[Libreoffice-commits] online.git: loolwsd/cert.pem loolwsd/Common.hpp loolwsd/configure.ac loolwsd/key.pem loolwsd/LOOLWSD.cpp
Pranav Kant
pranavk at collabora.com
Mon Mar 21 14:05:28 UTC 2016
loolwsd/Common.hpp | 2 ++
loolwsd/LOOLWSD.cpp | 29 ++++++++++++++++++++++++++++-
loolwsd/cert.pem | 24 ++++++++++++++++++++++++
loolwsd/configure.ac | 2 +-
loolwsd/key.pem | 27 +++++++++++++++++++++++++++
5 files changed, 82 insertions(+), 2 deletions(-)
New commits:
commit fb9c9a9ec7833e290833e1133780ac4b39a92bf7
Author: Pranav Kant <pranavk at collabora.com>
Date: Mon Mar 21 14:07:39 2016 +0530
loolwsd: SSL infrastructure
... and use SSL for client connections.
Change-Id: Id396a7c2d1830da8d3b0ce446522403363ac17c1
Reviewed-on: https://gerrit.libreoffice.org/23395
Reviewed-by: Tor Lillqvist <tml at collabora.com>
Tested-by: Tor Lillqvist <tml at collabora.com>
diff --git a/loolwsd/Common.hpp b/loolwsd/Common.hpp
index 053ce94..fd7ee55 100644
--- a/loolwsd/Common.hpp
+++ b/loolwsd/Common.hpp
@@ -37,6 +37,8 @@ constexpr int SMALL_MESSAGE_SIZE = READ_BUFFER_SIZE / 2;
static const std::string JailedDocumentRoot = "/user/docs/";
static const std::string CHILD_URI = "/loolws/child?";
static const std::string LOLEAFLET_PATH = "/loleaflet/dist/loleaflet.html?";
+static const std::string SSL_CERT_FILE = "cert.pem";
+static const std::string SSL_KEY_FILE = "key.pem";
#endif
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index 2c47456..ba30f41 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -62,6 +62,8 @@ DEALINGS IN THE SOFTWARE.
#include <Poco/File.h>
#include <Poco/FileStream.h>
#include <Poco/Mutex.h>
+#include <Poco/Net/ConsoleCertificateHandler.h>
+#include <Poco/Net/Context.h>
#include <Poco/Net/HTMLForm.h>
#include <Poco/Net/HTTPClientSession.h>
#include <Poco/Net/HTTPRequest.h>
@@ -72,12 +74,17 @@ DEALINGS IN THE SOFTWARE.
#include <Poco/Net/HTTPServerParams.h>
#include <Poco/Net/HTTPServerRequest.h>
#include <Poco/Net/HTTPServerResponse.h>
+#include <Poco/Net/InvalidCertificateHandler.h>
+#include <Poco/Net/KeyConsoleHandler.h>
#include <Poco/Net/MessageHeader.h>
#include <Poco/Net/Net.h>
#include <Poco/Net/NetException.h>
#include <Poco/Net/PartHandler.h>
+#include <Poco/Net/PrivateKeyPassphraseHandler.h>
+#include <Poco/Net/SecureServerSocket.h>
#include <Poco/Net/ServerSocket.h>
#include <Poco/Net/SocketAddress.h>
+#include <Poco/Net/SSLManager.h>
#include <Poco/Net/WebSocket.h>
#include <Poco/Path.h>
#include <Poco/Process.h>
@@ -130,6 +137,7 @@ using Poco::Net::HTTPServerResponse;
using Poco::Net::MessageHeader;
using Poco::Net::NameValueCollection;
using Poco::Net::PartHandler;
+using Poco::Net::SecureServerSocket;
using Poco::Net::ServerSocket;
using Poco::Net::Socket;
using Poco::Net::SocketAddress;
@@ -1088,6 +1096,22 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
return Application::EXIT_USAGE;
}
+ Poco::Crypto::initializeCrypto();
+
+ // SSL initialize
+ Poco::Net::initializeSSL();
+ Poco::Net::Context::Params sslParams;
+ sslParams.certificateFile = Path(Application::instance().commandPath()).parent().toString() + SSL_CERT_FILE;
+ sslParams.privateKeyFile = Path(Application::instance().commandPath()).parent().toString() + SSL_KEY_FILE;
+ // Don't ask clients for certificate
+ sslParams.verificationMode = Poco::Net::Context::VERIFY_NONE;
+
+ Poco::SharedPtr<Poco::Net::PrivateKeyPassphraseHandler> consoleHandler = new Poco::Net::KeyConsoleHandler(true);
+ Poco::SharedPtr<Poco::Net::InvalidCertificateHandler> invalidCertHandler = new Poco::Net::ConsoleCertificateHandler(false);
+
+ Poco::Net::Context::Ptr sslContext = new Poco::Net::Context(Poco::Net::Context::SERVER_USE, sslParams);
+ Poco::Net::SSLManager::instance().initializeServer(consoleHandler, invalidCertHandler, sslContext);
+
char *locale = setlocale(LC_ALL, nullptr);
if (locale == nullptr || std::strcmp(locale, "C") == 0)
setlocale(LC_ALL, "en_US.utf8");
@@ -1193,7 +1217,7 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
params2->setMaxThreads(MAX_SESSIONS);
// Start a server listening on the port for clients
- ServerSocket svs(ClientPortNumber);
+ SecureServerSocket svs(ClientPortNumber);
ThreadPool threadPool(NumPreSpawnedChildren*6, MAX_SESSIONS * 2);
HTTPServer srv(new RequestHandlerFactory<ClientRequestHandler>(), threadPool, svs, params1);
@@ -1326,6 +1350,9 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
Util::removeFile(path, true);
}
+ Poco::Net::uninitializeSSL();
+ Poco::Crypto::uninitializeCrypto();
+
Log::info("Process [loolwsd] finished.");
return Application::EXIT_OK;
}
diff --git a/loolwsd/cert.pem b/loolwsd/cert.pem
new file mode 100644
index 0000000..8573263
--- /dev/null
+++ b/loolwsd/cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECzCCAvOgAwIBAgIJAODbP0OufIfRMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD
+VQQGEwJJTjETMBEGA1UECAwKQ2hhbmRpZ2FyaDETMBEGA1UEBwwKQ2hhbmRpZ2Fy
+aDESMBAGA1UECgwJQ29sbGFib3JhMRIwEAYDVQQLDAlDb2xsYWJvcmExEjAQBgNV
+BAMMCWxvY2FsaG9zdDEmMCQGCSqGSIb3DQEJARYXcHJhbmF2a0Bjb2xsYWJvcmEu
+Y28udWswHhcNMTYwMzE3MTkyOTUwWhcNMTcwMzE3MTkyOTUwWjCBmzELMAkGA1UE
+BhMCSU4xEzARBgNVBAgMCkNoYW5kaWdhcmgxEzARBgNVBAcMCkNoYW5kaWdhcmgx
+EjAQBgNVBAoMCUNvbGxhYm9yYTESMBAGA1UECwwJQ29sbGFib3JhMRIwEAYDVQQD
+DAlsb2NhbGhvc3QxJjAkBgkqhkiG9w0BCQEWF3ByYW5hdmtAY29sbGFib3JhLmNv
+LnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurOVgcqAuIeXIySR
+vc2ZBUrliOd4uUxjIXaKv6SJKucnYON9tLqFtfvbHr6dRN8ii2rtVzSt4xGmL7y/
+tt6g+Bw9J2vz94pr6fK8HsSO4SCEegCDqUlcjYL8lNo64ko+tXEDyyAP6U44wY0o
+QSxSBabFf/r2hnquMIkhA1rBdwlL7dUi6lj1CBP/RRIamo3xu5Jnr28brd4eDrFT
+Ozd/smZFsYXJttXIVIogBFeedQJwXzhlFOfW2U/6lDUdmS8elcTy5Q53m/AYm2SI
+t17H6hJtKulxme/9u2vuZyEsUQZKH7h4eM7vn+ycOyhC7Us6w8h1I4E/lQ2KpHCG
+avnNgQIDAQABo1AwTjAdBgNVHQ4EFgQUTv8kVhooEjV+xmMv9XK2dVMcvfQwHwYD
+VR0jBBgwFoAUTv8kVhooEjV+xmMv9XK2dVMcvfQwDAYDVR0TBAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAKWMHIRErOd/N0OB9HXYiFOht5FB0G7lcxVi2/xuQZ7+a
+fE35J2PPnKh4T9ZJRNfVR9hLUiW4/PUol28R+199OTn0mmDvvBv+39qJCS/GW/+f
+h7S1xE0xEGe5Mhur9TZA2XFNinp+TaQhS6/cmSKa+Mmhh8eHEezycjTR9+xERass
+e8ksYDDzUbcSF/z6iZxy8ISjx1ShIzARdu0wLO91TiDW5HFy1wDWRxuoEZsJvMwc
+aYHZmL1TneKm2zsHbEa8RKszhVu2RkgKUfbfHuWNgxisLe0zR9s0j9UZsbmBt235
+H4uIDQovurvlm5aiLPIUTEnRN1dCF0n7k9KQQslZmA==
+-----END CERTIFICATE-----
diff --git a/loolwsd/configure.ac b/loolwsd/configure.ac
index 9c2bf82..c896d62 100644
--- a/loolwsd/configure.ac
+++ b/loolwsd/configure.ac
@@ -119,7 +119,7 @@ AS_IF([test `uname -s` = Linux],
AS_IF([test "$enable_tests" != "no"],
[PKG_CHECK_MODULES([CPPUNIT], [cppunit])])
-LIBS="$LIBS -lPocoNet${POCO_DEBUG_SUFFIX} -lPocoUtil${POCO_DEBUG_SUFFIX} -lPocoJSON${POCO_DEBUG_SUFFIX} -lPocoFoundation${POCO_DEBUG_SUFFIX} -lPocoXML${POCO_DEBUG_SUFFIX}"
+LIBS="$LIBS -lPocoNet${POCO_DEBUG_SUFFIX} -lPocoUtil${POCO_DEBUG_SUFFIX} -lPocoJSON${POCO_DEBUG_SUFFIX} -lPocoFoundation${POCO_DEBUG_SUFFIX} -lPocoXML${POCO_DEBUG_SUFFIX} -lPocoNetSSL${POCO_DEBUG_SUFFIX} -lPocoCrypto${POCO_DEBUG_SUFFIX}"
AC_CHECK_HEADERS([LibreOfficeKit/LibreOfficeKit.h],
[],
diff --git a/loolwsd/key.pem b/loolwsd/key.pem
new file mode 100644
index 0000000..ddcfd07
--- /dev/null
+++ b/loolwsd/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAurOVgcqAuIeXIySRvc2ZBUrliOd4uUxjIXaKv6SJKucnYON9
+tLqFtfvbHr6dRN8ii2rtVzSt4xGmL7y/tt6g+Bw9J2vz94pr6fK8HsSO4SCEegCD
+qUlcjYL8lNo64ko+tXEDyyAP6U44wY0oQSxSBabFf/r2hnquMIkhA1rBdwlL7dUi
+6lj1CBP/RRIamo3xu5Jnr28brd4eDrFTOzd/smZFsYXJttXIVIogBFeedQJwXzhl
+FOfW2U/6lDUdmS8elcTy5Q53m/AYm2SIt17H6hJtKulxme/9u2vuZyEsUQZKH7h4
+eM7vn+ycOyhC7Us6w8h1I4E/lQ2KpHCGavnNgQIDAQABAoIBAQCKDL3w4ZZ6W6/y
+iVjGep66Hh5JM7a9dPEbzjZb7EKMma0xZCUQHJc/8AGe4x0QztkRM7hZMhedffBe
+/fbYNhfaPa8uVhFoKU8QBq75JSfs6Qlr2LOB2j/4VzGCsza1Gmbx7KX8bTG2tmMb
+Is/wGOBxU1ZYAm6FE3N3af4iJ9pDtDTHggY+mq7g4VyKOpTcp2j/r970sh9vq1Es
++FyTWsTEx47Ar0X7/n4xb/cVyNQQh/78uDZZ3o1pnTUDtKH7VD8gFWuNdG9Vase3
+xUSwXuAvTBmxip5TrTjSnuhsLPWYqulwy89P+zsDHbBLZMW5Xl3Vpwq2J1AzmwuW
+LJewDO4tAoGBAOxkvL+KUHa0/eapx9iBM2hd/MZYCYVGfRm1IBdeIKuE/ITKHF2v
+2fo6GPaOfZibtSCbeMwwhnsuZ7Efz2qAPzla9is4gK3bJYiFT5fVDlyoDUdA4+Nr
+3mBH4aoBRXrEsektjdSpryFydmMb8reJ0J/cKJ4n083yIMjSv5bAwiW/AoGBAMov
+wNkSrWIqBuk83UdLzD7qENqT5S1qCvXyiKFqrWozgfulyIJXKebmtOKI2rnsG8bz
+puZSaUvx79UvhZKOMtTjYoK1IMB7hxRVV/YsjkyIONHCwhbYSJXcWkRsgdmSn8Db
+Zs4oQMfflC4IaH3I2w7EdRLOAI0g7eRTRxclMVy/AoGBAI0TBU1ttt1Q4CFy+y/q
+0woa5QpdabkeuvPHkxI++1JA+A4rK8iBdJ2PZGxn1u5nJi4CepGo9+i1Ze5fpIHT
+bWfGMBjVDH40xW522GwtGvgS1nHKePW03y4oV7UEMzmz/tTAed8LMNfOHnbBLBV6
+aoWsdpUEAbPrJsOSegH2oSazAoGAAm5Yj0OeOhPvSVamAnly1z7RPQ+SLd2cjCCC
+bA5wT1qXMYNoychqhJA5lI+4sYuZOecsFpDfGz6pd5K+tGhpTA3/3Tp4Tlgt45yz
+Fg6rF1h79mm1E7k+Bi9EFpaHaSpOKW956Piq7rxNd9A6EWkc2Sybi8JWV1wSADDQ
+JgMYeNkCgYEAo0bpz8e+ZMTs3acnOwn8xT0tY9Q57hjTJfftZLjugyh9Y/6T85CR
+Wcpyq6HfEFWKImgM9XJllCqCH9JgXs/IouH0N3B2zG1ySKCK4qVimd+RJPNcn1Nf
+Pda7R2pJuvGglIBJi9EFNHGkUzF74ptru5Hins/+EVDpIRyl6ZJTfUg=
+-----END RSA PRIVATE KEY-----
More information about the Libreoffice-commits
mailing list