/* * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). * You may not use this file except in compliance with the License. Please obtain * a copy of the License at http://www.apple.com/publicsource and read it before * using this file. * * This Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the * specific language governing rights and limitations under the License. */ // // securetransport++ - C++ interface to Apple's Secure Transport layer // #ifndef _H_SECURETRANSPORTPLUSPLUS #define _H_SECURETRANSPORTPLUSPLUS #include #include namespace Security { namespace IPPlusPlus { // // The common-code core of a SecureTransport context and session. // Abstract - do not use directly. // class SecureTransportCore { public: SecureTransportCore(); virtual ~SecureTransportCore(); void open(); // open SSL (but not underlying I/O) void close(); // close SSL (but not underlying I/O) SSLSessionState state() const; SSLProtocol version() const; void version(SSLProtocol v); UInt32 numSupportedCiphers() const; void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; UInt32 numEnabledCiphers() const; void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; // get void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers); // set bool allowsExpiredCerts() const; void allowsExpiredCerts(bool allow); bool allowsUnknownRoots() const; void allowsUnknownRoots(bool allow); void peerId(const void *data, size_t length); template void peerId(const T &obj) { peerId(&obj, sizeof(obj)); } size_t read(void *data, size_t length); size_t write(const void *data, size_t length); bool atEnd() const { return mAtEnd; } protected: virtual size_t ioRead(void *data, size_t length) const = 0; virtual size_t ioWrite(const void *data, size_t length) const = 0; virtual bool ioAtEnd() const = 0; private: static OSStatus sslReadFunc(SSLConnectionRef, void *, size_t *); static OSStatus sslWriteFunc(SSLConnectionRef, const void *, size_t *); bool continueHandshake(); private: SSLContextRef mContext; // SecureTransport session/context object bool mAtEnd; // end-of-data flag derived from last SSLRead }; // // This is what you use. The constructor argument is a FileDescoid object // of some kind, such as a FileDesc, Socket, etc. // Note that SecureTransport is in turn a FileDescoid object, so you can read/write // it in the usual fashion, and it will in turn read/write cipher data from its I/O source. // template class SecureTransport : public SecureTransportCore { public: SecureTransport(IO &ioRef) : io(ioRef) { } ~SecureTransport() { close(); } IO &io; private: size_t ioRead(void *data, size_t length) const { return io.read(data, length); } size_t ioWrite(const void *data, size_t length) const { return io.write(data, length); } bool ioAtEnd() const { return io.atEnd(); } }; } // end namespace IPPlusPlus } // end namespace Security #endif //_H_SECURETRANSPORTPLUSPLUS