isc::gss_tsig::TKeyExchange Class Reference

The TKeyExchange class handles communication with the DNS server. More...

#include <tkey_exchange.h>

Inheritance diagram for isc::gss_tsig::TKeyExchange:

Classes
class	Callback
	Callback for the TKeyExchange class. More...

Public Types
enum	Status {   SUCCESS , TIMEOUT , IO_STOPPED , INVALID_RESPONSE ,   UNSIGNED_RESPONSE , BAD_CREDENTIALS , OTHER }
	A status code of the TKeyExchange. More...

Public Member Functions
	TKeyExchange (const isc::asiolink::IOServicePtr &io_service, const DnsServerPtr &server, const GssTsigKeyPtr &key, Callback *callback, uint32_t timeout=TKEY_EXCHANGE_IO_TIMEOUT, OM_uint32 flags=TKEY_EXCHANGE_FLAGS)
	Constructor.
virtual	~TKeyExchange ()
	Virtual destructor, does nothing.
void	cancel ()
	This function cancels the in-flight TKEY exchange.
void	doExchange ()
	This function handles the repeated communication with the DNS server trying to complete the TKEY exchange.
isc::asiolink::IOServicePtr	getIOService ()
	Gets IO service.
void	setIOService (const isc::asiolink::IOServicePtr io_service)
	Sets IO service.

Static Public Member Functions
static std::string	statusToText (Status status)
	Convert a status to its textual form.

Static Public Attributes
static const OM_uint32	TKEY_EXCHANGE_FLAGS = (GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG)
	The default TKEY exchange flags.
static const uint32_t	TKEY_EXCHANGE_IO_TIMEOUT = 3000
	The default IO timeout used for IO operations (in milliseconds) set to 3000 (3 seconds).

Detailed Description

The TKeyExchange class handles communication with the DNS server.

Communication with the DNS server is asynchronous. Caller must provide a callback, which will be invoked when the response from the DNS server is received, a timeout has occurred or IO service has been stopped for any reason. The caller-supplied callback is called by the internal callback operator implemented by TKeyExchange. This callback is responsible for initializing the GssTsigContext instance which encapsulates the response from the DNS. This initialization does not take place if the response from DNS is not received.

Definition at line 36 of file tkey_exchange.h.

Member Enumeration Documentation

Status

enum isc::gss_tsig::TKeyExchange::Status

A status code of the TKeyExchange.

Enumerator
SUCCESS	Response received and is ok.
TIMEOUT	No response, timeout.
IO_STOPPED	IO was stopped.
INVALID_RESPONSE	Response received but invalid.
UNSIGNED_RESPONSE	Response received but not signed.
BAD_CREDENTIALS	Bad client credentials.
OTHER	Other, unclassified error.

Definition at line 39 of file tkey_exchange.h.

Constructor & Destructor Documentation

TKeyExchange()

isc::gss_tsig::TKeyExchange::TKeyExchange	(	const isc::asiolink::IOServicePtr &	io_service,
		const DnsServerPtr &	server,
		const GssTsigKeyPtr &	key,
		Callback *	callback,
		uint32_t	timeout = TKEY_EXCHANGE_IO_TIMEOUT,
		OM_uint32	flags = TKEY_EXCHANGE_FLAGS )

Constructor.

Parameters

io_service	The IOService which handles IO operations.
server	The server for which the TKEY exchange is performed.
key	The TKEY being updated.
callback	Pointer to an object implementing TKeyExchange::Callback class. This object will be called when DNS message exchange completes or if an error occurs. NULL value disables callback invocation.
timeout	The timeout for the IO operations.
flags	The flags used for the TKEY exchange.

Exceptions

BadValue	if io_service is null.
BadValue	if key's security context has already been used.

Definition at line 551 of file tkey_exchange.cc.

~TKeyExchange()

isc::gss_tsig::TKeyExchange::~TKeyExchange ( )

virtual

Virtual destructor, does nothing.

Definition at line 557 of file tkey_exchange.cc.

References cancel().

Here is the call graph for this function:

Member Function Documentation

cancel()

void isc::gss_tsig::TKeyExchange::cancel

(

)

This function cancels the in-flight TKEY exchange.

Definition at line 567 of file tkey_exchange.cc.

Referenced by ~TKeyExchange().

doExchange()

void isc::gss_tsig::TKeyExchange::doExchange

(

)

This function handles the repeated communication with the DNS server trying to complete the TKEY exchange.

Definition at line 562 of file tkey_exchange.cc.

getIOService()

IOServicePtr isc::gss_tsig::TKeyExchange::getIOService

(

)

Gets IO service.

Returns

IOService object, used for all ASIO operations.

Definition at line 572 of file tkey_exchange.cc.

setIOService()

void isc::gss_tsig::TKeyExchange::setIOService

(

const isc::asiolink::IOServicePtr

io_service

)

Sets IO service.

Parameters

io_service

IOService object, used for all ASIO operations.

Definition at line 577 of file tkey_exchange.cc.

statusToText()

string isc::gss_tsig::TKeyExchange::statusToText ( Status status )

static

Convert a status to its textual form.

Definition at line 44 of file tkey_exchange.cc.

References BAD_CREDENTIALS, INVALID_RESPONSE, IO_STOPPED, SUCCESS, TIMEOUT, and UNSIGNED_RESPONSE.

Referenced by isc::gss_tsig::ManagedKey::operator()(), and isc::gss_tsig::ManagedKey::toElement().

Member Data Documentation

TKEY_EXCHANGE_FLAGS

const OM_uint32 isc::gss_tsig::TKeyExchange::TKEY_EXCHANGE_FLAGS = (GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG)

static

The default TKEY exchange flags.

The default flags consist in:

• GSS_C_MUTUAL_FLAG: A flag that requires both of initiator and acceptor to be authenticated.
• GSS_C_REPLAY_FLAG: A flag that detects repeated messages.
• GSS_C_INTEG_FLAG: A flag that makes integrity services (that is, cryptographic signatures) available for transferred messages. Note the GSS_C_SEQUENCE_FLAG is not set by default.

Definition at line 117 of file tkey_exchange.h.

Referenced by isc::gss_tsig::GssTsigImpl::createKey().

TKEY_EXCHANGE_IO_TIMEOUT

const uint32_t isc::gss_tsig::TKeyExchange::TKEY_EXCHANGE_IO_TIMEOUT = 3000

static

The default IO timeout used for IO operations (in milliseconds) set to 3000 (3 seconds).

Definition at line 121 of file tkey_exchange.h.

---

The documentation for this class was generated from the following files:

• tkey_exchange.h
• tkey_exchange.cc