[apple/security.git] / SecureTransport / securetransport++.h

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// securetransport++ - C++ interface to Apple's Secure Transport layer
//
#ifndef _H_SECURETRANSPORTPLUSPLUS
#define _H_SECURETRANSPORTPLUSPLUS

#include <Security/ip++.h>
#include <Security/SecureTransport.h>


namespace Security {
namespace IPPlusPlus {


//
// The common-code core of a SecureTransport context and session.
// Abstract - do not use directly.
//
class SecureTransportCore {
public:
    SecureTransportCore();
    virtual ~SecureTransportCore();
    
    void open();		// open SSL (but not underlying I/O)
    void close();		// close SSL (but not underlying I/O)
    
    SSLSessionState state() const;
    
    SSLProtocol version() const;
    void version(SSLProtocol v);
    
	UInt32 numSupportedCiphers() const;
	void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const;
	
	UInt32 numEnabledCiphers() const;
	void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const;	// get
	void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers);		// set
	
    bool allowsExpiredCerts() const;
    void allowsExpiredCerts(bool allow);
    
    bool allowsUnknownRoots() const;
    void allowsUnknownRoots(bool allow);
    
    void peerId(const void *data, size_t length);
    template <class T> void peerId(const T &obj)	{ peerId(&obj, sizeof(obj)); }
    
    size_t read(void *data, size_t length);
    size_t write(const void *data, size_t length);
    bool atEnd() const		{ return mAtEnd; }

protected:
    virtual size_t ioRead(void *data, size_t length) const = 0;
    virtual size_t ioWrite(const void *data, size_t length) const = 0;
    virtual bool ioAtEnd() const = 0;
    
private:
	static OSStatus sslReadFunc(SSLConnectionRef, void *, size_t *);
	static OSStatus sslWriteFunc(SSLConnectionRef, const void *, size_t *);
    
    bool continueHandshake();
    
private:
    SSLContextRef mContext;		// SecureTransport session/context object
    bool mAtEnd;				// end-of-data flag derived from last SSLRead
};


//
// This is what you use. The constructor argument is a FileDescoid object
// of some kind, such as a FileDesc, Socket, etc.
// Note that SecureTransport is in turn a FileDescoid object, so you can read/write
// it in the usual fashion, and it will in turn read/write cipher data from its I/O source.
//
template <class IO>
class SecureTransport : public SecureTransportCore {
public:
    SecureTransport(IO &ioRef) : io(ioRef) { }
    ~SecureTransport() { close(); }

    IO &io;

private:
    size_t ioRead(void *data, size_t length) const			{ return io.read(data, length); }
    size_t ioWrite(const void *data, size_t length) const	{ return io.write(data, length); }
    bool ioAtEnd() const									{ return io.atEnd(); }
};


}	// end namespace IPPlusPlus
}	// end namespace Security


#endif //_H_SECURETRANSPORTPLUSPLUS
Commit	Line	Data
bac41a7b A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	//
	20	// securetransport++ - C++ interface to Apple's Secure Transport layer
	21	//
	22	#ifndef _H_SECURETRANSPORTPLUSPLUS
	23	#define _H_SECURETRANSPORTPLUSPLUS
	24
	25	#include <Security/ip++.h>
	26	#include <Security/SecureTransport.h>
	27
	28
	29	namespace Security {
	30	namespace IPPlusPlus {
	31
	32
	33	//
	34	// The common-code core of a SecureTransport context and session.
	35	// Abstract - do not use directly.
	36	//
	37	class SecureTransportCore {
	38	public:
	39	SecureTransportCore();
	40	virtual ~SecureTransportCore();
	41
	42	void open(); // open SSL (but not underlying I/O)
	43	void close(); // close SSL (but not underlying I/O)
	44
	45	SSLSessionState state() const;
	46
	47	SSLProtocol version() const;
	48	void version(SSLProtocol v);
	49
	50	UInt32 numSupportedCiphers() const;
29654253	51	void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const;
bac41a7b A	52
bac41a7b A	53	UInt32 numEnabledCiphers() const;
29654253 A	54	void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; // get
29654253 A	55	void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers); // set
bac41a7b	56
29654253 A	57	bool allowsExpiredCerts() const;
29654253 A	58	void allowsExpiredCerts(bool allow);
bac41a7b	59
29654253 A	60	bool allowsUnknownRoots() const;
	61	void allowsUnknownRoots(bool allow);
	62
	63	void peerId(const void *data, size_t length);
	64	template <class T> void peerId(const T &obj) { peerId(&obj, sizeof(obj)); }
bac41a7b A	65
	66	size_t read(void *data, size_t length);
	67	size_t write(const void *data, size_t length);
	68	bool atEnd() const { return mAtEnd; }
	69
	70	protected:
	71	virtual size_t ioRead(void *data, size_t length) const = 0;
	72	virtual size_t ioWrite(const void *data, size_t length) const = 0;
	73	virtual bool ioAtEnd() const = 0;
	74
	75	private:
29654253 A	76	static OSStatus sslReadFunc(SSLConnectionRef, void , size_t );
29654253 A	77	static OSStatus sslWriteFunc(SSLConnectionRef, const void , size_t );
bac41a7b A	78
	79	bool continueHandshake();
	80
	81	private:
	82	SSLContextRef mContext; // SecureTransport session/context object
	83	bool mAtEnd; // end-of-data flag derived from last SSLRead
	84	};
	85
	86
	87	//
	88	// This is what you use. The constructor argument is a FileDescoid object
	89	// of some kind, such as a FileDesc, Socket, etc.
	90	// Note that SecureTransport is in turn a FileDescoid object, so you can read/write
	91	// it in the usual fashion, and it will in turn read/write cipher data from its I/O source.
	92	//
	93	template <class IO>
	94	class SecureTransport : public SecureTransportCore {
	95	public:
	96	SecureTransport(IO &ioRef) : io(ioRef) { }
	97	~SecureTransport() { close(); }
	98
	99	IO &io;
	100
	101	private:
	102	size_t ioRead(void *data, size_t length) const { return io.read(data, length); }
	103	size_t ioWrite(const void *data, size_t length) const { return io.write(data, length); }
	104	bool ioAtEnd() const { return io.atEnd(); }
	105	};
	106
	107
	108	} // end namespace IPPlusPlus
	109	} // end namespace Security
	110
	111
	112	#endif //_H_SECURETRANSPORTPLUSPLUS