New class "TlsOptions" to handle TLS/SSL related settings

diff --git a/contrib/ldapc++/src/TlsOptions.cpp b/contrib/ldapc++/src/TlsOptions.cpp
new file mode 100644 (file)
index 0000000..0cba46e
--- /dev/null
+++ b/contrib/ldapc++/src/TlsOptions.cpp
@@ -0,0 +1,106 @@
+// $OpenLDAP$
+/*
+ * Copyright 2010, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "TlsOptions.h"
+#include "LDAPException.h"
+
+enum opttype {
+    INT=0,
+    STRING,
+    OTHER
+};
+
+typedef struct tls_optmap {
+    int optval;
+    opttype type;
+} tls_optmap_t;
+
+static tls_optmap_t optmap[] = {
+    { LDAP_OPT_X_TLS_CACERTFILE, STRING },
+    { LDAP_OPT_X_TLS_CACERTDIR, STRING },
+    { LDAP_OPT_X_TLS_CERTFILE, STRING },
+    { LDAP_OPT_X_TLS_KEYFILE, STRING },
+    { LDAP_OPT_X_TLS_REQUIRE_CERT, INT },
+    { LDAP_OPT_X_TLS_PROTOCOL_MIN, INT },
+    { LDAP_OPT_X_TLS_CIPHER_SUITE, STRING },
+    { LDAP_OPT_X_TLS_RANDOM_FILE, STRING },
+    { LDAP_OPT_X_TLS_CRLCHECK, INT },
+    { LDAP_OPT_X_TLS_DHFILE, STRING },
+    { LDAP_OPT_X_TLS_NEWCTX, INT }
+};
+#if 0 /* not implemented currently */
+        static const int TLS_CRLFILE /* GNUtls only */
+        static const int TLS_SSL_CTX  /* OpenSSL SSL* */
+        static const int TLS_CONNECT_CB
+        static const int TLS_CONNECT_ARG
+#endif 
+
+void checkOpt( TlsOptions::tls_option opt, opttype type ){
+    if ( opt >= sizeof(optmap) ){
+        throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) );
+    }
+
+    if ( optmap[opt].type != type ){
+        throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) );
+    }
+}
+
+TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { }
+
+void TlsOptions::setOption( tls_option opt, const std::string& value ) {
+    checkOpt(opt, STRING);
+    this->setOption( opt, (void*) value.c_str());
+}
+
+void TlsOptions::setOption( tls_option opt, int value ) {
+    checkOpt(opt, INT);
+    this->setOption( opt, (void*) &value);
+}
+
+void TlsOptions::setOption( tls_option opt, void *value ) {
+    int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
+    if ( ret != LDAP_OPT_SUCCESS )
+    {
+        if ( ret != LDAP_OPT_ERROR ){
+            throw( LDAPException( ret ));
+        } else {
+            throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
+        }
+    }
+}
+
+void TlsOptions::getOption( tls_option opt, void* value ){
+    int ret = ldap_get_option( m_ld, optmap[opt].optval, value);
+    if ( ret != LDAP_OPT_SUCCESS )
+    {
+        if ( ret != LDAP_OPT_ERROR ){
+            throw( LDAPException( ret ));
+        } else {
+            throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) );
+        }
+    }
+}
+
+int TlsOptions::getIntOption( tls_option opt ) const {
+    int value;
+    checkOpt(opt, INT);
+    ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
+    return value;
+}
+
+std::string TlsOptions::getStringOption( tls_option opt ) const {
+    char *value;
+    checkOpt(opt, STRING);
+    ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
+    std::string strval;
+    if (value)
+    {
+        strval=std::string(value);
+        ldap_memfree(value);
+    }
+    return strval;
+}
+

diff --git a/contrib/ldapc++/src/TlsOptions.h b/contrib/ldapc++/src/TlsOptions.h
new file mode 100644 (file)
index 0000000..573b4f9
--- /dev/null
+++ b/contrib/ldapc++/src/TlsOptions.h
@@ -0,0 +1,54 @@
+// $OpenLDAP$
+/*
+ * Copyright 2010, OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+#ifndef TLS_OPTIONS_H
+#define TLS_OPTIONS_H
+#include <string>
+#include <ldap.h>
+
+class TlsOptions {
+    public:
+        enum tls_option {
+            CACERTFILE=0,
+            CACERTDIR,
+            CERTFILE,
+            KEYFILE,
+            REQUIRE_CERT,
+            PROTOCOL_MIN,
+            CIPHER_SUITE,
+            RANDOM_FILE,
+            CRLCHECK,
+            DHFILE,
+            NEWCTX
+        };
+
+        TlsOptions( LDAP* ld=NULL );
+        void setOption(tls_option opt, const std::string& value);
+        void setOption(tls_option opt, int value);
+        void setOption(tls_option opt, void *value);
+
+        int getIntOption(tls_option opt) const;
+        std::string getStringOption(tls_option opt) const;
+        void getOption(tls_option opt, void *value );
+        
+        enum verifyMode {
+            NEVER=0,
+            HARD,
+            DEMAND,
+            ALLOW,
+            TRY
+        };
+
+        enum crlMode {
+            CRL_NONE=0,
+            CRL_PEER,
+            CRL_ALL
+        };
+
+    private:
+        LDAP *m_ld;        
+};
+
+#endif /* TLS_OPTIONS_H */