libminifi/include/io/tls/TLSSocket.h - nifi-minifi-cpp - Git at Google

 /**
  *
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 #ifndef LIBMINIFI_INCLUDE_IO_TLS_TLSSOCKET_H_
 #define LIBMINIFI_INCLUDE_IO_TLS_TLSSOCKET_H_

 #include <openssl/err.h>
 #include <openssl/ssl.h>

 #include <atomic>
 #include <cstdint>
 #include <map>
 #include <memory>
 #include <string>
 #include <vector>

 #include "controllers/SSLContextService.h"
 #include "core/expect.h"
 #include "io/ClientSocket.h"
 #include "properties/Configure.h"

 namespace org {
 namespace apache {
 namespace nifi {
 namespace minifi {
 namespace io {

 #define TLS_GOOD 0
 #define TLS_ERROR_CONTEXT 1
 #define TLS_ERROR_PEM_MISSING 2
 #define TLS_ERROR_CERT_MISSING 3
 #define TLS_ERROR_KEY_ERROR 4
 #define TLS_ERROR_CERT_ERROR 5

 class OpenSSLInitializer {
  public:
   static OpenSSLInitializer *getInstance() {
     static OpenSSLInitializer openssl_initializer;
     return &openssl_initializer;
   }

   OpenSSLInitializer() {
     SSL_library_init();
     OpenSSL_add_all_algorithms();
     SSL_load_error_strings();
   }
 };

 class TLSContext : public SocketContext {
  public:
   TLSContext(const std::shared_ptr<Configure> &configure, std::shared_ptr<minifi::controllers::SSLContextService> ssl_service = nullptr); // NOLINT

   virtual ~TLSContext() = default;

   SSL_CTX *getContext() {
     return ctx.get();
   }

   int16_t getError() {
     return error_value;
   }

   int16_t initialize(bool server_method = false);

  private:
   static void deleteContext(SSL_CTX* ptr) { SSL_CTX_free(ptr); }

   std::shared_ptr<logging::Logger> logger_;
   std::shared_ptr<Configure> configure_;
   std::shared_ptr<minifi::controllers::SSLContextService> ssl_service_;
   std::unique_ptr<SSL_CTX, decltype(&deleteContext)> ctx;

   int16_t error_value;
 };

 class TLSSocket : public Socket {
  public:
   /**
    * Constructor that accepts host name, port and listeners. With this
    * contructor we will be creating a server socket
    * @param context the TLSContext
    * @param hostname our host name
    * @param port connecting port
    * @param listeners number of listeners in the queue
    */
   explicit TLSSocket(const std::shared_ptr<TLSContext> &context, const std::string &hostname, uint16_t port, uint16_t listeners);

   /**
    * Constructor that creates a client socket.
    * @param context the TLSContext
    * @param hostname hostname we are connecting to.
    * @param port port we are connecting to.
    */
   explicit TLSSocket(const std::shared_ptr<TLSContext> &context, const std::string &hostname, uint16_t port);

   /**
    * Move constructor.
    */
   TLSSocket(TLSSocket &&);

   TLSSocket& operator=(TLSSocket&&);

   ~TLSSocket() override;

   /**
    * Initializes the socket
    * @return result of the creation operation.
    */
   int initialize() override {
     return initialize(true);
   }

   int16_t initialize(bool blocking);

   /**
    * Attempt to select the socket file descriptor
    * @param msec timeout interval to wait
    * @returns file descriptor
    */
   int16_t select_descriptor(uint16_t msec) override;

   using Socket::read;
   using Socket::write;

   int read(uint8_t *buf, int buflen, bool retrieve_all_bytes) override;

   /**
    * Reads data and places it into buf
    * @param buf buffer in which we extract data
    * @param buflen
    */
   int read(uint8_t *buf, int buflen) override;

   /**
    * Write value to the stream using uint8_t ptr
    * @param buf incoming buffer
    * @param buflen buffer to write
    *
    */
   int write(const uint8_t *value, int size) override;

   void close() override;

  protected:
   int writeData(const uint8_t *value, unsigned int size, int fd);

   SSL *get_ssl(int fd) {
     if (UNLIKELY(listeners_ > 0)) {
       std::lock_guard<std::mutex> lock(ssl_mutex_);
       return ssl_map_[fd];
     } else {
       return ssl_;
     }
   }

   void close_ssl(int fd);

   std::atomic<bool> connected_{ false };
   std::shared_ptr<TLSContext> context_;
   SSL* ssl_{ nullptr };
   std::mutex ssl_mutex_;
   std::map<int, SSL*> ssl_map_;
 };

 }  // namespace io
 }  // namespace minifi
 }  // namespace nifi
 }  // namespace apache
 }  // namespace org

 #endif  // LIBMINIFI_INCLUDE_IO_TLS_TLSSOCKET_H_
	/**
	*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	#ifndef LIBMINIFI_INCLUDE_IO_TLS_TLSSOCKET_H_
	#define LIBMINIFI_INCLUDE_IO_TLS_TLSSOCKET_H_

	#include <openssl/err.h>
	#include <openssl/ssl.h>

	#include <atomic>
	#include <cstdint>
	#include <map>
	#include <memory>
	#include <string>
	#include <vector>

	#include "controllers/SSLContextService.h"
	#include "core/expect.h"
	#include "io/ClientSocket.h"
	#include "properties/Configure.h"

	namespace org {
	namespace apache {
	namespace nifi {
	namespace minifi {
	namespace io {

	#define TLS_GOOD 0
	#define TLS_ERROR_CONTEXT 1
	#define TLS_ERROR_PEM_MISSING 2
	#define TLS_ERROR_CERT_MISSING 3
	#define TLS_ERROR_KEY_ERROR 4
	#define TLS_ERROR_CERT_ERROR 5

	class OpenSSLInitializer {
	public:
	static OpenSSLInitializer *getInstance() {
	static OpenSSLInitializer openssl_initializer;
	return &openssl_initializer;
	}

	OpenSSLInitializer() {
	SSL_library_init();
	OpenSSL_add_all_algorithms();
	SSL_load_error_strings();
	}
	};

	class TLSContext : public SocketContext {
	public:
	TLSContext(const std::shared_ptr<Configure> &configure, std::shared_ptr<minifi::controllers::SSLContextService> ssl_service = nullptr); // NOLINT

	virtual ~TLSContext() = default;

	SSL_CTX *getContext() {
	return ctx.get();
	}

	int16_t getError() {
	return error_value;
	}

	int16_t initialize(bool server_method = false);

	private:
	static void deleteContext(SSL_CTX* ptr) { SSL_CTX_free(ptr); }

	std::shared_ptr<logging::Logger> logger_;
	std::shared_ptr<Configure> configure_;
	std::shared_ptr<minifi::controllers::SSLContextService> ssl_service_;
	std::unique_ptr<SSL_CTX, decltype(&deleteContext)> ctx;

	int16_t error_value;
	};

	class TLSSocket : public Socket {
	public:
	/**
	* Constructor that accepts host name, port and listeners. With this
	* contructor we will be creating a server socket
	* @param context the TLSContext
	* @param hostname our host name
	* @param port connecting port
	* @param listeners number of listeners in the queue
	*/
	explicit TLSSocket(const std::shared_ptr<TLSContext> &context, const std::string &hostname, uint16_t port, uint16_t listeners);

	/**
	* Constructor that creates a client socket.
	* @param context the TLSContext
	* @param hostname hostname we are connecting to.
	* @param port port we are connecting to.
	*/
	explicit TLSSocket(const std::shared_ptr<TLSContext> &context, const std::string &hostname, uint16_t port);

	/**
	* Move constructor.
	*/
	TLSSocket(TLSSocket &&);

	TLSSocket& operator=(TLSSocket&&);

	~TLSSocket() override;

	/**
	* Initializes the socket
	* @return result of the creation operation.
	*/
	int initialize() override {
	return initialize(true);
	}

	int16_t initialize(bool blocking);

	/**
	* Attempt to select the socket file descriptor
	* @param msec timeout interval to wait
	* @returns file descriptor
	*/
	int16_t select_descriptor(uint16_t msec) override;

	using Socket::read;
	using Socket::write;

	int read(uint8_t *buf, int buflen, bool retrieve_all_bytes) override;

	/**
	* Reads data and places it into buf
	* @param buf buffer in which we extract data
	* @param buflen
	*/
	int read(uint8_t *buf, int buflen) override;

	/**
	* Write value to the stream using uint8_t ptr
	* @param buf incoming buffer
	* @param buflen buffer to write
	*
	*/
	int write(const uint8_t *value, int size) override;

	void close() override;

	protected:
	int writeData(const uint8_t *value, unsigned int size, int fd);

	SSL *get_ssl(int fd) {
	if (UNLIKELY(listeners_ > 0)) {
	std::lock_guard<std::mutex> lock(ssl_mutex_);
	return ssl_map_[fd];
	} else {
	return ssl_;
	}
	}

	void close_ssl(int fd);

	std::atomic<bool> connected_{ false };
	std::shared_ptr<TLSContext> context_;
	SSL* ssl_{ nullptr };
	std::mutex ssl_mutex_;
	std::map<int, SSL*> ssl_map_;
	};

	} // namespace io
	} // namespace minifi
	} // namespace nifi
	} // namespace apache
	} // namespace org

	#endif // LIBMINIFI_INCLUDE_IO_TLS_TLSSOCKET_H_