wip: ss c++ classes

C++ APIs wrapping SS client


These are intended to provide an experimental protocol-independent c++
api even more abstracted than secure streams, along the lines of
"wget -Omyfile https://example.com/thing"

WIP

.gitignore

@@ -62,3 +62,4 @@ doc
 /q/
 /b1/
 /destdir/
+/bb1/

CMakeLists.txt

@@ -63,7 +63,7 @@ if (ESP_PLATFORM)
 endif()
 
 # it's at this point any toolchain file is brought in
-project(libwebsockets C)
+project(libwebsockets C CXX)
 include(CTest)
 
 #
@@ -125,6 +125,7 @@ endif()
 # Secure Streams
 #
 option(LWS_WITH_SECURE_STREAMS "Secure Streams protocol-agnostic API" OFF)
+option(LWS_WITH_SECURE_STREAMS_CPP "Secure Streams C++ classes" OFF)
 option(LWS_WITH_SECURE_STREAMS_PROXY_API "Secure Streams support to work across processes" OFF)
 option(LWS_WITH_SECURE_STREAMS_SYS_AUTH_API_AMAZON_COM "Auth support for api.amazon.com" OFF)
 option(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY "Secure Streams Policy is hardcoded only" OFF)
@@ -724,6 +725,7 @@ if ((CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) AND NOT LWS_WITHOUT_TE
 	# jeez clang understands -pthread but dies if he sees it at link time!
 	# http://stackoverflow.com/questions/2391194/what-is-gs-pthread-equiv-in-clang
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread" )
+	list(APPEND LIB_LIST_AT_END -lpthread)
     endif()
 endif()
 

cmake/lws_config.h.in

@@ -121,6 +121,7 @@
 #cmakedefine LWS_WITH_SYS_ASYNC_DNS
 #cmakedefine LWS_WITH_BORINGSSL
 #cmakedefine LWS_WITH_CGI
+#cmakedefine LWS_WITH_SECURE_STREAMS_CPP
 #cmakedefine LWS_WITH_CUSTOM_HEADERS
 #cmakedefine LWS_WITH_DEPRECATED_LWS_DLL
 #cmakedefine LWS_WITH_DETAILED_LATENCY

include/libwebsockets.hxx

@@ -0,0 +1,148 @@
+/*
+ * libwebsockets - small server side websockets and web server implementation
+ *
+ * Copyright (C) 2020 Andy Green <andy@warmcat.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ *
+ * C++ classes for Secure Streams
+ */
+
+#include <map>
+#include <set>
+#include <list>
+#include <string>
+#include <vector>
+#include <exception>
+
+#include "libwebsockets.h"
+
+class lss;
+
+/*
+ * Exception subclass for lss-specific issues
+ */
+
+class lssException : public std::exception
+{
+private:
+	std::string details;
+public:
+	lssException(std::string _details) { details = _details; }
+	~lssException() throw() { }
+	virtual const char *what() const throw() { return details.c_str(); }
+};
+
+typedef struct lssbuf {
+	uint8_t				*buf;
+	size_t				len;
+} lssbuf_t;
+
+class lssAc
+{
+private:
+	struct lwsac			*ac;
+	struct lwsac			*iter;
+	lssAc() { ac = NULL; }
+	~lssAc() { lwsac_free(&ac); }
+
+public:
+	void append(lssbuf_t *lb);
+	void start(bool atomic);
+	int get(lssbuf_t *lb);
+};
+
+/*
+ * Fixed userdata priv used with ss creation... userdata lives in the lss
+ * subclasses' members
+ */
+
+class lssPriv
+{
+public:
+	struct lws_ss_handle		*m_ss;
+	void				*m_plss;
+};
+
+#define userobj_to_lss(uo) ((lss *)(((lssPriv *)userobj)->m_plss))
+
+/*
+ * The completion callback... it's called once, and state will be one of
+ *
+ * LWSSSCS_QOS_ACK_REMOTE:     it completed OK
+ * LWSSSCS_DESTROYING:         we didn't complete
+ * LWSSSCS_ALL_RETRIES_FAILED:  "
+ * LWSSSCS_QOS_NACK_REMOTE:     "
+ */
+
+typedef int (*lsscomp_t)(lss *lss, lws_ss_constate_t state, void *arg);
+
+/*
+ * Base class for Secure Stream objects
+ */
+
+class lss
+{
+public:
+	lss(lws_ctx_t _ctx, std::string _uri, lsscomp_t _comp, bool _psh,
+	    lws_sscb_rx rx, lws_sscb_tx tx, lws_sscb_state state);
+	virtual ~lss();
+	int call_completion(lws_ss_constate_t state);
+
+	lsscomp_t			comp;
+	struct lws_ss_handle		*m_ss;
+	uint64_t			rxlen;
+	lws_usec_t			us_start;
+
+private:
+	lws_ctx_t			ctx;
+	char				*uri;
+	lws_ss_policy_t			pol;
+	bool				comp_done;
+};
+
+/*
+ * Subclass of lss for atomic messages on heap
+ */
+
+class lssMsg : public lss
+{
+public:
+	lssMsg(lws_ctx_t _ctx, lsscomp_t _comp, std::string _uri);
+	virtual ~lssMsg();
+};
+
+/*
+ * Subclass of lss for file transactions
+ */
+
+class lssFile : public lss
+{
+public:
+	lssFile(lws_ctx_t _ctx, std::string _uri, std::string _path,
+		lsscomp_t _comp, bool _psh);
+	virtual ~lssFile();
+	lws_ss_state_return_t write(const uint8_t *buf, size_t len, int flags);
+
+	std::string			path;
+
+private:
+	lws_filefd_type			fd;
+	bool				push;
+};

include/libwebsockets/lws-secure-streams.h

@@ -327,6 +327,8 @@ typedef lws_ss_state_return_t (*lws_sscb_state)(void *userobj, void *h_src,
 						lws_ss_constate_t state,
 						lws_ss_tx_ordinal_t ack);
 
+struct lws_ss_policy;
+
 typedef struct lws_ss_info {
 	const char *streamtype; /**< type of stream we want to create */
 	size_t	    user_alloc; /**< size of user allocation */
@@ -336,6 +338,12 @@ typedef struct lws_ss_info {
 	/**< offset of opaque user data ptr in user_alloc type, set to
 	     offsetof(mytype, opaque_ud_member) */
 
+#if defined(LWS_WITH_SECURE_STREAMS_CPP)
+	const struct lws_ss_policy	*policy;
+	/**< Normally NULL, or a locally-generated policy to apply to this
+	 * connection instead of a named streamtype */
+#endif
+
 	lws_sscb_rx rx;
 	/**< callback with rx payload for this stream */
 	lws_sscb_tx tx;

lib/misc/CMakeLists.txt

@@ -80,6 +80,9 @@ if (LWS_WITH_LWSAC)
 		list(APPEND SOURCES
 			misc/lwsac/cached-file.c)
 	endif()
+	if (LWS_WITH_SECURE_STREAMS_CPP)
+		list(APPEND SOURCES misc/lwsac/lwsac.cxx)
+	endif()
 endif()
 
 if (NOT LWS_WITHOUT_BUILTIN_SHA1)

lib/misc/lwsac/lwsac.cxx

@@ -0,0 +1,80 @@
+/*
+ * libwebsockets - small server side websockets and web server implementation
+ *
+ * Copyright (C) 2020 Andy Green <andy@warmcat.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ *
+ * C++ classes for Secure Streams - atomic heap messages
+ */
+
+#include <libwebsockets.hxx>
+#include "private-lib-misc-lwsac.h"
+
+void
+lssAc::start(bool atomic)
+{
+	if (atomic && ac->next) {
+		struct lwsac *ac2 = NULL, *i;
+		size_t total = (size_t)lwsac_total_alloc(ac);
+		uint8_t *p = (uint8_t *)lwsac_use(&ac2, total, total);
+
+		/*
+		 * He wants a single linear buffer, and we have more than one
+		 * piece... let's make a new, single one, copy the fragments
+		 * in and replace the fragmented one with the unified copy.
+		 */
+
+		i = ac;
+		while (i) {
+			size_t bl = lwsac_get_tail_pos(i) -
+						lwsac_sizeof(i == ac);
+			memcpy(p, (uint8_t *)i + lwsac_sizeof(i == ac), bl);
+			p += bl;
+		}
+
+		lwsac_free(&ac);
+		ac = ac2;
+	}
+
+	iter = ac;
+}
+
+int
+lssAc::get(lssbuf_t *lb)
+{
+	if (!ac)
+		return 1;
+
+	lb->buf = (uint8_t *)iter + lwsac_sizeof(iter == ac);
+	lb->len = lwsac_get_tail_pos(iter) - lwsac_sizeof(iter == ac);
+	iter = iter->next;
+
+	return 0;
+}
+
+void
+lssAc::append(lssbuf_t *lb)
+{
+	uint8_t *p = (uint8_t *)lwsac_use(&ac, lb->len, lb->len);
+
+	if (!p)
+		throw lssException("oom");
+	memcpy(p, lb->buf, lb->len);
+}

lib/plat/unix/private-lib-plat-unix.h

@@ -196,9 +196,6 @@ delete_from_fd(const struct lws_context *context, int fd);
  #define MSG_NOSIGNAL 0
 #endif
 
-int
-lws_plat_BINDTODEVICE(int fd, const char *ifname);
-
 int
 lws_plat_rawudp_broadcast(uint8_t *p, const uint8_t *canned, int canned_len,
 			  int n, int fd, const char *iface);

lib/secure-streams/CMakeLists.txt

@@ -78,6 +78,17 @@ if (LWS_WITH_CLIENT)
 			)
 		endif()
 
+		if (LWS_WITH_SECURE_STREAMS_CPP)
+			list(APPEND SOURCES secure-streams/cpp/lss.cxx)
+
+			if (LWS_ROLE_H1 OR LWS_ROLE_H2)
+				list(APPEND SOURCES secure-streams/cpp/lssFile.cxx)
+			endif()
+
+			if (LWS_ROLE_WS)
+				list(APPEND SOURCES secure-streams/cpp/lssMsg.cxx)
+			endif()
+		endif()
 
 	#
 	# Helper function for adding a secure stream plugin

lib/secure-streams/cpp/README.md

@@ -0,0 +1,29 @@
+## Secure Streams client C++ API
+
+Enable for build by selecting `-DLWS_WITH_SECURE_STREAMS=1 -DLWS_WITH_SECURE_STREAMS_CPP=1` at
+cmake.
+
+Because it's designed for OpenSSL + system trust bundle, the minimal
+example minimal-secure-streams-cpp requires `-DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_MBEDTLS=0`
+
+By default the -cpp example downloads https://warmcat.com/test-a.bin to the local
+file /tmp/test-a.bin.  By giving, eg, -c 4, you can run four concurrent downloads of
+files test-a.bin through test-d.bin... up to 12 files may be downloaded concurrently.
+
+By default it will connect over h2 and share the single connection between all the
+downloads.
+
+### File level api
+
+```
+#include <libwebsockets.hxx>
+
+...
+
+	new lssFile(context, "https://warmcat.com/index.html",
+			"/tmp/index.html", lss_completion, 0);
+```
+
+This will copy the remote url to the given local file, and call the
+completion callback when it has succeeded or failed.
+

lib/secure-streams/cpp/lss.cxx

@@ -0,0 +1,154 @@
+/*
+ * libwebsockets - small server side websockets and web server implementation
+ *
+ * Copyright (C) 2020 Andy Green <andy@warmcat.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ *
+ * C++ classes for Secure Streams
+ */
+
+#include <libwebsockets.hxx>
+
+static const char *pcols[] = {
+	"http://",	/* LWSSSP_H1 */
+	"https://",
+	"h2://",	/* LWSSSP_H2 */
+	"h2s://",
+	"ws://",	/* LWSSSP_WS */
+	"wss://",
+	"mqtt://",	/* LWSSSP_MQTT */
+	"mqtts://",
+	"raw://",	/* LWSSSP_RAW */
+	"raws://",
+};
+
+static const uint8_t pcols_len[] = {
+	7, 8, 5, 6, 5, 6, 7, 8, 6, 7
+};
+
+static const uint16_t pcols_port[] = {
+	80, 443, 443, 443, 80, 443, 1883, 8883, 80, 443
+};
+
+lss::lss(lws_ctx_t _ctx, std::string _uri, lsscomp_t _comp, bool _psh,
+	 lws_sscb_rx rx, lws_sscb_tx tx, lws_sscb_state state)
+{
+	const char *p, *urlpath;
+	lws_ss_info_t ssi;
+	int n, port;
+
+	memset(&ssi, 0, sizeof(ssi));
+	memset(&pol, 0, sizeof(pol));
+
+	ctx		= _ctx;
+	comp		= _comp;
+	comp_done	= 0;
+	rxlen		= 0;
+
+	/*
+	 * We have a common stub userdata, our "real" userdata is in the
+	 * derived class members.   The Opaque user pointer points to the
+	 * lss itself.
+	 */
+
+	ssi.handle_offset	    = offsetof(lssPriv, lssPriv::m_ss);
+	ssi.opaque_user_data_offset = offsetof(lssPriv, lssPriv::m_plss);
+
+	ssi.user_alloc	= sizeof(lssPriv);
+	ssi.rx		= rx;
+	ssi.tx		= tx;
+	ssi.state	= state;
+	ssi.policy	= &pol; /* we will provide our own policy */
+
+	/*
+	 * _uri is like "https://warmcat.com:443/index.html"... we need to
+	 * deconstruct it into its policy implications
+	 */
+
+	uri = strdup(_uri.c_str());
+
+	for (n = 0; n < LWS_ARRAY_SIZE(pcols); n++)
+		if (!strncmp(uri, pcols[n], pcols_len[n]))
+			break;
+
+	if (n == LWS_ARRAY_SIZE(pcols))
+		throw lssException("unknown uri protocol://");
+
+	pol.protocol = n >> 1;
+	if (n & 1)
+		pol.flags |= LWSSSPOLF_TLS;
+
+	n = pcols_port[n];
+
+	if (lws_parse_uri(uri, &p, &pol.endpoint, &n, &urlpath))
+		throw lssException("unable to parse uri://");
+
+	pol.port = (uint16_t)n;
+
+	if (pol.protocol <= LWSSSP_WS) {
+		pol.u.http.url = urlpath;
+
+		/*
+		 * These are workarounds for common h2 server noncompliances
+		 */
+
+		pol.flags |= LWSSSPOLF_QUIRK_NGHTTP2_END_STREAM |
+			     LWSSSPOLF_H2_QUIRK_OVERFLOWS_TXCR |
+			     LWSSSPOLF_H2_QUIRK_UNCLEAN_HPACK_STATE;
+
+		if (pol.protocol < LWSSSP_WS)
+			pol.u.http.method = _psh ? "POST" : "GET";
+	}
+
+	us_start = lws_now_usecs();
+
+	if (lws_ss_create(ctx, 0, &ssi, (void *)this, &m_ss, NULL, NULL))
+		goto blow;
+
+	if (pol.protocol <= LWSSSP_WS)
+		lws_ss_client_connect(m_ss);
+
+	return;
+
+blow:
+	if (uri)
+		free(uri);
+	throw lssException("ss creation failed");
+}
+
+lss::~lss()
+{
+	if (uri)
+		free(uri);
+	if (m_ss)
+		lws_ss_destroy(&m_ss);
+}
+
+int lss::call_completion(lws_ss_constate_t state)
+{
+	if (comp_done)
+		return 0;
+	if (!comp)
+		return 0;
+
+	comp_done = 1;
+
+	return comp(this, state, NULL);
+}

lib/secure-streams/cpp/lssFile.cxx

@@ -0,0 +1,132 @@
+/*
+ * libwebsockets - small server side websockets and web server implementation
+ *
+ * Copyright (C) 2020 Andy Green <andy@warmcat.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ *
+ * C++ classes for Secure Streams - file transaction
+ */
+
+#include <libwebsockets.hxx>
+
+#include <stdlib.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+static lws_ss_state_return_t
+lssfile_rx(void *userobj, const uint8_t *buf, size_t len, int flags)
+{
+	lssFile *lf = (lssFile *)userobj_to_lss(userobj);
+
+	return lf->write(buf, len, flags);
+}
+
+static lws_ss_state_return_t
+lssfile_tx(void *userobj, lws_ss_tx_ordinal_t ord,uint8_t *buf, size_t *len,
+   int *flags)
+{
+	/*
+	 * TODO: we don't know how to send things yet
+	 */
+	return LWSSSSRET_TX_DONT_SEND;
+}
+
+static lws_ss_state_return_t
+lssfile_state(void *userobj, void *h_src, lws_ss_constate_t state,
+      lws_ss_tx_ordinal_t ack)
+{
+	lssFile *lf = (lssFile *)userobj_to_lss(userobj);
+
+	lwsl_info("%s: state %s\n", __func__, lws_ss_state_name(state));
+
+	switch (state) {
+
+	/*
+	 * These reflect some kind of final disposition for the transaction,
+	 * that we want to report along with the completion.  If no other chance
+	 * we'll report DESTROYING
+	 */
+
+	case LWSSSCS_DESTROYING:
+	case LWSSSCS_ALL_RETRIES_FAILED:
+	case LWSSSCS_QOS_ACK_REMOTE:
+	case LWSSSCS_QOS_NACK_REMOTE:
+		lf->call_completion(state);
+
+		if (state == LWSSSCS_DESTROYING) {
+			/*
+			 * we get DESTROYING because we are already in the
+			 * middle of destroying the m_ss, unlink the C++ lss
+			 * from the ss handle so it won't recursively try to
+			 * destroy it
+			 */
+			lf->m_ss = NULL;
+			delete lf;
+		}
+
+		break;
+	}
+
+	return LWSSSSRET_OK;
+}
+
+lws_ss_state_return_t lssFile::write(const uint8_t *buf, size_t len, int flags)
+{
+	if (fd == LWS_INVALID_FILE) {
+
+		fd = open(path.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0640);
+		if (fd == LWS_INVALID_FILE)
+			return LWSSSSRET_DESTROY_ME;
+	}
+
+	if (::write(fd, buf, len) != len) {
+		close(fd);
+		fd = LWS_INVALID_FILE;
+
+		return LWSSSSRET_DESTROY_ME;
+	}
+
+	rxlen += len;
+
+	if (flags & LWSSS_FLAG_EOM) {
+		close(fd);
+		fd = LWS_INVALID_FILE;
+	}
+
+	return LWSSSSRET_OK;
+}
+
+lssFile::lssFile(lws_ctx_t ctx, std::string uri, std::string _path,
+		 lsscomp_t comp, bool _psh) :
+	 lss(ctx, uri, comp, _psh, lssfile_rx, lssfile_tx, lssfile_state)
+{
+	path = _path;
+	push = _psh;
+	fd = LWS_INVALID_FILE;
+}
+
+lssFile::~lssFile()
+{
+	if (fd == LWS_INVALID_FILE)
+		return;
+
+	close(fd);
+	fd = LWS_INVALID_FILE;
+}

lib/secure-streams/cpp/lssMsg.cxx

@@ -0,0 +1,60 @@
+/*
+ * libwebsockets - small server side websockets and web server implementation
+ *
+ * Copyright (C) 2020 Andy Green <andy@warmcat.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ *
+ * C++ classes for Secure Streams - atomic heap messages
+ */
+
+#include <libwebsockets.hxx>
+
+static lws_ss_state_return_t
+lssmsg_rx(void *userobj, const uint8_t *buf, size_t len, int flags)
+{
+	return LWSSSSRET_OK;
+}
+
+static lws_ss_state_return_t
+lssmsg_tx(void *userobj, lws_ss_tx_ordinal_t ord,uint8_t *buf, size_t *len,
+   int *flags)
+{
+	/*
+	 * TODO: we don't know how to send things yet
+	 */
+	return LWSSSSRET_TX_DONT_SEND;
+}
+
+static lws_ss_state_return_t
+lssmsg_state(void *userobj, void *h_src, lws_ss_constate_t state,
+		lws_ss_tx_ordinal_t ack)
+{
+	return LWSSSSRET_OK;
+}
+
+
+lssMsg::lssMsg(lws_ctx_t ctx, lsscomp_t _comp, std::string uri) :
+	lss(ctx, uri, comp, 0, lssmsg_rx, lssmsg_tx, lssmsg_state)
+{
+}
+
+lssMsg::~lssMsg()
+{
+}

lib/secure-streams/secure-streams.c

@@ -517,12 +517,19 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi,
 	char *p;
 	int n;
 
-	pol = lws_ss_policy_lookup(context, ssi->streamtype);
+#if defined(LWS_WITH_SECURE_STREAMS_CPP)
+	pol = ssi->policy;
 	if (!pol) {
-		lwsl_info("%s: unknown stream type %s\n", __func__,
-			  ssi->streamtype);
-		return 1;
+#endif
+		pol = lws_ss_policy_lookup(context, ssi->streamtype);
+		if (!pol) {
+			lwsl_info("%s: unknown stream type %s\n", __func__,
+				  ssi->streamtype);
+			return 1;
+		}
+#if defined(LWS_WITH_SECURE_STREAMS_CPP)
 	}
+#endif
 
 	if (ssi->flags & LWSSSINFLAGS_REGISTER_SINK) {
 		/*
@@ -562,7 +569,8 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi,
 	 * ... when we come to destroy it, just one free to do.
 	 */
 
-	size = sizeof(*h) + ssi->user_alloc + strlen(ssi->streamtype) + 1;
+	size = sizeof(*h) + ssi->user_alloc +
+			(ssi->streamtype ? strlen(ssi->streamtype): 0) + 1;
 #if defined(LWS_WITH_SSPLUGINS)
 	if (pol->plugins[0])
 		size += pol->plugins[0]->alloc;
@@ -623,7 +631,8 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi,
 		smd = smd->next;
 	}
 
-	memcpy(p, ssi->streamtype, strlen(ssi->streamtype) + 1);
+	if (ssi->streamtype)
+		memcpy(p, ssi->streamtype, strlen(ssi->streamtype) + 1);
 	/* don't mark accepted ss as being the server */
 	if (ssi->flags & LWSSSINFLAGS_SERVER)
 		h->info.flags &= ~LWSSSINFLAGS_SERVER;
@@ -804,6 +813,9 @@ void
 lws_ss_destroy(lws_ss_handle_t **ppss)
 {
 	struct lws_context_per_thread *pt;
+#if defined(LWS_WITH_SERVER)
+	struct lws_vhost *v = NULL;
+#endif
 	lws_ss_handle_t *h = *ppss;
 	lws_ss_metadata_t *pmd;
 
@@ -847,7 +859,18 @@ lws_ss_destroy(lws_ss_handle_t **ppss)
 	lws_dll2_remove(&h->to_list);
 	lws_sul_cancel(&h->sul_timeout);
 
+	/*
+	 * for lss, DESTROYING deletes the C++ lss object, making the
+	 * self-defined h->policy radioactive
+	 */
+
+#if defined(LWS_WITH_SERVER)
+	if (h->policy->flags & LWSSSPOLF_SERVER)
+		v = lws_get_vhost_by_name(h->context, h->policy->streamtype);
+#endif
+
 	(void)lws_ss_event_helper(h, LWSSSCS_DESTROYING);
+
 	lws_pt_unlock(pt);
 
 	/* in proxy case, metadata value on heap may need cleaning up */
@@ -879,18 +902,13 @@ lws_ss_destroy(lws_ss_handle_t **ppss)
 #endif
 
 #if defined(LWS_WITH_SERVER)
-	if (h->policy->flags & LWSSSPOLF_SERVER) {
-		struct lws_vhost *v = lws_get_vhost_by_name(h->context,
-							h->policy->streamtype);
-
+	if (v)
 		/*
 		 * For server, the policy describes a vhost that implements the
 		 * server, when we take down the ss, we take down the related
 		 * vhost (if it got that far)
 		 */
-		if (v)
-			lws_vhost_destroy(v);
-	}
+		lws_vhost_destroy(v);
 #endif
 
 	/* confirm no sul left scheduled in handle or user allocation object */

minimal-examples/secure-streams/minimal-secure-streams-cpp/CMakeLists.txt

@@ -0,0 +1,50 @@
+project(lws-minimal-secure-streams-cpp CXX)
+cmake_minimum_required(VERSION 2.8.12)
+find_package(libwebsockets CONFIG REQUIRED)
+list(APPEND CMAKE_MODULE_PATH ${LWS_CMAKE_DIR})
+include(CheckCSourceCompiles)
+include(LwsCheckRequirements)
+
+set(SAMP lws-minimal-secure-streams-cpp)
+
+set(requirements 1)
+require_lws_config(LWS_ROLE_H1 1 requirements)
+require_lws_config(LWS_WITHOUT_CLIENT 0 requirements)
+require_lws_config(LWS_WITH_MBEDTLS 0 requirements)
+require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements)
+require_lws_config(LWS_WITH_SECURE_STREAMS_CPP 1 requirements)
+require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements)
+
+if (requirements)
+	add_executable(${SAMP} main.cxx)
+
+	if (LWS_CTEST_INTERNET_AVAILABLE)
+		add_test(NAME sscpp-warmcat COMMAND lws-minimal-secure-streams-cpp)
+		set_tests_properties(sscpp-warmcat
+				     PROPERTIES
+				     WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/secure-streams/minimal-secure-streams-cpp
+				     TIMEOUT 20)
+	endif()
+
+	if (websockets_shared)
+		target_link_libraries(${SAMP} websockets_shared ${LIBWEBSOCKETS_DEP_LIBS})
+		add_dependencies(${SAMP} websockets_shared)
+	else()
+		target_link_libraries(${SAMP} websockets ${LIBWEBSOCKETS_DEP_LIBS})
+	endif()
+
+	CHECK_C_SOURCE_COMPILES("#include <libwebsockets.h>\nint main(void) {\ni#if defined(LWS_WITH_SECURE_STREAMS_PROXY_API)\n return 0;\n #else\n fail\n #endif\n return 0;\n}\n" HAS_LWS_WITH_SECURE_STREAMS_PROXY_API)
+
+	if (HAS_LWS_WITH_SECURE_STREAMS_PROXY_API OR LWS_WITH_SECURE_STREAMS_PROXY_API)
+		add_compile_options(-DLWS_SS_USE_SSPC)
+
+		add_executable(${SAMP}-client main.cxx)
+		if (websockets_shared)
+			target_link_libraries(${SAMP}-client websockets_shared ${LIBWEBSOCKETS_DEP_LIBS})
+			add_dependencies(${SAMP}-client websockets_shared)
+		else()
+			target_link_libraries(${SAMP}-client websockets ${LIBWEBSOCKETS_DEP_LIBS})
+		endif()
+	endif()
+
+endif()

minimal-examples/secure-streams/minimal-secure-streams-cpp/main.cxx

@@ -0,0 +1,107 @@
+/*
+ * lws-minimal-secure-streams-cpp
+ *
+ * Written in 2020 by Andy Green <andy@warmcat.com>
+ *
+ * This file is made available under the Creative Commons CC0 1.0
+ * Universal Public Domain Dedication.
+ *
+ * This demonstrates a minimal http client using secure streams C++ api to
+ * fetch files over https to the local filesystem
+ */
+
+#include <libwebsockets.hxx>
+#include <string.h>
+#include <signal.h>
+
+static int interrupted, bad = 1, concurrent = 1, completed;
+
+static int
+lss_completion(lss *lss, lws_ss_constate_t state, void *arg)
+{
+	lssFile *lf = (lssFile *)lss;
+
+	if (state == LWSSSCS_QOS_ACK_REMOTE) {
+		lwsl_notice("%s: %s: len %llu, done OK %dms\n", __func__,
+			    lf->path.c_str(), (unsigned long long)lf->rxlen,
+			    (int)((lws_now_usecs() - lf->us_start) / 1000));
+	} else
+		lwsl_notice("%s: %s: failed\n", __func__, lf->path.c_str());
+
+	if (++completed == concurrent) {
+		interrupted = 1;
+		bad = 0;
+	}
+
+	return 0;
+}
+
+static void
+sigint_handler(int sig)
+{
+	interrupted = 1;
+}
+
+int main(int argc, const char **argv)
+{
+	struct lws_context_creation_info info;
+	struct lws_context *context;
+	const char *p;
+
+	signal(SIGINT, sigint_handler);
+
+	memset(&info, 0, sizeof info);
+	lws_cmdline_option_handle_builtin(argc, argv, &info);
+
+	if ((p = lws_cmdline_option(argc, argv, "-c")))
+		concurrent = atoi(p);
+
+	if (concurrent > 12)
+		concurrent = 12;
+
+	lwsl_user("LWS secure streams cpp test client "
+			"[-d<verb>] [-c<concurrent>]\n");
+
+	info.fd_limit_per_thread = 1 + 12 + 1;
+	info.port = CONTEXT_PORT_NO_LISTEN;
+	info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
+
+	/* create the context */
+
+	context = lws_create_context(&info);
+	if (!context) {
+		lwsl_err("lws init failed\n");
+		return 1;
+	}
+
+	try {
+
+		for (int n = 0; n < concurrent; n++) {
+			std::string url, filepath;
+
+			url = "https://warmcat.com/test-";
+			url += ('a' + n);
+			url += ".bin";
+
+			filepath = "/tmp/test-";
+			filepath += ('a' + n);
+			filepath += ".bin";
+
+			new lssFile(context, url, filepath, lss_completion, 0);
+		}
+	} catch (std::exception &e) {
+		lwsl_err("%s: failed to create ss: %s\n", __func__, e.what());
+		interrupted = 1;
+	}
+
+	/* the event loop */
+
+	while (!interrupted && lws_service(context, 0) >= 0)
+		;
+
+	lws_context_destroy(context);
+
+	lwsl_user("Completed: %s\n", bad ? "failed" : "OK");
+
+	return bad;
+}