2
Copyright (c) 2007-2009 by Jakob Schroeter <js@camaya.net>
3
This file is part of the gloox library. http://camaya.net/gloox
5
This software is distributed under a license. The full license
6
agreement can be found in the file LICENSE in this distribution.
7
This software may not be copied, modified, sold or distributed
8
other than expressed in the named license agreement.
10
This software is distributed without any warranty.
20
#include "tlshandler.h"
26
* @brief An abstract base class for TLS implementations.
28
* @author Jakob Schroeter <js@camaya.net>
31
class GLOOX_API TLSBase
36
* @param th The TLSHandler to handle TLS-related events.
37
* @param server The server to use in certificate verification.
39
TLSBase( TLSHandler* th, const std::string server )
40
: m_handler( th ), m_server( server ), m_secure( false ), m_valid( false ), m_initLib( true )
49
* Initializes the TLS module. This function must be called (and execute successfully)
50
* before the module can be used.
51
* @param clientKey The absolute path to the user's private key in PEM format.
52
* @param clientCerts A path to a certificate bundle in PEM format.
53
* @param cacerts A list of absolute paths to CA root certificate files in PEM format.
54
* @return @b False if initialization failed, @b true otherwise.
57
virtual bool init( const std::string& clientKey = EmptyString,
58
const std::string& clientCerts = EmptyString,
59
const StringList& cacerts = StringList() ) = 0;
62
* Enables/disables initialization of the underlying TLS library. By default,
63
* initialization is performed. You may want to switch it off if the TLS library
64
* is used elsewhere in your applicationas well and you have no control over the
66
* @param init Whether or not to intialize the underlying TLS library.
68
void setInitLib( bool init ) { m_initLib = init; }
71
* Use this function to feed unencrypted data to the encryption implementation.
72
* The encrypted result will be pushed to the TLSHandler's handleEncryptedData() function.
73
* @param data The data to encrypt.
74
* @return Whether or not the data was used successfully.
76
virtual bool encrypt( const std::string& data ) = 0;
79
* Use this function to feed encrypted data or received handshake data to the
80
* encryption implementation. Handshake data will be eaten, unencrypted data
81
* will be pushed to the TLSHandler's handleDecryptedData() function.
82
* @param data The data to decrypt.
83
* @return The number of bytes used from the input.
85
virtual int decrypt( const std::string& data ) = 0;
88
* This function performs internal cleanup and will be called after a failed handshake attempt.
90
virtual void cleanup() = 0;
93
* This functiopn performs the TLS handshake. Handshake data from the server side should be
94
* fed in using decrypt(). Handshake data that is to be sent to the other side is pushed through
95
* TLSBase's handleEncryptedData().
96
* @return @b True if the handshake was successful or if more input is needed, @b false if the
99
virtual bool handshake() = 0;
102
* Returns the state of the encryption.
103
* @return The state of the encryption.
105
virtual bool isSecure() const { return m_secure; }
108
* Use this function to set a number of trusted root CA certificates which shall be
109
* used to verify a servers certificate.
110
* @param cacerts A list of absolute paths to CA root certificate files in PEM format.
112
virtual void setCACerts( const StringList& cacerts ) = 0;
115
* This function is used to retrieve certificate and connection info of a encrypted connection.
116
* @return Certificate information.
118
virtual const CertInfo& fetchTLSInfo() const { return m_certInfo; }
121
* Use this function to set the user's certificate and private key. The certificate will
122
* be presented to the server upon request and can be used for SASL EXTERNAL authentication.
123
* The user's certificate file should be a bundle of more than one certificate in PEM format.
124
* The first one in the file should be the user's certificate, each cert following that one
125
* should have signed the previous one.
126
* @note These certificates are not necessarily the same as those used to verify the server's
128
* @param clientKey The absolute path to the user's private key in PEM format.
129
* @param clientCerts A path to a certificate bundle in PEM format.
131
virtual void setClientCert( const std::string& clientKey, const std::string& clientCerts ) = 0;
134
TLSHandler* m_handler;
135
StringList m_cacerts;
136
std::string m_clientKey;
137
std::string m_clientCerts;
138
std::string m_server;
149
#endif // TLSBASE_H__