Revision control

Copy as Markdown

Other Tools

/*
* TLS Session Manager
* (C) 2011 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_TLS_SESSION_MANAGER_H_
#define BOTAN_TLS_SESSION_MANAGER_H_
#include <botan/tls_session.h>
#include <botan/mutex.h>
#include <chrono>
#include <map>
namespace Botan {
namespace TLS {
/**
* Session_Manager is an interface to systems which can save
* session parameters for supporting session resumption.
*
* Saving sessions is done on a best-effort basis; an implementation is
* allowed to drop sessions due to space constraints.
*
* Implementations should strive to be thread safe
*/
class BOTAN_PUBLIC_API(2,0) Session_Manager
{
public:
/**
* Try to load a saved session (using session ID)
* @param session_id the session identifier we are trying to resume
* @param session will be set to the saved session data (if found),
or not modified if not found
* @return true if session was modified
*/
virtual bool load_from_session_id(const std::vector<uint8_t>& session_id,
Session& session) = 0;
/**
* Try to load a saved session (using info about server)
* @param info the information about the server
* @param session will be set to the saved session data (if found),
or not modified if not found
* @return true if session was modified
*/
virtual bool load_from_server_info(const Server_Information& info,
Session& session) = 0;
/**
* Remove this session id from the cache, if it exists
*/
virtual void remove_entry(const std::vector<uint8_t>& session_id) = 0;
/**
* Remove all sessions from the cache, return number of sessions deleted
*/
virtual size_t remove_all() = 0;
/**
* Save a session on a best effort basis; the manager may not in
* fact be able to save the session for whatever reason; this is
* not an error. Caller cannot assume that calling save followed
* immediately by load_from_* will result in a successful lookup.
*
* @param session to save
*/
virtual void save(const Session& session) = 0;
/**
* Return the allowed lifetime of a session; beyond this time,
* sessions are not resumed. Returns 0 if unknown/no explicit
* expiration policy.
*/
virtual std::chrono::seconds session_lifetime() const = 0;
virtual ~Session_Manager() = default;
};
/**
* An implementation of Session_Manager that does not save sessions at
* all, preventing session resumption.
*/
class BOTAN_PUBLIC_API(2,0) Session_Manager_Noop final : public Session_Manager
{
public:
bool load_from_session_id(const std::vector<uint8_t>&, Session&) override
{ return false; }
bool load_from_server_info(const Server_Information&, Session&) override
{ return false; }
void remove_entry(const std::vector<uint8_t>&) override {}
size_t remove_all() override { return 0; }
void save(const Session&) override {}
std::chrono::seconds session_lifetime() const override
{ return std::chrono::seconds(0); }
};
/**
* An implementation of Session_Manager that saves values in memory.
*/
class BOTAN_PUBLIC_API(2,0) Session_Manager_In_Memory final : public Session_Manager
{
public:
/**
* @param rng a RNG used for generating session key and for
* session encryption
* @param max_sessions a hint on the maximum number of sessions
* to keep in memory at any one time. (If zero, don't cap)
* @param session_lifetime sessions are expired after this many
* seconds have elapsed from initial handshake.
*/
Session_Manager_In_Memory(RandomNumberGenerator& rng,
size_t max_sessions = 1000,
std::chrono::seconds session_lifetime =
std::chrono::seconds(7200));
bool load_from_session_id(const std::vector<uint8_t>& session_id,
Session& session) override;
bool load_from_server_info(const Server_Information& info,
Session& session) override;
void remove_entry(const std::vector<uint8_t>& session_id) override;
size_t remove_all() override;
void save(const Session& session_data) override;
std::chrono::seconds session_lifetime() const override
{ return m_session_lifetime; }
private:
bool load_from_session_str(const std::string& session_str,
Session& session);
mutex_type m_mutex;
size_t m_max_sessions;
std::chrono::seconds m_session_lifetime;
RandomNumberGenerator& m_rng;
secure_vector<uint8_t> m_session_key;
std::map<std::string, std::vector<uint8_t>> m_sessions; // hex(session_id) -> session
std::map<Server_Information, std::string> m_info_sessions;
};
}
}
#endif