diff --git a/src/SSLInvalidCertificateException.h b/src/SSLInvalidCertificateException.h index 943c1c9..b7e8523 100644 --- a/src/SSLInvalidCertificateException.h +++ b/src/SSLInvalidCertificateException.h @@ -1,5 +1,6 @@ /* * Copyright (c) 2011, Florian Zeitz + * Copyright (c) 2013, Jonathan Schleifer * * https://webkeks.org/git/?p=objopenssl.git * @@ -25,7 +26,7 @@ @interface SSLInvalidCertificateException: OFException { - OFString *reason; + OFString *_reason; } #ifdef OF_HAVE_PROPERTIES diff --git a/src/SSLInvalidCertificateException.m b/src/SSLInvalidCertificateException.m index f97b384..d51f58e 100644 --- a/src/SSLInvalidCertificateException.m +++ b/src/SSLInvalidCertificateException.m @@ -1,5 +1,6 @@ /* * Copyright (c) 2011, Florian Zeitz + * Copyright (c) 2013, Jonathan Schleifer * * https://webkeks.org/git/?p=objopenssl.git * @@ -22,17 +23,19 @@ #import "SSLInvalidCertificateException.h" +#import + #import @implementation SSLInvalidCertificateException -+ exceptionWithClass: (Class)class_ - reason: (OFString*)reason_ ++ exceptionWithClass: (Class)class + reason: (OFString*)reason { - return [[[self alloc] initWithClass: class_ - reason: reason_] autorelease]; + return [[[self alloc] initWithClass: class + reason: reason] autorelease]; } -- initWithClass: (Class)class_ +- initWithClass: (Class)class { Class c = [self class]; [self release]; @@ -40,13 +43,13 @@ selector: _cmd]; } -- initWithClass: (Class)class_ - reason: (OFString*)reason_ +- initWithClass: (Class)class + reason: (OFString*)reason { - self = [super initWithClass: class_]; + self = [super initWithClass: class]; @try { - reason = [reason_ copy]; + _reason = [reason copy]; } @catch (id e) { [self release]; @throw e; @@ -57,24 +60,24 @@ - (void)dealloc { - [reason release]; + [_reason release]; [super dealloc]; } - (OFString*)description { - if (description != nil) - return description; + if (_description != nil) + return _description; - description = [[OFString alloc] initWithFormat: - @"Invalid certificate! Reason: %@", reason]; + _description = [[OFString alloc] initWithFormat: + @"Invalid certificate! Reason: %@", _reason]; - return description; + return _description; } - (OFString*)reason { - return reason; + OF_GETTER(_reason, NO) } @end diff --git a/src/SSLSocket.h b/src/SSLSocket.h index 36151eb..f321eeb 100644 --- a/src/SSLSocket.h +++ b/src/SSLSocket.h @@ -29,15 +29,13 @@ @interface SSLSocket: OFTCPSocket { - SSL *ssl; - OFString *privateKeyFile; - OFString *certificateFile; - BOOL requestsClientCertificates; + SSL *_SSL; + OFString *_privateKeyFile, *_certificateFile; + BOOL _requestsClientCertificates; } #ifdef OF_HAVE_PROPERTIES -@property (copy) OFString *privateKeyFile; -@property (copy) OFString *certificateFile; +@property (copy) OFString *privateKeyFile, *certificateFile; @property BOOL requestsClientCertificates; #endif diff --git a/src/SSLSocket.m b/src/SSLSocket.m index aba08b6..2f1aed6 100644 --- a/src/SSLSocket.m +++ b/src/SSLSocket.m @@ -121,37 +121,38 @@ locking_callback(int mode, int n, const char *file, int line) } - initWithSocket: (OFTCPSocket*)socket - privateKeyFile: (OFString*)privateKeyFile_ - certificateFile: (OFString*)certificateFile_ + privateKeyFile: (OFString*)privateKeyFile + certificateFile: (OFString*)certificateFile { self = [self init]; @try { /* FIXME: Also allow with accepted sockets */ - privateKeyFile = [privateKeyFile_ copy]; - certificateFile = [certificateFile_ copy]; + _privateKeyFile = [privateKeyFile copy]; + _certificateFile = [certificateFile copy]; - sock = dup(socket->sock); + _socket = dup(socket->_socket); - if ((ssl = SSL_new(ctx)) == NULL || !SSL_set_fd(ssl, sock)) { - close(sock); - sock = INVALID_SOCKET; + if ((_SSL = SSL_new(ctx)) == NULL || + !SSL_set_fd(_SSL, _socket)) { + close(_socket); + _socket = INVALID_SOCKET; @throw [OFInitializationFailedException exceptionWithClass: [self class]]; } - SSL_set_connect_state(ssl); + SSL_set_connect_state(_SSL); - if ((privateKeyFile != nil && !SSL_use_PrivateKey_file(ssl, - [privateKeyFile cStringWithEncoding: + if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL, + [_privateKeyFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) || - (certificateFile != nil && !SSL_use_certificate_file(ssl, - [certificateFile cStringWithEncoding: + (_certificateFile != nil && !SSL_use_certificate_file(_SSL, + [_certificateFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) || - SSL_connect(ssl) != 1) { - close(sock); - sock = INVALID_SOCKET; + SSL_connect(_SSL) != 1) { + close(_socket); + _socket = INVALID_SOCKET; @throw [OFInitializationFailedException exceptionWithClass: [self class]]; } @@ -165,15 +166,15 @@ locking_callback(int mode, int n, const char *file, int line) - (void)dealloc { - SSL *ssl_ = ssl; + SSL *SSL_ = _SSL; - [privateKeyFile release]; - [certificateFile release]; + [_privateKeyFile release]; + [_certificateFile release]; [super dealloc]; - if (ssl_ != NULL) - SSL_free(ssl_); + if (SSL_ != NULL) + SSL_free(SSL_); } - (void)connectToHost: (OFString*)host @@ -182,7 +183,7 @@ locking_callback(int mode, int n, const char *file, int line) [super connectToHost: host port: port]; - if ((ssl = SSL_new(ctx)) == NULL || !SSL_set_fd(ssl, sock)) { + if ((_SSL = SSL_new(ctx)) == NULL || !SSL_set_fd(_SSL, _socket)) { [super close]; @throw [OFConnectionFailedException exceptionWithClass: [self class] @@ -191,14 +192,14 @@ locking_callback(int mode, int n, const char *file, int line) port: port]; } - SSL_set_connect_state(ssl); + SSL_set_connect_state(_SSL); - if ((privateKeyFile != nil && !SSL_use_PrivateKey_file(ssl, - [privateKeyFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE], - SSL_FILETYPE_PEM)) || (certificateFile != nil && - !SSL_use_certificate_file(ssl, [certificateFile + if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL, + [_privateKeyFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE], + SSL_FILETYPE_PEM)) || (_certificateFile != nil && + !SSL_use_certificate_file(_SSL, [_certificateFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE], - SSL_FILETYPE_PEM)) || SSL_connect(ssl) != 1) { + SSL_FILETYPE_PEM)) || SSL_connect(_SSL) != 1) { [super close]; @throw [OFConnectionFailedException exceptionWithClass: [self class] @@ -210,45 +211,45 @@ locking_callback(int mode, int n, const char *file, int line) - (SSLSocket*)accept { - SSLSocket *newSocket = (SSLSocket*)[super accept]; + SSLSocket *client = (SSLSocket*)[super accept]; - if ((newSocket->ssl = SSL_new(ctx)) == NULL || - !SSL_set_fd(newSocket->ssl, newSocket->sock)) { + if ((client->_SSL = SSL_new(ctx)) == NULL || + !SSL_set_fd(client->_SSL, client->_socket)) { /* We only want to close the OFTCPSocket */ - object_setClass(newSocket, [OFTCPSocket class]); - [newSocket close]; - object_setClass(newSocket, object_getClass(self)); + object_setClass(client, [OFTCPSocket class]); + [client close]; + object_setClass(client, object_getClass(self)); @throw [OFAcceptFailedException exceptionWithClass: [self class] socket: self]; } - if (requestsClientCertificates) - SSL_set_verify(newSocket->ssl, SSL_VERIFY_PEER, NULL); + if (_requestsClientCertificates) + SSL_set_verify(client->_SSL, SSL_VERIFY_PEER, NULL); - SSL_set_accept_state(newSocket->ssl); + SSL_set_accept_state(client->_SSL); - if (!SSL_use_PrivateKey_file(newSocket->ssl, [privateKeyFile + if (!SSL_use_PrivateKey_file(client->_SSL, [_privateKeyFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE], - SSL_FILETYPE_PEM) || !SSL_use_certificate_file(newSocket->ssl, - [certificateFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE], - SSL_FILETYPE_PEM) || SSL_accept(newSocket->ssl) != 1) { + SSL_FILETYPE_PEM) || !SSL_use_certificate_file(client->_SSL, + [_certificateFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE], + SSL_FILETYPE_PEM) || SSL_accept(client->_SSL) != 1) { /* We only want to close the OFTCPSocket */ - object_setClass(newSocket, [OFTCPSocket class]); - [newSocket close]; - object_setClass(newSocket, object_getClass(self)); + object_setClass(client, [OFTCPSocket class]); + [client close]; + object_setClass(client, object_getClass(self)); @throw [OFAcceptFailedException exceptionWithClass: [self class] socket: self]; } - return newSocket; + return client; } - (void)close { - if (ssl != NULL) - SSL_shutdown(ssl); + if (_SSL != NULL) + SSL_shutdown(_SSL); [super close]; } @@ -261,27 +262,27 @@ locking_callback(int mode, int n, const char *file, int line) if (length > INT_MAX) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; - if (sock == INVALID_SOCKET) + if (_socket == INVALID_SOCKET) @throw [OFNotConnectedException exceptionWithClass: [self class] socket: self]; - if (atEndOfStream) { + if (_atEndOfStream) { OFReadFailedException *e; e = [OFReadFailedException exceptionWithClass: [self class] stream: self requestedLength: length]; #ifndef _WIN32 - e->errNo = ENOTCONN; + e->_errNo = ENOTCONN; #else - e->errNo = WSAENOTCONN; + e->_errNo = WSAENOTCONN; #endif @throw e; } - if ((ret = SSL_read(ssl, buffer, (int)length)) < 0) { - if (SSL_get_error(ssl, ret) == SSL_ERROR_WANT_READ) + if ((ret = SSL_read(_SSL, buffer, (int)length)) < 0) { + if (SSL_get_error(_SSL, ret) == SSL_ERROR_WANT_READ) return 0; @throw [OFReadFailedException exceptionWithClass: [self class] @@ -290,7 +291,7 @@ locking_callback(int mode, int n, const char *file, int line) } if (ret == 0) - atEndOfStream = YES; + _atEndOfStream = YES; return ret; } @@ -301,11 +302,11 @@ locking_callback(int mode, int n, const char *file, int line) if (length > INT_MAX) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; - if (sock == INVALID_SOCKET) + if (_socket == INVALID_SOCKET) @throw [OFNotConnectedException exceptionWithClass: [self class] socket: self]; - if (atEndOfStream) { + if (_atEndOfStream) { OFWriteFailedException *e; e = [OFWriteFailedException exceptionWithClass: [self class] @@ -313,15 +314,15 @@ locking_callback(int mode, int n, const char *file, int line) requestedLength: length]; #ifndef _WIN32 - e->errNo = ENOTCONN; + e->_errNo = ENOTCONN; #else - e->errNo = WSAENOTCONN; + e->_errNo = WSAENOTCONN; #endif @throw e; } - if (SSL_write(ssl, buffer, (int)length) < length) + if (SSL_write(_SSL, buffer, (int)length) < length) @throw [OFWriteFailedException exceptionWithClass: [self class] stream: self requestedLength: length]; @@ -329,40 +330,40 @@ locking_callback(int mode, int n, const char *file, int line) - (size_t)pendingBytes { - if (ssl == NULL) + if (_SSL == NULL) return [super pendingBytes]; - return [super pendingBytes] + SSL_pending(ssl); + return [super pendingBytes] + SSL_pending(_SSL); } -- (void)setPrivateKeyFile: (OFString*)file +- (void)setPrivateKeyFile: (OFString*)privateKeyFile { - OF_SETTER(privateKeyFile, file, YES, YES) + OF_SETTER(_privateKeyFile, privateKeyFile, YES, YES) } - (OFString*)privateKeyFile { - OF_GETTER(privateKeyFile, YES) + OF_GETTER(_privateKeyFile, YES) } -- (void)setCertificateFile: (OFString*)file +- (void)setCertificateFile: (OFString*)certificateFile { - OF_SETTER(certificateFile, file, YES, YES) + OF_SETTER(_certificateFile, certificateFile, YES, YES) } - (OFString*)certificateFile { - OF_GETTER(certificateFile, YES) + OF_GETTER(_certificateFile, YES) } - (void)setRequestsClientCertificates: (BOOL)enabled { - requestsClientCertificates = enabled; + _requestsClientCertificates = enabled; } - (BOOL)requestsClientCertificates { - return requestsClientCertificates; + return _requestsClientCertificates; } - (OFDataArray*)channelBindingDataWithType: (OFString*)type @@ -376,15 +377,15 @@ locking_callback(int mode, int n, const char *file, int line) exceptionWithClass: [self class] selector: _cmd]; - if (SSL_session_reused(ssl) ^ !listening) { + if (SSL_session_reused(_SSL) ^ !_listening) { /* * We are either client or the session has been resumed * => we have sent the finished message */ - length = SSL_get_finished(ssl, buffer, 64); + length = SSL_get_finished(_SSL, buffer, 64); } else { /* peer sent the finished message */ - length = SSL_get_peer_finished(ssl, buffer, 64); + length = SSL_get_peer_finished(_SSL, buffer, 64); } data = [OFDataArray dataArray]; @@ -396,7 +397,7 @@ locking_callback(int mode, int n, const char *file, int line) - (X509Certificate*)peerCertificate { - X509 *certificate = SSL_get_peer_certificate(ssl); + X509 *certificate = SSL_get_peer_certificate(_SSL); if (!certificate) return nil; @@ -409,8 +410,8 @@ locking_callback(int mode, int n, const char *file, int line) { unsigned long ret; - if (SSL_get_peer_certificate(ssl) != NULL) { - if ((ret = SSL_get_verify_result(ssl)) != X509_V_OK) { + if (SSL_get_peer_certificate(_SSL) != NULL) { + if ((ret = SSL_get_verify_result(_SSL)) != X509_V_OK) { const char *tmp = X509_verify_cert_error_string(ret); OFString *reason = [OFString stringWithUTF8String: tmp]; @throw [SSLInvalidCertificateException diff --git a/src/X509Certificate.h b/src/X509Certificate.h index 61b0e91..9324824 100644 --- a/src/X509Certificate.h +++ b/src/X509Certificate.h @@ -1,5 +1,6 @@ /* * Copyright (c) 2011, Florian Zeitz + * Copyright (c) 2013, Jonathan Schleifer * * https://webkeks.org/git/?p=objopenssl.git * @@ -42,18 +43,18 @@ @interface X509OID: OFObject { - OFString *string; + OFString *_string; } -- initWithUTF8String: (const char*)str; +- initWithUTF8String: (const char*)string; @end @interface X509Certificate: OFObject { - X509 *crt; - OFDictionary *issuer; - OFDictionary *subject; - OFDictionary *subjectAlternativeName; + X509 *_certificate; + OFDictionary *_issuer; + OFDictionary *_subject; + OFDictionary *_subjectAlternativeName; } #ifdef OF_HAVE_PROPERTIES diff --git a/src/X509Certificate.m b/src/X509Certificate.m index 396e4cb..8f7824a 100644 --- a/src/X509Certificate.m +++ b/src/X509Certificate.m @@ -1,6 +1,6 @@ /* * Copyright (c) 2011, Florian Zeitz - * Copyright (c) 2011, Jonathan Schleifer + * Copyright (c) 2011, 2013, Jonathan Schleifer * * https://webkeks.org/git/?p=objopenssl.git * @@ -40,22 +40,22 @@ #import @implementation X509Certificate -- initWithFile: (OFString*)file +- initWithFile: (OFString*)path { self = [self init]; @try { OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init]; - OFFile *fd = [OFFile fileWithPath: file - mode: @"r"]; - OFDataArray *data = [fd readDataArrayTillEndOfStream]; - [fd close]; + OFDataArray *data = [OFDataArray + dataArrayWithContentsOfFile: path]; const unsigned char *dataCArray = [data items]; - crt = d2i_X509(NULL, &dataCArray, [data count]); - [pool release]; - if (crt == NULL) + + _certificate = d2i_X509(NULL, &dataCArray, [data count]); + if (_certificate == NULL) @throw [OFInitializationFailedException exceptionWithClass: [self class]]; + + [pool release]; } @catch (id e) { [self release]; @throw e; @@ -64,13 +64,13 @@ return self; } -- initWithX509Struct: (X509*)cert +- initWithX509Struct: (X509*)certificate { self = [self init]; @try { - crt = X509_dup(cert); - if (crt == NULL) + _certificate = X509_dup(certificate); + if (_certificate == NULL) @throw [OFInitializationFailedException exceptionWithClass: [self class]]; } @catch (id e) { @@ -83,12 +83,12 @@ - (void)dealloc { - [issuer release]; - [subject release]; - [subjectAlternativeName release]; + [_issuer release]; + [_subject release]; + [_subjectAlternativeName release]; - if (crt != NULL) - X509_free(crt); + if (_certificate != NULL) + X509_free(_certificate); [super dealloc]; } @@ -109,26 +109,26 @@ { X509_NAME *name; - if (issuer != nil) - return [[issuer copy] autorelease]; + if (_issuer != nil) + return [[_issuer copy] autorelease]; - name = X509_get_issuer_name(crt); - issuer = [[self X509_dictionaryFromX509Name: name] retain]; + name = X509_get_issuer_name(_certificate); + _issuer = [[self X509_dictionaryFromX509Name: name] retain]; - return issuer; + return _issuer; } - (OFDictionary*)subject { X509_NAME *name; - if (subject != nil) - return [[subject copy] autorelease]; + if (_subject != nil) + return [[_subject copy] autorelease]; - name = X509_get_subject_name(crt); - subject = [[self X509_dictionaryFromX509Name: name] retain]; + name = X509_get_subject_name(_certificate); + _subject = [[self X509_dictionaryFromX509Name: name] retain]; - return subject; + return _subject; } - (OFDictionary*)subjectAlternativeName @@ -137,19 +137,20 @@ OFMutableDictionary *ret; int i; - if (subjectAlternativeName != nil) - return [[subjectAlternativeName copy] autorelease]; + if (_subjectAlternativeName != nil) + return [[_subjectAlternativeName copy] autorelease]; ret = [OFMutableDictionary dictionary]; pool = [[OFAutoreleasePool alloc] init]; i = -1; - while ((i = X509_get_ext_by_NID(crt, NID_subject_alt_name, i)) != -1) { + while ((i = X509_get_ext_by_NID(_certificate, + NID_subject_alt_name, i)) != -1) { X509_EXTENSION *extension; STACK_OF(GENERAL_NAME) *values; int j, count; - if ((extension = X509_get_ext(crt, i)) == NULL) + if ((extension = X509_get_ext(_certificate, i)) == NULL) break; if ((values = X509V3_EXT_d2i(extension)) == NULL) @@ -248,7 +249,7 @@ [pool release]; [ret makeImmutable]; - subjectAlternativeName = [ret retain]; + _subjectAlternativeName = [ret retain]; return ret; } @@ -434,12 +435,12 @@ @end @implementation X509OID -- initWithUTF8String: (const char*) str +- initWithUTF8String: (const char*)string { self = [self init]; @try { - string = [[OFString alloc] initWithUTF8String: str]; + _string = [[OFString alloc] initWithUTF8String: string]; } @catch (id e) { [self release]; @throw e; @@ -450,14 +451,14 @@ - (void)dealloc { - [string release]; + [_string release]; [super dealloc]; } - (OFString*)description { char tmp[1024]; - OBJ_obj2txt(tmp, sizeof(tmp), OBJ_txt2obj([string UTF8String], 1), 0); + OBJ_obj2txt(tmp, sizeof(tmp), OBJ_txt2obj([_string UTF8String], 1), 0); return [OFString stringWithUTF8String: tmp]; } @@ -465,14 +466,14 @@ { if (([object isKindOfClass: [OFString class]]) || ([object isKindOfClass: [X509OID class]])) - return [object isEqual: string]; + return [object isEqual: _string]; return NO; } - (uint32_t)hash { - return [string hash]; + return [_string hash]; } - copy