|
OpenHIP 0.9svn1
|
00001 /* -*- Mode:cc-mode; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ 00002 /* vim: set ai sw=2 ts=2 et cindent cino={1s: */ 00003 /* 00004 * Host Identity Protocol 00005 * Copyright (c) 2008-2012 the Boeing Company 00006 * 00007 * Permission is hereby granted, free of charge, to any person obtaining a copy 00008 * of this software and associated documentation files (the "Software"), to deal 00009 * in the Software without restriction, including without limitation the rights 00010 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 00011 * copies of the Software, and to permit persons to whom the Software is 00012 * furnished to do so, subject to the following conditions: 00013 * 00014 * The above copyright notice and this permission notice shall be included in 00015 * all copies or substantial portions of the Software. 00016 * 00017 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 00018 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 00019 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 00020 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 00021 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 00022 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 00023 * THE SOFTWARE. 00024 * 00025 * \file hip_cfg.h 00026 * 00027 * \authors Jin Fang <jin.fang@boeing.com> 00028 * 00029 * \brief Common configuration API class definitions. 00030 * 00031 */ 00032 00033 #ifndef _HIP_CFG_H_ 00034 #define _HIP_CFG_H_ 00035 #include <netinet/in.h> 00036 #include <netinet/ether.h> 00037 #include <map> 00038 #include <set> 00039 #include <string> 00040 #include <list> 00041 #include <openssl/ssl.h> 00042 #include <openssl/engine.h> 00043 #include "hip_types.h" 00044 00045 extern pthread_mutex_t hipcfgmap_mutex; 00046 00047 using namespace std; 00048 00049 class certInfo 00050 { 00051 public: 00052 certInfo(string cert) 00053 { 00054 _cert = cert; _length = cert.length(); _ts = 0; 00055 }; 00056 ~certInfo(); 00057 time_t getTs() 00058 { 00059 return(_ts); 00060 }; 00061 const char *getHit() 00062 { 00063 return(_hit.c_str()); 00064 }; 00065 const char *getCert() 00066 { 00067 return(_cert.c_str()); 00068 }; 00069 int certLength() 00070 { 00071 return(_length); 00072 }; 00073 void setVerified(char *hit) 00074 { 00075 _hit = hit; time(&_ts); return; 00076 }; 00077 certInfo() 00078 { 00079 }; 00080 00081 private: 00082 string _cert; 00083 int _length; 00084 string _hit; 00085 time_t _ts; 00086 }; 00087 00088 class hitPair 00089 { 00090 public: 00091 hitPair(const hip_hit hit1, const hip_hit hit2); 00092 void print() const; 00093 bool operator<(const hitPair & hp) const; 00094 00095 public: 00096 hip_hit _hit1; 00097 hip_hit _hit2; 00098 }; 00099 00100 struct hp_compare 00101 { 00102 bool operator ()(const hitPair & hp1, const hitPair & hp2) 00103 { 00104 return(hp1 < hp2); 00105 } 00106 00107 }; 00108 00109 00110 class hipCfg { 00111 public: 00112 hipCfg(); 00113 virtual ~hipCfg() 00114 { 00115 }; 00116 int hit_peer_allowed(const hip_hit hit1, const hip_hit hit2); 00117 int peers_allowed(hip_hit *hits1, hip_hit *hits2, int max_cnt); 00118 00119 /* called by hipcfg_setUnderlayIpAddress */ 00120 virtual int setUnderlayIpAddress(const char *ip) = 0; 00121 00122 int legacyNodeToEndbox(const struct sockaddr *host, struct sockaddr *eb); 00123 int endbox2Llip(const struct sockaddr *eb, struct sockaddr *llip); 00124 int getLegacyNodesByEndbox(const struct sockaddr *eb, 00125 struct sockaddr_storage *hosts, int size); 00126 int getLocalCertUrl(char *url, unsigned int size); 00127 int getPeerNodes(struct peer_node *peerNodes, unsigned int max_count); 00128 hi_node *getMyHostId() 00129 { 00130 return(_hostid); 00131 }; 00132 virtual int verifyCert(const char *url, const hip_hit hit) = 0; 00133 virtual int postLocalCert(const char *hit) = 0; 00134 virtual int loadCfg(struct hip_conf *hc) = 0; 00135 virtual int closeCfg() = 0; 00136 static int hit2hitstr(char *hit_str, const hip_hit hit); 00137 static int hitstr2lsistr(char *lsi_str, const char *hit_str); 00138 static int addr_to_str(const struct sockaddr *addr, char *data, int len); 00139 static int hitstr2hit(hip_hit hit, const char *hit_str); 00140 static int hex_to_bin(const char *src, char *dst, int dst_len); 00141 static int str_to_addr(const char *data, struct sockaddr *addr); 00142 00143 protected: 00144 int verify_certificate(X509 *cert); 00145 static int callb(int rc, X509_STORE_CTX *ctx); 00146 int hi_to_hit(hi_node *hi, hip_hit hit); 00147 int khi_hi_input(hi_node *hi, __u8 *out); 00148 int bn2bin_safe(const BIGNUM *a, unsigned char *to, int len); 00149 int khi_encode_n(__u8 *in, int len, __u8 *out, int n); 00150 int mkHIfromSc(); 00151 int mkHIfromPkey(RSA *rsa, DSA *dsa, hi_node *hostid); 00152 int getEndboxMapsFromLocalFile(); 00153 int locate_config_file(char *filename, 00154 int filename_size, 00155 const char *default_name); 00156 sockaddr_list *add_address_to_list(sockaddr_list **list, 00157 struct sockaddr *addr, 00158 int ifi); 00159 00160 protected: 00161 map <string, string> _legacyNode2EndboxMap; 00162 map <string, string> _endbox2LlipMap; /* endbox (LSI) to Llip mapping */ 00163 string _localCertUrl; 00164 map <string, certInfo> _certs; /* cached certificates data indexed by 00165 *cert url*/ 00166 set <hitPair, hp_compare> _allowed_peers; /* pairs of hits allowed to 00167 *start HIP base exchange */ 00168 struct hip_conf *_hcfg; 00169 map <string, struct peer_node *> _hit_to_peers; /* configured peers 00170 * *indexed by hit 00171 * string 00172 **/ 00173 string _PrivKeyID; 00174 string _Cert; 00175 string _caCert; 00176 hi_node *_hostid; 00177 SSL *_ssl; 00178 X509_STORE *_store; 00179 RSA *_rsa; 00180 DSA *_dsa; 00181 }; 00182 00183 #endif
1.7.4