TLSSocket is a wrapper around Socket for interacting with TLS servers. More...
#include <TLSSocketWrapper.h>
Public Types |
Public Member Functions | |
TLSSocketWrapper (Socket *transport, const char *hostname=NULL, control_transport control=TRANSPORT_CONNECT_AND_CLOSE) | |
Create a TLSSocketWrapper. More... | |
~TLSSocketWrapper () override | |
Destroy a socket wrapper. More... | |
void | set_hostname (const char *hostname) |
Set hostname. More... | |
nsapi_error_t | set_root_ca_cert (const void *root_ca, size_t len) |
Sets the certification of Root CA. More... | |
nsapi_error_t | set_root_ca_cert (const char *root_ca_pem) |
Sets the certification of Root CA. More... | |
nsapi_error_t | set_client_cert_key (const void *client_cert, size_t client_cert_len, const void *client_private_key_pem, size_t client_private_key_len) |
Sets client certificate, and client private key. More... | |
nsapi_error_t | set_client_cert_key (const char *client_cert_pem, const char *client_private_key_pem) |
Sets client certificate, and client private key. More... | |
nsapi_error_t | send (const void *data, nsapi_size_t size) override |
Send data over a TLS socket. More... | |
nsapi_size_or_error_t | recv (void *data, nsapi_size_t size) override |
Receive data over a TLS socket. More... | |
nsapi_error_t | close () override |
Closes the socket. More... | |
nsapi_error_t | connect (const SocketAddress &address=SocketAddress()) override |
Connect the transport socket and start handshake. More... | |
nsapi_size_or_error_t | sendto (const SocketAddress &address, const void *data, nsapi_size_t size) override |
Send a message on a socket. More... | |
nsapi_size_or_error_t | recvfrom (SocketAddress *address, void *data, nsapi_size_t size) override |
Receive a data from a socket. More... | |
nsapi_size_or_error_t | sendto_control (const SocketAddress &address, const void *data, nsapi_size_t size, nsapi_msghdr_t *control, nsapi_size_t control_size) override |
Send a message on a socket. More... | |
nsapi_size_or_error_t | recvfrom_control (SocketAddress *address, void *data, nsapi_size_t size, nsapi_msghdr_t *control, nsapi_size_t control_size) override |
Receive a data from a socket. More... | |
nsapi_error_t | bind (const SocketAddress &address) override |
Bind a specific address to a socket. More... | |
void | set_blocking (bool blocking) override |
Set blocking or non-blocking mode of the socket. More... | |
void | set_timeout (int timeout) override |
Set timeout on blocking socket operations. More... | |
void | sigio (mbed::Callback< void()> func) override |
Register a callback on state change of the socket. More... | |
nsapi_error_t | setsockopt (int level, int optname, const void *optval, unsigned optlen) override |
Set socket options. More... | |
nsapi_error_t | getsockopt (int level, int optname, void *optval, unsigned *optlen) override |
Get socket options. More... | |
Socket * | accept (nsapi_error_t *error=NULL) override |
Accepts a connection on a socket. More... | |
nsapi_error_t | listen (int backlog=1) override |
Listen for incoming connections. More... | |
nsapi_error_t | getpeername (SocketAddress *address) override |
Get the remote-end peer associated with this socket. More... | |
mbedtls_x509_crt * | get_own_cert () |
Get own certificate directly from Mbed TLS. More... | |
int | set_own_cert (mbedtls_x509_crt *crt) |
Set own certificate directly to Mbed TLS. More... | |
mbedtls_x509_crt * | get_ca_chain () |
Get CA chain structure. More... | |
void | set_ca_chain (mbedtls_x509_crt *crt) |
Set CA chain directly to Mbed TLS. More... | |
mbedtls_ssl_config * | get_ssl_config () |
Get internal Mbed TLS configuration structure. More... | |
void | set_ssl_config (mbedtls_ssl_config *conf) |
Override Mbed TLS configuration. More... | |
mbedtls_ssl_context * | get_ssl_context () |
Get internal Mbed TLS context structure. More... | |
TLSSocket is a wrapper around Socket for interacting with TLS servers.
TLSSocketWrapper can use any Socket as a transport. After completing the TLS handshake, it can be used as any Socket would be used.
Definition at line 59 of file TLSSocketWrapper.h.
enum control_transport |
Transport modes.
Enumerator | |
---|---|
TRANSPORT_KEEP | |
TRANSPORT_CONNECT_AND_CLOSE | |
TRANSPORT_CONNECT |
Does call only connect() on transport socket. |
TRANSPORT_CLOSE |
Does call close() on transport socket. |
Definition at line 62 of file TLSSocketWrapper.h.
TLSSocketWrapper | ( | Socket * | transport, |
const char * | hostname = NULL , |
||
control_transport | control = TRANSPORT_CONNECT_AND_CLOSE |
||
) |
Create a TLSSocketWrapper.
transport | Underlying transport socket to wrap. |
hostname | Hostname of the remote host, used for certificate checking. |
control | Transport control mode. See control_transport. |
|
override |
Destroy a socket wrapper.
Closes socket wrapper if the socket wrapper is still open.
|
overridevirtual |
Accepts a connection on a socket.
The server socket must be bound and set to listen for connections. On a new connection, returns connected network socket to call close() that deallocates the resources. Referencing a returned pointer after a close() call is not allowed and leads to undefined behavior.
By default, accept blocks until incoming connection occurs. If socket is set to non-blocking or times out, error is set to NSAPI_ERROR_WOULD_BLOCK.
error | Pointer to storage of the error value or NULL. |
Implements Socket.
|
overridevirtual |
Bind a specific address to a socket.
Binding a socket specifies the address and port on which to receive data. If the IP address is zeroed, only the port is bound.
address | Local address to bind. |
Implements Socket.
|
overridevirtual |
Closes the socket.
Closes any open connection and deallocates any memory associated with the socket. Called from destructor if socket is not closed.
Implements Socket.
|
overridevirtual |
Connect the transport socket and start handshake.
See Socket::connect and start_handshake
Implements Socket.
mbedtls_x509_crt* get_ca_chain | ( | ) |
Get CA chain structure.
mbedtls_x509_crt* get_own_cert | ( | ) |
Get own certificate directly from Mbed TLS.
mbedtls_ssl_config* get_ssl_config | ( | ) |
Get internal Mbed TLS configuration structure.
mbedtls_ssl_context* get_ssl_context | ( | ) |
Get internal Mbed TLS context structure.
|
overridevirtual |
Get the remote-end peer associated with this socket.
Copy the remote peer address to a SocketAddress structure pointed by address parameter. Socket must be connected to have a peer address associated.
address | Pointer to SocketAddress structure. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_SOCKET | if socket is not connected. |
NSAPI_ERROR_NO_CONNECTION | if the remote peer was not set. |
Implements Socket.
|
overridevirtual |
Get socket options.
getsockopt() allows an application to retrieve stack-specific options from the underlying stack using stack-specific level and option names, or to request generic options using levels from nsapi_socket_level_t.
For unsupported options, NSAPI_ERROR_UNSUPPORTED is returned and the socket is unmodified.
level | Stack-specific protocol level or nsapi_socket_level_t. |
optname | Level-specific option name. |
optval | Destination for option value. |
optlen | Length of the option value. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_SOCKET | if socket is not open. |
int | Negative error code on failure, see NetworkStack::getsockopt. |
Implements Socket.
|
overridevirtual |
Listen for incoming connections.
Marks the socket as a passive socket that can be used to accept incoming connections.
backlog | Number of pending connections that can be queued simultaneously, defaults to 1. |
Implements Socket.
|
overridevirtual |
Receive data over a TLS socket.
The socket must be connected to a remote host. Returns the number of bytes received into the buffer.
data | Destination buffer for data received from the host. |
size | Size of the buffer in bytes. |
int | Number of sent bytes on success |
NSAPI_ERROR_NO_SOCKET | in case socket was not created correctly. |
NSAPI_ERROR_WOULD_BLOCK | in case non-blocking mode is enabled and send cannot be performed immediately. |
NSAPI_ERROR_DEVICE_ERROR | in case of tls-related errors. See mbedtls_ssl_read. |
Implements Socket.
|
overridevirtual |
Receive a data from a socket.
Receives a data and stores the source address in address if address is not NULL. Returns the number of bytes written into the buffer.
If socket is connected, only packets coming from connected peer address are accepted.
By default, recvfrom blocks until a datagram is received. If socket is set to non-blocking or times out with no data, NSAPI_ERROR_WOULD_BLOCK is returned.
address | Destination for the source address or NULL |
data | Destination buffer for datagram received from the host |
size | Size of the buffer in bytes |
Implements Socket.
|
overridevirtual |
Receive a data from a socket.
Receives a data and stores the source address in address if address is not NULL. Returns the number of bytes written into the buffer.
If socket is connected, only packets coming from connected peer address are accepted.
Additional information related to the message can be retrieved with the control data.
By default, recvfrom blocks until a datagram is received. If socket is set to non-blocking or times out with no data, NSAPI_ERROR_WOULD_BLOCK is returned.
address | Destination for the source address or NULL |
data | Destination buffer for datagram received from the host |
size | Size of the buffer in bytes |
Implements Socket.
|
overridevirtual |
Send data over a TLS socket.
The socket must be connected to a remote host. Returns the number of bytes sent from the buffer.
data | Buffer of data to send to the host. |
size | Size of the buffer in bytes. |
int | Number of sent bytes on success |
NSAPI_ERROR_NO_SOCKET | in case socket was not created correctly. |
NSAPI_ERROR_WOULD_BLOCK | in case non-blocking mode is enabled and send cannot be performed immediately. |
NSAPI_ERROR_DEVICE_ERROR | in case of tls-related errors. See mbedtls_ssl_write. |
Implements Socket.
|
overridevirtual |
Send a message on a socket.
The sendto() function sends a message through a connection-mode or connectionless-mode socket. If the socket is a connectionless-mode socket, the message is sent to the address specified. If the socket is a connected-mode socket, address is ignored.
By default, sendto blocks until data is sent. If socket is set to non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK is returned immediately.
address | Remote address |
data | Buffer of data to send to the host |
size | Size of the buffer in bytes |
Implements Socket.
|
overridevirtual |
Send a message on a socket.
The sendto_control() function sends a message through a connection-mode or connectionless-mode socket. If the socket is a connectionless-mode socket, the message is sent to the address specified. If the socket is a connected-mode socket, address is ignored.
Additional control information can be passed to the stack for specific operations.
By default, sendto blocks until data is sent. If socket is set to non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK is returned immediately.
address | Remote address |
data | Buffer of data to send to the host |
size | Size of the buffer in bytes |
Implements Socket.
|
overridevirtual |
Set blocking or non-blocking mode of the socket.
Initially all sockets are in blocking mode. In non-blocking mode blocking operations such as send/recv/accept return NSAPI_ERROR_WOULD_BLOCK if they cannot continue.
set_blocking(false) is equivalent to set_timeout(0) set_blocking(true) is equivalent to set_timeout(-1)
blocking | true for blocking mode, false for non-blocking mode. |
Implements Socket.
void set_ca_chain | ( | mbedtls_x509_crt * | crt | ) |
Set CA chain directly to Mbed TLS.
crt | Mbed TLS X509 certificate chain. |
nsapi_error_t set_client_cert_key | ( | const void * | client_cert, |
size_t | client_cert_len, | ||
const void * | client_private_key_pem, | ||
size_t | client_private_key_len | ||
) |
Sets client certificate, and client private key.
client_cert | Client certification in PEM or DER format. |
client_cert_len | Certificate size including the terminating null byte for PEM data. |
client_private_key_pem | Client private key in PEM or DER format. |
client_private_key_len | Key size including the terminating null byte for PEM data |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
nsapi_error_t set_client_cert_key | ( | const char * | client_cert_pem, |
const char * | client_private_key_pem | ||
) |
Sets client certificate, and client private key.
client_cert_pem | Client certification in PEM format. |
client_private_key_pem | Client private key in PEM format. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
void set_hostname | ( | const char * | hostname | ) |
Set hostname.
TLSSocket requires hostname used to verify the certificate. If hostname is not given in constructor, this function must be used before starting the TLS handshake.
hostname | Hostname of the remote host, used for certificate checking. |
int set_own_cert | ( | mbedtls_x509_crt * | crt | ) |
Set own certificate directly to Mbed TLS.
crt | Mbed TLS X509 certificate chain. |
nsapi_error_t set_root_ca_cert | ( | const void * | root_ca, |
size_t | len | ||
) |
Sets the certification of Root CA.
root_ca | Root CA Certificate in any Mbed TLS-supported format. |
len | Length of certificate (including terminating 0 for PEM). |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
nsapi_error_t set_root_ca_cert | ( | const char * | root_ca_pem | ) |
Sets the certification of Root CA.
root_ca_pem | Root CA Certificate in PEM format. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
void set_ssl_config | ( | mbedtls_ssl_config * | conf | ) |
Override Mbed TLS configuration.
conf | Mbed TLS SSL configuration structure. |
|
overridevirtual |
Set timeout on blocking socket operations.
Initially all sockets have unbounded timeouts. NSAPI_ERROR_WOULD_BLOCK is returned if a blocking operation takes longer than the specified timeout. A timeout of 0 removes the timeout from the socket. A negative value gives the socket an unbounded timeout.
set_timeout(0) is equivalent to set_blocking(false) set_timeout(-1) is equivalent to set_blocking(true)
timeout | Timeout in milliseconds |
Implements Socket.
|
overridevirtual |
Set socket options.
setsockopt() allows an application to pass stack-specific options to the underlying stack using stack-specific level and option names, or to request generic options using levels from nsapi_socket_level_t.
For unsupported options, NSAPI_ERROR_UNSUPPORTED is returned and the socket is unmodified.
level | Stack-specific protocol level or nsapi_socket_level_t. |
optname | Level-specific option name. |
optval | Option value. |
optlen | Length of the option value. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_SOCKET | if socket is not open. |
int | Negative error code on failure, see NetworkStack::setsockopt. |
Implements Socket.
|
overridevirtual |
Register a callback on state change of the socket.
The specified callback is called on state changes, such as when the socket can receive/send/accept successfully and when an error occurs. The callback may also be called spuriously without reason.
The callback may be called in an interrupt context and should not perform expensive operations such as receive/send calls.
Note! This is not intended as a replacement for a poll or attach-like asynchronous API, but rather as a building block for constructing such functionality. The exact timing of the registered function is not guaranteed and susceptible to change.
func | Function to call on state change. |
Implements Socket.