UCommon
Public Types | Public Member Functions | Static Public Member Functions | Protected Attributes
ucommon::secure Class Reference

Common secure socket support. More...

#include <secure.h>

Public Types

typedef void * bufio_t
 Convenience type to represent a secure socket buf i/o stream.
 
typedef void * cert_t
 Convenience type to represent a ssl certificate object.
 
typedef secureclient_t
 Convenience type to represent a security context.
 
enum  error_t {
  OK =0, INVALID, MISSING_CERTIFICATE, MISSING_PRIVATEKEY,
  INVALID_CERTIFICATE, INVALID_AUTHORITY, INVALID_PEERNAME, INVALID_CIPHER
}
 Different error states of the security context.
 
typedef byteref< secure_release > keybytes
 
typedef secureserver_t
 
typedef void * session_t
 Convenience type to represent a secure socket session.
 
typedef stringref< secure_release > string
 
enum  verify_t { NONE, SIGNED, VERIFIED }
 

Public Member Functions

error_t err (void) const
 Get last error code associated with the security context. More...
 
bool is_valid (void) const
 Determine if the current security context is valid. More...
 
 operator bool () const
 
bool operator! () const
 
virtual ~secure ()
 This is derived in different back-end libraries, and will be used to clear certificate credentials.
 

Static Public Member Functions

static void cipher (secure *context, const char *ciphers)
 Assign a non-default cipher to the context. More...
 
static client_t client (const char *authority=NULL, const char *paths=NULL)
 Create an anonymous client context with an optional authority to validate. More...
 
static bool fips (void)
 Initialize secure stack with fips support. More...
 
static bool init (void)
 Initialize secure stack for first use, and report if SSL support is compiled in. More...
 
static int oscerts (const char *path)
 Copy system certificates to a local path. More...
 
static const char * oscerts (void)
 Get path to system certificates. More...
 
static secure::string pass (const char *prompt, size_t size)
 
static server_t server (const char *keyfile=NULL, const char *authority=NULL)
 Create a sever context. More...
 
static client_t user (const char *authority)
 Create a peer user client context. More...
 
static void uuid (char *string)
 Create 36 character traditional version 1 uuid. More...
 
static secure::string uuid (void)
 

Protected Attributes

error_t error
 Last error flagged for this context.
 

Detailed Description

Common secure socket support.

This offers common routines needed for secure/ssl socket support code.

Author
David Sugar dyfet.nosp@m.@gnu.nosp@m.telep.nosp@m.hony.nosp@m..org

Definition at line 128 of file secure.h.

Member Function Documentation

◆ cipher()

static void ucommon::secure::cipher ( secure context,
const char *  ciphers 
)
static

Assign a non-default cipher to the context.

Parameters
contextto set cipher for.
ciphersto set.

◆ client()

static client_t ucommon::secure::client ( const char *  authority = NULL,
const char *  paths = NULL 
)
static

Create an anonymous client context with an optional authority to validate.

Parameters
authoritypath to use or NULL if none.
pathsof certificates to use.
Returns
a basic client security context.

◆ err()

error_t ucommon::secure::err ( void  ) const
inline

Get last error code associated with the security context.

Returns
last error code or 0/OK if none.

Definition at line 257 of file secure.h.

◆ fips()

static bool ucommon::secure::fips ( void  )
static

Initialize secure stack with fips support.

If fips support is not successfully enabled, the secure stack is also not initialized. Hence init() can be used for non-fips certified operation if fips fails.

Returns
true if fips support enabled and stack initialized.

◆ init()

static bool ucommon::secure::init ( void  )
static

Initialize secure stack for first use, and report if SSL support is compiled in.

Returns
true if ssl support is available, false if not.
Examples
cipher.cpp.

◆ is_valid()

bool ucommon::secure::is_valid ( void  ) const
inline

Determine if the current security context is valid.

Returns
true if valid, -1 if not.

Definition at line 249 of file secure.h.

◆ oscerts() [1/2]

static int ucommon::secure::oscerts ( const char *  path)
static

Copy system certificates to a local path.

Parameters
pathto copy to.
Returns
0 or error number on failure.

◆ oscerts() [2/2]

static const char* ucommon::secure::oscerts ( void  )
static

Get path to system certificates.

Returns
path to system certificates.

◆ server()

static server_t ucommon::secure::server ( const char *  keyfile = NULL,
const char *  authority = NULL 
)
static

Create a sever context.

The certificate file used will be based on the init() method name. This may often be /etc/ssl/certs/initname.pem. Similarly, a matching private key certificate will also be loaded. An optional certificate authority document can be used when we are establishing a service which ssl clients have their own certificates.

Parameters
authoritypath to use or NULL if none.
Returns
a security context that is cast from derived library.

◆ user()

static client_t ucommon::secure::user ( const char *  authority)
static

Create a peer user client context.

This assumes a user certificate in ~/.ssl/certs and the user private key in ~/.ssl/private. The path to an authority is also sent.

Parameters
authoritypath to use.

◆ uuid()

static void ucommon::secure::uuid ( char *  string)
static

Create 36 character traditional version 1 uuid.

Parameters
stringto write uuid into, must be 37 bytes or more.

The documentation for this class was generated from the following file: