1 // 2 // Copyright (c) ZeroC, Inc. All rights reserved. 3 // 4 5 #ifndef ICESSL_OPENSSL_H 6 #define ICESSL_OPENSSL_H 7 8 #include <IceSSL/Plugin.h> 9 10 #include <openssl/x509v3.h> 11 #include <openssl/pem.h> 12 13 // 14 // Automatically link IceSSLOpenSSL[D|++11|++11D].lib with Visual C++ 15 // 16 #if defined(_MSC_VER) 17 # if !defined(ICE_BUILDING_ICESSL_OPENSSL) && defined(ICESSL_OPENSSL_API_EXPORTS) 18 # define ICE_BUILDING_ICESSL_OPENSSL 19 # endif 20 21 # if !defined(ICE_BUILDING_ICESSL_OPENSSL) 22 # pragma comment(lib, ICE_LIBNAME("IceSSLOpenSSL")) 23 # endif 24 #endif 25 26 #ifndef ICESSL_OPENSSL_API 27 # if defined(ICE_STATIC_LIBS) 28 # define ICESSL_OPENSSL_API /**/ 29 # elif defined(ICESSL_OPENSSL_API_EXPORTS) 30 # define ICESSL_OPENSSL_API ICE_DECLSPEC_EXPORT 31 # else 32 # define ICESSL_OPENSSL_API ICE_DECLSPEC_IMPORT 33 # endif 34 #endif 35 36 #if defined(_WIN32) && !defined(ICESSL_OPENSSL_API_EXPORTS) 37 38 namespace Ice 39 { 40 41 /** 42 * When using static libraries, calling this function ensures the OpenSSL version of the IceSSL plug-in is 43 * linked with the application. 44 * @param loadOnInitialize If true, the plug-in is loaded (created) during communicator initialization. 45 * If false, the plug-in is only loaded during communicator initialization if its corresponding plug-in 46 * property is set to 1. 47 */ 48 ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceSSLOpenSSL(bool loadOnInitialize = true); 49 50 } 51 #endif 52 53 namespace IceSSL 54 { 55 56 namespace OpenSSL 57 { 58 59 class Certificate; 60 ICE_DEFINE_PTR(CertificatePtr, Certificate); 61 62 /** 63 * Encapsulates an OpenSSL X.509 certificate. 64 * \headerfile IceSSL/IceSSL.h 65 */ 66 class ICESSL_OPENSSL_API Certificate : public virtual IceSSL::Certificate 67 { 68 public: 69 70 /** 71 * Construct a certificate using a native certificate. 72 * The Certificate class assumes ownership of the given native 73 * certificate. 74 * @param cert The native certificate. 75 * @return A new certificate object. 76 */ 77 static CertificatePtr create(x509_st* cert); 78 79 /** 80 * Load the certificate from a file. The certificate must use the 81 * PEM encoding format. 82 * @param file The certificate file. 83 * @return A new certificate object. 84 * @throws CertificateReadException if the file cannot be read. 85 */ 86 static CertificatePtr load(const std::string& file); 87 88 /** 89 * Decode a certificate from a string that uses the PEM encoding format. 90 * @param cert A string containing the PEM-encoded certificate. 91 * @return A new certificate object. 92 * @throws CertificateEncodingException if an error occurs. 93 */ 94 static CertificatePtr decode(const std::string& cert); 95 96 /** 97 * Retrieve the native X509 certificate value wrapped by this object. 98 * @return The native certificate. The returned reference is only valid for the lifetime of this 99 * object. You can increment it with X509_dup. 100 */ 101 virtual x509_st* getCert() const = 0; 102 }; 103 104 /** 105 * Represents the IceSSL plug-in object. 106 * \headerfile IceSSL/IceSSL.h 107 */ 108 class ICESSL_OPENSSL_API Plugin : public virtual IceSSL::Plugin 109 { 110 public: 111 112 /** 113 * Obtains the OpenSSL version number. 114 * @return The version. 115 */ 116 virtual Ice::Long getOpenSSLVersion() const = 0; 117 118 /** 119 * Establishes the OpenSSL context. This must be done before the 120 * plug-in is initialized, therefore the application must define 121 * the property Ice.InitPlugins=0, set the context, and finally 122 * invoke Ice::PluginManager::initializePlugins. 123 * 124 * When the application supplies its own OpenSSL context, the 125 * plug-in ignores configuration properties related to certificates, 126 * keys, and passwords. 127 * 128 * Note that the plug-in assumes ownership of the given context. 129 * 130 * @param ctx The OpenSSL context. 131 */ 132 virtual void setContext(SSL_CTX* ctx) = 0; 133 134 /** 135 * Obtains the SSL context. Use caution when modifying this value. 136 * Changes made to this value have no effect on existing connections. 137 * @return The OpenSSL context. 138 */ 139 virtual SSL_CTX* getContext() = 0; 140 }; 141 ICE_DEFINE_PTR(PluginPtr, Plugin); 142 143 } // OpenSSL namespace end 144 145 } // IceSSL namespace end 146 147 #endif 148