TlsSocket.hpp

 
//
//  Copyright Phoenix Contact GmbH & Co. KG
//
#pragma once
#include "Arp/System/Core/Arp.h"
#include "Arp/System/Commons/Net/IpAddress.hpp"
#include "Arp/System/Commons/Net/Socket.hpp"
#include "Arp/System/Commons/Logging.h"
#include "Arp/System/Commons/Exceptions/Exceptions.h"
#include "Arp/System/Commons/Security/IdentityStore.hpp"
#include "Arp/System/Core/PimplPtr.hxx"
#include "Arp/System/Commons/Net/TlsOptions.hpp"
 
using namespace Arp::System::Commons::Security;
 
// forwards
typedef struct ssl_st       SSL;
typedef struct ssl_ctx_st   SSL_CTX;
 
 
namespace Arp { namespace System { namespace Commons { namespace Net
{
 
 
 
class TlsContext;
using TlsContextPtr = std::shared_ptr<TlsContext>;
 
 
class TlsSocket : private Loggable<TlsSocket>
{
 
private:
    friend class TlsContext;
 
public: // typedefs/usings
 
    typedef std::shared_ptr<TlsSocket> Ptr;
 
    using ISocketService = Arp::System::Ve::ISocketService;
 
public: // construction/destruction
 
    TlsSocket(SocketType type, SocketDomain domain, SocketBlockingMode blockingMode);
    TlsSocket(SocketType type, SocketDomain domain, SocketBlockingMode blockingMode, TlsOptions options);
 
    TlsSocket(const TlsSocket& arg) = delete;
 
    TlsSocket& operator=(const TlsSocket& arg) = delete;
 
    ~TlsSocket(void);
 
private: // construction
    TlsSocket(Socket::Ptr pSocket, TlsContextPtr pContext, bool isInitialized);
 
public: // operators
 
public: // static operations
 
public: // setter/getter operations
    SocketType      GetSocketType(void);
    SocketDomain    GetSocketDomain(void);
    bool            IsBlocking(void);
    bool            IsConnected(void);
    bool            IsTlsConnected(void);
    IpAddress       GetRemoteIpAddress(void);
    int             GetRemotePort(void);
 
public: // operations
    Ptr             Accept(IpAddress& ip4address, int& port, SocketError& error);
    SocketError     Bind(const IpAddress& ip4Address, int port);
    SocketError     Bind2(const IpAddress& ip4Address, int& port);
    SocketError     Listen(size_t backlog);
    SocketError     Connect(const IpAddress& ip4Address, int port);
    SocketError     Shutdown(void);
    SocketError     Shutdown(ShutdownMode mode);
    SocketError     Close(void);
    int             Send(const void* pBuffer, size_t length, SocketError& error);
    int             Receive(void* pBuffer, size_t length, SocketError& error);
    bool            Select(SelectMode mode, Microseconds timeout, SocketError& error);
    int             Poll(PollMode mode, Milliseconds timeout, SocketError& error);
 
    SocketError     SetSocketOption(SocketOptionName optionName, const void* optionValue, size_t optionLength);
    SocketError     GetSocketOption(SocketOptionName optionName, void* optionValue, size_t *optionLength);
    SocketError     SetOptionReuseAddress(bool enabled);
    SocketError     GetOptionReuseAddress(bool& enabled);
    SocketError     SetOptionKeepAlive(bool enabled);
    SocketError     GetOptionKeepAlive(bool& enabled);
    SocketError     SetOptionBroadcast(bool enabled);
    SocketError     GetOptionBroadcast(bool& enabled);
    SocketError     SetOptionNoDelay(bool enabled);
    SocketError     GetOptionNoDelay(bool& enabled);
    SocketError     SetOptionLinger(bool enable, size_t timeout);
    SocketError     GetOptionLinger(bool& enable, size_t& timeout);
    SocketError     SetOptionUserTimeout(size_t timeout_ms);
    SocketError     GetOptionUserTimeout(size_t& timeout_ms);
    SocketError     SetOptionKeepAliveIdleTime(int seconds);
    SocketError     GetOptionKeepAliveIdleTime(int& seconds);
    SocketError     SetOptionKeepAliveProbeInterval(int seconds);
    SocketError     GetOptionKeepAliveProbeInterval(int& seconds);
    SocketError     SetOptionKeepAliveProbeCount(int probeCount);
    SocketError     GetOptionKeepAliveProbeCount(int& probeCount);
    SocketError     SetOptionBlocking(bool enable);
 
    SocketError InitClient(const String& trustStoreName, const String& identityStoreName, const String& hostName);
    SocketError InitServer(const String& identityStoreName, const String& trustStoreName = "");
    void SetCipherList(String cipherList);
    SocketError RenegotiateSession();
    SocketError UpdateSessionKeys(bool requestUpdate = true);
    SocketError GetPeerCertificate(Certificate& certificate);
 
protected: // operations
 
private: // static methods
 
 
private: // methods
    Ptr         TcpAccept(IpAddress& ip4address, int& port, SocketError& error);
    SocketError TlsAccept(void);
    SocketError TcpConnect(const IpAddress& ipAddress, int port);
    SocketError TlsConnect(void);
    int         PollRead(Milliseconds timeout, SocketError& error);
    int         PollWrite(Milliseconds timeout, SocketError& error);
    int         PollConnect(Milliseconds timeout, SocketError& error);
    int         PollAccept(Milliseconds timeout, SocketError& error);
    SocketError HandleSslResult(int result, int* sslErrorOut = nullptr);
    int         GetFileDescriptor(void);
    void        ClearOpenSslErrors(void);
 
    SocketError UpdateSessionKeysTls13(bool requestUpdate = true);
    SocketError UpdateSessionKeysTls12();
    bool        IsKeyUpdateScheduled() const;
    SocketError CreateSslConnection(void);
 
private: // fields
    Socket::Ptr pSocket = nullptr;
    SSL* sslConnection = nullptr;
    TlsContextPtr pContext;
 
    Ptr currentAcceptSocket;
 
    bool tlsIsConnected;    //true if TLS Handshake was completed
    bool hasSslError;
    bool socketIsConnected; //true if tcp socket is connected / accepted (set before SSL_connect / SSL_accept)
    bool tlsInitDone;
    bool isInitialized; // true if InitClient resp. InitServer has already been called
    bool tlsConnectIsPending;
    bool pendingTlsConnectNeedsRead;
 
    String hostNameToVerify;
};
 
}}}} // end of namespace Arp::System::Commons::Net