1 /* 2 * Copyright (c) Facebook, Inc. and its affiliates. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <vector> 20 21 #include <folly/io/IOBuf.h> 22 23 namespace apache { 24 namespace thrift { 25 26 constexpr uint8_t kTLSPeekBytes = 9; 27 28 class TLSHelper { 29 public: 30 enum class Alert : uint8_t { 31 UNEXPECTED_MESSAGE = 10, 32 }; 33 34 /** 35 * Checks whether or not the peeked bytes look like TLS bytes and not 36 * thrift bytes. 37 */ 38 static bool looksLikeTLS(const std::vector<uint8_t>& bytes); 39 40 /** 41 * Returns an alert message corresponding to an unexpected SSL message. 42 * This is meant to deal with the fact that openssl does not provide 43 * a method to serialize plaintext, and only serializes alerts that can 44 * be sent over plaintext. 45 */ 46 static std::unique_ptr<folly::IOBuf> getPlaintextAlert( 47 uint8_t major, uint8_t minor, Alert alert); 48 }; 49 } // namespace thrift 50 } // namespace apache 51