The Micro C++ Library
|
The SSLProtocol provides a Secure Socket Layer protocol implementation. More...
#include <micxx.hxx>
Inherits micxx::Mutex, and micxx::traits::BiDiConnection.
Public Member Functions | |
virtual | ~SSLProtocol () |
Destroys the sslContext. | |
virtual void | accept (int aserverSessionIDContext=rand()) |
Accept this instance as a server endpoint to the underlying connection. | |
virtual void | connect () |
Connect this instance as a client endpoint to the underlying connection. | |
virtual void | close (ClosingMode closingMode=BiDirectional) |
Close this SSL communication link and release all associated resources. | |
virtual const X509CertificateList & | getCACertificates () const |
Return the list of trusted CAs certificates. | |
virtual const X509Certificate & | getCertificate () const |
Return either the server or client certificate. | |
virtual bool | getPeerAuthentication () const |
Return if peer authentication is enabled / disabled. | |
virtual const X509Certificate & | getPeerCertificate () const |
Return the peer certificate from the remote peer. | |
virtual const PrivateKey & | getPrivateKey () const |
Return the private key. | |
virtual int | recv (void *bytes, size_t size, bool blocking=true) |
virtual int | send (const void *bytes, size_t size, bool blocking=true) |
virtual void | setCACertificates (const X509CertificateList &certificates) |
Set the list of trusted CAs certificates. | |
virtual void | setCACertificates (const std::string &url) |
Try to load a list of trusted CA certificates from URL url. | |
virtual void | setCertificate (const X509Certificate &certificate) |
Sets either the own server or client certificate. | |
virtual void | setCertificate (const std::string &url) |
Try to load either the own server or client certificate from URL url. | |
virtual void | setCertificates (const PKCS12Store &pkcs12Store) |
Set either a private key and/or a certificate and/or a list of CA certificates from URL pkcs12. | |
virtual void | setCertificates (const std::string &url, const std::string *passphrase=0) |
Try to load either a private key and/or a certificate and/or a list of CA certificates from URL url. | |
virtual void | setPeerAuthentication (bool value) |
Enable (default) / Disable peer authentication. | |
virtual void | setPrivateKey (const PrivateKey &privateKey) |
Sets the private key. | |
virtual void | setPrivateKey (const std::string &url, const std::string *passphrase=0) |
Set the URL url and the passphrase to the private key resource. | |
virtual void | setSocket (Socket *socket) |
Connect this SSL protocol instance with the specified socket. | |
virtual std::string | toString () const |
Returns a printable representation. | |
Protected Member Functions | |
void | doPeerAuthentication () |
Protected Attributes | |
PKCS12Store | pkcs12Store |
A PKCS#12 store containing a private key, a certificate and a list of trusted CA certificate. | |
X509Certificate | peerCertificate |
The received certificate of the other peer. | |
bool | peerAuthentication |
std::string | address |
The address of this SSLProtocol instance. | |
bool | closed |
SSLProtocol is either closed or connected. | |
bool | checkCertificate |
Tracks if either the server or client certificate should be verified against the private key. |
The SSLProtocol provides a Secure Socket Layer protocol implementation.
The following example shows how to use this class with a TCP connection:
// Create and connect the TCP client socket micxx::InetAddress inetAddress(addr.c_str()); micxx::ClientSocket clientSocket; clientSocket.connect(inetAddress); // Create and customize the SSL protocol layer micxx::SSLProtocol sslProtocol; sslProtocol.setCACertificatesFile(caStore); // Connect the SSL protocol with the TCP socket sslProtocol.setSocket(clientSocket); // Connect the SSL client to the SSL Server endpoint (SSL Handshake) sslProtocol.connect(); // Exchange encrypted data ... sslProtocol.send(MESSAGE.c_str(), MESSAGE.length()); cout << sslProtocol.readLn(); // Shutdown the SSL communication sslProtocol.close(); // Close the TCP connection clientSocket.close();
virtual micxx::SSLProtocol::~SSLProtocol | ( | ) | [virtual] |
Destroys the sslContext.
virtual void micxx::SSLProtocol::accept | ( | int | aserverSessionIDContext = rand() | ) | [virtual] |
Accept this instance as a server endpoint to the underlying connection.
virtual void micxx::SSLProtocol::close | ( | ClosingMode | closingMode = BiDirectional | ) | [virtual] |
Close this SSL communication link and release all associated resources.
Implements micxx::traits::BiDiConnection.
virtual void micxx::SSLProtocol::connect | ( | ) | [virtual] |
Connect this instance as a client endpoint to the underlying connection.
void micxx::SSLProtocol::doPeerAuthentication | ( | ) | [protected] |
virtual const X509CertificateList& micxx::SSLProtocol::getCACertificates | ( | ) | const [inline, virtual] |
Return the list of trusted CAs certificates.
{ return pkcs12Store.getCACertificates(); }
virtual const X509Certificate& micxx::SSLProtocol::getCertificate | ( | ) | const [inline, virtual] |
Return either the server or client certificate.
{ return pkcs12Store.getCertificate(); }
virtual bool micxx::SSLProtocol::getPeerAuthentication | ( | ) | const [inline, virtual] |
Return if peer authentication is enabled / disabled.
{ return peerAuthentication; }
virtual const X509Certificate& micxx::SSLProtocol::getPeerCertificate | ( | ) | const [inline, virtual] |
Return the peer certificate from the remote peer.
{ return peerCertificate; }
virtual const PrivateKey& micxx::SSLProtocol::getPrivateKey | ( | ) | const [inline, virtual] |
Return the private key.
{ return pkcs12Store.getPrivateKey(); }
virtual int micxx::SSLProtocol::recv | ( | void * | bytes, |
size_t | size, | ||
bool | blocking = true |
||
) | [virtual] |
virtual int micxx::SSLProtocol::send | ( | const void * | bytes, |
size_t | size, | ||
bool | blocking = true |
||
) | [virtual] |
bytes | The pointer to the sending buffer |
size | The number of bytes to be expected to be sent |
blocking | If blocking is true , then the call waits until all size bytes were sent. Otherwise, it returns as soon as possible. |
Implements micxx::traits::Sender.
virtual void micxx::SSLProtocol::setCACertificates | ( | const X509CertificateList & | certificates | ) | [virtual] |
Set the list of trusted CAs certificates.
virtual void micxx::SSLProtocol::setCACertificates | ( | const std::string & | url | ) | [virtual] |
Try to load a list of trusted CA certificates from URL url.
virtual void micxx::SSLProtocol::setCertificate | ( | const X509Certificate & | certificate | ) | [virtual] |
Sets either the own server or client certificate.
virtual void micxx::SSLProtocol::setCertificate | ( | const std::string & | url | ) | [virtual] |
Try to load either the own server or client certificate from URL url.
virtual void micxx::SSLProtocol::setCertificates | ( | const PKCS12Store & | pkcs12Store | ) | [virtual] |
Set either a private key and/or a certificate and/or a list of CA certificates from URL pkcs12.
virtual void micxx::SSLProtocol::setCertificates | ( | const std::string & | url, |
const std::string * | passphrase = 0 |
||
) | [virtual] |
Try to load either a private key and/or a certificate and/or a list of CA certificates from URL url.
virtual void micxx::SSLProtocol::setPeerAuthentication | ( | bool | value | ) | [inline, virtual] |
Enable (default) / Disable peer authentication.
If this is a client endpoint, this will enable server authentication and requires a valid certificate chain provided by the server endpoint.
{ peerAuthentication = value; }
virtual void micxx::SSLProtocol::setPrivateKey | ( | const std::string & | url, |
const std::string * | passphrase = 0 |
||
) | [virtual] |
Set the URL url and the passphrase to the private key resource.
virtual void micxx::SSLProtocol::setPrivateKey | ( | const PrivateKey & | privateKey | ) | [virtual] |
Sets the private key.
virtual void micxx::SSLProtocol::setSocket | ( | Socket * | socket | ) | [virtual] |
Connect this SSL protocol instance with the specified socket.
If this instance was already connected to a connection, the old connection is deleted before.
socket | Either a pointer to a valid socket instance to setup a new communication link, or 0 in which case only the old communication link is deleted. |
virtual std::string micxx::SSLProtocol::toString | ( | ) | const [virtual] |
Returns a printable representation.
Reimplemented from micxx::Mutex.
std::string micxx::SSLProtocol::address [protected] |
The address of this SSLProtocol instance.
bool micxx::SSLProtocol::checkCertificate [protected] |
Tracks if either the server or client certificate should be verified against the private key.
bool micxx::SSLProtocol::closed [protected] |
SSLProtocol is either closed or connected.
bool micxx::SSLProtocol::peerAuthentication [protected] |
X509Certificate micxx::SSLProtocol::peerCertificate [protected] |
The received certificate of the other peer.
PKCS12Store micxx::SSLProtocol::pkcs12Store [protected] |
A PKCS#12 store containing a private key, a certificate and a list of trusted CA certificate.