Interim commit for SSL/TLS support

CMakeLists.txt

@@ -55,6 +55,23 @@ externalproject_add(ngtcp2
     UPDATE_COMMAND ""
     DEPENDS nghttp3 wolfssl
 )
+externalproject_add(curl
+    GIT_REPOSITORY https://github.com/curl/curl
+    GIT_TAG curl-8_6_0
+    PREFIX ${CMAKE_BINARY_DIR}/curl
+    BUILD_IN_SOURCE 1
+    CONFIGURE_COMMAND autoreconf -i COMMAND <SOURCE_DIR>/configure PKG_CONFIG_PATH=${CMAKE_BINARY_DIR}/wolfssl/lib/pkgconfig --prefix=<INSTALL_DIR> --with-wolfssl --without-libpsl --disable-shared
+    BUILD_COMMAND make -j ${NPROC}
+    INSTALL_COMMAND make install
+    UPDATE_COMMAND ""
+    DEPENDS wolfssl
+)
+
+set(WOLFSSL_INCLUDE_DIR ${CMAKE_BINARY_DIR}/wolfssl/include)
+set(NGHTTP3_INCLUDE_DIR ${CMAKE_BINARY_DIR}/nghttp3/include)
+set(NGTCP2_INCLUDE_DIR ${CMAKE_BINARY_DIR}/ngtcp2/include)
+set(CURL_INCLUDE_DIR ${CMAKE_BINARY_DIR}/curl/include)
+set(CURL_LIB_DIR ${CMAKE_BINARY_DIR}/curl/lib)
 
 add_library(
   iggy
@@ -63,17 +80,26 @@ add_library(
   sdk/model.cc
   sdk/serialization.cc
   sdk/net/address.cc
-  sdk/net/protocol.cc
+  sdk/net/crypto.cc
   sdk/net/iggy.cc
+  sdk/net/protocol.cc
 )
 target_compile_features(iggy PRIVATE cxx_std_17)
-target_include_directories(iggy PRIVATE ${SODIUM_INCLUDE_DIR} ${ADA_INCLUDE_DIR})
+target_include_directories(iggy PRIVATE
+  ${SODIUM_INCLUDE_DIR}
+  ${ADA_INCLUDE_DIR}
+  ${WOLFSSL_INCLUDE_DIR}
+  ${NGHTTP3_INCLUDE_DIR}
+  ${NGTCP2_INCLUDE_DIR}
+  ${CURL_INCLUDE_DIR}
+)
 target_link_libraries(
   iggy PRIVATE
 
   ada::ada
   libuv::uv_a
   unofficial-sodium::sodium
+  ${CURL_LIB_DIR}/libcurl.a
 )
 
 # even though this is related to unit tests, to get a full report we need to ensure that

sdk/net/crypto.cc

@@ -0,0 +1,51 @@
+#include "crypto.h"
+#include "fmt/format.h"
+
+iggy::crypto::SSLContext::SSLContext() {
+    this->ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+    if (!this->ctx) {
+        std::string errMsg =
+            fmt::format("Failed to allocate WolfSSL TLS context: {}", wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr));
+        throw std::runtime_error(errMsg);
+    }
+}
+
+iggy::crypto::SSLContext::SSLContext(const SSLContext& other) {
+    this->ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+}
+
+iggy::crypto::SSLContext::SSLContext(SSLContext&& other) {
+    this->ctx = other.ctx;
+    other.ctx = nullptr;
+}
+
+iggy::crypto::SSLContext::~SSLContext() {
+    if (this->ctx) {
+        wolfSSL_CTX_free(this->ctx);
+    }
+}
+
+iggy::crypto::SSLContext& iggy::crypto::SSLContext::operator=(const iggy::crypto::SSLContext& other) {
+    if (this != &other) {
+        if (this->ctx) {
+            wolfSSL_CTX_free(this->ctx);
+        }
+        this->ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+    }
+    return *this;
+}
+
+iggy::crypto::SSLContext& iggy::crypto::SSLContext::operator=(SSLContext&& other) {
+    if (this != &other) {
+        if (this->ctx) {
+            wolfSSL_CTX_free(this->ctx);
+        }
+        this->ctx = other.ctx;
+        other.ctx = nullptr;
+    }
+    return *this;
+}
+
+void* iggy::crypto::SSLContext::getNativeHandle() const {
+    return nullptr;
+}

sdk/net/crypto.h

@@ -0,0 +1,89 @@
+#pragma once
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <filesystem>
+#include <optional>
+#include <string>
+#include <vector>
+#include "ada.h"
+
+namespace iggy {
+namespace crypto {
+
+enum CertificateFormat { PEM = 1, ASN1 = 2 };
+
+enum RevocationMethod { CRL = 1, OCSP = 2 };
+
+/**
+ * @brief A mechanism for loading public key certificates: from file; database; or a secret vault.
+ */
+class CertificateStore {
+private:
+    iggy::crypto::CertificateFormat certificateFormat = iggy::crypto::CertificateFormat::PEM;
+
+public:
+    virtual std::vector<uint8_t> getCertificate(std::string certPath) const = 0;
+    virtual std::vector<uint8_t> getCertificateVerificationChain() const = 0;
+};
+
+/**
+ * @brief A certificate store that loads certificates from the local filesystem.
+ */
+class LocalCertificateStore : CertificateStore {
+private:
+    std::optional<std::filesystem::path> caCertChainPath;
+};
+
+/**
+ * @brief A mechanism for loading private keys: from file; database; or a secret vault.
+ */
+class KeyStore {
+public:
+    virtual std::vector<uint8_t> getPrivateKey(std::string keyPath) const = 0;
+};
+
+/**
+ * @brief A key store that loads private key materials from the local filesystem.
+ */
+class LocalKeyStore : KeyStore {
+private:
+    std::optional<std::filesystem::path> privateKeyPath;
+};
+
+/**
+ * @brief Object for managing PKI certificates and revocation methods.
+ */
+class CertificateManager {
+private:
+    std::string myCertificatePath;
+    std::optional<std::string> trustedPeerCertificatePath;
+    std::optional<std::filesystem::path> crlPath;
+    std::optional<ada::url> crlUrl;
+    std::optional<ada::url> ocspUrl;
+};
+
+/**
+ * @brief An SSL/TLS context for use in secure communication.
+ */
+class SSLContext {
+private:
+    WOLFSSL_CTX* ctx;
+    iggy::crypto::CertificateManager certManager;
+    std::optional<std::vector<std::string>> ciphers;
+
+public:
+    SSLContext();
+    SSLContext(const SSLContext& other);
+    SSLContext(SSLContext&& other);
+    ~SSLContext();
+
+    SSLContext& operator=(const SSLContext& other);
+    SSLContext& operator=(SSLContext&& other);
+
+    /// @brief Gets access to the underlying C SSL context handle.
+    void* getNativeHandle() const;
+};
+
+};  // namespace crypto
+};  // namespace iggy

vcpkg.json

@@ -3,6 +3,7 @@
         "ada-url",
         "catch2",
         "icu",
+        "fmt",
         "libsodium",
         "libuv",
         "reproc",