AWS IoT Device SDK C++ v2  1.34.0
AWS IoT Device SDK C++ v2
TlsOptions.h
Go to the documentation of this file.
1 #pragma once
2 
7 #include <aws/crt/Types.h>
8 #include <aws/crt/io/ChannelHandler.h>
9 #include <aws/io/tls_channel_handler.h>
10 
11 #include <functional>
12 #include <memory>
13 
14 struct aws_tls_ctx_options;
15 
16 namespace Aws
17 {
18  namespace Crt
19  {
20  namespace Io
21  {
22  class Pkcs11Lib;
23  class TlsContextPkcs11Options;
24 
25  enum class TlsMode
26  {
27  CLIENT,
28  SERVER,
29  };
30 
35  class AWS_CRT_CPP_API TlsContextOptions
36  {
37  friend class TlsContext;
38 
39  public:
40  TlsContextOptions() noexcept;
41  virtual ~TlsContextOptions();
42  TlsContextOptions(const TlsContextOptions &) noexcept = delete;
43  TlsContextOptions &operator=(const TlsContextOptions &) noexcept = delete;
44  TlsContextOptions(TlsContextOptions &&) noexcept;
45  TlsContextOptions &operator=(TlsContextOptions &&) noexcept;
46 
50  explicit operator bool() const noexcept { return m_isInit; }
51 
55  int LastError() const noexcept;
56 
61  static TlsContextOptions InitDefaultClient(Allocator *allocator = ApiAllocator()) noexcept;
62 
74  static TlsContextOptions InitClientWithMtls(
75  const char *cert_path,
76  const char *pkey_path,
77  Allocator *allocator = ApiAllocator()) noexcept;
78 
90  static TlsContextOptions InitClientWithMtls(
91  const ByteCursor &cert,
92  const ByteCursor &pkey,
93  Allocator *allocator = ApiAllocator()) noexcept;
94 
104  static TlsContextOptions InitClientWithMtlsPkcs11(
105  const TlsContextPkcs11Options &pkcs11Options,
106  Allocator *allocator = ApiAllocator()) noexcept;
107 
120  static TlsContextOptions InitClientWithMtlsPkcs12(
121  const char *pkcs12_path,
122  const char *pkcs12_pwd,
123  Allocator *allocator = ApiAllocator()) noexcept;
124 
135  bool SetKeychainPath(ByteCursor &keychain_path) noexcept;
136 
148  static TlsContextOptions InitClientWithMtlsSystemPath(
149  const char *windowsCertStorePath,
150  Allocator *allocator = ApiAllocator()) noexcept;
151 
156  static bool IsAlpnSupported() noexcept;
157 
163  bool SetAlpnList(const char *alpnList) noexcept;
164 
173  void SetVerifyPeer(bool verifyPeer) noexcept;
174 
179  void SetMinimumTlsVersion(aws_tls_versions minimumTlsVersion);
180 
185  void SetTlsCipherPreference(aws_tls_cipher_pref cipher_pref);
186 
195  bool OverrideDefaultTrustStore(const char *caPath, const char *caFile) noexcept;
196 
201  bool OverrideDefaultTrustStore(const ByteCursor &ca) noexcept;
202 
204  const aws_tls_ctx_options *GetUnderlyingHandle() const noexcept { return &m_options; }
205 
206  private:
207  aws_tls_ctx_options m_options;
208  bool m_isInit;
209  };
210 
216  class AWS_CRT_CPP_API TlsContextPkcs11Options final
217  {
218  public:
223  TlsContextPkcs11Options(
224  const std::shared_ptr<Pkcs11Lib> &pkcs11Lib,
225  Allocator *allocator = ApiAllocator()) noexcept;
226 
233  void SetUserPin(const String &pin) noexcept;
234 
241  void SetSlotId(const uint64_t id) noexcept;
242 
249  void SetTokenLabel(const String &label) noexcept;
250 
258  void SetPrivateKeyObjectLabel(const String &label) noexcept;
259 
266  void SetCertificateFilePath(const String &path) noexcept;
267 
274  void SetCertificateFileContents(const String &contents) noexcept;
275 
277  aws_tls_ctx_pkcs11_options GetUnderlyingHandle() const noexcept;
278 
279  private:
280  std::shared_ptr<Pkcs11Lib> m_pkcs11Lib;
281  Optional<uint64_t> m_slotId;
282  Optional<String> m_userPin;
283  Optional<String> m_tokenLabel;
284  Optional<String> m_privateKeyObjectLabel;
285  Optional<String> m_certificateFilePath;
286  Optional<String> m_certificateFileContents;
287  };
288 
292  class AWS_CRT_CPP_API TlsConnectionOptions final
293  {
294  public:
295  TlsConnectionOptions() noexcept;
296  ~TlsConnectionOptions();
297  TlsConnectionOptions(const TlsConnectionOptions &) noexcept;
298  TlsConnectionOptions &operator=(const TlsConnectionOptions &) noexcept;
299  TlsConnectionOptions(TlsConnectionOptions &&options) noexcept;
300  TlsConnectionOptions &operator=(TlsConnectionOptions &&options) noexcept;
301 
307  bool SetServerName(ByteCursor &serverName) noexcept;
308 
315  bool SetAlpnList(const char *alpnList) noexcept;
316 
320  explicit operator bool() const noexcept { return isValid(); }
321 
325  int LastError() const noexcept { return m_lastError; }
326 
328  const aws_tls_connection_options *GetUnderlyingHandle() const noexcept
329  {
330  return &m_tls_connection_options;
331  }
332 
333  private:
334  bool isValid() const noexcept { return m_isInit; }
335 
336  TlsConnectionOptions(aws_tls_ctx *ctx, Allocator *allocator) noexcept;
337  aws_tls_connection_options m_tls_connection_options;
338  aws_allocator *m_allocator;
339  int m_lastError;
340  bool m_isInit;
341 
342  friend class TlsContext;
343  };
344 
349  class AWS_CRT_CPP_API TlsContext final
350  {
351  public:
352  TlsContext() noexcept;
353  TlsContext(TlsContextOptions &options, TlsMode mode, Allocator *allocator = ApiAllocator()) noexcept;
354  ~TlsContext() = default;
355  TlsContext(const TlsContext &) noexcept = default;
356  TlsContext &operator=(const TlsContext &) noexcept = default;
357  TlsContext(TlsContext &&) noexcept = default;
358  TlsContext &operator=(TlsContext &&) noexcept = default;
359 
364  TlsConnectionOptions NewConnectionOptions() const noexcept;
365 
369  explicit operator bool() const noexcept { return isValid(); }
370 
374  int GetInitializationError() const noexcept { return m_initializationError; }
375 
377  aws_tls_ctx *GetUnderlyingHandle() const noexcept { return m_ctx.get(); }
378 
379  private:
380  bool isValid() const noexcept { return m_ctx && m_initializationError == AWS_ERROR_SUCCESS; }
381 
382  std::shared_ptr<aws_tls_ctx> m_ctx;
383  int m_initializationError;
384  };
385 
386  using NewTlsContextImplCallback = std::function<void *(TlsContextOptions &, TlsMode, Allocator *)>;
387  using DeleteTlsContextImplCallback = std::function<void(void *)>;
388  using IsTlsAlpnSupportedCallback = std::function<bool()>;
389 
393  class AWS_CRT_CPP_API TlsChannelHandler : public ChannelHandler
394  {
395  public:
396  virtual ~TlsChannelHandler();
397 
401  virtual String GetProtocol() const = 0;
402 
403  protected:
404  TlsChannelHandler(
405  struct aws_channel_slot *slot,
406  const struct aws_tls_connection_options &options,
407  Allocator *allocator = ApiAllocator());
408 
414  void CompleteTlsNegotiation(int errorCode);
415 
416  private:
417  aws_tls_on_negotiation_result_fn *m_OnNegotiationResult;
418  void *m_userData;
419 
420  aws_byte_buf m_protocolByteBuf;
421  friend aws_byte_buf(::aws_tls_handler_protocol)(aws_channel_handler *);
422  };
423 
430  class AWS_CRT_CPP_API ClientTlsChannelHandler : public TlsChannelHandler
431  {
432  public:
437  virtual void StartNegotiation() = 0;
438 
439  protected:
440  ClientTlsChannelHandler(
441  struct aws_channel_slot *slot,
442  const struct aws_tls_connection_options &options,
443  Allocator *allocator = ApiAllocator());
444  };
445 
446  using NewClientTlsHandlerCallback = std::function<std::shared_ptr<ClientTlsChannelHandler>(
447  struct aws_channel_slot *slot,
448  const struct aws_tls_connection_options &options,
449  Allocator *allocator)>;
450 
451  } // namespace Io
452  } // namespace Crt
453 } // namespace Aws
Aws::Crt::Io::TlsContext::TlsContext
TlsContext(const TlsContext &) noexcept=default
Aws::Crt::Io::TlsContext::TlsContext
TlsContext(TlsContext &&) noexcept=default
Aws::Crt::ApiAllocator
AWS_CRT_CPP_API Allocator * ApiAllocator() noexcept
Definition: Allocator.cpp:24
Aws::Crt::Io::TlsChannelHandler
Definition: TlsOptions.h:394
Aws::Crt::Io::ChannelHandler
Definition: ChannelHandler.h:47
Aws::Crt::Io::TlsContextOptions
Definition: TlsOptions.h:36
Aws::Crt::LastError
AWS_CRT_CPP_API int LastError() noexcept
Definition: Api.cpp:422
Aws::Crt::Io::TlsConnectionOptions
Definition: TlsOptions.h:293
Aws::Crt::Io::TlsConnectionOptions::LastError
int LastError() const noexcept
Definition: TlsOptions.h:325
Aws::Crt::Io::TlsChannelHandler::GetProtocol
virtual String GetProtocol() const =0
Aws::Crt::Io::TlsMode
TlsMode
Definition: TlsOptions.h:26
Aws::Crt::Io::IsTlsAlpnSupportedCallback
std::function< bool()> IsTlsAlpnSupportedCallback
Definition: TlsOptions.h:388
Aws::Crt::Io::DeleteTlsContextImplCallback
std::function< void(void *)> DeleteTlsContextImplCallback
Definition: TlsOptions.h:387
Aws::Crt::Optional< uint64_t >
ChannelHandler.h
Aws::Crt::Io::TlsContext
Definition: TlsOptions.h:350
Aws::Crt::Io::TlsContextPkcs11Options
Definition: TlsOptions.h:217
Aws::Crt::Io::NewClientTlsHandlerCallback
std::function< std::shared_ptr< ClientTlsChannelHandler >(struct aws_channel_slot *slot, const struct aws_tls_connection_options &options, Allocator *allocator)> NewClientTlsHandlerCallback
Definition: TlsOptions.h:449
Aws::Crt::Io::TlsMode::CLIENT
@ CLIENT
Types.h
Aws::Crt::Io::TlsContext::GetInitializationError
int GetInitializationError() const noexcept
Definition: TlsOptions.h:374
Aws::Crt::Io::TlsContext::operator=
TlsContext & operator=(const TlsContext &) noexcept=default
Aws::Crt::Io::TlsContext::~TlsContext
~TlsContext()=default
AWS_CRT_CPP_API
#define AWS_CRT_CPP_API
Definition: Exports.h:37
Aws
Definition: Allocator.h:11
Aws::Crt::Io::ClientTlsChannelHandler
Definition: TlsOptions.h:431
Aws::Crt::ByteCursor
aws_byte_cursor ByteCursor
Definition: Types.h:31
Aws::Crt::Allocator
aws_allocator Allocator
Definition: Allocator.h:14
Aws::Crt::Io::NewTlsContextImplCallback
std::function< void *(TlsContextOptions &, TlsMode, Allocator *)> NewTlsContextImplCallback
Definition: TlsOptions.h:386
Aws::Crt::Io::ClientTlsChannelHandler::StartNegotiation
virtual void StartNegotiation()=0
Aws::Crt::String
std::basic_string< char, std::char_traits< char >, StlAllocator< char > > String
Definition: Types.h:45
Generated by doxygen 1.8.20