#include <ssl_connection.h>
Inheritance diagram for funtik::SSLConnection:
Public Types | |
| enum | AuthType { CA_AUTH = 1, FINGERPRINT_AUTH = 2, MANDATORY_CLIENTCERT = 4, CHECK_REVOCATIONCERT = 8 } |
Public Member Functions | |
| SSLConnection (bool server, const ulxr::CppString &domain, unsigned port=80) | |
| Constructs a generic connection, primarily for a client. | |
| SSLConnection (bool server, long adr=INADDR_ANY, unsigned port=0) | |
| Constructs a generic connection, primarily for a server. | |
| virtual | ~SSLConnection () |
| Constructs a connection. | |
| virtual void | close () |
| Closes the connection. | |
| virtual ulxr::Connection * | detach () |
| Detaches the connection by creating a duplicate of the connection and closing the original connection afterwards. | |
| virtual void | open () |
| Opens the connection in rpc client mode. | |
| virtual void | accept () |
| Opens the connection in rpc server mode, thus waiting for connections from clients. | |
| virtual ulxr::CppString | getInterfaceName () |
| Tests if the current transmission expects a return value. | |
| virtual void | cut () |
| Cuts the connection. | |
| void | setCryptographyData (const std::string &password, const std::string &certfile, const std::string &keyfile) |
| Sets the cryptography data. | |
| void | setPassword (const std::string &strPassword) |
| Set the password for cryptography client`s certificate. | |
| std::string | getPassword () const |
| Get the password. | |
| void | setCertFile (const std::string &strCertFile) |
| set the certificate. | |
| std::string | getCertFileName () const |
| get name of certificate. | |
| void | setKeyFile (const std::string &strCertFileName) |
| std::string | getKeyFileName () const |
| get name of key. | |
| void | setCAFile (const std::string &strCAFile) |
| Sets the CA file data. | |
| void | enableAuth (int iType) |
| Enable SSL authentificate. | |
| void | disableAuth (int iType=0) |
| Disable SSL authentificate. | |
| void | addFingerprintData (const std::string &strFingerprint) |
| Adds the fingerprint of client`s certificate. | |
| void | resetFingerprintData () |
| Reset all fingerprint data of client`s certificate. | |
| void | addRevocationData (const std::string &strRevocation) |
| Adds the fingerprint of revocation client`s certificate. | |
| void | resetRevocationData () |
| Reset all fingerprint data of revocation certificates. | |
| bool | checkFingerprint (std::string strFingerprint) const |
| Check fingerprint in fingerprint data. | |
| bool | checkRevocationFingerprint (std::string strFingerprint) const |
| Check fingerprint in revocation fingerprint data. | |
| std::string | calculateFingerprint (X509 *poCertificate) const |
| Calculates certificate fingerprint. | |
Protected Member Functions | |
| bool | checkAccess (X509 *poCertificate) |
| Check certificate in fingerprint data and revocation data. | |
| void | activateAuth () |
| activate security functions. | |
| SSL * | getSslObject () const |
| Returns the SSL object. | |
| SSL_CTX * | getSslContextObject () const |
| Returns the SSL context object. | |
| SSL_SESSION * | getSslSessionObject () const |
| Returns the SSL session object. | |
| virtual bool | hasPendingInput () const |
| Checks if there is input data which can immediately be read. | |
| void | createSSL () |
| Create SSL object. | |
| void | initializeCTX () |
| Initialise SSL context data. | |
| virtual ssize_t | low_level_write (char const *buff, long len) |
| Actually writes data to the connection. | |
| virtual ssize_t | low_level_read (char *buff, long len) |
| Reads data from the connection. | |
| void | init () |
| Initializes internal variables. | |
Protected Attributes | |
| int | m_iAuthType |
| if m_CA_auth is true then used authentification by means of CA certificate. | |
| std::string | m_strCAFileName |
| std::map< std::string, int > | m_mapFingerpintData |
| std::map< std::string, int > | m_mapRevocationData |
| std::string | m_strPassword |
| std::string | m_strKeyFileName |
| std::string | m_strCertFileName |
| SSL * | ssl |
| SSL_CTX * | ssl_ctx |
| SSL_SESSION * | session |
Static Protected Attributes | |
| static bool | ssl_initialized |
This support SSL connections for server and client. This support SSL authentification,check certificates, etc.
Definition at line 88 of file ssl_connection.h.
Definition at line 241 of file ssl_connection.h.
| funtik::SSLConnection::SSLConnection | ( | bool | server, | |
| const ulxr::CppString & | domain, | |||
| unsigned | port = 80 | |||
| ) |
Constructs a generic connection, primarily for a client.
The connection is not yet open after construction.
| server | true: bind socket to adress for server mode | |
| domain | domain name of the server | |
| port | port on the the server |
Definition at line 180 of file ssl_connection.cpp.
References init(), ULXR_PCHAR, and ULXR_TRACE.
Referenced by detach().
| funtik::SSLConnection::SSLConnection | ( | bool | server, | |
| long | adr = INADDR_ANY, |
|||
| unsigned | port = 0 | |||
| ) |
Constructs a generic connection, primarily for a server.
The connection is not yet open after construction.
| server | true: bind socket to adress for server mode | |
| adr | accepted client adress | |
| port | port on which the connect is accepted |
Definition at line 188 of file ssl_connection.cpp.
References init(), ULXR_PCHAR, and ULXR_TRACE.
| funtik::SSLConnection::~SSLConnection | ( | ) | [virtual] |
Constructs a connection.
The connection is not yet open after construction.
Definition at line 275 of file ssl_connection.cpp.
References close(), session, ssl_ctx, ULXR_PCHAR, and ULXR_TRACE.
| void funtik::SSLConnection::close | ( | ) | [virtual] |
Closes the connection.
Reimplemented from ulxr::TcpIpConnection.
Definition at line 293 of file ssl_connection.cpp.
References ulxr::TcpIpConnection::close(), ULXR_PCHAR, and ULXR_TRACE.
Referenced by ~SSLConnection().
| ulxr::Connection * funtik::SSLConnection::detach | ( | ) | [virtual] |
Detaches the connection by creating a duplicate of the connection and closing the original connection afterwards.
Reimplemented from ulxr::TcpIpConnection.
Definition at line 374 of file ssl_connection.cpp.
References cut(), ulxr::TcpIpConnection::getServerData(), session, ulxr::TcpIpConnection::setServerData(), ssl, ssl_ctx, SSLConnection(), ULXR_PCHAR, and ULXR_TRACE.
| void funtik::SSLConnection::open | ( | ) | [virtual] |
Opens the connection in rpc client mode.
Reimplemented from ulxr::TcpIpConnection.
Definition at line 420 of file ssl_connection.cpp.
References ulxr::TcpIpConnection::open(), ULXR_PCHAR, and ULXR_TRACE.
| void funtik::SSLConnection::accept | ( | ) | [virtual] |
Opens the connection in rpc server mode, thus waiting for connections from clients.
Definition at line 461 of file ssl_connection.cpp.
References ulxr::TcpIpConnection::accept(), ULXR_GET_STRING, ULXR_PCHAR, and ULXR_TRACE.
| ulxr::CppString funtik::SSLConnection::getInterfaceName | ( | ) | [virtual] |
Tests if the current transmission expects a return value.
Reimplemented from ulxr::TcpIpConnection.
Definition at line 494 of file ssl_connection.cpp.
References ULXR_PCHAR, and ULXR_TRACE.
| void funtik::SSLConnection::cut | ( | ) | [virtual] |
Cuts the connection.
Just the variables are reset,creted new ssl_ctx, the connection itself is not touched.
Reimplemented from ulxr::Connection.
Definition at line 502 of file ssl_connection.cpp.
References ulxr::Connection::cut(), ULXR_PCHAR, and ULXR_TRACE.
Referenced by detach().
| void funtik::SSLConnection::setCryptographyData | ( | const std::string & | password, | |
| const std::string & | certfile, | |||
| const std::string & | keyfile | |||
| ) |
Sets the cryptography data.
| password | password for the crypto files | |
| certfile | name of the servers or clients certificate file (PEM format) | |
| keyfile | name of the servers or clients private key file (PEM format) |
Definition at line 197 of file ssl_connection.cpp.
References ULXR_GET_STRING, ulxr_i18n, and ULXR_PCHAR.
| void funtik::SSLConnection::setPassword | ( | const std::string & | strPassword | ) |
Set the password for cryptography client`s certificate.
| strPassword | password for the crypto files. |
Definition at line 533 of file ssl_connection.cpp.
| std::string funtik::SSLConnection::getPassword | ( | ) | const |
Get the password.
Returns the password for key.
Definition at line 510 of file ssl_connection.cpp.
Referenced by funtik::password_cb().
| void funtik::SSLConnection::setCertFile | ( | const std::string & | strCertFile | ) |
set the certificate.
Set the name of the servers or clients certificate file (PEM format). Function will be generate exception if certificate have bad format.
| strCertFile | name of the certificate file |
Definition at line 538 of file ssl_connection.cpp.
References ULXR_GET_STRING, ulxr_i18n, and ULXR_PCHAR.
| std::string funtik::SSLConnection::getCertFileName | ( | ) | const |
get name of certificate.
Get the name of the servers or clients certificate file.
Definition at line 559 of file ssl_connection.cpp.
| void funtik::SSLConnection::setKeyFile | ( | const std::string & | strCertFileName | ) |
Definition at line 547 of file ssl_connection.cpp.
References ULXR_GET_STRING, ulxr_i18n, and ULXR_PCHAR.
| std::string funtik::SSLConnection::getKeyFileName | ( | ) | const |
get name of key.
Get the name of the servers or clients key file.
Definition at line 554 of file ssl_connection.cpp.
| void funtik::SSLConnection::setCAFile | ( | const std::string & | strCAFile | ) |
Sets the CA file data.
| strCAFile | name of file contains client`s certificates |
Definition at line 587 of file ssl_connection.cpp.
References ULXR_GET_STRING, ulxr_i18n, and ULXR_PCHAR.
| void funtik::SSLConnection::enableAuth | ( | int | iType | ) |
Enable SSL authentificate.
Enable SSL authentificate. Maybe two types of authentificate. CA_AUTH all signed certificates is validate(need call function for set CA file). FINGERPRINT_AUTH certificate is validate if server or client has one fingerprint.
Note: if need
| iType | type of authentificate. |
Definition at line 580 of file ssl_connection.cpp.
| void funtik::SSLConnection::disableAuth | ( | int | iType = 0 |
) |
Disable SSL authentificate.
Disable SSL authentificate options.
| iType | type of disabled authentificate. if iType is 0 or absent all authentificate set disable. |
Definition at line 566 of file ssl_connection.cpp.
| void funtik::SSLConnection::addFingerprintData | ( | const std::string & | strFingerprint | ) |
Adds the fingerprint of client`s certificate.
For Generating fingerpint for certificate certificate.pem use next command: openssl x509 -fingerprint -in ./certificate.pem
| strFingerprint | filename with fingerprints. |
Definition at line 614 of file ssl_connection.cpp.
| void funtik::SSLConnection::resetFingerprintData | ( | ) |
Reset all fingerprint data of client`s certificate.
Definition at line 624 of file ssl_connection.cpp.
| void funtik::SSLConnection::addRevocationData | ( | const std::string & | strRevocation | ) |
Adds the fingerprint of revocation client`s certificate.
| strRevocation | filename with revocation fingerprints. |
Definition at line 619 of file ssl_connection.cpp.
| void funtik::SSLConnection::resetRevocationData | ( | ) |
Reset all fingerprint data of revocation certificates.
Definition at line 629 of file ssl_connection.cpp.
| bool funtik::SSLConnection::checkFingerprint | ( | std::string | strFingerprint | ) | const |
Check fingerprint in fingerprint data.
| strFingerprint |
Definition at line 660 of file ssl_connection.cpp.
| bool funtik::SSLConnection::checkRevocationFingerprint | ( | std::string | strFingerprint | ) | const |
Check fingerprint in revocation fingerprint data.
| strFingerprint |
Definition at line 670 of file ssl_connection.cpp.
| std::string funtik::SSLConnection::calculateFingerprint | ( | X509 * | poCertificate | ) | const |
Calculates certificate fingerprint.
Definition at line 635 of file ssl_connection.cpp.
| bool funtik::SSLConnection::checkAccess | ( | X509 * | poCertificate | ) | [protected] |
Check certificate in fingerprint data and revocation data.
This is used by accept and open functions.
Definition at line 678 of file ssl_connection.cpp.
References CHECK_REVOCATIONCERT, and FINGERPRINT_AUTH.
| void funtik::SSLConnection::activateAuth | ( | ) | [protected] |
activate security functions.
Active security. Used in enableAuth and disableAuth functions.
Definition at line 714 of file ssl_connection.cpp.
| SSL * funtik::SSLConnection::getSslObject | ( | ) | const [protected] |
Returns the SSL object.
Definition at line 516 of file ssl_connection.cpp.
| SSL_CTX * funtik::SSLConnection::getSslContextObject | ( | ) | const [protected] |
Returns the SSL context object.
Definition at line 522 of file ssl_connection.cpp.
| SSL_SESSION * funtik::SSLConnection::getSslSessionObject | ( | ) | const [protected] |
Returns the SSL session object.
Definition at line 528 of file ssl_connection.cpp.
| bool funtik::SSLConnection::hasPendingInput | ( | ) | const [protected, virtual] |
Checks if there is input data which can immediately be read.
Reimplemented from ulxr::Connection.
Definition at line 341 of file ssl_connection.cpp.
References ULXR_PCHAR, and ULXR_TRACE.
| void funtik::SSLConnection::createSSL | ( | ) | [protected] |
Create SSL object.
Definition at line 394 of file ssl_connection.cpp.
References funtik::s_server_auth_session_id_context, ulxr_i18n, ULXR_PCHAR, and ULXR_TRACE.
| void funtik::SSLConnection::initializeCTX | ( | ) | [protected] |
Initialise SSL context data.
!!
Definition at line 222 of file ssl_connection.cpp.
References funtik::password_cb(), funtik::s_server_session_id_context, ulxr_i18n, ULXR_PCHAR, and ULXR_TRACE.
| ssize_t funtik::SSLConnection::low_level_write | ( | char const * | buff, | |
| long | len | |||
| ) | [protected, virtual] |
Actually writes data to the connection.
| buff | pointer to data | |
| len | valid buffer length |
Reimplemented from ulxr::Connection.
Definition at line 318 of file ssl_connection.cpp.
References ULXR_PCHAR, and ULXR_TRACE.
| ssize_t funtik::SSLConnection::low_level_read | ( | char * | buff, | |
| long | len | |||
| ) | [protected, virtual] |
Reads data from the connection.
| buff | pointer to data buffer | |
| len | maimum number of bytes to read into buffer |
Reimplemented from ulxr::Connection.
Definition at line 352 of file ssl_connection.cpp.
References ULXR_PCHAR, and ULXR_TRACE.
| void funtik::SSLConnection::init | ( | ) | [protected] |
Initializes internal variables.
Reimplemented from ulxr::Connection.
Definition at line 258 of file ssl_connection.cpp.
References ULXR_PCHAR, and ULXR_TRACE.
Referenced by SSLConnection().
int funtik::SSLConnection::m_iAuthType [protected] |
if m_CA_auth is true then used authentification by means of CA certificate.
Path to the CA certificates must be in variable m_CA_file.
Definition at line 304 of file ssl_connection.h.
std::string funtik::SSLConnection::m_strCAFileName [protected] |
Definition at line 305 of file ssl_connection.h.
std::map<std::string,int> funtik::SSLConnection::m_mapFingerpintData [protected] |
Definition at line 307 of file ssl_connection.h.
std::map<std::string,int> funtik::SSLConnection::m_mapRevocationData [protected] |
Definition at line 308 of file ssl_connection.h.
std::string funtik::SSLConnection::m_strPassword [protected] |
Definition at line 310 of file ssl_connection.h.
std::string funtik::SSLConnection::m_strKeyFileName [protected] |
Definition at line 311 of file ssl_connection.h.
std::string funtik::SSLConnection::m_strCertFileName [protected] |
Definition at line 312 of file ssl_connection.h.
SSL* funtik::SSLConnection::ssl [protected] |
SSL_CTX* funtik::SSLConnection::ssl_ctx [protected] |
SSL_SESSION* funtik::SSLConnection::session [protected] |
bool funtik::SSLConnection::ssl_initialized [static, protected] |
Definition at line 364 of file ssl_connection.h.
1.5.1