aws-crt-cpp
C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++.
TlsOptions.h
Go to the documentation of this file.
1#pragma once
7#include <aws/crt/Types.h>
9#include <aws/io/tls_channel_handler.h>
10
11#include <functional>
12#include <memory>
13
14struct aws_tls_ctx_options;
15
16namespace Aws
17{
18 namespace Crt
19 {
20 namespace Io
21 {
22 class Pkcs11Lib;
23 class TlsContextPkcs11Options;
24
25 enum class TlsMode
26 {
27 CLIENT,
28 SERVER,
29 };
30
36 {
37 friend class TlsContext;
38
39 public:
40 TlsContextOptions() noexcept;
41 virtual ~TlsContextOptions();
42 TlsContextOptions(const TlsContextOptions &) noexcept = delete;
43 TlsContextOptions &operator=(const TlsContextOptions &) noexcept = delete;
45 TlsContextOptions &operator=(TlsContextOptions &&) noexcept;
46
50 explicit operator bool() const noexcept { return m_isInit; }
51
55 int LastError() const noexcept;
56
61 static TlsContextOptions InitDefaultClient(Allocator *allocator = g_allocator) noexcept;
62
71 static TlsContextOptions InitClientWithMtls(
72 const char *cert_path,
73 const char *pkey_path,
74 Allocator *allocator = g_allocator) noexcept;
75
84 static TlsContextOptions InitClientWithMtls(
85 const ByteCursor &cert,
86 const ByteCursor &pkey,
87 Allocator *allocator = g_allocator) noexcept;
88
98 static TlsContextOptions InitClientWithMtlsPkcs11(
99 const TlsContextPkcs11Options &pkcs11Options,
100 Allocator *allocator = g_allocator) noexcept;
101
102#ifdef __APPLE__
113 static TlsContextOptions InitClientWithMtlsPkcs12(
114 const char *pkcs12_path,
115 const char *pkcs12_pwd,
116 Allocator *allocator = g_allocator) noexcept;
117
124 bool SetKeychainPath(ByteCursor &keychain_path) noexcept;
125#endif
126
127#ifdef _WIN32
134 static TlsContextOptions InitClientWithMtlsSystemPath(
135 const char *registryPath,
136 Allocator *allocator = g_allocator) noexcept;
137#endif /* _WIN32 */
138
143 static bool IsAlpnSupported() noexcept;
144
150 bool SetAlpnList(const char *alpnList) noexcept;
151
160 void SetVerifyPeer(bool verifyPeer) noexcept;
161
166 void SetMinimumTlsVersion(aws_tls_versions minimumTlsVersion);
167
176 bool OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept;
177
182 bool OverrideDefaultTrustStore(const ByteCursor &ca) noexcept;
183
185 const aws_tls_ctx_options *GetUnderlyingHandle() const noexcept { return &m_options; }
186
187 private:
188 aws_tls_ctx_options m_options;
189 bool m_isInit;
190 };
191
198 {
199 public:
205 const std::shared_ptr<Pkcs11Lib> &pkcs11Lib,
206 Allocator *allocator = g_allocator) noexcept;
207
214 void SetUserPin(const String &pin) noexcept;
215
222 void SetSlotId(const uint64_t id) noexcept;
223
230 void SetTokenLabel(const String &label) noexcept;
231
239 void SetPrivateKeyObjectLabel(const String &label) noexcept;
240
247 void SetCertificateFilePath(const String &path) noexcept;
248
255 void SetCertificateFileContents(const String &contents) noexcept;
256
258 aws_tls_ctx_pkcs11_options GetUnderlyingHandle() const noexcept;
259
260 private:
261 std::shared_ptr<Pkcs11Lib> m_pkcs11Lib;
262 Optional<uint64_t> m_slotId;
263 Optional<String> m_userPin;
264 Optional<String> m_tokenLabel;
265 Optional<String> m_privateKeyObjectLabel;
266 Optional<String> m_certificateFilePath;
267 Optional<String> m_certificateFileContents;
268 };
269
274 {
275 public:
276 TlsConnectionOptions() noexcept;
279 TlsConnectionOptions &operator=(const TlsConnectionOptions &) noexcept;
280 TlsConnectionOptions(TlsConnectionOptions &&options) noexcept;
281 TlsConnectionOptions &operator=(TlsConnectionOptions &&options) noexcept;
282
288 bool SetServerName(ByteCursor &serverName) noexcept;
289
296 bool SetAlpnList(const char *alpnList) noexcept;
297
301 explicit operator bool() const noexcept { return isValid(); }
302
306 int LastError() const noexcept { return m_lastError; }
307
309 const aws_tls_connection_options *GetUnderlyingHandle() const noexcept
310 {
311 return &m_tls_connection_options;
312 }
313
314 private:
315 bool isValid() const noexcept { return m_isInit; }
316
317 TlsConnectionOptions(aws_tls_ctx *ctx, Allocator *allocator) noexcept;
318 aws_tls_connection_options m_tls_connection_options;
319 aws_allocator *m_allocator;
320 int m_lastError;
321 bool m_isInit;
322
323 friend class TlsContext;
324 };
325
331 {
332 public:
333 TlsContext() noexcept;
334 TlsContext(TlsContextOptions &options, TlsMode mode, Allocator *allocator = g_allocator) noexcept;
335 ~TlsContext() = default;
336 TlsContext(const TlsContext &) noexcept = default;
337 TlsContext &operator=(const TlsContext &) noexcept = default;
338 TlsContext(TlsContext &&) noexcept = default;
339 TlsContext &operator=(TlsContext &&) noexcept = default;
340
345 TlsConnectionOptions NewConnectionOptions() const noexcept;
346
350 explicit operator bool() const noexcept { return isValid(); }
351
355 int GetInitializationError() const noexcept { return m_initializationError; }
356
358 aws_tls_ctx *GetUnderlyingHandle() noexcept { return m_ctx.get(); }
359
360 private:
361 bool isValid() const noexcept { return m_ctx && m_initializationError == AWS_ERROR_SUCCESS; }
362
363 std::shared_ptr<aws_tls_ctx> m_ctx;
364 int m_initializationError;
365 };
366
367 using NewTlsContextImplCallback = std::function<void *(TlsContextOptions &, TlsMode, Allocator *)>;
368 using DeleteTlsContextImplCallback = std::function<void(void *)>;
369 using IsTlsAlpnSupportedCallback = std::function<bool()>;
370
375 {
376 public:
377 virtual ~TlsChannelHandler();
378
382 virtual String GetProtocol() const = 0;
383
384 protected:
386 struct aws_channel_slot *slot,
387 const struct aws_tls_connection_options &options,
388 Allocator *allocator = g_allocator);
389
395 void CompleteTlsNegotiation(int errorCode);
396
397 private:
398 aws_tls_on_negotiation_result_fn *m_OnNegotiationResult;
399 void *m_userData;
400
401 aws_byte_buf m_protocolByteBuf;
402 friend aws_byte_buf(::aws_tls_handler_protocol)(aws_channel_handler *);
403 };
404
412 {
413 public:
418 virtual void StartNegotiation() = 0;
419
420 protected:
422 struct aws_channel_slot *slot,
423 const struct aws_tls_connection_options &options,
424 Allocator *allocator = g_allocator);
425 };
426
427 using NewClientTlsHandlerCallback = std::function<std::shared_ptr<ClientTlsChannelHandler>(
428 struct aws_channel_slot *slot,
429 const struct aws_tls_connection_options &options,
430 Allocator *allocator)>;
431
432 } // namespace Io
433 } // namespace Crt
434} // namespace Aws
#define AWS_CRT_CPP_API
Definition: Exports.h:37
Definition: ChannelHandler.h:47
Definition: TlsOptions.h:412
Definition: TlsOptions.h:375
virtual String GetProtocol() const =0
Definition: TlsOptions.h:274
int LastError() const noexcept
Definition: TlsOptions.h:306
Definition: TlsOptions.h:331
TlsContext(TlsContext &&) noexcept=default
TlsContext & operator=(const TlsContext &) noexcept=default
int GetInitializationError() const noexcept
Definition: TlsOptions.h:355
TlsContext(const TlsContext &) noexcept=default
Definition: TlsOptions.h:36
Definition: TlsOptions.h:198
Definition: Optional.h:17
std::function< void *(TlsContextOptions &, TlsMode, Allocator *)> NewTlsContextImplCallback
Definition: TlsOptions.h:367
TlsMode
Definition: TlsOptions.h:26
std::function< bool()> IsTlsAlpnSupportedCallback
Definition: TlsOptions.h:369
std::function< std::shared_ptr< ClientTlsChannelHandler >(struct aws_channel_slot *slot, const struct aws_tls_connection_options &options, Allocator *allocator)> NewClientTlsHandlerCallback
Definition: TlsOptions.h:430
std::function< void(void *)> DeleteTlsContextImplCallback
Definition: TlsOptions.h:368
aws_byte_cursor ByteCursor
Definition: Types.h:33
aws_allocator Allocator
Definition: StlAllocator.h:17
AWS_CRT_CPP_API Allocator * g_allocator
Definition: Api.cpp:21
std::basic_string< char, std::char_traits< char >, StlAllocator< char > > String
Definition: Types.h:47
AWS_CRT_CPP_API int LastError() noexcept
Definition: Api.cpp:315
Definition: Api.h:17