NetSSL library refactoring

NetSSL_OpenSSL/include/Poco/Net/Context.h

@@ -1,7 +1,7 @@
 //
 // Context.h
 //
-// $Id: //poco/1.3/NetSSL_OpenSSL/include/Poco/Net/Context.h#3 $
+// $Id: //poco/Main/NetSSL_OpenSSL/include/Poco/Net/Context.h#9 $
 //
 // Library: NetSSL_OpenSSL
 // Package: SSLCore
@@ -9,7 +9,7 @@
 //
 // Definition of the Context class.
 //
-// Copyright (c) 2006, Applied Informatics Software Engineering GmbH.
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
 // and Contributors.
 //
 // Permission is hereby granted, free of charge, to any person or organization
@@ -41,7 +41,8 @@
 
 
 #include "Poco/Net/NetSSL.h"
-#include "Poco/SharedPtr.h"
+#include "Poco/RefCountedObject.h"
+#include "Poco/AutoPtr.h"
 #include <openssl/ssl.h>
 
 
@@ -49,60 +50,110 @@ namespace Poco {
 namespace Net {
 
 
-class NetSSL_API Context
-	/// This class encapsulates an SSL Context.
+class NetSSL_API Context: public Poco::RefCountedObject
+	/// This class encapsulates context information for
+	/// an SSL server or client, such as the certificate
+	/// verification mode and the location of certificates
+	/// and private key files, as well as the list of
+	/// supported ciphers.
 {
 public:
-	typedef Poco::SharedPtr<Context> Ptr;
+	typedef Poco::AutoPtr<Context> Ptr;
+	
+	enum Usage
+	{
+		CLIENT_USE, /// Context is used by a client.
+		SERVER_USE  /// Context is used by a server.
+	};
+	
 	enum VerificationMode 
 	{
 		VERIFY_NONE    = SSL_VERIFY_NONE, 
+			/// Server: The server will not send a client certificate 
+			/// request to the client, so the client will not send a certificate. 
+			///
+			/// Client: If not using an anonymous cipher (by default disabled), 
+			/// the server will send a certificate which will be checked, but
+			/// the result of the check will be ignored.
+			
 		VERIFY_RELAXED = SSL_VERIFY_PEER, 
-		VERIFY_STRICT  = SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 
-		VERIFY_ONCE    = SSL_VERIFY_CLIENT_ONCE
+			/// Server: The server sends a client certificate request to the 
+			/// client. The certificate returned (if any) is checked. 
+			/// If the verification process fails, the TLS/SSL handshake is 
+			/// immediately terminated with an alert message containing the 
+			/// reason for the verification failure. 
+			///
+			/// Client: The server certificate is verified, if one is provided. 
+			/// If the verification process fails, the TLS/SSL handshake is
+			/// immediately terminated with an alert message containing the 
+			/// reason for the verification failure. 
+			
+		VERIFY_STRICT  = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+			/// Server: If the client did not return a certificate, the TLS/SSL 
+			/// handshake is immediately terminated with a handshake failure
+			/// alert. This flag must be used together with SSL_VERIFY_PEER. 
+			///
+			/// Client: Same as VERIFY_RELAXED. 
+			
+		VERIFY_ONCE    = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE
+			/// Server: Only request a client certificate on the initial 
+			/// TLS/SSL handshake. Do not ask for a client certificate 
+			/// again in case of a renegotiation.
+			///
+			/// Client: Same as VERIFY_RELAXED.	
 	};
 
-	Context(const std::string& privateKeyFile, 
+	Context(
+		Usage usage,
+		const std::string& privateKeyFile,
+		const std::string& certificateFile,
 		const std::string& caLocation, 
-		bool isServerContext,
-		VerificationMode verMode = VERIFY_STRICT,
+		VerificationMode verificationMode = VERIFY_RELAXED,
 		int verificationDepth = 9,
-		bool loadCAFromDefaultPath = false,
-		const std::string& cypherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
-			/// Creates a context.
-			/// privateKeyFile contains the key used for encryption, caLocation can either
-			/// be a directory or a single file containing the certificates for certificate authorities.
-			/// isServerContext defines if the context belongs to a server or client.
-			/// verificationDepth sets the upper limit for verification chain sizes. If we encounter
-			/// a chain larger than that limit, verification will fail.
-			/// Cypherlist defines which protocols are allowed.
-			/// Creates the Context.
+		bool loadDefaultCAs = false,
+		const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+			/// Creates a Context.
+			/// 
+			///   * usage specifies whether the context is used by a client or server.
+			///   * privateKeyFile contains the path to the private key file used for encryption.
+			///     Can be empty if no private key file is used.
+			///   * certificateFile contains the path to the certificate file (in PEM format).
+			///     If the private key and the certificate are stored in the same file, this
+			///     can be empty if privateKeyFile is given.
+			///   * caLocation contains the path to the file or directory containing the
+			///     CA/root certificates. Can be empty if the OpenSSL builtin CA certificates
+			///     are used (see loadDefaultCAs).
+			///   * verificationMode specifies whether and how peer certificates are validated.
+			///   * verificationDepth sets the upper limit for verification chain sizes. Verification
+			///     will fail if a certificate chain larger than this is encountered.
+			///   * loadDefaultCAs specifies wheter the builtin CA certificates from OpenSSL are used.
+			///   * cipherList specifies the supported ciphers in OpenSSL notation.
 
 	~Context();
 		/// Destroys the Context.
 
 	SSL_CTX* sslContext() const;
-		/// Returns the OpenSSL SSL Context object.
+		/// Returns the underlying OpenSSL SSL Context object.
+
+	Usage usage() const;
+		/// Returns whether the context is for use by a client or by a server.
 
 	Context::VerificationMode verificationMode() const;
 		/// Returns the verification mode.
 
-	bool serverContext() const;
-		/// Returns true iff the context is for a server.
-
 private:
-	SSL_CTX*                  _pSSLContext;
-	Context::VerificationMode _mode;
-	bool                      _server;
+	Usage _usage;
+	VerificationMode _mode;
+	SSL_CTX* _pSSLContext;
 };
 
 
 //
 // inlines
 //
-inline SSL_CTX* Context::sslContext() const
+inline Context::Usage Context::usage() const
 {
-	return _pSSLContext;
+	return _usage;
 }
 
 
@@ -112,9 +163,9 @@ inline Context::VerificationMode Context::verificationMode() const
 }
 
 
-inline bool Context::serverContext() const
+inline SSL_CTX* Context::sslContext() const
 {
-	return _server;
+	return _pSSLContext;
 }