1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
// BlockingSslClientSocket.h
// Declares the cBlockingSslClientSocket class representing a blocking TCP socket with client SSL encryption over it
#pragma once
#include "../OSSupport/Network.h"
#include "CallbackSslContext.h"
class cBlockingSslClientSocket : protected cCallbackSslContext::cDataCallbacks
{
public:
cBlockingSslClientSocket(void);
virtual ~cBlockingSslClientSocket(void) override { Disconnect(); }
/** Connects to the specified server and performs SSL handshake.
Returns true if successful, false on failure. Sets internal error text on failure. */
bool Connect(const AString & a_ServerName, UInt16 a_Port);
/** Sends the specified data over the connection.
Returns true if successful, false on failure. Sets the internal error text on failure. */
bool Send(const void * a_Data, size_t a_NumBytes);
/** Receives data from the connection.
Blocks until there is any data available, then returns as much as possible.
Returns the number of bytes actually received, negative number on failure.
Sets the internal error text on failure. */
int Receive(void * a_Data, size_t a_MaxBytes);
/** Disconnects the connection gracefully, if possible.
Note that this also frees the internal SSL context, so all the certificates etc. are lost. */
void Disconnect(void);
/** Sets the Expected peer name.
Needs to be used before calling Connect().
\param a_ExpectedPeerName Name that we expect to receive in the SSL peer's cert; verification will fail if
the presented name is different (possible MITM). */
void SetExpectedPeerName(AString a_ExpectedPeerName);
/** Set the config to be used by the SSL context.
Config must not be modified after calling connect. */
void SetSslConfig(std::shared_ptr<const cSslConfig> a_Config);
/** Returns the text of the last error that has occurred in this instance. */
const AString & GetLastErrorText(void) const { return m_LastErrorText; }
protected:
friend class cBlockingSslClientSocketConnectCallbacks;
friend class cBlockingSslClientSocketLinkCallbacks;
/** The SSL context used for the socket */
cCallbackSslContext m_Ssl;
/** The underlying socket to the SSL server */
cTCPLinkPtr m_Socket;
/** The object used to signal state changes in the socket (the cause of the blocking). */
cEvent m_Event;
/** The configuration to be used by the SSL context. Set by SetSslConfig(). */
std::shared_ptr<const cSslConfig> m_Config;
/** The expected SSL peer's name, if we are to verify the cert strictly. Set by SetExpectedPeerName(). */
AString m_ExpectedPeerName;
/** The hostname to which the socket is connecting (stored for error reporting). */
AString m_ServerName;
/** Text of the last error that has occurred. */
AString m_LastErrorText;
/** Set to true if the connection established successfully. */
std::atomic<bool> m_IsConnected;
/** Protects m_IncomingData against multithreaded access. */
cCriticalSection m_CSIncomingData;
/** Buffer for the data incoming on the network socket.
Protected by m_CSIncomingData. */
AString m_IncomingData;
/** Called when the connection is established successfully. */
void OnConnected(void);
/** Called when an error occurs while connecting the socket. */
void OnConnectError(const AString & a_ErrorMsg);
/** Called when there's incoming data from the socket. */
void OnReceivedData(const char * a_Data, size_t a_Size);
/** Called when the link for the connection is created. */
void SetLink(cTCPLinkPtr a_Link);
/** Called when the link is disconnected, either gracefully or by an error. */
void OnDisconnected(void);
// cCallbackSslContext::cDataCallbacks overrides:
virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override;
virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override;
};
|