TcpSocket.h

Go to the documentation of this file.

/* Copyright 2013-2019 Homegear GmbH
 *
 * libhomegear-base is free software: you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * libhomegear-base is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with libhomegear-base.  If not, see
 * <http://www.gnu.org/licenses/>.
 *
 * In addition, as a special exception, the copyright holders give
 * permission to link the code of portions of this program with the
 * OpenSSL library under certain conditions as described in each
 * individual source file, and distribute linked combinations
 * including the two.
 * You must obey the GNU Lesser General Public License in all respects
 * for all of the code used other than OpenSSL.  If you modify
 * file(s) with this exception, you may extend this exception to your
 * version of the file(s), but you are not obligated to do so.  If you
 * do not wish to do so, delete this exception statement from your
 * version.  If you delete this exception statement from all source
 * files in the program, then also delete it here.
*/

#ifndef TCPSOCKETOPERATIONS_H_
#define TCPSOCKETOPERATIONS_H_

#include "SocketExceptions.h"
#include "../Managers/FileDescriptorManager.h"
#include "../IQueue.h"
#include "../Encoding/BinaryRpc.h"

#include <thread>
#include <string>
#include <vector>
#include <list>
#include <iterator>
#include <mutex>
#include <memory>
#include <map>
#include <unordered_map>
#include <utility>
#include <cstring>
#include <atomic>
#include <functional>

#include <fcntl.h>
#include <unistd.h>
#include <cstring>
#include <arpa/inet.h>
#include <netinet/tcp.h>
#include <netinet/in.h> //Needed for BSD
#include <netdb.h>
#include <sys/socket.h>
#include <sys/epoll.h>
#include <sys/un.h>
#include <errno.h>
#include <poll.h>
#include <signal.h>

#include <gnutls/x509.h>
#include <gnutls/gnutls.h>
#include <queue>

namespace BaseLib {

namespace Security {
template<typename T>
class SecureVector;
}

class SharedObjects;

class TcpSocket : public IQueue {
 public:
  class CertificateCredentials {
   private:
    gnutls_certificate_credentials_t _credentials = nullptr;
    //"Note that only a pointer to the parameters are stored in the certificate handle, so you must not deallocate the parameters before the certificate is deallocated."
    gnutls_dh_params_t _dhParams = nullptr;
   public:
    CertificateCredentials(gnutls_certificate_credentials_t credentials, gnutls_datum_t dhParams);
    ~CertificateCredentials();
    gnutls_certificate_credentials_t get();
  };

  typedef std::vector<uint8_t> TcpPacket;

  struct TcpClientData {
    int32_t thread_index = -1;
    int32_t id = 0;
    PFileDescriptor fileDescriptor;
    std::vector<uint8_t> buffer;
    std::shared_ptr<TcpSocket> socket;
    std::unordered_map<std::string, std::shared_ptr<CertificateCredentials>> certificateCredentials;
    std::string clientCertDn;
    std::string clientCertSerial;
    int64_t clientCertExpiration = -1;
    std::mutex backlogMutex;
    bool busy = false;
    std::queue<std::shared_ptr<TcpPacket>> backlog;

    TcpClientData() {
      buffer.resize(4096);
    }
  };
  typedef std::shared_ptr<TcpClientData> PTcpClientData;

  class QueueEntry : public BaseLib::IQueueEntry {
   public:
    QueueEntry() = default;

    explicit QueueEntry(const PTcpClientData &clientData) {
      this->clientData = clientData;
    }

    ~QueueEntry() override = default;

    PTcpClientData clientData;
  };

  struct CertificateInfo {
    std::string certFile;
    std::string certData;
    std::string keyFile;
    std::shared_ptr<Security::SecureVector<uint8_t>> keyData;
    std::string caFile; //For client certificate verification
    std::string caData; //For client certificate verification
  };
  typedef std::shared_ptr<CertificateInfo> PCertificateInfo;

  struct TcpServerInfo {
    bool useSsl = false;
    uint32_t connectionBacklogSize = 100;
    uint32_t maxConnections = 10;
    uint32_t serverThreads = 1;
    std::unordered_map<std::string, PCertificateInfo> certificates;
    std::string dhParamFile;
    std::string dhParamData;
    bool requireClientCert = false;
    std::function<void(int32_t clientId, std::string address, uint16_t port)> newConnectionCallback;
    std::function<void(int32_t clientId)> connectionClosedCallback;
    std::function<void(int32_t clientId, int32_t errorCode, const std::string &errorString)> connectionClosedCallbackEx;
    std::function<void(int32_t clientId, TcpPacket &packet)> packetReceivedCallback;
  };

  // {{{ TCP server or client
  explicit TcpSocket(BaseLib::SharedObjects *baseLib);

  TcpSocket(BaseLib::SharedObjects *baseLib, std::shared_ptr<FileDescriptor> socketDescriptor);
  // }}}

  // {{{ TCP client
  TcpSocket(BaseLib::SharedObjects *baseLib, std::string hostname, std::string port);

  TcpSocket(BaseLib::SharedObjects *baseLib, std::string hostname, std::string port, bool useSsl, std::string caFile, bool verifyCertificate);

  TcpSocket(BaseLib::SharedObjects *baseLib, std::string hostname, std::string port, bool useSsl, bool verifyCertificate, std::string caData);

  TcpSocket(BaseLib::SharedObjects *baseLib, std::string hostname, std::string port, bool useSsl, std::string caFile, bool verifyCertificate, std::string clientCertFile, std::string clientKeyFile);

  TcpSocket(BaseLib::SharedObjects *baseLib, std::string hostname, std::string port, bool useSsl, bool verifyCertificate, std::string caData, std::string clientCertData, const std::shared_ptr<Security::SecureVector<uint8_t>> &clientKeyData);

  TcpSocket(BaseLib::SharedObjects *baseLib,
            std::string hostname,
            std::string port,
            bool useSsl,
            bool verifyCertificate,
            std::string caFile,
            std::string caData,
            std::string clientCertFile,
            std::string clientCertData,
            std::string clientKeyFile,
            const std::shared_ptr<Security::SecureVector<uint8_t>> &);
  // }}}

  // {{{ TCP server
  TcpSocket(BaseLib::SharedObjects *baseLib, TcpServerInfo &serverInfo);
  // }}}

  virtual ~TcpSocket();

  static PFileDescriptor bindAndReturnSocket(FileDescriptorManager &fileDescriptorManager, const std::string &address, const std::string &port, uint32_t connectionBacklogSize, std::string &listenAddress, int32_t &listenPort);

  PFileDescriptor getFileDescriptor();
  std::string getIpAddress();
  int32_t getPort() { return _boundListenPort; }
  bool getRequireClientCert() { return _requireClientCert; }
  void setConnectionRetries(int32_t retries) { _connectionRetries = retries; }
  void setReadTimeout(int64_t timeout) { _readTimeout = timeout; }
  void setWriteTimeout(int64_t timeout) { _writeTimeout = timeout; }
  void setAutoConnect(bool autoConnect) { _autoConnect = autoConnect; }
  void setHostname(std::string hostname) {
    close();
    _hostname = hostname;
  }
  void setPort(std::string port) {
    close();
    _port = port;
  }
  void setUseSSL(bool useSsl) {
    if (!_isServer) {
      close();
      _useSsl = useSsl;
      if (_useSsl) initSsl();
    }
  }
  void setCertificates(std::unordered_map<std::string, PCertificateInfo> &certificates);
  void reloadCertificates();
  void setVerifyCertificate(bool verifyCertificate) {
    close();
    _verifyCertificate = verifyCertificate;
  }
  void setVerifyHostname(bool verifyHostname) {
    close();
    _verifyHostname = verifyHostname;
  }

  void setVerificationHostname(const std::string &hostname) {
    close();
    _verificationHostname = hostname;
  }
  std::unordered_map<std::string, std::shared_ptr<CertificateCredentials>> getCredentials() { return _certificateCredentials; }

  bool connected();

  double GetPacketsPerMinuteReceived();
  double GetPacketsPerMinuteSent();

  double GetServerThreadLoad();

  double GetProcessingThreadLoad();

  double GetProcessingThreadLoadMax();

  int32_t proofread(char *buffer, int32_t bufferSize);

  int32_t proofread(char *buffer, int32_t bufferSize, bool &moreData, bool skip_poll = false);

  int32_t proofwrite(const std::shared_ptr<std::vector<char>> &data);

  int32_t proofwrite(const std::vector<char> &data);

  int32_t proofwrite(const std::string &data);

  int32_t proofwrite(const char *buffer, int32_t bytesToWrite);

  void open();
  void close();

  // {{{ Servers only
  void bindServerSocket(std::string address, std::string port, std::string &listenAddress);

  void startPreboundServer(std::string &listenAddress, size_t processingThreads = 0);

  void startServer(std::string address, std::string port, std::string &listenAddress, size_t processingThreads = 0);

  void startServer(std::string address, std::string &listenAddress, int32_t &listenPort, size_t processingThreads = 0);

  void stopServer();

  void waitForServerStopped();

  bool sendToClient(int32_t clientId, const TcpPacket &packet, bool closeConnection = false);

  bool sendToClient(int32_t clientId, const std::vector<char> &packet, bool closeConnection = false);

  void closeClientConnection(int32_t clientId);

  int32_t clientCount();

  uint32_t processingQueueSize();

  std::string getClientCertDn(int32_t clientId);

  std::string getClientCertSerial(int32_t clientId);

  int64_t getClientCertExpiration(int32_t clientId);
  // }}}
 protected:
  struct AverageMeanData {
    AverageMeanData() = default;
    AverageMeanData(const AverageMeanData &data) {}
    std::atomic<int64_t> last_measurement{0};
    std::atomic<double> last_output{0.0};
  };

  BaseLib::SharedObjects *_bl = nullptr;
  int32_t _connectionRetries = 3;
  int64_t _readTimeout = 15000000;
  int64_t _writeTimeout = 15000000;
  std::atomic_bool _connecting;
  bool _autoConnect = true;
  std::string _ipAddress;
  std::string _hostname;
  std::string _verificationHostname;
  std::string _port;
  std::mutex _readMutex;
  std::mutex _writeMutex;
  std::unordered_map<std::string, PCertificateInfo> _certificates;
  bool _verifyCertificate = true;
  bool _verifyHostname = true;

  // {{{ For server only
  bool _isServer = false;
  uint32_t _backlogSize = 100;
  uint32_t _maxConnections = 10;
  std::string _dhParamFile;
  std::string _dhParamData;
  bool _requireClientCert = false;
  std::atomic<uint32_t> server_threads_in_use_{0};
  std::vector<AverageMeanData> average_packets_per_minute_received_;
  std::vector<AverageMeanData> average_packets_per_minute_sent_;
  std::function<void(int32_t clientId, std::string address, uint16_t port)> _newConnectionCallback;
  std::function<void(int32_t clientId)> _connectionClosedCallback;
  std::function<void(int32_t clientId, int32_t errorCode, const std::string &errorString)> _connectionClosedCallbackEx;
  std::function<void(int32_t clientId, TcpPacket &packet)> _packetReceivedCallback;

  std::string _listenAddress;
  std::string _listenPort;
  int32_t _boundListenPort = -1;

  gnutls_priority_t _tlsPriorityCache = nullptr;

  std::atomic_bool _stopServer;
  std::vector<std::thread> server_threads_;

  int64_t _lastGarbageCollection = 0;

  std::mutex _clientsMutex;
  std::map<int32_t, PTcpClientData> _clients;
  // }}}

  std::mutex _socketDescriptorMutex;
  PFileDescriptor _socketDescriptor;
  bool _useSsl = false;
  std::mutex _certificateCredentialsMutex;
  std::shared_ptr<CertificateCredentials> _currentClientCertificateCredentials;
  std::unordered_map<std::string, std::shared_ptr<CertificateCredentials>> _certificateCredentials;

  void getSocketDescriptor();
  void getConnection();
  void getSsl();
  void initSsl();
  void initTlsPriorityCache();
  void autoConnect();

  // {{{ For server only
  void bindSocket();

  void serverThread(uint32_t thread_index);
  void processQueueEntry(int32_t index, std::shared_ptr<BaseLib::IQueueEntry> &entry) override;
  void collectGarbage();
  void collectGarbage(std::unordered_map<int32_t, PTcpClientData> &clients);
  void initClientSsl(PTcpClientData &clientData);
  void readClient(const PTcpClientData &client_data, std::unordered_map<int32_t, PTcpClientData> &backlog_clients);
  // }}}
};

typedef std::shared_ptr<BaseLib::TcpSocket> PTcpSocket;

}
#endif