botan_tls.h

Go to the documentation of this file.

// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
// Do not include this header directly: use crypto_tls.h instead.
 
#ifndef BOTAN_TLS_H
#define BOTAN_TLS_H
 
 
#ifdef WITH_BOTAN
 
#include <asiolink/asio_wrapper.h>
#include <asiolink/io_asio_socket.h>
#include <asiolink/io_service.h>
#include <asiolink/common_tls.h>
#include <exceptions/exceptions.h>
 
#include <asiolink/botan_wrapper.h>
#include <botan/asio_stream.h>
 
namespace isc {
namespace asiolink {
 
inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) {
    if (role == TlsRole::SERVER) {
        return (Botan::TLS::Connection_Side::SERVER);
    } else {
        return (Botan::TLS::Connection_Side::CLIENT);
    }
}
 
class TlsContextImpl;
 
class TlsContext : public TlsContextBase {
public:
 
    virtual ~TlsContext();
 
    explicit TlsContext(TlsRole role);
 
    Botan::TLS::Context& getContext();
 
    virtual bool getCertRequired() const;
 
protected:
    virtual void setCertRequired(bool cert_required);
 
    virtual void loadCaFile(const std::string& ca_file);
 
    virtual void loadCaPath(const std::string& ca_path);
 
    virtual void loadCertFile(const std::string& cert_file);
 
    virtual void loadKeyFile(const std::string& key_file);
 
    std::unique_ptr<TlsContextImpl> impl_;
 
    friend class TlsContextBase;
};
 
typedef Botan::TLS::Stream<boost::asio::ip::tcp::socket> TlsStreamImpl;
 
template <typename Callback, typename TlsStreamImpl>
TlsStreamBase<Callback, TlsStreamImpl>::
TlsStreamBase(const IOServicePtr& io_service, TlsContextPtr context)
    : StreamService(io_service, context),
      TlsStreamImpl(io_service->getInternalIOService(),
      context->getContext()), role_(context->getRole()) {
}
 
template <typename Callback>
class TlsStream : public TlsStreamBase<Callback, TlsStreamImpl>
{
public:
 
    typedef TlsStreamBase<Callback, TlsStreamImpl> Base;
 
    TlsStream(const IOServicePtr& service, TlsContextPtr context)
        : Base(service, context) {
    }
 
    virtual ~TlsStream() { }
 
    virtual void handshake(Callback& callback) {
        Base::async_handshake(roleToImpl(Base::getRole()), callback);
    }
 
    virtual void shutdown(Callback& callback) {
        Base::async_shutdown(callback);
    }
 
    virtual void clear() {
    }
 
    virtual std::string getSubject() {
        const std::vector<Botan::X509_Certificate>& cert_chain =
            Base::native_handle()->peer_cert_chain();
        if (cert_chain.empty()) {
            return ("");
        }
        const Botan::X509_DN& subject = cert_chain[0].subject_dn();
        return (subject.get_first_attribute("CommonName"));
    }
 
    virtual std::string getIssuer() {
        const std::vector<Botan::X509_Certificate>& cert_chain =
            Base::native_handle()->peer_cert_chain();
        if (cert_chain.empty()) {
            return ("");
        }
        const Botan::X509_DN& issuer = cert_chain[0].issuer_dn();
        return (issuer.get_first_attribute("CommonName"));
    }
};
 
// Stream truncated error code.
const int STREAM_TRUNCATED = Botan::TLS::StreamError::StreamTruncated;
 
} // namespace asiolink
} // namespace isc
 
#endif // WITH_BOTAN
 
#endif // BOTAN_TLS_H