-
Notifications
You must be signed in to change notification settings - Fork 13
/
ssl.lua
246 lines (188 loc) · 5.19 KB
/
ssl.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
-- SPDX-License-Identifier: MIT
-- Author: Jianhui Zhao <[email protected]>
local socket = require 'eco.socket'
local ssl = require 'eco.core.ssl'
local bufio = require 'eco.bufio'
local file = require 'eco.file'
local M = {}
local function set_ssl_opt(ctx, options)
local ca = options.ca
local cert = options.cert
local key = options.key
if ca and not ctx:load_ca_cert_file(ca) then
return nil, 'load ca file fail'
end
if cert and not ctx:load_cert_file(cert) then
return nil, 'load cert file fail'
end
if key and not ctx:load_key_file(key) then
return nil, 'load key file fail'
end
return true
end
local cli_methods = {}
function cli_methods:set_server_name(name)
return self.ssock:set_server_name(name)
end
function cli_methods:send(data)
return self.ssock:send(data)
end
function cli_methods:write(data)
return self:send(data)
end
function cli_methods:sendfile(path, len, offset)
local fd, err = file.open(path)
if not fd then
return nil, err
end
if offset then
file.lseek(fd, offset, file.SEEK_SET)
end
local b = bufio.new(fd)
local chunk = 4096
local sent = 0
local data
while len > 0 do
data, err = b:read(chunk > len and len or chunk)
if not data then
break
end
_, err = self:send(data)
if err then
break
end
sent = sent + #data
len = len - #data
end
file.close(fd)
if not err or err == 'eof' then
return sent
end
return nil, err
end
--[[
Reads according to the given pattern, which specify what to read.
In case of success, it returns the data received; in case of error, it returns
nil with a string describing the error.
The available pattern are:
'a': reads the whole file or reads from socket until the connection closed.
'l': reads the next line skipping the end of line character.
'L': reads the next line keeping the end-of-line character (if present).
number: reads a string with up to this number of bytes.
--]]
function cli_methods:recv(pattern, timeout)
return self.b:read(pattern, timeout)
end
function cli_methods:read(pattern, timeout)
return self:recv(pattern, timeout)
end
function cli_methods:recvfull(n, timeout)
return self.b:readfull(n, timeout)
end
function cli_methods:readfull(n, timeout)
return self:recvfull(n, timeout)
end
function cli_methods:peek(n, timeout)
return self.b:peek(n, timeout)
end
function cli_methods:recvuntil(pattern, timeout)
return self.b:readuntil(pattern, timeout)
end
function cli_methods:readuntil(pattern, timeout)
return self:recvuntil(pattern, timeout)
end
function cli_methods:discard(n, timeout)
return self.b:discard(n, timeout)
end
function cli_methods:close()
self.ssock:free()
if not self.keep_ctx and self.ctx then
self.ctx:free()
end
self.sock:close()
end
local cli_metatable = {
__index = cli_methods,
__gc = cli_methods.close
}
local srv_methods = {}
function srv_methods:close()
self.ctx:free()
self.sock:close()
end
local function create_ssl_client(sock, ssock, ctx, keep_ctx)
local b = bufio.new(
sock:getfd(), {
eof_error = 'closed',
fill = ssl.bufio_fill,
ctx = ssock:pointer()
})
return setmetatable({ ctx = ctx, sock = sock, ssock = ssock, b = b, keep_ctx = keep_ctx }, cli_metatable)
end
function srv_methods:accept()
local sock, peer = self.sock:accept()
if not sock then
return nil, peer
end
local ssock = self.ctx:new(sock:getfd(), self.insecure)
local ok, err = ssock:handshake()
if not ok then
ssock:free()
sock:close()
return nil, err
end
return create_ssl_client(sock, ssock, nil), peer
end
local srv_metatable = {
__index = srv_methods,
__gc = srv_methods.close
}
function M.listen(ipaddr, port, options)
options = options or {}
local sock, err = socket.listen_tcp(ipaddr, port, options)
if not sock then
return nil, err
end
sock.b = nil
local ctx = ssl.context(true)
local ok, err = set_ssl_opt(ctx, options)
if not ok then
sock:close()
ctx:free()
return nil, err
end
return setmetatable({ ctx = ctx, sock = sock, insecure = options.insecure }, srv_metatable)
end
function M.connect(ipaddr, port, options)
options = options or {}
local sock, err = socket.connect_tcp(ipaddr, port, options)
if not sock then
return nil, err
end
sock.b = nil
local ctx = options.ctx
local keep_ctx = false
if not ctx then
ctx = ssl.context()
local ok, err = set_ssl_opt(ctx, options or {})
if not ok then
sock:close()
ctx:free()
return nil, err
end
else
keep_ctx = true
end
local ssock = ctx:new(sock:getfd(), options.insecure)
local ok, err = ssock:handshake()
if not ok then
ssock:free()
if not keep_ctx then
ctx:free()
end
sock:close()
return nil, err
end
return create_ssl_client(sock, ssock, ctx, keep_ctx)
end
return setmetatable(M, { __index = ssl })