/usr/include/sipxtapi/os/OsTLS.h is in libsipxtapi-dev 3.3.0~test17-2.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 | //
// Copyright (C) 2004-2006 SIPfoundry Inc.
// Licensed by SIPfoundry under the LGPL license.
//
// Copyright (C) 2004-2006 Pingtel Corp. All rights reserved.
// Licensed to SIPfoundry under a Contributor Agreement.
//
// $$
///////////////////////////////////////////////////////////////////////////////
#ifndef _OsTLS_h_
#define _OsTLS_h_
// SYSTEM INCLUDES
// APPLICATION INCLUDES
#include "os/OsBSem.h"
#include "os/OsSysLog.h"
#include "utl/UtlString.h"
#include "utl/UtlHashMap.h"
#include <nspr.h>
#include <seccomon.h>
#include <secmod.h>
// DEFINES
// MACROS
// EXTERNAL FUNCTIONS
// EXTERNAL VARIABLES
// CONSTANTS
#define MAX_CERT_DIR_LENGTH 256
// STRUCTS
// ENUMERATIONS
typedef enum SECURITY_CAUSE
{
E_SECURITY_CAUSE_UNKNOWN = 0, /**< An UNKNOWN cause code is generated when the state
for the security operation
is no longer known. This is generally an error
condition; see the info structure for details. */
E_SECURITY_CAUSE_NORMAL, /**< Event was fired as part of the normal encryption / decryption process. */
E_SECURITY_CAUSE_ENCRYPT_SUCCESS, /**< An S/MIME encryption succeeded. */
E_SECURITY_CAUSE_ENCRYPT_FAILURE_LIB_INIT, /**< An S/MIME encryption failed because the
security library could not start. */
E_SECURITY_CAUSE_ENCRYPT_FAILURE_BAD_PUBLIC_KEY, /**< An S/MIME encryption failed because of a bad certificate / public key. */
E_SECURITY_CAUSE_ENCRYPT_FAILURE_INVALID_PARAMETER,/**< An S/MIME encryption failed because of an invalid parameter. */
E_SECURITY_CAUSE_DECRYPT_SUCCESS, /**< An S/MIME decryption succeeded. */
E_SECURITY_CAUSE_DECRYPT_FAILURE_DB_INIT, /**< An S/MIME decryption failed due to a failure to initialize the certificate database. */
E_SECURITY_CAUSE_DECRYPT_FAILURE_BAD_DB_PASSWORD, /**< An S/MIME decryption failed due to an invalid certificate database password. */
E_SECURITY_CAUSE_DECRYPT_FAILURE_INVALID_PARAMETER,/**< An S/MIME decryption failed due to an invalid parameter. */
E_SECURITY_CAUSE_DECRYPT_BAD_SIGNATURE, /**< An S/MIME decryption operation aborted due to a bad signature. */
E_SECURITY_CAUSE_DECRYPT_MISSING_SIGNATURE, /**< An S/MIME decryption operation aborted due to a missing signature. */
E_SECURITY_CAUSE_DECRYPT_SIGNATURE_REJECTED, /**< An S/MIME decryption operation aborted because the signature was rejected. */
E_SECURITY_CAUSE_TLS_SERVER_CERTIFICATE,
E_SECURITY_CAUSE_TLS_BAD_PASSWORD,
E_SECURITY_CAUSE_TLS_LIBRARY_FAILURE,
E_SECURITY_CAUSE_REMOTE_HOST_UNREACHABLE,
E_SECURITY_CAUSE_TLS_CONNECTION_FAILURE,
E_SECURITY_CAUSE_TLS_HANDSHAKE_FAILURE,
E_SECURITY_CAUSE_SIGNATURE_NOTIFY, /**< The SIGNATURE_NOTIFY event is fired when the user-agent
receives a SIP message with signed SMIME as its content.
The signer's certificate will be located in the info structure
associated with this event. The application can choose to accept
the signature, by returning 'true' in response to this message
or can choose to reject the signature
by returning 'false' in response to this message. */
E_SECURITY_CAUSE_TLS_CERTIFICATE_REJECTED /** < The application has rejected the server's TLS certificate. */
} SECURITY_CAUSE;
// TYPEDEFS
// FORWARD DECLARATIONS
class ITlsSink
{
public:
virtual bool onServerCertificate(void* pCert, char* serverHostName) = 0;
virtual bool onTlsEvent(int cause) = 0;
};
#ifdef SIP_TLS_NSS
// Singleton class for invoking NSS functions.
class OsTLS
{
/* //////////////////////////// PUBLIC //////////////////////////////////// */
private:
OsTLS();
public:
virtual ~OsTLS();
static OsStatus Initialize(const char* szCertDir);
static SECStatus GetClientAuthData(void *arg,
PRFileDesc *socket,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey);
static SECStatus AuthCertificate(void *arg,
PRFileDesc *socket,
PRBool checksig,
PRBool isServer) ;
static SECStatus BadCertHandler(void *arg, PRFileDesc *socket);
static SECStatus HandshakeCallback(PRFileDesc *socket, void *arg);
static char* PasswordCallback(PK11SlotInfo *slot, PRBool retry, void *arg);
static void setTlsSink(PRFileDesc* key, ITlsSink* pSink);
static ITlsSink* getTlsSink(PRFileDesc* key);
static void removeTlsSink(PRFileDesc* key);
private:
static UtlHashMap* mpSinkMap;
};
/* ============================ INLINE METHODS ============================ */
#endif
#endif // _OsTLS_h_
|