1 karl 1.25 //%2006////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.13 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.20 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.25 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 kumpf 1.1 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
15 kumpf 1.2 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
18 kumpf 1.1 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
|
21 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
22 kumpf 1.1 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
24 kumpf 1.2 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
27 kumpf 1.1 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
34 #ifdef PEGASUS_HAS_SSL
|
35 kumpf 1.28 #define OPENSSL_NO_KRB5 1
|
36 kumpf 1.1 #include <openssl/err.h>
37 #include <openssl/ssl.h>
38 #include <openssl/rand.h>
39 #else
40 #define SSL_CTX void
41 #endif
42 #include <Pegasus/Common/SSLContext.h>
|
43 kumpf 1.3 #include <Pegasus/Common/Linkage.h>
|
44 mike 1.27 #include <Pegasus/Common/Mutex.h>
|
45 kumpf 1.1
46 #ifndef Pegasus_SSLContextRep_h
47 #define Pegasus_SSLContextRep_h
48
49
50 PEGASUS_NAMESPACE_BEGIN
51
|
52 dave.sudlik 1.22 class SSLCallbackInfoRep
53 {
54 public:
55 SSLCertificateVerifyFunction* verifyCertificateCallback;
|
56 h.sterling 1.24 Array<SSLCertificateInfo*> peerCertificate;
|
57 dave.sudlik 1.22 X509_STORE* crlStore;
|
58 sushma.fernandes 1.29
59 String ipAddress;
60
61 friend class SSLCallback;
62
63 friend class SSLCallbackInfo;
|
64 dave.sudlik 1.22 };
|
65 kumpf 1.1
|
66 mike 1.26 class SSLContextRep
|
67 kumpf 1.1 {
|
68 kumpf 1.10 /*
|
69 kumpf 1.28 SSL locking callback function. It is needed to perform locking on
|
70 kumpf 1.10 shared data structures.
71
72 This function needs access to variable ssl_locks.
73 Declare it as a friend of class SSLContextRep.
74
|
75 h.sterling 1.21 @param mode Specifies whether to lock/unlock.
76 @param type Type of lock.
|
77 kumpf 1.10 @param file File name of the function setting the lock.
78 @param line Line number of the function setting the lock.
79 */
80 friend void pegasus_locking_callback(
81 int mode,
82 int type,
83 const char* file,
84 int line);
85
|
86 kumpf 1.1 public:
87
88 /** Constructor for a SSLContextRep object.
|
89 h.sterling 1.14 @param trustStore trust store file path
|
90 kumpf 1.11 @param certPath server certificate file path
91 @param keyPath server key file path
|
92 kumpf 1.1 @param verifyCert function pointer to a certificate verification
93 call back function.
|
94 h.sterling 1.14 @param randomFile file path of a random file that is used as a seed
95 for random number generation by OpenSSL.
96
97 @exception SSLException exception indicating failure to create a context.
98 */
99 SSLContextRep(
100 const String& trustStore,
101 const String& certPath = String::EMPTY,
102 const String& keyPath = String::EMPTY,
|
103 h.sterling 1.21 const String& crlPath = String::EMPTY,
|
104 h.sterling 1.14 SSLCertificateVerifyFunction* verifyCert = NULL,
105 const String& randomFile = String::EMPTY);
106
|
107 kumpf 1.7 SSLContextRep(const SSLContextRep& sslContextRep);
108
|
109 kumpf 1.1 ~SSLContextRep();
110
111 SSL_CTX * getContext() const;
112
|
113 h.sterling 1.14 String getTrustStore() const;
114
115 String getCertPath() const;
116
117 String getKeyPath() const;
118
|
119 dave.sudlik 1.22 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES
|
120 kumpf 1.28 String getTrustStoreUserName() const;
|
121 dave.sudlik 1.22 #endif
122
|
123 h.sterling 1.21 String getCRLPath() const;
|
124 h.sterling 1.14
|
125 h.sterling 1.21 X509_STORE* getCRLStore() const;
126
127 void setCRLStore(X509_STORE* store);
|
128 h.sterling 1.14
|
129 h.sterling 1.19 Boolean isPeerVerificationEnabled() const;
|
130 h.sterling 1.14
|
131 h.sterling 1.16 SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
132
|
133 aruran.ms 1.23 private:
134
135 SSL_CTX * _makeSSLContext();
136 void _randomInit(const String& randomFile);
137 Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);
138
|
139 kumpf 1.10 /*
|
140 kumpf 1.28 Initialize the SSL locking environment.
141
|
142 kumpf 1.10 This function sets the locking callback functions.
143 */
144 static void init_ssl();
145
146 /*
147 Cleanup the SSL locking environment.
148 */
149 static void free_ssl();
150
|
151 h.sterling 1.14 String _trustStore;
152 String _certPath;
153 String _keyPath;
|
154 h.sterling 1.21 String _crlPath;
|
155 kumpf 1.7 String _randomFile;
156 SSL_CTX * _sslContext;
|
157 h.sterling 1.14
158 Boolean _verifyPeer;
|
159 kumpf 1.10
|
160 h.sterling 1.16 SSLCertificateVerifyFunction* _certificateVerifyFunction;
161
|
162 h.sterling 1.21 X509_STORE* _crlStore;
|
163 h.sterling 1.19
|
164 kumpf 1.10 /*
165 Mutex containing the SSL locks.
166 */
|
167 aruran.ms 1.23 static AutoArrayPtr<Mutex> _sslLocks;
|
168 kumpf 1.10
169 /*
170 Count for instances of this class. This is used to initialize and free
171 SSL locking objects.
172 */
173 static int _countRep;
174
175 /*
176 Mutex for countRep.
177 */
178 static Mutex _countRepMutex;
|
179 kumpf 1.1 };
180
181 PEGASUS_NAMESPACE_END
182
183 #endif /* Pegasus_SSLContextRep_h */
184
|