factor/extra/io/sockets/secure/secure.factor

! Copyright (C) 2008 Slava Pestov.
! See http://factorcode.org/license.txt for BSD license.
USING: accessors kernel symbols namespaces continuations
destructors io.sockets sequences inspector ;
IN: io.sockets.secure

SYMBOL: secure-socket-backend

SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ;

TUPLE: secure-config
method
key-file password
ca-file ca-path
dh-file
ephemeral-key-bits ;

: <secure-config> ( -- config )
    secure-config new
        SSLv23 >>method
        512 >>ephemeral-key-bits ;

TUPLE: secure-context config handle disposed ;

HOOK: <secure-context> secure-socket-backend ( config -- context )

: with-secure-context ( config quot -- )
    [
        [ <secure-context> ] [ [ secure-context set ] prepose ] bi*
        with-disposal
    ] with-scope ; inline

TUPLE: secure addrspec ;

C: <secure> secure

: resolve-secure-host ( host port passive? -- seq )
    resolve-host [ <secure> ] map ;

HOOK: check-certificate secure-socket-backend ( host handle -- )

<PRIVATE

PREDICATE: secure-inet < secure addrspec>> inet? ;

M: secure-inet (client)
    [
        addrspec>>
        [ [ host>> ] [ port>> ] bi f resolve-secure-host (client) >r |dispose r> ] keep
        host>> pick handle>> check-certificate
    ] with-destructors ;

PRIVATE>

ERROR: premature-close ;

M: premature-close summary
    drop "Connection closed prematurely - potential truncation attack" ;

ERROR: certificate-verify-error result ;

M: certificate-verify-error summary
    drop "Certificate verification failed" ;

ERROR: common-name-verify-error expected got ;

M: common-name-verify-error summary
    drop "Common name verification failed" ;
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00			`! Copyright (C) 2008 Slava Pestov.`
			`! See http://factorcode.org/license.txt for BSD license.`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`USING: accessors kernel symbols namespaces continuations`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`destructors io.sockets sequences inspector ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00			`IN: io.sockets.secure`

Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`SYMBOL: secure-socket-backend`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
			`SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ;`

Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`TUPLE: secure-config`
			`method`
			`key-file password`
			`ca-file ca-path`
			`dh-file`
			`ephemeral-key-bits ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`: <secure-config> ( -- config )`
			`secure-config new`
			`SSLv23 >>method`
			`512 >>ephemeral-key-bits ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`TUPLE: secure-context config handle disposed ;`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`HOOK: <secure-context> secure-socket-backend ( config -- context )`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`: with-secure-context ( config quot -- )`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00			`[`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`[ <secure-context> ] [ [ secure-context set ] prepose ] bi*`
Working on OpenSSL sockets 2008-05-11 18:44:14 -04:00			`with-disposal`
			`] with-scope ; inline`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`TUPLE: secure addrspec ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`C: <secure> secure`

			`: resolve-secure-host ( host port passive? -- seq )`
			`resolve-host [ <secure> ] map ;`

			`HOOK: check-certificate secure-socket-backend ( host handle -- )`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
			`<PRIVATE`

Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`PREDICATE: secure-inet < secure addrspec>> inet? ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`M: secure-inet (client)`
			`[`
			`addrspec>>`
			`[ [ host>> ] [ port>> ] bi f resolve-secure-host (client) >r \|dispose r> ] keep`
			`host>> pick handle>> check-certificate`
			`] with-destructors ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
			`PRIVATE>`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00
			`ERROR: premature-close ;`

			`M: premature-close summary`
			`drop "Connection closed prematurely - potential truncation attack" ;`

			`ERROR: certificate-verify-error result ;`

			`M: certificate-verify-error summary`
			`drop "Certificate verification failed" ;`

			`ERROR: common-name-verify-error expected got ;`

			`M: common-name-verify-error summary`
			`drop "Common name verification failed" ;`