aws-crt-cpp
C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++.
TlsOptions.h
Go to the documentation of this file.
1#pragma once
7#include <aws/crt/Types.h>
9#include <aws/io/tls_channel_handler.h>
10
11#include <functional>
12#include <memory>
13
14struct aws_tls_ctx_options;
15
16namespace Aws
17{
18 namespace Crt
19 {
20 namespace Io
21 {
22 class Pkcs11Lib;
23 class TlsContextPkcs11Options;
24
25 enum class TlsMode
26 {
27 CLIENT,
28 SERVER,
29 };
30
36 {
37 friend class TlsContext;
38
39 public:
40 TlsContextOptions() noexcept;
41 virtual ~TlsContextOptions();
42 TlsContextOptions(const TlsContextOptions &) noexcept = delete;
43 TlsContextOptions &operator=(const TlsContextOptions &) noexcept = delete;
45 TlsContextOptions &operator=(TlsContextOptions &&) noexcept;
46
50 explicit operator bool() const noexcept { return m_isInit; }
51
55 int LastError() const noexcept;
56
61 static TlsContextOptions InitDefaultClient(Allocator *allocator = g_allocator) noexcept;
62
74 static TlsContextOptions InitClientWithMtls(
75 const char *cert_path,
76 const char *pkey_path,
77 Allocator *allocator = g_allocator) noexcept;
78
90 static TlsContextOptions InitClientWithMtls(
91 const ByteCursor &cert,
92 const ByteCursor &pkey,
93 Allocator *allocator = g_allocator) noexcept;
94
104 static TlsContextOptions InitClientWithMtlsPkcs11(
105 const TlsContextPkcs11Options &pkcs11Options,
106 Allocator *allocator = g_allocator) noexcept;
107
120 static TlsContextOptions InitClientWithMtlsPkcs12(
121 const char *pkcs12_path,
122 const char *pkcs12_pwd,
123 Allocator *allocator = g_allocator) noexcept;
124
135 bool SetKeychainPath(ByteCursor &keychain_path) noexcept;
136
147 static TlsContextOptions InitClientWithMtlsSystemPath(
148 const char *windowsCertStorePath,
149 Allocator *allocator = g_allocator) noexcept;
150
155 static bool IsAlpnSupported() noexcept;
156
162 bool SetAlpnList(const char *alpnList) noexcept;
163
172 void SetVerifyPeer(bool verifyPeer) noexcept;
173
178 void SetMinimumTlsVersion(aws_tls_versions minimumTlsVersion);
179
188 bool OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept;
189
194 bool OverrideDefaultTrustStore(const ByteCursor &ca) noexcept;
195
197 const aws_tls_ctx_options *GetUnderlyingHandle() const noexcept { return &m_options; }
198
199 private:
200 aws_tls_ctx_options m_options;
201 bool m_isInit;
202 };
203
210 {
211 public:
217 const std::shared_ptr<Pkcs11Lib> &pkcs11Lib,
218 Allocator *allocator = g_allocator) noexcept;
219
226 void SetUserPin(const String &pin) noexcept;
227
234 void SetSlotId(const uint64_t id) noexcept;
235
242 void SetTokenLabel(const String &label) noexcept;
243
251 void SetPrivateKeyObjectLabel(const String &label) noexcept;
252
259 void SetCertificateFilePath(const String &path) noexcept;
260
267 void SetCertificateFileContents(const String &contents) noexcept;
268
270 aws_tls_ctx_pkcs11_options GetUnderlyingHandle() const noexcept;
271
272 private:
273 std::shared_ptr<Pkcs11Lib> m_pkcs11Lib;
274 Optional<uint64_t> m_slotId;
275 Optional<String> m_userPin;
276 Optional<String> m_tokenLabel;
277 Optional<String> m_privateKeyObjectLabel;
278 Optional<String> m_certificateFilePath;
279 Optional<String> m_certificateFileContents;
280 };
281
286 {
287 public:
288 TlsConnectionOptions() noexcept;
291 TlsConnectionOptions &operator=(const TlsConnectionOptions &) noexcept;
292 TlsConnectionOptions(TlsConnectionOptions &&options) noexcept;
293 TlsConnectionOptions &operator=(TlsConnectionOptions &&options) noexcept;
294
300 bool SetServerName(ByteCursor &serverName) noexcept;
301
308 bool SetAlpnList(const char *alpnList) noexcept;
309
313 explicit operator bool() const noexcept { return isValid(); }
314
318 int LastError() const noexcept { return m_lastError; }
319
321 const aws_tls_connection_options *GetUnderlyingHandle() const noexcept
322 {
323 return &m_tls_connection_options;
324 }
325
326 private:
327 bool isValid() const noexcept { return m_isInit; }
328
329 TlsConnectionOptions(aws_tls_ctx *ctx, Allocator *allocator) noexcept;
330 aws_tls_connection_options m_tls_connection_options;
331 aws_allocator *m_allocator;
332 int m_lastError;
333 bool m_isInit;
334
335 friend class TlsContext;
336 };
337
343 {
344 public:
345 TlsContext() noexcept;
346 TlsContext(TlsContextOptions &options, TlsMode mode, Allocator *allocator = g_allocator) noexcept;
347 ~TlsContext() = default;
348 TlsContext(const TlsContext &) noexcept = default;
349 TlsContext &operator=(const TlsContext &) noexcept = default;
350 TlsContext(TlsContext &&) noexcept = default;
351 TlsContext &operator=(TlsContext &&) noexcept = default;
352
357 TlsConnectionOptions NewConnectionOptions() const noexcept;
358
362 explicit operator bool() const noexcept { return isValid(); }
363
367 int GetInitializationError() const noexcept { return m_initializationError; }
368
370 aws_tls_ctx *GetUnderlyingHandle() noexcept { return m_ctx.get(); }
371
372 private:
373 bool isValid() const noexcept { return m_ctx && m_initializationError == AWS_ERROR_SUCCESS; }
374
375 std::shared_ptr<aws_tls_ctx> m_ctx;
376 int m_initializationError;
377 };
378
379 using NewTlsContextImplCallback = std::function<void *(TlsContextOptions &, TlsMode, Allocator *)>;
380 using DeleteTlsContextImplCallback = std::function<void(void *)>;
381 using IsTlsAlpnSupportedCallback = std::function<bool()>;
382
387 {
388 public:
389 virtual ~TlsChannelHandler();
390
394 virtual String GetProtocol() const = 0;
395
396 protected:
398 struct aws_channel_slot *slot,
399 const struct aws_tls_connection_options &options,
400 Allocator *allocator = g_allocator);
401
407 void CompleteTlsNegotiation(int errorCode);
408
409 private:
410 aws_tls_on_negotiation_result_fn *m_OnNegotiationResult;
411 void *m_userData;
412
413 aws_byte_buf m_protocolByteBuf;
414 friend aws_byte_buf(::aws_tls_handler_protocol)(aws_channel_handler *);
415 };
416
424 {
425 public:
430 virtual void StartNegotiation() = 0;
431
432 protected:
434 struct aws_channel_slot *slot,
435 const struct aws_tls_connection_options &options,
436 Allocator *allocator = g_allocator);
437 };
438
439 using NewClientTlsHandlerCallback = std::function<std::shared_ptr<ClientTlsChannelHandler>(
440 struct aws_channel_slot *slot,
441 const struct aws_tls_connection_options &options,
442 Allocator *allocator)>;
443
444 } // namespace Io
445 } // namespace Crt
446} // namespace Aws
#define AWS_CRT_CPP_API
Definition: Exports.h:37
Definition: ChannelHandler.h:47
Definition: TlsOptions.h:424
Definition: TlsOptions.h:387
virtual String GetProtocol() const =0
Definition: TlsOptions.h:286
int LastError() const noexcept
Definition: TlsOptions.h:318
Definition: TlsOptions.h:343
TlsContext(TlsContext &&) noexcept=default
TlsContext & operator=(const TlsContext &) noexcept=default
int GetInitializationError() const noexcept
Definition: TlsOptions.h:367
TlsContext(const TlsContext &) noexcept=default
Definition: TlsOptions.h:36
Definition: TlsOptions.h:210
Definition: Optional.h:17
std::function< void *(TlsContextOptions &, TlsMode, Allocator *)> NewTlsContextImplCallback
Definition: TlsOptions.h:379
TlsMode
Definition: TlsOptions.h:26
std::function< bool()> IsTlsAlpnSupportedCallback
Definition: TlsOptions.h:381
std::function< std::shared_ptr< ClientTlsChannelHandler >(struct aws_channel_slot *slot, const struct aws_tls_connection_options &options, Allocator *allocator)> NewClientTlsHandlerCallback
Definition: TlsOptions.h:442
std::function< void(void *)> DeleteTlsContextImplCallback
Definition: TlsOptions.h:380
aws_byte_cursor ByteCursor
Definition: Types.h:33
aws_allocator Allocator
Definition: StlAllocator.h:17
AWS_CRT_CPP_API Allocator * g_allocator
Definition: Api.cpp:23
std::basic_string< char, std::char_traits< char >, StlAllocator< char > > String
Definition: Types.h:47
AWS_CRT_CPP_API int LastError() noexcept
Definition: Api.cpp:391
Definition: Api.h:14