IdSSL.pas 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303
  1. {
  2. $Project$
  3. $Workfile$
  4. $Revision$
  5. $DateUTC$
  6. $Id$
  7. This file is part of the Indy (Internet Direct) project, and is offered
  8. under the dual-licensing agreement described on the Indy website.
  9. (http://www.indyproject.org/)
  10. Copyright:
  11. (c) 1993-2005, Chad Z. Hower and the Indy Pit Crew. All rights reserved.
  12. }
  13. {
  14. $Log$
  15. }
  16. {
  17. Rev 1.11 2004.02.03 5:45:36 PM czhower
  18. Name changes
  19. Rev 1.10 10/5/2003 11:44:06 PM GGrieve
  20. Remove IdContainers
  21. Rev 1.9 9/18/2003 10:20:28 AM JPMugaas
  22. Updated for new API.
  23. Rev 1.8 3/30/2003 12:38:56 AM BGooijen
  24. Removed warning
  25. Rev 1.7 3/30/2003 12:15:12 AM BGooijen
  26. Added MakeFTPSvrPort/MakeFTPSvrPasv
  27. Rev 1.6 3/23/2003 11:44:24 PM BGooijen
  28. Added MakeClientIOHandler(ATheThread:TIdThreadHandle ):...
  29. Rev 1.5 3/14/2003 10:00:36 PM BGooijen
  30. Removed TIdServerIOHandlerSSLBase.PeerPassthrough, the ssl is now enabled in
  31. the server-protocol-files
  32. Rev 1.3 3/13/2003 09:14:44 PM JPMugaas
  33. Added property suggested by Henrick Hellström (StreamSec) for checking a
  34. certificate against a URL provided by a user.
  35. Rev 1.2 3/13/2003 11:55:44 AM JPMugaas
  36. Updated registration framework to give more information.
  37. Rev 1.1 3/13/2003 4:08:42 PM BGooijen
  38. classes -> Classes
  39. Rev 1.0 3/13/2003 09:51:18 AM JPMugaas
  40. Abstract SSL class to permit the clients and servers to use OpenSSL or
  41. third-party components SSL IOHandler.
  42. }
  43. unit IdSSL;
  44. interface
  45. {$i IdCompilerDefines.inc}
  46. uses
  47. Classes,
  48. IdGlobal,
  49. IdIOHandler,
  50. IdIOHandlerSocket,
  51. IdIOHandlerStack,
  52. IdServerIOHandler,
  53. IdYarn;
  54. type
  55. //client
  56. TIdSSLIOHandlerSocketBase = class(TIdIOHandlerStack)
  57. protected
  58. fPassThrough: Boolean;
  59. fIsPeer : Boolean;
  60. FURIToCheck : String;
  61. function GetProxyTargetHost: string;
  62. function GetURIHost : string;
  63. procedure InitComponent; override;
  64. function RecvEnc(var ABuffer: TIdBytes): Integer; virtual; abstract;
  65. function SendEnc(const ABuffer: TIdBytes; const AOffset, ALength: Integer): Integer; virtual; abstract;
  66. function ReadDataFromSource(var VBuffer: TIdBytes): Integer; override;
  67. function WriteDataToTarget(const ABuffer: TIdBytes; const AOffset, ALength: Integer): Integer; override;
  68. procedure SetPassThrough(const AValue: Boolean); virtual;
  69. procedure SetURIToCheck(const AValue: String); virtual;
  70. public
  71. // TODO: add an AOwner parameter
  72. function Clone : TIdSSLIOHandlerSocketBase; virtual; abstract;
  73. procedure StartSSL; virtual; abstract;
  74. property PassThrough: Boolean read fPassThrough write SetPassThrough;
  75. property IsPeer : Boolean read fIsPeer write fIsPeer;
  76. {
  77. Pasted from private corresponance from Henrick Hellström - StreamSec http://www.streamsec.com
  78. This property should be set to the exact value of the URI passed to e.g.
  79. TIdHTTP.Get and should not be used or modified by any code outside of
  80. the SSL handler implementation units. The reason for this is that the
  81. SSL/TLS handler should verify that the URI entered by the client user
  82. matches the identity information present in the server certificate.
  83. }
  84. property URIToCheck : String read FURIToCheck write SetURIToCheck;
  85. end;
  86. //server
  87. TIdServerIOHandlerSSLBase = class(TIdServerIOHandler)
  88. protected
  89. public
  90. //this is for the FTP Server to make a client IOHandler for it's data connection's IOHandler
  91. function MakeClientIOHandler(ATheThread:TIdYarn ): TIdIOHandler; overload; override;
  92. function MakeClientIOHandler : TIdSSLIOHandlerSocketBase; reintroduce; overload; virtual; abstract;
  93. function MakeFTPSvrPort : TIdSSLIOHandlerSocketBase; virtual; abstract;
  94. function MakeFTPSvrPasv : TIdSSLIOHandlerSocketBase; virtual; abstract;
  95. end;
  96. type
  97. TIdClientSSLClass = class of TIdSSLIOHandlerSocketBase;
  98. TIdServerSSLClass = class of TIdServerIOHandlerSSLBase;
  99. Procedure RegisterSSL(const AProduct, AVendor, ACopyright,
  100. ADescription, AURL : String;
  101. const AClientClass : TIdClientSSLClass; const AServerClass : TIdServerSSLClass); {$IFDEF HAS_DEPRECATED}deprecated;{$ENDIF}
  102. type
  103. TIdSSLRegEntry = class(TCollectionItem)
  104. protected
  105. FProductName : String;
  106. FVendor : String;
  107. FCopyright : String;
  108. FDescription : String;
  109. FURL : String;
  110. FClientClass : TIdClientSSLClass;
  111. FServerClass : TIdServerSSLClass;
  112. public
  113. property ProductName : String read FProductName write FProductName;
  114. property Vendor : String read FVendor write FVendor;
  115. property Copyright : String read FCopyright write FCopyright;
  116. property Description : String read FDescription write FDescription;
  117. property URL : String read FURL write FURL;
  118. property ClientClass : TIdClientSSLClass read FClientClass write FClientClass;
  119. property ServerClass : TIdServerSSLClass read FServerClass write FServerClass;
  120. end {$IFDEF HAS_DEPRECATED}deprecated{$ENDIF};
  121. {$I IdSymbolDeprecatedOff.inc}
  122. TIdSSLRegistry = class(TCollection)
  123. protected
  124. function GetItem ( Index: Integer ) : TIdSSLRegEntry;
  125. procedure SetItem ( Index: Integer; const Value: TIdSSLRegEntry );
  126. public
  127. constructor Create; reintroduce;
  128. function Add: TIdSSLRegEntry;
  129. property Items [ Index: Integer ] : TIdSSLRegEntry read GetItem
  130. write SetItem; default;
  131. end {$IFDEF HAS_DEPRECATED}deprecated{$ENDIF};
  132. var
  133. GSSLRegistry : TIdSSLRegistry{$IFDEF HAS_DEPRECATED}{$IFDEF USE_SEMICOLON_BEFORE_DEPRECATED};{$ENDIF} deprecated{$ENDIF};
  134. {$I IdSymbolDeprecatedOn.inc}
  135. implementation
  136. uses
  137. SysUtils, IdCustomTransparentProxy, IdURI;
  138. {$I IdSymbolDeprecatedOff.inc}
  139. Procedure RegisterSSL(const AProduct, AVendor, ACopyright,
  140. ADescription, AURL : String;
  141. const AClientClass : TIdClientSSLClass; const AServerClass : TIdServerSSLClass);
  142. var
  143. LR : TIdSSLRegEntry;
  144. begin
  145. LR := GSSLRegistry.Add;
  146. LR.ProductName := AProduct;
  147. LR.Vendor := AVendor;
  148. LR.Copyright := ACopyRight;
  149. LR.Description := ADescription;
  150. LR.URL := AURL;
  151. LR.ClientClass := AClientClass;
  152. LR.ServerClass := AServerClass;
  153. end;
  154. {$I IdSymbolDeprecatedOn.inc}
  155. { TIdSSLIOHandlerSocketBase }
  156. function TIdSSLIOHandlerSocketBase.GetProxyTargetHost: string;
  157. var
  158. // under ARC, convert a weak reference to a strong reference before working with it
  159. LTransparentProxy, LNextTransparentProxy: TIdCustomTransparentProxy;
  160. begin
  161. Result := '';
  162. // RLebeau: not reading from the property as it will create a
  163. // default Proxy object if one is not already assigned...
  164. LTransparentProxy := FTransparentProxy;
  165. if Assigned(LTransparentProxy) then
  166. begin
  167. if LTransparentProxy.Enabled then
  168. begin
  169. repeat
  170. LNextTransparentProxy := LTransparentProxy.ChainedProxy;
  171. if not Assigned(LNextTransparentProxy) then
  172. Break;
  173. if not LNextTransparentProxy.Enabled then
  174. Break;
  175. LTransparentProxy := LNextTransparentProxy;
  176. until False;
  177. Result := LTransparentProxy.Host;
  178. end;
  179. end;
  180. end;
  181. function TIdSSLIOHandlerSocketBase.GetURIHost : string;
  182. var
  183. LURI: TIdURI;
  184. begin
  185. Result := '';
  186. if URIToCheck <> '' then
  187. begin
  188. LURI := TIdURI.Create(URIToCheck);
  189. try
  190. Result := LURI.Host;
  191. finally
  192. LURI.Free;
  193. end;
  194. end;
  195. end;
  196. procedure TIdSSLIOHandlerSocketBase.InitComponent;
  197. begin
  198. inherited;
  199. fPassThrough := True;
  200. end;
  201. function TIdSSLIOHandlerSocketBase.ReadDataFromSource(var VBuffer: TIdBytes): Integer;
  202. begin
  203. if PassThrough then begin
  204. Result := inherited ReadDataFromSource(VBuffer);
  205. end else begin
  206. Result := RecvEnc(VBuffer);
  207. end;
  208. end;
  209. function TIdSSLIOHandlerSocketBase.WriteDataToTarget(const ABuffer: TIdBytes;
  210. const AOffset, ALength: Integer): Integer;
  211. begin
  212. if PassThrough then begin
  213. Result := inherited WriteDataToTarget(ABuffer, AOffset, ALength);
  214. end else begin
  215. Result := SendEnc(ABuffer, AOffset, ALength);
  216. end;
  217. end;
  218. procedure TIdSSLIOHandlerSocketBase.SetPassThrough(const AValue: Boolean);
  219. begin
  220. fPassThrough := AValue;
  221. end;
  222. procedure TIdSSLIOHandlerSocketBase.SetURIToCheck(const AValue: String);
  223. begin
  224. FURIToCheck := AValue;
  225. end;
  226. { TIdServerIOHandlerSSLBase }
  227. function TIdServerIOHandlerSSLBase.MakeClientIOHandler(ATheThread:TIdYarn ): TIdIOHandler;
  228. begin
  229. Result := MakeClientIOHandler;
  230. end;
  231. { TIdSSLRegistry }
  232. {$I IdSymbolDeprecatedOff.inc}
  233. function TIdSSLRegistry.Add: TIdSSLRegEntry;
  234. begin
  235. Result := TIdSSLRegEntry( inherited Add );
  236. end;
  237. constructor TIdSSLRegistry.Create;
  238. begin
  239. inherited Create(TIdSSLRegEntry);
  240. end;
  241. function TIdSSLRegistry.GetItem(Index: Integer): TIdSSLRegEntry;
  242. begin
  243. Result := TIdSSLRegEntry ( inherited GetItem(Index) );
  244. end;
  245. procedure TIdSSLRegistry.SetItem(Index: Integer;
  246. const Value: TIdSSLRegEntry);
  247. begin
  248. inherited SetItem(Index,Value);
  249. end;
  250. initialization
  251. GSSLRegistry := TIdSSLRegistry.Create;
  252. finalization
  253. FreeAndNil(GSSLRegistry);
  254. end.