B2BITS FIX Antenna C++  2.27.0
Classes | Public Types | Public Member Functions | List of all members
System::SSLContextConfigurator Class Reference

SSLContext configurator class. More...

#include <B2BITS_IPAddr.h>

+ Inheritance diagram for System::SSLContextConfigurator:
+ Collaboration diagram for System::SSLContextConfigurator:

Classes

struct  SSLCertificateDataRecord
 Certificate data record contiaining certificate data along with encoding. More...
 

Public Types

typedef std::vector< std::map< std::string, std::string > > CANames
 Array of certificates descriptions represented as name/value pair. More...
 
typedef std::vector< char > ConfigData
 

Public Member Functions

virtual std::string getCiphersList ()
 Returns ciphers configuration string. More...
 
virtual bool getClientCAsList (CANames &caNames, std::vector< SSLCertificateDataRecord > &accaptableCACertificates)
 Provides data to build acceptable CAs list sent to client. More...
 
virtual bool getNextCertificatePrivateKeyPair (int &index, SSLCertificateDataRecord &certificate, std::vector< SSLCertificateDataRecord > &certificateChain, SSLCertificateDataRecord &privateKeyData)
 Provides next certificate to set. More...
 
virtual int getProtocols ()
 Returns protocols value to use. More...
 
virtual bool getVerifyLocations (std::string &caFile, std::string &caPath, bool &useCAFileAsAcceptedCertificatesList)
 Provides location where to search for CA certificates. More...
 
virtual bool isValidatePeerCertificate ()
 Returns true if peer certificate has to be validated, false otherwise. More...
 
void lock ()
 
virtual std::string passwordCallback (int index, int arrayIndex, int maxPasswordSize)
 This routing is called when password for private key or certificate is required. More...
 
virtual void reset ()
 Resets configurator internal state if any. More...
 
 SSLContextConfigurator ()
 
void unlock ()
 
virtual ~SSLContextConfigurator ()
 
- Public Member Functions inherited from Utils::ReferenceCounter
virtual bool addRef () const throw ()
 Increments reference counter. More...
 
virtual long getNRef () const throw ()
 Returns the current value of the reference counter. More...
 
 ReferenceCounter () throw ()
 Constructor. More...
 
virtual long release () const throw ()
 Decrements reference counter. More...
 

Additional Inherited Members

- Protected Member Functions inherited from Utils::ReferenceCounter
long decrement () const throw ()
 Decrements counter and returns new counter value. More...
 
long increment () const throw ()
 Increments counter and returns new counter value. More...
 
virtual ~ReferenceCounter ()
 Destructor. More...
 

Detailed Description

SSLContext configurator class.

SSLContext uses this class instance to setup SSL configuration (certificates, private keys, cipchers and so on).

Member Typedef Documentation

◆ CANames

typedef std::vector<std::map<std::string, std::string> > System::SSLContextConfigurator::CANames

Array of certificates descriptions represented as name/value pair.

So each array(vector) item(map) is a certificate description made with name/value pairs provided. See https://www.openssl.org/docs/man1.0.2/crypto/X509_NAME_add_entry_by_txt.html for details This structure is used along with getClientCAsList() callback in order to populate acceptable certificates list passed to client if peer validation is enabled.

◆ ConfigData

typedef std::vector<char> System::SSLContextConfigurator::ConfigData

Constructor & Destructor Documentation

◆ SSLContextConfigurator()

System::SSLContextConfigurator::SSLContextConfigurator ( )

◆ ~SSLContextConfigurator()

virtual System::SSLContextConfigurator::~SSLContextConfigurator ( )
virtual

Member Function Documentation

◆ getCiphersList()

virtual std::string System::SSLContextConfigurator::getCiphersList ( )
inlinevirtual

Returns ciphers configuration string.

See https://www.openssl.org/docs/man1.0.2/apps/ciphers.html for details. If empty string is returned cipher's list remains untouched and OpenSSL default list is used.

◆ getClientCAsList()

virtual bool System::SSLContextConfigurator::getClientCAsList ( CANames caNames,
std::vector< SSLCertificateDataRecord > &  accaptableCACertificates 
)
inlinevirtual

Provides data to build acceptable CAs list sent to client.

The same list is set to all CAs from caFile if 'getVerifyLocations' sets 'useCAFileAsAcceptedCertificatesList' to true;

Parameters
[out]caNames- array of CA names to add.
[out]accaptableCACertificates- array of CA cartificates that names are extracted and than add. Returns true if acceptable CAs list has to be updated, false otherwise.

◆ getNextCertificatePrivateKeyPair()

virtual bool System::SSLContextConfigurator::getNextCertificatePrivateKeyPair ( int &  index,
SSLCertificateDataRecord certificate,
std::vector< SSLCertificateDataRecord > &  certificateChain,
SSLCertificateDataRecord privateKeyData 
)
inlinevirtual

Provides next certificate to set.

It is called by both Client and Server contexts. Certificate matching against private key is performed for every certificate provided and exception is thrown if mismatch is detected.

Parameters
[in,out]index- tracking index, 0 is passed at first call after reset() to help trivial implementations track current certificate, configurator is free to use this index whatever it wants. It helps configurator to track what certificate is next. Index value on return is passed into password callback routine for returned certificate/key pair as is.
[out]certificate- certificate record decribing the certificate to set.
[out]certificateChain- additional certificate chain to set for the certificate. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_add1_chain_cert.html for details.
[out]privateKeyData- private key corresponding to the certificate provided. Returns true if next certificate data is provided, false otherwise.

◆ getProtocols()

virtual int System::SSLContextConfigurator::getProtocols ( )
inlinevirtual

Returns protocols value to use.

See Protocol_* constants. If 0 is returned value passed directly to SSLContext constructor is used.

◆ getVerifyLocations()

virtual bool System::SSLContextConfigurator::getVerifyLocations ( std::string &  caFile,
std::string &  caPath,
bool &  useCAFileAsAcceptedCertificatesList 
)
inlinevirtual

Provides location where to search for CA certificates.

It is called by both Client and Server contexts. It is used to search for root CA certificates during peer certificate validation.

Parameters
[out]caFile- keeps file path containing CA certificates on routine return.
[out]caPath- keeps CA certificates path on routine return. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html for details.
[out]useCAFileAsAcceptedCertificatesList- when true certificates from caFile will be used to build list of acceptable CA certificates sent to client. Applicable to server context only. Returns true if at least one(caFile or caPath) is provided, false otherwise

◆ isValidatePeerCertificate()

virtual bool System::SSLContextConfigurator::isValidatePeerCertificate ( )
inlinevirtual

Returns true if peer certificate has to be validated, false otherwise.

◆ lock()

void System::SSLContextConfigurator::lock ( )

◆ passwordCallback()

virtual std::string System::SSLContextConfigurator::passwordCallback ( int  index,
int  arrayIndex,
int  maxPasswordSize 
)
inlinevirtual

This routing is called when password for private key or certificate is required.

Certificate matching against private key set before is performed for every certificate provided.

Parameters
[in]index- tracking index of certificate/key pair or -1 if password for CA certificate from getClientCAsList is requested.
[in]arrayIndex- index of password requested - -1 for private key, 0 for certificate, 1,2,3,... for every certificate from certificate chain array if password is required.
[in]maxPasswordSize- maximal password length accepted. Return password should not be bigger the this value. All characted above this value will be truncated! Returns password requested or empty string if no password is provided.

◆ reset()

virtual void System::SSLContextConfigurator::reset ( )
inlinevirtual

Resets configurator internal state if any.

This routine is called right before any other routines are called to give configurator a chance to reset its internal state if any from previous configuration rounds and prepare to new one since configurator instance can be reused accross different SSL contexts.

◆ unlock()

void System::SSLContextConfigurator::unlock ( )