1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef _DNS_DNSTLSSERVER_H
18#define _DNS_DNSTLSSERVER_H
19
20#include <set>
21#include <string>
22#include <vector>
23
24#include <netinet/in.h>
25
26namespace android {
27namespace net {
28
29// DnsTlsServer represents a recursive resolver that supports, or may support, a
30// secure protocol.
31struct DnsTlsServer {
32    // Default constructor.
33    DnsTlsServer() {}
34
35    // Allow sockaddr_storage to be promoted to DnsTlsServer automatically.
36    DnsTlsServer(const sockaddr_storage& ss) : ss(ss) {}
37
38    enum class Response : uint8_t { success, network_error, limit_error, internal_error };
39
40    struct Result {
41        Response code;
42        std::vector<uint8_t> response;
43    };
44
45    // The server location, including IP and port.
46    sockaddr_storage ss = {};
47
48    // A set of SHA256 public key fingerprints.  If this set is nonempty, the server
49    // must present a self-consistent certificate chain that contains a certificate
50    // whose public key matches one of these fingerprints.  Otherwise, the client will
51    // terminate the connection.
52    std::set<std::vector<uint8_t>> fingerprints;
53
54    // The server's hostname.  If this string is nonempty, the server must present a
55    // certificate that indicates this name and has a valid chain to a trusted root CA.
56    std::string name;
57
58    // Placeholder.  More protocols might be defined in the future.
59    int protocol = IPPROTO_TCP;
60
61    // Exact comparison of DnsTlsServer objects
62    bool operator <(const DnsTlsServer& other) const;
63    bool operator ==(const DnsTlsServer& other) const;
64
65    bool wasExplicitlyConfigured() const;
66};
67
68// This comparison only checks the IP address.  It ignores ports, names, and fingerprints.
69struct AddressComparator {
70    bool operator() (const DnsTlsServer& x, const DnsTlsServer& y) const;
71};
72
73}  // namespace net
74}  // namespace android
75
76#endif  // _DNS_DNSTLSSERVER_H
77