diff options
Diffstat (limited to 'cpp/src/IceSSL/SSLEngine.h')
| -rw-r--r-- | cpp/src/IceSSL/SSLEngine.h | 226 |
1 files changed, 17 insertions, 209 deletions
diff --git a/cpp/src/IceSSL/SSLEngine.h b/cpp/src/IceSSL/SSLEngine.h index 30d88e123a4..422f0c17648 100644 --- a/cpp/src/IceSSL/SSLEngine.h +++ b/cpp/src/IceSSL/SSLEngine.h @@ -14,41 +14,17 @@ #include <IceSSL/Util.h> #include <IceSSL/SSLEngineF.h> #include <IceSSL/TrustManagerF.h> +#include <IceSSL/InstanceF.h> #include <IceUtil/Shared.h> -#include <IceUtil/Mutex.h> #include <Ice/CommunicatorF.h> #include <Ice/Network.h> -#include <Ice/UniqueRef.h> - -#if defined(ICE_USE_SECURE_TRANSPORT) -# include <Security/Security.h> -# include <Security/SecureTransport.h> -#elif defined(ICE_USE_SCHANNEL) - -// -// SECURITY_WIN32 or SECURITY_KERNEL, must be defined before including security.h -// indicating who is compiling the code. -// -# ifdef SECURITY_WIN32 -# undef SECURITY_WIN32 -# endif -# ifdef SECURITY_KERNEL -# undef SECURITY_KERNEL -# endif -# define SECURITY_WIN32 1 -# include <security.h> -# include <sspi.h> -# include <schannel.h> -# undef SECURITY_WIN32 -#elif defined(ICE_OS_UWP) -# include <mutex> -#endif +#include <Ice/TransceiverF.h> namespace IceSSL { -class SSLEngine : public IceUtil::Shared +class ICESSL_API SSLEngine : public IceUtil::Shared { public: @@ -66,7 +42,7 @@ public: // virtual void initialize() = 0; - virtual bool initialized() const = 0; + virtual bool initialized() const; // // Destroy the engine. @@ -74,9 +50,16 @@ public: virtual void destroy() = 0; // + // Create a transceiver using the engine specific implementation + // + virtual IceInternal::TransceiverPtr + createTransceiver(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool) = 0; + + // // Verify peer certificate // - void verifyPeer(const std::string&, const NativeConnectionInfoPtr&, const std::string&); + virtual void verifyPeer(const std::string&, const NativeConnectionInfoPtr&, const std::string&); + void verifyPeerCertName(const std::string&, const NativeConnectionInfoPtr&); CertificateVerifierPtr getCertificateVerifier() const; PasswordPromptPtr getPasswordPrompt() const; @@ -89,6 +72,11 @@ public: int securityTraceLevel() const; std::string securityTraceCategory() const; +protected: + + bool _initialized; + IceUtil::Mutex _mutex; + private: const Ice::CommunicatorPtr _communicator; @@ -106,186 +94,6 @@ private: std::string _securityTraceCategory; }; -#if defined(ICE_USE_SECURE_TRANSPORT) - -class SecureTransportEngine : public SSLEngine -{ -public: - - SecureTransportEngine(const Ice::CommunicatorPtr&); - - virtual void initialize(); - virtual bool initialized() const; - virtual void destroy(); - - SSLContextRef newContext(bool); - CFArrayRef getCertificateAuthorities() const; - std::string getCipherName(SSLCipherSuite) const; - -private: - - void parseCiphers(const std::string&); - - bool _initialized; - IceInternal::UniqueRef<CFArrayRef> _certificateAuthorities; - IceInternal::UniqueRef<CFArrayRef> _chain; - - SSLProtocol _protocolVersionMax; - SSLProtocol _protocolVersionMin; - - std::string _defaultDir; - -#if TARGET_OS_IPHONE==0 - std::vector<char> _dhParams; -#endif - std::vector<SSLCipherSuite> _ciphers; - IceUtil::Mutex _mutex; -}; - -#elif defined(ICE_USE_SCHANNEL) - - -#if defined(__MINGW32__) || (defined(_MSC_VER) && (_MSC_VER <= 1500)) - -// -// Add some definitions missing from MinGW headers. -// - -# ifndef CERT_TRUST_IS_EXPLICIT_DISTRUST -# define CERT_TRUST_IS_EXPLICIT_DISTRUST 0x04000000 -# endif - -# ifndef CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT -# define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT 0x08000000 -# endif - -# ifndef SECBUFFER_ALERT -# define SECBUFFER_ALERT 17 -# endif - -# ifndef SCH_SEND_ROOT_CERT -# define SCH_SEND_ROOT_CERT 0x00040000 -# endif - -# ifndef SP_PROT_TLS1_1_SERVER -# define SP_PROT_TLS1_1_SERVER 0x00000100 -# endif - -# ifndef SP_PROT_TLS1_1_CLIENT -# define SP_PROT_TLS1_1_CLIENT 0x00000200 -# endif - -# ifndef SP_PROT_TLS1_2_SERVER -# define SP_PROT_TLS1_2_SERVER 0x00000400 -# endif - -# ifndef SP_PROT_TLS1_2_CLIENT -# define SP_PROT_TLS1_2_CLIENT 0x00000800 -# endif - -#endif - -class SChannelEngine : public SSLEngine -{ -public: - - SChannelEngine(const Ice::CommunicatorPtr&); - - // - // Setup the engine. - // - virtual void initialize(); - - virtual bool initialized() const; - - // - // Destroy the engine. - // - virtual void destroy(); - - std::string getCipherName(ALG_ID) const; - - CredHandle newCredentialsHandle(bool); - - HCERTCHAINENGINE chainEngine() const; - -private: - - void parseCiphers(const std::string&); - - bool _initialized; - std::vector<PCCERT_CONTEXT> _allCerts; - std::vector<PCCERT_CONTEXT> _importedCerts; - DWORD _protocols; - IceUtil::Mutex _mutex; - - std::vector<HCERTSTORE> _stores; - HCERTSTORE _rootStore; - - HCERTCHAINENGINE _chainEngine; - std::vector<ALG_ID> _ciphers; -}; - -#elif defined(ICE_OS_UWP) - -class UWPEngine : public SSLEngine -{ -public: - - UWPEngine(const Ice::CommunicatorPtr&); - - virtual void initialize(); - virtual bool initialized() const; - virtual void destroy(); - //virtual std::shared_ptr<Certificate> ca(); - virtual std::shared_ptr<Certificate> certificate(); - -private: - - //std::shared_ptr<Certificate> _ca; - std::shared_ptr<Certificate> _certificate; - bool _initialized; - std::mutex _mutex; -}; - -#else // OpenSSL - -class OpenSSLEngine : public SSLEngine -{ -public: - - OpenSSLEngine(const Ice::CommunicatorPtr&); - ~OpenSSLEngine(); - - virtual void initialize(); - virtual bool initialized() const; - virtual void destroy(); - -# ifndef OPENSSL_NO_DH - DH* dhParams(int); -# endif - SSL_CTX* context() const; - void context(SSL_CTX*); - std::string sslErrors() const; - -private: - - SSL_METHOD* getMethod(int); - void setOptions(int); - enum Protocols { SSLv3 = 0x01, TLSv1_0 = 0x02, TLSv1_1 = 0x04, TLSv1_2 = 0x08 }; - int parseProtocols(const Ice::StringSeq&) const; - - bool _initialized; - SSL_CTX* _ctx; - std::string _defaultDir; - -# ifndef OPENSSL_NO_DH - DHParamsPtr _dhParams; -# endif - IceUtil::Mutex _mutex; -}; -#endif - } #endif |