libfilezilla
tls_layer.hpp
Go to the documentation of this file.
1 #ifndef LIBFILEZILLA_TLS_LAYER_HEADER
2 #define LIBFILEZILLA_TLS_LAYER_HEADER
3 
8 #include "socket.hpp"
9 
10 namespace fz {
11 class logger_interface;
12 class tls_system_trust_store;
13 class tls_session_info;
14 
15 class tls_layer;
16 class tls_layer_impl;
17 
18 struct certificate_verification_event_type;
19 
25 
38 class FZ_PUBLIC_SYMBOL tls_layer final : protected event_handler, public socket_layer
39 {
40 public:
41  tls_layer(event_loop& event_loop, event_handler* evt_handler, socket_interface& layer, tls_system_trust_store * system_trust_store, logger_interface& logger);
42  virtual ~tls_layer();
43 
55  bool client_handshake(std::vector<uint8_t> const& required_certificate, std::vector<uint8_t> const& session_to_resume = std::vector<uint8_t>(), native_string const& session_hostname = native_string());
56 
73  bool client_handshake(event_handler *const verification_handler, std::vector<uint8_t> const& session_to_resume = std::vector<uint8_t>(), native_string const& session_hostname = native_string());
74 
86 
97  bool server_handshake(std::vector<uint8_t> const& session_to_resume);
98 
100  std::vector<uint8_t> get_session_parameters() const;
101 
103  std::vector<uint8_t> get_raw_certificate() const;
104 
110  void set_verification_result(bool trusted);
111 
112  std::string get_protocol() const;
113 
114  std::string get_key_exchange() const;
115  std::string get_cipher() const;
116  std::string get_mac() const;
117  int get_algorithm_warnings() const;
118 
120  bool resumed_session() const;
121 
123  static std::string list_tls_ciphers(std::string const& priority);
124 
133  bool set_certificate_file(native_string const& keyfile, native_string const& certsfile, native_string const& password, bool pem = true);
134 
143  bool set_certificate(std::string const& key, std::string const& certs, native_string const& password, bool pem = true);
144 
146  static std::string get_gnutls_version();
147 
156  static std::pair<std::string, std::string> generate_selfsigned_certificate(native_string const& password, std::string const& distinguished_name, std::vector<std::string> const& hostnames);
157 
158 
159  virtual socket_state get_state() const override;
160 
161  virtual int connect(native_string const& host, unsigned int port, address_type family = address_type::unknown) override;
162 
163  virtual int read(void *buffer, unsigned int size, int& error) override;
164  virtual int write(void const* buffer, unsigned int size, int& error) override;
165 
166  virtual int shutdown() override;
167 
168  virtual int shutdown_read() override;
169 
170 private:
171  virtual void FZ_PRIVATE_SYMBOL operator()(event_base const& ev) override;
172 
173  friend class tls_layer_impl;
174  std::unique_ptr<tls_layer_impl> impl_;
175 };
176 }
177 
178 #endif
fz::tls_layer::get_raw_certificate
std::vector< uint8_t > get_raw_certificate() const
Gets the session's peer certificate in DER.
fz::buffer
The buffer class is a simple buffer where data can be appended at the end and consumed at the front....
Definition: buffer.hpp:24
fz::socket_state
socket_state
State transitions are monotonically increasing.
Definition: socket.hpp:307
fz::event_base
Common base class for all events.
Definition: event.hpp:23
fz::tls_layer::shutdown_read
virtual int shutdown_read() override
Check that all layers further down also have reached EOF.
fz::simple_event
This is the recommended event class.
Definition: event.hpp:64
fz::tls_layer::list_tls_ciphers
static std::string list_tls_ciphers(std::string const &priority)
Returns a human-readable list of all TLS ciphers available with the passed priority string.
fz::tls_layer::resumed_session
bool resumed_session() const
After a successful handshake, returns whether the session has been resumed.
fz::tls_layer
A Transport Layer Security (TLS) layer.
Definition: tls_layer.hpp:39
fz::socket_layer
A base class for socket layers.
Definition: socket.hpp:542
fz::tls_layer::set_certificate
bool set_certificate(std::string const &key, std::string const &certs, native_string const &password, bool pem=true)
Sets the certificate (and its chain) and the private key.
fz::tls_layer::set_certificate_file
bool set_certificate_file(native_string const &keyfile, native_string const &certsfile, native_string const &password, bool pem=true)
Sets the file containing the certificate (and its chain) and the file with the corresponding private ...
fz::tls_layer::client_handshake
bool client_handshake(std::vector< uint8_t > const &required_certificate, std::vector< uint8_t > const &session_to_resume=std::vector< uint8_t >(), native_string const &session_hostname=native_string())
Starts shaking hands for a new TLS session as client.
fz::tls_layer::set_verification_result
void set_verification_result(bool trusted)
Must be called after having received certificate_verification_event.
fz::tls_layer::generate_selfsigned_certificate
static std::pair< std::string, std::string > generate_selfsigned_certificate(native_string const &password, std::string const &distinguished_name, std::vector< std::string > const &hostnames)
Creates a new private key and a self-signed certificate.
socket.hpp
Socket classes for networking.
fz::logger_interface
Abstract interface for logging strings.
Definition: logger.hpp:50
fz::native_string
std::wstring native_string
A string in the system's native character type and encoding. Note: This typedef changes depending on...
Definition: string.hpp:33
fz::tls_layer::get_gnutls_version
static std::string get_gnutls_version()
Returns the version of the loaded GnuTLS library, may be different than the version used at compile-t...
fz::socket_event_flag::connection_next
@ connection_next
fz::certificate_verification_event
simple_event< certificate_verification_event_type, tls_layer *, tls_session_info > certificate_verification_event
This event gets sent during the handshake with details about the session and the used certificate.
Definition: tls_layer.hpp:18
fz::tls_layer::shutdown
virtual int shutdown() override
Signals peers that we want to close the connections.
fz::tls_layer::server_handshake
bool server_handshake(std::vector< uint8_t > const &session_to_resume)
Starts shaking hand for a new TLS session as server.
fz::tls_layer::server_handshake
bool server_handshake()
Starts shaking hand for a new TLS session as server.
fz::socket_interface
Interface for sockets.
Definition: socket.hpp:339
fz::event_handler
Simple handler for asynchronous event processing.
Definition: event_handler.hpp:55
fz::event_loop
A threaded event loop that supports sending events and timers.
Definition: event_loop.hpp:34
fz::tls_layer::get_session_parameters
std::vector< uint8_t > get_session_parameters() const
Gets session parameters for resumption.
fz::tls_system_trust_store
Opaque class to load the system trust store asynchronously.
Definition: tls_system_trust_store.hpp:30
fz
The namespace used by libfilezilla.
Definition: apply.hpp:17
fz::tls_layer::client_handshake
bool client_handshake(event_handler *const verification_handler, std::vector< uint8_t > const &session_to_resume=std::vector< uint8_t >(), native_string const &session_hostname=native_string())
Starts shaking hands for a new TLS session as client.