diff options
| author | Anthony Neal <aneal@zeroc.com> | 2002-03-05 14:26:38 +0000 |
|---|---|---|
| committer | Anthony Neal <aneal@zeroc.com> | 2002-03-05 14:26:38 +0000 |
| commit | 088253dd72c4e65cf8230719def050d0d043aa92 (patch) | |
| tree | b54fc12cc78cef3eca7c57de368c116dfa4307bb /cpp/src | |
| parent | bug fix for dispatching new operations (diff) | |
| download | ice-088253dd72c4e65cf8230719def050d0d043aa92.tar.bz2 ice-088253dd72c4e65cf8230719def050d0d043aa92.tar.xz ice-088253dd72c4e65cf8230719def050d0d043aa92.zip | |
Big check in. Glacier client authentication (certificate verification) has
been added, SSL logging has been removed, a few clean-ups have taken
place. Getting ready for SSL Extension refactoring.
Diffstat (limited to 'cpp/src')
54 files changed, 1453 insertions, 834 deletions
diff --git a/cpp/src/Freeze/.depend b/cpp/src/Freeze/.depend index a6612f905dd..fc8c8736946 100644 --- a/cpp/src/Freeze/.depend +++ b/cpp/src/Freeze/.depend @@ -1 +1,7 @@ +DB.o: DB.cpp ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../../include/Freeze/DB.h ../../include/Ice/CommunicatorF.h ../../include/Freeze/DBException.h ../../include/Freeze/DBF.h ../../include/Freeze/EvictorF.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/ObjectFactory.h DBException.o: DBException.cpp ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../../include/Freeze/DBException.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/ObjectFactory.h +Evictor.o: Evictor.cpp ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../../include/Freeze/Evictor.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ServantLocator.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Freeze/DBException.h ../../include/Freeze/DBF.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Object.h ../../include/Ice/ObjectFactory.h +DBI.o: DBI.cpp ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Freeze/DBException.h ../Freeze/DBI.h ../../include/IceUtil/IceUtil.h ../../include/IceUtil/Functional.h ../../include/IceUtil/Unicode.h ../../include/IceUtil/UUID.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/RecMutex.h ../../include/IceUtil/RWRecMutex.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Thread.h ../../include/IceUtil/Base64.h ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../../include/Freeze/DB.h ../../include/Freeze/DBF.h ../../include/Freeze/EvictorF.h ../Freeze/EvictorI.h ../../include/Freeze/Evictor.h ../Freeze/IdentityObjectDict.h ../../include/Freeze/Map.h ../../include/Freeze/Initialize.h +EvictorI.o: EvictorI.cpp ../../include/Ice/Object.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/StreamF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../Freeze/EvictorI.h ../../include/IceUtil/IceUtil.h ../../include/IceUtil/Functional.h ../../include/IceUtil/Unicode.h ../../include/IceUtil/UUID.h ../../include/IceUtil/RecMutex.h ../../include/IceUtil/RWRecMutex.h ../../include/IceUtil/Cond.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Thread.h ../../include/IceUtil/Base64.h ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Outgoing.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../../include/Freeze/Evictor.h ../../include/Freeze/DBException.h ../../include/Freeze/DBF.h ../Freeze/IdentityObjectDict.h ../../include/Freeze/Map.h ../../include/Freeze/DB.h ../../include/Freeze/EvictorF.h +IdentityObjectDict.o: IdentityObjectDict.cpp ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/Buffer.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/IceXML/StreamI.h ../../include/Ice/Stream.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/CommunicatorF.h ../../include/IceUtil/OutputUtil.h ../Freeze/IdentityObjectDict.h ../../include/Freeze/Map.h ../../include/Freeze/DB.h ../../include/Freeze/DBException.h ../../include/Freeze/DBF.h ../../include/Freeze/EvictorF.h ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/PropertiesF.h ../../include/Ice/Properties.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h +Application.o: Application.cpp ../../include/Freeze/Application.h ../../include/Ice/Application.h ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../../include/Freeze/Freeze.h ../../include/Freeze/Initialize.h ../../include/Freeze/DBF.h ../../include/Freeze/DB.h ../../include/Freeze/DBException.h ../../include/Freeze/EvictorF.h ../../include/Freeze/Evictor.h ../../include/Freeze/Map.h diff --git a/cpp/src/Glacier/CertVerifier.cpp b/cpp/src/Glacier/CertVerifier.cpp new file mode 100644 index 00000000000..f99ee3ae277 --- /dev/null +++ b/cpp/src/Glacier/CertVerifier.cpp @@ -0,0 +1,114 @@ +// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <Glacier/CertVerifier.h> +#include <openssl/err.h> +#include <algorithm> +#include <iostream> + +using namespace std; + +CertVerifier::CertVerifier(const ByteSeq& publicKey) : + _publicKey(publicKey) +{ +} + +int +CertVerifier::verify(int preVerifyOkay, X509_STORE_CTX* x509StoreContext, SSL* sslConnection) +{ + // Short circuit - if the peer cert wasn't good enough for OpenSSL, + // it's not good enough for us to bother checking. + if (preVerifyOkay != 1) + { + return preVerifyOkay; + } + + // For getting the CA certificate + X509* trustedCert = 0; + X509_OBJECT trustedObject; + + // Get the peer certificate offered by whoever we're talking to. + X509* peerCertificate = x509StoreContext->cert; + + // We only bother to do the rest of this if we have something to verify. + if (peerCertificate) + { + // Get the subject name (Not a memory leak, this is how this is used). + X509_NAME* peerCertName = X509_get_subject_name(peerCertificate); + + // The Trusted Certificate by the same name. + int retCode = X509_STORE_get_by_subject(x509StoreContext, + X509_LU_X509, + peerCertName, + &trustedObject); + + switch (retCode) + { + case X509_LU_X509: + { + trustedCert = trustedObject.data.x509; + break; + } + + case X509_LU_RETRY: + { + // Log the error properly. + X509err(X509_F_X509_VERIFY_CERT, X509_R_SHOULD_RETRY); + + // Drop through intended. + } + + default : + { + // Regardless of error, if we can't look up the trusted + // certificate, then we fail out. + + preVerifyOkay = 0; + break; + } + } + } + + // Compare, only if we have both. + if (trustedCert) + { + ByteSeq peerByteSeq = toByteSeq(peerCertificate); + ByteSeq trustedByteSeq = toByteSeq(trustedCert); + + // The presented certificate must exactly match one that is in + // the certificate store, and that must be the expected certificate. + + preVerifyOkay = (peerByteSeq == trustedByteSeq) && + (_publicKey == peerByteSeq); + + X509_OBJECT_free_contents(&trustedObject); + } + + return preVerifyOkay; +} + +ByteSeq +CertVerifier::toByteSeq(X509* certificate) +{ + ByteSeq certByteSeq; + + // Convert the X509 to a unsigned char buffer. + unsigned int certSize = i2d_X509(certificate, 0); + unsigned char* certBuffer = new unsigned char[certSize]; + unsigned char* certPtr = certBuffer; + i2d_X509(certificate, &certPtr); + + // Yet another conversion to a ByteSeq (easy comparison this way). + copy(certBuffer, (certBuffer + certSize), back_inserter(certByteSeq)); + delete []certBuffer; + + return certByteSeq; +} + diff --git a/cpp/src/Glacier/CertVerifier.h b/cpp/src/Glacier/CertVerifier.h new file mode 100644 index 00000000000..d0b8490a614 --- /dev/null +++ b/cpp/src/Glacier/CertVerifier.h @@ -0,0 +1,33 @@ +// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef GLACIER_CERT_VERIFIER_H +#define GLACIER_CERT_VERIFIER_H + +#include <Ice/BuiltinSequences.h> +#include <Ice/SslCertificateVerifierOpenSSL.h> + +using Ice::ByteSeq; + +class CertVerifier : public IceSecurity::Ssl::OpenSSL::CertificateVerifier +{ +public: + CertVerifier(const ByteSeq&); + + virtual int verify(int, X509_STORE_CTX*, SSL*); + + ByteSeq toByteSeq(X509* certificate); + +protected: + ByteSeq _publicKey; +}; + +#endif + diff --git a/cpp/src/Glacier/GlacierI.cpp b/cpp/src/Glacier/GlacierI.cpp index ac63f0eefd6..d70be2d3dd6 100644 --- a/cpp/src/Glacier/GlacierI.cpp +++ b/cpp/src/Glacier/GlacierI.cpp @@ -56,7 +56,7 @@ Glacier::StarterI::destroy() } RouterPrx -Glacier::StarterI::startRouter(const string& userId, const string& password, ByteSeq& privateKey, ByteSeq& publicKey, const Current&) +Glacier::StarterI::startRouter(const string& userId, const string& password, ByteSeq& privateKey, ByteSeq& publicKey, ByteSeq& routerCert, const Current&) { assert(_communicator); // Destroyed? @@ -70,14 +70,9 @@ Glacier::StarterI::startRouter(const string& userId, const string& password, Byt RSAKeyPairPtr clientKeyPair = _certificateGenerator.generate(_certContext); RSAKeyPairPtr routerKeyPair = _certificateGenerator.generate(_certContext); - // NOTE: These will probably be returned from this method, I would assume. - ByteSeq clientPrivateKey; - ByteSeq clientCertificate; - ByteSeq routerCertificate; - clientKeyPair->keyToByteSeq(privateKey); clientKeyPair->certToByteSeq(publicKey); - routerKeyPair->certToByteSeq(routerCertificate); + routerKeyPair->certToByteSeq(routerCert); // routerPrivateKeyBase64 and routerCertificateBase64 are passed to the // router as the values for the properties @@ -154,6 +149,11 @@ Glacier::StarterI::startRouter(const string& userId, const string& password, Byt // StringSeq args = _properties->getCommandLineOptions(); args.push_back("--Glacier.Router.Identity=" + uuid); + args.push_back("--Ice.Security.Ssl.Overrides.Server.RSA.PrivateKey=" + routerPrivateKeyBase64); + args.push_back("--Ice.Security.Ssl.Overrides.Server.RSA.Certificate=" + routerCertificateBase64); + args.push_back("--Ice.Security.Ssl.Overrides.Client.RSA.PrivateKey=" + routerPrivateKeyBase64); + args.push_back("--Ice.Security.Ssl.Overrides.Client.RSA.Certificate=" + routerCertificateBase64); + args.push_back("--Glacier.Router.AcceptCert=" + clientCertificateBase64); ostringstream s; s << "--Glacier.Router.PrintProxyOnFd=" << fds[1]; args.push_back(s.str()); @@ -188,6 +188,15 @@ Glacier::StarterI::startRouter(const string& userId, const string& password, Byt args.push_back(arg); } } + +/* + StringSeq::iterator seqElem = args.begin(); + while (seqElem != args.end()) + { + cout << *seqElem << endl; + seqElem++; + } +*/ // // Convert to standard argc/argv. @@ -204,7 +213,7 @@ Glacier::StarterI::startRouter(const string& userId, const string& password, Byt assert(i == argc); argv[0] = strdup(path.c_str()); argv[argc] = 0; - + // // Try to start the router. // diff --git a/cpp/src/Glacier/GlacierI.h b/cpp/src/Glacier/GlacierI.h index 70bdad973dd..fa535758276 100644 --- a/cpp/src/Glacier/GlacierI.h +++ b/cpp/src/Glacier/GlacierI.h @@ -33,6 +33,7 @@ public: const std::string&, Ice::ByteSeq&, Ice::ByteSeq&, + Ice::ByteSeq&, const Ice::Current&); private: diff --git a/cpp/src/Glacier/GlacierRouter.cpp b/cpp/src/Glacier/GlacierRouter.cpp index 792c13af8aa..f1e720bc54f 100644 --- a/cpp/src/Glacier/GlacierRouter.cpp +++ b/cpp/src/Glacier/GlacierRouter.cpp @@ -13,6 +13,9 @@ #include <Glacier/RouterI.h> #include <Glacier/ClientBlobject.h> #include <Glacier/ServerBlobject.h> +#include <IceUtil/Base64.h> +#include <Ice/Security.h> +#include <Glacier/CertVerifier.h> using namespace std; using namespace Ice; @@ -119,6 +122,19 @@ Glacier::Router::run(int argc, char* argv[]) PropertiesPtr properties = communicator()->getProperties(); // + // Set up our CertificateVerifier + // + string clientCertBase64 = properties->getProperty("Glacier.Router.AcceptCert"); + Ice::ByteSeq clientCert = IceUtil::Base64::decode(clientCertBase64); + string sysIdentifier = properties->getProperty("Ice.Security.Ssl.Config"); + IceSecurity::Ssl::SslContextType contextType = IceSecurity::Ssl::ClientServer; + IceSecurity::Ssl::CertificateVerifierPtr certVerifier = new CertVerifier(clientCert); + IceSecurity::Ssl::setSystemCertificateVerifier(sysIdentifier, contextType, certVerifier); + + properties->setProperty("Ice.Security.Ssl.Overrides.Server.CACertificate", clientCertBase64); +// IceSecurity::Ssl::setSystemCertAuthCertificate(sysIdentifier, contextType, clientCertBase64); + + // // Create routing table // IceInternal::RoutingTablePtr routingTable = new IceInternal::RoutingTable; diff --git a/cpp/src/Glacier/Makefile b/cpp/src/Glacier/Makefile index dc426d8540b..24874c031cd 100644 --- a/cpp/src/Glacier/Makefile +++ b/cpp/src/Glacier/Makefile @@ -26,7 +26,8 @@ OBJS = Glacier.o ROBJS = GlacierRouter.o \ RouterI.o \ ClientBlobject.o \ - ServerBlobject.o + ServerBlobject.o \ + CertVerifier.o SOBJS = GlacierStarter.o \ GlacierI.o diff --git a/cpp/src/Glacier/RouterI.cpp b/cpp/src/Glacier/RouterI.cpp index b2e1ef3b395..1351081d683 100644 --- a/cpp/src/Glacier/RouterI.cpp +++ b/cpp/src/Glacier/RouterI.cpp @@ -10,6 +10,7 @@ #include <Ice/RoutingTable.h> #include <Glacier/RouterI.h> +#include <iostream> using namespace std; using namespace Ice; diff --git a/cpp/src/Ice/.depend b/cpp/src/Ice/.depend index 509f11df34c..536b53d58ce 100644 --- a/cpp/src/Ice/.depend +++ b/cpp/src/Ice/.depend @@ -53,33 +53,36 @@ TcpAcceptor.o: TcpAcceptor.cpp ../Ice/TcpAcceptor.h ../Ice/TransceiverF.h ../../ TcpTransceiver.o: TcpTransceiver.cpp ../Ice/TcpTransceiver.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/Instance.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../Ice/TraceLevels.h ../../include/Ice/LoggerUtil.h ../../include/Ice/Buffer.h ../Ice/Network.h SecurityException.o: SecurityException.cpp ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/SecurityException.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/ObjectFactory.h SecurityException2.o: SecurityException2.cpp ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h -SslConnector.o: SslConnector.cpp ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../Ice/SslCertificateVerifierF.h ../Ice/SslSystem.h ../../include/IceUtil/Shared.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../Ice/TraceLevelsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/LoggerF.h ../Ice/SslConnector.h ../Ice/TransceiverF.h ../../include/Ice/InstanceF.h ../Ice/Connector.h ../Ice/ConnectorF.h ../Ice/SslTransceiver.h ../Ice/Transceiver.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../../include/Ice/Logger.h ../Ice/Network.h ../../include/Ice/SecurityException.h -SslAcceptor.o: SslAcceptor.cpp ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../Ice/SslCertificateVerifierF.h ../Ice/SslSystem.h ../../include/IceUtil/Shared.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../Ice/TraceLevelsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/LoggerF.h ../Ice/SslAcceptor.h ../Ice/TransceiverF.h ../../include/Ice/InstanceF.h ../Ice/Acceptor.h ../Ice/AcceptorF.h ../Ice/SslTransceiver.h ../Ice/Transceiver.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../../include/Ice/Logger.h ../Ice/Network.h ../../include/Ice/SecurityException.h -SslTransceiver.o: SslTransceiver.cpp ../Ice/Security.h ../Ice/SslConnection.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/Buffer.h ../../include/Ice/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../Ice/SslConnectionF.h ../Ice/SslCertificateVerifierF.h ../Ice/SslTransceiver.h ../../include/Ice/InstanceF.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/Instance.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../Ice/TraceLevels.h ../../include/Ice/Logger.h ../Ice/Network.h +SslConnector.o: SslConnector.cpp ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/SslCertificateVerifierF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Security.h ../Ice/SslSystem.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../Ice/TraceLevelsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/LoggerF.h ../Ice/SslConnector.h ../Ice/TransceiverF.h ../../include/Ice/InstanceF.h ../Ice/Connector.h ../Ice/ConnectorF.h ../Ice/SslTransceiver.h ../Ice/Transceiver.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../../include/Ice/Logger.h ../Ice/Network.h ../../include/Ice/SecurityException.h +SslAcceptor.o: SslAcceptor.cpp ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/SslCertificateVerifierF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Security.h ../Ice/SslSystem.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../Ice/TraceLevelsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/LoggerF.h ../Ice/SslAcceptor.h ../Ice/TransceiverF.h ../../include/Ice/InstanceF.h ../Ice/Acceptor.h ../Ice/AcceptorF.h ../Ice/SslTransceiver.h ../Ice/Transceiver.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../../include/Ice/Logger.h ../Ice/Network.h ../../include/Ice/SecurityException.h +SslTransceiver.o: SslTransceiver.cpp ../Ice/OpenSSL.h ../Ice/SslConnection.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/Buffer.h ../../include/Ice/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../Ice/SslConnectionF.h ../../include/Ice/SslCertificateVerifierF.h ../Ice/SslTransceiver.h ../../include/Ice/InstanceF.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/Instance.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../Ice/TraceLevels.h ../../include/Ice/Logger.h ../Ice/Network.h SslBaseCerts.o: SslBaseCerts.cpp ../Ice/SslBaseCerts.h ../Ice/SslCertificateDesc.h SslCertificateAuthority.o: SslCertificateAuthority.cpp ../Ice/SslCertificateAuthority.h SslCertificateDesc.o: SslCertificateDesc.cpp ../Ice/SslCertificateDesc.h -SslConfig.o: SslConfig.cpp ../Ice/Security.h ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslConfigErrorReporter.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslConfig.h ../Ice/SslCertificateDesc.h ../Ice/SslGeneralConfig.h ../Ice/SslSystemOpenSSL.h ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../Ice/SslCertificateVerifierF.h ../Ice/SslSystem.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h -SslConfigErrorReporter.o: SslConfigErrorReporter.cpp ../Ice/SslConfigErrorReporter.h ../Ice/TraceLevelsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../../include/Ice/Logger.h ../Ice/Security.h -SslConnection.o: SslConnection.cpp ../Ice/SslConnection.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/Buffer.h ../../include/Ice/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../Ice/SslConnectionF.h ../Ice/SslCertificateVerifierF.h -SslConnectionOpenSSLClient.o: SslConnectionOpenSSLClient.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/Security.h ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslConnectionOpenSSLClient.h ../Ice/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslConnection.h ../../include/Ice/Buffer.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslConnectionF.h ../Ice/SslCertificateVerifierF.h ../Ice/SslSystemF.h ../Ice/SslConnectionOpenSSLF.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../../include/Ice/Logger.h -SslConnectionOpenSSL.o: SslConnectionOpenSSL.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/Security.h ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../Ice/SslCertificateVerifierF.h ../Ice/SslConnection.h ../../include/Ice/Buffer.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslConnectionF.h ../Ice/SslConnectionOpenSSL.h ../Ice/SslConnectionOpenSSLF.h ../Ice/SslSystemOpenSSL.h ../Ice/SslSystem.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../Ice/SslGeneralConfig.h ../Ice/SslCertificateDesc.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h ../Ice/SslCertificateVerifierOpenSSL.h ../Ice/SslCertificateVerifier.h ../Ice/SslOpenSSLUtils.h ../../include/Ice/Logger.h -SslConnectionOpenSSLServer.o: SslConnectionOpenSSLServer.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/Security.h ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslConnectionOpenSSLServer.h ../Ice/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslConnection.h ../../include/Ice/Buffer.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslConnectionF.h ../Ice/SslCertificateVerifierF.h ../Ice/SslSystemF.h ../Ice/SslConnectionOpenSSLF.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../../include/Ice/Logger.h -SslFactory.o: SslFactory.cpp ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../Ice/SslCertificateVerifierF.h ../Ice/SslSystemOpenSSL.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslSystem.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../Ice/SslGeneralConfig.h ../Ice/SslCertificateDesc.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h ../Ice/Security.h -SslGeneralConfig.o: SslGeneralConfig.cpp ../Ice/SslGeneralConfig.h ../Ice/SslSystemOpenSSL.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../Ice/SslCertificateVerifierF.h ../Ice/SslSystem.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../Ice/SslCertificateDesc.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h -SslSystem.o: SslSystem.cpp ../Ice/SslSystem.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../Ice/SslConnectionF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/Properties.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/SslSystemF.h ../Ice/SslCertificateVerifierF.h ../Ice/TraceLevels.h ../Ice/TraceLevelsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/LoggerF.h +SslConfig.o: SslConfig.cpp ../Ice/OpenSSL.h ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslConfigErrorReporter.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslConfig.h ../Ice/SslCertificateDesc.h ../Ice/SslGeneralConfig.h ../Ice/SslSystemOpenSSL.h ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/SslCertificateVerifierF.h ../../include/Ice/Security.h ../Ice/SslSystem.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h +SslConfigErrorReporter.o: SslConfigErrorReporter.cpp ../Ice/SslConfigErrorReporter.h ../Ice/TraceLevelsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../../include/Ice/Logger.h ../Ice/OpenSSL.h +SslConnection.o: SslConnection.cpp ../Ice/SslConnection.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/Buffer.h ../../include/Ice/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../Ice/SslConnectionF.h ../../include/Ice/SslCertificateVerifierF.h +SslConnectionOpenSSLClient.o: SslConnectionOpenSSLClient.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/OpenSSL.h ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslConnectionOpenSSLClient.h ../Ice/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslConnection.h ../../include/Ice/Buffer.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslConnectionF.h ../../include/Ice/SslCertificateVerifierF.h ../Ice/SslSystemF.h ../Ice/SslConnectionOpenSSLF.h ../../include/Ice/SslCertificateVerifier.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../../include/Ice/Logger.h +SslConnectionOpenSSL.o: SslConnectionOpenSSL.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/OpenSSL.h ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/SslCertificateVerifierF.h ../../include/Ice/Security.h ../Ice/SslConnection.h ../../include/Ice/Buffer.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslConnectionF.h ../Ice/SslConnectionOpenSSL.h ../Ice/SslConnectionOpenSSLF.h ../../include/Ice/SslCertificateVerifier.h ../Ice/SslSystemOpenSSL.h ../Ice/SslSystem.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../Ice/SslGeneralConfig.h ../Ice/SslCertificateDesc.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h ../../include/Ice/SslCertificateVerifierOpenSSL.h ../Ice/SslOpenSSLUtils.h ../../include/Ice/Logger.h +SslConnectionOpenSSLServer.o: SslConnectionOpenSSLServer.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/OpenSSL.h ../../include/Ice/SecurityException.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslConnectionOpenSSLServer.h ../Ice/SslConnectionOpenSSL.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslConnection.h ../../include/Ice/Buffer.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslConnectionF.h ../../include/Ice/SslCertificateVerifierF.h ../Ice/SslSystemF.h ../Ice/SslConnectionOpenSSLF.h ../../include/Ice/SslCertificateVerifier.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../../include/Ice/Logger.h +SslFactory.o: SslFactory.cpp ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/SslCertificateVerifierF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Security.h ../Ice/SslSystemOpenSSL.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../Ice/SslSystem.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../Ice/SslGeneralConfig.h ../Ice/SslCertificateDesc.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h ../Ice/OpenSSL.h +SslGeneralConfig.o: SslGeneralConfig.cpp ../Ice/SslGeneralConfig.h ../Ice/SslSystemOpenSSL.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SslFactory.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../Ice/SslSystemF.h ../../include/Ice/SslCertificateVerifierF.h ../../include/Ice/Security.h ../Ice/SslSystem.h ../Ice/SslConnectionF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../Ice/TraceLevels.h ../../include/Ice/PropertiesF.h ../Ice/SslCertificateDesc.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h +SslSystem.o: SslSystem.cpp ../Ice/SslSystem.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../Ice/SslConnectionF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/Properties.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/SslSystemF.h ../../include/Ice/SslCertificateVerifierF.h ../Ice/TraceLevels.h ../Ice/TraceLevelsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/LoggerF.h +SslSystemOpenSSL.o: SslSystemOpenSSL.cpp ../../include/IceUtil/Config.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Lock.h ../Ice/OpenSSL.h ../Ice/SslSystem.h ../../include/IceUtil/Shared.h ../Ice/SslConnectionF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/Properties.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/SslSystemF.h ../../include/Ice/SslCertificateVerifierF.h ../Ice/TraceLevels.h ../Ice/TraceLevelsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/LoggerF.h ../../include/Ice/SecurityException.h ../Ice/SslConnectionOpenSSLClient.h ../Ice/SslConnectionOpenSSL.h ../Ice/SslConnection.h ../../include/Ice/Buffer.h ../Ice/SslConnectionOpenSSLF.h ../../include/Ice/SslCertificateVerifier.h ../Ice/SslConnectionOpenSSLServer.h ../Ice/SslConfig.h ../Ice/SslCertificateDesc.h ../Ice/SslGeneralConfig.h ../Ice/SslSystemOpenSSL.h ../Ice/SslFactory.h ../../include/Ice/Security.h ../Ice/SslCertificateAuthority.h ../Ice/SslBaseCerts.h ../Ice/SslTempCerts.h ../../include/Ice/SslRSAKeyPair.h ../../include/Ice/SslRSAKeyPairF.h ../../include/Ice/SslRSACertificateGenF.h ../Ice/SslJanitors.h ../../include/Ice/SslCertificateVerifierOpenSSL.h ../../include/Ice/Logger.h SslTempCerts.o: SslTempCerts.cpp ../Ice/SslTempCerts.h ../Ice/SslCertificateDesc.h -SslCertificateVerifier.o: SslCertificateVerifier.cpp ../Ice/SslCertificateVerifier.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../Ice/SslCertificateVerifierF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h -SslCertificateVerifierOpenSSL.o: SslCertificateVerifierOpenSSL.cpp ../Ice/SslCertificateVerifierOpenSSL.h ../Ice/SslCertificateVerifier.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../Ice/SslCertificateVerifierF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h +SslCertificateVerifier.o: SslCertificateVerifier.cpp ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/SslCertificateVerifier.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/ObjectFactory.h +SslCertificateVerifierOpenSSL.o: SslCertificateVerifierOpenSSL.cpp ../../include/Ice/SslCertificateVerifierOpenSSL.h ../../include/Ice/SslCertificateVerifier.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h SslJanitors.o: SslJanitors.cpp ../Ice/SslJanitors.h ../../include/IceUtil/Config.h +SslRSACertificateGen.o: SslRSACertificateGen.cpp ../../include/IceUtil/Config.h ../../include/Ice/SslRSACertificateGen.h ../../include/Ice/SslRSAKeyPairF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../Ice/SslJanitors.h ../../include/Ice/SslRSAKeyPair.h ../../include/IceUtil/Shared.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/SslRSACertificateGenF.h +SslRSAKeyPair.o: SslRSAKeyPair.cpp ../../include/IceUtil/Config.h ../../include/IceUtil/Base64.h ../../include/Ice/SslRSAKeyPair.h ../../include/IceUtil/Shared.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/SslRSAKeyPairF.h ../../include/Ice/SslRSACertificateGenF.h SslOpenSSLUtils.o: SslOpenSSLUtils.cpp ../Ice/SslOpenSSLUtils.h UdpTransceiver.o: UdpTransceiver.cpp ../Ice/UdpTransceiver.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/Instance.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../Ice/TraceLevels.h ../../include/Ice/LoggerUtil.h ../../include/Ice/Buffer.h ../Ice/Network.h Cryptor.o: Cryptor.cpp ../Ice/Cryptor.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/CryptKeyF.h ../Ice/CryptorF.h ../Ice/CryptKey.h CryptKey.o: CryptKey.cpp ../Ice/CryptKey.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/CryptKeyF.h MessageAuthenticator.o: MessageAuthenticator.cpp ../Ice/MessageAuthenticator.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/MessageAuthenticatorF.h SUdpClient.o: SUdpClient.cpp ../Ice/SUdpClient.h ../../include/Ice/SecureUdpF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/Stream.h ../../include/Ice/BuiltinSequences.h ../Ice/SUdpClientF.h ../Ice/MessageAuthenticatorF.h ../Ice/CryptKeyF.h ../Ice/CryptKey.h ../Ice/MessageAuthenticator.h ../../include/Ice/SecureUdp.h -SUdpTransceiver.o: SUdpTransceiver.cpp ../Ice/Security.h ../Ice/SUdpTransceiver.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SUdpControlChannelF.h ../../include/Ice/SecureUdpF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/Stream.h ../../include/Ice/BuiltinSequences.h ../Ice/UdpTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/SUdpTransceiverF.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../Ice/TraceLevels.h ../../include/Ice/Logger.h ../Ice/Network.h ../Ice/SUdpClientControlChannel.h ../Ice/SUdpControlChannel.h ../Ice/CryptorF.h ../../include/Ice/SecureUdp.h ../Ice/CryptKeyF.h ../Ice/MessageAuthenticatorF.h ../Ice/SUdpServerControlChannel.h ../Ice/SUdpClientF.h +SUdpTransceiver.o: SUdpTransceiver.cpp ../Ice/OpenSSL.h ../Ice/SUdpTransceiver.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../Ice/TraceLevelsF.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/SUdpControlChannelF.h ../../include/Ice/SecureUdpF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/Stream.h ../../include/Ice/BuiltinSequences.h ../Ice/UdpTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/SUdpTransceiverF.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../Ice/TraceLevels.h ../../include/Ice/Logger.h ../Ice/Network.h ../Ice/SUdpClientControlChannel.h ../Ice/SUdpControlChannel.h ../Ice/CryptorF.h ../../include/Ice/SecureUdp.h ../Ice/CryptKeyF.h ../Ice/MessageAuthenticatorF.h ../Ice/SUdpServerControlChannel.h ../Ice/SUdpClientF.h SUdpControlChannel.o: SUdpControlChannel.cpp ../../include/Ice/Logger.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../Ice/TraceLevels.h ../Ice/TraceLevelsF.h ../../include/Ice/PropertiesF.h ../Ice/SUdpControlChannel.h ../../include/Ice/InstanceF.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/LoggerF.h ../Ice/SUdpControlChannelF.h ../Ice/SUdpTransceiverF.h ../Ice/CryptorF.h ../Ice/Cryptor.h ../../include/Ice/Stream.h ../../include/Ice/BuiltinSequences.h ../Ice/CryptKeyF.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../../include/Ice/ProxyFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h -SUdpServerControlChannel.o: SUdpServerControlChannel.cpp ../Ice/Security.h ../../include/Ice/Buffer.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/SUdpServerControlChannel.h ../Ice/SUdpControlChannel.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../Ice/TraceLevelsF.h ../Ice/SUdpControlChannelF.h ../Ice/SUdpTransceiverF.h ../Ice/CryptorF.h ../../include/Ice/SecureUdp.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/Stream.h ../../include/Ice/BuiltinSequences.h ../Ice/SUdpClientF.h ../Ice/SUdpClient.h ../../include/Ice/SecureUdpF.h ../Ice/MessageAuthenticatorF.h ../Ice/CryptKeyF.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../../include/Ice/Communicator.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/IdentityUtil.h ../Ice/SUdpTransceiver.h ../Ice/UdpTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/MessageAuthenticator.h ../Ice/Cryptor.h ../Ice/TraceLevels.h ../../include/Ice/Logger.h -SUdpClientControlChannel.o: SUdpClientControlChannel.cpp ../Ice/Security.h ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/SUdpClientControlChannel.h ../Ice/SUdpControlChannel.h ../../include/Ice/InstanceF.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/LoggerF.h ../Ice/TraceLevelsF.h ../Ice/SUdpControlChannelF.h ../Ice/SUdpTransceiverF.h ../Ice/CryptorF.h ../../include/Ice/SecureUdp.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../Ice/CryptKeyF.h ../Ice/MessageAuthenticatorF.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../../include/Ice/Communicator.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/IdentityUtil.h ../Ice/SUdpTransceiver.h ../../include/Ice/SecureUdpF.h ../Ice/UdpTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/MessageAuthenticator.h ../Ice/Cryptor.h ../Ice/CryptKey.h ../Ice/TraceLevels.h ../../include/Ice/Logger.h +SUdpServerControlChannel.o: SUdpServerControlChannel.cpp ../Ice/OpenSSL.h ../../include/Ice/Buffer.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../Ice/SUdpServerControlChannel.h ../Ice/SUdpControlChannel.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/LoggerF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/Ice/StreamF.h ../Ice/TraceLevelsF.h ../Ice/SUdpControlChannelF.h ../Ice/SUdpTransceiverF.h ../Ice/CryptorF.h ../../include/Ice/SecureUdp.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/Stream.h ../../include/Ice/BuiltinSequences.h ../Ice/SUdpClientF.h ../Ice/SUdpClient.h ../../include/Ice/SecureUdpF.h ../Ice/MessageAuthenticatorF.h ../Ice/CryptKeyF.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../../include/Ice/Communicator.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/IdentityUtil.h ../Ice/SUdpTransceiver.h ../Ice/UdpTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/MessageAuthenticator.h ../Ice/Cryptor.h ../Ice/TraceLevels.h ../../include/Ice/Logger.h +SUdpClientControlChannel.o: SUdpClientControlChannel.cpp ../Ice/OpenSSL.h ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/SUdpClientControlChannel.h ../Ice/SUdpControlChannel.h ../../include/Ice/InstanceF.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/LoggerF.h ../Ice/TraceLevelsF.h ../Ice/SUdpControlChannelF.h ../Ice/SUdpTransceiverF.h ../Ice/CryptorF.h ../../include/Ice/SecureUdp.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../Ice/CryptKeyF.h ../Ice/MessageAuthenticatorF.h ../Ice/Instance.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../Ice/RouterInfoF.h ../Ice/ReferenceFactoryF.h ../Ice/ThreadPoolF.h ../../include/Ice/ConnectionFactoryF.h ../Ice/ObjectFactoryManagerF.h ../Ice/UserExceptionFactoryManagerF.h ../../include/Ice/ObjectAdapterFactoryF.h ../../include/Ice/Communicator.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/IdentityUtil.h ../Ice/SUdpTransceiver.h ../../include/Ice/SecureUdpF.h ../Ice/UdpTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../Ice/MessageAuthenticator.h ../Ice/Cryptor.h ../Ice/CryptKey.h ../Ice/TraceLevels.h ../../include/Ice/Logger.h SecureUdp.o: SecureUdp.cpp ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/SecureUdp.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/ObjectFactory.h diff --git a/cpp/src/Ice/CryptKey.h b/cpp/src/Ice/CryptKey.h index d31e42c1519..a673d02d3f9 100644 --- a/cpp/src/Ice/CryptKey.h +++ b/cpp/src/Ice/CryptKey.h @@ -21,17 +21,14 @@ namespace IceSecurity namespace SecureUdp { -using IceUtil::Shared; -using Ice::ByteSeq; - -class CryptKey : public Shared +class CryptKey : public IceUtil::Shared { public: - CryptKey(const ByteSeq&); + CryptKey(const Ice::ByteSeq&); virtual ~CryptKey(); - virtual const ByteSeq& toByteSeq() const; + virtual const Ice::ByteSeq& toByteSeq() const; // // Compare CryptKeys for sorting purposes @@ -41,7 +38,7 @@ public: virtual bool operator<(const CryptKey&) const; protected: - ByteSeq _keyBytes; + Ice::ByteSeq _keyBytes; }; diff --git a/cpp/src/Ice/Cryptor.h b/cpp/src/Ice/Cryptor.h index 105de9d3212..35554c96a35 100644 --- a/cpp/src/Ice/Cryptor.h +++ b/cpp/src/Ice/Cryptor.h @@ -23,12 +23,9 @@ namespace IceSecurity namespace SecureUdp { -using IceUtil::Shared; -using Ice::ByteSeq; - typedef std::vector<CryptKeyPtr> CryptKeys; -class Cryptor : public Shared +class Cryptor : public IceUtil::Shared { public: @@ -37,13 +34,13 @@ public: virtual const CryptKeyPtr getNewKey(); - virtual const CryptKeyPtr getKey(const ByteSeq&); + virtual const CryptKeyPtr getKey(const Ice::ByteSeq&); - virtual const CryptKeyPtr getOrCreateKey(const ByteSeq&); + virtual const CryptKeyPtr getOrCreateKey(const Ice::ByteSeq&); - virtual void encrypt(const CryptKeyPtr&, const ByteSeq&, ByteSeq&); + virtual void encrypt(const CryptKeyPtr&, const Ice::ByteSeq&, Ice::ByteSeq&); - virtual void decrypt(const CryptKeyPtr&, const ByteSeq&, ByteSeq&); + virtual void decrypt(const CryptKeyPtr&, const Ice::ByteSeq&, Ice::ByteSeq&); protected: CryptKeys _cryptKeys; diff --git a/cpp/src/Ice/LoggerI.cpp b/cpp/src/Ice/LoggerI.cpp index 9bde275fded..e320af6b06c 100644 --- a/cpp/src/Ice/LoggerI.cpp +++ b/cpp/src/Ice/LoggerI.cpp @@ -18,7 +18,9 @@ void Ice::LoggerI::trace(const string& category, const string& message) { IceUtil::Mutex::Lock sync(*this); - string s = "[ " + category + ": " + message + " ]"; + ostringstream thread; + thread << dec << getpid(); + string s = "[ " + category + ": Thread(" + thread.str() + ") "+ message + " ]"; string::size_type idx = 0; while ((idx = s.find("\n", idx)) != string::npos) { diff --git a/cpp/src/Ice/Makefile b/cpp/src/Ice/Makefile index ad4b54c56ed..cac3f77defd 100644 --- a/cpp/src/Ice/Makefile +++ b/cpp/src/Ice/Makefile @@ -94,6 +94,9 @@ OBJS = Initialize.o \ SslCertificateVerifierOpenSSL.o \ SslJanitors.o \ SslRSACertificateGen.o \ + SslIceUtils.o \ + SslRSAPrivateKey.o \ + SslRSAPublicKey.o \ SslRSAKeyPair.o \ SslOpenSSLUtils.o \ UdpTransceiver.o \ @@ -234,6 +237,23 @@ $(HDIR)/SecureUdpF.h: $(SDIR)/SecureUdpF.ice $(SLICE2CPP) clean:: rm -f $(HDIR)/SecureUdpF.h +$(HDIR)/SslCertificateVerifier.h SslCertificateVerifier.cpp: $(SDIR)/SslCertificateVerifier.ice $(SLICE2CPP) + rm -f $(HDIR)/SslCertificateVerifier.h SslCertificateVerifier.cpp + $(SLICECMD) $(SDIR)/SslCertificateVerifier.ice + mv SslCertificateVerifier.h $(HDIR) + +clean:: + rm -f $(HDIR)/SslCertificateVerifier.h SslCertificateVerifier.cpp + +$(HDIR)/SslCertificateVerifierF.h: $(SDIR)/SslCertificateVerifierF.ice $(SLICE2CPP) + rm -f $(HDIR)/SslCertificateVerifierF.h SslCertificateVerifierF.cpp + $(SLICECMD) $(SDIR)/SslCertificateVerifierF.ice + mv SslCertificateVerifierF.h $(HDIR) + rm -f SslCertificateVerifierF.cpp + +clean:: + rm -f $(HDIR)/SslCertificateVerifierF.h + $(HDIR)/ServantLocator.h ServantLocator.cpp: $(SDIR)/ServantLocator.ice $(SLICE2CPP) rm -f $(HDIR)/ServantLocator.h ServantLocator.cpp $(SLICECMD) $(SDIR)/ServantLocator.ice diff --git a/cpp/src/Ice/MessageAuthenticator.h b/cpp/src/Ice/MessageAuthenticator.h index 246961426e0..b20f4bbaa67 100644 --- a/cpp/src/Ice/MessageAuthenticator.h +++ b/cpp/src/Ice/MessageAuthenticator.h @@ -21,25 +21,22 @@ namespace IceSecurity namespace SecureUdp { -using IceUtil::Shared; -using Ice::ByteSeq; - -class MessageAuthenticator : public Shared +class MessageAuthenticator : public IceUtil::Shared { public: MessageAuthenticator(); - MessageAuthenticator(const ByteSeq&); + MessageAuthenticator(const Ice::ByteSeq&); virtual ~MessageAuthenticator(); - virtual ByteSeq computeMAC(const ByteSeq&) const; + virtual Ice::ByteSeq computeMAC(const Ice::ByteSeq&) const; - virtual bool authenticate(const ByteSeq&, const ByteSeq&); + virtual bool authenticate(const Ice::ByteSeq&, const Ice::ByteSeq&); - virtual const ByteSeq& getMACKey() const; + virtual const Ice::ByteSeq& getMACKey() const; protected: - ByteSeq _macKeyBytes; + Ice::ByteSeq _macKeyBytes; }; diff --git a/cpp/src/Ice/SUdpClient.h b/cpp/src/Ice/SUdpClient.h index 5b8e5b39bac..b78ff63da07 100644 --- a/cpp/src/Ice/SUdpClient.h +++ b/cpp/src/Ice/SUdpClient.h @@ -24,15 +24,11 @@ namespace IceSecurity namespace SecureUdp { -using Ice::Long; -using Ice::ByteSeq; -using IceUtil::Shared; - -class SUdpClient : public Shared +class SUdpClient : public IceUtil::Shared { public: - SUdpClient(Long, const ClientChannelPrx&, const MessageAuthenticatorPtr&); + SUdpClient(Ice::Long, const ClientChannelPrx&, const MessageAuthenticatorPtr&); virtual ~SUdpClient(); void serverHello(const CryptKeyPtr&); @@ -41,17 +37,17 @@ public: void serverGoodbye(); - void setNewCryptKey(Long, const CryptKeyPtr&); + void setNewCryptKey(Ice::Long, const CryptKeyPtr&); - Long getClientID() const; + Ice::Long getClientID() const; const CryptKeyPtr& getCryptKey() const; - const CryptKeyPtr& getCryptKey(Long) const; + const CryptKeyPtr& getCryptKey(Ice::Long) const; const MessageAuthenticatorPtr& getMessageAuthenticator() const; protected: - Long _clientID; + Ice::Long _clientID; ClientChannelPrx _clientChannel; MessageAuthenticatorPtr _messageAuthenticator; CryptKeyPtr _cryptKey; diff --git a/cpp/src/Ice/SUdpClientControlChannel.cpp b/cpp/src/Ice/SUdpClientControlChannel.cpp index 58acd881baf..fd393dcc73c 100644 --- a/cpp/src/Ice/SUdpClientControlChannel.cpp +++ b/cpp/src/Ice/SUdpClientControlChannel.cpp @@ -27,6 +27,9 @@ using namespace std; using namespace Ice; using namespace IceSecurity::SecureUdp; using IceInternal::BasicStream; +using IceInternal::InstancePtr; +using IceInternal::SUdpTransceiver; +using IceInternal::Buffer; //////////////////////////////////////////////////////////////////////////////// // Public Incoming Methods (from Ice Client Control Channel) @@ -41,7 +44,6 @@ IceSecurity::SecureUdp::ClientControlChannel::serverHello(Long clientID, const B // TODO: There is a wierd segmentation fault happening here if I uncomment // the call to serverKeyChangeMessage(). Dunno why. - // ICE_DEV_DEBUG("About to call serverKeyChangeMessage()"); // serverKeyChangeMessage(key); } @@ -65,7 +67,6 @@ IceSecurity::SecureUdp::ClientControlChannel::serverGoodbye(const Current&) // Protected Methods //////////////////////////////////////////////////////////////////////////////// -// IceSecurity::SecureUdp::ClientControlChannel::ClientControlChannel(const SUdpTransceiverPtr& transceiver, IceSecurity::SecureUdp::ClientControlChannel::ClientControlChannel(SUdpTransceiver* transceiver, const InstancePtr& instance, const std::string& host, diff --git a/cpp/src/Ice/SUdpClientControlChannel.h b/cpp/src/Ice/SUdpClientControlChannel.h index f507de86d63..69528333017 100644 --- a/cpp/src/Ice/SUdpClientControlChannel.h +++ b/cpp/src/Ice/SUdpClientControlChannel.h @@ -23,48 +23,40 @@ namespace IceSecurity namespace SecureUdp { -using IceInternal::SUdpTransceiver; -using IceInternal::Buffer; -using Ice::Long; -using Ice::ByteSeq; -using Ice::Current; - - class ClientControlChannel : public ControlChannel, public ClientChannel { public: // Messages received from the Server - virtual void serverHello(Long, const ByteSeq&, const Current&); - virtual void serverKeyChange(const ByteSeq&, const Current&); - virtual void serverGoodbye(const Current&); + virtual void serverHello(Ice::Long, const Ice::ByteSeq&, const Ice::Current&); + virtual void serverKeyChange(const Ice::ByteSeq&, const Ice::Current&); + virtual void serverGoodbye(const Ice::Current&); protected: - // ClientControlChannel(const SUdpTransceiverPtr&, const InstancePtr&, const std::string&, int); - ClientControlChannel(SUdpTransceiver*, const InstancePtr&, const std::string&, int); + // ClientControlChannel(const IceInternal::SUdpTransceiverPtr&, const Ice::InstancePtr&, const std::string&, int); + ClientControlChannel(IceInternal::SUdpTransceiver*, const IceInternal::InstancePtr&, const std::string&, int); virtual ~ClientControlChannel(); - void serverKeyChangeMessage(const ByteSeq&); + void serverKeyChangeMessage(const Ice::ByteSeq&); void clientHello(); friend IceInternal::SUdpTransceiver; - // Called from the SUdpTransceiver - void encryptPacket(Buffer&, Buffer&); + // Called from the IceInternal::SUdpTransceiver + void encryptPacket(IceInternal::Buffer&, IceInternal::Buffer&); void clientKeyRequest(); - Ice::ObjectAdapterPtr _adapter; ClientChannelPrx _clientProxy; ServerChannelPrx _serverChannel; - Long _msgID; - Long _clientID; + Ice::Long _msgID; + Ice::Long _clientID; CryptKeyPtr _encryptionKey; MessageAuthenticatorPtr _messageAuthenticator; diff --git a/cpp/src/Ice/SUdpControlChannel.cpp b/cpp/src/Ice/SUdpControlChannel.cpp index 6d78b435404..a82a08017fa 100644 --- a/cpp/src/Ice/SUdpControlChannel.cpp +++ b/cpp/src/Ice/SUdpControlChannel.cpp @@ -20,9 +20,8 @@ using namespace Ice; void ::IceInternal::incRef(::IceSecurity::SecureUdp::ControlChannel* p) { p->__incRef(); } void ::IceInternal::decRef(::IceSecurity::SecureUdp::ControlChannel* p) { p->__decRef(); } -// IceSecurity::SecureUdp::ControlChannel::ControlChannel(const SUdpTransceiverPtr& transceiver, -IceSecurity::SecureUdp::ControlChannel::ControlChannel(SUdpTransceiver* transceiver, - const InstancePtr& instance) : +IceSecurity::SecureUdp::ControlChannel::ControlChannel(IceInternal::SUdpTransceiver* transceiver, + const IceInternal::InstancePtr& instance) : _transceiver(transceiver), _instance(instance), _traceLevels(instance->traceLevels()), diff --git a/cpp/src/Ice/SUdpControlChannel.h b/cpp/src/Ice/SUdpControlChannel.h index b83d57cce51..b6c7dc8e6f3 100644 --- a/cpp/src/Ice/SUdpControlChannel.h +++ b/cpp/src/Ice/SUdpControlChannel.h @@ -26,32 +26,24 @@ namespace IceSecurity namespace SecureUdp { -// using IceInternal::SUdpTransceiverPtr; -using IceInternal::SUdpTransceiver; -using IceInternal::InstancePtr; -using IceUtil::Shared; -using IceUtil::Mutex; -using IceInternal::TraceLevelsPtr; -using Ice::LoggerPtr; - -class ControlChannel : public virtual Shared +class ControlChannel : public virtual IceUtil::Shared { protected: - // ControlChannel(const SUdpTransceiverPtr&, const InstancePtr&); - ControlChannel(SUdpTransceiver*, const InstancePtr&); + // ControlChannel(const IceInternal::SUdpTransceiverPtr&, const IceInternal::InstancePtr&); + ControlChannel(IceInternal::SUdpTransceiver*, const IceInternal::InstancePtr&); virtual ~ControlChannel(); virtual void unsetTransceiver(); friend IceInternal::SUdpTransceiver; - // SUdpTransceiverPtr _transceiver; - SUdpTransceiver* _transceiver; - InstancePtr _instance; - TraceLevelsPtr _traceLevels; - LoggerPtr _logger; - Mutex _mutex; + // IceInternal::SUdpTransceiverPtr _transceiver; + IceInternal::SUdpTransceiver* _transceiver; + IceInternal::InstancePtr _instance; + IceInternal::TraceLevelsPtr _traceLevels; + Ice::LoggerPtr _logger; + IceUtil::Mutex _mutex; CryptorPtr _cryptor; }; diff --git a/cpp/src/Ice/SUdpServerControlChannel.cpp b/cpp/src/Ice/SUdpServerControlChannel.cpp index 338ea9bc435..e43f62b378f 100644 --- a/cpp/src/Ice/SUdpServerControlChannel.cpp +++ b/cpp/src/Ice/SUdpServerControlChannel.cpp @@ -8,7 +8,7 @@ // // ********************************************************************** -#include <Ice/OpenSSL.h>
+#include <Ice/OpenSSL.h> #include <Ice/Buffer.h> #include <Ice/SUdpServerControlChannel.h> #include <Ice/SUdpClient.h> @@ -29,6 +29,8 @@ using namespace Ice; using namespace IceSecurity::SecureUdp; using IceInternal::Buffer; using IceInternal::BasicStream; +using IceInternal::InstancePtr; +using IceInternal::SUdpTransceiver; void IceSecurity::SecureUdp::ServerControlChannel::clientHello(const ClientChannelPrx& client, diff --git a/cpp/src/Ice/SUdpServerControlChannel.h b/cpp/src/Ice/SUdpServerControlChannel.h index 19843e9d8e5..873bbbe829e 100644 --- a/cpp/src/Ice/SUdpServerControlChannel.h +++ b/cpp/src/Ice/SUdpServerControlChannel.h @@ -24,21 +24,14 @@ namespace IceSecurity namespace SecureUdp { -// typedef pair<Long, CryptKeyPtr> MsgKeyPair; +// typedef pair<Ice::Long, CryptKeyPtr> MsgKeyPair; // typedef vector<MsgKeyPair> MsgKeyVector; // Encryption key and historical list // MsgKeyVector _msgEncryptionKeys; // MsgKeyPair _currentEncryptionInfo; -using IceInternal::Buffer; -using IceInternal::SUdpTransceiver; -using Ice::ObjectAdapterPtr; -using Ice::Long; -using Ice::ByteSeq; -using Ice::Current; - -typedef std::map<Long, SUdpClientPtr> SUdpClientMap; +typedef std::map<Ice::Long, SUdpClientPtr> SUdpClientMap; class ServerControlChannel : public ControlChannel, public ServerChannel { @@ -46,36 +39,36 @@ class ServerControlChannel : public ControlChannel, public ServerChannel public: // Messages received from Client - virtual void clientHello(const ClientChannelPrx&, const ByteSeq&, const Current&); - virtual void clientKeyAcknowledge(Long, Long, const ByteSeq&, const Current&); - virtual void clientKeyRequest(Long, const Current&); - virtual void clientGoodbye(Long, const Current&); + virtual void clientHello(const ClientChannelPrx&, const Ice::ByteSeq&, const Ice::Current&); + virtual void clientKeyAcknowledge(Ice::Long, Ice::Long, const Ice::ByteSeq&, const Ice::Current&); + virtual void clientKeyRequest(Ice::Long, const Ice::Current&); + virtual void clientGoodbye(Ice::Long, const Ice::Current&); protected: - // ServerControlChannel(const SUdpTransceiverPtr&, const InstancePtr&, int); - ServerControlChannel(SUdpTransceiver*, const InstancePtr&, int); + // ServerControlChannel(const IceInternal::SUdpTransceiverPtr&, const InstancePtr&, int); + ServerControlChannel(IceInternal::SUdpTransceiver*, const IceInternal::InstancePtr&, int); virtual ~ServerControlChannel(); friend IceInternal::SUdpTransceiver; - void decryptPacket(Buffer&, Buffer&); - Long getNewClientID(); + void decryptPacket(IceInternal::Buffer&, IceInternal::Buffer&); + Ice::Long getNewClientID(); - SUdpClientPtr& getSUdpClient(Long); + SUdpClientPtr& getSUdpClient(Ice::Long); void newSUdpClient(const SUdpClientPtr&); - void deleteSUdpClient(Long); + void deleteSUdpClient(Ice::Long); - ObjectAdapterPtr _adapter; + Ice::ObjectAdapterPtr _adapter; // Keep a listing of all clients connected to us. SUdpClientMap _clientMap; - Mutex _clientMapMutex; + IceUtil::Mutex _clientMapMutex; // Generate unique Client ID numbers - Long _clientIDGenerator; - Mutex _clientIDMutex; + Ice::Long _clientIDGenerator; + IceUtil::Mutex _clientIDMutex; }; } diff --git a/cpp/src/Ice/SUdpTransceiver.h b/cpp/src/Ice/SUdpTransceiver.h index cee138eb0a7..4cc66816bc4 100644 --- a/cpp/src/Ice/SUdpTransceiver.h +++ b/cpp/src/Ice/SUdpTransceiver.h @@ -28,11 +28,6 @@ namespace IceInternal { -using Ice::ByteSeq; -using Ice::Long; -using IceSecurity::SecureUdp::ClientChannelPtr; -using IceSecurity::SecureUdp::ControlChannelPtr; - class SUdpEndpoint; class SUdpTransceiver : public Transceiver @@ -51,14 +46,14 @@ public: int effectivePort(); // Server Channel Implementation methods - void clientHello(const ClientChannelPtr&, const ByteSeq&); - void clientKeyAcknowledge(Long, Long, const ByteSeq&); - void clientKeyRequest(Long); - void clientGoodbye(Long); + void clientHello(const IceSecurity::SecureUdp::ClientChannelPtr&, const Ice::ByteSeq&); + void clientKeyAcknowledge(Ice::Long, Ice::Long, const Ice::ByteSeq&); + void clientKeyRequest(Ice::Long); + void clientGoodbye(Ice::Long); // Client Channel Implementation methods - void serverHello(Long, const ByteSeq&); - void serverKeyChange(const ByteSeq&); + void serverHello(Ice::Long, const Ice::ByteSeq&); + void serverKeyChange(const Ice::ByteSeq&); void serverGoodbye(); private: @@ -73,7 +68,7 @@ private: void createControlChannel(int); UdpTransceiver _udpTransceiver; - ControlChannelPtr _controlChannel; + IceSecurity::SecureUdp::ControlChannelPtr _controlChannel; InstancePtr _instance; TraceLevelsPtr _traceLevels; diff --git a/cpp/src/Ice/SecurityException2.cpp b/cpp/src/Ice/SecurityException2.cpp index 3d2fd179411..b51f79ec6e3 100644 --- a/cpp/src/Ice/SecurityException2.cpp +++ b/cpp/src/Ice/SecurityException2.cpp @@ -59,6 +59,12 @@ IceSecurity::Ssl::CertificateException::ice_print(ostream& out) const } void +IceSecurity::Ssl::CertificateVerifierTypeException::ice_print(ostream& out) const +{ + SecurityException::ice_print(out); +} + +void IceSecurity::Ssl::OpenSSL::ContextException::ice_print(ostream& out) const { SecurityException::ice_print(out); diff --git a/cpp/src/Ice/SslAcceptor.cpp b/cpp/src/Ice/SslAcceptor.cpp index 556f192d1ea..39a2e4c3b40 100644 --- a/cpp/src/Ice/SslAcceptor.cpp +++ b/cpp/src/Ice/SslAcceptor.cpp @@ -112,7 +112,7 @@ IceInternal::SslAcceptor::accept(int timeout) // This is the Ice SSL Configuration File on which we will base // all connections in this communicator. - string configFile = properties->getProperty("Ice.Ssl.Config"); + string configFile = properties->getProperty("Ice.Security.Ssl.Config"); // Get an instance of the SslSystem singleton. SystemPtr sslSystem = Factory::getSystem(configFile); diff --git a/cpp/src/Ice/SslBaseCerts.h b/cpp/src/Ice/SslBaseCerts.h index b423813441e..d22102e51fa 100644 --- a/cpp/src/Ice/SslBaseCerts.h +++ b/cpp/src/Ice/SslBaseCerts.h @@ -39,30 +39,28 @@ protected: DiffieHellmanParamsFile _dhParams; }; -using std::endl; - template<class Stream> inline Stream& operator << (Stream& target, const BaseCertificates& baseCerts) { if (baseCerts.getRSACert().getKeySize() != 0) { - target << "RSA\n{" << endl; + target << "RSA\n{" << std::endl; target << baseCerts.getRSACert(); - target << "}\n" << endl; + target << "}\n" << std::endl; } if (baseCerts.getDSACert().getKeySize() != 0) { - target << "DSA\n{" << endl; + target << "DSA\n{" << std::endl; target << baseCerts.getDSACert(); - target << "}\n" << endl; + target << "}\n" << std::endl; } if (baseCerts.getDHParams().getKeySize() != 0) { - target << "DH\n{" << endl; + target << "DH\n{" << std::endl; target << baseCerts.getDHParams(); - target << "}\n" << endl; + target << "}\n" << std::endl; } return target; diff --git a/cpp/src/Ice/SslCertificateAuthority.h b/cpp/src/Ice/SslCertificateAuthority.h index 1cd72d3a482..468dbc48fcf 100644 --- a/cpp/src/Ice/SslCertificateAuthority.h +++ b/cpp/src/Ice/SslCertificateAuthority.h @@ -19,25 +19,23 @@ namespace IceSecurity namespace Ssl { -using namespace std; - class CertificateAuthority { public: CertificateAuthority(); - CertificateAuthority(string&, string&); + CertificateAuthority(std::string&, std::string&); CertificateAuthority(CertificateAuthority&); - void setCAFileName(string&); - void setCAPath(string&); + void setCAFileName(std::string&); + void setCAPath(std::string&); - inline const string& getCAFileName() const { return _fileName; }; - inline const string& getCAPath() const { return _path; }; + inline const std::string& getCAFileName() const { return _fileName; }; + inline const std::string& getCAPath() const { return _path; }; private: - string _fileName; - string _path; + std::string _fileName; + std::string _path; }; } diff --git a/cpp/src/Ice/SslCertificateDesc.h b/cpp/src/Ice/SslCertificateDesc.h index 830b3df076f..852c7d121a4 100644 --- a/cpp/src/Ice/SslCertificateDesc.h +++ b/cpp/src/Ice/SslCertificateDesc.h @@ -24,23 +24,19 @@ namespace IceSecurity namespace Ssl { -using std::string; -using std::ostream; -using std::vector; - class CertificateFile { public: CertificateFile(); - CertificateFile(const string&, const int); + CertificateFile(const std::string&, const int); CertificateFile(const CertificateFile&); - inline string getFileName() const { return _fileName; }; + inline std::string getFileName() const { return _fileName; }; inline int getEncoding() const { return _encoding; }; protected: - string _fileName; + std::string _fileName; int _encoding; }; @@ -49,7 +45,7 @@ class DiffieHellmanParamsFile : public CertificateFile public: DiffieHellmanParamsFile(); - DiffieHellmanParamsFile(const int, const string&, const int); + DiffieHellmanParamsFile(const int, const std::string&, const int); DiffieHellmanParamsFile(const DiffieHellmanParamsFile&); inline int getKeySize() const { return _keySize; }; @@ -77,9 +73,9 @@ protected: CertificateFile _private; }; -typedef vector<CertificateDesc> RSAVector; -typedef vector<CertificateDesc> DSAVector; -typedef vector<DiffieHellmanParamsFile> DHVector; +typedef std::vector<CertificateDesc> RSAVector; +typedef std::vector<CertificateDesc> DSAVector; +typedef std::vector<DiffieHellmanParamsFile> DHVector; template<class Stream> inline Stream& operator << (Stream& target, const CertificateFile& certFile) @@ -101,8 +97,8 @@ inline Stream& operator << (Stream& target, const DiffieHellmanParamsFile& dhPar { if (dhParams.getKeySize() != 0) { - target << "Keysize: " << dhParams.getKeySize() << endl; - target << "File: " << ((CertificateFile&)dhParams) << endl; + target << "Keysize: " << dhParams.getKeySize() << std::endl; + target << "File: " << ((CertificateFile&)dhParams) << std::endl; } return target; @@ -113,9 +109,9 @@ inline Stream& operator << (Stream& target, const CertificateDesc& certDesc) { if (certDesc.getKeySize() != 0) { - target << "Keysize: " << certDesc.getKeySize() << endl; - target << "Public: " << certDesc.getPublic() << endl; - target << "Private: " << certDesc.getPrivate() << endl; + target << "Keysize: " << certDesc.getKeySize() << std::endl; + target << "Public: " << certDesc.getPublic() << std::endl; + target << "Private: " << certDesc.getPrivate() << std::endl; } return target; diff --git a/cpp/src/Ice/SslConfig.h b/cpp/src/Ice/SslConfig.h index 954b44e2d5f..acc5371cd3d 100644 --- a/cpp/src/Ice/SslConfig.h +++ b/cpp/src/Ice/SslConfig.h @@ -11,17 +11,15 @@ #ifndef ICE_SSL_CONFIG_H #define ICE_SSL_CONFIG_H -#include <string> - #include <dom/DOM.hpp> #include <Ice/TraceLevelsF.h> #include <Ice/LoggerF.h> - #include <Ice/SslCertificateDesc.h> #include <Ice/SslGeneralConfig.h> #include <Ice/SslCertificateAuthority.h> #include <Ice/SslBaseCerts.h> #include <Ice/SslTempCerts.h> +#include <string> namespace IceSecurity { @@ -29,16 +27,13 @@ namespace IceSecurity namespace Ssl { -using namespace std; -using namespace IceInternal; - class Parser { public: // Constructor, based on the indicated file. - Parser(const string&); - Parser(const string&, const string&); + Parser(const std::string&); + Parser(const std::string&, const std::string&); ~Parser(); // Performs a complete parsing of the file. @@ -48,25 +43,25 @@ public: bool loadClientConfig(GeneralConfig&, CertificateAuthority&, BaseCertificates&); bool loadServerConfig(GeneralConfig&, CertificateAuthority&, BaseCertificates&, TempCertificates&); - inline void setTrace(TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; }; + inline void setTrace(IceInternal::TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; }; inline bool isTraceSet() const { return _traceLevels; }; - inline void setLogger(LoggerPtr traceLevels) { _logger = traceLevels; }; + inline void setLogger(Ice::LoggerPtr traceLevels) { _logger = traceLevels; }; inline bool isLoggerSet() const { return _logger; }; private: DOM_Node _root; - string _configFile; - string _configPath; + std::string _configFile; + std::string _configPath; - TraceLevelsPtr _traceLevels; - LoggerPtr _logger; + IceInternal::TraceLevelsPtr _traceLevels; + Ice::LoggerPtr _logger; // Tree walking utility methods. - void popRoot(string&, string&, string&); - DOM_Node find(string&); - DOM_Node find(DOM_Node, string&); + void popRoot(std::string&, std::string&, std::string&); + DOM_Node find(std::string&); + DOM_Node find(DOM_Node, std::string&); // Loading of the base elements of the file. void getGeneral(DOM_Node, GeneralConfig&); @@ -85,9 +80,9 @@ private: // Populate a certificate file object, basis of all certificates. void loadCertificateFile(DOM_Node, CertificateFile&); - int parseEncoding(string&); + int parseEncoding(std::string&); - string toString(const DOMString&); + std::string toString(const DOMString&); }; } diff --git a/cpp/src/Ice/SslConfigErrorReporter.h b/cpp/src/Ice/SslConfigErrorReporter.h index d77d375ae3d..defd83ed11e 100644 --- a/cpp/src/Ice/SslConfigErrorReporter.h +++ b/cpp/src/Ice/SslConfigErrorReporter.h @@ -24,15 +24,12 @@ namespace IceSecurity namespace Ssl { -using IceInternal::TraceLevelsPtr; -using Ice::LoggerPtr; - class ErrorReporter : public ErrorHandler { public: - ErrorReporter(TraceLevelsPtr traceLevels, LoggerPtr logger) : + ErrorReporter(IceInternal::TraceLevelsPtr traceLevels, Ice::LoggerPtr logger) : _sawErrors(false), _traceLevels(traceLevels), _logger(logger) @@ -54,14 +51,12 @@ private: // It's used by the main code to suppress output if there are errors. bool _sawErrors; - TraceLevelsPtr _traceLevels; - LoggerPtr _logger; + IceInternal::TraceLevelsPtr _traceLevels; + Ice::LoggerPtr _logger; }; -using std::ostream; - -inline ostream& -operator << (ostream& target, const DOMString& s) +inline std::ostream& +operator << (std::ostream& target, const DOMString& s) { char *p = s.transcode(); target << p; diff --git a/cpp/src/Ice/SslConnection.cpp b/cpp/src/Ice/SslConnection.cpp index 1c490682323..6d74e714a0b 100644 --- a/cpp/src/Ice/SslConnection.cpp +++ b/cpp/src/Ice/SslConnection.cpp @@ -12,13 +12,13 @@ void ::IceInternal::incRef(::IceSecurity::Ssl::Connection* p) { p->__incRef(); } void ::IceInternal::decRef(::IceSecurity::Ssl::Connection* p) { p->__decRef(); } -
-IceSecurity::Ssl::Connection::Connection(const CertificateVerifierPtr& certificateVerifier) :
- _certificateVerifier(certificateVerifier)
-{
-}
-
-IceSecurity::Ssl::Connection::~Connection()
-{
-}
-
+ +IceSecurity::Ssl::Connection::Connection(const CertificateVerifierPtr& certificateVerifier) : + _certificateVerifier(certificateVerifier) +{ +} + +IceSecurity::Ssl::Connection::~Connection() +{ +} + diff --git a/cpp/src/Ice/SslConnection.h b/cpp/src/Ice/SslConnection.h index 1a75f11ca95..444acd4213f 100644 --- a/cpp/src/Ice/SslConnection.h +++ b/cpp/src/Ice/SslConnection.h @@ -15,7 +15,7 @@ #include <Ice/Buffer.h> #include <Ice/TraceLevelsF.h> #include <Ice/LoggerF.h> -#include <Ice/SslConnectionF.h>
+#include <Ice/SslConnectionF.h> #include <Ice/SslCertificateVerifierF.h> namespace IceSecurity @@ -24,26 +24,21 @@ namespace IceSecurity namespace Ssl { -using IceUtil::Shared; -using IceInternal::Buffer; -using IceInternal::TraceLevelsPtr; -using Ice::LoggerPtr; - -class Connection : public Shared +class Connection : public IceUtil::Shared { -public:
+public: Connection(const CertificateVerifierPtr&); - virtual ~Connection();
-
+ virtual ~Connection(); + virtual void shutdown() = 0; - virtual int read(Buffer&, int) = 0; - virtual int write(Buffer&, int) = 0; + virtual int read(IceInternal::Buffer&, int) = 0; + virtual int write(IceInternal::Buffer&, int) = 0; + + virtual void setTrace(const IceInternal::TraceLevelsPtr&) = 0; + virtual void setLogger(const Ice::LoggerPtr&) = 0; - virtual void setTrace(const TraceLevelsPtr&) = 0; - virtual void setLogger(const LoggerPtr&) = 0;
-
-protected:
+protected: CertificateVerifierPtr _certificateVerifier; }; diff --git a/cpp/src/Ice/SslConnectionOpenSSL.cpp b/cpp/src/Ice/SslConnectionOpenSSL.cpp index 3b59201ccdd..3f64a2891f3 100644 --- a/cpp/src/Ice/SslConnectionOpenSSL.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSL.cpp @@ -21,13 +21,13 @@ #include <string> #include <sstream> #include <Ice/Network.h> -#include <Ice/OpenSSL.h>
+#include <Ice/OpenSSL.h> #include <Ice/SecurityException.h> #include <Ice/SslFactory.h> #include <Ice/SslConnection.h> #include <Ice/SslConnectionOpenSSL.h> -#include <Ice/SslSystemOpenSSL.h>
-#include <Ice/SslCertificateVerifierOpenSSL.h>
+#include <Ice/SslSystemOpenSSL.h> +#include <Ice/SslCertificateVerifierOpenSSL.h> #include <Ice/SslOpenSSLUtils.h> #include <Ice/TraceLevels.h> @@ -36,129 +36,136 @@ using namespace std; using namespace IceInternal; +using Ice::SocketException; +using Ice::TimeoutException; +using Ice::ConnectionLostException; +using Ice::LoggerPtr; +using Ice::Int; + using std::endl; using IceSecurity::Ssl::Factory; using IceSecurity::Ssl::SystemPtr; -
-////////////////////////////////////////////////
-////////// DefaultCertificateVerifier //////////
-////////////////////////////////////////////////
-
-IceSecurity::Ssl::OpenSSL::DefaultCertificateVerifier::DefaultCertificateVerifier()
-{
-}
-
-void
-IceSecurity::Ssl::OpenSSL::DefaultCertificateVerifier::setTraceLevels(const TraceLevelsPtr& traceLevels)
-{
- _traceLevels = traceLevels;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::DefaultCertificateVerifier::setLogger(const LoggerPtr& logger)
-{
- _logger = logger;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::DefaultCertificateVerifier::verify(int preVerifyOkay,
- X509_STORE_CTX* x509StoreContext,
- SSL* sslConnection)
-{
- //
- // Default verification steps.
- //
-
- int verifyError = X509_STORE_CTX_get_error(x509StoreContext);
- int errorDepth = X509_STORE_CTX_get_error_depth(x509StoreContext);
- int verifyDepth = SSL_get_verify_depth(sslConnection);
-
- // Verify Depth was set
- if (verifyError != X509_V_OK)
- {
- // If we have no errors so far, and the certificate chain is too long
- if ((verifyDepth != -1) && (verifyDepth < errorDepth))
- {
- verifyError = X509_V_ERR_CERT_CHAIN_TOO_LONG;
- }
-
- // If we have ANY errors, we bail out.
- preVerifyOkay = 0;
- }
-
- // Only if ICE_PROTOCOL level logging is on do we worry about this.
- if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
- {
- char buf[256];
-
- X509* err_cert = X509_STORE_CTX_get_current_cert(x509StoreContext);
-
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
-
- ostringstream outStringStream;
-
- outStringStream << "depth = " << errorDepth << ":" << buf << endl;
-
- if (!preVerifyOkay)
- {
- outStringStream << "verify error: num = " << verifyError << " : "
- << X509_verify_cert_error_string(verifyError) << endl;
-
- }
-
- switch (verifyError)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- {
- X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
- outStringStream << "issuer = " << buf << endl;
- break;
- }
-
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- {
- outStringStream << "notBefore = " << getASN1time(X509_get_notBefore(err_cert)) << endl;
- break;
- }
-
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- {
- outStringStream << "notAfter = " << getASN1time(X509_get_notAfter(err_cert)) << endl;
- break;
- }
- }
-
- outStringStream << "verify return = " << preVerifyOkay << endl;
-
- _logger->trace(_traceLevels->securityCat, outStringStream.str());
- }
-
- return preVerifyOkay;
-}
+ +//////////////////////////////////////////////// +////////// DefaultCertificateVerifier ////////// +//////////////////////////////////////////////// + +IceSecurity::Ssl::OpenSSL::DefaultCertificateVerifier::DefaultCertificateVerifier() +{ +} + +void +IceSecurity::Ssl::OpenSSL::DefaultCertificateVerifier::setTraceLevels(const TraceLevelsPtr& traceLevels) +{ + _traceLevels = traceLevels; +} + +void +IceSecurity::Ssl::OpenSSL::DefaultCertificateVerifier::setLogger(const LoggerPtr& logger) +{ + _logger = logger; +} + +int +IceSecurity::Ssl::OpenSSL::DefaultCertificateVerifier::verify(int preVerifyOkay, + X509_STORE_CTX* x509StoreContext, + SSL* sslConnection) +{ + // + // Default verification steps. + // + + int verifyError = X509_STORE_CTX_get_error(x509StoreContext); + int errorDepth = X509_STORE_CTX_get_error_depth(x509StoreContext); + int verifyDepth = SSL_get_verify_depth(sslConnection); + + // Verify Depth was set + if (verifyError != X509_V_OK) + { + // If we have no errors so far, and the certificate chain is too long + if ((verifyDepth != -1) && (verifyDepth < errorDepth)) + { + verifyError = X509_V_ERR_CERT_CHAIN_TOO_LONG; + X509_STORE_CTX_set_error(x509StoreContext, verifyError); + } + + // If we have ANY errors, we bail out. + preVerifyOkay = 0; + } + + // Only if ICE_PROTOCOL level logging is on do we worry about this. + if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) + { + char buf[256]; + + X509* err_cert = X509_STORE_CTX_get_current_cert(x509StoreContext); + + X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); + + ostringstream outStringStream; + + outStringStream << "depth = " << errorDepth << ":" << buf << endl; + + if (!preVerifyOkay) + { + outStringStream << "verify error: num = " << verifyError << " : " + << X509_verify_cert_error_string(verifyError) << endl; + + } + + switch (verifyError) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + { + X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf)); + outStringStream << "issuer = " << buf << endl; + break; + } + + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + { + outStringStream << "notBefore = " << getASN1time(X509_get_notBefore(err_cert)) << endl; + break; + } + + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + { + outStringStream << "notAfter = " << getASN1time(X509_get_notAfter(err_cert)) << endl; + break; + } + } + + outStringStream << "verify return = " << preVerifyOkay << endl; + + _logger->trace(_traceLevels->securityCat, outStringStream.str()); + } + + return preVerifyOkay; +} //////////////////////////////// ////////// Connection ////////// //////////////////////////////// -
-//
-// Static Member Initialization
-//
-IceSecurity::Ssl::OpenSSL::SslConnectionMap IceSecurity::Ssl::OpenSSL::Connection::_connectionMap;
-::IceUtil::Mutex IceSecurity::Ssl::OpenSSL::Connection::_connectionRepositoryMutex;
+ +// +// Static Member Initialization +// +IceSecurity::Ssl::OpenSSL::SslConnectionMap IceSecurity::Ssl::OpenSSL::Connection::_connectionMap; +::IceUtil::Mutex IceSecurity::Ssl::OpenSSL::Connection::_connectionRepositoryMutex; // // Public Methods // -void ::IceInternal::incRef(::IceSecurity::Ssl::OpenSSL::Connection* p) { p->__incRef(); }
-void ::IceInternal::decRef(::IceSecurity::Ssl::OpenSSL::Connection* p) { p->__decRef(); }
-
-IceSecurity::Ssl::OpenSSL::Connection::Connection(const CertificateVerifierPtr& certificateVerifier,
- SSL* sslConnection,
- const SystemPtr& system) :
+void ::IceInternal::incRef(::IceSecurity::Ssl::OpenSSL::Connection* p) { p->__incRef(); } +void ::IceInternal::decRef(::IceSecurity::Ssl::OpenSSL::Connection* p) { p->__decRef(); } + +IceSecurity::Ssl::OpenSSL::Connection::Connection(const CertificateVerifierPtr& certificateVerifier, + SSL* sslConnection, + const SystemPtr& system) : IceSecurity::Ssl::Connection(certificateVerifier), _sslConnection(sslConnection), _system(system) @@ -173,17 +180,17 @@ IceSecurity::Ssl::OpenSSL::Connection::Connection(const CertificateVerifierPtr& _initWantWrite = 0; // None configured, default to indicated timeout - _handshakeReadTimeout = 0;
-
- // Set up the SSL to be able to refer back to our connection object.
- addConnection(_sslConnection, this);
+ _handshakeReadTimeout = 0; + + // Set up the SSL to be able to refer back to our connection object. + addConnection(_sslConnection, this); } IceSecurity::Ssl::OpenSSL::Connection::~Connection() { if (_sslConnection != 0) { - removeConnection(_sslConnection);
+ removeConnection(_sslConnection); Factory::removeSystemHandle(_sslConnection); SSL_free(_sslConnection); _sslConnection = 0; @@ -195,13 +202,13 @@ IceSecurity::Ssl::OpenSSL::Connection::shutdown() { if (_sslConnection != 0) { - if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN " +
- string("shutting down SSL connection\n") +
- fdToString(SSL_get_fd(_sslConnection)));
- }
-
+ if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) + { + _logger->trace(_traceLevels->securityCat, "WRN " + + string("shutting down SSL connection\n") + + fdToString(SSL_get_fd(_sslConnection))); + } + int shutdown = 0; int retries = 100; @@ -217,64 +224,85 @@ IceSecurity::Ssl::OpenSSL::Connection::shutdown() ostringstream s; s << "SSL shutdown failure encountered: code[" << shutdown << "] retries["; s << retries << "]\n" << fdToString(SSL_get_fd(_sslConnection)); - _logger->trace(_traceLevels->securityCat, s.str());
+ _logger->trace(_traceLevels->securityCat, s.str()); + } + } +} + +void +IceSecurity::Ssl::OpenSSL::Connection::setTrace(const TraceLevelsPtr& traceLevels) +{ + _traceLevels = traceLevels; +} + +void +IceSecurity::Ssl::OpenSSL::Connection::setLogger(const LoggerPtr& traceLevels) +{ + _logger = traceLevels; +} + +void +IceSecurity::Ssl::OpenSSL::Connection::setHandshakeReadTimeout(int timeout) +{ + _handshakeReadTimeout = timeout; +} + +IceSecurity::Ssl::OpenSSL::ConnectionPtr +IceSecurity::Ssl::OpenSSL::Connection::getConnection(SSL* sslPtr) +{ + IceUtil::Mutex::Lock sync(_connectionRepositoryMutex); + + assert(sslPtr); + + Connection* connection = _connectionMap[sslPtr]; + + assert(connection); + + return ConnectionPtr(connection); +} + +int +IceSecurity::Ssl::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX* x509StoreContext) +{ + // Should NEVER be able to happen. + assert(_certificateVerifier.get() != 0); + + // Get the verifier, make sure it is for OpenSSL connections + IceSecurity::Ssl::OpenSSL::CertificateVerifier* verifier; + verifier = dynamic_cast<IceSecurity::Ssl::OpenSSL::CertificateVerifier*>(_certificateVerifier.get()); + + // Check to make sure we have a proper verifier for the operation. + if (verifier) + { + // Use the verifier to verify the certificate + preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection); + } + else + { + // Note: This code should NEVER be able to be reached, as we check each + // CertificateVerifier as it is added to the System. + + if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) + { + string errorString; + + if (_certificateVerifier.get()) + { + errorString = "WRN Improper CertificateVerifier type."; + } + else + { + // NOTE: This should NEVER be able to happen, but just in case. + errorString = "WRN CertificateVerifier not set."; + } + + _logger->trace(_traceLevels->securityCat, errorString); } } + + return preVerifyOkay; } -void
-IceSecurity::Ssl::OpenSSL::Connection::setTrace(const TraceLevelsPtr& traceLevels)
-{
- _traceLevels = traceLevels;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::setLogger(const LoggerPtr& traceLevels)
-{
- _logger = traceLevels;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::setHandshakeReadTimeout(int timeout)
-{
- _handshakeReadTimeout = timeout;
-}
-
-IceSecurity::Ssl::OpenSSL::ConnectionPtr
-IceSecurity::Ssl::OpenSSL::Connection::getConnection(SSL* sslPtr)
-{
- IceUtil::Mutex::Lock sync(_connectionRepositoryMutex);
-
- assert(sslPtr);
-
- Connection* connection = _connectionMap[sslPtr];
-
- assert(connection);
-
- return ConnectionPtr(connection);
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX* x509StoreContext)
-{
- // Get the verifier, make sure it is for OpenSSL connections
- IceSecurity::Ssl::OpenSSL::CertificateVerifier* verifier;
- verifier = dynamic_cast<IceSecurity::Ssl::OpenSSL::CertificateVerifier*>(_certificateVerifier.get());
-
- // Check to make sure we have a proper verifier for the operation.
- if (!verifier)
- {
- // TODO: Throw exception here
- // throw SslIncorrectVerifierTypeException(__FILE__, __LINE__);
- return 0;
- }
-
- // Use the verifier to verify the certificate
- preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection);
-
- return preVerifyOkay;
-}
-
// // Protected Methods // @@ -309,7 +337,7 @@ int IceSecurity::Ssl::OpenSSL::Connection::initialize(int timeout) { int retCode = 0; - + while (true) { // One lucky thread will get the honor of carrying out the hanshake, @@ -421,12 +449,11 @@ IceSecurity::Ssl::OpenSSL::Connection::readInBuffer(Buffer& buf) if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) { - string protocolString = "Copied "; - protocolString += Int(bytesRead); - protocolString += string(" bytes from SSL buffer\n"); - protocolString += fdToString(SSL_get_fd(_sslConnection)); -
- _logger->trace(_traceLevels->securityCat, protocolString);
+ ostringstream protocolMsg; + protocolMsg << "Copied " << dec << bytesRead << " bytes from SSL buffer\n"; + protocolMsg << fdToString(SSL_get_fd(_sslConnection)); + + _logger->trace(_traceLevels->securityCat, protocolMsg.str()); } } @@ -544,6 +571,7 @@ IceSecurity::Ssl::OpenSSL::Connection::readSSL(Buffer& buf, int timeout) if (initReturn == -1) { // Handshake underway, timeout immediately, easy way to deal with this. + // _logger->trace(_traceLevels->securityCat, "Throwing TimeoutException, Line 566"); throw TimeoutException(__FILE__, __LINE__); } @@ -566,10 +594,10 @@ IceSecurity::Ssl::OpenSSL::Connection::readSSL(Buffer& buf, int timeout) if (!bytesPending) { - if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
- {
- _logger->trace(_traceLevels->securityCat, "No pending application-level bytes.");
- }
+ if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) + { + _logger->trace(_traceLevels->securityCat, "No pending application-level bytes."); + } // We're done here. break; @@ -663,7 +691,7 @@ IceSecurity::Ssl::OpenSSL::Connection::readSSL(Buffer& buf, int timeout) // Protocol Error: Unexpected EOF protocolEx._message = "Encountered an EOF that violates the SSL Protocol.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -674,7 +702,7 @@ IceSecurity::Ssl::OpenSSL::Connection::readSSL(Buffer& buf, int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx._message = "Encountered a violation of the SSL Protocol.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -737,23 +765,24 @@ IceSecurity::Ssl::OpenSSL::Connection::sslGetErrors() return errorMessage; } -
-void
-IceSecurity::Ssl::OpenSSL::Connection::addConnection(SSL* sslPtr, Connection* connection)
-{
- assert(sslPtr);
- assert(connection);
- _connectionMap[sslPtr] = connection;
-}
- -void
-IceSecurity::Ssl::OpenSSL::Connection::removeConnection(SSL* sslPtr)
-{
- IceUtil::Mutex::Lock sync(_connectionRepositoryMutex);
- assert(sslPtr);
- _connectionMap.erase(sslPtr);
-}
-
+ +void +IceSecurity::Ssl::OpenSSL::Connection::addConnection(SSL* sslPtr, Connection* connection) +{ + assert(sslPtr); + assert(connection); + IceUtil::Mutex::Lock sync(_connectionRepositoryMutex); + _connectionMap[sslPtr] = connection; +} + +void +IceSecurity::Ssl::OpenSSL::Connection::removeConnection(SSL* sslPtr) +{ + assert(sslPtr); + IceUtil::Mutex::Lock sync(_connectionRepositoryMutex); + _connectionMap.erase(sslPtr); +} + void IceSecurity::Ssl::OpenSSL::Connection::showCertificateChain(BIO* bio) { diff --git a/cpp/src/Ice/SslConnectionOpenSSL.h b/cpp/src/Ice/SslConnectionOpenSSL.h index dee4a2aa07e..351c555a663 100644 --- a/cpp/src/Ice/SslConnectionOpenSSL.h +++ b/cpp/src/Ice/SslConnectionOpenSSL.h @@ -11,13 +11,13 @@ #ifndef ICE_SSL_CONNECTION_OPENSSL_H #define ICE_SSL_CONNECTION_OPENSSL_H -#include <map>
+#include <map> #include <openssl/ssl.h> #include <IceUtil/Mutex.h> #include <Ice/SslConnection.h> -#include <Ice/SslSystemF.h>
-#include <Ice/SslConnectionOpenSSLF.h>
-#include <Ice/SslCertificateVerifier.h> +#include <Ice/SslSystemF.h> +#include <Ice/SslConnectionOpenSSLF.h> +#include <Ice/SslCertificateVerifierOpenSSL.h> namespace IceSecurity { @@ -28,9 +28,6 @@ namespace Ssl namespace OpenSSL { -using namespace Ice; -using namespace std; -
class SafeFlag { public: @@ -109,30 +106,30 @@ private: bool _ownHandshake; SafeFlag& _flag; }; -
-class DefaultCertificateVerifier : public CertificateVerifier
-{
-
-public:
- DefaultCertificateVerifier();
-
- void setTraceLevels(const TraceLevelsPtr&);
- void setLogger(const LoggerPtr&);
-
- virtual int verify(int, X509_STORE_CTX*, SSL*);
-
-private:
- TraceLevelsPtr _traceLevels;
- LoggerPtr _logger;
-};
-
-// NOTE: This is a mapping from SSL* to Connection*, for use with the verifyCallback.
-// I have purposely not used ConnectionPtr here, as connections register themselves
-// with this map on construction and unregister themselves in the destructor. If
-// this map used ConnectionPtr, Connection instances would never destruct as there
-// would always be a reference to them from the map.
-typedef map<SSL*, Connection*> SslConnectionMap;
-
+ +class DefaultCertificateVerifier : public IceSecurity::Ssl::OpenSSL::CertificateVerifier +{ + +public: + DefaultCertificateVerifier(); + + void setTraceLevels(const IceInternal::TraceLevelsPtr&); + void setLogger(const Ice::LoggerPtr&); + + virtual int verify(int, X509_STORE_CTX*, SSL*); + +private: + IceInternal::TraceLevelsPtr _traceLevels; + Ice::LoggerPtr _logger; +}; + +// NOTE: This is a mapping from SSL* to Connection*, for use with the verifyCallback. +// I have purposely not used ConnectionPtr here, as connections register themselves +// with this map on construction and unregister themselves in the destructor. If +// this map used ConnectionPtr, Connection instances would never destruct as there +// would always be a reference to them from the map. +typedef std::map<SSL*, Connection*> SslConnectionMap; + class Connection : public IceSecurity::Ssl::Connection { public: @@ -142,20 +139,20 @@ public: virtual void shutdown(); - virtual int read(Buffer&, int) = 0; - virtual int write(Buffer&, int) = 0; + virtual int read(IceInternal::Buffer&, int) = 0; + virtual int write(IceInternal::Buffer&, int) = 0; virtual int init(int timeout = 0) = 0; - void setTrace(const TraceLevelsPtr& traceLevels); - void setLogger(const LoggerPtr& traceLevels); + void setTrace(const IceInternal::TraceLevelsPtr& traceLevels); + void setLogger(const Ice::LoggerPtr& traceLevels); void setHandshakeReadTimeout(int timeout); -
- static ConnectionPtr getConnection(SSL*);
-
- // Callback from OpenSSL for purposes of certificate verification
- int verifyCertificate(int, X509_STORE_CTX*);
+ + static ConnectionPtr getConnection(SSL*); + + // Callback from OpenSSL for purposes of certificate verification + int verifyCertificate(int, X509_STORE_CTX*); protected: @@ -172,18 +169,18 @@ protected: void protocolWrite(); - int readInBuffer(Buffer&); + int readInBuffer(IceInternal::Buffer&); int readSelect(int); int writeSelect(int); - int readSSL(Buffer&, int); + int readSSL(IceInternal::Buffer&, int); // Retrieves errors from the OpenSSL library. - string sslGetErrors(); -
- static void addConnection(SSL*, Connection*);
- static void removeConnection(SSL*);
+ std::string sslGetErrors(); + + static void addConnection(SSL*, Connection*); + static void removeConnection(SSL*); virtual void showConnectionInfo() = 0; @@ -196,9 +193,9 @@ protected: void showClientCAList(BIO*, const char*); void setLastError(int errorCode) { _lastError = errorCode; }; -
- static SslConnectionMap _connectionMap;
- static ::IceUtil::Mutex _connectionRepositoryMutex;
+ + static SslConnectionMap _connectionMap; + static ::IceUtil::Mutex _connectionRepositoryMutex; // Pointer to the OpenSSL Connection structure. SSL* _sslConnection; @@ -209,13 +206,13 @@ protected: // TODO: Review this after a healthy stint of testing // Buffer for application data that may be returned during handshake // (probably won't contain anything, may be removed later). - Buffer _inBuffer; + ::IceInternal::Buffer _inBuffer; ::IceUtil::Mutex _inBufferMutex; ::IceUtil::Mutex _handshakeWaitMutex; - TraceLevelsPtr _traceLevels; - LoggerPtr _logger; + IceInternal::TraceLevelsPtr _traceLevels; + Ice::LoggerPtr _logger; SafeFlag _handshakeFlag; int _initWantRead; diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp index e3d0bfa7b7b..8937baeae53 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp @@ -11,7 +11,7 @@ #include <string> #include <sstream> #include <Ice/Network.h> -#include <Ice/OpenSSL.h>
+#include <Ice/OpenSSL.h> #include <Ice/SecurityException.h> #include <Ice/SslConnectionOpenSSLClient.h> @@ -20,6 +20,8 @@ using IceSecurity::Ssl::ShutdownException; using IceSecurity::Ssl::SystemPtr; +using Ice::ConnectionLostException; +using Ice::SocketException; using namespace IceInternal; using namespace std; @@ -37,8 +39,8 @@ using std::dec; // Public Methods // -IceSecurity::Ssl::OpenSSL::ClientConnection::ClientConnection(const CertificateVerifierPtr& certificateVerifier,
- SSL* connection,
+IceSecurity::Ssl::OpenSSL::ClientConnection::ClientConnection(const CertificateVerifierPtr& certificateVerifier, + SSL* connection, const SystemPtr& system) : Connection(certificateVerifier, connection, system) { @@ -154,7 +156,7 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::init(int timeout) // Protocol Error: Unexpected EOF protocolEx._message = "Encountered an EOF during handshake that violates the SSL Protocol.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -165,7 +167,7 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::init(int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx._message = "Encountered a violation of the SSL Protocol during handshake.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -344,7 +346,7 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::write(Buffer& buf, int timeout) // Protocol Error: Unexpected EOF protocolEx._message = "Encountered an EOF that violates the SSL Protocol.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -360,7 +362,7 @@ IceSecurity::Ssl::OpenSSL::ClientConnection::write(Buffer& buf, int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx._message = "Encountered a violation of the SSL Protocol.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.h b/cpp/src/Ice/SslConnectionOpenSSLClient.h index 9faa82df08a..fdf0e6c0779 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLClient.h +++ b/cpp/src/Ice/SslConnectionOpenSSLClient.h @@ -22,21 +22,17 @@ namespace Ssl namespace OpenSSL { -using namespace Ice; - -using IceSecurity::Ssl::SystemPtr; - class ClientConnection : public Connection { public: - ClientConnection(const CertificateVerifierPtr&, SSL*, const SystemPtr&); + ClientConnection(const CertificateVerifierPtr&, SSL*, const IceSecurity::Ssl::SystemPtr&); virtual ~ClientConnection(); virtual void shutdown(); virtual int init(int timeout = 0); - virtual int read(Buffer&, int); - virtual int write(Buffer&, int); + virtual int read(IceInternal::Buffer&, int); + virtual int write(IceInternal::Buffer&, int); protected: diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp index 91409ced3b4..c9c05900ff2 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp @@ -11,7 +11,7 @@ #include <string> #include <sstream> #include <Ice/Network.h> -#include <Ice/OpenSSL.h>
+#include <Ice/OpenSSL.h> #include <Ice/SecurityException.h> #include <Ice/SslConnectionOpenSSLServer.h> @@ -22,6 +22,9 @@ using IceSecurity::Ssl::CertificateException; using IceSecurity::Ssl::ProtocolException; using IceSecurity::Ssl::SystemPtr; +using Ice::ConnectionLostException; +using Ice::SocketException; + using namespace IceInternal; using namespace std; @@ -38,8 +41,8 @@ using std::dec; // Public Methods // -IceSecurity::Ssl::OpenSSL::ServerConnection::ServerConnection(const CertificateVerifierPtr& certificateVerifier,
- SSL* connection,
+IceSecurity::Ssl::OpenSSL::ServerConnection::ServerConnection(const CertificateVerifierPtr& certificateVerifier, + SSL* connection, const SystemPtr& system) : Connection(certificateVerifier, connection, system) { @@ -112,7 +115,7 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx._message = "Encountered an SSL Protocol violation during handshake.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -178,7 +181,7 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout) // Protocol Error: Unexpected EOF protocolEx._message = "Encountered an EOF during handshake that violates the SSL Protocol.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -189,7 +192,7 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx._message = "Encountered a violation of the SSL Protocol during handshake.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -341,7 +344,7 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::write(Buffer& buf, int timeout) // Protocol Error: Unexpected EOF protocolEx._message = "Encountered an EOF that violates the SSL Protocol.\n"; - protocolEx._message += sslGetErrors();
+ protocolEx._message += sslGetErrors(); throw protocolEx; } @@ -352,8 +355,8 @@ IceSecurity::Ssl::OpenSSL::ServerConnection::write(Buffer& buf, int timeout) ProtocolException protocolEx(__FILE__, __LINE__); protocolEx._message = "Encountered a violation of the SSL Protocol.\n"; - protocolEx._message += sslGetErrors();
-
+ protocolEx._message += sslGetErrors(); + throw protocolEx; } diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.h b/cpp/src/Ice/SslConnectionOpenSSLServer.h index c24e703aafb..ae348a6d2a2 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLServer.h +++ b/cpp/src/Ice/SslConnectionOpenSSLServer.h @@ -22,21 +22,17 @@ namespace Ssl namespace OpenSSL { -using namespace Ice; - -using IceSecurity::Ssl::SystemPtr; - class ServerConnection : public Connection { public: - ServerConnection(const CertificateVerifierPtr&, SSL*, const SystemPtr&); + ServerConnection(const CertificateVerifierPtr&, SSL*, const IceSecurity::Ssl::SystemPtr&); virtual ~ServerConnection(); virtual void shutdown(); virtual int init(int timeout = 0); - virtual int read(Buffer&, int); - virtual int write(Buffer&, int); + virtual int read(IceInternal::Buffer&, int); + virtual int write(IceInternal::Buffer&, int); protected: diff --git a/cpp/src/Ice/SslConnector.cpp b/cpp/src/Ice/SslConnector.cpp index f4b2514573d..4df3a76b1e4 100644 --- a/cpp/src/Ice/SslConnector.cpp +++ b/cpp/src/Ice/SslConnector.cpp @@ -64,7 +64,7 @@ IceInternal::SslConnector::connect(int timeout) // This is the Ice SSL Configuration File on which we will base // all connections in this communicator. - string configFile = properties->getProperty("Ice.Ssl.Config"); + string configFile = properties->getProperty("Ice.Security.Ssl.Config"); // Get an instance of the SslOpenSSL singleton. SystemPtr sslSystem = Factory::getSystem(configFile); diff --git a/cpp/src/Ice/SslFactory.cpp b/cpp/src/Ice/SslFactory.cpp index 7ff34d6ff89..0503e256919 100644 --- a/cpp/src/Ice/SslFactory.cpp +++ b/cpp/src/Ice/SslFactory.cpp @@ -19,7 +19,7 @@ #include <Ice/SslFactory.h> #include <Ice/SslSystemOpenSSL.h> -#include <Ice/OpenSSL.h>
+#include <Ice/OpenSSL.h> #define OPENSSL_THREAD_DEFINES #include <openssl/opensslconf.h> @@ -193,19 +193,56 @@ IceSecurity::Ssl::Factory::reapSystems() void IceSecurity::Ssl::setSystemCertificateVerifier(const string& systemIdentifier, - CertificateVerifierType verifierType, + SslContextType contextType, const CertificateVerifierPtr& certificateVerifier) { SystemPtr sslSystem = Factory::getSystem(systemIdentifier); - if ((verifierType == Client) || (verifierType == ClientServer)) + if ((contextType == Client) || (contextType == ClientServer)) { sslSystem->setClientCertificateVerifier(certificateVerifier); } - if ((verifierType == Server) || (verifierType == ClientServer)) + if ((contextType == Server) || (contextType == ClientServer)) { sslSystem->setServerCertificateVerifier(certificateVerifier); } } +void +IceSecurity::Ssl::setSystemCertAuthCertificate(const string& systemIdentifier, + SslContextType contextType, + const string& caCertString) +{ + SystemPtr sslSystem = Factory::getSystem(systemIdentifier); + + if ((contextType == Client) || (contextType == ClientServer)) + { + sslSystem->setClientCertAuthorityCertificate(caCertString); + } + + if ((contextType == Server) || (contextType == ClientServer)) + { + sslSystem->setServerCertAuthorityCertificate(caCertString); + } +} + +void +IceSecurity::Ssl::setSystemRSAKeysBase64(const string& systemIdentifier, + SslContextType contextType, + const string& privateKey, + const string& publicKey) +{ + SystemPtr sslSystem = Factory::getSystem(systemIdentifier); + + if ((contextType == Client) || (contextType == ClientServer)) + { + sslSystem->setClientRSAKeysBase64(privateKey, publicKey); + } + + if ((contextType == Server) || (contextType == ClientServer)) + { + sslSystem->setServerRSAKeysBase64(privateKey, publicKey); + } +} + diff --git a/cpp/src/Ice/SslFactory.h b/cpp/src/Ice/SslFactory.h index b51fef870de..ed9c1c05af7 100644 --- a/cpp/src/Ice/SslFactory.h +++ b/cpp/src/Ice/SslFactory.h @@ -14,30 +14,18 @@ #include <string> #include <map> #include <IceUtil/Mutex.h> -#include <Ice/SslSystemF.h>
+#include <Ice/SslSystemF.h> #include <Ice/SslCertificateVerifierF.h> +#include <Ice/Security.h> -#ifdef WIN32
-# ifdef ICE_API_EXPORTS
-# define ICE_API __declspec(dllexport)
-# else
-# define ICE_API __declspec(dllimport)
-# endif
-#else
-# define ICE_API /**/
-#endif
-
namespace IceSecurity { namespace Ssl { -using std::string; -using std::map; - -typedef map<string, SystemPtr> SystemMap; -typedef map<void*, SystemPtr> SslHandleSystemMap; +typedef std::map<std::string, SystemPtr> SystemMap; +typedef std::map<void*, SystemPtr> SslHandleSystemMap; // This is defined as a class so as to ensure encapsulation. We don't // want just anybody creating System instances - when all this is moved @@ -49,7 +37,7 @@ class Factory { public: - static SystemPtr getSystem(const string&); + static SystemPtr getSystem(const std::string&); // System Handle related methods static void addSystemHandle(void*, const SystemPtr&); @@ -64,20 +52,6 @@ private: static void reapSystems(); }; -
-// TODO: This is NOT how this should be done, but to get us over the hump for the
-// time being, we'll take this shortcut.
-
-typedef enum
-{
- None = 0,
- Client,
- Server,
- ClientServer
-} ICE_API CertificateVerifierType;
-
-
-void ICE_API setSystemCertificateVerifier(const string&, CertificateVerifierType, const CertificateVerifierPtr&);
} diff --git a/cpp/src/Ice/SslGeneralConfig.h b/cpp/src/Ice/SslGeneralConfig.h index f8f06f8443d..5ef95e94bcd 100644 --- a/cpp/src/Ice/SslGeneralConfig.h +++ b/cpp/src/Ice/SslGeneralConfig.h @@ -20,9 +20,6 @@ namespace IceSecurity namespace Ssl { -using std::string; -using std::ostream; - class GeneralConfig { @@ -33,12 +30,12 @@ public: inline int getVerifyMode() const { return _verifyMode; }; inline int getVerifyDepth() const { return _verifyDepth; }; - inline string getContext() const { return _context; }; - inline string getCipherList() const { return _cipherList; }; - inline string getRandomBytesFiles() const { return _randomBytesFiles; }; + inline std::string getContext() const { return _context; }; + inline std::string getCipherList() const { return _cipherList; }; + inline std::string getRandomBytesFiles() const { return _randomBytesFiles; }; // General method - it will figure out how to properly parse the data. - void set(string&, string&); + void set(std::string&, std::string&); protected: @@ -47,23 +44,23 @@ protected: int _verifyMode; int _verifyDepth; - string _context; - string _cipherList; - string _randomBytesFiles; + std::string _context; + std::string _cipherList; + std::string _randomBytesFiles; - void parseVersion(string&); - void parseVerifyMode(string&); + void parseVersion(std::string&); + void parseVerifyMode(std::string&); }; template<class Stream> inline Stream& operator << (Stream& target, const GeneralConfig& generalConfig) { - target << "Protocol: " << generalConfig.getProtocol() << endl; - target << "Verify Mode: " << generalConfig.getVerifyMode() << endl; - target << "Verify Depth: " << generalConfig.getVerifyDepth() << endl; - target << "Context: " << generalConfig.getContext() << endl; - target << "Cipher List: " << generalConfig.getCipherList() << endl; - target << "Random Bytes: " << generalConfig.getRandomBytesFiles() << endl; + target << "Protocol: " << generalConfig.getProtocol() << std::endl; + target << "Verify Mode: " << generalConfig.getVerifyMode() << std::endl; + target << "Verify Depth: " << generalConfig.getVerifyDepth() << std::endl; + target << "Context: " << generalConfig.getContext() << std::endl; + target << "Cipher List: " << generalConfig.getCipherList() << std::endl; + target << "Random Bytes: " << generalConfig.getRandomBytesFiles() << std::endl; return target; } diff --git a/cpp/src/Ice/SslIceUtils.cpp b/cpp/src/Ice/SslIceUtils.cpp new file mode 100644 index 00000000000..2a443f75d18 --- /dev/null +++ b/cpp/src/Ice/SslIceUtils.cpp @@ -0,0 +1,34 @@ +// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <IceUtil/Config.h> +#include <Ice/SslIceUtils.h> +#include <iterator> + +void +IceSecurity::Ssl::ucharToByteSeq(unsigned char* ucharBuffer, int length, Ice::ByteSeq& destBuffer) +{ + destBuffer.reserve(length); + std::copy(ucharBuffer, (ucharBuffer + length), std::back_inserter(destBuffer)); +} + +unsigned char* +IceSecurity::Ssl::byteSeqToUChar(const Ice::ByteSeq& sequence) +{ + int seqSize = sequence.size(); + + assert(seqSize > 0); + + unsigned char* ucharSeq = new unsigned char[seqSize]; + unsigned char* ucharPtr = ucharSeq; + std::copy(sequence.begin(), sequence.end(), ucharPtr); + + return ucharSeq; +} diff --git a/cpp/src/Ice/SslIceUtils.h b/cpp/src/Ice/SslIceUtils.h new file mode 100644 index 00000000000..274d66c36dc --- /dev/null +++ b/cpp/src/Ice/SslIceUtils.h @@ -0,0 +1,32 @@ +// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_ICE_UTILS_H +#define ICE_SSL_ICE_UTILS_H + +#include <IceUtil/Config.h> +#include <Ice/BuiltinSequences.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +void ucharToByteSeq(unsigned char*, int, Ice::ByteSeq&); + +unsigned char* byteSeqToUChar(const Ice::ByteSeq&); + +} + +} + +#endif + diff --git a/cpp/src/Ice/SslOpenSSLUtils.h b/cpp/src/Ice/SslOpenSSLUtils.h index 654c2392f06..56434e1ee79 100644 --- a/cpp/src/Ice/SslOpenSSLUtils.h +++ b/cpp/src/Ice/SslOpenSSLUtils.h @@ -20,13 +20,11 @@ namespace Ssl namespace OpenSSL
{
-using std::string;
+std::string getGeneralizedTime(ASN1_GENERALIZEDTIME *tm);
-string getGeneralizedTime(ASN1_GENERALIZEDTIME *tm);
+std::string getUTCTime(ASN1_UTCTIME *tm);
-string getUTCTime(ASN1_UTCTIME *tm);
-
-string getASN1time(ASN1_TIME *tm);
+std::string getASN1time(ASN1_TIME *tm);
}
diff --git a/cpp/src/Ice/SslRSACertificateGen.cpp b/cpp/src/Ice/SslRSACertificateGen.cpp index 8b081c9c6af..3e85bbf58ac 100644 --- a/cpp/src/Ice/SslRSACertificateGen.cpp +++ b/cpp/src/Ice/SslRSACertificateGen.cpp @@ -12,6 +12,8 @@ #include <Ice/SslRSACertificateGen.h>
#include <Ice/SslJanitors.h>
#include <Ice/SslRSAKeyPair.h>
+#include <Ice/SslRSAPrivateKey.h>
+#include <Ice/SslRSAPublicKey.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -239,7 +241,9 @@ IceSecurity::Ssl::OpenSSL::RSACertificateGen::generate(const RSACertificateGenCo pkey->pkey.ptr = 0;
// Constructing our object.
- RSAKeyPair* keyPairPtr = new RSAKeyPair(rsaKeyPair, x509SelfSigned);
+ RSAPrivateKeyPtr privKeyPtr = new RSAPrivateKey(rsaKeyPair);
+ RSAPublicKeyPtr pubKeyPtr = new RSAPublicKey(x509SelfSigned);
+ RSAKeyPair* keyPairPtr = new RSAKeyPair(privKeyPtr, pubKeyPtr);
// Don't let them clean up, we're keeping those around.
rsaJanitor.clear();
diff --git a/cpp/src/Ice/SslRSAKeyPair.cpp b/cpp/src/Ice/SslRSAKeyPair.cpp index 18842e22bf0..e2876ebc845 100644 --- a/cpp/src/Ice/SslRSAKeyPair.cpp +++ b/cpp/src/Ice/SslRSAKeyPair.cpp @@ -11,6 +11,8 @@ #include <IceUtil/Config.h>
#include <IceUtil/Base64.h>
#include <Ice/SslRSAKeyPair.h>
+#include <Ice/SslRSAPrivateKey.h>
+#include <Ice/SslRSAPublicKey.h>
#include <assert.h>
void ::IceInternal::incRef(::IceSecurity::Ssl::OpenSSL::RSAKeyPair* p) { p->__incRef(); }
@@ -20,8 +22,11 @@ using std::back_inserter; using std::string;
using IceUtil::Base64;
-IceSecurity::Ssl::OpenSSL::RSAKeyPair::RSAKeyPair(const string& key, const string& cert)
+IceSecurity::Ssl::OpenSSL::RSAKeyPair::RSAKeyPair(const string& key, const string& cert) :
+ _privateKey(new RSAPrivateKey(key)),
+ _publicKey(new RSAPublicKey(cert))
{
+/*
_privateKey = 0;
_publicKey = 0;
@@ -30,41 +35,57 @@ IceSecurity::Ssl::OpenSSL::RSAKeyPair::RSAKeyPair(const string& key, const strin byteSeqToKey(keySeq);
byteSeqToCert(certSeq);
+*/
}
-IceSecurity::Ssl::OpenSSL::RSAKeyPair::RSAKeyPair(const ByteSeq& keySeq, const ByteSeq& certSeq)
+IceSecurity::Ssl::OpenSSL::RSAKeyPair::RSAKeyPair(const ByteSeq& keySeq, const ByteSeq& certSeq) :
+ _privateKey(new RSAPrivateKey(keySeq)),
+ _publicKey(new RSAPublicKey(certSeq))
{
+/*
_privateKey = 0;
_publicKey = 0;
byteSeqToKey(keySeq);
byteSeqToCert(certSeq);
+*/
}
IceSecurity::Ssl::OpenSSL::RSAKeyPair::~RSAKeyPair()
{
+/*
RSA_free(_privateKey);
X509_free(_publicKey);
+*/
}
void
IceSecurity::Ssl::OpenSSL::RSAKeyPair::keyToBase64(string& b64Key)
{
+ _privateKey->keyToBase64(b64Key);
+
+/*
ByteSeq keySeq;
keyToByteSeq(keySeq);
b64Key = Base64::encode(keySeq);
+*/
}
void
IceSecurity::Ssl::OpenSSL::RSAKeyPair::certToBase64(string& b64Cert)
{
+ _publicKey->certToBase64(b64Cert);
+/*
ByteSeq certSeq;
certToByteSeq(certSeq);
b64Cert = Base64::encode(certSeq);
+*/
}
void
IceSecurity::Ssl::OpenSSL::RSAKeyPair::keyToByteSeq(ByteSeq& keySeq)
{
+ _privateKey->keyToByteSeq(keySeq);
+/*
assert(_privateKey);
// Output the Private Key to a char buffer
@@ -81,11 +102,15 @@ IceSecurity::Ssl::OpenSSL::RSAKeyPair::keyToByteSeq(ByteSeq& keySeq) ucharToByteSeq(privateKeyBuffer, privKeySize, keySeq);
delete []privateKeyBuffer;
+*/
}
void
IceSecurity::Ssl::OpenSSL::RSAKeyPair::certToByteSeq(ByteSeq& certSeq)
{
+ _publicKey->certToByteSeq(certSeq);
+
+/*
assert(_publicKey);
// Output the Public Key to a char buffer
@@ -102,26 +127,30 @@ IceSecurity::Ssl::OpenSSL::RSAKeyPair::certToByteSeq(ByteSeq& certSeq) ucharToByteSeq(publicKeyBuffer, pubKeySize, certSeq);
delete []publicKeyBuffer;
+*/
}
RSA*
IceSecurity::Ssl::OpenSSL::RSAKeyPair::getRSAPrivateKey() const
{
- return _privateKey;
+ return _privateKey->getRSAPrivateKey();
}
X509*
IceSecurity::Ssl::OpenSSL::RSAKeyPair::getX509PublicKey() const
{
- return _publicKey;
+ return _publicKey->getX509PublicKey();
}
-IceSecurity::Ssl::OpenSSL::RSAKeyPair::RSAKeyPair(RSA* rsa, X509* x509) :
+// IceSecurity::Ssl::OpenSSL::RSAKeyPair::RSAKeyPair(RSA* rsa, X509* x509) :
+
+IceSecurity::Ssl::OpenSSL::RSAKeyPair::RSAKeyPair(const RSAPrivateKeyPtr& rsa, const RSAPublicKeyPtr& x509) :
_privateKey(rsa),
_publicKey(x509)
{
}
+/*
void
IceSecurity::Ssl::OpenSSL::RSAKeyPair::byteSeqToKey(const ByteSeq& keySeq)
{
@@ -178,4 +207,5 @@ IceSecurity::Ssl::OpenSSL::RSAKeyPair::byteSeqToUChar(const ByteSeq& sequence) return ucharSeq;
}
+*/
diff --git a/cpp/src/Ice/SslRSAPrivateKey.cpp b/cpp/src/Ice/SslRSAPrivateKey.cpp new file mode 100644 index 00000000000..2029a581a7a --- /dev/null +++ b/cpp/src/Ice/SslRSAPrivateKey.cpp @@ -0,0 +1,97 @@ +// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <IceUtil/Config.h>
+#include <IceUtil/Base64.h>
+#include <Ice/SslRSAPrivateKey.h>
+#include <Ice/SslIceUtils.h>
+#include <assert.h>
+
+void ::IceInternal::incRef(::IceSecurity::Ssl::OpenSSL::RSAPrivateKey* p) { p->__incRef(); }
+void ::IceInternal::decRef(::IceSecurity::Ssl::OpenSSL::RSAPrivateKey* p) { p->__decRef(); }
+
+using std::back_inserter;
+using std::string;
+using IceUtil::Base64;
+
+IceSecurity::Ssl::OpenSSL::RSAPrivateKey::RSAPrivateKey(const string& key)
+{
+ _privateKey = 0;
+ ByteSeq keySeq = Base64::decode(key);
+ byteSeqToKey(keySeq);
+}
+
+IceSecurity::Ssl::OpenSSL::RSAPrivateKey::RSAPrivateKey(const ByteSeq& keySeq)
+{
+ _privateKey = 0;
+ byteSeqToKey(keySeq);
+}
+
+IceSecurity::Ssl::OpenSSL::RSAPrivateKey::~RSAPrivateKey()
+{
+ RSA_free(_privateKey);
+}
+
+void
+IceSecurity::Ssl::OpenSSL::RSAPrivateKey::keyToBase64(string& b64Key)
+{
+ ByteSeq keySeq;
+ keyToByteSeq(keySeq);
+ b64Key = Base64::encode(keySeq);
+}
+
+void
+IceSecurity::Ssl::OpenSSL::RSAPrivateKey::keyToByteSeq(ByteSeq& keySeq)
+{
+ assert(_privateKey);
+
+ // Output the Private Key to a char buffer
+ unsigned int privKeySize = i2d_RSAPrivateKey(_privateKey, 0);
+
+ assert(privKeySize > 0);
+
+ unsigned char* privateKeyBuffer = new unsigned char[privKeySize];
+
+ // We have to do this because i2d_RSAPrivateKey changes the pointer.
+ unsigned char* privKeyBuff = privateKeyBuffer;
+ i2d_RSAPrivateKey(_privateKey, &privKeyBuff);
+
+ IceSecurity::Ssl::ucharToByteSeq(privateKeyBuffer, privKeySize, keySeq);
+
+ delete []privateKeyBuffer;
+}
+
+RSA*
+IceSecurity::Ssl::OpenSSL::RSAPrivateKey::getRSAPrivateKey() const
+{
+ return _privateKey;
+}
+
+IceSecurity::Ssl::OpenSSL::RSAPrivateKey::RSAPrivateKey(RSA* rsa) :
+ _privateKey(rsa)
+{
+}
+
+void
+IceSecurity::Ssl::OpenSSL::RSAPrivateKey::byteSeqToKey(const ByteSeq& keySeq)
+{
+ unsigned char* privateKeyBuffer = byteSeqToUChar(keySeq);
+ assert(privateKeyBuffer);
+
+ unsigned char* privKeyBuff = privateKeyBuffer;
+ unsigned char** privKeyBuffpp = &privKeyBuff;
+ RSA** rsapp = &_privateKey;
+
+ _privateKey = d2i_RSAPrivateKey(rsapp, privKeyBuffpp, (long)keySeq.size());
+ assert(_privateKey);
+
+ delete []privateKeyBuffer;
+}
+
diff --git a/cpp/src/Ice/SslRSAPublicKey.cpp b/cpp/src/Ice/SslRSAPublicKey.cpp new file mode 100644 index 00000000000..95391cc5b5c --- /dev/null +++ b/cpp/src/Ice/SslRSAPublicKey.cpp @@ -0,0 +1,102 @@ +// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <IceUtil/Config.h>
+#include <IceUtil/Base64.h>
+#include <Ice/SslRSAPublicKey.h>
+#include <Ice/SslIceUtils.h>
+#include <assert.h>
+
+void ::IceInternal::incRef(::IceSecurity::Ssl::OpenSSL::RSAPublicKey* p) { p->__incRef(); }
+void ::IceInternal::decRef(::IceSecurity::Ssl::OpenSSL::RSAPublicKey* p) { p->__decRef(); }
+
+using std::back_inserter;
+using std::string;
+using IceUtil::Base64;
+
+IceSecurity::Ssl::OpenSSL::RSAPublicKey::RSAPublicKey(const string& cert)
+{
+ _publicKey = 0;
+
+ ByteSeq certSeq = Base64::decode(cert);
+
+ byteSeqToCert(certSeq);
+}
+
+IceSecurity::Ssl::OpenSSL::RSAPublicKey::RSAPublicKey(const ByteSeq& certSeq)
+{
+ _publicKey = 0;
+ byteSeqToCert(certSeq);
+}
+
+IceSecurity::Ssl::OpenSSL::RSAPublicKey::~RSAPublicKey()
+{
+ X509_free(_publicKey);
+}
+
+void
+IceSecurity::Ssl::OpenSSL::RSAPublicKey::certToBase64(string& b64Cert)
+{
+ ByteSeq certSeq;
+ certToByteSeq(certSeq);
+ b64Cert = Base64::encode(certSeq);
+}
+
+void
+IceSecurity::Ssl::OpenSSL::RSAPublicKey::certToByteSeq(ByteSeq& certSeq)
+{
+ assert(_publicKey);
+
+ // Output the Public Key to a char buffer
+ unsigned int pubKeySize = i2d_X509(_publicKey, 0);
+
+ assert(pubKeySize > 0);
+
+ unsigned char* publicKeyBuffer = new unsigned char[pubKeySize];
+
+ // We have to do this because i2d_X509_PUBKEY changes the pointer.
+ unsigned char* pubKeyBuff = publicKeyBuffer;
+ i2d_X509(_publicKey, &pubKeyBuff);
+
+ IceSecurity::Ssl::ucharToByteSeq(publicKeyBuffer, pubKeySize, certSeq);
+
+ delete []publicKeyBuffer;
+}
+
+X509*
+IceSecurity::Ssl::OpenSSL::RSAPublicKey::getX509PublicKey() const
+{
+ return _publicKey;
+}
+
+IceSecurity::Ssl::OpenSSL::RSAPublicKey::RSAPublicKey(X509* x509) :
+ _publicKey(x509)
+{
+}
+
+void
+IceSecurity::Ssl::OpenSSL::RSAPublicKey::byteSeqToCert(const ByteSeq& certSeq)
+{
+ unsigned char* publicKeyBuffer = byteSeqToUChar(certSeq);
+ assert(publicKeyBuffer);
+
+ // We have to do this because d2i_X509 changes the pointer.
+ unsigned char* pubKeyBuff = publicKeyBuffer;
+ unsigned char** pubKeyBuffpp = &pubKeyBuff;
+
+ X509** x509pp = &_publicKey;
+
+ _publicKey = d2i_X509(x509pp, pubKeyBuffpp, (long)certSeq.size());
+ assert(_publicKey);
+
+ delete []publicKeyBuffer;
+}
+
+
diff --git a/cpp/src/Ice/SslSystem.cpp b/cpp/src/Ice/SslSystem.cpp index 1a18ebb5087..c8b2528875a 100644 --- a/cpp/src/Ice/SslSystem.cpp +++ b/cpp/src/Ice/SslSystem.cpp @@ -11,63 +11,54 @@ #include <string> #include <Ice/SslSystem.h> -using namespace std;
+using namespace std; using IceSecurity::Ssl::CertificateVerifierPtr; +using Ice::LoggerPtr; +using Ice::PropertiesPtr; +using IceInternal::TraceLevelsPtr; void ::IceInternal::incRef(::IceSecurity::Ssl::System* p) { p->__incRef(); } void ::IceInternal::decRef(::IceSecurity::Ssl::System* p) { p->__decRef(); } -
-//
-// Public Methods
-//
-
-void
-IceSecurity::Ssl::System::setServerCertificateVerifier(const CertificateVerifierPtr& serverVerifier)
-{
- _serverVerifier = serverVerifier;
-}
-
-void
-IceSecurity::Ssl::System::setClientCertificateVerifier(const CertificateVerifierPtr& clientVerifier)
-{
- _clientVerifier = clientVerifier;
-}
-
-void
-IceSecurity::Ssl::System::setTrace(const TraceLevelsPtr& traceLevels)
-{
- _traceLevels = traceLevels;
-}
-
-bool
-IceSecurity::Ssl::System::isTraceSet() const
-{
- return _traceLevels;
-}
-
-void
-IceSecurity::Ssl::System::setLogger(const LoggerPtr& traceLevels)
-{
- _logger = traceLevels;
-}
-
-bool
-IceSecurity::Ssl::System::isLoggerSet() const
-{
- return _logger;
-}
-
-void
-IceSecurity::Ssl::System::setProperties(const PropertiesPtr& properties)
-{
- _properties = properties;
-}
-
-bool
-IceSecurity::Ssl::System::isPropertiesSet() const
-{
- return _properties;
-}
+ +// +// Public Methods +// + +void +IceSecurity::Ssl::System::setTrace(const TraceLevelsPtr& traceLevels) +{ + _traceLevels = traceLevels; +} + +bool +IceSecurity::Ssl::System::isTraceSet() const +{ + return _traceLevels; +} + +void +IceSecurity::Ssl::System::setLogger(const LoggerPtr& traceLevels) +{ + _logger = traceLevels; +} + +bool +IceSecurity::Ssl::System::isLoggerSet() const +{ + return _logger; +} + +void +IceSecurity::Ssl::System::setProperties(const PropertiesPtr& properties) +{ + _properties = properties; +} + +bool +IceSecurity::Ssl::System::isPropertiesSet() const +{ + return _properties; +} // // Protected Methods diff --git a/cpp/src/Ice/SslSystem.h b/cpp/src/Ice/SslSystem.h index e860fa337aa..a92b9833e0e 100644 --- a/cpp/src/Ice/SslSystem.h +++ b/cpp/src/Ice/SslSystem.h @@ -15,7 +15,7 @@ #include <IceUtil/Shared.h> #include <Ice/SslConnectionF.h> #include <Ice/Properties.h> -#include <Ice/SslSystemF.h>
+#include <Ice/SslSystemF.h> #include <Ice/SslCertificateVerifierF.h> #include <Ice/TraceLevels.h> #include <Ice/LoggerF.h> @@ -26,15 +26,9 @@ namespace IceSecurity namespace Ssl { -using std::string; -using Ice::LoggerPtr; -using IceInternal::TraceLevelsPtr; -using Ice::PropertiesPtr; -using IceUtil::Shared; - class Factory; -class System : public Shared +class System : public IceUtil::Shared { public: @@ -43,18 +37,24 @@ public: virtual void shutdown() = 0; virtual Connection* createServerConnection(int) = 0; - virtual Connection* createClientConnection(int) = 0;
-
- virtual void setServerCertificateVerifier(const CertificateVerifierPtr&); - virtual void setClientCertificateVerifier(const CertificateVerifierPtr&);
+ virtual Connection* createClientConnection(int) = 0; + + virtual void setServerCertificateVerifier(const CertificateVerifierPtr&) = 0; + virtual void setClientCertificateVerifier(const CertificateVerifierPtr&) = 0; + + virtual void setServerCertAuthorityCertificate(const std::string&) = 0; + virtual void setClientCertAuthorityCertificate(const std::string&) = 0; + + virtual void setServerRSAKeysBase64(const std::string&, const std::string&) = 0; + virtual void setClientRSAKeysBase64(const std::string&, const std::string&) = 0; - virtual void setTrace(const TraceLevelsPtr&); + virtual void setTrace(const IceInternal::TraceLevelsPtr&); bool isTraceSet() const; - virtual void setLogger(const LoggerPtr&); + virtual void setLogger(const Ice::LoggerPtr&); bool isLoggerSet() const; - void setProperties(const PropertiesPtr&); + void setProperties(const Ice::PropertiesPtr&); bool isPropertiesSet() const; protected: @@ -62,11 +62,9 @@ protected: System(); virtual ~System(); - TraceLevelsPtr _traceLevels; - LoggerPtr _logger; - PropertiesPtr _properties;
- CertificateVerifierPtr _clientVerifier; - CertificateVerifierPtr _serverVerifier;
+ IceInternal::TraceLevelsPtr _traceLevels; + Ice::LoggerPtr _logger; + Ice::PropertiesPtr _properties; friend class Factory; }; diff --git a/cpp/src/Ice/SslSystemOpenSSL.cpp b/cpp/src/Ice/SslSystemOpenSSL.cpp index b7013614d4b..c3ac40dd945 100644 --- a/cpp/src/Ice/SslSystemOpenSSL.cpp +++ b/cpp/src/Ice/SslSystemOpenSSL.cpp @@ -28,20 +28,23 @@ #include <openssl/err.h> #include <openssl/e_os.h> #include <openssl/rand.h> -#include <Ice/OpenSSL.h>
+#include <Ice/OpenSSL.h> #include <Ice/SslSystem.h> #include <Ice/SecurityException.h> #include <Ice/SslConnectionOpenSSLClient.h> #include <Ice/SslConnectionOpenSSLServer.h> -#include <Ice/SslConfig.h>
-#include <Ice/SslRSAKeyPair.h>
-#include <Ice/SslJanitors.h>
+#include <Ice/SslConfig.h> +#include <Ice/SslRSAKeyPair.h> +#include <Ice/SslRSAPublicKey.h> +#include <Ice/SslJanitors.h> #include <Ice/SslCertificateVerifierOpenSSL.h> #include <Ice/TraceLevels.h> #include <Ice/Logger.h> using namespace std; +using IceInternal::TraceLevelsPtr; +using Ice::LoggerPtr; namespace IceSecurity { @@ -84,7 +87,7 @@ unsigned char System::_tempDiffieHellman512g[] = // will initialize these. NOTE: If we SHOULD have multiple loggers // going on simultaneously, this will definitely cause a problem. TraceLevelsPtr System::_globalTraceLevels = 0; -Ice::LoggerPtr System::_globalLogger = 0; +LoggerPtr System::_globalLogger = 0; } @@ -103,7 +106,7 @@ tmpRSACallback(SSL *s, int isExport, int keyLength) { IceSecurity::Ssl::SystemPtr sslSystem = IceSecurity::Ssl::Factory::getSystemFromHandle(s); - IceSecurity::Ssl::OpenSSL::System* openSslSystem = 0;
+ IceSecurity::Ssl::OpenSSL::System* openSslSystem = 0; openSslSystem = dynamic_cast<IceSecurity::Ssl::OpenSSL::System*>(sslSystem.get()); RSA* rsaKey = openSslSystem->getRSAKey(s, isExport, keyLength); @@ -116,7 +119,7 @@ tmpDHCallback(SSL *s, int isExport, int keyLength) { IceSecurity::Ssl::SystemPtr sslSystem = IceSecurity::Ssl::Factory::getSystemFromHandle(s); - IceSecurity::Ssl::OpenSSL::System* openSslSystem = 0;
+ IceSecurity::Ssl::OpenSSL::System* openSslSystem = 0; openSslSystem = dynamic_cast<IceSecurity::Ssl::OpenSSL::System*>(sslSystem.get()); DH* dh = openSslSystem->getDHParams(s, isExport, keyLength); @@ -128,18 +131,30 @@ tmpDHCallback(SSL *s, int isExport, int keyLength) int verifyCallback(int ok, X509_STORE_CTX *ctx) { - // Tricky method to get access to our connection. I would use SSL_get_ex_data() to get
- // the Connection object, if only I had some way to retrieve the index of the object
- // in this function. Hence, we have to invent our own reference system here.
- SSL* ssl = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
- IceSecurity::Ssl::OpenSSL::ConnectionPtr connection = 0;
- connection = IceSecurity::Ssl::OpenSSL::Connection::getConnection(ssl);
- assert(connection);
-
- // Call the connection, get it to perform the verification.
+ // Tricky method to get access to our connection. I would use SSL_get_ex_data() to get + // the Connection object, if only I had some way to retrieve the index of the object + // in this function. Hence, we have to invent our own reference system here. + SSL* ssl = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); + IceSecurity::Ssl::OpenSSL::ConnectionPtr connection = 0; + connection = IceSecurity::Ssl::OpenSSL::Connection::getConnection(ssl); + assert(connection); + + // Call the connection, get it to perform the verification. return connection->verifyCertificate(ok, ctx); } +// TODO: This is a complete hack to get this working again with the CA certificate. +// Of course, this will have to be rewritten to handle this in the same manner +// as the verifyCallback does. +// -ASN +int +passwordCallback(char* buffer, int bufferSize, int rwFlag, void* userData) +{ + strncpy(buffer, "demo", bufferSize); + buffer[bufferSize - 1] = '\0'; + return strlen(buffer); +} + // This code duplicates functionality that existed in the BIO library of // OpenSSL, but outputs to a Logger compatible source (ostringstream). void @@ -236,21 +251,21 @@ bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) { ostringstream outStringStream; + outStringStream << "PTC "; + if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { - outStringStream << "PTC "; outStringStream << "read from " << hex << (void *)bio << " [" << hex << (void *)argp; outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x"; outStringStream << hex << ret << "))"; - dump(outStringStream, argp,(int)ret); +// dump(outStringStream, argp,(int)ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { - outStringStream << "PTC "; outStringStream << "write to " << hex << (void *)bio << " [" << hex << (void *)argp; outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x"; outStringStream << hex << ret << "))"; - dump(outStringStream, argp,(int)ret); + // dump(outStringStream, argp,(int)ret); } if (cmd == (BIO_CB_READ|BIO_CB_RETURN) || cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) @@ -352,48 +367,50 @@ IceSecurity::Ssl::OpenSSL::System::shutdown() iDH++; } } -
-void
-IceSecurity::Ssl::OpenSSL::System::setTrace(const TraceLevelsPtr& traceLevels)
-{
- // Note: Due to a known bug with VC++, I cannot simply call the base-class
- // implementation here, I get a C2352 error about calling a static function.
- _traceLevels = traceLevels;
-
- DefaultCertificateVerifier* clientVerifier = dynamic_cast<DefaultCertificateVerifier*>(_clientVerifier.get());
- DefaultCertificateVerifier* serverVerifier = dynamic_cast<DefaultCertificateVerifier*>(_serverVerifier.get());
-
- if (clientVerifier)
- {
- clientVerifier->setTraceLevels(traceLevels);
- }
-
- if (serverVerifier)
- {
- serverVerifier->setTraceLevels(traceLevels);
- }
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::setLogger(const LoggerPtr& logger)
-{
- // Note: Due to a known bug with VC++, I cannot simply call the base-class
- // implementation here, I get a C2352 error about calling a static function.
- _logger = logger;
-
- DefaultCertificateVerifier* clientVerifier = dynamic_cast<DefaultCertificateVerifier*>(_clientVerifier.get());
- DefaultCertificateVerifier* serverVerifier = dynamic_cast<DefaultCertificateVerifier*>(_serverVerifier.get());
-
- if (clientVerifier)
- {
- clientVerifier->setLogger(logger);
- }
-
- if (serverVerifier)
- {
- serverVerifier->setLogger(logger);
- }
-}
+ +void +IceSecurity::Ssl::OpenSSL::System::setTrace(const TraceLevelsPtr& traceLevels) +{ + // Note: Due to a known bug with VC++, I cannot simply call the base-class + // implementation here, I get a C2352 error about calling a static function. + // Bug# Q153801 + _traceLevels = traceLevels; + + DefaultCertificateVerifier* clientVerifier = dynamic_cast<DefaultCertificateVerifier*>(_clientVerifier.get()); + DefaultCertificateVerifier* serverVerifier = dynamic_cast<DefaultCertificateVerifier*>(_serverVerifier.get()); + + if (clientVerifier) + { + clientVerifier->setTraceLevels(traceLevels); + } + + if (serverVerifier) + { + serverVerifier->setTraceLevels(traceLevels); + } +} + +void +IceSecurity::Ssl::OpenSSL::System::setLogger(const LoggerPtr& logger) +{ + // Note: Due to a known bug with VC++, I cannot simply call the base-class + // implementation here, I get a C2352 error about calling a static function. + // Bug# Q153801 + _logger = logger; + + DefaultCertificateVerifier* clientVerifier = dynamic_cast<DefaultCertificateVerifier*>(_clientVerifier.get()); + DefaultCertificateVerifier* serverVerifier = dynamic_cast<DefaultCertificateVerifier*>(_serverVerifier.get()); + + if (clientVerifier) + { + clientVerifier->setLogger(logger); + } + + if (serverVerifier) + { + serverVerifier->setLogger(logger); + } +} bool IceSecurity::Ssl::OpenSSL::System::isConfigLoaded() @@ -429,8 +446,8 @@ IceSecurity::Ssl::OpenSSL::System::loadConfig() // Walk the parse tree, get the Client configuration. if (sslConfig.loadClientConfig(clientGeneral, clientCertAuth, clientBaseCerts)) { - if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
- {
+ if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) + { ostringstream s; s << endl; @@ -438,11 +455,14 @@ IceSecurity::Ssl::OpenSSL::System::loadConfig() s << "------------------------------" << endl; s << clientGeneral << endl << endl; + s << "CA File: " << clientCertAuth.getCAFileName() << endl; + s << "CA Path: " << clientCertAuth.getCAPath() << endl; + s << "Base Certificates - Client" << endl; s << "--------------------------" << endl; s << clientBaseCerts << endl; - _logger->trace(_traceLevels->securityCat, s.str());
+ _logger->trace(_traceLevels->securityCat, s.str()); } initClient(clientGeneral, clientCertAuth, clientBaseCerts); @@ -456,8 +476,8 @@ IceSecurity::Ssl::OpenSSL::System::loadConfig() // Walk the parse tree, get the Server configuration. if (sslConfig.loadServerConfig(serverGeneral, serverCertAuth, serverBaseCerts, serverTempCerts)) { - if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
- {
+ if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) + { ostringstream s; s << endl; @@ -465,6 +485,9 @@ IceSecurity::Ssl::OpenSSL::System::loadConfig() s << "------------------------------" << endl; s << serverGeneral << endl << endl; + s << "CA File: " << serverCertAuth.getCAFileName() << endl; + s << "CA Path: " << serverCertAuth.getCAPath() << endl; + s << "Base Certificates - Server" << endl; s << "--------------------------" << endl; s << serverBaseCerts << endl << endl; @@ -473,11 +496,13 @@ IceSecurity::Ssl::OpenSSL::System::loadConfig() s << "--------------------------" << endl; s << serverTempCerts << endl; - _logger->trace(_traceLevels->securityCat, s.str());
+ _logger->trace(_traceLevels->securityCat, s.str()); } initServer(serverGeneral, serverCertAuth, serverBaseCerts, serverTempCerts); } + + _configLoaded = true; } RSA* @@ -597,6 +622,99 @@ IceSecurity::Ssl::OpenSSL::System::getDHParams(SSL *s, int isExport, int keyLeng return dh_tmp; } +IceSecurity::Ssl::OpenSSL::CertificateVerifierPtr +IceSecurity::Ssl::OpenSSL::System::certificateVerifierTypeCheck(const IceSecurity::Ssl::CertificateVerifierPtr& verifier) +{ + // IceSecurity::Ssl::CertificateVerifier* passedVerifier = verifier.get(); + // IceSecurity::Ssl::OpenSSL::CertificateVerifier* castVerifier; + // castVerifier = dynamic_cast<IceSecurity::Ssl::OpenSSL::CertificateVerifier*>(passedVerifier); + + IceSecurity::Ssl::OpenSSL::CertificateVerifierPtr castVerifier; + castVerifier = IceSecurity::Ssl::OpenSSL::CertificateVerifierPtr::dynamicCast(verifier); + + if (!castVerifier.get()) + { + IceSecurity::Ssl::CertificateVerifierTypeException cvtEx(__FILE__, __LINE__); + throw cvtEx; + } + + return castVerifier; +} + +void +IceSecurity::Ssl::OpenSSL::System::setServerCertificateVerifier(const IceSecurity::Ssl::CertificateVerifierPtr& serverVerifier) +{ + _serverVerifier = certificateVerifierTypeCheck(serverVerifier); +} + +void +IceSecurity::Ssl::OpenSSL::System::setClientCertificateVerifier(const IceSecurity::Ssl::CertificateVerifierPtr& clientVerifier) +{ + _clientVerifier = certificateVerifierTypeCheck(clientVerifier); +} + +void +IceSecurity::Ssl::OpenSSL::System::setServerCertAuthorityCertificate(const string& caCertString) +{ + if (_sslServerContext == 0) + { + ContextException contextEx(__FILE__, __LINE__); + + contextEx._message = "Server context has not been set up - "; + contextEx._message += "please specify an SSL server configuration file."; + + throw contextEx; + } + + assert(_sslClientContext); + + RSAPublicKey pubKey(caCertString); + + X509_STORE* certStore = SSL_CTX_get_cert_store(_sslServerContext); + + int addedCertAuthorityCert = X509_STORE_add_cert(certStore, pubKey.getX509PublicKey()); + + assert(addedCertAuthorityCert != 0); +} + +void +IceSecurity::Ssl::OpenSSL::System::setClientCertAuthorityCertificate(const string& caCertString) +{ + if (_sslClientContext == 0) + { + ContextException contextEx(__FILE__, __LINE__); + + contextEx._message = "Client context has not been set up - "; + contextEx._message += "please specify an SSL client configuration file."; + + throw contextEx; + } + + assert(_sslClientContext); + + RSAPublicKey pubKey(caCertString); + + X509_STORE* certStore = SSL_CTX_get_cert_store(_sslClientContext); + + int addedCertAuthorityCert = X509_STORE_add_cert(certStore, pubKey.getX509PublicKey()); + + assert(addedCertAuthorityCert != 0); +} + +void +IceSecurity::Ssl::OpenSSL::System::setServerRSAKeysBase64(const std::string& privateKey, const std::string& publicKey) +{ + assert(_sslServerContext); + addKeyCert(_sslServerContext, privateKey, publicKey); +} + +void +IceSecurity::Ssl::OpenSSL::System::setClientRSAKeysBase64(const std::string& privateKey, const std::string& publicKey) +{ + assert(_sslClientContext); + addKeyCert(_sslClientContext, privateKey, publicKey); +} + // // Protected // @@ -610,12 +728,12 @@ IceSecurity::Ssl::OpenSSL::System::System() _randSeeded = 0; _sslServerContext = 0; _sslClientContext = 0; -
- // Here we create a default verifier, which does very little other
- // than check the verification depth. This can be overridden.
- _clientVerifier = new DefaultCertificateVerifier();
- _serverVerifier = _clientVerifier;
-
+ + // Here we create a default verifier, which does very little other + // than check the verification depth. This can be overridden. + _clientVerifier = new DefaultCertificateVerifier(); + _serverVerifier = _clientVerifier; + SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); @@ -666,7 +784,7 @@ IceSecurity::Ssl::OpenSSL::System::initClient(GeneralConfig& general, // Set the certificate verification mode. SSL_CTX_set_verify(_sslClientContext, general.getVerifyMode(), verifyCallback); - // Set the certificate verify depth to 10 deep. + // Set the certificate verify depth SSL_CTX_set_verify_depth(_sslClientContext, general.getVerifyDepth()); // Process the RSA Certificate @@ -747,8 +865,8 @@ IceSecurity::Ssl::OpenSSL::System::initServer(GeneralConfig& general, SSL_CTX_set_verify(_sslServerContext, general.getVerifyMode(), verifyCallback); // Set the certificate verify depth - SSL_CTX_set_verify_depth(_sslServerContext, general.getVerifyDepth());
-
+ SSL_CTX_set_verify_depth(_sslServerContext, general.getVerifyDepth()); + // Set the default context for the SSL system (can be overridden if needed) [SERVER ONLY]. SSL_CTX_set_session_id_context(_sslServerContext, reinterpret_cast<const unsigned char *>(_sessionContext.c_str()), @@ -789,15 +907,15 @@ IceSecurity::Ssl::OpenSSL::System::getSslMethod(SslProtocol sslVersion) default : { - if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
- {
- string errorString;
-
- errorString = "SSL Version ";
- errorString += sslVersion;
- errorString += " not supported - defaulting to SSL_V23.";
- _logger->trace(_traceLevels->securityCat, "WRN " + errorString);
- }
+ if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) + { + string errorString; + + errorString = "SSL Version "; + errorString += sslVersion; + errorString += " not supported - defaulting to SSL_V23."; + _logger->trace(_traceLevels->securityCat, "WRN " + errorString); + } sslMethod = SSLv23_method(); } @@ -845,10 +963,10 @@ IceSecurity::Ssl::OpenSSL::System::addKeyCert(SSL_CTX* sslContext, if (privateKey.getFileName().empty()) { - if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN No private key specified - using the certificate.");
- }
+ if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) + { + _logger->trace(_traceLevels->securityCat, "WRN No private key specified - using the certificate."); + } privKeyFile = publicFile; privKeyFileType = publicEncoding; @@ -896,21 +1014,21 @@ IceSecurity::Ssl::OpenSSL::System::addKeyCert(SSL_CTX* sslContext, if (privKey.empty()) { - if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN No private key specified - using the certificate.");
- }
+ if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) + { + _logger->trace(_traceLevels->securityCat, "WRN No private key specified - using the certificate."); + } privKey = publicKey; } -
- // Make a key pair based on the Base64 encoded strings
- RSAKeyPair keyPair(privateKey, publicKey);
-
- // Janitors to ensure that everything gets cleaned up properly
- RSAJanitor rsaJanitor(keyPair.getRSAPrivateKey());
- X509Janitor x509Janitor(keyPair.getX509PublicKey());
-
+ + // Make a key pair based on the Base64 encoded strings + RSAKeyPair keyPair(privateKey, publicKey); + + // Janitors to ensure that everything gets cleaned up properly + RSAJanitor rsaJanitor(keyPair.getRSAPrivateKey()); + X509Janitor x509Janitor(keyPair.getX509PublicKey()); + // Set which Public Key file to use. if (SSL_CTX_use_certificate(sslContext, x509Janitor.get()) <= 0) { @@ -928,6 +1046,8 @@ IceSecurity::Ssl::OpenSSL::System::addKeyCert(SSL_CTX* sslContext, throw contextEx; } + x509Janitor.clear(); + // Set which Private Key file to use. if (SSL_CTX_use_RSAPrivateKey(sslContext, rsaJanitor.get()) <= 0) { @@ -944,7 +1064,9 @@ IceSecurity::Ssl::OpenSSL::System::addKeyCert(SSL_CTX* sslContext, throw contextEx; } -
+ + rsaJanitor.clear(); + // Check to see if the Private and Public keys that have been // set against the SSL context match up. if (!SSL_CTX_check_private_key(sslContext)) @@ -1032,7 +1154,7 @@ IceSecurity::Ssl::OpenSSL::System::sslGetErrors() } void -IceSecurity::Ssl::OpenSSL::System::commonConnectionSetup(Connection* connection) +IceSecurity::Ssl::OpenSSL::System::commonConnectionSetup(IceSecurity::Ssl::OpenSSL::Connection* connection) { connection->setTrace(_traceLevels); connection->setLogger(_logger); @@ -1044,8 +1166,7 @@ IceSecurity::Ssl::OpenSSL::System::commonConnectionSetup(Connection* connection) if (!value.empty()) { - // const_cast<int&>(handshakeReadTimeout) = atoi(value.c_str()); - handshakeReadTimeout = atoi(value.c_str());
+ handshakeReadTimeout = atoi(value.c_str()); } else { @@ -1073,19 +1194,13 @@ IceSecurity::Ssl::OpenSSL::System::createConnection(SSL_CTX* sslContext, int soc BIO_set_callback_arg(SSL_get_rbio(sslConnection), 0); } - // TODO: Remove?
- // Map the SSL Connection to this SslSystem - // This is required for the OpenSSL callbacks - // to work properly. - // Factory::addSystemHandle(sslConnection, this); - return sslConnection; } void IceSecurity::Ssl::OpenSSL::System::loadCAFiles(SSL_CTX* sslContext, CertificateAuthority& certAuth) -{
- assert(sslContext);
+{ + assert(sslContext); string caFile = certAuth.getCAFileName(); string caPath = certAuth.getCAPath(); @@ -1097,7 +1212,7 @@ void IceSecurity::Ssl::OpenSSL::System::loadCAFiles(SSL_CTX* sslContext, const char* caFile, const char* caPath) { assert(sslContext); -
+ // The following checks are required to send the expected values to the OpenSSL library. // It does not like receiving "", but prefers NULLs. if ((caFile != 0) && (strlen(caFile) == 0)) @@ -1110,15 +1225,27 @@ IceSecurity::Ssl::OpenSSL::System::loadCAFiles(SSL_CTX* sslContext, const char* caPath = 0; } + // SSL_CTX_set_default_passwd_cb(sslContext, passwordCallback); + // Check the Certificate Authority file(s). - if ((!SSL_CTX_load_verify_locations(sslContext, caFile, caPath)) || - (!SSL_CTX_set_default_verify_paths(sslContext))) + int loadVerifyRet = SSL_CTX_load_verify_locations(sslContext, caFile, caPath); + + if (!loadVerifyRet) + { + if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) + { + _logger->trace(_traceLevels->securityCat, "WRN Unable to load Certificate Authorities."); + } + } + else { - // Non Fatal. - if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN Unable to load/verify Certificate Authorities.");
- }
+ int setDefaultVerifyPathsRet = SSL_CTX_set_default_verify_paths(sslContext); + + + if (!setDefaultVerifyPathsRet && (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)) + { + _logger->trace(_traceLevels->securityCat, "WRN Unable to verify Certificate Authorities."); + } } } @@ -1126,22 +1253,33 @@ void IceSecurity::Ssl::OpenSSL::System::loadAndCheckCAFiles(SSL_CTX* sslContext, CertificateAuthority& certAuth) { assert(sslContext); -
+ string caFile = certAuth.getCAFileName(); string caPath = certAuth.getCAPath(); // Check the Certificate Authority file(s). loadCAFiles(sslContext, caFile.c_str(), caPath.c_str()); - if (!caPath.empty()) + // NOTE: This might require some cleaning up. + string caCertBase64 = _properties->getProperty("Ice.Security.Ssl.Overrides.Server.CACertificate"); + if (!caCertBase64.empty()) + { + setServerCertAuthorityCertificate(caCertBase64); + } + + // TODO: Check this if things stop working + if (!caFile.empty()) { STACK_OF(X509_NAME)* certNames = SSL_load_client_CA_file(caFile.c_str()); - if ((certNames == 0) && (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)) + if (certNames == 0) { - string errorString = "Unable to load Certificate Authorities certificate names from " + caFile + ".\n"; - errorString += sslGetErrors(); - _logger->trace(_traceLevels->securityCat, "WRN " + errorString);
+ if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) + { + string errorString = "Unable to load Certificate Authorities certificate names from " + caFile + ".\n"; + errorString += sslGetErrors(); + _logger->trace(_traceLevels->securityCat, "WRN " + errorString); + } } else { @@ -1153,7 +1291,7 @@ IceSecurity::Ssl::OpenSSL::System::loadAndCheckCAFiles(SSL_CTX* sslContext, Cert DH* IceSecurity::Ssl::OpenSSL::System::loadDHParam(const char* dhfile) { - assert(dhfile);
+ assert(dhfile); DH* ret = 0; BIO* bio; @@ -1207,6 +1345,8 @@ IceSecurity::Ssl::OpenSSL::System::setDHParams(SSL_CTX* sslContext, BaseCertific string dhFile; int encoding = 0; + // TODO: This just looks plain wrong. RSA instead of DH params??? -ASN + if (baseCerts.getDHParams().getKeySize() != 0) { dhFile = baseCerts.getDHParams().getFileName(); @@ -1229,11 +1369,11 @@ IceSecurity::Ssl::OpenSSL::System::setDHParams(SSL_CTX* sslContext, BaseCertific if (dh == 0) { - if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat,
- "WRN Could not load Diffie-Hellman params, generating a temporary 512bit key.");
- }
+ if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) + { + _logger->trace(_traceLevels->securityCat, + "WRN Could not load Diffie-Hellman params, generating a temporary 512bit key."); + } dh = getTempDH512(); } @@ -1249,12 +1389,12 @@ IceSecurity::Ssl::OpenSSL::System::setDHParams(SSL_CTX* sslContext, BaseCertific void IceSecurity::Ssl::OpenSSL::System::setCipherList(SSL_CTX* sslContext, const string& cipherList) { - if (!cipherList.empty() && (!SSL_CTX_set_cipher_list(sslContext, cipherList.c_str())) &&
+ if (!cipherList.empty() && (!SSL_CTX_set_cipher_list(sslContext, cipherList.c_str())) && (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)) { string errorString = "WRN Error setting cipher list " + cipherList + " - using default list.\n"; errorString += sslGetErrors(); - _logger->trace(_traceLevels->securityCat, errorString);
+ _logger->trace(_traceLevels->securityCat, errorString); } } @@ -1335,11 +1475,11 @@ IceSecurity::Ssl::OpenSSL::System::initRandSystem(const string& randBytesFiles) { long randBytesLoaded = 0; - if (!seedRand() && randBytesFiles.empty() && !RAND_status() &&
+ if (!seedRand() && randBytesFiles.empty() && !RAND_status() && (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)) { - _logger->trace(_traceLevels->securityCat,
- "WRN There is a lack of random data, consider specifying a random data file.");
+ _logger->trace(_traceLevels->securityCat, + "WRN There is a lack of random data, consider specifying a random data file."); } if (!randBytesFiles.empty()) diff --git a/cpp/src/Ice/SslSystemOpenSSL.h b/cpp/src/Ice/SslSystemOpenSSL.h index 0f26a9876c7..6eb1c1f41ea 100644 --- a/cpp/src/Ice/SslSystemOpenSSL.h +++ b/cpp/src/Ice/SslSystemOpenSSL.h @@ -42,6 +42,7 @@ enum SslProtocol #include <Ice/SslCertificateAuthority.h> #include <Ice/SslBaseCerts.h> #include <Ice/SslTempCerts.h> +#include <Ice/SslConnectionOpenSSL.h> extern "C" { @@ -60,18 +61,12 @@ class GeneralConfig; namespace OpenSSL { -using namespace Ice; -using namespace IceSecurity::Ssl; +typedef std::map<int,RSA*> RSAMap; +typedef std::map<int,DH*> DHMap; -using std::map; -using std::string; - -typedef map<int,RSA*> RSAMap; -typedef map<int,DH*> DHMap; - -typedef map<int,CertificateDesc> RSACertMap; -typedef map<int,CertificateDesc> DSACertMap; -typedef map<int,DiffieHellmanParamsFile> DHParamsMap; +typedef std::map<int,CertificateDesc> RSACertMap; +typedef std::map<int,CertificateDesc> DSACertMap; +typedef std::map<int,DiffieHellmanParamsFile> DHParamsMap; class System : public IceSecurity::Ssl::System { @@ -86,9 +81,9 @@ public: // Shuts down the SSL System. virtual void shutdown(); - virtual void setTrace(const TraceLevelsPtr&);
- virtual void setLogger(const LoggerPtr&);
-
+ virtual void setTrace(const IceInternal::TraceLevelsPtr&); + virtual void setLogger(const Ice::LoggerPtr&); + virtual bool isConfigLoaded(); virtual void loadConfig(); @@ -103,7 +98,17 @@ public: // This is public because the tmpDHCallback must be able to access it. DH* getDHParams(SSL*, int, int); - static TraceLevelsPtr _globalTraceLevels; + CertificateVerifierPtr certificateVerifierTypeCheck(const IceSecurity::Ssl::CertificateVerifierPtr&); + virtual void setServerCertificateVerifier(const IceSecurity::Ssl::CertificateVerifierPtr&); + virtual void setClientCertificateVerifier(const IceSecurity::Ssl::CertificateVerifierPtr&); + + virtual void setServerCertAuthorityCertificate(const std::string&); + virtual void setClientCertAuthorityCertificate(const std::string&); + + virtual void setServerRSAKeysBase64(const std::string&, const std::string&); + virtual void setClientRSAKeysBase64(const std::string&, const std::string&); + + static IceInternal::TraceLevelsPtr _globalTraceLevels; static Ice::LoggerPtr _globalLogger; protected: @@ -113,6 +118,9 @@ protected: private: + CertificateVerifierPtr _clientVerifier; + CertificateVerifierPtr _serverVerifier; + // Base Diffie-Hellman 512bit key (only to be used for key exchange). static unsigned char _tempDiffieHellman512p[]; static unsigned char _tempDiffieHellman512g[]; @@ -137,53 +145,57 @@ private: DHParamsMap _tempDHParamsFileMap; // The Session ID Context (Server Only). - string _sessionContext; + std::string _sessionContext; // Flag as to whether the Random Number system has been seeded. int _randSeeded; bool _configLoaded; - void setKeyCert(SSL_CTX*, const CertificateDesc&, const string&, const string&); + void setKeyCert(SSL_CTX*, const IceSecurity::Ssl::CertificateDesc&, + const std::string&, const std::string&); // Call to initialize the SSL system. - void initClient(GeneralConfig&, CertificateAuthority&, BaseCertificates&); - void initServer(GeneralConfig&, CertificateAuthority&, BaseCertificates&, TempCertificates&); + void initClient(IceSecurity::Ssl::GeneralConfig&, IceSecurity::Ssl::CertificateAuthority&, + IceSecurity::Ssl::BaseCertificates&); + void initServer(IceSecurity::Ssl::GeneralConfig&, IceSecurity::Ssl::CertificateAuthority&, + IceSecurity::Ssl::BaseCertificates&, IceSecurity::Ssl::TempCertificates&); SSL_METHOD* getSslMethod(SslProtocol); - void processCertificate(SSL_CTX*, const CertificateDesc&); - void addKeyCert(SSL_CTX*, const CertificateFile&, const CertificateFile&); - void addKeyCert(SSL_CTX*, const string&, const string&); + void processCertificate(SSL_CTX*, const IceSecurity::Ssl::CertificateDesc&); + void addKeyCert(SSL_CTX*, const IceSecurity::Ssl::CertificateFile&, + const IceSecurity::Ssl::CertificateFile&); + void addKeyCert(SSL_CTX*, const std::string&, const std::string&); - SSL_CTX* createContext(SslProtocol); + SSL_CTX* createContext(IceSecurity::Ssl::SslProtocol); // Retrieves errors from the OpenSSL library. - string sslGetErrors(); + std::string sslGetErrors(); - void commonConnectionSetup(Connection*); + void commonConnectionSetup(IceSecurity::Ssl::OpenSSL::Connection*); // Create a connection. SSL* createConnection(SSL_CTX*, int); // Methods for loading CAFiles into a Context. - void loadCAFiles(SSL_CTX*, CertificateAuthority&); + void loadCAFiles(SSL_CTX*, IceSecurity::Ssl::CertificateAuthority&); void loadCAFiles(SSL_CTX*, const char*, const char*); - void loadAndCheckCAFiles(SSL_CTX*, CertificateAuthority&); + void loadAndCheckCAFiles(SSL_CTX*, IceSecurity::Ssl::CertificateAuthority&); DH* loadDHParam(const char *); DH* getTempDH(unsigned char*, int, unsigned char*, int); DH* getTempDH512(); - void setDHParams(SSL_CTX*, BaseCertificates&); + void setDHParams(SSL_CTX*, IceSecurity::Ssl::BaseCertificates&); - void setCipherList(SSL_CTX*, const string&); + void setCipherList(SSL_CTX*, const std::string&); // Cryptographic Random Number System related routines. int seedRand(); - long loadRandFiles(const string&); - void initRandSystem(const string&); + long loadRandFiles(const std::string&); + void initRandSystem(const std::string&); - void loadTempCerts(TempCertificates&); + void loadTempCerts(IceSecurity::Ssl::TempCertificates&); friend class IceSecurity::Ssl::Factory; friend class Connection; diff --git a/cpp/src/Ice/SslTempCerts.h b/cpp/src/Ice/SslTempCerts.h index a150673909b..a0fc4160489 100644 --- a/cpp/src/Ice/SslTempCerts.h +++ b/cpp/src/Ice/SslTempCerts.h @@ -41,8 +41,6 @@ protected: DHVector _dhParams; }; -using std::endl; - template<class Stream> inline Stream& operator << (Stream& target, TempCertificates& tmpCerts) { @@ -51,9 +49,9 @@ inline Stream& operator << (Stream& target, TempCertificates& tmpCerts) while (iRSA != eRSA) { - target << "RSA" << endl << "{" << endl; + target << "RSA" << std::endl << "{" << std::endl; target << *iRSA; - target << "}" << endl << endl; + target << "}" << std::endl << std::endl; iRSA++; } @@ -62,9 +60,9 @@ inline Stream& operator << (Stream& target, TempCertificates& tmpCerts) while (iDSA != eDSA) { - target << "DSA" << endl << "{" << endl; + target << "DSA" << std::endl << "{" << std::endl; target << *iDSA; - target << "}" << endl << endl; + target << "}" << std::endl << std::endl; iDSA++; } @@ -73,9 +71,9 @@ inline Stream& operator << (Stream& target, TempCertificates& tmpCerts) while (iDHP != eDHP) { - target << "DH" << endl << "{" << endl; + target << "DH" << std::endl << "{" << std::endl; target << *iDHP; - target << "}" << endl << endl; + target << "}" << std::endl << std::endl; iDHP++; } diff --git a/cpp/src/IcePack/.depend b/cpp/src/IcePack/.depend index e3373f0d083..8eefcaeb920 100644 --- a/cpp/src/IcePack/.depend +++ b/cpp/src/IcePack/.depend @@ -3,5 +3,7 @@ Grammar.o: Grammar.cpp ../../include/Ice/Ice.h ../../include/Ice/Initialize.h .. Scanner.o: Scanner.cpp ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../IcePack/Parser.h ../../include/IcePack/Admin.h ../IcePack/Grammar.h Parser.o: Parser.cpp ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../IcePack/Parser.h ../../include/IcePack/Admin.h Client.o: Client.cpp ../../include/Ice/Application.h ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../IcePack/Parser.h ../../include/IcePack/Admin.h +Server.o: Server.cpp ../../include/Ice/Application.h ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../IcePack/AdminI.h ../../include/IcePack/Admin.h ../IcePack/Forward.h ../../include/IcePack/AdminF.h ../IcePack/Activator.h ../../include/IceUtil/Thread.h +Forward.o: Forward.cpp ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../IcePack/Forward.h ../../include/IcePack/AdminF.h ../IcePack/Activator.h ../../include/IceUtil/Thread.h ../../include/IcePack/Admin.h AdminI.o: AdminI.cpp ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../IcePack/AdminI.h ../../include/IcePack/Admin.h Activator.o: Activator.cpp ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../IcePack/Activator.h ../../include/IceUtil/Thread.h ../../include/IcePack/Admin.h |