Google Git
Sign in
fuchsia/third_party/asio/refs/heads/upstream/apple-network-framework^!/.
commit
89b321dd4d892e4ad9c9e8b9321da7941bd8427a
[log]
author
Christopher Kohlhoff <chris@kohlhoff.com>
Wed May 27 10:28:50 2020 +1000
committer
Christopher Kohlhoff <chris@kohlhoff.com>
Sat Feb 06 18:16:22 2021 +1100
tree
e08a419393ccecee8484818363f853bf1119c4aa
parent
bee4269888302841d5c4073fe149f6dc143bf462 [diff]
Add security::server_name and security::on_certificate_verify options.

diff --git a/asio/include/asio/security/on_certificate_verify.hpp b/asio/include/asio/security/on_certificate_verify.hpp
new file mode 100644
index 0000000..36205dd
--- /dev/null
+++ b/asio/include/asio/security/on_certificate_verify.hpp

@@ -0,0 +1,104 @@
+//
+// security/on_certificate_verify.hpp
+// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+//
+// Copyright (c) 2003-2021 Christopher M. Kohlhoff (chris at kohlhoff dot com)
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+#ifndef ASIO_SECURITY_ON_CERTIFICATE_VERIFY_HPP
+#define ASIO_SECURITY_ON_CERTIFICATE_VERIFY_HPP
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1200)
+# pragma once
+#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
+
+#include "asio/detail/config.hpp"
+
+#if defined(ASIO_HAS_APPLE_NETWORK_FRAMEWORK)
+
+#include "asio/detail/apple_nw_ptr.hpp"
+#include <Network/Network.h>
+
+#include "asio/detail/push_options.hpp"
+
+namespace asio {
+namespace security {
+
+/// Socket option to set the certificate verification callback.
+template <typename Function>
+class on_certificate_verify
+{
+public:
+  explicit on_certificate_verify(Function f)
+    : f_(ASIO_MOVE_CAST(Function)(f))
+  {
+  }
+
+  // The following functions comprise the extensible interface for the
+  // SettableSocketOption concept when targeting the Apple Network Framework.
+
+  // Set the socket option on the specified connection.
+  static void apple_nw_set(const void* self, nw_parameters_t parameters,
+      nw_connection_t, asio::error_code& ec)
+  {
+    static_cast<const on_certificate_verify*>(self)->do_set(parameters, ec);
+  }
+
+  // Set the socket option on the specified listener.
+  static void apple_nw_set(const void* self,
+      nw_parameters_t parameters, nw_listener_t,
+      asio::error_code& ec)
+  {
+    static_cast<const on_certificate_verify*>(self)->do_set(parameters, ec);
+  }
+
+private:
+  void do_set(nw_parameters_t parameters, asio::error_code& ec) const
+  {
+    asio::detail::apple_nw_ptr<nw_protocol_stack_t> protocol_stack(
+        nw_parameters_copy_default_protocol_stack(parameters));
+
+    asio::detail::apple_nw_ptr<nw_protocol_definition_t> tls_definition(
+        nw_protocol_copy_tls_definition());
+
+    nw_protocol_stack_iterate_application_protocols(protocol_stack,
+        ^(nw_protocol_options_t protocol)
+        {
+          asio::detail::apple_nw_ptr<nw_protocol_definition_t> definition(
+              nw_protocol_options_copy_definition(protocol));
+
+          if (nw_protocol_definition_is_equal(definition, tls_definition))
+          {
+            asio::detail::apple_nw_ptr<sec_protocol_options_t> sec_options(
+                nw_tls_copy_sec_protocol_options(protocol));
+
+            __block Function f(f_);
+            sec_protocol_options_set_verify_block(sec_options,
+                Block_copy(
+                  ^(sec_protocol_metadata_t metadata,
+                  sec_trust_t trust_ref,
+                  sec_protocol_verify_complete_t complete)
+                {
+                  f(metadata, trust_ref, complete);
+                }),
+                dispatch_get_global_queue(QOS_CLASS_USER_INITIATED, 0));
+          }
+        });
+
+    ec = asio::error_code();
+  }
+
+  Function f_;
+};
+
+} // namespace security
+} // namespace asio
+
+#include "asio/detail/pop_options.hpp"
+
+#endif // defined(ASIO_HAS_APPLE_NETWORK_FRAMEWORK)
+
+#endif // ASIO_SECURITY_ON_CERTIFICATE_VERIFY_HPP

diff --git a/asio/include/asio/security/server_name.hpp b/asio/include/asio/security/server_name.hpp
new file mode 100644
index 0000000..274ea99
--- /dev/null
+++ b/asio/include/asio/security/server_name.hpp

@@ -0,0 +1,95 @@
+//
+// security/server_name.hpp
+// ~~~~~~~~~~~~~~~~~~~~~~~~
+//
+// Copyright (c) 2003-2021 Christopher M. Kohlhoff (chris at kohlhoff dot com)
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+#ifndef ASIO_SECURITY_SERVER_NAME_HPP
+#define ASIO_SECURITY_SERVER_NAME_HPP
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1200)
+# pragma once
+#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
+
+#include "asio/detail/config.hpp"
+
+#if defined(ASIO_HAS_APPLE_NETWORK_FRAMEWORK)
+
+#include <string>
+#include "asio/detail/apple_nw_ptr.hpp"
+#include <Network/Network.h>
+
+#include "asio/detail/push_options.hpp"
+
+namespace asio {
+namespace security {
+
+/// Socket option to set the server name for verification
+class server_name
+{
+public:
+  explicit server_name(const std::string& name)
+    : name_(name)
+  {
+  }
+
+  // The following functions comprise the extensible interface for the
+  // SettableSocketOption concept when targeting the Apple Network Framework.
+
+  // Set the socket option on the specified connection.
+  static void apple_nw_set(const void* self, nw_parameters_t parameters,
+      nw_connection_t, asio::error_code& ec)
+  {
+    static_cast<const server_name*>(self)->do_set(parameters, ec);
+  }
+
+  // Set the socket option on the specified listener.
+  static void apple_nw_set(const void* self,
+      nw_parameters_t parameters, nw_listener_t,
+      asio::error_code& ec)
+  {
+    static_cast<const server_name*>(self)->do_set(parameters, ec);
+  }
+
+private:
+  void do_set(nw_parameters_t parameters, asio::error_code& ec) const
+  {
+    asio::detail::apple_nw_ptr<nw_protocol_stack_t> protocol_stack(
+        nw_parameters_copy_default_protocol_stack(parameters));
+
+    asio::detail::apple_nw_ptr<nw_protocol_definition_t> tls_definition(
+        nw_protocol_copy_tls_definition());
+
+    nw_protocol_stack_iterate_application_protocols(protocol_stack,
+        ^(nw_protocol_options_t protocol)
+        {
+          asio::detail::apple_nw_ptr<nw_protocol_definition_t> definition(
+              nw_protocol_options_copy_definition(protocol));
+
+          if (nw_protocol_definition_is_equal(definition, tls_definition))
+          {
+            asio::detail::apple_nw_ptr<sec_protocol_options_t> sec_options(
+                nw_tls_copy_sec_protocol_options(protocol));
+
+            sec_protocol_options_set_tls_server_name(sec_options, name_.c_str());
+          }
+        });
+
+    ec = asio::error_code();
+  }
+
+  std::string name_;
+};
+
+} // namespace security
+} // namespace asio
+
+#include "asio/detail/pop_options.hpp"
+
+#endif // defined(ASIO_HAS_APPLE_NETWORK_FRAMEWORK)
+
+#endif // ASIO_SECURITY_SERVER_NAME_HPP

diff --git a/asio/include/netx.hpp b/asio/include/netx.hpp
index 6f99d6b..b9f69ed 100644
--- a/asio/include/netx.hpp
+++ b/asio/include/netx.hpp

@@ -23,6 +23,8 @@
 #include "asio/generic/stream_protocol.hpp"
 #include "asio/generic/host.hpp"
 #include "asio/ip/tls_tcp.hpp"
+#include "asio/security/on_certificate_verify.hpp"
+#include "asio/security/server_name.hpp"
 #include "asio/use_awaitable.hpp"
 
 namespace netx
@@ -36,6 +38,7 @@
   using generic_datagram_socket = asio::generic::datagram_protocol::socket;
   using generic_stream_socket = asio::generic::stream_protocol::socket;
   namespace ip { using asio::ip::tls_tcp; }
+  namespace security = asio::security;
 }
 
 #endif // NETX_HPP

diff --git a/asio/src/examples/cpp20/https_client_with_verify.cpp b/asio/src/examples/cpp20/https_client_with_verify.cpp
new file mode 100644
index 0000000..4e21e62
--- /dev/null
+++ b/asio/src/examples/cpp20/https_client_with_verify.cpp

@@ -0,0 +1,57 @@
+// Compile with:
+//
+//   g++ -std=c++2a -fcoroutines-ts -Wall -Wextra -Ipath-to-asio/include \
+//     -DASIO_HAS_APPLE_NETWORK_FRAMEWORK -o https_client https_client.cpp \
+//     -framework Network -framework Security
+
+#include <net.hpp>
+#include <netx.hpp>
+#include <iostream>
+
+using default_token = netx::as_single_t<netx::use_awaitable_t<>>;
+using socket_type = default_token::as_default_on_t<netx::generic_stream_socket>;
+
+netx::awaitable<void> run(net::io_context& ctx)
+{
+  socket_type socket(ctx);
+  socket.open(netx::ip::tls_tcp::any());
+
+  socket.set_option(netx::security::server_name("www.boost.org"));
+
+  socket.set_option(netx::security::on_certificate_verify(
+        [](auto /*metadata*/, auto /*trust*/, auto complete)
+        {
+          std::cout << "verifying certificate\n";
+          complete(true);
+        }));
+
+  co_await socket.async_connect(netx::host(netx::ip::tls_tcp::any(), "www.boost.org", "443"));
+
+  std::cout << "Sending request" << std::endl;
+  std::string request("GET /LICENSE_1_0.txt HTTP/1.0\r\nHost: www.boost.org\r\n\r\n");
+  auto [err1, n1] = co_await net::async_write(socket, net::buffer(request));
+  if (err1)
+  {
+    std::cerr << "failed to send request" << std::endl;
+    co_return;
+  }
+
+  std::cout << "Sent request, waiting for response" << std::endl;
+  std::string response;
+  auto [err2, n2] = co_await net::async_read(socket, net::dynamic_buffer(response));
+  if (err2 && err2 != net::stream_errc::eof)
+  {
+    std::cerr << "failed to receive response" << std::endl;
+    co_return;
+  }
+
+  std::cout << "Received response" << std::endl;
+  std::cout << response << std::endl;
+}
+
+int main()
+{
+  net::io_context ctx;
+  netx::co_spawn(ctx, run(ctx), netx::detached);
+  ctx.run();
+}