ssl_connection.h

Go to the documentation of this file.

/***************************************************************************
       ssl_connection.h  -  ssl connection with certificate support
                             -------------------
    begin                : Sun May 29 2005
    copyright            : (C) 2005 Dmitry Nizovtsev <funt@alarit.com>
                                    Olexander Shtepa <isk@alarit.com>

    $Id: ssl_connection.h 945 2007-01-03 13:05:48Z ewald-arnold $

 ***************************************************************************/

/**************************************************************************
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2 of the License,
 * or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 ***************************************************************************/

#ifndef FUNTIK_SSL_CONNECTION_H
#define FUNTIK_SSL_CONNECTION_H

#include <ulxmlrpcpp/ulxmlrpcpp.h>  // always first header

#ifdef ULXR_INCLUDE_SSL_STUFF

#include <ulxmlrpcpp/ulxr_value.h>
#include <ulxmlrpcpp/ulxr_tcpip_connection.h>
#include <ulxmlrpcpp/ulxr_except.h>

#include <openssl/ssl.h>

//STL
#include <string>


#define     FINGERPRINT_MAX_LEN 1024

namespace funtik {

class ULXR_API_DECL0 SSLConnectionException : public ulxr::ConnectionException
{
public:

    SSLConnectionException();
    SSLConnectionException(ulxr::CppString strPhrase,int stat);
    SSLConnectionException(SSL *ssl, int ret_code);
    virtual ~SSLConnectionException() throw() { };


    virtual ulxr::CppString why() const;



    virtual const char *what() const throw();
protected:
    std::string _what;

    std::string get_error_queue();
};


class ULXR_API_DECL0 SSLConnection : public ulxr::TcpIpConnection
{
 public:

   SSLConnection(bool server, const ulxr::CppString &domain, unsigned port = 80);

  SSLConnection(bool server, long adr = INADDR_ANY, unsigned port = 0);


  // Specifies a pathname for the file containing the trusted certificates,
  // which are stored sequentially in PEM format. In most applications,
  // the client uses this function to authenticate the server. If client authentication is desired,
  // the server also calls this function to authenticate the client.


   virtual ~SSLConnection ();

   virtual void close();

   virtual ulxr::Connection *detach();

   virtual void open();

   virtual void accept();

   virtual ulxr::CppString getInterfaceName();

   virtual void cut();


   void setCryptographyData (const std::string &password,
                             const std::string &certfile,
                             const std::string &keyfile);

    void setPassword(const std::string &strPassword);

    std::string getPassword() const;

    void setCertFile(const std::string &strCertFile);

    std::string getCertFileName() const;

    void setKeyFile(const std::string &strCertFileName);


    std::string getKeyFileName() const;


    void setCAFile(const std::string &strCAFile);

    void enableAuth(int iType);

    void disableAuth(int iType=0);


    enum AuthType{
        CA_AUTH=1,
        FINGERPRINT_AUTH=2,
        MANDATORY_CLIENTCERT=4,
        CHECK_REVOCATIONCERT=8
    };

    void addFingerprintData(const std::string  &strFingerprint);

    void resetFingerprintData();

    void addRevocationData(const std::string &strRevocation);

    void resetRevocationData();

    bool checkFingerprint(std::string strFingerprint) const;


    bool checkRevocationFingerprint(std::string strFingerprint) const;

  std::string calculateFingerprint(X509 * poCertificate) const;

 protected:

    int         m_iAuthType;
    std::string m_strCAFileName;

    std::map<std::string,int>   m_mapFingerpintData;
    std::map<std::string,int>   m_mapRevocationData;

    std::string m_strPassword;
    std::string m_strKeyFileName;
    std::string m_strCertFileName;


    bool checkAccess(X509 * poCertificate);



    void activateAuth();


   SSL *getSslObject() const;


   SSL_CTX *getSslContextObject() const;

   SSL_SESSION *getSslSessionObject() const;

   virtual bool hasPendingInput() const;

   SSL          *ssl;
   SSL_CTX      *ssl_ctx;
   SSL_SESSION  *session;

   static bool ssl_initialized;

   void createSSL();

   void initializeCTX();

   ssize_t virtual low_level_write(char const *buff, long len);

   ssize_t virtual low_level_read(char *buff, long len);

   void init();
};


} // namespace funtik


#endif // ULXR_INCLUDE_SSL_STUFF


#endif // FUNTIK_SSL_CONNECTION_H

---