MySQL 5.6.14 Source Code Document
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
cert_wrapper.hpp
1 /*
2  Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
3 
4  This program is free software; you can redistribute it and/or modify
5  it under the terms of the GNU General Public License as published by
6  the Free Software Foundation; version 2 of the License.
7 
8  This program is distributed in the hope that it will be useful,
9  but WITHOUT ANY WARRANTY; without even the implied warranty of
10  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11  GNU General Public License for more details.
12 
13  You should have received a copy of the GNU General Public License
14  along with this program; see the file COPYING. If not, write to the
15  Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
16  MA 02110-1301 USA.
17  */
18 
19 
20 /* The certificate wrapper header defines certificate management functions
21  *
22  */
23 
24 
25 #ifndef yaSSL_CERT_WRAPPER_HPP
26 #define yaSSL_CERT_WRAPPER_HPP
27 
28 #ifdef _MSC_VER
29  // disable truncated debug symbols
30  #pragma warning(disable:4786)
31 #endif
32 
33 
34 #include "yassl_types.hpp" // SignatureAlgorithm
35 #include "buffer.hpp" // input_buffer
36 #include "asn.hpp" // SignerList
37 #include "openssl/ssl.h" // internal and external use
38 #include STL_LIST_FILE
39 #include STL_ALGORITHM_FILE
40 
41 
42 namespace STL = STL_NAMESPACE;
43 
44 
45 namespace yaSSL {
46 
47 typedef unsigned char opaque;
48 class X509; // forward openSSL type
49 
50 using TaoCrypt::SignerList;
51 
52 // an x509 version 3 certificate
53 class x509 {
54  uint length_;
55  opaque* buffer_;
56 public:
57  explicit x509(uint sz);
58  ~x509();
59 
60  uint get_length() const;
61  const opaque* get_buffer() const;
62  opaque* use_buffer();
63 
64  x509(const x509&);
65  x509& operator=(const x509&);
66 private:
67  void Swap(x509&);
68 };
69 
70 
71 // Certificate Manager keeps a list of the cert chain and public key
72 class CertManager {
73  typedef STL::list<x509*> CertList;
74 
75  CertList list_; // self
76  input_buffer privateKey_;
77 
78  CertList peerList_; // peer
79  input_buffer peerPublicKey_;
80  X509* peerX509_; // peer's openSSL X509
81  X509* selfX509_; // our own openSSL X509
82 
83  SignatureAlgorithm keyType_; // self key type
84  SignatureAlgorithm peerKeyType_; // peer's key type
85 
86  SignerList signers_; // decoded CA keys and names
87  // plus verified chained certs
88  bool verifyPeer_;
89  bool verifyNone_; // no error if verify fails
90  bool failNoCert_;
91  bool sendVerify_;
92  VerifyCallback verifyCallback_; // user verify callback
93 public:
94  CertManager();
95  ~CertManager();
96 
97  void AddPeerCert(x509* x); // take ownership
98  void CopySelfCert(const x509* x);
99  int CopyCaCert(const x509* x);
100  int Validate();
101 
102  int SetPrivateKey(const x509&);
103 
104  const x509* get_cert() const;
105  const opaque* get_peerKey() const;
106  const opaque* get_privateKey() const;
107  X509* get_peerX509() const;
108  X509* get_selfX509() const;
109  SignatureAlgorithm get_keyType() const;
110  SignatureAlgorithm get_peerKeyType() const;
111 
112  uint get_peerKeyLength() const;
113  uint get_privateKeyLength() const;
114 
115  bool verifyPeer() const;
116  bool verifyNone() const;
117  bool failNoCert() const;
118  bool sendVerify() const;
119 
120  void setVerifyPeer();
121  void setVerifyNone();
122  void setFailNoCert();
123  void setSendVerify();
124  void setPeerX509(X509*);
125  void setVerifyCallback(VerifyCallback);
126 private:
127  CertManager(const CertManager&); // hide copy
128  CertManager& operator=(const CertManager&); // and assign
129 };
130 
131 
132 } // naemspace
133 
134 #endif // yaSSL_CERT_WRAPPER_HPP