RetroShare/libretroshare/src/pqi/pqissl.h

/*
 * "$Id: pqissl.h,v 1.18 2007-03-11 14:54:22 rmf24 Exp $"
 *
 * 3P/PQI network interface for RetroShare.
 *
 * Copyright 2004-2006 by Robert Fernie.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License Version 2 as published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA.
 *
 * Please report all bugs and problems to "retroshare@lunamutt.com".
 *
 */


#ifndef MRK_PQI_SSL_HEADER
#define MRK_PQI_SSL_HEADER

#include <openssl/ssl.h>

// operating system specific network header.
#include "pqi/pqinetwork.h"

#include <string>
#include <map>

#include "pqi/pqi_base.h"

/**************** PQI_USE_XPGP ******************/
#if defined(PQI_USE_XPGP)
#include "pqi/xpgpcert.h"
#else /* X509 Certificates */
/**************** PQI_USE_XPGP ******************/
#include "pqi/sslcert.h"
#endif /* X509 Certificates */
/**************** PQI_USE_XPGP ******************/


#define WAITING_NOT            0
#define WAITING_PROXY_CONNECT  1
#define WAITING_LOCAL_ADDR     2
#define WAITING_REMOTE_ADDR    3
#define WAITING_SOCK_CONNECT   4
#define WAITING_SSL_CONNECTION 5
#define WAITING_SSL_AUTHORISE  6
#define WAITING_FAIL_INTERFACE 7


#define PQISSL_PASSIVE  0x00
#define PQISSL_ACTIVE   0x01

const int PQISSL_LOCAL_FLAG = 0x01;
const int PQISSL_REMOTE_FLAG = 0x02;
const int PQISSL_DNS_FLAG = 0x04;

/* not sure about the value? */
const int PQISSL_UDP_FLAG = 0x02;


/***************************** pqi Net SSL Interface *********************************
 * This provides the base SSL interface class, 
 * and handles most of the required functionality.
 *
 * there are a series of small fn's that can be overloaded
 * to provide alternative behaviour....
 *
 * Classes expected to inherit from this are:
 *
 * pqissllistener 	-> pqissllistener  (tcp only)
 * 			-> pqixpgplistener (tcp only)	
 *
 * pqissl	 	-> pqissltcp
 * 			-> pqissludp
 * 			-> pqixpgptcp
 * 			-> pqixpgpudp
 *
 */

class pqissl;
class cert;

class pqissllistener;

#if 0 /* REMOVING pqissllistener */

class pqissllistener
{
	public:

	pqissllistener(struct sockaddr_in addr);

int 	addlistenaddr(cert *c, pqissl *acc);
int	removeListenPort(cert *c);

int     setListenAddr(struct sockaddr_in addr);
int	setuplisten();
int     resetlisten();

int	acceptconnection();
int	continueaccepts();
int	continueSSL(SSL *ssl, bool);
int	continueSocket(int fd, bool);

//int	connectCertExchange(cert *);
//


int 	tick();
int 	status();

	private:

	// fn to get cert, anyway
int     Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_in *inaddr);

	struct sockaddr_in raddr;
	struct sockaddr_in laddr;
	socklen_t addrlen;

	bool active;
	int lsock;
	cert *localcert;
	std::map<cert *, pqissl *> listenaddr;
	std::list<SSL *> incoming_ssl;
	std::list<int> incoming_skts;

	sslroot *sslccr;
};


#endif /* removing pqisllistener */

class pqissl: public NetBinInterface
{
public:
	pqissl(cert *c, pqissllistener *l, PQInterface *parent);
virtual ~pqissl();

	// NetInterface
virtual int connectattempt();
virtual int listen();
virtual int stoplistening();
virtual int reset();
virtual int disconnect();

	// BinInterface
virtual int	tick();
virtual int     status();

virtual int senddata(void*, int);
virtual int readdata(void*, int);
virtual int netstatus();
virtual int isactive();
virtual bool moretoread();
virtual bool cansend();
virtual bool bandwidthLimited();

protected:
	// A little bit of information to describe 
	// the SSL state, this is needed
	// to allow full Non-Blocking Connect behaviour.
	// This fn loops through the following fns.
	// to complete an SSL.

int 	ConnectAttempt();
int 	waiting; 

	// These first five fns are overloaded for udp/etc connections.
virtual int Reattempt_Connection();
virtual int Request_Proxy_Connection();
virtual int Check_Proxy_Connection();
virtual int Request_Local_Address();
virtual int Determine_Local_Address();
virtual int Determine_Remote_Address();

virtual int Initiate_Connection();
virtual int Basic_Connection_Complete();

	// These should be identical for all cases,
	// differences are achieved via the net_internal_* fns.
int Initiate_SSL_Connection();
int SSL_Connection_Complete();
int Authorise_SSL_Connection();

int Extract_Failed_SSL_Certificate(); // try to get cert anyway.

public:

/* Completion of the SSL connection, 
 * this is public, so it can be called by
 * the listener (should make friends??) 
 */

int	accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr); 

protected:

	//protected internal fns that are overloaded for udp case.
virtual int net_internal_close(int fd) { return unix_close(fd); }
virtual int net_internal_SSL_set_fd(SSL *ssl, int fd) { return SSL_set_fd(ssl, fd); }
virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd);}


	/* data */
	bool active;
	bool certvalid;

	// addition for udp (tcp version == ACTIVE).
	int sslmode;     

	SSL *ssl_connection;
	int sockfd;

	cert *sslcert;
	sslroot *sslccr;

	pqissllistener *pqil;

	struct sockaddr_in remote_addr;


	void *readpkt;
	int pktlen;

	int attempt_ts;

	// Some flags to indicate
	// the status of the various interfaces
	// (local), (server)
	unsigned int net_attempt;
	unsigned int net_failure;
	unsigned int net_unreachable;

	bool sameLAN; /* flag use to allow high-speed transfers */

	int n_read_zero; /* a counter to determine if the connection is really dead */

	int ssl_connect_timeout; /* timeout to ensure that we don't get stuck (can happen on udp!) */

private:

	// ssl only fns.
int connectInterface(sockaddr_in&);

};


#endif // MRK_PQI_SSL_HEADER
Created V0.3.x branch and moved the head into the trunk directory. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@246 b45a01b8-16f6-495d-af2f-9b41ad6348cc 2007-11-14 22:18:48 -05:00			`/*`
			`* "$Id: pqissl.h,v 1.18 2007-03-11 14:54:22 rmf24 Exp $"`
			`*`
			`* 3P/PQI network interface for RetroShare.`
			`*`
			`* Copyright 2004-2006 by Robert Fernie.`
			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU Library General Public`
			`* License Version 2 as published by the Free Software Foundation.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`* Library General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Library General Public`
			`* License along with this library; if not, write to the Free Software`
			`* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307`
			`* USA.`
			`*`
			`* Please report all bugs and problems to "retroshare@lunamutt.com".`
			`*`
			`*/`



			`#ifndef MRK_PQI_SSL_HEADER`
			`#define MRK_PQI_SSL_HEADER`

			`#include <openssl/ssl.h>`

			`// operating system specific network header.`
			`#include "pqi/pqinetwork.h"`

			`#include <string>`
			`#include <map>`

			`#include "pqi/pqi_base.h"`

			`/************** PQI_USE_XPGP ****************/`
			`#if defined(PQI_USE_XPGP)`
			`#include "pqi/xpgpcert.h"`
			`#else /* X509 Certificates */`
			`/************** PQI_USE_XPGP ****************/`
			`#include "pqi/sslcert.h"`
			`#endif /* X509 Certificates */`
			`/************** PQI_USE_XPGP ****************/`


			`#define WAITING_NOT 0`
			`#define WAITING_PROXY_CONNECT 1`
			`#define WAITING_LOCAL_ADDR 2`
			`#define WAITING_REMOTE_ADDR 3`
			`#define WAITING_SOCK_CONNECT 4`
			`#define WAITING_SSL_CONNECTION 5`
			`#define WAITING_SSL_AUTHORISE 6`
			`#define WAITING_FAIL_INTERFACE 7`


			`#define PQISSL_PASSIVE 0x00`
			`#define PQISSL_ACTIVE 0x01`

			`const int PQISSL_LOCAL_FLAG = 0x01;`
			`const int PQISSL_REMOTE_FLAG = 0x02;`
			`const int PQISSL_DNS_FLAG = 0x04;`

			`/* not sure about the value? */`
			`const int PQISSL_UDP_FLAG = 0x02;`


			`/*************************** pqi Net SSL Interface *******************************`
			`* This provides the base SSL interface class,`
			`* and handles most of the required functionality.`
			`*`
			`* there are a series of small fn's that can be overloaded`
			`* to provide alternative behaviour....`
			`*`
			`* Classes expected to inherit from this are:`
			`*`
			`* pqissllistener -> pqissllistener (tcp only)`
			`* -> pqixpgplistener (tcp only)`
			`*`
			`* pqissl -> pqissltcp`
			`* -> pqissludp`
			`* -> pqixpgptcp`
			`* -> pqixpgpudp`
			`*`
			`*/`

			`class pqissl;`
			`class cert;`

			`class pqissllistener;`

			`#if 0 /* REMOVING pqissllistener */`

			`class pqissllistener`
			`{`
			`public:`

			`pqissllistener(struct sockaddr_in addr);`

			`int addlistenaddr(cert c, pqissl acc);`
			`int removeListenPort(cert *c);`

			`int setListenAddr(struct sockaddr_in addr);`
			`int setuplisten();`
			`int resetlisten();`

			`int acceptconnection();`
			`int continueaccepts();`
			`int continueSSL(SSL *ssl, bool);`
			`int continueSocket(int fd, bool);`

			`//int connectCertExchange(cert *);`
			`//`


			`int tick();`
			`int status();`

			`private:`

			`// fn to get cert, anyway`
			`int Extract_Failed_SSL_Certificate(SSL ssl, struct sockaddr_in inaddr);`

			`struct sockaddr_in raddr;`
			`struct sockaddr_in laddr;`
			`socklen_t addrlen;`

			`bool active;`
			`int lsock;`
			`cert *localcert;`
			`std::map<cert , pqissl > listenaddr;`
			`std::list<SSL *> incoming_ssl;`
			`std::list<int> incoming_skts;`

			`sslroot *sslccr;`
			`};`


			`#endif /* removing pqisllistener */`

			`class pqissl: public NetBinInterface`
			`{`
			`public:`
			`pqissl(cert c, pqissllistener l, PQInterface *parent);`
			`virtual ~pqissl();`

			`// NetInterface`
			`virtual int connectattempt();`
			`virtual int listen();`
			`virtual int stoplistening();`
			`virtual int reset();`
			`virtual int disconnect();`

			`// BinInterface`
			`virtual int tick();`
			`virtual int status();`

			`virtual int senddata(void*, int);`
			`virtual int readdata(void*, int);`
			`virtual int netstatus();`
			`virtual int isactive();`
			`virtual bool moretoread();`
			`virtual bool cansend();`
			`virtual bool bandwidthLimited();`

			`protected:`
			`// A little bit of information to describe`
			`// the SSL state, this is needed`
			`// to allow full Non-Blocking Connect behaviour.`
			`// This fn loops through the following fns.`
			`// to complete an SSL.`

			`int ConnectAttempt();`
			`int waiting;`

			`// These first five fns are overloaded for udp/etc connections.`
			`virtual int Reattempt_Connection();`
			`virtual int Request_Proxy_Connection();`
			`virtual int Check_Proxy_Connection();`
			`virtual int Request_Local_Address();`
			`virtual int Determine_Local_Address();`
			`virtual int Determine_Remote_Address();`

			`virtual int Initiate_Connection();`
			`virtual int Basic_Connection_Complete();`

			`// These should be identical for all cases,`
			`// differences are achieved via the net_internal_* fns.`
			`int Initiate_SSL_Connection();`
			`int SSL_Connection_Complete();`
			`int Authorise_SSL_Connection();`

			`int Extract_Failed_SSL_Certificate(); // try to get cert anyway.`

			`public:`

			`/* Completion of the SSL connection,`
			`* this is public, so it can be called by`
			`* the listener (should make friends??)`
			`*/`

			`int accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr);`

			`protected:`

			`//protected internal fns that are overloaded for udp case.`
			`virtual int net_internal_close(int fd) { return unix_close(fd); }`
			`virtual int net_internal_SSL_set_fd(SSL *ssl, int fd) { return SSL_set_fd(ssl, fd); }`
			`virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd);}`


			`/* data */`
			`bool active;`
			`bool certvalid;`

			`// addition for udp (tcp version == ACTIVE).`
			`int sslmode;`

			`SSL *ssl_connection;`
			`int sockfd;`

			`cert *sslcert;`
			`sslroot *sslccr;`

			`pqissllistener *pqil;`

			`struct sockaddr_in remote_addr;`


			`void *readpkt;`
			`int pktlen;`

			`int attempt_ts;`

			`// Some flags to indicate`
			`// the status of the various interfaces`
			`// (local), (server)`
			`unsigned int net_attempt;`
			`unsigned int net_failure;`
			`unsigned int net_unreachable;`

			`bool sameLAN; /* flag use to allow high-speed transfers */`

			`int n_read_zero; /* a counter to determine if the connection is really dead */`

			`int ssl_connect_timeout; /* timeout to ensure that we don't get stuck (can happen on udp!) */`

			`private:`

			`// ssl only fns.`
			`int connectInterface(sockaddr_in&);`

			`};`




			`#endif // MRK_PQI_SSL_HEADER`