Support https, too

More complicated than expected, even if the actual code added are not many
lines.

Figuring out the exact Poco code needed to initialise Poco's OpenSSL bits the
right way was confusing. Which is odd, one would thing that it would be a most
common use case for OpenSSL, to be able to download documents over https, and
that there would be some trivial way to tell Poco to do set things up for
that.

4 files changed, 51 insertions, 2 deletions

diff --git a/loolwsd/LOOLSession.cpp b/loolwsd/LOOLSession.cpp
index a485482fff..d151a7f3de 100644
--- a/loolwsd/LOOLSession.cpp
+++ b/loolwsd/LOOLSession.cpp
@@ -30,6 +30,7 @@
 
 #include <Poco/Exception.h>
 #include <Poco/File.h>
+#include <Poco/Net/HTTPSStreamFactory.h>
 #include <Poco/Net/HTTPStreamFactory.h>
 #include <Poco/Net/WebSocket.h>
 #include <Poco/Path.h>
@@ -54,6 +55,7 @@ using namespace LOOLProtocol;
 
 using Poco::File;
 using Poco::IOException;
+using Poco::Net::HTTPSStreamFactory;
 using Poco::Net::HTTPStreamFactory;
 using Poco::Net::WebSocket;
 using Poco::Path;
@@ -594,6 +596,7 @@ void MasterProcessSession::dispatchChild()
 
     URIStreamOpener opener;
     opener.registerStreamFactory("http", new HTTPStreamFactory());
+    opener.registerStreamFactory("https", new HTTPSStreamFactory());
     try
     {
         std::istream *input = opener.open(_docURL);
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index f6546123fd..cd08877eb7 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -60,6 +60,7 @@ DEALINGS IN THE SOFTWARE.
 
 #include <Poco/Exception.h>
 #include <Poco/File.h>
+#include <Poco/Net/Context.h>
 #include <Poco/Net/HTTPClientSession.h>
 #include <Poco/Net/HTTPRequest.h>
 #include <Poco/Net/HTTPRequestHandler.h>
@@ -69,12 +70,18 @@ DEALINGS IN THE SOFTWARE.
 #include <Poco/Net/HTTPServerParams.h>
 #include <Poco/Net/HTTPServerRequest.h>
 #include <Poco/Net/HTTPServerResponse.h>
+#include <Poco/Net/InvalidCertificateHandler.h>
 #include <Poco/Net/NetException.h>
+#include <Poco/Net/PrivateKeyFactory.h>
+#include <Poco/Net/PrivateKeyPassphraseHandler.h>
+#include <Poco/Net/RejectCertificateHandler.h>
 #include <Poco/Net/ServerSocket.h>
 #include <Poco/Net/SocketAddress.h>
+#include <Poco/Net/SSLManager.h>
 #include <Poco/Net/WebSocket.h>
 #include <Poco/Path.h>
 #include <Poco/Process.h>
+#include <Poco/SharedPtr.h>
 #include <Poco/StringTokenizer.h>
 #include <Poco/ThreadPool.h>
 #include <Poco/Util/HelpFormatter.h>
@@ -94,6 +101,7 @@ using namespace LOOLProtocol;
 using Poco::Exception;
 using Poco::File;
 using Poco::IOException;
+using Poco::Net::Context;
 using Poco::Net::HTTPClientSession;
 using Poco::Net::HTTPRequest;
 using Poco::Net::HTTPRequestHandler;
@@ -103,13 +111,21 @@ using Poco::Net::HTTPServer;
 using Poco::Net::HTTPServerParams;
 using Poco::Net::HTTPServerRequest;
 using Poco::Net::HTTPServerResponse;
+using Poco::Net::InvalidCertificateHandler;
+using Poco::Net::PrivateKeyFactory;
+using Poco::Net::PrivateKeyFactoryImpl;
+using Poco::Net::PrivateKeyPassphraseHandler;
+using Poco::Net::RejectCertificateHandler;
 using Poco::Net::ServerSocket;
 using Poco::Net::SocketAddress;
+using Poco::Net::SSLManager;
+using Poco::Net::SocketAddress;
 using Poco::Net::WebSocket;
 using Poco::Net::WebSocketException;
 using Poco::Path;
 using Poco::Process;
 using Poco::Runnable;
+using Poco::SharedPtr;
 using Poco::StringTokenizer;
 using Poco::Thread;
 using Poco::ThreadPool;
@@ -457,6 +473,23 @@ public:
     }
 };
 
+class NoKeyHandler : public PrivateKeyPassphraseHandler
+{
+public:
+	NoKeyHandler(bool server) :
+        PrivateKeyPassphraseHandler(server)
+    {
+    }
+
+	~NoKeyHandler()
+    {
+    }
+
+	void onPrivateKeyRequested(const void* pSender, std::string& privateKey) override
+    {
+    }
+};
+
 int LOOLWSD::portNumber = DEFAULT_CLIENT_PORT_NUMBER;
 std::string LOOLWSD::cache = LOOLWSD_CACHEDIR;
 std::string LOOLWSD::sysTemplate;
@@ -817,6 +850,19 @@ int LOOLWSD::main(const std::vector<std::string>& args)
     dropCapability();
 #endif
 
+    SSLManager::instance().privateKeyFactoryMgr().setFactory("NoKeyHandler", new PrivateKeyFactoryImpl<NoKeyHandler>());
+
+    // Why does this have to be so complocated, couldn't there be some simple way to get these
+    // settings as defaults, one wonders...
+
+    // We want no console interaction, invalid certificates to be rejected, to be an SSL client, use
+    // default certificates from OpenSSL. This is based on the example in the documentation from Context::Context()
+
+    SharedPtr<PrivateKeyPassphraseHandler> passphraseHandler = new NoKeyHandler(false);
+    SharedPtr<InvalidCertificateHandler> invalidCertificateHandler = new RejectCertificateHandler(false);
+    Context::Ptr context = new Context(Context::CLIENT_USE, "", "", "", Context::VERIFY_RELAXED, 9, true);
+    SSLManager::instance().initializeClient(passphraseHandler, invalidCertificateHandler, context);
+
     if (access(cache.c_str(), R_OK | W_OK | X_OK) != 0)
     {
         std::cout << "Unable to access " << cache <<
diff --git a/loolwsd/configure.ac b/loolwsd/configure.ac
index f43e352da2..4b8c734d4a 100644
--- a/loolwsd/configure.ac
+++ b/loolwsd/configure.ac
@@ -95,7 +95,7 @@ AS_IF([test `uname -s` = Linux],
                       [],
                       [AC_MSG_ERROR([libcap not available?])])])
 
-LIBS="$LIBS -lPocoNet${POCO_DEBUG_SUFFIX} -lPocoUtil${POCO_DEBUG_SUFFIX} -lPocoXML${POCO_DEBUG_SUFFIX} -lPocoJSON${POCO_DEBUG_SUFFIX} -lPocoFoundation${POCO_DEBUG_SUFFIX}"
+LIBS="$LIBS -lPocoNetSSL${POCO_DEBUG_SUFFIX} -lPocoNet${POCO_DEBUG_SUFFIX} -lPocoCrypto${POCO_DEBUG_SUFFIX} -lPocoUtil${POCO_DEBUG_SUFFIX} -lPocoXML${POCO_DEBUG_SUFFIX} -lPocoJSON${POCO_DEBUG_SUFFIX} -lPocoFoundation${POCO_DEBUG_SUFFIX}"
 
 AC_CHECK_HEADERS([LibreOfficeKit/LibreOfficeKit.h],
                  [],
diff --git a/loolwsd/loolwsd.spec.in b/loolwsd/loolwsd.spec.in
index 7b5404fa22..88b0ac0a00 100644
--- a/loolwsd/loolwsd.spec.in
+++ b/loolwsd/loolwsd.spec.in
@@ -26,7 +26,7 @@ BuildRequires:  libcap-progs libcap-devel libpng-devel poco-devel >= 1.6.0 syste
 # This works for now only with a CP build of 5.0, I think. The TDF
 # (and thus also CP) packages include the version number in their
 # names. How clever is that? So we need to specify one.
-Requires:       libcap libcap-progs libpng libPocoFoundation30 >= 1.6.0 libPocoNet30 >= 1.6.0 libreoffice5.0 libreoffice5.0-en-US libreoffice5.0-ure libobasis5.0-core libobasis5.0-writer libobasis5.0-impress libobasis5.0-graphicfilter libobasis5.0-en-US libobasis5.0-calc libobasis5.0-en-US-res libobasis5.0-en-US-calc libobasis5.0-ooofonts libobasis5.0-images libobasis5.0-filter-data libobasis5.0-draw libobasis5.0-base libobasis5.0-en-US-writer libobasis5.0-en-US-math libobasis5.0-en-US-base Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 cups-libs dbus-1-glib fontconfig libbz2-1 libcairo2 libdrm2 libexpat1 libfreetype6 libgbm1 libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 liblzma5 libpcre1 libpixman-1-0 libpng16-16 libuuid1 libxml2-2 %{?systemd_requires} %{fillup_prereq}
+Requires:       libcap libcap-progs libpng libPocoFoundation30 >= 1.6.0 libPocoNet30 >= 1.6.0 libPocoNetSSL30 >= 1.6.0 libreoffice5.0 libreoffice5.0-en-US libreoffice5.0-ure libobasis5.0-core libobasis5.0-writer libobasis5.0-impress libobasis5.0-graphicfilter libobasis5.0-en-US libobasis5.0-calc libobasis5.0-en-US-res libobasis5.0-en-US-calc libobasis5.0-ooofonts libobasis5.0-images libobasis5.0-filter-data libobasis5.0-draw libobasis5.0-base libobasis5.0-en-US-writer libobasis5.0-en-US-math libobasis5.0-en-US-base Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 cups-libs dbus-1-glib fontconfig libbz2-1 libcairo2 libdrm2 libexpat1 libfreetype6 libgbm1 libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 liblzma5 libpcre1 libpixman-1-0 libpng16-16 libuuid1 libxml2-2 %{?systemd_requires} %{fillup_prereq}
 
 %define owner lool
 %define group lool