From 272c232efb645c9f7d75556aeb047e13b244c9ed Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 11:48:03 +0200 Subject: Implemented SSL connection for WebAdmin. Fixes FS-319. --- src/HTTPServer/SslHTTPConnection.cpp | 103 +++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 src/HTTPServer/SslHTTPConnection.cpp (limited to 'src/HTTPServer/SslHTTPConnection.cpp') diff --git a/src/HTTPServer/SslHTTPConnection.cpp b/src/HTTPServer/SslHTTPConnection.cpp new file mode 100644 index 000000000..fff96bb2e --- /dev/null +++ b/src/HTTPServer/SslHTTPConnection.cpp @@ -0,0 +1,103 @@ + +// SslHTTPConnection.cpp + +// Implements the cSslHTTPConnection class representing a HTTP connection made over a SSL link + +#include "Globals.h" +#include "SslHTTPConnection.h" +#include "HTTPServer.h" + + + + + +cSslHTTPConnection::cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509CertPtr & a_Cert, const cPublicKeyPtr & a_PrivateKey) : + super(a_HTTPServer), + m_Ssl(64000), + m_Cert(a_Cert), + m_PrivateKey(a_PrivateKey) +{ + m_Ssl.Initialize(false); + m_Ssl.SetOwnCert(a_Cert, a_PrivateKey); +} + + + + + +void cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) +{ + // If there is outgoing data in the queue, notify the server that it should write it out: + if (!m_OutgoingData.empty()) + { + m_HTTPServer.NotifyConnectionWrite(*this); + } + + // Process the received data: + const char * Data = a_Data; + size_t Size = a_Size; + for (;;) + { + // Try to write as many bytes into Ssl's "incoming" buffer as possible: + size_t BytesWritten = 0; + if (Size > 0) + { + BytesWritten = m_Ssl.WriteIncoming(Data, Size); + Data += BytesWritten; + Size -= BytesWritten; + } + + // Try to read as many bytes from SSL's decryption as possible: + char Buffer[32000]; + int NumRead = m_Ssl.ReadPlain(Buffer, sizeof(Buffer)); + if (NumRead > 0) + { + super::DataReceived(Buffer, (size_t)NumRead); + } + + // If both failed, bail out: + if ((BytesWritten == 0) && (NumRead <= 0)) + { + return; + } + } +} + + + + + +void cSslHTTPConnection::GetOutgoingData(AString & a_Data) +{ + for (;;) + { + // Write as many bytes from our buffer to SSL's encryption as possible: + int NumWritten = 0; + if (!m_OutgoingData.empty()) + { + NumWritten = m_Ssl.WritePlain(m_OutgoingData.data(), m_OutgoingData.size()); + if (NumWritten > 0) + { + m_OutgoingData.erase(0, (size_t)NumWritten); + } + } + + // Read as many bytes from SSL's "outgoing" buffer as possible: + char Buffer[32000]; + size_t NumBytes = m_Ssl.ReadOutgoing(Buffer, sizeof(Buffer)); + if (NumBytes > 0) + { + a_Data.append(Buffer, NumBytes); + } + + // If both failed, bail out: + if ((NumWritten <= 0) && (NumBytes == 0)) + { + return; + } + } +} + + + + -- cgit v1.2.3 From 60850fe3e8da936d5b24460f33a1bf8f4d321ace Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 15:08:15 +0200 Subject: Fixed crashes in the SSL HTTP connection. --- src/HTTPServer/SslHTTPConnection.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/HTTPServer/SslHTTPConnection.cpp') diff --git a/src/HTTPServer/SslHTTPConnection.cpp b/src/HTTPServer/SslHTTPConnection.cpp index fff96bb2e..b6b222b47 100644 --- a/src/HTTPServer/SslHTTPConnection.cpp +++ b/src/HTTPServer/SslHTTPConnection.cpp @@ -25,7 +25,7 @@ cSslHTTPConnection::cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509Ce -void cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) +bool cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) { // If there is outgoing data in the queue, notify the server that it should write it out: if (!m_OutgoingData.empty()) @@ -52,13 +52,17 @@ void cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) int NumRead = m_Ssl.ReadPlain(Buffer, sizeof(Buffer)); if (NumRead > 0) { - super::DataReceived(Buffer, (size_t)NumRead); + if (super::DataReceived(Buffer, (size_t)NumRead)) + { + // The socket has been closed, and the object is already deleted. Bail out. + return true; + } } // If both failed, bail out: if ((BytesWritten == 0) && (NumRead <= 0)) { - return; + return false; } } } -- cgit v1.2.3 From 1587b21edded56dbfb88150500336c2853b460c6 Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 15:21:41 +0200 Subject: Renamed cPublicKey to cCryptoKey. The class can hold both the private key and the public key, bad naming on PolarSSL's part. Also somewhat fixed the cert and key loading in cHTTPServer. --- src/HTTPServer/SslHTTPConnection.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/HTTPServer/SslHTTPConnection.cpp') diff --git a/src/HTTPServer/SslHTTPConnection.cpp b/src/HTTPServer/SslHTTPConnection.cpp index b6b222b47..d237089d9 100644 --- a/src/HTTPServer/SslHTTPConnection.cpp +++ b/src/HTTPServer/SslHTTPConnection.cpp @@ -11,7 +11,7 @@ -cSslHTTPConnection::cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509CertPtr & a_Cert, const cPublicKeyPtr & a_PrivateKey) : +cSslHTTPConnection::cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509CertPtr & a_Cert, const cCryptoKeyPtr & a_PrivateKey) : super(a_HTTPServer), m_Ssl(64000), m_Cert(a_Cert), -- cgit v1.2.3