// ********************************************************************** // // Copyright (c) 2003 // ZeroC, Inc. // Billerica, MA, USA // // All Rights Reserved. // // Ice is free software; you can redistribute it and/or modify it under // the terms of the GNU General Public License version 2 as published by // the Free Software Foundation. // // ********************************************************************** #ifndef ICE_SSL_OPENSSL_PLUGIN_I_H #define ICE_SSL_OPENSSL_PLUGIN_I_H #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include namespace IceSSL { typedef std::map RSAMap; typedef std::map DHMap; typedef std::map RSACertMap; typedef std::map DHParamsMap; class OpenSSLPluginI : public Plugin { public: OpenSSLPluginI(const IceInternal::ProtocolPluginFacadePtr&); virtual ~OpenSSLPluginI(); virtual SslTransceiverPtr createTransceiver(ContextType, int, int); virtual bool isConfigured(ContextType); virtual void configure(); virtual void configure(ContextType); virtual void loadConfig(ContextType, const ::std::string&, const ::std::string&); // Returns the desired RSA Key, or creates it if not already created. // This is public because the tmpRSACallback must be able to access it. RSA* getRSAKey(int, int); // Returns the desired DH Params. If the Params do not already exist, and the key // requested is a 512bit or 1024bit key, we use the compiled-in temporary params. // If the key is some other length, we read the desired key, based on length, // from a DH Param file. // This is public because the tmpDHCallback must be able to access it. DH* getDHParams(int, int); virtual void setCertificateVerifier(ContextType, const CertificateVerifierPtr&); virtual void addTrustedCertificateBase64(ContextType, const std::string&); virtual void addTrustedCertificate(ContextType, const Ice::ByteSeq&); virtual void setRSAKeysBase64(ContextType, const std::string&, const std::string&); virtual void setRSAKeys(ContextType, const ::Ice::ByteSeq&, const ::Ice::ByteSeq&); virtual IceSSL::CertificateVerifierPtr getDefaultCertVerifier(); virtual IceSSL::CertificateVerifierPtr getSingleCertVerifier(const Ice::ByteSeq&); virtual void destroy(); TraceLevelsPtr getTraceLevels() const; Ice::LoggerPtr getLogger() const; Ice::StatsPtr getStats() const; Ice::PropertiesPtr getProperties() const; IceInternal::ProtocolPluginFacadePtr getProtocolPluginFacade() const; private: const IceInternal::ProtocolPluginFacadePtr _protocolPluginFacade; const TraceLevelsPtr _traceLevels; const Ice::LoggerPtr _logger; const Ice::PropertiesPtr _properties; IceSSL::ServerContext _serverContext; IceSSL::ClientContext _clientContext; // Mutex to ensure synchronization of calls to configure // the contexts and calls to create connections. IceUtil::RecMutex _configMutex; // Keep a cache of all temporary RSA keys. RSAMap _tempRSAKeys; IceUtil::Mutex _tempRSAKeysMutex; // Keep a cache of all temporary Diffie-Hellman keys. DHMap _tempDHKeys; IceUtil::Mutex _tempDHKeysMutex; // Maps of all temporary keying information. // The files themselves will not be loaded until // needed. RSACertMap _tempRSAFileMap; DHParamsMap _tempDHParamsFileMap; // Flag as to whether the Random Number system has been seeded. int _randSeeded; // Cryptographic Random Number System related routines. int seedRand(); long loadRandFiles(const std::string&); void initRandSystem(const std::string&); // Load the temporary (ephemeral) certificates for Server operations. void loadTempCerts(TempCertificates&); friend class SslTransceiver; friend class SslClientTransceiver; friend class SslServerTransceiver; static IceUtil::Mutex _threadIdCacheMutex; static std::vector _threadIdCache; void registerThread(); void unregisterThreads(); }; } #endif