(file) Return to SSLContextRep.h CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Pegasus / Common 
  1 karl  1.25 //%2006////////////////////////////////////////////////////////////////////////

  2 kumpf 1.1  //

  3 karl  1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
  4            // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
  5            // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;

  6 karl  1.13 // IBM Corp.; EMC Corporation, The Open Group.

  7 karl  1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
  8            // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

  9 karl  1.20 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
 10            // EMC Corporation; VERITAS Software Corporation; The Open Group.

 11 karl  1.25 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
 12            // EMC Corporation; Symantec Corporation; The Open Group.

 13 kumpf 1.1  //
 14            // Permission is hereby granted, free of charge, to any person obtaining a copy

 15 kumpf 1.2  // of this software and associated documentation files (the "Software"), to
 16            // deal in the Software without restriction, including without limitation the
 17            // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

 18 kumpf 1.1  // sell copies of the Software, and to permit persons to whom the Software is
 19            // furnished to do so, subject to the following conditions:
 20            // 

 21 kumpf 1.2  // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

 22 kumpf 1.1  // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
 23            // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

 24 kumpf 1.2  // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 25            // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 26            // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

 27 kumpf 1.1  // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 28            // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 29            //
 30            //==============================================================================
 31            //
 32            //%/////////////////////////////////////////////////////////////////////////////
 33            
 34            #ifdef PEGASUS_HAS_SSL

 35 kumpf 1.28 #define OPENSSL_NO_KRB5 1

 36 kumpf 1.1  #include <openssl/err.h>
 37            #include <openssl/ssl.h>
 38            #include <openssl/rand.h>
 39            #else
 40            #define SSL_CTX void
 41            #endif
 42            #include <Pegasus/Common/SSLContext.h>

 43 kumpf 1.3  #include <Pegasus/Common/Linkage.h>

 44 mike  1.27 #include <Pegasus/Common/Mutex.h>

 45 kumpf 1.1  
 46            #ifndef Pegasus_SSLContextRep_h
 47            #define Pegasus_SSLContextRep_h
 48            
 49            
 50            PEGASUS_NAMESPACE_BEGIN
 51            

 52 dave.sudlik 1.22 class SSLCallbackInfoRep
 53                  {
 54                  public:
 55                      SSLCertificateVerifyFunction* verifyCertificateCallback;

 56 h.sterling  1.24     Array<SSLCertificateInfo*> peerCertificate;

 57 dave.sudlik 1.22     X509_STORE* crlStore;
 58                  };

 59 kumpf       1.1  

 60 mike        1.26 class SSLContextRep

 61 kumpf       1.1  {

 62 kumpf       1.10     /*

 63 kumpf       1.28     SSL locking callback function. It is needed to perform locking on

 64 kumpf       1.10     shared data structures.
 65                  
 66                      This function needs access to variable ssl_locks.
 67                      Declare it as a friend of class SSLContextRep.
 68                  

 69 h.sterling  1.21     @param mode     Specifies whether to lock/unlock.
 70                      @param type Type of lock.

 71 kumpf       1.10     @param file      File name of the function setting the lock.
 72                      @param line      Line number of the function setting the lock.
 73                      */
 74                      friend void pegasus_locking_callback(
 75                                        int       mode,
 76                                        int       type,
 77                                        const     char* file,
 78                                        int       line);
 79                  

 80 kumpf       1.1  public:
 81                  
 82                      /** Constructor for a SSLContextRep object.

 83 h.sterling  1.14     @param trustStore  trust store file path

 84 kumpf       1.11     @param certPath  server certificate file path
 85                      @param keyPath  server key file path

 86 kumpf       1.1      @param verifyCert  function pointer to a certificate verification
 87                      call back function.

 88 h.sterling  1.14     @param randomFile  file path of a random file that is used as a seed
 89                      for random number generation by OpenSSL.
 90                  
 91                      @exception SSLException  exception indicating failure to create a context.
 92                      */
 93                      SSLContextRep(
 94                          const String& trustStore,
 95                          const String& certPath = String::EMPTY,
 96                          const String& keyPath = String::EMPTY,

 97 h.sterling  1.21         const String& crlPath = String::EMPTY,

 98 h.sterling  1.14         SSLCertificateVerifyFunction* verifyCert = NULL,
 99                          const String& randomFile = String::EMPTY);
100                  

101 kumpf       1.7      SSLContextRep(const SSLContextRep& sslContextRep);
102                  

103 kumpf       1.1      ~SSLContextRep();
104                  
105                      SSL_CTX * getContext() const;
106                  

107 h.sterling  1.14     String getTrustStore() const;
108                  
109                      String getCertPath() const;
110                  
111                      String getKeyPath() const;
112                  

113 dave.sudlik 1.22 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES

114 kumpf       1.28     String getTrustStoreUserName() const;

115 dave.sudlik 1.22 #endif
116                  

117 h.sterling  1.21     String getCRLPath() const;

118 h.sterling  1.14 

119 h.sterling  1.21     X509_STORE* getCRLStore() const;
120                  
121                      void setCRLStore(X509_STORE* store);

122 h.sterling  1.14 

123 h.sterling  1.19     Boolean isPeerVerificationEnabled() const;

124 h.sterling  1.14 

125 h.sterling  1.16     SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
126                  

127 aruran.ms   1.23 private:
128                  
129                      SSL_CTX * _makeSSLContext();
130                      void _randomInit(const String& randomFile);
131                      Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);
132                  

133 kumpf       1.10     /*

134 kumpf       1.28     Initialize the SSL locking environment.
135                  

136 kumpf       1.10     This function sets the locking callback functions.
137                      */
138                      static void init_ssl();
139                  
140                      /*
141                      Cleanup the SSL locking environment.
142                      */
143                      static void free_ssl();
144                  

145 h.sterling  1.14     String _trustStore;
146                      String _certPath;
147                      String _keyPath;

148 h.sterling  1.21     String _crlPath;

149 kumpf       1.7      String _randomFile;
150                      SSL_CTX * _sslContext;

151 h.sterling  1.14 
152                      Boolean _verifyPeer;

153 kumpf       1.10 

154 h.sterling  1.16     SSLCertificateVerifyFunction* _certificateVerifyFunction;
155                  

156 h.sterling  1.21     X509_STORE* _crlStore;

157 h.sterling  1.19 

158 kumpf       1.10     /*
159                         Mutex containing the SSL locks.
160                      */

161 aruran.ms   1.23     static AutoArrayPtr<Mutex> _sslLocks;

162 kumpf       1.10 
163                      /*
164                         Count for instances of this class. This is used to initialize and free
165                         SSL locking objects.
166                      */
167                      static int _countRep;
168                  
169                      /*
170                         Mutex for countRep.
171                      */
172                      static Mutex _countRepMutex;

173 kumpf       1.1  };
174                  
175                  PEGASUS_NAMESPACE_END
176                  
177                  #endif /* Pegasus_SSLContextRep_h */
178
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2