aws-crt-cpp
C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++.
Loading...
Searching...
No Matches
TlsOptions.h
Go to the documentation of this file.
1#pragma once
7#include <aws/crt/Types.h>
8#include <aws/crt/io/ChannelHandler.h>
9#include <aws/io/tls_channel_handler.h>
10
11#include <functional>
12#include <memory>
13
14struct aws_tls_ctx_options;
15
16namespace Aws
17{
18 namespace Crt
19 {
20 namespace Io
21 {
22 class Pkcs11Lib;
23 class TlsContextPkcs11Options;
24
25 enum class TlsMode
26 {
27 CLIENT,
28 SERVER,
29 };
30
35 class AWS_CRT_CPP_API TlsContextOptions
36 {
37 friend class TlsContext;
38
39 public:
40 TlsContextOptions() noexcept;
41 virtual ~TlsContextOptions();
42 TlsContextOptions(const TlsContextOptions &) noexcept = delete;
43 TlsContextOptions &operator=(const TlsContextOptions &) noexcept = delete;
44 TlsContextOptions(TlsContextOptions &&) noexcept;
45 TlsContextOptions &operator=(TlsContextOptions &&) noexcept;
46
50 explicit operator bool() const noexcept { return m_isInit; }
51
55 int LastError() const noexcept;
56
61 static TlsContextOptions InitDefaultClient(Allocator *allocator = ApiAllocator()) noexcept;
62
74 static TlsContextOptions InitClientWithMtls(
75 const char *cert_path,
76 const char *pkey_path,
77 Allocator *allocator = ApiAllocator()) noexcept;
78
90 static TlsContextOptions InitClientWithMtls(
91 const ByteCursor &cert,
92 const ByteCursor &pkey,
93 Allocator *allocator = ApiAllocator()) noexcept;
94
104 static TlsContextOptions InitClientWithMtlsPkcs11(
105 const TlsContextPkcs11Options &pkcs11Options,
106 Allocator *allocator = ApiAllocator()) noexcept;
107
120 static TlsContextOptions InitClientWithMtlsPkcs12(
121 const char *pkcs12_path,
122 const char *pkcs12_pwd,
123 Allocator *allocator = ApiAllocator()) noexcept;
124
135 bool SetKeychainPath(ByteCursor &keychain_path) noexcept;
136
148 static TlsContextOptions InitClientWithMtlsSystemPath(
149 const char *windowsCertStorePath,
150 Allocator *allocator = ApiAllocator()) noexcept;
151
156 static bool IsAlpnSupported() noexcept;
157
163 bool SetAlpnList(const char *alpnList) noexcept;
164
173 void SetVerifyPeer(bool verifyPeer) noexcept;
174
179 void SetMinimumTlsVersion(aws_tls_versions minimumTlsVersion);
180
185 void SetTlsCipherPreference(aws_tls_cipher_pref cipher_pref);
186
195 bool OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept;
196
201 bool OverrideDefaultTrustStore(const ByteCursor &ca) noexcept;
202
204 const aws_tls_ctx_options *GetUnderlyingHandle() const noexcept { return &m_options; }
205
206 private:
207 aws_tls_ctx_options m_options;
208 bool m_isInit;
209 };
210
216 class AWS_CRT_CPP_API TlsContextPkcs11Options final
217 {
218 public:
223 TlsContextPkcs11Options(
224 const std::shared_ptr<Pkcs11Lib> &pkcs11Lib,
225 Allocator *allocator = ApiAllocator()) noexcept;
226
233 void SetUserPin(const String &pin) noexcept;
234
241 void SetSlotId(const uint64_t id) noexcept;
242
249 void SetTokenLabel(const String &label) noexcept;
250
258 void SetPrivateKeyObjectLabel(const String &label) noexcept;
259
266 void SetCertificateFilePath(const String &path) noexcept;
267
274 void SetCertificateFileContents(const String &contents) noexcept;
275
277 aws_tls_ctx_pkcs11_options GetUnderlyingHandle() const noexcept;
278
279 private:
280 std::shared_ptr<Pkcs11Lib> m_pkcs11Lib;
281 Optional<uint64_t> m_slotId;
282 Optional<String> m_userPin;
283 Optional<String> m_tokenLabel;
284 Optional<String> m_privateKeyObjectLabel;
285 Optional<String> m_certificateFilePath;
286 Optional<String> m_certificateFileContents;
287 };
288
292 class AWS_CRT_CPP_API TlsConnectionOptions final
293 {
294 public:
295 TlsConnectionOptions() noexcept;
296 ~TlsConnectionOptions();
297 TlsConnectionOptions(const TlsConnectionOptions &) noexcept;
298 TlsConnectionOptions &operator=(const TlsConnectionOptions &) noexcept;
299 TlsConnectionOptions(TlsConnectionOptions &&options) noexcept;
300 TlsConnectionOptions &operator=(TlsConnectionOptions &&options) noexcept;
301
307 bool SetServerName(ByteCursor &serverName) noexcept;
308
315 bool SetAlpnList(const char *alpnList) noexcept;
316
320 explicit operator bool() const noexcept { return isValid(); }
321
325 int LastError() const noexcept { return m_lastError; }
326
328 const aws_tls_connection_options *GetUnderlyingHandle() const noexcept
329 {
330 return &m_tls_connection_options;
331 }
332
333 private:
334 bool isValid() const noexcept { return m_isInit; }
335
336 TlsConnectionOptions(aws_tls_ctx *ctx, Allocator *allocator) noexcept;
337 aws_tls_connection_options m_tls_connection_options;
338 aws_allocator *m_allocator;
339 int m_lastError;
340 bool m_isInit;
341
342 friend class TlsContext;
343 };
344
349 class AWS_CRT_CPP_API TlsContext final
350 {
351 public:
352 TlsContext() noexcept;
353 TlsContext(TlsContextOptions &options, TlsMode mode, Allocator *allocator = ApiAllocator()) noexcept;
354 ~TlsContext() = default;
355 TlsContext(const TlsContext &) noexcept = default;
356 TlsContext &operator=(const TlsContext &) noexcept = default;
357 TlsContext(TlsContext &&) noexcept = default;
358 TlsContext &operator=(TlsContext &&) noexcept = default;
359
364 TlsConnectionOptions NewConnectionOptions() const noexcept;
365
369 explicit operator bool() const noexcept { return isValid(); }
370
374 int GetInitializationError() const noexcept { return m_initializationError; }
375
377 aws_tls_ctx *GetUnderlyingHandle() const noexcept { return m_ctx.get(); }
378
379 private:
380 bool isValid() const noexcept { return m_ctx && m_initializationError == AWS_ERROR_SUCCESS; }
381
382 std::shared_ptr<aws_tls_ctx> m_ctx;
383 int m_initializationError;
384 };
385
386 using NewTlsContextImplCallback = std::function<void *(TlsContextOptions &, TlsMode, Allocator *)>;
387 using DeleteTlsContextImplCallback = std::function<void(void *)>;
388 using IsTlsAlpnSupportedCallback = std::function<bool()>;
389
393 class AWS_CRT_CPP_API TlsChannelHandler : public ChannelHandler
394 {
395 public:
396 virtual ~TlsChannelHandler();
397
401 virtual String GetProtocol() const = 0;
402
403 protected:
404 TlsChannelHandler(
405 struct aws_channel_slot *slot,
406 const struct aws_tls_connection_options &options,
407 Allocator *allocator = ApiAllocator());
408
414 void CompleteTlsNegotiation(int errorCode);
415
416 private:
417 aws_tls_on_negotiation_result_fn *m_OnNegotiationResult;
418 void *m_userData;
419
420 aws_byte_buf m_protocolByteBuf;
421 friend aws_byte_buf(::aws_tls_handler_protocol)(aws_channel_handler *);
422 };
423
430 class AWS_CRT_CPP_API ClientTlsChannelHandler : public TlsChannelHandler
431 {
432 public:
437 virtual void StartNegotiation() = 0;
438
439 protected:
440 ClientTlsChannelHandler(
441 struct aws_channel_slot *slot,
442 const struct aws_tls_connection_options &options,
443 Allocator *allocator = ApiAllocator());
444 };
445
446 using NewClientTlsHandlerCallback = std::function<std::shared_ptr<ClientTlsChannelHandler>(
447 struct aws_channel_slot *slot,
448 const struct aws_tls_connection_options &options,
449 Allocator *allocator)>;
450
451 } // namespace Io
452 } // namespace Crt
453} // namespace Aws
AWS_CRT_CPP_API
#define AWS_CRT_CPP_API
Definition Exports.h:36
Aws::Crt::Io::ChannelHandler
Definition ChannelHandler.h:47
Aws::Crt::Io::ClientTlsChannelHandler
Definition TlsOptions.h:431
Aws::Crt::Io::TlsChannelHandler
Definition TlsOptions.h:394
Aws::Crt::Io::TlsChannelHandler::GetProtocol
virtual String GetProtocol() const =0
Aws::Crt::Io::TlsConnectionOptions
Definition TlsOptions.h:293
Aws::Crt::Io::TlsConnectionOptions::LastError
int LastError() const noexcept
Definition TlsOptions.h:325
Aws::Crt::Io::TlsContext
Definition TlsOptions.h:350
Aws::Crt::Io::TlsContext::TlsContext
TlsContext(TlsContext &&) noexcept=default
Aws::Crt::Io::TlsContext::operator=
TlsContext & operator=(const TlsContext &) noexcept=default
Aws::Crt::Io::TlsContext::GetInitializationError
int GetInitializationError() const noexcept
Definition TlsOptions.h:374
Aws::Crt::Io::TlsContext::TlsContext
TlsContext(const TlsContext &) noexcept=default
Aws::Crt::Io::TlsContextOptions
Definition TlsOptions.h:36
Aws::Crt::Io::TlsContextPkcs11Options
Definition TlsOptions.h:217
Aws::Crt::Optional
Definition Optional.h:19
Aws::Crt::Io::NewTlsContextImplCallback
std::function< void *(TlsContextOptions &, TlsMode, Allocator *)> NewTlsContextImplCallback
Definition TlsOptions.h:386
Aws::Crt::Io::TlsMode
TlsMode
Definition TlsOptions.h:26
Aws::Crt::Io::IsTlsAlpnSupportedCallback
std::function< bool()> IsTlsAlpnSupportedCallback
Definition TlsOptions.h:388
Aws::Crt::Io::NewClientTlsHandlerCallback
std::function< std::shared_ptr< ClientTlsChannelHandler >(struct aws_channel_slot *slot, const struct aws_tls_connection_options &options, Allocator *allocator)> NewClientTlsHandlerCallback
Definition TlsOptions.h:449
Aws::Crt::Io::DeleteTlsContextImplCallback
std::function< void(void *)> DeleteTlsContextImplCallback
Definition TlsOptions.h:387
Aws::Crt::ByteCursor
aws_byte_cursor ByteCursor
Definition Types.h:31
Aws::Crt::Allocator
aws_allocator Allocator
Definition Allocator.h:14
Aws::Crt::ApiAllocator
AWS_CRT_CPP_API Allocator * ApiAllocator() noexcept
Definition Allocator.cpp:24
Aws::Crt::String
std::basic_string< char, std::char_traits< char >, StlAllocator< char > > String
Definition Types.h:45
Aws::Crt::LastError
AWS_CRT_CPP_API int LastError() noexcept
Definition Api.cpp:425
Aws
Definition Allocator.h:11
Generated by doxygen 1.9.8