blocxx
src
blocxx
SSLCtxMgr.hpp
Go to the documentation of this file.
1
/*******************************************************************************
2
* Copyright (C) 2001-2004 Vintela, Inc. All rights reserved.
3
* Copyright (C) 2004 Novell, Inc. All rights reserved.
4
*
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions are met:
7
*
8
* - Redistributions of source code must retain the above copyright notice,
9
* this list of conditions and the following disclaimer.
10
*
11
* - Redistributions in binary form must reproduce the above copyright notice,
12
* this list of conditions and the following disclaimer in the documentation
13
* and/or other materials provided with the distribution.
14
*
15
* - Neither the name of Vintela, Inc. nor the names of its
16
* contributors may be used to endorse or promote products derived from this
17
* software without specific prior written permission.
18
*
19
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS''
20
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22
* ARE DISCLAIMED. IN NO EVENT SHALL Vintela, Inc. OR THE CONTRIBUTORS
23
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
* POSSIBILITY OF SUCH DAMAGE.
30
*******************************************************************************/
31
37
#ifndef BLOCXX_SSLCtxMgr_HPP_INCLUDE_GUARD_
38
#define BLOCXX_SSLCtxMgr_HPP_INCLUDE_GUARD_
39
#include "blocxx/BLOCXX_config.h"
40
#include "
blocxx/SSLException.hpp
"
41
#include "
blocxx/IntrusiveCountableBase.hpp
"
42
#include "
blocxx/IntrusiveReference.hpp
"
43
#include "
blocxx/Map.hpp
"
44
#include "
blocxx/Bool.hpp
"
45
#ifdef BLOCXX_HAVE_OPENSSL
46
#include "
blocxx/String.hpp
"
47
#include <openssl/crypto.h>
48
#include <openssl/ssl.h>
49
#include <openssl/bio.h>
50
#define BLOCXX_SSLCTX_MAX_CN_LEN 256
51
#define BLOCXX_SSL_RETRY_LIMIT 20
52
53
namespace
BLOCXX_NAMESPACE
54
{
55
62
typedef
int
(*
certVerifyFuncPtr_t
)(
X509
*
cert
,
const
String&
hostName
);
63
64
// TODO: Make this class be a singleton.
65
class
BLOCXX_COMMON_API
SSLCtxMgr
66
{
67
public
:
71
static
int
pem_passwd_cb
(
char
*
buf
,
int
size,
int
rwflag
,
void
*
userData
);
79
static
bool
checkClientCert
(
SSL
*
ssl
,
const
String&
hostName
);
87
static
bool
checkServerCert
(
SSL
*
ssl
,
const
String&
hostName
);
95
static
void
initClient
(
const
String&
certFile
= String(),
const
String&
keyFile
= String());
103
static
void
initServer
(
const
String&
certFile
,
const
String&
keyFile
= String());
108
static
SSL_CTX
*
getSSLCtxServer
()
109
{
110
return
m_ctxServer
;
111
}
116
static
SSL_CTX
*
getSSLCtxClient
()
117
{
118
return
m_ctxClient
;
119
}
128
static
int
sslRead
(
SSL
*
ssl
,
char
*
buf
,
int
len
);
137
static
int
sslWrite
(
SSL
*
ssl
,
const
char
*
buf
,
int
len
);
142
static
bool
isClient
() {
return
m_ctxClient
!=
NULL
; }
147
static
bool
isServer
() {
return
m_ctxServer
!=
NULL
; }
153
static
void
setClientCertVerifyCallback
(
certVerifyFuncPtr_t
cbfunc
)
154
{
m_clientCertVerifyCB
=
cbfunc
; }
160
static
void
setServerCertVerifyCallback
(
certVerifyFuncPtr_t
cbfunc
)
161
{
m_serverCertVerifyCB
=
cbfunc
; }
162
// set type to NOT_INIT and free memory.
163
static
void
uninit
();
167
static
void
generateEphRSAKey
(
SSL_CTX
*
ctx
);
168
169
static
String
getOpenSSLErrorDescription
();
170
180
static
void
disableSSLInit
();
189
static
void
disableLocks
();
190
191
static
Bool
getSSLInitDisabled
();
192
static
Bool
getSSLLocksDisabled
();
193
194
private
:
195
196
friend
class
SSLCtxBase
;
197
198
static
SSL_CTX
*
m_ctxClient
;
199
static
SSL_CTX
*
m_ctxServer
;
200
static
certVerifyFuncPtr_t
m_clientCertVerifyCB
;
201
static
certVerifyFuncPtr_t
m_serverCertVerifyCB
;
202
206
static
SSL_CTX
*
initCtx
(
const
String&
certfile
,
const
String&
keyfile
,
207
EVP_PKEY
*
pkey
= 0);
211
static
void
loadDHParams
(
SSL_CTX
*
ctx
,
const
String&
file
);
212
static
void
uninitServer
();
213
static
void
uninitClient
();
214
215
// don't allow instantiation
216
SSLCtxMgr
();
217
SSLCtxMgr
(
const
SSLCtxMgr
&);
218
SSLCtxMgr
& operator=(
const
SSLCtxMgr
&);
219
223
static
bool
checkCert
(
SSL
*
ssl
,
const
String&
hostName
,
certVerifyFuncPtr_t
cbFunc
);
224
};
225
227
struct
BLOCXX_COMMON_API
SSLOpts
228
{
229
SSLOpts
();
230
~SSLOpts
();
231
String
certfile
;
232
String
keyfile
;
233
String
trustStore
;
234
enum
VerifyMode_t
235
{
236
MODE_DISABLED
,
237
MODE_REQUIRED
,
238
MODE_OPTIONAL
,
239
MODE_AUTOUPDATE
240
};
241
VerifyMode_t
verifyMode
;
242
EVP_PKEY
*
pkey
;
243
};
244
245
247
class
BLOCXX_COMMON_API
SSLCtxBase
248
{
249
public
:
250
SSL_CTX
*
getSSLCtx
()
const
;
251
252
protected
:
253
SSLCtxBase
(
const
SSLOpts
&
opts
);
254
virtual
~SSLCtxBase
();
255
SSL_CTX
* m_ctx;
256
};
257
259
class
BLOCXX_COMMON_API
SSLServerCtx :
public
SSLCtxBase
,
public
IntrusiveCountableBase
260
{
261
public
:
262
SSLServerCtx(
const
SSLOpts
&
opts
);
263
static
const
int
SSL_DATA_INDEX
= 0;
264
};
265
267
class
BLOCXX_COMMON_API
SSLClientCtx :
public
SSLCtxBase
,
public
IntrusiveCountableBase
268
{
269
public
:
270
SSLClientCtx(
const
SSLOpts
&
opts
=
SSLOpts
());
271
};
272
274
class
BLOCXX_COMMON_API
SSLTrustStore
:
public
IntrusiveCountableBase
275
{
276
public
:
277
SSLTrustStore
(
const
String&
storeLocation
);
278
void
addCertificate
(
X509
*
cert
,
const
String&
user
,
const
String&
uid
);
279
bool
getUser
(
const
String&
certhash
, String&
user
, String&
uid
);
280
281
static
String
getCertMD5Fingerprint
(
X509
*
cert
);
282
private
:
283
String
m_store
;
284
String
m_mapfile
;
285
struct
UserInfo
286
{
287
String user;
288
String uid;
289
};
290
291
#ifdef BLOCXX_WIN32
292
#pragma warning (push)
293
#pragma warning (disable: 4251)
294
#endif
295
296
Map<String, UserInfo>
m_map
;
297
298
#ifdef BLOCXX_WIN32
299
#pragma warning (pop)
300
#endif
301
302
void
readMap
();
303
void
writeMap
();
304
305
};
306
308
309
struct
BLOCXX_COMMON_API
OWSSLContext
310
{
311
enum
CertVerifyState_t
312
{
313
VERIFY_NONE
,
314
VERIFY_PASS
,
315
VERIFY_FAIL
316
};
317
OWSSLContext
();
318
~OWSSLContext
();
319
CertVerifyState_t
peerCertPassedVerify
;
320
};
321
323
324
325
#else
// ifdef BLOCXX_HAVE_OPENSSL
326
327
namespace
BLOCXX_NAMESPACE
328
{
329
330
class
BLOCXX_COMMON_API
SSLServerCtx
:
public
IntrusiveCountableBase
331
{
332
};
333
334
class
BLOCXX_COMMON_API
SSLClientCtx
:
public
IntrusiveCountableBase
335
{
336
};
337
338
#endif
// ifdef BLOCXX_HAVE_OPENSSL
339
340
}
// end namespace BLOCXX_NAMESPACE
341
342
343
#endif
Bool.hpp
IntrusiveCountableBase.hpp
IntrusiveReference.hpp
Map.hpp
SSLException.hpp
String.hpp
BLOCXX_NAMESPACE::IntrusiveCountableBase
Definition
IntrusiveCountableBase.hpp:67
BLOCXX_NAMESPACE::SSLClientCtx
Definition
SSLCtxMgr.hpp:335
BLOCXX_NAMESPACE::SSLServerCtx
Definition
SSLCtxMgr.hpp:331
BLOCXX_NAMESPACE
Taken from RFC 1321.
Definition
AppenderLogger.cpp:48
BLOCXX_NAMESPACE::operator==
bool operator==(const Array< T > &x, const Array< T > &y)
Definition
ArrayImpl.hpp:434
Generated by
1.10.0
