]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/securetransport++.h
Security-55178.0.1.tar.gz
[apple/security.git] / libsecurity_ssl / lib / securetransport++.h
1 /*
2 * Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // securetransport++ - C++ interface to Apple's Secure Transport layer
21 //
22 #ifndef _H_SECURETRANSPORTPLUSPLUS
23 #define _H_SECURETRANSPORTPLUSPLUS
24
25 #include <security_utilities/ip++.h>
26 #include <Security/SecureTransport.h>
27
28
29 namespace Security {
30 namespace IPPlusPlus {
31
32
33 //
34 // The common-code core of a SecureTransport context and session.
35 // Abstract - do not use directly.
36 //
37 class SecureTransportCore {
38 public:
39 SecureTransportCore();
40 virtual ~SecureTransportCore();
41
42 void open(); // open SSL (but not underlying I/O)
43 void close(); // close SSL (but not underlying I/O)
44
45 SSLSessionState state() const;
46
47 SSLProtocol version() const;
48 void version(SSLProtocol v);
49
50 size_t numSupportedCiphers() const;
51 void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const;
52
53 size_t numEnabledCiphers() const;
54 void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; // get
55 void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers); // set
56
57 bool allowsExpiredCerts() const;
58 void allowsExpiredCerts(bool allow);
59
60 bool allowsUnknownRoots() const;
61 void allowsUnknownRoots(bool allow);
62
63 void peerId(const void *data, size_t length);
64 template <class T> void peerId(const T &obj) { peerId(&obj, sizeof(obj)); }
65
66 size_t read(void *data, size_t length);
67 size_t write(const void *data, size_t length);
68 bool atEnd() const { return mAtEnd; }
69
70 protected:
71 virtual size_t ioRead(void *data, size_t length) const = 0;
72 virtual size_t ioWrite(const void *data, size_t length) const = 0;
73 virtual bool ioAtEnd() const = 0;
74
75 private:
76 static OSStatus sslReadFunc(SSLConnectionRef, void *, size_t *);
77 static OSStatus sslWriteFunc(SSLConnectionRef, const void *, size_t *);
78
79 bool continueHandshake();
80
81 private:
82 SSLContextRef mContext; // SecureTransport session/context object
83 bool mAtEnd; // end-of-data flag derived from last SSLRead
84 };
85
86
87 //
88 // This is what you use. The constructor argument is a FileDescoid object
89 // of some kind, such as a FileDesc, Socket, etc.
90 // Note that SecureTransport is in turn a FileDescoid object, so you can read/write
91 // it in the usual fashion, and it will in turn read/write cipher data from its I/O source.
92 //
93 template <class IO>
94 class SecureTransport : public SecureTransportCore {
95 public:
96 SecureTransport(IO &ioRef) : io(ioRef) { }
97 ~SecureTransport() { close(); }
98
99 IO &io;
100
101 private:
102 size_t ioRead(void *data, size_t length) const { return io.read(data, length); }
103 size_t ioWrite(const void *data, size_t length) const { return io.write(data, length); }
104 bool ioAtEnd() const { return io.atEnd(); }
105 };
106
107
108 } // end namespace IPPlusPlus
109 } // end namespace Security
110
111
112 #endif //_H_SECURETRANSPORTPLUSPLUS