diff options
| author | orivej <orivej@yandex-team.ru> | 2022-02-10 16:45:01 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:01 +0300 |
| commit | 2d37894b1b037cf24231090eda8589bbb44fb6fc (patch) | |
| tree | be835aa92c6248212e705f25388ebafcf84bc7a1 /contrib/libs/poco/NetSSL_OpenSSL/src | |
| parent | 718c552901d703c502ccbefdfc3c9028d608b947 (diff) | |
| download | ydb-2d37894b1b037cf24231090eda8589bbb44fb6fc.tar.gz | |
Restoring authorship annotation for <orivej@yandex-team.ru>. Commit 2 of 2.
Diffstat (limited to 'contrib/libs/poco/NetSSL_OpenSSL/src')
27 files changed, 3763 insertions, 3763 deletions
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp index 10d2c3e49f..84017f7c34 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp @@ -1,38 +1,38 @@ -// -// AcceptCertificateHandler.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: AcceptCertificateHandler -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/AcceptCertificateHandler.h" - - -namespace Poco { -namespace Net { - - -AcceptCertificateHandler::AcceptCertificateHandler(bool server): InvalidCertificateHandler(server) -{ -} - - -AcceptCertificateHandler::~AcceptCertificateHandler() -{ -} - - -void AcceptCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert) -{ - errorCert.setIgnoreError(true); -} - - -} } // namespace Poco::Net +// +// AcceptCertificateHandler.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: AcceptCertificateHandler +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/AcceptCertificateHandler.h" + + +namespace Poco { +namespace Net { + + +AcceptCertificateHandler::AcceptCertificateHandler(bool server): InvalidCertificateHandler(server) +{ +} + + +AcceptCertificateHandler::~AcceptCertificateHandler() +{ +} + + +void AcceptCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert) +{ + errorCert.setIgnoreError(true); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp index 320fe431e6..8c517748be 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp @@ -1,44 +1,44 @@ -// -// CertificateHandlerFactory.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: CertificateHandlerFactory -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/CertificateHandlerFactory.h" -#include "Poco/Net/SSLManager.h" - - -namespace Poco { -namespace Net { - - -CertificateHandlerFactory::CertificateHandlerFactory() -{ -} - - -CertificateHandlerFactory::~CertificateHandlerFactory() -{ -} - - -CertificateHandlerFactoryRegistrar::CertificateHandlerFactoryRegistrar(const std::string& name, CertificateHandlerFactory* pFactory) -{ - SSLManager::instance().certificateHandlerFactoryMgr().setFactory(name, pFactory); -} - - -CertificateHandlerFactoryRegistrar::~CertificateHandlerFactoryRegistrar() -{ -} - - -} } // namespace Poco::Net +// +// CertificateHandlerFactory.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: CertificateHandlerFactory +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/CertificateHandlerFactory.h" +#include "Poco/Net/SSLManager.h" + + +namespace Poco { +namespace Net { + + +CertificateHandlerFactory::CertificateHandlerFactory() +{ +} + + +CertificateHandlerFactory::~CertificateHandlerFactory() +{ +} + + +CertificateHandlerFactoryRegistrar::CertificateHandlerFactoryRegistrar(const std::string& name, CertificateHandlerFactory* pFactory) +{ + SSLManager::instance().certificateHandlerFactoryMgr().setFactory(name, pFactory); +} + + +CertificateHandlerFactoryRegistrar::~CertificateHandlerFactoryRegistrar() +{ +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp index 5de448a076..a89bbea11f 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp @@ -1,69 +1,69 @@ -// -// CertificateHandlerFactoryMgr.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: CertificateHandlerFactoryMgr -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/CertificateHandlerFactoryMgr.h" -#include "Poco/Net/ConsoleCertificateHandler.h" -#include "Poco/Net/AcceptCertificateHandler.h" -#include "Poco/Net/RejectCertificateHandler.h" - - -namespace Poco { -namespace Net { - - -CertificateHandlerFactoryMgr::CertificateHandlerFactoryMgr() -{ - setFactory("ConsoleCertificateHandler", new CertificateHandlerFactoryImpl<ConsoleCertificateHandler>()); - setFactory("AcceptCertificateHandler", new CertificateHandlerFactoryImpl<AcceptCertificateHandler>()); - setFactory("RejectCertificateHandler", new CertificateHandlerFactoryImpl<RejectCertificateHandler>()); -} - - -CertificateHandlerFactoryMgr::~CertificateHandlerFactoryMgr() -{ -} - - -void CertificateHandlerFactoryMgr::setFactory(const std::string& name, CertificateHandlerFactory* pFactory) -{ - bool success = _factories.insert(make_pair(name, Poco::SharedPtr<CertificateHandlerFactory>(pFactory))).second; - if (!success) - delete pFactory; - poco_assert(success); -} - - -bool CertificateHandlerFactoryMgr::hasFactory(const std::string& name) const -{ - return _factories.find(name) != _factories.end(); -} - - -const CertificateHandlerFactory* CertificateHandlerFactoryMgr::getFactory(const std::string& name) const -{ - FactoriesMap::const_iterator it = _factories.find(name); - if (it != _factories.end()) - return it->second; - else - return 0; -} - - -void CertificateHandlerFactoryMgr::removeFactory(const std::string& name) -{ - _factories.erase(name); -} - - -} } // namespace Poco::Net +// +// CertificateHandlerFactoryMgr.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: CertificateHandlerFactoryMgr +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/CertificateHandlerFactoryMgr.h" +#include "Poco/Net/ConsoleCertificateHandler.h" +#include "Poco/Net/AcceptCertificateHandler.h" +#include "Poco/Net/RejectCertificateHandler.h" + + +namespace Poco { +namespace Net { + + +CertificateHandlerFactoryMgr::CertificateHandlerFactoryMgr() +{ + setFactory("ConsoleCertificateHandler", new CertificateHandlerFactoryImpl<ConsoleCertificateHandler>()); + setFactory("AcceptCertificateHandler", new CertificateHandlerFactoryImpl<AcceptCertificateHandler>()); + setFactory("RejectCertificateHandler", new CertificateHandlerFactoryImpl<RejectCertificateHandler>()); +} + + +CertificateHandlerFactoryMgr::~CertificateHandlerFactoryMgr() +{ +} + + +void CertificateHandlerFactoryMgr::setFactory(const std::string& name, CertificateHandlerFactory* pFactory) +{ + bool success = _factories.insert(make_pair(name, Poco::SharedPtr<CertificateHandlerFactory>(pFactory))).second; + if (!success) + delete pFactory; + poco_assert(success); +} + + +bool CertificateHandlerFactoryMgr::hasFactory(const std::string& name) const +{ + return _factories.find(name) != _factories.end(); +} + + +const CertificateHandlerFactory* CertificateHandlerFactoryMgr::getFactory(const std::string& name) const +{ + FactoriesMap::const_iterator it = _factories.find(name); + if (it != _factories.end()) + return it->second; + else + return 0; +} + + +void CertificateHandlerFactoryMgr::removeFactory(const std::string& name) +{ + _factories.erase(name); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp index 126d0772fc..db64752e70 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp @@ -1,53 +1,53 @@ -// -// ConsoleCertificateHandler.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: ConsoleCertificateHandler -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/ConsoleCertificateHandler.h" -#include <iostream> - - -namespace Poco { -namespace Net { - - -ConsoleCertificateHandler::ConsoleCertificateHandler(bool server): InvalidCertificateHandler(server) -{ -} - - -ConsoleCertificateHandler::~ConsoleCertificateHandler() -{ -} - - -void ConsoleCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert) -{ - const X509Certificate& aCert = errorCert.certificate(); - std::cout << "\n"; - std::cout << "WARNING: Certificate verification failed\n"; - std::cout << "----------------------------------------\n"; - std::cout << "Issuer Name: " << aCert.issuerName() << "\n"; - std::cout << "Subject Name: " << aCert.subjectName() << "\n\n"; - std::cout << "The certificate yielded the error: " << errorCert.errorMessage() << "\n\n"; - std::cout << "The error occurred in the certificate chain at position " << errorCert.errorDepth() << "\n"; - std::cout << "Accept the certificate (y,n)? "; - char c = 0; - std::cin >> c; - if (c == 'y' || c == 'Y') - errorCert.setIgnoreError(true); - else - errorCert.setIgnoreError(false); -} - - -} } // namespace Poco::Net +// +// ConsoleCertificateHandler.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: ConsoleCertificateHandler +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/ConsoleCertificateHandler.h" +#include <iostream> + + +namespace Poco { +namespace Net { + + +ConsoleCertificateHandler::ConsoleCertificateHandler(bool server): InvalidCertificateHandler(server) +{ +} + + +ConsoleCertificateHandler::~ConsoleCertificateHandler() +{ +} + + +void ConsoleCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert) +{ + const X509Certificate& aCert = errorCert.certificate(); + std::cout << "\n"; + std::cout << "WARNING: Certificate verification failed\n"; + std::cout << "----------------------------------------\n"; + std::cout << "Issuer Name: " << aCert.issuerName() << "\n"; + std::cout << "Subject Name: " << aCert.subjectName() << "\n\n"; + std::cout << "The certificate yielded the error: " << errorCert.errorMessage() << "\n\n"; + std::cout << "The error occurred in the certificate chain at position " << errorCert.errorDepth() << "\n"; + std::cout << "Accept the certificate (y,n)? "; + char c = 0; + std::cin >> c; + if (c == 'y' || c == 'Y') + errorCert.setIgnoreError(true); + else + errorCert.setIgnoreError(false); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/Context.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/Context.cpp index 80417c1006..2b16790ca4 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/Context.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/Context.cpp @@ -1,578 +1,578 @@ -// -// Context.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: Context -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/Context.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/Net/SSLException.h" -#include "Poco/Net/Utility.h" -#include "Poco/Crypto/OpenSSLInitializer.h" -#include "Poco/File.h" -#include "Poco/Path.h" -#include "Poco/Timestamp.h" -#include <openssl/bio.h> -#include <openssl/err.h> -#include <openssl/ssl.h> -#include <openssl/x509v3.h> - - -namespace Poco { -namespace Net { - - -Context::Params::Params(): - verificationMode(VERIFY_RELAXED), - verificationDepth(9), - loadDefaultCAs(false), - cipherList("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") -{ -} - - -Context::Context(Usage usage, const Params& params): - _usage(usage), - _mode(params.verificationMode), - _pSSLContext(0), - _extendedCertificateVerification(true) -{ - init(params); -} - - -Context::Context( - Usage usage, - const std::string& privateKeyFile, - const std::string& certificateFile, - const std::string& caLocation, - VerificationMode verificationMode, - int verificationDepth, - bool loadDefaultCAs, - const std::string& cipherList): - _usage(usage), - _mode(verificationMode), - _pSSLContext(0), - _extendedCertificateVerification(true) -{ - Params params; - params.privateKeyFile = privateKeyFile; - params.certificateFile = certificateFile; - params.caLocation = caLocation; - params.verificationMode = verificationMode; - params.verificationDepth = verificationDepth; - params.loadDefaultCAs = loadDefaultCAs; - params.cipherList = cipherList; - init(params); -} - - -Context::Context( - Usage usage, - const std::string& caLocation, - VerificationMode verificationMode, - int verificationDepth, - bool loadDefaultCAs, - const std::string& cipherList): - _usage(usage), - _mode(verificationMode), - _pSSLContext(0), - _extendedCertificateVerification(true) -{ - Params params; - params.caLocation = caLocation; - params.verificationMode = verificationMode; - params.verificationDepth = verificationDepth; - params.loadDefaultCAs = loadDefaultCAs; - params.cipherList = cipherList; - init(params); -} - - -Context::~Context() -{ - try - { - SSL_CTX_free(_pSSLContext); - Poco::Crypto::OpenSSLInitializer::uninitialize(); - } - catch (...) - { - poco_unexpected(); - } -} - - -void Context::init(const Params& params) -{ - Poco::Crypto::OpenSSLInitializer::initialize(); - - createSSLContext(); - - try - { - int errCode = 0; - if (!params.caLocation.empty()) - { - Poco::File aFile(params.caLocation); - if (aFile.isDirectory()) - errCode = SSL_CTX_load_verify_locations(_pSSLContext, 0, Poco::Path::transcode(params.caLocation).c_str()); - else - errCode = SSL_CTX_load_verify_locations(_pSSLContext, Poco::Path::transcode(params.caLocation).c_str(), 0); - if (errCode != 1) - { - std::string msg = Utility::getLastError(); - throw SSLContextException(std::string("Cannot load CA file/directory at ") + params.caLocation, msg); - } - } - - if (params.loadDefaultCAs) - { - errCode = SSL_CTX_set_default_verify_paths(_pSSLContext); - if (errCode != 1) - { - std::string msg = Utility::getLastError(); - throw SSLContextException("Cannot load default CA certificates", msg); - } - } - - if (!params.privateKeyFile.empty()) - { - errCode = SSL_CTX_use_PrivateKey_file(_pSSLContext, Poco::Path::transcode(params.privateKeyFile).c_str(), SSL_FILETYPE_PEM); - if (errCode != 1) - { - std::string msg = Utility::getLastError(); - throw SSLContextException(std::string("Error loading private key from file ") + params.privateKeyFile, msg); - } - } - - if (!params.certificateFile.empty()) - { - errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, Poco::Path::transcode(params.certificateFile).c_str()); - if (errCode != 1) - { - std::string errMsg = Utility::getLastError(); - throw SSLContextException(std::string("Error loading certificate from file ") + params.certificateFile, errMsg); - } - } - - if (isForServerUse()) - SSL_CTX_set_verify(_pSSLContext, params.verificationMode, &SSLManager::verifyServerCallback); - else - SSL_CTX_set_verify(_pSSLContext, params.verificationMode, &SSLManager::verifyClientCallback); - - SSL_CTX_set_cipher_list(_pSSLContext, params.cipherList.c_str()); - SSL_CTX_set_verify_depth(_pSSLContext, params.verificationDepth); - SSL_CTX_set_mode(_pSSLContext, SSL_MODE_AUTO_RETRY); - SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF); - - initDH(params.dhParamsFile); - initECDH(params.ecdhCurve); - } - catch (...) - { - SSL_CTX_free(_pSSLContext); - throw; - } -} - - -void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate) -{ - int errCode = SSL_CTX_use_certificate(_pSSLContext, const_cast<X509*>(certificate.certificate())); - if (errCode != 1) - { - std::string msg = Utility::getLastError(); - throw SSLContextException("Cannot set certificate for Context", msg); - } -} - - -void Context::addChainCertificate(const Poco::Crypto::X509Certificate& certificate) -{ - X509* pCert = certificate.dup(); - int errCode = SSL_CTX_add_extra_chain_cert(_pSSLContext, pCert); - if (errCode != 1) - { - X509_free(pCert); - std::string msg = Utility::getLastError(); - throw SSLContextException("Cannot add chain certificate to Context", msg); - } -} - - -void Context::addCertificateAuthority(const Crypto::X509Certificate &certificate) -{ - if (X509_STORE* store = SSL_CTX_get_cert_store(_pSSLContext)) - { - int errCode = X509_STORE_add_cert(store, const_cast<X509*>(certificate.certificate())); - if (errCode != 1) - { - std::string msg = Utility::getLastError(); - throw SSLContextException("Cannot add certificate authority to Context", msg); - } - } - else - { - std::string msg = Utility::getLastError(); - throw SSLContextException("Cannot add certificate authority to Context", msg); - } -} - - -void Context::usePrivateKey(const Poco::Crypto::RSAKey& key) -{ - int errCode = SSL_CTX_use_RSAPrivateKey(_pSSLContext, key.impl()->getRSA()); - if (errCode != 1) - { - std::string msg = Utility::getLastError(); - throw SSLContextException("Cannot set private key for Context", msg); - } -} - - -void Context::enableSessionCache(bool flag) -{ - if (flag) - { - SSL_CTX_set_session_cache_mode(_pSSLContext, isForServerUse() ? SSL_SESS_CACHE_SERVER : SSL_SESS_CACHE_CLIENT); - } - else - { - SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF); - } -} - - -void Context::enableSessionCache(bool flag, const std::string& sessionIdContext) -{ - poco_assert (isForServerUse()); - - if (flag) - { - SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_SERVER); - } - else - { - SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF); - } - - unsigned length = static_cast<unsigned>(sessionIdContext.length()); - if (length > SSL_MAX_SSL_SESSION_ID_LENGTH) length = SSL_MAX_SSL_SESSION_ID_LENGTH; - int rc = SSL_CTX_set_session_id_context(_pSSLContext, reinterpret_cast<const unsigned char*>(sessionIdContext.data()), length); - if (rc != 1) throw SSLContextException("cannot set session ID context"); -} - - -bool Context::sessionCacheEnabled() const -{ - return SSL_CTX_get_session_cache_mode(_pSSLContext) != SSL_SESS_CACHE_OFF; -} - - -void Context::setSessionCacheSize(std::size_t size) -{ - poco_assert (isForServerUse()); - - SSL_CTX_sess_set_cache_size(_pSSLContext, static_cast<long>(size)); -} - - -std::size_t Context::getSessionCacheSize() const -{ - poco_assert (isForServerUse()); - - return static_cast<std::size_t>(SSL_CTX_sess_get_cache_size(_pSSLContext)); -} - - -void Context::setSessionTimeout(long seconds) -{ - poco_assert (isForServerUse()); - - SSL_CTX_set_timeout(_pSSLContext, seconds); -} - - -long Context::getSessionTimeout() const -{ - poco_assert (isForServerUse()); - - return SSL_CTX_get_timeout(_pSSLContext); -} - - -void Context::flushSessionCache() -{ - poco_assert (isForServerUse()); - - Poco::Timestamp now; - SSL_CTX_flush_sessions(_pSSLContext, static_cast<long>(now.epochTime())); -} - - -void Context::enableExtendedCertificateVerification(bool flag) -{ - _extendedCertificateVerification = flag; -} - - -void Context::disableStatelessSessionResumption() -{ -#if defined(SSL_OP_NO_TICKET) - SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TICKET); -#endif -} - - -void Context::disableProtocols(int protocols) -{ - if (protocols & PROTO_SSLV2) - { -#if defined(SSL_OP_NO_SSLv2) - SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_SSLv2); -#endif - } - if (protocols & PROTO_SSLV3) - { -#if defined(SSL_OP_NO_SSLv3) - SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_SSLv3); -#endif - } - if (protocols & PROTO_TLSV1) - { -#if defined(SSL_OP_NO_TLSv1) - SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1); -#endif - } - if (protocols & PROTO_TLSV1_1) - { -#if defined(SSL_OP_NO_TLSv1_1) - SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1_1); -#endif - } - if (protocols & PROTO_TLSV1_2) - { -#if defined(SSL_OP_NO_TLSv1_2) - SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1_2); -#endif - } -} - - -void Context::preferServerCiphers() -{ -#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE) - SSL_CTX_set_options(_pSSLContext, SSL_OP_CIPHER_SERVER_PREFERENCE); -#endif -} - - -void Context::createSSLContext() -{ - if (SSLManager::isFIPSEnabled()) - { - _pSSLContext = SSL_CTX_new(TLSv1_method()); - } - else - { - switch (_usage) - { - case CLIENT_USE: -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - _pSSLContext = SSL_CTX_new(TLS_client_method()); -#else - _pSSLContext = SSL_CTX_new(SSLv23_client_method()); -#endif - break; - case SERVER_USE: -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - _pSSLContext = SSL_CTX_new(TLS_server_method()); -#else - _pSSLContext = SSL_CTX_new(SSLv23_server_method()); -#endif - break; -#if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1) - case TLSV1_CLIENT_USE: - _pSSLContext = SSL_CTX_new(TLSv1_client_method()); - break; - case TLSV1_SERVER_USE: - _pSSLContext = SSL_CTX_new(TLSv1_server_method()); - break; -#endif -#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1) -/* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version supports TLSv1.1. - * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the compiler command line - * if TLS1.x was removed at OpenSSL library build time via Configure options. - */ - case TLSV1_1_CLIENT_USE: - _pSSLContext = SSL_CTX_new(TLSv1_1_client_method()); - break; - case TLSV1_1_SERVER_USE: - _pSSLContext = SSL_CTX_new(TLSv1_1_server_method()); - break; -#endif -#if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1) - case TLSV1_2_CLIENT_USE: - _pSSLContext = SSL_CTX_new(TLSv1_2_client_method()); - break; - case TLSV1_2_SERVER_USE: - _pSSLContext = SSL_CTX_new(TLSv1_2_server_method()); - break; -#endif - default: - throw Poco::InvalidArgumentException("Invalid or unsupported usage"); - } - } - if (!_pSSLContext) - { - unsigned long err = ERR_get_error(); - throw SSLException("Cannot create SSL_CTX object", ERR_error_string(err, 0)); - } - - SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPassphraseCallback); - Utility::clearErrorStack(); - SSL_CTX_set_options(_pSSLContext, SSL_OP_ALL); -} - - -void Context::initDH(const std::string& dhParamsFile) -{ -#ifndef OPENSSL_NO_DH - // 1024-bit MODP Group with 160-bit prime order subgroup (RFC5114) - // -----BEGIN DH PARAMETERS----- - // MIIBDAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y - // mDjvHi7mUsAT7LSuqQYRIySXXDzUm4O/rMvdfZDEvXCYSI6cIZpzck7/1vrlZEc4 - // +qMaT/VbzMChUa9fDci0vUW/N982XBpl5oz9p21NpwjfH7K8LkpDcQKBgQCk0cvV - // w/00EmdlpELvuZkF+BBN0lisUH/WQGz/FCZtMSZv6h5cQVZLd35pD1UE8hMWAhe0 - // sBuIal6RVH+eJ0n01/vX07mpLuGQnQ0iY/gKdqaiTAh6CR9THb8KAWm2oorWYqTR - // jnOvoy13nVkY0IvIhY9Nzvl8KiSFXm7rIrOy5QICAKA= - // -----END DH PARAMETERS----- - // - - static const unsigned char dh1024_p[] = - { - 0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E, - 0xAE,0x5D,0x54,0xEC,0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6, - 0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61,0x60,0x73,0xE2,0x86, - 0x75,0xA2,0x3D,0x18,0x98,0x38,0xEF,0x1E,0x2E,0xE6,0x52,0xC0, - 0x13,0xEC,0xB4,0xAE,0xA9,0x06,0x11,0x23,0x24,0x97,0x5C,0x3C, - 0xD4,0x9B,0x83,0xBF,0xAC,0xCB,0xDD,0x7D,0x90,0xC4,0xBD,0x70, - 0x98,0x48,0x8E,0x9C,0x21,0x9A,0x73,0x72,0x4E,0xFF,0xD6,0xFA, - 0xE5,0x64,0x47,0x38,0xFA,0xA3,0x1A,0x4F,0xF5,0x5B,0xCC,0xC0, - 0xA1,0x51,0xAF,0x5F,0x0D,0xC8,0xB4,0xBD,0x45,0xBF,0x37,0xDF, - 0x36,0x5C,0x1A,0x65,0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08, - 0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71, - }; - - static const unsigned char dh1024_g[] = - { - 0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42, - 0xEF,0xB9,0x99,0x05,0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F, - 0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31,0x26,0x6F,0xEA,0x1E, - 0x5C,0x41,0x56,0x4B,0x77,0x7E,0x69,0x0F,0x55,0x04,0xF2,0x13, - 0x16,0x02,0x17,0xB4,0xB0,0x1B,0x88,0x6A,0x5E,0x91,0x54,0x7F, - 0x9E,0x27,0x49,0xF4,0xD7,0xFB,0xD7,0xD3,0xB9,0xA9,0x2E,0xE1, - 0x90,0x9D,0x0D,0x22,0x63,0xF8,0x0A,0x76,0xA6,0xA2,0x4C,0x08, - 0x7A,0x09,0x1F,0x53,0x1D,0xBF,0x0A,0x01,0x69,0xB6,0xA2,0x8A, - 0xD6,0x62,0xA4,0xD1,0x8E,0x73,0xAF,0xA3,0x2D,0x77,0x9D,0x59, - 0x18,0xD0,0x8B,0xC8,0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24, - 0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5, - }; - - DH* dh = 0; - if (!dhParamsFile.empty()) - { - BIO* bio = BIO_new_file(dhParamsFile.c_str(), "r"); - if (!bio) - { - std::string msg = Utility::getLastError(); - throw SSLContextException(std::string("Error opening Diffie-Hellman parameters file ") + dhParamsFile, msg); - } - dh = PEM_read_bio_DHparams(bio, 0, 0, 0); - BIO_free(bio); - if (!dh) - { - std::string msg = Utility::getLastError(); - throw SSLContextException(std::string("Error reading Diffie-Hellman parameters from file ") + dhParamsFile, msg); - } - } - else - { - dh = DH_new(); - if (!dh) - { - std::string msg = Utility::getLastError(); - throw SSLContextException("Error creating Diffie-Hellman parameters", msg); - } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - BIGNUM* p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0); - BIGNUM* g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0); - DH_set0_pqg(dh, p, 0, g); - DH_set_length(dh, 160); - if (!p || !g) - { - DH_free(dh); - throw SSLContextException("Error creating Diffie-Hellman parameters"); - } -#else - dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0); - dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0); - dh->length = 160; - if ((!dh->p) || (!dh->g)) - { - DH_free(dh); - throw SSLContextException("Error creating Diffie-Hellman parameters"); - } -#endif - } - SSL_CTX_set_tmp_dh(_pSSLContext, dh); - SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_DH_USE); - DH_free(dh); -#else - if (!dhParamsFile.empty()) - throw SSLContextException("OpenSSL does not support DH"); -#endif -} - - -void Context::initECDH(const std::string& curve) -{ -#if OPENSSL_VERSION_NUMBER >= 0x0090800fL -#ifndef OPENSSL_NO_ECDH - int nid = 0; - if (!curve.empty()) - { - nid = OBJ_sn2nid(curve.c_str()); - } - else - { - nid = OBJ_sn2nid("prime256v1"); - } - if (nid == 0) - { - throw SSLContextException("Unknown ECDH curve name", curve); - } - - EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid); - if (!ecdh) - { - throw SSLContextException("Cannot create ECDH curve"); - } - SSL_CTX_set_tmp_ecdh(_pSSLContext, ecdh); - SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE); - EC_KEY_free(ecdh); -#endif -#endif -} - - -} } // namespace Poco::Net +// +// Context.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: Context +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/Context.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/Net/SSLException.h" +#include "Poco/Net/Utility.h" +#include "Poco/Crypto/OpenSSLInitializer.h" +#include "Poco/File.h" +#include "Poco/Path.h" +#include "Poco/Timestamp.h" +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/x509v3.h> + + +namespace Poco { +namespace Net { + + +Context::Params::Params(): + verificationMode(VERIFY_RELAXED), + verificationDepth(9), + loadDefaultCAs(false), + cipherList("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") +{ +} + + +Context::Context(Usage usage, const Params& params): + _usage(usage), + _mode(params.verificationMode), + _pSSLContext(0), + _extendedCertificateVerification(true) +{ + init(params); +} + + +Context::Context( + Usage usage, + const std::string& privateKeyFile, + const std::string& certificateFile, + const std::string& caLocation, + VerificationMode verificationMode, + int verificationDepth, + bool loadDefaultCAs, + const std::string& cipherList): + _usage(usage), + _mode(verificationMode), + _pSSLContext(0), + _extendedCertificateVerification(true) +{ + Params params; + params.privateKeyFile = privateKeyFile; + params.certificateFile = certificateFile; + params.caLocation = caLocation; + params.verificationMode = verificationMode; + params.verificationDepth = verificationDepth; + params.loadDefaultCAs = loadDefaultCAs; + params.cipherList = cipherList; + init(params); +} + + +Context::Context( + Usage usage, + const std::string& caLocation, + VerificationMode verificationMode, + int verificationDepth, + bool loadDefaultCAs, + const std::string& cipherList): + _usage(usage), + _mode(verificationMode), + _pSSLContext(0), + _extendedCertificateVerification(true) +{ + Params params; + params.caLocation = caLocation; + params.verificationMode = verificationMode; + params.verificationDepth = verificationDepth; + params.loadDefaultCAs = loadDefaultCAs; + params.cipherList = cipherList; + init(params); +} + + +Context::~Context() +{ + try + { + SSL_CTX_free(_pSSLContext); + Poco::Crypto::OpenSSLInitializer::uninitialize(); + } + catch (...) + { + poco_unexpected(); + } +} + + +void Context::init(const Params& params) +{ + Poco::Crypto::OpenSSLInitializer::initialize(); + + createSSLContext(); + + try + { + int errCode = 0; + if (!params.caLocation.empty()) + { + Poco::File aFile(params.caLocation); + if (aFile.isDirectory()) + errCode = SSL_CTX_load_verify_locations(_pSSLContext, 0, Poco::Path::transcode(params.caLocation).c_str()); + else + errCode = SSL_CTX_load_verify_locations(_pSSLContext, Poco::Path::transcode(params.caLocation).c_str(), 0); + if (errCode != 1) + { + std::string msg = Utility::getLastError(); + throw SSLContextException(std::string("Cannot load CA file/directory at ") + params.caLocation, msg); + } + } + + if (params.loadDefaultCAs) + { + errCode = SSL_CTX_set_default_verify_paths(_pSSLContext); + if (errCode != 1) + { + std::string msg = Utility::getLastError(); + throw SSLContextException("Cannot load default CA certificates", msg); + } + } + + if (!params.privateKeyFile.empty()) + { + errCode = SSL_CTX_use_PrivateKey_file(_pSSLContext, Poco::Path::transcode(params.privateKeyFile).c_str(), SSL_FILETYPE_PEM); + if (errCode != 1) + { + std::string msg = Utility::getLastError(); + throw SSLContextException(std::string("Error loading private key from file ") + params.privateKeyFile, msg); + } + } + + if (!params.certificateFile.empty()) + { + errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, Poco::Path::transcode(params.certificateFile).c_str()); + if (errCode != 1) + { + std::string errMsg = Utility::getLastError(); + throw SSLContextException(std::string("Error loading certificate from file ") + params.certificateFile, errMsg); + } + } + + if (isForServerUse()) + SSL_CTX_set_verify(_pSSLContext, params.verificationMode, &SSLManager::verifyServerCallback); + else + SSL_CTX_set_verify(_pSSLContext, params.verificationMode, &SSLManager::verifyClientCallback); + + SSL_CTX_set_cipher_list(_pSSLContext, params.cipherList.c_str()); + SSL_CTX_set_verify_depth(_pSSLContext, params.verificationDepth); + SSL_CTX_set_mode(_pSSLContext, SSL_MODE_AUTO_RETRY); + SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF); + + initDH(params.dhParamsFile); + initECDH(params.ecdhCurve); + } + catch (...) + { + SSL_CTX_free(_pSSLContext); + throw; + } +} + + +void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate) +{ + int errCode = SSL_CTX_use_certificate(_pSSLContext, const_cast<X509*>(certificate.certificate())); + if (errCode != 1) + { + std::string msg = Utility::getLastError(); + throw SSLContextException("Cannot set certificate for Context", msg); + } +} + + +void Context::addChainCertificate(const Poco::Crypto::X509Certificate& certificate) +{ + X509* pCert = certificate.dup(); + int errCode = SSL_CTX_add_extra_chain_cert(_pSSLContext, pCert); + if (errCode != 1) + { + X509_free(pCert); + std::string msg = Utility::getLastError(); + throw SSLContextException("Cannot add chain certificate to Context", msg); + } +} + + +void Context::addCertificateAuthority(const Crypto::X509Certificate &certificate) +{ + if (X509_STORE* store = SSL_CTX_get_cert_store(_pSSLContext)) + { + int errCode = X509_STORE_add_cert(store, const_cast<X509*>(certificate.certificate())); + if (errCode != 1) + { + std::string msg = Utility::getLastError(); + throw SSLContextException("Cannot add certificate authority to Context", msg); + } + } + else + { + std::string msg = Utility::getLastError(); + throw SSLContextException("Cannot add certificate authority to Context", msg); + } +} + + +void Context::usePrivateKey(const Poco::Crypto::RSAKey& key) +{ + int errCode = SSL_CTX_use_RSAPrivateKey(_pSSLContext, key.impl()->getRSA()); + if (errCode != 1) + { + std::string msg = Utility::getLastError(); + throw SSLContextException("Cannot set private key for Context", msg); + } +} + + +void Context::enableSessionCache(bool flag) +{ + if (flag) + { + SSL_CTX_set_session_cache_mode(_pSSLContext, isForServerUse() ? SSL_SESS_CACHE_SERVER : SSL_SESS_CACHE_CLIENT); + } + else + { + SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF); + } +} + + +void Context::enableSessionCache(bool flag, const std::string& sessionIdContext) +{ + poco_assert (isForServerUse()); + + if (flag) + { + SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_SERVER); + } + else + { + SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF); + } + + unsigned length = static_cast<unsigned>(sessionIdContext.length()); + if (length > SSL_MAX_SSL_SESSION_ID_LENGTH) length = SSL_MAX_SSL_SESSION_ID_LENGTH; + int rc = SSL_CTX_set_session_id_context(_pSSLContext, reinterpret_cast<const unsigned char*>(sessionIdContext.data()), length); + if (rc != 1) throw SSLContextException("cannot set session ID context"); +} + + +bool Context::sessionCacheEnabled() const +{ + return SSL_CTX_get_session_cache_mode(_pSSLContext) != SSL_SESS_CACHE_OFF; +} + + +void Context::setSessionCacheSize(std::size_t size) +{ + poco_assert (isForServerUse()); + + SSL_CTX_sess_set_cache_size(_pSSLContext, static_cast<long>(size)); +} + + +std::size_t Context::getSessionCacheSize() const +{ + poco_assert (isForServerUse()); + + return static_cast<std::size_t>(SSL_CTX_sess_get_cache_size(_pSSLContext)); +} + + +void Context::setSessionTimeout(long seconds) +{ + poco_assert (isForServerUse()); + + SSL_CTX_set_timeout(_pSSLContext, seconds); +} + + +long Context::getSessionTimeout() const +{ + poco_assert (isForServerUse()); + + return SSL_CTX_get_timeout(_pSSLContext); +} + + +void Context::flushSessionCache() +{ + poco_assert (isForServerUse()); + + Poco::Timestamp now; + SSL_CTX_flush_sessions(_pSSLContext, static_cast<long>(now.epochTime())); +} + + +void Context::enableExtendedCertificateVerification(bool flag) +{ + _extendedCertificateVerification = flag; +} + + +void Context::disableStatelessSessionResumption() +{ +#if defined(SSL_OP_NO_TICKET) + SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TICKET); +#endif +} + + +void Context::disableProtocols(int protocols) +{ + if (protocols & PROTO_SSLV2) + { +#if defined(SSL_OP_NO_SSLv2) + SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_SSLv2); +#endif + } + if (protocols & PROTO_SSLV3) + { +#if defined(SSL_OP_NO_SSLv3) + SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_SSLv3); +#endif + } + if (protocols & PROTO_TLSV1) + { +#if defined(SSL_OP_NO_TLSv1) + SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1); +#endif + } + if (protocols & PROTO_TLSV1_1) + { +#if defined(SSL_OP_NO_TLSv1_1) + SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1_1); +#endif + } + if (protocols & PROTO_TLSV1_2) + { +#if defined(SSL_OP_NO_TLSv1_2) + SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1_2); +#endif + } +} + + +void Context::preferServerCiphers() +{ +#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE) + SSL_CTX_set_options(_pSSLContext, SSL_OP_CIPHER_SERVER_PREFERENCE); +#endif +} + + +void Context::createSSLContext() +{ + if (SSLManager::isFIPSEnabled()) + { + _pSSLContext = SSL_CTX_new(TLSv1_method()); + } + else + { + switch (_usage) + { + case CLIENT_USE: +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + _pSSLContext = SSL_CTX_new(TLS_client_method()); +#else + _pSSLContext = SSL_CTX_new(SSLv23_client_method()); +#endif + break; + case SERVER_USE: +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + _pSSLContext = SSL_CTX_new(TLS_server_method()); +#else + _pSSLContext = SSL_CTX_new(SSLv23_server_method()); +#endif + break; +#if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1) + case TLSV1_CLIENT_USE: + _pSSLContext = SSL_CTX_new(TLSv1_client_method()); + break; + case TLSV1_SERVER_USE: + _pSSLContext = SSL_CTX_new(TLSv1_server_method()); + break; +#endif +#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1) +/* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version supports TLSv1.1. + * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the compiler command line + * if TLS1.x was removed at OpenSSL library build time via Configure options. + */ + case TLSV1_1_CLIENT_USE: + _pSSLContext = SSL_CTX_new(TLSv1_1_client_method()); + break; + case TLSV1_1_SERVER_USE: + _pSSLContext = SSL_CTX_new(TLSv1_1_server_method()); + break; +#endif +#if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1) + case TLSV1_2_CLIENT_USE: + _pSSLContext = SSL_CTX_new(TLSv1_2_client_method()); + break; + case TLSV1_2_SERVER_USE: + _pSSLContext = SSL_CTX_new(TLSv1_2_server_method()); + break; +#endif + default: + throw Poco::InvalidArgumentException("Invalid or unsupported usage"); + } + } + if (!_pSSLContext) + { + unsigned long err = ERR_get_error(); + throw SSLException("Cannot create SSL_CTX object", ERR_error_string(err, 0)); + } + + SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPassphraseCallback); + Utility::clearErrorStack(); + SSL_CTX_set_options(_pSSLContext, SSL_OP_ALL); +} + + +void Context::initDH(const std::string& dhParamsFile) +{ +#ifndef OPENSSL_NO_DH + // 1024-bit MODP Group with 160-bit prime order subgroup (RFC5114) + // -----BEGIN DH PARAMETERS----- + // MIIBDAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y + // mDjvHi7mUsAT7LSuqQYRIySXXDzUm4O/rMvdfZDEvXCYSI6cIZpzck7/1vrlZEc4 + // +qMaT/VbzMChUa9fDci0vUW/N982XBpl5oz9p21NpwjfH7K8LkpDcQKBgQCk0cvV + // w/00EmdlpELvuZkF+BBN0lisUH/WQGz/FCZtMSZv6h5cQVZLd35pD1UE8hMWAhe0 + // sBuIal6RVH+eJ0n01/vX07mpLuGQnQ0iY/gKdqaiTAh6CR9THb8KAWm2oorWYqTR + // jnOvoy13nVkY0IvIhY9Nzvl8KiSFXm7rIrOy5QICAKA= + // -----END DH PARAMETERS----- + // + + static const unsigned char dh1024_p[] = + { + 0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E, + 0xAE,0x5D,0x54,0xEC,0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6, + 0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61,0x60,0x73,0xE2,0x86, + 0x75,0xA2,0x3D,0x18,0x98,0x38,0xEF,0x1E,0x2E,0xE6,0x52,0xC0, + 0x13,0xEC,0xB4,0xAE,0xA9,0x06,0x11,0x23,0x24,0x97,0x5C,0x3C, + 0xD4,0x9B,0x83,0xBF,0xAC,0xCB,0xDD,0x7D,0x90,0xC4,0xBD,0x70, + 0x98,0x48,0x8E,0x9C,0x21,0x9A,0x73,0x72,0x4E,0xFF,0xD6,0xFA, + 0xE5,0x64,0x47,0x38,0xFA,0xA3,0x1A,0x4F,0xF5,0x5B,0xCC,0xC0, + 0xA1,0x51,0xAF,0x5F,0x0D,0xC8,0xB4,0xBD,0x45,0xBF,0x37,0xDF, + 0x36,0x5C,0x1A,0x65,0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08, + 0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71, + }; + + static const unsigned char dh1024_g[] = + { + 0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42, + 0xEF,0xB9,0x99,0x05,0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F, + 0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31,0x26,0x6F,0xEA,0x1E, + 0x5C,0x41,0x56,0x4B,0x77,0x7E,0x69,0x0F,0x55,0x04,0xF2,0x13, + 0x16,0x02,0x17,0xB4,0xB0,0x1B,0x88,0x6A,0x5E,0x91,0x54,0x7F, + 0x9E,0x27,0x49,0xF4,0xD7,0xFB,0xD7,0xD3,0xB9,0xA9,0x2E,0xE1, + 0x90,0x9D,0x0D,0x22,0x63,0xF8,0x0A,0x76,0xA6,0xA2,0x4C,0x08, + 0x7A,0x09,0x1F,0x53,0x1D,0xBF,0x0A,0x01,0x69,0xB6,0xA2,0x8A, + 0xD6,0x62,0xA4,0xD1,0x8E,0x73,0xAF,0xA3,0x2D,0x77,0x9D,0x59, + 0x18,0xD0,0x8B,0xC8,0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24, + 0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5, + }; + + DH* dh = 0; + if (!dhParamsFile.empty()) + { + BIO* bio = BIO_new_file(dhParamsFile.c_str(), "r"); + if (!bio) + { + std::string msg = Utility::getLastError(); + throw SSLContextException(std::string("Error opening Diffie-Hellman parameters file ") + dhParamsFile, msg); + } + dh = PEM_read_bio_DHparams(bio, 0, 0, 0); + BIO_free(bio); + if (!dh) + { + std::string msg = Utility::getLastError(); + throw SSLContextException(std::string("Error reading Diffie-Hellman parameters from file ") + dhParamsFile, msg); + } + } + else + { + dh = DH_new(); + if (!dh) + { + std::string msg = Utility::getLastError(); + throw SSLContextException("Error creating Diffie-Hellman parameters", msg); + } +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + BIGNUM* p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0); + BIGNUM* g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0); + DH_set0_pqg(dh, p, 0, g); + DH_set_length(dh, 160); + if (!p || !g) + { + DH_free(dh); + throw SSLContextException("Error creating Diffie-Hellman parameters"); + } +#else + dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0); + dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0); + dh->length = 160; + if ((!dh->p) || (!dh->g)) + { + DH_free(dh); + throw SSLContextException("Error creating Diffie-Hellman parameters"); + } +#endif + } + SSL_CTX_set_tmp_dh(_pSSLContext, dh); + SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_DH_USE); + DH_free(dh); +#else + if (!dhParamsFile.empty()) + throw SSLContextException("OpenSSL does not support DH"); +#endif +} + + +void Context::initECDH(const std::string& curve) +{ +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL +#ifndef OPENSSL_NO_ECDH + int nid = 0; + if (!curve.empty()) + { + nid = OBJ_sn2nid(curve.c_str()); + } + else + { + nid = OBJ_sn2nid("prime256v1"); + } + if (nid == 0) + { + throw SSLContextException("Unknown ECDH curve name", curve); + } + + EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid); + if (!ecdh) + { + throw SSLContextException("Cannot create ECDH curve"); + } + SSL_CTX_set_tmp_ecdh(_pSSLContext, ecdh); + SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE); + EC_KEY_free(ecdh); +#endif +#endif +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSClientSession.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSClientSession.cpp index d8ffcc17b7..325f36a60a 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSClientSession.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSClientSession.cpp @@ -1,189 +1,189 @@ -// -// HTTPSClientSession.cpp -// -// Library: NetSSL_OpenSSL -// Package: HTTPSClient -// Module: HTTPSClientSession -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/HTTPSClientSession.h" -#include "Poco/Net/SecureStreamSocket.h" -#include "Poco/Net/SecureStreamSocketImpl.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/Net/SSLException.h" -#include "Poco/Net/HTTPRequest.h" -#include "Poco/Net/HTTPResponse.h" -#include "Poco/Net/NetException.h" -#include "Poco/NumberFormatter.h" - - -using Poco::NumberFormatter; -using Poco::IllegalStateException; - - -namespace Poco { -namespace Net { - - -HTTPSClientSession::HTTPSClientSession(): - HTTPClientSession(SecureStreamSocket()), - _pContext(SSLManager::instance().defaultClientContext()) -{ - setPort(HTTPS_PORT); -} - - -HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket): - HTTPClientSession(socket), - _pContext(socket.context()) -{ - setPort(HTTPS_PORT); -} - - -HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket, Session::Ptr pSession): - HTTPClientSession(socket), - _pContext(socket.context()), - _pSession(pSession) -{ - setPort(HTTPS_PORT); -} - - -HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port): - HTTPClientSession(SecureStreamSocket()), - _pContext(SSLManager::instance().defaultClientContext()) -{ - setHost(host); - setPort(port); -} - - -HTTPSClientSession::HTTPSClientSession(Context::Ptr pContext): - HTTPClientSession(SecureStreamSocket(pContext)), - _pContext(pContext) -{ -} - - -HTTPSClientSession::HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession): - HTTPClientSession(SecureStreamSocket(pContext, pSession)), - _pContext(pContext), - _pSession(pSession) -{ -} - - -HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext): - HTTPClientSession(SecureStreamSocket(pContext)), - _pContext(pContext) -{ - setHost(host); - setPort(port); -} - - -HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession): - HTTPClientSession(SecureStreamSocket(pContext, pSession)), - _pContext(pContext), - _pSession(pSession) -{ - setHost(host); - setPort(port); -} - - -HTTPSClientSession::~HTTPSClientSession() -{ -} - - -bool HTTPSClientSession::secure() const -{ - return true; -} - - -void HTTPSClientSession::abort() -{ - SecureStreamSocket sss(socket()); - sss.abort(); -} - - -X509Certificate HTTPSClientSession::serverCertificate() -{ - SecureStreamSocket sss(socket()); - return sss.peerCertificate(); -} - - -std::string HTTPSClientSession::proxyRequestPrefix() const -{ - return std::string(); -} - - -void HTTPSClientSession::proxyAuthenticate(HTTPRequest& request) -{ -} - - -void HTTPSClientSession::connect(const SocketAddress& address) -{ - if (getProxyHost().empty() || bypassProxy()) - { - SecureStreamSocket sss(socket()); - if (sss.getPeerHostName().empty()) - { - sss.setPeerHostName(getHost()); - } - if (_pContext->sessionCacheEnabled()) - { - sss.useSession(_pSession); - } - HTTPSession::connect(address); - if (_pContext->sessionCacheEnabled()) - { - _pSession = sss.currentSession(); - } +// +// HTTPSClientSession.cpp +// +// Library: NetSSL_OpenSSL +// Package: HTTPSClient +// Module: HTTPSClientSession +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/HTTPSClientSession.h" +#include "Poco/Net/SecureStreamSocket.h" +#include "Poco/Net/SecureStreamSocketImpl.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/Net/SSLException.h" +#include "Poco/Net/HTTPRequest.h" +#include "Poco/Net/HTTPResponse.h" +#include "Poco/Net/NetException.h" +#include "Poco/NumberFormatter.h" + + +using Poco::NumberFormatter; +using Poco::IllegalStateException; + + +namespace Poco { +namespace Net { + + +HTTPSClientSession::HTTPSClientSession(): + HTTPClientSession(SecureStreamSocket()), + _pContext(SSLManager::instance().defaultClientContext()) +{ + setPort(HTTPS_PORT); +} + + +HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket): + HTTPClientSession(socket), + _pContext(socket.context()) +{ + setPort(HTTPS_PORT); +} + + +HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket, Session::Ptr pSession): + HTTPClientSession(socket), + _pContext(socket.context()), + _pSession(pSession) +{ + setPort(HTTPS_PORT); +} + + +HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port): + HTTPClientSession(SecureStreamSocket()), + _pContext(SSLManager::instance().defaultClientContext()) +{ + setHost(host); + setPort(port); +} + + +HTTPSClientSession::HTTPSClientSession(Context::Ptr pContext): + HTTPClientSession(SecureStreamSocket(pContext)), + _pContext(pContext) +{ +} + + +HTTPSClientSession::HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession): + HTTPClientSession(SecureStreamSocket(pContext, pSession)), + _pContext(pContext), + _pSession(pSession) +{ +} + + +HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext): + HTTPClientSession(SecureStreamSocket(pContext)), + _pContext(pContext) +{ + setHost(host); + setPort(port); +} + + +HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession): + HTTPClientSession(SecureStreamSocket(pContext, pSession)), + _pContext(pContext), + _pSession(pSession) +{ + setHost(host); + setPort(port); +} + + +HTTPSClientSession::~HTTPSClientSession() +{ +} + + +bool HTTPSClientSession::secure() const +{ + return true; +} + + +void HTTPSClientSession::abort() +{ + SecureStreamSocket sss(socket()); + sss.abort(); +} + + +X509Certificate HTTPSClientSession::serverCertificate() +{ + SecureStreamSocket sss(socket()); + return sss.peerCertificate(); +} + + +std::string HTTPSClientSession::proxyRequestPrefix() const +{ + return std::string(); +} + + +void HTTPSClientSession::proxyAuthenticate(HTTPRequest& request) +{ +} + + +void HTTPSClientSession::connect(const SocketAddress& address) +{ + if (getProxyHost().empty() || bypassProxy()) + { + SecureStreamSocket sss(socket()); + if (sss.getPeerHostName().empty()) + { + sss.setPeerHostName(getHost()); + } + if (_pContext->sessionCacheEnabled()) + { + sss.useSession(_pSession); + } + HTTPSession::connect(address); + if (_pContext->sessionCacheEnabled()) + { + _pSession = sss.currentSession(); + } + } + else + { + StreamSocket proxySocket(proxyConnect()); + SecureStreamSocket secureSocket = SecureStreamSocket::attach(proxySocket, getHost(), _pContext, _pSession); + attachSocket(secureSocket); + if (_pContext->sessionCacheEnabled()) + { + _pSession = secureSocket.currentSession(); + } + } +} + + +int HTTPSClientSession::read(char* buffer, std::streamsize length) +{ + try + { + return HTTPSession::read(buffer, length); } - else - { - StreamSocket proxySocket(proxyConnect()); - SecureStreamSocket secureSocket = SecureStreamSocket::attach(proxySocket, getHost(), _pContext, _pSession); - attachSocket(secureSocket); - if (_pContext->sessionCacheEnabled()) - { - _pSession = secureSocket.currentSession(); - } - } -} - - -int HTTPSClientSession::read(char* buffer, std::streamsize length) -{ - try - { - return HTTPSession::read(buffer, length); - } - catch(SSLConnectionUnexpectedlyClosedException&) - { - return 0; - } -} - - -Session::Ptr HTTPSClientSession::sslSession() -{ - return _pSession; -} - - -} } // namespace Poco::Net + catch(SSLConnectionUnexpectedlyClosedException&) + { + return 0; + } +} + + +Session::Ptr HTTPSClientSession::sslSession() +{ + return _pSession; +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp index cff887ce22..fb8774d654 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp @@ -1,71 +1,71 @@ -// -// HTTPSSessionInstantiator.cpp -// -// Library: NetSSL_OpenSSL -// Package: HTTPSClient -// Module: HTTPSSessionInstantiator -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/HTTPSSessionInstantiator.h" -#include "Poco/Net/HTTPSessionFactory.h" -#include "Poco/Net/HTTPSClientSession.h" - - -namespace Poco { -namespace Net { - - -HTTPSSessionInstantiator::HTTPSSessionInstantiator() -{ -} - - -HTTPSSessionInstantiator::HTTPSSessionInstantiator(Context::Ptr pContext) : - _pContext(pContext) -{ -} - - -HTTPSSessionInstantiator::~HTTPSSessionInstantiator() -{ -} - - -HTTPClientSession* HTTPSSessionInstantiator::createClientSession(const Poco::URI& uri) -{ - poco_assert (uri.getScheme() == "https"); - HTTPSClientSession* pSession = _pContext.isNull() ? new HTTPSClientSession(uri.getHost(), uri.getPort()) : new HTTPSClientSession(uri.getHost(), uri.getPort(), _pContext); - if (!proxyHost().empty()) - { - pSession->setProxy(proxyHost(), proxyPort()); - pSession->setProxyCredentials(proxyUsername(), proxyPassword()); - } - return pSession; -} - - -void HTTPSSessionInstantiator::registerInstantiator() -{ - HTTPSessionFactory::defaultFactory().registerProtocol("https", new HTTPSSessionInstantiator); -} - - -void HTTPSSessionInstantiator::registerInstantiator(Context::Ptr context) -{ - HTTPSessionFactory::defaultFactory().registerProtocol("https", new HTTPSSessionInstantiator(context)); -} - - -void HTTPSSessionInstantiator::unregisterInstantiator() -{ - HTTPSessionFactory::defaultFactory().unregisterProtocol("https"); -} - - -} } // namespace Poco::Net +// +// HTTPSSessionInstantiator.cpp +// +// Library: NetSSL_OpenSSL +// Package: HTTPSClient +// Module: HTTPSSessionInstantiator +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/HTTPSSessionInstantiator.h" +#include "Poco/Net/HTTPSessionFactory.h" +#include "Poco/Net/HTTPSClientSession.h" + + +namespace Poco { +namespace Net { + + +HTTPSSessionInstantiator::HTTPSSessionInstantiator() +{ +} + + +HTTPSSessionInstantiator::HTTPSSessionInstantiator(Context::Ptr pContext) : + _pContext(pContext) +{ +} + + +HTTPSSessionInstantiator::~HTTPSSessionInstantiator() +{ +} + + +HTTPClientSession* HTTPSSessionInstantiator::createClientSession(const Poco::URI& uri) +{ + poco_assert (uri.getScheme() == "https"); + HTTPSClientSession* pSession = _pContext.isNull() ? new HTTPSClientSession(uri.getHost(), uri.getPort()) : new HTTPSClientSession(uri.getHost(), uri.getPort(), _pContext); + if (!proxyHost().empty()) + { + pSession->setProxy(proxyHost(), proxyPort()); + pSession->setProxyCredentials(proxyUsername(), proxyPassword()); + } + return pSession; +} + + +void HTTPSSessionInstantiator::registerInstantiator() +{ + HTTPSessionFactory::defaultFactory().registerProtocol("https", new HTTPSSessionInstantiator); +} + + +void HTTPSSessionInstantiator::registerInstantiator(Context::Ptr context) +{ + HTTPSessionFactory::defaultFactory().registerProtocol("https", new HTTPSSessionInstantiator(context)); +} + + +void HTTPSSessionInstantiator::unregisterInstantiator() +{ + HTTPSessionFactory::defaultFactory().unregisterProtocol("https"); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp index 4c2e4db37c..6ef20e63ff 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp @@ -1,194 +1,194 @@ -// -// HTTPSStreamFactory.cpp -// -// Library: NetSSL_OpenSSL -// Package: HTTPSClient -// Module: HTTPSStreamFactory -// -// Copyright (c) 2006-2012, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/HTTPSStreamFactory.h" -#include "Poco/Net/HTTPSClientSession.h" -#include "Poco/Net/HTTPIOStream.h" -#include "Poco/Net/HTTPRequest.h" -#include "Poco/Net/HTTPResponse.h" -#include "Poco/Net/HTTPCredentials.h" -#include "Poco/Net/NetException.h" -#include "Poco/URI.h" -#include "Poco/URIStreamOpener.h" -#include "Poco/UnbufferedStreamBuf.h" -#include "Poco/NullStream.h" -#include "Poco/StreamCopier.h" -#include "Poco/Format.h" -#include "Poco/Version.h" - - -using Poco::URIStreamFactory; -using Poco::URI; -using Poco::URIStreamOpener; -using Poco::UnbufferedStreamBuf; - - -namespace Poco { -namespace Net { - - -HTTPSStreamFactory::HTTPSStreamFactory(): - _proxyPort(HTTPSession::HTTP_PORT) -{ -} - - -HTTPSStreamFactory::HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort): - _proxyHost(proxyHost), - _proxyPort(proxyPort) -{ -} - - -HTTPSStreamFactory::HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort, const std::string& proxyUsername, const std::string& proxyPassword): - _proxyHost(proxyHost), - _proxyPort(proxyPort), - _proxyUsername(proxyUsername), - _proxyPassword(proxyPassword) -{ -} - - -HTTPSStreamFactory::~HTTPSStreamFactory() -{ -} - - -std::istream* HTTPSStreamFactory::open(const URI& uri) -{ - poco_assert (uri.getScheme() == "https" || uri.getScheme() == "http"); - - URI resolvedURI(uri); - URI proxyUri; - HTTPClientSession* pSession = 0; - HTTPResponse res; - try - { - bool retry = false; - bool authorize = false; - int redirects = 0; - std::string username; - std::string password; - - do - { - if (!pSession) - { - if (resolvedURI.getScheme() != "http") - pSession = new HTTPSClientSession(resolvedURI.getHost(), resolvedURI.getPort()); - else - pSession = new HTTPClientSession(resolvedURI.getHost(), resolvedURI.getPort()); - - if (proxyUri.empty()) - { - if (!_proxyHost.empty()) - { - pSession->setProxy(_proxyHost, _proxyPort); - pSession->setProxyCredentials(_proxyUsername, _proxyPassword); - } - } - else - { - pSession->setProxy(proxyUri.getHost(), proxyUri.getPort()); - if (!_proxyUsername.empty()) - { - pSession->setProxyCredentials(_proxyUsername, _proxyPassword); - } - } - } - std::string path = resolvedURI.getPathAndQuery(); - if (path.empty()) path = "/"; - HTTPRequest req(HTTPRequest::HTTP_GET, path, HTTPMessage::HTTP_1_1); - - if (authorize) - { - HTTPCredentials::extractCredentials(uri, username, password); - HTTPCredentials cred(username, password); - cred.authenticate(req, res); - } - - req.set("User-Agent", Poco::format("poco/%d.%d.%d", - (POCO_VERSION >> 24) & 0xFF, - (POCO_VERSION >> 16) & 0xFF, - (POCO_VERSION >> 8) & 0xFF)); - req.set("Accept", "*/*"); - - pSession->sendRequest(req); - std::istream& rs = pSession->receiveResponse(res); - bool moved = (res.getStatus() == HTTPResponse::HTTP_MOVED_PERMANENTLY || - res.getStatus() == HTTPResponse::HTTP_FOUND || - res.getStatus() == HTTPResponse::HTTP_SEE_OTHER || - res.getStatus() == HTTPResponse::HTTP_TEMPORARY_REDIRECT); - if (moved) - { - resolvedURI.resolve(res.get("Location")); - if (!username.empty()) - { - resolvedURI.setUserInfo(username + ":" + password); - authorize = false; - } - delete pSession; - pSession = 0; - ++redirects; - retry = true; - } - else if (res.getStatus() == HTTPResponse::HTTP_OK) - { - return new HTTPResponseStream(rs, pSession); - } - else if (res.getStatus() == HTTPResponse::HTTP_USEPROXY && !retry) - { - // The requested resource MUST be accessed through the proxy - // given by the Location field. The Location field gives the - // URI of the proxy. The recipient is expected to repeat this - // single request via the proxy. 305 responses MUST only be generated by origin servers. - // only use for one single request! - proxyUri.resolve(res.get("Location")); - delete pSession; - pSession = 0; - retry = true; // only allow useproxy once - } - else if (res.getStatus() == HTTPResponse::HTTP_UNAUTHORIZED && !authorize) - { - authorize = true; - retry = true; - Poco::NullOutputStream null; - Poco::StreamCopier::copyStream(rs, null); - } - else throw HTTPException(res.getReason(), uri.toString()); - } - while (retry && redirects < MAX_REDIRECTS); - throw HTTPException("Too many redirects", uri.toString()); - } - catch (...) - { - delete pSession; - throw; - } -} - - -void HTTPSStreamFactory::registerFactory() -{ - URIStreamOpener::defaultOpener().registerStreamFactory("https", new HTTPSStreamFactory); -} - - -void HTTPSStreamFactory::unregisterFactory() -{ - URIStreamOpener::defaultOpener().unregisterStreamFactory("https"); -} - - -} } // namespace Poco::Net +// +// HTTPSStreamFactory.cpp +// +// Library: NetSSL_OpenSSL +// Package: HTTPSClient +// Module: HTTPSStreamFactory +// +// Copyright (c) 2006-2012, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/HTTPSStreamFactory.h" +#include "Poco/Net/HTTPSClientSession.h" +#include "Poco/Net/HTTPIOStream.h" +#include "Poco/Net/HTTPRequest.h" +#include "Poco/Net/HTTPResponse.h" +#include "Poco/Net/HTTPCredentials.h" +#include "Poco/Net/NetException.h" +#include "Poco/URI.h" +#include "Poco/URIStreamOpener.h" +#include "Poco/UnbufferedStreamBuf.h" +#include "Poco/NullStream.h" +#include "Poco/StreamCopier.h" +#include "Poco/Format.h" +#include "Poco/Version.h" + + +using Poco::URIStreamFactory; +using Poco::URI; +using Poco::URIStreamOpener; +using Poco::UnbufferedStreamBuf; + + +namespace Poco { +namespace Net { + + +HTTPSStreamFactory::HTTPSStreamFactory(): + _proxyPort(HTTPSession::HTTP_PORT) +{ +} + + +HTTPSStreamFactory::HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort): + _proxyHost(proxyHost), + _proxyPort(proxyPort) +{ +} + + +HTTPSStreamFactory::HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort, const std::string& proxyUsername, const std::string& proxyPassword): + _proxyHost(proxyHost), + _proxyPort(proxyPort), + _proxyUsername(proxyUsername), + _proxyPassword(proxyPassword) +{ +} + + +HTTPSStreamFactory::~HTTPSStreamFactory() +{ +} + + +std::istream* HTTPSStreamFactory::open(const URI& uri) +{ + poco_assert (uri.getScheme() == "https" || uri.getScheme() == "http"); + + URI resolvedURI(uri); + URI proxyUri; + HTTPClientSession* pSession = 0; + HTTPResponse res; + try + { + bool retry = false; + bool authorize = false; + int redirects = 0; + std::string username; + std::string password; + + do + { + if (!pSession) + { + if (resolvedURI.getScheme() != "http") + pSession = new HTTPSClientSession(resolvedURI.getHost(), resolvedURI.getPort()); + else + pSession = new HTTPClientSession(resolvedURI.getHost(), resolvedURI.getPort()); + + if (proxyUri.empty()) + { + if (!_proxyHost.empty()) + { + pSession->setProxy(_proxyHost, _proxyPort); + pSession->setProxyCredentials(_proxyUsername, _proxyPassword); + } + } + else + { + pSession->setProxy(proxyUri.getHost(), proxyUri.getPort()); + if (!_proxyUsername.empty()) + { + pSession->setProxyCredentials(_proxyUsername, _proxyPassword); + } + } + } + std::string path = resolvedURI.getPathAndQuery(); + if (path.empty()) path = "/"; + HTTPRequest req(HTTPRequest::HTTP_GET, path, HTTPMessage::HTTP_1_1); + + if (authorize) + { + HTTPCredentials::extractCredentials(uri, username, password); + HTTPCredentials cred(username, password); + cred.authenticate(req, res); + } + + req.set("User-Agent", Poco::format("poco/%d.%d.%d", + (POCO_VERSION >> 24) & 0xFF, + (POCO_VERSION >> 16) & 0xFF, + (POCO_VERSION >> 8) & 0xFF)); + req.set("Accept", "*/*"); + + pSession->sendRequest(req); + std::istream& rs = pSession->receiveResponse(res); + bool moved = (res.getStatus() == HTTPResponse::HTTP_MOVED_PERMANENTLY || + res.getStatus() == HTTPResponse::HTTP_FOUND || + res.getStatus() == HTTPResponse::HTTP_SEE_OTHER || + res.getStatus() == HTTPResponse::HTTP_TEMPORARY_REDIRECT); + if (moved) + { + resolvedURI.resolve(res.get("Location")); + if (!username.empty()) + { + resolvedURI.setUserInfo(username + ":" + password); + authorize = false; + } + delete pSession; + pSession = 0; + ++redirects; + retry = true; + } + else if (res.getStatus() == HTTPResponse::HTTP_OK) + { + return new HTTPResponseStream(rs, pSession); + } + else if (res.getStatus() == HTTPResponse::HTTP_USEPROXY && !retry) + { + // The requested resource MUST be accessed through the proxy + // given by the Location field. The Location field gives the + // URI of the proxy. The recipient is expected to repeat this + // single request via the proxy. 305 responses MUST only be generated by origin servers. + // only use for one single request! + proxyUri.resolve(res.get("Location")); + delete pSession; + pSession = 0; + retry = true; // only allow useproxy once + } + else if (res.getStatus() == HTTPResponse::HTTP_UNAUTHORIZED && !authorize) + { + authorize = true; + retry = true; + Poco::NullOutputStream null; + Poco::StreamCopier::copyStream(rs, null); + } + else throw HTTPException(res.getReason(), uri.toString()); + } + while (retry && redirects < MAX_REDIRECTS); + throw HTTPException("Too many redirects", uri.toString()); + } + catch (...) + { + delete pSession; + throw; + } +} + + +void HTTPSStreamFactory::registerFactory() +{ + URIStreamOpener::defaultOpener().registerStreamFactory("https", new HTTPSStreamFactory); +} + + +void HTTPSStreamFactory::unregisterFactory() +{ + URIStreamOpener::defaultOpener().unregisterStreamFactory("https"); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp index cf31c70788..7cf68613c4 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp @@ -1,52 +1,52 @@ -// -// InvalidCertificateHandler.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: InvalidCertificateHandler -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/InvalidCertificateHandler.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/Delegate.h" - - -using Poco::Delegate; - - -namespace Poco { -namespace Net { - - -InvalidCertificateHandler::InvalidCertificateHandler(bool handleErrorsOnServerSide): _handleErrorsOnServerSide(handleErrorsOnServerSide) -{ - if (_handleErrorsOnServerSide) - SSLManager::instance().ServerVerificationError += Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate); - else - SSLManager::instance().ClientVerificationError += Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate); -} - - -InvalidCertificateHandler::~InvalidCertificateHandler() -{ - try - { - if (_handleErrorsOnServerSide) - SSLManager::instance().ServerVerificationError -= Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate); - else - SSLManager::instance().ClientVerificationError -= Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate); - } - catch (...) - { - poco_unexpected(); - } -} - - -} } // namespace Poco::Net +// +// InvalidCertificateHandler.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: InvalidCertificateHandler +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/InvalidCertificateHandler.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/Delegate.h" + + +using Poco::Delegate; + + +namespace Poco { +namespace Net { + + +InvalidCertificateHandler::InvalidCertificateHandler(bool handleErrorsOnServerSide): _handleErrorsOnServerSide(handleErrorsOnServerSide) +{ + if (_handleErrorsOnServerSide) + SSLManager::instance().ServerVerificationError += Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate); + else + SSLManager::instance().ClientVerificationError += Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate); +} + + +InvalidCertificateHandler::~InvalidCertificateHandler() +{ + try + { + if (_handleErrorsOnServerSide) + SSLManager::instance().ServerVerificationError -= Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate); + else + SSLManager::instance().ClientVerificationError -= Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate); + } + catch (...) + { + poco_unexpected(); + } +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp index f75e7986b5..a0a144216e 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp @@ -1,40 +1,40 @@ -// -// KeyConsoleHandler.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: KeyConsoleHandler -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/KeyConsoleHandler.h" -#include <iostream> - - -namespace Poco { -namespace Net { - - -KeyConsoleHandler::KeyConsoleHandler(bool server):PrivateKeyPassphraseHandler(server) -{ -} - - -KeyConsoleHandler::~KeyConsoleHandler() -{ -} - - -void KeyConsoleHandler::onPrivateKeyRequested(const void* /*pSender*/, std::string& privateKey) -{ - std::cout << "Please enter the passphrase for the private key: "; - std::cin >> privateKey; -} - - -} } // namespace Poco::Net +// +// KeyConsoleHandler.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: KeyConsoleHandler +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/KeyConsoleHandler.h" +#include <iostream> + + +namespace Poco { +namespace Net { + + +KeyConsoleHandler::KeyConsoleHandler(bool server):PrivateKeyPassphraseHandler(server) +{ +} + + +KeyConsoleHandler::~KeyConsoleHandler() +{ +} + + +void KeyConsoleHandler::onPrivateKeyRequested(const void* /*pSender*/, std::string& privateKey) +{ + std::cout << "Please enter the passphrase for the private key: "; + std::cin >> privateKey; +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/KeyFileHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/KeyFileHandler.cpp index 1f538987b1..d188b4575c 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/KeyFileHandler.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/KeyFileHandler.cpp @@ -1,61 +1,61 @@ -// -// KeyFileHandler.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: KeyFileHandler -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/KeyFileHandler.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/File.h" -#include "Poco/Util/AbstractConfiguration.h" -#include "Poco/Util/Application.h" -#include "Poco/Util/OptionException.h" - - -namespace Poco { -namespace Net { - - -const std::string KeyFileHandler::CFG_PRIV_KEY_FILE("privateKeyPassphraseHandler.options.password"); - - -KeyFileHandler::KeyFileHandler(bool server):PrivateKeyPassphraseHandler(server) -{ -} - - -KeyFileHandler::~KeyFileHandler() -{ -} - - -void KeyFileHandler::onPrivateKeyRequested(const void* /*pSender*/, std::string& privateKey) -{ - try - { - Poco::Util::AbstractConfiguration& config = Poco::Util::Application::instance().config(); - std::string prefix = serverSide() ? SSLManager::CFG_SERVER_PREFIX : SSLManager::CFG_CLIENT_PREFIX; - if (!config.hasProperty(prefix + CFG_PRIV_KEY_FILE)) - throw Poco::Util::EmptyOptionException(std::string("Missing Configuration Entry: ") + prefix + CFG_PRIV_KEY_FILE); - - privateKey = config.getString(prefix + CFG_PRIV_KEY_FILE); - } - catch (Poco::NullPointerException&) - { - throw Poco::IllegalStateException( - "An application configuration is required to obtain the private key passphrase, " - "but no Poco::Util::Application instance is available." - ); - } -} - - -} } // namespace Poco::Net +// +// KeyFileHandler.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: KeyFileHandler +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/KeyFileHandler.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/File.h" +#include "Poco/Util/AbstractConfiguration.h" +#include "Poco/Util/Application.h" +#include "Poco/Util/OptionException.h" + + +namespace Poco { +namespace Net { + + +const std::string KeyFileHandler::CFG_PRIV_KEY_FILE("privateKeyPassphraseHandler.options.password"); + + +KeyFileHandler::KeyFileHandler(bool server):PrivateKeyPassphraseHandler(server) +{ +} + + +KeyFileHandler::~KeyFileHandler() +{ +} + + +void KeyFileHandler::onPrivateKeyRequested(const void* /*pSender*/, std::string& privateKey) +{ + try + { + Poco::Util::AbstractConfiguration& config = Poco::Util::Application::instance().config(); + std::string prefix = serverSide() ? SSLManager::CFG_SERVER_PREFIX : SSLManager::CFG_CLIENT_PREFIX; + if (!config.hasProperty(prefix + CFG_PRIV_KEY_FILE)) + throw Poco::Util::EmptyOptionException(std::string("Missing Configuration Entry: ") + prefix + CFG_PRIV_KEY_FILE); + + privateKey = config.getString(prefix + CFG_PRIV_KEY_FILE); + } + catch (Poco::NullPointerException&) + { + throw Poco::IllegalStateException( + "An application configuration is required to obtain the private key passphrase, " + "but no Poco::Util::Application instance is available." + ); + } +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp index d3ae93cb31..90297c351e 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp @@ -1,44 +1,44 @@ -// -// PrivateKeyFactory.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: PrivateKeyFactory -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/PrivateKeyFactory.h" -#include "Poco/Net/SSLManager.h" - - -namespace Poco { -namespace Net { - - -PrivateKeyFactory::PrivateKeyFactory() -{ -} - - -PrivateKeyFactory::~PrivateKeyFactory() -{ -} - - -PrivateKeyFactoryRegistrar::PrivateKeyFactoryRegistrar(const std::string& name, PrivateKeyFactory* pFactory) -{ - SSLManager::instance().privateKeyFactoryMgr().setFactory(name, pFactory); -} - - -PrivateKeyFactoryRegistrar::~PrivateKeyFactoryRegistrar() -{ -} - - -} } // namespace Poco::Net +// +// PrivateKeyFactory.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: PrivateKeyFactory +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/PrivateKeyFactory.h" +#include "Poco/Net/SSLManager.h" + + +namespace Poco { +namespace Net { + + +PrivateKeyFactory::PrivateKeyFactory() +{ +} + + +PrivateKeyFactory::~PrivateKeyFactory() +{ +} + + +PrivateKeyFactoryRegistrar::PrivateKeyFactoryRegistrar(const std::string& name, PrivateKeyFactory* pFactory) +{ + SSLManager::instance().privateKeyFactoryMgr().setFactory(name, pFactory); +} + + +PrivateKeyFactoryRegistrar::~PrivateKeyFactoryRegistrar() +{ +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp index c3e027ce81..94b4ad34ba 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp @@ -1,67 +1,67 @@ -// -// PrivateKeyFactoryMgr.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: PrivateKeyFactoryMgr -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/PrivateKeyFactoryMgr.h" -#include "Poco/Net/KeyFileHandler.h" -#include "Poco/Net/KeyConsoleHandler.h" - - -namespace Poco { -namespace Net { - - -PrivateKeyFactoryMgr::PrivateKeyFactoryMgr() -{ - setFactory("KeyFileHandler", new PrivateKeyFactoryImpl<KeyFileHandler>()); - setFactory("KeyConsoleHandler", new PrivateKeyFactoryImpl<KeyConsoleHandler>()); -} - - -PrivateKeyFactoryMgr::~PrivateKeyFactoryMgr() -{ -} - - -void PrivateKeyFactoryMgr::setFactory(const std::string& name, PrivateKeyFactory* pFactory) -{ - bool success = _factories.insert(make_pair(name, Poco::SharedPtr<PrivateKeyFactory>(pFactory))).second; - if (!success) - delete pFactory; - poco_assert(success); -} - - -bool PrivateKeyFactoryMgr::hasFactory(const std::string& name) const -{ - return _factories.find(name) != _factories.end(); -} - - -const PrivateKeyFactory* PrivateKeyFactoryMgr::getFactory(const std::string& name) const -{ - FactoriesMap::const_iterator it = _factories.find(name); - if (it != _factories.end()) - return it->second; - else - return 0; -} - - -void PrivateKeyFactoryMgr::removeFactory(const std::string& name) -{ - _factories.erase(name); -} - - -} } // namespace Poco::Net +// +// PrivateKeyFactoryMgr.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: PrivateKeyFactoryMgr +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/PrivateKeyFactoryMgr.h" +#include "Poco/Net/KeyFileHandler.h" +#include "Poco/Net/KeyConsoleHandler.h" + + +namespace Poco { +namespace Net { + + +PrivateKeyFactoryMgr::PrivateKeyFactoryMgr() +{ + setFactory("KeyFileHandler", new PrivateKeyFactoryImpl<KeyFileHandler>()); + setFactory("KeyConsoleHandler", new PrivateKeyFactoryImpl<KeyConsoleHandler>()); +} + + +PrivateKeyFactoryMgr::~PrivateKeyFactoryMgr() +{ +} + + +void PrivateKeyFactoryMgr::setFactory(const std::string& name, PrivateKeyFactory* pFactory) +{ + bool success = _factories.insert(make_pair(name, Poco::SharedPtr<PrivateKeyFactory>(pFactory))).second; + if (!success) + delete pFactory; + poco_assert(success); +} + + +bool PrivateKeyFactoryMgr::hasFactory(const std::string& name) const +{ + return _factories.find(name) != _factories.end(); +} + + +const PrivateKeyFactory* PrivateKeyFactoryMgr::getFactory(const std::string& name) const +{ + FactoriesMap::const_iterator it = _factories.find(name); + if (it != _factories.end()) + return it->second; + else + return 0; +} + + +void PrivateKeyFactoryMgr::removeFactory(const std::string& name) +{ + _factories.erase(name); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp index 1d44e68a1e..9c1386c74c 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp @@ -1,46 +1,46 @@ -// -// PrivateKeyPassphraseHandler.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: PrivateKeyPassphraseHandler -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/PrivateKeyPassphraseHandler.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/Delegate.h" - - -using Poco::Delegate; - - -namespace Poco { -namespace Net { - - -PrivateKeyPassphraseHandler::PrivateKeyPassphraseHandler(bool onServerSide): _serverSide(onServerSide) -{ - SSLManager::instance().PrivateKeyPassphraseRequired += Delegate<PrivateKeyPassphraseHandler, std::string>(this, &PrivateKeyPassphraseHandler::onPrivateKeyRequested); -} - - -PrivateKeyPassphraseHandler::~PrivateKeyPassphraseHandler() -{ - try - { - SSLManager::instance().PrivateKeyPassphraseRequired -= Delegate<PrivateKeyPassphraseHandler, std::string>(this, &PrivateKeyPassphraseHandler::onPrivateKeyRequested); - } - catch (...) - { - poco_unexpected(); - } -} - - -} } // namespace Poco::Net +// +// PrivateKeyPassphraseHandler.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: PrivateKeyPassphraseHandler +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/PrivateKeyPassphraseHandler.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/Delegate.h" + + +using Poco::Delegate; + + +namespace Poco { +namespace Net { + + +PrivateKeyPassphraseHandler::PrivateKeyPassphraseHandler(bool onServerSide): _serverSide(onServerSide) +{ + SSLManager::instance().PrivateKeyPassphraseRequired += Delegate<PrivateKeyPassphraseHandler, std::string>(this, &PrivateKeyPassphraseHandler::onPrivateKeyRequested); +} + + +PrivateKeyPassphraseHandler::~PrivateKeyPassphraseHandler() +{ + try + { + SSLManager::instance().PrivateKeyPassphraseRequired -= Delegate<PrivateKeyPassphraseHandler, std::string>(this, &PrivateKeyPassphraseHandler::onPrivateKeyRequested); + } + catch (...) + { + poco_unexpected(); + } +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/RejectCertificateHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/RejectCertificateHandler.cpp index 5782550b01..1502a13e86 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/RejectCertificateHandler.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/RejectCertificateHandler.cpp @@ -1,38 +1,38 @@ -// -// RejectCertificateHandler.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: RejectCertificateHandler -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/RejectCertificateHandler.h" - - -namespace Poco { -namespace Net { - - -RejectCertificateHandler::RejectCertificateHandler(bool server): InvalidCertificateHandler(server) -{ -} - - -RejectCertificateHandler::~RejectCertificateHandler() -{ -} - - -void RejectCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert) -{ - errorCert.setIgnoreError(false); -} - - -} } // namespace Poco::Net +// +// RejectCertificateHandler.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: RejectCertificateHandler +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/RejectCertificateHandler.h" + + +namespace Poco { +namespace Net { + + +RejectCertificateHandler::RejectCertificateHandler(bool server): InvalidCertificateHandler(server) +{ +} + + +RejectCertificateHandler::~RejectCertificateHandler() +{ +} + + +void RejectCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert) +{ + errorCert.setIgnoreError(false); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SSLException.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SSLException.cpp index 30716805d7..2b64d2a4d6 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/SSLException.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SSLException.cpp @@ -1,30 +1,30 @@ -// -// SSLException.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: SSLException -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/SSLException.h" -#include <typeinfo> - - -namespace Poco { -namespace Net { - - -POCO_IMPLEMENT_EXCEPTION(SSLException, NetException, "SSL Exception") -POCO_IMPLEMENT_EXCEPTION(SSLContextException, SSLException, "SSL context exception") -POCO_IMPLEMENT_EXCEPTION(InvalidCertificateException, SSLException, "Invalid certficate") -POCO_IMPLEMENT_EXCEPTION(CertificateValidationException, SSLException, "Certificate validation error") -POCO_IMPLEMENT_EXCEPTION(SSLConnectionUnexpectedlyClosedException, SSLException, "SSL connection unexpectedly closed") - - -} } // namespace Poco::Net +// +// SSLException.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: SSLException +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/SSLException.h" +#include <typeinfo> + + +namespace Poco { +namespace Net { + + +POCO_IMPLEMENT_EXCEPTION(SSLException, NetException, "SSL Exception") +POCO_IMPLEMENT_EXCEPTION(SSLContextException, SSLException, "SSL context exception") +POCO_IMPLEMENT_EXCEPTION(InvalidCertificateException, SSLException, "Invalid certficate") +POCO_IMPLEMENT_EXCEPTION(CertificateValidationException, SSLException, "Certificate validation error") +POCO_IMPLEMENT_EXCEPTION(SSLConnectionUnexpectedlyClosedException, SSLException, "SSL connection unexpectedly closed") + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SSLManager.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SSLManager.cpp index 8aeaa199e2..abb4389f26 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/SSLManager.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SSLManager.cpp @@ -1,460 +1,460 @@ -// -// SSLManager.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: SSLManager -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/SSLManager.h" -#include "Poco/Net/Context.h" -#include "Poco/Net/Utility.h" -#include "Poco/Net/PrivateKeyPassphraseHandler.h" -#include "Poco/Net/RejectCertificateHandler.h" -#include "Poco/Crypto/OpenSSLInitializer.h" -#include "Poco/Net/SSLException.h" -#include "Poco/SingletonHolder.h" -#include "Poco/Delegate.h" -#include "Poco/StringTokenizer.h" -#include "Poco/Util/Application.h" -#include "Poco/Util/OptionException.h" - - -namespace Poco { -namespace Net { - - -const std::string SSLManager::CFG_PRIV_KEY_FILE("privateKeyFile"); -const std::string SSLManager::CFG_CERTIFICATE_FILE("certificateFile"); -const std::string SSLManager::CFG_CA_LOCATION("caConfig"); -const std::string SSLManager::CFG_VER_MODE("verificationMode"); -const Context::VerificationMode SSLManager::VAL_VER_MODE(Context::VERIFY_RELAXED); -const std::string SSLManager::CFG_VER_DEPTH("verificationDepth"); -const int SSLManager::VAL_VER_DEPTH(9); -const std::string SSLManager::CFG_ENABLE_DEFAULT_CA("loadDefaultCAFile"); -const bool SSLManager::VAL_ENABLE_DEFAULT_CA(true); -const std::string SSLManager::CFG_CIPHER_LIST("cipherList"); -const std::string SSLManager::CFG_CYPHER_LIST("cypherList"); -const std::string SSLManager::VAL_CIPHER_LIST("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); -const std::string SSLManager::CFG_PREFER_SERVER_CIPHERS("preferServerCiphers"); -const std::string SSLManager::CFG_DELEGATE_HANDLER("privateKeyPassphraseHandler.name"); -const std::string SSLManager::VAL_DELEGATE_HANDLER("KeyConsoleHandler"); -const std::string SSLManager::CFG_CERTIFICATE_HANDLER("invalidCertificateHandler.name"); -const std::string SSLManager::VAL_CERTIFICATE_HANDLER("ConsoleCertificateHandler"); -const std::string SSLManager::CFG_SERVER_PREFIX("openSSL.server."); -const std::string SSLManager::CFG_CLIENT_PREFIX("openSSL.client."); -const std::string SSLManager::CFG_CACHE_SESSIONS("cacheSessions"); -const std::string SSLManager::CFG_SESSION_ID_CONTEXT("sessionIdContext"); -const std::string SSLManager::CFG_SESSION_CACHE_SIZE("sessionCacheSize"); -const std::string SSLManager::CFG_SESSION_TIMEOUT("sessionTimeout"); -const std::string SSLManager::CFG_EXTENDED_VERIFICATION("extendedVerification"); -const std::string SSLManager::CFG_REQUIRE_TLSV1("requireTLSv1"); -const std::string SSLManager::CFG_REQUIRE_TLSV1_1("requireTLSv1_1"); -const std::string SSLManager::CFG_REQUIRE_TLSV1_2("requireTLSv1_2"); -const std::string SSLManager::CFG_DISABLE_PROTOCOLS("disableProtocols"); -const std::string SSLManager::CFG_DH_PARAMS_FILE("dhParamsFile"); -const std::string SSLManager::CFG_ECDH_CURVE("ecdhCurve"); -#ifdef OPENSSL_FIPS -const std::string SSLManager::CFG_FIPS_MODE("openSSL.fips"); -const bool SSLManager::VAL_FIPS_MODE(false); -#endif - - -SSLManager::SSLManager() -{ -} - - -SSLManager::~SSLManager() -{ - try - { - shutdown(); - } - catch (...) - { - poco_unexpected(); - } -} - - -void SSLManager::shutdown() -{ - PrivateKeyPassphraseRequired.clear(); - ClientVerificationError.clear(); - ServerVerificationError.clear(); - _ptrDefaultServerContext = 0; - _ptrDefaultClientContext = 0; -} - - -namespace -{ - static Poco::SingletonHolder<SSLManager> singleton; -} - - -SSLManager& SSLManager::instance() -{ - return *singleton.get(); -} - - -void SSLManager::initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext) -{ - _ptrServerPassphraseHandler = ptrPassphraseHandler; - _ptrServerCertificateHandler = ptrHandler; - _ptrDefaultServerContext = ptrContext; -} - - -void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext) -{ - _ptrClientPassphraseHandler = ptrPassphraseHandler; - _ptrClientCertificateHandler = ptrHandler; - _ptrDefaultClientContext = ptrContext; -} - - -Context::Ptr SSLManager::defaultServerContext() -{ - Poco::FastMutex::ScopedLock lock(_mutex); - - if (!_ptrDefaultServerContext) - initDefaultContext(true); - - return _ptrDefaultServerContext; -} - - -Context::Ptr SSLManager::defaultClientContext() -{ - Poco::FastMutex::ScopedLock lock(_mutex); - - if (!_ptrDefaultClientContext) - { - try - { - initDefaultContext(false); - } - catch (Poco::IllegalStateException&) - { - _ptrClientCertificateHandler = new RejectCertificateHandler(false); - _ptrDefaultClientContext = new Context(Context::CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true); - _ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3); - } - } - - return _ptrDefaultClientContext; -} - - -SSLManager::PrivateKeyPassphraseHandlerPtr SSLManager::serverPassphraseHandler() -{ - Poco::FastMutex::ScopedLock lock(_mutex); - - if (!_ptrServerPassphraseHandler) - initPassphraseHandler(true); - - return _ptrServerPassphraseHandler; -} - - -SSLManager::PrivateKeyPassphraseHandlerPtr SSLManager::clientPassphraseHandler() -{ - Poco::FastMutex::ScopedLock lock(_mutex); - - if (!_ptrClientPassphraseHandler) - initPassphraseHandler(false); - - return _ptrClientPassphraseHandler; -} - - -SSLManager::InvalidCertificateHandlerPtr SSLManager::serverCertificateHandler() -{ - Poco::FastMutex::ScopedLock lock(_mutex); - - if (!_ptrServerCertificateHandler) - initCertificateHandler(true); - - return _ptrServerCertificateHandler; -} - - -SSLManager::InvalidCertificateHandlerPtr SSLManager::clientCertificateHandler() -{ - Poco::FastMutex::ScopedLock lock(_mutex); - - if (!_ptrClientCertificateHandler) - initCertificateHandler(false); - - return _ptrClientCertificateHandler; -} - - -int SSLManager::verifyCallback(bool server, int ok, X509_STORE_CTX* pStore) -{ - if (!ok) - { - X509* pCert = X509_STORE_CTX_get_current_cert(pStore); - X509Certificate x509(pCert, true); - int depth = X509_STORE_CTX_get_error_depth(pStore); - int err = X509_STORE_CTX_get_error(pStore); - std::string error(X509_verify_cert_error_string(err)); - VerificationErrorArgs args(x509, depth, err, error); - if (server) - SSLManager::instance().ServerVerificationError.notify(&SSLManager::instance(), args); - else - SSLManager::instance().ClientVerificationError.notify(&SSLManager::instance(), args); - ok = args.getIgnoreError() ? 1 : 0; - } - - return ok; -} - - -int SSLManager::privateKeyPassphraseCallback(char* pBuf, int size, int /*flag*/, void* /*userData*/) -{ - std::string pwd; - SSLManager::instance().PrivateKeyPassphraseRequired.notify(&SSLManager::instance(), pwd); - - strncpy(pBuf, (char *)(pwd.c_str()), size); - pBuf[size - 1] = '\0'; - if (size > pwd.length()) - size = (int) pwd.length(); - - return size; -} - - -void SSLManager::initDefaultContext(bool server) -{ - if (server && _ptrDefaultServerContext) return; - if (!server && _ptrDefaultClientContext) return; - - Poco::Crypto::OpenSSLInitializer openSSLInitializer; - initEvents(server); - Poco::Util::AbstractConfiguration& config = appConfig(); - -#ifdef OPENSSL_FIPS - bool fipsEnabled = config.getBool(CFG_FIPS_MODE, VAL_FIPS_MODE); - if (fipsEnabled && !Poco::Crypto::OpenSSLInitializer::isFIPSEnabled()) - { - Poco::Crypto::OpenSSLInitializer::enableFIPSMode(true); - } -#endif - - std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX; - - Context::Params params; - // mandatory options - params.privateKeyFile = config.getString(prefix + CFG_PRIV_KEY_FILE, ""); - params.certificateFile = config.getString(prefix + CFG_CERTIFICATE_FILE, params.privateKeyFile); - params.caLocation = config.getString(prefix + CFG_CA_LOCATION, ""); - - if (server && params.certificateFile.empty() && params.privateKeyFile.empty()) - throw SSLException("Configuration error: no certificate file has been specified"); - - // optional options for which we have defaults defined - params.verificationMode = VAL_VER_MODE; - if (config.hasProperty(prefix + CFG_VER_MODE)) - { - // either: none, relaxed, strict, once - std::string mode = config.getString(prefix + CFG_VER_MODE); - params.verificationMode = Utility::convertVerificationMode(mode); - } - - params.verificationDepth = config.getInt(prefix + CFG_VER_DEPTH, VAL_VER_DEPTH); - params.loadDefaultCAs = config.getBool(prefix + CFG_ENABLE_DEFAULT_CA, VAL_ENABLE_DEFAULT_CA); - params.cipherList = config.getString(prefix + CFG_CIPHER_LIST, VAL_CIPHER_LIST); - params.cipherList = config.getString(prefix + CFG_CYPHER_LIST, params.cipherList); // for backwards compatibility - bool requireTLSv1 = config.getBool(prefix + CFG_REQUIRE_TLSV1, false); - bool requireTLSv1_1 = config.getBool(prefix + CFG_REQUIRE_TLSV1_1, false); - bool requireTLSv1_2 = config.getBool(prefix + CFG_REQUIRE_TLSV1_2, false); - - params.dhParamsFile = config.getString(prefix + CFG_DH_PARAMS_FILE, ""); - params.ecdhCurve = config.getString(prefix + CFG_ECDH_CURVE, ""); - - Context::Usage usage; - - if (server) - { - if (requireTLSv1_2) - usage = Context::TLSV1_2_SERVER_USE; - else if (requireTLSv1_1) - usage = Context::TLSV1_1_SERVER_USE; - else if (requireTLSv1) - usage = Context::TLSV1_SERVER_USE; - else - usage = Context::SERVER_USE; - _ptrDefaultServerContext = new Context(usage, params); - } - else - { - if (requireTLSv1_2) - usage = Context::TLSV1_2_CLIENT_USE; - else if (requireTLSv1_1) - usage = Context::TLSV1_1_CLIENT_USE; - else if (requireTLSv1) - usage = Context::TLSV1_CLIENT_USE; - else - usage = Context::CLIENT_USE; - _ptrDefaultClientContext = new Context(usage, params); - } - - std::string disabledProtocolsList = config.getString(prefix + CFG_DISABLE_PROTOCOLS, ""); - Poco::StringTokenizer dpTok(disabledProtocolsList, ";,", Poco::StringTokenizer::TOK_TRIM | Poco::StringTokenizer::TOK_IGNORE_EMPTY); - int disabledProtocols = 0; - for (Poco::StringTokenizer::Iterator it = dpTok.begin(); it != dpTok.end(); ++it) - { - if (*it == "sslv2") - disabledProtocols |= Context::PROTO_SSLV2; - else if (*it == "sslv3") - disabledProtocols |= Context::PROTO_SSLV3; - else if (*it == "tlsv1") - disabledProtocols |= Context::PROTO_TLSV1; - else if (*it == "tlsv1_1") - disabledProtocols |= Context::PROTO_TLSV1_1; - else if (*it == "tlsv1_2") - disabledProtocols |= Context::PROTO_TLSV1_2; - } - if (server) - _ptrDefaultServerContext->disableProtocols(disabledProtocols); - else - _ptrDefaultClientContext->disableProtocols(disabledProtocols); - - bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false); - if (server) - { - std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", "")); - _ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext); - if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE)) - { - int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE); - _ptrDefaultServerContext->setSessionCacheSize(cacheSize); - } - if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT)) - { - int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT); - _ptrDefaultServerContext->setSessionTimeout(timeout); - } - } - else - { - _ptrDefaultClientContext->enableSessionCache(cacheSessions); - } - bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false); - if (server) - _ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification); - else - _ptrDefaultClientContext->enableExtendedCertificateVerification(extendedVerification); - - bool preferServerCiphers = config.getBool(prefix + CFG_PREFER_SERVER_CIPHERS, false); - if (preferServerCiphers) - { - if (server) - _ptrDefaultServerContext->preferServerCiphers(); - else - _ptrDefaultClientContext->preferServerCiphers(); - } -} - - -void SSLManager::initEvents(bool server) -{ - initPassphraseHandler(server); - initCertificateHandler(server); -} - - -void SSLManager::initPassphraseHandler(bool server) -{ - if (server && _ptrServerPassphraseHandler) return; - if (!server && _ptrClientPassphraseHandler) return; - - std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX; - Poco::Util::AbstractConfiguration& config = appConfig(); - - std::string className(config.getString(prefix + CFG_DELEGATE_HANDLER, VAL_DELEGATE_HANDLER)); - - const PrivateKeyFactory* pFactory = 0; - if (privateKeyFactoryMgr().hasFactory(className)) - { - pFactory = privateKeyFactoryMgr().getFactory(className); - } - - if (pFactory) - { - if (server) - _ptrServerPassphraseHandler = pFactory->create(server); - else - _ptrClientPassphraseHandler = pFactory->create(server); - } - else throw Poco::Util::UnknownOptionException(std::string("No passphrase handler known with the name ") + className); -} - - -void SSLManager::initCertificateHandler(bool server) -{ - if (server && _ptrServerCertificateHandler) return; - if (!server && _ptrClientCertificateHandler) return; - - std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX; - Poco::Util::AbstractConfiguration& config = appConfig(); - - std::string className(config.getString(prefix+CFG_CERTIFICATE_HANDLER, VAL_CERTIFICATE_HANDLER)); - - const CertificateHandlerFactory* pFactory = 0; - if (certificateHandlerFactoryMgr().hasFactory(className)) - { - pFactory = certificateHandlerFactoryMgr().getFactory(className); - } - - if (pFactory) - { - if (server) - _ptrServerCertificateHandler = pFactory->create(true); - else - _ptrClientCertificateHandler = pFactory->create(false); - } - else throw Poco::Util::UnknownOptionException(std::string("No InvalidCertificate handler known with the name ") + className); -} - - -Poco::Util::AbstractConfiguration& SSLManager::appConfig() -{ - try - { - return Poco::Util::Application::instance().config(); - } - catch (Poco::NullPointerException&) - { - throw Poco::IllegalStateException( - "An application configuration is required to initialize the Poco::Net::SSLManager, " - "but no Poco::Util::Application instance is available." - ); - } -} - - -void initializeSSL() -{ - Poco::Crypto::initializeCrypto(); -} - - -void uninitializeSSL() -{ - SSLManager::instance().shutdown(); - Poco::Crypto::uninitializeCrypto(); -} - - -} } // namespace Poco::Net +// +// SSLManager.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: SSLManager +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/SSLManager.h" +#include "Poco/Net/Context.h" +#include "Poco/Net/Utility.h" +#include "Poco/Net/PrivateKeyPassphraseHandler.h" +#include "Poco/Net/RejectCertificateHandler.h" +#include "Poco/Crypto/OpenSSLInitializer.h" +#include "Poco/Net/SSLException.h" +#include "Poco/SingletonHolder.h" +#include "Poco/Delegate.h" +#include "Poco/StringTokenizer.h" +#include "Poco/Util/Application.h" +#include "Poco/Util/OptionException.h" + + +namespace Poco { +namespace Net { + + +const std::string SSLManager::CFG_PRIV_KEY_FILE("privateKeyFile"); +const std::string SSLManager::CFG_CERTIFICATE_FILE("certificateFile"); +const std::string SSLManager::CFG_CA_LOCATION("caConfig"); +const std::string SSLManager::CFG_VER_MODE("verificationMode"); +const Context::VerificationMode SSLManager::VAL_VER_MODE(Context::VERIFY_RELAXED); +const std::string SSLManager::CFG_VER_DEPTH("verificationDepth"); +const int SSLManager::VAL_VER_DEPTH(9); +const std::string SSLManager::CFG_ENABLE_DEFAULT_CA("loadDefaultCAFile"); +const bool SSLManager::VAL_ENABLE_DEFAULT_CA(true); +const std::string SSLManager::CFG_CIPHER_LIST("cipherList"); +const std::string SSLManager::CFG_CYPHER_LIST("cypherList"); +const std::string SSLManager::VAL_CIPHER_LIST("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); +const std::string SSLManager::CFG_PREFER_SERVER_CIPHERS("preferServerCiphers"); +const std::string SSLManager::CFG_DELEGATE_HANDLER("privateKeyPassphraseHandler.name"); +const std::string SSLManager::VAL_DELEGATE_HANDLER("KeyConsoleHandler"); +const std::string SSLManager::CFG_CERTIFICATE_HANDLER("invalidCertificateHandler.name"); +const std::string SSLManager::VAL_CERTIFICATE_HANDLER("ConsoleCertificateHandler"); +const std::string SSLManager::CFG_SERVER_PREFIX("openSSL.server."); +const std::string SSLManager::CFG_CLIENT_PREFIX("openSSL.client."); +const std::string SSLManager::CFG_CACHE_SESSIONS("cacheSessions"); +const std::string SSLManager::CFG_SESSION_ID_CONTEXT("sessionIdContext"); +const std::string SSLManager::CFG_SESSION_CACHE_SIZE("sessionCacheSize"); +const std::string SSLManager::CFG_SESSION_TIMEOUT("sessionTimeout"); +const std::string SSLManager::CFG_EXTENDED_VERIFICATION("extendedVerification"); +const std::string SSLManager::CFG_REQUIRE_TLSV1("requireTLSv1"); +const std::string SSLManager::CFG_REQUIRE_TLSV1_1("requireTLSv1_1"); +const std::string SSLManager::CFG_REQUIRE_TLSV1_2("requireTLSv1_2"); +const std::string SSLManager::CFG_DISABLE_PROTOCOLS("disableProtocols"); +const std::string SSLManager::CFG_DH_PARAMS_FILE("dhParamsFile"); +const std::string SSLManager::CFG_ECDH_CURVE("ecdhCurve"); +#ifdef OPENSSL_FIPS +const std::string SSLManager::CFG_FIPS_MODE("openSSL.fips"); +const bool SSLManager::VAL_FIPS_MODE(false); +#endif + + +SSLManager::SSLManager() +{ +} + + +SSLManager::~SSLManager() +{ + try + { + shutdown(); + } + catch (...) + { + poco_unexpected(); + } +} + + +void SSLManager::shutdown() +{ + PrivateKeyPassphraseRequired.clear(); + ClientVerificationError.clear(); + ServerVerificationError.clear(); + _ptrDefaultServerContext = 0; + _ptrDefaultClientContext = 0; +} + + +namespace +{ + static Poco::SingletonHolder<SSLManager> singleton; +} + + +SSLManager& SSLManager::instance() +{ + return *singleton.get(); +} + + +void SSLManager::initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext) +{ + _ptrServerPassphraseHandler = ptrPassphraseHandler; + _ptrServerCertificateHandler = ptrHandler; + _ptrDefaultServerContext = ptrContext; +} + + +void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext) +{ + _ptrClientPassphraseHandler = ptrPassphraseHandler; + _ptrClientCertificateHandler = ptrHandler; + _ptrDefaultClientContext = ptrContext; +} + + +Context::Ptr SSLManager::defaultServerContext() +{ + Poco::FastMutex::ScopedLock lock(_mutex); + + if (!_ptrDefaultServerContext) + initDefaultContext(true); + + return _ptrDefaultServerContext; +} + + +Context::Ptr SSLManager::defaultClientContext() +{ + Poco::FastMutex::ScopedLock lock(_mutex); + + if (!_ptrDefaultClientContext) + { + try + { + initDefaultContext(false); + } + catch (Poco::IllegalStateException&) + { + _ptrClientCertificateHandler = new RejectCertificateHandler(false); + _ptrDefaultClientContext = new Context(Context::CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true); + _ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3); + } + } + + return _ptrDefaultClientContext; +} + + +SSLManager::PrivateKeyPassphraseHandlerPtr SSLManager::serverPassphraseHandler() +{ + Poco::FastMutex::ScopedLock lock(_mutex); + + if (!_ptrServerPassphraseHandler) + initPassphraseHandler(true); + + return _ptrServerPassphraseHandler; +} + + +SSLManager::PrivateKeyPassphraseHandlerPtr SSLManager::clientPassphraseHandler() +{ + Poco::FastMutex::ScopedLock lock(_mutex); + + if (!_ptrClientPassphraseHandler) + initPassphraseHandler(false); + + return _ptrClientPassphraseHandler; +} + + +SSLManager::InvalidCertificateHandlerPtr SSLManager::serverCertificateHandler() +{ + Poco::FastMutex::ScopedLock lock(_mutex); + + if (!_ptrServerCertificateHandler) + initCertificateHandler(true); + + return _ptrServerCertificateHandler; +} + + +SSLManager::InvalidCertificateHandlerPtr SSLManager::clientCertificateHandler() +{ + Poco::FastMutex::ScopedLock lock(_mutex); + + if (!_ptrClientCertificateHandler) + initCertificateHandler(false); + + return _ptrClientCertificateHandler; +} + + +int SSLManager::verifyCallback(bool server, int ok, X509_STORE_CTX* pStore) +{ + if (!ok) + { + X509* pCert = X509_STORE_CTX_get_current_cert(pStore); + X509Certificate x509(pCert, true); + int depth = X509_STORE_CTX_get_error_depth(pStore); + int err = X509_STORE_CTX_get_error(pStore); + std::string error(X509_verify_cert_error_string(err)); + VerificationErrorArgs args(x509, depth, err, error); + if (server) + SSLManager::instance().ServerVerificationError.notify(&SSLManager::instance(), args); + else + SSLManager::instance().ClientVerificationError.notify(&SSLManager::instance(), args); + ok = args.getIgnoreError() ? 1 : 0; + } + + return ok; +} + + +int SSLManager::privateKeyPassphraseCallback(char* pBuf, int size, int /*flag*/, void* /*userData*/) +{ + std::string pwd; + SSLManager::instance().PrivateKeyPassphraseRequired.notify(&SSLManager::instance(), pwd); + + strncpy(pBuf, (char *)(pwd.c_str()), size); + pBuf[size - 1] = '\0'; + if (size > pwd.length()) + size = (int) pwd.length(); + + return size; +} + + +void SSLManager::initDefaultContext(bool server) +{ + if (server && _ptrDefaultServerContext) return; + if (!server && _ptrDefaultClientContext) return; + + Poco::Crypto::OpenSSLInitializer openSSLInitializer; + initEvents(server); + Poco::Util::AbstractConfiguration& config = appConfig(); + +#ifdef OPENSSL_FIPS + bool fipsEnabled = config.getBool(CFG_FIPS_MODE, VAL_FIPS_MODE); + if (fipsEnabled && !Poco::Crypto::OpenSSLInitializer::isFIPSEnabled()) + { + Poco::Crypto::OpenSSLInitializer::enableFIPSMode(true); + } +#endif + + std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX; + + Context::Params params; + // mandatory options + params.privateKeyFile = config.getString(prefix + CFG_PRIV_KEY_FILE, ""); + params.certificateFile = config.getString(prefix + CFG_CERTIFICATE_FILE, params.privateKeyFile); + params.caLocation = config.getString(prefix + CFG_CA_LOCATION, ""); + + if (server && params.certificateFile.empty() && params.privateKeyFile.empty()) + throw SSLException("Configuration error: no certificate file has been specified"); + + // optional options for which we have defaults defined + params.verificationMode = VAL_VER_MODE; + if (config.hasProperty(prefix + CFG_VER_MODE)) + { + // either: none, relaxed, strict, once + std::string mode = config.getString(prefix + CFG_VER_MODE); + params.verificationMode = Utility::convertVerificationMode(mode); + } + + params.verificationDepth = config.getInt(prefix + CFG_VER_DEPTH, VAL_VER_DEPTH); + params.loadDefaultCAs = config.getBool(prefix + CFG_ENABLE_DEFAULT_CA, VAL_ENABLE_DEFAULT_CA); + params.cipherList = config.getString(prefix + CFG_CIPHER_LIST, VAL_CIPHER_LIST); + params.cipherList = config.getString(prefix + CFG_CYPHER_LIST, params.cipherList); // for backwards compatibility + bool requireTLSv1 = config.getBool(prefix + CFG_REQUIRE_TLSV1, false); + bool requireTLSv1_1 = config.getBool(prefix + CFG_REQUIRE_TLSV1_1, false); + bool requireTLSv1_2 = config.getBool(prefix + CFG_REQUIRE_TLSV1_2, false); + + params.dhParamsFile = config.getString(prefix + CFG_DH_PARAMS_FILE, ""); + params.ecdhCurve = config.getString(prefix + CFG_ECDH_CURVE, ""); + + Context::Usage usage; + + if (server) + { + if (requireTLSv1_2) + usage = Context::TLSV1_2_SERVER_USE; + else if (requireTLSv1_1) + usage = Context::TLSV1_1_SERVER_USE; + else if (requireTLSv1) + usage = Context::TLSV1_SERVER_USE; + else + usage = Context::SERVER_USE; + _ptrDefaultServerContext = new Context(usage, params); + } + else + { + if (requireTLSv1_2) + usage = Context::TLSV1_2_CLIENT_USE; + else if (requireTLSv1_1) + usage = Context::TLSV1_1_CLIENT_USE; + else if (requireTLSv1) + usage = Context::TLSV1_CLIENT_USE; + else + usage = Context::CLIENT_USE; + _ptrDefaultClientContext = new Context(usage, params); + } + + std::string disabledProtocolsList = config.getString(prefix + CFG_DISABLE_PROTOCOLS, ""); + Poco::StringTokenizer dpTok(disabledProtocolsList, ";,", Poco::StringTokenizer::TOK_TRIM | Poco::StringTokenizer::TOK_IGNORE_EMPTY); + int disabledProtocols = 0; + for (Poco::StringTokenizer::Iterator it = dpTok.begin(); it != dpTok.end(); ++it) + { + if (*it == "sslv2") + disabledProtocols |= Context::PROTO_SSLV2; + else if (*it == "sslv3") + disabledProtocols |= Context::PROTO_SSLV3; + else if (*it == "tlsv1") + disabledProtocols |= Context::PROTO_TLSV1; + else if (*it == "tlsv1_1") + disabledProtocols |= Context::PROTO_TLSV1_1; + else if (*it == "tlsv1_2") + disabledProtocols |= Context::PROTO_TLSV1_2; + } + if (server) + _ptrDefaultServerContext->disableProtocols(disabledProtocols); + else + _ptrDefaultClientContext->disableProtocols(disabledProtocols); + + bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false); + if (server) + { + std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", "")); + _ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext); + if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE)) + { + int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE); + _ptrDefaultServerContext->setSessionCacheSize(cacheSize); + } + if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT)) + { + int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT); + _ptrDefaultServerContext->setSessionTimeout(timeout); + } + } + else + { + _ptrDefaultClientContext->enableSessionCache(cacheSessions); + } + bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false); + if (server) + _ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification); + else + _ptrDefaultClientContext->enableExtendedCertificateVerification(extendedVerification); + + bool preferServerCiphers = config.getBool(prefix + CFG_PREFER_SERVER_CIPHERS, false); + if (preferServerCiphers) + { + if (server) + _ptrDefaultServerContext->preferServerCiphers(); + else + _ptrDefaultClientContext->preferServerCiphers(); + } +} + + +void SSLManager::initEvents(bool server) +{ + initPassphraseHandler(server); + initCertificateHandler(server); +} + + +void SSLManager::initPassphraseHandler(bool server) +{ + if (server && _ptrServerPassphraseHandler) return; + if (!server && _ptrClientPassphraseHandler) return; + + std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX; + Poco::Util::AbstractConfiguration& config = appConfig(); + + std::string className(config.getString(prefix + CFG_DELEGATE_HANDLER, VAL_DELEGATE_HANDLER)); + + const PrivateKeyFactory* pFactory = 0; + if (privateKeyFactoryMgr().hasFactory(className)) + { + pFactory = privateKeyFactoryMgr().getFactory(className); + } + + if (pFactory) + { + if (server) + _ptrServerPassphraseHandler = pFactory->create(server); + else + _ptrClientPassphraseHandler = pFactory->create(server); + } + else throw Poco::Util::UnknownOptionException(std::string("No passphrase handler known with the name ") + className); +} + + +void SSLManager::initCertificateHandler(bool server) +{ + if (server && _ptrServerCertificateHandler) return; + if (!server && _ptrClientCertificateHandler) return; + + std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX; + Poco::Util::AbstractConfiguration& config = appConfig(); + + std::string className(config.getString(prefix+CFG_CERTIFICATE_HANDLER, VAL_CERTIFICATE_HANDLER)); + + const CertificateHandlerFactory* pFactory = 0; + if (certificateHandlerFactoryMgr().hasFactory(className)) + { + pFactory = certificateHandlerFactoryMgr().getFactory(className); + } + + if (pFactory) + { + if (server) + _ptrServerCertificateHandler = pFactory->create(true); + else + _ptrClientCertificateHandler = pFactory->create(false); + } + else throw Poco::Util::UnknownOptionException(std::string("No InvalidCertificate handler known with the name ") + className); +} + + +Poco::Util::AbstractConfiguration& SSLManager::appConfig() +{ + try + { + return Poco::Util::Application::instance().config(); + } + catch (Poco::NullPointerException&) + { + throw Poco::IllegalStateException( + "An application configuration is required to initialize the Poco::Net::SSLManager, " + "but no Poco::Util::Application instance is available." + ); + } +} + + +void initializeSSL() +{ + Poco::Crypto::initializeCrypto(); +} + + +void uninitializeSSL() +{ + SSLManager::instance().shutdown(); + Poco::Crypto::uninitializeCrypto(); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSMTPClientSession.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSMTPClientSession.cpp index ff0fd5b0d4..c1a9569bc7 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSMTPClientSession.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSMTPClientSession.cpp @@ -1,64 +1,64 @@ -// -// SecureSMTPClientSession.h -// -// Library: NetSSL_OpenSSL -// Package: Mail -// Module: SecureSMTPClientSession -// -// Copyright (c) 2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/SecureSMTPClientSession.h" -#include "Poco/Net/SecureStreamSocket.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/Net/DialogSocket.h" - - -namespace Poco { -namespace Net { - - -SecureSMTPClientSession::SecureSMTPClientSession(const StreamSocket& socket): - SMTPClientSession(socket) -{ -} - - -SecureSMTPClientSession::SecureSMTPClientSession(const std::string& host, Poco::UInt16 port): - SMTPClientSession(host, port), - _host(host) -{ -} - - -SecureSMTPClientSession::~SecureSMTPClientSession() -{ -} - - -bool SecureSMTPClientSession::startTLS() -{ - return startTLS(SSLManager::instance().defaultClientContext()); -} - - -bool SecureSMTPClientSession::startTLS(Context::Ptr pContext) -{ - int status = 0; - std::string response; - - status = sendCommand("STARTTLS", response); - if (!isPositiveCompletion(status)) return false; - - SecureStreamSocket sss(SecureStreamSocket::attach(socket(), _host, pContext)); - socket() = sss; - - return true; -} - - -} } // namespace Poco::Net +// +// SecureSMTPClientSession.h +// +// Library: NetSSL_OpenSSL +// Package: Mail +// Module: SecureSMTPClientSession +// +// Copyright (c) 2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/SecureSMTPClientSession.h" +#include "Poco/Net/SecureStreamSocket.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/Net/DialogSocket.h" + + +namespace Poco { +namespace Net { + + +SecureSMTPClientSession::SecureSMTPClientSession(const StreamSocket& socket): + SMTPClientSession(socket) +{ +} + + +SecureSMTPClientSession::SecureSMTPClientSession(const std::string& host, Poco::UInt16 port): + SMTPClientSession(host, port), + _host(host) +{ +} + + +SecureSMTPClientSession::~SecureSMTPClientSession() +{ +} + + +bool SecureSMTPClientSession::startTLS() +{ + return startTLS(SSLManager::instance().defaultClientContext()); +} + + +bool SecureSMTPClientSession::startTLS(Context::Ptr pContext) +{ + int status = 0; + std::string response; + + status = sendCommand("STARTTLS", response); + if (!isPositiveCompletion(status)) return false; + + SecureStreamSocket sss(SecureStreamSocket::attach(socket(), _host, pContext)); + socket() = sss; + + return true; +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocket.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocket.cpp index b5ab4c15f0..a394304ace 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocket.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocket.cpp @@ -1,121 +1,121 @@ -// -// SecureServerSocket.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureServerSocket -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/SecureServerSocket.h" -#include "Poco/Net/SecureServerSocketImpl.h" -#include "Poco/Net/SecureStreamSocket.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/Exception.h" - - -using Poco::InvalidArgumentException; - - -namespace Poco { -namespace Net { - - -SecureServerSocket::SecureServerSocket(): - ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true) -{ -} - - -SecureServerSocket::SecureServerSocket(Context::Ptr pContext): - ServerSocket(new SecureServerSocketImpl(pContext), true) -{ -} - - -SecureServerSocket::SecureServerSocket(const Socket& socket): - ServerSocket(socket) -{ - if (!dynamic_cast<SecureServerSocketImpl*>(impl())) - throw InvalidArgumentException("Cannot assign incompatible socket"); -} - - -SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog): - ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true) -{ - impl()->bind(address, true); - impl()->listen(backlog); -} - - -SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext): - ServerSocket(new SecureServerSocketImpl(pContext), true) -{ - impl()->bind(address, true); - impl()->listen(backlog); -} - - -SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog): - ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true) -{ - IPAddress wildcardAddr; - SocketAddress address(wildcardAddr, port); - impl()->bind(address, true); - impl()->listen(backlog); -} - -SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext): - ServerSocket(new SecureServerSocketImpl(pContext), true) -{ - IPAddress wildcardAddr; - SocketAddress address(wildcardAddr, port); - impl()->bind(address, true); - impl()->listen(backlog); -} - - -SecureServerSocket::~SecureServerSocket() -{ -} - - -SecureServerSocket& SecureServerSocket::operator = (const Socket& socket) -{ - if (&socket != this) - { - if (dynamic_cast<SecureServerSocketImpl*>(socket.impl())) - ServerSocket::operator = (socket); - else - throw InvalidArgumentException("Cannot assign incompatible socket"); - } - return *this; -} - - -StreamSocket SecureServerSocket::acceptConnection(SocketAddress& clientAddr) -{ - return SecureStreamSocket(impl()->acceptConnection(clientAddr)); -} - - -StreamSocket SecureServerSocket::acceptConnection() -{ - SocketAddress clientAddr; - return SecureStreamSocket(impl()->acceptConnection(clientAddr)); -} - - -Context::Ptr SecureServerSocket::context() const -{ - return static_cast<SecureServerSocketImpl*>(impl())->context(); -} - - -} } // namespace Poco::Net +// +// SecureServerSocket.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureServerSocket +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/SecureServerSocket.h" +#include "Poco/Net/SecureServerSocketImpl.h" +#include "Poco/Net/SecureStreamSocket.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/Exception.h" + + +using Poco::InvalidArgumentException; + + +namespace Poco { +namespace Net { + + +SecureServerSocket::SecureServerSocket(): + ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true) +{ +} + + +SecureServerSocket::SecureServerSocket(Context::Ptr pContext): + ServerSocket(new SecureServerSocketImpl(pContext), true) +{ +} + + +SecureServerSocket::SecureServerSocket(const Socket& socket): + ServerSocket(socket) +{ + if (!dynamic_cast<SecureServerSocketImpl*>(impl())) + throw InvalidArgumentException("Cannot assign incompatible socket"); +} + + +SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog): + ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true) +{ + impl()->bind(address, true); + impl()->listen(backlog); +} + + +SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext): + ServerSocket(new SecureServerSocketImpl(pContext), true) +{ + impl()->bind(address, true); + impl()->listen(backlog); +} + + +SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog): + ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true) +{ + IPAddress wildcardAddr; + SocketAddress address(wildcardAddr, port); + impl()->bind(address, true); + impl()->listen(backlog); +} + +SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext): + ServerSocket(new SecureServerSocketImpl(pContext), true) +{ + IPAddress wildcardAddr; + SocketAddress address(wildcardAddr, port); + impl()->bind(address, true); + impl()->listen(backlog); +} + + +SecureServerSocket::~SecureServerSocket() +{ +} + + +SecureServerSocket& SecureServerSocket::operator = (const Socket& socket) +{ + if (&socket != this) + { + if (dynamic_cast<SecureServerSocketImpl*>(socket.impl())) + ServerSocket::operator = (socket); + else + throw InvalidArgumentException("Cannot assign incompatible socket"); + } + return *this; +} + + +StreamSocket SecureServerSocket::acceptConnection(SocketAddress& clientAddr) +{ + return SecureStreamSocket(impl()->acceptConnection(clientAddr)); +} + + +StreamSocket SecureServerSocket::acceptConnection() +{ + SocketAddress clientAddr; + return SecureStreamSocket(impl()->acceptConnection(clientAddr)); +} + + +Context::Ptr SecureServerSocket::context() const +{ + return static_cast<SecureServerSocketImpl*>(impl())->context(); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp index 46df3b1cc5..0175622a73 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp @@ -1,122 +1,122 @@ -// -// SecureServerSocketImpl.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureServerSocketImpl -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/SecureServerSocketImpl.h" - - -namespace Poco { -namespace Net { - - -SecureServerSocketImpl::SecureServerSocketImpl(Context::Ptr pContext): - _impl(new ServerSocketImpl, pContext) -{ -} - - -SecureServerSocketImpl::~SecureServerSocketImpl() -{ - try - { - reset(); - } - catch (...) - { - poco_unexpected(); - } -} - - -SocketImpl* SecureServerSocketImpl::acceptConnection(SocketAddress& clientAddr) -{ - return _impl.acceptConnection(clientAddr); -} - - -void SecureServerSocketImpl::connect(const SocketAddress& /*address*/) -{ - throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket"); -} - - -void SecureServerSocketImpl::connect(const SocketAddress& /*address*/, const Poco::Timespan& /*timeout*/) -{ - throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket"); -} - - -void SecureServerSocketImpl::connectNB(const SocketAddress& /*address*/) -{ - throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket"); -} - - -void SecureServerSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort) -{ - _impl.bind(address, reuseAddress, reusePort); - reset(_impl.sockfd()); -} - - -void SecureServerSocketImpl::listen(int backlog) -{ - _impl.listen(backlog); - reset(_impl.sockfd()); -} - - -void SecureServerSocketImpl::close() -{ - reset(); - _impl.close(); -} - - -int SecureServerSocketImpl::sendBytes(const void* /*buffer*/, int /*length*/, int /*flags*/) -{ - throw Poco::InvalidAccessException("Cannot sendBytes() on a SecureServerSocket"); -} - - -int SecureServerSocketImpl::receiveBytes(void* /*buffer*/, int /*length*/, int /*flags*/) -{ - throw Poco::InvalidAccessException("Cannot receiveBytes() on a SecureServerSocket"); -} - - -int SecureServerSocketImpl::sendTo(const void* /*buffer*/, int /*length*/, const SocketAddress& /*address*/, int /*flags*/) -{ - throw Poco::InvalidAccessException("Cannot sendTo() on a SecureServerSocket"); -} - - -int SecureServerSocketImpl::receiveFrom(void* /*buffer*/, int /*length*/, SocketAddress& /*address*/, int /*flags*/) -{ - throw Poco::InvalidAccessException("Cannot receiveFrom() on a SecureServerSocket"); -} - - -void SecureServerSocketImpl::sendUrgent(unsigned char /*data*/) -{ - throw Poco::InvalidAccessException("Cannot sendUrgent() on a SecureServerSocket"); -} - - -bool SecureServerSocketImpl::secure() const -{ - return true; -} - - -} } // namespace Poco::Net +// +// SecureServerSocketImpl.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureServerSocketImpl +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/SecureServerSocketImpl.h" + + +namespace Poco { +namespace Net { + + +SecureServerSocketImpl::SecureServerSocketImpl(Context::Ptr pContext): + _impl(new ServerSocketImpl, pContext) +{ +} + + +SecureServerSocketImpl::~SecureServerSocketImpl() +{ + try + { + reset(); + } + catch (...) + { + poco_unexpected(); + } +} + + +SocketImpl* SecureServerSocketImpl::acceptConnection(SocketAddress& clientAddr) +{ + return _impl.acceptConnection(clientAddr); +} + + +void SecureServerSocketImpl::connect(const SocketAddress& /*address*/) +{ + throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket"); +} + + +void SecureServerSocketImpl::connect(const SocketAddress& /*address*/, const Poco::Timespan& /*timeout*/) +{ + throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket"); +} + + +void SecureServerSocketImpl::connectNB(const SocketAddress& /*address*/) +{ + throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket"); +} + + +void SecureServerSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort) +{ + _impl.bind(address, reuseAddress, reusePort); + reset(_impl.sockfd()); +} + + +void SecureServerSocketImpl::listen(int backlog) +{ + _impl.listen(backlog); + reset(_impl.sockfd()); +} + + +void SecureServerSocketImpl::close() +{ + reset(); + _impl.close(); +} + + +int SecureServerSocketImpl::sendBytes(const void* /*buffer*/, int /*length*/, int /*flags*/) +{ + throw Poco::InvalidAccessException("Cannot sendBytes() on a SecureServerSocket"); +} + + +int SecureServerSocketImpl::receiveBytes(void* /*buffer*/, int /*length*/, int /*flags*/) +{ + throw Poco::InvalidAccessException("Cannot receiveBytes() on a SecureServerSocket"); +} + + +int SecureServerSocketImpl::sendTo(const void* /*buffer*/, int /*length*/, const SocketAddress& /*address*/, int /*flags*/) +{ + throw Poco::InvalidAccessException("Cannot sendTo() on a SecureServerSocket"); +} + + +int SecureServerSocketImpl::receiveFrom(void* /*buffer*/, int /*length*/, SocketAddress& /*address*/, int /*flags*/) +{ + throw Poco::InvalidAccessException("Cannot receiveFrom() on a SecureServerSocket"); +} + + +void SecureServerSocketImpl::sendUrgent(unsigned char /*data*/) +{ + throw Poco::InvalidAccessException("Cannot sendUrgent() on a SecureServerSocket"); +} + + +bool SecureServerSocketImpl::secure() const +{ + return true; +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp index 564bc18683..ef924d66ac 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp @@ -1,49 +1,49 @@ -// -// SecureSocketImpl.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureSocketImpl -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/SecureSocketImpl.h" -#include "Poco/Net/SSLException.h" -#include "Poco/Net/Context.h" -#include "Poco/Net/X509Certificate.h" -#include "Poco/Net/Utility.h" -#include "Poco/Net/SecureStreamSocket.h" -#include "Poco/Net/SecureStreamSocketImpl.h" -#include "Poco/Net/StreamSocketImpl.h" -#include "Poco/Net/StreamSocket.h" -#include "Poco/Net/NetException.h" -#include "Poco/Net/DNS.h" -#include "Poco/NumberFormatter.h" -#include "Poco/NumberParser.h" -#include "Poco/Format.h" -#include <openssl/x509v3.h> -#include <openssl/err.h> - - -using Poco::IOException; -using Poco::TimeoutException; -using Poco::InvalidArgumentException; -using Poco::NumberFormatter; -using Poco::Timespan; - - -// workaround for C++-incompatible macro -#define POCO_BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(void*)((n)?"a":NULL)) - - -namespace Poco { -namespace Net { - +// +// SecureSocketImpl.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureSocketImpl +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/SecureSocketImpl.h" +#include "Poco/Net/SSLException.h" +#include "Poco/Net/Context.h" +#include "Poco/Net/X509Certificate.h" +#include "Poco/Net/Utility.h" +#include "Poco/Net/SecureStreamSocket.h" +#include "Poco/Net/SecureStreamSocketImpl.h" +#include "Poco/Net/StreamSocketImpl.h" +#include "Poco/Net/StreamSocket.h" +#include "Poco/Net/NetException.h" +#include "Poco/Net/DNS.h" +#include "Poco/NumberFormatter.h" +#include "Poco/NumberParser.h" +#include "Poco/Format.h" +#include <openssl/x509v3.h> +#include <openssl/err.h> + + +using Poco::IOException; +using Poco::TimeoutException; +using Poco::InvalidArgumentException; +using Poco::NumberFormatter; +using Poco::Timespan; + + +// workaround for C++-incompatible macro +#define POCO_BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(void*)((n)?"a":NULL)) + + +namespace Poco { +namespace Net { + struct RemainingTimeCounter { RemainingTimeCounter(Poco::Timespan& remainingTime_) : remainingTime(remainingTime_) {}; @@ -60,137 +60,137 @@ private: Poco::Timespan& remainingTime; Poco::Timestamp start; }; - -SecureSocketImpl::SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext): - _pSSL(0), - _pSocket(pSocketImpl), - _pContext(pContext), - _needHandshake(false) -{ - poco_check_ptr (_pSocket); - poco_check_ptr (_pContext); -} - - -SecureSocketImpl::~SecureSocketImpl() -{ - try - { - reset(); - } - catch (...) - { - poco_unexpected(); - } -} - - -SocketImpl* SecureSocketImpl::acceptConnection(SocketAddress& clientAddr) -{ - poco_assert (!_pSSL); - - StreamSocket ss = _pSocket->acceptConnection(clientAddr); - Poco::AutoPtr<SecureStreamSocketImpl> pSecureStreamSocketImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(ss.impl()), _pContext); - pSecureStreamSocketImpl->acceptSSL(); - pSecureStreamSocketImpl->duplicate(); - return pSecureStreamSocketImpl; -} - - -void SecureSocketImpl::acceptSSL() -{ - poco_assert (!_pSSL); - - BIO* pBIO = BIO_new(BIO_s_socket()); - if (!pBIO) throw SSLException("Cannot create BIO object"); - BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE); - - _pSSL = SSL_new(_pContext->sslContext()); - if (!_pSSL) - { - BIO_free(pBIO); - throw SSLException("Cannot create SSL object"); - } - SSL_set_bio(_pSSL, pBIO, pBIO); - SSL_set_accept_state(_pSSL); - _needHandshake = true; -} - - -void SecureSocketImpl::connect(const SocketAddress& address, bool performHandshake) -{ - if (_pSSL) reset(); - - poco_assert (!_pSSL); - - _pSocket->connect(address); - connectSSL(performHandshake); -} - - -void SecureSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake) -{ - if (_pSSL) reset(); - - poco_assert (!_pSSL); - - _pSocket->connect(address, timeout); + +SecureSocketImpl::SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext): + _pSSL(0), + _pSocket(pSocketImpl), + _pContext(pContext), + _needHandshake(false) +{ + poco_check_ptr (_pSocket); + poco_check_ptr (_pContext); +} + + +SecureSocketImpl::~SecureSocketImpl() +{ + try + { + reset(); + } + catch (...) + { + poco_unexpected(); + } +} + + +SocketImpl* SecureSocketImpl::acceptConnection(SocketAddress& clientAddr) +{ + poco_assert (!_pSSL); + + StreamSocket ss = _pSocket->acceptConnection(clientAddr); + Poco::AutoPtr<SecureStreamSocketImpl> pSecureStreamSocketImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(ss.impl()), _pContext); + pSecureStreamSocketImpl->acceptSSL(); + pSecureStreamSocketImpl->duplicate(); + return pSecureStreamSocketImpl; +} + + +void SecureSocketImpl::acceptSSL() +{ + poco_assert (!_pSSL); + + BIO* pBIO = BIO_new(BIO_s_socket()); + if (!pBIO) throw SSLException("Cannot create BIO object"); + BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE); + + _pSSL = SSL_new(_pContext->sslContext()); + if (!_pSSL) + { + BIO_free(pBIO); + throw SSLException("Cannot create SSL object"); + } + SSL_set_bio(_pSSL, pBIO, pBIO); + SSL_set_accept_state(_pSSL); + _needHandshake = true; +} + + +void SecureSocketImpl::connect(const SocketAddress& address, bool performHandshake) +{ + if (_pSSL) reset(); + + poco_assert (!_pSSL); + + _pSocket->connect(address); + connectSSL(performHandshake); +} + + +void SecureSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake) +{ + if (_pSSL) reset(); + + poco_assert (!_pSSL); + + _pSocket->connect(address, timeout); //FIXME it updates timeouts of SecureStreamSocketImpl::underlying_socket it does not update timeouts of SecureStreamSocketImpl //However, timeouts of SecureStreamSocketImpl are not used in connectSSL() and previous settings are restored after - Poco::Timespan receiveTimeout = _pSocket->getReceiveTimeout(); - Poco::Timespan sendTimeout = _pSocket->getSendTimeout(); - _pSocket->setReceiveTimeout(timeout); - _pSocket->setSendTimeout(timeout); - connectSSL(performHandshake); - _pSocket->setReceiveTimeout(receiveTimeout); - _pSocket->setSendTimeout(sendTimeout); -} - - -void SecureSocketImpl::connectNB(const SocketAddress& address) -{ - if (_pSSL) reset(); - - poco_assert (!_pSSL); - - _pSocket->connectNB(address); - connectSSL(false); -} - - -void SecureSocketImpl::connectSSL(bool performHandshake) -{ - poco_assert (!_pSSL); - poco_assert (_pSocket->initialized()); - - BIO* pBIO = BIO_new(BIO_s_socket()); - if (!pBIO) throw SSLException("Cannot create SSL BIO object"); - BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE); - - _pSSL = SSL_new(_pContext->sslContext()); - if (!_pSSL) - { - BIO_free(pBIO); - throw SSLException("Cannot create SSL object"); - } - SSL_set_bio(_pSSL, pBIO, pBIO); - -#if OPENSSL_VERSION_NUMBER >= 0x0908060L && !defined(OPENSSL_NO_TLSEXT) - if (!_peerHostName.empty()) - { - SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str()); - } -#endif - - if (_pSession) - { - SSL_set_session(_pSSL, _pSession->sslSession()); - } - - try - { - if (performHandshake && _pSocket->getBlocking()) - { + Poco::Timespan receiveTimeout = _pSocket->getReceiveTimeout(); + Poco::Timespan sendTimeout = _pSocket->getSendTimeout(); + _pSocket->setReceiveTimeout(timeout); + _pSocket->setSendTimeout(timeout); + connectSSL(performHandshake); + _pSocket->setReceiveTimeout(receiveTimeout); + _pSocket->setSendTimeout(sendTimeout); +} + + +void SecureSocketImpl::connectNB(const SocketAddress& address) +{ + if (_pSSL) reset(); + + poco_assert (!_pSSL); + + _pSocket->connectNB(address); + connectSSL(false); +} + + +void SecureSocketImpl::connectSSL(bool performHandshake) +{ + poco_assert (!_pSSL); + poco_assert (_pSocket->initialized()); + + BIO* pBIO = BIO_new(BIO_s_socket()); + if (!pBIO) throw SSLException("Cannot create SSL BIO object"); + BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE); + + _pSSL = SSL_new(_pContext->sslContext()); + if (!_pSSL) + { + BIO_free(pBIO); + throw SSLException("Cannot create SSL object"); + } + SSL_set_bio(_pSSL, pBIO, pBIO); + +#if OPENSSL_VERSION_NUMBER >= 0x0908060L && !defined(OPENSSL_NO_TLSEXT) + if (!_peerHostName.empty()) + { + SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str()); + } +#endif + + if (_pSession) + { + SSL_set_session(_pSSL, _pSession->sslSession()); + } + + try + { + if (performHandshake && _pSocket->getBlocking()) + { int ret; Poco::Timespan remaining_time = getMaxTimeout(); do @@ -199,237 +199,237 @@ void SecureSocketImpl::connectSSL(bool performHandshake) ret = SSL_connect(_pSSL); } while (mustRetry(ret, remaining_time)); - handleError(ret); - verifyPeerCertificate(); - } - else - { - SSL_set_connect_state(_pSSL); - _needHandshake = true; - } - } - catch (...) - { - SSL_free(_pSSL); - _pSSL = 0; - throw; - } -} - - -void SecureSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort) -{ - poco_check_ptr (_pSocket); - - _pSocket->bind(address, reuseAddress, reusePort); -} - - -void SecureSocketImpl::listen(int backlog) -{ - poco_check_ptr (_pSocket); - - _pSocket->listen(backlog); -} - - -void SecureSocketImpl::shutdown() -{ - if (_pSSL) - { - // Don't shut down the socket more than once. - int shutdownState = SSL_get_shutdown(_pSSL); - bool shutdownSent = (shutdownState & SSL_SENT_SHUTDOWN) == SSL_SENT_SHUTDOWN; - if (!shutdownSent) - { - // A proper clean shutdown would require us to - // retry the shutdown if we get a zero return - // value, until SSL_shutdown() returns 1. - // However, this will lead to problems with - // most web browsers, so we just set the shutdown - // flag by calling SSL_shutdown() once and be - // done with it. - int rc = SSL_shutdown(_pSSL); - if (rc < 0) handleError(rc); - if (_pSocket->getBlocking()) - { - _pSocket->shutdown(); - } - } - } -} - - -void SecureSocketImpl::close() -{ - try - { - shutdown(); - } - catch (...) - { - } - _pSocket->close(); -} - - -int SecureSocketImpl::sendBytes(const void* buffer, int length, int /*flags*/) -{ - poco_assert (_pSocket->initialized()); - poco_check_ptr (_pSSL); - - int rc; - if (_needHandshake) - { - rc = completeHandshake(); - if (rc == 1) - verifyPeerCertificate(); - else if (rc == 0) - throw SSLConnectionUnexpectedlyClosedException(); - else - return rc; - } + handleError(ret); + verifyPeerCertificate(); + } + else + { + SSL_set_connect_state(_pSSL); + _needHandshake = true; + } + } + catch (...) + { + SSL_free(_pSSL); + _pSSL = 0; + throw; + } +} + + +void SecureSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort) +{ + poco_check_ptr (_pSocket); + + _pSocket->bind(address, reuseAddress, reusePort); +} + + +void SecureSocketImpl::listen(int backlog) +{ + poco_check_ptr (_pSocket); + + _pSocket->listen(backlog); +} + + +void SecureSocketImpl::shutdown() +{ + if (_pSSL) + { + // Don't shut down the socket more than once. + int shutdownState = SSL_get_shutdown(_pSSL); + bool shutdownSent = (shutdownState & SSL_SENT_SHUTDOWN) == SSL_SENT_SHUTDOWN; + if (!shutdownSent) + { + // A proper clean shutdown would require us to + // retry the shutdown if we get a zero return + // value, until SSL_shutdown() returns 1. + // However, this will lead to problems with + // most web browsers, so we just set the shutdown + // flag by calling SSL_shutdown() once and be + // done with it. + int rc = SSL_shutdown(_pSSL); + if (rc < 0) handleError(rc); + if (_pSocket->getBlocking()) + { + _pSocket->shutdown(); + } + } + } +} + + +void SecureSocketImpl::close() +{ + try + { + shutdown(); + } + catch (...) + { + } + _pSocket->close(); +} + + +int SecureSocketImpl::sendBytes(const void* buffer, int length, int /*flags*/) +{ + poco_assert (_pSocket->initialized()); + poco_check_ptr (_pSSL); + + int rc; + if (_needHandshake) + { + rc = completeHandshake(); + if (rc == 1) + verifyPeerCertificate(); + else if (rc == 0) + throw SSLConnectionUnexpectedlyClosedException(); + else + return rc; + } Poco::Timespan remaining_time = getMaxTimeout(); - do - { + do + { RemainingTimeCounter counter(remaining_time); - rc = SSL_write(_pSSL, buffer, length); - } + rc = SSL_write(_pSSL, buffer, length); + } while (mustRetry(rc, remaining_time)); - if (rc <= 0) - { - rc = handleError(rc); - if (rc == 0) throw SSLConnectionUnexpectedlyClosedException(); - } - return rc; -} - - -int SecureSocketImpl::receiveBytes(void* buffer, int length, int /*flags*/) -{ - poco_assert (_pSocket->initialized()); - poco_check_ptr (_pSSL); - - int rc; - if (_needHandshake) - { - rc = completeHandshake(); - if (rc == 1) - verifyPeerCertificate(); - else - return rc; - } + if (rc <= 0) + { + rc = handleError(rc); + if (rc == 0) throw SSLConnectionUnexpectedlyClosedException(); + } + return rc; +} + + +int SecureSocketImpl::receiveBytes(void* buffer, int length, int /*flags*/) +{ + poco_assert (_pSocket->initialized()); + poco_check_ptr (_pSSL); + + int rc; + if (_needHandshake) + { + rc = completeHandshake(); + if (rc == 1) + verifyPeerCertificate(); + else + return rc; + } Poco::Timespan remaining_time = getMaxTimeout(); - do - { + do + { /// SSL record may consist of several TCP packets, /// so thread can be blocked on recv/send and epoll_wait several times /// until SSL_read will return rc > 0. Let's use our own time counter. RemainingTimeCounter counter(remaining_time); - rc = SSL_read(_pSSL, buffer, length); - } + rc = SSL_read(_pSSL, buffer, length); + } while (mustRetry(rc, remaining_time)); - if (rc <= 0) - { - return handleError(rc); - } - return rc; -} - - -int SecureSocketImpl::available() const -{ - poco_check_ptr (_pSSL); - - return SSL_pending(_pSSL); -} - - -int SecureSocketImpl::completeHandshake() -{ - poco_assert (_pSocket->initialized()); - poco_check_ptr (_pSSL); - - int rc; + if (rc <= 0) + { + return handleError(rc); + } + return rc; +} + + +int SecureSocketImpl::available() const +{ + poco_check_ptr (_pSSL); + + return SSL_pending(_pSSL); +} + + +int SecureSocketImpl::completeHandshake() +{ + poco_assert (_pSocket->initialized()); + poco_check_ptr (_pSSL); + + int rc; Poco::Timespan remaining_time = getMaxTimeout(); - do - { + do + { RemainingTimeCounter counter(remaining_time); - rc = SSL_do_handshake(_pSSL); - } + rc = SSL_do_handshake(_pSSL); + } while (mustRetry(rc, remaining_time)); - if (rc <= 0) - { - return handleError(rc); - } - _needHandshake = false; - return rc; -} - - -void SecureSocketImpl::verifyPeerCertificate() -{ - if (_peerHostName.empty()) - verifyPeerCertificate(_pSocket->peerAddress().host().toString()); - else - verifyPeerCertificate(_peerHostName); -} - - -void SecureSocketImpl::verifyPeerCertificate(const std::string& hostName) -{ - long certErr = verifyPeerCertificateImpl(hostName); - if (certErr != X509_V_OK) - { - std::string msg = Utility::convertCertificateError(certErr); - throw CertificateValidationException("Unacceptable certificate from " + hostName, msg); - } -} - - -long SecureSocketImpl::verifyPeerCertificateImpl(const std::string& hostName) -{ - Context::VerificationMode mode = _pContext->verificationMode(); - if (mode == Context::VERIFY_NONE || !_pContext->extendedCertificateVerificationEnabled() || - (mode != Context::VERIFY_STRICT && isLocalHost(hostName))) - { - return X509_V_OK; - } - - X509* pCert = SSL_get_peer_certificate(_pSSL); - if (pCert) - { - X509Certificate cert(pCert); - return cert.verify(hostName) ? X509_V_OK : X509_V_ERR_APPLICATION_VERIFICATION; - } - else return X509_V_OK; -} - - -bool SecureSocketImpl::isLocalHost(const std::string& hostName) -{ - try - { - SocketAddress addr(hostName, 0); - return addr.host().isLoopback(); - } - catch (Poco::Exception&) - { - return false; - } -} - - -X509* SecureSocketImpl::peerCertificate() const -{ - if (_pSSL) - return SSL_get_peer_certificate(_pSSL); - else - return 0; -} - + if (rc <= 0) + { + return handleError(rc); + } + _needHandshake = false; + return rc; +} + + +void SecureSocketImpl::verifyPeerCertificate() +{ + if (_peerHostName.empty()) + verifyPeerCertificate(_pSocket->peerAddress().host().toString()); + else + verifyPeerCertificate(_peerHostName); +} + + +void SecureSocketImpl::verifyPeerCertificate(const std::string& hostName) +{ + long certErr = verifyPeerCertificateImpl(hostName); + if (certErr != X509_V_OK) + { + std::string msg = Utility::convertCertificateError(certErr); + throw CertificateValidationException("Unacceptable certificate from " + hostName, msg); + } +} + + +long SecureSocketImpl::verifyPeerCertificateImpl(const std::string& hostName) +{ + Context::VerificationMode mode = _pContext->verificationMode(); + if (mode == Context::VERIFY_NONE || !_pContext->extendedCertificateVerificationEnabled() || + (mode != Context::VERIFY_STRICT && isLocalHost(hostName))) + { + return X509_V_OK; + } + + X509* pCert = SSL_get_peer_certificate(_pSSL); + if (pCert) + { + X509Certificate cert(pCert); + return cert.verify(hostName) ? X509_V_OK : X509_V_ERR_APPLICATION_VERIFICATION; + } + else return X509_V_OK; +} + + +bool SecureSocketImpl::isLocalHost(const std::string& hostName) +{ + try + { + SocketAddress addr(hostName, 0); + return addr.host().isLoopback(); + } + catch (Poco::Exception&) + { + return false; + } +} + + +X509* SecureSocketImpl::peerCertificate() const +{ + if (_pSSL) + return SSL_get_peer_certificate(_pSSL); + else + return 0; +} + Poco::Timespan SecureSocketImpl::getMaxTimeout() { Poco::Timespan remaining_time = _pSocket->getReceiveTimeout(); @@ -438,164 +438,164 @@ Poco::Timespan SecureSocketImpl::getMaxTimeout() remaining_time = send_timeout; return remaining_time; } - + bool SecureSocketImpl::mustRetry(int rc, Poco::Timespan& remaining_time) -{ - if (rc <= 0) - { - int sslError = SSL_get_error(_pSSL, rc); - int socketError = _pSocket->lastError(); - switch (sslError) - { - case SSL_ERROR_WANT_READ: - if (_pSocket->getBlocking()) - { +{ + if (rc <= 0) + { + int sslError = SSL_get_error(_pSSL, rc); + int socketError = _pSocket->lastError(); + switch (sslError) + { + case SSL_ERROR_WANT_READ: + if (_pSocket->getBlocking()) + { /// Level-triggered mode of epoll_wait is used, so if SSL_read don't read all available data from socket, /// epoll_wait returns true without waiting for new data even if remaining_time == 0 if (_pSocket->pollImpl(remaining_time, Poco::Net::Socket::SELECT_READ) && remaining_time != 0) - return true; - else - throw Poco::TimeoutException(); - } - break; - case SSL_ERROR_WANT_WRITE: - if (_pSocket->getBlocking()) - { + return true; + else + throw Poco::TimeoutException(); + } + break; + case SSL_ERROR_WANT_WRITE: + if (_pSocket->getBlocking()) + { /// The same as for SSL_ERROR_WANT_READ if (_pSocket->pollImpl(remaining_time, Poco::Net::Socket::SELECT_WRITE) && remaining_time != 0) - return true; - else - throw Poco::TimeoutException(); - } - break; - case SSL_ERROR_SYSCALL: - return socketError == POCO_EAGAIN || socketError == POCO_EINTR; - default: - return socketError == POCO_EINTR; - } - } - return false; -} - - -int SecureSocketImpl::handleError(int rc) -{ - if (rc > 0) return rc; - - int sslError = SSL_get_error(_pSSL, rc); - int error = SocketImpl::lastError(); - - switch (sslError) - { - case SSL_ERROR_ZERO_RETURN: - return 0; - case SSL_ERROR_WANT_READ: - return SecureStreamSocket::ERR_SSL_WANT_READ; - case SSL_ERROR_WANT_WRITE: - return SecureStreamSocket::ERR_SSL_WANT_WRITE; - case SSL_ERROR_WANT_CONNECT: - case SSL_ERROR_WANT_ACCEPT: - case SSL_ERROR_WANT_X509_LOOKUP: - // these should not occur - poco_bugcheck(); - return rc; - case SSL_ERROR_SYSCALL: - if (error != 0) - { - SocketImpl::error(error); - } - // fallthrough - default: - { - long lastError = ERR_get_error(); - if (lastError == 0) - { - if (rc == 0) - { - // Most web browsers do this, don't report an error - if (_pContext->isForServerUse()) - return 0; - else - throw SSLConnectionUnexpectedlyClosedException(); - } - else if (rc == -1) - { - throw SSLConnectionUnexpectedlyClosedException(); - } - else - { - SecureStreamSocketImpl::error(Poco::format("The BIO reported an error: %d", rc)); - } - } - else - { - char buffer[256]; - ERR_error_string_n(lastError, buffer, sizeof(buffer)); - std::string msg(buffer); - throw SSLException(msg); - } - } - break; - } - return rc; -} - - -void SecureSocketImpl::setPeerHostName(const std::string& peerHostName) -{ - _peerHostName = peerHostName; -} - - -void SecureSocketImpl::reset() -{ - close(); - if (_pSSL) - { - SSL_free(_pSSL); - _pSSL = 0; - } -} - - -void SecureSocketImpl::abort() -{ - _pSocket->shutdown(); -} - - -Session::Ptr SecureSocketImpl::currentSession() -{ - if (_pSSL) - { - SSL_SESSION* pSession = SSL_get1_session(_pSSL); - if (pSession) - { - if (_pSession && pSession == _pSession->sslSession()) - { - SSL_SESSION_free(pSession); - return _pSession; - } - else return new Session(pSession); - } - } - return 0; -} - - -void SecureSocketImpl::useSession(Session::Ptr pSession) -{ - _pSession = pSession; -} - - -bool SecureSocketImpl::sessionWasReused() -{ - if (_pSSL) - return SSL_session_reused(_pSSL) != 0; - else - return false; -} - - -} } // namespace Poco::Net + return true; + else + throw Poco::TimeoutException(); + } + break; + case SSL_ERROR_SYSCALL: + return socketError == POCO_EAGAIN || socketError == POCO_EINTR; + default: + return socketError == POCO_EINTR; + } + } + return false; +} + + +int SecureSocketImpl::handleError(int rc) +{ + if (rc > 0) return rc; + + int sslError = SSL_get_error(_pSSL, rc); + int error = SocketImpl::lastError(); + + switch (sslError) + { + case SSL_ERROR_ZERO_RETURN: + return 0; + case SSL_ERROR_WANT_READ: + return SecureStreamSocket::ERR_SSL_WANT_READ; + case SSL_ERROR_WANT_WRITE: + return SecureStreamSocket::ERR_SSL_WANT_WRITE; + case SSL_ERROR_WANT_CONNECT: + case SSL_ERROR_WANT_ACCEPT: + case SSL_ERROR_WANT_X509_LOOKUP: + // these should not occur + poco_bugcheck(); + return rc; + case SSL_ERROR_SYSCALL: + if (error != 0) + { + SocketImpl::error(error); + } + // fallthrough + default: + { + long lastError = ERR_get_error(); + if (lastError == 0) + { + if (rc == 0) + { + // Most web browsers do this, don't report an error + if (_pContext->isForServerUse()) + return 0; + else + throw SSLConnectionUnexpectedlyClosedException(); + } + else if (rc == -1) + { + throw SSLConnectionUnexpectedlyClosedException(); + } + else + { + SecureStreamSocketImpl::error(Poco::format("The BIO reported an error: %d", rc)); + } + } + else + { + char buffer[256]; + ERR_error_string_n(lastError, buffer, sizeof(buffer)); + std::string msg(buffer); + throw SSLException(msg); + } + } + break; + } + return rc; +} + + +void SecureSocketImpl::setPeerHostName(const std::string& peerHostName) +{ + _peerHostName = peerHostName; +} + + +void SecureSocketImpl::reset() +{ + close(); + if (_pSSL) + { + SSL_free(_pSSL); + _pSSL = 0; + } +} + + +void SecureSocketImpl::abort() +{ + _pSocket->shutdown(); +} + + +Session::Ptr SecureSocketImpl::currentSession() +{ + if (_pSSL) + { + SSL_SESSION* pSession = SSL_get1_session(_pSSL); + if (pSession) + { + if (_pSession && pSession == _pSession->sslSession()) + { + SSL_SESSION_free(pSession); + return _pSession; + } + else return new Session(pSession); + } + } + return 0; +} + + +void SecureSocketImpl::useSession(Session::Ptr pSession) +{ + _pSession = pSession; +} + + +bool SecureSocketImpl::sessionWasReused() +{ + if (_pSSL) + return SSL_session_reused(_pSSL) != 0; + else + return false; +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocket.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocket.cpp index a62fcd33d4..f4766ca6f9 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocket.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocket.cpp @@ -1,287 +1,287 @@ -// -// SecureStreamSocket.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureStreamSocket -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/SecureStreamSocket.h" -#include "Poco/Net/SecureStreamSocketImpl.h" -#include "Poco/Net/SocketImpl.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/Exception.h" - - -using Poco::InvalidArgumentException; - - -namespace Poco { -namespace Net { - - -SecureStreamSocket::SecureStreamSocket(): - StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext())) -{ -} - - -SecureStreamSocket::SecureStreamSocket(Context::Ptr pContext): - StreamSocket(new SecureStreamSocketImpl(pContext)) -{ -} - - -SecureStreamSocket::SecureStreamSocket(Context::Ptr pContext, Session::Ptr pSession): - StreamSocket(new SecureStreamSocketImpl(pContext)) -{ - useSession(pSession); -} - - -SecureStreamSocket::SecureStreamSocket(const SocketAddress& address): - StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext())) -{ - connect(address); -} - - -SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName): - StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext())) -{ - static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName); - connect(address); -} - - -SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext): - StreamSocket(new SecureStreamSocketImpl(pContext)) -{ - connect(address); -} - - -SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext, Session::Ptr pSession): - StreamSocket(new SecureStreamSocketImpl(pContext)) -{ - useSession(pSession); - connect(address); -} - - -SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext): - StreamSocket(new SecureStreamSocketImpl(pContext)) -{ - static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName); - connect(address); -} - - -SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession): - StreamSocket(new SecureStreamSocketImpl(pContext)) -{ - static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName); - useSession(pSession); - connect(address); -} - - -SecureStreamSocket::SecureStreamSocket(const Socket& socket): - StreamSocket(socket) -{ - if (!dynamic_cast<SecureStreamSocketImpl*>(impl())) - throw InvalidArgumentException("Cannot assign incompatible socket"); -} - - -SecureStreamSocket::SecureStreamSocket(SocketImpl* pImpl): - StreamSocket(pImpl) -{ - if (!dynamic_cast<SecureStreamSocketImpl*>(impl())) - throw InvalidArgumentException("Cannot assign incompatible socket"); -} - - -SecureStreamSocket::~SecureStreamSocket() -{ -} - - -SecureStreamSocket& SecureStreamSocket::operator = (const Socket& socket) -{ - if (dynamic_cast<SecureStreamSocketImpl*>(socket.impl())) - StreamSocket::operator = (socket); - else - throw InvalidArgumentException("Cannot assign incompatible socket"); - return *this; -} - - -bool SecureStreamSocket::havePeerCertificate() const -{ - return static_cast<SecureStreamSocketImpl*>(impl())->havePeerCertificate(); -} - - -X509Certificate SecureStreamSocket::peerCertificate() const -{ - return static_cast<SecureStreamSocketImpl*>(impl())->peerCertificate(); -} - - -void SecureStreamSocket::setPeerHostName(const std::string& hostName) -{ - static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName); -} - - -const std::string& SecureStreamSocket::getPeerHostName() const -{ - return static_cast<SecureStreamSocketImpl*>(impl())->getPeerHostName(); -} - - -SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket) -{ - SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext()); - SecureStreamSocket result(pImpl); - if (pImpl->context()->isForServerUse()) - pImpl->acceptSSL(); - else - pImpl->connectSSL(); - return result; -} - - -SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, Context::Ptr pContext) -{ - SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); - SecureStreamSocket result(pImpl); - if (pImpl->context()->isForServerUse()) - pImpl->acceptSSL(); - else - pImpl->connectSSL(); - return result; -} - - -SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, Context::Ptr pContext, Session::Ptr pSession) -{ - SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); - SecureStreamSocket result(pImpl); - result.useSession(pSession); - if (pImpl->context()->isForServerUse()) - pImpl->acceptSSL(); - else - pImpl->connectSSL(); - return result; -} - - -SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName) -{ - SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext()); - SecureStreamSocket result(pImpl); - result.setPeerHostName(peerHostName); - if (pImpl->context()->isForServerUse()) - pImpl->acceptSSL(); - else - pImpl->connectSSL(); - return result; -} - - -SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext) -{ - SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); - SecureStreamSocket result(pImpl); - result.setPeerHostName(peerHostName); - if (pImpl->context()->isForServerUse()) - pImpl->acceptSSL(); - else - pImpl->connectSSL(); - return result; -} - - -SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext, Session::Ptr pSession) -{ - SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); - SecureStreamSocket result(pImpl); - result.setPeerHostName(peerHostName); - result.useSession(pSession); - if (pImpl->context()->isForServerUse()) - pImpl->acceptSSL(); - else - pImpl->connectSSL(); - return result; -} - - -Context::Ptr SecureStreamSocket::context() const -{ - return static_cast<SecureStreamSocketImpl*>(impl())->context(); -} - - -void SecureStreamSocket::setLazyHandshake(bool flag) -{ - static_cast<SecureStreamSocketImpl*>(impl())->setLazyHandshake(flag); -} - - -bool SecureStreamSocket::getLazyHandshake() const -{ - return static_cast<SecureStreamSocketImpl*>(impl())->getLazyHandshake(); -} - - -void SecureStreamSocket::verifyPeerCertificate() -{ - static_cast<SecureStreamSocketImpl*>(impl())->verifyPeerCertificate(); -} - - -void SecureStreamSocket::verifyPeerCertificate(const std::string& hostName) -{ - static_cast<SecureStreamSocketImpl*>(impl())->verifyPeerCertificate(hostName); -} - - -int SecureStreamSocket::completeHandshake() -{ - return static_cast<SecureStreamSocketImpl*>(impl())->completeHandshake(); -} - - -Session::Ptr SecureStreamSocket::currentSession() -{ - return static_cast<SecureStreamSocketImpl*>(impl())->currentSession(); -} - - -void SecureStreamSocket::useSession(Session::Ptr pSession) -{ - static_cast<SecureStreamSocketImpl*>(impl())->useSession(pSession); -} - - -bool SecureStreamSocket::sessionWasReused() -{ - return static_cast<SecureStreamSocketImpl*>(impl())->sessionWasReused(); -} - - -void SecureStreamSocket::abort() -{ - static_cast<SecureStreamSocketImpl*>(impl())->abort(); -} - - -} } // namespace Poco::Net +// +// SecureStreamSocket.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureStreamSocket +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/SecureStreamSocket.h" +#include "Poco/Net/SecureStreamSocketImpl.h" +#include "Poco/Net/SocketImpl.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/Exception.h" + + +using Poco::InvalidArgumentException; + + +namespace Poco { +namespace Net { + + +SecureStreamSocket::SecureStreamSocket(): + StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext())) +{ +} + + +SecureStreamSocket::SecureStreamSocket(Context::Ptr pContext): + StreamSocket(new SecureStreamSocketImpl(pContext)) +{ +} + + +SecureStreamSocket::SecureStreamSocket(Context::Ptr pContext, Session::Ptr pSession): + StreamSocket(new SecureStreamSocketImpl(pContext)) +{ + useSession(pSession); +} + + +SecureStreamSocket::SecureStreamSocket(const SocketAddress& address): + StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext())) +{ + connect(address); +} + + +SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName): + StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext())) +{ + static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName); + connect(address); +} + + +SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext): + StreamSocket(new SecureStreamSocketImpl(pContext)) +{ + connect(address); +} + + +SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext, Session::Ptr pSession): + StreamSocket(new SecureStreamSocketImpl(pContext)) +{ + useSession(pSession); + connect(address); +} + + +SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext): + StreamSocket(new SecureStreamSocketImpl(pContext)) +{ + static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName); + connect(address); +} + + +SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession): + StreamSocket(new SecureStreamSocketImpl(pContext)) +{ + static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName); + useSession(pSession); + connect(address); +} + + +SecureStreamSocket::SecureStreamSocket(const Socket& socket): + StreamSocket(socket) +{ + if (!dynamic_cast<SecureStreamSocketImpl*>(impl())) + throw InvalidArgumentException("Cannot assign incompatible socket"); +} + + +SecureStreamSocket::SecureStreamSocket(SocketImpl* pImpl): + StreamSocket(pImpl) +{ + if (!dynamic_cast<SecureStreamSocketImpl*>(impl())) + throw InvalidArgumentException("Cannot assign incompatible socket"); +} + + +SecureStreamSocket::~SecureStreamSocket() +{ +} + + +SecureStreamSocket& SecureStreamSocket::operator = (const Socket& socket) +{ + if (dynamic_cast<SecureStreamSocketImpl*>(socket.impl())) + StreamSocket::operator = (socket); + else + throw InvalidArgumentException("Cannot assign incompatible socket"); + return *this; +} + + +bool SecureStreamSocket::havePeerCertificate() const +{ + return static_cast<SecureStreamSocketImpl*>(impl())->havePeerCertificate(); +} + + +X509Certificate SecureStreamSocket::peerCertificate() const +{ + return static_cast<SecureStreamSocketImpl*>(impl())->peerCertificate(); +} + + +void SecureStreamSocket::setPeerHostName(const std::string& hostName) +{ + static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName); +} + + +const std::string& SecureStreamSocket::getPeerHostName() const +{ + return static_cast<SecureStreamSocketImpl*>(impl())->getPeerHostName(); +} + + +SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket) +{ + SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext()); + SecureStreamSocket result(pImpl); + if (pImpl->context()->isForServerUse()) + pImpl->acceptSSL(); + else + pImpl->connectSSL(); + return result; +} + + +SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, Context::Ptr pContext) +{ + SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); + SecureStreamSocket result(pImpl); + if (pImpl->context()->isForServerUse()) + pImpl->acceptSSL(); + else + pImpl->connectSSL(); + return result; +} + + +SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, Context::Ptr pContext, Session::Ptr pSession) +{ + SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); + SecureStreamSocket result(pImpl); + result.useSession(pSession); + if (pImpl->context()->isForServerUse()) + pImpl->acceptSSL(); + else + pImpl->connectSSL(); + return result; +} + + +SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName) +{ + SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext()); + SecureStreamSocket result(pImpl); + result.setPeerHostName(peerHostName); + if (pImpl->context()->isForServerUse()) + pImpl->acceptSSL(); + else + pImpl->connectSSL(); + return result; +} + + +SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext) +{ + SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); + SecureStreamSocket result(pImpl); + result.setPeerHostName(peerHostName); + if (pImpl->context()->isForServerUse()) + pImpl->acceptSSL(); + else + pImpl->connectSSL(); + return result; +} + + +SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext, Session::Ptr pSession) +{ + SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); + SecureStreamSocket result(pImpl); + result.setPeerHostName(peerHostName); + result.useSession(pSession); + if (pImpl->context()->isForServerUse()) + pImpl->acceptSSL(); + else + pImpl->connectSSL(); + return result; +} + + +Context::Ptr SecureStreamSocket::context() const +{ + return static_cast<SecureStreamSocketImpl*>(impl())->context(); +} + + +void SecureStreamSocket::setLazyHandshake(bool flag) +{ + static_cast<SecureStreamSocketImpl*>(impl())->setLazyHandshake(flag); +} + + +bool SecureStreamSocket::getLazyHandshake() const +{ + return static_cast<SecureStreamSocketImpl*>(impl())->getLazyHandshake(); +} + + +void SecureStreamSocket::verifyPeerCertificate() +{ + static_cast<SecureStreamSocketImpl*>(impl())->verifyPeerCertificate(); +} + + +void SecureStreamSocket::verifyPeerCertificate(const std::string& hostName) +{ + static_cast<SecureStreamSocketImpl*>(impl())->verifyPeerCertificate(hostName); +} + + +int SecureStreamSocket::completeHandshake() +{ + return static_cast<SecureStreamSocketImpl*>(impl())->completeHandshake(); +} + + +Session::Ptr SecureStreamSocket::currentSession() +{ + return static_cast<SecureStreamSocketImpl*>(impl())->currentSession(); +} + + +void SecureStreamSocket::useSession(Session::Ptr pSession) +{ + static_cast<SecureStreamSocketImpl*>(impl())->useSession(pSession); +} + + +bool SecureStreamSocket::sessionWasReused() +{ + return static_cast<SecureStreamSocketImpl*>(impl())->sessionWasReused(); +} + + +void SecureStreamSocket::abort() +{ + static_cast<SecureStreamSocketImpl*>(impl())->abort(); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp index d562fe8c5b..bef198ae69 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp @@ -1,241 +1,241 @@ -// -// SecureStreamSocketImpl.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLSockets -// Module: SecureStreamSocketImpl -// -// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/SecureStreamSocketImpl.h" -#include "Poco/Net/SSLException.h" -#include "Poco/Thread.h" - - -namespace Poco { -namespace Net { - - -SecureStreamSocketImpl::SecureStreamSocketImpl(Context::Ptr pContext): +// +// SecureStreamSocketImpl.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLSockets +// Module: SecureStreamSocketImpl +// +// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/SecureStreamSocketImpl.h" +#include "Poco/Net/SSLException.h" +#include "Poco/Thread.h" + + +namespace Poco { +namespace Net { + + +SecureStreamSocketImpl::SecureStreamSocketImpl(Context::Ptr pContext): underlying_socket(new StreamSocketImpl), _impl(underlying_socket, pContext), - _lazyHandshake(false) -{ -} - - -SecureStreamSocketImpl::SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext): + _lazyHandshake(false) +{ +} + + +SecureStreamSocketImpl::SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext): underlying_socket(pStreamSocket), _impl(underlying_socket, pContext), - _lazyHandshake(false) -{ - pStreamSocket->duplicate(); - reset(_impl.sockfd()); -} - - -SecureStreamSocketImpl::~SecureStreamSocketImpl() -{ - try - { - reset(); - } - catch (...) - { - poco_unexpected(); - } -} - + _lazyHandshake(false) +{ + pStreamSocket->duplicate(); + reset(_impl.sockfd()); +} + + +SecureStreamSocketImpl::~SecureStreamSocketImpl() +{ + try + { + reset(); + } + catch (...) + { + poco_unexpected(); + } +} + void SecureStreamSocketImpl::setSendTimeout(const Poco::Timespan& timeout) { underlying_socket->setSendTimeout(timeout); _sndTimeout = underlying_socket->getSendTimeout(); } - + void SecureStreamSocketImpl::setReceiveTimeout(const Poco::Timespan& timeout) { underlying_socket->setReceiveTimeout(timeout); _recvTimeout = underlying_socket->getReceiveTimeout(); } -SocketImpl* SecureStreamSocketImpl::acceptConnection(SocketAddress& /*clientAddr*/) -{ - throw Poco::InvalidAccessException("Cannot acceptConnection() on a SecureStreamSocketImpl"); -} - - -void SecureStreamSocketImpl::acceptSSL() -{ - _impl.acceptSSL(); -} - - -void SecureStreamSocketImpl::connect(const SocketAddress& address) -{ - _impl.connect(address, !_lazyHandshake); - reset(_impl.sockfd()); -} - - -void SecureStreamSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout) -{ - _impl.connect(address, timeout, !_lazyHandshake); - reset(_impl.sockfd()); -} - - -void SecureStreamSocketImpl::connectNB(const SocketAddress& address) -{ - _impl.connectNB(address); - reset(_impl.sockfd()); -} - - -void SecureStreamSocketImpl::connectSSL() -{ - _impl.connectSSL(!_lazyHandshake); -} - - -void SecureStreamSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort) -{ - throw Poco::InvalidAccessException("Cannot bind() a SecureStreamSocketImpl"); -} - - -void SecureStreamSocketImpl::listen(int /*backlog*/) -{ - throw Poco::InvalidAccessException("Cannot listen() on a SecureStreamSocketImpl"); -} - - -void SecureStreamSocketImpl::close() -{ - reset(); - _impl.close(); -} - - -void SecureStreamSocketImpl::abort() -{ - reset(); - _impl.abort(); -} - - -int SecureStreamSocketImpl::sendBytes(const void* buffer, int length, int flags) -{ - return _impl.sendBytes(buffer, length, flags); -} - - -int SecureStreamSocketImpl::receiveBytes(void* buffer, int length, int flags) -{ - return _impl.receiveBytes(buffer, length, flags); -} - - -int SecureStreamSocketImpl::sendTo(const void* /*buffer*/, int /*length*/, const SocketAddress& /*address*/, int /*flags*/) -{ - throw Poco::InvalidAccessException("Cannot sendTo() on a SecureStreamSocketImpl"); -} - - -int SecureStreamSocketImpl::receiveFrom(void* /*buffer*/, int /*length*/, SocketAddress& /*address*/, int /*flags*/) -{ - throw Poco::InvalidAccessException("Cannot receiveFrom() on a SecureStreamSocketImpl"); -} - - -void SecureStreamSocketImpl::sendUrgent(unsigned char /*data*/) -{ - throw Poco::InvalidAccessException("Cannot sendUrgent() on a SecureStreamSocketImpl"); -} - - -int SecureStreamSocketImpl::available() -{ - return _impl.available(); -} - - -void SecureStreamSocketImpl::shutdownReceive() -{ -} - - -void SecureStreamSocketImpl::shutdownSend() -{ -} - - -void SecureStreamSocketImpl::shutdown() -{ - _impl.shutdown(); -} - - -bool SecureStreamSocketImpl::secure() const -{ - return true; -} - - -bool SecureStreamSocketImpl::havePeerCertificate() const -{ - X509* pCert = _impl.peerCertificate(); - if (pCert) - { - X509_free(pCert); - return true; - } - else return false; -} - - -X509Certificate SecureStreamSocketImpl::peerCertificate() const -{ - X509* pCert = _impl.peerCertificate(); - if (pCert) - return X509Certificate(pCert); - else - throw SSLException("No certificate available"); -} - - -void SecureStreamSocketImpl::setLazyHandshake(bool flag) -{ - _lazyHandshake = flag; -} - - -bool SecureStreamSocketImpl::getLazyHandshake() const -{ - return _lazyHandshake; -} - - -void SecureStreamSocketImpl::verifyPeerCertificate() -{ - _impl.verifyPeerCertificate(); -} - - -void SecureStreamSocketImpl::verifyPeerCertificate(const std::string& hostName) -{ - _impl.verifyPeerCertificate(hostName); -} - - -int SecureStreamSocketImpl::completeHandshake() -{ - return _impl.completeHandshake(); -} - - -} } // namespace Poco::Net +SocketImpl* SecureStreamSocketImpl::acceptConnection(SocketAddress& /*clientAddr*/) +{ + throw Poco::InvalidAccessException("Cannot acceptConnection() on a SecureStreamSocketImpl"); +} + + +void SecureStreamSocketImpl::acceptSSL() +{ + _impl.acceptSSL(); +} + + +void SecureStreamSocketImpl::connect(const SocketAddress& address) +{ + _impl.connect(address, !_lazyHandshake); + reset(_impl.sockfd()); +} + + +void SecureStreamSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout) +{ + _impl.connect(address, timeout, !_lazyHandshake); + reset(_impl.sockfd()); +} + + +void SecureStreamSocketImpl::connectNB(const SocketAddress& address) +{ + _impl.connectNB(address); + reset(_impl.sockfd()); +} + + +void SecureStreamSocketImpl::connectSSL() +{ + _impl.connectSSL(!_lazyHandshake); +} + + +void SecureStreamSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort) +{ + throw Poco::InvalidAccessException("Cannot bind() a SecureStreamSocketImpl"); +} + + +void SecureStreamSocketImpl::listen(int /*backlog*/) +{ + throw Poco::InvalidAccessException("Cannot listen() on a SecureStreamSocketImpl"); +} + + +void SecureStreamSocketImpl::close() +{ + reset(); + _impl.close(); +} + + +void SecureStreamSocketImpl::abort() +{ + reset(); + _impl.abort(); +} + + +int SecureStreamSocketImpl::sendBytes(const void* buffer, int length, int flags) +{ + return _impl.sendBytes(buffer, length, flags); +} + + +int SecureStreamSocketImpl::receiveBytes(void* buffer, int length, int flags) +{ + return _impl.receiveBytes(buffer, length, flags); +} + + +int SecureStreamSocketImpl::sendTo(const void* /*buffer*/, int /*length*/, const SocketAddress& /*address*/, int /*flags*/) +{ + throw Poco::InvalidAccessException("Cannot sendTo() on a SecureStreamSocketImpl"); +} + + +int SecureStreamSocketImpl::receiveFrom(void* /*buffer*/, int /*length*/, SocketAddress& /*address*/, int /*flags*/) +{ + throw Poco::InvalidAccessException("Cannot receiveFrom() on a SecureStreamSocketImpl"); +} + + +void SecureStreamSocketImpl::sendUrgent(unsigned char /*data*/) +{ + throw Poco::InvalidAccessException("Cannot sendUrgent() on a SecureStreamSocketImpl"); +} + + +int SecureStreamSocketImpl::available() +{ + return _impl.available(); +} + + +void SecureStreamSocketImpl::shutdownReceive() +{ +} + + +void SecureStreamSocketImpl::shutdownSend() +{ +} + + +void SecureStreamSocketImpl::shutdown() +{ + _impl.shutdown(); +} + + +bool SecureStreamSocketImpl::secure() const +{ + return true; +} + + +bool SecureStreamSocketImpl::havePeerCertificate() const +{ + X509* pCert = _impl.peerCertificate(); + if (pCert) + { + X509_free(pCert); + return true; + } + else return false; +} + + +X509Certificate SecureStreamSocketImpl::peerCertificate() const +{ + X509* pCert = _impl.peerCertificate(); + if (pCert) + return X509Certificate(pCert); + else + throw SSLException("No certificate available"); +} + + +void SecureStreamSocketImpl::setLazyHandshake(bool flag) +{ + _lazyHandshake = flag; +} + + +bool SecureStreamSocketImpl::getLazyHandshake() const +{ + return _lazyHandshake; +} + + +void SecureStreamSocketImpl::verifyPeerCertificate() +{ + _impl.verifyPeerCertificate(); +} + + +void SecureStreamSocketImpl::verifyPeerCertificate(const std::string& hostName) +{ + _impl.verifyPeerCertificate(hostName); +} + + +int SecureStreamSocketImpl::completeHandshake() +{ + return _impl.completeHandshake(); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/Session.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/Session.cpp index a4e0989d53..96a507d946 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/Session.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/Session.cpp @@ -1,40 +1,40 @@ -// -// Session.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: Session -// -// Copyright (c) 2010, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#if defined(__APPLE__) -// Some OpenSSL functions are deprecated in OS X 10.7 -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif - - -#include "Poco/Net/Session.h" - - -namespace Poco { -namespace Net { - - -Session::Session(SSL_SESSION* pSession): - _pSession(pSession) -{ -} - - -Session::~Session() -{ - SSL_SESSION_free(_pSession); -} - - -} } // namespace Poco::Net +// +// Session.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: Session +// +// Copyright (c) 2010, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#if defined(__APPLE__) +// Some OpenSSL functions are deprecated in OS X 10.7 +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + + +#include "Poco/Net/Session.h" + + +namespace Poco { +namespace Net { + + +Session::Session(SSL_SESSION* pSession): + _pSession(pSession) +{ +} + + +Session::~Session() +{ + SSL_SESSION_free(_pSession); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/Utility.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/Utility.cpp index f6ab6cbeb6..5428b76996 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/Utility.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/Utility.cpp @@ -1,71 +1,71 @@ -// -// Utility.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: Utility -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/Utility.h" -#include "Poco/String.h" -#include "Poco/Util/OptionException.h" -#include <openssl/err.h> - - -namespace Poco { -namespace Net { - - -Context::VerificationMode Utility::convertVerificationMode(const std::string& vMode) -{ - std::string mode = Poco::toLower(vMode); - Context::VerificationMode verMode = Context::VERIFY_STRICT; - - if (mode == "none") - verMode = Context::VERIFY_NONE; - else if (mode == "relaxed") - verMode = Context::VERIFY_RELAXED; - else if (mode == "strict") - verMode = Context::VERIFY_STRICT; - else if (mode == "once") - verMode = Context::VERIFY_ONCE; - else - throw Poco::InvalidArgumentException("Invalid verification mode. Should be relaxed, strict or once but got", vMode); - - return verMode; -} - - -std::string Utility::convertCertificateError(long errCode) -{ - std::string errMsg(X509_verify_cert_error_string(errCode)); - return errMsg; -} - - -std::string Utility::getLastError() -{ - unsigned long errCode = ERR_get_error(); - if (errCode != 0) - { - char buffer[256]; - ERR_error_string_n(errCode, buffer, sizeof(buffer)); - return std::string(buffer); - } - else return "No error"; -} - - -void Utility::clearErrorStack() -{ - ERR_clear_error(); -} - - -} } // namespace Poco::Net +// +// Utility.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: Utility +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/Utility.h" +#include "Poco/String.h" +#include "Poco/Util/OptionException.h" +#include <openssl/err.h> + + +namespace Poco { +namespace Net { + + +Context::VerificationMode Utility::convertVerificationMode(const std::string& vMode) +{ + std::string mode = Poco::toLower(vMode); + Context::VerificationMode verMode = Context::VERIFY_STRICT; + + if (mode == "none") + verMode = Context::VERIFY_NONE; + else if (mode == "relaxed") + verMode = Context::VERIFY_RELAXED; + else if (mode == "strict") + verMode = Context::VERIFY_STRICT; + else if (mode == "once") + verMode = Context::VERIFY_ONCE; + else + throw Poco::InvalidArgumentException("Invalid verification mode. Should be relaxed, strict or once but got", vMode); + + return verMode; +} + + +std::string Utility::convertCertificateError(long errCode) +{ + std::string errMsg(X509_verify_cert_error_string(errCode)); + return errMsg; +} + + +std::string Utility::getLastError() +{ + unsigned long errCode = ERR_get_error(); + if (errCode != 0) + { + char buffer[256]; + ERR_error_string_n(errCode, buffer, sizeof(buffer)); + return std::string(buffer); + } + else return "No error"; +} + + +void Utility::clearErrorStack() +{ + ERR_clear_error(); +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp index cb6917340a..f7f6451b1c 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp @@ -1,37 +1,37 @@ -// -// VerificationErrorArgs.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: VerificationErrorArgs -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/VerificationErrorArgs.h" - - -namespace Poco { -namespace Net { - - -VerificationErrorArgs::VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg): - _cert(cert), - _errorDepth(errDepth), - _errorNumber(errNum), - _errorMessage(errMsg), - _ignoreError(false) -{ -} - - -VerificationErrorArgs::~VerificationErrorArgs() -{ -} - - -} } // namespace Poco::Net +// +// VerificationErrorArgs.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: VerificationErrorArgs +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/VerificationErrorArgs.h" + + +namespace Poco { +namespace Net { + + +VerificationErrorArgs::VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg): + _cert(cert), + _errorDepth(errDepth), + _errorNumber(errNum), + _errorMessage(errMsg), + _ignoreError(false) +{ +} + + +VerificationErrorArgs::~VerificationErrorArgs() +{ +} + + +} } // namespace Poco::Net diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/X509Certificate.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/X509Certificate.cpp index 188d909790..54651c3ac8 100644 --- a/contrib/libs/poco/NetSSL_OpenSSL/src/X509Certificate.cpp +++ b/contrib/libs/poco/NetSSL_OpenSSL/src/X509Certificate.cpp @@ -1,175 +1,175 @@ -// -// X509Certificate.cpp -// -// Library: NetSSL_OpenSSL -// Package: SSLCore -// Module: X509Certificate -// -// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. -// and Contributors. -// -// SPDX-License-Identifier: BSL-1.0 -// - - -#include "Poco/Net/X509Certificate.h" -#include "Poco/Net/SSLException.h" -#include "Poco/Net/SSLManager.h" -#include "Poco/Net/DNS.h" -#include "Poco/TemporaryFile.h" -#include "Poco/FileStream.h" -#include "Poco/StreamCopier.h" -#include "Poco/String.h" -#include "Poco/RegularExpression.h" -#include "Poco/DateTimeParser.h" -#include <openssl/pem.h> -#include <openssl/x509v3.h> -#include <openssl/err.h> - - -namespace Poco { -namespace Net { - - -X509Certificate::X509Certificate(std::istream& istr): - Poco::Crypto::X509Certificate(istr) -{ -} - - -X509Certificate::X509Certificate(const std::string& path): - Poco::Crypto::X509Certificate(path) -{ -} - - -X509Certificate::X509Certificate(X509* pCert): - Poco::Crypto::X509Certificate(pCert) -{ -} - - -X509Certificate::X509Certificate(X509* pCert, bool shared): - Poco::Crypto::X509Certificate(pCert, shared) -{ -} - - -X509Certificate::X509Certificate(const Poco::Crypto::X509Certificate& cert): - Poco::Crypto::X509Certificate(cert) -{ -} - - -X509Certificate& X509Certificate::operator = (const Poco::Crypto::X509Certificate& cert) -{ - X509Certificate tmp(cert); - swap(tmp); - return *this; -} - - -X509Certificate::~X509Certificate() -{ -} - - -bool X509Certificate::verify(const std::string& hostName) const -{ - return verify(*this, hostName); -} - - -bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, const std::string& hostName) -{ -#if OPENSSL_VERSION_NUMBER < 0x10002000L - std::string commonName; - std::set<std::string> dnsNames; - certificate.extractNames(commonName, dnsNames); - if (!commonName.empty()) dnsNames.insert(commonName); - bool ok = (dnsNames.find(hostName) != dnsNames.end()); - if (!ok) - { - for (std::set<std::string>::const_iterator it = dnsNames.begin(); !ok && it != dnsNames.end(); ++it) - { - try - { - // two cases: name contains wildcards or not - if (containsWildcards(*it)) - { - // a compare by IPAddress is not possible with wildcards - // only allow compare by name - ok = matchWildcard(*it, hostName); - } - else - { - // it depends on hostName whether we compare by IP or by alias - IPAddress ip; - if (IPAddress::tryParse(hostName, ip)) - { - // compare by IP - const HostEntry& heData = DNS::resolve(*it); - const HostEntry::AddressList& addr = heData.addresses(); - HostEntry::AddressList::const_iterator it = addr.begin(); - HostEntry::AddressList::const_iterator itEnd = addr.end(); - for (; it != itEnd && !ok; ++it) - { - ok = (*it == ip); - } - } - else - { - ok = Poco::icompare(*it, hostName) == 0; - } - } - } - catch (NoAddressFoundException&) - { - } - catch (HostNotFoundException&) - { - } - } - } - return ok; -#else - if (X509_check_host(const_cast<X509*>(certificate.certificate()), hostName.c_str(), hostName.length(), 0, NULL) == 1) - { - return true; - } - else - { - IPAddress ip; - if (IPAddress::tryParse(hostName, ip)) - { - return (X509_check_ip_asc(const_cast<X509*>(certificate.certificate()), hostName.c_str(), 0) == 1); - } - } - return false; -#endif -} - - -bool X509Certificate::containsWildcards(const std::string& commonName) -{ - return (commonName.find('*') != std::string::npos || commonName.find('?') != std::string::npos); -} - - -bool X509Certificate::matchWildcard(const std::string& wildcard, const std::string& hostName) -{ - // fix wildcards - std::string wildcardExpr("^"); - wildcardExpr += Poco::replace(wildcard, ".", "\\."); - Poco::replaceInPlace(wildcardExpr, "*", ".*"); - Poco::replaceInPlace(wildcardExpr, "..*", ".*"); - Poco::replaceInPlace(wildcardExpr, "?", ".?"); - Poco::replaceInPlace(wildcardExpr, "..?", ".?"); - wildcardExpr += "$"; - - Poco::RegularExpression expr(wildcardExpr, Poco::RegularExpression::RE_CASELESS); - return expr.match(hostName); -} - - -} } // namespace Poco::Net +// +// X509Certificate.cpp +// +// Library: NetSSL_OpenSSL +// Package: SSLCore +// Module: X509Certificate +// +// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. +// and Contributors. +// +// SPDX-License-Identifier: BSL-1.0 +// + + +#include "Poco/Net/X509Certificate.h" +#include "Poco/Net/SSLException.h" +#include "Poco/Net/SSLManager.h" +#include "Poco/Net/DNS.h" +#include "Poco/TemporaryFile.h" +#include "Poco/FileStream.h" +#include "Poco/StreamCopier.h" +#include "Poco/String.h" +#include "Poco/RegularExpression.h" +#include "Poco/DateTimeParser.h" +#include <openssl/pem.h> +#include <openssl/x509v3.h> +#include <openssl/err.h> + + +namespace Poco { +namespace Net { + + +X509Certificate::X509Certificate(std::istream& istr): + Poco::Crypto::X509Certificate(istr) +{ +} + + +X509Certificate::X509Certificate(const std::string& path): + Poco::Crypto::X509Certificate(path) +{ +} + + +X509Certificate::X509Certificate(X509* pCert): + Poco::Crypto::X509Certificate(pCert) +{ +} + + +X509Certificate::X509Certificate(X509* pCert, bool shared): + Poco::Crypto::X509Certificate(pCert, shared) +{ +} + + +X509Certificate::X509Certificate(const Poco::Crypto::X509Certificate& cert): + Poco::Crypto::X509Certificate(cert) +{ +} + + +X509Certificate& X509Certificate::operator = (const Poco::Crypto::X509Certificate& cert) +{ + X509Certificate tmp(cert); + swap(tmp); + return *this; +} + + +X509Certificate::~X509Certificate() +{ +} + + +bool X509Certificate::verify(const std::string& hostName) const +{ + return verify(*this, hostName); +} + + +bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, const std::string& hostName) +{ +#if OPENSSL_VERSION_NUMBER < 0x10002000L + std::string commonName; + std::set<std::string> dnsNames; + certificate.extractNames(commonName, dnsNames); + if (!commonName.empty()) dnsNames.insert(commonName); + bool ok = (dnsNames.find(hostName) != dnsNames.end()); + if (!ok) + { + for (std::set<std::string>::const_iterator it = dnsNames.begin(); !ok && it != dnsNames.end(); ++it) + { + try + { + // two cases: name contains wildcards or not + if (containsWildcards(*it)) + { + // a compare by IPAddress is not possible with wildcards + // only allow compare by name + ok = matchWildcard(*it, hostName); + } + else + { + // it depends on hostName whether we compare by IP or by alias + IPAddress ip; + if (IPAddress::tryParse(hostName, ip)) + { + // compare by IP + const HostEntry& heData = DNS::resolve(*it); + const HostEntry::AddressList& addr = heData.addresses(); + HostEntry::AddressList::const_iterator it = addr.begin(); + HostEntry::AddressList::const_iterator itEnd = addr.end(); + for (; it != itEnd && !ok; ++it) + { + ok = (*it == ip); + } + } + else + { + ok = Poco::icompare(*it, hostName) == 0; + } + } + } + catch (NoAddressFoundException&) + { + } + catch (HostNotFoundException&) + { + } + } + } + return ok; +#else + if (X509_check_host(const_cast<X509*>(certificate.certificate()), hostName.c_str(), hostName.length(), 0, NULL) == 1) + { + return true; + } + else + { + IPAddress ip; + if (IPAddress::tryParse(hostName, ip)) + { + return (X509_check_ip_asc(const_cast<X509*>(certificate.certificate()), hostName.c_str(), 0) == 1); + } + } + return false; +#endif +} + + +bool X509Certificate::containsWildcards(const std::string& commonName) +{ + return (commonName.find('*') != std::string::npos || commonName.find('?') != std::string::npos); +} + + +bool X509Certificate::matchWildcard(const std::string& wildcard, const std::string& hostName) +{ + // fix wildcards + std::string wildcardExpr("^"); + wildcardExpr += Poco::replace(wildcard, ".", "\\."); + Poco::replaceInPlace(wildcardExpr, "*", ".*"); + Poco::replaceInPlace(wildcardExpr, "..*", ".*"); + Poco::replaceInPlace(wildcardExpr, "?", ".?"); + Poco::replaceInPlace(wildcardExpr, "..?", ".?"); + wildcardExpr += "$"; + + Poco::RegularExpression expr(wildcardExpr, Poco::RegularExpression::RE_CASELESS); + return expr.match(hostName); +} + + +} } // namespace Poco::Net |