%% Copyright (c) 2011, Loïc Hoguin %% %% Permission to use, copy, modify, and/or distribute this software for any %% purpose with or without fee is hereby granted, provided that the above %% copyright notice and this permission notice appear in all copies. %% %% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES %% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF %% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR %% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES %% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN %% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF %% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. %% @doc SSL transport API. %% %% Wrapper around ssl implementing the Cowboy transport API. %% %% This transport requires the crypto, public_key %% and ssl applications to be started. If they aren't started, %% it will try to start them itself before opening a port to listen. %% Applications aren't stopped when the listening socket is closed, though. %% %% @see ssl -module(cowboy_ssl_transport). -export([name/0, messages/0, listen/1, accept/2, recv/3, send/2, setopts/2, controlling_process/2, peername/1, close/1]). %% @doc Name of this transport API, ssl. -spec name() -> ssl. name() -> ssl. %% @doc Atoms used in the process messages sent by this API. %% %% They identify incoming data, closed connection and errors when receiving %% data in active mode. -spec messages() -> {ssl, ssl_closed, ssl_error}. messages() -> {ssl, ssl_closed, ssl_error}. %% @doc Setup a socket to listen on the given port on the local host. %% %% The available options are: %%
%%
port
Mandatory. TCP port number to open.
%%
backlog
Maximum length of the pending connections queue. %% Defaults to 1024.
%%
ip
Interface to listen on. Listen on all interfaces %% by default.
%%
certfile
Mandatory. Path to a file containing the user's %% certificate.
%%
keyfile
Mandatory. Path to the file containing the user's %% private PEM encoded key.
%%
cacertfile
Optional. Path to file containing PEM encoded %% CA certificates (trusted certificates used for verifying a peer %% certificate).
%%
password
Mandatory. String containing the user's password. %% All private keyfiles must be password protected currently.
%%
%% %% @see ssl:listen/2 %% @todo The password option shouldn't be mandatory. -spec listen([{port, inet:ip_port()} | {certfile, string()} | {keyfile, string()} | {password, string()} | {cacertfile, string()} | {ip, inet:ip_address()}]) -> {ok, ssl:sslsocket()} | {error, atom()}. listen(Opts) -> require([crypto, public_key, ssl]), {port, Port} = lists:keyfind(port, 1, Opts), Backlog = proplists:get_value(backlog, Opts, 1024), {certfile, CertFile} = lists:keyfind(certfile, 1, Opts), {keyfile, KeyFile} = lists:keyfind(keyfile, 1, Opts), {password, Password} = lists:keyfind(password, 1, Opts), ListenOpts0 = [binary, {active, false}, {backlog, Backlog}, {packet, raw}, {reuseaddr, true}, {certfile, CertFile}, {keyfile, KeyFile}, {password, Password}], ListenOpts1 = case lists:keyfind(ip, 1, Opts) of false -> ListenOpts0; Ip -> [Ip|ListenOpts0] end, ListenOpts = case lists:keyfind(cacertfile, 1, Opts) of false -> ListenOpts1; CACertFile -> [CACertFile|ListenOpts1] end, ssl:listen(Port, ListenOpts). %% @doc Accept an incoming connection on a listen socket. %% %% Note that this function does both the transport accept and %% the SSL handshake. %% %% @see ssl:transport_accept/2 %% @see ssl:ssl_accept/2 -spec accept(ssl:sslsocket(), timeout()) -> {ok, ssl:sslsocket()} | {error, closed | timeout | atom()}. accept(LSocket, Timeout) -> case ssl:transport_accept(LSocket, Timeout) of {ok, CSocket} -> ssl_accept(CSocket, Timeout); {error, Reason} -> {error, Reason} end. %% @doc Receive a packet from a socket in passive mode. %% @see ssl:recv/3 -spec recv(ssl:sslsocket(), non_neg_integer(), timeout()) -> {ok, any()} | {error, closed | atom()}. recv(Socket, Length, Timeout) -> ssl:recv(Socket, Length, Timeout). %% @doc Send a packet on a socket. %% @see ssl:send/2 -spec send(ssl:sslsocket(), iolist()) -> ok | {error, atom()}. send(Socket, Packet) -> ssl:send(Socket, Packet). %% @doc Set one or more options for a socket. %% @see ssl:setopts/2 -spec setopts(ssl:sslsocket(), list()) -> ok | {error, atom()}. setopts(Socket, Opts) -> ssl:setopts(Socket, Opts). %% @doc Assign a new controlling process Pid to Socket. %% @see ssl:controlling_process/2 -spec controlling_process(ssl:sslsocket(), pid()) -> ok | {error, closed | not_owner | atom()}. controlling_process(Socket, Pid) -> ssl:controlling_process(Socket, Pid). %% @doc Return the address and port for the other end of a connection. %% @see ssl:peername/1 -spec peername(ssl:sslsocket()) -> {ok, {inet:ip_address(), inet:ip_port()}} | {error, atom()}. peername(Socket) -> ssl:peername(Socket). %% @doc Close a TCP socket. %% @see ssl:close/1 -spec close(ssl:sslsocket()) -> ok. close(Socket) -> ssl:close(Socket). %% Internal. -spec require(list(module())) -> ok. require([]) -> ok; require([App|Tail]) -> case application:start(App) of ok -> ok; {error, {already_started, App}} -> ok end, require(Tail). -spec ssl_accept(ssl:sslsocket(), timeout()) -> {ok, ssl:sslsocket()} | {error, closed | timeout | atom()}. ssl_accept(Socket, Timeout) -> case ssl:ssl_accept(Socket, Timeout) of ok -> {ok, Socket}; {error, Reason} -> {error, Reason} end.