MongoDB  2.7.0
ssl_manager.h
1 /* Copyright 2009 10gen Inc.
2  *
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifdef MONGO_SSL
17 
18 #pragma once
19 
20 #include <string>
21 #include "mongo/base/disallow_copying.h"
22 #include "mongo/util/net/sock.h"
23 
24 #include <openssl/err.h>
25 #include <openssl/ssl.h>
26 
27 #endif
28 
29 namespace mongo {
30  /*
31  * @return the SSL version string prefixed with prefix and suffixed with suffix
32  */
33  const std::string getSSLVersion(const std::string &prefix, const std::string &suffix);
34 }
35 
36 #ifdef MONGO_SSL
37 namespace mongo {
38 
39  class SSLConnection {
40  public:
41  SSL* ssl;
42  BIO* networkBIO;
43  BIO* internalBIO;
44  Socket* socket;
45 
46  SSLConnection(SSL_CTX* ctx, Socket* sock, const char* initialBytes, int len);
47 
48  ~SSLConnection();
49  };
50 
51  class SSLManagerInterface {
52  public:
53  virtual ~SSLManagerInterface();
54 
60  virtual SSLConnection* connect(Socket* socket) = 0;
61 
67  virtual SSLConnection* accept(Socket* socket, const char* initialBytes, int len) = 0;
68 
74  virtual std::string parseAndValidatePeerCertificate(const SSLConnection* conn,
75  const std::string& remoteHost) = 0;
76 
81  virtual void cleanupThreadLocals() = 0;
82 
87  virtual std::string getServerSubjectName() = 0;
88 
94  virtual std::string getClientSubjectName() = 0;
95 
99  virtual std::string getSSLErrorMessage(int code) = 0;
100 
104  virtual int SSL_read(SSLConnection* conn, void* buf, int num) = 0;
105 
106  virtual int SSL_write(SSLConnection* conn, const void* buf, int num) = 0;
107 
108  virtual unsigned long ERR_get_error() = 0;
109 
110  virtual char* ERR_error_string(unsigned long e, char* buf) = 0;
111 
112  virtual int SSL_get_error(const SSLConnection* conn, int ret) = 0;
113 
114  virtual int SSL_shutdown(SSLConnection* conn) = 0;
115 
116  virtual void SSL_free(SSLConnection* conn) = 0;
117  };
118 
119  // Access SSL functions through this instance.
120  SSLManagerInterface* getSSLManager();
121 
122  extern bool isSSLServer;
123 }
124 #endif // #ifdef MONGO_SSL