1/*
2 * Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19//
20// securetransport++ - C++ interface to Apple's Secure Transport layer
21//
22#ifndef _H_SECURETRANSPORTPLUSPLUS
23#define _H_SECURETRANSPORTPLUSPLUS
24
25#include <security_utilities/ip++.h>
26#include <Security/SecureTransport.h>
27
28
29namespace Security {
30namespace IPPlusPlus {
31
32
33//
34// The common-code core of a SecureTransport context and session.
35// Abstract - do not use directly.
36//
37class SecureTransportCore {
38public:
39    SecureTransportCore();
40    virtual ~SecureTransportCore();
41
42    void open();		// open SSL (but not underlying I/O)
43    void close();		// close SSL (but not underlying I/O)
44
45    SSLSessionState state() const;
46
47    SSLProtocol version() const;
48    void version(SSLProtocol v);
49
50	size_t numSupportedCiphers() const;
51	void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const;
52
53	size_t numEnabledCiphers() const;
54	void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const;	// get
55	void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers);		// set
56
57    bool allowsExpiredCerts() const;
58    void allowsExpiredCerts(bool allow);
59
60    bool allowsUnknownRoots() const;
61    void allowsUnknownRoots(bool allow);
62
63    void peerId(const void *data, size_t length);
64    template <class T> void peerId(const T &obj)	{ peerId(&obj, sizeof(obj)); }
65
66    size_t read(void *data, size_t length);
67    size_t write(const void *data, size_t length);
68    bool atEnd() const		{ return mAtEnd; }
69
70protected:
71    virtual size_t ioRead(void *data, size_t length) const = 0;
72    virtual size_t ioWrite(const void *data, size_t length) const = 0;
73    virtual bool ioAtEnd() const = 0;
74
75private:
76	static OSStatus sslReadFunc(SSLConnectionRef, void *, size_t *);
77	static OSStatus sslWriteFunc(SSLConnectionRef, const void *, size_t *);
78
79    bool continueHandshake();
80
81private:
82    SSLContextRef mContext;		// SecureTransport session/context object
83    bool mAtEnd;				// end-of-data flag derived from last SSLRead
84};
85
86
87//
88// This is what you use. The constructor argument is a FileDescoid object
89// of some kind, such as a FileDesc, Socket, etc.
90// Note that SecureTransport is in turn a FileDescoid object, so you can read/write
91// it in the usual fashion, and it will in turn read/write cipher data from its I/O source.
92//
93template <class IO>
94class SecureTransport : public SecureTransportCore {
95public:
96    SecureTransport(IO &ioRef) : io(ioRef) { }
97    ~SecureTransport() { close(); }
98
99    IO &io;
100
101private:
102    size_t ioRead(void *data, size_t length) const			{ return io.read(data, length); }
103    size_t ioWrite(const void *data, size_t length) const	{ return io.write(data, length); }
104    bool ioAtEnd() const									{ return io.atEnd(); }
105};
106
107
108}	// end namespace IPPlusPlus
109}	// end namespace Security
110
111
112#endif //_H_SECURETRANSPORTPLUSPLUS
113