diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2015-04-28 19:27:04 +0200 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2015-04-28 19:27:04 +0200 |
| commit | e6e102cc642e78cf9da55645c82f5bfe6eacb76d (patch) | |
| tree | ab5861ee9ad2a909fa0dc8f25b1b12e0dd1d6527 /cpp/src | |
| parent | Fixed ICE-6443 and other SSL fixes (diff) | |
| download | ice-e6e102cc642e78cf9da55645c82f5bfe6eacb76d.tar.bz2 ice-e6e102cc642e78cf9da55645c82f5bfe6eacb76d.tar.xz ice-e6e102cc642e78cf9da55645c82f5bfe6eacb76d.zip | |
Fixed previous commit which was incomplete
Diffstat (limited to 'cpp/src')
28 files changed, 360 insertions, 353 deletions
diff --git a/cpp/src/Ice/EndpointI.h b/cpp/src/Ice/EndpointI.h index 8c9eb5fa055..df41372bd82 100644 --- a/cpp/src/Ice/EndpointI.h +++ b/cpp/src/Ice/EndpointI.h @@ -160,6 +160,38 @@ inline bool operator<(const EndpointI& l, const EndpointI& r) return static_cast<const ::Ice::LocalObject&>(l) < static_cast<const ::Ice::LocalObject&>(r); } +template<typename T> class InfoI : public T +{ +public: + + InfoI(const EndpointIPtr& endpoint) : _endpoint(endpoint) + { + } + + virtual Ice::Short + type() const + { + return _endpoint->type(); + } + + virtual bool + datagram() const + { + return _endpoint->datagram(); + } + + virtual bool + secure() const + { + return _endpoint->secure(); + } + +private: + + const EndpointIPtr _endpoint; +}; + + } #endif diff --git a/cpp/src/Ice/OpaqueEndpointI.cpp b/cpp/src/Ice/OpaqueEndpointI.cpp index e2f478c7231..c061eb0acfa 100644 --- a/cpp/src/Ice/OpaqueEndpointI.cpp +++ b/cpp/src/Ice/OpaqueEndpointI.cpp @@ -56,11 +56,11 @@ IceInternal::OpaqueEndpointI::OpaqueEndpointI(Short type, BasicStream* s) : _typ namespace { -class InfoI : public Ice::OpaqueEndpointInfo +class OpaqueEndpointInfoI : public Ice::OpaqueEndpointInfo { public: - InfoI(Ice::Short type, const Ice::EncodingVersion& rawEncoding, const Ice::ByteSeq& rawByes); + OpaqueEndpointInfoI(Ice::Short type, const Ice::EncodingVersion& rawEncoding, const Ice::ByteSeq& rawByes); virtual Ice::Short type() const @@ -89,7 +89,8 @@ private: // // COMPILERFIX: inlining this constructor causes crashes with gcc 4.0.1. // -InfoI::InfoI(Ice::Short type, const Ice::EncodingVersion& rawEncoding, const Ice::ByteSeq& rawBytes) : +OpaqueEndpointInfoI::OpaqueEndpointInfoI(Ice::Short type, const Ice::EncodingVersion& rawEncoding, + const Ice::ByteSeq& rawBytes) : Ice::OpaqueEndpointInfo(-1, false, rawEncoding, rawBytes), _type(type) { @@ -106,7 +107,7 @@ IceInternal::OpaqueEndpointI::streamWrite(BasicStream* s) const Ice::EndpointInfoPtr IceInternal::OpaqueEndpointI::getInfo() const { - return new InfoI(_type, _rawEncoding, _rawBytes); + return new OpaqueEndpointInfoI(_type, _rawEncoding, _rawBytes); } Short diff --git a/cpp/src/Ice/PropertyNames.cpp b/cpp/src/Ice/PropertyNames.cpp index 95cf61169a8..11b035d47df 100644 --- a/cpp/src/Ice/PropertyNames.cpp +++ b/cpp/src/Ice/PropertyNames.cpp @@ -6,7 +6,7 @@ // ICE_LICENSE file included in this distribution. // // ********************************************************************** -// Generated by makeprops.py from file ./config/PropertyNames.xml, Thu Mar 19 17:54:51 2015 +// Generated by makeprops.py from file ./config/PropertyNames.xml, Tue Apr 28 17:34:50 2015 // IMPORTANT: Do not edit this file -- any edits made here will be lost! @@ -998,8 +998,9 @@ const IceInternal::PropertyArray const IceInternal::Property IceSSLPropsData[] = { IceInternal::Property("IceSSL.Alias", false, 0), - IceInternal::Property("IceSSL.CertAuthDir", false, 0), - IceInternal::Property("IceSSL.CertAuthFile", false, 0), + IceInternal::Property("IceSSL.CAs", false, 0), + IceInternal::Property("IceSSL.CertAuthDir", true, 0), + IceInternal::Property("IceSSL.CertAuthFile", true, 0), IceInternal::Property("IceSSL.CertStore", false, 0), IceInternal::Property("IceSSL.CertFile", false, 0), IceInternal::Property("IceSSL.CertVerifier", false, 0), @@ -1011,10 +1012,10 @@ const IceInternal::Property IceSSLPropsData[] = IceInternal::Property("IceSSL.DHParams", false, 0), IceInternal::Property("IceSSL.EntropyDaemon", false, 0), IceInternal::Property("IceSSL.FindCert", false, 0), - IceInternal::Property("IceSSL.FindCert.*", false, 0), + IceInternal::Property("IceSSL.FindCert.*", true, 0), IceInternal::Property("IceSSL.ImportCert.*", true, 0), IceInternal::Property("IceSSL.InitOpenSSL", false, 0), - IceInternal::Property("IceSSL.KeyFile", false, 0), + IceInternal::Property("IceSSL.KeyFile", true, 0), IceInternal::Property("IceSSL.KeySet", false, 0), IceInternal::Property("IceSSL.Keychain", false, 0), IceInternal::Property("IceSSL.KeychainPassword", false, 0), @@ -1037,6 +1038,7 @@ const IceInternal::Property IceSSLPropsData[] = IceInternal::Property("IceSSL.Truststore", false, 0), IceInternal::Property("IceSSL.TruststorePassword", false, 0), IceInternal::Property("IceSSL.TruststoreType", false, 0), + IceInternal::Property("IceSSL.UsePlatformCAs", false, 0), IceInternal::Property("IceSSL.VerifyDepthMax", false, 0), IceInternal::Property("IceSSL.VerifyPeer", false, 0), }; diff --git a/cpp/src/Ice/PropertyNames.h b/cpp/src/Ice/PropertyNames.h index 28b47265af6..cf92a38d43f 100644 --- a/cpp/src/Ice/PropertyNames.h +++ b/cpp/src/Ice/PropertyNames.h @@ -6,7 +6,7 @@ // ICE_LICENSE file included in this distribution. // // ********************************************************************** -// Generated by makeprops.py from file ./config/PropertyNames.xml, Thu Mar 19 17:54:51 2015 +// Generated by makeprops.py from file ./config/PropertyNames.xml, Tue Apr 28 17:34:50 2015 // IMPORTANT: Do not edit this file -- any edits made here will be lost! diff --git a/cpp/src/Ice/TcpEndpointI.cpp b/cpp/src/Ice/TcpEndpointI.cpp index 606a442e94a..5e744c394bb 100644 --- a/cpp/src/Ice/TcpEndpointI.cpp +++ b/cpp/src/Ice/TcpEndpointI.cpp @@ -62,39 +62,17 @@ IceInternal::TcpEndpointI::TcpEndpointI(const ProtocolInstancePtr& instance, Bas EndpointInfoPtr IceInternal::TcpEndpointI::getInfo() const { - class InfoI : public Ice::TCPEndpointInfo - { - public: - - InfoI(const EndpointIPtr& endpoint) : _endpoint(endpoint) - { - } - - virtual Ice::Short - type() const - { - return _endpoint->type(); - } - - virtual bool - datagram() const - { - return _endpoint->datagram(); - } - - virtual bool - secure() const - { - return _endpoint->secure(); - } - - private: - - const EndpointIPtr _endpoint; - }; + TCPEndpointInfoPtr info = new InfoI<Ice::TCPEndpointInfo>(const_cast<TcpEndpointI*>(this)); + fillEndpointInfo(info.get()); + return info; +} - TCPEndpointInfoPtr info = new InfoI(const_cast<TcpEndpointI*>(this)); +EndpointInfoPtr +IceInternal::TcpEndpointI::getWSInfo(const string& resource) const +{ + WSEndpointInfoPtr info = new InfoI<Ice::WSEndpointInfo>(const_cast<TcpEndpointI*>(this)); fillEndpointInfo(info.get()); + info->resource = resource; return info; } diff --git a/cpp/src/Ice/TcpEndpointI.h b/cpp/src/Ice/TcpEndpointI.h index 2525d940168..d29498fc181 100644 --- a/cpp/src/Ice/TcpEndpointI.h +++ b/cpp/src/Ice/TcpEndpointI.h @@ -14,11 +14,12 @@ #include <Ice/IPEndpointI.h> #include <Ice/EndpointFactory.h> #include <Ice/Network.h> // for IceIternal::Address +#include <Ice/WSEndpoint.h> namespace IceInternal { -class TcpEndpointI : public IPEndpointI +class TcpEndpointI : public IPEndpointI, public WSEndpointDelegate { public: @@ -28,6 +29,7 @@ public: TcpEndpointI(const ProtocolInstancePtr&, BasicStream*); virtual Ice::EndpointInfoPtr getInfo() const; + virtual Ice::EndpointInfoPtr getWSInfo(const std::string&) const; virtual Ice::Int timeout() const; virtual EndpointIPtr timeout(Ice::Int) const; diff --git a/cpp/src/Ice/TcpTransceiver.cpp b/cpp/src/Ice/TcpTransceiver.cpp index ee022c639e9..4fa6d0bce2d 100644 --- a/cpp/src/Ice/TcpTransceiver.cpp +++ b/cpp/src/Ice/TcpTransceiver.cpp @@ -105,13 +105,17 @@ IceInternal::TcpTransceiver::toDetailedString() const Ice::ConnectionInfoPtr IceInternal::TcpTransceiver::getInfo() const { - Ice::TCPConnectionInfoPtr info = new Ice::TCPConnectionInfo(); - fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress, info->remotePort); - if(_stream->fd() != INVALID_SOCKET) - { - info->rcvSize = getRecvBufferSize(_stream->fd()); - info->sndSize = getSendBufferSize(_stream->fd()); - } + TCPConnectionInfoPtr info = new TCPConnectionInfo(); + fillConnectionInfo(info); + return info; +} + +Ice::ConnectionInfoPtr +IceInternal::TcpTransceiver::getWSInfo(const Ice::HeaderDict& headers) const +{ + WSConnectionInfoPtr info = new WSConnectionInfo(); + fillConnectionInfo(info); + info->headers = headers; return info; } @@ -136,3 +140,13 @@ IceInternal::TcpTransceiver::~TcpTransceiver() { } +void +IceInternal::TcpTransceiver::fillConnectionInfo(const TCPConnectionInfoPtr& info) const +{ + fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress, info->remotePort); + if(_stream->fd() != INVALID_SOCKET) + { + info->rcvSize = getRecvBufferSize(_stream->fd()); + info->sndSize = getSendBufferSize(_stream->fd()); + } +} diff --git a/cpp/src/Ice/TcpTransceiver.h b/cpp/src/Ice/TcpTransceiver.h index ee6c57214d9..16845238ae4 100644 --- a/cpp/src/Ice/TcpTransceiver.h +++ b/cpp/src/Ice/TcpTransceiver.h @@ -14,6 +14,7 @@ #include <Ice/Transceiver.h> #include <Ice/Network.h> #include <Ice/StreamSocket.h> +#include <Ice/WSTransceiver.h> namespace IceInternal { @@ -21,7 +22,7 @@ namespace IceInternal class TcpConnector; class TcpAcceptor; -class TcpTransceiver : public Transceiver +class TcpTransceiver : public Transceiver, public WSTransceiverDelegate { public: @@ -42,6 +43,7 @@ public: virtual std::string toString() const; virtual std::string toDetailedString() const; virtual Ice::ConnectionInfoPtr getInfo() const; + virtual Ice::ConnectionInfoPtr getWSInfo(const Ice::HeaderDict&) const; virtual void checkSendSize(const Buffer&); virtual void setBufferSize(int rcvSize, int sndSize); @@ -50,6 +52,8 @@ private: TcpTransceiver(const ProtocolInstancePtr&, const StreamSocketPtr&); virtual ~TcpTransceiver(); + void fillConnectionInfo(const Ice::TCPConnectionInfoPtr&) const; + friend class TcpConnector; friend class TcpAcceptor; diff --git a/cpp/src/Ice/UdpEndpointI.cpp b/cpp/src/Ice/UdpEndpointI.cpp index 6b0584fb2ba..019ff02a368 100644 --- a/cpp/src/Ice/UdpEndpointI.cpp +++ b/cpp/src/Ice/UdpEndpointI.cpp @@ -76,38 +76,7 @@ IceInternal::UdpEndpointI::UdpEndpointI(const ProtocolInstancePtr& instance, Bas EndpointInfoPtr IceInternal::UdpEndpointI::getInfo() const { - class InfoI : public Ice::UDPEndpointInfo - { - public: - - InfoI(const EndpointIPtr& endpoint) : _endpoint(endpoint) - { - } - - virtual Ice::Short - type() const - { - return _endpoint->type(); - } - - virtual bool - datagram() const - { - return _endpoint->datagram(); - } - - virtual bool - secure() const - { - return _endpoint->secure(); - } - - private: - - const EndpointIPtr _endpoint; - }; - - Ice::UDPEndpointInfoPtr info = new InfoI(const_cast<UdpEndpointI*>(this)); + Ice::UDPEndpointInfoPtr info = new InfoI<Ice::UDPEndpointInfo>(const_cast<UdpEndpointI*>(this)); fillEndpointInfo(info.get()); return info; } diff --git a/cpp/src/Ice/WSEndpoint.cpp b/cpp/src/Ice/WSEndpoint.cpp index 54acdef77c4..d23b952b6b5 100644 --- a/cpp/src/Ice/WSEndpoint.cpp +++ b/cpp/src/Ice/WSEndpoint.cpp @@ -47,41 +47,8 @@ IceInternal::WSEndpoint::WSEndpoint(const ProtocolInstancePtr& instance, const E Ice::EndpointInfoPtr IceInternal::WSEndpoint::getInfo() const { - class InfoI : public WSEndpointInfo - { - public: - - InfoI(const EndpointIPtr& e) : _endpoint(e) - { - } - - virtual Short - type() const - { - return _endpoint->type(); - } - - virtual bool - datagram() const - { - return _endpoint->datagram(); - } - - virtual bool - secure() const - { - return _endpoint->secure(); - } - - private: - - const EndpointIPtr _endpoint; - }; - - WSEndpointInfoPtr info = new InfoI(const_cast<WSEndpoint*>(this)); - _delegate->fillEndpointInfo(info.get()); - info->resource = _resource; - return info; + assert(dynamic_cast<WSEndpointDelegate*>(_delegate.get())); + return dynamic_cast<WSEndpointDelegate*>(_delegate.get())->getWSInfo(_resource); } Ice::Short diff --git a/cpp/src/Ice/WSEndpoint.h b/cpp/src/Ice/WSEndpoint.h index 255bcf6cc1b..6fb08211a84 100644 --- a/cpp/src/Ice/WSEndpoint.h +++ b/cpp/src/Ice/WSEndpoint.h @@ -20,6 +20,17 @@ namespace IceInternal { +// +// Delegate interface implemented by TcpEndpoint or IceSSL::Endpoint or any endpoint that WS can +// delegate to. +// +class ICE_API WSEndpointDelegate : virtual public IceUtil::Shared +{ +public: + + virtual Ice::EndpointInfoPtr getWSInfo(const std::string&) const = 0; +}; + class WSEndpoint : public EndpointI { public: diff --git a/cpp/src/Ice/WSTransceiver.cpp b/cpp/src/Ice/WSTransceiver.cpp index d476b52a67e..08764fbc267 100644 --- a/cpp/src/Ice/WSTransceiver.cpp +++ b/cpp/src/Ice/WSTransceiver.cpp @@ -803,17 +803,8 @@ IceInternal::WSTransceiver::toDetailedString() const Ice::ConnectionInfoPtr IceInternal::WSTransceiver::getInfo() const { - IPConnectionInfoPtr di = IPConnectionInfoPtr::dynamicCast(_delegate->getInfo()); - assert(di); - WSConnectionInfoPtr info = new WSConnectionInfo(); - info->localAddress = di->localAddress; - info->localPort = di->localPort; - info->remoteAddress = di->remoteAddress; - info->remotePort = di->remotePort; - info->rcvSize = di->rcvSize; - info->sndSize = di->sndSize; - info->headers = _parser->getHeaders(); - return info; + assert(dynamic_cast<WSTransceiverDelegate*>(_delegate.get())); + return dynamic_cast<WSTransceiverDelegate*>(_delegate.get())->getWSInfo(_parser->getHeaders()); } void diff --git a/cpp/src/Ice/WSTransceiver.h b/cpp/src/Ice/WSTransceiver.h index 2273f51a683..c3d8d760e22 100644 --- a/cpp/src/Ice/WSTransceiver.h +++ b/cpp/src/Ice/WSTransceiver.h @@ -24,6 +24,17 @@ namespace IceInternal class ConnectorI; class AcceptorI; +// +// Delegate interface implemented by TcpTransceiver or IceSSL::Transceiver or any transport that WS can +// delegate to. +// +class ICE_API WSTransceiverDelegate : virtual public IceUtil::Shared +{ +public: + + virtual Ice::ConnectionInfoPtr getWSInfo(const Ice::HeaderDict&) const = 0; +}; + class WSTransceiver : public Transceiver { public: diff --git a/cpp/src/Ice/winrt/StreamEndpointI.cpp b/cpp/src/Ice/winrt/StreamEndpointI.cpp index 60aca535bdd..bdd3dc0295d 100644 --- a/cpp/src/Ice/winrt/StreamEndpointI.cpp +++ b/cpp/src/Ice/winrt/StreamEndpointI.cpp @@ -44,43 +44,6 @@ createIceSSL(const CommunicatorPtr& com, const string&, const StringSeq&) } -namespace -{ - -template<class T> class InfoI : public T -{ -public: - - InfoI(const ProtocolInstancePtr& instance, Ice::Int to, bool comp, const string& host, Ice::Int port) : - T(to, comp, host, port, ""), _instance(instance) - { - } - - virtual Ice::Short - type() const - { - return _instance->type(); - } - - virtual bool - datagram() const - { - return false; - } - - virtual bool - secure() const - { - return _instance->secure(); - } - -private: - - ProtocolInstancePtr _instance; -}; - -} - IceUtil::Shared* IceInternal::upCast(StreamEndpointI* p) { return p; } IceInternal::StreamEndpointI::StreamEndpointI(const ProtocolInstancePtr& instance, const string& ho, Int po, Int ti, @@ -110,14 +73,37 @@ IceInternal::StreamEndpointI::StreamEndpointI(const ProtocolInstancePtr& instanc EndpointInfoPtr IceInternal::StreamEndpointI::getInfo() const { + IPEndpointInfoPtr info; + if(_instance->secure()) + { + info = new InfoI<IceSSL::EndpointInfo>(const_cast<StreamEndpointI*>(this)); + } + else + { + info = new InfoI<Ice::TCPEndpointInfo>(const_cast<StreamEndpointI*>(this)); + } + fillEndpointInfo(info.get()); + return info; +} + +EndpointInfoPtr +IceInternal::StreamEndpointI::getWSInfo(const string& resource) const +{ + IPEndpointInfoPtr info; if(_instance->secure()) { - return new InfoI<IceSSL::EndpointInfo>(_instance, _timeout, _compress, _host, _port); + IceSSL::WSSEndpointInfoPtr i = new InfoI<IceSSL::WSSEndpointInfo>(const_cast<StreamEndpointI*>(this)); + i->resource = resource; + info = i; } else { - return new InfoI<Ice::TCPEndpointInfo>(_instance, _timeout, _compress, _host, _port); + Ice::WSEndpointInfoPtr i = new InfoI<Ice::WSEndpointInfo>(const_cast<StreamEndpointI*>(this)); + i->resource = resource; + info = i; } + fillEndpointInfo(info.get()); + return info; } Int @@ -180,8 +166,7 @@ IceInternal::StreamEndpointI::datagram() const bool IceInternal::StreamEndpointI::secure() const { - return _instance->type() == IceSSL::EndpointType || - _instance->type() == WSSEndpointType; + return _instance->type() == IceSSL::EndpointType || _instance->type() == WSSEndpointType; } TransceiverPtr diff --git a/cpp/src/Ice/winrt/StreamEndpointI.h b/cpp/src/Ice/winrt/StreamEndpointI.h index 8e77b2d1397..d3f9f1bbe66 100644 --- a/cpp/src/Ice/winrt/StreamEndpointI.h +++ b/cpp/src/Ice/winrt/StreamEndpointI.h @@ -13,13 +13,14 @@ #include <IceUtil/Config.h> #include <Ice/IPEndpointI.h> #include <Ice/EndpointFactory.h> +#include <Ice/WSEndpoint.h> #include <Ice/Network.h> // for IceIternal::Address #include <Ice/winrt/StreamF.h> namespace IceInternal { -class StreamEndpointI : public IPEndpointI +class StreamEndpointI : public IPEndpointI, WSEndpointDelegate { public: @@ -28,6 +29,7 @@ public: StreamEndpointI(const ProtocolInstancePtr&, BasicStream*); virtual Ice::EndpointInfoPtr getInfo() const; + virtual Ice::EndpointInfoPtr getWSInfo(const std::string&) const; virtual Ice::Int timeout() const; virtual EndpointIPtr timeout(Ice::Int) const; diff --git a/cpp/src/Ice/winrt/StreamTransceiver.cpp b/cpp/src/Ice/winrt/StreamTransceiver.cpp index 3c4a30f8cc6..7cf9946ed9c 100644 --- a/cpp/src/Ice/winrt/StreamTransceiver.cpp +++ b/cpp/src/Ice/winrt/StreamTransceiver.cpp @@ -302,12 +302,29 @@ IceInternal::StreamTransceiver::getInfo() const { info = new Ice::TCPConnectionInfo(); } - fdToAddressAndPort(_fd, info->localAddress, info->localPort, info->remoteAddress, info->remotePort); - info->rcvSize = getRecvBufferSize(_fd); - info->sndSize = getSendBufferSize(_fd); + fillConnectionInfo(info); return info; } +Ice::ConnectionInfoPtr +IceInternal::StreamTransceiver::getWSInfo(const Ice::HeaderDict& headers) const +{ + if(_instance->secure()) + { + IceSSL::WSSConnectionInfoPtr info = new IceSSL::WSSConnectionInfo(); + fillConnectionInfo(info); + info->headers = headers; + return info; + } + else + { + Ice::WSConnectionInfoPtr info = new Ice::WSConnectionInfo(); + fillConnectionInfo(info); + info->headers = headers; + return info; + } +} + void IceInternal::StreamTransceiver::checkSendSize(const Buffer&) { @@ -387,3 +404,12 @@ IceInternal::StreamTransceiver::checkIfErrorOrCompleted(SocketOperation op, IAsy return true; // Prevent compiler warning. } } + +void +IceInternal::StreamTransceiver::fillConnectionInfo(const Ice::IPConnectionInfoPtr& info) const +{ + fdToAddressAndPort(_fd, info->localAddress, info->localPort, info->remoteAddress, info->remotePort); + info->rcvSize = getRecvBufferSize(_fd); + info->sndSize = getSendBufferSize(_fd); +} + diff --git a/cpp/src/Ice/winrt/StreamTransceiver.h b/cpp/src/Ice/winrt/StreamTransceiver.h index 4a32cfd10e8..6d7effd8e49 100644 --- a/cpp/src/Ice/winrt/StreamTransceiver.h +++ b/cpp/src/Ice/winrt/StreamTransceiver.h @@ -13,6 +13,7 @@ #include <Ice/ProtocolInstanceF.h> #include <Ice/Transceiver.h> #include <Ice/Network.h> +#include <Ice/WSTransceiver.h> namespace IceInternal { @@ -20,7 +21,7 @@ namespace IceInternal class StreamConnector; class StreamAcceptor; -class StreamTransceiver : public Transceiver, public NativeInfo +class StreamTransceiver : public Transceiver, public NativeInfo, public WSTransceiverDelegate { enum State { @@ -49,6 +50,7 @@ public: virtual std::string toString() const; virtual std::string toDetailedString() const; virtual Ice::ConnectionInfoPtr getInfo() const; + virtual Ice::ConnectionInfoPtr getWSInfo(const Ice::HeaderDict&) const; virtual void checkSendSize(const Buffer&); virtual void setBufferSize(int rcvSize, int sndSize); @@ -58,8 +60,8 @@ private: virtual ~StreamTransceiver(); void connect(const Address&); - bool checkIfErrorOrCompleted(SocketOperation, Windows::Foundation::IAsyncInfo^, int = 0); + void fillConnectionInfo(const Ice::IPConnectionInfoPtr&) const; friend class StreamConnector; friend class StreamAcceptor; diff --git a/cpp/src/IceSSL/EndpointI.cpp b/cpp/src/IceSSL/EndpointI.cpp index 124c63dc645..6893db0e117 100644 --- a/cpp/src/IceSSL/EndpointI.cpp +++ b/cpp/src/IceSSL/EndpointI.cpp @@ -53,39 +53,17 @@ IceSSL::EndpointI::EndpointI(const InstancePtr& instance, IceInternal::BasicStre Ice::EndpointInfoPtr IceSSL::EndpointI::getInfo() const { - class InfoI : public EndpointInfo - { - public: - - InfoI(const IceInternal::EndpointIPtr& endpoint) : _endpoint(endpoint) - { - } - - virtual Ice::Short - type() const - { - return _endpoint->type(); - } - - virtual bool - datagram() const - { - return _endpoint->datagram(); - } - - virtual bool - secure() const - { - return _endpoint->secure(); - } - - private: - - const IceInternal::EndpointIPtr _endpoint; - }; + EndpointInfoPtr info = new IceInternal::InfoI<EndpointInfo>(const_cast<EndpointI*>(this)); + fillEndpointInfo(info.get()); + return info; +} - IPEndpointInfoPtr info = new InfoI(const_cast<EndpointI*>(this)); +Ice::EndpointInfoPtr +IceSSL::EndpointI::getWSInfo(const string& resource) const +{ + WSSEndpointInfoPtr info = new IceInternal::InfoI<WSSEndpointInfo>(const_cast<EndpointI*>(this)); fillEndpointInfo(info.get()); + info->resource = resource; return info; } diff --git a/cpp/src/IceSSL/EndpointI.h b/cpp/src/IceSSL/EndpointI.h index b3a154a6ad4..74f04d1665a 100644 --- a/cpp/src/IceSSL/EndpointI.h +++ b/cpp/src/IceSSL/EndpointI.h @@ -12,6 +12,7 @@ #include <Ice/IPEndpointI.h> #include <Ice/EndpointFactory.h> +#include <Ice/WSEndpoint.h> #include <IceSSL/InstanceF.h> #include <IceSSL/EndpointInfo.h> #include <Ice/Network.h> @@ -19,7 +20,7 @@ namespace IceSSL { -class EndpointI : public IceInternal::IPEndpointI +class EndpointI : public IceInternal::IPEndpointI, public IceInternal::WSEndpointDelegate { public: @@ -29,6 +30,7 @@ public: EndpointI(const InstancePtr&, IceInternal::BasicStream*); virtual Ice::EndpointInfoPtr getInfo() const; + virtual Ice::EndpointInfoPtr getWSInfo(const std::string&) const; virtual Ice::Int timeout() const; virtual IceInternal::EndpointIPtr timeout(Ice::Int) const; diff --git a/cpp/src/IceSSL/OpenSSLEngine.cpp b/cpp/src/IceSSL/OpenSSLEngine.cpp index c47e19eb99f..cc617008547 100644 --- a/cpp/src/IceSSL/OpenSSLEngine.cpp +++ b/cpp/src/IceSSL/OpenSSLEngine.cpp @@ -395,8 +395,22 @@ OpenSSLEngine::initialize() // Establish the location of CA certificates. // { - string caFile = properties->getProperty(propPrefix + "CertAuthFile"); - string caDir = properties->getPropertyWithDefault(propPrefix + "CertAuthDir", defaultDir); + string caFile = properties->getProperty(propPrefix + "CAs"); + string caDir; + if(!caFile.empty()) + { + if(!checkPath(caFile, defaultDir, false) && checkPath(caFile, defaultDir, true)) + { + caDir = caFile; + caFile = ""; + } + } + else + { + // Deprecated properties + caFile = properties->getProperty(propPrefix + "CertAuthFile"); + caDir = properties->getProperty(propPrefix + "CertAuthDir"); + } const char* file = 0; const char* dir = 0; if(!caFile.empty()) @@ -452,6 +466,10 @@ OpenSSLEngine::initialize() throw PluginInitializationException(__FILE__, __LINE__, msg); } } + else if(properties->getPropertyAsInt("IceSSL.UsePlatformCAs") > 0) + { + SSL_CTX_set_default_verify_paths(_ctx); + } } // diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp index bed46b3b8b4..2b40c62a4b6 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +++ b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp @@ -276,11 +276,12 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B throw ex; } } - else if(_info) + else { - _info->verified = true; + _verified = true; } - _engine->verifyPeer(_stream->fd(), _host, getNativeConnectionInfo()); + + _engine->verifyPeer(_stream->fd(), _host, NativeConnectionInfoPtr::dynamicCast(getInfo())); if(_engine->securityTraceLevel() >= 1) { @@ -573,7 +574,18 @@ IceSSL::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr IceSSL::TransceiverI::getInfo() const { - return getNativeConnectionInfo(); + NativeConnectionInfoPtr info = new NativeConnectionInfo(); + fillConnectionInfo(info, info->nativeCerts); + return info; +} + +Ice::ConnectionInfoPtr +IceSSL::TransceiverI::getWSInfo(const Ice::HeaderDict& headers) const +{ + WSSNativeConnectionInfoPtr info = new WSSNativeConnectionInfo(); + fillConnectionInfo(info, info->nativeCerts); + info->headers = headers; + return info; } void @@ -609,17 +621,18 @@ IceSSL::TransceiverI::verifyCallback(int ok, X509_STORE_CTX* c) } // - // Initialize the native connection info with the verified - // certificate chain. SSL_get_peer_cert_chain doesn't return the - // verified chain, it returns the chain sent by the peer. + // Initialize the native certs with the verified certificate chain. SSL_get_peer_cert_chain + // doesn't return the verified chain, it returns the chain sent by the peer. // - try - { - _info = initNativeConnectionInfo(c); - } - catch(const Ice::Exception&) + STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(c); + if(chain != 0) { - // Ignore + _nativeCerts.clear(); + for(int i = 0; i < sk_X509_num(chain); ++i) + { + _nativeCerts.push_back(new Certificate(X509_dup(sk_X509_value(chain, i)))); + } + sk_X509_pop_free(chain, X509_free); } // @@ -639,6 +652,7 @@ IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance, const IceInterna _adapterName(incoming ? hostOrAdapterName : ""), _incoming(incoming), _stream(stream), + _verified(false), _ssl(0) { } @@ -647,20 +661,9 @@ IceSSL::TransceiverI::~TransceiverI() { } -NativeConnectionInfoPtr -IceSSL::TransceiverI::getNativeConnectionInfo() const -{ - if(!_info) - { - return initNativeConnectionInfo(0); - } - return _info; -} - -NativeConnectionInfoPtr -IceSSL::TransceiverI::initNativeConnectionInfo(X509_STORE_CTX* ctx) const +void +IceSSL::TransceiverI::fillConnectionInfo(const ConnectionInfoPtr& info, std::vector<CertificatePtr>& nativeCerts) const { - NativeConnectionInfoPtr info = new NativeConnectionInfo(); IceInternal::fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress, info->remotePort); if(_stream->fd() != INVALID_SOCKET) @@ -670,57 +673,11 @@ IceSSL::TransceiverI::initNativeConnectionInfo(X509_STORE_CTX* ctx) const } info->adapterName = _adapterName; info->incoming = _incoming; - info->verified = false; - - STACK_OF(X509)* chain = 0; - if(ctx) - { - // - // This is called from the verify callback where OpenSSL provides the verified - // certificate chain. - // - chain = X509_STORE_CTX_get1_chain(ctx); - } - - if(chain == 0 && _ssl != 0) - { - // - // On the client side, SSL_get_peer_cert_chain returns the entire chain of certs. - // On the server side, the peer certificate must be obtained separately. - // - // Since we have no clear idea whether the connection is server or client side, - // the peer certificate is obtained separately and compared against the first - // certificate in the chain. If they are not the same, it is added to the chain. - // - X509* cert = SSL_get_peer_certificate(_ssl); - chain = SSL_get_peer_cert_chain(_ssl); - if(cert != 0 && (chain == 0 || sk_X509_num(chain) == 0 || cert != sk_X509_value(chain, 0))) - { - CertificatePtr certificate = new Certificate(cert); - info->nativeCerts.push_back(certificate); - info->certs.push_back(certificate->encode()); - } - else - { - X509_free(cert); - } - } - - if(chain != 0) + info->verified = _verified; + nativeCerts = _nativeCerts; + for(vector<CertificatePtr>::const_iterator p = _nativeCerts.begin(); p != _nativeCerts.end(); ++p) { - for(int i = 0; i < sk_X509_num(chain); ++i) - { - // - // Duplicate the certificate since the stack comes straight from the SSL connection. - // - CertificatePtr certificate = new Certificate(X509_dup(sk_X509_value(chain, i))); - info->nativeCerts.push_back(certificate); - info->certs.push_back(certificate->encode()); - } - if(ctx) - { - sk_X509_pop_free(chain, X509_free); - } + info->certs.push_back((*p)->encode()); } if(_ssl != 0) { @@ -728,7 +685,6 @@ IceSSL::TransceiverI::initNativeConnectionInfo(X509_STORE_CTX* ctx) const } info->adapterName = _adapterName; info->incoming = _incoming; - return info; } #endif diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.h b/cpp/src/IceSSL/OpenSSLTransceiverI.h index 85fa55d4548..a64e932a0f5 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.h +++ b/cpp/src/IceSSL/OpenSSLTransceiverI.h @@ -19,6 +19,7 @@ #include <Ice/Transceiver.h> #include <Ice/Network.h> #include <Ice/StreamSocket.h> +#include <Ice/WSTransceiver.h> #ifdef ICE_USE_OPENSSL @@ -31,7 +32,7 @@ namespace IceSSL class ConnectorI; class AcceptorI; -class TransceiverI : public IceInternal::Transceiver +class TransceiverI : public IceInternal::Transceiver, public IceInternal::WSTransceiverDelegate { public: @@ -46,6 +47,7 @@ public: virtual std::string toString() const; virtual std::string toDetailedString() const; virtual Ice::ConnectionInfoPtr getInfo() const; + virtual Ice::ConnectionInfoPtr getWSInfo(const Ice::HeaderDict&) const; virtual void checkSendSize(const IceInternal::Buffer&); virtual void setBufferSize(int rcvSize, int sndSize); @@ -56,8 +58,7 @@ private: TransceiverI(const InstancePtr&, const IceInternal::StreamSocketPtr&, const std::string&, bool); virtual ~TransceiverI(); - virtual NativeConnectionInfoPtr getNativeConnectionInfo() const; - NativeConnectionInfoPtr initNativeConnectionInfo(X509_STORE_CTX*) const; + void fillConnectionInfo(const ConnectionInfoPtr&, std::vector<CertificatePtr>&) const; friend class ConnectorI; friend class AcceptorI; @@ -68,7 +69,8 @@ private: const std::string _adapterName; const bool _incoming; const IceInternal::StreamSocketPtr _stream; - NativeConnectionInfoPtr _info; + bool _verified; + std::vector<CertificatePtr> _nativeCerts; SSL* _ssl; }; diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/IceSSL/SChannelEngine.cpp index efb3b099ce3..ddc47619373 100644 --- a/cpp/src/IceSSL/SChannelEngine.cpp +++ b/cpp/src/IceSSL/SChannelEngine.cpp @@ -56,7 +56,7 @@ struct CertChainEngineConfig # endif void -addCertificateToStore(const string& file, HCERTSTORE store, PCCERT_CONTEXT* cert = 0) +addCertificatesToStore(const string& file, HCERTSTORE store, PCCERT_CONTEXT* cert = 0) { vector<char> buffer; readFile(file, buffer); @@ -65,29 +65,50 @@ addCertificateToStore(const string& file, HCERTSTORE store, PCCERT_CONTEXT* cert throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: certificate file is empty:\n" + file); } - vector<BYTE> outBuffer; - outBuffer.resize(buffer.size()); - DWORD outLength = static_cast<DWORD>(outBuffer.size()); - - if(!CryptStringToBinary(&buffer[0], static_cast<DWORD>(buffer.size()), CRYPT_STRING_BASE64HEADER, - &outBuffer[0], &outLength, 0, 0)) + string strbuf(buffer.begin(), buffer.end()); + string::size_type size, startpos, endpos = 0; + bool first = true; + while(true) { - // - // Base64 data should always be bigger than binary - // - assert(GetLastError() != ERROR_MORE_DATA); - throw PluginInitializationException(__FILE__, __LINE__, - "IceSSL: error decoding certificate:\n" + lastErrorToString()); - } + startpos = strbuf.find("-----BEGIN CERTIFICATE-----", endpos); + if(startpos != string::npos) + { + endpos = strbuf.find("-----END CERTIFICATE-----", startpos); + size = endpos - startpos + sizeof("-----END CERTIFICATE-----"); + } + else if(first) + { + startpos = 0; + endpos = string::npos; + size = strbuf.size(); + } + else + { + break; + } - if(!CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &outBuffer[0], - outLength, CERT_STORE_ADD_NEW, cert)) - { - if(GetLastError() != static_cast<DWORD>(CRYPT_E_EXISTS)) + vector<BYTE> outBuffer; + outBuffer.resize(size); + DWORD outLength = static_cast<DWORD>(outBuffer.size()); + if(!CryptStringToBinary(&buffer[startpos], static_cast<DWORD>(size), CRYPT_STRING_ANY, &outBuffer[0], + &outLength, 0, 0)) { + assert(GetLastError() != ERROR_MORE_DATA); // Base64 data should always be bigger than binary throw PluginInitializationException(__FILE__, __LINE__, - "IceSSL: error decoding certificate:\n" + lastErrorToString()); + "IceSSL: error decoding certificate:\n" + lastErrorToString()); + } + + if(!CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &outBuffer[0], + outLength, CERT_STORE_ADD_NEW, first ? cert : 0)) + { + if(GetLastError() != static_cast<DWORD>(CRYPT_E_EXISTS)) + { + throw PluginInitializationException(__FILE__, __LINE__, + "IceSSL: error decoding certificate:\n" + lastErrorToString()); + } } + + first = false; } } @@ -244,8 +265,12 @@ SChannelEngine::initialize() // // Create trusted CA store with contents of CertAuthFile // - string caFile = properties->getProperty(prefix + "CertAuthFile"); - if(!caFile.empty()) + string caFile = properties->getProperty(prefix + "CAs"); + if(caFile.empty()) + { + caFile = properties->getProperty(prefix + "CertAuthFile"); + } + if(!caFile.empty() || properties->getPropertyAsInt("IceSSL.UsePlatformCAs") <= 0) { _rootStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0); if(!_rootStore) @@ -253,15 +278,20 @@ SChannelEngine::initialize() throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error creating in memory certificate store:\n" + lastErrorToString()); } - + } + if(!caFile.empty()) + { if(!checkPath(caFile, defaultDir, false)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: CA certificate file not found:\n" + caFile); } - addCertificateToStore(caFile, _rootStore); + addCertificatesToStore(caFile, _rootStore); + } + if(_rootStore) + { // // Create a chain engine that uses our Trusted Root Store // @@ -410,26 +440,8 @@ SChannelEngine::initialize() "IceSSL: certificate error:\n" + lastErrorToString()); } - // - // If we found a certificate, add it to a new memory store. We - // can't use directly the certificate context from the PFX - // store: while it works for certificates without - // intermediates, it doesn't if the certificate has - // intermediates, the intermediates certificates aren't being - // sent. - // - HCERTSTORE newStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0); - PCCERT_CONTEXT newCert; - if(!CertAddCertificateContextToStore(newStore, cert, CERT_STORE_ADD_ALWAYS, &newCert)) - { - CertCloseStore(newStore, 0); - throw PluginInitializationException(__FILE__, __LINE__, - "IceSSL: certificate error:\n" + lastErrorToString()); - } - _certs.push_back(newCert); - _stores.push_back(newStore); - CertFreeCertificateContext(cert); - CertCloseStore(store, 0); + _certs.push_back(cert); + _stores.push_back(store); continue; } @@ -560,7 +572,7 @@ SChannelEngine::initialize() "store:\n" + lastErrorToString()); } - addCertificateToStore(certFile, store, &cert); + addCertificatesToStore(certFile, store, &cert); // // Associate key & certificate @@ -705,6 +717,17 @@ SChannelEngine::newCredentialsHandle(bool incoming) // the root certificate either way. // cred.dwFlags = SCH_CRED_NO_SYSTEM_MAPPER; + + // + // There's no way to prevent SChannel from sending "CA names" to the + // client. Recent Windows versions don't CA names but older ones do + // send all the trusted root CA names. We provide the root store to + // ensure that for these older Windows versions, we also include the + // CA names of your trusted roots. IceSSL for Java will only send a + // client certificate if the client certificate CA matches one of the + // CA names sent by the server. + // + cred.hRootStore = _rootStore; } else { diff --git a/cpp/src/IceSSL/SChannelTransceiverI.cpp b/cpp/src/IceSSL/SChannelTransceiverI.cpp index 74d9d840ed2..126a966f6b3 100644 --- a/cpp/src/IceSSL/SChannelTransceiverI.cpp +++ b/cpp/src/IceSSL/SChannelTransceiverI.cpp @@ -715,7 +715,7 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B } } - _engine->verifyPeer(_stream->fd(), _host, getNativeConnectionInfo()); + _engine->verifyPeer(_stream->fd(), _host, NativeConnectionInfoPtr::dynamicCast(getInfo())); _state = StateHandshakeComplete; if(_instance->engine()->securityTraceLevel() >= 1) @@ -948,7 +948,18 @@ IceSSL::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr IceSSL::TransceiverI::getInfo() const { - return getNativeConnectionInfo(); + NativeConnectionInfoPtr info = new NativeConnectionInfo(); + fillConnectionInfo(info, info->nativeCerts); + return info; +} + +Ice::ConnectionInfoPtr +IceSSL::TransceiverI::getWSInfo(const Ice::HeaderDict& headers) const +{ + WSSNativeConnectionInfoPtr info = new WSSNativeConnectionInfo(); + fillConnectionInfo(info, info->nativeCerts); + info->headers = headers; + return info; } void @@ -984,10 +995,9 @@ IceSSL::TransceiverI::~TransceiverI() { } -NativeConnectionInfoPtr -IceSSL::TransceiverI::getNativeConnectionInfo() const +void +IceSSL::TransceiverI::fillConnectionInfo(const ConnectionInfoPtr& info, vector<CertificatePtr>& nativeCerts) const { - NativeConnectionInfoPtr info = new NativeConnectionInfo(); IceInternal::fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress, info->remotePort); if(_stream->fd() != INVALID_SOCKET) @@ -1032,7 +1042,7 @@ IceSSL::TransceiverI::getNativeConnectionInfo() const } CertificatePtr certificate = new Certificate(cc); - info->nativeCerts.push_back(certificate); + nativeCerts.push_back(certificate); info->certs.push_back(certificate->encode()); } CertFreeCertificateChain(certChain); @@ -1059,7 +1069,6 @@ IceSSL::TransceiverI::getNativeConnectionInfo() const info->adapterName = _adapterName; info->incoming = _incoming; - return info; } bool diff --git a/cpp/src/IceSSL/SChannelTransceiverI.h b/cpp/src/IceSSL/SChannelTransceiverI.h index a029cf596bf..f60d54ff6d6 100644 --- a/cpp/src/IceSSL/SChannelTransceiverI.h +++ b/cpp/src/IceSSL/SChannelTransceiverI.h @@ -19,6 +19,7 @@ #include <Ice/Network.h> #include <Ice/Buffer.h> #include <Ice/StreamSocket.h> +#include <Ice/WSTransceiver.h> #ifdef ICE_USE_SCHANNEL @@ -42,7 +43,7 @@ namespace IceSSL class ConnectorI; class AcceptorI; -class TransceiverI : public IceInternal::Transceiver +class TransceiverI : public IceInternal::Transceiver, public IceInternal::WSTransceiverDelegate { public: @@ -63,6 +64,7 @@ public: virtual std::string toString() const; virtual std::string toDetailedString() const; virtual Ice::ConnectionInfoPtr getInfo() const; + virtual Ice::ConnectionInfoPtr getWSInfo(const Ice::HeaderDict&) const; virtual void checkSendSize(const IceInternal::Buffer&); virtual void setBufferSize(int rcvSize, int sndSize); @@ -71,7 +73,7 @@ private: TransceiverI(const InstancePtr&, const IceInternal::StreamSocketPtr&, const std::string&, bool); virtual ~TransceiverI(); - virtual NativeConnectionInfoPtr getNativeConnectionInfo() const; + void fillConnectionInfo(const ConnectionInfoPtr&, std::vector<CertificatePtr>&) const; IceInternal::SocketOperation sslHandshake(); diff --git a/cpp/src/IceSSL/SecureTransportEngine.cpp b/cpp/src/IceSSL/SecureTransportEngine.cpp index 9264bf252aa..a7102f64279 100644 --- a/cpp/src/IceSSL/SecureTransportEngine.cpp +++ b/cpp/src/IceSSL/SecureTransportEngine.cpp @@ -905,7 +905,11 @@ IceSSL::SecureTransportEngine::initialize() // try { - string caFile = properties->getProperty("IceSSL.CertAuthFile"); + string caFile = properties->getProperty("IceSSL.CAs"); + if(caFile.empty()) + { + caFile = properties->getProperty("IceSSL.CertAuthFile"); + } if(!caFile.empty()) { if(!checkPath(caFile, defaultDir, false)) @@ -915,6 +919,11 @@ IceSSL::SecureTransportEngine::initialize() } _certificateAuthorities = loadCACertificates(caFile); } + else if(properties->getPropertyAsInt("IceSSL.UsePlatformCAs") <= 0) + { + // Setup an empty list of Root CAs to not use the system root CAs. + _certificateAuthorities = CFArrayCreate(0, 0, 0, 0); + } } catch(const CertificateReadException& ce) { diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp index 3ff588cd9e2..211a4ca3fe8 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp @@ -258,7 +258,7 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B << "remote address = " << desc << "\n" << errorToString(err); throw ProtocolException(__FILE__, __LINE__, os.str()); } - _engine->verifyPeer(_stream->fd(), _host, getNativeConnectionInfo()); + _engine->verifyPeer(_stream->fd(), _host, NativeConnectionInfoPtr::dynamicCast(getInfo())); if(_instance->engine()->securityTraceLevel() >= 1) { @@ -485,7 +485,18 @@ IceSSL::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr IceSSL::TransceiverI::getInfo() const { - return getNativeConnectionInfo(); + NativeConnectionInfoPtr info = new NativeConnectionInfo(); + fillConnectionInfo(info, info->nativeCerts); + return info; +} + +Ice::ConnectionInfoPtr +IceSSL::TransceiverI::getWSInfo(const Ice::HeaderDict& headers) const +{ + WSSNativeConnectionInfoPtr info = new WSSNativeConnectionInfo(); + fillConnectionInfo(info, info->nativeCerts); + info->headers = headers; + return info; } void @@ -526,10 +537,9 @@ IceSSL::TransceiverI::~TransceiverI() { } -NativeConnectionInfoPtr -IceSSL::TransceiverI::getNativeConnectionInfo() const +void +IceSSL::TransceiverI::fillConnectionInfo(const ConnectionInfoPtr& info, std::vector<CertificatePtr>& nativeCerts) const { - NativeConnectionInfoPtr info = new NativeConnectionInfo(); IceInternal::fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress, info->remotePort); if(_stream->fd() != INVALID_SOCKET) @@ -546,7 +556,7 @@ IceSSL::TransceiverI::getNativeConnectionInfo() const CFRetain(cert); CertificatePtr certificate = new Certificate(cert); - info->nativeCerts.push_back(certificate); + nativeCerts.push_back(certificate); info->certs.push_back(certificate->encode()); } @@ -562,7 +572,6 @@ IceSSL::TransceiverI::getNativeConnectionInfo() const info->adapterName = _adapterName; info->incoming = _incoming; - return info; } OSStatus diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.h b/cpp/src/IceSSL/SecureTransportTransceiverI.h index aaf232c4032..c81ee7aaef1 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.h +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.h @@ -18,6 +18,7 @@ #include <Ice/Transceiver.h> #include <Ice/Network.h> #include <Ice/StreamSocket.h> +#include <Ice/WSTransceiver.h> #ifdef ICE_USE_SECURE_TRANSPORT @@ -30,7 +31,7 @@ namespace IceSSL class ConnectorI; class AcceptorI; -class TransceiverI : public IceInternal::Transceiver +class TransceiverI : public IceInternal::Transceiver, public IceInternal::WSTransceiverDelegate { public: @@ -46,6 +47,7 @@ public: virtual std::string toString() const; virtual std::string toDetailedString() const; virtual Ice::ConnectionInfoPtr getInfo() const; + virtual Ice::ConnectionInfoPtr getWSInfo(const Ice::HeaderDict&) const; virtual void checkSendSize(const IceInternal::Buffer&); virtual void setBufferSize(int rcvSize, int sndSize); @@ -57,7 +59,7 @@ private: TransceiverI(const InstancePtr&, const IceInternal::StreamSocketPtr&, const std::string&, bool); virtual ~TransceiverI(); - virtual NativeConnectionInfoPtr getNativeConnectionInfo() const; + void fillConnectionInfo(const ConnectionInfoPtr&, std::vector<CertificatePtr>&) const; friend class ConnectorI; friend class AcceptorI; |