Qpid Proton C++ API  0.36.0
ssl.hpp
Go to the documentation of this file.
1 #ifndef PROTON_SSL_HPP
2 #define PROTON_SSL_HPP
3 
4 /*
5  *
6  * Licensed to the Apache Software Foundation (ASF) under one
7  * or more contributor license agreements. See the NOTICE file
8  * distributed with this work for additional information
9  * regarding copyright ownership. The ASF licenses this file
10  * to you under the Apache License, Version 2.0 (the
11  * "License"); you may not use this file except in compliance
12  * with the License. You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing,
17  * software distributed under the License is distributed on an
18  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19  * KIND, either express or implied. See the License for the
20  * specific language governing permissions and limitations
21  * under the License.
22  *
23  */
24 
25 #include "./internal/export.hpp"
26 
27 #include <proton/ssl.h>
28 
29 #include <string>
30 
33 
34 namespace proton {
35 
37 class ssl {
39  ssl(pn_ssl_t* s) : object_(s) {}
41 
42  ssl() = delete;
43 
44  public:
46  enum verify_mode {
48  VERIFY_PEER = PN_SSL_VERIFY_PEER,
50  ANONYMOUS_PEER = PN_SSL_ANONYMOUS_PEER,
52  VERIFY_PEER_NAME = PN_SSL_VERIFY_PEER_NAME
53  };
54 
56  enum resume_status {
57  UNKNOWN = PN_SSL_RESUME_UNKNOWN,
58  NEW = PN_SSL_RESUME_NEW,
59  REUSED = PN_SSL_RESUME_REUSED
60  };
61 
63 
66  PN_CPP_EXTERN std::string cipher() const;
67 
70  PN_CPP_EXTERN std::string protocol() const;
71 
73  PN_CPP_EXTERN int ssf() const;
74 
76  PN_CPP_EXTERN std::string remote_subject() const;
77 
79  PN_CPP_EXTERN void resume_session_id(const std::string& session_id);
80 
81  PN_CPP_EXTERN enum resume_status resume_status() const;
82 
84 
85  private:
86  pn_ssl_t* const object_;
87 
89  friend class transport;
91 };
92 
94 class ssl_certificate {
95  public:
97  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main);
98 
99  // XXX Document the following constructors
100 
102  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra);
103 
105  PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra, const std::string &passwd);
107 
108  private:
109  std::string certdb_main_;
110  std::string certdb_extra_;
111  std::string passwd_;
112  bool pw_set_;
113 
115  friend class ssl_client_options;
116  friend class ssl_server_options;
118 };
119 
120 
121 
123 class ssl_server_options {
124  public:
127  PN_CPP_EXTERN ssl_server_options(const ssl_certificate &cert);
128 
131  PN_CPP_EXTERN ssl_server_options(const ssl_certificate &cert, const std::string &trust_db,
132  const std::string &advertise_db = std::string(),
133  enum ssl::verify_mode mode = ssl::VERIFY_PEER);
134 
137  PN_CPP_EXTERN ssl_server_options();
138 
139  PN_CPP_EXTERN ~ssl_server_options();
140  PN_CPP_EXTERN ssl_server_options(const ssl_server_options&);
141  PN_CPP_EXTERN ssl_server_options& operator=(const ssl_server_options&);
142 
143  private:
144  class impl;
145  impl* impl_;
146 
148  friend class connection_options;
150 };
151 
153 class ssl_client_options {
154  public:
156  PN_CPP_EXTERN ssl_client_options();
157 
159  PN_CPP_EXTERN ssl_client_options(enum ssl::verify_mode);
160 
162  PN_CPP_EXTERN ssl_client_options(const std::string &trust_db,
163  enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);
164 
166  PN_CPP_EXTERN ssl_client_options(const ssl_certificate&, const std::string &trust_db,
167  enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);
168 
169  PN_CPP_EXTERN ~ssl_client_options();
170  PN_CPP_EXTERN ssl_client_options(const ssl_client_options&);
171  PN_CPP_EXTERN ssl_client_options& operator=(const ssl_client_options&);
172 
173  private:
174  class impl;
175  impl* impl_;
176 
178  friend class connection_options;
180 };
181 
182 } // proton
183 
184 #endif // PROTON_SSL_HPP
proton::connection_options
Options for creating a connection.
Definition: connection_options.hpp:67
proton::ssl_certificate
Unsettled API - An SSL certificate.
Definition: ssl.hpp:94
proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main)
Create an SSL certificate.
proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra)
Create an SSL certificate.
proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra, const std::string &passwd)
Create an SSL certificate.
proton::ssl_client_options
Unsettled API - SSL configuration for outbound connections.
Definition: ssl.hpp:153
proton::ssl_client_options::ssl_client_options
ssl_client_options(const std::string &trust_db, enum ssl::verify_mode=ssl::VERIFY_PEER_NAME)
Create SSL client specifying the certificate trust database.
proton::ssl_client_options::ssl_client_options
ssl_client_options(const ssl_certificate &, const std::string &trust_db, enum ssl::verify_mode=ssl::VERIFY_PEER_NAME)
Create SSL client with a client certificate.
proton::ssl_client_options::ssl_client_options
ssl_client_options(enum ssl::verify_mode)
Create SSL client with unusual verification policy (but default certificate trust database)
proton::ssl_client_options::ssl_client_options
ssl_client_options()
Create SSL client with defaults (use system certificate trust database and require name verification)
proton::ssl_server_options
Unsettled API - SSL configuration for inbound connections.
Definition: ssl.hpp:123
proton::ssl_server_options::ssl_server_options
ssl_server_options(const ssl_certificate &cert)
Server SSL options based on the supplied X.509 certificate specifier.
proton::ssl_server_options::ssl_server_options
ssl_server_options()
Server SSL options restricted to available anonymous cipher suites on the platform.
proton::ssl_server_options::ssl_server_options
ssl_server_options(const ssl_certificate &cert, const std::string &trust_db, const std::string &advertise_db=std::string(), enum ssl::verify_mode mode=ssl::VERIFY_PEER)
Server SSL options requiring connecting clients to provide a client certificate.
proton::ssl
SSL information.
Definition: ssl.hpp:37
proton::ssl::resume_status
resume_status
Outcome specifier for an attempted session resume.
Definition: ssl.hpp:56
proton::ssl::REUSED
@ REUSED
Session resumed from previous session.
Definition: ssl.hpp:59
proton::ssl::UNKNOWN
@ UNKNOWN
Session resume state unknown or not supported.
Definition: ssl.hpp:57
proton::ssl::NEW
@ NEW
Session renegotiated, not resumed.
Definition: ssl.hpp:58
proton::ssl::verify_mode
verify_mode
Determines the level of peer validation.
Definition: ssl.hpp:46
proton::ssl::VERIFY_PEER_NAME
@ VERIFY_PEER_NAME
Require valid certificate and matching name.
Definition: ssl.hpp:52
proton::ssl::ANONYMOUS_PEER
@ ANONYMOUS_PEER
Do not require a certificate or cipher authorization.
Definition: ssl.hpp:50
proton::ssl::VERIFY_PEER
@ VERIFY_PEER
Require peer to provide a valid identifying certificate.
Definition: ssl.hpp:48
proton::transport
A network channel supporting an AMQP connection.
Definition: transport.hpp:37
proton
The main Proton namespace.
Definition: annotation_key.hpp:33