diff --git a/TCPServer.h b/TCPServer.h index e766919..343f412 100644 --- a/TCPServer.h +++ b/TCPServer.h @@ -19,7 +19,7 @@ namespace core { /// /// A list of connections is maintained in a vector object. /// - /// This object extends the BMACommand object as well so it can be added to a Console object and + /// This object extends the Command object as well so it can be added to a Console object and /// process commands to display status information. /// diff --git a/TCPSocket.cpp b/TCPSocket.cpp index 613d933..e2e054a 100644 --- a/TCPSocket.cpp +++ b/TCPSocket.cpp @@ -10,6 +10,8 @@ namespace core { TCPSocket::TCPSocket(EPoll &ePoll, std::string text) : Socket(ePoll, text) {} + TCPSocket::TCPSocket(EPoll &ePoll, TLSInfo *tlsInfo, std::string text) : Socket(ePoll, text), TLS(tlsInfo) {} + TCPSocket::TCPSocket(EPoll &ePoll, SSL_CTX *ctx, std::string text) : Socket(ePoll, text), TLS(ctx) {} TCPSocket::~TCPSocket() {} diff --git a/TCPSocket.h b/TCPSocket.h index 3cad4cb..c06d120 100644 --- a/TCPSocket.h +++ b/TCPSocket.h @@ -4,6 +4,7 @@ #include "Socket.h" #include "TLS.h" +#include "TLSInfo.h" #include "IPAddress.h" namespace core { @@ -38,6 +39,12 @@ namespace core { /// /// + TCPSocket(EPoll &ePoll, TLSInfo *tlsInfo, std::string text); + + /// + /// + /// + TCPSocket(EPoll &ePoll, SSL_CTX *ctx, std::string text); /// diff --git a/TLS.cpp b/TLS.cpp index 4c86af7..833fa2e 100644 --- a/TLS.cpp +++ b/TLS.cpp @@ -45,46 +45,48 @@ namespace core { coreutils::Log(coreutils::LOG_DEBUG_3) << "No client certificate."; } - TLS::TLS() {} + TLS::TLS() {} + + TLS::TLS(TLSInfo *tlsInfo) { + createContext(tlsInfo); + } TLS::TLS(SSL_CTX *ctx) : ctx(ctx) {} TLS::~TLS() {} - void TLS::createContext() { + void TLS::createContext(TLSInfo *tlsInfo) { - SSL_library_init(); - SSL_load_error_strings(); - - lockarray = (pthread_mutex_t *)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); - for(int i = 0; i < CRYPTO_num_locks(); ++i) - pthread_mutex_init(&(lockarray[i]), NULL); - - CRYPTO_set_id_callback((unsigned long (*)())thread_id); - CRYPTO_set_locking_callback((void (*)(int, int, const char *, int))lock_callback); - - SSLeay_add_ssl_algorithms(); - RAND_load_file("/dev/hwrng", 1024); - - if(!(ctx = SSL_CTX_new(SSLv23_server_method()))) - throw coreutils::Exception("Error while setting server method SSLv23."); - SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); - SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); - // SSL_CTX_set_generate_session_id(ctx, generate_session_id); - SSL_CTX_set_cipher_list(ctx, "ECDH-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA"); - if(SSL_CTX_use_certificate_file(ctx, sip_cert, SSL_FILETYPE_PEM) <= 0) - throw coreutils::Exception("Error looking up certificate."); - if(SSL_CTX_use_PrivateKey_file(ctx, sip_key, SSL_FILETYPE_PEM) < 0) - throw coreutils::Exception("Error with private key."); - if(SSL_CTX_check_private_key(ctx) != 1) - throw coreutils::Exception("Private key does not match certificate."); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - SSL_CTX_set_verify_depth(ctx, 1); - if(!SSL_CTX_load_verify_locations(ctx, sip_cacert, NULL)) - throw coreutils::Exception("Cannot verify locations."); - SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(sip_cacert)); - coreutils::Log(coreutils::LOG_DEBUG_1) << "Server key authenticated."; + if(tlsInfo) { + SSL_library_init(); + SSL_load_error_strings(); + lockarray = (pthread_mutex_t *)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); + for(int i = 0; i < CRYPTO_num_locks(); ++i) + pthread_mutex_init(&(lockarray[i]), NULL); + CRYPTO_set_id_callback((unsigned long (*)())thread_id); + CRYPTO_set_locking_callback((void (*)(int, int, const char *, int))lock_callback); + SSLeay_add_ssl_algorithms(); + RAND_load_file("/dev/hwrng", 1024); + if(!(ctx = SSL_CTX_new(SSLv23_server_method()))) + throw coreutils::Exception("Error while setting server method SSLv23."); + SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); + // SSL_CTX_set_generate_session_id(ctx, generate_session_id); + SSL_CTX_set_cipher_list(ctx, "ECDH-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA"); + if(SSL_CTX_use_certificate_file(ctx, tlsInfo->certificate.c_str(), SSL_FILETYPE_PEM) <= 0) + throw coreutils::Exception("Error looking up certificate."); + if(SSL_CTX_use_PrivateKey_file(ctx, tlsInfo->key.c_str(), SSL_FILETYPE_PEM) < 0) + throw coreutils::Exception("Error with private key."); + if(SSL_CTX_check_private_key(ctx) != 1) + throw coreutils::Exception("Private key does not match certificate."); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_set_verify_depth(ctx, 1); + if(!SSL_CTX_load_verify_locations(ctx, tlsInfo->cACertificate.c_str(), NULL)) + throw coreutils::Exception("Cannot verify locations."); + SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(tlsInfo->cACertificate.c_str())); + coreutils::Log(coreutils::LOG_DEBUG_1) << "Server key authenticated."; + } } void TLS::registerSocket(int fd) { diff --git a/TLS.h b/TLS.h index 70c8726..44ea5e1 100644 --- a/TLS.h +++ b/TLS.h @@ -2,6 +2,7 @@ #define __TLS_h__ #include "ZString.h" +#include "TLSInfo.h" #include namespace core { @@ -17,12 +18,18 @@ namespace core { public: + /// + /// + /// + + TLS(); + /// /// Use this constructor when the SSL context needs to be created as when opening /// a server TCPSocket. /// - TLS(); + TLS(TLSInfo *tlsInfo); /// /// Use this constructor on creation of a new TCPSocket that needs access to @@ -37,7 +44,7 @@ namespace core { ~TLS(); - void createContext(); + void createContext(TLSInfo *tlsInfo); SSL_CTX *ctx; diff --git a/TLSInfo.h b/TLSInfo.h new file mode 100644 index 0000000..234f622 --- /dev/null +++ b/TLSInfo.h @@ -0,0 +1,27 @@ +#ifndef __TLSInfo_h__ +#define __TLSInfo_h__ + +#include "ZString.h" + +namespace core { + + /// + /// TLSInfo + /// + /// This object provides the support data to handle TLS on the server core and + /// session environment. + /// + + class TLSInfo { + + public: + + coreutils::ZString cACertificate; + coreutils::ZString certificate; + coreutils::ZString key; + + }; + +} + +#endif diff --git a/testing/consoleserver b/testing/consoleserver new file mode 100755 index 0000000..606b3bf Binary files /dev/null and b/testing/consoleserver differ diff --git a/testing/main.cpp b/testing/main.cpp index 0c5d387..634cd98 100644 --- a/testing/main.cpp +++ b/testing/main.cpp @@ -10,18 +10,16 @@ int main(int argc, char **argv) { try { - coreutils::Log(new coreutils::File("/tmp/http.log", O_WRONLY | O_APPEND | O_CREAT, 0644)); - coreutils::Log(coreutils::LOG_INFO) << "Terminal Server starting. Build " << __DATE__ << " " << __TIME__; + coreutils::Log(new coreutils::File("/tmp/console.log", O_WRONLY | O_APPEND | O_CREAT, 0644)); + coreutils::Log(coreutils::LOG_INFO) << "Console Server starting. Build " << __DATE__ << " " << __TIME__; std::string ipAddress = "0.0.0.0"; core::EPoll ePoll; - - core::TerminalServer terminals(ePoll, core::IPAddress(ipAddress, 1026)); + core::ConsoleServer console(ePoll, core::IPAddress(ipAddress, 1027)); console.commands.add(ePoll, "threads"); - console.commands.add(httpSessions, "sessions"); console.commands.add(console, "consoles"); console.commands.add(console.commands, "help"); ePoll.start(2, 1000);