factor/basis/io/sockets/secure/secure.factor

! Copyright (C) 2008, 2010 Slava Pestov.
! See http://factorcode.org/license.txt for BSD license.
USING: accessors alien.libraries calendar combinators delegate
destructors io io.sockets io.sockets.private kernel memoize
namespaces present sequences summary system vocabs ;
IN: io.sockets.secure

SYMBOL: secure-socket-timeout

1 minutes secure-socket-timeout set-global

SYMBOL: secure-socket-backend

HOOK: ssl-supported? secure-socket-backend ( -- ? )
HOOK: ssl-certificate-verification-supported? secure-socket-backend ( -- ? )

M: object ssl-supported? f ;
M: object ssl-certificate-verification-supported? f ;

SINGLETONS: TLSv1 TLSv1.1 TLSv1.2 ;

ERROR: no-tls-supported ;

MEMO: best-tls-method ( -- class )
    {
        { [ "TLSv1_2_method" "libssl" dlsym? ] [ TLSv1.2 ] }
        { [ "TLSv1_1_method" "libssl" dlsym? ] [ TLSv1.1 ] }
        { [ "TLSv1_method" "libssl" dlsym? ] [ TLSv1 ] }
        [ no-tls-supported ]
    } cond ;

TUPLE: secure-config
method
key-file password
verify
verify-depth
ca-file ca-path
dh-file
ephemeral-key-bits ;

: <secure-config> ( -- config )
    secure-config new
        best-tls-method >>method
        1024 >>ephemeral-key-bits
        ssl-certificate-verification-supported? >>verify ;

TUPLE: secure-context < disposable config handle ;

HOOK: <secure-context> secure-socket-backend ( config -- context )

: with-secure-context ( config quot -- )
    [
        [ <secure-context> ] [ [ secure-context set ] prepose ] bi*
        with-disposal
    ] with-scope ; inline

TUPLE: secure
    { addrspec read-only }
    { hostname read-only } ;

C: <secure> secure

M: secure present addrspec>> present " (secure)" append ;

M: secure (server) addrspec>> (server) ;

CONSULT: inet secure addrspec>> ;

M: secure resolve-host ( secure -- seq )
    [ addrspec>> resolve-host ] [ hostname>> ] bi
    [ <secure> ] curry map ;

HOOK: check-certificate secure-socket-backend ( host handle -- )

PREDICATE: secure-inet < secure addrspec>> inet? ;

<PRIVATE

M: secure-inet (client)
    [
        [ resolve-host (client) [ |dispose ] dip ] keep
        addrspec>> host>> pick handle>> check-certificate
    ] with-destructors ;

PRIVATE>

ERROR: premature-close ;

M: premature-close summary
    drop "Connection closed prematurely - potential truncation attack" ;

ERROR: certificate-verify-error result ;

M: certificate-verify-error summary
    drop "Certificate verification failed" ;

ERROR: subject-name-verify-error expected got ;

M: subject-name-verify-error summary
    drop "Subject name verification failed" ;

ERROR: certificate-missing-error ;

M: certificate-missing-error summary
    drop "Host did not present any certificate" ;

ERROR: upgrade-on-non-socket ;

M: upgrade-on-non-socket summary
    drop
    "send-secure-handshake can only be used if input-stream and" print
    "output-stream are a socket" ;

ERROR: upgrade-buffers-full ;

M: upgrade-buffers-full summary
    drop
    "send-secure-handshake can only be used if buffers are empty" ;

HOOK: non-ssl-socket? os ( obj -- ? )

HOOK: socket-handle os ( obj -- ? )

HOOK: send-secure-handshake secure-socket-backend ( -- )

HOOK: accept-secure-handshake secure-socket-backend ( -- )

{
    { [ os unix? ] [ "io.sockets.secure.unix" require ] }
    { [ os windows? ] [ "io.sockets.secure.windows" require ] }
} cond
io.sockets.secure: add ssl-supported? hook, and make furnace.auth and twitter vocabs use it. This makes furnace work on Windows 2010-10-24 18:54:19 -04:00			`! Copyright (C) 2008, 2010 Slava Pestov.`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00			`! See http://factorcode.org/license.txt for BSD license.`
openssl: Prefer tls1.2. Only use secure ciphers. 2016-03-04 12:15:12 -05:00			`USING: accessors alien.libraries calendar combinators delegate`
			`destructors io io.sockets io.sockets.private kernel memoize`
			`namespaces present sequences summary system vocabs ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00			`IN: io.sockets.secure`

Fix SSL timeout support and clean up some timeout code 2008-05-21 02:36:30 -04:00			`SYMBOL: secure-socket-timeout`

			`1 minutes secure-socket-timeout set-global`

Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`SYMBOL: secure-socket-backend`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
io.sockets.secure: add ssl-supported? hook, and make furnace.auth and twitter vocabs use it. This makes furnace work on Windows 2010-10-24 18:54:19 -04:00			`HOOK: ssl-supported? secure-socket-backend ( -- ? )`
io.sockets.secure: new hook variable ssl-certificate-verification-supported? t if the backend is able to verify certificates, f otherwise. Currently certificate validation isn't implemented on Windows 2013-10-14 08:45:33 -04:00			`HOOK: ssl-certificate-verification-supported? secure-socket-backend ( -- ? )`
io.sockets.secure: add ssl-supported? hook, and make furnace.auth and twitter vocabs use it. This makes furnace work on Windows 2010-10-24 18:54:19 -04:00
			`M: object ssl-supported? f ;`
io.sockets.secure: new hook variable ssl-certificate-verification-supported? t if the backend is able to verify certificates, f otherwise. Currently certificate validation isn't implemented on Windows 2013-10-14 08:45:33 -04:00			`M: object ssl-certificate-verification-supported? f ;`
io.sockets.secure: add ssl-supported? hook, and make furnace.auth and twitter vocabs use it. This makes furnace work on Windows 2010-10-24 18:54:19 -04:00
openssl: Prefer tls1.2. Only use secure ciphers. 2016-03-04 12:15:12 -05:00			`SINGLETONS: TLSv1 TLSv1.1 TLSv1.2 ;`

			`ERROR: no-tls-supported ;`

			`MEMO: best-tls-method ( -- class )`
			`{`
			`{ [ "TLSv1_2_method" "libssl" dlsym? ] [ TLSv1.2 ] }`
			`{ [ "TLSv1_1_method" "libssl" dlsym? ] [ TLSv1.1 ] }`
			`{ [ "TLSv1_method" "libssl" dlsym? ] [ TLSv1 ] }`
			`[ no-tls-supported ]`
			`} cond ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`TUPLE: secure-config`
			`method`
			`key-file password`
Server certificate verification, lazy handshake for accept 2008-05-22 01:29:19 -04:00			`verify`
			`verify-depth`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`ca-file ca-path`
			`dh-file`
			`ephemeral-key-bits ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`: <secure-config> ( -- config )`
			`secure-config new`
openssl: Prefer tls1.2. Only use secure ciphers. 2016-03-04 12:15:12 -05:00			`best-tls-method >>method`
Server certificate verification, lazy handshake for accept 2008-05-22 01:29:19 -04:00			`1024 >>ephemeral-key-bits`
io.sockets.secure: new hook variable ssl-certificate-verification-supported? t if the backend is able to verify certificates, f otherwise. Currently certificate validation isn't implemented on Windows 2013-10-14 08:45:33 -04:00			`ssl-certificate-verification-supported? >>verify ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Disposables are now registered in a global disposables set. To take advantage of this, subclass disposable instead of providing a disposed slot and call new-disposable instead of new. tools.disposables defines two words, 'disposable.' and 'leaks', to help track down resource lifetime problems 2009-08-24 03:26:13 -04:00			`TUPLE: secure-context < disposable config handle ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`HOOK: <secure-context> secure-socket-backend ( config -- context )`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`: with-secure-context ( config quot -- )`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00			`[`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`[ <secure-context> ] [ [ secure-context set ] prepose ] bi*`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00			`with-disposal`
			`] with-scope ; inline`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Add SNI support to Factor Fixes #1527 2016-03-02 18:29:59 -05:00			`TUPLE: secure`
			`{ addrspec read-only }`
			`{ hostname read-only } ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`C: <secure> secure`

Better connection logging 2008-09-22 17:09:10 -04:00			`M: secure present addrspec>> present " (secure)" append ;`

io.sockets.secure: (server) needs a method on secure for Windows too. Move the method to a vocab that both platforms load. 2016-06-02 13:25:11 -04:00			`M: secure (server) addrspec>> (server) ;`

New threaded-server 2008-06-17 01:04:18 -04:00			`CONSULT: inet secure addrspec>> ;`

			`M: secure resolve-host ( secure -- seq )`
Add SNI support to Factor Fixes #1527 2016-03-02 18:29:59 -05:00			`[ addrspec>> resolve-host ] [ hostname>> ] bi`
			`[ <secure> ] curry map ;`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00
			`HOOK: check-certificate secure-socket-backend ( host handle -- )`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`PREDICATE: secure-inet < secure addrspec>> inet? ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Move underlying-handle word from io.launcher to io.ports, add a new underlying-port word Add a remote-address symbol to io.sockets, with-client binds it, ditto for io.servers.connection io.sockets.secure now has two new words, send-secure-handshake, accept-secure-handshake, to upgrade existing connections 2008-11-30 14:46:39 -05:00			`<PRIVATE`

Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`M: secure-inet (client)`
			`[`
New threaded-server 2008-06-17 01:04:18 -04:00			`[ resolve-host (client) [ \|dispose ] dip ] keep`
			`addrspec>> host>> pick handle>> check-certificate`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`] with-destructors ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
			`PRIVATE>`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00
			`ERROR: premature-close ;`

			`M: premature-close summary`
			`drop "Connection closed prematurely - potential truncation attack" ;`

			`ERROR: certificate-verify-error result ;`

			`M: certificate-verify-error summary`
			`drop "Certificate verification failed" ;`

io.sockets.secure, io.sockets.secure.openssl: improved host name verification that takes into account a certificates subject alternative names. 2013-09-14 15:18:13 -04:00			`ERROR: subject-name-verify-error expected got ;`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00
io.sockets.secure, io.sockets.secure.openssl: improved host name verification that takes into account a certificates subject alternative names. 2013-09-14 15:18:13 -04:00			`M: subject-name-verify-error summary`
			`drop "Subject name verification failed" ;`
Fix deploy tests 2008-07-02 22:52:28 -04:00
io.sockets.secure.openssl: guard against SSL_get_peer_certificate returning null 2014-03-06 12:41:37 -05:00			`ERROR: certificate-missing-error ;`

			`M: certificate-missing-error summary`
			`drop "Host did not present any certificate" ;`

Move underlying-handle word from io.launcher to io.ports, add a new underlying-port word Add a remote-address symbol to io.sockets, with-client binds it, ditto for io.servers.connection io.sockets.secure now has two new words, send-secure-handshake, accept-secure-handshake, to upgrade existing connections 2008-11-30 14:46:39 -05:00			`ERROR: upgrade-on-non-socket ;`

			`M: upgrade-on-non-socket summary`
			`drop`
			`"send-secure-handshake can only be used if input-stream and" print`
			`"output-stream are a socket" ;`

			`ERROR: upgrade-buffers-full ;`

			`M: upgrade-buffers-full summary`
			`drop`
			`"send-secure-handshake can only be used if buffers are empty" ;`

io.sockets.secure: Move some code from secure.unix to secure.openssl. Add a hook for finding sockets to upgrade. 2014-07-07 21:34:41 -04:00			`HOOK: non-ssl-socket? os ( obj -- ? )`

io.sockets.secure: Another fix for cross-platform openssl. 2014-07-07 21:45:22 -04:00			`HOOK: socket-handle os ( obj -- ? )`

Move underlying-handle word from io.launcher to io.ports, add a new underlying-port word Add a remote-address symbol to io.sockets, with-client binds it, ditto for io.servers.connection io.sockets.secure now has two new words, send-secure-handshake, accept-secure-handshake, to upgrade existing connections 2008-11-30 14:46:39 -05:00			`HOOK: send-secure-handshake secure-socket-backend ( -- )`

			`HOOK: accept-secure-handshake secure-socket-backend ( -- )`

Fix deploy tests 2008-07-02 22:52:28 -04:00			`{`
io.files split up and general refactoring work in progress 2008-12-14 21:03:00 -05:00			`{ [ os unix? ] [ "io.sockets.secure.unix" require ] }`
io.sockets.secure: new hook variable ssl-certificate-verification-supported? t if the backend is able to verify certificates, f otherwise. Currently certificate validation isn't implemented on Windows 2013-10-14 08:45:33 -04:00			`{ [ os windows? ] [ "io.sockets.secure.windows" require ] }`
Fix deploy tests 2008-07-02 22:52:28 -04:00			`} cond`