Return to SSLContextRep.h CVS log | Up to [Pegasus] / pegasus / src / Pegasus / Common |
File: [Pegasus] / pegasus / src / Pegasus / Common / SSLContextRep.h
(download)
Revision: 1.16, Wed Jun 9 19:49:35 2004 UTC (20 years ago) by h.sterling Branch: MAIN Changes since 1.15: +4 -0 lines PEP#: 165 TITLE: SSL client verification USER: Heather Sterling MAIL: hsterl@us.ibm.com DESCRIPTION Fix global callback problem. Collect all certificate information during callback and store it for later use. |
//%2003//////////////////////////////////////////////////////////////////////// // // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Development // Company, L. P., IBM Corp., The Open Group, Tivoli Systems. // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.; // IBM Corp.; EMC Corporation, The Open Group. // // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to // deal in the Software without restriction, including without limitation the // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or // sell copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // //============================================================================== // // Author: Nag Boranna, Hewlett-Packard Company ( nagaraja_boranna@hp.com ) // // Modified By: Sushma Fernandes, Hewlett-Packard Company (sushma_fernandes@hp.com) // Heather Sterling, IBM (hsterl@us.ibm.com) // //%///////////////////////////////////////////////////////////////////////////// #ifdef PEGASUS_HAS_SSL #define OPENSSL_NO_KRB5 1 #include <openssl/err.h> #include <openssl/ssl.h> #include <openssl/rand.h> #else #define SSL_CTX void #endif #include <Pegasus/Common/SSLContext.h> #include <Pegasus/Common/Linkage.h> #include <Pegasus/Common/IPC.h> #ifndef Pegasus_SSLContextRep_h #define Pegasus_SSLContextRep_h PEGASUS_NAMESPACE_BEGIN class PEGASUS_COMMON_LINKAGE SSLContextRep { /* SSL locking callback function. It is needed to perform locking on shared data structures. This function needs access to variable ssl_locks. Declare it as a friend of class SSLContextRep. @param mode Specifies whether to lock/unlock. @param type Type of lock. @param file File name of the function setting the lock. @param line Line number of the function setting the lock. */ friend void pegasus_locking_callback( int mode, int type, const char* file, int line); public: /** Constructor for a SSLContextRep object. @param trustStore trust store file path @param certPath server certificate file path @param keyPath server key file path @param verifyCert function pointer to a certificate verification call back function. @param randomFile file path of a random file that is used as a seed for random number generation by OpenSSL. @exception SSLException exception indicating failure to create a context. */ SSLContextRep( const String& trustStore, const String& certPath = String::EMPTY, const String& keyPath = String::EMPTY, SSLCertificateVerifyFunction* verifyCert = NULL, const String& randomFile = String::EMPTY); #ifdef PEGASUS_USE_SSL_CLIENT_VERIFICATION //ATTN: We may need to make this more robust to cover the different variations of SSLContexts /** Constructor for a SSLContextRep object. @param trustStore trust store file path @param certPath server certificate file path @param keyPath server key file path @param verifyCert function pointer to a certificate verification call back function. @param randomFile file path of a random file that is used as a seed for random number generation by OpenSSL. @exception SSLException exception indicating failure to create a context. */ SSLContextRep( const String& trustStore, const String& certPath = String::EMPTY, const String& keyPath = String::EMPTY, SSLCertificateVerifyFunction* verifyCert = NULL, Boolean trustStoreAutoUpdate = false, String trustStoreUserName = String::EMPTY, const String& randomFile = String::EMPTY); #endif SSLContextRep(const SSLContextRep& sslContextRep); ~SSLContextRep(); SSL_CTX * getContext() const; String getTrustStore() const; String getCertPath() const; String getKeyPath() const; Boolean isPeerVerificationEnabled() const; Boolean isTrustStoreAutoUpdateEnabled() const; String getTrustStoreUserName() const; SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const; /* Initialize the SSL locking environment. This function sets the locking callback functions. */ static void init_ssl(); /* Cleanup the SSL locking environment. */ static void free_ssl(); private: SSL_CTX * _makeSSLContext(); void _randomInit(const String& randomFile); Boolean _verifyPrivateKey(SSL_CTX *ctx, const String& keyPath); String _trustStore; String _certPath; String _keyPath; String _randomFile; SSL_CTX * _sslContext; Boolean _verifyPeer; Boolean _trustStoreAutoUpdate; String _trustStoreUserName; SSLCertificateVerifyFunction* _certificateVerifyFunction; /* Mutex containing the SSL locks. */ static Mutex* _sslLocks; /* Count for instances of this class. This is used to initialize and free SSL locking objects. */ static int _countRep; /* Mutex for countRep. */ static Mutex _countRepMutex; }; PEGASUS_NAMESPACE_END #endif /* Pegasus_SSLContextRep_h */
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |