From ecbaa8ed2037aa07c06db4849871116845301a1a Mon Sep 17 00:00:00 2001 From: Jonathan Schleifer Date: Sun, 31 Mar 2013 12:04:53 +0200 Subject: [PATCH] Conform to OFTLSSocket. Still a few FIXMEs / TODOs. --- src/SSLInvalidCertificateException.m | 16 ++-- src/SSLSocket.h | 15 +--- src/SSLSocket.m | 105 +++++++++++++-------------- 3 files changed, 64 insertions(+), 72 deletions(-) diff --git a/src/SSLInvalidCertificateException.m b/src/SSLInvalidCertificateException.m index 801813e..abfd9f0 100644 --- a/src/SSLInvalidCertificateException.m +++ b/src/SSLInvalidCertificateException.m @@ -21,12 +21,12 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include + #import "SSLInvalidCertificateException.h" #import -#import - @implementation SSLInvalidCertificateException + exceptionWithClass: (Class)class reason: (OFString*)reason @@ -37,10 +37,14 @@ - initWithClass: (Class)class { - Class c = [self class]; - [self release]; - @throw [OFNotImplementedException exceptionWithClass: c - selector: _cmd]; + @try { + [self doesNotRecognizeSelector: _cmd]; + } @catch (id e) { + [self release]; + @throw e; + } + + abort(); } - initWithClass: (Class)class diff --git a/src/SSLSocket.h b/src/SSLSocket.h index db07cb1..fa33bb8 100644 --- a/src/SSLSocket.h +++ b/src/SSLSocket.h @@ -24,31 +24,24 @@ #include #import +#import @class X509Certificate; -@interface SSLSocket: OFTCPSocket +@interface SSLSocket: OFTCPSocket { SSL *_SSL; - OFString *_privateKeyFile, *_certificateFile; + OFString *_certificateFile, *_privateKeyFile; + const char *_privateKeyPassphrase; bool _requestsClientCertificates; } #ifdef OF_HAVE_PROPERTIES -@property (copy) OFString *privateKeyFile, *certificateFile; @property bool requestsClientCertificates; #endif - initWithSocket: (OFTCPSocket*)socket; -- initWithSocket: (OFTCPSocket*)socket - privateKeyFile: (OFString*)privateKeyFile - certificateFile: (OFString*)certificateFile; - (void)SSL_super_close; -- (SSLSocket*)accept; /* Changes the return type */ -- (void)setPrivateKeyFile: (OFString*)file; -- (OFString*)privateKeyFile; -- (void)setCertificateFile: (OFString*)file; -- (OFString*)certificateFile; - (void)setRequestsClientCertificates: (bool)enabled; - (bool)requestsClientCertificates; - (OFDataArray*)channelBindingDataWithType: (OFString*)type; diff --git a/src/SSLSocket.m b/src/SSLSocket.m index eb36c33..9b0010a 100644 --- a/src/SSLSocket.m +++ b/src/SSLSocket.m @@ -114,52 +114,10 @@ locking_callback(int mode, int n, const char *file, int line) } - initWithSocket: (OFTCPSocket*)socket -{ - return [self initWithSocket: socket - privateKeyFile: nil - certificateFile: nil]; -} - -- initWithSocket: (OFTCPSocket*)socket - privateKeyFile: (OFString*)privateKeyFile - certificateFile: (OFString*)certificateFile { self = [self init]; - @try { - /* FIXME: Also allow with accepted sockets */ - - _privateKeyFile = [privateKeyFile copy]; - _certificateFile = [certificateFile copy]; - - _socket = dup(socket->_socket); - - if ((_SSL = SSL_new(ctx)) == NULL || - !SSL_set_fd(_SSL, _socket)) { - close(_socket); - _socket = INVALID_SOCKET; - @throw [OFInitializationFailedException - exceptionWithClass: [self class]]; - } - - SSL_set_connect_state(_SSL); - - if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL, - [_privateKeyFile cStringWithEncoding: - OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) || - (_certificateFile != nil && !SSL_use_certificate_file(_SSL, - [_certificateFile cStringWithEncoding: - OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) || - SSL_connect(_SSL) != 1) { - close(_socket); - _socket = INVALID_SOCKET; - @throw [OFInitializationFailedException - exceptionWithClass: [self class]]; - } - } @catch (id e) { - [self release]; - @throw e; - } + _socket = dup(socket->_socket); return self; } @@ -177,19 +135,15 @@ locking_callback(int mode, int n, const char *file, int line) SSL_free(SSL_); } -- (void)connectToHost: (OFString*)host - port: (uint16_t)port +- (void)startTLS { - [super connectToHost: host - port: port]; - if ((_SSL = SSL_new(ctx)) == NULL || !SSL_set_fd(_SSL, _socket)) { [super close]; @throw [OFConnectionFailedException exceptionWithClass: [self class] socket: self - host: host - port: port]; + host: nil + port: 0]; } SSL_set_connect_state(_SSL); @@ -201,6 +155,23 @@ locking_callback(int mode, int n, const char *file, int line) cStringWithEncoding: OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) || SSL_connect(_SSL) != 1) { [super close]; + @throw [OFConnectionFailedException + exceptionWithClass: [self class] + socket: self + host: nil + port: 0]; + } +} + +- (void)connectToHost: (OFString*)host + port: (uint16_t)port +{ + [super connectToHost: host + port: port]; + + @try { + [self startTLS]; + } @catch (OFConnectionFailedException *e) { @throw [OFConnectionFailedException exceptionWithClass: [self class] socket: self @@ -209,7 +180,7 @@ locking_callback(int mode, int n, const char *file, int line) } } -- (SSLSocket*)accept +- (instancetype)accept { SSLSocket *client = (SSLSocket*)[super accept]; @@ -333,14 +304,17 @@ locking_callback(int mode, int n, const char *file, int line) return [super numberOfBytesInReadBuffer] + SSL_pending(_SSL); } -- (void)setPrivateKeyFile: (OFString*)privateKeyFile +- (void)setDelegate: (id )delegate { - OF_SETTER(_privateKeyFile, privateKeyFile, true, 1) + /* FIXME */ + [self doesNotRecognizeSelector: _cmd]; + abort(); } -- (OFString*)privateKeyFile +- (id )delegate { - OF_GETTER(_privateKeyFile, true) + /* FIXME */ + return nil; } - (void)setCertificateFile: (OFString*)certificateFile @@ -353,6 +327,27 @@ locking_callback(int mode, int n, const char *file, int line) OF_GETTER(_certificateFile, true) } +- (void)setPrivateKeyFile: (OFString*)privateKeyFile +{ + OF_SETTER(_privateKeyFile, privateKeyFile, true, 1) +} + +- (OFString*)privateKeyFile +{ + OF_GETTER(_privateKeyFile, true) +} + +- (void)setPrivateKeyPassphrase: (const char*)privateKeyPassphrase +{ + /* FIXME */ +} + +- (const char*)privateKeyPassphrase +{ + /* FIXME */ + return NULL; +} + - (void)setRequestsClientCertificates: (bool)enabled { _requestsClientCertificates = enabled;