1 karl  1.18 //%2004////////////////////////////////////////////////////////////////////////

  2 kumpf 1.1  //

  3 karl  1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
  4            // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
  5            // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;

  6 karl  1.13 // IBM Corp.; EMC Corporation, The Open Group.

  7 karl  1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
  8            // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

  9 kumpf 1.1  //
 10            // Permission is hereby granted, free of charge, to any person obtaining a copy

 11 kumpf 1.2  // of this software and associated documentation files (the "Software"), to
 12            // deal in the Software without restriction, including without limitation the
 13            // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

 14 kumpf 1.1  // sell copies of the Software, and to permit persons to whom the Software is
 15            // furnished to do so, subject to the following conditions:
 16            // 

 17 kumpf 1.2  // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

 18 kumpf 1.1  // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
 19            // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

 20 kumpf 1.2  // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 21            // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 22            // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

 23 kumpf 1.1  // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 24            // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 25            //
 26            //==============================================================================
 27            //
 28            // Author: Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com )
 29            //

 30 h.sterling 1.14 // Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com)
 31                 //              Heather Sterling, IBM (hsterl@us.ibm.com)

 32 kumpf      1.1  //
 33                 //%/////////////////////////////////////////////////////////////////////////////
 34                 
 35                 #ifdef PEGASUS_HAS_SSL

 36 mday       1.12 #define OPENSSL_NO_KRB5 1 

 37 kumpf      1.1  #include <openssl/err.h>
 38                 #include <openssl/ssl.h>
 39                 #include <openssl/rand.h>
 40                 #else
 41                 #define SSL_CTX void
 42                 #endif
 43                 #include <Pegasus/Common/SSLContext.h>

 44 kumpf      1.3  #include <Pegasus/Common/Linkage.h>

 45 kumpf      1.10 #include <Pegasus/Common/IPC.h>

 46 kumpf      1.1  
 47                 #ifndef Pegasus_SSLContextRep_h
 48                 #define Pegasus_SSLContextRep_h
 49                 
 50                 
 51                 PEGASUS_NAMESPACE_BEGIN
 52                 
 53                 

 54 kumpf      1.3  class PEGASUS_COMMON_LINKAGE SSLContextRep

 55 kumpf      1.1  {

 56 kumpf      1.10     /*
 57                     SSL locking callback function. It is needed to perform locking on 
 58                     shared data structures.
 59                 
 60                     This function needs access to variable ssl_locks.
 61                     Declare it as a friend of class SSLContextRep.
 62                 
 63                     @param mode 	Specifies whether to lock/unlock.
 64                     @param type	Type of lock.
 65                     @param file      File name of the function setting the lock.
 66                     @param line      Line number of the function setting the lock.
 67                     */
 68                     friend void pegasus_locking_callback(
 69                                       int       mode,
 70                                       int       type,
 71                                       const     char* file,
 72                                       int       line);
 73                 

 74 kumpf      1.1  public:
 75                 
 76                     /** Constructor for a SSLContextRep object.

 77 h.sterling 1.14     @param trustStore  trust store file path

 78 kumpf      1.11     @param certPath  server certificate file path
 79                     @param keyPath  server key file path

 80 kumpf      1.1      @param verifyCert  function pointer to a certificate verification
 81                     call back function.

 82 h.sterling 1.17 	@param trustStoreAutoUpdate indicates that the server can automatically add certificates
 83                 	to the truststore if they are sent with valid sslTrustStoreUserName credentials
 84                 	@param trustStoreUserName the user to associate the truststore with; this is basically
 85                 	a workaround to providers that require a username and will be addressed post 2.4

 86 h.sterling 1.14     @param randomFile  file path of a random file that is used as a seed
 87                     for random number generation by OpenSSL.
 88                 
 89                     @exception SSLException  exception indicating failure to create a context.
 90                     */
 91                     SSLContextRep(
 92                         const String& trustStore,
 93                         const String& certPath = String::EMPTY,
 94                         const String& keyPath = String::EMPTY,
 95                         SSLCertificateVerifyFunction* verifyCert = NULL,
 96                         Boolean trustStoreAutoUpdate = false,
 97                 		String trustStoreUserName = String::EMPTY,
 98                         const String& randomFile = String::EMPTY);
 99                 

100 kumpf      1.7      SSLContextRep(const SSLContextRep& sslContextRep);
101                 

102 kumpf      1.1      ~SSLContextRep();
103                 
104                     SSL_CTX * getContext() const;
105                 

106 h.sterling 1.14     String getTrustStore() const;
107                 
108                     String getCertPath() const;
109                 
110                     String getKeyPath() const;
111                 
112                     Boolean isPeerVerificationEnabled() const;
113                 
114                     Boolean isTrustStoreAutoUpdateEnabled() const;
115                 
116                 	String getTrustStoreUserName() const;
117                 

118 h.sterling 1.16     SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
119                 

120 kumpf      1.10     /*
121                     Initialize the SSL locking environment. 
122                          
123                     This function sets the locking callback functions.
124                     */
125                     static void init_ssl();
126                 
127                     /*
128                     Cleanup the SSL locking environment.
129                     */
130                     static void free_ssl();
131                 

132 kumpf      1.1  private:
133                 

134 kumpf      1.7      SSL_CTX * _makeSSLContext();

135 kumpf      1.9      void _randomInit(const String& randomFile);

136 kumpf      1.15     Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);

137 kumpf      1.1  

138 h.sterling 1.14     String _trustStore;
139                     String _certPath;
140                     String _keyPath;

141 kumpf      1.7      String _randomFile;
142                     SSL_CTX * _sslContext;

143 h.sterling 1.14 
144                     Boolean _verifyPeer;
145                     Boolean _trustStoreAutoUpdate;
146                 	String _trustStoreUserName;

147 kumpf      1.10 

148 h.sterling 1.16     SSLCertificateVerifyFunction* _certificateVerifyFunction;
149                 

150 kumpf      1.10     /*
151                        Mutex containing the SSL locks.
152                     */
153                     static Mutex* _sslLocks;
154                 
155                     /*
156                        Count for instances of this class. This is used to initialize and free
157                        SSL locking objects.
158                     */
159                     static int _countRep;
160                 
161                     /*
162                        Mutex for countRep.
163                     */
164                     static Mutex _countRepMutex;

165 kumpf      1.1  };
166                 
167                 PEGASUS_NAMESPACE_END
168                 
169                 #endif /* Pegasus_SSLContextRep_h */
170