botan_tls.h

Go to the documentation of this file.

// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
// Do not include this header directly: use crypto_tls.h instead.
 
#ifndef BOTAN_TLS_H
#define BOTAN_TLS_H

 
#ifdef WITH_BOTAN
 
#include <asiolink/asio_wrapper.h>
#include <asiolink/io_asio_socket.h>
#include <asiolink/io_service.h>
#include <asiolink/common_tls.h>
#include <exceptions/exceptions.h>
 
#include <asiolink/botan_wrapper.h>
 
namespace isc {
namespace asiolink {

inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) {
    if (role == TlsRole::SERVER) {
        return (Botan::TLS::Connection_Side::Server);
    } else {
        return (Botan::TLS::Connection_Side::Client);
    }
}

class TlsContextImpl;

class TlsContext : public TlsContextBase {
public:

    virtual ~TlsContext();

    explicit TlsContext(TlsRole role);

    std::shared_ptr<Botan::TLS::Context> getContext();

    virtual bool getCertRequired() const;
 
protected:
    virtual void setCertRequired(bool cert_required);

    virtual void loadCaFile(const std::string& ca_file);

    virtual void loadCaPath(const std::string& ca_path);

    virtual void loadCertFile(const std::string& cert_file);

    virtual void loadKeyFile(const std::string& key_file);

    std::unique_ptr<TlsContextImpl> impl_;

    friend class TlsContextBase;
};

typedef Botan::TLS::Stream<boost::asio::ip::tcp::socket> TlsStreamImpl;

template <typename Callback, typename TlsStreamImpl>
TlsStreamBase<Callback, TlsStreamImpl>::
TlsStreamBase(const IOServicePtr& io_service, TlsContextPtr context)
    : StreamService(io_service, context),
      TlsStreamImpl(io_service->getInternalIOService(),
      context->getContext()), role_(context->getRole()) {
}

template <typename Callback>
class TlsStream : public TlsStreamBase<Callback, TlsStreamImpl>
{
public:

    typedef TlsStreamBase<Callback, TlsStreamImpl> Base;

    TlsStream(const IOServicePtr& service, TlsContextPtr context)
        : Base(service, context) {
    }

    virtual ~TlsStream() { }

    virtual void handshake(Callback& callback) {
        Base::async_handshake(roleToImpl(Base::getRole()), callback);
    }

    virtual void shutdown(Callback& callback) {
        Base::async_shutdown(callback);
    }

    virtual void clear() {
    }

    virtual std::string getSubject() {
        const std::vector<Botan::X509_Certificate>& cert_chain =
            Base::native_handle()->peer_cert_chain();
        if (cert_chain.empty()) {
            return ("");
        }
        const Botan::X509_DN& subject = cert_chain[0].subject_dn();
        return (subject.get_first_attribute("CommonName"));
    }

    virtual std::string getIssuer() {
        const std::vector<Botan::X509_Certificate>& cert_chain =
            Base::native_handle()->peer_cert_chain();
        if (cert_chain.empty()) {
            return ("");
        }
        const Botan::X509_DN& issuer = cert_chain[0].issuer_dn();
        return (issuer.get_first_attribute("CommonName"));
    }
};
 
// Stream truncated error code.
const int STREAM_TRUNCATED = Botan::TLS::StreamError::StreamTruncated;
 
} // namespace asiolink
} // namespace isc
 
#endif // WITH_BOTAN
 
#endif // BOTAN_TLS_H