#include <CATLSClientSocket.hpp>

Inheritance diagram for CATLSClientSocket:

Collaboration diagram for CATLSClientSocket:

Public Member Functions
	CATLSClientSocket ()

	~CATLSClientSocket ()

SINT32	sendFully (const UINT8 *buff, UINT32 len)
	Sends all data over the network. More...

SINT32	send (const UINT8 *buff, UINT32 len)
	Sends all data over the network. More...

SINT32	receive (UINT8 *buff, UINT32 len)
	Will receive some bytes from the socket. More...

SINT32	close ()
	Shuts down the socket. More...

SINT32	connect (const CASocketAddr &psa, UINT32 msTimeout)
	Establishes the actual TCP/IP connection and performs the TLS handshake. More...

SINT32	setServerCertificate (CACertificate *pCert)
	Sets the Certifcate we accept as server identification. More...

Public Member Functions inherited from CASocket
	CASocket (bool bIsReserved=false)

	~CASocket ()

virtual SINT32	create ()

virtual SINT32	create (bool a_bShowTypicalError)

virtual SINT32	create (SINT32 type)

virtual SINT32	listen (const CASocketAddr &psa)
	Starts listening on address psa. More...

virtual SINT32	listen (UINT16 port)

virtual SINT32	accept (CASocket &s)
	Accepts a new connection. More...

virtual SINT32	connect (const CASocketAddr &psa)

virtual SINT32	connect (const CASocketAddr &psa, UINT32 retry, UINT32 sWaitTime)
	Tries to connect to the peer described by psa. More...

virtual SINT32	sendFullyTimeOut (const UINT8 *buff, UINT32 len, UINT32 msTimeOut, UINT32 msTimeOutSingleSend)
	Sends all data over the network. More...

virtual SINT32	sendTimeOut (const UINT8 *buff, UINT32 len, UINT32 msTimeOut)
	Sends some data over the network. More...

virtual SINT32	receiveFullyT (UINT8 *buff, UINT32 len, UINT32 msTimeOut)
	Trys to receive all bytes. More...

virtual SINT32	receiveLine (UINT8 *line, UINT32 maxLen, UINT32 msTimeOut)

virtual SINT32	peek (UINT8 *buff, UINT32 len)
	Will peek some bytes from the socket read queue. More...

SOCKET	getSocket ()
	Returns the number of the Socket used. More...

virtual SINT32	getLocalIP (UINT8 r_Ip[4])
	LERNGRUPPE Returns the source address of the socket. More...

virtual SINT32	getLocalPort ()

virtual SINT32	getPeerIP (UINT8 ip[4])

virtual SINT32	getPeerPort ()

virtual SINT32	setReuseAddr (bool b)

virtual SINT32	setSendTimeOut (UINT32 msTimeOut)

virtual SINT32	getSendTimeOut ()

virtual SINT32	setRecvBuff (UINT32 r)

virtual SINT32	getRecvBuff ()

virtual SINT32	setSendBuff (SINT32 r)
	Returns < 0 on error, otherwise the new sendbuffersize (which may be less than r) More...

virtual SINT32	getSendBuff ()

virtual SINT32	setKeepAlive (bool b)
	Enables/disables the socket keep-alive option. More...

virtual SINT32	setKeepAlive (UINT32 sec)
	Enables the socket keep-alive option with a given ping time (in seconds). More...

virtual SINT32	setNonBlocking (bool b)

virtual SINT32	getNonBlocking (bool *b)

virtual bool	isClosed ()

Public Member Functions inherited from CAClientSocket
virtual	~CAClientSocket ()

SINT32	receiveFully (UINT8 *buff, UINT32 len)
	Receives all len bytes. More...

Private Member Functions
SINT32	doTLSConnect (const CASocketAddr &psa)
	Does the TLS handshake. More...

Private Attributes
SSL *	m_pSSL

SSL_CTX *	m_pCtx

CACertificate *	m_pRootCert

bool	m_bConnectedTLS
	is the TLS layer established ? More...

Additional Inherited Members
Static Public Member Functions inherited from CASocket
static SINT32	init ()

static SINT32	cleanup ()

static SINT32	setMaxNormalSockets (UINT32 u)
	Sets the max number of allowed "normal" sockets. More...

static SINT32	getMaxOpenSockets ()
	Tries to find out how many socket we can open by open as many socket as possible witthout errors. More...

static UINT32	countOpenSockets ()

Protected Attributes inherited from CASocket
volatile bool	m_bSocketIsClosed
	check More...

SOCKET	m_Socket

CASingleSocketGroup *	m_pSingleSocketGroupRead

Detailed Description

Definition at line 48 of file CATLSClientSocket.hpp.

Constructor & Destructor Documentation

◆ CATLSClientSocket()

CATLSClientSocket::CATLSClientSocket ( )

Definition at line 35 of file CATLSClientSocket.cpp.

   {
     m_bConnectedTLS = false;
     m_pCtx = SSL_CTX_new( TLSv1_client_method() );
 #ifdef SSL_OP_NO_TICKET
     // disable buggy TLS client extensions, as otherwise we will get no connection to a Java TLS server; the bug is fixes in OpenSSL > 0.9.8g
     SSL_CTX_set_options(m_pCtx, SSL_OP_ALL|SSL_OP_NO_TICKET);
 #else
     SSL_CTX_set_options(m_pCtx, SSL_OP_ALL);
 #endif
     m_pSSL = NULL;
     m_pRootCert=NULL;
     //m_pSocket=new CASocket();
  
   }

References m_bConnectedTLS, m_pCtx, m_pRootCert, and m_pSSL.

◆ ~CATLSClientSocket()

CATLSClientSocket::~CATLSClientSocket ( )

Definition at line 51 of file CATLSClientSocket.cpp.

   {
     close();
     SSL_CTX_free(m_pCtx);
     //delete m_pSocket;
     //m_pSocket = NULL;
     delete m_pRootCert;
     m_pRootCert = NULL;
   }

References close(), m_pCtx, and m_pRootCert.

Here is the call graph for this function:

Member Function Documentation

◆ close()

SINT32 CATLSClientSocket::close ( )

virtual

Shuts down the socket.

This is an overridden virtual function which shuts down the TLS layer first

Reimplemented from CASocket.

Definition at line 65 of file CATLSClientSocket.cpp.

   {
     if(m_bConnectedTLS)
       {
         SSL_shutdown(m_pSSL);
         m_bConnectedTLS = false;
       }
     if(m_pSSL!=NULL)
       {
         SSL_free(m_pSSL);
       }
     m_pSSL=NULL;
     return CASocket::close();
   }

References CASocket::close(), m_bConnectedTLS, and m_pSSL.

Referenced by doTLSConnect(), CAAccountingBIInterface::initBIConnection(), CAAccountingBIInterface::terminateBIConnection(), and ~CATLSClientSocket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ connect()

SINT32 CATLSClientSocket::connect	(	const CASocketAddr &	psa,
		UINT32	msTimeout
	)

virtual

Establishes the actual TCP/IP connection and performs the TLS handshake.

Establishes the TCP/IP connection, performs the TLS handshake and checks the server certificate validity.

Reimplemented from CASocket.

Definition at line 170 of file CATLSClientSocket.cpp.

   {
     SINT32 rc;
     // call base class connect function
     if( (rc=CASocket::connect(psa, msTimeout)) != E_SUCCESS)
     {
       CASocket::close();
       return rc;
     }
     // do our own connection initialisation (TLS handshake)
     rc = doTLSConnect(psa);
     return rc;
   }

References CASocket::close(), CASocket::connect(), doTLSConnect(), and E_SUCCESS.

Referenced by CAAccountingBIInterface::initBIConnection().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ doTLSConnect()

SINT32 CATLSClientSocket::doTLSConnect ( const CASocketAddr & psa )

private

Does the TLS handshake.

The TCP Connection must be established first and openSSL library must be initialized

Definition at line 97 of file CATLSClientSocket.cpp.

   {
     SINT32 status;
     #ifdef DEBUG
       CAMsg::printMsg(LOG_DEBUG,"starting tls connect\n");
     #endif
     if(m_bConnectedTLS)
       return E_UNKNOWN;
  
     m_pSSL=SSL_new(m_pCtx);
     // do the standard part of the ssl handshake
     
     SSL_set_fd( m_pSSL, m_Socket );
     if((status = SSL_connect( m_pSSL )) != 1) 
     {
         int err = SSL_get_error(m_pSSL, status);
         CAMsg::printMsg(LOG_INFO,"CATLSClientSocket::doTLSConnect() failed! Reason: %i\n", err);
       SSL_shutdown(m_pSSL);
       close();
       m_bConnectedTLS = false;
       return E_UNKNOWN;
     }
     #ifdef DEBUG
       CAMsg::printMsg(LOG_DEBUG,"connect passed\n");
     #endif
  
     // ssl handshake ok, now let's check the server's identity
     // Note: This code was stolen from LinuxJournal
     // issue 89: An Introduction to OpenSSL Programming, Part I of II
  
  
     // is the certificate valid?
     SINT32 ret=SSL_get_verify_result( m_pSSL );
     if(ret != X509_V_OK&&ret!=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT )
       {
         CAMsg::printMsg(LOG_ERR, "SSLClientSocket: the Server certificate is INVALID!! Error: %i\n",ret);
         close();
         m_bConnectedTLS = false;
         return E_UNKNOWN;
       }
     X509* peerCert=SSL_get_peer_certificate(m_pSSL);
     if(peerCert==NULL)
       {
         CAMsg::printMsg(LOG_ERR, "SSLClientSocket: the Server shows no certificate!\n");
         close();
         m_bConnectedTLS = false;
         return E_UNKNOWN;
       }
     ret=1;
     if(m_pRootCert!=NULL)
       {
         EVP_PKEY* pubKey=X509_get_pubkey(m_pRootCert->getX509());
         ret=X509_verify(peerCert,pubKey);
       }
     X509_free(peerCert);
     if(ret!=1)
       {
         CAMsg::printMsg(LOG_ERR, "SSLClientSocket: could not verify server certificate!\n");
         close();
         m_bConnectedTLS = false;
         return E_UNKNOWN;
       }
     m_bConnectedTLS = true;
     return E_SUCCESS;
   }

References close(), E_SUCCESS, E_UNKNOWN, CACertificate::getX509(), m_bConnectedTLS, m_pCtx, m_pRootCert, m_pSSL, CASocket::m_Socket, and CAMsg::printMsg().

Referenced by connect().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ receive()

SINT32 CATLSClientSocket::receive	(	UINT8 *	buff,
		UINT32	len
	)

virtual

Will receive some bytes from the socket.

May block or not depending on whatever this socket was set to blocking or non-blocking mode. Warning: If socket is in blocking mode and receive is called, receive will block until some data is available, EVEN IF AN OTHER THREAD WILL CLOSE THIS SOCKET!

Parameters

buff	the buffer which get the received data
len	size of buff

Returns: SOCKET_ERROR if an error occured

Return values

E_AGAIN,if	socket was in non-blocking mode and receive would block or a timeout was reached
0	if socket was gracefully closed

Returns: the number of bytes received (always >0)

Reimplemented from CASocket.

Definition at line 244 of file CATLSClientSocket.cpp.

 {
   SINT32 ret=::SSL_read(m_pSSL,(char*)buff,len);
   if(ret<0)
     {
       int err = SSL_get_error(m_pSSL, ret);
     if ( (SSL_ERROR_WANT_READ == err) ||
        (SSL_ERROR_WANT_WRITE == err) )
       {
         return E_AGAIN;
       }
  
     if( (err == SSL_ERROR_SYSCALL) && (ret == -1) )
     {
       int errnum = errno;
       CAMsg::printMsg(LOG_ERR, "TLS-Socket: receive I/O error occured: %s\n", strerror(errnum));
     }
     return SOCKET_ERROR;
     }
   return ret;
 }

References E_AGAIN, len, m_pSSL, and CAMsg::printMsg().

Here is the call graph for this function:

◆ send()

SINT32 CATLSClientSocket::send	(	const UINT8 *	buff,
		UINT32	len
	)

virtual

Sends all data over the network.

This may block, until all data was sent.

Parameters

buff	the buffer of data to send
len	content length

Return values

E_UNKNOWN	if an error occured
E_SUCCESS	if successfull

Reimplemented from CASocket.

Definition at line 190 of file CATLSClientSocket.cpp.

 {
   if(len==0)
   {
     return E_SUCCESS; //nothing to send
   }
   SINT32 ret=::SSL_write(m_pSSL,(char*)buff,len);
   if(ret<0)
   {
       int err = SSL_get_error(m_pSSL, ret);
     if ( (SSL_ERROR_WANT_READ == err) ||
        (SSL_ERROR_WANT_WRITE == err) )
       {
         return E_AGAIN;
       }
  
     if( (err == SSL_ERROR_SYSCALL) && (ret == -1) )
     {
       int errnum = errno;
       CAMsg::printMsg(LOG_ERR, "TLS-Socket: send I/O error occured: %s\n", strerror(errnum));
     }
     return SOCKET_ERROR;
   }
   return ret;
 }

References E_AGAIN, E_SUCCESS, len, m_pSSL, and CAMsg::printMsg().

Here is the call graph for this function:

◆ sendFully()

SINT32 CATLSClientSocket::sendFully	(	const UINT8 *	buff,
		UINT32	len
	)

virtual

Sends all data over the network.

This may block, until all data was sent.

Parameters

buff	the buffer of data to send
len	content length

Return values

E_UNKNOWN	if an error occured
E_SUCCESS	if successfull

Reimplemented from CASocket.

Definition at line 222 of file CATLSClientSocket.cpp.

   {
     if(len==0)
       return E_SUCCESS; //nothing to send
     SINT32 ret=::SSL_write(m_pSSL,(char*)buff,len);
     if(ret < 0 || ((UINT32)ret) < len)
       return E_UNKNOWN;
     return E_SUCCESS;
   }

References E_SUCCESS, E_UNKNOWN, len, and m_pSSL.

◆ setServerCertificate()

SINT32 CATLSClientSocket::setServerCertificate ( CACertificate * pCert )

Sets the Certifcate we accept as server identification.

Init the SSL object.

Set to NULL if you do not want any certificate checking. @Note At the moment only a depth of verification path of zero or one is supported!

SSL_init_library() must be called before this!

Definition at line 86 of file CATLSClientSocket.cpp.

   {
     m_pRootCert=pCert->clone();
     return E_SUCCESS;
   }

References CACertificate::clone(), E_SUCCESS, and m_pRootCert.

Referenced by CAAccountingBIInterface::initBIConnection().

Here is the call graph for this function:

Here is the caller graph for this function:

Member Data Documentation

◆ m_bConnectedTLS

bool CATLSClientSocket::m_bConnectedTLS

private

is the TLS layer established ?

Definition at line 89 of file CATLSClientSocket.hpp.

Referenced by CATLSClientSocket(), close(), and doTLSConnect().

◆ m_pCtx

SSL_CTX* CATLSClientSocket::m_pCtx

private

Definition at line 85 of file CATLSClientSocket.hpp.

Referenced by CATLSClientSocket(), doTLSConnect(), and ~CATLSClientSocket().

◆ m_pRootCert

CACertificate* CATLSClientSocket::m_pRootCert

private

Definition at line 87 of file CATLSClientSocket.hpp.

Referenced by CATLSClientSocket(), doTLSConnect(), setServerCertificate(), and ~CATLSClientSocket().

◆ m_pSSL

SSL* CATLSClientSocket::m_pSSL

private

Definition at line 84 of file CATLSClientSocket.hpp.

Referenced by CATLSClientSocket(), close(), doTLSConnect(), receive(), send(), and sendFully().

The documentation for this class was generated from the following files:

Public Member Functions

Private Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ CATLSClientSocket()

◆ ~CATLSClientSocket()

Member Function Documentation

◆ close()

◆ connect()

◆ doTLSConnect()

◆ receive()

◆ send()

◆ sendFully()

◆ setServerCertificate()

Member Data Documentation

◆ m_bConnectedTLS

◆ m_pCtx

◆ m_pRootCert

◆ m_pSSL