Qpid Proton C++ API  0.32.0
ssl.hpp
Go to the documentation of this file.
1 #ifndef PROTON_SSL_HPP
2 #define PROTON_SSL_HPP
3 
4 /*
5  *
6  * Licensed to the Apache Software Foundation (ASF) under one
7  * or more contributor license agreements. See the NOTICE file
8  * distributed with this work for additional information
9  * regarding copyright ownership. The ASF licenses this file
10  * to you under the Apache License, Version 2.0 (the
11  * "License"); you may not use this file except in compliance
12  * with the License. You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing,
17  * software distributed under the License is distributed on an
18  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19  * KIND, either express or implied. See the License for the
20  * specific language governing permissions and limitations
21  * under the License.
22  *
23  */
24 
25 #include "./internal/export.hpp"
26 #include "./internal/config.hpp"
27 
28 #include <proton/ssl.h>
29 
30 #include <string>
31 
34 
35 namespace proton {
36 
38 class ssl {
40  ssl(pn_ssl_t* s) : object_(s) {}
42 
43 #if PN_CPP_HAS_DELETED_FUNCTIONS
44  ssl() = delete;
45 #else
46  ssl();
47 #endif
48 
49  public:
51  enum verify_mode {
53  VERIFY_PEER = PN_SSL_VERIFY_PEER,
55  ANONYMOUS_PEER = PN_SSL_ANONYMOUS_PEER,
57  VERIFY_PEER_NAME = PN_SSL_VERIFY_PEER_NAME
58  };
59 
61  enum resume_status {
62  UNKNOWN = PN_SSL_RESUME_UNKNOWN,
63  NEW = PN_SSL_RESUME_NEW,
64  REUSED = PN_SSL_RESUME_REUSED
65  };
66 
68 
71  PN_CPP_EXTERN std::string cipher() const;
72 
75  PN_CPP_EXTERN std::string protocol() const;
76 
78  PN_CPP_EXTERN int ssf() const;
79 
81  PN_CPP_EXTERN std::string remote_subject() const;
82 
84  PN_CPP_EXTERN void resume_session_id(const std::string& session_id);
85 
86  PN_CPP_EXTERN enum resume_status resume_status() const;
87 
89 
90  private:
91  pn_ssl_t* const object_;
92 
94  friend class transport;
96 };
97 
99 class ssl_certificate {
100  public:
102  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main);
103 
104  // XXX Document the following constructors
105 
107  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra);
108 
110  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra, const std::string &passwd);
112 
113  private:
114  std::string certdb_main_;
115  std::string certdb_extra_;
116  std::string passwd_;
117  bool pw_set_;
118 
120  friend class ssl_client_options;
121  friend class ssl_server_options;
123 };
124 
125 
126 
128 class ssl_server_options {
129  public:
132  PN_CPP_EXTERN ssl_server_options(const ssl_certificate &cert);
133 
136  PN_CPP_EXTERN ssl_server_options(const ssl_certificate &cert, const std::string &trust_db,
137  const std::string &advertise_db = std::string(),
138  enum ssl::verify_mode mode = ssl::VERIFY_PEER);
139 
142  PN_CPP_EXTERN ssl_server_options();
143 
144  PN_CPP_EXTERN ~ssl_server_options();
145  PN_CPP_EXTERN ssl_server_options(const ssl_server_options&);
146  PN_CPP_EXTERN ssl_server_options& operator=(const ssl_server_options&);
147 
148  private:
149  class impl;
150  impl* impl_;
151 
153  friend class connection_options;
155 };
156 
158 class ssl_client_options {
159  public:
161  PN_CPP_EXTERN ssl_client_options();
162 
164  PN_CPP_EXTERN ssl_client_options(enum ssl::verify_mode);
165 
167  PN_CPP_EXTERN ssl_client_options(const std::string &trust_db,
168  enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);
169 
171  PN_CPP_EXTERN ssl_client_options(const ssl_certificate&, const std::string &trust_db,
172  enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);
173 
174  PN_CPP_EXTERN ~ssl_client_options();
175  PN_CPP_EXTERN ssl_client_options(const ssl_client_options&);
176  PN_CPP_EXTERN ssl_client_options& operator=(const ssl_client_options&);
177 
178  private:
179  class impl;
180  impl* impl_;
181 
183  friend class connection_options;
185 };
186 
187 } // proton
188 
189 #endif // PROTON_SSL_HPP
proton::ssl::verify_mode
verify_mode
Determines the level of peer validation.
Definition: ssl.hpp:51
proton::ssl::VERIFY_PEER_NAME
@ VERIFY_PEER_NAME
Require valid certificate and matching name.
Definition: ssl.hpp:57
proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra)
Create an SSL certificate.
proton::ssl
SSL information.
Definition: ssl.hpp:38
proton::ssl_client_options
Unsettled API - SSL configuration for outbound connections.
Definition: ssl.hpp:158
proton::ssl::ANONYMOUS_PEER
@ ANONYMOUS_PEER
Do not require a certificate or cipher authorization.
Definition: ssl.hpp:55
proton::ssl::NEW
@ NEW
Session renegotiated, not resumed.
Definition: ssl.hpp:63
proton::ssl_client_options::ssl_client_options
ssl_client_options(const std::string &trust_db, enum ssl::verify_mode=ssl::VERIFY_PEER_NAME)
Create SSL client specifying the certificate trust database.
proton::ssl_certificate
Unsettled API - An SSL certificate.
Definition: ssl.hpp:99
proton::connection_options
Options for creating a connection.
Definition: connection_options.hpp:67
proton::ssl_server_options::ssl_server_options
ssl_server_options()
Server SSL options restricted to available anonymous cipher suites on the platform.
proton::ssl::REUSED
@ REUSED
Session resumed from previous session.
Definition: ssl.hpp:64
proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main)
Create an SSL certificate.
proton::ssl::VERIFY_PEER
@ VERIFY_PEER
Require peer to provide a valid identifying certificate.
Definition: ssl.hpp:53
proton::ssl_client_options::ssl_client_options
ssl_client_options(const ssl_certificate &, const std::string &trust_db, enum ssl::verify_mode=ssl::VERIFY_PEER_NAME)
Create SSL client with a client certificate.
proton::ssl_server_options::ssl_server_options
ssl_server_options(const ssl_certificate &cert)
Server SSL options based on the supplied X.509 certificate specifier.
proton::ssl_client_options::ssl_client_options
ssl_client_options(enum ssl::verify_mode)
Create SSL client with unusual verification policy (but default certificate trust database)
proton::ssl_client_options::ssl_client_options
ssl_client_options()
Create SSL client with defaults (use system certificate trust database and require name verification)
proton::transport
A network channel supporting an AMQP connection.
Definition: transport.hpp:37
proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra, const std::string &passwd)
Create an SSL certificate.
proton
The main Proton namespace.
Definition: annotation_key.hpp:33
proton::ssl::resume_status
resume_status
Outcome specifier for an attempted session resume.
Definition: ssl.hpp:61
proton::ssl_server_options::ssl_server_options
ssl_server_options(const ssl_certificate &cert, const std::string &trust_db, const std::string &advertise_db=std::string(), enum ssl::verify_mode mode=ssl::VERIFY_PEER)
Server SSL options requiring connecting clients to provide a client certificate.
proton::ssl::UNKNOWN
@ UNKNOWN
Session resume state unknown or not supported.
Definition: ssl.hpp:62
proton::ssl_server_options
Unsettled API - SSL configuration for inbound connections.
Definition: ssl.hpp:128