File Coverage

blib/lib/POE/Component/SSLify/NonBlock.pm

Criterion	Covered	Total	%
statement	21	84	25.0
branch	0	40	0.0
condition	0	7	0.0
subroutine	7	16	43.7
pod	9	9	100.0
total	37	156	23.7

line	stmt	bran	cond	sub	pod	time	code
1							# Declare our package
2							package POE::Component::SSLify::NonBlock;
3	1			1		23968	use strict;
	1					4
	1					37
4	1			1		6	use warnings;
	1					2
	1					30
5	1			1		698	use POE::Component::SSLify::NonBlock::ServerHandle;
	1					4
	1					76
6	1			1		12	use Exporter;
	1					2
	1					43
7
8	1			1		6	use vars qw( $VERSION @ISA );
	1					2
	1					73
9							$VERSION = '0.41';
10
11							@ISA = qw(Exporter);
12	1			1		6	use vars qw( @EXPORT_OK );
	1					1
	1					61
13							@EXPORT_OK = qw( Server_SSLify_NonBlock SSLify_Options_NonBlock_ClientCert Server_SSLify_NonBlock_ClientCertVerifyAgainstCRL Server_SSLify_NonBlock_SSLDone
14							Server_SSLify_NonBlock_GetClientCertificateIDs Server_SSLify_NonBlock_ClientCertificateExists Server_SSLify_NonBlock_ClientCertIsValid Server_SSLify_NonBlock_STARTTLS);
15
16	1			1		1010	use Symbol qw( gensym );
	1					936
	1					1002
17
18							sub Server_SSLify_NonBlock_SSLDone {
19	0			0	1		my $socket = shift;
20	0	0					my $acceptstateclient = tied( *$socket )->_get_self()->{acceptstate}
21							if exists(tied( *$socket )->_get_self()->{acceptstate});
22	0	0					return 1 if ($acceptstateclient > 2);
23	0						return 0;
24							}
25
26							sub SSLify_Options_NonBlock_ClientCert {
27	0			0	1		my $ctx = shift;
28	0						my $cacrt = shift;
29	0		0				my $count = shift \|\| 5;
30							# CA File einlesen, wenn wir eins haben
31	0	0					Net::SSLeay::CTX_load_verify_locations($ctx, $cacrt, '') \|\| die $!;
32
33							# Setzen welche Clientzertifkate wir moegen...
34	0						Net::SSLeay::CTX_set_client_CA_list($ctx, Net::SSLeay::load_client_CA_file($cacrt));
35
36							# Wir ueberpruefen auch signierte Zertifikate....
37	0						Net::SSLeay::CTX_set_verify_depth($ctx, $count);
38							}
39
40							# Okay, the main routine here!
41							sub Server_SSLify_NonBlock {
42							# Get the socket!
43	0			0	1		my $ctx = shift;
44	0						my $socket = shift;
45	0						my $params = shift;
46
47							# Validation...
48	0	0					if ( ! defined $socket ) {
49	0						die "Did not get a defined socket";
50							}
51
52							# If we don't have a ctx ready, we can't do anything...
53	0	0					if ( ! defined $ctx ) {
54	0						die 'Please do SSLify_Options() first';
55							}
56
57	0						$socket->blocking( 0 );
58
59							# Now, we create the new socket and bind it to our subclass of Net::SSLeay::Handle
60	0						my $newsock = gensym();
61	0	0					tie( *$newsock, 'POE::Component::SSLify::NonBlock::ServerHandle', $socket, $ctx, $params ) or die "Unable to tie to our subclass: $!";
62
63							# All done!
64	0						return $newsock;
65							}
66
67							sub Server_SSLify_NonBlock_ClientCertificateExists {
68	0			0	1		my $socket = shift;
69	0						my $infos = tied( *$socket )->_get_self()->{infos};
70	0		0				return ((ref($infos) eq "ARRAY") && ($infos->[1]));
71							}
72
73							sub Server_SSLify_NonBlock_ClientCertIsValid {
74	0			0	1		my $socket = shift;
75	0						my $infos = tied( *$socket )->_get_self()->{infos};
76	0	0	0				return Server_SSLify_NonBlock_ClientCertificateExists($socket) ? (($infos->[0] eq "1") && (ref($infos->[2]) eq "ARRAY") && scalar(@{$infos->[2]})) ? 1 : 0 : 0;
		0
77							}
78
79							sub Server_SSLify_NonBlock_GetClientCertificateIDs {
80	0			0	1		my $socket = shift;
81	0						my $infos = tied( *$socket )->_get_self()->{infos};
82	0	0					return Server_SSLify_NonBlock_ClientCertificateExists($socket) ? @{$infos->[2]} : undef;
	0
83							}
84
85							sub Server_SSLify_NonBlock_ClientCertVerifyAgainstCRL {
86	0			0	1		my $socket = shift;
87	0						my $crlfilename = shift;
88	0						my $infos = tied( *$socket )->_get_self()->{infos};
89	0						my @certids = Server_SSLify_NonBlock_GetClientCertificateIDs($socket);
90	0	0					if (scalar(@certids)) {
91	0						my $found = 0;
92	0						my $badcrls = 0;
93	0						my $jump = 0;
94	0	0					print("----- SSL Infos BEGIN ---------------"."\n")
95							if (tied( *$socket )->_get_self()->{debug});
96	0						foreach (@{$infos->[2]}) {
	0
97	0						my $crlstatus = Net::SSLeay::verify_serial_against_crl_file($crlfilename, $_->[2]);
98	0	0					$badcrls++ if $crlstatus;
99	0	0					$crlstatus = $crlstatus ? "INVALID (".($crlstatus !~ m,^CRL:, ? hexdump($crlstatus) : $crlstatus).")" : "VALID";
		0
100	0						my $t = (" " x $jump++);
101	0	0					if (ref($_) eq "ARRAY") {
102	0	0					if (tied( *$socket )->_get_self()->{debug}){
103	0	0					print(" ".$t." \|---[ Subcertificate ]---\n") if $t;
104	0						print(" ".$t." \| Subject Name: ".$_->[0]."\n");
105	0						print(" ".$t." \| Issuer Name : ".$_->[1]."\n");
106	0						print(" ".$t." \| Serial : ".hexdump($_->[2])."\n");
107	0						print(" ".$t." \| CRL Status : ".$crlstatus."\n");
108							}
109							} else {
110	0	0					print(" NOCERTINFOS!"."\n")
111							if (tied( *$socket )->_get_self()->{debug});
112	0						return 0;
113							}
114							}
115	0	0					print("----- SSL Infos END -----------------"."\n")
116							if (tied( *$socket )->_get_self()->{debug});
117	0	0					return 1 unless $badcrls;
118							}
119	0						return 0;
120							}
121
122							sub Server_SSLify_NonBlock_STARTTLS {
123	0			0	1		my $socket = shift;
124	0						my $self = tied( *$socket )->_get_self();
125	0						$self->dobeginSSL();
126							}
127
128	0			0	1		sub hexdump { join ':', map { sprintf "%02X", $_ } unpack "C*", $_[0]; }
	0
129
130							__END__