de/d57/openssl__tls_8h_source.html

// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")

//

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this

// file, You can obtain one at http://mozilla.org/MPL/2.0/.


// Do not include this header directly: use crypto_tls.h instead.


#ifndef OPENSSL_TLS_H

#define OPENSSL_TLS_H


#ifdef WITH_OPENSSL


#include <asiolink/asio_wrapper.h>

#include <asiolink/io_asio_socket.h>

#include <asiolink/io_service.h>

#include <asiolink/common_tls.h>


#include <boost/asio/ssl.hpp>


namespace isc {

namespace asiolink {


inline boost::asio::ssl::stream_base::handshake_type roleToImpl(TlsRole role) {

    if (role == TlsRole::SERVER) {

        return (boost::asio::ssl::stream_base::server);

    } else {

        return (boost::asio::ssl::stream_base::client);

    }

}


class TlsContext : public TlsContextBase {

public:


    virtual ~TlsContext() { }


    explicit TlsContext(TlsRole role);


    boost::asio::ssl::context& getContext();


    ::SSL_CTX* getNativeContext();


    virtual bool getCertRequired() const;


    static std::string getErrMsg(boost::system::error_code ec);


protected:

    virtual void setCertRequired(bool cert_required);


    virtual void loadCaFile(const std::string& ca_file);


    virtual void loadCaPath(const std::string& ca_path);


    virtual void loadCertFile(const std::string& cert_file);


    virtual void loadKeyFile(const std::string& key_file);


    bool cert_required_;


    boost::asio::ssl::context context_;


    friend class TlsContextBase;

};


typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> TlsStreamImpl;


template <typename Callback, typename TlsStreamImpl>

TlsStreamBase<Callback, TlsStreamImpl>::

TlsStreamBase(const IOServicePtr& io_service, TlsContextPtr context)

    : StreamService(io_service, context),

      TlsStreamImpl(io_service->getInternalIOService(),

      context->getContext()), role_(context->getRole()) {

}


template <typename Callback>

class TlsStream : public TlsStreamBase<Callback, TlsStreamImpl> {

public:


    typedef TlsStreamBase<Callback, TlsStreamImpl> Base;


    TlsStream(const IOServicePtr& service, TlsContextPtr context)

        : Base(service, context) {

    }


    virtual ~TlsStream() {

    }


    virtual void handshake(Callback& callback) {

        Base::async_handshake(roleToImpl(Base::getRole()), callback);

    }


    virtual void shutdown(Callback& callback) {

        Base::async_shutdown(callback);

    }


    virtual std::string getSubject() {

        ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());

        if (!cert) {

            return ("");

        }

        ::X509_NAME *name = ::X509_get_subject_name(cert);

        int loc = ::X509_NAME_get_index_by_NID(name, NID_commonName, -1);

        ::X509_NAME_ENTRY* ne = ::X509_NAME_get_entry(name, loc);

        if (!ne) {

            ::X509_free(cert);

            return ("");

        }

        unsigned char* buf = 0;

        int len = ::ASN1_STRING_to_UTF8(&buf, ::X509_NAME_ENTRY_get_data(ne));

        if (len < 0) {

            ::X509_free(cert);

            return ("");

        }

        std::string ret(reinterpret_cast<char*>(buf), static_cast<size_t>(len));

        ::OPENSSL_free(buf);

        ::X509_free(cert);

        return (ret);

    }


    virtual std::string getIssuer() {

        ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());

        if (!cert) {

            return ("");

        }

        ::X509_NAME *name = ::X509_get_issuer_name(cert);

        int loc = ::X509_NAME_get_index_by_NID(name, NID_commonName, -1);

        ::X509_NAME_ENTRY* ne = ::X509_NAME_get_entry(name, loc);

        if (!ne) {

            ::X509_free(cert);

            return ("");

        }

        unsigned char* buf = 0;

        int len = ::ASN1_STRING_to_UTF8(&buf, ::X509_NAME_ENTRY_get_data(ne));

        if (len < 0) {

            ::X509_free(cert);

            return ("");

        }

        std::string ret(reinterpret_cast<char*>(buf), static_cast<size_t>(len));

        ::OPENSSL_free(buf);

        ::X509_free(cert);

        return (ret);

    }

};


// Stream truncated error code.

#ifdef HAVE_STREAM_TRUNCATED_ERROR

const int STREAM_TRUNCATED = boost::asio::ssl::error::stream_truncated;

#else

const int STREAM_TRUNCATED = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ);

#endif


} // namespace asiolink

} // namespace isc


#endif // WITH_OPENSSL


#endif // OPENSSL_TLS_H

asio_wrapper.h

isc::asiolink::TlsStreamBase::TlsStreamBase
TlsStreamBase(const IOServicePtr &service, TlsContextPtr context)
Constructor.

common_tls.h
Common TLS API.

io_asio_socket.h

io_service.h

asiolink
A wrapper interface for the ASIO library.

isc::asiolink::TlsContextPtr
boost::shared_ptr< TlsContext > TlsContextPtr
The type of shared pointers to TlsContext objects.
Definition common_tls.h:37

isc::asiolink::IOServicePtr
boost::shared_ptr< IOService > IOServicePtr
Defines a smart pointer to an IOService instance.
Definition io_service.h:33

isc::asiolink::TlsRole
TlsRole
Client and server roles.
Definition common_tls.h:31

isc::asiolink::SERVER
@ SERVER
Definition common_tls.h:31

isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148