PageRenderTime 39ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/indra/newview/llsecapi.cpp

https://bitbucket.org/lindenlab/viewer-beta/
C++ | 192 lines | 126 code | 22 blank | 44 comment | 14 complexity | 602a363e7cb8c65777542bc7520d1fee MD5 | raw file
Possible License(s): LGPL-2.1
  1. /**
  2. * @file llsecapi.cpp
  3. * @brief Security API for services such as certificate handling
  4. * secure local storage, etc.
  5. *
  6. * $LicenseInfo:firstyear=2009&license=viewerlgpl$
  7. * Second Life Viewer Source Code
  8. * Copyright (C) 2010, Linden Research, Inc.
  9. *
  10. * This library is free software; you can redistribute it and/or
  11. * modify it under the terms of the GNU Lesser General Public
  12. * License as published by the Free Software Foundation;
  13. * version 2.1 of the License only.
  14. *
  15. * This library is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  18. * Lesser General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Lesser General Public
  21. * License along with this library; if not, write to the Free Software
  22. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  23. *
  24. * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA
  25. * $/LicenseInfo$
  26. */
  27. #include "llviewerprecompiledheaders.h"
  28. #include "llsecapi.h"
  29. #include "llsechandler_basic.h"
  30. #include <openssl/evp.h>
  31. #include <openssl/err.h>
  32. #include <map>
  33. #include "llhttpclient.h"
  34. std::map<std::string, LLPointer<LLSecAPIHandler> > gHandlerMap;
  35. LLPointer<LLSecAPIHandler> gSecAPIHandler;
  36. void initializeSecHandler()
  37. {
  38. ERR_load_crypto_strings();
  39. OpenSSL_add_all_algorithms();
  40. gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler();
  41. // Currently, we only have the Basic handler, so we can point the main sechandler
  42. // pointer to the basic handler. Later, we'll create a wrapper handler that
  43. // selects the appropriate sechandler as needed, for instance choosing the
  44. // mac keyring handler, with fallback to the basic sechandler
  45. gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER];
  46. // initialize all SecAPIHandlers
  47. std::string exception_msg;
  48. std::map<std::string, LLPointer<LLSecAPIHandler> >::const_iterator itr;
  49. for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr)
  50. {
  51. LLPointer<LLSecAPIHandler> handler = (*itr).second;
  52. try
  53. {
  54. handler->init();
  55. }
  56. catch (LLProtectedDataException e)
  57. {
  58. exception_msg = e.getMessage();
  59. }
  60. }
  61. if (!exception_msg.empty()) // an exception was thrown.
  62. {
  63. throw LLProtectedDataException(exception_msg.c_str());
  64. }
  65. }
  66. // start using a given security api handler. If the string is empty
  67. // the default is used
  68. LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type)
  69. {
  70. if (gHandlerMap.find(handler_type) != gHandlerMap.end())
  71. {
  72. return gHandlerMap[handler_type];
  73. }
  74. else
  75. {
  76. return LLPointer<LLSecAPIHandler>(NULL);
  77. }
  78. }
  79. // register a handler
  80. void registerSecHandler(const std::string& handler_type,
  81. LLPointer<LLSecAPIHandler>& handler)
  82. {
  83. gHandlerMap[handler_type] = handler;
  84. }
  85. std::ostream& operator <<(std::ostream& s, const LLCredential& cred)
  86. {
  87. return s << (std::string)cred;
  88. }
  89. // secapiSSLCertVerifyCallback
  90. // basic callback called when a cert verification is requested.
  91. // calls SECAPI to validate the context
  92. // not initialized in the above initialization function, due to unit tests
  93. // see llappviewer
  94. int secapiSSLCertVerifyCallback(X509_STORE_CTX *ctx, void *param)
  95. {
  96. LLURLRequest *req = (LLURLRequest *)param;
  97. LLPointer<LLCertificateStore> store = gSecAPIHandler->getCertificateStore("");
  98. LLPointer<LLCertificateChain> chain = gSecAPIHandler->getCertificateChain(ctx);
  99. LLSD validation_params = LLSD::emptyMap();
  100. LLURI uri(req->getURL());
  101. validation_params[CERT_HOSTNAME] = uri.hostName();
  102. try
  103. {
  104. // we rely on libcurl to validate the hostname, as libcurl does more extensive validation
  105. // leaving our hostname validation call mechanism for future additions with respect to
  106. // OS native (Mac keyring, windows CAPI) validation.
  107. store->validate(VALIDATION_POLICY_SSL & (~VALIDATION_POLICY_HOSTNAME), chain, validation_params);
  108. }
  109. catch (LLCertValidationTrustException& cert_exception)
  110. {
  111. LL_WARNS("AppInit") << "Cert not trusted: " << cert_exception.getMessage() << LL_ENDL;
  112. return 0;
  113. }
  114. catch (LLCertException& cert_exception)
  115. {
  116. LL_WARNS("AppInit") << "cert error " << cert_exception.getMessage() << LL_ENDL;
  117. return 0;
  118. }
  119. catch (...)
  120. {
  121. LL_WARNS("AppInit") << "cert error " << LL_ENDL;
  122. return 0;
  123. }
  124. return 1;
  125. }
  126. LLSD LLCredential::getLoginParams()
  127. {
  128. LLSD result = LLSD::emptyMap();
  129. try
  130. {
  131. if (mIdentifier["type"].asString() == "agent")
  132. {
  133. // legacy credential
  134. result["passwd"] = "$1$" + mAuthenticator["secret"].asString();
  135. result["first"] = mIdentifier["first_name"];
  136. result["last"] = mIdentifier["last_name"];
  137. }
  138. else if (mIdentifier["type"].asString() == "account")
  139. {
  140. result["username"] = mIdentifier["account_name"];
  141. result["passwd"] = mAuthenticator["secret"];
  142. }
  143. }
  144. catch (...)
  145. {
  146. // we could have corrupt data, so simply return a null login param if so
  147. LL_WARNS("AppInit") << "Invalid credential" << LL_ENDL;
  148. }
  149. return result;
  150. }
  151. void LLCredential::identifierType(std::string &idType)
  152. {
  153. if(mIdentifier.has("type"))
  154. {
  155. idType = mIdentifier["type"].asString();
  156. }
  157. else {
  158. idType = std::string();
  159. }
  160. }
  161. void LLCredential::authenticatorType(std::string &idType)
  162. {
  163. if(mAuthenticator.has("type"))
  164. {
  165. idType = mAuthenticator["type"].asString();
  166. }
  167. else {
  168. idType = std::string();
  169. }
  170. }