2019-12-17 18:30:49 +08:00
|
|
|
|
#pragma once
|
|
|
|
|
#include "../acl_cpp_define.hpp"
|
|
|
|
|
#include "../stdlib/thread_mutex.hpp"
|
2022-08-20 21:32:08 +08:00
|
|
|
|
#include "../stdlib/string.hpp"
|
2019-12-18 11:22:54 +08:00
|
|
|
|
#include "sslbase_conf.hpp"
|
2019-12-17 18:30:49 +08:00
|
|
|
|
#include <vector>
|
|
|
|
|
|
2023-02-13 15:36:03 +08:00
|
|
|
|
typedef struct mbedtls_x509_crt mbedtls_x509_crt;
|
|
|
|
|
typedef struct mbedtls_ssl_config mbedtls_ssl_config;
|
|
|
|
|
typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
|
|
|
|
|
|
2022-08-19 10:28:04 +08:00
|
|
|
|
namespace acl {
|
2019-12-17 18:30:49 +08:00
|
|
|
|
|
|
|
|
|
/**
|
2019-12-18 11:22:54 +08:00
|
|
|
|
* SSL ֤<EFBFBD><EFBFBD>У<EFBFBD>鼶<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ͷ<EFBFBD><EFBFBD><EFBFBD>
|
2019-12-17 18:30:49 +08:00
|
|
|
|
*/
|
2022-08-19 10:28:04 +08:00
|
|
|
|
typedef enum {
|
2019-12-18 11:22:54 +08:00
|
|
|
|
MBEDTLS_VERIFY_NONE, // <20><>У<EFBFBD><D0A3>֤<EFBFBD><D6A4>
|
|
|
|
|
MBEDTLS_VERIFY_OPT, // ѡ<><D1A1><EFBFBD><EFBFBD>У<EFBFBD>飬<EFBFBD><E9A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>ֺ<EFBFBD>У<EFBFBD><D0A3>
|
|
|
|
|
MBEDTLS_VERIFY_REQ // Ҫ<><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱУ<CAB1><D0A3>
|
|
|
|
|
} mbedtls_verify_t;
|
2019-12-17 18:30:49 +08:00
|
|
|
|
|
|
|
|
|
class mbedtls_io;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* SSL <EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>࣬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊȫ<EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿһ<EFBFBD><EFBFBD> SSL
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ã<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD>Ե<EFBFBD>֤<EFBFBD>顢<EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD>ÿһ<EFBFBD><EFBFBD> SSL <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* (mbedtls_io) <EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>setup_certs <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD>顢<EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
|
|
|
|
*/
|
2022-08-19 10:28:04 +08:00
|
|
|
|
class ACL_CPP_API mbedtls_conf : public sslbase_conf {
|
2019-12-17 18:30:49 +08:00
|
|
|
|
public:
|
2019-12-20 15:08:36 +08:00
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD>캯<EFBFBD><EFBFBD>
|
|
|
|
|
* @param server_side {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>˻<EFBFBD><EFBFBD>ǿͻ<EFBFBD><EFBFBD>ˣ<EFBFBD><EFBFBD><EFBFBD>Ϊ true ʱ
|
|
|
|
|
* Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD>ͻ<EFBFBD><EFBFBD><EFBFBD>ģʽ
|
2020-01-12 19:41:29 +08:00
|
|
|
|
* @param verify_mode {mbedtls_verify_t} SSL ֤<EFBFBD><EFBFBD>У<EFBFBD>鼶<EFBFBD><EFBFBD>
|
2019-12-20 15:08:36 +08:00
|
|
|
|
*/
|
2020-01-12 19:41:29 +08:00
|
|
|
|
mbedtls_conf(bool server_side = false,
|
|
|
|
|
mbedtls_verify_t verify_mode = MBEDTLS_VERIFY_NONE);
|
2019-12-17 18:30:49 +08:00
|
|
|
|
~mbedtls_conf(void);
|
|
|
|
|
|
|
|
|
|
/**
|
2020-01-02 23:29:06 +08:00
|
|
|
|
* @override
|
2019-12-17 18:30:49 +08:00
|
|
|
|
*/
|
|
|
|
|
bool load_ca(const char* ca_file, const char* ca_path);
|
|
|
|
|
|
2020-09-06 21:26:30 +08:00
|
|
|
|
/**
|
|
|
|
|
* @override
|
|
|
|
|
*/
|
2022-08-20 21:32:08 +08:00
|
|
|
|
bool add_cert(const char* crt_file, const char* key_file,
|
2020-09-07 21:24:39 +08:00
|
|
|
|
const char* key_pass = NULL);
|
2020-09-06 21:26:30 +08:00
|
|
|
|
|
2019-12-17 18:30:49 +08:00
|
|
|
|
/**
|
2020-01-02 23:29:06 +08:00
|
|
|
|
* @override
|
2022-08-21 17:34:05 +08:00
|
|
|
|
* ע: <EFBFBD>÷<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> mbedtls_conf <EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <EFBFBD><EFBFBD>ֱ<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>淽<EFBFBD><EFBFBD>
|
2019-12-17 18:30:49 +08:00
|
|
|
|
*/
|
2022-08-21 17:34:05 +08:00
|
|
|
|
bool add_cert(const char* /* crt_file */);
|
2019-12-17 18:30:49 +08:00
|
|
|
|
|
|
|
|
|
/**
|
2020-01-02 23:29:06 +08:00
|
|
|
|
* @override
|
2022-08-21 17:34:05 +08:00
|
|
|
|
* ע: <EFBFBD>÷<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> mbedtls_conf <EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <EFBFBD><EFBFBD>ֱ<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>淽<EFBFBD><EFBFBD>
|
2019-12-17 18:30:49 +08:00
|
|
|
|
*/
|
2022-08-21 17:34:05 +08:00
|
|
|
|
bool set_key(const char* /*key_file*/, const char* /* key_pass */);
|
2019-12-17 18:30:49 +08:00
|
|
|
|
|
|
|
|
|
/**
|
2020-01-02 23:29:06 +08:00
|
|
|
|
* @override
|
2019-12-17 18:30:49 +08:00
|
|
|
|
*/
|
|
|
|
|
void enable_cache(bool on);
|
|
|
|
|
|
2020-01-02 23:29:06 +08:00
|
|
|
|
public:
|
|
|
|
|
/**
|
|
|
|
|
* mbedtls_io::open <EFBFBD>ڲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>װ<EFBFBD><EFBFBD>ǰ SSL <EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>
|
|
|
|
|
* @param ssl {void*} SSL <EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ ssl_context <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* @return {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
bool setup_certs(void* ssl);
|
|
|
|
|
|
2019-12-17 18:30:49 +08:00
|
|
|
|
/**
|
2019-12-18 11:22:54 +08:00
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* @return {void*}<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ entropy_context <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
*/
|
2023-02-13 15:36:03 +08:00
|
|
|
|
void* get_entropy(void) const {
|
2019-12-18 11:22:54 +08:00
|
|
|
|
return entropy_;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-17 18:30:49 +08:00
|
|
|
|
public:
|
|
|
|
|
/**
|
2020-01-07 18:33:44 +08:00
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD> mbedtls <EFBFBD>ֳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>⣬<EFBFBD><EFBFBD><EFBFBD>Ե<EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
2020-01-06 15:29:03 +08:00
|
|
|
|
* @param libmbedcrypto {const char*} libmbedcrypto <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
|
|
|
|
* @param libmbedx509 {const char*} libmbedx509 <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
|
|
|
|
* @param libmbedtls {const char*} libmbedtls <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
2019-12-17 18:30:49 +08:00
|
|
|
|
*/
|
2020-01-06 15:29:03 +08:00
|
|
|
|
static void set_libpath(const char* libmbedcrypto,
|
|
|
|
|
const char* libmbedx509, const char* libmbedtls);
|
2019-12-17 18:30:49 +08:00
|
|
|
|
|
|
|
|
|
/**
|
2020-01-07 18:33:44 +08:00
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD> mbedtls <EFBFBD>ϳ<EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD>⣬<EFBFBD><EFBFBD><EFBFBD>Ե<EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
2020-05-07 10:55:14 +08:00
|
|
|
|
* @param libmbedtls {const char*} libmbedtls <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
2020-01-07 18:33:44 +08:00
|
|
|
|
*/
|
|
|
|
|
static void set_libpath(const char* libmbedtls);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD> mbedtls <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD>
|
2020-01-02 23:29:06 +08:00
|
|
|
|
* @return {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>
|
2019-12-17 18:30:49 +08:00
|
|
|
|
*/
|
2020-01-02 23:29:06 +08:00
|
|
|
|
static bool load(void);
|
2019-12-17 18:30:49 +08:00
|
|
|
|
|
|
|
|
|
public:
|
2019-12-18 11:22:54 +08:00
|
|
|
|
// @override sslbase_conf
|
2020-07-01 17:05:41 +08:00
|
|
|
|
sslbase_io* create(bool nblock);
|
2019-12-17 18:30:49 +08:00
|
|
|
|
|
2023-02-13 17:06:30 +08:00
|
|
|
|
public:
|
|
|
|
|
mbedtls_ssl_config* create_ssl_config(void);
|
|
|
|
|
|
2019-12-17 18:30:49 +08:00
|
|
|
|
private:
|
|
|
|
|
friend class mbedtls_io;
|
|
|
|
|
|
2020-01-02 23:29:06 +08:00
|
|
|
|
unsigned init_status_;
|
|
|
|
|
unsigned cert_status_;
|
2019-12-18 11:22:54 +08:00
|
|
|
|
thread_mutex lock_;
|
|
|
|
|
|
2020-01-12 19:41:29 +08:00
|
|
|
|
bool server_side_;
|
2019-12-20 15:08:36 +08:00
|
|
|
|
|
2023-02-13 17:06:30 +08:00
|
|
|
|
int conf_count_;
|
|
|
|
|
std::vector<mbedtls_ssl_config*> conf_table_;
|
2023-02-13 15:36:03 +08:00
|
|
|
|
mbedtls_ssl_config* conf_;
|
2023-02-13 17:06:30 +08:00
|
|
|
|
|
|
|
|
|
const int* ciphers_;
|
2019-12-18 11:22:54 +08:00
|
|
|
|
void* entropy_;
|
2019-12-20 15:08:36 +08:00
|
|
|
|
void* rnd_;
|
2023-02-13 17:06:30 +08:00
|
|
|
|
|
2023-02-13 15:36:03 +08:00
|
|
|
|
mbedtls_x509_crt* cacert_;
|
2022-08-20 21:32:08 +08:00
|
|
|
|
string crt_file_;
|
2023-02-13 15:36:03 +08:00
|
|
|
|
mbedtls_ssl_cache_context* cache_;
|
2019-12-18 11:22:54 +08:00
|
|
|
|
mbedtls_verify_t verify_mode_;
|
2020-09-07 21:24:39 +08:00
|
|
|
|
std::vector<std::pair<void*, void*> > cert_keys_;
|
2019-12-18 11:22:54 +08:00
|
|
|
|
|
2023-02-13 15:36:03 +08:00
|
|
|
|
|
2019-12-18 11:22:54 +08:00
|
|
|
|
private:
|
2019-12-20 15:08:36 +08:00
|
|
|
|
bool init_once(void);
|
|
|
|
|
bool init_rand(void);
|
2019-12-17 18:30:49 +08:00
|
|
|
|
void free_ca(void);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
} // namespace acl
|