/*** Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved. File: ITLSContext.hpp Date: 2022-8-24 Author: Reece ***/ #pragma once namespace Aurora::IO::Protocol { struct IProtocolStack; } namespace Aurora::IO::Net { struct ISocket; } #include namespace Aurora::IO::TLS { struct TLSMetaDTLS { /** * @brief */ Memory::ByteBuffer serverTransportId {}; int iServerCookies { 0 }; /** * @brief */ bool bServerNoRelay { true }; /** * @brief */ int iServerBadMacLimit { 0 }; /** * @brief */ int iMTUSize { 0 }; }; struct TLSMetaTCP { }; struct TLSServer { /** * @brief */ bool bSessionCache { true }; /** * @brief Forces server side pinning of clients */ bool bPinServerPeers { false }; /** * @brief */ int iCacheMax { -1 }; /** * @brief */ int iCacheTimeout { 0 }; /** * @brief */ bool bEnableTickets { true }; /** * @brief */ bool bTicketsRotate { false }; /** * @brief */ int iTicketTimeout { 300 }; // 5m /** * @brief */ AuString alternativeTicketCipher; }; struct TLSClient { /** * @brief */ AuString sSNIServerName; }; struct TLSMeta { /** * @brief Input to-send, output-buffer size */ AuUInt uOutPageSize {}; /** * @brief Switches between server/client mode */ bool bIsClient { true }; /** * @brief */ Net::ETransportProtocol transportProtocol { Net::ETransportProtocol::eProtocolTCP }; /** * @brief */ AuSPtr pCertPin; /** * @brief */ AuSPtr pKeyPair; /** * @brief Override the cipersuites defined by ::GetDefaultCipherSuites() */ AuList cipherSuites; /** * @brief */ TLSMetaDTLS dtls; /** * @brief */ TLSMetaTCP tcp; /** * @brief */ TLSServer server; /** * @brief */ TLSClient client; }; struct ITLSContext { /** * @brief Returns the protocol stack provided to NewTLSContextEx * @return */ virtual AuSPtr ToReadStack() = 0; /** * @brief Returns the protocol stack provided to NewTLSContextEx * @return */ virtual AuSPtr ToWriteStack() = 0; /** * @brief Returns the input buffered inbound interceptor * @return */ virtual AuSPtr GetRecvInterceptor() = 0; /** * @brief Returns the to-send outbound interceptor * @return */ virtual AuSPtr GetSendInterceptor() = 0; /** * @brief Attaches the context to a socket such that * 1) the sockets inbound protocol is specified as this->ToReadStack() * 2) the sockets outbound protocol is specified as this->ToWriteStack() * 3) a weak reference is attached internally for internal shutdown/error triggers * * This is optional. You could just use a buffered protocol stack * * @param pSocket * @warning reminder: Creating a tls context is to merely add interceptors to a new protocol stack. * This function is a hybrid utility that does one internal action and calls * ISocketChannel::SpecifyRecvProtocol, ISocketChannel::SpecifySendProtocol to * activate the protocol stack on the socket (if not already). */ virtual void Attach(const AuSPtr &pSocket) = 0; /** * @brief */ virtual void StartHandshake() = 0; /** * @brief */ virtual void StartClose() = 0; /** * @brief * @return */ virtual bool HasCompletedHandshake() = 0; /** * @brief * @return */ virtual AuUInt16 GetCurrentCipherSuite() = 0; /** * @brief * @return */ virtual bool HasFailed() = 0; /** * @brief * @return */ virtual bool HasEnded() = 0; /** * @brief * @return */ virtual int GetFatalErrorCode() = 0; /** * @brief * @return */ virtual AuString GetFatalErrorCodeAsString() = 0; /** * @brief */ virtual void Destroy() = 0; }; /** * @brief * @param meta * @return */ AUKN_SYM AuSPtr NewTLSContext(const TLSMeta &meta); /** * @brief * @param pSendStack * A buffered or socket protocol stack to add one extended TLS intercepter to * @param pRecvStack * A buffered or socket protocol stack to add one extended TLS intercepter to * @param meta * @return */ AUKN_SYM AuSPtr NewTLSContextEx(const AuSPtr &pSendStack, const AuSPtr &pRecvStack, const TLSMeta &meta); }