PTLib  Version 2.12.9
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
pssl.h
Go to the documentation of this file.
1 /*
2  * pssl.h
3  *
4  * Secure Sockets Layer channel interface class.
5  *
6  * Portable Windows Library
7  *
8  * Copyright (c) 1993-2002 Equivalence Pty. Ltd.
9  *
10  * The contents of this file are subject to the Mozilla Public License
11  * Version 1.0 (the "License"); you may not use this file except in
12  * compliance with the License. You may obtain a copy of the License at
13  * http://www.mozilla.org/MPL/
14  *
15  * Software distributed under the License is distributed on an "AS IS"
16  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
17  * the License for the specific language governing rights and limitations
18  * under the License.
19  *
20  * The Original Code is Portable Windows Library.
21  *
22  * The Initial Developer of the Original Code is Equivalence Pty. Ltd.
23  *
24  * Contributor(s): ______________________________________.
25  *
26  * $Revision: 30209 $
27  * $Author: rjongbloed $
28  * $Date: 2013-07-31 14:51:00 +1000 (Wed, 31 Jul 2013) $
29  */
30 
31 #ifndef PTLIB_PSSL_H
32 #define PTLIB_PSSL_H
33 
34 #ifdef P_USE_PRAGMA
35 #pragma interface
36 #endif
37 
38 #include <ptlib/sockets.h>
39 
40 
41 struct ssl_st;
42 struct ssl_ctx_st;
43 struct x509_st;
44 struct X509_name_st;
45 struct evp_pkey_st;
46 struct dh_st;
47 struct aes_key_st;
48 struct SHAstate_st;
49 
50 enum PSSLFileTypes {
51  PSSLFileTypePEM,
52  PSSLFileTypeASN1,
53  PSSLFileTypeDEFAULT
54 };
55 
56 
57 typedef PNotifierTemplate<bool> PSSLPasswordNotifier;
58 #define PDECLARE_SSLPasswordNotifier(cls, fn) PDECLARE_NOTIFIER2(PString, cls, fn, bool)
59 
60 
65 class PSSLPrivateKey : public PObject
66 {
67  PCLASSINFO(PSSLPrivateKey, PObject);
68  public:
71  PSSLPrivateKey();
72 
75  PSSLPrivateKey(
76  unsigned modulus,
77  void (*callback)(int,int,void *) = NULL,
78  void *cb_arg = NULL
79  );
80 
86  PSSLPrivateKey(
87  const PFilePath & keyFile,
88  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
89  );
90 
93  PSSLPrivateKey(
94  const BYTE * keyData,
95  PINDEX keySize
96  );
97 
100  PSSLPrivateKey(
101  const PBYTEArray & keyData
102  );
103 
106  PSSLPrivateKey(
107  const PSSLPrivateKey & privKey
108  );
109  PSSLPrivateKey(
110  evp_pkey_st * privKey,
111  bool duplicate = true
112  );
113 
116  PSSLPrivateKey & operator=(
117  const PSSLPrivateKey & privKay
118  );
119  PSSLPrivateKey & operator=(
120  evp_pkey_st * privKay
121  );
122 
125  ~PSSLPrivateKey();
126 
129  operator evp_pkey_st *() const { return m_pkey; }
130 
133  void Attach(evp_pkey_st * key);
134 
137  PBoolean Create(
138  unsigned modulus,
139  void (*callback)(int,int,void *) = NULL,
140  void *cb_arg = NULL
141  );
142 
145  bool IsValid() const { return m_pkey != NULL; }
146 
149  bool SetData(
150  const PBYTEArray & data
151  );
152 
155  PBYTEArray GetData() const;
156 
159  PString AsString() const;
160 
163  bool Parse(
164  const PString & keyStr
165  );
166 
172  PBoolean Load(
173  const PFilePath & keyFile,
174  PSSLFileTypes fileType = PSSLFileTypeDEFAULT,
175  const PSSLPasswordNotifier & notifier = PSSLPasswordNotifier()
176  );
177 
183  PBoolean Save(
184  const PFilePath & keyFile,
185  PBoolean append = false,
186  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
187  );
188 
189 
190  protected:
191  void FreePrivateKey();
192  evp_pkey_st * m_pkey;
193 };
194 
195 
200 class PSSLCertificate : public PObject
201 {
202  PCLASSINFO(PSSLCertificate, PObject);
203  public:
206  PSSLCertificate();
207 
213  PSSLCertificate(
214  const PFilePath & certFile,
215  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
216  );
217 
220  PSSLCertificate(
221  const BYTE * certData,
222  PINDEX certSize
223  );
224 
227  PSSLCertificate(
228  const PBYTEArray & certData
229  );
230 
233  PSSLCertificate(
234  const PString & certString
235  );
236 
239  PSSLCertificate(
240  const PSSLCertificate & cert
241  );
242  PSSLCertificate(
243  x509_st * cert,
244  bool duplicate = true
245  );
246 
249  PSSLCertificate & operator=(
250  const PSSLCertificate & cert
251  );
252  PSSLCertificate & operator=(
253  x509_st * cert
254  );
255 
258  ~PSSLCertificate();
259 
262  operator x509_st *() const { return m_certificate; }
263 
266  void Attach(x509_st * cert);
267 
270  bool IsValid() const { return m_certificate != NULL; }
271 
272 
281  PBoolean CreateRoot(
282  const PString & subject,
283  const PSSLPrivateKey & key
284  );
285 
288  bool SetData(
289  const PBYTEArray & data
290  );
291 
294  PBYTEArray GetData() const;
295 
298  PString AsString() const;
299 
302  bool Parse(
303  const PString & certStr
304  );
305 
311  PBoolean Load(
312  const PFilePath & certFile,
313  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
314  );
315 
321  PBoolean Save(
322  const PFilePath & keyFile,
323  PBoolean append = false,
324  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
325  );
326 
327  class X509_Name : public PObject {
328  PCLASSINFO(X509_Name, PObject);
329  public:
330  X509_Name(X509_name_st * name = NULL) : m_name(name) { }
331 
332  Comparison Compare(const PObject & other) const;
333  void PrintOn(ostream & strm) const;
334 
335  bool IsValid() const { return m_name != NULL; }
336 
337  PString GetCommonName() const;
338  PString GetNID(int id) const;
339  PString AsString(
340  int indent = -1 // Negative means single line
341  ) const;
342 
343  protected:
344  X509_name_st * m_name;
345  };
346 
349  bool GetIssuerName(X509_Name & name) const;
350 
353  bool GetSubjectName(X509_Name & name) const;
354  PString GetSubjectName() const;
355 
358  PString GetSubjectAltName() const;
359 
360  virtual void PrintOn(ostream & strm) const { strm << GetSubjectName(); }
361 
362  protected:
363  void FreeCertificate();
364  x509_st * m_certificate;
365 };
366 
367 
372 class PSSLDiffieHellman : public PObject
373 {
374  PCLASSINFO(PSSLDiffieHellman, PObject);
375  public:
378  PSSLDiffieHellman();
379 
385  PSSLDiffieHellman(
386  const PFilePath & dhFile,
387  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
388  );
389 
392  PSSLDiffieHellman(
393  const BYTE * pData,
394  PINDEX pSize,
395  const BYTE * gData,
396  PINDEX gSize
397  );
398 
401  PSSLDiffieHellman(
402  const PSSLDiffieHellman & dh
403  );
404 
407  PSSLDiffieHellman & operator=(
408  const PSSLDiffieHellman & dh
409  );
410 
413  ~PSSLDiffieHellman();
414 
417  operator dh_st *() const { return dh; }
418 
424  PBoolean Load(
425  const PFilePath & dhFile,
426  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
427  );
428 
429  protected:
430  dh_st * dh;
431 };
432 
433 
434 #ifdef P_SSL_AES
435 
436 class PAESContext : public PObject
437 {
438  PCLASSINFO(PAESContext, PObject);
439  public:
440  PAESContext();
441  PAESContext(bool encrypt, const void * key, PINDEX numBits);
442  ~PAESContext();
443 
444  void SetEncrypt(const void * key, PINDEX numBits);
445  void SetDecrypt(const void * key, PINDEX numBits);
446 
447  void Encrypt(const void * in, void * out);
448  void Decrypt(const void * in, void * out);
449 
450  protected:
451  aes_key_st * m_key;
452 };
453 #endif // P_SSL_AES
454 
455 
457 class PSHA1Context : public PObject
458 {
459  PCLASSINFO(PSHA1Context, PObject);
460  public:
461  PSHA1Context();
462  ~PSHA1Context();
463 
464  enum { BlockSize = 64 };
465 
466  void Update(const void * data, PINDEX length);
467  void Update(const PString & str) { Update((const char *)str, str.GetLength()); }
468 
469  typedef BYTE Digest[20];
470  void Finalise(Digest result);
471 
472  static void Process(const void * data, PINDEX length, Digest result);
473  static void Process(const PString & str, Digest result) { Process((const char *)str, str.GetLength(), result); }
474 
475  protected:
476  SHAstate_st * m_context;
477 };
478 
479 
485 class PSSLContext : public PObject
486 {
487  PCLASSINFO(PSSLContext, PObject);
488  public:
489  enum Method {
490  SSLv23,
491  SSLv3,
492  TLSv1
493  };
494 
503  PSSLContext(
504  const void * sessionId = NULL,
505  PINDEX idSize = 0
506  );
507  PSSLContext(
508  Method method,
509  const void * sessionId = NULL,
510  PINDEX idSize = 0
511  );
512 
515  ~PSSLContext();
516 
519  operator ssl_ctx_st *() const { return m_context; }
520 
523  bool SetVerifyLocations(
524  const PFilePath & caFile,
525  const PDirectory & caDir
526  );
527 
530  bool SetVerifyCertificate(
531  const PSSLCertificate & cert
532  );
533 
534  P_DECLARE_ENUM(VerifyMode,
535  VerifyNone,
536  VerifyPeer,
537  VerifyPeerMandatory
538  );
539 
542  void SetVerifyMode(
543  VerifyMode mode,
544  unsigned depth = 9
545  );
546 
549  VerifyMode GetVerifyMode() const;
550 
553  bool AddClientCA(
554  const PSSLCertificate & certificate
555  );
556  bool AddClientCA(
557  const PList<PSSLCertificate> & certificates
558  );
559 
562  bool UseCertificate(
563  const PSSLCertificate & certificate
564  );
565 
568  bool UsePrivateKey(
569  const PSSLPrivateKey & key
570  );
571 
574  bool UseDiffieHellman(
575  const PSSLDiffieHellman & dh
576  );
577 
580  bool SetCipherList(
581  const PString & ciphers
582  );
583 
586  bool SetCredentials(
587  const PString & authority,
588  const PString & certificate,
589  const PString & privateKey,
590  bool create = false
591  );
592 
594  void SetPasswordNotifier(
595  const PSSLPasswordNotifier & notifier
596  );
597 
598  protected:
599  void Construct(Method method, const void * sessionId, PINDEX idSize);
600 
601  ssl_ctx_st * m_context;
602  PSSLPasswordNotifier m_passwordNotifier;
603 };
604 
605 
608 class PSSLChannel : public PIndirectChannel
609 {
610  PCLASSINFO(PSSLChannel, PIndirectChannel)
611  public:
615  PSSLChannel(
616  PSSLContext * context = NULL,
617  PBoolean autoDeleteContext = false
618  );
619  PSSLChannel(
620  PSSLContext & context
621  );
622 
625  ~PSSLChannel();
626 
627  // Overrides from PChannel
628  virtual PBoolean Read(void * buf, PINDEX len);
629  virtual PBoolean Write(const void * buf, PINDEX len);
630  virtual PBoolean Close();
631  virtual PBoolean Shutdown(ShutdownValue) { return true; }
632  virtual PString GetErrorText(ErrorGroup group = NumErrorGroups) const;
633  virtual PBoolean ConvertOSError(P_INT_PTR error, ErrorGroup group = LastGeneralError);
634 
635  // New functions
640  PBoolean Accept();
641 
644  PBoolean Accept(
645  PChannel & channel
646  );
647 
650  PBoolean Accept(
651  PChannel * channel,
652  PBoolean autoDelete = true
653  );
654 
655 
660  PBoolean Connect();
661 
664  PBoolean Connect(
665  PChannel & channel
666  );
667 
670  PBoolean Connect(
671  PChannel * channel,
672  PBoolean autoDelete = true
673  );
674 
677  bool AddClientCA(
678  const PSSLCertificate & certificate
679  );
680  bool AddClientCA(
681  const PList<PSSLCertificate> & certificates
682  );
683 
686  PBoolean UseCertificate(
687  const PSSLCertificate & certificate
688  );
689 
692  PBoolean UsePrivateKey(
693  const PSSLPrivateKey & key
694  );
695 
698  PString GetCipherList() const;
699 
700  typedef PSSLContext::VerifyMode VerifyMode;
701 
704  void SetVerifyMode(
705  VerifyMode mode
706  );
707 
714  bool GetPeerCertificate(
715  PSSLCertificate & certificate,
716  PString * error = NULL
717  );
718 
719  PSSLContext * GetContext() const { return m_context; }
720 
721  virtual PBoolean RawSSLRead(void * buf, PINDEX & len);
722 
723  protected:
724  void Construct(PSSLContext * ctx, PBoolean autoDel);
725 
735  virtual PBoolean OnOpen();
736 
737  protected:
738  PSSLContext * m_context;
739  bool m_autoDeleteContext;
740  ssl_st * m_ssl;
741 };
742 
743 #endif // PTLIB_PSSL_H
744 
745 
746 // End Of File ///////////////////////////////////////////////////////////////