C++11 CertificateVerifier and PasswordPrompt

6 files changed, 144 insertions, 9 deletions

diff --git a/cpp/include/IceSSL/Plugin.h b/cpp/include/IceSSL/Plugin.h
index 75cfa266d8b..05cba8654c0 100644
--- a/cpp/include/IceSSL/Plugin.h
+++ b/cpp/include/IceSSL/Plugin.h
@@ -469,11 +469,14 @@ public:
 };
 ICE_DEFINE_PTR(NativeConnectionInfoPtr, NativeConnectionInfo);
 
+
+#ifndef ICE_CPP11_MAPPING // C++98 mapping
 //
 // An application can customize the certificate verification process
 // by implementing the CertificateVerifier interface.
 //
-class ICE_SSL_API CertificateVerifier : public Ice::EnableSharedFromThis<CertificateVerifier>
+
+class ICE_SSL_API CertificateVerifier : public IceUtil::Shared
 {
 public:
 
@@ -485,7 +488,7 @@ public:
     //
     virtual bool verify(const NativeConnectionInfoPtr&) = 0;
 };
-ICE_DEFINE_PTR(CertificateVerifierPtr, CertificateVerifier);
+typedef IceUtil::Handle<CertificateVerifier> CertificateVerifierPtr;
 
 //
 // In order to read an encrypted file, such as one containing a
@@ -502,7 +505,7 @@ ICE_DEFINE_PTR(CertificateVerifierPtr, CertificateVerifier);
 // IceSSL.DelayInit=1), configure the PasswordPrompt, then manually
 // initialize the plug-in.
 //
-class ICE_SSL_API PasswordPrompt : public Ice::EnableSharedFromThis<PasswordPrompt>
+class ICE_SSL_API PasswordPrompt : public IceUtil::Shared
 {
 public:
 
@@ -515,7 +518,9 @@ public:
     //
     virtual std::string getPassword() = 0;
 };
-ICE_DEFINE_PTR(PasswordPromptPtr, PasswordPrompt);
+typedef IceUtil::Handle<PasswordPrompt> PasswordPromptPtr;
+#endif
+
 
 class ICE_SSL_API Plugin : public Ice::Plugin
 {
@@ -527,13 +532,21 @@ public:
     // Establish the certificate verifier object. This should be done
     // before any connections are established.
     //
+#ifdef ICE_CPP11_MAPPING
+    virtual void setCertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)>) = 0;
+#else
     virtual void setCertificateVerifier(const CertificateVerifierPtr&) = 0;
+#endif
 
     //
     // Establish the password prompt object. This must be done before
     // the plug-in is initialized.
     //
+#ifdef ICE_CPP11_MAPPING
+    virtual void setPasswordPrompt(std::function<std::string()>) = 0;
+#else
     virtual void setPasswordPrompt(const PasswordPromptPtr&) = 0;
+#endif
 
 #ifdef ICE_USE_OPENSSL
     //
diff --git a/cpp/src/IceSSL/PluginI.cpp b/cpp/src/IceSSL/PluginI.cpp
index 2e3cbe10414..cb515311c5a 100755
--- a/cpp/src/IceSSL/PluginI.cpp
+++ b/cpp/src/IceSSL/PluginI.cpp
@@ -41,17 +41,20 @@ registerIceSSL(bool loadOnInitialize)
 
 }
 
+#ifndef ICE_CPP11_MAPPING
 IceSSL::CertificateVerifier::~CertificateVerifier()
 {
     // Out of line to avoid weak vtable
 }
 
-IceSSL::NativeConnectionInfo::~NativeConnectionInfo()
+IceSSL::PasswordPrompt::~PasswordPrompt()
 {
     // Out of line to avoid weak vtable
 }
+#endif
 
-IceSSL::PasswordPrompt::~PasswordPrompt()
+
+IceSSL::NativeConnectionInfo::~NativeConnectionInfo()
 {
     // Out of line to avoid weak vtable
 }
@@ -130,17 +133,47 @@ IceSSL::PluginI::destroy()
     _engine = 0;
 }
 
+#ifdef ICE_CPP11_MAPPING
+void
+IceSSL::PluginI::setCertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)> verifier)
+{
+    if(verifier)
+    {
+        _engine->setCertificateVerifier(make_shared<CertificateVerifier>(std::move(verifier)));
+    }
+    else
+    {
+        _engine->setCertificateVerifier(nullptr);
+    }
+}
+#else
 void
 IceSSL::PluginI::setCertificateVerifier(const CertificateVerifierPtr& verifier)
 {
     _engine->setCertificateVerifier(verifier);
 }
+#endif
 
+#ifdef ICE_CPP11_MAPPING
+void
+IceSSL::PluginI::setPasswordPrompt(std::function<std::string()> prompt)
+{
+     if(prompt)
+     {
+         _engine->setPasswordPrompt(make_shared<PasswordPrompt>(std::move(prompt)));
+     }
+     else
+     {
+         _engine->setPasswordPrompt(nullptr);
+     }
+}
+#else
 void
 IceSSL::PluginI::setPasswordPrompt(const PasswordPromptPtr& prompt)
 {
     _engine->setPasswordPrompt(prompt);
 }
+#endif
 
 #ifdef ICE_USE_OPENSSL
 void
diff --git a/cpp/src/IceSSL/PluginI.h b/cpp/src/IceSSL/PluginI.h
index ea0cf344ab4..b0f61028c21 100644
--- a/cpp/src/IceSSL/PluginI.h
+++ b/cpp/src/IceSSL/PluginI.h
@@ -32,8 +32,13 @@ public:
     //
     // From IceSSL::Plugin.
     //
+#ifdef ICE_CPP11_MAPPING
+    virtual void setCertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)>);
+    virtual void setPasswordPrompt(std::function<std::string()>);
+#else
     virtual void setCertificateVerifier(const CertificateVerifierPtr&);
     virtual void setPasswordPrompt(const PasswordPromptPtr&);
+#endif
 
 #ifdef ICE_USE_OPENSSL
     virtual void setContext(SSL_CTX*);
diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/Util.cpp
index 6cb87ec31ec..5dc8bcf4b42 100755
--- a/cpp/src/IceSSL/Util.cpp
+++ b/cpp/src/IceSSL/Util.cpp
@@ -35,6 +35,32 @@ using namespace Ice;
 using namespace IceUtil;
 using namespace IceSSL;
 
+
+#ifdef ICE_CPP11_MAPPING
+IceSSL::CertificateVerifier::CertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)> v) :
+    _verify(std::move(v))
+{
+}
+
+bool
+IceSSL::CertificateVerifier::verify(const NativeConnectionInfoPtr& info)
+{
+    return _verify(info);
+}
+
+IceSSL::PasswordPrompt::PasswordPrompt(std::function<std::string()> p) :
+    _prompt(std::move(p))
+{
+}
+
+std::string
+IceSSL::PasswordPrompt::getPassword()
+{
+    return _prompt();
+}
+#endif
+
+
 #if !defined(ICE_USE_OPENSSL)
 
 namespace
diff --git a/cpp/src/IceSSL/Util.h b/cpp/src/IceSSL/Util.h
index 3e98050ee35..1ff3b12aab5 100644
--- a/cpp/src/IceSSL/Util.h
+++ b/cpp/src/IceSSL/Util.h
@@ -29,6 +29,37 @@
 namespace IceSSL
 {
 
+#ifdef ICE_CPP11_MAPPING
+//
+// Adapts the C++11 functions to C++98-like callbacks
+//
+class CertificateVerifier
+{
+public:
+
+    CertificateVerifier(std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)>);
+    bool verify(const NativeConnectionInfoPtr&);
+
+private:
+
+    std::function<bool(const std::shared_ptr<NativeConnectionInfo>&)> _verify;
+};
+using CertificateVerifierPtr = std::shared_ptr<CertificateVerifier>;
+
+class PasswordPrompt
+{
+public:
+
+    PasswordPrompt(std::function<std::string()>);
+    std::string getPassword();
+
+private:
+
+    std::function<std::string()> _prompt;
+};
+using PasswordPromptPtr = std::shared_ptr<PasswordPrompt>;
+#endif
+
 //
 // Constants for X509 certificate alt names (AltNameOther, AltNameORAddress, AltNameEDIPartyName and
 // AltNameObjectIdentifier) are not supported.
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index 7261fdfbd8f..35d60785ebf 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -251,7 +251,10 @@ public:
 };
 #endif
 
-class PasswordPromptI : public IceSSL::PasswordPrompt
+class PasswordPromptI
+#ifndef ICE_CPP11_MAPPING
+ : public IceSSL::PasswordPrompt
+#endif
 {
 public:
 
@@ -277,7 +280,10 @@ private:
 };
 ICE_DEFINE_PTR(PasswordPromptIPtr, PasswordPromptI);
 
-class CertificateVerifierI : public IceSSL::CertificateVerifier
+class CertificateVerifierI
+#ifndef ICE_CPP11_MAPPING
+: public IceSSL::CertificateVerifier
+#endif
 {
 public:
 
@@ -1331,7 +1337,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
         IceSSL::PluginPtr plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, comm->getPluginManager()->getPlugin("IceSSL"));
         test(plugin);
         CertificateVerifierIPtr verifier = ICE_MAKE_SHARED(CertificateVerifierI);
+
+#ifdef ICE_CPP11_MAPPING
+        plugin->setCertificateVerifier([verifier](const shared_ptr<IceSSL::NativeConnectionInfo>& info)
+                                       { return verifier->verify(info); });
+#else
         plugin->setCertificateVerifier(verifier);
+#endif
 
         Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef));
         test(fact);
@@ -1399,8 +1411,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
         IceSSL::PluginPtr plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, comm->getPluginManager()->getPlugin("IceSSL"));
         test(plugin);
         CertificateVerifierIPtr verifier = ICE_MAKE_SHARED(CertificateVerifierI);
-        plugin->setCertificateVerifier(verifier);
 
+#ifdef ICE_CPP11_MAPPING
+        plugin->setCertificateVerifier([verifier](const shared_ptr<IceSSL::NativeConnectionInfo>& info)
+                                       { return verifier->verify(info); });
+#else
+        plugin->setCertificateVerifier(verifier);
+#endif
         Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef));
         test(fact);
         Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
@@ -1872,7 +1889,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
         IceSSL::PluginPtr plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, pm->getPlugin("IceSSL"));
         test(plugin);
         PasswordPromptIPtr prompt = ICE_MAKE_SHARED(PasswordPromptI, "client");
+
+#ifdef ICE_CPP11_MAPPING
+        plugin->setPasswordPrompt([prompt]{ return prompt->getPassword(); });
+#else
         plugin->setPasswordPrompt(prompt);
+#endif
         pm->initializePlugins();
         test(prompt->count() == 1);
         Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef));
@@ -1903,7 +1925,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
         plugin = ICE_DYNAMIC_CAST(IceSSL::Plugin, pm->getPlugin("IceSSL"));
         test(plugin);
         prompt = ICE_MAKE_SHARED(PasswordPromptI, "invalid");
+
+#ifdef ICE_CPP11_MAPPING
+        plugin->setPasswordPrompt([prompt]{ return prompt->getPassword(); });
+#else
         plugin->setPasswordPrompt(prompt);
+#endif
         try
         {
             pm->initializePlugins();