1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
// **********************************************************************
//
// Copyright (c) 2003-2014 ZeroC, Inc. All rights reserved.
//
// This copy of Ice is licensed to you under the terms described in the
// ICE_LICENSE file included in this distribution.
//
// **********************************************************************
#ifndef ICE_SSL_INSTANCE_H
#define ICE_SSL_INSTANCE_H
#include <IceSSL/InstanceF.h>
#include <IceSSL/UtilF.h>
#include <Ice/CommunicatorF.h>
#include <Ice/Network.h>
#include <Ice/ProtocolInstance.h>
#include <Ice/ProtocolPluginFacadeF.h>
#include <IceSSL/Plugin.h>
#include <IceSSL/TrustManagerF.h>
#include <Ice/BuiltinSequences.h>
namespace IceSSL
{
class SharedInstance : public IceUtil::Shared
{
public:
SharedInstance(const Ice::CommunicatorPtr&);
~SharedInstance();
void initialize();
void context(SSL_CTX*);
SSL_CTX* context() const;
void setCertificateVerifier(const CertificateVerifierPtr&);
void setPasswordPrompt(const PasswordPromptPtr&);
Ice::CommunicatorPtr communicator() const;
void verifyPeer(SSL*, SOCKET, const std::string&, const NativeConnectionInfoPtr&);
std::string sslErrors() const;
void destroy();
//
// OpenSSL callbacks.
//
std::string password(bool);
int verifyCallback(int, SSL*, X509_STORE_CTX*);
#ifndef OPENSSL_NO_DH
DH* dhParams(int);
#endif
private:
enum Protocols { SSLv3 = 0x01, TLSv1_0 = 0x02, TLSv1_1 = 0x04, TLSv1_2 = 0x08 };
static int parseProtocols(const Ice::StringSeq&);
static SSL_METHOD* getMethod(int);
void setOptions(int);
bool _initOpenSSL;
const Ice::CommunicatorPtr _communicator;
const Ice::LoggerPtr _logger;
int _securityTraceLevel;
std::string _securityTraceCategory;
bool _initialized;
SSL_CTX* _ctx;
std::string _defaultDir;
bool _checkCertName;
int _verifyDepthMax;
int _verifyPeer;
std::string _password;
#ifndef OPENSSL_NO_DH
DHParamsPtr _dhParams;
#endif
CertificateVerifierPtr _verifier;
PasswordPromptPtr _prompt;
TrustManagerPtr _trustManager;
};
class Instance : public IceInternal::ProtocolInstance
{
public:
Instance(const SharedInstancePtr&, Ice::Short, const std::string&);
virtual ~Instance();
SSL_CTX*
context() const
{
return _sharedInstance->context();
}
std::string
sslErrors() const
{
return _sharedInstance->sslErrors();
}
SharedInstancePtr
sharedInstance() const
{
return _sharedInstance;
}
void
verifyPeer(SSL* ssl, SOCKET fd, const std::string& host, const NativeConnectionInfoPtr& info)
{
_sharedInstance->verifyPeer(ssl, fd, host, info);
}
void traceConnection(SSL*, bool);
int securityTraceLevel() const;
std::string securityTraceCategory() const;
private:
const SharedInstancePtr _sharedInstance;
int _securityTraceLevel;
std::string _securityTraceCategory;
};
}
#endif
|
