aws-crt-cpp
C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++.
Loading...
Searching...
No Matches
TlsOptions.h
Go to the documentation of this file.
1#pragma once
7#include <aws/crt/Types.h>
8#include <aws/crt/io/ChannelHandler.h>
9#include <aws/io/tls_channel_handler.h>
10
11#include <functional>
12#include <memory>
13
14struct aws_tls_ctx_options;
15
16namespace Aws
17{
18 namespace Crt
19 {
20 namespace Io
21 {
22 class Pkcs11Lib;
23 class TlsContextPkcs11Options;
24
25 enum class TlsMode
26 {
27 CLIENT,
28 SERVER,
29 };
30
35 class AWS_CRT_CPP_API TlsContextOptions
36 {
37 friend class TlsContext;
38
39 public:
40 TlsContextOptions() noexcept;
41 virtual ~TlsContextOptions();
42 TlsContextOptions(const TlsContextOptions &) noexcept = delete;
43 TlsContextOptions &operator=(const TlsContextOptions &) noexcept = delete;
44 TlsContextOptions(TlsContextOptions &&) noexcept;
45 TlsContextOptions &operator=(TlsContextOptions &&) noexcept;
46
50 explicit operator bool() const noexcept { return m_isInit; }
51
55 int LastError() const noexcept;
56
61 static TlsContextOptions InitDefaultClient(Allocator *allocator = ApiAllocator()) noexcept;
62
74 static TlsContextOptions InitClientWithMtls(
75 const char *cert_path,
76 const char *pkey_path,
77 Allocator *allocator = ApiAllocator()) noexcept;
78
90 static TlsContextOptions InitClientWithMtls(
91 const ByteCursor &cert,
92 const ByteCursor &pkey,
93 Allocator *allocator = ApiAllocator()) noexcept;
94
104 static TlsContextOptions InitClientWithMtlsPkcs11(
105 const TlsContextPkcs11Options &pkcs11Options,
106 Allocator *allocator = ApiAllocator()) noexcept;
107
120 static TlsContextOptions InitClientWithMtlsPkcs12(
121 const char *pkcs12_path,
122 const char *pkcs12_pwd,
123 Allocator *allocator = ApiAllocator()) noexcept;
124
135 bool SetKeychainPath(ByteCursor &keychain_path) noexcept;
136
148 static TlsContextOptions InitClientWithMtlsSystemPath(
149 const char *windowsCertStorePath,
150 Allocator *allocator = ApiAllocator()) noexcept;
151
156 static bool IsAlpnSupported() noexcept;
157
163 bool SetAlpnList(const char *alpnList) noexcept;
164
173 void SetVerifyPeer(bool verifyPeer) noexcept;
174
188 void SetNoCertificateRevocation(bool noCertificateRevocation) noexcept;
189
194 void SetMinimumTlsVersion(aws_tls_versions minimumTlsVersion);
195
200 void SetTlsCipherPreference(aws_tls_cipher_pref cipher_pref);
201
210 bool OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept;
211
216 bool OverrideDefaultTrustStore(const ByteCursor &ca) noexcept;
217
219 const aws_tls_ctx_options *GetUnderlyingHandle() const noexcept
220 {
221 return m_isInit ? &m_options : nullptr;
222 }
223
224 private:
225 aws_tls_ctx_options m_options;
226 bool m_isInit = false;
227 };
228
234 class AWS_CRT_CPP_API TlsContextPkcs11Options final
235 {
236 public:
241 TlsContextPkcs11Options(
242 const std::shared_ptr<Pkcs11Lib> &pkcs11Lib,
243 Allocator *allocator = ApiAllocator()) noexcept;
244
251 void SetUserPin(const String &pin) noexcept;
252
259 void SetSlotId(const uint64_t id) noexcept;
260
267 void SetTokenLabel(const String &label) noexcept;
268
276 void SetPrivateKeyObjectLabel(const String &label) noexcept;
277
284 void SetCertificateFilePath(const String &path) noexcept;
285
292 void SetCertificateFileContents(const String &contents) noexcept;
293
295 aws_tls_ctx_pkcs11_options GetUnderlyingHandle() const noexcept;
296
297 private:
298 std::shared_ptr<Pkcs11Lib> m_pkcs11Lib;
299 Optional<uint64_t> m_slotId;
300 Optional<String> m_userPin;
301 Optional<String> m_tokenLabel;
302 Optional<String> m_privateKeyObjectLabel;
303 Optional<String> m_certificateFilePath;
304 Optional<String> m_certificateFileContents;
305 };
306
310 class AWS_CRT_CPP_API TlsConnectionOptions final
311 {
312 public:
313 TlsConnectionOptions() noexcept;
314 ~TlsConnectionOptions();
315 TlsConnectionOptions(const TlsConnectionOptions &) noexcept;
316 TlsConnectionOptions &operator=(const TlsConnectionOptions &) noexcept;
317 TlsConnectionOptions(TlsConnectionOptions &&options) noexcept;
318 TlsConnectionOptions &operator=(TlsConnectionOptions &&options) noexcept;
319
325 bool SetServerName(ByteCursor &serverName) noexcept;
326
333 bool SetAlpnList(const char *alpnList) noexcept;
334
338 explicit operator bool() const noexcept { return isValid(); }
339
343 int LastError() const noexcept { return m_lastError; }
344
346 const aws_tls_connection_options *GetUnderlyingHandle() const noexcept
347 {
348 return m_isInit ? &m_tls_connection_options : nullptr;
349 }
350
351 private:
352 bool isValid() const noexcept { return m_isInit; }
353
354 TlsConnectionOptions(aws_tls_ctx *ctx, Allocator *allocator) noexcept;
355
356 aws_tls_connection_options m_tls_connection_options;
357 aws_allocator *m_allocator = nullptr;
358 int m_lastError = AWS_ERROR_SUCCESS;
359 bool m_isInit = false;
360
361 friend class TlsContext;
362 };
363
368 class AWS_CRT_CPP_API TlsContext final
369 {
370 public:
371 TlsContext() noexcept;
372 TlsContext(TlsContextOptions &options, TlsMode mode, Allocator *allocator = ApiAllocator()) noexcept;
373 ~TlsContext() = default;
374 TlsContext(const TlsContext &) noexcept = default;
375 TlsContext &operator=(const TlsContext &) noexcept = default;
376 TlsContext(TlsContext &&) noexcept = default;
377 TlsContext &operator=(TlsContext &&) noexcept = default;
378
383 TlsConnectionOptions NewConnectionOptions() const noexcept;
384
388 explicit operator bool() const noexcept { return isValid(); }
389
393 int GetInitializationError() const noexcept { return m_initializationError; }
394
396 aws_tls_ctx *GetUnderlyingHandle() const noexcept { return m_ctx.get(); }
397
398 private:
399 bool isValid() const noexcept { return m_ctx && m_initializationError == AWS_ERROR_SUCCESS; }
400
401 std::shared_ptr<aws_tls_ctx> m_ctx;
402 int m_initializationError;
403 };
404
405 using NewTlsContextImplCallback = std::function<void *(TlsContextOptions &, TlsMode, Allocator *)>;
406 using DeleteTlsContextImplCallback = std::function<void(void *)>;
407 using IsTlsAlpnSupportedCallback = std::function<bool()>;
408
412 class AWS_CRT_CPP_API TlsChannelHandler : public ChannelHandler
413 {
414 public:
415 virtual ~TlsChannelHandler();
416
420 virtual String GetProtocol() const = 0;
421
422 protected:
423 TlsChannelHandler(
424 struct aws_channel_slot *slot,
425 const struct aws_tls_connection_options &options,
426 Allocator *allocator = ApiAllocator());
427
433 void CompleteTlsNegotiation(int errorCode);
434
435 private:
436 aws_tls_on_negotiation_result_fn *m_OnNegotiationResult;
437 void *m_userData;
438
439 aws_byte_buf m_protocolByteBuf;
440 friend aws_byte_buf(::aws_tls_handler_protocol)(aws_channel_handler *);
441 };
442
449 class AWS_CRT_CPP_API ClientTlsChannelHandler : public TlsChannelHandler
450 {
451 public:
456 virtual void StartNegotiation() = 0;
457
458 protected:
459 ClientTlsChannelHandler(
460 struct aws_channel_slot *slot,
461 const struct aws_tls_connection_options &options,
462 Allocator *allocator = ApiAllocator());
463 };
464
465 using NewClientTlsHandlerCallback = std::function<std::shared_ptr<ClientTlsChannelHandler>(
466 struct aws_channel_slot *slot,
467 const struct aws_tls_connection_options &options,
468 Allocator *allocator)>;
469
470 } // namespace Io
471 } // namespace Crt
472} // namespace Aws
AWS_CRT_CPP_API
#define AWS_CRT_CPP_API
Definition Exports.h:36
Aws::Crt::Io::ChannelHandler
Definition ChannelHandler.h:47
Aws::Crt::Io::ClientTlsChannelHandler
Definition TlsOptions.h:450
Aws::Crt::Io::TlsChannelHandler
Definition TlsOptions.h:413
Aws::Crt::Io::TlsChannelHandler::GetProtocol
virtual String GetProtocol() const =0
Aws::Crt::Io::TlsConnectionOptions
Definition TlsOptions.h:311
Aws::Crt::Io::TlsConnectionOptions::LastError
int LastError() const noexcept
Definition TlsOptions.h:343
Aws::Crt::Io::TlsContext
Definition TlsOptions.h:369
Aws::Crt::Io::TlsContext::TlsContext
TlsContext(TlsContext &&) noexcept=default
Aws::Crt::Io::TlsContext::operator=
TlsContext & operator=(const TlsContext &) noexcept=default
Aws::Crt::Io::TlsContext::GetInitializationError
int GetInitializationError() const noexcept
Definition TlsOptions.h:393
Aws::Crt::Io::TlsContext::TlsContext
TlsContext(const TlsContext &) noexcept=default
Aws::Crt::Io::TlsContextOptions
Definition TlsOptions.h:36
Aws::Crt::Io::TlsContextPkcs11Options
Definition TlsOptions.h:235
Aws::Crt::Optional
Definition Optional.h:19
Aws::Crt::Io::NewTlsContextImplCallback
std::function< void *(TlsContextOptions &, TlsMode, Allocator *)> NewTlsContextImplCallback
Definition TlsOptions.h:405
Aws::Crt::Io::TlsMode
TlsMode
Definition TlsOptions.h:26
Aws::Crt::Io::IsTlsAlpnSupportedCallback
std::function< bool()> IsTlsAlpnSupportedCallback
Definition TlsOptions.h:407
Aws::Crt::Io::NewClientTlsHandlerCallback
std::function< std::shared_ptr< ClientTlsChannelHandler >(struct aws_channel_slot *slot, const struct aws_tls_connection_options &options, Allocator *allocator)> NewClientTlsHandlerCallback
Definition TlsOptions.h:468
Aws::Crt::Io::DeleteTlsContextImplCallback
std::function< void(void *)> DeleteTlsContextImplCallback
Definition TlsOptions.h:406
Aws::Crt::ByteCursor
aws_byte_cursor ByteCursor
Definition Types.h:31
Aws::Crt::Allocator
aws_allocator Allocator
Definition Allocator.h:14
Aws::Crt::ApiAllocator
AWS_CRT_CPP_API Allocator * ApiAllocator() noexcept
Definition Allocator.cpp:24
Aws::Crt::String
std::basic_string< char, std::char_traits< char >, StlAllocator< char > > String
Definition Types.h:45
Aws::Crt::LastError
AWS_CRT_CPP_API int LastError() noexcept
Definition Api.cpp:464
Aws
Definition Allocator.h:11
Generated by doxygen 1.9.8