timer.h \
tlsstream.cpp \
tlsstream.h \
+ tlsutility.cpp \
+ tlsutility.h \
unix.h \
unixsocket.cpp \
unixsocket.h \
}
#endif /* _WIN32 */
-class I2_BASE_API openssl_error : virtual public std::exception, virtual public boost::exception { };
-
-struct errinfo_openssl_error_;
-typedef boost::error_info<struct errinfo_openssl_error_, int> errinfo_openssl_error;
-
-inline std::string to_string(const errinfo_openssl_error& e)
-{
- std::ostringstream tmp;
- int code = e.value();
-
- const char *message = ERR_error_string(code, NULL);
-
- if (message == NULL)
- message = "Unknown error.";
-
- tmp << code << ", \"" << message << "\"";
- return tmp.str();
-}
-
}
#endif /* EXCEPTION_H */
#include <exception>
#include <stdexcept>
-#include <boost/smart_ptr/shared_ptr.hpp>
-#include <boost/smart_ptr/weak_ptr.hpp>
-
-using boost::shared_ptr;
-using boost::weak_ptr;
-using boost::dynamic_pointer_cast;
-using boost::static_pointer_cast;
-
#if defined(__APPLE__) && defined(__MACH__)
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#endif
-#include <openssl/bio.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
#ifdef I2_BASE_BUILD
# define I2_BASE_API I2_EXPORT
#else /* I2_BASE_BUILD */
#include "base/i2-base.h"
#include <boost/thread/mutex.hpp>
+#include <boost/smart_ptr/shared_ptr.hpp>
+#include <boost/smart_ptr/weak_ptr.hpp>
#include <boost/smart_ptr/enable_shared_from_this.hpp>
+using boost::shared_ptr;
+using boost::weak_ptr;
+using boost::dynamic_pointer_cast;
+using boost::static_pointer_cast;
+
namespace icinga
{
boost::exception_ptr m_Exception;
};
-BIO *BIO_Stream_new(const Stream::Ptr& stream);
-
}
#endif /* STREAM_H */
#include "base/i2-base.h"
#include "base/stream.h"
+#include "base/tlsutility.h"
namespace icinga
{
#include "base/i2-base.h"
#include "base/stream.h"
#include "base/fifo.h"
+#include "base/tlsutility.h"
namespace icinga
{
--- /dev/null
+/******************************************************************************
+ * Icinga 2 *
+ * Copyright (C) 2012 Icinga Development Team (http://www.icinga.org/) *
+ * *
+ * This program is free software; you can redistribute it and/or *
+ * modify it under the terms of the GNU General Public License *
+ * as published by the Free Software Foundation; either version 2 *
+ * of the License, or (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software Foundation *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ******************************************************************************/
+
+#include "base/tlsutility.h"
+
+using namespace icinga;
+
+static bool l_SSLInitialized = false;
+
+/**
+ * Initializes the OpenSSL library.
+ */
+static void InitializeOpenSSL(void)
+{
+ if (l_SSLInitialized)
+ return;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ l_SSLInitialized = true;
+}
+
+/**
+ * Initializes an SSL context using the specified certificates.
+ *
+ * @param pubkey The public key.
+ * @param privkey The matching private key.
+ * @param cakey CA certificate chain file.
+ * @returns An SSL context.
+ */
+shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey)
+{
+ InitializeOpenSSL();
+
+ shared_ptr<SSL_CTX> sslContext = shared_ptr<SSL_CTX>(SSL_CTX_new(TLSv1_method()), SSL_CTX_free);
+
+ SSL_CTX_set_mode(sslContext.get(), SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
+ if (!SSL_CTX_use_certificate_chain_file(sslContext.get(), pubkey.CStr())) {
+ BOOST_THROW_EXCEPTION(openssl_error()
+ << boost::errinfo_api_function("SSL_CTX_use_certificate_chain_file")
+ << errinfo_openssl_error(ERR_get_error())
+ << boost::errinfo_file_name(pubkey));
+ }
+
+ if (!SSL_CTX_use_PrivateKey_file(sslContext.get(), privkey.CStr(), SSL_FILETYPE_PEM)) {
+ BOOST_THROW_EXCEPTION(openssl_error()
+ << boost::errinfo_api_function("SSL_CTX_use_PrivateKey_file")
+ << errinfo_openssl_error(ERR_get_error())
+ << boost::errinfo_file_name(privkey));
+ }
+
+ if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), NULL)) {
+ BOOST_THROW_EXCEPTION(openssl_error()
+ << boost::errinfo_api_function("SSL_CTX_load_verify_locations")
+ << errinfo_openssl_error(ERR_get_error())
+ << boost::errinfo_file_name(cakey));
+ }
+
+ STACK_OF(X509_NAME) *cert_names;
+
+ cert_names = SSL_load_client_CA_file(cakey.CStr());
+ if (cert_names == NULL) {
+ BOOST_THROW_EXCEPTION(openssl_error()
+ << boost::errinfo_api_function("SSL_load_client_CA_file")
+ << errinfo_openssl_error(ERR_get_error())
+ << boost::errinfo_file_name(cakey));
+ }
+
+ SSL_CTX_set_client_CA_list(sslContext.get(), cert_names);
+
+ return sslContext;
+}
+
+/**
+ * Retrieves the common name for an X509 certificate.
+ *
+ * @param certificate The X509 certificate.
+ * @returns The common name.
+ */
+String GetCertificateCN(const shared_ptr<X509>& certificate)
+{
+ char buffer[256];
+
+ int rc = X509_NAME_get_text_by_NID(X509_get_subject_name(certificate.get()),
+ NID_commonName, buffer, sizeof(buffer));
+
+ if (rc == -1) {
+ BOOST_THROW_EXCEPTION(openssl_error()
+ << boost::errinfo_api_function("X509_NAME_get_text_by_NID")
+ << errinfo_openssl_error(ERR_get_error()));
+ }
+
+ return buffer;
+}
+
+/**
+ * Retrieves an X509 certificate from the specified file.
+ *
+ * @param pemfile The filename.
+ * @returns An X509 certificate.
+ */
+shared_ptr<X509> GetX509Certificate(const String& pemfile)
+{
+ X509 *cert;
+ BIO *fpcert = BIO_new(BIO_s_file());
+
+ if (fpcert == NULL) {
+ BOOST_THROW_EXCEPTION(openssl_error()
+ << boost::errinfo_api_function("BIO_new")
+ << errinfo_openssl_error(ERR_get_error()));
+ }
+
+ if (BIO_read_filename(fpcert, pemfile.CStr()) < 0) {
+ BOOST_THROW_EXCEPTION(openssl_error()
+ << boost::errinfo_api_function("BIO_read_filename")
+ << errinfo_openssl_error(ERR_get_error())
+ << boost::errinfo_file_name(pemfile));
+ }
+
+ cert = PEM_read_bio_X509_AUX(fpcert, NULL, NULL, NULL);
+ if (cert == NULL) {
+ BOOST_THROW_EXCEPTION(openssl_error()
+ << boost::errinfo_api_function("PEM_read_bio_X509_AUX")
+ << errinfo_openssl_error(ERR_get_error()));
+ }
+
+ BIO_free(fpcert);
+
+ return shared_ptr<X509>(cert, X509_free);
+}
+
--- /dev/null
+/******************************************************************************
+ * Icinga 2 *
+ * Copyright (C) 2012 Icinga Development Team (http://www.icinga.org/) *
+ * *
+ * This program is free software; you can redistribute it and/or *
+ * modify it under the terms of the GNU General Public License *
+ * as published by the Free Software Foundation; either version 2 *
+ * of the License, or (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software Foundation *
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ******************************************************************************/
+
+#ifndef TLSUTILITY_H
+#define TLSUTILITY_H
+
+#include "base/i2-base.h"
+#include "base/object.h"
+#include "base/qstring.h"
+#include "base/exception.h"
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+namespace icinga
+{
+
+shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey);
+String GetCertificateCN(const shared_ptr<X509>& certificate);
+shared_ptr<X509> GetX509Certificate(const String& pemfile);
+
+class I2_BASE_API openssl_error : virtual public std::exception, virtual public boost::exception { };
+
+struct errinfo_openssl_error_;
+typedef boost::error_info<struct errinfo_openssl_error_, int> errinfo_openssl_error;
+
+inline std::string to_string(const errinfo_openssl_error& e)
+{
+ std::ostringstream tmp;
+ int code = e.value();
+
+ const char *message = ERR_error_string(code, NULL);
+
+ if (message == NULL)
+ message = "Unknown error.";
+
+ tmp << code << ", \"" << message << "\"";
+ return tmp.str();
+}
+
+}
+
+#endif /* TLSUTILITY_H */
using namespace icinga;
-bool I2_EXPORT Utility::m_SSLInitialized = false;
-
/**
* Demangles a symbol name.
*
return DemangleSymbolName(ti.name());
}
-/**
- * Initializes the OpenSSL library.
- */
-void Utility::InitializeOpenSSL(void)
-{
- if (m_SSLInitialized)
- return;
-
- SSL_library_init();
- SSL_load_error_strings();
-
- m_SSLInitialized = true;
-}
-
-/**
- * Initializes an SSL context using the specified certificates.
- *
- * @param pubkey The public key.
- * @param privkey The matching private key.
- * @param cakey CA certificate chain file.
- * @returns An SSL context.
- */
-shared_ptr<SSL_CTX> Utility::MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey)
-{
- InitializeOpenSSL();
-
- shared_ptr<SSL_CTX> sslContext = shared_ptr<SSL_CTX>(SSL_CTX_new(TLSv1_method()), SSL_CTX_free);
-
- SSL_CTX_set_mode(sslContext.get(), SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-
- if (!SSL_CTX_use_certificate_chain_file(sslContext.get(), pubkey.CStr())) {
- BOOST_THROW_EXCEPTION(openssl_error()
- << boost::errinfo_api_function("SSL_CTX_use_certificate_chain_file")
- << errinfo_openssl_error(ERR_get_error())
- << boost::errinfo_file_name(pubkey));
- }
-
- if (!SSL_CTX_use_PrivateKey_file(sslContext.get(), privkey.CStr(), SSL_FILETYPE_PEM)) {
- BOOST_THROW_EXCEPTION(openssl_error()
- << boost::errinfo_api_function("SSL_CTX_use_PrivateKey_file")
- << errinfo_openssl_error(ERR_get_error())
- << boost::errinfo_file_name(privkey));
- }
-
- if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), NULL)) {
- BOOST_THROW_EXCEPTION(openssl_error()
- << boost::errinfo_api_function("SSL_CTX_load_verify_locations")
- << errinfo_openssl_error(ERR_get_error())
- << boost::errinfo_file_name(cakey));
- }
-
- STACK_OF(X509_NAME) *cert_names;
-
- cert_names = SSL_load_client_CA_file(cakey.CStr());
- if (cert_names == NULL) {
- BOOST_THROW_EXCEPTION(openssl_error()
- << boost::errinfo_api_function("SSL_load_client_CA_file")
- << errinfo_openssl_error(ERR_get_error())
- << boost::errinfo_file_name(cakey));
- }
-
- SSL_CTX_set_client_CA_list(sslContext.get(), cert_names);
-
- return sslContext;
-}
-
-/**
- * Retrieves the common name for an X509 certificate.
- *
- * @param certificate The X509 certificate.
- * @returns The common name.
- */
-String Utility::GetCertificateCN(const shared_ptr<X509>& certificate)
-{
- char buffer[256];
-
- int rc = X509_NAME_get_text_by_NID(X509_get_subject_name(certificate.get()),
- NID_commonName, buffer, sizeof(buffer));
-
- if (rc == -1) {
- BOOST_THROW_EXCEPTION(openssl_error()
- << boost::errinfo_api_function("X509_NAME_get_text_by_NID")
- << errinfo_openssl_error(ERR_get_error()));
- }
-
- return buffer;
-}
-
-/**
- * Retrieves an X509 certificate from the specified file.
- *
- * @param pemfile The filename.
- * @returns An X509 certificate.
- */
-shared_ptr<X509> Utility::GetX509Certificate(const String& pemfile)
-{
- X509 *cert;
- BIO *fpcert = BIO_new(BIO_s_file());
-
- if (fpcert == NULL) {
- BOOST_THROW_EXCEPTION(openssl_error()
- << boost::errinfo_api_function("BIO_new")
- << errinfo_openssl_error(ERR_get_error()));
- }
-
- if (BIO_read_filename(fpcert, pemfile.CStr()) < 0) {
- BOOST_THROW_EXCEPTION(openssl_error()
- << boost::errinfo_api_function("BIO_read_filename")
- << errinfo_openssl_error(ERR_get_error())
- << boost::errinfo_file_name(pemfile));
- }
-
- cert = PEM_read_bio_X509_AUX(fpcert, NULL, NULL, NULL);
- if (cert == NULL) {
- BOOST_THROW_EXCEPTION(openssl_error()
- << boost::errinfo_api_function("PEM_read_bio_X509_AUX")
- << errinfo_openssl_error(ERR_get_error()));
- }
-
- BIO_free(fpcert);
-
- return shared_ptr<X509>(cert, X509_free);
-}
-
/**
* Performs wildcard pattern matching.
*
#define UTILITY_H
#include "base/i2-base.h"
+#include "base/object.h"
#include "base/qstring.h"
#include <typeinfo>
#include <boost/function.hpp>
static String DemangleSymbolName(const String& sym);
static String GetTypeName(const std::type_info& ti);
- static shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey);
- static String GetCertificateCN(const shared_ptr<X509>& certificate);
- static shared_ptr<X509> GetX509Certificate(const String& pemfile);
-
static bool Match(const String& pattern, const String& text);
static String DirName(const String& path);
static void SetNonBlockingSocket(SOCKET s);
private:
- static bool m_SSLInitialized;
-
Utility(void);
-
- static void InitializeOpenSSL(void);
};
}
Value Empty;
+Value::Value(void)
+ : m_Value()
+{ }
+
+Value::Value(int value)
+ : m_Value(value)
+{ }
+
+Value::Value(long value)
+ : m_Value(double(value))
+{ }
+
+Value::Value(double value)
+ : m_Value(value)
+{ }
+
+Value::Value(const String& value)
+ : m_Value(value)
+{ }
+
+Value::Value(const char *value)
+ : m_Value(String(value))
+{ }
+
/**
* Checks whether the variant is empty.
*
#include "base/object.h"
#include "base/qstring.h"
-#include <boost/variant.hpp>
+#include <boost/variant/variant.hpp>
+#include <boost/variant/get.hpp>
struct cJSON;
class I2_BASE_API Value
{
public:
- inline Value(void)
- : m_Value()
- { }
-
- inline Value(int value)
- : m_Value(value)
- { }
-
- inline Value(long value)
- : m_Value(double(value))
- { }
-
- inline Value(double value)
- : m_Value(value)
- { }
-
- inline Value(const String& value)
- : m_Value(value)
- { }
-
- inline Value(const char *value)
- : m_Value(String(value))
- { }
+ Value(void);
+ Value(int value);
+ Value(long value);
+ Value(double value);
+ Value(const String& value);
+ Value(const char *value);
template<typename T>
inline Value(const shared_ptr<T>& value)
if (!value)
return;
- Object::Ptr object = dynamic_pointer_cast<Object>(value);
-
- if (!object)
- BOOST_THROW_EXCEPTION(std::invalid_argument("shared_ptr value type must inherit from Object class."));
-
- m_Value = object;
+ m_Value = static_pointer_cast<Object>(value);
}
operator double(void) const;
return object;
}
- bool IsEmpty(void) const;
+bool IsEmpty(void) const;
bool IsScalar(void) const;
bool IsObject(void) const;
if (!GetCertificateFile().IsEmpty() && !GetCAFile().IsEmpty()) {
/* set up SSL context */
- shared_ptr<X509> cert = Utility::GetX509Certificate(GetCertificateFile());
- String identity = Utility::GetCertificateCN(cert);
+ shared_ptr<X509> cert = GetX509Certificate(GetCertificateFile());
+ String identity = GetCertificateCN(cert);
Log(LogInformation, "icinga", "My identity: " + identity);
EndpointManager::GetInstance()->SetIdentity(identity);
- m_SSLContext = Utility::MakeSSLContext(GetCertificateFile(), GetCertificateFile(), GetCAFile());
+ m_SSLContext = MakeSSLContext(GetCertificateFile(), GetCertificateFile(), GetCAFile());
EndpointManager::GetInstance()->SetSSLContext(m_SSLContext);
}
#include "icinga/i2-icinga.h"
#include "base/application.h"
+#include "base/tlsutility.h"
namespace icinga
{
#include "base/logger_fwd.h"
#include "base/convert.h"
#include "base/utility.h"
+#include "base/tlsutility.h"
#include <boost/tuple/tuple.hpp>
#include <boost/foreach.hpp>
m_PendingClients.erase(tlsStream);
shared_ptr<X509> cert = tlsStream->GetPeerCertificate();
- String identity = Utility::GetCertificateCN(cert);
+ String identity = GetCertificateCN(cert);
Log(LogInformation, "icinga", "New client connection at " + peerAddress + " for identity '" + identity + "'");
projects / icinga2 / commitdiff