/* * TLS Session Manager * (C) 2011 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #ifndef BOTAN_TLS_SESSION_MANAGER_H_ #define BOTAN_TLS_SESSION_MANAGER_H_ #include #include #include #include namespace Botan { namespace TLS { /** * Session_Manager is an interface to systems which can save * session parameters for supporting session resumption. * * Saving sessions is done on a best-effort basis; an implementation is * allowed to drop sessions due to space constraints. * * Implementations should strive to be thread safe */ class BOTAN_PUBLIC_API(2,0) Session_Manager { public: /** * Try to load a saved session (using session ID) * @param session_id the session identifier we are trying to resume * @param session will be set to the saved session data (if found), or not modified if not found * @return true if session was modified */ virtual bool load_from_session_id(const std::vector& session_id, Session& session) = 0; /** * Try to load a saved session (using info about server) * @param info the information about the server * @param session will be set to the saved session data (if found), or not modified if not found * @return true if session was modified */ virtual bool load_from_server_info(const Server_Information& info, Session& session) = 0; /** * Remove this session id from the cache, if it exists */ virtual void remove_entry(const std::vector& session_id) = 0; /** * Remove all sessions from the cache, return number of sessions deleted */ virtual size_t remove_all() = 0; /** * Save a session on a best effort basis; the manager may not in * fact be able to save the session for whatever reason; this is * not an error. Caller cannot assume that calling save followed * immediately by load_from_* will result in a successful lookup. * * @param session to save */ virtual void save(const Session& session) = 0; /** * Return the allowed lifetime of a session; beyond this time, * sessions are not resumed. Returns 0 if unknown/no explicit * expiration policy. */ virtual std::chrono::seconds session_lifetime() const = 0; virtual ~Session_Manager() = default; }; /** * An implementation of Session_Manager that does not save sessions at * all, preventing session resumption. */ class BOTAN_PUBLIC_API(2,0) Session_Manager_Noop final : public Session_Manager { public: bool load_from_session_id(const std::vector&, Session&) override { return false; } bool load_from_server_info(const Server_Information&, Session&) override { return false; } void remove_entry(const std::vector&) override {} size_t remove_all() override { return 0; } void save(const Session&) override {} std::chrono::seconds session_lifetime() const override { return std::chrono::seconds(0); } }; /** * An implementation of Session_Manager that saves values in memory. */ class BOTAN_PUBLIC_API(2,0) Session_Manager_In_Memory final : public Session_Manager { public: /** * @param rng a RNG used for generating session key and for * session encryption * @param max_sessions a hint on the maximum number of sessions * to keep in memory at any one time. (If zero, don't cap) * @param session_lifetime sessions are expired after this many * seconds have elapsed from initial handshake. */ Session_Manager_In_Memory(RandomNumberGenerator& rng, size_t max_sessions = 1000, std::chrono::seconds session_lifetime = std::chrono::seconds(7200)); bool load_from_session_id(const std::vector& session_id, Session& session) override; bool load_from_server_info(const Server_Information& info, Session& session) override; void remove_entry(const std::vector& session_id) override; size_t remove_all() override; void save(const Session& session_data) override; std::chrono::seconds session_lifetime() const override { return m_session_lifetime; } private: bool load_from_session_str(const std::string& session_str, Session& session); mutex_type m_mutex; size_t m_max_sessions; std::chrono::seconds m_session_lifetime; RandomNumberGenerator& m_rng; secure_vector m_session_key; std::map> m_sessions; // hex(session_id) -> session std::map m_info_sessions; }; } } #endif