1 karl  1.20 //%2005////////////////////////////////////////////////////////////////////////

  2 kumpf 1.1  //

  3 karl  1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
  4            // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
  5            // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;

  6 karl  1.13 // IBM Corp.; EMC Corporation, The Open Group.

  7 karl  1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
  8            // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

  9 karl  1.20 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
 10            // EMC Corporation; VERITAS Software Corporation; The Open Group.

 11 kumpf 1.1  //
 12            // Permission is hereby granted, free of charge, to any person obtaining a copy

 13 kumpf 1.2  // of this software and associated documentation files (the "Software"), to
 14            // deal in the Software without restriction, including without limitation the
 15            // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

 16 kumpf 1.1  // sell copies of the Software, and to permit persons to whom the Software is
 17            // furnished to do so, subject to the following conditions:
 18            // 

 19 kumpf 1.2  // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

 20 kumpf 1.1  // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
 21            // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

 22 kumpf 1.2  // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 23            // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 24            // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

 25 kumpf 1.1  // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 26            // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 27            //
 28            //==============================================================================
 29            //
 30            // Author: Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com )
 31            //

 32 h.sterling 1.14 // Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com)
 33                 //              Heather Sterling, IBM (hsterl@us.ibm.com)

 34 kumpf      1.1  //
 35                 //%/////////////////////////////////////////////////////////////////////////////
 36                 
 37                 #ifdef PEGASUS_HAS_SSL

 38 mday       1.12 #define OPENSSL_NO_KRB5 1 

 39 kumpf      1.1  #include <openssl/err.h>
 40                 #include <openssl/ssl.h>
 41                 #include <openssl/rand.h>
 42                 #else
 43                 #define SSL_CTX void
 44                 #endif
 45                 #include <Pegasus/Common/SSLContext.h>

 46 kumpf      1.3  #include <Pegasus/Common/Linkage.h>

 47 kumpf      1.10 #include <Pegasus/Common/IPC.h>

 48 kumpf      1.1  
 49                 #ifndef Pegasus_SSLContextRep_h
 50                 #define Pegasus_SSLContextRep_h
 51                 
 52                 
 53                 PEGASUS_NAMESPACE_BEGIN
 54                 
 55                 

 56 kumpf      1.3  class PEGASUS_COMMON_LINKAGE SSLContextRep

 57 kumpf      1.1  {

 58 kumpf      1.10     /*
 59                     SSL locking callback function. It is needed to perform locking on 
 60                     shared data structures.
 61                 
 62                     This function needs access to variable ssl_locks.
 63                     Declare it as a friend of class SSLContextRep.
 64                 
 65                     @param mode 	Specifies whether to lock/unlock.
 66                     @param type	Type of lock.
 67                     @param file      File name of the function setting the lock.
 68                     @param line      Line number of the function setting the lock.
 69                     */
 70                     friend void pegasus_locking_callback(
 71                                       int       mode,
 72                                       int       type,
 73                                       const     char* file,
 74                                       int       line);
 75                 

 76 kumpf      1.1  public:
 77                 
 78                     /** Constructor for a SSLContextRep object.

 79 h.sterling 1.14     @param trustStore  trust store file path

 80 kumpf      1.11     @param certPath  server certificate file path
 81                     @param keyPath  server key file path

 82 kumpf      1.1      @param verifyCert  function pointer to a certificate verification
 83                     call back function.

 84 h.sterling 1.14     @param randomFile  file path of a random file that is used as a seed
 85                     for random number generation by OpenSSL.
 86                 
 87                     @exception SSLException  exception indicating failure to create a context.
 88                     */
 89                     SSLContextRep(
 90                         const String& trustStore,
 91                         const String& certPath = String::EMPTY,
 92                         const String& keyPath = String::EMPTY,

 93 h.sterling 1.19 		const String& crlPath = String::EMPTY,

 94 h.sterling 1.14         SSLCertificateVerifyFunction* verifyCert = NULL,
 95                         const String& randomFile = String::EMPTY);
 96                 

 97 kumpf      1.7      SSLContextRep(const SSLContextRep& sslContextRep);
 98                 

 99 kumpf      1.1      ~SSLContextRep();
100                 
101                     SSL_CTX * getContext() const;
102                 

103 h.sterling 1.14     String getTrustStore() const;
104                 
105                     String getCertPath() const;
106                 
107                     String getKeyPath() const;
108                 

109 h.sterling 1.19 	String getCRLPath() const;

110 h.sterling 1.14 

111 h.sterling 1.19 	X509_STORE* getCRLStore() const;

112 h.sterling 1.14 

113 h.sterling 1.19     Boolean isPeerVerificationEnabled() const;

114 h.sterling 1.14 

115 h.sterling 1.16     SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
116                 

117 kumpf      1.10     /*
118                     Initialize the SSL locking environment. 
119                          
120                     This function sets the locking callback functions.
121                     */
122                     static void init_ssl();
123                 
124                     /*
125                     Cleanup the SSL locking environment.
126                     */
127                     static void free_ssl();
128                 

129 kumpf      1.1  private:
130                 

131 kumpf      1.7      SSL_CTX * _makeSSLContext();

132 kumpf      1.9      void _randomInit(const String& randomFile);

133 kumpf      1.15     Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);

134 kumpf      1.1  

135 h.sterling 1.14     String _trustStore;
136                     String _certPath;
137                     String _keyPath;

138 h.sterling 1.19 	String _crlPath;

139 kumpf      1.7      String _randomFile;
140                     SSL_CTX * _sslContext;

141 h.sterling 1.14 
142                     Boolean _verifyPeer;

143 kumpf      1.10 

144 h.sterling 1.16     SSLCertificateVerifyFunction* _certificateVerifyFunction;
145                 

146 h.sterling 1.19 	X509_STORE* _crlStore;
147                 

148 kumpf      1.10     /*
149                        Mutex containing the SSL locks.
150                     */
151                     static Mutex* _sslLocks;
152                 
153                     /*
154                        Count for instances of this class. This is used to initialize and free
155                        SSL locking objects.
156                     */
157                     static int _countRep;
158                 
159                     /*
160                        Mutex for countRep.
161                     */
162                     static Mutex _countRepMutex;

163 kumpf      1.1  };
164                 
165                 PEGASUS_NAMESPACE_END
166                 
167                 #endif /* Pegasus_SSLContextRep_h */
168