The Micro C++ Library
micxx::SSLProtocol Class Reference

The SSLProtocol provides a Secure Socket Layer protocol implementation. More...

#include <micxx.hxx>

Inherits micxx::Mutex, and micxx::traits::BiDiConnection.

List of all members.

Public Member Functions

virtual ~SSLProtocol ()
 Destroys the sslContext.
virtual void accept (int aserverSessionIDContext=rand())
 Accept this instance as a server endpoint to the underlying connection.
virtual void connect ()
 Connect this instance as a client endpoint to the underlying connection.
virtual void close (ClosingMode closingMode=BiDirectional)
 Close this SSL communication link and release all associated resources.
virtual const X509CertificateListgetCACertificates () const
 Return the list of trusted CAs certificates.
virtual const X509CertificategetCertificate () const
 Return either the server or client certificate.
virtual bool getPeerAuthentication () const
 Return if peer authentication is enabled / disabled.
virtual const X509CertificategetPeerCertificate () const
 Return the peer certificate from the remote peer.
virtual const PrivateKeygetPrivateKey () const
 Return the private key.
virtual int recv (void *bytes, size_t size, bool blocking=true)
virtual int send (const void *bytes, size_t size, bool blocking=true)
virtual void setCACertificates (const X509CertificateList &certificates)
 Set the list of trusted CAs certificates.
virtual void setCACertificates (const std::string &url)
 Try to load a list of trusted CA certificates from URL url.
virtual void setCertificate (const X509Certificate &certificate)
 Sets either the own server or client certificate.
virtual void setCertificate (const std::string &url)
 Try to load either the own server or client certificate from URL url.
virtual void setCertificates (const PKCS12Store &pkcs12Store)
 Set either a private key and/or a certificate and/or a list of CA certificates from URL pkcs12.
virtual void setCertificates (const std::string &url, const std::string *passphrase=0)
 Try to load either a private key and/or a certificate and/or a list of CA certificates from URL url.
virtual void setPeerAuthentication (bool value)
 Enable (default) / Disable peer authentication.
virtual void setPrivateKey (const PrivateKey &privateKey)
 Sets the private key.
virtual void setPrivateKey (const std::string &url, const std::string *passphrase=0)
 Set the URL url and the passphrase to the private key resource.
virtual void setSocket (Socket *socket)
 Connect this SSL protocol instance with the specified socket.
virtual std::string toString () const
 Returns a printable representation.

Protected Member Functions

void doPeerAuthentication ()

Protected Attributes

PKCS12Store pkcs12Store
 A PKCS#12 store containing a private key, a certificate and a list of trusted CA certificate.
X509Certificate peerCertificate
 The received certificate of the other peer.
bool peerAuthentication
std::string address
 The address of this SSLProtocol instance.
bool closed
 SSLProtocol is either closed or connected.
bool checkCertificate
 Tracks if either the server or client certificate should be verified against the private key.

Detailed Description

The SSLProtocol provides a Secure Socket Layer protocol implementation.

See also:
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
http://www.rfc-editor.org/rfc/rfc5246.txt

The following example shows how to use this class with a TCP connection:

 // Create and connect the TCP client socket
 micxx::InetAddress inetAddress(addr.c_str());
 micxx::ClientSocket clientSocket;
 clientSocket.connect(inetAddress);

 // Create and customize the SSL protocol layer
 micxx::SSLProtocol sslProtocol;
 sslProtocol.setCACertificatesFile(caStore);

 // Connect the SSL protocol with the TCP socket
 sslProtocol.setSocket(clientSocket);

 // Connect the SSL client to the SSL Server endpoint (SSL Handshake)
 sslProtocol.connect();

 // Exchange encrypted data ...
 sslProtocol.send(MESSAGE.c_str(), MESSAGE.length());
 cout << sslProtocol.readLn();

 // Shutdown the SSL communication
 sslProtocol.close();
 // Close the TCP connection
 clientSocket.close();
Author:
Norbert Klose
Date:
May, 2009

Constructor & Destructor Documentation

virtual micxx::SSLProtocol::~SSLProtocol ( ) [virtual]

Destroys the sslContext.


Member Function Documentation

virtual void micxx::SSLProtocol::accept ( int  aserverSessionIDContext = rand()) [virtual]

Accept this instance as a server endpoint to the underlying connection.

virtual void micxx::SSLProtocol::close ( ClosingMode  closingMode = BiDirectional) [virtual]

Close this SSL communication link and release all associated resources.

Implements micxx::traits::BiDiConnection.

virtual void micxx::SSLProtocol::connect ( ) [virtual]

Connect this instance as a client endpoint to the underlying connection.

void micxx::SSLProtocol::doPeerAuthentication ( ) [protected]
virtual const X509CertificateList& micxx::SSLProtocol::getCACertificates ( ) const [inline, virtual]

Return the list of trusted CAs certificates.

    {
        return pkcs12Store.getCACertificates();
    }
virtual const X509Certificate& micxx::SSLProtocol::getCertificate ( ) const [inline, virtual]

Return either the server or client certificate.

    {
        return pkcs12Store.getCertificate();
    }
virtual bool micxx::SSLProtocol::getPeerAuthentication ( ) const [inline, virtual]

Return if peer authentication is enabled / disabled.

See also:
setPeerAuthentication(bool)
    {
        return peerAuthentication;
    }
virtual const X509Certificate& micxx::SSLProtocol::getPeerCertificate ( ) const [inline, virtual]

Return the peer certificate from the remote peer.

    {
        return peerCertificate;
    }
virtual const PrivateKey& micxx::SSLProtocol::getPrivateKey ( ) const [inline, virtual]

Return the private key.

    {
        return pkcs12Store.getPrivateKey();
    }
virtual int micxx::SSLProtocol::recv ( void *  bytes,
size_t  size,
bool  blocking = true 
) [virtual]
See also:
Connection::recv(void *, size_t, bool);
virtual int micxx::SSLProtocol::send ( const void *  bytes,
size_t  size,
bool  blocking = true 
) [virtual]
Parameters:
bytesThe pointer to the sending buffer
sizeThe number of bytes to be expected to be sent
blockingIf blocking is true, then the call waits until all size bytes were sent. Otherwise, it returns as soon as possible.
See also:
Connection::send(const void*, size_t)

Implements micxx::traits::Sender.

virtual void micxx::SSLProtocol::setCACertificates ( const X509CertificateList certificates) [virtual]

Set the list of trusted CAs certificates.

virtual void micxx::SSLProtocol::setCACertificates ( const std::string &  url) [virtual]

Try to load a list of trusted CA certificates from URL url.

virtual void micxx::SSLProtocol::setCertificate ( const X509Certificate certificate) [virtual]

Sets either the own server or client certificate.

virtual void micxx::SSLProtocol::setCertificate ( const std::string &  url) [virtual]

Try to load either the own server or client certificate from URL url.

virtual void micxx::SSLProtocol::setCertificates ( const PKCS12Store pkcs12Store) [virtual]

Set either a private key and/or a certificate and/or a list of CA certificates from URL pkcs12.

virtual void micxx::SSLProtocol::setCertificates ( const std::string &  url,
const std::string *  passphrase = 0 
) [virtual]

Try to load either a private key and/or a certificate and/or a list of CA certificates from URL url.

virtual void micxx::SSLProtocol::setPeerAuthentication ( bool  value) [inline, virtual]

Enable (default) / Disable peer authentication.

If this is a client endpoint, this will enable server authentication and requires a valid certificate chain provided by the server endpoint.

    {
        peerAuthentication = value;
    }
virtual void micxx::SSLProtocol::setPrivateKey ( const std::string &  url,
const std::string *  passphrase = 0 
) [virtual]

Set the URL url and the passphrase to the private key resource.

virtual void micxx::SSLProtocol::setPrivateKey ( const PrivateKey privateKey) [virtual]

Sets the private key.

virtual void micxx::SSLProtocol::setSocket ( Socket socket) [virtual]

Connect this SSL protocol instance with the specified socket.

If this instance was already connected to a connection, the old connection is deleted before.

Parameters:
socketEither a pointer to a valid socket instance to setup a new communication link, or 0 in which case only the old communication link is deleted.
virtual std::string micxx::SSLProtocol::toString ( ) const [virtual]

Returns a printable representation.

Reimplemented from micxx::Mutex.


Member Data Documentation

std::string micxx::SSLProtocol::address [protected]

The address of this SSLProtocol instance.

Tracks if either the server or client certificate should be verified against the private key.

bool micxx::SSLProtocol::closed [protected]

SSLProtocol is either closed or connected.

The received certificate of the other peer.

A PKCS#12 store containing a private key, a certificate and a list of trusted CA certificate.


The documentation for this class was generated from the following file: