FireDaemon/sslapp-kit
SHA256
2
0
Fork 0
Code Issues Pull requests Activity
A domain-specific library so that programmers can easily work with OpenSSL and SQLite databases in their C++ programs.
22 commits 1 branch 0 tags 171 KiB
  • C++ 93%
  • C 7%
Find a file
klaus triendl 79902984d6 Corrected determining maximum buffer size for encrypted data
2025-11-25 23:01:22 +02:00
fd Corrected determining maximum buffer size for encrypted data 2025-11-25 23:01:22 +02:00
LICENSES Added Apache-2.0 as open source license, ensured REUSE 3.3 compliance 2025-07-17 13:00:22 +02:00
sslapp_toolbox/code/FDUtilitiesLib Updated os_cxx_utilities 2025-11-17 18:08:18 +02:00
.clang-format Updated os_cxx_utilities 2025-11-17 18:08:18 +02:00
.gitattributes Tried to normalize line endings 2025-07-17 14:29:24 +02:00
.gitignore Initial version 2025-05-07 00:45:59 +03:00
readme.md Ability to specify the organization and location for a self-signed cert 2025-07-19 22:08:29 +02:00
REUSE.toml Added Apache-2.0 as open source license, ensured REUSE 3.3 compliance 2025-07-17 13:00:22 +02:00

readme.md

sslapp-kit

Easily create applications with OpenSSL. Integrate cryptography natively into SQL queries for database-supported applications.

In other words, sslapp-kit is a domain-specific library so that programmers can easily work with OpenSSL and SQLite databases in their C++ programs.

Table of Contents

Business Case

sslapp-kit is an open-source C++ library designed to streamline the development of cryptographic applications, possibly database-supported. From a business standpoint, adopting and contributing to this library offers several advantages:

1. Complexity Removed

sslapp-kit abstracts the intricacies of integration of cryptography and database interactions, allowing developers to focus on core application logic rather than low-level security and database code. This abstraction reduces the potential for errors and accelerates development.

2. Streamlined C++ Code

By providing a clean and modern C++ interface, sslapp-kit promotes readable and maintainable codebases. This streamlined approach facilitates easier onboarding for new developers and simplifies long-term maintenance.

3. Assumed Saved Man Hours

The library's design minimizes the need for boilerplate code and repetitive tasks, leading to significant time savings. Developers can implement features more rapidly, reducing development cycles and associated costs.

4. Quick Integration

sslapp-kit is built for easy integration into existing projects. Its modular architecture and clear documentation enable swift adoption, allowing teams to enhance their applications without extensive refactoring.

5. Why SQLite is Co-joined

The inclusion of a so-called Domain Specific Language for SQLite within sslapp-kit complements the library's goals of simplicity and efficiency. SQLite's self-contained nature aligns with sslapp-kit's emphasis on reducing external dependencies, facilitating easier development and scalability.

Conclusion

Utilizing sslapp-kit can lead to more secure, efficient, and maintainable applications. Encouraging your development team to adopt and contribute to this library not only enhances your projects but also supports the broader open-source community, fostering innovation and collaboration.

Main Features

  1. C++ friendly
    Modern C++23 for secure and legible code:
    • typed smart pointers with easy inter-operatibility in mind (no boiler-plate)
    • error handling facilities
    • factory functions for BIO objects
    • string views on raw data
  2. Abstracted operating system interaction
    Hides the intricacies of operating systems, such as:
    • certificate store from Windows Certificate Store
    • C++ system error integration
  3. Common functions
    ... most likely needed in an application, such as:
    • retrieve subject one-liner
    • certificate store from a CA bundle file
  4. Higher-level functions, such as:
    • create self-signed certificates
    • create certificate signing requests
  5. SQLite application-defined functions
    SQLite can be extended with application-defined functions to work with C/C++ objects natively in SQL queries [which is not possible with other database systems]!
    Such as:
    • ASN1 date/time functions
    • X509 certificate functions
    • Error checking

Examples

declutter code

  • Smart pointers and clear error checking
  • Nicely blends with OpenSSL's C API
sslx509store_ptr store = X509_STORE_new() | or_throw_ssl_error;
X509_STORE_add_lookup(store, X509_LOOKUP_file()), check_and_throw_ssl_error;

common functions

  • Easily work with certificates
sslx509_ptr cert;
PEM_read_bio_X509(make_bio_file("cert.pem"), out_ptr(cert), nullptr, nullptr), check_and_throw_ssl_error;

sslx509store_ptr store = x509_store_from_bundle(make_bio_file("caBundle.pem"));

std::string subject = x509_oneline_subject_u8(cert);

std::error_code ec = verify_x509(store, cert);

high-level functionality

  • Do things using a simple specification, like creating a self-signed certificate:
auto [key, cert] = fd::create_self_signed_certificate({
    .purpose = certificate_purpose::digital_signing,
    .keySize = 2048,
    .nValidDays{365},
    .subjectName{
        .cn_u8 = "my name",
    },
});

sqlite_orm

  • Ease of use with application-defined functions like get_x509_not_valid_after() and asn1_time_diff(). 
    constexpr orm_cte_moniker auto cert = "cert"_cte;
constexpr orm_column_alias auto valid_secs = "valid_secs"_col;

// Create a CTE with the certificates' remaining validity
const auto validity_cte_expression = 
    cert(valid_secs).as(
        select(
            asn1_time_diff(nullptr, get_x509_not_valid_after(&CertificateData::certificate))));

About Licensing

The entire source code and all documents of sslapp-kit are subject to the associated license of the library.

Since sslapp-kit is based on OpenSSL and sqlite_orm, the use of OpenSSL and possibly sqlite_orm is subject to the respective licenses.