#include <tlsbase.h>

Inheritance diagram for TLSBase:

Public Member Functions
	TLSBase (TLSHandler *th, const std::string server)
virtual	~TLSBase ()
virtual bool	init (const std::string &clientKey=EmptyString, const std::string &clientCerts=EmptyString, const StringList &cacerts=StringList())=0
void	setInitLib (bool init)
virtual void	setSubject (const std::string &subject)
virtual bool	encrypt (const std::string &data)=0
virtual int	decrypt (const std::string &data)=0
virtual void	cleanup ()=0
virtual bool	handshake ()=0
virtual bool	isSecure () const
virtual const CertInfo &	fetchTLSInfo () const

Detailed Description

An abstract base class for TLS implementations.

Author: Jakob Schroeter js@ca.nosp@m.maya.nosp@m..net

Since: 0.9

Definition at line 31 of file tlsbase.h.

Constructor & Destructor Documentation

TLSBase	(	TLSHandler *	th,
		const std::string	server
	)

inline

Constructor.

Parameters

th	The TLSHandler to handle TLS-related events.
server	The server to use in certificate verification.

Definition at line 39 of file tlsbase.h.

virtual ~TLSBase ( )

inlinevirtual

Virtual destructor.

Definition at line 46 of file tlsbase.h.

Member Function Documentation

virtual void cleanup ( )

pure virtual

This function performs internal cleanup and will be called after a failed handshake attempt.

Implemented in TLSDefault, SChannelBase, OpenSSLBase, GnuTLSBase, GnuTLSClient, GnuTLSClientAnon, GnuTLSServer, and GnuTLSServerAnon.

virtual int decrypt ( const std::string & data )

pure virtual

Use this function to feed encrypted data or received handshake data to the encryption implementation. Handshake data will be eaten, unencrypted data will be pushed to the TLSHandler's handleDecryptedData() function.

Parameters

data	The data to decrypt.

Returns: The number of bytes used from the input.

Implemented in TLSDefault, SChannelBase, OpenSSLBase, and GnuTLSBase.

virtual bool encrypt ( const std::string & data )

pure virtual

Use this function to feed unencrypted data to the encryption implementation. The encrypted result will be pushed to the TLSHandler's handleEncryptedData() function.

Parameters

data	The data to encrypt.

Returns: Whether or not the data was used successfully.

Implemented in TLSDefault, SChannelBase, OpenSSLBase, and GnuTLSBase.

virtual const CertInfo& fetchTLSInfo ( ) const

inlinevirtual

This function is used to retrieve certificate and connection info of a encrypted connection.

Returns: Certificate information.

Reimplemented in TLSDefault.

Definition at line 128 of file tlsbase.h.

virtual bool handshake ( )

pure virtual

This functiopn performs the TLS handshake. Handshake data from the server side should be fed in using decrypt(). Handshake data that is to be sent to the other side is pushed through TLSBase's handleEncryptedData().

Returns: True if the handshake was successful or if more input is needed, false if the handshake failed.

Implemented in TLSDefault, OpenSSLBase, GnuTLSBase, SChannelClient, and SChannelServer.

virtual bool init	(	const std::string &	clientKey = `EmptyString`,
		const std::string &	clientCerts = `EmptyString`,
		const StringList &	cacerts = `StringList()`
	)

pure virtual

Initializes the TLS module. This function must be called (and execute successfully) before the module can be used.

Parameters

clientKey	The absolute path to the user's private key in PEM format.
clientCerts	A path to a certificate bundle in PEM format.
cacerts	A list of absolute paths to CA root certificate files in PEM format.

Returns: False if initialization failed, true otherwise.

Note: The arguments are not used in the SChannel (native on Windows) implementation, init() needs to be called nonetheless. Use setSubject() to set client/server key/certificate.

Since: 1.0

Implemented in TLSDefault, GnuTLSClient, SChannelBase, GnuTLSClientAnon, GnuTLSServer, GnuTLSServerAnon, and OpenSSLBase.

virtual bool isSecure ( ) const

inlinevirtual

Returns the state of the encryption.

Returns: The state of the encryption.

Reimplemented in TLSDefault.

Definition at line 122 of file tlsbase.h.

void setInitLib ( bool init )

inline

Enables/disables initialization of the underlying TLS library. By default, initialization is performed. You may want to switch it off if the TLS library is used elsewhere in your applicationas well and you have no control over the initialization.

Parameters

init	Whether or not to intialize the underlying TLS library.

Definition at line 71 of file tlsbase.h.

virtual void setSubject ( const std::string & subject )

inlinevirtual

Sets the subject/common name to search the system certificate store for. Used only by the SChannel implementation (Windows). Required for SChannel server, optional for SChannel client. The system 'MY' certificate store will be searched for the subject (substring match) for a private key/certificate pair which will be used.

Note: On the server-side, initialization will fail if subject is not set or if no associated key/certificate could be found. On the client-side initialization will fail if a subject was set for which no key/certificate pair could be found. Setting no subject on the client-side is fine.; setSubject() must be called before init() to be effective.

Parameters

subject The to use.

Definition at line 85 of file tlsbase.h.

The documentation for this class was generated from the following file:

tlsbase.h

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation