AuroraSupport/AuroraRuntime
2
1
Fork 0
Code Issues 27 Pull Requests Releases Wiki Activity
1fb36548ea
AuroraRuntime/Source/IO/TLS/TLSContext.hpp
J Reece Wilson 7a0593adeb [+] AuCrypto::CA::ICertificateStore 
[+] AuCrypto::CA::INewCertificateStore
[+] AuCrypto::CA::IPinCertificate
[+] AuCrypto::CA::PinAlwaysFail
[+] AuCrypto::CA::PinAlwaysPass
[+] AuCrypto::CA::PinCheckOS
[+] AuCrypto::CA::PinCheckDefault
[+] AuCrypto::CA::PinCheckBuiltin
[+] AuCrypto::CA::PinCheckGlobal
[+] AuCrypto::CA::PinCheckTwoAnd
[+] AuCrypto::CA::PinCheckTwoOr
[+] AuCrypto::CA::SetGlobalTLSPinner
[*] Minor AuCrypto::X509 decoder work
[*] AuCrypto::X509: transition to memory views (x509 is bytebuffer era and earlier code, beri early)
[+] AuCrypto::IPrivateKeyProvider
[+] AuCrypto::IPrivateKeyPair
[+] AuCrypto::PrivateKeyPair
[+] AuCrypto::ImportPrivateKeyPair
[*] Refactor: AuCrypto::X509::GenerateCertificate(...)
[+] AuCrypto::X509::NewChainFromOneDer
[+] AuCrypto::X509::NewChainFromManyDer
[+] AuCrypto::X509::NewChainFromManyDerInStream
[+] AuCrypto::X509::NewChainFromOnePem
[+] AuCrypto::X509::NewChainFromManyPem
[+] AuCrypto::X509::NewChainFromManyPemInStream
[*] Fix TLS code that was abandoned since its introduction with the net code. mbedtls is a hairbrained mess. so many *blocking* github issues starting after 2017. so little progress.
[+] AuIO::TLS::TLSMeta::pKeyPairProvider
[+] AuIO::TLS::TLSServer::bAllowSNIToFallBackDefault
[+] AuIO::TLS::TLSServer::bAllowSNILessUseDefaultCert
2024-10-16 02:07:24 +01:00

109 lines
3.0 KiB
C++
Raw Blame History

/***
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
File: TLSContext.hpp
Date: 2022-8-24
Author: Reece
***/
#pragma once
#include "TLS.hpp"
#include "TLSProtocolRecv.hpp"
#include "TLSProtocolSend.hpp"
namespace Aurora::IO::Protocol
{
struct ProtocolStack;
}
namespace Aurora::IO::TLS
{
void TLSInit();
struct TLSContext : ITLSContext, AuEnableSharedFromThis<TLSContext>
{
TLSContext(const TLSMeta &meta);
TLSContext(const AuSPtr<Protocol::IProtocolStack> &pSendStack,
const AuSPtr<Protocol::IProtocolStack> &pRecvStack,
const TLSMeta &meta);
~TLSContext();
bool Init();
virtual void Destroy() override;
virtual AuSPtr<Protocol::IProtocolStack> ToReadStack() override;
virtual AuSPtr<Protocol::IProtocolStack> ToWriteStack() override;
virtual AuSPtr<Protocol::IProtocolInterceptorEx> GetRecvInterceptor() override;
virtual AuSPtr<Protocol::IProtocolInterceptorEx> GetSendInterceptor() override;
virtual void Attach(const AuSPtr<Net::ISocket> &pSocket) override;
virtual void StartHandshake() override;
virtual void StartClose() override;
virtual AuUInt16 GetCurrentCipherSuite() override;
virtual bool HasCompletedHandshake() override;
virtual bool HasEnded() override;
virtual bool HasFailed() override;
int GetFatalErrorCode() override;
AuString GetFatalErrorCodeAsString() override;
AuSPtr<Crypto::KeyPair::IPrivateKeyPair> GetKeyPairForSNI(const AuROString &name);
AuSPtr<Crypto::KeyPair::IPrivateKeyPair> GetDefaultKeyPair();
bool SetBasicCerts();
bool DoFinalCerts();
void OnSNI(const AuROString &name);
void OnClose();
void OnFatal();
bool bIsDead {};
bool bIsFatal {};
bool bIsAlive {};
bool bPinLock_ {};
int iFatalError {};
mbedtls_ssl_context ssl {};
mbedtls_ssl_config conf {};
bool bDebugging {};
int Read(void *pOut, AuUInt length);
int Write(const void *pIn, AuUInt length);
bool CheckCertificate(mbedtls_x509_crt const *child, const AuMemoryViewRead &read);
private:
mbedtls_timing_delay_context timer_ {};
#if defined(MBEDTLS_SSL_COOKIE_C)
mbedtls_ssl_cookie_ctx cookieCtx_ {};
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_context ticketCtx_ {};
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache_ {};
#endif
AuList<int> cipherSuites_;
TLSMeta meta_;
AuSPtr<Crypto::KeyPair::IPrivateKeyPair> pStoredPair {};
AuWPtr<Net::ISocket> wpSocket_;
TLSProtocolRecv channelRecv_;
TLSProtocolSend channelSend_;
AuSPtr<Protocol::ProtocolStack> pSendStack_;
AuSPtr<Protocol::ProtocolStack> pRecvStack_;
AuWPtr<Protocol::IProtocolPiece> pPiece_;
};
}
Reference in New Issue View Git Blame Copy Permalink