SSLContext.h
1 //%LICENSE////////////////////////////////////////////////////////////////
2 //
3 // Licensed to The Open Group (TOG) under one or more contributor license
4 // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with
5 // this work for additional information regarding copyright ownership.
6 // Each contributor licenses this file to you under the OpenPegasus Open
7 // Source License; you may not use this file except in compliance with the
8 // License.
9 //
10 // Permission is hereby granted, free of charge, to any person obtaining a
11 // copy of this software and associated documentation files (the "Software"),
12 // to deal in the Software without restriction, including without limitation
13 // the rights to use, copy, modify, merge, publish, distribute, sublicense,
14 // and/or sell copies of the Software, and to permit persons to whom the
15 // Software is furnished to do so, subject to the following conditions:
16 //
17 // The above copyright notice and this permission notice shall be included
18 // in all copies or substantial portions of the Software.
19 //
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
21 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23 // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24 // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25 // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26 // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 //
29 //
30 //%/////////////////////////////////////////////////////////////////////////////
31 
32 #ifndef Pegasus_SSLContext_h
33 #define Pegasus_SSLContext_h
34 
35 #include <Pegasus/Common/CIMDateTime.h>
36 #include <Pegasus/Common/Config.h>
37 #include <Pegasus/Common/String.h>
38 #include <Pegasus/Common/Exception.h>
39 #include <Pegasus/Common/Linkage.h>
40 
41 #ifdef PEGASUS_HAS_SSL
42 typedef struct x509_store_st X509_STORE;
43 #else
44 # define X509_STORE int
45 #endif
46 
47 PEGASUS_NAMESPACE_BEGIN
48 
49 class SSLCertificateInfoRep;
50 class SSLContextRep;
51 class SSLContext;
52 class SSLSocket;
53 class CIMServer;
54 class SSLCertificateInfo;
55 class SSLCallback;
56 class SSLContextManager;
57 class SSLCallbackInfoRep;
58 
59 // Pegasus-defined SSL certificate verification callback
60 typedef Boolean (SSLCertificateVerifyFunction) (SSLCertificateInfo &certInfo);
61 
74 class PEGASUS_COMMON_LINKAGE SSLCallbackInfo
75 {
76 public:
77 
81  static const int SSL_CALLBACK_INDEX;
82 
89  SSLCallbackInfo(SSLCertificateVerifyFunction* verifyCert);
90 
100  SSLCertificateVerifyFunction* verifyCert,
101  X509_STORE* crlStore);
102 
106  ~SSLCallbackInfo();
107 
108 private:
109 
111  SSLCertificateVerifyFunction* verifyCert,
112  X509_STORE* crlStore,
113  String ipAddress);
114 
115  SSLCallbackInfo();
116 
117  SSLCallbackInfo(const SSLCallbackInfo& sslCallbackInfo);
118  SSLCallbackInfo& operator=(const SSLCallbackInfo& sslCallbackInfo);
119 
120  SSLCallbackInfoRep* _rep;
121 
122  friend class SSLSocket;
123 
124  friend class SSLCallback;
125 };
126 
127 
131 class PEGASUS_COMMON_LINKAGE SSLCertificateInfo
132 {
133 public:
134 
139  static const int V_OK;
140 
144  static const int V_ERR_UNABLE_TO_GET_CRL;
154  static const int V_ERR_CRL_SIGNATURE_FAILURE;
156  static const int V_ERR_CERT_NOT_YET_VALID;
158  static const int V_ERR_CERT_HAS_EXPIRED;
160  static const int V_ERR_CRL_NOT_YET_VALID;
162  static const int V_ERR_CRL_HAS_EXPIRED;
172  static const int V_ERR_OUT_OF_MEM;
182  static const int V_ERR_CERT_CHAIN_TOO_LONG;
184  static const int V_ERR_CERT_REVOKED;
186  static const int V_ERR_INVALID_CA;
188  static const int V_ERR_PATH_LENGTH_EXCEEDED;
190  static const int V_ERR_INVALID_PURPOSE;
192  static const int V_ERR_CERT_UNTRUSTED;
194  static const int V_ERR_CERT_REJECTED;
198  static const int V_ERR_AKID_SKID_MISMATCH;
202  static const int V_ERR_KEYUSAGE_NO_CERTSIGN;
203 
206 
220  const String subjectName,
221  const String issuerName,
222  const int errorDepth,
223  const int errorCode,
224  const int respCode);
225 
229  SSLCertificateInfo(const SSLCertificateInfo& certificateInfo);
230 
232 
236  String getSubjectName() const;
237 
241  String getIssuerName() const;
242 
247  CIMDateTime getNotAfter() const;
248 
253  CIMDateTime getNotBefore() const;
254 
258  Uint32 getVersionNumber() const;
259 
263  long getSerialNumber() const;
264 
268  Uint32 getErrorDepth() const;
269 
273  Uint32 getErrorCode() const;
274 
278  void setErrorCode(const int errorCode);
279 
283  String getErrorString() const;
284 
288  Uint32 getResponseCode() const;
289 
295  void setResponseCode(const int respCode);
296 
300  String toString() const;
301 
305 #ifdef PEGASUS_USE_EXPERIMENTAL_INTERFACES
306  const String &getPeerCertificate() const;
307 #endif
308 
309 private:
310 
329  const String subjectName,
330  const String issuerName,
331  const Uint32 versionNumber,
332  const long serialNumber,
333  const CIMDateTime notBefore,
334  const CIMDateTime notAfter,
335  const Uint32 depth,
336  const Uint32 errorCode,
337  const String errorString,
338  const Uint32 respCode);
339 
341  SSLCertificateInfo& operator=(const SSLCertificateInfo& sslCertificateInfo);
342 
343  SSLCertificateInfoRep* _rep;
344 
345  // SSLSocket needs to use the private constructor to create
346  // a certificate object to pass to the AuthenticationInfo and
347  // OperationContext classes
348  friend class SSLSocket;
349 
350  friend class SSLCallback;
351 };
352 
356 class PEGASUS_COMMON_LINKAGE SSLContext
357 {
358 public:
359 
381  SSLContext(
382  const String& trustStore,
383  SSLCertificateVerifyFunction* verifyCert,
384  const String& randomFile = String::EMPTY);
385 
390  SSLContext(const SSLContext& sslContext);
391 
395  ~SSLContext();
396 
401  String getTrustStore() const;
402 
406  String getCertPath() const;
407 
411  String getKeyPath() const;
412 
416  String getCRLPath() const;
417 
421  X509_STORE* getCRLStore() const;
422 
423 #ifdef PEGASUS_USE_EXPERIMENTAL_INTERFACES
424 
427  String getCipherSuite() const;
428 #endif
429 
434  Boolean isPeerVerificationEnabled() const;
435 
436 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES
437 
442  String getTrustStoreUserName() const;
443 #endif
444 
449  SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;
450 
475  SSLContext(
476  const String& trustStore,
477  const String& certPath,
478  const String& keyPath,
479  SSLCertificateVerifyFunction* verifyCert,
480  const String& randomFile);
481 
482 
508  SSLContext(
509  const String& trustStore,
510  const String& certPath,
511  const String& keyPath,
512  const String& crlPath,
513  SSLCertificateVerifyFunction* verifyCert,
514  const String& randomFile);
515 
516 #ifdef PEGASUS_USE_EXPERIMENTAL_INTERFACES
517 
546  SSLContext(
547  const String& trustStore,
548  const String& certPath,
549  const String& keyPath,
550  const String& crlPath,
551  SSLCertificateVerifyFunction* verifyCert,
552  const String& randomFile,
553  const String& cipherSuite,
554  const Boolean & sslCompatibility = false);
555 
556 
557 #endif
558 
559 #ifdef PEGASUS_USE_DEPRECATED_INTERFACES
560 
577  SSLContext(
578  const String& trustStore,
579  const String& certPath,
580  const String& keyPath,
581  SSLCertificateVerifyFunction* verifyCert,
582  String trustStoreUserName,
583  const String& randomFile);
584 #endif
585 
586 private:
587 
588  SSLContext();
589  SSLContext& operator=(const SSLContext& sslContext);
590 
591  void _validateCertificate();
592 
593  SSLContextRep* _rep;
594 
595  friend class SSLSocket;
596  friend class CIMServer;
597  friend class SSLContextManager;
598 };
599 
600 PEGASUS_NAMESPACE_END
601 
602 #endif /* Pegasus_SSLContext_h */
static const int V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
Definition: SSLContext.h:150
static const int V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
Definition: SSLContext.h:168
static const int V_ERR_CERT_REJECTED
Definition: SSLContext.h:194
static const int V_ERR_CRL_SIGNATURE_FAILURE
Definition: SSLContext.h:154
static const int V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
Definition: SSLContext.h:146
static const int V_ERR_OUT_OF_MEM
Definition: SSLContext.h:172
static const int V_ERR_AKID_SKID_MISMATCH
Definition: SSLContext.h:198
static const int V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
Definition: SSLContext.h:174
static const int V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
Definition: SSLContext.h:164
static const int V_ERR_CERT_UNTRUSTED
Definition: SSLContext.h:192
static const int V_ERR_CRL_HAS_EXPIRED
Definition: SSLContext.h:162
Definition: String.h:119
static const int V_ERR_CERT_CHAIN_TOO_LONG
Definition: SSLContext.h:182
static const int V_ERR_CERT_NOT_YET_VALID
Definition: SSLContext.h:156
Definition: SSLContext.h:131
static const int V_ERR_INVALID_CA
Definition: SSLContext.h:186
static const int V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
Definition: SSLContext.h:148
static const int V_ERR_UNABLE_TO_GET_CRL
Definition: SSLContext.h:144
static const int V_ERR_CERT_REVOKED
Definition: SSLContext.h:184
static const int V_ERR_UNABLE_TO_GET_ISSUER_CERT
Definition: SSLContext.h:142
static const int V_ERR_PATH_LENGTH_EXCEEDED
Definition: SSLContext.h:188
static const int SSL_CALLBACK_INDEX
Definition: SSLContext.h:81
static const int V_ERR_AKID_ISSUER_SERIAL_MISMATCH
Definition: SSLContext.h:200
static const int V_ERR_CRL_NOT_YET_VALID
Definition: SSLContext.h:160
static const String EMPTY
Definition: String.h:127
Definition: SSLContext.h:356
static const int V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
Definition: SSLContext.h:180
static const int V_ERR_CERT_HAS_EXPIRED
Definition: SSLContext.h:158
static const int V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
Definition: SSLContext.h:166
static const int V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
Definition: SSLContext.h:170
static const int V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
Definition: SSLContext.h:178
static const int V_ERR_SUBJECT_ISSUER_MISMATCH
Definition: SSLContext.h:196
static const int V_OK
Definition: SSLContext.h:139
Definition: CIMDateTime.h:119
Definition: SSLContext.h:74
static const int V_ERR_INVALID_PURPOSE
Definition: SSLContext.h:190
static const int V_ERR_CERT_SIGNATURE_FAILURE
Definition: SSLContext.h:152
static const int V_ERR_SELF_SIGNED_CERT_IN_CHAIN
Definition: SSLContext.h:176
static const int V_ERR_KEYUSAGE_NO_CERTSIGN
Definition: SSLContext.h:202
static const int V_ERR_APPLICATION_VERIFICATION
Definition: SSLContext.h:205