#include <tls_session_manager_sqlite.h>
Public Member Functions | |
| bool | load_from_server_info (const Server_Information &info, Session &session) override |
| bool | load_from_session_id (const std::vector< byte > &session_id, Session &session) override |
| void | remove_entry (const std::vector< byte > &session_id) override |
| void | save (const Session &session_data) override |
| std::chrono::seconds | session_lifetime () const override |
| Session_Manager_SQLite (const std::string &passphrase, RandomNumberGenerator &rng, const std::string &db_filename, size_t max_sessions=1000, std::chrono::seconds session_lifetime=std::chrono::seconds(7200)) | |
Detailed Description
An implementation of Session_Manager that saves values in a SQLite3 database file, with the session data encrypted using a passphrase.
- Warning:
- For clients, the hostnames associated with the saved sessions are stored in the database in plaintext. This may be a serious privacy risk in some situations.
Definition at line 26 of file tls_session_manager_sqlite.h.
Constructor & Destructor Documentation
| Botan::TLS::Session_Manager_SQLite::Session_Manager_SQLite | ( | const std::string & | passphrase, |
| RandomNumberGenerator & | rng, | ||
| const std::string & | db_filename, | ||
| size_t | max_sessions = 1000, |
||
| std::chrono::seconds | session_lifetime = std::chrono::seconds(7200) |
||
| ) |
- Parameters:
-
passphrase used to encrypt the session data rng a random number generator db_filename filename of the SQLite database file. The table names tls_sessions and tls_sessions_metadata will be used max_sessions a hint on the maximum number of sessions to keep in memory at any one time. (If zero, don't cap) session_lifetime sessions are expired after this many seconds have elapsed from initial handshake.
Definition at line 15 of file tls_session_manager_sqlite.cpp.
: Session_Manager_SQL(std::make_shared<Sqlite3_Database>(db_filename), passphrase, rng, max_sessions, session_lifetime) {}
Member Function Documentation
| bool Botan::TLS::Session_Manager_SQL::load_from_server_info | ( | const Server_Information & | info, |
| Session & | session | ||
| ) | [override, virtual, inherited] |
Try to load a saved session (using info about server)
- Parameters:
-
info the information about the server session will be set to the saved session data (if found), or not modified if not found
- Returns:
- true if session was modified
Implements Botan::TLS::Session_Manager.
Definition at line 142 of file tls_session_manager_sql.cpp.
References decrypt, Botan::TLS::Server_Information::hostname(), and Botan::TLS::Server_Information::port().
{
auto stmt = m_db->new_statement("select session from tls_sessions"
" where hostname = ?1 and hostport = ?2"
" order by session_start desc");
stmt->bind(1, server.hostname());
stmt->bind(2, server.port());
while(stmt->step())
{
std::pair<const byte*, size_t> blob = stmt->get_blob(0);
try
{
session = Session::decrypt(blob.first, blob.second, m_session_key);
return true;
}
catch(...)
{
}
}
return false;
}
| bool Botan::TLS::Session_Manager_SQL::load_from_session_id | ( | const std::vector< byte > & | session_id, |
| Session & | session | ||
| ) | [override, virtual, inherited] |
Try to load a saved session (using session ID)
- Parameters:
-
session_id the session identifier we are trying to resume session will be set to the saved session data (if found), or not modified if not found
- Returns:
- true if session was modified
Implements Botan::TLS::Session_Manager.
Definition at line 118 of file tls_session_manager_sql.cpp.
References decrypt, and Botan::hex_encode().
{
auto stmt = m_db->new_statement("select session from tls_sessions where session_id = ?1");
stmt->bind(1, hex_encode(session_id));
while(stmt->step())
{
std::pair<const byte*, size_t> blob = stmt->get_blob(0);
try
{
session = Session::decrypt(blob.first, blob.second, m_session_key);
return true;
}
catch(...)
{
}
}
return false;
}
| void Botan::TLS::Session_Manager_SQL::remove_entry | ( | const std::vector< byte > & | session_id | ) | [override, virtual, inherited] |
Remove this session id from the cache, if it exists
Implements Botan::TLS::Session_Manager.
Definition at line 169 of file tls_session_manager_sql.cpp.
References Botan::hex_encode().
{
auto stmt = m_db->new_statement("delete from tls_sessions where session_id = ?1");
stmt->bind(1, hex_encode(session_id));
stmt->spin();
}
| void Botan::TLS::Session_Manager_SQL::save | ( | const Session & | session | ) | [override, virtual, inherited] |
Save a session on a best effort basis; the manager may not in fact be able to save the session for whatever reason; this is not an error. Caller cannot assume that calling save followed immediately by load_from_* will result in a successful lookup.
- Parameters:
-
session to save
Implements Botan::TLS::Session_Manager.
Definition at line 178 of file tls_session_manager_sql.cpp.
References Botan::TLS::Session::encrypt(), Botan::hex_encode(), Botan::TLS::Server_Information::hostname(), Botan::TLS::Server_Information::port(), Botan::TLS::Session::server_info(), Botan::TLS::Session::session_id(), and Botan::TLS::Session::start_time().
{
auto stmt = m_db->new_statement("insert or replace into tls_sessions"
" values(?1, ?2, ?3, ?4, ?5)");
stmt->bind(1, hex_encode(session.session_id()));
stmt->bind(2, session.start_time());
stmt->bind(3, session.server_info().hostname());
stmt->bind(4, session.server_info().port());
stmt->bind(5, session.encrypt(m_session_key, m_rng));
stmt->spin();
prune_session_cache();
}
| std::chrono::seconds Botan::TLS::Session_Manager_SQL::session_lifetime | ( | ) | const [inline, override, virtual, inherited] |
Return the allowed lifetime of a session; beyond this time, sessions are not resumed. Returns 0 if unknown/no explicit expiration policy.
Implements Botan::TLS::Session_Manager.
Definition at line 61 of file tls_session_manager_sql.h.
{ return m_session_lifetime; }
The documentation for this class was generated from the following files:
- src/lib/tls/sessions_sqlite3/tls_session_manager_sqlite.h
- src/lib/tls/sessions_sqlite3/tls_session_manager_sqlite.cpp
