1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
// **********************************************************************
//
// Copyright (c) 2002
// MutableRealms, Inc.
// Huntsville, AL, USA
//
// All Rights Reserved
//
// **********************************************************************
#ifndef ICE_SSL_OPENSSL_PLUGIN_I_H
#define ICE_SSL_OPENSSL_PLUGIN_I_H
#include <IceUtil/RecMutex.h>
#include <IceSSL/PluginBaseI.h>
#include <IceSSL/CertificateDesc.h>
#include <IceSSL/CertificateAuthority.h>
#include <IceSSL/BaseCerts.h>
#include <IceSSL/TempCerts.h>
#include <IceSSL/ContextOpenSSLServer.h>
#include <IceSSL/ContextOpenSSLClient.h>
#include <IceSSL/RSAPrivateKeyF.h>
#include <IceSSL/DHParamsF.h>
#include <openssl/ssl.h>
namespace IceSSL
{
namespace OpenSSL
{
typedef std::map<int,RSAPrivateKeyPtr> RSAMap;
typedef std::map<int,DHParamsPtr> DHMap;
typedef std::map<int,CertificateDesc> RSACertMap;
typedef std::map<int,DiffieHellmanParamsFile> DHParamsMap;
class PluginI : public PluginBaseI
{
public:
PluginI(const IceInternal::ProtocolPluginFacadePtr&);
~PluginI();
virtual IceSSL::ConnectionPtr createConnection(ContextType, int);
virtual bool isConfigured(ContextType);
virtual void configure();
virtual void configure(ContextType);
virtual void loadConfig(ContextType, const std::string&, const std::string&);
// Returns the desired RSA Key, or creates it if not already created.
// This is public because the tmpRSACallback must be able to access it.
RSA* getRSAKey(int, int);
// Returns the desired DH Params. If the Params do not already exist, and the key
// requested is a 512bit or 1024bit key, we use the compiled-in temporary params.
// If the key is some other length, we read the desired key, based on length,
// from a DH Param file.
// This is public because the tmpDHCallback must be able to access it.
DH* getDHParams(int, int);
virtual void setCertificateVerifier(ContextType, const IceSSL::CertificateVerifierPtr&);
virtual void addTrustedCertificateBase64(ContextType, const std::string&);
virtual void addTrustedCertificate(ContextType, const Ice::ByteSeq&);
virtual void setRSAKeysBase64(ContextType, const std::string&, const std::string&);
virtual void setRSAKeys(ContextType, const Ice::ByteSeq&, const Ice::ByteSeq&);
virtual IceSSL::CertificateVerifierPtr getDefaultCertVerifier();
virtual IceSSL::CertificateVerifierPtr getSingleCertVerifier(const Ice::ByteSeq&);
virtual void destroy();
private:
ServerContext _serverContext;
ClientContext _clientContext;
// Mutex to ensure synchronization of calls to configure
// the contexts and calls to create connections.
IceUtil::RecMutex _configMutex;
// Keep a cache of all temporary RSA keys.
RSAMap _tempRSAKeys;
IceUtil::Mutex _tempRSAKeysMutex;
// Keep a cache of all temporary Diffie-Hellman keys.
DHMap _tempDHKeys;
IceUtil::Mutex _tempDHKeysMutex;
// Maps of all temporary keying information.
// The files themselves will not be loaded until
// needed.
RSACertMap _tempRSAFileMap;
DHParamsMap _tempDHParamsFileMap;
// Flag as to whether the Random Number system has been seeded.
int _randSeeded;
// Cryptographic Random Number System related routines.
int seedRand();
long loadRandFiles(const std::string&);
void initRandSystem(const std::string&);
// Load the temporary (ephemeral) certificates for Server operations.
void loadTempCerts(TempCertificates&);
};
}
}
#endif
|
