generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-13 14:45:36 +02:00
Code Issues Projects Releases Wiki Activity

NetSSL library refactoring

Browse Source
This commit is contained in:
Guenter Obiltschnig
2009-02-23 20:56:01 +00:00
parent f345a6c6e2
commit 75a07d7983
103 changed files with 9549 additions and 1453 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Foundation/src/DateTimeParser.cpp
View File

@@ -1,7 +1,7 @@
//
// DateTimeParser.cpp
//
// $Id: //poco/svn/Foundation/src/DateTimeParser.cpp#3 $
// $Id: //poco/Main/Foundation/src/DateTimeParser.cpp#18 $
//
// Library: Foundation
// Package: DateTime
@@ -103,14 +103,11 @@ void DateTimeParser::parse(const std::string& fmt, const std::string& str, DateT
break;
case 'y':
SKIP_JUNK();
PARSE_NUMBER(year);
if (year < 1000)
{
PARSE_NUMBER_N(year, 2);
if (year >= 70)
year += 1900;
else
year += 2000;
}
break;
case 'Y':
SKIP_JUNK();

4
Net/include/Poco/Net/DatagramSocket.h
View File

@@ -1,7 +1,7 @@
//
// DatagramSocket.h
//
// $Id: //poco/svn/Net/include/Poco/Net/DatagramSocket.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/DatagramSocket.h#3 $
//
// Library: Net
// Package: Sockets
@@ -56,7 +56,7 @@ public:
DatagramSocket();
/// Creates an unconnected IPv4 datagram socket.
DatagramSocket(IPAddress::Family family);
explicit DatagramSocket(IPAddress::Family family);
/// Creates an unconnected datagram socket.
///
/// The socket will be created for the

4
Net/include/Poco/Net/DialogSocket.h
View File

@@ -1,7 +1,7 @@
//
// DialogSocket.h
//
// $Id: //poco/svn/Net/include/Poco/Net/DialogSocket.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/DialogSocket.h#3 $
//
// Library: Net
// Package: Sockets
@@ -70,7 +70,7 @@ public:
/// Before sending or receiving data, the socket
/// must be connected with a call to connect().
DialogSocket(const SocketAddress& address);
explicit DialogSocket(const SocketAddress& address);
/// Creates a stream socket and connects it to
/// the socket specified by address.

7
Net/include/Poco/Net/HTTPClientSession.h
View File

@@ -1,7 +1,7 @@
//
// HTTPClientSession.h
//
// $Id: //poco/svn/Net/include/Poco/Net/HTTPClientSession.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/HTTPClientSession.h#7 $
//
// Library: Net
// Package: HTTPClient
@@ -169,8 +169,9 @@ protected:
int write(const char* buffer, std::streamsize length);
/// Tries to re-connect if keep-alive is on.
virtual std::string getHostInfo() const;
/// Returns the target host and port number for proxy requests.
virtual std::string proxyRequestPrefix() const;
/// Returns the prefix prepended to the URI for proxy requests
/// (e.g., "http://myhost.com").
void deleteResponseStream();
/// Deletes the response stream and sets it to 0.

12
Net/include/Poco/Net/HTTPSession.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSession.h
//
// $Id: //poco/Main/Net/include/Poco/Net/HTTPSession.h#5 $
// $Id: //poco/Main/Net/include/Poco/Net/HTTPSession.h#7 $
//
// Library: Net
// Package: HTTP
@@ -97,6 +97,12 @@ public:
HTTP_PORT = 80
};
StreamSocket detachSocket();
/// Detaches the socket from the session.
///
/// The socket is returned, and a new, uninitialized socket is
/// attached to the session.
protected:
HTTPSession();
/// Creates a HTTP session using an
@@ -154,6 +160,10 @@ protected:
/// Connects the underlying socket to the given address
/// and sets the socket's receive timeout.
void attachSocket(const StreamSocket& socket);
/// Attaches a socket to the session, replacing the
/// previously attached socket.
void close();
/// Closes the underlying socket.

6
Net/include/Poco/Net/HTTPStreamFactory.h
View File

@@ -1,7 +1,7 @@
//
// HTTPStreamFactory.h
//
// $Id: //poco/svn/Net/include/Poco/Net/HTTPStreamFactory.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/HTTPStreamFactory.h#3 $
//
// Library: Net
// Package: HTTP
@@ -84,6 +84,10 @@ public:
/// Registers the HTTPStreamFactory with the
/// default URIStreamOpener instance.
static void unregisterFactory();
/// Unregisters the HTTPStreamFactory with the
/// default URIStreamOpener instance.
private:
enum
{

4
Net/include/Poco/Net/MulticastSocket.h
View File

@@ -1,7 +1,7 @@
//
// MulticastSocket.h
//
// $Id: //poco/svn/Net/include/Poco/Net/MulticastSocket.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/MulticastSocket.h#3 $
//
// Library: Net
// Package: Sockets
@@ -58,7 +58,7 @@ public:
MulticastSocket();
/// Creates the MulticastSocket.
MulticastSocket(IPAddress::Family family);
explicit MulticastSocket(IPAddress::Family family);
/// Creates an unconnected datagram socket.
///
/// The socket will be created for the

4
Net/include/Poco/Net/POP3ClientSession.h
View File

@@ -1,7 +1,7 @@
//
// POP3ClientSession.h
//
// $Id: //poco/svn/Net/include/Poco/Net/POP3ClientSession.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/POP3ClientSession.h#3 $
//
// Library: Net
// Package: Mail
@@ -76,7 +76,7 @@ public:
typedef std::vector<MessageInfo> MessageInfoVec;
POP3ClientSession(const StreamSocket& socket);
explicit POP3ClientSession(const StreamSocket& socket);
/// Creates the POP3ClientSession using
/// the given socket, which must be connected
/// to a POP3 server.

6
Net/include/Poco/Net/SMTPClientSession.h
View File

@@ -1,7 +1,7 @@
//
// SMTPClientSession.h
//
// $Id: //poco/Main/Net/include/Poco/Net/SMTPClientSession.h#4 $
// $Id: //poco/Main/Net/include/Poco/Net/SMTPClientSession.h#5 $
//
// Library: Net
// Package: Mail
@@ -67,10 +67,10 @@ public:
{
AUTH_NONE,
AUTH_CRAM_MD5,
AUTH_LOGIN
AUTH_LOGIN,
};
SMTPClientSession(const StreamSocket& socket);
explicit SMTPClientSession(const StreamSocket& socket);
/// Creates the SMTPClientSession using
/// the given socket, which must be connected
/// to a SMTP server.

4
Net/include/Poco/Net/SocketAcceptor.h
View File

@@ -1,7 +1,7 @@
//
// SocketAcceptor.h
//
// $Id: //poco/svn/Net/include/Poco/Net/SocketAcceptor.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/SocketAcceptor.h#3 $
//
// Library: Net
// Package: Reactor
@@ -89,7 +89,7 @@ class SocketAcceptor
/// if special steps are necessary to create a ServiceHandler object.
{
public:
SocketAcceptor(ServerSocket& socket):
explicit SocketAcceptor(ServerSocket& socket):
_socket(socket),
_pReactor(0)
/// Creates an SocketAcceptor, using the given ServerSocket.

4
Net/include/Poco/Net/SocketConnector.h
View File

@@ -1,7 +1,7 @@
//
// SocketConnector.h
//
// $Id: //poco/svn/Net/include/Poco/Net/SocketConnector.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/SocketConnector.h#3 $
//
// Library: Net
// Package: Reactor
@@ -93,7 +93,7 @@ class SocketConnector
/// if special steps are necessary to create a ServiceHandler object.
{
public:
SocketConnector(SocketAddress& address):
explicit SocketConnector(SocketAddress& address):
_pReactor(0)
/// Creates a SocketConnector, using the given Socket.
{

18
Net/include/Poco/Net/SocketImpl.h
View File

@@ -1,7 +1,7 @@
//
// SocketImpl.h
//
// $Id: //poco/svn/Net/include/Poco/Net/SocketImpl.h#3 $
// $Id: //poco/Main/Net/include/Poco/Net/SocketImpl.h#6 $
//
// Library: Net
// Package: Sockets
@@ -335,7 +335,7 @@ public:
int socketError();
/// Returns the value of the SO_ERROR socket option.
poco_socket_t sockfd();
poco_socket_t sockfd() const;
/// Returns the socket descriptor for the
/// underlying native socket.
@@ -383,13 +383,9 @@ protected:
/// The third argument, proto, is normally set to 0,
/// except for raw sockets.
void setSockfd(poco_socket_t aSocket);
void reset(poco_socket_t fd = POCO_INVALID_SOCKET);
/// Allows subclasses to set the socket manually, iff no valid socket is set yet!
void invalidate();
/// Sets a socket to POCO_INVALID_SOCKET. It is assumed that the socket was closed
/// via a prior operation.
static int lastError();
/// Returns the last error code.
@@ -424,7 +420,7 @@ private:
//
// inlines
//
inline poco_socket_t SocketImpl::sockfd()
inline poco_socket_t SocketImpl::sockfd() const
{
return _sockfd;
}
@@ -446,12 +442,6 @@ inline int SocketImpl::lastError()
}
inline void SocketImpl::invalidate()
{
_sockfd = POCO_INVALID_SOCKET;
}
inline bool SocketImpl::getBlocking() const
{
return _blocking;

4
Net/include/Poco/Net/SocketNotification.h
View File

@@ -1,7 +1,7 @@
//
// SocketNotification.h
//
// $Id: //poco/1.3/Net/include/Poco/Net/SocketNotification.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/SocketNotification.h#4 $
//
// Library: Net
// Package: Reactor
@@ -57,7 +57,7 @@ class Net_API SocketNotification: public Poco::Notification
/// the SocketReactor.
{
public:
SocketNotification(SocketReactor* pReactor);
explicit SocketNotification(SocketReactor* pReactor);
/// Creates the SocketNotification for the given SocketReactor.
virtual ~SocketNotification();

4
Net/include/Poco/Net/SocketNotifier.h
View File

@@ -1,7 +1,7 @@
//
// SocketNotifier.h
//
// $Id: //poco/svn/Net/include/Poco/Net/SocketNotifier.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/SocketNotifier.h#3 $
//
// Library: Net
// Package: Reactor
@@ -62,7 +62,7 @@ class Net_API SocketNotifier: public Poco::RefCountedObject
/// to notify registered event handlers of socket events.
{
public:
SocketNotifier(const Socket& socket);
explicit SocketNotifier(const Socket& socket);
/// Creates the SocketNotifier for the given socket.
void addObserver(SocketReactor* pReactor, const Poco::AbstractObserver& observer);

4
Net/include/Poco/Net/SocketReactor.h
View File

@@ -1,7 +1,7 @@
//
// SocketReactor.h
//
// $Id: //poco/1.3/Net/include/Poco/Net/SocketReactor.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/SocketReactor.h#5 $
//
// Library: Net
// Package: Reactor
@@ -132,7 +132,7 @@ public:
SocketReactor();
/// Creates the SocketReactor.
SocketReactor(const Poco::Timespan& timeout);
explicit SocketReactor(const Poco::Timespan& timeout);
/// Creates the SocketReactor, using the given timeout.
virtual ~SocketReactor();

8
Net/include/Poco/Net/SocketStream.h
View File

@@ -1,7 +1,7 @@
//
// SocketStream.h
//
// $Id: //poco/svn/Net/include/Poco/Net/SocketStream.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/SocketStream.h#3 $
//
// Library: Net
// Package: Sockets
@@ -121,7 +121,7 @@ class Net_API SocketOutputStream: public SocketIOS, public std::ostream
/// An output stream for writing to a socket.
{
public:
SocketOutputStream(const Socket& socket);
explicit SocketOutputStream(const Socket& socket);
/// Creates the SocketOutputStream with the given socket.
///
/// The socket's SocketImpl must be a StreamSocketImpl,
@@ -147,7 +147,7 @@ class Net_API SocketInputStream: public SocketIOS, public std::istream
/// istream with formatted reads.
{
public:
SocketInputStream(const Socket& socket);
explicit SocketInputStream(const Socket& socket);
/// Creates the SocketInputStream with the given socket.
///
/// The socket's SocketImpl must be a StreamSocketImpl,
@@ -171,7 +171,7 @@ class Net_API SocketStream: public SocketIOS, public std::iostream
/// istream with formatted reads.
{
public:
SocketStream(const Socket& socket);
explicit SocketStream(const Socket& socket);
/// Creates the SocketStream with the given socket.
///
/// The socket's SocketImpl must be a StreamSocketImpl,

4
Net/include/Poco/Net/StreamSocket.h
View File

@@ -1,7 +1,7 @@
//
// StreamSocket.h
//
// $Id: //poco/svn/Net/include/Poco/Net/StreamSocket.h#2 $
// $Id: //poco/Main/Net/include/Poco/Net/StreamSocket.h#3 $
//
// Library: Net
// Package: Sockets
@@ -62,7 +62,7 @@ public:
/// Before sending or receiving data, the socket
/// must be connected with a call to connect().
StreamSocket(const SocketAddress& address);
explicit StreamSocket(const SocketAddress& address);
/// Creates a stream socket and connects it to
/// the socket specified by address.

8
Net/src/HTTPClientSession.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPClientSession.cpp
//
// $Id: //poco/Main/Net/src/HTTPClientSession.cpp#20 $
// $Id: //poco/Main/Net/src/HTTPClientSession.cpp#21 $
//
// Library: Net
// Package: HTTPClient
@@ -187,7 +187,7 @@ std::ostream& HTTPClientSession::sendRequest(HTTPRequest& request)
if (!request.has(HTTPRequest::HOST))
request.setHost(_host, _port);
if (!_proxyHost.empty())
request.setURI(getHostInfo() + request.getURI());
request.setURI(proxyRequestPrefix() + request.getURI());
_reconnect = keepAlive;
_expectResponseBody = request.getMethod() != HTTPRequest::HTTP_HEAD;
if (request.getChunkedTransferEncoding())
@@ -203,7 +203,7 @@ std::ostream& HTTPClientSession::sendRequest(HTTPRequest& request)
_pRequestStream = new HTTPFixedLengthOutputStream(*this, request.getContentLength() + cs.chars());
request.write(*_pRequestStream);
}
else if (request.getMethod() == HTTPRequest::HTTP_GET || request.getMethod() == HTTPRequest::HTTP_HEAD)
else if (request.getMethod() != HTTPRequest::HTTP_PUT && request.getMethod() != HTTPRequest::HTTP_POST)
{
Poco::CountingOutputStream cs;
request.write(cs);
@@ -296,7 +296,7 @@ void HTTPClientSession::reconnect()
}
std::string HTTPClientSession::getHostInfo() const
std::string HTTPClientSession::proxyRequestPrefix() const
{
std::string result("http://");
result.append(_host);

4
Net/src/HTTPServerResponseImpl.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPServerResponseImpl.cpp
//
// $Id: //poco/Main/Net/src/HTTPServerResponseImpl.cpp#6 $
// $Id: //poco/Main/Net/src/HTTPServerResponseImpl.cpp#7 $
//
// Library: Net
// Package: HTTPServer
@@ -154,7 +154,7 @@ void HTTPServerResponseImpl::redirect(const std::string& uri)
setStatusAndReason(HTTPResponse::HTTP_FOUND);
set("Location", uri);
_pStream = new HTTPOutputStream(_session);
_pStream = new HTTPHeaderOutputStream(_session);
write(*_pStream);
}

17
Net/src/HTTPSession.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPSession.cpp
//
// $Id: //poco/svn/Net/src/HTTPSession.cpp#2 $
// $Id: //poco/Main/Net/src/HTTPSession.cpp#14 $
//
// Library: Net
// Package: HTTP
@@ -214,4 +214,19 @@ void HTTPSession::setException(const Poco::Exception& exc)
}
StreamSocket HTTPSession::detachSocket()
{
StreamSocket oldSocket(_socket);
StreamSocket newSocket;
_socket = newSocket;
return oldSocket;
}
void HTTPSession::attachSocket(const StreamSocket& socket)
{
_socket = socket;
}
} } // namespace Poco::Net

4
Net/src/IPAddress.cpp
View File

@@ -1,7 +1,7 @@
//
// IPAddress.cpp
//
// $Id: //poco/Main/Net/src/IPAddress.cpp#20 $
// $Id: //poco/Main/Net/src/IPAddress.cpp#21 $
//
// Library: Net
// Package: NetCore
@@ -324,7 +324,7 @@ public:
}
}
if (i > 0) result.append(":");
if (i < 8) NumberFormatter::appendHex(result, ntohs(words[i++])));
if (i < 8) NumberFormatter::appendHex(result, ntohs(words[i++]));
}
return result;
}

6
Net/src/SocketImpl.cpp
View File

@@ -1,7 +1,7 @@
//
// SocketImpl.cpp
//
// $Id: //poco/svn/Net/src/SocketImpl.cpp#3 $
// $Id: //poco/Main/Net/src/SocketImpl.cpp#26 $
//
// Library: Net
// Package: Sockets
@@ -338,6 +338,7 @@ int SocketImpl::available()
return result;
}
bool SocketImpl::poll(const Poco::Timespan& timeout, int mode)
{
#if defined(POCO_HAVE_FD_POLL)
@@ -804,9 +805,8 @@ void SocketImpl::ioctl(int request, void* arg)
}
void SocketImpl::setSockfd(poco_socket_t aSocket)
void SocketImpl::reset(poco_socket_t aSocket)
{
poco_assert(sockfd() == POCO_INVALID_SOCKET);
_sockfd = aSocket;
}

2
Net/src/StreamSocket.cpp
View File

@@ -1,7 +1,7 @@
//
// StreamSocket.cpp
//
// $Id: //poco/svn/Net/src/StreamSocket.cpp#2 $
// $Id: //poco/Main/Net/src/StreamSocket.cpp#9 $
//
// Library: Net
// Package: Sockets

3
Net/src/StreamSocketImpl.cpp
View File

@@ -1,7 +1,7 @@
//
// StreamSocketImpl.cpp
//
// $Id: //poco/svn/Net/src/StreamSocketImpl.cpp#2 $
// $Id: //poco/Main/Net/src/StreamSocketImpl.cpp#8 $
//
// Library: Net
// Package: Sockets
@@ -63,6 +63,7 @@ int StreamSocketImpl::sendBytes(const void* buffer, int length, int flags)
while (remaining > 0)
{
int n = SocketImpl::sendBytes(p, remaining, flags);
if (n <= 0) return n;
p += n;
remaining -= n;
}

17
NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h
View File

@@ -1,7 +1,7 @@
//
// AcceptCertificateHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the AcceptCertificateHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -51,7 +51,9 @@ namespace Net {
class NetSSL_API AcceptCertificateHandler: public InvalidCertificateHandler
/// A AcceptCertificateHandler is invoked whenever an error
/// occurs verifying the certificate. It always accepts
/// the certificate. Only use this one during testing!
/// the certificate.
///
/// Should be using for testing purposes only.
{
public:
AcceptCertificateHandler(bool handleErrorsOnServerSide);
@@ -66,15 +68,6 @@ public:
};
//
// inlines
//
inline void AcceptCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert)
{
errorCert.setIgnoreError(true);
}
} } // namespace Poco::Net

6
NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h
View File

@@ -1,7 +1,7 @@
//
// CertificateHandlerFactory.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the CertificateHandlerFactory class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -52,6 +52,7 @@ class InvalidCertificateHandler;
class NetSSL_API CertificateHandlerFactory
/// A CertificateHandlerFactory is responsible for creating InvalidCertificateHandlers.
///
/// You don't need to access this class directly. Use the macro
/// POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName)
/// instead (see the documentation of InvalidCertificateHandler for an example).
@@ -82,6 +83,7 @@ public:
/// Destroys the CertificateHandlerFactoryRegistrar.
};
template <typename T>
class CertificateHandlerFactoryImpl: public Poco::Net::CertificateHandlerFactory
{

4
NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h
View File

@@ -1,7 +1,7 @@
//
// CertificateHandlerFactoryMgr.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the CertificateHandlerFactoryMgr class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

5
NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h
View File

@@ -1,7 +1,7 @@
//
// ConsoleCertificateHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the ConsoleCertificateHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -50,6 +50,7 @@ namespace Net {
class NetSSL_API ConsoleCertificateHandler: public InvalidCertificateHandler
/// A ConsoleCertificateHandler is invoked whenever an error occurs verifying the certificate.
///
/// The certificate is printed to stdout and the user is asked via console if he wants to accept it.
{
public:

113
NetSSL_OpenSSL/include/Poco/Net/Context.h
View File

@@ -1,7 +1,7 @@
//
// Context.h
//
// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/Context.h#3 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/Context.h#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the Context class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -41,7 +41,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/SharedPtr.h"
#include "Poco/RefCountedObject.h"
#include "Poco/AutoPtr.h"
#include <openssl/ssl.h>
@@ -49,60 +50,110 @@ namespace Poco {
namespace Net {
class NetSSL_API Context
/// This class encapsulates an SSL Context.
class NetSSL_API Context: public Poco::RefCountedObject
/// This class encapsulates context information for
/// an SSL server or client, such as the certificate
/// verification mode and the location of certificates
/// and private key files, as well as the list of
/// supported ciphers.
{
public:
typedef Poco::SharedPtr<Context> Ptr;
typedef Poco::AutoPtr<Context> Ptr;
enum Usage
{
CLIENT_USE, /// Context is used by a client.
SERVER_USE /// Context is used by a server.
};
enum VerificationMode
{
VERIFY_NONE = SSL_VERIFY_NONE,
/// Server: The server will not send a client certificate
/// request to the client, so the client will not send a certificate.
///
/// Client: If not using an anonymous cipher (by default disabled),
/// the server will send a certificate which will be checked, but
/// the result of the check will be ignored.
VERIFY_RELAXED = SSL_VERIFY_PEER,
VERIFY_STRICT = SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
VERIFY_ONCE = SSL_VERIFY_CLIENT_ONCE
/// Server: The server sends a client certificate request to the
/// client. The certificate returned (if any) is checked.
/// If the verification process fails, the TLS/SSL handshake is
/// immediately terminated with an alert message containing the
/// reason for the verification failure.
///
/// Client: The server certificate is verified, if one is provided.
/// If the verification process fails, the TLS/SSL handshake is
/// immediately terminated with an alert message containing the
/// reason for the verification failure.
VERIFY_STRICT = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
/// Server: If the client did not return a certificate, the TLS/SSL
/// handshake is immediately terminated with a handshake failure
/// alert. This flag must be used together with SSL_VERIFY_PEER.
///
/// Client: Same as VERIFY_RELAXED.
VERIFY_ONCE = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE
/// Server: Only request a client certificate on the initial
/// TLS/SSL handshake. Do not ask for a client certificate
/// again in case of a renegotiation.
///
/// Client: Same as VERIFY_RELAXED.
};
Context(const std::string& privateKeyFile,
Context(
Usage usage,
const std::string& privateKeyFile,
const std::string& certificateFile,
const std::string& caLocation,
bool isServerContext,
VerificationMode verMode = VERIFY_STRICT,
VerificationMode verificationMode = VERIFY_RELAXED,
int verificationDepth = 9,
bool loadCAFromDefaultPath = false,
const std::string& cypherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
/// Creates a context.
/// privateKeyFile contains the key used for encryption, caLocation can either
/// be a directory or a single file containing the certificates for certificate authorities.
/// isServerContext defines if the context belongs to a server or client.
/// verificationDepth sets the upper limit for verification chain sizes. If we encounter
/// a chain larger than that limit, verification will fail.
/// Cypherlist defines which protocols are allowed.
/// Creates the Context.
bool loadDefaultCAs = false,
const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
/// Creates a Context.
///
/// * usage specifies whether the context is used by a client or server.
/// * privateKeyFile contains the path to the private key file used for encryption.
/// Can be empty if no private key file is used.
/// * certificateFile contains the path to the certificate file (in PEM format).
/// If the private key and the certificate are stored in the same file, this
/// can be empty if privateKeyFile is given.
/// * caLocation contains the path to the file or directory containing the
/// CA/root certificates. Can be empty if the OpenSSL builtin CA certificates
/// are used (see loadDefaultCAs).
/// * verificationMode specifies whether and how peer certificates are validated.
/// * verificationDepth sets the upper limit for verification chain sizes. Verification
/// will fail if a certificate chain larger than this is encountered.
/// * loadDefaultCAs specifies wheter the builtin CA certificates from OpenSSL are used.
/// * cipherList specifies the supported ciphers in OpenSSL notation.
~Context();
/// Destroys the Context.
SSL_CTX* sslContext() const;
/// Returns the OpenSSL SSL Context object.
/// Returns the underlying OpenSSL SSL Context object.
Usage usage() const;
/// Returns whether the context is for use by a client or by a server.
Context::VerificationMode verificationMode() const;
/// Returns the verification mode.
bool serverContext() const;
/// Returns true iff the context is for a server.
private:
Usage _usage;
VerificationMode _mode;
SSL_CTX* _pSSLContext;
Context::VerificationMode _mode;
bool _server;
};
//
// inlines
//
inline SSL_CTX* Context::sslContext() const
inline Context::Usage Context::usage() const
{
return _pSSLContext;
return _usage;
}
@@ -112,9 +163,9 @@ inline Context::VerificationMode Context::verificationMode() const
}
inline bool Context::serverContext() const
inline SSL_CTX* Context::sslContext() const
{
return _server;
return _pSSLContext;
}

41
NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSClientSession.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h#9 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
@@ -9,7 +9,7 @@
//
// Definition of the HTTPSClientSession class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -43,6 +43,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/Utility.h"
#include "Poco/Net/HTTPClientSession.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
namespace Poco {
@@ -76,33 +78,56 @@ class NetSSL_API HTTPSClientSession: public HTTPClientSession
///
/// See RFC 2616 <http://www.faqs.org/rfcs/rfc2616.html> for more
/// information about the HTTP protocol.
///
/// Note that sending requests that neither contain a content length
/// field in the header nor are using chunked transfer encoding will
/// result in a SSL protocol violation, as the framework shuts down
/// the socket after sending the message body. No orderly SSL shutdown
/// will be performed in this case.
{
public:
enum
{
HTTPS_PORT = 443
};
HTTPSClientSession();
/// Creates an unconnected HTTPSClientSession.
HTTPSClientSession(const SecureStreamSocket& socket);
explicit HTTPSClientSession(const SecureStreamSocket& socket);
/// Creates a HTTPSClientSession using the given socket.
/// The socket must not be connected. The session
/// takes ownership of the socket.
HTTPSClientSession(const std::string& host, Poco::UInt16 port = Utility::HTTPS_PORT);
HTTPSClientSession(const std::string& host, Poco::UInt16 port = HTTPS_PORT);
/// Creates a HTTPSClientSession using the given host and port.
explicit HTTPSClientSession(Context::Ptr pContext);
/// Creates an unconnected HTTPSClientSession, using the
/// give SSL context.
HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext);
/// Creates a HTTPSClientSession using the given host and port,
/// using the given SSL context.
~HTTPSClientSession();
/// Destroys the HTTPSClientSession and closes
/// the underlying socket.
X509Certificate serverCertificate();
/// Returns the server's certificate.
///
/// The certificate is available after the first request has been sent.
protected:
void connect(const SocketAddress& address);
// Connects the socket to the server.
std::string getHostInfo() const;
/// Returns the target host and port number for proxy requests.
std::string proxyRequestPrefix() const;
private:
HTTPSClientSession(const HTTPSClientSession&);
HTTPSClientSession& operator = (const HTTPSClientSession&);
Context::Ptr _pContext;
};

4
NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSSessionInstantiator.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
@@ -9,7 +9,7 @@
//
// Definition of the HTTPSSessionInstantiator class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

6
NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSStreamFactory.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
@@ -9,7 +9,7 @@
//
// Definition of the HTTPSStreamFactory class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -51,7 +51,7 @@ namespace Net {
class NetSSL_API HTTPSStreamFactory: public Poco::URIStreamFactory
/// An implementation of the URIStreamFactory interface
/// that handles Hyper-Text Transfer Protocol (http) URIs.
/// that handles secure Hyper-Text Transfer Protocol (https) URIs.
{
public:
HTTPSStreamFactory();

8
NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h
View File

@@ -1,7 +1,7 @@
//
// InvalidCertificateHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the InvalidCertificateHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -52,7 +52,7 @@ class NetSSL_API InvalidCertificateHandler
/// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user
/// to inspect and accept/reject the certificate.
/// One can install one's own InvalidCertificateHandler by implementing this interface. Note that
/// in the cpp file of the subclass the following code must be present (assuming you use the namespace My_API
/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API
/// and the name of your handler class is MyGuiHandler):
///
/// #include "Poco/Net/CertificateHandlerFactory.h"
@@ -72,11 +72,13 @@ class NetSSL_API InvalidCertificateHandler
/// [...] // Put optional config params for the handler here
/// </options>
/// </invalidCertificateHandler>
///
/// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro.
{
public:
InvalidCertificateHandler(bool handleErrorsOnServerSide);
/// Creates the InvalidCertificateHandler.
///
/// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side.
/// Automatically registers at one of the SSLManager::VerificationError events.

7
NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h
View File

@@ -1,7 +1,7 @@
//
// KeyConsoleHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the KeyConsoleHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -49,7 +49,8 @@ namespace Net {
class NetSSL_API KeyConsoleHandler: public PrivateKeyPassphraseHandler
/// Class KeyConsoleHandler. Reads the key for a certificate from the console.
/// An implementation of PrivateKeyPassphraseHandler that
/// reads the key for a certificate from the console.
{
public:
KeyConsoleHandler(bool server);

7
NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h
View File

@@ -1,7 +1,7 @@
//
// KeyFileHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the KeyFileHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -49,7 +49,8 @@ namespace Net {
class NetSSL_API KeyFileHandler: public PrivateKeyPassphraseHandler
/// Class KeyFileHandler. Reads the key for a certificate from a configuration file
/// An implementation of PrivateKeyPassphraseHandler that
/// reads the key for a certificate from a configuration file
/// under the path "openSSL.privateKeyPassphraseHandler.options.password".
{
public:

4
NetSSL_OpenSSL/include/Poco/Net/NetSSL.h
View File

@@ -1,7 +1,7 @@
//
// NetSSL.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -11,7 +11,7 @@
// This file must be the first file included by every other OpenSSL
// header file.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

6
NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h
View File

@@ -1,7 +1,7 @@
//
// PrivateKeyFactory.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the PrivateKeyFactory class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -52,6 +52,7 @@ class PrivateKeyPassphraseHandler;
class NetSSL_API PrivateKeyFactory
/// A PrivateKeyFactory is responsible for creating PrivateKeyPassphraseHandlers.
///
/// You don't need to access this class directly. Use the macro
/// POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName)
/// instead (see the documentation of PrivateKeyPassphraseHandler for an example).
@@ -70,6 +71,7 @@ public:
class NetSSL_API PrivateKeyFactoryRegistrar
/// Registrar class which automatically registers PrivateKeyFactories at the PrivateKeyFactoryMgr.
///
/// You don't need to access this class directly. Use the macro
/// POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName)
/// instead (see the documentation of PrivateKeyPassphraseHandler for an example).

4
NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h
View File

@@ -1,7 +1,7 @@
//
// PrivateKeyFactoryMgr.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the PrivateKeyFactoryMgr class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

7
NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h
View File

@@ -1,7 +1,7 @@
//
// PrivateKeyPassphraseHandler.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the PrivateKeyPassphraseHandler class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -51,7 +51,7 @@ class NetSSL_API PrivateKeyPassphraseHandler
/// A passphrase handler is needed whenever the private key of a certificate is loaded and the certificate is protected
/// by a passphrase. The PrivateKeyPassphraseHandler's task is to provide that passphrase.
/// One can install one's own PrivateKeyPassphraseHandler by implementing this interface. Note that
/// in the cpp file of the subclass the following code must be present (assuming you use the namespace My_API
/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API
/// and the name of your handler class is MyGuiHandler):
///
/// #include "Poco/Net/PrivateKeyFactory.h"
@@ -71,6 +71,7 @@ class NetSSL_API PrivateKeyPassphraseHandler
/// [...] // Put optional config params for the handler here
/// </options>
/// </privateKeyPassphraseHandler>
///
/// Note that the name of the passphrase handler must be same as the one provided to the POCO_REGISTER_KEYFACTORY macro.
{
public:

5
NetSSL_OpenSSL/include/Poco/Net/SSLException.h
View File

@@ -1,7 +1,7 @@
//
// SSLException.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SSLException.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SSLException.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the SSLException class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -51,6 +51,7 @@ namespace Net {
POCO_DECLARE_EXCEPTION(NetSSL_API, SSLException, NetException)
POCO_DECLARE_EXCEPTION(NetSSL_API, SSLContextException, SSLException)
POCO_DECLARE_EXCEPTION(NetSSL_API, InvalidCertificateException, SSLException)
POCO_DECLARE_EXCEPTION(NetSSL_API, CertificateValidationException, SSLException)
} } // namespace Poco::Net

4
NetSSL_OpenSSL/include/Poco/Net/SSLInitializer.h
View File

@@ -1,7 +1,7 @@
//
// SSLInitializer.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SSLInitializer.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SSLInitializer.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the SSLInitializer class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

58
NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
View File

@@ -1,7 +1,7 @@
//
// SSLManager.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the SSLManager class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -59,19 +59,23 @@ class Context;
class NetSSL_API SSLManager
/// Class SSLManager. Singleton for holding the default server/client Context and PrivateKeyPassphraseHandler.
/// SSLManager is a singleton for holding the default server/client
/// Context and PrivateKeyPassphraseHandler.
///
/// Either initialize via Poco::Util::Application or via the
/// initialize methods of the singleton. Note that the latter initialization must happen very early
/// during program startup before somebody calls defaultClientContext()/defaultServerContext()
/// or any of the passPhraseHandler methods (which tries to auto-initialize
/// the context and passphrase handler based on an Poco::Util::Application configuration).
///
/// An exemplary documentation which sets either the server or client defaultcontext and creates a PrivateKeyPassphraseHandler
/// that reads the password from the XML file looks like this:
///
/// <AppConfig>
/// <openSSL>
/// <server|client>
/// <privateKeyFile>any.pem</privateKeyFile>
/// <privateKeyFile>mycert.key</privateKeyFile>
/// <certificateFile>mycert.crt</certificateFile>
/// <caConfig>rootcert.pem</caConfig>
/// <verificationMode>relaxed</verificationMode>
/// <verificationDepth>9</verificationDepth>
@@ -91,56 +95,59 @@ class NetSSL_API SSLManager
/// </server|client>
/// </openSSL>
/// </AppConfig>
///
{
public:
typedef Poco::SharedPtr<Context> ContextPtr;
typedef Poco::SharedPtr<PrivateKeyPassphraseHandler> PrivateKeyPassphraseHandlerPtr;
typedef Poco::SharedPtr<InvalidCertificateHandler> InvalidCertificateHandlerPtr;
Poco::BasicEvent<VerificationErrorArgs> ServerVerificationError;
/// Thrown whenever a certificate error is detected by the server during a handshake
/// Thrown whenever a certificate error is detected by the server during a handshake.
Poco::BasicEvent<VerificationErrorArgs> ClientVerificationError;
/// Thrown whenever a certificate error is detected by the client during a handshake
/// Thrown whenever a certificate error is detected by the client during a handshake.
Poco::BasicEvent<std::string> PrivateKeyPassPhrase;
/// Thrown when a encrypted certificate is loaded. Not setting the passwd
/// Thrown when a encrypted certificate is loaded. Not setting the password
/// in the event parameter will result in a failure to load the certificate.
///
/// Per default the SSLManager checks the configuration.xml file (path openSSL.privateKeyPassphraseHandler.name)
/// which default delegate it should register. If nothing is configured,
/// for which default delegate it should register. If nothing is configured,
/// a KeyConsoleHandler is used.
static SSLManager& instance();
/// Returns the instance of the SSLManager singleton.
void initializeServer(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseHandler, InvalidCertificateHandlerPtr& ptrHandler, ContextPtr ptrContext);
void initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassPhraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext);
/// Initializes the server side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method
/// is never called the SSLmanager will try to initialize its members from an application configuration.
///
/// Note: ALWAYS create the handlers before you create the context!
///
/// Valid initialization code would be:
/// SharedPtr<PrivateKeyPassphraseHandler> ptrConsole = new KeyConsoleHandler();
/// SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler();
/// SharedPtr<Context> ptrContext = new Context("any.pem", "rootcert.pem", Context::Relaxed, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
/// Context::Ptr ptrContext = new Context("any.pem", "rootcert.pem", Context::Relaxed, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
///
/// This method can only be called, if no defaultContext is set yet.
/// This method can only be called if no defaultContext is set yet.
void initializeClient(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseHandler, InvalidCertificateHandlerPtr& ptrHandler, ContextPtr ptrContext);
void initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassPhraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext);
/// Initializes the client side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method
/// is never called the SSLmanager will try to initialize its members from an application configuration.
///
/// Note: ALWAYS create the handlers before you create the context!
///
/// Valid initialization code would be:
/// SharedPtr<PrivateKeyPassphraseHandler> ptrConsole = new KeyConsoleHandler();
/// SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler();
/// SharedPtr<Context> ptrContext = new Context("any.pem", "rootcert.pem", Context::Relaxed, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
/// Context::Ptr ptrContext = new Context("any.pem", "rootcert.pem", Context::Relaxed, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
///
/// This method can only be called, if no defaultContext is set yet.
/// This method can only be called if no defaultContext is set yet.
ContextPtr defaultServerContext();
Context::Ptr defaultServerContext();
/// Returns the default context used by the server. The first call to this method initializes the defaultContext
/// from an application configuration.
ContextPtr defaultClientContext();
Context::Ptr defaultClientContext();
/// Returns the default context used by the client. The first call to this method initializes the defaultContext
/// from an application configuration.
@@ -168,6 +175,10 @@ public:
/// Returns the CertificateHandlerFactoryMgr which stores the
/// factories for the different registered certificate handlers.
static const std::string CFG_SERVER_PREFIX;
static const std::string CFG_CLIENT_PREFIX;
protected:
static int verifyClientCallback(int ok, X509_STORE_CTX* pStore);
/// The return value of this method defines how errors in
/// verification are handled. Return 0 to terminate the handshake,
@@ -179,13 +190,10 @@ public:
/// or 1 to continue despite the error.
static int privateKeyPasswdCallback(char* pBuf, int size, int flag, void* userData);
/// Method is invoked by OpenSSl to retrieve a passwd for an encrypted certificate.
/// Method is invoked by OpenSSL to retrieve a passwd for an encrypted certificate.
/// The request is delegated to the PrivatekeyPassword event. This method returns the
/// length of the password.
static const std::string CFG_SERVER_PREFIX;
static const std::string CFG_CLIENT_PREFIX;
private:
SSLManager();
/// Creates the SSLManager.
@@ -212,14 +220,15 @@ private:
PrivateKeyFactoryMgr _factoryMgr;
CertificateHandlerFactoryMgr _certHandlerFactoryMgr;
ContextPtr _ptrDefaultServerContext;
Context::Ptr _ptrDefaultServerContext;
PrivateKeyPassphraseHandlerPtr _ptrServerPassPhraseHandler;
InvalidCertificateHandlerPtr _ptrServerCertificateHandler;
ContextPtr _ptrDefaultClientContext;
Context::Ptr _ptrDefaultClientContext;
PrivateKeyPassphraseHandlerPtr _ptrClientPassPhraseHandler;
InvalidCertificateHandlerPtr _ptrClientCertificateHandler;
static const std::string CFG_PRIV_KEY_FILE;
static const std::string CFG_CERTIFICATE_FILE;
static const std::string CFG_CA_LOCATION;
static const std::string CFG_VER_MODE;
static const Context::VerificationMode VAL_VER_MODE;
@@ -235,6 +244,7 @@ private:
static const std::string VAL_CERTIFICATE_HANDLER;
friend class Poco::SingletonHolder<SSLManager>;
friend class Context;
};

44
NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h
View File

@@ -1,7 +1,7 @@
//
// SecureServerSocket.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureServerSocket class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,6 +42,7 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/ServerSocket.h"
#include "Poco/Net/Context.h"
namespace Poco {
@@ -53,7 +54,15 @@ class NetSSL_API SecureServerSocket: public ServerSocket
{
public:
SecureServerSocket();
/// Creates a SSL server socket.
/// Creates a SSL server socket using the
/// default SSL server context.
///
/// The server socket must be bound to
/// an address and put into listening state.
explicit SecureServerSocket(Context::Ptr pContext);
/// Creates a SSL server socket, using the
/// given SSL context object.
///
/// The server socket must be bound to
/// an address and put into listening state.
@@ -61,11 +70,19 @@ public:
SecureServerSocket(const Socket& socket);
/// Creates the SecureServerSocket with the SocketImpl
/// from another socket. The SocketImpl must be
/// a ServerSocketImpl, otherwise an InvalidArgumentException
/// a SecureServerSocketImpl, otherwise an InvalidArgumentException
/// will be thrown.
SecureServerSocket(const SocketAddress& address, int backlog = 64);
/// Creates a server socket, binds it
/// Creates a server socket using the default server SSL context,
/// binds it to the given address and puts it in listening
/// state.
///
/// After successful construction, the server socket
/// is ready to accept connections.
SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext);
/// Creates a server socket using the given SSL context, binds it
/// to the given address and puts it in listening
/// state.
///
@@ -73,7 +90,15 @@ public:
/// is ready to accept connections.
SecureServerSocket(Poco::UInt16 port, int backlog = 64);
/// Creates a server socket, binds it
/// Creates a server socket using the default server SSL context,
/// binds it to the given port and puts it in listening
/// state.
///
/// After successful construction, the server socket
/// is ready to accept connections.
SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext);
/// Creates a server socket using the given SSL context, binds it
/// to the given port and puts it in listening
/// state.
///
@@ -97,7 +122,7 @@ public:
/// If the queue is empty, waits until a connection
/// request completes.
///
/// Returns a new SSL TCP socket for the connection
/// Returns a new SSL socket for the connection
/// with the client.
///
/// The client socket's address is returned in clientAddr.
@@ -109,8 +134,11 @@ public:
/// If the queue is empty, waits until a connection
/// request completes.
///
/// Returns a new TCP socket for the connection
/// Returns a new SSL socket for the connection
/// with the client.
Context::Ptr context() const;
/// Returns the SSL context used by this socket.
};

73
NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h
View File

@@ -1,7 +1,7 @@
//
// SecureServerSocketImpl.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureServerSocketImpl class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -43,6 +43,7 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/SecureSocketImpl.h"
#include "Poco/Net/ServerSocketImpl.h"
#include "Poco/Net/Context.h"
namespace Poco {
@@ -53,8 +54,9 @@ class NetSSL_API SecureServerSocketImpl: public ServerSocketImpl
/// The SocketImpl class for SecureServerSocket.
{
public:
SecureServerSocketImpl();
/// Creates the SecureServerSocketImpl.
SecureServerSocketImpl(Context::Ptr pContext);
/// Creates the SecureServerSocketImpl using the
/// given SSL context object.
SocketImpl* acceptConnection(SocketAddress& clientAddr);
/// Get the next completed connection from the
@@ -69,21 +71,19 @@ public:
/// The client socket's address is returned in clientAddr.
void connect(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
/// the TCP server at the given address.
/// Not supported by this kind of socket.
///
/// Can also be used for UDP sockets. In this case, no
/// connection is established. Instead, incoming and outgoing
/// packets are restricted to the specified address.
/// Throws a Poco::InvalidAccessException.
void connect(const SocketAddress& address, const Poco::Timespan& timeout);
/// Initializes the socket, sets the socket timeout and
/// establishes a connection to the TCP server at the given address.
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
void connectNB(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
/// the TCP server at the given address. Prior to opening the
/// connection the socket is set to nonblocking mode.
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
void bind(const SocketAddress& address, bool reuseAddress = false);
/// Bind a local address to the socket.
@@ -109,40 +109,32 @@ public:
/// Close the socket.
int sendBytes(const void* buffer, int length, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket. Any specified flags are ignored.
/// Not supported by this kind of socket.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
/// Throws a Poco::InvalidAccessException.
int receiveBytes(void* buffer, int length, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
/// Not supported by this kind of socket.
///
/// Returns the number of bytes received.
/// Throws a Poco::InvalidAccessException.
int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket to the given address.
/// Not supported by this kind of socket.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
/// Throws a Poco::InvalidAccessException.
int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
/// Stores the address of the sender in address.
/// Not supported by this kind of socket.
///
/// Returns the number of bytes received.
/// Throws a Poco::InvalidAccessException.
void sendUrgent(unsigned char data);
/// Sends one byte of urgent data through
/// the socket.
/// Not supported by this kind of socket.
///
/// The data is sent with the MSG_OOB flag.
///
/// The preferred way for a socket to receive urgent data
/// is by enabling the SO_OOBINLINE option.
/// Throws a Poco::InvalidAccessException.
Context::Ptr context() const;
/// Returns the SSL context used by this socket.
protected:
~SecureServerSocketImpl();
@@ -153,10 +145,19 @@ private:
SecureServerSocketImpl& operator = (const SecureServerSocketImpl&);
private:
SecureSocketImpl _socket;
SecureSocketImpl _impl;
};
//
// inlines
//
inline Context::Ptr SecureServerSocketImpl::context() const
{
return _impl.context();
}
} } // namespace Poco::Net

136
NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
View File

@@ -1,7 +1,7 @@
//
// SecureSocketImpl.h
//
// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h#2 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureSocketImpl class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,7 +42,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/SocketImpl.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
#include <openssl/bio.h>
#include <openssl/ssl.h>
@@ -58,11 +59,9 @@ class NetSSL_API SecureSocketImpl
/// The SocketImpl for SecureStreamSocket.
{
public:
SecureSocketImpl();
/// Creates the SecureSocketImpl.
SecureSocketImpl(SSL* _pSSL);
/// Creates the SecureSocketImpl.
SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext);
/// Creates the SecureSocketImpl using an already
/// connected stream socket.
virtual ~SecureSocketImpl();
/// Destroys the SecureSocketImpl.
@@ -74,33 +73,36 @@ public:
/// If the queue is empty, waits until a connection
/// request completes.
///
/// Returns a new TCP socket for the connection
/// Returns a new SSL socket for the connection
/// with the client.
///
/// The client socket's address is returned in clientAddr.
void connect(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
void acceptSSL();
/// Performs a server-side SSL handshake and certificate verification.
void connect(const SocketAddress& address, const std::string& hostName);
/// Initializes the socket and establishes a secure connection to
/// the TCP server at the given address.
///
/// Can also be used for UDP sockets. In this case, no
/// connection is established. Instead, incoming and outgoing
/// packets are restricted to the specified address.
void connect(const SocketAddress& address, const Poco::Timespan& timeout);
void connect(const SocketAddress& address, const std::string& hostName, const Poco::Timespan& timeout);
/// Initializes the socket, sets the socket timeout and
/// establishes a connection to the TCP server at the given address.
/// establishes a secure connection to the TCP server at the given address.
void connectNB(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
void connectNB(const SocketAddress& address, const std::string& hostName);
/// Initializes the socket and establishes a secure connection to
/// the TCP server at the given address. Prior to opening the
/// connection the socket is set to nonblocking mode.
void connectSSL(const std::string& hostName);
/// Performs a client-side SSL handshake and establishes a secure
/// connection over an already existing TCP connection.
void bind(const SocketAddress& address, bool reuseAddress = false);
/// Bind a local address to the socket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// socket. SSL clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
@@ -116,6 +118,11 @@ public:
/// number of connections that can be queued
/// for this socket.
void shutdown();
/// Shuts down the connection by attempting
/// an orderly SSL shutdown, then actually
/// shutting down the TCP connection.
void close();
/// Close the socket.
@@ -132,75 +139,33 @@ public:
///
/// Returns the number of bytes received.
int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket to the given address.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
/// Stores the address of the sender in address.
///
/// Returns the number of bytes received.
void sendUrgent(unsigned char data);
/// Sends one byte of urgent data through
/// the socket.
///
/// The data is sent with the MSG_OOB flag.
///
/// The preferred way for a socket to receive urgent data
/// is by enabling the SO_OOBINLINE option.
poco_socket_t sockfd();
// Returns the socket.
/// Returns the underlying socket descriptor.
void setTunnelEndPoint(const std::string& endHost, Poco::UInt16 endPort);
/// Due to the fact that SSLConnections that run over proxies require
/// a different connect phase (ie send an unencrypted HTTP CONNECT before
/// establishing, we must inform the socket that is only used as a proxy
/// that works as a tunnel to the given endPoint.
/// Only call this method on disconnected sockets.
X509* peerCertificate() const;
/// Returns the peer's certificate.
static long postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName);
Context::Ptr context() const;
/// Returns the SSL context used for this socket.
protected:
void setSockfd(poco_socket_t sock);
/// Set a socket description iff no socket is already set.
void invalidate();
/// Invalidate the current socket. Must only be called on closed sockets.
static long postConnectionCheck(bool onServer, SSL* pSSL, const std::string& host);
long verifyCertificate(const std::string& hostName);
/// PostConnectionCheck to verify that a peer really presented a valid certificate.
/// if onserver is false, used by clients to verify that a server is really the one it claims.
/// if onserver is true, used by the server to verify that a client is really the one it claims.
void connectSSL(const SocketAddress& address);
/// Creates and connects an SSL connection. Set _pSSL on success or exception otherwise.
static bool isLocalHost(const std::string& hostName);
/// Returns true iff the given host name is the local host
/// (either "localhost" or "127.0.0.1").
void establishTunnel();
/// Creates a socket to the proxy and sends CONNECT.
static bool containsWildcards(const std::string& commonName);
/// Checks if the commonName of a certificate contains wildcards
static bool matchByAlias(const std::string& alias, const HostEntry& heData);
/// Checks if the alias is contained in heData
int handleError(int rc);
/// Handles an SSL error by throwing an appropriate exception.
private:
SecureSocketImpl(const SecureSocketImpl&);
SecureSocketImpl& operator = (const SecureSocketImpl&);
private:
BIO* _pBIO;
SSL* _pSSL;
SocketImpl _socket;
std::string _endHost;
Poco::UInt16 _endPort;
Poco::AutoPtr<SocketImpl> _pSocket;
Context::Ptr _pContext;
};
@@ -209,28 +174,13 @@ private:
//
inline poco_socket_t SecureSocketImpl::sockfd()
{
return _socket.sockfd();
return _pSocket->sockfd();
}
inline void SecureSocketImpl::setSockfd(poco_socket_t sock)
inline Context::Ptr SecureSocketImpl::context() const
{
_socket.setSockfd(sock);
}
inline void SecureSocketImpl::invalidate()
{
_socket.invalidate();
}
inline void SecureSocketImpl::setTunnelEndPoint(const std::string& endHost, Poco::UInt16 endPort)
{
poco_assert (endPort != 0 && !endHost.empty());
_endHost = endHost;
_endPort = endPort;
return _pContext;
}

98
NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h
View File

@@ -1,7 +1,7 @@
//
// SecureStreamSocket.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureStreamSocket class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,6 +42,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/StreamSocket.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
namespace Poco {
@@ -50,22 +52,72 @@ namespace Net {
class NetSSL_API SecureStreamSocket: public StreamSocket
/// A subclass of StreamSocket for secure SSL sockets.
///
/// A few notes about nonblocking IO:
/// sendBytes() and receiveBytes() can return a
/// negative value when using a nonblocking socket, which means
/// a SSL handshake is currently in progress and more data
/// needs to be read or written for the handshake to continue.
/// If sendBytes() or receiveBytes() return ERR_SSL_WANT_WRITE,
/// sendBytes() must be called as soon as possible (usually, after
/// select() indicates that data can be written). Likewise, if
/// ERR_SSL_WANT_READ is returned, receiveBytes() must be called
/// as soon as data is available for reading (indicated by select()).
///
/// The SSL handshake is delayed until the first sendBytes() or
/// receiveBytes() operation is performed on the socket. No automatic
/// post connection check (checking the peer certificate for a valid
/// hostname) is performed when using nonblocking I/O.
{
public:
enum
{
ERR_SSL_WANT_READ = -1,
ERR_SSL_WANT_WRITE = -2
};
SecureStreamSocket();
/// Creates an unconnected stream socket.
/// Creates an unconnected secure stream socket
/// using the default client SSL context.
///
/// Before sending or receiving data, the socket
/// must be connected with a call to connect().
SecureStreamSocket(const SocketAddress& address);
/// Creates a stream socket and connects it to
explicit SecureStreamSocket(Context::Ptr pContext);
/// Creates an unconnected secure stream socket
/// using the given SSL context.
///
/// Before sending or receiving data, the socket
/// must be connected with a call to connect().
explicit SecureStreamSocket(const SocketAddress& address);
/// Creates a secure stream socket using the default
/// client SSL context and connects it to
/// the socket specified by address.
SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext);
/// Creates a secure stream socket using the given
/// client SSL context and connects it to
/// the socket specified by address.
SecureStreamSocket(const SocketAddress& address, const std::string& hostName);
/// Creates a secure stream socket using the default
/// client SSL context and connects it to
/// the socket specified by address.
///
/// The given host name is used for certificate verification.
SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext);
/// Creates a secure stream socket using the given
/// client SSL context and connects it to
/// the socket specified by address.
///
/// The given host name is used for certificate verification.
SecureStreamSocket(const Socket& socket);
/// Creates the StreamSocket with the SocketImpl
/// Creates the SecureStreamSocket with the SocketImpl
/// from another socket. The SocketImpl must be
/// a StreamSocketImpl, otherwise an InvalidArgumentException
/// a SecureStreamSocketImpl, otherwise an InvalidArgumentException
/// will be thrown.
virtual ~SecureStreamSocket();
@@ -78,6 +130,38 @@ public:
/// attaches the SocketImpl from the other socket and
/// increments the reference count of the SocketImpl.
X509Certificate peerCertificate() const;
/// Returns the peer's X509 certificate.
void setPeerHostName(const std::string& hostName);
/// Sets the peer's host name used for certificate validation.
const std::string& getPeerHostName() const;
/// Returns the peer's host name used for certificate validation.
static SecureStreamSocket attach(const StreamSocket& streamSocket);
/// Creates a SecureStreamSocket over an existing socket
/// connection. The given StreamSocket must be connected.
/// A SSL handshake will be performed.
static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext);
/// Creates a SecureStreamSocket over an existing socket
/// connection. The given StreamSocket must be connected.
/// A SSL handshake will be performed.
static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName);
/// Creates a SecureStreamSocket over an existing socket
/// connection. The given StreamSocket must be connected.
/// A SSL handshake will be performed.
static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext);
/// Creates a SecureStreamSocket over an existing socket
/// connection. The given StreamSocket must be connected.
/// A SSL handshake will be performed.
Context::Ptr context() const;
/// Returns the SSL context used by this socket.
protected:
SecureStreamSocket(SocketImpl* pImpl);

151
NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h
View File

@@ -1,7 +1,7 @@
//
// SecureStreamSocketImpl.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -9,7 +9,7 @@
//
// Definition of the SecureStreamSocketImpl class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -43,6 +43,8 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/SecureSocketImpl.h"
#include "Poco/Net/StreamSocketImpl.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
namespace Poco {
@@ -50,26 +52,22 @@ namespace Net {
class NetSSL_API SecureStreamSocketImpl: public StreamSocketImpl
/// This class implements a SSL TCP socket.
/// This class implements a SSL stream socket.
{
public:
SecureStreamSocketImpl();
SecureStreamSocketImpl(Context::Ptr pContext);
/// Creates the SecureStreamSocketImpl.
SecureStreamSocketImpl(SSL* _pSSL);
/// Creates a SecureStreamSocketImpl using the given native socket.
SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext);
/// Creates the SecureStreamSocketImpl.
SocketImpl* acceptConnection(SocketAddress& clientAddr);
/// Get the next completed connection from the
/// socket's completed connection queue.
/// Not supported by a SecureStreamSocket.
///
/// If the queue is empty, waits until a connection
/// request completes.
///
/// Returns a new TCP socket for the connection
/// with the client.
///
/// The client socket's address is returned in clientAddr.
/// Throws a Poco::InvalidAccessException.
void acceptSSL();
/// Performs a SSL server-side handshake.
void connect(const SocketAddress& address);
/// Initializes the socket and establishes a connection to
@@ -88,25 +86,18 @@ public:
/// the TCP server at the given address. Prior to opening the
/// connection the socket is set to nonblocking mode.
void connectSSL();
/// Performs a SSL client-side handshake on an already connected TCP socket.
void bind(const SocketAddress& address, bool reuseAddress = false);
/// Bind a local address to the socket.
/// Not supported by a SecureStreamSocket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
/// socket option.
/// Throws a Poco::InvalidAccessException.
void listen(int backlog = 64);
/// Puts the socket into listening state.
/// Not supported by a SecureStreamSocket.
///
/// The socket becomes a passive socket that
/// can accept incoming connection requests.
///
/// The backlog argument specifies the maximum
/// number of connections that can be queued
/// for this socket.
/// Throws a Poco::InvalidAccessException.
void close();
/// Close the socket.
@@ -125,45 +116,63 @@ public:
/// Returns the number of bytes received.
int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket to the given address.
/// Not supported by a SecureStreamSocket.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
/// Throws a Poco::InvalidAccessException.
int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
/// Stores the address of the sender in address.
/// Not supported by a SecureStreamSocket.
///
/// Returns the number of bytes received.
/// Throws a Poco::InvalidAccessException.
void sendUrgent(unsigned char data);
/// Sends one byte of urgent data through
/// the socket.
/// Not supported by a SecureStreamSocket.
///
/// The data is sent with the MSG_OOB flag.
///
/// The preferred way for a socket to receive urgent data
/// is by enabling the SO_OOBINLINE option.
/// Throws a Poco::InvalidAccessException.
void setTunnelEndPoint(const std::string& host, Poco::UInt16 port);
/// Due to the fact that SSLConnections that run over proxies require
/// a different connect phase (ie send an unencrypted HTTP CONNECT before
/// establishing, we must inform the socket that it is only used as a proxy
/// that works as a tunnel to the given endPoint.
/// Only call this method on disconnected sockets.
void shutdownReceive();
/// Shuts down the receiving part of the socket connection.
///
/// Since SSL does not support a half shutdown, this does
/// nothing.
void shutdownSend();
/// Shuts down the receiving part of the socket connection.
///
/// Since SSL does not support a half shutdown, this does
/// nothing.
void shutdown();
/// Shuts down the SSL connection.
void setPeerHostName(const std::string& hostName);
/// Sets the peer host name for certificate validation purposes.
const std::string& getPeerHostName() const;
/// Returns the peer host name.
X509Certificate peerCertificate() const;
/// Returns the peer's X509 certificate.
Context::Ptr context() const;
/// Returns the SSL context used by this socket.
protected:
~SecureStreamSocketImpl();
/// Destroys the SecureStreamSocketImpl.
static int lastError();
static void error();
static void error(const std::string& arg);
static void error(int code);
static void error(int code, const std::string& arg);
private:
SecureStreamSocketImpl(const SecureStreamSocketImpl&);
SecureStreamSocketImpl& operator = (const SecureStreamSocketImpl&);
private:
SecureSocketImpl _socket;
SecureSocketImpl _impl;
std::string _peerHostName;
friend class SecureSocketImpl;
};
@@ -172,9 +181,45 @@ private:
//
// inlines
//
inline void SecureStreamSocketImpl::setTunnelEndPoint(const std::string& host, Poco::UInt16 port)
inline const std::string& SecureStreamSocketImpl::getPeerHostName() const
{
_socket.setTunnelEndPoint(host, port);
return _peerHostName;
}
inline Context::Ptr SecureStreamSocketImpl::context() const
{
return _impl.context();
}
inline int SecureStreamSocketImpl::lastError()
{
return SocketImpl::lastError();
}
inline void SecureStreamSocketImpl::error()
{
return SocketImpl::error();
}
inline void SecureStreamSocketImpl::error(const std::string& arg)
{
return SocketImpl::error(arg);
}
inline void SecureStreamSocketImpl::error(int code)
{
return SocketImpl::error(code);
}
inline void SecureStreamSocketImpl::error(int code, const std::string& arg)
{
return SocketImpl::error(code, arg);
}

20
NetSSL_OpenSSL/include/Poco/Net/Utility.h
View File

@@ -1,7 +1,7 @@
//
// Utility.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/Utility.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/Utility.h#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the Utility class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -49,20 +49,22 @@ namespace Net {
class NetSSL_API Utility
/// Class Utility. helper class for init & shutdown of the OpenSSL library
/// This class provides various helper functions for working
/// with the OpenSSL library.
{
public:
static int HTTPS_PORT;
/// Default port value for HHTPS
static Context::VerificationMode convertVerificationMode(const std::string& verMode);
/// Non-case sensitive conversion of a string to a VerificationMode enum.
/// If verMode is illegal an OptionException is thrown.
/// If verMode is illegal an InvalidArgumentException is thrown.
static std::string convertCertificateError(long errCode);
/// Converts an SSL error code into human readable form
/// Converts an SSL certificate handling error code into an error message.
static std::string convertSSLError(SSL* pSSL, int errCode);
static std::string getLastError();
/// Returns the last error from the error stack
static void clearErrorStack();
/// Clears the error stack
};

4
NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h
View File

@@ -1,7 +1,7 @@
//
// VerificationErrorArgs.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h#7 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the VerificationErrorArgs class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

65
NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
View File

@@ -1,7 +1,7 @@
//
// X509Certificate.h
//
// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h#3 $
// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h#11 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
@@ -9,7 +9,7 @@
//
// Definition of the X509Certificate class.
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,7 +42,9 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/Context.h"
#include "Poco/DateTime.h"
#include "Poco/SharedPtr.h"
#include <set>
#include <openssl/ssl.h>
@@ -50,21 +52,34 @@ namespace Poco {
namespace Net {
class HostEntry;
class NetSSL_API X509Certificate
/// This class represents an X509 Certificate.
/// This class represents a X509 Certificate.
{
public:
X509Certificate(const std::string& file);
/// Loads the X509Certificate from the file
explicit X509Certificate(std::istream& istr);
/// Creates the X509Certificate object by reading
/// a certificate in PEM format from a stream.
X509Certificate(X509* pCert);
/// Creates the X509Certificate.
explicit X509Certificate(const std::string& path);
/// Creates the X509Certificate object by reading
/// a certificate in PEM format from a file.
X509Certificate(const X509Certificate&);
explicit X509Certificate(X509* pCert);
/// Creates the X509Certificate from an existing
/// OpenSSL certificate. Ownership is taken of
/// the certificate.
X509Certificate& operator=(const X509Certificate&);
X509Certificate(const X509Certificate& cert);
/// Creates the certificate by copying another one.
X509Certificate& operator = (const X509Certificate& cert);
/// Assigns a certificate.
void swap(X509Certificate& cert);
/// Exchanges the certificate with another one.
~X509Certificate();
/// Destroys the X509Certificate.
@@ -75,21 +90,39 @@ public:
const std::string& subjectName() const;
/// Returns the certificate subject name.
std::string commonName() const;
/// Returns the common name stored in the certificate.
const X509* certificate() const;
/// Returns the OpenSSL certificate.
/// Returns the underlying OpenSSL certificate.
bool verify(const std::string& hostName, Poco::SharedPtr<Context> ptr);
/// Verifies the validity of the certificate against the hostname.
long verify(const std::string& hostName) const;
/// Verifies the validity of the certificate against the host name.
void extractNames(std::string& commonName, std::set<std::string>& domainNames) const;
/// Extracts the common name and the alias domain names from the
/// certificate.
Poco::DateTime validFrom() const;
/// Returns the date and time the certificate is valid from.
Poco::DateTime expiresOn() const;
/// Returns the date and time the certificate expires.
protected:
void init();
static bool containsWildcards(const std::string& commonName);
static bool matchByAlias(const std::string& alias, const HostEntry& heData);
private:
void initialize();
/// Extracts data from _pCert. Assumes _pCert != 0.
enum
{
NAME_BUFFER_SIZE = 256
};
private:
std::string _issuerName;
std::string _subjectName;
X509* _pCert;
std::string _file;
};

15
NetSSL_OpenSSL/samples/HTTPSTimeServer/HTTPSTimeServer.properties
View File

@@ -7,17 +7,8 @@ logging.formatters.f1.class = PatternFormatter
logging.formatters.f1.pattern = [%p] %t
logging.channels.c1.class = ConsoleChannel
logging.channels.c1.formatter = f1
# HTTPSTimeServer.format = %W, %e %b %y %H:%M:%S %Z
# HTTPSTimeServer.port = 9980
# openSSL.client.privateKeyFile = ${application.configDir}any.pem
# openSSL.client.caConfig = ${application.configDir}rootcert.pem
# openSSL.client.verificationMode = relaxed
# openSSL.client.verificationDepth = 9
# openSSL.client.loadDefaultCAFile = false
# openSSL.client.cypherList = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
# openSSL.client.privateKeyPassphraseHandler.name = KeyFileHandler
# openSSL.client.privateKeyPassphraseHandler.options.password = test
# openSSL.client.invalidCertificateHandler = AcceptCertificateHandler
HTTPSTimeServer.format = %W, %e %b %y %H:%M:%S %Z
HTTPSTimeServer.port = 9980
openSSL.server.privateKeyFile = ${application.configDir}any.pem
openSSL.server.caConfig = ${application.configDir}rootcert.pem
openSSL.server.verificationMode = none
@@ -25,5 +16,5 @@ openSSL.server.verificationDepth = 9
openSSL.server.loadDefaultCAFile = false
openSSL.server.cypherList = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
openSSL.server.privateKeyPassphraseHandler.name = KeyFileHandler
openSSL.server.privateKeyPassphraseHandler.options.password = test
openSSL.server.privateKeyPassphraseHandler.options.password = secret
openSSL.server.invalidCertificateHandler = AcceptCertificateHandler

48
NetSSL_OpenSSL/samples/download/any.pem
View File

@@ -1,48 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICaDCCAdECCQCzfxSsk7yaLjANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJB
VDESMBAGA1UECBMJQ2FyaW50aGlhMRIwEAYDVQQHEwlTdC4gSmFrb2IxDzANBgNV
BAoTBkFwcEluZjEPMA0GA1UEAxMGQXBwSW5mMRowGAYJKoZIhvcNAQkBFgthcHBA
aW5mLmNvbTAeFw0wNjAzMDExMzA3MzFaFw0wNjAzMzExMzA3MzFaMH4xCzAJBgNV
BAYTAkFUMRIwEAYDVQQIEwlDYXJpbnRoaWExETAPBgNVBAcTCFN0IEpha29iMRww
GgYDVQQKExNBcHBsaWVkIEluZm9ybWF0aWNzMQowCAYDVQQDFAEqMR4wHAYJKoZI
hvcNAQkBFg9pbmZvQGFwcGluZi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAJHGyXDHyCYoWz+65ltNwwZbhwOGnxr9P1WMATuFJh0bPBZxKbZRdbTm9KhZ
OlvsEIsfgiYdsxURYIqXfEgISYLZcZY0pQwGEOmB+0NeC/+ENSfOlNSthx6zSVlc
zhJ7+dJOGwepHAiLr1fRuc5jogYLraE+lKTnqAAFfzwvti77AgMBAAEwDQYJKoZI
hvcNAQEFBQADgYEAY/ZoeY1ukkEJX7259NeoVM0oahlulWV0rlCqyaeosOiDORPT
m6X1w/5MTCf9VyaD1zukoSZ4QqNVjHFXcXidbB7Tgt3yRuZ5PC5LIFCDPv9mgPne
mUA70yfctNfza2z3ZiQ6NDkW3mZX+1tmxYIrJQIrkVeYeqf1Gh2nyZrUMcE=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E7AE93C9E49184EA
A2IqzNcWs+I5vzV+i+woDk56+yr58eU0Onw8eEvXkLjnSc58JU4327IF7yUbKWdW
Q7BYGGOkVFiZ7ANOwviDg5SUhxRDWCcW8dS6/p1vfdQ1C3qj2OwJjkpg0aDBIzJn
FzgguT3MF3ama77vxv0S3kOfmCj62MLqPGpj5pQ0/1hefRFbL8oAX8bXUN7/rmGM
Zc0QyzFZv2iQ04dY/6TNclwKPB4H0On4K+8BMs3PRkWA0clCaQaFO2+iwnk3XZfe
+MsKUEbLCpAQeYspYv1cw38dCdWq1KTP5aJk+oXgwjfX5cAaPTz74NTqTIsCcaTD
3vy7ukJYFlDR9Kyo7z8rMazYrKJslhnuRH0BhK9st9McwL957j5tZmrKyraCcmCx
dMAGcsis1va3ayYZpIpFqA4EhYrTM+6N8ZRfUap20+b5IQwHfTQDejUhL6rBwy7j
Ti5yD83/itoOMyXq2sV/XWfVD5zk/P5iv22O1EAQMhhnPB9K/I/JhuSGQJfn3cNh
ykOUYT0+vDeSeEVa+FVEP1W35G0alTbKbNs5Tb8KxJ3iDJUxokM//SvPXZy9hOVX
Y05imB04J15DaGbAHlNzunhuJi7121WV/JRXZRW9diE6hwpD8rwqi3FMuRUmy7U9
aFA5poKRAYlo9YtZ3YpFyjGKB6MfCQcB2opuSnQ/gbugV41m67uQ4CDwWLaNRkTb
GlsMBNcHnidg15Bsat5HaB7l250ukrI13Uw1MYdDUzaS3gPfw9aC4F2w0p3U+DPH
80/zePxtroR7T4/+rI136Rl+aMXDMOEGCX1TVP8rjuZzuRyUSUKC8Q==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICXTCCAcYCCQC1Vk/N8qR4AjANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJB
VDESMBAGA1UECBMJQ2FyaW50aGlhMRIwEAYDVQQHEwlTdC4gSmFrb2IxDzANBgNV
BAoTBkFwcEluZjEPMA0GA1UEAxMGQXBwSW5mMRowGAYJKoZIhvcNAQkBFgthcHBA
aW5mLmNvbTAeFw0wNjAyMjcxMzI3MThaFw0wNjAzMjkxMzI3MThaMHMxCzAJBgNV
BAYTAkFUMRIwEAYDVQQIEwlDYXJpbnRoaWExEjAQBgNVBAcTCVN0LiBKYWtvYjEP
MA0GA1UEChMGQXBwSW5mMQ8wDQYDVQQDEwZBcHBJbmYxGjAYBgkqhkiG9w0BCQEW
C2FwcEBpbmYuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsFXiPuicN
Im4oJwF8NuaFN+lgYwcZ6dAO3ILIR3kLA2PxF8HSQLfF8J8a4odZhLhctIMAKTxm
k0w8TW5qhL8QLdGzY9vzvkgdKOkan2t3sMeXJAfrM1AphTsmgntAQazGZjOj5p4W
jDnxQ+VXAylqwjHh49eSBxM3wgoscF4iLQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AIpfLdXiKchPvFMhQS8xTtXvrw5dVL3yImUMYs4GQi8RrjGmfGB3yMAR7B/b8v4a
+ztfusgWAWiUKuSGTk4S8YB0fsFlmOv0WDr+PyZ4Lui/a8opbyzGE7rqpnF/s0GO
M7uLCNNwIN7WhmxcWV0KZU1wTppoSWPJda1yTbBzF9XP
-----END CERTIFICATE-----

3982
NetSSL_OpenSSL/samples/download/rootcert.pem
View File

File diff suppressed because it is too large Load Diff

14
NetSSL_OpenSSL/samples/download/src/download.cpp
View File

@@ -1,7 +1,7 @@
//
// download.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/samples/download/src/download.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/samples/download/src/download.cpp#8 $
//
// This sample demonstrates the URIStreamOpener class.
//
@@ -81,18 +81,10 @@ int main(int argc, char** argv)
}
// Note: we must create the passphrase handler prior Context
SharedPtr<PrivateKeyPassphraseHandler> ptrConsole = new KeyConsoleHandler(false); // ask the user via console for the pwd
SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler(false); // ask the user via console
SharedPtr<Context> ptrContext = new Context("any.pem", "rootcert.pem", false, Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
SSLManager::instance().initializeClient(ptrConsole, ptrCert, ptrContext);
Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
SSLManager::instance().initializeClient(0, ptrCert, ptrContext);
// init of server part is not required, but we keep the code here as an example
/*
ptrConsole = new KeyConsoleHandler(true); // ask the user via console for the pwd
ptrCert = new ConsoleCertificateHandler(true); // ask the user via console
ptrContext = new Context("any.pem", "rootcert.pem", true, Context::VERIFY_NONE, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
SSLManager::instance().initializeServer(ptrConsole, ptrCert, ptrContext);
*/
try
{
URI uri(argv[1]);

12
NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp
View File

@@ -1,13 +1,13 @@
//
// AcceptCertificateHandler.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp#11 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: AcceptCertificateHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -41,7 +41,7 @@ namespace Poco {
namespace Net {
AcceptCertificateHandler::AcceptCertificateHandler(bool server):InvalidCertificateHandler(server)
AcceptCertificateHandler::AcceptCertificateHandler(bool server): InvalidCertificateHandler(server)
{
}
@@ -51,4 +51,10 @@ AcceptCertificateHandler::~AcceptCertificateHandler()
}
void AcceptCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert)
{
errorCert.setIgnoreError(true);
}
} } // namespace Poco::Net

4
NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp
View File

@@ -1,13 +1,13 @@
//
// CertificateHandlerFactory.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: CertificateHandlerFactory
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

4
NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp
View File

@@ -1,13 +1,13 @@
//
// CertificateHandlerFactoryMgr.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp#10 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: CertificateHandlerFactoryMgr
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

19
NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp
View File

@@ -1,13 +1,13 @@
//
// ConsoleCertificateHandler.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp#11 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: ConsoleCertificateHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,7 +42,7 @@ namespace Poco {
namespace Net {
ConsoleCertificateHandler::ConsoleCertificateHandler(bool server):InvalidCertificateHandler(server)
ConsoleCertificateHandler::ConsoleCertificateHandler(bool server): InvalidCertificateHandler(server)
{
}
@@ -55,13 +55,14 @@ ConsoleCertificateHandler::~ConsoleCertificateHandler()
void ConsoleCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert)
{
const X509Certificate& aCert = errorCert.certificate();
std::cout << " Certificate:\n";
std::cout << "----------------\n";
std::cout << " IssuerName: \t" << aCert.issuerName() << "\n";
std::cout << " SubjectName:\t" << aCert.subjectName() << "\n\n";
std::cout << "\n";
std::cout << "WARNING: Certificate verification failed\n";
std::cout << "----------------------------------------\n";
std::cout << "Issuer Name: " << aCert.issuerName() << "\n";
std::cout << "Subject Name: " << aCert.subjectName() << "\n\n";
std::cout << "The certificate yielded the error: " << errorCert.errorMessage() << "\n\n";
std::cout << "The error occurred at in the certificate chain at position " << errorCert.errorDepth() << "\n";
std::cout << "Accept the certificate? (y,n)";
std::cout << "The error occurred in the certificate chain at position " << errorCert.errorDepth() << "\n";
std::cout << "Accept the certificate (y,n)? ";
char c;
std::cin >> c;
if (c == 'y' || c == 'Y')

76
NetSSL_OpenSSL/src/Context.cpp
View File

@@ -1,13 +1,13 @@
//
// Context.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/Context.cpp#2 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/Context.cpp#17 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: Context
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -37,6 +37,7 @@
#include "Poco/Net/Context.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/SSLException.h"
#include "Poco/Net/Utility.h"
#include "Poco/File.h"
#include <openssl/bio.h>
#include <openssl/err.h>
@@ -44,79 +45,82 @@
#include <openssl/x509v3.h>
using Poco::File;
namespace Poco {
namespace Net {
Context::Context(
Usage usage,
const std::string& privateKeyFile,
const std::string& certificateFile,
const std::string& caLocation,
bool isServerContext,
VerificationMode verMode,
VerificationMode verificationMode,
int verificationDepth,
bool loadCAFromDefaultPath,
const std::string& cypherList):_pSSLContext(0), _mode(verMode), _server(isServerContext)
bool loadDefaultCAs,
const std::string& cypherList):
_usage(usage),
_mode(verificationMode),
_pSSLContext(0)
{
_pSSLContext = SSL_CTX_new(SSLv23_method());
if (!_pSSLContext) throw SSLException("Cannot create SSL_CTX object");
SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPasswdCallback);
Utility::clearErrorStack();
int errCode = 0;
if (!caLocation.empty())
{
File aFile(caLocation);
Poco::File aFile(caLocation);
if (aFile.isDirectory())
errCode = SSL_CTX_load_verify_locations(_pSSLContext, 0, caLocation.c_str());
else
errCode = SSL_CTX_load_verify_locations(_pSSLContext, caLocation.c_str(), 0);
if (errCode != 1)
{
std::string msg = Utility::getLastError();
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
throw SSLContextException(std::string("Failed to load CA file/directory from ") + caLocation);
throw SSLContextException(std::string("Cannot load CA file/directory at ") + caLocation, msg);
}
}
if (loadCAFromDefaultPath)
if (loadDefaultCAs)
{
errCode = SSL_CTX_set_default_verify_paths(_pSSLContext);
if (errCode != 1)
{
std::string msg = Utility::getLastError();
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
throw SSLContextException(std::string("Failed to load CA file/directory from default location"));
throw SSLContextException("Cannot load default CA certificates", msg);
}
}
if (!privateKeyFile.empty())
{
errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, privateKeyFile.c_str());
if (errCode != 1)
{
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
throw SSLContextException(std::string("Error loading certificate from file ") + privateKeyFile);
}
File tmp(privateKeyFile);
poco_assert (tmp.exists());
errCode = SSL_CTX_use_PrivateKey_file(_pSSLContext, privateKeyFile.c_str(), SSL_FILETYPE_PEM);
if (errCode != 1)
{
std::string msg = Utility::getLastError();
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
throw SSLContextException(std::string("Error loading private key from file ") + privateKeyFile);
throw SSLContextException(std::string("Error loading private key from file ") + privateKeyFile, msg);
}
}
int flags = (int)verMode;
if (verMode == VERIFY_STRICT || verMode == VERIFY_ONCE)
flags |= SSL_VERIFY_PEER;
if (serverContext())
SSL_CTX_set_verify(_pSSLContext, flags, &SSLManager::verifyServerCallback);
if (!certificateFile.empty())
{
errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, certificateFile.c_str());
if (errCode != 1)
{
std::string errMsg = Utility::getLastError();
SSL_CTX_free(_pSSLContext);
throw SSLContextException(std::string("Error loading certificate from file ") + privateKeyFile, errMsg);
}
}
if (usage == SERVER_USE)
SSL_CTX_set_verify(_pSSLContext, verificationMode, &SSLManager::verifyServerCallback);
else
SSL_CTX_set_verify(_pSSLContext, flags, &SSLManager::verifyClientCallback);
SSL_CTX_set_verify(_pSSLContext, verificationMode, &SSLManager::verifyClientCallback);
SSL_CTX_set_verify_depth(_pSSLContext, verificationDepth);
SSL_CTX_set_mode(_pSSLContext, SSL_MODE_AUTO_RETRY);
}
@@ -124,11 +128,7 @@ Context::Context(
Context::~Context()
{
if (_pSSLContext)
{
SSL_CTX_free(_pSSLContext);
_pSSLContext = 0;
}
}

85
NetSSL_OpenSSL/src/HTTPSClientSession.cpp
View File

@@ -1,13 +1,13 @@
//
// HTTPSClientSession.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/HTTPSClientSession.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/HTTPSClientSession.cpp#13 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
// Module: HTTPSClientSession
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -37,12 +37,9 @@
#include "Poco/Net/HTTPSClientSession.h"
#include "Poco/Net/SecureStreamSocket.h"
#include "Poco/Net/SecureStreamSocketImpl.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/HTTPRequest.h"
#include "Poco/Net/HTTPResponse.h"
#include "Poco/Net/HTTPHeaderStream.h"
#include "Poco/Net/HTTPStream.h"
#include "Poco/Net/HTTPFixedLengthStream.h"
#include "Poco/Net/HTTPChunkedStream.h"
#include "Poco/Net/NetException.h"
#include "Poco/NumberFormatter.h"
@@ -56,24 +53,47 @@ namespace Net {
HTTPSClientSession::HTTPSClientSession():
HTTPClientSession(SecureStreamSocket())
HTTPClientSession(SecureStreamSocket()),
_pContext(SSLManager::instance().defaultClientContext())
{
setPort(Utility::HTTPS_PORT);
setPort(HTTPS_PORT);
}
HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket):
HTTPClientSession(socket)
HTTPClientSession(socket),
_pContext(socket.context())
{
setPort(Utility::HTTPS_PORT);
setPort(HTTPS_PORT);
}
HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port):
HTTPClientSession(SecureStreamSocket())
HTTPClientSession(SecureStreamSocket()),
_pContext(SSLManager::instance().defaultClientContext())
{
setHost(host);
setPort(port);
SecureStreamSocket sss(socket());
sss.setPeerHostName(host);
}
HTTPSClientSession::HTTPSClientSession(Context::Ptr pContext):
HTTPClientSession(SecureStreamSocket(pContext)),
_pContext(pContext)
{
}
HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext):
HTTPClientSession(SecureStreamSocket(pContext)),
_pContext(pContext)
{
setHost(host);
setPort(port);
SecureStreamSocket sss(socket());
sss.setPeerHostName(host);
}
@@ -82,26 +102,45 @@ HTTPSClientSession::~HTTPSClientSession()
}
std::string HTTPSClientSession::getHostInfo() const
X509Certificate HTTPSClientSession::serverCertificate()
{
std::string result("https://");
result.append(getHost());
result.append(":");
result.append(NumberFormatter::format(getPort()));
return result;
SecureStreamSocket sss(socket());
return sss.peerCertificate();
}
std::string HTTPSClientSession::proxyRequestPrefix() const
{
return std::string();
}
void HTTPSClientSession::connect(const SocketAddress& address)
{
if (!getProxyHost().empty())
if (getProxyHost().empty())
{
StreamSocket& aSock = socket();
SecureStreamSocketImpl* pImplSock = dynamic_cast<SecureStreamSocketImpl*>(aSock.impl());
poco_check_ptr (pImplSock);
pImplSock->setTunnelEndPoint(getHost(), getPort());
}
HTTPSession::connect(address);
}
else
{
HTTPClientSession proxySession(address);
proxySession.setHost(getProxyHost());
proxySession.setPort(getProxyPort());
SocketAddress targetAddress(getHost(), getPort());
HTTPRequest proxyRequest(HTTPRequest::HTTP_CONNECT, targetAddress.toString(), HTTPMessage::HTTP_1_1);
HTTPResponse proxyResponse;
proxyRequest.set("Proxy-Connection", "keep-alive");
proxyRequest.set("Host", getHost());
proxySession.setKeepAlive(true);
proxySession.sendRequest(proxyRequest);
proxySession.receiveResponse(proxyResponse);
if (proxyResponse.getStatus() != HTTPResponse::HTTP_OK)
throw HTTPException("Cannot establish proxy connection", proxyResponse.getReason());
StreamSocket proxySocket(proxySession.detachSocket());
SecureStreamSocket secureSocket = SecureStreamSocket::attach(proxySocket, getHost(), _pContext);
attachSocket(secureSocket);
}
}

4
NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp
View File

@@ -1,13 +1,13 @@
//
// HTTPSSessionInstantiator.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp#9 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
// Module: HTTPSSessionInstantiator
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

14
NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp
View File

@@ -1,13 +1,13 @@
//
// HTTPSStreamFactory.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp#10 $
//
// Library: NetSSL_OpenSSL
// Package: HTTPSClient
// Module: HTTPSStreamFactory
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -118,14 +118,14 @@ std::istream* HTTPSStreamFactory::open(const URI& uri)
}
else if (res.getStatus() == HTTPResponse::HTTP_USEPROXY && !retry)
{
//The requested resource MUST be accessed through the proxy
//given by the Location field. The Location field gives the
//URI of the proxy. The recipient is expected to repeat this
//single request via the proxy. 305 responses MUST only be generated by origin servers.
// The requested resource MUST be accessed through the proxy
// given by the Location field. The Location field gives the
// URI of the proxy. The recipient is expected to repeat this
// single request via the proxy. 305 responses MUST only be generated by origin servers.
// only use for one single request!
proxyUri.resolve(res.get("Location"));
delete pSession; pSession = 0;
retry = true; //only allow useproxy once
retry = true; // only allow useproxy once
}
else
{

4
NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp
View File

@@ -1,13 +1,13 @@
//
// InvalidCertificateHandler.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp#11 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: InvalidCertificateHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

6
NetSSL_OpenSSL/src/KeyConsoleHandler.cpp
View File

@@ -1,13 +1,13 @@
//
// KeyConsoleHandler.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp#11 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: KeyConsoleHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -54,7 +54,7 @@ KeyConsoleHandler::~KeyConsoleHandler()
void KeyConsoleHandler::onPrivateKeyRequested(const void* pSender, std::string& privateKey)
{
std::cout << "Please enter the pass-phrase for the private key: ";
std::cout << "Please enter the passphrase for the private key: ";
std::cin >> privateKey;
}

10
NetSSL_OpenSSL/src/KeyFileHandler.cpp
View File

@@ -1,13 +1,13 @@
//
// KeyFileHandler.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/KeyFileHandler.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/KeyFileHandler.cpp#12 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: KeyFileHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -63,12 +63,12 @@ void KeyFileHandler::onPrivateKeyRequested(const void* pSender, std::string& pri
{
Poco::Util::LayeredConfiguration& config = Poco::Util::Application::instance().config();
std::string prefix = serverSide() ? SSLManager::CFG_SERVER_PREFIX : SSLManager::CFG_CLIENT_PREFIX;
if (!config.hasProperty(prefix+CFG_PRIV_KEY_FILE))
if (!config.hasProperty(prefix + CFG_PRIV_KEY_FILE))
{
throw Poco::Util::EmptyOptionException(std::string("Missing Configuration Entry: ") + prefix+CFG_PRIV_KEY_FILE);
throw Poco::Util::EmptyOptionException(std::string("Missing Configuration Entry: ") + prefix + CFG_PRIV_KEY_FILE);
}
privateKey = config.getString(prefix+CFG_PRIV_KEY_FILE);
privateKey = config.getString(prefix + CFG_PRIV_KEY_FILE);
}

4
NetSSL_OpenSSL/src/PrivateKeyFactory.cpp
View File

@@ -1,13 +1,13 @@
//
// PrivateKeyFactory.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: PrivateKeyFactory
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

4
NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp
View File

@@ -1,13 +1,13 @@
//
// PrivateKeyFactoryMgr.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp#10 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: PrivateKeyFactoryMgr
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

4
NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp
View File

@@ -1,13 +1,13 @@
//
// PrivateKeyPassphraseHandler.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp#8 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: PrivateKeyPassphraseHandler
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

11
NetSSL_OpenSSL/src/SSLException.cpp
View File

@@ -1,13 +1,13 @@
//
// SSLException.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/SSLException.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SSLException.cpp#10 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: SSLException
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -42,9 +42,10 @@ namespace Poco {
namespace Net {
POCO_IMPLEMENT_EXCEPTION(SSLException, NetException, "SSLException")
POCO_IMPLEMENT_EXCEPTION(SSLContextException, SSLException, "SSLContextException")
POCO_IMPLEMENT_EXCEPTION(InvalidCertificateException, SSLException, "InvalidCertificateException")
POCO_IMPLEMENT_EXCEPTION(SSLException, NetException, "SSL Exception")
POCO_IMPLEMENT_EXCEPTION(SSLContextException, SSLException, "SSL context exception")
POCO_IMPLEMENT_EXCEPTION(InvalidCertificateException, SSLException, "Invalid certficate")
POCO_IMPLEMENT_EXCEPTION(CertificateValidationException, SSLException, "Certificate validation error")
} } // namespace Poco::Net

4
NetSSL_OpenSSL/src/SSLInitializer.cpp
View File

@@ -1,13 +1,13 @@
//
// SSLInitializer.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/SSLInitializer.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SSLInitializer.cpp#11 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: SSLInitializer
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

53
NetSSL_OpenSSL/src/SSLManager.cpp
View File

@@ -1,13 +1,13 @@
//
// SSLManager.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/SSLManager.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SSLManager.cpp#14 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: SSLManager
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -39,6 +39,7 @@
#include "Poco/Net/Utility.h"
#include "Poco/Net/PrivateKeyPassphraseHandler.h"
#include "Poco/Net/SSLInitializer.h"
#include "Poco/Net/SSLException.h"
#include "Poco/SingletonHolder.h"
#include "Poco/Delegate.h"
#include "Poco/Util/Application.h"
@@ -51,6 +52,7 @@ namespace Net {
const std::string SSLManager::CFG_PRIV_KEY_FILE("privateKeyFile");
const std::string SSLManager::CFG_CERTIFICATE_FILE("certificateFile");
const std::string SSLManager::CFG_CA_LOCATION("caConfig");
const std::string SSLManager::CFG_VER_MODE("verificationMode");
const Context::VerificationMode SSLManager::VAL_VER_MODE(Context::VERIFY_STRICT);
@@ -79,12 +81,6 @@ SSLManager::~SSLManager()
PrivateKeyPassPhrase.clear();
ClientVerificationError.clear();
ServerVerificationError.clear();
_ptrServerPassPhraseHandler = 0;
_ptrServerCertificateHandler = 0;
_ptrDefaultServerContext = 0;
_ptrClientPassPhraseHandler = 0;
_ptrClientCertificateHandler = 0;
_ptrDefaultClientContext = 0;
SSLInitializer::uninitialize();
}
@@ -96,7 +92,7 @@ SSLManager& SSLManager::instance()
}
void SSLManager::initializeServer(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseHandler, InvalidCertificateHandlerPtr& ptrHandler, ContextPtr ptrContext)
void SSLManager::initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassPhraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext)
{
_ptrServerPassPhraseHandler = ptrPassPhraseHandler;
_ptrServerCertificateHandler = ptrHandler;
@@ -104,7 +100,7 @@ void SSLManager::initializeServer(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseH
}
void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseHandler, InvalidCertificateHandlerPtr& ptrHandler, ContextPtr ptrContext)
void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassPhraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext)
{
_ptrClientPassPhraseHandler = ptrPassPhraseHandler;
_ptrClientCertificateHandler = ptrHandler;
@@ -112,7 +108,7 @@ void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr& ptrPassPhraseH
}
SSLManager::ContextPtr SSLManager::defaultServerContext()
Context::Ptr SSLManager::defaultServerContext()
{
if (!_ptrDefaultServerContext)
initDefaultContext(true);
@@ -121,7 +117,7 @@ SSLManager::ContextPtr SSLManager::defaultServerContext()
}
SSLManager::ContextPtr SSLManager::defaultClientContext()
Context::Ptr SSLManager::defaultClientContext()
{
if (!_ptrDefaultClientContext)
initDefaultContext(false);
@@ -210,34 +206,31 @@ void SSLManager::initDefaultContext(bool server)
Poco::Util::LayeredConfiguration& config = Poco::Util::Application::instance().config();
std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
if (!config.hasProperty(prefix+CFG_PRIV_KEY_FILE))
{
throw Poco::Util::EmptyOptionException(std::string("Missing Configuration Entry: ") + prefix+CFG_PRIV_KEY_FILE);
}
// mandatory options
std::string privKeyFile = config.getString(prefix+CFG_PRIV_KEY_FILE);
std::string caLocation = config.getString(prefix+CFG_CA_LOCATION);
std::string privKeyFile = config.getString(prefix + CFG_PRIV_KEY_FILE, "");
std::string certFile = config.getString(prefix + CFG_CERTIFICATE_FILE, privKeyFile);
std::string caLocation = config.getString(prefix + CFG_CA_LOCATION, "");
if (certFile.empty() && privKeyFile.empty())
throw SSLException("Configuration error: no certificate file has been specified.");
// optional options for which we have defaults defined
Context::VerificationMode verMode = VAL_VER_MODE;
if (config.hasProperty(prefix+CFG_VER_MODE))
if (config.hasProperty(prefix + CFG_VER_MODE))
{
// either: none, relaxed, strict, once
std::string mode = config.getString(prefix+CFG_VER_MODE);
std::string mode = config.getString(prefix + CFG_VER_MODE);
verMode = Utility::convertVerificationMode(mode);
}
int verDepth = config.getInt(prefix+CFG_VER_DEPTH, VAL_VER_DEPTH);
bool loadDefCA = config.getBool(prefix+CFG_ENABLE_DEFAULT_CA, VAL_ENABLE_DEFAULT_CA);
std::string cypherList = config.getString(prefix+CFG_CYPHER_LIST, VAL_CYPHER_LIST);
int verDepth = config.getInt(prefix + CFG_VER_DEPTH, VAL_VER_DEPTH);
bool loadDefCA = config.getBool(prefix + CFG_ENABLE_DEFAULT_CA, VAL_ENABLE_DEFAULT_CA);
std::string cypherList = config.getString(prefix + CFG_CYPHER_LIST, VAL_CYPHER_LIST);
if (server)
{
_ptrDefaultServerContext = new Context(privKeyFile, caLocation, server, verMode, verDepth, loadDefCA, cypherList);
}
_ptrDefaultServerContext = new Context(Context::SERVER_USE, privKeyFile, certFile, caLocation, verMode, verDepth, loadDefCA, cypherList);
else
{
_ptrDefaultClientContext = new Context(privKeyFile, caLocation, server, verMode, verDepth, loadDefCA, cypherList);
}
_ptrDefaultClientContext = new Context(Context::CLIENT_USE, privKeyFile, certFile, caLocation, verMode, verDepth, loadDefCA, cypherList);
}
@@ -256,7 +249,7 @@ void SSLManager::initPassPhraseHandler(bool server)
std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
Poco::Util::LayeredConfiguration& config = Poco::Util::Application::instance().config();
std::string className(config.getString(prefix+CFG_DELEGATE_HANDLER, VAL_DELEGATE_HANDLER));
std::string className(config.getString(prefix + CFG_DELEGATE_HANDLER, VAL_DELEGATE_HANDLER));
const PrivateKeyFactory* pFactory = 0;
if (privateKeyFactoryMgr().hasFactory(className))

40
NetSSL_OpenSSL/src/SecureServerSocket.cpp
View File

@@ -1,13 +1,13 @@
//
// SecureServerSocket.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/SecureServerSocket.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SecureServerSocket.cpp#12 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureServerSocket
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -37,6 +37,7 @@
#include "Poco/Net/SecureServerSocket.h"
#include "Poco/Net/SecureServerSocketImpl.h"
#include "Poco/Net/SecureStreamSocket.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Exception.h"
@@ -48,7 +49,13 @@ namespace Net {
SecureServerSocket::SecureServerSocket():
ServerSocket(new SecureServerSocketImpl, true)
ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true)
{
}
SecureServerSocket::SecureServerSocket(Context::Ptr pContext):
ServerSocket(new SecureServerSocketImpl(pContext), true)
{
}
@@ -62,7 +69,15 @@ SecureServerSocket::SecureServerSocket(const Socket& socket):
SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog):
ServerSocket(new SecureServerSocketImpl, true)
ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true)
{
impl()->bind(address, true);
impl()->listen(backlog);
}
SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext):
ServerSocket(new SecureServerSocketImpl(pContext), true)
{
impl()->bind(address, true);
impl()->listen(backlog);
@@ -70,7 +85,16 @@ SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog
SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog):
ServerSocket(new SecureServerSocketImpl, true)
ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true)
{
IPAddress wildcardAddr;
SocketAddress address(wildcardAddr, port);
impl()->bind(address, true);
impl()->listen(backlog);
}
SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext):
ServerSocket(new SecureServerSocketImpl(pContext), true)
{
IPAddress wildcardAddr;
SocketAddress address(wildcardAddr, port);
@@ -110,4 +134,10 @@ StreamSocket SecureServerSocket::acceptConnection()
}
Context::Ptr SecureServerSocket::context() const
{
return static_cast<SecureServerSocketImpl*>(impl())->context();
}
} } // namespace Poco::Net

39
NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp
View File

@@ -1,13 +1,13 @@
//
// SecureServerSocketImpl.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureServerSocketImpl
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -41,7 +41,8 @@ namespace Poco {
namespace Net {
SecureServerSocketImpl::SecureServerSocketImpl()
SecureServerSocketImpl::SecureServerSocketImpl(Context::Ptr pContext):
_impl(new ServerSocketImpl, pContext)
{
}
@@ -53,78 +54,76 @@ SecureServerSocketImpl::~SecureServerSocketImpl()
SocketImpl* SecureServerSocketImpl::acceptConnection(SocketAddress& clientAddr)
{
return _socket.acceptConnection(clientAddr);
return _impl.acceptConnection(clientAddr);
}
void SecureServerSocketImpl::connect(const SocketAddress& address)
{
_socket.connect(address);
setSockfd(_socket.sockfd());
throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket");
}
void SecureServerSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout)
{
_socket.connect(address, timeout);
setSockfd(_socket.sockfd());
throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket");
}
void SecureServerSocketImpl::connectNB(const SocketAddress& address)
{
_socket.connectNB(address);
setSockfd(_socket.sockfd());
throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket");
}
void SecureServerSocketImpl::bind(const SocketAddress& address, bool reuseAddress)
{
_socket.bind(address, reuseAddress);
_impl.bind(address, reuseAddress);
reset(_impl.sockfd());
}
void SecureServerSocketImpl::listen(int backlog)
{
_socket.listen(backlog);
setSockfd(_socket.sockfd());
_impl.listen(backlog);
reset(_impl.sockfd());
}
void SecureServerSocketImpl::close()
{
invalidate();
_socket.close();
reset();
_impl.close();
}
int SecureServerSocketImpl::sendBytes(const void* buffer, int length, int flags)
{
return _socket.sendBytes(buffer, length, flags);
throw Poco::InvalidAccessException("Cannot sendBytes() on a SecureServerSocket");
}
int SecureServerSocketImpl::receiveBytes(void* buffer, int length, int flags)
{
return _socket.receiveBytes(buffer, length, flags);
throw Poco::InvalidAccessException("Cannot receiveBytes() on a SecureServerSocket");
}
int SecureServerSocketImpl::sendTo(const void* buffer, int length, const SocketAddress& address, int flags)
{
return _socket.sendTo(buffer, length, address, flags);
throw Poco::InvalidAccessException("Cannot sendTo() on a SecureServerSocket");
}
int SecureServerSocketImpl::receiveFrom(void* buffer, int length, SocketAddress& address, int flags)
{
return _socket.receiveFrom(buffer, length, address, flags);
throw Poco::InvalidAccessException("Cannot receiveFrom() on a SecureServerSocket");
}
void SecureServerSocketImpl::sendUrgent(unsigned char data)
{
return _socket.sendUrgent(data);
throw Poco::InvalidAccessException("Cannot sendUrgent() on a SecureServerSocket");
}

699
NetSSL_OpenSSL/src/SecureSocketImpl.cpp
View File

@@ -1,13 +1,13 @@
//
// SecureSocketImpl.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#6 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#29 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureSocketImpl
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -36,19 +36,19 @@
#include "Poco/Net/SecureSocketImpl.h"
#include "Poco/Net/SSLException.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/Context.h"
#include "Poco/Net/X509Certificate.h"
#include "Poco/Net/Utility.h"
#include "Poco/Net/SecureStreamSocket.h"
#include "Poco/Net/SecureStreamSocketImpl.h"
#include "Poco/Net/StreamSocketImpl.h"
#include "Poco/Net/StreamSocket.h"
#include "Poco/Net/NetException.h"
#include "Poco/Net/DNS.h"
#include "Poco/NumberFormatter.h"
#include "Poco/NumberParser.h"
#include "Poco/String.h"
#include "Poco/RegularExpression.h"
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <set>
using Poco::IOException;
@@ -62,29 +62,17 @@ using Poco::Timespan;
#define POCO_BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(void*)((n)?"a":NULL))
namespace Poco {
namespace Net {
static void getCertNames (X509*, std::string& commonName, std::set<std::string>& DNSNames);
SecureSocketImpl::SecureSocketImpl():_pBIO(0), _pSSL(0)
SecureSocketImpl::SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext):
_pSSL(0),
_pSocket(pSocketImpl),
_pContext(pContext)
{
}
SecureSocketImpl::SecureSocketImpl(SSL *pSSL): _pSSL(pSSL)
{
poco_check_ptr (_pSSL);
_pBIO = SSL_get_rbio(_pSSL);
poco_check_ptr (_pBIO);
int tmpSocket = 0;
BIO_get_fd(_pBIO, &tmpSocket);
setSockfd(tmpSocket);
poco_check_ptr (_pSocket);
poco_check_ptr (_pContext);
}
@@ -96,540 +84,305 @@ SecureSocketImpl::~SecureSocketImpl()
SocketImpl* SecureSocketImpl::acceptConnection(SocketAddress& clientAddr)
{
poco_assert (sockfd() != POCO_INVALID_SOCKET);
poco_check_ptr (_pBIO);
poco_assert (!_pSSL);
BIO* pClient = 0;
int rc = 0;
do
{
rc = BIO_do_accept(_pBIO);
}
while (rc <= 0 && _socket.lastError() == POCO_EINTR);
if (rc > 0)
{
pClient = BIO_pop(_pBIO);
poco_check_ptr (pClient);
SSL* pSSL = SSL_new(SSLManager::instance().defaultServerContext()->sslContext());
if (pSSL)
{
SSL_set_accept_state(pSSL);
SSL_set_bio(pSSL, pClient, pClient);
int err = SSL_accept(pSSL);
if (err > 0)
{
SecureStreamSocketImpl* pSI = new SecureStreamSocketImpl(pSSL);
clientAddr = pSI->peerAddress();
std::string clientName = clientAddr.host().toString();
if (X509_V_OK != postConnectionCheck(true, pSSL, clientName))
{
delete pSI;
pSI = 0;
SSL_shutdown(pSSL);
SSL_free(pSSL);
pClient = 0;
SocketImpl::error("postConnectionCheck failed"); // will throw
}
return pSI;
}
else
{
std::string errMsg = Utility::convertSSLError(pSSL, err);
SSL_shutdown(pSSL);
SSL_free(pSSL);
SocketImpl::error(std::string("failed to acceptConnection: ") + errMsg);
}
}
else
{
BIO_free(pClient);
}
}
SocketImpl::error(); // will throw
return 0;
StreamSocket ss = _pSocket->acceptConnection(clientAddr);
Poco::AutoPtr<SecureStreamSocketImpl> pSecureStreamSocketImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(ss.impl()), _pContext);
pSecureStreamSocketImpl->acceptSSL();
pSecureStreamSocketImpl->duplicate();
return pSecureStreamSocketImpl;
}
void SecureSocketImpl::connect(const SocketAddress& address)
void SecureSocketImpl::acceptSSL()
{
if (sockfd() == POCO_INVALID_SOCKET)
poco_assert (!_pSSL);
BIO* pBIO = BIO_new(BIO_s_socket());
if (!pBIO) throw SSLException("Cannot create BIO object");
BIO_set_fd(pBIO, _pSocket->sockfd(), BIO_NOCLOSE);
_pSSL = SSL_new(_pContext->sslContext());
if (!_pSSL)
{
if (!_pBIO)
_pBIO = BIO_new(BIO_s_connect());
BIO_free(pBIO);
throw SSLException("Cannot create SSL object");
}
int rc = 0;
do
{
BIO_set_conn_hostname(_pBIO, address.host().toString().c_str());
int tmp = address.port();
BIO_set_conn_int_port(_pBIO, &tmp);
rc = BIO_do_connect(_pBIO); // returns 1 in case of ok!
}
while (rc != 1 && _socket.lastError() == POCO_EINTR);
if (rc != 1) SocketImpl::error(address.toString());
establishTunnel();
connectSSL(address);
poco_check_ptr (_pSSL);
}
void SecureSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout)
{
poco_assert (sockfd() == POCO_INVALID_SOCKET);
poco_assert (_pSSL == 0);
poco_assert (_pBIO == 0);
_pBIO = BIO_new(BIO_s_connect());
POCO_BIO_set_nbio_accept(_pBIO, 1); // set nonblocking
SSL_set_bio(_pSSL, pBIO, pBIO);
try
{
BIO_set_conn_hostname(_pBIO, address.host().toString().c_str());
int tmp = address.port();
BIO_set_conn_int_port(_pBIO, &tmp);
int rc = BIO_do_connect(_pBIO); // returns 1 in case of ok!
if (rc != 1)
if (_pSocket->getBlocking())
{
if (_socket.lastError() != POCO_EINPROGRESS && _socket.lastError() != POCO_EWOULDBLOCK)
SocketImpl::error(address.toString());
if (!_socket.poll(timeout, SocketImpl::SELECT_READ | SocketImpl::SELECT_WRITE))
throw Poco::TimeoutException("connect timed out", address.toString());
int err = _socket.socketError();
if (err != 0) SocketImpl::error(err);
}
establishTunnel();
connectSSL(address);
poco_check_ptr (_pSSL);
}
catch (Poco::Exception&)
int err = SSL_accept(_pSSL);
if (err > 0)
{
POCO_BIO_set_nbio_accept(_pBIO, 0);
throw;
}
POCO_BIO_set_nbio_accept(_pBIO, 0);
}
void SecureSocketImpl::connectNB(const SocketAddress& address)
{
if (sockfd() == POCO_INVALID_SOCKET)
std::string clientName = _pSocket->peerAddress().host().toString();
long certErr = verifyCertificate(clientName);
if (certErr != X509_V_OK)
{
if(!_pBIO)
_pBIO = BIO_new(BIO_s_connect());
std::string msg = Utility::convertCertificateError(certErr);
throw CertificateValidationException("Unacceptable certificate from " + clientName, msg);
}
POCO_BIO_set_nbio_accept(_pBIO, 1); //setnonBlocking
BIO_set_conn_hostname(_pBIO, address.host().toString().c_str());
int tmp = address.port();
BIO_set_conn_int_port(_pBIO, &tmp);
int rc = BIO_do_connect(_pBIO); // returns 1 in case of ok!
if (rc != 1)
{
if (_socket.lastError() != POCO_EINPROGRESS && _socket.lastError() != POCO_EWOULDBLOCK)
SocketImpl::error(address.toString());
}
else
{
establishTunnel();
connectSSL(address);
poco_check_ptr (_pSSL);
handleError(err);
}
}
else
{
SSL_set_accept_state(_pSSL);
}
}
catch (...)
{
SSL_shutdown(_pSSL);
SSL_free(_pSSL);
_pSSL = 0;
throw;
}
}
void SecureSocketImpl::connect(const SocketAddress& address, const std::string& hostName)
{
poco_assert (!_pSSL);
_pSocket->connect(address);
connectSSL(hostName);
}
void SecureSocketImpl::connect(const SocketAddress& address, const std::string& hostName, const Poco::Timespan& timeout)
{
poco_assert (!_pSSL);
_pSocket->connect(address, timeout);
connectSSL(hostName);
}
void SecureSocketImpl::connectNB(const SocketAddress& address, const std::string& hostName)
{
poco_assert (!_pSSL);
_pSocket->connectNB(address);
connectSSL(hostName);
}
void SecureSocketImpl::connectSSL(const std::string& hostName)
{
poco_assert (!_pSSL);
poco_assert (_pSocket->initialized());
BIO* pBIO = BIO_new(BIO_s_socket());
if (!pBIO) throw SSLException("Cannot create SSL BIO object");
BIO_set_fd(pBIO, _pSocket->sockfd(), BIO_NOCLOSE);
_pSSL = SSL_new(_pContext->sslContext());
if (!_pSSL)
{
BIO_free(pBIO);
throw SSLException("Cannot create SSL object");
}
SSL_set_bio(_pSSL, pBIO, pBIO);
try
{
if (_pSocket->getBlocking())
{
int ret = SSL_connect(_pSSL);
handleError(ret);
long certErr = verifyCertificate(hostName);
if (certErr != X509_V_OK)
{
std::string msg = Utility::convertCertificateError(certErr);
throw InvalidCertificateException(msg);
}
}
else
{
SSL_set_connect_state(_pSSL);
}
}
catch (...)
{
SSL_free(_pSSL);
_pSSL = 0;
throw;
}
}
void SecureSocketImpl::bind(const SocketAddress& address, bool reuseAddress)
{
_socket.bind(address, reuseAddress);
poco_check_ptr (_pSocket);
_pSocket->bind(address, reuseAddress);
}
void SecureSocketImpl::listen(int backlog)
{
_socket.listen(backlog);
_pBIO = BIO_new (BIO_s_accept());
BIO_set_fd(_pBIO, (int)sockfd(), BIO_CLOSE);
poco_check_ptr (_pSocket);
_pSocket->listen(backlog);
}
void SecureSocketImpl::shutdown()
{
if (_pSSL)
{
// if we can't get a clean SSL shutdown after 10
// attempts, something's probably wrong with the
// peer and we give up.
int rc;
int attempts = 0;
do
{
rc = SSL_shutdown(_pSSL);
++attempts;
}
while (rc == 0 && attempts < 10);
if (rc < 0) handleError(rc);
SSL_clear(_pSSL);
SSL_free(_pSSL);
_pSSL = 0;
}
}
void SecureSocketImpl::close()
{
if (_pSSL)
{
if (SSL_get_shutdown(_pSSL) & SSL_RECEIVED_SHUTDOWN)
{
SSL_shutdown(_pSSL);
}
else
{
SSL_clear(_pSSL);
}
SSL_free(_pSSL); // frees _pBIO
_pSSL = 0;
_pBIO = 0;
}
if (_pBIO)
{
BIO_free_all(_pBIO); //free all, even BIOs for pending connections
_pBIO = 0;
}
invalidate(); // the socket is already invalid, although the fd still contains a meaningful value, correct that
shutdown();
_pSocket->close();
}
int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
{
poco_assert (sockfd() != POCO_INVALID_SOCKET);
if (!_pSSL)
throw SSLException("Cannot write to closed/uninitialized socket");
poco_assert (_pSocket->initialized());
poco_check_ptr (_pSSL);
int rc;
do
{
rc = SSL_write(_pSSL, buffer, length);
if (rc < 0)
}
while (rc <= 0 && _pSocket->lastError() == POCO_EINTR);
if (rc <= 0)
{
std::string errMsg = Utility::convertSSLError(_pSSL, rc);
return handleError(rc);
}
}
while (rc < 0 && _socket.lastError() == POCO_EINTR);
if (rc < 0) SocketImpl::error();
return rc;
}
int SecureSocketImpl::receiveBytes(void* buffer, int length, int flags)
{
if (sockfd() == POCO_INVALID_SOCKET || !_pSSL)
throw SSLException("Cannot read from closed/uninitialized socket");
poco_assert (_pSocket->initialized());
poco_check_ptr (_pSSL);
int rc;
bool renegotiating = false;
do
{
rc = SSL_read(_pSSL, buffer, length);
}
while (rc <= 0 && _pSocket->lastError() == POCO_EINTR);
if (rc <= 0)
{
switch (SSL_get_error(_pSSL, rc))
{
case SSL_ERROR_ZERO_RETURN:
// connection closed
close();
break;
case SSL_ERROR_NONE:
case SSL_ERROR_WANT_WRITE: //renegotiation
case SSL_ERROR_WANT_READ: //renegotiation
renegotiating = true;
break;
default:
;
}
}
}
while (rc < 0 && _socket.lastError() == POCO_EINTR);
if (rc < 0)
{
if (renegotiating || _socket.lastError() == POCO_EAGAIN || _socket.lastError() == POCO_ETIMEDOUT)
throw TimeoutException();
else
SocketImpl::error("failed to read bytes");
return handleError(rc);
}
return rc;
}
int SecureSocketImpl::sendTo(const void* buffer, int length, const SocketAddress& address, int flags)
long SecureSocketImpl::verifyCertificate(const std::string& hostName)
{
throw NetException("sendTo not possible with SSL");
}
int SecureSocketImpl::receiveFrom(void* buffer, int length, SocketAddress& address, int flags)
{
throw NetException("receiveFrom not possible with SSL");
}
void SecureSocketImpl::sendUrgent(unsigned char data)
{
// SSL doesn't support out-of-band data
sendBytes(reinterpret_cast<const void*>(&data), sizeof(data));
}
long SecureSocketImpl::postConnectionCheck(bool server, SSL* pSSL, const std::string& hostName)
{
static std::string locHost("127.0.0.1");
SSLManager& mgr = SSLManager::instance();
SSLManager::ContextPtr pContext = server? mgr.defaultServerContext(): mgr.defaultClientContext();
Context::VerificationMode mode = pContext->verificationMode();
if (hostName == locHost && mode != Context::VERIFY_STRICT)
return X509_V_OK;
X509* cert = 0;
X509_NAME* subj = 0;
if (mode == Context::VERIFY_NONE) // should we allow none on the client side?
Context::VerificationMode mode = _pContext->verificationMode();
if (mode == Context::VERIFY_NONE || isLocalHost(hostName) && mode != Context::VERIFY_STRICT)
{
return X509_V_OK;
}
cert = SSL_get_peer_certificate(pSSL);
return postConnectionCheck(pContext, cert, hostName);
X509* pCert = SSL_get_peer_certificate(_pSSL);
if (pCert)
{
X509Certificate cert(pCert);
return cert.verify(hostName);
}
else return X509_V_OK;
}
long SecureSocketImpl::postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName)
bool SecureSocketImpl::isLocalHost(const std::string& hostName)
{
static std::string locHost("127.0.0.1");
SocketAddress addr(hostName, 0);
return addr.host().isLoopback();
}
SSLManager& mgr = SSLManager::instance();
bool server = pContext->serverContext();
Context::VerificationMode mode = pContext->verificationMode();
if (hostName == locHost && mode != Context::VERIFY_STRICT)
return X509_V_OK;
X509* cert = pCert;
X509_NAME* subj = 0;
char* host = const_cast<char*>(hostName.c_str());
int extcount=0;
if (mode == Context::VERIFY_NONE) // should we allow none on the client side?
{
return X509_V_OK;
}
// note: the check is used by the client, so as long we don't set None at the client we reject
// cases where no certificate/incomplete info is presented by the server
if ((!cert || !host) && mode != Context::VERIFY_NONE)
{
if (cert)
X509_free(cert);
return X509_V_ERR_APPLICATION_VERIFICATION;
}
std::string commonName;
std::set<std::string> dnsNames;
getCertNames(cert, commonName, dnsNames);
bool ok = (dnsNames.find(hostName) != dnsNames.end());
char data[256];
if (!ok && (subj = X509_get_subject_name(cert)) && X509_NAME_get_text_by_NID(subj, NID_commonName, data, 256) > 0)
{
data[255] = 0;
std::string strData(data); // commonName can contain wildcards like *.appinf.com
try
{
// two cases: strData contains wildcards or not
if (SecureSocketImpl::containsWildcards(strData))
{
// a compare by IPAddress is not possible with wildcards
// only allow compare by name
const HostEntry& heData = DNS::resolve(hostName);
ok = SecureSocketImpl::matchByAlias(strData, heData);
}
X509* SecureSocketImpl::peerCertificate() const
{
if (_pSSL)
return SSL_get_peer_certificate(_pSSL);
else
return 0;
}
int SecureSocketImpl::handleError(int rc)
{
if (rc > 0) return rc;
int sslError = SSL_get_error(_pSSL, rc);
switch (sslError)
{
// it depends on hostname if we compare by IP or by alias
IPAddress ip;
if (IPAddress::tryParse(hostName, ip))
case SSL_ERROR_ZERO_RETURN:
return 0;
case SSL_ERROR_WANT_READ:
return SecureStreamSocket::ERR_SSL_WANT_READ;
case SSL_ERROR_WANT_WRITE:
return SecureStreamSocket::ERR_SSL_WANT_WRITE;
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
case SSL_ERROR_WANT_X509_LOOKUP:
// these should not occur
poco_bugcheck();
return rc;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
{
// compare by IP
const HostEntry& heData = DNS::resolve(strData);
const HostEntry::AddressList& addr = heData.addresses();
HostEntry::AddressList::const_iterator it = addr.begin();
HostEntry::AddressList::const_iterator itEnd = addr.end();
for (; it != itEnd && !ok; ++it)
long lastError = ERR_get_error();
if (lastError == 0)
{
ok = (*it == ip);
if (rc == 0)
{
throw SSLException("The underlying socket connection has been unexpectedly closed");
}
else if (rc == -1)
{
SecureStreamSocketImpl::error("The BIO reported an error");
}
}
else
{
// compare by name
const HostEntry& heData = DNS::resolve(hostName);
ok = SecureSocketImpl::matchByAlias(strData, heData);
}
}
}
catch(HostNotFoundException&)
{
if (cert)
X509_free(cert);
return X509_V_ERR_APPLICATION_VERIFICATION;
}
}
if (cert)
X509_free(cert);
// we already have a verify callback registered so no need to ask twice SSL_get_verify_result(pSSL);
if (ok)
return X509_V_OK;
return X509_V_ERR_APPLICATION_VERIFICATION;
}
void SecureSocketImpl::connectSSL(const SocketAddress& address)
{
if (!_pSSL)
{
_pSSL = SSL_new(SSLManager::instance().defaultClientContext()->sslContext());
SSL_set_bio(_pSSL, _pBIO, _pBIO);
}
std::string errMsg;
int ret = SSL_connect(_pSSL);
if (ret <= 0)
{
errMsg = Utility::convertSSLError(_pSSL, ret);
throw SSLException(errMsg);
}
std::string serverName = address.host().toString();
long errCode = 0;
if (_endHost.empty())
postConnectionCheck(false, _pSSL, serverName);
else
postConnectionCheck(false, _pSSL, _endHost);
bool err = false;
if (errCode != X509_V_OK)
{
err = true;
errMsg = Utility::convertCertificateError(errCode);
}
else
{
int tmpSocket=0;
BIO_get_fd(_pBIO,&tmpSocket);
poco_assert (-1 != tmpSocket);
setSockfd(tmpSocket);
}
if (err)
{
SSL_free(_pSSL); // dels _pBIO too
_pSSL = 0;
_pBIO = 0;
invalidate();
throw InvalidCertificateException(errMsg);
}
}
void SecureSocketImpl::establishTunnel()
{
if (!_endHost.empty())
{
poco_check_ptr (_pBIO);
// send CONNECT proxyHost:proxyPort HTTP/1.0\r\n\r\n
std::string connect("CONNECT ");
connect.append(_endHost);
connect.append(":");
connect.append(Poco::NumberFormatter::format(_endPort));
connect.append(" HTTP/1.0\r\n\r\n");
int rc = BIO_write(_pBIO, (const void*) connect.c_str(), (int)(connect.length()*sizeof(char)));
if (rc != connect.length())
throw SSLException("Failed to establish connection to proxy");
// get the response
char resp[512];
rc = BIO_read(_pBIO, resp, 512*sizeof(char));
std::string response(resp);
if (response.find("200") == std::string::npos)
throw SSLException("Failed to establish connection to proxy");
}
}
bool SecureSocketImpl::containsWildcards(const std::string& commonName)
{
return (commonName.find('*') != std::string::npos || commonName.find('?') != std::string::npos);
}
bool SecureSocketImpl::matchByAlias(const std::string& alias, const HostEntry& heData)
{
// fix wildcards
std::string aliasRep = Poco::replace(alias, "*", ".*");
Poco::replaceInPlace(aliasRep, "..*", ".*");
Poco::replaceInPlace(aliasRep, "?", ".?");
Poco::replaceInPlace(aliasRep, "..?", ".?");
// compare by name
Poco::RegularExpression expr(aliasRep);
bool found = false;
const HostEntry::AliasList& aliases = heData.aliases();
HostEntry::AliasList::const_iterator it = aliases.begin();
HostEntry::AliasList::const_iterator itEnd = aliases.end();
for (; it != itEnd && !found; ++it)
{
found = expr.match(*it);
}
return found;
}
static void
getCertNames (X509 *certificate,
std::string& common_name,
std::set<std::string>& DNS_names)
{
DNS_names.clear ();
common_name.clear ();
if (certificate == 0)
{
return;
}
if (STACK_OF (GENERAL_NAME) * names = static_cast<STACK_OF (GENERAL_NAME)
*>
(X509_get_ext_d2i (certificate, NID_subject_alt_name, 0, 0)))
{
for (int i = 0; i < sk_GENERAL_NAME_num (names); ++i)
{
const GENERAL_NAME *name = sk_GENERAL_NAME_value (names, i);
if (name->type == GEN_DNS)
{
const char *data = reinterpret_cast<char *>
(ASN1_STRING_data (name->d.ia5));
size_t len = ASN1_STRING_length (name->d.ia5);
DNS_names.insert (std::string (data, len));
}
}
GENERAL_NAMES_free (names);
}
if (X509_NAME * subj = X509_get_subject_name (certificate))
{
char buffer[256];
X509_NAME_get_text_by_NID (subj, NID_commonName,
buffer, sizeof buffer);
common_name = std::string (buffer);
if (DNS_names.empty ())
{
DNS_names.insert (common_name);
ERR_error_string_n(lastError, buffer, sizeof(buffer));
std::string msg(buffer);
throw SSLException(msg);
}
}
break;
default:
break;
}
return rc;
}

100
NetSSL_OpenSSL/src/SecureStreamSocket.cpp
View File

@@ -1,13 +1,13 @@
//
// SecureStreamSocket.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/SecureStreamSocket.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SecureStreamSocket.cpp#11 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureStreamSocket
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -37,6 +37,7 @@
#include "Poco/Net/SecureStreamSocket.h"
#include "Poco/Net/SecureStreamSocketImpl.h"
#include "Poco/Net/SocketImpl.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Exception.h"
@@ -48,18 +49,47 @@ namespace Net {
SecureStreamSocket::SecureStreamSocket():
StreamSocket(new SecureStreamSocketImpl)
StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext()))
{
}
SecureStreamSocket::SecureStreamSocket(Context::Ptr pContext):
StreamSocket(new SecureStreamSocketImpl(pContext))
{
}
SecureStreamSocket::SecureStreamSocket(const SocketAddress& address):
StreamSocket(new SecureStreamSocketImpl)
StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext()))
{
connect(address);
}
SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName):
StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext()))
{
static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
connect(address);
}
SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext):
StreamSocket(new SecureStreamSocketImpl(pContext))
{
connect(address);
}
SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext):
StreamSocket(new SecureStreamSocketImpl(pContext))
{
static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
connect(address);
}
SecureStreamSocket::SecureStreamSocket(const Socket& socket):
StreamSocket(socket)
{
@@ -91,4 +121,66 @@ SecureStreamSocket& SecureStreamSocket::operator = (const Socket& socket)
}
X509Certificate SecureStreamSocket::peerCertificate() const
{
return static_cast<SecureStreamSocketImpl*>(impl())->peerCertificate();
}
void SecureStreamSocket::setPeerHostName(const std::string& hostName)
{
static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
}
const std::string& SecureStreamSocket::getPeerHostName() const
{
return static_cast<SecureStreamSocketImpl*>(impl())->getPeerHostName();
}
SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket)
{
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext());
SecureStreamSocket result(pImpl);
pImpl->connectSSL();
return result;
}
SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, Context::Ptr pContext)
{
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
SecureStreamSocket result(pImpl);
pImpl->connectSSL();
return result;
}
SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName)
{
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext());
SecureStreamSocket result(pImpl);
result.setPeerHostName(peerHostName);
pImpl->connectSSL();
return result;
}
SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext)
{
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
SecureStreamSocket result(pImpl);
result.setPeerHostName(peerHostName);
pImpl->connectSSL();
return result;
}
Context::Ptr SecureStreamSocket::context() const
{
return static_cast<SecureStreamSocketImpl*>(impl())->context();
}
} } // namespace Poco::Net

96
NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp
View File

@@ -1,13 +1,13 @@
//
// SecureStreamSocketImpl.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
// Module: SecureStreamSocketImpl
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -35,72 +35,92 @@
#include "Poco/Net/SecureStreamSocketImpl.h"
#include "Poco/Net/SSLException.h"
namespace Poco {
namespace Net {
SecureStreamSocketImpl::SecureStreamSocketImpl()
SecureStreamSocketImpl::SecureStreamSocketImpl(Context::Ptr pContext):
_impl(new StreamSocketImpl, pContext)
{
}
SecureStreamSocketImpl::SecureStreamSocketImpl(SSL* _pSSL): _socket(_pSSL)
SecureStreamSocketImpl::SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext):
_impl(pStreamSocket, pContext)
{
setSockfd(_socket.sockfd());
pStreamSocket->duplicate();
reset(_impl.sockfd());
}
SecureStreamSocketImpl::~SecureStreamSocketImpl()
{
reset();
}
SocketImpl* SecureStreamSocketImpl::acceptConnection(SocketAddress& clientAddr)
{
return _socket.acceptConnection(clientAddr);
throw Poco::InvalidAccessException("Cannot acceptConnection() on a SecureStreamSocketImpl");
}
void SecureStreamSocketImpl::acceptSSL()
{
_impl.acceptSSL();
}
void SecureStreamSocketImpl::connect(const SocketAddress& address)
{
_socket.connect(address);
setSockfd(_socket.sockfd());
if (_peerHostName.empty()) _peerHostName = address.host().toString();
_impl.connect(address, _peerHostName);
reset(_impl.sockfd());
}
void SecureStreamSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout)
{
_socket.connect(address, timeout);
setSockfd(_socket.sockfd());
if (_peerHostName.empty()) _peerHostName = address.host().toString();
_impl.connect(address, _peerHostName, timeout);
reset(_impl.sockfd());
}
void SecureStreamSocketImpl::connectNB(const SocketAddress& address)
{
_socket.connectNB(address);
setSockfd(_socket.sockfd());
if (_peerHostName.empty()) _peerHostName = address.host().toString();
_impl.connectNB(address, _peerHostName);
reset(_impl.sockfd());
}
void SecureStreamSocketImpl::connectSSL()
{
if (_peerHostName.empty()) _peerHostName = peerAddress().host().toString();
_impl.connectSSL(_peerHostName);
}
void SecureStreamSocketImpl::bind(const SocketAddress& address, bool reuseAddress)
{
_socket.bind(address, reuseAddress);
throw Poco::InvalidAccessException("Cannot bind() a SecureStreamSocketImpl");
}
void SecureStreamSocketImpl::listen(int backlog)
{
_socket.listen(backlog);
setSockfd(_socket.sockfd());
throw Poco::InvalidAccessException("Cannot listen() on a SecureStreamSocketImpl");
}
void SecureStreamSocketImpl::close()
{
invalidate();
_socket.close();
reset();
_impl.close();
}
@@ -110,7 +130,7 @@ int SecureStreamSocketImpl::sendBytes(const void* buffer, int length, int flags)
int remaining = length;
while (remaining > 0)
{
int n = _socket.sendBytes(p, length, flags);
int n = _impl.sendBytes(p, length, flags);
p += n;
remaining -= n;
}
@@ -120,25 +140,57 @@ int SecureStreamSocketImpl::sendBytes(const void* buffer, int length, int flags)
int SecureStreamSocketImpl::receiveBytes(void* buffer, int length, int flags)
{
return _socket.receiveBytes(buffer, length, flags);
return _impl.receiveBytes(buffer, length, flags);
}
int SecureStreamSocketImpl::sendTo(const void* buffer, int length, const SocketAddress& address, int flags)
{
return _socket.sendTo(buffer, length, address, flags);
throw Poco::InvalidAccessException("Cannot sendTo() on a SecureStreamSocketImpl");
}
int SecureStreamSocketImpl::receiveFrom(void* buffer, int length, SocketAddress& address, int flags)
{
return _socket.receiveFrom(buffer, length, address, flags);
throw Poco::InvalidAccessException("Cannot receiveFrom() on a SecureStreamSocketImpl");
}
void SecureStreamSocketImpl::sendUrgent(unsigned char data)
{
return _socket.sendUrgent(data);
throw Poco::InvalidAccessException("Cannot sendUrgent() on a SecureStreamSocketImpl");
}
void SecureStreamSocketImpl::shutdownReceive()
{
}
void SecureStreamSocketImpl::shutdownSend()
{
}
void SecureStreamSocketImpl::shutdown()
{
_impl.shutdown();
}
void SecureStreamSocketImpl::setPeerHostName(const std::string& peerHostName)
{
_peerHostName = peerHostName;
}
X509Certificate SecureStreamSocketImpl::peerCertificate() const
{
X509* pCert = _impl.peerCertificate();
if (pCert)
return X509Certificate(pCert);
else
throw SSLException("No certificate available yet");
}

72
NetSSL_OpenSSL/src/Utility.cpp
View File

@@ -1,13 +1,13 @@
//
// Utility.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/Utility.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/Utility.cpp#13 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: Utility
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -44,9 +44,6 @@ namespace Poco {
namespace Net {
int Utility::HTTPS_PORT = 443;
Context::VerificationMode Utility::convertVerificationMode(const std::string& vMode)
{
std::string mode = Poco::toLower(vMode);
@@ -61,7 +58,7 @@ Context::VerificationMode Utility::convertVerificationMode(const std::string& vM
else if (mode == "once")
verMode = Context::VERIFY_ONCE;
else
throw Poco::Util::OptionException(std::string("Wrong value >") + vMode + std::string("< for a verificationMode. Can only be none, relaxed, strict or once."));
throw Poco::InvalidArgumentException("Invalid verification mode. Should be relaxed, strict or once but got", vMode);
return verMode;
}
@@ -74,61 +71,22 @@ std::string Utility::convertCertificateError(long errCode)
}
std::string Utility::convertSSLError(SSL* pSSL, int errCode)
std::string Utility::getLastError()
{
std::string errMsg;
if (errCode > 0) return "no error";
int connectErr = SSL_get_error(pSSL, errCode);
long lErr = 0;
char buf[512];
switch (connectErr)
unsigned long errCode = ERR_get_error();
if (errCode != 0)
{
case SSL_ERROR_ZERO_RETURN:
// connection closed
errMsg = "connection closed by server";
break;
case SSL_ERROR_WANT_READ:
errMsg = "want read";
break;
case SSL_ERROR_WANT_WRITE:
errMsg = "want write";
break;
case SSL_ERROR_WANT_CONNECT:
errMsg = "want connect";
break;
case SSL_ERROR_WANT_ACCEPT:
errMsg = "want accept";
break;
case SSL_ERROR_WANT_X509_LOOKUP:
errMsg = "want lookup";
break;
case SSL_ERROR_SYSCALL:
errMsg = "syscall";
break;
case SSL_ERROR_SSL:
lErr = ERR_get_error();
if (errCode == 0)
{
errMsg = "EOF was observed";
}
else if (errCode == -1)
{
errMsg = "The underlying BIO reported an I/O error";
}
else
{
ERR_error_string_n(lErr, buf, 512);
errMsg = buf;
}
break;
default:
errMsg = "none";
char buffer[256];
ERR_error_string_n(errCode, buffer, sizeof(buffer));
return std::string(buffer);
}
else return "No error";
}
return errMsg;
void Utility::clearErrorStack()
{
ERR_clear_error();
}

4
NetSSL_OpenSSL/src/VerificationErrorArgs.cpp
View File

@@ -1,13 +1,13 @@
//
// VerificationErrorArgs.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp#9 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: VerificationErrorArgs
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization

251
NetSSL_OpenSSL/src/X509Certificate.cpp
View File

@@ -1,13 +1,13 @@
//
// X509Certificate.cpp
//
// $Id: //poco/1.3/NetSSL_OpenSSL/src/X509Certificate.cpp#2 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/X509Certificate.cpp#13 $
//
// Library: NetSSL_OpenSSL
// Package: SSLCore
// Module: X509Certificate
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
@@ -37,69 +37,93 @@
#include "Poco/Net/X509Certificate.h"
#include "Poco/Net/SSLException.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/SecureSocketImpl.h"
#include "Poco/Net/DNS.h"
#include "Poco/TemporaryFile.h"
#include "Poco/FileStream.h"
#include "Poco/StreamCopier.h"
#include "Poco/String.h"
#include "Poco/RegularExpression.h"
#include "Poco/DateTimeParser.h"
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
namespace Poco {
namespace Net {
X509Certificate::X509Certificate(const std::string& file):
_issuerName(),
_subjectName(),
_pCert(0),
_file(file)
X509Certificate::X509Certificate(std::istream& istr):
_pCert(0)
{
BIO *fp=BIO_new(BIO_s_file());
const char* pFN = file.c_str();
BIO_read_filename(fp, (void*)pFN);
if (!fp)
throw Poco::PathNotFoundException("Failed to open " + file);
try
// copy certificate to a temporary file so that it
// can be read by OpenSSL.
Poco::TemporaryFile certFile;
std::string path = certFile.path();
Poco::FileOutputStream ostr(path);
Poco::StreamCopier::copyStream(istr, ostr);
ostr.close();
BIO *pBIO = BIO_new(BIO_s_file());
if (!pBIO) throw SSLException("Cannot create BIO for reading certificate file");
if (!BIO_read_filename(pBIO, path.c_str()))
{
_pCert = PEM_read_bio_X509(fp,0,0,0);
BIO_free(pBIO);
throw Poco::OpenFileException("Cannot open certificate file for reading");
}
catch(...)
_pCert = PEM_read_bio_X509(pBIO, 0, 0, 0);
BIO_free(pBIO);
if (!_pCert) throw SSLException("Faild to load certificate");
init();
}
X509Certificate::X509Certificate(const std::string& path):
_pCert(0)
{
BIO *pBIO = BIO_new(BIO_s_file());
if (!pBIO) throw SSLException("Cannot create BIO for reading certificate file");
if (!BIO_read_filename(pBIO, path.c_str()))
{
BIO_free(fp);
throw;
BIO_free(pBIO);
throw Poco::OpenFileException("Cannot open certificate file for reading");
}
if (!_pCert)
throw SSLException("Faild to load certificate from " + file);
initialize();
_pCert = PEM_read_bio_X509(pBIO, 0, 0, 0);
BIO_free(pBIO);
if (!_pCert) throw SSLException("Faild to load certificate from " + path);
init();
}
X509Certificate::X509Certificate(X509* pCert):
_issuerName(),
_subjectName(),
_pCert(pCert),
_file()
_pCert(pCert)
{
poco_check_ptr(_pCert);
initialize();
_pCert = X509_dup(_pCert);
init();
}
X509Certificate::X509Certificate(const X509Certificate& cert):
_issuerName(cert._issuerName),
_subjectName(cert._subjectName),
_pCert(cert._pCert),
_file(cert._file)
_pCert(cert._pCert)
{
if (!_file.empty())
_pCert = X509_dup(_pCert);
}
X509Certificate& X509Certificate::operator=(const X509Certificate& cert)
X509Certificate& X509Certificate::operator = (const X509Certificate& cert)
{
if (this != &cert)
{
X509Certificate c(cert);
swap(c);
}
X509Certificate tmp(cert);
swap(tmp);
return *this;
}
@@ -107,7 +131,6 @@ X509Certificate& X509Certificate::operator=(const X509Certificate& cert)
void X509Certificate::swap(X509Certificate& cert)
{
using std::swap;
swap(cert._file, _file);
swap(cert._issuerName, _issuerName);
swap(cert._subjectName, _subjectName);
swap(cert._pCert, _pCert);
@@ -116,25 +139,161 @@ void X509Certificate::swap(X509Certificate& cert)
X509Certificate::~X509Certificate()
{
if (!_file.empty() && _pCert)
X509_free(_pCert);
}
void X509Certificate::initialize()
void X509Certificate::init()
{
char data[256];
X509_NAME_oneline(X509_get_issuer_name(_pCert), data, 256);
_issuerName = data;
X509_NAME_oneline(X509_get_subject_name(_pCert), data, 256);
_subjectName = data;
char buffer[NAME_BUFFER_SIZE];
X509_NAME_oneline(X509_get_issuer_name(_pCert), buffer, sizeof(buffer));
_issuerName = buffer;
X509_NAME_oneline(X509_get_subject_name(_pCert), buffer, sizeof(buffer));
_subjectName = buffer;
}
bool X509Certificate::verify(const std::string& hostName, Poco::SharedPtr<Context> ptr)
long X509Certificate::verify(const std::string& hostName) const
{
X509* pCert = X509_dup(_pCert);
return (X509_V_OK == SecureSocketImpl::postConnectionCheck(ptr, pCert, hostName));
std::string commonName;
std::set<std::string> dnsNames;
extractNames(commonName, dnsNames);
bool ok = (dnsNames.find(hostName) != dnsNames.end());
char buffer[NAME_BUFFER_SIZE];
X509_NAME* subj = 0;
if (!ok && (subj = X509_get_subject_name(_pCert)) && X509_NAME_get_text_by_NID(subj, NID_commonName, buffer, sizeof(buffer)) > 0)
{
buffer[NAME_BUFFER_SIZE - 1] = 0;
std::string commonName(buffer); // commonName can contain wildcards like *.appinf.com
try
{
// two cases: strData contains wildcards or not
if (containsWildcards(commonName))
{
// a compare by IPAddress is not possible with wildcards
// only allow compare by name
const HostEntry& heData = DNS::resolve(hostName);
ok = matchByAlias(commonName, heData);
}
else
{
// it depends on hostName if we compare by IP or by alias
IPAddress ip;
if (IPAddress::tryParse(hostName, ip))
{
// compare by IP
const HostEntry& heData = DNS::resolve(commonName);
const HostEntry::AddressList& addr = heData.addresses();
HostEntry::AddressList::const_iterator it = addr.begin();
HostEntry::AddressList::const_iterator itEnd = addr.end();
for (; it != itEnd && !ok; ++it)
{
ok = (*it == ip);
}
}
else
{
// compare by name
const HostEntry& heData = DNS::resolve(hostName);
ok = matchByAlias(commonName, heData);
}
}
}
catch (HostNotFoundException&)
{
return X509_V_ERR_APPLICATION_VERIFICATION;
}
}
// we already have a verify callback registered so no need to ask twice SSL_get_verify_result(pSSL);
if (ok)
return X509_V_OK;
else
return X509_V_ERR_APPLICATION_VERIFICATION;
}
bool X509Certificate::containsWildcards(const std::string& commonName)
{
return (commonName.find('*') != std::string::npos || commonName.find('?') != std::string::npos);
}
bool X509Certificate::matchByAlias(const std::string& alias, const HostEntry& heData)
{
// fix wildcards
std::string aliasRep = Poco::replace(alias, "*", ".*");
Poco::replaceInPlace(aliasRep, "..*", ".*");
Poco::replaceInPlace(aliasRep, "?", ".?");
Poco::replaceInPlace(aliasRep, "..?", ".?");
// compare by name
Poco::RegularExpression expr(aliasRep);
bool found = false;
const HostEntry::AliasList& aliases = heData.aliases();
HostEntry::AliasList::const_iterator it = aliases.begin();
HostEntry::AliasList::const_iterator itEnd = aliases.end();
for (; it != itEnd && !found; ++it)
{
found = expr.match(*it);
}
return found;
}
std::string X509Certificate::commonName() const
{
if (X509_NAME* subj = X509_get_subject_name(_pCert))
{
char buffer[NAME_BUFFER_SIZE];
X509_NAME_get_text_by_NID(subj, NID_commonName, buffer, sizeof(buffer));
return std::string(buffer);
}
else return std::string();
}
void X509Certificate::extractNames(std::string& cmnName, std::set<std::string>& domainNames) const
{
domainNames.clear();
if (STACK_OF(GENERAL_NAME)* names = static_cast<STACK_OF(GENERAL_NAME)*>(X509_get_ext_d2i(_pCert, NID_subject_alt_name, 0, 0)))
{
for (int i = 0; i < sk_GENERAL_NAME_num(names); ++i)
{
const GENERAL_NAME* name = sk_GENERAL_NAME_value(names, i);
if (name->type == GEN_DNS)
{
const char* data = reinterpret_cast<char*>(ASN1_STRING_data(name->d.ia5));
std::size_t len = ASN1_STRING_length(name->d.ia5);
domainNames.insert(std::string(data, len));
}
}
GENERAL_NAMES_free(names);
}
cmnName = commonName();
if (!cmnName.empty() && domainNames.empty())
{
domainNames.insert(cmnName);
}
}
Poco::DateTime X509Certificate::validFrom() const
{
ASN1_TIME* certTime = X509_get_notBefore(_pCert);
std::string dateTime(reinterpret_cast<char*>(certTime->data));
int tzd;
return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd);
}
Poco::DateTime X509Certificate::expiresOn() const
{
ASN1_TIME* certTime = X509_get_notAfter(_pCert);
std::string dateTime(reinterpret_cast<char*>(certTime->data));
int tzd;
return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd);
}

4
NetSSL_OpenSSL/testsuite/TestSuite.xml
View File

@@ -10,7 +10,7 @@
<privateKeyPassphraseHandler>
<name>KeyFileHandler</name>
<options>
<password>test</password>
<password>secret</password>
</options>
</privateKeyPassphraseHandler>
<invalidCertificateHandler>
@@ -29,7 +29,7 @@
<privateKeyPassphraseHandler>
<name>KeyFileHandler</name>
<options>
<password>test</password>
<password>secret</password>
</options>
</privateKeyPassphraseHandler>
<invalidCertificateHandler>

90
NetSSL_OpenSSL/testsuite/any.pem
View File

@@ -1,48 +1,54 @@
-----BEGIN CERTIFICATE-----
MIICaDCCAdECCQCzfxSsk7yaLjANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJB
VDESMBAGA1UECBMJQ2FyaW50aGlhMRIwEAYDVQQHEwlTdC4gSmFrb2IxDzANBgNV
BAoTBkFwcEluZjEPMA0GA1UEAxMGQXBwSW5mMRowGAYJKoZIhvcNAQkBFgthcHBA
aW5mLmNvbTAeFw0wNjAzMDExMzA3MzFaFw0wNjAzMzExMzA3MzFaMH4xCzAJBgNV
BAYTAkFUMRIwEAYDVQQIEwlDYXJpbnRoaWExETAPBgNVBAcTCFN0IEpha29iMRww
GgYDVQQKExNBcHBsaWVkIEluZm9ybWF0aWNzMQowCAYDVQQDFAEqMR4wHAYJKoZI
hvcNAQkBFg9pbmZvQGFwcGluZi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAJHGyXDHyCYoWz+65ltNwwZbhwOGnxr9P1WMATuFJh0bPBZxKbZRdbTm9KhZ
OlvsEIsfgiYdsxURYIqXfEgISYLZcZY0pQwGEOmB+0NeC/+ENSfOlNSthx6zSVlc
zhJ7+dJOGwepHAiLr1fRuc5jogYLraE+lKTnqAAFfzwvti77AgMBAAEwDQYJKoZI
hvcNAQEFBQADgYEAY/ZoeY1ukkEJX7259NeoVM0oahlulWV0rlCqyaeosOiDORPT
m6X1w/5MTCf9VyaD1zukoSZ4QqNVjHFXcXidbB7Tgt3yRuZ5PC5LIFCDPv9mgPne
mUA70yfctNfza2z3ZiQ6NDkW3mZX+1tmxYIrJQIrkVeYeqf1Gh2nyZrUMcE=
MIIEFjCCAv6gAwIBAgIBAjALBgkqhkiG9w0BAQUwgdMxEzARBgNVBAMMCmFwcGlu
Zi5jb20xNjA0BgNVBAoMLUFwcGxpZWQgSW5mb3JtYXRpY3MgU29mdHdhcmUgRW5n
aW5lZXJpbmcgR21iSDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEjAQBgNVBAgMCUNh
cmludGhpYTELMAkGA1UEBgwCQVQxHjAcBgNVBAcMFVN0LiBKYWtvYiBpbSBSb3Nl
bnRhbDEtMCsGCSqGSIb3DQEJAQweZ3VlbnRlci5vYmlsdHNjaG5pZ0BhcHBpbmYu
Y29tMB4XDTA5MDIyMzEzNDIwMloXDTExMTEyMDEzNDIwMlowgcoxCjAIBgNVBAMM
ASoxNjA0BgNVBAoMLUFwcGxpZWQgSW5mb3JtYXRpY3MgU29mdHdhcmUgRW5naW5l
ZXJpbmcgR21iSDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEjAQBgNVBAgMCUNhcmlu
dGhpYTELMAkGA1UEBgwCQVQxHjAcBgNVBAcMFVN0LiBKYWtvYiBpbSBSb3NlbnRh
bDEtMCsGCSqGSIb3DQEJAQweZ3VlbnRlci5vYmlsdHNjaG5pZ0BhcHBpbmYuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjGFE96wa83Kdiv0m10O
XmBmZ5xuclalVTCisLzUmAekbItMjkmI6dVw9r5gd0W5zDWrgPYUmYgtvqnxSHRK
PRAN410Yq9vqWYvQscpnXGlqUag8t+OBXJhiFnnea/btA0zGVZk6RE/7cWK8AtKH
Q/Xds3AUJ1L/1uV/e/5azyUDyptsmHbCMUwWhGBrj/KZEviHmRMN/xJLrbIBPkla
4HRB61rI8in0jziCwThJ7KiQumzWRu2IJjS+VoNWvG52dYLDvfxppuY1rlF0SG/h
JuSJQqJjZZ11V4TePHscFkGU2tnHqF4UhSjLFJWsGuxnAmZTeIRmavmIIMm3/G6C
WwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAc+mn/ZEaK59B/UAgx8cMlGM9UigJv
L9O46pno3YirBq9SrMzf5b6rrbJm8tkQNfldqaVNA5oVbfxnAHhCUDkX8m0x/De8
teo9nFei8kETQ25ykV+WLapOdrYxakHPtNVgDTGWNb2GY/hH3nMvtdgFvaS80ncD
tOa13tE4jopFQFY56VKq+sv4Hm5JDvr+dD/g77Cio02sUzSH96FrFIG5/kw1NihB
IJKZ4n7atQizDe4TiR/NRonmZNbsB+18yTKT8traCS30JGKQqYxXuVKPyQd7FARv
ajZxRPbcpAtvWBKXpRHXo4xIBJaPktVOG2hGovjRixXYb83hQ87t1Ozy
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E7AE93C9E49184EA
DEK-Info: DES-EDE3-CBC,0950752701CB74AF
A2IqzNcWs+I5vzV+i+woDk56+yr58eU0Onw8eEvXkLjnSc58JU4327IF7yUbKWdW
Q7BYGGOkVFiZ7ANOwviDg5SUhxRDWCcW8dS6/p1vfdQ1C3qj2OwJjkpg0aDBIzJn
FzgguT3MF3ama77vxv0S3kOfmCj62MLqPGpj5pQ0/1hefRFbL8oAX8bXUN7/rmGM
Zc0QyzFZv2iQ04dY/6TNclwKPB4H0On4K+8BMs3PRkWA0clCaQaFO2+iwnk3XZfe
+MsKUEbLCpAQeYspYv1cw38dCdWq1KTP5aJk+oXgwjfX5cAaPTz74NTqTIsCcaTD
3vy7ukJYFlDR9Kyo7z8rMazYrKJslhnuRH0BhK9st9McwL957j5tZmrKyraCcmCx
dMAGcsis1va3ayYZpIpFqA4EhYrTM+6N8ZRfUap20+b5IQwHfTQDejUhL6rBwy7j
Ti5yD83/itoOMyXq2sV/XWfVD5zk/P5iv22O1EAQMhhnPB9K/I/JhuSGQJfn3cNh
ykOUYT0+vDeSeEVa+FVEP1W35G0alTbKbNs5Tb8KxJ3iDJUxokM//SvPXZy9hOVX
Y05imB04J15DaGbAHlNzunhuJi7121WV/JRXZRW9diE6hwpD8rwqi3FMuRUmy7U9
aFA5poKRAYlo9YtZ3YpFyjGKB6MfCQcB2opuSnQ/gbugV41m67uQ4CDwWLaNRkTb
GlsMBNcHnidg15Bsat5HaB7l250ukrI13Uw1MYdDUzaS3gPfw9aC4F2w0p3U+DPH
80/zePxtroR7T4/+rI136Rl+aMXDMOEGCX1TVP8rjuZzuRyUSUKC8Q==
OmaLdMcP3JDy8JMX41wNH/WvMp6gLGwmqQRob633n95YxVdii0oR8fk4GgmJeYF0
FrNm5g32vnVyqDZylX4as3GT822HhCA+f7mYpGZltQ47TG15tGTMUNuwIhHlouZs
ZGNclelBB3FHEZAD0Fns2hZ4jZhMDj67wD0YyGcp8so/A+fxedGdwNbJSC1Auuy4
7uRsY0ZJC1LjMHXkyBEXaL1QA4CGjBlm22Dbo8eoGXcaohsZpDsM7OU7MaQnldM0
AK8jONZ45127JoDJD41Wgfm0m7tIErsD5CbhHPaddOjQ0OerprEkplhOR+V+ano1
Pv4adRZOBjr00NDB43WK9x+ZHVQ5tIXxUbqYWZAfvA1PpiYego5XLUCxfy7D6Lms
hV6CAt/fYeBrQOvwLREboKLBOe9A8quP2wi7zkR3KQHty9Tm9efF3PfQSxJTlKg9
YJ2n/6omX1aXCjQghbnfEcl4tCmj6z2rHCSiJgEOcwDYhGRbQveYieZUH5iKMzYY
YytHkHPfZfzhlJ0WG0AKdA6UlrjEjF09txaZR3Nj4Zf4kZAu727N81HnlFCRvDqV
ZjHUrbE7fJuc3diffUfIHuQZuWcoYDejIbASjcJMHZOpbbPR2ZCYQqUmvg/IgAD6
M2GDbvfvLnu1BaCrNMdOxM4j+sLNhm8qqAMxZ/wkZA9Sqhi2EifZwf5jWKNU3Vtx
C/w621efHawDME3WTMunDtjn7Sgm3NP508cz8OgcEcZLwENu8JH5pWR0Y0+qvlPM
DYpCu2Zh6TBLU6Cfuxl2GigHHBhm8Eza/vE6dVbpyvEozejtVKi+RYskqz8ynYtl
r9NpDkEFcqGFLX/X7fajR4JxzxYx0Ms+CHHBlBLw44eMl1Izb9OBgfUK3a7wJ0Z1
vEmzcVtXZMqKDvqY3wddCcbtpVZhRnAUFgT3/b5ISxQ6xxFg67YQaJ0knuRwOZCI
xSvNsxXb6s5xt8gRx8MY8W1CVW0QSH4gUpKdJFiF/6nYq7h8F1A5QYr34uJn5pa2
bsagCMhCUHKn/hrtTJ/4bC7n7utulXyEZJDGS38nNe5TBmAxeA+MkOAO7AEb8aDo
RylaKT77tmeZXWBtlQGHj0bt2fPOEW3e0WUeNwk4qnKqSGdwbXGFK+yWxgGOxFDT
4NqUjDV7lhj1r3mKEufLIqP6GxAlewpH1uLA+ty2eNfG793pytlyhNikzmkliXex
WnBUYQM6ZBclW0nALHxxOJWZlnBCESgo9lSHMeB7adJXuwaUmqHx4u+yNzaFS6pr
LemBEUCHfLeGFM9E9YbgNe51q5+vXZYN5MZtqyex4AqPdGEGpwXBk43RK79mP84G
QQRAAcs6KMj1/Sl7pmg9acrxskLWljtsnvdCJ8a+VXjLDyp2wks1z2Gnw7cguZdD
Ah4hjH8LDTsEJxOr2DNJu/V9JDPKd0uGyaW0AOanwAn7tszivGddb/WrzImCIMBa
Lb/cqujvS9YsIK6xrq4LMxR5wE6Hol0qs6xO89Y9OpuuRxAYfRUl4nDTg0WjS5Ga
0aoSXB0kOFkEwb3WGq+b26606RBYDKu7RsJoyWoXq42JZ1jkEYKCNeNS8hWh8GKd
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICXTCCAcYCCQC1Vk/N8qR4AjANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJB
VDESMBAGA1UECBMJQ2FyaW50aGlhMRIwEAYDVQQHEwlTdC4gSmFrb2IxDzANBgNV
BAoTBkFwcEluZjEPMA0GA1UEAxMGQXBwSW5mMRowGAYJKoZIhvcNAQkBFgthcHBA
aW5mLmNvbTAeFw0wNjAyMjcxMzI3MThaFw0wNjAzMjkxMzI3MThaMHMxCzAJBgNV
BAYTAkFUMRIwEAYDVQQIEwlDYXJpbnRoaWExEjAQBgNVBAcTCVN0LiBKYWtvYjEP
MA0GA1UEChMGQXBwSW5mMQ8wDQYDVQQDEwZBcHBJbmYxGjAYBgkqhkiG9w0BCQEW
C2FwcEBpbmYuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsFXiPuicN
Im4oJwF8NuaFN+lgYwcZ6dAO3ILIR3kLA2PxF8HSQLfF8J8a4odZhLhctIMAKTxm
k0w8TW5qhL8QLdGzY9vzvkgdKOkan2t3sMeXJAfrM1AphTsmgntAQazGZjOj5p4W
jDnxQ+VXAylqwjHh49eSBxM3wgoscF4iLQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AIpfLdXiKchPvFMhQS8xTtXvrw5dVL3yImUMYs4GQi8RrjGmfGB3yMAR7B/b8v4a
+ztfusgWAWiUKuSGTk4S8YB0fsFlmOv0WDr+PyZ4Lui/a8opbyzGE7rqpnF/s0GO
M7uLCNNwIN7WhmxcWV0KZU1wTppoSWPJda1yTbBzF9XP
-----END CERTIFICATE-----

3982
NetSSL_OpenSSL/testsuite/rootcert.pem
View File

File diff suppressed because it is too large Load Diff

2
NetSSL_OpenSSL/testsuite/src/Driver.cpp
View File

@@ -1,7 +1,7 @@
//
// Driver.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/Driver.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/Driver.cpp#10 $
//
// Console-based test driver for Poco NetSSL.
//

86
NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPSClientSessionTest.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp#10 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
@@ -31,7 +31,6 @@
#include "HTTPSClientSessionTest.h"
#include "HTTPSClientTestSuite.h"
#include "CppUnit/TestCaller.h"
#include "CppUnit/TestSuite.h"
#include "Poco/Net/HTTPSClientSession.h"
@@ -46,6 +45,8 @@
#include "Poco/Net/SecureStreamSocket.h"
#include "Poco/StreamCopier.h"
#include "Poco/Exception.h"
#include "Poco/DateTimeFormatter.h"
#include "Poco/DateTimeFormat.h"
#include "HTTPSTestServer.h"
#include <istream>
#include <ostream>
@@ -53,11 +54,9 @@
using namespace Poco::Net;
using Poco::StreamCopier;
class TestRequestHandler: public HTTPRequestHandler
/// Return a HTML document with the current date and time.
{
@@ -252,40 +251,6 @@ void HTTPSClientSessionTest::testPostLargeChunkedKeepAlive()
}
void HTTPSClientSessionTest::testPostSmallClose()
{
HTTPSTestServer srv;
HTTPSClientSession s("localhost", srv.port());
HTTPRequest request(HTTPRequest::HTTP_POST, "/echo");
std::string body("this is a random request body");
s.sendRequest(request) << body;
HTTPResponse response;
std::istream& rs = s.receiveResponse(response);
assert (!response.getChunkedTransferEncoding());
assert (response.getContentLength() == HTTPMessage::UNKNOWN_CONTENT_LENGTH);
std::ostringstream ostr;
StreamCopier::copyStream(rs, ostr);
assert (ostr.str() == body);
}
void HTTPSClientSessionTest::testPostLargeClose()
{
HTTPSTestServer srv;
HTTPSClientSession s("localhost", srv.port());
HTTPRequest request(HTTPRequest::HTTP_POST, "/echo");
std::string body(8000, 'x');
s.sendRequest(request) << body;
HTTPResponse response;
std::istream& rs = s.receiveResponse(response);
assert (!response.getChunkedTransferEncoding());
assert (response.getContentLength() == HTTPMessage::UNKNOWN_CONTENT_LENGTH);
std::ostringstream ostr;
StreamCopier::copyStream(rs, ostr);
assert (ostr.str() == body);
}
void HTTPSClientSessionTest::testKeepAlive()
{
HTTPSTestServer srv;
@@ -334,37 +299,40 @@ void HTTPSClientSessionTest::testKeepAlive()
}
void HTTPSClientSessionTest::testProxy()
void HTTPSClientSessionTest::testInterop()
{
HTTPSTestServer srv;
HTTPSClientSession s(TESTSERVERNAME);
s.setProxy("proxy.aon.at", 8080);
HTTPRequest request(HTTPRequest::HTTP_GET, "/");
HTTPSClientSession s("secure.appinf.com");
HTTPRequest request(HTTPRequest::HTTP_GET, "/public/poco/NetSSL.txt");
s.sendRequest(request);
X509Certificate cert = s.serverCertificate();
HTTPResponse response;
std::istream& rs = s.receiveResponse(response);
std::ostringstream ostr;
StreamCopier::copyStream(rs, ostr);
assert (ostr.str().length() > 0);
std::string str(ostr.str());
assert (str == "This is a test file for NetSSL.\n");
assert (cert.commonName() == "secure.appinf.com");
}
void HTTPSClientSessionTest::testConnectNB()
void HTTPSClientSessionTest::testProxy()
{
SecureStreamSocket sock;
sock.connectNB(SocketAddress(TESTSERVERNAME, 443));
char buf[512];
std::string msg("GET / HTTP/1.0\r\n\r\n");
sock.sendBytes(msg.c_str(), (int)msg.length());
Socket::SocketList read;
Socket::SocketList write;
Socket::SocketList exec;
read.push_back(sock);
Socket::select(read, write, exec, Poco::Timespan(30, 0) );
int rc = sock.receiveBytes(buf, 512);
assert (rc > 0);
HTTPSTestServer srv;
HTTPSClientSession s("secure.appinf.com");
s.setProxy("proxy.aon.at", 8080);
HTTPRequest request(HTTPRequest::HTTP_GET, "/public/poco/NetSSL.txt");
s.sendRequest(request);
X509Certificate cert = s.serverCertificate();
HTTPResponse response;
std::istream& rs = s.receiveResponse(response);
std::ostringstream ostr;
StreamCopier::copyStream(rs, ostr);
std::string str(ostr.str());
assert (str == "This is a test file for NetSSL.\n");
assert (cert.commonName() == "secure.appinf.com");
}
void HTTPSClientSessionTest::setUp()
{
}
@@ -387,11 +355,9 @@ CppUnit::Test* HTTPSClientSessionTest::suite()
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostSmallChunked);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunked);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunkedKeepAlive);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostSmallClose);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeClose);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testKeepAlive);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testInterop);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testProxy);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testConnectNB);
return pSuite;
}

6
NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSClientSessionTest.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.h#10 $
//
// Definition of the HTTPSClientSessionTest class.
//
@@ -54,11 +54,9 @@ public:
void testPostSmallChunked();
void testPostLargeChunked();
void testPostLargeChunkedKeepAlive();
void testPostSmallClose();
void testPostLargeClose();
void testKeepAlive();
void testInterop();
void testProxy();
void testConnectNB();
void setUp();
void tearDown();

2
NetSSL_OpenSSL/testsuite/src/HTTPSClientTestSuite.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPSClientTestSuite.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSClientTestSuite.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSClientTestSuite.cpp#7 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.

4
NetSSL_OpenSSL/testsuite/src/HTTPSClientTestSuite.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSClientTestSuite.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSClientTestSuite.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSClientTestSuite.h#7 $
//
// Definition of the HTTPSClientTestSuite class.
//
@@ -39,8 +39,6 @@
#include "CppUnit/TestSuite.h"
#define TESTSERVERNAME "secure.appinf.com"
class HTTPSClientTestSuite
{
public:

52
NetSSL_OpenSSL/testsuite/src/HTTPSServerTest.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPSServerTest.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSServerTest.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSServerTest.cpp#9 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
@@ -192,29 +192,6 @@ void HTTPSServerTest::testChunkedRequest()
}
void HTTPSServerTest::testClosedRequest()
{
SecureServerSocket svs(0);
HTTPServerParams* pParams = new HTTPServerParams;
pParams->setKeepAlive(false);
HTTPServer srv(new RequestHandlerFactory, svs, pParams);
srv.start();
HTTPSClientSession cs("localhost", svs.address().port());
std::string body(5000, 'x');
HTTPRequest request("POST", "/echoBody");
request.setContentType("text/plain");
cs.sendRequest(request) << body;
HTTPResponse response;
std::string rbody;
cs.receiveResponse(response) >> rbody;
assert (response.getContentLength() == HTTPMessage::UNKNOWN_CONTENT_LENGTH);
assert (response.getContentType() == "text/plain");
assert (!response.getChunkedTransferEncoding());
assert (rbody == body);
}
void HTTPSServerTest::testIdentityRequestKeepAlive()
{
SecureServerSocket svs(0);
@@ -284,31 +261,6 @@ void HTTPSServerTest::testChunkedRequestKeepAlive()
}
void HTTPSServerTest::testClosedRequestKeepAlive()
{
SecureServerSocket svs(0);
HTTPServerParams* pParams = new HTTPServerParams;
pParams->setKeepAlive(true);
HTTPServer srv(new RequestHandlerFactory, svs, pParams);
srv.start();
HTTPSClientSession cs("localhost", svs.address().port());
std::string body(5000, 'x');
HTTPRequest request("POST", "/echoBody");
request.setContentType("text/plain");
cs.sendRequest(request) << body;
HTTPResponse response;
std::string rbody;
cs.receiveResponse(response) >> rbody;
assert (response.getContentLength() == HTTPMessage::UNKNOWN_CONTENT_LENGTH);
assert (response.getContentType() == "text/plain");
assert (!response.getChunkedTransferEncoding());
assert (!response.getKeepAlive());
assert (rbody == body);
int n = (int) rbody.size();
}
void HTTPSServerTest::test100Continue()
{
SecureServerSocket svs(0);
@@ -408,10 +360,8 @@ CppUnit::Test* HTTPSServerTest::suite()
CppUnit_addTest(pSuite, HTTPSServerTest, testIdentityRequest);
CppUnit_addTest(pSuite, HTTPSServerTest, testChunkedRequest);
CppUnit_addTest(pSuite, HTTPSServerTest, testClosedRequest);
CppUnit_addTest(pSuite, HTTPSServerTest, testIdentityRequestKeepAlive);
CppUnit_addTest(pSuite, HTTPSServerTest, testChunkedRequestKeepAlive);
CppUnit_addTest(pSuite, HTTPSServerTest, testClosedRequestKeepAlive);
CppUnit_addTest(pSuite, HTTPSServerTest, test100Continue);
CppUnit_addTest(pSuite, HTTPSServerTest, testRedirect);
CppUnit_addTest(pSuite, HTTPSServerTest, testAuth);

4
NetSSL_OpenSSL/testsuite/src/HTTPSServerTest.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSServerTest.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSServerTest.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSServerTest.h#8 $
//
// Definition of the HTTPSServerTest class.
//
@@ -48,10 +48,8 @@ public:
void testIdentityRequest();
void testChunkedRequest();
void testClosedRequest();
void testIdentityRequestKeepAlive();
void testChunkedRequestKeepAlive();
void testClosedRequestKeepAlive();
void test100Continue();
void testRedirect();
void testAuth();

2
NetSSL_OpenSSL/testsuite/src/HTTPSServerTestSuite.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPSServerTestSuite.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSServerTestSuite.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSServerTestSuite.cpp#7 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.

2
NetSSL_OpenSSL/testsuite/src/HTTPSServerTestSuite.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSServerTestSuite.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSServerTestSuite.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSServerTestSuite.h#7 $
//
// Definition of the HTTPSServerTestSuite class.
//

5
NetSSL_OpenSSL/testsuite/src/HTTPSStreamFactoryTest.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPSStreamFactoryTest.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSStreamFactoryTest.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSStreamFactoryTest.cpp#8 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.
@@ -31,7 +31,6 @@
#include "HTTPSStreamFactoryTest.h"
#include "HTTPSClientTestSuite.h"
#include "CppUnit/TestCaller.h"
#include "CppUnit/TestSuite.h"
#include "Poco/Net/HTTPSStreamFactory.h"
@@ -104,7 +103,7 @@ void HTTPSStreamFactoryTest::testProxy()
{
HTTPSTestServer server;
HTTPSStreamFactory factory("proxy.aon.at", 8080);
URI uri(std::string("https://") + TESTSERVERNAME + "/");
URI uri("https://sourceforge.net/");
std::auto_ptr<std::istream> pStr(factory.open(uri));
std::ostringstream ostr;
StreamCopier::copyStream(*pStr.get(), ostr);

2
NetSSL_OpenSSL/testsuite/src/HTTPSStreamFactoryTest.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSStreamFactoryTest.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSStreamFactoryTest.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSStreamFactoryTest.h#7 $
//
// Definition of the HTTPSStreamFactoryTest class.
//

2
NetSSL_OpenSSL/testsuite/src/HTTPSTestServer.cpp
View File

@@ -1,7 +1,7 @@
//
// HTTPSTestServer.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSTestServer.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSTestServer.cpp#9 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.

2
NetSSL_OpenSSL/testsuite/src/HTTPSTestServer.h
View File

@@ -1,7 +1,7 @@
//
// HTTPSTestServer.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/HTTPSTestServer.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/HTTPSTestServer.h#7 $
//
// Definition of the HTTPSTestServer class.
//

2
NetSSL_OpenSSL/testsuite/src/NetSSLTestSuite.cpp
View File

@@ -1,7 +1,7 @@
//
// OpenSSLTestSuite.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/NetSSLTestSuite.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/NetSSLTestSuite.cpp#7 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.

2
NetSSL_OpenSSL/testsuite/src/NetSSLTestSuite.h
View File

@@ -1,7 +1,7 @@
//
// NetSSLTestSuite.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/NetSSLTestSuite.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/NetSSLTestSuite.h#7 $
//
// Definition of the NetSSLTestSuite class.
//

2
NetSSL_OpenSSL/testsuite/src/TCPServerTest.cpp
View File

@@ -1,7 +1,7 @@
//
// TCPServerTest.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/TCPServerTest.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/TCPServerTest.cpp#7 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.

2
NetSSL_OpenSSL/testsuite/src/TCPServerTest.h
View File

@@ -1,7 +1,7 @@
//
// TCPServerTest.h
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/TCPServerTest.h#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/TCPServerTest.h#7 $
//
// Definition of the TCPServerTest class.
//

2
NetSSL_OpenSSL/testsuite/src/TCPServerTestSuite.cpp
View File

@@ -1,7 +1,7 @@
//
// TCPServerTestSuite.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/testsuite/src/TCPServerTestSuite.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/testsuite/src/TCPServerTestSuite.cpp#7 $
//
// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
// and Contributors.

Some files were not shown because too many files have changed in this diff Show More