/[resiprocate]/main/sip/resiprocate/Security.hxx
ViewVC logotype

Contents of /main/sip/resiprocate/Security.hxx

Parent Directory Parent Directory | Revision Log Revision Log


Revision 4601 - (show annotations) (download)
Thu May 12 01:10:49 2005 UTC (14 years, 6 months ago) by derek
File size: 9527 byte(s)
merged identity branch(4598) into main--removing identity branch after this
1 #if !defined(RESIP_SECURITY_HXX)
2 #define RESIP_SECURITY_HXX
3
4
5 #include <map>
6 #include <vector>
7
8 #include "resiprocate/os/Socket.hxx"
9 #include "resiprocate/os/BaseException.hxx"
10 #include "resiprocate/SecurityTypes.hxx"
11 #include "resiprocate/SecurityAttributes.hxx"
12
13 #if defined(USE_SSL)
14 #include <openssl/ssl.h>
15 #else
16 // to ensure compilation and object size invariance.
17 typedef void BIO;
18 typedef void SSL;
19 typedef void X509;
20 typedef void X509_STORE;
21 typedef void SSL_CTX;
22 typedef void EVP_PKEY;
23 #endif
24
25 namespace resip
26 {
27
28 class Contents;
29 class Pkcs7Contents;
30 class Security;
31 class MultipartSignedContents;
32 class SipMessage;
33
34 class BaseSecurity
35 {
36 public:
37 class Exception : public BaseException
38 {
39 public:
40 Exception(const Data& msg, const Data& file, const int line);
41 const char* name() const { return "SecurityException"; }
42 };
43
44 BaseSecurity();
45 virtual ~BaseSecurity();
46
47 // used to initialize the openssl library
48 static void initialize();
49
50 typedef enum
51 {
52 RootCert=1,
53 DomainCert,
54 DomainPrivateKey,
55 UserCert,
56 UserPrivateKey
57 } PEMType;
58
59 virtual void preload()=0;
60
61 // name refers to the domainname or username which could be converted to a
62 // filename by convention
63 virtual void onReadPEM(const Data& name, PEMType type, Data& buffer) const =0;
64 virtual void onWritePEM(const Data& name, PEMType type, const Data& buffer) const =0;
65 virtual void onRemovePEM(const Data& name, PEMType type) const =0;
66
67 struct CertificateInfo
68 {
69 Data name;
70 Data fingerprint;
71 Data validFrom;
72 Data validTo;
73 };
74
75 typedef std::vector<CertificateInfo> CertificateInfoContainer;
76 CertificateInfoContainer getRootCertDescriptions() const;
77
78 // All of these guys can throw SecurityException
79
80 void addRootCertPEM(const Data& x509PEMEncodedRootCerts);
81
82 void addDomainCertPEM(const Data& domainName, const Data& certPEM);
83 void addDomainCertDER(const Data& domainName, const Data& certDER);
84 bool hasDomainCert(const Data& domainName) const;
85 void removeDomainCert(const Data& domainName);
86 Data getDomainCertDER(const Data& domainName) const;
87
88 void addDomainPrivateKeyPEM(const Data& domainName, const Data& privateKeyPEM);
89 bool hasDomainPrivateKey(const Data& domainName) const;
90 void removeDomainPrivateKey(const Data& domainName);
91 Data getDomainPrivateKeyPEM(const Data& domainName) const;
92
93 void addUserCertPEM(const Data& aor, const Data& certPEM);
94 void addUserCertDER(const Data& aor, const Data& certDER);
95 bool hasUserCert(const Data& aor) const;
96 void removeUserCert(const Data& aor);
97 Data getUserCertDER(const Data& aor) const;
98
99 void setUserPassPhrase(const Data& aor, const Data& passPhrase);
100 bool hasUserPassPhrase(const Data& aor) const;
101 void removeUserPassPhrase(const Data& aor);
102 Data getUserPassPhrase(const Data& aor) const;
103
104 void addUserPrivateKeyPEM(const Data& aor, const Data& certPEM);
105 void addUserPrivateKeyDER(const Data& aor, const Data& certDER);
106 bool hasUserPrivateKey(const Data& aor) const;
107 void removeUserPrivateKey(const Data& aor);
108 Data getUserPrivateKeyPEM(const Data& aor) const;
109 Data getUserPrivateKeyDER(const Data& aor) const;
110
111 void generateUserCert(const Data& aor, int expireDays=365, int keyLen=1024);
112
113 // Produces a detached signature
114 MultipartSignedContents* sign(const Data& senderAor, Contents* );
115 Pkcs7Contents* encrypt(Contents* , const Data& recipCertName );
116 Pkcs7Contents* signAndEncrypt( const Data& senderAor, Contents* , const Data& recipCertName );
117
118 Data computeIdentity( const Data& signerDomain, const Data& in ) const;
119 bool checkIdentity( const Data& signerDomain, const Data& in, const Data& sig, X509* cert=NULL ) const;
120
121 void checkAndSetIdentity( const SipMessage& msg, const Data& derCert=Data::Empty ) const;
122
123 // returns NULL if it fails
124 Contents* decrypt( const Data& decryptorAor, Pkcs7Contents* );
125
126 // returns NULL if fails. returns the data that was originally signed
127 Contents* checkSignature( MultipartSignedContents*,
128 Data* signedBy, SignatureStatus* sigStat );
129
130 //returns SubjectAltName or commonName, if subjectAltName does not exist
131 Data getCetName(X509 *cert);
132
133 //compares (with wildcards) the hostname with the
134 //subjectAltName/commonName from the 'cert' certificate
135 bool compareCertName(X509 *cert, const Data& hostname);
136
137 // allow particular classes to acces the fucntions below
138 // friend class TlsConnection;
139 public:
140 SSL_CTX* getTlsCtx ();
141 SSL_CTX* getSslCtx ();
142
143 X509* getDomainCert( const Data& domain );
144 EVP_PKEY* getDomainKey( const Data& domain );
145
146 // map of name to certificates
147 typedef std::map<Data,X509*> X509Map;
148 typedef std::map<Data,EVP_PKEY*> PrivateKeyMap;
149 typedef std::map<Data,Data> PassPhraseMap;
150
151 protected:
152 SSL_CTX* mTlsCtx;
153 SSL_CTX* mSslCtx;
154 static void dumpAsn(char*, Data);
155
156 // root cert list
157 mutable X509_STORE* mRootCerts;
158
159 mutable X509Map mDomainCerts;
160 mutable PrivateKeyMap mDomainPrivateKeys;
161
162 mutable X509Map mUserCerts;
163 mutable PassPhraseMap mUserPassPhrases;
164 mutable PrivateKeyMap mUserPrivateKeys;
165
166 void addCertPEM (PEMType type, const Data& name, const Data& certPEM, bool write) const;
167 void addCertDER (PEMType type, const Data& name, const Data& certDER, bool write) const;
168 bool hasCert (PEMType type, const Data& name) const;
169 void removeCert (PEMType type, const Data& name);
170 Data getCertDER (PEMType type, const Data& name) const;
171 void addCertX509(PEMType type, const Data& name, X509* cert, bool write) const;
172
173 void addPrivateKeyPEM (PEMType type, const Data& name, const Data& privateKeyPEM, bool write) const;
174 void addPrivateKeyDER (PEMType type, const Data& name, const Data& privateKeyDER, bool write) const;
175 bool hasPrivateKey (PEMType type, const Data& name) const;
176 void removePrivateKey (PEMType type, const Data& name);
177 Data getPrivateKeyPEM (PEMType type, const Data& name) const;
178 Data getPrivateKeyDER (PEMType type, const Data& name) const;
179 void addPrivateKeyPKEY(PEMType type, const Data& name, EVP_PKEY* pKey, bool write) const;
180
181 };
182
183 class Security : public BaseSecurity
184 {
185 public:
186 #ifdef WIN32
187 Security( const Data& pathToCerts = "C:\\sipCerts\\");
188 #else
189 Security( const Data& pathToCerts = "~/.sipCerts/" );
190 #endif
191
192 virtual void preload();
193
194 virtual void onReadPEM(const Data& name, PEMType type, Data& buffer) const;
195 virtual void onWritePEM(const Data& name, PEMType type, const Data& buffer) const;
196 virtual void onRemovePEM(const Data& name, PEMType type) const;
197
198 private:
199 Data mPath;
200 };
201
202 }
203
204 #endif
205
206 /* ====================================================================
207 * The Vovida Software License, Version 1.0
208 *
209 * Copyright (c) 2000 Vovida Networks, Inc. All rights reserved.
210 *
211 * Redistribution and use in source and binary forms, with or without
212 * modification, are permitted provided that the following conditions
213 * are met:
214 *
215 * 1. Redistributions of source code must retain the above copyright
216 * notice, this list of conditions and the following disclaimer.
217 *
218 * 2. Redistributions in binary form must reproduce the above copyright
219 * notice, this list of conditions and the following disclaimer in
220 * the documentation and/or other materials provided with the
221 * distribution.
222 *
223 * 3. The names "VOCAL", "Vovida Open Communication Application Library",
224 * and "Vovida Open Communication Application Library (VOCAL)" must
225 * not be used to endorse or promote products derived from this
226 * software without prior written permission. For written
227 * permission, please contact vocal@vovida.org.
228 *
229 * 4. Products derived from this software may not be called "VOCAL", nor
230 * may "VOCAL" appear in their name, without prior written
231 * permission of Vovida Networks, Inc.
232 *
233 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
234 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
235 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
236 * NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL VOVIDA
237 * NETWORKS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES
238 * IN EXCESS OF $1,000, NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
239 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
240 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
241 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
242 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
243 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
244 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
245 * DAMAGE.
246 *
247 * ====================================================================
248 *
249 * This software consists of voluntary contributions made by Vovida
250 * Networks, Inc. and many individuals on behalf of Vovida Networks,
251 * Inc. For more information on Vovida Networks, Inc., please see
252 * <http://www.vovida.org/>.
253 *
254 */
255
256

Properties

Name Value
svn:eol-style LF

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27