sslcontext.h

Pegasus is an open-source implementationof the DMTF CIM and WBEM standards. It is designed to be por

    /** Gets the pre-verify response code.
        @return an int containing the pre-verify response code
    */
    Uint32 getResponseCode() const;

    /** Sets the response code.
        Note: Do not use this function, the value set using this function
        is ignored.
        @param respCode response code to be set.
    */
    void setResponseCode(const int respCode);

    /** Returns a string representation of this object
        @return a string containing the certificate fields
    */
    String toString() const;

private:

    /** Constructor for a SSLCertificateInfo object.
        @param subjectName subject name of the certificate.
        @param issuerName  issuer name of the certificate.
        @param version version number value from the certificate.
        @param serailNumber serial number value from the certificate.
        @param notAfter notAfter date from the validity period of the certificate.
        @param notBefore notBefore date from the validity period of the certificate.
        @param depth  depth of the certificate chain.
        @param errorCode   error code from the default verification of the
        certificate by the OpenSSL library.
        @param errorString error message from the default verification of the
        certificate by the Open SSL library.
        @param respCode   result code from the default verification of the
        certificate by the OpenSSL library.
    */
    SSLCertificateInfo(
        const String subjectName,
        const String issuerName,
        const Uint32 versionNumber,
        const long   serialNumber,
        const CIMDateTime notBefore,
        const CIMDateTime notAfter,
        const Uint32 depth,
        const Uint32 errorCode,
        const String errorString,
        const Uint32 respCode);

    SSLCertificateInfo();
    SSLCertificateInfo& operator=(const SSLCertificateInfo& sslCertificateInfo);

    SSLCertificateInfoRep* _rep;

    // SSLSocket needs to use the private constructor to create
    // a certificate object to pass to the AuthenticationInfo and
    // OperationContext classes
    friend class SSLSocket;

    friend class SSLCallback;
};

/** This class provides the interface that a client uses to create
    SSL context.

    For the OSs that don't have /dev/random device file,
    must enable PEGASUS_SSL_RANDOMFILE flag and pass
    random file name to constructor.
*/
class PEGASUS_COMMON_LINKAGE SSLContext
{
public:

    /** Constructor for a SSLContext object.
        @param trustStore file path of the trust store
        @param verifyCert  function pointer to a certificate verification
        call back function.  A null pointer indicates that no callback is
        requested for certificate verification.
        @param randomFile  file path of a random file that is used as a seed
        for random number generation by OpenSSL.

        @exception SSLException indicates failure to create an SSL context.
    */
    SSLContext(
        const String& trustStore,
        SSLCertificateVerifyFunction* verifyCert,
        const String& randomFile = String::EMPTY);

    SSLContext(const SSLContext& sslContext);

    ~SSLContext();

    /** Gets the truststore path of the SSLContext object.  This may be a CA file or a directory.
        @return a string containing the truststore path.
    */
    String getTrustStore() const;

    /** Gets the x509 certificate path of the SSLContext object.
        @return a string containing the certificate path.
    */
    String getCertPath() const;

    /** Gets the private key path of the SSLContext object.
        @return a string containing the key path
    */
    String getKeyPath() const;

    //PEP187
    /** Gets the certificate revocation list path of the SSLContext object.
        @return a string containing the crl path
    */
    String getCRLPath() const;

    //PEP187
    /** Gets the certificate revocation store of the SSLContext object.
        @return a string containing the crl store
    */
    X509_STORE* getCRLStore() const;

    /** Returns whether peer verification is ON of OFF
        Corresponds to what the SSL_CTX_set_verify is set to
        @return true if verification is on; false otherwise
    */
    Boolean isPeerVerificationEnabled() const;

#ifdef PEGASUS_USE_DEPRECATED_INTERFACES
    /** In OpenPegasus 2.4 this method returned the username associated
        with the truststore, if applicable. This method is currently deprecated
        beginning in OpenPegasus 2.5, and will always return String::EMPTY.
        @return String::EMPTY
    */
    String getTrustStoreUserName() const;
#endif

    /** Returns the verification callback associated with this context.  This may be NULL.
        @return the verification callback function
    */
    SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;

    /** Constructor for a SSLContext object. This constructor is intended
        to be used by the CIMServer or CIMClient.
        @param trustStore file path of the trust store.
        @param certPath  file path of the server certificate.
        @param KeyPath  file path of the private key.
        @param verifyCert  function pointer to a certificate verification
        call back function.  A null pointer indicates that no callback is
        requested for certificate verification.
        @param randomFile  file path of a random file that is used as a seed
        for random number generation by OpenSSL.

        @exception SSLException indicates failure to create an SSL context.
    */
    SSLContext(
        const String& trustStore,
        const String& certPath,
        const String& keyPath,
        SSLCertificateVerifyFunction* verifyCert,
        const String& randomFile);


    //PEP187
    /** Constructor for a SSLContext object. This constructor is intended
        to be used by the CIMServer or CIMClient.
        @param trustStore file path of the trust store.
        @param certPath  file path of the server certificate.
        @param keyPath  file path of the private key.
        @param crlPath file path of the certificate revocation list.
        @param verifyCert  function pointer to a certificate verification
        call back function.  A null pointer indicates that no callback is
        requested for certificate verification.
        @param randomFile  file path of a random file that is used as a seed
        for random number generation by OpenSSL.

        @exception SSLException indicates failure to create an SSL context.
    */
    SSLContext(
        const String& trustStore,
        const String& certPath,
        const String& keyPath,
        const String& crlPath,
        SSLCertificateVerifyFunction* verifyCert,
        const String& randomFile);

#ifdef PEGASUS_USE_DEPRECATED_INTERFACES
    /** Constructor for a SSLContextRep object.
        @param trustStore  trust store file path
        @param certPath  server certificate file path
        @param keyPath  server key file path
        @param verifyCert  function pointer to a certificate verification
        call back function.
        @param trustStoreUserName In OpenPegasus 2.5 this parameter specified the user to
        associate the truststore with; this was basically a workaround to
        providers that required a username. With the support provided in PEP 187,
        this parameter is ignored beginning in release 2.5.
        @param randomFile  file path of a random file that is used as a seed
        for random number generation by OpenSSL.

        @exception SSLException  exception indicating failure to create a context.
    */
    SSLContext(
        const String& trustStore,
        const String& certPath,
        const String& keyPath,
        SSLCertificateVerifyFunction* verifyCert,
        String trustStoreUserName,
        const String& randomFile);
#endif

private:

    SSLContext();
    SSLContext& operator=(const SSLContext& sslContext);

    SSLContextRep* _rep;

    friend class SSLSocket;

    friend class CIMServer;

    friend class CIMxmlIndicationHandler;

    friend class SSLContextManager;
};

PEGASUS_NAMESPACE_END

#endif /* Pegasus_SSLContext_h */