File:  [LON-CAPA] / loncom / lonssl.pm
Revision 1.2: download - view: text, annotated - select for diffs
Wed May 26 11:12:58 2004 UTC (19 years, 10 months ago) by foxr
Branches: MAIN
CVS tags: HEAD
Add coded versions of:

     PromoteClientSocket
     PromoteServerSocket
     Close

Who knows if I commit often enough, maybe I'll win!!

#
# $Id: lonssl.pm,v 1.2 2004/05/26 11:12:58 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#

#  lonssl.pm
#    This file contains common functions used by lond and lonc when 
#    negotiating the exchange of the session encryption key via an 
#    SSL tunnel.
#     See the POD sections and function documentation for more information.
#

use strict;
use IO::Socket::INET;
use IO::Socket::SSL;


#--------------------------------------------------------------------------
#
# Name	PromoteClientSocket
# Description	Given an ordinary IO::Socket::INET Creates an SSL socket 
#               for a client that is connected to the same server.
# Parameters	Name	Type	           Description
#               Socket	IO::Socket::INET   Original ordinary socket.
#               CACert	string	           Full path name to the certificate 
#                                          authority certificate file.
#                MyCert	string	           Full path name to the certificate 
#                                          issued to this host.
#                KeyFile string    	   Full pathname to the host's private 
#                                          key file for the certificate.
# Returns
#	-	Reference to an SSL socket on success
#       -	undef on failure.  Reason for failure can be interrogated from 
#               IO::Socket::SSL

sub PromoteClientSocket {
  my $PlaintextSocket    = shift;
  my $CACert             = shift;
  my $MyCert             = shift;
  my $KeyFile            = shift;

  # To create the ssl socket we need to duplicate the existing
  # socket.  Otherwise closing the ssl socket will close the plaintext socket
  # too:

  open (DUPLICATE, "+>$PlaintextSocket");

  my $client = IO::Socket::SSL->new_from_fd(fileno(DUPLICATE),
					    SSL_user_cert => 1,
					    SSL_key_file  => $KeyFile,
					    SSL_cert_file => $MyCert,
					    SSL_ca_fie    => $$CACert);

  return $client;		# Undef if the client negotiation fails.
}

#----------------------------------------------------------------------
# Name	PromoteServerSocket
# Description	Given an ordinary IO::Socket::INET Creates an SSL socket 
#               for a server that is connected to the same client.l
# Parameters	Name	Type	           Description
#               Socket	IO::Socket::INET   Original ordinary socket.
#               CACert	string	           Full path name to the certificate 
#                                          authority certificate file.
#                MyCert	string	           Full path name to the certificate 
#                                          issued to this host.
#                KeyFile string    	   Full pathname to the host's private 
#                                          key file for the certificate.
# Returns
#	-	Reference to an SSL socket on success
#       -	undef on failure.  Reason for failure can be interrogated from 
#               IO::Socket::SSL
sub PromoteServerSocket 
{
  my $PlaintextSocket    = shift;
  my $CACert             = shift;
  my $MyCert             = shift;
  my $KeyFile            = shift;


  # To create the ssl socket we need to duplicate the existing
  # socket.  Otherwise closing the ssl socket will close the plaintext socket
  # too:

  open (DUPLICATE, "+>$PlaintextSocket");

  my $client = IO::Socket::SSL->new_from_fd(fileno(DUPLICATE),
					    SSL_server    => 1, # Server role.
					    SSL_user_cert => 1,
					    SSL_key_file  => $KeyFile,
					    SSL_cert_file => $MyCert,
					    SSL_ca_fie    => $$CACert);
  return $client;
}

#-------------------------------------------------------------------------
#
# Name: Close
# Description: Properly closes an ssl client or ssl server socket in
#              a way that keeps the parent socket open.
# Parameters:  Name      Type            Description
#              Socket   IO::Socket::SSL  SSL Socket gotten from either
#                                        PromoteClientSocket or 
#                                        PromoteServerSocket
# Returns:
#   NONE
#
sub Close {
  my $Socket = shift;

  $Socket->close(SSL_no_shutdown =>1); # Otherwise the parent socket 
                                       # gets torn down.
}


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>