gloox  1.0.28
Public Types | Public Member Functions | Static Public Member Functions | List of all members
TLSDefault Class Reference

#include <tlsdefault.h>

Inheritance diagram for TLSDefault:
Inheritance graph
[legend]

Public Types

enum  Type { VerifyingClient = 1 , AnonymousClient = 2 , VerifyingServer = 4 , AnonymousServer = 8 }
 

Public Member Functions

 TLSDefault (TLSHandler *th, const std::string server, Type type=VerifyingClient)
 
virtual ~TLSDefault ()
 
virtual bool init (const std::string &clientKey=EmptyString, const std::string &clientCerts=EmptyString, const StringList &cacerts=StringList())
 
virtual bool encrypt (const std::string &data)
 
virtual int decrypt (const std::string &data)
 
virtual void cleanup ()
 
virtual bool handshake ()
 
virtual bool isSecure () const
 
virtual bool hasChannelBinding () const
 
virtual const std::string channelBinding () const
 
virtual const std::string channelBindingType () const
 
virtual void setCACerts (const StringList &cacerts)
 
virtual const CertInfofetchTLSInfo () const
 
virtual void setClientCert (const std::string &clientKey, const std::string &clientCerts)
 
- Public Member Functions inherited from TLSBase
 TLSBase (TLSHandler *th, const std::string server)
 
virtual ~TLSBase ()
 
void setInitLib (bool init)
 

Static Public Member Functions

static int types ()
 

Detailed Description

This is an abstraction of the various TLS backends.

You should use an instance of this class should you whish to use TLS encryption. TLS support for the main XMPP connection is managed by Client/ClientBase directly.

Author
Jakob Schröter js@ca.nosp@m.maya.nosp@m..net
Since
0.9

Definition at line 33 of file tlsdefault.h.

Member Enumeration Documentation

◆ Type

enum Type

Supported TLS types.

Enumerator
VerifyingClient 

TLS client, verifying, available for all TLS implementations.

AnonymousClient 

Anonymous TLS client (non-verifying), available with GnuTLS.

VerifyingServer 

TLS server, verifying, currently not available.

AnonymousServer 

Anonymous TLS server (non-verifying), available with GnuTLS.

Definition at line 40 of file tlsdefault.h.

Constructor & Destructor Documentation

◆ TLSDefault()

TLSDefault ( TLSHandler th,
const std::string  server,
Type  type = VerifyingClient 
)

Constructs a new TLS wrapper.

Parameters
thThe TLSHandler to handle TLS-related events.
serverThe server to use in certificate verification.
typeWhat you want to use this TLS object for.

Definition at line 38 of file tlsdefault.cpp.

◆ ~TLSDefault()

~TLSDefault ( )
virtual

Virtual Destructor.

Definition at line 74 of file tlsdefault.cpp.

Member Function Documentation

◆ channelBinding()

const std::string channelBinding ( ) const
virtual

Returns the channel binding data for the established connection.

Returns
The channel binding data, if any, or the empty string.

Reimplemented from TLSBase.

Definition at line 134 of file tlsdefault.cpp.

◆ channelBindingType()

const std::string channelBindingType ( ) const
virtual

Returns the type of channel binding to be used with SCRAM-SHA-1-PLUS.

Returns
The channel binding type, @default is "tls-unique".

Reimplemented from TLSBase.

Definition at line 139 of file tlsdefault.cpp.

◆ cleanup()

void cleanup ( )
virtual

This function performs internal cleanup and will be called after a failed handshake attempt.

Implements TLSBase.

Definition at line 113 of file tlsdefault.cpp.

◆ decrypt()

int decrypt ( const std::string &  data)
virtual

Use this function to feed encrypted data or received handshake data to the encryption implementation. Handshake data will be eaten, unencrypted data will be pushed to the TLSHandler's handleDecryptedData() function.

Parameters
dataThe data to decrypt.
Returns
The number of bytes used from the input.

Implements TLSBase.

Definition at line 108 of file tlsdefault.cpp.

◆ encrypt()

bool encrypt ( const std::string &  data)
virtual

Use this function to feed unencrypted data to the encryption implementation. The encrypted result will be pushed to the TLSHandler's handleEncryptedData() function.

Parameters
dataThe data to encrypt.
Returns
Whether or not the data was used successfully.

Implements TLSBase.

Definition at line 103 of file tlsdefault.cpp.

◆ fetchTLSInfo()

const CertInfo & fetchTLSInfo ( ) const
virtual

This function is used to retrieve certificate and connection info of a encrypted connection.

Returns
Certificate information.

Reimplemented from TLSBase.

Definition at line 150 of file tlsdefault.cpp.

◆ handshake()

bool handshake ( )
virtual

This functiopn performs the TLS handshake. Handshake data from the server side should be fed in using decrypt(). Handshake data that is to be sent to the other side is pushed through TLSBase's handleEncryptedData().

Returns
True if the handshake was successful or if more input is needed, false if the handshake failed.

Implements TLSBase.

Definition at line 119 of file tlsdefault.cpp.

◆ hasChannelBinding()

bool hasChannelBinding ( ) const
virtual

This function indicates whether the underlying TLS implementation supports channel binding (used in e.g. SASL SCRAM-SHA-1-PLUS).

Returns
True if channel binding is supported, false otherwise.

Reimplemented from TLSBase.

Definition at line 129 of file tlsdefault.cpp.

◆ init()

bool init ( const std::string &  clientKey = EmptyString,
const std::string &  clientCerts = EmptyString,
const StringList cacerts = StringList() 
)
virtual

Initializes the TLS module. This function must be called (and execute successfully) before the module can be used.

Parameters
clientKeyThe absolute path to the user's private key in PEM format.
clientCertsA path to a certificate bundle in PEM format.
cacertsA list of absolute paths to CA root certificate files in PEM format.
Returns
False if initialization failed, true otherwise.
Since
1.0

Implements TLSBase.

Definition at line 79 of file tlsdefault.cpp.

◆ isSecure()

bool isSecure ( ) const
virtual

Returns the state of the encryption.

Returns
The state of the encryption.

Reimplemented from TLSBase.

Definition at line 124 of file tlsdefault.cpp.

◆ setCACerts()

void setCACerts ( const StringList cacerts)
virtual

Use this function to set a number of trusted root CA certificates which shall be used to verify a servers certificate.

Parameters
cacertsA list of absolute paths to CA root certificate files in PEM format.

Implements TLSBase.

Definition at line 144 of file tlsdefault.cpp.

◆ setClientCert()

void setClientCert ( const std::string &  clientKey,
const std::string &  clientCerts 
)
virtual

Use this function to set the user's certificate and private key. The certificate will be presented to the server upon request and can be used for SASL EXTERNAL authentication. The user's certificate file should be a bundle of more than one certificate in PEM format. The first one in the file should be the user's certificate, each cert following that one should have signed the previous one.

Note
These certificates are not necessarily the same as those used to verify the server's certificate.
Parameters
clientKeyThe absolute path to the user's private key in PEM format.
clientCertsA path to a certificate bundle in PEM format.

Implements TLSBase.

Definition at line 155 of file tlsdefault.cpp.

◆ types()

int types ( )
static

Returns an ORed list of supported TLS types.

Returns
ORed TLSDefault::type members.

Definition at line 87 of file tlsdefault.cpp.


The documentation for this class was generated from the following files: