Attachment #77886 for bug #202638

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

View | Details | Raw Unified | Return to bug 202638
Collapse All | Expand All

Lines 29-35 Link Here

(-)src-native-new/src/agentController/AgentController.make (-1 / +1 lines)
29	# (separated by blanks)	29	# (separated by blanks)
30	#-----------------------------------	30	#-----------------------------------
31		31
32	LIBS := tptpUtils tptpLogUtils tptpConfig processControlUtil xerces-c pthread ssl	32	LIBS := tptpUtils tptpLogUtils tptpConfig processControlUtil xerces-c pthread
33		33
34	#-----------------------------------	34	#-----------------------------------
35	# list of additional library directories to search from	35	# list of additional library directories to search from




  #include <sys/wait.h>
  #include <openssl/ssl.h> 
  #include <tptp/TPTPConfig.h>
  #include "SSLSupport.h"
#endif

#include "SocketListener.h"

#define DEFAULT_PORT_NUM  	10002
#define PROTO_VERSION	1

#define CONFIGURATION_HOME	"TPTP_AC_HOME"

#define CERTF "cert.pem"
#define KEYF  "key.pem"

/** thread status */
enum ThreadStatus { IDLE, RUNNING } ;



BOOL vrfusrpwd(tptp_string *userid, tptp_string *password);

static int sslinit = 1;
static char* certFile = NULL;
static char* keyFile = NULL;

/**
 *********************************************************
 *

	return ( rc ) ;
}

#ifndef _WIN32
int setSSL(request_block_ptr_t pBlk) {
  	SSL_METHOD *meth;
  	SSL_CTX* ctx;
  	SSL*     ssl;
  	int err;
  	
	if (sslinit) {  	
  		SSL_load_error_strings();
  		SSL_library_init();
  		sslinit = 0;
	}
  	
  	meth = SSLv23_server_method();

  	ctx = SSL_CTX_new (meth);
  	if (!ctx) {
		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: context error");
    	return -1;
    }

  	if (certFile == NULL) {
		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no certificate file found");
    	return -1;
  	}

  	if (SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM) <= 0) {
		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal certificate file %s", certFile);
    	return -1;
  	}

  	if (keyFile == NULL) {
		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no key file found");
    	return -1;
  	}

  	if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) {
		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal key file %s", keyFile);
    	return -1;
  	}

  	if (!SSL_CTX_check_private_key(ctx)) { 
		TPTP_LOG_DEBUG_MSG2(pBlk->pServerData, "SSL: Private key %s does not match the certificate public key %s",
			keyFile, certFile);
    	return -1;
  	}
    
  	ssl = SSL_new (ctx);
  	if (ssl < 0) {
		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL.new error");
  		return -1;
  	}
  	                          
  	SSL_set_fd (ssl, pBlk->clientSock);
  	err = SSL_accept (ssl);
	if (err < 0) {
		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: ssl_accept error %d", SSL_get_error(ssl, err));
		return -1;
	}  	

	pBlk->sslCtx = ctx;
	pBlk->ssl = ssl;
	pBlk->secured = TRUE;

	return 0;
}
#endif

/**
 *********************************************************
 *


int recvData (request_block_ptr_t pRdb, char *buffer, int length, int *bytesRead) {
	int result;
	
	if (pRdb->secured) {
		 result = sslRead(pRdb->ssl, buffer, length);
		 *bytesRead = result;
	}
	else {

		TPTP_LOG_DEBUG_MSG1(pParam, "Socket server is running at port number of %d.", pParam->port) ;
		serveRequest(serverSock, pParam) ;
	}

	return ( 0 );
}

int getACHome (char* buf, int len) {
	char* acHome;
	
	acHome = getenv(CONFIGURATION_HOME);
	if (acHome != NULL) {
		strncpy(buf, acHome, len);
		return 0;
	}
	
#ifdef _WIN32
	acHome = _getcwd(buf, 1024);
	if (acHome == NULL) return -1;

	strcat(buf, "\\..");
#else
	acHome = getcwd(buf, 1024);
	if (acHome == NULL) return -1;

	strcat(buf, "/..");
#endif
	
	return 0;
}

int initSSL() {
	char buf[1024];
	
	if (getACHome(buf, 1024) < 0) {
		certFile = (char*) malloc(strlen(CERTF) + 1);
		strcpy(certFile, CERTF);
		
		keyFile = (char*) malloc(strlen(KEYF) + 1);
		strcpy(keyFile, CERTF);
	}
	else {
#ifdef _WIN32
		strcat(buf, "\\security\\");
#else
		strcat(buf, "/security/");
#endif		

		certFile = (char*) malloc(strlen(buf) + strlen(CERTF) + 1);
		strcpy(certFile, buf);
		strcat(certFile, CERTF);

		keyFile = (char*) malloc(strlen(buf) + strlen(KEYF) + 1);
		strcpy(keyFile, buf);
		strcat(keyFile, KEYF);
	}
	
	return 0;	
}

/**
 *********************************************************
 *

 *    0 - Success
 *    nonzero - Error.
 *********************************************************/
tptp_int32 createSocketListener(tptp_object* cmo, transport_layer_data_t * pTransportData, tptp_object* tlo) {
	server_block_t* pServerData;
	SocketConfigInfo socketInfo;
	int       rc;
	initSSL();
	
	rc = initForSocketCalls();
	if (rc != 0) {
		if (pTransportData->logEventEntry) {
			pTransportData->logEventEntry(cmo, "Socket TL", pTransportData->transportID, __FILE__, __LINE__, TPTP_FATAL, "Unable to initialize socket library.");
		server_block_t* pServerData;
		SocketConfigInfo socketInfo;

		/* prepare the globally available server data block */
		pServerData = (server_block_ptr_t) malloc(sizeof(server_block_t)) ;
		pServerData->cmo = cmo;
		pServerData->threadStatus = 0 ;
		pServerData->agentControllerDataBlk = *pTransportData ;

		/* allocate connection table */
		pServerData->connectionTable = tableCreate();

		rc = getSocketConfigInfo(pTransportData->configurationData, &socketInfo);
		if (rc != -1) 
		{
			pServerData->port = socketInfo.portNumber;
			pServerData->securityEnabled = socketInfo.securityEnabled; 
		} 
		else 
		{
			pServerData->port = DEFAULT_PORT_NUM;
			pServerData->securityEnabled = 0;
		}
		
		return rc;
		tlo->objectID = SOCKET_LISTENER_OBJECT_ID;

		TPTP_LOG_DEBUG_MSG(pServerData, "createTransportListener (socket)") ;
	}
	
	/* prepare the globally available server data block */
	pServerData = (server_block_ptr_t) malloc(sizeof(server_block_t)) ;
	pServerData->cmo = cmo;
	pServerData->threadStatus = 0 ;
	pServerData->agentControllerDataBlk = *pTransportData ;

	/* allocate connection table */
	pServerData->connectionTable = tableCreate();

	rc = getSocketConfigInfo(pTransportData->configurationData, &socketInfo);
	if (rc != -1) {
		pServerData->port = socketInfo.portNumber;
#ifdef _WIN32
		pServerData->securityEnabled = 0; 
#else
		pServerData->securityEnabled = socketInfo.securityEnabled; 
#endif
	} 
	else {
		pServerData->port = DEFAULT_PORT_NUM;
		pServerData->securityEnabled = 0;
	}

	tlo->data = pServerData;
	tlo->objectID = SOCKET_LISTENER_OBJECT_ID;

	TPTP_LOG_DEBUG_MSG(pServerData, "createTransportListener (socket)") ;

	return 0;
}

/**

 *    0 - Success
 *    nonzero - Error.
 *********************************************************/
tptp_int32 startSocketListener(server_block_t* pServerData) {
{
	int       rc = 0 ;
	TID threadId;
	HANDLE threadHandle ;

	TPTP_LOG_DEBUG_MSG(pServerData, "startTransportListener (socket)") ;

#ifndef _WIN32
	if (pServerData->securityEnabled && initSSL(pServerData)) {
		return -1;
	}
#endif

	/* create new thread to listen for incoming connection requests */
	rc = tptpStartThread(doListening,
		(LPVOID) pServerData, &threadId, &threadHandle) ;

tptp_int32 closeConnection(request_block_ptr_t pBlock) {
	if (pBlock == NULL) return -1;

#ifndef _WIN32
	sslFree(pBlock);	
		SSL_free(pBlock->ssl);  
		pBlock->ssl = NULL; 
	}
	
	if (pBlock->sslCtx != NULL) { 
		SSL_CTX_free(pBlock->sslCtx);  
		pBlock->sslCtx = NULL; 
	}
#endif
	
  	pBlock->secured = FALSE;


tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) { 
	if (pBlock->secured) {
		return sslWrite(pBlock->ssl, buffer, length);
	}
	else {
		return writeToSocket(pBlock->clientSock, buffer, length);

Lines 44-50 Link Here

(-)src-native-new/src/transport/socketTL/SocketTL.make (-1 / +1 lines)
44	# list of additional libraries to be linked with	44	# list of additional libraries to be linked with
45	# (separated by blanks)	45	# (separated by blanks)
46	#-----------------------------------	46	#-----------------------------------
47	LIBS := dl tptpUtils transportSupport ssl	47	LIBS := dl tptpUtils transportSupport
48		48
49	#-----------------------------------	49	#-----------------------------------
50	# list of additional library directories to search from	50	# list of additional library directories to search from




#ifndef _SSLTypes_H
#define _SSLTypes_H

#define CONFIGURATION_HOME	"TPTP_AC_HOME"

#define CERTF "cert.pem"
#define KEYF  "key.pem"

#ifndef _WIN32
  #include <openssl/ssl.h> 
#endif

#ifdef _WIN32
	#define SSL_LIBRARY_NAME "ssl.dll"
#else
	#define SSL_LIBRARY_NAME "libssl.so"
#endif

/* Function names to be imported */
#define SSL_LOAD_ESTRINGS 	"SSL_load_error_strings"
#define SSL_LIBRARY_INIT 	"SSL_library_init"
#define SSLV23_SERVER_METHOD "SSLv23_server_method"
#define SSL_CTX_NEW "SSL_CTX_new"
#define SSL_CTX_CERT_FILE "SSL_CTX_use_certificate_file"
#define SSL_CTX_KEY_FILE "SSL_CTX_use_PrivateKey_file"
#define SSL_CTX_CHECK_KEY "SSL_CTX_check_private_key"
#define SSL_NEW "SSL_new"
#define SSL_SET_FD "SSL_set_fd"
#define SSL_ACCEPT "SSL_accept"
#define SSL_READ "SSL_read"
#define SSL_WRITE "SSL_write"
#define SSL_GET_ERROR "SSL_get_error"
#define SSL_FREE "SSL_free"
#define SSL_CTX_FREE "SSL_CTX_free"

/* SSL function types */
typedef void (*ssl_load_error_strings_t)(); 
typedef void (*ssl_library_init_t)();
typedef SSL_METHOD* (*sslv23_server_method_t)();
typedef SSL_CTX* (*ssl_CTX_new_t)();
typedef int (*ssl_CTX_use_certificate_file_t)();
typedef int (*ssl_CTX_use_PrivateKey_file_t)();
typedef int (*ssl_CTX_check_private_key_t)();
typedef SSL* (*ssl_new_t)();
typedef int (*ssl_set_fd_t)();
typedef int (*ssl_accept_t)();
typedef int (*ssl_read_t)();
typedef int (*ssl_write_t)();
typedef int (*ssl_get_error_t)();
typedef char* (*ssl_free_t)();
typedef char* (*ssl_CTX_free_t)();

#endif




#ifndef SSLSUPPORT_H
#define SSLSUPPORT_H

#ifndef _WIN32

#include "SocketListener.h"

extern int initSSL(server_block_t* pServerData);
extern int setSSL(request_block_ptr_t pBlk);
extern int sslRead(SSL* ssl, char* buffer, int length);
extern int sslWrite(SSL* ssl, char* buffer, int length);
extern void sslFree(request_block_ptr_t pBlock);

#endif
#endif




#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <dlfcn.h>

#include "SSLTypes.h"
#include "SSLSupport.h"
#include "SocketTLLog.h"

static char* certFile = NULL;
static char* keyFile = NULL;

/* Resolved SSL functions */
static sslv23_server_method_t sslv23_server_method; 
static ssl_CTX_new_t ssl_CTX_new;
static ssl_CTX_use_certificate_file_t ssl_CTX_use_certificate_file;
static ssl_CTX_use_PrivateKey_file_t ssl_CTX_use_PrivateKey_file;
static ssl_CTX_check_private_key_t ssl_CTX_check_private_key;
static ssl_new_t ssl_new;
static ssl_set_fd_t ssl_set_fd;
static ssl_accept_t ssl_accept;
static ssl_read_t ssl_read;
static ssl_write_t ssl_write;
static ssl_get_error_t ssl_get_error;
static ssl_free_t ssl_free;
static ssl_CTX_free_t ssl_CTX_free;

int getACHome (char* buf, int len) {
	char* acHome;
	
	acHome = getenv(CONFIGURATION_HOME);
	if (acHome != NULL) {
		strncpy(buf, acHome, len);
		return 0;
	}
	
#ifdef _WIN32
	acHome = _getcwd(buf, 1024);
	if (acHome == NULL) return -1;

	strcat(buf, "\\..");
#else
	acHome = getcwd(buf, 1024);
	if (acHome == NULL) return -1;

	strcat(buf, "/..");
#endif
	
	return 0;
}

int checkFile (char* fileName) {
	FILE *fp;
	
	fp = fopen(fileName, "r");
	if (fp == NULL) {
		return -1;
	} 
	
	fclose(fp);
	
	return 0;
}

int initKeys(server_block_ptr_t pServerData) {
	char buf[1024];
	
	if (getACHome(buf, 1024) < 0) {
		certFile = (char*) malloc(strlen(CERTF) + 1);
		strcpy(certFile, CERTF);
		
		keyFile = (char*) malloc(strlen(KEYF) + 1);
		strcpy(keyFile, CERTF);
	}
	else {
#ifdef _WIN32
		strcat(buf, "\\security\\");
#else
		strcat(buf, "/security/");
#endif		

		certFile = (char*) malloc(strlen(buf) + strlen(CERTF) + 1);
		strcpy(certFile, buf);
		strcat(certFile, CERTF);

		keyFile = (char*) malloc(strlen(buf) + strlen(KEYF) + 1);
		strcpy(keyFile, buf);
		strcat(keyFile, KEYF);
	}

	if (checkFile(certFile) < 0) {
		TPTP_LOG_ERROR_MSG1(pServerData, "SSL: certificate file %s not found", certFile);
		return -1;
	}

	if (checkFile(keyFile) < 0) {
		TPTP_LOG_ERROR_MSG1(pServerData, "SSL: key file %s not found", keyFile);
		return -1;
	}
		
	return 0;	
}

int initSSL(server_block_ptr_t pServerData) {
	DLL_REFERENCE sslLibrary;
	ssl_load_error_strings_t ssl_load_error_strings=NULL;
	ssl_library_init_t ssl_library_init=NULL;
	
	int rc;

	sslLibrary = LOAD_LIBRARY(SSL_LIBRARY_NAME);
	if (sslLibrary == NULL) {
		TPTP_LOG_ERROR_MSG(pServerData, "Unable to find ssl library") ;
		return -1;
	}

	if (initKeys(pServerData) < 0) {
		return -1;
	}

    ssl_load_error_strings = (ssl_load_error_strings_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_LOAD_ESTRINGS);
	ssl_library_init = (ssl_library_init_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_LIBRARY_INIT); 
	sslv23_server_method = (sslv23_server_method_t) RESOLVE_ENTRY_POINT(sslLibrary, SSLV23_SERVER_METHOD);
	ssl_CTX_new = (ssl_CTX_new_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_NEW);
	ssl_CTX_use_certificate_file = (ssl_CTX_use_certificate_file_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_CERT_FILE);
	ssl_CTX_use_PrivateKey_file = (ssl_CTX_use_PrivateKey_file_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_KEY_FILE);
	ssl_CTX_check_private_key = (ssl_CTX_check_private_key_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_CHECK_KEY);
	ssl_new = (ssl_new_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_NEW);
	ssl_set_fd = (ssl_set_fd_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_SET_FD);
	ssl_accept = (ssl_accept_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_ACCEPT);
	ssl_read = (ssl_read_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_READ);
	ssl_write = (ssl_write_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_WRITE);
	ssl_get_error = (ssl_get_error_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_GET_ERROR);
	ssl_free = (ssl_free_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_FREE);
	ssl_CTX_free = (ssl_CTX_free_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_FREE);

    /* Check to make sure we found everything */ 
    if (ssl_load_error_strings &&
    	ssl_library_init &&
    	sslv23_server_method &&
    	ssl_CTX_new &&
    	ssl_CTX_use_certificate_file &&
    	ssl_CTX_use_PrivateKey_file &&
    	ssl_CTX_check_private_key &&
    	ssl_new &&
    	ssl_set_fd &&
    	ssl_accept &&
    	ssl_read &&
    	ssl_write &&
    	ssl_get_error &&
    	ssl_free &&
    	ssl_CTX_free) {

		(*ssl_load_error_strings)();
		(*ssl_library_init)();
		
		rc = 0;		
    } 
	else {
		TPTP_LOG_ERROR_MSG(pServerData, "Unable to initialize ssl library");
		rc = -1;
	}
	
	return rc;
}

int setSSL(request_block_ptr_t pBlk) {
  	SSL_METHOD *meth;
  	SSL_CTX* ctx;
  	SSL*     ssl;
  	int err;

  	meth = (*sslv23_server_method)();

  	ctx = (*ssl_CTX_new)(meth);
  	if (!ctx) {
		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: context error");
    	return -1;
    }

  	if (certFile == NULL) {
		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no certificate file found");
    	return -1;
  	}

  	if ((*ssl_CTX_use_certificate_file)(ctx, certFile, SSL_FILETYPE_PEM) <= 0) {
		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal certificate file %s", certFile);
    	return -1;
  	}

  	if (keyFile == NULL) {
		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no key file found");
    	return -1;
  	}

  	if ((*ssl_CTX_use_PrivateKey_file)(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) {
		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal key file %s", keyFile);
    	return -1;
  	}

  	if (!(*ssl_CTX_check_private_key)(ctx)) { 
		TPTP_LOG_DEBUG_MSG2(pBlk->pServerData, "SSL: Private key %s does not match the certificate public key %s",
			keyFile, certFile);
    	return -1;
  	}
    
  	ssl = (*ssl_new)(ctx);
  	if (ssl < 0) {
		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL.new error");
  		return -1;
  	}
  	                          
  	(*ssl_set_fd)(ssl, pBlk->clientSock);
  	err = (*ssl_accept)(ssl);
	if (err < 0) {
		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: ssl_accept error %d", (*ssl_get_error)(ssl, err));
		return -1;
	}  	

	pBlk->sslCtx = ctx;
	pBlk->ssl = ssl;
	pBlk->secured = TRUE;

	return 0;
}

int sslRead(SSL* ssl, char* buffer, int length) {
	return (ssl_read == NULL) ? -1 : (*ssl_read)(ssl, buffer, length);
}

int sslWrite(SSL* ssl, char* buffer, int length) {
	return (ssl_write == NULL) ? -1 : (*ssl_write)(ssl, buffer, length);
}

void sslFree(request_block_ptr_t pBlock) {
	if (pBlock->ssl != NULL) { 
		(*ssl_free)(pBlock->ssl);  
		pBlock->ssl = NULL; 
	}
	
	if (pBlock->sslCtx != NULL) { 
		(*ssl_CTX_free)(pBlock->sslCtx);  
		pBlock->sslCtx = NULL; 
	}
}

Return to bug 202638

Lines 69-74 Link Here

(-)src-native-new/src/transport/socketTL/SocketListener.c (-188 / +51 lines)
69	#include <sys/wait.h>	69	#include <sys/wait.h>
70	#include <openssl/ssl.h>	70	#include <openssl/ssl.h>
71	#include <tptp/TPTPConfig.h>	71	#include <tptp/TPTPConfig.h>
		72	#include "SSLSupport.h"
72	#endif	73	#endif
73		74
74	#include "SocketListener.h"	75	#include "SocketListener.h"
Lines 83-93 Link Here
83	#define DEFAULT_PORT_NUM 10002	84	#define DEFAULT_PORT_NUM 10002
84	#define PROTO_VERSION 1	85	#define PROTO_VERSION 1
85		86
86	#define CONFIGURATION_HOME "TPTP_AC_HOME"
87
88	#define CERTF "cert.pem"
89	#define KEYF "key.pem"
90
91	/** thread status */	87	/** thread status */
92	enum ThreadStatus { IDLE, RUNNING } ;	88	enum ThreadStatus { IDLE, RUNNING } ;
93		89
Lines 119-128 Link Here
119		115
120	BOOL vrfusrpwd(tptp_string userid, tptp_string password);	116	BOOL vrfusrpwd(tptp_string userid, tptp_string password);
121		117
122	static int sslinit = 1;
123	static char* certFile = NULL;
124	static char* keyFile = NULL;
125
126	/**	118	/**
127	*********************************************************	119	*********************************************************
128	*	120	*
Lines 179-252 Link Here
179	return ( rc ) ;	171	return ( rc ) ;
180	}	172	}
181		173
182	#ifndef _WIN32
183	int setSSL(request_block_ptr_t pBlk) {
184	SSL_METHOD *meth;
185	SSL_CTX* ctx;
186	SSL* ssl;
187	int err;
188
189	if (sslinit) {
190	SSL_load_error_strings();
191	SSL_library_init();
192	sslinit = 0;
193	}
194
195	meth = SSLv23_server_method();
196
197	ctx = SSL_CTX_new (meth);
198	if (!ctx) {
199	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: context error");
200	return -1;
201	}
202
203	if (certFile == NULL) {
204	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no certificate file found");
205	return -1;
206	}
207
208	if (SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM) <= 0) {
209	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal certificate file %s", certFile);
210	return -1;
211	}
212
213	if (keyFile == NULL) {
214	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no key file found");
215	return -1;
216	}
217
218	if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) {
219	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal key file %s", keyFile);
220	return -1;
221	}
222
223	if (!SSL_CTX_check_private_key(ctx)) {
224	TPTP_LOG_DEBUG_MSG2(pBlk->pServerData, "SSL: Private key %s does not match the certificate public key %s",
225	keyFile, certFile);
226	return -1;
227	}
228
229	ssl = SSL_new (ctx);
230	if (ssl < 0) {
231	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL.new error");
232	return -1;
233	}
234
235	SSL_set_fd (ssl, pBlk->clientSock);
236	err = SSL_accept (ssl);
237	if (err < 0) {
238	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: ssl_accept error %d", SSL_get_error(ssl, err));
239	return -1;
240	}
241
242	pBlk->sslCtx = ctx;
243	pBlk->ssl = ssl;
244	pBlk->secured = TRUE;
245
246	return 0;
247	}
248	#endif
249
250	/**	174	/**
251	*********************************************************	175	*********************************************************
252	*	176	*
Lines 694-701 Link Here
694		618
695	int recvData (request_block_ptr_t pRdb, char buffer, int length, int bytesRead) {	619	int recvData (request_block_ptr_t pRdb, char buffer, int length, int bytesRead) {
696	int result;	620	int result;
		621
697	if (pRdb->secured) {	622	if (pRdb->secured) {
698	result = SSL_read (pRdb->ssl, buffer, length);	623	result = sslRead(pRdb->ssl, buffer, length);
699	*bytesRead = result;	624	*bytesRead = result;
700	}	625	}
701	else {	626	else {
Lines 908-970 Link Here
908	TPTP_LOG_DEBUG_MSG1(pParam, "Socket server is running at port number of %d.", pParam->port) ;	833	TPTP_LOG_DEBUG_MSG1(pParam, "Socket server is running at port number of %d.", pParam->port) ;
909	serveRequest(serverSock, pParam) ;	834	serveRequest(serverSock, pParam) ;
910	}	835	}
911
912	return ( 0 );	836	return ( 0 );
913	}	837	}
914		838
915	int getACHome (char* buf, int len) {
916	char* acHome;
917
918	acHome = getenv(CONFIGURATION_HOME);
919	if (acHome != NULL) {
920	strncpy(buf, acHome, len);
921	return 0;
922	}
923
924	#ifdef _WIN32
925	acHome = _getcwd(buf, 1024);
926	if (acHome == NULL) return -1;
927
928	strcat(buf, "\\..");
929	#else
930	acHome = getcwd(buf, 1024);
931	if (acHome == NULL) return -1;
932
933	strcat(buf, "/..");
934	#endif
935
936	return 0;
937	}
938
939	int initSSL() {
940	char buf[1024];
941
942	if (getACHome(buf, 1024) < 0) {
943	certFile = (char*) malloc(strlen(CERTF) + 1);
944	strcpy(certFile, CERTF);
945
946	keyFile = (char*) malloc(strlen(KEYF) + 1);
947	strcpy(keyFile, CERTF);
948	}
949	else {
950	#ifdef _WIN32
951	strcat(buf, "\\security\\");
952	#else
953	strcat(buf, "/security/");
954	#endif
955
956	certFile = (char*) malloc(strlen(buf) + strlen(CERTF) + 1);
957	strcpy(certFile, buf);
958	strcat(certFile, CERTF);
959
960	keyFile = (char*) malloc(strlen(buf) + strlen(KEYF) + 1);
961	strcpy(keyFile, buf);
962	strcat(keyFile, KEYF);
963	}
964
965	return 0;
966	}
967
968	/**	839	/**
969	*********************************************************	840	*********************************************************
970	*	841	*
Lines 975-1028 Link Here
975	* 0 - Success	846	* 0 - Success
976	* nonzero - Error.	847	* nonzero - Error.
977	*********************************************************/	848	*********************************************************/
978	tptp_int32 createSocketListener(tptp_object* cmo, transport_layer_data_t * pTransportData, tptp_object* tlo)	849	tptp_int32 createSocketListener(tptp_object* cmo, transport_layer_data_t * pTransportData, tptp_object* tlo) {
979	{	850	server_block_t* pServerData;
980	int rc = 0 ;	851	SocketConfigInfo socketInfo;
981		852	int rc;
982	initSSL();
983		853
984	rc = initForSocketCalls() ;	854	rc = initForSocketCalls();
985		855	if (rc != 0) {
986	if (rc == 0)	856	if (pTransportData->logEventEntry) {
987	{	857	pTransportData->logEventEntry(cmo, "Socket TL", pTransportData->transportID, __FILE__, __LINE__, TPTP_FATAL, "Unable to initialize socket library.");
988	server_block_t* pServerData;
989	SocketConfigInfo socketInfo;
990
991	/* prepare the globally available server data block */
992	pServerData = (server_block_ptr_t) malloc(sizeof(server_block_t)) ;
993	pServerData->cmo = cmo;
994	pServerData->threadStatus = 0 ;
995	pServerData->agentControllerDataBlk = *pTransportData ;
996
997	/* allocate connection table */
998	pServerData->connectionTable = tableCreate();
999
1000	rc = getSocketConfigInfo(pTransportData->configurationData, &socketInfo);
1001	if (rc != -1)
1002	{
1003	pServerData->port = socketInfo.portNumber;
1004	pServerData->securityEnabled = socketInfo.securityEnabled;
1005	}
1006	else
1007	{
1008	pServerData->port = DEFAULT_PORT_NUM;
1009	pServerData->securityEnabled = 0;
1010	}	858	}
1011		859
1012	tlo->data = pServerData;	860	return rc;
1013	tlo->objectID = SOCKET_LISTENER_OBJECT_ID;
1014
1015	TPTP_LOG_DEBUG_MSG(pServerData, "createTransportListener (socket)") ;
1016	}	861	}
1017	else	862
1018	{	863	/* prepare the globally available server data block */
1019	if ( pTransportData->logEventEntry )	864	pServerData = (server_block_ptr_t) malloc(sizeof(server_block_t)) ;
1020	{	865	pServerData->cmo = cmo;
1021	pTransportData->logEventEntry( cmo, "Socket TL", pTransportData->transportID, __FILE__, __LINE__, TPTP_FATAL, "Unable to initialize socket library." );	866	pServerData->threadStatus = 0 ;
1022	}	867	pServerData->agentControllerDataBlk = *pTransportData ;
		868
		869	/* allocate connection table */
		870	pServerData->connectionTable = tableCreate();
		871
		872	rc = getSocketConfigInfo(pTransportData->configurationData, &socketInfo);
		873	if (rc != -1) {
		874	pServerData->port = socketInfo.portNumber;
		875	#ifdef _WIN32
		876	pServerData->securityEnabled = 0;
		877	#else
		878	pServerData->securityEnabled = socketInfo.securityEnabled;
		879	#endif
		880	}
		881	else {
		882	pServerData->port = DEFAULT_PORT_NUM;
		883	pServerData->securityEnabled = 0;
1023	}	884	}
1024		885
1025	return ( rc ) ;	886	tlo->data = pServerData;
		887	tlo->objectID = SOCKET_LISTENER_OBJECT_ID;
		888
		889	TPTP_LOG_DEBUG_MSG(pServerData, "createTransportListener (socket)") ;
		890
		891	return 0;
1026	}	892	}
1027		893
1028	/**	894	/**
Lines 1090-1103 Link Here
1090	* 0 - Success	956	* 0 - Success
1091	* nonzero - Error.	957	* nonzero - Error.
1092	*********************************************************/	958	*********************************************************/
1093	tptp_int32 startSocketListener(server_block_t* pServerData)	959	tptp_int32 startSocketListener(server_block_t* pServerData) {
1094	{
1095	int rc = 0 ;	960	int rc = 0 ;
1096	TID threadId;	961	TID threadId;
1097	HANDLE threadHandle ;	962	HANDLE threadHandle ;
1098		963
1099	TPTP_LOG_DEBUG_MSG(pServerData, "startTransportListener (socket)") ;	964	TPTP_LOG_DEBUG_MSG(pServerData, "startTransportListener (socket)") ;
1100		965
		966	#ifndef _WIN32
		967	if (pServerData->securityEnabled && initSSL(pServerData)) {
		968	return -1;
		969	}
		970	#endif
		971
1101	/* create new thread to listen for incoming connection requests */	972	/* create new thread to listen for incoming connection requests */
1102	rc = tptpStartThread(doListening,	973	rc = tptpStartThread(doListening,
1103	(LPVOID) pServerData, &threadId, &threadHandle) ;	974	(LPVOID) pServerData, &threadId, &threadHandle) ;
Lines 1108-1123 Link Here
1108	tptp_int32 closeConnection(request_block_ptr_t pBlock) {	979	tptp_int32 closeConnection(request_block_ptr_t pBlock) {
1109	if (pBlock == NULL) return -1;	980	if (pBlock == NULL) return -1;
1110		981
1111	#ifndef _WIN32	982	#ifndef _WIN32
1112	if (pBlock->ssl != NULL) {	983	sslFree(pBlock);
1113	SSL_free(pBlock->ssl);
1114	pBlock->ssl = NULL;
1115	}
1116
1117	if (pBlock->sslCtx != NULL) {
1118	SSL_CTX_free(pBlock->sslCtx);
1119	pBlock->sslCtx = NULL;
1120	}
1121	#endif	984	#endif
1122		985
1123	pBlock->secured = FALSE;	986	pBlock->secured = FALSE;
Lines 1173-1179 Link Here
1173		1036
1174	tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) {	1037	tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) {
1175	if (pBlock->secured) {	1038	if (pBlock->secured) {
1176	return SSL_write(pBlock->ssl, buffer, length);	1039	return sslWrite(pBlock->ssl, buffer, length);
1177	}	1040	}
1178	else {	1041	else {
1179	return writeToSocket(pBlock->clientSock, buffer, length);	1042	return writeToSocket(pBlock->clientSock, buffer, length);

Added Link Here

(-)src-native-new/src/transport/socketTL/SSLTypes.h (+53 lines)
1	#ifndef _SSLTypes_H
2	#define _SSLTypes_H
3
4	#define CONFIGURATION_HOME "TPTP_AC_HOME"
5
6	#define CERTF "cert.pem"
7	#define KEYF "key.pem"
8
9	#ifndef _WIN32
10	#include <openssl/ssl.h>
11	#endif
12
13	#ifdef _WIN32
14	#define SSL_LIBRARY_NAME "ssl.dll"
15	#else
16	#define SSL_LIBRARY_NAME "libssl.so"
17	#endif
18
19	/* Function names to be imported */
20	#define SSL_LOAD_ESTRINGS "SSL_load_error_strings"
21	#define SSL_LIBRARY_INIT "SSL_library_init"
22	#define SSLV23_SERVER_METHOD "SSLv23_server_method"
23	#define SSL_CTX_NEW "SSL_CTX_new"
24	#define SSL_CTX_CERT_FILE "SSL_CTX_use_certificate_file"
25	#define SSL_CTX_KEY_FILE "SSL_CTX_use_PrivateKey_file"
26	#define SSL_CTX_CHECK_KEY "SSL_CTX_check_private_key"
27	#define SSL_NEW "SSL_new"
28	#define SSL_SET_FD "SSL_set_fd"
29	#define SSL_ACCEPT "SSL_accept"
30	#define SSL_READ "SSL_read"
31	#define SSL_WRITE "SSL_write"
32	#define SSL_GET_ERROR "SSL_get_error"
33	#define SSL_FREE "SSL_free"
34	#define SSL_CTX_FREE "SSL_CTX_free"
35
36	/* SSL function types */
37	typedef void (*ssl_load_error_strings_t)();
38	typedef void (*ssl_library_init_t)();
39	typedef SSL_METHOD* (*sslv23_server_method_t)();
40	typedef SSL_CTX* (*ssl_CTX_new_t)();
41	typedef int (*ssl_CTX_use_certificate_file_t)();
42	typedef int (*ssl_CTX_use_PrivateKey_file_t)();
43	typedef int (*ssl_CTX_check_private_key_t)();
44	typedef SSL* (*ssl_new_t)();
45	typedef int (*ssl_set_fd_t)();
46	typedef int (*ssl_accept_t)();
47	typedef int (*ssl_read_t)();
48	typedef int (*ssl_write_t)();
49	typedef int (*ssl_get_error_t)();
50	typedef char* (*ssl_free_t)();
51	typedef char* (*ssl_CTX_free_t)();
52
53	#endif

Added Link Here

(-)src-native-new/src/transport/socketTL/SSLSupport.h (+15 lines)
1	#ifndef SSLSUPPORT_H
2	#define SSLSUPPORT_H
3
4	#ifndef _WIN32
5
6	#include "SocketListener.h"
7
8	extern int initSSL(server_block_t* pServerData);
9	extern int setSSL(request_block_ptr_t pBlk);
10	extern int sslRead(SSL* ssl, char* buffer, int length);
11	extern int sslWrite(SSL* ssl, char* buffer, int length);
12	extern void sslFree(request_block_ptr_t pBlock);
13
14	#endif
15	#endif

Added Link Here

(-)src-native-new/src/transport/socketTL/SSLSupport.c (+246 lines)
1	#include <stdio.h>
2	#include <stdlib.h>
3	#include <string.h>
4	#include <unistd.h>
5	#include <dlfcn.h>
6
7	#include "SSLTypes.h"
8	#include "SSLSupport.h"
9	#include "SocketTLLog.h"
10
11	static char* certFile = NULL;
12	static char* keyFile = NULL;
13
14	/* Resolved SSL functions */
15	static sslv23_server_method_t sslv23_server_method;
16	static ssl_CTX_new_t ssl_CTX_new;
17	static ssl_CTX_use_certificate_file_t ssl_CTX_use_certificate_file;
18	static ssl_CTX_use_PrivateKey_file_t ssl_CTX_use_PrivateKey_file;
19	static ssl_CTX_check_private_key_t ssl_CTX_check_private_key;
20	static ssl_new_t ssl_new;
21	static ssl_set_fd_t ssl_set_fd;
22	static ssl_accept_t ssl_accept;
23	static ssl_read_t ssl_read;
24	static ssl_write_t ssl_write;
25	static ssl_get_error_t ssl_get_error;
26	static ssl_free_t ssl_free;
27	static ssl_CTX_free_t ssl_CTX_free;
28
29	int getACHome (char* buf, int len) {
30	char* acHome;
31
32	acHome = getenv(CONFIGURATION_HOME);
33	if (acHome != NULL) {
34	strncpy(buf, acHome, len);
35	return 0;
36	}
37
38	#ifdef _WIN32
39	acHome = _getcwd(buf, 1024);
40	if (acHome == NULL) return -1;
41
42	strcat(buf, "\\..");
43	#else
44	acHome = getcwd(buf, 1024);
45	if (acHome == NULL) return -1;
46
47	strcat(buf, "/..");
48	#endif
49
50	return 0;
51	}
52
53	int checkFile (char* fileName) {
54	FILE *fp;
55
56	fp = fopen(fileName, "r");
57	if (fp == NULL) {
58	return -1;
59	}
60
61	fclose(fp);
62
63	return 0;
64	}
65
66	int initKeys(server_block_ptr_t pServerData) {
67	char buf[1024];
68
69	if (getACHome(buf, 1024) < 0) {
70	certFile = (char*) malloc(strlen(CERTF) + 1);
71	strcpy(certFile, CERTF);
72
73	keyFile = (char*) malloc(strlen(KEYF) + 1);
74	strcpy(keyFile, CERTF);
75	}
76	else {
77	#ifdef _WIN32
78	strcat(buf, "\\security\\");
79	#else
80	strcat(buf, "/security/");
81	#endif
82
83	certFile = (char*) malloc(strlen(buf) + strlen(CERTF) + 1);
84	strcpy(certFile, buf);
85	strcat(certFile, CERTF);
86
87	keyFile = (char*) malloc(strlen(buf) + strlen(KEYF) + 1);
88	strcpy(keyFile, buf);
89	strcat(keyFile, KEYF);
90	}
91
92	if (checkFile(certFile) < 0) {
93	TPTP_LOG_ERROR_MSG1(pServerData, "SSL: certificate file %s not found", certFile);
94	return -1;
95	}
96
97	if (checkFile(keyFile) < 0) {
98	TPTP_LOG_ERROR_MSG1(pServerData, "SSL: key file %s not found", keyFile);
99	return -1;
100	}
101
102	return 0;
103	}
104
105	int initSSL(server_block_ptr_t pServerData) {
106	DLL_REFERENCE sslLibrary;
107	ssl_load_error_strings_t ssl_load_error_strings=NULL;
108	ssl_library_init_t ssl_library_init=NULL;
109
110	int rc;
111
112	sslLibrary = LOAD_LIBRARY(SSL_LIBRARY_NAME);
113	if (sslLibrary == NULL) {
114	TPTP_LOG_ERROR_MSG(pServerData, "Unable to find ssl library") ;
115	return -1;
116	}
117
118	if (initKeys(pServerData) < 0) {
119	return -1;
120	}
121
122	ssl_load_error_strings = (ssl_load_error_strings_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_LOAD_ESTRINGS);
123	ssl_library_init = (ssl_library_init_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_LIBRARY_INIT);
124	sslv23_server_method = (sslv23_server_method_t) RESOLVE_ENTRY_POINT(sslLibrary, SSLV23_SERVER_METHOD);
125	ssl_CTX_new = (ssl_CTX_new_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_NEW);
126	ssl_CTX_use_certificate_file = (ssl_CTX_use_certificate_file_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_CERT_FILE);
127	ssl_CTX_use_PrivateKey_file = (ssl_CTX_use_PrivateKey_file_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_KEY_FILE);
128	ssl_CTX_check_private_key = (ssl_CTX_check_private_key_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_CHECK_KEY);
129	ssl_new = (ssl_new_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_NEW);
130	ssl_set_fd = (ssl_set_fd_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_SET_FD);
131	ssl_accept = (ssl_accept_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_ACCEPT);
132	ssl_read = (ssl_read_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_READ);
133	ssl_write = (ssl_write_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_WRITE);
134	ssl_get_error = (ssl_get_error_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_GET_ERROR);
135	ssl_free = (ssl_free_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_FREE);
136	ssl_CTX_free = (ssl_CTX_free_t) RESOLVE_ENTRY_POINT(sslLibrary, SSL_CTX_FREE);
137
138	/* Check to make sure we found everything */
139	if (ssl_load_error_strings &&
140	ssl_library_init &&
141	sslv23_server_method &&
142	ssl_CTX_new &&
143	ssl_CTX_use_certificate_file &&
144	ssl_CTX_use_PrivateKey_file &&
145	ssl_CTX_check_private_key &&
146	ssl_new &&
147	ssl_set_fd &&
148	ssl_accept &&
149	ssl_read &&
150	ssl_write &&
151	ssl_get_error &&
152	ssl_free &&
153	ssl_CTX_free) {
154
155	(*ssl_load_error_strings)();
156	(*ssl_library_init)();
157
158	rc = 0;
159	}
160	else {
161	TPTP_LOG_ERROR_MSG(pServerData, "Unable to initialize ssl library");
162	rc = -1;
163	}
164
165	return rc;
166	}
167
168	int setSSL(request_block_ptr_t pBlk) {
169	SSL_METHOD *meth;
170	SSL_CTX* ctx;
171	SSL* ssl;
172	int err;
173
174	meth = (*sslv23_server_method)();
175
176	ctx = (*ssl_CTX_new)(meth);
177	if (!ctx) {
178	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: context error");
179	return -1;
180	}
181
182	if (certFile == NULL) {
183	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no certificate file found");
184	return -1;
185	}
186
187	if ((*ssl_CTX_use_certificate_file)(ctx, certFile, SSL_FILETYPE_PEM) <= 0) {
188	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal certificate file %s", certFile);
189	return -1;
190	}
191
192	if (keyFile == NULL) {
193	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no key file found");
194	return -1;
195	}
196
197	if ((*ssl_CTX_use_PrivateKey_file)(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) {
198	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal key file %s", keyFile);
199	return -1;
200	}
201
202	if (!(*ssl_CTX_check_private_key)(ctx)) {
203	TPTP_LOG_DEBUG_MSG2(pBlk->pServerData, "SSL: Private key %s does not match the certificate public key %s",
204	keyFile, certFile);
205	return -1;
206	}
207
208	ssl = (*ssl_new)(ctx);
209	if (ssl < 0) {
210	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL.new error");
211	return -1;
212	}
213
214	(*ssl_set_fd)(ssl, pBlk->clientSock);
215	err = (*ssl_accept)(ssl);
216	if (err < 0) {
217	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: ssl_accept error %d", (*ssl_get_error)(ssl, err));
218	return -1;
219	}
220
221	pBlk->sslCtx = ctx;
222	pBlk->ssl = ssl;
223	pBlk->secured = TRUE;
224
225	return 0;
226	}
227
228	int sslRead(SSL* ssl, char* buffer, int length) {
229	return (ssl_read == NULL) ? -1 : (*ssl_read)(ssl, buffer, length);
230	}
231
232	int sslWrite(SSL* ssl, char* buffer, int length) {
233	return (ssl_write == NULL) ? -1 : (*ssl_write)(ssl, buffer, length);
234	}
235
236	void sslFree(request_block_ptr_t pBlock) {
237	if (pBlock->ssl != NULL) {
238	(*ssl_free)(pBlock->ssl);
239	pBlock->ssl = NULL;
240	}
241
242	if (pBlock->sslCtx != NULL) {
243	(*ssl_CTX_free)(pBlock->sslCtx);
244	pBlock->sslCtx = NULL;
245	}
246	}