/Users/deen/code/yugabyte-db/src/yb/rpc/secure_stream.h
Line | Count | Source |
1 | | // Copyright (c) YugaByte, Inc. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except |
4 | | // in compliance with the License. You may obtain a copy of the License at |
5 | | // |
6 | | // http://www.apache.org/licenses/LICENSE-2.0 |
7 | | // |
8 | | // Unless required by applicable law or agreed to in writing, software distributed under the License |
9 | | // is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
10 | | // or implied. See the License for the specific language governing permissions and limitations |
11 | | // under the License. |
12 | | // |
13 | | |
14 | | #ifndef YB_RPC_SECURE_STREAM_H |
15 | | #define YB_RPC_SECURE_STREAM_H |
16 | | |
17 | | #include <boost/version.hpp> |
18 | | |
19 | | #include "yb/rpc/rpc_fwd.h" |
20 | | |
21 | | #include "yb/util/enums.h" |
22 | | #include "yb/util/mem_tracker.h" |
23 | | |
24 | | typedef struct evp_pkey_st EVP_PKEY; |
25 | | typedef struct ssl_st SSL; |
26 | | typedef struct ssl_ctx_st SSL_CTX; |
27 | | typedef struct x509_st X509; |
28 | | |
29 | | namespace yb { |
30 | | namespace rpc { |
31 | | |
32 | | #define YB_RPC_SSL_TYPE_DECLARE(name) \ |
33 | | struct BOOST_PP_CAT(name, Free) { \ |
34 | | void operator()(name* value) const; \ |
35 | | }; \ |
36 | | \ |
37 | | typedef std::unique_ptr<name, BOOST_PP_CAT(name, Free)> BOOST_PP_CAT(name, Ptr); |
38 | | |
39 | | |
40 | | namespace detail { |
41 | | |
42 | | YB_RPC_SSL_TYPE_DECLARE(EVP_PKEY); |
43 | | YB_RPC_SSL_TYPE_DECLARE(SSL); |
44 | | YB_RPC_SSL_TYPE_DECLARE(SSL_CTX); |
45 | | YB_RPC_SSL_TYPE_DECLARE(X509); |
46 | | |
47 | | } // namespace detail |
48 | | |
49 | | class SecureContext { |
50 | | public: |
51 | | SecureContext(); |
52 | | |
53 | | SecureContext(const SecureContext&) = delete; |
54 | | void operator=(const SecureContext&) = delete; |
55 | | |
56 | | CHECKED_STATUS AddCertificateAuthority(const Slice& data); |
57 | | CHECKED_STATUS AddCertificateAuthorityFile(const std::string& file); |
58 | | |
59 | | CHECKED_STATUS UsePrivateKey(const Slice& data); |
60 | | CHECKED_STATUS UseCertificate(const Slice& data); |
61 | | |
62 | | // Generates and uses temporary keys, should be used only during testing. |
63 | | CHECKED_STATUS TEST_GenerateKeys(int bits, const std::string& common_name); |
64 | | |
65 | | detail::SSLPtr Create() const; |
66 | 3.50k | EVP_PKEY* private_key() const { return pkey_.get(); } |
67 | 3.50k | X509* certificate() const { return certificate_.get(); } |
68 | | |
69 | 42 | void set_require_client_certificate(bool value) { |
70 | 42 | require_client_certificate_ = value; |
71 | 42 | } |
72 | | |
73 | 5.47k | bool require_client_certificate() const { |
74 | 5.47k | return require_client_certificate_; |
75 | 5.47k | } |
76 | | |
77 | 42 | void set_use_client_certificate(bool value) { |
78 | 42 | use_client_certificate_ = value; |
79 | 42 | } |
80 | | |
81 | 2.45k | bool use_client_certificate() const { |
82 | 2.45k | return use_client_certificate_; |
83 | 2.45k | } |
84 | | |
85 | 198 | void set_required_uid(const std::string& value) { |
86 | 198 | required_uid_ = value; |
87 | 198 | } |
88 | | |
89 | 3.16k | const std::string& required_uid() const { |
90 | 3.16k | return required_uid_; |
91 | 3.16k | } |
92 | | |
93 | | private: |
94 | | CHECKED_STATUS AddCertificateAuthority(X509* cert); |
95 | | |
96 | | detail::SSL_CTXPtr context_; |
97 | | detail::EVP_PKEYPtr pkey_; |
98 | | detail::X509Ptr certificate_; |
99 | | bool require_client_certificate_ = false; |
100 | | bool use_client_certificate_ = false; |
101 | | std::string required_uid_; |
102 | | }; |
103 | | |
104 | | const Protocol* SecureStreamProtocol(); |
105 | | StreamFactoryPtr SecureStreamFactory( |
106 | | StreamFactoryPtr lower_layer_factory, const MemTrackerPtr& buffer_tracker, |
107 | | const SecureContext* context); |
108 | | |
109 | | } // namespace rpc |
110 | | } // namespace yb |
111 | | |
112 | | #endif // YB_RPC_SECURE_STREAM_H |