ext/curl/gstcurltlssink.c - mtk-gst-plugins-bad - Git at Google

 /* GStreamer
  * Copyright (C) 2011 Axis Communications <dev-gstreamer@axis.com>
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
  * License as published by the Free Software Foundation; either
  * version 2 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Library General Public License for more details.
  *
  * You should have received a copy of the GNU Library General Public
  * License along with this library; if not, write to the
  * Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
  * Boston, MA 02110-1301, USA.
  */

 /**
  * SECTION:element-curltlssink
  * @title: curltlssink
  * @short_description: sink that uploads data to a server using libcurl
  * @see_also:
  *
  * This is a network sink that uses libcurl.
  *
  */

 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif

 #include <curl/curl.h>
 #include <string.h>
 #include <stdio.h>

 #if HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
 #include <sys/types.h>
 #if HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
 #include <unistd.h>
 #if HAVE_NETINET_IP_H
 #include <netinet/ip.h>
 #endif
 #if HAVE_NETINET_TCP_H
 #include <netinet/tcp.h>
 #endif
 #include <sys/stat.h>
 #include <fcntl.h>

 #include "gstcurlbasesink.h"
 #include "gstcurltlssink.h"

 /* Default values */
 #define GST_CAT_DEFAULT                gst_curl_tls_sink_debug
 #define DEFAULT_INSECURE               TRUE


 /* Plugin specific settings */

 GST_DEBUG_CATEGORY_STATIC (gst_curl_tls_sink_debug);

 enum
 {
   PROP_0,
   PROP_CA_CERT,
   PROP_CA_PATH,
   PROP_CRYPTO_ENGINE,
   PROP_INSECURE
 };


 /* Object class function declarations */

 static void gst_curl_tls_sink_set_property (GObject * object, guint prop_id,
     const GValue * value, GParamSpec * pspec);
 static void gst_curl_tls_sink_get_property (GObject * object, guint prop_id,
     GValue * value, GParamSpec * pspec);
 static void gst_curl_tls_sink_finalize (GObject * gobject);
 static gboolean gst_curl_tls_sink_set_options_unlocked
     (GstCurlBaseSink * bcsink);

 #define gst_curl_tls_sink_parent_class parent_class
 G_DEFINE_TYPE (GstCurlTlsSink, gst_curl_tls_sink, GST_TYPE_CURL_BASE_SINK);

 /* private functions */

 static void
 gst_curl_tls_sink_class_init (GstCurlTlsSinkClass * klass)
 {
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GstElementClass *element_class = GST_ELEMENT_CLASS (klass);

   GST_DEBUG_CATEGORY_INIT (gst_curl_tls_sink_debug, "curltlssink", 0,
       "curl tls sink element");
   GST_DEBUG_OBJECT (klass, "class_init");

   gst_element_class_set_static_metadata (element_class,
       "Curl tls sink",
       "Sink/Network",
       "Upload data over TLS protocol using libcurl",
       "Patricia Muscalu <patricia@axis.com>");

   gobject_class->finalize = GST_DEBUG_FUNCPTR (gst_curl_tls_sink_finalize);

   gobject_class->set_property = gst_curl_tls_sink_set_property;
   gobject_class->get_property = gst_curl_tls_sink_get_property;

   klass->set_options_unlocked = gst_curl_tls_sink_set_options_unlocked;

   g_object_class_install_property (gobject_class, PROP_CA_CERT,
       g_param_spec_string ("ca-cert",
           "CA certificate",
           "CA certificate to use in order to verify the peer",
           NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));

   g_object_class_install_property (gobject_class, PROP_CA_PATH,
       g_param_spec_string ("ca-path",
           "CA path",
           "CA directory path to use in order to verify the peer",
           NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
   g_object_class_install_property (gobject_class, PROP_CRYPTO_ENGINE,
       g_param_spec_string ("crypto-engine",
           "OpenSSL crypto engine",
           "OpenSSL crypto engine to use for cipher operations",
           NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
   g_object_class_install_property (gobject_class, PROP_INSECURE,
       g_param_spec_boolean ("insecure",
           "Perform insecure SSL connections",
           "Allow curl to perform insecure SSL connections",
           DEFAULT_INSECURE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
 }

 static void
 gst_curl_tls_sink_init (GstCurlTlsSink * sink)
 {
   sink->ca_cert = NULL;
   sink->ca_path = NULL;
   sink->crypto_engine = NULL;
   sink->insecure = DEFAULT_INSECURE;
 }

 static void
 gst_curl_tls_sink_finalize (GObject * gobject)
 {
   GstCurlTlsSink *this = GST_CURL_TLS_SINK (gobject);

   GST_DEBUG ("finalizing curltlssink");

   g_free (this->ca_cert);
   g_free (this->ca_path);
   g_free (this->crypto_engine);

   G_OBJECT_CLASS (parent_class)->finalize (gobject);
 }

 static void
 gst_curl_tls_sink_set_property (GObject * object, guint prop_id,
     const GValue * value, GParamSpec * pspec)
 {
   GstCurlTlsSink *sink;
   GstState cur_state;

   g_return_if_fail (GST_IS_CURL_TLS_SINK (object));
   sink = GST_CURL_TLS_SINK (object);

   gst_element_get_state (GST_ELEMENT (sink), &cur_state, NULL, 0);
   if (cur_state != GST_STATE_PLAYING && cur_state != GST_STATE_PAUSED) {
     GST_OBJECT_LOCK (sink);

     switch (prop_id) {
       case PROP_CA_CERT:
         g_free (sink->ca_cert);
         sink->ca_cert = g_value_dup_string (value);
         sink->insecure = FALSE;
         GST_DEBUG_OBJECT (sink, "ca_cert set to %s", sink->ca_cert);
         break;
       case PROP_CA_PATH:
         g_free (sink->ca_path);
         sink->ca_path = g_value_dup_string (value);
         sink->insecure = FALSE;
         GST_DEBUG_OBJECT (sink, "ca_path set to %s", sink->ca_path);
         break;
       case PROP_CRYPTO_ENGINE:
         g_free (sink->crypto_engine);
         sink->crypto_engine = g_value_dup_string (value);
         GST_DEBUG_OBJECT (sink, "crypto_engine set to %s", sink->crypto_engine);
         break;
       case PROP_INSECURE:
         sink->insecure = g_value_get_boolean (value);
         GST_DEBUG_OBJECT (sink, "insecure set to %d", sink->insecure);
         break;
     }

     GST_OBJECT_UNLOCK (sink);

     return;
   }

   GST_OBJECT_UNLOCK (sink);
 }

 static void
 gst_curl_tls_sink_get_property (GObject * object, guint prop_id,
     GValue * value, GParamSpec * pspec)
 {
   GstCurlTlsSink *sink;

   g_return_if_fail (GST_IS_CURL_TLS_SINK (object));
   sink = GST_CURL_TLS_SINK (object);

   switch (prop_id) {
     case PROP_CA_CERT:
       g_value_set_string (value, sink->ca_cert);
       break;
     case PROP_CA_PATH:
       g_value_set_string (value, sink->ca_path);
       break;
     case PROP_CRYPTO_ENGINE:
       g_value_set_string (value, sink->crypto_engine);
       break;
     case PROP_INSECURE:
       g_value_set_boolean (value, sink->insecure);
       break;
     default:
       GST_DEBUG_OBJECT (sink, "invalid property id");
       break;
   }
 }

 static gboolean
 gst_curl_tls_sink_set_options_unlocked (GstCurlBaseSink * bcsink)
 {
   GstCurlTlsSink *sink = GST_CURL_TLS_SINK (bcsink);
   CURLcode res;

   if (!g_str_has_prefix (bcsink->url, "http")) {
     res = curl_easy_setopt (bcsink->curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
     if (res != CURLE_OK) {
       bcsink->error = g_strdup_printf ("failed to set SSL level: %s",
           curl_easy_strerror (res));
       return FALSE;
     }
   }

   /* crypto engine */
   if ((sink->crypto_engine == NULL) ||
       (strcmp (sink->crypto_engine, "auto") == 0)) {
     res = curl_easy_setopt (bcsink->curl, CURLOPT_SSLENGINE_DEFAULT, 1L);
     if (res != CURLE_OK) {
       bcsink->error =
           g_strdup_printf ("failed to set default crypto engine: %s",
           curl_easy_strerror (res));
       return FALSE;
     }
   } else {
     res = curl_easy_setopt (bcsink->curl, CURLOPT_SSLENGINE,
         sink->crypto_engine);
     if (res != CURLE_OK) {
       bcsink->error = g_strdup_printf ("failed to set crypto engine: %s",
           curl_easy_strerror (res));
       return FALSE;
     }
   }

   /* note that, using ca-path can allow libcurl to make SSL-connections much
    * more efficiently than using ca-cert if the ca-cert file contains many CA
    * certificates. */
   if (sink->ca_cert != NULL && strlen (sink->ca_cert)) {
     GST_DEBUG ("setting ca cert");
     res = curl_easy_setopt (bcsink->curl, CURLOPT_CAINFO, sink->ca_cert);
     if (res != CURLE_OK) {
       bcsink->error = g_strdup_printf ("failed to set certificate: %s",
           curl_easy_strerror (res));
       return FALSE;
     }
   }

   if (sink->ca_path != NULL && strlen (sink->ca_path)) {
     GST_DEBUG ("setting ca path");
     res = curl_easy_setopt (bcsink->curl, CURLOPT_CAPATH, sink->ca_path);
     if (res != CURLE_OK) {
       bcsink->error = g_strdup_printf ("failed to set certificate path: %s",
           curl_easy_strerror (res));
       return FALSE;
     }
   }

   if (!sink->insecure) {
     /* identify authenticity of the peer's certificate */
     res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYPEER, 1L);
     if (res != CURLE_OK) {
       bcsink->error = g_strdup_printf ("failed to set verification of peer: %s",
           curl_easy_strerror (res));
       return FALSE;
     }
     /* when CURLOPT_SSL_VERIFYHOST is 2, the commonName or subjectAltName
      * fields are verified */
     res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYHOST, 2L);
     if (res != CURLE_OK) {
       bcsink->error =
           g_strdup_printf
           ("failed to set verification of server certificate: %s",
           curl_easy_strerror (res));
       return FALSE;
     }
   } else {
     /* allow "insecure" SSL connections and transfers */
     if (sink->insecure) {
       res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYPEER, 0L);
       if (res != CURLE_OK) {
         bcsink->error =
             g_strdup_printf ("failed to set verification of peer: %s",
             curl_easy_strerror (res));
         return FALSE;
       }

       res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYHOST, 0L);
       if (res != CURLE_OK) {
         bcsink->error =
             g_strdup_printf
             ("failed to set verification of server certificate: %s",
             curl_easy_strerror (res));
         return FALSE;
       }
     }
   }

   return TRUE;
 }
	/* GStreamer
	* Copyright (C) 2011 Axis Communications <dev-gstreamer@axis.com>
	*
	* This library is free software; you can redistribute it and/or
	* modify it under the terms of the GNU Library General Public
	* License as published by the Free Software Foundation; either
	* version 2 of the License, or (at your option) any later version.
	*
	* This library is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	* Library General Public License for more details.
	*
	* You should have received a copy of the GNU Library General Public
	* License along with this library; if not, write to the
	* Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
	* Boston, MA 02110-1301, USA.
	*/

	/**
	* SECTION:element-curltlssink
	* @title: curltlssink
	* @short_description: sink that uploads data to a server using libcurl
	* @see_also:
	*
	* This is a network sink that uses libcurl.
	*
	*/

	#ifdef HAVE_CONFIG_H
	#include "config.h"
	#endif

	#include <curl/curl.h>
	#include <string.h>
	#include <stdio.h>

	#if HAVE_SYS_SOCKET_H
	#include <sys/socket.h>
	#endif
	#include <sys/types.h>
	#if HAVE_NETINET_IN_H
	#include <netinet/in.h>
	#endif
	#include <unistd.h>
	#if HAVE_NETINET_IP_H
	#include <netinet/ip.h>
	#endif
	#if HAVE_NETINET_TCP_H
	#include <netinet/tcp.h>
	#endif
	#include <sys/stat.h>
	#include <fcntl.h>

	#include "gstcurlbasesink.h"
	#include "gstcurltlssink.h"

	/* Default values */
	#define GST_CAT_DEFAULT gst_curl_tls_sink_debug
	#define DEFAULT_INSECURE TRUE


	/* Plugin specific settings */

	GST_DEBUG_CATEGORY_STATIC (gst_curl_tls_sink_debug);

	enum
	{
	PROP_0,
	PROP_CA_CERT,
	PROP_CA_PATH,
	PROP_CRYPTO_ENGINE,
	PROP_INSECURE
	};


	/* Object class function declarations */

	static void gst_curl_tls_sink_set_property (GObject * object, guint prop_id,
	const GValue * value, GParamSpec * pspec);
	static void gst_curl_tls_sink_get_property (GObject * object, guint prop_id,
	GValue * value, GParamSpec * pspec);
	static void gst_curl_tls_sink_finalize (GObject * gobject);
	static gboolean gst_curl_tls_sink_set_options_unlocked
	(GstCurlBaseSink * bcsink);

	#define gst_curl_tls_sink_parent_class parent_class
	G_DEFINE_TYPE (GstCurlTlsSink, gst_curl_tls_sink, GST_TYPE_CURL_BASE_SINK);

	/* private functions */

	static void
	gst_curl_tls_sink_class_init (GstCurlTlsSinkClass * klass)
	{
	GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
	GstElementClass *element_class = GST_ELEMENT_CLASS (klass);

	GST_DEBUG_CATEGORY_INIT (gst_curl_tls_sink_debug, "curltlssink", 0,
	"curl tls sink element");
	GST_DEBUG_OBJECT (klass, "class_init");

	gst_element_class_set_static_metadata (element_class,
	"Curl tls sink",
	"Sink/Network",
	"Upload data over TLS protocol using libcurl",
	"Patricia Muscalu <patricia@axis.com>");

	gobject_class->finalize = GST_DEBUG_FUNCPTR (gst_curl_tls_sink_finalize);

	gobject_class->set_property = gst_curl_tls_sink_set_property;
	gobject_class->get_property = gst_curl_tls_sink_get_property;

	klass->set_options_unlocked = gst_curl_tls_sink_set_options_unlocked;

	g_object_class_install_property (gobject_class, PROP_CA_CERT,
	g_param_spec_string ("ca-cert",
	"CA certificate",
	"CA certificate to use in order to verify the peer",
	NULL, G_PARAM_READWRITE \| G_PARAM_STATIC_STRINGS));

	g_object_class_install_property (gobject_class, PROP_CA_PATH,
	g_param_spec_string ("ca-path",
	"CA path",
	"CA directory path to use in order to verify the peer",
	NULL, G_PARAM_READWRITE \| G_PARAM_STATIC_STRINGS));
	g_object_class_install_property (gobject_class, PROP_CRYPTO_ENGINE,
	g_param_spec_string ("crypto-engine",
	"OpenSSL crypto engine",
	"OpenSSL crypto engine to use for cipher operations",
	NULL, G_PARAM_READWRITE \| G_PARAM_STATIC_STRINGS));
	g_object_class_install_property (gobject_class, PROP_INSECURE,
	g_param_spec_boolean ("insecure",
	"Perform insecure SSL connections",
	"Allow curl to perform insecure SSL connections",
	DEFAULT_INSECURE, G_PARAM_READWRITE \| G_PARAM_STATIC_STRINGS));
	}

	static void
	gst_curl_tls_sink_init (GstCurlTlsSink * sink)
	{
	sink->ca_cert = NULL;
	sink->ca_path = NULL;
	sink->crypto_engine = NULL;
	sink->insecure = DEFAULT_INSECURE;
	}

	static void
	gst_curl_tls_sink_finalize (GObject * gobject)
	{
	GstCurlTlsSink *this = GST_CURL_TLS_SINK (gobject);

	GST_DEBUG ("finalizing curltlssink");

	g_free (this->ca_cert);
	g_free (this->ca_path);
	g_free (this->crypto_engine);

	G_OBJECT_CLASS (parent_class)->finalize (gobject);
	}

	static void
	gst_curl_tls_sink_set_property (GObject * object, guint prop_id,
	const GValue * value, GParamSpec * pspec)
	{
	GstCurlTlsSink *sink;
	GstState cur_state;

	g_return_if_fail (GST_IS_CURL_TLS_SINK (object));
	sink = GST_CURL_TLS_SINK (object);

	gst_element_get_state (GST_ELEMENT (sink), &cur_state, NULL, 0);
	if (cur_state != GST_STATE_PLAYING && cur_state != GST_STATE_PAUSED) {
	GST_OBJECT_LOCK (sink);

	switch (prop_id) {
	case PROP_CA_CERT:
	g_free (sink->ca_cert);
	sink->ca_cert = g_value_dup_string (value);
	sink->insecure = FALSE;
	GST_DEBUG_OBJECT (sink, "ca_cert set to %s", sink->ca_cert);
	break;
	case PROP_CA_PATH:
	g_free (sink->ca_path);
	sink->ca_path = g_value_dup_string (value);
	sink->insecure = FALSE;
	GST_DEBUG_OBJECT (sink, "ca_path set to %s", sink->ca_path);
	break;
	case PROP_CRYPTO_ENGINE:
	g_free (sink->crypto_engine);
	sink->crypto_engine = g_value_dup_string (value);
	GST_DEBUG_OBJECT (sink, "crypto_engine set to %s", sink->crypto_engine);
	break;
	case PROP_INSECURE:
	sink->insecure = g_value_get_boolean (value);
	GST_DEBUG_OBJECT (sink, "insecure set to %d", sink->insecure);
	break;
	}

	GST_OBJECT_UNLOCK (sink);

	return;
	}

	GST_OBJECT_UNLOCK (sink);
	}

	static void
	gst_curl_tls_sink_get_property (GObject * object, guint prop_id,
	GValue * value, GParamSpec * pspec)
	{
	GstCurlTlsSink *sink;

	g_return_if_fail (GST_IS_CURL_TLS_SINK (object));
	sink = GST_CURL_TLS_SINK (object);

	switch (prop_id) {
	case PROP_CA_CERT:
	g_value_set_string (value, sink->ca_cert);
	break;
	case PROP_CA_PATH:
	g_value_set_string (value, sink->ca_path);
	break;
	case PROP_CRYPTO_ENGINE:
	g_value_set_string (value, sink->crypto_engine);
	break;
	case PROP_INSECURE:
	g_value_set_boolean (value, sink->insecure);
	break;
	default:
	GST_DEBUG_OBJECT (sink, "invalid property id");
	break;
	}
	}

	static gboolean
	gst_curl_tls_sink_set_options_unlocked (GstCurlBaseSink * bcsink)
	{
	GstCurlTlsSink *sink = GST_CURL_TLS_SINK (bcsink);
	CURLcode res;

	if (!g_str_has_prefix (bcsink->url, "http")) {
	res = curl_easy_setopt (bcsink->curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
	if (res != CURLE_OK) {
	bcsink->error = g_strdup_printf ("failed to set SSL level: %s",
	curl_easy_strerror (res));
	return FALSE;
	}
	}

	/* crypto engine */
	if ((sink->crypto_engine == NULL) \|\|
	(strcmp (sink->crypto_engine, "auto") == 0)) {
	res = curl_easy_setopt (bcsink->curl, CURLOPT_SSLENGINE_DEFAULT, 1L);
	if (res != CURLE_OK) {
	bcsink->error =
	g_strdup_printf ("failed to set default crypto engine: %s",
	curl_easy_strerror (res));
	return FALSE;
	}
	} else {
	res = curl_easy_setopt (bcsink->curl, CURLOPT_SSLENGINE,
	sink->crypto_engine);
	if (res != CURLE_OK) {
	bcsink->error = g_strdup_printf ("failed to set crypto engine: %s",
	curl_easy_strerror (res));
	return FALSE;
	}
	}

	/* note that, using ca-path can allow libcurl to make SSL-connections much
	* more efficiently than using ca-cert if the ca-cert file contains many CA
	* certificates. */
	if (sink->ca_cert != NULL && strlen (sink->ca_cert)) {
	GST_DEBUG ("setting ca cert");
	res = curl_easy_setopt (bcsink->curl, CURLOPT_CAINFO, sink->ca_cert);
	if (res != CURLE_OK) {
	bcsink->error = g_strdup_printf ("failed to set certificate: %s",
	curl_easy_strerror (res));
	return FALSE;
	}
	}

	if (sink->ca_path != NULL && strlen (sink->ca_path)) {
	GST_DEBUG ("setting ca path");
	res = curl_easy_setopt (bcsink->curl, CURLOPT_CAPATH, sink->ca_path);
	if (res != CURLE_OK) {
	bcsink->error = g_strdup_printf ("failed to set certificate path: %s",
	curl_easy_strerror (res));
	return FALSE;
	}
	}

	if (!sink->insecure) {
	/* identify authenticity of the peer's certificate */
	res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYPEER, 1L);
	if (res != CURLE_OK) {
	bcsink->error = g_strdup_printf ("failed to set verification of peer: %s",
	curl_easy_strerror (res));
	return FALSE;
	}
	/* when CURLOPT_SSL_VERIFYHOST is 2, the commonName or subjectAltName
	* fields are verified */
	res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYHOST, 2L);
	if (res != CURLE_OK) {
	bcsink->error =
	g_strdup_printf
	("failed to set verification of server certificate: %s",
	curl_easy_strerror (res));
	return FALSE;
	}
	} else {
	/* allow "insecure" SSL connections and transfers */
	if (sink->insecure) {
	res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYPEER, 0L);
	if (res != CURLE_OK) {
	bcsink->error =
	g_strdup_printf ("failed to set verification of peer: %s",
	curl_easy_strerror (res));
	return FALSE;
	}

	res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYHOST, 0L);
	if (res != CURLE_OK) {
	bcsink->error =
	g_strdup_printf
	("failed to set verification of server certificate: %s",
	curl_easy_strerror (res));
	return FALSE;
	}
	}
	}

	return TRUE;
	}