]>
git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/securetransport++.h
2 * Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
20 // securetransport++ - C++ interface to Apple's Secure Transport layer
22 #ifndef _H_SECURETRANSPORTPLUSPLUS
23 #define _H_SECURETRANSPORTPLUSPLUS
25 #include <security_utilities/ip++.h>
26 #include <Security/SecureTransport.h>
30 namespace IPPlusPlus
{
34 // The common-code core of a SecureTransport context and session.
35 // Abstract - do not use directly.
37 class SecureTransportCore
{
39 SecureTransportCore();
40 virtual ~SecureTransportCore();
42 void open(); // open SSL (but not underlying I/O)
43 void close(); // close SSL (but not underlying I/O)
45 SSLSessionState
state() const;
47 SSLProtocol
version() const;
48 void version(SSLProtocol v
);
50 size_t numSupportedCiphers() const;
51 void supportedCiphers(SSLCipherSuite
*ciphers
, size_t &numCiphers
) const;
53 size_t numEnabledCiphers() const;
54 void enabledCiphers(SSLCipherSuite
*ciphers
, size_t &numCiphers
) const; // get
55 void enabledCiphers(SSLCipherSuite
*ciphers
, size_t numCiphers
); // set
57 bool allowsExpiredCerts() const;
58 void allowsExpiredCerts(bool allow
);
60 bool allowsUnknownRoots() const;
61 void allowsUnknownRoots(bool allow
);
63 void peerId(const void *data
, size_t length
);
64 template <class T
> void peerId(const T
&obj
) { peerId(&obj
, sizeof(obj
)); }
66 size_t read(void *data
, size_t length
);
67 size_t write(const void *data
, size_t length
);
68 bool atEnd() const { return mAtEnd
; }
71 virtual size_t ioRead(void *data
, size_t length
) const = 0;
72 virtual size_t ioWrite(const void *data
, size_t length
) const = 0;
73 virtual bool ioAtEnd() const = 0;
76 static OSStatus
sslReadFunc(SSLConnectionRef
, void *, size_t *);
77 static OSStatus
sslWriteFunc(SSLConnectionRef
, const void *, size_t *);
79 bool continueHandshake();
82 SSLContextRef mContext
; // SecureTransport session/context object
83 bool mAtEnd
; // end-of-data flag derived from last SSLRead
88 // This is what you use. The constructor argument is a FileDescoid object
89 // of some kind, such as a FileDesc, Socket, etc.
90 // Note that SecureTransport is in turn a FileDescoid object, so you can read/write
91 // it in the usual fashion, and it will in turn read/write cipher data from its I/O source.
94 class SecureTransport
: public SecureTransportCore
{
96 SecureTransport(IO
&ioRef
) : io(ioRef
) { }
97 ~SecureTransport() { close(); }
102 size_t ioRead(void *data
, size_t length
) const { return io
.read(data
, length
); }
103 size_t ioWrite(const void *data
, size_t length
) const { return io
.write(data
, length
); }
104 bool ioAtEnd() const { return io
.atEnd(); }
108 } // end namespace IPPlusPlus
109 } // end namespace Security
112 #endif //_H_SECURETRANSPORTPLUSPLUS