1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 /** 27 * \file KMSAgentStorage.h 28 * 29 * This header provides an interface for the agent library to persist profile information, including 30 * <ul> 31 * <li>Profile Configuration properties 32 * <li>Profile KMS Cluster information 33 * <li>PKI Certificates and Agent Private Key 34 * </ul> 35 * With the storage management of PKI elements is an interface for initialization of the gSoap SSL 36 * client context. 37 * <p> 38 * The reference implementation of this interface maps these storage elements into files. 39 * Other implmentations may need to persist these elements into other types of non-volatile 40 * storage. 41 */ 42 43 #ifndef KMSAGENT_STORAGE_H 44 #define KMSAGENT_STORAGE_H 45 46 /** 47 * checks if a profile exists in the working directory with the name specified in the io_pProfile struct 48 */ 49 extern "C" bool ProfileExists( 50 const char* const i_pWorkingDirectory, 51 const char* const i_pProfileName); 52 53 /** 54 * creates a Storage object in the working directory with the specified name. 55 * The storage object's contents are empty. 56 */ 57 bool CreateProfile( 58 KMSClientProfile* const io_pProfile, 59 const char* const i_pWorkingDirectory, 60 const char* const i_pProfileName); 61 62 /** 63 * saves the Config portion of the profile into persistent storage 64 */ 65 bool StoreConfig( 66 KMSClientProfile* const i_pProfile ); 67 68 /** 69 * saves the Cluster information from the profile into persistent storage 70 */ 71 bool StoreCluster( 72 KMSClientProfile* const i_pProfile ); 73 74 /** 75 * retrieve the Config information from persistent storage into the profile 76 */ 77 bool GetConfig( 78 KMSClientProfile* const io_pProfile ); 79 80 81 /** 82 * populate cluster array with names from storage. If the profile does 83 * does not contain cluster information then sets o_bClusterInformationFound 84 * to true. 85 */ 86 bool GetCluster( 87 KMSClientProfile* const io_pProfile, 88 int& o_bClusterInformationFound ); 89 90 /** 91 * delete the cluster information from persistent storage 92 */ 93 bool DeleteCluster( KMSClientProfile* const io_pProfile ); 94 95 /** 96 * saves the CA certificate into persistent storage 97 */ 98 bool StoreCACertificate( 99 KMSClientProfile* const i_pProfile, 100 CCertificate* const i_pCACertificate ); 101 102 103 /** 104 * save the CA certificate, agent certificate and agent 105 * private key material to persistent storage 106 * @param i_sHexHashedPassphrase this is an optional passphrase 107 * that is required when the caller wishes the private key to be 108 * encrypted. The private key will then be encrypted using this 109 * pass phrase. 110 */ 111 bool StorePKIcerts( 112 KMSClientProfile* const io_pProfile, 113 CCertificate* const i_pCACertificate, 114 CCertificate* const i_pAgentCertificate, 115 CPrivateKey* const i_pAgentPrivateKey, 116 const char* const i_sHexHashedPassphrase ); 117 118 /** 119 * retrieve the CA certificate, agent certificate and agent 120 * private key material from persistent storage and reference 121 * from the profile 122 */ 123 bool GetPKIcerts( 124 KMSClientProfile* const io_pProfile ); 125 126 #ifdef KMSUSERPKCS12 127 bool StoreAgentPKI( 128 KMSClientProfile* const i_pProfile, 129 CCertificate* const i_pAgentCertificate, 130 CPrivateKey* const i_pAgentPrivateKey, 131 const char* const i_sHexHashedPassphrase); 132 133 bool GetPKCS12CertAndKey( 134 KMSClientProfile* const io_pProfile, 135 utf8char *i_pPassphrase, 136 CCertificate *i_pEntityCert, 137 CPrivateKey *i_pEntityPrivateKey); 138 139 bool StoreTempAgentPKI( 140 KMSClientProfile* const io_pProfile, 141 CCertificate *i_pEntityCert, 142 CPrivateKey *i_pEntityPrivateKey); 143 144 bool ClientKeyP12Exists(char *profileName); 145 146 void CleanupPrivateKeyFile(KMSClientProfile* const io_pProfile); 147 #endif 148 149 /** 150 * Provides a wrapper to gSoap's soap_ssl_client_context() 151 * that hides how Certificates and Private key material are presented to the underlying SSL 152 * layer. 153 * @param i_pProfile The profile must contain a reference to the CA certificate and for 154 * SOAP_SSL_REQUIRE_CLIENT_AUTHENTICATION the Agent's certificate and private key material. 155 * @param io_pSoap gSoap runtime 156 * @param i_iFlags These are the gSoap authentication flags, either 157 * SOAP_SSL_REQUIRE_SERVER_AUTHENTICATION or SOAP_SSL_REQUIRE_CLIENT_AUTHENTICATION. 158 * The private key password argument is only applicable 159 * for SOAP_SSL_REQUIRE_CLIENT_AUTHENTICATION. 160 * 161 * @return value from gSoap's soap_ssl_client_context() 162 */ 163 int K_soap_ssl_client_context( 164 KMSClientProfile* const i_pProfile, 165 struct soap * io_pSoap, 166 unsigned short i_iFlags ); 167 168 /** 169 * deletes the persistent storage object specified by name and its contents 170 */ 171 bool DeleteStorageProfile( 172 const char* const i_pName); 173 174 #endif // KMSAGENT_STORAGE_H 175 176