nb: SSL socket support in wsd

Change-Id: I21e8b2d04caf7da872fe07b4950b02a8c52a3552
This commit is contained in:
Ashod Nakashian 2017-02-27 00:01:17 -05:00 committed by Jan Holesovsky
parent d488efd3b7
commit 9bf8720d2b
3 changed files with 57 additions and 12 deletions

View file

@ -24,8 +24,19 @@ include_paths = -I${top_srcdir}/common -I${top_srcdir}/net -I${top_srcdir}/wsd -
AM_CPPFLAGS = -pthread -DLOOLWSD_DATADIR='"@LOOLWSD_DATADIR@"' -DLOOLWSD_CONFIGDIR='"@LOOLWSD_CONFIGDIR@"' ${include_paths}
AM_LDFLAGS = -pthread -Wl,-E
loolforkit_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
loolforkit_nocaps_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
loolmount_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
loolnb_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib -lssl -lcrypto
loolnb_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
loolwsd_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
loolwsd_fuzzer_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
if ENABLE_SSL
loolforkit_LDFLAGS += -lssl -lcrypto
loolforkit_nocaps_LDFLAGS += -lssl -lcrypto
loolnb_LDFLAGS += -lssl -lcrypto
loolwsd_LDFLAGS += -lssl -lcrypto
loolwsd_fuzzer_LDFLAGS += -lssl -lcrypto
endif
loolwsd_fuzzer_CPPFLAGS = -DKIT_IN_PROCESS=1 -DFUZZER=1 -DTDOC=\"$(abs_top_srcdir)/test/data\" $(AM_CPPFLAGS)
@ -43,8 +54,11 @@ shared_sources = common/FileUtil.cpp \
common/Unit.cpp \
common/UnitHTTP.cpp \
common/Util.cpp \
tools/Replay.hpp \
net/WebSocketHandler.cpp
tools/Replay.hpp
if ENABLE_SSL
shared_sources += net/Ssl.cpp
endif
loolwsd_sources = wsd/Admin.cpp \
wsd/AdminModel.cpp \
@ -90,10 +104,11 @@ loolwsd_fuzzer_SOURCES = $(loolwsd_sources) \
kit/DummyLibreOfficeKit.cpp
loolnb_SOURCES = net/loolnb.cpp \
net/Ssl.cpp \
net/WebSocketHandler.cpp \
common/Log.cpp \
common/Util.cpp
if ENABLE_SSL
loolnb_SOURCES += net/Ssl.cpp
endif
clientnb_SOURCES = net/clientnb.cpp \
common/Log.cpp \
@ -145,7 +160,13 @@ shared_headers = common/Common.hpp \
common/Rectangle.hpp \
common/SigUtil.hpp \
common/security.h \
common/SpookyV2.h
common/SpookyV2.h \
net/Socket.hpp \
net/WebSocketHandler.hpp
if ENABLE_SSL
shared_headers += net/Ssl.hpp \
net/SslSocket.hpp
endif
kit_headers = kit/ChildSession.hpp \
kit/DummyLibreOfficeKit.hpp \

View file

@ -28,7 +28,9 @@
#include "Socket.hpp"
#include "ServerSocket.hpp"
#if ENABLE_SSL
#include "SslSocket.hpp"
#endif
#include "WebSocketHandler.hpp"
using Poco::MemoryInputStream;
@ -157,10 +159,12 @@ public:
Log::initialize("loolnb", logLevel ? logLevel : "",
false, false, props);
#if ENABLE_SSL
// TODO: These would normally come from config.
SslContext::initialize("/etc/loolwsd/cert.pem",
"/etc/loolwsd/key.pem",
"/etc/loolwsd/ca-chain.cert.pem");
#endif
// Used to poll client sockets.
SocketPoll poller;
@ -182,6 +186,7 @@ public:
}
};
#if ENABLE_SSL
class SslSocketFactory : public SocketFactory
{
std::shared_ptr<Socket> create(const int fd) override
@ -190,18 +195,22 @@ public:
}
};
// Start the server.
if (args.back() == "ssl")
server(addrSsl, poller, std::unique_ptr<SocketFactory>{new SslSocketFactory});
else
#endif
server(addrHttp, poller, std::unique_ptr<SocketFactory>{new PlainSocketFactory});
std::cout << "Shutting down server." << std::endl;
threadPoll.stop();
#if ENABLE_SSL
SslContext::uninitialize();
#endif
(void)args;
return 0;
}
};

View file

@ -109,7 +109,9 @@
#include "Protocol.hpp"
#include "ServerSocket.hpp"
#include "Session.hpp"
//#include "SslSocket.hp" // Conflicts with Poco SSL.
#if ENABLE_SSL
#include "SslSocket.hpp"
#endif
#include "Storage.hpp"
#include "TraceFile.hpp"
#include "Unit.hpp"
@ -2016,6 +2018,13 @@ void LOOLWSD::initializeSSL()
const auto ssl_ca_file_path = getPathFromConfig("ssl.ca_file_path");
LOG_INF("SSL CA file: " << ssl_ca_file_path);
#if ENABLE_SSL
// Initialize the non-blocking socket SSL.
SslContext::initialize(ssl_cert_file_path,
ssl_key_file_path,
ssl_ca_file_path);
#endif
Poco::Crypto::initializeCrypto();
Poco::Net::initializeSSL();
@ -3025,14 +3034,15 @@ class PlainSocketFactory : public SocketFactory
}
};
#if ENABLE_SSL
class SslSocketFactory : public SocketFactory
{
std::shared_ptr<Socket> create(const int fd) override
{
// FIXME: SslStreamSocket it should be, but conflicts with Poco SSL; need to remove that first.
return StreamSocket::create<StreamSocket>(fd, std::unique_ptr<SocketHandlerInterface>{ new ClientRequestDispatcher });
return StreamSocket::create<SslStreamSocket>(fd, std::unique_ptr<SocketHandlerInterface>{ new ClientRequestDispatcher });
}
};
#endif
/// The main server thread.
///
@ -3059,8 +3069,10 @@ public:
void start(const Poco::Net::SocketAddress& addr)
{
std::shared_ptr<ServerSocket> serverSocket = std::make_shared<ServerSocket>(_documentPoll,
LOOLWSD::isSSLEnabled()? std::unique_ptr<SocketFactory>{new SslSocketFactory()}:
std::unique_ptr<SocketFactory>{new PlainSocketFactory()});
#if ENABLE_SSL
LOOLWSD::isSSLEnabled() ? std::unique_ptr<SocketFactory>{ new SslSocketFactory() } :
#endif
std::unique_ptr<SocketFactory>{ new PlainSocketFactory() });
if (!serverSocket->bind(addr))
{
@ -3410,6 +3422,9 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
{
Poco::Net::uninitializeSSL();
Poco::Crypto::uninitializeCrypto();
#if ENABLE_SSL
SslContext::uninitialize();
#endif
}
int returnValue = Application::EXIT_OK;