1 /*	$NetBSD: TlsOptions.h,v 1.1.1.1 2010/12/12 15:18:50 adam Exp $	*/
2 
3 // OpenLDAP: pkg/ldap/contrib/ldapc++/src/TlsOptions.h,v 1.6.2.2 2010/04/14 23:50:44 quanah Exp
4 /*
5  * Copyright 2010, OpenLDAP Foundation, All Rights Reserved.
6  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7  */
8 #ifndef TLS_OPTIONS_H
9 #define TLS_OPTIONS_H
10 #include <string>
11 #include <ldap.h>
12 
13 /**
14  * Class to access the global (and connection specific) TLS Settings
15  * To access the global TLS Settings just instantiate a TlsOption object
16  * using the default constructor.
17  *
18  * To access connection specific settings instantiate a TlsOption object
19  * through the getTlsOptions() method from the corresponding
20  * LDAPConnection/LDAPAsynConnection object.
21  *
22  */
23 class TlsOptions {
24     public:
25 
26         /**
27          * Available TLS Options
28          */
29         enum tls_option {
30             CACERTFILE=0,
31             CACERTDIR,
32             CERTFILE,
33             KEYFILE,
34             REQUIRE_CERT,
35             PROTOCOL_MIN,
36             CIPHER_SUITE,
37             RANDOM_FILE,
38             CRLCHECK,
39             DHFILE,
40             /// @cond
41             LASTOPT /* dummy */
42             /// @endcond
43         };
44 
45         /**
46          * Possible Values for the REQUIRE_CERT option
47          */
48         enum verifyMode {
49             NEVER=0,
50             HARD,
51             DEMAND,
52             ALLOW,
53             TRY
54         };
55 
56         /**
57          * Possible Values for the CRLCHECK option
58          */
59         enum crlMode {
60             CRL_NONE=0,
61             CRL_PEER,
62             CRL_ALL
63         };
64 
65 
66         /**
67          * Default constructor. Gives access to the global TlsSettings
68          */
69         TlsOptions();
70 
71         /**
72          * Set string valued options.
73          * @param opt The following string valued options are available:
74          *      - TlsOptions::CACERTFILE
75          *      - TlsOptions::CACERTDIR
76          *      - TlsOptions::CERTFILE
77          *      - TlsOptions::KEYFILE
78          *      - TlsOptions::CIPHER_SUITE
79          *      - TlsOptions::RANDOM_FILE
80          *      - TlsOptions::DHFILE
81          *  @param value The value to apply to that option,
82          *      - TlsOptions::CACERTFILE:
83          *          The path to the file containing all recognized Certificate
84          *          Authorities
85          *      - TlsOptions::CACERTDIR:
86          *          The path to a directory containing individual files of all
87          *          recognized Certificate Authority certificates
88          *      - TlsOptions::CERTFILE:
89          *          The path to the client certificate
90          *      - TlsOptions::KEYFILE:
91          *          The path to the file containing the private key matching the
92          *          Certificate that as configured with TlsOptions::CERTFILE
93          *      - TlsOptions::CIPHER_SUITE
94          *          Specifies the cipher suite and preference order
95          *      - TlsOptions::RANDOM_FILE
96          *          Specifies the file to obtain random bits from when
97          *          /dev/[u]random is not available.
98          *      - TlsOptions::DHFILE
99          *          File containing DH parameters
100          */
101         void setOption(tls_option opt, const std::string& value) const;
102 
103         /**
104          * Set integer valued options.
105          * @param opt The following string valued options are available:
106          *      - TlsOptions::REQUIRE_CERT
107          *      - TlsOptions::PROTOCOL_MIN
108          *      - TlsOptions::CRLCHECK
109          * @param value The value to apply to that option,
110          *      - TlsOptions::REQUIRE_CERT:
111          *          Possible Values (For details see the ldap.conf(5) man-page):
112          *              - TlsOptions::NEVER
113          *              - TlsOptions::DEMAND
114          *              - TlsOptions::ALLOW
115          *              - TlsOptions::TRY
116          *      - TlsOptions::PROTOCOL_MIN
117          *      - TlsOptions::CRLCHECK
118          *          Possible Values:
119          *              - TlsOptions::CRL_NONE
120          *              - TlsOptions::CRL_PEER
121          *              - TlsOptions::CRL_ALL
122          */
123         void setOption(tls_option opt, int value) const;
124 
125         /**
126          * Generic setOption variant. Generally you should prefer to use one
127          * of the other variants
128          */
129         void setOption(tls_option opt, void *value) const;
130 
131         /**
132          * Read integer valued options
133          * @return Option value
134          * @throws LDAPException in case of error (invalid on non-integer
135          *      valued option is requested)
136          */
137         int getIntOption(tls_option opt) const;
138 
139         /**
140          * Read string valued options
141          * @return Option value
142          * @throws LDAPException in case of error (invalid on non-string
143          *      valued option is requested)
144          */
145         std::string getStringOption(tls_option opt) const;
146 
147         /**
148          * Read options value. Usually you should prefer to use either
149          * getIntOption() or getStringOption()
150          * @param value points to a buffer containing the option value
151          * @throws LDAPException in case of error (invalid on non-string
152          *      valued option is requested)
153          */
154         void getOption(tls_option opt, void *value ) const;
155 
156     private:
157         TlsOptions( LDAP* ld );
158         void newCtx() const;
159         LDAP *m_ld;
160 
161     friend class LDAPAsynConnection;
162 };
163 
164 #endif /* TLS_OPTIONS_H */
165