Kea  1.9.9-git
botan_boost_tls.h
Go to the documentation of this file.
1 // Copyright (C) 2021 Internet Systems Consortium, Inc. ("ISC")
2 //
3 // This Source Code Form is subject to the terms of the Mozilla Public
4 // License, v. 2.0. If a copy of the MPL was not distributed with this
5 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 
7 // Do not include this header directly: use crypto_tls.h instead.
8 
9 #ifndef BOTAN_BOOST_TLS_H
10 #define BOTAN_BOOST_TLS_H
11 
13 
14 #if defined(WITH_BOTAN) && defined(WITH_BOTAN_BOOST)
15 
16 #include <asiolink/asio_wrapper.h>
17 #include <asiolink/io_asio_socket.h>
18 #include <asiolink/io_service.h>
19 #include <asiolink/common_tls.h>
20 #include <exceptions/exceptions.h>
21 
22 #include <asiolink/botan_boost_wrapper.h>
23 #include <botan/asio_stream.h>
24 
25 namespace isc {
26 namespace asiolink {
27 
29 inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) {
30  if (role == TlsRole::SERVER) {
31  return (Botan::TLS::Connection_Side::SERVER);
32  } else {
33  return (Botan::TLS::Connection_Side::CLIENT);
34  }
35 }
36 
38 class TlsContextImpl;
39 
41 class TlsContext : public TlsContextBase {
42 public:
43 
48  virtual ~TlsContext();
49 
53  explicit TlsContext(TlsRole role);
54 
56  Botan::TLS::Context& getContext();
57 
62  virtual bool getCertRequired() const;
63 
64 protected:
69  virtual void setCertRequired(bool cert_required);
70 
74  virtual void loadCaFile(const std::string& ca_file);
75 
79  virtual void loadCaPath(const std::string& ca_path);
80 
84  virtual void loadCertFile(const std::string& cert_file);
85 
89  virtual void loadKeyFile(const std::string& key_file);
90 
92  std::unique_ptr<TlsContextImpl> impl_;
93 
95  friend class TlsContextBase;
96 };
97 
99 typedef Botan::TLS::Stream<boost::asio::ip::tcp::socket> TlsStreamImpl;
100 
108 template <typename Callback, typename TlsStreamImpl>
109 TlsStreamBase<Callback, TlsStreamImpl>::
110 TlsStreamBase(IOService& service, TlsContextPtr context)
111  : TlsStreamImpl(service.get_io_service(), context->getContext()),
112  role_(context->getRole()) {
113 }
114 
118 template <typename Callback>
119 class TlsStream : public TlsStreamBase<Callback, TlsStreamImpl>
120 {
121 public:
122 
124  typedef TlsStreamBase<Callback, TlsStreamImpl> Base;
125 
131  TlsStream(IOService& service, TlsContextPtr context)
132  : Base(service, context) {
133  }
134 
136  virtual ~TlsStream() { }
137 
141  virtual void handshake(Callback& callback) {
142  Base::async_handshake(roleToImpl(Base::getRole()), callback);
143  }
144 
148  virtual void shutdown(Callback& callback) {
149  Base::async_shutdown(callback);
150  }
151 
157  virtual void clear() {
158  }
159 
169  virtual std::string getSubject() {
170  const std::vector<Botan::X509_Certificate>& cert_chain =
171  Base::native_handle()->peer_cert_chain();
172  if (cert_chain.empty()) {
173  return ("");
174  }
175  const Botan::X509_DN& subject = cert_chain[0].subject_dn();
176  return (subject.get_first_attribute("CommonName"));
177  }
178 
188  virtual std::string getIssuer() {
189  const std::vector<Botan::X509_Certificate>& cert_chain =
190  Base::native_handle()->peer_cert_chain();
191  if (cert_chain.empty()) {
192  return ("");
193  }
194  const Botan::X509_DN& issuer = cert_chain[0].issuer_dn();
195  return (issuer.get_first_attribute("CommonName"));
196  }
197 };
198 
199 // Stream truncated error code.
200 const int STREAM_TRUNCATED = Botan::TLS::StreamError::StreamTruncated;
201 
202 } // namespace asiolink
203 } // namespace isc
204 
205 #endif // WITH_BOTAN && WITH_BOTAN_BOOST
206 
207 #endif // BOTAN_BOOST_TLS_H
io_asio_socket.h
io_service.h
common_tls.h
Common TLS API.
asio_wrapper.h
isc
Defines the logger used by the top-level component of kea-dhcp-ddns.
Definition: agent_parser.cc:143
botan_boost_wrapper.h
Botan boost ASIO wrapper.