network_system/ssl_8cppm_source.html

// BSD 3-Clause License

// Copyright (c) 2025, 🍀☀🌕🌥 🌊

// See the LICENSE file in the project root for full license information.


module;


// =============================================================================

// Global Module Fragment - Standard Library Headers

// =============================================================================

#include <atomic>

#include <chrono>

#include <filesystem>

#include <functional>

#include <memory>

#include <mutex>

#include <optional>

#include <span>

#include <string>

#include <string_view>

#include <vector>


// Third-party headers

#include <asio.hpp>

#include <asio/ssl.hpp>


export module kcenon.network:ssl;


import :core;


// =============================================================================

// SSL Configuration Types

// =============================================================================


export namespace kcenon::network::core {


enum class ssl_protocol {

    tls_1_2,

    tls_1_3,

    dtls_1_2,

    dtls_1_3

};


enum class ssl_verify_mode {

    none,

    peer,

    fail_if_no_peer_cert,

    client_once

};


struct ssl_config {

    std::filesystem::path certificate_path;


    std::filesystem::path private_key_path;


    std::filesystem::path ca_certificate_path;


    std::string private_key_password;


    ssl_protocol protocol = ssl_protocol::tls_1_3;


    ssl_verify_mode verify_mode = ssl_verify_mode::peer;


    std::string server_name;


    std::string cipher_list;


    bool enable_session_resumption = true;


    bool enable_ocsp_stapling = false;

};


// =============================================================================

// Secure TCP Client

// =============================================================================


class secure_messaging_client {

public:

    explicit secure_messaging_client(std::string_view client_id, const ssl_config& config = {});


    virtual ~secure_messaging_client() noexcept;


    // Non-copyable, movable

    secure_messaging_client(const secure_messaging_client&) = delete;

    secure_messaging_client& operator=(const secure_messaging_client&) = delete;

    secure_messaging_client(secure_messaging_client&&) noexcept;

    secure_messaging_client& operator=(secure_messaging_client&&) noexcept;


    bool start_client(std::string_view host, uint16_t port);


    void stop_client();


    bool wait_for_stop(std::chrono::milliseconds timeout = std::chrono::milliseconds(5000));


    bool send_packet(std::span<const uint8_t> data);


    bool send_packet(std::string_view data);


    bool is_connected() const noexcept;


    bool is_running() const noexcept;


    connection_state get_state() const noexcept;


    std::string_view client_id() const noexcept;


    void set_connection_callback(connection_callback callback);


    void set_disconnection_callback(disconnection_callback callback);


    void set_error_callback(error_callback callback);


    void set_data_callback(data_callback callback);


    std::optional<std::string> get_peer_certificate_subject() const;


    std::string get_protocol_version() const;


    std::string get_cipher_suite() const;


private:

    struct impl;

    std::unique_ptr<impl> pimpl_;

};


// =============================================================================

// Secure TCP Server

// =============================================================================


class secure_messaging_server {

public:

    using client_connected_callback = std::function<void(const std::string& session_id)>;


    using client_disconnected_callback = std::function<void(const std::string& session_id)>;


    using client_data_callback = std::function<void(

        const std::string& session_id,

        std::span<const uint8_t> data)>;


    explicit secure_messaging_server(std::string_view server_id, const ssl_config& config);


    virtual ~secure_messaging_server() noexcept;


    // Non-copyable, movable

    secure_messaging_server(const secure_messaging_server&) = delete;

    secure_messaging_server& operator=(const secure_messaging_server&) = delete;

    secure_messaging_server(secure_messaging_server&&) noexcept;

    secure_messaging_server& operator=(secure_messaging_server&&) noexcept;


    bool start_server(uint16_t port, int backlog = 128);


    bool start_server(std::string_view address, uint16_t port, int backlog = 128);


    void stop_server();


    bool wait_for_stop(std::chrono::milliseconds timeout = std::chrono::milliseconds(5000));


    bool send_to(std::string_view session_id, std::span<const uint8_t> data);


    void broadcast(std::span<const uint8_t> data);


    void disconnect(std::string_view session_id);


    bool is_running() const noexcept;


    size_t client_count() const noexcept;


    std::string_view server_id() const noexcept;


    void set_client_connected_callback(client_connected_callback callback);


    void set_client_disconnected_callback(client_disconnected_callback callback);


    void set_client_data_callback(client_data_callback callback);


    void set_error_callback(error_callback callback);


    std::optional<std::string> get_peer_certificate_subject(std::string_view session_id) const;


private:

    struct impl;

    std::unique_ptr<impl> pimpl_;

};


// =============================================================================

// Secure UDP Client (DTLS)

// =============================================================================


class secure_messaging_udp_client {

public:

    explicit secure_messaging_udp_client(std::string_view client_id, const ssl_config& config = {});


    virtual ~secure_messaging_udp_client() noexcept;


    // Non-copyable, movable

    secure_messaging_udp_client(const secure_messaging_udp_client&) = delete;

    secure_messaging_udp_client& operator=(const secure_messaging_udp_client&) = delete;

    secure_messaging_udp_client(secure_messaging_udp_client&&) noexcept;

    secure_messaging_udp_client& operator=(secure_messaging_udp_client&&) noexcept;


    bool start_client(std::string_view remote_host, uint16_t remote_port);


    void stop_client();


    bool send_packet(std::span<const uint8_t> data);


    bool is_connected() const noexcept;


    bool is_running() const noexcept;


    std::string_view client_id() const noexcept;


    void set_connection_callback(connection_callback callback);


    void set_disconnection_callback(disconnection_callback callback);


    void set_data_callback(data_callback callback);


    void set_error_callback(error_callback callback);


private:

    struct impl;

    std::unique_ptr<impl> pimpl_;

};


// =============================================================================

// Secure UDP Server (DTLS)

// =============================================================================


class secure_messaging_udp_server {

public:

    using dtls_data_callback = std::function<void(

        const std::string& session_id,

        std::span<const uint8_t> data)>;


    explicit secure_messaging_udp_server(std::string_view server_id, const ssl_config& config);


    virtual ~secure_messaging_udp_server() noexcept;


    // Non-copyable, movable

    secure_messaging_udp_server(const secure_messaging_udp_server&) = delete;

    secure_messaging_udp_server& operator=(const secure_messaging_udp_server&) = delete;

    secure_messaging_udp_server(secure_messaging_udp_server&&) noexcept;

    secure_messaging_udp_server& operator=(secure_messaging_udp_server&&) noexcept;


    bool start_server(uint16_t port);


    bool start_server(std::string_view address, uint16_t port);


    void stop_server();


    bool send_to(std::string_view session_id, std::span<const uint8_t> data);


    bool is_running() const noexcept;


    size_t session_count() const noexcept;


    std::string_view server_id() const noexcept;


    void set_session_connected_callback(std::function<void(const std::string&)> callback);


    void set_session_disconnected_callback(std::function<void(const std::string&)> callback);


    void set_data_callback(dtls_data_callback callback);


    void set_error_callback(error_callback callback);


private:

    struct impl;

    std::unique_ptr<impl> pimpl_;

};


} // namespace kcenon::network::core

kcenon::network::core::secure_messaging_client
A secure client for establishing TLS/SSL encrypted TCP connections to a server.
Definition ssl.cppm:144

kcenon::network::core::secure_messaging_client::send_packet
auto send_packet(std::vector< uint8_t > &&data) -> VoidResult
Sends data to the connected server.
Definition secure_messaging_client.cpp:151

kcenon::network::core::secure_messaging_client::client_id
auto client_id() const -> const std::string &
Returns the client identifier.
Definition secure_messaging_client.cpp:143

kcenon::network::core::secure_messaging_client::get_state
connection_state get_state() const noexcept
Get the current connection state.

kcenon::network::core::secure_messaging_client::stop_client
auto stop_client() -> VoidResult
Stops the client and disconnects from the server.
Definition secure_messaging_client.cpp:108

kcenon::network::core::secure_messaging_client::get_cipher_suite
std::string get_cipher_suite() const
Get the negotiated cipher suite.

kcenon::network::core::secure_messaging_client::wait_for_stop
auto wait_for_stop() -> void
Blocks until stop_client() is called.
Definition secure_messaging_client.cpp:131

kcenon::network::core::secure_messaging_client::set_disconnection_callback
void set_disconnection_callback(disconnection_callback callback)
Set disconnection callback.

kcenon::network::core::secure_messaging_client::set_connection_callback
void set_connection_callback(connection_callback callback)
Set connection callback (called after TLS handshake)

kcenon::network::core::secure_messaging_client::secure_messaging_client
secure_messaging_client(std::string_view client_id, const ssl_config &config={})
Construct a secure client with SSL configuration.

kcenon::network::core::secure_messaging_client::is_running
auto is_running() const noexcept -> bool
Checks if the client is currently running.
Definition secure_messaging_client.cpp:135

kcenon::network::core::secure_messaging_client::get_protocol_version
std::string get_protocol_version() const
Get the negotiated TLS protocol version.

kcenon::network::core::secure_messaging_client::set_error_callback
auto set_error_callback(error_callback_t callback) -> void
Sets the callback for errors.
Definition secure_messaging_client.cpp:185

kcenon::network::core::secure_messaging_client::~secure_messaging_client
virtual ~secure_messaging_client() noexcept
Destructor.

kcenon::network::core::secure_messaging_client::start_client
auto start_client(std::string_view host, unsigned short port) -> VoidResult
Starts the client and connects to the specified host and port.
Definition secure_messaging_client.cpp:74

kcenon::network::core::secure_messaging_client::set_data_callback
void set_data_callback(data_callback callback)
Set data received callback.

kcenon::network::core::secure_messaging_client::is_connected
auto is_connected() const noexcept -> bool
Checks if the client is connected to the server.
Definition secure_messaging_client.cpp:139

kcenon::network::core::secure_messaging_client::get_peer_certificate_subject
std::optional< std::string > get_peer_certificate_subject() const
Get peer certificate information.

kcenon::network::core::secure_messaging_client::pimpl_
std::unique_ptr< impl > pimpl_
Definition ssl.cppm:266

kcenon::network::core::secure_messaging_server
A secure server class that manages incoming TLS/SSL encrypted TCP connections, creating secure_sessio...
Definition ssl.cppm:302

kcenon::network::core::secure_messaging_server::secure_messaging_server
secure_messaging_server(std::string_view server_id, const ssl_config &config)
Construct a secure server with SSL configuration.

kcenon::network::core::secure_messaging_server::client_disconnected_callback
std::function< void(const std::string &session_id)> client_disconnected_callback
Callback type for client disconnection events.
Definition ssl.cppm:312

kcenon::network::core::secure_messaging_server::client_data_callback
std::function< void( const std::string &session_id, std::span< const uint8_t > data)> client_data_callback
Callback type for client data events.
Definition ssl.cppm:317

kcenon::network::core::secure_messaging_server::client_connected_callback
std::function< void(const std::string &session_id)> client_connected_callback
Callback type for secure client connection events.
Definition ssl.cppm:307

kcenon::network::core::secure_messaging_server::~secure_messaging_server
virtual ~secure_messaging_server() noexcept
Destructor.

kcenon::network::core::secure_messaging_udp_client
A secure UDP client using DTLS (Datagram TLS) for encrypted communication.
Definition ssl.cppm:471

kcenon::network::core::secure_messaging_udp_client::~secure_messaging_udp_client
virtual ~secure_messaging_udp_client() noexcept
Destructor.

kcenon::network::core::secure_messaging_udp_client::secure_messaging_udp_client
secure_messaging_udp_client(std::string_view client_id, const ssl_config &config={})
Construct a secure UDP client with DTLS configuration.

kcenon::network::core::secure_messaging_udp_server
A secure UDP server using DTLS (Datagram TLS) for encrypted communication.
Definition ssl.cppm:583

kcenon::network::core::secure_messaging_udp_server::secure_messaging_udp_server
secure_messaging_udp_server(std::string_view server_id, const ssl_config &config)
Construct a secure UDP server with DTLS configuration.

kcenon::network::core::secure_messaging_udp_server::dtls_data_callback
std::function< void( const std::string &session_id, std::span< const uint8_t > data)> dtls_data_callback
Callback type for DTLS data reception.
Definition ssl.cppm:588

kcenon::network::core::secure_messaging_udp_server::~secure_messaging_udp_server
virtual ~secure_messaging_udp_server() noexcept
Destructor.

kcenon.network

kcenon::network::core
Definition tcp_facade.h:33

kcenon::network::core::ssl_protocol
ssl_protocol
SSL/TLS protocol version enumeration.
Definition ssl.cppm:59

kcenon::network::core::ssl_protocol::tls_1_2
@ tls_1_2
TLS 1.2.

kcenon::network::core::ssl_protocol::dtls_1_2
@ dtls_1_2
DTLS 1.2 for UDP.

kcenon::network::core::ssl_protocol::dtls_1_3
@ dtls_1_3
DTLS 1.3 for UDP.

kcenon::network::core::ssl_protocol::tls_1_3
@ tls_1_3
TLS 1.3 (recommended)

kcenon::network::core::disconnection_callback
std::function< void()> disconnection_callback
Definition core.cppm:411

kcenon::network::core::connection_callback
std::function< void()> connection_callback
Callback type aliases for messaging.
Definition core.cppm:410

kcenon::network::core::ssl_verify_mode
ssl_verify_mode
SSL verification mode.
Definition ssl.cppm:69

kcenon::network::core::ssl_verify_mode::none
@ none
No verification.

kcenon::network::core::ssl_verify_mode::client_once
@ client_once
Request client certificate once.

kcenon::network::core::ssl_verify_mode::fail_if_no_peer_cert
@ fail_if_no_peer_cert
Fail if no peer certificate.

kcenon::network::core::ssl_verify_mode::peer
@ peer
Verify peer certificate.

kcenon::network::core::error_callback
std::function< void(const std::string &)> error_callback
Definition core.cppm:412

kcenon::network::core::connection_state
connection_state
Connection state enumeration.
Definition core.cppm:385

kcenon::network::core::data_callback
std::function< void(std::span< const uint8_t >)> data_callback
Definition core.cppm:413

kcenon::network::core::ssl_config
SSL/TLS configuration structure.
Definition ssl.cppm:79

kcenon::network::core::ssl_config::verify_mode
ssl_verify_mode verify_mode
Verification mode.
Definition ssl.cppm:96

kcenon::network::core::ssl_config::private_key_path
std::filesystem::path private_key_path
Path to private key file (PEM format)
Definition ssl.cppm:84

kcenon::network::core::ssl_config::server_name
std::string server_name
Server name for SNI (Server Name Indication)
Definition ssl.cppm:99

kcenon::network::core::ssl_config::enable_ocsp_stapling
bool enable_ocsp_stapling
Enable OCSP stapling.
Definition ssl.cppm:108

kcenon::network::core::ssl_config::enable_session_resumption
bool enable_session_resumption
Enable session resumption.
Definition ssl.cppm:105

kcenon::network::core::ssl_config::certificate_path
std::filesystem::path certificate_path
Path to certificate file (PEM format)
Definition ssl.cppm:81

kcenon::network::core::ssl_config::cipher_list
std::string cipher_list
Cipher list (OpenSSL format, empty for default)
Definition ssl.cppm:102

kcenon::network::core::ssl_config::protocol
ssl_protocol protocol
SSL protocol version.
Definition ssl.cppm:93

kcenon::network::core::ssl_config::private_key_password
std::string private_key_password
Password for encrypted private key (empty if not encrypted)
Definition ssl.cppm:90

kcenon::network::core::ssl_config::ca_certificate_path
std::filesystem::path ca_certificate_path
Path to CA certificate file for verification (PEM format)
Definition ssl.cppm:87