node/src/tls_wrap.h

#ifndef SRC_TLS_WRAP_H_
#define SRC_TLS_WRAP_H_

#include "node.h"
#include "node_crypto.h"  // SSLWrap

#include "async-wrap.h"
#include "env.h"
#include "stream_wrap.h"
#include "util.h"
#include "v8.h"

#include <openssl/ssl.h>

namespace node {

// Forward-declarations
class NodeBIO;
class WriteWrap;
namespace crypto {
  class SecureContext;
}

class TLSCallbacks : public crypto::SSLWrap<TLSCallbacks>,
                     public StreamWrapCallbacks,
                     public AsyncWrap {
 public:
  ~TLSCallbacks() override;

  static void Initialize(v8::Handle<v8::Object> target,
                         v8::Handle<v8::Value> unused,
                         v8::Handle<v8::Context> context);

  const char* Error() const override;
  void ClearError() override;
  int TryWrite(uv_buf_t** bufs, size_t* count) override;
  int DoWrite(WriteWrap* w,
              uv_buf_t* bufs,
              size_t count,
              uv_stream_t* send_handle,
              uv_write_cb cb) override;
  void AfterWrite(WriteWrap* w) override;
  void DoAlloc(uv_handle_t* handle,
               size_t suggested_size,
               uv_buf_t* buf) override;
  void DoRead(uv_stream_t* handle,
              ssize_t nread,
              const uv_buf_t* buf,
              uv_handle_type pending) override;
  int DoShutdown(ShutdownWrap* req_wrap, uv_shutdown_cb cb) override;

  void NewSessionDoneCb();

 protected:
  static const int kClearOutChunkSize = 1024;

  // Maximum number of bytes for hello parser
  static const int kMaxHelloLength = 16384;

  // Usual ServerHello + Certificate size
  static const int kInitialClientBufferLength = 4096;

  // Maximum number of buffers passed to uv_write()
  static const int kSimultaneousBufferCount = 10;

  // Write callback queue's item
  class WriteItem {
   public:
    WriteItem(WriteWrap* w, uv_write_cb cb) : w_(w), cb_(cb) {
    }
    ~WriteItem() {
      w_ = nullptr;
      cb_ = nullptr;
    }

    WriteWrap* w_;
    uv_write_cb cb_;
    ListNode<WriteItem> member_;
  };

  TLSCallbacks(Environment* env,
               Kind kind,
               v8::Handle<v8::Object> sc,
               StreamWrapCallbacks* old);

  static void SSLInfoCallback(const SSL* ssl_, int where, int ret);
  void InitSSL();
  void EncOut();
  static void EncOutCb(uv_write_t* req, int status);
  bool ClearIn();
  void ClearOut();
  void MakePending();
  bool InvokeQueued(int status);

  inline void Cycle() {
    // Prevent recursion
    if (++cycle_depth_ > 1)
      return;

    for (; cycle_depth_ > 0; cycle_depth_--) {
      ClearIn();
      ClearOut();
      EncOut();
    }
  }

  // If |msg| is not nullptr, caller is responsible for calling `delete[] *msg`.
  v8::Local<v8::Value> GetSSLError(int status, int* err, const char** msg);

  static void OnClientHelloParseEnd(void* arg);
  static void Wrap(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void Receive(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void Start(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void EnableSessionCallbacks(
      const v8::FunctionCallbackInfo<v8::Value>& args);
  static void EnableHelloParser(
      const v8::FunctionCallbackInfo<v8::Value>& args);

#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
  static void GetServername(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void SetServername(const v8::FunctionCallbackInfo<v8::Value>& args);
  static int SelectSNIContextCallback(SSL* s, int* ad, void* arg);
#endif  // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB

  crypto::SecureContext* sc_;
  v8::Persistent<v8::Object> sc_handle_;
  BIO* enc_in_;
  BIO* enc_out_;
  NodeBIO* clear_in_;
  uv_write_t write_req_;
  size_t write_size_;
  size_t write_queue_size_;
  typedef ListHead<WriteItem, &WriteItem::member_> WriteItemList;
  WriteItemList write_item_queue_;
  WriteItemList pending_write_items_;
  bool started_;
  bool established_;
  bool shutdown_;
  const char* error_;
  int cycle_depth_;

  // If true - delivered EOF to the js-land, either after `close_notify`, or
  // after the `UV_EOF` on socket.
  bool eof_;

#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
  v8::Persistent<v8::Value> sni_context_;
#endif  // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
};

}  // namespace node

#endif  // SRC_TLS_WRAP_H_
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`#ifndef SRC_TLS_WRAP_H_`
			`#define SRC_TLS_WRAP_H_`

src: use PersistentToLocal() in a few more places Update a few more `Local<T>::New(isolate, persistent)` call sites to `PersistentToLocal(isolate, persistent)` - the latter has a fast path for non-weak persistent references. 12 years ago			`#include "node.h"`
tls, crypto: deduplicate code Commit 03e008d introduced src/tls_wrap.cc and src/tls_wrap.h but said files copied on the order of 1 kLoC from src/node_crypto.cc and src/node_crypto.h. This commit undoes some of the duplication. Fixes #6024. 12 years ago			`#include "node_crypto.h" // SSLWrap`
src: add multi-context support This commit makes it possible to use multiple V8 execution contexts within a single event loop. Put another way, handle and request wrap objects now "remember" the context they belong to and switch back to that context when the time comes to call into JS land. This could have been done in a quick and hacky way by calling v8::Object::GetCreationContext() on the wrap object right before making a callback but that leaves a fairly wide margin for bugs. Instead, we make the context explicit through a new Environment class that encapsulates everything (or almost everything) that belongs to the context. Variables that used to be a static or a global are now members of the aforementioned class. An additional benefit is that this approach should make it relatively straightforward to add full isolate support in due course. There is no JavaScript API yet but that will be added in the near future. This work was graciously sponsored by GitHub, Inc. 12 years ago
async-wrap: integrate with WeakObject Making WeakObject inherit from AsyncWrap allows us to peak into almost all the MakeCallback calls in Node internals. 12 years ago			`#include "async-wrap.h"`
src: add multi-context support This commit makes it possible to use multiple V8 execution contexts within a single event loop. Put another way, handle and request wrap objects now "remember" the context they belong to and switch back to that context when the time comes to call into JS land. This could have been done in a quick and hacky way by calling v8::Object::GetCreationContext() on the wrap object right before making a callback but that leaves a fairly wide margin for bugs. Instead, we make the context explicit through a new Environment class that encapsulates everything (or almost everything) that belongs to the context. Variables that used to be a static or a global are now members of the aforementioned class. An additional benefit is that this approach should make it relatively straightforward to add full isolate support in due course. There is no JavaScript API yet but that will be added in the near future. This work was graciously sponsored by GitHub, Inc. 12 years ago			`#include "env.h"`
src: use PersistentToLocal() in a few more places Update a few more `Local<T>::New(isolate, persistent)` call sites to `PersistentToLocal(isolate, persistent)` - the latter has a fast path for non-weak persistent references. 12 years ago			`#include "stream_wrap.h"`
src: switch from QUEUE to intrusive list This commit also breaks up req_wrap.h into req-wrap.h and req-wrap-inl.h to work around a circular dependency issue in env.h. PR-URL: https://github.com/iojs/io.js/pull/667 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> 10 years ago			`#include "util.h"`
src: use PersistentToLocal() in a few more places Update a few more `Local<T>::New(isolate, persistent)` call sites to `PersistentToLocal(isolate, persistent)` - the latter has a fast path for non-weak persistent references. 12 years ago			`#include "v8.h"`
tls_wrap: embed TLS encryption into streamwrap 12 years ago
build: fix include order for building on windows fallout from the tls_wrap feature landing 12 years ago			`#include <openssl/ssl.h>`

tls_wrap: embed TLS encryption into streamwrap 12 years ago			`namespace node {`

			`// Forward-declarations`
			`class NodeBIO;`
			`class WriteWrap;`
			`namespace crypto {`
			`class SecureContext;`
			`}`

tls, crypto: deduplicate code Commit 03e008d introduced src/tls_wrap.cc and src/tls_wrap.h but said files copied on the order of 1 kLoC from src/node_crypto.cc and src/node_crypto.h. This commit undoes some of the duplication. Fixes #6024. 12 years ago			`class TLSCallbacks : public crypto::SSLWrap<TLSCallbacks>,`
async-wrap: integrate with WeakObject Making WeakObject inherit from AsyncWrap allows us to peak into almost all the MakeCallback calls in Node internals. 12 years ago			`public StreamWrapCallbacks,`
			`public AsyncWrap {`
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`public:`
src: mark more destructors with override keyword The previous commits fixed oversights in destructors that should have been marked virtual but weren't. This commit marks destructors from derived classes with the override keyword. 11 years ago			`~TLSCallbacks() override;`
tls_wrap: ensure that TLSCallbacks are gc-able Call `MakeWeak()` to destruct TLSCallbacks when the js-object dies. fix #8416 Reviewed-By: Fedor Indutny <fedor@indutny.com> 11 years ago
src: add multi-context support This commit makes it possible to use multiple V8 execution contexts within a single event loop. Put another way, handle and request wrap objects now "remember" the context they belong to and switch back to that context when the time comes to call into JS land. This could have been done in a quick and hacky way by calling v8::Object::GetCreationContext() on the wrap object right before making a callback but that leaves a fairly wide margin for bugs. Instead, we make the context explicit through a new Environment class that encapsulates everything (or almost everything) that belongs to the context. Variables that used to be a static or a global are now members of the aforementioned class. An additional benefit is that this approach should make it relatively straightforward to add full isolate support in due course. There is no JavaScript API yet but that will be added in the near future. This work was graciously sponsored by GitHub, Inc. 12 years ago			`static void Initialize(v8::Handle<v8::Object> target,`
			`v8::Handle<v8::Value> unused,`
			`v8::Handle<v8::Context> context);`
tls_wrap: embed TLS encryption into streamwrap 12 years ago
src: remove static variables from tls_wrap Remove the error message globals. More prep work for multi-isolate support. Reviewed-By: Fedor Indutny <fedor@indutny.com> PR-URL: https://github.com/node-forward/node/pull/58 10 years ago			`const char* Error() const override;`
			`void ClearError() override;`
src: mark virtual functions with override keyword Add `override` keywords where appropriate. Makes maintenance easier because the compiler will shout at you when a base class changes in an incompatible way. 11 years ago			`int TryWrite(uv_buf_t** bufs, size_t* count) override;`
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`int DoWrite(WriteWrap* w,`
			`uv_buf_t* bufs,`
			`size_t count,`
			`uv_stream_t* send_handle,`
src: mark virtual functions with override keyword Add `override` keywords where appropriate. Makes maintenance easier because the compiler will shout at you when a base class changes in an incompatible way. 11 years ago			`uv_write_cb cb) override;`
			`void AfterWrite(WriteWrap* w) override;`
uv: upgrade to v0.11.12 * upgrade deps/uv/ to v0.11.12. * update files in src/ after a libuv API change. 12 years ago			`void DoAlloc(uv_handle_t* handle,`
			`size_t suggested_size,`
src: mark virtual functions with override keyword Add `override` keywords where appropriate. Makes maintenance easier because the compiler will shout at you when a base class changes in an incompatible way. 11 years ago			`uv_buf_t* buf) override;`
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`void DoRead(uv_stream_t* handle,`
			`ssize_t nread,`
uv: upgrade to v0.11.12 * upgrade deps/uv/ to v0.11.12. * update files in src/ after a libuv API change. 12 years ago			`const uv_buf_t* buf,`
src: mark virtual functions with override keyword Add `override` keywords where appropriate. Makes maintenance easier because the compiler will shout at you when a base class changes in an incompatible way. 11 years ago			`uv_handle_type pending) override;`
			`int DoShutdown(ShutdownWrap* req_wrap, uv_shutdown_cb cb) override;`
tls_wrap: embed TLS encryption into streamwrap 12 years ago
crypto: make NewSessionDoneCb public Generic friend classes do not work well with old compiler versions (and MSVC). 11 years ago			`void NewSessionDoneCb();`

tls_wrap: embed TLS encryption into streamwrap 12 years ago			`protected:`
Merge branch 'v0.10' Conflicts: lib/tls.js src/node_crypto.cc src/node_crypto.h 11 years ago			`static const int kClearOutChunkSize = 1024;`
tls_wrap: embed TLS encryption into streamwrap 12 years ago
crypto: lower RSS usage for TLSCallbacks Don't allocate any BIO buffers initially, do this on a first read from the TCP connection. Allocate different amount of data for initial read and for consequent reads: small buffer for hello+certificate, big buffer for better throughput. see #8416 11 years ago			`// Maximum number of bytes for hello parser`
			`static const int kMaxHelloLength = 16384;`

			`// Usual ServerHello + Certificate size`
			`static const int kInitialClientBufferLength = 4096;`

tls_wrap: use writev when possible Try writing multiple chunks from NodeBIO if possible. 11 years ago			`// Maximum number of buffers passed to uv_write()`
			`static const int kSimultaneousBufferCount = 10;`

tls: session API returns 12 years ago			`// Write callback queue's item`
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`class WriteItem {`
			`public:`
			`WriteItem(WriteWrap* w, uv_write_cb cb) : w_(w), cb_(cb) {`
			`}`
			`~WriteItem() {`
src: replace NULL with nullptr Now that we are building with C++11 features enabled, replace use of NULL with nullptr. The benefit of using nullptr is that it can never be confused for an integral type because it does not support implicit conversions to integral types except boolean - unlike NULL, which is defined as a literal `0`. 11 years ago			`w_ = nullptr;`
			`cb_ = nullptr;`
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`}`

			`WriteWrap* w_;`
			`uv_write_cb cb_;`
src: switch from QUEUE to intrusive list This commit also breaks up req_wrap.h into req-wrap.h and req-wrap-inl.h to work around a circular dependency issue in env.h. PR-URL: https://github.com/iojs/io.js/pull/667 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> 10 years ago			`ListNode<WriteItem> member_;`
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`};`

src: add multi-context support This commit makes it possible to use multiple V8 execution contexts within a single event loop. Put another way, handle and request wrap objects now "remember" the context they belong to and switch back to that context when the time comes to call into JS land. This could have been done in a quick and hacky way by calling v8::Object::GetCreationContext() on the wrap object right before making a callback but that leaves a fairly wide margin for bugs. Instead, we make the context explicit through a new Environment class that encapsulates everything (or almost everything) that belongs to the context. Variables that used to be a static or a global are now members of the aforementioned class. An additional benefit is that this approach should make it relatively straightforward to add full isolate support in due course. There is no JavaScript API yet but that will be added in the near future. This work was graciously sponsored by GitHub, Inc. 12 years ago			`TLSCallbacks(Environment* env,`
			`Kind kind,`
			`v8::Handle<v8::Object> sc,`
			`StreamWrapCallbacks* old);`
tls_wrap: embed TLS encryption into streamwrap 12 years ago
			`static void SSLInfoCallback(const SSL* ssl_, int where, int ret);`
			`void InitSSL();`
			`void EncOut();`
			`static void EncOutCb(uv_write_t* req, int status);`
			`bool ClearIn();`
			`void ClearOut();`
tls_wrap: propagate errors to write callbacks fix #6903 11 years ago			`void MakePending();`
			`bool InvokeQueued(int status);`
tls: session API returns 12 years ago
			`inline void Cycle() {`
tls: introduce asynchronous `newSession` fix #7105 11 years ago			`// Prevent recursion`
			`if (++cycle_depth_ > 1)`
			`return;`

			`for (; cycle_depth_ > 0; cycle_depth_--) {`
			`ClearIn();`
			`ClearOut();`
			`EncOut();`
			`}`
tls: session API returns 12 years ago			`}`
tls_wrap: embed TLS encryption into streamwrap 12 years ago
src: remove static variables from tls_wrap Remove the error message globals. More prep work for multi-isolate support. Reviewed-By: Fedor Indutny <fedor@indutny.com> PR-URL: https://github.com/node-forward/node/pull/58 10 years ago			// If \|msg\| is not nullptr, caller is responsible for calling `delete[] *msg`.
tls_wrap: propagate errors to write callbacks fix #6903 11 years ago			`v8::Local<v8::Value> GetSSLError(int status, int* err, const char** msg);`

tls_wrap: DRY ClientHelloParser Share ClientHelloParser code between `tls_wrap.cc` and `node_crypto.cc`. fix #5959 12 years ago			`static void OnClientHelloParseEnd(void* arg);`
lib, src: upgrade after v8 api change This is a big commit that touches just about every file in the src/ directory. The V8 API has changed in significant ways. The most important changes are: * Binding functions take a const v8::FunctionCallbackInfo<T>& argument rather than a const v8::Arguments& argument. * Binding functions return void rather than v8::Handle<v8::Value>. The return value is returned with the args.GetReturnValue().Set() family of functions. * v8::Persistent<T> no longer derives from v8::Handle<T> and no longer allows you to directly dereference the object that the persistent handle points to. This means that the common pattern of caching oft-used JS values in a persistent handle no longer quite works, you first need to reconstruct a v8::Local<T> from the persistent handle with the Local<T>::New(isolate, persistent) factory method. A handful of (internal) convenience classes and functions have been added to make dealing with the new API a little easier. The most visible one is node::Cached<T>, which wraps a v8::Persistent<T> with some template sugar. It can hold arbitrary types but so far it's exclusively used for v8::Strings (which was by far the most commonly cached handle type.) 12 years ago			`static void Wrap(const v8::FunctionCallbackInfo<v8::Value>& args);`
tls: process accumulated input When creating TLSSocket on top of the regular socket that already contains some received data, `_tls_wrap.js` should try to write all that data to the internal `SSL*` instance. fix #6940 11 years ago			`static void Receive(const v8::FunctionCallbackInfo<v8::Value>& args);`
lib, src: upgrade after v8 api change This is a big commit that touches just about every file in the src/ directory. The V8 API has changed in significant ways. The most important changes are: * Binding functions take a const v8::FunctionCallbackInfo<T>& argument rather than a const v8::Arguments& argument. * Binding functions return void rather than v8::Handle<v8::Value>. The return value is returned with the args.GetReturnValue().Set() family of functions. * v8::Persistent<T> no longer derives from v8::Handle<T> and no longer allows you to directly dereference the object that the persistent handle points to. This means that the common pattern of caching oft-used JS values in a persistent handle no longer quite works, you first need to reconstruct a v8::Local<T> from the persistent handle with the Local<T>::New(isolate, persistent) factory method. A handful of (internal) convenience classes and functions have been added to make dealing with the new API a little easier. The most visible one is node::Cached<T>, which wraps a v8::Persistent<T> with some template sugar. It can hold arbitrary types but so far it's exclusively used for v8::Strings (which was by far the most commonly cached handle type.) 12 years ago			`static void Start(const v8::FunctionCallbackInfo<v8::Value>& args);`
			`static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);`
			`static void EnableSessionCallbacks(`
			`const v8::FunctionCallbackInfo<v8::Value>& args);`
tls: asynchronous SNICallback Make ClientHelloParser handle SNI extension, and extend `_tls_wrap.js` to support loading SNI Context from both hello, and resumed session. fix #5967 12 years ago			`static void EnableHelloParser(`
			`const v8::FunctionCallbackInfo<v8::Value>& args);`
tls: session API returns 12 years ago
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB`
lib, src: upgrade after v8 api change This is a big commit that touches just about every file in the src/ directory. The V8 API has changed in significant ways. The most important changes are: * Binding functions take a const v8::FunctionCallbackInfo<T>& argument rather than a const v8::Arguments& argument. * Binding functions return void rather than v8::Handle<v8::Value>. The return value is returned with the args.GetReturnValue().Set() family of functions. * v8::Persistent<T> no longer derives from v8::Handle<T> and no longer allows you to directly dereference the object that the persistent handle points to. This means that the common pattern of caching oft-used JS values in a persistent handle no longer quite works, you first need to reconstruct a v8::Local<T> from the persistent handle with the Local<T>::New(isolate, persistent) factory method. A handful of (internal) convenience classes and functions have been added to make dealing with the new API a little easier. The most visible one is node::Cached<T>, which wraps a v8::Persistent<T> with some template sugar. It can hold arbitrary types but so far it's exclusively used for v8::Strings (which was by far the most commonly cached handle type.) 12 years ago			`static void GetServername(const v8::FunctionCallbackInfo<v8::Value>& args);`
			`static void SetServername(const v8::FunctionCallbackInfo<v8::Value>& args);`
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`static int SelectSNIContextCallback(SSL* s, int* ad, void* arg);`
			`#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB`

			`crypto::SecureContext* sc_;`
			`v8::Persistent<v8::Object> sc_handle_;`
			`BIO* enc_in_;`
			`BIO* enc_out_;`
			`NodeBIO* clear_in_;`
			`uv_write_t write_req_;`
			`size_t write_size_;`
			`size_t write_queue_size_;`
src: switch from QUEUE to intrusive list This commit also breaks up req_wrap.h into req-wrap.h and req-wrap-inl.h to work around a circular dependency issue in env.h. PR-URL: https://github.com/iojs/io.js/pull/667 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> 10 years ago			`typedef ListHead<WriteItem, &WriteItem::member_> WriteItemList;`
			`WriteItemList write_item_queue_;`
			`WriteItemList pending_write_items_;`
tls_wrap: embed TLS encryption into streamwrap 12 years ago			`bool started_;`
			`bool established_;`
			`bool shutdown_;`
tls_wrap: propagate errors to write callbacks fix #6903 11 years ago			`const char* error_;`
tls: introduce asynchronous `newSession` fix #7105 11 years ago			`int cycle_depth_;`
tls_wrap: embed TLS encryption into streamwrap 12 years ago
Merge branch 'v0.10' Conflicts: lib/tls.js src/node_crypto.cc src/node_crypto.h 11 years ago			// If true - delivered EOF to the js-land, either after `close_notify`, or
			// after the `UV_EOF` on socket.
			`bool eof_;`

tls_wrap: embed TLS encryption into streamwrap 12 years ago			`#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB`
			`v8::Persistent<v8::Value> sni_context_;`
			`#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB`
			`};`

			`} // namespace node`

			`#endif // SRC_TLS_WRAP_H_`