1 martin 1.45 //%LICENSE////////////////////////////////////////////////////////////////
|
2 martin 1.46 //
|
3 martin 1.45 // Licensed to The Open Group (TOG) under one or more contributor license
4 // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with
5 // this work for additional information regarding copyright ownership.
6 // Each contributor licenses this file to you under the OpenPegasus Open
7 // Source License; you may not use this file except in compliance with the
8 // License.
|
9 martin 1.46 //
|
10 martin 1.45 // Permission is hereby granted, free of charge, to any person obtaining a
11 // copy of this software and associated documentation files (the "Software"),
12 // to deal in the Software without restriction, including without limitation
13 // the rights to use, copy, modify, merge, publish, distribute, sublicense,
14 // and/or sell copies of the Software, and to permit persons to whom the
15 // Software is furnished to do so, subject to the following conditions:
|
16 martin 1.46 //
|
17 martin 1.45 // The above copyright notice and this permission notice shall be included
18 // in all copies or substantial portions of the Software.
|
19 martin 1.46 //
|
20 martin 1.45 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
21 martin 1.46 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
22 martin 1.45 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23 // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24 // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25 // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26 // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
27 martin 1.46 //
|
28 martin 1.45 //////////////////////////////////////////////////////////////////////////
|
29 sushma.fernandes 1.35 //
|
30 mike 1.2 //%/////////////////////////////////////////////////////////////////////////////
31
32 #ifndef Pegasus_TLS_h
33 #define Pegasus_TLS_h
34
35 #include <Pegasus/Common/Config.h>
|
36 mday 1.13 #include <Pegasus/Common/Socket.h>
|
37 mike 1.2 #include <Pegasus/Common/String.h>
|
38 kumpf 1.11 #include <Pegasus/Common/InternalException.h>
|
39 kumpf 1.7 #include <Pegasus/Common/SSLContext.h>
|
40 kumpf 1.9 #include <Pegasus/Common/Linkage.h>
|
41 joyce.j 1.21 #include <Pegasus/Common/AutoPtr.h>
|
42 mike 1.33 #include <Pegasus/Common/ReadWriteSem.h>
|
43 mike 1.2
44 PEGASUS_NAMESPACE_BEGIN
45
46 #ifdef PEGASUS_HAS_SSL
|
47 kumpf 1.9 class PEGASUS_COMMON_LINKAGE SSLSocket
|
48 mike 1.2 {
49 public:
50
|
51 kumpf 1.23 SSLSocket(
|
52 mike 1.31 SocketHandle socket,
|
53 kumpf 1.23 SSLContext * sslcontext,
|
54 sushma.fernandes 1.37 ReadWriteSem * sslContextObjectLock,
55 const String& ipAddress);
|
56 mike 1.2
57 ~SSLSocket();
58
|
59 kumpf 1.39 Boolean incompleteSecureReadOccurred(Sint32 retCode);
|
60 kumpf 1.12
|
61 mike 1.2 Sint32 read(void* ptr, Uint32 size);
62
|
63 marek 1.32 Sint32 timedWrite(const void* ptr,
64 Uint32 size,
65 Uint32 socketWriteTimeout);
|
66 mike 1.2
67 void close();
68
69 void disableBlocking();
70
71 static void initializeInterface();
72
73 static void uninitializeInterface();
74
|
75 mike 1.31 SocketHandle getSocket() {return _socket;}
|
76 mike 1.2
|
77 kumpf 1.23 /**
|
78 david.dillard 1.24 Accepts the connection, performing the necessary SSL handshake.
|
79 kumpf 1.23
80 @return Returns -1 on failure, 0 if not enough data is available to
81 complete the operation (retry needed), and 1 on success.
82 */
|
83 mike 1.2 Sint32 accept();
84
|
85 kumpf 1.42 Sint32 connect(Uint32 timeoutMilliseconds);
|
86 mike 1.2
|
87 h.sterling 1.15 Boolean isPeerVerificationEnabled();
|
88 david.dillard 1.24
|
89 h.sterling 1.15 Boolean isCertificateVerified();
90
|
91 carolann.graves 1.28 /**
92 Gets peer certificate chain.
93
94 @return array of SSLCertificateInfo pointers if there is an
95 SSLCallbackInfo pointer,
96 Otherwise an empty array
97 */
|
98 h.sterling 1.27 Array<SSLCertificateInfo*> getPeerCertificateChain();
|
99 h.sterling 1.15
|
100 mike 1.2 private:
101
|
102 kumpf 1.38 /**
103 This member is of type SSL*, but we don't want to expose a dependency
104 on the SSL include files in a header file.
105 */
106 void* _SSLConnection;
107
|
108 mike 1.31 SocketHandle _socket;
|
109 mike 1.2 SSLContext * _SSLContext;
|
110 kumpf 1.43 /**
111 Keeps a copy of the CRL store from the _SSLContext to prevent using a
112 dangling pointer when the CRL store is reloaded in the _SSLContext.
113 */
|
114 kumpf 1.44 void* _crlStore;
|
115 kumpf 1.23 ReadWriteSem * _sslContextObjectLock;
|
116 sushma.fernandes 1.26 Uint32 _sslReadErrno;
|
117 h.sterling 1.15
|
118 joyce.j 1.21 AutoPtr<SSLCallbackInfo> _SSLCallbackInfo;
|
119 sushma.fernandes 1.41 String _ipAddress;
|
120 kumpf 1.16 Boolean _certificateVerified;
|
121 mike 1.2 };
122 #else
123
124 // offer a non ssl dummy class for use in MP_Socket
125
|
126 mike 1.30 class SSLSocket {};
|
127 mike 1.2
|
128 kumpf 1.7 #endif // end of PEGASUS_HAS_SSL
|
129 mike 1.2
130 //
131 // MP_Socket (Multi-purpose Socket class
132 //
133
134 class MP_Socket {
135
136 public:
|
137 mike 1.31 MP_Socket(SocketHandle socket); // "normal" socket
|
138 mike 1.2
|
139 kumpf 1.23 MP_Socket(
|
140 mike 1.31 SocketHandle socket,
|
141 kumpf 1.23 SSLContext * sslcontext,
|
142 sushma.fernandes 1.37 ReadWriteSem * sslContextObjectLock,
143 const String& ipAddress = String::EMPTY);
|
144 mike 1.2
145 ~MP_Socket();
146
147 Boolean isSecure();
|
148 kumpf 1.12
|
149 kumpf 1.39 Boolean incompleteSecureReadOccurred(Sint32 retCode);
|
150 mike 1.2
|
151 mike 1.31 SocketHandle getSocket();
|
152 mike 1.2
153 Sint32 read(void* ptr, Uint32 size);
154
155 Sint32 write(const void* ptr, Uint32 size);
156
157 void close();
158
159 void disableBlocking();
160
|
161 kumpf 1.23 /**
|
162 david.dillard 1.24 Accepts the connection, performing an SSL handshake if applicable.
|
163 kumpf 1.23
164 @return Returns -1 on failure, 0 if not enough data is available to
165 complete the operation (retry needed), and 1 on success.
166 */
|
167 mike 1.2 Sint32 accept();
168
|
169 kumpf 1.42 Sint32 connect(Uint32 timeoutMilliseconds);
|
170 h.sterling 1.15
171 Boolean isPeerVerificationEnabled();
172
|
173 h.sterling 1.27 Array<SSLCertificateInfo*> getPeerCertificateChain();
|
174 h.sterling 1.15
175 Boolean isCertificateVerified();
176
|
177 marek 1.32 void setSocketWriteTimeout(Uint32 socketWriteTimeout);
178
|
179 thilo.boehm 1.34 #ifdef PEGASUS_OS_ZOS
180 // Return the authenicated user name
|
181 kumpf 1.36 String getAuthenticatedUser() { return String(_username); }
|
182 thilo.boehm 1.40 // Is the client authenticated ?
|
183 kumpf 1.36 Boolean isClientAuthenticated() { return _userAuthenticated; }
|
184 thilo.boehm 1.40 // What was type of authentication ?
185 String getAuthType() { return _authType; }
|
186 kumpf 1.36 #endif
|
187 thilo.boehm 1.34
|
188 mike 1.2 union {
|
189 mike 1.31 SocketHandle _socket;
|
190 mike 1.2 SSLSocket *_sslsock;
191 };
192
193 private:
194 Boolean _isSecure;
|
195 marek 1.32 Uint32 _socketWriteTimeout;
|
196 sushma.fernandes 1.37
|
197 thilo.boehm 1.34 #ifdef PEGASUS_OS_ZOS
|
198 kumpf 1.47 // Query a AT-TLS secured socket for the authenticated
|
199 thilo.boehm 1.40 // client userID.
200 int ATTLS_zOS_query();
201
202 // Query a UNIX Domain socket (local socket) for
203 // the connected client userID.
204 int LocalSocket_zOS_query();
|
205 kumpf 1.36
|
206 thilo.boehm 1.40 // The user name if authenticated.
|
207 thilo.boehm 1.34 char _username[10];
|
208 thilo.boehm 1.40 // Was a user authenticated ?
|
209 thilo.boehm 1.34 Boolean _userAuthenticated;
|
210 thilo.boehm 1.40 // Was it AT-TLS or UNIX Domain authentication ?
211 String _authType;
|
212 kumpf 1.36 #endif
|
213 thilo.boehm 1.34
|
214 mike 1.2 };
|
215 mday 1.13
216
217
|
218 mike 1.2
219 PEGASUS_NAMESPACE_END
220
221 #endif /* Pegasus_TLS_h */
|