git.sur5r.net Git - openldap/blob - contrib/ldapc++/src/TlsOptions.h

   1 // $OpenLDAP$
   2 /*
   3  * Copyright 2010-2018 The OpenLDAP Foundation, All Rights Reserved.
   4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   5  */
   6 #ifndef TLS_OPTIONS_H
   7 #define TLS_OPTIONS_H
   8 #include <string>
   9 #include <ldap.h>
  10
  11 /**
  12  * Class to access the global (and connection specific) TLS Settings
  13  * To access the global TLS Settings just instantiate a TlsOption object
  14  * using the default constructor.
  15  *
  16  * To access connection specific settings instantiate a TlsOption object
  17  * through the getTlsOptions() method from the corresponding
  18  * LDAPConnection/LDAPAsynConnection object.
  19  *
  20  */
  21 class TlsOptions {
  22     public:
  23
  24         /**
  25          * Available TLS Options
  26          */
  27         enum tls_option {
  28             CACERTFILE=0,
  29             CACERTDIR,
  30             CERTFILE,
  31             KEYFILE,
  32             REQUIRE_CERT,
  33             PROTOCOL_MIN,
  34             CIPHER_SUITE,
  35             RANDOM_FILE,
  36             CRLCHECK,
  37             DHFILE,
  38             /// @cond
  39             LASTOPT /* dummy */
  40             /// @endcond
  41         };
  42
  43         /**
  44          * Possible Values for the REQUIRE_CERT option
  45          */
  46         enum verifyMode {
  47             NEVER=0,
  48             HARD,
  49             DEMAND,
  50             ALLOW,
  51             TRY
  52         };
  53
  54         /**
  55          * Possible Values for the CRLCHECK option
  56          */
  57         enum crlMode {
  58             CRL_NONE=0,
  59             CRL_PEER,
  60             CRL_ALL
  61         };
  62
  63
  64         /**
  65          * Default constructor. Gives access to the global TlsSettings
  66          */
  67         TlsOptions();
  68
  69         /**
  70          * Set string valued options.
  71          * @param opt The following string valued options are available:
  72          *      - TlsOptions::CACERTFILE
  73          *      - TlsOptions::CACERTDIR
  74          *      - TlsOptions::CERTFILE
  75          *      - TlsOptions::KEYFILE
  76          *      - TlsOptions::CIPHER_SUITE
  77          *      - TlsOptions::RANDOM_FILE
  78          *      - TlsOptions::DHFILE
  79          *  @param value The value to apply to that option,
  80          *      - TlsOptions::CACERTFILE:
  81          *          The path to the file containing all recognized Certificate
  82          *          Authorities
  83          *      - TlsOptions::CACERTDIR:
  84          *          The path to a directory containing individual files of all
  85          *          recognized Certificate Authority certificates
  86          *      - TlsOptions::CERTFILE:
  87          *          The path to the client certificate
  88          *      - TlsOptions::KEYFILE:
  89          *          The path to the file containing the private key matching the
  90          *          Certificate that as configured with TlsOptions::CERTFILE
  91          *      - TlsOptions::CIPHER_SUITE
  92          *          Specifies the cipher suite and preference order
  93          *      - TlsOptions::RANDOM_FILE
  94          *          Specifies the file to obtain random bits from when
  95          *          /dev/[u]random is not available.
  96          *      - TlsOptions::DHFILE
  97          *          File containing DH parameters
  98          */
  99         void setOption(tls_option opt, const std::string& value) const;
 100
 101         /**
 102          * Set integer valued options.
 103          * @param opt The following string valued options are available:
 104          *      - TlsOptions::REQUIRE_CERT
 105          *      - TlsOptions::PROTOCOL_MIN
 106          *      - TlsOptions::CRLCHECK
 107          * @param value The value to apply to that option,
 108          *      - TlsOptions::REQUIRE_CERT:
 109          *          Possible Values (For details see the ldap.conf(5) man-page):
 110          *              - TlsOptions::NEVER
 111          *              - TlsOptions::DEMAND
 112          *              - TlsOptions::ALLOW
 113          *              - TlsOptions::TRY
 114          *      - TlsOptions::PROTOCOL_MIN
 115          *      - TlsOptions::CRLCHECK
 116          *          Possible Values:
 117          *              - TlsOptions::CRL_NONE
 118          *              - TlsOptions::CRL_PEER
 119          *              - TlsOptions::CRL_ALL
 120          */
 121         void setOption(tls_option opt, int value) const;
 122
 123         /**
 124          * Generic setOption variant. Generally you should prefer to use one
 125          * of the other variants
 126          */
 127         void setOption(tls_option opt, void *value) const;
 128
 129         /**
 130          * Read integer valued options
 131          * @return Option value
 132          * @throws LDAPException in case of error (invalid on non-integer
 133          *      valued option is requested)
 134          */
 135         int getIntOption(tls_option opt) const;
 136
 137         /**
 138          * Read string valued options
 139          * @return Option value
 140          * @throws LDAPException in case of error (invalid on non-string
 141          *      valued option is requested)
 142          */
 143         std::string getStringOption(tls_option opt) const;
 144
 145         /**
 146          * Read options value. Usually you should prefer to use either
 147          * getIntOption() or getStringOption()
 148          * @param value points to a buffer containing the option value
 149          * @throws LDAPException in case of error (invalid on non-string
 150          *      valued option is requested)
 151          */
 152         void getOption(tls_option opt, void *value ) const;
 153
 154     private:
 155         TlsOptions( LDAP* ld );
 156         void newCtx() const;
 157         LDAP *m_ld;
 158
 159     friend class LDAPAsynConnection;
 160 };
 161
 162 #endif /* TLS_OPTIONS_H */