1 /*
2    BAREOS® - Backup Archiving REcovery Open Sourced
3 
4    Copyright (C) 2005-2009 Free Software Foundation Europe e.V.
5    Copyright (C) 2013-2020 Bareos GmbH & Co. KG
6 
7    This program is Free Software; you can redistribute it and/or
8    modify it under the terms of version two of the GNU Lesser General
9    Public License as published by the Free Software Foundation plus
10    additions in the file LICENSE.
11 
12    This program is distributed in the hope that it will be useful, but
13    WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15    Lesser Affero General Public License for more details.
16 
17    You should have received a copy of the GNU Affero General Public License
18    along with this program; if not, write to the Free Software
19    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20    02110-1301, USA.
21 */
22 /*
23  * tls.h TLS support functions
24  *
25  * Author: Landon Fuller <landonf@threerings.net>
26  */
27 
28 #ifndef BAREOS_LIB_TLS_H_
29 #define BAREOS_LIB_TLS_H_
30 
31 #include "include/bareos.h"
32 #include "lib/get_tls_psk_by_fqname_callback.h"
33 
34 class BareosSocket;
35 class JobControlRecord;
36 class PskCredentials;
37 
38 class Tls {
39  public:
40   Tls();
41   virtual ~Tls();
42   Tls(Tls& other) = delete;
43 
44   virtual bool init() = 0;
45 
46   enum class TlsImplementationType
47   {
48     kTlsUnknown,
49     kTlsOpenSsl
50   };
51   static Tls* CreateNewTlsContext(Tls::TlsImplementationType type);
52 
53   virtual void SetTlsPskClientContext(const PskCredentials& credentials) = 0;
54   virtual void SetTlsPskServerContext(ConfigurationParser* config) = 0;
55 
56   virtual bool TlsPostconnectVerifyHost(JobControlRecord* jcr, const char* host)
57       = 0;
58   virtual bool TlsPostconnectVerifyCn(
59       JobControlRecord* jcr,
60       const std::vector<std::string>& verify_list)
61       = 0;
62 
63   virtual bool TlsBsockAccept(BareosSocket* bsock) = 0;
64   virtual int TlsBsockWriten(BareosSocket* bsock, char* ptr, int32_t nbytes)
65       = 0;
66   virtual int TlsBsockReadn(BareosSocket* bsock, char* ptr, int32_t nbytes) = 0;
67   virtual bool TlsBsockConnect(BareosSocket* bsock) = 0;
68   virtual void TlsBsockShutdown(BareosSocket* bsock) = 0;
69   virtual void TlsLogConninfo(JobControlRecord* jcr,
70                               const char* host,
71                               int port,
72                               const char* who) const = 0;
TlsCipherGetName()73   virtual std::string TlsCipherGetName() const { return std::string(); }
74 
75   virtual void SetCipherList(const std::string& cipherlist) = 0;
76   virtual void SetProtocol(const std::string& version) = 0;
77 
78   virtual void Setca_certfile_(const std::string& ca_certfile) = 0;
79   virtual void SetCaCertdir(const std::string& ca_certdir) = 0;
80   virtual void SetCrlfile(const std::string& crlfile_) = 0;
81   virtual void SetCertfile(const std::string& certfile_) = 0;
82   virtual void SetKeyfile(const std::string& keyfile_) = 0;
83   virtual void SetPemCallback(CRYPTO_PEM_PASSWD_CB pem_callback) = 0;
84   virtual void SetPemUserdata(void* pem_userdata) = 0;
85   virtual void SetDhFile(const std::string& dhfile_) = 0;
86   virtual void SetVerifyPeer(const bool& verify_peer) = 0;
87   virtual void SetTcpFileDescriptor(const int& fd) = 0;
88 };
89 
90 #endif /* BAREOS_LIB_TLS_H_ */
91