Aktualizr
C++ SOTA Client
All Classes Namespaces Files Functions Variables Enumerations Enumerator Pages
p11engine.h
1 #ifndef P11ENGINE_H_
2 #define P11ENGINE_H_
3 
4 #include <memory>
5 
6 #include "libaktualizr/config.h"
7 
8 #include <openssl/engine.h>
9 #include <openssl/err.h>
10 #include "gtest/gtest_prod.h"
11 
12 #include "logging/logging.h"
13 
14 class P11ContextWrapper {
15  public:
16  explicit P11ContextWrapper(const boost::filesystem::path &module);
17  ~P11ContextWrapper();
18  P11ContextWrapper(const P11ContextWrapper &) = delete;
19  P11ContextWrapper &operator=(const P11ContextWrapper &) = delete;
20  PKCS11_ctx_st *get() const { return ctx; }
21 
22  private:
23  PKCS11_ctx_st *ctx;
24 };
25 
26 class P11SlotsWrapper {
27  public:
28  explicit P11SlotsWrapper(PKCS11_ctx_st *ctx_in);
29  ~P11SlotsWrapper();
30  P11SlotsWrapper(const P11SlotsWrapper &) = delete;
31  P11SlotsWrapper &operator=(const P11SlotsWrapper &) = delete;
32  PKCS11_slot_st *get_slots() const { return wslots_; }
33  unsigned int get_nslots() const { return nslots; }
34 
35  private:
36  PKCS11_ctx_st *ctx; // NOLINT
37  PKCS11_slot_st *wslots_;
38  unsigned int nslots;
39 };
40 
41 class P11EngineGuard;
42 
43 class P11Engine {
44  public:
45  P11Engine(const P11Engine &) = delete;
46  P11Engine &operator=(const P11Engine &) = delete;
47 
48  virtual ~P11Engine() {
49  if (ssl_engine_ != nullptr) {
50  ENGINE_finish(ssl_engine_);
51  ENGINE_free(ssl_engine_);
52  ENGINE_cleanup(); // for openssl < 1.1
53  }
54  }
55 
56  ENGINE *getEngine() { return ssl_engine_; }
57  std::string getUptaneKeyId() const { return uri_prefix_ + config_.uptane_key_id; }
58  std::string getTlsCacertId() const { return uri_prefix_ + config_.tls_cacert_id; }
59  std::string getTlsPkeyId() const { return uri_prefix_ + config_.tls_pkey_id; }
60  std::string getTlsCertId() const { return uri_prefix_ + config_.tls_clientcert_id; }
61  bool readUptanePublicKey(std::string *key_out);
62  bool readTlsCert(std::string *cert_out) const;
63  bool generateUptaneKeyPair();
64 
65  private:
66  const P11Config config_;
67  ENGINE *ssl_engine_{nullptr};
68  std::string uri_prefix_;
69  P11ContextWrapper ctx_;
70  P11SlotsWrapper slots_;
71 
72  static boost::filesystem::path findPkcsLibrary();
73  PKCS11_slot_st *findTokenSlot() const;
74 
75  explicit P11Engine(P11Config config);
76 
77  friend class P11EngineGuard;
78  FRIEND_TEST(crypto, findPkcsLibrary);
79 };
80 
81 class P11EngineGuard {
82  public:
83  explicit P11EngineGuard(const P11Config &config) {
84  if (instance == nullptr) {
85  instance = new P11Engine(config);
86  }
87  ++ref_counter;
88  };
89  ~P11EngineGuard() {
90  if (ref_counter != 0) {
91  --ref_counter;
92  }
93  if (ref_counter == 0) {
94  delete instance;
95  instance = nullptr;
96  }
97  }
98  P11Engine *operator->() const { return instance; }
99 
100  private:
101  static P11Engine *instance;
102  static int ref_counter;
103 };
104 
105 #endif
Generated by   doxygen 1.8.13