adding ConnectionInfo

7 files changed, 151 insertions, 60 deletions

diff --git a/java/src/IceSSL/CertificateVerifier.java b/java/src/IceSSL/CertificateVerifier.java
index 485275fce98..11a842c17ab 100644
--- a/java/src/IceSSL/CertificateVerifier.java
+++ b/java/src/IceSSL/CertificateVerifier.java
@@ -16,8 +16,8 @@ package IceSSL;
 public interface CertificateVerifier
 {
     //
-    // Return true to allow a connection using the provided certificate
-    // information, or false to reject the connection.
+    // Return false if the connection should be rejected, or true to
+    // allow it.
     // 
-    boolean verify(VerifyInfo info);
+    boolean verify(ConnectionInfo info);
 }
diff --git a/java/src/IceSSL/ConnectionInfo.java b/java/src/IceSSL/ConnectionInfo.java
new file mode 100644
index 00000000000..8e58d7edbaf
--- /dev/null
+++ b/java/src/IceSSL/ConnectionInfo.java
@@ -0,0 +1,40 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+package IceSSL;
+
+//
+// ConnectionInfo contains information that may be of use to a
+// CertificateVerifier or an application that wants information
+// about its peer.
+//
+public class ConnectionInfo
+{
+    //
+    // The certificate chain. This may be null if the peer did not
+    // supply a certificate. The peer's certificate (if any) is the
+    // first one in the chain.
+    //
+    public java.security.cert.Certificate[] certs;
+
+    //
+    // The name of the negotiated cipher.
+    //
+    public String cipher;
+
+    //
+    // The local TCP/IP host & port.
+    //
+    public java.net.InetSocketAddress localAddr;
+
+    //
+    // The remote TCP/IP host & port.
+    //
+    public java.net.InetSocketAddress remoteAddr;
+}
diff --git a/java/src/IceSSL/ConnectionInvalidException.java b/java/src/IceSSL/ConnectionInvalidException.java
new file mode 100644
index 00000000000..0192d55f3d5
--- /dev/null
+++ b/java/src/IceSSL/ConnectionInvalidException.java
@@ -0,0 +1,30 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+package IceSSL;
+
+public final class ConnectionInvalidException extends Ice.LocalException
+{
+    public ConnectionInvalidException()
+    {
+    }
+
+    public ConnectionInvalidException(String reason)
+    {
+	this.reason = reason;
+    }
+
+    public String
+    ice_name()
+    {
+	return "Ice::ConnectionInvalidException";
+    }
+
+    public String reason;
+}
diff --git a/java/src/IceSSL/Instance.java b/java/src/IceSSL/Instance.java
index ea6ab3308e8..636b9da815c 100644
--- a/java/src/IceSSL/Instance.java
+++ b/java/src/IceSSL/Instance.java
@@ -424,18 +424,7 @@ class Instance
 	CertificateVerifier verifier = _verifier;
 	if(verifier != null)
 	{
-	    VerifyInfo info = new VerifyInfo();
-	    info.incoming = incoming;
-	    try
-	    {
-		info.certs = fd.getSession().getPeerCertificates();
-	    }
-	    catch(javax.net.ssl.SSLPeerUnverifiedException ex)
-	    {
-		// No peer certificates.
-	    }
-	    info.socket = fd;
-	    info.address = host;
+	    ConnectionInfo info = Util.populateConnectionInfo(fd);
 	    if(!verifier.verify(info))
 	    {
 		if(_securityTraceLevel > 0)
diff --git a/java/src/IceSSL/TransceiverI.java b/java/src/IceSSL/TransceiverI.java
index 9265d718b5d..a636db079f0 100644
--- a/java/src/IceSSL/TransceiverI.java
+++ b/java/src/IceSSL/TransceiverI.java
@@ -309,6 +309,16 @@ final class TransceiverI implements IceInternal.Transceiver
 	return _desc;
     }
 
+    ConnectionInfo
+    getConnectionInfo()
+    {
+	//
+	// This can only be called on an open transceiver.
+	//
+	assert(_fd != null);
+	return Util.populateConnectionInfo(_fd);
+    }
+
     //
     // Only for use by ConnectorI, AcceptorI
     //
diff --git a/java/src/IceSSL/Util.java b/java/src/IceSSL/Util.java
new file mode 100644
index 00000000000..c8192cf9706
--- /dev/null
+++ b/java/src/IceSSL/Util.java
@@ -0,0 +1,67 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+package IceSSL;
+
+public final class Util
+{
+    public static ConnectionInfo
+    getConnectionInfo(Ice.Connection connection)
+    {
+	Ice.ConnectionI con = (Ice.ConnectionI)connection;
+	assert(con != null);
+
+	//
+	// Lock the connection directly. This is done because the only
+	// thing that prevents the transceiver from being closed during
+	// the duration of the invocation is the connection.
+	//
+	synchronized(con)
+	{
+	    IceInternal.Transceiver transceiver = con.getTransceiver();
+	    if(transceiver == null)
+	    {
+		ConnectionInvalidException ex = new ConnectionInvalidException();
+		ex.reason = "connection closed";
+		throw ex;
+	    }
+
+	    try
+	    {
+		TransceiverI sslTransceiver = (TransceiverI)transceiver;
+		return sslTransceiver.getConnectionInfo();
+	    }
+	    catch(ClassCastException ex)
+	    {
+		ConnectionInvalidException e = new ConnectionInvalidException();
+		e.reason = "not ssl connection";
+		throw e;
+	    }
+	}
+    }
+
+    static ConnectionInfo
+    populateConnectionInfo(javax.net.ssl.SSLSocket fd)
+    {
+	ConnectionInfo info = new ConnectionInfo();
+	javax.net.ssl.SSLSession session = fd.getSession();
+	try
+	{
+	    info.certs = session.getPeerCertificates();
+	}
+	catch(javax.net.ssl.SSLPeerUnverifiedException ex)
+	{
+	    // No peer certificates.
+	}
+	info.cipher = session.getCipherSuite();
+	info.localAddr = (java.net.InetSocketAddress)fd.getLocalSocketAddress();
+	info.remoteAddr = (java.net.InetSocketAddress)fd.getRemoteSocketAddress();
+	return info;
+    }
+}
diff --git a/java/src/IceSSL/VerifyInfo.java b/java/src/IceSSL/VerifyInfo.java
deleted file mode 100644
index 95e603ada3a..00000000000
--- a/java/src/IceSSL/VerifyInfo.java
+++ /dev/null
@@ -1,45 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-package IceSSL;
-
-//
-// VerifyInfo contains information that may be of use to a
-// CertificateVerifier implementation.
-//
-public class VerifyInfo
-{
-    // 
-    // A value of true indicates an incoming (server) connection.
-    //
-    public boolean incoming;
-
-    //
-    // The peer's certificate chain, which can be null if the peer
-    // is unverified.
-    //
-    public java.security.cert.Certificate[] certs;
-
-    //
-    // The SSL socket that is being authenticated.
-    //
-    public javax.net.ssl.SSLSocket socket;
-
-    // 
-    // The address of the server as specified by the proxy's
-    // endpoint. For example, in the following proxy:
-    // 
-    // identity:ssl -h www.server.com -p 10000
-    // 
-    // the value of address is "www.server.com".
-    //
-    // The value is an empty string for incoming connections.
-    //
-    public String address;
-}