nb: SSL socket support in wsd
Change-Id: I21e8b2d04caf7da872fe07b4950b02a8c52a3552
This commit is contained in:
parent
d488efd3b7
commit
9bf8720d2b
3 changed files with 57 additions and 12 deletions
33
Makefile.am
33
Makefile.am
|
@ -24,8 +24,19 @@ include_paths = -I${top_srcdir}/common -I${top_srcdir}/net -I${top_srcdir}/wsd -
|
|||
AM_CPPFLAGS = -pthread -DLOOLWSD_DATADIR='"@LOOLWSD_DATADIR@"' -DLOOLWSD_CONFIGDIR='"@LOOLWSD_CONFIGDIR@"' ${include_paths}
|
||||
AM_LDFLAGS = -pthread -Wl,-E
|
||||
loolforkit_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
|
||||
loolforkit_nocaps_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
|
||||
loolmount_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
|
||||
loolnb_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib -lssl -lcrypto
|
||||
loolnb_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
|
||||
loolwsd_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
|
||||
loolwsd_fuzzer_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib
|
||||
|
||||
if ENABLE_SSL
|
||||
loolforkit_LDFLAGS += -lssl -lcrypto
|
||||
loolforkit_nocaps_LDFLAGS += -lssl -lcrypto
|
||||
loolnb_LDFLAGS += -lssl -lcrypto
|
||||
loolwsd_LDFLAGS += -lssl -lcrypto
|
||||
loolwsd_fuzzer_LDFLAGS += -lssl -lcrypto
|
||||
endif
|
||||
|
||||
loolwsd_fuzzer_CPPFLAGS = -DKIT_IN_PROCESS=1 -DFUZZER=1 -DTDOC=\"$(abs_top_srcdir)/test/data\" $(AM_CPPFLAGS)
|
||||
|
||||
|
@ -43,8 +54,11 @@ shared_sources = common/FileUtil.cpp \
|
|||
common/Unit.cpp \
|
||||
common/UnitHTTP.cpp \
|
||||
common/Util.cpp \
|
||||
tools/Replay.hpp \
|
||||
net/WebSocketHandler.cpp
|
||||
tools/Replay.hpp
|
||||
|
||||
if ENABLE_SSL
|
||||
shared_sources += net/Ssl.cpp
|
||||
endif
|
||||
|
||||
loolwsd_sources = wsd/Admin.cpp \
|
||||
wsd/AdminModel.cpp \
|
||||
|
@ -90,10 +104,11 @@ loolwsd_fuzzer_SOURCES = $(loolwsd_sources) \
|
|||
kit/DummyLibreOfficeKit.cpp
|
||||
|
||||
loolnb_SOURCES = net/loolnb.cpp \
|
||||
net/Ssl.cpp \
|
||||
net/WebSocketHandler.cpp \
|
||||
common/Log.cpp \
|
||||
common/Util.cpp
|
||||
if ENABLE_SSL
|
||||
loolnb_SOURCES += net/Ssl.cpp
|
||||
endif
|
||||
|
||||
clientnb_SOURCES = net/clientnb.cpp \
|
||||
common/Log.cpp \
|
||||
|
@ -145,7 +160,13 @@ shared_headers = common/Common.hpp \
|
|||
common/Rectangle.hpp \
|
||||
common/SigUtil.hpp \
|
||||
common/security.h \
|
||||
common/SpookyV2.h
|
||||
common/SpookyV2.h \
|
||||
net/Socket.hpp \
|
||||
net/WebSocketHandler.hpp
|
||||
if ENABLE_SSL
|
||||
shared_headers += net/Ssl.hpp \
|
||||
net/SslSocket.hpp
|
||||
endif
|
||||
|
||||
kit_headers = kit/ChildSession.hpp \
|
||||
kit/DummyLibreOfficeKit.hpp \
|
||||
|
|
|
@ -28,7 +28,9 @@
|
|||
|
||||
#include "Socket.hpp"
|
||||
#include "ServerSocket.hpp"
|
||||
#if ENABLE_SSL
|
||||
#include "SslSocket.hpp"
|
||||
#endif
|
||||
#include "WebSocketHandler.hpp"
|
||||
|
||||
using Poco::MemoryInputStream;
|
||||
|
@ -157,10 +159,12 @@ public:
|
|||
Log::initialize("loolnb", logLevel ? logLevel : "",
|
||||
false, false, props);
|
||||
|
||||
#if ENABLE_SSL
|
||||
// TODO: These would normally come from config.
|
||||
SslContext::initialize("/etc/loolwsd/cert.pem",
|
||||
"/etc/loolwsd/key.pem",
|
||||
"/etc/loolwsd/ca-chain.cert.pem");
|
||||
#endif
|
||||
|
||||
// Used to poll client sockets.
|
||||
SocketPoll poller;
|
||||
|
@ -182,6 +186,7 @@ public:
|
|||
}
|
||||
};
|
||||
|
||||
#if ENABLE_SSL
|
||||
class SslSocketFactory : public SocketFactory
|
||||
{
|
||||
std::shared_ptr<Socket> create(const int fd) override
|
||||
|
@ -190,18 +195,22 @@ public:
|
|||
}
|
||||
};
|
||||
|
||||
|
||||
// Start the server.
|
||||
if (args.back() == "ssl")
|
||||
server(addrSsl, poller, std::unique_ptr<SocketFactory>{new SslSocketFactory});
|
||||
else
|
||||
#endif
|
||||
server(addrHttp, poller, std::unique_ptr<SocketFactory>{new PlainSocketFactory});
|
||||
|
||||
std::cout << "Shutting down server." << std::endl;
|
||||
|
||||
threadPoll.stop();
|
||||
|
||||
#if ENABLE_SSL
|
||||
SslContext::uninitialize();
|
||||
#endif
|
||||
|
||||
(void)args;
|
||||
return 0;
|
||||
}
|
||||
};
|
||||
|
|
|
@ -109,7 +109,9 @@
|
|||
#include "Protocol.hpp"
|
||||
#include "ServerSocket.hpp"
|
||||
#include "Session.hpp"
|
||||
//#include "SslSocket.hp" // Conflicts with Poco SSL.
|
||||
#if ENABLE_SSL
|
||||
#include "SslSocket.hpp"
|
||||
#endif
|
||||
#include "Storage.hpp"
|
||||
#include "TraceFile.hpp"
|
||||
#include "Unit.hpp"
|
||||
|
@ -2016,6 +2018,13 @@ void LOOLWSD::initializeSSL()
|
|||
const auto ssl_ca_file_path = getPathFromConfig("ssl.ca_file_path");
|
||||
LOG_INF("SSL CA file: " << ssl_ca_file_path);
|
||||
|
||||
#if ENABLE_SSL
|
||||
// Initialize the non-blocking socket SSL.
|
||||
SslContext::initialize(ssl_cert_file_path,
|
||||
ssl_key_file_path,
|
||||
ssl_ca_file_path);
|
||||
#endif
|
||||
|
||||
Poco::Crypto::initializeCrypto();
|
||||
|
||||
Poco::Net::initializeSSL();
|
||||
|
@ -3025,14 +3034,15 @@ class PlainSocketFactory : public SocketFactory
|
|||
}
|
||||
};
|
||||
|
||||
#if ENABLE_SSL
|
||||
class SslSocketFactory : public SocketFactory
|
||||
{
|
||||
std::shared_ptr<Socket> create(const int fd) override
|
||||
{
|
||||
// FIXME: SslStreamSocket it should be, but conflicts with Poco SSL; need to remove that first.
|
||||
return StreamSocket::create<StreamSocket>(fd, std::unique_ptr<SocketHandlerInterface>{ new ClientRequestDispatcher });
|
||||
return StreamSocket::create<SslStreamSocket>(fd, std::unique_ptr<SocketHandlerInterface>{ new ClientRequestDispatcher });
|
||||
}
|
||||
};
|
||||
#endif
|
||||
|
||||
/// The main server thread.
|
||||
///
|
||||
|
@ -3059,8 +3069,10 @@ public:
|
|||
void start(const Poco::Net::SocketAddress& addr)
|
||||
{
|
||||
std::shared_ptr<ServerSocket> serverSocket = std::make_shared<ServerSocket>(_documentPoll,
|
||||
LOOLWSD::isSSLEnabled()? std::unique_ptr<SocketFactory>{new SslSocketFactory()}:
|
||||
std::unique_ptr<SocketFactory>{new PlainSocketFactory()});
|
||||
#if ENABLE_SSL
|
||||
LOOLWSD::isSSLEnabled() ? std::unique_ptr<SocketFactory>{ new SslSocketFactory() } :
|
||||
#endif
|
||||
std::unique_ptr<SocketFactory>{ new PlainSocketFactory() });
|
||||
|
||||
if (!serverSocket->bind(addr))
|
||||
{
|
||||
|
@ -3410,6 +3422,9 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
|
|||
{
|
||||
Poco::Net::uninitializeSSL();
|
||||
Poco::Crypto::uninitializeCrypto();
|
||||
#if ENABLE_SSL
|
||||
SslContext::uninitialize();
|
||||
#endif
|
||||
}
|
||||
|
||||
int returnValue = Application::EXIT_OK;
|
||||
|
|
Loading…
Reference in a new issue