Botan  2.8.0
Crypto and TLS for C++11
tls_server.h
Go to the documentation of this file.
1 /*
2 * TLS Server
3 * (C) 2004-2011 Jack Lloyd
4 * 2016 Matthias Gierlings
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TLS_SERVER_H_
10 #define BOTAN_TLS_SERVER_H_
11 
12 #include <botan/tls_channel.h>
13 #include <botan/tls_policy.h>
14 #include <botan/credentials_manager.h>
15 #include <vector>
16 
17 namespace Botan {
18 
19 namespace TLS {
20 
21 class Server_Handshake_State;
22 
23 /**
24 * TLS Server
25 */
26 class BOTAN_PUBLIC_API(2,0) Server final : public Channel
27  {
28  public:
29  typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn;
30 
31  /**
32  * Server initialization
33  *
34  * @param callbacks contains a set of callback function references
35  * required by the TLS client.
36  *
37  * @param session_manager manages session state
38  *
39  * @param creds manages application/user credentials
40  *
41  * @param policy specifies other connection policy information
42  *
43  * @param rng a random number generator
44  *
45  * @param is_datagram set to true if this server should expect DTLS
46  * connections. Otherwise TLS connections are expected.
47  *
48  * @param reserved_io_buffer_size This many bytes of memory will
49  * be preallocated for the read and write buffers. Smaller
50  * values just mean reallocations and copies are more likely.
51  */
52  Server(Callbacks& callbacks,
53  Session_Manager& session_manager,
54  Credentials_Manager& creds,
55  const Policy& policy,
57  bool is_datagram = false,
58  size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE
59  );
60 
61  /**
62  * DEPRECATED. This constructor is only provided for backward
63  * compatibility and should not be used in new implementations.
64  * It will be removed in a future release.
65  */
66  BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)")
67  Server(output_fn output,
69  alert_cb recv_alert_cb,
70  handshake_cb hs_cb,
71  Session_Manager& session_manager,
72  Credentials_Manager& creds,
73  const Policy& policy,
75  next_protocol_fn next_proto = next_protocol_fn(),
76  bool is_datagram = false,
77  size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE
78  );
79 
80  /**
81  * DEPRECATED. This constructor is only provided for backward
82  * compatibility and should not be used in new implementations.
83  * It will be removed in a future release.
84  */
85  BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)")
86  Server(output_fn output,
88  alert_cb recv_alert_cb,
89  handshake_cb hs_cb,
90  handshake_msg_cb hs_msg_cb,
91  Session_Manager& session_manager,
92  Credentials_Manager& creds,
93  const Policy& policy,
95  next_protocol_fn next_proto = next_protocol_fn(),
96  bool is_datagram = false
97  );
98 
99  /**
100  * Return the protocol notification set by the client (using the
101  * ALPN extension) for this connection, if any. This value is not
102  * tied to the session and a later renegotiation of the same
103  * session can choose a new protocol.
104  */
105  std::string next_protocol() const { return m_next_protocol; }
106 
107  /**
108  * Return the protocol notification set by the client (using the
109  * ALPN extension) for this connection, if any. This value is not
110  * tied to the session and a later renegotiation of the same
111  * session can choose a new protocol.
112  */
113  std::string application_protocol() const { return m_next_protocol; }
114 
115  private:
116  std::vector<X509_Certificate>
117  get_peer_cert_chain(const Handshake_State& state) const override;
118 
119  void initiate_handshake(Handshake_State& state,
120  bool force_full_renegotiation) override;
121 
122  void process_handshake_msg(const Handshake_State* active_state,
123  Handshake_State& pending_state,
125  const std::vector<uint8_t>& contents) override;
126 
127  void process_client_hello_msg(const Handshake_State* active_state,
128  Server_Handshake_State& pending_state,
129  const std::vector<uint8_t>& contents);
130 
131  void process_certificate_msg(Server_Handshake_State& pending_state,
132  const std::vector<uint8_t>& contents);
133 
134  void process_client_key_exchange_msg(Server_Handshake_State& pending_state,
135  const std::vector<uint8_t>& contents);
136 
137  void process_change_cipher_spec_msg(Server_Handshake_State& pending_state);
138 
139  void process_certificate_verify_msg(Server_Handshake_State& pending_state,
141  const std::vector<uint8_t>& contents);
142 
143  void process_finished_msg(Server_Handshake_State& pending_state,
145  const std::vector<uint8_t>& contents);
146 
147  void session_resume(Server_Handshake_State& pending_state,
148  bool have_session_ticket_key,
149  Session& session_info);
150 
151  void session_create(Server_Handshake_State& pending_state,
152  bool have_session_ticket_key);
153 
154  Handshake_State* new_handshake_state(Handshake_IO* io) override;
155 
156  Credentials_Manager& m_creds;
157  std::string m_next_protocol;
158 
159  // Set by deprecated constructor, Server calls both this fn and Callbacks version
160  next_protocol_fn m_choose_next_protocol;
161  };
162 
163 }
164 
165 }
166 
167 #endif
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
Definition: tls_channel.h:42
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: bigint.h:891
std::function< void(const uint8_t[], size_t)> output_fn
Definition: tls_channel.h:40
MechanismType type
std::function< bool(const Session &)> handshake_cb
Definition: tls_channel.h:43
static size_t IO_BUF_DEFAULT_SIZE
Definition: tls_channel.h:45
std::function< std::string(std::vector< std::string >)> next_protocol_fn
Definition: tls_server.h:29
Definition: alg_id.cpp:13
std::function< void(const uint8_t[], size_t)> data_cb
Definition: tls_channel.h:41
std::string application_protocol() const
Definition: tls_server.h:113
std::function< void(const Handshake_Message &)> handshake_msg_cb
Definition: tls_channel.h:44