ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Hide RPCDoor implementation and use RippleSSLContext

Browse Source
This commit is contained in:
Vinnie Falco
2013-08-31 11:39:29 -07:00
parent e256716da8
commit a9f6d67bba
10 changed files with 153 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Builds/VisualStudio2012/RippleD.vcxproj
View File

@@ -31,12 +31,6 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
</ClCompile> </ClCompile>
<ClCompile Include="..\..\modules\ripple_app\boost\ripple_SslContext.cpp">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="..\..\modules\ripple_app\consensus\ripple_DisputedTx.cpp"> <ClCompile Include="..\..\modules\ripple_app\consensus\ripple_DisputedTx.cpp">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
@@ -1371,7 +1365,6 @@
<ClInclude Include="..\..\BeastConfig.h" /> <ClInclude Include="..\..\BeastConfig.h" />
<ClInclude Include="..\..\modules\ripple_app\basics\ripple_RPCServerHandler.h" /> <ClInclude Include="..\..\modules\ripple_app\basics\ripple_RPCServerHandler.h" />
<ClInclude Include="..\..\modules\ripple_app\boost\ripple_IoService.h" /> <ClInclude Include="..\..\modules\ripple_app\boost\ripple_IoService.h" />
<ClInclude Include="..\..\modules\ripple_app\boost\ripple_SslContext.h" />
<ClInclude Include="..\..\modules\ripple_app\consensus\ripple_DisputedTx.h" /> <ClInclude Include="..\..\modules\ripple_app\consensus\ripple_DisputedTx.h" />
<ClInclude Include="..\..\modules\ripple_app\consensus\ripple_LedgerConsensus.h" /> <ClInclude Include="..\..\modules\ripple_app\consensus\ripple_LedgerConsensus.h" />
<ClInclude Include="..\..\modules\ripple_app\contracts\ripple_Contract.h" /> <ClInclude Include="..\..\modules\ripple_app\contracts\ripple_Contract.h" />

6
Builds/VisualStudio2012/RippleD.vcxproj.filters
View File

@@ -849,9 +849,6 @@
<ClCompile Include="..\..\modules\ripple_app\boost\ripple_IoService.cpp"> <ClCompile Include="..\..\modules\ripple_app\boost\ripple_IoService.cpp">
<Filter>[1] Ripple\ripple_app\boost</Filter> <Filter>[1] Ripple\ripple_app\boost</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\..\modules\ripple_app\boost\ripple_SslContext.cpp">
<Filter>[1] Ripple\ripple_app\boost</Filter>
</ClCompile>
<ClCompile Include="..\..\modules\ripple_asio\sockets\RippleSSLContext.cpp"> <ClCompile Include="..\..\modules\ripple_asio\sockets\RippleSSLContext.cpp">
<Filter>[1] Ripple\ripple_asio\sockets</Filter> <Filter>[1] Ripple\ripple_asio\sockets</Filter>
</ClCompile> </ClCompile>
@@ -1619,9 +1616,6 @@
<ClInclude Include="..\..\modules\ripple_app\boost\ripple_IoService.h"> <ClInclude Include="..\..\modules\ripple_app\boost\ripple_IoService.h">
<Filter>[1] Ripple\ripple_app\boost</Filter> <Filter>[1] Ripple\ripple_app\boost</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\..\modules\ripple_app\boost\ripple_SslContext.h">
<Filter>[1] Ripple\ripple_app\boost</Filter>
</ClInclude>
<ClInclude Include="..\..\modules\ripple_basics\utility\ripple_LoggedTimings.h"> <ClInclude Include="..\..\modules\ripple_basics\utility\ripple_LoggedTimings.h">
<Filter>[1] Ripple\ripple_basics\utility</Filter> <Filter>[1] Ripple\ripple_basics\utility</Filter>
</ClInclude> </ClInclude>

110
modules/ripple_app/boost/ripple_SslContext.cpp
View File

@@ -1,110 +0,0 @@
//------------------------------------------------------------------------------
/*
Copyright (c) 2011-2013, OpenCoin, Inc.
*/
//==============================================================================
namespace basio
{
SslContext* SslContext::New ()
{
return new SslContext;
}
SslContext::~SslContext ()
{
}
SslContext::operator boost::asio::ssl::context& ()
{
return *m_impl;
}
SslContext::SslContext ()
: m_impl (new boost::asio::ssl::context (boost::asio::ssl::context::sslv23))
{
}
// VFALCO TODO Can we call this function from the ctor of PeerDoor as well?
// Or can we move the common code to a new function?
//
void SslContext::initializeFromFile (
boost::asio::ssl::context& context,
std::string key_file,
std::string cert_file,
std::string chain_file)
{
SSL_CTX* sslContext = context.native_handle ();
context.set_options (boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::single_dh_use);
bool cert_set = false;
if (!cert_file.empty ())
{
boost::system::error_code error;
context.use_certificate_file (cert_file, boost::asio::ssl::context::pem, error);
if (error)
throw std::runtime_error ("Unable to use certificate file");
cert_set = true;
}
if (!chain_file.empty ())
{
// VFALCO Replace fopen() with RAII
FILE* f = fopen (chain_file.c_str (), "r");
if (!f)
throw std::runtime_error ("Unable to open chain file");
try
{
for (;;)
{
X509* x = PEM_read_X509 (f, NULL, NULL, NULL);
if (x == NULL)
break;
if (!cert_set)
{
if (SSL_CTX_use_certificate (sslContext, x) != 1)
throw std::runtime_error ("Unable to get certificate from chain file");
cert_set = true;
}
else if (SSL_CTX_add_extra_chain_cert (sslContext, x) != 1)
{
X509_free (x);
throw std::runtime_error ("Unable to add chain certificate");
}
}
fclose (f);
}
catch (...)
{
fclose (f);
throw;
}
}
if (!key_file.empty ())
{
boost::system::error_code error;
context.use_private_key_file (key_file, boost::asio::ssl::context::pem, error);
if (error)
throw std::runtime_error ("Unable to use private key file");
}
if (SSL_CTX_check_private_key (sslContext) != 1)
throw std::runtime_error ("Private key not valid");
}
}

39
modules/ripple_app/boost/ripple_SslContext.h
View File

@@ -1,39 +0,0 @@
//------------------------------------------------------------------------------
/*
Copyright (c) 2011-2013, OpenCoin, Inc.
*/
//==============================================================================
#ifndef RIPPLE_SSLCONTEXT_H_INCLUDED
#define RIPPLE_SSLCONTEXT_H_INCLUDED
namespace basio
{
/** Hides a boost::asio::ssl::context implementation.
*/
class SslContext
{
public:
static SslContext* New ();
virtual ~SslContext ();
operator boost::asio::ssl::context& ();
static void initializeFromFile (
boost::asio::ssl::context& context,
std::string key_file,
std::string cert_file,
std::string chain_file);
private:
SslContext ();
private:
beast::ScopedPointer <boost::asio::ssl::context> m_impl;
};
}
#endif

4
modules/ripple_app/main/ripple_Application.cpp
View File

@@ -577,7 +577,7 @@ public:
} }
else else
{ {
m_wsSSLContext = RippleSSLContext::createBare (); m_wsSSLContext = RippleSSLContext::createWebSocket ();
} }
// Create private listening WebSocket socket // Create private listening WebSocket socket
@@ -627,7 +627,7 @@ public:
{ {
try try
{ {
mRPCDoor = new RPCDoor (m_mainService, m_rpcServerHandler); mRPCDoor = RPCDoor::New (m_mainService, m_rpcServerHandler);
} }
catch (const std::exception& e) catch (const std::exception& e)
{ {

21
modules/ripple_app/ripple_app.cpp
View File

@@ -158,7 +158,6 @@ namespace ripple
#include "main/ripple_LocalCredentials.h" #include "main/ripple_LocalCredentials.h"
#include "websocket/WSDoor.h" #include "websocket/WSDoor.h"
#include "boost/ripple_IoService.h" #include "boost/ripple_IoService.h"
#include "boost/ripple_SslContext.h"
#include "main/ripple_Application.h" #include "main/ripple_Application.h"
#include "rpc/RPCHandler.h" #include "rpc/RPCHandler.h"
#include "tx/TransactionQueue.h" #include "tx/TransactionQueue.h"
@@ -296,7 +295,6 @@ static const uint64 tenTo17m1 = tenTo17 - 1;
#include "data/ripple_DBInit.cpp" #include "data/ripple_DBInit.cpp"
#include "boost/ripple_IoService.cpp" #include "boost/ripple_IoService.cpp"
#include "boost/ripple_SslContext.cpp"
#endif #endif
@@ -334,7 +332,6 @@ static const uint64 tenTo17m1 = tenTo17 - 1;
#include "tx/PaymentTransactor.cpp" #include "tx/PaymentTransactor.cpp"
#include "tx/RegularKeySetTransactor.cpp" #include "tx/RegularKeySetTransactor.cpp"
#include "paths/ripple_RippleState.cpp" #include "paths/ripple_RippleState.cpp"
#include "rpc/RPCDoor.cpp"
#include "tx/TransactionCheck.cpp" #include "tx/TransactionCheck.cpp"
#include "tx/TransactionMaster.cpp" #include "tx/TransactionMaster.cpp"
#include "tx/TransactionQueue.cpp" #include "tx/TransactionQueue.cpp"
@@ -354,16 +351,16 @@ static const uint64 tenTo17m1 = tenTo17 - 1;
namespace ripple namespace ripple
{ {
#include "peers/ripple_Peer.cpp"
#include "main/ripple_Application.cpp"
#include "tx/OfferCreateTransactor.cpp"
#include "misc/ripple_Validations.cpp"
#include "main/ripple_LocalCredentials.cpp"
#include "tx/WalletAddTransactor.cpp"
#include "ledger/ripple_AcceptedLedgerTx.cpp"
#include "misc/ripple_FeeVote.cpp"
#include "ledger/LedgerTiming.cpp" #include "ledger/LedgerTiming.cpp"
#include "ledger/ripple_AcceptedLedgerTx.cpp"
#include "main/ripple_Application.cpp"
#include "main/ripple_LocalCredentials.cpp"
#include "misc/ripple_FeeVote.cpp"
#include "misc/ripple_Validations.cpp"
#include "peers/ripple_Peer.cpp"
#include "rpc/RPCDoor.cpp"
#include "tx/OfferCreateTransactor.cpp"
#include "tx/WalletAddTransactor.cpp"
#endif #endif

73
modules/ripple_app/rpc/RPCDoor.cpp
View File

@@ -6,45 +6,52 @@
SETUP_LOG (RPCDoor) SETUP_LOG (RPCDoor)
RPCDoor::RPCDoor (boost::asio::io_service& io_service, RPCServer::Handler& handler) class RPCDoorImp : public RPCDoor, public LeakChecked <RPCDoorImp>
{
public:
RPCDoorImp (boost::asio::io_service& io_service, RPCServer::Handler& handler)
: m_rpcServerHandler (handler) : m_rpcServerHandler (handler)
, mAcceptor (io_service, , mAcceptor (io_service,
boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string (getConfig ().getRpcIP ()), getConfig ().getRpcPort ())) boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string (getConfig ().getRpcIP ()), getConfig ().getRpcPort ()))
, mDelayTimer (io_service) , mDelayTimer (io_service)
, mSSLContext (boost::asio::ssl::context::sslv23) , m_sslContext ((getConfig ().RPC_SECURE == 0) ?
{ RippleSSLContext::createBare () :
WriteLog (lsINFO, RPCDoor) << "RPC port: " << getConfig ().getRpcAddress().toRawUTF8() << " allow remote: " << getConfig ().RPC_ALLOW_REMOTE; RippleSSLContext::createAuthenticated (
if (getConfig ().RPC_SECURE != 0)
{
// VFALCO TODO This could be a method of theConfig
//
basio::SslContext::initializeFromFile (
mSSLContext,
getConfig ().RPC_SSL_KEY, getConfig ().RPC_SSL_KEY,
getConfig ().RPC_SSL_CERT, getConfig ().RPC_SSL_CERT,
getConfig ().RPC_SSL_CHAIN); getConfig ().RPC_SSL_CHAIN))
} {
WriteLog (lsINFO, RPCDoor) << "RPC port: " << getConfig ().getRpcAddress().toRawUTF8() << " allow remote: " << getConfig ().RPC_ALLOW_REMOTE;
startListening (); startListening ();
} }
RPCDoor::~RPCDoor () //--------------------------------------------------------------------------
~RPCDoorImp ()
{ {
WriteLog (lsINFO, RPCDoor) << "RPC port: " << getConfig ().getRpcAddress().toRawUTF8() << " allow remote: " << getConfig ().RPC_ALLOW_REMOTE; WriteLog (lsINFO, RPCDoor) <<
"RPC port: " << getConfig ().getRpcAddress().toRawUTF8() <<
" allow remote: " << getConfig ().RPC_ALLOW_REMOTE;
} }
void RPCDoor::startListening () //--------------------------------------------------------------------------
void startListening ()
{ {
RPCServer::pointer new_connection = RPCServer::New (mAcceptor.get_io_service (), mSSLContext, m_rpcServerHandler); RPCServer::pointer new_connection = RPCServer::New (
mAcceptor.get_io_service (), m_sslContext->get (), m_rpcServerHandler);
mAcceptor.set_option (boost::asio::ip::tcp::acceptor::reuse_address (true)); mAcceptor.set_option (boost::asio::ip::tcp::acceptor::reuse_address (true));
mAcceptor.async_accept (new_connection->getRawSocket (), mAcceptor.async_accept (new_connection->getRawSocket (),
boost::bind (&RPCDoor::handleConnect, this, new_connection, boost::bind (&RPCDoorImp::handleConnect, this, new_connection,
boost::asio::placeholders::error)); boost::asio::placeholders::error));
} }
bool RPCDoor::isClientAllowed (const std::string& ip) //--------------------------------------------------------------------------
bool isClientAllowed (const std::string& ip)
{ {
if (getConfig ().RPC_ALLOW_REMOTE) if (getConfig ().RPC_ALLOW_REMOTE)
return true; return true;
@@ -57,13 +64,16 @@ bool RPCDoor::isClientAllowed (const std::string& ip)
return false; return false;
} }
void RPCDoor::handleConnect (RPCServer::pointer new_connection, const boost::system::error_code& error) //--------------------------------------------------------------------------
void handleConnect (RPCServer::pointer new_connection, boost::system::error_code const& error)
{ {
bool delay = false; bool delay = false;
if (!error) if (!error)
{ {
// Restrict callers by IP // Restrict callers by IP
// VFALCO NOTE Prevent exceptions from being thrown at all.
try try
{ {
if (! isClientAllowed (new_connection->getRemoteAddressText ())) if (! isClientAllowed (new_connection->getRemoteAddressText ()))
@@ -87,15 +97,32 @@ void RPCDoor::handleConnect (RPCServer::pointer new_connection, const boost::sys
if (error == boost::system::errc::too_many_files_open) if (error == boost::system::errc::too_many_files_open)
delay = true; delay = true;
WriteLog (lsINFO, RPCDoor) << "RPCDoor::handleConnect Error: " << error; WriteLog (lsINFO, RPCDoor) << "RPCDoorImp::handleConnect Error: " << error;
} }
if (delay) if (delay)
{ {
mDelayTimer.expires_from_now (boost::posix_time::milliseconds (1000)); mDelayTimer.expires_from_now (boost::posix_time::milliseconds (1000));
mDelayTimer.async_wait (boost::bind (&RPCDoor::startListening, this)); mDelayTimer.async_wait (boost::bind (&RPCDoorImp::startListening, this));
} }
else else
{
startListening (); startListening ();
} }
// vim:ts=4 }
private:
RPCServer::Handler& m_rpcServerHandler;
boost::asio::ip::tcp::acceptor mAcceptor;
boost::asio::deadline_timer mDelayTimer;
ScopedPointer <RippleSSLContext> m_sslContext;
};
//------------------------------------------------------------------------------
RPCDoor* RPCDoor::New (boost::asio::io_service& io_service, RPCServer::Handler& handler)
{
ScopedPointer <RPCDoor> result (new RPCDoorImp (io_service, handler));
return result.release ();
}

23
modules/ripple_app/rpc/RPCDoor.h
View File

@@ -7,29 +7,14 @@
#ifndef RIPPLE_RPCDOOR_H #ifndef RIPPLE_RPCDOOR_H
#define RIPPLE_RPCDOOR_H #define RIPPLE_RPCDOOR_H
/* /** Listening socket for RPC requests.
Handles incoming connections from people making RPC Requests
*/ */
class RPCDoor
class RPCDoor : LeakChecked <RPCDoor>
{ {
public: public:
explicit RPCDoor ( static RPCDoor* New (boost::asio::io_service& io_service, RPCServer::Handler& handler);
boost::asio::io_service& io_service,
RPCServer::Handler& handler);
~RPCDoor ();
private: virtual ~RPCDoor () { }
RPCServer::Handler& m_rpcServerHandler;
boost::asio::ip::tcp::acceptor mAcceptor;
boost::asio::deadline_timer mDelayTimer;
boost::asio::ssl::context mSSLContext;
void startListening ();
void handleConnect (RPCServer::pointer new_connection,
const boost::system::error_code& error);
bool isClientAllowed (const std::string& ip);
}; };
#endif #endif

37
modules/ripple_asio/sockets/RippleSSLContext.cpp
View File

@@ -14,14 +14,6 @@ public:
: RippleSSLContext (m_context) : RippleSSLContext (m_context)
, m_context (boost::asio::ssl::context::sslv23) , m_context (boost::asio::ssl::context::sslv23)
{ {
m_context.set_options (
boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::single_dh_use);
SSL_CTX_set_tmp_dh_callback (
m_context.native_handle (),
tmp_dh_handler);
} }
~RippleSSLContextImp () ~RippleSSLContextImp ()
@@ -70,8 +62,25 @@ public:
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Does common initialization for all but the bare context type.
void initCommon ()
{
m_context.set_options (
boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::single_dh_use);
SSL_CTX_set_tmp_dh_callback (
m_context.native_handle (),
tmp_dh_handler);
}
//--------------------------------------------------------------------------
void initAnonymous (String const& cipherList) void initAnonymous (String const& cipherList)
{ {
initCommon ();
int const result = SSL_CTX_set_cipher_list ( int const result = SSL_CTX_set_cipher_list (
m_context.native_handle (), m_context.native_handle (),
cipherList.toStdString ().c_str ()); cipherList.toStdString ().c_str ());
@@ -85,6 +94,8 @@ public:
void initAuthenticated ( void initAuthenticated (
std::string key_file, std::string cert_file, std::string chain_file) std::string key_file, std::string cert_file, std::string chain_file)
{ {
initCommon ();
SSL_CTX* const ssl = m_context.native_handle (); SSL_CTX* const ssl = m_context.native_handle ();
bool cert_set = false; bool cert_set = false;
@@ -241,6 +252,7 @@ RippleSSLContext::RippleSSLContext (ContextType& context)
: SSLContext (context) : SSLContext (context)
{ {
} }
RippleSSLContext* RippleSSLContext::createBare () RippleSSLContext* RippleSSLContext::createBare ()
{ {
ScopedPointer <RippleSSLContextImp> context (new RippleSSLContextImp ()); ScopedPointer <RippleSSLContextImp> context (new RippleSSLContextImp ());
@@ -248,6 +260,15 @@ RippleSSLContext* RippleSSLContext::createBare ()
return context.release (); return context.release ();
} }
RippleSSLContext* RippleSSLContext::createWebSocket ()
{
ScopedPointer <RippleSSLContextImp> context (new RippleSSLContextImp ());
context->initCommon ();
return context.release ();
}
RippleSSLContext* RippleSSLContext::createAnonymous (String const& cipherList) RippleSSLContext* RippleSSLContext::createAnonymous (String const& cipherList)
{ {
ScopedPointer <RippleSSLContextImp> context (new RippleSSLContextImp ()); ScopedPointer <RippleSSLContextImp> context (new RippleSSLContextImp ());

9
modules/ripple_asio/sockets/RippleSSLContext.h
View File

@@ -25,11 +25,16 @@ public:
*/ */
static std::string getRawDHParams (int keySize); static std::string getRawDHParams (int keySize);
/** Creates a bare context. /** Creates a bare SSL context with just sslv23 set.
This is for WebSocket connections that don't use certificates. This is used for RPC connections.
*/ */
static RippleSSLContext* createBare (); static RippleSSLContext* createBare ();
/** Creates a suitable for WebSocket without authentication.
This is for WebSocket connections that don't use certificates.
*/
static RippleSSLContext* createWebSocket ();
/** Create a context that allows anonymous connections. /** Create a context that allows anonymous connections.
No certificates are required. Peers use this context. No certificates are required. Peers use this context.
If the cipher list is invalid, a fatal error is raised. If the cipher list is invalid, a fatal error is raised.