory.cpp Normal file
View File

@@ -0,0 +1,66 @@
//
// PrivateKeyFactory.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: PrivateKeyFactory
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/PrivateKeyFactory.h"
#include "Poco/Net/SSLManager.h"
namespace Poco {
namespace Net {
PrivateKeyFactory::PrivateKeyFactory()
{
}
PrivateKeyFactory::~PrivateKeyFactory()
{
}
PrivateKeyFactoryRegistrar::PrivateKeyFactoryRegistrar(const std::string& name, PrivateKeyFactory* pFactory)
{
SSLManager::instance().privateKeyFactoryMgr().setFactory(name, pFactory);
}
PrivateKeyFactoryRegistrar::~PrivateKeyFactoryRegistrar()
{
}
} } // namespace Poco::Net

85
NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp Normal file
View File

@@ -0,0 +1,85 @@
//
// PrivateKeyFactoryMgr.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: PrivateKeyFactoryMgr
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/PrivateKeyFactoryMgr.h"
namespace Poco {
namespace Net {
PrivateKeyFactoryMgr::PrivateKeyFactoryMgr()
{
}
PrivateKeyFactoryMgr::~PrivateKeyFactoryMgr()
{
}
void PrivateKeyFactoryMgr::setFactory(const std::string& name, PrivateKeyFactory* pFactory)
{
bool success = _factories.insert(make_pair(name, Poco::SharedPtr<PrivateKeyFactory>(pFactory))).second;
if (!success)
delete pFactory;
poco_assert(success);
}
bool PrivateKeyFactoryMgr::hasFactory(const std::string& name) const
{
return _factories.find(name) != _factories.end();
}
const PrivateKeyFactory* PrivateKeyFactoryMgr::getFactory(const std::string& name) const
{
FactoriesMap::const_iterator it = _factories.find(name);
if (it != _factories.end())
return it->second;
else
return 0;
}
void PrivateKeyFactoryMgr::removeFactory(const std::string& name)
{
_factories.erase(name);
}
} } // namespace Poco::Net

61
NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp Normal file
View File

@@ -0,0 +1,61 @@
//
// PrivateKeyPassphraseHandler.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: PrivateKeyPassphraseHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/PrivateKeyPassphraseHandler.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Delegate.h"
using Poco::Delegate;
namespace Poco {
namespace Net {
PrivateKeyPassphraseHandler::PrivateKeyPassphraseHandler(bool onServerSide): _serverSide(onServerSide)
{
SSLManager::instance().PrivateKeyPassPhrase += Delegate<PrivateKeyPassphraseHandler, std::string>(this, &PrivateKeyPassphraseHandler::onPrivateKeyRequested);
}
PrivateKeyPassphraseHandler::~PrivateKeyPassphraseHandler()
{
SSLManager::instance().PrivateKeyPassPhrase -= Delegate<PrivateKeyPassphraseHandler, std::string>(this, &PrivateKeyPassphraseHandler::onPrivateKeyRequested);
}
} } // namespace Poco::Net

50
NetSSL_OpenSSL/src/SSLException.cpp Normal file
View File

@@ -0,0 +1,50 @@
//
// SSLException.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SSLException.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: SSLException
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/SSLException.h"
#include <typeinfo>
namespace Poco {
namespace Net {
POCO_IMPLEMENT_EXCEPTION(SSLException, NetException, "SSLException")
POCO_IMPLEMENT_EXCEPTION(SSLContextException, SSLException, "SSLContextException")
POCO_IMPLEMENT_EXCEPTION(InvalidCertificateException, SSLException, "InvalidCertificateException")
} } // namespace Poco::Net

146
NetSSL_OpenSSL/src/SSLInitializer.cpp Normal file
View File

@@ -0,0 +1,146 @@
//
// SSLInitializer.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SSLInitializer.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: SSLInitializer
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/SSLInitializer.h"
#include "Poco/Net/KeyConsoleHandler.h"
#include "Poco/Net/KeyFileHandler.h"
#include "Poco/RandomStream.h"
#include "Poco/Thread.h"
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/crypto.h>
using Poco::RandomInputStream;
using Poco::Thread;
using Poco::FastMutex;
namespace Poco {
namespace Net {
FastMutex* SSLInitializer::_mutexes(0);
int SSLInitializer::_rc(0);
static SSLInitializer initializer;
SSLInitializer::SSLInitializer()
{
initialize();
}
SSLInitializer::~SSLInitializer()
{
uninitialize();
}
void SSLInitializer::initialize()
{
if (++_rc == 1)
{
poco_assert (1 == SSL_library_init()); // always returns 1
SSL_load_error_strings();
char seed[SEEDSIZE];
RandomInputStream rnd;
rnd.read(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
int nMutexes = CRYPTO_num_locks();
_mutexes = new FastMutex[nMutexes];
CRYPTO_set_locking_callback(&SSLInitializer::lock);
CRYPTO_set_id_callback(&SSLInitializer::id);
CRYPTO_set_dynlock_create_callback(&SSLInitializer::dynlockCreate);
CRYPTO_set_dynlock_lock_callback(&SSLInitializer::dynlock);
CRYPTO_set_dynlock_destroy_callback(&SSLInitializer::dynlockDestroy);
}
}
void SSLInitializer::uninitialize()
{
if (--_rc == 0)
{
delete [] _mutexes;
}
}
void SSLInitializer::lock(int mode, int n, const char* file, int line)
{
if (mode & CRYPTO_LOCK)
_mutexes[n].lock();
else
_mutexes[n].unlock();
}
unsigned long SSLInitializer::id()
{
Thread* pThread = Thread::current();
return pThread ? pThread->id() : 0;
}
struct CRYPTO_dynlock_value* SSLInitializer::dynlockCreate(const char* file, int line)
{
return new CRYPTO_dynlock_value;
}
void SSLInitializer::dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line)
{
poco_check_ptr (lock);
if (mode & CRYPTO_LOCK)
lock->_mutex.lock();
else
lock->_mutex.unlock();
}
void SSLInitializer::dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line)
{
delete lock;
}
} } // namespace Poco::Net

305
NetSSL_OpenSSL/src/SSLManager.cpp Normal file
View File

@@ -0,0 +1,305 @@
//
// SSLManager.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SSLManager.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: SSLManager
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/Utility.h"
#include "Poco/Net/PrivateKeyPassphraseHandler.h"
#include "Poco/Net/SSLInitializer.h"
#include "Poco/SingletonHolder.h"
#include "Poco/Delegate.h"
#include "Poco/Util/Application.h"
#include "Poco/Util/OptionException.h"
#include "Poco/Util/LayeredConfiguration.h"
namespace Poco {
namespace Net {
const std::string SSLManager::CFG_PRIV_KEY_FILE("privateKeyFile");
const std::string SSLManager::CFG_CA_LOCATION("caConfig");
const std::string SSLManager::CFG_VER_MODE("verificationMode");
const Context::VerificationMode SSLManager::VAL_VER_MODE(Context::VERIFY_STRICT);
const std::string SSLManager::CFG_VER_DEPTH("verificationDepth");
const int SSLManager::VAL_VER_DEPTH(9);
const std::string SSLManager::CFG_ENABLE_DEFAULT_CA("loadDefaultCAFile");
const bool SSLManager::VAL_ENABLE_DEFAULT_CA(false);
const std::string SSLManager::CFG_CYPHER_LIST("cypherList");
const std::string SSLManager::VAL_CYPHER_LIST("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
const std::string SSLManager::CFG_DELEGATE_HANDLER("privateKeyPassphraseHandler.name");
const std::string SSLManager::VAL_DELEGATE_HANDLER("KeyConsoleHandler");
const std::string SSLManager::CFG_CERTIFICATE_HANDLER("invalidCertificateHandler.name");
const std::string SSLManager::VAL_CERTIFICATE_HANDLER("ConsoleCertificateHandler");
const std::string SSLManager::CFG_SERVER_PREFIX("openSSL.server.");
const std::string SSLManager::CFG_CLIENT_PREFIX("openSSL.client.");
SSLManager::SSLManager()
{
SSLInitializer::initialize();
}
SSLManager::~SSLManager()
{
PrivateKeyPassPhrase.clear();
ClientVerificationError.clear();
ServerVerificationError.clear();
_ptrServerPassPhraseHandler = 0;
_ptrServerCertificateHandler = 0;
_ptrDefaultServerContext = 0;
_ptrClientPassPhraseHandler = 0;
_ptrClientCertificateHandler = 0;
_ptrDefaultClientContext = 0;
SSLInitializer::uninitialize();
}
SSLManager& SSLManager::instance()
{
static Poco::SingletonHolder<SSLManager> singleton;
return *singleton.get();
}
void SSLManager::initializeServer(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseHandler, InvalidCertificateHandlerPtr& ptrHandler, ContextPtr ptrContext)
{
_ptrServerPassPhraseHandler = ptrPassPhraseHandler;
_ptrServerCertificateHandler = ptrHandler;
_ptrDefaultServerContext = ptrContext;
}
void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseHandler, InvalidCertificateHandlerPtr& ptrHandler, ContextPtr ptrContext)
{
_ptrClientPassPhraseHandler = ptrPassPhraseHandler;
_ptrClientCertificateHandler = ptrHandler;
_ptrDefaultClientContext = ptrContext;
}
SSLManager::ContextPtr SSLManager::defaultServerContext()
{
if (!_ptrDefaultServerContext)
initDefaultContext(true);
return _ptrDefaultServerContext;
}
SSLManager::ContextPtr SSLManager::defaultClientContext()
{
if (!_ptrDefaultClientContext)
initDefaultContext(false);
return _ptrDefaultClientContext;
}
SSLManager::PrivateKeyPassphraseHandlerPtr SSLManager::serverPassPhraseHandler()
{
if (!_ptrServerPassPhraseHandler)
initPassPhraseHandler(true);
return _ptrServerPassPhraseHandler;
}
SSLManager::PrivateKeyPassphraseHandlerPtr SSLManager::clientPassPhraseHandler()
{
if (!_ptrClientPassPhraseHandler)
initPassPhraseHandler(false);
return _ptrClientPassPhraseHandler;
}
SSLManager::InvalidCertificateHandlerPtr SSLManager::serverCertificateHandler()
{
if (!_ptrServerCertificateHandler)
initCertificateHandler(true);
return _ptrServerCertificateHandler;
}
SSLManager::InvalidCertificateHandlerPtr SSLManager::clientCertificateHandler()
{
if (!_ptrClientCertificateHandler)
initCertificateHandler(false);
return _ptrClientCertificateHandler;
}
int SSLManager::verifyCallback(bool server, int ok, X509_STORE_CTX* pStore)
{
if (!ok)
{
X509* pCert = X509_STORE_CTX_get_current_cert(pStore);
X509Certificate x509(pCert);
int depth = X509_STORE_CTX_get_error_depth(pStore);
int err = X509_STORE_CTX_get_error(pStore);
std::string error(X509_verify_cert_error_string(err));
VerificationErrorArgs args(x509, depth, err, error);
if (server)
SSLManager::instance().ServerVerificationError.notify(&SSLManager::instance(), args);
else
SSLManager::instance().ClientVerificationError.notify(&SSLManager::instance(), args);
ok = args.getIgnoreError() ? 1 : 0;
}
return ok;
}
int SSLManager::privateKeyPasswdCallback(char* pBuf, int size, int flag, void* userData)
{
std::string pwd;
SSLManager::instance().PrivateKeyPassPhrase.notify(&SSLManager::instance(), pwd);
strncpy(pBuf, (char *)(pwd.c_str()), size);
pBuf[size - 1] = '\0';
if (size > pwd.length())
size = (int) pwd.length();
return size;
}
void SSLManager::initDefaultContext(bool server)
{
if (server && _ptrDefaultServerContext) return;
if (!server && _ptrDefaultClientContext) return;
initEvents(server);
Poco::Util::LayeredConfiguration& config = Poco::Util::Application::instance().config();
std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
if (!config.hasProperty(prefix+CFG_PRIV_KEY_FILE))
{
throw Poco::Util::EmptyOptionException(std::string("Missing Configuration Entry: ") + prefix+CFG_PRIV_KEY_FILE);
}
// mandatory options
std::string privKeyFile = config.getString(prefix+CFG_PRIV_KEY_FILE);
std::string caLocation = config.getString(prefix+CFG_CA_LOCATION);
// optional options for which we have defaults defined
Context::VerificationMode verMode = VAL_VER_MODE;
if (config.hasProperty(prefix+CFG_VER_MODE))
{
// either: none, relaxed, strict, once
std::string mode = config.getString(prefix+CFG_VER_MODE);
verMode = Utility::convertVerificationMode(mode);
}
int verDepth = config.getInt(prefix+CFG_VER_DEPTH, VAL_VER_DEPTH);
bool loadDefCA = config.getBool(prefix+CFG_ENABLE_DEFAULT_CA, VAL_ENABLE_DEFAULT_CA);
std::string cypherList = config.getString(prefix+CFG_CYPHER_LIST, VAL_CYPHER_LIST);
if (server)
{
_ptrDefaultServerContext = new Context(privKeyFile, caLocation, server, verMode, verDepth, loadDefCA, cypherList);
}
else
{
_ptrDefaultClientContext = new Context(privKeyFile, caLocation, server, verMode, verDepth, loadDefCA, cypherList);
}
}
void SSLManager::initEvents(bool server)
{
initPassPhraseHandler(server);
initCertificateHandler(server);
}
void SSLManager::initPassPhraseHandler(bool server)
{
if (server && _ptrServerPassPhraseHandler) return;
if (!server && _ptrClientPassPhraseHandler) return;
std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
Poco::Util::LayeredConfiguration& config = Poco::Util::Application::instance().config();
std::string className(config.getString(prefix+CFG_DELEGATE_HANDLER, VAL_DELEGATE_HANDLER));
const PrivateKeyFactory* pFactory = 0;
if (privateKeyFactoryMgr().hasFactory(className))
{
pFactory = privateKeyFactoryMgr().getFactory(className);
}
if (pFactory)
{
if (server)
_ptrServerPassPhraseHandler = pFactory->create(server);
else
_ptrClientPassPhraseHandler = pFactory->create(server);
}
else throw Poco::Util::UnknownOptionException(std::string("No PassPhrasehandler known with the name ") + className);
}
void SSLManager::initCertificateHandler(bool server)
{
if (server && _ptrServerCertificateHandler) return;
if (!server && _ptrClientCertificateHandler) return;
std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
Poco::Util::LayeredConfiguration& config = Poco::Util::Application::instance().config();
std::string className(config.getString(prefix+CFG_CERTIFICATE_HANDLER, VAL_CERTIFICATE_HANDLER));
const CertificateHandlerFactory* pFactory = 0;
if (certificateHandlerFactoryMgr().hasFactory(className))
{
pFactory = certificateHandlerFactoryMgr().getFactory(className);
}
if (pFactory)
{
if (server)
_ptrServerCertificateHandler = pFactory->create(true);
else
_ptrClientCertificateHandler = pFactory->create(false);
}
else throw Poco::Util::UnknownOptionException(std::string("No InvalidCertificate handler known with the name ") + className);
}
} } // namespace Poco::Net

113
NetSSL_OpenSSL/src/SecureServerSocket.cpp Normal file
View File

@@ -0,0 +1,113 @@
//
// SecureServerSocket.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SecureServerSocket.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureServerSocket
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/SecureServerSocket.h"
#include "Poco/Net/SecureServerSocketImpl.h"
#include "Poco/Net/SecureStreamSocket.h"
#include "Poco/Exception.h"
using Poco::InvalidArgumentException;
namespace Poco {
namespace Net {
SecureServerSocket::SecureServerSocket():
ServerSocket(new SecureServerSocketImpl, true)
{
}
SecureServerSocket::SecureServerSocket(const Socket& socket):
ServerSocket(socket)
{
if (!dynamic_cast<SecureServerSocketImpl*>(impl()))
throw InvalidArgumentException("Cannot assign incompatible socket");
}
SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog):
ServerSocket(new SecureServerSocketImpl, true)
{
impl()->bind(address, true);
impl()->listen(backlog);
}
SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog):
ServerSocket(new SecureServerSocketImpl, true)
{
IPAddress wildcardAddr;
SocketAddress address(wildcardAddr, port);
impl()->bind(address, true);
impl()->listen(backlog);
}
SecureServerSocket::~SecureServerSocket()
{
}
SecureServerSocket& SecureServerSocket::operator = (const Socket& socket)
{
if (&socket != this)
{
if (dynamic_cast<SecureServerSocketImpl*>(socket.impl()))
ServerSocket::operator = (socket);
else
throw InvalidArgumentException("Cannot assign incompatible socket");
}
return *this;
}
StreamSocket SecureServerSocket::acceptConnection(SocketAddress& clientAddr)
{
return SecureStreamSocket(impl()->acceptConnection(clientAddr));
}
StreamSocket SecureServerSocket::acceptConnection()
{
SocketAddress clientAddr;
return SecureStreamSocket(impl()->acceptConnection(clientAddr));
}
} } // namespace Poco::Net

131
NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp Normal file
View File

@@ -0,0 +1,131 @@
//
// SecureServerSocketImpl.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureServerSocketImpl
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/SecureServerSocketImpl.h"
namespace Poco {
namespace Net {
SecureServerSocketImpl::SecureServerSocketImpl()
{
}
SecureServerSocketImpl::~SecureServerSocketImpl()
{
}
SocketImpl* SecureServerSocketImpl::acceptConnection(SocketAddress& clientAddr)
{
return _socket.acceptConnection(clientAddr);
}
void SecureServerSocketImpl::connect(const SocketAddress& address)
{
_socket.connect(address);
setSockfd(_socket.sockfd());
}
void SecureServerSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout)
{
_socket.connect(address, timeout);
setSockfd(_socket.sockfd());
}
void SecureServerSocketImpl::connectNB(const SocketAddress& address)
{
_socket.connectNB(address);
setSockfd(_socket.sockfd());
}
void SecureServerSocketImpl::bind(const SocketAddress& address, bool reuseAddress)
{
_socket.bind(address, reuseAddress);
}
void SecureServerSocketImpl::listen(int backlog)
{
_socket.listen(backlog);
setSockfd(_socket.sockfd());
}
void SecureServerSocketImpl::close()
{
invalidate();
_socket.close();
}
int SecureServerSocketImpl::sendBytes(const void* buffer, int length, int flags)
{
return _socket.sendBytes(buffer, length, flags);
}
int SecureServerSocketImpl::receiveBytes(void* buffer, int length, int flags)
{
return _socket.receiveBytes(buffer, length, flags);
}
int SecureServerSocketImpl::sendTo(const void* buffer, int length, const SocketAddress& address, int flags)
{
return _socket.sendTo(buffer, length, address, flags);
}
int SecureServerSocketImpl::receiveFrom(void* buffer, int length, SocketAddress& address, int flags)
{
return _socket.receiveFrom(buffer, length, address, flags);
}
void SecureServerSocketImpl::sendUrgent(unsigned char data)
{
return _socket.sendUrgent(data);
}
} } // namespace Poco::Net

603
NetSSL_OpenSSL/src/SecureSocketImpl.cpp Normal file
View File

@@ -0,0 +1,603 @@
//
// SecureSocketImpl.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureSocketImpl
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/SecureSocketImpl.h"
#include "Poco/Net/SSLException.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/Utility.h"
#include "Poco/Net/SecureStreamSocketImpl.h"
#include "Poco/Net/StreamSocketImpl.h"
#include "Poco/Net/NetException.h"
#include "Poco/Net/DNS.h"
#include "Poco/NumberFormatter.h"
#include "Poco/NumberParser.h"
#include "Poco/String.h"
#include "Poco/RegularExpression.h"
#include <openssl/x509v3.h>
#include <openssl/err.h>
using Poco::IOException;
using Poco::TimeoutException;
using Poco::InvalidArgumentException;
using Poco::NumberFormatter;
using Poco::Timespan;
// workaround for C++-incompatible macro
#define POCO_BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(void*)((n)?"a":NULL))
namespace Poco {
namespace Net {
SecureSocketImpl::SecureSocketImpl():_pBIO(0), _pSSL(0)
{
}
SecureSocketImpl::SecureSocketImpl(SSL *pSSL): _pSSL(pSSL)
{
poco_check_ptr (_pSSL);
_pBIO = SSL_get_rbio(_pSSL);
poco_check_ptr (_pBIO);
int tmpSocket = 0;
BIO_get_fd(_pBIO, &tmpSocket);
setSockfd(tmpSocket);
}
SecureSocketImpl::~SecureSocketImpl()
{
close();
}
SocketImpl* SecureSocketImpl::acceptConnection(SocketAddress& clientAddr)
{
poco_assert (sockfd() != POCO_INVALID_SOCKET);
poco_check_ptr (_pBIO);
BIO* pClient = 0;
int rc = 0;
do
{
rc = BIO_do_accept(_pBIO);
}
while (rc <= 0 && _socket.lastError() == POCO_EINTR);
if (rc > 0)
{
pClient = BIO_pop(_pBIO);
poco_check_ptr (pClient);
SSL* pSSL = SSL_new(SSLManager::instance().defaultServerContext()->sslContext());
if (pSSL)
{
SSL_set_accept_state(pSSL);
SSL_set_bio(pSSL, pClient, pClient);
int err = SSL_accept(pSSL);
if (err > 0)
{
SecureStreamSocketImpl* pSI = new SecureStreamSocketImpl(pSSL);
clientAddr = pSI->peerAddress();
std::string clientName = clientAddr.host().toString();
if (X509_V_OK != postConnectionCheck(true, pSSL, clientName))
{
delete pSI;
pSI = 0;
SSL_shutdown(pSSL);
SSL_free(pSSL);
pClient = 0;
SocketImpl::error("postConnectionCheck failed"); // will throw
}
return pSI;
}
else
{
std::string errMsg = Utility::convertSSLError(pSSL, err);
SSL_shutdown(pSSL);
SSL_free(pSSL);
SocketImpl::error(std::string("failed to acceptConnection: ") + errMsg);
}
}
else
{
BIO_free(pClient);
}
}
SocketImpl::error(); // will throw
return 0;
}
void SecureSocketImpl::connect(const SocketAddress& address)
{
if (sockfd() == POCO_INVALID_SOCKET)
{
if (!_pBIO)
_pBIO = BIO_new(BIO_s_connect());
}
int rc = 0;
do
{
BIO_set_conn_hostname(_pBIO, address.host().toString().c_str());
int tmp = address.port();
BIO_set_conn_int_port(_pBIO, &tmp);
rc = BIO_do_connect(_pBIO); // returns 1 in case of ok!
}
while (rc != 1 && _socket.lastError() == POCO_EINTR);
if (rc != 1) SocketImpl::error(address.toString());
establishTunnel();
connectSSL(address);
poco_check_ptr (_pSSL);
}
void SecureSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout)
{
poco_assert (sockfd() == POCO_INVALID_SOCKET);
poco_assert (_pSSL == 0);
poco_assert (_pBIO == 0);
_pBIO = BIO_new(BIO_s_connect());
POCO_BIO_set_nbio_accept(_pBIO, 1); // set nonblocking
try
{
BIO_set_conn_hostname(_pBIO, address.host().toString().c_str());
int tmp = address.port();
BIO_set_conn_int_port(_pBIO, &tmp);
int rc = BIO_do_connect(_pBIO); // returns 1 in case of ok!
if (rc != 1)
{
if (_socket.lastError() != POCO_EINPROGRESS && _socket.lastError() != POCO_EWOULDBLOCK)
SocketImpl::error(address.toString());
if (!_socket.poll(timeout, SocketImpl::SELECT_READ | SocketImpl::SELECT_WRITE))
throw Poco::TimeoutException("connect timed out", address.toString());
int err = _socket.socketError();
if (err != 0) SocketImpl::error(err);
}
establishTunnel();
connectSSL(address);
poco_check_ptr (_pSSL);
}
catch (Poco::Exception&)
{
POCO_BIO_set_nbio_accept(_pBIO, 0);
throw;
}
POCO_BIO_set_nbio_accept(_pBIO, 0);
}
void SecureSocketImpl::connectNB(const SocketAddress& address)
{
if (sockfd() == POCO_INVALID_SOCKET)
{
if(!_pBIO)
_pBIO = BIO_new(BIO_s_connect());
}
POCO_BIO_set_nbio_accept(_pBIO, 1); //setnonBlocking
BIO_set_conn_hostname(_pBIO, address.host().toString().c_str());
int tmp = address.port();
BIO_set_conn_int_port(_pBIO, &tmp);
int rc = BIO_do_connect(_pBIO); // returns 1 in case of ok!
if (rc != 1)
{
if (_socket.lastError() != POCO_EINPROGRESS && _socket.lastError() != POCO_EWOULDBLOCK)
SocketImpl::error(address.toString());
}
else
{
int tmpSocket=0;
BIO_get_fd(_pBIO,&tmpSocket);
poco_assert (-1 != tmpSocket);
setSockfd(tmpSocket);
establishTunnel();
connectSSL(address);
poco_check_ptr (_pSSL);
}
}
void SecureSocketImpl::bind(const SocketAddress& address, bool reuseAddress)
{
_socket.bind(address, reuseAddress);
}
void SecureSocketImpl::listen(int backlog)
{
_socket.listen(backlog);
_pBIO = BIO_new (BIO_s_accept());
BIO_set_fd(_pBIO, (int)sockfd(), BIO_CLOSE);
}
void SecureSocketImpl::close()
{
if (_pSSL)
{
if (SSL_get_shutdown(_pSSL) & SSL_RECEIVED_SHUTDOWN)
{
SSL_shutdown(_pSSL);
}
else
{
SSL_clear(_pSSL);
}
SSL_free(_pSSL); // frees _pBIO
_pSSL = 0;
_pBIO = 0;
}
if (_pBIO)
{
BIO_free_all(_pBIO); //free all, even BIOs for pending connections
_pBIO = 0;
}
invalidate(); // the socket is already invalid, although the fd still contains a meaningful value, correct that
}
int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
{
poco_assert (sockfd() != POCO_INVALID_SOCKET);
poco_check_ptr (_pSSL);
int rc;
do
{
rc = SSL_write(_pSSL, buffer, length);
if (rc < 0)
{
std::string errMsg = Utility::convertSSLError(_pSSL, rc);
}
}
while (rc < 0 && _socket.lastError() == POCO_EINTR);
if (rc < 0) SocketImpl::error();
return rc;
}
int SecureSocketImpl::receiveBytes(void* buffer, int length, int flags)
{
poco_assert (sockfd() != POCO_INVALID_SOCKET);
poco_check_ptr (_pSSL);
#if defined(POCO_BROKEN_TIMEOUTS)
Poco::Timespan recvTimeout = _socket.getReceiveTimeout();
if (recvTimeout.totalMicroseconds() != 0)
{
if (!_socket.poll(recvTimeout, SocketImpl::SELECT_READ))
throw TimeoutException();
}
#endif
int rc;
do
{
rc = SSL_read(_pSSL, buffer, length);
if (rc <= 0)
{
switch (SSL_get_error(_pSSL, rc))
{
case SSL_ERROR_ZERO_RETURN:
// connection closed
close();
break;
case SSL_ERROR_NONE:
case SSL_ERROR_WANT_WRITE: //renegotiation
case SSL_ERROR_WANT_READ: //renegotiation
default:
;
}
}
}
while (rc < 0 && _socket.lastError() == POCO_EINTR);
if (rc < 0)
{
if (_socket.lastError() == POCO_EAGAIN || _socket.lastError() == POCO_ETIMEDOUT)
throw TimeoutException();
else
SocketImpl::error("failed to read bytes");
}
return rc;
}
int SecureSocketImpl::sendTo(const void* buffer, int length, const SocketAddress& address, int flags)
{
throw NetException("sendTo not possible with SSL");
}
int SecureSocketImpl::receiveFrom(void* buffer, int length, SocketAddress& address, int flags)
{
throw NetException("receiveFrom not possible with SSL");
}
void SecureSocketImpl::sendUrgent(unsigned char data)
{
// SSL doesn't support out-of-band data
sendBytes(reinterpret_cast<const void*>(&data), sizeof(data));
}
long SecureSocketImpl::postConnectionCheck(bool server, SSL* pSSL, const std::string& hostName)
{
static std::string locHost("127.0.0.1");
SSLManager& mgr = SSLManager::instance();
Context::VerificationMode mode = server? mgr.defaultServerContext()->verificationMode() : mgr.defaultClientContext()->verificationMode();
if (hostName == locHost && mode != Context::VERIFY_STRICT)
return X509_V_OK;
X509* cert = 0;
X509_NAME* subj = 0;
char* host = const_cast<char*>(hostName.c_str());
int extcount=0;
if (mode == Context::VERIFY_NONE) // should we allow none on the client side?
{
return X509_V_OK;
}
cert = SSL_get_peer_certificate(pSSL);
// note: the check is used by the client, so as long we don't set None at the client we reject
// cases where no certificate/incomplete info is presented by the server
if ((!cert || !host) && mode != Context::VERIFY_NONE)
{
if (cert)
X509_free(cert);
return X509_V_ERR_APPLICATION_VERIFICATION;
}
bool ok = false;
if ((extcount = X509_get_ext_count(cert)) > 0)
{
for (int i = 0; i < extcount && !ok; ++i)
{
const char* extstr = 0;
X509_EXTENSION* ext;
ext = X509_get_ext(cert, i);
extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
if (!strcmp(extstr, "subjectAltName"))
{
X509V3_EXT_METHOD* meth = X509V3_EXT_get(ext);
if (!meth)
break;
#if OPENSSL_VERSION_NUMBER >= 0x00908000
const unsigned char* pData = ext->value->data;
const unsigned char** ppData = &pData;
#else
unsigned char* pData = ext->value->data;
unsigned char** ppData = &pData;
#endif
STACK_OF(CONF_VALUE)* val = meth->i2v(meth, meth->d2i(0, ppData, ext->value->length), 0);
for (int j = 0; j < sk_CONF_VALUE_num(val) && !ok; ++j)
{
CONF_VALUE* nval = sk_CONF_VALUE_value(val, j);
if (!strcmp(nval->name, "DNS") && !strcmp(nval->value, host))
{
ok = true;
}
}
}
}
}
char data[256];
if (!ok && (subj = X509_get_subject_name(cert)) && X509_NAME_get_text_by_NID(subj, NID_commonName, data, 256) > 0)
{
data[255] = 0;
std::string strData(data); // commonName can contain wildcards like *.appinf.com
try
{
// two cases: strData contains wildcards or not
if (SecureSocketImpl::containsWildcards(strData))
{
// a compare by IPAddress is not possible with wildcards
// only allow compare by name
const HostEntry& heData = DNS::resolve(hostName);
ok = SecureSocketImpl::matchByAlias(strData, heData);
}
else
{
// it depends on hostname if we compare by IP or by alias
IPAddress ip;
if (IPAddress::tryParse(hostName, ip))
{
// compare by IP
const HostEntry& heData = DNS::resolve(strData);
const HostEntry::AddressList& addr = heData.addresses();
HostEntry::AddressList::const_iterator it = addr.begin();
HostEntry::AddressList::const_iterator itEnd = addr.end();
for (; it != itEnd && !ok; ++it)
{
ok = (*it == ip);
}
}
else
{
// compare by name
const HostEntry& heData = DNS::resolve(hostName);
ok = SecureSocketImpl::matchByAlias(strData, heData);
}
}
}
catch(HostNotFoundException&)
{
if (cert)
X509_free(cert);
return X509_V_ERR_APPLICATION_VERIFICATION;
}
}
if (cert)
X509_free(cert);
// we already have a verify callback registered so no need to ask twice SSL_get_verify_result(pSSL);
if (ok)
return X509_V_OK;
return X509_V_ERR_APPLICATION_VERIFICATION;
}
void SecureSocketImpl::connectSSL(const SocketAddress& address)
{
if (!_pSSL)
{
_pSSL = SSL_new(SSLManager::instance().defaultClientContext()->sslContext());
SSL_set_bio(_pSSL, _pBIO, _pBIO);
}
std::string errMsg;
int ret = SSL_connect(_pSSL);
if (ret <= 0)
{
errMsg = Utility::convertSSLError(_pSSL, ret);
throw SSLException(errMsg);
}
std::string serverName = address.host().toString();
long errCode = 0;
if (_endHost.empty())
postConnectionCheck(false, _pSSL, serverName);
else
postConnectionCheck(false, _pSSL, _endHost);
bool err = false;
if (errCode != X509_V_OK)
{
err = true;
errMsg = Utility::convertCertificateError(errCode);
}
else
{
int tmpSocket=0;
BIO_get_fd(_pBIO,&tmpSocket);
poco_assert (-1 != tmpSocket);
setSockfd(tmpSocket);
}
if (err)
{
SSL_free(_pSSL); // dels _pBIO too
_pSSL = 0;
_pBIO = 0;
invalidate();
throw InvalidCertificateException(errMsg);
}
}
void SecureSocketImpl::establishTunnel()
{
if (!_endHost.empty())
{
poco_check_ptr (_pBIO);
// send CONNECT proxyHost:proxyPort HTTP/1.0\r\n\r\n
std::string connect("CONNECT ");
connect.append(_endHost);
connect.append(":");
connect.append(Poco::NumberFormatter::format(_endPort));
connect.append(" HTTP/1.0\r\n\r\n");
int rc = BIO_write(_pBIO, (const void*) connect.c_str(), (int)(connect.length()*sizeof(char)));
if (rc != connect.length())
throw SSLException("Failed to establish connection to proxy");
// get the response
char resp[512];
rc = BIO_read(_pBIO, resp, 512*sizeof(char));
std::string response(resp);
if (response.find("200") == std::string::npos)
throw SSLException("Failed to establish connection to proxy");
}
}
bool SecureSocketImpl::containsWildcards(const std::string& commonName)
{
return (commonName.find('*') != std::string::npos || commonName.find('?') != std::string::npos);
}
bool SecureSocketImpl::matchByAlias(const std::string& alias, const HostEntry& heData)
{
// compare by name
Poco::RegularExpression expr(alias);
bool found = false;
const HostEntry::AliasList& aliases = heData.aliases();
HostEntry::AliasList::const_iterator it = aliases.begin();
HostEntry::AliasList::const_iterator itEnd = aliases.end();
for (; it != itEnd && !found; ++it)
{
found = expr.match(*it);
}
return found;
}
} } // namespace Poco::Net

94
NetSSL_OpenSSL/src/SecureStreamSocket.cpp Normal file
View File

@@ -0,0 +1,94 @@
//
// SecureStreamSocket.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SecureStreamSocket.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureStreamSocket
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/SecureStreamSocket.h"
#include "Poco/Net/SecureStreamSocketImpl.h"
#include "Poco/Net/SocketImpl.h"
#include "Poco/Exception.h"
using Poco::InvalidArgumentException;
namespace Poco {
namespace Net {
SecureStreamSocket::SecureStreamSocket():
StreamSocket(new SecureStreamSocketImpl)
{
}
SecureStreamSocket::SecureStreamSocket(const SocketAddress& address):
StreamSocket(new SecureStreamSocketImpl)
{
connect(address);
}
SecureStreamSocket::SecureStreamSocket(const Socket& socket):
StreamSocket(socket)
{
if (!dynamic_cast<SecureStreamSocketImpl*>(impl()))
throw InvalidArgumentException("Cannot assign incompatible socket");
}
SecureStreamSocket::SecureStreamSocket(SocketImpl* pImpl):
StreamSocket(pImpl)
{
if (!dynamic_cast<SecureStreamSocketImpl*>(impl()))
throw InvalidArgumentException("Cannot assign incompatible socket");
}
SecureStreamSocket::~SecureStreamSocket()
{
}
SecureStreamSocket& SecureStreamSocket::operator = (const Socket& socket)
{
if (dynamic_cast<SecureStreamSocketImpl*>(socket.impl()))
StreamSocket::operator = (socket);
else
throw InvalidArgumentException("Cannot assign incompatible socket");
return *this;
}
} } // namespace Poco::Net

145
NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp Normal file
View File

@@ -0,0 +1,145 @@
//
// SecureStreamSocketImpl.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureStreamSocketImpl
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/SecureStreamSocketImpl.h"
namespace Poco {
namespace Net {
SecureStreamSocketImpl::SecureStreamSocketImpl()
{
}
SecureStreamSocketImpl::SecureStreamSocketImpl(SSL* _pSSL): _socket(_pSSL)
{
setSockfd(_socket.sockfd());
}
SecureStreamSocketImpl::~SecureStreamSocketImpl()
{
}
SocketImpl* SecureStreamSocketImpl::acceptConnection(SocketAddress& clientAddr)
{
return _socket.acceptConnection(clientAddr);
}
void SecureStreamSocketImpl::connect(const SocketAddress& address)
{
_socket.connect(address);
setSockfd(_socket.sockfd());
}
void SecureStreamSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout)
{
_socket.connect(address, timeout);
setSockfd(_socket.sockfd());
}
void SecureStreamSocketImpl::connectNB(const SocketAddress& address)
{
_socket.connectNB(address);
setSockfd(_socket.sockfd());
}
void SecureStreamSocketImpl::bind(const SocketAddress& address, bool reuseAddress)
{
_socket.bind(address, reuseAddress);
}
void SecureStreamSocketImpl::listen(int backlog)
{
_socket.listen(backlog);
setSockfd(_socket.sockfd());
}
void SecureStreamSocketImpl::close()
{
invalidate();
_socket.close();
}
int SecureStreamSocketImpl::sendBytes(const void* buffer, int length, int flags)
{
const char* p = reinterpret_cast<const char*>(buffer);
int remaining = length;
while (remaining > 0)
{
int n = _socket.sendBytes(p, length, flags);
p += n;
remaining -= n;
}
return length;
}
int SecureStreamSocketImpl::receiveBytes(void* buffer, int length, int flags)
{
return _socket.receiveBytes(buffer, length, flags);
}
int SecureStreamSocketImpl::sendTo(const void* buffer, int length, const SocketAddress& address, int flags)
{
return _socket.sendTo(buffer, length, address, flags);
}
int SecureStreamSocketImpl::receiveFrom(void* buffer, int length, SocketAddress& address, int flags)
{
return _socket.receiveFrom(buffer, length, address, flags);
}
void SecureStreamSocketImpl::sendUrgent(unsigned char data)
{
return _socket.sendUrgent(data);
}
} } // namespace Poco::Net

135
NetSSL_OpenSSL/src/Utility.cpp Normal file
View File

@@ -0,0 +1,135 @@
//
// Utility.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/Utility.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: Utility
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/Utility.h"
#include "Poco/String.h"
#include "Poco/Util/OptionException.h"
#include <openssl/err.h>
namespace Poco {
namespace Net {
int Utility::HTTPS_PORT = 443;
Context::VerificationMode Utility::convertVerificationMode(const std::string& vMode)
{
std::string mode = Poco::toLower(vMode);
Context::VerificationMode verMode = Context::VERIFY_STRICT;
if (mode == "none")
verMode = Context::VERIFY_NONE;
else if (mode == "relaxed")
verMode = Context::VERIFY_RELAXED;
else if (mode == "strict")
verMode = Context::VERIFY_STRICT;
else if (mode == "once")
verMode = Context::VERIFY_ONCE;
else
throw Poco::Util::OptionException(std::string("Wrong value >") + vMode + std::string("< for a verificationMode. Can only be none, relaxed, strict or once."));
return verMode;
}
std::string Utility::convertCertificateError(long errCode)
{
std::string errMsg(X509_verify_cert_error_string(errCode));
return errMsg;
}
std::string Utility::convertSSLError(SSL* pSSL, int errCode)
{
std::string errMsg;
if (errCode > 0) return "no error";
int connectErr = SSL_get_error(pSSL, errCode);
long lErr = 0;
char buf[512];
switch (connectErr)
{
case SSL_ERROR_ZERO_RETURN:
// connection closed
errMsg = "connection closed by server";
break;
case SSL_ERROR_WANT_READ:
errMsg = "want read";
break;
case SSL_ERROR_WANT_WRITE:
errMsg = "want write";
break;
case SSL_ERROR_WANT_CONNECT:
errMsg = "want connect";
break;
case SSL_ERROR_WANT_ACCEPT:
errMsg = "want accept";
break;
case SSL_ERROR_WANT_X509_LOOKUP:
errMsg = "want lookup";
break;
case SSL_ERROR_SYSCALL:
errMsg = "syscall";
break;
case SSL_ERROR_SSL:
lErr = ERR_get_error();
if (errCode == 0)
{
errMsg = "EOF was observed";
}
else if (errCode == -1)
{
errMsg = "The underlying BIO reported an I/O error";
}
else
{
ERR_error_string_n(lErr, buf, 512);
errMsg = buf;
}
break;
default:
errMsg = "none";
}
return errMsg;
}
} } // namespace Poco::Net

59
NetSSL_OpenSSL/src/VerificationErrorArgs.cpp Normal file
View File

@@ -0,0 +1,59 @@
//
// VerificationErrorArgs.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: VerificationErrorArgs
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/VerificationErrorArgs.h"
namespace Poco {
namespace Net {
VerificationErrorArgs::VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg):
_cert(cert),
_errorDepth(errDepth),
_errorNumber(errNum),
_errorMessage(errMsg),
_ignoreError(false)
{
}
VerificationErrorArgs::~VerificationErrorArgs()
{
}
} } // namespace Poco::Net

66
NetSSL_OpenSSL/src/X509Certificate.cpp Normal file
View File

@@ -0,0 +1,66 @@
//
// X509Certificate.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/X509Certificate.cpp#1 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: X509Certificate
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/X509Certificate.h"
namespace Poco {
namespace Net {
X509Certificate::X509Certificate(X509* pCert):_pCert(pCert)
{
poco_check_ptr(_pCert);
initialize();
}
X509Certificate::~X509Certificate()
{
}
void X509Certificate::initialize()
{
char data[256];
X509_NAME_oneline(X509_get_issuer_name(_pCert), data, 256);
_issuerName = data;
X509_NAME_oneline(X509_get_subject_name(_pCert), data, 256);
_subjectName = data;
}
} } // namespace Poco::Net