version 1.15, 2004/05/21 20:57:00
|
version 1.23.2.1, 2006/02/10 16:09:38
|
|
|
//%2003//////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Development |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Company, L. P., IBM Corp., The Open Group, Tivoli Systems. |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.; | // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.; |
// IBM Corp.; EMC Corporation, The Open Group. | // IBM Corp.; EMC Corporation, The Open Group. |
|
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; Symantec Corporation; The Open Group. |
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a copy | // Permission is hereby granted, free of charge, to any person obtaining a copy |
// of this software and associated documentation files (the "Software"), to | // of this software and associated documentation files (the "Software"), to |
|
|
// | // |
// Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com) | // Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com) |
// Heather Sterling, IBM (hsterl@us.ibm.com) | // Heather Sterling, IBM (hsterl@us.ibm.com) |
|
// Aruran, IBM (ashanmug@in.ibm.com) for Bug#4422 |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
|
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
|
class SSLCallbackInfoRep |
|
{ |
|
public: |
|
SSLCertificateVerifyFunction* verifyCertificateCallback; |
|
Array<SSLCertificateInfo*> peerCertificate; |
|
X509_STORE* crlStore; |
|
}; |
| |
class PEGASUS_COMMON_LINKAGE SSLContextRep | class PEGASUS_COMMON_LINKAGE SSLContextRep |
{ | { |
|
|
const String& trustStore, | const String& trustStore, |
const String& certPath = String::EMPTY, | const String& certPath = String::EMPTY, |
const String& keyPath = String::EMPTY, | const String& keyPath = String::EMPTY, |
|
const String& crlPath = String::EMPTY, |
SSLCertificateVerifyFunction* verifyCert = NULL, | SSLCertificateVerifyFunction* verifyCert = NULL, |
const String& randomFile = String::EMPTY); | const String& randomFile = String::EMPTY); |
| |
#ifdef PEGASUS_USE_SSL_CLIENT_VERIFICATION |
|
//ATTN: We may need to make this more robust to cover the different variations of SSLContexts |
|
|
|
/** Constructor for a SSLContextRep object. |
|
@param trustStore trust store file path |
|
@param certPath server certificate file path |
|
@param keyPath server key file path |
|
@param verifyCert function pointer to a certificate verification |
|
call back function. |
|
@param randomFile file path of a random file that is used as a seed |
|
for random number generation by OpenSSL. |
|
|
|
@exception SSLException exception indicating failure to create a context. |
|
*/ |
|
SSLContextRep( |
|
const String& trustStore, |
|
const String& certPath = String::EMPTY, |
|
const String& keyPath = String::EMPTY, |
|
SSLCertificateVerifyFunction* verifyCert = NULL, |
|
Boolean trustStoreAutoUpdate = false, |
|
String trustStoreUserName = String::EMPTY, |
|
const String& randomFile = String::EMPTY); |
|
#endif |
|
|
|
SSLContextRep(const SSLContextRep& sslContextRep); | SSLContextRep(const SSLContextRep& sslContextRep); |
| |
~SSLContextRep(); | ~SSLContextRep(); |
|
|
| |
String getKeyPath() const; | String getKeyPath() const; |
| |
|
#ifdef PEGASUS_USE_DEPRECATED_INTERFACES |
|
String getTrustStoreUserName() const; |
|
#endif |
|
|
|
String getCRLPath() const; |
|
|
|
X509_STORE* getCRLStore() const; |
|
|
|
void setCRLStore(X509_STORE* store); |
|
|
Boolean isPeerVerificationEnabled() const; | Boolean isPeerVerificationEnabled() const; |
| |
Boolean isTrustStoreAutoUpdateEnabled() const; |
SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const; |
| |
String getTrustStoreUserName() const; |
private: |
|
|
|
SSL_CTX * _makeSSLContext(); |
|
void _randomInit(const String& randomFile); |
|
Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath); |
| |
/* | /* |
Initialize the SSL locking environment. | Initialize the SSL locking environment. |
|
|
*/ | */ |
static void free_ssl(); | static void free_ssl(); |
| |
private: |
|
|
|
SSL_CTX * _makeSSLContext(); |
|
void _randomInit(const String& randomFile); |
|
Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath); |
|
|
|
String _trustStore; | String _trustStore; |
String _certPath; | String _certPath; |
String _keyPath; | String _keyPath; |
|
String _crlPath; |
String _randomFile; | String _randomFile; |
SSL_CTX * _sslContext; | SSL_CTX * _sslContext; |
| |
Boolean _verifyPeer; | Boolean _verifyPeer; |
Boolean _trustStoreAutoUpdate; |
|
String _trustStoreUserName; |
SSLCertificateVerifyFunction* _certificateVerifyFunction; |
|
|
|
X509_STORE* _crlStore; |
| |
/* | /* |
Mutex containing the SSL locks. | Mutex containing the SSL locks. |
*/ | */ |
static Mutex* _sslLocks; |
static AutoArrayPtr<Mutex> _sslLocks; |
| |
/* | /* |
Count for instances of this class. This is used to initialize and free | Count for instances of this class. This is used to initialize and free |