diff options
author | peterbell10 <peterbell10@live.co.uk> | 2017-08-30 16:00:06 +0200 |
---|---|---|
committer | Tiger Wang <ziwei.tiger@outlook.com> | 2017-08-30 16:00:06 +0200 |
commit | 84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 (patch) | |
tree | aa1648c2ba260b8576673677435481d371eec7b0 /src/mbedTLS++/SslConfig.h | |
parent | Update core plugins to latest version (#3951) (diff) | |
download | cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.gz cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.bz2 cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.lz cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.xz cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.zst cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.zip |
Diffstat (limited to '')
-rw-r--r-- | src/mbedTLS++/SslConfig.h | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/src/mbedTLS++/SslConfig.h b/src/mbedTLS++/SslConfig.h new file mode 100644 index 000000000..47a4f7b59 --- /dev/null +++ b/src/mbedTLS++/SslConfig.h @@ -0,0 +1,93 @@ + +#pragma once + +#include "mbedtls/ssl.h" + +// fwd: +class cCryptoKey; +class cCtrDrbgContext; +class cX509Cert; + +using cCryptoKeyPtr = std::shared_ptr<cCryptoKey>; +using cCtrDrbgContextPtr = std::shared_ptr<cCtrDrbgContext>; +using cX509CertPtr = std::shared_ptr<cX509Cert>; + +enum class eSslAuthMode +{ + None = 0, // MBEDTLS_SSL_VERIFY_NONE + Optional = 1, // MBEDTLS_SSL_VERIFY_OPTIONAL + Required = 2, // MBEDTLS_SSL_VERIFY_REQUIRED + Unset = 3, // MBEDTLS_SSL_VERIFY_UNSET +}; + + + +class cSslConfig +{ + friend class cSslContext; +public: + /** Type of the SSL debug callback. + Parameters are: + void * Opaque context for the callback + int Debug level + const char * File name + int Line number + const char * Message */ + using cDebugCallback = void(*)(void *, int, const char *, int, const char *); + + /** Type of the SSL certificate verify callback. + Parameters are: + void * Opaque context for the callback + mbedtls_x509_crt * Current cert + int Cert chain depth + uint32_t * Verification flags */ + using cVerifyCallback = int(*)(void *, mbedtls_x509_crt *, int, uint32_t *); + + cSslConfig(); + ~cSslConfig(); + + /** Initialize with mbedTLS default settings. */ + int InitDefaults(bool a_IsClient); + + /** Set the authorization mode. */ + void SetAuthMode(eSslAuthMode a_AuthMode); + + /** Set the random number generator. */ + void SetRng(cCtrDrbgContextPtr a_CtrDrbg); + + /** Set the debug callback. */ + void SetDebugCallback(cDebugCallback a_CallbackFun, void * a_CallbackData); + + /** Set the certificate verify callback. */ + void SetVerifyCallback(cVerifyCallback a_CallbackFun, void * a_CallbackData); + + /** Set the enabled cipher suites. */ + void SetCipherSuites(std::vector<int> a_CipherSuites); + + /** Set the certificate to use for connections. */ + void SetOwnCert(cX509CertPtr a_OwnCert, cCryptoKeyPtr a_OwnCertPrivKey); + + /** Set the trusted certificate authority chain. */ + void SetCACerts(cX509CertPtr a_CACert); + + /** Creates a new config with some sensible defaults on top of mbedTLS basic settings. */ + static std::shared_ptr<cSslConfig> MakeDefaultConfig(bool a_IsClient); + + /** Returns the default config for client connections. */ + static std::shared_ptr<const cSslConfig> GetDefaultClientConfig(); + + /** Returns the default config for server connections. */ + static std::shared_ptr<const cSslConfig> GetDefaultServerConfig(); + +private: + + /** Returns a pointer to the wrapped mbedtls representation. */ + const mbedtls_ssl_config * GetInternal() const { return &m_Config; } + + mbedtls_ssl_config m_Config; + cCtrDrbgContextPtr m_CtrDrbg; + cX509CertPtr m_OwnCert; + cCryptoKeyPtr m_OwnCertPrivKey; + cX509CertPtr m_CACerts; + std::vector<int> m_CipherSuites; +}; |