%% Copyright (c) 2011, Loïc Hoguin %% %% Permission to use, copy, modify, and/or distribute this software for any %% purpose with or without fee is hereby granted, provided that the above %% copyright notice and this permission notice appear in all copies. %% %% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES %% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF %% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR %% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES %% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN %% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF %% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. %% @doc SSL transport API. %% %% Wrapper around ssl implementing the Cowboy transport API. %% %% This transport requires the crypto, public_key %% and ssl applications to be started. If they aren't started, %% it will try to start them itself before opening a port to listen. %% Applications aren't stopped when the listening socket is closed, though. %% %% @see ssl -module(cowboy_ssl_transport). -export([name/0, messages/0, listen/1, accept/2, recv/3, send/2, setopts/2, controlling_process/2, peername/1, close/1, sockname/1]). %% @doc Name of this transport API, ssl. -spec name() -> ssl. name() -> ssl. %% @doc Atoms used in the process messages sent by this API. %% %% They identify incoming data, closed connection and errors when receiving %% data in active mode. -spec messages() -> {ssl, ssl_closed, ssl_error}. messages() -> {ssl, ssl_closed, ssl_error}. %% @doc Setup a socket to listen on the given port on the local host. %% %% The available options are: %%
%%
port
Mandatory. TCP port number to open.
%%
backlog
Maximum length of the pending connections queue. %% Defaults to 1024.
%%
ip
Interface to listen on. Listen on all interfaces %% by default.
%%
certfile
Mandatory. Path to a file containing the user's %% certificate.
%%
keyfile
Optional. Path to the file containing the user's %% private PEM encoded key.
%%
cacertfile
Optional. Path to file containing PEM encoded %% CA certificates (trusted certificates used for verifying a peer %% certificate).
%%
password
Optional. String containing the user's password. %% All private keyfiles must be password protected currently.
%%
ciphers
Optional. The cipher suites that should be supported. %% The function ssl:cipher_suites/0 can be used to find all available %% ciphers.
%%
%% %% @see ssl:listen/2 -spec listen([{port, inet:port_number()} | {certfile, string()} | {keyfile, string()} | {password, string()} | {cacertfile, string()} | {ip, inet:ip_address()}]) -> {ok, ssl:sslsocket()} | {error, atom()}. listen(Opts) -> require([crypto, public_key, ssl]), {port, Port} = lists:keyfind(port, 1, Opts), Backlog = proplists:get_value(backlog, Opts, 1024), {certfile, CertFile} = lists:keyfind(certfile, 1, Opts), ListenOpts0 = [binary, {active, false}, {backlog, Backlog}, {packet, raw}, {reuseaddr, true}, {certfile, CertFile}], ListenOpts = lists:foldl(fun ({ip, _} = Ip, Acc) -> [Ip | Acc]; ({keyfile, _} = KeyFile, Acc) -> [KeyFile | Acc]; ({cacertfile, _} = CACertFile, Acc) -> [CACertFile | Acc]; ({password, _} = Password, Acc) -> [Password | Acc]; ({ciphers, _} = Ciphers, Acc) -> [Ciphers | Acc]; (_, Acc) -> Acc end, ListenOpts0, Opts), ssl:listen(Port, ListenOpts). %% @doc Accept an incoming connection on a listen socket. %% %% Note that this function does both the transport accept and %% the SSL handshake. %% %% @see ssl:transport_accept/2 %% @see ssl:ssl_accept/2 -spec accept(ssl:sslsocket(), timeout()) -> {ok, ssl:sslsocket()} | {error, closed | timeout | atom()}. accept(LSocket, Timeout) -> case ssl:transport_accept(LSocket, Timeout) of {ok, CSocket} -> ssl_accept(CSocket, Timeout); {error, Reason} -> {error, Reason} end. %% @doc Receive a packet from a socket in passive mode. %% @see ssl:recv/3 -spec recv(ssl:sslsocket(), non_neg_integer(), timeout()) -> {ok, any()} | {error, closed | atom()}. recv(Socket, Length, Timeout) -> ssl:recv(Socket, Length, Timeout). %% @doc Send a packet on a socket. %% @see ssl:send/2 -spec send(ssl:sslsocket(), iolist()) -> ok | {error, atom()}. send(Socket, Packet) -> ssl:send(Socket, Packet). %% @doc Set one or more options for a socket. %% @see ssl:setopts/2 -spec setopts(ssl:sslsocket(), list()) -> ok | {error, atom()}. setopts(Socket, Opts) -> ssl:setopts(Socket, Opts). %% @doc Assign a new controlling process Pid to Socket. %% @see ssl:controlling_process/2 -spec controlling_process(ssl:sslsocket(), pid()) -> ok | {error, closed | not_owner | atom()}. controlling_process(Socket, Pid) -> ssl:controlling_process(Socket, Pid). %% @doc Return the address and port for the other end of a connection. %% @see ssl:peername/1 -spec peername(ssl:sslsocket()) -> {ok, {inet:ip_address(), inet:port_number()}} | {error, atom()}. peername(Socket) -> ssl:peername(Socket). %% @doc Close a TCP socket. %% @see ssl:close/1 -spec close(ssl:sslsocket()) -> ok. close(Socket) -> ssl:close(Socket). %% @doc Get the local address and port of a socket %% @see ssl:sockname/1 -spec sockname(ssl:sslsocket()) -> {ok, {inet:ip_address(), inet:port_number()}} | {error, atom()}. sockname(Socket) -> ssl:sockname(Socket). %% Internal. -spec require(list(module())) -> ok. require([]) -> ok; require([App|Tail]) -> case application:start(App) of ok -> ok; {error, {already_started, App}} -> ok end, require(Tail). -spec ssl_accept(ssl:sslsocket(), timeout()) -> {ok, ssl:sslsocket()} | {error, closed | timeout | atom()}. ssl_accept(Socket, Timeout) -> case ssl:ssl_accept(Socket, Timeout) of ok -> {ok, Socket}; {error, Reason} -> {error, Reason} end.