dc/da3/secure__socket__utils_8cc_source.html

// Copyright (c) 2017, the Dart project authors.  Please see the AUTHORS file

// for details. All rights reserved. Use of this source code is governed by a

// BSD-style license that can be found in the LICENSE file.


#if !defined(DART_IO_SECURE_SOCKET_DISABLED)


#include "bin/secure_socket_utils.h"


#include <openssl/err.h>

#include <openssl/ssl.h>


#include "platform/globals.h"


#include "bin/file.h"

#include "bin/secure_socket_filter.h"

#include "bin/security_context.h"

#include "platform/syslog.h"


namespace dart {

namespace bin {


// Get the error messages from BoringSSL, and put them in buffer as a

// null-terminated string.

// This function extracts all the error messages into a string and returns

// the first error code so that this error can be passed in as the OSError

// error code to the IOException.

uint32_t SecureSocketUtils::FetchErrorString(const SSL* ssl,

                                             TextBuffer* text_buffer) {

  const char* sep = File::PathSeparator();

  uint32_t errCode = 0;

  while (true) {

    const char* path = nullptr;

    int line = -1;

    uint32_t error = ERR_get_error_line(&path, &line);

    if (error == 0) {

      break;

    }

    if (errCode == 0) {

      errCode = error;

    }

    text_buffer->Printf("\n\t%s", ERR_reason_error_string(error));

    if ((ssl != nullptr) && (ERR_GET_LIB(error) == ERR_LIB_SSL) &&

        (ERR_GET_REASON(error) == SSL_R_CERTIFICATE_VERIFY_FAILED)) {

      intptr_t result = SSL_get_verify_result(ssl);

      text_buffer->Printf(": %s", X509_verify_cert_error_string(result));

    }

    if ((path != nullptr) && (line >= 0)) {

      const char* file = strrchr(path, sep[0]);

      path = file != nullptr ? file + 1 : path;

      text_buffer->Printf("(%s:%d)", path, line);

    }

  }

  return errCode;

}


// Handle an error reported from the BoringSSL library.

void SecureSocketUtils::ThrowIOException(int status,

                                         const char* exception_type,

                                         const char* message,

                                         const SSL* ssl) {

  Dart_Handle exception;

  {

    TextBuffer error_string(SSL_ERROR_MESSAGE_BUFFER_SIZE);

    uint32_t errCode = SecureSocketUtils::FetchErrorString(ssl, &error_string);

    if (status == 0) {

      status = errCode;

    }

    OSError os_error_struct(status, error_string.buffer(), OSError::kBoringSSL);

    Dart_Handle os_error = DartUtils::NewDartOSError(&os_error_struct);

    exception =

        DartUtils::NewDartIOException(exception_type, message, os_error);

    ASSERT(!Dart_IsError(exception));

  }

  Dart_ThrowException(exception);

  UNREACHABLE();

}


void SecureSocketUtils::CheckStatusSSL(int status,

                                       const char* type,

                                       const char* message,

                                       const SSL* ssl) {

  // TODO(24183): Take appropriate action on failed calls,

  // throw exception that includes all messages from the error stack.

  if (status == 1) {

    return;

  }

  if (SSL_LOG_STATUS) {

    int error = ERR_get_error();

    Syslog::PrintErr("Failed: %s status: %d ", message, status);

    char error_string[SSL_ERROR_MESSAGE_BUFFER_SIZE];

    ERR_error_string_n(error, error_string, SSL_ERROR_MESSAGE_BUFFER_SIZE);

    Syslog::PrintErr("%s\n", error_string);

  }

  SecureSocketUtils::ThrowIOException(status, type, message, ssl);

}


void SecureSocketUtils::CheckStatus(int status,

                                    const char* type,

                                    const char* message) {

  SecureSocketUtils::CheckStatusSSL(status, type, message, nullptr);

}


bool SecureSocketUtils::IsCurrentTimeInsideCertValidDateRange(X509* root_cert) {

  ASN1_TIME* not_before = X509_get_notBefore(root_cert);

  ASN1_TIME* not_after = X509_get_notAfter(root_cert);

  int days_since_valid = 0;

  int secs_since_valid = 0;

  int days_before_invalid = 0;

  int secs_before_invalid = 0;

  // nullptr indicates current date/time

  ASN1_TIME_diff(&days_since_valid, &secs_since_valid, not_before,

                 /*to=*/nullptr);

  ASN1_TIME_diff(&days_before_invalid, &secs_before_invalid,

                 /*from=*/nullptr, not_after);

  return days_since_valid >= 0 && secs_since_valid >= 0 &&

         days_before_invalid >= 0 && secs_before_invalid >= 0;

}


}  // namespace bin

}  // namespace dart


#endif  // !defined(DART_IO_SECURE_SOCKET_DISABLED)

UNREACHABLE
#define UNREACHABLE()
Definition: assert.h:248

type
GLenum type
Definition: blit_command_gles.cc:126

dart::BaseTextBuffer::Printf
intptr_t Printf(const char *format,...) PRINTF_ATTRIBUTE(2
Definition: text_buffer.cc:14

dart::BaseTextBuffer::buffer
char * buffer() const
Definition: text_buffer.h:35

dart::Syslog::PrintErr
static void PrintErr(const char *format,...) PRINTF_ATTRIBUTE(1

dart::TextBuffer
Definition: text_buffer.h:59

dart::bin::DartUtils::NewDartOSError
static Dart_Handle NewDartOSError()
Definition: dartutils.cc:702

dart::bin::DartUtils::NewDartIOException
static Dart_Handle NewDartIOException(const char *exception_name, const char *message, Dart_Handle os_error)
Definition: dartutils.cc:758

dart::bin::File::PathSeparator
static const char * PathSeparator()

dart::bin::OSError
Definition: utils.h:18

dart::bin::OSError::kBoringSSL
@ kBoringSSL
Definition: utils.h:20

dart::bin::SecureSocketUtils::SSL_ERROR_MESSAGE_BUFFER_SIZE
static constexpr int SSL_ERROR_MESSAGE_BUFFER_SIZE
Definition: secure_socket_utils.h:28

dart::bin::SecureSocketUtils::IsCurrentTimeInsideCertValidDateRange
static bool IsCurrentTimeInsideCertValidDateRange(X509 *root_cert)
Definition: secure_socket_utils.cc:103

dart::bin::SecureSocketUtils::ThrowIOException
static void ThrowIOException(int status, const char *exception_type, const char *message, const SSL *ssl)
Definition: secure_socket_utils.cc:57

dart::bin::SecureSocketUtils::FetchErrorString
static uint32_t FetchErrorString(const SSL *ssl, TextBuffer *text_buffer)
Definition: secure_socket_utils.cc:27

dart::bin::SecureSocketUtils::CheckStatusSSL
static void CheckStatusSSL(int status, const char *type, const char *message, const SSL *ssl)
Definition: secure_socket_utils.cc:78

dart::bin::SecureSocketUtils::CheckStatus
static void CheckStatus(int status, const char *type, const char *message)
Definition: secure_socket_utils.cc:97

Dart_Handle
struct _Dart_Handle * Dart_Handle
Definition: dart_api.h:258

ASSERT
#define ASSERT(E)
Definition: entrypoints_verification_test.cc:25

error
const uint8_t uint32_t uint32_t GError ** error
Definition: fl_pixel_buffer_texture_test.cc:40

result
GAsyncResult * result
Definition: fl_text_input_plugin.cc:106

message
Win32Message message
Definition: keyboard_unittests.cc:139

dart::bin::SSL_LOG_STATUS
const bool SSL_LOG_STATUS
Definition: secure_socket_utils.h:22

dart
Definition: dart_vm.cc:33

dart::Dart_IsError
DART_EXPORT bool Dart_IsError(Dart_Handle handle)
Definition: dart_api_impl.cc:743

dart::Dart_ThrowException
DART_EXPORT Dart_Handle Dart_ThrowException(Dart_Handle exception)
Definition: dart_api_impl.cc:4818

flutter::path
DEF_SWITCHES_START aot vmservice shared library Name of the *so containing AOT compiled Dart assets for launching the service isolate vm snapshot The VM snapshot data that will be memory mapped as read only SnapshotAssetPath must be present isolate snapshot The isolate snapshot data that will be memory mapped as read only SnapshotAssetPath must be present cache dir path
Definition: switches.h:57

gn.find_headers.sep
sep
Definition: find_headers.py:47

gn.gn_meta_sln.line
line
Definition: gn_meta_sln.py:144

protoc_wrapper.file
file
Definition: protoc_wrapper.py:226

globals.h

secure_socket_filter.h

secure_socket_utils.h

security_context.h

syslog.h

file.h