Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::TLS::Session_Manager_SQLite Class Reference

#include <tls_session_manager_sqlite.h>

Inheritance diagram for Botan::TLS::Session_Manager_SQLite:
Botan::TLS::Session_Manager_SQL Botan::TLS::Session_Manager

Public Member Functions

bool load_from_server_info (const Server_Information &info, Session &session) override
 
bool load_from_session_id (const std::vector< uint8_t > &session_id, Session &session) override
 
size_t remove_all () override
 
void remove_entry (const std::vector< uint8_t > &session_id) override
 
void save (const Session &session_data) override
 
std::chrono::seconds session_lifetime () const override
 
 Session_Manager_SQLite (const std::string &passphrase, RandomNumberGenerator &rng, const std::string &db_filename, size_t max_sessions=1000, std::chrono::seconds session_lifetime=std::chrono::seconds(7200))
 

Detailed Description

An implementation of Session_Manager that saves values in a SQLite3 database file, with the session data encrypted using a passphrase.

Warning
For clients, the hostnames associated with the saved sessions are stored in the database in plaintext. This may be a serious privacy risk in some situations.

Definition at line 26 of file tls_session_manager_sqlite.h.

Constructor & Destructor Documentation

Botan::TLS::Session_Manager_SQLite::Session_Manager_SQLite ( const std::string &  passphrase,
RandomNumberGenerator rng,
const std::string &  db_filename,
size_t  max_sessions = 1000,
std::chrono::seconds  session_lifetime = std::chrono::seconds(7200) 
)
Parameters
passphraseused to encrypt the session data
rnga random number generator
db_filenamefilename of the SQLite database file. The table names tls_sessions and tls_sessions_metadata will be used
max_sessionsa hint on the maximum number of sessions to keep in memory at any one time. (If zero, don't cap)
session_lifetimesessions are expired after this many seconds have elapsed from initial handshake.

Definition at line 15 of file tls_session_manager_sqlite.cpp.

19  :
20  Session_Manager_SQL(std::make_shared<Sqlite3_Database>(db_filename),
21  passphrase,
22  rng,
23  max_sessions,
25  {}
std::chrono::seconds session_lifetime() const override
Session_Manager_SQL(std::shared_ptr< SQL_Database > db, const std::string &passphrase, RandomNumberGenerator &rng, size_t max_sessions=1000, std::chrono::seconds session_lifetime=std::chrono::seconds(7200))

Member Function Documentation

bool Botan::TLS::Session_Manager_SQL::load_from_server_info ( const Server_Information info,
Session session 
)
overridevirtualinherited

Try to load a saved session (using info about server)

Parameters
infothe information about the server
sessionwill be set to the saved session data (if found), or not modified if not found
Returns
true if session was modified

Implements Botan::TLS::Session_Manager.

Definition at line 128 of file tls_session_manager_sql.cpp.

References Botan::TLS::Session::decrypt(), Botan::TLS::Server_Information::hostname(), and Botan::TLS::Server_Information::port().

130  {
131  auto stmt = m_db->new_statement("select session from tls_sessions"
132  " where hostname = ?1 and hostport = ?2"
133  " order by session_start desc");
134 
135  stmt->bind(1, server.hostname());
136  stmt->bind(2, server.port());
137 
138  while(stmt->step())
139  {
140  std::pair<const uint8_t*, size_t> blob = stmt->get_blob(0);
141 
142  try
143  {
144  session = Session::decrypt(blob.first, blob.second, m_session_key);
145  return true;
146  }
147  catch(...)
148  {
149  }
150  }
151 
152  return false;
153  }
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
bool Botan::TLS::Session_Manager_SQL::load_from_session_id ( const std::vector< uint8_t > &  session_id,
Session session 
)
overridevirtualinherited

Try to load a saved session (using session ID)

Parameters
session_idthe session identifier we are trying to resume
sessionwill be set to the saved session data (if found), or not modified if not found
Returns
true if session was modified

Implements Botan::TLS::Session_Manager.

Definition at line 104 of file tls_session_manager_sql.cpp.

References Botan::TLS::Session::decrypt(), and Botan::hex_encode().

106  {
107  auto stmt = m_db->new_statement("select session from tls_sessions where session_id = ?1");
108 
109  stmt->bind(1, hex_encode(session_id));
110 
111  while(stmt->step())
112  {
113  std::pair<const uint8_t*, size_t> blob = stmt->get_blob(0);
114 
115  try
116  {
117  session = Session::decrypt(blob.first, blob.second, m_session_key);
118  return true;
119  }
120  catch(...)
121  {
122  }
123  }
124 
125  return false;
126  }
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase)
Definition: hex.cpp:14
size_t Botan::TLS::Session_Manager_SQL::remove_all ( )
overridevirtualinherited

Remove all sessions from the cache, return number of sessions deleted

Implements Botan::TLS::Session_Manager.

Definition at line 164 of file tls_session_manager_sql.cpp.

165  {
166  auto stmt = m_db->new_statement("delete from tls_sessions");
167  return stmt->spin();
168  }
void Botan::TLS::Session_Manager_SQL::remove_entry ( const std::vector< uint8_t > &  session_id)
overridevirtualinherited

Remove this session id from the cache, if it exists

Implements Botan::TLS::Session_Manager.

Definition at line 155 of file tls_session_manager_sql.cpp.

References Botan::hex_encode().

156  {
157  auto stmt = m_db->new_statement("delete from tls_sessions where session_id = ?1");
158 
159  stmt->bind(1, hex_encode(session_id));
160 
161  stmt->spin();
162  }
void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase)
Definition: hex.cpp:14
void Botan::TLS::Session_Manager_SQL::save ( const Session session)
overridevirtualinherited

Save a session on a best effort basis; the manager may not in fact be able to save the session for whatever reason; this is not an error. Caller cannot assume that calling save followed immediately by load_from_* will result in a successful lookup.

Parameters
sessionto save

Implements Botan::TLS::Session_Manager.

Definition at line 170 of file tls_session_manager_sql.cpp.

References Botan::TLS::Session::encrypt(), Botan::hex_encode(), Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), Botan::TLS::Session::server_info(), Botan::TLS::Session::session_id(), and Botan::TLS::Session::start_time().

171  {
172  auto stmt = m_db->new_statement("insert or replace into tls_sessions"
173  " values(?1, ?2, ?3, ?4, ?5)");
174 
175  stmt->bind(1, hex_encode(session.session_id()));
176  stmt->bind(2, session.start_time());
177  stmt->bind(3, session.server_info().hostname());
178  stmt->bind(4, session.server_info().port());
179  stmt->bind(5, session.encrypt(m_session_key, m_rng));
180 
181  stmt->spin();
182 
183  prune_session_cache();
184  }
RandomNumberGenerator & m_rng
Definition: ecdh.cpp:52
void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase)
Definition: hex.cpp:14
std::chrono::seconds Botan::TLS::Session_Manager_SQL::session_lifetime ( ) const
inlineoverridevirtualinherited

Return the allowed lifetime of a session; beyond this time, sessions are not resumed. Returns 0 if unknown/no explicit expiration policy.

Implements Botan::TLS::Session_Manager.

Definition at line 63 of file tls_session_manager_sql.h.

64  { return m_session_lifetime; }

The documentation for this class was generated from the following files: