dc/da3/secure__socket__utils_8cc_source.html

// Copyright (c) 2017, the Dart project authors.  Please see the AUTHORS file

// for details. All rights reserved. Use of this source code is governed by a

// BSD-style license that can be found in the LICENSE file.


#if !defined(DART_IO_SECURE_SOCKET_DISABLED)


#include "bin/secure_socket_utils.h"


#include <openssl/err.h>

#include <openssl/ssl.h>


#include "platform/globals.h"


#include "bin/file.h"

#include "bin/secure_socket_filter.h"

#include "bin/security_context.h"

#include "platform/syslog.h"


namespace dart {

namespace bin {


// Get the error messages from BoringSSL, and put them in buffer as a

// null-terminated string.

// This function extracts all the error messages into a string and returns

// the first error code so that this error can be passed in as the OSError

// error code to the IOException.


uint32_t SecureSocketUtils::FetchErrorString(const SSL* ssl,

                                             TextBuffer* text_buffer) {

  const char* sep = File::PathSeparator();

  uint32_t errCode = 0;

  while (true) {

    const char* path = nullptr;

    int line = -1;

    uint32_t error = ERR_get_error_line(&path, &line);

    if (error == 0) {

      break;

    }

    if (errCode == 0) {

      errCode = error;

    }

    text_buffer->Printf("\n\t%s", ERR_reason_error_string(error));

    if ((ssl != nullptr) && (ERR_GET_LIB(error) == ERR_LIB_SSL) &&

        (ERR_GET_REASON(error) == SSL_R_CERTIFICATE_VERIFY_FAILED)) {

      intptr_t result = SSL_get_verify_result(ssl);

      text_buffer->Printf(": %s", X509_verify_cert_error_string(result));

    }

    if ((path != nullptr) && (line >= 0)) {

      const char* file = strrchr(path, sep[0]);

      path = file != nullptr ? file + 1 : path;

      text_buffer->Printf("(%s:%d)", path, line);

    }

  }

  return errCode;

}


// Handle an error reported from the BoringSSL library.


void SecureSocketUtils::ThrowIOException(int status,

                                         const char* exception_type,

                                         const char* message,

                                         const SSL* ssl) {

  Dart_Handle exception;

  {

    TextBuffer error_string(SSL_ERROR_MESSAGE_BUFFER_SIZE);

    uint32_t errCode = SecureSocketUtils::FetchErrorString(ssl, &error_string);

    if (status == 0) {

      status = errCode;

    }

    OSError os_error_struct(status, error_string.buffer(), OSError::kBoringSSL);

    Dart_Handle os_error = DartUtils::NewDartOSError(&os_error_struct);

    exception =

        DartUtils::NewDartIOException(exception_type, message, os_error);

    ASSERT(!Dart_IsError(exception));

  }

  Dart_ThrowException(exception);

  UNREACHABLE();

}


void SecureSocketUtils::CheckStatusSSL(int status,

                                       const char* type,

                                       const char* message,

                                       const SSL* ssl) {

  // TODO(24183): Take appropriate action on failed calls,

  // throw exception that includes all messages from the error stack.

  if (status == 1) {

    return;

  }

  if (SSL_LOG_STATUS) {

    int error = ERR_get_error();

    Syslog::PrintErr("Failed: %s status: %d ", message, status);

    char error_string[SSL_ERROR_MESSAGE_BUFFER_SIZE];

    ERR_error_string_n(error, error_string, SSL_ERROR_MESSAGE_BUFFER_SIZE);

    Syslog::PrintErr("%s\n", error_string);

  }

  SecureSocketUtils::ThrowIOException(status, type, message, ssl);

}


void SecureSocketUtils::CheckStatus(int status,

                                    const char* type,

                                    const char* message) {

  SecureSocketUtils::CheckStatusSSL(status, type, message, nullptr);

}


bool SecureSocketUtils::IsCurrentTimeInsideCertValidDateRange(X509* root_cert) {

  ASN1_TIME* not_before = X509_get_notBefore(root_cert);

  ASN1_TIME* not_after = X509_get_notAfter(root_cert);

  int days_since_valid = 0;

  int secs_since_valid = 0;

  int days_before_invalid = 0;

  int secs_before_invalid = 0;

  // nullptr indicates current date/time

  ASN1_TIME_diff(&days_since_valid, &secs_since_valid, not_before,

                 /*to=*/nullptr);

  ASN1_TIME_diff(&days_before_invalid, &secs_before_invalid,

                 /*from=*/nullptr, not_after);

  return days_since_valid >= 0 && secs_since_valid >= 0 &&

         days_before_invalid >= 0 && secs_before_invalid >= 0;

}


}  // namespace bin

}  // namespace dart


#endif  // !defined(DART_IO_SECURE_SOCKET_DISABLED)

UNREACHABLE
#define UNREACHABLE()
Definition assert.h:248

dart::BaseTextBuffer::Printf
intptr_t Printf(const char *format,...) PRINTF_ATTRIBUTE(2
Definition text_buffer.cc:14

dart::BaseTextBuffer::buffer
char * buffer() const
Definition text_buffer.h:35

dart::Syslog::PrintErr
static void PrintErr(const char *format,...) PRINTF_ATTRIBUTE(1

dart::TextBuffer
Definition text_buffer.h:59

dart::bin::DartUtils::NewDartOSError
static Dart_Handle NewDartOSError()
Definition dartutils.cc:706

dart::bin::DartUtils::NewDartIOException
static Dart_Handle NewDartIOException(const char *exception_name, const char *message, Dart_Handle os_error)
Definition dartutils.cc:762

dart::bin::File::PathSeparator
static const char * PathSeparator()

dart::bin::OSError
Definition utils.h:18

dart::bin::OSError::kBoringSSL
@ kBoringSSL
Definition utils.h:20

dart::bin::SecureSocketUtils::SSL_ERROR_MESSAGE_BUFFER_SIZE
static constexpr int SSL_ERROR_MESSAGE_BUFFER_SIZE
Definition secure_socket_utils.h:28

dart::bin::SecureSocketUtils::IsCurrentTimeInsideCertValidDateRange
static bool IsCurrentTimeInsideCertValidDateRange(X509 *root_cert)
Definition secure_socket_utils.cc:103

dart::bin::SecureSocketUtils::ThrowIOException
static void ThrowIOException(int status, const char *exception_type, const char *message, const SSL *ssl)
Definition secure_socket_utils.cc:57

dart::bin::SecureSocketUtils::FetchErrorString
static uint32_t FetchErrorString(const SSL *ssl, TextBuffer *text_buffer)
Definition secure_socket_utils.cc:27

dart::bin::SecureSocketUtils::CheckStatusSSL
static void CheckStatusSSL(int status, const char *type, const char *message, const SSL *ssl)
Definition secure_socket_utils.cc:78

dart::bin::SecureSocketUtils::CheckStatus
static void CheckStatus(int status, const char *type, const char *message)
Definition secure_socket_utils.cc:97

Dart_Handle
struct _Dart_Handle * Dart_Handle
Definition dart_api.h:258

ASSERT
#define ASSERT(E)
Definition entrypoints_verification_test.cc:25

error
const uint8_t uint32_t uint32_t GError ** error
Definition fl_pixel_buffer_texture_test.cc:40

type
uint8_t type
Definition fl_standard_message_codec_test.cc:1115

result
GAsyncResult * result
Definition fl_text_input_plugin.cc:106

message
Win32Message message
Definition keyboard_unittests.cc:139

dart::bin::SSL_LOG_STATUS
const bool SSL_LOG_STATUS
Definition secure_socket_utils.h:22

dart
Definition dart_vm.cc:33

dart::Dart_IsError
DART_EXPORT bool Dart_IsError(Dart_Handle handle)
Definition dart_api_impl.cc:744

dart::Dart_ThrowException
DART_EXPORT Dart_Handle Dart_ThrowException(Dart_Handle exception)
Definition dart_api_impl.cc:4822

globals.h

secure_socket_filter.h

secure_socket_utils.h

security_context.h

syslog.h

file.h