mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-04-06 15:00:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

New class "TlsOptions" to handle TLS/SSL related settings

Browse Source
This commit is contained in:
Ralf Haferkamp 2010-02-15 17:17:42 +00:00
parent 78c09eadfd
commit ad93b706a9
2 changed files with 160 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
contrib/ldapc++/src/TlsOptions.cpp Normal file
View File

@ -0,0 +1,106 @@
// $OpenLDAP$
/*
* Copyright 2010, OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "TlsOptions.h"
#include "LDAPException.h"
enum opttype {
INT=0,
STRING,
OTHER
};
typedef struct tls_optmap {
int optval;
opttype type;
} tls_optmap_t;
static tls_optmap_t optmap[] = {
{ LDAP_OPT_X_TLS_CACERTFILE, STRING },
{ LDAP_OPT_X_TLS_CACERTDIR, STRING },
{ LDAP_OPT_X_TLS_CERTFILE, STRING },
{ LDAP_OPT_X_TLS_KEYFILE, STRING },
{ LDAP_OPT_X_TLS_REQUIRE_CERT, INT },
{ LDAP_OPT_X_TLS_PROTOCOL_MIN, INT },
{ LDAP_OPT_X_TLS_CIPHER_SUITE, STRING },
{ LDAP_OPT_X_TLS_RANDOM_FILE, STRING },
{ LDAP_OPT_X_TLS_CRLCHECK, INT },
{ LDAP_OPT_X_TLS_DHFILE, STRING },
{ LDAP_OPT_X_TLS_NEWCTX, INT }
};
#if 0 /* not implemented currently */
static const int TLS_CRLFILE /* GNUtls only */
static const int TLS_SSL_CTX /* OpenSSL SSL* */
static const int TLS_CONNECT_CB
static const int TLS_CONNECT_ARG
#endif
void checkOpt( TlsOptions::tls_option opt, opttype type ){
if ( opt >= sizeof(optmap) ){
throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) );
}
if ( optmap[opt].type != type ){
throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) );
}
}
TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { }
void TlsOptions::setOption( tls_option opt, const std::string& value ) {
checkOpt(opt, STRING);
this->setOption( opt, (void*) value.c_str());
}
void TlsOptions::setOption( tls_option opt, int value ) {
checkOpt(opt, INT);
this->setOption( opt, (void*) &value);
}
void TlsOptions::setOption( tls_option opt, void *value ) {
int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
if ( ret != LDAP_OPT_SUCCESS )
{
if ( ret != LDAP_OPT_ERROR ){
throw( LDAPException( ret ));
} else {
throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
}
}
}
void TlsOptions::getOption( tls_option opt, void* value ){
int ret = ldap_get_option( m_ld, optmap[opt].optval, value);
if ( ret != LDAP_OPT_SUCCESS )
{
if ( ret != LDAP_OPT_ERROR ){
throw( LDAPException( ret ));
} else {
throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) );
}
}
}
int TlsOptions::getIntOption( tls_option opt ) const {
int value;
checkOpt(opt, INT);
ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
return value;
}
std::string TlsOptions::getStringOption( tls_option opt ) const {
char *value;
checkOpt(opt, STRING);
ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
std::string strval;
if (value)
{
strval=std::string(value);
ldap_memfree(value);
}
return strval;
}

54
contrib/ldapc++/src/TlsOptions.h Normal file
View File

@ -0,0 +1,54 @@
// $OpenLDAP$
/*
* Copyright 2010, OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#ifndef TLS_OPTIONS_H
#define TLS_OPTIONS_H
#include <string>
#include <ldap.h>
class TlsOptions {
public:
enum tls_option {
CACERTFILE=0,
CACERTDIR,
CERTFILE,
KEYFILE,
REQUIRE_CERT,
PROTOCOL_MIN,
CIPHER_SUITE,
RANDOM_FILE,
CRLCHECK,
DHFILE,
NEWCTX
};
TlsOptions( LDAP* ld=NULL );
void setOption(tls_option opt, const std::string& value);
void setOption(tls_option opt, int value);
void setOption(tls_option opt, void *value);
int getIntOption(tls_option opt) const;
std::string getStringOption(tls_option opt) const;
void getOption(tls_option opt, void *value );
enum verifyMode {
NEVER=0,
HARD,
DEMAND,
ALLOW,
TRY
};
enum crlMode {
CRL_NONE=0,
CRL_PEER,
CRL_ALL
};
private:
LDAP *m_ld;
};
#endif /* TLS_OPTIONS_H */