summaryrefslogtreecommitdiff
path: root/src/ssl.hh
blob: c4465e15d669d0f954ea7081e3d9d78aedb95ebe (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

// -*- mode: c++; c-basic-offset: 2; -*-

#ifndef SSL_HH
#define SSL_HH

#include <string>

class Buffer;
class Logger;

class SSLEntropy  {
public:
  virtual ~SSLEntropy() {}

  static SSLEntropy* create(Logger* logger);

protected:
  SSLEntropy() {}
  SSLEntropy(SSLEntropy const&) = delete;
};

class SSLCertStore  {
public:
  virtual ~SSLCertStore() {}

  static SSLCertStore* create(Logger* logger, std::string const& bundle);

protected:
  SSLCertStore() {}
  SSLCertStore(SSLCertStore const&) = delete;
};

class SSLKey {
public:
  virtual ~SSLKey() {}
  static bool generate(Logger* logger, SSLEntropy* entropy, std::string* key);
  static SSLKey* load(Logger* logger, std::string const& data,
                      SSLEntropy* entropy);

protected:
  SSLKey() {}
  SSLKey(SSLKey const&) = delete;
};

class SSLCert {
public:
  virtual ~SSLCert() {}
  static bool generate(Logger* logger, SSLEntropy* entropy,
                       SSLCert* issuer_cert, SSLKey* issuer_key,
                       std::string const& host, SSLKey* key,
                       std::string* cert);
  static SSLCert* load(Logger* logger, std::string const& data);

protected:
  SSLCert() {}
  SSLCert(SSLCert const&) = delete;
};

class SSL {
public:
  virtual ~SSL() {}

  // For server: allow SSLv3 and old unsecure certs like RC4
  // For client: allow self signed certs and missmatched hostname
  static const uint16_t UNSECURE;

  static SSL* server(Logger* logger, SSLEntropy* entropy,
                     SSLCert* cert, SSLKey* key,
                     uint16_t flags);
  static SSL* client(Logger* logger, SSLEntropy* entropy, SSLCertStore* store,
                     std::string const& host, uint16_t flags);

  enum TransferResult {
    NO_ERR,
    ERR,
    CLOSED,
  };

  // reads SSL from ssl_in and writes SSL to ssl_out
  // reads data from data_in and writes data to data_out
  virtual TransferResult transfer(Buffer* ssl_in, Buffer* ssl_out,
                                  Buffer* data_in, Buffer* data_out) = 0;
  virtual void close() = 0;

protected:
  SSL() {}
  SSL(SSL const&) = delete;
};

#endif  // SSL_HH
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-07 02:54:13 +0000