mirror of
https://github.com/dart-lang/sdk
synced 2024-10-14 10:18:13 +00:00
3c298dbca5
TEST=build Change-Id: I18fc7cfe725dc978d4b23de6191e455ac7cd75e5 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/293800 Reviewed-by: Siva Annamalai <asiva@google.com> Commit-Queue: Ryan Macnak <rmacnak@google.com>
144 lines
4.6 KiB
C++
144 lines
4.6 KiB
C++
// Copyright (c) 2017, the Dart project authors. Please see the AUTHORS file
|
|
// for details. All rights reserved. Use of this source code is governed by a
|
|
// BSD-style license that can be found in the LICENSE file.
|
|
|
|
#ifndef RUNTIME_BIN_SECURITY_CONTEXT_H_
|
|
#define RUNTIME_BIN_SECURITY_CONTEXT_H_
|
|
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/x509.h>
|
|
|
|
#include "bin/lockers.h"
|
|
#include "bin/reference_counting.h"
|
|
#include "bin/socket.h"
|
|
|
|
namespace dart {
|
|
namespace bin {
|
|
|
|
// Forward declaration
|
|
class SSLFilter;
|
|
|
|
typedef void (*TrustEvaluateHandlerFunc)(Dart_Port dest_port_id,
|
|
Dart_CObject* message);
|
|
|
|
class SSLCertContext : public ReferenceCounted<SSLCertContext> {
|
|
public:
|
|
static const intptr_t kApproximateSize;
|
|
static constexpr int kSecurityContextNativeFieldIndex = 0;
|
|
static constexpr int kX509NativeFieldIndex = 0;
|
|
|
|
explicit SSLCertContext(SSL_CTX* context)
|
|
: ReferenceCounted(),
|
|
context_(context),
|
|
alpn_protocol_string_(nullptr),
|
|
trust_builtin_(false),
|
|
allow_tls_renegotiation_(false) {}
|
|
|
|
~SSLCertContext() {
|
|
SSL_CTX_free(context_);
|
|
free(alpn_protocol_string_);
|
|
}
|
|
|
|
static int CertificateCallback(int preverify_ok, X509_STORE_CTX* store_ctx);
|
|
static void KeyLogCallback(const SSL* ssl, const char* line);
|
|
|
|
static SSLCertContext* GetSecurityContext(Dart_NativeArguments args);
|
|
static const char* GetPasswordArgument(Dart_NativeArguments args,
|
|
intptr_t index);
|
|
static void SetAlpnProtocolList(Dart_Handle protocols_handle,
|
|
SSL* ssl,
|
|
SSLCertContext* context,
|
|
bool is_server);
|
|
|
|
static const char* root_certs_file() { return root_certs_file_; }
|
|
static void set_root_certs_file(const char* root_certs_file) {
|
|
root_certs_file_ = root_certs_file;
|
|
}
|
|
static const char* root_certs_cache() { return root_certs_cache_; }
|
|
static void set_root_certs_cache(const char* root_certs_cache) {
|
|
root_certs_cache_ = root_certs_cache;
|
|
}
|
|
|
|
void SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
|
|
const char* password);
|
|
|
|
void SetClientAuthoritiesBytes(Dart_Handle client_authorities_bytes,
|
|
const char* password);
|
|
|
|
int UseCertificateChainBytes(Dart_Handle cert_chain_bytes,
|
|
const char* password);
|
|
|
|
void TrustBuiltinRoots();
|
|
|
|
SSL_CTX* context() const { return context_; }
|
|
|
|
uint8_t* alpn_protocol_string() const { return alpn_protocol_string_; }
|
|
|
|
void set_alpn_protocol_string(uint8_t* protocol_string) {
|
|
if (alpn_protocol_string_ != nullptr) {
|
|
free(alpn_protocol_string_);
|
|
}
|
|
alpn_protocol_string_ = protocol_string;
|
|
}
|
|
|
|
bool trust_builtin() const { return trust_builtin_; }
|
|
|
|
void set_allow_tls_renegotiation(bool allow) {
|
|
allow_tls_renegotiation_ = allow;
|
|
}
|
|
bool allow_tls_renegotiation() const { return allow_tls_renegotiation_; }
|
|
|
|
void set_trust_builtin(bool trust_builtin) { trust_builtin_ = trust_builtin; }
|
|
|
|
void RegisterCallbacks(SSL* ssl);
|
|
TrustEvaluateHandlerFunc GetTrustEvaluateHandler() const;
|
|
|
|
static bool long_ssl_cert_evaluation() { return long_ssl_cert_evaluation_; }
|
|
static void set_long_ssl_cert_evaluation(bool long_ssl_cert_evaluation) {
|
|
long_ssl_cert_evaluation_ = long_ssl_cert_evaluation;
|
|
}
|
|
|
|
static bool bypass_trusting_system_roots() {
|
|
return bypass_trusting_system_roots_;
|
|
}
|
|
static void set_bypass_trusting_system_roots(
|
|
bool bypass_trusting_system_roots) {
|
|
bypass_trusting_system_roots_ = bypass_trusting_system_roots;
|
|
}
|
|
|
|
private:
|
|
void AddCompiledInCerts();
|
|
void LoadRootCertFile(const char* file);
|
|
void LoadRootCertCache(const char* cache);
|
|
|
|
static const char* root_certs_file_;
|
|
static const char* root_certs_cache_;
|
|
|
|
SSL_CTX* context_;
|
|
uint8_t* alpn_protocol_string_;
|
|
|
|
bool trust_builtin_;
|
|
bool allow_tls_renegotiation_;
|
|
static bool long_ssl_cert_evaluation_;
|
|
static bool bypass_trusting_system_roots_;
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(SSLCertContext);
|
|
};
|
|
|
|
class X509Helper : public AllStatic {
|
|
public:
|
|
static Dart_Handle GetDer(Dart_NativeArguments args);
|
|
static Dart_Handle GetPem(Dart_NativeArguments args);
|
|
static Dart_Handle GetSha1(Dart_NativeArguments args);
|
|
static Dart_Handle GetSubject(Dart_NativeArguments args);
|
|
static Dart_Handle GetIssuer(Dart_NativeArguments args);
|
|
static Dart_Handle GetStartValidity(Dart_NativeArguments args);
|
|
static Dart_Handle GetEndValidity(Dart_NativeArguments args);
|
|
static Dart_Handle WrappedX509Certificate(X509* certificate);
|
|
};
|
|
|
|
} // namespace bin
|
|
} // namespace dart
|
|
|
|
#endif // RUNTIME_BIN_SECURITY_CONTEXT_H_
|