Refactored SSL and iAP transports, support for running SSL on top

of TCP/iAP/Bluetooth.

6 files changed, 99 insertions, 58 deletions

diff --git a/cpp/include/Ice/MetricsObserverI.h b/cpp/include/Ice/MetricsObserverI.h
index 78237a96eac..39b1f08f61b 100644
--- a/cpp/include/Ice/MetricsObserverI.h
+++ b/cpp/include/Ice/MetricsObserverI.h
@@ -183,7 +183,7 @@ protected:
             virtual std::string operator()(const Helper* r) const
             {
                 O o = (r->*_getFn)();
-                I* v = dynamic_cast<I*>(IceInternal::ReferenceWrapper<O>::get(o));
+                I* v = dynamicCast<I>(IceInternal::ReferenceWrapper<O>::get(o));
                 if(v)
                 {
                     return toString(v->*_member);
@@ -212,7 +212,7 @@ protected:
             virtual std::string operator()(const Helper* r) const
             {
                 O o = (r->*_getFn)();
-                I* v = dynamic_cast<I*>(IceInternal::ReferenceWrapper<O>::get(o));
+                I* v = dynamicCast<I>(IceInternal::ReferenceWrapper<O>::get(o));
                 if(v)
                 {
                     return toString((v->*_memberFn)());
@@ -229,6 +229,40 @@ protected:
             Y (I::*_memberFn)() const;
         };
 
+        template<typename I, typename V> static I*
+        dynamicCast(V* v)
+        {
+            return dynamic_cast<I*>(v);
+        }
+
+        template<typename I> static I*
+        dynamicCast(Ice::EndpointInfo* v)
+        {
+            for(Ice::EndpointInfo* info = v; info; info = info->underlying.get())
+            {
+                I* i = dynamic_cast<I*>(info);
+                if(i)
+                {
+                    return i;
+                }
+            }
+            return 0;
+        }
+
+        template<typename I> static I*
+        dynamicCast(Ice::ConnectionInfo* v)
+        {
+            for(Ice::ConnectionInfo* info = v; info; info = info->underlying.get())
+            {
+                I* i = dynamic_cast<I*>(info);
+                if(i)
+                {
+                    return i;
+                }
+            }
+            return 0;
+        }
+
         template<typename I> static std::string
         toString(const I& v)
         {
@@ -242,7 +276,7 @@ protected:
         {
             return p->ice_toString();
         }
-        
+
         static const std::string&
         toString(const std::string& s)
         {
diff --git a/cpp/include/Ice/RegisterPlugins.h b/cpp/include/Ice/RegisterPlugins.h
index 501811453e8..9d02facefdc 100644
--- a/cpp/include/Ice/RegisterPlugins.h
+++ b/cpp/include/Ice/RegisterPlugins.h
@@ -34,10 +34,6 @@ namespace Ice
 // inconsistent DLL linkage errors on Windows.
 //
 
-#ifndef ICE_API_EXPORTS
-ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceStringConverter(bool = true);
-#endif
-
 #ifndef ICE_SSL_API_EXPORTS
 ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceSSL(bool = true);
 #endif
@@ -54,6 +50,11 @@ ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceLocatorDiscovery(bool = true
 ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceBT(bool = true);
 #endif
 
+#if defined(__APPLE__) && TARGET_OS_IPHONE != 0
+#ifndef ICE_IAP_API_EXPORTS
+ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceIAP(bool = true);
+#endif
+#endif
 
 #if defined(_MSC_VER) && !defined(ICE_BUILDING_SRC)
 #   pragma comment(lib, ICE_LIBNAME("IceDiscovery"))
diff --git a/cpp/include/IceIAP/IceIAP.h b/cpp/include/IceIAP/IceIAP.h
new file mode 100644
index 00000000000..c494dc799e0
--- /dev/null
+++ b/cpp/include/IceIAP/IceIAP.h
@@ -0,0 +1,18 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2016 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#ifndef ICE_IAP_ICE_IAP_H
+#define ICE_IAP_ICE_IAP_H
+
+#include <IceUtil/PushDisableWarnings.h>
+#include <IceIAP/EndpointInfo.h>
+#include <IceIAP/ConnectionInfo.h>
+#include <IceUtil/PopDisableWarnings.h>
+
+#endif
diff --git a/cpp/include/IceSSL/Config.h b/cpp/include/IceSSL/Config.h
index db8648bdda7..61794c499ae 100644
--- a/cpp/include/IceSSL/Config.h
+++ b/cpp/include/IceSSL/Config.h
@@ -25,8 +25,15 @@
 
 #if defined(__APPLE__)
 #  define ICE_USE_SECURE_TRANSPORT 1
+#if defined(__APPLE__) && TARGET_OS_IPHONE != 0
+#  define ICE_USE_SECURE_TRANSPORT_IOS 1
+#else
+#  define ICE_USE_SECURE_TRANSPORT_MACOS 1
+#endif
 #elif defined(_WIN32)
-#  define ICE_USE_SCHANNEL 1
+#  if !defined(ICE_OS_WINRT)
+#    define ICE_USE_SCHANNEL 1
+#  endif
 #else
 #  define ICE_USE_OPENSSL 1
 #endif
diff --git a/cpp/include/IceSSL/IceSSL.h b/cpp/include/IceSSL/IceSSL.h
index 4f837df8920..a4e8719b6dc 100644
--- a/cpp/include/IceSSL/IceSSL.h
+++ b/cpp/include/IceSSL/IceSSL.h
@@ -12,7 +12,7 @@
 
 #include <IceUtil/PushDisableWarnings.h>
 #include <IceUtil/Config.h>
-#if !defined(ICE_OS_WINRT) && (!defined(__APPLE__) || TARGET_OS_IPHONE == 0)
+#if !defined(ICE_OS_WINRT)
 #   include <IceSSL/Plugin.h>
 #endif
 #include <IceSSL/EndpointInfo.h>
diff --git a/cpp/include/IceSSL/Plugin.h b/cpp/include/IceSSL/Plugin.h
index 91c25e0e1a2..6987dfa71ca 100644
--- a/cpp/include/IceSSL/Plugin.h
+++ b/cpp/include/IceSSL/Plugin.h
@@ -21,13 +21,16 @@
 
 // For struct sockaddr_storage
 #ifdef _WIN32
+#ifndef ICE_OS_WINRT
 #   include <winsock2.h>
+#endif
 #else
 #   include <sys/socket.h>
 #endif
 
 #if defined(ICE_USE_SECURE_TRANSPORT)
 #   include <CoreFoundation/CFError.h>
+#   include <Security/Security.h>
 #elif defined(ICE_USE_SCHANNEL)
 #   include <wincrypt.h>
 #endif
@@ -50,49 +53,26 @@
 // connections.
 //
 typedef struct ssl_ctx_st SSL_CTX;
+typedef struct X509_name_st X509NAME;
 
-//
-// Pointer to an opaque certificate object. X509_st is the OpenSSL
-// type that represents a certificate.
-//
 typedef struct x509_st* X509CertificateRef;
-
-//
-// EVP_PKEY is the OpenSSL type that represents a public key.
-//
 typedef struct evp_pkey_st* KeyRef;
 
-//
-// Type that represents an X509 distinguished name
-//
-typedef struct X509_name_st X509NAME;
-
 #elif defined(ICE_USE_SECURE_TRANSPORT)
 
-//
-// Pointer to an opaque certificate object.
-//
-struct OpaqueSecCertificateRef;
-typedef struct OpaqueSecCertificateRef* X509CertificateRef;
-
-//
-// Pointer to an opaque key object.
-//
-struct OpaqueSecKeyRef;
-typedef struct OpaqueSecKeyRef* KeyRef;
+typedef SecCertificateRef X509CertificateRef;
+typedef SecKeyRef KeyRef;
 
 #elif defined(ICE_USE_SCHANNEL)
 
-//
-// Pointer to an opaque certificate object.
-//
 typedef CERT_SIGNED_CONTENT_INFO* X509CertificateRef;
-
-//
-// Pointer to an opaque key object.
-//
 typedef CERT_PUBLIC_KEY_INFO* KeyRef;
 
+#elif defined(ICE_OS_WINRT)
+
+typedef Windows::Security::Cryptography::Certificates::Certificate^ X509CertificateRef;
+typedef Windows::Security::Cryptography::Core::CryptographicKey^ KeyRef;
+
 #endif
 
 namespace IceSSL
@@ -232,6 +212,10 @@ public:
     DistinguishedName(X509NAME*);
 #endif
 
+#if defined(__APPLE__) && TARGET_OS_IPHONE != 0
+    DistinguishedName(CFDataRef);
+#endif
+
     //
     // Create a DistinguishedName from a string encoded using
     // the rules in RFC2253.
@@ -288,8 +272,8 @@ public:
     // Construct a certificate using a native certificate.
     //
     // The Certificate class assumes ownership of the given native
-    // certificate.
     //
+    // certificate.
     Certificate(X509CertificateRef);
     ~Certificate();
 
@@ -344,6 +328,8 @@ public:
     //
     std::string encode() const;
 
+#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0
+
     //
     // Checks that the certificate is currently valid, that is, the current
     // date falls between the validity period given in the certificate.
@@ -364,6 +350,7 @@ public:
     // Get the not-before validity time.
     //
     IceUtil::Time getNotBefore() const;
+#endif
 
     //
     // Get the serial number. This is an arbitrarily large number.
@@ -385,6 +372,7 @@ public:
     //
     DistinguishedName getIssuerDN() const;
 
+#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0
     //
     // Get the values in the issuer's alternative names extension.
     //
@@ -412,16 +400,19 @@ public:
     // X509* certificate to obtain these values.
     //
     std::vector<std::pair<int, std::string> > getIssuerAlternativeNames();
+#endif
 
     //
     // Get the subject's distinguished name (DN).
     //
     DistinguishedName getSubjectDN() const;
 
+#if !defined(__APPLE__) || TARGET_OS_IPHONE == 0
     //
     // See the comment for getIssuerAlternativeNames.
     //
     std::vector<std::pair<int, std::string> > getSubjectAlternativeNames();
+#endif
 
     //
     // Retrieve the certificate version number.
@@ -453,6 +444,13 @@ private:
 #ifdef ICE_USE_SCHANNEL
     CERT_INFO* _certInfo;
 #endif
+#if defined(__APPLE__) && TARGET_OS_IPHONE != 0
+    void initializeAttributes() const;
+    mutable CFDataRef _subject;
+    mutable CFDataRef _issuer;
+    mutable std::string _serial;
+    mutable int _version;
+#endif
 };
 
 //
@@ -473,23 +471,6 @@ public:
 ICE_DEFINE_PTR(NativeConnectionInfoPtr, NativeConnectionInfo);
 
 //
-// WSSNativeConnectionInfo is an extension of IceSSL::WSSConnectionInfo
-// that provides access to native certificates.
-//
-class ICE_SSL_API WSSNativeConnectionInfo : public WSSConnectionInfo
-{
-public:
-
-    //
-    // The certificate chain. This may be empty if the peer did not
-    // supply a certificate. The peer's certificate (if any) is the
-    // first one in the chain.
-    //
-    std::vector<CertificatePtr> nativeCerts;
-};
-ICE_DEFINE_PTR(WSSNativeConnectionInfoPtr, WSSNativeConnectionInfo);
-
-//
 // An application can customize the certificate verification process
 // by implementing the CertificateVerifier interface.
 //