Supporting multiple implementations...
Supporting multiple implementations...
So in my AsyncIO library I'm planning on adding support for multiple TLS implementations (mbedTLS and SChannel to begin with, and possibly OpenSSL). So slightly simplified I will have two interfaces:
- TLS configuration, which includes cipher settings and such
- TLS context used for the actual communication.
The various implementations would then provide some way to instantiate implementations of these interfaces.
Of course there's nothing preventing a user from including two providers, and pass a TLS configuration from provider X when instantiating a TLS context from provider Y. This would not work in practice, because the implementations would rely on storing the certificate chains in a structure suited for that implementation. For example, the mbedTLS config object is opaque to me, I just create it and set its properties. I then pass this opaque handle when creating a mbedTLS context.
So the way I'm currently implementing this is that each public interface has a corresponding private interface, ie the mbedTLS implementation has a corresponding ImbedTLSConfig for the public ITLSConfig interface. This private interface exposes the opaque mbedTLS config handle. In my functions I then use "as" to get this private interface and use that.
If the user tries to pass an SChannel config when creating an mbedTLS contex, the "as" would then bomb.
Is this the proper and preferred way to handle this scenario, or is there a better way that I'm missing (or have forgotten)?
edit: altered example to be more realistic
So in my AsyncIO library I'm planning on adding support for multiple TLS implementations (mbedTLS and SChannel to begin with, and possibly OpenSSL). So slightly simplified I will have two interfaces:
- TLS configuration, which includes cipher settings and such
- TLS context used for the actual communication.
The various implementations would then provide some way to instantiate implementations of these interfaces.
Of course there's nothing preventing a user from including two providers, and pass a TLS configuration from provider X when instantiating a TLS context from provider Y. This would not work in practice, because the implementations would rely on storing the certificate chains in a structure suited for that implementation. For example, the mbedTLS config object is opaque to me, I just create it and set its properties. I then pass this opaque handle when creating a mbedTLS context.
So the way I'm currently implementing this is that each public interface has a corresponding private interface, ie the mbedTLS implementation has a corresponding ImbedTLSConfig for the public ITLSConfig interface. This private interface exposes the opaque mbedTLS config handle. In my functions I then use "as" to get this private interface and use that.
If the user tries to pass an SChannel config when creating an mbedTLS contex, the "as" would then bomb.
Is this the proper and preferred way to handle this scenario, or is there a better way that I'm missing (or have forgotten)?
edit: altered example to be more realistic
Comments
Post a Comment