![]() ![]() |
![]() |
File: [Pegasus] / pegasus / src / Pegasus / Common / SSLContext.h
(download)
Revision: 1.16, Wed Oct 22 13:26:04 2003 UTC (20 years, 8 months ago) by karl Branch: MAIN CVS Tags: RELEASE_2_3_0-root, RELEASE_2_3_0-branch, POST_LICENSE_UPDATE_2003 Changes since 1.15: +5 -3 lines PEP 55 Update license on source files to current license text and date |
//%2003//////////////////////////////////////////////////////////////////////// // // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Development // Company, L. P., IBM Corp., The Open Group, Tivoli Systems. // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.; // IBM Corp.; EMC Corporation, The Open Group. // // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to // deal in the Software without restriction, including without limitation the // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or // sell copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // //============================================================================== // // Author: Markus Mueller (sedgewick_de@yahoo.de) // // Modified By: Nag Boranna, Hewlett-Packard Company (nagaraja_boranna@hp.com) // Roger Kumpf, Hewlett-Packard Company (roger_kumpf@hp.com) // //%///////////////////////////////////////////////////////////////////////////// #ifndef Pegasus_SSLContext_h #define Pegasus_SSLContext_h #include <Pegasus/Common/CIMDateTime.h> #include <Pegasus/Common/Config.h> #include <Pegasus/Common/String.h> #include <Pegasus/Common/Exception.h> #include <Pegasus/Common/Linkage.h> typedef struct x509_store_ctx_st X509_STORE_CTX; PEGASUS_NAMESPACE_BEGIN class SSLCertificateInfoRep; class SSLContextRep; class SSLSocket; class CIMServer; class CIMxmlIndicationHandler; /** This class provides the interface that a client gets as argument to certificate verification call back function. */ class PEGASUS_COMMON_LINKAGE SSLCertificateInfo { public: // // Certificate validation result codes. // static const int V_OK; static const int V_ERR_UNABLE_TO_GET_ISSUER_CERT; static const int V_ERR_UNABLE_TO_GET_CRL; static const int V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE; static const int V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE; static const int V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; static const int V_ERR_CERT_SIGNATURE_FAILURE; static const int V_ERR_CRL_SIGNATURE_FAILURE; static const int V_ERR_CERT_NOT_YET_VALID; static const int V_ERR_CERT_HAS_EXPIRED; static const int V_ERR_CRL_NOT_YET_VALID; static const int V_ERR_CRL_HAS_EXPIRED; static const int V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; static const int V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; static const int V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; static const int V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; static const int V_ERR_OUT_OF_MEM; static const int V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; static const int V_ERR_SELF_SIGNED_CERT_IN_CHAIN; static const int V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; static const int V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; static const int V_ERR_CERT_CHAIN_TOO_LONG; static const int V_ERR_CERT_REVOKED; static const int V_ERR_INVALID_CA; static const int V_ERR_PATH_LENGTH_EXCEEDED; static const int V_ERR_INVALID_PURPOSE; static const int V_ERR_CERT_UNTRUSTED; static const int V_ERR_CERT_REJECTED; static const int V_ERR_SUBJECT_ISSUER_MISMATCH; static const int V_ERR_AKID_SKID_MISMATCH; static const int V_ERR_AKID_ISSUER_SERIAL_MISMATCH; static const int V_ERR_KEYUSAGE_NO_CERTSIGN; static const int V_ERR_APPLICATION_VERIFICATION; /** Constructor for a SSLCertificateInfo object. Note: Do not use this constructor, instead use the private constructor. The constructor is not for client applications use, it is intended to be used only by the CIMServer. @param subjectName subject name of the certificate. @param issuerName issuer name of the certificate. @param errorDepth depth of the certificate chain. @param errorCode error code from the default verification of the certificate by the OpenSSL library. @param respCode result code from the default verification of the certificate by the OpenSSL library. */ SSLCertificateInfo( const String subjectName, const String issuerName, const int errorDepth, const int errorCode, const int respCode); /** Copy constructor for a SSLCertificateInfo object. @param certificateInfo SSLCertificateInfo object to copy */ SSLCertificateInfo(const SSLCertificateInfo& certificateInfo); ~SSLCertificateInfo(); /** Gets the subject name of the certificate. @return a string containing the subject name. */ String getSubjectName() const; /** Gets the issuer name of the certificate. @return a string containing the issuer name. */ String getIssuerName() const; /** Gets the notAfter date from the validity period of the certificate. @return a CIMDateTime containing the notAfter date. */ CIMDateTime getNotAfter() const; /** Gets the notBefore date from the validity period of the certificate. @return a CIMDateTime containing the notBefore date. */ CIMDateTime getNotBefore() const; /** Gets the version (version number) from the certificate. @return a int containing the version. */ Uint32 getVersionNumber() const; /** Gets the serialNumber value from the certificate. @return a long integer containing the serial number. */ long getSerialNumber() const; /** Gets the depth of the certificate chain. @return an int containing the depth of the certificate chain */ Uint32 getErrorDepth() const; /** Gets the pre-verify error code. @return an int containing the pre-verify error code */ Uint32 getErrorCode() const; /** Sets the error code. @param errorCode error code to be set */ void setErrorCode(const int errorCode); /** Gets the pre-verify error string. @return a string containing the pre-verify error string */ String getErrorString() const; /** Gets the pre-verify response code. @return an int containing the pre-verify response code */ Uint32 getResponseCode() const; /** Sets the response code. Note: Do not use this function, the value set using this function is ignored. @param respCode response code to be set. */ void setResponseCode(const int respCode); private: /** Constructor for a SSLCertificateInfo object. @param subjectName subject name of the certificate. @param issuerName issuer name of the certificate. @param version version number value from the certificate. @param serailNumber serial number value from the certificate. @param notAfter notAfter date from the validity period of the certificate. @param notBefore notBefore date from the validity period of the certificate. @param depth depth of the certificate chain. @param errorCode error code from the default verification of the certificate by the OpenSSL library. @param errorString error message from the default verification of the certificate by the Open SSL library. @param respCode result code from the default verification of the certificate by the OpenSSL library. */ SSLCertificateInfo( const String subjectName, const String issuerName, const Uint32 versionNumber, const long serialNumber, const CIMDateTime notBefore, const CIMDateTime notAfter, const Uint32 depth, const Uint32 errorCode, const String errorString, const Uint32 respCode); SSLCertificateInfo(); SSLCertificateInfoRep* _rep; friend int prepareForCallback(int, X509_STORE_CTX*); }; typedef Boolean (SSLCertificateVerifyFunction) (SSLCertificateInfo &certInfo); /** This class provides the interface that a client uses to create SSL context. For the OSs that don't have /dev/random device file, must enable PEGASUS_SSL_RANDOMFILE flag and pass random file name to constructor. */ class PEGASUS_COMMON_LINKAGE SSLContext { public: /** Constructor for a SSLContext object. @param trustPath file path of the trust store @param verifyCert function pointer to a certificate verification call back function. A null pointer indicates that no callback is requested for certificate verification. @param randomFile file path of a random file that is used as a seed for random number generation by OpenSSL. @exception SSLException indicates failure to create an SSL context. */ SSLContext( const String& trustPath, SSLCertificateVerifyFunction* verifyCert, const String& randomFile = String::EMPTY); #ifndef PEGASUS_REMOVE_DEPRECATED SSLContext( const String& certPath, SSLCertificateVerifyFunction* verifyCert, const String& randomFile, Boolean isCIMClient); #endif SSLContext(const SSLContext& sslContext); ~SSLContext(); private: /** Constructor for a SSLContext object. This constructor is intended to be used by the CIMServer only. @param trustPath file path of the trust store. @param certPath file path of the server certificate. @param KeyPath file path of the private key. @param verifyCert function pointer to a certificate verification call back function. A null pointer indicates that no callback is requested for certificate verification. @param randomFile file path of a random file that is used as a seed for random number generation by OpenSSL. @exception SSLException indicates failure to create an SSL context. */ SSLContext( const String& trustPath, const String& certPath, const String& keyPath, SSLCertificateVerifyFunction* verifyCert, const String& randomFile); #ifndef PEGASUS_REMOVE_DEPRECATED SSLContext( const String& certPath, const String& certKeyPath, SSLCertificateVerifyFunction* verifyCert, const String& randomFile); #endif SSLContext(); SSLContextRep* _rep; friend class SSLSocket; friend class CIMServer; friend class CIMxmlIndicationHandler; }; PEGASUS_NAMESPACE_END #endif /* Pegasus_SSLContext_h */
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |