blob: 7081967554df846729dc48c91dfe94c1cd92d4e8 [file] [log] [blame]
// Copyright (c) 2017, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
#ifndef RUNTIME_BIN_SECURITY_CONTEXT_H_
#define RUNTIME_BIN_SECURITY_CONTEXT_H_
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include "bin/lockers.h"
#include "bin/reference_counting.h"
#include "bin/socket.h"
namespace dart {
namespace bin {
// Forward declaration
class SSLFilter;
typedef void (*TrustEvaluateHandlerFunc)(Dart_Port dest_port_id,
Dart_CObject* message);
class SSLCertContext : public ReferenceCounted<SSLCertContext> {
public:
static const intptr_t kApproximateSize;
static constexpr int kSecurityContextNativeFieldIndex = 0;
static constexpr int kX509NativeFieldIndex = 0;
explicit SSLCertContext(SSL_CTX* context)
: ReferenceCounted(),
context_(context),
alpn_protocol_string_(nullptr),
trust_builtin_(false),
allow_tls_renegotiation_(false) {}
~SSLCertContext() {
SSL_CTX_free(context_);
free(alpn_protocol_string_);
}
static int CertificateCallback(int preverify_ok, X509_STORE_CTX* store_ctx);
static void KeyLogCallback(const SSL* ssl, const char* line);
static SSLCertContext* GetSecurityContext(Dart_NativeArguments args);
static const char* GetPasswordArgument(Dart_NativeArguments args,
intptr_t index);
static void SetAlpnProtocolList(Dart_Handle protocols_handle,
SSL* ssl,
SSLCertContext* context,
bool is_server);
static const char* root_certs_file() { return root_certs_file_; }
static void set_root_certs_file(const char* root_certs_file) {
root_certs_file_ = root_certs_file;
}
static const char* root_certs_cache() { return root_certs_cache_; }
static void set_root_certs_cache(const char* root_certs_cache) {
root_certs_cache_ = root_certs_cache;
}
void SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
const char* password);
void SetClientAuthoritiesBytes(Dart_Handle client_authorities_bytes,
const char* password);
int UseCertificateChainBytes(Dart_Handle cert_chain_bytes,
const char* password);
void TrustBuiltinRoots();
SSL_CTX* context() const { return context_; }
uint8_t* alpn_protocol_string() const { return alpn_protocol_string_; }
void set_alpn_protocol_string(uint8_t* protocol_string) {
if (alpn_protocol_string_ != nullptr) {
free(alpn_protocol_string_);
}
alpn_protocol_string_ = protocol_string;
}
bool trust_builtin() const { return trust_builtin_; }
void set_allow_tls_renegotiation(bool allow) {
allow_tls_renegotiation_ = allow;
}
bool allow_tls_renegotiation() const { return allow_tls_renegotiation_; }
void set_trust_builtin(bool trust_builtin) { trust_builtin_ = trust_builtin; }
void RegisterCallbacks(SSL* ssl);
TrustEvaluateHandlerFunc GetTrustEvaluateHandler() const;
static bool long_ssl_cert_evaluation() { return long_ssl_cert_evaluation_; }
static void set_long_ssl_cert_evaluation(bool long_ssl_cert_evaluation) {
long_ssl_cert_evaluation_ = long_ssl_cert_evaluation;
}
static bool bypass_trusting_system_roots() {
return bypass_trusting_system_roots_;
}
static void set_bypass_trusting_system_roots(
bool bypass_trusting_system_roots) {
bypass_trusting_system_roots_ = bypass_trusting_system_roots;
}
private:
void AddCompiledInCerts();
void LoadRootCertFile(const char* file);
void LoadRootCertCache(const char* cache);
static const char* root_certs_file_;
static const char* root_certs_cache_;
SSL_CTX* context_;
uint8_t* alpn_protocol_string_;
bool trust_builtin_;
bool allow_tls_renegotiation_;
static bool long_ssl_cert_evaluation_;
static bool bypass_trusting_system_roots_;
DISALLOW_COPY_AND_ASSIGN(SSLCertContext);
};
class X509Helper : public AllStatic {
public:
static Dart_Handle GetDer(Dart_NativeArguments args);
static Dart_Handle GetPem(Dart_NativeArguments args);
static Dart_Handle GetSha1(Dart_NativeArguments args);
static Dart_Handle GetSubject(Dart_NativeArguments args);
static Dart_Handle GetIssuer(Dart_NativeArguments args);
static Dart_Handle GetStartValidity(Dart_NativeArguments args);
static Dart_Handle GetEndValidity(Dart_NativeArguments args);
static Dart_Handle WrappedX509Certificate(X509* certificate);
};
} // namespace bin
} // namespace dart
#endif // RUNTIME_BIN_SECURITY_CONTEXT_H_