1 | // |
2 | // SecureStreamSocketImpl.h |
3 | // |
4 | // Library: NetSSL_OpenSSL |
5 | // Package: SSLSockets |
6 | // Module: SecureStreamSocketImpl |
7 | // |
8 | // Definition of the SecureStreamSocketImpl class. |
9 | // |
10 | // Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH. |
11 | // and Contributors. |
12 | // |
13 | // SPDX-License-Identifier: BSL-1.0 |
14 | // |
15 | |
16 | |
17 | #ifndef NetSSL_SecureStreamSocketImpl_INCLUDED |
18 | #define NetSSL_SecureStreamSocketImpl_INCLUDED |
19 | |
20 | |
21 | #include "Poco/Net/NetSSL.h" |
22 | #include "Poco/Net/SecureSocketImpl.h" |
23 | #include "Poco/Net/StreamSocketImpl.h" |
24 | #include "Poco/Net/Context.h" |
25 | #include "Poco/Net/X509Certificate.h" |
26 | |
27 | |
28 | namespace Poco { |
29 | namespace Net { |
30 | |
31 | |
32 | class NetSSL_API SecureStreamSocketImpl: public StreamSocketImpl |
33 | /// This class implements a SSL stream socket. |
34 | { |
35 | public: |
36 | SecureStreamSocketImpl(Context::Ptr pContext); |
37 | /// Creates the SecureStreamSocketImpl. |
38 | |
39 | SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext); |
40 | /// Creates the SecureStreamSocketImpl. |
41 | |
42 | SocketImpl* acceptConnection(SocketAddress& clientAddr); |
43 | /// Not supported by a SecureStreamSocket. |
44 | /// |
45 | /// Throws a Poco::InvalidAccessException. |
46 | |
47 | void connect(const SocketAddress& address); |
48 | /// Initializes the socket and establishes a connection to |
49 | /// the TCP server at the given address. |
50 | /// |
51 | /// Can also be used for UDP sockets. In this case, no |
52 | /// connection is established. Instead, incoming and outgoing |
53 | /// packets are restricted to the specified address. |
54 | |
55 | void connect(const SocketAddress& address, const Poco::Timespan& timeout); |
56 | /// Initializes the socket, sets the socket timeout and |
57 | /// establishes a connection to the TCP server at the given address. |
58 | |
59 | void connectNB(const SocketAddress& address); |
60 | /// Initializes the socket and establishes a connection to |
61 | /// the TCP server at the given address. Prior to opening the |
62 | /// connection the socket is set to nonblocking mode. |
63 | |
64 | void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false); |
65 | /// Not supported by a SecureStreamSocket. |
66 | /// |
67 | /// Throws a Poco::InvalidAccessException. |
68 | |
69 | void listen(int backlog = 64); |
70 | /// Not supported by a SecureStreamSocket. |
71 | /// |
72 | /// Throws a Poco::InvalidAccessException. |
73 | |
74 | void close(); |
75 | /// Close the socket. |
76 | |
77 | int sendBytes(const void* buffer, int length, int flags = 0); |
78 | /// Sends the contents of the given buffer through |
79 | /// the socket. Any specified flags are ignored. |
80 | /// |
81 | /// Returns the number of bytes sent, which may be |
82 | /// less than the number of bytes specified. |
83 | |
84 | int receiveBytes(void* buffer, int length, int flags = 0); |
85 | /// Receives data from the socket and stores it |
86 | /// in buffer. Up to length bytes are received. |
87 | /// |
88 | /// Returns the number of bytes received. |
89 | |
90 | int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0); |
91 | /// Not supported by a SecureStreamSocket. |
92 | /// |
93 | /// Throws a Poco::InvalidAccessException. |
94 | |
95 | int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0); |
96 | /// Not supported by a SecureStreamSocket. |
97 | /// |
98 | /// Throws a Poco::InvalidAccessException. |
99 | |
100 | void sendUrgent(unsigned char data); |
101 | /// Not supported by a SecureStreamSocket. |
102 | /// |
103 | /// Throws a Poco::InvalidAccessException. |
104 | |
105 | int available(); |
106 | /// Returns the number of bytes available that can be read |
107 | /// without causing the socket to block. |
108 | /// |
109 | /// For an SSL connection, returns the number of bytes that |
110 | /// can be read from the currently buffered SSL record, |
111 | /// before a new record is read from the underlying socket. |
112 | |
113 | void shutdownReceive(); |
114 | /// Shuts down the receiving part of the socket connection. |
115 | /// |
116 | /// Since SSL does not support a half shutdown, this does |
117 | /// nothing. |
118 | |
119 | void shutdownSend(); |
120 | /// Shuts down the receiving part of the socket connection. |
121 | /// |
122 | /// Since SSL does not support a half shutdown, this does |
123 | /// nothing. |
124 | |
125 | void shutdown(); |
126 | /// Shuts down the SSL connection. |
127 | |
128 | void abort(); |
129 | /// Aborts the connection by closing the underlying |
130 | /// TCP connection. No orderly SSL shutdown is performed. |
131 | |
132 | bool secure() const; |
133 | /// Returns true iff the socket's connection is secure |
134 | /// (using SSL or TLS). |
135 | |
136 | void setPeerHostName(const std::string& hostName); |
137 | /// Sets the peer host name for certificate validation purposes. |
138 | |
139 | const std::string& getPeerHostName() const; |
140 | /// Returns the peer host name. |
141 | |
142 | bool havePeerCertificate() const; |
143 | /// Returns true iff the peer has presented a |
144 | /// certificate. |
145 | |
146 | X509Certificate peerCertificate() const; |
147 | /// Returns the peer's X509 certificate. |
148 | /// |
149 | /// Throws a SSLException if the peer did not |
150 | /// present a certificate. |
151 | |
152 | Context::Ptr context() const; |
153 | /// Returns the SSL context used by this socket. |
154 | |
155 | void setLazyHandshake(bool flag = true); |
156 | /// Enable lazy SSL handshake. If enabled, the SSL handshake |
157 | /// will be performed the first time date is sent or |
158 | /// received over the connection. |
159 | |
160 | bool getLazyHandshake() const; |
161 | /// Returns true if setLazyHandshake(true) has been called. |
162 | |
163 | void verifyPeerCertificate(); |
164 | /// Performs post-connect (or post-accept) peer certificate validation, |
165 | /// using the peer's IP address as host name. |
166 | |
167 | void verifyPeerCertificate(const std::string& hostName); |
168 | /// Performs post-connect (or post-accept) peer certificate validation |
169 | /// using the given host name. |
170 | |
171 | int completeHandshake(); |
172 | /// Completes the SSL handshake. |
173 | /// |
174 | /// If the SSL connection was the result of an accept(), |
175 | /// the server-side handshake is completed, otherwise |
176 | /// a client-side handshake is performed. |
177 | |
178 | Session::Ptr currentSession(); |
179 | /// Returns the SSL session of the current connection, |
180 | /// for reuse in a future connection (if session caching |
181 | /// is enabled). |
182 | /// |
183 | /// If no connection is established, returns null. |
184 | |
185 | void useSession(Session::Ptr pSession); |
186 | /// Sets the SSL session to use for the next |
187 | /// connection. Setting a previously saved Session |
188 | /// object is necessary to enable session caching. |
189 | /// |
190 | /// To remove the currently set session, a null pointer |
191 | /// can be given. |
192 | /// |
193 | /// Must be called before connect() to be effective. |
194 | |
195 | bool sessionWasReused(); |
196 | /// Returns true iff a reused session was negotiated during |
197 | /// the handshake. |
198 | |
199 | protected: |
200 | void acceptSSL(); |
201 | /// Performs a SSL server-side handshake. |
202 | |
203 | void connectSSL(); |
204 | /// Performs a SSL client-side handshake on an already connected TCP socket. |
205 | |
206 | ~SecureStreamSocketImpl(); |
207 | /// Destroys the SecureStreamSocketImpl. |
208 | |
209 | static int lastError(); |
210 | static void error(); |
211 | static void error(const std::string& arg); |
212 | static void error(int code); |
213 | static void error(int code, const std::string& arg); |
214 | |
215 | private: |
216 | SecureStreamSocketImpl(const SecureStreamSocketImpl&); |
217 | SecureStreamSocketImpl& operator = (const SecureStreamSocketImpl&); |
218 | |
219 | SecureSocketImpl _impl; |
220 | bool _lazyHandshake; |
221 | |
222 | friend class SecureSocketImpl; |
223 | friend class SecureStreamSocket; |
224 | }; |
225 | |
226 | |
227 | // |
228 | // inlines |
229 | // |
230 | inline const std::string& SecureStreamSocketImpl::getPeerHostName() const |
231 | { |
232 | return _impl.getPeerHostName(); |
233 | } |
234 | |
235 | |
236 | inline void SecureStreamSocketImpl::setPeerHostName(const std::string& peerHostName) |
237 | { |
238 | _impl.setPeerHostName(peerHostName); |
239 | } |
240 | |
241 | |
242 | inline Context::Ptr SecureStreamSocketImpl::context() const |
243 | { |
244 | return _impl.context(); |
245 | } |
246 | |
247 | |
248 | inline Session::Ptr SecureStreamSocketImpl::currentSession() |
249 | { |
250 | return _impl.currentSession(); |
251 | } |
252 | |
253 | |
254 | inline void SecureStreamSocketImpl::useSession(Session::Ptr pSession) |
255 | { |
256 | _impl.useSession(pSession); |
257 | } |
258 | |
259 | |
260 | inline bool SecureStreamSocketImpl::sessionWasReused() |
261 | { |
262 | return _impl.sessionWasReused(); |
263 | } |
264 | |
265 | |
266 | inline int SecureStreamSocketImpl::lastError() |
267 | { |
268 | return SocketImpl::lastError(); |
269 | } |
270 | |
271 | |
272 | inline void SecureStreamSocketImpl::error() |
273 | { |
274 | return SocketImpl::error(); |
275 | } |
276 | |
277 | |
278 | inline void SecureStreamSocketImpl::error(const std::string& arg) |
279 | { |
280 | return SocketImpl::error(arg); |
281 | } |
282 | |
283 | |
284 | inline void SecureStreamSocketImpl::error(int code) |
285 | { |
286 | return SocketImpl::error(code); |
287 | } |
288 | |
289 | |
290 | inline void SecureStreamSocketImpl::error(int code, const std::string& arg) |
291 | { |
292 | return SocketImpl::error(code, arg); |
293 | } |
294 | |
295 | |
296 | } } // namespace Poco::Net |
297 | |
298 | |
299 | #endif // NetSSL_SecureStreamSocketImpl_INCLUDED |
300 | |