summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Spruiell <mes@zeroc.com>2015-05-08 11:39:50 -0700
committerMark Spruiell <mes@zeroc.com>2015-05-08 11:39:50 -0700
commit6bfc554e86dffc23fe2a305b9fc5fe03196d012a (patch)
tree8c79645f7850e66ca05fc5416a6f7fcf05c5abe6
parentICE-6493 fixed ObjC enum sequence marshalling/unmarshalling (diff)
downloadice-6bfc554e86dffc23fe2a305b9fc5fe03196d012a.tar.bz2
ice-6bfc554e86dffc23fe2a305b9fc5fe03196d012a.tar.xz
ice-6bfc554e86dffc23fe2a305b9fc5fe03196d012a.zip
changing checkPath in IceSSL/C++
Diffstat
-rw-r--r--cpp/src/IceSSL/OpenSSLEngine.cpp94
-rw-r--r--cpp/src/IceSSL/SChannelEngine.cpp12
-rw-r--r--cpp/src/IceSSL/SecureTransportEngine.cpp23
-rw-r--r--cpp/src/IceSSL/Util.cpp23
-rw-r--r--cpp/src/IceSSL/Util.h2
5 files changed, 106 insertions, 48 deletions
diff --git a/cpp/src/IceSSL/OpenSSLEngine.cpp b/cpp/src/IceSSL/OpenSSLEngine.cpp
index cc617008547..7fa6a6471d6 100644
--- a/cpp/src/IceSSL/OpenSSLEngine.cpp
+++ b/cpp/src/IceSSL/OpenSSLEngine.cpp
@@ -245,15 +245,16 @@ OpenSSLEngine::OpenSSLEngine(const CommunicatorPtr& communicator) :
for(vector<string>::iterator p = files.begin(); p != files.end(); ++p)
{
string file = *p;
- if(!checkPath(file, defaultDir, false))
+ string resolved;
+ if(!checkPath(file, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: entropy data file not found:\n" + file);
}
- if(!RAND_load_file(file.c_str(), 1024))
+ if(!RAND_load_file(resolved.c_str(), 1024))
{
throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: unable to load entropy data from " + file);
+ "IceSSL: unable to load entropy data from " + resolved);
}
}
}
@@ -395,42 +396,65 @@ OpenSSLEngine::initialize()
// Establish the location of CA certificates.
//
{
- string caFile = properties->getProperty(propPrefix + "CAs");
- string caDir;
- if(!caFile.empty())
- {
- if(!checkPath(caFile, defaultDir, false) && checkPath(caFile, defaultDir, true))
- {
- caDir = caFile;
- caFile = "";
- }
- }
- else
- {
- // Deprecated properties
- caFile = properties->getProperty(propPrefix + "CertAuthFile");
- caDir = properties->getProperty(propPrefix + "CertAuthDir");
- }
+ string path = properties->getProperty(propPrefix + "CAs");
+ string resolved;
const char* file = 0;
const char* dir = 0;
- if(!caFile.empty())
+ if(!path.empty())
{
- if(!checkPath(caFile, defaultDir, false))
+ if(checkPath(path, defaultDir, false, resolved))
+ {
+ path = resolved;
+ file = path.c_str();
+ }
+
+ if(!file)
+ {
+ if(checkPath(path, defaultDir, true, resolved))
+ {
+ path = resolved;
+ dir = path.c_str();
+ }
+ }
+
+ if(!file && !dir)
{
throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: CA certificate file not found:\n" + caFile);
+ "IceSSL: CA certificate path not found:\n" + path);
}
- file = caFile.c_str();
}
- if(!caDir.empty())
+
+ if(!file && !dir)
{
- if(!checkPath(caDir, defaultDir, true))
+ // Deprecated properties
+ path = properties->getProperty(propPrefix + "CertAuthFile");
+ if(!path.empty())
{
- throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: CA certificate directory not found:\n" + caDir);
+ if(!checkPath(path, defaultDir, false, resolved))
+ {
+ throw PluginInitializationException(__FILE__, __LINE__,
+ "IceSSL: CA certificate file not found:\n" + path);
+ }
+ path = resolved;
+ file = path.c_str();
+ }
+ else
+ {
+ path = properties->getProperty(propPrefix + "CertAuthDir");
+ if(!path.empty())
+ {
+ if(!checkPath(path, defaultDir, true, resolved))
+ {
+ throw PluginInitializationException(__FILE__, __LINE__,
+ "IceSSL: CA certificate directory not found:\n" +
+ path);
+ }
+ path = resolved;
+ dir = path.c_str();
+ }
}
- dir = caDir.c_str();
}
+
if(file || dir)
{
//
@@ -442,7 +466,7 @@ OpenSSLEngine::initialize()
while(count < passwordRetryMax)
{
ERR_clear_error();
- if((success = SSL_CTX_load_verify_locations(_ctx, file, dir))|| !passwordError())
+ if((success = SSL_CTX_load_verify_locations(_ctx, file, dir)) || !passwordError())
{
break;
}
@@ -493,11 +517,13 @@ OpenSSLEngine::initialize()
for(vector<string>::iterator p = files.begin(); p != files.end(); ++p)
{
string file = *p;
- if(!checkPath(file, defaultDir, false))
+ string resolved;
+ if(!checkPath(file, defaultDir, false, resolved))
{
PluginInitializationException ex(__FILE__, __LINE__,
"IceSSL: certificate file not found:\n" + file);
}
+ file = resolved;
//
// First we try to load the certificate using PKCS12 format if that fails
// we fallback to PEM format.
@@ -665,10 +691,12 @@ OpenSSLEngine::initialize()
for(vector<string>::iterator p = files.begin(); p != files.end(); ++p)
{
string file = *p;
- if(!checkPath(file, defaultDir, false))
+ string resolved;
+ if(!checkPath(file, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + file);
}
+ file = resolved;
//
// The private key may be stored in an encrypted file, so handle password retries.
//
@@ -739,11 +767,13 @@ OpenSSLEngine::initialize()
if(keyLength > 0)
{
string file = p->second;
- if(!checkPath(file, defaultDir, false))
+ string resolved;
+ if(!checkPath(file, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: DH parameter file not found:\n" + file);
}
+ file = resolved;
if(!_dhParams->add(keyLength, file))
{
throw PluginInitializationException(__FILE__, __LINE__,
diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/IceSSL/SChannelEngine.cpp
index 4b574b84934..107544e683a 100644
--- a/cpp/src/IceSSL/SChannelEngine.cpp
+++ b/cpp/src/IceSSL/SChannelEngine.cpp
@@ -290,13 +290,14 @@ SChannelEngine::initialize()
}
if(!caFile.empty())
{
- if(!checkPath(caFile, defaultDir, false))
+ string resolved;
+ if(!checkPath(caFile, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: CA certificate file not found:\n" + caFile);
}
- addCertificatesToStore(caFile, _rootStore);
+ addCertificatesToStore(resolved, _rootStore);
}
if(_rootStore)
@@ -372,11 +373,13 @@ SChannelEngine::initialize()
for(size_t i = 0; i < certFiles.size(); ++i)
{
string certFile = certFiles[i];
- if(!checkPath(certFile, defaultDir, false))
+ string resolved;
+ if(!checkPath(certFile, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: certificate file not found:\n" + certFile);
}
+ certFile = resolved;
vector<char> buffer;
readFile(certFile, buffer);
@@ -463,10 +466,11 @@ SChannelEngine::initialize()
err = 0;
keyFile = keyFiles[i];
- if(!checkPath(keyFile, defaultDir, false))
+ if(!checkPath(keyFile, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile);
}
+ keyFile = resolved;
readFile(keyFile, buffer);
if(buffer.empty())
diff --git a/cpp/src/IceSSL/SecureTransportEngine.cpp b/cpp/src/IceSSL/SecureTransportEngine.cpp
index a7102f64279..41fb805b133 100644
--- a/cpp/src/IceSSL/SecureTransportEngine.cpp
+++ b/cpp/src/IceSSL/SecureTransportEngine.cpp
@@ -912,12 +912,13 @@ IceSSL::SecureTransportEngine::initialize()
}
if(!caFile.empty())
{
- if(!checkPath(caFile, defaultDir, false))
+ string resolved;
+ if(!checkPath(caFile, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: CA certificate file not found:\n" + caFile);
}
- _certificateAuthorities = loadCACertificates(caFile);
+ _certificateAuthorities = loadCACertificates(resolved);
}
else if(properties->getPropertyAsInt("IceSSL.UsePlatformCAs") <= 0)
{
@@ -964,15 +965,22 @@ IceSSL::SecureTransportEngine::initialize()
{
string file = files[i];
string keyFile = keyFiles.empty() ? "" : keyFiles[i];
+ string resolved;
- if(!checkPath(file, defaultDir, false))
+ if(!checkPath(file, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: certificate file not found:\n" + file);
}
- if(!keyFile.empty() && !checkPath(keyFile, defaultDir, false))
+ file = resolved;
+
+ if(!keyFile.empty())
{
- throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile);
+ if(!checkPath(keyFile, defaultDir, false, resolved))
+ {
+ throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile);
+ }
+ keyFile = resolved;
}
try
@@ -1047,12 +1055,13 @@ IceSSL::SecureTransportEngine::initialize()
string dhFile = properties->getProperty("IceSSL.DHParams");
if(!dhFile.empty())
{
- if(!checkPath(dhFile, defaultDir, false))
+ string resolved;
+ if(!checkPath(dhFile, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: DH params file not found:\n" + dhFile);
}
- readFile(dhFile, _dhParams);
+ readFile(resolved, _dhParams);
}
//
diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/Util.cpp
index a95ef6ff8d5..e5c141de149 100644
--- a/cpp/src/IceSSL/Util.cpp
+++ b/cpp/src/IceSSL/Util.cpp
@@ -1196,20 +1196,35 @@ IceSSL::findCertificates(const string& location, const string& name, const strin
#endif
bool
-IceSSL::checkPath(string& path, const string& defaultDir, bool dir)
+IceSSL::checkPath(const string& path, const string& defaultDir, bool dir, string& resolved)
{
if(IceUtilInternal::isAbsolutePath(path))
{
- return dir ? IceUtilInternal::directoryExists(path) : IceUtilInternal::fileExists(path);
+ if((dir && IceUtilInternal::directoryExists(path)) || (!dir && IceUtilInternal::fileExists(path)))
+ {
+ resolved = path;
+ return true;
+ }
+ return false;
}
//
// If a default directory is provided, the given path is relative to the default directory.
//
+ string tmp;
if(!defaultDir.empty())
{
- path = defaultDir + IceUtilInternal::separator + path;
+ tmp = defaultDir + IceUtilInternal::separator + path;
+ }
+ else
+ {
+ tmp = path;
}
- return dir ? IceUtilInternal::directoryExists(path) : IceUtilInternal::fileExists(path);
+ if((dir && IceUtilInternal::directoryExists(tmp)) || (!dir && IceUtilInternal::fileExists(tmp)))
+ {
+ resolved = tmp;
+ return true;
+ }
+ return false;
}
diff --git a/cpp/src/IceSSL/Util.h b/cpp/src/IceSSL/Util.h
index e0c109ff250..33c9cb2f763 100644
--- a/cpp/src/IceSSL/Util.h
+++ b/cpp/src/IceSSL/Util.h
@@ -186,7 +186,7 @@ void readFile(const std::string&, std::vector<char>&);
// Determine if a file or directory exists, with an optional default
// directory.
//
-bool checkPath(std::string&, const std::string&, bool);
+bool checkPath(const std::string&, const std::string&, bool, std::string&);
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 18:42:16 +0000