summaryrefslogtreecommitdiffstats
path: root/contrib/ldapc++/src/TlsOptions.h
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ldapc++/src/TlsOptions.h')
-rw-r--r--contrib/ldapc++/src/TlsOptions.h162
1 files changed, 162 insertions, 0 deletions
diff --git a/contrib/ldapc++/src/TlsOptions.h b/contrib/ldapc++/src/TlsOptions.h
new file mode 100644
index 0000000..41d6ee3
--- /dev/null
+++ b/contrib/ldapc++/src/TlsOptions.h
@@ -0,0 +1,162 @@
+// $OpenLDAP$
+/*
+ * Copyright 2010-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+#ifndef TLS_OPTIONS_H
+#define TLS_OPTIONS_H
+#include <string>
+#include <ldap.h>
+
+/**
+ * Class to access the global (and connection specific) TLS Settings
+ * To access the global TLS Settings just instantiate a TlsOption object
+ * using the default constructor.
+ *
+ * To access connection specific settings instantiate a TlsOption object
+ * through the getTlsOptions() method from the corresponding
+ * LDAPConnection/LDAPAsynConnection object.
+ *
+ */
+class TlsOptions {
+ public:
+
+ /**
+ * Available TLS Options
+ */
+ enum tls_option {
+ CACERTFILE=0,
+ CACERTDIR,
+ CERTFILE,
+ KEYFILE,
+ REQUIRE_CERT,
+ PROTOCOL_MIN,
+ CIPHER_SUITE,
+ RANDOM_FILE,
+ CRLCHECK,
+ DHFILE,
+ /// @cond
+ LASTOPT /* dummy */
+ /// @endcond
+ };
+
+ /**
+ * Possible Values for the REQUIRE_CERT option
+ */
+ enum verifyMode {
+ NEVER=0,
+ HARD,
+ DEMAND,
+ ALLOW,
+ TRY
+ };
+
+ /**
+ * Possible Values for the CRLCHECK option
+ */
+ enum crlMode {
+ CRL_NONE=0,
+ CRL_PEER,
+ CRL_ALL
+ };
+
+
+ /**
+ * Default constructor. Gives access to the global TlsSettings
+ */
+ TlsOptions();
+
+ /**
+ * Set string valued options.
+ * @param opt The following string valued options are available:
+ * - TlsOptions::CACERTFILE
+ * - TlsOptions::CACERTDIR
+ * - TlsOptions::CERTFILE
+ * - TlsOptions::KEYFILE
+ * - TlsOptions::CIPHER_SUITE
+ * - TlsOptions::RANDOM_FILE
+ * - TlsOptions::DHFILE
+ * @param value The value to apply to that option,
+ * - TlsOptions::CACERTFILE:
+ * The path to the file containing all recognized Certificate
+ * Authorities
+ * - TlsOptions::CACERTDIR:
+ * The path to a directory containing individual files of all
+ * recognized Certificate Authority certificates
+ * - TlsOptions::CERTFILE:
+ * The path to the client certificate
+ * - TlsOptions::KEYFILE:
+ * The path to the file containing the private key matching the
+ * Certificate that as configured with TlsOptions::CERTFILE
+ * - TlsOptions::CIPHER_SUITE
+ * Specifies the cipher suite and preference order
+ * - TlsOptions::RANDOM_FILE
+ * Specifies the file to obtain random bits from when
+ * /dev/[u]random is not available.
+ * - TlsOptions::DHFILE
+ * File containing DH parameters
+ */
+ void setOption(tls_option opt, const std::string& value) const;
+
+ /**
+ * Set integer valued options.
+ * @param opt The following string valued options are available:
+ * - TlsOptions::REQUIRE_CERT
+ * - TlsOptions::PROTOCOL_MIN
+ * - TlsOptions::CRLCHECK
+ * @param value The value to apply to that option,
+ * - TlsOptions::REQUIRE_CERT:
+ * Possible Values (For details see the ldap.conf(5) man-page):
+ * - TlsOptions::NEVER
+ * - TlsOptions::DEMAND
+ * - TlsOptions::ALLOW
+ * - TlsOptions::TRY
+ * - TlsOptions::PROTOCOL_MIN
+ * - TlsOptions::CRLCHECK
+ * Possible Values:
+ * - TlsOptions::CRL_NONE
+ * - TlsOptions::CRL_PEER
+ * - TlsOptions::CRL_ALL
+ */
+ void setOption(tls_option opt, int value) const;
+
+ /**
+ * Generic setOption variant. Generally you should prefer to use one
+ * of the other variants
+ */
+ void setOption(tls_option opt, void *value) const;
+
+ /**
+ * Read integer valued options
+ * @return Option value
+ * @throws LDAPException in case of error (invalid on non-integer
+ * valued option is requested)
+ */
+ int getIntOption(tls_option opt) const;
+
+ /**
+ * Read string valued options
+ * @return Option value
+ * @throws LDAPException in case of error (invalid on non-string
+ * valued option is requested)
+ */
+ std::string getStringOption(tls_option opt) const;
+
+ /**
+ * Read options value. Usually you should prefer to use either
+ * getIntOption() or getStringOption()
+ * @param value points to a buffer containing the option value
+ * @throws LDAPException in case of error (invalid on non-string
+ * valued option is requested)
+ */
+ void getOption(tls_option opt, void *value ) const;
+
+ private:
+ TlsOptions( LDAP* ld );
+ void newCtx() const;
+ LDAP *m_ld;
+
+ friend class LDAPAsynConnection;
+};
+
+#endif /* TLS_OPTIONS_H */