include/gnutls/gnutlsxx.h

0001 /*
0002  * Copyright (C) 2006-2012 Free Software Foundation, Inc.
0003  *
0004  * Author: Nikos Mavrogiannopoulos
0005  *
0006  * This file is part of GnuTLS.
0007  *
0008  * The GnuTLS is free software; you can redistribute it and/or
0009  * modify it under the terms of the GNU Lesser General Public License
0010  * as published by the Free Software Foundation; either version 2.1 of
0011  * the License, or (at your option) any later version.
0012  *
0013  * This library is distributed in the hope that it will be useful, but
0014  * WITHOUT ANY WARRANTY; without even the implied warranty of
0015  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
0016  * Lesser General Public License for more details.
0017  *
0018  * You should have received a copy of the GNU Lesser General Public License
0019  * along with this program.  If not, see <https://www.gnu.org/licenses/>
0020  *
0021  */
0022
0023 #ifndef GNUTLS_GNUTLSXX_H
0024 #define GNUTLS_GNUTLSXX_H
0025
0026 #include <exception>
0027 #include <vector>
0028 #include <gnutls/gnutls.h>
0029
0030 namespace gnutls
0031 {
0032
0033 class noncopyable {
0034     protected:
0035     noncopyable()
0036     {
0037     }
0038     ~noncopyable()
0039     {
0040     }
0041
0042     private:
0043     /* These are non-implemented.
0044          */
0045     noncopyable(const noncopyable &);
0046     noncopyable &operator=(const noncopyable &);
0047 };
0048
0049 class exception : public std::exception {
0050     public:
0051     explicit exception(int x);
0052     const char *what() const throw();
0053     int get_code();
0054
0055     protected:
0056     int retcode;
0057 };
0058
0059 class dh_params : private noncopyable {
0060     public:
0061     dh_params();
0062     ~dh_params();
0063     void import_raw(const gnutls_datum_t &prime,
0064             const gnutls_datum_t &generator);
0065     void import_pkcs3(const gnutls_datum_t &pkcs3_params,
0066               gnutls_x509_crt_fmt_t format);
0067     void generate(unsigned int bits);
0068
0069     void export_pkcs3(gnutls_x509_crt_fmt_t format,
0070               unsigned char *params_data, size_t *params_data_size);
0071     void export_raw(gnutls_datum_t &prime, gnutls_datum_t &generator);
0072
0073     gnutls_dh_params_t get_params_t() const;
0074     dh_params &operator=(const dh_params &src);
0075
0076     protected:
0077     gnutls_dh_params_t params;
0078 };
0079
0080 class rsa_params : private noncopyable {
0081     public:
0082     rsa_params();
0083     ~rsa_params();
0084     void import_raw(const gnutls_datum_t &m, const gnutls_datum_t &e,
0085             const gnutls_datum_t &d, const gnutls_datum_t &p,
0086             const gnutls_datum_t &q, const gnutls_datum_t &u);
0087     void import_pkcs1(const gnutls_datum_t &pkcs1_params,
0088               gnutls_x509_crt_fmt_t format);
0089     void generate(unsigned int bits);
0090
0091     void export_pkcs1(gnutls_x509_crt_fmt_t format,
0092               unsigned char *params_data, size_t *params_data_size);
0093     void export_raw(gnutls_datum_t &m, gnutls_datum_t &e, gnutls_datum_t &d,
0094             gnutls_datum_t &p, gnutls_datum_t &q,
0095             gnutls_datum_t &u);
0096     gnutls_rsa_params_t get_params_t() const;
0097     rsa_params &operator=(const rsa_params &src);
0098
0099     protected:
0100     gnutls_rsa_params_t params;
0101 };
0102
0103 class session : private noncopyable {
0104     protected:
0105     gnutls_session_t s;
0106
0107     public:
0108     explicit session(unsigned int);
0109     virtual ~session();
0110
0111     gnutls_session_t ptr();
0112     int bye(gnutls_close_request_t how);
0113     int handshake();
0114
0115     gnutls_alert_description_t get_alert() const;
0116
0117     int send_alert(gnutls_alert_level_t level,
0118                gnutls_alert_description_t desc);
0119     int send_appropriate_alert(int err);
0120
0121     gnutls_cipher_algorithm_t get_cipher() const;
0122     gnutls_kx_algorithm_t get_kx() const;
0123     gnutls_mac_algorithm_t get_mac() const;
0124     gnutls_compression_method_t get_compression() const;
0125     gnutls_certificate_type_t get_certificate_type() const;
0126
0127     /* for the handshake
0128          */
0129     void set_private_extensions(bool allow);
0130
0131     gnutls_handshake_description_t get_handshake_last_out() const;
0132     gnutls_handshake_description_t get_handshake_last_in() const;
0133
0134     ssize_t send(const void *data, size_t sizeofdata);
0135     ssize_t recv(void *data, size_t sizeofdata);
0136
0137     bool get_record_direction() const;
0138
0139     /* maximum packet size
0140          */
0141     size_t get_max_size() const;
0142     void set_max_size(size_t size);
0143
0144     size_t check_pending() const;
0145
0146     void prf(size_t label_size, const char *label, int server_random_first,
0147          size_t extra_size, const char *extra, size_t outsize,
0148          char *out);
0149
0150     void prf_raw(size_t label_size, const char *label, size_t seed_size,
0151              const char *seed, size_t outsize, char *out);
0152
0153     /* if you just want some defaults, use the following.
0154          */
0155     void set_priority(const char *prio, const char **err_pos);
0156     void set_priority(gnutls_priority_t p);
0157
0158     gnutls_protocol_t get_protocol_version() const;
0159
0160     /* for resuming sessions
0161          */
0162     void set_data(const void *session_data, size_t session_data_size);
0163     void get_data(void *session_data, size_t *session_data_size) const;
0164     void get_data(gnutls_session_t session, gnutls_datum_t &data) const;
0165     void get_id(void *session_id, size_t *session_id_size) const;
0166
0167     bool is_resumed() const;
0168
0169     void set_max_handshake_packet_length(size_t max);
0170
0171     void clear_credentials();
0172     void set_credentials(const class credentials &cred);
0173
0174     void set_transport_ptr(gnutls_transport_ptr_t ptr);
0175     void set_transport_ptr(gnutls_transport_ptr_t recv_ptr,
0176                    gnutls_transport_ptr_t send_ptr);
0177     gnutls_transport_ptr_t get_transport_ptr() const;
0178     void get_transport_ptr(gnutls_transport_ptr_t &recv_ptr,
0179                    gnutls_transport_ptr_t &send_ptr) const;
0180
0181     void set_transport_lowat(size_t num);
0182     void set_transport_push_function(gnutls_push_func push_func);
0183     void
0184     set_transport_vec_push_function(gnutls_vec_push_func vec_push_func);
0185     void set_transport_pull_function(gnutls_pull_func pull_func);
0186     void set_transport_pull_timeout_function(
0187         gnutls_pull_timeout_func pull_timeout_func);
0188
0189     void set_user_ptr(void *ptr);
0190     void *get_user_ptr() const;
0191
0192     void send_openpgp_cert(gnutls_openpgp_crt_status_t status);
0193
0194     gnutls_credentials_type_t get_auth_type() const;
0195     gnutls_credentials_type_t get_server_auth_type() const;
0196     gnutls_credentials_type_t get_client_auth_type() const;
0197
0198     /* informational stuff
0199          */
0200     void set_dh_prime_bits(unsigned int bits);
0201     unsigned int get_dh_secret_bits() const;
0202     unsigned int get_dh_peers_public_bits() const;
0203     unsigned int get_dh_prime_bits() const;
0204     void get_dh_group(gnutls_datum_t &gen, gnutls_datum_t &prime) const;
0205     void get_dh_pubkey(gnutls_datum_t &raw_key) const;
0206     void get_rsa_export_pubkey(gnutls_datum_t &exponent,
0207                    gnutls_datum_t &modulus) const;
0208     unsigned int get_rsa_export_modulus_bits() const;
0209
0210     void get_our_certificate(gnutls_datum_t &cert) const;
0211     bool
0212     get_peers_certificate(std::vector<gnutls_datum_t> &out_certs) const;
0213     bool get_peers_certificate(const gnutls_datum_t **certs,
0214                    unsigned int *certs_size) const;
0215
0216     time_t get_peers_certificate_activation_time() const;
0217     time_t get_peers_certificate_expiration_time() const;
0218     void verify_peers_certificate(unsigned int &status) const;
0219 };
0220
0221 /* interface for databases
0222  */
0223 class DB : private noncopyable {
0224     public:
0225     virtual ~DB() = 0;
0226     virtual bool store(const gnutls_datum_t &key,
0227                const gnutls_datum_t &data) = 0;
0228     virtual bool retrieve(const gnutls_datum_t &key,
0229                   gnutls_datum_t &data) = 0;
0230     virtual bool remove(const gnutls_datum_t &key) = 0;
0231 };
0232
0233 class server_session : public session {
0234     public:
0235     server_session();
0236     explicit server_session(int flags);
0237     ~server_session();
0238     void db_remove() const;
0239
0240     void set_db_cache_expiration(unsigned int seconds);
0241     void set_db(const DB &db);
0242
0243     /* returns true if session is expired
0244          */
0245     bool db_check_entry(const gnutls_datum_t &session_data) const;
0246
0247     /* server side only
0248          */
0249     const char *get_srp_username() const;
0250     const char *get_psk_username() const;
0251
0252     void get_server_name(void *data, size_t *data_length,
0253                  unsigned int *type, unsigned int indx) const;
0254
0255     int rehandshake();
0256     void set_certificate_request(gnutls_certificate_request_t);
0257 };
0258
0259 class client_session : public session {
0260     public:
0261     client_session();
0262     explicit client_session(int flags);
0263     ~client_session();
0264
0265     void set_verify_cert(const char *hostname, unsigned flags);
0266     void set_server_name(gnutls_server_name_type_t type, const void *name,
0267                  size_t name_length);
0268
0269     bool get_request_status();
0270 };
0271
0272 class credentials : private noncopyable {
0273     public:
0274     virtual ~credentials()
0275     {
0276     }
0277     gnutls_credentials_type_t get_type() const;
0278
0279     protected:
0280     friend class session;
0281     explicit credentials(gnutls_credentials_type_t t);
0282     void *ptr() const;
0283     void set_ptr(void *ptr);
0284     gnutls_credentials_type_t type;
0285
0286     private:
0287     void *cred;
0288 };
0289
0290 class certificate_credentials : public credentials {
0291     public:
0292     ~certificate_credentials();
0293     certificate_credentials();
0294
0295     void free_keys();
0296     void free_cas();
0297     void free_ca_names();
0298     void free_crls();
0299
0300     void set_dh_params(const dh_params &params);
0301     void set_rsa_export_params(const rsa_params &params);
0302     void set_verify_flags(unsigned int flags);
0303     void set_verify_limits(unsigned int max_bits, unsigned int max_depth);
0304
0305     void set_x509_trust_file(const char *cafile,
0306                  gnutls_x509_crt_fmt_t type);
0307     void set_x509_trust(const gnutls_datum_t &CA,
0308                 gnutls_x509_crt_fmt_t type);
0309
0310     void set_x509_trust(gnutls_x509_crt_t *ca_list, int ca_list_size);
0311
0312     void set_x509_crl_file(const char *crlfile, gnutls_x509_crt_fmt_t type);
0313     void set_x509_crl(const gnutls_datum_t &CRL,
0314               gnutls_x509_crt_fmt_t type);
0315     void set_x509_crl(gnutls_x509_crl_t *crl_list, int crl_list_size);
0316
0317     void set_x509_key_file(const char *certfile, const char *KEYFILE,
0318                    gnutls_x509_crt_fmt_t type);
0319     void set_x509_key(const gnutls_datum_t &CERT, const gnutls_datum_t &KEY,
0320               gnutls_x509_crt_fmt_t type);
0321
0322     void set_x509_key(gnutls_x509_crt_t *cert_list, int cert_list_size,
0323               gnutls_x509_privkey_t key);
0324
0325     void set_simple_pkcs12_file(const char *pkcs12file,
0326                     gnutls_x509_crt_fmt_t type,
0327                     const char *password);
0328
0329     void set_retrieve_function(gnutls_certificate_retrieve_function *func);
0330
0331     protected:
0332     gnutls_certificate_credentials_t cred;
0333 };
0334
0335 class certificate_server_credentials : public certificate_credentials {
0336     public:
0337     void set_params_function(gnutls_params_function *func);
0338 };
0339
0340 class certificate_client_credentials : public certificate_credentials {
0341     public:
0342 };
0343
0344 class anon_server_credentials : public credentials {
0345     public:
0346     anon_server_credentials();
0347     ~anon_server_credentials();
0348     void set_dh_params(const dh_params &params);
0349     void set_params_function(gnutls_params_function *func);
0350
0351     protected:
0352     gnutls_anon_server_credentials_t cred;
0353 };
0354
0355 class anon_client_credentials : public credentials {
0356     public:
0357     anon_client_credentials();
0358     ~anon_client_credentials();
0359
0360     protected:
0361     gnutls_anon_client_credentials_t cred;
0362 };
0363
0364 class srp_server_credentials : public credentials {
0365     public:
0366     srp_server_credentials();
0367     ~srp_server_credentials();
0368     void set_credentials_file(const char *password_file,
0369                   const char *password_conf_file);
0370     void
0371     set_credentials_function(gnutls_srp_server_credentials_function *func);
0372
0373     protected:
0374     gnutls_srp_server_credentials_t cred;
0375 };
0376
0377 class srp_client_credentials : public credentials {
0378     public:
0379     srp_client_credentials();
0380     ~srp_client_credentials();
0381     void set_credentials(const char *username, const char *password);
0382     void
0383     set_credentials_function(gnutls_srp_client_credentials_function *func);
0384
0385     protected:
0386     gnutls_srp_client_credentials_t cred;
0387 };
0388
0389 class psk_server_credentials : public credentials {
0390     public:
0391     psk_server_credentials();
0392     ~psk_server_credentials();
0393     void set_credentials_file(const char *password_file);
0394     void
0395     set_credentials_function(gnutls_psk_server_credentials_function *func);
0396     void set_dh_params(const dh_params &params);
0397     void set_params_function(gnutls_params_function *func);
0398
0399     protected:
0400     gnutls_psk_server_credentials_t cred;
0401 };
0402
0403 class psk_client_credentials : public credentials {
0404     public:
0405     psk_client_credentials();
0406     ~psk_client_credentials();
0407     void set_credentials(const char *username, const gnutls_datum_t &key,
0408                  gnutls_psk_key_flags flags);
0409     void
0410     set_credentials_function(gnutls_psk_client_credentials_function *func);
0411
0412     protected:
0413     gnutls_psk_client_credentials_t cred;
0414 };
0415
0416 /* By default, we provide the function definitions, which allows users
0417    of the library to use the C++ header and link against the C
0418    library. However, if GNUTLS_GNUTLSXX_NO_HEADERONLY is defined, then
0419    the definitions are not necessary, as the user is expected to link
0420    to the C++ library. (Which is provided for backwards-compatibility.)
0421
0422    All applications using GnuTLS of version less than 3.8.0 use the
0423    C++ library. Applications using GnuTLS 3.8.0 or above will use by
0424    default the C library with the C++ "header-only" header, but they
0425    still have the option to link to the C++ library instead if they
0426    wish, and if so, they must also define
0427    GNUTLS_GNUTLSXX_NO_HEADERONLY in their compilation step.
0428  */
0429 #ifndef GNUTLS_GNUTLSXX_NO_HEADERONLY
0430
0431 inline static int RETWRAP(int ret)
0432 {
0433     if (ret < 0)
0434         throw(exception(ret));
0435     return ret;
0436 }
0437
0438 session::session(unsigned int flags)
0439 {
0440     RETWRAP(gnutls_init(&s, flags));
0441 }
0442
0443 session::~session()
0444 {
0445     gnutls_deinit(s);
0446 }
0447
0448 gnutls_session_t session::ptr()
0449 {
0450     return s;
0451 }
0452
0453 int session::bye(gnutls_close_request_t how)
0454 {
0455     return RETWRAP(gnutls_bye(s, how));
0456 }
0457
0458 int session::handshake()
0459 {
0460     return RETWRAP(gnutls_handshake(s));
0461 }
0462
0463 server_session::server_session()
0464     : session(GNUTLS_SERVER)
0465 {
0466 }
0467
0468 server_session::server_session(int flags)
0469     : session(GNUTLS_SERVER | (flags & ~GNUTLS_CLIENT))
0470 {
0471 }
0472
0473 server_session::~server_session()
0474 {
0475 }
0476
0477 int server_session::rehandshake()
0478 {
0479     return RETWRAP(gnutls_rehandshake(s));
0480 }
0481
0482 gnutls_alert_description_t session::get_alert() const
0483 {
0484     return gnutls_alert_get(s);
0485 }
0486 int session::send_alert(gnutls_alert_level_t level,
0487             gnutls_alert_description_t desc)
0488 {
0489     return RETWRAP(gnutls_alert_send(s, level, desc));
0490 }
0491
0492 int session::send_appropriate_alert(int err)
0493 {
0494     return RETWRAP(gnutls_alert_send_appropriate(s, err));
0495 }
0496
0497 gnutls_cipher_algorithm_t session::get_cipher() const
0498 {
0499     return gnutls_cipher_get(s);
0500 }
0501 gnutls_kx_algorithm_t session::get_kx() const
0502 {
0503     return gnutls_kx_get(s);
0504 }
0505 gnutls_mac_algorithm_t session::get_mac() const
0506 {
0507     return gnutls_mac_get(s);
0508 }
0509 gnutls_compression_method_t session::get_compression() const
0510 {
0511     return gnutls_compression_get(s);
0512 }
0513 gnutls_certificate_type_t session::get_certificate_type() const
0514 {
0515     return gnutls_certificate_type_get(s);
0516 }
0517 void session::set_private_extensions(bool allow)
0518 {
0519     gnutls_handshake_set_private_extensions(s, (int)allow);
0520 }
0521
0522 gnutls_handshake_description_t session::get_handshake_last_out() const
0523 {
0524     return gnutls_handshake_get_last_out(s);
0525 }
0526 gnutls_handshake_description_t session::get_handshake_last_in() const
0527 {
0528     return gnutls_handshake_get_last_in(s);
0529 }
0530 ssize_t session::send(const void *data, size_t sizeofdata)
0531 {
0532     return RETWRAP(gnutls_record_send(s, data, sizeofdata));
0533 }
0534
0535 ssize_t session::recv(void *data, size_t sizeofdata)
0536 {
0537     return RETWRAP(gnutls_record_recv(s, data, sizeofdata));
0538 }
0539
0540 bool session::get_record_direction() const
0541 {
0542     return gnutls_record_get_direction(s);
0543 }
0544 /* maximum packet size
0545      */
0546 size_t session::get_max_size() const
0547 {
0548     return gnutls_record_get_max_size(s);
0549 }
0550 void session::set_max_size(size_t size)
0551 {
0552     RETWRAP(gnutls_record_set_max_size(s, size));
0553 }
0554
0555 size_t session::check_pending() const
0556 {
0557     return gnutls_record_check_pending(s);
0558 }
0559 void session::prf(size_t label_size, const char *label, int server_random_first,
0560           size_t extra_size, const char *extra, size_t outsize,
0561           char *out)
0562 {
0563     RETWRAP(gnutls_prf(s, label_size, label, server_random_first,
0564                extra_size, extra, outsize, out));
0565 }
0566
0567 void session::prf_raw(size_t label_size, const char *label, size_t seed_size,
0568               const char *seed, size_t outsize, char *out)
0569 {
0570     RETWRAP(gnutls_prf_raw(s, label_size, label, seed_size, seed, outsize,
0571                    out));
0572 }
0573
0574 /* if you just want some defaults, use the following.
0575      */
0576 void session::set_priority(const char *prio, const char **err_pos)
0577 {
0578     RETWRAP(gnutls_priority_set_direct(s, prio, err_pos));
0579 }
0580
0581 void session::set_priority(gnutls_priority_t p)
0582 {
0583     RETWRAP(gnutls_priority_set(s, p));
0584 }
0585
0586 gnutls_protocol_t session::get_protocol_version() const
0587 {
0588     return gnutls_protocol_get_version(s);
0589 }
0590 void session::set_data(const void *session_data, size_t session_data_size)
0591 {
0592     RETWRAP(gnutls_session_set_data(s, session_data, session_data_size));
0593 }
0594
0595 void session::get_data(void *session_data, size_t *session_data_size) const
0596 {
0597     RETWRAP(gnutls_session_get_data(s, session_data, session_data_size));
0598 }
0599 void session::get_data(gnutls_session_t session, gnutls_datum_t &data) const
0600 {
0601     RETWRAP(gnutls_session_get_data2(s, &data));
0602 }
0603 void session::get_id(void *session_id, size_t *session_id_size) const
0604 {
0605     RETWRAP(gnutls_session_get_id(s, session_id, session_id_size));
0606 }
0607 bool session::is_resumed() const
0608 {
0609     int ret = gnutls_session_is_resumed(s);
0610
0611     return (ret != 0);
0612 }
0613 bool session::get_peers_certificate(std::vector<gnutls_datum_t> &out_certs) const
0614 {
0615     const gnutls_datum_t *certs;
0616     unsigned int certs_size;
0617
0618     certs = gnutls_certificate_get_peers(s, &certs_size);
0619
0620     if (certs == NULL)
0621         return false;
0622
0623     for (unsigned int i = 0; i < certs_size; i++)
0624         out_certs.push_back(certs[i]);
0625
0626     return true;
0627 }
0628 bool session::get_peers_certificate(const gnutls_datum_t **certs,
0629                     unsigned int *certs_size) const
0630 {
0631     *certs = gnutls_certificate_get_peers(s, certs_size);
0632
0633     if (*certs == NULL)
0634         return false;
0635     return true;
0636 }
0637 void session::get_our_certificate(gnutls_datum_t &cert) const
0638 {
0639     const gnutls_datum_t *d;
0640
0641     d = gnutls_certificate_get_ours(s);
0642     if (d == NULL)
0643         throw(exception(GNUTLS_E_INVALID_REQUEST));
0644
0645     cert = *d;
0646 }
0647 time_t session::get_peers_certificate_activation_time() const
0648 {
0649     return gnutls_certificate_activation_time_peers(s);
0650 }
0651 time_t session::get_peers_certificate_expiration_time() const
0652 {
0653     return gnutls_certificate_expiration_time_peers(s);
0654 }
0655 void session::verify_peers_certificate(unsigned int &status) const
0656 {
0657     RETWRAP(gnutls_certificate_verify_peers2(s, &status));
0658 }
0659 client_session::client_session()
0660     : session(GNUTLS_CLIENT)
0661 {
0662 }
0663
0664 client_session::client_session(int flags)
0665     : session(GNUTLS_CLIENT | (flags & ~GNUTLS_SERVER))
0666 {
0667 }
0668
0669 client_session::~client_session()
0670 {
0671 }
0672
0673 // client session
0674 void client_session::set_verify_cert(const char *hostname, unsigned flags)
0675 {
0676     gnutls_session_set_verify_cert(s, hostname, flags);
0677 }
0678
0679 void client_session::set_server_name(gnutls_server_name_type_t type,
0680                      const void *name, size_t name_length)
0681 {
0682     RETWRAP(gnutls_server_name_set(s, type, name, name_length));
0683 }
0684
0685 bool client_session::get_request_status()
0686 {
0687     return RETWRAP(gnutls_certificate_client_get_request_status(s));
0688 }
0689
0690 // server_session
0691 void server_session::get_server_name(void *data, size_t *data_length,
0692                      unsigned int *type,
0693                      unsigned int indx) const
0694 {
0695     RETWRAP(gnutls_server_name_get(s, data, data_length, type, indx));
0696 }
0697 // internal DB stuff
0698 static int store_function(void *_db, gnutls_datum_t key, gnutls_datum_t data)
0699 {
0700     try {
0701         DB *db = static_cast<DB *>(_db);
0702
0703         if (db->store(key, data) == false)
0704             return -1;
0705     } catch (...) {
0706         return -1;
0707     }
0708
0709     return 0;
0710 }
0711
0712 const static gnutls_datum_t null_datum = { NULL, 0 };
0713
0714 static gnutls_datum_t retrieve_function(void *_db, gnutls_datum_t key)
0715 {
0716     gnutls_datum_t data;
0717
0718     try {
0719         DB *db = static_cast<DB *>(_db);
0720
0721         if (db->retrieve(key, data) == false)
0722             return null_datum;
0723
0724     } catch (...) {
0725         return null_datum;
0726     }
0727
0728     return data;
0729 }
0730
0731 static int remove_function(void *_db, gnutls_datum_t key)
0732 {
0733     try {
0734         DB *db = static_cast<DB *>(_db);
0735
0736         if (db->remove(key) == false)
0737             return -1;
0738     } catch (...) {
0739         return -1;
0740     }
0741
0742     return 0;
0743 }
0744
0745 void server_session::set_db(const DB &db)
0746 {
0747     gnutls_db_set_ptr(s, const_cast<DB *>(&db));
0748     gnutls_db_set_store_function(s, store_function);
0749     gnutls_db_set_retrieve_function(s, retrieve_function);
0750     gnutls_db_set_remove_function(s, remove_function);
0751 }
0752
0753 void server_session::set_db_cache_expiration(unsigned int seconds)
0754 {
0755     gnutls_db_set_cache_expiration(s, seconds);
0756 }
0757
0758 void server_session::db_remove() const
0759 {
0760     gnutls_db_remove_session(s);
0761 }
0762 bool server_session::db_check_entry(const gnutls_datum_t &session_data) const
0763 {
0764     int ret = gnutls_db_check_entry(s, session_data);
0765
0766     if (ret != 0)
0767         return true;
0768     return false;
0769 }
0770 void session::set_max_handshake_packet_length(size_t max)
0771 {
0772     gnutls_handshake_set_max_packet_length(s, max);
0773 }
0774
0775 void session::clear_credentials()
0776 {
0777     gnutls_credentials_clear(s);
0778 }
0779
0780 void session::set_credentials(const credentials &cred)
0781 {
0782     RETWRAP(gnutls_credentials_set(s, cred.get_type(), cred.ptr()));
0783 }
0784
0785 const char *server_session::get_srp_username() const
0786 {
0787     return gnutls_srp_server_get_username(s);
0788 }
0789 const char *server_session::get_psk_username() const
0790 {
0791     return gnutls_psk_server_get_username(s);
0792 }
0793 void session::set_transport_ptr(gnutls_transport_ptr_t ptr)
0794 {
0795     gnutls_transport_set_ptr(s, ptr);
0796 }
0797
0798 void session::set_transport_ptr(gnutls_transport_ptr_t recv_ptr,
0799                 gnutls_transport_ptr_t send_ptr)
0800 {
0801     gnutls_transport_set_ptr2(s, recv_ptr, send_ptr);
0802 }
0803
0804 gnutls_transport_ptr_t session::get_transport_ptr() const
0805 {
0806     return gnutls_transport_get_ptr(s);
0807 }
0808 void session::get_transport_ptr(gnutls_transport_ptr_t &recv_ptr,
0809                 gnutls_transport_ptr_t &send_ptr) const
0810 {
0811     gnutls_transport_get_ptr2(s, &recv_ptr, &send_ptr);
0812 }
0813 void session::set_transport_lowat(size_t num)
0814 {
0815     throw(exception(GNUTLS_E_UNIMPLEMENTED_FEATURE));
0816 }
0817
0818 void session::set_transport_push_function(gnutls_push_func push_func)
0819 {
0820     gnutls_transport_set_push_function(s, push_func);
0821 }
0822
0823 void session::set_transport_vec_push_function(gnutls_vec_push_func vec_push_func)
0824 {
0825     gnutls_transport_set_vec_push_function(s, vec_push_func);
0826 }
0827
0828 void session::set_transport_pull_function(gnutls_pull_func pull_func)
0829 {
0830     gnutls_transport_set_pull_function(s, pull_func);
0831 }
0832
0833 void session::set_transport_pull_timeout_function(
0834     gnutls_pull_timeout_func pull_timeout_func)
0835 {
0836     gnutls_transport_set_pull_timeout_function(s, pull_timeout_func);
0837 }
0838
0839 void session::set_user_ptr(void *ptr)
0840 {
0841     gnutls_session_set_ptr(s, ptr);
0842 }
0843
0844 void *session::get_user_ptr() const
0845 {
0846     return gnutls_session_get_ptr(s);
0847 }
0848 void session::send_openpgp_cert(gnutls_openpgp_crt_status_t status)
0849 {
0850     gnutls_openpgp_send_cert(s, status);
0851 }
0852
0853 void session::set_dh_prime_bits(unsigned int bits)
0854 {
0855     gnutls_dh_set_prime_bits(s, bits);
0856 }
0857
0858 unsigned int session::get_dh_secret_bits() const
0859 {
0860     return RETWRAP(gnutls_dh_get_secret_bits(s));
0861 }
0862 unsigned int session::get_dh_peers_public_bits() const
0863 {
0864     return RETWRAP(gnutls_dh_get_peers_public_bits(s));
0865 }
0866 unsigned int session::get_dh_prime_bits() const
0867 {
0868     return RETWRAP(gnutls_dh_get_prime_bits(s));
0869 }
0870 void session::get_dh_group(gnutls_datum_t &gen, gnutls_datum_t &prime) const
0871 {
0872     RETWRAP(gnutls_dh_get_group(s, &gen, &prime));
0873 }
0874 void session::get_dh_pubkey(gnutls_datum_t &raw_key) const
0875 {
0876     RETWRAP(gnutls_dh_get_pubkey(s, &raw_key));
0877 }
0878 void server_session::set_certificate_request(gnutls_certificate_request_t req)
0879 {
0880     gnutls_certificate_server_set_request(s, req);
0881 }
0882
0883 gnutls_credentials_type_t session::get_auth_type() const
0884 {
0885     return gnutls_auth_get_type(s);
0886 }
0887 gnutls_credentials_type_t session::get_server_auth_type() const
0888 {
0889     return gnutls_auth_server_get_type(s);
0890 }
0891 gnutls_credentials_type_t session::get_client_auth_type() const
0892 {
0893     return gnutls_auth_client_get_type(s);
0894 }
0895 certificate_credentials::~certificate_credentials()
0896 {
0897     gnutls_certificate_free_credentials(cred);
0898 }
0899
0900 certificate_credentials::certificate_credentials()
0901     : credentials(GNUTLS_CRD_CERTIFICATE)
0902 {
0903     RETWRAP(gnutls_certificate_allocate_credentials(&cred));
0904     set_ptr(cred);
0905 }
0906
0907 void certificate_server_credentials::set_params_function(
0908     gnutls_params_function *func)
0909 {
0910     gnutls_certificate_set_params_function(cred, func);
0911 }
0912
0913 anon_server_credentials::anon_server_credentials()
0914     : credentials(GNUTLS_CRD_ANON)
0915 {
0916     RETWRAP(gnutls_anon_allocate_server_credentials(&cred));
0917     set_ptr(cred);
0918 }
0919
0920 anon_server_credentials::~anon_server_credentials()
0921 {
0922     gnutls_anon_free_server_credentials(cred);
0923 }
0924
0925 void anon_server_credentials::set_dh_params(const dh_params &params)
0926 {
0927     gnutls_anon_set_server_dh_params(cred, params.get_params_t());
0928 }
0929
0930 void anon_server_credentials::set_params_function(gnutls_params_function *func)
0931 {
0932     gnutls_anon_set_server_params_function(cred, func);
0933 }
0934
0935 anon_client_credentials::anon_client_credentials()
0936     : credentials(GNUTLS_CRD_ANON)
0937 {
0938     RETWRAP(gnutls_anon_allocate_client_credentials(&cred));
0939     set_ptr(cred);
0940 }
0941
0942 anon_client_credentials::~anon_client_credentials()
0943 {
0944     gnutls_anon_free_client_credentials(cred);
0945 }
0946
0947 void certificate_credentials::free_keys()
0948 {
0949     gnutls_certificate_free_keys(cred);
0950 }
0951
0952 void certificate_credentials::free_cas()
0953 {
0954     gnutls_certificate_free_cas(cred);
0955 }
0956
0957 void certificate_credentials::free_ca_names()
0958 {
0959     gnutls_certificate_free_ca_names(cred);
0960 }
0961
0962 void certificate_credentials::free_crls()
0963 {
0964     gnutls_certificate_free_crls(cred);
0965 }
0966
0967 void certificate_credentials::set_dh_params(const dh_params &params)
0968 {
0969     gnutls_certificate_set_dh_params(cred, params.get_params_t());
0970 }
0971
0972 void certificate_credentials::set_verify_flags(unsigned int flags)
0973 {
0974     gnutls_certificate_set_verify_flags(cred, flags);
0975 }
0976
0977 void certificate_credentials::set_verify_limits(unsigned int max_bits,
0978                         unsigned int max_depth)
0979 {
0980     gnutls_certificate_set_verify_limits(cred, max_bits, max_depth);
0981 }
0982
0983 void certificate_credentials::set_x509_trust_file(const char *cafile,
0984                           gnutls_x509_crt_fmt_t type)
0985 {
0986     RETWRAP(gnutls_certificate_set_x509_trust_file(cred, cafile, type));
0987 }
0988
0989 void certificate_credentials::set_x509_trust(const gnutls_datum_t &CA,
0990                          gnutls_x509_crt_fmt_t type)
0991 {
0992     RETWRAP(gnutls_certificate_set_x509_trust_mem(cred, &CA, type));
0993 }
0994
0995 void certificate_credentials::set_x509_crl_file(const char *crlfile,
0996                         gnutls_x509_crt_fmt_t type)
0997 {
0998     RETWRAP(gnutls_certificate_set_x509_crl_file(cred, crlfile, type));
0999 }
1000
1001 void certificate_credentials::set_x509_crl(const gnutls_datum_t &CRL,
1002                        gnutls_x509_crt_fmt_t type)
1003 {
1004     RETWRAP(gnutls_certificate_set_x509_crl_mem(cred, &CRL, type));
1005 }
1006
1007 void certificate_credentials::set_x509_key_file(const char *certfile,
1008                         const char *keyfile,
1009                         gnutls_x509_crt_fmt_t type)
1010 {
1011     RETWRAP(gnutls_certificate_set_x509_key_file(cred, certfile, keyfile,
1012                              type));
1013 }
1014
1015 void certificate_credentials::set_x509_key(const gnutls_datum_t &CERT,
1016                        const gnutls_datum_t &KEY,
1017                        gnutls_x509_crt_fmt_t type)
1018 {
1019     RETWRAP(gnutls_certificate_set_x509_key_mem(cred, &CERT, &KEY, type));
1020 }
1021
1022 void certificate_credentials::set_simple_pkcs12_file(const char *pkcs12file,
1023                              gnutls_x509_crt_fmt_t type,
1024                              const char *password)
1025 {
1026     RETWRAP(gnutls_certificate_set_x509_simple_pkcs12_file(cred, pkcs12file,
1027                                    type, password));
1028 }
1029
1030 void certificate_credentials::set_x509_key(gnutls_x509_crt_t *cert_list,
1031                        int cert_list_size,
1032                        gnutls_x509_privkey_t key)
1033 {
1034     RETWRAP(gnutls_certificate_set_x509_key(cred, cert_list, cert_list_size,
1035                         key));
1036 }
1037
1038 void certificate_credentials::set_x509_trust(gnutls_x509_crt_t *ca_list,
1039                          int ca_list_size)
1040 {
1041     RETWRAP(gnutls_certificate_set_x509_trust(cred, ca_list, ca_list_size));
1042 }
1043
1044 void certificate_credentials::set_x509_crl(gnutls_x509_crl_t *crl_list,
1045                        int crl_list_size)
1046 {
1047     RETWRAP(gnutls_certificate_set_x509_crl(cred, crl_list, crl_list_size));
1048 }
1049
1050 void certificate_credentials::set_retrieve_function(
1051     gnutls_certificate_retrieve_function *func)
1052 {
1053     gnutls_certificate_set_retrieve_function(cred, func);
1054 }
1055
1056 // SRP
1057
1058 srp_server_credentials::srp_server_credentials()
1059     : credentials(GNUTLS_CRD_SRP)
1060 {
1061     RETWRAP(gnutls_srp_allocate_server_credentials(&cred));
1062     set_ptr(cred);
1063 }
1064
1065 srp_server_credentials::~srp_server_credentials()
1066 {
1067     gnutls_srp_free_server_credentials(cred);
1068 }
1069
1070 srp_client_credentials::srp_client_credentials()
1071     : credentials(GNUTLS_CRD_SRP)
1072 {
1073     RETWRAP(gnutls_srp_allocate_client_credentials(&cred));
1074     set_ptr(cred);
1075 }
1076
1077 srp_client_credentials::~srp_client_credentials()
1078 {
1079     gnutls_srp_free_client_credentials(cred);
1080 }
1081
1082 void srp_client_credentials::set_credentials(const char *username,
1083                          const char *password)
1084 {
1085     RETWRAP(gnutls_srp_set_client_credentials(cred, username, password));
1086 }
1087
1088 void srp_server_credentials::set_credentials_file(
1089     const char *password_file, const char *password_conf_file)
1090 {
1091     RETWRAP(gnutls_srp_set_server_credentials_file(cred, password_file,
1092                                password_conf_file));
1093 }
1094
1095 void srp_server_credentials::set_credentials_function(
1096     gnutls_srp_server_credentials_function *func)
1097 {
1098     gnutls_srp_set_server_credentials_function(cred, func);
1099 }
1100
1101 void srp_client_credentials::set_credentials_function(
1102     gnutls_srp_client_credentials_function *func)
1103 {
1104     gnutls_srp_set_client_credentials_function(cred, func);
1105 }
1106
1107 // PSK
1108
1109 psk_server_credentials::psk_server_credentials()
1110     : credentials(GNUTLS_CRD_PSK)
1111 {
1112     RETWRAP(gnutls_psk_allocate_server_credentials(&cred));
1113     set_ptr(cred);
1114 }
1115
1116 psk_server_credentials::~psk_server_credentials()
1117 {
1118     gnutls_psk_free_server_credentials(cred);
1119 }
1120
1121 void psk_server_credentials::set_credentials_file(const char *password_file)
1122 {
1123     RETWRAP(gnutls_psk_set_server_credentials_file(cred, password_file));
1124 }
1125
1126 void psk_server_credentials::set_credentials_function(
1127     gnutls_psk_server_credentials_function *func)
1128 {
1129     gnutls_psk_set_server_credentials_function(cred, func);
1130 }
1131
1132 void psk_server_credentials::set_dh_params(const dh_params &params)
1133 {
1134     gnutls_psk_set_server_dh_params(cred, params.get_params_t());
1135 }
1136
1137 void psk_server_credentials::set_params_function(gnutls_params_function *func)
1138 {
1139     gnutls_psk_set_server_params_function(cred, func);
1140 }
1141
1142 psk_client_credentials::psk_client_credentials()
1143     : credentials(GNUTLS_CRD_PSK)
1144 {
1145     RETWRAP(gnutls_psk_allocate_client_credentials(&cred));
1146     set_ptr(cred);
1147 }
1148
1149 psk_client_credentials::~psk_client_credentials()
1150 {
1151     gnutls_psk_free_client_credentials(cred);
1152 }
1153
1154 void psk_client_credentials::set_credentials(const char *username,
1155                          const gnutls_datum_t &key,
1156                          gnutls_psk_key_flags flags)
1157 {
1158     RETWRAP(gnutls_psk_set_client_credentials(cred, username, &key, flags));
1159 }
1160
1161 void psk_client_credentials::set_credentials_function(
1162     gnutls_psk_client_credentials_function *func)
1163 {
1164     gnutls_psk_set_client_credentials_function(cred, func);
1165 }
1166
1167 credentials::credentials(gnutls_credentials_type_t t)
1168     : type(t)
1169     , cred(NULL)
1170 {
1171 }
1172
1173 gnutls_credentials_type_t credentials::get_type() const
1174 {
1175     return type;
1176 }
1177 void *credentials::ptr() const
1178 {
1179     return cred;
1180 }
1181 void credentials::set_ptr(void *ptr)
1182 {
1183     cred = ptr;
1184 }
1185
1186 exception::exception(int x)
1187 {
1188     retcode = x;
1189 }
1190
1191 int exception::get_code()
1192 {
1193     return retcode;
1194 }
1195
1196 const char *exception::what() const throw()
1197 {
1198     return gnutls_strerror(retcode);
1199 }
1200
1201 dh_params::dh_params()
1202 {
1203     RETWRAP(gnutls_dh_params_init(&params));
1204 }
1205
1206 dh_params::~dh_params()
1207 {
1208     gnutls_dh_params_deinit(params);
1209 }
1210
1211 void dh_params::import_raw(const gnutls_datum_t &prime,
1212                const gnutls_datum_t &generator)
1213 {
1214     RETWRAP(gnutls_dh_params_import_raw(params, &prime, &generator));
1215 }
1216
1217 void dh_params::import_pkcs3(const gnutls_datum_t &pkcs3_params,
1218                  gnutls_x509_crt_fmt_t format)
1219 {
1220     RETWRAP(gnutls_dh_params_import_pkcs3(params, &pkcs3_params, format));
1221 }
1222
1223 void dh_params::generate(unsigned int bits)
1224 {
1225     RETWRAP(gnutls_dh_params_generate2(params, bits));
1226 }
1227
1228 void dh_params::export_pkcs3(gnutls_x509_crt_fmt_t format,
1229                  unsigned char *params_data,
1230                  size_t *params_data_size)
1231 {
1232     RETWRAP(gnutls_dh_params_export_pkcs3(params, format, params_data,
1233                           params_data_size));
1234 }
1235
1236 void dh_params::export_raw(gnutls_datum_t &prime, gnutls_datum_t &generator)
1237 {
1238     RETWRAP(gnutls_dh_params_export_raw(params, &prime, &generator, NULL));
1239 }
1240
1241 gnutls_dh_params_t dh_params::get_params_t() const
1242 {
1243     return params;
1244 }
1245 dh_params &dh_params::operator=(const dh_params &src)
1246 {
1247     dh_params *dst = new dh_params;
1248     int ret;
1249
1250     ret = gnutls_dh_params_cpy(dst->params, src.params);
1251
1252     if (ret < 0) {
1253         delete dst;
1254         throw(exception(ret));
1255     }
1256
1257     std::swap(this->params, dst->params);
1258     delete dst;
1259
1260     return *this;
1261 }
1262
1263 #endif /* GNUTLS_GNUTLSXX_NO_HEADERONLY */
1264
1265 } /* namespace gnutls */
1266
1267 #endif /* GNUTLS_GNUTLSXX_H */