Qpid Proton C++ API  0.18.1
ssl.hpp
Go to the documentation of this file.
1 #ifndef PROTON_SSL_HPP
2 #define PROTON_SSL_HPP
3 
4 /*
5  *
6  * Licensed to the Apache Software Foundation (ASF) under one
7  * or more contributor license agreements. See the NOTICE file
8  * distributed with this work for additional information
9  * regarding copyright ownership. The ASF licenses this file
10  * to you under the Apache License, Version 2.0 (the
11  * "License"); you may not use this file except in compliance
12  * with the License. You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing,
17  * software distributed under the License is distributed on an
18  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19  * KIND, either express or implied. See the License for the
20  * specific language governing permissions and limitations
21  * under the License.
22  *
23  */
24 
25 #include "./internal/export.hpp"
26 #include "./internal/config.hpp"
27 
28 
29 #include <proton/ssl.h>
30 
31 #include <string>
32 
35 
36 namespace proton {
37 
39 class ssl {
41  ssl(pn_ssl_t* s) : object_(s) {}
43 
44 #if PN_CPP_HAS_DELETED_FUNCTIONS
45  ssl() = delete;
46 #else
47  ssl();
48 #endif
49 
50  public:
52  enum verify_mode {
54  VERIFY_PEER = PN_SSL_VERIFY_PEER,
56  ANONYMOUS_PEER = PN_SSL_ANONYMOUS_PEER,
58  VERIFY_PEER_NAME = PN_SSL_VERIFY_PEER_NAME
59  };
60 
63  UNKNOWN = PN_SSL_RESUME_UNKNOWN,
64  NEW = PN_SSL_RESUME_NEW,
65  REUSED = PN_SSL_RESUME_REUSED
66  };
67 
69 
72  PN_CPP_EXTERN std::string cipher() const;
73 
76  PN_CPP_EXTERN std::string protocol() const;
77 
79  PN_CPP_EXTERN int ssf() const;
80 
82  PN_CPP_EXTERN std::string remote_subject() const;
83 
85  PN_CPP_EXTERN void resume_session_id(const std::string& session_id);
86 
87  PN_CPP_EXTERN enum resume_status resume_status() const;
88 
90 
91  private:
92  pn_ssl_t* const object_;
93 
95  friend class transport;
97 };
98 
101  public:
103  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main);
104 
105  // XXX Document the following constructors
106 
108  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra);
109 
111  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra, const std::string &passwd);
113 
114  private:
115  std::string certdb_main_;
116  std::string certdb_extra_;
117  std::string passwd_;
118  bool pw_set_;
119 
121  friend class ssl_client_options;
122  friend class ssl_server_options;
124 };
125 
126 class ssl_domain_impl;
127 
128 namespace internal {
129 
130 // Base class for SSL configuration
131 class ssl_domain {
132  public:
133  PN_CPP_EXTERN ssl_domain(const ssl_domain&);
134  PN_CPP_EXTERN ssl_domain& operator=(const ssl_domain&);
135  PN_CPP_EXTERN ~ssl_domain();
136 
137  protected:
138  ssl_domain(bool is_server);
139  pn_ssl_domain_t *pn_domain();
140 
141  private:
142  ssl_domain_impl *impl_;
143  bool server_type_;
144 };
145 
146 }
147 
149 class ssl_server_options : private internal::ssl_domain {
150  public:
153  PN_CPP_EXTERN ssl_server_options(ssl_certificate &cert);
154 
157  PN_CPP_EXTERN ssl_server_options(ssl_certificate &cert, const std::string &trust_db,
158  const std::string &advertise_db = std::string(),
159  enum ssl::verify_mode mode = ssl::VERIFY_PEER);
160 
163  PN_CPP_EXTERN ssl_server_options();
164 
165  private:
166  // Bring pn_domain into scope and allow connection_options to use
167  // it.
168  using internal::ssl_domain::pn_domain;
169 
171  friend class connection_options;
173 };
174 
176 class ssl_client_options : private internal::ssl_domain {
177  public:
179  PN_CPP_EXTERN ssl_client_options(const std::string &trust_db,
181 
183  PN_CPP_EXTERN ssl_client_options(ssl_certificate&, const std::string &trust_db,
185 
188  PN_CPP_EXTERN ssl_client_options();
189 
190  private:
191  // Bring pn_domain into scope and allow connection_options to use
192  // it.
193  using internal::ssl_domain::pn_domain;
194 
196  friend class connection_options;
198 };
199 
200 } // proton
201 
202 #endif // PROTON_SSL_HPP
Unsettled API - SSL configuration for inbound connections.
Definition: ssl.hpp:149
SSL information.
Definition: ssl.hpp:39
Require valid certificate and matching name.
Definition: ssl.hpp:58
Session resume state unknown or not supported.
Definition: ssl.hpp:63
Options for creating a connection.
Definition: connection_options.hpp:65
Unsettled API - SSL configuration for outbound connections.
Definition: ssl.hpp:176
resume_status
Outcome specifier for an attempted session resume.
Definition: ssl.hpp:62
verify_mode
Determines the level of peer validation.
Definition: ssl.hpp:52
Do not require a certificate or cipher authorization.
Definition: ssl.hpp:56
Require peer to provide a valid identifying certificate.
Definition: ssl.hpp:54
Session renegotiated, not resumed.
Definition: ssl.hpp:64
A network channel supporting an AMQP connection.
Definition: transport.hpp:37
Unsettled API - An SSL certificate.
Definition: ssl.hpp:100
The main Proton namespace.
Definition: annotation_key.hpp:33
Session resumed from previous session.
Definition: ssl.hpp:65