corosio

Directory: ../corosio_lcov_PR-139/
Coverage: low: ≥ 0% medium: ≥ 75.0% high: ≥ 90.0%
Coverage Exec / Excl / Total
Lines: 0.0% 0 / 0 / 116
Functions: 0.0% 0 / 0 / 27
Branches: 0.0% 0 / 0 / 50
src/corosio/src/tls/context.cpp
Line Branch Exec Source
1 //
2 // Copyright (c) 2025 Vinnie Falco (vinnie.falco@gmail.com)
3 //
4 // Distributed under the Boost Software License, Version 1.0. (See accompanying
5 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
6 //
7 // Official repository: https://github.com/cppalliance/corosio
8 //
9
10 #include <boost/corosio/tls_context.hpp>
11 #include "detail/context_impl.hpp"
12
13 #include <cerrno>
14 #include <fstream>
15 #include <sstream>
16
17 namespace boost::corosio {
18
19 //------------------------------------------------------------------------------
20
21 tls_context::
22 tls_context()
23 : impl_( std::make_shared<impl>() )
24 {
25 }
26
27 //------------------------------------------------------------------------------
28 //
29 // Credential Loading
30 //
31 //------------------------------------------------------------------------------
32
33 std::error_code
34 tls_context::
35 use_certificate(
36 std::string_view certificate,
37 tls_file_format format )
38 {
39 impl_->entity_certificate = std::string( certificate );
40 impl_->entity_cert_format = format;
41 return {};
42 }
43
44 std::error_code
45 tls_context::
46 use_certificate_file(
47 std::string_view filename,
48 tls_file_format format )
49 {
50 std::ifstream file( std::string( filename ), std::ios::binary );
51 if( !file )
52 return std::error_code( ENOENT, std::generic_category() );
53
54 std::ostringstream ss;
55 ss << file.rdbuf();
56 impl_->entity_certificate = ss.str();
57 impl_->entity_cert_format = format;
58 return {};
59 }
60
61 std::error_code
62 tls_context::
63 use_certificate_chain( std::string_view chain )
64 {
65 impl_->certificate_chain = std::string( chain );
66 return {};
67 }
68
69 std::error_code
70 tls_context::
71 use_certificate_chain_file( std::string_view filename )
72 {
73 std::ifstream file( std::string( filename ), std::ios::binary );
74 if( !file )
75 return std::error_code( ENOENT, std::generic_category() );
76
77 std::ostringstream ss;
78 ss << file.rdbuf();
79 impl_->certificate_chain = ss.str();
80 return {};
81 }
82
83 std::error_code
84 tls_context::
85 use_private_key(
86 std::string_view private_key,
87 tls_file_format format )
88 {
89 impl_->private_key = std::string( private_key );
90 impl_->private_key_format = format;
91 return {};
92 }
93
94 std::error_code
95 tls_context::
96 use_private_key_file(
97 std::string_view filename,
98 tls_file_format format )
99 {
100 std::ifstream file( std::string( filename ), std::ios::binary );
101 if( !file )
102 return std::error_code( ENOENT, std::generic_category() );
103
104 std::ostringstream ss;
105 ss << file.rdbuf();
106 impl_->private_key = ss.str();
107 impl_->private_key_format = format;
108 return {};
109 }
110
111 std::error_code
112 tls_context::
113 use_pkcs12(
114 std::string_view /*data*/,
115 std::string_view /*passphrase*/ )
116 {
117 // TODO: Implement PKCS#12 parsing
118 return std::error_code( ENOTSUP, std::generic_category() );
119 }
120
121 std::error_code
122 tls_context::
123 use_pkcs12_file(
124 std::string_view /*filename*/,
125 std::string_view /*passphrase*/ )
126 {
127 // TODO: Implement PKCS#12 file loading
128 return std::error_code( ENOTSUP, std::generic_category() );
129 }
130
131 //------------------------------------------------------------------------------
132 //
133 // Trust Anchors
134 //
135 //------------------------------------------------------------------------------
136
137 std::error_code
138 tls_context::
139 add_certificate_authority( std::string_view ca )
140 {
141 impl_->ca_certificates.emplace_back( ca );
142 return {};
143 }
144
145 std::error_code
146 tls_context::
147 load_verify_file( std::string_view filename )
148 {
149 std::ifstream file( std::string( filename ), std::ios::binary );
150 if( !file )
151 return std::error_code( ENOENT, std::generic_category() );
152
153 std::ostringstream ss;
154 ss << file.rdbuf();
155 impl_->ca_certificates.push_back( ss.str() );
156 return {};
157 }
158
159 std::error_code
160 tls_context::
161 add_verify_path( std::string_view path )
162 {
163 impl_->verify_paths.emplace_back( path );
164 return {};
165 }
166
167 std::error_code
168 tls_context::
169 set_default_verify_paths()
170 {
171 impl_->use_default_verify_paths = true;
172 return {};
173 }
174
175 //------------------------------------------------------------------------------
176 //
177 // Protocol Configuration
178 //
179 //------------------------------------------------------------------------------
180
181 std::error_code
182 tls_context::
183 set_min_protocol_version( tls_version v )
184 {
185 impl_->min_version = v;
186 return {};
187 }
188
189 std::error_code
190 tls_context::
191 set_max_protocol_version( tls_version v )
192 {
193 impl_->max_version = v;
194 return {};
195 }
196
197 std::error_code
198 tls_context::
199 set_ciphersuites( std::string_view ciphers )
200 {
201 impl_->ciphersuites = std::string( ciphers );
202 return {};
203 }
204
205 std::error_code
206 tls_context::
207 set_alpn( std::initializer_list<std::string_view> protocols )
208 {
209 impl_->alpn_protocols.clear();
210 for( auto const& p : protocols )
211 impl_->alpn_protocols.emplace_back( p );
212 return {};
213 }
214
215 //------------------------------------------------------------------------------
216 //
217 // Certificate Verification
218 //
219 //------------------------------------------------------------------------------
220
221 std::error_code
222 tls_context::
223 set_verify_mode( tls_verify_mode mode )
224 {
225 impl_->verification_mode = mode;
226 return {};
227 }
228
229 std::error_code
230 tls_context::
231 set_verify_depth( int depth )
232 {
233 impl_->verify_depth = depth;
234 return {};
235 }
236
237 void
238 tls_context::
239 set_hostname( std::string_view hostname )
240 {
241 impl_->hostname = std::string( hostname );
242 }
243
244 void
245 tls_context::
246 set_servername_callback_impl(
247 std::function<bool( std::string_view )> callback )
248 {
249 impl_->servername_callback = std::move( callback );
250 }
251
252 void
253 tls_context::
254 set_password_callback_impl(
255 std::function<std::string( std::size_t, tls_password_purpose )> callback )
256 {
257 impl_->password_callback = std::move( callback );
258 }
259
260 //------------------------------------------------------------------------------
261 //
262 // Revocation Checking
263 //
264 //------------------------------------------------------------------------------
265
266 std::error_code
267 tls_context::
268 add_crl( std::string_view crl )
269 {
270 impl_->crls.emplace_back( crl );
271 return {};
272 }
273
274 std::error_code
275 tls_context::
276 add_crl_file( std::string_view filename )
277 {
278 std::ifstream file( std::string( filename ), std::ios::binary );
279 if( !file )
280 return std::error_code( ENOENT, std::generic_category() );
281
282 std::ostringstream ss;
283 ss << file.rdbuf();
284 impl_->crls.push_back( ss.str() );
285 return {};
286 }
287
288 std::error_code
289 tls_context::
290 set_ocsp_staple( std::string_view response )
291 {
292 impl_->ocsp_staple = std::string( response );
293 return {};
294 }
295
296 void
297 tls_context::
298 set_require_ocsp_staple( bool require )
299 {
300 impl_->require_ocsp_staple = require;
301 }
302
303 void
304 tls_context::
305 set_revocation_policy( tls_revocation_policy policy )
306 {
307 impl_->revocation = policy;
308 }
309
310 } // namespace boost::corosio
311