WebSocket++ 0.8.2
C++ websocket client/server library
Loading...
Searching...
No Matches
tls.hpp
1/*
2 * Copyright (c) 2015, Peter Thorson. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 * * Redistributions of source code must retain the above copyright
7 * notice, this list of conditions and the following disclaimer.
8 * * Redistributions in binary form must reproduce the above copyright
9 * notice, this list of conditions and the following disclaimer in the
10 * documentation and/or other materials provided with the distribution.
11 * * Neither the name of the WebSocket++ Project nor the
12 * names of its contributors may be used to endorse or promote products
13 * derived from this software without specific prior written permission.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL PETER THORSON BE LIABLE FOR ANY
19 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
21 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
22 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
24 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 */
27
28#ifndef WEBSOCKETPP_TRANSPORT_SECURITY_TLS_HPP
29#define WEBSOCKETPP_TRANSPORT_SECURITY_TLS_HPP
30
31#include <websocketpp/transport/asio/security/base.hpp>
32
33#include <websocketpp/uri.hpp>
34
35#include <websocketpp/common/asio_ssl.hpp>
36#include <websocketpp/common/asio.hpp>
37#include <websocketpp/common/connection_hdl.hpp>
38#include <websocketpp/common/functional.hpp>
39#include <websocketpp/common/memory.hpp>
40
41#include <sstream>
42#include <string>
43
44namespace websocketpp {
45namespace transport {
46namespace asio {
47/// A socket policy for the asio transport that implements a TLS encrypted
48/// socket by wrapping with an asio::ssl::stream
49namespace tls_socket {
50
51/// The signature of the socket_init_handler for this socket policy
52typedef lib::function<void(connection_hdl,lib::asio::ssl::stream<
53 lib::asio::ip::tcp::socket>&)> socket_init_handler;
54/// The signature of the tls_init_handler for this socket policy
55typedef lib::function<lib::shared_ptr<lib::asio::ssl::context>(connection_hdl)>
57
58/// TLS enabled Asio connection socket component
59/**
60 * transport::asio::tls_socket::connection implements a secure connection socket
61 * component that uses Asio's ssl::stream to wrap an ip::tcp::socket.
62 */
64public:
65 /// Type of this connection socket component
66 typedef connection type;
67 /// Type of a shared pointer to this connection socket component
68 typedef lib::shared_ptr<type> ptr;
69
70 /// Type of the ASIO socket being used
71 typedef lib::asio::ssl::stream<lib::asio::ip::tcp::socket> socket_type;
72 /// Type of a shared pointer to the ASIO socket being used
73 typedef lib::shared_ptr<socket_type> socket_ptr;
74 /// Type of a pointer to the ASIO io_service being used
75 typedef lib::asio::io_service * io_service_ptr;
76 /// Type of a pointer to the ASIO io_service strand being used
77 typedef lib::shared_ptr<lib::asio::io_service::strand> strand_ptr;
78 /// Type of a shared pointer to the ASIO TLS context being used
79 typedef lib::shared_ptr<lib::asio::ssl::context> context_ptr;
80
81 explicit connection() {
82 //std::cout << "transport::asio::tls_socket::connection constructor"
83 // << std::endl;
84 }
85
86 /// Get a shared pointer to this component
87 ptr get_shared() {
88 return shared_from_this();
89 }
90
91 /// Check whether or not this connection is secure
92 /**
93 * @return Whether or not this connection is secure
94 */
95 bool is_secure() const {
96 return true;
97 }
98
99 /// Retrieve a pointer to the underlying socket
100 /**
101 * This is used internally. It can also be used to set socket options, etc
102 */
104 return m_socket->lowest_layer();
105 }
106
107 /// Retrieve a pointer to the layer below the ssl stream
108 /**
109 * This is used internally.
110 */
112 return m_socket->next_layer();
113 }
114
115 /// Retrieve a pointer to the wrapped socket
116 /**
117 * This is used internally.
118 */
120 return *m_socket;
121 }
122
123 /// Set the socket initialization handler
124 /**
125 * The socket initialization handler is called after the socket object is
126 * created but before it is used. This gives the application a chance to
127 * set any ASIO socket options it needs.
128 *
129 * @param h The new socket_init_handler
130 */
132 m_socket_init_handler = h;
133 }
134
135 /// Set TLS init handler
136 /**
137 * The tls init handler is called when needed to request a TLS context for
138 * the library to use. A TLS init handler must be set and it must return a
139 * valid TLS context in order for this endpoint to be able to initialize
140 * TLS connections
141 *
142 * @param h The new tls_init_handler
143 */
145 m_tls_init_handler = h;
146 }
147
148 /// Get the remote endpoint address
149 /**
150 * The iostream transport has no information about the ultimate remote
151 * endpoint. It will return the string "iostream transport". To indicate
152 * this.
153 *
154 * TODO: allow user settable remote endpoint addresses if this seems useful
155 *
156 * @return A string identifying the address of the remote endpoint
157 */
158 std::string get_remote_endpoint(lib::error_code & ec) const {
159 std::stringstream s;
160
161 lib::asio::error_code aec;
162 lib::asio::ip::tcp::endpoint ep = m_socket->lowest_layer().remote_endpoint(aec);
163
164 if (aec) {
165 ec = error::make_error_code(error::pass_through);
166 s << "Error getting remote endpoint: " << aec
167 << " (" << aec.message() << ")";
168 return s.str();
169 } else {
170 ec = lib::error_code();
171 s << ep;
172 return s.str();
173 }
174 }
175protected:
176 /// Perform one time initializations
177 /**
178 * init_asio is called once immediately after construction to initialize
179 * Asio components to the io_service
180 *
181 * @param service A pointer to the endpoint's io_service
182 * @param strand A pointer to the connection's strand
183 * @param is_server Whether or not the endpoint is a server or not.
184 */
185 lib::error_code init_asio (io_service_ptr service, strand_ptr strand,
186 bool is_server)
187 {
188 if (!m_tls_init_handler) {
189 return socket::make_error_code(socket::error::missing_tls_init_handler);
190 }
191 m_context = m_tls_init_handler(m_hdl);
192
193 if (!m_context) {
194 return socket::make_error_code(socket::error::invalid_tls_context);
195 }
196 m_socket.reset(new socket_type(*service, *m_context));
197
198 if (m_socket_init_handler) {
199 m_socket_init_handler(m_hdl, get_socket());
200 }
201
202 m_io_service = service;
203 m_strand = strand;
204 m_is_server = is_server;
205
206 return lib::error_code();
207 }
208
209 /// Set hostname hook
210 /**
211 * Called by the transport as a connection is being established to provide
212 * the hostname being connected to to the security/socket layer.
213 *
214 * This socket policy uses the hostname to set the appropriate TLS SNI
215 * header.
216 *
217 * @since 0.6.0
218 *
219 * @param u The uri to set
220 */
221 void set_uri(uri_ptr u) {
222 m_uri = u;
223 }
224
225 /// Pre-initialize security policy
226 /**
227 * Called by the transport after a new connection is created to initialize
228 * the socket component of the connection. This method is not allowed to
229 * write any bytes to the wire. This initialization happens before any
230 * proxies or other intermediate wrappers are negotiated.
231 *
232 * @param callback Handler to call back with completion information
233 */
234 void pre_init(init_handler callback) {
235 // TODO: is this the best way to check whether this function is
236 // available in the version of OpenSSL being used?
237 // TODO: consider case where host is an IP address
238#if OPENSSL_VERSION_NUMBER >= 0x90812f
239 if (!m_is_server) {
240 // For clients on systems with a suitable OpenSSL version, set the
241 // TLS SNI hostname header so connecting to TLS servers using SNI
242 // will work.
243 long res = SSL_set_tlsext_host_name(
244 get_socket().native_handle(), m_uri->get_host().c_str());
245 if (!(1 == res)) {
246 callback(socket::make_error_code(socket::error::tls_failed_sni_hostname));
247 }
248 }
249#endif
250
251 callback(lib::error_code());
252 }
253
254 /// Post-initialize security policy
255 /**
256 * Called by the transport after all intermediate proxies have been
257 * negotiated. This gives the security policy the chance to talk with the
258 * real remote endpoint for a bit before the websocket handshake.
259 *
260 * @param callback Handler to call back with completion information
261 */
262 void post_init(init_handler callback) {
263 m_ec = socket::make_error_code(socket::error::tls_handshake_timeout);
264
265 // TLS handshake
266 if (m_strand) {
267 m_socket->async_handshake(
268 get_handshake_type(),
269 m_strand->wrap(lib::bind(
270 &type::handle_init, get_shared(),
271 callback,
272 lib::placeholders::_1
273 ))
274 );
275 } else {
276 m_socket->async_handshake(
277 get_handshake_type(),
278 lib::bind(
279 &type::handle_init, get_shared(),
280 callback,
281 lib::placeholders::_1
282 )
283 );
284 }
285 }
286
287 /// Sets the connection handle
288 /**
289 * The connection handle is passed to any handlers to identify the
290 * connection
291 *
292 * @param hdl The new handle
293 */
294 void set_handle(connection_hdl hdl) {
295 m_hdl = hdl;
296 }
297
298 void handle_init(init_handler callback,lib::asio::error_code const & ec) {
299 if (ec) {
300 m_ec = socket::make_error_code(socket::error::tls_handshake_failed);
301 } else {
302 m_ec = lib::error_code();
303 }
304
305 callback(m_ec);
306 }
307
308 lib::error_code get_ec() const {
309 return m_ec;
310 }
311
312 /// Cancel all async operations on this socket
313 /**
314 * Attempts to cancel all async operations on this socket and reports any
315 * failures.
316 *
317 * NOTE: Windows XP and earlier do not support socket cancellation.
318 *
319 * @return The error that occurred, if any.
320 */
321 lib::asio::error_code cancel_socket() {
322 lib::asio::error_code ec;
323 get_raw_socket().cancel(ec);
324 return ec;
325 }
326
327 void async_shutdown(socket::shutdown_handler callback) {
328 if (m_strand) {
329 m_socket->async_shutdown(m_strand->wrap(callback));
330 } else {
331 m_socket->async_shutdown(callback);
332 }
333 }
334
335public:
336 /// Translate any security policy specific information about an error code
337 /**
338 * Translate_ec takes an Asio error code and attempts to convert its value
339 * to an appropriate websocketpp error code. In the case that the Asio and
340 * Websocketpp error types are the same (such as using boost::asio and
341 * boost::system_error or using standalone asio and std::system_error the
342 * code will be passed through natively.
343 *
344 * In the case of a mismatch (boost::asio with std::system_error) a
345 * translated code will be returned. Any error that is determined to be
346 * related to TLS but does not have a more specific websocketpp error code
347 * is returned under the catch all error `tls_error`. Non-TLS related errors
348 * are returned as the transport generic error `pass_through`
349 *
350 * @since 0.3.0
351 *
352 * @param ec The error code to translate_ec
353 * @return The translated error code
354 */
355 template <typename ErrorCodeType>
356 static
357 lib::error_code translate_ec(ErrorCodeType ec) {
358 if (ec.category() == lib::asio::error::get_ssl_category()) {
359 // We know it is a TLS related error, but otherwise don't know more.
360 // Pass through as TLS generic.
361 return make_error_code(transport::error::tls_error);
362 } else {
363 // We don't know any more information about this error so pass
364 // through
365 return make_error_code(transport::error::pass_through);
366 }
367 }
368
369 static
370 /// Overload of translate_ec to catch cases where lib::error_code is the
371 /// same type as lib::asio::error_code
372 lib::error_code translate_ec(lib::error_code ec) {
373 return ec;
374 }
375private:
376 socket_type::handshake_type get_handshake_type() {
377 if (m_is_server) {
378 return lib::asio::ssl::stream_base::server;
379 } else {
380 return lib::asio::ssl::stream_base::client;
381 }
382 }
383
384 io_service_ptr m_io_service;
385 strand_ptr m_strand;
386 context_ptr m_context;
387 socket_ptr m_socket;
388 uri_ptr m_uri;
389 bool m_is_server;
390
391 lib::error_code m_ec;
392
393 connection_hdl m_hdl;
394 socket_init_handler m_socket_init_handler;
395 tls_init_handler m_tls_init_handler;
396};
397
398/// TLS enabled Asio endpoint socket component
399/**
400 * transport::asio::tls_socket::endpoint implements a secure endpoint socket
401 * component that uses Asio's ssl::stream to wrap an ip::tcp::socket.
402 */
403class endpoint {
404public:
405 /// The type of this endpoint socket component
406 typedef endpoint type;
407
408 /// The type of the corresponding connection socket component
410 /// The type of a shared pointer to the corresponding connection socket
411 /// component.
413
414 explicit endpoint() {}
415
416 /// Checks whether the endpoint creates secure connections
417 /**
418 * @return Whether or not the endpoint creates secure connections
419 */
420 bool is_secure() const {
421 return true;
422 }
423
424 /// Set socket init handler
425 /**
426 * The socket init handler is called after a connection's socket is created
427 * but before it is used. This gives the end application an opportunity to
428 * set asio socket specific parameters.
429 *
430 * @param h The new socket_init_handler
431 */
433 m_socket_init_handler = h;
434 }
435
436 /// Set TLS init handler
437 /**
438 * The tls init handler is called when needed to request a TLS context for
439 * the library to use. A TLS init handler must be set and it must return a
440 * valid TLS context in order for this endpoint to be able to initialize
441 * TLS connections
442 *
443 * @param h The new tls_init_handler
444 */
446 m_tls_init_handler = h;
447 }
448protected:
449 /// Initialize a connection
450 /**
451 * Called by the transport after a new connection is created to initialize
452 * the socket component of the connection.
453 *
454 * @param scon Pointer to the socket component of the connection
455 *
456 * @return Error code (empty on success)
457 */
458 lib::error_code init(socket_con_ptr scon) {
459 scon->set_socket_init_handler(m_socket_init_handler);
460 scon->set_tls_init_handler(m_tls_init_handler);
461 return lib::error_code();
462 }
463
464private:
465 socket_init_handler m_socket_init_handler;
466 tls_init_handler m_tls_init_handler;
467};
468
469} // namespace tls_socket
470} // namespace asio
471} // namespace transport
472} // namespace websocketpp
473
474#endif // WEBSOCKETPP_TRANSPORT_SECURITY_TLS_HPP
TLS enabled Asio connection socket component.
Definition tls.hpp:63
bool is_secure() const
Check whether or not this connection is secure.
Definition tls.hpp:95
connection type
Type of this connection socket component.
Definition tls.hpp:66
lib::error_code init_asio(io_service_ptr service, strand_ptr strand, bool is_server)
Perform one time initializations.
Definition tls.hpp:185
void pre_init(init_handler callback)
Pre-initialize security policy.
Definition tls.hpp:234
std::string get_remote_endpoint(lib::error_code &ec) const
Get the remote endpoint address.
Definition tls.hpp:158
void set_handle(connection_hdl hdl)
Sets the connection handle.
Definition tls.hpp:294
lib::shared_ptr< lib::asio::ssl::context > context_ptr
Type of a shared pointer to the ASIO TLS context being used.
Definition tls.hpp:79
lib::shared_ptr< type > ptr
Type of a shared pointer to this connection socket component.
Definition tls.hpp:68
lib::shared_ptr< socket_type > socket_ptr
Type of a shared pointer to the ASIO socket being used.
Definition tls.hpp:73
socket_type & get_socket()
Retrieve a pointer to the wrapped socket.
Definition tls.hpp:119
static lib::error_code translate_ec(lib::error_code ec)
Definition tls.hpp:372
socket_type::lowest_layer_type & get_raw_socket()
Retrieve a pointer to the underlying socket.
Definition tls.hpp:103
void set_socket_init_handler(socket_init_handler h)
Set the socket initialization handler.
Definition tls.hpp:131
void set_tls_init_handler(tls_init_handler h)
Set TLS init handler.
Definition tls.hpp:144
void set_uri(uri_ptr u)
Set hostname hook.
Definition tls.hpp:221
lib::asio::ssl::stream< lib::asio::ip::tcp::socket > socket_type
Type of the ASIO socket being used.
Definition tls.hpp:71
static lib::error_code translate_ec(ErrorCodeType ec)
Translate any security policy specific information about an error code.
Definition tls.hpp:357
void post_init(init_handler callback)
Post-initialize security policy.
Definition tls.hpp:262
ptr get_shared()
Get a shared pointer to this component.
Definition tls.hpp:87
socket_type::next_layer_type & get_next_layer()
Retrieve a pointer to the layer below the ssl stream.
Definition tls.hpp:111
lib::shared_ptr< lib::asio::io_service::strand > strand_ptr
Type of a pointer to the ASIO io_service strand being used.
Definition tls.hpp:77
lib::asio::error_code cancel_socket()
Cancel all async operations on this socket.
Definition tls.hpp:321
lib::asio::io_service * io_service_ptr
Type of a pointer to the ASIO io_service being used.
Definition tls.hpp:75
TLS enabled Asio endpoint socket component.
Definition tls.hpp:403
lib::error_code init(socket_con_ptr scon)
Initialize a connection.
Definition tls.hpp:458
connection socket_con_type
The type of the corresponding connection socket component.
Definition tls.hpp:409
void set_tls_init_handler(tls_init_handler h)
Set TLS init handler.
Definition tls.hpp:445
bool is_secure() const
Checks whether the endpoint creates secure connections.
Definition tls.hpp:420
endpoint type
The type of this endpoint socket component.
Definition tls.hpp:406
void set_socket_init_handler(socket_init_handler h)
Set socket init handler.
Definition tls.hpp:432
Errors related to asio transport sockets.
Definition base.hpp:75
@ missing_tls_init_handler
Required tls_init handler not present.
Definition base.hpp:99
@ tls_failed_sni_hostname
Failed to set TLS SNI hostname.
Definition base.hpp:105
@ tls_handshake_failed
TLS Handshake Failed.
Definition base.hpp:102
@ tls_handshake_timeout
TLS Handshake Timeout.
Definition base.hpp:93
lib::function< void(connection_hdl, lib::asio::ssl::stream< lib::asio::ip::tcp::socket > &)> socket_init_handler
The signature of the socket_init_handler for this socket policy.
Definition tls.hpp:53
lib::function< lib::shared_ptr< lib::asio::ssl::context >(connection_hdl)> tls_init_handler
The signature of the tls_init_handler for this socket policy.
Definition tls.hpp:56
Transport policy that uses asio.
Definition endpoint.hpp:46
Transport policies provide network connectivity and timers.
Definition endpoint.hpp:45
Namespace for the WebSocket++ project.
lib::weak_ptr< void > connection_hdl
A handle to uniquely identify a connection.
lib::shared_ptr< uri > uri_ptr
Pointer to a URI.
Definition uri.hpp:352