tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

TLSServer.h (3257B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #ifndef TLSServer_h
      6 #define TLSServer_h
      7 
      8 // This is a standalone server for testing SSL features of Gecko.
      9 // The client is expected to connect and initiate an SSL handshake (with SNI
     10 // to indicate which "server" to connect to). If all is good, the client then
     11 // sends one encrypted byte and receives that same byte back.
     12 // This server also has the ability to "call back" another process waiting on
     13 // it. That is, when the server is all set up and ready to receive connections,
     14 // it will connect to a specified port and issue a simple HTTP request.
     15 
     16 #include <stdint.h>
     17 
     18 #include "ScopedNSSTypes.h"
     19 #include "mozilla/Casting.h"
     20 #include "prio.h"
     21 #include "secerr.h"
     22 #include "ssl.h"
     23 
     24 namespace mozilla {
     25 
     26 MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRDir, PRDir, PR_CloseDir);
     27 
     28 }  // namespace mozilla
     29 
     30 namespace mozilla {
     31 namespace test {
     32 
     33 typedef SECStatus (*ServerConfigFunc)(PRFileDesc* fd);
     34 
     35 enum DebugLevel { DEBUG_ERRORS = 1, DEBUG_WARNINGS = 2, DEBUG_VERBOSE = 3 };
     36 
     37 extern DebugLevel gDebugLevel;
     38 
     39 void PrintPRError(const char* aPrefix);
     40 
     41 // The default certificate is trusted for localhost and *.example.com
     42 extern const char DEFAULT_CERT_NICKNAME[];
     43 
     44 // ConfigSecureServerWithNamedCert sets up the hostname name provided. If the
     45 // extraData parameter is presented, extraData->certChain will be automatically
     46 // filled in using database information.
     47 // Pass DEFAULT_CERT_NICKNAME as certName unless you need a specific
     48 // certificate.
     49 SECStatus ConfigSecureServerWithNamedCert(
     50    PRFileDesc* fd, const char* certName,
     51    /*optional*/ UniqueCERTCertificate* cert,
     52    /*optional*/ SSLKEAType* kea,
     53    /*optional*/ SSLExtraServerCertData* extraData);
     54 
     55 SECStatus InitializeNSS(const char* nssCertDBDir);
     56 
     57 // StartServer initializes NSS, sockets, the SNI callback, and a default
     58 // certificate. configFunc (optional) is a pointer to an implementation-
     59 // defined configuration function, which is called on the model socket
     60 // prior to handling any connections.
     61 int StartServer(int argc, char* argv[], SSLSNISocketConfig sniSocketConfig,
     62                void* sniSocketConfigArg,
     63                ServerConfigFunc configFunc = nullptr);
     64 
     65 template <typename Host>
     66 inline const Host* GetHostForSNI(const SECItem* aSrvNameArr,
     67                                 uint32_t aSrvNameArrSize, const Host* hosts) {
     68  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
     69    for (const Host* host = hosts; host->mHostName; ++host) {
     70      SECItem hostName;
     71      hostName.data = BitwiseCast<unsigned char*, const char*>(host->mHostName);
     72      hostName.len = strlen(host->mHostName);
     73      if (SECITEM_ItemsAreEqual(&hostName, &aSrvNameArr[i])) {
     74        if (gDebugLevel >= DEBUG_VERBOSE) {
     75          fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
     76        }
     77        return host;
     78      }
     79    }
     80  }
     81 
     82  if (gDebugLevel >= DEBUG_VERBOSE) {
     83    fprintf(stderr, "could not find host info from SNI\n");
     84  }
     85 
     86  PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
     87  return nullptr;
     88 }
     89 
     90 }  // namespace test
     91 }  // namespace mozilla
     92 
     93 #endif  // TLSServer_h