pegasus/src/Pegasus/Common/SSLContextRep.h - annotate

Return to SSLContextRep.h CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Common

1 martin 1.35 //%LICENSE////////////////////////////////////////////////////////////////
2 martin 1.36 //
3 martin 1.35 // Licensed to The Open Group (TOG) under one or more contributor license 4 // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with 5 // this work for additional information regarding copyright ownership. 6 // Each contributor licenses this file to you under the OpenPegasus Open 7 // Source License; you may not use this file except in compliance with the 8 // License.
9 martin 1.36 //
10 martin 1.35 // Permission is hereby granted, free of charge, to any person obtaining a 11 // copy of this software and associated documentation files (the "Software"), 12 // to deal in the Software without restriction, including without limitation 13 // the rights to use, copy, modify, merge, publish, distribute, sublicense, 14 // and/or sell copies of the Software, and to permit persons to whom the 15 // Software is furnished to do so, subject to the following conditions:
16 martin 1.36 //
17 martin 1.35 // The above copyright notice and this permission notice shall be included 18 // in all copies or substantial portions of the Software.
19 martin 1.36 //
20 martin 1.35 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
21 martin 1.36 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 martin 1.35 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 23 // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 24 // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 25 // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 26 // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 martin 1.36 //
28 martin 1.35 //////////////////////////////////////////////////////////////////////////
29 kumpf 1.1 // 30 //%///////////////////////////////////////////////////////////////////////////// 31
32 kumpf 1.30 #ifndef Pegasus_SSLContextRep_h 33 #define Pegasus_SSLContextRep_h 34
35 kumpf 1.1 #ifdef PEGASUS_HAS_SSL
36 kumpf 1.30 # define OPENSSL_NO_KRB5 1 37 # include <openssl/err.h> 38 # include <openssl/ssl.h> 39 # include <openssl/rand.h>
40 kumpf 1.1 #else
41 kumpf 1.30 # define SSL_CTX void
42 kumpf 1.1 #endif
43 kumpf 1.30
44 kumpf 1.1 #include <Pegasus/Common/SSLContext.h>
45 mike 1.27 #include <Pegasus/Common/Mutex.h>
46 kumpf 1.31 #include <Pegasus/Common/Threads.h> 47 #include <Pegasus/Common/Tracer.h>
48 kumpf 1.30 #include <Pegasus/Common/AutoPtr.h> 49 #include <Pegasus/Common/SharedPtr.h>
50 kumpf 1.1
51 kumpf 1.31 // 52 // Typedef's for OpenSSL callback functions. 53 // 54 extern "C" 55 { 56 typedef void (* CRYPTO_SET_LOCKING_CALLBACK)(int, int, const char , int); 57 typedef unsigned long ( CRYPTO_SET_ID_CALLBACK)(void);
58 dmitry.mikulin 1.34 }
59 kumpf 1.31
60 kumpf 1.30 PEGASUS_NAMESPACE_BEGIN
61 kumpf 1.1
62 marek 1.40 #ifdef PEGASUS_HAS_SSL
63 kumpf 1.30 struct FreeX509STOREPtr 64 { 65 void operator()(X509_STORE* ptr) 66 { 67 X509_STORE_free(ptr); 68 } 69 };
70 marek 1.40 #else 71 struct FreeX509STOREPtr 72 { 73 void operator()(X509_STORE*) 74 { 75 } 76 }; 77 #endif 78
79 kumpf 1.1
80 kumpf 1.31 #ifdef PEGASUS_HAS_SSL 81 82 class SSLEnvironmentInitializer 83 { 84 public: 85 86 SSLEnvironmentInitializer() 87 { 88 AutoMutex autoMut(_instanceCountMutex); 89 90 PEG_TRACE((TRC_SSL, Tracer::LEVEL4, 91 "In SSLEnvironmentInitializer(), _instanceCount is %d", 92 _instanceCount)); 93 94 if (_instanceCount == 0) 95 { 96 _initializeCallbacks(); 97 SSL_load_error_strings(); 98 SSL_library_init(); 99 } 100 101 kumpf 1.31 _instanceCount++; 102 } 103 104 ~SSLEnvironmentInitializer() 105 { 106 AutoMutex autoMut(_instanceCountMutex); 107 _instanceCount--; 108 109 PEG_TRACE((TRC_SSL, Tracer::LEVEL4, 110 "In ~SSLEnvironmentInitializer(), _instanceCount is %d", 111 _instanceCount)); 112
113 dl.meetei 1.41
114 kumpf 1.31 if (_instanceCount == 0) 115 {
116 dl.meetei 1.41 EVP_cleanup(); 117 CRYPTO_cleanup_all_ex_data();
118 kumpf 1.31 ERR_free_strings(); 119 _uninitializeCallbacks(); 120 }
121 dl.meetei 1.41 ERR_remove_state(0);
122 kumpf 1.31 } 123 124 private: 125 126 SSLEnvironmentInitializer(const SSLEnvironmentInitializer&); 127 SSLEnvironmentInitializer& operator=(const SSLEnvironmentInitializer&); 128 129 /* 130 Initialize the SSL locking and ID callbacks. 131 */ 132 static void _initializeCallbacks() 133 { 134 PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, 135 "Initializing SSL callbacks."); 136 137 // Allocate Memory for _sslLocks. SSL locks needs to be able to handle 138 // up to CRYPTO_num_locks() different mutex locks. 139 140 _sslLocks.reset(new Mutex[CRYPTO_num_locks()]); 141
142 john.eisenbraun 1.37 #ifdef PEGASUS_HAVE_PTHREADS
143 kumpf 1.31 // Set the ID callback. The ID callback returns a thread ID.
144 john.eisenbraun 1.37 # ifdef PEGASUS_OS_VMS 145 CRYPTO_set_id_callback((CRYPTO_SET_ID_CALLBACK) _getThreadId); 146 # else
147 kumpf 1.31 CRYPTO_set_id_callback((CRYPTO_SET_ID_CALLBACK) pthread_self); 148 # endif
149 john.eisenbraun 1.37 #endif
150 kumpf 1.31 151 // Set the locking callback. 152 153 CRYPTO_set_locking_callback( 154 (CRYPTO_SET_LOCKING_CALLBACK) _lockingCallback); 155 } 156
157 john.eisenbraun 1.37 #if defined(PEGASUS_OS_VMS) && defined(PEGASUS_HAVE_PTHREADS) 158 static unsigned long _getThreadId(void) 159 { 160 return pthread_getsequence_np(pthread_self()); 161 } 162 #endif
163 kumpf 1.31 /* 164 Reset the SSL locking and ID callbacks. 165 */ 166 static void _uninitializeCallbacks() 167 { 168 PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "Resetting SSL callbacks."); 169 CRYPTO_set_locking_callback(NULL); 170 CRYPTO_set_id_callback(NULL); 171 _sslLocks.reset(); 172 } 173 174 static void _lockingCallback( 175 int mode, 176 int type,
177 marek 1.40 const char*, 178 int)
179 kumpf 1.31 { 180 if (mode & CRYPTO_LOCK) 181 { 182 _sslLocks.get()[type].lock(); 183 } 184 else 185 { 186 _sslLocks.get()[type].unlock(); 187 } 188 } 189 190 /** 191 Locks to be used by SSL. 192 / 193 static AutoArrayPtr<Mutex> _sslLocks; 194 195 /* 196 Count of the instances of this class. The SSL environment must be 197 initialized when the first SSLEnvironmentInitializer is constructed. 198 It must be uninitialized when the last SSLEnvironmentInitializer is 199 destructed. 200 kumpf 1.31 / 201 static int _instanceCount; 202 203 /* 204 Mutex for controlling access to _instanceCount. 205 */ 206 static Mutex _instanceCountMutex; 207 }; 208 209 #endif 210
211 dave.sudlik 1.22 class SSLCallbackInfoRep 212 { 213 public: 214 SSLCertificateVerifyFunction* verifyCertificateCallback;
215 h.sterling 1.24 Array<SSLCertificateInfo*> peerCertificate;
216 dave.sudlik 1.22 X509_STORE* crlStore;
217 sushma.fernandes 1.29 218 String ipAddress; 219 220 friend class SSLCallback; 221 222 friend class SSLCallbackInfo;
223 dave.sudlik 1.22 };
224 kumpf 1.1
225 thilo.boehm 1.38 class PEGASUS_COMMON_LINKAGE SSLContextRep
226 kumpf 1.1 { 227 public: 228 229 /** Constructor for a SSLContextRep object.
230 h.sterling 1.14 @param trustStore trust store file path
231 kumpf 1.11 @param certPath server certificate file path 232 @param keyPath server key file path
233 kumpf 1.1 @param verifyCert function pointer to a certificate verification 234 call back function.
235 h.sterling 1.14 @param randomFile file path of a random file that is used as a seed 236 for random number generation by OpenSSL. 237 238 @exception SSLException exception indicating failure to create a context. 239 */ 240 SSLContextRep( 241 const String& trustStore, 242 const String& certPath = String::EMPTY, 243 const String& keyPath = String::EMPTY,
244 h.sterling 1.21 const String& crlPath = String::EMPTY,
245 h.sterling 1.14 SSLCertificateVerifyFunction* verifyCert = NULL,
246 rohini.deshpande 1.39 const String& randomFile = String::EMPTY,
247 dl.meetei 1.41.10.1 const String& cipherSuite = String::EMPTY, 248 const Boolean& sslCompatibility = false);
249 h.sterling 1.14
250 kumpf 1.7 SSLContextRep(const SSLContextRep& sslContextRep); 251
252 kumpf 1.1 ~SSLContextRep(); 253 254 SSL_CTX * getContext() const; 255
256 h.sterling 1.14 String getTrustStore() const; 257 258 String getCertPath() const; 259 260 String getKeyPath() const; 261
262 rohini.deshpande 1.39 String getCipherSuite() const; 263
264 dave.sudlik 1.22 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES
265 kumpf 1.28 String getTrustStoreUserName() const;
266 dave.sudlik 1.22 #endif 267
268 h.sterling 1.21 String getCRLPath() const;
269 h.sterling 1.14
270 kumpf 1.30 SharedPtr<X509_STORE, FreeX509STOREPtr> getCRLStore() const;
271 h.sterling 1.21 272 void setCRLStore(X509_STORE* store);
273 h.sterling 1.14
274 h.sterling 1.19 Boolean isPeerVerificationEnabled() const;
275 h.sterling 1.14
276 h.sterling 1.16 SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const; 277
278 kumpf 1.32 /** 279 Checks if the certificate associated with this SSL context has expired 280 or is not yet valid. 281 @exception SSLException if the certificate is determined to be invalid. 282 */ 283 void validateCertificate(); 284
285 aruran.ms 1.23 private: 286
287 kumpf 1.31 #ifdef PEGASUS_HAS_SSL 288 /** 289 Ensures that the SSL environment remains initialized for the lifetime 290 of the SSLContextRep object. 291 */ 292 SSLEnvironmentInitializer _env; 293 #endif 294
295 aruran.ms 1.23 SSL_CTX * _makeSSLContext(); 296 void _randomInit(const String& randomFile); 297 Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath); 298
299 h.sterling 1.14 String _trustStore; 300 String _certPath; 301 String _keyPath;
302 h.sterling 1.21 String _crlPath;
303 kumpf 1.7 String _randomFile;
304 rohini.deshpande 1.39 String _cipherSuite;
305 dl.meetei 1.41.10.1 Boolean _sslCompatibility;
306 kumpf 1.7 SSL_CTX * _sslContext;
307 h.sterling 1.14 308 Boolean _verifyPeer;
309 kumpf 1.10
310 h.sterling 1.16 SSLCertificateVerifyFunction* _certificateVerifyFunction; 311
312 kumpf 1.30 SharedPtr<X509_STORE, FreeX509STOREPtr> _crlStore;
313 kumpf 1.1 }; 314 315 PEGASUS_NAMESPACE_END 316 317 #endif /* Pegasus_SSLContextRep_h */

No CVS admin address has been configured