1 karl 1.18 //%2004////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.13 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 kumpf 1.1 //
10 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
11 kumpf 1.2 // of this software and associated documentation files (the "Software"), to
12 // deal in the Software without restriction, including without limitation the
13 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
14 kumpf 1.1 // sell copies of the Software, and to permit persons to whom the Software is
15 // furnished to do so, subject to the following conditions:
16 //
|
17 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
18 kumpf 1.1 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
19 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
20 kumpf 1.2 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
21 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
23 kumpf 1.1 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
24 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 //
26 //==============================================================================
27 //
28 // Author: Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com )
29 //
|
30 h.sterling 1.14 // Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com)
31 // Heather Sterling, IBM (hsterl@us.ibm.com)
|
32 kumpf 1.1 //
33 //%/////////////////////////////////////////////////////////////////////////////
34
35 #ifdef PEGASUS_HAS_SSL
|
36 mday 1.12 #define OPENSSL_NO_KRB5 1
|
37 kumpf 1.1 #include <openssl/err.h>
38 #include <openssl/ssl.h>
39 #include <openssl/rand.h>
40 #else
41 #define SSL_CTX void
42 #endif
43 #include <Pegasus/Common/SSLContext.h>
|
44 kumpf 1.3 #include <Pegasus/Common/Linkage.h>
|
45 kumpf 1.10 #include <Pegasus/Common/IPC.h>
|
46 kumpf 1.1
47 #ifndef Pegasus_SSLContextRep_h
48 #define Pegasus_SSLContextRep_h
49
50
51 PEGASUS_NAMESPACE_BEGIN
52
53
|
54 kumpf 1.3 class PEGASUS_COMMON_LINKAGE SSLContextRep
|
55 kumpf 1.1 {
|
56 kumpf 1.10 /*
57 SSL locking callback function. It is needed to perform locking on
58 shared data structures.
59
60 This function needs access to variable ssl_locks.
61 Declare it as a friend of class SSLContextRep.
62
63 @param mode Specifies whether to lock/unlock.
64 @param type Type of lock.
65 @param file File name of the function setting the lock.
66 @param line Line number of the function setting the lock.
67 */
68 friend void pegasus_locking_callback(
69 int mode,
70 int type,
71 const char* file,
72 int line);
73
|
74 kumpf 1.1 public:
75
76 /** Constructor for a SSLContextRep object.
|
77 h.sterling 1.14 @param trustStore trust store file path
|
78 kumpf 1.11 @param certPath server certificate file path
79 @param keyPath server key file path
|
80 kumpf 1.1 @param verifyCert function pointer to a certificate verification
81 call back function.
|
82 h.sterling 1.17 @param trustStoreAutoUpdate indicates that the server can automatically add certificates
83 to the truststore if they are sent with valid sslTrustStoreUserName credentials
84 @param trustStoreUserName the user to associate the truststore with; this is basically
85 a workaround to providers that require a username and will be addressed post 2.4
|
86 h.sterling 1.14 @param randomFile file path of a random file that is used as a seed
87 for random number generation by OpenSSL.
88
89 @exception SSLException exception indicating failure to create a context.
90 */
91 SSLContextRep(
92 const String& trustStore,
93 const String& certPath = String::EMPTY,
94 const String& keyPath = String::EMPTY,
95 SSLCertificateVerifyFunction* verifyCert = NULL,
96 Boolean trustStoreAutoUpdate = false,
97 String trustStoreUserName = String::EMPTY,
98 const String& randomFile = String::EMPTY);
99
|
100 kumpf 1.7 SSLContextRep(const SSLContextRep& sslContextRep);
101
|
102 kumpf 1.1 ~SSLContextRep();
103
104 SSL_CTX * getContext() const;
105
|
106 h.sterling 1.14 String getTrustStore() const;
107
108 String getCertPath() const;
109
110 String getKeyPath() const;
111
112 Boolean isPeerVerificationEnabled() const;
113
114 Boolean isTrustStoreAutoUpdateEnabled() const;
115
116 String getTrustStoreUserName() const;
117
|
118 h.sterling 1.16 SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
119
|
120 kumpf 1.10 /*
121 Initialize the SSL locking environment.
122
123 This function sets the locking callback functions.
124 */
125 static void init_ssl();
126
127 /*
128 Cleanup the SSL locking environment.
129 */
130 static void free_ssl();
131
|
132 kumpf 1.1 private:
133
|
134 kumpf 1.7 SSL_CTX * _makeSSLContext();
|
135 kumpf 1.9 void _randomInit(const String& randomFile);
|
136 kumpf 1.15 Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);
|
137 kumpf 1.1
|
138 h.sterling 1.14 String _trustStore;
139 String _certPath;
140 String _keyPath;
|
141 kumpf 1.7 String _randomFile;
142 SSL_CTX * _sslContext;
|
143 h.sterling 1.14
144 Boolean _verifyPeer;
145 Boolean _trustStoreAutoUpdate;
146 String _trustStoreUserName;
|
147 kumpf 1.10
|
148 h.sterling 1.16 SSLCertificateVerifyFunction* _certificateVerifyFunction;
149
|
150 kumpf 1.10 /*
151 Mutex containing the SSL locks.
152 */
153 static Mutex* _sslLocks;
154
155 /*
156 Count for instances of this class. This is used to initialize and free
157 SSL locking objects.
158 */
159 static int _countRep;
160
161 /*
162 Mutex for countRep.
163 */
164 static Mutex _countRepMutex;
|
165 kumpf 1.1 };
166
167 PEGASUS_NAMESPACE_END
168
169 #endif /* Pegasus_SSLContextRep_h */
170
|