Flutter Engine
The Flutter Engine
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Friends Macros Modules Pages
Public Member Functions | Static Public Member Functions | Static Public Attributes | List of all members
dart::bin::SSLCertContext Class Reference

#include <security_context.h>

Inheritance diagram for dart::bin::SSLCertContext:
dart::bin::ReferenceCounted< SSLCertContext >

Public Member Functions

 SSLCertContext (SSL_CTX *context)
 
 ~SSLCertContext ()
 
void SetTrustedCertificatesBytes (Dart_Handle cert_bytes, const char *password)
 
void SetClientAuthoritiesBytes (Dart_Handle client_authorities_bytes, const char *password)
 
int UseCertificateChainBytes (Dart_Handle cert_chain_bytes, const char *password)
 
void TrustBuiltinRoots ()
 
SSL_CTX * context () const
 
uint8_t * alpn_protocol_string () const
 
void set_alpn_protocol_string (uint8_t *protocol_string)
 
bool trust_builtin () const
 
void set_allow_tls_renegotiation (bool allow)
 
bool allow_tls_renegotiation () const
 
void set_trust_builtin (bool trust_builtin)
 
void RegisterCallbacks (SSL *ssl)
 
TrustEvaluateHandlerFunc GetTrustEvaluateHandler () const
 
- Public Member Functions inherited from dart::bin::ReferenceCounted< SSLCertContext >
 ReferenceCounted ()
 
virtual ~ReferenceCounted ()
 
void Retain ()
 
void Release ()
 

Static Public Member Functions

static int CertificateCallback (int preverify_ok, X509_STORE_CTX *store_ctx)
 
static void KeyLogCallback (const SSL *ssl, const char *line)
 
static SSLCertContextGetSecurityContext (Dart_NativeArguments args)
 
static const char * GetPasswordArgument (Dart_NativeArguments args, intptr_t index)
 
static void SetAlpnProtocolList (Dart_Handle protocols_handle, SSL *ssl, SSLCertContext *context, bool is_server)
 
static const char * root_certs_file ()
 
static void set_root_certs_file (const char *root_certs_file)
 
static const char * root_certs_cache ()
 
static void set_root_certs_cache (const char *root_certs_cache)
 
static bool long_ssl_cert_evaluation ()
 
static void set_long_ssl_cert_evaluation (bool long_ssl_cert_evaluation)
 
static bool bypass_trusting_system_roots ()
 
static void set_bypass_trusting_system_roots (bool bypass_trusting_system_roots)
 

Static Public Attributes

static const intptr_t kApproximateSize
 
static constexpr int kSecurityContextNativeFieldIndex = 0
 
static constexpr int kX509NativeFieldIndex = 0
 

Detailed Description

Definition at line 24 of file security_context.h.

Constructor & Destructor Documentation

◆ SSLCertContext()

dart::bin::SSLCertContext::SSLCertContext ( SSL_CTX *  context)
inlineexplicit

Definition at line 30 of file security_context.h.

31 : ReferenceCounted(),
32 context_(context),
33 alpn_protocol_string_(nullptr),
34 trust_builtin_(false),
35 allow_tls_renegotiation_(false) {}
dart::bin::SSLCertContext::context
SSL_CTX * context() const
Definition: security_context.h:73

◆ ~SSLCertContext()

dart::bin::SSLCertContext::~SSLCertContext ( )
inline

Definition at line 37 of file security_context.h.

37 {
38 SSL_CTX_free(context_);
39 free(alpn_protocol_string_);
40 }

Member Function Documentation

◆ allow_tls_renegotiation()

bool dart::bin::SSLCertContext::allow_tls_renegotiation ( ) const
inline

Definition at line 89 of file security_context.h.

89{ return allow_tls_renegotiation_; }

◆ alpn_protocol_string()

uint8_t * dart::bin::SSLCertContext::alpn_protocol_string ( ) const
inline

Definition at line 75 of file security_context.h.

75{ return alpn_protocol_string_; }

◆ bypass_trusting_system_roots()

static bool dart::bin::SSLCertContext::bypass_trusting_system_roots ( )
inlinestatic

Definition at line 101 of file security_context.h.

101 {
102 return bypass_trusting_system_roots_;
103 }

◆ CertificateCallback()

int dart::bin::SSLCertContext::CertificateCallback ( int  preverify_ok,
X509_STORE_CTX *  store_ctx 
)
static

Definition at line 40 of file security_context.cc.

41 {
42 if (preverify_ok == 1) {
43 return 1;
44 }
45 Dart_Isolate isolate = Dart_CurrentIsolate();
46 if (isolate == nullptr) {
47 FATAL("CertificateCallback called with no current isolate\n");
48 }
49 X509* certificate = X509_STORE_CTX_get_current_cert(store_ctx);
50 int ssl_index = SSL_get_ex_data_X509_STORE_CTX_idx();
51 SSL* ssl =
52 static_cast<SSL*>(X509_STORE_CTX_get_ex_data(store_ctx, ssl_index));
53 SSLFilter* filter = static_cast<SSLFilter*>(
54 SSL_get_ex_data(ssl, SSLFilter::filter_ssl_index));
55 Dart_Handle callback = filter->bad_certificate_callback();
56 if (Dart_IsNull(callback)) {
57 return 0;
58 }
59
60 // Upref since the Dart X509 object may outlive the SecurityContext.
61 if (certificate != nullptr) {
62 X509_up_ref(certificate);
63 }
64 Dart_Handle args[1];
65 args[0] = X509Helper::WrappedX509Certificate(certificate);
66 if (Dart_IsError(args[0])) {
67 filter->callback_error = args[0];
68 return 0;
69 }
70 Dart_Handle result = Dart_InvokeClosure(callback, 1, args);
71 if (!Dart_IsError(result) && !Dart_IsBoolean(result)) {
72 result = Dart_NewUnhandledExceptionError(DartUtils::NewDartIOException(
73 "HandshakeException",
74 "BadCertificateCallback returned a value that was not a boolean",
75 Dart_Null()));
76 }
77 // See SSLFilter::Handshake for the semantics of filter->callback_error.
78 if (Dart_IsError(result) && filter->callback_error == nullptr) {
79 filter->callback_error = result;
80 return 0;
81 }
82 return static_cast<int>(DartUtils::GetBooleanValue(result));
83}
dart::bin::DartUtils::GetBooleanValue
static bool GetBooleanValue(Dart_Handle bool_obj)
Definition: dartutils.cc:137
dart::bin::DartUtils::NewDartIOException
static Dart_Handle NewDartIOException(const char *exception_name, const char *message, Dart_Handle os_error)
Definition: dartutils.cc:758
dart::bin::X509Helper::WrappedX509Certificate
static Dart_Handle WrappedX509Certificate(X509 *certificate)
Definition: security_context.cc:146
Dart_Handle
struct _Dart_Handle * Dart_Handle
Definition: dart_api.h:258
Dart_Isolate
struct _Dart_Isolate * Dart_Isolate
Definition: dart_api.h:88
FATAL
#define FATAL(error)
Definition: ffi_test_functions_vmspecific.cc:435
args
G_BEGIN_DECLS G_MODULE_EXPORT FlValue * args
Definition: fl_event_channel.h:89
callback
FlKeyEvent uint64_t FlKeyResponderAsyncCallback callback
Definition: fl_key_channel_responder.cc:120
result
GAsyncResult * result
Definition: fl_text_input_plugin.cc:106
dart::Dart_IsBoolean
DART_EXPORT bool Dart_IsBoolean(Dart_Handle object)
Definition: dart_api_impl.cc:2367
dart::Dart_NewUnhandledExceptionError
DART_EXPORT Dart_Handle Dart_NewUnhandledExceptionError(Dart_Handle exception)
Definition: dart_api_impl.cc:842
dart::Dart_CurrentIsolate
DART_EXPORT Dart_Isolate Dart_CurrentIsolate()
Definition: dart_api_impl.cc:1454
dart::Dart_IsError
DART_EXPORT bool Dart_IsError(Dart_Handle handle)
Definition: dart_api_impl.cc:743
dart::Dart_InvokeClosure
DART_EXPORT Dart_Handle Dart_InvokeClosure(Dart_Handle closure, int number_of_arguments, Dart_Handle *arguments)
Definition: dart_api_impl.cc:4643
dart::Dart_IsNull
DART_EXPORT bool Dart_IsNull(Dart_Handle object)
Definition: dart_api_impl.cc:2247
dart::Dart_Null
DART_EXPORT Dart_Handle Dart_Null()
Definition: dart_api_impl.cc:2242

◆ context()

SSL_CTX * dart::bin::SSLCertContext::context ( ) const
inline

Definition at line 73 of file security_context.h.

73{ return context_; }

◆ GetPasswordArgument()

const char * dart::bin::SSLCertContext::GetPasswordArgument ( Dart_NativeArguments  args,
intptr_t  index 
)
static

Definition at line 431 of file security_context.cc.

432 {
433 Dart_Handle password_object =
434 ThrowIfError(Dart_GetNativeArgument(args, index));
435 const char* password = nullptr;
436 if (Dart_IsString(password_object)) {
437 ThrowIfError(Dart_StringToCString(password_object, &password));
438 if (strlen(password) > PEM_BUFSIZE - 1) {
439 Dart_ThrowException(DartUtils::NewDartArgumentError(
440 "Password length is greater than 1023 (PEM_BUFSIZE)"));
441 }
442 } else if (Dart_IsNull(password_object)) {
443 password = "";
444 } else {
445 Dart_ThrowException(
446 DartUtils::NewDartArgumentError("Password is not a String or null"));
447 }
448 return password;
449}
dart::bin::DartUtils::NewDartArgumentError
static Dart_Handle NewDartArgumentError(const char *message)
Definition: dartutils.cc:746
dart::bin::ThrowIfError
static Dart_Handle ThrowIfError(Dart_Handle handle)
Definition: dartutils.h:31
dart::Dart_GetNativeArgument
DART_EXPORT Dart_Handle Dart_GetNativeArgument(Dart_NativeArguments args, int index)
Definition: dart_api_impl.cc:5097
dart::Dart_ThrowException
DART_EXPORT Dart_Handle Dart_ThrowException(Dart_Handle exception)
Definition: dart_api_impl.cc:4818
dart::Dart_IsString
DART_EXPORT bool Dart_IsString(Dart_Handle object)
Definition: dart_api_impl.cc:2374
dart::Dart_StringToCString
DART_EXPORT Dart_Handle Dart_StringToCString(Dart_Handle object, const char **cstr)
Definition: dart_api_impl.cc:2920

◆ GetSecurityContext()

SSLCertContext * dart::bin::SSLCertContext::GetSecurityContext ( Dart_NativeArguments  args)
static

Definition at line 95 of file security_context.cc.

95 {
96 SSLCertContext* context;
97 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0));
98 ASSERT(Dart_IsInstance(dart_this));
99 ThrowIfError(Dart_GetNativeInstanceField(
100 dart_this, SSLCertContext::kSecurityContextNativeFieldIndex,
101 reinterpret_cast<intptr_t*>(&context)));
102 if (context == nullptr) {
103 Dart_PropagateError(Dart_NewUnhandledExceptionError(
104 DartUtils::NewInternalError("No native peer")));
105 }
106 return context;
107}
dart::bin::DartUtils::NewInternalError
static Dart_Handle NewInternalError(const char *message)
Definition: dartutils.cc:781
dart::bin::SSLCertContext::SSLCertContext
SSLCertContext(SSL_CTX *context)
Definition: security_context.h:30
dart::bin::SSLCertContext::kSecurityContextNativeFieldIndex
static constexpr int kSecurityContextNativeFieldIndex
Definition: security_context.h:27
ASSERT
#define ASSERT(E)
Definition: entrypoints_verification_test.cc:25
dart::Dart_IsInstance
DART_EXPORT bool Dart_IsInstance(Dart_Handle object)
Definition: dart_api_impl.cc:2336
dart::Dart_GetNativeInstanceField
DART_EXPORT Dart_Handle Dart_GetNativeInstanceField(Dart_Handle obj, int index, intptr_t *value)
Definition: dart_api_impl.cc:4911
dart::Dart_PropagateError
DART_EXPORT void Dart_PropagateError(Dart_Handle handle)
Definition: dart_api_impl.cc:861

◆ GetTrustEvaluateHandler()

TrustEvaluateHandlerFunc dart::bin::SSLCertContext::GetTrustEvaluateHandler ( ) const

◆ KeyLogCallback()

void dart::bin::SSLCertContext::KeyLogCallback ( const SSL *  ssl,
const char *  line 
)
static

Definition at line 85 of file security_context.cc.

85 {
86 SSLFilter* filter = static_cast<SSLFilter*>(
87 SSL_get_ex_data(ssl, SSLFilter::filter_ssl_index));
88
89 Dart_Port port = filter->key_log_port();
90 if (port != ILLEGAL_PORT) {
91 DartUtils::PostString(port, line);
92 }
93}
dart::bin::DartUtils::PostString
static bool PostString(Dart_Port port_id, const char *value)
Definition: dartutils.cc:691
ILLEGAL_PORT
#define ILLEGAL_PORT
Definition: dart_api.h:1535
Dart_Port
int64_t Dart_Port
Definition: dart_api.h:1525
flutter::port
DEF_SWITCHES_START aot vmservice shared library Name of the *so containing AOT compiled Dart assets for launching the service isolate vm snapshot The VM snapshot data that will be memory mapped as read only SnapshotAssetPath must be present isolate snapshot The isolate snapshot data that will be memory mapped as read only SnapshotAssetPath must be present cache dir Path to the cache directory This is different from the persistent_cache_path in embedder which is used for Skia shader cache icu native lib Path to the library file that exports the ICU data vm service The hostname IP address on which the Dart VM Service should be served If not defaults to or::depending on whether ipv6 is specified vm service port
Definition: switches.h:87
gn.gn_meta_sln.line
line
Definition: gn_meta_sln.py:144

◆ long_ssl_cert_evaluation()

static bool dart::bin::SSLCertContext::long_ssl_cert_evaluation ( )
inlinestatic

Definition at line 96 of file security_context.h.

96{ return long_ssl_cert_evaluation_; }

◆ RegisterCallbacks()

void dart::bin::SSLCertContext::RegisterCallbacks ( SSL *  ssl)

◆ root_certs_cache()

static const char * dart::bin::SSLCertContext::root_certs_cache ( )
inlinestatic

Definition at line 57 of file security_context.h.

57{ return root_certs_cache_; }

◆ root_certs_file()

static const char * dart::bin::SSLCertContext::root_certs_file ( )
inlinestatic

Definition at line 53 of file security_context.h.

53{ return root_certs_file_; }

◆ set_allow_tls_renegotiation()

void dart::bin::SSLCertContext::set_allow_tls_renegotiation ( bool  allow)
inline

Definition at line 86 of file security_context.h.

86 {
87 allow_tls_renegotiation_ = allow;
88 }

◆ set_alpn_protocol_string()

void dart::bin::SSLCertContext::set_alpn_protocol_string ( uint8_t *  protocol_string)
inline

Definition at line 77 of file security_context.h.

77 {
78 if (alpn_protocol_string_ != nullptr) {
79 free(alpn_protocol_string_);
80 }
81 alpn_protocol_string_ = protocol_string;
82 }

◆ set_bypass_trusting_system_roots()

static void dart::bin::SSLCertContext::set_bypass_trusting_system_roots ( bool  bypass_trusting_system_roots)
inlinestatic

Definition at line 104 of file security_context.h.

105 {
106 bypass_trusting_system_roots_ = bypass_trusting_system_roots;
107 }
dart::bin::SSLCertContext::bypass_trusting_system_roots
static bool bypass_trusting_system_roots()
Definition: security_context.h:101

◆ set_long_ssl_cert_evaluation()

static void dart::bin::SSLCertContext::set_long_ssl_cert_evaluation ( bool  long_ssl_cert_evaluation)
inlinestatic

Definition at line 97 of file security_context.h.

97 {
98 long_ssl_cert_evaluation_ = long_ssl_cert_evaluation;
99 }
dart::bin::SSLCertContext::long_ssl_cert_evaluation
static bool long_ssl_cert_evaluation()
Definition: security_context.h:96

◆ set_root_certs_cache()

static void dart::bin::SSLCertContext::set_root_certs_cache ( const char *  root_certs_cache)
inlinestatic

Definition at line 58 of file security_context.h.

58 {
59 root_certs_cache_ = root_certs_cache;
60 }
dart::bin::SSLCertContext::root_certs_cache
static const char * root_certs_cache()
Definition: security_context.h:57

◆ set_root_certs_file()

static void dart::bin::SSLCertContext::set_root_certs_file ( const char *  root_certs_file)
inlinestatic

Definition at line 54 of file security_context.h.

54 {
55 root_certs_file_ = root_certs_file;
56 }
dart::bin::SSLCertContext::root_certs_file
static const char * root_certs_file()
Definition: security_context.h:53

◆ set_trust_builtin()

void dart::bin::SSLCertContext::set_trust_builtin ( bool  trust_builtin)
inline

Definition at line 91 of file security_context.h.

91{ trust_builtin_ = trust_builtin; }

◆ SetAlpnProtocolList()

void dart::bin::SSLCertContext::SetAlpnProtocolList ( Dart_Handle  protocols_handle,
SSL *  ssl,
SSLCertContext context,
bool  is_server 
)
static

Definition at line 481 of file security_context.cc.

484 {
485 // Enable ALPN (application layer protocol negotiation) if the caller provides
486 // a valid list of supported protocols.
487 Dart_TypedData_Type protocols_type;
488 uint8_t* protocol_string = nullptr;
489 uint8_t* protocol_string_copy = nullptr;
490 intptr_t protocol_string_len = 0;
491 int status;
492
493 Dart_Handle result = Dart_TypedDataAcquireData(
494 protocols_handle, &protocols_type,
495 reinterpret_cast<void**>(&protocol_string), &protocol_string_len);
496 if (Dart_IsError(result)) {
497 Dart_PropagateError(result);
498 }
499
500 if (protocols_type != Dart_TypedData_kUint8) {
501 Dart_TypedDataReleaseData(protocols_handle);
502 Dart_PropagateError(Dart_NewApiError(
503 "Unexpected type for protocols (expected valid Uint8List)."));
504 }
505
506 if (protocol_string_len > 0) {
507 if (is_server) {
508 // ALPN on server connections must be set on an SSL_CTX object,
509 // not on the SSL object of the individual connection.
510 ASSERT(context != nullptr);
511 ASSERT(ssl == nullptr);
512 // Because it must be passed as a single void*, terminate
513 // the list of (length, data) strings with a length 0 string.
514 protocol_string_copy =
515 static_cast<uint8_t*>(malloc(protocol_string_len + 1));
516 memmove(protocol_string_copy, protocol_string, protocol_string_len);
517 protocol_string_copy[protocol_string_len] = '\0';
518 SSL_CTX_set_alpn_select_cb(context->context(), AlpnCallback,
519 protocol_string_copy);
520 context->set_alpn_protocol_string(protocol_string_copy);
521 } else {
522 // The function makes a local copy of protocol_string, which it owns.
523 if (ssl != nullptr) {
524 ASSERT(context == nullptr);
525 status = SSL_set_alpn_protos(ssl, protocol_string, protocol_string_len);
526 } else {
527 ASSERT(context != nullptr);
528 ASSERT(ssl == nullptr);
529 status = SSL_CTX_set_alpn_protos(context->context(), protocol_string,
530 protocol_string_len);
531 }
532 ASSERT(status == 0); // The function returns a non-standard status.
533 }
534 }
535 Dart_TypedDataReleaseData(protocols_handle);
536}
Dart_TypedData_Type
Dart_TypedData_Type
Definition: dart_api.h:2612
Dart_TypedData_kUint8
@ Dart_TypedData_kUint8
Definition: dart_api.h:2615
dart::bin::AlpnCallback
int AlpnCallback(SSL *ssl, const uint8_t **out, uint8_t *outlen, const uint8_t *in, unsigned int inlen, void *arg)
Definition: security_context.cc:451
dart::malloc
void * malloc(size_t size)
Definition: allocation.cc:19
dart::Dart_TypedDataAcquireData
DART_EXPORT Dart_Handle Dart_TypedDataAcquireData(Dart_Handle object, Dart_TypedData_Type *type, void **data, intptr_t *len)
Definition: dart_api_impl.cc:4026
dart::Dart_TypedDataReleaseData
DART_EXPORT Dart_Handle Dart_TypedDataReleaseData(Dart_Handle object)
Definition: dart_api_impl.cc:4127
dart::Dart_NewApiError
DART_EXPORT Dart_Handle Dart_NewApiError(const char *error)
Definition: dart_api_impl.cc:826

◆ SetClientAuthoritiesBytes()

void dart::bin::SSLCertContext::SetClientAuthoritiesBytes ( Dart_Handle  client_authorities_bytes,
const char *  password 
)

Definition at line 308 of file security_context.cc.

310 {
311 int status;
312 {
313 ScopedMemBIO bio(client_authorities_bytes);
314 status = SetClientAuthorities(context(), &bio, password);
315 }
316
317 SecureSocketUtils::CheckStatus(status, "TlsException",
318 "Failure in setClientAuthoritiesBytes");
319}
dart::bin::SecureSocketUtils::CheckStatus
static void CheckStatus(int status, const char *type, const char *message)
Definition: secure_socket_utils.cc:97
dart::bin::SetClientAuthorities
static int SetClientAuthorities(SSL_CTX *context, ScopedMemBIO *bio, const char *password)
Definition: security_context.cc:291

◆ SetTrustedCertificatesBytes()

void dart::bin::SSLCertContext::SetTrustedCertificatesBytes ( Dart_Handle  cert_bytes,
const char *  password 
)

Definition at line 230 of file security_context.cc.

231 {
232 int status = 0;
233 {
234 ScopedMemBIO bio(cert_bytes);
235 status = SetTrustedCertificatesBytesPEM(context(), bio.bio());
236 if (status == 0) {
237 if (SecureSocketUtils::NoPEMStartLine()) {
238 ERR_clear_error();
239 BIO_reset(bio.bio());
240 status = SetTrustedCertificatesBytesPKCS12(context(), &bio, password);
241 }
242 } else {
243 // The PEM file was successfully parsed.
244 ERR_clear_error();
245 }
246 }
247 SecureSocketUtils::CheckStatus(status, "TlsException",
248 "Failure trusting builtin roots");
249}
dart::bin::SetTrustedCertificatesBytesPEM
static int SetTrustedCertificatesBytesPEM(SSL_CTX *context, BIO *bio)
Definition: security_context.cc:207
dart::bin::SetTrustedCertificatesBytesPKCS12
static int SetTrustedCertificatesBytesPKCS12(SSL_CTX *context, ScopedMemBIO *bio, const char *password)
Definition: security_context.cc:180

◆ trust_builtin()

bool dart::bin::SSLCertContext::trust_builtin ( ) const
inline

Definition at line 84 of file security_context.h.

84{ return trust_builtin_; }

◆ TrustBuiltinRoots()

void dart::bin::SSLCertContext::TrustBuiltinRoots ( )

◆ UseCertificateChainBytes()

int dart::bin::SSLCertContext::UseCertificateChainBytes ( Dart_Handle  cert_chain_bytes,
const char *  password 
)

Definition at line 629 of file security_context.cc.

630 {
631 ScopedMemBIO bio(cert_chain_bytes);
632 return UseChainBytes(context(), &bio, password);
633}
dart::bin::UseChainBytes
static int UseChainBytes(SSL_CTX *context, ScopedMemBIO *bio, const char *password)
Definition: security_context.cc:612

Member Data Documentation

◆ kApproximateSize

const intptr_t dart::bin::SSLCertContext::kApproximateSize
static

Definition at line 26 of file security_context.h.

◆ kSecurityContextNativeFieldIndex

constexpr int dart::bin::SSLCertContext::kSecurityContextNativeFieldIndex = 0
staticconstexpr

Definition at line 27 of file security_context.h.

◆ kX509NativeFieldIndex

constexpr int dart::bin::SSLCertContext::kX509NativeFieldIndex = 0
staticconstexpr

Definition at line 28 of file security_context.h.

The documentation for this class was generated from the following files:
Generated on Sun Jun 23 2024 21:59:50 for Flutter Engine by doxygen 1.9.4