include/wvsslstream.h

   1 /* -*- Mode: C++ -*-
   2  * Worldvisions Weaver Software:
   3  *   Copyright (C) 1997-2002 Net Integration Technologies, Inc.
   4  *
   5  * SSL (Socket Security Layer) communications via WvStreams.
   6  */
   7 #ifndef __WVSSLSTREAM_H
   8 #define __WVSSLSTREAM_H
   9
  10 #include "wvfdstream.h"
  11 #include "wvlog.h"
  12 #include "wvstreamclone.h"
  13 #include "wvtr1.h"
  14
  15 struct ssl_st;
  16 struct ssl_ctx_st;
  17 struct ssl_method_st;
  18
  19 typedef struct ssl_ctx_st SSL_CTX;
  20 typedef struct ssl_st SSL;
  21 typedef struct ssl_method_st SSL_METHOD;
  22
  23 class WvX509;
  24 class WvX509Mgr;
  25 class WvSSLStream;
  26
  27 typedef wv::function<bool(WvX509*)> WvSSLValidateCallback;
  28 typedef wv::function<bool(WvX509*, WvSSLStream *)> WvSSLGlobalValidateCallback;
  29
  30 /**
  31  * SSL Stream, handles SSLv2, SSLv3, and TLS
  32  * Methods - If you want it to be a server, then you must feed the constructor
  33  * a WvX509Mgr object
  34  */
  35 class WvSSLStream : public WvStreamClone
  36 {
  37 public:
  38     /* This ValidateCallback is purely more convenient to set (not passed in
  39      * via constructor) than its local cousin.  It is used when you want an
  40      * easy way to assign a validation function to any WvSSLStream you might
  41      * be using.  NOTE:  It should be assigned before you instantiate a stream,
  42      * and should never be changed while WvSSLStreams still linger.
  43      *
  44      * NOTE:  Using wv::bind can effectively bind an object with a particular
  45      * function for this callback, so you can do all sorts of interesting stuff
  46      * with it.
  47      */
  48     static WvSSLGlobalValidateCallback global_vcb;
  49     /**
  50      * Start an SSL connection on the stream _slave.  The x509 structure
  51      * is optional for a client, and mandatory for a server.  You need to
  52      * keep the X509 object around for the entire life of this object!
  53      */
  54     WvSSLStream(IWvStream *_slave, WvX509Mgr *_x509 = NULL,
  55                 WvSSLValidateCallback _vcb = 0, bool _is_server = false);
  56
  57     /** Cleans up everything (calls close + frees up the SSL Objects used) */
  58     virtual ~WvSSLStream();
  59
  60     virtual void pre_select(SelectInfo &si);
  61     virtual bool post_select(SelectInfo &si);
  62
  63     virtual void close();
  64     virtual bool isok() const;
  65     virtual void noread();
  66     virtual void nowrite();
  67
  68 protected:
  69     WvX509Mgr *x509;
  70
  71     /** SSL Context - used to create SSL Object */
  72     SSL_CTX *ctx;
  73
  74     /**
  75      * Main SSL Object - after SSL_set_fd() we make all calls through the
  76      * connection through here
  77      */
  78     SSL *ssl;
  79
  80     virtual size_t uwrite(const void *buf, size_t len);
  81     virtual size_t uread(void *buf, size_t len);
  82
  83 private:
  84     /**
  85      * Connection Status Flag, since SSL takes a few seconds to
  86      * initialize itself.
  87      */
  88     bool sslconnected;
  89     SelectRequest connect_wants;
  90
  91     /** Set the connected flag and flush the unconnected_buf */
  92     void setconnected(bool conn);
  93
  94     /** Keep track of whether we are a client or a server */
  95     bool is_server;
  96
  97     /** We have to override the WvStream noread/nowrite implementation... */
  98     bool ssl_stop_read, ssl_stop_write;
  99
 100     /** Keep track of whether we want to check the peer who connects to us */
 101     WvSSLValidateCallback vcb;
 102
 103     /** Internal Log Object */
 104     WvLog debug;
 105
 106     /**
 107      * SSL_write() may return an SSL_ERROR_WANT_WRITE code which
 108      * indicates that the function should be called again with
 109      * precisely the same arguments as the last time.  To ensure that
 110      * this can happen, we must unfortunately copy data into a bounce
 111      * buffer and remeber the fact.  We use a WvBuf here to allow
 112      * an arbitrary amount of data to be set aside.
 113      */
 114     WvInPlaceBuf write_bouncebuf;
 115     size_t write_eat;
 116
 117     /** Similar nastiness happens with SSL_read() */
 118     WvInPlaceBuf read_bouncebuf;
 119     bool read_pending;
 120
 121     /** Need to buffer writes until sslconnected */
 122     WvDynBuf unconnected_buf;
 123
 124     /** Prints out the entire SSL error queue */
 125     void printerr(WvStringParm func);
 126
 127 public:
 128     const char *wstype() const { return "WvSSLStream"; }
 129 };
 130
 131 #endif // __WVSSLSTREAM_H
 132