diff --git a/frameworks/native/tls_socket/include/tls.h b/frameworks/native/tls_socket/include/tls.h new file mode 100644 index 0000000000000000000000000000000000000000..c35b664dbaef05daf357423670c84a2ff7e49c0b --- /dev/null +++ b/frameworks/native/tls_socket/include/tls.h @@ -0,0 +1,214 @@ +/* +* Copyright (c) 2022 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef COMMUNICATIONNETSTACK_TLS_H +#define COMMUNICATIONNETSTACK_TLS_H + +#include +#include "net_address.h" + +namespace OHOS { +namespace NetStack { + +using Handle = void *; +constexpr int MAX_BUF_LEN = 1024; + +class TlsSecureOptions { +public: + + TlsSecureOptions(); + + ~TlsSecureOptions() = default; + + void SetCa(const std::vector &ca); + + void SetCert(const std::string &cert); + + void SetKey(const std::string &key); + + void SetPasswd(const std::string &passwd); + + void SetProtocol(const std::vector &Protocol); + + void SetUseRemoteCipherPrefer(bool useRemoteCipherPrefer); + + void SetSignatureAlgorithms(const std::string &signatureAlgorithms); + + void SetCipherSuite(const std::string &cipherSuite); + + void SetCrl(const std::vector &crl); + + [[nodiscard]] std::vector GetCa() const; + + [[nodiscard]] std::string GetCert() const; + + [[nodiscard]] std::string GetKey() const; + + [[nodiscard]] std::vector GetProtocol() const; + + [[nodiscard]] std::vector GetCrl() const; + + [[nodiscard]] std::string GetPasswd() const; + + [[nodiscard]] std::string GetSignatureAlgorithms() const; + + [[nodiscard]] std::string GetCipherSuite() const; + + [[nodiscard]] bool GetUseRemoteCipherPrefer() const; + +private: + std::vector caChain_; + std::string cert_; + std::string key_; + std::string passwd_; + std::vector protocolChain_; + bool useRemoteCipherPrefer_ = false; + std::string signatureAlgorithms_; + std::string cipherSuite_; + std::vector crlChain_; +}; + +class TlsConnectOptions { +public: + void SetAddress(const NetAddress &address); + + void SetSecureOptions(const TlsSecureOptions &secureOptions); + + void SetAlpnProtocols(const std::vector &alpnProtocols); + + NetAddress GetAddress(); + + TlsSecureOptions GetTlsSecureOptions(); + + std::vector GetAlpnProtocols(); + +private: + NetAddress address_; + TlsSecureOptions secureOptions_; + std::vector alpnProtocols_; +}; + +struct CipherSuite { + unsigned long cipherId_; + std::string cipherName_; +}; + +enum TlsMode { + UNENCRYPTED_MODE, + SSL_CLIENT_MODE, + SSL_SERVER_MODE +}; + +enum PeerVerifyMode { + VERIFY_NONE, + QUERY_PEER, + VERIFY_PEER, + AUTO_VERIFY_PEER +}; + +enum KeyType { + PRIVATE_KEY, + PUBLIC_KEY +}; + +enum CertType { + CA_CERT, + LOCAL_CERT +}; + +enum EncodingFormat { + PEM, + DER +}; + +enum KeyAlgorithm { + OPAQUE, + ALGORITHM_RSA, + ALGORITHM_DSA, + ALGORITHM_EC, + ALGORITHM_DH +}; + +enum AlternativeNameEntryType { + EMAIL_ENTRY, + DNS_ENTRY, + IPADDRESS_ENTRY +}; + +enum OpenMode { + NOT_OPEN, + READ_ONLY, + WRITE_ONLY, + READ_WRITE = READ_ONLY | WRITE_ONLY, + APPEND, + TRUNCATE, + TEXT, + UNBUFFERED, + NEW_ONLY, + EXISTION_ONLY +}; + +enum NetworkLayerProtocol { + IPV4_PROTOCOL, + IPV6_PROTOCOL, + ANY_IP_PROTOCOL, + UNKNOW_NETWORK_LAYER_PROTOCOL = -1 +}; + +enum class ImplementedClass { + KEY, + CERTIFICATE, + SOCKET, + DIFFIE_HELLMAN, + ELLIPTIC_CURVE +}; + +enum class SupportedFeature { + CERTIFICATE_VERIFICATION, + CLIENT_SIDE_ALPN, + SERVER_SIDE_ALPN, + OCSP, + PSK, + SESSION_TICKET, + ALERTS +}; + +enum TlsOptions { + SSL_OPTION_DISABLE_EMPTY_FRAGMENTS = 0x01, + SSL_OPTION_DISABLE_SESSION_TICKETS = 0x02, + SSL_OPTION_DISABLE_COMPRESSION = 0x04, + SSL_OPTION_DISABLE_SERVER_NAME_INDICATION = 0x08, + SSL_OPTION_DISABLE_LEGACY_RENEGOTIATION = 0x10, + SSL_OPTION_DISABLE_SESSION_SHARING = 0x20, + SSL_OPTION_DISABLE_SESSION_PERSISTENCE = 0x40, + SSL_OPTION_DISABLE_SERVER_CIPHER_PREFERENCE = 0x80 +}; + +enum TLSProtocol { + TLS_V1_2, + TLS_V1_3, + UNKNOW_PROTOCOL +}; + +enum class Cipher { + DES_CBC, + DES_EDE3_CBC, + RC2_CBC, + AES_128_CBC, + AES_192_CBC, + AES_256_CBC +}; +} } // namespace OHOS::NetStack +#endif // COMMUNICATIONNETSTACK_TLS_H diff --git a/frameworks/native/tls_socket/include/tls_certificate.h b/frameworks/native/tls_socket/include/tls_certificate.h new file mode 100644 index 0000000000000000000000000000000000000000..f6f38c78f85168f21cca4d239c54de1a2a36ce1c --- /dev/null +++ b/frameworks/native/tls_socket/include/tls_certificate.h @@ -0,0 +1,68 @@ +/* +* Copyright (c) 2022 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef COMMUNICATIONNETSTACK_TLS_CERTIFICATE_H +#define COMMUNICATIONNETSTACK_TLS_CERTIFICATE_H + +#include +#include +#include + +#include + +#include "tls.h" + +namespace OHOS { +namespace NetStack { + +class TLSCertificate { +public: + TLSCertificate() = default; + TLSCertificate(const TLSCertificate &certificate); + explicit TLSCertificate(const std::string &data, + EncodingFormat format = PEM, + CertType certType = CA_CERT); + TLSCertificate(const std::string &data, CertType certType); + ~TLSCertificate() = default; + TLSCertificate &operator= (const TLSCertificate &other); + + bool CertificateFromData(const std::string &data, CertType certType); + bool CertificateFromPem(const std::string &data, CertType certType); + bool CertificateFromDer(const std::string &data, CertType certType); + bool CaCertToString(X509 *x509); + bool LocalCertToString(X509 *x509); + std::string GetLocalCertString() const; + std::string GetSignatureAlgorithm() const; + + Handle handle() const; + +private: + bool SetSerialNumber(X509 *x509); + bool SetX509Version(X509 *x509); + bool SetNotValidTime(X509 *x509); + bool SetSignatureAlgorithm(X509 *x509); + bool AnalysisCertificate(CertType certType, X509 *x509); +private: + X509 *x509_ = nullptr; + std::string version_; + std::string serialNumber_; + std::string notValidBefore_; + std::string notValidAfter_; + std::string signatureAlgorithm_; + std::string localCertString_; + std::string caCertString_; +}; +} } // namespace OHOS::NetStack +#endif // COMMUNICATIONNETSTACK_TLS_CERTIFICATE_H diff --git a/frameworks/native/tls_socket/include/tls_configuration.h b/frameworks/native/tls_socket/include/tls_configuration.h new file mode 100644 index 0000000000000000000000000000000000000000..60074487eea985318630720b1dc83ceaa0090a7b --- /dev/null +++ b/frameworks/native/tls_socket/include/tls_configuration.h @@ -0,0 +1,84 @@ +/* +* Copyright (c) 2022 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef COMMUNICATIONNETSTACK_TLS_CONFIGURATION_H +#define COMMUNICATIONNETSTACK_TLS_CONFIGURATION_H + +#include +#include + +#include "tls_key.h" +#include "tls_certificate.h" + +namespace OHOS { +namespace NetStack { + +class TLSConfiguration { +public: + TLSConfiguration(); + TLSConfiguration(const TLSConfiguration &other); + ~TLSConfiguration() = default; + TLSConfiguration &operator=(const TLSConfiguration &other); + + void SetLocalCertificate(const TLSCertificate &certificate); + void SetLocalCertificate(const std::string &certificate); + [[nodiscard]] TLSCertificate GetLocalCertificate() const; + + void SetCaCertificate(const TLSCertificate &certificate); + void SetCaCertificate(const std::vector&certificate); + [[nodiscard]] std::vector GetCaCertificate() const; + + [[nodiscard]] const TLSKey& PrivateKey() const; + void SetPrivateKey(const TLSKey &key); + void SetPrivateKey(const std::string &key, const std::string &passwd); + [[nodiscard]] TLSKey GetPrivateKey() const; + + explicit TLSConfiguration(TLSConfiguration *tlsConfiguration); + + void SetProtocol(const std::string &Protocol); + void SetProtocol(const std::vector &Protocol); + [[nodiscard]] TLSProtocol GetMinProtocol() const; + [[nodiscard]] TLSProtocol GetMaxProtocol() const; + [[nodiscard]] TLSProtocol GetProtocol() const; + + void SetUseRemoteCipherPrefer(bool useRemoteCipherPrefer); + [[nodiscard]] bool GetUseRemoteCipherPrefer() const; + + void SetCipherSuite(const std::string &cipherSuite); + [[nodiscard]] std::string GetCipherSuite() const; + + [[nodiscard]] std::string GetCertificate() const; + void SetSignatureAlgorithms(const std::string &signatureAlgorithms); + [[nodiscard]] std::vector GetCipherSuiteVec() const; +private: + TLSProtocol minProtocol_ = TLS_V1_2; + TLSProtocol maxProtocol_ = TLS_V1_2; + TLSProtocol protocol_ = TLS_V1_2; + + std::string cipherSuite_; + std::string signatureAlgorithms_; + std::string localCertString_; + + bool useRemoteCipherPrefer_ = false; + + std::vector cipherSuiteVec_; + + TLSKey privateKey_; + TLSCertificate localCertificate_; + TLSCertificate caCertificate_; + std::vector caCertificateChain_; +}; +} } // namespace OHOS::NetStack::TlsSocketExec +#endif // COMMUNICATIONNETSTACK_TLS_CONFIGURATION_H diff --git a/frameworks/native/tls_socket/include/tls_context.h b/frameworks/native/tls_socket/include/tls_context.h new file mode 100644 index 0000000000000000000000000000000000000000..18ed00be641cd17d1dee643d5e49b2bab7bd54be --- /dev/null +++ b/frameworks/native/tls_socket/include/tls_context.h @@ -0,0 +1,56 @@ +/* +* Copyright (c) 2022 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef COMMUNICATIONNETSTACK_TLS_CONTEXT_H +#define COMMUNICATIONNETSTACK_TLS_CONTEXT_H + +#include + +#include "tls_configuration.h" +#include "tls.h" + +namespace OHOS { +namespace NetStack { + +class TLSContext { +public: + TLSContext() = default; + ~TLSContext() = default; + static std::unique_ptr + CreateConfiguration(TlsMode mode, const TLSConfiguration &configuration, bool allowRootCertOnDemandLoading); + SSL *CreateSsl(); + void CloseCtx(); + +private: + static bool InitTlsContext(TLSContext *sslContext, + TlsMode mode, + const TLSConfiguration &configuration, + bool allowRootCertOnDemandLoading); + static void SetCipherList(TLSContext *tlsContext, const TLSConfiguration &configuration); + static void GetCiphers(TLSContext *tlsContext); + static void UseRemoteCipher(TLSContext *tlsContext); + static void SetMinAndMaxProtocol(TLSContext *tlsContext); + static bool SetCaAndVerify(TLSContext *tlsContext, const TLSConfiguration &configuration); + static bool SetLocalCertificate(TLSContext *tlsContext, const TLSConfiguration &configuration); + static bool SetKeyAndCheck(TLSContext *tlsContext, const TLSConfiguration &configuration); + static void SetVerify(TLSContext *tlsContext); +private: + SSL_CTX *ctx_ = nullptr; + EVP_PKEY *pkey_ = nullptr; + SSL *ctxSsl_ = nullptr; + TLSConfiguration tlsConfiguration_; +}; +} } // namespace OHOS::NetStack +#endif // COMMUNICATIONNETSTACK_TLS_CONTEXT_H diff --git a/frameworks/native/tls_socket/include/tls_key.h b/frameworks/native/tls_socket/include/tls_key.h new file mode 100644 index 0000000000000000000000000000000000000000..5681bcb63a4f4e5e0b6b2b0c25203b72ee2ad962 --- /dev/null +++ b/frameworks/native/tls_socket/include/tls_key.h @@ -0,0 +1,73 @@ +/* +* Copyright (c) 2022 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef COMMUNICATIONNETSTACK_TLS_KEY_H +#define COMMUNICATIONNETSTACK_TLS_KEY_H + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include "tls.h" + +namespace OHOS { +namespace NetStack { + +class TLSKey { +public: + TLSKey() = default; + ~TLSKey() = default; + + TLSKey(const std::string &fileName, KeyAlgorithm algorithm, + EncodingFormat format = PEM, + KeyType type = PRIVATE_KEY, + const std::string &passPhrase = std::string()); + TLSKey(const std::string &data, KeyAlgorithm algorithm, + const std::string &passPhrase); + + TLSKey &operator = (const TLSKey &other); + [[nodiscard]] KeyAlgorithm Algorithm() const; + [[nodiscard]] Handle handle() const; + const std::string &GetPasswd() const; + +private: + void DecodeData(const std::string &data, KeyAlgorithm algorithm, + const std::string &passPhrase); + void DecodeDer(KeyType type, KeyAlgorithm algorithm, const std::string &fileName, + const std::string &passPhrase); + void DecodePem(KeyType type, KeyAlgorithm algorithm, const std::string &fileName, + const std::string &passPhrase); + void Clear(bool deep); + +private: + EVP_PKEY *opaque_ = nullptr; + RSA *rsa_ = nullptr; + DSA *dsa_ = nullptr; + DH *dh_ = nullptr; + EC_KEY *ec_ = nullptr; + EVP_PKEY *genericKey_ = nullptr; + std::string passwd_; + bool keyIsNull_ = true; + KeyType keyType_ = PUBLIC_KEY; + KeyAlgorithm keyAlgorithm_ = OPAQUE; +}; +} } // namespace OHOS::NetStack +#endif // COMMUNICATIONNETSTACK_TLS_KEY_H diff --git a/frameworks/native/tls_socket/include/tls_socket_internal.h b/frameworks/native/tls_socket/include/tls_socket_internal.h new file mode 100644 index 0000000000000000000000000000000000000000..034b73bdf67d859035f2a6862a53f141fac8ac7f --- /dev/null +++ b/frameworks/native/tls_socket/include/tls_socket_internal.h @@ -0,0 +1,102 @@ +/* +* Copyright (c) 2022 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef COMMUNICATIONNETSTACK_TLS_SOCKET_INTERNAL_H +#define COMMUNICATIONNETSTACK_TLS_SOCKET_INTERNAL_H + +#include +#include +#include + +#include + +#include "net_address.h" +#include "socket_state_base.h" +#include "tcp_extra_options.h" +#include "socket_remote_info.h" +#include "tls.h" +#include "tls_configuration.h" +#include "tls_context.h" + +namespace OHOS { +namespace NetStack { + +static constexpr const char *SPLIT = " "; +using RecvCallback = std::function; +using ErrorCallback = std::function; + +class TLSSocketInternal final { +public: + TLSSocketInternal() = default; + ~TLSSocketInternal() = default; + + bool TlsConnectToHost(TlsConnectOptions options); + + void SetTlsConfiguration(const TLSConfiguration &config); + [[nodiscard]] TLSConfiguration GetTlsConfiguration() const; + + [[nodiscard]] TLSProtocol GetProtocol() const; + std::vector GetCipherSuite(); + + [[nodiscard]] bool IsRootsOnDemandAllowed() const; + bool Send(const std::string &data); + void Recv(); + bool Close(); + bool SetAlpnProtocols(const std::vector &alpnProtocols); + bool SetSharedSigalgs(); + [[nodiscard]] bool GetState(SocketStateBase &state) const; + [[nodiscard]] bool ExtraOptions(const TCPExtraOptions &options) const; + [[nodiscard]] bool GetRemoteAddress(NetAddress &address) const; + [[nodiscard]] bool Bind(NetAddress &address) const; + + bool SetRemoteCertificate(); + [[nodiscard]] std::string GetRemoteCertificate() const; + [[nodiscard]] std::string GetCertificate() const; + bool GetPeerCertificate(); + [[nodiscard]] std::vector GetSignatureAlgorithms() const; + + bool GetPasswd(); + std::string GetProtocol(); + + int GetRead(char *buffer, int MAX_BUFFER_SIZE); + void MakeRemoteInfo(SocketRemoteInfo &remoteInfo); + + ssl_st *GetSSL(); + +private: + bool StartTlsConnected(); + bool CreatTlsContext(); + bool StartShakingHands(); + bool VerifyPeerCert(stack_st_X509 *caChain, const char* certFile); +private: + std::shared_ptr tlsContextPointer_ = nullptr; +private: + std::string hostName_; + uint16_t port_ = 0; + std::vector signatureAlgorithms_; + sa_family_t family_ = 0; + NetAddress address_; + struct ssl_st *ssl_ = nullptr; + X509 *peerX509_ = nullptr; + std::string remoteCert_; + std::string passwd_; + TLSConfiguration configuration_; + bool allowRootCertOnDemandLoading_ = false; + int32_t socketDescriptor_ = 0; + RecvCallback recvCallback_; + ErrorCallback errorCallback_; +}; +} } // namespace OHOS::NetStack +#endif // COMMUNICATIONNETSTACK_TLS_SOCKET_INTERNAL_H diff --git a/interfaces/innerkits/tls_socket/include/tls_socket.h b/interfaces/innerkits/tls_socket/include/tls_socket.h new file mode 100644 index 0000000000000000000000000000000000000000..11e021e01bff5a6ac6046c9171f2073be793155e --- /dev/null +++ b/interfaces/innerkits/tls_socket/include/tls_socket.h @@ -0,0 +1,473 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef COMMUNICATIONNETSTACK_TLS_SOCEKT_H +#define COMMUNICATIONNETSTACK_TLS_SOCEKT_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "extra_options_base.h" +#include "net_address.h" +#include "socket_remote_info.h" +#include "socket_state_base.h" +#include "tcp_connect_options.h" +#include "tcp_extra_options.h" +#include "tcp_send_options.h" + +#include "tls_key.h" +#include "tls_certificate.h" +#include "tls_configuration.h" +#include "tls_context.h" +#include "tls_socket_internal.h" + +namespace OHOS { +namespace NetStack { + +using BindCallback = std::function; +using ConnectCallback = std::function; +using SendCallback = std::function; +using CloseCallback = std::function; +using GetRemoteAddressCallback = std::function; +using GetStateCallback = std::function; +using SetExtraOptionsCallback = std::function; +using GetCertificateCallback = std::function; +using GetRemoteCertificateCallback = std::function; +using GetProtocolCallback = std::function; +using GetCipherSuiteCallback = std::function &suite)>; +using GetSignatureAlgorithmsCallback = std::function &algorithms)>; + +using OnMessageCallback = std::function; +using OnConnectCallback = std::function; +using OnCloseCallback = std::function; +using OnErrorCallback = std::function; + +using CheckServerIdentity = + std::function(const std::string &hostName, + const std::vector &x509Certificates)>; + +static constexpr const char *PROTOCOL_TLS_V12 = "TLSv1.2"; +static constexpr const char *PROTOCOL_TLS_V13 = "TLSv1.3"; + +static constexpr const char *ALPN_PROTOCOLS_HTTP_1_1 = "http1.1"; +static constexpr const char *ALPN_PROTOCOLS_HTTP_2 = "h2"; + +/** +* TODO: +*/ +class TLSSecureOptions { +public: + TLSSecureOptions() = default; + ~TLSSecureOptions() = default; + + TLSSecureOptions& operator=(const TLSSecureOptions &tlsSecureOptions); + /** + * set root CA Chain to verify the server cert + * @param caChain root certificate chain to verify the server + */ + void SetCaChain(const std::vector &caChain); + + /** + * set cert chain to send to server/client for check + * @param certChain cert chain to send to server/client for check + */ + void SetCert(const std::string &cert); + + /** + * set key chain to decrypt server data + * @param keyChain key chain to decrypt server data + */ + void SetKey(const std::string &key); + + /** + * set cert password + * @param passwd creating cert used password + */ + void SetPassWd(const std::string &passwd); + + /** + * set protocol Chain to encryption data + * @param protocolChain protocol Chain to encryption data + */ + void SetProtocolChain(const std::vector &protocolChain); + + /** + * set flag use Remote Cipher Prefer + * @param useRemoteCipherPrefer is use Remote Cipher Prefer + */ + void SetUseRemoteCipherPrefer(bool useRemoteCipherPrefer); + + /** + * set signature Algorithms for encryption/decrypt data + * @param signatureAlgorithms signature Algorithms e.g: rsa + */ + void SetSignatureAlgorithms(const std::string &signatureAlgorithms); + + /** + * set cipher Suite + * @param cipherSuite cipher Suite + */ + void SetCipherSuite(const std::string &cipherSuite); + + /** + * set crl chain for to creat cert chain + * @param crlChain crl chain for to creat cert chain TODO:: + */ + void SetCrlChain(const std::vector &crlChain); + + /** + * get root CA Chain to verify the server cert + * @return root CA Chain to verify the server cert + */ + [[nodiscard]] const std::vector& GetCaChain() const; + + /** + * get cert chain to send to server/client for check + * @return cert chain to send to server/client for check + */ + [[nodiscard]] const std::string& GetCert() const; + + /** + * get key chain to decrypt server data + * @return key chain to decrypt server data + */ + [[nodiscard]] const std::string& GetKey() const; + + /** + * get cert creat used password + * @return password + */ + [[nodiscard]] const std::string& GetPasswd() const; + + /** + * get protocol Chain to encryption data + * @return protocol Chain to encryption data + */ + [[nodiscard]] const std::vector& GetProtocolChain() const; + + /** + * get flag use Remote Cipher Prefer + * @return is use Remote Cipher Prefer + */ + [[nodiscard]] bool UseRemoteCipherPrefer() const; + + /** + * get signature Algorithms for encryption/decrypt data + * @return signature Algorithms for encryption/decrypt data + */ + [[nodiscard]] const std::string& GetSignatureAlgorithms() const; + + /** + * get cipher suite + * @return cipher suite + */ + [[nodiscard]] const std::string& GetCipherSuite() const; + + /** + * get crl chain for to creat cert chain + * @return crl chain for to creat cert chain + */ + [[nodiscard]] const std::vector& GetCrlChain() const; + +private: + std::vector caChain_; + std::string cert_; + std::string key_; + std::string passwd_; + std::vector protocolChain_; + bool useRemoteCipherPrefer_ = false; + std::string signatureAlgorithms_; + std::string cipherSuite_; + std::vector crlChain_; +}; + +/** + * tls connect options + */ +class TLSConnectOptions { +public: + /** + * Set Net Socket Address + * @param address socket address + */ + void SetNetAddress(const NetAddress &address); + + /** + * Set Tls Secure Options + * @param tlsSecureOptions class TLSSecureOptions + */ + void SetTlsSecureOptions(TLSSecureOptions &tlsSecureOptions); + + /** + * Check Server Identity + * @param checkServerIdentity TODO:: + */ + void SetCheckServerIdentity(const CheckServerIdentity &checkServerIdentity); + + /** + * Set Alpn Protocols + * @param alpnProtocols alpn Protocols + */ + void SetAlpnProtocols(const std::vector &alpnProtocols); + + /** + * Get Net Socket Address + * @return net socket address + */ + [[nodiscard]] NetAddress GetNetAddress() const; + + /** + * Get TLS Secure Options + * @return tls secure options + */ + [[nodiscard]] TLSSecureOptions GetTlsSecureOptions() const; + + /** + * Check Server Indentity + * @return Server Indentity + */ + [[nodiscard]] CheckServerIdentity GetCheckServerIdentity() const; + + /** + * Get Alpn Protocols + * @return alpn protocols + */ + [[nodiscard]] const std::vector& GetAlpnProtocols() const; + +private: + NetAddress address_; + TLSSecureOptions tlsSecureOptions_; + CheckServerIdentity checkServerIdentity_; + std::vector alpnProtocols_; +}; + +/** + * TLS socket interface class + */ +class TLSSocket { +public: + TLSSocket(const TLSSocket &) = delete; + TLSSocket(TLSSocket &&) = delete; + + TLSSocket &operator=(const TLSSocket &) = delete; + TLSSocket &operator=(TLSSocket &&) = delete; + + TLSSocket() = default; + ~TLSSocket(); + + /** + * Establish Bind Monitor + * @param address Ip address + * @param callback callback + */ + void Bind(const NetAddress &address, const BindCallback &callback); + + /** + * Establish connection + * @param tlsConnectOptions tls connect options + * @param callback callback + */ + void Connect(TLSConnectOptions &tlsConnectOptions, const ConnectCallback &callback); + + /** + * Send Data + * @param tcpSendOptions tcp send options + * @param callback callback + */ + void Send(const TCPSendOptions &tcpSendOptions, const SendCallback &callback); + + /** + * Close + * @param callback callback + */ + void Close(const CloseCallback &callback); + + /** + * Get Remote Address + * @param callback callback + */ + void GetRemoteAddress(const GetRemoteAddressCallback &callback); + + /** + * Get Tls State + * @param callback callback state data + */ + void GetState(const GetStateCallback &callback); + + /** + * Set Extra Options + * @param tcpExtraOptions tcp extra options + * @param callback callback extra options + */ + void SetExtraOptions(const TCPExtraOptions &tcpExtraOptions, const SetExtraOptionsCallback &callback); + + /** + * Get Certificate + * @param callback callback certificate + */ + void GetCertificate(const GetCertificateCallback &callback); + + /** + * Get Remote Certificate + * @param needChain need chain + * @param callback callback get remote certificate + */ + void GetRemoteCertificate(const GetRemoteCertificateCallback &callback); + + /** + * Get Protocol + * @param callback callback protocol + */ + void GetProtocol(const GetProtocolCallback &callback); + + /** + * Get Cipher Suite + * @param callback callback cipher suite + */ + void GetCipherSuite(const GetCipherSuiteCallback &callback); + + /** + * Get Signature Algorithms + * @param callback callback signature algorithms + */ + void GetSignatureAlgorithms(const GetSignatureAlgorithmsCallback &callback); + + /** + * On Message + * @param onMessageCallback callback on message + */ + void OnMessage(const OnMessageCallback &onMessageCallback); + + /** + * On Connect + * @param onConnectCallback callback on connect + */ + void OnConnect(const OnConnectCallback &onConnectCallback); + + /** + * On Close + * @param onCloseCallback callback on close + */ + void OnClose(const OnCloseCallback &onCloseCallback); + + /** + * On Error + * @param onErrorCallback callback on error + */ + void OnError(const OnErrorCallback &onErrorCallback); + + /** + * On Error + * @param onErrorCallback callback on error + */ + void OffMessage(); + + /** + * Off Connect + */ + void OffConnect(); + + /** + * Off Close + */ + void OffClose(); + + /** + * Off Error + */ + void OffError(); + +private: + class OpenSSLContext { + public: + TLSContext tlsContext_; + TLSConfiguration tlsConfiguration_; + TLSCertificate tlsCertificate_; + TLSKey tlsKey_; + TLSSocketInternal tlsSocketInternal_; + }; + OpenSSLContext openSslContext_; + static std::string MakeErrnoString(); + + static std::string MakeAddressString(sockaddr *addr); + + static void + GetAddr(const NetAddress &address, sockaddr_in *addr4, sockaddr_in6 *addr6, sockaddr **addr, socklen_t *len); + + void CallOnMessageCallback(const std::string &data, const SocketRemoteInfo &remoteInfo); + void CallOnConnectCallback(); + void CallOnCloseCallback(); + void CallOnErrorCallback(int32_t err, const std::string &errString); + + void CallBindCallback(bool ok, const BindCallback &callback); + void CallConnectCallback(bool ok, const ConnectCallback &callback); + void CallSendCallback(bool ok, const SendCallback &callback); + void CallCloseCallback(bool ok, const CloseCallback &callback); + void CallGetRemoteAddressCallback(bool ok, const NetAddress &address, const GetRemoteAddressCallback &callback); + void CallGetStateCallback(bool ok, const SocketStateBase &state, const GetStateCallback &callback); + void CallSetExtraOptionsCallback(bool ok, const SetExtraOptionsCallback &callback); + void CallGetCertificateCallback(bool ok, const std::string &cert); + void CallGetRemoteCertificateCallback(bool ok, const std::string &cert); + void CallGetProtocolCallback(bool ok, const std::string &protocol); + void CallGetCipherSuiteCallback(bool ok, const std::vector &suite); + void CallGetSignatureAlgorithmsCallback(bool ok, const std::vector& algorithms); + + void StartReadMessage(); + + void GetIp4RemoteAddress(const GetRemoteAddressCallback &callback); + void GetIp6RemoteAddress(const GetRemoteAddressCallback &callback); + + [[nodiscard]] bool SetBaseOptions(const ExtraOptionsBase &option) const; + [[nodiscard]] bool SetExtraOptions(const TCPExtraOptions &option) const; + + void MakeTcpSocket(sa_family_t family); + + static constexpr const size_t MAX_ERROR_LEN = 128; + static constexpr const size_t MAX_BUFFER_SIZE = 8192; + + OnMessageCallback onMessageCallback_; + OnConnectCallback onConnectCallback_; + OnCloseCallback onCloseCallback_; + OnErrorCallback onErrorCallback_; + + BindCallback bindCallback_; + ConnectCallback connectCallback_; + SendCallback sendCallback_; + CloseCallback closeCallback_; + GetRemoteAddressCallback getRemoteAddressCallback_; + GetStateCallback getStateCallback_; + SetExtraOptionsCallback setExtraOptionsCallback_; + GetCertificateCallback getCertificateCallback_; + GetRemoteCertificateCallback getRemoteCertificateCallback_; + GetProtocolCallback getProtocolCallback_; + GetCipherSuiteCallback getCipherSuiteCallback_; + GetSignatureAlgorithmsCallback getSignatureAlgorithmsCallback_; + + std::mutex mutex_; + bool isRunning_ = false; + bool isRunOver_ = true; + + int sockFd_ = -1; +}; +} } // namespace OHOS::NetStack + +#endif // COMMUNICATIONNETSTACK_TLS_SOCEKT_H