1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
// **********************************************************************
//
// Copyright (c) 2003 - 2004
// ZeroC, Inc.
// North Palm Beach, FL, USA
//
// All Rights Reserved.
//
// This copy of Ice is licensed to you under the terms described in the
// ICE_LICENSE file included in this distribution.
//
// **********************************************************************
#ifndef ICESSL_CONTEXT_H
#define ICESSL_CONTEXT_H
#include <Ice/CommunicatorF.h>
#include <Ice/BuiltinSequences.h>
#include <IceSSL/OpenSSL.h>
#include <IceSSL/TraceLevelsF.h>
#include <IceSSL/CertificateVerifierOpenSSL.h>
#include <IceSSL/GeneralConfig.h>
#include <IceSSL/CertificateAuthority.h>
#include <IceSSL/BaseCerts.h>
#include <IceSSL/TempCerts.h>
#include <IceSSL/SslTransceiver.h>
#include <IceSSL/ContextF.h>
#include <IceSSL/RSAPublicKey.h>
#include <IceSSL/RSAKeyPairF.h>
namespace IceSSL
{
class Context : public IceUtil::Shared
{
public:
virtual ~Context();
bool isConfigured();
void cleanUp();
virtual void setCertificateVerifier(const CertificateVerifierPtr&);
virtual void addTrustedCertificateBase64(const std::string&);
virtual void addTrustedCertificate(const Ice::ByteSeq&);
virtual void setRSAKeysBase64(const std::string&, const std::string&);
virtual void setRSAKeys(const Ice::ByteSeq&, const Ice::ByteSeq&);
virtual void configure(const GeneralConfig&,
const CertificateAuthority&,
const BaseCertificates&);
// Takes a socket fd as the first parameter, and the initial handshake timeout as the final.
virtual SslTransceiverPtr createTransceiver(int, const OpenSSLPluginIPtr&, int) = 0;
protected:
Context(const TraceLevelsPtr&, const Ice::CommunicatorPtr&, const ContextType&);
SSL_METHOD* getSslMethod(SslProtocol);
void createContext(SslProtocol);
virtual void loadCertificateAuthority(const CertificateAuthority&);
void setKeyCert(const CertificateDesc&, const std::string&, const std::string&);
void checkKeyCert();
void addTrustedCertificate(const RSAPublicKey&);
void addKeyCert(const CertificateFile&, const CertificateFile&);
void addKeyCert(const RSAKeyPair&);
void addKeyCert(const Ice::ByteSeq&, const Ice::ByteSeq&);
void addKeyCert(const std::string&, const std::string&);
SSL* createSSLConnection(int);
void transceiverSetup(const SslTransceiverPtr&, int);
void setCipherList(const std::string&);
void setDHParams(const BaseCertificates&);
TraceLevelsPtr _traceLevels;
Ice::CommunicatorPtr _communicator;
ContextType _contextType;
std::string _rsaPrivateKeyProperty;
std::string _rsaPublicKeyProperty;
std::string _dsaPrivateKeyProperty;
std::string _dsaPublicKeyProperty;
std::string _caCertificateProperty;
std::string _passphraseRetriesProperty;
std::string _maxPassphraseRetriesDefault;
std::string _connectionHandshakeRetries;
CertificateVerifierPtr _certificateVerifier;
SSL_CTX* _sslContext;
int _maxPassphraseTries;
};
}
#endif
|
