static herror_t
_hssl_server_context_init(void)
{
log_verbose3("enabled=%i, certificate=%p", enabled, certificate);
if (!enabled || !certificate)
return H_OK;
if (!(context = SSL_CTX_new(SSLv23_method())))
{
log_error1("Cannot create SSL context");
return herror_new("_hssl_server_context_init", HSSL_ERROR_CONTEXT,
"Unable to create SSL context");
}
if (!(SSL_CTX_use_certificate_file(context, certificate, SSL_FILETYPE_PEM)))
{
log_error2("Cannot read certificate file: \"%s\"", certificate);
SSL_CTX_free(context);
return herror_new("_hssl_server_context_init", HSSL_ERROR_CERTIFICATE,
"Unable to use SSL certificate \"%s\"", certificate);
}
SSL_CTX_set_default_passwd_cb(context, _hssl_password_callback);
if (!(SSL_CTX_use_PrivateKey_file(context, certificate, SSL_FILETYPE_PEM)))
{
log_error2("Cannot read key file: \"%s\"", certificate);
SSL_CTX_free(context);
return herror_new("_hssl_server_context_init", HSSL_ERROR_PEM,
"Unable to use private key");
}
if (ca_list != NULL && *ca_list != '\0')
{
if (!(SSL_CTX_load_verify_locations(context, ca_list, NULL)))
{
SSL_CTX_free(context);
log_error2("Cannot read CA list: \"%s\"", ca_list);
return herror_new("_hssl_server_context_init", HSSL_ERROR_CA_LIST,
"Unable to read certification authorities \"%s\"");
}
SSL_CTX_set_client_CA_list(context, SSL_load_client_CA_file(ca_list));
log_verbose1("Certification authority contacted");
}
SSL_CTX_set_verify(context, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
_hssl_cert_verify_callback);
log_verbose1("Certificate verification callback registered");
SSL_CTX_set_mode(context, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF);
_hssl_superseed();
return H_OK;
}
void
hpairnode_dump_deep(hpair_t * pair)
{
hpair_t *p;
p = pair;
log_verbose1("-- BEGIN dump hpairnode_t --");
while (p != NULL)
{
hpairnode_dump(p);
p = p->next;
}
log_verbose1("-- END dump hpairnode_t --\n");
}
herror_t
hssl_module_init(int argc, char **argv)
{
_hssl_parse_arguments(argc, argv);
if (enabled)
{
_hssl_library_init();
log_verbose1("SSL enabled");
}
else
{
log_verbose1("SSL _not_ enabled");
}
return _hssl_server_context_init();
}
herror_t
hssl_client_ssl(hsocket_t * sock)
{
SSL *ssl;
int ret;
log_verbose1("Starting SSL client initialization");
if (!(ssl = SSL_new(context)))
{
log_error1("Cannot create new SSL object");
return herror_new("hssl_client_ssl", HSSL_ERROR_CLIENT, "SSL_new failed");
}
SSL_set_fd(ssl, sock->sock);
if ((ret = SSL_connect(ssl)) <= 0)
{
herror_t err;
log_error2("SSL connect error (%s)", _hssl_get_error(ssl, -1));
err =
herror_new("hssl_client_ssl", HSSL_ERROR_CONNECT,
"SSL_connect failed (%s)", _hssl_get_error(ssl, ret));
SSL_free(ssl);
return err;
}
/* SSL_connect should take care of this for us. if
(SSL_get_peer_certificate(ssl) == NULL) { log_error1("No certificate
provided"); SSL_free(ssl); return herror_new("hssl_client_ssl",
HSSL_ERROR_CERTIFICATE, "No certificate provided"); }
if (SSL_get_verify_result(ssl) != X509_V_OK) { log_error1("Certificate
did not verify"); SSL_free(ssl); return herror_new("hssl_client_ssl",
HSSL_ERROR_CERTIFICATE, "Verfiy certificate failed"); } */
log_verbose1("SSL client initialization completed");
sock->ssl = ssl;
return H_OK;
}
void
hpairnode_dump(hpair_t * pair)
{
if (pair == NULL)
{
log_verbose1("(NULL)[]");
return;
}
log_verbose5("(%p)['%s','%s','%p']", pair,
SAVE_STR(pair->key), SAVE_STR(pair->value), pair->next);
}
static int
_hssl_dummy_verify_cert(X509 * cert)
{
/* TODO: Make sure that the client is providing a client cert, or that the
Module is providing the Module cert */
/* connect to anyone */
log_verbose1("Validating certificate.");
return 1;
}
xmlNodePtr
soap_env_get_method(SoapEnv * env)
{
xmlNodePtr body;
if (!(body = soap_env_get_body(env)))
{
log_verbose1("SoapEnv contains no Body");
return NULL;
}
/* method is the first child */
return soap_xml_get_children(body);
}
/**
Send boundary and part header and continue
with next part
*/
herror_t
httpc_mime_send_file(httpc_conn_t * conn,
const char *content_id,
const char *content_type,
const char *transfer_encoding, const char *filename)
{
herror_t status;
FILE *fd = fopen(filename, "rb");
byte_t buffer[MAX_FILE_BUFFER_SIZE];
size_t size;
if (fd == NULL)
return herror_new("httpc_mime_send_file", FILE_ERROR_OPEN,
"Can not open file '%s'", filename);
status = httpc_mime_next(conn, content_id, content_type, transfer_encoding);
if (status != H_OK)
{
fclose(fd);
return status;
}
while (!feof(fd))
{
size = fread(buffer, 1, MAX_FILE_BUFFER_SIZE, fd);
if (size == -1)
{
fclose(fd);
return herror_new("httpc_mime_send_file", FILE_ERROR_READ,
"Can not read from file '%s'", filename);
}
if (size > 0)
{
/* DEBUG: fwrite(buffer, 1, size, stdout); */
status = http_output_stream_write(conn->out, buffer, size);
if (status != H_OK)
{
fclose(fd);
return status;
}
}
}
fclose(fd);
log_verbose1("file sent!");
return H_OK;
}
static void
_hssl_library_init(void)
{
static int initialized = 0;
if (!initialized)
{
log_verbose1("Initializing library");
SSL_library_init();
SSL_load_error_strings();
ERR_load_crypto_strings();
OpenSSL_add_ssl_algorithms();
initialized = 1;
}
return;
}
static int
_hssl_cert_verify_callback(int prev_ok, X509_STORE_CTX * ctx)
{
/*
if ((X509_STORE_CTX_get_error(ctx) = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN))
{
log_verbose1("Self signed cert in chain");
return 1;
}
*/
log_verbose2("Cert depth = %d", X509_STORE_CTX_get_error_depth(ctx));
if (X509_STORE_CTX_get_error_depth(ctx) == 0)
{
return _hssl_verify_cert(X509_STORE_CTX_get_current_cert(ctx));
}
else
{
log_verbose1("Cert ok (prev)");
return prev_ok;
}
}
char *
soap_env_find_urn(SoapEnv * env)
{
xmlNsPtr ns;
xmlNodePtr body, node;
if (!(body = soap_env_get_body(env)))
{
log_verbose1("body is NULL");
return 0;
}
/* node is the first child */
if (!(node = soap_xml_get_children(body)))
{
log_error1("No namespace found");
return 0;
}
/* if (node->ns && node->ns->prefix) MRC 1/25/2006 */
if (node->ns)
{
ns = xmlSearchNs(body->doc, node, node->ns->prefix);
if (ns != NULL)
{
return((char *) ns->href); /* namespace found! */
}
}
else
{
static char *empty = "";
log_warn1("No namespace found");
return(empty);
}
return 0;
}
/*--------------------------------------------------
FUNCTION: httpc_talk_to_server
DESC: This function is the heart of the httpc
module. It will send the request and process the
response.
Here the parameters:
method:
the request method. This can be HTTP_REQUEST_POST and
HTTP_REQUEST_GET.
conn:
the connection object (created with httpc_new())
urlstr:
the complete url in string format.
http://<host>:<port>/<context>
where <port> is not mendatory.
start_cb:
a callback function, which will be called when
the response header is completely arrives.
cb:
a callback function, which will be called everytime
when data arrives.
content_size:
size of content to send.
(only if method is HTTP_REQUEST_POST)
content:
the content data to send.
(only if method is HTTP_REQUEST_POST)
userdata:
a user define data, which will be passed to the
start_cb and cb callbacks as a parameter. This
can also be NULL.
If success, this function will return 0.
>0 otherwise.
----------------------------------------------------*/
static herror_t
httpc_talk_to_server(hreq_method_t method, httpc_conn_t * conn,
const char *urlstr)
{
hurl_t url;
char buffer[4096];
herror_t status;
int ssl;
if (conn == NULL)
{
return herror_new("httpc_talk_to_server",
GENERAL_INVALID_PARAM, "httpc_conn_t param is NULL");
}
/* Build request header */
httpc_header_set_date(conn);
if ((status = hurl_parse(&url, urlstr)) != H_OK)
{
log_error2("Can not parse URL '%s'", SAVE_STR(urlstr));
return status;
}
/* TODO (#1#): Check for HTTP protocol in URL */
/* Set hostname */
httpc_set_header(conn, HEADER_HOST, url.host);
ssl = url.protocol == PROTOCOL_HTTPS ? 1 : 0;
/* Open connection */
if ((status = hsocket_open(&conn->sock, url.host, url.port, ssl)) != H_OK)
return status;
switch(method)
{
case HTTP_REQUEST_GET:
sprintf(buffer, "GET %s HTTP/%s\r\n",
(url.context[0] != '\0') ? url.context : ("/"),
(conn->version == HTTP_1_0) ? "1.0" : "1.1");
break;
case HTTP_REQUEST_POST:
sprintf(buffer, "POST %s HTTP/%s\r\n",
(url.context[0] != '\0') ? url.context : ("/"),
(conn->version == HTTP_1_0) ? "1.0" : "1.1");
break;
default:
log_error1("Unknown method type!");
return herror_new("httpc_talk_to_server",
GENERAL_INVALID_PARAM,
"hreq_method_t must be HTTP_REQUEST_GET or HTTP_REQUEST_POST");
}
log_verbose1("Sending request...");
if ((status = hsocket_send(&(conn->sock), buffer)) != H_OK)
{
log_error2("Cannot send request (%s)", herror_message(status));
hsocket_close(&(conn->sock));
return status;
}
log_verbose1("Sending header...");
if ((status = httpc_send_header(conn)) != H_OK)
{
log_error2("Cannot send header (%s)", herror_message(status));
hsocket_close(&(conn->sock));
return status;
}
return H_OK;
}
