sslcontext.h

Pegasus is an open-source implementationof the DMTF CIM and WBEM standards. It is designed to be por

    /** Gets the pre-verify response code.
    @return an int containing the pre-verify response code 
    */
    Uint32 getResponseCode() const;

    /** Sets the response code.
    Note: Do not use this function, the value set using this function 
    is ignored.
    @param respCode response code to be set.
    */
    void setResponseCode(const int respCode);

    /** Returns a string representation of this object
    @return a string containing the certificate fields
    */
    String toString() const;

private:

    /** Constructor for a SSLCertificateInfo object.
    @param subjectName subject name of the certificate.
    @param issuerName  issuer name of the certificate.
    @param version version number value from the certificate.
    @param serailNumber serial number value from the certificate.
    @param notAfter notAfter date from the validity period of the certificate.
    @param notBefore notBefore date from the validity period of the certificate.
    @param depth  depth of the certificate chain.
    @param errorCode   error code from the default verification of the
    certificate by the OpenSSL library.
    @param errorString error message from the default verification of the
    certificate by the Open SSL library.
    @param respCode   result code from the default verification of the
    certificate by the OpenSSL library.
    */
    SSLCertificateInfo(
        const String subjectName,
        const String issuerName,
        const Uint32 versionNumber,
        const long   serialNumber,
        const CIMDateTime notBefore,
        const CIMDateTime notAfter,
        const Uint32 depth,
        const Uint32 errorCode,
        const String errorString,
        const Uint32 respCode);

    SSLCertificateInfo();
    SSLCertificateInfo& operator=(const SSLCertificateInfo& sslCertificateInfo);

    SSLCertificateInfoRep* _rep;

    // SSLSocket needs to use the private constructor to create
    // a certificate object to pass to the AuthenticationInfo and
    // OperationContext classes
    friend class SSLSocket;

	friend class SSLCallback;
};

/** This class provides the interface that a client uses to create
    SSL context.

    For the OSs that don't have /dev/random device file,
    must enable PEGASUS_SSL_RANDOMFILE flag and pass
    random file name to constructor.
*/
class PEGASUS_COMMON_LINKAGE SSLContext
{
public:

    /** Constructor for a SSLContext object.
    @param trustStore file path of the trust store
    @param verifyCert  function pointer to a certificate verification
    call back function.  A null pointer indicates that no callback is
    requested for certificate verification.
    @param randomFile  file path of a random file that is used as a seed 
    for random number generation by OpenSSL.

    @exception SSLException indicates failure to create an SSL context.
    */
    SSLContext(
        const String& trustStore,
        SSLCertificateVerifyFunction* verifyCert,
        const String& randomFile = String::EMPTY);

    SSLContext(const SSLContext& sslContext);

    ~SSLContext();

    /** Gets the truststore path of the SSLContext object.  This may be a CA file or a directory.
    @return a string containing the truststore path.
    */
    String getTrustStore() const;
    
    /** Gets the x509 certificate path of the SSLContext object.
    @return a string containing the certificate path.
    */
    String getCertPath() const;

    /** Gets the private key path of the SSLContext object.
    @return a string containing the key path
    */
    String getKeyPath() const;

    /** Returns whether peer verification is ON of OFF
    Corresponds to what the SSL_CTX_set_verify
    @return true if verification is on; false otherwise
    */
    Boolean isPeerVerificationEnabled() const;

#ifdef PEGASUS_USE_AUTOMATIC_TRUSTSTORE_UPDATE
    /** Returns whether enableSSLTrustStoreAutoUpdate is ON or OFF
    If on, untrusted certificates sent with privileged credentials will
    be automatically added to the server's truststore
    @return true if auto update is on; false otherwise
    */
    Boolean isTrustStoreAutoUpdateEnabled() const;
#endif

	/** Returns the username associated with the truststore, if applicable
	This is currently necessary for OperationContext
	@return the username associated with the truststore or String::EMPTY if not applicable
	*/
	String getTrustStoreUserName() const;

    /** Returns the verification callback associated with this context.  This may be NULL.
    @return the verification callback function 
    */
    SSLCertificateVerifyFunction* getSSLCertificateVerifyFunction() const;

    /** Constructor for a SSLContext object. This constructor is intended
    to be used by the CIMServer or CIMClient.
    @param trustStore file path of the trust store.
    @param certPath  file path of the server certificate.
    @param KeyPath  file path of the private key. 
    @param verifyCert  function pointer to a certificate verification
    call back function.  A null pointer indicates that no callback is
    requested for certificate verification.
    @param randomFile  file path of a random file that is used as a seed
    for random number generation by OpenSSL.

    @exception SSLException indicates failure to create an SSL context.
    */
    SSLContext(
        const String& trustStore,
        const String& certPath,
        const String& keyPath,
        SSLCertificateVerifyFunction* verifyCert,
        const String& randomFile);

	/** Constructor for a SSLContextRep object.
    @param trustStore  trust store file path
    @param certPath  server certificate file path
    @param keyPath  server key file path
    @param verifyCert  function pointer to a certificate verification
    call back function.
    @param trustStoreUserName the user to associate the truststore with; this is basically
	a workaround to providers that require a username and will be addressed post 2.4
    @param randomFile  file path of a random file that is used as a seed
    for random number generation by OpenSSL.

    @exception SSLException  exception indicating failure to create a context.
    */
    SSLContext(
        const String& trustStore,
        const String& certPath,
        const String& keyPath,
        SSLCertificateVerifyFunction* verifyCert,
		String trustStoreUserName,
        const String& randomFile);

#ifdef PEGASUS_USE_AUTOMATIC_TRUSTSTORE_UPDATE
	/** Constructor for a SSLContextRep object.
    @param trustStore  trust store file path
    @param certPath  server certificate file path
    @param keyPath  server key file path
    @param verifyCert  function pointer to a certificate verification
    call back function.
	@param trustStoreAutoUpdate indicates that the server can automatically add certificates
	to the truststore if they are sent with valid sslTrustStoreUserName credentials
	@param trustStoreUserName the user to associate the truststore with; this is basically
	a workaround to providers that require a username and will be addressed post 2.4
    @param randomFile  file path of a random file that is used as a seed
    for random number generation by OpenSSL.

    @exception SSLException  exception indicating failure to create a context.
    */
    SSLContext(
        const String& trustStore,
        const String& certPath,
        const String& keyPath,
        SSLCertificateVerifyFunction* verifyCert,
        Boolean trustStoreAutoUpdate,
		String trustStoreUserName,
        const String& randomFile);
#endif

    SSLContext();
    SSLContext& operator=(const SSLContext& sslContext);

    SSLContextRep* _rep;

    friend class SSLSocket;

    friend class CIMServer;

    friend class CIMxmlIndicationHandler;
};

PEGASUS_NAMESPACE_END

#endif /* Pegasus_SSLContext_h */