diff options
| author | orivej <orivej@yandex-team.ru> | 2022-02-10 16:44:49 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:44:49 +0300 |
| commit | 718c552901d703c502ccbefdfc3c9028d608b947 (patch) | |
| tree | 46534a98bbefcd7b1f3faa5b52c138ab27db75b7 /contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net | |
| parent | e9656aae26e0358d5378e5b63dcac5c8dbe0e4d0 (diff) | |
| download | ydb-718c552901d703c502ccbefdfc3c9028d608b947.tar.gz | |
Restoring authorship annotation for <orivej@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net')
28 files changed, 3519 insertions, 3519 deletions
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h index 2d92c629aa..dc1f9d7b78 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h @@ -1,52 +1,52 @@ -// -// AcceptCertificateHandler.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: AcceptCertificateHandler -// -// Definition of the AcceptCertificateHandler class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_AcceptCertificateHandler_INCLUDED -#define NetSSL_AcceptCertificateHandler_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/InvalidCertificateHandler.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API AcceptCertificateHandler: public InvalidCertificateHandler - /// A AcceptCertificateHandler is invoked whenever an error - /// occurs verifying the certificate. It always accepts - /// the certificate. - /// - /// Should be using for testing purposes only. -{ -public: - AcceptCertificateHandler(bool handleErrorsOnServerSide); - /// Creates the AcceptCertificateHandler - - virtual ~AcceptCertificateHandler(); - /// Destroys the AcceptCertificateHandler. - - void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert); - /// Receives the questionable certificate in parameter errorCert. If one wants to accept the - /// certificate, call errorCert.setIgnoreError(true). -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_AcceptCertificateHandler_INCLUDED +// +// AcceptCertificateHandler.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: AcceptCertificateHandler +// +// Definition of the AcceptCertificateHandler class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_AcceptCertificateHandler_INCLUDED +#define NetSSL_AcceptCertificateHandler_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/InvalidCertificateHandler.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API AcceptCertificateHandler: public InvalidCertificateHandler + /// A AcceptCertificateHandler is invoked whenever an error + /// occurs verifying the certificate. It always accepts + /// the certificate. + /// + /// Should be using for testing purposes only. +{ +public: + AcceptCertificateHandler(bool handleErrorsOnServerSide); + /// Creates the AcceptCertificateHandler + + virtual ~AcceptCertificateHandler(); + /// Destroys the AcceptCertificateHandler. + + void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert); + /// Receives the questionable certificate in parameter errorCert. If one wants to accept the + /// certificate, call errorCert.setIgnoreError(true). +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_AcceptCertificateHandler_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h index 5e3699c3ca..c5e52dec16 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h @@ -1,93 +1,93 @@ -// -// CertificateHandlerFactory.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: CertificateHandlerFactory -// -// Definition of the CertificateHandlerFactory class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_CertificateHandlerFactory_INCLUDED -#define NetSSL_CertificateHandlerFactory_INCLUDED - - -#include "Poco/Net/NetSSL.h" - - -namespace Poco { -namespace Net { - - -class InvalidCertificateHandler; - - -class NetSSL_API CertificateHandlerFactory - /// A CertificateHandlerFactory is responsible for creating InvalidCertificateHandlers. - /// - /// You don't need to access this class directly. Use the macro - /// POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName) - /// instead (see the documentation of InvalidCertificateHandler for an example). -{ -public: - CertificateHandlerFactory(); - /// Creates the CertificateHandlerFactory. - - virtual ~CertificateHandlerFactory(); - /// Destroys the CertificateHandlerFactory. - - virtual InvalidCertificateHandler* create(bool server) const = 0; - /// Creates a new InvalidCertificateHandler. Set server to true if the certificate handler is used on the server side. -}; - - -class NetSSL_API CertificateHandlerFactoryRegistrar - /// Registrar class which automatically registers CertificateHandlerFactory at the CertificateHandlerFactoryMgr. - /// You don't need to access this class directly. Use the macro - /// POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName) - /// instead (see the documentation of InvalidCertificateHandler for an example). -{ -public: - CertificateHandlerFactoryRegistrar(const std::string& name, CertificateHandlerFactory* pFactory); - /// Registers the CertificateHandlerFactory with the given name at the factory manager. - - virtual ~CertificateHandlerFactoryRegistrar(); - /// Destroys the CertificateHandlerFactoryRegistrar. -}; - - -template <typename T> -class CertificateHandlerFactoryImpl: public Poco::Net::CertificateHandlerFactory -{ -public: - CertificateHandlerFactoryImpl() - { - } - - ~CertificateHandlerFactoryImpl() - { - } - - InvalidCertificateHandler* create(bool server) const - { - return new T(server); - } -}; - - -} } // namespace Poco::Net - - -// DEPRECATED: register the factory directly at the FactoryMgr: -// Poco::Net::SSLManager::instance().certificateHandlerFactoryMgr().setFactory(name, new Poco::Net::CertificateHandlerFactoryImpl<MyConsoleHandler>()); -#define POCO_REGISTER_CHFACTORY(API, PKCLS) \ - static Poco::Net::CertificateHandlerFactoryRegistrar aRegistrar(std::string(#PKCLS), new Poco::Net::CertificateHandlerFactoryImpl<PKCLS>()); - - -#endif // NetSSL_CertificateHandlerFactory_INCLUDED +// +// CertificateHandlerFactory.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: CertificateHandlerFactory +// +// Definition of the CertificateHandlerFactory class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_CertificateHandlerFactory_INCLUDED +#define NetSSL_CertificateHandlerFactory_INCLUDED + + +#include "Poco/Net/NetSSL.h" + + +namespace Poco { +namespace Net { + + +class InvalidCertificateHandler; + + +class NetSSL_API CertificateHandlerFactory + /// A CertificateHandlerFactory is responsible for creating InvalidCertificateHandlers. + /// + /// You don't need to access this class directly. Use the macro + /// POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName) + /// instead (see the documentation of InvalidCertificateHandler for an example). +{ +public: + CertificateHandlerFactory(); + /// Creates the CertificateHandlerFactory. + + virtual ~CertificateHandlerFactory(); + /// Destroys the CertificateHandlerFactory. + + virtual InvalidCertificateHandler* create(bool server) const = 0; + /// Creates a new InvalidCertificateHandler. Set server to true if the certificate handler is used on the server side. +}; + + +class NetSSL_API CertificateHandlerFactoryRegistrar + /// Registrar class which automatically registers CertificateHandlerFactory at the CertificateHandlerFactoryMgr. + /// You don't need to access this class directly. Use the macro + /// POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName) + /// instead (see the documentation of InvalidCertificateHandler for an example). +{ +public: + CertificateHandlerFactoryRegistrar(const std::string& name, CertificateHandlerFactory* pFactory); + /// Registers the CertificateHandlerFactory with the given name at the factory manager. + + virtual ~CertificateHandlerFactoryRegistrar(); + /// Destroys the CertificateHandlerFactoryRegistrar. +}; + + +template <typename T> +class CertificateHandlerFactoryImpl: public Poco::Net::CertificateHandlerFactory +{ +public: + CertificateHandlerFactoryImpl() + { + } + + ~CertificateHandlerFactoryImpl() + { + } + + InvalidCertificateHandler* create(bool server) const + { + return new T(server); + } +}; + + +} } // namespace Poco::Net + + +// DEPRECATED: register the factory directly at the FactoryMgr: +// Poco::Net::SSLManager::instance().certificateHandlerFactoryMgr().setFactory(name, new Poco::Net::CertificateHandlerFactoryImpl<MyConsoleHandler>()); +#define POCO_REGISTER_CHFACTORY(API, PKCLS) \ + static Poco::Net::CertificateHandlerFactoryRegistrar aRegistrar(std::string(#PKCLS), new Poco::Net::CertificateHandlerFactoryImpl<PKCLS>()); + + +#endif // NetSSL_CertificateHandlerFactory_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h index e70c9060b6..213d480f2f 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h @@ -1,64 +1,64 @@ -// -// CertificateHandlerFactoryMgr.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: CertificateHandlerFactoryMgr -// -// Definition of the CertificateHandlerFactoryMgr class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_CertificateHandlerFactoryMgr_INCLUDED -#define NetSSL_CertificateHandlerFactoryMgr_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/CertificateHandlerFactory.h" -#include "Poco/SharedPtr.h" -#include <map> - - -namespace Poco { -namespace Net { - - -class NetSSL_API CertificateHandlerFactoryMgr - /// A CertificateHandlerFactoryMgr manages all existing CertificateHandlerFactories. -{ -public: - typedef std::map<std::string, Poco::SharedPtr<CertificateHandlerFactory> > FactoriesMap; - - CertificateHandlerFactoryMgr(); - /// Creates the CertificateHandlerFactoryMgr. - - ~CertificateHandlerFactoryMgr(); - /// Destroys the CertificateHandlerFactoryMgr. - - void setFactory(const std::string& name, CertificateHandlerFactory* pFactory); - /// Registers the factory. Class takes ownership of the pointer. - /// If a factory with the same name already exists, an exception is thrown. - - bool hasFactory(const std::string& name) const; - /// Returns true if for the given name a factory is already registered - - const CertificateHandlerFactory* getFactory(const std::string& name) const; - /// Returns NULL if for the given name a factory does not exist, otherwise the factory is returned - - void removeFactory(const std::string& name); - /// Removes the factory from the manager. - -private: - FactoriesMap _factories; -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_CertificateHandlerFactoryMgr_INCLUDED +// +// CertificateHandlerFactoryMgr.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: CertificateHandlerFactoryMgr +// +// Definition of the CertificateHandlerFactoryMgr class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_CertificateHandlerFactoryMgr_INCLUDED +#define NetSSL_CertificateHandlerFactoryMgr_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/CertificateHandlerFactory.h" +#include "Poco/SharedPtr.h" +#include <map> + + +namespace Poco { +namespace Net { + + +class NetSSL_API CertificateHandlerFactoryMgr + /// A CertificateHandlerFactoryMgr manages all existing CertificateHandlerFactories. +{ +public: + typedef std::map<std::string, Poco::SharedPtr<CertificateHandlerFactory> > FactoriesMap; + + CertificateHandlerFactoryMgr(); + /// Creates the CertificateHandlerFactoryMgr. + + ~CertificateHandlerFactoryMgr(); + /// Destroys the CertificateHandlerFactoryMgr. + + void setFactory(const std::string& name, CertificateHandlerFactory* pFactory); + /// Registers the factory. Class takes ownership of the pointer. + /// If a factory with the same name already exists, an exception is thrown. + + bool hasFactory(const std::string& name) const; + /// Returns true if for the given name a factory is already registered + + const CertificateHandlerFactory* getFactory(const std::string& name) const; + /// Returns NULL if for the given name a factory does not exist, otherwise the factory is returned + + void removeFactory(const std::string& name); + /// Removes the factory from the manager. + +private: + FactoriesMap _factories; +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_CertificateHandlerFactoryMgr_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h index c58962c476..958906aede 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h @@ -1,50 +1,50 @@ -// -// ConsoleCertificateHandler.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: ConsoleCertificateHandler -// -// Definition of the ConsoleCertificateHandler class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_ConsoleCertificateHandler_INCLUDED -#define NetSSL_ConsoleCertificateHandler_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/InvalidCertificateHandler.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API ConsoleCertificateHandler: public InvalidCertificateHandler - /// A ConsoleCertificateHandler is invoked whenever an error occurs verifying the certificate. - /// - /// The certificate is printed to stdout and the user is asked via console if he wants to accept it. -{ -public: - ConsoleCertificateHandler(bool handleErrorsOnServerSide); - /// Creates the ConsoleCertificateHandler. - - virtual ~ConsoleCertificateHandler(); - /// Destroys the ConsoleCertificateHandler. - - void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert); - /// Prints the certificate to stdout and waits for user input on the console - /// to decide if a certificate should be accepted/rejected. -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_ConsoleCertificateHandler_INCLUDED +// +// ConsoleCertificateHandler.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: ConsoleCertificateHandler +// +// Definition of the ConsoleCertificateHandler class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_ConsoleCertificateHandler_INCLUDED +#define NetSSL_ConsoleCertificateHandler_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/InvalidCertificateHandler.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API ConsoleCertificateHandler: public InvalidCertificateHandler + /// A ConsoleCertificateHandler is invoked whenever an error occurs verifying the certificate. + /// + /// The certificate is printed to stdout and the user is asked via console if he wants to accept it. +{ +public: + ConsoleCertificateHandler(bool handleErrorsOnServerSide); + /// Creates the ConsoleCertificateHandler. + + virtual ~ConsoleCertificateHandler(); + /// Destroys the ConsoleCertificateHandler. + + void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert); + /// Prints the certificate to stdout and waits for user input on the console + /// to decide if a certificate should be accepted/rejected. +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_ConsoleCertificateHandler_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h index d66328380d..a6fff8c9e3 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h @@ -1,405 +1,405 @@ -// -// Context.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: Context -// -// Definition of the Context class. -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_Context_INCLUDED -#define NetSSL_Context_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/SocketDefs.h" -#include "Poco/Crypto/X509Certificate.h" -#include "Poco/Crypto/RSAKey.h" -#include "Poco/RefCountedObject.h" -#include "Poco/AutoPtr.h" -#include <openssl/ssl.h> -#include <cstdlib> - - -namespace Poco { -namespace Net { - - -class NetSSL_API Context: public Poco::RefCountedObject - /// This class encapsulates context information for - /// an SSL server or client, such as the certificate - /// verification mode and the location of certificates - /// and private key files, as well as the list of - /// supported ciphers. - /// - /// The Context class is also used to control - /// SSL session caching on the server and client side. -{ -public: - typedef Poco::AutoPtr<Context> Ptr; - - enum Usage - { - CLIENT_USE, /// Context is used by a client. - SERVER_USE, /// Context is used by a server. - TLSV1_CLIENT_USE, /// Context is used by a client requiring TLSv1. - TLSV1_SERVER_USE, /// Context is used by a server requiring TLSv1. - TLSV1_1_CLIENT_USE, /// Context is used by a client requiring TLSv1.1 (OpenSSL 1.0.0 or newer). - TLSV1_1_SERVER_USE, /// Context is used by a server requiring TLSv1.1 (OpenSSL 1.0.0 or newer). - TLSV1_2_CLIENT_USE, /// Context is used by a client requiring TLSv1.2 (OpenSSL 1.0.1 or newer). - TLSV1_2_SERVER_USE /// Context is used by a server requiring TLSv1.2 (OpenSSL 1.0.1 or newer). - }; - - enum VerificationMode - { - VERIFY_NONE = SSL_VERIFY_NONE, - /// Server: The server will not send a client certificate - /// request to the client, so the client will not send a certificate. - /// - /// Client: If not using an anonymous cipher (by default disabled), - /// the server will send a certificate which will be checked, but - /// the result of the check will be ignored. - - VERIFY_RELAXED = SSL_VERIFY_PEER, - /// Server: The server sends a client certificate request to the - /// client. The certificate returned (if any) is checked. - /// If the verification process fails, the TLS/SSL handshake is - /// immediately terminated with an alert message containing the - /// reason for the verification failure. - /// - /// Client: The server certificate is verified, if one is provided. - /// If the verification process fails, the TLS/SSL handshake is - /// immediately terminated with an alert message containing the - /// reason for the verification failure. - - VERIFY_STRICT = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - /// Server: If the client did not return a certificate, the TLS/SSL - /// handshake is immediately terminated with a handshake failure - /// alert. - /// - /// Client: Same as VERIFY_RELAXED. - - VERIFY_ONCE = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE - /// Server: Only request a client certificate on the initial - /// TLS/SSL handshake. Do not ask for a client certificate - /// again in case of a renegotiation. - /// - /// Client: Same as VERIFY_RELAXED. - }; - - enum Protocols - { - PROTO_SSLV2 = 0x01, - PROTO_SSLV3 = 0x02, - PROTO_TLSV1 = 0x04, - PROTO_TLSV1_1 = 0x08, - PROTO_TLSV1_2 = 0x10 - }; - - struct NetSSL_API Params - { - Params(); - /// Initializes the struct with default values. - - std::string privateKeyFile; - /// Path to the private key file used for encryption. - /// Can be empty if no private key file is used. - - std::string certificateFile; - /// Path to the certificate file (in PEM format). - /// If the private key and the certificate are stored in the same file, this - /// can be empty if privateKeyFile is given. - - std::string caLocation; - /// Path to the file or directory containing the CA/root certificates. - /// Can be empty if the OpenSSL builtin CA certificates - /// are used (see loadDefaultCAs). - - VerificationMode verificationMode; - /// Specifies whether and how peer certificates are validated. - /// Defaults to VERIFY_RELAXED. - - int verificationDepth; - /// Sets the upper limit for verification chain sizes. Verification - /// will fail if a certificate chain larger than this is encountered. - /// Defaults to 9. - - bool loadDefaultCAs; - /// Specifies whether the builtin CA certificates from OpenSSL are used. - /// Defaults to false. - - std::string cipherList; - /// Specifies the supported ciphers in OpenSSL notation. - /// Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH". - - std::string dhParamsFile; - /// Specifies a file containing Diffie-Hellman parameters. - /// If empty, the default parameters are used. - - std::string ecdhCurve; - /// Specifies the name of the curve to use for ECDH, based - /// on the curve names specified in RFC 4492. - /// Defaults to "prime256v1". - }; - - Context(Usage usage, const Params& params); - /// Creates a Context using the given parameters. - /// - /// * usage specifies whether the context is used by a client or server. - /// * params specifies the context parameters. - - Context( - Usage usage, - const std::string& privateKeyFile, - const std::string& certificateFile, - const std::string& caLocation, - VerificationMode verificationMode = VERIFY_RELAXED, - int verificationDepth = 9, - bool loadDefaultCAs = false, - const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - /// Creates a Context. - /// - /// * usage specifies whether the context is used by a client or server. - /// * privateKeyFile contains the path to the private key file used for encryption. - /// Can be empty if no private key file is used. - /// * certificateFile contains the path to the certificate file (in PEM format). - /// If the private key and the certificate are stored in the same file, this - /// can be empty if privateKeyFile is given. - /// * caLocation contains the path to the file or directory containing the - /// CA/root certificates. Can be empty if the OpenSSL builtin CA certificates - /// are used (see loadDefaultCAs). - /// * verificationMode specifies whether and how peer certificates are validated. - /// * verificationDepth sets the upper limit for verification chain sizes. Verification - /// will fail if a certificate chain larger than this is encountered. - /// * loadDefaultCAs specifies whether the builtin CA certificates from OpenSSL are used. - /// * cipherList specifies the supported ciphers in OpenSSL notation. - /// - /// Note: If the private key is protected by a passphrase, a PrivateKeyPassphraseHandler - /// must have been setup with the SSLManager, or the SSLManager's PrivateKeyPassphraseRequired - /// event must be handled. - - Context( - Usage usage, - const std::string& caLocation, - VerificationMode verificationMode = VERIFY_RELAXED, - int verificationDepth = 9, - bool loadDefaultCAs = false, - const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - /// Creates a Context. - /// - /// * usage specifies whether the context is used by a client or server. - /// * caLocation contains the path to the file or directory containing the - /// CA/root certificates. Can be empty if the OpenSSL builtin CA certificates - /// are used (see loadDefaultCAs). - /// * verificationMode specifies whether and how peer certificates are validated. - /// * verificationDepth sets the upper limit for verification chain sizes. Verification - /// will fail if a certificate chain larger than this is encountered. - /// * loadDefaultCAs specifies whether the builtin CA certificates from OpenSSL are used. - /// * cipherList specifies the supported ciphers in OpenSSL notation. - /// - /// Note that a private key and/or certificate must be specified with - /// usePrivateKey()/useCertificate() before the Context can be used. - - ~Context(); - /// Destroys the Context. - - void useCertificate(const Poco::Crypto::X509Certificate& certificate); - /// Sets the certificate to be used by the Context. - /// - /// To set-up a complete certificate chain, it might be - /// necessary to call addChainCertificate() to specify - /// additional certificates. - /// - /// Note that useCertificate() must always be called before - /// usePrivateKey(). - - void addChainCertificate(const Poco::Crypto::X509Certificate& certificate); - /// Adds a certificate for certificate chain validation. - - void addCertificateAuthority(const Poco::Crypto::X509Certificate& certificate); - /// Add one trusted certification authority to be used by the Context. - - void usePrivateKey(const Poco::Crypto::RSAKey& key); - /// Sets the private key to be used by the Context. - /// - /// Note that useCertificate() must always be called before - /// usePrivateKey(). - /// - /// Note: If the private key is protected by a passphrase, a PrivateKeyPassphraseHandler - /// must have been setup with the SSLManager, or the SSLManager's PrivateKeyPassphraseRequired - /// event must be handled. - - SSL_CTX* sslContext() const; - /// Returns the underlying OpenSSL SSL Context object. - - Usage usage() const; - /// Returns whether the context is for use by a client or by a server - /// and whether TLSv1 is required. - - bool isForServerUse() const; - /// Returns true iff the context is for use by a server. - - Context::VerificationMode verificationMode() const; - /// Returns the verification mode. - - void enableSessionCache(bool flag = true); - /// Enable or disable SSL/TLS session caching. - /// For session caching to work, it must be enabled - /// on the server, as well as on the client side. - /// - /// The default is disabled session caching. - /// - /// To enable session caching on the server side, use the - /// two-argument version of this method to specify - /// a session ID context. - - void enableSessionCache(bool flag, const std::string& sessionIdContext); - /// Enables or disables SSL/TLS session caching on the server. - /// For session caching to work, it must be enabled - /// on the server, as well as on the client side. - /// - /// SessionIdContext contains the application's unique - /// session ID context, which becomes part of each - /// session identifier generated by the server within this - /// context. SessionIdContext can be an arbitrary sequence - /// of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH. - /// - /// A non-empty sessionIdContext should be specified even if - /// session caching is disabled to avoid problems with clients - /// requesting to reuse a session (e.g. Firefox 3.6). - /// - /// This method may only be called on SERVER_USE Context objects. - - bool sessionCacheEnabled() const; - /// Returns true iff the session cache is enabled. - - void setSessionCacheSize(std::size_t size); - /// Sets the maximum size of the server session cache, in number of - /// sessions. The default size (according to OpenSSL documentation) - /// is 1024*20, which may be too large for many applications, - /// especially on embedded platforms with limited memory. - /// - /// Specifying a size of 0 will set an unlimited cache size. - /// - /// This method may only be called on SERVER_USE Context objects. - - std::size_t getSessionCacheSize() const; - /// Returns the current maximum size of the server session cache. - /// - /// This method may only be called on SERVER_USE Context objects. - - void setSessionTimeout(long seconds); - /// Sets the timeout (in seconds) of cached sessions on the server. - /// A cached session will be removed from the cache if it has - /// not been used for the given number of seconds. - /// - /// This method may only be called on SERVER_USE Context objects. - - long getSessionTimeout() const; - /// Returns the timeout (in seconds) of cached sessions on the server. - /// - /// This method may only be called on SERVER_USE Context objects. - - void flushSessionCache(); - /// Flushes the SSL session cache on the server. - /// - /// This method may only be called on SERVER_USE Context objects. - - void enableExtendedCertificateVerification(bool flag = true); - /// Enable or disable the automatic post-connection - /// extended certificate verification. - /// - /// See X509Certificate::verify() for more information. - - bool extendedCertificateVerificationEnabled() const; - /// Returns true iff automatic extended certificate - /// verification is enabled. - - void disableStatelessSessionResumption(); - /// Newer versions of OpenSSL support RFC 4507 tickets for stateless - /// session resumption. - /// - /// The feature can be disabled by calling this method. - - void disableProtocols(int protocols); - /// Disables the given protocols. - /// - /// The protocols to be disabled are specified by OR-ing - /// values from the Protocols enumeration, e.g.: - /// - /// context.disableProtocols(PROTO_SSLV2 | PROTO_SSLV3); - - void preferServerCiphers(); - /// When choosing a cipher, use the server's preferences instead of the client - /// preferences. When not called, the SSL server will always follow the clients - /// preferences. When called, the SSL/TLS server will choose following its own - /// preferences. - -private: - void init(const Params& params); - /// Initializes the Context with the given parameters. - - void initDH(const std::string& dhFile); - /// Initializes the Context with Diffie-Hellman parameters. - - void initECDH(const std::string& curve); - /// Initializes the Context with Elliptic-Curve Diffie-Hellman key - /// exchange curve parameters. - - void createSSLContext(); - /// Create a SSL_CTX object according to Context configuration. - - Usage _usage; - VerificationMode _mode; - SSL_CTX* _pSSLContext; - bool _extendedCertificateVerification; -}; - - -// -// inlines -// -inline Context::Usage Context::usage() const -{ - return _usage; -} - - -inline bool Context::isForServerUse() const -{ - return _usage == SERVER_USE - || _usage == TLSV1_SERVER_USE - || _usage == TLSV1_1_SERVER_USE - || _usage == TLSV1_2_SERVER_USE; -} - - -inline Context::VerificationMode Context::verificationMode() const -{ - return _mode; -} - - -inline SSL_CTX* Context::sslContext() const -{ - return _pSSLContext; -} - - -inline bool Context::extendedCertificateVerificationEnabled() const -{ - return _extendedCertificateVerification; -} - - -} } // namespace Poco::Net - - -#endif // NetSSL_Context_INCLUDED +// +// Context.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: Context +// +// Definition of the Context class. +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_Context_INCLUDED +#define NetSSL_Context_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/SocketDefs.h" +#include "Poco/Crypto/X509Certificate.h" +#include "Poco/Crypto/RSAKey.h" +#include "Poco/RefCountedObject.h" +#include "Poco/AutoPtr.h" +#include <openssl/ssl.h> +#include <cstdlib> + + +namespace Poco { +namespace Net { + + +class NetSSL_API Context: public Poco::RefCountedObject + /// This class encapsulates context information for + /// an SSL server or client, such as the certificate + /// verification mode and the location of certificates + /// and private key files, as well as the list of + /// supported ciphers. + /// + /// The Context class is also used to control + /// SSL session caching on the server and client side. +{ +public: + typedef Poco::AutoPtr<Context> Ptr; + + enum Usage + { + CLIENT_USE, /// Context is used by a client. + SERVER_USE, /// Context is used by a server. + TLSV1_CLIENT_USE, /// Context is used by a client requiring TLSv1. + TLSV1_SERVER_USE, /// Context is used by a server requiring TLSv1. + TLSV1_1_CLIENT_USE, /// Context is used by a client requiring TLSv1.1 (OpenSSL 1.0.0 or newer). + TLSV1_1_SERVER_USE, /// Context is used by a server requiring TLSv1.1 (OpenSSL 1.0.0 or newer). + TLSV1_2_CLIENT_USE, /// Context is used by a client requiring TLSv1.2 (OpenSSL 1.0.1 or newer). + TLSV1_2_SERVER_USE /// Context is used by a server requiring TLSv1.2 (OpenSSL 1.0.1 or newer). + }; + + enum VerificationMode + { + VERIFY_NONE = SSL_VERIFY_NONE, + /// Server: The server will not send a client certificate + /// request to the client, so the client will not send a certificate. + /// + /// Client: If not using an anonymous cipher (by default disabled), + /// the server will send a certificate which will be checked, but + /// the result of the check will be ignored. + + VERIFY_RELAXED = SSL_VERIFY_PEER, + /// Server: The server sends a client certificate request to the + /// client. The certificate returned (if any) is checked. + /// If the verification process fails, the TLS/SSL handshake is + /// immediately terminated with an alert message containing the + /// reason for the verification failure. + /// + /// Client: The server certificate is verified, if one is provided. + /// If the verification process fails, the TLS/SSL handshake is + /// immediately terminated with an alert message containing the + /// reason for the verification failure. + + VERIFY_STRICT = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + /// Server: If the client did not return a certificate, the TLS/SSL + /// handshake is immediately terminated with a handshake failure + /// alert. + /// + /// Client: Same as VERIFY_RELAXED. + + VERIFY_ONCE = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE + /// Server: Only request a client certificate on the initial + /// TLS/SSL handshake. Do not ask for a client certificate + /// again in case of a renegotiation. + /// + /// Client: Same as VERIFY_RELAXED. + }; + + enum Protocols + { + PROTO_SSLV2 = 0x01, + PROTO_SSLV3 = 0x02, + PROTO_TLSV1 = 0x04, + PROTO_TLSV1_1 = 0x08, + PROTO_TLSV1_2 = 0x10 + }; + + struct NetSSL_API Params + { + Params(); + /// Initializes the struct with default values. + + std::string privateKeyFile; + /// Path to the private key file used for encryption. + /// Can be empty if no private key file is used. + + std::string certificateFile; + /// Path to the certificate file (in PEM format). + /// If the private key and the certificate are stored in the same file, this + /// can be empty if privateKeyFile is given. + + std::string caLocation; + /// Path to the file or directory containing the CA/root certificates. + /// Can be empty if the OpenSSL builtin CA certificates + /// are used (see loadDefaultCAs). + + VerificationMode verificationMode; + /// Specifies whether and how peer certificates are validated. + /// Defaults to VERIFY_RELAXED. + + int verificationDepth; + /// Sets the upper limit for verification chain sizes. Verification + /// will fail if a certificate chain larger than this is encountered. + /// Defaults to 9. + + bool loadDefaultCAs; + /// Specifies whether the builtin CA certificates from OpenSSL are used. + /// Defaults to false. + + std::string cipherList; + /// Specifies the supported ciphers in OpenSSL notation. + /// Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH". + + std::string dhParamsFile; + /// Specifies a file containing Diffie-Hellman parameters. + /// If empty, the default parameters are used. + + std::string ecdhCurve; + /// Specifies the name of the curve to use for ECDH, based + /// on the curve names specified in RFC 4492. + /// Defaults to "prime256v1". + }; + + Context(Usage usage, const Params& params); + /// Creates a Context using the given parameters. + /// + /// * usage specifies whether the context is used by a client or server. + /// * params specifies the context parameters. + + Context( + Usage usage, + const std::string& privateKeyFile, + const std::string& certificateFile, + const std::string& caLocation, + VerificationMode verificationMode = VERIFY_RELAXED, + int verificationDepth = 9, + bool loadDefaultCAs = false, + const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); + /// Creates a Context. + /// + /// * usage specifies whether the context is used by a client or server. + /// * privateKeyFile contains the path to the private key file used for encryption. + /// Can be empty if no private key file is used. + /// * certificateFile contains the path to the certificate file (in PEM format). + /// If the private key and the certificate are stored in the same file, this + /// can be empty if privateKeyFile is given. + /// * caLocation contains the path to the file or directory containing the + /// CA/root certificates. Can be empty if the OpenSSL builtin CA certificates + /// are used (see loadDefaultCAs). + /// * verificationMode specifies whether and how peer certificates are validated. + /// * verificationDepth sets the upper limit for verification chain sizes. Verification + /// will fail if a certificate chain larger than this is encountered. + /// * loadDefaultCAs specifies whether the builtin CA certificates from OpenSSL are used. + /// * cipherList specifies the supported ciphers in OpenSSL notation. + /// + /// Note: If the private key is protected by a passphrase, a PrivateKeyPassphraseHandler + /// must have been setup with the SSLManager, or the SSLManager's PrivateKeyPassphraseRequired + /// event must be handled. + + Context( + Usage usage, + const std::string& caLocation, + VerificationMode verificationMode = VERIFY_RELAXED, + int verificationDepth = 9, + bool loadDefaultCAs = false, + const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); + /// Creates a Context. + /// + /// * usage specifies whether the context is used by a client or server. + /// * caLocation contains the path to the file or directory containing the + /// CA/root certificates. Can be empty if the OpenSSL builtin CA certificates + /// are used (see loadDefaultCAs). + /// * verificationMode specifies whether and how peer certificates are validated. + /// * verificationDepth sets the upper limit for verification chain sizes. Verification + /// will fail if a certificate chain larger than this is encountered. + /// * loadDefaultCAs specifies whether the builtin CA certificates from OpenSSL are used. + /// * cipherList specifies the supported ciphers in OpenSSL notation. + /// + /// Note that a private key and/or certificate must be specified with + /// usePrivateKey()/useCertificate() before the Context can be used. + + ~Context(); + /// Destroys the Context. + + void useCertificate(const Poco::Crypto::X509Certificate& certificate); + /// Sets the certificate to be used by the Context. + /// + /// To set-up a complete certificate chain, it might be + /// necessary to call addChainCertificate() to specify + /// additional certificates. + /// + /// Note that useCertificate() must always be called before + /// usePrivateKey(). + + void addChainCertificate(const Poco::Crypto::X509Certificate& certificate); + /// Adds a certificate for certificate chain validation. + + void addCertificateAuthority(const Poco::Crypto::X509Certificate& certificate); + /// Add one trusted certification authority to be used by the Context. + + void usePrivateKey(const Poco::Crypto::RSAKey& key); + /// Sets the private key to be used by the Context. + /// + /// Note that useCertificate() must always be called before + /// usePrivateKey(). + /// + /// Note: If the private key is protected by a passphrase, a PrivateKeyPassphraseHandler + /// must have been setup with the SSLManager, or the SSLManager's PrivateKeyPassphraseRequired + /// event must be handled. + + SSL_CTX* sslContext() const; + /// Returns the underlying OpenSSL SSL Context object. + + Usage usage() const; + /// Returns whether the context is for use by a client or by a server + /// and whether TLSv1 is required. + + bool isForServerUse() const; + /// Returns true iff the context is for use by a server. + + Context::VerificationMode verificationMode() const; + /// Returns the verification mode. + + void enableSessionCache(bool flag = true); + /// Enable or disable SSL/TLS session caching. + /// For session caching to work, it must be enabled + /// on the server, as well as on the client side. + /// + /// The default is disabled session caching. + /// + /// To enable session caching on the server side, use the + /// two-argument version of this method to specify + /// a session ID context. + + void enableSessionCache(bool flag, const std::string& sessionIdContext); + /// Enables or disables SSL/TLS session caching on the server. + /// For session caching to work, it must be enabled + /// on the server, as well as on the client side. + /// + /// SessionIdContext contains the application's unique + /// session ID context, which becomes part of each + /// session identifier generated by the server within this + /// context. SessionIdContext can be an arbitrary sequence + /// of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH. + /// + /// A non-empty sessionIdContext should be specified even if + /// session caching is disabled to avoid problems with clients + /// requesting to reuse a session (e.g. Firefox 3.6). + /// + /// This method may only be called on SERVER_USE Context objects. + + bool sessionCacheEnabled() const; + /// Returns true iff the session cache is enabled. + + void setSessionCacheSize(std::size_t size); + /// Sets the maximum size of the server session cache, in number of + /// sessions. The default size (according to OpenSSL documentation) + /// is 1024*20, which may be too large for many applications, + /// especially on embedded platforms with limited memory. + /// + /// Specifying a size of 0 will set an unlimited cache size. + /// + /// This method may only be called on SERVER_USE Context objects. + + std::size_t getSessionCacheSize() const; + /// Returns the current maximum size of the server session cache. + /// + /// This method may only be called on SERVER_USE Context objects. + + void setSessionTimeout(long seconds); + /// Sets the timeout (in seconds) of cached sessions on the server. + /// A cached session will be removed from the cache if it has + /// not been used for the given number of seconds. + /// + /// This method may only be called on SERVER_USE Context objects. + + long getSessionTimeout() const; + /// Returns the timeout (in seconds) of cached sessions on the server. + /// + /// This method may only be called on SERVER_USE Context objects. + + void flushSessionCache(); + /// Flushes the SSL session cache on the server. + /// + /// This method may only be called on SERVER_USE Context objects. + + void enableExtendedCertificateVerification(bool flag = true); + /// Enable or disable the automatic post-connection + /// extended certificate verification. + /// + /// See X509Certificate::verify() for more information. + + bool extendedCertificateVerificationEnabled() const; + /// Returns true iff automatic extended certificate + /// verification is enabled. + + void disableStatelessSessionResumption(); + /// Newer versions of OpenSSL support RFC 4507 tickets for stateless + /// session resumption. + /// + /// The feature can be disabled by calling this method. + + void disableProtocols(int protocols); + /// Disables the given protocols. + /// + /// The protocols to be disabled are specified by OR-ing + /// values from the Protocols enumeration, e.g.: + /// + /// context.disableProtocols(PROTO_SSLV2 | PROTO_SSLV3); + + void preferServerCiphers(); + /// When choosing a cipher, use the server's preferences instead of the client + /// preferences. When not called, the SSL server will always follow the clients + /// preferences. When called, the SSL/TLS server will choose following its own + /// preferences. + +private: + void init(const Params& params); + /// Initializes the Context with the given parameters. + + void initDH(const std::string& dhFile); + /// Initializes the Context with Diffie-Hellman parameters. + + void initECDH(const std::string& curve); + /// Initializes the Context with Elliptic-Curve Diffie-Hellman key + /// exchange curve parameters. + + void createSSLContext(); + /// Create a SSL_CTX object according to Context configuration. + + Usage _usage; + VerificationMode _mode; + SSL_CTX* _pSSLContext; + bool _extendedCertificateVerification; +}; + + +// +// inlines +// +inline Context::Usage Context::usage() const +{ + return _usage; +} + + +inline bool Context::isForServerUse() const +{ + return _usage == SERVER_USE + || _usage == TLSV1_SERVER_USE + || _usage == TLSV1_1_SERVER_USE + || _usage == TLSV1_2_SERVER_USE; +} + + +inline Context::VerificationMode Context::verificationMode() const +{ + return _mode; +} + + +inline SSL_CTX* Context::sslContext() const +{ + return _pSSLContext; +} + + +inline bool Context::extendedCertificateVerificationEnabled() const +{ + return _extendedCertificateVerification; +} + + +} } // namespace Poco::Net + + +#endif // NetSSL_Context_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h index ff0d89994c..ef77d8a922 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h @@ -1,165 +1,165 @@ -// -// HTTPSClientSession.h -// -// Library: NetSSL_OpenSSL -// Package: HTTPSClient -// Module: HTTPSClientSession -// -// Definition of the HTTPSClientSession class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_HTTPSClientSession_INCLUDED -#define NetSSL_HTTPSClientSession_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/Utility.h" -#include "Poco/Net/HTTPClientSession.h" -#include "Poco/Net/Context.h" -#include "Poco/Net/Session.h" -#include "Poco/Net/X509Certificate.h" - - -namespace Poco { -namespace Net { - - -class SecureStreamSocket; -class HTTPRequest; -class HTTPResponse; - - -class NetSSL_API HTTPSClientSession: public HTTPClientSession - /// This class implements the client-side of - /// a HTTPS session. - /// - /// To send a HTTPS request to a HTTPS server, first - /// instantiate a HTTPSClientSession object and - /// specify the server's host name and port number. - /// - /// Then create a HTTPRequest object, fill it accordingly, - /// and pass it as argument to the sendRequest() method. - /// - /// sendRequest() will return an output stream that can - /// be used to send the request body, if there is any. - /// - /// After you are done sending the request body, create - /// a HTTPResponse object and pass it to receiveResponse(). - /// - /// This will return an input stream that can be used to - /// read the response body. - /// - /// See RFC 2616 <http://www.faqs.org/rfcs/rfc2616.html> for more - /// information about the HTTP protocol. - /// - /// Note that sending requests that neither contain a content length - /// field in the header nor are using chunked transfer encoding will - /// result in a SSL protocol violation, as the framework shuts down - /// the socket after sending the message body. No orderly SSL shutdown - /// will be performed in this case. - /// - /// If session caching has been enabled for the Context object passed - /// to the HTTPSClientSession, the HTTPSClientSession class will - /// attempt to reuse a previously obtained Session object in - /// case of a reconnect. -{ -public: - enum - { - HTTPS_PORT = 443 - }; - - HTTPSClientSession(); - /// Creates an unconnected HTTPSClientSession. - - explicit HTTPSClientSession(const SecureStreamSocket& socket); - /// Creates a HTTPSClientSession using the given socket. - /// The socket must not be connected. The session - /// takes ownership of the socket. - - HTTPSClientSession(const SecureStreamSocket& socket, Session::Ptr pSession); - /// Creates a HTTPSClientSession using the given socket. - /// The socket must not be connected. The session - /// takes ownership of the socket. - /// - /// The given Session is reused, if possible (client session - /// caching is enabled for the given Context, and the server - /// agrees to reuse the session). - - HTTPSClientSession(const std::string& host, Poco::UInt16 port = HTTPS_PORT); - /// Creates a HTTPSClientSession using the given host and port. - - explicit HTTPSClientSession(Context::Ptr pContext); - /// Creates an unconnected HTTPSClientSession, using the - /// give SSL context. - - HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession); - /// Creates an unconnected HTTPSClientSession, using the - /// give SSL context. - /// - /// The given Session is reused, if possible (client session - /// caching is enabled for the given Context, and the server - /// agrees to reuse the session). - - HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext); - /// Creates a HTTPSClientSession using the given host and port, - /// using the given SSL context. - - HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession); - /// Creates a HTTPSClientSession using the given host and port, - /// using the given SSL context. - /// - /// The given Session is reused, if possible (client session - /// caching is enabled for the given Context, and the server - /// agrees to reuse the session). - - ~HTTPSClientSession(); - /// Destroys the HTTPSClientSession and closes - /// the underlying socket. - - bool secure() const; - /// Return true iff the session uses SSL or TLS, - /// or false otherwise. - - X509Certificate serverCertificate(); - /// Returns the server's certificate. - /// - /// The certificate is available after the first request has been sent. - - Session::Ptr sslSession(); - /// Returns the SSL Session object for the current - /// connection, if session caching has been enabled for - /// the HTTPSClientSession's Context. A null pointer is - /// returned otherwise. - /// - /// The Session object can be obtained after the first request has - /// been sent. - - // HTTPSession - void abort(); - -protected: - void connect(const SocketAddress& address); - std::string proxyRequestPrefix() const; - void proxyAuthenticate(HTTPRequest& request); - int read(char* buffer, std::streamsize length); - -private: - HTTPSClientSession(const HTTPSClientSession&); - HTTPSClientSession& operator = (const HTTPSClientSession&); - - Context::Ptr _pContext; - Session::Ptr _pSession; -}; - - -} } // namespace Poco::Net - - -#endif // Net_HTTPSClientSession_INCLUDED +// +// HTTPSClientSession.h +// +// Library: NetSSL_OpenSSL +// Package: HTTPSClient +// Module: HTTPSClientSession +// +// Definition of the HTTPSClientSession class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_HTTPSClientSession_INCLUDED +#define NetSSL_HTTPSClientSession_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/Utility.h" +#include "Poco/Net/HTTPClientSession.h" +#include "Poco/Net/Context.h" +#include "Poco/Net/Session.h" +#include "Poco/Net/X509Certificate.h" + + +namespace Poco { +namespace Net { + + +class SecureStreamSocket; +class HTTPRequest; +class HTTPResponse; + + +class NetSSL_API HTTPSClientSession: public HTTPClientSession + /// This class implements the client-side of + /// a HTTPS session. + /// + /// To send a HTTPS request to a HTTPS server, first + /// instantiate a HTTPSClientSession object and + /// specify the server's host name and port number. + /// + /// Then create a HTTPRequest object, fill it accordingly, + /// and pass it as argument to the sendRequest() method. + /// + /// sendRequest() will return an output stream that can + /// be used to send the request body, if there is any. + /// + /// After you are done sending the request body, create + /// a HTTPResponse object and pass it to receiveResponse(). + /// + /// This will return an input stream that can be used to + /// read the response body. + /// + /// See RFC 2616 <http://www.faqs.org/rfcs/rfc2616.html> for more + /// information about the HTTP protocol. + /// + /// Note that sending requests that neither contain a content length + /// field in the header nor are using chunked transfer encoding will + /// result in a SSL protocol violation, as the framework shuts down + /// the socket after sending the message body. No orderly SSL shutdown + /// will be performed in this case. + /// + /// If session caching has been enabled for the Context object passed + /// to the HTTPSClientSession, the HTTPSClientSession class will + /// attempt to reuse a previously obtained Session object in + /// case of a reconnect. +{ +public: + enum + { + HTTPS_PORT = 443 + }; + + HTTPSClientSession(); + /// Creates an unconnected HTTPSClientSession. + + explicit HTTPSClientSession(const SecureStreamSocket& socket); + /// Creates a HTTPSClientSession using the given socket. + /// The socket must not be connected. The session + /// takes ownership of the socket. + + HTTPSClientSession(const SecureStreamSocket& socket, Session::Ptr pSession); + /// Creates a HTTPSClientSession using the given socket. + /// The socket must not be connected. The session + /// takes ownership of the socket. + /// + /// The given Session is reused, if possible (client session + /// caching is enabled for the given Context, and the server + /// agrees to reuse the session). + + HTTPSClientSession(const std::string& host, Poco::UInt16 port = HTTPS_PORT); + /// Creates a HTTPSClientSession using the given host and port. + + explicit HTTPSClientSession(Context::Ptr pContext); + /// Creates an unconnected HTTPSClientSession, using the + /// give SSL context. + + HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession); + /// Creates an unconnected HTTPSClientSession, using the + /// give SSL context. + /// + /// The given Session is reused, if possible (client session + /// caching is enabled for the given Context, and the server + /// agrees to reuse the session). + + HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext); + /// Creates a HTTPSClientSession using the given host and port, + /// using the given SSL context. + + HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession); + /// Creates a HTTPSClientSession using the given host and port, + /// using the given SSL context. + /// + /// The given Session is reused, if possible (client session + /// caching is enabled for the given Context, and the server + /// agrees to reuse the session). + + ~HTTPSClientSession(); + /// Destroys the HTTPSClientSession and closes + /// the underlying socket. + + bool secure() const; + /// Return true iff the session uses SSL or TLS, + /// or false otherwise. + + X509Certificate serverCertificate(); + /// Returns the server's certificate. + /// + /// The certificate is available after the first request has been sent. + + Session::Ptr sslSession(); + /// Returns the SSL Session object for the current + /// connection, if session caching has been enabled for + /// the HTTPSClientSession's Context. A null pointer is + /// returned otherwise. + /// + /// The Session object can be obtained after the first request has + /// been sent. + + // HTTPSession + void abort(); + +protected: + void connect(const SocketAddress& address); + std::string proxyRequestPrefix() const; + void proxyAuthenticate(HTTPRequest& request); + int read(char* buffer, std::streamsize length); + +private: + HTTPSClientSession(const HTTPSClientSession&); + HTTPSClientSession& operator = (const HTTPSClientSession&); + + Context::Ptr _pContext; + Session::Ptr _pSession; +}; + + +} } // namespace Poco::Net + + +#endif // Net_HTTPSClientSession_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h index 214e2819b6..6fd4a3179b 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h @@ -1,65 +1,65 @@ -// -// HTTPSSessionInstantiator.h -// -// Library: NetSSL_OpenSSL -// Package: HTTPSClient -// Module: HTTPSSessionInstantiator -// -// Definition of the HTTPSSessionInstantiator class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef Net_HTTPSSessionInstantiator_INCLUDED -#define Net_HTTPSSessionInstantiator_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/Context.h" -#include "Poco/Net/Utility.h" -#include "Poco/Net/HTTPSessionInstantiator.h" -#include "Poco/URI.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API HTTPSSessionInstantiator: public HTTPSessionInstantiator - /// The HTTPSessionInstantiator for HTTPSClientSession. -{ -public: - HTTPSSessionInstantiator(); - /// Creates the HTTPSSessionInstantiator. - - HTTPSSessionInstantiator(Context::Ptr pContext); - /// Creates the HTTPSSessionInstantiator using the given SSL context. - - ~HTTPSSessionInstantiator(); - /// Destroys the HTTPSSessionInstantiator. - - HTTPClientSession* createClientSession(const Poco::URI& uri); - /// Creates a HTTPSClientSession for the given URI. - - static void registerInstantiator(); - /// Registers the instantiator with the global HTTPSessionFactory. - - static void registerInstantiator(Context::Ptr pContext); - /// Registers the instantiator with the global HTTPSessionFactory using the given SSL context. - - static void unregisterInstantiator(); - /// Unregisters the factory with the global HTTPSessionFactory. - -private: - Context::Ptr _pContext; -}; - - -} } // namespace Poco::Net - - -#endif // Net_HTTPSSessionInstantiator_INCLUDED +// +// HTTPSSessionInstantiator.h +// +// Library: NetSSL_OpenSSL +// Package: HTTPSClient +// Module: HTTPSSessionInstantiator +// +// Definition of the HTTPSSessionInstantiator class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef Net_HTTPSSessionInstantiator_INCLUDED +#define Net_HTTPSSessionInstantiator_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/Context.h" +#include "Poco/Net/Utility.h" +#include "Poco/Net/HTTPSessionInstantiator.h" +#include "Poco/URI.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API HTTPSSessionInstantiator: public HTTPSessionInstantiator + /// The HTTPSessionInstantiator for HTTPSClientSession. +{ +public: + HTTPSSessionInstantiator(); + /// Creates the HTTPSSessionInstantiator. + + HTTPSSessionInstantiator(Context::Ptr pContext); + /// Creates the HTTPSSessionInstantiator using the given SSL context. + + ~HTTPSSessionInstantiator(); + /// Destroys the HTTPSSessionInstantiator. + + HTTPClientSession* createClientSession(const Poco::URI& uri); + /// Creates a HTTPSClientSession for the given URI. + + static void registerInstantiator(); + /// Registers the instantiator with the global HTTPSessionFactory. + + static void registerInstantiator(Context::Ptr pContext); + /// Registers the instantiator with the global HTTPSessionFactory using the given SSL context. + + static void unregisterInstantiator(); + /// Unregisters the factory with the global HTTPSessionFactory. + +private: + Context::Ptr _pContext; +}; + + +} } // namespace Poco::Net + + +#endif // Net_HTTPSSessionInstantiator_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h index 2fd3515c88..fe8983d03d 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h @@ -1,83 +1,83 @@ -// -// HTTPSStreamFactory.h -// -// Library: NetSSL_OpenSSL -// Package: HTTPSClient -// Module: HTTPSStreamFactory -// -// Definition of the HTTPSStreamFactory class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_HTTPSStreamFactory_INCLUDED -#define NetSSL_HTTPSStreamFactory_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/HTTPSession.h" -#include "Poco/URIStreamFactory.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API HTTPSStreamFactory: public Poco::URIStreamFactory - /// An implementation of the URIStreamFactory interface - /// that handles secure Hyper-Text Transfer Protocol (https) URIs. -{ -public: - HTTPSStreamFactory(); - /// Creates the HTTPSStreamFactory. - - HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort = HTTPSession::HTTP_PORT); - /// Creates the HTTPSStreamFactory. - /// - /// HTTPS connections will use the given proxy. - - HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort, const std::string& proxyUsername, const std::string& proxyPassword); - /// Creates the HTTPSStreamFactory. - /// - /// HTTPS connections will use the given proxy and - /// will be authorized against the proxy using Basic authentication - /// with the given proxyUsername and proxyPassword. - - ~HTTPSStreamFactory(); - /// Destroys the HTTPSStreamFactory. - - std::istream* open(const Poco::URI& uri); - /// Creates and opens a HTTPS stream for the given URI. - /// The URI must be a https://... URI. - /// - /// Throws a NetException if anything goes wrong. - - static void registerFactory(); - /// Registers the HTTPSStreamFactory with the - /// default URIStreamOpener instance. - - static void unregisterFactory(); - /// Unregisters the HTTPSStreamFactory with the - /// default URIStreamOpener instance. - -private: - enum - { - MAX_REDIRECTS = 10 - }; - - std::string _proxyHost; - Poco::UInt16 _proxyPort; - std::string _proxyUsername; - std::string _proxyPassword; -}; - - -} } // namespace Poco::Net - - -#endif // Net_HTTPSStreamFactory_INCLUDED +// +// HTTPSStreamFactory.h +// +// Library: NetSSL_OpenSSL +// Package: HTTPSClient +// Module: HTTPSStreamFactory +// +// Definition of the HTTPSStreamFactory class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_HTTPSStreamFactory_INCLUDED +#define NetSSL_HTTPSStreamFactory_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/HTTPSession.h" +#include "Poco/URIStreamFactory.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API HTTPSStreamFactory: public Poco::URIStreamFactory + /// An implementation of the URIStreamFactory interface + /// that handles secure Hyper-Text Transfer Protocol (https) URIs. +{ +public: + HTTPSStreamFactory(); + /// Creates the HTTPSStreamFactory. + + HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort = HTTPSession::HTTP_PORT); + /// Creates the HTTPSStreamFactory. + /// + /// HTTPS connections will use the given proxy. + + HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort, const std::string& proxyUsername, const std::string& proxyPassword); + /// Creates the HTTPSStreamFactory. + /// + /// HTTPS connections will use the given proxy and + /// will be authorized against the proxy using Basic authentication + /// with the given proxyUsername and proxyPassword. + + ~HTTPSStreamFactory(); + /// Destroys the HTTPSStreamFactory. + + std::istream* open(const Poco::URI& uri); + /// Creates and opens a HTTPS stream for the given URI. + /// The URI must be a https://... URI. + /// + /// Throws a NetException if anything goes wrong. + + static void registerFactory(); + /// Registers the HTTPSStreamFactory with the + /// default URIStreamOpener instance. + + static void unregisterFactory(); + /// Unregisters the HTTPSStreamFactory with the + /// default URIStreamOpener instance. + +private: + enum + { + MAX_REDIRECTS = 10 + }; + + std::string _proxyHost; + Poco::UInt16 _proxyPort; + std::string _proxyUsername; + std::string _proxyPassword; +}; + + +} } // namespace Poco::Net + + +#endif // Net_HTTPSStreamFactory_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h index e10faf3cdb..58194d9bec 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h @@ -1,80 +1,80 @@ -// -// InvalidCertificateHandler.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: InvalidCertificateHandler -// -// Definition of the InvalidCertificateHandler class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_InvalidCertificateHandler_INCLUDED -#define NetSSL_InvalidCertificateHandler_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/VerificationErrorArgs.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API InvalidCertificateHandler - /// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user - /// to inspect and accept/reject the certificate. - /// One can install one's own InvalidCertificateHandler by implementing this interface. Note that - /// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API - /// and the name of your handler class is MyGuiHandler): - /// - /// #include "Poco/Net/CertificateHandlerFactory.h" - /// ... - /// POCO_REGISTER_CHFACTORY(My_API, MyGuiHandler) - /// - /// One can either set the handler directly in the startup code of the main method of ones application by calling - /// - /// SSLManager::instance().initialize(mypassphraseHandler, myguiHandler, mySSLContext) - /// - /// or in case one uses Poco::Util::Application one can rely on an XML configuration and put the following entry - /// under the path openSSL.invalidCertificateHandler: - /// - /// <invalidCertificateHandler> - /// <name>MyGuiHandler<name> - /// <options> - /// [...] // Put optional config params for the handler here - /// </options> - /// </invalidCertificateHandler> - /// - /// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro. -{ -public: - InvalidCertificateHandler(bool handleErrorsOnServerSide); - /// Creates the InvalidCertificateHandler. - /// - /// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side. - /// Automatically registers at one of the SSLManager::VerificationError events. - - virtual ~InvalidCertificateHandler(); - /// Destroys the InvalidCertificateHandler. - - virtual void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert) = 0; - /// Receives the questionable certificate in parameter errorCert. If one wants to accept the - /// certificate, call errorCert.setIgnoreError(true). - -protected: - bool _handleErrorsOnServerSide; - /// Stores if the certificate handler gets invoked by the server (i.e. a client certificate is wrong) - /// or the client (a server certificate is wrong) -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_InvalidCertificateHandler_INCLUDED +// +// InvalidCertificateHandler.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: InvalidCertificateHandler +// +// Definition of the InvalidCertificateHandler class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_InvalidCertificateHandler_INCLUDED +#define NetSSL_InvalidCertificateHandler_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/VerificationErrorArgs.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API InvalidCertificateHandler + /// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user + /// to inspect and accept/reject the certificate. + /// One can install one's own InvalidCertificateHandler by implementing this interface. Note that + /// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API + /// and the name of your handler class is MyGuiHandler): + /// + /// #include "Poco/Net/CertificateHandlerFactory.h" + /// ... + /// POCO_REGISTER_CHFACTORY(My_API, MyGuiHandler) + /// + /// One can either set the handler directly in the startup code of the main method of ones application by calling + /// + /// SSLManager::instance().initialize(mypassphraseHandler, myguiHandler, mySSLContext) + /// + /// or in case one uses Poco::Util::Application one can rely on an XML configuration and put the following entry + /// under the path openSSL.invalidCertificateHandler: + /// + /// <invalidCertificateHandler> + /// <name>MyGuiHandler<name> + /// <options> + /// [...] // Put optional config params for the handler here + /// </options> + /// </invalidCertificateHandler> + /// + /// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro. +{ +public: + InvalidCertificateHandler(bool handleErrorsOnServerSide); + /// Creates the InvalidCertificateHandler. + /// + /// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side. + /// Automatically registers at one of the SSLManager::VerificationError events. + + virtual ~InvalidCertificateHandler(); + /// Destroys the InvalidCertificateHandler. + + virtual void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert) = 0; + /// Receives the questionable certificate in parameter errorCert. If one wants to accept the + /// certificate, call errorCert.setIgnoreError(true). + +protected: + bool _handleErrorsOnServerSide; + /// Stores if the certificate handler gets invoked by the server (i.e. a client certificate is wrong) + /// or the client (a server certificate is wrong) +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_InvalidCertificateHandler_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h index d9483d78e0..dc14502a87 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h @@ -1,47 +1,47 @@ -// -// KeyConsoleHandler.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: KeyConsoleHandler -// -// Definition of the KeyConsoleHandler class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_KeyConsoleHandler_INCLUDED -#define NetSSL_KeyConsoleHandler_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/PrivateKeyPassphraseHandler.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API KeyConsoleHandler: public PrivateKeyPassphraseHandler - /// An implementation of PrivateKeyPassphraseHandler that - /// reads the key for a certificate from the console. -{ -public: - KeyConsoleHandler(bool server); - /// Creates the KeyConsoleHandler. - - ~KeyConsoleHandler(); - /// Destroys the KeyConsoleHandler. - - void onPrivateKeyRequested(const void* pSender, std::string& privateKey); -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_KeyConsoleHandler_INCLUDED +// +// KeyConsoleHandler.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: KeyConsoleHandler +// +// Definition of the KeyConsoleHandler class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_KeyConsoleHandler_INCLUDED +#define NetSSL_KeyConsoleHandler_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/PrivateKeyPassphraseHandler.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API KeyConsoleHandler: public PrivateKeyPassphraseHandler + /// An implementation of PrivateKeyPassphraseHandler that + /// reads the key for a certificate from the console. +{ +public: + KeyConsoleHandler(bool server); + /// Creates the KeyConsoleHandler. + + ~KeyConsoleHandler(); + /// Destroys the KeyConsoleHandler. + + void onPrivateKeyRequested(const void* pSender, std::string& privateKey); +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_KeyConsoleHandler_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h index 274cdbff59..452205ac59 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h @@ -1,51 +1,51 @@ -// -// KeyFileHandler.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: KeyFileHandler -// -// Definition of the KeyFileHandler class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_KeyFileHandler_INCLUDED -#define NetSSL_KeyFileHandler_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/PrivateKeyPassphraseHandler.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API KeyFileHandler: public PrivateKeyPassphraseHandler - /// An implementation of PrivateKeyPassphraseHandler that - /// reads the key for a certificate from a configuration file - /// under the path "openSSL.privateKeyPassphraseHandler.options.password". -{ -public: - KeyFileHandler(bool server); - /// Creates the KeyFileHandler. - - virtual ~KeyFileHandler(); - /// Destroys the KeyFileHandler. - - void onPrivateKeyRequested(const void* pSender, std::string& privateKey); - -private: - static const std::string CFG_PRIV_KEY_FILE; -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_KeyFileHandler_INCLUDED +// +// KeyFileHandler.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: KeyFileHandler +// +// Definition of the KeyFileHandler class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_KeyFileHandler_INCLUDED +#define NetSSL_KeyFileHandler_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/PrivateKeyPassphraseHandler.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API KeyFileHandler: public PrivateKeyPassphraseHandler + /// An implementation of PrivateKeyPassphraseHandler that + /// reads the key for a certificate from a configuration file + /// under the path "openSSL.privateKeyPassphraseHandler.options.password". +{ +public: + KeyFileHandler(bool server); + /// Creates the KeyFileHandler. + + virtual ~KeyFileHandler(); + /// Destroys the KeyFileHandler. + + void onPrivateKeyRequested(const void* pSender, std::string& privateKey); + +private: + static const std::string CFG_PRIV_KEY_FILE; +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_KeyFileHandler_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h index ae793fde93..3c2afd745a 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h @@ -1,94 +1,94 @@ -// -// NetSSL.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: OpenSSL -// -// Basic definitions for the Poco OpenSSL library. -// This file must be the first file included by every other OpenSSL -// header file. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_NetSSL_INCLUDED -#define NetSSL_NetSSL_INCLUDED - - -#include "Poco/Net/Net.h" -#include "Poco/Crypto/Crypto.h" - - -// -// The following block is the standard way of creating macros which make exporting -// from a DLL simpler. All files within this DLL are compiled with the NetSSL_EXPORTS -// symbol defined on the command line. this symbol should not be defined on any project -// that uses this DLL. This way any other project whose source files include this file see -// NetSSL_API functions as being imported from a DLL, wheras this DLL sees symbols -// defined with this macro as being exported. -// -#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(POCO_DLL) - #if defined(NetSSL_EXPORTS) - #define NetSSL_API __declspec(dllexport) - #else - #define NetSSL_API __declspec(dllimport) - #endif -#endif - - -#if !defined(NetSSL_API) - #if !defined(POCO_NO_GCC_API_ATTRIBUTE) && defined (__GNUC__) && (__GNUC__ >= 4) - #define NetSSL_API __attribute__ ((visibility ("default"))) - #else - #define NetSSL_API - #endif -#endif - - -// -// Automatically link NetSSL and OpenSSL libraries. -// -#if defined(_MSC_VER) - #if !defined(POCO_NO_AUTOMATIC_LIBS) - #if !defined(NetSSL_EXPORTS) - #pragma comment(lib, "PocoNetSSL" POCO_LIB_SUFFIX) - #endif - #endif // POCO_NO_AUTOMATIC_LIBS -#endif - - -namespace Poco { -namespace Net { - - -void NetSSL_API initializeSSL(); - /// Initialize the NetSSL library, as well as the underlying OpenSSL - /// libraries, by calling Poco::Crypto::OpenSSLInitializer::initialize(). - /// - /// Should be called before using any class from the NetSSL library. - /// The NetSSL will be initialized automatically, through - /// Poco::Crypto::OpenSSLInitializer instances or similar mechanisms - /// when creating Context or SSLManager instances. - /// However, it is recommended to call initializeSSL() - /// in any case at application startup. - /// - /// Can be called multiple times; however, for every call to - /// initializeSSL(), a matching call to uninitializeSSL() - /// must be performed. - - -void NetSSL_API uninitializeSSL(); - /// Uninitializes the NetSSL library by calling - /// Poco::Crypto::OpenSSLInitializer::uninitialize() and - /// shutting down the SSLManager. - - -} } // namespace Poco::Net - - -#endif // NetSSL_NetSSL_INCLUDED +// +// NetSSL.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: OpenSSL +// +// Basic definitions for the Poco OpenSSL library. +// This file must be the first file included by every other OpenSSL +// header file. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_NetSSL_INCLUDED +#define NetSSL_NetSSL_INCLUDED + + +#include "Poco/Net/Net.h" +#include "Poco/Crypto/Crypto.h" + + +// +// The following block is the standard way of creating macros which make exporting +// from a DLL simpler. All files within this DLL are compiled with the NetSSL_EXPORTS +// symbol defined on the command line. this symbol should not be defined on any project +// that uses this DLL. This way any other project whose source files include this file see +// NetSSL_API functions as being imported from a DLL, wheras this DLL sees symbols +// defined with this macro as being exported. +// +#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(POCO_DLL) + #if defined(NetSSL_EXPORTS) + #define NetSSL_API __declspec(dllexport) + #else + #define NetSSL_API __declspec(dllimport) + #endif +#endif + + +#if !defined(NetSSL_API) + #if !defined(POCO_NO_GCC_API_ATTRIBUTE) && defined (__GNUC__) && (__GNUC__ >= 4) + #define NetSSL_API __attribute__ ((visibility ("default"))) + #else + #define NetSSL_API + #endif +#endif + + +// +// Automatically link NetSSL and OpenSSL libraries. +// +#if defined(_MSC_VER) + #if !defined(POCO_NO_AUTOMATIC_LIBS) + #if !defined(NetSSL_EXPORTS) + #pragma comment(lib, "PocoNetSSL" POCO_LIB_SUFFIX) + #endif + #endif // POCO_NO_AUTOMATIC_LIBS +#endif + + +namespace Poco { +namespace Net { + + +void NetSSL_API initializeSSL(); + /// Initialize the NetSSL library, as well as the underlying OpenSSL + /// libraries, by calling Poco::Crypto::OpenSSLInitializer::initialize(). + /// + /// Should be called before using any class from the NetSSL library. + /// The NetSSL will be initialized automatically, through + /// Poco::Crypto::OpenSSLInitializer instances or similar mechanisms + /// when creating Context or SSLManager instances. + /// However, it is recommended to call initializeSSL() + /// in any case at application startup. + /// + /// Can be called multiple times; however, for every call to + /// initializeSSL(), a matching call to uninitializeSSL() + /// must be performed. + + +void NetSSL_API uninitializeSSL(); + /// Uninitializes the NetSSL library by calling + /// Poco::Crypto::OpenSSLInitializer::uninitialize() and + /// shutting down the SSLManager. + + +} } // namespace Poco::Net + + +#endif // NetSSL_NetSSL_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h index 9c0fa37faa..e2a5f0b54c 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h @@ -1,95 +1,95 @@ -// -// PrivateKeyFactory.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: PrivateKeyFactory -// -// Definition of the PrivateKeyFactory class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_PrivateKeyFactory_INCLUDED -#define NetSSL_PrivateKeyFactory_INCLUDED - - -#include "Poco/Net/NetSSL.h" - - -namespace Poco { -namespace Net { - - -class PrivateKeyPassphraseHandler; - - -class NetSSL_API PrivateKeyFactory - /// A PrivateKeyFactory is responsible for creating PrivateKeyPassphraseHandlers. - /// - /// You don't need to access this class directly. Use the macro - /// POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName) - /// instead (see the documentation of PrivateKeyPassphraseHandler for an example). -{ -public: - PrivateKeyFactory(); - /// Creates the PrivateKeyFactory. - - virtual ~PrivateKeyFactory(); - /// Destroys the PrivateKeyFactory. - - virtual PrivateKeyPassphraseHandler* create(bool onServer) const = 0; - /// Creates a new PrivateKeyPassphraseHandler -}; - - -class NetSSL_API PrivateKeyFactoryRegistrar - /// Registrar class which automatically registers PrivateKeyFactories at the PrivateKeyFactoryMgr. - /// - /// You don't need to access this class directly. Use the macro - /// POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName) - /// instead (see the documentation of PrivateKeyPassphraseHandler for an example). - -{ -public: - PrivateKeyFactoryRegistrar(const std::string& name, PrivateKeyFactory* pFactory); - /// Registers the PrivateKeyFactory with the given name at the factory manager. - - virtual ~PrivateKeyFactoryRegistrar(); - /// Destroys the PrivateKeyFactoryRegistrar. -}; - - -template<typename T> -class PrivateKeyFactoryImpl: public Poco::Net::PrivateKeyFactory -{ -public: - PrivateKeyFactoryImpl() - { - } - - ~PrivateKeyFactoryImpl() - { - } - - PrivateKeyPassphraseHandler* create(bool server) const - { - return new T(server); - } -}; - - -} } // namespace Poco::Net - - -// DEPRECATED: register the factory directly at the FactoryMgr: -// Poco::Net::SSLManager::instance().privateKeyFactoryMgr().setFactory(name, new Poco::Net::PrivateKeyFactoryImpl<MyKeyHandler>()); -#define POCO_REGISTER_KEYFACTORY(API, PKCLS) \ - static Poco::Net::PrivateKeyFactoryRegistrar aRegistrar(std::string(#PKCLS), new Poco::Net::PrivateKeyFactoryImpl<PKCLS>()); - - -#endif // NetSSL_PrivateKeyFactory_INCLUDED +// +// PrivateKeyFactory.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: PrivateKeyFactory +// +// Definition of the PrivateKeyFactory class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_PrivateKeyFactory_INCLUDED +#define NetSSL_PrivateKeyFactory_INCLUDED + + +#include "Poco/Net/NetSSL.h" + + +namespace Poco { +namespace Net { + + +class PrivateKeyPassphraseHandler; + + +class NetSSL_API PrivateKeyFactory + /// A PrivateKeyFactory is responsible for creating PrivateKeyPassphraseHandlers. + /// + /// You don't need to access this class directly. Use the macro + /// POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName) + /// instead (see the documentation of PrivateKeyPassphraseHandler for an example). +{ +public: + PrivateKeyFactory(); + /// Creates the PrivateKeyFactory. + + virtual ~PrivateKeyFactory(); + /// Destroys the PrivateKeyFactory. + + virtual PrivateKeyPassphraseHandler* create(bool onServer) const = 0; + /// Creates a new PrivateKeyPassphraseHandler +}; + + +class NetSSL_API PrivateKeyFactoryRegistrar + /// Registrar class which automatically registers PrivateKeyFactories at the PrivateKeyFactoryMgr. + /// + /// You don't need to access this class directly. Use the macro + /// POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName) + /// instead (see the documentation of PrivateKeyPassphraseHandler for an example). + +{ +public: + PrivateKeyFactoryRegistrar(const std::string& name, PrivateKeyFactory* pFactory); + /// Registers the PrivateKeyFactory with the given name at the factory manager. + + virtual ~PrivateKeyFactoryRegistrar(); + /// Destroys the PrivateKeyFactoryRegistrar. +}; + + +template<typename T> +class PrivateKeyFactoryImpl: public Poco::Net::PrivateKeyFactory +{ +public: + PrivateKeyFactoryImpl() + { + } + + ~PrivateKeyFactoryImpl() + { + } + + PrivateKeyPassphraseHandler* create(bool server) const + { + return new T(server); + } +}; + + +} } // namespace Poco::Net + + +// DEPRECATED: register the factory directly at the FactoryMgr: +// Poco::Net::SSLManager::instance().privateKeyFactoryMgr().setFactory(name, new Poco::Net::PrivateKeyFactoryImpl<MyKeyHandler>()); +#define POCO_REGISTER_KEYFACTORY(API, PKCLS) \ + static Poco::Net::PrivateKeyFactoryRegistrar aRegistrar(std::string(#PKCLS), new Poco::Net::PrivateKeyFactoryImpl<PKCLS>()); + + +#endif // NetSSL_PrivateKeyFactory_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h index b29b37f46a..b4e8305e45 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h @@ -1,64 +1,64 @@ -// -// PrivateKeyFactoryMgr.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: PrivateKeyFactoryMgr -// -// Definition of the PrivateKeyFactoryMgr class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_PrivateKeyFactoryMgr_INCLUDED -#define NetSSL_PrivateKeyFactoryMgr_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/PrivateKeyFactory.h" -#include "Poco/SharedPtr.h" -#include <map> - - -namespace Poco { -namespace Net { - - -class NetSSL_API PrivateKeyFactoryMgr - /// A PrivateKeyFactoryMgr manages all existing PrivateKeyFactories. -{ -public: - typedef std::map<std::string, Poco::SharedPtr<PrivateKeyFactory> > FactoriesMap; - - PrivateKeyFactoryMgr(); - /// Creates the PrivateKeyFactoryMgr. - - ~PrivateKeyFactoryMgr(); - /// Destroys the PrivateKeyFactoryMgr. - - void setFactory(const std::string& name, PrivateKeyFactory* pFactory); - /// Registers the factory. Class takes ownership of the pointer. - /// If a factory with the same name already exists, an exception is thrown. - - bool hasFactory(const std::string& name) const; - /// Returns true if for the given name a factory is already registered - - const PrivateKeyFactory* getFactory(const std::string& name) const; - /// Returns NULL if for the given name a factory does not exist, otherwise the factory is returned - - void removeFactory(const std::string& name); - /// Removes the factory from the manager. - -private: - FactoriesMap _factories; -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_PrivateKeyFactoryMgr_INCLUDED +// +// PrivateKeyFactoryMgr.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: PrivateKeyFactoryMgr +// +// Definition of the PrivateKeyFactoryMgr class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_PrivateKeyFactoryMgr_INCLUDED +#define NetSSL_PrivateKeyFactoryMgr_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/PrivateKeyFactory.h" +#include "Poco/SharedPtr.h" +#include <map> + + +namespace Poco { +namespace Net { + + +class NetSSL_API PrivateKeyFactoryMgr + /// A PrivateKeyFactoryMgr manages all existing PrivateKeyFactories. +{ +public: + typedef std::map<std::string, Poco::SharedPtr<PrivateKeyFactory> > FactoriesMap; + + PrivateKeyFactoryMgr(); + /// Creates the PrivateKeyFactoryMgr. + + ~PrivateKeyFactoryMgr(); + /// Destroys the PrivateKeyFactoryMgr. + + void setFactory(const std::string& name, PrivateKeyFactory* pFactory); + /// Registers the factory. Class takes ownership of the pointer. + /// If a factory with the same name already exists, an exception is thrown. + + bool hasFactory(const std::string& name) const; + /// Returns true if for the given name a factory is already registered + + const PrivateKeyFactory* getFactory(const std::string& name) const; + /// Returns NULL if for the given name a factory does not exist, otherwise the factory is returned + + void removeFactory(const std::string& name); + /// Removes the factory from the manager. + +private: + FactoriesMap _factories; +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_PrivateKeyFactoryMgr_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h index 726703f78f..1e1cf411f0 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h @@ -1,84 +1,84 @@ -// -// PrivateKeyPassphraseHandler.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: PrivateKeyPassphraseHandler -// -// Definition of the PrivateKeyPassphraseHandler class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_PrivateKeyPassphraseHandler_INCLUDED -#define NetSSL_PrivateKeyPassphraseHandler_INCLUDED - - -#include "Poco/Net/NetSSL.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API PrivateKeyPassphraseHandler - /// A passphrase handler is needed whenever the private key of a certificate is loaded and the certificate is protected - /// by a passphrase. The PrivateKeyPassphraseHandler's task is to provide that passphrase. - /// One can install one's own PrivateKeyPassphraseHandler by implementing this interface. Note that - /// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API - /// and the name of your handler class is MyGuiHandler): - /// - /// #include "Poco/Net/PrivateKeyFactory.h" - /// ... - /// POCO_REGISTER_KEYFACTORY(My_API, MyGuiHandler) - /// - /// One can either set the handler directly in the startup code of the main method of ones application by calling - /// - /// SSLManager::instance().initialize(myguiHandler, myInvalidCertificateHandler, mySSLContext) - /// - /// or in case one's application extends Poco::Util::Application one can use an XML configuration and put the following entry - /// under the path openSSL.privateKeyPassphraseHandler: - /// - /// <privateKeyPassphraseHandler> - /// <name>MyGuiHandler</name> - /// <options> - /// [...] // Put optional config params for the handler here - /// </options> - /// </privateKeyPassphraseHandler> - /// - /// Note that the name of the passphrase handler must be same as the one provided to the POCO_REGISTER_KEYFACTORY macro. -{ -public: - PrivateKeyPassphraseHandler(bool onServerSide); - /// Creates the PrivateKeyPassphraseHandler. Automatically registers at the SSLManager::PrivateKeyPassword event. - - virtual ~PrivateKeyPassphraseHandler(); - /// Destroys the PrivateKeyPassphraseHandler. - - virtual void onPrivateKeyRequested(const void* pSender, std::string& privateKey) = 0; - /// Returns the requested private key in the parameter privateKey. - - bool serverSide() const; - -private: - bool _serverSide; -}; - - -// -// inlines -// -inline bool PrivateKeyPassphraseHandler::serverSide() const -{ - return _serverSide; -} - - -} } // namespace Poco::Net - - -#endif // NetSSL_PrivateKeyPassphraseHandler_INCLUDED +// +// PrivateKeyPassphraseHandler.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: PrivateKeyPassphraseHandler +// +// Definition of the PrivateKeyPassphraseHandler class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_PrivateKeyPassphraseHandler_INCLUDED +#define NetSSL_PrivateKeyPassphraseHandler_INCLUDED + + +#include "Poco/Net/NetSSL.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API PrivateKeyPassphraseHandler + /// A passphrase handler is needed whenever the private key of a certificate is loaded and the certificate is protected + /// by a passphrase. The PrivateKeyPassphraseHandler's task is to provide that passphrase. + /// One can install one's own PrivateKeyPassphraseHandler by implementing this interface. Note that + /// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API + /// and the name of your handler class is MyGuiHandler): + /// + /// #include "Poco/Net/PrivateKeyFactory.h" + /// ... + /// POCO_REGISTER_KEYFACTORY(My_API, MyGuiHandler) + /// + /// One can either set the handler directly in the startup code of the main method of ones application by calling + /// + /// SSLManager::instance().initialize(myguiHandler, myInvalidCertificateHandler, mySSLContext) + /// + /// or in case one's application extends Poco::Util::Application one can use an XML configuration and put the following entry + /// under the path openSSL.privateKeyPassphraseHandler: + /// + /// <privateKeyPassphraseHandler> + /// <name>MyGuiHandler</name> + /// <options> + /// [...] // Put optional config params for the handler here + /// </options> + /// </privateKeyPassphraseHandler> + /// + /// Note that the name of the passphrase handler must be same as the one provided to the POCO_REGISTER_KEYFACTORY macro. +{ +public: + PrivateKeyPassphraseHandler(bool onServerSide); + /// Creates the PrivateKeyPassphraseHandler. Automatically registers at the SSLManager::PrivateKeyPassword event. + + virtual ~PrivateKeyPassphraseHandler(); + /// Destroys the PrivateKeyPassphraseHandler. + + virtual void onPrivateKeyRequested(const void* pSender, std::string& privateKey) = 0; + /// Returns the requested private key in the parameter privateKey. + + bool serverSide() const; + +private: + bool _serverSide; +}; + + +// +// inlines +// +inline bool PrivateKeyPassphraseHandler::serverSide() const +{ + return _serverSide; +} + + +} } // namespace Poco::Net + + +#endif // NetSSL_PrivateKeyPassphraseHandler_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h index b170ad50b5..9b18ab4f8f 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h @@ -1,48 +1,48 @@ -// -// RejectCertificateHandler.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: RejectCertificateHandler -// -// Definition of the RejectCertificateHandler class. -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_RejectCertificateHandler_INCLUDED -#define NetSSL_RejectCertificateHandler_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/InvalidCertificateHandler.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API RejectCertificateHandler: public InvalidCertificateHandler - /// A RejectCertificateHandler is invoked whenever an error - /// occurs verifying the certificate. It always rejects - /// the certificate. -{ -public: - RejectCertificateHandler(bool handleErrorsOnServerSide); - /// Creates the RejectCertificateHandler - - virtual ~RejectCertificateHandler(); - /// Destroys the RejectCertificateHandler. - - void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert); -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_RejectCertificateHandler_INCLUDED +// +// RejectCertificateHandler.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: RejectCertificateHandler +// +// Definition of the RejectCertificateHandler class. +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_RejectCertificateHandler_INCLUDED +#define NetSSL_RejectCertificateHandler_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/InvalidCertificateHandler.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API RejectCertificateHandler: public InvalidCertificateHandler + /// A RejectCertificateHandler is invoked whenever an error + /// occurs verifying the certificate. It always rejects + /// the certificate. +{ +public: + RejectCertificateHandler(bool handleErrorsOnServerSide); + /// Creates the RejectCertificateHandler + + virtual ~RejectCertificateHandler(); + /// Destroys the RejectCertificateHandler. + + void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert); +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_RejectCertificateHandler_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h index 7b8dfe79d3..aa9bd9dd0c 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h @@ -1,39 +1,39 @@ -// -// SSLException.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: SSLException -// -// Definition of the SSLException class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_SSLException_INCLUDED -#define NetSSL_SSLException_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/NetException.h" - - -namespace Poco { -namespace Net { - - -POCO_DECLARE_EXCEPTION(NetSSL_API, SSLException, NetException) -POCO_DECLARE_EXCEPTION(NetSSL_API, SSLContextException, SSLException) -POCO_DECLARE_EXCEPTION(NetSSL_API, InvalidCertificateException, SSLException) -POCO_DECLARE_EXCEPTION(NetSSL_API, CertificateValidationException, SSLException) -POCO_DECLARE_EXCEPTION(NetSSL_API, SSLConnectionUnexpectedlyClosedException, SSLException) - - -} } // namespace Poco::Net - - -#endif // NetSSL_SSLException_INCLUDED +// +// SSLException.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: SSLException +// +// Definition of the SSLException class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_SSLException_INCLUDED +#define NetSSL_SSLException_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/NetException.h" + + +namespace Poco { +namespace Net { + + +POCO_DECLARE_EXCEPTION(NetSSL_API, SSLException, NetException) +POCO_DECLARE_EXCEPTION(NetSSL_API, SSLContextException, SSLException) +POCO_DECLARE_EXCEPTION(NetSSL_API, InvalidCertificateException, SSLException) +POCO_DECLARE_EXCEPTION(NetSSL_API, CertificateValidationException, SSLException) +POCO_DECLARE_EXCEPTION(NetSSL_API, SSLConnectionUnexpectedlyClosedException, SSLException) + + +} } // namespace Poco::Net + + +#endif // NetSSL_SSLException_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h index 6d0f469295..cf5a61b321 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h @@ -1,390 +1,390 @@ -// -// SSLManager.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: SSLManager -// -// Definition of the SSLManager class. -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_SSLManager_INCLUDED -#define NetSSL_SSLManager_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/VerificationErrorArgs.h" -#include "Poco/Net/Context.h" -#include "Poco/Net/PrivateKeyFactoryMgr.h" -#include "Poco/Net/CertificateHandlerFactoryMgr.h" -#include "Poco/Net/InvalidCertificateHandler.h" -#include "Poco/Util/AbstractConfiguration.h" -#include "Poco/BasicEvent.h" -#include "Poco/SharedPtr.h" -#include "Poco/Mutex.h" -#include <openssl/ssl.h> -#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L -#include <openssl/fips.h> -#endif - - -namespace Poco { -namespace Net { - - -class Context; - - -class NetSSL_API SSLManager - /// SSLManager is a singleton for holding the default server/client - /// Context and handling callbacks for certificate verification errors - /// and private key passphrases. - /// - /// Proper initialization of SSLManager is critical. - /// - /// SSLManager can be initialized manually, by calling initializeServer() - /// and/or initializeClient(), or initialization can be automatic. In the latter - /// case, a Poco::Util::Application instance must be available and the required - /// configuration properties must be set (see below). - /// - /// Note that manual initialization must happen very early in the application, - /// before defaultClientContext() or defaultServerContext() are called. - /// - /// If defaultClientContext() and defaultServerContext() are never called - /// in an application, initialization of SSLManager can be omitted. - /// However, in this case, delegates for the ServerVerificationError, - /// ClientVerificationError and PrivateKeyPassphraseRequired events - /// must be registered. - /// - /// An exemplary documentation which sets either the server or client default context and creates - /// a PrivateKeyPassphraseHandler that reads the password from the XML file looks like this: - /// - /// <AppConfig> - /// <openSSL> - /// <server|client> - /// <privateKeyFile>mycert.key</privateKeyFile> - /// <certificateFile>mycert.crt</certificateFile> - /// <caConfig>rootcert.pem</caConfig> - /// <verificationMode>none|relaxed|strict|once</verificationMode> - /// <verificationDepth>1..9</verificationDepth> - /// <loadDefaultCAFile>true|false</loadDefaultCAFile> - /// <cipherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cipherList> - /// <preferServerCiphers>true|false</preferServerCiphers> - /// <privateKeyPassphraseHandler> - /// <name>KeyFileHandler</name> - /// <options> - /// <password>test</password> - /// </options> - /// </privateKeyPassphraseHandler> - /// <invalidCertificateHandler> - /// <name>ConsoleCertificateHandler</name> - /// </invalidCertificateHandler> - /// <cacheSessions>true|false</cacheSessions> - /// <sessionIdContext>someString</sessionIdContext> <!-- server only --> - /// <sessionCacheSize>0..n</sessionCacheSize> <!-- server only --> - /// <sessionTimeout>0..n</sessionTimeout> <!-- server only --> - /// <extendedVerification>true|false</extendedVerification> - /// <requireTLSv1>true|false</requireTLSv1> - /// <requireTLSv1_1>true|false</requireTLSv1_1> - /// <requireTLSv1_2>true|false</requireTLSv1_2> - /// <disableProtocols>sslv2,sslv3,tlsv1,tlsv1_1,tlsv1_2</disableProtocols> - /// <dhParamsFile>dh.pem</dhParamsFile> - /// <ecdhCurve>prime256v1</ecdhCurve> - /// </server|client> - /// <fips>false</fips> - /// </openSSL> - /// </AppConfig> - /// - /// Following is a list of supported configuration properties. Property names must always - /// be prefixed with openSSL.server or openSSL.client. Some properties are only supported - /// for servers. - /// - /// - privateKeyFile (string): The path to the file containing the private key for the certificate - /// in PEM format (or containing both the private key and the certificate). - /// - certificateFile (string): The Path to the file containing the server's or client's certificate - /// in PEM format. Can be omitted if the the file given in privateKeyFile contains the certificate as well. - /// - caConfig (string): The path to the file or directory containing the trusted root certificates. - /// - verificationMode (string): Specifies whether and how peer certificates are validated (see - /// the Context class for details). Valid values are none, relaxed, strict, once. - /// - verificationDepth (integer, 1-9): Sets the upper limit for verification chain sizes. Verification - /// will fail if a certificate chain larger than this is encountered. - /// - loadDefaultCAFile (boolean): Specifies whether the builtin CA certificates from OpenSSL are used. - /// - cipherList (string): Specifies the supported ciphers in OpenSSL notation - /// (e.g. "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"). - /// - preferServerCiphers (bool): When choosing a cipher, use the server's preferences instead of the - /// client preferences. When not called, the SSL server will always follow the clients - /// preferences. When called, the SSL/TLS server will choose following its own - /// preferences. - /// - privateKeyPassphraseHandler.name (string): The name of the class (subclass of PrivateKeyPassphraseHandler) - /// used for obtaining the passphrase for accessing the private key. - /// - privateKeyPassphraseHandler.options.password (string): The password to be used by KeyFileHandler. - /// - invalidCertificateHandler.name: The name of the class (subclass of CertificateHandler) - /// used for confirming invalid certificates. - /// - cacheSessions (boolean): Enables or disables session caching. - /// - sessionIdContext (string): contains the application's unique session ID context, which becomes - /// part of each session identifier generated by the server. Can be an arbitrary sequence - /// of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH. Should be specified - /// for a server to enable session caching. Should be specified even if session caching - /// is disabled to avoid problems with clients that request session caching (e.g. Firefox 3.6). - /// If not specified, defaults to ${application.name}. - /// - sessionCacheSize (integer): Sets the maximum size of the server session cache, in number of - /// sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too - /// large for many applications, especially on embedded platforms with limited memory. - /// Specifying a size of 0 will set an unlimited cache size. - /// - sessionTimeout (integer): Sets the timeout (in seconds) of cached sessions on the server. - /// - extendedVerification (boolean): Enable or disable the automatic post-connection - /// extended certificate verification. - /// - requireTLSv1 (boolean): Require a TLSv1 connection. - /// - requireTLSv1_1 (boolean): Require a TLSv1.1 connection. - /// - requireTLSv1_2 (boolean): Require a TLSv1.2 connection. - /// - disableProtocols (string): A comma-separated list of protocols that should be - /// disabled. Valid protocol names are sslv2, sslv3, tlsv1, tlsv1_1, tlsv1_2. - /// - dhParamsFile (string): Specifies a file containing Diffie-Hellman parameters. - /// If not specified or empty, the default parameters are used. - /// - ecdhCurve (string): Specifies the name of the curve to use for ECDH, based - /// on the curve names specified in RFC 4492. Defaults to "prime256v1". - /// - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version - /// that this library is built against supports FIPS mode. -{ -public: - typedef Poco::SharedPtr<PrivateKeyPassphraseHandler> PrivateKeyPassphraseHandlerPtr; - typedef Poco::SharedPtr<InvalidCertificateHandler> InvalidCertificateHandlerPtr; - - Poco::BasicEvent<VerificationErrorArgs> ServerVerificationError; - /// Fired whenever a certificate verification error is detected by the server during a handshake. - - Poco::BasicEvent<VerificationErrorArgs> ClientVerificationError; - /// Fired whenever a certificate verification error is detected by the client during a handshake. - - Poco::BasicEvent<std::string> PrivateKeyPassphraseRequired; - /// Fired when a encrypted certificate is loaded. Not setting the password - /// in the event parameter will result in a failure to load the certificate. - - static SSLManager& instance(); - /// Returns the instance of the SSLManager singleton. - - void initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrCertificateHandler, Context::Ptr ptrContext); - /// Initializes the server side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method - /// is never called the SSLmanager will try to initialize its members from an application configuration. - /// - /// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates - /// must be registered with the ServerVerificationError and PrivateKeyPassphraseRequired events. - /// - /// Note: Always create the handlers (or register the corresponding event delegates) before creating - /// the Context, as during creation of the Context the passphrase for the private key might be needed. - /// - /// Valid initialization code would be: - /// SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler; - /// SharedPtr<InvalidCertificateHandler> pInvalidCertHandler = new ConsoleCertificateHandler; - /// Context::Ptr pContext = new Context(Context::SERVER_USE, "any.pem", "any.pem", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - /// SSLManager::instance().initializeServer(pConsoleHandler, pInvalidCertHandler, pContext); - - void initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext); - /// Initializes the client side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method - /// is never called the SSLmanager will try to initialize its members from an application configuration. - /// - /// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates - /// must be registered with the ClientVerificationError and PrivateKeyPassphraseRequired events. - /// - /// Note: Always create the handlers (or register the corresponding event delegates) before creating - /// the Context, as during creation of the Context the passphrase for the private key might be needed. - /// - /// Valid initialization code would be: - /// SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler; - /// SharedPtr<InvalidCertificateHandler> pInvalidCertHandler = new ConsoleCertificateHandler; - /// Context::Ptr pContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - /// SSLManager::instance().initializeClient(pConsoleHandler, pInvalidCertHandler, pContext); - - Context::Ptr defaultServerContext(); - /// Returns the default Context used by the server. - /// - /// Unless initializeServer() has been called, the first call to this method initializes the default Context - /// from the application configuration. - - Context::Ptr defaultClientContext(); - /// Returns the default Context used by the client. - /// - /// Unless initializeClient() has been called, the first call to this method initializes the default Context - /// from the application configuration. - - PrivateKeyPassphraseHandlerPtr serverPassphraseHandler(); - /// Returns the configured passphrase handler of the server. If none is set, the method will create a default one - /// from an application configuration. - - InvalidCertificateHandlerPtr serverCertificateHandler(); - /// Returns an initialized certificate handler (used by the server to verify client cert) which determines how invalid certificates are treated. - /// If none is set, it will try to auto-initialize one from an application configuration. - - PrivateKeyPassphraseHandlerPtr clientPassphraseHandler(); - /// Returns the configured passphrase handler of the client. If none is set, the method will create a default one - /// from an application configuration. - - InvalidCertificateHandlerPtr clientCertificateHandler(); - /// Returns an initialized certificate handler (used by the client to verify server cert) which determines how invalid certificates are treated. - /// If none is set, it will try to auto-initialize one from an application configuration. - - PrivateKeyFactoryMgr& privateKeyFactoryMgr(); - /// Returns the private key factory manager which stores the - /// factories for the different registered passphrase handlers for private keys. - - CertificateHandlerFactoryMgr& certificateHandlerFactoryMgr(); - /// Returns the CertificateHandlerFactoryMgr which stores the - /// factories for the different registered certificate handlers. - - static bool isFIPSEnabled(); - // Returns true if FIPS mode is enabled, false otherwise. - - void shutdown(); - /// Shuts down the SSLManager and releases the default Context - /// objects. After a call to shutdown(), the SSLManager can no - /// longer be used. - /// - /// Normally, it's not necessary to call this method directly, as this - /// will be called either by uninitializeSSL(), or when - /// the SSLManager instance is destroyed. - - static const std::string CFG_SERVER_PREFIX; - static const std::string CFG_CLIENT_PREFIX; - -protected: - static int verifyClientCallback(int ok, X509_STORE_CTX* pStore); - /// The return value of this method defines how errors in - /// verification are handled. Return 0 to terminate the handshake, - /// or 1 to continue despite the error. - - static int verifyServerCallback(int ok, X509_STORE_CTX* pStore); - /// The return value of this method defines how errors in - /// verification are handled. Return 0 to terminate the handshake, - /// or 1 to continue despite the error. - - static int privateKeyPassphraseCallback(char* pBuf, int size, int flag, void* userData); - /// Method is invoked by OpenSSL to retrieve a passwd for an encrypted certificate. - /// The request is delegated to the PrivatekeyPassword event. This method returns the - /// length of the password. - - static Poco::Util::AbstractConfiguration& appConfig(); - /// Returns the application configuration. - /// - /// Throws a InvalidStateException if not application instance - /// is available. - -private: - SSLManager(); - /// Creates the SSLManager. - - ~SSLManager(); - /// Destroys the SSLManager. - - void initDefaultContext(bool server); - /// Inits the default context, the first time it is accessed. - - void initEvents(bool server); - /// Registers delegates at the events according to the configuration. - - void initPassphraseHandler(bool server); - /// Inits the passphrase handler. - - void initCertificateHandler(bool server); - /// Inits the certificate handler. - - static int verifyCallback(bool server, int ok, X509_STORE_CTX* pStore); - /// The return value of this method defines how errors in - /// verification are handled. Return 0 to terminate the handshake, - /// or 1 to continue despite the error. - - PrivateKeyFactoryMgr _factoryMgr; - CertificateHandlerFactoryMgr _certHandlerFactoryMgr; - Context::Ptr _ptrDefaultServerContext; - PrivateKeyPassphraseHandlerPtr _ptrServerPassphraseHandler; - InvalidCertificateHandlerPtr _ptrServerCertificateHandler; - Context::Ptr _ptrDefaultClientContext; - PrivateKeyPassphraseHandlerPtr _ptrClientPassphraseHandler; - InvalidCertificateHandlerPtr _ptrClientCertificateHandler; - Poco::FastMutex _mutex; - - static const std::string CFG_PRIV_KEY_FILE; - static const std::string CFG_CERTIFICATE_FILE; - static const std::string CFG_CA_LOCATION; - static const std::string CFG_VER_MODE; - static const Context::VerificationMode VAL_VER_MODE; - static const std::string CFG_VER_DEPTH; - static const int VAL_VER_DEPTH; - static const std::string CFG_ENABLE_DEFAULT_CA; - static const bool VAL_ENABLE_DEFAULT_CA; - static const std::string CFG_CIPHER_LIST; - static const std::string CFG_CYPHER_LIST; // for backwards compatibility - static const std::string VAL_CIPHER_LIST; - static const std::string CFG_PREFER_SERVER_CIPHERS; - static const std::string CFG_DELEGATE_HANDLER; - static const std::string VAL_DELEGATE_HANDLER; - static const std::string CFG_CERTIFICATE_HANDLER; - static const std::string VAL_CERTIFICATE_HANDLER; - static const std::string CFG_CACHE_SESSIONS; - static const std::string CFG_SESSION_ID_CONTEXT; - static const std::string CFG_SESSION_CACHE_SIZE; - static const std::string CFG_SESSION_TIMEOUT; - static const std::string CFG_EXTENDED_VERIFICATION; - static const std::string CFG_REQUIRE_TLSV1; - static const std::string CFG_REQUIRE_TLSV1_1; - static const std::string CFG_REQUIRE_TLSV1_2; - static const std::string CFG_DISABLE_PROTOCOLS; - static const std::string CFG_DH_PARAMS_FILE; - static const std::string CFG_ECDH_CURVE; - -#ifdef OPENSSL_FIPS - static const std::string CFG_FIPS_MODE; - static const bool VAL_FIPS_MODE; -#endif - - friend class Poco::SingletonHolder<SSLManager>; - friend class Context; -}; - - -// -// inlines -// -inline PrivateKeyFactoryMgr& SSLManager::privateKeyFactoryMgr() -{ - return _factoryMgr; -} - - -inline CertificateHandlerFactoryMgr& SSLManager::certificateHandlerFactoryMgr() -{ - return _certHandlerFactoryMgr; -} - - -inline bool SSLManager::isFIPSEnabled() -{ -#ifdef OPENSSL_FIPS - return FIPS_mode() ? true : false; -#else - return false; -#endif -} - - -inline int SSLManager::verifyServerCallback(int ok, X509_STORE_CTX* pStore) -{ - return SSLManager::verifyCallback(true, ok, pStore); -} - - -inline int SSLManager::verifyClientCallback(int ok, X509_STORE_CTX* pStore) -{ - return SSLManager::verifyCallback(false, ok, pStore); -} - - -} } // namespace Poco::Net - - -#endif // NetSSL_SSLManager_INCLUDED +// +// SSLManager.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: SSLManager +// +// Definition of the SSLManager class. +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_SSLManager_INCLUDED +#define NetSSL_SSLManager_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/VerificationErrorArgs.h" +#include "Poco/Net/Context.h" +#include "Poco/Net/PrivateKeyFactoryMgr.h" +#include "Poco/Net/CertificateHandlerFactoryMgr.h" +#include "Poco/Net/InvalidCertificateHandler.h" +#include "Poco/Util/AbstractConfiguration.h" +#include "Poco/BasicEvent.h" +#include "Poco/SharedPtr.h" +#include "Poco/Mutex.h" +#include <openssl/ssl.h> +#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L +#include <openssl/fips.h> +#endif + + +namespace Poco { +namespace Net { + + +class Context; + + +class NetSSL_API SSLManager + /// SSLManager is a singleton for holding the default server/client + /// Context and handling callbacks for certificate verification errors + /// and private key passphrases. + /// + /// Proper initialization of SSLManager is critical. + /// + /// SSLManager can be initialized manually, by calling initializeServer() + /// and/or initializeClient(), or initialization can be automatic. In the latter + /// case, a Poco::Util::Application instance must be available and the required + /// configuration properties must be set (see below). + /// + /// Note that manual initialization must happen very early in the application, + /// before defaultClientContext() or defaultServerContext() are called. + /// + /// If defaultClientContext() and defaultServerContext() are never called + /// in an application, initialization of SSLManager can be omitted. + /// However, in this case, delegates for the ServerVerificationError, + /// ClientVerificationError and PrivateKeyPassphraseRequired events + /// must be registered. + /// + /// An exemplary documentation which sets either the server or client default context and creates + /// a PrivateKeyPassphraseHandler that reads the password from the XML file looks like this: + /// + /// <AppConfig> + /// <openSSL> + /// <server|client> + /// <privateKeyFile>mycert.key</privateKeyFile> + /// <certificateFile>mycert.crt</certificateFile> + /// <caConfig>rootcert.pem</caConfig> + /// <verificationMode>none|relaxed|strict|once</verificationMode> + /// <verificationDepth>1..9</verificationDepth> + /// <loadDefaultCAFile>true|false</loadDefaultCAFile> + /// <cipherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cipherList> + /// <preferServerCiphers>true|false</preferServerCiphers> + /// <privateKeyPassphraseHandler> + /// <name>KeyFileHandler</name> + /// <options> + /// <password>test</password> + /// </options> + /// </privateKeyPassphraseHandler> + /// <invalidCertificateHandler> + /// <name>ConsoleCertificateHandler</name> + /// </invalidCertificateHandler> + /// <cacheSessions>true|false</cacheSessions> + /// <sessionIdContext>someString</sessionIdContext> <!-- server only --> + /// <sessionCacheSize>0..n</sessionCacheSize> <!-- server only --> + /// <sessionTimeout>0..n</sessionTimeout> <!-- server only --> + /// <extendedVerification>true|false</extendedVerification> + /// <requireTLSv1>true|false</requireTLSv1> + /// <requireTLSv1_1>true|false</requireTLSv1_1> + /// <requireTLSv1_2>true|false</requireTLSv1_2> + /// <disableProtocols>sslv2,sslv3,tlsv1,tlsv1_1,tlsv1_2</disableProtocols> + /// <dhParamsFile>dh.pem</dhParamsFile> + /// <ecdhCurve>prime256v1</ecdhCurve> + /// </server|client> + /// <fips>false</fips> + /// </openSSL> + /// </AppConfig> + /// + /// Following is a list of supported configuration properties. Property names must always + /// be prefixed with openSSL.server or openSSL.client. Some properties are only supported + /// for servers. + /// + /// - privateKeyFile (string): The path to the file containing the private key for the certificate + /// in PEM format (or containing both the private key and the certificate). + /// - certificateFile (string): The Path to the file containing the server's or client's certificate + /// in PEM format. Can be omitted if the the file given in privateKeyFile contains the certificate as well. + /// - caConfig (string): The path to the file or directory containing the trusted root certificates. + /// - verificationMode (string): Specifies whether and how peer certificates are validated (see + /// the Context class for details). Valid values are none, relaxed, strict, once. + /// - verificationDepth (integer, 1-9): Sets the upper limit for verification chain sizes. Verification + /// will fail if a certificate chain larger than this is encountered. + /// - loadDefaultCAFile (boolean): Specifies whether the builtin CA certificates from OpenSSL are used. + /// - cipherList (string): Specifies the supported ciphers in OpenSSL notation + /// (e.g. "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"). + /// - preferServerCiphers (bool): When choosing a cipher, use the server's preferences instead of the + /// client preferences. When not called, the SSL server will always follow the clients + /// preferences. When called, the SSL/TLS server will choose following its own + /// preferences. + /// - privateKeyPassphraseHandler.name (string): The name of the class (subclass of PrivateKeyPassphraseHandler) + /// used for obtaining the passphrase for accessing the private key. + /// - privateKeyPassphraseHandler.options.password (string): The password to be used by KeyFileHandler. + /// - invalidCertificateHandler.name: The name of the class (subclass of CertificateHandler) + /// used for confirming invalid certificates. + /// - cacheSessions (boolean): Enables or disables session caching. + /// - sessionIdContext (string): contains the application's unique session ID context, which becomes + /// part of each session identifier generated by the server. Can be an arbitrary sequence + /// of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH. Should be specified + /// for a server to enable session caching. Should be specified even if session caching + /// is disabled to avoid problems with clients that request session caching (e.g. Firefox 3.6). + /// If not specified, defaults to ${application.name}. + /// - sessionCacheSize (integer): Sets the maximum size of the server session cache, in number of + /// sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too + /// large for many applications, especially on embedded platforms with limited memory. + /// Specifying a size of 0 will set an unlimited cache size. + /// - sessionTimeout (integer): Sets the timeout (in seconds) of cached sessions on the server. + /// - extendedVerification (boolean): Enable or disable the automatic post-connection + /// extended certificate verification. + /// - requireTLSv1 (boolean): Require a TLSv1 connection. + /// - requireTLSv1_1 (boolean): Require a TLSv1.1 connection. + /// - requireTLSv1_2 (boolean): Require a TLSv1.2 connection. + /// - disableProtocols (string): A comma-separated list of protocols that should be + /// disabled. Valid protocol names are sslv2, sslv3, tlsv1, tlsv1_1, tlsv1_2. + /// - dhParamsFile (string): Specifies a file containing Diffie-Hellman parameters. + /// If not specified or empty, the default parameters are used. + /// - ecdhCurve (string): Specifies the name of the curve to use for ECDH, based + /// on the curve names specified in RFC 4492. Defaults to "prime256v1". + /// - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version + /// that this library is built against supports FIPS mode. +{ +public: + typedef Poco::SharedPtr<PrivateKeyPassphraseHandler> PrivateKeyPassphraseHandlerPtr; + typedef Poco::SharedPtr<InvalidCertificateHandler> InvalidCertificateHandlerPtr; + + Poco::BasicEvent<VerificationErrorArgs> ServerVerificationError; + /// Fired whenever a certificate verification error is detected by the server during a handshake. + + Poco::BasicEvent<VerificationErrorArgs> ClientVerificationError; + /// Fired whenever a certificate verification error is detected by the client during a handshake. + + Poco::BasicEvent<std::string> PrivateKeyPassphraseRequired; + /// Fired when a encrypted certificate is loaded. Not setting the password + /// in the event parameter will result in a failure to load the certificate. + + static SSLManager& instance(); + /// Returns the instance of the SSLManager singleton. + + void initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrCertificateHandler, Context::Ptr ptrContext); + /// Initializes the server side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method + /// is never called the SSLmanager will try to initialize its members from an application configuration. + /// + /// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates + /// must be registered with the ServerVerificationError and PrivateKeyPassphraseRequired events. + /// + /// Note: Always create the handlers (or register the corresponding event delegates) before creating + /// the Context, as during creation of the Context the passphrase for the private key might be needed. + /// + /// Valid initialization code would be: + /// SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler; + /// SharedPtr<InvalidCertificateHandler> pInvalidCertHandler = new ConsoleCertificateHandler; + /// Context::Ptr pContext = new Context(Context::SERVER_USE, "any.pem", "any.pem", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); + /// SSLManager::instance().initializeServer(pConsoleHandler, pInvalidCertHandler, pContext); + + void initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext); + /// Initializes the client side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method + /// is never called the SSLmanager will try to initialize its members from an application configuration. + /// + /// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates + /// must be registered with the ClientVerificationError and PrivateKeyPassphraseRequired events. + /// + /// Note: Always create the handlers (or register the corresponding event delegates) before creating + /// the Context, as during creation of the Context the passphrase for the private key might be needed. + /// + /// Valid initialization code would be: + /// SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler; + /// SharedPtr<InvalidCertificateHandler> pInvalidCertHandler = new ConsoleCertificateHandler; + /// Context::Ptr pContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); + /// SSLManager::instance().initializeClient(pConsoleHandler, pInvalidCertHandler, pContext); + + Context::Ptr defaultServerContext(); + /// Returns the default Context used by the server. + /// + /// Unless initializeServer() has been called, the first call to this method initializes the default Context + /// from the application configuration. + + Context::Ptr defaultClientContext(); + /// Returns the default Context used by the client. + /// + /// Unless initializeClient() has been called, the first call to this method initializes the default Context + /// from the application configuration. + + PrivateKeyPassphraseHandlerPtr serverPassphraseHandler(); + /// Returns the configured passphrase handler of the server. If none is set, the method will create a default one + /// from an application configuration. + + InvalidCertificateHandlerPtr serverCertificateHandler(); + /// Returns an initialized certificate handler (used by the server to verify client cert) which determines how invalid certificates are treated. + /// If none is set, it will try to auto-initialize one from an application configuration. + + PrivateKeyPassphraseHandlerPtr clientPassphraseHandler(); + /// Returns the configured passphrase handler of the client. If none is set, the method will create a default one + /// from an application configuration. + + InvalidCertificateHandlerPtr clientCertificateHandler(); + /// Returns an initialized certificate handler (used by the client to verify server cert) which determines how invalid certificates are treated. + /// If none is set, it will try to auto-initialize one from an application configuration. + + PrivateKeyFactoryMgr& privateKeyFactoryMgr(); + /// Returns the private key factory manager which stores the + /// factories for the different registered passphrase handlers for private keys. + + CertificateHandlerFactoryMgr& certificateHandlerFactoryMgr(); + /// Returns the CertificateHandlerFactoryMgr which stores the + /// factories for the different registered certificate handlers. + + static bool isFIPSEnabled(); + // Returns true if FIPS mode is enabled, false otherwise. + + void shutdown(); + /// Shuts down the SSLManager and releases the default Context + /// objects. After a call to shutdown(), the SSLManager can no + /// longer be used. + /// + /// Normally, it's not necessary to call this method directly, as this + /// will be called either by uninitializeSSL(), or when + /// the SSLManager instance is destroyed. + + static const std::string CFG_SERVER_PREFIX; + static const std::string CFG_CLIENT_PREFIX; + +protected: + static int verifyClientCallback(int ok, X509_STORE_CTX* pStore); + /// The return value of this method defines how errors in + /// verification are handled. Return 0 to terminate the handshake, + /// or 1 to continue despite the error. + + static int verifyServerCallback(int ok, X509_STORE_CTX* pStore); + /// The return value of this method defines how errors in + /// verification are handled. Return 0 to terminate the handshake, + /// or 1 to continue despite the error. + + static int privateKeyPassphraseCallback(char* pBuf, int size, int flag, void* userData); + /// Method is invoked by OpenSSL to retrieve a passwd for an encrypted certificate. + /// The request is delegated to the PrivatekeyPassword event. This method returns the + /// length of the password. + + static Poco::Util::AbstractConfiguration& appConfig(); + /// Returns the application configuration. + /// + /// Throws a InvalidStateException if not application instance + /// is available. + +private: + SSLManager(); + /// Creates the SSLManager. + + ~SSLManager(); + /// Destroys the SSLManager. + + void initDefaultContext(bool server); + /// Inits the default context, the first time it is accessed. + + void initEvents(bool server); + /// Registers delegates at the events according to the configuration. + + void initPassphraseHandler(bool server); + /// Inits the passphrase handler. + + void initCertificateHandler(bool server); + /// Inits the certificate handler. + + static int verifyCallback(bool server, int ok, X509_STORE_CTX* pStore); + /// The return value of this method defines how errors in + /// verification are handled. Return 0 to terminate the handshake, + /// or 1 to continue despite the error. + + PrivateKeyFactoryMgr _factoryMgr; + CertificateHandlerFactoryMgr _certHandlerFactoryMgr; + Context::Ptr _ptrDefaultServerContext; + PrivateKeyPassphraseHandlerPtr _ptrServerPassphraseHandler; + InvalidCertificateHandlerPtr _ptrServerCertificateHandler; + Context::Ptr _ptrDefaultClientContext; + PrivateKeyPassphraseHandlerPtr _ptrClientPassphraseHandler; + InvalidCertificateHandlerPtr _ptrClientCertificateHandler; + Poco::FastMutex _mutex; + + static const std::string CFG_PRIV_KEY_FILE; + static const std::string CFG_CERTIFICATE_FILE; + static const std::string CFG_CA_LOCATION; + static const std::string CFG_VER_MODE; + static const Context::VerificationMode VAL_VER_MODE; + static const std::string CFG_VER_DEPTH; + static const int VAL_VER_DEPTH; + static const std::string CFG_ENABLE_DEFAULT_CA; + static const bool VAL_ENABLE_DEFAULT_CA; + static const std::string CFG_CIPHER_LIST; + static const std::string CFG_CYPHER_LIST; // for backwards compatibility + static const std::string VAL_CIPHER_LIST; + static const std::string CFG_PREFER_SERVER_CIPHERS; + static const std::string CFG_DELEGATE_HANDLER; + static const std::string VAL_DELEGATE_HANDLER; + static const std::string CFG_CERTIFICATE_HANDLER; + static const std::string VAL_CERTIFICATE_HANDLER; + static const std::string CFG_CACHE_SESSIONS; + static const std::string CFG_SESSION_ID_CONTEXT; + static const std::string CFG_SESSION_CACHE_SIZE; + static const std::string CFG_SESSION_TIMEOUT; + static const std::string CFG_EXTENDED_VERIFICATION; + static const std::string CFG_REQUIRE_TLSV1; + static const std::string CFG_REQUIRE_TLSV1_1; + static const std::string CFG_REQUIRE_TLSV1_2; + static const std::string CFG_DISABLE_PROTOCOLS; + static const std::string CFG_DH_PARAMS_FILE; + static const std::string CFG_ECDH_CURVE; + +#ifdef OPENSSL_FIPS + static const std::string CFG_FIPS_MODE; + static const bool VAL_FIPS_MODE; +#endif + + friend class Poco::SingletonHolder<SSLManager>; + friend class Context; +}; + + +// +// inlines +// +inline PrivateKeyFactoryMgr& SSLManager::privateKeyFactoryMgr() +{ + return _factoryMgr; +} + + +inline CertificateHandlerFactoryMgr& SSLManager::certificateHandlerFactoryMgr() +{ + return _certHandlerFactoryMgr; +} + + +inline bool SSLManager::isFIPSEnabled() +{ +#ifdef OPENSSL_FIPS + return FIPS_mode() ? true : false; +#else + return false; +#endif +} + + +inline int SSLManager::verifyServerCallback(int ok, X509_STORE_CTX* pStore) +{ + return SSLManager::verifyCallback(true, ok, pStore); +} + + +inline int SSLManager::verifyClientCallback(int ok, X509_STORE_CTX* pStore) +{ + return SSLManager::verifyCallback(false, ok, pStore); +} + + +} } // namespace Poco::Net + + +#endif // NetSSL_SSLManager_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h index 146be2aeb5..71518046f2 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h @@ -1,96 +1,96 @@ -// -// SecureSMTPClientSession.h -// -// Library: NetSSL_OpenSSL -// Package: Mail -// Module: SecureSMTPClientSession -// -// Definition of the SecureSMTPClientSession class. -// -// Copyright (c) 2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef Net_SecureSMTPClientSession_INCLUDED -#define Net_SecureSMTPClientSession_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/SMTPClientSession.h" -#include "Poco/Net/Context.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API SecureSMTPClientSession: public SMTPClientSession - /// This class implements an Simple Mail - /// Transfer Protocol (SMTP, RFC 2821) - /// client for sending e-mail messages that - /// supports the STARTTLS command for secure - /// connections. - /// - /// Usage is as follows: - /// 1. Create a SecureSMTPClientSession object. - /// 2. Call login() or login(hostname). - /// 3. Call startTLS() to switch to a secure connection. - /// Check the return value to see if a secure connection - /// has actually been established (not all servers may - /// support STARTTLS). - /// 4. Call any of the login() methods to securely authenticate - /// with a username and password. - /// 5. Send the message(s). -{ -public: - explicit SecureSMTPClientSession(const StreamSocket& socket); - /// Creates the SecureSMTPClientSession using - /// the given socket, which must be connected - /// to a SMTP server. - - SecureSMTPClientSession(const std::string& host, Poco::UInt16 port = SMTP_PORT); - /// Creates the SecureSMTPClientSession using a socket connected - /// to the given host and port. - - virtual ~SecureSMTPClientSession(); - /// Destroys the SMTPClientSession. - - bool startTLS(); - /// Sends a STARTTLS command and, if successful, - /// creates a secure SSL/TLS connection over the - /// existing socket connection. - /// - /// Must be called after login() or login(hostname). - /// If successful, login() can be called again - /// to authenticate the user. - /// - /// Returns true if the STARTTLS command was successful, - /// false otherwise. - - bool startTLS(Context::Ptr pContext); - /// Sends a STARTTLS command and, if successful, - /// creates a secure SSL/TLS connection over the - /// existing socket connection. - /// - /// Uses the given Context object for creating - /// the SSL/TLS connection. - /// - /// Must be called after login() or login(hostname). - /// If successful, login() can be called again - /// to authenticate the user. - /// - /// Returns true if the STARTTLS command was successful, - /// false otherwise. - -private: - std::string _host; -}; - - -} } // namespace Poco::Net - - -#endif // Net_SecureSMTPClientSession_INCLUDED +// +// SecureSMTPClientSession.h +// +// Library: NetSSL_OpenSSL +// Package: Mail +// Module: SecureSMTPClientSession +// +// Definition of the SecureSMTPClientSession class. +// +// Copyright (c) 2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef Net_SecureSMTPClientSession_INCLUDED +#define Net_SecureSMTPClientSession_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/SMTPClientSession.h" +#include "Poco/Net/Context.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API SecureSMTPClientSession: public SMTPClientSession + /// This class implements an Simple Mail + /// Transfer Protocol (SMTP, RFC 2821) + /// client for sending e-mail messages that + /// supports the STARTTLS command for secure + /// connections. + /// + /// Usage is as follows: + /// 1. Create a SecureSMTPClientSession object. + /// 2. Call login() or login(hostname). + /// 3. Call startTLS() to switch to a secure connection. + /// Check the return value to see if a secure connection + /// has actually been established (not all servers may + /// support STARTTLS). + /// 4. Call any of the login() methods to securely authenticate + /// with a username and password. + /// 5. Send the message(s). +{ +public: + explicit SecureSMTPClientSession(const StreamSocket& socket); + /// Creates the SecureSMTPClientSession using + /// the given socket, which must be connected + /// to a SMTP server. + + SecureSMTPClientSession(const std::string& host, Poco::UInt16 port = SMTP_PORT); + /// Creates the SecureSMTPClientSession using a socket connected + /// to the given host and port. + + virtual ~SecureSMTPClientSession(); + /// Destroys the SMTPClientSession. + + bool startTLS(); + /// Sends a STARTTLS command and, if successful, + /// creates a secure SSL/TLS connection over the + /// existing socket connection. + /// + /// Must be called after login() or login(hostname). + /// If successful, login() can be called again + /// to authenticate the user. + /// + /// Returns true if the STARTTLS command was successful, + /// false otherwise. + + bool startTLS(Context::Ptr pContext); + /// Sends a STARTTLS command and, if successful, + /// creates a secure SSL/TLS connection over the + /// existing socket connection. + /// + /// Uses the given Context object for creating + /// the SSL/TLS connection. + /// + /// Must be called after login() or login(hostname). + /// If successful, login() can be called again + /// to authenticate the user. + /// + /// Returns true if the STARTTLS command was successful, + /// false otherwise. + +private: + std::string _host; +}; + + +} } // namespace Poco::Net + + +#endif // Net_SecureSMTPClientSession_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h index 2b89c45cb9..d6bc23e496 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h @@ -1,136 +1,136 @@ -// -// SecureServerSocket.h -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureServerSocket -// -// Definition of the SecureServerSocket class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_SecureServerSocket_INCLUDED -#define NetSSL_SecureServerSocket_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/ServerSocket.h" -#include "Poco/Net/Context.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API SecureServerSocket: public ServerSocket - /// A server socket for secure SSL connections. -{ -public: - SecureServerSocket(); - /// Creates a SSL server socket using the - /// default SSL server context. - /// - /// The server socket must be bound to - /// an address and put into listening state. - - explicit SecureServerSocket(Context::Ptr pContext); - /// Creates a SSL server socket, using the - /// given SSL context object. - /// - /// The server socket must be bound to - /// an address and put into listening state. - - SecureServerSocket(const Socket& socket); - /// Creates the SecureServerSocket with the SocketImpl - /// from another socket. The SocketImpl must be - /// a SecureServerSocketImpl, otherwise an InvalidArgumentException - /// will be thrown. - - SecureServerSocket(const SocketAddress& address, int backlog = 64); - /// Creates a server socket using the default server SSL context, - /// binds it to the given address and puts it in listening - /// state. - /// - /// After successful construction, the server socket - /// is ready to accept connections. - - SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext); - /// Creates a server socket using the given SSL context, binds it - /// to the given address and puts it in listening - /// state. - /// - /// After successful construction, the server socket - /// is ready to accept connections. - - SecureServerSocket(Poco::UInt16 port, int backlog = 64); - /// Creates a server socket using the default server SSL context, - /// binds it to the given port and puts it in listening - /// state. - /// - /// After successful construction, the server socket - /// is ready to accept connections. - - SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext); - /// Creates a server socket using the given SSL context, binds it - /// to the given port and puts it in listening - /// state. - /// - /// After successful construction, the server socket - /// is ready to accept connections. - - virtual ~SecureServerSocket(); - /// Destroys the StreamSocket. - - SecureServerSocket& operator = (const Socket& socket); - /// Assignment operator. - /// - /// Releases the socket's SocketImpl and - /// attaches the SocketImpl from the other socket and - /// increments the reference count of the SocketImpl. - - StreamSocket acceptConnection(SocketAddress& clientAddr); - /// Get the next completed connection from the - /// socket's completed connection queue. - /// - /// If the queue is empty, waits until a connection - /// request completes. - /// - /// Returns a new SSL socket for the connection - /// with the client. - /// - /// The client socket's address is returned in clientAddr. - /// - /// No SSL handshake is performed on the new connection. - /// The SSL handshake will be performed the first time - /// sendBytes(), receiveBytes() or completeHandshake() - /// is called on the returned SecureStreamSocket. - - StreamSocket acceptConnection(); - /// Get the next completed connection from the - /// socket's completed connection queue. - /// - /// If the queue is empty, waits until a connection - /// request completes. - /// - /// Returns a new SSL socket for the connection - /// with the client. - /// - /// No SSL handshake is performed on the new connection. - /// The SSL handshake will be performed the first time - /// sendBytes(), receiveBytes() or completeHandshake() - /// is called on the returned SecureStreamSocket. - - Context::Ptr context() const; - /// Returns the SSL context used by this socket. -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_SecureServerSocket_INCLUDED +// +// SecureServerSocket.h +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureServerSocket +// +// Definition of the SecureServerSocket class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_SecureServerSocket_INCLUDED +#define NetSSL_SecureServerSocket_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/ServerSocket.h" +#include "Poco/Net/Context.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API SecureServerSocket: public ServerSocket + /// A server socket for secure SSL connections. +{ +public: + SecureServerSocket(); + /// Creates a SSL server socket using the + /// default SSL server context. + /// + /// The server socket must be bound to + /// an address and put into listening state. + + explicit SecureServerSocket(Context::Ptr pContext); + /// Creates a SSL server socket, using the + /// given SSL context object. + /// + /// The server socket must be bound to + /// an address and put into listening state. + + SecureServerSocket(const Socket& socket); + /// Creates the SecureServerSocket with the SocketImpl + /// from another socket. The SocketImpl must be + /// a SecureServerSocketImpl, otherwise an InvalidArgumentException + /// will be thrown. + + SecureServerSocket(const SocketAddress& address, int backlog = 64); + /// Creates a server socket using the default server SSL context, + /// binds it to the given address and puts it in listening + /// state. + /// + /// After successful construction, the server socket + /// is ready to accept connections. + + SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext); + /// Creates a server socket using the given SSL context, binds it + /// to the given address and puts it in listening + /// state. + /// + /// After successful construction, the server socket + /// is ready to accept connections. + + SecureServerSocket(Poco::UInt16 port, int backlog = 64); + /// Creates a server socket using the default server SSL context, + /// binds it to the given port and puts it in listening + /// state. + /// + /// After successful construction, the server socket + /// is ready to accept connections. + + SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext); + /// Creates a server socket using the given SSL context, binds it + /// to the given port and puts it in listening + /// state. + /// + /// After successful construction, the server socket + /// is ready to accept connections. + + virtual ~SecureServerSocket(); + /// Destroys the StreamSocket. + + SecureServerSocket& operator = (const Socket& socket); + /// Assignment operator. + /// + /// Releases the socket's SocketImpl and + /// attaches the SocketImpl from the other socket and + /// increments the reference count of the SocketImpl. + + StreamSocket acceptConnection(SocketAddress& clientAddr); + /// Get the next completed connection from the + /// socket's completed connection queue. + /// + /// If the queue is empty, waits until a connection + /// request completes. + /// + /// Returns a new SSL socket for the connection + /// with the client. + /// + /// The client socket's address is returned in clientAddr. + /// + /// No SSL handshake is performed on the new connection. + /// The SSL handshake will be performed the first time + /// sendBytes(), receiveBytes() or completeHandshake() + /// is called on the returned SecureStreamSocket. + + StreamSocket acceptConnection(); + /// Get the next completed connection from the + /// socket's completed connection queue. + /// + /// If the queue is empty, waits until a connection + /// request completes. + /// + /// Returns a new SSL socket for the connection + /// with the client. + /// + /// No SSL handshake is performed on the new connection. + /// The SSL handshake will be performed the first time + /// sendBytes(), receiveBytes() or completeHandshake() + /// is called on the returned SecureStreamSocket. + + Context::Ptr context() const; + /// Returns the SSL context used by this socket. +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_SecureServerSocket_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h index 2cf969d099..8889ed5028 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h @@ -1,146 +1,146 @@ -// -// SecureServerSocketImpl.h -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureServerSocketImpl -// -// Definition of the SecureServerSocketImpl class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_SecureServerSocketImpl_INCLUDED -#define NetSSL_SecureServerSocketImpl_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/SecureSocketImpl.h" -#include "Poco/Net/ServerSocketImpl.h" -#include "Poco/Net/Context.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API SecureServerSocketImpl: public ServerSocketImpl - /// The SocketImpl class for SecureServerSocket. -{ -public: - SecureServerSocketImpl(Context::Ptr pContext); - /// Creates the SecureServerSocketImpl using the - /// given SSL context object. - - SocketImpl* acceptConnection(SocketAddress& clientAddr); - /// Get the next completed connection from the - /// socket's completed connection queue. - /// - /// If the queue is empty, waits until a connection - /// request completes. - /// - /// Returns a new TCP socket for the connection - /// with the client. - /// - /// The client socket's address is returned in clientAddr. - - void connect(const SocketAddress& address); - /// Not supported by this kind of socket. - /// - /// Throws a Poco::InvalidAccessException. - - void connect(const SocketAddress& address, const Poco::Timespan& timeout); - /// Not supported by this kind of socket. - /// - /// Throws a Poco::InvalidAccessException. - - void connectNB(const SocketAddress& address); - /// Not supported by this kind of socket. - /// - /// Throws a Poco::InvalidAccessException. - - void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false); - /// Bind a local address to the socket. - /// - /// This is usually only done when establishing a server - /// socket. TCP clients should not bind a socket to a - /// specific address. - /// - /// If reuseAddress is true, sets the SO_REUSEADDR - /// socket option. - - void listen(int backlog = 64); - /// Puts the socket into listening state. - /// - /// The socket becomes a passive socket that - /// can accept incoming connection requests. - /// - /// The backlog argument specifies the maximum - /// number of connections that can be queued - /// for this socket. - - void close(); - /// Close the socket. - - int sendBytes(const void* buffer, int length, int flags = 0); - /// Not supported by this kind of socket. - /// - /// Throws a Poco::InvalidAccessException. - - int receiveBytes(void* buffer, int length, int flags = 0); - /// Not supported by this kind of socket. - /// - /// Throws a Poco::InvalidAccessException. - - int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0); - /// Not supported by this kind of socket. - /// - /// Throws a Poco::InvalidAccessException. - - int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0); - /// Not supported by this kind of socket. - /// - /// Throws a Poco::InvalidAccessException. - - void sendUrgent(unsigned char data); - /// Not supported by this kind of socket. - /// - /// Throws a Poco::InvalidAccessException. - - bool secure() const; - /// Returns true iff the socket's connection is secure - /// (using SSL or TLS). - - Context::Ptr context() const; - /// Returns the SSL context used by this socket. - -protected: - ~SecureServerSocketImpl(); - /// Destroys the SecureServerSocketImpl. - -private: - SecureServerSocketImpl(const SecureServerSocketImpl&); - SecureServerSocketImpl& operator = (const SecureServerSocketImpl&); - -private: - SecureSocketImpl _impl; -}; - - -// -// inlines -// -inline Context::Ptr SecureServerSocketImpl::context() const -{ - return _impl.context(); -} - - -} } // namespace Poco::Net - - -#endif // NetSSL_SecureServerSocketImpl_INCLUDED +// +// SecureServerSocketImpl.h +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureServerSocketImpl +// +// Definition of the SecureServerSocketImpl class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_SecureServerSocketImpl_INCLUDED +#define NetSSL_SecureServerSocketImpl_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/SecureSocketImpl.h" +#include "Poco/Net/ServerSocketImpl.h" +#include "Poco/Net/Context.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API SecureServerSocketImpl: public ServerSocketImpl + /// The SocketImpl class for SecureServerSocket. +{ +public: + SecureServerSocketImpl(Context::Ptr pContext); + /// Creates the SecureServerSocketImpl using the + /// given SSL context object. + + SocketImpl* acceptConnection(SocketAddress& clientAddr); + /// Get the next completed connection from the + /// socket's completed connection queue. + /// + /// If the queue is empty, waits until a connection + /// request completes. + /// + /// Returns a new TCP socket for the connection + /// with the client. + /// + /// The client socket's address is returned in clientAddr. + + void connect(const SocketAddress& address); + /// Not supported by this kind of socket. + /// + /// Throws a Poco::InvalidAccessException. + + void connect(const SocketAddress& address, const Poco::Timespan& timeout); + /// Not supported by this kind of socket. + /// + /// Throws a Poco::InvalidAccessException. + + void connectNB(const SocketAddress& address); + /// Not supported by this kind of socket. + /// + /// Throws a Poco::InvalidAccessException. + + void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false); + /// Bind a local address to the socket. + /// + /// This is usually only done when establishing a server + /// socket. TCP clients should not bind a socket to a + /// specific address. + /// + /// If reuseAddress is true, sets the SO_REUSEADDR + /// socket option. + + void listen(int backlog = 64); + /// Puts the socket into listening state. + /// + /// The socket becomes a passive socket that + /// can accept incoming connection requests. + /// + /// The backlog argument specifies the maximum + /// number of connections that can be queued + /// for this socket. + + void close(); + /// Close the socket. + + int sendBytes(const void* buffer, int length, int flags = 0); + /// Not supported by this kind of socket. + /// + /// Throws a Poco::InvalidAccessException. + + int receiveBytes(void* buffer, int length, int flags = 0); + /// Not supported by this kind of socket. + /// + /// Throws a Poco::InvalidAccessException. + + int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0); + /// Not supported by this kind of socket. + /// + /// Throws a Poco::InvalidAccessException. + + int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0); + /// Not supported by this kind of socket. + /// + /// Throws a Poco::InvalidAccessException. + + void sendUrgent(unsigned char data); + /// Not supported by this kind of socket. + /// + /// Throws a Poco::InvalidAccessException. + + bool secure() const; + /// Returns true iff the socket's connection is secure + /// (using SSL or TLS). + + Context::Ptr context() const; + /// Returns the SSL context used by this socket. + +protected: + ~SecureServerSocketImpl(); + /// Destroys the SecureServerSocketImpl. + +private: + SecureServerSocketImpl(const SecureServerSocketImpl&); + SecureServerSocketImpl& operator = (const SecureServerSocketImpl&); + +private: + SecureSocketImpl _impl; +}; + + +// +// inlines +// +inline Context::Ptr SecureServerSocketImpl::context() const +{ + return _impl.context(); +} + + +} } // namespace Poco::Net + + +#endif // NetSSL_SecureServerSocketImpl_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h index 8d331a3a6d..5ff589d336 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h @@ -1,265 +1,265 @@ -// -// SecureSocketImpl.h -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureSocketImpl -// -// Definition of the SecureSocketImpl class. -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_SecureSocketImpl_INCLUDED -#define NetSSL_SecureSocketImpl_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/SocketImpl.h" -#include "Poco/Net/Context.h" -#include "Poco/Net/X509Certificate.h" -#include "Poco/Net/Session.h" -#include <openssl/bio.h> -#include <openssl/ssl.h> - - -namespace Poco { -namespace Net { - - -class HostEntry; - - -class NetSSL_API SecureSocketImpl - /// The SocketImpl for SecureStreamSocket. -{ -public: - SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext); - /// Creates the SecureSocketImpl using an already - /// connected stream socket. - - virtual ~SecureSocketImpl(); - /// Destroys the SecureSocketImpl. - - SocketImpl* acceptConnection(SocketAddress& clientAddr); - /// Get the next completed connection from the - /// socket's completed connection queue. - /// - /// If the queue is empty, waits until a connection - /// request completes. - /// - /// Returns a new SSL socket for the connection - /// with the client. - /// - /// The client socket's address is returned in clientAddr. - - void connect(const SocketAddress& address, bool performHandshake); - /// Initializes the socket and establishes a secure connection to - /// the TCP server at the given address. - /// - /// If performHandshake is true, the SSL handshake is performed immediately - /// after establishing the connection. Otherwise, the handshake is performed - /// the first time sendBytes(), receiveBytes() or completeHandshake() is called. - - void connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake); - /// Initializes the socket, sets the socket timeout and - /// establishes a secure connection to the TCP server at the given address. - /// - /// If performHandshake is true, the SSL handshake is performed immediately - /// after establishing the connection. Otherwise, the handshake is performed - /// the first time sendBytes(), receiveBytes() or completeHandshake() is called. - - void connectNB(const SocketAddress& address); - /// Initializes the socket and establishes a secure connection to - /// the TCP server at the given address. Prior to opening the - /// connection the socket is set to nonblocking mode. - - void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false); - /// Bind a local address to the socket. - /// - /// This is usually only done when establishing a server - /// socket. SSL clients should not bind a socket to a - /// specific address. - /// - /// If reuseAddress is true, sets the SO_REUSEADDR - /// socket option. - - void listen(int backlog = 64); - /// Puts the socket into listening state. - /// - /// The socket becomes a passive socket that - /// can accept incoming connection requests. - /// - /// The backlog argument specifies the maximum - /// number of connections that can be queued - /// for this socket. - - void shutdown(); - /// Shuts down the connection by attempting - /// an orderly SSL shutdown, then actually - /// shutting down the TCP connection. - - void close(); - /// Close the socket. - - void abort(); - /// Aborts the connection by closing the - /// underlying TCP connection. No orderly SSL shutdown - /// is performed. - - int sendBytes(const void* buffer, int length, int flags = 0); - /// Sends the contents of the given buffer through - /// the socket. Any specified flags are ignored. - /// - /// Returns the number of bytes sent, which may be - /// less than the number of bytes specified. - - int receiveBytes(void* buffer, int length, int flags = 0); - /// Receives data from the socket and stores it - /// in buffer. Up to length bytes are received. - /// - /// Returns the number of bytes received. - - int available() const; - /// Returns the number of bytes available from the - /// SSL buffer for immediate reading. - - int completeHandshake(); - /// Completes the SSL handshake. - /// - /// If the SSL connection was the result of an accept(), - /// the server-side handshake is completed, otherwise - /// a client-side handshake is performed. - - poco_socket_t sockfd(); - /// Returns the underlying socket descriptor. - - X509* peerCertificate() const; - /// Returns the peer's certificate. - - Context::Ptr context() const; - /// Returns the SSL context used for this socket. - - void verifyPeerCertificate(); - /// Performs post-connect (or post-accept) peer certificate validation, - /// using the peer host name set with setPeerHostName(), or the peer's - /// IP address string if no peer host name has been set. - - void verifyPeerCertificate(const std::string& hostName); - /// Performs post-connect (or post-accept) peer certificate validation - /// using the given peer host name. - - void setPeerHostName(const std::string& hostName); - /// Sets the peer host name for certificate validation purposes. - - const std::string& getPeerHostName() const; - /// Returns the peer host name. - - Session::Ptr currentSession(); - /// Returns the SSL session of the current connection, - /// for reuse in a future connection (if session caching - /// is enabled). - /// - /// If no connection is established, returns null. - - void useSession(Session::Ptr pSession); - /// Sets the SSL session to use for the next - /// connection. Setting a previously saved Session - /// object is necessary to enable session caching. - /// - /// To remove the currently set session, a null pointer - /// can be given. - /// - /// Must be called before connect() to be effective. - - bool sessionWasReused(); - /// Returns true iff a reused session was negotiated during - /// the handshake. - -protected: - void acceptSSL(); - /// Performs a server-side SSL handshake and certificate verification. - - void connectSSL(bool performHandshake); - /// Performs a client-side SSL handshake and establishes a secure - /// connection over an already existing TCP connection. - - long verifyPeerCertificateImpl(const std::string& hostName); - /// Performs post-connect (or post-accept) peer certificate validation. - - static bool isLocalHost(const std::string& hostName); - /// Returns true iff the given host name is the local host - /// (either "localhost" or "127.0.0.1"). - +// +// SecureSocketImpl.h +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureSocketImpl +// +// Definition of the SecureSocketImpl class. +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_SecureSocketImpl_INCLUDED +#define NetSSL_SecureSocketImpl_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/SocketImpl.h" +#include "Poco/Net/Context.h" +#include "Poco/Net/X509Certificate.h" +#include "Poco/Net/Session.h" +#include <openssl/bio.h> +#include <openssl/ssl.h> + + +namespace Poco { +namespace Net { + + +class HostEntry; + + +class NetSSL_API SecureSocketImpl + /// The SocketImpl for SecureStreamSocket. +{ +public: + SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext); + /// Creates the SecureSocketImpl using an already + /// connected stream socket. + + virtual ~SecureSocketImpl(); + /// Destroys the SecureSocketImpl. + + SocketImpl* acceptConnection(SocketAddress& clientAddr); + /// Get the next completed connection from the + /// socket's completed connection queue. + /// + /// If the queue is empty, waits until a connection + /// request completes. + /// + /// Returns a new SSL socket for the connection + /// with the client. + /// + /// The client socket's address is returned in clientAddr. + + void connect(const SocketAddress& address, bool performHandshake); + /// Initializes the socket and establishes a secure connection to + /// the TCP server at the given address. + /// + /// If performHandshake is true, the SSL handshake is performed immediately + /// after establishing the connection. Otherwise, the handshake is performed + /// the first time sendBytes(), receiveBytes() or completeHandshake() is called. + + void connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake); + /// Initializes the socket, sets the socket timeout and + /// establishes a secure connection to the TCP server at the given address. + /// + /// If performHandshake is true, the SSL handshake is performed immediately + /// after establishing the connection. Otherwise, the handshake is performed + /// the first time sendBytes(), receiveBytes() or completeHandshake() is called. + + void connectNB(const SocketAddress& address); + /// Initializes the socket and establishes a secure connection to + /// the TCP server at the given address. Prior to opening the + /// connection the socket is set to nonblocking mode. + + void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false); + /// Bind a local address to the socket. + /// + /// This is usually only done when establishing a server + /// socket. SSL clients should not bind a socket to a + /// specific address. + /// + /// If reuseAddress is true, sets the SO_REUSEADDR + /// socket option. + + void listen(int backlog = 64); + /// Puts the socket into listening state. + /// + /// The socket becomes a passive socket that + /// can accept incoming connection requests. + /// + /// The backlog argument specifies the maximum + /// number of connections that can be queued + /// for this socket. + + void shutdown(); + /// Shuts down the connection by attempting + /// an orderly SSL shutdown, then actually + /// shutting down the TCP connection. + + void close(); + /// Close the socket. + + void abort(); + /// Aborts the connection by closing the + /// underlying TCP connection. No orderly SSL shutdown + /// is performed. + + int sendBytes(const void* buffer, int length, int flags = 0); + /// Sends the contents of the given buffer through + /// the socket. Any specified flags are ignored. + /// + /// Returns the number of bytes sent, which may be + /// less than the number of bytes specified. + + int receiveBytes(void* buffer, int length, int flags = 0); + /// Receives data from the socket and stores it + /// in buffer. Up to length bytes are received. + /// + /// Returns the number of bytes received. + + int available() const; + /// Returns the number of bytes available from the + /// SSL buffer for immediate reading. + + int completeHandshake(); + /// Completes the SSL handshake. + /// + /// If the SSL connection was the result of an accept(), + /// the server-side handshake is completed, otherwise + /// a client-side handshake is performed. + + poco_socket_t sockfd(); + /// Returns the underlying socket descriptor. + + X509* peerCertificate() const; + /// Returns the peer's certificate. + + Context::Ptr context() const; + /// Returns the SSL context used for this socket. + + void verifyPeerCertificate(); + /// Performs post-connect (or post-accept) peer certificate validation, + /// using the peer host name set with setPeerHostName(), or the peer's + /// IP address string if no peer host name has been set. + + void verifyPeerCertificate(const std::string& hostName); + /// Performs post-connect (or post-accept) peer certificate validation + /// using the given peer host name. + + void setPeerHostName(const std::string& hostName); + /// Sets the peer host name for certificate validation purposes. + + const std::string& getPeerHostName() const; + /// Returns the peer host name. + + Session::Ptr currentSession(); + /// Returns the SSL session of the current connection, + /// for reuse in a future connection (if session caching + /// is enabled). + /// + /// If no connection is established, returns null. + + void useSession(Session::Ptr pSession); + /// Sets the SSL session to use for the next + /// connection. Setting a previously saved Session + /// object is necessary to enable session caching. + /// + /// To remove the currently set session, a null pointer + /// can be given. + /// + /// Must be called before connect() to be effective. + + bool sessionWasReused(); + /// Returns true iff a reused session was negotiated during + /// the handshake. + +protected: + void acceptSSL(); + /// Performs a server-side SSL handshake and certificate verification. + + void connectSSL(bool performHandshake); + /// Performs a client-side SSL handshake and establishes a secure + /// connection over an already existing TCP connection. + + long verifyPeerCertificateImpl(const std::string& hostName); + /// Performs post-connect (or post-accept) peer certificate validation. + + static bool isLocalHost(const std::string& hostName); + /// Returns true iff the given host name is the local host + /// (either "localhost" or "127.0.0.1"). + bool mustRetry(int rc, Poco::Timespan& remaining_time); - /// Returns true if the last operation should be retried, - /// otherwise false. - /// - /// In case of an SSL_ERROR_WANT_READ error, and if the socket is - /// blocking, waits for the underlying socket to become readable. - /// - /// In case of an SSL_ERROR_WANT_WRITE error, and if the socket is - /// blocking, waits for the underlying socket to become writable. - /// - /// Can also throw a Poco::TimeoutException if the socket does - /// not become readable or writable within the sockets - /// receive or send timeout. - - int handleError(int rc); - /// Handles an SSL error by throwing an appropriate exception. - - void reset(); - /// Prepares the socket for re-use. - /// - /// After closing and resetting a socket, the socket can - /// be used for a new connection. - /// - /// Note that simply closing a socket is not sufficient - /// to be able to re-use it again. - + /// Returns true if the last operation should be retried, + /// otherwise false. + /// + /// In case of an SSL_ERROR_WANT_READ error, and if the socket is + /// blocking, waits for the underlying socket to become readable. + /// + /// In case of an SSL_ERROR_WANT_WRITE error, and if the socket is + /// blocking, waits for the underlying socket to become writable. + /// + /// Can also throw a Poco::TimeoutException if the socket does + /// not become readable or writable within the sockets + /// receive or send timeout. + + int handleError(int rc); + /// Handles an SSL error by throwing an appropriate exception. + + void reset(); + /// Prepares the socket for re-use. + /// + /// After closing and resetting a socket, the socket can + /// be used for a new connection. + /// + /// Note that simply closing a socket is not sufficient + /// to be able to re-use it again. + Poco::Timespan getMaxTimeout(); -private: - SecureSocketImpl(const SecureSocketImpl&); - SecureSocketImpl& operator = (const SecureSocketImpl&); - - SSL* _pSSL; - Poco::AutoPtr<SocketImpl> _pSocket; - Context::Ptr _pContext; - bool _needHandshake; - std::string _peerHostName; - Session::Ptr _pSession; - - friend class SecureStreamSocketImpl; -}; - - -// -// inlines -// -inline poco_socket_t SecureSocketImpl::sockfd() -{ - return _pSocket->sockfd(); -} - - -inline Context::Ptr SecureSocketImpl::context() const -{ - return _pContext; -} - - -inline const std::string& SecureSocketImpl::getPeerHostName() const -{ - return _peerHostName; -} - - -} } // namespace Poco::Net - - -#endif // NetSSL_SecureSocketImpl_INCLUDED +private: + SecureSocketImpl(const SecureSocketImpl&); + SecureSocketImpl& operator = (const SecureSocketImpl&); + + SSL* _pSSL; + Poco::AutoPtr<SocketImpl> _pSocket; + Context::Ptr _pContext; + bool _needHandshake; + std::string _peerHostName; + Session::Ptr _pSession; + + friend class SecureStreamSocketImpl; +}; + + +// +// inlines +// +inline poco_socket_t SecureSocketImpl::sockfd() +{ + return _pSocket->sockfd(); +} + + +inline Context::Ptr SecureSocketImpl::context() const +{ + return _pContext; +} + + +inline const std::string& SecureSocketImpl::getPeerHostName() const +{ + return _peerHostName; +} + + +} } // namespace Poco::Net + + +#endif // NetSSL_SecureSocketImpl_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h index 059be1bbee..e33a59391d 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h @@ -1,272 +1,272 @@ -// -// SecureStreamSocket.h -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureStreamSocket -// -// Definition of the SecureStreamSocket class. -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_SecureStreamSocket_INCLUDED -#define NetSSL_SecureStreamSocket_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/StreamSocket.h" -#include "Poco/Net/Context.h" -#include "Poco/Net/Session.h" -#include "Poco/Net/X509Certificate.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API SecureStreamSocket: public StreamSocket - /// A subclass of StreamSocket for secure SSL sockets. - /// - /// A few notes about nonblocking IO: - /// sendBytes() and receiveBytes() can return a - /// negative value when using a nonblocking socket, which means - /// a SSL handshake is currently in progress and more data - /// needs to be read or written for the handshake to continue. - /// If sendBytes() or receiveBytes() return ERR_SSL_WANT_WRITE, - /// sendBytes() must be called as soon as possible (usually, after - /// select() indicates that data can be written). Likewise, if - /// ERR_SSL_WANT_READ is returned, receiveBytes() must be called - /// as soon as data is available for reading (indicated by select()). - /// - /// The SSL handshake is delayed until the first sendBytes() or - /// receiveBytes() operation is performed on the socket. No automatic - /// post connection check (checking the peer certificate for a valid - /// hostname) is performed when using nonblocking I/O. To manually - /// perform peer certificate validation, call verifyPeerCertificate() - /// after the SSL handshake has been completed. -{ -public: - enum - { - ERR_SSL_WANT_READ = -1, - ERR_SSL_WANT_WRITE = -2 - }; - - SecureStreamSocket(); - /// Creates an unconnected secure stream socket - /// using the default client SSL context. - /// - /// Before sending or receiving data, the socket - /// must be connected with a call to connect(). - - explicit SecureStreamSocket(Context::Ptr pContext); - /// Creates an unconnected secure stream socket - /// using the given SSL context. - /// - /// Before sending or receiving data, the socket - /// must be connected with a call to connect(). - - SecureStreamSocket(Context::Ptr pContext, Session::Ptr pSession); - /// Creates an unconnected secure stream socket - /// using the given SSL context. - /// - /// Before sending or receiving data, the socket - /// must be connected with a call to connect(). - /// - /// The given Session is reused, if possible (client session - /// caching is enabled for the given Context, and the server - /// agrees to reuse the session). - - explicit SecureStreamSocket(const SocketAddress& address); - /// Creates a secure stream socket using the default - /// client SSL context and connects it to - /// the socket specified by address. - - SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext); - /// Creates a secure stream socket using the given - /// client SSL context and connects it to - /// the socket specified by address. - - SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext, Session::Ptr pSession); - /// Creates a secure stream socket using the given - /// client SSL context and connects it to - /// the socket specified by address. - /// - /// The given Session is reused, if possible (client session - /// caching is enabled for the given Context, and the server - /// agrees to reuse the session). - - SecureStreamSocket(const SocketAddress& address, const std::string& hostName); - /// Creates a secure stream socket using the default - /// client SSL context and connects it to - /// the socket specified by address. - /// - /// The given host name is used for certificate verification. - - SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext); - /// Creates a secure stream socket using the given - /// client SSL context and connects it to - /// the socket specified by address. - /// - /// The given host name is used for certificate verification. - - SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession); - /// Creates a secure stream socket using the given - /// client SSL context and connects it to - /// the socket specified by address. - /// - /// The given host name is used for certificate verification. - /// - /// The given Session is reused, if possible (client session - /// caching is enabled for the given Context, and the server - /// agrees to reuse the session). - - SecureStreamSocket(const Socket& socket); - /// Creates the SecureStreamSocket with the SocketImpl - /// from another socket. The SocketImpl must be - /// a SecureStreamSocketImpl, otherwise an InvalidArgumentException - /// will be thrown. - - virtual ~SecureStreamSocket(); - /// Destroys the StreamSocket. - - SecureStreamSocket& operator = (const Socket& socket); - /// Assignment operator. - /// - /// Releases the socket's SocketImpl and - /// attaches the SocketImpl from the other socket and - /// increments the reference count of the SocketImpl. - - bool havePeerCertificate() const; - /// Returns true iff the peer has presented a - /// certificate. - - X509Certificate peerCertificate() const; - /// Returns the peer's X509 certificate. - /// - /// Throws a SSLException if the peer did not - /// present a certificate. - - void setPeerHostName(const std::string& hostName); - /// Sets the peer's host name used for certificate validation. - - const std::string& getPeerHostName() const; - /// Returns the peer's host name used for certificate validation. - - static SecureStreamSocket attach(const StreamSocket& streamSocket); - /// Creates a SecureStreamSocket over an existing socket - /// connection. The given StreamSocket must be connected. - /// A SSL handshake will be performed. - - static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext); - /// Creates a SecureStreamSocket over an existing socket - /// connection. The given StreamSocket must be connected. - /// A SSL handshake will be performed. - - static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext, Session::Ptr pSession); - /// Creates a SecureStreamSocket over an existing socket - /// connection. The given StreamSocket must be connected. - /// A SSL handshake will be performed. - /// - /// The given Session is reused, if possible (client session - /// caching is enabled for the given Context, and the server - /// agrees to reuse the session). - - static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName); - /// Creates a SecureStreamSocket over an existing socket - /// connection. The given StreamSocket must be connected. - /// A SSL handshake will be performed. - - static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext); - /// Creates a SecureStreamSocket over an existing socket - /// connection. The given StreamSocket must be connected. - /// A SSL handshake will be performed. - - static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext, Session::Ptr pSession); - /// Creates a SecureStreamSocket over an existing socket - /// connection. The given StreamSocket must be connected. - /// A SSL handshake will be performed. - /// - /// The given Session is reused, if possible (client session - /// caching is enabled for the given Context, and the server - /// agrees to reuse the session). - - Context::Ptr context() const; - /// Returns the SSL context used by this socket. - - void setLazyHandshake(bool flag = true); - /// Enable lazy SSL handshake. If enabled, the SSL handshake - /// will be performed the first time date is sent or - /// received over the connection. - - bool getLazyHandshake() const; - /// Returns true if setLazyHandshake(true) has been called. - - void verifyPeerCertificate(); - /// Performs post-connect (or post-accept) peer certificate validation, - /// using the peer host name set with setPeerHostName(), or the peer's - /// IP address string if no peer host name has been set. - /// - /// Should only be used for non-blocking connections, after the - /// initial SSL handshake has been performed (see completeHandshake()). - - void verifyPeerCertificate(const std::string& hostName); - /// Performs post-connect (or post-accept) peer certificate validation - /// using the given host name. - /// - /// Should only be used for non-blocking connections, after the - /// initial SSL handshake has been performed (see completeHandshake()). - - int completeHandshake(); - /// Completes the SSL handshake. - /// - /// If the SSL connection was the result of an accept(), - /// the server-side handshake is completed, otherwise - /// a client-side handshake is performed. - /// - /// Returns 1 if the handshake was successful, ERR_SSL_WANT_READ or - /// ERR_SSL_WANT_WRITE if more data is required to complete the - /// handshake. In this case, completeHandshake() should be called - /// again, after the necessary condition has been met. - - Session::Ptr currentSession(); - /// Returns the SSL session of the current connection, - /// for reuse in a future connection (if session caching - /// is enabled). - /// - /// If no connection is established, returns null. - - void useSession(Session::Ptr pSession); - /// Sets the SSL session to use for the next - /// connection. Setting a previously saved Session - /// object is necessary to enable session caching. - /// - /// To remove the currently set session, a null pointer - /// can be given. - /// - /// Must be called before connect() to be effective. - - bool sessionWasReused(); - /// Returns true iff a reused session was negotiated during - /// the handshake. - - void abort(); - /// Aborts the SSL connection by closing the underlying - /// TCP connection. No orderly SSL shutdown is performed. - -protected: - SecureStreamSocket(SocketImpl* pImpl); - - friend class SecureServerSocket; -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_SecureStreamSocket_INCLUDED +// +// SecureStreamSocket.h +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureStreamSocket +// +// Definition of the SecureStreamSocket class. +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_SecureStreamSocket_INCLUDED +#define NetSSL_SecureStreamSocket_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/StreamSocket.h" +#include "Poco/Net/Context.h" +#include "Poco/Net/Session.h" +#include "Poco/Net/X509Certificate.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API SecureStreamSocket: public StreamSocket + /// A subclass of StreamSocket for secure SSL sockets. + /// + /// A few notes about nonblocking IO: + /// sendBytes() and receiveBytes() can return a + /// negative value when using a nonblocking socket, which means + /// a SSL handshake is currently in progress and more data + /// needs to be read or written for the handshake to continue. + /// If sendBytes() or receiveBytes() return ERR_SSL_WANT_WRITE, + /// sendBytes() must be called as soon as possible (usually, after + /// select() indicates that data can be written). Likewise, if + /// ERR_SSL_WANT_READ is returned, receiveBytes() must be called + /// as soon as data is available for reading (indicated by select()). + /// + /// The SSL handshake is delayed until the first sendBytes() or + /// receiveBytes() operation is performed on the socket. No automatic + /// post connection check (checking the peer certificate for a valid + /// hostname) is performed when using nonblocking I/O. To manually + /// perform peer certificate validation, call verifyPeerCertificate() + /// after the SSL handshake has been completed. +{ +public: + enum + { + ERR_SSL_WANT_READ = -1, + ERR_SSL_WANT_WRITE = -2 + }; + + SecureStreamSocket(); + /// Creates an unconnected secure stream socket + /// using the default client SSL context. + /// + /// Before sending or receiving data, the socket + /// must be connected with a call to connect(). + + explicit SecureStreamSocket(Context::Ptr pContext); + /// Creates an unconnected secure stream socket + /// using the given SSL context. + /// + /// Before sending or receiving data, the socket + /// must be connected with a call to connect(). + + SecureStreamSocket(Context::Ptr pContext, Session::Ptr pSession); + /// Creates an unconnected secure stream socket + /// using the given SSL context. + /// + /// Before sending or receiving data, the socket + /// must be connected with a call to connect(). + /// + /// The given Session is reused, if possible (client session + /// caching is enabled for the given Context, and the server + /// agrees to reuse the session). + + explicit SecureStreamSocket(const SocketAddress& address); + /// Creates a secure stream socket using the default + /// client SSL context and connects it to + /// the socket specified by address. + + SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext); + /// Creates a secure stream socket using the given + /// client SSL context and connects it to + /// the socket specified by address. + + SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext, Session::Ptr pSession); + /// Creates a secure stream socket using the given + /// client SSL context and connects it to + /// the socket specified by address. + /// + /// The given Session is reused, if possible (client session + /// caching is enabled for the given Context, and the server + /// agrees to reuse the session). + + SecureStreamSocket(const SocketAddress& address, const std::string& hostName); + /// Creates a secure stream socket using the default + /// client SSL context and connects it to + /// the socket specified by address. + /// + /// The given host name is used for certificate verification. + + SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext); + /// Creates a secure stream socket using the given + /// client SSL context and connects it to + /// the socket specified by address. + /// + /// The given host name is used for certificate verification. + + SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession); + /// Creates a secure stream socket using the given + /// client SSL context and connects it to + /// the socket specified by address. + /// + /// The given host name is used for certificate verification. + /// + /// The given Session is reused, if possible (client session + /// caching is enabled for the given Context, and the server + /// agrees to reuse the session). + + SecureStreamSocket(const Socket& socket); + /// Creates the SecureStreamSocket with the SocketImpl + /// from another socket. The SocketImpl must be + /// a SecureStreamSocketImpl, otherwise an InvalidArgumentException + /// will be thrown. + + virtual ~SecureStreamSocket(); + /// Destroys the StreamSocket. + + SecureStreamSocket& operator = (const Socket& socket); + /// Assignment operator. + /// + /// Releases the socket's SocketImpl and + /// attaches the SocketImpl from the other socket and + /// increments the reference count of the SocketImpl. + + bool havePeerCertificate() const; + /// Returns true iff the peer has presented a + /// certificate. + + X509Certificate peerCertificate() const; + /// Returns the peer's X509 certificate. + /// + /// Throws a SSLException if the peer did not + /// present a certificate. + + void setPeerHostName(const std::string& hostName); + /// Sets the peer's host name used for certificate validation. + + const std::string& getPeerHostName() const; + /// Returns the peer's host name used for certificate validation. + + static SecureStreamSocket attach(const StreamSocket& streamSocket); + /// Creates a SecureStreamSocket over an existing socket + /// connection. The given StreamSocket must be connected. + /// A SSL handshake will be performed. + + static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext); + /// Creates a SecureStreamSocket over an existing socket + /// connection. The given StreamSocket must be connected. + /// A SSL handshake will be performed. + + static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext, Session::Ptr pSession); + /// Creates a SecureStreamSocket over an existing socket + /// connection. The given StreamSocket must be connected. + /// A SSL handshake will be performed. + /// + /// The given Session is reused, if possible (client session + /// caching is enabled for the given Context, and the server + /// agrees to reuse the session). + + static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName); + /// Creates a SecureStreamSocket over an existing socket + /// connection. The given StreamSocket must be connected. + /// A SSL handshake will be performed. + + static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext); + /// Creates a SecureStreamSocket over an existing socket + /// connection. The given StreamSocket must be connected. + /// A SSL handshake will be performed. + + static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext, Session::Ptr pSession); + /// Creates a SecureStreamSocket over an existing socket + /// connection. The given StreamSocket must be connected. + /// A SSL handshake will be performed. + /// + /// The given Session is reused, if possible (client session + /// caching is enabled for the given Context, and the server + /// agrees to reuse the session). + + Context::Ptr context() const; + /// Returns the SSL context used by this socket. + + void setLazyHandshake(bool flag = true); + /// Enable lazy SSL handshake. If enabled, the SSL handshake + /// will be performed the first time date is sent or + /// received over the connection. + + bool getLazyHandshake() const; + /// Returns true if setLazyHandshake(true) has been called. + + void verifyPeerCertificate(); + /// Performs post-connect (or post-accept) peer certificate validation, + /// using the peer host name set with setPeerHostName(), or the peer's + /// IP address string if no peer host name has been set. + /// + /// Should only be used for non-blocking connections, after the + /// initial SSL handshake has been performed (see completeHandshake()). + + void verifyPeerCertificate(const std::string& hostName); + /// Performs post-connect (or post-accept) peer certificate validation + /// using the given host name. + /// + /// Should only be used for non-blocking connections, after the + /// initial SSL handshake has been performed (see completeHandshake()). + + int completeHandshake(); + /// Completes the SSL handshake. + /// + /// If the SSL connection was the result of an accept(), + /// the server-side handshake is completed, otherwise + /// a client-side handshake is performed. + /// + /// Returns 1 if the handshake was successful, ERR_SSL_WANT_READ or + /// ERR_SSL_WANT_WRITE if more data is required to complete the + /// handshake. In this case, completeHandshake() should be called + /// again, after the necessary condition has been met. + + Session::Ptr currentSession(); + /// Returns the SSL session of the current connection, + /// for reuse in a future connection (if session caching + /// is enabled). + /// + /// If no connection is established, returns null. + + void useSession(Session::Ptr pSession); + /// Sets the SSL session to use for the next + /// connection. Setting a previously saved Session + /// object is necessary to enable session caching. + /// + /// To remove the currently set session, a null pointer + /// can be given. + /// + /// Must be called before connect() to be effective. + + bool sessionWasReused(); + /// Returns true iff a reused session was negotiated during + /// the handshake. + + void abort(); + /// Aborts the SSL connection by closing the underlying + /// TCP connection. No orderly SSL shutdown is performed. + +protected: + SecureStreamSocket(SocketImpl* pImpl); + + friend class SecureServerSocket; +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_SecureStreamSocket_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h index 3b000b4758..64d63bc018 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h @@ -1,303 +1,303 @@ -// -// SecureStreamSocketImpl.h -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureStreamSocketImpl -// -// Definition of the SecureStreamSocketImpl class. -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_SecureStreamSocketImpl_INCLUDED -#define NetSSL_SecureStreamSocketImpl_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/SecureSocketImpl.h" -#include "Poco/Net/StreamSocketImpl.h" -#include "Poco/Net/Context.h" -#include "Poco/Net/X509Certificate.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API SecureStreamSocketImpl: public StreamSocketImpl - /// This class implements a SSL stream socket. -{ -public: - SecureStreamSocketImpl(Context::Ptr pContext); - /// Creates the SecureStreamSocketImpl. - - SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext); - /// Creates the SecureStreamSocketImpl. - +// +// SecureStreamSocketImpl.h +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureStreamSocketImpl +// +// Definition of the SecureStreamSocketImpl class. +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_SecureStreamSocketImpl_INCLUDED +#define NetSSL_SecureStreamSocketImpl_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/SecureSocketImpl.h" +#include "Poco/Net/StreamSocketImpl.h" +#include "Poco/Net/Context.h" +#include "Poco/Net/X509Certificate.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API SecureStreamSocketImpl: public StreamSocketImpl + /// This class implements a SSL stream socket. +{ +public: + SecureStreamSocketImpl(Context::Ptr pContext); + /// Creates the SecureStreamSocketImpl. + + SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext); + /// Creates the SecureStreamSocketImpl. + void setSendTimeout(const Poco::Timespan& timeout); void setReceiveTimeout(const Poco::Timespan& timeout); - SocketImpl* acceptConnection(SocketAddress& clientAddr); - /// Not supported by a SecureStreamSocket. - /// - /// Throws a Poco::InvalidAccessException. - - void connect(const SocketAddress& address); - /// Initializes the socket and establishes a connection to - /// the TCP server at the given address. - /// - /// Can also be used for UDP sockets. In this case, no - /// connection is established. Instead, incoming and outgoing - /// packets are restricted to the specified address. - - void connect(const SocketAddress& address, const Poco::Timespan& timeout); - /// Initializes the socket, sets the socket timeout and - /// establishes a connection to the TCP server at the given address. - - void connectNB(const SocketAddress& address); - /// Initializes the socket and establishes a connection to - /// the TCP server at the given address. Prior to opening the - /// connection the socket is set to nonblocking mode. - - void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false); - /// Not supported by a SecureStreamSocket. - /// - /// Throws a Poco::InvalidAccessException. - - void listen(int backlog = 64); - /// Not supported by a SecureStreamSocket. - /// - /// Throws a Poco::InvalidAccessException. - - void close(); - /// Close the socket. - - int sendBytes(const void* buffer, int length, int flags = 0); - /// Sends the contents of the given buffer through - /// the socket. Any specified flags are ignored. - /// - /// Returns the number of bytes sent, which may be - /// less than the number of bytes specified. - - int receiveBytes(void* buffer, int length, int flags = 0); - /// Receives data from the socket and stores it - /// in buffer. Up to length bytes are received. - /// - /// Returns the number of bytes received. - - int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0); - /// Not supported by a SecureStreamSocket. - /// - /// Throws a Poco::InvalidAccessException. - - int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0); - /// Not supported by a SecureStreamSocket. - /// - /// Throws a Poco::InvalidAccessException. - - void sendUrgent(unsigned char data); - /// Not supported by a SecureStreamSocket. - /// - /// Throws a Poco::InvalidAccessException. - - int available(); - /// Returns the number of bytes available that can be read - /// without causing the socket to block. - /// - /// For an SSL connection, returns the number of bytes that - /// can be read from the currently buffered SSL record, - /// before a new record is read from the underlying socket. - - void shutdownReceive(); - /// Shuts down the receiving part of the socket connection. - /// - /// Since SSL does not support a half shutdown, this does - /// nothing. - - void shutdownSend(); - /// Shuts down the receiving part of the socket connection. - /// - /// Since SSL does not support a half shutdown, this does - /// nothing. - - void shutdown(); - /// Shuts down the SSL connection. - - void abort(); - /// Aborts the connection by closing the underlying - /// TCP connection. No orderly SSL shutdown is performed. - - bool secure() const; - /// Returns true iff the socket's connection is secure - /// (using SSL or TLS). - - void setPeerHostName(const std::string& hostName); - /// Sets the peer host name for certificate validation purposes. - - const std::string& getPeerHostName() const; - /// Returns the peer host name. - - bool havePeerCertificate() const; - /// Returns true iff the peer has presented a - /// certificate. - - X509Certificate peerCertificate() const; - /// Returns the peer's X509 certificate. - /// - /// Throws a SSLException if the peer did not - /// present a certificate. - - Context::Ptr context() const; - /// Returns the SSL context used by this socket. - - void setLazyHandshake(bool flag = true); - /// Enable lazy SSL handshake. If enabled, the SSL handshake - /// will be performed the first time date is sent or - /// received over the connection. - - bool getLazyHandshake() const; - /// Returns true if setLazyHandshake(true) has been called. - - void verifyPeerCertificate(); - /// Performs post-connect (or post-accept) peer certificate validation, - /// using the peer's IP address as host name. - - void verifyPeerCertificate(const std::string& hostName); - /// Performs post-connect (or post-accept) peer certificate validation - /// using the given host name. - - int completeHandshake(); - /// Completes the SSL handshake. - /// - /// If the SSL connection was the result of an accept(), - /// the server-side handshake is completed, otherwise - /// a client-side handshake is performed. - - Session::Ptr currentSession(); - /// Returns the SSL session of the current connection, - /// for reuse in a future connection (if session caching - /// is enabled). - /// - /// If no connection is established, returns null. - - void useSession(Session::Ptr pSession); - /// Sets the SSL session to use for the next - /// connection. Setting a previously saved Session - /// object is necessary to enable session caching. - /// - /// To remove the currently set session, a null pointer - /// can be given. - /// - /// Must be called before connect() to be effective. - - bool sessionWasReused(); - /// Returns true iff a reused session was negotiated during - /// the handshake. - -protected: - void acceptSSL(); - /// Performs a SSL server-side handshake. - - void connectSSL(); - /// Performs a SSL client-side handshake on an already connected TCP socket. - - ~SecureStreamSocketImpl(); - /// Destroys the SecureStreamSocketImpl. - - static int lastError(); - static void error(); - static void error(const std::string& arg); - static void error(int code); - static void error(int code, const std::string& arg); - -private: - SecureStreamSocketImpl(const SecureStreamSocketImpl&); - SecureStreamSocketImpl& operator = (const SecureStreamSocketImpl&); - + SocketImpl* acceptConnection(SocketAddress& clientAddr); + /// Not supported by a SecureStreamSocket. + /// + /// Throws a Poco::InvalidAccessException. + + void connect(const SocketAddress& address); + /// Initializes the socket and establishes a connection to + /// the TCP server at the given address. + /// + /// Can also be used for UDP sockets. In this case, no + /// connection is established. Instead, incoming and outgoing + /// packets are restricted to the specified address. + + void connect(const SocketAddress& address, const Poco::Timespan& timeout); + /// Initializes the socket, sets the socket timeout and + /// establishes a connection to the TCP server at the given address. + + void connectNB(const SocketAddress& address); + /// Initializes the socket and establishes a connection to + /// the TCP server at the given address. Prior to opening the + /// connection the socket is set to nonblocking mode. + + void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false); + /// Not supported by a SecureStreamSocket. + /// + /// Throws a Poco::InvalidAccessException. + + void listen(int backlog = 64); + /// Not supported by a SecureStreamSocket. + /// + /// Throws a Poco::InvalidAccessException. + + void close(); + /// Close the socket. + + int sendBytes(const void* buffer, int length, int flags = 0); + /// Sends the contents of the given buffer through + /// the socket. Any specified flags are ignored. + /// + /// Returns the number of bytes sent, which may be + /// less than the number of bytes specified. + + int receiveBytes(void* buffer, int length, int flags = 0); + /// Receives data from the socket and stores it + /// in buffer. Up to length bytes are received. + /// + /// Returns the number of bytes received. + + int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0); + /// Not supported by a SecureStreamSocket. + /// + /// Throws a Poco::InvalidAccessException. + + int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0); + /// Not supported by a SecureStreamSocket. + /// + /// Throws a Poco::InvalidAccessException. + + void sendUrgent(unsigned char data); + /// Not supported by a SecureStreamSocket. + /// + /// Throws a Poco::InvalidAccessException. + + int available(); + /// Returns the number of bytes available that can be read + /// without causing the socket to block. + /// + /// For an SSL connection, returns the number of bytes that + /// can be read from the currently buffered SSL record, + /// before a new record is read from the underlying socket. + + void shutdownReceive(); + /// Shuts down the receiving part of the socket connection. + /// + /// Since SSL does not support a half shutdown, this does + /// nothing. + + void shutdownSend(); + /// Shuts down the receiving part of the socket connection. + /// + /// Since SSL does not support a half shutdown, this does + /// nothing. + + void shutdown(); + /// Shuts down the SSL connection. + + void abort(); + /// Aborts the connection by closing the underlying + /// TCP connection. No orderly SSL shutdown is performed. + + bool secure() const; + /// Returns true iff the socket's connection is secure + /// (using SSL or TLS). + + void setPeerHostName(const std::string& hostName); + /// Sets the peer host name for certificate validation purposes. + + const std::string& getPeerHostName() const; + /// Returns the peer host name. + + bool havePeerCertificate() const; + /// Returns true iff the peer has presented a + /// certificate. + + X509Certificate peerCertificate() const; + /// Returns the peer's X509 certificate. + /// + /// Throws a SSLException if the peer did not + /// present a certificate. + + Context::Ptr context() const; + /// Returns the SSL context used by this socket. + + void setLazyHandshake(bool flag = true); + /// Enable lazy SSL handshake. If enabled, the SSL handshake + /// will be performed the first time date is sent or + /// received over the connection. + + bool getLazyHandshake() const; + /// Returns true if setLazyHandshake(true) has been called. + + void verifyPeerCertificate(); + /// Performs post-connect (or post-accept) peer certificate validation, + /// using the peer's IP address as host name. + + void verifyPeerCertificate(const std::string& hostName); + /// Performs post-connect (or post-accept) peer certificate validation + /// using the given host name. + + int completeHandshake(); + /// Completes the SSL handshake. + /// + /// If the SSL connection was the result of an accept(), + /// the server-side handshake is completed, otherwise + /// a client-side handshake is performed. + + Session::Ptr currentSession(); + /// Returns the SSL session of the current connection, + /// for reuse in a future connection (if session caching + /// is enabled). + /// + /// If no connection is established, returns null. + + void useSession(Session::Ptr pSession); + /// Sets the SSL session to use for the next + /// connection. Setting a previously saved Session + /// object is necessary to enable session caching. + /// + /// To remove the currently set session, a null pointer + /// can be given. + /// + /// Must be called before connect() to be effective. + + bool sessionWasReused(); + /// Returns true iff a reused session was negotiated during + /// the handshake. + +protected: + void acceptSSL(); + /// Performs a SSL server-side handshake. + + void connectSSL(); + /// Performs a SSL client-side handshake on an already connected TCP socket. + + ~SecureStreamSocketImpl(); + /// Destroys the SecureStreamSocketImpl. + + static int lastError(); + static void error(); + static void error(const std::string& arg); + static void error(int code); + static void error(int code, const std::string& arg); + +private: + SecureStreamSocketImpl(const SecureStreamSocketImpl&); + SecureStreamSocketImpl& operator = (const SecureStreamSocketImpl&); + StreamSocketImpl * underlying_socket; - SecureSocketImpl _impl; - bool _lazyHandshake; - - friend class SecureSocketImpl; - friend class SecureStreamSocket; -}; - - -// -// inlines -// -inline const std::string& SecureStreamSocketImpl::getPeerHostName() const -{ - return _impl.getPeerHostName(); -} - - -inline void SecureStreamSocketImpl::setPeerHostName(const std::string& peerHostName) -{ - _impl.setPeerHostName(peerHostName); -} - - -inline Context::Ptr SecureStreamSocketImpl::context() const -{ - return _impl.context(); -} - - -inline Session::Ptr SecureStreamSocketImpl::currentSession() -{ - return _impl.currentSession(); -} - - -inline void SecureStreamSocketImpl::useSession(Session::Ptr pSession) -{ - _impl.useSession(pSession); -} - - -inline bool SecureStreamSocketImpl::sessionWasReused() -{ - return _impl.sessionWasReused(); -} - - -inline int SecureStreamSocketImpl::lastError() -{ - return SocketImpl::lastError(); -} - - -inline void SecureStreamSocketImpl::error() -{ - return SocketImpl::error(); -} - - -inline void SecureStreamSocketImpl::error(const std::string& arg) -{ - return SocketImpl::error(arg); -} - - -inline void SecureStreamSocketImpl::error(int code) -{ - return SocketImpl::error(code); -} - - -inline void SecureStreamSocketImpl::error(int code, const std::string& arg) -{ - return SocketImpl::error(code, arg); -} - - -} } // namespace Poco::Net - - -#endif // NetSSL_SecureStreamSocketImpl_INCLUDED + SecureSocketImpl _impl; + bool _lazyHandshake; + + friend class SecureSocketImpl; + friend class SecureStreamSocket; +}; + + +// +// inlines +// +inline const std::string& SecureStreamSocketImpl::getPeerHostName() const +{ + return _impl.getPeerHostName(); +} + + +inline void SecureStreamSocketImpl::setPeerHostName(const std::string& peerHostName) +{ + _impl.setPeerHostName(peerHostName); +} + + +inline Context::Ptr SecureStreamSocketImpl::context() const +{ + return _impl.context(); +} + + +inline Session::Ptr SecureStreamSocketImpl::currentSession() +{ + return _impl.currentSession(); +} + + +inline void SecureStreamSocketImpl::useSession(Session::Ptr pSession) +{ + _impl.useSession(pSession); +} + + +inline bool SecureStreamSocketImpl::sessionWasReused() +{ + return _impl.sessionWasReused(); +} + + +inline int SecureStreamSocketImpl::lastError() +{ + return SocketImpl::lastError(); +} + + +inline void SecureStreamSocketImpl::error() +{ + return SocketImpl::error(); +} + + +inline void SecureStreamSocketImpl::error(const std::string& arg) +{ + return SocketImpl::error(arg); +} + + +inline void SecureStreamSocketImpl::error(int code) +{ + return SocketImpl::error(code); +} + + +inline void SecureStreamSocketImpl::error(int code, const std::string& arg) +{ + return SocketImpl::error(code, arg); +} + + +} } // namespace Poco::Net + + +#endif // NetSSL_SecureStreamSocketImpl_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h index cc9b2db746..a3dcf1c1bb 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h @@ -1,79 +1,79 @@ -// -// Session.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: Session -// -// Definition of the Session class. -// -// Copyright (c) 2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_Session_INCLUDED -#define NetSSL_Session_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/RefCountedObject.h" -#include "Poco/AutoPtr.h" -#include <openssl/ssl.h> - - -namespace Poco { -namespace Net { - - -class NetSSL_API Session: public Poco::RefCountedObject - /// This class encapsulates a SSL session object - /// used with session caching on the client side. - /// - /// For session caching to work, a client must - /// save the session object from an existing connection, - /// if it wants to reuse it with a future connection. -{ -public: - typedef Poco::AutoPtr<Session> Ptr; - - SSL_SESSION* sslSession() const; - /// Returns the stored OpenSSL SSL_SESSION object. - -protected: - Session(SSL_SESSION* pSession); - /// Creates a new Session object, using the given - /// SSL_SESSION object. +// +// Session.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: Session +// +// Definition of the Session class. +// +// Copyright (c) 2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_Session_INCLUDED +#define NetSSL_Session_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/RefCountedObject.h" +#include "Poco/AutoPtr.h" +#include <openssl/ssl.h> + + +namespace Poco { +namespace Net { + + +class NetSSL_API Session: public Poco::RefCountedObject + /// This class encapsulates a SSL session object + /// used with session caching on the client side. + /// + /// For session caching to work, a client must + /// save the session object from an existing connection, + /// if it wants to reuse it with a future connection. +{ +public: + typedef Poco::AutoPtr<Session> Ptr; + + SSL_SESSION* sslSession() const; + /// Returns the stored OpenSSL SSL_SESSION object. + +protected: + Session(SSL_SESSION* pSession); + /// Creates a new Session object, using the given + /// SSL_SESSION object. + /// + /// The SSL_SESSION's reference count is not changed. + + ~Session(); + /// Destroys the Session. /// - /// The SSL_SESSION's reference count is not changed. - - ~Session(); - /// Destroys the Session. - /// - /// Calls SSL_SESSION_free() on the stored - /// SSL_SESSION object. - -private: - Session(); - - SSL_SESSION* _pSession; - - friend class SecureSocketImpl; -}; - - -// -// inlines -// -inline SSL_SESSION* Session::sslSession() const -{ - return _pSession; -} - - -} } // namespace Poco::Net - - -#endif // NetSSL_Session_INCLUDED + /// Calls SSL_SESSION_free() on the stored + /// SSL_SESSION object. + +private: + Session(); + + SSL_SESSION* _pSession; + + friend class SecureSocketImpl; +}; + + +// +// inlines +// +inline SSL_SESSION* Session::sslSession() const +{ + return _pSession; +} + + +} } // namespace Poco::Net + + +#endif // NetSSL_Session_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h index b1d0073cfa..bd58735572 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h @@ -1,52 +1,52 @@ -// -// Utility.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: Utility -// -// Definition of the Utility class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_Utility_INCLUDED -#define NetSSL_Utility_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/Context.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API Utility - /// This class provides various helper functions for working - /// with the OpenSSL library. -{ -public: - static Context::VerificationMode convertVerificationMode(const std::string& verMode); - /// Non-case sensitive conversion of a string to a VerificationMode enum. - /// If verMode is illegal an InvalidArgumentException is thrown. - - static std::string convertCertificateError(long errCode); - /// Converts an SSL certificate handling error code into an error message. - - static std::string getLastError(); - /// Returns the last error from the error stack - - static void clearErrorStack(); - /// Clears the error stack -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_Utility_INCLUDED +// +// Utility.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: Utility +// +// Definition of the Utility class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_Utility_INCLUDED +#define NetSSL_Utility_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/Context.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API Utility + /// This class provides various helper functions for working + /// with the OpenSSL library. +{ +public: + static Context::VerificationMode convertVerificationMode(const std::string& verMode); + /// Non-case sensitive conversion of a string to a VerificationMode enum. + /// If verMode is illegal an InvalidArgumentException is thrown. + + static std::string convertCertificateError(long errCode); + /// Converts an SSL certificate handling error code into an error message. + + static std::string getLastError(); + /// Returns the last error from the error stack + + static void clearErrorStack(); + /// Clears the error stack +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_Utility_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h index 55ef897bb7..5606fc4f4b 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h @@ -1,108 +1,108 @@ -// -// VerificationErrorArgs.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: VerificationErrorArgs -// -// Definition of the VerificationErrorArgs class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_VerificationErrorArgs_INCLUDED -#define NetSSL_VerificationErrorArgs_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/X509Certificate.h" - - -namespace Poco { -namespace Net { - - -class NetSSL_API VerificationErrorArgs - /// A utility class for certificate error handling. -{ -public: - VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg); - /// Creates the VerificationErrorArgs. _ignoreError is per default set to false. - - ~VerificationErrorArgs(); - /// Destroys the VerificationErrorArgs. - - const X509Certificate& certificate() const; - /// Returns the certificate that caused the error. - - int errorDepth() const; - /// Returns the position of the certificate in the certificate chain. - - int errorNumber() const; - /// Returns the id of the error - - const std::string& errorMessage() const; - /// Returns the textual presentation of the errorNumber. - - void setIgnoreError(bool ignoreError); - /// setIgnoreError to true, if a verification error is judged non-fatal by the user. - - bool getIgnoreError() const; - /// returns the value of _ignoreError - -private: - X509Certificate _cert; - int _errorDepth; - int _errorNumber; - std::string _errorMessage; /// Textual representation of the _errorNumber - bool _ignoreError; -}; - - -// -// inlines -// -inline const X509Certificate& VerificationErrorArgs::certificate() const -{ - return _cert; -} - - -inline int VerificationErrorArgs::errorDepth() const -{ - return _errorDepth; -} - - -inline int VerificationErrorArgs::errorNumber() const -{ - return _errorNumber; -} - - -inline const std::string& VerificationErrorArgs::errorMessage() const -{ - return _errorMessage; -} - - -inline void VerificationErrorArgs::setIgnoreError(bool ignoreError) -{ - _ignoreError = ignoreError; -} - - -inline bool VerificationErrorArgs::getIgnoreError() const -{ - return _ignoreError; -} - - -} } // namespace Poco::Net - - -#endif // NetSSL_VerificationErrorArgs_INCLUDED +// +// VerificationErrorArgs.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: VerificationErrorArgs +// +// Definition of the VerificationErrorArgs class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_VerificationErrorArgs_INCLUDED +#define NetSSL_VerificationErrorArgs_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/X509Certificate.h" + + +namespace Poco { +namespace Net { + + +class NetSSL_API VerificationErrorArgs + /// A utility class for certificate error handling. +{ +public: + VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg); + /// Creates the VerificationErrorArgs. _ignoreError is per default set to false. + + ~VerificationErrorArgs(); + /// Destroys the VerificationErrorArgs. + + const X509Certificate& certificate() const; + /// Returns the certificate that caused the error. + + int errorDepth() const; + /// Returns the position of the certificate in the certificate chain. + + int errorNumber() const; + /// Returns the id of the error + + const std::string& errorMessage() const; + /// Returns the textual presentation of the errorNumber. + + void setIgnoreError(bool ignoreError); + /// setIgnoreError to true, if a verification error is judged non-fatal by the user. + + bool getIgnoreError() const; + /// returns the value of _ignoreError + +private: + X509Certificate _cert; + int _errorDepth; + int _errorNumber; + std::string _errorMessage; /// Textual representation of the _errorNumber + bool _ignoreError; +}; + + +// +// inlines +// +inline const X509Certificate& VerificationErrorArgs::certificate() const +{ + return _cert; +} + + +inline int VerificationErrorArgs::errorDepth() const +{ + return _errorDepth; +} + + +inline int VerificationErrorArgs::errorNumber() const +{ + return _errorNumber; +} + + +inline const std::string& VerificationErrorArgs::errorMessage() const +{ + return _errorMessage; +} + + +inline void VerificationErrorArgs::setIgnoreError(bool ignoreError) +{ + _ignoreError = ignoreError; +} + + +inline bool VerificationErrorArgs::getIgnoreError() const +{ + return _ignoreError; +} + + +} } // namespace Poco::Net + + +#endif // NetSSL_VerificationErrorArgs_INCLUDED diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h index a810b29457..7c7eedaff6 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h +++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h @@ -1,102 +1,102 @@ -// -// X509Certificate.h -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: X509Certificate -// -// Definition of the X509Certificate class. -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#ifndef NetSSL_X509Certificate_INCLUDED -#define NetSSL_X509Certificate_INCLUDED - - -#include "Poco/Net/NetSSL.h" -#include "Poco/Net/SocketDefs.h" -#include "Poco/Crypto/X509Certificate.h" -#include "Poco/DateTime.h" -#include "Poco/SharedPtr.h" -#include <set> - - -namespace Poco { -namespace Net { - - -class HostEntry; - - -class NetSSL_API X509Certificate: public Poco::Crypto::X509Certificate - /// This class extends Poco::Crypto::X509Certificate with the - /// feature to validate a certificate. -{ -public: - explicit X509Certificate(std::istream& istr); - /// Creates the X509Certificate object by reading - /// a certificate in PEM format from a stream. - - explicit X509Certificate(const std::string& path); - /// Creates the X509Certificate object by reading - /// a certificate in PEM format from a file. - - explicit X509Certificate(X509* pCert); - /// Creates the X509Certificate from an existing - /// OpenSSL certificate. Ownership is taken of - /// the certificate. - - X509Certificate(X509* pCert, bool shared); - /// Creates the X509Certificate from an existing - /// OpenSSL certificate. Ownership is taken of - /// the certificate. If shared is true, the - /// certificate's reference count is incremented. - - X509Certificate(const Poco::Crypto::X509Certificate& cert); - /// Creates the certificate by copying another one. - - X509Certificate& operator = (const Poco::Crypto::X509Certificate& cert); - /// Assigns a certificate. - - ~X509Certificate(); - /// Destroys the X509Certificate. - - bool verify(const std::string& hostName) const; - /// Verifies the validity of the certificate against the host name. - /// - /// For this check to be successful, the certificate must contain - /// a domain name that matches the domain name - /// of the host. +// +// X509Certificate.h +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: X509Certificate +// +// Definition of the X509Certificate class. +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#ifndef NetSSL_X509Certificate_INCLUDED +#define NetSSL_X509Certificate_INCLUDED + + +#include "Poco/Net/NetSSL.h" +#include "Poco/Net/SocketDefs.h" +#include "Poco/Crypto/X509Certificate.h" +#include "Poco/DateTime.h" +#include "Poco/SharedPtr.h" +#include <set> + + +namespace Poco { +namespace Net { + + +class HostEntry; + + +class NetSSL_API X509Certificate: public Poco::Crypto::X509Certificate + /// This class extends Poco::Crypto::X509Certificate with the + /// feature to validate a certificate. +{ +public: + explicit X509Certificate(std::istream& istr); + /// Creates the X509Certificate object by reading + /// a certificate in PEM format from a stream. + + explicit X509Certificate(const std::string& path); + /// Creates the X509Certificate object by reading + /// a certificate in PEM format from a file. + + explicit X509Certificate(X509* pCert); + /// Creates the X509Certificate from an existing + /// OpenSSL certificate. Ownership is taken of + /// the certificate. + + X509Certificate(X509* pCert, bool shared); + /// Creates the X509Certificate from an existing + /// OpenSSL certificate. Ownership is taken of + /// the certificate. If shared is true, the + /// certificate's reference count is incremented. + + X509Certificate(const Poco::Crypto::X509Certificate& cert); + /// Creates the certificate by copying another one. + + X509Certificate& operator = (const Poco::Crypto::X509Certificate& cert); + /// Assigns a certificate. + + ~X509Certificate(); + /// Destroys the X509Certificate. + + bool verify(const std::string& hostName) const; + /// Verifies the validity of the certificate against the host name. /// - /// Returns true if verification succeeded, or false otherwise. - - static bool verify(const Poco::Crypto::X509Certificate& cert, const std::string& hostName); - /// Verifies the validity of the certificate against the host name. - /// - /// For this check to be successful, the certificate must contain - /// a domain name that matches the domain name - /// of the host. - /// - /// Returns true if verification succeeded, or false otherwise. - -protected: - static bool containsWildcards(const std::string& commonName); - static bool matchWildcard(const std::string& alias, const std::string& hostName); - -private: - enum - { - NAME_BUFFER_SIZE = 256 - }; -}; - - -} } // namespace Poco::Net - - -#endif // NetSSL_X509Certificate_INCLUDED + /// For this check to be successful, the certificate must contain + /// a domain name that matches the domain name + /// of the host. + /// + /// Returns true if verification succeeded, or false otherwise. + + static bool verify(const Poco::Crypto::X509Certificate& cert, const std::string& hostName); + /// Verifies the validity of the certificate against the host name. + /// + /// For this check to be successful, the certificate must contain + /// a domain name that matches the domain name + /// of the host. + /// + /// Returns true if verification succeeded, or false otherwise. + +protected: + static bool containsWildcards(const std::string& commonName); + static bool matchWildcard(const std::string& alias, const std::string& hostName); + +private: + enum + { + NAME_BUFFER_SIZE = 256 + }; +}; + + +} } // namespace Poco::Net + + +#endif // NetSSL_X509Certificate_INCLUDED |