CSecureSocket Class Reference

#include <securesocket.h>

Link against: securesocket.lib

class CSecureSocket : public CBase, public CBase

Inherits from

Public Member Functions
~CSecureSocket()
IMPORT_C TIntAvailableCipherSuites(TDes8 &)
IMPORT_C voidCancelAll()
IMPORT_C voidCancelHandshake()
IMPORT_C voidCancelRecv()
IMPORT_C voidCancelSend()
IMPORT_C const CX509Certificate *ClientCert()
IMPORT_C TClientCertModeClientCertMode()
IMPORT_C voidClose()
IMPORT_C TIntCurrentCipherSuite(TDes8 &)
IMPORT_C TDialogModeDialogMode()
IMPORT_C voidFlushSessionCache()
IMPORT_C TIntGetOpt(TUint, TUint, TDes8 &)
IMPORT_C TIntGetOpt(TUint, TUint, TInt &)
IMPORT_C CSecureSocket *NewL(RSocket &, const TDesC &)
IMPORT_C CSecureSocket *NewL(MGenericSecureSocket &, const TDesC &)
IMPORT_C TIntProtocol(TDes &)
IMPORT_C voidRecv(TDes8 &, TRequestStatus &)
IMPORT_C voidRecvOneOrMore(TDes8 &, TRequestStatus &, TSockXfrLength &)
IMPORT_C voidRenegotiateHandshake(TRequestStatus &)
IMPORT_C voidSend(const TDesC8 &, TRequestStatus &, TSockXfrLength &)
IMPORT_C voidSend(const TDesC8 &, TRequestStatus &)
IMPORT_C const CX509Certificate *ServerCert()
IMPORT_C TIntSetAvailableCipherSuites(const TDesC8 &)
IMPORT_C TIntSetClientCert(const CX509Certificate &)
IMPORT_C TIntSetClientCertMode(const TClientCertMode)
IMPORT_C TIntSetDialogMode(const TDialogMode)
IMPORT_C TIntSetDialogSelection(const TServerCertValidation)
IMPORT_C TIntSetOpt(TUint, TUint, const TDesC8 &)
IMPORT_C TIntSetOpt(TUint, TUint, TInt)
IMPORT_C TIntSetPrivateKey(const CDecPKCS8Data &)
IMPORT_C TIntSetProtocol(const TDesC &)
IMPORT_C TIntSetServerCert(const CX509Certificate &)
IMPORT_C voidStartClientHandshake(TRequestStatus &)
IMPORT_C voidStartServerHandshake(TRequestStatus &)
Inherited Functions
CBase::CBase()
CBase::Delete(CBase *)
CBase::Extension_(TUint,TAny *&,TAny *)
CBase::operator new(TUint)
CBase::operator new(TUint,TAny *)
CBase::operator new(TUint,TLeave)
CBase::operator new(TUint,TLeave,TUint)
CBase::operator new(TUint,TUint)
CBase::~CBase()

Detailed Description

Secure sockets class.

Since
v6.2

Constructor & Destructor Documentation

~CSecureSocket ( )

~CSecureSocket()

Standard destructor.

Member Function Documentation

AvailableCipherSuites ( TDes8 & )

IMPORT_C TIntAvailableCipherSuites(TDes8 &aCiphers)

Gets the available cipher suites.

Note that ciphersuites using NULL encryption or PSK key exchange will not be included unless they have been enabled via SetOpt.

Parameters
aCiphersDescriptor holding the ciphers.
Return Value
KErrNone if successful, a system-wide error code if not.

CancelAll ( )

IMPORT_C voidCancelAll()

Cancels all the send and receive actions in the SSL state machine.

CancelHandshake ( )

IMPORT_C voidCancelHandshake()

Cancels the handshake.

CancelRecv ( )

IMPORT_C voidCancelRecv()

Cancels a receive action in the SSL state machine.

CancelSend ( )

IMPORT_C voidCancelSend()

Cancels a send action in the SSL state machine.

ClientCert ( )

IMPORT_C const CX509Certificate *ClientCert()

Gets the current client certificate.

When a secure socket is acting in server mode, the returned certificate will be the certificate that the remote client provided. When acting in client mode, the certificate returned will be local certificate.

Return Value
A pointer to the client certificate, or NULL if none exists.

ClientCertMode ( )

IMPORT_C TClientCertModeClientCertMode()

Gets the current client certificate mode.

The client certificate mode is used when the socket is acting as a server, and determines whether a client certificate is requested.

Return Value
The current mode that is set.

Close ( )

IMPORT_C voidClose()

Closes the secure connection and the socket.

Implementations should terminate the secure connection gracefully as appropriate to their protocol. The RSocket object is not destoyed: this is left to the client application.

CurrentCipherSuite ( TDes8 & )

IMPORT_C TIntCurrentCipherSuite(TDes8 &aCipherSuite)

Gets the current cipher suite in use.

The current cipher suite is returned in the referenced buffer in two byte format as, i.e. [0x??][0x??].

Parameters
aCipherSuiteA reference to a descriptor at least 2 bytes long. Implementations that differ from the [0x??][0x??] format may require larger descriptors. See individual implementation notes for details.
Return Value
KErrNone if successful; otherwise, another of the system-wide error codes.

DialogMode ( )

IMPORT_C TDialogModeDialogMode()

Gets the current dialog mode.

Return Value
The current dialog mode.

FlushSessionCache ( )

IMPORT_C voidFlushSessionCache()

Flushes the session cache.

GetOpt ( TUint, TUint, TDes8 & )

IMPORT_C TIntGetOpt(TUintaOptionName,
TUintaOptionLevel,
TDes8 &aOption
)

Gets an option.

Secure socket implementations may provide options that can be used with this function.

(nb. Getting the KSoServerNameIndication option is not supported).

Parameters
aOptionNameAn integer constant which identifies an option.
aOptionLevelAn integer constant which identifies the level of an option, i.e. an option level group of related options.
aOptionAn option value packaged in a descriptor.
Return Value
KErrNone if successful; otherwise, another of the system-wide error codes.

GetOpt ( TUint, TUint, TInt & )

IMPORT_C TIntGetOpt(TUintaOptionName,
TUintaOptionLevel,
TInt &aOption
)

Gets an option.

Secure socket implementations may provide options that can be used with this method.

(nb. Getting the KSoServerNameIndication option is not supported).

Parameters
aOptionNameAn integer constant which identifies an option.
aOptionLevelAn integer constant which identifies the level of an option, i.e. an option level group of related options.
aOptionAn integer option value.
Return Value
KErrNone if successful; otherwise, another of the system-wide error codes.

NewL ( RSocket &, const TDesC & )

IMPORT_C CSecureSocket *NewL(RSocket &aSocket,
const TDesC &aProtocol
)[static]

Creates and returns a pointer to a new secure socket.

A reference to an already open and connected socket should be passed in, along with a descriptor that contains the protocol name.

Parameters
aSocketA reference to an open and connected RSocket object.
aProtocolA constant descriptor containing the protocol name.
Return Value
A pointer to the newly created secure socket, or NULL if the creation failed.

NewL ( MGenericSecureSocket &, const TDesC & )

IMPORT_C CSecureSocket *NewL(MGenericSecureSocket &aSocket,
const TDesC &aProtocol
)[static]

Creates and returns a pointer to a new secure socket.

A reference to a socket derived from MGenericSecureSocket should be passed in, along with a descriptor that contains the protocol name.

Parameters
aSocketA reference to an MGenericSecureSocket derived object.
aProtocolA constant descriptor containing the protocol name.
Return Value
A pointer to the newly created secure socket, or NULL if the creation failed.

Protocol ( TDes & )

IMPORT_C TIntProtocol(TDes &aProtocol)

Gets the protocol in use.

This method can be used to return the particular protocol/version that is being used by implementations that support different protocols/versions.

Parameters
aProtocolA descriptor containing the protocol name/version that is being used. Protocol names can be up to 32 characters long, and so a descriptor of at least that size is required.
Return Value
KErrNone

Recv ( TDes8 &, TRequestStatus & )

IMPORT_C voidRecv(TDes8 &aDesc,
TRequestStatus &aStatus
)

Receives data from the socket.

This is an asynchronous function, and completes when the descriptor has been filled. Only one Recv() or RecvOneOrMore() operation can be outstanding at any time.

Parameters
aDescA descriptor where data read will be placed.
aStatusOn completion, KErrNone if successful; KErrEof if a remote connection is closed and there is no more data; KErrNotReady if called when an operation is still outstanding; or another system-wide error code.

RecvOneOrMore ( TDes8 &, TRequestStatus &, TSockXfrLength & )

IMPORT_C voidRecvOneOrMore(TDes8 &aDesc,
TRequestStatus &aStatus,
TSockXfrLength &aLen
)

Receives data from the socket.

This is an asynchronous function, and will complete when at least one byte has been read. Only one Recv() or RecvOneOrMore() operation can be outstanding at any time.

Parameters
aDescA descriptor where data read will be placed.
aStatusOn completion, KErrNone if successful; KErrEof if a remote connection is closed and there is no more data; KErrNotReady if called when an operation is still outstanding; or another system-wide error code.
aLenOn completion, the length of the descriptor, aDesc.

RenegotiateHandshake ( TRequestStatus & )

IMPORT_C voidRenegotiateHandshake(TRequestStatus &aStatus)

Initiates a renegotiation of the secure connection.

This is an asynchronous function that completes when renegotiation is complete. It is valid for both client and server operation. There can only be one outstanding RenegotiateHandshake() operation at a time.

Parameters
aStatusOn completion, KErrNone if successful; KErrNotReady if called when an operation is still outstanding; or another system-wide error code.

Send ( const TDesC8 &, TRequestStatus &, TSockXfrLength & )

IMPORT_C voidSend(const TDesC8 &aDesc,
TRequestStatus &aStatus,
TSockXfrLength &aLen
)

Sends data over the socket.

This is an asynchronous function. Only one Send() operation can be outstanding at any time.

Parameters
aDescA constant descriptor with the data to be send.
aStatusOn completion, KErrNone if successful; KErrNotReady if called when an operation is still outstanding; or another system-wise error code.
aLenOn completion, the amount of data sent.

Send ( const TDesC8 &, TRequestStatus & )

IMPORT_C voidSend(const TDesC8 &aDesc,
TRequestStatus &aStatus
)

Sends data over the socket.

This is an asynchronous function. Only one Send() operation can be outstanding at any time, and the function will complete with the error KErrNotReady if called when a send is still outstanding.

Parameters
aDescA constant descriptor. The application must not modify this descriptor until the Send() completes.
aStatusOn completion, KErrNone; KErrNotReady if called when a send is still outstanding, if successful; or another system-wide error code.

ServerCert ( )

IMPORT_C const CX509Certificate *ServerCert()

Gets the current server certificate.

When a secure socket is acting in client mode, the returned certificate will be the certificate for the remote server. When acting in server mode, the certificate returned will be the local certificate.

Note that the operation in server mode is currently reserved for future use, and returns NULL.

Return Value
Pointer to the certificate, or NULL if no certificate is available.

SetAvailableCipherSuites ( const TDesC8 & )

IMPORT_C TIntSetAvailableCipherSuites(const TDesC8 &aCiphers)

Sets the list of cipher suites that are available for use.

The list of cipher suites should be supplied in a descriptor in the format as per the TLS RFC, i.e. [0x??][0x??] for each suite. The order of suites is important, and so they should be listed with the preferred suites first.

Note that ciphersuites using NULL encryption or PSK key exchange will be considered unsupported unless these features have been enabled via SetOpt.

Unsupported ciphersuites are silently ignored except that if the list becomes empty KErrNotSupported will be returned.

Parameters
aCiphersDescriptor holding the cipher suites list.
Return Value
KErrNone if successful; otherwise, a system-wide error code.

SetClientCert ( const CX509Certificate & )

IMPORT_C TIntSetClientCert(const CX509Certificate &aCert)

Sets the client certificate to use.

When a secure socket is acting in client mode, this method will set the certificate that will be used if a server requests one. When acting in server mode, if called this method will perform no action, but will return KErrNotSupported.

Parameters
aCertThe client certificate.
Return Value
KErrNone if successful; otherwise, a system-wide error code.

SetClientCertMode ( const TClientCertMode )

IMPORT_C TIntSetClientCertMode(const TClientCertModeaClientCertMode)

Sets the client certificate mode.

Parameters
aClientCertModeThe client certificate mode to set.
Return Value
KErrNone if successful; otherwise, a system-wide error code.

SetDialogMode ( const TDialogMode )

IMPORT_C TIntSetDialogMode(const TDialogModeaDialogMode)

Sets the Dialog mode.

Parameters
aDialogModeDialog mode to set.
Return Value
KErrNone if successful, otherwise, a system-wide error code.

SetDialogSelection ( const TServerCertValidation )

IMPORT_C TIntSetDialogSelection(const TServerCertValidationaValidations)

To select the validation failure dialogue to attend, and others are suppressed.

Parameters
aValidationsLogically ORed enums of type TServerCertValidation. otherwise, a system-wide error code.

SetOpt ( TUint, TUint, const TDesC8 & )

IMPORT_C TIntSetOpt(TUintaOptionName,
TUintaOptionLevel,
const TDesC8 &aOption =  TPtrC8(NULL, 0)
)

Sets an option.

SecureSocket implementations may provide options that can be used with this method. See individual implementation notes for details.

In order for full verification of the Server certificate during handshake negotiation the domain name must be set. This is done using the option KSoSSLDomainName, with the option level KSolInetSSL.

In order to use a TLS PSK ciphersuite the user must use the the option KSoPskConfig, with the option level KSolInetSSL. The aOption argument should be a TPckgBuf<MSoPskKeyHandler *>. This passes in a pointer to an object which implements the MSoPskKeyHandler interface to decide which PSK identity and value the client wishes to use to secure the connection. See MSoPskKeyHandler for further details. If the MSoPskKeyHandler is NULL then PSK ciphersuites will be disabled again. If you specified an exact list of ciphersuites (by calling SetAvailableCipherSuites) you must update that list to exclude PSK ciphersuites.

The option KSoServerNameIndication, with the option level KSolInetSSL can be used to include the RFC3546 server name indication in the ClientHello sent to the server. This can be used to facilitate secure connections to servers that host multiple 'virtual' servers at a single underlying network address. The aOption argument should be a TPckgBuf<CDesC8Array *>, ownership is passed in. One or more UTF-8 FQDNs can be supplied. Neither trailing dots nor numeric IP addresses should be used.

Parameters
aOptionNameAn integer constant which identifies an option.
aOptionLevelAn integer constant which identifies the level of an option: i.e. an option level group of related options.
aOptionAn option value packaged in a descriptor.
Return Value
KErrNone if successful; otherwise, a system-wide error code.

SetOpt ( TUint, TUint, TInt )

IMPORT_C TIntSetOpt(TUintaOptionName,
TUintaOptionLevel,
TIntaOption
)

Sets an option.

SecureSocket implementations may provide options that can be used with this method. See individual implementation notes for details.

By default the TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA ciphersuites are disabled. These ciphersuites use NULL encryption and therefore offer no protection against evesdropping. Server authentication (and client, if a client certificate is used) is performed and data integrity is still checked (nb. TLS_NULL_WITH_NULL_NULL is never supported). In order to these ciphersuites the user must use the the option KSoEnableNullCiphers, with the option level KSolInetSSL and a non-zero argument. Using an argument of zero will disable them.

Parameters
aOptionNameAn integer constant which identifies an option.
aOptionLevelAn integer constant which identifies the level of an option: i.e. an option level group of related options.
aOptionAn option value as an integer .
Return Value
KErrNone if successful; otherwise, a system-wide error code.

SetPrivateKey ( const CDecPKCS8Data & )

IMPORT_C TIntSetPrivateKey(const CDecPKCS8Data &aPrivateKey)

Sets the client private key to use.

When a secure socket is acting in client mode, this method will set the private key that will be used for encryption, if server does a client certificate request. When acting in server mode, if called this method will perform no action, but will return KErrNotSupported.

Return Value
KErrNone if successful; otherwise, a system-wide error code.

SetProtocol ( const TDesC & )

IMPORT_C TIntSetProtocol(const TDesC &aProtocol)

Sets the protocol

Parameters
aProtocolDescriptor holding the protocol name to be set, e.g. "SSL3.0" or "TLS1.0".
Return Value
KErrNone if successful, or KErrNotSupported if the protocol in the descriptor isn't recognized.

SetServerCert ( const CX509Certificate & )

IMPORT_C TIntSetServerCert(const CX509Certificate &aCert)

Sets the server X.509 certificate.

Parameters
aCertThe certificate to use.
Return Value
KErrNone if successful; otherwise, a system-wide error code.

StartClientHandshake ( TRequestStatus & )

IMPORT_C voidStartClientHandshake(TRequestStatus &aStatus)

Starts the client handshake.

Parameters
aStatusOn completion, KErrNone if successful; otherwise, a system-wide error code.

StartServerHandshake ( TRequestStatus & )

IMPORT_C voidStartServerHandshake(TRequestStatus &aStatus)

Starts the server handshake.

Parameters
aStatusOn completion, KErrNone if successful; otherwise, a system-wide error code.
© Nokia 2011.