Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: added franku-tmp and some plantuml diagrams
- using this folder as temporary space for plantuml diagrams - these diagrams will be embedded into documentation texts
- Loading branch information
Showing
3 changed files
with
132 additions
and
0 deletions.
There are no files selected for viewing
15 changes: 15 additions & 0 deletions
15
docs/manuals/en/developers/franku-tmp/initiate_tls_connection.plantuml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
@startuml | ||
|
||
Title: Startsequence of a Director to \nstoragedeamon TLS connection\n\n\ | ||
|
||
autonumber | ||
Director <-> Storage : InitiateTCPConnection | ||
Director <-> Storage : InitiateTlsConnection | ||
|
||
Director -> Storage : "Hello Director 'xyz' calling" | ||
Director <- Storage : "auth cram-md5 'random,time,hostname' ssl='[0|1|2]'" | ||
Director -> Storage : "md5(password)" | ||
Director -> Storage : "auth cram-md5 'random,time,hostname' ssl='[0|1|2]'" | ||
Director <- Storage : "md5(password)" | ||
|
||
@enduml |
73 changes: 73 additions & 0 deletions
73
docs/manuals/en/developers/franku-tmp/tls_conf_classes.plantuml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
@startuml | ||
|
||
Title: Bareos TLS config internal class relations\n\n\n | ||
|
||
package "Bareos Config as defined in lib/parse_conf.h" #EEEEEE { | ||
class TLS_COMMON_CONFIG << (B, #FF7700) >> { | ||
+ CFG_TYPE_BOOL TlsAuthenticate <tls_cert.authenticate> | ||
+ CFG_TYPE_BOOL TlsEnable <tls_cert.enable> | ||
+ CFG_TYPE_BOOL TlsRequire <tls_cert.require> | ||
+ CFG_TYPE_STR TlsCipherList <tls_cert.cipherlist> | ||
+ CFG_TYPE_STDSTRDIR TlsDhFile <tls_cert.dhfile> | ||
} | ||
|
||
class TLS_CERT_CONFIG << (B, #FF7700) >> { | ||
+ CFG_TYPE_BOOL VerifyPeer <tls_cert.VerifyPeer> | ||
+ CFG_TYPE_STDSTRDIR TlsCaCertificateFilec <tls_cert.CaCertfile> | ||
+ CFG_TYPE_STDSTRDIR TlsCaCertificateDir <tls_cert.CaCertfile> | ||
+ CFG_TYPE_STDSTRDIR TlsCertificateRevocationList <tls_cert.crlfile> | ||
+ CFG_TYPE_STDSTRDIR TlsCertificate <tls_cert.certfile> | ||
+ CFG_TYPE_STDSTRDIR TlsKey <tls_cert.keyfile> | ||
+ CFG_TYPE_ALIST_STR TlsAllowedCn <tls_cert.AllowedCns> | ||
} | ||
|
||
class TLS_PSK_CONFIG << (B, #FF7700) >> { | ||
+ CFG_TYPE_BOOL TlsPskEnable <tls_psk.enable> | ||
+ CFG_TYPE_BOOL TlsPskEnable <tls_psk.enable> | ||
} | ||
} | ||
|
||
class PskCredentials { | ||
- std::string identity_; | ||
- std::string psk_; | ||
} | ||
|
||
class TlsConfigPsk { | ||
- std::shared_ptr<PskCredentials> psk_credentials_ | ||
+ char *cipherlist | ||
} | ||
|
||
TlsConfigPsk --|> PskCredentials : psk_credentials_ | ||
|
||
class TlsConfigCert { | ||
+ bool authenticate | ||
+ bool VerifyPeer | ||
+ std::string *CaCertfile | ||
+ std::string *CaCertdir | ||
+ std::string *crlfile | ||
+ std::string *certfile | ||
+ std::string *keyfile | ||
+ std::string *cipherlist | ||
+ std::string *dhfile | ||
+ alist *AllowedCns | ||
+ std::string *pem_message; | ||
} | ||
|
||
abstract class TlsConfigBase { | ||
+ bool enable; | ||
+ bool require; | ||
+ virtual std::shared_ptr<TLS_IMPLEMENTATION> CreateClientContext() const = 0; | ||
+ virtual std::shared_ptr<TLS_IMPLEMENTATION> CreateServerContext() const = 0; | ||
+ uint32_t GetPolicy() const = 0; | ||
} | ||
|
||
TlsConfigCert ..|> TlsConfigBase | ||
TlsConfigPsk ..|> TlsConfigBase | ||
|
||
|
||
TLS_COMMON_CONFIG --> TlsConfigCert : initializes\n during config load | ||
TLS_CERT_CONFIG --> TlsConfigCert : initializes\n during config load | ||
TLS_PSK_CONFIG --> TlsConfigPsk : initializes\n during config load | ||
|
||
|
||
@enduml |
44 changes: 44 additions & 0 deletions
44
docs/manuals/en/developers/franku-tmp/tls_openssl_gnutls_classes.plantuml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
@startuml | ||
|
||
Title: OpenSSL - GNUTls Classes (planned)\n\n\n | ||
|
||
class BareosSocket { | ||
+ Tls tls_conn | ||
} | ||
|
||
class "TlsOpenSsl" as OpenSsl { | ||
- const char *default_ciphers | ||
- SSL_CTX *openssl_ | ||
- SSL *openssl_ | ||
- CRYPTO_PEM_PASSWD_CB *pem_callback | ||
- const void *pem_userdata | ||
+ new_tls_psk_client_context() | ||
+ new_tls_psk_server_context() | ||
+ TlsCipherGetName() | ||
+ TlsLogConninfo() | ||
+ TlsPolicyHandshake() | ||
} | ||
|
||
class "TlsGnuTls" as GnuTls { | ||
- const char *default_ciphers | ||
} | ||
|
||
abstract class Tls { | ||
+ new_tls_context() | ||
+ FreeTlsContext() | ||
+ TlsPostconnectVerifyHost() | ||
+ TlsPostconnectVerifyCn() | ||
+ TlsBsockAccept() | ||
+ TlsBsockWriten() | ||
+ TlsBsockReadn() | ||
+ TlsBsockConnect() | ||
+ TlsBsockShutdown() | ||
+ FreeTlsConnection() | ||
} | ||
|
||
OpenSsl ..|> Tls | ||
GnuTls ..|> Tls | ||
|
||
BareosSocket -> Tls : tls_conn | ||
|
||
@enduml |