cpp/api/ssl_8hpp_source.html

#ifndef PROTON_SSL_HPP

#define PROTON_SSL_HPP


/*

 *

 * Licensed to the Apache Software Foundation (ASF) under one

 * or more contributor license agreements.  See the NOTICE file

 * distributed with this work for additional information

 * regarding copyright ownership.  The ASF licenses this file

 * to you under the Apache License, Version 2.0 (the

 * "License"); you may not use this file except in compliance

 * with the License.  You may obtain a copy of the License at

 *

 *   http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing,

 * software distributed under the License is distributed on an

 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

 * KIND, either express or implied.  See the License for the

 * specific language governing permissions and limitations

 * under the License.

 *

 */


#include "./internal/export.hpp"


#include <proton/ssl.h>


#include <string>


namespace proton {


class ssl {

    ssl(pn_ssl_t* s) : object_(s) {}


    ssl() = delete;


  public:

    enum verify_mode {

        VERIFY_PEER = PN_SSL_VERIFY_PEER,

        ANONYMOUS_PEER = PN_SSL_ANONYMOUS_PEER,

        VERIFY_PEER_NAME = PN_SSL_VERIFY_PEER_NAME

    };


    enum resume_status {

        UNKNOWN = PN_SSL_RESUME_UNKNOWN,

        NEW = PN_SSL_RESUME_NEW,

        REUSED = PN_SSL_RESUME_REUSED

    };


    PN_CPP_EXTERN std::string cipher() const;


    PN_CPP_EXTERN std::string protocol() const;


    PN_CPP_EXTERN int ssf() const;


    PN_CPP_EXTERN std::string remote_subject() const;


    PN_CPP_EXTERN void resume_session_id(const std::string& session_id);


    PN_CPP_EXTERN enum resume_status resume_status() const;


  private:

    pn_ssl_t* const object_;


  friend class transport;

};


class ssl_certificate {

  public:

    PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main);


    // XXX Document the following constructors


    PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra);


    PN_CPP_EXTERN ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra, const std::string &passwd);


  private:

    std::string certdb_main_;

    std::string certdb_extra_;

    std::string passwd_;

    bool pw_set_;


  friend class ssl_client_options;

  friend class ssl_server_options;

};


class ssl_server_options {

  public:

    PN_CPP_EXTERN ssl_server_options(const ssl_certificate &cert);


    PN_CPP_EXTERN ssl_server_options(const ssl_certificate &cert, const std::string &trust_db,

                                     const std::string &advertise_db = std::string(),

                                     enum ssl::verify_mode mode = ssl::VERIFY_PEER);


    PN_CPP_EXTERN ssl_server_options();


    PN_CPP_EXTERN ~ssl_server_options();

    PN_CPP_EXTERN ssl_server_options(const ssl_server_options&);

    PN_CPP_EXTERN ssl_server_options& operator=(const ssl_server_options&);


  private:

    class impl;

    impl* impl_;


  friend class connection_options;

};


class ssl_client_options {

  public:

    PN_CPP_EXTERN ssl_client_options();


    PN_CPP_EXTERN ssl_client_options(enum ssl::verify_mode);


    PN_CPP_EXTERN ssl_client_options(const std::string &trust_db,

                                     enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);


    PN_CPP_EXTERN ssl_client_options(const ssl_certificate&,

                                     enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);


    PN_CPP_EXTERN ssl_client_options(const ssl_certificate&, const std::string &trust_db,

                                     enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);


    PN_CPP_EXTERN ~ssl_client_options();

    PN_CPP_EXTERN ssl_client_options(const ssl_client_options&);

    PN_CPP_EXTERN ssl_client_options& operator=(const ssl_client_options&);


  private:

    class impl;

    impl* impl_;


  friend class connection_options;

};


} // proton


#endif // PROTON_SSL_HPP

proton::connection_options
Options for creating a connection.
Definition: connection_options.hpp:67

proton::ssl_certificate
Unsettled API - An SSL certificate.
Definition: ssl.hpp:94

proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main)
Create an SSL certificate.

proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra)
Create an SSL certificate.

proton::ssl_certificate::ssl_certificate
ssl_certificate(const std::string &certdb_main, const std::string &certdb_extra, const std::string &passwd)
Create an SSL certificate.

proton::ssl_client_options
Unsettled API - SSL configuration for outbound connections.
Definition: ssl.hpp:153

proton::ssl_client_options::ssl_client_options
ssl_client_options(const std::string &trust_db, enum ssl::verify_mode=ssl::VERIFY_PEER_NAME)
Create SSL client specifying the certificate trust database.

proton::ssl_client_options::ssl_client_options
ssl_client_options(const ssl_certificate &, const std::string &trust_db, enum ssl::verify_mode=ssl::VERIFY_PEER_NAME)
Create SSL client with a client certificate and a custom certificate trust database.

proton::ssl_client_options::ssl_client_options
ssl_client_options(enum ssl::verify_mode)
Create SSL client with unusual verification policy (but default certificate trust database)

proton::ssl_client_options::ssl_client_options
ssl_client_options()
Create SSL client with defaults (use system certificate trust database and require name verification)

proton::ssl_client_options::ssl_client_options
ssl_client_options(const ssl_certificate &, enum ssl::verify_mode=ssl::VERIFY_PEER_NAME)
Create SSL client with a client certificate.

proton::ssl_server_options
Unsettled API - SSL configuration for inbound connections.
Definition: ssl.hpp:123

proton::ssl_server_options::ssl_server_options
ssl_server_options(const ssl_certificate &cert)
Server SSL options based on the supplied X.509 certificate specifier.

proton::ssl_server_options::ssl_server_options
ssl_server_options()
Server SSL options restricted to available anonymous cipher suites on the platform.

proton::ssl_server_options::ssl_server_options
ssl_server_options(const ssl_certificate &cert, const std::string &trust_db, const std::string &advertise_db=std::string(), enum ssl::verify_mode mode=ssl::VERIFY_PEER)
Server SSL options requiring connecting clients to provide a client certificate.

proton::ssl
SSL information.
Definition: ssl.hpp:37

proton::ssl::resume_status
resume_status
Outcome specifier for an attempted session resume.
Definition: ssl.hpp:56

proton::ssl::REUSED
@ REUSED
Session resumed from previous session.
Definition: ssl.hpp:59

proton::ssl::UNKNOWN
@ UNKNOWN
Session resume state unknown or not supported.
Definition: ssl.hpp:57

proton::ssl::NEW
@ NEW
Session renegotiated, not resumed.
Definition: ssl.hpp:58

proton::ssl::verify_mode
verify_mode
Determines the level of peer validation.
Definition: ssl.hpp:46

proton::ssl::VERIFY_PEER_NAME
@ VERIFY_PEER_NAME
Require valid certificate and matching name.
Definition: ssl.hpp:52

proton::ssl::ANONYMOUS_PEER
@ ANONYMOUS_PEER
Do not require a certificate or cipher authorization.
Definition: ssl.hpp:50

proton::ssl::VERIFY_PEER
@ VERIFY_PEER
Require peer to provide a valid identifying certificate.
Definition: ssl.hpp:48

proton::transport
A network channel supporting an AMQP connection.
Definition: transport.hpp:37

proton
The main Proton namespace.
Definition: annotation_key.hpp:33