From a651845605bdea40a4290edd72f104437afd837c Mon Sep 17 00:00:00 2001
From: Jordan Johnson <jjohnson@kirby.org>
Date: Mon, 19 May 2014 14:40:59 -0700
Subject: [PATCH] Added openssl, openssl/sha1, and openssl/md5.

Also, listed new libs in TR scribble docs.
---
 .../scribblings/reference/libraries.scrbl     |   3 +
 .../typed-racket-more/typed/openssl/main.rkt  | 122 ++++++++++++++++++
 .../typed-racket-more/typed/openssl/md5.rkt   |   6 +
 .../typed-racket-more/typed/openssl/sha1.rkt  |   8 ++
 4 files changed, 139 insertions(+)
 create mode 100644 pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/main.rkt
 create mode 100644 pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/md5.rkt
 create mode 100644 pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/sha1.rkt

diff --git a/pkgs/typed-racket-pkgs/typed-racket-doc/typed-racket/scribblings/reference/libraries.scrbl b/pkgs/typed-racket-pkgs/typed-racket-doc/typed-racket/scribblings/reference/libraries.scrbl
index 67278b13d4..2135ac924e 100644
--- a/pkgs/typed-racket-pkgs/typed-racket-doc/typed-racket/scribblings/reference/libraries.scrbl
+++ b/pkgs/typed-racket-pkgs/typed-racket-doc/typed-racket/scribblings/reference/libraries.scrbl
@@ -67,6 +67,9 @@ The following libraries are included with Typed Racket in the
 @defmodule/incl[typed/net/smtp]
 @defmodule/incl[typed/net/uri-codec]
 @defmodule/incl[typed/net/url]
+@defmodule/incl[typed/openssl]
+@defmodule/incl[typed/openssl/md5]
+@defmodule/incl[typed/openssl/sha1]
 @defmodule/incl[typed/pict]
 @defmodule/incl[typed/rackunit]
 @defmodule/incl[typed/srfi/14]
diff --git a/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/main.rkt b/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/main.rkt
new file mode 100644
index 0000000000..1128a025f7
--- /dev/null
+++ b/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/main.rkt
@@ -0,0 +1,122 @@
+#lang typed/racket/base
+
+(require/opaque-type SSL-Client-Context ssl-client-context? openssl)
+(define-type SSL-Protocol
+  (U 'sslv2-or-v3 'sslv2 'sslv3 'tls))
+(provide SSL-Client-Context
+         ssl-client-context?
+         SSL-Protocol)
+
+(require/opaque-type SSL-Listener ssl-listener? openssl)
+
+
+(require/typed/provide openssl
+  [ssl-available? Boolean]
+  [ssl-load-fail-reason (Option String)]
+  
+  ;; 1: TCP-like Client Procedures
+  [ssl-connect
+   (->* (String Exact-Positive-Integer)
+        ((U SSL-Client-Context SSL-Protocol))
+        (Values Input-Port Output-Port))]
+  [ssl-connect/enable-break
+   (->* (String Exact-Positive-Integer)
+        ((U SSL-Client-Context SSL-Protocol))
+        (Values Input-Port Output-Port))]
+  
+  [ssl-secure-client-context (-> SSL-Client-Context)]
+  [ssl-make-client-context (SSL-Protocol -> SSL-Client-Context)]
+  )
+
+;;;; Ports ;;;;
+
+(require/typed/provide openssl
+  ;; XXX Would be better if we could make SSL-Port be a subtype
+  ;; of Port, but for now that's impossible so we'll just provide
+  ;; this predicate.
+  [ssl-port? (-> Any Boolean)]
+  )
+
+(require/opaque-type SSL-Server-Context ssl-server-context? openssl)
+
+;;;; 2: TCP-like Server Procedures
+(require/typed/provide openssl
+  [ssl-listen (->* (Exact-Positive-Integer) ;; port, <= 65535
+                   (Exact-Nonnegative-Integer Boolean (Option String))
+                   SSL-Listener)]
+  [ssl-close (-> SSL-Listener Void)]
+  ;; ssl-listener? provided above
+  
+  [ssl-accept
+   (-> SSL-Listener (Values Input-Port Output-Port))]
+  [ssl-accept/enable-break
+   (-> SSL-Listener (Values Input-Port Output-Port))]
+  [ssl-abandon-port (-> Port Void)] ;; XXX SSL-Port
+
+  [ssl-make-server-context (SSL-Protocol -> SSL-Server-Context)]
+  )
+
+;;;; 3: SSL Wrapper Interface
+
+(require/typed/provide openssl
+  [ports->ssl-ports
+   (-> Input-Port Output-Port
+       [#:mode (U 'connect 'accept)]
+       [#:context (U SSL-Client-Context SSL-Server-Context)]
+       [#:encrypt SSL-Protocol]
+       [#:close-original? Boolean]
+       [#:shutdown-on-close? Boolean]
+       [#:error/ssl (Any -> Void)] ;; FIXME find type for error proc
+       [#:hostname (Option String)]
+       ; ->
+       (Values Input-Port Output-Port))]
+  )
+
+;;;; 4: Context Procedures
+
+(define-type SSL-Context (U SSL-Client-Context SSL-Server-Context))
+
+(define-type SSL-Verify-Source
+  (U Path-String
+     (List 'directory Path-String)
+     (List 'win32-store String)
+     (List 'macosx-keychain Path-String)))
+
+(require/typed/provide openssl
+  [ssl-load-verify-source!
+   (-> SSL-Context SSL-Verify-Source [#:try? Any] Void)]
+  [ssl-default-verify-sources (Parameterof SSL-Verify-Source)]
+  [ssl-load-default-verify-sources! (-> SSL-Context Void)]
+  [ssl-load-verify-root-certificates!
+   (-> (U SSL-Context SSL-Listener) Path-String Void)]
+  [ssl-set-ciphers! (-> SSL-Context String Void)]
+  [ssl-seal-context! (-> SSL-Context Void)]
+  [ssl-load-certificate-chain!
+   (-> (U SSL-Context SSL-Listener) Path-String Void)]
+  [ssl-load-private-key!
+   (->* ((U SSL-Context SSL-Listener) Path-String)
+        (Boolean Boolean)
+        Void)]
+  [ssl-load-suggested-certificate-authorities!
+   (-> (U SSL-Context SSL-Listener) Path-String Void)]
+  )
+
+;;;; 5: Peer Verification
+
+(require/typed/provide openssl
+  [ssl-set-verify!
+   (-> (U SSL-Context SSL-Listener Port) Any ;; XXX SSL-Port
+       Void)]
+  [ssl-try-verify!
+   (-> (U SSL-Context SSL-Listener Port) Any ;; XXX SSL-Port
+       Void)]
+  [ssl-peer-verified? (-> Port Boolean)] ;; XXX SSL-Port
+  [ssl-set-verify-hostname! (-> SSL-Context Any Void)]
+  [ssl-peer-certificate-hostnames
+   (-> Port (Listof String))]  ;; XXX SSL-Port
+  [ssl-peer-check-hostname
+   (-> Port String Boolean)]  ;; XXX SSL-Port
+  [ssl-peer-subject-name (-> Port (Option Bytes))] ;; XXX SSL-Port
+  [ssl-peer-issuer-name  (-> Port (Option Bytes))] ;; XXX SSL-Port
+  )
+
diff --git a/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/md5.rkt b/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/md5.rkt
new file mode 100644
index 0000000000..4aacf35395
--- /dev/null
+++ b/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/md5.rkt
@@ -0,0 +1,6 @@
+#lang typed/racket/base
+
+(require/typed/provide openssl/md5
+  [md5 (-> Input-Port String)]
+  [md5-bytes (-> Input-Port Bytes)]
+  )
diff --git a/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/sha1.rkt b/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/sha1.rkt
new file mode 100644
index 0000000000..4df96987df
--- /dev/null
+++ b/pkgs/typed-racket-pkgs/typed-racket-more/typed/openssl/sha1.rkt
@@ -0,0 +1,8 @@
+#lang typed/racket/base
+
+(require/typed/provide openssl/sha1
+  [sha1 (-> Input-Port String)]
+  [sha1-bytes (-> Input-Port Bytes)]
+  [bytes->hex-string (-> Bytes String)]
+  [hex-string->bytes (-> String Bytes)]
+  )