http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpServer.h ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpServer.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpServer.h deleted file mode 100644 index bf69dbe..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpServer.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#ifndef _THRIFT_TRANSPORT_THTTPSERVER_H_ -#define _THRIFT_TRANSPORT_THTTPSERVER_H_ 1 - -#include <thrift/transport/THttpTransport.h> - -namespace apache { namespace thrift { namespace transport { - -class THttpServer : public THttpTransport { - public: - THttpServer(boost::shared_ptr<TTransport> transport); - - virtual ~THttpServer(); - - virtual void flush(); - - protected: - - void readHeaders(); - virtual void parseHeader(char* header); - virtual bool parseStatusLine(char* status); - std::string getTimeRFC1123(); - -}; - -/** - * Wraps a transport into HTTP protocol - */ -class THttpServerTransportFactory : public TTransportFactory { - public: - THttpServerTransportFactory() {} - - virtual ~THttpServerTransportFactory() {} - - /** - * Wraps the transport into a buffered one. - */ - virtual boost::shared_ptr<TTransport> getTransport(boost::shared_ptr<TTransport> trans) { - return boost::shared_ptr<TTransport>(new THttpServer(trans)); - } - -}; - -}}} // apache::thrift::transport - -#endif // #ifndef _THRIFT_TRANSPORT_THTTPSERVER_H_
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.cpp ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.cpp deleted file mode 100644 index c415ddb..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.cpp +++ /dev/null @@ -1,252 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#include <thrift/transport/THttpTransport.h> - -namespace apache { namespace thrift { namespace transport { - -using namespace std; - -// Yeah, yeah, hacky to put these here, I know. -const char* THttpTransport::CRLF = "\r\n"; -const int THttpTransport::CRLF_LEN = 2; - -THttpTransport::THttpTransport(boost::shared_ptr<TTransport> transport) : - transport_(transport), - readHeaders_(true), - chunked_(false), - chunkedDone_(false), - chunkSize_(0), - contentLength_(0), - httpBuf_(NULL), - httpPos_(0), - httpBufLen_(0), - httpBufSize_(1024) { - init(); -} - -void THttpTransport::init() { - httpBuf_ = (char*)std::malloc(httpBufSize_+1); - if (httpBuf_ == NULL) { - throw std::bad_alloc(); - } - httpBuf_[httpBufLen_] = '\0'; -} - -THttpTransport::~THttpTransport() { - if (httpBuf_ != NULL) { - std::free(httpBuf_); - } -} - -uint32_t THttpTransport::read(uint8_t* buf, uint32_t len) { - if (readBuffer_.available_read() == 0) { - readBuffer_.resetBuffer(); - uint32_t got = readMoreData(); - if (got == 0) { - return 0; - } - } - return readBuffer_.read(buf, len); -} - -uint32_t THttpTransport::readEnd() { - // Read any pending chunked data (footers etc.) - if (chunked_) { - while (!chunkedDone_) { - readChunked(); - } - } - return 0; -} - -uint32_t THttpTransport::readMoreData() { - uint32_t size; - - // Get more data! - refill(); - - if (readHeaders_) { - readHeaders(); - } - - if (chunked_) { - size = readChunked(); - } else { - size = readContent(contentLength_); - } - readHeaders_ = true; - return size; -} - -uint32_t THttpTransport::readChunked() { - uint32_t length = 0; - - char* line = readLine(); - uint32_t chunkSize = parseChunkSize(line); - if (chunkSize == 0) { - readChunkedFooters(); - } else { - // Read data content - length += readContent(chunkSize); - // Read trailing CRLF after content - readLine(); - } - return length; -} - -void THttpTransport::readChunkedFooters() { - // End of data, read footer lines until a blank one appears - while (true) { - char* line = readLine(); - if (strlen(line) == 0) { - chunkedDone_ = true; - break; - } - } -} - -uint32_t THttpTransport::parseChunkSize(char* line) { - char* semi = strchr(line, ';'); - if (semi != NULL) { - *semi = '\0'; - } - uint32_t size = 0; - sscanf(line, "%x", &size); - return size; -} - -uint32_t THttpTransport::readContent(uint32_t size) { - uint32_t need = size; - while (need > 0) { - uint32_t avail = httpBufLen_ - httpPos_; - if (avail == 0) { - // We have given all the data, reset position to head of the buffer - httpPos_ = 0; - httpBufLen_ = 0; - refill(); - - // Now have available however much we read - avail = httpBufLen_; - } - uint32_t give = avail; - if (need < give) { - give = need; - } - readBuffer_.write((uint8_t*)(httpBuf_+httpPos_), give); - httpPos_ += give; - need -= give; - } - return size; -} - -char* THttpTransport::readLine() { - while (true) { - char* eol = NULL; - - eol = strstr(httpBuf_+httpPos_, CRLF); - - // No CRLF yet? - if (eol == NULL) { - // Shift whatever we have now to front and refill - shift(); - refill(); - } else { - // Return pointer to next line - *eol = '\0'; - char* line = httpBuf_+httpPos_; - httpPos_ = static_cast<uint32_t>((eol-httpBuf_) + CRLF_LEN); - return line; - } - } - -} - -void THttpTransport::shift() { - if (httpBufLen_ > httpPos_) { - // Shift down remaining data and read more - uint32_t length = httpBufLen_ - httpPos_; - memmove(httpBuf_, httpBuf_+httpPos_, length); - httpBufLen_ = length; - } else { - httpBufLen_ = 0; - } - httpPos_ = 0; - httpBuf_[httpBufLen_] = '\0'; -} - -void THttpTransport::refill() { - uint32_t avail = httpBufSize_ - httpBufLen_; - if (avail <= (httpBufSize_ / 4)) { - httpBufSize_ *= 2; - httpBuf_ = (char*)std::realloc(httpBuf_, httpBufSize_+1); - if (httpBuf_ == NULL) { - throw std::bad_alloc(); - } - } - - // Read more data - uint32_t got = transport_->read((uint8_t*)(httpBuf_+httpBufLen_), httpBufSize_-httpBufLen_); - httpBufLen_ += got; - httpBuf_[httpBufLen_] = '\0'; - - if (got == 0) { - throw TTransportException("Could not refill buffer"); - } -} - -void THttpTransport::readHeaders() { - // Initialize headers state variables - contentLength_ = 0; - chunked_ = false; - chunkedDone_ = false; - chunkSize_ = 0; - - // Control state flow - bool statusLine = true; - bool finished = false; - - // Loop until headers are finished - while (true) { - char* line = readLine(); - - if (strlen(line) == 0) { - if (finished) { - readHeaders_ = false; - return; - } else { - // Must have been an HTTP 100, keep going for another status line - statusLine = true; - } - } else { - if (statusLine) { - statusLine = false; - finished = parseStatusLine(line); - } else { - parseHeader(line); - } - } - } -} - -void THttpTransport::write(const uint8_t* buf, uint32_t len) { - writeBuffer_.write(buf, len); -} - -}}} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.h ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.h deleted file mode 100644 index a2e8834..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/THttpTransport.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#ifndef _THRIFT_TRANSPORT_THTTPTRANSPORT_H_ -#define _THRIFT_TRANSPORT_THTTPTRANSPORT_H_ 1 - -#include <thrift/transport/TBufferTransports.h> -#include <thrift/transport/TVirtualTransport.h> - -namespace apache { namespace thrift { namespace transport { - -/** - * HTTP implementation of the thrift transport. This was irritating - * to write, but the alternatives in C++ land are daunting. Linking CURL - * requires 23 dynamic libraries last time I checked (WTF?!?). All we have - * here is a VERY basic HTTP/1.1 client which supports HTTP 100 Continue, - * chunked transfer encoding, keepalive, etc. Tested against Apache. - */ -class THttpTransport : public TVirtualTransport<THttpTransport> { - public: - THttpTransport(boost::shared_ptr<TTransport> transport); - - virtual ~THttpTransport(); - - void open() { - transport_->open(); - } - - bool isOpen() { - return transport_->isOpen(); - } - - bool peek() { - return transport_->peek(); - } - - void close() { - transport_->close(); - } - - uint32_t read(uint8_t* buf, uint32_t len); - - uint32_t readEnd(); - - void write(const uint8_t* buf, uint32_t len); - - virtual void flush() = 0; - - protected: - - boost::shared_ptr<TTransport> transport_; - - TMemoryBuffer writeBuffer_; - TMemoryBuffer readBuffer_; - - bool readHeaders_; - bool chunked_; - bool chunkedDone_; - uint32_t chunkSize_; - uint32_t contentLength_; - - char* httpBuf_; - uint32_t httpPos_; - uint32_t httpBufLen_; - uint32_t httpBufSize_; - - virtual void init(); - - uint32_t readMoreData(); - char* readLine(); - - void readHeaders(); - virtual void parseHeader(char* header) = 0; - virtual bool parseStatusLine(char* status) = 0; - - uint32_t readChunked(); - void readChunkedFooters(); - uint32_t parseChunkSize(char* line); - - uint32_t readContent(uint32_t size); - - void refill(); - void shift(); - - static const char* CRLF; - static const int CRLF_LEN; -}; - -}}} // apache::thrift::transport - -#endif // #ifndef _THRIFT_TRANSPORT_THTTPCLIENT_H_ http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.cpp ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.cpp deleted file mode 100644 index 92e2912..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.cpp +++ /dev/null @@ -1,217 +0,0 @@ -/* -* Licensed to the Apache Software Foundation (ASF) under one -* or more contributor license agreements. See the NOTICE file -* distributed with this work for additional information -* regarding copyright ownership. The ASF licenses this file -* to you under the Apache License, Version 2.0 (the -* "License"); you may not use this file except in compliance -* with the License. You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - -#include <thrift/transport/TTransportException.h> -#include <thrift/transport/TPipe.h> - -namespace apache { namespace thrift { namespace transport { - -using namespace std; - -/** -* TPipe implementation. -*/ - -#ifdef _WIN32 -//---- Constructors ---- -TPipe::TPipe(HANDLE Pipe) : - Pipe_(Pipe), - TimeoutSeconds_(3), - isAnonymous(false) -{} - -TPipe::TPipe(const char *pipename) : - Pipe_(INVALID_HANDLE_VALUE), - TimeoutSeconds_(3), - isAnonymous(false) -{ - setPipename(pipename); -} - -TPipe::TPipe(const std::string &pipename) : - Pipe_(INVALID_HANDLE_VALUE), - TimeoutSeconds_(3), - isAnonymous(false) -{ - setPipename(pipename); -} - -TPipe::TPipe(HANDLE PipeRd, HANDLE PipeWrt) : - Pipe_(PipeRd), - PipeWrt_(PipeWrt), - TimeoutSeconds_(3), - isAnonymous(true) -{} - -TPipe::TPipe() : - Pipe_(INVALID_HANDLE_VALUE), - TimeoutSeconds_(3) -{} - -//---- Destructor ---- -TPipe::~TPipe() { - close(); -} - - -//--------------------------------------------------------- -// Transport callbacks -//--------------------------------------------------------- - -bool TPipe::isOpen() { - return (Pipe_ != INVALID_HANDLE_VALUE); -} - -bool TPipe::peek() { - if (!isOpen()) { - return false; - } - DWORD bytesavail = 0; - int PeekRet = 0; - PeekRet = PeekNamedPipe(Pipe_, NULL, 0, NULL, &bytesavail, NULL); - return (PeekRet != 0 && bytesavail > 0); -} - -void TPipe::open() { - if (isOpen()) { - return; - } - - int SleepInterval = 500; //ms - int retries = TimeoutSeconds_ * 1000 / SleepInterval; - HANDLE hPipe_; - for(int i=0; i<retries; i++) - { - hPipe_ = CreateFile( - pipename_.c_str(), - GENERIC_READ | GENERIC_WRITE, - 0, // no sharing - NULL, // default security attributes - OPEN_EXISTING, // opens existing pipe - 0, // default attributes - NULL); // no template file - - if (hPipe_ == INVALID_HANDLE_VALUE) - ::Sleep(SleepInterval); - else - break; - } - if (hPipe_ == INVALID_HANDLE_VALUE) - throw TTransportException(TTransportException::NOT_OPEN, "Unable to open pipe"); - - // The pipe connected; change to message-read mode. - DWORD dwMode = PIPE_READMODE_MESSAGE; - int fSuccess = SetNamedPipeHandleState( - hPipe_, // pipe handle - &dwMode, // new pipe mode - NULL, // don't set maximum bytes - NULL); // don't set maximum time - if (fSuccess == 0) - { - throw TTransportException(TTransportException::NOT_OPEN, "SetNamedPipeHandleState failed"); - close(); - } - Pipe_ = hPipe_; -} - - -void TPipe::close() { - if (isOpen()) - { - CloseHandle(Pipe_); - Pipe_ = INVALID_HANDLE_VALUE; - } -} - -uint32_t TPipe::read(uint8_t* buf, uint32_t len) { - if (!isOpen()) - throw TTransportException(TTransportException::NOT_OPEN, "Called read on non-open pipe"); - - DWORD cbRead; - int fSuccess = ReadFile( - Pipe_, // pipe handle - buf, // buffer to receive reply - len, // size of buffer - &cbRead, // number of bytes read - NULL); // not overlapped - - if ( !fSuccess && GetLastError() != ERROR_MORE_DATA ) - return 0; // No more data, possibly because client disconnected. - - return cbRead; -} - -void TPipe::write(const uint8_t* buf, uint32_t len) { - if (!isOpen()) - throw TTransportException(TTransportException::NOT_OPEN, "Called write on non-open pipe"); - - HANDLE WritePipe = isAnonymous? PipeWrt_: Pipe_; - DWORD cbWritten; - int fSuccess = WriteFile( - WritePipe, // pipe handle - buf, // message - len, // message length - &cbWritten, // bytes written - NULL); // not overlapped - - if ( !fSuccess) - throw TTransportException(TTransportException::NOT_OPEN, "Write to pipe failed"); -} - -//--------------------------------------------------------- -// Accessors -//--------------------------------------------------------- - -string TPipe::getPipename() { - return pipename_; -} - -void TPipe::setPipename(const std::string &pipename) { - if(pipename.find("\\\\") == -1) - pipename_ = "\\\\.\\pipe\\" + pipename; - else - pipename_ = pipename; -} - -HANDLE TPipe::getPipeHandle() { - return Pipe_; -} - -void TPipe::setPipeHandle(HANDLE pipehandle) { - Pipe_ = pipehandle; -} - -HANDLE TPipe::getWrtPipeHandle() { - return PipeWrt_; -} - -void TPipe::setWrtPipeHandle(HANDLE pipehandle) { - PipeWrt_ = pipehandle; -} - -long TPipe::getConnectTimeout() { - return TimeoutSeconds_; -} - -void TPipe::setConnectTimeout(long seconds) { - TimeoutSeconds_ = seconds; -} -#endif //_WIN32 - -}}} // apache::thrift::transport http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.h ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.h deleted file mode 100644 index 3c1755b..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipe.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#ifndef _THRIFT_TRANSPORT_TPIPE_H_ -#define _THRIFT_TRANSPORT_TPIPE_H_ 1 - -#include <thrift/transport/TTransport.h> -#include <thrift/transport/TVirtualTransport.h> -#ifndef _WIN32 -# include <thrift/transport/TSocket.h> -#endif - -namespace apache { namespace thrift { namespace transport { - -/** - * Windows Pipes implementation of the TTransport interface. - * - */ -#ifdef _WIN32 -class TPipe : public TVirtualTransport<TPipe> { - public: - - // Constructs a new pipe object. - TPipe(); - // Named pipe constructors - - explicit TPipe(HANDLE Pipe); //HANDLE is a void* - //need a const char * overload so string literals don't go to the HANDLE overload - explicit TPipe(const char *pipename); - explicit TPipe(const std::string &pipename); - // Anonymous pipe - - TPipe(HANDLE PipeRd, HANDLE PipeWrt); - - // Destroys the pipe object, closing it if necessary. - virtual ~TPipe(); - - // Returns whether the pipe is open & valid. - virtual bool isOpen(); - - // Checks whether more data is available in the pipe. - virtual bool peek(); - - // Creates and opens the named/anonymous pipe. - virtual void open(); - - // Shuts down communications on the pipe. - virtual void close(); - - // Reads from the pipe. - virtual uint32_t read(uint8_t* buf, uint32_t len); - - // Writes to the pipe. - virtual void write(const uint8_t* buf, uint32_t len); - - - //Accessors - std::string getPipename(); - void setPipename(const std::string &pipename); - HANDLE getPipeHandle(); //doubles as the read handle for anon pipe - void setPipeHandle(HANDLE pipehandle); - HANDLE getWrtPipeHandle(); - void setWrtPipeHandle(HANDLE pipehandle); - long getConnectTimeout(); - void setConnectTimeout(long seconds); - - private: - std::string pipename_; - - //Named pipe handles are R/W, while anonymous pipes are one or the other (half duplex). - HANDLE Pipe_, PipeWrt_; - long TimeoutSeconds_; - bool isAnonymous; -}; -#else -typedef TSocket TPipe; -#endif - -}}} // apache::thrift::transport - -#endif // #ifndef _THRIFT_TRANSPORT_TPIPE_H_ - http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.cpp ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.cpp deleted file mode 100644 index 10fc69b..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.cpp +++ /dev/null @@ -1,402 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#include <thrift/thrift-config.h> -#include <cstring> - -#include <thrift/transport/TPipe.h> -#include <thrift/transport/TPipeServer.h> -#include <boost/shared_ptr.hpp> -#ifdef _WIN32 -# include <AccCtrl.h> -# include <Aclapi.h> -#endif //_WIN32 - -namespace apache { namespace thrift { namespace transport { - -#ifdef _WIN32 - -using namespace std; -using boost::shared_ptr; - -//---- Constructors ---- -TPipeServer::TPipeServer(const std::string &pipename, uint32_t bufsize) : - pipename_(pipename), - bufsize_(bufsize), - Pipe_(INVALID_HANDLE_VALUE), - wakeup(INVALID_HANDLE_VALUE), - maxconns_(TPIPE_SERVER_MAX_CONNS_DEFAULT), - isAnonymous(false), - stop_(false) - { - setPipename(pipename); - createWakeupEvent(); - } - -TPipeServer::TPipeServer(const std::string &pipename, uint32_t bufsize, uint32_t maxconnections) : - pipename_(pipename), - bufsize_(bufsize), - Pipe_(INVALID_HANDLE_VALUE), - wakeup(INVALID_HANDLE_VALUE), - isAnonymous(false), - stop_(false) - { //Restrict maxconns_ to 1-PIPE_UNLIMITED_INSTANCES - if(maxconnections == 0) - maxconns_ = 1; - else if (maxconnections > PIPE_UNLIMITED_INSTANCES) - maxconns_ = PIPE_UNLIMITED_INSTANCES; - else - maxconns_ = maxconnections; - - setPipename(pipename); - createWakeupEvent(); - } - -TPipeServer::TPipeServer(const std::string &pipename) : - pipename_(pipename), - bufsize_(1024), - Pipe_(INVALID_HANDLE_VALUE), - wakeup(INVALID_HANDLE_VALUE), - maxconns_(TPIPE_SERVER_MAX_CONNS_DEFAULT), - isAnonymous(false), - stop_(false) - { - setPipename(pipename); - createWakeupEvent(); - } - -TPipeServer::TPipeServer(int bufsize) : - pipename_(""), - bufsize_(bufsize), - Pipe_(INVALID_HANDLE_VALUE), - wakeup(INVALID_HANDLE_VALUE), - maxconns_(1), - isAnonymous(true), - stop_(false) - { - //The anonymous pipe needs to be created first so that the server can - //pass the handles on to the client before the serve (acceptImpl) - //blocking call. - if (!TCreateAnonPipe()) { - GlobalOutput.perror("TPipeServer Create(Anon)Pipe failed, GLE=", GetLastError()); - throw TTransportException(TTransportException::NOT_OPEN, " TPipeServer Create(Anon)Pipe failed"); - } - createWakeupEvent(); -} - -TPipeServer::TPipeServer() : - pipename_(""), - bufsize_(1024), - Pipe_(INVALID_HANDLE_VALUE), - wakeup(INVALID_HANDLE_VALUE), - maxconns_(1), - isAnonymous(true), - stop_(false) -{ - if (!TCreateAnonPipe()) { - GlobalOutput.perror("TPipeServer Create(Anon)Pipe failed, GLE=", GetLastError()); - throw TTransportException(TTransportException::NOT_OPEN, " TPipeServer Create(Anon)Pipe failed"); - } - createWakeupEvent(); -} - -//---- Destructor ---- -TPipeServer::~TPipeServer() { - close(); - CloseHandle( wakeup); - wakeup = INVALID_HANDLE_VALUE; -} - -//--------------------------------------------------------- -// Transport callbacks -//--------------------------------------------------------- - -shared_ptr<TTransport> TPipeServer::acceptImpl() { - shared_ptr<TPipe> client; - - stop_ = FALSE; - - if(isAnonymous) - { //Anonymous Pipe - //This 0-byte read serves merely as a blocking call. - byte buf; - DWORD br; - int fSuccess = ReadFile( - Pipe_, // pipe handle - &buf, // buffer to receive reply - 0, // size of buffer - &br, // number of bytes read - NULL); // not overlapped - - if ( !fSuccess && GetLastError() != ERROR_MORE_DATA ) { - GlobalOutput.perror("TPipeServer unable to initiate pipe comms, GLE=", GetLastError()); - throw TTransportException(TTransportException::NOT_OPEN, " TPipeServer unable to initiate pipe comms"); - } - client.reset(new TPipe(Pipe_, PipeW_)); - } - else - { //Named Pipe - if (!TCreateNamedPipe()) { - GlobalOutput.perror("TPipeServer CreateNamedPipe failed, GLE=", GetLastError()); - throw TTransportException(TTransportException::NOT_OPEN, " TPipeServer CreateNamedPipe failed"); - } - - struct TEventCleaner { - HANDLE hEvent; - ~TEventCleaner() {CloseHandle(hEvent);} - }; - - OVERLAPPED overlapped; - memset( &overlapped, 0, sizeof(overlapped)); - overlapped.hEvent = CreateEvent( NULL, TRUE, FALSE, NULL); - { - TEventCleaner cleaner = {overlapped.hEvent}; - while( ! stop_) - { - // Wait for the client to connect; if it succeeds, the - // function returns a nonzero value. If the function returns - // zero, GetLastError should return ERROR_PIPE_CONNECTED. - if( ConnectNamedPipe(Pipe_, &overlapped)) - { - GlobalOutput.printf("Client connected."); - client.reset(new TPipe(Pipe_)); - return client; - } - - DWORD dwErr = GetLastError(); - HANDLE events[2] = {overlapped.hEvent, wakeup}; - switch( dwErr) - { - case ERROR_PIPE_CONNECTED: - GlobalOutput.printf("Client connected."); - client.reset(new TPipe(Pipe_)); - return client; - - case ERROR_IO_PENDING: - DWORD dwWait, dwDummy; - dwWait = WaitForMultipleObjects( 2, events, FALSE, 3000); - switch(dwWait) - { - case WAIT_OBJECT_0: - if(GetOverlappedResult(Pipe_, &overlapped, &dwDummy, TRUE)) - { - GlobalOutput.printf("Client connected."); - client.reset(new TPipe(Pipe_)); - return client; - } - break; - case WAIT_OBJECT_0 + 1: - stop_ = TRUE; - break; - default: - break; - } - break; - - default: - break; - } - - CancelIo(Pipe_); - DisconnectNamedPipe(Pipe_); - } - - close(); - GlobalOutput.perror("TPipeServer ConnectNamedPipe GLE=", GetLastError()); - throw TTransportException(TTransportException::NOT_OPEN, "TPipeServer: client connection failed"); - } - } - - return client; -} - -void TPipeServer::interrupt() { - if(Pipe_ != INVALID_HANDLE_VALUE) { - stop_ = TRUE; - CancelIo(Pipe_); - SetEvent(wakeup); - } -} - -void TPipeServer::close() { - if(!isAnonymous) - { - if(Pipe_ != INVALID_HANDLE_VALUE) { - DisconnectNamedPipe(Pipe_); - CloseHandle(Pipe_); - Pipe_ = INVALID_HANDLE_VALUE; - } - } - else - { - try { - CloseHandle(Pipe_); - CloseHandle(PipeW_); - CloseHandle(ClientAnonRead); - CloseHandle(ClientAnonWrite); - } - catch(...) { - GlobalOutput.perror("TPipeServer anon close GLE=", GetLastError()); - } - } -} - - -bool TPipeServer::TCreateNamedPipe() { - - //Windows - set security to allow non-elevated apps - //to access pipes created by elevated apps. - SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY; - PSID everyone_sid = NULL; - AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid); - - EXPLICIT_ACCESS ea; - ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); - ea.grfAccessPermissions = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL; - ea.grfAccessMode = SET_ACCESS; - ea.grfInheritance = NO_INHERITANCE; - ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; - ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; - ea.Trustee.ptstrName = (LPSTR)everyone_sid; - - PACL acl = NULL; - SetEntriesInAcl(1, &ea, NULL, &acl); - - PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH); - InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION); - SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE); - - SECURITY_ATTRIBUTES sa; - sa.nLength = sizeof(SECURITY_ATTRIBUTES); - sa.lpSecurityDescriptor = sd; - sa.bInheritHandle = FALSE; - - // Create an instance of the named pipe - HANDLE hPipe_ = CreateNamedPipe( - pipename_.c_str(), // pipe name - PIPE_ACCESS_DUPLEX | // read/write access - FILE_FLAG_OVERLAPPED, // async mode - PIPE_TYPE_MESSAGE | // message type pipe - PIPE_READMODE_MESSAGE, // message-read mode - maxconns_, // max. instances - bufsize_, // output buffer size - bufsize_, // input buffer size - 0, // client time-out - &sa); // default security attribute - - if(hPipe_ == INVALID_HANDLE_VALUE) - { - Pipe_ = INVALID_HANDLE_VALUE; - GlobalOutput.perror("TPipeServer::TCreateNamedPipe() GLE=", GetLastError()); - throw TTransportException(TTransportException::NOT_OPEN, "TCreateNamedPipe() failed", GetLastError()); - return false; - } - - Pipe_ = hPipe_; - return true; -} - -bool TPipeServer::TCreateAnonPipe() { - SECURITY_ATTRIBUTES sa; - SECURITY_DESCRIPTOR sd; //security information for pipes - - InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION); - SetSecurityDescriptorDacl(&sd, true, NULL, false); - sa.lpSecurityDescriptor = &sd; - sa.nLength = sizeof(SECURITY_ATTRIBUTES); - sa.bInheritHandle = true; //allow passing handle to child - - HANDLE ClientAnonReadH, PipeW_H, ClientAnonWriteH, Pipe_H; - if (!CreatePipe(&ClientAnonReadH,&PipeW_H,&sa,0)) //create stdin pipe - { - GlobalOutput.perror("TPipeServer CreatePipe (anon) failed, GLE=", GetLastError()); - return false; - } - if (!CreatePipe(&Pipe_H,&ClientAnonWriteH,&sa,0)) //create stdout pipe - { - GlobalOutput.perror("TPipeServer CreatePipe (anon) failed, GLE=", GetLastError()); - CloseHandle(ClientAnonReadH); - CloseHandle(PipeW_H); - return false; - } - ClientAnonRead = ClientAnonReadH; - ClientAnonWrite = ClientAnonWriteH; - Pipe_ = Pipe_H; - PipeW_ = PipeW_H; - - return true; -} - -void TPipeServer::createWakeupEvent() { - wakeup = CreateEvent( NULL, TRUE, FALSE, NULL); -} - - -//--------------------------------------------------------- -// Accessors -//--------------------------------------------------------- - -string TPipeServer::getPipename() { - return pipename_; -} - -void TPipeServer::setPipename(const std::string &pipename) { - if(pipename.find("\\\\") == -1) - pipename_ = "\\\\.\\pipe\\" + pipename; - else - pipename_ = pipename; -} - -int TPipeServer::getBufferSize() { - return bufsize_; -} - -void TPipeServer::setBufferSize(int bufsize) { - bufsize_ = bufsize; -} - -HANDLE TPipeServer::getPipeHandle() { - return Pipe_; -} - -HANDLE TPipeServer::getWrtPipeHandle() -{ - return PipeW_; -} - -HANDLE TPipeServer::getClientRdPipeHandle() -{ - return ClientAnonRead; -} - -HANDLE TPipeServer::getClientWrtPipeHandle() -{ - return ClientAnonWrite; -} - -bool TPipeServer::getAnonymous() { - return isAnonymous; -} - -void TPipeServer::setAnonymous(bool anon) { - isAnonymous = anon; -} -#endif //_WIN32 - -}}} // apache::thrift::transport http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.h ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.h deleted file mode 100755 index 88a8b6b..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TPipeServer.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#ifndef _THRIFT_TRANSPORT_TSERVERWINPIPES_H_ -#define _THRIFT_TRANSPORT_TSERVERWINPIPES_H_ 1 - -#include <thrift/transport/TServerTransport.h> -#include <boost/shared_ptr.hpp> -#ifndef _WIN32 -# include "TServerSocket.h" -#endif - -#define TPIPE_SERVER_MAX_CONNS_DEFAULT 10 - -namespace apache { namespace thrift { namespace transport { - -/** - * Windows Pipes implementation of TServerTransport. - */ -#ifdef _WIN32 -class TPipeServer : public TServerTransport { - public: - //Constructors - // Named Pipe - - TPipeServer(const std::string &pipename, uint32_t bufsize); - TPipeServer(const std::string &pipename, uint32_t bufsize, uint32_t maxconnections); - TPipeServer(const std::string &pipename); - // Anonymous pipe - - TPipeServer(int bufsize); - TPipeServer(); - - //Destructor - ~TPipeServer(); - - //Standard transport callbacks - void interrupt(); - void close(); - protected: - boost::shared_ptr<TTransport> acceptImpl(); - - bool TCreateNamedPipe(); - bool TCreateAnonPipe(); - void createWakeupEvent(); - - public: - //Accessors - std::string getPipename(); - void setPipename(const std::string &pipename); - int getBufferSize(); - void setBufferSize(int bufsize); - HANDLE getPipeHandle(); //Named Pipe R/W -or- Anonymous pipe Read handle - HANDLE getWrtPipeHandle(); - HANDLE getClientRdPipeHandle(); - HANDLE getClientWrtPipeHandle(); - bool getAnonymous(); - void setAnonymous(bool anon); - - private: - std::string pipename_; - uint32_t bufsize_; - HANDLE Pipe_; //Named Pipe (R/W) or Anonymous Pipe (R) - uint32_t maxconns_; - HANDLE PipeW_; //Anonymous Pipe (W) - HANDLE ClientAnonRead, ClientAnonWrite; //Client side anonymous pipe handles - HANDLE wakeup; // wake up event - //? Do we need duplicates to send to client? - bool isAnonymous; - bool stop_; // stop flag -}; -#else //_WIN32 -//*NIX named pipe implementation uses domain socket -typedef TServerSocket TPipeServer; -#endif - -}}} // apache::thrift::transport - -#endif // #ifndef _THRIFT_TRANSPORT_TSERVERWINPIPES_H_ http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.cpp ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.cpp deleted file mode 100644 index 4689e4a..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.cpp +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#include <thrift/transport/TSSLServerSocket.h> -#include <thrift/transport/TSSLSocket.h> - -namespace apache { namespace thrift { namespace transport { - -using namespace boost; - -/** - * SSL server socket implementation. - */ -TSSLServerSocket::TSSLServerSocket(int port, - shared_ptr<TSSLSocketFactory> factory): - TServerSocket(port), factory_(factory) { - factory_->server(true); -} - -TSSLServerSocket::TSSLServerSocket(int port, int sendTimeout, int recvTimeout, - shared_ptr<TSSLSocketFactory> factory): - TServerSocket(port, sendTimeout, recvTimeout), - factory_(factory) { - factory_->server(true); -} - -shared_ptr<TSocket> TSSLServerSocket::createSocket(int client) { - return factory_->createSocket(client); -} - -}}} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.h ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.h deleted file mode 100644 index 6d8e657..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLServerSocket.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#ifndef _THRIFT_TRANSPORT_TSSLSERVERSOCKET_H_ -#define _THRIFT_TRANSPORT_TSSLSERVERSOCKET_H_ 1 - -#include <boost/shared_ptr.hpp> -#include <thrift/transport/TServerSocket.h> - -namespace apache { namespace thrift { namespace transport { - -class TSSLSocketFactory; - -/** - * Server socket that accepts SSL connections. - */ -class TSSLServerSocket: public TServerSocket { - public: - /** - * Constructor. - * - * @param port Listening port - * @param factory SSL socket factory implementation - */ - TSSLServerSocket(int port, boost::shared_ptr<TSSLSocketFactory> factory); - /** - * Constructor. - * - * @param port Listening port - * @param sendTimeout Socket send timeout - * @param recvTimeout Socket receive timeout - * @param factory SSL socket factory implementation - */ - TSSLServerSocket(int port, int sendTimeout, int recvTimeout, - boost::shared_ptr<TSSLSocketFactory> factory); - protected: - boost::shared_ptr<TSocket> createSocket(int socket); - boost::shared_ptr<TSSLSocketFactory> factory_; -}; - -}}} - -#endif http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.cpp ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.cpp b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.cpp deleted file mode 100644 index 029c541..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.cpp +++ /dev/null @@ -1,671 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#include <thrift/thrift-config.h> - -#include <errno.h> -#include <string> -#ifdef HAVE_ARPA_INET_H -#include <arpa/inet.h> -#endif -#include <sys/types.h> -#ifdef HAVE_SYS_SOCKET_H -#include <sys/socket.h> -#endif -#include <boost/lexical_cast.hpp> -#include <boost/shared_array.hpp> -#include <openssl/err.h> -#include <openssl/rand.h> -#include <openssl/ssl.h> -#include <openssl/x509v3.h> -#include <thrift/concurrency/Mutex.h> -#include <thrift/transport/TSSLSocket.h> -#include <thrift/transport/PlatformSocket.h> - -#define OPENSSL_VERSION_NO_THREAD_ID 0x10000000L - -using namespace std; -using namespace boost; -using namespace apache::thrift::concurrency; - -struct CRYPTO_dynlock_value { - Mutex mutex; -}; - -namespace apache { namespace thrift { namespace transport { - - -static void buildErrors(string& message, int error = 0); -static bool matchName(const char* host, const char* pattern, int size); -static char uppercase(char c); - -// SSLContext implementation -SSLContext::SSLContext() { - ctx_ = SSL_CTX_new(TLSv1_method()); - if (ctx_ == NULL) { - string errors; - buildErrors(errors); - throw TSSLException("SSL_CTX_new: " + errors); - } - SSL_CTX_set_mode(ctx_, SSL_MODE_AUTO_RETRY); -} - -SSLContext::~SSLContext() { - if (ctx_ != NULL) { - SSL_CTX_free(ctx_); - ctx_ = NULL; - } -} - -SSL* SSLContext::createSSL() { - SSL* ssl = SSL_new(ctx_); - if (ssl == NULL) { - string errors; - buildErrors(errors); - throw TSSLException("SSL_new: " + errors); - } - return ssl; -} - -// TSSLSocket implementation -TSSLSocket::TSSLSocket(boost::shared_ptr<SSLContext> ctx): - TSocket(), server_(false), ssl_(NULL), ctx_(ctx) { -} - -TSSLSocket::TSSLSocket(boost::shared_ptr<SSLContext> ctx, int socket): - TSocket(socket), server_(false), ssl_(NULL), ctx_(ctx) { -} - -TSSLSocket::TSSLSocket(boost::shared_ptr<SSLContext> ctx, string host, int port): - TSocket(host, port), server_(false), ssl_(NULL), ctx_(ctx) { -} - -TSSLSocket::~TSSLSocket() { - close(); -} - -bool TSSLSocket::isOpen() { - if (ssl_ == NULL || !TSocket::isOpen()) { - return false; - } - int shutdown = SSL_get_shutdown(ssl_); - // "!!" is squelching C4800 "forcing bool -> true or false" perfomance warning - bool shutdownReceived = !!(shutdown & SSL_RECEIVED_SHUTDOWN); - bool shutdownSent = !!(shutdown & SSL_SENT_SHUTDOWN); - if (shutdownReceived && shutdownSent) { - return false; - } - return true; -} - -bool TSSLSocket::peek() { - if (!isOpen()) { - return false; - } - checkHandshake(); - int rc; - uint8_t byte; - rc = SSL_peek(ssl_, &byte, 1); - if (rc < 0) { - int errno_copy = THRIFT_GET_SOCKET_ERROR; - string errors; - buildErrors(errors, errno_copy); - throw TSSLException("SSL_peek: " + errors); - } - if (rc == 0) { - ERR_clear_error(); - } - return (rc > 0); -} - -void TSSLSocket::open() { - if (isOpen() || server()) { - throw TTransportException(TTransportException::BAD_ARGS); - } - TSocket::open(); -} - -void TSSLSocket::close() { - if (ssl_ != NULL) { - int rc = SSL_shutdown(ssl_); - if (rc == 0) { - rc = SSL_shutdown(ssl_); - } - if (rc < 0) { - int errno_copy = THRIFT_GET_SOCKET_ERROR; - string errors; - buildErrors(errors, errno_copy); - GlobalOutput(("SSL_shutdown: " + errors).c_str()); - } - SSL_free(ssl_); - ssl_ = NULL; - ERR_remove_state(0); - } - TSocket::close(); -} - -uint32_t TSSLSocket::read(uint8_t* buf, uint32_t len) { - checkHandshake(); - int32_t bytes = 0; - for (int32_t retries = 0; retries < maxRecvRetries_; retries++){ - bytes = SSL_read(ssl_, buf, len); - if (bytes >= 0) - break; - int errno_copy = THRIFT_GET_SOCKET_ERROR; - if (SSL_get_error(ssl_, bytes) == SSL_ERROR_SYSCALL) { - if (ERR_get_error() == 0 && errno_copy == THRIFT_EINTR) { - continue; - } - } - string errors; - buildErrors(errors, errno_copy); - throw TSSLException("SSL_read: " + errors); - } - return bytes; -} - -void TSSLSocket::write(const uint8_t* buf, uint32_t len) { - checkHandshake(); - // loop in case SSL_MODE_ENABLE_PARTIAL_WRITE is set in SSL_CTX. - uint32_t written = 0; - while (written < len) { - int32_t bytes = SSL_write(ssl_, &buf[written], len - written); - if (bytes <= 0) { - int errno_copy = THRIFT_GET_SOCKET_ERROR; - string errors; - buildErrors(errors, errno_copy); - throw TSSLException("SSL_write: " + errors); - } - written += bytes; - } -} - -void TSSLSocket::flush() { - // Don't throw exception if not open. Thrift servers close socket twice. - if (ssl_ == NULL) { - return; - } - checkHandshake(); - BIO* bio = SSL_get_wbio(ssl_); - if (bio == NULL) { - throw TSSLException("SSL_get_wbio returns NULL"); - } - if (BIO_flush(bio) != 1) { - int errno_copy = THRIFT_GET_SOCKET_ERROR; - string errors; - buildErrors(errors, errno_copy); - throw TSSLException("BIO_flush: " + errors); - } -} - -void TSSLSocket::checkHandshake() { - if (!TSocket::isOpen()) { - throw TTransportException(TTransportException::NOT_OPEN); - } - if (ssl_ != NULL) { - return; - } - ssl_ = ctx_->createSSL(); - SSL_set_fd(ssl_, socket_); - int rc; - if (server()) { - rc = SSL_accept(ssl_); - } else { - rc = SSL_connect(ssl_); - } - if (rc <= 0) { - int errno_copy = THRIFT_GET_SOCKET_ERROR; - string fname(server() ? "SSL_accept" : "SSL_connect"); - string errors; - buildErrors(errors, errno_copy); - throw TSSLException(fname + ": " + errors); - } - authorize(); -} - -void TSSLSocket::authorize() { - int rc = SSL_get_verify_result(ssl_); - if (rc != X509_V_OK) { // verify authentication result - throw TSSLException(string("SSL_get_verify_result(), ") + - X509_verify_cert_error_string(rc)); - } - - X509* cert = SSL_get_peer_certificate(ssl_); - if (cert == NULL) { - // certificate is not present - if (SSL_get_verify_mode(ssl_) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { - throw TSSLException("authorize: required certificate not present"); - } - // certificate was optional: didn't intend to authorize remote - if (server() && access_ != NULL) { - throw TSSLException("authorize: certificate required for authorization"); - } - return; - } - // certificate is present - if (access_ == NULL) { - X509_free(cert); - return; - } - // both certificate and access manager are present - - string host; - sockaddr_storage sa; - socklen_t saLength = sizeof(sa); - - if (getpeername(socket_, (sockaddr*)&sa, &saLength) != 0) { - sa.ss_family = AF_UNSPEC; - } - - AccessManager::Decision decision = access_->verify(sa); - - if (decision != AccessManager::SKIP) { - X509_free(cert); - if (decision != AccessManager::ALLOW) { - throw TSSLException("authorize: access denied based on remote IP"); - } - return; - } - - // extract subjectAlternativeName - STACK_OF(GENERAL_NAME)* alternatives = (STACK_OF(GENERAL_NAME)*) - X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); - if (alternatives != NULL) { - const int count = sk_GENERAL_NAME_num(alternatives); - for (int i = 0; decision == AccessManager::SKIP && i < count; i++) { - const GENERAL_NAME* name = sk_GENERAL_NAME_value(alternatives, i); - if (name == NULL) { - continue; - } - char* data = (char*)ASN1_STRING_data(name->d.ia5); - int length = ASN1_STRING_length(name->d.ia5); - switch (name->type) { - case GEN_DNS: - if (host.empty()) { - host = (server() ? getPeerHost() : getHost()); - } - decision = access_->verify(host, data, length); - break; - case GEN_IPADD: - decision = access_->verify(sa, data, length); - break; - } - } - sk_GENERAL_NAME_pop_free(alternatives, GENERAL_NAME_free); - } - - if (decision != AccessManager::SKIP) { - X509_free(cert); - if (decision != AccessManager::ALLOW) { - throw TSSLException("authorize: access denied"); - } - return; - } - - // extract commonName - X509_NAME* name = X509_get_subject_name(cert); - if (name != NULL) { - X509_NAME_ENTRY* entry; - unsigned char* utf8; - int last = -1; - while (decision == AccessManager::SKIP) { - last = X509_NAME_get_index_by_NID(name, NID_commonName, last); - if (last == -1) - break; - entry = X509_NAME_get_entry(name, last); - if (entry == NULL) - continue; - ASN1_STRING* common = X509_NAME_ENTRY_get_data(entry); - int size = ASN1_STRING_to_UTF8(&utf8, common); - if (host.empty()) { - host = (server() ? getHost() : getHost()); - } - decision = access_->verify(host, (char*)utf8, size); - OPENSSL_free(utf8); - } - } - X509_free(cert); - if (decision != AccessManager::ALLOW) { - throw TSSLException("authorize: cannot authorize peer"); - } -} - -// TSSLSocketFactory implementation -bool TSSLSocketFactory::initialized = false; -uint64_t TSSLSocketFactory::count_ = 0; -Mutex TSSLSocketFactory::mutex_; - -TSSLSocketFactory::TSSLSocketFactory(): server_(false) { - Guard guard(mutex_); - if (count_ == 0) { - initializeOpenSSL(); - randomize(); - } - count_++; - ctx_ = boost::shared_ptr<SSLContext>(new SSLContext); -} - -TSSLSocketFactory::~TSSLSocketFactory() { - Guard guard(mutex_); - count_--; - if (count_ == 0) { - cleanupOpenSSL(); - } -} - -boost::shared_ptr<TSSLSocket> TSSLSocketFactory::createSocket() { - boost::shared_ptr<TSSLSocket> ssl(new TSSLSocket(ctx_)); - setup(ssl); - return ssl; -} - -boost::shared_ptr<TSSLSocket> TSSLSocketFactory::createSocket(int socket) { - boost::shared_ptr<TSSLSocket> ssl(new TSSLSocket(ctx_, socket)); - setup(ssl); - return ssl; -} - -boost::shared_ptr<TSSLSocket> TSSLSocketFactory::createSocket(const string& host, - int port) { - boost::shared_ptr<TSSLSocket> ssl(new TSSLSocket(ctx_, host, port)); - setup(ssl); - return ssl; -} - -void TSSLSocketFactory::setup(boost::shared_ptr<TSSLSocket> ssl) { - ssl->server(server()); - if (access_ == NULL && !server()) { - access_ = boost::shared_ptr<AccessManager>(new DefaultClientAccessManager); - } - if (access_ != NULL) { - ssl->access(access_); - } -} - -void TSSLSocketFactory::ciphers(const string& enable) { - int rc = SSL_CTX_set_cipher_list(ctx_->get(), enable.c_str()); - if (ERR_peek_error() != 0) { - string errors; - buildErrors(errors); - throw TSSLException("SSL_CTX_set_cipher_list: " + errors); - } - if (rc == 0) { - throw TSSLException("None of specified ciphers are supported"); - } -} - -void TSSLSocketFactory::authenticate(bool required) { - int mode; - if (required) { - mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; - } else { - mode = SSL_VERIFY_NONE; - } - SSL_CTX_set_verify(ctx_->get(), mode, NULL); -} - -void TSSLSocketFactory::loadCertificate(const char* path, const char* format) { - if (path == NULL || format == NULL) { - throw TTransportException(TTransportException::BAD_ARGS, - "loadCertificateChain: either <path> or <format> is NULL"); - } - if (strcmp(format, "PEM") == 0) { - if (SSL_CTX_use_certificate_chain_file(ctx_->get(), path) == 0) { - int errno_copy = THRIFT_GET_SOCKET_ERROR; - string errors; - buildErrors(errors, errno_copy); - throw TSSLException("SSL_CTX_use_certificate_chain_file: " + errors); - } - } else { - throw TSSLException("Unsupported certificate format: " + string(format)); - } -} - -void TSSLSocketFactory::loadPrivateKey(const char* path, const char* format) { - if (path == NULL || format == NULL) { - throw TTransportException(TTransportException::BAD_ARGS, - "loadPrivateKey: either <path> or <format> is NULL"); - } - if (strcmp(format, "PEM") == 0) { - if (SSL_CTX_use_PrivateKey_file(ctx_->get(), path, SSL_FILETYPE_PEM) == 0) { - int errno_copy = THRIFT_GET_SOCKET_ERROR; - string errors; - buildErrors(errors, errno_copy); - throw TSSLException("SSL_CTX_use_PrivateKey_file: " + errors); - } - } -} - -void TSSLSocketFactory::loadTrustedCertificates(const char* path) { - if (path == NULL) { - throw TTransportException(TTransportException::BAD_ARGS, - "loadTrustedCertificates: <path> is NULL"); - } - if (SSL_CTX_load_verify_locations(ctx_->get(), path, NULL) == 0) { - int errno_copy = THRIFT_GET_SOCKET_ERROR; - string errors; - buildErrors(errors, errno_copy); - throw TSSLException("SSL_CTX_load_verify_locations: " + errors); - } -} - -void TSSLSocketFactory::randomize() { - RAND_poll(); -} - -void TSSLSocketFactory::overrideDefaultPasswordCallback() { - SSL_CTX_set_default_passwd_cb(ctx_->get(), passwordCallback); - SSL_CTX_set_default_passwd_cb_userdata(ctx_->get(), this); -} - -int TSSLSocketFactory::passwordCallback(char* password, - int size, - int, - void* data) { - TSSLSocketFactory* factory = (TSSLSocketFactory*)data; - string userPassword; - factory->getPassword(userPassword, size); - int length = userPassword.size(); - if (length > size) { - length = size; - } - strncpy(password, userPassword.c_str(), length); - return length; -} - -static shared_array<Mutex> mutexes; - -static void callbackLocking(int mode, int n, const char*, int) { - if (mode & CRYPTO_LOCK) { - mutexes[n].lock(); - } else { - mutexes[n].unlock(); - } -} - -#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_NO_THREAD_ID) -static unsigned long callbackThreadID() { - return (unsigned long) pthread_self(); -} -#endif - -static CRYPTO_dynlock_value* dyn_create(const char*, int) { - return new CRYPTO_dynlock_value; -} - -static void dyn_lock(int mode, - struct CRYPTO_dynlock_value* lock, - const char*, int) { - if (lock != NULL) { - if (mode & CRYPTO_LOCK) { - lock->mutex.lock(); - } else { - lock->mutex.unlock(); - } - } -} - -static void dyn_destroy(struct CRYPTO_dynlock_value* lock, const char*, int) { - delete lock; -} - -void TSSLSocketFactory::initializeOpenSSL() { - if (initialized) { - return; - } - initialized = true; - SSL_library_init(); - SSL_load_error_strings(); - // static locking - mutexes = shared_array<Mutex>(new Mutex[::CRYPTO_num_locks()]); - if (mutexes == NULL) { - throw TTransportException(TTransportException::INTERNAL_ERROR, - "initializeOpenSSL() failed, " - "out of memory while creating mutex array"); - } -#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_NO_THREAD_ID) - CRYPTO_set_id_callback(callbackThreadID); -#endif - CRYPTO_set_locking_callback(callbackLocking); - // dynamic locking - CRYPTO_set_dynlock_create_callback(dyn_create); - CRYPTO_set_dynlock_lock_callback(dyn_lock); - CRYPTO_set_dynlock_destroy_callback(dyn_destroy); -} - -void TSSLSocketFactory::cleanupOpenSSL() { - if (!initialized) { - return; - } - initialized = false; -#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_NO_THREAD_ID) - CRYPTO_set_id_callback(NULL); -#endif - CRYPTO_set_locking_callback(NULL); - CRYPTO_set_dynlock_create_callback(NULL); - CRYPTO_set_dynlock_lock_callback(NULL); - CRYPTO_set_dynlock_destroy_callback(NULL); - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - EVP_cleanup(); - ERR_remove_state(0); - mutexes.reset(); -} - -// extract error messages from error queue -void buildErrors(string& errors, int errno_copy) { - unsigned long errorCode; - char message[256]; - - errors.reserve(512); - while ((errorCode = ERR_get_error()) != 0) { - if (!errors.empty()) { - errors += "; "; - } - const char* reason = ERR_reason_error_string(errorCode); - if (reason == NULL) { - THRIFT_SNPRINTF(message, sizeof(message) - 1, "SSL error # %lu", errorCode); - reason = message; - } - errors += reason; - } - if (errors.empty()) { - if (errno_copy != 0) { - errors += TOutput::strerror_s(errno_copy); - } - } - if (errors.empty()) { - errors = "error code: " + lexical_cast<string>(errno_copy); - } -} - -/** - * Default implementation of AccessManager - */ -Decision DefaultClientAccessManager::verify(const sockaddr_storage& sa) - throw() { - (void) sa; - return SKIP; -} - -Decision DefaultClientAccessManager::verify(const string& host, - const char* name, - int size) throw() { - if (host.empty() || name == NULL || size <= 0) { - return SKIP; - } - return (matchName(host.c_str(), name, size) ? ALLOW : SKIP); -} - -Decision DefaultClientAccessManager::verify(const sockaddr_storage& sa, - const char* data, - int size) throw() { - bool match = false; - if (sa.ss_family == AF_INET && size == sizeof(in_addr)) { - match = (memcmp(&((sockaddr_in*)&sa)->sin_addr, data, size) == 0); - } else if (sa.ss_family == AF_INET6 && size == sizeof(in6_addr)) { - match = (memcmp(&((sockaddr_in6*)&sa)->sin6_addr, data, size) == 0); - } - return (match ? ALLOW : SKIP); -} - -/** - * Match a name with a pattern. The pattern may include wildcard. A single - * wildcard "*" can match up to one component in the domain name. - * - * @param host Host name, typically the name of the remote host - * @param pattern Name retrieved from certificate - * @param size Size of "pattern" - * @return True, if "host" matches "pattern". False otherwise. - */ -bool matchName(const char* host, const char* pattern, int size) { - bool match = false; - int i = 0, j = 0; - while (i < size && host[j] != '\0') { - if (uppercase(pattern[i]) == uppercase(host[j])) { - i++; - j++; - continue; - } - if (pattern[i] == '*') { - while (host[j] != '.' && host[j] != '\0') { - j++; - } - i++; - continue; - } - break; - } - if (i == size && host[j] == '\0') { - match = true; - } - return match; - -} - -// This is to work around the Turkish locale issue, i.e., -// toupper('i') != toupper('I') if locale is "tr_TR" -char uppercase (char c) { - if ('a' <= c && c <= 'z') { - return c + ('A' - 'a'); - } - return c; -} - -}}} http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/d55608f1/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.h ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.h b/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.h deleted file mode 100644 index 82a2e91..0000000 --- a/airavata-api/airavata-client-sdks/airavata-cpp-sdk/src/main/resources/lib/thrift/transport/TSSLSocket.h +++ /dev/null @@ -1,315 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -#ifndef _THRIFT_TRANSPORT_TSSLSOCKET_H_ -#define _THRIFT_TRANSPORT_TSSLSOCKET_H_ 1 - -#include <string> -#include <boost/shared_ptr.hpp> -#include <openssl/ssl.h> -#include <thrift/concurrency/Mutex.h> -#include <thrift/transport/TSocket.h> - -namespace apache { namespace thrift { namespace transport { - -class AccessManager; -class SSLContext; - -/** - * OpenSSL implementation for SSL socket interface. - */ -class TSSLSocket: public TSocket { - public: - ~TSSLSocket(); - /** - * TTransport interface. - */ - bool isOpen(); - bool peek(); - void open(); - void close(); - uint32_t read(uint8_t* buf, uint32_t len); - void write(const uint8_t* buf, uint32_t len); - void flush(); - /** - * Set whether to use client or server side SSL handshake protocol. - * - * @param flag Use server side handshake protocol if true. - */ - void server(bool flag) { server_ = flag; } - /** - * Determine whether the SSL socket is server or client mode. - */ - bool server() const { return server_; } - /** - * Set AccessManager. - * - * @param manager Instance of AccessManager - */ - virtual void access(boost::shared_ptr<AccessManager> manager) { - access_ = manager; - } -protected: - /** - * Constructor. - */ - TSSLSocket(boost::shared_ptr<SSLContext> ctx); - /** - * Constructor, create an instance of TSSLSocket given an existing socket. - * - * @param socket An existing socket - */ - TSSLSocket(boost::shared_ptr<SSLContext> ctx, int socket); - /** - * Constructor. - * - * @param host Remote host name - * @param port Remote port number - */ - TSSLSocket(boost::shared_ptr<SSLContext> ctx, - std::string host, - int port); - /** - * Authorize peer access after SSL handshake completes. - */ - virtual void authorize(); - /** - * Initiate SSL handshake if not already initiated. - */ - void checkHandshake(); - - bool server_; - SSL* ssl_; - boost::shared_ptr<SSLContext> ctx_; - boost::shared_ptr<AccessManager> access_; - friend class TSSLSocketFactory; -}; - -/** - * SSL socket factory. SSL sockets should be created via SSL factory. - */ -class TSSLSocketFactory { - public: - /** - * Constructor/Destructor - */ - TSSLSocketFactory(); - virtual ~TSSLSocketFactory(); - /** - * Create an instance of TSSLSocket with a fresh new socket. - */ - virtual boost::shared_ptr<TSSLSocket> createSocket(); - /** - * Create an instance of TSSLSocket with the given socket. - * - * @param socket An existing socket. - */ - virtual boost::shared_ptr<TSSLSocket> createSocket(int socket); - /** - * Create an instance of TSSLSocket. - * - * @param host Remote host to be connected to - * @param port Remote port to be connected to - */ - virtual boost::shared_ptr<TSSLSocket> createSocket(const std::string& host, - int port); - /** - * Set ciphers to be used in SSL handshake process. - * - * @param ciphers A list of ciphers - */ - virtual void ciphers(const std::string& enable); - /** - * Enable/Disable authentication. - * - * @param required Require peer to present valid certificate if true - */ - virtual void authenticate(bool required); - /** - * Load server certificate. - * - * @param path Path to the certificate file - * @param format Certificate file format - */ - virtual void loadCertificate(const char* path, const char* format = "PEM"); - /** - * Load private key. - * - * @param path Path to the private key file - * @param format Private key file format - */ - virtual void loadPrivateKey(const char* path, const char* format = "PEM"); - /** - * Load trusted certificates from specified file. - * - * @param path Path to trusted certificate file - */ - virtual void loadTrustedCertificates(const char* path); - /** - * Default randomize method. - */ - virtual void randomize(); - /** - * Override default OpenSSL password callback with getPassword(). - */ - void overrideDefaultPasswordCallback(); - /** - * Set/Unset server mode. - * - * @param flag Server mode if true - */ - virtual void server(bool flag) { server_ = flag; } - /** - * Determine whether the socket is in server or client mode. - * - * @return true, if server mode, or, false, if client mode - */ - virtual bool server() const { return server_; } - /** - * Set AccessManager. - * - * @param manager The AccessManager instance - */ - virtual void access(boost::shared_ptr<AccessManager> manager) { - access_ = manager; - } - protected: - boost::shared_ptr<SSLContext> ctx_; - - static void initializeOpenSSL(); - static void cleanupOpenSSL(); - /** - * Override this method for custom password callback. It may be called - * multiple times at any time during a session as necessary. - * - * @param password Pass collected password to OpenSSL - * @param size Maximum length of password including NULL character - */ - virtual void getPassword(std::string& /* password */, int /* size */) {} - private: - bool server_; - boost::shared_ptr<AccessManager> access_; - static bool initialized; - static concurrency::Mutex mutex_; - static uint64_t count_; - void setup(boost::shared_ptr<TSSLSocket> ssl); - static int passwordCallback(char* password, int size, int, void* data); -}; - -/** - * SSL exception. - */ -class TSSLException: public TTransportException { - public: - TSSLException(const std::string& message): - TTransportException(TTransportException::INTERNAL_ERROR, message) {} - - virtual const char* what() const throw() { - if (message_.empty()) { - return "TSSLException"; - } else { - return message_.c_str(); - } - } -}; - -/** - * Wrap OpenSSL SSL_CTX into a class. - */ -class SSLContext { - public: - SSLContext(); - virtual ~SSLContext(); - SSL* createSSL(); - SSL_CTX* get() { return ctx_; } - private: - SSL_CTX* ctx_; -}; - -/** - * Callback interface for access control. It's meant to verify the remote host. - * It's constructed when application starts and set to TSSLSocketFactory - * instance. It's passed onto all TSSLSocket instances created by this factory - * object. - */ -class AccessManager { - public: - enum Decision { - DENY = -1, // deny access - SKIP = 0, // cannot make decision, move on to next (if any) - ALLOW = 1 // allow access - }; - /** - * Destructor - */ - virtual ~AccessManager() {} - /** - * Determine whether the peer should be granted access or not. It's called - * once after the SSL handshake completes successfully, before peer certificate - * is examined. - * - * If a valid decision (ALLOW or DENY) is returned, the peer certificate is - * not to be verified. - * - * @param sa Peer IP address - * @return True if the peer is trusted, false otherwise - */ - virtual Decision verify(const sockaddr_storage& /* sa */ ) throw() { return DENY; } - /** - * Determine whether the peer should be granted access or not. It's called - * every time a DNS subjectAltName/common name is extracted from peer's - * certificate. - * - * @param host Client mode: host name returned by TSocket::getHost() - * Server mode: host name returned by TSocket::getPeerHost() - * @param name SubjectAltName or common name extracted from peer certificate - * @param size Length of name - * @return True if the peer is trusted, false otherwise - * - * Note: The "name" parameter may be UTF8 encoded. - */ - virtual Decision verify(const std::string& /* host */, const char* /* name */, int /* size */) - throw() { return DENY; } - /** - * Determine whether the peer should be granted access or not. It's called - * every time an IP subjectAltName is extracted from peer's certificate. - * - * @param sa Peer IP address retrieved from the underlying socket - * @param data IP address extracted from certificate - * @param size Length of the IP address - * @return True if the peer is trusted, false otherwise - */ - virtual Decision verify(const sockaddr_storage& /* sa */, const char* /* data */, int /* size */) - throw() { return DENY; } -}; - -typedef AccessManager::Decision Decision; - -class DefaultClientAccessManager: public AccessManager { - public: - // AccessManager interface - Decision verify(const sockaddr_storage& sa) throw(); - Decision verify(const std::string& host, const char* name, int size) throw(); - Decision verify(const sockaddr_storage& sa, const char* data, int size) throw(); -}; - - -}}} - -#endif
