UCommon
ucommon::secure Class Reference

Common secure socket support. More...

#include <secure.h>

Public Types

typedef void * bufio_t
 Convenience type to represent a secure socket buf i/o stream.
 
typedef void * cert_t
 Convenience type to represent a ssl certificate object.
 
typedef secureclient_t
 Convenience type to represent a security context.
 
enum  error_t {
  OK =0 , INVALID , MISSING_CERTIFICATE , MISSING_PRIVATEKEY ,
  INVALID_CERTIFICATE , INVALID_AUTHORITY , INVALID_PEERNAME , INVALID_CIPHER
}
 Different error states of the security context. More...
 
typedef byteref< secure_release > keybytes
 
typedef secureserver_t
 
typedef void * session_t
 Convenience type to represent a secure socket session.
 
typedef stringref< secure_release > string
 
enum  verify_t { NONE , SIGNED , VERIFIED }
 

Public Member Functions

error_t err (void) const
 Get last error code associated with the security context.
 
bool is_valid (void) const
 Determine if the current security context is valid.
 
 operator bool () const
 
bool operator! () const
 
virtual ~secure ()
 This is derived in different back-end libraries, and will be used to clear certificate credentials.
 

Static Public Member Functions

static void cipher (secure *context, const char *ciphers)
 Assign a non-default cipher to the context.
 
static client_t client (const char *authority=NULL, const char *paths=NULL)
 Create an anonymous client context with an optional authority to validate.
 
static bool fips (void)
 Initialize secure stack with fips support.
 
static bool init (void)
 Initialize secure stack for first use, and report if SSL support is compiled in.
 
static int oscerts (const char *path)
 Copy system certificates to a local path.
 
static const char * oscerts (void)
 Get path to system certificates.
 
static secure::string pass (const char *prompt, size_t size)
 
static server_t server (const char *keyfile=NULL, const char *authority=NULL)
 Create a sever context.
 
static client_t user (const char *authority)
 Create a peer user client context.
 
static void uuid (char *string)
 Create 36 character traditional version 1 uuid.
 
static secure::string uuid (void)
 

Protected Attributes

error_t error
 Last error flagged for this context.
 

Detailed Description

Common secure socket support.

This offers common routines needed for secure/ssl socket support code.

Author
David Sugar dyfet.nosp@m.@gnu.nosp@m.telep.nosp@m.hony.nosp@m..org

Definition at line 128 of file secure.h.

Member Typedef Documentation

◆ bufio_t

typedef void* ucommon::secure::bufio_t

Convenience type to represent a secure socket buf i/o stream.

Definition at line 180 of file secure.h.

◆ cert_t

typedef void* ucommon::secure::cert_t

Convenience type to represent a ssl certificate object.

Definition at line 175 of file secure.h.

◆ client_t

Convenience type to represent a security context.

Definition at line 163 of file secure.h.

◆ keybytes

typedef byteref<secure_release> ucommon::secure::keybytes

Definition at line 140 of file secure.h.

◆ server_t

Definition at line 165 of file secure.h.

◆ session_t

Convenience type to represent a secure socket session.

Definition at line 170 of file secure.h.

◆ string

typedef stringref<secure_release> ucommon::secure::string

Definition at line 138 of file secure.h.

Member Enumeration Documentation

◆ error_t

Different error states of the security context.

Definition at line 134 of file secure.h.

◆ verify_t

enum ucommon::secure::verify_t

Definition at line 136 of file secure.h.

Constructor & Destructor Documentation

◆ secure()

ucommon::secure::secure ( )
inlineprotected

Definition at line 151 of file secure.h.

Member Function Documentation

◆ cipher()

static void ucommon::secure::cipher ( secure * context,
const char * ciphers )
static

Assign a non-default cipher to the context.

Parameters
contextto set cipher for.
ciphersto set.

◆ client()

static client_t ucommon::secure::client ( const char * authority = NULL,
const char * paths = NULL )
static

Create an anonymous client context with an optional authority to validate.

Parameters
authoritypath to use or NULL if none.
pathsof certificates to use.
Returns
a basic client security context.

◆ err()

error_t ucommon::secure::err ( void ) const
inline

Get last error code associated with the security context.

Returns
last error code or 0/OK if none.

Definition at line 257 of file secure.h.

◆ fips()

static bool ucommon::secure::fips ( void )
static

Initialize secure stack with fips support.

If fips support is not successfully enabled, the secure stack is also not initialized. Hence init() can be used for non-fips certified operation if fips fails.

Returns
true if fips support enabled and stack initialized.

◆ init()

static bool ucommon::secure::init ( void )
static

Initialize secure stack for first use, and report if SSL support is compiled in.

Returns
true if ssl support is available, false if not.

◆ is_valid()

bool ucommon::secure::is_valid ( void ) const
inline

Determine if the current security context is valid.

Returns
true if valid, -1 if not.

Definition at line 249 of file secure.h.

◆ operator bool()

ucommon::secure::operator bool ( ) const
inline

Definition at line 271 of file secure.h.

◆ operator!()

bool ucommon::secure::operator! ( ) const
inline

Definition at line 275 of file secure.h.

◆ oscerts() [1/2]

static int ucommon::secure::oscerts ( const char * path)
static

Copy system certificates to a local path.

Parameters
pathto copy to.
Returns
0 or error number on failure.

◆ oscerts() [2/2]

static const char * ucommon::secure::oscerts ( void )
static

Get path to system certificates.

Returns
path to system certificates.

◆ server()

static server_t ucommon::secure::server ( const char * keyfile = NULL,
const char * authority = NULL )
static

Create a sever context.

The certificate file used will be based on the init() method name. This may often be /etc/ssl/certs/initname.pem. Similarly, a matching private key certificate will also be loaded. An optional certificate authority document can be used when we are establishing a service which ssl clients have their own certificates.

Parameters
authoritypath to use or NULL if none.
Returns
a security context that is cast from derived library.

◆ user()

static client_t ucommon::secure::user ( const char * authority)
static

Create a peer user client context.

This assumes a user certificate in ~/.ssl/certs and the user private key in ~/.ssl/private. The path to an authority is also sent.

Parameters
authoritypath to use.

◆ uuid()

static void ucommon::secure::uuid ( char * string)
static

Create 36 character traditional version 1 uuid.

Parameters
stringto write uuid into, must be 37 bytes or more.

Field Documentation

◆ error

error_t ucommon::secure::error
protected

Last error flagged for this context.

Definition at line 149 of file secure.h.


The documentation for this class was generated from the following file: