libwebsocketpp-dev/html/tls_8hpp_source.html

/*

 * Copyright (c) 2015, Peter Thorson. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions are met:

 *     * Redistributions of source code must retain the above copyright

 *       notice, this list of conditions and the following disclaimer.

 *     * Redistributions in binary form must reproduce the above copyright

 *       notice, this list of conditions and the following disclaimer in the

 *       documentation and/or other materials provided with the distribution.

 *     * Neither the name of the WebSocket++ Project nor the

 *       names of its contributors may be used to endorse or promote products

 *       derived from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED. IN NO EVENT SHALL PETER THORSON BE LIABLE FOR ANY

 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 *

 */


#ifndef WEBSOCKETPP_TRANSPORT_SECURITY_TLS_HPP

#define WEBSOCKETPP_TRANSPORT_SECURITY_TLS_HPP


#include <websocketpp/transport/asio/security/base.hpp>


#include <websocketpp/uri.hpp>


#include <websocketpp/common/asio_ssl.hpp>

#include <websocketpp/common/asio.hpp>

#include <websocketpp/common/connection_hdl.hpp>

#include <websocketpp/common/functional.hpp>

#include <websocketpp/common/memory.hpp>


#include <sstream>

#include <string>


namespace websocketpp {

namespace transport {

namespace asio {

namespace tls_socket {


typedef lib::function<void(connection_hdl,lib::asio::ssl::stream<

    lib::asio::ip::tcp::socket>&)> socket_init_handler;

typedef lib::function<lib::shared_ptr<lib::asio::ssl::context>(connection_hdl)>

    tls_init_handler;


class connection : public lib::enable_shared_from_this<connection> {

public:

    typedef connection type;

    typedef lib::shared_ptr<type> ptr;


    typedef lib::asio::ssl::stream<lib::asio::ip::tcp::socket> socket_type;

    typedef lib::shared_ptr<socket_type> socket_ptr;

    typedef lib::asio::io_service * io_service_ptr;

    typedef lib::shared_ptr<lib::asio::io_service::strand> strand_ptr;

    typedef lib::shared_ptr<lib::asio::ssl::context> context_ptr;


    explicit connection() {

        //std::cout << "transport::asio::tls_socket::connection constructor"

        //          << std::endl;

    }


    ptr get_shared() {

        return shared_from_this();

    }


    bool is_secure() const {

        return true;

    }


    socket_type::lowest_layer_type & get_raw_socket() {

        return m_socket->lowest_layer();

    }


    socket_type::next_layer_type & get_next_layer() {

        return m_socket->next_layer();

    }


    socket_type & get_socket() {

        return *m_socket;

    }


    void set_socket_init_handler(socket_init_handler h) {

        m_socket_init_handler = h;

    }


    void set_tls_init_handler(tls_init_handler h) {

        m_tls_init_handler = h;

    }


    std::string get_remote_endpoint(lib::error_code & ec) const {

        std::stringstream s;


        lib::asio::error_code aec;

        lib::asio::ip::tcp::endpoint ep = m_socket->lowest_layer().remote_endpoint(aec);


        if (aec) {

            ec = error::make_error_code(error::pass_through);

            s << "Error getting remote endpoint: " << aec

               << " (" << aec.message() << ")";

            return s.str();

        } else {

            ec = lib::error_code();

            s << ep;

            return s.str();

        }

    }

protected:


    lib::error_code init_asio (io_service_ptr service, strand_ptr strand,

        bool is_server)

    {

        if (!m_tls_init_handler) {

            return socket::make_error_code(socket::error::missing_tls_init_handler);

        }

        m_context = m_tls_init_handler(m_hdl);


        if (!m_context) {

            return socket::make_error_code(socket::error::invalid_tls_context);

        }

        m_socket.reset(new socket_type(*service, *m_context));


        if (m_socket_init_handler) {

            m_socket_init_handler(m_hdl, get_socket());

        }


        m_io_service = service;

        m_strand = strand;

        m_is_server = is_server;


        return lib::error_code();

    }


    void set_uri(uri_ptr u) {

        m_uri = u;

    }


    void pre_init(init_handler callback) {

        // TODO: is this the best way to check whether this function is

        //       available in the version of OpenSSL being used?

        // TODO: consider case where host is an IP address

#if OPENSSL_VERSION_NUMBER >= 0x90812f

        if (!m_is_server) {

            // For clients on systems with a suitable OpenSSL version, set the

            // TLS SNI hostname header so connecting to TLS servers using SNI

            // will work.

            long res = SSL_set_tlsext_host_name(

                get_socket().native_handle(), m_uri->get_host().c_str());

            if (!(1 == res)) {

                callback(socket::make_error_code(socket::error::tls_failed_sni_hostname));

            }

        }

#endif


        callback(lib::error_code());

    }


    void post_init(init_handler callback) {

        m_ec = socket::make_error_code(socket::error::tls_handshake_timeout);


        // TLS handshake

        if (m_strand) {

            m_socket->async_handshake(

                get_handshake_type(),

                m_strand->wrap(lib::bind(

                    &type::handle_init, get_shared(),

                    callback,

                    lib::placeholders::_1

                ))

            );

        } else {

            m_socket->async_handshake(

                get_handshake_type(),

                lib::bind(

                    &type::handle_init, get_shared(),

                    callback,

                    lib::placeholders::_1

                )

            );

        }

    }


    void set_handle(connection_hdl hdl) {

        m_hdl = hdl;

    }


    void handle_init(init_handler callback,lib::asio::error_code const & ec) {

        if (ec) {

            m_ec = socket::make_error_code(socket::error::tls_handshake_failed);

        } else {

            m_ec = lib::error_code();

        }


        callback(m_ec);

    }


    lib::error_code get_ec() const {

        return m_ec;

    }


    lib::asio::error_code cancel_socket() {

        lib::asio::error_code ec;

        get_raw_socket().cancel(ec);

        return ec;

    }


    void async_shutdown(socket::shutdown_handler callback) {

        if (m_strand) {

            m_socket->async_shutdown(m_strand->wrap(callback));

        } else {

            m_socket->async_shutdown(callback);

        }

    }


public:


    template <typename ErrorCodeType>

    static

    lib::error_code translate_ec(ErrorCodeType ec) {

        if (ec.category() == lib::asio::error::get_ssl_category()) {

            // We know it is a TLS related error, but otherwise don't know more.

            // Pass through as TLS generic.

            return make_error_code(transport::error::tls_error);

        } else {

            // We don't know any more information about this error so pass

            // through

            return make_error_code(transport::error::pass_through);

        }

    }


    static

    lib::error_code translate_ec(lib::error_code ec) {

        return ec;

    }

private:

    socket_type::handshake_type get_handshake_type() {

        if (m_is_server) {

            return lib::asio::ssl::stream_base::server;

        } else {

            return lib::asio::ssl::stream_base::client;

        }

    }


    io_service_ptr      m_io_service;

    strand_ptr          m_strand;

    context_ptr         m_context;

    socket_ptr          m_socket;

    uri_ptr             m_uri;

    bool                m_is_server;


    lib::error_code     m_ec;


    connection_hdl      m_hdl;

    socket_init_handler m_socket_init_handler;

    tls_init_handler    m_tls_init_handler;

};


class endpoint {

public:

    typedef endpoint type;


    typedef connection socket_con_type;

    typedef socket_con_type::ptr socket_con_ptr;


    explicit endpoint() {}


    bool is_secure() const {

        return true;

    }


    void set_socket_init_handler(socket_init_handler h) {

        m_socket_init_handler = h;

    }


    void set_tls_init_handler(tls_init_handler h) {

        m_tls_init_handler = h;

    }

protected:


    lib::error_code init(socket_con_ptr scon) {

        scon->set_socket_init_handler(m_socket_init_handler);

        scon->set_tls_init_handler(m_tls_init_handler);

        return lib::error_code();

    }


private:

    socket_init_handler m_socket_init_handler;

    tls_init_handler m_tls_init_handler;

};


} // namespace tls_socket

} // namespace asio

} // namespace transport

} // namespace websocketpp


#endif // WEBSOCKETPP_TRANSPORT_SECURITY_TLS_HPP