/src/botan/build/include/botan/tls_server.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS Server |
3 | | * (C) 2004-2011 Jack Lloyd |
4 | | * 2016 Matthias Gierlings |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #ifndef BOTAN_TLS_SERVER_H_ |
10 | | #define BOTAN_TLS_SERVER_H_ |
11 | | |
12 | | #include <botan/tls_channel.h> |
13 | | #include <botan/tls_policy.h> |
14 | | #include <botan/credentials_manager.h> |
15 | | #include <vector> |
16 | | |
17 | | namespace Botan { |
18 | | |
19 | | namespace TLS { |
20 | | |
21 | | class Server_Handshake_State; |
22 | | |
23 | | /** |
24 | | * TLS Server |
25 | | */ |
26 | | class BOTAN_PUBLIC_API(2,0) Server final : public Channel |
27 | | { |
28 | | public: |
29 | | typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn; |
30 | | |
31 | | /** |
32 | | * Server initialization |
33 | | * |
34 | | * @param callbacks contains a set of callback function references |
35 | | * required by the TLS client. |
36 | | * |
37 | | * @param session_manager manages session state |
38 | | * |
39 | | * @param creds manages application/user credentials |
40 | | * |
41 | | * @param policy specifies other connection policy information |
42 | | * |
43 | | * @param rng a random number generator |
44 | | * |
45 | | * @param is_datagram set to true if this server should expect DTLS |
46 | | * connections. Otherwise TLS connections are expected. |
47 | | * |
48 | | * @param reserved_io_buffer_size This many bytes of memory will |
49 | | * be preallocated for the read and write buffers. Smaller |
50 | | * values just mean reallocations and copies are more likely. |
51 | | */ |
52 | | Server(Callbacks& callbacks, |
53 | | Session_Manager& session_manager, |
54 | | Credentials_Manager& creds, |
55 | | const Policy& policy, |
56 | | RandomNumberGenerator& rng, |
57 | | bool is_datagram = false, |
58 | | size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE |
59 | | ); |
60 | | |
61 | | /** |
62 | | * DEPRECATED. This constructor is only provided for backward |
63 | | * compatibility and should not be used in new implementations. |
64 | | * It will be removed in a future release. |
65 | | */ |
66 | | BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)") |
67 | | Server(output_fn output, |
68 | | data_cb data_cb, |
69 | | alert_cb recv_alert_cb, |
70 | | handshake_cb hs_cb, |
71 | | Session_Manager& session_manager, |
72 | | Credentials_Manager& creds, |
73 | | const Policy& policy, |
74 | | RandomNumberGenerator& rng, |
75 | | next_protocol_fn next_proto = next_protocol_fn(), |
76 | | bool is_datagram = false, |
77 | | size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE |
78 | | ); |
79 | | |
80 | | /** |
81 | | * DEPRECATED. This constructor is only provided for backward |
82 | | * compatibility and should not be used in new implementations. |
83 | | * It will be removed in a future release. |
84 | | */ |
85 | | BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)") |
86 | | Server(output_fn output, |
87 | | data_cb data_cb, |
88 | | alert_cb recv_alert_cb, |
89 | | handshake_cb hs_cb, |
90 | | handshake_msg_cb hs_msg_cb, |
91 | | Session_Manager& session_manager, |
92 | | Credentials_Manager& creds, |
93 | | const Policy& policy, |
94 | | RandomNumberGenerator& rng, |
95 | | next_protocol_fn next_proto = next_protocol_fn(), |
96 | | bool is_datagram = false |
97 | | ); |
98 | | |
99 | | /** |
100 | | * Return the protocol notification set by the client (using the |
101 | | * ALPN extension) for this connection, if any. This value is not |
102 | | * tied to the session and a later renegotiation of the same |
103 | | * session can choose a new protocol. |
104 | | */ |
105 | 0 | std::string next_protocol() const { return m_next_protocol; } |
106 | | |
107 | | /** |
108 | | * Return the protocol notification set by the client (using the |
109 | | * ALPN extension) for this connection, if any. This value is not |
110 | | * tied to the session and a later renegotiation of the same |
111 | | * session can choose a new protocol. |
112 | | */ |
113 | 0 | std::string application_protocol() const override { return m_next_protocol; } |
114 | | |
115 | | private: |
116 | | std::vector<X509_Certificate> |
117 | | get_peer_cert_chain(const Handshake_State& state) const override; |
118 | | |
119 | | void initiate_handshake(Handshake_State& state, |
120 | | bool force_full_renegotiation) override; |
121 | | |
122 | | void process_handshake_msg(const Handshake_State* active_state, |
123 | | Handshake_State& pending_state, |
124 | | Handshake_Type type, |
125 | | const std::vector<uint8_t>& contents, |
126 | | bool epoch0_restart) override; |
127 | | |
128 | | void process_client_hello_msg(const Handshake_State* active_state, |
129 | | Server_Handshake_State& pending_state, |
130 | | const std::vector<uint8_t>& contents, |
131 | | bool epoch0_restart); |
132 | | |
133 | | void process_certificate_msg(Server_Handshake_State& pending_state, |
134 | | const std::vector<uint8_t>& contents); |
135 | | |
136 | | void process_client_key_exchange_msg(Server_Handshake_State& pending_state, |
137 | | const std::vector<uint8_t>& contents); |
138 | | |
139 | | void process_change_cipher_spec_msg(Server_Handshake_State& pending_state); |
140 | | |
141 | | void process_certificate_verify_msg(Server_Handshake_State& pending_state, |
142 | | Handshake_Type type, |
143 | | const std::vector<uint8_t>& contents); |
144 | | |
145 | | void process_finished_msg(Server_Handshake_State& pending_state, |
146 | | Handshake_Type type, |
147 | | const std::vector<uint8_t>& contents); |
148 | | |
149 | | void session_resume(Server_Handshake_State& pending_state, |
150 | | bool have_session_ticket_key, |
151 | | Session& session_info); |
152 | | |
153 | | void session_create(Server_Handshake_State& pending_state, |
154 | | bool have_session_ticket_key); |
155 | | |
156 | | Handshake_State* new_handshake_state(Handshake_IO* io) override; |
157 | | |
158 | | Credentials_Manager& m_creds; |
159 | | std::string m_next_protocol; |
160 | | |
161 | | // Set by deprecated constructor, Server calls both this fn and Callbacks version |
162 | | next_protocol_fn m_choose_next_protocol; |
163 | | }; |
164 | | |
165 | | } |
166 | | |
167 | | } |
168 | | |
169 | | #endif |