Botan 3.9.0
Crypto and TLS for C&
tls_session_manager_sql.h
Go to the documentation of this file.
1/*
2* TLS Session Manager storing to encrypted SQL db table
3* (C) 2012,2014 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_TLS_SQL_SESSION_MANAGER_H_
9#define BOTAN_TLS_SQL_SESSION_MANAGER_H_
10
11#include <botan/database.h>
12#include <botan/tls_session_manager.h>
13
14namespace Botan {
15
17
18namespace TLS {
19
20/**
21* An implementation of Session_Manager that saves values in a SQL
22* database file, with the session data encrypted using a passphrase.
23*
24* @warning For clients, the hostnames associated with the saved
25* sessions are stored in the database in plaintext. This may be a
26* serious privacy risk in some situations.
27*/
29 public:
30 /**
31 * @param db A connection to the database to use
32 The table names botan_tls_sessions and
33 botan_tls_sessions_metadata will be used
34 * @param passphrase used to encrypt the session data
35 * @param rng a random number generator
36 * @param max_sessions a hint on the maximum number of sessions
37 * to keep in memory at any one time. (If zero, don't cap)
38 */
39 Session_Manager_SQL(std::shared_ptr<SQL_Database> db,
40 std::string_view passphrase,
41 const std::shared_ptr<RandomNumberGenerator>& rng,
42 size_t max_sessions = 1000);
43
48 ~Session_Manager_SQL() override = default;
49
50 void store(const Session& session, const Session_Handle& handle) override;
51 size_t remove(const Session_Handle& handle) override;
52 size_t remove_all() override;
53
54 bool emits_session_tickets() override { return false; }
55
56 protected:
57 std::optional<Session> retrieve_one(const Session_Handle& handle) override;
58 std::vector<Session_with_Handle> find_some(const Server_Information& info, size_t max_sessions_hint) override;
59
60 /**
61 * Decides whether the underlying database is considered threadsafe in the
62 * context the Session_Manager is used. If this returns `false`, accesses
63 * to the database are serialized with the base class' recursive mutex.
64 */
65 virtual bool database_is_threadsafe() const { return m_db->is_threadsafe(); }
66
67 private:
68 // Database Schema Revision history
69 //
70 // 0 - empty database (needs creation with latest schema)
71 // 1 - corrupted database detected (re-create it with latest schema)
72 // 20120609 - older (Botan 2.0) database scheme
73 // 20230113 - adapt to Botan 3.0 Session_Manager API
74 // (Session objects don't contain Session_ID, Session_Ticket)
75 enum Schema_Revision {
76 EMPTY = 0,
77 CORRUPTED = 1,
78 PRE_BOTAN_3_0 = 20120609,
79 BOTAN_3_0 = 20230112,
80 };
81
82 void create_or_migrate_and_open(std::string_view passphrase);
83 Schema_Revision detect_schema_revision();
84 void create_with_latest_schema(std::string_view passphrase, Schema_Revision rev);
85 void initialize_existing_database(std::string_view passphrase);
86
87 void prune_session_cache();
88
89 private:
90 std::shared_ptr<SQL_Database> m_db;
91 SymmetricKey m_session_key;
92 size_t m_max_sessions;
93};
94
95} // namespace TLS
96
97} // namespace Botan
98
99#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
Helper class to embody a session handle in all protocol versions.
Definition tls_session.h:63
Session_Manager_SQL(std::shared_ptr< SQL_Database > db, std::string_view passphrase, const std::shared_ptr< RandomNumberGenerator > &rng, size_t max_sessions=1000)
void store(const Session &session, const Session_Handle &handle) override
Save a Session under a Session_Handle (TLS Client)
size_t remove(const Session_Handle &handle) override
~Session_Manager_SQL() override=default
Session_Manager_SQL & operator=(const Session_Manager_SQL &)=delete
Session_Manager_SQL(const Session_Manager_SQL &)=delete
Session_Manager_SQL(Session_Manager_SQL &&)=delete
Session_Manager_SQL & operator=(Session_Manager_SQL &&)=delete
BOTAN_FUTURE_EXPLICIT Session_Manager(const std::shared_ptr< RandomNumberGenerator > &rng)
OctetString SymmetricKey
Definition symkey.h:140