1 karl 1.29 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.18 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.14 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.18 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.20 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.29 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
15 kumpf 1.8 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
18 mike 1.2 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
|
20 karl 1.29 //
|
21 kumpf 1.8 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
22 mike 1.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
24 kumpf 1.8 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
27 mike 1.2 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
|
30 sushma.fernandes 1.35 //==============================================================================
31 //
|
32 mike 1.2 //%/////////////////////////////////////////////////////////////////////////////
33
34 #ifndef Pegasus_TLS_h
35 #define Pegasus_TLS_h
36
37 #ifdef PEGASUS_HAS_SSL
|
38 david.dillard 1.24 #define OPENSSL_NO_KRB5 1
|
39 mike 1.2 #include <openssl/err.h>
40 #include <openssl/ssl.h>
|
41 kumpf 1.4 #include <openssl/rand.h>
|
42 mike 1.2 #else
43 #define SSL_CTX void
|
44 mday 1.13 typedef void SSL_Context;
45
|
46 kumpf 1.7 #endif // end of PEGASUS_HAS_SSL
47
|
48 mike 1.2 #include <Pegasus/Common/Config.h>
|
49 mday 1.13 #include <Pegasus/Common/Socket.h>
|
50 mike 1.2 #include <Pegasus/Common/String.h>
|
51 kumpf 1.11 #include <Pegasus/Common/InternalException.h>
|
52 kumpf 1.7 #include <Pegasus/Common/SSLContext.h>
|
53 kumpf 1.9 #include <Pegasus/Common/Linkage.h>
|
54 joyce.j 1.21 #include <Pegasus/Common/AutoPtr.h>
|
55 mike 1.33 #include <Pegasus/Common/ReadWriteSem.h>
|
56 mike 1.2
|
57 mike 1.3 // REVIEW: Figure out how this works (note to myself)?
58
|
59 kumpf 1.5
|
60 mike 1.2 PEGASUS_NAMESPACE_BEGIN
61
62
63 #ifdef PEGASUS_HAS_SSL
|
64 kumpf 1.9 class PEGASUS_COMMON_LINKAGE SSLSocket
|
65 mike 1.2 {
66 public:
67
|
68 kumpf 1.23 SSLSocket(
|
69 mike 1.31 SocketHandle socket,
|
70 kumpf 1.23 SSLContext * sslcontext,
|
71 sushma.fernandes 1.35 ReadWriteSem * sslContextObjectLock);
|
72 mike 1.2
73 ~SSLSocket();
74
|
75 kumpf 1.12 Boolean incompleteReadOccurred(Sint32 retCode);
76
|
77 mike 1.2 Sint32 read(void* ptr, Uint32 size);
78
|
79 marek 1.32 Sint32 timedWrite(const void* ptr,
80 Uint32 size,
81 Uint32 socketWriteTimeout);
|
82 mike 1.2
83 void close();
84
85 void enableBlocking();
86
87 void disableBlocking();
88
89 static void initializeInterface();
90
91 static void uninitializeInterface();
92
|
93 mike 1.31 SocketHandle getSocket() {return _socket;}
|
94 mike 1.2
|
95 kumpf 1.23 /**
|
96 david.dillard 1.24 Accepts the connection, performing the necessary SSL handshake.
|
97 kumpf 1.23
98 @return Returns -1 on failure, 0 if not enough data is available to
99 complete the operation (retry needed), and 1 on success.
100 */
|
101 mike 1.2 Sint32 accept();
102
103 Sint32 connect();
104
|
105 h.sterling 1.15 Boolean isPeerVerificationEnabled();
|
106 david.dillard 1.24
|
107 h.sterling 1.15 Boolean isCertificateVerified();
108
|
109 carolann.graves 1.28 /**
110 Gets peer certificate chain.
111
112 @return array of SSLCertificateInfo pointers if there is an
113 SSLCallbackInfo pointer,
114 Otherwise an empty array
115 */
|
116 h.sterling 1.27 Array<SSLCertificateInfo*> getPeerCertificateChain();
|
117 h.sterling 1.15
|
118 mike 1.2 private:
119
120 SSL * _SSLConnection;
|
121 mike 1.31 SocketHandle _socket;
|
122 mike 1.2 SSLContext * _SSLContext;
|
123 kumpf 1.23 ReadWriteSem * _sslContextObjectLock;
|
124 sushma.fernandes 1.26 Uint32 _sslReadErrno;
|
125 h.sterling 1.15
|
126 joyce.j 1.21 AutoPtr<SSLCallbackInfo> _SSLCallbackInfo;
|
127 kumpf 1.16 Boolean _certificateVerified;
|
128 mike 1.2 };
129 #else
130
131 // offer a non ssl dummy class for use in MP_Socket
132
|
133 mike 1.30 class SSLSocket {};
|
134 mike 1.2
|
135 kumpf 1.7 #endif // end of PEGASUS_HAS_SSL
|
136 mike 1.2
137 //
138 // MP_Socket (Multi-purpose Socket class
139 //
140
141 class MP_Socket {
142
143 public:
|
144 mike 1.31 MP_Socket(SocketHandle socket); // "normal" socket
|
145 mike 1.2
|
146 kumpf 1.23 MP_Socket(
|
147 mike 1.31 SocketHandle socket,
|
148 kumpf 1.23 SSLContext * sslcontext,
|
149 sushma.fernandes 1.35 ReadWriteSem * sslContextObjectLock);
|
150 mike 1.2
151 ~MP_Socket();
152
153 Boolean isSecure();
|
154 kumpf 1.12
155 Boolean incompleteReadOccurred(Sint32 retCode);
|
156 mike 1.2
|
157 mike 1.31 SocketHandle getSocket();
|
158 mike 1.2
159 Sint32 read(void* ptr, Uint32 size);
160
161 Sint32 write(const void* ptr, Uint32 size);
162
163 void close();
164
165 void enableBlocking();
166
167 void disableBlocking();
168
|
169 kumpf 1.23 /**
|
170 david.dillard 1.24 Accepts the connection, performing an SSL handshake if applicable.
|
171 kumpf 1.23
172 @return Returns -1 on failure, 0 if not enough data is available to
173 complete the operation (retry needed), and 1 on success.
174 */
|
175 mike 1.2 Sint32 accept();
176
177 Sint32 connect();
|
178 h.sterling 1.15
179 Boolean isPeerVerificationEnabled();
180
|
181 h.sterling 1.27 Array<SSLCertificateInfo*> getPeerCertificateChain();
|
182 h.sterling 1.15
183 Boolean isCertificateVerified();
184
|
185 marek 1.32 void setSocketWriteTimeout(Uint32 socketWriteTimeout);
186
|
187 thilo.boehm 1.34 #ifdef PEGASUS_OS_ZOS
188 // Return the authenicated user name
|
189 kumpf 1.36 String getAuthenticatedUser() { return String(_username); }
190 Boolean isClientAuthenticated() { return _userAuthenticated; }
191 #endif
|
192 thilo.boehm 1.34
|
193 mike 1.2 union {
|
194 mike 1.31 SocketHandle _socket;
|
195 mike 1.2 SSLSocket *_sslsock;
196 };
197
198 private:
199 Boolean _isSecure;
|
200 marek 1.32 Uint32 _socketWriteTimeout;
|
201 thilo.boehm 1.34 #ifdef PEGASUS_OS_ZOS
|
202 kumpf 1.36
|
203 thilo.boehm 1.34 int ATTLS_zOS_query();
204 // The user name if authenticated through ATTLS.
205 char _username[10];
206 Boolean _userAuthenticated;
|
207 kumpf 1.36 #endif
|
208 thilo.boehm 1.34
|
209 mike 1.2 };
|
210 mday 1.13
211
212
|
213 mike 1.2
214 PEGASUS_NAMESPACE_END
215
216 #endif /* Pegasus_TLS_h */
|