libfilezilla
tls_layer.hpp
Go to the documentation of this file.
1#ifndef LIBFILEZILLA_TLS_LAYER_HEADER
2#define LIBFILEZILLA_TLS_LAYER_HEADER
3
8#include "socket.hpp"
9
10namespace fz {
11class logger_interface;
12class tls_system_trust_store;
13class tls_session_info;
14
15class tls_layer;
16class tls_layer_impl;
17
18struct certificate_verification_event_type;
19
25
26enum class tls_ver
27{
28 v1_0,
29 v1_1,
30 v1_2,
31 v1_3
32};
33
46class FZ_PUBLIC_SYMBOL tls_layer final : protected event_handler, public socket_layer
47{
48public:
49 tls_layer(event_loop& event_loop, event_handler* evt_handler, socket_interface& layer, tls_system_trust_store * system_trust_store, logger_interface& logger);
50 virtual ~tls_layer();
51
63 bool client_handshake(std::vector<uint8_t> const& required_certificate, std::vector<uint8_t> const& session_to_resume = std::vector<uint8_t>(), native_string const& session_hostname = native_string());
64
81 bool client_handshake(event_handler *const verification_handler, std::vector<uint8_t> const& session_to_resume = std::vector<uint8_t>(), native_string const& session_hostname = native_string());
82
98 bool server_handshake(std::vector<uint8_t> const& session_to_resume = {}, std::string_view const& preamble = {});
99
101 std::vector<uint8_t> get_session_parameters() const;
102
104 std::vector<uint8_t> get_raw_certificate() const;
105
111 void set_verification_result(bool trusted);
112
113 std::string get_protocol() const;
114
115 std::string get_key_exchange() const;
116 std::string get_cipher() const;
117 std::string get_mac() const;
118 int get_algorithm_warnings() const;
119
121 bool resumed_session() const;
122
124 static std::string list_tls_ciphers(std::string const& priority);
125
134 bool set_certificate_file(native_string const& keyfile, native_string const& certsfile, native_string const& password, bool pem = true);
135
144 bool set_certificate(std::string_view const& key, std::string_view const& certs, native_string const& password, bool pem = true);
145
147 static std::string get_gnutls_version();
148
157 static std::pair<std::string, std::string> generate_selfsigned_certificate(native_string const& password, std::string const& distinguished_name, std::vector<std::string> const& hostnames);
158
166 bool set_alpn(std::string_view const& alpn);
167 bool set_alpn(std::vector<std::string> const& alpns);
168
171 void set_min_tls_ver(tls_ver ver);
172
177 void set_max_tls_ver(tls_ver ver);
178
180 std::string get_alpn() const;
181
184
185 bool is_server() const;
186
187 virtual socket_state get_state() const override;
188
189 virtual int connect(native_string const& host, unsigned int port, address_type family = address_type::unknown) override;
190
191 virtual int read(void *buffer, unsigned int size, int& error) override;
192 virtual int write(void const* buffer, unsigned int size, int& error) override;
193
194 virtual int shutdown() override;
195
196 virtual int shutdown_read() override;
197
198 virtual void set_event_handler(event_handler* pEvtHandler, fz::socket_event_flag retrigger_block = socket_event_flag{}) override;
199
200private:
201 virtual void FZ_PRIVATE_SYMBOL operator()(event_base const& ev) override;
202
203 friend class tls_layer_impl;
204 std::unique_ptr<tls_layer_impl> impl_;
205};
206}
207
208#endif
The buffer class is a simple buffer where data can be appended at the end and consumed at the front....
Definition: buffer.hpp:26
Common base class for all events.
Definition: event.hpp:23
Simple handler for asynchronous event processing.
Definition: event_handler.hpp:55
A threaded event loop that supports sending events and timers.
Definition: event_loop.hpp:34
Abstract interface for logging strings.
Definition: logger.hpp:50
This is the recommended event class.
Definition: event.hpp:66
Interface for sockets.
Definition: socket.hpp:359
A base class for socket layers.
Definition: socket.hpp:606
A Transport Layer Security (TLS) layer.
Definition: tls_layer.hpp:47
bool resumed_session() const
After a successful handshake, returns whether the session has been resumed.
void set_min_tls_ver(tls_ver ver)
Sets minimum allowed TLS version.
virtual int shutdown() override
Signals peers that we want to close the connections.
bool set_certificate(std::string_view const &key, std::string_view const &certs, native_string const &password, bool pem=true)
Sets the certificate (and its chain) and the private key.
bool client_handshake(std::vector< uint8_t > const &required_certificate, std::vector< uint8_t > const &session_to_resume=std::vector< uint8_t >(), native_string const &session_hostname=native_string())
Starts shaking hands for a new TLS session as client.
std::vector< uint8_t > get_raw_certificate() const
Gets the session's peer certificate in DER.
virtual void set_event_handler(event_handler *pEvtHandler, fz::socket_event_flag retrigger_block=socket_event_flag{}) override
The handler for any events generated (or forwarded) by this layer.
static std::string get_gnutls_version()
Returns the version of the loaded GnuTLS library, may be different than the version used at compile-t...
std::vector< uint8_t > get_session_parameters() const
Gets session parameters for resumption.
static std::pair< std::string, std::string > generate_selfsigned_certificate(native_string const &password, std::string const &distinguished_name, std::vector< std::string > const &hostnames)
Creates a new private key and a self-signed certificate.
void set_max_tls_ver(tls_ver ver)
Sets maximum allowed TLS versions.
void set_verification_result(bool trusted)
Must be called after having received certificate_verification_event.
std::string get_alpn() const
After a successful handshake, returns which protocol, if any, has been negotiated.
static std::string list_tls_ciphers(std::string const &priority)
Returns a human-readable list of all TLS ciphers available with the passed priority string.
bool server_handshake(std::vector< uint8_t > const &session_to_resume={}, std::string_view const &preamble={})
Starts shaking hand for a new TLS session as server.
native_string get_hostname() const
If running as server, get the SNI sent by the client.
bool set_certificate_file(native_string const &keyfile, native_string const &certsfile, native_string const &password, bool pem=true)
Sets the file containing the certificate (and its chain) and the file with the corresponding private ...
bool client_handshake(event_handler *const verification_handler, std::vector< uint8_t > const &session_to_resume=std::vector< uint8_t >(), native_string const &session_hostname=native_string())
Starts shaking hands for a new TLS session as client.
virtual int shutdown_read() override
Check that all layers further down also have reached EOF.
bool set_alpn(std::string_view const &alpn)
Negotiate application protocol.
Opaque class to load the system trust store asynchronously.
Definition: tls_system_trust_store.hpp:30
The namespace used by libfilezilla.
Definition: apply.hpp:17
simple_event< certificate_verification_event_type, tls_layer *, tls_session_info > certificate_verification_event
This event gets sent during the handshake with details about the session and the used certificate.
Definition: tls_layer.hpp:18
std::wstring native_string
A string in the system's native character type and encoding. Note: This typedef changes depending on...
Definition: string.hpp:33
socket_state
State transitions are monotonically increasing.
Definition: socket.hpp:327
socket_event_flag
The type of a socket event.
Definition: socket.hpp:34
Socket classes for networking.