1/* 2 * Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19// 20// securetransport++ - C++ interface to Apple's Secure Transport layer 21// 22#ifndef _H_SECURETRANSPORTPLUSPLUS 23#define _H_SECURETRANSPORTPLUSPLUS 24 25#include <security_utilities/ip++.h> 26#include <Security/SecureTransport.h> 27 28 29namespace Security { 30namespace IPPlusPlus { 31 32 33// 34// The common-code core of a SecureTransport context and session. 35// Abstract - do not use directly. 36// 37class SecureTransportCore { 38public: 39 SecureTransportCore(); 40 virtual ~SecureTransportCore(); 41 42 void open(); // open SSL (but not underlying I/O) 43 void close(); // close SSL (but not underlying I/O) 44 45 SSLSessionState state() const; 46 47 SSLProtocol version() const; 48 void version(SSLProtocol v); 49 50 size_t numSupportedCiphers() const; 51 void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; 52 53 size_t numEnabledCiphers() const; 54 void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; // get 55 void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers); // set 56 57 bool allowsExpiredCerts() const; 58 void allowsExpiredCerts(bool allow); 59 60 bool allowsUnknownRoots() const; 61 void allowsUnknownRoots(bool allow); 62 63 void peerId(const void *data, size_t length); 64 template <class T> void peerId(const T &obj) { peerId(&obj, sizeof(obj)); } 65 66 size_t read(void *data, size_t length); 67 size_t write(const void *data, size_t length); 68 bool atEnd() const { return mAtEnd; } 69 70protected: 71 virtual size_t ioRead(void *data, size_t length) const = 0; 72 virtual size_t ioWrite(const void *data, size_t length) const = 0; 73 virtual bool ioAtEnd() const = 0; 74 75private: 76 static OSStatus sslReadFunc(SSLConnectionRef, void *, size_t *); 77 static OSStatus sslWriteFunc(SSLConnectionRef, const void *, size_t *); 78 79 bool continueHandshake(); 80 81private: 82 SSLContextRef mContext; // SecureTransport session/context object 83 bool mAtEnd; // end-of-data flag derived from last SSLRead 84}; 85 86 87// 88// This is what you use. The constructor argument is a FileDescoid object 89// of some kind, such as a FileDesc, Socket, etc. 90// Note that SecureTransport is in turn a FileDescoid object, so you can read/write 91// it in the usual fashion, and it will in turn read/write cipher data from its I/O source. 92// 93template <class IO> 94class SecureTransport : public SecureTransportCore { 95public: 96 SecureTransport(IO &ioRef) : io(ioRef) { } 97 ~SecureTransport() { close(); } 98 99 IO &io; 100 101private: 102 size_t ioRead(void *data, size_t length) const { return io.read(data, length); } 103 size_t ioWrite(const void *data, size_t length) const { return io.write(data, length); } 104 bool ioAtEnd() const { return io.atEnd(); } 105}; 106 107 108} // end namespace IPPlusPlus 109} // end namespace Security 110 111 112#endif //_H_SECURETRANSPORTPLUSPLUS 113