blob: 56f7f582afda29faae970d398352a70764f48cad [file] [log] [blame]
// Copyright (c) 2017, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
#ifndef RUNTIME_BIN_SECURE_SOCKET_FILTER_H_
#define RUNTIME_BIN_SECURE_SOCKET_FILTER_H_
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <memory>
#include "bin/builtin.h"
#include "bin/reference_counting.h"
#include "bin/security_context.h"
#include "platform/utils.h"
namespace dart {
namespace bin {
/* These are defined in root_certificates.cc. */
extern const unsigned char* root_certificates_pem;
extern unsigned int root_certificates_pem_length;
class X509TrustState {
public:
X509TrustState(const X509* x509, bool is_trusted)
: x509_(x509), is_trusted_(is_trusted) {}
const X509* x509() const { return x509_; }
bool is_trusted() const { return is_trusted_; }
private:
const X509* x509_;
bool is_trusted_;
DISALLOW_COPY_AND_ASSIGN(X509TrustState);
};
class SSLFilter : public ReferenceCounted<SSLFilter> {
public:
static void Init();
static void Cleanup();
// These enums must agree with those in sdk/lib/io/secure_socket.dart.
enum BufferIndex {
kReadPlaintext,
kWritePlaintext,
kReadEncrypted,
kWriteEncrypted,
kNumBuffers,
kFirstEncrypted = kReadEncrypted
};
static const intptr_t kApproximateSize;
static const int kSSLFilterNativeFieldIndex = 0;
SSLFilter()
: callback_error(NULL),
ssl_(NULL),
socket_side_(NULL),
string_start_(NULL),
string_length_(NULL),
handshake_complete_(NULL),
bad_certificate_callback_(NULL),
in_handshake_(false),
hostname_(NULL) {}
~SSLFilter();
char* hostname() const { return hostname_; }
bool is_server() const { return is_server_; }
bool is_client() const { return !is_server_; }
Dart_Handle Init(Dart_Handle dart_this);
void Connect(const char* hostname,
SSLCertContext* context,
bool is_server,
bool request_client_certificate,
bool require_client_certificate,
Dart_Handle protocols_handle);
void Destroy();
void FreeResources();
void MarkAsTrusted(Dart_NativeArguments args);
int Handshake(Dart_Port reply_port);
void GetSelectedProtocol(Dart_NativeArguments args);
void Renegotiate(bool use_session_cache,
bool request_client_certificate,
bool require_client_certificate);
void RegisterHandshakeCompleteCallback(Dart_Handle handshake_complete);
void RegisterBadCertificateCallback(Dart_Handle callback);
void RegisterKeyLogPort(Dart_Port key_log_port);
Dart_Port key_log_port() { return key_log_port_; }
Dart_Handle bad_certificate_callback() {
return Dart_HandleFromPersistent(bad_certificate_callback_);
}
int ProcessReadPlaintextBuffer(int start, int end);
int ProcessWritePlaintextBuffer(int start, int end);
int ProcessReadEncryptedBuffer(int start, int end);
int ProcessWriteEncryptedBuffer(int start, int end);
bool ProcessAllBuffers(int starts[kNumBuffers],
int ends[kNumBuffers],
bool in_handshake);
Dart_Handle PeerCertificate();
static void InitializeLibrary();
Dart_Handle callback_error;
static CObject* ProcessFilterRequest(const CObjectArray& request);
// The index of the external data field in _ssl that points to the SSLFilter.
static int filter_ssl_index;
// The index of the external data field in _ssl that points to the
// SSLCertContext.
static int ssl_cert_context_index;
const X509TrustState* certificate_trust_state() {
return certificate_trust_state_.get();
}
Dart_Port reply_port() const { return reply_port_; }
Dart_Port trust_evaluate_reply_port() const {
return trust_evaluate_reply_port_;
}
private:
static const intptr_t kInternalBIOSize;
static bool library_initialized_;
static Mutex* mutex_; // To protect library initialization.
SSL* ssl_;
BIO* socket_side_;
// Currently only one(root) certificate is evaluated via
// TrustEvaluate mechanism.
std::unique_ptr<X509TrustState> certificate_trust_state_;
uint8_t* buffers_[kNumBuffers];
int buffer_size_;
int encrypted_buffer_size_;
Dart_PersistentHandle string_start_;
Dart_PersistentHandle string_length_;
Dart_PersistentHandle dart_buffer_objects_[kNumBuffers];
Dart_PersistentHandle handshake_complete_;
Dart_PersistentHandle bad_certificate_callback_;
bool in_handshake_;
bool is_server_;
char* hostname_;
Dart_Port reply_port_ = ILLEGAL_PORT;
Dart_Port trust_evaluate_reply_port_ = ILLEGAL_PORT;
Dart_Port key_log_port_ = ILLEGAL_PORT;
static bool IsBufferEncrypted(int i) {
return static_cast<BufferIndex>(i) >= kFirstEncrypted;
}
Dart_Handle InitializeBuffers(Dart_Handle dart_this);
void InitializePlatformData();
DISALLOW_COPY_AND_ASSIGN(SSLFilter);
};
} // namespace bin
} // namespace dart
#endif // RUNTIME_BIN_SECURE_SOCKET_FILTER_H_