src/corosio/src/tls/context.cpp

Line	Hits	Source Code
1		//
2		// Copyright (c) 2025 Vinnie Falco (vinnie.falco@gmail.com)
3		// Copyright (c) 2026 Steve Gerbino
4		//
5		// Distributed under the Boost Software License, Version 1.0. (See accompanying
6		// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
7		//
8		// Official repository: https://github.com/cppalliance/corosio
9		//
10
11		#include <boost/corosio/tls_context.hpp>
12		#include "detail/context_impl.hpp"
13
14		#include <cerrno>
15		#include <fstream>
16		#include <sstream>
17
18		namespace boost::corosio {
19
20
21	✗	tls_context::tls_context() : impl_(std::make_shared<impl>()) {}
22
23		//
24		// Credential Loading
25		//
26
27		std::error_code
28	✗	tls_context::use_certificate(
29		std::string_view certificate, tls_file_format format)
30		{
31	✗	impl_->entity_certificate = std::string(certificate);
32	✗	impl_->entity_cert_format = format;
33	✗	return {};
34		}
35
36		std::error_code
37	✗	tls_context::use_certificate_file(
38		std::string_view filename, tls_file_format format)
39		{
40	✗	std::ifstream file(std::string(filename), std::ios::binary);
41	✗	if (!file)
42	✗	return std::error_code(ENOENT, std::generic_category());
43
44	✗	std::ostringstream ss;
45	✗	ss << file.rdbuf();
46	✗	impl_->entity_certificate = ss.str();
47	✗	impl_->entity_cert_format = format;
48	✗	return {};
49	✗	}
50
51		std::error_code
52	✗	tls_context::use_certificate_chain(std::string_view chain)
53		{
54	✗	impl_->certificate_chain = std::string(chain);
55	✗	return {};
56		}
57
58		std::error_code
59	✗	tls_context::use_certificate_chain_file(std::string_view filename)
60		{
61	✗	std::ifstream file(std::string(filename), std::ios::binary);
62	✗	if (!file)
63	✗	return std::error_code(ENOENT, std::generic_category());
64
65	✗	std::ostringstream ss;
66	✗	ss << file.rdbuf();
67	✗	impl_->certificate_chain = ss.str();
68	✗	return {};
69	✗	}
70
71		std::error_code
72	✗	tls_context::use_private_key(
73		std::string_view private_key, tls_file_format format)
74		{
75	✗	impl_->private_key = std::string(private_key);
76	✗	impl_->private_key_format = format;
77	✗	return {};
78		}
79
80		std::error_code
81	✗	tls_context::use_private_key_file(
82		std::string_view filename, tls_file_format format)
83		{
84	✗	std::ifstream file(std::string(filename), std::ios::binary);
85	✗	if (!file)
86	✗	return std::error_code(ENOENT, std::generic_category());
87
88	✗	std::ostringstream ss;
89	✗	ss << file.rdbuf();
90	✗	impl_->private_key = ss.str();
91	✗	impl_->private_key_format = format;
92	✗	return {};
93	✗	}
94
95		std::error_code
96	✗	tls_context::use_pkcs12(
97		std::string_view /data/, std::string_view /passphrase/)
98		{
99		// TODO: Implement PKCS#12 parsing
100	✗	return std::make_error_code(std::errc::function_not_supported);
101		}
102
103		std::error_code
104	✗	tls_context::use_pkcs12_file(
105		std::string_view /filename/, std::string_view /passphrase/)
106		{
107		// TODO: Implement PKCS#12 file loading
108	✗	return std::make_error_code(std::errc::function_not_supported);
109		}
110
111		//
112		// Trust Anchors
113		//
114
115		std::error_code
116	✗	tls_context::add_certificate_authority(std::string_view ca)
117		{
118	✗	impl_->ca_certificates.emplace_back(ca);
119	✗	return {};
120		}
121
122		std::error_code
123	✗	tls_context::load_verify_file(std::string_view filename)
124		{
125	✗	std::ifstream file(std::string(filename), std::ios::binary);
126	✗	if (!file)
127	✗	return std::error_code(ENOENT, std::generic_category());
128
129	✗	std::ostringstream ss;
130	✗	ss << file.rdbuf();
131	✗	impl_->ca_certificates.push_back(ss.str());
132	✗	return {};
133	✗	}
134
135		std::error_code
136	✗	tls_context::add_verify_path(std::string_view path)
137		{
138	✗	impl_->verify_paths.emplace_back(path);
139	✗	return {};
140		}
141
142		std::error_code
143	✗	tls_context::set_default_verify_paths()
144		{
145	✗	impl_->use_default_verify_paths = true;
146	✗	return {};
147		}
148
149		//
150		// Protocol Configuration
151		//
152
153		std::error_code
154	✗	tls_context::set_min_protocol_version(tls_version v)
155		{
156	✗	impl_->min_version = v;
157	✗	return {};
158		}
159
160		std::error_code
161	✗	tls_context::set_max_protocol_version(tls_version v)
162		{
163	✗	impl_->max_version = v;
164	✗	return {};
165		}
166
167		std::error_code
168	✗	tls_context::set_ciphersuites(std::string_view ciphers)
169		{
170	✗	impl_->ciphersuites = std::string(ciphers);
171	✗	return {};
172		}
173
174		std::error_code
175	✗	tls_context::set_alpn(std::initializer_list<std::string_view> protocols)
176		{
177	✗	impl_->alpn_protocols.clear();
178	✗	for (auto const& p : protocols)
179	✗	impl_->alpn_protocols.emplace_back(p);
180	✗	return {};
181		}
182
183		//
184		// Certificate Verification
185		//
186
187		std::error_code
188	✗	tls_context::set_verify_mode(tls_verify_mode mode)
189		{
190	✗	impl_->verification_mode = mode;
191	✗	return {};
192		}
193
194		std::error_code
195	✗	tls_context::set_verify_depth(int depth)
196		{
197	✗	impl_->verify_depth = depth;
198	✗	return {};
199		}
200
201		void
202	✗	tls_context::set_hostname(std::string_view hostname)
203		{
204	✗	impl_->hostname = std::string(hostname);
205	✗	}
206
207		void
208	✗	tls_context::set_servername_callback_impl(
209		std::function<bool(std::string_view)> callback)
210		{
211	✗	impl_->servername_callback = std::move(callback);
212	✗	}
213
214		void
215	✗	tls_context::set_password_callback_impl(
216		std::function<std::string(std::size_t, tls_password_purpose)> callback)
217		{
218	✗	impl_->password_callback = std::move(callback);
219	✗	}
220
221		//
222		// Revocation Checking
223		//
224
225		std::error_code
226	✗	tls_context::add_crl(std::string_view crl)
227		{
228	✗	impl_->crls.emplace_back(crl);
229	✗	return {};
230		}
231
232		std::error_code
233	✗	tls_context::add_crl_file(std::string_view filename)
234		{
235	✗	std::ifstream file(std::string(filename), std::ios::binary);
236	✗	if (!file)
237	✗	return std::error_code(ENOENT, std::generic_category());
238
239	✗	std::ostringstream ss;
240	✗	ss << file.rdbuf();
241	✗	impl_->crls.push_back(ss.str());
242	✗	return {};
243	✗	}
244
245		std::error_code
246	✗	tls_context::set_ocsp_staple(std::string_view response)
247		{
248	✗	impl_->ocsp_staple = std::string(response);
249	✗	return {};
250		}
251
252		void
253	✗	tls_context::set_require_ocsp_staple(bool require)
254		{
255	✗	impl_->require_ocsp_staple = require;
256	✗	}
257
258		void
259	✗	tls_context::set_revocation_policy(tls_revocation_policy policy)
260		{
261	✗	impl_->revocation = policy;
262	✗	}
263
264		} // namespace boost::corosio
265

1

//

2

3

4

//

5

// Distributed under the Boost Software License, Version 1.0. (See accompanying

6

// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)

7

//

8

// Official repository: https://github.com/cppalliance/corosio

9

//

10

11

#include <boost/corosio/tls_context.hpp>

12

#include "detail/context_impl.hpp"

13

14

#include <cerrno>

15

#include <fstream>

16

#include <sstream>

17

18

namespace boost::corosio {

19

20

21

✗

tls_context::tls_context() : impl_(std::make_shared<impl>()) {}

22

23

//

24

// Credential Loading

25

//

26

27

std::error_code

28

✗

tls_context::use_certificate(

29

std::string_view certificate, tls_file_format format)

30

{

31

✗

impl_->entity_certificate = std::string(certificate);

32

✗

impl_->entity_cert_format = format;

33

✗

return {};

34

}

35

36

std::error_code

37

✗

tls_context::use_certificate_file(

38

std::string_view filename, tls_file_format format)

39

{

40

✗

std::ifstream file(std::string(filename), std::ios::binary);

41

✗

if (!file)

42

✗

return std::error_code(ENOENT, std::generic_category());

43

44

✗

std::ostringstream ss;

45

✗

ss << file.rdbuf();

46

✗

impl_->entity_certificate = ss.str();

47

✗

impl_->entity_cert_format = format;

48

✗

return {};

49

✗

}

50

51

std::error_code

52

✗

tls_context::use_certificate_chain(std::string_view chain)

53

{

54

✗

impl_->certificate_chain = std::string(chain);

55

✗

return {};

56

}

57

58

std::error_code

59

✗

tls_context::use_certificate_chain_file(std::string_view filename)

60

{

61

✗

std::ifstream file(std::string(filename), std::ios::binary);

62

✗

if (!file)

63

✗

return std::error_code(ENOENT, std::generic_category());

64

65

✗

std::ostringstream ss;

66

✗

ss << file.rdbuf();

67

✗

impl_->certificate_chain = ss.str();

68

✗

return {};

69

✗

}

70

71

std::error_code

72

✗

tls_context::use_private_key(

73

std::string_view private_key, tls_file_format format)

74

{

75

✗

impl_->private_key = std::string(private_key);

76

✗

impl_->private_key_format = format;

77

✗

return {};

78

}

79

80

std::error_code

81

✗

tls_context::use_private_key_file(

82

std::string_view filename, tls_file_format format)

83

{

84

✗

std::ifstream file(std::string(filename), std::ios::binary);

85

✗

if (!file)

86

✗

return std::error_code(ENOENT, std::generic_category());

87

88

✗

std::ostringstream ss;

89

✗

ss << file.rdbuf();

90

✗

impl_->private_key = ss.str();

91

✗

impl_->private_key_format = format;

92

✗

return {};

93

✗

}

94

95

std::error_code

96

✗

tls_context::use_pkcs12(

97

std::string_view /*data*/, std::string_view /*passphrase*/)

98

{

99

// TODO: Implement PKCS#12 parsing

100

✗

return std::make_error_code(std::errc::function_not_supported);

101

}

102

103

std::error_code

104

✗

tls_context::use_pkcs12_file(

105

std::string_view /*filename*/, std::string_view /*passphrase*/)

106

{

107

// TODO: Implement PKCS#12 file loading

108

✗

return std::make_error_code(std::errc::function_not_supported);

109

}

110

111

//

112

// Trust Anchors

113

//

114

115

std::error_code

116

✗

tls_context::add_certificate_authority(std::string_view ca)

117

{

118

✗

impl_->ca_certificates.emplace_back(ca);

119

✗

return {};

120

}

121

122

std::error_code

123

✗

tls_context::load_verify_file(std::string_view filename)

124

{

125

✗

std::ifstream file(std::string(filename), std::ios::binary);

126

✗

if (!file)

127

✗

return std::error_code(ENOENT, std::generic_category());

128

129

✗

std::ostringstream ss;

130

✗

ss << file.rdbuf();

131

✗

impl_->ca_certificates.push_back(ss.str());

132

✗

return {};

133

✗

}

134

135

std::error_code

136

✗

tls_context::add_verify_path(std::string_view path)

137

{

138

✗

impl_->verify_paths.emplace_back(path);

139

✗

return {};

140

}

141

142

std::error_code

143

✗

tls_context::set_default_verify_paths()

144

{

145

✗

impl_->use_default_verify_paths = true;

146

✗

return {};

147

}

148

149

//

150

// Protocol Configuration

151

//

152

153

std::error_code

154

✗

tls_context::set_min_protocol_version(tls_version v)

155

{

156

✗

impl_->min_version = v;

157

✗

return {};

158

}

159

160

std::error_code

161

✗

tls_context::set_max_protocol_version(tls_version v)

162

{

163

✗

impl_->max_version = v;

164

✗

return {};

165

}

166

167

std::error_code

168

✗

tls_context::set_ciphersuites(std::string_view ciphers)

169

{

170

✗

impl_->ciphersuites = std::string(ciphers);

171

✗

return {};

172

}

173

174

std::error_code

175

✗

tls_context::set_alpn(std::initializer_list<std::string_view> protocols)

176

{

177

✗

impl_->alpn_protocols.clear();

178

✗

for (auto const& p : protocols)

179

✗

impl_->alpn_protocols.emplace_back(p);

180

✗

return {};

181

}

182

183

//

184

// Certificate Verification

185

//

186

187

std::error_code

188

✗

tls_context::set_verify_mode(tls_verify_mode mode)

189

{

190

✗

impl_->verification_mode = mode;

191

✗

return {};

192

}

193

194

std::error_code

195

✗

tls_context::set_verify_depth(int depth)

196

{

197

✗

impl_->verify_depth = depth;

198

✗

return {};

199

}

200

201

void

202

✗

tls_context::set_hostname(std::string_view hostname)

203

{

204

✗

impl_->hostname = std::string(hostname);

205

✗

}

206

207

void

208

✗

tls_context::set_servername_callback_impl(

209

std::function<bool(std::string_view)> callback)

210

{

211

✗

impl_->servername_callback = std::move(callback);

212

✗

}

213

214

void

215

✗

tls_context::set_password_callback_impl(

216

std::function<std::string(std::size_t, tls_password_purpose)> callback)

217

{

218

✗

impl_->password_callback = std::move(callback);

219

✗

}

220

221

//

222

// Revocation Checking

223

//

224

225

std::error_code

226

✗

tls_context::add_crl(std::string_view crl)

227

{

228

✗

impl_->crls.emplace_back(crl);

229

✗

return {};

230

}

231

232

std::error_code

233

✗

tls_context::add_crl_file(std::string_view filename)

234

{

235

✗

std::ifstream file(std::string(filename), std::ios::binary);

236

✗

if (!file)

237

✗

return std::error_code(ENOENT, std::generic_category());

238

239

✗

std::ostringstream ss;

240

✗

ss << file.rdbuf();

241

✗

impl_->crls.push_back(ss.str());

242

✗

return {};

243

✗

}

244

245

std::error_code

246

✗

tls_context::set_ocsp_staple(std::string_view response)

247

{

248

✗

impl_->ocsp_staple = std::string(response);

249

✗

return {};

250

}

251

252

void

253

✗

tls_context::set_require_ocsp_staple(bool require)

254

{

255

✗

impl_->require_ocsp_staple = require;

256

✗

}

257

258

void

259

✗

tls_context::set_revocation_policy(tls_revocation_policy policy)

260

{

261

✗

impl_->revocation = policy;

262

✗

}

263

264

} // namespace boost::corosio

265