// -*- mode: c++; c-basic-offset: 2; -*- #ifndef SSL_HH #define SSL_HH #include class Buffer; class Logger; class SSLEntropy { public: virtual ~SSLEntropy() {} static SSLEntropy* create(Logger* logger); protected: SSLEntropy() {} SSLEntropy(SSLEntropy const&) = delete; }; class SSLCertStore { public: virtual ~SSLCertStore() {} static SSLCertStore* create(Logger* logger, std::string const& bundle); protected: SSLCertStore() {} SSLCertStore(SSLCertStore const&) = delete; }; class SSLKey { public: virtual ~SSLKey() {} static bool generate(Logger* logger, SSLEntropy* entropy, std::string* key); static SSLKey* load(Logger* logger, std::string const& data, SSLEntropy* entropy); protected: SSLKey() {} SSLKey(SSLKey const&) = delete; }; class SSLCert { public: virtual ~SSLCert() {} static bool generate(Logger* logger, SSLEntropy* entropy, SSLCert* issuer_cert, SSLKey* issuer_key, std::string const& host, SSLKey* key, std::string* cert); static SSLCert* load(Logger* logger, std::string const& data); protected: SSLCert() {} SSLCert(SSLCert const&) = delete; }; class SSL { public: virtual ~SSL() {} // For server: allow SSLv3 and old unsecure certs like RC4 // For client: allow self signed certs and missmatched hostname static const uint16_t UNSECURE; static SSL* server(Logger* logger, SSLEntropy* entropy, SSLCert* cert, SSLKey* key, uint16_t flags); static SSL* client(Logger* logger, SSLEntropy* entropy, SSLCertStore* store, std::string const& host, uint16_t flags); enum TransferResult { NO_ERR, ERR, CLOSED, }; // reads SSL from ssl_in and writes SSL to ssl_out // reads data from data_in and writes data to data_out virtual TransferResult transfer(Buffer* ssl_in, Buffer* ssl_out, Buffer* data_in, Buffer* data_out) = 0; virtual void close() = 0; protected: SSL() {} SSL(SSL const&) = delete; }; #endif // SSL_HH