2017-02-16 23:30:29 -06:00
|
|
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
|
|
|
|
/*
|
2023-11-09 12:23:00 -06:00
|
|
|
* Copyright the Collabora Online contributors.
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
|
|
*
|
2017-02-16 23:30:29 -06:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
*/
|
|
|
|
|
2020-04-18 03:39:50 -05:00
|
|
|
#pragma once
|
2017-02-16 23:30:29 -06:00
|
|
|
|
2021-03-23 12:49:34 -05:00
|
|
|
#include <common/Util.hpp>
|
|
|
|
|
2020-06-03 09:43:52 -05:00
|
|
|
#include <cassert>
|
2017-02-16 23:30:29 -06:00
|
|
|
#include <memory>
|
|
|
|
#include <string>
|
|
|
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
#include <openssl/crypto.h>
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
|
|
|
|
#include <openssl/conf.h>
|
|
|
|
#endif
|
|
|
|
|
2021-06-27 14:22:17 -05:00
|
|
|
namespace ssl
|
|
|
|
{
|
|
|
|
/// The certificate verification requirements.
|
|
|
|
enum class CertificateVerification
|
|
|
|
{
|
|
|
|
Disabled, //< No verification is performed or results ignored.
|
|
|
|
IfProvided, //< Verified if an optional certificate is provided.
|
|
|
|
Required //< Certificate must be provided and will be verified.
|
|
|
|
};
|
|
|
|
} // namespace ssl
|
|
|
|
|
|
|
|
class SslContext final
|
2017-02-16 23:30:29 -06:00
|
|
|
{
|
|
|
|
public:
|
2021-06-23 20:30:28 -05:00
|
|
|
SslContext(const std::string& certFilePath, const std::string& keyFilePath,
|
2021-06-27 14:22:17 -05:00
|
|
|
const std::string& caFilePath, const std::string& cipherList,
|
|
|
|
ssl::CertificateVerification verification);
|
2017-02-16 23:30:29 -06:00
|
|
|
|
2021-06-23 20:30:28 -05:00
|
|
|
/// Returns a new SSL Context to be used with raw API.
|
|
|
|
SSL* newSsl() { return SSL_new(_ctx); }
|
2017-02-16 23:30:29 -06:00
|
|
|
|
|
|
|
~SslContext();
|
|
|
|
|
2021-06-27 14:22:17 -05:00
|
|
|
ssl::CertificateVerification verification() const { return _verification; }
|
|
|
|
|
2017-02-16 23:30:29 -06:00
|
|
|
private:
|
2017-02-17 00:40:55 -06:00
|
|
|
void initDH();
|
|
|
|
void initECDH();
|
2017-03-27 14:14:16 -05:00
|
|
|
void shutdown();
|
2017-02-17 00:40:55 -06:00
|
|
|
|
|
|
|
std::string getLastErrorMsg();
|
|
|
|
|
2017-02-17 00:15:42 -06:00
|
|
|
// Multithreading support for OpenSSL.
|
|
|
|
// Not needed in recent (1.x?) versions.
|
|
|
|
static unsigned long id();
|
|
|
|
static struct CRYPTO_dynlock_value* dynlockCreate(const char* file, int line);
|
|
|
|
static void dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line);
|
|
|
|
static void dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line);
|
|
|
|
|
2017-02-16 23:30:29 -06:00
|
|
|
private:
|
|
|
|
SSL_CTX* _ctx;
|
2021-06-27 14:22:17 -05:00
|
|
|
const ssl::CertificateVerification _verification;
|
2017-02-16 23:30:29 -06:00
|
|
|
};
|
|
|
|
|
2021-06-23 20:30:28 -05:00
|
|
|
namespace ssl
|
|
|
|
{
|
|
|
|
class Manager
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
static void initializeServerContext(const std::string& certFilePath,
|
|
|
|
const std::string& keyFilePath,
|
|
|
|
const std::string& caFilePath,
|
2021-06-27 14:22:17 -05:00
|
|
|
const std::string& cipherList,
|
|
|
|
ssl::CertificateVerification verification)
|
2021-06-23 20:30:28 -05:00
|
|
|
{
|
|
|
|
assert(!isServerContextInitialized() &&
|
|
|
|
"Cannot initialize the server context more than once");
|
2023-07-30 09:40:21 -05:00
|
|
|
ServerInstance = std::make_unique<SslContext>(certFilePath, keyFilePath, caFilePath,
|
|
|
|
cipherList, verification);
|
2021-06-23 20:30:28 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
static void uninitializeServerContext() { ServerInstance.reset(); }
|
|
|
|
|
|
|
|
/// Returns true iff the Server SslContext has been initialized.
|
|
|
|
static bool isServerContextInitialized() { return !!ServerInstance; }
|
|
|
|
|
2021-06-27 14:22:17 -05:00
|
|
|
static SSL* newServerSsl(ssl::CertificateVerification& verification)
|
2021-06-23 20:30:28 -05:00
|
|
|
{
|
|
|
|
assert(isServerContextInitialized() && "Server SslContext is not initialized");
|
2021-06-27 14:22:17 -05:00
|
|
|
verification = ServerInstance->verification();
|
2021-06-23 20:30:28 -05:00
|
|
|
return ServerInstance->newSsl();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void initializeClientContext(const std::string& certFilePath,
|
|
|
|
const std::string& keyFilePath,
|
|
|
|
const std::string& caFilePath,
|
2021-06-27 14:22:17 -05:00
|
|
|
const std::string& cipherList,
|
|
|
|
ssl::CertificateVerification verification)
|
2021-06-23 20:30:28 -05:00
|
|
|
{
|
|
|
|
assert(!isClientContextInitialized() &&
|
|
|
|
"Cannot initialize the client context more than once");
|
2023-07-30 09:40:21 -05:00
|
|
|
ClientInstance = std::make_unique<SslContext>(certFilePath, keyFilePath, caFilePath,
|
|
|
|
cipherList, verification);
|
2021-06-23 20:30:28 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
static void uninitializeClientContext() { ClientInstance.reset(); }
|
|
|
|
|
|
|
|
/// Returns true iff the SslContext has been initialized.
|
|
|
|
static bool isClientContextInitialized() { return !!ClientInstance; }
|
|
|
|
|
2021-06-27 14:22:17 -05:00
|
|
|
static SSL* newClientSsl(ssl::CertificateVerification& verification)
|
2021-06-23 20:30:28 -05:00
|
|
|
{
|
|
|
|
assert(isClientContextInitialized() && "Client SslContext is not initialized");
|
2021-06-27 14:22:17 -05:00
|
|
|
verification = ClientInstance->verification();
|
2021-06-23 20:30:28 -05:00
|
|
|
return ClientInstance->newSsl();
|
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
static std::unique_ptr<SslContext> ServerInstance;
|
|
|
|
static std::unique_ptr<SslContext> ClientInstance;
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace ssl
|
|
|
|
|
2017-02-16 23:30:29 -06:00
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|