Added TLS support for API and many other TLS related changes.

src/base/net/https/HttpsClient.cpp

@@ -0,0 +1,204 @@
+/* XMRig
+ * Copyright 2010      Jeff Garzik <jgarzik@pobox.com>
+ * Copyright 2012-2014 pooler      <pooler@litecoinpool.org>
+ * Copyright 2014      Lucas Jones <https://github.com/lucasjones>
+ * Copyright 2014-2016 Wolf9466    <https://github.com/OhGodAPet>
+ * Copyright 2016      Jay D Dee   <jayddee246@gmail.com>
+ * Copyright 2017-2018 XMR-Stak    <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
+ * Copyright 2014-2019 heapwolf    <https://github.com/heapwolf>
+ * Copyright 2018-2020 SChernykh   <https://github.com/SChernykh>
+ * Copyright 2016-2020 XMRig       <https://github.com/xmrig>, <support@xmrig.com>
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <cassert>
+#include <openssl/ssl.h>
+#include <uv.h>
+
+
+#include "base/net/https/HttpsClient.h"
+#include "base/io/log/Log.h"
+#include "base/tools/Buffer.h"
+
+
+#ifdef _MSC_VER
+#   define strncasecmp(x,y,z) _strnicmp(x,y,z)
+#endif
+
+
+xmrig::HttpsClient::HttpsClient(FetchRequest &&req, const std::weak_ptr<IHttpListener> &listener) :
+    HttpClient(std::move(req), listener)
+{
+    m_ctx = SSL_CTX_new(SSLv23_method());
+    assert(m_ctx != nullptr);
+
+    if (!m_ctx) {
+        return;
+    }
+
+    m_write = BIO_new(BIO_s_mem());
+    m_read  = BIO_new(BIO_s_mem());
+    SSL_CTX_set_options(m_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+}
+
+
+xmrig::HttpsClient::~HttpsClient()
+{
+    if (m_ctx) {
+        SSL_CTX_free(m_ctx);
+    }
+
+    if (m_ssl) {
+        SSL_free(m_ssl);
+    }
+}
+
+
+const char *xmrig::HttpsClient::tlsFingerprint() const
+{
+    return m_ready ? m_fingerprint : nullptr;
+}
+
+
+const char *xmrig::HttpsClient::tlsVersion() const
+{
+    return m_ready ? SSL_get_version(m_ssl) : nullptr;
+}
+
+
+void xmrig::HttpsClient::handshake()
+{
+    m_ssl = SSL_new(m_ctx);
+    assert(m_ssl != nullptr);
+
+    if (!m_ssl) {
+        return;
+    }
+
+    SSL_set_connect_state(m_ssl);
+    SSL_set_bio(m_ssl, m_read, m_write);
+    SSL_set_tlsext_host_name(m_ssl, host());
+
+    SSL_do_handshake(m_ssl);
+
+    flush(false);
+}
+
+
+void xmrig::HttpsClient::read(const char *data, size_t size)
+{
+    BIO_write(m_read, data, size);
+
+    if (!SSL_is_init_finished(m_ssl)) {
+        const int rc = SSL_connect(m_ssl);
+
+        if (rc < 0 && SSL_get_error(m_ssl, rc) == SSL_ERROR_WANT_READ) {
+            flush(false);
+        } else if (rc == 1) {
+            X509 *cert = SSL_get_peer_certificate(m_ssl);
+            if (!verify(cert)) {
+                X509_free(cert);
+                return close(UV_EPROTO);
+            }
+
+            X509_free(cert);
+            m_ready = true;
+
+            HttpClient::handshake();
+      }
+
+      return;
+    }
+
+    static char buf[16384]{};
+
+    int rc = 0;
+    while ((rc = SSL_read(m_ssl, buf, sizeof(buf))) > 0) {
+        HttpClient::read(buf, static_cast<size_t>(rc));
+    }
+
+    if (rc == 0) {
+        close(UV_EOF);
+    }
+}
+
+
+void xmrig::HttpsClient::write(std::string &&data, bool close)
+{
+    const std::string body = std::move(data);
+    SSL_write(m_ssl, body.data(), body.size());
+
+    flush(close);
+}
+
+
+bool xmrig::HttpsClient::verify(X509 *cert)
+{
+    if (cert == nullptr) {
+        return false;
+    }
+
+    if (!verifyFingerprint(cert)) {
+        if (!isQuiet()) {
+            LOG_ERR("[%s:%d] Failed to verify server certificate fingerprint", host(), port());
+
+            if (strlen(m_fingerprint) == 64 && !req().fingerprint.isNull()) {
+                LOG_ERR("\"%s\" was given", m_fingerprint);
+                LOG_ERR("\"%s\" was configured", req().fingerprint.data());
+            }
+        }
+
+        return false;
+    }
+
+    return true;
+}
+
+
+bool xmrig::HttpsClient::verifyFingerprint(X509 *cert)
+{
+    const EVP_MD *digest = EVP_get_digestbyname("sha256");
+    if (digest == nullptr) {
+        return false;
+    }
+
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int dlen;
+
+    if (X509_digest(cert, digest, md, &dlen) != 1) {
+        return false;
+    }
+
+    Buffer::toHex(md, 32, m_fingerprint);
+
+    return req().fingerprint.isNull() || strncasecmp(m_fingerprint, req().fingerprint.data(), 64) == 0;
+}
+
+
+void xmrig::HttpsClient::flush(bool close)
+{
+    if (uv_is_writable(stream()) != 1) {
+        return;
+    }
+
+    char *data        = nullptr;
+    const size_t size = BIO_get_mem_data(m_write, &data);
+    std::string body(data, size);
+
+    (void) BIO_reset(m_write);
+
+    HttpContext::write(std::move(body), close);
+}

src/base/net/https/HttpsClient.h

@@ -0,0 +1,78 @@
+/* XMRig
+ * Copyright 2010      Jeff Garzik <jgarzik@pobox.com>
+ * Copyright 2012-2014 pooler      <pooler@litecoinpool.org>
+ * Copyright 2014      Lucas Jones <https://github.com/lucasjones>
+ * Copyright 2014-2016 Wolf9466    <https://github.com/OhGodAPet>
+ * Copyright 2016      Jay D Dee   <jayddee246@gmail.com>
+ * Copyright 2017-2018 XMR-Stak    <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
+ * Copyright 2014-2019 heapwolf    <https://github.com/heapwolf>
+ * Copyright 2018-2020 SChernykh   <https://github.com/SChernykh>
+ * Copyright 2016-2020 XMRig       <https://github.com/xmrig>, <support@xmrig.com>
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef XMRIG_HTTPSCLIENT_H
+#define XMRIG_HTTPSCLIENT_H
+
+
+using BIO       = struct bio_st;
+using SSL_CTX   = struct ssl_ctx_st;
+using SSL       = struct ssl_st;
+using X509      = struct x509_st;
+
+
+#include "base/net/http/HttpClient.h"
+#include "base/tools/String.h"
+
+
+namespace xmrig {
+
+
+class HttpsClient : public HttpClient
+{
+public:
+    XMRIG_DISABLE_COPY_MOVE_DEFAULT(HttpsClient)
+
+    HttpsClient(FetchRequest &&req, const std::weak_ptr<IHttpListener> &listener);
+    ~HttpsClient() override;
+
+    const char *tlsFingerprint() const override;
+    const char *tlsVersion() const override;
+
+protected:
+    void handshake() override;
+    void read(const char *data, size_t size) override;
+
+private:
+    void write(std::string &&data, bool close) override;
+
+    bool verify(X509 *cert);
+    bool verifyFingerprint(X509 *cert);
+    void flush(bool close);
+
+    BIO *m_read                         = nullptr;
+    BIO *m_write                        = nullptr;
+    bool m_ready                        = false;
+    char m_fingerprint[32 * 2 + 8]{};
+    SSL *m_ssl                          = nullptr;
+    SSL_CTX *m_ctx                      = nullptr;
+};
+
+
+} // namespace xmrig
+
+
+#endif // XMRIG_HTTPSCLIENT_H

src/base/net/https/HttpsContext.cpp

@@ -0,0 +1,99 @@
+/* XMRig
+ * Copyright 2018-2020 SChernykh   <https://github.com/SChernykh>
+ * Copyright 2016-2020 XMRig       <https://github.com/xmrig>, <support@xmrig.com>
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "base/net/https/HttpsContext.h"
+#include "3rdparty/http-parser/http_parser.h"
+#include "base/net/tls/TlsContext.h"
+
+
+#include <openssl/bio.h>
+#include <uv.h>
+
+
+xmrig::HttpsContext::HttpsContext(TlsContext *tls, const std::weak_ptr<IHttpListener> &listener) :
+    HttpContext(HTTP_REQUEST, listener),
+    ServerTls(tls ? tls->ctx() : nullptr)
+{
+    if (!tls) {
+        m_mode = TLS_OFF;
+    }
+}
+
+
+xmrig::HttpsContext::~HttpsContext() = default;
+
+
+void xmrig::HttpsContext::append(char *data, size_t size)
+{
+    if (m_mode == TLS_AUTO) {
+        m_mode = isTLS(data, size) ? TLS_ON : TLS_OFF;
+    }
+
+    if (m_mode == TLS_ON) {
+        read(data, size);
+    }
+    else {
+        parse(data, size);
+    }
+}
+
+
+bool xmrig::HttpsContext::write(BIO *bio)
+{
+    if (uv_is_writable(stream()) != 1) {
+        return false;
+    }
+
+    char *data        = nullptr;
+    const size_t size = BIO_get_mem_data(bio, &data);
+    std::string body(data, size);
+
+    (void) BIO_reset(bio);
+
+    HttpContext::write(std::move(body), m_close);
+
+    return true;
+}
+
+
+void xmrig::HttpsContext::parse(char *data, size_t size)
+{
+    if (HttpContext::parse(data, size) < size) {
+        close();
+    }
+}
+
+
+void xmrig::HttpsContext::shutdown()
+{
+    close();
+}
+
+
+void xmrig::HttpsContext::write(std::string &&data, bool close)
+{
+    m_close = close;
+
+    if (m_mode == TLS_ON) {
+        send(data.data(), data.size());
+    }
+    else {
+        HttpContext::write(std::move(data), close);
+    }
+}

src/base/net/https/HttpsContext.h

@@ -0,0 +1,73 @@
+/* XMRig
+ * Copyright 2018-2020 SChernykh   <https://github.com/SChernykh>
+ * Copyright 2016-2020 XMRig       <https://github.com/xmrig>, <support@xmrig.com>
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef XMRIG_HTTPSCONTEXT_H
+#define XMRIG_HTTPSCONTEXT_H
+
+
+using BIO = struct bio_st;
+using SSL = struct ssl_st;
+
+
+#include "base/net/http/HttpContext.h"
+#include "base/net/tls/ServerTls.h"
+
+
+namespace xmrig {
+
+
+class TlsContext;
+
+
+class HttpsContext : public HttpContext, public ServerTls
+{
+public:
+    XMRIG_DISABLE_COPY_MOVE_DEFAULT(HttpsContext)
+
+    HttpsContext(TlsContext *tls, const std::weak_ptr<IHttpListener> &listener);
+    ~HttpsContext() override;
+
+    void append(char *data, size_t size);
+
+protected:
+    // ServerTls
+    bool write(BIO *bio) override;
+    void parse(char *data, size_t size) override;
+    void shutdown() override;
+
+    // HttpContext
+    void write(std::string &&data, bool close) override;
+
+private:
+    enum TlsMode : uint32_t {
+      TLS_AUTO,
+      TLS_OFF,
+      TLS_ON
+    };
+
+    bool m_close    = false;
+    TlsMode m_mode  = TLS_AUTO;
+};
+
+
+} // namespace xmrig
+
+
+#endif // XMRIG_HTTPSCONTEXT_H
+

src/base/net/https/HttpsServer.cpp

@@ -0,0 +1,81 @@
+/* XMRig
+ * Copyright 2018-2020 SChernykh   <https://github.com/SChernykh>
+ * Copyright 2016-2020 XMRig       <https://github.com/xmrig>, <support@xmrig.com>
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <functional>
+#include <uv.h>
+
+
+#include "base/net/https/HttpsServer.h"
+#include "3rdparty/http-parser/http_parser.h"
+#include "base/kernel/interfaces/IHttpListener.h"
+#include "base/net/http/HttpResponse.h"
+#include "base/net/https/HttpsContext.h"
+#include "base/net/tls/TlsConfig.h"
+#include "base/net/tls/TlsContext.h"
+
+
+xmrig::HttpsServer::HttpsServer(const std::shared_ptr<IHttpListener> &listener) :
+    m_listener(listener)
+{
+}
+
+
+xmrig::HttpsServer::~HttpsServer()
+{
+    HttpContext::closeAll();
+
+    delete m_tls;
+}
+
+
+bool xmrig::HttpsServer::setTls(const TlsConfig &config)
+{
+    m_tls = TlsContext::create(config);
+
+    return m_tls != nullptr;
+}
+
+
+void xmrig::HttpsServer::onConnection(uv_stream_t *stream, uint16_t)
+{
+    auto ctx = new HttpsContext(m_tls, m_listener);
+    uv_accept(stream, ctx->stream());
+
+    uv_read_start(ctx->stream(),
+        [](uv_handle_t *, size_t suggested_size, uv_buf_t *buf)
+        {
+            buf->base = new char[suggested_size];
+            buf->len  = suggested_size;
+        },
+        onRead);
+}
+
+
+void xmrig::HttpsServer::onRead(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf)
+{
+    auto ctx = static_cast<HttpsContext*>(stream->data);
+    if (nread >= 0) {
+        ctx->append(buf->base, static_cast<size_t>(nread));
+    }
+    else {
+        ctx->close();
+    }
+
+    delete [] buf->base;
+}

src/base/net/https/HttpsServer.h

@@ -0,0 +1,72 @@
+/* XMRig
+ * Copyright 2018-2020 SChernykh   <https://github.com/SChernykh>
+ * Copyright 2016-2020 XMRig       <https://github.com/xmrig>, <support@xmrig.com>
+ *
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef XMRIG_HTTPSSERVER_H
+#define XMRIG_HTTPSSERVER_H
+
+
+using uv_tcp_t  = struct uv_tcp_s;
+
+struct http_parser;
+struct http_parser_settings;
+struct uv_buf_t;
+
+
+#include "base/kernel/interfaces/ITcpServerListener.h"
+#include "base/tools/Object.h"
+
+
+#include <memory>
+
+
+namespace xmrig {
+
+
+class IHttpListener;
+class TlsContext;
+class TlsConfig;
+
+
+class HttpsServer : public ITcpServerListener
+{
+public:
+    XMRIG_DISABLE_COPY_MOVE_DEFAULT(HttpsServer)
+
+    HttpsServer(const std::shared_ptr<IHttpListener> &listener);
+    ~HttpsServer() override;
+
+    bool setTls(const TlsConfig &config);
+
+protected:
+    void onConnection(uv_stream_t *stream, uint16_t port) override;
+
+private:
+    static void onRead(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf);
+
+    std::weak_ptr<IHttpListener> m_listener;
+    TlsContext *m_tls   = nullptr;
+    uv_tcp_t *m_tcp     = nullptr;
+};
+
+
+} // namespace xmrig
+
+
+#endif // XMRIG_HTTPSSERVER_H
+