sslsocket.h

LINUX下发送邮件的库,测试很好用,有各种发送测试的例子

/*************************************************************************
 *                                                                       *
 * This program is free software; you can redistribute it and/or modify  *
 * it under the terms of the GNU General Public License as published by  *
 * the Free Software Foundation; either version 2 of the License, or     *
 * (at your option) any later version.                                   *
 *                                                                       *
 *************************************************************************/

#ifndef _SSLSOCKET_H__
#define _SSLSOCKET_H__

#include "global.h"
#include "socket.h"
#include "exception.h"
#include "logger.h"
#include "i18n.h"
#include "socket.h"
#include <strings.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <errno.h>
#include <string>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

using namespace std;

/**
 * This class describes a socket with SSL extensions.
 * This class is intended to be a base class for more specific
 * socket implementations, eg. tcp sockets or unix domain
 * sockets. Consequently it is a virtual class that cannot 
 * be instantiated.
 *
 *
 * @author Timo Benk <t_benk@web.de>
 */
class SSLSocket : public Socket
{
	public:    
		/**
		 * Constructor.
		 *
		 * @param host The host this socket is connected to.
		 */
		SSLSocket (const string &host);

		/**
		 * Constructor.
		 *
		 * @param host The host this socket is connected to.
		 * @param fd   The file descriptor this socket uses for IO.
		 */
		SSLSocket (const string &host, int fd);

		/**
		 * The ssl protocol options that can be customized. VERIFY_PEER
		 * will ensure that the certificate provided by the SMTP server
		 * is valid. VERIFY_NONE will skip verification of the certificate.
		 */
		enum SSL_OPTS { VERIFY_PEER, VERIFY_NONE };

		/**
		 * Destructor.
		 */
		virtual ~SSLSocket ();

		/**
		 * Reads one line from the socket.
		 *
		 * @returns One line read from the socket.
		 *
		 * @throws TransferException 
		 *             On any uncommon event that occurs while receiving
		 *             the data.
		 * @throws SSLException
		 *                On any uncommon event that occurs while receiving
		 *                data from the encrypted socket.
		 */
		string readSocket ();

		/**
		 * Writes data to the socket.
		 *
		 * @param data The data string that should be written to 
		 *             the socket.
		 *
		 * @throws TransferException 
		 *             On any uncommon event that occurs while sending
		 *             the data.
		 * @throws SSLException
		 *                On any uncommon event that occurs while sending
		 *                data through the encrypted socket.
		 */
		void writeSocket (const string &data);

		/**
		 * Set some SSL specific options.
		 *
		 * @param opts The option that should be set.
		 */
		void setSSLOpts (SSL_OPTS opts);

		/**
		 * Set the locations of the certificate files.
		 * ca_file points to a file containing PEM
		 * certs, ca_dir points to a directory containing
		 * PEM certs. "man 3 SSL_CTX_load_verify_locations"
		 * will give you more info on that topic.
		 *
		 * @param ca_file A file that contains PEM certificates.
         *                The file  can  contain several CA certificates 
         *                identified by
         *                
         *                -----BEGIN CERTIFICATE-----
         *                
         *                ... [CA certificate in base64 encoding] ...
         *                
         *                -----END CERTIFICATE-----
         *                
         *                sequences.  Before,  between, and after the 
         *                certificates text is allowed which
         *                can be used e.g. for descriptions of the 
         *                certificates.
         *                
         *                Take a look in the openssl documentation to 
         *                get more infos on that topic.
		 * @param ca_dir  A directory that contains PEM certificates.
         *                The files each contain one CA certificate.  The files 
         *                are looked up by the CA subject name hash value, which 
         *                must hence be available.  If more than one CA certificate 
         *                with the same name hash value exist, the extension must be 
         *                different (e.g. 9d66eef0.0, 9d66eef0.1 etc).  The search 
         *                is performed in the ordering of the extension number, 
         *                regardless of other properties of the certificates.  
         *                Use the c_rehash utility to create the necessary links.  
         *                
         *                Take a look in the openssl documentation to 
         *                get more infos on that topic.
		 */
		void setVerifyLocations (const string &ca_file, const string &ca_dir);

		/**
		 * Start the SSL handshake.
		 *
		 * @throws SSLException 
		 *                 If the handshake fails for some reason.
		 * @throws IOException
		 *                 If one of ca_file or ca_dir is not accessible.
		 */
		void negotiate ();

	protected:

		/**
		 * The ssl context.
		 */
		SSL_CTX * ctx;

		/**
		 * The SSL object.
		 */
		SSL * ssl;

		/**
		 * Will be set to true if the ssl connection
		 * was negotiated.
		 */
		bool negotiated;

		/**
		 * Either SSL_VERIFY_PEER or SSL_VERIFY_NONE
		 */
		int verify;

		/**
		 * The PEM certificate file for verifying.
		 */
		string ca_file;

		/**
		 * The directory that contains the PEM certificates 
		 * for verifying.
		 */
		string ca_dir;

		/**
		 * Dump various X509 Infos.
		 */
		void dumpSSLInfo ();

		/**
		 * Reads one line from the socket.
		 *
		 * @returns One line read from the socket.
		 *
		 * @throws SSLException
		 *                On any uncommon event that occurs while receiving
		 *                data from the encrypted socket.
		 */
		string ssl_readSocket ();

		/**
		 * Writes data to the socket.
		 *
		 * @param data The data string that should be written to 
		 *             the socket.
		 *
		 * @throws SSLException
		 *                On any uncommon event that occurs while sending
		 *                data through the encrypted socket.
		 */
		void ssl_writeSocket (const string &data);

		/**
		 * Returns the last error on the SSL error stack as a 
		 * string. 
		 *
		 * @param ret The return code of the last openssl function that
		 *            was called.
		 * @returns The error description.
		 */
		string ssl_error (int ret = 65536);

		/**
		 * This method wraps around SSL_read and handles the 
		 * following error conditions: SSL_ERROR_WANT_WRITE,
		 * SSL_ERROR_WANT_READ, SSL_ERROR_WANT_CONNECT and 
		 * SSL_ERROR_WANT_X509_LOOKUP.
		 */
		int ssl_read (SSL * ssl, void * buf, int num);

		/**
		 * This method wraps around SSL_write and handles the 
		 * following error conditions: SSL_ERROR_WANT_WRITE,
		 * SSL_ERROR_WANT_READ, SSL_ERROR_WANT_CONNECT and 
		 * SSL_ERROR_WANT_X509_LOOKUP.
		 */
		int ssl_write (SSL * ssl, const void * buf, int num);

		/**
		 * This method wraps around SSL_connect and handles the 
		 * following error conditions: SSL_ERROR_WANT_WRITE,
		 * SSL_ERROR_WANT_READ, SSL_ERROR_WANT_CONNECT and 
		 * SSL_ERROR_WANT_X509_LOOKUP.
		 */
		int ssl_connect (SSL * ssl);
};

#endif