File: httpCrypto.h

package info (click to toggle)
omniorb-dfsg 4.3.3%2Bds1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 13,172 kB
  • sloc: cpp: 115,843; python: 24,962; ansic: 13,414; sh: 2,665; makefile: 40
file content (185 lines) | stat: -rw-r--r-- 6,729 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 
// -*- Mode: C++; -*-
//                            Package   : omniORB
// httpCrypto.h               Created on: 20 June 2018
//                            Author    : Duncan Grisby
//
//    Copyright (C) 2018-2019 Apasphere Ltd
//    Copyright (C) 2018      Apasphere Ltd, BMC Software
//
//    This file is part of the omniORB library
//
//    The omniORB library is free software; you can redistribute it and/or
//    modify it under the terms of the GNU Lesser General Public
//    License as published by the Free Software Foundation; either
//    version 2.1 of the License, or (at your option) any later version.
//
//    This library is distributed in the hope that it will be useful,
//    but WITHOUT ANY WARRANTY; without even the implied warranty of
//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
//    Lesser General Public License for more details.
//
//    You should have received a copy of the GNU Lesser General Public
//    License along with this library. If not, see http://www.gnu.org/licenses/
//
//
// Description:
//	*** PROPRIETARY INTERFACE ***
// 

#ifndef __HTTPCRYPTO_H__
#define __HTTPCRYPTO_H__

OMNI_NAMESPACE_BEGIN(omni)

//
// Abstract classes that provide encryption support.

class httpCrypto {
public:
  virtual ~httpCrypto();

  virtual const char* peerIdent() = 0;
  // Returns an identity string for the peer, or 0 if there is no
  // identified peer. Retains ownership of the string.
  
  virtual size_t writeAuthHeader(char* buf, size_t buf_space) = 0;
  // On the client side, populate the buffer with the contents of an
  // Authorization header.  (The caller writes the terminating \r\n.)
  // If there is insufficient space, must throw MARSHAL_HTTPBufferFull.
  // Returns the number of bytes written.

  virtual CORBA::Boolean matchAuthHeader(const char* val) = 0;
  // On the server side, return true if this object matches the
  // Authorization header.

  virtual size_t encryptedSize(size_t giop_size) = 0;
  // Returns the encrypted size of the input GIOP message size.

  virtual size_t encryptOverhead() = 0;
  // Returns the maximum buffer overhead that an encrypt operation
  // might need, on top of the size of input data.
  
  virtual size_t encrypt(CORBA::Octet*       write_buf,
                         const CORBA::Octet* read_buf,
                         size_t              read_size,
                         CORBA::Boolean      last) = 0;
  // Encrypt read_size octets from read_buf and write into write_buf,
  // which is of at least size read_size plus the buffer overhead. If
  // last is true, this is the last block of data; if false, there is
  // more to come. Returns the number of octets written.

  virtual size_t decryptOverhead() = 0;
  // Returns the maximum buffer overhead that a decrypt operation
  // might need, on top of the size of input data.
  
  virtual size_t decrypt(CORBA::Octet*       write_buf,
                         const CORBA::Octet* read_buf,
                         size_t              read_size,
                         CORBA::Boolean      last) = 0;
  // Decrypt read_size octets from read_buf and write into write_buf.
  // If last is true, this is the last block of data; if false, there
  // is more to come. Returns the number of decrypted octets.
};


class httpCryptoManager {
public:
  virtual ~httpCryptoManager();

  virtual httpCrypto* cryptoForServer(const char*    url,
                                      CORBA::Boolean new_key) = 0;
  // On the client side, for server URL, return a suitable httpCrypto
  // object, or null if no message encryption is used for that
  // server. If new_key is true, force the generation of a new session
  // key.
  
  virtual httpCrypto* readAuthHeader(const char* host, const char* auth) = 0;
  // On the server side, read a Host header and Authorization header,
  // and return a suitable new httpCrypto object. If the header is not
  // understood, must throw MARSHAL_HTTPHeaderInvalid. If the header
  // refers to a previously-agreed key, but the key is not known, must
  // throw TRANSIENT_Renegotiate. If the header comes from an unknown
  // client, must throw NO_PERMISSION_UnknownClient.
};


//
// Concrete class implemented in the omnihttpCrypto library.

class httpCryptoManager_AES_RSA_impl;

class httpCryptoManager_AES_RSA : public httpCryptoManager {
public:
  httpCryptoManager_AES_RSA();
  ~httpCryptoManager_AES_RSA();

  //
  // Control interface

  void
  init(const char*    ident,
       const char*    private_key,
       CORBA::Boolean is_filename,
       CORBA::ULong   key_lifetime = 3600);
  // Initialise the crypto manager.
  //
  //  ident        -- unique string that identifies this process.
  //  private_key  -- PEM file / string for this process' private key.
  //  is_filename  -- if true, private_key is a filename for the PEM file;
  //                  if false, private_key is the actual PEM contents.
  //  key_lifetime -- the number of seconds for which an AES session key
  //                  is retained.

  void
  addClient(const char*    ident,
            const char*    public_key,
            CORBA::Boolean is_filename);
  // Add knowledge of a client, or replace the existing client's key
  // if the ident is already known.
  //
  //  ident       -- unique string that identifies the client.
  //  public_key  -- PEM file / string for the client's public key.
  //  is_filename -- if true, public_key is a filename for the PEM file;
  //                 if false, public_key is the actual PEM contents.

  CORBA::Boolean
  removeClient(const char* ident);
  // Remove the client with the specified ident. Returns true if there
  // was a client to remove; false if it was not known.

  void
  addServer(const char*    url,
            const char*    public_key,
            CORBA::Boolean is_filename);
  // Add knowledge of a server, or replace the existing server's key
  // if the URL is already known.
  //
  //  url         -- URL for the server.
  //  public_key  -- PEM file / string for the server's public key.
  //  is_filename -- if true, public_key is a filename for the PEM file;
  //                 if false, public_key is the actual PEM contents.

  CORBA::Boolean
  removeServer(const char* url);
  // Remove the server with the specified url. Returns true if there
  // was a server to remove; false if it was not known.


  //
  // Implementations of virtual functions

  virtual httpCrypto*
  cryptoForServer(const char*    peer_address,
                  CORBA::Boolean new_key);

  virtual httpCrypto*
  readAuthHeader(const char* host, const char* auth);

private:
  httpCryptoManager_AES_RSA_impl* pd_impl;
};


OMNI_NAMESPACE_END(omni)

#endif // __HTTPCRYPTO_H__