|
version 1.8, 2002/08/29 16:48:16
|
version 1.9, 2002/09/06 00:19:38
|
|
|
|
| // | // |
| // Author: Markus Mueller (sedgewick_de@yahoo.de) | // Author: Markus Mueller (sedgewick_de@yahoo.de) |
| // | // |
| // Modified By: |
// Modified By: Nag Boranna, Hewlett-Packard Company (nagaraja_boranna@hp.com) |
| // Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com ) |
// Roger Kumpf, Hewlett-Packard Company (roger_kumpf@hp.com) |
| // | // |
| //%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| | |
|
|
|
| // certificate handling routine | // certificate handling routine |
| // | // |
| | |
| VERIFY_CERTIFICATE verify_certificate; |
// ATTN-RK-20020905: This global variable is unsafe with multiple SSL contexts |
| |
SSLCertificateVerifyFunction* verify_certificate; |
| | |
| static int cert_verify(SSL_CTX *ctx, const char *cert_file, const char *key_file) | static int cert_verify(SSL_CTX *ctx, const char *cert_file, const char *key_file) |
| { | { |
|
|
|
| // | // |
| // Call the verify_certificate() callback | // Call the verify_certificate() callback |
| // | // |
| CertificateInfo certInfo(subjectName, issuerName, depth, err); |
SSLCertificateInfo certInfo(subjectName, issuerName, depth, err); |
| | |
| if (verify_certificate(certInfo)) | if (verify_certificate(certInfo)) |
| { | { |
|
|
|
| // | // |
| // | // |
| SSLContextRep::SSLContextRep(const String& certPath, | SSLContextRep::SSLContextRep(const String& certPath, |
| VERIFY_CERTIFICATE verifyCert, |
SSLCertificateVerifyFunction* verifyCert, |
| const String& randomFile, | const String& randomFile, |
| Boolean isCIMClient) | Boolean isCIMClient) |
| { | { |
|
|
|
| | |
| #endif // end of PEGASUS_SSL_RANDOMFILE | #endif // end of PEGASUS_SSL_RANDOMFILE |
| | |
| |
_sslContext = _makeSSLContext(); |
| |
|
| |
PEG_METHOD_EXIT(); |
| |
} |
| |
|
| |
SSLContextRep::SSLContextRep(const SSLContextRep& sslContextRep) |
| |
{ |
| |
PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::SSLContextRep()"); |
| |
|
| |
_certPath = sslContextRep._certPath; |
| |
// ATTN: verify_certificate is set implicitly in global variable |
| |
_randomFile = sslContextRep._randomFile; |
| |
_isCIMClient = sslContextRep._isCIMClient; |
| |
_sslContext = _makeSSLContext(); |
| |
|
| |
PEG_METHOD_EXIT(); |
| |
} |
| |
|
| |
// |
| |
// Destructor |
| |
// |
| |
|
| |
SSLContextRep::~SSLContextRep() |
| |
{ |
| |
PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::~SSLContextRep()"); |
| |
|
| |
SSL_CTX_free(_sslContext); |
| |
|
| |
PEG_METHOD_EXIT(); |
| |
} |
| |
|
| |
SSL_CTX * SSLContextRep::_makeSSLContext() |
| |
{ |
| |
PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::_makeSSLContext()"); |
| |
|
| |
SSL_CTX * sslContext = 0; |
| |
|
| // | // |
| // create SSL Context Area | // create SSL Context Area |
| // | // |
| | |
| if (!( _SSLContext = SSL_CTX_new(SSLv23_method()) )) |
if (!( sslContext = SSL_CTX_new(SSLv23_method()) )) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw( SSLException("Could not get SSL CTX")); | throw( SSLException("Could not get SSL CTX")); |
| } | } |
| | |
| #ifdef PEGASUS_OS_HPUX | #ifdef PEGASUS_OS_HPUX |
| if (!(SSL_CTX_set_cipher_list(_SSLContext, SSL_TXT_EXP40))) |
if (!(SSL_CTX_set_cipher_list(sslContext, SSL_TXT_EXP40))) |
| throw( SSLException("Could not set the cipher list")); | throw( SSLException("Could not set the cipher list")); |
| #endif | #endif |
| | |
|
|
|
| // set overall SSL Context flags | // set overall SSL Context flags |
| // | // |
| | |
| SSL_CTX_set_quiet_shutdown(_SSLContext, 1); |
SSL_CTX_set_quiet_shutdown(sslContext, 1); |
| SSL_CTX_set_mode(_SSLContext, SSL_MODE_AUTO_RETRY); |
SSL_CTX_set_mode(sslContext, SSL_MODE_AUTO_RETRY); |
| SSL_CTX_set_options(_SSLContext,SSL_OP_ALL); |
SSL_CTX_set_options(sslContext,SSL_OP_ALL); |
| | |
| #ifdef CLIENT_CERTIFY | #ifdef CLIENT_CERTIFY |
| SSL_CTX_set_verify(_SSLContext, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, |
SSL_CTX_set_verify(sslContext, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, |
| prepareForCallback); | prepareForCallback); |
| #else | #else |
| if (verifyCert != NULL) | if (verifyCert != NULL) |
| { | { |
| SSL_CTX_set_verify(_SSLContext, |
SSL_CTX_set_verify(sslContext, |
| SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, prepareForCallback); | SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, prepareForCallback); |
| } | } |
| #endif | #endif |
|
|
|
| // check certificate given to me | // check certificate given to me |
| // | // |
| | |
| if (!cert_verify(_SSLContext, _certPath, _certPath)) |
if (!cert_verify(sslContext, _certPath, _certPath)) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw( SSLException("Could not get certificate and/or private key")); | throw( SSLException("Could not get certificate and/or private key")); |
| } | } |
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| } |
return sslContext; |
| |
|
| |
|
| // |
|
| // Destructor |
|
| // |
|
| |
|
| SSLContextRep::~SSLContextRep() |
|
| { |
|
| PEG_METHOD_ENTER(TRC_SSL, "SSLContextRep::~SSLContextRep()"); |
|
| |
|
| SSL_CTX_free(_SSLContext); |
|
| |
|
| PEG_METHOD_EXIT(); |
|
| } | } |
| | |
| SSL_CTX * SSLContextRep::getContext() const | SSL_CTX * SSLContextRep::getContext() const |
| { | { |
| return _SSLContext; |
return _sslContext; |
| } | } |
| #else | #else |
| | |
| // | // |
| // these definitions are used if ssl is not availabel |
// these definitions are used if ssl is not available |
| // | // |
| | |
| SSLContextRep::SSLContextRep(const String& certPath, | SSLContextRep::SSLContextRep(const String& certPath, |
| VERIFY_CERTIFICATE verifyCert, |
SSLCertificateVerifyFunction* verifyCert, |
| const String& randomFile, | const String& randomFile, |
| Boolean isCIMClient) {} | Boolean isCIMClient) {} |
| | |
| |
SSLContextRep::SSLContextRep(const SSLContextRep& sslContextRep) {} |
| |
|
| SSLContextRep::~SSLContextRep() {} | SSLContextRep::~SSLContextRep() {} |
| | |
| SSL_CTX * SSLContextRep::getContext() const { return NULL; } |
SSL_CTX * SSLContextRep::_makeSSLContext() { return 0; } |
| |
|
| |
SSL_CTX * SSLContextRep::getContext() const { return 0; } |
| | |
| #endif // end of PEGASUS_HAS_SSL | #endif // end of PEGASUS_HAS_SSL |
| | |
|
|
|
| | |
| SSLContext::SSLContext( | SSLContext::SSLContext( |
| const String& certPath, | const String& certPath, |
| VERIFY_CERTIFICATE verifyCert, |
SSLCertificateVerifyFunction* verifyCert, |
| const String& randomFile, | const String& randomFile, |
| Boolean isCIMClient) | Boolean isCIMClient) |
| { | { |
| _rep = new SSLContextRep(certPath, verifyCert, randomFile, isCIMClient); | _rep = new SSLContextRep(certPath, verifyCert, randomFile, isCIMClient); |
| } | } |
| | |
| |
SSLContext::SSLContext(const SSLContext& sslContext) |
| |
{ |
| |
_rep = new SSLContextRep(*sslContext._rep); |
| |
} |
| |
|
| SSLContext::~SSLContext() | SSLContext::~SSLContext() |
| { | { |
| delete _rep; | delete _rep; |
|
|
|
| | |
| /////////////////////////////////////////////////////////////////////////////// | /////////////////////////////////////////////////////////////////////////////// |
| // | // |
| // CertificateInfo |
// SSLCertificateInfo |
| // | // |
| /////////////////////////////////////////////////////////////////////////////// | /////////////////////////////////////////////////////////////////////////////// |
| | |
| CertificateInfo::CertificateInfo( |
class SSLCertificateInfoRep |
| |
{ |
| |
public: |
| |
String subjectName; |
| |
String issuerName; |
| |
int errorDepth; |
| |
int errorCode; |
| |
int respCode; |
| |
}; |
| |
|
| |
|
| |
SSLCertificateInfo::SSLCertificateInfo( |
| const String subjectName, | const String subjectName, |
| const String issuerName, | const String issuerName, |
| const int errorDepth, | const int errorDepth, |
| const int errorCode) | const int errorCode) |
| : |
|
| _subjectName(subjectName), |
|
| _issuerName(issuerName), |
|
| _errorDepth(errorDepth), |
|
| _errorCode(errorCode) |
|
| { | { |
| _respCode = 0; |
_rep = new SSLCertificateInfoRep(); |
| |
_rep->subjectName = subjectName; |
| |
_rep->issuerName = issuerName; |
| |
_rep->errorDepth = errorDepth; |
| |
_rep->errorCode = errorCode; |
| |
_rep->respCode = 0; |
| |
} |
| |
|
| |
SSLCertificateInfo::SSLCertificateInfo( |
| |
const SSLCertificateInfo& certificateInfo) |
| |
{ |
| |
_rep = new SSLCertificateInfoRep(); |
| |
_rep->subjectName = certificateInfo._rep->subjectName; |
| |
_rep->issuerName = certificateInfo._rep->issuerName; |
| |
_rep->errorDepth = certificateInfo._rep->errorDepth; |
| |
_rep->errorCode = certificateInfo._rep->errorCode; |
| |
_rep->respCode = certificateInfo._rep->respCode; |
| } | } |
| | |
| CertificateInfo::~CertificateInfo() |
SSLCertificateInfo::~SSLCertificateInfo() |
| { | { |
| |
delete _rep; |
| } | } |
| | |
| String CertificateInfo::getSubjectName() const |
String SSLCertificateInfo::getSubjectName() const |
| { | { |
| return (_subjectName); |
return (_rep->subjectName); |
| } | } |
| | |
| String CertificateInfo::getIssuerName() const |
String SSLCertificateInfo::getIssuerName() const |
| { | { |
| return (_issuerName); |
return (_rep->issuerName); |
| } | } |
| | |
| int CertificateInfo::getErrorDepth() const |
int SSLCertificateInfo::getErrorDepth() const |
| { | { |
| return (_errorDepth); |
return (_rep->errorDepth); |
| } | } |
| | |
| int CertificateInfo::getErrorCode() const |
int SSLCertificateInfo::getErrorCode() const |
| { | { |
| return (_errorCode); |
return (_rep->errorCode); |
| } | } |
| | |
| void CertificateInfo::setResponseCode(const int respCode) |
void SSLCertificateInfo::setResponseCode(const int respCode) |
| { | { |
| _respCode = respCode; |
_rep->respCode = respCode; |
| } | } |
| | |
| PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |
Return to
SSLContext.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Common