1 //
2 // Copyright (c) ZeroC, Inc. All rights reserved.
3 //
4 
5 #ifndef ICESSL_OPENSSL_H
6 #define ICESSL_OPENSSL_H
7 
8 #include <IceSSL/Plugin.h>
9 
10 #include <openssl/x509v3.h>
11 #include <openssl/pem.h>
12 
13 //
14 // Automatically link IceSSLOpenSSL[D|++11|++11D].lib with Visual C++
15 //
16 #if defined(_MSC_VER)
17 #  if !defined(ICE_BUILDING_ICESSL_OPENSSL) && defined(ICESSL_OPENSSL_API_EXPORTS)
18 #    define ICE_BUILDING_ICESSL_OPENSSL
19 #  endif
20 
21 #  if !defined(ICE_BUILDING_ICESSL_OPENSSL)
22 #    pragma comment(lib, ICE_LIBNAME("IceSSLOpenSSL"))
23 #  endif
24 #endif
25 
26 #ifndef ICESSL_OPENSSL_API
27 #   if defined(ICE_STATIC_LIBS)
28 #       define ICESSL_OPENSSL_API /**/
29 #   elif defined(ICESSL_OPENSSL_API_EXPORTS)
30 #       define ICESSL_OPENSSL_API ICE_DECLSPEC_EXPORT
31 #   else
32 #       define ICESSL_OPENSSL_API ICE_DECLSPEC_IMPORT
33 #   endif
34 #endif
35 
36 #if defined(_WIN32) && !defined(ICESSL_OPENSSL_API_EXPORTS)
37 
38 namespace Ice
39 {
40 
41 /**
42  * When using static libraries, calling this function ensures the OpenSSL version of the IceSSL plug-in is
43  * linked with the application.
44  * @param loadOnInitialize If true, the plug-in is loaded (created) during communicator initialization.
45  * If false, the plug-in is only loaded during communicator initialization if its corresponding plug-in
46  * property is set to 1.
47  */
48 ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceSSLOpenSSL(bool loadOnInitialize = true);
49 
50 }
51 #endif
52 
53 namespace IceSSL
54 {
55 
56 namespace OpenSSL
57 {
58 
59 class Certificate;
60 ICE_DEFINE_PTR(CertificatePtr, Certificate);
61 
62 /**
63  * Encapsulates an OpenSSL X.509 certificate.
64  * \headerfile IceSSL/IceSSL.h
65  */
66 class ICESSL_OPENSSL_API Certificate : public virtual IceSSL::Certificate
67 {
68 public:
69 
70     /**
71      * Construct a certificate using a native certificate.
72      * The Certificate class assumes ownership of the given native
73      * certificate.
74      * @param cert The native certificate.
75      * @return A new certificate object.
76      */
77     static CertificatePtr create(x509_st* cert);
78 
79     /**
80      * Load the certificate from a file. The certificate must use the
81      * PEM encoding format.
82      * @param file The certificate file.
83      * @return A new certificate object.
84      * @throws CertificateReadException if the file cannot be read.
85      */
86     static CertificatePtr load(const std::string& file);
87 
88     /**
89      * Decode a certificate from a string that uses the PEM encoding format.
90      * @param cert A string containing the PEM-encoded certificate.
91      * @return A new certificate object.
92      * @throws CertificateEncodingException if an error occurs.
93      */
94     static CertificatePtr decode(const std::string& cert);
95 
96     /**
97      * Retrieve the native X509 certificate value wrapped by this object.
98      * @return The native certificate. The returned reference is only valid for the lifetime of this
99      * object. You can increment it with X509_dup.
100      */
101     virtual x509_st* getCert() const = 0;
102 };
103 
104 /**
105  * Represents the IceSSL plug-in object.
106  * \headerfile IceSSL/IceSSL.h
107  */
108 class ICESSL_OPENSSL_API Plugin : public virtual IceSSL::Plugin
109 {
110 public:
111 
112     /**
113      * Obtains the OpenSSL version number.
114      * @return The version.
115      */
116     virtual Ice::Long getOpenSSLVersion() const = 0;
117 
118     /**
119      * Establishes the OpenSSL context. This must be done before the
120      * plug-in is initialized, therefore the application must define
121      * the property Ice.InitPlugins=0, set the context, and finally
122      * invoke Ice::PluginManager::initializePlugins.
123      *
124      * When the application supplies its own OpenSSL context, the
125      * plug-in ignores configuration properties related to certificates,
126      * keys, and passwords.
127      *
128      * Note that the plug-in assumes ownership of the given context.
129      *
130      * @param ctx The OpenSSL context.
131      */
132     virtual void setContext(SSL_CTX* ctx) = 0;
133 
134     /**
135      * Obtains the SSL context. Use caution when modifying this value.
136      * Changes made to this value have no effect on existing connections.
137      * @return The OpenSSL context.
138      */
139     virtual SSL_CTX* getContext() = 0;
140 };
141 ICE_DEFINE_PTR(PluginPtr, Plugin);
142 
143 } // OpenSSL namespace end
144 
145 } // IceSSL namespace end
146 
147 #endif
148