diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2009-10-21 17:02:37 +0200 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2009-10-21 17:02:37 +0200 |
| commit | a80b3c8cbb203c78b061e99e1a764685af4a93e9 (patch) | |
| tree | 5448b1dd66499b8fc9e46c618aa65b6687855946 /cpp/src | |
| parent | Bug 4311 - change Ice::Service::start signature (diff) | |
| download | ice-a80b3c8cbb203c78b061e99e1a764685af4a93e9.tar.bz2 ice-a80b3c8cbb203c78b061e99e1a764685af4a93e9.tar.xz ice-a80b3c8cbb203c78b061e99e1a764685af4a93e9.zip | |
- Removed old IceSSL::ConnectionInfo struct, it's now replaced with
IceSSL::NativeConnectionInfo.
- Removed Ice::ConnectionInfo endpoint attribute.
- Added Ice::Connection::getEndpoint() method.
- Added Ice::ConnectionInfo adapterName and incoming attributes.
- Replaced Tcp and Udp prefixes with TCP and UDP in endpoint/info classes.
- Added IPEndpointInfo and IPConnectionInfo intermediate classes.
- Fixed 2058: deprecate ice_hash for Ice.Object & Ice.LocalObject, added ice_getHash
- Fixed bug where Ice::Endpoint comparison would only compare the endpoint object addresses rather than the endpoint attributes like in Java and C#.
- Added ice_getHash implementation for endpoints and cleaned up Reference::hash to use HashUtil.h helper methods.
- Added test/Ice/info and removed endpoint info test from test/Ice/proxy.
Diffstat (limited to 'cpp/src')
32 files changed, 373 insertions, 548 deletions
diff --git a/cpp/src/Glacier2/SessionRouterI.cpp b/cpp/src/Glacier2/SessionRouterI.cpp index cbb861fc345..de70d7dd4b2 100644 --- a/cpp/src/Glacier2/SessionRouterI.cpp +++ b/cpp/src/Glacier2/SessionRouterI.cpp @@ -483,23 +483,6 @@ private: } -namespace -{ - -template<class T> void populateContext(const IceInternal::Handle<T>& info, Ice::Context& context) -{ - ostringstream os; - os << info->remotePort; - context["_con.remotePort"] = os.str(); - context["_con.remoteAddress"] = info->remoteAddress; - os.str(""); - os << info->localPort; - context["_con.localPort"] = os.str(); - context["_con.localAddress"] = info->localAddress; -} - -} - using namespace Glacier2; Glacier2::CreateSession::CreateSession(const SessionRouterIPtr& sessionRouter, const string& user, @@ -513,17 +496,22 @@ Glacier2::CreateSession::CreateSession(const SessionRouterIPtr& sessionRouter, c { _context["_con.type"] = current.con->type(); { - Ice::TcpConnectionInfoPtr info = Ice::TcpConnectionInfoPtr::dynamicCast(current.con->getInfo()); + Ice::IPConnectionInfoPtr info = Ice::IPConnectionInfoPtr::dynamicCast(current.con->getInfo()); if(info) { - populateContext(info, _context); - } + ostringstream os; + os << info->remotePort; + _context["_con.remotePort"] = os.str(); + _context["_con.remoteAddress"] = info->remoteAddress; + os.str(""); + os << info->localPort; + _context["_con.localPort"] = os.str(); + _context["_con.localAddress"] = info->localAddress; } } { - IceSSL::SSLConnectionInfoPtr info = IceSSL::SSLConnectionInfoPtr::dynamicCast(current.con->getInfo()); + IceSSL::ConnectionInfoPtr info = IceSSL::ConnectionInfoPtr::dynamicCast(current.con->getInfo()); if(info) { - populateContext(info, _context); _context["_con.cipher"] = info->cipher; if(info->certs.size() > 0) { @@ -615,7 +603,7 @@ Glacier2::CreateSession::sessionCreated(const SessionPrx& session) // // DEPRECATED: Glacier2.AddSSLContext. // - IceSSL::SSLConnectionInfoPtr info = IceSSL::SSLConnectionInfoPtr::dynamicCast(_current.con->getInfo()); + IceSSL::ConnectionInfoPtr info = IceSSL::ConnectionInfoPtr::dynamicCast(_current.con->getInfo()); if(info && _instance->properties()->getPropertyAsInt("Glacier2.AddSSLContext") > 0) { _context["SSL.Active"] = "1"; @@ -907,7 +895,7 @@ Glacier2::SessionRouterI::createSessionFromSecureConnection_async( // try { - IceSSL::SSLConnectionInfoPtr info = IceSSL::SSLConnectionInfoPtr::dynamicCast(current.con->getInfo()); + IceSSL::ConnectionInfoPtr info = IceSSL::ConnectionInfoPtr::dynamicCast(current.con->getInfo()); if(!info) { amdCB->ice_exception(PermissionDeniedException("not ssl connection")); diff --git a/cpp/src/Ice/ConnectionI.cpp b/cpp/src/Ice/ConnectionI.cpp index b8942d42aec..310f4575395 100644 --- a/cpp/src/Ice/ConnectionI.cpp +++ b/cpp/src/Ice/ConnectionI.cpp @@ -988,6 +988,12 @@ Ice::ConnectionI::getAdapter() const return _adapter; } +EndpointPtr +Ice::ConnectionI::getEndpoint() const +{ + return _endpoint; // No mutex protection necessary, _endpoint is immutable. +} + ObjectPrx Ice::ConnectionI::createProxy(const Identity& ident) const { @@ -1434,23 +1440,13 @@ Ice::ConnectionI::getInfo() const { _exception->ice_throw(); } + ConnectionInfoPtr info = _transceiver->getInfo(); - info->endpoint = _endpoint->getInfo(); + info->incoming = _connector == 0; + info->adapterName = _adapter ? _adapter->getName() : string(); return info; } -// -// Only used by the SSL plug-in. -// -// The external party has to synchronize the connection, since the -// connection is the object that protects the transceiver. -// -IceInternal::TransceiverPtr -Ice::ConnectionI::getTransceiver() const -{ - return _transceiver; -} - void Ice::ConnectionI::exception(const LocalException& ex) { diff --git a/cpp/src/Ice/ConnectionI.h b/cpp/src/Ice/ConnectionI.h index 5c844ea5cb7..688a6f47ccd 100644 --- a/cpp/src/Ice/ConnectionI.h +++ b/cpp/src/Ice/ConnectionI.h @@ -114,6 +114,7 @@ public: virtual void setAdapter(const ObjectAdapterPtr&); // From Connection. virtual ObjectAdapterPtr getAdapter() const; // From Connection. + virtual EndpointPtr getEndpoint() const; // From Connection. virtual ObjectPrx createProxy(const Identity& ident) const; // From Connection. // @@ -134,9 +135,6 @@ public: virtual Ice::Int timeout() const; // From Connection. virtual ConnectionInfoPtr getInfo() const; // From Connection - // SSL plug-in needs to be able to get the transceiver. - IceInternal::TransceiverPtr getTransceiver() const; - void exception(const LocalException&); void invokeException(const LocalException&, int); diff --git a/cpp/src/Ice/EndpointI.cpp b/cpp/src/Ice/EndpointI.cpp index 64c6efa5cf2..9bfa1516065 100644 --- a/cpp/src/Ice/EndpointI.cpp +++ b/cpp/src/Ice/EndpointI.cpp @@ -13,13 +13,50 @@ #include <Ice/Network.h> #include <Ice/PropertiesI.h> #include <Ice/LoggerUtil.h> +#include <IceUtil/MutexPtrLock.h> using namespace std; using namespace IceInternal; +namespace +{ + +IceUtil::Mutex* hashMutex = 0; + +class Init +{ +public: + + Init() + { + hashMutex = new IceUtil::Mutex; + } + + ~Init() + { + delete hashMutex; + hashMutex = 0; + } +}; + +Init init; + +} + Ice::LocalObject* IceInternal::upCast(EndpointI* p) { return p; } IceUtil::Shared* IceInternal::upCast(EndpointHostResolver* p) { return p; } +Ice::Int +IceInternal::EndpointI::ice_getHash() const +{ + IceUtilInternal::MutexPtrLock<IceUtil::Mutex> lock(hashMutex); + if(!_hashInitialized) + { + _hashValue = hashInit(); + } + return _hashValue; +} + vector<ConnectorPtr> IceInternal::EndpointI::connectors(const vector<struct sockaddr_storage>& addrs) const { @@ -31,6 +68,10 @@ IceInternal::EndpointI::connectors(const vector<struct sockaddr_storage>& addrs) return vector<ConnectorPtr>(); } +IceInternal::EndpointI::EndpointI() : _hashInitialized(false) +{ +} + IceInternal::EndpointHostResolver::EndpointHostResolver(const InstancePtr& instance) : IceUtil::Thread("Ice endpoint host resolver thread"), _instance(instance), diff --git a/cpp/src/Ice/EndpointI.h b/cpp/src/Ice/EndpointI.h index 2dc851f4f42..1336ce31caa 100644 --- a/cpp/src/Ice/EndpointI.h +++ b/cpp/src/Ice/EndpointI.h @@ -135,47 +135,38 @@ public: // Check whether the endpoint is equivalent to another one. // virtual bool equivalent(const EndpointIPtr&) const = 0; - + // // Compare endpoints for sorting purposes. // - virtual bool operator==(const EndpointI&) const = 0; - virtual bool operator!=(const EndpointI&) const = 0; - virtual bool operator<(const EndpointI&) const = 0; - -#if defined(__BCPLUSPLUS__) - // - // COMPILERFIX: Avoid warnings about hiding members for C++Builder 2010 - // - // - virtual bool operator==(const Ice::LocalObject& rhs) const - { - return Ice::LocalObject::operator==(rhs); - } - - virtual bool operator<(const Ice::LocalObject& rhs) const - { - return Ice::LocalObject::operator<(rhs); - } -#endif + virtual bool operator==(const LocalObject&) const = 0; + virtual bool operator<(const LocalObject&) const = 0; + virtual ::Ice::Int ice_getHash() const; protected: virtual std::vector<ConnectorPtr> connectors(const std::vector<struct sockaddr_storage>&) const; friend class EndpointHostResolver; + EndpointI(); + virtual ::Ice::Int hashInit() const = 0; + private: -#if defined(__SUNPRO_CC) - // - // COMPILERFIX: prevent the compiler from emitting a warning about - // hidding these operators. - // - using LocalObject::operator==; - using LocalObject::operator<; -#endif + mutable bool _hashInitialized; + mutable Ice::Int _hashValue; }; +inline bool operator==(const EndpointI& l, const EndpointI& r) +{ + return static_cast<const ::Ice::LocalObject&>(l) == static_cast<const ::Ice::LocalObject&>(r); +} + +inline bool operator<(const EndpointI& l, const EndpointI& r) +{ + return static_cast<const ::Ice::LocalObject&>(l) < static_cast<const ::Ice::LocalObject&>(r); +} + class ICE_API EndpointHostResolver : public IceUtil::Thread, public IceUtil::Monitor<IceUtil::Mutex> { public: diff --git a/cpp/src/Ice/HashUtil.h b/cpp/src/Ice/HashUtil.h new file mode 100644 index 00000000000..ce2e8b941bc --- /dev/null +++ b/cpp/src/Ice/HashUtil.h @@ -0,0 +1,60 @@ +// ********************************************************************** +// +// Copyright (c) 2003-2009 ZeroC, Inc. All rights reserved. +// +// This copy of Ice is licensed to you under the terms described in the +// ICE_LICENSE file included in this distribution. +// +// ********************************************************************** + +#ifndef ICE_HASH_UTIL_H +#define ICE_HASH_UTIL_H + +namespace IceInternal +{ + +inline void +hashAdd(Ice::Int& hashCode, Ice::Int value) +{ + hashCode = hashCode * 5 + value; +} + +inline void +hashAdd(Ice::Int& hashCode, bool value) +{ + hashCode = hashCode * 5 + static_cast<Ice::Int>(value); +} + +inline void +hashAdd(Ice::Int& hashCode, const std::string& value) +{ + for(std::string::const_iterator p = value.begin(); p != value.end(); ++p) + { + hashCode = 5 * hashCode + *p; + } +} + +template<typename T> void +hashAdd(Ice::Int& hashCode, const std::vector<T>& seq) +{ + for(typename std::vector<T>::const_iterator p = seq.begin(); p != seq.end(); ++p) + { + hashAdd(hashCode, *p); + } +} + +template<typename K, typename V> void +hashAdd(Ice::Int& hashCode, const std::map<K, V>& map) +{ + for(typename std::map<K, V>::const_iterator p = map.begin(); p != map.end(); ++p) + { + hashAdd(hashCode, p->first); + hashAdd(hashCode, p->second); + } +} + + +} + +#endif + diff --git a/cpp/src/Ice/LocalObject.cpp b/cpp/src/Ice/LocalObject.cpp index 16e57a35324..a2be55cd02b 100644 --- a/cpp/src/Ice/LocalObject.cpp +++ b/cpp/src/Ice/LocalObject.cpp @@ -28,7 +28,7 @@ Ice::LocalObject::operator<(const LocalObject& r) const } Int -Ice::LocalObject::ice_hash() const +Ice::LocalObject::ice_getHash() const { return static_cast<Int>(reinterpret_cast<Long>(this) >> 4); } diff --git a/cpp/src/Ice/Object.cpp b/cpp/src/Ice/Object.cpp index 5d4f4fdca3a..0d102ae1a63 100644 --- a/cpp/src/Ice/Object.cpp +++ b/cpp/src/Ice/Object.cpp @@ -34,7 +34,7 @@ Ice::Object::operator<(const Object& r) const } Int -Ice::Object::ice_hash() const +Ice::Object::ice_getHash() const { return static_cast<Int>(reinterpret_cast<Long>(this) >> 4); } diff --git a/cpp/src/Ice/OpaqueEndpointI.cpp b/cpp/src/Ice/OpaqueEndpointI.cpp index 19c033881e7..9960872df1c 100644 --- a/cpp/src/Ice/OpaqueEndpointI.cpp +++ b/cpp/src/Ice/OpaqueEndpointI.cpp @@ -12,6 +12,7 @@ #include <Ice/Exception.h> #include <Ice/Instance.h> #include <Ice/Base64.h> +#include <Ice/HashUtil.h> using namespace std; using namespace Ice; @@ -282,7 +283,7 @@ IceInternal::OpaqueEndpointI::equivalent(const EndpointIPtr&) const } bool -IceInternal::OpaqueEndpointI::operator==(const EndpointI& r) const +IceInternal::OpaqueEndpointI::operator==(const LocalObject& r) const { const OpaqueEndpointI* p = dynamic_cast<const OpaqueEndpointI*>(&r); if(!p) @@ -309,18 +310,17 @@ IceInternal::OpaqueEndpointI::operator==(const EndpointI& r) const } bool -IceInternal::OpaqueEndpointI::operator!=(const EndpointI& r) const -{ - return !operator==(r); -} - -bool -IceInternal::OpaqueEndpointI::operator<(const EndpointI& r) const +IceInternal::OpaqueEndpointI::operator<(const LocalObject& r) const { const OpaqueEndpointI* p = dynamic_cast<const OpaqueEndpointI*>(&r); if(!p) { - return type() < r.type(); + const EndpointI* e = dynamic_cast<const EndpointI*>(&r); + if(!e) + { + return false; + } + return type() < e->type(); } if(this == p) @@ -348,3 +348,11 @@ IceInternal::OpaqueEndpointI::operator<(const EndpointI& r) const return false; } + +Ice::Int +IceInternal::OpaqueEndpointI::hashInit() const +{ + Ice::Int h = _type; + hashAdd(h, _rawBytes); + return h; +} diff --git a/cpp/src/Ice/OpaqueEndpointI.h b/cpp/src/Ice/OpaqueEndpointI.h index b89905563b0..609de265708 100644 --- a/cpp/src/Ice/OpaqueEndpointI.h +++ b/cpp/src/Ice/OpaqueEndpointI.h @@ -41,46 +41,16 @@ public: virtual std::vector<EndpointIPtr> expand() const; virtual bool equivalent(const EndpointIPtr&) const; - virtual bool operator==(const EndpointI&) const; - virtual bool operator!=(const EndpointI&) const; - virtual bool operator<(const EndpointI&) const; - -#if defined(__BCPLUSPLUS__) - // - // COMPILERFIX: Avoid warnings about hiding members for C++Builder 2010 - // - // - virtual bool operator==(const Ice::LocalObject& rhs) const - { - return EndpointI::operator==(rhs); - } - - virtual bool operator<(const Ice::LocalObject& rhs) const - { - return EndpointI::operator<(rhs); - } - - virtual std::vector<ConnectorPtr> connectors(const std::vector<struct sockaddr_storage>& v) const - { - return EndpointI::connectors(v); - } -#endif + virtual bool operator==(const LocalObject&) const; + virtual bool operator<(const LocalObject&) const; protected: + virtual ::Ice::Int hashInit() const; using EndpointI::connectors; private: -#if defined(__SUNPRO_CC) - // - // COMPILERFIX: prevent the compiler from emitting a warning about - // hidding these operators. - // - using LocalObject::operator==; - using LocalObject::operator<; -#endif - // // All members are const, because endpoints are immutable. // diff --git a/cpp/src/Ice/Reference.cpp b/cpp/src/Ice/Reference.cpp index 53f9bcfd70c..a4e41555f85 100644 --- a/cpp/src/Ice/Reference.cpp +++ b/cpp/src/Ice/Reference.cpp @@ -23,9 +23,11 @@ #include <Ice/ConnectionFactory.h> #include <Ice/LoggerUtil.h> #include <Ice/TraceLevels.h> +#include <Ice/HashUtil.h> #include <Ice/DefaultsAndOverrides.h> #include <IceUtil/StringUtil.h> #include <IceUtil/Random.h> +#include <IceUtil/MutexPtrLock.h> #include <functional> @@ -37,6 +39,27 @@ IceUtil::Shared* IceInternal::upCast(IceInternal::Reference* p) { return p; } namespace { + +IceUtil::Mutex* hashMutex = 0; + +class Init +{ +public: + + Init() + { + hashMutex = new IceUtil::Mutex; + } + + ~Init() + { + delete hashMutex; + hashMutex = 0; + } +}; + +Init init; + struct RandomNumberGenerator : public std::unary_function<ptrdiff_t, ptrdiff_t> { ptrdiff_t operator()(ptrdiff_t d) @@ -125,10 +148,11 @@ IceInternal::Reference::changeCompress(bool newCompress) const Int Reference::hash() const { - IceUtil::Mutex::Lock sync(_hashMutex); + IceUtilInternal::MutexPtrLock<IceUtil::Mutex> lock(hashMutex); if(!_hashInitialized) { - hashInit(); // Initialize _hashValue + _hashValue = hashInit(); + _hashInitialized = true; } return _hashValue; } @@ -434,45 +458,16 @@ IceInternal::Reference::Reference(const Reference& r) : { } -void +int IceInternal::Reference::hashInit() const { - string::const_iterator p; - Context::const_iterator q; - Int h = static_cast<Int>(_mode); - - for(p = _identity.name.begin(); p != _identity.name.end(); ++p) - { - h = 5 * h + *p; - } - - for(p = _identity.category.begin(); p != _identity.category.end(); ++p) - { - h = 5 * h + *p; - } - - for(q = _context->getValue().begin(); q != _context->getValue().end(); ++q) - { - for(p = q->first.begin(); p != q->first.end(); ++p) - { - h = 5 * h + *p; - } - for(p = q->second.begin(); p != q->second.end(); ++p) - { - h = 5 * h + *p; - } - } - - for(p = _facet.begin(); p != _facet.end(); ++p) - { - h = 5 * h + *p; - } - - h = 5 * h + static_cast<Int>(_secure); - - _hashValue = h; - _hashInitialized = true; + hashAdd(h, _identity.name); + hashAdd(h, _identity.category); + hashAdd(h, _context->getValue()); + hashAdd(h, _facet); + hashAdd(h, _secure); + return h; } IceUtil::Shared* IceInternal::upCast(IceInternal::FixedReference* p) { return p; } @@ -1139,20 +1134,11 @@ IceInternal::RoutableReference::toString() const } int -IceInternal::RoutableReference::hash() const +IceInternal::RoutableReference::hashInit() const { - IceUtil::Mutex::Lock sync(_hashMutex); - if(!_hashInitialized) - { - hashInit(); // Initializes _hashValue. - - // Add hash of adapter ID to base hash. - for(string::const_iterator p = _adapterId.begin(); p != _adapterId.end(); ++p) - { - _hashValue = 5 * _hashValue + *p; - } - } - return _hashValue; + int value = Reference::hashInit(); + hashAdd(value, _adapterId); + return value; } bool diff --git a/cpp/src/Ice/Reference.h b/cpp/src/Ice/Reference.h index 1dadba0465c..3d2b9b4701c 100644 --- a/cpp/src/Ice/Reference.h +++ b/cpp/src/Ice/Reference.h @@ -98,7 +98,7 @@ public: virtual ReferencePtr changeTimeout(int) const = 0; virtual ReferencePtr changeConnectionId(const std::string&) const = 0; - virtual int hash() const; // Conceptually const. + int hash() const; // Conceptually const. // // Utility methods. @@ -133,9 +133,8 @@ protected: Reference(const InstancePtr&, const Ice::CommunicatorPtr&, const Ice::Identity&, const std::string&, Mode, bool); Reference(const Reference&); - void hashInit() const; + virtual Ice::Int hashInit() const; - IceUtil::Mutex _hashMutex; // For lazy initialization of hash value. mutable Ice::Int _hashValue; mutable bool _hashInitialized; @@ -240,8 +239,6 @@ public: virtual ReferencePtr changeTimeout(int) const; virtual ReferencePtr changeConnectionId(const std::string&) const; - virtual int hash() const; - virtual bool isIndirect() const; virtual bool isWellKnown() const; @@ -268,6 +265,8 @@ protected: std::vector<EndpointIPtr> filterEndpoints(const std::vector<EndpointIPtr>&) const; + virtual int hashInit() const; + private: std::vector<EndpointIPtr> _endpoints; // Empty if indirect proxy. diff --git a/cpp/src/Ice/TcpConnector.cpp b/cpp/src/Ice/TcpConnector.cpp index 9d45fdf82bd..f8a5a53a33a 100644 --- a/cpp/src/Ice/TcpConnector.cpp +++ b/cpp/src/Ice/TcpConnector.cpp @@ -49,7 +49,7 @@ IceInternal::TcpConnector::connect() Short IceInternal::TcpConnector::type() const { - return TcpEndpointType; + return TCPEndpointType; } string diff --git a/cpp/src/Ice/TcpEndpointI.cpp b/cpp/src/Ice/TcpEndpointI.cpp index 9d8c761231f..c8e027b4ffb 100644 --- a/cpp/src/Ice/TcpEndpointI.cpp +++ b/cpp/src/Ice/TcpEndpointI.cpp @@ -16,6 +16,7 @@ #include <Ice/LocalException.h> #include <Ice/Instance.h> #include <Ice/DefaultsAndOverrides.h> +#include <Ice/HashUtil.h> using namespace std; using namespace Ice; @@ -177,7 +178,7 @@ IceInternal::TcpEndpointI::TcpEndpointI(BasicStream* s) : void IceInternal::TcpEndpointI::streamWrite(BasicStream* s) const { - s->write(TcpEndpointType); + s->write(TCPEndpointType); s->startWriteEncaps(); s->write(_host, false); s->write(_port); @@ -229,19 +230,19 @@ IceInternal::TcpEndpointI::toString() const EndpointInfoPtr IceInternal::TcpEndpointI::getInfo() const { - class InfoI : public Ice::TcpEndpointInfo + class InfoI : public Ice::TCPEndpointInfo { public: InfoI(Ice::Int to, bool comp, const string& host, Ice::Int port) : - TcpEndpointInfo(to, comp, host, port) + TCPEndpointInfo(to, comp, host, port) { } virtual Ice::Short type() const { - return TcpEndpointType; + return TCPEndpointType; } virtual bool @@ -263,7 +264,7 @@ IceInternal::TcpEndpointI::getInfo() const Short IceInternal::TcpEndpointI::type() const { - return TcpEndpointType; + return TCPEndpointType; } Int @@ -388,7 +389,7 @@ IceInternal::TcpEndpointI::equivalent(const EndpointIPtr& endpoint) const } bool -IceInternal::TcpEndpointI::operator==(const EndpointI& r) const +IceInternal::TcpEndpointI::operator==(const LocalObject& r) const { const TcpEndpointI* p = dynamic_cast<const TcpEndpointI*>(&r); if(!p) @@ -430,18 +431,17 @@ IceInternal::TcpEndpointI::operator==(const EndpointI& r) const } bool -IceInternal::TcpEndpointI::operator!=(const EndpointI& r) const -{ - return !operator==(r); -} - -bool -IceInternal::TcpEndpointI::operator<(const EndpointI& r) const +IceInternal::TcpEndpointI::operator<(const LocalObject& r) const { const TcpEndpointI* p = dynamic_cast<const TcpEndpointI*>(&r); if(!p) { - return type() < r.type(); + const EndpointI* e = dynamic_cast<const EndpointI*>(&r); + if(!e) + { + return false; + } + return type() < e->type(); } if(this == p) @@ -497,6 +497,18 @@ IceInternal::TcpEndpointI::operator<(const EndpointI& r) const return false; } +Ice::Int +IceInternal::TcpEndpointI::hashInit() const +{ + Ice::Int h = 0; + hashAdd(h, _host); + hashAdd(h, _port); + hashAdd(h, _timeout); + hashAdd(h, _connectionId); + hashAdd(h, _compress); + return h; +} + vector<ConnectorPtr> IceInternal::TcpEndpointI::connectors(const vector<struct sockaddr_storage>& addresses) const { @@ -520,7 +532,7 @@ IceInternal::TcpEndpointFactory::~TcpEndpointFactory() Short IceInternal::TcpEndpointFactory::type() const { - return TcpEndpointType; + return TCPEndpointType; } string diff --git a/cpp/src/Ice/TcpEndpointI.h b/cpp/src/Ice/TcpEndpointI.h index 1bf7829b397..7176154dbc4 100644 --- a/cpp/src/Ice/TcpEndpointI.h +++ b/cpp/src/Ice/TcpEndpointI.h @@ -16,8 +16,6 @@ namespace IceInternal { -const Ice::Short TcpEndpointType = 1; - class TcpEndpointI : public EndpointI { public: @@ -44,39 +42,14 @@ public: virtual std::vector<EndpointIPtr> expand() const; virtual bool equivalent(const EndpointIPtr&) const; - virtual bool operator==(const EndpointI&) const; - virtual bool operator!=(const EndpointI&) const; - virtual bool operator<(const EndpointI&) const; - -#if defined(__BCPLUSPLUS__) - // - // COMPILERFIX: Avoid warnings about hiding members for C++Builder 2010 - // - // - virtual bool operator==(const Ice::LocalObject& rhs) const - { - return EndpointI::operator==(rhs); - } - - virtual bool operator<(const Ice::LocalObject& rhs) const - { - return EndpointI::operator<(rhs); - } -#endif + virtual bool operator==(const LocalObject&) const; + virtual bool operator<(const LocalObject&) const; private: + virtual ::Ice::Int hashInit() const; virtual std::vector<ConnectorPtr> connectors(const std::vector<struct sockaddr_storage>&) const; -#if defined(__SUNPRO_CC) - // - // COMPILERFIX: prevent the compiler from emitting a warning about - // hidding these operators. - // - using LocalObject::operator==; - using LocalObject::operator<; -#endif - // // All members are const, because endpoints are immutable. // diff --git a/cpp/src/Ice/TcpTransceiver.cpp b/cpp/src/Ice/TcpTransceiver.cpp index 959c3ce6f87..d26545f22de 100644 --- a/cpp/src/Ice/TcpTransceiver.cpp +++ b/cpp/src/Ice/TcpTransceiver.cpp @@ -458,7 +458,7 @@ Ice::ConnectionInfoPtr IceInternal::TcpTransceiver::getInfo() const { assert(_fd != INVALID_SOCKET); - Ice::TcpConnectionInfoPtr info = new Ice::TcpConnectionInfo(); + Ice::TCPConnectionInfoPtr info = new Ice::TCPConnectionInfo(); fdToAddressAndPort(_fd, info->localAddress, info->localPort, info->remoteAddress, info->remotePort); return info; } diff --git a/cpp/src/Ice/UdpConnector.cpp b/cpp/src/Ice/UdpConnector.cpp index d8a4c5588df..e0d97ba37e9 100644 --- a/cpp/src/Ice/UdpConnector.cpp +++ b/cpp/src/Ice/UdpConnector.cpp @@ -26,7 +26,7 @@ IceInternal::UdpConnector::connect() Short IceInternal::UdpConnector::type() const { - return UdpEndpointType; + return UDPEndpointType; } string diff --git a/cpp/src/Ice/UdpEndpointI.cpp b/cpp/src/Ice/UdpEndpointI.cpp index bbd273cfa54..6d0ed5e6989 100644 --- a/cpp/src/Ice/UdpEndpointI.cpp +++ b/cpp/src/Ice/UdpEndpointI.cpp @@ -16,6 +16,7 @@ #include <Ice/Instance.h> #include <Ice/DefaultsAndOverrides.h> #include <Ice/Protocol.h> +#include <Ice/HashUtil.h> using namespace std; using namespace Ice; @@ -350,7 +351,7 @@ IceInternal::UdpEndpointI::UdpEndpointI(BasicStream* s) : void IceInternal::UdpEndpointI::streamWrite(BasicStream* s) const { - s->write(UdpEndpointType); + s->write(UDPEndpointType); s->startWriteEncaps(); s->write(_host, false); s->write(_port); @@ -435,13 +436,13 @@ IceInternal::UdpEndpointI::toString() const EndpointInfoPtr IceInternal::UdpEndpointI::getInfo() const { - class InfoI : public Ice::UdpEndpointInfo + class InfoI : public Ice::UDPEndpointInfo { public: InfoI(bool comp, const string& host, Ice::Int port, Ice::Byte protocolMajor, Ice::Byte protocolMinor, Ice::Byte encodingMajor, Ice::Byte encodingMinor, const std::string& mcastInterface, Ice::Int mcastTtl) : - UdpEndpointInfo(-1, comp, host, port, protocolMajor, protocolMinor, encodingMajor, encodingMinor, + UDPEndpointInfo(-1, comp, host, port, protocolMajor, protocolMinor, encodingMajor, encodingMinor, mcastInterface, mcastTtl) { } @@ -449,7 +450,7 @@ IceInternal::UdpEndpointI::getInfo() const virtual Ice::Short type() const { - return UdpEndpointType; + return UDPEndpointType; } virtual bool @@ -472,7 +473,7 @@ IceInternal::UdpEndpointI::getInfo() const Short IceInternal::UdpEndpointI::type() const { - return UdpEndpointType; + return UDPEndpointType; } Int @@ -595,7 +596,7 @@ IceInternal::UdpEndpointI::equivalent(const EndpointIPtr& endpoint) const } bool -IceInternal::UdpEndpointI::operator==(const EndpointI& r) const +IceInternal::UdpEndpointI::operator==(const LocalObject& r) const { const UdpEndpointI* p = dynamic_cast<const UdpEndpointI*>(&r); if(!p) @@ -667,18 +668,17 @@ IceInternal::UdpEndpointI::operator==(const EndpointI& r) const } bool -IceInternal::UdpEndpointI::operator!=(const EndpointI& r) const -{ - return !operator==(r); -} - -bool -IceInternal::UdpEndpointI::operator<(const EndpointI& r) const +IceInternal::UdpEndpointI::operator<(const LocalObject& r) const { const UdpEndpointI* p = dynamic_cast<const UdpEndpointI*>(&r); if(!p) { - return type() < r.type(); + const EndpointI* e = dynamic_cast<const EndpointI*>(&r); + if(!e) + { + return false; + } + return type() < e->type(); } if(this == p) @@ -788,6 +788,20 @@ IceInternal::UdpEndpointI::operator<(const EndpointI& r) const return false; } +Ice::Int +IceInternal::UdpEndpointI::hashInit() const +{ + Ice::Int h = 0; + hashAdd(h, _host); + hashAdd(h, _port); + hashAdd(h, _mcastInterface); + hashAdd(h, _mcastTtl); + hashAdd(h, _connect); + hashAdd(h, _connectionId); + hashAdd(h, _compress); + return h; +} + vector<ConnectorPtr> IceInternal::UdpEndpointI::connectors(const vector<struct sockaddr_storage>& addresses) const { @@ -812,7 +826,7 @@ IceInternal::UdpEndpointFactory::~UdpEndpointFactory() Short IceInternal::UdpEndpointFactory::type() const { - return UdpEndpointType; + return UDPEndpointType; } string diff --git a/cpp/src/Ice/UdpEndpointI.h b/cpp/src/Ice/UdpEndpointI.h index 1331d740085..e0894128bb8 100644 --- a/cpp/src/Ice/UdpEndpointI.h +++ b/cpp/src/Ice/UdpEndpointI.h @@ -16,8 +16,6 @@ namespace IceInternal { -const Ice::Short UdpEndpointType = 3; - class UdpEndpointI : public EndpointI { public: @@ -45,39 +43,14 @@ public: virtual std::vector<EndpointIPtr> expand() const; virtual bool equivalent(const EndpointIPtr&) const; - virtual bool operator==(const EndpointI&) const; - virtual bool operator!=(const EndpointI&) const; - virtual bool operator<(const EndpointI&) const; - -#if defined(__BCPLUSPLUS__) - // - // COMPILERFIX: Avoid warnings about hiding members for C++Builder 2010 - // - // - virtual bool operator==(const Ice::LocalObject& rhs) const - { - return EndpointI::operator==(rhs); - } - - virtual bool operator<(const Ice::LocalObject& rhs) const - { - return EndpointI::operator<(rhs); - } -#endif + virtual bool operator==(const LocalObject&) const; + virtual bool operator<(const LocalObject&) const; private: + virtual ::Ice::Int hashInit() const; virtual std::vector<ConnectorPtr> connectors(const std::vector<struct sockaddr_storage>&) const; -#if defined(__SUNPRO_CC) - // - // COMPILERFIX: prevent the compiler from emitting a warning about - // hidding these operators. - // - using LocalObject::operator==; - using LocalObject::operator<; -#endif - // // All members are const, because endpoints are immutable. // diff --git a/cpp/src/Ice/UdpTransceiver.cpp b/cpp/src/Ice/UdpTransceiver.cpp index fbf00a1048a..a2cdded6f8a 100644 --- a/cpp/src/Ice/UdpTransceiver.cpp +++ b/cpp/src/Ice/UdpTransceiver.cpp @@ -456,7 +456,7 @@ Ice::ConnectionInfoPtr IceInternal::UdpTransceiver::getInfo() const { assert(_fd != INVALID_SOCKET); - Ice::UdpConnectionInfoPtr info = new Ice::UdpConnectionInfo(); + Ice::UDPConnectionInfoPtr info = new Ice::UDPConnectionInfo(); fdToAddressAndPort(_fd, info->localAddress, info->localPort, info->remoteAddress, info->remotePort); addrToAddressAndPort(_mcastAddr, info->mcastAddress, info->mcastPort); return info; diff --git a/cpp/src/IceGrid/RegistryI.cpp b/cpp/src/IceGrid/RegistryI.cpp index d3caad319de..b1c91aee0b5 100644 --- a/cpp/src/IceGrid/RegistryI.cpp +++ b/cpp/src/IceGrid/RegistryI.cpp @@ -1239,7 +1239,7 @@ RegistryI::getSSLInfo(const ConnectionPtr& connection, string& userDN) Glacier2::SSLInfo sslinfo; try { - IceSSL::SSLConnectionInfoPtr info = IceSSL::SSLConnectionInfoPtr::dynamicCast(connection->getInfo()); + IceSSL::ConnectionInfoPtr info = IceSSL::ConnectionInfoPtr::dynamicCast(connection->getInfo()); if(!info) { PermissionDeniedException exc; diff --git a/cpp/src/IceSSL/EndpointI.cpp b/cpp/src/IceSSL/EndpointI.cpp index c21db89353c..78c76c10b79 100644 --- a/cpp/src/IceSSL/EndpointI.cpp +++ b/cpp/src/IceSSL/EndpointI.cpp @@ -16,6 +16,7 @@ #include <Ice/BasicStream.h> #include <Ice/LocalException.h> #include <Ice/DefaultsAndOverrides.h> +#include <Ice/HashUtil.h> using namespace std; using namespace Ice; @@ -229,12 +230,12 @@ IceSSL::EndpointI::toString() const Ice::EndpointInfoPtr IceSSL::EndpointI::getInfo() const { - class InfoI : public IceSSL::SSLEndpointInfo + class InfoI : public IceSSL::EndpointInfo { public: InfoI(Ice::Int to, bool comp, const string& host, Ice::Int port) : - SSLEndpointInfo(to, comp, host, port) + EndpointInfo(to, comp, host, port) { } @@ -387,7 +388,7 @@ IceSSL::EndpointI::equivalent(const IceInternal::EndpointIPtr& endpoint) const } bool -IceSSL::EndpointI::operator==(const IceInternal::EndpointI& r) const +IceSSL::EndpointI::operator==(const Ice::LocalObject& r) const { const EndpointI* p = dynamic_cast<const EndpointI*>(&r); if(!p) @@ -429,18 +430,17 @@ IceSSL::EndpointI::operator==(const IceInternal::EndpointI& r) const } bool -IceSSL::EndpointI::operator!=(const IceInternal::EndpointI& r) const -{ - return !operator==(r); -} - -bool -IceSSL::EndpointI::operator<(const IceInternal::EndpointI& r) const +IceSSL::EndpointI::operator<(const Ice::LocalObject& r) const { const EndpointI* p = dynamic_cast<const EndpointI*>(&r); if(!p) { - return type() < r.type(); + const IceInternal::EndpointI* e = dynamic_cast<const IceInternal::EndpointI*>(&r); + if(!e) + { + return false; + } + return type() < e->type(); } if(this == p) @@ -496,6 +496,18 @@ IceSSL::EndpointI::operator<(const IceInternal::EndpointI& r) const return false; } +Ice::Int +IceSSL::EndpointI::hashInit() const +{ + Ice::Int h = 0; + IceInternal::hashAdd(h, _host); + IceInternal::hashAdd(h, _port); + IceInternal::hashAdd(h, _timeout); + IceInternal::hashAdd(h, _connectionId); + IceInternal::hashAdd(h, _compress); + return h; +} + vector<IceInternal::ConnectorPtr> IceSSL::EndpointI::connectors(const vector<struct sockaddr_storage>& addresses) const { diff --git a/cpp/src/IceSSL/EndpointI.h b/cpp/src/IceSSL/EndpointI.h index 61f1751d48c..804c9a59d81 100644 --- a/cpp/src/IceSSL/EndpointI.h +++ b/cpp/src/IceSSL/EndpointI.h @@ -18,8 +18,6 @@ namespace IceSSL { -const Ice::Short EndpointType = 2; - class EndpointI : public IceInternal::EndpointI { public: @@ -46,38 +44,13 @@ public: virtual std::vector<IceInternal::EndpointIPtr> expand() const; virtual bool equivalent(const IceInternal::EndpointIPtr&) const; - virtual bool operator==(const IceInternal::EndpointI&) const; - virtual bool operator!=(const IceInternal::EndpointI&) const; - virtual bool operator<(const IceInternal::EndpointI&) const; - -#if defined(__BCPLUSPLUS__) - // - // COMPILERFIX: Avoid warnings about hiding members for C++Builder 2010 - // - // - virtual bool operator==(const Ice::LocalObject& rhs) const - { - return Ice::LocalObject::operator==(rhs); - } - - virtual bool operator<(const Ice::LocalObject& rhs) const - { - return Ice::LocalObject::operator<(rhs); - } -#endif + virtual bool operator==(const LocalObject&) const; + virtual bool operator<(const LocalObject&) const; private: - virtual std::vector<IceInternal::ConnectorPtr> connectors(const std::vector<struct sockaddr_storage>&) const; - -#if defined(__SUNPRO_CC) - // - // COMPILERFIX: prevent the compiler from emitting a warning about - // hidding these operators. - // - using LocalObject::operator==; - using LocalObject::operator<; -#endif + virtual ::Ice::Int hashInit() const; + virtual std::vector<IceInternal::ConnectorPtr> connectors(const std::vector<struct sockaddr_storage>&) const; // // All members are const, because endpoints are immutable. diff --git a/cpp/src/IceSSL/Instance.cpp b/cpp/src/IceSSL/Instance.cpp index 03bb4010062..66f148da791 100644 --- a/cpp/src/IceSSL/Instance.cpp +++ b/cpp/src/IceSSL/Instance.cpp @@ -783,7 +783,7 @@ IceSSL::Instance::securityTraceCategory() const } void -IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const string& adapterName, bool incoming) +IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const NativeConnectionInfoPtr& info) { long result = SSL_get_verify_result(ssl); if(result != X509_V_OK) @@ -935,13 +935,11 @@ IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const s } } - ConnectionInfo info = populateConnectionInfo(ssl, fd, adapterName, incoming); - - if(_verifyDepthMax > 0 && static_cast<int>(info.certs.size()) > _verifyDepthMax) + if(_verifyDepthMax > 0 && static_cast<int>(info->certs.size()) > _verifyDepthMax) { ostringstream ostr; - ostr << (incoming ? "incoming" : "outgoing") << " connection rejected:\n" - << "length of peer's certificate chain (" << info.certs.size() << ") exceeds maximum of " + ostr << (info->incoming ? "incoming" : "outgoing") << " connection rejected:\n" + << "length of peer's certificate chain (" << info->certs.size() << ") exceeds maximum of " << _verifyDepthMax; string msg = ostr.str(); if(_securityTraceLevel >= 1) @@ -955,7 +953,7 @@ IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const s if(!_trustManager->verify(info)) { - string msg = string(incoming ? "incoming" : "outgoing") + " connection rejected by trust manager"; + string msg = string(info->incoming ? "incoming" : "outgoing") + " connection rejected by trust manager"; if(_securityTraceLevel >= 1) { _logger->trace(_securityTraceCategory, msg + "\n" + IceInternal::fdToString(fd)); @@ -967,7 +965,7 @@ IceSSL::Instance::verifyPeer(SSL* ssl, SOCKET fd, const string& address, const s if(_verifier && !_verifier->verify(info)) { - string msg = string(incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier"; + string msg = string(info->incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier"; if(_securityTraceLevel >= 1) { _logger->trace(_securityTraceCategory, msg + "\n" + IceInternal::fdToString(fd)); diff --git a/cpp/src/IceSSL/Instance.h b/cpp/src/IceSSL/Instance.h index b459972007e..dee4a216969 100644 --- a/cpp/src/IceSSL/Instance.h +++ b/cpp/src/IceSSL/Instance.h @@ -45,7 +45,7 @@ public: int securityTraceLevel() const; std::string securityTraceCategory() const; - void verifyPeer(SSL*, SOCKET, const std::string&, const std::string&, bool); + void verifyPeer(SSL*, SOCKET, const std::string&, const NativeConnectionInfoPtr&); std::string sslErrors() const; diff --git a/cpp/src/IceSSL/PluginI.cpp b/cpp/src/IceSSL/PluginI.cpp index 67bf827d37e..414d205c37e 100644 --- a/cpp/src/IceSSL/PluginI.cpp +++ b/cpp/src/IceSSL/PluginI.cpp @@ -12,7 +12,6 @@ #include <IceSSL/TransceiverI.h> #include <Ice/LocalException.h> -#include <Ice/ConnectionI.h> // For implementation of getConnectionInfo. using namespace std; using namespace Ice; @@ -77,71 +76,3 @@ IceSSL::PluginI::setPasswordPrompt(const PasswordPromptPtr& prompt) { _instance->setPasswordPrompt(prompt); } - -const char* IceSSL::ConnectionInvalidException::_name = "IceSSL::ConnectionInvalidException"; - -ConnectionInvalidException::ConnectionInvalidException(const char* file, int line, const string& r) : - Exception(file, line), - reason(r) -{ -} - -ConnectionInvalidException::~ConnectionInvalidException() throw() -{ -} - -string -ConnectionInvalidException::ice_name() const -{ - return _name; -} - -Exception* -ConnectionInvalidException::ice_clone() const -{ - return new ConnectionInvalidException(*this); -} - -void -ConnectionInvalidException::ice_throw() const -{ - throw *this; -} - -IceSSL::ConnectionInfo -IceSSL::getConnectionInfo(const ConnectionPtr& connection) -{ - Ice::ConnectionIPtr con = Ice::ConnectionIPtr::dynamicCast(connection); - assert(con); - - // - // Lock the connection directly. This is done because the only - // thing that prevents the transceiver from being closed during - // the duration of the invocation is the connection. - // - IceUtil::Monitor<IceUtil::Mutex>::Lock sync(*con.get()); - IceInternal::TransceiverPtr transceiver = con->getTransceiver(); - if(!transceiver) - { - throw ConnectionInvalidException(__FILE__, __LINE__, "connection closed"); - } - - TransceiverIPtr ssltransceiver = TransceiverIPtr::dynamicCast(con->getTransceiver()); - if(!ssltransceiver) - { - throw ConnectionInvalidException(__FILE__, __LINE__, "not ssl connection"); - } - - try - { - return ssltransceiver->getConnectionInfo(); - } - catch(const Ice::LocalException& ex) - { - ostringstream os; - os << "couldn't get connection information:\n" << ex << endl; - throw ConnectionInvalidException(__FILE__, __LINE__, os.str()); - } - - return ConnectionInfo(); // Required to prevent compiler warning on Solaris. -} diff --git a/cpp/src/IceSSL/TransceiverI.cpp b/cpp/src/IceSSL/TransceiverI.cpp index 28f59e93756..38406abf16d 100644 --- a/cpp/src/IceSSL/TransceiverI.cpp +++ b/cpp/src/IceSSL/TransceiverI.cpp @@ -234,7 +234,7 @@ IceSSL::TransceiverI::initialize() } } - _instance->verifyPeer(_ssl, _fd, _host, _adapterName, _incoming); + _instance->verifyPeer(_ssl, _fd, _host, getNativeConnectionInfo()); _state = StateHandshakeComplete; } catch(const Ice::LocalException& ex) @@ -781,45 +781,7 @@ IceSSL::TransceiverI::toString() const Ice::ConnectionInfoPtr IceSSL::TransceiverI::getInfo() const { - assert(_fd != INVALID_SOCKET && _ssl != 0); - - SSLConnectionInfoPtr info = new SSLConnectionInfo(); - IceInternal::fdToAddressAndPort(_fd, info->localAddress, info->localPort, info->remoteAddress, info->remotePort); - - // - // On the client side, SSL_get_peer_cert_chain returns the entire chain of certs. - // On the server side, the peer certificate must be obtained separately. - // - // Since we have no clear idea whether the connection is server or client side, - // the peer certificate is obtained separately and compared against the first - // certificate in the chain. If they are not the same, it is added to the chain. - // - X509* cert = SSL_get_peer_certificate(_ssl); - STACK_OF(X509)* chain = SSL_get_peer_cert_chain(_ssl); - if(cert != 0 && (chain == 0 || sk_X509_num(chain) == 0 || cert != sk_X509_value(chain, 0))) - { - CertificatePtr certificate = new Certificate(cert); - info->certs.push_back(certificate->encode()); - } - else - { - X509_free(cert); - } - - if(chain != 0) - { - for(int i = 0; i < sk_X509_num(chain); ++i) - { - // - // Duplicate the certificate since the stack comes straight from the SSL connection. - // - CertificatePtr certificate = new Certificate(X509_dup(sk_X509_value(chain, i))); - info->certs.push_back(certificate->encode()); - } - } - - info->cipher = SSL_get_cipher_name(_ssl); // Nothing needs to be free'd. - return info; + return getNativeConnectionInfo(); } void @@ -831,16 +793,6 @@ IceSSL::TransceiverI::checkSendSize(const IceInternal::Buffer& buf, size_t messa } } -IceSSL::ConnectionInfo -IceSSL::TransceiverI::getConnectionInfo() const -{ - // - // This can only be called on an open transceiver. - // - assert(_fd != INVALID_SOCKET); - return populateConnectionInfo(_ssl, _fd, _adapterName, _incoming); -} - IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance, SOCKET fd, const string& host, const struct sockaddr_storage& addr) : IceInternal::NativeInfo(fd), @@ -903,6 +855,53 @@ IceSSL::TransceiverI::~TransceiverI() assert(_fd == INVALID_SOCKET); } +NativeConnectionInfoPtr +IceSSL::TransceiverI::getNativeConnectionInfo() const +{ + assert(_fd != INVALID_SOCKET && _ssl != 0); + + NativeConnectionInfoPtr info = new NativeConnectionInfo(); + IceInternal::fdToAddressAndPort(_fd, info->localAddress, info->localPort, info->remoteAddress, info->remotePort); + + // + // On the client side, SSL_get_peer_cert_chain returns the entire chain of certs. + // On the server side, the peer certificate must be obtained separately. + // + // Since we have no clear idea whether the connection is server or client side, + // the peer certificate is obtained separately and compared against the first + // certificate in the chain. If they are not the same, it is added to the chain. + // + X509* cert = SSL_get_peer_certificate(_ssl); + STACK_OF(X509)* chain = SSL_get_peer_cert_chain(_ssl); + if(cert != 0 && (chain == 0 || sk_X509_num(chain) == 0 || cert != sk_X509_value(chain, 0))) + { + CertificatePtr certificate = new Certificate(cert); + info->nativeCerts.push_back(certificate); + info->certs.push_back(certificate->encode()); + } + else + { + X509_free(cert); + } + + if(chain != 0) + { + for(int i = 0; i < sk_X509_num(chain); ++i) + { + // + // Duplicate the certificate since the stack comes straight from the SSL connection. + // + CertificatePtr certificate = new Certificate(X509_dup(sk_X509_value(chain, i))); + info->nativeCerts.push_back(certificate); + info->certs.push_back(certificate->encode()); + } + } + + info->cipher = SSL_get_cipher_name(_ssl); // Nothing needs to be free'd. + info->adapterName = _adapterName; + info->incoming = _incoming; + return info; +} #ifdef ICE_USE_IOCP bool IceSSL::TransceiverI::receive() diff --git a/cpp/src/IceSSL/TransceiverI.h b/cpp/src/IceSSL/TransceiverI.h index f852d7df7c6..461221523ac 100644 --- a/cpp/src/IceSSL/TransceiverI.h +++ b/cpp/src/IceSSL/TransceiverI.h @@ -58,13 +58,13 @@ public: virtual Ice::ConnectionInfoPtr getInfo() const; virtual void checkSendSize(const IceInternal::Buffer&, size_t); - ConnectionInfo getConnectionInfo() const; - private: TransceiverI(const InstancePtr&, SOCKET, const std::string&, const struct sockaddr_storage&); TransceiverI(const InstancePtr&, SOCKET, const std::string&); virtual ~TransceiverI(); + + virtual NativeConnectionInfoPtr getNativeConnectionInfo() const; #ifdef ICE_USE_IOCP bool send(); diff --git a/cpp/src/IceSSL/TrustManager.cpp b/cpp/src/IceSSL/TrustManager.cpp index cc36d651ddc..31f8709b9b7 100644 --- a/cpp/src/IceSSL/TrustManager.cpp +++ b/cpp/src/IceSSL/TrustManager.cpp @@ -62,7 +62,7 @@ TrustManager::TrustManager(const Ice::CommunicatorPtr& communicator) : } bool -TrustManager::verify(const ConnectionInfo& info) +TrustManager::verify(const NativeConnectionInfoPtr& info) { list<list<DistinguishedName> > reject, accept; @@ -70,15 +70,15 @@ TrustManager::verify(const ConnectionInfo& info) { reject.push_back(_rejectAll); } - if(info.incoming) + if(info->incoming) { if(_rejectAllServer.size() > 0) { reject.push_back(_rejectAllServer); } - if(info.adapterName.size() > 0) + if(info->adapterName.size() > 0) { - map<string, list<DistinguishedName> >::const_iterator p = _rejectServer.find(info.adapterName); + map<string, list<DistinguishedName> >::const_iterator p = _rejectServer.find(info->adapterName); if(p != _rejectServer.end()) { reject.push_back(p->second); @@ -97,15 +97,15 @@ TrustManager::verify(const ConnectionInfo& info) { accept.push_back(_acceptAll); } - if(info.incoming) + if(info->incoming) { if(_acceptAllServer.size() > 0) { accept.push_back(_acceptAllServer); } - if(info.adapterName.size() > 0) + if(info->adapterName.size() > 0) { - map<string, list<DistinguishedName> >::const_iterator p = _acceptServer.find(info.adapterName); + map<string, list<DistinguishedName> >::const_iterator p = _acceptServer.find(info->adapterName); if(p != _acceptServer.end()) { accept.push_back(p->second); @@ -131,50 +131,26 @@ TrustManager::verify(const ConnectionInfo& info) // // If there is no certificate then we match false. // - if(info.certs.size() != 0) + if(info->nativeCerts.size() != 0) { - DistinguishedName subject = info.certs[0]->getSubjectDN(); + DistinguishedName subject = info->nativeCerts[0]->getSubjectDN(); if(_traceLevel > 0) { Ice::Trace trace(_communicator->getLogger(), "Security"); - if(info.incoming) + if(info->incoming) { trace << "trust manager evaluating client:\n" << "subject = " << string(subject) << '\n' - << "adapter = " << info.adapterName << '\n' - << "local addr = " << IceInternal::addrToString(info.localAddr) << '\n' - << "remote addr = "; - if(info.remoteAddr.ss_family == AF_UNSPEC) - { - // - // The remote address may not be available when using Windows XP Service Pack 2 - // and IPv6 (see populateConnectionInfo). - // - trace << "<not available>"; - } - else - { - trace << IceInternal::addrToString(info.remoteAddr); - } + << "adapter = " << info->adapterName << '\n' + << "local addr = " << info->localAddress << ":" << info->localPort << '\n' + << "remote addr = " << info->remoteAddress << ":" << info->remotePort; } else { trace << "trust manager evaluating server:\n" << "subject = " << string(subject) << '\n' - << "local addr = " << IceInternal::addrToString(info.localAddr) << '\n' - << "remote addr = "; - if(info.remoteAddr.ss_family == AF_UNSPEC) - { - // - // The remote address may not be available when using Windows XP Service Pack 2 - // and IPv6 (see populateConnectionInfo). - // - trace << "<not available>"; - } - else - { - trace << IceInternal::addrToString(info.remoteAddr); - } + << "local addr = " << info->localAddress << ":" << info->localPort << '\n' + << "remote addr = " << info->remoteAddress << ":" << info->remotePort; } } diff --git a/cpp/src/IceSSL/TrustManager.h b/cpp/src/IceSSL/TrustManager.h index 1e8eb09db2d..2adf4a5a972 100644 --- a/cpp/src/IceSSL/TrustManager.h +++ b/cpp/src/IceSSL/TrustManager.h @@ -25,7 +25,7 @@ public: TrustManager(const Ice::CommunicatorPtr&); - bool verify(const ConnectionInfo&); + bool verify(const NativeConnectionInfoPtr&); private: diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/Util.cpp index e472d1f2e4e..54b9b9c3ebd 100644 --- a/cpp/src/IceSSL/Util.cpp +++ b/cpp/src/IceSSL/Util.cpp @@ -317,74 +317,6 @@ IceSSL::checkPath(string& path, const string& defaultDir, bool dir) return false; } -IceSSL::ConnectionInfo -IceSSL::populateConnectionInfo(SSL* ssl, SOCKET fd, const string& adapterName, bool incoming) -{ - ConnectionInfo info; - info.adapterName = adapterName; - info.incoming = incoming; - - assert(ssl != 0); - - // - // On the client side, SSL_get_peer_cert_chain returns the entire chain of certs. - // On the server side, the peer certificate must be obtained separately. - // - // Since we have no clear idea whether the connection is server or client side, - // the peer certificate is obtained separately and compared against the first - // certificate in the chain. If they are not the same, it is added to the chain. - // - X509* cert = SSL_get_peer_certificate(ssl); - STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl); - if(cert != 0 && (chain == 0 || sk_X509_num(chain) == 0 || cert != sk_X509_value(chain, 0))) - { - info.certs.push_back(new Certificate(cert)); - } - else - { - X509_free(cert); - } - - if(chain != 0) - { - for(int i = 0; i < sk_X509_num(chain); ++i) - { - X509* cert = sk_X509_value(chain, i); - // - // Duplicate the certificate since the stack comes straight from the SSL connection. - // - info.certs.push_back(new Certificate(X509_dup(cert))); - } - } - - info.cipher = SSL_get_cipher_name(ssl); // Nothing needs to be free'd. - - IceInternal::fdToLocalAddress(fd, info.localAddr); - - if(!IceInternal::fdToRemoteAddress(fd, info.remoteAddr)) - { -#ifdef _WIN32 - // - // A bug exists in Windows XP Service Pack 2 that causes getpeername to return a - // "socket not connected" error when using IPv6. See the following bug report: - // - // https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=338445 - // - // As a workaround, we do not raise a socket exception, but instead return a - // "null" value for the remote address. - // - memset(&info.remoteAddr, 0, sizeof(info.remoteAddr)); - info.remoteAddr.ss_family = AF_UNSPEC; -#else - SocketException ex(__FILE__, __LINE__); - ex.error = IceInternal::getSocketErrno(); - throw ex; -#endif - } - - return info; -} - string IceSSL::getSslErrors(bool verbose) { diff --git a/cpp/src/IceSSL/Util.h b/cpp/src/IceSSL/Util.h index 7696f6de547..a3f2cef105b 100644 --- a/cpp/src/IceSSL/Util.h +++ b/cpp/src/IceSSL/Util.h @@ -53,11 +53,6 @@ private: bool checkPath(std::string&, const std::string&, bool); // -// Create a ConnectionInfo value. -// -ConnectionInfo populateConnectionInfo(SSL*, SOCKET, const std::string&, bool); - -// // Accumulate the OpenSSL error stack into a string. // std::string getSslErrors(bool); |