1 karl 1.20 //%2005////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.13 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.20 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 kumpf 1.1 //
12 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
13 kumpf 1.2 // of this software and associated documentation files (the "Software"), to
14 // deal in the Software without restriction, including without limitation the
15 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
16 kumpf 1.1 // sell copies of the Software, and to permit persons to whom the Software is
17 // furnished to do so, subject to the following conditions:
18 //
|
19 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
20 kumpf 1.1 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
21 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
22 kumpf 1.2 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
23 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
24 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
25 kumpf 1.1 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 //
28 //==============================================================================
29 //
30 // Author: Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com )
31 //
|
32 h.sterling 1.14 // Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com)
33 // Heather Sterling, IBM (hsterl@us.ibm.com)
|
34 kumpf 1.1 //
35 //%/////////////////////////////////////////////////////////////////////////////
36
37 #ifdef PEGASUS_HAS_SSL
|
38 mday 1.12 #define OPENSSL_NO_KRB5 1
|
39 kumpf 1.1 #include <openssl/err.h>
40 #include <openssl/ssl.h>
41 #include <openssl/rand.h>
42 #else
43 #define SSL_CTX void
44 #endif
45 #include <Pegasus/Common/SSLContext.h>
|
46 kumpf 1.3 #include <Pegasus/Common/Linkage.h>
|
47 kumpf 1.10 #include <Pegasus/Common/IPC.h>
|
48 kumpf 1.1
49 #ifndef Pegasus_SSLContextRep_h
50 #define Pegasus_SSLContextRep_h
51
52
53 PEGASUS_NAMESPACE_BEGIN
54
|
55 dave.sudlik 1.22 class SSLCallbackInfoRep
56 {
57 public:
58 SSLCertificateVerifyFunction* verifyCertificateCallback;
59 SSLCertificateInfo* peerCertificate;
60 X509_STORE* crlStore;
61 };
|
62 kumpf 1.1
|
63 kumpf 1.3 class PEGASUS_COMMON_LINKAGE SSLContextRep
|
64 kumpf 1.1 {
|
65 kumpf 1.10 /*
66 SSL locking callback function. It is needed to perform locking on
67 shared data structures.
68
69 This function needs access to variable ssl_locks.
70 Declare it as a friend of class SSLContextRep.
71
|
72 h.sterling 1.21 @param mode Specifies whether to lock/unlock.
73 @param type Type of lock.
|
74 kumpf 1.10 @param file File name of the function setting the lock.
75 @param line Line number of the function setting the lock.
76 */
77 friend void pegasus_locking_callback(
78 int mode,
79 int type,
80 const char* file,
81 int line);
82
|
83 kumpf 1.1 public:
84
85 /** Constructor for a SSLContextRep object.
|
86 h.sterling 1.14 @param trustStore trust store file path
|
87 kumpf 1.11 @param certPath server certificate file path
88 @param keyPath server key file path
|
89 kumpf 1.1 @param verifyCert function pointer to a certificate verification
90 call back function.
|
91 h.sterling 1.14 @param randomFile file path of a random file that is used as a seed
92 for random number generation by OpenSSL.
93
94 @exception SSLException exception indicating failure to create a context.
95 */
96 SSLContextRep(
97 const String& trustStore,
98 const String& certPath = String::EMPTY,
99 const String& keyPath = String::EMPTY,
|
100 h.sterling 1.21 const String& crlPath = String::EMPTY,
|
101 h.sterling 1.14 SSLCertificateVerifyFunction* verifyCert = NULL,
102 const String& randomFile = String::EMPTY);
103
|
104 kumpf 1.7 SSLContextRep(const SSLContextRep& sslContextRep);
105
|
106 kumpf 1.1 ~SSLContextRep();
107
108 SSL_CTX * getContext() const;
109
|
110 h.sterling 1.14 String getTrustStore() const;
111
112 String getCertPath() const;
113
114 String getKeyPath() const;
115
|
116 dave.sudlik 1.22 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES
117 String getTrustStoreUserName() const;
118 #endif
119
|
120 h.sterling 1.21 String getCRLPath() const;
|
121 h.sterling 1.14
|
122 h.sterling 1.21 X509_STORE* getCRLStore() const;
123
124 void setCRLStore(X509_STORE* store);
|
125 h.sterling 1.14
|
126 h.sterling 1.19 Boolean isPeerVerificationEnabled() const;
|
127 h.sterling 1.14
|
128 h.sterling 1.16 SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
129
|
130 kumpf 1.10 /*
131 Initialize the SSL locking environment.
132
133 This function sets the locking callback functions.
134 */
135 static void init_ssl();
136
137 /*
138 Cleanup the SSL locking environment.
139 */
140 static void free_ssl();
141
|
142 kumpf 1.1 private:
143
|
144 kumpf 1.7 SSL_CTX * _makeSSLContext();
|
145 kumpf 1.9 void _randomInit(const String& randomFile);
|
146 kumpf 1.15 Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);
|
147 kumpf 1.1
|
148 h.sterling 1.14 String _trustStore;
149 String _certPath;
150 String _keyPath;
|
151 h.sterling 1.21 String _crlPath;
|
152 kumpf 1.7 String _randomFile;
153 SSL_CTX * _sslContext;
|
154 h.sterling 1.14
155 Boolean _verifyPeer;
|
156 kumpf 1.10
|
157 h.sterling 1.16 SSLCertificateVerifyFunction* _certificateVerifyFunction;
158
|
159 h.sterling 1.21 X509_STORE* _crlStore;
|
160 h.sterling 1.19
|
161 kumpf 1.10 /*
162 Mutex containing the SSL locks.
163 */
164 static Mutex* _sslLocks;
165
166 /*
167 Count for instances of this class. This is used to initialize and free
168 SSL locking objects.
169 */
170 static int _countRep;
171
172 /*
173 Mutex for countRep.
174 */
175 static Mutex _countRepMutex;
|
176 kumpf 1.1 };
177
178 PEGASUS_NAMESPACE_END
179
180 #endif /* Pegasus_SSLContextRep_h */
181
|