1f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch/*
2f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * libjingle
3f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * Copyright 2004--2005, Google Inc.
4f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *
5f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * Redistribution and use in source and binary forms, with or without
6f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * modification, are permitted provided that the following conditions are met:
7f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *
8f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *  1. Redistributions of source code must retain the above copyright notice,
9f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *     this list of conditions and the following disclaimer.
10f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *  2. Redistributions in binary form must reproduce the above copyright notice,
11f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *     this list of conditions and the following disclaimer in the documentation
12f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *     and/or other materials provided with the distribution.
13f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *  3. The name of the author may not be used to endorse or promote products
14f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *     derived from this software without specific prior written permission.
15f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *
16f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch */
27f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
28f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#ifndef TALK_BASE_OPENSSLADAPTER_H__
29f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#define TALK_BASE_OPENSSLADAPTER_H__
30f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
31f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include <string>
32f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/ssladapter.h"
33f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
34f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochtypedef struct ssl_st SSL;
35f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochtypedef struct ssl_ctx_st SSL_CTX;
36f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochtypedef struct x509_store_ctx_st X509_STORE_CTX;
37f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
38f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochnamespace talk_base {
39f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
40f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch///////////////////////////////////////////////////////////////////////////////
41f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
42f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass OpenSSLAdapter : public SSLAdapter {
43f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochpublic:
44f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static bool InitializeSSL(VerificationCallback callback);
45f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static bool InitializeSSLThread();
46f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static bool CleanupSSL();
47f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
48f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  OpenSSLAdapter(AsyncSocket* socket);
49f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual ~OpenSSLAdapter();
50f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
51f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual int StartSSL(const char* hostname, bool restartable);
52f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual int Send(const void* pv, size_t cb);
53f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual int Recv(void* pv, size_t cb);
54f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual int Close();
55f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
56f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  // Note that the socket returns ST_CONNECTING while SSL is being negotiated.
57f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual ConnState GetState() const;
58f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
59f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochprotected:
60f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual void OnConnectEvent(AsyncSocket* socket);
61f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual void OnReadEvent(AsyncSocket* socket);
62f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual void OnWriteEvent(AsyncSocket* socket);
63f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual void OnCloseEvent(AsyncSocket* socket, int err);
64f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
65f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochprivate:
66f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  enum SSLState {
67f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    SSL_NONE, SSL_WAIT, SSL_CONNECTING, SSL_CONNECTED, SSL_ERROR
68f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  };
69f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
70f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  int BeginSSL();
71f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  int ContinueSSL();
72f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  void Error(const char* context, int err, bool signal = true);
73f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  void Cleanup();
74f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
75f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static bool VerifyServerName(SSL* ssl, const char* host,
76f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch                               bool ignore_bad_cert);
77f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  bool SSLPostConnectionCheck(SSL* ssl, const char* host);
78f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#if _DEBUG
79f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static void SSLInfoCallback(const SSL* s, int where, int ret);
80f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#endif  // !_DEBUG
81f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static int SSLVerifyCallback(int ok, X509_STORE_CTX* store);
82f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static VerificationCallback custom_verify_callback_;
83f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  friend class OpenSSLStreamAdapter;  // for custom_verify_callback_;
84f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
85f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static bool ConfigureTrustedRootCertificates(SSL_CTX* ctx);
86f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static SSL_CTX* SetupSSLContext();
87f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
88f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  SSLState state_;
89f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  bool ssl_read_needs_write_;
90f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  bool ssl_write_needs_read_;
91f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  // If true, socket will retain SSL configuration after Close.
92f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  bool restartable_;
93f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
94f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  SSL* ssl_;
95f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  SSL_CTX* ssl_ctx_;
96f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  std::string ssl_host_name_;
97f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
98f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  bool custom_verification_succeeded_;
99f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch};
100f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
101f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch/////////////////////////////////////////////////////////////////////////////
102f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
103f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch} // namespace talk_base
104f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
105f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#endif // TALK_BASE_OPENSSLADAPTER_H__
106