Kea 2.7.6
botan_tls.h
Go to the documentation of this file.
1// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
2//
3// This Source Code Form is subject to the terms of the Mozilla Public
4// License, v. 2.0. If a copy of the MPL was not distributed with this
5// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7// Do not include this header directly: use crypto_tls.h instead.
8
9#ifndef BOTAN_TLS_H
10#define BOTAN_TLS_H
11
13
14#ifdef WITH_BOTAN
15
18#include <asiolink/io_service.h>
19#include <asiolink/common_tls.h>
21
23#include <botan/asio_stream.h>
24
25namespace isc {
26namespace asiolink {
27
29inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) {
30 if (role == TlsRole::SERVER) {
31 return (Botan::TLS::Connection_Side::SERVER);
32 } else {
33 return (Botan::TLS::Connection_Side::CLIENT);
34 }
35}
36
38class TlsContextImpl;
39
41class TlsContext : public TlsContextBase {
42public:
43
48 virtual ~TlsContext();
49
53 explicit TlsContext(TlsRole role);
54
56 Botan::TLS::Context& getContext();
57
62 virtual bool getCertRequired() const;
63
64protected:
69 virtual void setCertRequired(bool cert_required);
70
74 virtual void loadCaFile(const std::string& ca_file);
75
79 virtual void loadCaPath(const std::string& ca_path);
80
84 virtual void loadCertFile(const std::string& cert_file);
85
89 virtual void loadKeyFile(const std::string& key_file);
90
92 std::unique_ptr<TlsContextImpl> impl_;
93
95 friend class TlsContextBase;
96};
97
99typedef Botan::TLS::Stream<boost::asio::ip::tcp::socket> TlsStreamImpl;
100
108template <typename Callback, typename TlsStreamImpl>
110TlsStreamBase(const IOServicePtr& io_service, TlsContextPtr context)
111 : StreamService(io_service, context),
112 TlsStreamImpl(io_service->getInternalIOService(),
113 context->getContext()), role_(context->getRole()) {
114}
115
119template <typename Callback>
120class TlsStream : public TlsStreamBase<Callback, TlsStreamImpl>
121{
122public:
123
125 typedef TlsStreamBase<Callback, TlsStreamImpl> Base;
126
132 TlsStream(const IOServicePtr& service, TlsContextPtr context)
133 : Base(service, context) {
134 }
135
137 virtual ~TlsStream() { }
138
142 virtual void handshake(Callback& callback) {
143 Base::async_handshake(roleToImpl(Base::getRole()), callback);
144 }
145
149 virtual void shutdown(Callback& callback) {
150 Base::async_shutdown(callback);
151 }
152
158 virtual void clear() {
159 }
160
170 virtual std::string getSubject() {
171 const std::vector<Botan::X509_Certificate>& cert_chain =
172 Base::native_handle()->peer_cert_chain();
173 if (cert_chain.empty()) {
174 return ("");
175 }
176 const Botan::X509_DN& subject = cert_chain[0].subject_dn();
177 return (subject.get_first_attribute("CommonName"));
178 }
179
189 virtual std::string getIssuer() {
190 const std::vector<Botan::X509_Certificate>& cert_chain =
191 Base::native_handle()->peer_cert_chain();
192 if (cert_chain.empty()) {
193 return ("");
194 }
195 const Botan::X509_DN& issuer = cert_chain[0].issuer_dn();
196 return (issuer.get_first_attribute("CommonName"));
197 }
198};
199
200// Stream truncated error code.
201const int STREAM_TRUNCATED = Botan::TLS::StreamError::StreamTruncated;
202
203} // namespace asiolink
204} // namespace isc
205
206#endif // WITH_BOTAN
207
208#endif // BOTAN_TLS_H
Botan ASIO wrapper.
Common TLS API.
Defines the logger used by the top-level component of kea-lfc.