Updated Communicator.ice so that SSL related methods are only included when

    compiling the slice with -DICE_CPP. Updated project and Makefile
    accordingly. Continuing cleanup.

6 files changed, 67 insertions, 115 deletions

diff --git a/cpp/src/Ice/Makefile b/cpp/src/Ice/Makefile
index 82fbc03b8b5..980a492671a 100644
--- a/cpp/src/Ice/Makefile
+++ b/cpp/src/Ice/Makefile
@@ -155,7 +155,7 @@ clean::
 
 $(HDIR)/Communicator.h Communicator.cpp: $(SDIR)/Communicator.ice $(SLICE2CPP)
 	rm -f $(HDIR)/Communicator.h Communicator.cpp
-	$(SLICECMD) $(SDIR)/Communicator.ice
+	$(SLICECMD) -DICE_CPP $(SDIR)/Communicator.ice
 	mv Communicator.h $(HDIR)
 
 clean::
diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
index eb2b70af6cf..040d6cb0a27 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
@@ -307,12 +307,14 @@ IceSSL::OpenSSL::ClientConnection::write(Buffer& buf, int timeout)
             }
 
             case SSL_ERROR_WANT_READ:
-            {
+            {

+                // TODO: Probably don't need this - remove later if not needed.

+
                 // If we get this error here, it HAS to be because
                 // the protocol wants to do something handshake related.
                 // In the case that we might actually get some application data,
                 // we will use the base SSL read method, using the _inBuffer.
-                readSSL(_inBuffer, timeout);
+                // readSSL(_inBuffer, timeout);
                 continue;
             }
 
diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
index 1dcea25d049..96392f0e551 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
@@ -54,7 +54,9 @@ IceSSL::OpenSSL::ServerConnection::ServerConnection(
             SSL* connection,

             const IceSSL::SystemInternalPtr& system) :
                                             Connection(traceLevels, logger, certificateVerifier, connection, system)
-{
+{

+    assert(_sslConnection != 0);
+

     // Set the Accept Connection state for this connection.

     SSL_set_accept_state(_sslConnection);

 }
@@ -72,6 +74,8 @@ IceSSL::OpenSSL::ServerConnection::shutdown()
 int
 IceSSL::OpenSSL::ServerConnection::init(int timeout)
 {

+    assert(_sslConnection != 0);

+

     int retCode = SSL_is_init_finished(_sslConnection);
     
     while (!retCode)
diff --git a/cpp/src/Ice/SslContextOpenSSL.cpp b/cpp/src/Ice/SslContextOpenSSL.cpp
index 6366c10a5b2..84d5af75b14 100644
--- a/cpp/src/Ice/SslContextOpenSSL.cpp
+++ b/cpp/src/Ice/SslContextOpenSSL.cpp
@@ -229,6 +229,8 @@ IceSSL::OpenSSL::Context::createContext(SslProtocol sslProtocol)
 void

 IceSSL::OpenSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth)

 {

+    assert(_sslContext != 0);

+

     std::string fileName = certAuth.getCAFileName();

     std::string certPath = certAuth.getCAPath();

 

@@ -311,8 +313,34 @@ IceSSL::OpenSSL::Context::setKeyCert(const CertificateDesc& certDesc,
 }

 

 void

+IceSSL::OpenSSL::Context::checkKeyCert()

+{

+    assert(_sslContext != 0);

+

+    // Check to see if the Private and Public keys that have been

+    // set against the SSL context match up.

+    if (!SSL_CTX_check_private_key(_sslContext))

+    {

+        IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);

+

+        contextEx._message = "Private key does not match the certificate public key.";

+        std::string sslError = sslGetErrors();

+

+        if (!sslError.empty())

+        {

+            contextEx._message += "\n";

+            contextEx._message += sslError;

+        }

+

+        throw contextEx;

+    }

+}

+

+void

 IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const CertificateFile& publicCert)

 {

+    assert(_sslContext != 0);

+

     if (!publicCert.getFileName().empty())

     {

 	std::string publicCertFile = publicCert.getFileName();

@@ -360,48 +388,13 @@ IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const Ce
 	    throw contextEx;

         }

 

-        // Check to see if the Private and Public keys that have been

-        // set against the SSL context match up.

-        if (!SSL_CTX_check_private_key(_sslContext))

-        {

-            IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);

-

-            contextEx._message = "Private key does not match the certificate public key.";

-            std::string sslError = sslGetErrors();

-

-            if (!sslError.empty())

-            {

-                contextEx._message += "\n";

-                contextEx._message += sslError;

-            }

-

-            throw contextEx;

-        }

+        checkKeyCert();

     }

 }

 

-//

-// TODO: Merge base functionality of addKeyCert()'s so they call a base.

-//

-

 void

-IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)

+IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair)

 {

-    Ice::ByteSeq privKey = privateKey;

-

-    if (privKey.empty())

-    {

-        if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)

-        { 

-            _logger->trace(_traceLevels->securityCat, "WRN No private key specified - using the certificate.");

-        }

-

-        privKey = publicKey;

-    }

-

-    // Make a key pair based on the Base64 encoded strings

-    RSAKeyPair keyPair(privKey, publicKey);

-

     // Janitors to ensure that everything gets cleaned up properly

     RSAJanitor rsaJanitor(keyPair.getRSAPrivateKey());

     X509Janitor x509Janitor(keyPair.getX509PublicKey());

@@ -444,29 +437,13 @@ IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::
 

     rsaJanitor.clear();

 

-    // Check to see if the Private and Public keys that have been

-    // set against the SSL context match up.

-    if (!SSL_CTX_check_private_key(_sslContext))

-    {

-        IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);

-

-        contextEx._message = "Private key does not match the certificate public key.";

-        std::string sslError = sslGetErrors();

-

-        if (!sslError.empty())

-        {

-            contextEx._message += "\n";

-            contextEx._message += sslError;

-        }

-

-        throw contextEx;

-    }

+    checkKeyCert();

 }

 

 void

-IceSSL::OpenSSL::Context::addKeyCert(const std::string& privateKey, const std::string& publicKey)

+IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)

 {

-    std::string privKey = privateKey;

+    Ice::ByteSeq privKey = privateKey;

 

     if (privKey.empty())

     {

@@ -478,74 +455,38 @@ IceSSL::OpenSSL::Context::addKeyCert(const std::string& privateKey, const std::s
         privKey = publicKey;

     }

 

-    // Make a key pair based on the Base64 encoded strings

+    // Make a key pair based on the DER encoded byte sequences.

     RSAKeyPair keyPair(privKey, publicKey);

 

-    // Janitors to ensure that everything gets cleaned up properly

-    RSAJanitor rsaJanitor(keyPair.getRSAPrivateKey());

-    X509Janitor x509Janitor(keyPair.getX509PublicKey());

-

-    // Set which Public Key file to use.

-    if (SSL_CTX_use_certificate(_sslContext, x509Janitor.get()) <= 0)

-    {

-        IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);

-

-        contextEx._message = "Unable to set certificate from memory.";

-        std::string sslError = sslGetErrors();

-

-        if (!sslError.empty())

-        {

-            contextEx._message += "\n";

-            contextEx._message += sslError;

-        }

-

-        throw contextEx;

-    }

+    addKeyCert(keyPair);

+}

 

-    x509Janitor.clear();

+void

+IceSSL::OpenSSL::Context::addKeyCert(const std::string& privateKey, const std::string& publicKey)

+{

+    std::string privKey = privateKey;

 

-    // Set which Private Key file to use.

-    if (SSL_CTX_use_RSAPrivateKey(_sslContext, rsaJanitor.get()) <= 0)

+    if (privKey.empty())

     {

-        IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);

-

-        contextEx._message = "Unable to set private key from memory.";

-        std::string sslError = sslGetErrors();

-

-        if (!sslError.empty())

-        {

-            contextEx._message += "\n";

-            contextEx._message += sslError;

+        if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)

+        { 

+            _logger->trace(_traceLevels->securityCat, "WRN No private key specified - using the certificate.");

         }

 

-        throw contextEx;

+        privKey = publicKey;

     }

 

-    rsaJanitor.clear();

-

-    // Check to see if the Private and Public keys that have been

-    // set against the SSL context match up.

-    if (!SSL_CTX_check_private_key(_sslContext))

-    {

-        IceSSL::OpenSSL::ContextException contextEx(__FILE__, __LINE__);

-

-        contextEx._message = "Private key does not match the certificate public key.";

-        std::string sslError = sslGetErrors();

-

-        if (!sslError.empty())

-        {

-            contextEx._message += "\n";

-            contextEx._message += sslError;

-        }

+    // Make a key pair based on the Base64 encoded strings.

+    RSAKeyPair keyPair(privKey, publicKey);

 

-        throw contextEx;

-    }

+    addKeyCert(keyPair);

 }

 

 SSL*

 IceSSL::OpenSSL::Context::createSSLConnection(int socket)

 {

     SSL* sslConnection = SSL_new(_sslContext);

+    assert(sslConnection != 0);

 

     SSL_clear(sslConnection);

 

@@ -557,7 +498,7 @@ IceSSL::OpenSSL::Context::createSSLConnection(int socket)
 void

 IceSSL::OpenSSL::Context::connectionSetup(const ConnectionPtr& connection)

 {

-    // Set the Post-Hanshake Read timeout

+    // Set the Post-Handshake Read timeout

     // This timeout is implemented once on the first read after hanshake.

     int handshakeReadTimeout;

     std::string value = _properties->getProperty(_handshakeTimeoutProperty);

diff --git a/cpp/src/Ice/SslContextOpenSSL.h b/cpp/src/Ice/SslContextOpenSSL.h
index de26f046987..a0b9071ad87 100644
--- a/cpp/src/Ice/SslContextOpenSSL.h
+++ b/cpp/src/Ice/SslContextOpenSSL.h
@@ -39,6 +39,7 @@ namespace OpenSSL
 {

 

 class System;

+class RSAKeyPair;

 

 class Context : public IceUtil::Shared

 {

@@ -73,8 +74,12 @@ protected:
 

     void setKeyCert(const IceSSL::CertificateDesc&, const std::string&, const std::string&);

 

+    void checkKeyCert();

+

     void addKeyCert(const IceSSL::CertificateFile&, const IceSSL::CertificateFile&);

 

+    void addKeyCert(const RSAKeyPair&);

+

     void addKeyCert(const Ice::ByteSeq&, const Ice::ByteSeq&);

 

     void addKeyCert(const std::string&, const std::string&);

diff --git a/cpp/src/Ice/ice.dsp b/cpp/src/Ice/ice.dsp
index f1082b469a6..44b4e7db441 100644
--- a/cpp/src/Ice/ice.dsp
+++ b/cpp/src/Ice/ice.dsp
@@ -1189,7 +1189,7 @@ InputPath=..\..\slice\Ice\Communicator.ice
 

 BuildCmds= \

 	set PATH=%PATH%;..\..\lib \

-	..\..\bin\slice2cpp.exe --dll-export ICE_API --include-dir Ice -I../../slice ../../slice/Ice/Communicator.ice \

+	..\..\bin\slice2cpp.exe -DICE_CPP --dll-export ICE_API --include-dir Ice -I../../slice ../../slice/Ice/Communicator.ice \

 	move Communicator.h ..\..\include\Ice \

 	

 

@@ -1208,7 +1208,7 @@ InputPath=..\..\slice\Ice\Communicator.ice
 

 BuildCmds= \

 	set PATH=%PATH%;..\..\lib \

-	..\..\bin\slice2cpp.exe --dll-export ICE_API --include-dir Ice -I../../slice ../../slice/Ice/Communicator.ice \

+	..\..\bin\slice2cpp.exe -DICE_CPP --dll-export ICE_API --include-dir Ice -I../../slice ../../slice/Ice/Communicator.ice \

 	move Communicator.h ..\..\include\Ice \