|
version 1.7, 2002/09/06 00:19:38
|
version 1.33, 2008/05/29 17:17:02
|
|
|
|
| //%///////////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
| // | // |
| // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM, |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
| // The Open Group, Tivoli Systems |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
| |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
| |
// IBM Corp.; EMC Corporation, The Open Group. |
| |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
| |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
| |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
| |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
| |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
| |
// EMC Corporation; Symantec Corporation; The Open Group. |
| // | // |
| // Permission is hereby granted, free of charge, to any person obtaining a copy | // Permission is hereby granted, free of charge, to any person obtaining a copy |
| // of this software and associated documentation files (the "Software"), to | // of this software and associated documentation files (the "Software"), to |
|
|
|
| // | // |
| //============================================================================== | //============================================================================== |
| // | // |
| // Author: Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com ) |
|
| // |
|
| // Modified By: |
|
| // |
|
| //%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| | |
| |
#ifndef Pegasus_SSLContextRep_h |
| |
#define Pegasus_SSLContextRep_h |
| |
|
| #ifdef PEGASUS_HAS_SSL | #ifdef PEGASUS_HAS_SSL |
| |
# define OPENSSL_NO_KRB5 1 |
| #include <openssl/err.h> | #include <openssl/err.h> |
| #include <openssl/ssl.h> | #include <openssl/ssl.h> |
| #include <openssl/rand.h> | #include <openssl/rand.h> |
| #else | #else |
| #define SSL_CTX void | #define SSL_CTX void |
| #endif | #endif |
| #include <Pegasus/Common/SSLContext.h> |
|
| #include <Pegasus/Common/Linkage.h> |
|
| | |
| #ifndef Pegasus_SSLContextRep_h |
#include <Pegasus/Common/SSLContext.h> |
| #define Pegasus_SSLContextRep_h |
#include <Pegasus/Common/Mutex.h> |
| |
#include <Pegasus/Common/Threads.h> |
| |
#include <Pegasus/Common/Tracer.h> |
| |
#include <Pegasus/Common/AutoPtr.h> |
| |
#include <Pegasus/Common/SharedPtr.h> |
| | |
| |
// |
| |
// Typedef's for OpenSSL callback functions. |
| |
// |
| |
extern "C" |
| |
{ |
| |
typedef void (* CRYPTO_SET_LOCKING_CALLBACK)(int, int, const char *, int); |
| |
typedef unsigned long (* CRYPTO_SET_ID_CALLBACK)(void); |
| |
}; |
| | |
| PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| | |
| |
struct FreeX509STOREPtr |
| |
{ |
| |
void operator()(X509_STORE* ptr) |
| |
{ |
| |
#ifdef PEGASUS_HAS_SSL |
| |
X509_STORE_free(ptr); |
| |
#endif |
| |
} |
| |
}; |
| |
|
| |
#ifdef PEGASUS_HAS_SSL |
| | |
| class PEGASUS_COMMON_LINKAGE SSLContextRep |
class SSLEnvironmentInitializer |
| |
{ |
| |
public: |
| |
|
| |
SSLEnvironmentInitializer() |
| |
{ |
| |
AutoMutex autoMut(_instanceCountMutex); |
| |
|
| |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| |
"In SSLEnvironmentInitializer(), _instanceCount is %d", |
| |
_instanceCount)); |
| |
|
| |
if (_instanceCount == 0) |
| |
{ |
| |
_initializeCallbacks(); |
| |
SSL_load_error_strings(); |
| |
SSL_library_init(); |
| |
} |
| |
|
| |
_instanceCount++; |
| |
} |
| |
|
| |
~SSLEnvironmentInitializer() |
| |
{ |
| |
AutoMutex autoMut(_instanceCountMutex); |
| |
_instanceCount--; |
| |
|
| |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| |
"In ~SSLEnvironmentInitializer(), _instanceCount is %d", |
| |
_instanceCount)); |
| |
|
| |
if (_instanceCount == 0) |
| |
{ |
| |
ERR_free_strings(); |
| |
_uninitializeCallbacks(); |
| |
} |
| |
} |
| |
|
| |
private: |
| |
|
| |
SSLEnvironmentInitializer(const SSLEnvironmentInitializer&); |
| |
SSLEnvironmentInitializer& operator=(const SSLEnvironmentInitializer&); |
| |
|
| |
/* |
| |
Initialize the SSL locking and ID callbacks. |
| |
*/ |
| |
static void _initializeCallbacks() |
| |
{ |
| |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| |
"Initializing SSL callbacks."); |
| |
|
| |
// Allocate Memory for _sslLocks. SSL locks needs to be able to handle |
| |
// up to CRYPTO_num_locks() different mutex locks. |
| |
|
| |
_sslLocks.reset(new Mutex[CRYPTO_num_locks()]); |
| |
|
| |
# if defined(PEGASUS_HAVE_PTHREADS) && !defined(PEGASUS_OS_VMS) |
| |
// Set the ID callback. The ID callback returns a thread ID. |
| |
CRYPTO_set_id_callback((CRYPTO_SET_ID_CALLBACK) pthread_self); |
| |
# endif |
| |
|
| |
// Set the locking callback. |
| |
|
| |
CRYPTO_set_locking_callback( |
| |
(CRYPTO_SET_LOCKING_CALLBACK) _lockingCallback); |
| |
} |
| |
|
| |
/* |
| |
Reset the SSL locking and ID callbacks. |
| |
*/ |
| |
static void _uninitializeCallbacks() |
| |
{ |
| |
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "Resetting SSL callbacks."); |
| |
CRYPTO_set_locking_callback(NULL); |
| |
CRYPTO_set_id_callback(NULL); |
| |
_sslLocks.reset(); |
| |
} |
| |
|
| |
static void _lockingCallback( |
| |
int mode, |
| |
int type, |
| |
const char* file, |
| |
int line) |
| |
{ |
| |
if (mode & CRYPTO_LOCK) |
| |
{ |
| |
_sslLocks.get()[type].lock(); |
| |
} |
| |
else |
| |
{ |
| |
_sslLocks.get()[type].unlock(); |
| |
} |
| |
} |
| |
|
| |
/** |
| |
Locks to be used by SSL. |
| |
*/ |
| |
static AutoArrayPtr<Mutex> _sslLocks; |
| |
|
| |
/** |
| |
Count of the instances of this class. The SSL environment must be |
| |
initialized when the first SSLEnvironmentInitializer is constructed. |
| |
It must be uninitialized when the last SSLEnvironmentInitializer is |
| |
destructed. |
| |
*/ |
| |
static int _instanceCount; |
| |
|
| |
/** |
| |
Mutex for controlling access to _instanceCount. |
| |
*/ |
| |
static Mutex _instanceCountMutex; |
| |
}; |
| |
|
| |
#endif |
| |
|
| |
class SSLCallbackInfoRep |
| |
{ |
| |
public: |
| |
SSLCertificateVerifyFunction* verifyCertificateCallback; |
| |
Array<SSLCertificateInfo*> peerCertificate; |
| |
X509_STORE* crlStore; |
| |
|
| |
String ipAddress; |
| |
|
| |
friend class SSLCallback; |
| |
|
| |
friend class SSLCallbackInfo; |
| |
}; |
| |
|
| |
class SSLContextRep |
| { | { |
| public: | public: |
| | |
| /** Constructor for a SSLContextRep object. | /** Constructor for a SSLContextRep object. |
| @param certPath certificate file path |
@param trustStore trust store file path |
| |
@param certPath server certificate file path |
| |
@param keyPath server key file path |
| @param verifyCert function pointer to a certificate verification | @param verifyCert function pointer to a certificate verification |
| call back function. | call back function. |
| @param randomFile file path of a random file that is used as a seed | @param randomFile file path of a random file that is used as a seed |
| for random number generation by OpenSSL. | for random number generation by OpenSSL. |
| @param isCIMClient flag indicating that the context is created by |
|
| the client. |
|
| | |
| @exception SSLException exception indicating failure to create a context. | @exception SSLException exception indicating failure to create a context. |
| */ | */ |
| SSLContextRep( | SSLContextRep( |
| const String& certPath, |
const String& trustStore, |
| |
const String& certPath = String::EMPTY, |
| |
const String& keyPath = String::EMPTY, |
| |
const String& crlPath = String::EMPTY, |
| SSLCertificateVerifyFunction* verifyCert = NULL, | SSLCertificateVerifyFunction* verifyCert = NULL, |
| const String& randomFile = String::EMPTY, |
const String& randomFile = String::EMPTY); |
| Boolean isCIMClient = false); |
|
| | |
| SSLContextRep(const SSLContextRep& sslContextRep); | SSLContextRep(const SSLContextRep& sslContextRep); |
| | |
|
|
|
| | |
| SSL_CTX * getContext() const; | SSL_CTX * getContext() const; |
| | |
| |
String getTrustStore() const; |
| |
|
| |
String getCertPath() const; |
| |
|
| |
String getKeyPath() const; |
| |
|
| |
#ifdef PEGASUS_USE_DEPRECATED_INTERFACES |
| |
String getTrustStoreUserName() const; |
| |
#endif |
| |
|
| |
String getCRLPath() const; |
| |
|
| |
SharedPtr<X509_STORE, FreeX509STOREPtr> getCRLStore() const; |
| |
|
| |
void setCRLStore(X509_STORE* store); |
| |
|
| |
Boolean isPeerVerificationEnabled() const; |
| |
|
| |
SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const; |
| |
|
| |
/** |
| |
Checks if the certificate associated with this SSL context has expired |
| |
or is not yet valid. |
| |
@exception SSLException if the certificate is determined to be invalid. |
| |
*/ |
| |
void validateCertificate(); |
| |
|
| private: | private: |
| | |
| |
#ifdef PEGASUS_HAS_SSL |
| |
/** |
| |
Ensures that the SSL environment remains initialized for the lifetime |
| |
of the SSLContextRep object. |
| |
*/ |
| |
SSLEnvironmentInitializer _env; |
| |
#endif |
| |
|
| SSL_CTX * _makeSSLContext(); | SSL_CTX * _makeSSLContext(); |
| |
void _randomInit(const String& randomFile); |
| |
Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath); |
| | |
| CString _certPath; |
String _trustStore; |
| |
String _certPath; |
| |
String _keyPath; |
| |
String _crlPath; |
| String _randomFile; | String _randomFile; |
| Boolean _isCIMClient; |
|
| SSL_CTX * _sslContext; | SSL_CTX * _sslContext; |
| |
|
| |
Boolean _verifyPeer; |
| |
|
| |
SSLCertificateVerifyFunction* _certificateVerifyFunction; |
| |
|
| |
SharedPtr<X509_STORE, FreeX509STOREPtr> _crlStore; |
| }; | }; |
| | |
| PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |
| | |
| #endif /* Pegasus_SSLContextRep_h */ | #endif /* Pegasus_SSLContextRep_h */ |
| |
|
Return to
SSLContextRep.h
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Common