1 karl  1.25 //%2006////////////////////////////////////////////////////////////////////////

  2 kumpf 1.1  //

  3 karl  1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
  4            // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
  5            // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;

  6 karl  1.13 // IBM Corp.; EMC Corporation, The Open Group.

  7 karl  1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
  8            // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

  9 karl  1.20 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
 10            // EMC Corporation; VERITAS Software Corporation; The Open Group.

 11 karl  1.25 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
 12            // EMC Corporation; Symantec Corporation; The Open Group.

 13 kumpf 1.1  //
 14            // Permission is hereby granted, free of charge, to any person obtaining a copy

 15 kumpf 1.2  // of this software and associated documentation files (the "Software"), to
 16            // deal in the Software without restriction, including without limitation the
 17            // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

 18 kumpf 1.1  // sell copies of the Software, and to permit persons to whom the Software is
 19            // furnished to do so, subject to the following conditions:
 20            // 

 21 kumpf 1.2  // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

 22 kumpf 1.1  // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
 23            // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

 24 kumpf 1.2  // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 25            // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 26            // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

 27 kumpf 1.1  // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 28            // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 29            //
 30            //==============================================================================
 31            //
 32            //%/////////////////////////////////////////////////////////////////////////////
 33            
 34            #ifdef PEGASUS_HAS_SSL

 35 kumpf 1.28 #define OPENSSL_NO_KRB5 1

 36 kumpf 1.1  #include <openssl/err.h>
 37            #include <openssl/ssl.h>
 38            #include <openssl/rand.h>
 39            #else
 40            #define SSL_CTX void
 41            #endif
 42            #include <Pegasus/Common/SSLContext.h>

 43 kumpf 1.3  #include <Pegasus/Common/Linkage.h>

 44 mike  1.27 #include <Pegasus/Common/Mutex.h>

 45 kumpf 1.1  
 46            #ifndef Pegasus_SSLContextRep_h
 47            #define Pegasus_SSLContextRep_h
 48            
 49            
 50            PEGASUS_NAMESPACE_BEGIN
 51            

 52 dave.sudlik 1.22 class SSLCallbackInfoRep
 53                  {
 54                  public:
 55                      SSLCertificateVerifyFunction* verifyCertificateCallback;

 56 h.sterling  1.24     Array<SSLCertificateInfo*> peerCertificate;

 57 dave.sudlik 1.22     X509_STORE* crlStore;

 58 sushma.fernandes 1.29 
 59                           String ipAddress;
 60                       
 61                           friend class SSLCallback;
 62                       
 63                           friend class SSLCallbackInfo;

 64 dave.sudlik      1.22 };

 65 kumpf            1.1  

 66 mike             1.26 class SSLContextRep

 67 kumpf            1.1  {

 68 kumpf            1.10     /*

 69 kumpf            1.28     SSL locking callback function. It is needed to perform locking on

 70 kumpf            1.10     shared data structures.
 71                       
 72                           This function needs access to variable ssl_locks.
 73                           Declare it as a friend of class SSLContextRep.
 74                       

 75 h.sterling       1.21     @param mode     Specifies whether to lock/unlock.
 76                           @param type Type of lock.

 77 kumpf            1.10     @param file      File name of the function setting the lock.
 78                           @param line      Line number of the function setting the lock.
 79                           */
 80                           friend void pegasus_locking_callback(
 81                                             int       mode,
 82                                             int       type,
 83                                             const     char* file,
 84                                             int       line);
 85                       

 86 kumpf            1.1  public:
 87                       
 88                           /** Constructor for a SSLContextRep object.

 89 h.sterling       1.14     @param trustStore  trust store file path

 90 kumpf            1.11     @param certPath  server certificate file path
 91                           @param keyPath  server key file path

 92 kumpf            1.1      @param verifyCert  function pointer to a certificate verification
 93                           call back function.

 94 h.sterling       1.14     @param randomFile  file path of a random file that is used as a seed
 95                           for random number generation by OpenSSL.
 96                       
 97                           @exception SSLException  exception indicating failure to create a context.
 98                           */
 99                           SSLContextRep(
100                               const String& trustStore,
101                               const String& certPath = String::EMPTY,
102                               const String& keyPath = String::EMPTY,

103 h.sterling       1.21         const String& crlPath = String::EMPTY,

104 h.sterling       1.14         SSLCertificateVerifyFunction* verifyCert = NULL,
105                               const String& randomFile = String::EMPTY);
106                       

107 kumpf            1.7      SSLContextRep(const SSLContextRep& sslContextRep);
108                       

109 kumpf            1.1      ~SSLContextRep();
110                       
111                           SSL_CTX * getContext() const;
112                       

113 h.sterling       1.14     String getTrustStore() const;
114                       
115                           String getCertPath() const;
116                       
117                           String getKeyPath() const;
118                       

119 dave.sudlik      1.22 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES

120 kumpf            1.28     String getTrustStoreUserName() const;

121 dave.sudlik      1.22 #endif
122                       

123 h.sterling       1.21     String getCRLPath() const;

124 h.sterling       1.14 

125 h.sterling       1.21     X509_STORE* getCRLStore() const;
126                       
127                           void setCRLStore(X509_STORE* store);

128 h.sterling       1.14 

129 h.sterling       1.19     Boolean isPeerVerificationEnabled() const;

130 h.sterling       1.14 

131 h.sterling       1.16     SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
132                       

133 aruran.ms        1.23 private:
134                       
135                           SSL_CTX * _makeSSLContext();
136                           void _randomInit(const String& randomFile);
137                           Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);
138                       

139 kumpf            1.10     /*

140 kumpf            1.28     Initialize the SSL locking environment.
141                       

142 kumpf            1.10     This function sets the locking callback functions.
143                           */
144                           static void init_ssl();
145                       
146                           /*
147                           Cleanup the SSL locking environment.
148                           */
149                           static void free_ssl();
150                       

151 h.sterling       1.14     String _trustStore;
152                           String _certPath;
153                           String _keyPath;

154 h.sterling       1.21     String _crlPath;

155 kumpf            1.7      String _randomFile;
156                           SSL_CTX * _sslContext;

157 h.sterling       1.14 
158                           Boolean _verifyPeer;

159 kumpf            1.10 

160 h.sterling       1.16     SSLCertificateVerifyFunction* _certificateVerifyFunction;
161                       

162 h.sterling       1.21     X509_STORE* _crlStore;

163 h.sterling       1.19 

164 kumpf            1.10     /*
165                              Mutex containing the SSL locks.
166                           */

167 aruran.ms        1.23     static AutoArrayPtr<Mutex> _sslLocks;

168 kumpf            1.10 
169                           /*
170                              Count for instances of this class. This is used to initialize and free
171                              SSL locking objects.
172                           */
173                           static int _countRep;
174                       
175                           /*
176                              Mutex for countRep.
177                           */
178                           static Mutex _countRepMutex;

179 kumpf            1.1  };
180                       
181                       PEGASUS_NAMESPACE_END
182                       
183                       #endif /* Pegasus_SSLContextRep_h */
184