diff options
| -rw-r--r-- | cpp/src/Glacier/GlacierI.cpp | 15 | ||||
| -rw-r--r-- | cpp/test/Glacier/starter/CertVerifier.cpp | 24 | ||||
| -rwxr-xr-x | cpp/test/Glacier/starter/run.py | 6 |
3 files changed, 27 insertions, 18 deletions
diff --git a/cpp/src/Glacier/GlacierI.cpp b/cpp/src/Glacier/GlacierI.cpp index d70be2d3dd6..2ef6cdd84ce 100644 --- a/cpp/src/Glacier/GlacierI.cpp +++ b/cpp/src/Glacier/GlacierI.cpp @@ -9,10 +9,9 @@ // ********************************************************************** #include <IceUtil/UUID.h> +#include <Ice/SslRSAKeyPair.h> #include <Glacier/GlacierI.h> #include <fcntl.h> -#include <Ice/SslRSAKeyPair.h> -//#include <sys/wait.h> #ifdef WIN32 # error Sorry, the glacier starter is not yet supported on WIN32. @@ -33,6 +32,10 @@ Glacier::StarterI::StarterI(const CommunicatorPtr& communicator) : _traceLevel = atoi(_properties->getProperty("Glacier.Trace.Starter").c_str()); // Set up the Certificate Generation context + // TODO: Why do we need these from properties? Isn't the value of + // all these properties completely irrelevant, as this is for + // temporary certificate? If so, why not just supply some dummy + // values, and get rid of all these properties? _certContext.setCountry(_properties->getProperty("Glacier.Starter.Certificate.Country")); _certContext.setStateProvince(_properties->getProperty("Glacier.Starter.Certificate.StateProvince")); _certContext.setLocality(_properties->getProperty("Glacier.Starter.Certificate.Locality")); @@ -56,7 +59,8 @@ Glacier::StarterI::destroy() } RouterPrx -Glacier::StarterI::startRouter(const string& userId, const string& password, ByteSeq& privateKey, ByteSeq& publicKey, ByteSeq& routerCert, const Current&) +Glacier::StarterI::startRouter(const string& userId, const string& password, ByteSeq& privateKey, ByteSeq& publicKey, + ByteSeq& routerCert, const Current&) { assert(_communicator); // Destroyed? @@ -149,6 +153,11 @@ Glacier::StarterI::startRouter(const string& userId, const string& password, Byt // StringSeq args = _properties->getCommandLineOptions(); args.push_back("--Glacier.Router.Identity=" + uuid); + // + // TODO: Potential security risk, command line parameters can + // be seen with `ps'. Keys and certificate should rather be + // passed through a pipe? (ML will take care of this...) + // args.push_back("--Ice.Security.Ssl.Overrides.Server.RSA.PrivateKey=" + routerPrivateKeyBase64); args.push_back("--Ice.Security.Ssl.Overrides.Server.RSA.Certificate=" + routerCertificateBase64); args.push_back("--Ice.Security.Ssl.Overrides.Client.RSA.PrivateKey=" + routerPrivateKeyBase64); diff --git a/cpp/test/Glacier/starter/CertVerifier.cpp b/cpp/test/Glacier/starter/CertVerifier.cpp index 22e6f2de4a2..13f143352c0 100644 --- a/cpp/test/Glacier/starter/CertVerifier.cpp +++ b/cpp/test/Glacier/starter/CertVerifier.cpp @@ -16,7 +16,7 @@ using namespace std; CertVerifier::CertVerifier(const ByteSeq& publicKey) : - _publicKey(publicKey) + _publicKey(publicKey) { } @@ -97,17 +97,17 @@ CertVerifier::verify(int preVerifyOkay, X509_STORE_CTX* x509StoreContext, SSL* s ByteSeq CertVerifier::toByteSeq(X509* certificate) { - ByteSeq certByteSeq;
- - // Convert the X509 to a unsigned char buffer.
- unsigned int certSize = i2d_X509(certificate, 0);
- unsigned char* certBuffer = new unsigned char[certSize];
- unsigned char* certPtr = certBuffer;
- i2d_X509(certificate, &certPtr);
-
- // Yet another conversion to a ByteSeq (easy comparison this way).
- copy(certBuffer, (certBuffer + certSize), back_inserter(certByteSeq));
- delete []certBuffer;
+ ByteSeq certByteSeq; + + // Convert the X509 to a unsigned char buffer. + unsigned int certSize = i2d_X509(certificate, 0); + unsigned char* certBuffer = new unsigned char[certSize]; + unsigned char* certPtr = certBuffer; + i2d_X509(certificate, &certPtr); + + // Yet another conversion to a ByteSeq (easy comparison this way). + copy(certBuffer, (certBuffer + certSize), back_inserter(certByteSeq)); + delete []certBuffer; return certByteSeq; } diff --git a/cpp/test/Glacier/starter/run.py b/cpp/test/Glacier/starter/run.py index 7b8eb8a6908..2f29c4aea95 100755 --- a/cpp/test/Glacier/starter/run.py +++ b/cpp/test/Glacier/starter/run.py @@ -56,8 +56,8 @@ print "ok" name = os.path.join("Glacier", "starter") TestUtil.clientServerTest(toplevel, name) -# print "shutting down glacier starter...", -# TestUtil.killServers() # TODO: Graceful shutdown -# print "ok" +print "shutting down glacier starter...", +TestUtil.killServers() # TODO: Graceful shutdown +print "ok" sys.exit(0) |