Bbowenliu1030 CM patch
7ab5b2eb创建于 2022年11月7日历史提交
/*
 * Copyright (c) 2021 Huawei Technologies Co.,Ltd.
 *
 * CM is licensed under Mulan PSL v2.
 * You can use this software according to the terms and conditions of the Mulan PSL v2.
 * You may obtain a copy of Mulan PSL v2 at:
 *
 *          http://license.coscl.org.cn/MulanPSL2
 *
 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
 * See the Mulan PSL v2 for more details.
 * -------------------------------------------------------------------------
 *
 * cs_ssl.h
 *
 *
 * IDENTIFICATION
 *    include/cm/cs_ssl.h
 *
 * -------------------------------------------------------------------------
 */

#ifndef CS_SSL_H
#define CS_SSL_H

#include "cm_defs.h"
#include "cm_ssl_base.h"
#include "utils/syscall_lock.h"

#ifdef __cplusplus
extern "C" {
#endif

typedef enum {
    SERVER_CIPHER,
    CLIENT_CIPHER,
    HADR_CIPHER
} CipherMode;

typedef struct st_ssl_config {
    char *ca_file;
    char *cert_file;
    char *key_file;
    char *key_password;
    char *crl_file;
    char *cipher;
    bool verify_peer;
} ssl_config_t;

typedef enum en_ssl_verify {
    VERIFY_SSL,
    VERIFY_CERT,
    VERIFY_ISSUER,
    VERIFY_SUBJECT
} ssl_verify_t;

typedef enum en_cert_type {
    CERT_TYPE_SERVER_CERT,
    CERT_TYPE_CA_CERT
} cert_type_t;

/**
 * create a new ssl context object for acceptor (server side).
 * @param [in]   ca_file      SSL CA file path
 * @param [in]   cert_file    SSL certificate file path
 * @param [in]   key_file     SSL private key file path
 * @param [in]   verify_client Indicates whether verify the client cert
 * @return  ssl context worked as a framework for ssl/tls function on success, NULL on failure
 */
ssl_ctx_t *cm_ssl_create_acceptor_fd(ssl_config_t *config);

/**
 * create a new ssl context object for connector (client side).
 * @param [in]   ca_file      SSL CA file path
 * @param [in]   cert_file    SSL certificate file path
 * @param [in]   key_file     SSL private key file path
 * @param [in]   is_client    setting for ssl
 * @return  ssl context worked as a framework for ssl/tls function on success, NULL on failure
 */
ssl_ctx_t *cm_ssl_create_connector_fd(ssl_config_t *config);

/**
 * free a ssl context object.
 * @param [in] pSslContext ssl context
 * @return  void
 */
void cm_ssl_free_context(ssl_ctx_t *sslCtx);

/**
 * accept a client with a tcp socket
 * @param [in,out]  link   ssl link with context created
 * @param [in]      sock   tcp socket already accepted
 * @param [in]      timeout       timeout, unit:ms; block if < 0
 * @return
 * @retval CM_SUCCESS  accept a client successfully
 * @retval GS_TIMEOUT  accept timeout, no incoming client
 * @retval CM_ERROR   ssl connection is shutdown
 */
status_t cm_cs_ssl_accept_socket(ssl_link_t *link, socket_t sock, uint32 timeout);

/**
 * create a ssl connect with a tcp socket
 * @param [in|out]  SSL link with context created
 * @param [in]      sock tcp socket already connected
 * @param [in]      timeout  timeout, unit: ms
 * @return
 * @retval CM_SUCCESS  connect to the server successfully
 * @retval GS_TIMEOUT  connect timeout
 * @retval CM_ERROR    ssl connection is shutdown or other errors
 */
status_t cm_ssl_connect_socket(ssl_link_t *link, socket_t sock, int32 timeout);

status_t cm_cs_ssl_accept(ssl_ctx_t *fd, cs_pipe_t *pipe);

/**
 * write specified number of bytes, till success or timeout
 * @param [in]      link      ssl socket link
 * @param [in]      buf       data buffer
 * @param [in]      size      input data length
 * @param [out]     send_size sent data length
 * @return
 * @retval CM_SUCCESS      write successfully
 * @retval CM_ERROR        other error
*/
status_t cm_cs_ssl_send(ssl_link_t *link, const char *buf, uint32 size, int32 *send_size);
status_t cm_cs_ssl_send_timed(ssl_link_t *link, const char *buf, uint32 size, uint32 timeout);

/**
 * read specified number of bytes, till success or timeout
 * @param [in]      link      ssl socket link
 * @param [in]      buf       data buffer
 * @param [in]      size      data buffer max length
 * @param [out]     recv_size read data length
 * @return
 * @retval CM_SUCCESS      write successfully
 * @retval CM_ERROR        other error
*/
status_t cm_cs_ssl_recv(ssl_link_t *link, char *buf, uint32 size, int32 *recv_size, uint32 *wait_event);

/**
 * wait on SSL socket, till success or timeout
 * @param [in]      link      ssl socket link
 * @param [in]      wait_for  wait event
 * @param [in]      timeout   wait timeout
 * @param [out]     ready     wait event occured
 * @return
 * @retval CM_SUCCESS      write successfully
 * @retval CM_ERROR        other error
 */
status_t cm_cs_ssl_wait(ssl_link_t *link, uint32 wait_for, int32 timeout, bool *ready);

/*
  Check ssl certificate file access permission,
  the file should not have group or world access permission

  @param[in] file_name    ssl certificate file name

  RETURN VALUES
  @retval CM_SUCCESS Success
  @retval CM_ERROR   Failed to verify
*/


status_t cm_ssl_verify_file_stat(const char *file_name);

void cm_ssl_ca_cert_expire(const ssl_ctx_t *ssl_context, int32 alert_day);

status_t cm_cs_ssl_connect(ssl_ctx_t *fd, cs_pipe_t *pipe);

bool ReadContentFromFile(const char *filename, void *content, size_t csize);

status_t cm_verify_ssl_key_pwd(char *plain, uint32 size, CipherMode mode);

void CsDisconnect(cs_pipe_t *pipe, int32 type, int32 *socket);

#ifdef __cplusplus
}
#endif

#endif