generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-13 14:45:36 +02:00
Code Issues Projects Releases Wiki Activity

NetSSL library refactoring

Browse Source
This commit is contained in:
Guenter Obiltschnig
2009-02-23 20:56:01 +00:00
parent f345a6c6e2
commit 75a07d7983
103 changed files with 9549 additions and 1453 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h
View File

@@ -1,7 +1,7 @@
//
// AcceptCertificateHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the AcceptCertificateHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -51,7 +51,9 @@ namespace Net {
class NetSSL_API AcceptCertificateHandler: public InvalidCertificateHandler
/// A AcceptCertificateHandler is invoked whenever an error
/// occurs verifying the certificate. It always accepts
/// the certificate. Only use this one during testing!
/// the certificate.
///
/// Should be using for testing purposes only.
{
public:
AcceptCertificateHandler(bool handleErrorsOnServerSide);
@@ -66,15 +68,6 @@ public:
};
//
// inlines
//
inline void AcceptCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert)
{
errorCert.setIgnoreError(true);
}
} } // namespace Poco::Net

6
NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h
View File

@@ -1,7 +1,7 @@
//
// CertificateHandlerFactory.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the CertificateHandlerFactory class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -52,6 +52,7 @@ class InvalidCertificateHandler;
class NetSSL_API CertificateHandlerFactory
/// A CertificateHandlerFactory is responsible for creating InvalidCertificateHandlers.
///
/// You don't need to access this class directly. Use the macro
/// POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName)
/// instead (see the documentation of InvalidCertificateHandler for an example).
@@ -82,6 +83,7 @@ public:
/// Destroys the CertificateHandlerFactoryRegistrar.
};
template <typename T>
class CertificateHandlerFactoryImpl: public Poco::Net::CertificateHandlerFactory
{

4
NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h
View File

@@ -1,7 +1,7 @@
//
// CertificateHandlerFactoryMgr.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the CertificateHandlerFactoryMgr class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

7
NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h
View File

@@ -1,7 +1,7 @@
//
// ConsoleCertificateHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the ConsoleCertificateHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -49,7 +49,8 @@ namespace Net {
class NetSSL_API ConsoleCertificateHandler: public InvalidCertificateHandler
/// A ConsoleCertificateHandler is invoked whenever an error occurs verifying the certificate.
/// A ConsoleCertificateHandler is invoked whenever an error occurs verifying the certificate.
///
/// The certificate is printed to stdout and the user is asked via console if he wants to accept it.
{
public:

115
NetSSL_OpenSSL/include/Poco/Net/Context.h
View File

@@ -1,7 +1,7 @@
//
// Context.h
//
// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/Context.h#3 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/Context.h#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the Context class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -41,7 +41,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/SharedPtr.h"
#include "Poco/RefCountedObject.h"
#include "Poco/AutoPtr.h"
#include <openssl/ssl.h>
@@ -49,60 +50,110 @@ namespace Poco {
namespace Net {
class NetSSL_API Context
/// This class encapsulates an SSL Context.
class NetSSL_API Context: public Poco::RefCountedObject
/// This class encapsulates context information for
/// an SSL server or client, such as the certificate
/// verification mode and the location of certificates
/// and private key files, as well as the list of
/// supported ciphers.
{
public:
typedef Poco::SharedPtr<Context> Ptr;
typedef Poco::AutoPtr<Context> Ptr;
enum Usage
{
CLIENT_USE, /// Context is used by a client.
SERVER_USE /// Context is used by a server.
};
enum VerificationMode
{
VERIFY_NONE = SSL_VERIFY_NONE,
/// Server: The server will not send a client certificate
/// request to the client, so the client will not send a certificate.
///
/// Client: If not using an anonymous cipher (by default disabled),
/// the server will send a certificate which will be checked, but
/// the result of the check will be ignored.
VERIFY_RELAXED = SSL_VERIFY_PEER,
VERIFY_STRICT = SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
VERIFY_ONCE = SSL_VERIFY_CLIENT_ONCE
/// Server: The server sends a client certificate request to the
/// client. The certificate returned (if any) is checked.
/// If the verification process fails, the TLS/SSL handshake is
/// immediately terminated with an alert message containing the
/// reason for the verification failure.
///
/// Client: The server certificate is verified, if one is provided.
/// If the verification process fails, the TLS/SSL handshake is
/// immediately terminated with an alert message containing the
/// reason for the verification failure.
VERIFY_STRICT = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
/// Server: If the client did not return a certificate, the TLS/SSL
/// handshake is immediately terminated with a handshake failure
/// alert. This flag must be used together with SSL_VERIFY_PEER.
///
/// Client: Same as VERIFY_RELAXED.
VERIFY_ONCE = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE
/// Server: Only request a client certificate on the initial
/// TLS/SSL handshake. Do not ask for a client certificate
/// again in case of a renegotiation.
///
/// Client: Same as VERIFY_RELAXED.
};
Context(const std::string& privateKeyFile,
Context(
Usage usage,
const std::string& privateKeyFile,
const std::string& certificateFile,
const std::string& caLocation,
bool isServerContext,
VerificationMode verMode = VERIFY_STRICT,
VerificationMode verificationMode = VERIFY_RELAXED,
int verificationDepth = 9,
bool loadCAFromDefaultPath = false,
const std::string& cypherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
/// Creates a context.
/// privateKeyFile contains the key used for encryption, caLocation can either
/// be a directory or a single file containing the certificates for certificate authorities.
/// isServerContext defines if the context belongs to a server or client.
/// verificationDepth sets the upper limit for verification chain sizes. If we encounter
/// a chain larger than that limit, verification will fail.
/// Cypherlist defines which protocols are allowed.
/// Creates the Context.
bool loadDefaultCAs = false,
const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
/// Creates a Context.
///
/// * usage specifies whether the context is used by a client or server.
/// * privateKeyFile contains the path to the private key file used for encryption.
/// Can be empty if no private key file is used.
/// * certificateFile contains the path to the certificate file (in PEM format).
/// If the private key and the certificate are stored in the same file, this
/// can be empty if privateKeyFile is given.
/// * caLocation contains the path to the file or directory containing the
/// CA/root certificates. Can be empty if the OpenSSL builtin CA certificates
/// are used (see loadDefaultCAs).
/// * verificationMode specifies whether and how peer certificates are validated.
/// * verificationDepth sets the upper limit for verification chain sizes. Verification
/// will fail if a certificate chain larger than this is encountered.
/// * loadDefaultCAs specifies wheter the builtin CA certificates from OpenSSL are used.
/// * cipherList specifies the supported ciphers in OpenSSL notation.
~Context();
/// Destroys the Context.
SSL_CTX* sslContext() const;
/// Returns the OpenSSL SSL Context object.
/// Returns the underlying OpenSSL SSL Context object.
Usage usage() const;
/// Returns whether the context is for use by a client or by a server.
Context::VerificationMode verificationMode() const;
/// Returns the verification mode.
bool serverContext() const;
/// Returns true iff the context is for a server.
private:
SSL_CTX* _pSSLContext;
Context::VerificationMode _mode;
bool _server;
Usage _usage;
VerificationMode _mode;
SSL_CTX* _pSSLContext;
};
//
// inlines
//
inline SSL_CTX* Context::sslContext() const
inline Context::Usage Context::usage() const
{
return _pSSLContext;
return _usage;
}
@@ -112,9 +163,9 @@ inline Context::VerificationMode Context::verificationMode() const
}
inline bool Context::serverContext() const
inline SSL_CTX* Context::sslContext() const
{
return _server;
return _pSSLContext;
}

41
NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSClientSession.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h#9 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
@@ -9,7 +9,7 @@
//
// Definition of the HTTPSClientSession class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -43,6 +43,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/Utility.h"
#include "Poco/Net/HTTPClientSession.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
namespace Poco {
@@ -76,33 +78,56 @@ class NetSSL_API HTTPSClientSession: public HTTPClientSession
///
/// See RFC 2616 <http://www.faqs.org/rfcs/rfc2616.html> for more
/// information about the HTTP protocol.
///
/// Note that sending requests that neither contain a content length
/// field in the header nor are using chunked transfer encoding will
/// result in a SSL protocol violation, as the framework shuts down
/// the socket after sending the message body. No orderly SSL shutdown
/// will be performed in this case.
{
public:
enum
{
HTTPS_PORT = 443
};
HTTPSClientSession();
/// Creates an unconnected HTTPSClientSession.
HTTPSClientSession(const SecureStreamSocket& socket);
explicit HTTPSClientSession(const SecureStreamSocket& socket);
/// Creates a HTTPSClientSession using the given socket.
/// The socket must not be connected. The session
/// takes ownership of the socket.
HTTPSClientSession(const std::string& host, Poco::UInt16 port = Utility::HTTPS_PORT);
HTTPSClientSession(const std::string& host, Poco::UInt16 port = HTTPS_PORT);
/// Creates a HTTPSClientSession using the given host and port.
explicit HTTPSClientSession(Context::Ptr pContext);
/// Creates an unconnected HTTPSClientSession, using the
/// give SSL context.
HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext);
/// Creates a HTTPSClientSession using the given host and port,
/// using the given SSL context.
~HTTPSClientSession();
/// Destroys the HTTPSClientSession and closes
/// the underlying socket.
X509Certificate serverCertificate();
/// Returns the server's certificate.
///
/// The certificate is available after the first request has been sent.
protected:
void connect(const SocketAddress& address);
// Connects the socket to the server.
std::string getHostInfo() const;
/// Returns the target host and port number for proxy requests.
std::string proxyRequestPrefix() const;
private:
HTTPSClientSession(const HTTPSClientSession&);
HTTPSClientSession& operator = (const HTTPSClientSession&);
Context::Ptr _pContext;
};

4
NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSSessionInstantiator.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
@@ -9,7 +9,7 @@
//
// Definition of the HTTPSSessionInstantiator class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

6
NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSStreamFactory.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
@@ -9,7 +9,7 @@
//
// Definition of the HTTPSStreamFactory class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -51,7 +51,7 @@ namespace Net {
class NetSSL_API HTTPSStreamFactory: public Poco::URIStreamFactory
/// An implementation of the URIStreamFactory interface
/// that handles Hyper-Text Transfer Protocol (http) URIs.
/// that handles secure Hyper-Text Transfer Protocol (https) URIs.
{
public:
HTTPSStreamFactory();

10
NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h
View File

@@ -1,7 +1,7 @@
//
// InvalidCertificateHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the InvalidCertificateHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -52,7 +52,7 @@ class NetSSL_API InvalidCertificateHandler
/// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user
/// to inspect and accept/reject the certificate.
/// One can install one's own InvalidCertificateHandler by implementing this interface. Note that
/// in the cpp file of the subclass the following code must be present (assuming you use the namespace My_API
/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API
/// and the name of your handler class is MyGuiHandler):
///
/// #include "Poco/Net/CertificateHandlerFactory.h"
@@ -72,11 +72,13 @@ class NetSSL_API InvalidCertificateHandler
/// [...] // Put optional config params for the handler here
/// </options>
/// </invalidCertificateHandler>
///
/// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro.
{
public:
InvalidCertificateHandler(bool handleErrorsOnServerSide);
/// Creates the InvalidCertificateHandler.
/// Creates the InvalidCertificateHandler.
///
/// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side.
/// Automatically registers at one of the SSLManager::VerificationError events.

7
NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h
View File

@@ -1,7 +1,7 @@
//
// KeyConsoleHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the KeyConsoleHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -49,7 +49,8 @@ namespace Net {
class NetSSL_API KeyConsoleHandler: public PrivateKeyPassphraseHandler
/// Class KeyConsoleHandler. Reads the key for a certificate from the console.
/// An implementation of PrivateKeyPassphraseHandler that
/// reads the key for a certificate from the console.
{
public:
KeyConsoleHandler(bool server);

7
NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h
View File

@@ -1,7 +1,7 @@
//
// KeyFileHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the KeyFileHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -49,7 +49,8 @@ namespace Net {
class NetSSL_API KeyFileHandler: public PrivateKeyPassphraseHandler
/// Class KeyFileHandler. Reads the key for a certificate from a configuration file
/// An implementation of PrivateKeyPassphraseHandler that
/// reads the key for a certificate from a configuration file
/// under the path "openSSL.privateKeyPassphraseHandler.options.password".
{
public:

4
NetSSL_OpenSSL/include/Poco/Net/NetSSL.h
View File

@@ -1,7 +1,7 @@
//
// NetSSL.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -11,7 +11,7 @@
// This file must be the first file included by every other OpenSSL
// header file.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

6
NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h
View File

@@ -1,7 +1,7 @@
//
// PrivateKeyFactory.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the PrivateKeyFactory class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -52,6 +52,7 @@ class PrivateKeyPassphraseHandler;
class NetSSL_API PrivateKeyFactory
/// A PrivateKeyFactory is responsible for creating PrivateKeyPassphraseHandlers.
///
/// You don't need to access this class directly. Use the macro
/// POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName)
/// instead (see the documentation of PrivateKeyPassphraseHandler for an example).
@@ -70,6 +71,7 @@ public:
class NetSSL_API PrivateKeyFactoryRegistrar
/// Registrar class which automatically registers PrivateKeyFactories at the PrivateKeyFactoryMgr.
///
/// You don't need to access this class directly. Use the macro
/// POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName)
/// instead (see the documentation of PrivateKeyPassphraseHandler for an example).

4
NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h
View File

@@ -1,7 +1,7 @@
//
// PrivateKeyFactoryMgr.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the PrivateKeyFactoryMgr class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

7
NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h
View File

@@ -1,7 +1,7 @@
//
// PrivateKeyPassphraseHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the PrivateKeyPassphraseHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -51,7 +51,7 @@ class NetSSL_API PrivateKeyPassphraseHandler
/// A passphrase handler is needed whenever the private key of a certificate is loaded and the certificate is protected
/// by a passphrase. The PrivateKeyPassphraseHandler's task is to provide that passphrase.
/// One can install one's own PrivateKeyPassphraseHandler by implementing this interface. Note that
/// in the cpp file of the subclass the following code must be present (assuming you use the namespace My_API
/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API
/// and the name of your handler class is MyGuiHandler):
///
/// #include "Poco/Net/PrivateKeyFactory.h"
@@ -71,6 +71,7 @@ class NetSSL_API PrivateKeyPassphraseHandler
/// [...] // Put optional config params for the handler here
/// </options>
/// </privateKeyPassphraseHandler>
///
/// Note that the name of the passphrase handler must be same as the one provided to the POCO_REGISTER_KEYFACTORY macro.
{
public:

5
NetSSL_OpenSSL/include/Poco/Net/SSLException.h
View File

@@ -1,7 +1,7 @@
//
// SSLException.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SSLException.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SSLException.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the SSLException class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -51,6 +51,7 @@ namespace Net {
POCO_DECLARE_EXCEPTION(NetSSL_API, SSLException, NetException)
POCO_DECLARE_EXCEPTION(NetSSL_API, SSLContextException, SSLException)
POCO_DECLARE_EXCEPTION(NetSSL_API, InvalidCertificateException, SSLException)
POCO_DECLARE_EXCEPTION(NetSSL_API, CertificateValidationException, SSLException)
} } // namespace Poco::Net

4
NetSSL_OpenSSL/include/Poco/Net/SSLInitializer.h
View File

@@ -1,7 +1,7 @@
//
// SSLInitializer.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SSLInitializer.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SSLInitializer.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the SSLInitializer class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

62
NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
View File

@@ -1,7 +1,7 @@
//
// SSLManager.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the SSLManager class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -59,19 +59,23 @@ class Context;
class NetSSL_API SSLManager
/// Class SSLManager. Singleton for holding the default server/client Context and PrivateKeyPassphraseHandler.
/// SSLManager is a singleton for holding the default server/client
/// Context and PrivateKeyPassphraseHandler.
///
/// Either initialize via Poco::Util::Application or via the
/// initialize methods of the singleton. Note that the latter initialization must happen very early
/// during program startup before somebody calls defaultClientContext()/defaultServerContext()
/// or any of the passPhraseHandler methods (which tries to auto-initialize
/// the context and passphrase handler based on an Poco::Util::Application configuration).
///
/// An exemplary documentation which sets either the server or client defaultcontext and creates a PrivateKeyPassphraseHandler
/// that reads the password from the XML file looks like this:
///
/// <AppConfig>
/// <openSSL>
/// <server|client>
/// <privateKeyFile>any.pem</privateKeyFile>
/// <privateKeyFile>mycert.key</privateKeyFile>
/// <certificateFile>mycert.crt</certificateFile>
/// <caConfig>rootcert.pem</caConfig>
/// <verificationMode>relaxed</verificationMode>
/// <verificationDepth>9</verificationDepth>
@@ -91,56 +95,59 @@ class NetSSL_API SSLManager
/// </server|client>
/// </openSSL>
/// </AppConfig>
///
{
public:
typedef Poco::SharedPtr<Context> ContextPtr;
typedef Poco::SharedPtr<PrivateKeyPassphraseHandler> PrivateKeyPassphraseHandlerPtr;
typedef Poco::SharedPtr<InvalidCertificateHandler> InvalidCertificateHandlerPtr;
Poco::BasicEvent<VerificationErrorArgs> ServerVerificationError;
/// Thrown whenever a certificate error is detected by the server during a handshake
Poco::BasicEvent<VerificationErrorArgs> ServerVerificationError;
/// Thrown whenever a certificate error is detected by the server during a handshake.
Poco::BasicEvent<VerificationErrorArgs> ClientVerificationError;
/// Thrown whenever a certificate error is detected by the client during a handshake
Poco::BasicEvent<VerificationErrorArgs> ClientVerificationError;
/// Thrown whenever a certificate error is detected by the client during a handshake.
Poco::BasicEvent<std::string> PrivateKeyPassPhrase;
/// Thrown when a encrypted certificate is loaded. Not setting the passwd
/// Thrown when a encrypted certificate is loaded. Not setting the password
/// in the event parameter will result in a failure to load the certificate.
///
/// Per default the SSLManager checks the configuration.xml file (path openSSL.privateKeyPassphraseHandler.name)
/// which default delegate it should register. If nothing is configured,
/// for which default delegate it should register. If nothing is configured,
/// a KeyConsoleHandler is used.
static SSLManager& instance();
/// Returns the instance of the SSLManager singleton.
void initializeServer(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseHandler, InvalidCertificateHandlerPtr& ptrHandler, ContextPtr ptrContext);
void initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassPhraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext);
/// Initializes the server side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method
/// is never called the SSLmanager will try to initialize its members from an application configuration.
///
/// Note: ALWAYS create the handlers before you create the context!
///
/// Valid initialization code would be:
/// SharedPtr<PrivateKeyPassphraseHandler> ptrConsole = new KeyConsoleHandler();
/// SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler();
/// SharedPtr<Context> ptrContext = new Context("any.pem", "rootcert.pem", Context::Relaxed, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
/// Context::Ptr ptrContext = new Context("any.pem", "rootcert.pem", Context::Relaxed, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
///
/// This method can only be called, if no defaultContext is set yet.
/// This method can only be called if no defaultContext is set yet.
void initializeClient(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseHandler, InvalidCertificateHandlerPtr& ptrHandler, ContextPtr ptrContext);
void initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassPhraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext);
/// Initializes the client side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method
/// is never called the SSLmanager will try to initialize its members from an application configuration.
///
/// Note: ALWAYS create the handlers before you create the context!
///
/// Valid initialization code would be:
/// SharedPtr<PrivateKeyPassphraseHandler> ptrConsole = new KeyConsoleHandler();
/// SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler();
/// SharedPtr<Context> ptrContext = new Context("any.pem", "rootcert.pem", Context::Relaxed, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
/// Context::Ptr ptrContext = new Context("any.pem", "rootcert.pem", Context::Relaxed, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
///
/// This method can only be called, if no defaultContext is set yet.
/// This method can only be called if no defaultContext is set yet.
ContextPtr defaultServerContext();
Context::Ptr defaultServerContext();
/// Returns the default context used by the server. The first call to this method initializes the defaultContext
/// from an application configuration.
ContextPtr defaultClientContext();
Context::Ptr defaultClientContext();
/// Returns the default context used by the client. The first call to this method initializes the defaultContext
/// from an application configuration.
@@ -168,6 +175,10 @@ public:
/// Returns the CertificateHandlerFactoryMgr which stores the
/// factories for the different registered certificate handlers.
static const std::string CFG_SERVER_PREFIX;
static const std::string CFG_CLIENT_PREFIX;
protected:
static int verifyClientCallback(int ok, X509_STORE_CTX* pStore);
/// The return value of this method defines how errors in
/// verification are handled. Return 0 to terminate the handshake,
@@ -179,13 +190,10 @@ public:
/// or 1 to continue despite the error.
static int privateKeyPasswdCallback(char* pBuf, int size, int flag, void* userData);
/// Method is invoked by OpenSSl to retrieve a passwd for an encrypted certificate.
/// Method is invoked by OpenSSL to retrieve a passwd for an encrypted certificate.
/// The request is delegated to the PrivatekeyPassword event. This method returns the
/// length of the password.
static const std::string CFG_SERVER_PREFIX;
static const std::string CFG_CLIENT_PREFIX;
private:
SSLManager();
/// Creates the SSLManager.
@@ -212,14 +220,15 @@ private:
PrivateKeyFactoryMgr _factoryMgr;
CertificateHandlerFactoryMgr _certHandlerFactoryMgr;
ContextPtr _ptrDefaultServerContext;
Context::Ptr _ptrDefaultServerContext;
PrivateKeyPassphraseHandlerPtr _ptrServerPassPhraseHandler;
InvalidCertificateHandlerPtr _ptrServerCertificateHandler;
ContextPtr _ptrDefaultClientContext;
Context::Ptr _ptrDefaultClientContext;
PrivateKeyPassphraseHandlerPtr _ptrClientPassPhraseHandler;
InvalidCertificateHandlerPtr _ptrClientCertificateHandler;
static const std::string CFG_PRIV_KEY_FILE;
static const std::string CFG_CERTIFICATE_FILE;
static const std::string CFG_CA_LOCATION;
static const std::string CFG_VER_MODE;
static const Context::VerificationMode VAL_VER_MODE;
@@ -235,6 +244,7 @@ private:
static const std::string VAL_CERTIFICATE_HANDLER;
friend class Poco::SingletonHolder<SSLManager>;
friend class Context;
};

44
NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h
View File

@@ -1,7 +1,7 @@
//
// SecureServerSocket.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureServerSocket class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,6 +42,7 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/ServerSocket.h"
#include "Poco/Net/Context.h"
namespace Poco {
@@ -53,7 +54,15 @@ class NetSSL_API SecureServerSocket: public ServerSocket
{
public:
SecureServerSocket();
/// Creates a SSL server socket.
/// Creates a SSL server socket using the
/// default SSL server context.
///
/// The server socket must be bound to
/// an address and put into listening state.
explicit SecureServerSocket(Context::Ptr pContext);
/// Creates a SSL server socket, using the
/// given SSL context object.
///
/// The server socket must be bound to
/// an address and put into listening state.
@@ -61,11 +70,19 @@ public:
SecureServerSocket(const Socket& socket);
/// Creates the SecureServerSocket with the SocketImpl
/// from another socket. The SocketImpl must be
/// a ServerSocketImpl, otherwise an InvalidArgumentException
/// a SecureServerSocketImpl, otherwise an InvalidArgumentException
/// will be thrown.
SecureServerSocket(const SocketAddress& address, int backlog = 64);
/// Creates a server socket, binds it
/// Creates a server socket using the default server SSL context,
/// binds it to the given address and puts it in listening
/// state.
///
/// After successful construction, the server socket
/// is ready to accept connections.
SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext);
/// Creates a server socket using the given SSL context, binds it
/// to the given address and puts it in listening
/// state.
///
@@ -73,7 +90,15 @@ public:
/// is ready to accept connections.
SecureServerSocket(Poco::UInt16 port, int backlog = 64);
/// Creates a server socket, binds it
/// Creates a server socket using the default server SSL context,
/// binds it to the given port and puts it in listening
/// state.
///
/// After successful construction, the server socket
/// is ready to accept connections.
SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext);
/// Creates a server socket using the given SSL context, binds it
/// to the given port and puts it in listening
/// state.
///
@@ -97,7 +122,7 @@ public:
/// If the queue is empty, waits until a connection
/// request completes.
///
/// Returns a new SSL TCP socket for the connection
/// Returns a new SSL socket for the connection
/// with the client.
///
/// The client socket's address is returned in clientAddr.
@@ -109,8 +134,11 @@ public:
/// If the queue is empty, waits until a connection
/// request completes.
///
/// Returns a new TCP socket for the connection
/// Returns a new SSL socket for the connection
/// with the client.
Context::Ptr context() const;
/// Returns the SSL context used by this socket.
};

73
NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h
View File

@@ -1,7 +1,7 @@
//
// SecureServerSocketImpl.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureServerSocketImpl class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -43,6 +43,7 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/SecureSocketImpl.h"
#include "Poco/Net/ServerSocketImpl.h"
#include "Poco/Net/Context.h"
namespace Poco {
@@ -53,8 +54,9 @@ class NetSSL_API SecureServerSocketImpl: public ServerSocketImpl
/// The SocketImpl class for SecureServerSocket.
{
public:
SecureServerSocketImpl();
/// Creates the SecureServerSocketImpl.
SecureServerSocketImpl(Context::Ptr pContext);
/// Creates the SecureServerSocketImpl using the
/// given SSL context object.
SocketImpl* acceptConnection(SocketAddress& clientAddr);
/// Get the next completed connection from the
@@ -69,21 +71,19 @@ public:
/// The client socket's address is returned in clientAddr.
void connect(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
/// the TCP server at the given address.
/// Not supported by this kind of socket.
///
/// Can also be used for UDP sockets. In this case, no
/// connection is established. Instead, incoming and outgoing
/// packets are restricted to the specified address.
/// Throws a Poco::InvalidAccessException.
void connect(const SocketAddress& address, const Poco::Timespan& timeout);
/// Initializes the socket, sets the socket timeout and
/// establishes a connection to the TCP server at the given address.
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
void connectNB(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
/// the TCP server at the given address. Prior to opening the
/// connection the socket is set to nonblocking mode.
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
void bind(const SocketAddress& address, bool reuseAddress = false);
/// Bind a local address to the socket.
@@ -109,40 +109,32 @@ public:
/// Close the socket.
int sendBytes(const void* buffer, int length, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket. Any specified flags are ignored.
/// Not supported by this kind of socket.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
/// Throws a Poco::InvalidAccessException.
int receiveBytes(void* buffer, int length, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
/// Not supported by this kind of socket.
///
/// Returns the number of bytes received.
/// Throws a Poco::InvalidAccessException.
int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket to the given address.
/// Not supported by this kind of socket.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
/// Throws a Poco::InvalidAccessException.
int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
/// Stores the address of the sender in address.
/// Not supported by this kind of socket.
///
/// Returns the number of bytes received.
/// Throws a Poco::InvalidAccessException.
void sendUrgent(unsigned char data);
/// Sends one byte of urgent data through
/// the socket.
/// Not supported by this kind of socket.
///
/// The data is sent with the MSG_OOB flag.
///
/// The preferred way for a socket to receive urgent data
/// is by enabling the SO_OOBINLINE option.
/// Throws a Poco::InvalidAccessException.
Context::Ptr context() const;
/// Returns the SSL context used by this socket.
protected:
~SecureServerSocketImpl();
@@ -153,10 +145,19 @@ private:
SecureServerSocketImpl& operator = (const SecureServerSocketImpl&);
private:
SecureSocketImpl _socket;
SecureSocketImpl _impl;
};
//
// inlines
//
inline Context::Ptr SecureServerSocketImpl::context() const
{
return _impl.context();
}
} } // namespace Poco::Net

144
NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
View File

@@ -1,7 +1,7 @@
//
// SecureSocketImpl.h
//
// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h#2 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureSocketImpl class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,7 +42,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/SocketImpl.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
#include <openssl/bio.h>
#include <openssl/ssl.h>
@@ -58,11 +59,9 @@ class NetSSL_API SecureSocketImpl
/// The SocketImpl for SecureStreamSocket.
{
public:
SecureSocketImpl();
/// Creates the SecureSocketImpl.
SecureSocketImpl(SSL* _pSSL);
/// Creates the SecureSocketImpl.
SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext);
/// Creates the SecureSocketImpl using an already
/// connected stream socket.
virtual ~SecureSocketImpl();
/// Destroys the SecureSocketImpl.
@@ -74,33 +73,36 @@ public:
/// If the queue is empty, waits until a connection
/// request completes.
///
/// Returns a new TCP socket for the connection
/// Returns a new SSL socket for the connection
/// with the client.
///
/// The client socket's address is returned in clientAddr.
void connect(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
void acceptSSL();
/// Performs a server-side SSL handshake and certificate verification.
void connect(const SocketAddress& address, const std::string& hostName);
/// Initializes the socket and establishes a secure connection to
/// the TCP server at the given address.
///
/// Can also be used for UDP sockets. In this case, no
/// connection is established. Instead, incoming and outgoing
/// packets are restricted to the specified address.
void connect(const SocketAddress& address, const Poco::Timespan& timeout);
void connect(const SocketAddress& address, const std::string& hostName, const Poco::Timespan& timeout);
/// Initializes the socket, sets the socket timeout and
/// establishes a connection to the TCP server at the given address.
/// establishes a secure connection to the TCP server at the given address.
void connectNB(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
void connectNB(const SocketAddress& address, const std::string& hostName);
/// Initializes the socket and establishes a secure connection to
/// the TCP server at the given address. Prior to opening the
/// connection the socket is set to nonblocking mode.
void connectSSL(const std::string& hostName);
/// Performs a client-side SSL handshake and establishes a secure
/// connection over an already existing TCP connection.
void bind(const SocketAddress& address, bool reuseAddress = false);
/// Bind a local address to the socket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// socket. SSL clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
@@ -116,6 +118,11 @@ public:
/// number of connections that can be queued
/// for this socket.
void shutdown();
/// Shuts down the connection by attempting
/// an orderly SSL shutdown, then actually
/// shutting down the TCP connection.
void close();
/// Close the socket.
@@ -132,75 +139,33 @@ public:
///
/// Returns the number of bytes received.
int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket to the given address.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
/// Stores the address of the sender in address.
///
/// Returns the number of bytes received.
void sendUrgent(unsigned char data);
/// Sends one byte of urgent data through
/// the socket.
///
/// The data is sent with the MSG_OOB flag.
///
/// The preferred way for a socket to receive urgent data
/// is by enabling the SO_OOBINLINE option.
poco_socket_t sockfd();
// Returns the socket.
/// Returns the underlying socket descriptor.
void setTunnelEndPoint(const std::string& endHost, Poco::UInt16 endPort);
/// Due to the fact that SSLConnections that run over proxies require
/// a different connect phase (ie send an unencrypted HTTP CONNECT before
/// establishing, we must inform the socket that is only used as a proxy
/// that works as a tunnel to the given endPoint.
/// Only call this method on disconnected sockets.
static long postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName);
X509* peerCertificate() const;
/// Returns the peer's certificate.
Context::Ptr context() const;
/// Returns the SSL context used for this socket.
protected:
void setSockfd(poco_socket_t sock);
/// Set a socket description iff no socket is already set.
void invalidate();
/// Invalidate the current socket. Must only be called on closed sockets.
static long postConnectionCheck(bool onServer, SSL* pSSL, const std::string& host);
long verifyCertificate(const std::string& hostName);
/// PostConnectionCheck to verify that a peer really presented a valid certificate.
/// if onserver is false, used by clients to verify that a server is really the one it claims.
/// if onserver is true, used by the server to verify that a client is really the one it claims.
static bool isLocalHost(const std::string& hostName);
/// Returns true iff the given host name is the local host
/// (either "localhost" or "127.0.0.1").
int handleError(int rc);
/// Handles an SSL error by throwing an appropriate exception.
void connectSSL(const SocketAddress& address);
/// Creates and connects an SSL connection. Set _pSSL on success or exception otherwise.
void establishTunnel();
/// Creates a socket to the proxy and sends CONNECT.
static bool containsWildcards(const std::string& commonName);
/// Checks if the commonName of a certificate contains wildcards
static bool matchByAlias(const std::string& alias, const HostEntry& heData);
/// Checks if the alias is contained in heData
private:
private:
SecureSocketImpl(const SecureSocketImpl&);
SecureSocketImpl& operator = (const SecureSocketImpl&);
private:
BIO* _pBIO;
SSL* _pSSL;
SocketImpl _socket;
std::string _endHost;
Poco::UInt16 _endPort;
Poco::AutoPtr<SocketImpl> _pSocket;
Context::Ptr _pContext;
};
@@ -209,28 +174,13 @@ private:
//
inline poco_socket_t SecureSocketImpl::sockfd()
{
return _socket.sockfd();
return _pSocket->sockfd();
}
inline void SecureSocketImpl::setSockfd(poco_socket_t sock)
inline Context::Ptr SecureSocketImpl::context() const
{
_socket.setSockfd(sock);
}
inline void SecureSocketImpl::invalidate()
{
_socket.invalidate();
}
inline void SecureSocketImpl::setTunnelEndPoint(const std::string& endHost, Poco::UInt16 endPort)
{
poco_assert (endPort != 0 && !endHost.empty());
_endHost = endHost;
_endPort = endPort;
return _pContext;
}

98
NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h
View File

@@ -1,7 +1,7 @@
//
// SecureStreamSocket.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureStreamSocket class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,6 +42,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/StreamSocket.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
namespace Poco {
@@ -50,22 +52,72 @@ namespace Net {
class NetSSL_API SecureStreamSocket: public StreamSocket
/// A subclass of StreamSocket for secure SSL sockets.
///
/// A few notes about nonblocking IO:
/// sendBytes() and receiveBytes() can return a
/// negative value when using a nonblocking socket, which means
/// a SSL handshake is currently in progress and more data
/// needs to be read or written for the handshake to continue.
/// If sendBytes() or receiveBytes() return ERR_SSL_WANT_WRITE,
/// sendBytes() must be called as soon as possible (usually, after
/// select() indicates that data can be written). Likewise, if
/// ERR_SSL_WANT_READ is returned, receiveBytes() must be called
/// as soon as data is available for reading (indicated by select()).
///
/// The SSL handshake is delayed until the first sendBytes() or
/// receiveBytes() operation is performed on the socket. No automatic
/// post connection check (checking the peer certificate for a valid
/// hostname) is performed when using nonblocking I/O.
{
public:
enum
{
ERR_SSL_WANT_READ = -1,
ERR_SSL_WANT_WRITE = -2
};
SecureStreamSocket();
/// Creates an unconnected stream socket.
/// Creates an unconnected secure stream socket
/// using the default client SSL context.
///
/// Before sending or receiving data, the socket
/// must be connected with a call to connect().
SecureStreamSocket(const SocketAddress& address);
/// Creates a stream socket and connects it to
explicit SecureStreamSocket(Context::Ptr pContext);
/// Creates an unconnected secure stream socket
/// using the given SSL context.
///
/// Before sending or receiving data, the socket
/// must be connected with a call to connect().
explicit SecureStreamSocket(const SocketAddress& address);
/// Creates a secure stream socket using the default
/// client SSL context and connects it to
/// the socket specified by address.
SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext);
/// Creates a secure stream socket using the given
/// client SSL context and connects it to
/// the socket specified by address.
SecureStreamSocket(const SocketAddress& address, const std::string& hostName);
/// Creates a secure stream socket using the default
/// client SSL context and connects it to
/// the socket specified by address.
///
/// The given host name is used for certificate verification.
SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext);
/// Creates a secure stream socket using the given
/// client SSL context and connects it to
/// the socket specified by address.
///
/// The given host name is used for certificate verification.
SecureStreamSocket(const Socket& socket);
/// Creates the StreamSocket with the SocketImpl
/// Creates the SecureStreamSocket with the SocketImpl
/// from another socket. The SocketImpl must be
/// a StreamSocketImpl, otherwise an InvalidArgumentException
/// a SecureStreamSocketImpl, otherwise an InvalidArgumentException
/// will be thrown.
virtual ~SecureStreamSocket();
@@ -77,6 +129,38 @@ public:
/// Releases the socket's SocketImpl and
/// attaches the SocketImpl from the other socket and
/// increments the reference count of the SocketImpl.
X509Certificate peerCertificate() const;
/// Returns the peer's X509 certificate.
void setPeerHostName(const std::string& hostName);
/// Sets the peer's host name used for certificate validation.
const std::string& getPeerHostName() const;
/// Returns the peer's host name used for certificate validation.
static SecureStreamSocket attach(const StreamSocket& streamSocket);
/// Creates a SecureStreamSocket over an existing socket
/// connection. The given StreamSocket must be connected.
/// A SSL handshake will be performed.
static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext);
/// Creates a SecureStreamSocket over an existing socket
/// connection. The given StreamSocket must be connected.
/// A SSL handshake will be performed.
static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName);
/// Creates a SecureStreamSocket over an existing socket
/// connection. The given StreamSocket must be connected.
/// A SSL handshake will be performed.
static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext);
/// Creates a SecureStreamSocket over an existing socket
/// connection. The given StreamSocket must be connected.
/// A SSL handshake will be performed.
Context::Ptr context() const;
/// Returns the SSL context used by this socket.
protected:
SecureStreamSocket(SocketImpl* pImpl);

151
NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h
View File

@@ -1,7 +1,7 @@
//
// SecureStreamSocketImpl.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureStreamSocketImpl class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -43,6 +43,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/SecureSocketImpl.h"
#include "Poco/Net/StreamSocketImpl.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
namespace Poco {
@@ -50,26 +52,22 @@ namespace Net {
class NetSSL_API SecureStreamSocketImpl: public StreamSocketImpl
/// This class implements a SSL TCP socket.
/// This class implements a SSL stream socket.
{
public:
SecureStreamSocketImpl();
SecureStreamSocketImpl(Context::Ptr pContext);
/// Creates the SecureStreamSocketImpl.
SecureStreamSocketImpl(SSL* _pSSL);
/// Creates a SecureStreamSocketImpl using the given native socket.
SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext);
/// Creates the SecureStreamSocketImpl.
SocketImpl* acceptConnection(SocketAddress& clientAddr);
/// Get the next completed connection from the
/// socket's completed connection queue.
/// Not supported by a SecureStreamSocket.
///
/// If the queue is empty, waits until a connection
/// request completes.
///
/// Returns a new TCP socket for the connection
/// with the client.
///
/// The client socket's address is returned in clientAddr.
/// Throws a Poco::InvalidAccessException.
void acceptSSL();
/// Performs a SSL server-side handshake.
void connect(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
@@ -87,26 +85,19 @@ public:
/// Initializes the socket and establishes a connection to
/// the TCP server at the given address. Prior to opening the
/// connection the socket is set to nonblocking mode.
void connectSSL();
/// Performs a SSL client-side handshake on an already connected TCP socket.
void bind(const SocketAddress& address, bool reuseAddress = false);
/// Bind a local address to the socket.
/// Not supported by a SecureStreamSocket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
/// socket option.
/// Throws a Poco::InvalidAccessException.
void listen(int backlog = 64);
/// Puts the socket into listening state.
/// Not supported by a SecureStreamSocket.
///
/// The socket becomes a passive socket that
/// can accept incoming connection requests.
///
/// The backlog argument specifies the maximum
/// number of connections that can be queued
/// for this socket.
/// Throws a Poco::InvalidAccessException.
void close();
/// Close the socket.
@@ -125,45 +116,63 @@ public:
/// Returns the number of bytes received.
int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket to the given address.
/// Not supported by a SecureStreamSocket.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
/// Throws a Poco::InvalidAccessException.
int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
/// Stores the address of the sender in address.
/// Not supported by a SecureStreamSocket.
///
/// Returns the number of bytes received.
/// Throws a Poco::InvalidAccessException.
void sendUrgent(unsigned char data);
/// Sends one byte of urgent data through
/// the socket.
/// Not supported by a SecureStreamSocket.
///
/// The data is sent with the MSG_OOB flag.
///
/// The preferred way for a socket to receive urgent data
/// is by enabling the SO_OOBINLINE option.
/// Throws a Poco::InvalidAccessException.
void setTunnelEndPoint(const std::string& host, Poco::UInt16 port);
/// Due to the fact that SSLConnections that run over proxies require
/// a different connect phase (ie send an unencrypted HTTP CONNECT before
/// establishing, we must inform the socket that it is only used as a proxy
/// that works as a tunnel to the given endPoint.
/// Only call this method on disconnected sockets.
void shutdownReceive();
/// Shuts down the receiving part of the socket connection.
///
/// Since SSL does not support a half shutdown, this does
/// nothing.
void shutdownSend();
/// Shuts down the receiving part of the socket connection.
///
/// Since SSL does not support a half shutdown, this does
/// nothing.
void shutdown();
/// Shuts down the SSL connection.
void setPeerHostName(const std::string& hostName);
/// Sets the peer host name for certificate validation purposes.
const std::string& getPeerHostName() const;
/// Returns the peer host name.
X509Certificate peerCertificate() const;
/// Returns the peer's X509 certificate.
Context::Ptr context() const;
/// Returns the SSL context used by this socket.
protected:
~SecureStreamSocketImpl();
/// Destroys the SecureStreamSocketImpl.
static int lastError();
static void error();
static void error(const std::string& arg);
static void error(int code);
static void error(int code, const std::string& arg);
private:
SecureStreamSocketImpl(const SecureStreamSocketImpl&);
SecureStreamSocketImpl& operator = (const SecureStreamSocketImpl&);
private:
SecureSocketImpl _socket;
SecureSocketImpl _impl;
std::string _peerHostName;
friend class SecureSocketImpl;
};
@@ -172,9 +181,45 @@ private:
//
// inlines
//
inline void SecureStreamSocketImpl::setTunnelEndPoint(const std::string& host, Poco::UInt16 port)
inline const std::string& SecureStreamSocketImpl::getPeerHostName() const
{
_socket.setTunnelEndPoint(host, port);
return _peerHostName;
}
inline Context::Ptr SecureStreamSocketImpl::context() const
{
return _impl.context();
}
inline int SecureStreamSocketImpl::lastError()
{
return SocketImpl::lastError();
}
inline void SecureStreamSocketImpl::error()
{
return SocketImpl::error();
}
inline void SecureStreamSocketImpl::error(const std::string& arg)
{
return SocketImpl::error(arg);
}
inline void SecureStreamSocketImpl::error(int code)
{
return SocketImpl::error(code);
}
inline void SecureStreamSocketImpl::error(int code, const std::string& arg)
{
return SocketImpl::error(code, arg);
}

20
NetSSL_OpenSSL/include/Poco/Net/Utility.h
View File

@@ -1,7 +1,7 @@
//
// Utility.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/Utility.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/Utility.h#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the Utility class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -49,20 +49,22 @@ namespace Net {
class NetSSL_API Utility
/// Class Utility. helper class for init & shutdown of the OpenSSL library
/// This class provides various helper functions for working
/// with the OpenSSL library.
{
public:
static int HTTPS_PORT;
/// Default port value for HHTPS
static Context::VerificationMode convertVerificationMode(const std::string& verMode);
/// Non-case sensitive conversion of a string to a VerificationMode enum.
/// If verMode is illegal an OptionException is thrown.
/// If verMode is illegal an InvalidArgumentException is thrown.
static std::string convertCertificateError(long errCode);
/// Converts an SSL error code into human readable form
/// Converts an SSL certificate handling error code into an error message.
static std::string convertSSLError(SSL* pSSL, int errCode);
static std::string getLastError();
/// Returns the last error from the error stack
static void clearErrorStack();
/// Clears the error stack
};

4
NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h
View File

@@ -1,7 +1,7 @@
//
// VerificationErrorArgs.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the VerificationErrorArgs class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

69
NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
View File

@@ -1,7 +1,7 @@
//
// X509Certificate.h
//
// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h#3 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h#11 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the X509Certificate class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,7 +42,9 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/Context.h"
#include "Poco/DateTime.h"
#include "Poco/SharedPtr.h"
#include <set>
#include <openssl/ssl.h>
@@ -50,21 +52,34 @@ namespace Poco {
namespace Net {
class HostEntry;
class NetSSL_API X509Certificate
/// This class represents an X509 Certificate.
/// This class represents a X509 Certificate.
{
public:
X509Certificate(const std::string& file);
/// Loads the X509Certificate from the file
explicit X509Certificate(std::istream& istr);
/// Creates the X509Certificate object by reading
/// a certificate in PEM format from a stream.
X509Certificate(X509* pCert);
/// Creates the X509Certificate.
explicit X509Certificate(const std::string& path);
/// Creates the X509Certificate object by reading
/// a certificate in PEM format from a file.
X509Certificate(const X509Certificate&);
explicit X509Certificate(X509* pCert);
/// Creates the X509Certificate from an existing
/// OpenSSL certificate. Ownership is taken of
/// the certificate.
X509Certificate& operator=(const X509Certificate&);
X509Certificate(const X509Certificate& cert);
/// Creates the certificate by copying another one.
X509Certificate& operator = (const X509Certificate& cert);
/// Assigns a certificate.
void swap(X509Certificate& cert);
/// Exchanges the certificate with another one.
~X509Certificate();
/// Destroys the X509Certificate.
@@ -75,21 +90,39 @@ public:
const std::string& subjectName() const;
/// Returns the certificate subject name.
const X509* certificate() const;
/// Returns the OpenSSL certificate.
bool verify(const std::string& hostName, Poco::SharedPtr<Context> ptr);
/// Verifies the validity of the certificate against the hostname.
std::string commonName() const;
/// Returns the common name stored in the certificate.
private:
void initialize();
/// Extracts data from _pCert. Assumes _pCert != 0.
const X509* certificate() const;
/// Returns the underlying OpenSSL certificate.
long verify(const std::string& hostName) const;
/// Verifies the validity of the certificate against the host name.
void extractNames(std::string& commonName, std::set<std::string>& domainNames) const;
/// Extracts the common name and the alias domain names from the
/// certificate.
Poco::DateTime validFrom() const;
/// Returns the date and time the certificate is valid from.
Poco::DateTime expiresOn() const;
/// Returns the date and time the certificate expires.
protected:
void init();
static bool containsWildcards(const std::string& commonName);
static bool matchByAlias(const std::string& alias, const HostEntry& heData);
private:
enum
{
NAME_BUFFER_SIZE = 256
};
std::string _issuerName;
std::string _subjectName;
X509* _pCert;
std::string _file;
};