1 karl 1.25 //%2006////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.13 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.20 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.25 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 kumpf 1.1 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
15 kumpf 1.2 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
18 kumpf 1.1 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
|
21 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
22 kumpf 1.1 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
24 kumpf 1.2 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
27 kumpf 1.1 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
|
34 kumpf 1.30 #ifndef Pegasus_SSLContextRep_h
35 #define Pegasus_SSLContextRep_h
36
|
37 kumpf 1.1 #ifdef PEGASUS_HAS_SSL
|
38 kumpf 1.30 # define OPENSSL_NO_KRB5 1
39 # include <openssl/err.h>
40 # include <openssl/ssl.h>
41 # include <openssl/rand.h>
|
42 kumpf 1.1 #else
|
43 kumpf 1.30 # define SSL_CTX void
|
44 kumpf 1.1 #endif
|
45 kumpf 1.30
|
46 kumpf 1.1 #include <Pegasus/Common/SSLContext.h>
|
47 kumpf 1.3 #include <Pegasus/Common/Linkage.h>
|
48 mike 1.27 #include <Pegasus/Common/Mutex.h>
|
49 kumpf 1.31 #include <Pegasus/Common/Threads.h>
50 #include <Pegasus/Common/Tracer.h>
|
51 kumpf 1.30 #include <Pegasus/Common/AutoPtr.h>
52 #include <Pegasus/Common/SharedPtr.h>
|
53 kumpf 1.1
|
54 kumpf 1.31 //
55 // Typedef's for OpenSSL callback functions.
56 //
57 extern "C"
58 {
59 typedef void (* CRYPTO_SET_LOCKING_CALLBACK)(int, int, const char *, int);
60 typedef unsigned long (* CRYPTO_SET_ID_CALLBACK)(void);
61 };
62
|
63 kumpf 1.30 PEGASUS_NAMESPACE_BEGIN
|
64 kumpf 1.1
|
65 kumpf 1.30 struct FreeX509STOREPtr
66 {
67 void operator()(X509_STORE* ptr)
68 {
69 #ifdef PEGASUS_HAS_SSL
70 X509_STORE_free(ptr);
71 #endif
72 }
73 };
|
74 kumpf 1.1
|
75 kumpf 1.31 #ifdef PEGASUS_HAS_SSL
76
77 class SSLEnvironmentInitializer
78 {
79 public:
80
81 SSLEnvironmentInitializer()
82 {
83 AutoMutex autoMut(_instanceCountMutex);
84
85 PEG_TRACE((TRC_SSL, Tracer::LEVEL4,
86 "In SSLEnvironmentInitializer(), _instanceCount is %d",
87 _instanceCount));
88
89 if (_instanceCount == 0)
90 {
91 _initializeCallbacks();
92 SSL_load_error_strings();
93 SSL_library_init();
94 }
95
96 kumpf 1.31 _instanceCount++;
97 }
98
99 ~SSLEnvironmentInitializer()
100 {
101 AutoMutex autoMut(_instanceCountMutex);
102 _instanceCount--;
103
104 PEG_TRACE((TRC_SSL, Tracer::LEVEL4,
105 "In ~SSLEnvironmentInitializer(), _instanceCount is %d",
106 _instanceCount));
107
108 if (_instanceCount == 0)
109 {
110 ERR_free_strings();
111 _uninitializeCallbacks();
112 }
113 }
114
115 private:
116
117 kumpf 1.31 SSLEnvironmentInitializer(const SSLEnvironmentInitializer&);
118 SSLEnvironmentInitializer& operator=(const SSLEnvironmentInitializer&);
119
120 /*
121 Initialize the SSL locking and ID callbacks.
122 */
123 static void _initializeCallbacks()
124 {
125 PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
126 "Initializing SSL callbacks.");
127
128 // Allocate Memory for _sslLocks. SSL locks needs to be able to handle
129 // up to CRYPTO_num_locks() different mutex locks.
130
131 _sslLocks.reset(new Mutex[CRYPTO_num_locks()]);
132
133 # if defined(PEGASUS_HAVE_PTHREADS) && !defined(PEGASUS_OS_VMS)
134 // Set the ID callback. The ID callback returns a thread ID.
135 CRYPTO_set_id_callback((CRYPTO_SET_ID_CALLBACK) pthread_self);
136 # endif
137
138 kumpf 1.31 // Set the locking callback.
139
140 CRYPTO_set_locking_callback(
141 (CRYPTO_SET_LOCKING_CALLBACK) _lockingCallback);
142 }
143
144 /*
145 Reset the SSL locking and ID callbacks.
146 */
147 static void _uninitializeCallbacks()
148 {
149 PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "Resetting SSL callbacks.");
150 CRYPTO_set_locking_callback(NULL);
151 CRYPTO_set_id_callback(NULL);
152 _sslLocks.reset();
153 }
154
155 static void _lockingCallback(
156 int mode,
157 int type,
158 const char* file,
159 kumpf 1.31 int line)
160 {
161 if (mode & CRYPTO_LOCK)
162 {
163 _sslLocks.get()[type].lock();
164 }
165 else
166 {
167 _sslLocks.get()[type].unlock();
168 }
169 }
170
171 /**
172 Locks to be used by SSL.
173 */
174 static AutoArrayPtr<Mutex> _sslLocks;
175
176 /**
177 Count of the instances of this class. The SSL environment must be
178 initialized when the first SSLEnvironmentInitializer is constructed.
179 It must be uninitialized when the last SSLEnvironmentInitializer is
180 kumpf 1.31 destructed.
181 */
182 static int _instanceCount;
183
184 /**
185 Mutex for controlling access to _instanceCount.
186 */
187 static Mutex _instanceCountMutex;
188 };
189
190 #endif
191
|
192 dave.sudlik 1.22 class SSLCallbackInfoRep
193 {
194 public:
195 SSLCertificateVerifyFunction* verifyCertificateCallback;
|
196 h.sterling 1.24 Array<SSLCertificateInfo*> peerCertificate;
|
197 dave.sudlik 1.22 X509_STORE* crlStore;
|
198 sushma.fernandes 1.29
199 String ipAddress;
200
201 friend class SSLCallback;
202
203 friend class SSLCallbackInfo;
|
204 dave.sudlik 1.22 };
|
205 kumpf 1.1
|
206 kumpf 1.32 class PEGASUS_COMMON_LINKAGE SSLContextRep
|
207 kumpf 1.1 {
208 public:
209
210 /** Constructor for a SSLContextRep object.
|
211 h.sterling 1.14 @param trustStore trust store file path
|
212 kumpf 1.11 @param certPath server certificate file path
213 @param keyPath server key file path
|
214 kumpf 1.1 @param verifyCert function pointer to a certificate verification
215 call back function.
|
216 h.sterling 1.14 @param randomFile file path of a random file that is used as a seed
217 for random number generation by OpenSSL.
218
219 @exception SSLException exception indicating failure to create a context.
220 */
221 SSLContextRep(
222 const String& trustStore,
223 const String& certPath = String::EMPTY,
224 const String& keyPath = String::EMPTY,
|
225 h.sterling 1.21 const String& crlPath = String::EMPTY,
|
226 h.sterling 1.14 SSLCertificateVerifyFunction* verifyCert = NULL,
227 const String& randomFile = String::EMPTY);
228
|
229 kumpf 1.7 SSLContextRep(const SSLContextRep& sslContextRep);
230
|
231 kumpf 1.1 ~SSLContextRep();
232
233 SSL_CTX * getContext() const;
234
|
235 h.sterling 1.14 String getTrustStore() const;
236
237 String getCertPath() const;
238
239 String getKeyPath() const;
240
|
241 dave.sudlik 1.22 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES
|
242 kumpf 1.28 String getTrustStoreUserName() const;
|
243 dave.sudlik 1.22 #endif
244
|
245 h.sterling 1.21 String getCRLPath() const;
|
246 h.sterling 1.14
|
247 kumpf 1.30 SharedPtr<X509_STORE, FreeX509STOREPtr> getCRLStore() const;
|
248 h.sterling 1.21
249 void setCRLStore(X509_STORE* store);
|
250 h.sterling 1.14
|
251 h.sterling 1.19 Boolean isPeerVerificationEnabled() const;
|
252 h.sterling 1.14
|
253 h.sterling 1.16 SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
254
|
255 kumpf 1.32 /**
256 Checks if the certificate associated with this SSL context has expired
257 or is not yet valid.
258 @exception SSLException if the certificate is determined to be invalid.
259 */
260 void validateCertificate();
261
|
262 aruran.ms 1.23 private:
263
|
264 kumpf 1.31 #ifdef PEGASUS_HAS_SSL
265 /**
266 Ensures that the SSL environment remains initialized for the lifetime
267 of the SSLContextRep object.
268 */
269 SSLEnvironmentInitializer _env;
270 #endif
271
|
272 aruran.ms 1.23 SSL_CTX * _makeSSLContext();
273 void _randomInit(const String& randomFile);
274 Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath);
275
|
276 h.sterling 1.14 String _trustStore;
277 String _certPath;
278 String _keyPath;
|
279 h.sterling 1.21 String _crlPath;
|
280 kumpf 1.7 String _randomFile;
281 SSL_CTX * _sslContext;
|
282 h.sterling 1.14
283 Boolean _verifyPeer;
|
284 kumpf 1.10
|
285 h.sterling 1.16 SSLCertificateVerifyFunction* _certificateVerifyFunction;
286
|
287 kumpf 1.30 SharedPtr<X509_STORE, FreeX509STOREPtr> _crlStore;
|
288 kumpf 1.1 };
289
290 PEGASUS_NAMESPACE_END
291
292 #endif /* Pegasus_SSLContextRep_h */
|