diff options
Diffstat (limited to 'cpp/src/IceSSL/SslTransceiver.h')
| -rw-r--r-- | cpp/src/IceSSL/SslTransceiver.h | 169 |
1 files changed, 26 insertions, 143 deletions
diff --git a/cpp/src/IceSSL/SslTransceiver.h b/cpp/src/IceSSL/SslTransceiver.h index 8d875451235..6e1e35d167f 100644 --- a/cpp/src/IceSSL/SslTransceiver.h +++ b/cpp/src/IceSSL/SslTransceiver.h @@ -11,15 +11,16 @@ #define ICE_SSL_TRANSCEIVER_H #include <IceUtil/Mutex.h> -#include <IceUtil/StaticMutex.h> #include <Ice/LoggerF.h> #include <Ice/StatsF.h> -#include <Ice/Transceiver.h> -#include <Ice/Buffer.h> #include <IceSSL/SslTransceiverF.h> #include <IceSSL/OpenSSLPluginIF.h> #include <IceSSL/TraceLevelsF.h> #include <IceSSL/CertificateVerifierF.h> + +#include <IceUtil/StaticMutex.h> +#include <Ice/Transceiver.h> +#include <Ice/Buffer.h> #include <IceSSL/CertificateVerifierOpenSSL.h> #include <openssl/ssl.h> @@ -28,102 +29,15 @@ namespace IceSSL { -class SafeFlag -{ -public: - - SafeFlag(bool flagVal = false) - { - _flag = flagVal; - } - - ~SafeFlag() - { - } - - bool checkAndSet() - { - IceUtil::Mutex::Lock sync(_mutex); - - if(_flag) - { - return false; - } - else - { - _flag = true; - return true; - } - } - - bool check() - { - IceUtil::Mutex::Lock sync(_mutex); - return _flag; - } - - void set() - { - IceUtil::Mutex::Lock sync(_mutex); - _flag = true; - } - - void unset() - { - IceUtil::Mutex::Lock sync(_mutex); - _flag = false; - } - -private: - - IceUtil::Mutex _mutex; - bool _flag; -}; - -class HandshakeSentinel -{ -public: - - HandshakeSentinel(SafeFlag& handshakeFlag) : - _flag(handshakeFlag) - { - _ownHandshake = _flag.checkAndSet(); - } - - ~HandshakeSentinel() - { - if(_ownHandshake) - { - _flag.unset(); - } - } - - bool ownHandshake() - { - return _ownHandshake; - } - -private: - - bool _ownHandshake; - SafeFlag& _flag; -}; - -// NOTE: This is a mapping from SSL* to SslTransceiver*, for use with the verifyCallback. -// I have purposely not used SslTransceiverPtr here, as connections register themselves -// with this map on construction and unregister themselves in the destructor. If -// this map used SslTransceiverPtr, SslTransceiver instances would never destruct as there -// would always be a reference to them from the map. +// NOTE: This is a mapping from SSL* to SslTransceiver*, for use with +// the verifyCallback. I have purposely not used SslTransceiverPtr +// here, as connections register themselves with this map on +// construction and unregister themselves in the destructor. If this +// map used SslTransceiverPtr, SslTransceiver instances would never +// destruct as there would always be a reference to them from the map. class SslTransceiver; typedef std::map<SSL*, SslTransceiver*> SslTransceiverMap; -typedef enum -{ - Handshake, // The connection is negotiating a connection with the peer. - Shutdown, // The connection is in the process of shutting down. - Connected // The connection is connected - communication may continue. -} ConnectPhase; - class SslTransceiver : public IceInternal::Transceiver { public: @@ -132,38 +46,24 @@ public: virtual void close(); virtual void shutdownWrite(); virtual void shutdownReadWrite(); - virtual void write(IceInternal::Buffer&, int) = 0; + virtual void write(IceInternal::Buffer&, int); virtual void read(IceInternal::Buffer&, int); virtual std::string type() const; virtual std::string toString() const; + virtual void initialize(int timeout); - void forceHandshake(); - virtual int handshake(int timeout = 0) = 0; static SslTransceiverPtr getTransceiver(SSL*); // Callback from OpenSSL for purposes of certificate verification int verifyCertificate(int, X509_STORE_CTX*); -protected: - - int internalShutdownWrite(int timeout); - - int connect(); - int accept(); - int renegotiate(); - int initialize(int timeout); - - int pending(); - int getLastError() const; - - int sslRead(unsigned char*, int); - int sslWrite(unsigned char*, int); +private: - int select(int, bool); - int readSelect(int); - int writeSelect(int); + void internalShutdownWrite(int timeout); - int readSSL(IceInternal::Buffer&, int); + void select(int, bool); + void readSelect(int); + void writeSelect(int); static void addTransceiver(SSL*, SslTransceiver*); static void removeTransceiver(SSL*); @@ -176,40 +76,23 @@ protected: void showHandshakeStats(BIO*); void showClientCAList(BIO*, const char*); - void setLastError(int errorCode) { _lastError = errorCode; } - - virtual void showConnectionInfo() = 0; - static SslTransceiverMap _transceiverMap; static IceUtil::StaticMutex _transceiverRepositoryMutex; - // Pointer to the OpenSSL Connection structure. - SSL* _sslConnection; - - int _lastError; - - IceUtil::Mutex _handshakeWaitMutex; - - SafeFlag _handshakeFlag; - int _initWantRead; - int _initWantWrite; - int _readTimeout; - - ConnectPhase _phase; - - SslTransceiver(const OpenSSLPluginIPtr&, SOCKET, const IceSSL::CertificateVerifierPtr&, SSL*, int); + SslTransceiver(ContextType, const OpenSSLPluginIPtr&, SOCKET, const IceSSL::CertificateVerifierPtr&, SSL*, int); virtual ~SslTransceiver(); + friend class ClientContext; + friend class ServerContext; + // Pointer to the OpenSSL Connection structure. + const ContextType _contextType; const OpenSSLPluginIPtr _plugin; - const TraceLevelsPtr _traceLevels; + SOCKET _fd; + const IceSSL::CertificateVerifierPtr _certificateVerifier; + /*const*/ SSL* _sslConnection; const Ice::LoggerPtr _logger; + const TraceLevelsPtr _traceLevels; const Ice::StatsPtr _stats; - - SOCKET _fd; - fd_set _rFdSet; - fd_set _wFdSet; - - IceSSL::CertificateVerifierPtr _certificateVerifier; }; } |