1 karl 1.13 //%2003////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.13 // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Development
4 // Company, L. P., IBM Corp., The Open Group, Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.;
6 // IBM Corp.; EMC Corporation, The Open Group.
|
7 kumpf 1.1 //
8 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
9 kumpf 1.2 // of this software and associated documentation files (the "Software"), to
10 // deal in the Software without restriction, including without limitation the
11 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
12 kumpf 1.1 // sell copies of the Software, and to permit persons to whom the Software is
13 // furnished to do so, subject to the following conditions:
14 //
|
15 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
16 kumpf 1.1 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
17 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
18 kumpf 1.2 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
19 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
21 kumpf 1.1 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 //
24 //==============================================================================
25 //
26 // Author: Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com )
27 //
|
28 h.sterling 1.13.4.1 // Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com)
29 // Heather Sterling, IBM (hsterl@us.ibm.com)
|
30 kumpf 1.1 //
31 //%/////////////////////////////////////////////////////////////////////////////
32
33 #ifdef PEGASUS_HAS_SSL
|
34 mday 1.12 #define OPENSSL_NO_KRB5 1
|
35 kumpf 1.1 #include <openssl/err.h>
36 #include <openssl/ssl.h>
37 #include <openssl/rand.h>
38 #else
39 #define SSL_CTX void
40 #endif
41 #include <Pegasus/Common/SSLContext.h>
|
42 kumpf 1.3 #include <Pegasus/Common/Linkage.h>
|
43 kumpf 1.10 #include <Pegasus/Common/IPC.h>
|
44 kumpf 1.1
45 #ifndef Pegasus_SSLContextRep_h
46 #define Pegasus_SSLContextRep_h
47
48
49 PEGASUS_NAMESPACE_BEGIN
50
51
|
52 kumpf 1.3 class PEGASUS_COMMON_LINKAGE SSLContextRep
|
53 kumpf 1.1 {
|
54 kumpf 1.10 /*
55 SSL locking callback function. It is needed to perform locking on
56 shared data structures.
57
58 This function needs access to variable ssl_locks.
59 Declare it as a friend of class SSLContextRep.
60
|
61 h.sterling 1.13.4.1 @param mode Specifies whether to lock/unlock.
62 @param type Type of lock.
|
63 kumpf 1.10 @param file File name of the function setting the lock.
64 @param line Line number of the function setting the lock.
65 */
66 friend void pegasus_locking_callback(
67 int mode,
68 int type,
69 const char* file,
70 int line);
71
|
72 kumpf 1.1 public:
73
|
74 h.sterling 1.13.4.2 /** Constructor for a SSLContextRep object.
75 @param trustStore trust store file path
|
76 kumpf 1.11 @param certPath server certificate file path
77 @param keyPath server key file path
|
78 kumpf 1.1 @param verifyCert function pointer to a certificate verification
79 call back function.
80 @param randomFile file path of a random file that is used as a seed
81 for random number generation by OpenSSL.
82
|
83 kumpf 1.4 @exception SSLException exception indicating failure to create a context.
|
84 kumpf 1.1 */
85 SSLContextRep(
|
86 h.sterling 1.13.4.2 const String& trustStore,
|
87 kumpf 1.11 const String& certPath = String::EMPTY,
88 const String& keyPath = String::EMPTY,
|
89 kumpf 1.7 SSLCertificateVerifyFunction* verifyCert = NULL,
|
90 kumpf 1.8 const String& randomFile = String::EMPTY);
|
91 kumpf 1.1
|
92 h.sterling 1.13.4.2 #ifdef PEGASUS_USE_232_CLIENT_VERIFICATION
93 SSLContextRep(
94 const String& trustStore,
95 const String& certPath = String::EMPTY,
96 const String& keyPath = String::EMPTY,
97 SSLCertificateVerifyFunction* verifyCert = NULL,
98 Boolean trustStoreAutoUpdate = false,
99 Boolean failIfNoPeerCert = false,
100 const String& randomFile = String::EMPTY);
101 #endif
102
|
103 kumpf 1.7 SSLContextRep(const SSLContextRep& sslContextRep);
104
|
105 kumpf 1.1 ~SSLContextRep();
106
107 SSL_CTX * getContext() const;
|
108 h.sterling 1.13.4.1
|
109 h.sterling 1.13.4.2 #ifdef PEGASUS_USE_232_CLIENT_VERIFICATION
110 CString getTrustStore() const;
|
111 h.sterling 1.13.4.1
112 CString getCertPath() const;
113
114 CString getKeyPath() const;
|
115 kumpf 1.1
|
116 h.sterling 1.13.4.2 Boolean isPeerVerificationEnabled() const;
117
118 Boolean isTrustStoreAutoUpdateEnabled() const;
119
120 #endif
121
|
122 kumpf 1.10 /*
123 Initialize the SSL locking environment.
124
125 This function sets the locking callback functions.
126 */
127 static void init_ssl();
128
129 /*
130 Cleanup the SSL locking environment.
131 */
132 static void free_ssl();
133
|
134 kumpf 1.1 private:
135
|
136 kumpf 1.7 SSL_CTX * _makeSSLContext();
|
137 kumpf 1.9 void _randomInit(const String& randomFile);
138 Boolean _verifyPrivateKey(SSL_CTX *ctx, const char *keyFilePath);
|
139 kumpf 1.1
|
140 h.sterling 1.13.4.2 CString _trustStore;
|
141 kumpf 1.6 CString _certPath;
|
142 kumpf 1.11 CString _keyPath;
|
143 kumpf 1.7 String _randomFile;
144 SSL_CTX * _sslContext;
|
145 h.sterling 1.13.4.2
146 #ifdef PEGASUS_USE_232_CLIENT_VERIFICATION
147 Boolean _verifyPeer;
148 Boolean _trustStoreAutoUpdate;
149 Boolean _failIfNoPeerCert;
150 #endif
|
151 kumpf 1.10
152 /*
153 Mutex containing the SSL locks.
154 */
155 static Mutex* _sslLocks;
156
157 /*
158 Count for instances of this class. This is used to initialize and free
159 SSL locking objects.
160 */
161 static int _countRep;
162
163 /*
164 Mutex for countRep.
165 */
166 static Mutex _countRepMutex;
|
167 kumpf 1.1 };
168
169 PEGASUS_NAMESPACE_END
170
171 #endif /* Pegasus_SSLContextRep_h */
172
|