diff options
| author | Jose <jose@zeroc.com> | 2017-03-20 11:11:16 +0100 |
|---|---|---|
| committer | Jose <jose@zeroc.com> | 2017-03-20 11:11:16 +0100 |
| commit | 11c1140a8041b3dcdd79b9244422e56ebe8da10c (patch) | |
| tree | 04cba9afe9ec7fb3e723ca45cb76afcfb5cc4885 | |
| parent | Fixed (ICE-7678) - Python build failure with VS 2015 (diff) | |
| download | ice-11c1140a8041b3dcdd79b9244422e56ebe8da10c.tar.bz2 ice-11c1140a8041b3dcdd79b9244422e56ebe8da10c.tar.xz ice-11c1140a8041b3dcdd79b9244422e56ebe8da10c.zip | |
Update IceSSL::ConnectionInfo to use native certs and remove NativeConnectionInfo
80 files changed, 614 insertions, 444 deletions
diff --git a/cpp/include/IceSSL/Plugin.h b/cpp/include/IceSSL/Plugin.h index 8e3d2f44f5b..94c8da4b841 100644 --- a/cpp/include/IceSSL/Plugin.h +++ b/cpp/include/IceSSL/Plugin.h @@ -12,7 +12,7 @@ #include <Ice/Plugin.h> #include <IceSSL/Config.h> -#include <IceSSL/ConnectionInfo.h> +#include <IceSSL/ConnectionInfoF.h> #ifdef ICE_CPP11_MAPPING # include <chrono> @@ -372,25 +372,6 @@ public: static CertificatePtr decode(const std::string&); }; -// -// NativeConnectionInfo is an extension of IceSSL::ConnectionInfo that -// provides access to native certificates. -// -class ICESSL_API NativeConnectionInfo : public ConnectionInfo -{ -public: - - virtual ~NativeConnectionInfo(); - - // - // The certificate chain. This may be empty if the peer did not - // supply a certificate. The peer's certificate (if any) is the - // first one in the chain. - // - std::vector<CertificatePtr> nativeCerts; -}; -ICE_DEFINE_PTR(NativeConnectionInfoPtr, NativeConnectionInfo); - #ifndef ICE_CPP11_MAPPING // C++98 mapping // @@ -408,7 +389,7 @@ public: // Return false if the connection should be rejected, or true to // allow it. // - virtual bool verify(const NativeConnectionInfoPtr&) = 0; + virtual bool verify(const ConnectionInfoPtr&) = 0; }; typedef IceUtil::Handle<CertificateVerifier> CertificateVerifierPtr; @@ -457,7 +438,7 @@ public: // before any connections are established. // #ifdef ICE_CPP11_MAPPING - virtual void setCertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)>) = 0; + virtual void setCertificateVerifier(std::function<bool(const std::shared_ptr<ConnectionInfo>&)>) = 0; #else virtual void setCertificateVerifier(const CertificateVerifierPtr&) = 0; #endif diff --git a/cpp/src/Glacier2/SessionRouterI.cpp b/cpp/src/Glacier2/SessionRouterI.cpp index 19ca27d2d8a..cd150de5fa2 100644 --- a/cpp/src/Glacier2/SessionRouterI.cpp +++ b/cpp/src/Glacier2/SessionRouterI.cpp @@ -477,7 +477,7 @@ CreateSession::CreateSession(const SessionRouterIPtr& sessionRouter, const strin _context["_con.cipher"] = info->cipher; if(info->certs.size() > 0) { - _context["_con.peerCert"] = info->certs[0]; + _context["_con.peerCert"] = info->certs[0]->encode(); } } } @@ -853,10 +853,13 @@ SessionRouterI::createSessionFromSecureConnection_async( sslinfo.localPort = ipInfo->localPort; sslinfo.localHost = ipInfo->localAddress; sslinfo.cipher = info->cipher; - sslinfo.certs = info->certs; + for(std::vector<IceSSL::CertificatePtr>::const_iterator i = info->certs.begin(); i != info->certs.end(); ++i) + { + sslinfo.certs.push_back((*i)->encode()); + } if(info->certs.size() > 0) { - userDN = IceSSL::Certificate::decode(info->certs[0])->getSubjectDN(); + userDN = info->certs[0]->getSubjectDN(); } } catch(const IceSSL::CertificateEncodingException&) diff --git a/cpp/src/IceGrid/InternalRegistryI.cpp b/cpp/src/IceGrid/InternalRegistryI.cpp index c97ad6ccffe..5ee57d359a5 100644 --- a/cpp/src/IceGrid/InternalRegistryI.cpp +++ b/cpp/src/IceGrid/InternalRegistryI.cpp @@ -70,7 +70,7 @@ InternalRegistryI::registerNode(const InternalNodeInfoPtr& info, if(sslConnInfo) { if (sslConnInfo->certs.empty() || - !IceSSL::Certificate::decode(sslConnInfo->certs[0])->getSubjectDN().match("CN=" + info->name)) + !sslConnInfo->certs[0]->getSubjectDN().match("CN=" + info->name)) { if(traceLevels->node > 0) { @@ -137,7 +137,7 @@ InternalRegistryI::registerReplica(const InternalReplicaInfoPtr& info, if(sslConnInfo) { if (sslConnInfo->certs.empty() || - !IceSSL::Certificate::decode(sslConnInfo->certs[0])->getSubjectDN().match("CN=" + info->name)) + !sslConnInfo->certs[0]->getSubjectDN().match("CN=" + info->name)) { if(traceLevels->replica > 0) { diff --git a/cpp/src/IceGrid/RegistryI.cpp b/cpp/src/IceGrid/RegistryI.cpp index 09c81d5a40f..3e4405d0d03 100644 --- a/cpp/src/IceGrid/RegistryI.cpp +++ b/cpp/src/IceGrid/RegistryI.cpp @@ -1357,10 +1357,13 @@ RegistryI::getSSLInfo(const ConnectionPtr& connection, string& userDN) sslinfo.localPort = ipInfo->localPort; sslinfo.localHost = ipInfo->localAddress; sslinfo.cipher = info->cipher; - sslinfo.certs = info->certs; + for(std::vector<IceSSL::CertificatePtr>::const_iterator i = info->certs.begin(); i != info->certs.end(); ++i) + { + sslinfo.certs.push_back((*i)->encode()); + } if(info->certs.size() > 0) { - userDN = IceSSL::Certificate::decode(info->certs[0])->getSubjectDN(); + userDN = info->certs[0]->getSubjectDN(); } } catch(const IceSSL::CertificateEncodingException&) diff --git a/cpp/src/IceSSL/CertificateI.cpp b/cpp/src/IceSSL/CertificateI.cpp index fb7969b75f4..cc37c6530e8 100644 --- a/cpp/src/IceSSL/CertificateI.cpp +++ b/cpp/src/IceSSL/CertificateI.cpp @@ -17,6 +17,7 @@ #include <IceSSL/CertificateI.h> #include <Ice/Object.h> #include <Ice/Base64.h> +#include <Ice/LocalException.h> #include <Ice/StringConverter.h> #include <IceUtil/Time.h> diff --git a/cpp/src/IceSSL/OpenSSLEngine.cpp b/cpp/src/IceSSL/OpenSSLEngine.cpp index 950f334484b..269202c1e2e 100644 --- a/cpp/src/IceSSL/OpenSSLEngine.cpp +++ b/cpp/src/IceSSL/OpenSSLEngine.cpp @@ -912,7 +912,7 @@ OpenSSL::SSLEngine::destroy() } void -OpenSSL::SSLEngine::verifyPeer(const string& address, const NativeConnectionInfoPtr& info, const string& desc) +OpenSSL::SSLEngine::verifyPeer(const string& address, const IceSSL::ConnectionInfoPtr& info, const string& desc) { #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10002000L // diff --git a/cpp/src/IceSSL/OpenSSLEngine.h b/cpp/src/IceSSL/OpenSSLEngine.h index 5fc92c930c8..f1c2af22566 100644 --- a/cpp/src/IceSSL/OpenSSLEngine.h +++ b/cpp/src/IceSSL/OpenSSLEngine.h @@ -31,7 +31,7 @@ public: virtual void initialize(); virtual void destroy(); - virtual void verifyPeer(const std::string&, const IceSSL::NativeConnectionInfoPtr&, const std::string&); + virtual void verifyPeer(const std::string&, const IceSSL::ConnectionInfoPtr&, const std::string&); virtual IceInternal::TransceiverPtr createTransceiver(const IceSSL::InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool); diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp index ee10d229f81..9072026fcb4 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +++ b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp @@ -341,7 +341,7 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:: } _cipher = SSL_get_cipher_name(_ssl); // Nothing needs to be free'd. - _engine->verifyPeer(_host, ICE_DYNAMIC_CAST(NativeConnectionInfo, getInfo()), toString()); + _engine->verifyPeer(_host, ICE_DYNAMIC_CAST(ConnectionInfo, getInfo()), toString()); if(_engine->securityTraceLevel() >= 1) { @@ -775,14 +775,13 @@ OpenSSL::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr OpenSSL::TransceiverI::getInfo() const { - NativeConnectionInfoPtr info = ICE_MAKE_SHARED(NativeConnectionInfo); + ConnectionInfoPtr info = ICE_MAKE_SHARED(ConnectionInfo); info->underlying = _delegate->getInfo(); info->incoming = _incoming; info->adapterName = _adapterName; info->cipher = _cipher; info->certs = _certs; info->verified = _verified; - info->nativeCerts = _nativeCerts; return info; } @@ -825,13 +824,11 @@ OpenSSL::TransceiverI::verifyCallback(int ok, X509_STORE_CTX* c) STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(c); if(chain != 0) { - _nativeCerts.clear(); _certs.clear(); for(int i = 0; i < sk_X509_num(chain); ++i) { CertificatePtr cert = OpenSSL::Certificate::create(X509_dup(sk_X509_value(chain, i))); - _nativeCerts.push_back(cert); - _certs.push_back(cert->encode()); + _certs.push_back(cert); } sk_X509_pop_free(chain, X509_free); } diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.h b/cpp/src/IceSSL/OpenSSLTransceiverI.h index 0bda6849b91..2e01bd918dd 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.h +++ b/cpp/src/IceSSL/OpenSSLTransceiverI.h @@ -76,9 +76,8 @@ private: const IceInternal::TransceiverPtr _delegate; bool _connected; std::string _cipher; - std::vector<std::string> _certs; + std::vector<IceSSL::CertificatePtr> _certs; bool _verified; - std::vector<IceSSL::CertificatePtr> _nativeCerts; SSL* _ssl; #ifdef ICE_USE_IOCP diff --git a/cpp/src/IceSSL/PluginI.cpp b/cpp/src/IceSSL/PluginI.cpp index 4e3cd01680a..cb0f20f5f6f 100755 --- a/cpp/src/IceSSL/PluginI.cpp +++ b/cpp/src/IceSSL/PluginI.cpp @@ -33,12 +33,6 @@ PasswordPrompt::~PasswordPrompt() } #endif - -NativeConnectionInfo::~NativeConnectionInfo() -{ - // Out of line to avoid weak vtable -} - IceSSL::Plugin::~Plugin() { // Out of line to avoid weak vtable @@ -97,7 +91,7 @@ PluginI::destroy() #ifdef ICE_CPP11_MAPPING void -PluginI::setCertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)> verifier) +PluginI::setCertificateVerifier(std::function<bool(const std::shared_ptr<IceSSL::ConnectionInfo>&)> verifier) { if(verifier) { diff --git a/cpp/src/IceSSL/PluginI.h b/cpp/src/IceSSL/PluginI.h index 3cb9a14b024..6bd18273d71 100644 --- a/cpp/src/IceSSL/PluginI.h +++ b/cpp/src/IceSSL/PluginI.h @@ -32,7 +32,7 @@ public: // From IceSSL::Plugin. // #ifdef ICE_CPP11_MAPPING - virtual void setCertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)>); + virtual void setCertificateVerifier(std::function<bool(const std::shared_ptr<ConnectionInfo>&)>); virtual void setPasswordPrompt(std::function<std::string()>); #else virtual void setCertificateVerifier(const CertificateVerifierPtr&); diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/IceSSL/SChannelEngine.cpp index 25c62a81ff0..cc1decdb4ed 100644 --- a/cpp/src/IceSSL/SChannelEngine.cpp +++ b/cpp/src/IceSSL/SChannelEngine.cpp @@ -1061,7 +1061,7 @@ SChannel::SSLEngine::destroy() } void -SChannel::SSLEngine::verifyPeer(const string& address, const NativeConnectionInfoPtr& info, const string& desc) +SChannel::SSLEngine::verifyPeer(const string& address, const IceSSL::ConnectionInfoPtr& info, const string& desc) { verifyPeerCertName(address, info); IceSSL::SSLEngine::verifyPeer(address, info, desc); diff --git a/cpp/src/IceSSL/SChannelEngine.h b/cpp/src/IceSSL/SChannelEngine.h index f62ff654677..e37d42b83a2 100644 --- a/cpp/src/IceSSL/SChannelEngine.h +++ b/cpp/src/IceSSL/SChannelEngine.h @@ -94,7 +94,7 @@ public: // virtual void destroy(); - virtual void verifyPeer(const std::string&, const NativeConnectionInfoPtr&, const std::string&); + virtual void verifyPeer(const std::string&, const ConnectionInfoPtr&, const std::string&); std::string getCipherName(ALG_ID) const; diff --git a/cpp/src/IceSSL/SChannelTransceiverI.cpp b/cpp/src/IceSSL/SChannelTransceiverI.cpp index caae4dc7fe0..d837bdad833 100644 --- a/cpp/src/IceSSL/SChannelTransceiverI.cpp +++ b/cpp/src/IceSSL/SChannelTransceiverI.cpp @@ -701,9 +701,7 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal: IceUtilInternal::lastErrorToString()); } - CertificatePtr certificate = SChannel::Certificate::create(cc); - _nativeCerts.push_back(certificate); - _certs.push_back(certificate->encode()); + _certs.push_back(SChannel::Certificate::create(cc)); } CertFreeCertificateChain(certChain); @@ -748,7 +746,7 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal: IceUtilInternal::lastErrorToString()); } - _engine->verifyPeer(_host, ICE_DYNAMIC_CAST(NativeConnectionInfo, getInfo()), toString()); + _engine->verifyPeer(_host, ICE_DYNAMIC_CAST(ConnectionInfo, getInfo()), toString()); _state = StateHandshakeComplete; if(_instance->engine()->securityTraceLevel() >= 1) @@ -991,14 +989,13 @@ SChannel::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr SChannel::TransceiverI::getInfo() const { - NativeConnectionInfoPtr info = ICE_MAKE_SHARED(NativeConnectionInfo); + ConnectionInfoPtr info = ICE_MAKE_SHARED(ConnectionInfo); info->underlying = _delegate->getInfo(); info->incoming = _incoming; info->adapterName = _adapterName; info->cipher = _cipher; info->certs = _certs; info->verified = _verified; - info->nativeCerts = _nativeCerts; return info; } diff --git a/cpp/src/IceSSL/SChannelTransceiverI.h b/cpp/src/IceSSL/SChannelTransceiverI.h index 2f05011a873..07c7ae7aeff 100644 --- a/cpp/src/IceSSL/SChannelTransceiverI.h +++ b/cpp/src/IceSSL/SChannelTransceiverI.h @@ -119,9 +119,8 @@ private: bool _credentialsInitialized; SecPkgContext_StreamSizes _sizes; std::string _cipher; - std::vector<std::string> _certs; + std::vector<IceSSL::CertificatePtr> _certs; bool _verified; - std::vector<IceSSL::CertificatePtr> _nativeCerts; }; typedef IceUtil::Handle<TransceiverI> TransceiverIPtr; diff --git a/cpp/src/IceSSL/SSLEngine.cpp b/cpp/src/IceSSL/SSLEngine.cpp index 81f36d38948..bca84dfb066 100644 --- a/cpp/src/IceSSL/SSLEngine.cpp +++ b/cpp/src/IceSSL/SSLEngine.cpp @@ -9,6 +9,7 @@ #include <IceSSL/SSLEngine.h> #include <IceSSL/TrustManager.h> +#include <IceSSL/ConnectionInfo.h> #include <IceUtil/StringUtil.h> @@ -137,15 +138,15 @@ IceSSL::SSLEngine::initialize() } void -IceSSL::SSLEngine::verifyPeerCertName(const string& address, const NativeConnectionInfoPtr& info) +IceSSL::SSLEngine::verifyPeerCertName(const string& address, const ConnectionInfoPtr& info) { // // For an outgoing connection, we compare the proxy address (if any) against // fields in the server's certificate (if any). // - if(_checkCertName && !info->nativeCerts.empty() && !address.empty()) + if(_checkCertName && !info->certs.empty() && !address.empty()) { - const CertificatePtr cert = info->nativeCerts[0]; + const CertificatePtr cert = info->certs[0]; // // Extract the IP addresses and the DNS names from the subject @@ -226,7 +227,7 @@ IceSSL::SSLEngine::verifyPeerCertName(const string& address, const NativeConnect } void -IceSSL::SSLEngine::verifyPeer(const string& address, const NativeConnectionInfoPtr& info, const string& desc) +IceSSL::SSLEngine::verifyPeer(const string& address, const ConnectionInfoPtr& info, const string& desc) { const CertificateVerifierPtr verifier = getCertificateVerifier(); if(_verifyDepthMax > 0 && static_cast<int>(info->certs.size()) > _verifyDepthMax) diff --git a/cpp/src/IceSSL/SSLEngine.h b/cpp/src/IceSSL/SSLEngine.h index 422f0c17648..7c05d585245 100644 --- a/cpp/src/IceSSL/SSLEngine.h +++ b/cpp/src/IceSSL/SSLEngine.h @@ -58,8 +58,8 @@ public: // // Verify peer certificate // - virtual void verifyPeer(const std::string&, const NativeConnectionInfoPtr&, const std::string&); - void verifyPeerCertName(const std::string&, const NativeConnectionInfoPtr&); + virtual void verifyPeer(const std::string&, const ConnectionInfoPtr&, const std::string&); + void verifyPeerCertName(const std::string&, const ConnectionInfoPtr&); CertificateVerifierPtr getCertificateVerifier() const; PasswordPromptPtr getPasswordPrompt() const; diff --git a/cpp/src/IceSSL/SecureTransportCertificateI.cpp b/cpp/src/IceSSL/SecureTransportCertificateI.cpp index f988de667a5..32f02fd90d4 100644 --- a/cpp/src/IceSSL/SecureTransportCertificateI.cpp +++ b/cpp/src/IceSSL/SecureTransportCertificateI.cpp @@ -13,6 +13,7 @@ #include <IceSSL/SecureTransportUtil.h> #include <IceSSL/RFC2253.h> +#include <Ice/LocalException.h> #include <Ice/UniqueRef.h> #include <Ice/Base64.h> diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp index 2cbd7fe0bd9..6d83dba98df 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp @@ -11,6 +11,7 @@ #include <IceSSL/Instance.h> #include <IceSSL/SecureTransportEngine.h> #include <IceSSL/SecureTransportUtil.h> +#include <IceSSL/ConnectionInfo.h> #include <Ice/LoggerUtil.h> #include <Ice/LocalException.h> @@ -289,10 +290,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe { SecCertificateRef cert = SecTrustGetCertificateAtIndex(_trust.get(), i); CFRetain(cert); - - CertificatePtr certificate = IceSSL::SecureTransport::Certificate::create(cert); - _nativeCerts.push_back(certificate); - _certs.push_back(certificate->encode()); + _certs.push_back(IceSSL::SecureTransport::Certificate::create(cert)); } assert(_ssl); @@ -300,7 +298,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe SSLGetNegotiatedCipher(_ssl.get(), &cipher); _cipher = _engine->getCipherName(cipher); - _engine->verifyPeer(_host, ICE_DYNAMIC_CAST(NativeConnectionInfo, getInfo()), toString()); + _engine->verifyPeer(_host, ICE_DYNAMIC_CAST(ConnectionInfo, getInfo()), toString()); if(_instance->engine()->securityTraceLevel() >= 1) { @@ -528,14 +526,13 @@ IceSSL::SecureTransport::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr IceSSL::SecureTransport::TransceiverI::getInfo() const { - NativeConnectionInfoPtr info = ICE_MAKE_SHARED(NativeConnectionInfo); + IceSSL::ConnectionInfoPtr info = ICE_MAKE_SHARED(IceSSL::ConnectionInfo); info->underlying = _delegate->getInfo(); info->incoming = _incoming; info->adapterName = _adapterName; info->cipher = _cipher; info->certs = _certs; info->verified = _verified; - info->nativeCerts = _nativeCerts; return info; } diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.h b/cpp/src/IceSSL/SecureTransportTransceiverI.h index a73771eabc7..d1e3fc41cd6 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.h +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.h @@ -79,9 +79,8 @@ private: size_t _maxSendPacketSize; size_t _maxRecvPacketSize; std::string _cipher; - std::vector<std::string> _certs; + std::vector<CertificatePtr> _certs; bool _verified; - std::vector<CertificatePtr> _nativeCerts; size_t _buffered; }; typedef IceUtil::Handle<TransceiverI> TransceiverIPtr; diff --git a/cpp/src/IceSSL/SecureTransportUtil.cpp b/cpp/src/IceSSL/SecureTransportUtil.cpp index 1108560cd8b..d9e0a793afc 100644 --- a/cpp/src/IceSSL/SecureTransportUtil.cpp +++ b/cpp/src/IceSSL/SecureTransportUtil.cpp @@ -12,6 +12,7 @@ #include <Ice/Base64.h> #include <Ice/UniqueRef.h> +#include <Ice/LocalException.h> #include <IceUtil/FileUtil.h> #include <IceUtil/StringUtil.h> diff --git a/cpp/src/IceSSL/TrustManager.cpp b/cpp/src/IceSSL/TrustManager.cpp index 7e57b50db8a..82b3f15ee2c 100644 --- a/cpp/src/IceSSL/TrustManager.cpp +++ b/cpp/src/IceSSL/TrustManager.cpp @@ -9,6 +9,7 @@ #include <IceSSL/TrustManager.h> #include <IceSSL/RFC2253.h> +#include <IceSSL/ConnectionInfo.h> #include <Ice/Properties.h> #include <Ice/Communicator.h> @@ -62,7 +63,7 @@ TrustManager::TrustManager(const Ice::CommunicatorPtr& communicator) : } bool -TrustManager::verify(const NativeConnectionInfoPtr& info, const std::string& desc) +TrustManager::verify(const ConnectionInfoPtr& info, const std::string& desc) { list<list<DistinguishedName> > reject, accept; @@ -131,9 +132,9 @@ TrustManager::verify(const NativeConnectionInfoPtr& info, const std::string& des // // If there is no certificate then we match false. // - if(info->nativeCerts.size() != 0) + if(info->certs.size() != 0) { - DistinguishedName subject = info->nativeCerts[0]->getSubjectDN(); + DistinguishedName subject = info->certs[0]->getSubjectDN(); if(_traceLevel > 0) { Ice::Trace trace(_communicator->getLogger(), "Security"); diff --git a/cpp/src/IceSSL/TrustManager.h b/cpp/src/IceSSL/TrustManager.h index 8e5dd5bfeff..a72c874fb17 100644 --- a/cpp/src/IceSSL/TrustManager.h +++ b/cpp/src/IceSSL/TrustManager.h @@ -25,7 +25,7 @@ public: TrustManager(const Ice::CommunicatorPtr&); - bool verify(const NativeConnectionInfoPtr&, const std::string&); + bool verify(const ConnectionInfoPtr&, const std::string&); private: diff --git a/cpp/src/IceSSL/UWPTransceiverI.cpp b/cpp/src/IceSSL/UWPTransceiverI.cpp index b2b1b3f1992..ce90e33ab73 100644 --- a/cpp/src/IceSSL/UWPTransceiverI.cpp +++ b/cpp/src/IceSSL/UWPTransceiverI.cpp @@ -197,12 +197,11 @@ UWP::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::Buff for(auto iter = certs->First(); iter->HasCurrent; iter->MoveNext()) { auto cert = UWP::Certificate::create(iter->Current); - _nativeCerts.push_back(cert); - _certs.push_back(cert->encode()); + _certs.push_back(cert); } } - _engine->verifyPeer(_host, dynamic_pointer_cast<IceSSL::NativeConnectionInfo>(getInfo()), toString()); + _engine->verifyPeer(_host, dynamic_pointer_cast<IceSSL::ConnectionInfo>(getInfo()), toString()); } catch(Platform::Exception^ ex) { @@ -347,13 +346,12 @@ UWP::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr UWP::TransceiverI::getInfo() const { - NativeConnectionInfoPtr info = ICE_MAKE_SHARED(NativeConnectionInfo); + ConnectionInfoPtr info = ICE_MAKE_SHARED(ConnectionInfo); info->verified = _verified; info->adapterName = _adapterName; info->incoming = _incoming; info->underlying = _delegate->getInfo(); info->certs = _certs; - info->nativeCerts = _nativeCerts; return info; } diff --git a/cpp/src/IceSSL/UWPTransceiverI.h b/cpp/src/IceSSL/UWPTransceiverI.h index fc9ab74ced9..0dd23404de5 100644 --- a/cpp/src/IceSSL/UWPTransceiverI.h +++ b/cpp/src/IceSSL/UWPTransceiverI.h @@ -63,9 +63,8 @@ private: bool _connected; bool _upgraded; - std::vector<std::string> _certs; + std::vector<IceSSL::CertificatePtr> _certs; bool _verified; - std::vector<IceSSL::CertificatePtr> _nativeCerts; Windows::Security::Cryptography::Certificates::CertificateChain^ _chain; }; typedef IceUtil::Handle<TransceiverI> TransceiverIPtr; diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/Util.cpp index 08f97a0c6fb..02811cdd00d 100755 --- a/cpp/src/IceSSL/Util.cpp +++ b/cpp/src/IceSSL/Util.cpp @@ -51,13 +51,13 @@ IceSSL::fromCFString(CFStringRef v) #endif #ifdef ICE_CPP11_MAPPING -IceSSL::CertificateVerifier::CertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)> v) : +IceSSL::CertificateVerifier::CertificateVerifier(std::function<bool(const std::shared_ptr<ConnectionInfo>&)> v) : _verify(std::move(v)) { } bool -IceSSL::CertificateVerifier::verify(const NativeConnectionInfoPtr& info) +IceSSL::CertificateVerifier::verify(const ConnectionInfoPtr& info) { return _verify(info); } diff --git a/cpp/src/IceSSL/Util.h b/cpp/src/IceSSL/Util.h index ac9697a990e..69471864a27 100644 --- a/cpp/src/IceSSL/Util.h +++ b/cpp/src/IceSSL/Util.h @@ -48,12 +48,12 @@ class ICESSL_API CertificateVerifier { public: - CertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)>); - bool verify(const NativeConnectionInfoPtr&); + CertificateVerifier(std::function<bool(const std::shared_ptr<ConnectionInfo>&)>); + bool verify(const ConnectionInfoPtr&); private: - std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)> _verify; + std::function<bool(const std::shared_ptr<ConnectionInfo>&)> _verify; }; using CertificateVerifierPtr = std::shared_ptr<CertificateVerifier>; diff --git a/cpp/src/IceSSL/msbuild/icessl++11/icessl++11.vcxproj b/cpp/src/IceSSL/msbuild/icessl++11/icessl++11.vcxproj index 78eda48ca78..60f4ee25263 100644 --- a/cpp/src/IceSSL/msbuild/icessl++11/icessl++11.vcxproj +++ b/cpp/src/IceSSL/msbuild/icessl++11/icessl++11.vcxproj @@ -106,6 +106,7 @@ </ItemGroup> <ItemGroup> <IceBuilder Include="..\..\..\..\..\slice\IceSSL\ConnectionInfo.ice" /> + <IceBuilder Include="..\..\..\..\..\slice\IceSSL\ConnectionInfoF.ice" /> <IceBuilder Include="..\..\..\..\..\slice\IceSSL\EndpointInfo.ice" /> </ItemGroup> <ItemGroup> @@ -128,6 +129,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClCompile> + <ClCompile Include="Win32\Debug\ConnectionInfoF.cpp"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClCompile> <ClCompile Include="Win32\Debug\EndpointInfo.cpp"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> @@ -138,6 +144,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClCompile> + <ClCompile Include="Win32\Release\ConnectionInfoF.cpp"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClCompile> <ClCompile Include="Win32\Release\EndpointInfo.cpp"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> @@ -148,6 +159,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClCompile> + <ClCompile Include="x64\Debug\ConnectionInfoF.cpp"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClCompile> <ClCompile Include="x64\Debug\EndpointInfo.cpp"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> @@ -158,6 +174,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> </ClCompile> + <ClCompile Include="x64\Release\ConnectionInfoF.cpp"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </ClCompile> <ClCompile Include="x64\Release\EndpointInfo.cpp"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> @@ -170,6 +191,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp11\Win32\Debug\IceSSL\ConnectionInfoF.h"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp11\Win32\Debug\IceSSL\EndpointInfo.h"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> @@ -180,6 +206,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp11\Win32\Release\IceSSL\ConnectionInfoF.h"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp11\Win32\Release\IceSSL\EndpointInfo.h"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> @@ -190,6 +221,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp11\x64\Debug\IceSSL\ConnectionInfoF.h"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp11\x64\Debug\IceSSL\EndpointInfo.h"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> @@ -200,6 +236,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp11\x64\Release\IceSSL\ConnectionInfoF.h"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp11\x64\Release\IceSSL\EndpointInfo.h"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> diff --git a/cpp/src/IceSSL/msbuild/icessl++11/icessl++11.vcxproj.filters b/cpp/src/IceSSL/msbuild/icessl++11/icessl++11.vcxproj.filters index c988a7c0d72..19bdeb423ee 100644 --- a/cpp/src/IceSSL/msbuild/icessl++11/icessl++11.vcxproj.filters +++ b/cpp/src/IceSSL/msbuild/icessl++11/icessl++11.vcxproj.filters @@ -66,6 +66,9 @@ <IceBuilder Include="..\..\..\..\..\slice\IceSSL\EndpointInfo.ice"> <Filter>Slice Files</Filter> </IceBuilder> + <IceBuilder Include="..\..\..\..\..\slice\IceSSL\ConnectionInfoF.ice"> + <Filter>Slice Files</Filter> + </IceBuilder> </ItemGroup> <ItemGroup> <ClCompile Include="..\..\Util.cpp"> @@ -98,12 +101,30 @@ <ClCompile Include="..\..\ConnectorI.cpp"> <Filter>Source Files</Filter> </ClCompile> - <ClCompile Include="..\..\Certificate.cpp"> + <ClCompile Include="..\..\AcceptorI.cpp"> <Filter>Source Files</Filter> </ClCompile> - <ClCompile Include="..\..\AcceptorI.cpp"> + <ClCompile Include="..\..\SChannelPluginI.cpp"> <Filter>Source Files</Filter> </ClCompile> + <ClCompile Include="..\..\CertificateI.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="..\..\SChannelCertificateI.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="Win32\Debug\ConnectionInfoF.cpp"> + <Filter>Source Files\Win32\Debug</Filter> + </ClCompile> + <ClCompile Include="x64\Debug\ConnectionInfoF.cpp"> + <Filter>Source Files\x64\Debug</Filter> + </ClCompile> + <ClCompile Include="Win32\Release\ConnectionInfoF.cpp"> + <Filter>Source Files\Win32\Release</Filter> + </ClCompile> + <ClCompile Include="x64\Release\ConnectionInfoF.cpp"> + <Filter>Source Files\x64\Release</Filter> + </ClCompile> <ClCompile Include="Win32\Debug\ConnectionInfo.cpp"> <Filter>Source Files\Win32\Debug</Filter> </ClCompile> @@ -128,12 +149,6 @@ <ClCompile Include="x64\Release\EndpointInfo.cpp"> <Filter>Source Files\x64\Release</Filter> </ClCompile> - <ClCompile Include="..\..\SChannelCertificate.cpp"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="..\..\SChannelPluginI.cpp"> - <Filter>Source Files</Filter> - </ClCompile> </ItemGroup> <ItemGroup> <ClInclude Include="..\..\Util.h"> @@ -184,6 +199,24 @@ <ClInclude Include="..\..\..\..\include\IceSSL\Plugin.h"> <Filter>Header Files</Filter> </ClInclude> + <ClInclude Include="..\..\SChannelEngine.h"> + <Filter>Source Files</Filter> + </ClInclude> + <ClInclude Include="..\..\SChannelEngineF.h"> + <Filter>Source Files</Filter> + </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp11\Win32\Debug\IceSSL\ConnectionInfoF.h"> + <Filter>Header Files\Win32\Debug</Filter> + </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp11\x64\Debug\IceSSL\ConnectionInfoF.h"> + <Filter>Header Files\x64\Debug</Filter> + </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp11\Win32\Release\IceSSL\ConnectionInfoF.h"> + <Filter>Header Files\Win32\Release</Filter> + </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp11\x64\Release\IceSSL\ConnectionInfoF.h"> + <Filter>Header Files\x64\Release</Filter> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp11\Win32\Debug\IceSSL\ConnectionInfo.h"> <Filter>Header Files\Win32\Debug</Filter> </ClInclude> @@ -208,11 +241,5 @@ <ClInclude Include="..\..\..\..\include\generated\cpp11\x64\Release\IceSSL\EndpointInfo.h"> <Filter>Header Files\x64\Release</Filter> </ClInclude> - <ClInclude Include="..\..\SChannelEngine.h"> - <Filter>Source Files</Filter> - </ClInclude> - <ClInclude Include="..\..\SChannelEngineF.h"> - <Filter>Source Files</Filter> - </ClInclude> </ItemGroup> </Project>
\ No newline at end of file diff --git a/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj b/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj index 837279671e5..6af52d8d03a 100644 --- a/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj +++ b/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj @@ -111,6 +111,7 @@ </ItemGroup> <ItemGroup> <IceBuilder Include="..\..\..\..\..\slice\IceSSL\ConnectionInfo.ice" /> + <IceBuilder Include="..\..\..\..\..\slice\IceSSL\ConnectionInfoF.ice" /> <IceBuilder Include="..\..\..\..\..\slice\IceSSL\EndpointInfo.ice" /> </ItemGroup> <ItemGroup> @@ -133,6 +134,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClCompile> + <ClCompile Include="Win32\Debug\ConnectionInfoF.cpp"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClCompile> <ClCompile Include="Win32\Debug\EndpointInfo.cpp"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> @@ -143,6 +149,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClCompile> + <ClCompile Include="Win32\Release\ConnectionInfoF.cpp"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClCompile> <ClCompile Include="Win32\Release\EndpointInfo.cpp"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> @@ -153,6 +164,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClCompile> + <ClCompile Include="x64\Debug\ConnectionInfoF.cpp"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClCompile> <ClCompile Include="x64\Debug\EndpointInfo.cpp"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> @@ -163,6 +179,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> </ClCompile> + <ClCompile Include="x64\Release\ConnectionInfoF.cpp"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </ClCompile> <ClCompile Include="x64\Release\EndpointInfo.cpp"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> @@ -175,6 +196,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp98\Win32\Debug\IceSSL\ConnectionInfoF.h"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp98\Win32\Debug\IceSSL\EndpointInfo.h"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> @@ -185,6 +211,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp98\Win32\Release\IceSSL\ConnectionInfoF.h"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp98\Win32\Release\IceSSL\EndpointInfo.h"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> @@ -195,6 +226,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp98\x64\Debug\IceSSL\ConnectionInfoF.h"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp98\x64\Debug\IceSSL\EndpointInfo.h"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> @@ -205,6 +241,11 @@ <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp98\x64\Release\IceSSL\ConnectionInfoF.h"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp98\x64\Release\IceSSL\EndpointInfo.h"> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> diff --git a/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj.filters b/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj.filters index c82244834e8..1dda8a9208c 100644 --- a/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj.filters +++ b/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj.filters @@ -66,6 +66,9 @@ <IceBuilder Include="..\..\..\..\..\slice\IceSSL\EndpointInfo.ice"> <Filter>Slice Files</Filter> </IceBuilder> + <IceBuilder Include="..\..\..\..\..\slice\IceSSL\ConnectionInfoF.ice"> + <Filter>Slice Files</Filter> + </IceBuilder> </ItemGroup> <ItemGroup> <ClCompile Include="..\..\TrustManager.cpp"> @@ -95,15 +98,33 @@ <ClCompile Include="..\..\ConnectorI.cpp"> <Filter>Source Files</Filter> </ClCompile> - <ClCompile Include="..\..\Certificate.cpp"> - <Filter>Source Files</Filter> - </ClCompile> <ClCompile Include="..\..\AcceptorI.cpp"> <Filter>Source Files</Filter> </ClCompile> <ClCompile Include="..\..\Util.cpp"> <Filter>Source Files</Filter> </ClCompile> + <ClCompile Include="..\..\SChannelPluginI.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="..\..\CertificateI.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="..\..\SChannelCertificateI.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="Win32\Debug\ConnectionInfoF.cpp"> + <Filter>Source Files\Win32\Debug</Filter> + </ClCompile> + <ClCompile Include="x64\Debug\ConnectionInfoF.cpp"> + <Filter>Source Files\x64\Debug</Filter> + </ClCompile> + <ClCompile Include="Win32\Release\ConnectionInfoF.cpp"> + <Filter>Source Files\Win32\Release</Filter> + </ClCompile> + <ClCompile Include="x64\Release\ConnectionInfoF.cpp"> + <Filter>Source Files\x64\Release</Filter> + </ClCompile> <ClCompile Include="Win32\Debug\ConnectionInfo.cpp"> <Filter>Source Files\Win32\Debug</Filter> </ClCompile> @@ -128,12 +149,6 @@ <ClCompile Include="x64\Release\EndpointInfo.cpp"> <Filter>Source Files\x64\Release</Filter> </ClCompile> - <ClCompile Include="..\..\SChannelCertificate.cpp"> - <Filter>Source Files</Filter> - </ClCompile> - <ClCompile Include="..\..\SChannelPluginI.cpp"> - <Filter>Source Files</Filter> - </ClCompile> </ItemGroup> <ItemGroup> <ClInclude Include="..\..\Util.h"> @@ -184,6 +199,24 @@ <ClInclude Include="..\..\..\..\include\IceSSL\Plugin.h"> <Filter>Header Files</Filter> </ClInclude> + <ClInclude Include="..\..\SChannelEngine.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="..\..\CertificateI.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp98\Win32\Debug\IceSSL\ConnectionInfoF.h"> + <Filter>Header Files\Win32\Debug</Filter> + </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp98\x64\Debug\IceSSL\ConnectionInfoF.h"> + <Filter>Header Files\x64\Debug</Filter> + </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp98\Win32\Release\IceSSL\ConnectionInfoF.h"> + <Filter>Header Files\Win32\Release</Filter> + </ClInclude> + <ClInclude Include="..\..\..\..\include\generated\cpp98\x64\Release\IceSSL\ConnectionInfoF.h"> + <Filter>Header Files\x64\Release</Filter> + </ClInclude> <ClInclude Include="..\..\..\..\include\generated\cpp98\Win32\Debug\IceSSL\ConnectionInfo.h"> <Filter>Header Files\Win32\Debug</Filter> </ClInclude> @@ -208,11 +241,5 @@ <ClInclude Include="..\..\..\..\include\generated\cpp98\x64\Release\IceSSL\EndpointInfo.h"> <Filter>Header Files\x64\Release</Filter> </ClInclude> - <ClInclude Include="..\..\SChannelEngine.h"> - <Filter>Header Files</Filter> - </ClInclude> - <ClInclude Include="..\..\Certificate.h"> - <Filter>Header Files</Filter> - </ClInclude> </ItemGroup> </Project>
\ No newline at end of file diff --git a/cpp/src/Slice/CPlusPlusUtil.cpp b/cpp/src/Slice/CPlusPlusUtil.cpp index b65006e6c20..0a06db2ef8f 100644 --- a/cpp/src/Slice/CPlusPlusUtil.cpp +++ b/cpp/src/Slice/CPlusPlusUtil.cpp @@ -648,6 +648,20 @@ Slice::typeToString(const TypePtr& type, const StringList& metaData, int typeCtx "::std::shared_ptr<void>", "::std::shared_ptr<::Ice::Value>" }; + + if((typeCtx & TypeContextLocal) != 0) + { + for(StringList::const_iterator i = metaData.begin(); i != metaData.end(); ++i) + { + const string cppType = "cpp:type:"; + const string meta = *i; + + if(meta.find(cppType) == 0) + { + return meta.substr(cppType.size()); + } + } + } BuiltinPtr builtin = BuiltinPtr::dynamicCast(type); if(builtin) diff --git a/cpp/src/Slice/JavaUtil.cpp b/cpp/src/Slice/JavaUtil.cpp index cb99ca5da46..947cdbe0602 100644 --- a/cpp/src/Slice/JavaUtil.cpp +++ b/cpp/src/Slice/JavaUtil.cpp @@ -1115,11 +1115,12 @@ Slice::JavaCompatGenerator::getOptionalFormat(const TypePtr& type) string Slice::JavaCompatGenerator::typeToString(const TypePtr& type, - TypeMode mode, - const string& package, - const StringList& metaData, - bool formal, - bool optional) const + TypeMode mode, + const string& package, + const StringList& metaData, + bool formal, + bool optional, + bool local) const { static const char* builtinTable[] = { @@ -1166,6 +1167,20 @@ Slice::JavaCompatGenerator::typeToString(const TypePtr& type, "???", "???" }; + + if(local) + { + for(StringList::const_iterator i = metaData.begin(); i != metaData.end(); ++i) + { + const string javaType = "java:type:"; + const string meta = *i; + + if(meta.find(javaType) == 0) + { + return meta.substr(javaType.size()); + } + } + } if(!type) { @@ -1317,10 +1332,10 @@ Slice::JavaCompatGenerator::typeToString(const TypePtr& type, string Slice::JavaCompatGenerator::typeToObjectString(const TypePtr& type, - TypeMode mode, - const string& package, - const StringList& metaData, - bool formal) const + TypeMode mode, + const string& package, + const StringList& metaData, + bool formal) const { static const char* builtinTable[] = { @@ -3599,6 +3614,20 @@ Slice::JavaGenerator::typeToString(const TypePtr& type, "???", "???" }; + + if(local) + { + for(StringList::const_iterator i = metaData.begin(); i != metaData.end(); ++i) + { + const string javaType = "java:type:"; + const string meta = *i; + + if(meta.find(javaType) == 0) + { + return meta.substr(javaType.size()); + } + } + } if(!type) { diff --git a/cpp/src/Slice/JavaUtil.h b/cpp/src/Slice/JavaUtil.h index dfabec06025..ce16795bdb2 100644 --- a/cpp/src/Slice/JavaUtil.h +++ b/cpp/src/Slice/JavaUtil.h @@ -145,7 +145,7 @@ protected: TypeModeReturn }; std::string typeToString(const TypePtr&, TypeMode, const std::string& = std::string(), - const StringList& = StringList(), bool = true, bool = false) const; + const StringList& = StringList(), bool = true, bool = false, bool = false) const; // // Get the Java object name for a type. For primitive types, this returns the diff --git a/cpp/src/slice2cpp/Gen.cpp b/cpp/src/slice2cpp/Gen.cpp index 930e188c6f2..9bed882cb1a 100644 --- a/cpp/src/slice2cpp/Gen.cpp +++ b/cpp/src/slice2cpp/Gen.cpp @@ -3146,7 +3146,10 @@ void Slice::Gen::ObjectVisitor::emitDataMember(const DataMemberPtr& p) { string name = fixKwd(p->name()); - H << nl << typeToString(p->type(), p->optional(), p->getMetaData(), _useWstring) << ' ' << name << ';'; + ContainerPtr container = p->container(); + ClassDefPtr cl = ClassDefPtr::dynamicCast(container); + int typeContext = cl->isLocal() ? TypeContextLocal | _useWstring : _useWstring; + H << nl << typeToString(p->type(), p->optional(), p->getMetaData(), typeContext) << ' ' << name << ';'; } void @@ -3342,10 +3345,12 @@ Slice::Gen::ObjectVisitor::emitOneShotConstructor(const ClassDefPtr& p) bool callBaseConstuctors = !(p->isAbstract() && virtualInheritance); DataMemberList dataMembers = p->dataMembers(); + int typeContext = p->isLocal() ? (_useWstring | TypeContextLocal) : _useWstring; + for(DataMemberList::const_iterator q = allDataMembers.begin(); q != allDataMembers.end(); ++q) { - string typeName = inputTypeToString((*q)->type(), (*q)->optional(), (*q)->getMetaData(), _useWstring); + string typeName = inputTypeToString((*q)->type(), (*q)->optional(), (*q)->getMetaData(), typeContext); bool dataMember = std::find(dataMembers.begin(), dataMembers.end(), (*q)) != dataMembers.end(); allParamDecls.push_back(typeName + ((dataMember || callBaseConstuctors) ? (" iceP_" + (*q)->name()) : (" /*iceP_" + (*q)->name() + "*/"))); @@ -6310,8 +6315,15 @@ void Slice::Gen::Cpp11ObjectVisitor::emitDataMember(const DataMemberPtr& p) { string name = fixKwd(p->name()); - H << nl << typeToString(p->type(), p->optional(), p->getMetaData(), - _useWstring | TypeContextCpp11) << ' ' << name; + int typeContext = _useWstring | TypeContextCpp11; + ContainerPtr container = p->container(); + ClassDefPtr cl = ClassDefPtr::dynamicCast(container); + if(cl->isLocal()) + { + typeContext |= TypeContextLocal; + } + + H << nl << typeToString(p->type(), p->optional(), p->getMetaData(), typeContext) << ' ' << name; string defaultValue = p->defaultValue(); if(!defaultValue.empty()) @@ -6447,7 +6459,7 @@ Slice::Gen::Cpp11LocalObjectVisitor::visitClassDefStart(const ClassDefPtr& p) for(DataMemberList::const_iterator q = allDataMembers.begin(); q != allDataMembers.end(); ++q) { - string typeName = inputTypeToString((*q)->type(), (*q)->optional(), (*q)->getMetaData(), _useWstring); + string typeName = inputTypeToString((*q)->type(), (*q)->optional(), (*q)->getMetaData(), _useWstring | TypeContextLocal); allTypes.push_back(typeName); allParamDecls.push_back(typeName + " iceP_" + (*q)->name()); } @@ -6458,7 +6470,7 @@ Slice::Gen::Cpp11LocalObjectVisitor::visitClassDefStart(const ClassDefPtr& p) { H << sp << nl << name << "() :"; H.inc(); - writeDataMemberInitializers(H, dataMembers, _useWstring | TypeContextCpp11); + writeDataMemberInitializers(H, dataMembers, _useWstring | TypeContextCpp11 | TypeContextLocal); H.dec(); H << sb; H << eb; @@ -7443,11 +7455,16 @@ Slice::Gen::Cpp11ObjectVisitor::emitOneShotConstructor(const ClassDefPtr& p) { vector<string> allParamDecls; DataMemberList dataMembers = p->dataMembers(); + + int typeContext = _useWstring | TypeContextCpp11; + if(p->isLocal()) + { + typeContext |= TypeContextLocal; + } for(DataMemberList::const_iterator q = allDataMembers.begin(); q != allDataMembers.end(); ++q) { - string typeName = inputTypeToString((*q)->type(), (*q)->optional(), (*q)->getMetaData(), - _useWstring | TypeContextCpp11); + string typeName = inputTypeToString((*q)->type(), (*q)->optional(), (*q)->getMetaData(), typeContext); allParamDecls.push_back(typeName + " iceP_" + (*q)->name()); } diff --git a/cpp/src/slice2cs/CsUtil.cpp b/cpp/src/slice2cs/CsUtil.cpp index 9f442018932..b2cd8c4efe8 100644 --- a/cpp/src/slice2cs/CsUtil.cpp +++ b/cpp/src/slice2cs/CsUtil.cpp @@ -261,7 +261,7 @@ Slice::CsGenerator::getStaticId(const TypePtr& type) } string -Slice::CsGenerator::typeToString(const TypePtr& type, bool optional, bool local) +Slice::CsGenerator::typeToString(const TypePtr& type, bool optional, bool local, const StringList& metaData) { if(!type) { @@ -305,6 +305,19 @@ Slice::CsGenerator::typeToString(const TypePtr& type, bool optional, bool local) "Ice.Value" }; + if(local) + { + for(StringList::const_iterator i = metaData.begin(); i != metaData.end(); ++i) + { + const string clrType = "cs:type:"; + const string meta = *i; + if(meta.find(clrType) == 0) + { + return meta.substr(clrType.size()); + } + } + } + BuiltinPtr builtin = BuiltinPtr::dynamicCast(type); if(builtin) { @@ -2539,6 +2552,20 @@ Slice::CsGenerator::MetaDataVisitor::validate(const ContainedPtr& cont) } } } + else if(DataMemberPtr::dynamicCast(cont)) + { + DataMemberPtr dataMember = DataMemberPtr::dynamicCast(cont); + StructPtr st = StructPtr::dynamicCast(dataMember->container()); + ExceptionPtr ex = ExceptionPtr::dynamicCast(dataMember->container()); + ClassDefPtr cl = ClassDefPtr::dynamicCast(dataMember->container()); + bool isLocal = (st && st->isLocal()) || (ex && ex->isLocal()) || (cl && cl->isLocal()); + static const string csTypePrefix = csPrefix + "type:"; + if(isLocal && s.find(csTypePrefix) == 0) + { + newLocalMetaData.push_back(s); + continue; + } + } static const string csAttributePrefix = csPrefix + "attribute:"; static const string csTie = csPrefix + "tie"; diff --git a/cpp/src/slice2cs/CsUtil.h b/cpp/src/slice2cs/CsUtil.h index 93d09a979f2..d5ad2bea645 100644 --- a/cpp/src/slice2cs/CsUtil.h +++ b/cpp/src/slice2cs/CsUtil.h @@ -41,7 +41,7 @@ protected: static std::string fixId(const ContainedPtr&, int = 0, bool = false); static std::string getOptionalFormat(const TypePtr&); static std::string getStaticId(const TypePtr&); - static std::string typeToString(const TypePtr&, bool = false, bool = false); + static std::string typeToString(const TypePtr&, bool = false, bool = false, const StringList& = StringList()); static bool isClassType(const TypePtr&); static bool isValueType(const TypePtr&); diff --git a/cpp/src/slice2cs/Gen.cpp b/cpp/src/slice2cs/Gen.cpp index c76e5385c86..a7b5016be1b 100644 --- a/cpp/src/slice2cs/Gen.cpp +++ b/cpp/src/slice2cs/Gen.cpp @@ -2296,7 +2296,7 @@ Slice::Gen::TypesVisitor::visitClassDefEnd(const ClassDefPtr& p) for(DataMemberList::const_iterator d = allDataMembers.begin(); d != allDataMembers.end(); ++d) { string memberName = fixId((*d)->name(), DotNet::ICloneable); - string memberType = typeToString((*d)->type(), (*d)->optional()); + string memberType = typeToString((*d)->type(), (*d)->optional(), p->isLocal(), (*d)->getMetaData()); paramDecl.push_back(memberType + " " + memberName); } _out << paramDecl << epar; @@ -3199,7 +3199,7 @@ Slice::Gen::TypesVisitor::visitDataMember(const DataMemberPtr& p) emitDeprecate(p, cont, _out, "member"); - string type = typeToString(p->type(), isOptional, isLocal); + string type = typeToString(p->type(), isOptional, isLocal, p->getMetaData()); string propertyName = fixId(p->name(), baseTypes, isClass); string dataMemberName; if(isProperty) diff --git a/cpp/src/slice2java/Gen.cpp b/cpp/src/slice2java/Gen.cpp index 16d63924f8d..c8d42d95418 100644 --- a/cpp/src/slice2java/Gen.cpp +++ b/cpp/src/slice2java/Gen.cpp @@ -2563,7 +2563,7 @@ Slice::Gen::TypesVisitor::visitClassDefStart(const ClassDefPtr& p) if(!(*d)->optional()) { string memberName = fixKwd((*d)->name()); - string memberType = typeToString((*d)->type(), TypeModeMember, package, (*d)->getMetaData()); + string memberType = typeToString((*d)->type(), TypeModeMember, package, (*d)->getMetaData(), true, false, p->isLocal()); paramDecl.push_back(memberType + " " + memberName); } } @@ -2615,7 +2615,7 @@ Slice::Gen::TypesVisitor::visitClassDefStart(const ClassDefPtr& p) for(DataMemberList::const_iterator d = allDataMembers.begin(); d != allDataMembers.end(); ++d) { string memberName = fixKwd((*d)->name()); - string memberType = typeToString((*d)->type(), TypeModeMember, package, (*d)->getMetaData()); + string memberType = typeToString((*d)->type(), TypeModeMember, package, (*d)->getMetaData(), true, false, p->isLocal()); paramDecl.push_back(memberType + " " + memberName); } out << paramDecl << epar; diff --git a/cpp/src/slice2java/GenCompat.cpp b/cpp/src/slice2java/GenCompat.cpp index a6c8c7d1b4d..02a3256c840 100644 --- a/cpp/src/slice2java/GenCompat.cpp +++ b/cpp/src/slice2java/GenCompat.cpp @@ -2840,7 +2840,8 @@ Slice::GenCompat::TypesVisitor::visitClassDefStart(const ClassDefPtr& p) if(!(*d)->optional()) { string memberName = fixKwd((*d)->name()); - string memberType = typeToString((*d)->type(), TypeModeMember, package, (*d)->getMetaData()); + string memberType = typeToString((*d)->type(), TypeModeMember, package, (*d)->getMetaData(), + true, false, p->isLocal()); paramDecl.push_back(memberType + " " + memberName); } } @@ -2892,7 +2893,8 @@ Slice::GenCompat::TypesVisitor::visitClassDefStart(const ClassDefPtr& p) for(DataMemberList::const_iterator d = allDataMembers.begin(); d != allDataMembers.end(); ++d) { string memberName = fixKwd((*d)->name()); - string memberType = typeToString((*d)->type(), TypeModeMember, package, (*d)->getMetaData()); + string memberType = typeToString((*d)->type(), TypeModeMember, package, (*d)->getMetaData(), true, + false, p->isLocal()); paramDecl.push_back(memberType + " " + memberName); } out << paramDecl << epar; @@ -3789,11 +3791,30 @@ void Slice::GenCompat::TypesVisitor::visitDataMember(const DataMemberPtr& p) { string name = fixKwd(p->name()); - ContainerPtr container = p->container(); - ContainedPtr contained = ContainedPtr::dynamicCast(container); + const ContainerPtr container = p->container(); + const ClassDefPtr cls = ClassDefPtr::dynamicCast(container); + const StructPtr st = StructPtr::dynamicCast(container); + const ExceptionPtr ex = ExceptionPtr::dynamicCast(container); + const ContainedPtr contained = ContainedPtr::dynamicCast(container); StringList metaData = p->getMetaData(); TypePtr type = p->type(); - string s = typeToString(type, TypeModeMember, getPackage(contained), metaData); + + bool local; + if(cls) + { + local = cls->isLocal(); + } + else if(st) + { + local = st->isLocal(); + } + else + { + assert(ex); + local = ex->isLocal(); + } + + string s = typeToString(type, TypeModeMember, getPackage(contained), metaData, true, false, local); Output& out = output(); const bool optional = p->optional(); const bool getSet = p->hasMetaData(_getSetMetaData) || contained->hasMetaData(_getSetMetaData); diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp index ad8338888e9..66eae51e144 100644 --- a/cpp/test/IceSSL/configuration/AllTests.cpp +++ b/cpp/test/IceSSL/configuration/AllTests.cpp @@ -442,16 +442,16 @@ public: } virtual bool - verify(const IceSSL::NativeConnectionInfoPtr& info) + verify(const IceSSL::ConnectionInfoPtr& info) { - if(info->nativeCerts.size() > 0) + if(info->certs.size() > 0) { #if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 // // Subject alternative name // { - vector<pair<int, string> > altNames = info->nativeCerts[0]->getSubjectAlternativeNames(); + vector<pair<int, string> > altNames = info->certs[0]->getSubjectAlternativeNames(); vector<string> ipAddresses; vector<string> dnsNames; for(vector<pair<int, string> >::const_iterator p = altNames.begin(); p != altNames.end(); ++p) @@ -479,7 +479,7 @@ public: // Issuer alternative name // { - vector<pair<int, string> > altNames = info->nativeCerts[0]->getIssuerAlternativeNames(); + vector<pair<int, string> > altNames = info->certs[0]->getIssuerAlternativeNames(); vector<string> ipAddresses; vector<string> emailAddresses; for(vector<pair<int, string> >::const_iterator p = altNames.begin(); p != altNames.end(); ++p) @@ -501,7 +501,7 @@ public: #endif } - _hadCert = info->nativeCerts.size() != 0; + _hadCert = info->certs.size() != 0; _invoked = true; return _returnValue; } @@ -750,7 +750,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) const string anonCiphers = engineVersion >= 0x10100000L ? "ADH:@SECLEVEL=0" : "ADH"; #endif - IceSSL::NativeConnectionInfoPtr info; + IceSSL::ConnectionInfoPtr info; cout << "testing manual initialization... " << flush; { @@ -1012,25 +1012,25 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) test(caCert->verify(caCert)); #endif - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); - test(info->nativeCerts.size() == 2); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); + test(info->certs.size() == 2); test(info->verified); - test(ICE_TARGET_EQUAL_TO(caCert, info->nativeCerts[1])); - test(ICE_TARGET_EQUAL_TO(serverCert, info->nativeCerts[0])); + test(ICE_TARGET_EQUAL_TO(caCert, info->certs[1])); + test(ICE_TARGET_EQUAL_TO(serverCert, info->certs[0])); - test(!(ICE_TARGET_EQUAL_TO(serverCert, info->nativeCerts[1]))); - test(!(ICE_TARGET_EQUAL_TO(caCert, info->nativeCerts[0]))); + test(!(ICE_TARGET_EQUAL_TO(serverCert, info->certs[1]))); + test(!(ICE_TARGET_EQUAL_TO(caCert, info->certs[0]))); #if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 - test(info->nativeCerts[0]->checkValidity() && info->nativeCerts[1]->checkValidity()); + test(info->certs[0]->checkValidity() && info->certs[1]->checkValidity()); # ifdef ICE_CPP11_MAPPING - test(!info->nativeCerts[0]->checkValidity(std::chrono::system_clock::time_point()) && - !info->nativeCerts[1]->checkValidity(std::chrono::system_clock::time_point())); + test(!info->certs[0]->checkValidity(std::chrono::system_clock::time_point()) && + !info->certs[1]->checkValidity(std::chrono::system_clock::time_point())); # else - test(!info->nativeCerts[0]->checkValidity(IceUtil::Time::seconds(0)) && - !info->nativeCerts[1]->checkValidity(IceUtil::Time::seconds(0))); + test(!info->certs[0]->checkValidity(IceUtil::Time::seconds(0)) && + !info->certs[1]->checkValidity(IceUtil::Time::seconds(0))); # endif #endif @@ -1039,11 +1039,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) // with a custom CA. // #ifndef ICE_OS_UWP - test(info->nativeCerts[0]->verify(info->nativeCerts[1])); + test(info->certs[0]->verify(info->certs[1])); #endif - test(info->nativeCerts.size() == 2 && - info->nativeCerts[0]->getSubjectDN() == serverCert->getSubjectDN() && - info->nativeCerts[0]->getIssuerDN() == serverCert->getIssuerDN()); + test(info->certs.size() == 2 && + info->certs[0]->getSubjectDN() == serverCert->getSubjectDN() && + info->certs[0]->getIssuerDN() == serverCert->getIssuerDN()); } catch(const LocalException& ex) { @@ -1546,8 +1546,8 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) Test::ServerPrxPtr server = fact->createServer(d); try { - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); - test(info->nativeCerts.size() == 1); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); + test(info->certs.size() == 1); test(!info->verified); } catch(const Ice::LocalException&) @@ -1566,11 +1566,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) server = fact->createServer(d); try { - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); #ifdef ICE_USE_OPENSSL - test(info->nativeCerts.size() == 2); // TODO: Fix OpenSSL + test(info->certs.size() == 2); // TODO: Fix OpenSSL #else - test(info->nativeCerts.size() == 1); + test(info->certs.size() == 1); #endif test(!info->verified); } @@ -1594,11 +1594,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) server = fact->createServer(d); try { - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); #if defined(ICE_USE_SCHANNEL) || defined(ICE_OS_UWP) - test(info->nativeCerts.size() == 1); // SChannel never sends the root certificate + test(info->certs.size() == 1); // SChannel never sends the root certificate #else - test(info->nativeCerts.size() == 2); + test(info->certs.size() == 2); #endif test(!info->verified); } @@ -1628,8 +1628,8 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) Test::ServerPrxPtr server = fact->createServer(d); try { - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); - test(info->nativeCerts.size() == 2); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); + test(info->certs.size() == 2); test(info->verified); } catch(const Ice::LocalException& ex) @@ -1664,7 +1664,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) Test::ServerPrxPtr server = fact->createServer(d); try { - ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); + ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); import.cleanup(); test(false); } @@ -1698,8 +1698,8 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) Test::ServerPrxPtr server = fact->createServer(d); try { - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); - test(info->nativeCerts.size() == 3); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); + test(info->certs.size() == 3); test(info->verified); } catch(const Ice::LocalException& ex) @@ -1717,7 +1717,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) Test::ServerPrxPtr server = fact->createServer(d); try { - ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); + ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); import.cleanup(); test(false); } @@ -1746,8 +1746,8 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) Test::ServerPrxPtr server = fact->createServer(d); try { - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); - test(info->nativeCerts.size() == 4); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); + test(info->certs.size() == 4); test(info->verified); } catch(const Ice::LocalException& ex) @@ -1924,7 +1924,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) CertificateVerifierIPtr verifier = ICE_MAKE_SHARED(CertificateVerifierI); #ifdef ICE_CPP11_MAPPING - plugin->setCertificateVerifier([verifier](const shared_ptr<IceSSL::NativeConnectionInfo>& info) + plugin->setCertificateVerifier([verifier](const shared_ptr<IceSSL::ConnectionInfo>& info) { return verifier->verify(info); }); #else plugin->setCertificateVerifier(verifier); @@ -1948,7 +1948,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) try { server->checkCipher(cipherSub); - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); test(info->cipher.compare(0, cipherSub.size(), cipherSub) == 0); } catch(const LocalException&) @@ -1998,7 +1998,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) CertificateVerifierIPtr verifier = ICE_MAKE_SHARED(CertificateVerifierI); #ifdef ICE_CPP11_MAPPING - plugin->setCertificateVerifier([verifier](const shared_ptr<IceSSL::NativeConnectionInfo>& info) + plugin->setCertificateVerifier([verifier](const shared_ptr<IceSSL::ConnectionInfo>& info) { return verifier->verify(info); }); #else plugin->setCertificateVerifier(verifier); @@ -2601,7 +2601,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) try { server->checkCipher(cipherSub); - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); test(info->cipher.compare(0, cipherSub.size(), cipherSub) == 0); } catch(const LocalException& ex) @@ -2764,7 +2764,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) try { server->checkCipher("3DES"); - info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, server->ice_getConnection()->getInfo()); + info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, server->ice_getConnection()->getInfo()); test(info->cipher.compare(0, 4, "3DES") == 0); } catch(const LocalException& ex) diff --git a/cpp/test/IceSSL/configuration/TestI.cpp b/cpp/test/IceSSL/configuration/TestI.cpp index 594510c3934..7da838025c3 100644 --- a/cpp/test/IceSSL/configuration/TestI.cpp +++ b/cpp/test/IceSSL/configuration/TestI.cpp @@ -12,6 +12,7 @@ #include <TestI.h> #include <TestCommon.h> #include <IceSSL/Plugin.h> +#include <IceSSL/ConnectionInfo.h> using namespace std; using namespace Ice; @@ -26,8 +27,8 @@ ServerI::noCert(const Ice::Current& c) { try { - IceSSL::NativeConnectionInfoPtr info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, c.con->getInfo()); - test(info->nativeCerts.size() == 0); + IceSSL::ConnectionInfoPtr info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, c.con->getInfo()); + test(info->certs.size() == 0); } catch(const Ice::LocalException& ex) { @@ -41,23 +42,23 @@ ServerI::checkCert(ICE_IN(string) subjectDN, ICE_IN(string) issuerDN, const Ice: { try { - IceSSL::NativeConnectionInfoPtr info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, c.con->getInfo()); + IceSSL::ConnectionInfoPtr info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, c.con->getInfo()); test(info->verified); - test(info->nativeCerts.size() == 2); + test(info->certs.size() == 2); if(c.ctx.find("uwp") != c.ctx.end()) { // // UWP client just provide the subject and issuer CN, and not the full Subject and Issuer DN // - string subject(info->nativeCerts[0]->getSubjectDN()); + string subject(info->certs[0]->getSubjectDN()); test(subject.find(subjectDN) != string::npos); - string issuer(info->nativeCerts[0]->getIssuerDN()); + string issuer(info->certs[0]->getIssuerDN()); test(issuer.find(issuerDN) != string::npos); } else { - test(info->nativeCerts[0]->getSubjectDN() == IceSSL::DistinguishedName(subjectDN)); - test(info->nativeCerts[0]->getIssuerDN() == IceSSL::DistinguishedName(issuerDN)); + test(info->certs[0]->getSubjectDN() == IceSSL::DistinguishedName(subjectDN)); + test(info->certs[0]->getIssuerDN() == IceSSL::DistinguishedName(issuerDN)); } } catch(const Ice::LocalException&) @@ -71,7 +72,7 @@ ServerI::checkCipher(ICE_IN(string) cipher, const Ice::Current& c) { try { - IceSSL::NativeConnectionInfoPtr info = ICE_DYNAMIC_CAST(IceSSL::NativeConnectionInfo, c.con->getInfo()); + IceSSL::ConnectionInfoPtr info = ICE_DYNAMIC_CAST(IceSSL::ConnectionInfo, c.con->getInfo()); test(info->cipher.compare(0, cipher.size(), cipher) == 0); } catch(const Ice::LocalException&) diff --git a/csharp/src/IceSSL/Instance.cs b/csharp/src/IceSSL/Instance.cs index de4804443d2..d3de34f4ff1 100644 --- a/csharp/src/IceSSL/Instance.cs +++ b/csharp/src/IceSSL/Instance.cs @@ -60,7 +60,7 @@ namespace IceSSL _engine.traceStream(stream, connInfo); } - internal void verifyPeer(string address, NativeConnectionInfo info, string desc) + internal void verifyPeer(string address, IceSSL.ConnectionInfo info, string desc) { _engine.verifyPeer(address, info, desc); } diff --git a/csharp/src/IceSSL/Plugin.cs b/csharp/src/IceSSL/Plugin.cs index 6340f71df5c..63647d31a63 100644 --- a/csharp/src/IceSSL/Plugin.cs +++ b/csharp/src/IceSSL/Plugin.cs @@ -22,7 +22,7 @@ namespace IceSSL // Return true to allow a connection using the provided certificate // information, or false to reject the connection. // - bool verify(NativeConnectionInfo info); + bool verify(IceSSL.ConnectionInfo info); } /// <summary> diff --git a/csharp/src/IceSSL/SSLEngine.cs b/csharp/src/IceSSL/SSLEngine.cs index a958d117ec6..4b7288808bc 100644 --- a/csharp/src/IceSSL/SSLEngine.cs +++ b/csharp/src/IceSSL/SSLEngine.cs @@ -477,14 +477,14 @@ namespace IceSSL _logger.trace(_securityTraceCategory, s.ToString()); } - internal void verifyPeer(string address, NativeConnectionInfo info, string desc) + internal void verifyPeer(string address, IceSSL.ConnectionInfo info, string desc) { - if(_verifyDepthMax > 0 && info.nativeCerts != null && info.nativeCerts.Length > _verifyDepthMax) + if(_verifyDepthMax > 0 && info.certs != null && info.certs.Length > _verifyDepthMax) { string msg = (info.incoming ? "incoming" : "outgoing") + " connection rejected:\n" + - "length of peer's certificate chain (" + info.nativeCerts.Length + ") exceeds maximum of " + + "length of peer's certificate chain (" + info.certs.Length + ") exceeds maximum of " + _verifyDepthMax + "\n" + desc; if(_securityTraceLevel >= 1) { diff --git a/csharp/src/IceSSL/TransceiverI.cs b/csharp/src/IceSSL/TransceiverI.cs index ea026ef098a..a10f62abf45 100644 --- a/csharp/src/IceSSL/TransceiverI.cs +++ b/csharp/src/IceSSL/TransceiverI.cs @@ -66,22 +66,14 @@ namespace IceSSL List<string> certs = new List<string>(); if(_chain.ChainElements != null && _chain.ChainElements.Count > 0) { - _nativeCerts = new X509Certificate2[_chain.ChainElements.Count]; + _certs = new X509Certificate2[_chain.ChainElements.Count]; for(int i = 0; i < _chain.ChainElements.Count; ++i) { - X509Certificate2 cert = _chain.ChainElements[i].Certificate; - _nativeCerts[i] = cert; - - StringBuilder s = new StringBuilder(); - s.Append("-----BEGIN CERTIFICATE-----\n"); - s.Append(Convert.ToBase64String(cert.Export(X509ContentType.Cert))); - s.Append("\n-----END CERTIFICATE-----"); - certs.Add(s.ToString()); + _certs[i] = _chain.ChainElements[i].Certificate; } } - _certs = certs.ToArray(); - _instance.verifyPeer(_host, (NativeConnectionInfo)getInfo(), ToString()); + _instance.verifyPeer(_host, (ConnectionInfo)getInfo(), ToString()); if(_instance.securityTraceLevel() >= 1) { @@ -331,14 +323,13 @@ namespace IceSSL public Ice.ConnectionInfo getInfo() { - NativeConnectionInfo info = new NativeConnectionInfo(); + ConnectionInfo info = new ConnectionInfo(); info.underlying = _delegate.getInfo(); info.incoming = _incoming; info.adapterName = _adapterName; info.cipher = _cipher; info.certs = _certs; info.verified = _verified; - info.nativeCerts = _nativeCerts; return info; } @@ -771,8 +762,7 @@ namespace IceSSL private int _maxSendPacketSize; private int _maxRecvPacketSize; private string _cipher; - private string[] _certs; + private X509Certificate2[] _certs; private bool _verified; - private X509Certificate2[] _nativeCerts; } } diff --git a/csharp/src/IceSSL/TrustManager.cs b/csharp/src/IceSSL/TrustManager.cs index 98697dd0942..e5f69a474c7 100644 --- a/csharp/src/IceSSL/TrustManager.cs +++ b/csharp/src/IceSSL/TrustManager.cs @@ -57,7 +57,7 @@ namespace IceSSL } } - internal bool verify(NativeConnectionInfo info, string desc) + internal bool verify(IceSSL.ConnectionInfo info, string desc) { List<List<List<RFC2253.RDNPair>>> reject = new List<List<List<RFC2253.RDNPair>>>(), accept = new List<List<List<RFC2253.RDNPair>>>(); @@ -127,9 +127,9 @@ namespace IceSSL // // If there is no certificate then we match false. // - if(info.nativeCerts != null && info.nativeCerts.Length > 0) + if(info.certs != null && info.certs.Length > 0) { - X500DistinguishedName subjectDN = info.nativeCerts[0].SubjectName; + X500DistinguishedName subjectDN = info.certs[0].SubjectName; string subjectName = subjectDN.Name; Debug.Assert(subjectName != null); try diff --git a/csharp/src/IceSSL/Util.cs b/csharp/src/IceSSL/Util.cs index 242c596febb..30ca194b8e2 100644 --- a/csharp/src/IceSSL/Util.cs +++ b/csharp/src/IceSSL/Util.cs @@ -13,21 +13,6 @@ namespace IceSSL using System.Diagnostics; using System.Security.Cryptography.X509Certificates; - /// <summary> - /// This class provides information about a connection to applications - /// that require information about a peer, for example, to implement - /// a CertificateVerifier. - /// </summary> - public sealed class NativeConnectionInfo : ConnectionInfo - { - /// <summary> - /// The certificate chain. This may be null if the peer did not - /// supply a certificate. The peer's certificate (if any) is the - /// first one in the chain. - /// </summary> - public X509Certificate2[] nativeCerts; - } - public sealed class Util { public static X509Certificate2 createCertificate(string certPEM) diff --git a/csharp/test/IceSSL/configuration/AllTests.cs b/csharp/test/IceSSL/configuration/AllTests.cs index f275492b0ad..af3243d115f 100644 --- a/csharp/test/IceSSL/configuration/AllTests.cs +++ b/csharp/test/IceSSL/configuration/AllTests.cs @@ -374,12 +374,12 @@ public class AllTests new X509Certificate2(defaultDir + "/s_rsa_ca1.p12", "password"); X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem"); - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 2); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.Length == 2); test(info.verified); - test(caCert.Equals(info.nativeCerts[1])); - test(serverCert.Equals(info.nativeCerts[0])); + test(caCert.Equals(info.certs[1])); + test(serverCert.Equals(info.certs[0])); } catch(Exception ex) { @@ -802,7 +802,7 @@ public class AllTests } try { - IceSSL.NativeConnectionInfo info; + IceSSL.ConnectionInfo info; initData = createClientProps(defaultProperties, "", ""); initData.properties.setProperty("IceSSL.VerifyPeer", "0"); @@ -821,8 +821,8 @@ public class AllTests Test.ServerPrx server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 1); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.Length == 1); test(!info.verified); } catch(Ice.LocalException) @@ -840,8 +840,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 1); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.Length == 1); test(!info.verified); } catch(Ice.LocalException) @@ -860,8 +860,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root. + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.Length == 1); // Like the SChannel transport, .NET never sends the root. } catch(Ice.LocalException) { @@ -886,8 +886,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 2); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.Length == 2); test(info.verified); } catch(Ice.LocalException) @@ -946,8 +946,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 3); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.Length == 3); test(info.verified); } catch(Ice.LocalException) @@ -991,8 +991,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.Length == 4); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.Length == 4); test(info.verified); } catch(Ice.LocalException) @@ -1087,8 +1087,7 @@ public class AllTests Test.ServerPrx server = fact.createServer(d); try { - IceSSL.NativeConnectionInfo info = - (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); server.checkCipher(info.cipher); } catch(Ice.LocalException) diff --git a/csharp/test/IceSSL/configuration/CertificateVerifierI.cs b/csharp/test/IceSSL/configuration/CertificateVerifierI.cs index 47be15a4b83..bd3c549c18c 100644 --- a/csharp/test/IceSSL/configuration/CertificateVerifierI.cs +++ b/csharp/test/IceSSL/configuration/CertificateVerifierI.cs @@ -16,9 +16,9 @@ public class CertificateVerifierI : IceSSL.CertificateVerifier reset(); } - public bool verify(IceSSL.NativeConnectionInfo info) + public bool verify(IceSSL.ConnectionInfo info) { - _hadCert = info.nativeCerts != null; + _hadCert = info.certs != null; _invoked = true; return _returnValue; } diff --git a/csharp/test/IceSSL/configuration/TestI.cs b/csharp/test/IceSSL/configuration/TestI.cs index f05b8198741..01918d96a96 100644 --- a/csharp/test/IceSSL/configuration/TestI.cs +++ b/csharp/test/IceSSL/configuration/TestI.cs @@ -24,8 +24,8 @@ internal sealed class ServerI : ServerDisp_ { try { - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo(); - test(info.nativeCerts == null); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); + test(info.certs == null); } catch(Ice.LocalException) { @@ -38,11 +38,11 @@ internal sealed class ServerI : ServerDisp_ { try { - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo(); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); test(info.verified); - test(info.nativeCerts.Length == 2 && - info.nativeCerts[0].Subject.Equals(subjectDN) && - info.nativeCerts[0].Issuer.Equals(issuerDN)); + test(info.certs.Length == 2 && + info.certs[0].Subject.Equals(subjectDN) && + info.certs[0].Issuer.Equals(issuerDN)); } catch(Ice.LocalException) { @@ -55,7 +55,7 @@ internal sealed class ServerI : ServerDisp_ { try { - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo(); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); test(info.cipher.Equals(cipher)); } catch(Ice.LocalException) diff --git a/java-compat/src/Ice/src/main/java/IceSSL/CertificateVerifier.java b/java-compat/src/Ice/src/main/java/IceSSL/CertificateVerifier.java index c28e98ff727..423e6eb57e4 100644 --- a/java-compat/src/Ice/src/main/java/IceSSL/CertificateVerifier.java +++ b/java-compat/src/Ice/src/main/java/IceSSL/CertificateVerifier.java @@ -22,5 +22,5 @@ public interface CertificateVerifier * @return <code>true</code> if the connection should be accepted; * <code>false</code>, otherwise. **/ - boolean verify(NativeConnectionInfo info); + boolean verify(ConnectionInfo info); } diff --git a/java-compat/src/Ice/src/main/java/IceSSL/Instance.java b/java-compat/src/Ice/src/main/java/IceSSL/Instance.java index 227e30ab366..04ea44d6fe0 100644 --- a/java-compat/src/Ice/src/main/java/IceSSL/Instance.java +++ b/java-compat/src/Ice/src/main/java/IceSSL/Instance.java @@ -47,7 +47,7 @@ class Instance extends IceInternal.ProtocolInstance _engine.traceConnection(desc, engine, incoming); } - void verifyPeer(String address, NativeConnectionInfo info, String desc) + void verifyPeer(String address, ConnectionInfo info, String desc) { _engine.verifyPeer(address, info, desc); } diff --git a/java-compat/src/Ice/src/main/java/IceSSL/NativeConnectionInfo.java b/java-compat/src/Ice/src/main/java/IceSSL/NativeConnectionInfo.java deleted file mode 100644 index bae146eb19e..00000000000 --- a/java-compat/src/Ice/src/main/java/IceSSL/NativeConnectionInfo.java +++ /dev/null @@ -1,28 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2017 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package IceSSL; - -/** - * - * This class is a native extension of the Slice local class - * IceSSL::ConnectionInfo. It provides access to the native Java - * certificates. - * - * @see CertificateVerifier - **/ -public class NativeConnectionInfo extends ConnectionInfo -{ - /** - * The certificate chain. This may be null if the peer did not - * supply a certificate. The peer's certificate (if any) is the - * first one in the chain. - **/ - public java.security.cert.Certificate[] nativeCerts; -} diff --git a/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java b/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java index d2ca48c2fa4..70f7152dc9e 100644 --- a/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java +++ b/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java @@ -970,7 +970,7 @@ class SSLEngine return _communicator; } - void verifyPeer(String address, NativeConnectionInfo info, String desc) + void verifyPeer(String address, ConnectionInfo info, String desc) { // // IceSSL.VerifyPeer is translated into the proper SSLEngine configuration @@ -984,10 +984,10 @@ class SSLEngine } } - if(_verifyDepthMax > 0 && info.nativeCerts != null && info.nativeCerts.length > _verifyDepthMax) + if(_verifyDepthMax > 0 && info.certs != null && info.certs.length > _verifyDepthMax) { String msg = (info.incoming ? "incoming" : "outgoing") + " connection rejected:\n" + - "length of peer's certificate chain (" + info.nativeCerts.length + ") exceeds maximum of " + + "length of peer's certificate chain (" + info.certs.length + ") exceeds maximum of " + _verifyDepthMax + "\n" + desc; if(_securityTraceLevel >= 1) { diff --git a/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java b/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java index 0f2f54492b9..91d30c6c244 100644 --- a/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java +++ b/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java @@ -72,29 +72,17 @@ final class TransceiverI implements IceInternal.Transceiver java.security.cert.Certificate[] pcerts = session.getPeerCertificates(); java.security.cert.Certificate[] vcerts = _instance.engine().getVerifiedCertificateChain(pcerts); _verified = vcerts != null; - _nativeCerts = _verified ? vcerts : pcerts; - java.util.ArrayList<String> certs = new java.util.ArrayList<>(); - for(java.security.cert.Certificate c : _nativeCerts) - { - StringBuilder s = new StringBuilder("-----BEGIN CERTIFICATE-----\n"); - s.append(IceUtilInternal.Base64.encode(c.getEncoded())); - s.append("\n-----END CERTIFICATE-----"); - certs.add(s.toString()); - } - _certs = certs.toArray(new String[certs.size()]); + _certs = _verified ? vcerts : pcerts; } catch(javax.net.ssl.SSLPeerUnverifiedException ex) { // No peer certificates. } - catch(java.security.cert.CertificateEncodingException ex) - { - } // // Additional verification. // - _instance.verifyPeer(_host, (NativeConnectionInfo)getInfo(), _delegate.toString()); + _instance.verifyPeer(_host, (ConnectionInfo)getInfo(), _delegate.toString()); if(_instance.securityTraceLevel() >= 1) { @@ -291,14 +279,13 @@ final class TransceiverI implements IceInternal.Transceiver @Override public Ice.ConnectionInfo getInfo() { - NativeConnectionInfo info = new NativeConnectionInfo(); + ConnectionInfo info = new ConnectionInfo(); info.underlying = _delegate.getInfo(); info.incoming = _incoming; info.adapterName = _adapterName; info.cipher = _cipher; info.certs = _certs; info.verified = _verified; - info.nativeCerts = _nativeCerts; return info; } @@ -591,7 +578,6 @@ final class TransceiverI implements IceInternal.Transceiver private static ByteBuffer _emptyBuffer = ByteBuffer.allocate(0); // Used during handshaking. private String _cipher; - private String[] _certs; + private java.security.cert.Certificate[] _certs; private boolean _verified; - private java.security.cert.Certificate[] _nativeCerts; } diff --git a/java-compat/src/Ice/src/main/java/IceSSL/TrustManager.java b/java-compat/src/Ice/src/main/java/IceSSL/TrustManager.java index 71c52026f65..7310a52adfa 100644 --- a/java-compat/src/Ice/src/main/java/IceSSL/TrustManager.java +++ b/java-compat/src/Ice/src/main/java/IceSSL/TrustManager.java @@ -55,7 +55,7 @@ class TrustManager } boolean - verify(NativeConnectionInfo info, String desc) + verify(ConnectionInfo info, String desc) { java.util.List<java.util.List<java.util.List<RFC2253.RDNPair> > > reject = new java.util.LinkedList<java.util.List<java.util.List<RFC2253.RDNPair> > >(), @@ -126,9 +126,9 @@ class TrustManager // // If there is no certificate then we match false. // - if(info.nativeCerts != null && info.nativeCerts.length > 0) + if(info.certs != null && info.certs.length > 0) { - javax.security.auth.x500.X500Principal subjectDN = ((java.security.cert.X509Certificate)info.nativeCerts[0]).getSubjectX500Principal(); + javax.security.auth.x500.X500Principal subjectDN = ((java.security.cert.X509Certificate)info.certs[0]).getSubjectX500Principal(); String subjectName = subjectDN.getName(javax.security.auth.x500.X500Principal.RFC2253); assert subjectName != null; try diff --git a/java-compat/test/src/main/java/test/Ice/classLoader/CertificateVerifierI.java b/java-compat/test/src/main/java/test/Ice/classLoader/CertificateVerifierI.java index f51c6ccca20..0f838ca03dd 100644 --- a/java-compat/test/src/main/java/test/Ice/classLoader/CertificateVerifierI.java +++ b/java-compat/test/src/main/java/test/Ice/classLoader/CertificateVerifierI.java @@ -12,7 +12,7 @@ package test.Ice.classLoader; public class CertificateVerifierI implements IceSSL.CertificateVerifier { @Override - public boolean verify(IceSSL.NativeConnectionInfo info) + public boolean verify(IceSSL.ConnectionInfo info) { return true; } diff --git a/java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java b/java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java index e814b868807..39d1b92c132 100644 --- a/java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java +++ b/java-compat/test/src/main/java/test/IceSSL/configuration/AllTests.java @@ -304,13 +304,13 @@ public class AllTests java.security.cert.X509Certificate serverCert = loadCertificate(defaultDir + "/s_rsa_ca1.jks", "cert"); java.security.cert.X509Certificate caCert = loadCertificate(defaultDir + "/cacert1.jks", "ca"); - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 2); + test(info.certs.length == 2); test(info.verified); - test(caCert.equals(info.nativeCerts[1])); - test(serverCert.equals(info.nativeCerts[0])); + test(caCert.equals(info.certs[1])); + test(serverCert.equals(info.certs[0])); } catch(Exception ex) { @@ -778,7 +778,7 @@ public class AllTests out.print("testing certificate chains... "); out.flush(); { - IceSSL.NativeConnectionInfo info; + IceSSL.ConnectionInfo info; initData = createClientProps(defaultProperties, defaultDir, defaultHost, "", ""); initData.properties.setProperty("IceSSL.VerifyPeer", "0"); @@ -797,8 +797,8 @@ public class AllTests ServerPrx server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 1); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 1); test(!info.verified); } catch(Ice.LocalException ex) @@ -816,8 +816,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 1); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 1); test(!info.verified); } catch(Ice.LocalException ex) @@ -836,8 +836,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 2); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 2); } catch(Ice.LocalException ex) { @@ -862,8 +862,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 2); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 2); test(info.verified); } catch(Ice.LocalException ex) @@ -924,8 +924,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 3); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 3); test(info.verified); } catch(Ice.LocalException ex) @@ -969,8 +969,8 @@ public class AllTests server = fact.createServer(d); try { - info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 4); + info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 4); test(info.verified); } catch(Ice.LocalException ex) @@ -1062,7 +1062,7 @@ public class AllTests { String cipherSub = "DH_anon"; server.checkCipher(cipherSub); - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); test(info.cipher.indexOf(cipherSub) >= 0); } catch(Ice.LocalException ex) diff --git a/java-compat/test/src/main/java/test/IceSSL/configuration/CertificateVerifierI.java b/java-compat/test/src/main/java/test/IceSSL/configuration/CertificateVerifierI.java index 3d00f288558..8390df55404 100644 --- a/java-compat/test/src/main/java/test/IceSSL/configuration/CertificateVerifierI.java +++ b/java-compat/test/src/main/java/test/IceSSL/configuration/CertificateVerifierI.java @@ -19,14 +19,14 @@ public class CertificateVerifierI implements IceSSL.CertificateVerifier @Override public boolean - verify(IceSSL.NativeConnectionInfo info) + verify(IceSSL.ConnectionInfo info) { - if(info.nativeCerts != null) + if(info.certs != null) { try { java.util.Collection<java.util.List<?> > subjectAltNames = - ((java.security.cert.X509Certificate)info.nativeCerts[0]).getSubjectAlternativeNames(); + ((java.security.cert.X509Certificate)info.certs[0]).getSubjectAlternativeNames(); test(subjectAltNames != null); java.util.List<String> ipAddresses = new java.util.ArrayList<String>(); java.util.List<String> dnsNames = new java.util.ArrayList<String>(); @@ -53,7 +53,7 @@ public class CertificateVerifierI implements IceSSL.CertificateVerifier } } - _hadCert = info.nativeCerts != null; + _hadCert = info.certs != null; _invoked = true; return _returnValue; } diff --git a/java-compat/test/src/main/java/test/IceSSL/configuration/ServerI.java b/java-compat/test/src/main/java/test/IceSSL/configuration/ServerI.java index bc3bf04bdac..52961846961 100644 --- a/java-compat/test/src/main/java/test/IceSSL/configuration/ServerI.java +++ b/java-compat/test/src/main/java/test/IceSSL/configuration/ServerI.java @@ -23,7 +23,7 @@ class ServerI extends _ServerDisp { try { - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo(); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); test(info.certs == null); } catch(Ice.LocalException ex) @@ -38,10 +38,10 @@ class ServerI extends _ServerDisp { try { - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo(); - java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)info.nativeCerts[0]; + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); + java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)info.certs[0]; test(info.verified); - test(info.nativeCerts.length == 2 && + test(info.certs.length == 2 && cert.getSubjectDN().toString().equals(subjectDN) && cert.getIssuerDN().toString().equals(issuerDN)); } @@ -57,7 +57,7 @@ class ServerI extends _ServerDisp { try { - IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo(); + IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); test(info.cipher.indexOf(cipher) >= 0); } catch(Ice.LocalException ex) diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/CertificateVerifier.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/CertificateVerifier.java index a78009c865f..9210f8a703d 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/CertificateVerifier.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/CertificateVerifier.java @@ -22,5 +22,5 @@ public interface CertificateVerifier * @return <code>true</code> if the connection should be accepted; * <code>false</code>, otherwise. **/ - boolean verify(NativeConnectionInfo info); + boolean verify(ConnectionInfo info); } diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java index 6612814e329..4302a129fc4 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java @@ -47,7 +47,7 @@ class Instance extends com.zeroc.IceInternal.ProtocolInstance _engine.traceConnection(desc, engine, incoming); } - void verifyPeer(String address, NativeConnectionInfo info, String desc) + void verifyPeer(String address, ConnectionInfo info, String desc) { _engine.verifyPeer(address, info, desc); } diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/NativeConnectionInfo.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/NativeConnectionInfo.java deleted file mode 100644 index 4815c468641..00000000000 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/NativeConnectionInfo.java +++ /dev/null @@ -1,28 +0,0 @@ -// ********************************************************************** -// -// Copyright (c) 2003-2017 ZeroC, Inc. All rights reserved. -// -// This copy of Ice is licensed to you under the terms described in the -// ICE_LICENSE file included in this distribution. -// -// ********************************************************************** - -package com.zeroc.IceSSL; - -/** - * - * This class is a native extension of the Slice local class - * IceSSL::ConnectionInfo. It provides access to the native Java - * certificates. - * - * @see CertificateVerifier - **/ -public class NativeConnectionInfo extends ConnectionInfo -{ - /** - * The certificate chain. This may be null if the peer did not - * supply a certificate. The peer's certificate (if any) is the - * first one in the chain. - **/ - public java.security.cert.Certificate[] nativeCerts; -} diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java index 048c63c081e..da0ba6d11d0 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java @@ -976,7 +976,7 @@ class SSLEngine return _communicator; } - void verifyPeer(String address, NativeConnectionInfo info, String desc) + void verifyPeer(String address, ConnectionInfo info, String desc) { // // IceSSL.VerifyPeer is translated into the proper SSLEngine configuration @@ -990,10 +990,10 @@ class SSLEngine } } - if(_verifyDepthMax > 0 && info.nativeCerts != null && info.nativeCerts.length > _verifyDepthMax) + if(_verifyDepthMax > 0 && info.certs != null && info.certs.length > _verifyDepthMax) { String msg = (info.incoming ? "incoming" : "outgoing") + " connection rejected:\n" + - "length of peer's certificate chain (" + info.nativeCerts.length + ") exceeds maximum of " + + "length of peer's certificate chain (" + info.certs.length + ") exceeds maximum of " + _verifyDepthMax + "\n" + desc; if(_securityTraceLevel >= 1) { diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java index b69a8858564..6cc60684096 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java @@ -74,29 +74,17 @@ final class TransceiverI implements com.zeroc.IceInternal.Transceiver java.security.cert.Certificate[] pcerts = session.getPeerCertificates(); java.security.cert.Certificate[] vcerts = _instance.engine().getVerifiedCertificateChain(pcerts); _verified = vcerts != null; - _nativeCerts = _verified ? vcerts : pcerts; - java.util.ArrayList<String> certs = new java.util.ArrayList<>(); - for(java.security.cert.Certificate c : _nativeCerts) - { - StringBuilder s = new StringBuilder("-----BEGIN CERTIFICATE-----\n"); - s.append(Base64.getEncoder().encodeToString(c.getEncoded())); - s.append("\n-----END CERTIFICATE-----"); - certs.add(s.toString()); - } - _certs = certs.toArray(new String[certs.size()]); + _certs = _verified ? vcerts : pcerts; } catch(javax.net.ssl.SSLPeerUnverifiedException ex) { // No peer certificates. } - catch(java.security.cert.CertificateEncodingException ex) - { - } // // Additional verification. // - _instance.verifyPeer(_host, (NativeConnectionInfo)getInfo(), _delegate.toString()); + _instance.verifyPeer(_host, (com.zeroc.IceSSL.ConnectionInfo)getInfo(), _delegate.toString()); if(_instance.securityTraceLevel() >= 1) { @@ -293,14 +281,13 @@ final class TransceiverI implements com.zeroc.IceInternal.Transceiver @Override public com.zeroc.Ice.ConnectionInfo getInfo() { - NativeConnectionInfo info = new NativeConnectionInfo(); + ConnectionInfo info = new ConnectionInfo(); info.underlying = _delegate.getInfo(); info.incoming = _incoming; info.adapterName = _adapterName; info.cipher = _cipher; info.certs = _certs; info.verified = _verified; - info.nativeCerts = _nativeCerts; return info; } @@ -594,7 +581,6 @@ final class TransceiverI implements com.zeroc.IceInternal.Transceiver private static ByteBuffer _emptyBuffer = ByteBuffer.allocate(0); // Used during handshaking. private String _cipher; - private String[] _certs; + private java.security.cert.Certificate[] _certs; private boolean _verified; - private java.security.cert.Certificate[] _nativeCerts; } diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java index 222791df9d6..12ced2676c0 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java @@ -55,7 +55,7 @@ class TrustManager } boolean - verify(NativeConnectionInfo info, String desc) + verify(ConnectionInfo info, String desc) { java.util.List<java.util.List<java.util.List<RFC2253.RDNPair> > > reject = new java.util.LinkedList<java.util.List<java.util.List<RFC2253.RDNPair> > >(), @@ -126,10 +126,10 @@ class TrustManager // // If there is no certificate then we match false. // - if(info.nativeCerts != null && info.nativeCerts.length > 0) + if(info.certs != null && info.certs.length > 0) { javax.security.auth.x500.X500Principal subjectDN = - ((java.security.cert.X509Certificate)info.nativeCerts[0]).getSubjectX500Principal(); + ((java.security.cert.X509Certificate)info.certs[0]).getSubjectX500Principal(); String subjectName = subjectDN.getName(javax.security.auth.x500.X500Principal.RFC2253); assert subjectName != null; try diff --git a/java/src/IceGridGUI/src/main/java/com/zeroc/IceGridGUI/Coordinator.java b/java/src/IceGridGUI/src/main/java/com/zeroc/IceGridGUI/Coordinator.java index 4e117317372..96d86274fd5 100644 --- a/java/src/IceGridGUI/src/main/java/com/zeroc/IceGridGUI/Coordinator.java +++ b/java/src/IceGridGUI/src/main/java/com/zeroc/IceGridGUI/Coordinator.java @@ -1331,7 +1331,7 @@ public class Coordinator class AcceptInvalidCertDialog implements Runnable { - public TrustDecision show(com.zeroc.IceSSL.NativeConnectionInfo info, boolean validDate, + public TrustDecision show(com.zeroc.IceSSL.ConnectionInfo info, boolean validDate, boolean validAlternateName, boolean trustedCA) { _info = info; @@ -1377,7 +1377,7 @@ public class Coordinator } } - private com.zeroc.IceSSL.NativeConnectionInfo _info; + private com.zeroc.IceSSL.ConnectionInfo _info; private boolean _validDate; private boolean _validAlternateName; private boolean _trustedCA; @@ -1385,14 +1385,14 @@ public class Coordinator } @Override - public boolean verify(com.zeroc.IceSSL.NativeConnectionInfo info) + public boolean verify(com.zeroc.IceSSL.ConnectionInfo info) { - if(!(info.nativeCerts[0] instanceof X509Certificate)) + if(!(info.certs[0] instanceof X509Certificate)) { return false; } - X509Certificate cert = (X509Certificate) info.nativeCerts[0]; + X509Certificate cert = (X509Certificate) info.certs[0]; byte[] encoded; try { @@ -1585,7 +1585,7 @@ public class Coordinator if(decision == TrustDecision.YesThisTime) { - _transientCert = (X509Certificate) info.nativeCerts[0]; + _transientCert = (X509Certificate) info.certs[0]; return true; } else if(decision == TrustDecision.YesAlways) @@ -1602,7 +1602,7 @@ public class Coordinator break; } } - _trustedServerKeyStore.setCertificateEntry(CN, info.nativeCerts[0]); + _trustedServerKeyStore.setCertificateEntry(CN, info.certs[0]); _trustedServerKeyStore.store(new FileOutputStream(getDataDirectory() + "/ServerCerts.jks"), new char[]{}); sessionKeeper.certificateManager(parent).load(); @@ -3604,7 +3604,7 @@ public class Coordinator static class UntrustedCertificateDialog extends JDialog { - public UntrustedCertificateDialog(java.awt.Window owner, com.zeroc.IceSSL.NativeConnectionInfo info, + public UntrustedCertificateDialog(java.awt.Window owner, com.zeroc.IceSSL.ConnectionInfo info, boolean validDate, boolean validAlternateName, boolean trustedCA) throws java.security.GeneralSecurityException, java.io.IOException, javax.naming.InvalidNameException @@ -3615,7 +3615,7 @@ public class Coordinator Container contentPane = getContentPane(); contentPane.setLayout(new BoxLayout(contentPane, BoxLayout.Y_AXIS)); - X509Certificate cert = (X509Certificate)info.nativeCerts[0]; + X509Certificate cert = (X509Certificate)info.certs[0]; { DefaultFormBuilder builder = new DefaultFormBuilder(new FormLayout("pref", "pref")); builder.border(Borders.DIALOG); diff --git a/java/test/src/main/java/test/Ice/classLoader/CertificateVerifierI.java b/java/test/src/main/java/test/Ice/classLoader/CertificateVerifierI.java index c773510ff63..bdde7c379f0 100644 --- a/java/test/src/main/java/test/Ice/classLoader/CertificateVerifierI.java +++ b/java/test/src/main/java/test/Ice/classLoader/CertificateVerifierI.java @@ -12,7 +12,7 @@ package test.Ice.classLoader; public class CertificateVerifierI implements com.zeroc.IceSSL.CertificateVerifier { @Override - public boolean verify(com.zeroc.IceSSL.NativeConnectionInfo info) + public boolean verify(com.zeroc.IceSSL.ConnectionInfo info) { return true; } diff --git a/java/test/src/main/java/test/IceSSL/configuration/AllTests.java b/java/test/src/main/java/test/IceSSL/configuration/AllTests.java index 6fe3db303fa..be96d9f131f 100644 --- a/java/test/src/main/java/test/IceSSL/configuration/AllTests.java +++ b/java/test/src/main/java/test/IceSSL/configuration/AllTests.java @@ -300,14 +300,14 @@ public class AllTests java.security.cert.X509Certificate serverCert = loadCertificate(defaultDir + "/s_rsa_ca1.jks", "cert"); java.security.cert.X509Certificate caCert = loadCertificate(defaultDir + "/cacert1.jks", "ca"); - com.zeroc.IceSSL.NativeConnectionInfo info = - (com.zeroc.IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + com.zeroc.IceSSL.ConnectionInfo info = + (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 2); + test(info.certs.length == 2); test(info.verified); - test(caCert.equals(info.nativeCerts[1])); - test(serverCert.equals(info.nativeCerts[0])); + test(caCert.equals(info.certs[1])); + test(serverCert.equals(info.certs[0])); } catch(Exception ex) { @@ -776,7 +776,7 @@ public class AllTests out.print("testing certificate chains... "); out.flush(); { - com.zeroc.IceSSL.NativeConnectionInfo info; + com.zeroc.IceSSL.ConnectionInfo info; initData = createClientProps(defaultProperties, "", ""); initData.properties.setProperty("IceSSL.VerifyPeer", "0"); @@ -795,8 +795,8 @@ public class AllTests ServerPrx server = fact.createServer(d); try { - info = (com.zeroc.IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 1); + info = (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 1); test(!info.verified); } catch(com.zeroc.Ice.LocalException ex) @@ -814,8 +814,8 @@ public class AllTests server = fact.createServer(d); try { - info = (com.zeroc.IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 1); + info = (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 1); test(!info.verified); } catch(com.zeroc.Ice.LocalException ex) @@ -834,8 +834,8 @@ public class AllTests server = fact.createServer(d); try { - info = (com.zeroc.IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 2); + info = (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 2); } catch(com.zeroc.Ice.LocalException ex) { @@ -860,8 +860,8 @@ public class AllTests server = fact.createServer(d); try { - info = (com.zeroc.IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 2); + info = (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 2); test(info.verified); } catch(com.zeroc.Ice.LocalException ex) @@ -922,8 +922,8 @@ public class AllTests server = fact.createServer(d); try { - info = (com.zeroc.IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 3); + info = (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 3); test(info.verified); } catch(com.zeroc.Ice.LocalException ex) @@ -967,8 +967,8 @@ public class AllTests server = fact.createServer(d); try { - info = (com.zeroc.IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); - test(info.nativeCerts.length == 4); + info = (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + test(info.certs.length == 4); test(info.verified); } catch(com.zeroc.Ice.LocalException ex) @@ -1060,8 +1060,8 @@ public class AllTests { String cipherSub = "DH_anon"; server.checkCipher(cipherSub); - com.zeroc.IceSSL.NativeConnectionInfo info = - (com.zeroc.IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo(); + com.zeroc.IceSSL.ConnectionInfo info = + (com.zeroc.IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); test(info.cipher.indexOf(cipherSub) >= 0); } catch(com.zeroc.Ice.LocalException ex) diff --git a/java/test/src/main/java/test/IceSSL/configuration/CertificateVerifierI.java b/java/test/src/main/java/test/IceSSL/configuration/CertificateVerifierI.java index a1b885f68ea..5638677a435 100644 --- a/java/test/src/main/java/test/IceSSL/configuration/CertificateVerifierI.java +++ b/java/test/src/main/java/test/IceSSL/configuration/CertificateVerifierI.java @@ -17,14 +17,14 @@ public class CertificateVerifierI implements com.zeroc.IceSSL.CertificateVerifie } @Override - public boolean verify(com.zeroc.IceSSL.NativeConnectionInfo info) + public boolean verify(com.zeroc.IceSSL.ConnectionInfo info) { - if(info.nativeCerts != null) + if(info.certs != null) { try { java.util.Collection<java.util.List<?> > subjectAltNames = - ((java.security.cert.X509Certificate)info.nativeCerts[0]).getSubjectAlternativeNames(); + ((java.security.cert.X509Certificate)info.certs[0]).getSubjectAlternativeNames(); test(subjectAltNames != null); java.util.List<String> ipAddresses = new java.util.ArrayList<>(); java.util.List<String> dnsNames = new java.util.ArrayList<>(); @@ -51,7 +51,7 @@ public class CertificateVerifierI implements com.zeroc.IceSSL.CertificateVerifie } } - _hadCert = info.nativeCerts != null; + _hadCert = info.certs != null; _invoked = true; return _returnValue; } diff --git a/java/test/src/main/java/test/IceSSL/configuration/ServerI.java b/java/test/src/main/java/test/IceSSL/configuration/ServerI.java index 742eb5908b0..f6869a155ab 100644 --- a/java/test/src/main/java/test/IceSSL/configuration/ServerI.java +++ b/java/test/src/main/java/test/IceSSL/configuration/ServerI.java @@ -23,7 +23,7 @@ class ServerI implements Server { try { - com.zeroc.IceSSL.NativeConnectionInfo info = (com.zeroc.IceSSL.NativeConnectionInfo)current.con.getInfo(); + com.zeroc.IceSSL.ConnectionInfo info = (com.zeroc.IceSSL.ConnectionInfo)current.con.getInfo(); test(info.certs == null); } catch(com.zeroc.Ice.LocalException ex) @@ -38,10 +38,10 @@ class ServerI implements Server { try { - com.zeroc.IceSSL.NativeConnectionInfo info = (com.zeroc.IceSSL.NativeConnectionInfo)current.con.getInfo(); - java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)info.nativeCerts[0]; + com.zeroc.IceSSL.ConnectionInfo info = (com.zeroc.IceSSL.ConnectionInfo)current.con.getInfo(); + java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)info.certs[0]; test(info.verified); - test(info.nativeCerts.length == 2 && + test(info.certs.length == 2 && cert.getSubjectDN().toString().equals(subjectDN) && cert.getIssuerDN().toString().equals(issuerDN)); } @@ -56,7 +56,7 @@ class ServerI implements Server { try { - com.zeroc.IceSSL.NativeConnectionInfo info = (com.zeroc.IceSSL.NativeConnectionInfo)current.con.getInfo(); + com.zeroc.IceSSL.ConnectionInfo info = (com.zeroc.IceSSL.ConnectionInfo)current.con.getInfo(); test(info.cipher.indexOf(cipher) >= 0); } catch(com.zeroc.Ice.LocalException ex) diff --git a/objective-c/src/IceSSL/ConnectionInfoI.mm b/objective-c/src/IceSSL/ConnectionInfoI.mm index 91dfd31199a..a836f065b75 100644 --- a/objective-c/src/IceSSL/ConnectionInfoI.mm +++ b/objective-c/src/IceSSL/ConnectionInfoI.mm @@ -14,6 +14,8 @@ #include <IceSSL/ConnectionInfo.h> +using namespace std; + @implementation ICESSLConnectionInfo (IceSSL) +(void) load @@ -26,8 +28,14 @@ self = [super initWithConnectionInfo:sslConnectionInfo]; if(self) { + Ice::StringSeq sslCerts; + for(vector<IceSSL::CertificatePtr>::const_iterator i = sslConnectionInfo->certs.begin(); + i != sslConnectionInfo->certs.end(); ++i) + { + sslCerts.push_back((*i)->encode()); + } self->cipher = [[NSString alloc] initWithUTF8String:sslConnectionInfo->cipher.c_str()]; - self->certs = toNSArray(sslConnectionInfo->certs); + self->certs = toNSArray(sslCerts); self->verified = sslConnectionInfo->verified; } return self; diff --git a/php/src/php5/Connection.cpp b/php/src/php5/Connection.cpp index 8a894b2457a..d845f548768 100644 --- a/php/src/php5/Connection.cpp +++ b/php/src/php5/Connection.cpp @@ -747,10 +747,18 @@ IcePHP::createConnectionInfo(zval* zv, const Ice::ConnectionInfoPtr& p TSRMLS_DC add_property_string(zv, STRCAST("cipher"), const_cast<char*>(info->cipher.c_str()), 1); add_property_bool(zv, STRCAST("verified"), info->verified ? 1 : 0); + zval* zarr; MAKE_STD_ZVAL(zarr); AutoDestroy listDestroyer(zarr); - if(createStringArray(zarr, info->certs TSRMLS_CC)) + + Ice::StringSeq encoded; + for(vector<IceSSL::CertificatePtr>::const_iterator i = info->certs.begin(); i != info->certs.end(); ++i) + { + encoded.push_back((*i)->encode()); + } + + if(createStringArray(zarr, encoded TSRMLS_CC)) { add_property_zval(zv, STRCAST("certs"), zarr); } diff --git a/php/src/php7/Connection.cpp b/php/src/php7/Connection.cpp index 0afade3d709..7c2bf854ac3 100644 --- a/php/src/php7/Connection.cpp +++ b/php/src/php7/Connection.cpp @@ -763,7 +763,14 @@ IcePHP::createConnectionInfo(zval* zv, const Ice::ConnectionInfoPtr& p) zval zarr; AutoDestroy listDestroyer(&zarr); - if(createStringArray(&zarr, info->certs)) + + Ice::StringSeq encoded; + for(vector<IceSSL::CertificatePtr>::const_iterator i = info->certs.begin(); i != info->certs.end(); ++i) + { + encoded.push_back((*i)->encode()); + } + + if(createStringArray(&zarr, encoded)) { add_property_zval(zv, STRCAST("certs"), &zarr); } diff --git a/python/modules/IcePy/ConnectionInfo.cpp b/python/modules/IcePy/ConnectionInfo.cpp index 27edce314d3..e2f67980927 100644 --- a/python/modules/IcePy/ConnectionInfo.cpp +++ b/python/modules/IcePy/ConnectionInfo.cpp @@ -233,7 +233,12 @@ sslConnectionInfoGetCerts(ConnectionInfoObject* self) IceSSL::ConnectionInfoPtr info = IceSSL::ConnectionInfoPtr::dynamicCast(*self->connectionInfo); assert(info); PyObject* certs = PyList_New(0); - stringSeqToList(info->certs, certs); + Ice::StringSeq encoded; + for(vector<IceSSL::CertificatePtr>::const_iterator i = info->certs.begin(); i != info->certs.end(); ++i) + { + encoded.push_back((*i)->encode()); + } + stringSeqToList(encoded, certs); return certs; } diff --git a/ruby/src/IceRuby/Connection.cpp b/ruby/src/IceRuby/Connection.cpp index 4f6b615ffc2..03e872ea8fb 100644 --- a/ruby/src/IceRuby/Connection.cpp +++ b/ruby/src/IceRuby/Connection.cpp @@ -385,7 +385,14 @@ IceRuby::createConnectionInfo(const Ice::ConnectionInfoPtr& p) IceSSL::ConnectionInfoPtr ssl = IceSSL::ConnectionInfoPtr::dynamicCast(p); rb_ivar_set(info, rb_intern("@cipher"), createString(ssl->cipher)); - rb_ivar_set(info, rb_intern("@certs"), stringSeqToArray(ssl->certs)); + + Ice::StringSeq encoded; + for(vector<IceSSL::CertificatePtr>::const_iterator i = ssl->certs.begin(); i != ssl->certs.end(); ++i) + { + encoded.push_back((*i)->encode()); + } + + rb_ivar_set(info, rb_intern("@certs"), stringSeqToArray(encoded)); rb_ivar_set(info, rb_intern("@verified"), ssl->verified ? Qtrue : Qfalse); } else if(Ice::IPConnectionInfoPtr::dynamicCast(p)) diff --git a/scripts/tests/IceSSL/configuration.py b/scripts/tests/IceSSL/configuration.py index 94e86e5733b..cbf1ef5051f 100644 --- a/scripts/tests/IceSSL/configuration.py +++ b/scripts/tests/IceSSL/configuration.py @@ -49,7 +49,7 @@ class ConfigurationTestCase(ClientServerTestCase): def getOpenSSLCommand(self): if isinstance(platform, Windows): - return os.path.join(self.getPath(), "..", "..", "..", "msbuild", "packages", "openssl.v140.1.0.2.1", + return os.path.join(self.getPath(), "..", "..", "..", "msbuild", "packages", "zeroc.openssl.v140.1.0.2.1", "build", "native", "bin", "Win32", "Release", "openssl.exe") else: return "openssl" diff --git a/slice/IceSSL/ConnectionInfo.ice b/slice/IceSSL/ConnectionInfo.ice index 558e28e5cfb..2992d100389 100644 --- a/slice/IceSSL/ConnectionInfo.ice +++ b/slice/IceSSL/ConnectionInfo.ice @@ -11,6 +11,8 @@ [["ice-prefix", "cpp:header-ext:h", "cpp:dll-export:ICESSL_API", "objc:header-dir:objc", "objc:dll-export:ICESSL_API", "js:ice-build"]] +[["cpp:include:IceSSL/Plugin.h"]] + #include <Ice/Connection.ice> #ifndef __SLICE2JAVA_COMPAT__ @@ -32,6 +34,9 @@ local class ConnectionInfo extends Ice::ConnectionInfo string cipher; /** The certificate chain. */ + ["cpp:type:std::vector<CertificatePtr>", + "java:type:java.security.cert.Certificate[]", + "cs:type:System.Security.Cryptography.X509Certificates.X509Certificate2[]"] Ice::StringSeq certs; /** The certificate chain verification status. */ diff --git a/slice/IceSSL/ConnectionInfoF.ice b/slice/IceSSL/ConnectionInfoF.ice new file mode 100644 index 00000000000..5babcaa39b2 --- /dev/null +++ b/slice/IceSSL/ConnectionInfoF.ice @@ -0,0 +1,24 @@ +// ********************************************************************** +// +// Copyright (c) 2003-2017 ZeroC, Inc. All rights reserved. +// +// This copy of Ice is licensed to you under the terms described in the +// ICE_LICENSE file included in this distribution. +// +// ********************************************************************** + +#pragma once + +[["ice-prefix", "cpp:header-ext:h", "cpp:dll-export:ICESSL_API", "objc:header-dir:objc", "objc:dll-export:ICESSL_API", "js:ice-build"]] + +#ifndef __SLICE2JAVA_COMPAT__ +[["java:package:com.zeroc"]] +#endif + +["objc:prefix:ICESSL"] +module IceSSL +{ + +local class ConnectionInfo; + +}; |