libpromeki 1.0.0-alpha
PROfessional MEdia toolKIt
 
Loading...
Searching...
No Matches
sslcontext.h
Go to the documentation of this file.
1
8#pragma once
9
10
11#include <promeki/config.h>
12#if PROMEKI_ENABLE_CORE
13#include <promeki/namespace.h>
14#include <promeki/string.h>
15#include <promeki/buffer.h>
16#include <promeki/filepath.h>
17#include <promeki/error.h>
18#include <promeki/sharedptr.h>
19#include <promeki/list.h>
20#include <promeki/datatype.h>
21#include <promeki/result.h>
22
23PROMEKI_NAMESPACE_BEGIN
24
25class DataStream;
26
160class SslContext {
161 public:
162 PROMEKI_DATATYPE(SslContext, DataTypeSslContext, 1)
163
164
165 using List = ::promeki::List<SslContext>;
166
168 enum SslProtocol {
169 TlsV1_2,
170 TlsV1_3,
171 SecureProtocols
172 };
173
189 static bool hasTlsSupport();
190
203 SslContext();
204
206 ~SslContext();
207
208 // The copy / move special members are defined
209 // out-of-line because @ref Impl is incomplete here —
210 // an inline @c =default would instantiate the
211 // @c SharedPtr internals against the forward-declared
212 // type, miss the @c IsSharedObject trait, and route
213 // through @c SharedPtrProxy<Impl>::~SharedPtrProxy()
214 // which would invoke @c delete on an incomplete type.
215
217 SslContext(const SslContext &other);
218
220 SslContext &operator=(const SslContext &other);
221
223 SslContext(SslContext &&other) noexcept;
224
226 SslContext &operator=(SslContext &&other) noexcept;
227
238 bool isValid() const;
239
241 bool operator==(const SslContext &other) const { return _d == other._d; }
242
244 bool operator!=(const SslContext &other) const { return !(*this == other); }
245
261 String toString() const;
262
264 void setProtocol(SslProtocol protocol);
265
267 SslProtocol protocol() const;
268
269 // ----------------------------------------------------
270 // Server-side credentials
271 // ----------------------------------------------------
272
281 Error setCertificate(const FilePath &file);
282
284 Error setCertificate(const Buffer &certData);
285
292 Error setPrivateKey(const FilePath &file, const String &passphrase = String());
293
306 Error setPrivateKey(const Buffer &keyData, const String &passphrase = String());
307
308 // ----------------------------------------------------
309 // Trust store (used for peer verification on both sides)
310 // ----------------------------------------------------
311
317 Error setCaCertificates(const FilePath &caFile);
318
320 Error setCaCertificates(const Buffer &caData);
321
330 Error setSystemCaCertificates();
331
349 void setVerifyPeer(bool enable);
350
352 bool verifyPeer() const;
353
373 void setRequireClientCert(bool require);
374
376 bool requireClientCert() const;
377
379 void setVerifyDepth(int depth);
380
382 int verifyDepth() const;
383
385 bool hasCertificate() const;
386
388 bool hasCaCertificates() const;
389
401 void *nativeConfig() const;
402
415 Error writeToStream(DataStream &s) const;
416
425 template <uint32_t V> static Result<SslContext> readFromStream(DataStream &s);
426
427 private:
428 struct Impl;
429
430 // mutable: @c nativeConfig is a @c const accessor but
431 // lazy-initializes the underlying @c mbedtls_ssl_config
432 // on first call, so the @c SharedPtr handle has to be
433 // reachable through a non-const @c modify() path.
434 mutable SharedPtr<Impl, false> _d;
435};
436
437// Primary template for @ref SslContext::readFromStream: always
438// reports @ref Error::NotSupported, regardless of wire version, for
439// the reasons documented on the declaration. Inline so the
440// @ref PROMEKI_DATATYPE @c dispatchRead body can resolve it without
441// dragging the cpp into header consumers.
442template <uint32_t V> inline Result<SslContext> SslContext::readFromStream(DataStream &) {
443 return Result<SslContext>(SslContext(), Error::NotSupported);
444}
445
446PROMEKI_NAMESPACE_END
447
448#endif // PROMEKI_ENABLE_CORE