//////////////////////////////////////////////////////////////////////////////// /// @brief application https server feature /// /// @file /// /// DISCLAIMER /// /// Copyright 2004-2012 triAGENS GmbH, Cologne, Germany /// /// Licensed under the Apache License, Version 2.0 (the "License"); /// you may not use this file except in compliance with the License. /// You may obtain a copy of the License at /// /// http://www.apache.org/licenses/LICENSE-2.0 /// /// Unless required by applicable law or agreed to in writing, software /// distributed under the License is distributed on an "AS IS" BASIS, /// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. /// See the License for the specific language governing permissions and /// limitations under the License. /// /// Copyright holder is triAGENS GmbH, Cologne, Germany /// /// @author Dr. Frank Celler /// @author Copyright 2010-2012, triAGENS GmbH, Cologne, Germany //////////////////////////////////////////////////////////////////////////////// #ifndef TRIAGENS_HTTPS_SERVER_APPLICATION_HTTPS_SERVER_H #define TRIAGENS_HTTPS_SERVER_APPLICATION_HTTPS_SERVER_H 1 #include "ApplicationServer/ApplicationFeature.h" #include #include "HttpServer/HttpHandlerFactory.h" #include "Rest/EndpointList.h" // ----------------------------------------------------------------------------- // --SECTION-- forward declarations // ----------------------------------------------------------------------------- namespace triagens { namespace rest { class ApplicationScheduler; class ApplicationDispatcher; class HttpsServer; // ----------------------------------------------------------------------------- // --SECTION-- class ApplicationsHttpServer // ----------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////// /// @addtogroup HttpServer /// @{ //////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// /// @brief application https server feature //////////////////////////////////////////////////////////////////////////////// class ApplicationHttpsServer : public ApplicationFeature { private: ApplicationHttpsServer (ApplicationHttpsServer const&); ApplicationHttpsServer& operator= (ApplicationHttpsServer const&); //////////////////////////////////////////////////////////////////////////////// /// @} //////////////////////////////////////////////////////////////////////////////// // ----------------------------------------------------------------------------- // --SECTION-- constructors and destructors // ----------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////// /// @addtogroup HttpServer /// @{ //////////////////////////////////////////////////////////////////////////////// public: //////////////////////////////////////////////////////////////////////////////// /// @brief constructor //////////////////////////////////////////////////////////////////////////////// ApplicationHttpsServer (ApplicationServer*, ApplicationScheduler*, ApplicationDispatcher*, std::string const& authenticationRealm, HttpHandlerFactory::auth_fptr checkAuthentication); //////////////////////////////////////////////////////////////////////////////// /// @brief destructor //////////////////////////////////////////////////////////////////////////////// ~ApplicationHttpsServer (); //////////////////////////////////////////////////////////////////////////////// /// @} //////////////////////////////////////////////////////////////////////////////// // ----------------------------------------------------------------------------- // --SECTION-- public methods // ----------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////// /// @addtogroup HttpServer /// @{ //////////////////////////////////////////////////////////////////////////////// public: //////////////////////////////////////////////////////////////////////////////// /// @brief builds the https server /// /// Note that the server claims ownership of the factory. //////////////////////////////////////////////////////////////////////////////// HttpsServer* buildServer (const EndpointList* endpointList); //////////////////////////////////////////////////////////////////////////////// /// @} //////////////////////////////////////////////////////////////////////////////// // ----------------------------------------------------------------------------- // --SECTION-- ApplicationFeature methods // ----------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////// /// @addtogroup ApplicationServer /// @{ //////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// /// {@inheritDoc} //////////////////////////////////////////////////////////////////////////////// void setupOptions (map&); //////////////////////////////////////////////////////////////////////////////// /// {@inheritDoc} //////////////////////////////////////////////////////////////////////////////// bool parsePhase2 (basics::ProgramOptions&); //////////////////////////////////////////////////////////////////////////////// /// {@inheritDoc} //////////////////////////////////////////////////////////////////////////////// bool open (); //////////////////////////////////////////////////////////////////////////////// /// {@inheritDoc} //////////////////////////////////////////////////////////////////////////////// void close (); //////////////////////////////////////////////////////////////////////////////// /// {@inheritDoc} //////////////////////////////////////////////////////////////////////////////// void stop (); //////////////////////////////////////////////////////////////////////////////// /// @} //////////////////////////////////////////////////////////////////////////////// // ----------------------------------------------------------------------------- // --SECTION-- protected methods // ----------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////// /// @addtogroup HttpServer /// @{ //////////////////////////////////////////////////////////////////////////////// protected: //////////////////////////////////////////////////////////////////////////////// /// @brief build an http server //////////////////////////////////////////////////////////////////////////////// HttpsServer* buildHttpsServer (const EndpointList*); //////////////////////////////////////////////////////////////////////////////// /// @} //////////////////////////////////////////////////////////////////////////////// // ----------------------------------------------------------------------------- // --SECTION-- protected variables // ----------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////// /// @addtogroup HttpServer /// @{ //////////////////////////////////////////////////////////////////////////////// protected: //////////////////////////////////////////////////////////////////////////////// /// @brief application server //////////////////////////////////////////////////////////////////////////////// ApplicationServer* _applicationServer; //////////////////////////////////////////////////////////////////////////////// /// @brief application scheduler //////////////////////////////////////////////////////////////////////////////// ApplicationScheduler* _applicationScheduler; //////////////////////////////////////////////////////////////////////////////// /// @brief application dispatcher or null //////////////////////////////////////////////////////////////////////////////// ApplicationDispatcher* _applicationDispatcher; //////////////////////////////////////////////////////////////////////////////// /// @brief authentication realm //////////////////////////////////////////////////////////////////////////////// string _authenticationRealm; //////////////////////////////////////////////////////////////////////////////// /// @brief authentication callback //////////////////////////////////////////////////////////////////////////////// HttpHandlerFactory::auth_fptr _checkAuthentication; //////////////////////////////////////////////////////////////////////////////// /// @brief all constructed http servers //////////////////////////////////////////////////////////////////////////////// vector _httpsServers; //////////////////////////////////////////////////////////////////////////////// /// @brief keyfile containing server certificate /// /// @CMDOPT{--server.keyfile @CA{filename}} /// /// If SSL encryption is used, this option must be used to specify the filename /// of the server private key. The file must contain both an X509 certificate and /// the server's private key. /// /// The file specified by @CA{filename} should have the following structure: /// /// @verbinclude server-keyfile /// /// You may use certificates issued by a Certificate Authority or self-signed /// certificates. Self-signed certificates can be created by a tool of your /// choice. When using OpenSSL for creating the self-signed certificate, the /// following commands should create a keyfile: /// /// @verbinclude server-keyfile-openssl /// /// For further information please check the manuals of the tools you use to /// create the certificate. /// /// Note: the --server.keyfile option must be set if the server is started with /// at least one SSL endpoint. //////////////////////////////////////////////////////////////////////////////// string _httpsKeyfile; //////////////////////////////////////////////////////////////////////////////// /// @brief CA file /// /// @CMDOPT{--server.cafile @CA{filename}} /// /// This option can be used to specify the file which contains the CA certificates /// of clients. /// /// TODO /// /// Note: this option is only relevant if at least one SSL endpoint is used. //////////////////////////////////////////////////////////////////////////////// string _cafile; //////////////////////////////////////////////////////////////////////////////// /// @brief SSL protocol type to use /// /// @CMDOPT{--server.ssl-protocol @CA{value}} /// /// Use this option to specify the default encryption protocol to be used. /// The following variants are available: /// - 1: SSLv2 /// - 2: SSLv23 /// - 3: SSLv3 /// - 4: TLSv1 /// /// The default @CA{value} is 4 (i.e. TLSv1). /// /// Note: this option is only relevant if at least one SSL endpoint is used. //////////////////////////////////////////////////////////////////////////////// uint32_t _sslProtocol; //////////////////////////////////////////////////////////////////////////////// /// @brief ssl cache mode to use /// /// @CMDOPT{--server.ssl-cache-mode @CA{value}} /// /// TODO /// /// Note: this option is only relevant if at least one SSL endpoint is used. //////////////////////////////////////////////////////////////////////////////// uint64_t _sslCacheMode; //////////////////////////////////////////////////////////////////////////////// /// @brief ssl options to use /// /// @CMDOPT{--server.ssl-options @CA{value}} /// /// This option can be used to set various SSL-related options. Individual /// option values must be combined using bitwise OR. /// /// Which options are available on your platform is determined by the OpenSSL /// version you use. The list of options available on your platform might be /// retrieved by the following shell command: /// /// @verbinclude openssl-options /// /// A description of the options can be found online in the OpenSSL documentation /// at: http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html /// /// Note: this option is only relevant if at least one SSL endpoint is used. //////////////////////////////////////////////////////////////////////////////// uint64_t _sslOptions; //////////////////////////////////////////////////////////////////////////////// /// @brief ssl cipher list to use /// /// @CMDOPT{--server.ssl-cipher-list @CA{cipher-list}} /// /// This option can be used to restrict the server to certain SSL ciphers only, /// and to define the relative usage preference of SSL ciphers. /// /// The format of @CA{cipher-list} is documented in the OpenSSL documentation. /// /// To check which ciphers are available on your platform, you may use the /// following shell command: /// /// @verbinclude openssl-ciphers /// /// The default value for @CA{cipher-list} is "ALL". /// /// Note: this option is only relevant if at least one SSL endpoint is used. //////////////////////////////////////////////////////////////////////////////// string _sslCipherList; //////////////////////////////////////////////////////////////////////////////// /// @brief ssl context //////////////////////////////////////////////////////////////////////////////// SSL_CTX* _sslContext; //////////////////////////////////////////////////////////////////////////////// /// @brief random string used for initialisation //////////////////////////////////////////////////////////////////////////////// string _rctx; //////////////////////////////////////////////////////////////////////////////// /// @} //////////////////////////////////////////////////////////////////////////////// // ----------------------------------------------------------------------------- // --SECTION-- private methods // ----------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////// /// @addtogroup HttpServer /// @{ //////////////////////////////////////////////////////////////////////////////// private: //////////////////////////////////////////////////////////////////////////////// /// @brief creates an ssl context //////////////////////////////////////////////////////////////////////////////// bool createSslContext (); }; } } //////////////////////////////////////////////////////////////////////////////// /// @} //////////////////////////////////////////////////////////////////////////////// #endif // ----------------------------------------------------------------------------- // --SECTION-- END-OF-FILE // ----------------------------------------------------------------------------- // Local Variables: // mode: outline-minor // outline-regexp: "^\\(/// @brief\\|/// {@inheritDoc}\\|/// @addtogroup\\|// --SECTION--\\|/// @\\}\\)" // End: