summaryrefslogtreecommitdiffstats
path: root/src/PolarSSL++/SslContext.h
diff options
context:
space:
mode:
authorpeterbell10 <peterbell10@live.co.uk>2017-08-30 16:00:06 +0200
committerTiger Wang <ziwei.tiger@outlook.com>2017-08-30 16:00:06 +0200
commit84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 (patch)
treeaa1648c2ba260b8576673677435481d371eec7b0 /src/PolarSSL++/SslContext.h
parentUpdate core plugins to latest version (#3951) (diff)
downloadcuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.gz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.bz2
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.lz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.xz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.zst
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.zip
Diffstat (limited to 'src/PolarSSL++/SslContext.h')
-rw-r--r--src/PolarSSL++/SslContext.h156
1 files changed, 0 insertions, 156 deletions
diff --git a/src/PolarSSL++/SslContext.h b/src/PolarSSL++/SslContext.h
deleted file mode 100644
index 0588122ba..000000000
--- a/src/PolarSSL++/SslContext.h
+++ /dev/null
@@ -1,156 +0,0 @@
-
-// SslContext.h
-
-// Declares the cSslContext class that holds everything a single SSL context needs to function
-
-
-
-
-
-#pragma once
-
-#include "polarssl/ssl.h"
-#include "../ByteBuffer.h"
-#include "CryptoKey.h"
-#include "RsaPrivateKey.h"
-#include "X509Cert.h"
-
-
-
-
-
-// fwd:
-class cCtrDrbgContext;
-
-
-
-
-
-/**
-Acts as a generic SSL encryptor / decryptor between the two endpoints. The "owner" of this class is expected
-to create it, initialize it and then provide the means of reading and writing data through the SSL link.
-This is an abstract base class, there are descendants that handle the specific aspects of how the SSL peer
-data comes into the system:
- - cBufferedSslContext uses a cByteBuffer to read and write the data
- - cCallbackSslContext uses callbacks to provide the data
-*/
-class cSslContext abstract
-{
-public:
- /** Creates a new uninitialized context */
- cSslContext(void);
-
- virtual ~cSslContext();
-
- /** Initializes the context for use as a server or client.
- Returns 0 on success, PolarSSL error on failure. */
- int Initialize(bool a_IsClient, const std::shared_ptr<cCtrDrbgContext> & a_CtrDrbg = {});
-
- /** Returns true if the object has been initialized properly. */
- bool IsValid(void) const { return m_IsValid; }
-
- /** Sets the certificate to use as our own. Must be used when representing a server, optional when client.
- Must be called after Initialize(). */
- void SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKeyPtr & a_OwnCertPrivKey);
-
- /** Sets the certificate to use as our own. Must be used when representing a server, optional when client.
- Must be called after Initialize(). */
- void SetOwnCert(const cX509CertPtr & a_OwnCert, const cCryptoKeyPtr & a_OwnCertPrivKey);
-
- /** Sets a cert chain as the trusted cert store for this context. Must be called after Initialize().
- Calling this will switch the context into strict cert verification mode.
- a_ExpectedPeerName is the CommonName that we expect the SSL peer to have in its cert,
- if it is different, the verification will fail. An empty string will disable the CN check. */
- void SetCACerts(const cX509CertPtr & a_CACert, const AString & a_ExpectedPeerName);
-
- /** Writes data to be encrypted and sent to the SSL peer. Will perform SSL handshake, if needed.
- Returns the number of bytes actually written, or PolarSSL error code.
- If the return value is POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE, the owner should send any
- cached outgoing data to the SSL peer and write any incoming data received from the SSL peer and then call
- this function again with the same parameters. Note that this may repeat a few times before the data is
- actually written, mainly due to initial handshake. */
- int WritePlain(const void * a_Data, size_t a_NumBytes);
-
- /** Reads data decrypted from the SSL stream. Will perform SSL handshake, if needed.
- Returns the number of bytes actually read, or PolarSSL error code.
- If the return value is POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE, the owner should send any
- cached outgoing data to the SSL peer and write any incoming data received from the SSL peer and then call
- this function again with the same parameters. Note that this may repeat a few times before the data is
- actually read, mainly due to initial handshake. */
- int ReadPlain(void * a_Data, size_t a_MaxBytes);
-
- /** Performs the SSL handshake.
- Returns zero on success, PoladSSL error code on failure.
- If the return value is POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE, the owner should send any
- cached outgoing data to the SSL peer and write any incoming data received from the SSL peer and then call
- this function again. Note that this may repeat a few times before the handshake is completed. */
- int Handshake(void);
-
- /** Returns true if the SSL handshake has been completed. */
- bool HasHandshaken(void) const { return m_HasHandshaken; }
-
- /** Notifies the SSL peer that the connection is being closed.
- Returns 0 on success, PolarSSL error code on failure. */
- int NotifyClose(void);
-
-protected:
- /** True if the object has been initialized properly. */
- bool m_IsValid;
-
- /** The random generator to use */
- std::shared_ptr<cCtrDrbgContext> m_CtrDrbg;
-
- /** The SSL context that PolarSSL uses. */
- ssl_context m_Ssl;
-
- /** The certificate that we present to the peer. */
- cX509CertPtr m_OwnCert;
-
- /** Private key for m_OwnCert, if initialized from a cRsaPrivateKey. */
- cRsaPrivateKeyPtr m_OwnCertPrivKey;
-
- /** Private key for m_OwnCert, if initialized from a cCryptoKey. */
- cCryptoKeyPtr m_OwnCertPrivKey2;
-
- /** True if the SSL handshake has been completed. */
- bool m_HasHandshaken;
-
- /** A copy of the trusted CA root cert store that is passed to us in SetCACerts(), so that the pointer
- stays valid even after the call, when PolarSSL finally uses it. */
- cX509CertPtr m_CACerts;
-
- /** Buffer for the expected peer name. We need to buffer it because the caller may free the string they
- give us before PolarSSL consumes the raw pointer it gets to the CN. */
- AString m_ExpectedPeerName;
-
-
- /** The callback used by PolarSSL when it wants to read encrypted data. */
- static int ReceiveEncrypted(void * a_This, unsigned char * a_Buffer, size_t a_NumBytes)
- {
- return (reinterpret_cast<cSslContext *>(a_This))->ReceiveEncrypted(a_Buffer, a_NumBytes);
- }
-
- /** The callback used by PolarSSL when it wants to write encrypted data. */
- static int SendEncrypted(void * a_This, const unsigned char * a_Buffer, size_t a_NumBytes)
- {
- return (reinterpret_cast<cSslContext *>(a_This))->SendEncrypted(a_Buffer, a_NumBytes);
- }
-
- #ifdef _DEBUG
- /** The callback used by PolarSSL to output debug messages */
- static void SSLDebugMessage(void * a_UserParam, int a_Level, const char * a_Text);
-
- /** The callback used by PolarSSL to log information on the cert chain */
- static int SSLVerifyCert(void * a_This, x509_crt * a_Crt, int a_Depth, int * a_Flags);
- #endif // _DEBUG
-
- /** Called when PolarSSL wants to read encrypted data. */
- virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) = 0;
-
- /** Called when PolarSSL wants to write encrypted data. */
- virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) = 0;
-} ;
-
-
-
-