Ark Server API (ASE) - Wiki
Loading...
Searching...
No Matches
OpenSSLInitializer.h
Go to the documentation of this file.
1//
2// OpenSSLInitializer.h
3//
4// Library: Crypto
5// Package: CryptoCore
6// Module: OpenSSLInitializer
7//
8// Definition of the OpenSSLInitializer class.
9//
10// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
11// and Contributors.
12//
13// SPDX-License-Identifier: BSL-1.0
14//
15
16
17#ifndef Crypto_OpenSSLInitializer_INCLUDED
18#define Crypto_OpenSSLInitializer_INCLUDED
19
20
21#include "Poco/Crypto/Crypto.h"
22#include "Poco/Mutex.h"
23#include "Poco/AtomicCounter.h"
24#include <openssl/crypto.h>
25
26#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L
27#include <openssl/fips.h>
28#endif
29
30
31extern "C"
32{
34 {
36 };
37}
38
39
40namespace Poco {
41namespace Crypto {
42
43
45 /// Initalizes the OpenSSL library.
46 ///
47 /// The class ensures the earliest initialization and the
48 /// latest shutdown of the OpenSSL library.
49{
50public:
52 /// Automatically initialize OpenSSL on startup.
53
55 /// Automatically shut down OpenSSL on exit.
56
57 static void initialize();
58 /// Initializes the OpenSSL machinery.
59
60 static void uninitialize();
61 /// Shuts down the OpenSSL machinery.
62
63 static bool isFIPSEnabled();
64 // Returns true if FIPS mode is enabled, false otherwise.
65
66 static void enableFIPSMode(bool enabled);
67 // Enable or disable FIPS mode. If FIPS is not available, this method doesn't do anything.
68
69protected:
70 enum
71 {
72 SEEDSIZE = 256
73 };
74
75 // OpenSSL multithreading support
76 static void lock(int mode, int n, const char* file, int line);
77 static unsigned long id();
78 static struct CRYPTO_dynlock_value* dynlockCreate(const char* file, int line);
79 static void dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line);
80 static void dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line);
81
82private:
85};
86
87
88//
89// inlines
90//
92{
93#ifdef OPENSSL_FIPS
94 return FIPS_mode() ? true : false;
95#else
96 return false;
97#endif
98}
99
100#ifdef OPENSSL_FIPS
102{
104}
105#else
106inline void OpenSSLInitializer::enableFIPSMode(bool /*enabled*/)
107{
108}
109#endif
110
111
112} } // namespace Poco::Crypto
113
114
115#endif // Crypto_OpenSSLInitializer_INCLUDED
#define ARK_API
Definition Base.h:9
#define POCO_EXTERNAL_OPENSSL
Definition Config.h:189
#define POCO_NO_SOO
Definition Config.h:82
#define POCO_DO_JOIN2(X, Y)
Definition Foundation.h:134
#define POCO_DO_JOIN(X, Y)
Definition Foundation.h:133
#define Foundation_API
Definition Foundation.h:60
#define POCO_JOIN(X, Y)
Definition Foundation.h:132
#define POCO_HAVE_IPv6
Definition Net.h:64
#define Net_API
Definition Net.h:47
#define NetSSL_API
Definition NetSSL.h:48
#define POCO_OS_IRIX
Definition Platform.h:35
#define POCO_OS_TRU64
Definition Platform.h:30
#define POCO_OS_WINDOWS_NT
Definition Platform.h:43
#define POCO_OS_HPUX
Definition Platform.h:29
#define POCO_OS_CYGWIN
Definition Platform.h:39
#define POCO_OS_WINDOWS_CE
Definition Platform.h:44
#define POCO_UNUSED
Definition Platform.h:274
#define POCO_OS_VXWORKS
Definition Platform.h:38
#define POCO_OS_ANDROID
Definition Platform.h:41
#define POCO_OS_QNX
Definition Platform.h:37
#define POCO_OS_AIX
Definition Platform.h:28
#define POCO_OS_LINUX
Definition Platform.h:31
#define POCO_OS_SOLARIS
Definition Platform.h:36
#define POCO_ARCH_AMD64
Definition Platform.h:129
#define OPENSSL_VERSION_PREREQ(maj, min)
Definition Crypto.h:36
#define Crypto_API
Definition Crypto.h:82
RSAPaddingMode
The padding mode used for RSA public key encryption.
Definition Crypto.h:44
@ RSA_PADDING_PKCS1_OAEP
PKCS #1 v1.5 padding. This currently is the most widely used mode.
Definition Crypto.h:48
@ RSA_PADDING_NONE
Definition Crypto.h:52
@ RSA_PADDING_PKCS1
Definition Crypto.h:45
#define POCO_EXTERNAL_OPENSSL_SLPRO
Definition Crypto.h:24
#define poco_ntoh_32(x)
Definition SocketDefs.h:328
#define INADDR_NONE
Definition SocketDefs.h:291
#define INADDR_BROADCAST
Definition SocketDefs.h:299
#define INADDR_ANY
Definition SocketDefs.h:295
#define poco_ntoh_16(x)
Definition SocketDefs.h:326
#define INADDR_LOOPBACK
Definition SocketDefs.h:303
virtual std::unique_ptr< ArkApi::ICommands > & GetCommands()=0
std::mutex RequestMutex_
Definition Requests.cpp:47
void WriteRequest(std::function< void(bool, std::string)> callback, bool success, std::string result)
Definition Requests.cpp:73
std::string GetResponse(Poco::Net::HTTPClientSession *session, Poco::Net::HTTPResponse &response)
Definition Requests.cpp:107
Poco::Net::HTTPRequest ConstructRequest(const std::string &url, Poco::Net::HTTPClientSession *&session, const std::vector< std::string > &headers, const std::string &request_type)
Definition Requests.cpp:79
std::vector< RequestData > RequestsVec_
Definition Requests.cpp:46
Requests(Requests &&)=delete
ARK_API bool CreateGetRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, std::vector< std::string > headers={})
Creates an async GET Request that runs in another thread but calls the callback from the main thread.
Definition Requests.cpp:129
ARK_API bool CreatePostRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, const std::vector< std::string > &post_ids, const std::vector< std::string > &post_data, std::vector< std::string > headers={})
Creates an async POST Request that runs in another thread but calls the callback from the main thread...
Definition Requests.cpp:238
Requests & operator=(Requests &&)=delete
ARK_API bool CreateDeleteRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, std::vector< std::string > headers={})
Creates an async DELETE Request that runs in another thread but calls the callback from the main thre...
Definition Requests.cpp:292
Requests & operator=(const Requests &)=delete
ARK_API bool CreatePostRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, const std::string &post_data, std::vector< std::string > headers={})
Creates an async POST Request with application/x-www-form-urlencoded content type that runs in anothe...
Definition Requests.cpp:162
static ARK_API Requests & Get()
Definition Requests.cpp:67
ARK_API bool CreatePostRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, const std::string &post_data, const std::string &content_type, std::vector< std::string > headers={})
Creates an async POST Request that runs in another thread but calls the callback from the main thread...
Definition Requests.cpp:200
std::unique_ptr< impl > pimpl
Definition Requests.h:84
Requests(const Requests &)=delete
virtual void AddOnTickCallback(const FString &id, const std::function< void(float)> &callback)=0
Added function will be called every frame.
virtual bool RemoveOnTickCallback(const FString &id)=0
Removes a on-tick callback.
Definition Logger.h:9
static std::shared_ptr< spdlog::logger > & GetLog()
Definition Logger.h:22
static std::string what(const char *msg, const char *file, int line, const char *text=0)
static void bugcheck(const char *msg, const char *file, int line)
static void nullPointer(const char *ptr, const char *file, int line)
static void debugger(const char *msg, const char *file, int line)
static void debugger(const char *file, int line)
static void bugcheck(const char *file, int line)
static void assertion(const char *cond, const char *file, int line, const char *text=0)
static void unexpected(const char *file, int line)
static struct CRYPTO_dynlock_value * dynlockCreate(const char *file, int line)
static void uninitialize()
Initializes the OpenSSL machinery.
static void initialize()
Automatically shut down OpenSSL on exit.
~OpenSSLInitializer()
Automatically initialize OpenSSL on startup.
static void lock(int mode, int n, const char *file, int line)
static unsigned long id()
static Poco::AtomicCounter _rc
static void enableFIPSMode(bool enabled)
static Poco::FastMutex * _mutexes
static void dynlock(int mode, struct CRYPTO_dynlock_value *lock, const char *file, int line)
static bool isFIPSEnabled()
Shuts down the OpenSSL machinery.
static void dynlockDestroy(struct CRYPTO_dynlock_value *lock, const char *file, int line)
This class represents a X509 Certificate.
void swap(X509Certificate &cert)
Move assignment.
std::string subjectName(NID nid) const
Returns the certificate subject's distinguished name.
bool equals(const X509Certificate &otherCertificate) const
const X509 * certificate() const
Poco::DateTime expiresOn() const
Returns the date and time the certificate is valid from.
X509Certificate(X509 *pCert, bool shared)
std::string issuerName(NID nid) const
Returns the certificate issuer's distinguished name.
const std::string & subjectName() const
X509Certificate(const X509Certificate &cert)
const std::string & serialNumber() const
Returns the version of the certificate.
X509Certificate & operator=(const X509Certificate &cert)
Creates the certificate by moving another one.
X509 * dup() const
Returns the underlying OpenSSL certificate.
~X509Certificate()
Exchanges the certificate with another one.
bool issuedBy(const X509Certificate &issuerCertificate) const
const std::string & issuerName() const
long version() const
Destroys the X509Certificate.
X509Certificate(X509Certificate &&cert) noexcept
Creates the certificate by copying another one.
void load(std::istream &stream)
Writes the list of certificates to the specified PEM file.
std::string signatureAlgorithm() const
void print(std::ostream &out) const
Returns the certificate signature algorithm long name.
Poco::DateTime validFrom() const
X509Certificate(std::istream &istr)
std::string commonName() const
void save(std::ostream &stream) const
OpenSSLInitializer _openSSLInitializer
X509Certificate & operator=(X509Certificate &&cert) noexcept
Assigns a certificate.
std::string displayText() const
Returns the exception code if defined.
void init(const Params &params)
void setSessionCacheSize(std::size_t size)
Returns true iff the session cache is enabled.
std::size_t getSessionCacheSize() const
Context::VerificationMode verificationMode() const
Returns true iff the context is for use by a server.
Definition Context.h:466
void requireMinimumProtocol(Protocols protocol)
void enableExtendedCertificateVerification(bool flag=true)
void setInvalidCertificateHandler(InvalidCertificateHandlerPtr pInvalidCertificageHandler)
Usage _usage
Create a SSL_CTX object according to Context configuration.
Definition Context.h:437
Usage usage() const
Returns the underlying OpenSSL SSL Context object.
Definition Context.h:449
SSL_CTX * sslContext() const
Definition Context.h:472
long getSessionTimeout() const
void usePrivateKey(const Poco::Crypto::RSAKey &key)
Add one trusted certification authority to be used by the Context.
void enableSessionCache(bool flag=true)
Returns the verification mode.
void addCertificateAuthority(const Poco::Crypto::X509Certificate &certificate)
Adds a certificate for certificate chain validation.
void usePrivateKey(const Poco::Crypto::EVPPKey &pkey)
bool extendedCertificateVerificationEnabled() const
Definition Context.h:478
bool isForServerUse() const
Definition Context.h:455
void addChainCertificate(const Poco::Crypto::X509Certificate &certificate)
bool _ocspStaplingResponseVerification
Definition Context.h:441
bool ocspStaplingResponseVerificationEnabled() const
Definition Context.h:484
bool _extendedCertificateVerification
Definition Context.h:440
VerificationMode _mode
Definition Context.h:438
@ SERVER_USE
DEPRECATED. Context is used by a client.
Definition Context.h:71
@ TLSV1_2_CLIENT_USE
DEPRECATED. Context is used by a server requiring TLSv1.1 (OpenSSL 1.0.0 or newer).
Definition Context.h:76
@ TLSV1_CLIENT_USE
DEPRECATED. Context is used by a server.
Definition Context.h:72
@ TLSV1_3_SERVER_USE
DEPRECATED. Context is used by a client requiring TLSv1.3 (OpenSSL 1.1.1 or newer).
Definition Context.h:79
@ CLIENT_USE
Context is used by a client for TLSv1 or higher. Use requireMinimumProtocol() or disableProtocols() t...
Definition Context.h:70
@ TLSV1_2_SERVER_USE
DEPRECATED. Context is used by a client requiring TLSv1.2 (OpenSSL 1.0.1 or newer).
Definition Context.h:77
@ TLSV1_SERVER_USE
DEPRECATED. Context is used by a client requiring TLSv1.
Definition Context.h:73
@ TLSV1_3_CLIENT_USE
DEPRECATED. Context is used by a server requiring TLSv1.2 (OpenSSL 1.0.1 or newer).
Definition Context.h:78
@ TLS_SERVER_USE
Context is used by a client for TLSv1 or higher. Use requireMinimumProtocol() or disableProtocols() t...
Definition Context.h:69
@ TLSV1_1_CLIENT_USE
DEPRECATED. Context is used by a server requiring TLSv1.
Definition Context.h:74
@ TLSV1_1_SERVER_USE
DEPRECATED. Context is used by a client requiring TLSv1.1 (OpenSSL 1.0.0 or newer).
Definition Context.h:75
void useCertificate(const Poco::Crypto::X509Certificate &certificate)
Destroys the Context.
void preferServerCiphers()
Context(Usage usage, const Params &params)
InvalidCertificateHandlerPtr _pInvalidCertificateHandler
Definition Context.h:442
void setSessionTimeout(long seconds)
InvalidCertificateHandlerPtr getInvalidCertificateHandler() const
Definition Context.h:490
void disableStatelessSessionResumption()
bool sessionCacheEnabled() const
void disableProtocols(int protocols)
SSL_CTX * _pSSLContext
Definition Context.h:439
virtual std::istream & receiveResponse(HTTPResponse &response)
virtual std::ostream & sendRequest(HTTPRequest &request)
Returns the connection timeout for HTTP connections.
static const std::string HTTP_1_1
void setContentLength(std::streamsize length)
Returns the HTTP version for this message.
HTTPRequest(const std::string &method, const std::string &uri, const std::string &version)
Creates a HTTP/1.0 request with the given method and URI.
static const std::string HTTP_GET
static const std::string HTTP_DELETE
static const std::string HTTP_POST
const std::string & getReason() const
Sets the HTTP reason phrase.
HTTPResponse(HTTPStatus status)
HTTPStatus getStatus() const
HTTPSClientSession(const std::string &host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession)
std::string proxyRequestPrefix() const
Sends the given HTTPRequest over an existing connection.
HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession)
HTTPSClientSession(Context::Ptr pContext)
Creates a HTTPSClientSession using the given host and port.
void proxyAuthenticate(HTTPRequest &request)
Checks if we can reuse a persistent connection.
int read(char *buffer, std::streamsize length)
HTTPSClientSession(const HTTPSClientSession &)
void connect(const SocketAddress &address)
Refills the internal buffer.
HTTPSClientSession(const SecureStreamSocket &socket, Session::Ptr pSession)
X509Certificate serverCertificate()
HTTPSClientSession & operator=(const HTTPSClientSession &)
HTTPSClientSession(const std::string &host, Poco::UInt16 port=HTTPS_PORT)
HTTPSClientSession(const SecureStreamSocket &socket)
Creates an unconnected HTTPSClientSession.
HTTPSClientSession(const std::string &host, Poco::UInt16 port, Context::Ptr pContext)
InvalidCertificateHandler(bool handleErrorsOnServerSide)
virtual void onInvalidCertificate(const void *pSender, VerificationErrorArgs &errorCert)=0
Destroys the InvalidCertificateHandler.
RejectCertificateHandler(bool handleErrorsOnServerSide)
void initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext)
static SSLManager & instance()
static std::string convertCertificateError(long errCode)
static std::string getLastError()
Converts an SSL certificate handling error code into an error message.
static void clearErrorStack()
Returns the last error from the error stack.
A utility class for certificate error handling.
This stream discards all characters written to it.
Definition NullStream.h:77
static std::streamsize copyStream(std::istream &istr, std::ostream &ostr, std::size_t bufferSize=8192)
const std::string & getHost() const
Sets the user-info part of the URI.
Definition URI.h:385
const std::string & getScheme() const
Definition URI.h:373
URI(const std::string &uri)
Creates an empty URI.
unsigned short getPort() const
Sets the host part of the URI.
std::string getPathAndQuery() const
Returns the encoded path, query and fragment parts of the URI.
void error(const T &)
Definition IBaseApi.h:9
std::unique_ptr< IBaseApi > game_api
Definition IBaseApi.h:25
void Crypto_API uninitializeCrypto()
void Crypto_API initializeCrypto()
std::vector< SocketBuf > SocketBufVec
Definition SocketDefs.h:365
void NetSSL_API initializeSSL()
void Net_API uninitializeNetwork()
void Net_API initializeNetwork()
void NetSSL_API uninitializeSSL()
Definition format.h:408
Definition json.hpp:4518
#define OPENSSL_VERSION_NUMBER
Definition opensslv.h:42
struct ssl_ctx_st SSL_CTX
Definition ossl_typ.h:149
struct x509_st X509
Definition ossl_typ.h:121
#define SSL_VERIFY_NONE
Definition ssl.h:1099
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT
Definition ssl.h:1101
#define SSL_VERIFY_PEER
Definition ssl.h:1100
#define SSL_VERIFY_CLIENT_ONCE
Definition ssl.h:1102
std::function< void(bool, std::string)> callback
Definition Requests.cpp:41
Family
Possible address families for socket addresses.
Definition SocketDefs.h:373
std::string privateKeyFile
Initializes the struct with default values.
Definition Context.h:134
std::string certificateFile
Definition Context.h:138
VerificationMode verificationMode
Definition Context.h:149
static std::string escape(const std::string &s, bool strictJSON=false)