1 karl  1.25 //%2006////////////////////////////////////////////////////////////////////////

  2 kumpf 1.1  //

  3 karl  1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
  4            // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
  5            // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;

  6 karl  1.13 // IBM Corp.; EMC Corporation, The Open Group.

  7 karl  1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
  8            // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

  9 karl  1.20 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
 10            // EMC Corporation; VERITAS Software Corporation; The Open Group.

 11 karl  1.25 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
 12            // EMC Corporation; Symantec Corporation; The Open Group.

 13 kumpf 1.1  //
 14            // Permission is hereby granted, free of charge, to any person obtaining a copy

 15 kumpf 1.2  // of this software and associated documentation files (the "Software"), to
 16            // deal in the Software without restriction, including without limitation the
 17            // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

 18 kumpf 1.1  // sell copies of the Software, and to permit persons to whom the Software is
 19            // furnished to do so, subject to the following conditions:
 20            // 

 21 kumpf 1.2  // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

 22 kumpf 1.1  // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
 23            // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

 24 kumpf 1.2  // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 25            // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 26            // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

 27 kumpf 1.1  // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 28            // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 29            //
 30            //==============================================================================
 31            //
 32            // Author: Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com )
 33            //

 34 h.sterling 1.14 // Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com)
 35                 //              Heather Sterling, IBM (hsterl@us.ibm.com)

 36 aruran.ms  1.23 //              Aruran, IBM (ashanmug@in.ibm.com) for Bug#4422

 37 kumpf      1.1  //
 38                 //%/////////////////////////////////////////////////////////////////////////////
 39                 
 40                 #ifdef PEGASUS_HAS_SSL

 41 mday       1.12 #define OPENSSL_NO_KRB5 1 

 42 kumpf      1.1  #include <openssl/err.h>
 43                 #include <openssl/ssl.h>
 44                 #include <openssl/rand.h>
 45                 #else
 46                 #define SSL_CTX void
 47                 #endif
 48                 #include <Pegasus/Common/SSLContext.h>

 49 kumpf      1.3  #include <Pegasus/Common/Linkage.h>

 50 kumpf      1.10 #include <Pegasus/Common/IPC.h>

 51 kumpf      1.1  
 52                 #ifndef Pegasus_SSLContextRep_h
 53                 #define Pegasus_SSLContextRep_h
 54                 
 55                 
 56                 PEGASUS_NAMESPACE_BEGIN
 57                 

 58 dave.sudlik 1.22 class SSLCallbackInfoRep
 59                  {
 60                  public:
 61                      SSLCertificateVerifyFunction* verifyCertificateCallback;

 62 h.sterling  1.24     Array<SSLCertificateInfo*> peerCertificate;

 63 dave.sudlik 1.22     X509_STORE* crlStore;
 64                  };

 65 kumpf       1.1  

 66 kumpf       1.3  class PEGASUS_COMMON_LINKAGE SSLContextRep

 67 kumpf       1.1  {

 68 kumpf       1.10     /*
 69                      SSL locking callback function. It is needed to perform locking on 
 70                      shared data structures.
 71                  
 72                      This function needs access to variable ssl_locks.
 73                      Declare it as a friend of class SSLContextRep.
 74                  

 75 h.sterling  1.21     @param mode     Specifies whether to lock/unlock.
 76                      @param type Type of lock.

 77 kumpf       1.10     @param file      File name of the function setting the lock.
 78                      @param line      Line number of the function setting the lock.
 79                      */
 80                      friend void pegasus_locking_callback(
 81                                        int       mode,
 82                                        int       type,
 83                                        const     char* file,
 84                                        int       line);
 85                  

 86 kumpf       1.1  public:
 87                  
 88                      /** Constructor for a SSLContextRep object.

 89 h.sterling  1.14     @param trustStore  trust store file path

 90 kumpf       1.11     @param certPath  server certificate file path
 91                      @param keyPath  server key file path

 92 kumpf       1.1      @param verifyCert  function pointer to a certificate verification
 93                      call back function.

 94 h.sterling  1.14     @param randomFile  file path of a random file that is used as a seed
 95                      for random number generation by OpenSSL.
 96                  
 97                      @exception SSLException  exception indicating failure to create a context.
 98                      */
 99                      SSLContextRep(
100                          const String& trustStore,
101                          const String& certPath = String::EMPTY,
102                          const String& keyPath = String::EMPTY,

103 h.sterling  1.21         const String& crlPath = String::EMPTY,

104 h.sterling  1.14         SSLCertificateVerifyFunction* verifyCert = NULL,
105                          const String& randomFile = String::EMPTY);
106                  

107 kumpf       1.7      SSLContextRep(const SSLContextRep& sslContextRep);
108                  

109 kumpf       1.1      ~SSLContextRep();
110                  
111                      SSL_CTX * getContext() const;
112                  

113 h.sterling  1.14     String getTrustStore() const;
114                  
115                      String getCertPath() const;
116                  
117                      String getKeyPath() const;
118                  

119 dave.sudlik 1.22 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES
120                  	String getTrustStoreUserName() const;
121                  #endif
122                  

123 h.sterling  1.21     String getCRLPath() const;

124 h.sterling  1.14 

125 h.sterling  1.21     X509_STORE* getCRLStore() const;
126                  
127                      void setCRLStore(X509_STORE* store);

128 h.sterling  1.14 

129 h.sterling  1.19     Boolean isPeerVerificationEnabled() const;

130 h.sterling  1.14 

131 h.sterling  1.16     SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
132                  

133 aruran.ms   1.23 private:
134                  
135                      SSL_CTX * _makeSSLContext();
136                      void _randomInit(const String& randomFile);
137                      Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);
138                  

139 kumpf       1.10     /*
140                      Initialize the SSL locking environment. 
141                           
142                      This function sets the locking callback functions.
143                      */
144                      static void init_ssl();
145                  
146                      /*
147                      Cleanup the SSL locking environment.
148                      */
149                      static void free_ssl();
150                  

151 h.sterling  1.14     String _trustStore;
152                      String _certPath;
153                      String _keyPath;

154 h.sterling  1.21     String _crlPath;

155 kumpf       1.7      String _randomFile;
156                      SSL_CTX * _sslContext;

157 h.sterling  1.14 
158                      Boolean _verifyPeer;

159 kumpf       1.10 

160 h.sterling  1.16     SSLCertificateVerifyFunction* _certificateVerifyFunction;
161                  

162 h.sterling  1.21     X509_STORE* _crlStore;

163 h.sterling  1.19 

164 kumpf       1.10     /*
165                         Mutex containing the SSL locks.
166                      */

167 aruran.ms   1.23     static AutoArrayPtr<Mutex> _sslLocks;

168 kumpf       1.10 
169                      /*
170                         Count for instances of this class. This is used to initialize and free
171                         SSL locking objects.
172                      */
173                      static int _countRep;
174                  
175                      /*
176                         Mutex for countRep.
177                      */
178                      static Mutex _countRepMutex;

179 kumpf       1.1  };
180                  
181                  PEGASUS_NAMESPACE_END
182                  
183                  #endif /* Pegasus_SSLContextRep_h */
184