NetSSL library refactoring

2025-10-13 22:50:17 +02:00 · 2009-02-23 20:56:01 +00:00
parent f345a6c6e2
commit 75a07d7983
103 changed files with 9549 additions and 1453 deletions
--- a/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
@@ -1,7 +1,7 @@
 //
 // SecureSocketImpl.h
 //
-// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h#2 $
+// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h#8 $
 //
 // Library: NetSSL_OpenSSL
 // Package: SSLSockets
@@ -9,7 +9,7 @@
 //
 // Definition of the SecureSocketImpl class.
 //
-// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
 // and Contributors.
 //
 // Permission is hereby granted, free of charge, to any person or organization
@@ -42,7 +42,8 @@

 #include "Poco/Net/NetSSL.h"
 #include "Poco/Net/SocketImpl.h"
-#include "Poco/Net/SSLManager.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/X509Certificate.h"
 #include <openssl/bio.h>
 #include <openssl/ssl.h>

@@ -58,11 +59,9 @@ class NetSSL_API SecureSocketImpl
 	/// The SocketImpl for SecureStreamSocket.
 {
 public:
-	SecureSocketImpl();
-		/// Creates the SecureSocketImpl.
-
-	SecureSocketImpl(SSL* _pSSL);
-		/// Creates the SecureSocketImpl.
+	SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext);
+		/// Creates the SecureSocketImpl using an already
+		/// connected stream socket.

 	virtual ~SecureSocketImpl();
 		/// Destroys the SecureSocketImpl.
@@ -74,33 +73,36 @@ public:
 		/// If the queue is empty, waits until a connection
 		/// request completes.
 		///
-		/// Returns a new TCP socket for the connection
+		/// Returns a new SSL socket for the connection
 		/// with the client.
 		///
 		/// The client socket's address is returned in clientAddr.
 	
-	void connect(const SocketAddress& address);
-		/// Initializes the socket and establishes a connection to 
+	void acceptSSL();
+		/// Performs a server-side SSL handshake and certificate verification.
+	
+	void connect(const SocketAddress& address, const std::string& hostName);
+		/// Initializes the socket and establishes a secure connection to 
 		/// the TCP server at the given address.
-		///
-		/// Can also be used for UDP sockets. In this case, no
-		/// connection is established. Instead, incoming and outgoing
-		/// packets are restricted to the specified address.

-	void connect(const SocketAddress& address, const Poco::Timespan& timeout);
+	void connect(const SocketAddress& address, const std::string& hostName, const Poco::Timespan& timeout);
 		/// Initializes the socket, sets the socket timeout and 
-		/// establishes a connection to the TCP server at the given address.
+		/// establishes a secure connection to the TCP server at the given address.

-	void connectNB(const SocketAddress& address);
-		/// Initializes the socket and establishes a connection to 
+	void connectNB(const SocketAddress& address, const std::string& hostName);
+		/// Initializes the socket and establishes a secure connection to 
 		/// the TCP server at the given address. Prior to opening the
 		/// connection the socket is set to nonblocking mode.
+
+	void connectSSL(const std::string& hostName);
+		/// Performs a client-side SSL handshake and establishes a secure 
+		/// connection over an already existing TCP connection.
 	
 	void bind(const SocketAddress& address, bool reuseAddress = false);
 		/// Bind a local address to the socket.
 		///
 		/// This is usually only done when establishing a server
-		/// socket. TCP clients should not bind a socket to a
+		/// socket. SSL clients should not bind a socket to a
 		/// specific address.
 		///
 		/// If reuseAddress is true, sets the SO_REUSEADDR
@@ -116,6 +118,11 @@ public:
 		/// number of connections that can be queued
 		/// for this socket.

+	void shutdown();
+		/// Shuts down the connection by attempting
+		/// an orderly SSL shutdown, then actually
+		/// shutting down the TCP connection.
+
 	void close();
 		/// Close the socket.
 	
@@ -132,75 +139,33 @@ public:
 		///
 		/// Returns the number of bytes received.
 	
-	int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
-		/// Sends the contents of the given buffer through
-		/// the socket to the given address.
-		///
-		/// Returns the number of bytes sent, which may be
-		/// less than the number of bytes specified.
-	
-	int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
-		/// Receives data from the socket and stores it
-		/// in buffer. Up to length bytes are received.
-		/// Stores the address of the sender in address.
-		///
-		/// Returns the number of bytes received.
-	
-	void sendUrgent(unsigned char data);
-		/// Sends one byte of urgent data through
-		/// the socket.
-		///
-		/// The data is sent with the MSG_OOB flag.
-		///
-		/// The preferred way for a socket to receive urgent data
-		/// is by enabling the SO_OOBINLINE option.
-
 	poco_socket_t sockfd();
-		// Returns the socket.
+		/// Returns the underlying socket descriptor.

-	void setTunnelEndPoint(const std::string& endHost, Poco::UInt16 endPort);
-		/// Due to the fact that SSLConnections that run over proxies require
-		/// a different connect phase (ie send an unencrypted HTTP CONNECT before
-		/// establishing, we must inform the socket that is only used as a proxy
-		/// that works as a tunnel to the given endPoint.
-		/// Only call this method on disconnected sockets.
-
-	static long postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName);
+	X509* peerCertificate() const;
+		/// Returns the peer's certificate.
+		
+	Context::Ptr context() const;
+		/// Returns the SSL context used for this socket.

 protected:
-	void setSockfd(poco_socket_t sock);
-		/// Set a socket description iff no socket is already set.
-
-	void invalidate();
-		/// Invalidate the current socket. Must only be called on closed sockets.
-
-	static long postConnectionCheck(bool onServer, SSL* pSSL, const std::string& host);
+	long verifyCertificate(const std::string& hostName);
 		/// PostConnectionCheck to verify that a peer really presented a valid certificate.
-		/// if onserver is false, used by clients to verify that a server is really the one it claims.
-		/// if onserver is true, used by the server to verify that a client is really the one it claims.
+		
+	static bool isLocalHost(const std::string& hostName);
+		/// Returns true iff the given host name is the local host 
+		/// (either "localhost" or "127.0.0.1").
+		
+	int handleError(int rc);
+		/// Handles an SSL error by throwing an appropriate exception.

-	void connectSSL(const SocketAddress& address);
-		/// Creates and connects an SSL connection. Set _pSSL on success or exception otherwise.
-
-	void establishTunnel();
-		/// Creates a socket to the proxy and sends CONNECT.
-
-	static bool containsWildcards(const std::string& commonName);
-		/// Checks if the commonName of a certificate contains wildcards
-
-	static bool matchByAlias(const std::string& alias, const HostEntry& heData);
-		/// Checks if the alias is contained in heData
-
-private:
+private:	
 	SecureSocketImpl(const SecureSocketImpl&);
 	SecureSocketImpl& operator = (const SecureSocketImpl&);

-private:
-	BIO* _pBIO;
 	SSL* _pSSL;
-	SocketImpl   _socket;
-	std::string  _endHost;
-	Poco::UInt16 _endPort;
+	Poco::AutoPtr<SocketImpl> _pSocket;
+	Context::Ptr _pContext;
 };


@@ -209,28 +174,13 @@ private:
 //
 inline poco_socket_t SecureSocketImpl::sockfd()
 {
-	return _socket.sockfd();
+	return _pSocket->sockfd();
 }


-inline void SecureSocketImpl::setSockfd(poco_socket_t sock)
+inline Context::Ptr SecureSocketImpl::context() const
 {
-	_socket.setSockfd(sock);
-}
-
-
-inline void SecureSocketImpl::invalidate()
-{
-	_socket.invalidate();
-}
-
-
-inline void SecureSocketImpl::setTunnelEndPoint(const std::string& endHost, Poco::UInt16 endPort)
-{
-	poco_assert (endPort != 0 && !endHost.empty());
-
-	_endHost = endHost;
-	_endPort = endPort;
+	return _pContext;
 }