/* * Copyright (C) 2006-2012 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * * The GnuTLS is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see * */ #ifndef GNUTLS_GNUTLSXX_H #define GNUTLS_GNUTLSXX_H #include #include #include namespace gnutls { class noncopyable { protected: noncopyable() { } ~noncopyable() { } private: /* These are non-implemented. */ noncopyable(const noncopyable &); noncopyable &operator=(const noncopyable &); }; class exception : public std::exception { public: explicit exception(int x); const char *what() const throw(); int get_code(); protected: int retcode; }; class dh_params : private noncopyable { public: dh_params(); ~dh_params(); void import_raw(const gnutls_datum_t &prime, const gnutls_datum_t &generator); void import_pkcs3(const gnutls_datum_t &pkcs3_params, gnutls_x509_crt_fmt_t format); void generate(unsigned int bits); void export_pkcs3(gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t *params_data_size); void export_raw(gnutls_datum_t &prime, gnutls_datum_t &generator); gnutls_dh_params_t get_params_t() const; dh_params &operator=(const dh_params &src); protected: gnutls_dh_params_t params; }; class rsa_params : private noncopyable { public: rsa_params(); ~rsa_params(); void import_raw(const gnutls_datum_t &m, const gnutls_datum_t &e, const gnutls_datum_t &d, const gnutls_datum_t &p, const gnutls_datum_t &q, const gnutls_datum_t &u); void import_pkcs1(const gnutls_datum_t &pkcs1_params, gnutls_x509_crt_fmt_t format); void generate(unsigned int bits); void export_pkcs1(gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t *params_data_size); void export_raw(gnutls_datum_t &m, gnutls_datum_t &e, gnutls_datum_t &d, gnutls_datum_t &p, gnutls_datum_t &q, gnutls_datum_t &u); gnutls_rsa_params_t get_params_t() const; rsa_params &operator=(const rsa_params &src); protected: gnutls_rsa_params_t params; }; class session : private noncopyable { protected: gnutls_session_t s; public: explicit session(unsigned int); virtual ~session(); gnutls_session_t ptr(); int bye(gnutls_close_request_t how); int handshake(); gnutls_alert_description_t get_alert() const; int send_alert(gnutls_alert_level_t level, gnutls_alert_description_t desc); int send_appropriate_alert(int err); gnutls_cipher_algorithm_t get_cipher() const; gnutls_kx_algorithm_t get_kx() const; gnutls_mac_algorithm_t get_mac() const; gnutls_compression_method_t get_compression() const; gnutls_certificate_type_t get_certificate_type() const; /* for the handshake */ void set_private_extensions(bool allow); gnutls_handshake_description_t get_handshake_last_out() const; gnutls_handshake_description_t get_handshake_last_in() const; ssize_t send(const void *data, size_t sizeofdata); ssize_t recv(void *data, size_t sizeofdata); bool get_record_direction() const; /* maximum packet size */ size_t get_max_size() const; void set_max_size(size_t size); size_t check_pending() const; void prf(size_t label_size, const char *label, int server_random_first, size_t extra_size, const char *extra, size_t outsize, char *out); void prf_raw(size_t label_size, const char *label, size_t seed_size, const char *seed, size_t outsize, char *out); /* if you just want some defaults, use the following. */ void set_priority(const char *prio, const char **err_pos); void set_priority(gnutls_priority_t p); gnutls_protocol_t get_protocol_version() const; /* for resuming sessions */ void set_data(const void *session_data, size_t session_data_size); void get_data(void *session_data, size_t *session_data_size) const; void get_data(gnutls_session_t session, gnutls_datum_t &data) const; void get_id(void *session_id, size_t *session_id_size) const; bool is_resumed() const; void set_max_handshake_packet_length(size_t max); void clear_credentials(); void set_credentials(const class credentials &cred); void set_transport_ptr(gnutls_transport_ptr_t ptr); void set_transport_ptr(gnutls_transport_ptr_t recv_ptr, gnutls_transport_ptr_t send_ptr); gnutls_transport_ptr_t get_transport_ptr() const; void get_transport_ptr(gnutls_transport_ptr_t &recv_ptr, gnutls_transport_ptr_t &send_ptr) const; void set_transport_lowat(size_t num); void set_transport_push_function(gnutls_push_func push_func); void set_transport_vec_push_function(gnutls_vec_push_func vec_push_func); void set_transport_pull_function(gnutls_pull_func pull_func); void set_transport_pull_timeout_function( gnutls_pull_timeout_func pull_timeout_func); void set_user_ptr(void *ptr); void *get_user_ptr() const; void send_openpgp_cert(gnutls_openpgp_crt_status_t status); gnutls_credentials_type_t get_auth_type() const; gnutls_credentials_type_t get_server_auth_type() const; gnutls_credentials_type_t get_client_auth_type() const; /* informational stuff */ void set_dh_prime_bits(unsigned int bits); unsigned int get_dh_secret_bits() const; unsigned int get_dh_peers_public_bits() const; unsigned int get_dh_prime_bits() const; void get_dh_group(gnutls_datum_t &gen, gnutls_datum_t &prime) const; void get_dh_pubkey(gnutls_datum_t &raw_key) const; void get_rsa_export_pubkey(gnutls_datum_t &exponent, gnutls_datum_t &modulus) const; unsigned int get_rsa_export_modulus_bits() const; void get_our_certificate(gnutls_datum_t &cert) const; bool get_peers_certificate(std::vector &out_certs) const; bool get_peers_certificate(const gnutls_datum_t **certs, unsigned int *certs_size) const; time_t get_peers_certificate_activation_time() const; time_t get_peers_certificate_expiration_time() const; void verify_peers_certificate(unsigned int &status) const; }; /* interface for databases */ class DB : private noncopyable { public: virtual ~DB() = 0; virtual bool store(const gnutls_datum_t &key, const gnutls_datum_t &data) = 0; virtual bool retrieve(const gnutls_datum_t &key, gnutls_datum_t &data) = 0; virtual bool remove(const gnutls_datum_t &key) = 0; }; class server_session : public session { public: server_session(); explicit server_session(int flags); ~server_session(); void db_remove() const; void set_db_cache_expiration(unsigned int seconds); void set_db(const DB &db); /* returns true if session is expired */ bool db_check_entry(const gnutls_datum_t &session_data) const; /* server side only */ const char *get_srp_username() const; const char *get_psk_username() const; void get_server_name(void *data, size_t *data_length, unsigned int *type, unsigned int indx) const; int rehandshake(); void set_certificate_request(gnutls_certificate_request_t); }; class client_session : public session { public: client_session(); explicit client_session(int flags); ~client_session(); void set_verify_cert(const char *hostname, unsigned flags); void set_server_name(gnutls_server_name_type_t type, const void *name, size_t name_length); bool get_request_status(); }; class credentials : private noncopyable { public: virtual ~credentials() { } gnutls_credentials_type_t get_type() const; protected: friend class session; explicit credentials(gnutls_credentials_type_t t); void *ptr() const; void set_ptr(void *ptr); gnutls_credentials_type_t type; private: void *cred; }; class certificate_credentials : public credentials { public: ~certificate_credentials(); certificate_credentials(); void free_keys(); void free_cas(); void free_ca_names(); void free_crls(); void set_dh_params(const dh_params ¶ms); void set_rsa_export_params(const rsa_params ¶ms); void set_verify_flags(unsigned int flags); void set_verify_limits(unsigned int max_bits, unsigned int max_depth); void set_x509_trust_file(const char *cafile, gnutls_x509_crt_fmt_t type); void set_x509_trust(const gnutls_datum_t &CA, gnutls_x509_crt_fmt_t type); void set_x509_trust(gnutls_x509_crt_t *ca_list, int ca_list_size); void set_x509_crl_file(const char *crlfile, gnutls_x509_crt_fmt_t type); void set_x509_crl(const gnutls_datum_t &CRL, gnutls_x509_crt_fmt_t type); void set_x509_crl(gnutls_x509_crl_t *crl_list, int crl_list_size); void set_x509_key_file(const char *certfile, const char *KEYFILE, gnutls_x509_crt_fmt_t type); void set_x509_key(const gnutls_datum_t &CERT, const gnutls_datum_t &KEY, gnutls_x509_crt_fmt_t type); void set_x509_key(gnutls_x509_crt_t *cert_list, int cert_list_size, gnutls_x509_privkey_t key); void set_simple_pkcs12_file(const char *pkcs12file, gnutls_x509_crt_fmt_t type, const char *password); void set_retrieve_function(gnutls_certificate_retrieve_function *func); protected: gnutls_certificate_credentials_t cred; }; class certificate_server_credentials : public certificate_credentials { public: void set_params_function(gnutls_params_function *func); }; class certificate_client_credentials : public certificate_credentials { public: }; class anon_server_credentials : public credentials { public: anon_server_credentials(); ~anon_server_credentials(); void set_dh_params(const dh_params ¶ms); void set_params_function(gnutls_params_function *func); protected: gnutls_anon_server_credentials_t cred; }; class anon_client_credentials : public credentials { public: anon_client_credentials(); ~anon_client_credentials(); protected: gnutls_anon_client_credentials_t cred; }; class srp_server_credentials : public credentials { public: srp_server_credentials(); ~srp_server_credentials(); void set_credentials_file(const char *password_file, const char *password_conf_file); void set_credentials_function(gnutls_srp_server_credentials_function *func); protected: gnutls_srp_server_credentials_t cred; }; class srp_client_credentials : public credentials { public: srp_client_credentials(); ~srp_client_credentials(); void set_credentials(const char *username, const char *password); void set_credentials_function(gnutls_srp_client_credentials_function *func); protected: gnutls_srp_client_credentials_t cred; }; class psk_server_credentials : public credentials { public: psk_server_credentials(); ~psk_server_credentials(); void set_credentials_file(const char *password_file); void set_credentials_function(gnutls_psk_server_credentials_function *func); void set_dh_params(const dh_params ¶ms); void set_params_function(gnutls_params_function *func); protected: gnutls_psk_server_credentials_t cred; }; class psk_client_credentials : public credentials { public: psk_client_credentials(); ~psk_client_credentials(); void set_credentials(const char *username, const gnutls_datum_t &key, gnutls_psk_key_flags flags); void set_credentials_function(gnutls_psk_client_credentials_function *func); protected: gnutls_psk_client_credentials_t cred; }; /* By default, we provide the function definitions, which allows users of the library to use the C++ header and link against the C library. However, if GNUTLS_GNUTLSXX_NO_HEADERONLY is defined, then the definitions are not necessary, as the user is expected to link to the C++ library. (Which is provided for backwards-compatibility.) All applications using GnuTLS of version less than 3.8.0 use the C++ library. Applications using GnuTLS 3.8.0 or above will use by default the C library with the C++ "header-only" header, but they still have the option to link to the C++ library instead if they wish, and if so, they must also define GNUTLS_GNUTLSXX_NO_HEADERONLY in their compilation step. */ #ifndef GNUTLS_GNUTLSXX_NO_HEADERONLY inline static int RETWRAP(int ret) { if (ret < 0) throw(exception(ret)); return ret; } session::session(unsigned int flags) { RETWRAP(gnutls_init(&s, flags)); } session::~session() { gnutls_deinit(s); } gnutls_session_t session::ptr() { return s; } int session::bye(gnutls_close_request_t how) { return RETWRAP(gnutls_bye(s, how)); } int session::handshake() { return RETWRAP(gnutls_handshake(s)); } server_session::server_session() : session(GNUTLS_SERVER) { } server_session::server_session(int flags) : session(GNUTLS_SERVER | (flags & ~GNUTLS_CLIENT)) { } server_session::~server_session() { } int server_session::rehandshake() { return RETWRAP(gnutls_rehandshake(s)); } gnutls_alert_description_t session::get_alert() const { return gnutls_alert_get(s); } int session::send_alert(gnutls_alert_level_t level, gnutls_alert_description_t desc) { return RETWRAP(gnutls_alert_send(s, level, desc)); } int session::send_appropriate_alert(int err) { return RETWRAP(gnutls_alert_send_appropriate(s, err)); } gnutls_cipher_algorithm_t session::get_cipher() const { return gnutls_cipher_get(s); } gnutls_kx_algorithm_t session::get_kx() const { return gnutls_kx_get(s); } gnutls_mac_algorithm_t session::get_mac() const { return gnutls_mac_get(s); } gnutls_compression_method_t session::get_compression() const { return gnutls_compression_get(s); } gnutls_certificate_type_t session::get_certificate_type() const { return gnutls_certificate_type_get(s); } void session::set_private_extensions(bool allow) { gnutls_handshake_set_private_extensions(s, (int)allow); } gnutls_handshake_description_t session::get_handshake_last_out() const { return gnutls_handshake_get_last_out(s); } gnutls_handshake_description_t session::get_handshake_last_in() const { return gnutls_handshake_get_last_in(s); } ssize_t session::send(const void *data, size_t sizeofdata) { return RETWRAP(gnutls_record_send(s, data, sizeofdata)); } ssize_t session::recv(void *data, size_t sizeofdata) { return RETWRAP(gnutls_record_recv(s, data, sizeofdata)); } bool session::get_record_direction() const { return gnutls_record_get_direction(s); } /* maximum packet size */ size_t session::get_max_size() const { return gnutls_record_get_max_size(s); } void session::set_max_size(size_t size) { RETWRAP(gnutls_record_set_max_size(s, size)); } size_t session::check_pending() const { return gnutls_record_check_pending(s); } void session::prf(size_t label_size, const char *label, int server_random_first, size_t extra_size, const char *extra, size_t outsize, char *out) { RETWRAP(gnutls_prf(s, label_size, label, server_random_first, extra_size, extra, outsize, out)); } void session::prf_raw(size_t label_size, const char *label, size_t seed_size, const char *seed, size_t outsize, char *out) { RETWRAP(gnutls_prf_raw(s, label_size, label, seed_size, seed, outsize, out)); } /* if you just want some defaults, use the following. */ void session::set_priority(const char *prio, const char **err_pos) { RETWRAP(gnutls_priority_set_direct(s, prio, err_pos)); } void session::set_priority(gnutls_priority_t p) { RETWRAP(gnutls_priority_set(s, p)); } gnutls_protocol_t session::get_protocol_version() const { return gnutls_protocol_get_version(s); } void session::set_data(const void *session_data, size_t session_data_size) { RETWRAP(gnutls_session_set_data(s, session_data, session_data_size)); } void session::get_data(void *session_data, size_t *session_data_size) const { RETWRAP(gnutls_session_get_data(s, session_data, session_data_size)); } void session::get_data(gnutls_session_t session, gnutls_datum_t &data) const { RETWRAP(gnutls_session_get_data2(s, &data)); } void session::get_id(void *session_id, size_t *session_id_size) const { RETWRAP(gnutls_session_get_id(s, session_id, session_id_size)); } bool session::is_resumed() const { int ret = gnutls_session_is_resumed(s); return (ret != 0); } bool session::get_peers_certificate(std::vector &out_certs) const { const gnutls_datum_t *certs; unsigned int certs_size; certs = gnutls_certificate_get_peers(s, &certs_size); if (certs == NULL) return false; for (unsigned int i = 0; i < certs_size; i++) out_certs.push_back(certs[i]); return true; } bool session::get_peers_certificate(const gnutls_datum_t **certs, unsigned int *certs_size) const { *certs = gnutls_certificate_get_peers(s, certs_size); if (*certs == NULL) return false; return true; } void session::get_our_certificate(gnutls_datum_t &cert) const { const gnutls_datum_t *d; d = gnutls_certificate_get_ours(s); if (d == NULL) throw(exception(GNUTLS_E_INVALID_REQUEST)); cert = *d; } time_t session::get_peers_certificate_activation_time() const { return gnutls_certificate_activation_time_peers(s); } time_t session::get_peers_certificate_expiration_time() const { return gnutls_certificate_expiration_time_peers(s); } void session::verify_peers_certificate(unsigned int &status) const { RETWRAP(gnutls_certificate_verify_peers2(s, &status)); } client_session::client_session() : session(GNUTLS_CLIENT) { } client_session::client_session(int flags) : session(GNUTLS_CLIENT | (flags & ~GNUTLS_SERVER)) { } client_session::~client_session() { } // client session void client_session::set_verify_cert(const char *hostname, unsigned flags) { gnutls_session_set_verify_cert(s, hostname, flags); } void client_session::set_server_name(gnutls_server_name_type_t type, const void *name, size_t name_length) { RETWRAP(gnutls_server_name_set(s, type, name, name_length)); } bool client_session::get_request_status() { return RETWRAP(gnutls_certificate_client_get_request_status(s)); } // server_session void server_session::get_server_name(void *data, size_t *data_length, unsigned int *type, unsigned int indx) const { RETWRAP(gnutls_server_name_get(s, data, data_length, type, indx)); } // internal DB stuff static int store_function(void *_db, gnutls_datum_t key, gnutls_datum_t data) { try { DB *db = static_cast(_db); if (db->store(key, data) == false) return -1; } catch (...) { return -1; } return 0; } const static gnutls_datum_t null_datum = { NULL, 0 }; static gnutls_datum_t retrieve_function(void *_db, gnutls_datum_t key) { gnutls_datum_t data; try { DB *db = static_cast(_db); if (db->retrieve(key, data) == false) return null_datum; } catch (...) { return null_datum; } return data; } static int remove_function(void *_db, gnutls_datum_t key) { try { DB *db = static_cast(_db); if (db->remove(key) == false) return -1; } catch (...) { return -1; } return 0; } void server_session::set_db(const DB &db) { gnutls_db_set_ptr(s, const_cast(&db)); gnutls_db_set_store_function(s, store_function); gnutls_db_set_retrieve_function(s, retrieve_function); gnutls_db_set_remove_function(s, remove_function); } void server_session::set_db_cache_expiration(unsigned int seconds) { gnutls_db_set_cache_expiration(s, seconds); } void server_session::db_remove() const { gnutls_db_remove_session(s); } bool server_session::db_check_entry(const gnutls_datum_t &session_data) const { int ret = gnutls_db_check_entry(s, session_data); if (ret != 0) return true; return false; } void session::set_max_handshake_packet_length(size_t max) { gnutls_handshake_set_max_packet_length(s, max); } void session::clear_credentials() { gnutls_credentials_clear(s); } void session::set_credentials(const credentials &cred) { RETWRAP(gnutls_credentials_set(s, cred.get_type(), cred.ptr())); } const char *server_session::get_srp_username() const { return gnutls_srp_server_get_username(s); } const char *server_session::get_psk_username() const { return gnutls_psk_server_get_username(s); } void session::set_transport_ptr(gnutls_transport_ptr_t ptr) { gnutls_transport_set_ptr(s, ptr); } void session::set_transport_ptr(gnutls_transport_ptr_t recv_ptr, gnutls_transport_ptr_t send_ptr) { gnutls_transport_set_ptr2(s, recv_ptr, send_ptr); } gnutls_transport_ptr_t session::get_transport_ptr() const { return gnutls_transport_get_ptr(s); } void session::get_transport_ptr(gnutls_transport_ptr_t &recv_ptr, gnutls_transport_ptr_t &send_ptr) const { gnutls_transport_get_ptr2(s, &recv_ptr, &send_ptr); } void session::set_transport_lowat(size_t num) { throw(exception(GNUTLS_E_UNIMPLEMENTED_FEATURE)); } void session::set_transport_push_function(gnutls_push_func push_func) { gnutls_transport_set_push_function(s, push_func); } void session::set_transport_vec_push_function(gnutls_vec_push_func vec_push_func) { gnutls_transport_set_vec_push_function(s, vec_push_func); } void session::set_transport_pull_function(gnutls_pull_func pull_func) { gnutls_transport_set_pull_function(s, pull_func); } void session::set_transport_pull_timeout_function( gnutls_pull_timeout_func pull_timeout_func) { gnutls_transport_set_pull_timeout_function(s, pull_timeout_func); } void session::set_user_ptr(void *ptr) { gnutls_session_set_ptr(s, ptr); } void *session::get_user_ptr() const { return gnutls_session_get_ptr(s); } void session::send_openpgp_cert(gnutls_openpgp_crt_status_t status) { gnutls_openpgp_send_cert(s, status); } void session::set_dh_prime_bits(unsigned int bits) { gnutls_dh_set_prime_bits(s, bits); } unsigned int session::get_dh_secret_bits() const { return RETWRAP(gnutls_dh_get_secret_bits(s)); } unsigned int session::get_dh_peers_public_bits() const { return RETWRAP(gnutls_dh_get_peers_public_bits(s)); } unsigned int session::get_dh_prime_bits() const { return RETWRAP(gnutls_dh_get_prime_bits(s)); } void session::get_dh_group(gnutls_datum_t &gen, gnutls_datum_t &prime) const { RETWRAP(gnutls_dh_get_group(s, &gen, &prime)); } void session::get_dh_pubkey(gnutls_datum_t &raw_key) const { RETWRAP(gnutls_dh_get_pubkey(s, &raw_key)); } void server_session::set_certificate_request(gnutls_certificate_request_t req) { gnutls_certificate_server_set_request(s, req); } gnutls_credentials_type_t session::get_auth_type() const { return gnutls_auth_get_type(s); } gnutls_credentials_type_t session::get_server_auth_type() const { return gnutls_auth_server_get_type(s); } gnutls_credentials_type_t session::get_client_auth_type() const { return gnutls_auth_client_get_type(s); } certificate_credentials::~certificate_credentials() { gnutls_certificate_free_credentials(cred); } certificate_credentials::certificate_credentials() : credentials(GNUTLS_CRD_CERTIFICATE) { RETWRAP(gnutls_certificate_allocate_credentials(&cred)); set_ptr(cred); } void certificate_server_credentials::set_params_function( gnutls_params_function *func) { gnutls_certificate_set_params_function(cred, func); } anon_server_credentials::anon_server_credentials() : credentials(GNUTLS_CRD_ANON) { RETWRAP(gnutls_anon_allocate_server_credentials(&cred)); set_ptr(cred); } anon_server_credentials::~anon_server_credentials() { gnutls_anon_free_server_credentials(cred); } void anon_server_credentials::set_dh_params(const dh_params ¶ms) { gnutls_anon_set_server_dh_params(cred, params.get_params_t()); } void anon_server_credentials::set_params_function(gnutls_params_function *func) { gnutls_anon_set_server_params_function(cred, func); } anon_client_credentials::anon_client_credentials() : credentials(GNUTLS_CRD_ANON) { RETWRAP(gnutls_anon_allocate_client_credentials(&cred)); set_ptr(cred); } anon_client_credentials::~anon_client_credentials() { gnutls_anon_free_client_credentials(cred); } void certificate_credentials::free_keys() { gnutls_certificate_free_keys(cred); } void certificate_credentials::free_cas() { gnutls_certificate_free_cas(cred); } void certificate_credentials::free_ca_names() { gnutls_certificate_free_ca_names(cred); } void certificate_credentials::free_crls() { gnutls_certificate_free_crls(cred); } void certificate_credentials::set_dh_params(const dh_params ¶ms) { gnutls_certificate_set_dh_params(cred, params.get_params_t()); } void certificate_credentials::set_verify_flags(unsigned int flags) { gnutls_certificate_set_verify_flags(cred, flags); } void certificate_credentials::set_verify_limits(unsigned int max_bits, unsigned int max_depth) { gnutls_certificate_set_verify_limits(cred, max_bits, max_depth); } void certificate_credentials::set_x509_trust_file(const char *cafile, gnutls_x509_crt_fmt_t type) { RETWRAP(gnutls_certificate_set_x509_trust_file(cred, cafile, type)); } void certificate_credentials::set_x509_trust(const gnutls_datum_t &CA, gnutls_x509_crt_fmt_t type) { RETWRAP(gnutls_certificate_set_x509_trust_mem(cred, &CA, type)); } void certificate_credentials::set_x509_crl_file(const char *crlfile, gnutls_x509_crt_fmt_t type) { RETWRAP(gnutls_certificate_set_x509_crl_file(cred, crlfile, type)); } void certificate_credentials::set_x509_crl(const gnutls_datum_t &CRL, gnutls_x509_crt_fmt_t type) { RETWRAP(gnutls_certificate_set_x509_crl_mem(cred, &CRL, type)); } void certificate_credentials::set_x509_key_file(const char *certfile, const char *keyfile, gnutls_x509_crt_fmt_t type) { RETWRAP(gnutls_certificate_set_x509_key_file(cred, certfile, keyfile, type)); } void certificate_credentials::set_x509_key(const gnutls_datum_t &CERT, const gnutls_datum_t &KEY, gnutls_x509_crt_fmt_t type) { RETWRAP(gnutls_certificate_set_x509_key_mem(cred, &CERT, &KEY, type)); } void certificate_credentials::set_simple_pkcs12_file(const char *pkcs12file, gnutls_x509_crt_fmt_t type, const char *password) { RETWRAP(gnutls_certificate_set_x509_simple_pkcs12_file(cred, pkcs12file, type, password)); } void certificate_credentials::set_x509_key(gnutls_x509_crt_t *cert_list, int cert_list_size, gnutls_x509_privkey_t key) { RETWRAP(gnutls_certificate_set_x509_key(cred, cert_list, cert_list_size, key)); } void certificate_credentials::set_x509_trust(gnutls_x509_crt_t *ca_list, int ca_list_size) { RETWRAP(gnutls_certificate_set_x509_trust(cred, ca_list, ca_list_size)); } void certificate_credentials::set_x509_crl(gnutls_x509_crl_t *crl_list, int crl_list_size) { RETWRAP(gnutls_certificate_set_x509_crl(cred, crl_list, crl_list_size)); } void certificate_credentials::set_retrieve_function( gnutls_certificate_retrieve_function *func) { gnutls_certificate_set_retrieve_function(cred, func); } // SRP srp_server_credentials::srp_server_credentials() : credentials(GNUTLS_CRD_SRP) { RETWRAP(gnutls_srp_allocate_server_credentials(&cred)); set_ptr(cred); } srp_server_credentials::~srp_server_credentials() { gnutls_srp_free_server_credentials(cred); } srp_client_credentials::srp_client_credentials() : credentials(GNUTLS_CRD_SRP) { RETWRAP(gnutls_srp_allocate_client_credentials(&cred)); set_ptr(cred); } srp_client_credentials::~srp_client_credentials() { gnutls_srp_free_client_credentials(cred); } void srp_client_credentials::set_credentials(const char *username, const char *password) { RETWRAP(gnutls_srp_set_client_credentials(cred, username, password)); } void srp_server_credentials::set_credentials_file( const char *password_file, const char *password_conf_file) { RETWRAP(gnutls_srp_set_server_credentials_file(cred, password_file, password_conf_file)); } void srp_server_credentials::set_credentials_function( gnutls_srp_server_credentials_function *func) { gnutls_srp_set_server_credentials_function(cred, func); } void srp_client_credentials::set_credentials_function( gnutls_srp_client_credentials_function *func) { gnutls_srp_set_client_credentials_function(cred, func); } // PSK psk_server_credentials::psk_server_credentials() : credentials(GNUTLS_CRD_PSK) { RETWRAP(gnutls_psk_allocate_server_credentials(&cred)); set_ptr(cred); } psk_server_credentials::~psk_server_credentials() { gnutls_psk_free_server_credentials(cred); } void psk_server_credentials::set_credentials_file(const char *password_file) { RETWRAP(gnutls_psk_set_server_credentials_file(cred, password_file)); } void psk_server_credentials::set_credentials_function( gnutls_psk_server_credentials_function *func) { gnutls_psk_set_server_credentials_function(cred, func); } void psk_server_credentials::set_dh_params(const dh_params ¶ms) { gnutls_psk_set_server_dh_params(cred, params.get_params_t()); } void psk_server_credentials::set_params_function(gnutls_params_function *func) { gnutls_psk_set_server_params_function(cred, func); } psk_client_credentials::psk_client_credentials() : credentials(GNUTLS_CRD_PSK) { RETWRAP(gnutls_psk_allocate_client_credentials(&cred)); set_ptr(cred); } psk_client_credentials::~psk_client_credentials() { gnutls_psk_free_client_credentials(cred); } void psk_client_credentials::set_credentials(const char *username, const gnutls_datum_t &key, gnutls_psk_key_flags flags) { RETWRAP(gnutls_psk_set_client_credentials(cred, username, &key, flags)); } void psk_client_credentials::set_credentials_function( gnutls_psk_client_credentials_function *func) { gnutls_psk_set_client_credentials_function(cred, func); } credentials::credentials(gnutls_credentials_type_t t) : type(t) , cred(NULL) { } gnutls_credentials_type_t credentials::get_type() const { return type; } void *credentials::ptr() const { return cred; } void credentials::set_ptr(void *ptr) { cred = ptr; } exception::exception(int x) { retcode = x; } int exception::get_code() { return retcode; } const char *exception::what() const throw() { return gnutls_strerror(retcode); } dh_params::dh_params() { RETWRAP(gnutls_dh_params_init(¶ms)); } dh_params::~dh_params() { gnutls_dh_params_deinit(params); } void dh_params::import_raw(const gnutls_datum_t &prime, const gnutls_datum_t &generator) { RETWRAP(gnutls_dh_params_import_raw(params, &prime, &generator)); } void dh_params::import_pkcs3(const gnutls_datum_t &pkcs3_params, gnutls_x509_crt_fmt_t format) { RETWRAP(gnutls_dh_params_import_pkcs3(params, &pkcs3_params, format)); } void dh_params::generate(unsigned int bits) { RETWRAP(gnutls_dh_params_generate2(params, bits)); } void dh_params::export_pkcs3(gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t *params_data_size) { RETWRAP(gnutls_dh_params_export_pkcs3(params, format, params_data, params_data_size)); } void dh_params::export_raw(gnutls_datum_t &prime, gnutls_datum_t &generator) { RETWRAP(gnutls_dh_params_export_raw(params, &prime, &generator, NULL)); } gnutls_dh_params_t dh_params::get_params_t() const { return params; } dh_params &dh_params::operator=(const dh_params &src) { dh_params *dst = new dh_params; int ret; ret = gnutls_dh_params_cpy(dst->params, src.params); if (ret < 0) { delete dst; throw(exception(ret)); } std::swap(this->params, dst->params); delete dst; return *this; } #endif /* GNUTLS_GNUTLSXX_NO_HEADERONLY */ } /* namespace gnutls */ #endif /* GNUTLS_GNUTLSXX_H */