Botan::TLS::Session_Manager_SQLite Class Reference

#include <tls_session_manager_sqlite.h>

Inheritance diagram for Botan::TLS::Session_Manager_SQLite:

Public Member Functions
bool	load_from_server_info (const Server_Information &info, Session &session) override
bool	load_from_session_id (const std::vector< uint8_t > &session_id, Session &session) override
size_t	remove_all () override
void	remove_entry (const std::vector< uint8_t > &session_id) override
void	save (const Session &session_data) override
std::chrono::seconds	session_lifetime () const override
	Session_Manager_SQLite (const std::string &passphrase, RandomNumberGenerator &rng, const std::string &db_filename, size_t max_sessions=1000, std::chrono::seconds session_lifetime=std::chrono::seconds(7200))

Detailed Description

An implementation of Session_Manager that saves values in a SQLite3 database file, with the session data encrypted using a passphrase.

Warning

For clients, the hostnames associated with the saved sessions are stored in the database in plaintext. This may be a serious privacy risk in some situations.

Definition at line 27 of file tls_session_manager_sqlite.h.

Constructor & Destructor Documentation

Session_Manager_SQLite()

Botan::TLS::Session_Manager_SQLite::Session_Manager_SQLite	(	const std::string &	passphrase,
		RandomNumberGenerator &	rng,
		const std::string &	db_filename,
		size_t	max_sessions = 1000,
		std::chrono::seconds	session_lifetime = std::chrono::seconds(7200)
	)

Parameters

passphrase	used to encrypt the session data
rng	a random number generator
db_filename	filename of the SQLite database file. The table names tls_sessions and tls_sessions_metadata will be used
max_sessions	a hint on the maximum number of sessions to keep in memory at any one time. (If zero, don't cap)
session_lifetime	sessions are expired after this many seconds have elapsed from initial handshake.

Definition at line 15 of file tls_session_manager_sqlite.cpp.

                                                                                  :
   Session_Manager_SQL(std::make_shared<Sqlite3_Database>(db_filename),
                       passphrase,
                       rng,
                       max_sessions,
                       session_lifetime)
   {}

Member Function Documentation

load_from_server_info()

bool Botan::TLS::Session_Manager_SQL::load_from_server_info ( const Server_Information &  info, Session &  session  )

overridevirtualinherited

Try to load a saved session (using info about server)

Parameters

info	the information about the server
session	will be set to the saved session data (if found), or not modified if not found

Returns

true if session was modified

Implements Botan::TLS::Session_Manager.

Definition at line 130 of file tls_session_manager_sql.cpp.

References Botan::TLS::Session::decrypt(), Botan::TLS::Server_Information::hostname(), and Botan::TLS::Server_Information::port().

   {
   auto stmt = m_db->new_statement("select session from tls_sessions"
                                   " where hostname = ?1 and hostport = ?2"
                                   " order by session_start desc");

   stmt->bind(1, server.hostname());
   stmt->bind(2, server.port());

   while(stmt->step())
      {
      std::pair<const uint8_t*, size_t> blob = stmt->get_blob(0);

      try
         {
         session = Session::decrypt(blob.first, blob.second, m_session_key);
         return true;
         }
      catch(...)
         {
         }
      }

   return false;
   }

load_from_session_id()

bool Botan::TLS::Session_Manager_SQL::load_from_session_id ( const std::vector< uint8_t > &  session_id, Session &  session  )

overridevirtualinherited

Try to load a saved session (using session ID)

Parameters

session_id	the session identifier we are trying to resume
session	will be set to the saved session data (if found), or not modified if not found

Returns

true if session was modified

Implements Botan::TLS::Session_Manager.

Definition at line 106 of file tls_session_manager_sql.cpp.

References Botan::TLS::Session::decrypt(), and Botan::hex_encode().

   {
   auto stmt = m_db->new_statement("select session from tls_sessions where session_id = ?1");

   stmt->bind(1, hex_encode(session_id));

   while(stmt->step())
      {
      std::pair<const uint8_t*, size_t> blob = stmt->get_blob(0);

      try
         {
         session = Session::decrypt(blob.first, blob.second, m_session_key);
         return true;
         }
      catch(...)
         {
         }
      }

   return false;
   }

remove_all()

size_t Botan::TLS::Session_Manager_SQL::remove_all ( )

overridevirtualinherited

Remove all sessions from the cache, return number of sessions deleted

Implements Botan::TLS::Session_Manager.

Definition at line 166 of file tls_session_manager_sql.cpp.

   {
   auto stmt = m_db->new_statement("delete from tls_sessions");
   return stmt->spin();
   }

remove_entry()

void Botan::TLS::Session_Manager_SQL::remove_entry ( const std::vector< uint8_t > &  session_id )

overridevirtualinherited

Remove this session id from the cache, if it exists

Implements Botan::TLS::Session_Manager.

Definition at line 157 of file tls_session_manager_sql.cpp.

References Botan::hex_encode().

   {
   auto stmt = m_db->new_statement("delete from tls_sessions where session_id = ?1");

   stmt->bind(1, hex_encode(session_id));

   stmt->spin();
   }

save()

void Botan::TLS::Session_Manager_SQL::save ( const Session &  session )

overridevirtualinherited

Save a session on a best effort basis; the manager may not in fact be able to save the session for whatever reason; this is not an error. Caller cannot assume that calling save followed immediately by load_from_* will result in a successful lookup.

Parameters

session

to save

Implements Botan::TLS::Session_Manager.

Definition at line 172 of file tls_session_manager_sql.cpp.

References Botan::TLS::Session::encrypt(), Botan::hex_encode(), Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), Botan::TLS::Session::server_info(), Botan::TLS::Session::session_id(), and Botan::TLS::Session::start_time().

   {
   if(session.server_info().hostname().empty())
      return;

   auto stmt = m_db->new_statement("insert or replace into tls_sessions"
                                   " values(?1, ?2, ?3, ?4, ?5)");

   stmt->bind(1, hex_encode(session.session_id()));
   stmt->bind(2, session.start_time());
   stmt->bind(3, session.server_info().hostname());
   stmt->bind(4, session.server_info().port());
   stmt->bind(5, session.encrypt(m_session_key, m_rng));

   stmt->spin();

   prune_session_cache();
   }

session_lifetime()

std::chrono::seconds Botan::TLS::Session_Manager_SQL::session_lifetime ( ) const

inlineoverridevirtualinherited

Return the allowed lifetime of a session; beyond this time, sessions are not resumed. Returns 0 if unknown/no explicit expiration policy.

Implements Botan::TLS::Session_Manager.

Definition at line 64 of file tls_session_manager_sql.h.

         { return m_session_lifetime; }

---

The documentation for this class was generated from the following files:

• src/lib/tls/sessions_sqlite3/tls_session_manager_sqlite.h
• src/lib/tls/sessions_sqlite3/tls_session_manager_sqlite.cpp