Google Git
Sign in
apache / trafodion / 94f59aceb2a25fe4d1198399002f2263dc6a2f09 / . / win-odbc64 / security_dll / native / header / secpwd.h
blob: 6878af7f31f43543cca99f4a20b15374731c3a71 [file] [log] [blame]
/**********************************************************************
// @@@ START COPYRIGHT @@@
//
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
//
// @@@ END COPYRIGHT @@@
//
**********************************************************************/
// secpwd.h
// Interface between Security_DLL and MXOAS
// Class SecPwd provides functions to build password key, get nonce
// set nonce, get password key length, etc..
#ifndef secpwdh
#define secpwdh
#include "securityException.h"
class Security;
typedef struct {
int pin; // Proces PIN
int cpu; // Procesor
long long timestamp; // process timestamp
} ProcInfo;
#ifdef _WINDOWS
class __declspec( dllexport ) SecPwd
#else
class SecPwd
#endif
{
public:
// cert_file - fully qualified certificate file name
SecPwd(const char *dir, const char* certFile, const char* activeCertFile, const char* serverName)
throw (SecurityException);
~SecPwd();
/**
* Open and load the certificate the certificate.
* If we open the certificate in the constructor and it fails, the object itself is no longer valid.
* Since all the logic requires a SecPwd object, open certificate has to be a separate call.
*/
void openCertificate() throw (SecurityException);
// Encrypts session key, nonce and password. Builds password key
// to return to caller
// pwd - password to be encrypted
// pwdLen - Length of the password
// rolename - role name to build password key. optional
// pass NULL if not needed
// rolenameLen - Length of the rolename or 0
// procInfo - 20 bytes of Process information in this order pin (2 bytes),
// cpu (2 bytes), sequence name (8 bytes), and TS (8 bytes)
// procInfoLen - Length of the procInfo
// pwdkey - returns pwdkey
// pwdkeyLen - returned password key length in pwedkeyLen
void encryptPwd(const char *pwd, const int pwdLen,
const char *rolename, const int rolenameLen,
const char *procInfo, const int procInfoLen,
char *pwdkey, int *pwdkeyLen) throw (SecurityException);
// Get length of buffer for password encryption
// Returns pass word key length if successed and 0 if failed
int getPwdEBufferLen()throw (SecurityException);
// Get Certificate expiration date
// Returns string in YYMMDDHHMMSS format such as
// 100304224356 for March 04 2010 22:43:56 PM
unsigned char* getCertExpDate();
// Get length of buffer for data encryption
// dataLen - the length of the data to be encrypted
// int getDataEBuffer(int dataLen);
/**
* When autodownload is on, client will download the certificate from server
* when there is no certificate or certificate is stale.
*/
void switchCertificate(char* cert, int len) throw (SecurityException);
/**
* When the active certificate becomes stale and autodownload is false, we
* need to check if there is a new certificate we could use.
*
* return 0 if different certificate is found and we have switched to the new certificate.
* return 1 if there is no certificate to switch to.
*/
int switchCertificate() throw (SecurityException);
// The following two functions are added for regression test purpose.
char* getCertFile();
char* getActiveCertFile();
private:
// Ctors
SecPwd() {};
Security * m_sec;
char *certFile;
char* activeCertFile;
};
#endif