1 /* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
6 #include "base/i2-base.hpp"
7 #include "base/socket.hpp"
8 #include "base/socketevents.hpp"
9 #include "base/stream.hpp"
10 #include "base/tlsutility.hpp"
11 #include "base/fifo.hpp"
14 #include <boost/asio/buffered_stream.hpp>
15 #include <boost/asio/io_service.hpp>
16 #include <boost/asio/ip/tcp.hpp>
17 #include <boost/asio/ssl/context.hpp>
18 #include <boost/asio/ssl/stream.hpp>
36 class TlsStream final : public SocketEvents
39 DECLARE_PTR_TYPEDEFS(TlsStream);
41 TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, const std::shared_ptr<SSL_CTX>& sslContext = MakeSSLContext());
42 TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, const std::shared_ptr<boost::asio::ssl::context>& sslContext);
43 ~TlsStream() override;
45 Socket::Ptr GetSocket() const;
47 std::shared_ptr<X509> GetClientCertificate() const;
48 std::shared_ptr<X509> GetPeerCertificate() const;
52 void Close() override;
53 void Shutdown() override;
55 size_t Peek(void *buffer, size_t count, bool allow_partial = false) override;
56 size_t Read(void *buffer, size_t count, bool allow_partial = false) override;
57 void Write(const void *buffer, size_t count) override;
59 bool IsEof() const override;
61 bool SupportsWaiting() const override;
62 bool IsDataAvailable() const override;
64 bool IsVerifyOK() const;
65 String GetVerifyError() const;
68 std::shared_ptr<SSL> m_SSL;
70 mutable boost::mutex m_Mutex;
71 mutable boost::condition_variable m_CV;
79 ConnectionRole m_Role;
84 TlsAction m_CurrentAction;
88 static int m_SSLIndex;
89 static bool m_SSLIndexInitialized;
91 TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, SSL_CTX* sslContext);
93 void OnEvent(int revents) override;
95 void HandleError() const;
97 static int ValidateCertificate(int preverify_ok, X509_STORE_CTX *ctx);
98 static void NullCertificateDeleter(X509 *certificate);
100 void CloseInternal(bool inDestructor);
103 struct UnbufferedAsioTlsStreamParams
105 boost::asio::io_service& IoService;
106 boost::asio::ssl::context& SslContext;
107 const String& Hostname;
110 typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> AsioTcpTlsStream;
112 class UnbufferedAsioTlsStream : public AsioTcpTlsStream
116 UnbufferedAsioTlsStream(UnbufferedAsioTlsStreamParams& init)
117 : stream(init.IoService, init.SslContext), m_VerifyOK(true), m_Hostname(init.Hostname)
121 bool IsVerifyOK() const;
122 String GetVerifyError() const;
123 std::shared_ptr<X509> GetPeerCertificate();
125 template<class... Args>
127 auto async_handshake(handshake_type type, Args&&... args) -> decltype(((AsioTcpTlsStream*)nullptr)->async_handshake(type, std::forward<Args>(args)...))
129 BeforeHandshake(type);
131 return AsioTcpTlsStream::async_handshake(type, std::forward<Args>(args)...);
134 template<class... Args>
136 auto handshake(handshake_type type, Args&&... args) -> decltype(((AsioTcpTlsStream*)nullptr)->handshake(type, std::forward<Args>(args)...))
138 BeforeHandshake(type);
140 return AsioTcpTlsStream::handshake(type, std::forward<Args>(args)...);
145 String m_VerifyError;
148 void BeforeHandshake(handshake_type type);
151 class AsioTlsStream : public boost::asio::buffered_stream<UnbufferedAsioTlsStream>
155 AsioTlsStream(boost::asio::io_service& ioService, boost::asio::ssl::context& sslContext, const String& hostname = String())
156 : AsioTlsStream(UnbufferedAsioTlsStreamParams{ioService, sslContext, hostname})
162 AsioTlsStream(UnbufferedAsioTlsStreamParams init)
163 : buffered_stream(init)
168 typedef boost::asio::buffered_stream<boost::asio::ip::tcp::socket> AsioTcpStream;
169 typedef std::pair<std::shared_ptr<AsioTlsStream>, std::shared_ptr<AsioTcpStream>> OptionalTlsStream;
173 #endif /* TLSSTREAM_H */