1//
2// SecureStreamSocketImpl.h
3//
4// Library: NetSSL_OpenSSL
5// Package: SSLSockets
6// Module: SecureStreamSocketImpl
7//
8// Definition of the SecureStreamSocketImpl class.
9//
10// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
11// and Contributors.
12//
13// SPDX-License-Identifier: BSL-1.0
14//
15
16
17#ifndef NetSSL_SecureStreamSocketImpl_INCLUDED
18#define NetSSL_SecureStreamSocketImpl_INCLUDED
19
20
21#include "Poco/Net/NetSSL.h"
22#include "Poco/Net/SecureSocketImpl.h"
23#include "Poco/Net/StreamSocketImpl.h"
24#include "Poco/Net/Context.h"
25#include "Poco/Net/X509Certificate.h"
26
27
28namespace Poco {
29namespace Net {
30
31
32class NetSSL_API SecureStreamSocketImpl: public StreamSocketImpl
33 /// This class implements a SSL stream socket.
34{
35public:
36 SecureStreamSocketImpl(Context::Ptr pContext);
37 /// Creates the SecureStreamSocketImpl.
38
39 SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext);
40 /// Creates the SecureStreamSocketImpl.
41
42 SocketImpl* acceptConnection(SocketAddress& clientAddr);
43 /// Not supported by a SecureStreamSocket.
44 ///
45 /// Throws a Poco::InvalidAccessException.
46
47 void connect(const SocketAddress& address);
48 /// Initializes the socket and establishes a connection to
49 /// the TCP server at the given address.
50 ///
51 /// Can also be used for UDP sockets. In this case, no
52 /// connection is established. Instead, incoming and outgoing
53 /// packets are restricted to the specified address.
54
55 void connect(const SocketAddress& address, const Poco::Timespan& timeout);
56 /// Initializes the socket, sets the socket timeout and
57 /// establishes a connection to the TCP server at the given address.
58
59 void connectNB(const SocketAddress& address);
60 /// Initializes the socket and establishes a connection to
61 /// the TCP server at the given address. Prior to opening the
62 /// connection the socket is set to nonblocking mode.
63
64 void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
65 /// Not supported by a SecureStreamSocket.
66 ///
67 /// Throws a Poco::InvalidAccessException.
68
69 void listen(int backlog = 64);
70 /// Not supported by a SecureStreamSocket.
71 ///
72 /// Throws a Poco::InvalidAccessException.
73
74 void close();
75 /// Close the socket.
76
77 int sendBytes(const void* buffer, int length, int flags = 0);
78 /// Sends the contents of the given buffer through
79 /// the socket. Any specified flags are ignored.
80 ///
81 /// Returns the number of bytes sent, which may be
82 /// less than the number of bytes specified.
83
84 int receiveBytes(void* buffer, int length, int flags = 0);
85 /// Receives data from the socket and stores it
86 /// in buffer. Up to length bytes are received.
87 ///
88 /// Returns the number of bytes received.
89
90 int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
91 /// Not supported by a SecureStreamSocket.
92 ///
93 /// Throws a Poco::InvalidAccessException.
94
95 int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
96 /// Not supported by a SecureStreamSocket.
97 ///
98 /// Throws a Poco::InvalidAccessException.
99
100 void sendUrgent(unsigned char data);
101 /// Not supported by a SecureStreamSocket.
102 ///
103 /// Throws a Poco::InvalidAccessException.
104
105 int available();
106 /// Returns the number of bytes available that can be read
107 /// without causing the socket to block.
108 ///
109 /// For an SSL connection, returns the number of bytes that
110 /// can be read from the currently buffered SSL record,
111 /// before a new record is read from the underlying socket.
112
113 void shutdownReceive();
114 /// Shuts down the receiving part of the socket connection.
115 ///
116 /// Since SSL does not support a half shutdown, this does
117 /// nothing.
118
119 void shutdownSend();
120 /// Shuts down the receiving part of the socket connection.
121 ///
122 /// Since SSL does not support a half shutdown, this does
123 /// nothing.
124
125 void shutdown();
126 /// Shuts down the SSL connection.
127
128 void abort();
129 /// Aborts the connection by closing the underlying
130 /// TCP connection. No orderly SSL shutdown is performed.
131
132 bool secure() const;
133 /// Returns true iff the socket's connection is secure
134 /// (using SSL or TLS).
135
136 void setPeerHostName(const std::string& hostName);
137 /// Sets the peer host name for certificate validation purposes.
138
139 const std::string& getPeerHostName() const;
140 /// Returns the peer host name.
141
142 bool havePeerCertificate() const;
143 /// Returns true iff the peer has presented a
144 /// certificate.
145
146 X509Certificate peerCertificate() const;
147 /// Returns the peer's X509 certificate.
148 ///
149 /// Throws a SSLException if the peer did not
150 /// present a certificate.
151
152 Context::Ptr context() const;
153 /// Returns the SSL context used by this socket.
154
155 void setLazyHandshake(bool flag = true);
156 /// Enable lazy SSL handshake. If enabled, the SSL handshake
157 /// will be performed the first time date is sent or
158 /// received over the connection.
159
160 bool getLazyHandshake() const;
161 /// Returns true if setLazyHandshake(true) has been called.
162
163 void verifyPeerCertificate();
164 /// Performs post-connect (or post-accept) peer certificate validation,
165 /// using the peer's IP address as host name.
166
167 void verifyPeerCertificate(const std::string& hostName);
168 /// Performs post-connect (or post-accept) peer certificate validation
169 /// using the given host name.
170
171 int completeHandshake();
172 /// Completes the SSL handshake.
173 ///
174 /// If the SSL connection was the result of an accept(),
175 /// the server-side handshake is completed, otherwise
176 /// a client-side handshake is performed.
177
178 Session::Ptr currentSession();
179 /// Returns the SSL session of the current connection,
180 /// for reuse in a future connection (if session caching
181 /// is enabled).
182 ///
183 /// If no connection is established, returns null.
184
185 void useSession(Session::Ptr pSession);
186 /// Sets the SSL session to use for the next
187 /// connection. Setting a previously saved Session
188 /// object is necessary to enable session caching.
189 ///
190 /// To remove the currently set session, a null pointer
191 /// can be given.
192 ///
193 /// Must be called before connect() to be effective.
194
195 bool sessionWasReused();
196 /// Returns true iff a reused session was negotiated during
197 /// the handshake.
198
199protected:
200 void acceptSSL();
201 /// Performs a SSL server-side handshake.
202
203 void connectSSL();
204 /// Performs a SSL client-side handshake on an already connected TCP socket.
205
206 ~SecureStreamSocketImpl();
207 /// Destroys the SecureStreamSocketImpl.
208
209 static int lastError();
210 static void error();
211 static void error(const std::string& arg);
212 static void error(int code);
213 static void error(int code, const std::string& arg);
214
215private:
216 SecureStreamSocketImpl(const SecureStreamSocketImpl&);
217 SecureStreamSocketImpl& operator = (const SecureStreamSocketImpl&);
218
219 SecureSocketImpl _impl;
220 bool _lazyHandshake;
221
222 friend class SecureSocketImpl;
223 friend class SecureStreamSocket;
224};
225
226
227//
228// inlines
229//
230inline const std::string& SecureStreamSocketImpl::getPeerHostName() const
231{
232 return _impl.getPeerHostName();
233}
234
235
236inline void SecureStreamSocketImpl::setPeerHostName(const std::string& peerHostName)
237{
238 _impl.setPeerHostName(peerHostName);
239}
240
241
242inline Context::Ptr SecureStreamSocketImpl::context() const
243{
244 return _impl.context();
245}
246
247
248inline Session::Ptr SecureStreamSocketImpl::currentSession()
249{
250 return _impl.currentSession();
251}
252
253
254inline void SecureStreamSocketImpl::useSession(Session::Ptr pSession)
255{
256 _impl.useSession(pSession);
257}
258
259
260inline bool SecureStreamSocketImpl::sessionWasReused()
261{
262 return _impl.sessionWasReused();
263}
264
265
266inline int SecureStreamSocketImpl::lastError()
267{
268 return SocketImpl::lastError();
269}
270
271
272inline void SecureStreamSocketImpl::error()
273{
274 return SocketImpl::error();
275}
276
277
278inline void SecureStreamSocketImpl::error(const std::string& arg)
279{
280 return SocketImpl::error(arg);
281}
282
283
284inline void SecureStreamSocketImpl::error(int code)
285{
286 return SocketImpl::error(code);
287}
288
289
290inline void SecureStreamSocketImpl::error(int code, const std::string& arg)
291{
292 return SocketImpl::error(code, arg);
293}
294
295
296} } // namespace Poco::Net
297
298
299#endif // NetSSL_SecureStreamSocketImpl_INCLUDED
300