acl/lib_acl_cpp/samples/ssl/server/main.cpp

// main.cpp : <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̨Ӧ<CCA8>ó<EFBFBD><C3B3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڵ㡣
//
#include "stdafx.h"
#include <assert.h>
#include "lib_acl.h"
#include "acl_cpp/lib_acl.hpp"

class echo_thread : public acl::thread {
public:
	echo_thread(acl::sslbase_conf& ssl_conf, acl::socket_stream* conn)
	: ssl_conf_(ssl_conf), conn_(conn) {}

private:
	acl::sslbase_conf&  ssl_conf_;
	acl::socket_stream* conn_;

	~echo_thread(void) { delete conn_; }

	// @override
	void* run(void) {
		conn_->set_rw_timeout(60);

		// <20><> socket <20><>װ SSL IO <20><><EFBFBD><EFBFBD>
		if (!setup_ssl()) {
			return NULL;
		}

		do_echo();

		delete this;
		return NULL;
	}

	bool setup_ssl(void) {
		bool non_block = false;
		acl::sslbase_io* ssl = ssl_conf_.create(non_block);

		// <20><><EFBFBD><EFBFBD>ʹ<EFBFBD><CAB9> SSL <20><>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA> SSL IO <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
		// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD> ssl io <20>滻 stream <20><>Ĭ<EFBFBD>ϵĵײ<C4B5> IO <20><><EFBFBD><EFBFBD>
		if (conn_->setup_hook(ssl) == ssl) {
			printf("setup ssl IO hook error!\r\n");
			ssl->destroy();
			return false;
		}

		printf("ssl handshake ok!\r\n");
		return true;
	}

	void do_echo(void) {
		char buf[4096];

		while (true) {
			int ret = conn_->read(buf, sizeof(buf), false);
			if (ret == -1) {
				break;
			}
			if (conn_->write(buf, ret) == -1) {
				break;
			}
		}
	}
};

static void start_server(const acl::string addr, acl::sslbase_conf& ssl_conf) {
	acl::server_socket ss;
	if (!ss.open(addr)) {
		printf("listen %s error %s\r\n", addr.c_str(), acl::last_serror());
		return;
	}

	while (true) {
		acl::socket_stream* conn = ss.accept();
		if (conn == NULL) {
			printf("accept error %s\r\n", acl::last_serror());
			break;
		}
		acl::thread* thr = new echo_thread(ssl_conf, conn);
		thr->set_detachable(true);
		thr->start();
	}
}

static bool ssl_init(const acl::string& ssl_crt, const acl::string& ssl_key,
	acl::sslbase_conf& ssl_conf) {

	ssl_conf.enable_cache(true);

	// <20><><EFBFBD><EFBFBD> SSL ֤<>鼰֤<E9BCB0><D6A4>˽Կ
	if (!ssl_conf.add_cert(ssl_crt, ssl_key)) {
		printf("add ssl crt=%s error\r\n", ssl_crt.c_str());
		return false;
	}

	return true;
}

static void usage(const char* procname) {
	printf("usage: %s -h [help]\r\n"
		" -s listen_addr[default: 0.0.0.0|1443\r\n"
		" -t ssl_type[openssl|mbedtls, default: openssl]\r\n"
		" -L ssl_libs_path\r\n"
		" -c ssl_crt[default: ../ssl_crt.pem]\r\n"
		" -k ssl_key[default: ../ssl_key.pem\r\n"
		, procname);
}

int main(int argc, char* argv[]) {
	acl::string addr     = "0.0.0.0|1443";
	acl::string ssl_crt  = "../ssl_crt.pem", ssl_key = "../ssl_key.pem";
	acl::string ssl_type = "openssl";
	acl::string ssl_libs;

	int ch;
	while ((ch = getopt(argc, argv, "hs:t:L:c:k:")) > 0) {
		switch (ch) {
		case 'h':
			usage(argv[0]);
			return 0;
		case 's':
			addr = optarg;
			break;
		case 't':
			ssl_type = optarg;
			break;
		case 'L':
			ssl_libs = optarg;
			break;
		case 'c':
			ssl_crt = optarg;
			break;
		case 'k':
			ssl_key = optarg;
			break;
		default:
			break;
		}
	}

	acl::acl_cpp_init();
	acl::log::stdout_open(true);

	acl::sslbase_conf* ssl_conf;

	if (ssl_type == "mbedtls") {
		if (ssl_libs.empty()) {
#if defined(__APPLE__)
			ssl_libs = "../libmbedtls.dylib";
#elif defined(__linux__)
			ssl_libs = "../libmbedtls.so";
#elif defined(_WIN32) || defined(_WIN64)
			ssl_libs = "../mbedtls.dll";
#else
# error "unknown OS type"
#endif
		}

		// <20><><EFBFBD><EFBFBD> MbedTLS <20><>̬<EFBFBD><CCAC>·<EFBFBD><C2B7>
		const std::vector<acl::string>& libs = ssl_libs.split2(",; \t");
		if (libs.size() == 1) {
			acl::mbedtls_conf::set_libpath(libs[0]);
		} else if (libs.size() == 3) {
			// libcrypto, libx509, libssl);
			acl::mbedtls_conf::set_libpath(libs[0], libs[1], libs[2]);
		} else {
			printf("invalid ssl_lib=%s\r\n", ssl_libs.c_str());
			return 1;
		}

		// <20><><EFBFBD><EFBFBD> MbedTLS <20><>̬<EFBFBD><CCAC>
		if (!acl::mbedtls_conf::load()) {
			printf("load %s error\r\n", ssl_libs.c_str());
			return 1;
		}

		// <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ<C4A3>µ<EFBFBD>ȫ<EFBFBD><C8AB> SSL <20><><EFBFBD>ö<EFBFBD><C3B6><EFBFBD>
		bool server_side = true;

		// SSL ֤<><D6A4>У<EFBFBD>鼶<EFBFBD><E9BCB6>
		acl::mbedtls_verify_t verify_mode = acl::MBEDTLS_VERIFY_NONE;

		ssl_conf = new acl::mbedtls_conf(server_side, verify_mode);
	} else if (ssl_type == "openssl") {
#if defined(__APPLE__)
		acl::string libssl    = "/usr/local/lib/libssl.dylib";
		acl::string libcrypto = "/usr/local/lib/libcrypto.dylib";
#elif defined(__linux__)
		acl::string libssl    = "/usr/local/lib64/libssl.so";
		acl::string libcrypto = "/usr/local/lib64/libcrypto.so";
#else
# error "Unsupport OS!"
#endif
		if (!ssl_libs.empty()) {
			const std::vector<acl::string>& libs = ssl_libs.split2(",; \t");
			if (libs.size() >= 2) {
				libssl = libs[0];
				libcrypto = libs[1];
			} else {
				libssl = libs[0];
			}
		}

		// <20><><EFBFBD><EFBFBD> OpenSSL <20><>̬<EFBFBD><CCAC><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD>·<EFBFBD><C2B7>
		acl::openssl_conf::set_libpath(libcrypto, libssl);

		// <20><>̬<EFBFBD><CCAC><EFBFBD><EFBFBD> OpenSSL <20><>̬<EFBFBD><CCAC>
		if (!acl::openssl_conf::load()) {
			printf("load ssl error=%s, crypto=%s, ssl=%s\r\n",
				acl::last_serror(), libcrypto.c_str(), libssl.c_str());
			return 1;
		}

		bool server_side = true;
		ssl_conf = new acl::openssl_conf(server_side);
	} else {
		printf("Not support ssl type=%s\r\n", ssl_type.c_str());
		return 1;
	}

	if (!ssl_init(ssl_crt, ssl_key, *ssl_conf)) {
		printf("ssl_init failed\r\n");
		return 1;
	}

	start_server(addr, *ssl_conf);

	delete ssl_conf;
	return 0;
}