diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2015-04-28 22:32:02 +0200 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2015-04-28 22:32:02 +0200 |
| commit | 8fe52c0cd380c685040d95be59abba478b8fe6a9 (patch) | |
| tree | 18e0c1ded5f2c150607385f5ca1b0448debb4f60 /csharp/src | |
| parent | ICE-5865 Added license info to pom files (diff) | |
| download | ice-8fe52c0cd380c685040d95be59abba478b8fe6a9.tar.bz2 ice-8fe52c0cd380c685040d95be59abba478b8fe6a9.tar.xz ice-8fe52c0cd380c685040d95be59abba478b8fe6a9.zip | |
Fixed ICE-6464 and deprecated various IceSSL properties
Diffstat (limited to 'csharp/src')
| -rw-r--r-- | csharp/src/Ice/PropertyNames.cs | 13 | ||||
| -rw-r--r-- | csharp/src/IceSSL/SSLEngine.cs | 131 | ||||
| -rw-r--r-- | csharp/src/IceSSL/TransceiverI.cs | 2 |
3 files changed, 96 insertions, 50 deletions
diff --git a/csharp/src/Ice/PropertyNames.cs b/csharp/src/Ice/PropertyNames.cs index cd2190d1f47..a59d6f16042 100644 --- a/csharp/src/Ice/PropertyNames.cs +++ b/csharp/src/Ice/PropertyNames.cs @@ -6,7 +6,7 @@ // ICE_LICENSE file included in this distribution. // // ********************************************************************** -// Generated by makeprops.py from file ./config/PropertyNames.xml, Tue Apr 28 17:34:50 2015 +// Generated by makeprops.py from file ./config/PropertyNames.xml, Tue Apr 28 22:03:41 2015 // IMPORTANT: Do not edit this file -- any edits made here will be lost! @@ -971,9 +971,10 @@ namespace IceInternal { new Property(@"^IceSSL\.Alias$", false, null), new Property(@"^IceSSL\.CAs$", false, null), - new Property(@"^IceSSL\.CertAuthDir$", true, null), - new Property(@"^IceSSL\.CertAuthFile$", true, null), + new Property(@"^IceSSL\.CertAuthDir$", true, @"IceSSL.CAs"), + new Property(@"^IceSSL\.CertAuthFile$", true, @"IceSSL.CAs"), new Property(@"^IceSSL\.CertStore$", false, null), + new Property(@"^IceSSL\.CertStoreLocation$", false, null), new Property(@"^IceSSL\.CertFile$", false, null), new Property(@"^IceSSL\.CertVerifier$", false, null), new Property(@"^IceSSL\.CheckCertName$", false, null), @@ -984,11 +985,11 @@ namespace IceInternal new Property(@"^IceSSL\.DHParams$", false, null), new Property(@"^IceSSL\.EntropyDaemon$", false, null), new Property(@"^IceSSL\.FindCert$", false, null), - new Property(@"^IceSSL\.FindCert\.[^\s]+$", true, null), + new Property(@"^IceSSL\.FindCert\.[^\s]+$", true, @"IceSSL.FindCert"), new Property(@"^IceSSL\.ImportCert\.[^\s]+$", true, null), new Property(@"^IceSSL\.InitOpenSSL$", false, null), new Property(@"^IceSSL\.KeyFile$", true, null), - new Property(@"^IceSSL\.KeySet$", false, null), + new Property(@"^IceSSL\.KeySet$", true, @"IceSSL.CertStoreLocation"), new Property(@"^IceSSL\.Keychain$", false, null), new Property(@"^IceSSL\.KeychainPassword$", false, null), new Property(@"^IceSSL\.Keystore$", false, null), @@ -997,7 +998,7 @@ namespace IceInternal new Property(@"^IceSSL\.Password$", false, null), new Property(@"^IceSSL\.PasswordCallback$", false, null), new Property(@"^IceSSL\.PasswordRetryMax$", false, null), - new Property(@"^IceSSL\.PersistKeySet$", false, null), + new Property(@"^IceSSL\.PersistKeySet$", true, null), new Property(@"^IceSSL\.Protocols$", false, null), new Property(@"^IceSSL\.ProtocolVersionMax$", false, null), new Property(@"^IceSSL\.ProtocolVersionMin$", false, null), diff --git a/csharp/src/IceSSL/SSLEngine.cs b/csharp/src/IceSSL/SSLEngine.cs index 7a0180d3fcf..4f99f959ecd 100644 --- a/csharp/src/IceSSL/SSLEngine.cs +++ b/csharp/src/IceSSL/SSLEngine.cs @@ -61,34 +61,57 @@ namespace IceSSL // _defaultDir = properties.getProperty(prefix + "DefaultDir"); -#if UNITY - _certStore = null; -#else - string keySet = properties.getPropertyWithDefault(prefix + "KeySet", "DefaultKeySet"); - if(!keySet.Equals("DefaultKeySet") && !keySet.Equals("UserKeySet") && !keySet.Equals("MachineKeySet")) + string certStoreLocation = properties.getPropertyWithDefault(prefix + "CertStoreLocation", "CurrentUser"); + StoreLocation storeLocation; + if(certStoreLocation == "CurrentUser") { - _logger.warning("Invalid IceSSL.KeySet value `" + keySet + "' adjusted to `DefaultKeySet'"); - keySet = "DefaultKeySet"; + storeLocation = StoreLocation.CurrentUser; } - - _certStore = properties.getPropertyWithDefault(prefix + "CertStore", "CurrentUser"); - if(_certStore != "CurrentUser" && _certStore != "LocalMachine") + else if(certStoreLocation == "LocalMachine") + { + storeLocation = StoreLocation.LocalMachine; + } + else { - _logger.warning("Invalid IceSSL.CertStore value `" + _certStore + "' adjusted to `CurrentUser'"); - _certStore = "CurrentUser"; + _logger.warning("Invalid IceSSL.CertStore value `" + certStoreLocation + "' adjusted to `CurrentUser'"); + storeLocation = StoreLocation.CurrentUser; } + _useMachineContext = certStoreLocation == "LocalMachine"; - X509KeyStorageFlags keyStorageFlags = X509KeyStorageFlags.DefaultKeySet; - if(keySet.Equals("UserKeySet")) +#if !UNITY + X509KeyStorageFlags keyStorageFlags; + if(_useMachineContext) + { + keyStorageFlags = X509KeyStorageFlags.MachineKeySet; + } + else { keyStorageFlags = X509KeyStorageFlags.UserKeySet; } - else if(keySet.Equals("MachineKeySet")) + + string keySet = properties.getProperty(prefix + "KeySet"); // Deprecated property + if(keySet.Length > 0) { - keyStorageFlags = X509KeyStorageFlags.MachineKeySet; + if(keySet.Equals("DefaultKeySet")) + { + keyStorageFlags = X509KeyStorageFlags.DefaultKeySet; + } + else if(keySet.Equals("UserKeySet")) + { + keyStorageFlags = X509KeyStorageFlags.UserKeySet; + } + else if(keySet.Equals("MachineKeySet")) + { + keyStorageFlags = X509KeyStorageFlags.MachineKeySet; + } + else + { + _logger.warning("Invalid IceSSL.KeySet value `" + keySet + "' adjusted to `DefaultKeySet'"); + keyStorageFlags = X509KeyStorageFlags.DefaultKeySet; + } } - if(properties.getPropertyAsIntWithDefault(prefix + "PersistKeySet", 0) > 0) + if(properties.getPropertyAsIntWithDefault(prefix + "PersistKeySet", 0) > 0) // Deprecated property { keyStorageFlags |= X509KeyStorageFlags.PersistKeySet; } @@ -233,6 +256,9 @@ namespace IceSSL _certs = new X509Certificate2Collection(); string certFile = properties.getProperty(prefix + "CertFile"); string passwordStr = properties.getProperty(prefix + "Password"); + string findCert = properties.getProperty(prefix + "FindCert"); + const string findPrefix = prefix + "FindCert."; + Dictionary<string, string> findCertProps = properties.getPropertiesForPrefix(findPrefix); if(certFile.Length > 0) { @@ -256,13 +282,23 @@ namespace IceSSL try { X509Certificate2 cert; + X509KeyStorageFlags importFlags; + if(_useMachineContext) + { + importFlags = X509KeyStorageFlags.MachineKeySet; + } + else + { + importFlags = X509KeyStorageFlags.UserKeySet; + } + if(password != null) { - cert = new X509Certificate2(certFile, password, keyStorageFlags); + cert = new X509Certificate2(certFile, password, importFlags); } else { - cert = new X509Certificate2(certFile, "", keyStorageFlags); + cert = new X509Certificate2(certFile, "", importFlags); } _certs.Add(cert); } @@ -273,24 +309,37 @@ namespace IceSSL throw e; } } - - // - // If IceSSL.FindCert.* properties are defined, add the selected certificates - // to the collection. - // - // TODO: tracing? - const string findPrefix = prefix + "FindCert."; - Dictionary<string, string> certProps = properties.getPropertiesForPrefix(findPrefix); - if(certProps.Count > 0) + else if(findCert.Length > 0) + { + string certStore = properties.getPropertyWithDefault("IceSSL.CertStore", "My"); + _certs.AddRange(findCertificates("IceSSL.FindCert", storeLocation, certStore, findCert)); + if(_certs.Count == 0) + { + throw new Ice.PluginInitializationException("IceSSL: no certificates found"); + } + } + else if(findCertProps.Count > 0) { - foreach(KeyValuePair<string, string> entry in certProps) + // + // If IceSSL.FindCert.* properties are defined, add the selected certificates + // to the collection. + // + foreach(KeyValuePair<string, string> entry in findCertProps) { string name = entry.Key; string val = entry.Value; if(val.Length > 0) { string storeSpec = name.Substring(findPrefix.Length); - X509Certificate2Collection coll = findCertificates(name, storeSpec, val); + StoreLocation storeLoc = 0; + StoreName storeName = 0; + string sname = null; + parseStore(name, storeSpec, ref storeLoc, ref storeName, ref sname); + if(sname == null) + { + sname = storeName.ToString(); + } + X509Certificate2Collection coll = findCertificates(name, storeLoc, sname, val); _certs.AddRange(coll); } } @@ -388,9 +437,9 @@ namespace IceSSL _initialized = true; } - internal string certStore() + internal bool useMachineContext() { - return _certStore; + return _useMachineContext; } internal X509Certificate2Collection caCerts() @@ -1072,26 +1121,22 @@ namespace IceSSL } #if !UNITY - private static X509Certificate2Collection findCertificates(string prop, string storeSpec, string value) + private static X509Certificate2Collection findCertificates(string prop, StoreLocation storeLocation, + string name, string value) { - StoreLocation storeLoc = 0; - StoreName storeName = 0; - string storeNameStr = null; - parseStore(prop, storeSpec, ref storeLoc, ref storeName, ref storeNameStr); - // // Open the X509 certificate store. // X509Store store = null; try { - if(storeNameStr != null) + try { - store = new X509Store(storeNameStr, storeLoc); + store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), name, true), storeLocation); } - else + catch(ArgumentException) { - store = new X509Store(storeName, storeLoc); + store = new X509Store(name, storeLocation); } store.Open(OpenFlags.ReadOnly); } @@ -1326,7 +1371,7 @@ namespace IceSSL private int _verifyDepthMax; private int _checkCRL; private X509Certificate2Collection _certs; - private string _certStore; + private bool _useMachineContext; private X509Certificate2Collection _caCerts; private CertificateVerifier _verifier; private PasswordCallback _passwordCallback; diff --git a/csharp/src/IceSSL/TransceiverI.cs b/csharp/src/IceSSL/TransceiverI.cs index 85ec68d0e4f..c60179e9f05 100644 --- a/csharp/src/IceSSL/TransceiverI.cs +++ b/csharp/src/IceSSL/TransceiverI.cs @@ -354,7 +354,7 @@ namespace IceSSL _verifyPeer = _instance.properties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2); - _chain = new X509Chain(_instance.engine().certStore() == "LocalMachine"); + _chain = new X509Chain(_instance.engine().useMachineContext()); if(_instance.checkCRL() == 0) { |