Qpid Proton C++  0.12.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Pages
ssl.hpp
1 #ifndef PROTON_CPP_SSL_H
2 #define PROTON_CPP_SSL_H
3 
4 /*
5  *
6  * Licensed to the Apache Software Foundation (ASF) under one
7  * or more contributor license agreements. See the NOTICE file
8  * distributed with this work for additional information
9  * regarding copyright ownership. The ASF licenses this file
10  * to you under the Apache License, Version 2.0 (the
11  * "License"); you may not use this file except in compliance
12  * with the License. You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing,
17  * software distributed under the License is distributed on an
18  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19  * KIND, either express or implied. See the License for the
20  * specific language governing permissions and limitations
21  * under the License.
22  *
23  */
24 
25 #include "proton/export.hpp"
26 
27 #include "proton/ssl.h"
28 #include <string>
29 
30 namespace proton {
31 
32 class connection_options;
33 
35 class ssl {
36  public:
38  enum verify_mode {
40  VERIFY_PEER = PN_SSL_VERIFY_PEER,
42  ANONYMOUS_PEER = PN_SSL_ANONYMOUS_PEER,
44  VERIFY_PEER_NAME = PN_SSL_VERIFY_PEER_NAME
45  };
46 
49  UNKNOWN = PN_SSL_RESUME_UNKNOWN,
50  NEW = PN_SSL_RESUME_NEW,
51  REUSED = PN_SSL_RESUME_REUSED
52  };
53 
55  ssl(pn_ssl_t* s) : object_(s) {}
57 
59 
62  PN_CPP_EXTERN std::string cipher() const;
63 
66  PN_CPP_EXTERN std::string protocol() const;
67 
69  PN_CPP_EXTERN int ssf() const;
70 
72  PN_CPP_EXTERN void peer_hostname(const std::string &);
73  PN_CPP_EXTERN std::string peer_hostname() const;
74 
76  PN_CPP_EXTERN std::string remote_subject() const;
77 
79  PN_CPP_EXTERN void resume_session_id(const std::string& session_id);
80 
81  PN_CPP_EXTERN enum resume_status resume_status() const;
82 
84 
85  private:
86  pn_ssl_t* object_;
87 };
88 
89 class ssl_certificate {
90  public:
92  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra = std::string());
93 
98  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra, const std::string &passwd);
99 
100  private:
101  std::string certdb_main_;
102  std::string certdb_extra_;
103  std::string passwd_;
104  bool pw_set_;
105 
107  friend class ssl_client_options;
108  friend class ssl_server_options;
110 };
111 
112 class ssl_domain_impl;
113 
114 namespace internal {
115 
116 // Base class for SSL configuration
117 class ssl_domain {
118  public:
119  PN_CPP_EXTERN ssl_domain(const ssl_domain&);
120  PN_CPP_EXTERN ssl_domain& operator=(const ssl_domain&);
121  PN_CPP_EXTERN ~ssl_domain();
122 
123  protected:
124  ssl_domain(bool is_server);
125  pn_ssl_domain_t *pn_domain();
126 
127  private:
128  ssl_domain_impl *impl_;
129 };
130 
131 }
132 
134 class ssl_server_options : private internal::ssl_domain {
135  public:
138  PN_CPP_EXTERN ssl_server_options(ssl_certificate &cert);
139 
142  PN_CPP_EXTERN ssl_server_options(ssl_certificate &cert, const std::string &trust_db,
143  const std::string &advertise_db = std::string(),
144  enum ssl::verify_mode mode = ssl::VERIFY_PEER);
145 
148  PN_CPP_EXTERN ssl_server_options();
149 
150  private:
151  // Bring pn_domain into scope and allow connection_options to use
152  // it.
153  using internal::ssl_domain::pn_domain;
154 
156  friend class connection_options;
158 };
159 
161 class ssl_client_options : private internal::ssl_domain {
162  public:
164  PN_CPP_EXTERN ssl_client_options(const std::string &trust_db,
166 
171  PN_CPP_EXTERN ssl_client_options(ssl_certificate&, const std::string &trust_db,
173 
176  PN_CPP_EXTERN ssl_client_options();
177 
178  private:
179  // Bring pn_domain into scope and allow connection_options to use
180  // it.
181  using internal::ssl_domain::pn_domain;
182 
184  friend class connection_options;
186 };
187 
188 }
189 
190 #endif // PROTON_CPP_SSL_H
ssl_server_options()
Server SSL options restricted to available anonymous cipher suites on the platform.
SSL configuration for inbound connections.
Definition: ssl.hpp:134
SSL information.
Definition: ssl.hpp:35
Require valid certificate and matching name.
Definition: ssl.hpp:44
Session resume state unknown or not supported.
Definition: ssl.hpp:49
Options for creating a connection.
Definition: connection_options.hpp:60
SSL configuration for outbound connections.
Definition: ssl.hpp:161
resume_status
Outcome specifier for an attempted session resume.
Definition: ssl.hpp:48
ssl_client_options()
Server SSL options restricted to available anonymous cipher suites on the platform.
verify_mode
Determines the level of peer validation.
Definition: ssl.hpp:38
Do not require a certificate or cipher authorization.
Definition: ssl.hpp:42
Require peer to provide a valid identifying certificate.
Definition: ssl.hpp:40
Session renegotiated, not resumed.
Definition: ssl.hpp:50
Session resumed from previous session.
Definition: ssl.hpp:51