search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Document return values
[ACE_TAO.git] / ACE / ace / SSL / SSL_Asynch_Stream.h
blobdb86bf1f9f816c3aa083d42577a3317476361a77
1 // -*- C++ -*-
2
3 //=============================================================================
4 /**
5 * @file SSL_Asynch_Stream.h
6 *
7 * @author Alexander Libman <alibman@baltimore.com>
8 */
9 //=============================================================================
10
11 #ifndef ACE_SSL_ASYNCH_STREAM_H
12 #define ACE_SSL_ASYNCH_STREAM_H
13
14 #include /**/ "ace/pre.h"
15 #include "SSL_Context.h"
16
17 #if !defined (ACE_LACKS_PRAGMA_ONCE)
18 #pragma once
19 #endif /* ACE_LACKS_PRAGMA_ONCE */
20
21 #if OPENSSL_VERSION_NUMBER > 0x0090581fL && (defined (ACE_WIN32) || (defined (ACE_HAS_AIO_CALLS)))
22
23 #include "SSL_Asynch_BIO.h"
24
25 #include "ace/Asynch_IO_Impl.h"
26 #include "ace/Message_Block.h"
27 #include "ace/Synch_Traits.h"
28 #include "ace/Thread_Mutex.h"
29
30 /*
31 * This facility doesn't follow the normal ACE asynch I/O support classes'
32 * interface/implementation arrangement. It's not needed because rather than
33 * branching off to platform-specific APIs, all platforms use the OpenSSL
34 * API. Thus, you can think of this class as the implementation class (for
35 * OpenSSL) and there's no separate interface class.
36 * Also, since both read and write operations are defined in one I/O
37 * factory, there's no single Result class defined as there is for
38 * ACE_Asynch_Read_Stream, et al. There are separate result classes defined
39 * for read and write operations.
40 */
41
42 #if defined (ACE_WIN32)
43 # include "ace/WIN32_Asynch_IO.h"
44 typedef ACE_WIN32_Asynch_Result A_RESULT;
45 typedef ACE_WIN32_Asynch_Read_Stream_Result ARS_RESULT;
46 typedef ACE_WIN32_Asynch_Write_Stream_Result AWS_RESULT;
47
48 # define ERR_CANCELED ERROR_OPERATION_ABORTED
49
50 #else
51 # include "ace/POSIX_Asynch_IO.h"
52 typedef ACE_POSIX_Asynch_Result A_RESULT;
53 typedef ACE_POSIX_Asynch_Read_Stream_Result ARS_RESULT;
54 typedef ACE_POSIX_Asynch_Write_Stream_Result AWS_RESULT;
55
56 # define ERR_CANCELED ECANCELED
57
58 #endif /* ACE_WIN32 */
59
60
61 ACE_BEGIN_VERSIONED_NAMESPACE_DECL
62
63 class ACE_SSL_Asynch_Stream; // Forward decl for use in result class def.
64
65 /**
66 * @class ACE_SSL_Asynch_Read_Stream_Result
67 *
68 * Result class that communicates result of read operations initiated on
69 * an ACE_SSL_Asynch_Stream object.
70 */
71 class ACE_SSL_Asynch_Read_Stream_Result : public ARS_RESULT
72 {
73 /// Factory class will have special permissions.
74 friend class ACE_SSL_Asynch_Stream;
75
76 protected:
77 ACE_SSL_Asynch_Read_Stream_Result (ACE_Handler &handler,
78 ACE_HANDLE handle,
79 ACE_Message_Block &message_block,
80 size_t bytes_to_read,
81 const void* act,
82 ACE_HANDLE event,
83 int priority,
84 int signal_number);
85 };
86
87 /**
88 * @class ACE_SSL_Asynch_Write_Stream_Result
89 *
90 * Result class that communicates result of write operations initiated on
91 * an ACE_SSL_Asynch_Stream object.
92 */
93 class ACE_SSL_Asynch_Write_Stream_Result : public AWS_RESULT
94 {
95 /// Factory class will have special permissions.
96 friend class ACE_SSL_Asynch_Stream;
97
98 protected:
99 ACE_SSL_Asynch_Write_Stream_Result (ACE_Handler &handler,
100 ACE_HANDLE handle,
101 ACE_Message_Block &message_block,
102 size_t bytes_to_read,
103 const void* act,
104 ACE_HANDLE event,
105 int priority,
106 int signal_number);
107 };
108
109
110 /**
111 * @class ACE_SSL_Asynch_Result
112 *
113 * Result class that is used internally for socket close notifications.
114 */
115 class ACE_SSL_Asynch_Result : public A_RESULT
116 {
117 public:
118 ACE_SSL_Asynch_Result (ACE_Handler &handler);
119
120 void complete (size_t bytes_transferred,
121 int success,
122 const void * completion_key,
123 u_long error);
124 };
125
126
127 // Only provide forward declarations to prevent possible abuse of the
128 // friend declarations in ACE_SSL_Asynch_Stream.
129 struct ACE_SSL_Asynch_Stream_Accessor;
130
131 /**
132 * @class ACE_SSL_Asynch_Stream
133 *
134 * @brief This class is a factory for initiating asynchronous reads
135 * and writes on an SSL stream.
136 *
137 * Once open() is called, multiple asynchronous read and write operations
138 * can be started using this class. The handler object (derived from
139 * ACE_Handler) specified in open() will receive completion events for the
140 * operations initiated via this class.
141 */
142 class ACE_SSL_Export ACE_SSL_Asynch_Stream
143 : public ACE_Asynch_Operation,
144 public ACE_Handler
145 {
146 public:
147 // Use a class/struct to work around scoping
148 // problems for extern "C" free functions with some compilers. For
149 // example, some can't handle
150 //
151 // friend ::some_extern_c_free_function (...)
152 //
153 // Note that we could use a straight C++ (i.e. not extern "C") free
154 // function, but using a class or struct allows us to hide the
155 // interface from the user, which prevents abuse of this friend
156 // relationship.
157 friend struct ACE_SSL_Asynch_Stream_Accessor;
158
159 enum Stream_Type
160 {
161 ST_CLIENT = 0x0001,
162 ST_SERVER = 0x0002
163 };
164
165 /// Constructor.
166 /**
167 * @arg context Pointer to an ACE_SSL_Context instance containing
168 * the OpenSSL information to be associated with this
169 * ACE_SSL_Asynch_Stream. The needed SSL data will be
170 * copied before return. Therefore, this object can be
171 * reused, modified, or deleted upon return. If a 0 pointer
172 * is passed, the ACE_SSL_Context::instance() method will
173 * be called to get access to a singleton.
174 */
175 ACE_SSL_Asynch_Stream (Stream_Type s_type = ST_SERVER,
176 ACE_SSL_Context * context = 0);
177
178 /// Destructor
179 virtual ~ACE_SSL_Asynch_Stream ();
180
181 int cancel ();
182
183 int close ();
184
185 /// Return a pointer to the underlying SSL structure.
186 SSL *ssl () const;
187
188 /**
189 * Initializes the factory with information which will be used with
190 * each asynchronous call.
191 *
192 * @arg handler The ACE_Handler that will be called to handle completions
193 * for operations initiated using this factory.
194 * @arg handle The handle that future read/write operations will use.
195 *
196 * @retval 0 for success.
197 * @retval -1 for failure; consult @c errno for further information.
198 */
199 int open (ACE_Handler &handler,
200 ACE_HANDLE handle = ACE_INVALID_HANDLE,
201 const void *completion_key = 0,
202 ACE_Proactor *proactor = 0);
203
204 /**
205 * Initiates an asynchronous read. If the operation is successfully
206 * initiated, the handle_read_stream() method will be called on the
207 * ACE_Handler object passed to open() when the operation completes.
208 * Data is read into the specified ACE_Message_Block beginning at its
209 * write pointer; the block's write pointer is updated to reflect any
210 * added data when the operation completes.
211 *
212 * @arg message_block The specified ACE_Message_Block will receive any
213 * data that is read. Data will be read into the
214 * block beginning at the block's write pointer.
215 * @arg num_bytes_to_read The maximum number of bytes to read. The actual
216 * amount read may be less.
217 * @arg act ACT which is passed to the completion handler in
218 * the result object.
219 * @arg priority Specifies the operation priority. This has an
220 * affect on POSIX only. Works like @i nice in Unix.
221 * Negative values are not allowed. 0 means priority
222 * of the operation same as the process priority.
223 * 1 means priority of the operation is one less than
224 * process, and so forth. This parameter has no
225 * affect on Win32.
226 * @arg signal_number The POSIX4 real-time signal number to be used
227 * for the operation. signal_number ranges from
228 * ACE_SIGRTMIN to ACE_SIGRTMAX. This argument is
229 * unused on non-POSIX4 systems.
230 *
231 * @retval 0 for success.
232 * @retval -1 for failure; consult @c errno for further information.
233 */
234 int read (ACE_Message_Block &message_block,
235 size_t num_bytes_to_read,
236 const void *act = 0,
237 int priority = 0,
238 int signal_number = ACE_SIGRTMIN);
239
240 /**
241 * Initiates an asynchronous write. If the operation is successfully
242 * initiated, the handle_write_stream() method will be called on the
243 * ACE_Handler object passed to open() when the operation completes.
244 * Data is taken from the specified ACE_Message_Block beginning at its
245 * read pointer; the block's read pointer is updated to reflect any
246 * data successfully sent when the operation completes.
247 *
248 * @arg message_block The specified ACE_Message_Block is the source of
249 * data that is written. Data will be taken from the
250 * block beginning at the block's read pointer.
251 * @arg bytes_to_write The maximum number of bytes to write. The actual
252 * amount written may be less.
253 * @arg act ACT which is passed to the completion handler in
254 * the result object.
255 * @arg priority Specifies the operation priority. This has an
256 * affect on POSIX only. Works like @i nice in Unix.
257 * Negative values are not allowed. 0 means priority
258 * of the operation same as the process priority.
259 * 1 means priority of the operation is one less than
260 * process, and so forth. This parameter has no
261 * affect on Win32.
262 * @arg signal_number The POSIX4 real-time signal number to be used
263 * for the operation. signal_number ranges from
264 * ACE_SIGRTMIN to ACE_SIGRTMAX. This argument is
265 * unused on non-POSIX4 systems.
266 *
267 * @retval 0 for success.
268 * @retval -1 for failure; consult @c errno for further information.
269 */
270 int write (ACE_Message_Block &message_block,
271 size_t bytes_to_write,
272 const void *act = 0,
273 int priority = 0,
274 int signal_number = ACE_SIGRTMIN);
275
276 protected:
277 /// Virtual from ACE_Asynch_Operation. Since this class is essentially an
278 /// implementation class, simply return 0.
279 virtual ACE_Asynch_Operation_Impl *implementation () const { return 0; }
280
281 /// virtual from ACE_Handler
282
283 /// This method is called when BIO write request is completed. It
284 /// processes the IO completion and calls do_SSL_state_machine().
285 virtual void handle_write_stream
286 (const ACE_Asynch_Write_Stream::Result &result);
287
288 /// This method is called when BIO read request is completed. It
289 /// processes the IO completion and calls do_SSL_state_machine().
290 virtual void handle_read_stream
291 (const ACE_Asynch_Read_Stream::Result &result);
292
293 /// This method is called when all SSL sessions are closed and no
294 /// more pending AIOs exist. It also calls users handle_wakeup().
295 virtual void handle_wakeup ();
296
297 /**
298 * This method will be called after a successful SSL handshake indicating
299 * that the peer's certificate chain (if any) has been verified and the key
300 * exchange has completed. When a peer certificate is required, this
301 * method must be used to perform additional checks beyond the verification
302 * performed by OpenSSL.
303 *
304 * Check 1:
305 *
306 * SSL clients that require a peer certificate must specify SSL_VERIFY_PEER
307 * via ACE_SSL_Context::default_verify_mode. If the peer sends an invalid
308 * certificate, the SSL handshake will fail; however, if the peer does not
309 * send a certificate, the SSL handshake will complete successfully which
310 * may not be acceptable. In this case, you must override this method in a
311 * subclass and return false if the call to SSL_get_peer_certificate returns
312 * null.
313 *
314 * Check 2:
315 *
316 * An additional post handshake check that you should perform is to verify
317 * the certificate's FQDN against the host address you intended to connect
318 * to. This check will prevent an attacker from using a certificate signed
319 * by your CA to usurp your session. For further info on this check, see
320 * the post_connection_check method in Example 5-8 of 'Network Security with
321 * OpenSSL' by Viega, et. al.
322 *
323 * Return:
324 *
325 * false - Terminate the connection. Outstanding IO complete with ERR_CANCELED.
326 *
327 * true - Proceed with connection. The default implementation returns true.
328 */
329 virtual bool post_handshake_check ();
330
331 /**
332 * @name SSL State Machine
333 */
334 //@{
335 int do_SSL_state_machine ();
336 int do_SSL_handshake ();
337 int do_SSL_read ();
338 int do_SSL_write();
339 int do_SSL_shutdown();
340 //@}
341
342 void print_error (int err_ssl,
343 const ACE_TCHAR *pText);
344
345 int pending_BIO_count ();
346
347 /// This method is called to notify user handler when user's read in
348 /// done.
349 int notify_read (int bytes_transferred, int error);
350
351 /// This method is called to notify user handler when user's write
352 /// in done.
353 int notify_write (int bytes_transferred, int error);
354
355 /// This method is called to notify ourself that SSL session is
356 /// shutdown and that there is no more I/O activity now and in the
357 /// future.
358 int notify_close();
359
360 /**
361 * @name BIO Helpers
362 */
363 //@{
364 int ssl_bio_read (char * buf, size_t len, int & errval);
365 int ssl_bio_write (const char * buf, size_t len, int & errval);
366 //@}
367
368 private:
369 ACE_SSL_Asynch_Stream (ACE_SSL_Asynch_Stream const &) = delete;
370 ACE_SSL_Asynch_Stream & operator= (ACE_SSL_Asynch_Stream const &) = delete;
371
372 protected:
373 /// Stream Type ST_CLIENT/ST_SERVER
374 Stream_Type type_;
375
376 /// The proactor
377 ACE_Proactor * proactor_;
378
379 /// External,i.e user handler
380 ACE_Handler * ext_handler_;
381
382 /// External, i.e. read result faked for user
383 ACE_SSL_Asynch_Read_Stream_Result * ext_read_result_ ;
384
385 /// External, i.e. write result faked for user
386 ACE_SSL_Asynch_Write_Stream_Result * ext_write_result_ ;
387
388 /// Stream state/flags
389 enum Stream_Flag
390 {
391 /// istream_ open OK
392 SF_STREAM_OPEN = 0x0001,
393 /// request to SSL shutdown
394 SF_REQ_SHUTDOWN = 0x0002,
395 /// SSL shutdown finished
396 SF_SHUTDOWN_DONE = 0x0004,
397 /// Close notification sent
398 SF_CLOSE_NTF_SENT = 0x0008,
399 /// Stream can be safely destroyed
400 SF_DELETE_ENABLE = 0x0010
401 };
402
403 int flags_;
404
405 /// The SSL session.
406 SSL * ssl_;
407
408 /// Flag ensures that post_connection_check() is called at most one time.
409 bool handshake_complete_;
410
411 /// The BIO implementation
412 BIO * bio_;
413
414 /// The real streams which work under the ssl connection.
415 /// BIO performs I/O via this streams
416 enum BIO_Flag // internal IO flags
417 {
418 /// End of stream
419 BF_EOS = 0x01,
420 /// Real AIO in progress
421 BF_AIO = 0x02
422 };
423
424 /**
425 * @name Internal stream, buffer and info for BIO read
426 */
427 //@{
428 ACE_Asynch_Read_Stream bio_istream_;
429 ACE_Message_Block bio_inp_msg_;
430 int bio_inp_errno_;
431 int bio_inp_flag_;
432 //@}
433
434 /**
435 * @name Internal stream, buffer and info for BIO write
436 */
437 //@{
438 ACE_Asynch_Write_Stream bio_ostream_;
439 ACE_Message_Block bio_out_msg_;
440 int bio_out_errno_;
441 int bio_out_flag_;
442 //@}
443
444 /// Mutex to protect work
445 ACE_SYNCH_MUTEX mutex_;
446 };
447
448 ACE_END_VERSIONED_NAMESPACE_DECL
449
450 #if defined(__ACE_INLINE__)
451 #include "SSL_Asynch_Stream.inl"
452 #endif /* __ACE_INLINE__ */
453
454 #endif /* OPENSSL_VERSION_NUMBER > 0x0090581fL && (ACE_WIN32 ||
455 ACE_HAS_AIO_CALLS) */
456
457 #include /**/ "ace/post.h"
458
459 #endif /* ACE_SSL_ASYNCH_STREAM_H */