tlsgnutlsserveranon.cpp

00001 /*
00002   Copyright (c) 2005-2009 by Jakob Schroeter <js@camaya.net>
00003   This file is part of the gloox library. http://camaya.net/gloox
00004 
00005   This software is distributed under a license. The full license
00006   agreement can be found in the file LICENSE in this distribution.
00007   This software may not be copied, modified, sold or distributed
00008   other than expressed in the named license agreement.
00009 
00010   This software is distributed without any warranty.
00011 */
00012 
00013 
00014 
00015 #include "tlsgnutlsserveranon.h"
00016 
00017 #ifdef HAVE_GNUTLS
00018 
00019 #include <errno.h>
00020 
00021 namespace gloox
00022 {
00023 
00024   GnuTLSServerAnon::GnuTLSServerAnon( TLSHandler* th )
00025     : GnuTLSBase( th ), m_dhBits( 1024 )
00026   {
00027   }
00028 
00029   GnuTLSServerAnon::~GnuTLSServerAnon()
00030   {
00031     gnutls_anon_free_server_credentials( m_anoncred );
00032     gnutls_dh_params_deinit( m_dhParams );
00033   }
00034 
00035   void GnuTLSServerAnon::cleanup()
00036   {
00037     GnuTLSBase::cleanup();
00038     init();
00039   }
00040 
00041   bool GnuTLSServerAnon::init( const std::string&,
00042                                const std::string&,
00043                                const StringList& )
00044   {
00045     const int protocolPriority[] = { GNUTLS_TLS1, 0 };
00046     const int kxPriority[]       = { GNUTLS_KX_ANON_DH, 0 };
00047     const int cipherPriority[]   = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
00048                                      GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
00049     const int compPriority[]     = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
00050     const int macPriority[]      = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
00051 
00052     if( m_initLib && gnutls_global_init() != 0 )
00053       return false;
00054 
00055     if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 )
00056       return false;
00057 
00058     generateDH();
00059     gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams );
00060 
00061     if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
00062       return false;
00063 
00064     gnutls_protocol_set_priority( *m_session, protocolPriority );
00065     gnutls_cipher_set_priority( *m_session, cipherPriority );
00066     gnutls_compression_set_priority( *m_session, compPriority );
00067     gnutls_kx_set_priority( *m_session, kxPriority );
00068     gnutls_mac_set_priority( *m_session, macPriority );
00069     gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
00070 
00071     gnutls_dh_set_prime_bits( *m_session, m_dhBits );
00072 
00073     gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
00074     gnutls_transport_set_push_function( *m_session, pushFunc );
00075     gnutls_transport_set_pull_function( *m_session, pullFunc );
00076 
00077     m_valid = true;
00078     return true;
00079   }
00080 
00081   void GnuTLSServerAnon::generateDH()
00082   {
00083     gnutls_dh_params_init( &m_dhParams );
00084     gnutls_dh_params_generate2( m_dhParams, m_dhBits );
00085   }
00086 
00087   void GnuTLSServerAnon::getCertInfo()
00088   {
00089     m_certInfo.status = CertOk;
00090 
00091     const char* info;
00092     info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) );
00093     if( info )
00094       m_certInfo.compression = info;
00095 
00096     info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) );
00097     if( info )
00098       m_certInfo.mac = info;
00099 
00100     info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) );
00101     if( info )
00102       m_certInfo.cipher = info;
00103 
00104     info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) );
00105     if( info )
00106       m_certInfo.protocol = info;
00107 
00108     m_valid = true;
00109   }
00110 
00111 }
00112 
00113 #endif // HAVE_GNUTLS
Generated on Tue Jun 8 23:37:55 2010 for gloox by  doxygen 1.6.3