diff options
84 files changed, 6700 insertions, 6719 deletions
diff --git a/cpp/config/Make.rules b/cpp/config/Make.rules index f6c81becda9..854bc76f97e 100644 --- a/cpp/config/Make.rules +++ b/cpp/config/Make.rules @@ -31,7 +31,7 @@ STLPORT ?= /opt/STLport JTC ?= /opt/JTC DB ?= /opt/db OPENSSL ?= /opt/openssl -XERCES ?= /opt/xerces +XERCESC ?= /opt/xerces-c # # Experts only: You can change the following lines, for example, to @@ -40,10 +40,11 @@ XERCES ?= /opt/xerces CXX = c++ CXXFLAGS = -g -ftemplate-depth-128 -fPIC -Wall #CXXFLAGS = -O -DNDEBUG -ftemplate-depth-128 -fPIC -Wall -CPPFLAGS = -I$(includedir) -I$(STLPORT)/include/stlport -I$(JTC)/include -I$(OPENSSL)/include -I$(XERCES)/include -DUSE_SOCKETS -DSSL_EXTENSION -LDFLAGS = -L$(libdir) -L$(STLPORT)/lib -L$(JTC)/lib -L$(OPENSSL)/lib -L$(XERCES)/lib +CPPFLAGS = -I$(includedir) -I$(STLPORT)/include/stlport -I$(JTC)/include +LDFLAGS = -L$(libdir) -L$(STLPORT)/lib -L$(JTC)/lib -L$(OPENSSL)/lib -L$(XERCESC)/lib + BASELIBS = -lIceUtil -lstlport_gcc -lJTC -lpthread -LIBS = -lIce $(BASELIBS) +LIBS = -lIce -lxerces-c1_5_1 -lssl -lcrypto $(BASELIBS) # # Don't change anything below this line! diff --git a/cpp/config/TestUtil.py b/cpp/config/TestUtil.py index b1711e5463e..eeeeb09d00b 100644 --- a/cpp/config/TestUtil.py +++ b/cpp/config/TestUtil.py @@ -11,7 +11,7 @@ import sys, os -protocol = "ssl" +protocol = "tcp" serverOptions = " --Ice.Protocol=" + protocol + " --Ice.Trace.Security=0 --Ice.PrintProcessId --Ice.PrintAdapterReady --Ice.ServerIdleTime=60 --Ice.Ssl.Config=TOPLEVELDIR/Certs/server_sslconfig.xml" clientOptions = " --Ice.Protocol=" + protocol + " --Ice.Trace.Security=0 --Ice.Ssl.Config=TOPLEVELDIR/Certs/client_sslconfig.xml" collocatedOptions = " --Ice.Protocol=" + protocol + " --Ice.Trace.Security=0 --Ice.PrintProcessId --Ice.PrintAdapterReady --Ice.ServerIdleTime=60 --Ice.Ssl.Config=TOPLEVELDIR/Certs/sslconfig.xml" diff --git a/cpp/demo/Ice/hello/Client.cpp b/cpp/demo/Ice/hello/Client.cpp index d11b6515407..08cf4b27d36 100644 --- a/cpp/demo/Ice/hello/Client.cpp +++ b/cpp/demo/Ice/hello/Client.cpp @@ -50,10 +50,10 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) cerr << argv[0] << ": invalid object reference" << endl; return EXIT_FAILURE; } - HelloPrx oneway = HelloPrx::uncheckedCast(twoway->_oneway()); - HelloPrx batchOneway = HelloPrx::uncheckedCast(twoway->_batchOneway()); - HelloPrx datagram = HelloPrx::uncheckedCast(twoway->_datagram()); - HelloPrx batchDatagram = HelloPrx::uncheckedCast(twoway->_batchDatagram()); + HelloPrx oneway = HelloPrx::uncheckedCast(twoway->_ice_oneway()); + HelloPrx batchOneway = HelloPrx::uncheckedCast(twoway->_ice_batchOneway()); + HelloPrx datagram = HelloPrx::uncheckedCast(twoway->_ice_datagram()); + HelloPrx batchDatagram = HelloPrx::uncheckedCast(twoway->_ice_batchDatagram()); bool secure = false; int timeout = -1; @@ -89,8 +89,8 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) } else if (c == 'f') { - batchOneway->_flush(); - batchDatagram->_flush(); + batchOneway->_ice_flush(); + batchDatagram->_ice_flush(); } else if (c == 'T') { @@ -103,9 +103,9 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) timeout = -1; } - twoway = HelloPrx::uncheckedCast(twoway->_timeout(timeout)); - oneway = HelloPrx::uncheckedCast(oneway->_timeout(timeout)); - batchOneway = HelloPrx::uncheckedCast(batchOneway->_timeout(timeout)); + twoway = HelloPrx::uncheckedCast(twoway->_ice_timeout(timeout)); + oneway = HelloPrx::uncheckedCast(oneway->_ice_timeout(timeout)); + batchOneway = HelloPrx::uncheckedCast(batchOneway->_ice_timeout(timeout)); if (timeout == -1) { @@ -120,11 +120,11 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { secure = !secure; - twoway = HelloPrx::uncheckedCast(twoway->_secure(secure)); - oneway = HelloPrx::uncheckedCast(oneway->_secure(secure)); - batchOneway = HelloPrx::uncheckedCast(batchOneway->_secure(secure)); - datagram = HelloPrx::uncheckedCast(datagram->_secure(secure)); - batchDatagram = HelloPrx::uncheckedCast(batchDatagram->_secure(secure)); + twoway = HelloPrx::uncheckedCast(twoway->_ice_secure(secure)); + oneway = HelloPrx::uncheckedCast(oneway->_ice_secure(secure)); + batchOneway = HelloPrx::uncheckedCast(batchOneway->_ice_secure(secure)); + datagram = HelloPrx::uncheckedCast(datagram->_ice_secure(secure)); + batchDatagram = HelloPrx::uncheckedCast(batchDatagram->_ice_secure(secure)); if (secure) { diff --git a/cpp/include/Ice/Exception.h b/cpp/include/Ice/Exception.h index 5eaa6d52315..57e5e340bed 100644 --- a/cpp/include/Ice/Exception.h +++ b/cpp/include/Ice/Exception.h @@ -31,18 +31,18 @@ class LocalException : public IceUtil::Exception public: ICE_API LocalException(const char*, int); - virtual std::string _name() const = 0; - virtual Exception* _clone() const = 0; - virtual void _throw() const = 0; + virtual std::string _ice_name() const = 0; + virtual Exception* _ice_clone() const = 0; + virtual void _ice_throw() const = 0; }; class ICE_API UserException : public IceUtil::Exception { public: - virtual std::string _name() const = 0; - virtual Exception* _clone() const = 0; - virtual void _throw() const = 0; + virtual std::string _ice_name() const = 0; + virtual Exception* _ice_clone() const = 0; + virtual void _ice_throw() const = 0; virtual const char** __getExceptionIds() const = 0; virtual void __write(::IceInternal::BasicStream*) const = 0; diff --git a/cpp/include/Ice/Object.h b/cpp/include/Ice/Object.h index b01a469f060..23291abdad3 100644 --- a/cpp/include/Ice/Object.h +++ b/cpp/include/Ice/Object.h @@ -61,12 +61,12 @@ public: bool operator==(const Object&) const; bool operator<(const Object&) const; - ::Ice::Int _hash() const; + ::Ice::Int _ice_hash() const; - virtual bool _isA(const std::string&); - virtual void _ping(); - ::IceInternal::DispatchStatus ____isA(::IceInternal::Incoming&); - ::IceInternal::DispatchStatus ____ping(::IceInternal::Incoming&); + virtual bool _ice_isA(const std::string&); + virtual void _ice_ping(); + ::IceInternal::DispatchStatus ____ice_isA(::IceInternal::Incoming&); + ::IceInternal::DispatchStatus ____ice_ping(::IceInternal::Incoming&); virtual const char** __getClassIds() = 0; static const char* __all[]; @@ -76,10 +76,10 @@ public: virtual void __write(::IceInternal::BasicStream*) const; virtual void __read(::IceInternal::BasicStream*); - void _addFacet(const ObjectPtr&, const ::std::string&); - void _removeFacet(const ::std::string&); - void _removeAllFacets(); - ObjectPtr _findFacet(const ::std::string&); + void _ice_addFacet(const ObjectPtr&, const ::std::string&); + void _ice_removeFacet(const ::std::string&); + void _ice_removeAllFacets(); + ObjectPtr _ice_findFacet(const ::std::string&); private: diff --git a/cpp/include/Ice/Proxy.h b/cpp/include/Ice/Proxy.h index f859e8e6b37..973558377c6 100644 --- a/cpp/include/Ice/Proxy.h +++ b/cpp/include/Ice/Proxy.h @@ -36,26 +36,26 @@ public: bool operator==(const Object&) const; bool operator<(const Object&) const; - ::Ice::Int _hash() const; + ::Ice::Int _ice_hash() const; - bool _isA(const std::string&); - void _ping(); + bool _ice_isA(const std::string&); + void _ice_ping(); - std::string _getIdentity() const; - ::Ice::ObjectPrx _newIdentity(const std::string&) const; + std::string _ice_getIdentity() const; + ::Ice::ObjectPrx _ice_newIdentity(const std::string&) const; - std::string _getFacet() const; - ::Ice::ObjectPrx _newFacet(const std::string&) const; + std::string _ice_getFacet() const; + ::Ice::ObjectPrx _ice_newFacet(const std::string&) const; - ::Ice::ObjectPrx _twoway() const; - ::Ice::ObjectPrx _oneway() const; - ::Ice::ObjectPrx _batchOneway() const; - ::Ice::ObjectPrx _datagram() const; - ::Ice::ObjectPrx _batchDatagram() const; - ::Ice::ObjectPrx _secure(bool) const; - ::Ice::ObjectPrx _timeout(int) const; + ::Ice::ObjectPrx _ice_twoway() const; + ::Ice::ObjectPrx _ice_oneway() const; + ::Ice::ObjectPrx _ice_batchOneway() const; + ::Ice::ObjectPrx _ice_datagram() const; + ::Ice::ObjectPrx _ice_batchDatagram() const; + ::Ice::ObjectPrx _ice_secure(bool) const; + ::Ice::ObjectPrx _ice_timeout(int) const; - void _flush(); // Flush batch messages + void _ice_flush(); // Flush batch messages ::IceInternal::ReferencePtr __reference() const; void __copyFrom(const ::Ice::ObjectPrx&); @@ -87,9 +87,9 @@ class ICE_API Object : public ::IceUtil::Shared { public: - virtual bool _isA(const std::string&) = 0; - virtual void _ping() = 0; - virtual void _flush() = 0; + virtual bool _ice_isA(const std::string&) = 0; + virtual void _ice_ping() = 0; + virtual void _ice_flush() = 0; }; } } @@ -101,9 +101,9 @@ class ICE_API Object : virtual public ::IceDelegate::Ice::Object { public: - virtual bool _isA(const std::string&); - virtual void _ping(); - virtual void _flush(); + virtual bool _ice_isA(const std::string&); + virtual void _ice_ping(); + virtual void _ice_flush(); protected: @@ -125,9 +125,9 @@ class ICE_API Object : virtual public ::IceDelegate::Ice::Object { public: - virtual bool _isA(const std::string&); - virtual void _ping(); - virtual void _flush(); + virtual bool _ice_isA(const std::string&); + virtual void _ice_ping(); + virtual void _ice_flush(); protected: diff --git a/cpp/include/IceUtil/Exception.h b/cpp/include/IceUtil/Exception.h index d4e3ca6c514..108b6d24ad8 100644 --- a/cpp/include/IceUtil/Exception.h +++ b/cpp/include/IceUtil/Exception.h @@ -23,17 +23,17 @@ public: Exception(); Exception(const char*, int); virtual ~Exception(); - virtual std::string _name() const; - virtual void _print(std::ostream&) const; - virtual Exception* _clone() const; - virtual void _throw() const; - const char* _file() const; - int _line() const; + virtual std::string _ice_name() const; + virtual void _ice_print(std::ostream&) const; + virtual Exception* _ice_clone() const; + virtual void _ice_throw() const; + const char* _ice_file() const; + int _ice_line() const; private: - const char* _theFile; - int _theLine; + const char* _file; + int _line; }; ICE_UTIL_API std::ostream& operator<<(std::ostream&, const Exception&); @@ -43,10 +43,10 @@ class ICE_UTIL_API NullHandleException : public Exception public: NullHandleException(const char*, int); - virtual std::string _name() const; - virtual std::string _description() const; - virtual Exception* _clone() const; - virtual void _throw() const; + virtual std::string _ice_name() const; + virtual std::string _ice_description() const; + virtual Exception* _ice_clone() const; + virtual void _ice_throw() const; }; } diff --git a/cpp/slice/Ice/Object.ice b/cpp/slice/Ice/Object.ice index 9eb6a23eac8..0efffe4a936 100644 --- a/cpp/slice/Ice/Object.ice +++ b/cpp/slice/Ice/Object.ice @@ -39,14 +39,14 @@ interface \Object * otherwise. * **/ - nonmutating bool _isA(string id); + nonmutating bool _ice_isA(string id); /** * * Check if an object is alive. * **/ - nonmutating void _ping(); + nonmutating void _ice_ping(); }; }; diff --git a/cpp/src/Ice/BasicStream.cpp b/cpp/src/Ice/BasicStream.cpp index d5014036981..0b846e64d31 100644 --- a/cpp/src/Ice/BasicStream.cpp +++ b/cpp/src/Ice/BasicStream.cpp @@ -902,7 +902,7 @@ IceInternal::BasicStream::throwException(const char** throwsBegin, const char** if (binary_search(throwsBegin, throwsEnd, string(*p))) { ex.__read(this); - ex._throw(); + ex._ice_throw(); } } diff --git a/cpp/src/Ice/Collector.cpp b/cpp/src/Ice/Collector.cpp index 8de7adff572..360cb89739a 100644 --- a/cpp/src/Ice/Collector.cpp +++ b/cpp/src/Ice/Collector.cpp @@ -21,12 +21,12 @@ #include <Ice/Incoming.h> #include <Ice/Exception.h> #include <Ice/Protocol.h> -#include <Ice/Functional.h>
+#include <Ice/Functional.h> #include <Ice/SslException.h> using namespace std; using namespace Ice; -using namespace IceInternal;
+using namespace IceInternal; using IceSecurity::SecurityException; void IceInternal::incRef(Collector* p) { p->__incRef(); } @@ -566,17 +566,17 @@ IceInternal::CollectorFactory::message(BasicStream&) CollectorPtr collector = new Collector(_instance, _adapter, transceiver, _endpoint); collector->activate(); _collectors.push_back(collector); - }
- catch (const SecurityException&)
- {
- // TODO: bandaid. Takes care of SSL Handshake problems during creation of a Transceiver
- // Ignore, nothing we can do here
} - catch (const SocketException&)
- {
- // TODO: bandaid. Takes care of SSL Handshake problems during creation of a Transceiver
- // Ignore, nothing we can do here
- }
+ catch (const SecurityException&) + { + // TODO: bandaid. Takes care of SSL Handshake problems during creation of a Transceiver + // Ignore, nothing we can do here + } + catch (const SocketException&) + { + // TODO: bandaid. Takes care of SSL Handshake problems during creation of a Transceiver + // Ignore, nothing we can do here + } catch (const TimeoutException&) { // Ignore timeouts diff --git a/cpp/src/Ice/Direct.cpp b/cpp/src/Ice/Direct.cpp index f2345a3ada8..cd701864609 100644 --- a/cpp/src/Ice/Direct.cpp +++ b/cpp/src/Ice/Direct.cpp @@ -52,7 +52,7 @@ IceInternal::Direct::Direct(const ObjectAdapterPtr& adapter, const ReferencePtr& if (_servant && !ref->facet.empty()) { - _facetServant = _servant->_findFacet(ref->facet); + _facetServant = _servant->_ice_findFacet(ref->facet); if (!_facetServant) { throw FacetNotExistException(__FILE__, __LINE__); diff --git a/cpp/src/Ice/Emitter.cpp b/cpp/src/Ice/Emitter.cpp index 3aade168285..1a9097f73a8 100644 --- a/cpp/src/Ice/Emitter.cpp +++ b/cpp/src/Ice/Emitter.cpp @@ -64,7 +64,7 @@ IceInternal::Emitter::sendRequest(Outgoing* out, bool oneway) if (_exception.get()) { - _exception->_throw(); + _exception->_ice_throw(); } assert(_state == StateActive); @@ -99,7 +99,7 @@ IceInternal::Emitter::sendRequest(Outgoing* out, bool oneway) catch(const LocalException& ex) { setState(StateClosed, ex); - ex._throw(); + ex._ice_throw(); } // @@ -120,7 +120,7 @@ IceInternal::Emitter::prepareBatchRequest(Outgoing* out) if (_exception.get()) { unlock(); - _exception->_throw(); + _exception->_ice_throw(); } assert(_state == StateActive); @@ -152,7 +152,7 @@ IceInternal::Emitter::finishBatchRequest(Outgoing* out) if (_exception.get()) { unlock(); - _exception->_throw(); + _exception->_ice_throw(); } assert(_state == StateActive); @@ -176,7 +176,7 @@ IceInternal::Emitter::flushBatchRequest() if (_exception.get()) { - _exception->_throw(); + _exception->_ice_throw(); } assert(_state == StateActive); @@ -209,7 +209,7 @@ IceInternal::Emitter::flushBatchRequest() catch(const LocalException& ex) { setState(StateClosed, ex); - ex._throw(); + ex._ice_throw(); } } @@ -408,7 +408,7 @@ IceInternal::Emitter::setState(State state, const LocalException& ex) if (!_exception.get()) { - _exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._clone())); + _exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._ice_clone())); } for (std::map< ::Ice::Int, Outgoing*>::iterator p = _requests.begin(); p != _requests.end(); ++p) @@ -490,15 +490,15 @@ IceInternal::EmitterFactory::create(const vector<EndpointPtr>& endpoints) } catch (const SocketException& ex) { - exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._clone())); + exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._ice_clone())); } catch (const DNSException& ex) { - exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._clone())); + exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._ice_clone())); } catch (const TimeoutException& ex) { - exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._clone())); + exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._ice_clone())); } ++q; @@ -523,7 +523,7 @@ IceInternal::EmitterFactory::create(const vector<EndpointPtr>& endpoints) if (!emitter) { assert(exception.get()); - exception->_throw(); + exception->_ice_throw(); } return emitter; diff --git a/cpp/src/Ice/Exception.cpp b/cpp/src/Ice/Exception.cpp index 3f9a618d3bf..1b1ee004992 100644 --- a/cpp/src/Ice/Exception.cpp +++ b/cpp/src/Ice/Exception.cpp @@ -21,121 +21,121 @@ Ice::LocalException::LocalException(const char* file, int line) : } void -Ice::UnknownLocalException::_print(ostream& out) const +Ice::UnknownLocalException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nunknown local exception"; } void -Ice::UnknownUserException::_print(ostream& out) const +Ice::UnknownUserException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nunknown user exception"; } void -Ice::UnknownException::_print(ostream& out) const +Ice::UnknownException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nunknown C++ exception"; } void -Ice::VersionMismatchException::_print(ostream& out) const +Ice::VersionMismatchException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nIce library version mismatch"; } void -Ice::CommunicatorDestroyedException::_print(ostream& out) const +Ice::CommunicatorDestroyedException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\ncommunicator object destroyed"; } void -Ice::ObjectAdapterDeactivatedException::_print(ostream& out) const +Ice::ObjectAdapterDeactivatedException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nobject adapter deactivated"; } void -Ice::NoEndpointException::_print(ostream& out) const +Ice::NoEndpointException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nno suitable endpoint available"; } void -Ice::EndpointParseException::_print(ostream& out) const +Ice::EndpointParseException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nerror while parsing endpoint"; } void -Ice::ReferenceParseException::_print(ostream& out) const +Ice::ReferenceParseException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nerror while parsing reference"; } void -Ice::ReferenceIdentityException::_print(ostream& out) const +Ice::ReferenceIdentityException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nreference identity mismatch in location forward"; } void -Ice::ObjectNotExistException::_print(ostream& out) const +Ice::ObjectNotExistException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nobject does not exist"; } void -Ice::FacetNotExistException::_print(ostream& out) const +Ice::FacetNotExistException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nfacet does not exist"; } void -Ice::OperationNotExistException::_print(ostream& out) const +Ice::OperationNotExistException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\noperation does not exist"; } void -Ice::SystemException::_print(ostream& out) const +Ice::SystemException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nsystem exception: " << errorToString(error); } void -Ice::SocketException::_print(ostream& out) const +Ice::SocketException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nsocket exception: " << errorToString(error); } void -Ice::ConnectFailedException::_print(ostream& out) const +Ice::ConnectFailedException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nconnect failed: " << errorToString(error); } void -Ice::ConnectionLostException::_print(ostream& out) const +Ice::ConnectionLostException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nconnection lost: "; if (error == 0) { @@ -148,134 +148,134 @@ Ice::ConnectionLostException::_print(ostream& out) const } void -Ice::DNSException::_print(ostream& out) const +Ice::DNSException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nDNS error: " << errorToStringDNS(error); } void -Ice::TimeoutException::_print(ostream& out) const +Ice::TimeoutException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\ntimeout while sending or receiving data"; } void -Ice::ConnectTimeoutException::_print(ostream& out) const +Ice::ConnectTimeoutException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\ntimeout while establishing a connection"; } void -Ice::ProtocolException::_print(ostream& out) const +Ice::ProtocolException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nunknown protocol exception"; } void -Ice::UnmarshalOutOfBoundsException::_print(ostream& out) const +Ice::UnmarshalOutOfBoundsException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: out of bounds during unmarshaling"; } void -Ice::NoObjectFactoryException::_print(ostream& out) const +Ice::NoObjectFactoryException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: no suitable object factory found"; } void -Ice::NoUserExceptionFactoryException::_print(ostream& out) const +Ice::NoUserExceptionFactoryException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: no suitable user exception factory found"; } void -Ice::ProxyUnmarshalException::_print(ostream& out) const +Ice::ProxyUnmarshalException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: inconsistent proxy data during unmarshaling"; } void -Ice::IllegalIndirectionException::_print(ostream& out) const +Ice::IllegalIndirectionException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: encountered illegal protocol indirection"; } void -Ice::MemoryLimitException::_print(ostream& out) const +Ice::MemoryLimitException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: memory limit exceeded"; } void -Ice::EncapsulationException::_print(ostream& out) const +Ice::EncapsulationException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: illegal encapsulation"; } void -Ice::UnsupportedProtocolException::_print(ostream& out) const +Ice::UnsupportedProtocolException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: unsupported protocol version"; } void -Ice::UnsupportedEncodingException::_print(ostream& out) const +Ice::UnsupportedEncodingException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: unsupported encoding version"; } void -Ice::InvalidMessageException::_print(ostream& out) const +Ice::InvalidMessageException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: invalid message type"; } void -Ice::UnknownMessageException::_print(ostream& out) const +Ice::UnknownMessageException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: unknown message type"; } void -Ice::UnknownRequestIdException::_print(ostream& out) const +Ice::UnknownRequestIdException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: unknown request id"; } void -Ice::UnknownReplyStatusException::_print(ostream& out) const +Ice::UnknownReplyStatusException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: unknown reply status"; } void -Ice::CloseConnectionException::_print(ostream& out) const +Ice::CloseConnectionException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: connection closed by server"; } void -Ice::AbortBatchRequestException::_print(ostream& out) const +Ice::AbortBatchRequestException::_ice_print(ostream& out) const { - Exception::_print(out); + Exception::_ice_print(out); out << ":\nprotocol error: batch request was aborted"; } diff --git a/cpp/src/Ice/Incoming.cpp b/cpp/src/Ice/Incoming.cpp index f8d04ba5bf7..b57b30f3d62 100644 --- a/cpp/src/Ice/Incoming.cpp +++ b/cpp/src/Ice/Incoming.cpp @@ -80,7 +80,7 @@ IceInternal::Incoming::invoke(BasicStream& is) { if (!facet.empty()) { - ObjectPtr facetServant = servant->_findFacet(facet); + ObjectPtr facetServant = servant->_ice_findFacet(facet); if (!facetServant) { _os.write(static_cast<Byte>(DispatchFacetNotExist)); @@ -124,7 +124,7 @@ IceInternal::Incoming::invoke(BasicStream& is) } _os.b.resize(statusPos); _os.write(static_cast<Byte>(DispatchUnknownLocalException)); - ex._throw(); + ex._ice_throw(); } catch (const UserException& ex) { @@ -134,7 +134,7 @@ IceInternal::Incoming::invoke(BasicStream& is) } _os.b.resize(statusPos); _os.write(static_cast<Byte>(DispatchUnknownUserException)); - ex._throw(); + ex._ice_throw(); } catch (...) { diff --git a/cpp/src/Ice/Makefile b/cpp/src/Ice/Makefile index 8e82d0aa1c7..56fb40fc63f 100644 --- a/cpp/src/Ice/Makefile +++ b/cpp/src/Ice/Makefile @@ -90,11 +90,12 @@ SLICECMD = $(SLICE2CPP) --include-dir Ice --dll-export ICE_API -I$(slicedir) include $(top_srcdir)/config/Make.rules -CPPFLAGS := -I.. $(CPPFLAGS) +CPPFLAGS := -I.. $(CPPFLAGS) -I$(OPENSSL)/include -I$(XERCESC)/include/xercesc -DUSE_SOCKETS -DSSL_EXTENSION $(VERSIONED_NAME): $(OBJS) rm -f $@ - $(CXX) $(CXXFLAGS) -DUSE_SOCKETS -DSSL_EXTENSION $(LDFLAGS) -lxerces-c1_5_1 -lcrypto -lssl -shared -o $@ $(OBJS) + $(CXX) $(CXXFLAGS) -DUSE_SOCKETS -DSSL_EXTENSION $(LDFLAGS) -shared \ + -o $@ $(OBJS) $(NAME): $(VERSIONED_NAME) rm -f $@ diff --git a/cpp/src/Ice/Object.cpp b/cpp/src/Ice/Object.cpp index 029d925f301..5a0bfdbeda3 100644 --- a/cpp/src/Ice/Object.cpp +++ b/cpp/src/Ice/Object.cpp @@ -46,46 +46,46 @@ Ice::Object::operator<(const Object& r) const } Int -Ice::Object::_hash() const +Ice::Object::_ice_hash() const { return reinterpret_cast<Int>(this); } bool -Ice::Object::_isA(const string& s) +Ice::Object::_ice_isA(const string& s) { return s == "::Ice::Object"; } void -Ice::Object::_ping() +Ice::Object::_ice_ping() { // Nothing to do. } DispatchStatus -Ice::Object::____isA(Incoming& __in) +Ice::Object::____ice_isA(Incoming& __in) { BasicStream* __is = __in.is(); BasicStream* __os = __in.os(); string s; __is->read(s); - bool __ret = _isA(s); + bool __ret = _ice_isA(s); __os->write(__ret); return DispatchOK; } DispatchStatus -Ice::Object::____ping(Incoming&) +Ice::Object::____ice_ping(Incoming&) { - _ping(); + _ice_ping(); return DispatchOK; } const char* Ice::Object::__all[] = { - "_isA" - "_ping" + "_ice_isA" + "_ice_ping" }; DispatchStatus @@ -103,11 +103,11 @@ Ice::Object::__dispatch(Incoming& in, const string& s) { case 0: { - return ____isA(in); + return ____ice_isA(in); } case 1: { - return ____ping(in); + return ____ice_ping(in); } } @@ -159,7 +159,7 @@ Ice::Object::__read(::IceInternal::BasicStream* __is) } void -Ice::Object::_addFacet(const ObjectPtr& facet, const string& name) +Ice::Object::_ice_addFacet(const ObjectPtr& facet, const string& name) { JTCSyncT<JTCMutex> sync(_activeFacetMapMutex); @@ -167,7 +167,7 @@ Ice::Object::_addFacet(const ObjectPtr& facet, const string& name) } void -Ice::Object::_removeFacet(const string& name) +Ice::Object::_ice_removeFacet(const string& name) { JTCSyncT<JTCMutex> sync(_activeFacetMapMutex); @@ -194,7 +194,7 @@ Ice::Object::_removeFacet(const string& name) } void -Ice::Object::_removeAllFacets() +Ice::Object::_ice_removeAllFacets() { JTCSyncT<JTCMutex> sync(_activeFacetMapMutex); @@ -203,7 +203,7 @@ Ice::Object::_removeAllFacets() } ObjectPtr -Ice::Object::_findFacet(const string& name) +Ice::Object::_ice_findFacet(const string& name) { JTCSyncT<JTCMutex> sync(_activeFacetMapMutex); diff --git a/cpp/src/Ice/ObjectAdapterI.cpp b/cpp/src/Ice/ObjectAdapterI.cpp index 415c25d7249..86dbf9bfea4 100644 --- a/cpp/src/Ice/ObjectAdapterI.cpp +++ b/cpp/src/Ice/ObjectAdapterI.cpp @@ -19,7 +19,7 @@ #include <Ice/Exception.h> #include <Ice/Properties.h> #include <Ice/Functional.h> -
+ #ifdef WIN32 # include <sys/timeb.h> #else @@ -353,24 +353,15 @@ Ice::ObjectAdapterI::~ObjectAdapterI() deactivate(); } } -
+ ObjectPrx Ice::ObjectAdapterI::newProxy(const string& ident) { vector<EndpointPtr> endpoints; transform(_collectorFactories.begin(), _collectorFactories.end(), back_inserter(endpoints), Ice::constMemFun(&CollectorFactory::endpoint)); -
- // ASN: This is a bandaid
- bool makeSecure = false;
- size_t numSecureEndpoints = count_if(endpoints.begin(), endpoints.end(), Ice::constMemFun(&Endpoint::secure));
-
- if (numSecureEndpoints >= endpoints.size())
- {
- makeSecure = true;
- }
- - ReferencePtr reference = new Reference(_instance, ident, "", Reference::ModeTwoway, makeSecure /* false */, endpoints, endpoints); + + ReferencePtr reference = new Reference(_instance, ident, "", Reference::ModeTwoway, false, endpoints, endpoints); return _instance->proxyFactory()->referenceToProxy(reference); } diff --git a/cpp/src/Ice/ObjectAdapterI.h b/cpp/src/Ice/ObjectAdapterI.h index a049bf50b7b..ed367c08f8b 100644 --- a/cpp/src/Ice/ObjectAdapterI.h +++ b/cpp/src/Ice/ObjectAdapterI.h @@ -20,7 +20,7 @@ #include <Ice/ProxyF.h> #include <Ice/ObjectF.h> #include <Ice/Exception.h> -#include <Ice/EndpointF.h>
+#include <Ice/EndpointF.h> namespace Ice { diff --git a/cpp/src/Ice/Outgoing.cpp b/cpp/src/Ice/Outgoing.cpp index da3dee8e59a..dc2538e2e57 100644 --- a/cpp/src/Ice/Outgoing.cpp +++ b/cpp/src/Ice/Outgoing.cpp @@ -20,12 +20,12 @@ using namespace IceInternal; IceInternal::NonRepeatable::NonRepeatable(const NonRepeatable& ex) { - _ex = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex.get()->_clone())); + _ex = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex.get()->_ice_clone())); } IceInternal::NonRepeatable::NonRepeatable(const ::Ice::LocalException& ex) { - _ex = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._clone())); + _ex = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._ice_clone())); } const ::Ice::LocalException* @@ -135,7 +135,7 @@ IceInternal::Outgoing::invoke() // if(dynamic_cast<const CloseConnectionException*>(_exception.get())) { - _exception->_throw(); + _exception->_ice_throw(); } // @@ -273,7 +273,7 @@ IceInternal::Outgoing::finished(const LocalException& ex) if (_state == StateInProgress) { _state = StateLocalException; - _exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._clone())); + _exception = auto_ptr<LocalException>(dynamic_cast<LocalException*>(ex._ice_clone())); notify(); } } diff --git a/cpp/src/Ice/Proxy.cpp b/cpp/src/Ice/Proxy.cpp index 5cf7e2a55be..18f71b1f0be 100644 --- a/cpp/src/Ice/Proxy.cpp +++ b/cpp/src/Ice/Proxy.cpp @@ -45,19 +45,19 @@ IceInternal::checkedCast(const ObjectPrx& b, const string& f, ObjectPrx& d) d = 0; if (b) { - if (f == b->_getFacet()) + if (f == b->_ice_getFacet()) { d = b; } else { - ObjectPrx bb = b->_newFacet(f); + ObjectPrx bb = b->_ice_newFacet(f); try { #ifdef NDEBUG - bb->_isA("::Ice::Object"); + bb->_ice_isA("::Ice::Object"); #else - bool ok = bb->_isA("::Ice::Object"); + bool ok = bb->_ice_isA("::Ice::Object"); assert(ok); #endif d = bb; @@ -75,7 +75,7 @@ IceInternal::uncheckedCast(const ObjectPrx& b, const string& f, ObjectPrx& d) d = 0; if (b) { - d = b->_newFacet(f); + d = b->_ice_newFacet(f); } } @@ -92,12 +92,12 @@ IceProxy::Ice::Object::operator<(const Object& r) const } Int -IceProxy::Ice::Object::_hash() const +IceProxy::Ice::Object::_ice_hash() const { return _reference->hashValue; } bool -IceProxy::Ice::Object::_isA(const string& s) +IceProxy::Ice::Object::_ice_isA(const string& s) { int __cnt = 0; while (true) @@ -105,7 +105,7 @@ IceProxy::Ice::Object::_isA(const string& s) try { Handle< ::IceDelegate::Ice::Object> __del = __getDelegate(); - return __del->_isA(s); + return __del->_ice_isA(s); } catch (const LocationForward& __ex) { @@ -123,7 +123,7 @@ IceProxy::Ice::Object::_isA(const string& s) } void -IceProxy::Ice::Object::_ping() +IceProxy::Ice::Object::_ice_ping() { int __cnt = 0; while (true) @@ -131,7 +131,7 @@ IceProxy::Ice::Object::_ping() try { Handle< ::IceDelegate::Ice::Object> __del = __getDelegate(); - __del->_ping(); + __del->_ice_ping(); return; } catch (const LocationForward& __ex) @@ -150,13 +150,13 @@ IceProxy::Ice::Object::_ping() } std::string -IceProxy::Ice::Object::_getIdentity() const +IceProxy::Ice::Object::_ice_getIdentity() const { return _reference->identity; } ObjectPrx -IceProxy::Ice::Object::_newIdentity(const std::string& newIdentity) const +IceProxy::Ice::Object::_ice_newIdentity(const std::string& newIdentity) const { if (newIdentity == _reference->identity) { @@ -171,13 +171,13 @@ IceProxy::Ice::Object::_newIdentity(const std::string& newIdentity) const } std::string -IceProxy::Ice::Object::_getFacet() const +IceProxy::Ice::Object::_ice_getFacet() const { return _reference->facet; } ObjectPrx -IceProxy::Ice::Object::_newFacet(const std::string& newFacet) const +IceProxy::Ice::Object::_ice_newFacet(const std::string& newFacet) const { if (newFacet == _reference->facet) { @@ -192,7 +192,7 @@ IceProxy::Ice::Object::_newFacet(const std::string& newFacet) const } ObjectPrx -IceProxy::Ice::Object::_twoway() const +IceProxy::Ice::Object::_ice_twoway() const { ReferencePtr ref = _reference->changeMode(Reference::ModeTwoway); if (ref == _reference) @@ -208,7 +208,7 @@ IceProxy::Ice::Object::_twoway() const } ObjectPrx -IceProxy::Ice::Object::_oneway() const +IceProxy::Ice::Object::_ice_oneway() const { ReferencePtr ref = _reference->changeMode(Reference::ModeOneway); if (ref == _reference) @@ -224,7 +224,7 @@ IceProxy::Ice::Object::_oneway() const } ObjectPrx -IceProxy::Ice::Object::_batchOneway() const +IceProxy::Ice::Object::_ice_batchOneway() const { ReferencePtr ref = _reference->changeMode(Reference::ModeBatchOneway); if (ref == _reference) @@ -240,7 +240,7 @@ IceProxy::Ice::Object::_batchOneway() const } ObjectPrx -IceProxy::Ice::Object::_datagram() const +IceProxy::Ice::Object::_ice_datagram() const { ReferencePtr ref = _reference->changeMode(Reference::ModeDatagram); if (ref == _reference) @@ -256,7 +256,7 @@ IceProxy::Ice::Object::_datagram() const } ObjectPrx -IceProxy::Ice::Object::_batchDatagram() const +IceProxy::Ice::Object::_ice_batchDatagram() const { ReferencePtr ref = _reference->changeMode(Reference::ModeBatchDatagram); if (ref == _reference) @@ -272,7 +272,7 @@ IceProxy::Ice::Object::_batchDatagram() const } ObjectPrx -IceProxy::Ice::Object::_secure(bool b) const +IceProxy::Ice::Object::_ice_secure(bool b) const { ReferencePtr ref = _reference->changeSecure(b); if (ref == _reference) @@ -288,7 +288,7 @@ IceProxy::Ice::Object::_secure(bool b) const } ObjectPrx -IceProxy::Ice::Object::_timeout(int t) const +IceProxy::Ice::Object::_ice_timeout(int t) const { ReferencePtr ref = _reference->changeTimeout(t); if (ref == _reference) @@ -304,10 +304,10 @@ IceProxy::Ice::Object::_timeout(int t) const } void -IceProxy::Ice::Object::_flush() +IceProxy::Ice::Object::_ice_flush() { Handle< ::IceDelegate::Ice::Object> __del = __getDelegate(); - __del->_flush(); + __del->_ice_flush(); } ReferencePtr @@ -333,7 +333,7 @@ IceProxy::Ice::Object::__handleException(const LocalException& ex, int& cnt) try { - ex._throw(); + ex._ice_throw(); } catch (const CloseConnectionException&) { @@ -367,7 +367,7 @@ IceProxy::Ice::Object::__handleException(const LocalException& ex, int& cnt) s << "cannot retry operation call because retry limit has been exceeded\n" << ex; logger->trace(traceLevels->retryCat, s.str()); } - ex._throw(); + ex._ice_throw(); } if (traceLevels->retry >= 1) @@ -417,7 +417,7 @@ IceProxy::Ice::Object::__rethrowException(const LocalException& ex) _delegate = 0; - ex._throw(); + ex._ice_throw(); } Handle< ::IceDelegate::Ice::Object> @@ -467,12 +467,12 @@ IceProxy::Ice::Object::setup(const ReferencePtr& ref) } bool -IceDelegateM::Ice::Object::_isA(const string& s) +IceDelegateM::Ice::Object::_ice_isA(const string& s) { Outgoing __out(__emitter, __reference); BasicStream* __is = __out.is(); BasicStream* __os = __out.os(); - __os->write("_isA"); + __os->write("_ice_isA"); __os->write(s); if (!__out.invoke()) { @@ -484,11 +484,11 @@ IceDelegateM::Ice::Object::_isA(const string& s) } void -IceDelegateM::Ice::Object::_ping() +IceDelegateM::Ice::Object::_ice_ping() { Outgoing __out(__emitter, __reference); BasicStream* __os = __out.os(); - __os->write("_ping"); + __os->write("_ice_ping"); if (!__out.invoke()) { throw ::Ice::UnknownUserException(__FILE__, __LINE__); @@ -496,7 +496,7 @@ IceDelegateM::Ice::Object::_ping() } void -IceDelegateM::Ice::Object::_flush() +IceDelegateM::Ice::Object::_ice_flush() { __emitter->flushBatchRequest(); } @@ -555,21 +555,21 @@ IceDelegateM::Ice::Object::setup(const ReferencePtr& ref) } bool -IceDelegateD::Ice::Object::_isA(const string& s) +IceDelegateD::Ice::Object::_ice_isA(const string& s) { - Direct __direct(__adapter, __reference, "_isA"); - return __direct.facetServant()->_isA(s); + Direct __direct(__adapter, __reference, "_ice_isA"); + return __direct.facetServant()->_ice_isA(s); } void -IceDelegateD::Ice::Object::_ping() +IceDelegateD::Ice::Object::_ice_ping() { - Direct __direct(__adapter, __reference, "_ping"); - __direct.facetServant()->_ping(); + Direct __direct(__adapter, __reference, "_ice_ping"); + __direct.facetServant()->_ice_ping(); } void -IceDelegateD::Ice::Object::_flush() +IceDelegateD::Ice::Object::_ice_flush() { // Nothing to do for direct delegates } diff --git a/cpp/src/Ice/Reference.cpp b/cpp/src/Ice/Reference.cpp index 6b4db8e1b6d..247ca30fab9 100644 --- a/cpp/src/Ice/Reference.cpp +++ b/cpp/src/Ice/Reference.cpp @@ -72,11 +72,11 @@ IceInternal::Reference::Reference(const InstancePtr& inst, const string& str) : { break; } -
- if (s[beg] == ':')
- {
- break;
- }
+ + if (s[beg] == ':') + { + break; + } end = s.find_first_of(delim + ":", beg); if (end == string::npos) diff --git a/cpp/src/Ice/Reference.h b/cpp/src/Ice/Reference.h index 4e159e4dc77..f60ae3171b5 100644 --- a/cpp/src/Ice/Reference.h +++ b/cpp/src/Ice/Reference.h @@ -80,7 +80,7 @@ private: void calcHashValue(); }; -
+ } #endif diff --git a/cpp/src/Ice/Security.h b/cpp/src/Ice/Security.h index 3d30bc4d69e..8e3944cb239 100644 --- a/cpp/src/Ice/Security.h +++ b/cpp/src/Ice/Security.h @@ -1,92 +1,92 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifndef ICE_SECURITY_H
-#define ICE_SECURITY_H
-
-// NOTE: Define USE_SOCKETS in order to turn on use of sockets in OpenSSL
-#ifndef USE_SOCKETS
-#define USE_SOCKETS
-#endif
-
-#include <openssl/ssl.h>
-
-namespace IceSecurity
-{
-
-typedef enum
-{
- NO_SECURITY_TRACE = 0,
- SECURITY_WARNINGS,
- SECURITY_PARSE_WARNINGS,
- SECURITY_METHODS,
- SECURITY_EXCEPTIONS,
- SECURITY_PROTOCOL,
- SECURITY_PROTOCOL_DEBUG
-} SecurityTraceLevel;
-
-}
-
-#define SECURITY_LEVEL_METHODS (_traceLevels->security >= IceSecurity::SECURITY_METHODS)
-#define SECURITY_LEVEL_PARSEWARNINGS (_traceLevels->security >= IceSecurity::SECURITY_PARSE_WARNINGS)
-#define SECURITY_LEVEL_WARNINGS (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS)
-#define SECURITY_LEVEL_EXCEPTIONS (_traceLevels->security >= IceSecurity::SECURITY_EXCEPTIONS)
-#define SECURITY_LEVEL_PROTOCOL (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
-#define SECURITY_LEVEL_PROTOCOL_DEBUG (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL_DEBUG)
-
-#define SECURITY_LOGGER(s) _logger->trace(_traceLevels->securityCat, s);
-
-#define METHOD_INV(s) \
- if (_traceLevels->security >= IceSecurity::SECURITY_METHODS) \
- { \
- _logger->trace(_traceLevels->securityCat, "INV " + string(s)); \
- }
-
-#define METHOD_INS(s) \
- if (_traceLevels->security >= IceSecurity::SECURITY_METHODS) \
- { \
- _logger->trace(_traceLevels->securityCat, "INS " + string(s)); \
- }
-
-#define METHOD_RET(s) \
- if (_traceLevels->security >= IceSecurity::SECURITY_METHODS) \
- { \
- _logger->trace(_traceLevels->securityCat, "RET " + string(s)); \
- }
-
-#define PARSE_WARNING(s) \
- if (_traceLevels->security >= IceSecurity::SECURITY_PARSE_WARNINGS) \
- { \
- _logger->trace(_traceLevels->securityCat, "PWN " + string(s)); \
- }
-
-#define WARNING(s) \
- if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) \
- { \
- _logger->trace(_traceLevels->securityCat, "WRN " + string(s)); \
- }
-
-#define EXCEPTION(s) \
- if (_traceLevels->security >= IceSecurity::SECURITY_EXCEPTIONS) \
- { \
- _logger->trace(_traceLevels->securityCat, "EXC " + string(s)); \
- }
-
-#define PROTOCOL(s) \
- if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) \
- { \
- _logger->trace(_traceLevels->securityCat, "PTL " + string(s)); \
- }
-
-#define PROTOCOL_DEBUG(s) \
- if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL_DEBUG) \
- { \
- _logger->trace(_traceLevels->securityCat, "DBG " + string(s)); \
- }
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifndef ICE_SECURITY_H +#define ICE_SECURITY_H + +// NOTE: Define USE_SOCKETS in order to turn on use of sockets in OpenSSL +#ifndef USE_SOCKETS +#define USE_SOCKETS +#endif + +#include <openssl/ssl.h> + +namespace IceSecurity +{ + +typedef enum +{ + NO_SECURITY_TRACE = 0, + SECURITY_WARNINGS, + SECURITY_PARSE_WARNINGS, + SECURITY_METHODS, + SECURITY_EXCEPTIONS, + SECURITY_PROTOCOL, + SECURITY_PROTOCOL_DEBUG +} SecurityTraceLevel; + +} + +#define SECURITY_LEVEL_METHODS (_traceLevels->security >= IceSecurity::SECURITY_METHODS) +#define SECURITY_LEVEL_PARSEWARNINGS (_traceLevels->security >= IceSecurity::SECURITY_PARSE_WARNINGS) +#define SECURITY_LEVEL_WARNINGS (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) +#define SECURITY_LEVEL_EXCEPTIONS (_traceLevels->security >= IceSecurity::SECURITY_EXCEPTIONS) +#define SECURITY_LEVEL_PROTOCOL (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) +#define SECURITY_LEVEL_PROTOCOL_DEBUG (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL_DEBUG) + +#define SECURITY_LOGGER(s) _logger->trace(_traceLevels->securityCat, s); + +#define METHOD_INV(s) \ + if (_traceLevels->security >= IceSecurity::SECURITY_METHODS) \ + { \ + _logger->trace(_traceLevels->securityCat, "INV " + string(s)); \ + } + +#define METHOD_INS(s) \ + if (_traceLevels->security >= IceSecurity::SECURITY_METHODS) \ + { \ + _logger->trace(_traceLevels->securityCat, "INS " + string(s)); \ + } + +#define METHOD_RET(s) \ + if (_traceLevels->security >= IceSecurity::SECURITY_METHODS) \ + { \ + _logger->trace(_traceLevels->securityCat, "RET " + string(s)); \ + } + +#define PARSE_WARNING(s) \ + if (_traceLevels->security >= IceSecurity::SECURITY_PARSE_WARNINGS) \ + { \ + _logger->trace(_traceLevels->securityCat, "PWN " + string(s)); \ + } + +#define WARNING(s) \ + if (_traceLevels->security >= IceSecurity::SECURITY_WARNINGS) \ + { \ + _logger->trace(_traceLevels->securityCat, "WRN " + string(s)); \ + } + +#define EXCEPTION(s) \ + if (_traceLevels->security >= IceSecurity::SECURITY_EXCEPTIONS) \ + { \ + _logger->trace(_traceLevels->securityCat, "EXC " + string(s)); \ + } + +#define PROTOCOL(s) \ + if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL) \ + { \ + _logger->trace(_traceLevels->securityCat, "PTL " + string(s)); \ + } + +#define PROTOCOL_DEBUG(s) \ + if (_traceLevels->security >= IceSecurity::SECURITY_PROTOCOL_DEBUG) \ + { \ + _logger->trace(_traceLevels->securityCat, "DBG " + string(s)); \ + } +#endif diff --git a/cpp/src/Ice/SslAcceptor.cpp b/cpp/src/Ice/SslAcceptor.cpp index 1eaa4c01776..a1aeac543f0 100644 --- a/cpp/src/Ice/SslAcceptor.cpp +++ b/cpp/src/Ice/SslAcceptor.cpp @@ -7,13 +7,13 @@ // All Rights Reserved // // ********************************************************************** -#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
+#ifdef WIN32 +#pragma warning(disable:4786) +#endif -#include <Ice/SslFactory.h>
-#include <Ice/SslSystem.h>
-#include <Ice/Properties.h>
+#include <Ice/SslFactory.h> +#include <Ice/SslSystem.h> +#include <Ice/Properties.h> #include <Ice/SslAcceptor.h> #include <Ice/SslTransceiver.h> #include <Ice/Instance.h> @@ -21,20 +21,20 @@ #include <Ice/Logger.h> #include <Ice/Network.h> #include <Ice/Exception.h> -#include <Ice/SslException.h>
-#include <sstream>
+#include <Ice/SslException.h> +#include <sstream> using namespace std; using namespace Ice; using namespace IceInternal; -using std::string;
-using std::ostringstream;
-using IceSecurity::Ssl::Connection;
-using IceSecurity::Ssl::Factory;
-using IceSecurity::Ssl::System;
-using IceSecurity::Ssl::ShutdownException;
-
+using std::string; +using std::ostringstream; +using IceSecurity::Ssl::Connection; +using IceSecurity::Ssl::Factory; +using IceSecurity::Ssl::System; +using IceSecurity::Ssl::ShutdownException; + int IceInternal::SslAcceptor::fd() { @@ -102,50 +102,50 @@ IceInternal::SslAcceptor::accept(int timeout) _logger->trace(_traceLevels->networkCat, s.str()); } - // This is the Ice SSL Configuration File on which we will base
- // all connections in this communicator.
- string configFile = _instance->properties()->getProperty("Ice.Ssl.Config");
-
- // Get an instance of the SslSystem singleton.
- System* sslSystem = Factory::getSystem(configFile);
-
- if (!sslSystem->isTraceSet())
- {
- sslSystem->setTrace(_traceLevels);
- }
-
- if (!sslSystem->isLoggerSet())
- {
- sslSystem->setLogger(_logger);
- }
-
- // Initialize the server (if needed)
- if (!sslSystem->isConfigLoaded())
- {
- sslSystem->loadConfig();
- }
-
- Connection* sslConnection = 0;
-
- try
+ // This is the Ice SSL Configuration File on which we will base + // all connections in this communicator. + string configFile = _instance->properties()->getProperty("Ice.Ssl.Config"); + + // Get an instance of the SslSystem singleton. + System* sslSystem = Factory::getSystem(configFile); + + if (!sslSystem->isTraceSet()) + { + sslSystem->setTrace(_traceLevels); + } + + if (!sslSystem->isLoggerSet()) { - sslConnection = sslSystem->createServerConnection(fd);
- }
- catch (...)
- {
- Factory::releaseSystem(sslSystem);
- sslSystem = 0;
-
- // Shutdown the connection.
- throw;
- }
-
- TransceiverPtr transPtr = new SslTransceiver(_instance, fd, sslConnection);
-
- Factory::releaseSystem(sslSystem);
- sslSystem = 0;
- - return transPtr;
+ sslSystem->setLogger(_logger); + } + + // Initialize the server (if needed) + if (!sslSystem->isConfigLoaded()) + { + sslSystem->loadConfig(); + } + + Connection* sslConnection = 0; + + try + { + sslConnection = sslSystem->createServerConnection(fd); + } + catch (...) + { + Factory::releaseSystem(sslSystem); + sslSystem = 0; + + // Shutdown the connection. + throw; + } + + TransceiverPtr transPtr = new SslTransceiver(_instance, fd, sslConnection); + + Factory::releaseSystem(sslSystem); + sslSystem = 0; + + return transPtr; } string diff --git a/cpp/src/Ice/SslBaseCerts.cpp b/cpp/src/Ice/SslBaseCerts.cpp index ad5ddb34488..eb2ace00b13 100644 --- a/cpp/src/Ice/SslBaseCerts.cpp +++ b/cpp/src/Ice/SslBaseCerts.cpp @@ -1,34 +1,34 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/SslBaseCerts.h>
-
-using namespace IceSecurity::Ssl;
-
-IceSecurity::Ssl::BaseCertificates::BaseCertificates()
-{
-}
-
-IceSecurity::Ssl::BaseCertificates::BaseCertificates(CertificateDesc& rsaCert,
- CertificateDesc& dsaCert,
- DiffieHellmanParamsFile& dhParams) :
- _rsaCert(rsaCert),
- _dsaCert(dsaCert),
- _dhParams(dhParams)
-{
-}
-
-IceSecurity::Ssl::BaseCertificates::BaseCertificates(BaseCertificates& baseCerts) :
- _rsaCert(baseCerts._rsaCert),
- _dsaCert(baseCerts._dsaCert),
- _dhParams(baseCerts._dhParams)
-{
-}
-
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <Ice/SslBaseCerts.h> + +using namespace IceSecurity::Ssl; + +IceSecurity::Ssl::BaseCertificates::BaseCertificates() +{ +} + +IceSecurity::Ssl::BaseCertificates::BaseCertificates(CertificateDesc& rsaCert, + CertificateDesc& dsaCert, + DiffieHellmanParamsFile& dhParams) : + _rsaCert(rsaCert), + _dsaCert(dsaCert), + _dhParams(dhParams) +{ +} + +IceSecurity::Ssl::BaseCertificates::BaseCertificates(BaseCertificates& baseCerts) : + _rsaCert(baseCerts._rsaCert), + _dsaCert(baseCerts._dsaCert), + _dhParams(baseCerts._dhParams) +{ +} + diff --git a/cpp/src/Ice/SslBaseCerts.h b/cpp/src/Ice/SslBaseCerts.h index 840112324ba..b423813441e 100644 --- a/cpp/src/Ice/SslBaseCerts.h +++ b/cpp/src/Ice/SslBaseCerts.h @@ -1,75 +1,75 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_BASE_CERTS_H
-#define ICE_SSL_BASE_CERTS_H
-
-#include <Ice/SslCertificateDesc.h>
-#include <ostream>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-class BaseCertificates
-{
-
-public:
- BaseCertificates();
- BaseCertificates(CertificateDesc&, CertificateDesc&, DiffieHellmanParamsFile&);
- BaseCertificates(BaseCertificates&);
-
- inline const CertificateDesc& getRSACert() const { return _rsaCert; };
- inline const CertificateDesc& getDSACert() const { return _dsaCert; };
-
- inline const DiffieHellmanParamsFile& getDHParams() const { return _dhParams; };
-
-protected:
- CertificateDesc _rsaCert;
- CertificateDesc _dsaCert;
- DiffieHellmanParamsFile _dhParams;
-};
-
-using std::endl;
-
-template<class Stream>
-inline Stream& operator << (Stream& target, const BaseCertificates& baseCerts)
-{
- if (baseCerts.getRSACert().getKeySize() != 0)
- {
- target << "RSA\n{" << endl;
- target << baseCerts.getRSACert();
- target << "}\n" << endl;
- }
-
- if (baseCerts.getDSACert().getKeySize() != 0)
- {
- target << "DSA\n{" << endl;
- target << baseCerts.getDSACert();
- target << "}\n" << endl;
- }
-
- if (baseCerts.getDHParams().getKeySize() != 0)
- {
- target << "DH\n{" << endl;
- target << baseCerts.getDHParams();
- target << "}\n" << endl;
- }
-
- return target;
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_BASE_CERTS_H +#define ICE_SSL_BASE_CERTS_H + +#include <Ice/SslCertificateDesc.h> +#include <ostream> + +namespace IceSecurity +{ + +namespace Ssl +{ + +class BaseCertificates +{ + +public: + BaseCertificates(); + BaseCertificates(CertificateDesc&, CertificateDesc&, DiffieHellmanParamsFile&); + BaseCertificates(BaseCertificates&); + + inline const CertificateDesc& getRSACert() const { return _rsaCert; }; + inline const CertificateDesc& getDSACert() const { return _dsaCert; }; + + inline const DiffieHellmanParamsFile& getDHParams() const { return _dhParams; }; + +protected: + CertificateDesc _rsaCert; + CertificateDesc _dsaCert; + DiffieHellmanParamsFile _dhParams; +}; + +using std::endl; + +template<class Stream> +inline Stream& operator << (Stream& target, const BaseCertificates& baseCerts) +{ + if (baseCerts.getRSACert().getKeySize() != 0) + { + target << "RSA\n{" << endl; + target << baseCerts.getRSACert(); + target << "}\n" << endl; + } + + if (baseCerts.getDSACert().getKeySize() != 0) + { + target << "DSA\n{" << endl; + target << baseCerts.getDSACert(); + target << "}\n" << endl; + } + + if (baseCerts.getDHParams().getKeySize() != 0) + { + target << "DH\n{" << endl; + target << baseCerts.getDHParams(); + target << "}\n" << endl; + } + + return target; +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslCertificateAuthority.cpp b/cpp/src/Ice/SslCertificateAuthority.cpp index 0c1a42146ed..9247819d4e5 100644 --- a/cpp/src/Ice/SslCertificateAuthority.cpp +++ b/cpp/src/Ice/SslCertificateAuthority.cpp @@ -1,41 +1,41 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/SslCertificateAuthority.h>
-
-using namespace std;
-
-IceSecurity::Ssl::CertificateAuthority::CertificateAuthority()
-{
-}
-
-IceSecurity::Ssl::CertificateAuthority::CertificateAuthority(string& fileName, string& path) :
- _fileName(fileName),
- _path(path)
-{
-}
-
-IceSecurity::Ssl::CertificateAuthority::CertificateAuthority(CertificateAuthority& certAuthority) :
- _fileName(certAuthority._fileName),
- _path(certAuthority._path)
-{
-}
-
-void
-IceSecurity::Ssl::CertificateAuthority::setCAFileName(string& fileName)
-{
- _fileName = fileName;
-}
-
-void
-IceSecurity::Ssl::CertificateAuthority::setCAPath(string& caPath)
-{
- _path = caPath;
-}
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <Ice/SslCertificateAuthority.h> + +using namespace std; + +IceSecurity::Ssl::CertificateAuthority::CertificateAuthority() +{ +} + +IceSecurity::Ssl::CertificateAuthority::CertificateAuthority(string& fileName, string& path) : + _fileName(fileName), + _path(path) +{ +} + +IceSecurity::Ssl::CertificateAuthority::CertificateAuthority(CertificateAuthority& certAuthority) : + _fileName(certAuthority._fileName), + _path(certAuthority._path) +{ +} + +void +IceSecurity::Ssl::CertificateAuthority::setCAFileName(string& fileName) +{ + _fileName = fileName; +} + +void +IceSecurity::Ssl::CertificateAuthority::setCAPath(string& caPath) +{ + _path = caPath; +} diff --git a/cpp/src/Ice/SslCertificateAuthority.h b/cpp/src/Ice/SslCertificateAuthority.h index 69452024235..1cd72d3a482 100644 --- a/cpp/src/Ice/SslCertificateAuthority.h +++ b/cpp/src/Ice/SslCertificateAuthority.h @@ -1,47 +1,47 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CERTIFICATE_AUTHORITY_H
-#define ICE_SSL_CERTIFICATE_AUTHORITY_H
-
-#include <string>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-using namespace std;
-
-class CertificateAuthority
-{
-
-public:
- CertificateAuthority();
- CertificateAuthority(string&, string&);
- CertificateAuthority(CertificateAuthority&);
-
- void setCAFileName(string&);
- void setCAPath(string&);
-
- inline const string& getCAFileName() const { return _fileName; };
- inline const string& getCAPath() const { return _path; };
-
-private:
- string _fileName;
- string _path;
-};
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_CERTIFICATE_AUTHORITY_H +#define ICE_SSL_CERTIFICATE_AUTHORITY_H + +#include <string> + +namespace IceSecurity +{ + +namespace Ssl +{ + +using namespace std; + +class CertificateAuthority +{ + +public: + CertificateAuthority(); + CertificateAuthority(string&, string&); + CertificateAuthority(CertificateAuthority&); + + void setCAFileName(string&); + void setCAPath(string&); + + inline const string& getCAFileName() const { return _fileName; }; + inline const string& getCAPath() const { return _path; }; + +private: + string _fileName; + string _path; +}; + +} + +} + +#endif diff --git a/cpp/src/Ice/SslCertificateDesc.cpp b/cpp/src/Ice/SslCertificateDesc.cpp index cc1d8e1f2e4..73e636292d4 100644 --- a/cpp/src/Ice/SslCertificateDesc.cpp +++ b/cpp/src/Ice/SslCertificateDesc.cpp @@ -1,92 +1,92 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
-
-#include <openssl/ssl.h>
-#include <Ice/SslCertificateDesc.h>
-
-using namespace std;
-using namespace IceSecurity::Ssl;
-
-/////////////////////////
-//// CertificateFile ////
-/////////////////////////
-
-IceSecurity::Ssl::CertificateFile::CertificateFile() :
- _fileName(""),
- _encoding(0)
-{
-}
-
-IceSecurity::Ssl::CertificateFile::CertificateFile(const string& filename, const int encoding) :
- _fileName(filename),
- _encoding(encoding)
-{
-}
-
-IceSecurity::Ssl::CertificateFile::CertificateFile(const CertificateFile& certFile) :
- _fileName(certFile._fileName),
- _encoding(certFile._encoding)
-{
-}
-
-/////////////////////////////////
-//// DiffieHellmanParamsFile ////
-/////////////////////////////////
-
-IceSecurity::Ssl::DiffieHellmanParamsFile::DiffieHellmanParamsFile() :
- CertificateFile(),
- _keySize(0)
-{
-}
-
-IceSecurity::Ssl::DiffieHellmanParamsFile::DiffieHellmanParamsFile(const int keySize,
- const string& filename,
- const int encoding) :
- CertificateFile(filename, encoding),
- _keySize(keySize)
-{
-}
-
-IceSecurity::Ssl::DiffieHellmanParamsFile::DiffieHellmanParamsFile(const DiffieHellmanParamsFile& dhParams) :
- CertificateFile(dhParams._fileName, dhParams._encoding),
- _keySize(dhParams._keySize)
-{
-}
-
-/////////////////////////
-//// CertificateDesc ////
-/////////////////////////
-
-IceSecurity::Ssl::CertificateDesc::CertificateDesc() :
- _keySize(0),
- _public(),
- _private()
-{
-}
-
-IceSecurity::Ssl::CertificateDesc::CertificateDesc(const int keySize,
- const CertificateFile& publicFile,
- const CertificateFile& privateFile) :
- _keySize(keySize),
- _public(publicFile),
- _private(privateFile)
-{
-}
-
-IceSecurity::Ssl::CertificateDesc::CertificateDesc(const CertificateDesc& certDesc) :
- _keySize(certDesc._keySize),
- _public(certDesc._public),
- _private(certDesc._private)
-{
-}
-
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif + +#include <openssl/ssl.h> +#include <Ice/SslCertificateDesc.h> + +using namespace std; +using namespace IceSecurity::Ssl; + +///////////////////////// +//// CertificateFile //// +///////////////////////// + +IceSecurity::Ssl::CertificateFile::CertificateFile() : + _fileName(""), + _encoding(0) +{ +} + +IceSecurity::Ssl::CertificateFile::CertificateFile(const string& filename, const int encoding) : + _fileName(filename), + _encoding(encoding) +{ +} + +IceSecurity::Ssl::CertificateFile::CertificateFile(const CertificateFile& certFile) : + _fileName(certFile._fileName), + _encoding(certFile._encoding) +{ +} + +///////////////////////////////// +//// DiffieHellmanParamsFile //// +///////////////////////////////// + +IceSecurity::Ssl::DiffieHellmanParamsFile::DiffieHellmanParamsFile() : + CertificateFile(), + _keySize(0) +{ +} + +IceSecurity::Ssl::DiffieHellmanParamsFile::DiffieHellmanParamsFile(const int keySize, + const string& filename, + const int encoding) : + CertificateFile(filename, encoding), + _keySize(keySize) +{ +} + +IceSecurity::Ssl::DiffieHellmanParamsFile::DiffieHellmanParamsFile(const DiffieHellmanParamsFile& dhParams) : + CertificateFile(dhParams._fileName, dhParams._encoding), + _keySize(dhParams._keySize) +{ +} + +///////////////////////// +//// CertificateDesc //// +///////////////////////// + +IceSecurity::Ssl::CertificateDesc::CertificateDesc() : + _keySize(0), + _public(), + _private() +{ +} + +IceSecurity::Ssl::CertificateDesc::CertificateDesc(const int keySize, + const CertificateFile& publicFile, + const CertificateFile& privateFile) : + _keySize(keySize), + _public(publicFile), + _private(privateFile) +{ +} + +IceSecurity::Ssl::CertificateDesc::CertificateDesc(const CertificateDesc& certDesc) : + _keySize(certDesc._keySize), + _public(certDesc._public), + _private(certDesc._private) +{ +} + diff --git a/cpp/src/Ice/SslCertificateDesc.h b/cpp/src/Ice/SslCertificateDesc.h index d1eb8a03578..830b3df076f 100644 --- a/cpp/src/Ice/SslCertificateDesc.h +++ b/cpp/src/Ice/SslCertificateDesc.h @@ -1,128 +1,128 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
-
-#ifndef ICE_SSL_CERTIFICATE_DESC_H
-#define ICE_SSL_CERTIFICATE_DESC_H
-
-#include <string>
-#include <vector>
-#include <ostream>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-using std::string;
-using std::ostream;
-using std::vector;
-
-class CertificateFile
-{
-
-public:
- CertificateFile();
- CertificateFile(const string&, const int);
- CertificateFile(const CertificateFile&);
-
- inline string getFileName() const { return _fileName; };
- inline int getEncoding() const { return _encoding; };
-
-protected:
- string _fileName;
- int _encoding;
-};
-
-class DiffieHellmanParamsFile : public CertificateFile
-{
-
-public:
- DiffieHellmanParamsFile();
- DiffieHellmanParamsFile(const int, const string&, const int);
- DiffieHellmanParamsFile(const DiffieHellmanParamsFile&);
-
- inline int getKeySize() const { return _keySize; };
-
-protected:
- int _keySize;
-};
-
-class CertificateDesc
-{
-
-public:
- CertificateDesc();
- CertificateDesc(const int, const CertificateFile&, const CertificateFile&);
- CertificateDesc(const CertificateDesc&);
-
- inline int getKeySize() const { return _keySize; };
-
- inline const CertificateFile& getPublic() const { return _public; };
- inline const CertificateFile& getPrivate() const { return _private; };
-
-protected:
- int _keySize;
- CertificateFile _public;
- CertificateFile _private;
-};
-
-typedef vector<CertificateDesc> RSAVector;
-typedef vector<CertificateDesc> DSAVector;
-typedef vector<DiffieHellmanParamsFile> DHVector;
-
-template<class Stream>
-inline Stream& operator << (Stream& target, const CertificateFile& certFile)
-{
- if (certFile.getEncoding() == SSL_FILETYPE_PEM)
- {
- target << "[PEM]: " << certFile.getFileName();
- }
- else if (certFile.getEncoding() == SSL_FILETYPE_ASN1)
- {
- target << "[ASN1]: " << certFile.getFileName();
- }
-
- return target;
-}
-
-template<class Stream>
-inline Stream& operator << (Stream& target, const DiffieHellmanParamsFile& dhParams)
-{
- if (dhParams.getKeySize() != 0)
- {
- target << "Keysize: " << dhParams.getKeySize() << endl;
- target << "File: " << ((CertificateFile&)dhParams) << endl;
- }
-
- return target;
-}
-
-template<class Stream>
-inline Stream& operator << (Stream& target, const CertificateDesc& certDesc)
-{
- if (certDesc.getKeySize() != 0)
- {
- target << "Keysize: " << certDesc.getKeySize() << endl;
- target << "Public: " << certDesc.getPublic() << endl;
- target << "Private: " << certDesc.getPrivate() << endl;
- }
-
- return target;
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif + +#ifndef ICE_SSL_CERTIFICATE_DESC_H +#define ICE_SSL_CERTIFICATE_DESC_H + +#include <string> +#include <vector> +#include <ostream> + +namespace IceSecurity +{ + +namespace Ssl +{ + +using std::string; +using std::ostream; +using std::vector; + +class CertificateFile +{ + +public: + CertificateFile(); + CertificateFile(const string&, const int); + CertificateFile(const CertificateFile&); + + inline string getFileName() const { return _fileName; }; + inline int getEncoding() const { return _encoding; }; + +protected: + string _fileName; + int _encoding; +}; + +class DiffieHellmanParamsFile : public CertificateFile +{ + +public: + DiffieHellmanParamsFile(); + DiffieHellmanParamsFile(const int, const string&, const int); + DiffieHellmanParamsFile(const DiffieHellmanParamsFile&); + + inline int getKeySize() const { return _keySize; }; + +protected: + int _keySize; +}; + +class CertificateDesc +{ + +public: + CertificateDesc(); + CertificateDesc(const int, const CertificateFile&, const CertificateFile&); + CertificateDesc(const CertificateDesc&); + + inline int getKeySize() const { return _keySize; }; + + inline const CertificateFile& getPublic() const { return _public; }; + inline const CertificateFile& getPrivate() const { return _private; }; + +protected: + int _keySize; + CertificateFile _public; + CertificateFile _private; +}; + +typedef vector<CertificateDesc> RSAVector; +typedef vector<CertificateDesc> DSAVector; +typedef vector<DiffieHellmanParamsFile> DHVector; + +template<class Stream> +inline Stream& operator << (Stream& target, const CertificateFile& certFile) +{ + if (certFile.getEncoding() == SSL_FILETYPE_PEM) + { + target << "[PEM]: " << certFile.getFileName(); + } + else if (certFile.getEncoding() == SSL_FILETYPE_ASN1) + { + target << "[ASN1]: " << certFile.getFileName(); + } + + return target; +} + +template<class Stream> +inline Stream& operator << (Stream& target, const DiffieHellmanParamsFile& dhParams) +{ + if (dhParams.getKeySize() != 0) + { + target << "Keysize: " << dhParams.getKeySize() << endl; + target << "File: " << ((CertificateFile&)dhParams) << endl; + } + + return target; +} + +template<class Stream> +inline Stream& operator << (Stream& target, const CertificateDesc& certDesc) +{ + if (certDesc.getKeySize() != 0) + { + target << "Keysize: " << certDesc.getKeySize() << endl; + target << "Public: " << certDesc.getPublic() << endl; + target << "Private: " << certDesc.getPrivate() << endl; + } + + return target; +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslConfig.cpp b/cpp/src/Ice/SslConfig.cpp index e1c0ad2fac4..cdac35128b0 100644 --- a/cpp/src/Ice/SslConfig.cpp +++ b/cpp/src/Ice/SslConfig.cpp @@ -1,554 +1,548 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
-
-#include <sstream>
-#include <iostream>
-
-#include <util/PlatformUtils.hpp>
-#include <parsers/DOMParser.hpp>
-
-#include <Ice/SslException.h>
-#include <Ice/SslConfigErrorReporter.h>
-#include <Ice/SslConfig.h>
-
-#include <direct.h>
-
-using namespace std;
-using namespace IceSecurity::Ssl::OpenSSL;
-
-//
-// Public Methods
-//
-
-IceSecurity::Ssl::Parser::Parser(const string& configFile) :
- _configFile(configFile)
-{
- _traceLevels = 0;
- _logger = 0;
-}
-
-IceSecurity::Ssl::Parser::~Parser()
-{
-}
-
-void
-IceSecurity::Ssl::Parser::process()
-{
- try
- {
- XMLPlatformUtils::Initialize();
- }
- catch(const XMLException& toCatch)
- {
- if (_traceLevels->network >= 1)
- {
- ostringstream s;
- s << "Xerces-c Init Exception: " << DOMString(toCatch.getMessage());
- _logger->trace(_traceLevels->networkCat, s.str());
- }
-
- throw ContextException("Xerces-c Init Exception.", __FILE__, __LINE__);
- }
-
- int errorCount = 0;
-
- ErrorReporter* errReporter = new ErrorReporter(_traceLevels, _logger);
- assert(errReporter != 0);
-
- // Create our parser, then attach an error handler to the parser.
- // The parser will call back to methods of the ErrorHandler if it
- // discovers errors during the course of parsing the XML document.
- DOMParser *parser = new DOMParser;
- parser->setValidationScheme(DOMParser::Val_Auto);
- parser->setDoNamespaces(false);
- parser->setDoSchema(false);
- parser->setCreateEntityReferenceNodes(false);
- parser->setToCreateXMLDeclTypeNode(true);
- parser->setErrorHandler(errReporter);
-
- char bigbuffer[1024];
- _getcwd(bigbuffer,sizeof(bigbuffer));
-
-
- try
- {
- parser->parse(_configFile.c_str());
-
- errorCount = parser->getErrorCount();
-
- if (errorCount == 0)
- {
- // Get the root of the parse tree.
- _root = parser->getDocument();
- }
- }
- catch (const XMLException& e)
- {
- if (errReporter != 0)
- {
- delete errReporter;
- }
-
- ostringstream s;
- s << "Xerces-c Parsing Error: " << DOMString(e.getMessage());
-
- if (_traceLevels->network >= 1)
- {
- _logger->trace(_traceLevels->networkCat, s.str());
- }
-
- throw ContextException(s.str().c_str(), __FILE__, __LINE__);
- }
- catch (const DOM_DOMException& e)
- {
- if (errReporter != 0)
- {
- delete errReporter;
- }
-
- ostringstream s;
- s << "Xerces-c DOM Parsing Error, DOMException code: " << e.code;
-
- if (_traceLevels->network >= 1)
- {
- _logger->trace(_traceLevels->networkCat, s.str());
- }
-
- throw ContextException(s.str().c_str(), __FILE__, __LINE__);
- }
- catch (...)
- {
- if (errReporter != 0)
- {
- delete errReporter;
- }
-
- string s = "An error occured during parsing";
-
- if (_traceLevels->network >= 1)
- {
- _logger->trace(_traceLevels->networkCat, s);
- }
-
- throw ContextException(s.c_str(), __FILE__, __LINE__);
- }
-
- if (errReporter != 0)
- {
- delete errReporter;
- }
-
- if (errorCount)
- {
- string s = errorCount + "Errors occured during parsing";
-
- if (_traceLevels->network >= 1)
- {
- _logger->trace(_traceLevels->networkCat, s);
- }
-
- throw ContextException(s.c_str(), __FILE__, __LINE__);
- }
-}
-
-bool
-IceSecurity::Ssl::Parser::loadClientConfig(GeneralConfig& general,
- CertificateAuthority& certAuth,
- BaseCertificates& baseCerts)
-{
- bool retCode = false;
- string clientSectionString("SSLConfig:client");
- DOM_Node clientSection = find(clientSectionString);
-
- // If we actually have a client section.
- if (clientSection != 0)
- {
- getGeneral(clientSection, general);
- getCertAuth(clientSection, certAuth);
- getBaseCerts(clientSection, baseCerts);
- retCode = true;
- }
-
- return retCode;
-}
-
-bool
-IceSecurity::Ssl::Parser::loadServerConfig(GeneralConfig& general,
- CertificateAuthority& certAuth,
- BaseCertificates& baseCerts,
- TempCertificates& tempCerts)
-{
- bool retCode = false;
- string serverSectionString("SSLConfig:server");
- DOM_Node serverSection = find(serverSectionString);
-
- // If we actually have a client section.
- if (serverSection != 0)
- {
- getGeneral(serverSection, general);
- getCertAuth(serverSection, certAuth);
- getBaseCerts(serverSection, baseCerts);
- getTempCerts(serverSection, tempCerts);
- retCode = true;
- }
-
- return retCode;
-}
-
-//
-// Private Methods
-//
-
-// path is of the form "sslconfig:client:general"
-void
-IceSecurity::Ssl::Parser::popRoot(string& path, string& root, string& tail)
-{
- string::size_type pos = path.find_first_of(':');
-
- if (pos != string::npos)
- {
- root = path.substr(0,pos);
- tail = path.substr(pos+1);
- }
- else
- {
- root = path;
- tail = "";
- }
-}
-
-DOM_Node
-IceSecurity::Ssl::Parser::find(string& nodePath)
-{
- return find(_root, nodePath);
-}
-
-DOM_Node
-IceSecurity::Ssl::Parser::find(DOM_Node rootNode, string& nodePath)
-{
- // The target node that we're looking for.
- DOM_Node tNode;
-
- if (rootNode != 0)
- {
- string rootNodeName;
- string tailNodes;
-
- // Pop the root off the path.
- popRoot(nodePath, rootNodeName, tailNodes);
-
- DOM_Node child = rootNode.getFirstChild();
-
- while (child != 0)
- {
- // Ignore any other node types - we're only interested in ELEMENT_NODEs.
- if (child.getNodeType() == DOM_Node::ELEMENT_NODE)
- {
- string nodeName = toString(child.getNodeName());
-
- if (nodeName.compare(rootNodeName) == 0)
- {
- // No further to recurse, this must be it.
- if (tailNodes.empty())
- {
- tNode = child;
- }
- else
- {
- // Recursive call.
- tNode = find(child, tailNodes);
- }
- }
- }
-
- child = child.getNextSibling();
- }
- }
-
- return tNode;
-}
-
-void
-IceSecurity::Ssl::Parser::getGeneral(DOM_Node rootNode, GeneralConfig& generalConfig)
-{
- if (rootNode != 0)
- {
- string generalString("general");
- DOM_Node general = find(rootNode, generalString);
-
- DOM_NamedNodeMap attributes = general.getAttributes();
-
- int attrCount = attributes.getLength();
-
- for (int i = 0; i < attrCount; i++)
- {
- DOM_Node attribute = attributes.item(i);
- string nodeName = toString(attribute.getNodeName());
- string nodeValue = toString(attribute.getNodeValue());
-
- // Set the property.
- generalConfig.set(nodeName, nodeValue);
- }
- }
-}
-
-void
-IceSecurity::Ssl::Parser::getCertAuth(DOM_Node rootNode, CertificateAuthority& certAuth)
-{
- if (rootNode != 0)
- {
- string certAuthorityString("certauthority");
- DOM_Node certAuthNode = find(rootNode, certAuthorityString);
-
- if (certAuthNode != 0)
- {
- DOM_NamedNodeMap attributes = certAuthNode.getAttributes();
-
- int attrCount = attributes.getLength();
-
- for (int i = 0; i < attrCount; i++)
- {
- DOM_Node attribute = attributes.item(i);
- string nodeName = toString(attribute.getNodeName());
- string nodeValue = toString(attribute.getNodeValue());
-
- if (nodeName.compare("file") == 0)
- {
- certAuth.setCAFileName(nodeValue);
- }
- else if (nodeName.compare("path") == 0)
- {
- certAuth.setCAPath(nodeValue);
- }
- }
- }
- }
-}
-
-void
-IceSecurity::Ssl::Parser::getBaseCerts(DOM_Node rootNode, BaseCertificates& baseCerts)
-{
- if (rootNode != 0)
- {
- string baseCertsString("basecerts");
- DOM_Node baseCertsRoot = find(rootNode, baseCertsString);
-
- if (baseCertsRoot != 0)
- {
- CertificateDesc rsaCert;
- CertificateDesc dsaCert;
- DiffieHellmanParamsFile dhParams;
-
- string rsaCertString("rsacert");
- string dsaCertString("dsacert");
- string dhParamsString("dhparams");
-
- getCert(find(baseCertsRoot, rsaCertString), rsaCert);
- getCert(find(baseCertsRoot, dsaCertString), dsaCert);
-
- getDHParams(find(baseCertsRoot, dhParamsString), dhParams);
-
- baseCerts = BaseCertificates(rsaCert, dsaCert, dhParams);
- }
- }
-}
-
-void
-IceSecurity::Ssl::Parser::getTempCerts(DOM_Node rootNode, TempCertificates& tempCerts)
-{
- if (rootNode != 0)
- {
- string tempCertsString("tempcerts");
- DOM_Node tempCertsRoot = find(rootNode, tempCertsString);
-
- if (tempCertsRoot != 0)
- {
- DOM_Node child = tempCertsRoot.getFirstChild();
-
- while (child != 0)
- {
- DOMString nodeName = child.getNodeName();
- string name = toString(nodeName);
-
- if (name.compare("dhparams") == 0)
- {
- loadDHParams(child, tempCerts);
- }
- else if (name.compare("rsacert") == 0)
- {
- loadRSACert(child, tempCerts);
- }
- else if (name.compare("dsacert") == 0)
- {
- loadDSACert(child, tempCerts);
- }
-
- child = child.getNextSibling();
- }
- }
- }
-}
-
-void
-IceSecurity::Ssl::Parser::loadDHParams(DOM_Node rootNode, TempCertificates& tempCerts)
-{
- DiffieHellmanParamsFile dhParams;
-
- getDHParams(rootNode, dhParams);
-
- tempCerts.addDHParams(dhParams);
-}
-
-void
-IceSecurity::Ssl::Parser::loadRSACert(DOM_Node rootNode, TempCertificates& tempCerts)
-{
- CertificateDesc rsaCert;
-
- getCert(rootNode, rsaCert);
-
- tempCerts.addRSACert(rsaCert);
-}
-
-void
-IceSecurity::Ssl::Parser::loadDSACert(DOM_Node rootNode, TempCertificates& tempCerts)
-{
- CertificateDesc dsaCert;
-
- getCert(rootNode, dsaCert);
-
- tempCerts.addDSACert(dsaCert);
-}
-
-void
-IceSecurity::Ssl::Parser::getCert(DOM_Node rootNode, CertificateDesc& certDesc)
-{
- if (rootNode != 0)
- {
- CertificateFile publicFile;
- CertificateFile privateFile;
- int keySize = 0;
-
- DOM_NamedNodeMap attributes = rootNode.getAttributes();
- int attrCount = attributes.getLength();
-
- for (int i = 0; i < attrCount; i++)
- {
- DOM_Node attribute = attributes.item(i);
- string nodeName = toString(attribute.getNodeName());
- string nodeValue = toString(attribute.getNodeValue());
-
- if (nodeName.compare("keysize") == 0)
- {
- keySize = atoi(nodeValue.c_str());
- }
- }
-
- string publicString("public");
- string privateString("private");
-
- loadCertificateFile(find(rootNode, publicString), publicFile);
- loadCertificateFile(find(rootNode, privateString), privateFile);
-
- // Initialize the certificate description.
- certDesc = CertificateDesc(keySize, publicFile, privateFile);
- }
-}
-
-void
-IceSecurity::Ssl::Parser::getDHParams(DOM_Node rootNode, DiffieHellmanParamsFile& dhParams)
-{
- if (rootNode != 0)
- {
- CertificateFile certFile;
- loadCertificateFile(rootNode, certFile);
-
- DOM_NamedNodeMap attributes = rootNode.getAttributes();
- int keySize = 0;
- int attrCount = attributes.getLength();
-
- for (int i = 0; i < attrCount; i++)
- {
- DOM_Node attribute = attributes.item(i);
- string nodeName = toString(attribute.getNodeName());
- string nodeValue = toString(attribute.getNodeValue());
-
- if (nodeName.compare("keysize") == 0)
- {
- keySize = atoi(nodeValue.c_str());
- }
- }
-
- dhParams = DiffieHellmanParamsFile(keySize, certFile.getFileName(), certFile.getEncoding());
- }
-}
-
-void
-IceSecurity::Ssl::Parser::loadCertificateFile(DOM_Node rootNode, CertificateFile& certFile)
-{
- if (rootNode != 0)
- {
- string filename;
- int encoding;
-
- DOM_NamedNodeMap attributes = rootNode.getAttributes();
- int attrCount = attributes.getLength();
-
- for (int i = 0; i < attrCount; i++)
- {
- DOM_Node attribute = attributes.item(i);
- string nodeName = toString(attribute.getNodeName());
- string nodeValue = toString(attribute.getNodeValue());
-
- if (nodeName.compare("encoding") == 0)
- {
- encoding = parseEncoding(nodeValue);
- }
- else if (nodeName.compare("filename") == 0)
- {
- filename = nodeValue;
- }
- }
-
- certFile = CertificateFile(filename, encoding);
- }
-}
-
-int
-IceSecurity::Ssl::Parser::parseEncoding(string& encodingString)
-{
- int encoding = 0;
-
- if (encodingString.compare("PEM") == 0)
- {
- encoding = SSL_FILETYPE_PEM;
- }
- else if (encodingString.compare("ASN1") == 0)
- {
- encoding = SSL_FILETYPE_ASN1;
- }
-
- return encoding;
-}
-
-string
-IceSecurity::Ssl::Parser::toString(const DOMString& domString)
-{
- char* cString = domString.transcode();
-
- string stlString(cString);
-
- delete []cString;
-
- return stlString;
-}
-
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif + +#include <sstream> +#include <iostream> + +#include <util/PlatformUtils.hpp> +#include <parsers/DOMParser.hpp> + +#include <Ice/SslException.h> +#include <Ice/SslConfigErrorReporter.h> +#include <Ice/SslConfig.h> + +using namespace std; +using namespace IceSecurity::Ssl::OpenSSL; + +// +// Public Methods +// + +IceSecurity::Ssl::Parser::Parser(const string& configFile) : + _configFile(configFile) +{ + _traceLevels = 0; + _logger = 0; +} + +IceSecurity::Ssl::Parser::~Parser() +{ +} + +void +IceSecurity::Ssl::Parser::process() +{ + try + { + XMLPlatformUtils::Initialize(); + } + catch(const XMLException& toCatch) + { + if (_traceLevels->network >= 1) + { + ostringstream s; + s << "Xerces-c Init Exception: " << DOMString(toCatch.getMessage()); + _logger->trace(_traceLevels->networkCat, s.str()); + } + + throw ContextException("Xerces-c Init Exception.", __FILE__, __LINE__); + } + + int errorCount = 0; + + ErrorReporter* errReporter = new ErrorReporter(_traceLevels, _logger); + assert(errReporter != 0); + + // Create our parser, then attach an error handler to the parser. + // The parser will call back to methods of the ErrorHandler if it + // discovers errors during the course of parsing the XML document. + DOMParser *parser = new DOMParser; + parser->setValidationScheme(DOMParser::Val_Auto); + parser->setDoNamespaces(false); + parser->setDoSchema(false); + parser->setCreateEntityReferenceNodes(false); + parser->setToCreateXMLDeclTypeNode(true); + parser->setErrorHandler(errReporter); + + try + { + parser->parse(_configFile.c_str()); + + errorCount = parser->getErrorCount(); + + if (errorCount == 0) + { + // Get the root of the parse tree. + _root = parser->getDocument(); + } + } + catch (const XMLException& e) + { + if (errReporter != 0) + { + delete errReporter; + } + + ostringstream s; + s << "Xerces-c Parsing Error: " << DOMString(e.getMessage()); + + if (_traceLevels->network >= 1) + { + _logger->trace(_traceLevels->networkCat, s.str()); + } + + throw ContextException(s.str().c_str(), __FILE__, __LINE__); + } + catch (const DOM_DOMException& e) + { + if (errReporter != 0) + { + delete errReporter; + } + + ostringstream s; + s << "Xerces-c DOM Parsing Error, DOMException code: " << e.code; + + if (_traceLevels->network >= 1) + { + _logger->trace(_traceLevels->networkCat, s.str()); + } + + throw ContextException(s.str().c_str(), __FILE__, __LINE__); + } + catch (...) + { + if (errReporter != 0) + { + delete errReporter; + } + + string s = "An error occured during parsing"; + + if (_traceLevels->network >= 1) + { + _logger->trace(_traceLevels->networkCat, s); + } + + throw ContextException(s.c_str(), __FILE__, __LINE__); + } + + if (errReporter != 0) + { + delete errReporter; + } + + if (errorCount) + { + string s = errorCount + "Errors occured during parsing"; + + if (_traceLevels->network >= 1) + { + _logger->trace(_traceLevels->networkCat, s); + } + + throw ContextException(s.c_str(), __FILE__, __LINE__); + } +} + +bool +IceSecurity::Ssl::Parser::loadClientConfig(GeneralConfig& general, + CertificateAuthority& certAuth, + BaseCertificates& baseCerts) +{ + bool retCode = false; + string clientSectionString("SSLConfig:client"); + DOM_Node clientSection = find(clientSectionString); + + // If we actually have a client section. + if (clientSection != 0) + { + getGeneral(clientSection, general); + getCertAuth(clientSection, certAuth); + getBaseCerts(clientSection, baseCerts); + retCode = true; + } + + return retCode; +} + +bool +IceSecurity::Ssl::Parser::loadServerConfig(GeneralConfig& general, + CertificateAuthority& certAuth, + BaseCertificates& baseCerts, + TempCertificates& tempCerts) +{ + bool retCode = false; + string serverSectionString("SSLConfig:server"); + DOM_Node serverSection = find(serverSectionString); + + // If we actually have a client section. + if (serverSection != 0) + { + getGeneral(serverSection, general); + getCertAuth(serverSection, certAuth); + getBaseCerts(serverSection, baseCerts); + getTempCerts(serverSection, tempCerts); + retCode = true; + } + + return retCode; +} + +// +// Private Methods +// + +// path is of the form "sslconfig:client:general" +void +IceSecurity::Ssl::Parser::popRoot(string& path, string& root, string& tail) +{ + string::size_type pos = path.find_first_of(':'); + + if (pos != string::npos) + { + root = path.substr(0,pos); + tail = path.substr(pos+1); + } + else + { + root = path; + tail = ""; + } +} + +DOM_Node +IceSecurity::Ssl::Parser::find(string& nodePath) +{ + return find(_root, nodePath); +} + +DOM_Node +IceSecurity::Ssl::Parser::find(DOM_Node rootNode, string& nodePath) +{ + // The target node that we're looking for. + DOM_Node tNode; + + if (rootNode != 0) + { + string rootNodeName; + string tailNodes; + + // Pop the root off the path. + popRoot(nodePath, rootNodeName, tailNodes); + + DOM_Node child = rootNode.getFirstChild(); + + while (child != 0) + { + // Ignore any other node types - we're only interested in ELEMENT_NODEs. + if (child.getNodeType() == DOM_Node::ELEMENT_NODE) + { + string nodeName = toString(child.getNodeName()); + + if (nodeName.compare(rootNodeName) == 0) + { + // No further to recurse, this must be it. + if (tailNodes.empty()) + { + tNode = child; + } + else + { + // Recursive call. + tNode = find(child, tailNodes); + } + } + } + + child = child.getNextSibling(); + } + } + + return tNode; +} + +void +IceSecurity::Ssl::Parser::getGeneral(DOM_Node rootNode, GeneralConfig& generalConfig) +{ + if (rootNode != 0) + { + string generalString("general"); + DOM_Node general = find(rootNode, generalString); + + DOM_NamedNodeMap attributes = general.getAttributes(); + + int attrCount = attributes.getLength(); + + for (int i = 0; i < attrCount; i++) + { + DOM_Node attribute = attributes.item(i); + string nodeName = toString(attribute.getNodeName()); + string nodeValue = toString(attribute.getNodeValue()); + + // Set the property. + generalConfig.set(nodeName, nodeValue); + } + } +} + +void +IceSecurity::Ssl::Parser::getCertAuth(DOM_Node rootNode, CertificateAuthority& certAuth) +{ + if (rootNode != 0) + { + string certAuthorityString("certauthority"); + DOM_Node certAuthNode = find(rootNode, certAuthorityString); + + if (certAuthNode != 0) + { + DOM_NamedNodeMap attributes = certAuthNode.getAttributes(); + + int attrCount = attributes.getLength(); + + for (int i = 0; i < attrCount; i++) + { + DOM_Node attribute = attributes.item(i); + string nodeName = toString(attribute.getNodeName()); + string nodeValue = toString(attribute.getNodeValue()); + + if (nodeName.compare("file") == 0) + { + certAuth.setCAFileName(nodeValue); + } + else if (nodeName.compare("path") == 0) + { + certAuth.setCAPath(nodeValue); + } + } + } + } +} + +void +IceSecurity::Ssl::Parser::getBaseCerts(DOM_Node rootNode, BaseCertificates& baseCerts) +{ + if (rootNode != 0) + { + string baseCertsString("basecerts"); + DOM_Node baseCertsRoot = find(rootNode, baseCertsString); + + if (baseCertsRoot != 0) + { + CertificateDesc rsaCert; + CertificateDesc dsaCert; + DiffieHellmanParamsFile dhParams; + + string rsaCertString("rsacert"); + string dsaCertString("dsacert"); + string dhParamsString("dhparams"); + + getCert(find(baseCertsRoot, rsaCertString), rsaCert); + getCert(find(baseCertsRoot, dsaCertString), dsaCert); + + getDHParams(find(baseCertsRoot, dhParamsString), dhParams); + + baseCerts = BaseCertificates(rsaCert, dsaCert, dhParams); + } + } +} + +void +IceSecurity::Ssl::Parser::getTempCerts(DOM_Node rootNode, TempCertificates& tempCerts) +{ + if (rootNode != 0) + { + string tempCertsString("tempcerts"); + DOM_Node tempCertsRoot = find(rootNode, tempCertsString); + + if (tempCertsRoot != 0) + { + DOM_Node child = tempCertsRoot.getFirstChild(); + + while (child != 0) + { + DOMString nodeName = child.getNodeName(); + string name = toString(nodeName); + + if (name.compare("dhparams") == 0) + { + loadDHParams(child, tempCerts); + } + else if (name.compare("rsacert") == 0) + { + loadRSACert(child, tempCerts); + } + else if (name.compare("dsacert") == 0) + { + loadDSACert(child, tempCerts); + } + + child = child.getNextSibling(); + } + } + } +} + +void +IceSecurity::Ssl::Parser::loadDHParams(DOM_Node rootNode, TempCertificates& tempCerts) +{ + DiffieHellmanParamsFile dhParams; + + getDHParams(rootNode, dhParams); + + tempCerts.addDHParams(dhParams); +} + +void +IceSecurity::Ssl::Parser::loadRSACert(DOM_Node rootNode, TempCertificates& tempCerts) +{ + CertificateDesc rsaCert; + + getCert(rootNode, rsaCert); + + tempCerts.addRSACert(rsaCert); +} + +void +IceSecurity::Ssl::Parser::loadDSACert(DOM_Node rootNode, TempCertificates& tempCerts) +{ + CertificateDesc dsaCert; + + getCert(rootNode, dsaCert); + + tempCerts.addDSACert(dsaCert); +} + +void +IceSecurity::Ssl::Parser::getCert(DOM_Node rootNode, CertificateDesc& certDesc) +{ + if (rootNode != 0) + { + CertificateFile publicFile; + CertificateFile privateFile; + int keySize = 0; + + DOM_NamedNodeMap attributes = rootNode.getAttributes(); + int attrCount = attributes.getLength(); + + for (int i = 0; i < attrCount; i++) + { + DOM_Node attribute = attributes.item(i); + string nodeName = toString(attribute.getNodeName()); + string nodeValue = toString(attribute.getNodeValue()); + + if (nodeName.compare("keysize") == 0) + { + keySize = atoi(nodeValue.c_str()); + } + } + + string publicString("public"); + string privateString("private"); + + loadCertificateFile(find(rootNode, publicString), publicFile); + loadCertificateFile(find(rootNode, privateString), privateFile); + + // Initialize the certificate description. + certDesc = CertificateDesc(keySize, publicFile, privateFile); + } +} + +void +IceSecurity::Ssl::Parser::getDHParams(DOM_Node rootNode, DiffieHellmanParamsFile& dhParams) +{ + if (rootNode != 0) + { + CertificateFile certFile; + loadCertificateFile(rootNode, certFile); + + DOM_NamedNodeMap attributes = rootNode.getAttributes(); + int keySize = 0; + int attrCount = attributes.getLength(); + + for (int i = 0; i < attrCount; i++) + { + DOM_Node attribute = attributes.item(i); + string nodeName = toString(attribute.getNodeName()); + string nodeValue = toString(attribute.getNodeValue()); + + if (nodeName.compare("keysize") == 0) + { + keySize = atoi(nodeValue.c_str()); + } + } + + dhParams = DiffieHellmanParamsFile(keySize, certFile.getFileName(), certFile.getEncoding()); + } +} + +void +IceSecurity::Ssl::Parser::loadCertificateFile(DOM_Node rootNode, CertificateFile& certFile) +{ + if (rootNode != 0) + { + string filename; + int encoding; + + DOM_NamedNodeMap attributes = rootNode.getAttributes(); + int attrCount = attributes.getLength(); + + for (int i = 0; i < attrCount; i++) + { + DOM_Node attribute = attributes.item(i); + string nodeName = toString(attribute.getNodeName()); + string nodeValue = toString(attribute.getNodeValue()); + + if (nodeName.compare("encoding") == 0) + { + encoding = parseEncoding(nodeValue); + } + else if (nodeName.compare("filename") == 0) + { + filename = nodeValue; + } + } + + certFile = CertificateFile(filename, encoding); + } +} + +int +IceSecurity::Ssl::Parser::parseEncoding(string& encodingString) +{ + int encoding = 0; + + if (encodingString.compare("PEM") == 0) + { + encoding = SSL_FILETYPE_PEM; + } + else if (encodingString.compare("ASN1") == 0) + { + encoding = SSL_FILETYPE_ASN1; + } + + return encoding; +} + +string +IceSecurity::Ssl::Parser::toString(const DOMString& domString) +{ + char* cString = domString.transcode(); + + string stlString(cString); + + delete []cString; + + return stlString; +} + diff --git a/cpp/src/Ice/SslConfig.h b/cpp/src/Ice/SslConfig.h index fd798490a3d..cd2fa448d6c 100644 --- a/cpp/src/Ice/SslConfig.h +++ b/cpp/src/Ice/SslConfig.h @@ -1,95 +1,95 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONFIG_H
-#define ICE_SSL_CONFIG_H
-
-#include <string>
-
-#include <dom/DOM.hpp>
-#include <Ice/TraceLevels.h>
-#include <Ice/Logger.h>
-
-#include <Ice/SslCertificateDesc.h>
-#include <Ice/SslGeneralConfig.h>
-#include <Ice/SslCertificateAuthority.h>
-#include <Ice/SslBaseCerts.h>
-#include <Ice/SslTempCerts.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-using namespace std;
-using namespace IceInternal;
-
-class Parser
-{
-
-public:
- // Constructor, based on the indicated file.
- Parser(const string&);
- ~Parser();
-
- // Performs a complete parsing of the file.
- void process();
-
- // Loads the Client/Server portions of the config.
- bool loadClientConfig(GeneralConfig&, CertificateAuthority&, BaseCertificates&);
- bool loadServerConfig(GeneralConfig&, CertificateAuthority&, BaseCertificates&, TempCertificates&);
-
- inline void setTrace(TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; };
- inline bool isTraceSet() const { return (_traceLevels == 0 ? false : true); };
-
- inline void setLogger(LoggerPtr traceLevels) { _logger = traceLevels; };
- inline bool isLoggerSet() const { return (_logger == 0 ? false : true); };
-
-private:
-
- DOM_Node _root;
- string _configFile;
-
- TraceLevelsPtr _traceLevels;
- LoggerPtr _logger;
-
- // Tree walking utility methods.
- void popRoot(string&, string&, string&);
- DOM_Node find(string&);
- DOM_Node find(DOM_Node, string&);
-
- // Loading of the base elements of the file.
- void getGeneral(DOM_Node, GeneralConfig&);
- void getCertAuth(DOM_Node, CertificateAuthority&);
- void getBaseCerts(DOM_Node, BaseCertificates&);
- void getTempCerts(DOM_Node, TempCertificates&);
-
- // Loading of temporary certificates/params (Ephemeral Keys).
- void loadDHParams(DOM_Node, TempCertificates&);
- void loadRSACert(DOM_Node, TempCertificates&);
- void loadDSACert(DOM_Node, TempCertificates&);
-
- // Populates classes with information from the indicated node in the parse tree.
- void getCert(DOM_Node, CertificateDesc&);
- void getDHParams(DOM_Node, DiffieHellmanParamsFile&);
-
- // Populate a certificate file object, basis of all certificates.
- void loadCertificateFile(DOM_Node, CertificateFile&);
- int parseEncoding(string&);
-
- string toString(const DOMString&);
-};
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_CONFIG_H +#define ICE_SSL_CONFIG_H + +#include <string> + +#include <dom/DOM.hpp> +#include <Ice/TraceLevels.h> +#include <Ice/Logger.h> + +#include <Ice/SslCertificateDesc.h> +#include <Ice/SslGeneralConfig.h> +#include <Ice/SslCertificateAuthority.h> +#include <Ice/SslBaseCerts.h> +#include <Ice/SslTempCerts.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +using namespace std; +using namespace IceInternal; + +class Parser +{ + +public: + // Constructor, based on the indicated file. + Parser(const string&); + ~Parser(); + + // Performs a complete parsing of the file. + void process(); + + // Loads the Client/Server portions of the config. + bool loadClientConfig(GeneralConfig&, CertificateAuthority&, BaseCertificates&); + bool loadServerConfig(GeneralConfig&, CertificateAuthority&, BaseCertificates&, TempCertificates&); + + inline void setTrace(TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; }; + inline bool isTraceSet() const { return (_traceLevels == 0 ? false : true); }; + + inline void setLogger(LoggerPtr traceLevels) { _logger = traceLevels; }; + inline bool isLoggerSet() const { return (_logger == 0 ? false : true); }; + +private: + + DOM_Node _root; + string _configFile; + + TraceLevelsPtr _traceLevels; + LoggerPtr _logger; + + // Tree walking utility methods. + void popRoot(string&, string&, string&); + DOM_Node find(string&); + DOM_Node find(DOM_Node, string&); + + // Loading of the base elements of the file. + void getGeneral(DOM_Node, GeneralConfig&); + void getCertAuth(DOM_Node, CertificateAuthority&); + void getBaseCerts(DOM_Node, BaseCertificates&); + void getTempCerts(DOM_Node, TempCertificates&); + + // Loading of temporary certificates/params (Ephemeral Keys). + void loadDHParams(DOM_Node, TempCertificates&); + void loadRSACert(DOM_Node, TempCertificates&); + void loadDSACert(DOM_Node, TempCertificates&); + + // Populates classes with information from the indicated node in the parse tree. + void getCert(DOM_Node, CertificateDesc&); + void getDHParams(DOM_Node, DiffieHellmanParamsFile&); + + // Populate a certificate file object, basis of all certificates. + void loadCertificateFile(DOM_Node, CertificateFile&); + int parseEncoding(string&); + + string toString(const DOMString&); +}; + +} + +} + +#endif diff --git a/cpp/src/Ice/SslConfigErrorReporter.cpp b/cpp/src/Ice/SslConfigErrorReporter.cpp index 492ef3b7ed2..247db4f50d5 100644 --- a/cpp/src/Ice/SslConfigErrorReporter.cpp +++ b/cpp/src/Ice/SslConfigErrorReporter.cpp @@ -1,82 +1,82 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <iostream>
-#include <sstream>
-
-#include <sax/SAXParseException.hpp>
-#include <Ice/SslConfigErrorReporter.h>
-#include <stdlib.h>
-#include <string.h>
-#include <Ice/Security.h>
-
-using namespace std;
-
-void
-IceSecurity::Ssl::ErrorReporter::warning(const SAXParseException& toCatch)
-{
- if (_traceLevels->security >= SECURITY_PARSE_WARNINGS)
- {
- ostringstream s;
-
- s << "Xerces-c Init Exception: "<< "Warning at file \""
- << DOMString(toCatch.getSystemId())
- << "\", line " << toCatch.getLineNumber()
- << ", column " << toCatch.getColumnNumber()
- << "\n Message: " << DOMString(toCatch.getMessage()) << endl;
-
- _logger->trace(_traceLevels->securityCat, s.str());
- }
-}
-
-void
-IceSecurity::Ssl::ErrorReporter::error(const SAXParseException& toCatch)
-{
- _sawErrors = true;
-
- if (_traceLevels->security >= SECURITY_PARSE_WARNINGS)
- {
- ostringstream s;
-
- s << "Xerces-c Init Exception: "<< "Error at file \""
- << DOMString(toCatch.getSystemId())
- << "\", line " << toCatch.getLineNumber()
- << ", column " << toCatch.getColumnNumber()
- << "\n Message: " << DOMString(toCatch.getMessage()) << endl;
-
- _logger->trace(_traceLevels->securityCat, s.str());
- }
-}
-
-void
-IceSecurity::Ssl::ErrorReporter::fatalError(const SAXParseException& toCatch)
-{
- _sawErrors = true;
-
- if (_traceLevels->security >= SECURITY_PARSE_WARNINGS)
- {
- ostringstream s;
-
- s << "Xerces-c Init Exception: "<< "Fatal error at file \""
- << DOMString(toCatch.getSystemId())
- << "\", line " << toCatch.getLineNumber()
- << ", column " << toCatch.getColumnNumber()
- << "\n Message: " << DOMString(toCatch.getMessage()) << endl;
-
- _logger->trace(_traceLevels->securityCat, s.str());
- }
-}
-
-void
-IceSecurity::Ssl::ErrorReporter::resetErrors()
-{
- // No-op in this case
-}
-
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <iostream> +#include <sstream> + +#include <sax/SAXParseException.hpp> +#include <Ice/SslConfigErrorReporter.h> +#include <stdlib.h> +#include <string.h> +#include <Ice/Security.h> + +using namespace std; + +void +IceSecurity::Ssl::ErrorReporter::warning(const SAXParseException& toCatch) +{ + if (_traceLevels->security >= SECURITY_PARSE_WARNINGS) + { + ostringstream s; + + s << "Xerces-c Init Exception: "<< "Warning at file \"" + << DOMString(toCatch.getSystemId()) + << "\", line " << toCatch.getLineNumber() + << ", column " << toCatch.getColumnNumber() + << "\n Message: " << DOMString(toCatch.getMessage()) << endl; + + _logger->trace(_traceLevels->securityCat, s.str()); + } +} + +void +IceSecurity::Ssl::ErrorReporter::error(const SAXParseException& toCatch) +{ + _sawErrors = true; + + if (_traceLevels->security >= SECURITY_PARSE_WARNINGS) + { + ostringstream s; + + s << "Xerces-c Init Exception: "<< "Error at file \"" + << DOMString(toCatch.getSystemId()) + << "\", line " << toCatch.getLineNumber() + << ", column " << toCatch.getColumnNumber() + << "\n Message: " << DOMString(toCatch.getMessage()) << endl; + + _logger->trace(_traceLevels->securityCat, s.str()); + } +} + +void +IceSecurity::Ssl::ErrorReporter::fatalError(const SAXParseException& toCatch) +{ + _sawErrors = true; + + if (_traceLevels->security >= SECURITY_PARSE_WARNINGS) + { + ostringstream s; + + s << "Xerces-c Init Exception: "<< "Fatal error at file \"" + << DOMString(toCatch.getSystemId()) + << "\", line " << toCatch.getLineNumber() + << ", column " << toCatch.getColumnNumber() + << "\n Message: " << DOMString(toCatch.getMessage()) << endl; + + _logger->trace(_traceLevels->securityCat, s.str()); + } +} + +void +IceSecurity::Ssl::ErrorReporter::resetErrors() +{ + // No-op in this case +} + diff --git a/cpp/src/Ice/SslConfigErrorReporter.h b/cpp/src/Ice/SslConfigErrorReporter.h index 7e01761076e..4de2df0e6b9 100644 --- a/cpp/src/Ice/SslConfigErrorReporter.h +++ b/cpp/src/Ice/SslConfigErrorReporter.h @@ -1,76 +1,76 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONFIG_ERROR_REPORTER_H
-#define ICE_SSL_CONFIG_ERROR_REPORTER_H
-
-#include <iostream>
-#include <util/XercesDefs.hpp>
-#include <dom/DOMString.hpp>
-#include <sax/ErrorHandler.hpp>
-#include <Ice/TraceLevels.h>
-#include <Ice/Logger.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-using IceInternal::TraceLevelsPtr;
-using Ice::LoggerPtr;
-
-class ErrorReporter : public ErrorHandler
-{
-
-public:
-
- ErrorReporter(TraceLevelsPtr traceLevels, LoggerPtr logger) :
- _sawErrors(false),
- _traceLevels(traceLevels),
- _logger(logger)
- {
- }
-
- ~ErrorReporter() { }
-
- // Implementation of the error handler interface.
- void warning(const SAXParseException& toCatch);
- void error(const SAXParseException& toCatch);
- void fatalError(const SAXParseException& toCatch);
- void resetErrors();
-
- inline bool getSawErrors() const { return _sawErrors; };
-
-private:
- // This is set if we get any errors, and is queryable via a getter method.
- // It's used by the main code to suppress output if there are errors.
- bool _sawErrors;
-
- TraceLevelsPtr _traceLevels;
- LoggerPtr _logger;
-};
-
-using std::ostream;
-
-inline ostream&
-operator << (ostream& target, const DOMString& s)
-{
- char *p = s.transcode();
- target << p;
- delete [] p;
- return target;
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_CONFIG_ERROR_REPORTER_H +#define ICE_SSL_CONFIG_ERROR_REPORTER_H + +#include <iostream> +#include <util/XercesDefs.hpp> +#include <dom/DOMString.hpp> +#include <sax/ErrorHandler.hpp> +#include <Ice/TraceLevels.h> +#include <Ice/Logger.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +using IceInternal::TraceLevelsPtr; +using Ice::LoggerPtr; + +class ErrorReporter : public ErrorHandler +{ + +public: + + ErrorReporter(TraceLevelsPtr traceLevels, LoggerPtr logger) : + _sawErrors(false), + _traceLevels(traceLevels), + _logger(logger) + { + } + + ~ErrorReporter() { } + + // Implementation of the error handler interface. + void warning(const SAXParseException& toCatch); + void error(const SAXParseException& toCatch); + void fatalError(const SAXParseException& toCatch); + void resetErrors(); + + inline bool getSawErrors() const { return _sawErrors; }; + +private: + // This is set if we get any errors, and is queryable via a getter method. + // It's used by the main code to suppress output if there are errors. + bool _sawErrors; + + TraceLevelsPtr _traceLevels; + LoggerPtr _logger; +}; + +using std::ostream; + +inline ostream& +operator << (ostream& target, const DOMString& s) +{ + char *p = s.transcode(); + target << p; + delete [] p; + return target; +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslConnection.h b/cpp/src/Ice/SslConnection.h index 0bd0a587bda..e65b297304b 100644 --- a/cpp/src/Ice/SslConnection.h +++ b/cpp/src/Ice/SslConnection.h @@ -1,48 +1,48 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONNECTION_H
-#define ICE_SSL_CONNECTION_H
-
-#include <Ice/Buffer.h>
-#include <Ice/TraceLevels.h>
-#include <Ice/Logger.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-using IceInternal::Buffer;
-using IceInternal::TraceLevelsPtr;
-using Ice::LoggerPtr;
-
-class Connection
-{
-
-public:
-
- virtual ~Connection() {};
-
- virtual void shutdown() = 0;
-
- virtual int read(Buffer&, int) = 0;
- virtual int write(Buffer&, int) = 0;
-
- virtual void setTrace(TraceLevelsPtr) = 0;
- virtual void setLogger(LoggerPtr) = 0;
-};
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_CONNECTION_H +#define ICE_SSL_CONNECTION_H + +#include <Ice/Buffer.h> +#include <Ice/TraceLevels.h> +#include <Ice/Logger.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +using IceInternal::Buffer; +using IceInternal::TraceLevelsPtr; +using Ice::LoggerPtr; + +class Connection +{ + +public: + + virtual ~Connection() {}; + + virtual void shutdown() = 0; + + virtual int read(Buffer&, int) = 0; + virtual int write(Buffer&, int) = 0; + + virtual void setTrace(TraceLevelsPtr) = 0; + virtual void setLogger(LoggerPtr) = 0; +}; + +} + +} + +#endif diff --git a/cpp/src/Ice/SslConnectionOpenSSL.cpp b/cpp/src/Ice/SslConnectionOpenSSL.cpp index 231ef3a56a1..ae670b5063d 100644 --- a/cpp/src/Ice/SslConnectionOpenSSL.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSL.cpp @@ -1,688 +1,688 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
-
-#include <string>
-#include <sstream>
-#include <Ice/Network.h>
-#include <JTC/JTC.h>
-#include <Ice/Security.h>
-#include <Ice/SslException.h>
-#include <Ice/SslConnection.h>
-#include <Ice/SslSystemOpenSSL.h>
-
-using namespace std;
-using namespace IceInternal;
-
-using std::endl;
-
-////////////////////////////////
-////////// Connection //////////
-////////////////////////////////
-
-//
-// Public Methods
-//
-
-IceSecurity::Ssl::OpenSSL::Connection::Connection(SSL* sslConnection, string& systemID)
-{
- if (sslConnection == 0)
- {
- string errorString = "Construction of Connection with NULL SSL pointer.";
-
- throw ContextException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- // Get the system we were generated from
- _system = IceSecurity::Ssl::Factory::getSystem(systemID);
-
- _sslConnection = sslConnection;
-
- _lastError = SSL_ERROR_NONE;
-
- initWantRead = 0;
- initWantWrite = 0;
-}
-
-IceSecurity::Ssl::OpenSSL::Connection::~Connection()
-{
- METHOD_INV("OpenSSL::Connection::~Connection()");
-
- shutdown();
-
- IceSecurity::Ssl::Factory::releaseSystem(_system);
-
- METHOD_RET("OpenSSL::Connection::~Connection()");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::shutdown()
-{
- METHOD_INV("OpenSSL::Connection::shutdown()");
-
- if (_sslConnection != 0)
- {
- WARNING(string("shutting down SSL connection\n") + fdToString(SSL_get_fd(_sslConnection)));
-
- SSL_free(_sslConnection);
- _sslConnection = 0;
- }
-
- METHOD_RET("OpenSSL::Connection::shutdown()");
-}
-
-//
-// Protected Methods
-//
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::connect()
-{
- METHOD_INV("OpenSSL::Connection::connect()");
-
- int result = SSL_connect(_sslConnection);
-
- setLastError(result);
-
- METHOD_RET("OpenSSL::Connection::connect()");
-
- return result;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::accept()
-{
- METHOD_INV("OpenSSL::Connection::accept()");
-
- int result = SSL_accept(_sslConnection);
-
- setLastError(result);
-
- METHOD_RET("OpenSSL::Connection::accept()");
-
- return result;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::renegotiate()
-{
- METHOD_INS("OpenSSL::Connection::renegotiate()");
-
- return SSL_renegotiate(_sslConnection);
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::sslRead(char* buffer, int bufferSize)
-{
- METHOD_INV("OpenSSL::Connection::sslRead()");
-
- int bytesRead = SSL_read(_sslConnection, buffer, bufferSize);
-
- setLastError(bytesRead);
-
- METHOD_RET("OpenSSL::Connection::sslRead()");
-
- return bytesRead;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::sslWrite(char* buffer, int bufferSize)
-{
- METHOD_INV("OpenSSL::Connection::sslWrite()");
-
- int bytesWritten = SSL_write(_sslConnection, buffer, bufferSize);
-
- setLastError(bytesWritten);
-
- METHOD_RET("OpenSSL::Connection::sslWrite()");
-
- return bytesWritten;
-}
-
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::printGetError(int errCode)
-{
- if (SECURITY_LEVEL_PROTOCOL_DEBUG)
- {
- string errorString;
-
- switch (errCode)
- {
- case SSL_ERROR_NONE :
- {
- errorString = "SSL_ERROR_NONE";
- break;
- }
-
- case SSL_ERROR_ZERO_RETURN :
- {
- errorString = "SSL_ERROR_ZERO_RETURN";
- break;
- }
-
- case SSL_ERROR_WANT_READ :
- {
- errorString = "SSL_ERROR_WANT_READ";
- break;
- }
-
- case SSL_ERROR_WANT_WRITE :
- {
- errorString = "SSL_ERROR_WANT_WRITE";
- break;
- }
-
- case SSL_ERROR_WANT_CONNECT :
- {
- errorString = "SSL_ERROR_WANT_CONNECT";
- break;
- }
-
- case SSL_ERROR_WANT_X509_LOOKUP :
- {
- errorString = "SSL_ERROR_WANT_X509_LOOKUP";
- break;
- }
-
- case SSL_ERROR_SYSCALL :
- {
- errorString = "SSL_ERROR_SYSCALL";
- break;
- }
-
- case SSL_ERROR_SSL :
- {
- errorString = "SSL_ERROR_SSL";
- break;
- }
- }
-
- if (!errorString.empty())
- {
- SECURITY_LOGGER(string("Encountered: ") + errorString)
- }
- }
-}
-
-// protocolWrite()
-//
-// The entire purpose of this strange little routine is to provide OpenSSL with a
-// SSL_write() when they request one (this is for handshaking purposes). It writes
-// nothing at all. Its entire purpose is jut to call the SSL_write() through one.
-// of our defined methods. The SSL_write() will end up only writing protocol handshake
-// packets, not application packets. This looks wierd, but it is essentially what
-// the demo programs are doing, so I feel okay copying them. The only reason that I
-// have defined the buffer[] array is so that I have a valid buffer pointer.
-void
-IceSecurity::Ssl::OpenSSL::Connection::protocolWrite()
-{
- METHOD_INV("OpenSSL::Connection::protocolWrite()");
-
- static char buffer[10];
-
- memset(buffer, 0, sizeof(buffer));
-
- // Note: We should be calling the write(char*,int) method here,
- // not the write(Buffer&,int) method. If things start acting
- // strangely, check this!
- sslWrite(buffer,0);
-
- METHOD_RET("OpenSSL::Connection::protocolWrite()");
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::readInBuffer(Buffer& buf)
-{
- JTCSyncT<JTCMutex> sync(_inBufferMutex);
-
- METHOD_INV("OpenSSL::Connection::readInBuffer()");
-
- int bytesRead = 0;
-
- if (!_inBuffer.b.empty())
- {
- // Just how big is the destination?
- int bufferSize = buf.b.end() - buf.i;
-
- // And how much do we have in our _inBuffer to copy?
- int inBufferSize = _inBuffer.i - _inBuffer.b.begin();
-
- // Select how many bytes we can handle.
- bytesRead = min(bufferSize, inBufferSize);
-
- // Iterators that indicate how much of the _inBuffer we're going to copy
- Buffer::Container::iterator inBufferBegin = _inBuffer.b.begin();
- Buffer::Container::iterator inBufferEndAt = (_inBuffer.b.begin() + bytesRead);
-
- // Copy over the bytes from the _inBuffer to our destination buffer
- buf.i = copy(inBufferBegin, inBufferEndAt, buf.i);
-
- // Erase the data that we've copied out of the _inBuffer.
- _inBuffer.b.erase(inBufferBegin, inBufferEndAt);
-
- if (SECURITY_LEVEL_PROTOCOL)
- {
- string protocolString = "Copied ";
- protocolString += Int(bytesRead);
- protocolString += string(" bytes from SSL buffer\n");
- protocolString += fdToString(SSL_get_fd(_sslConnection));
-
- PROTOCOL(protocolString);
- }
- }
-
- METHOD_RET("OpenSSL::Connection::readInBuffer()");
-
- return bytesRead;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::readSelect(int timeout)
-{
- METHOD_INV("OpenSSL::Connection::readSelect()");
-
- int ret;
- int fd = SSL_get_fd(_sslConnection);
- fd_set rFdSet;
-
- struct timeval tv;
-
- if (timeout >= 0)
- {
- tv.tv_sec = timeout / 1000;
- tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000;
- }
-
- do
- {
- FD_ZERO(&rFdSet);
- FD_SET(fd, &rFdSet);
-
- if (timeout >= 0)
- {
- ret = ::select(fd + 1, &rFdSet, 0, 0, &tv);
- }
- else
- {
- ret = ::select(fd + 1, &rFdSet, 0, 0, 0);
- }
- }
- while (ret == SOCKET_ERROR && interrupted());
-
- if (ret == SOCKET_ERROR)
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
-
- if (ret == 0)
- {
- throw TimeoutException(__FILE__, __LINE__);
- }
-
- METHOD_RET("OpenSSL::Connection::readSelect()");
-
- return FD_ISSET(fd, &rFdSet);
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::writeSelect(int timeout)
-{
- METHOD_INV("OpenSSL::Connection::writeSelect()");
-
- int ret;
- int fd = SSL_get_fd(_sslConnection);
- fd_set wFdSet;
-
- struct timeval tv;
-
- if (timeout >= 0)
- {
- tv.tv_sec = timeout / 1000;
- tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000;
- }
-
- do
- {
- FD_ZERO(&wFdSet);
- FD_SET(fd, &wFdSet);
-
- if (timeout >= 0)
- {
- ret = ::select(fd + 1, 0, &wFdSet, 0, &tv);
- }
- else
- {
- ret = ::select(fd + 1, 0, &wFdSet, 0, 0);
- }
- }
- while (ret == SOCKET_ERROR && interrupted());
-
- if (ret == SOCKET_ERROR)
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
-
- if (ret == 0)
- {
- throw TimeoutException(__FILE__, __LINE__);
- }
-
- METHOD_RET("OpenSSL::Connection::writeSelect()");
-
- return FD_ISSET(fd, &wFdSet);
-}
-
-int
-IceSecurity::Ssl::OpenSSL::Connection::readSSL(Buffer& buf, int timeout)
-{
- METHOD_INV("OpenSSL::Connection::readSSL()");
-
- int packetSize = buf.b.end() - buf.i;
- int totalBytesRead = 0;
- int bytesPending;
- int bytesRead;
-
- // We keep reading until we're done.
- while (buf.i != buf.b.end())
- {
- // Ensure we're initialized.
- if (init(timeout))
- {
- bytesPending = pending();
-
- if (!bytesPending && readSelect(timeout))
- {
- bytesPending = 1;
- }
-
- if (!bytesPending)
- {
- // We're done here.
- break;
- }
-
- bytesRead = sslRead((char *)buf.i, packetSize);
-
- switch (getLastError())
- {
- case SSL_ERROR_NONE:
- {
- if (bytesRead > 0)
- {
- ostringstream s;
-
- s << "received " << bytesRead << " of " << packetSize;
- s << " bytes via SSL\n" << fdToString(SSL_get_fd(_sslConnection));
-
- PROTOCOL(s.str());
-
- totalBytesRead += bytesRead;
-
- buf.i += bytesRead;
-
- if (packetSize > buf.b.end() - buf.i)
- {
- packetSize = buf.b.end() - buf.i;
- }
- }
- else
- {
- // TODO: The client application performs a cleanup at this point,
- // not even shutting down SSL - it just frees the SSL
- // structure. The server does nothing. I'm ignoring this,
- // at the moment, I'm sure it will come back at me.
-
- PROTOCOL("Error SSL_ERROR_NONE: Repeating as per protocol.");
- }
- continue;
- }
-
- case SSL_ERROR_WANT_WRITE:
- {
- // If we get this error here, it HAS to be because the protocol wants
- // to do something handshake related. As such, We're going to call
- // write with an empty buffer. I've seen this done in the demo
- // programs, so this should be valid. No actual application data
- // will be sent, just protocol packets.
-
- PROTOCOL("Error SSL_ERROR_WANT_WRITE.");
-
- protocolWrite();
-
- continue;
- }
-
- case SSL_ERROR_WANT_READ:
- {
- // Repeat with the same arguments! (as in the OpenSSL documentation)
- // Whatever happened, the last read didn't actually read anything for
- // us. This is effectively a retry.
-
- PROTOCOL("Error SSL_ERROR_WANT_READ: Repeating as per protocol.");
-
- continue;
- }
-
- case SSL_ERROR_WANT_X509_LOOKUP:
- {
- // Perform another read. The read should take care of this.
-
- PROTOCOL("Error SSL_ERROR_WANT_X509_LOOKUP: Repeating as per protocol.");
-
- continue;
- }
-
- case SSL_ERROR_SYSCALL:
- {
- if(bytesRead == -1)
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
- else
- {
- string errorString = "SSL_ERROR_SYSCALL";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
-
- case SSL_ERROR_SSL:
- {
- string errorString = "SSL_ERROR_SSL";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- case SSL_ERROR_ZERO_RETURN:
- {
- string errorString = "SSL_ERROR_ZERO_RETURN";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
- }
- }
-
- METHOD_RET("OpenSSL::Connection::readSSL()");
-
- return totalBytesRead;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::showCertificateChain(BIO* bio)
-{
- STACK_OF(X509)* sk;
-
- // Big nasty buffer
- char buffer[4096];
-
- if ((sk = SSL_get_peer_cert_chain(_sslConnection)) != 0)
- {
- BIO_printf(bio,"---\nCertificate chain\n");
-
- for (int i = 0; i < sk_X509_num(sk); i++)
- {
- X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk,i)), buffer, sizeof(buffer));
- BIO_printf(bio, "%2d s:%s\n", i, buffer);
-
- X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk,i)), buffer, sizeof(buffer));
- BIO_printf(bio, " i:%s\n", buffer);
-
- PEM_write_bio_X509(bio, sk_X509_value(sk, i));
- }
- }
- else
- {
- BIO_printf(bio, "---\nNo peer certificate chain available.\n");
- }
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::showPeerCertificate(BIO* bio, const char* connType)
-{
- X509* peerCert = 0;
- char buffer[4096];
-
- if ((peerCert = SSL_get_peer_certificate(_sslConnection)) != 0)
- {
- BIO_printf(bio, "%s Certificate\n", connType);
- PEM_write_bio_X509(bio, peerCert);
-
- X509_NAME_oneline(X509_get_subject_name(peerCert), buffer, sizeof(buffer));
- BIO_printf(bio, "subject=%s\n", buffer);
-
- X509_NAME_oneline(X509_get_issuer_name(peerCert), buffer, sizeof(buffer));
- BIO_printf(bio, "issuer=%s\n", buffer);
-
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(peerCert);
- BIO_printf(bio,"%s public key is %d bit\n", connType, EVP_PKEY_bits(pktmp));
- EVP_PKEY_free(pktmp);
-
- X509_free(peerCert);
- }
- else
- {
- BIO_printf(bio, "No %s certificate available.\n", connType);
- }
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::showSharedCiphers(BIO* bio)
-{
- char buffer[4096];
- char* strpointer = 0;
-
- if ((strpointer = SSL_get_shared_ciphers(_sslConnection, buffer, sizeof(buffer))) != 0)
- {
- // This works only for SSL 2. In later protocol
- // versions, the client does not know what other
- // ciphers (in addition to the one to be used
- // in the current connection) the server supports.
-
- BIO_printf(bio, "---\nShared Ciphers:\n");
-
- int j = 0;
- int i = 0;
-
- while (*strpointer)
- {
- if (*strpointer == ':')
- {
- BIO_write(bio, " ", (15-j%25));
- i++;
- j=0;
- BIO_write(bio, ((i%3)?" ":"\n"), 1);
- }
- else
- {
- BIO_write(bio, strpointer, 1);
- j++;
- }
-
- strpointer++;
- }
-
- BIO_write(bio,"\n",1);
- }
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::showSessionInfo(BIO* bio)
-{
- if (_sslConnection->hit)
- {
- BIO_printf(bio, "Reused session-id\n");
- }
-
- PEM_write_bio_SSL_SESSION(bio, SSL_get_session(_sslConnection));
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::showSelectedCipherInfo(BIO* bio)
-{
- const char* str;
- SSL_CIPHER* cipher;
-
- // Show the cipher that was finally selected.
- cipher = SSL_get_current_cipher(_sslConnection);
-
- str = SSL_CIPHER_get_name(cipher);
- BIO_printf(bio, "Cipher Version: %s\n", ((str != 0) ? str : "(NONE)"));
-
- str = SSL_CIPHER_get_version(cipher);
- BIO_printf(bio, "Cipher Name: %s\n", ((str != 0) ? str : "(NONE)"));
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::showHandshakeStats(BIO* bio)
-{
- BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
- BIO_number_read(SSL_get_rbio(_sslConnection)),
- BIO_number_written(SSL_get_wbio(_sslConnection)));
-}
-
-void
-IceSecurity::Ssl::OpenSSL::Connection::showClientCAList(BIO* bio, const char* connType)
-{
- char buffer[4096];
- STACK_OF(X509_NAME)* sk = SSL_get_client_CA_list(_sslConnection);
-
- if ((sk != 0) && (sk_X509_NAME_num(sk) > 0))
- {
- BIO_printf(bio,"---\nAcceptable %s certificate CA names\n", connType);
-
- for (int i = 0; i < sk_X509_NAME_num(sk); i++)
- {
- X509_NAME_oneline(sk_X509_NAME_value(sk, i), buffer, sizeof(buffer));
- BIO_write(bio, buffer, strlen(buffer));
- BIO_write(bio,"\n", 1);
- }
- }
- else
- {
- BIO_printf(bio,"---\nNo %s certificate CA names sent\n", connType);
- }
-}
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif + +#include <string> +#include <sstream> +#include <Ice/Network.h> +#include <JTC/JTC.h> +#include <Ice/Security.h> +#include <Ice/SslException.h> +#include <Ice/SslConnection.h> +#include <Ice/SslSystemOpenSSL.h> + +using namespace std; +using namespace IceInternal; + +using std::endl; + +//////////////////////////////// +////////// Connection ////////// +//////////////////////////////// + +// +// Public Methods +// + +IceSecurity::Ssl::OpenSSL::Connection::Connection(SSL* sslConnection, string& systemID) +{ + if (sslConnection == 0) + { + string errorString = "Construction of Connection with NULL SSL pointer."; + + throw ContextException(errorString.c_str(), __FILE__, __LINE__); + } + + // Get the system we were generated from + _system = IceSecurity::Ssl::Factory::getSystem(systemID); + + _sslConnection = sslConnection; + + _lastError = SSL_ERROR_NONE; + + initWantRead = 0; + initWantWrite = 0; +} + +IceSecurity::Ssl::OpenSSL::Connection::~Connection() +{ + METHOD_INV("OpenSSL::Connection::~Connection()"); + + shutdown(); + + IceSecurity::Ssl::Factory::releaseSystem(_system); + + METHOD_RET("OpenSSL::Connection::~Connection()"); +} + +void +IceSecurity::Ssl::OpenSSL::Connection::shutdown() +{ + METHOD_INV("OpenSSL::Connection::shutdown()"); + + if (_sslConnection != 0) + { + WARNING(string("shutting down SSL connection\n") + fdToString(SSL_get_fd(_sslConnection))); + + SSL_free(_sslConnection); + _sslConnection = 0; + } + + METHOD_RET("OpenSSL::Connection::shutdown()"); +} + +// +// Protected Methods +// + +int +IceSecurity::Ssl::OpenSSL::Connection::connect() +{ + METHOD_INV("OpenSSL::Connection::connect()"); + + int result = SSL_connect(_sslConnection); + + setLastError(result); + + METHOD_RET("OpenSSL::Connection::connect()"); + + return result; +} + +int +IceSecurity::Ssl::OpenSSL::Connection::accept() +{ + METHOD_INV("OpenSSL::Connection::accept()"); + + int result = SSL_accept(_sslConnection); + + setLastError(result); + + METHOD_RET("OpenSSL::Connection::accept()"); + + return result; +} + +int +IceSecurity::Ssl::OpenSSL::Connection::renegotiate() +{ + METHOD_INS("OpenSSL::Connection::renegotiate()"); + + return SSL_renegotiate(_sslConnection); +} + +int +IceSecurity::Ssl::OpenSSL::Connection::sslRead(char* buffer, int bufferSize) +{ + METHOD_INV("OpenSSL::Connection::sslRead()"); + + int bytesRead = SSL_read(_sslConnection, buffer, bufferSize); + + setLastError(bytesRead); + + METHOD_RET("OpenSSL::Connection::sslRead()"); + + return bytesRead; +} + +int +IceSecurity::Ssl::OpenSSL::Connection::sslWrite(char* buffer, int bufferSize) +{ + METHOD_INV("OpenSSL::Connection::sslWrite()"); + + int bytesWritten = SSL_write(_sslConnection, buffer, bufferSize); + + setLastError(bytesWritten); + + METHOD_RET("OpenSSL::Connection::sslWrite()"); + + return bytesWritten; +} + + +void +IceSecurity::Ssl::OpenSSL::Connection::printGetError(int errCode) +{ + if (SECURITY_LEVEL_PROTOCOL_DEBUG) + { + string errorString; + + switch (errCode) + { + case SSL_ERROR_NONE : + { + errorString = "SSL_ERROR_NONE"; + break; + } + + case SSL_ERROR_ZERO_RETURN : + { + errorString = "SSL_ERROR_ZERO_RETURN"; + break; + } + + case SSL_ERROR_WANT_READ : + { + errorString = "SSL_ERROR_WANT_READ"; + break; + } + + case SSL_ERROR_WANT_WRITE : + { + errorString = "SSL_ERROR_WANT_WRITE"; + break; + } + + case SSL_ERROR_WANT_CONNECT : + { + errorString = "SSL_ERROR_WANT_CONNECT"; + break; + } + + case SSL_ERROR_WANT_X509_LOOKUP : + { + errorString = "SSL_ERROR_WANT_X509_LOOKUP"; + break; + } + + case SSL_ERROR_SYSCALL : + { + errorString = "SSL_ERROR_SYSCALL"; + break; + } + + case SSL_ERROR_SSL : + { + errorString = "SSL_ERROR_SSL"; + break; + } + } + + if (!errorString.empty()) + { + SECURITY_LOGGER(string("Encountered: ") + errorString) + } + } +} + +// protocolWrite() +// +// The entire purpose of this strange little routine is to provide OpenSSL with a +// SSL_write() when they request one (this is for handshaking purposes). It writes +// nothing at all. Its entire purpose is jut to call the SSL_write() through one. +// of our defined methods. The SSL_write() will end up only writing protocol handshake +// packets, not application packets. This looks wierd, but it is essentially what +// the demo programs are doing, so I feel okay copying them. The only reason that I +// have defined the buffer[] array is so that I have a valid buffer pointer. +void +IceSecurity::Ssl::OpenSSL::Connection::protocolWrite() +{ + METHOD_INV("OpenSSL::Connection::protocolWrite()"); + + static char buffer[10]; + + memset(buffer, 0, sizeof(buffer)); + + // Note: We should be calling the write(char*,int) method here, + // not the write(Buffer&,int) method. If things start acting + // strangely, check this! + sslWrite(buffer,0); + + METHOD_RET("OpenSSL::Connection::protocolWrite()"); +} + +int +IceSecurity::Ssl::OpenSSL::Connection::readInBuffer(Buffer& buf) +{ + JTCSyncT<JTCMutex> sync(_inBufferMutex); + + METHOD_INV("OpenSSL::Connection::readInBuffer()"); + + int bytesRead = 0; + + if (!_inBuffer.b.empty()) + { + // Just how big is the destination? + int bufferSize = buf.b.end() - buf.i; + + // And how much do we have in our _inBuffer to copy? + int inBufferSize = _inBuffer.i - _inBuffer.b.begin(); + + // Select how many bytes we can handle. + bytesRead = min(bufferSize, inBufferSize); + + // Iterators that indicate how much of the _inBuffer we're going to copy + Buffer::Container::iterator inBufferBegin = _inBuffer.b.begin(); + Buffer::Container::iterator inBufferEndAt = (_inBuffer.b.begin() + bytesRead); + + // Copy over the bytes from the _inBuffer to our destination buffer + buf.i = copy(inBufferBegin, inBufferEndAt, buf.i); + + // Erase the data that we've copied out of the _inBuffer. + _inBuffer.b.erase(inBufferBegin, inBufferEndAt); + + if (SECURITY_LEVEL_PROTOCOL) + { + string protocolString = "Copied "; + protocolString += Int(bytesRead); + protocolString += string(" bytes from SSL buffer\n"); + protocolString += fdToString(SSL_get_fd(_sslConnection)); + + PROTOCOL(protocolString); + } + } + + METHOD_RET("OpenSSL::Connection::readInBuffer()"); + + return bytesRead; +} + +int +IceSecurity::Ssl::OpenSSL::Connection::readSelect(int timeout) +{ + METHOD_INV("OpenSSL::Connection::readSelect()"); + + int ret; + int fd = SSL_get_fd(_sslConnection); + fd_set rFdSet; + + struct timeval tv; + + if (timeout >= 0) + { + tv.tv_sec = timeout / 1000; + tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000; + } + + do + { + FD_ZERO(&rFdSet); + FD_SET(fd, &rFdSet); + + if (timeout >= 0) + { + ret = ::select(fd + 1, &rFdSet, 0, 0, &tv); + } + else + { + ret = ::select(fd + 1, &rFdSet, 0, 0, 0); + } + } + while (ret == SOCKET_ERROR && interrupted()); + + if (ret == SOCKET_ERROR) + { + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + + if (ret == 0) + { + throw TimeoutException(__FILE__, __LINE__); + } + + METHOD_RET("OpenSSL::Connection::readSelect()"); + + return FD_ISSET(fd, &rFdSet); +} + +int +IceSecurity::Ssl::OpenSSL::Connection::writeSelect(int timeout) +{ + METHOD_INV("OpenSSL::Connection::writeSelect()"); + + int ret; + int fd = SSL_get_fd(_sslConnection); + fd_set wFdSet; + + struct timeval tv; + + if (timeout >= 0) + { + tv.tv_sec = timeout / 1000; + tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000; + } + + do + { + FD_ZERO(&wFdSet); + FD_SET(fd, &wFdSet); + + if (timeout >= 0) + { + ret = ::select(fd + 1, 0, &wFdSet, 0, &tv); + } + else + { + ret = ::select(fd + 1, 0, &wFdSet, 0, 0); + } + } + while (ret == SOCKET_ERROR && interrupted()); + + if (ret == SOCKET_ERROR) + { + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + + if (ret == 0) + { + throw TimeoutException(__FILE__, __LINE__); + } + + METHOD_RET("OpenSSL::Connection::writeSelect()"); + + return FD_ISSET(fd, &wFdSet); +} + +int +IceSecurity::Ssl::OpenSSL::Connection::readSSL(Buffer& buf, int timeout) +{ + METHOD_INV("OpenSSL::Connection::readSSL()"); + + int packetSize = buf.b.end() - buf.i; + int totalBytesRead = 0; + int bytesPending; + int bytesRead; + + // We keep reading until we're done. + while (buf.i != buf.b.end()) + { + // Ensure we're initialized. + if (init(timeout)) + { + bytesPending = pending(); + + if (!bytesPending && readSelect(timeout)) + { + bytesPending = 1; + } + + if (!bytesPending) + { + // We're done here. + break; + } + + bytesRead = sslRead((char *)buf.i, packetSize); + + switch (getLastError()) + { + case SSL_ERROR_NONE: + { + if (bytesRead > 0) + { + ostringstream s; + + s << "received " << bytesRead << " of " << packetSize; + s << " bytes via SSL\n" << fdToString(SSL_get_fd(_sslConnection)); + + PROTOCOL(s.str()); + + totalBytesRead += bytesRead; + + buf.i += bytesRead; + + if (packetSize > buf.b.end() - buf.i) + { + packetSize = buf.b.end() - buf.i; + } + } + else + { + // TODO: The client application performs a cleanup at this point, + // not even shutting down SSL - it just frees the SSL + // structure. The server does nothing. I'm ignoring this, + // at the moment, I'm sure it will come back at me. + + PROTOCOL("Error SSL_ERROR_NONE: Repeating as per protocol."); + } + continue; + } + + case SSL_ERROR_WANT_WRITE: + { + // If we get this error here, it HAS to be because the protocol wants + // to do something handshake related. As such, We're going to call + // write with an empty buffer. I've seen this done in the demo + // programs, so this should be valid. No actual application data + // will be sent, just protocol packets. + + PROTOCOL("Error SSL_ERROR_WANT_WRITE."); + + protocolWrite(); + + continue; + } + + case SSL_ERROR_WANT_READ: + { + // Repeat with the same arguments! (as in the OpenSSL documentation) + // Whatever happened, the last read didn't actually read anything for + // us. This is effectively a retry. + + PROTOCOL("Error SSL_ERROR_WANT_READ: Repeating as per protocol."); + + continue; + } + + case SSL_ERROR_WANT_X509_LOOKUP: + { + // Perform another read. The read should take care of this. + + PROTOCOL("Error SSL_ERROR_WANT_X509_LOOKUP: Repeating as per protocol."); + + continue; + } + + case SSL_ERROR_SYSCALL: + { + if(bytesRead == -1) + { + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + else + { + string errorString = "SSL_ERROR_SYSCALL"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + } + + case SSL_ERROR_SSL: + { + string errorString = "SSL_ERROR_SSL"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + + case SSL_ERROR_ZERO_RETURN: + { + string errorString = "SSL_ERROR_ZERO_RETURN"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + } + } + } + + METHOD_RET("OpenSSL::Connection::readSSL()"); + + return totalBytesRead; +} + +void +IceSecurity::Ssl::OpenSSL::Connection::showCertificateChain(BIO* bio) +{ + STACK_OF(X509)* sk; + + // Big nasty buffer + char buffer[4096]; + + if ((sk = SSL_get_peer_cert_chain(_sslConnection)) != 0) + { + BIO_printf(bio,"---\nCertificate chain\n"); + + for (int i = 0; i < sk_X509_num(sk); i++) + { + X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk,i)), buffer, sizeof(buffer)); + BIO_printf(bio, "%2d s:%s\n", i, buffer); + + X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk,i)), buffer, sizeof(buffer)); + BIO_printf(bio, " i:%s\n", buffer); + + PEM_write_bio_X509(bio, sk_X509_value(sk, i)); + } + } + else + { + BIO_printf(bio, "---\nNo peer certificate chain available.\n"); + } +} + +void +IceSecurity::Ssl::OpenSSL::Connection::showPeerCertificate(BIO* bio, const char* connType) +{ + X509* peerCert = 0; + char buffer[4096]; + + if ((peerCert = SSL_get_peer_certificate(_sslConnection)) != 0) + { + BIO_printf(bio, "%s Certificate\n", connType); + PEM_write_bio_X509(bio, peerCert); + + X509_NAME_oneline(X509_get_subject_name(peerCert), buffer, sizeof(buffer)); + BIO_printf(bio, "subject=%s\n", buffer); + + X509_NAME_oneline(X509_get_issuer_name(peerCert), buffer, sizeof(buffer)); + BIO_printf(bio, "issuer=%s\n", buffer); + + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(peerCert); + BIO_printf(bio,"%s public key is %d bit\n", connType, EVP_PKEY_bits(pktmp)); + EVP_PKEY_free(pktmp); + + X509_free(peerCert); + } + else + { + BIO_printf(bio, "No %s certificate available.\n", connType); + } +} + +void +IceSecurity::Ssl::OpenSSL::Connection::showSharedCiphers(BIO* bio) +{ + char buffer[4096]; + char* strpointer = 0; + + if ((strpointer = SSL_get_shared_ciphers(_sslConnection, buffer, sizeof(buffer))) != 0) + { + // This works only for SSL 2. In later protocol + // versions, the client does not know what other + // ciphers (in addition to the one to be used + // in the current connection) the server supports. + + BIO_printf(bio, "---\nShared Ciphers:\n"); + + int j = 0; + int i = 0; + + while (*strpointer) + { + if (*strpointer == ':') + { + BIO_write(bio, " ", (15-j%25)); + i++; + j=0; + BIO_write(bio, ((i%3)?" ":"\n"), 1); + } + else + { + BIO_write(bio, strpointer, 1); + j++; + } + + strpointer++; + } + + BIO_write(bio,"\n",1); + } +} + +void +IceSecurity::Ssl::OpenSSL::Connection::showSessionInfo(BIO* bio) +{ + if (_sslConnection->hit) + { + BIO_printf(bio, "Reused session-id\n"); + } + + PEM_write_bio_SSL_SESSION(bio, SSL_get_session(_sslConnection)); +} + +void +IceSecurity::Ssl::OpenSSL::Connection::showSelectedCipherInfo(BIO* bio) +{ + const char* str; + SSL_CIPHER* cipher; + + // Show the cipher that was finally selected. + cipher = SSL_get_current_cipher(_sslConnection); + + str = SSL_CIPHER_get_name(cipher); + BIO_printf(bio, "Cipher Version: %s\n", ((str != 0) ? str : "(NONE)")); + + str = SSL_CIPHER_get_version(cipher); + BIO_printf(bio, "Cipher Name: %s\n", ((str != 0) ? str : "(NONE)")); +} + +void +IceSecurity::Ssl::OpenSSL::Connection::showHandshakeStats(BIO* bio) +{ + BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n", + BIO_number_read(SSL_get_rbio(_sslConnection)), + BIO_number_written(SSL_get_wbio(_sslConnection))); +} + +void +IceSecurity::Ssl::OpenSSL::Connection::showClientCAList(BIO* bio, const char* connType) +{ + char buffer[4096]; + STACK_OF(X509_NAME)* sk = SSL_get_client_CA_list(_sslConnection); + + if ((sk != 0) && (sk_X509_NAME_num(sk) > 0)) + { + BIO_printf(bio,"---\nAcceptable %s certificate CA names\n", connType); + + for (int i = 0; i < sk_X509_NAME_num(sk); i++) + { + X509_NAME_oneline(sk_X509_NAME_value(sk, i), buffer, sizeof(buffer)); + BIO_write(bio, buffer, strlen(buffer)); + BIO_write(bio,"\n", 1); + } + } + else + { + BIO_printf(bio,"---\nNo %s certificate CA names sent\n", connType); + } +} diff --git a/cpp/src/Ice/SslConnectionOpenSSL.h b/cpp/src/Ice/SslConnectionOpenSSL.h index eab665ab524..22f6ad3e943 100644 --- a/cpp/src/Ice/SslConnectionOpenSSL.h +++ b/cpp/src/Ice/SslConnectionOpenSSL.h @@ -1,113 +1,113 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONNECTION_OPENSSL_H
-#define ICE_SSL_CONNECTION_OPENSSL_H
-
-#include <openssl/ssl.h>
-#include <Ice/SslConnection.h>
-#include <Ice/SslSystem.h>
-#include <Ice/Buffer.h>
-#include <Ice/TraceLevels.h>
-#include <Ice/Logger.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-namespace OpenSSL
-{
-
-using namespace Ice;
-
-class Connection : public IceSecurity::Ssl::Connection
-{
-
-public:
-
- Connection(SSL*, string&);
- virtual ~Connection();
-
- virtual void shutdown();
-
- virtual int read(Buffer&, int) = 0;
- virtual int write(Buffer&, int) = 0;
-
- virtual int init(int timeout = 0) = 0;
-
- void setTrace(TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; };
- void setLogger(LoggerPtr traceLevels) { _logger = traceLevels; };
-
-
-protected:
-
- int connect();
- int accept();
- int renegotiate();
-
- inline int pending() { return SSL_pending(_sslConnection); };
- inline int getLastError() const { return SSL_get_error(_sslConnection, _lastError); };
-
- int sslRead(char*, int);
- int sslWrite(char*, int);
-
- void printGetError(int);
-
- void protocolWrite();
-
- int readInBuffer(Buffer&);
-
- int readSelect(int);
- int writeSelect(int);
-
- int readSSL(Buffer&, int);
-
- virtual void showConnectionInfo() = 0;
-
- void showCertificateChain(BIO*);
- void showPeerCertificate(BIO*, const char*);
- void showSharedCiphers(BIO*);
- void showSessionInfo(BIO*);
- void showSelectedCipherInfo(BIO*);
- void showHandshakeStats(BIO*);
- void showClientCAList(BIO*, const char*);
-
- void setLastError(int errorCode) { _lastError = errorCode; };
-
- // Pointer to the OpenSSL Connection structure.
- SSL* _sslConnection;
-
- int _lastError;
-
- // TODO: Review this after a healthy stint of testing
- // Buffer for application data that may be returned during handshake
- // (probably won't contain anything, may be removed later).
- Buffer _inBuffer;
- JTCMutex _inBufferMutex;
-
- TraceLevelsPtr _traceLevels;
- LoggerPtr _logger;
-
- System* _system;
-
- JTCMutex _initMutex;
- int initWantRead;
- int initWantWrite;
-};
-
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_CONNECTION_OPENSSL_H +#define ICE_SSL_CONNECTION_OPENSSL_H + +#include <openssl/ssl.h> +#include <Ice/SslConnection.h> +#include <Ice/SslSystem.h> +#include <Ice/Buffer.h> +#include <Ice/TraceLevels.h> +#include <Ice/Logger.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +namespace OpenSSL +{ + +using namespace Ice; + +class Connection : public IceSecurity::Ssl::Connection +{ + +public: + + Connection(SSL*, string&); + virtual ~Connection(); + + virtual void shutdown(); + + virtual int read(Buffer&, int) = 0; + virtual int write(Buffer&, int) = 0; + + virtual int init(int timeout = 0) = 0; + + void setTrace(TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; }; + void setLogger(LoggerPtr traceLevels) { _logger = traceLevels; }; + + +protected: + + int connect(); + int accept(); + int renegotiate(); + + inline int pending() { return SSL_pending(_sslConnection); }; + inline int getLastError() const { return SSL_get_error(_sslConnection, _lastError); }; + + int sslRead(char*, int); + int sslWrite(char*, int); + + void printGetError(int); + + void protocolWrite(); + + int readInBuffer(Buffer&); + + int readSelect(int); + int writeSelect(int); + + int readSSL(Buffer&, int); + + virtual void showConnectionInfo() = 0; + + void showCertificateChain(BIO*); + void showPeerCertificate(BIO*, const char*); + void showSharedCiphers(BIO*); + void showSessionInfo(BIO*); + void showSelectedCipherInfo(BIO*); + void showHandshakeStats(BIO*); + void showClientCAList(BIO*, const char*); + + void setLastError(int errorCode) { _lastError = errorCode; }; + + // Pointer to the OpenSSL Connection structure. + SSL* _sslConnection; + + int _lastError; + + // TODO: Review this after a healthy stint of testing + // Buffer for application data that may be returned during handshake + // (probably won't contain anything, may be removed later). + Buffer _inBuffer; + JTCMutex _inBufferMutex; + + TraceLevelsPtr _traceLevels; + LoggerPtr _logger; + + System* _system; + + JTCMutex _initMutex; + int initWantRead; + int initWantWrite; +}; + +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp index eb0fc5a1d72..01ef26924ed 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp @@ -1,437 +1,437 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <string>
-#include <sstream>
-#include <Ice/Network.h>
-#include <Ice/Security.h>
-#include <Ice/SslException.h>
-#include <Ice/SslConnectionOpenSSLClient.h>
-
-using IceSecurity::Ssl::ShutdownException;
-using namespace IceInternal;
-using namespace std;
-
-////////////////////////////////////////////////
-////////// SslConnectionOpenSSLClient //////////
-////////////////////////////////////////////////
-
-//
-// Public Methods
-//
-
-IceSecurity::Ssl::OpenSSL::ClientConnection::ClientConnection(SSL* connection, string& systemID) :
- Connection(connection, systemID)
-{
-}
-
-IceSecurity::Ssl::OpenSSL::ClientConnection::~ClientConnection()
-{
- METHOD_INV("OpenSSL::ClientConnection::~ClientConnection()");
-
- shutdown();
-
- METHOD_RET("OpenSSL::ClientConnection::~ClientConnection()");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::ClientConnection::shutdown()
-{
- METHOD_INV("OpenSSL::ClientConnection::shutdown()");
-
- if (_sslConnection != 0)
- {
- int shutdown = 0;
- int retries = 100;
-
- do
- {
- shutdown = SSL_shutdown(_sslConnection);
- retries--;
- }
- while ((shutdown == 0) && (retries > 0));
-
- if (shutdown <= 0)
- {
- ostringstream s;
- s << "SSL shutdown failure encountered: code[" << shutdown << "] retries[";
- s << retries << "]\n" << fdToString(SSL_get_fd(_sslConnection));
- PROTOCOL_DEBUG(s.str());
- }
- }
-
- Connection::shutdown();
-
- METHOD_RET("OpenSSL::ClientConnection::shutdown()");
-}
-
-int
-IceSecurity::Ssl::OpenSSL::ClientConnection::init(int timeout)
-{
- JTCSyncT<JTCMutex> sync(_initMutex);
-
- int retCode = 0;
-
- METHOD_INV("OpenSSL::ClientConnection::init()");
-
- if (!SSL_is_init_finished(_sslConnection))
- {
- int i = 0;
-
- if (initWantRead)
- {
- i = readSelect(timeout);
- }
- else if (initWantWrite)
- {
- i = writeSelect(timeout);
- }
-
- if (initWantRead && i == 0)
- {
- return 0;
- }
-
- if (initWantWrite && i == 0)
- {
- return 0;
- }
-
- initWantRead = 0;
- initWantWrite = 0;
-
- int result = connect();
-
- // Find out what the error was (if any).
- int code = getLastError();
-
- printGetError(code);
-
- switch (code)
- {
- case SSL_ERROR_WANT_READ:
- {
- initWantRead = 1;
- break;
- }
-
- case SSL_ERROR_WANT_WRITE:
- {
- initWantWrite = 1;
- break;
- }
-
-
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_X509_LOOKUP:
- {
- // Retry connect.
- break;
- }
-
- case SSL_ERROR_SYSCALL:
- {
- // This is a SOCKET_ERROR, but we don't use
- // this define here as OpenSSL doesn't refer
- // to it as a SOCKET_ERROR (but that's what it is
- // if you look at their code).
- if(result == -1)
- {
- if (interrupted())
- {
- break;
- }
-
- if (wouldBlock())
- {
- readSelect(timeout);
- break;
- }
-
- if (connectionLost())
- {
- ConnectionLostException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
- else
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
- }
- else // result == 0
- {
- string errorString = "SSL_ERROR_SYSCALL: During init()";
-
- EXCEPTION(errorString);
-
- throw IceSecurity::Ssl::InitException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
-
- case SSL_ERROR_SSL:
- {
- string errorString = "SSL_ERROR_SSL: During init()";
-
- EXCEPTION(errorString);
-
- throw IceSecurity::Ssl::InitException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
-
- retCode = SSL_is_init_finished(_sslConnection);
-
- if (retCode > 0)
- {
- // Init finished, look at the connection information.
- showConnectionInfo();
- }
- }
- else
- {
- retCode = 1;
- }
-
- METHOD_RET("OpenSSL::ClientConnection::init()");
-
- return retCode;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::ClientConnection::read(Buffer& buf, int timeout)
-{
- METHOD_INV("OpenSSL::ClientConnection::read(Buffer&,int)");
-
- int totalBytesRead = 0;
-
- // Initialization to 1 is a cheap trick to ensure we enter the loop.
- int bytesRead = 1;
-
- // We keep reading until we're done.
- while ((buf.i != buf.b.end()) && bytesRead)
- {
- // Copy over bytes from _inBuffer to buf.
- bytesRead = readInBuffer(buf);
-
- // Nothing in the _inBuffer?
- if (!bytesRead)
- {
- // Read from SSL.
- bytesRead = readSSL(buf, timeout);
- }
-
- // Keep track of the total number of bytes read.
- totalBytesRead += bytesRead;
- }
-
- METHOD_RET("OpenSSL::ClientConnection::read(Buffer&,int)");
-
- return totalBytesRead;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::ClientConnection::write(Buffer& buf, int timeout)
-{
- METHOD_INV("OpenSSL::ClientConnection::write(Buffer&,int)");
-
- int totalBytesWritten = 0;
- int bytesWritten = 0;
-
- int packetSize = buf.b.end() - buf.i;
-
-#ifdef WIN32
- //
- // Limit packet size to avoid performance problems on WIN32.
- // (blatantly ripped off from Marc Laukien)
- //
- if (packetSize > 64 * 1024)
- {
- packetSize = 64 * 1024;
- }
-#endif
-
- // We keep reading until we're done
- while (buf.i != buf.b.end())
- {
- // Ensure we're initialized.
- if (init(timeout))
- {
- // Perform a select on the socket.
- if (!writeSelect(timeout))
- {
- // We're done here.
- break;
- }
-
- bytesWritten = sslWrite((char *)buf.i, packetSize);
-
- switch (getLastError())
- {
- case SSL_ERROR_NONE:
- {
- if (bytesWritten > 0)
- {
- ostringstream s;
-
- s << "sent " << bytesWritten << " of " << packetSize;
- s << " bytes via SSL\n" << fdToString(SSL_get_fd(_sslConnection));
-
- PROTOCOL(s.str());
-
- totalBytesWritten += bytesWritten;
-
- buf.i += bytesWritten;
-
- if (packetSize > buf.b.end() - buf.i)
- {
- packetSize = buf.b.end() - buf.i;
- }
- }
- else
- {
- // TODO: The client application performs a cleanup at this point,
- // not even shutting down SSL - it just frees the SSL
- // structure. I'm ignoring this, at the moment, as I'm sure
- // the demo is handling it in an artificial manner.
-
- PROTOCOL("Error SSL_ERROR_NONE: Repeating as per protocol.");
- }
- continue;
- }
-
- case SSL_ERROR_WANT_WRITE:
- {
- // Repeat with the same arguments! (as in the OpenSSL documentation)
- // Whatever happened, the last write didn't actually write anything
- // for us. This is effectively a retry.
-
- PROTOCOL("Error SSL_ERROR_WANT_WRITE: Repeating as per protocol.");
-
- continue;
- }
-
- case SSL_ERROR_WANT_READ:
- {
- // If we get this error here, it HAS to be because
- // the protocol wants to do something handshake related.
- // In the case that we might actually get some application data,
- // we will use the base SSL read method, using the _inBuffer.
-
- PROTOCOL("Error SSL_ERROR_WANT_READ.");
-
- readSSL(_inBuffer, timeout);
-
- continue;
- }
-
- case SSL_ERROR_WANT_X509_LOOKUP:
- {
- // Perform another read. The read should take care of this.
-
- PROTOCOL("Error SSL_ERROR_WANT_X509_LOOKUP: Repeating as per protocol.");
-
- continue;
- }
-
- case SSL_ERROR_SYSCALL:
- {
- // NOTE: The demo client only throws an exception if there were actually bytes
- // written. This is considered to be an error status requiring shutdown.
- // If nothing was written, the demo client stops writing - we continue.
- // This is potentially something wierd to watch out for.
- if (bytesWritten != 0)
- {
- string errorString = "SSL_ERROR_SYSCALL";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
- else
- {
- // Didn't write anything, continue, should be fine.
-
- PROTOCOL("Error SSL_ERROR_SYSCALL: Repeating as per protocol.");
-
- continue;
- }
- }
-
- case SSL_ERROR_SSL:
- {
- string errorString = "SSL_ERROR_SSL";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- case SSL_ERROR_ZERO_RETURN:
- {
- string errorString = "SSL_ERROR_ZERO_RETURN";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
- }
- }
-
- METHOD_RET("OpenSSL::ClientConnection::write(Buffer&,int)");
-
- return totalBytesWritten;
-}
-
-//
-// Protected Methods
-//
-
-// This code blatantly stolen from OpenSSL demos, slightly repackaged, and completely ugly...
-void
-IceSecurity::Ssl::OpenSSL::ClientConnection::showConnectionInfo()
-{
- METHOD_INV("OpenSSL::ClientConnection::showConnectionInfo()");
-
- // Only in extreme cases do we enable this, partially because it doesn't use the Logger.
- if (SECURITY_LEVEL_PROTOCOL_DEBUG)
- {
- PROTOCOL_DEBUG("Begin Connection Information");
-
- BIO* bio = BIO_new_fp(stdout, BIO_NOCLOSE);
-
- showCertificateChain(bio);
-
- showPeerCertificate(bio,"Client");
-
- // Something extra for the client
- showClientCAList(bio, "Client");
-
- showSharedCiphers(bio);
-
- showSelectedCipherInfo(bio);
-
- showHandshakeStats(bio);
-
- showSessionInfo(bio);
-
- PROTOCOL_DEBUG("End of Connection Information");
-
- if (bio != 0)
- {
- BIO_free(bio);
- bio = 0;
- }
- }
-
- METHOD_RET("OpenSSL::ClientConnection::showConnectionInfo()");
-}
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <string> +#include <sstream> +#include <Ice/Network.h> +#include <Ice/Security.h> +#include <Ice/SslException.h> +#include <Ice/SslConnectionOpenSSLClient.h> + +using IceSecurity::Ssl::ShutdownException; +using namespace IceInternal; +using namespace std; + +//////////////////////////////////////////////// +////////// SslConnectionOpenSSLClient ////////// +//////////////////////////////////////////////// + +// +// Public Methods +// + +IceSecurity::Ssl::OpenSSL::ClientConnection::ClientConnection(SSL* connection, string& systemID) : + Connection(connection, systemID) +{ +} + +IceSecurity::Ssl::OpenSSL::ClientConnection::~ClientConnection() +{ + METHOD_INV("OpenSSL::ClientConnection::~ClientConnection()"); + + shutdown(); + + METHOD_RET("OpenSSL::ClientConnection::~ClientConnection()"); +} + +void +IceSecurity::Ssl::OpenSSL::ClientConnection::shutdown() +{ + METHOD_INV("OpenSSL::ClientConnection::shutdown()"); + + if (_sslConnection != 0) + { + int shutdown = 0; + int retries = 100; + + do + { + shutdown = SSL_shutdown(_sslConnection); + retries--; + } + while ((shutdown == 0) && (retries > 0)); + + if (shutdown <= 0) + { + ostringstream s; + s << "SSL shutdown failure encountered: code[" << shutdown << "] retries["; + s << retries << "]\n" << fdToString(SSL_get_fd(_sslConnection)); + PROTOCOL_DEBUG(s.str()); + } + } + + Connection::shutdown(); + + METHOD_RET("OpenSSL::ClientConnection::shutdown()"); +} + +int +IceSecurity::Ssl::OpenSSL::ClientConnection::init(int timeout) +{ + JTCSyncT<JTCMutex> sync(_initMutex); + + int retCode = 0; + + METHOD_INV("OpenSSL::ClientConnection::init()"); + + if (!SSL_is_init_finished(_sslConnection)) + { + int i = 0; + + if (initWantRead) + { + i = readSelect(timeout); + } + else if (initWantWrite) + { + i = writeSelect(timeout); + } + + if (initWantRead && i == 0) + { + return 0; + } + + if (initWantWrite && i == 0) + { + return 0; + } + + initWantRead = 0; + initWantWrite = 0; + + int result = connect(); + + // Find out what the error was (if any). + int code = getLastError(); + + printGetError(code); + + switch (code) + { + case SSL_ERROR_WANT_READ: + { + initWantRead = 1; + break; + } + + case SSL_ERROR_WANT_WRITE: + { + initWantWrite = 1; + break; + } + + + case SSL_ERROR_NONE: + case SSL_ERROR_WANT_X509_LOOKUP: + { + // Retry connect. + break; + } + + case SSL_ERROR_SYSCALL: + { + // This is a SOCKET_ERROR, but we don't use + // this define here as OpenSSL doesn't refer + // to it as a SOCKET_ERROR (but that's what it is + // if you look at their code). + if(result == -1) + { + if (interrupted()) + { + break; + } + + if (wouldBlock()) + { + readSelect(timeout); + break; + } + + if (connectionLost()) + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + else + { + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + } + else // result == 0 + { + string errorString = "SSL_ERROR_SYSCALL: During init()"; + + EXCEPTION(errorString); + + throw IceSecurity::Ssl::InitException(errorString.c_str(), __FILE__, __LINE__); + } + } + + case SSL_ERROR_SSL: + { + string errorString = "SSL_ERROR_SSL: During init()"; + + EXCEPTION(errorString); + + throw IceSecurity::Ssl::InitException(errorString.c_str(), __FILE__, __LINE__); + } + } + + retCode = SSL_is_init_finished(_sslConnection); + + if (retCode > 0) + { + // Init finished, look at the connection information. + showConnectionInfo(); + } + } + else + { + retCode = 1; + } + + METHOD_RET("OpenSSL::ClientConnection::init()"); + + return retCode; +} + +int +IceSecurity::Ssl::OpenSSL::ClientConnection::read(Buffer& buf, int timeout) +{ + METHOD_INV("OpenSSL::ClientConnection::read(Buffer&,int)"); + + int totalBytesRead = 0; + + // Initialization to 1 is a cheap trick to ensure we enter the loop. + int bytesRead = 1; + + // We keep reading until we're done. + while ((buf.i != buf.b.end()) && bytesRead) + { + // Copy over bytes from _inBuffer to buf. + bytesRead = readInBuffer(buf); + + // Nothing in the _inBuffer? + if (!bytesRead) + { + // Read from SSL. + bytesRead = readSSL(buf, timeout); + } + + // Keep track of the total number of bytes read. + totalBytesRead += bytesRead; + } + + METHOD_RET("OpenSSL::ClientConnection::read(Buffer&,int)"); + + return totalBytesRead; +} + +int +IceSecurity::Ssl::OpenSSL::ClientConnection::write(Buffer& buf, int timeout) +{ + METHOD_INV("OpenSSL::ClientConnection::write(Buffer&,int)"); + + int totalBytesWritten = 0; + int bytesWritten = 0; + + int packetSize = buf.b.end() - buf.i; + +#ifdef WIN32 + // + // Limit packet size to avoid performance problems on WIN32. + // (blatantly ripped off from Marc Laukien) + // + if (packetSize > 64 * 1024) + { + packetSize = 64 * 1024; + } +#endif + + // We keep reading until we're done + while (buf.i != buf.b.end()) + { + // Ensure we're initialized. + if (init(timeout)) + { + // Perform a select on the socket. + if (!writeSelect(timeout)) + { + // We're done here. + break; + } + + bytesWritten = sslWrite((char *)buf.i, packetSize); + + switch (getLastError()) + { + case SSL_ERROR_NONE: + { + if (bytesWritten > 0) + { + ostringstream s; + + s << "sent " << bytesWritten << " of " << packetSize; + s << " bytes via SSL\n" << fdToString(SSL_get_fd(_sslConnection)); + + PROTOCOL(s.str()); + + totalBytesWritten += bytesWritten; + + buf.i += bytesWritten; + + if (packetSize > buf.b.end() - buf.i) + { + packetSize = buf.b.end() - buf.i; + } + } + else + { + // TODO: The client application performs a cleanup at this point, + // not even shutting down SSL - it just frees the SSL + // structure. I'm ignoring this, at the moment, as I'm sure + // the demo is handling it in an artificial manner. + + PROTOCOL("Error SSL_ERROR_NONE: Repeating as per protocol."); + } + continue; + } + + case SSL_ERROR_WANT_WRITE: + { + // Repeat with the same arguments! (as in the OpenSSL documentation) + // Whatever happened, the last write didn't actually write anything + // for us. This is effectively a retry. + + PROTOCOL("Error SSL_ERROR_WANT_WRITE: Repeating as per protocol."); + + continue; + } + + case SSL_ERROR_WANT_READ: + { + // If we get this error here, it HAS to be because + // the protocol wants to do something handshake related. + // In the case that we might actually get some application data, + // we will use the base SSL read method, using the _inBuffer. + + PROTOCOL("Error SSL_ERROR_WANT_READ."); + + readSSL(_inBuffer, timeout); + + continue; + } + + case SSL_ERROR_WANT_X509_LOOKUP: + { + // Perform another read. The read should take care of this. + + PROTOCOL("Error SSL_ERROR_WANT_X509_LOOKUP: Repeating as per protocol."); + + continue; + } + + case SSL_ERROR_SYSCALL: + { + // NOTE: The demo client only throws an exception if there were actually bytes + // written. This is considered to be an error status requiring shutdown. + // If nothing was written, the demo client stops writing - we continue. + // This is potentially something wierd to watch out for. + if (bytesWritten != 0) + { + string errorString = "SSL_ERROR_SYSCALL"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + else + { + // Didn't write anything, continue, should be fine. + + PROTOCOL("Error SSL_ERROR_SYSCALL: Repeating as per protocol."); + + continue; + } + } + + case SSL_ERROR_SSL: + { + string errorString = "SSL_ERROR_SSL"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + + case SSL_ERROR_ZERO_RETURN: + { + string errorString = "SSL_ERROR_ZERO_RETURN"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + } + } + } + + METHOD_RET("OpenSSL::ClientConnection::write(Buffer&,int)"); + + return totalBytesWritten; +} + +// +// Protected Methods +// + +// This code blatantly stolen from OpenSSL demos, slightly repackaged, and completely ugly... +void +IceSecurity::Ssl::OpenSSL::ClientConnection::showConnectionInfo() +{ + METHOD_INV("OpenSSL::ClientConnection::showConnectionInfo()"); + + // Only in extreme cases do we enable this, partially because it doesn't use the Logger. + if (SECURITY_LEVEL_PROTOCOL_DEBUG) + { + PROTOCOL_DEBUG("Begin Connection Information"); + + BIO* bio = BIO_new_fp(stdout, BIO_NOCLOSE); + + showCertificateChain(bio); + + showPeerCertificate(bio,"Client"); + + // Something extra for the client + showClientCAList(bio, "Client"); + + showSharedCiphers(bio); + + showSelectedCipherInfo(bio); + + showHandshakeStats(bio); + + showSessionInfo(bio); + + PROTOCOL_DEBUG("End of Connection Information"); + + if (bio != 0) + { + BIO_free(bio); + bio = 0; + } + } + + METHOD_RET("OpenSSL::ClientConnection::showConnectionInfo()"); +} diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.h b/cpp/src/Ice/SslConnectionOpenSSLClient.h index cf2d36ee36c..48e9b2725e6 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLClient.h +++ b/cpp/src/Ice/SslConnectionOpenSSLClient.h @@ -1,52 +1,52 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONNECTION_OPENSSL_CLIENT_H
-#define ICE_SSL_CONNECTION_OPENSSL_CLIENT_H
-
-#include <openssl/ssl.h>
-#include <Ice/Buffer.h>
-#include <Ice/SslConnectionOpenSSL.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-namespace OpenSSL
-{
-
-using namespace Ice;
-
-class ClientConnection : public Connection
-{
-
-public:
- ClientConnection(SSL*, string&);
- virtual ~ClientConnection();
- virtual void shutdown();
- virtual int init(int timeout = 0);
-
- virtual int read(Buffer&, int);
- virtual int write(Buffer&, int);
-
-protected:
-
- virtual void showConnectionInfo();
-};
-
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_CONNECTION_OPENSSL_CLIENT_H +#define ICE_SSL_CONNECTION_OPENSSL_CLIENT_H + +#include <openssl/ssl.h> +#include <Ice/Buffer.h> +#include <Ice/SslConnectionOpenSSL.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +namespace OpenSSL +{ + +using namespace Ice; + +class ClientConnection : public Connection +{ + +public: + ClientConnection(SSL*, string&); + virtual ~ClientConnection(); + virtual void shutdown(); + virtual int init(int timeout = 0); + + virtual int read(Buffer&, int); + virtual int write(Buffer&, int); + +protected: + + virtual void showConnectionInfo(); +}; + +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp index 6fcf3d16de2..0306d5780ab 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp +++ b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp @@ -1,429 +1,429 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <string>
-#include <sstream>
-#include <Ice/Network.h>
-#include <Ice/Security.h>
-#include <Ice/SslException.h>
-#include <Ice/SslConnectionOpenSSLServer.h>
-
-using IceSecurity::Ssl::ReInitException;
-using IceSecurity::Ssl::ShutdownException;
-using IceSecurity::Ssl::InitException;
-using namespace IceInternal;
-using namespace std;
-
-//////////////////////////////////////
-////////// ServerConnection //////////
-//////////////////////////////////////
-
-//
-// Public Methods
-//
-
-IceSecurity::Ssl::OpenSSL::ServerConnection::ServerConnection(SSL* connection, string& systemID) :
- Connection(connection, systemID)
-{
-}
-
-IceSecurity::Ssl::OpenSSL::ServerConnection::~ServerConnection()
-{
- METHOD_INV("OpenSSL::ServerConnection::~ServerConnection()");
-
- shutdown();
-
- METHOD_RET("OpenSSL::ServerConnection::~ServerConnection()");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::ServerConnection::shutdown()
-{
- METHOD_INV("OpenSSL::ServerConnection::shutdown()");
-
- if (_sslConnection != 0)
- {
- // NOTE: This call is how the server application shuts down, but they are
- // also using SSL_CTX_set_quiet_shutdown().
- // SSL_set_shutdown(_sslConnection,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-
- int shutdown = 0;
- int retries = 100;
-
- do
- {
- shutdown = SSL_shutdown(_sslConnection);
- retries--;
- }
- while ((shutdown == 0) && (retries > 0));
-
- if (shutdown <= 0)
- {
- ostringstream s;
- s << "SSL shutdown failure encountered: code[" << shutdown << "] retries[";
- s << retries << "]\n" << fdToString(SSL_get_fd(_sslConnection));
- PROTOCOL_DEBUG(s.str());
- }
- }
-
- Connection::shutdown();
-
- METHOD_RET("OpenSSL::ServerConnection::shutdown()");
-}
-
-int
-IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout)
-{
- JTCSyncT<JTCMutex> sync(_initMutex);
-
- int retCode = 0;
-
- METHOD_INV("OpenSSL::ServerConnection::init()");
-
- if (!SSL_is_init_finished(_sslConnection))
- {
- int i = 0;
-
- if (initWantRead)
- {
- i = readSelect(timeout);
- }
- else if (initWantWrite)
- {
- i = writeSelect(timeout);
- }
-
- if (initWantRead && i == 0)
- {
- return 0;
- }
-
- if (initWantWrite && i == 0)
- {
- return 0;
- }
-
- initWantRead = 0;
- initWantWrite = 0;
-
- int result = accept();
-
- // Find out what the error was (if any).
- int code = getLastError();
-
- // We're doing an Accept and we don't get a retry on the socket.
- if ((result <= 0) && (BIO_sock_should_retry(result) == 0))
- {
- // Socket can't retry - bad scene, find out why.
- long verify_error = SSL_get_verify_result(_sslConnection);
-
- if (verify_error != X509_V_OK)
- {
- // SSL Protocol Error - Shutdown the Connection.
- string errorString = "SSL certificate verification error.";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
- else
- {
- // SSL Protocol Error - Shutdown the Connection.
- string errorString = "SSL Protocol Error.";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
-
- switch (code)
- {
- case SSL_ERROR_WANT_READ:
- {
- initWantRead = 1;
- break;
- }
-
- case SSL_ERROR_WANT_WRITE:
- {
- initWantWrite = 1;
- break;
- }
-
-
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_X509_LOOKUP:
- {
- // Do nothing, life is good!
- break;
- }
-
- case SSL_ERROR_SYSCALL:
- {
- // This is a SOCKET_ERROR, but we don't use
- // this define here as OpenSSL doesn't refer
- // to it as a SOCKET_ERROR (but that's what it is
- // if you look at their code).
- if(result == -1)
- {
- if (interrupted())
- {
- break;
- }
-
- if (wouldBlock())
- {
- readSelect(timeout);
- break;
- }
-
- if (connectionLost())
- {
- ConnectionLostException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
- else
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
- }
- else
- {
- string errorString = "SSL_ERROR_SYSCALL: During init().";
-
- EXCEPTION(errorString);
-
- throw InitException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
-
- case SSL_ERROR_SSL:
- {
- string errorString = "SSL_ERROR_SSL: During init().";
-
- EXCEPTION(errorString);
-
- throw InitException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
-
- retCode = SSL_is_init_finished(_sslConnection);
-
- if (retCode > 0)
- {
- // Init finished, look at the connection information.
- showConnectionInfo();
- }
- }
- else
- {
- retCode = 1;
- }
-
- METHOD_RET("OpenSSL::ServerConnection::init()");
-
- return retCode;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::ServerConnection::read(Buffer& buf, int timeout)
-{
- METHOD_INV("OpenSSL::ServerConnection::read(Buffer&, int)");
-
- int bytesRead = 1;
- int totalBytesRead = 0;
-
- // We keep reading until we're done.
- while ((buf.i != buf.b.end()) && bytesRead)
- {
- // Copy over bytes from _inBuffer to buf.
- bytesRead = readInBuffer(buf);
-
- // Nothing in the _inBuffer?
- if (!bytesRead)
- {
- // Read from SSL.
- bytesRead = readSSL(buf, timeout);
- }
-
- // Keep track of the total bytes read.
- totalBytesRead += bytesRead;
- }
-
- METHOD_RET("OpenSSL::ServerConnection::read(Buffer&, int)");
-
- return totalBytesRead;
-}
-
-int
-IceSecurity::Ssl::OpenSSL::ServerConnection::write(Buffer& buf, int timeout)
-{
- METHOD_INV("OpenSSL::ServerConnection::write(Buffer&, int)");
-
- int totalBytesWritten = 0;
- int bytesWritten = 0;
-
- int packetSize = buf.b.end() - buf.i;
-
-#ifdef WIN32
- //
- // Limit packet size to avoid performance problems on WIN32.
- //
- if (packetSize > 64 * 1024)
- {
- packetSize = 64 * 1024;
- }
-#endif
-
- // We keep writing until we're done.
- while (buf.i != buf.b.end())
- {
- // Ensure we're initialized.
- if (init(timeout))
- {
- // Perform a select on the socket.
- if (!writeSelect(timeout))
- {
- // We're done here.
- break;
- }
-
- bytesWritten = sslWrite((char *)buf.i, packetSize);
-
- switch (getLastError())
- {
- case SSL_ERROR_NONE:
- {
- ostringstream s;
-
- s << "sent " << bytesWritten << " of " << packetSize;
- s << " bytes via SSL\n" << fdToString(SSL_get_fd(_sslConnection));
-
- PROTOCOL(s.str());
-
- totalBytesWritten += bytesWritten;
-
- buf.i += bytesWritten;
-
- if (packetSize > buf.b.end() - buf.i)
- {
- packetSize = buf.b.end() - buf.i;
- }
- continue;
- }
-
- case SSL_ERROR_WANT_WRITE: // Retry...
- {
- PROTOCOL("Error SSL_ERROR_WANT_WRITE: Repeating as per protocol.");
-
- continue;
- }
-
- case SSL_ERROR_WANT_READ: // The demo server ignores this error.
- {
- PROTOCOL("Error SSL_ERROR_WANT_READ: Ignoring as per protocol.");
-
- continue;
- }
-
- case SSL_ERROR_WANT_X509_LOOKUP: // The demo server ignores this error.
- {
- PROTOCOL("Error SSL_ERROR_WANT_X509_LOOKUP: Repeating as per protocol.");
-
- continue;
- }
-
- case SSL_ERROR_SYSCALL:
- {
- if (bytesWritten == -1)
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
- else
- {
- string errorString = "SSL_ERROR_SYSCALL";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
-
- case SSL_ERROR_SSL:
- {
- string errorString = "SSL_ERROR_SSL";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- case SSL_ERROR_ZERO_RETURN:
- {
- string errorString = "SSL_ERROR_ZERO_RETURN";
-
- EXCEPTION(errorString);
-
- throw ShutdownException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
- }
- }
-
- METHOD_RET("OpenSSL::ServerConnection::write(Buffer&, int)");
-
- return totalBytesWritten;
-}
-
-//
-// Protected Methods
-//
-
-void
-IceSecurity::Ssl::OpenSSL::ServerConnection::showConnectionInfo()
-{
- METHOD_INV("OpenSSL::ServerConnection::showConnectionInfo()");
-
- // Only in extreme cases do we enable this, partially because it doesn't use the Logger.
- if (_traceLevels->security >= SECURITY_PROTOCOL_DEBUG)
- {
- PROTOCOL_DEBUG("Begin Connection Information");
-
- BIO* bio = BIO_new_fp(stdout, BIO_NOCLOSE);
-
- showCertificateChain(bio);
-
- showPeerCertificate(bio,"Server");
-
- showSharedCiphers(bio);
-
- showSelectedCipherInfo(bio);
-
- showHandshakeStats(bio);
-
- showSessionInfo(bio);
-
- PROTOCOL_DEBUG("End of Connection Information");
-
- if (bio != 0)
- {
- BIO_free(bio);
- bio = 0;
- }
- }
-
- METHOD_RET("OpenSSL::ServerConnection::showConnectionInfo()");
-}
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <string> +#include <sstream> +#include <Ice/Network.h> +#include <Ice/Security.h> +#include <Ice/SslException.h> +#include <Ice/SslConnectionOpenSSLServer.h> + +using IceSecurity::Ssl::ReInitException; +using IceSecurity::Ssl::ShutdownException; +using IceSecurity::Ssl::InitException; +using namespace IceInternal; +using namespace std; + +////////////////////////////////////// +////////// ServerConnection ////////// +////////////////////////////////////// + +// +// Public Methods +// + +IceSecurity::Ssl::OpenSSL::ServerConnection::ServerConnection(SSL* connection, string& systemID) : + Connection(connection, systemID) +{ +} + +IceSecurity::Ssl::OpenSSL::ServerConnection::~ServerConnection() +{ + METHOD_INV("OpenSSL::ServerConnection::~ServerConnection()"); + + shutdown(); + + METHOD_RET("OpenSSL::ServerConnection::~ServerConnection()"); +} + +void +IceSecurity::Ssl::OpenSSL::ServerConnection::shutdown() +{ + METHOD_INV("OpenSSL::ServerConnection::shutdown()"); + + if (_sslConnection != 0) + { + // NOTE: This call is how the server application shuts down, but they are + // also using SSL_CTX_set_quiet_shutdown(). + // SSL_set_shutdown(_sslConnection,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + + int shutdown = 0; + int retries = 100; + + do + { + shutdown = SSL_shutdown(_sslConnection); + retries--; + } + while ((shutdown == 0) && (retries > 0)); + + if (shutdown <= 0) + { + ostringstream s; + s << "SSL shutdown failure encountered: code[" << shutdown << "] retries["; + s << retries << "]\n" << fdToString(SSL_get_fd(_sslConnection)); + PROTOCOL_DEBUG(s.str()); + } + } + + Connection::shutdown(); + + METHOD_RET("OpenSSL::ServerConnection::shutdown()"); +} + +int +IceSecurity::Ssl::OpenSSL::ServerConnection::init(int timeout) +{ + JTCSyncT<JTCMutex> sync(_initMutex); + + int retCode = 0; + + METHOD_INV("OpenSSL::ServerConnection::init()"); + + if (!SSL_is_init_finished(_sslConnection)) + { + int i = 0; + + if (initWantRead) + { + i = readSelect(timeout); + } + else if (initWantWrite) + { + i = writeSelect(timeout); + } + + if (initWantRead && i == 0) + { + return 0; + } + + if (initWantWrite && i == 0) + { + return 0; + } + + initWantRead = 0; + initWantWrite = 0; + + int result = accept(); + + // Find out what the error was (if any). + int code = getLastError(); + + // We're doing an Accept and we don't get a retry on the socket. + if ((result <= 0) && (BIO_sock_should_retry(result) == 0)) + { + // Socket can't retry - bad scene, find out why. + long verify_error = SSL_get_verify_result(_sslConnection); + + if (verify_error != X509_V_OK) + { + // SSL Protocol Error - Shutdown the Connection. + string errorString = "SSL certificate verification error."; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + else + { + // SSL Protocol Error - Shutdown the Connection. + string errorString = "SSL Protocol Error."; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + } + + switch (code) + { + case SSL_ERROR_WANT_READ: + { + initWantRead = 1; + break; + } + + case SSL_ERROR_WANT_WRITE: + { + initWantWrite = 1; + break; + } + + + case SSL_ERROR_NONE: + case SSL_ERROR_WANT_X509_LOOKUP: + { + // Do nothing, life is good! + break; + } + + case SSL_ERROR_SYSCALL: + { + // This is a SOCKET_ERROR, but we don't use + // this define here as OpenSSL doesn't refer + // to it as a SOCKET_ERROR (but that's what it is + // if you look at their code). + if(result == -1) + { + if (interrupted()) + { + break; + } + + if (wouldBlock()) + { + readSelect(timeout); + break; + } + + if (connectionLost()) + { + ConnectionLostException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + else + { + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + } + else + { + string errorString = "SSL_ERROR_SYSCALL: During init()."; + + EXCEPTION(errorString); + + throw InitException(errorString.c_str(), __FILE__, __LINE__); + } + } + + case SSL_ERROR_SSL: + { + string errorString = "SSL_ERROR_SSL: During init()."; + + EXCEPTION(errorString); + + throw InitException(errorString.c_str(), __FILE__, __LINE__); + } + } + + retCode = SSL_is_init_finished(_sslConnection); + + if (retCode > 0) + { + // Init finished, look at the connection information. + showConnectionInfo(); + } + } + else + { + retCode = 1; + } + + METHOD_RET("OpenSSL::ServerConnection::init()"); + + return retCode; +} + +int +IceSecurity::Ssl::OpenSSL::ServerConnection::read(Buffer& buf, int timeout) +{ + METHOD_INV("OpenSSL::ServerConnection::read(Buffer&, int)"); + + int bytesRead = 1; + int totalBytesRead = 0; + + // We keep reading until we're done. + while ((buf.i != buf.b.end()) && bytesRead) + { + // Copy over bytes from _inBuffer to buf. + bytesRead = readInBuffer(buf); + + // Nothing in the _inBuffer? + if (!bytesRead) + { + // Read from SSL. + bytesRead = readSSL(buf, timeout); + } + + // Keep track of the total bytes read. + totalBytesRead += bytesRead; + } + + METHOD_RET("OpenSSL::ServerConnection::read(Buffer&, int)"); + + return totalBytesRead; +} + +int +IceSecurity::Ssl::OpenSSL::ServerConnection::write(Buffer& buf, int timeout) +{ + METHOD_INV("OpenSSL::ServerConnection::write(Buffer&, int)"); + + int totalBytesWritten = 0; + int bytesWritten = 0; + + int packetSize = buf.b.end() - buf.i; + +#ifdef WIN32 + // + // Limit packet size to avoid performance problems on WIN32. + // + if (packetSize > 64 * 1024) + { + packetSize = 64 * 1024; + } +#endif + + // We keep writing until we're done. + while (buf.i != buf.b.end()) + { + // Ensure we're initialized. + if (init(timeout)) + { + // Perform a select on the socket. + if (!writeSelect(timeout)) + { + // We're done here. + break; + } + + bytesWritten = sslWrite((char *)buf.i, packetSize); + + switch (getLastError()) + { + case SSL_ERROR_NONE: + { + ostringstream s; + + s << "sent " << bytesWritten << " of " << packetSize; + s << " bytes via SSL\n" << fdToString(SSL_get_fd(_sslConnection)); + + PROTOCOL(s.str()); + + totalBytesWritten += bytesWritten; + + buf.i += bytesWritten; + + if (packetSize > buf.b.end() - buf.i) + { + packetSize = buf.b.end() - buf.i; + } + continue; + } + + case SSL_ERROR_WANT_WRITE: // Retry... + { + PROTOCOL("Error SSL_ERROR_WANT_WRITE: Repeating as per protocol."); + + continue; + } + + case SSL_ERROR_WANT_READ: // The demo server ignores this error. + { + PROTOCOL("Error SSL_ERROR_WANT_READ: Ignoring as per protocol."); + + continue; + } + + case SSL_ERROR_WANT_X509_LOOKUP: // The demo server ignores this error. + { + PROTOCOL("Error SSL_ERROR_WANT_X509_LOOKUP: Repeating as per protocol."); + + continue; + } + + case SSL_ERROR_SYSCALL: + { + if (bytesWritten == -1) + { + SocketException ex(__FILE__, __LINE__); + ex.error = getSocketErrno(); + throw ex; + } + else + { + string errorString = "SSL_ERROR_SYSCALL"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + } + + case SSL_ERROR_SSL: + { + string errorString = "SSL_ERROR_SSL"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + + case SSL_ERROR_ZERO_RETURN: + { + string errorString = "SSL_ERROR_ZERO_RETURN"; + + EXCEPTION(errorString); + + throw ShutdownException(errorString.c_str(), __FILE__, __LINE__); + } + } + } + } + + METHOD_RET("OpenSSL::ServerConnection::write(Buffer&, int)"); + + return totalBytesWritten; +} + +// +// Protected Methods +// + +void +IceSecurity::Ssl::OpenSSL::ServerConnection::showConnectionInfo() +{ + METHOD_INV("OpenSSL::ServerConnection::showConnectionInfo()"); + + // Only in extreme cases do we enable this, partially because it doesn't use the Logger. + if (_traceLevels->security >= SECURITY_PROTOCOL_DEBUG) + { + PROTOCOL_DEBUG("Begin Connection Information"); + + BIO* bio = BIO_new_fp(stdout, BIO_NOCLOSE); + + showCertificateChain(bio); + + showPeerCertificate(bio,"Server"); + + showSharedCiphers(bio); + + showSelectedCipherInfo(bio); + + showHandshakeStats(bio); + + showSessionInfo(bio); + + PROTOCOL_DEBUG("End of Connection Information"); + + if (bio != 0) + { + BIO_free(bio); + bio = 0; + } + } + + METHOD_RET("OpenSSL::ServerConnection::showConnectionInfo()"); +} diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.h b/cpp/src/Ice/SslConnectionOpenSSLServer.h index 183b3cb3a90..4ee9d4ecb95 100644 --- a/cpp/src/Ice/SslConnectionOpenSSLServer.h +++ b/cpp/src/Ice/SslConnectionOpenSSLServer.h @@ -1,52 +1,52 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONNECTION_OPENSSL_SERVER_H
-#define ICE_SSL_CONNECTION_OPENSSL_SERVER_H
-
-#include <openssl/ssl.h>
-#include <Ice/Buffer.h>
-#include <Ice/SslConnectionOpenSSL.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-namespace OpenSSL
-{
-
-using namespace Ice;
-
-class ServerConnection : public Connection
-{
-
-public:
- ServerConnection(SSL*, string&);
- virtual ~ServerConnection();
- virtual void shutdown();
- virtual int init(int timeout = 0);
-
- virtual int read(Buffer&, int);
- virtual int write(Buffer&, int);
-
-protected:
-
- virtual void showConnectionInfo();
-};
-
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_CONNECTION_OPENSSL_SERVER_H +#define ICE_SSL_CONNECTION_OPENSSL_SERVER_H + +#include <openssl/ssl.h> +#include <Ice/Buffer.h> +#include <Ice/SslConnectionOpenSSL.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +namespace OpenSSL +{ + +using namespace Ice; + +class ServerConnection : public Connection +{ + +public: + ServerConnection(SSL*, string&); + virtual ~ServerConnection(); + virtual void shutdown(); + virtual int init(int timeout = 0); + + virtual int read(Buffer&, int); + virtual int write(Buffer&, int); + +protected: + + virtual void showConnectionInfo(); +}; + +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslConnector.cpp b/cpp/src/Ice/SslConnector.cpp index c1b8b33d409..a3824ecdca2 100644 --- a/cpp/src/Ice/SslConnector.cpp +++ b/cpp/src/Ice/SslConnector.cpp @@ -6,35 +6,35 @@ // // All Rights Reserved // -// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
+// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif -#include <Ice/SslFactory.h>
-#include <Ice/SslSystem.h>
+#include <Ice/SslFactory.h> +#include <Ice/SslSystem.h> #include <Ice/SslConnector.h> #include <Ice/SslTransceiver.h> #include <Ice/Instance.h> #include <Ice/TraceLevels.h> #include <Ice/Logger.h> #include <Ice/Network.h> -#include <Ice/Properties.h>
+#include <Ice/Properties.h> #include <Ice/Exception.h> -#include <Ice/SslException.h>
-#include <sstream>
+#include <Ice/SslException.h> +#include <sstream> using namespace std; using namespace Ice; using namespace IceInternal; -using std::ostringstream;
-using std::string;
-using IceSecurity::Ssl::Connection;
-using IceSecurity::Ssl::Factory;
-using IceSecurity::Ssl::System;
+using std::ostringstream; +using std::string; +using IceSecurity::Ssl::Connection; +using IceSecurity::Ssl::Factory; +using IceSecurity::Ssl::System; using IceSecurity::Ssl::ShutdownException; -
+ TransceiverPtr IceInternal::SslConnector::connect(int timeout) { @@ -55,50 +55,50 @@ IceInternal::SslConnector::connect(int timeout) _logger->trace(_traceLevels->networkCat, s.str()); } - // This is the Ice SSL Configuration File on which we will base
- // all connections in this communicator.
- string configFile = _instance->properties()->getProperty("Ice.Ssl.Config");
-
- // Get an instance of the SslOpenSSL singleton.
- System* sslSystem = Factory::getSystem(configFile);
-
- if (!sslSystem->isTraceSet())
- {
- sslSystem->setTrace(_traceLevels);
- }
-
- if (!sslSystem->isLoggerSet())
- {
- sslSystem->setLogger(_logger);
- }
-
- // Initialize the server (if needed)
- if (!sslSystem->isConfigLoaded())
- {
- sslSystem->loadConfig();
- }
- - Connection* sslConnection = 0;
-
- try
- {
- sslConnection = sslSystem->createClientConnection(fd);
- }
- catch (...)
- {
- Factory::releaseSystem(sslSystem);
- sslSystem = 0;
-
- // Shutdown the connection.
- throw;
- }
-
- TransceiverPtr transPtr = new SslTransceiver(_instance, fd, sslConnection);
-
- Factory::releaseSystem(sslSystem);
- sslSystem = 0;
- - return transPtr;
+ // This is the Ice SSL Configuration File on which we will base + // all connections in this communicator. + string configFile = _instance->properties()->getProperty("Ice.Ssl.Config"); + + // Get an instance of the SslOpenSSL singleton. + System* sslSystem = Factory::getSystem(configFile); + + if (!sslSystem->isTraceSet()) + { + sslSystem->setTrace(_traceLevels); + } + + if (!sslSystem->isLoggerSet()) + { + sslSystem->setLogger(_logger); + } + + // Initialize the server (if needed) + if (!sslSystem->isConfigLoaded()) + { + sslSystem->loadConfig(); + } + + Connection* sslConnection = 0; + + try + { + sslConnection = sslSystem->createClientConnection(fd); + } + catch (...) + { + Factory::releaseSystem(sslSystem); + sslSystem = 0; + + // Shutdown the connection. + throw; + } + + TransceiverPtr transPtr = new SslTransceiver(_instance, fd, sslConnection); + + Factory::releaseSystem(sslSystem); + sslSystem = 0; + + return transPtr; } string diff --git a/cpp/src/Ice/SslException.cpp b/cpp/src/Ice/SslException.cpp index 052a115c2b2..edca53e1cfc 100644 --- a/cpp/src/Ice/SslException.cpp +++ b/cpp/src/Ice/SslException.cpp @@ -1,291 +1,291 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
-
-#include <Ice/SslException.h>
-
-using Ice::SocketException;
-using Ice::Exception;
-
-using std::ostream;
-using std::string;
-
-//////////////////////////////////
-////////// SecurityException /////
-//////////////////////////////////
-
-//
-// Public Methods
-//
-
-IceSecurity::SecurityException::SecurityException(const char* errMessage, const char* file, int line) :
- LocalException(file, line),
- _message(errMessage)
-{
-}
-
-IceSecurity::SecurityException::SecurityException(const SecurityException& ex) :
- LocalException(ex)
-{
-}
-
-IceSecurity::SecurityException&
-IceSecurity::SecurityException::operator=(const SecurityException& ex)
-{
- LocalException::operator=(ex);
- return *this;
-}
-
-string
-IceSecurity::SecurityException::toString() const
-{
- string s = _name();
-
- if (_message == "")
- {
- s += ": unspecified exception";
- }
- else
- {
- s += ": ";
- s += _message;
- }
-
- return s;
-}
-
-string
-IceSecurity::SecurityException::_name() const
-{
- return "IceSecurity::SecurityException";
-}
-
-void
-IceSecurity::SecurityException::_print(ostream& out) const
-{
- Exception::_print(out);
- out << ":\nunknown security exception";
-}
-
-Ice::Exception*
-IceSecurity::SecurityException::_clone() const
-{
- return new SecurityException(*this);
-}
-
-void
-IceSecurity::SecurityException::_throw() const
-{
- throw *this;
-}
-
-///////////////////////////////////
-////////// InitException //////////
-///////////////////////////////////
-
-//
-// Public Methods
-//
-
-IceSecurity::Ssl::InitException::InitException(const char* errMessage, const char* file, int line) :
- SecurityException(errMessage, file, line)
-{
-}
-
-IceSecurity::Ssl::InitException::InitException(const InitException& ex) :
- SecurityException(ex)
-{
-}
-
-IceSecurity::Ssl::InitException&
-IceSecurity::Ssl::InitException::operator=(const InitException& ex)
-{
- SecurityException::operator=(ex);
- return *this;
-}
-
-string
-IceSecurity::Ssl::InitException::_name() const
-{
- return "IceSecurity::InitException";
-}
-
-void
-IceSecurity::Ssl::InitException::_print(ostream& out) const
-{
- Exception::_print(out);
- out << ":\nsecurity system initialization exception";
-}
-
-Ice::Exception*
-IceSecurity::Ssl::InitException::_clone() const
-{
- return new InitException(*this);
-}
-
-void
-IceSecurity::Ssl::InitException::_throw() const
-{
- throw *this;
-}
-
-/////////////////////////////////////
-////////// ReInitException //////////
-/////////////////////////////////////
-
-//
-// Public Methods
-//
-
-IceSecurity::Ssl::ReInitException::ReInitException(const char* errMessage, const char* file, int line) :
- SecurityException(errMessage, file, line)
-{
-}
-
-IceSecurity::Ssl::ReInitException::ReInitException(const ReInitException& ex) :
- SecurityException(ex)
-{
-}
-
-IceSecurity::Ssl::ReInitException&
-IceSecurity::Ssl::ReInitException::operator=(const ReInitException& ex)
-{
- SecurityException::operator=(ex);
- return *this;
-}
-
-string
-IceSecurity::Ssl::ReInitException::_name() const
-{
- return "IceSecurity::ReInitException";
-}
-
-void
-IceSecurity::Ssl::ReInitException::_print(ostream& out) const
-{
- Exception::_print(out);
- out << ":\nsecurity system re-initialization exception";
-}
-
-Ice::Exception*
-IceSecurity::Ssl::ReInitException::_clone() const
-{
- return new ReInitException(*this);
-}
-
-void
-IceSecurity::Ssl::ReInitException::_throw() const
-{
- throw *this;
-}
-
-///////////////////////////////////////
-////////// ShutdownException //////////
-///////////////////////////////////////
-
-//
-// Public Methods
-//
-
-IceSecurity::Ssl::ShutdownException::ShutdownException(const char* errMessage, const char* file, int line) :
- SecurityException(errMessage, file, line)
-{
-}
-
-IceSecurity::Ssl::ShutdownException::ShutdownException(const ShutdownException& ex) :
- SecurityException(ex)
-{
-}
-
-IceSecurity::Ssl::ShutdownException&
-IceSecurity::Ssl::ShutdownException::operator=(const ShutdownException& ex)
-{
- SecurityException::operator=(ex);
- return *this;
-}
-
-string
-IceSecurity::Ssl::ShutdownException::_name() const
-{
- return "IceSecurity::ShutdownException";
-}
-
-void
-IceSecurity::Ssl::ShutdownException::_print(ostream& out) const
-{
- Exception::_print(out);
- out << ":\nsecurity system shutdown exception";
-}
-
-Ice::Exception*
-IceSecurity::Ssl::ShutdownException::_clone() const
-{
- return new ShutdownException(*this);
-}
-
-void
-IceSecurity::Ssl::ShutdownException::_throw() const
-{
- throw *this;
-}
-
-//////////////////////////////////////
-////////// ContextException //////////
-//////////////////////////////////////
-
-//
-// Public Methods
-//
-
-IceSecurity::Ssl::OpenSSL::ContextException::ContextException(const char* errMessage, const char* file, int line) :
- InitException(errMessage, file, line)
-{
-}
-
-IceSecurity::Ssl::OpenSSL::ContextException::ContextException(const ContextException& ex) :
- InitException(ex)
-{
-}
-
-IceSecurity::Ssl::OpenSSL::ContextException&
-IceSecurity::Ssl::OpenSSL::ContextException::operator=(const ContextException& ex)
-{
- InitException::operator=(ex);
- return *this;
-}
-
-string
-IceSecurity::Ssl::OpenSSL::ContextException::_name() const
-{
- return "IceSecurity::ContextException";
-}
-
-void
-IceSecurity::Ssl::OpenSSL::ContextException::_print(ostream& out) const
-{
- Exception::_print(out);
- out << ":\nSSL System context exception";
-}
-
-Ice::Exception*
-IceSecurity::Ssl::OpenSSL::ContextException::_clone() const
-{
- return new ContextException(*this);
-}
-
-void
-IceSecurity::Ssl::OpenSSL::ContextException::_throw() const
-{
- throw *this;
-}
-
-
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif + +#include <Ice/SslException.h> + +using Ice::SocketException; +using Ice::Exception; + +using std::ostream; +using std::string; + +////////////////////////////////// +////////// SecurityException ///// +////////////////////////////////// + +// +// Public Methods +// + +IceSecurity::SecurityException::SecurityException(const char* errMessage, const char* file, int line) : + LocalException(file, line), + _message(errMessage) +{ +} + +IceSecurity::SecurityException::SecurityException(const SecurityException& ex) : + LocalException(ex) +{ +} + +IceSecurity::SecurityException& +IceSecurity::SecurityException::operator=(const SecurityException& ex) +{ + LocalException::operator=(ex); + return *this; +} + +string +IceSecurity::SecurityException::toString() const +{ + string s = _ice_name(); + + if (_message == "") + { + s += ": unspecified exception"; + } + else + { + s += ": "; + s += _message; + } + + return s; +} + +string +IceSecurity::SecurityException::_ice_name() const +{ + return "IceSecurity::SecurityException"; +} + +void +IceSecurity::SecurityException::_ice_print(ostream& out) const +{ + Exception::_ice_print(out); + out << ":\nunknown security exception"; +} + +Ice::Exception* +IceSecurity::SecurityException::_ice_clone() const +{ + return new SecurityException(*this); +} + +void +IceSecurity::SecurityException::_ice_throw() const +{ + throw *this; +} + +/////////////////////////////////// +////////// InitException ////////// +/////////////////////////////////// + +// +// Public Methods +// + +IceSecurity::Ssl::InitException::InitException(const char* errMessage, const char* file, int line) : + SecurityException(errMessage, file, line) +{ +} + +IceSecurity::Ssl::InitException::InitException(const InitException& ex) : + SecurityException(ex) +{ +} + +IceSecurity::Ssl::InitException& +IceSecurity::Ssl::InitException::operator=(const InitException& ex) +{ + SecurityException::operator=(ex); + return *this; +} + +string +IceSecurity::Ssl::InitException::_ice_name() const +{ + return "IceSecurity::InitException"; +} + +void +IceSecurity::Ssl::InitException::_ice_print(ostream& out) const +{ + Exception::_ice_print(out); + out << ":\nsecurity system initialization exception"; +} + +Ice::Exception* +IceSecurity::Ssl::InitException::_ice_clone() const +{ + return new InitException(*this); +} + +void +IceSecurity::Ssl::InitException::_ice_throw() const +{ + throw *this; +} + +///////////////////////////////////// +////////// ReInitException ////////// +///////////////////////////////////// + +// +// Public Methods +// + +IceSecurity::Ssl::ReInitException::ReInitException(const char* errMessage, const char* file, int line) : + SecurityException(errMessage, file, line) +{ +} + +IceSecurity::Ssl::ReInitException::ReInitException(const ReInitException& ex) : + SecurityException(ex) +{ +} + +IceSecurity::Ssl::ReInitException& +IceSecurity::Ssl::ReInitException::operator=(const ReInitException& ex) +{ + SecurityException::operator=(ex); + return *this; +} + +string +IceSecurity::Ssl::ReInitException::_ice_name() const +{ + return "IceSecurity::ReInitException"; +} + +void +IceSecurity::Ssl::ReInitException::_ice_print(ostream& out) const +{ + Exception::_ice_print(out); + out << ":\nsecurity system re-initialization exception"; +} + +Ice::Exception* +IceSecurity::Ssl::ReInitException::_ice_clone() const +{ + return new ReInitException(*this); +} + +void +IceSecurity::Ssl::ReInitException::_ice_throw() const +{ + throw *this; +} + +/////////////////////////////////////// +////////// ShutdownException ////////// +/////////////////////////////////////// + +// +// Public Methods +// + +IceSecurity::Ssl::ShutdownException::ShutdownException(const char* errMessage, const char* file, int line) : + SecurityException(errMessage, file, line) +{ +} + +IceSecurity::Ssl::ShutdownException::ShutdownException(const ShutdownException& ex) : + SecurityException(ex) +{ +} + +IceSecurity::Ssl::ShutdownException& +IceSecurity::Ssl::ShutdownException::operator=(const ShutdownException& ex) +{ + SecurityException::operator=(ex); + return *this; +} + +string +IceSecurity::Ssl::ShutdownException::_ice_name() const +{ + return "IceSecurity::ShutdownException"; +} + +void +IceSecurity::Ssl::ShutdownException::_ice_print(ostream& out) const +{ + Exception::_ice_print(out); + out << ":\nsecurity system shutdown exception"; +} + +Ice::Exception* +IceSecurity::Ssl::ShutdownException::_ice_clone() const +{ + return new ShutdownException(*this); +} + +void +IceSecurity::Ssl::ShutdownException::_ice_throw() const +{ + throw *this; +} + +////////////////////////////////////// +////////// ContextException ////////// +////////////////////////////////////// + +// +// Public Methods +// + +IceSecurity::Ssl::OpenSSL::ContextException::ContextException(const char* errMessage, const char* file, int line) : + InitException(errMessage, file, line) +{ +} + +IceSecurity::Ssl::OpenSSL::ContextException::ContextException(const ContextException& ex) : + InitException(ex) +{ +} + +IceSecurity::Ssl::OpenSSL::ContextException& +IceSecurity::Ssl::OpenSSL::ContextException::operator=(const ContextException& ex) +{ + InitException::operator=(ex); + return *this; +} + +string +IceSecurity::Ssl::OpenSSL::ContextException::_ice_name() const +{ + return "IceSecurity::ContextException"; +} + +void +IceSecurity::Ssl::OpenSSL::ContextException::_ice_print(ostream& out) const +{ + Exception::_ice_print(out); + out << ":\nSSL System context exception"; +} + +Ice::Exception* +IceSecurity::Ssl::OpenSSL::ContextException::_ice_clone() const +{ + return new ContextException(*this); +} + +void +IceSecurity::Ssl::OpenSSL::ContextException::_ice_throw() const +{ + throw *this; +} + + diff --git a/cpp/src/Ice/SslException.h b/cpp/src/Ice/SslException.h index a16b4627d30..0f17712141f 100644 --- a/cpp/src/Ice/SslException.h +++ b/cpp/src/Ice/SslException.h @@ -1,138 +1,138 @@ -////*********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-////*********************************************************************
-
-#ifndef ICE_SSL_EXCEPTION_H
-#define ICE_SSL_EXCEPTION_H
-
-#include <Ice/LocalException.h>
-#include <string>
-#include <ostream>
-
-namespace IceSecurity
-{
-
-using std::string;
-using std::ostream;
-using Ice::Exception;
-using Ice::LocalException;
-
-// SecurityException
-//
-// This exception serves as the base for all SSL related exceptions. It should probably
-// not be constructed directly, but can be used in this manner if desired.
-//
-class ICE_API SecurityException : public LocalException // public SocketException
-{
-public:
-
- SecurityException(const char*, const char*, int);
- SecurityException(const SecurityException&);
- SecurityException& operator=(const SecurityException&);
- virtual string toString() const;
- virtual string _name() const;
- virtual void _print(std::ostream&) const;
- virtual Exception* _clone() const;
- virtual void _throw() const;
-
-private:
-
- string _message;
-};
-
-namespace Ssl
-{
-
-// InitException
-//
-// This exception indicates a problem during SSL connection setup, most likely due to
-// problems with the SSL handshake. This is primarily a client-side exception.
-//
-class ICE_API InitException : public SecurityException
-{
-public:
-
- InitException(const char*, const char*, int);
- InitException(const InitException&);
- InitException& operator=(const InitException&);
- virtual string _name() const;
- virtual void _print(std::ostream&) const;
- virtual Exception* _clone() const;
- virtual void _throw() const;
-
-};
-
-// ReInitException
-//
-// This exception indicates that the SSL connection should be re-initialized.
-// This is primarily a server-side exception.
-//
-class ICE_API ReInitException : public SecurityException
-{
-public:
-
- ReInitException(const char*, const char*, int);
- ReInitException(const ReInitException&);
- ReInitException& operator=(const ReInitException&);
- virtual string _name() const;
- virtual void _print(std::ostream&) const;
- virtual Exception* _clone() const;
- virtual void _throw() const;
-
-};
-
-// ShutdownException
-//
-// This exception indicates that there has been a fatal SSL connection problem
-// that requires the shutdown of the connection and closing of the underlying
-// transport.
-//
-class ICE_API ShutdownException : public SecurityException
-{
-public:
-
- ShutdownException(const char*, const char*, int);
- ShutdownException(const ShutdownException&);
- ShutdownException& operator=(const ShutdownException&);
- virtual string _name() const;
- virtual void _print(std::ostream&) const;
- virtual Exception* _clone() const;
- virtual void _throw() const;
-
-};
-
-namespace OpenSSL
-{
-
-// ContextException
-//
-// This exception indicates that a problem occurred while setting up the
-// SSL context structure (SSL_CTX).
-//
-class ICE_API ContextException : public InitException
-{
-public:
-
- ContextException(const char*, const char*, int);
- ContextException(const ContextException&);
- ContextException& operator=(const ContextException&);
- virtual string _name() const;
- virtual void _print(std::ostream&) const;
- virtual Exception* _clone() const;
- virtual void _throw() const;
-
-};
-
-}
-
-}
-
-}
-
-#endif
+////********************************************************************* +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +////********************************************************************* + +#ifndef ICE_SSL_EXCEPTION_H +#define ICE_SSL_EXCEPTION_H + +#include <Ice/LocalException.h> +#include <string> +#include <ostream> + +namespace IceSecurity +{ + +using std::string; +using std::ostream; +using Ice::Exception; +using Ice::LocalException; + +// SecurityException +// +// This exception serves as the base for all SSL related exceptions. It should probably +// not be constructed directly, but can be used in this manner if desired. +// +class ICE_API SecurityException : public LocalException // public SocketException +{ +public: + + SecurityException(const char*, const char*, int); + SecurityException(const SecurityException&); + SecurityException& operator=(const SecurityException&); + virtual string toString() const; + virtual string _ice_name() const; + virtual void _ice_print(std::ostream&) const; + virtual Exception* _ice_clone() const; + virtual void _ice_throw() const; + +private: + + string _message; +}; + +namespace Ssl +{ + +// InitException +// +// This exception indicates a problem during SSL connection setup, most likely due to +// problems with the SSL handshake. This is primarily a client-side exception. +// +class ICE_API InitException : public SecurityException +{ +public: + + InitException(const char*, const char*, int); + InitException(const InitException&); + InitException& operator=(const InitException&); + virtual string _ice_name() const; + virtual void _ice_print(std::ostream&) const; + virtual Exception* _ice_clone() const; + virtual void _ice_throw() const; + +}; + +// ReInitException +// +// This exception indicates that the SSL connection should be re-initialized. +// This is primarily a server-side exception. +// +class ICE_API ReInitException : public SecurityException +{ +public: + + ReInitException(const char*, const char*, int); + ReInitException(const ReInitException&); + ReInitException& operator=(const ReInitException&); + virtual string _ice_name() const; + virtual void _ice_print(std::ostream&) const; + virtual Exception* _ice_clone() const; + virtual void _ice_throw() const; + +}; + +// ShutdownException +// +// This exception indicates that there has been a fatal SSL connection problem +// that requires the shutdown of the connection and closing of the underlying +// transport. +// +class ICE_API ShutdownException : public SecurityException +{ +public: + + ShutdownException(const char*, const char*, int); + ShutdownException(const ShutdownException&); + ShutdownException& operator=(const ShutdownException&); + virtual string _ice_name() const; + virtual void _ice_print(std::ostream&) const; + virtual Exception* _ice_clone() const; + virtual void _ice_throw() const; + +}; + +namespace OpenSSL +{ + +// ContextException +// +// This exception indicates that a problem occurred while setting up the +// SSL context structure (SSL_CTX). +// +class ICE_API ContextException : public InitException +{ +public: + + ContextException(const char*, const char*, int); + ContextException(const ContextException&); + ContextException& operator=(const ContextException&); + virtual string _ice_name() const; + virtual void _ice_print(std::ostream&) const; + virtual Exception* _ice_clone() const; + virtual void _ice_throw() const; + +}; + +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslFactory.cpp b/cpp/src/Ice/SslFactory.cpp index d565fee8728..54e0af0a8fc 100644 --- a/cpp/src/Ice/SslFactory.cpp +++ b/cpp/src/Ice/SslFactory.cpp @@ -1,119 +1,119 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
-
-#include <Ice/SslFactory.h>
-#include <Ice/SslSystemOpenSSL.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-// Static member instantiations.
-JTCMutex Factory::_systemRepositoryMutex;
-SystemMap Factory::_systemRepository;
-SslHandleSystemMap Factory::_sslHandleSystemRepository;
-
-}
-
-}
-
-IceSecurity::Ssl::System*
-IceSecurity::Ssl::Factory::getSystem(string& systemIdentifier)
-{
- JTCSyncT<JTCMutex> sync(_systemRepositoryMutex);
-
- System* _system = _systemRepository[systemIdentifier];
-
- // Don't have that System.
- if (_system == 0)
- {
- // In our case, the systemIdentifier happens to be the
- // SSL Configuration file.
-
- // This line would change based on the flavor of System that we're
- // creating for the caller.
- _system = new OpenSSL::System(systemIdentifier);
-
- if (_system != 0)
- {
- _systemRepository[systemIdentifier] = _system;
- }
- }
-
- assert(_system);
-
- _system->incRef();
-
- return _system;
-}
-
-void
-IceSecurity::Ssl::Factory::releaseSystem(System* system)
-{
- JTCSyncT<JTCMutex> sync(_systemRepositoryMutex);
-
- assert(system);
-
- // If the reference count is now at zero.
- if (!system->decRef())
- {
- _systemRepository.erase(system->getSystemID());
-
- delete system;
- }
-}
-
-void
-IceSecurity::Ssl::Factory::addSystemHandle(void* sslHandle, System* system)
-{
- assert(sslHandle);
- assert(system);
- _sslHandleSystemRepository[sslHandle] = system;
-}
-
-IceSecurity::Ssl::System*
-IceSecurity::Ssl::Factory::getSystemFromHandle(void* sslHandle)
-{
- JTCSyncT<JTCMutex> sync(_systemRepositoryMutex);
-
- assert(sslHandle);
-
- System* _system = _sslHandleSystemRepository[sslHandle];
-
- assert(_system);
-
- _system->incRef();
-
- return _system;
-}
-
-void
-IceSecurity::Ssl::Factory::releaseSystemFromHandle(void* sslHandle, System* system)
-{
- JTCSyncT<JTCMutex> sync(_systemRepositoryMutex);
-
- assert(sslHandle);
- assert(system);
-
- // If the reference count is now at zero.
- if (!system->decRef())
- {
- _sslHandleSystemRepository.erase(sslHandle);
- _systemRepository.erase(system->getSystemID());
-
- delete system;
- }
-}
-
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif + +#include <Ice/SslFactory.h> +#include <Ice/SslSystemOpenSSL.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +// Static member instantiations. +JTCMutex Factory::_systemRepositoryMutex; +SystemMap Factory::_systemRepository; +SslHandleSystemMap Factory::_sslHandleSystemRepository; + +} + +} + +IceSecurity::Ssl::System* +IceSecurity::Ssl::Factory::getSystem(string& systemIdentifier) +{ + JTCSyncT<JTCMutex> sync(_systemRepositoryMutex); + + System* _system = _systemRepository[systemIdentifier]; + + // Don't have that System. + if (_system == 0) + { + // In our case, the systemIdentifier happens to be the + // SSL Configuration file. + + // This line would change based on the flavor of System that we're + // creating for the caller. + _system = new OpenSSL::System(systemIdentifier); + + if (_system != 0) + { + _systemRepository[systemIdentifier] = _system; + } + } + + assert(_system); + + _system->incRef(); + + return _system; +} + +void +IceSecurity::Ssl::Factory::releaseSystem(System* system) +{ + JTCSyncT<JTCMutex> sync(_systemRepositoryMutex); + + assert(system); + + // If the reference count is now at zero. + if (!system->decRef()) + { + _systemRepository.erase(system->getSystemID()); + + delete system; + } +} + +void +IceSecurity::Ssl::Factory::addSystemHandle(void* sslHandle, System* system) +{ + assert(sslHandle); + assert(system); + _sslHandleSystemRepository[sslHandle] = system; +} + +IceSecurity::Ssl::System* +IceSecurity::Ssl::Factory::getSystemFromHandle(void* sslHandle) +{ + JTCSyncT<JTCMutex> sync(_systemRepositoryMutex); + + assert(sslHandle); + + System* _system = _sslHandleSystemRepository[sslHandle]; + + assert(_system); + + _system->incRef(); + + return _system; +} + +void +IceSecurity::Ssl::Factory::releaseSystemFromHandle(void* sslHandle, System* system) +{ + JTCSyncT<JTCMutex> sync(_systemRepositoryMutex); + + assert(sslHandle); + assert(system); + + // If the reference count is now at zero. + if (!system->decRef()) + { + _sslHandleSystemRepository.erase(sslHandle); + _systemRepository.erase(system->getSystemID()); + + delete system; + } +} + diff --git a/cpp/src/Ice/SslFactory.h b/cpp/src/Ice/SslFactory.h index bb226619d6d..44b02f49a4b 100644 --- a/cpp/src/Ice/SslFactory.h +++ b/cpp/src/Ice/SslFactory.h @@ -1,58 +1,58 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_FACTORY_H
-#define ICE_SSL_FACTORY_H
-
-#include <string>
-#include <map>
-#include <JTC/JTC.h>
-#include <Ice/SslSystem.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-using std::string;
-using std::map;
-
-typedef map<string,System*> SystemMap;
-typedef map<void*,System*> SslHandleSystemMap;
-
-// This is defined as a class so as to ensure encapsulation. We don't
-// want just anybody creating System instances - when all this is moved
-// out to a DLL/SO, we want to ensure that this vanilla interface is used
-// to get whatever flavor of System the DLL/SO is designed to hand out. As
-// a result, different flavors of the Security Extension DLL/SO will have
-// different definitions for getSystem().
-class Factory
-{
-
-public:
- static System* getSystem(string&);
- static void releaseSystem(System*);
-
- static void addSystemHandle(void*, System*);
- static System* getSystemFromHandle(void*);
- static void releaseSystemFromHandle(void*, System*);
-
-private:
- static SslHandleSystemMap _sslHandleSystemRepository;
- static SystemMap _systemRepository;
- static JTCMutex _systemRepositoryMutex;
-};
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_FACTORY_H +#define ICE_SSL_FACTORY_H + +#include <string> +#include <map> +#include <JTC/JTC.h> +#include <Ice/SslSystem.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +using std::string; +using std::map; + +typedef map<string,System*> SystemMap; +typedef map<void*,System*> SslHandleSystemMap; + +// This is defined as a class so as to ensure encapsulation. We don't +// want just anybody creating System instances - when all this is moved +// out to a DLL/SO, we want to ensure that this vanilla interface is used +// to get whatever flavor of System the DLL/SO is designed to hand out. As +// a result, different flavors of the Security Extension DLL/SO will have +// different definitions for getSystem(). +class Factory +{ + +public: + static System* getSystem(string&); + static void releaseSystem(System*); + + static void addSystemHandle(void*, System*); + static System* getSystemFromHandle(void*); + static void releaseSystemFromHandle(void*, System*); + +private: + static SslHandleSystemMap _sslHandleSystemRepository; + static SystemMap _systemRepository; + static JTCMutex _systemRepositoryMutex; +}; + +} + +} + +#endif diff --git a/cpp/src/Ice/SslGeneralConfig.cpp b/cpp/src/Ice/SslGeneralConfig.cpp index 6c804c1027f..5d32a43c9d9 100644 --- a/cpp/src/Ice/SslGeneralConfig.cpp +++ b/cpp/src/Ice/SslGeneralConfig.cpp @@ -1,146 +1,146 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
-
-#include <string>
-#include <algorithm>
-
-#include <openssl/ssl.h>
-#include <Ice/SslGeneralConfig.h>
-
-using namespace std;
-
-IceSecurity::Ssl::GeneralConfig::GeneralConfig()
-{
- _sslVersion = SSL_V23;
-
- _verifyMode = SSL_VERIFY_NONE;
- _verifyDepth = 10;
-
- _context = "";
- _cipherList = "";
- _randomBytesFiles = "";
-}
-
-void
-IceSecurity::Ssl::GeneralConfig::set(string& name, string& value)
-{
- if (name.compare("version") == 0)
- {
- parseVersion(value);
- }
- else if (name.compare("cipherlist") == 0)
- {
- _cipherList = value;
- }
- else if (name.compare("context") == 0)
- {
- _context = value;
- }
- else if (name.compare("verifymode") == 0)
- {
- parseVerifyMode(value);
- }
- else if (name.compare("verifydepth") == 0)
- {
- _verifyDepth = atoi(value.c_str());
- }
- else if (name.compare("randombytes") == 0)
- {
- _randomBytesFiles = value;
- }
- return;
-}
-
-//
-// Protected Methods
-//
-
-void
-IceSecurity::Ssl::GeneralConfig::parseVersion(string& value)
-{
- if (value.compare("SSLv2") == 0)
- {
- _sslVersion = SSL_V2;
- }
- else if (value.compare("SSLv23") == 0)
- {
- _sslVersion = SSL_V23;
- }
- else if (value.compare("SSLv3") == 0)
- {
- _sslVersion = SSL_V3;
- }
- else if (value.compare("TLSv1") == 0)
- {
- _sslVersion = TLS_V1;
- }
-
- return;
-}
-
-void
-IceSecurity::Ssl::GeneralConfig::parseVerifyMode(string& value)
-{
- const string delim = " |\t\n\r";
-
- string s(value);
- transform(s.begin(), s.end(), s.begin(), tolower);
-
- string::size_type beg;
- string::size_type end = 0;
-
- while (true)
- {
- beg = s.find_first_not_of(delim, end);
-
- if (beg == string::npos)
- {
- break;
- }
-
- end = s.find_first_of(delim, beg);
-
- if (end == string::npos)
- {
- end = s.length();
- }
-
- string option = s.substr(beg, end - beg);
-
- if (option.compare("none") == 0)
- {
- _verifyMode |= SSL_VERIFY_NONE;
- }
- else if (option.compare("peer") == 0)
- {
- _verifyMode |= SSL_VERIFY_PEER;
- }
- else if (option.compare("fail_no_cert") == 0)
- {
- _verifyMode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
- }
- else if (option.compare("client_once") == 0)
- {
- _verifyMode |= SSL_VERIFY_CLIENT_ONCE;
- }
- }
-
- // Both SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE require
- // that SSL_VERIFY_PEER be set, otherwise it's an error.
- if ((_verifyMode != SSL_VERIFY_NONE) && !(_verifyMode & SSL_VERIFY_PEER))
- {
- _verifyMode = SSL_VERIFY_NONE;
- }
-
- return;
-}
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif + +#include <string> +#include <algorithm> + +#include <openssl/ssl.h> +#include <Ice/SslGeneralConfig.h> + +using namespace std; + +IceSecurity::Ssl::GeneralConfig::GeneralConfig() +{ + _sslVersion = SSL_V23; + + _verifyMode = SSL_VERIFY_NONE; + _verifyDepth = 10; + + _context = ""; + _cipherList = ""; + _randomBytesFiles = ""; +} + +void +IceSecurity::Ssl::GeneralConfig::set(string& name, string& value) +{ + if (name.compare("version") == 0) + { + parseVersion(value); + } + else if (name.compare("cipherlist") == 0) + { + _cipherList = value; + } + else if (name.compare("context") == 0) + { + _context = value; + } + else if (name.compare("verifymode") == 0) + { + parseVerifyMode(value); + } + else if (name.compare("verifydepth") == 0) + { + _verifyDepth = atoi(value.c_str()); + } + else if (name.compare("randombytes") == 0) + { + _randomBytesFiles = value; + } + return; +} + +// +// Protected Methods +// + +void +IceSecurity::Ssl::GeneralConfig::parseVersion(string& value) +{ + if (value.compare("SSLv2") == 0) + { + _sslVersion = SSL_V2; + } + else if (value.compare("SSLv23") == 0) + { + _sslVersion = SSL_V23; + } + else if (value.compare("SSLv3") == 0) + { + _sslVersion = SSL_V3; + } + else if (value.compare("TLSv1") == 0) + { + _sslVersion = TLS_V1; + } + + return; +} + +void +IceSecurity::Ssl::GeneralConfig::parseVerifyMode(string& value) +{ + const string delim = " |\t\n\r"; + + string s(value); + transform(s.begin(), s.end(), s.begin(), tolower); + + string::size_type beg; + string::size_type end = 0; + + while (true) + { + beg = s.find_first_not_of(delim, end); + + if (beg == string::npos) + { + break; + } + + end = s.find_first_of(delim, beg); + + if (end == string::npos) + { + end = s.length(); + } + + string option = s.substr(beg, end - beg); + + if (option.compare("none") == 0) + { + _verifyMode |= SSL_VERIFY_NONE; + } + else if (option.compare("peer") == 0) + { + _verifyMode |= SSL_VERIFY_PEER; + } + else if (option.compare("fail_no_cert") == 0) + { + _verifyMode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + } + else if (option.compare("client_once") == 0) + { + _verifyMode |= SSL_VERIFY_CLIENT_ONCE; + } + } + + // Both SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE require + // that SSL_VERIFY_PEER be set, otherwise it's an error. + if ((_verifyMode != SSL_VERIFY_NONE) && !(_verifyMode & SSL_VERIFY_PEER)) + { + _verifyMode = SSL_VERIFY_NONE; + } + + return; +} diff --git a/cpp/src/Ice/SslGeneralConfig.h b/cpp/src/Ice/SslGeneralConfig.h index 024b14a6461..f8f06f8443d 100644 --- a/cpp/src/Ice/SslGeneralConfig.h +++ b/cpp/src/Ice/SslGeneralConfig.h @@ -1,75 +1,75 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_GENERAL_CONFIG_H
-#define ICE_SSL_GENERAL_CONFIG_H
-
-#include <Ice/SslSystemOpenSSL.h>
-#include <string>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-using std::string;
-using std::ostream;
-
-class GeneralConfig
-{
-
-public:
- GeneralConfig();
-
- inline SslProtocol getProtocol() const { return _sslVersion; };
- inline int getVerifyMode() const { return _verifyMode; };
- inline int getVerifyDepth() const { return _verifyDepth; };
-
- inline string getContext() const { return _context; };
- inline string getCipherList() const { return _cipherList; };
- inline string getRandomBytesFiles() const { return _randomBytesFiles; };
-
- // General method - it will figure out how to properly parse the data.
- void set(string&, string&);
-
-protected:
-
- SslProtocol _sslVersion;
-
- int _verifyMode;
- int _verifyDepth;
-
- string _context;
- string _cipherList;
- string _randomBytesFiles;
-
- void parseVersion(string&);
- void parseVerifyMode(string&);
-};
-
-template<class Stream> inline
-Stream& operator << (Stream& target, const GeneralConfig& generalConfig)
-{
- target << "Protocol: " << generalConfig.getProtocol() << endl;
- target << "Verify Mode: " << generalConfig.getVerifyMode() << endl;
- target << "Verify Depth: " << generalConfig.getVerifyDepth() << endl;
- target << "Context: " << generalConfig.getContext() << endl;
- target << "Cipher List: " << generalConfig.getCipherList() << endl;
- target << "Random Bytes: " << generalConfig.getRandomBytesFiles() << endl;
-
- return target;
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_GENERAL_CONFIG_H +#define ICE_SSL_GENERAL_CONFIG_H + +#include <Ice/SslSystemOpenSSL.h> +#include <string> + +namespace IceSecurity +{ + +namespace Ssl +{ + +using std::string; +using std::ostream; + +class GeneralConfig +{ + +public: + GeneralConfig(); + + inline SslProtocol getProtocol() const { return _sslVersion; }; + inline int getVerifyMode() const { return _verifyMode; }; + inline int getVerifyDepth() const { return _verifyDepth; }; + + inline string getContext() const { return _context; }; + inline string getCipherList() const { return _cipherList; }; + inline string getRandomBytesFiles() const { return _randomBytesFiles; }; + + // General method - it will figure out how to properly parse the data. + void set(string&, string&); + +protected: + + SslProtocol _sslVersion; + + int _verifyMode; + int _verifyDepth; + + string _context; + string _cipherList; + string _randomBytesFiles; + + void parseVersion(string&); + void parseVerifyMode(string&); +}; + +template<class Stream> inline +Stream& operator << (Stream& target, const GeneralConfig& generalConfig) +{ + target << "Protocol: " << generalConfig.getProtocol() << endl; + target << "Verify Mode: " << generalConfig.getVerifyMode() << endl; + target << "Verify Depth: " << generalConfig.getVerifyDepth() << endl; + target << "Context: " << generalConfig.getContext() << endl; + target << "Cipher List: " << generalConfig.getCipherList() << endl; + target << "Random Bytes: " << generalConfig.getRandomBytesFiles() << endl; + + return target; +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslSystem.cpp b/cpp/src/Ice/SslSystem.cpp index 04a8059676d..947bf48f556 100644 --- a/cpp/src/Ice/SslSystem.cpp +++ b/cpp/src/Ice/SslSystem.cpp @@ -1,28 +1,28 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <string>
-#include <Ice/SslSystem.h>
-
-using namespace std;
-
-//
-// Protected Methods
-//
-
-IceSecurity::Ssl::System::System(string& systemID) :
- _systemID(systemID),
- _refCount(0)
-{
-}
-
-IceSecurity::Ssl::System::~System()
-{
-}
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <string> +#include <Ice/SslSystem.h> + +using namespace std; + +// +// Protected Methods +// + +IceSecurity::Ssl::System::System(string& systemID) : + _systemID(systemID), + _refCount(0) +{ +} + +IceSecurity::Ssl::System::~System() +{ +} diff --git a/cpp/src/Ice/SslSystem.h b/cpp/src/Ice/SslSystem.h index 1785ba15cf6..c3376bfa7ab 100644 --- a/cpp/src/Ice/SslSystem.h +++ b/cpp/src/Ice/SslSystem.h @@ -1,72 +1,72 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-
-#ifndef ICE_SSL_SYSTEM_H
-#define ICE_SSL_SYSTEM_H
-
-#include <string>
-#include <Ice/SslConnection.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-using std::string;
-
-class Factory;
-
-// TODO: Can we derive this from Shared? How hard would that be?
-
-class System
-{
-
-public:
- inline string getSystemID() const { return _systemID; };
-
- virtual bool isConfigLoaded() = 0;
- virtual void loadConfig() = 0;
- virtual void shutdown() = 0;
-
- virtual Connection* createServerConnection(int) = 0;
- virtual Connection* createClientConnection(int) = 0;
-
- void setTrace(TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; };
- bool isTraceSet() const { return (_traceLevels == 0 ? false : true); };
-
- void setLogger(Ice::LoggerPtr traceLevels) { _logger = traceLevels; };
- bool isLoggerSet() const { return (_logger == 0 ? false : true); };
-
-protected:
-
- System(string&);
- virtual ~System();
-
- // Reference counting.
- inline void incRef() { _refCount++; };
- inline bool decRef() { return (--_refCount ? true : false); };
-
- string _systemID;
- int _refCount;
-
- TraceLevelsPtr _traceLevels;
- Ice::LoggerPtr _logger;
-
-friend class Factory;
-
-};
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + + +#ifndef ICE_SSL_SYSTEM_H +#define ICE_SSL_SYSTEM_H + +#include <string> +#include <Ice/SslConnection.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +using std::string; + +class Factory; + +// TODO: Can we derive this from Shared? How hard would that be? + +class System +{ + +public: + inline string getSystemID() const { return _systemID; }; + + virtual bool isConfigLoaded() = 0; + virtual void loadConfig() = 0; + virtual void shutdown() = 0; + + virtual Connection* createServerConnection(int) = 0; + virtual Connection* createClientConnection(int) = 0; + + void setTrace(TraceLevelsPtr traceLevels) { _traceLevels = traceLevels; }; + bool isTraceSet() const { return (_traceLevels == 0 ? false : true); }; + + void setLogger(Ice::LoggerPtr traceLevels) { _logger = traceLevels; }; + bool isLoggerSet() const { return (_logger == 0 ? false : true); }; + +protected: + + System(string&); + virtual ~System(); + + // Reference counting. + inline void incRef() { _refCount++; }; + inline bool decRef() { return (--_refCount ? true : false); }; + + string _systemID; + int _refCount; + + TraceLevelsPtr _traceLevels; + Ice::LoggerPtr _logger; + +friend class Factory; + +}; + +} + +} + +#endif diff --git a/cpp/src/Ice/SslSystemOpenSSL.cpp b/cpp/src/Ice/SslSystemOpenSSL.cpp index bd7302d94df..9ed157eaae7 100644 --- a/cpp/src/Ice/SslSystemOpenSSL.cpp +++ b/cpp/src/Ice/SslSystemOpenSSL.cpp @@ -1,1546 +1,1546 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifdef WIN32
-#pragma warning(disable:4786)
-#endif
-
-#include <sstream>
-#include <openssl/err.h>
-#include <openssl/e_os.h>
-#include <openssl/rand.h>
-#include <Ice/Security.h>
-#include <Ice/SslSystem.h>
-#include <Ice/SslException.h>
-#include <Ice/SslConnectionOpenSSLClient.h>
-#include <Ice/SslConnectionOpenSSLServer.h>
-#include <Ice/SslConfig.h>
-
-using namespace std;
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-namespace OpenSSL
-{
-
-//
-// TODO: These Diffie-Hellman params have been blatantly stolen from
-// OpenSSL's demo programs. We SHOULD define our own here, but
-// these will suffice for testing purposes. Please note, these
-// are not keys themselves, simply a DH Group that allows OpenSSL
-// to create Diffie-Hellman keys.
-//
-
-// Instantiation of temporary Diffie-Hellman 512bit key.
-unsigned char System::_tempDiffieHellman512p[] =
-{
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
-};
-
-unsigned char System::_tempDiffieHellman512g[] =
-{
- 0x02,
-};
-
-// TODO: Very possibly a problem later if we have mutliple loggers going on simultaneously.
-// This is a horrible necessity in order to make the trace levels
-// and logger available to the bio_dump_cb() callback function.
-// Otherwise, we would have to jump through hoops, creating a mapping
-// from BIO pointers to the relevent System object. The system object
-// will initialize these. NOTE: If we SHOULD have multiple loggers
-// going on simultaneously, this will definitely cause a problem.
-TraceLevelsPtr System::_globalTraceLevels = 0;
-Ice::LoggerPtr System::_globalLogger = 0;
-
-}
-
-}
-
-}
-
-using IceSecurity::Ssl::OpenSSL::ContextException;
-
-//
-// NOTE: The following (mon, getGeneralizedTime, getUTCTime and getASN1time are routines that
-// have been abducted from the OpenSSL X509 library, and modified to work with the STL
-// basic_string template.
-
-static const char *mon[12]=
-{
- "Jan","Feb","Mar","Apr","May","Jun",
- "Jul","Aug","Sep","Oct","Nov","Dec"
-};
-
-string
-getGeneralizedTime(ASN1_GENERALIZEDTIME *tm)
-{
- char buf[30];
- char *v;
- int gmt=0;
- int i;
- int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
- i = tm->length;
- v = (char *) tm->data;
-
- if (i < 12)
- {
- goto err;
- }
-
- if (v[i-1] == 'Z')
- {
- gmt=1;
- }
-
- for (i=0; i<12; i++)
- {
- if ((v[i] > '9') || (v[i] < '0'))
- {
- goto err;
- }
- }
-
- y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] - '0');
- M = (v[4] - '0') * 10 + (v[5] - '0');
-
- if ((M > 12) || (M < 1))
- {
- goto err;
- }
-
- d = (v[6] - '0') * 10 + (v[7] - '0');
- h = (v[8] - '0') * 10 + (v[9] - '0');
- m = (v[10] - '0') * 10 + (v[11] - '0');
-
- if ((v[12] >= '0') && (v[12] <= '9') &&
- (v[13] >= '0') && (v[13] <= '9'))
- {
- s = (v[12] - '0') * 10 + (v[13] - '0');
- }
-
- sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y, (gmt)?" GMT":"");
- return string(buf);
-
-err:
- return string("Bad time value");
-}
-
-string
-getUTCTime(ASN1_UTCTIME *tm)
-{
- char buf[30];
- char *v;
- int gmt=0;
- int i;
- int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
- i = tm->length;
- v = (char *) tm->data;
-
- if (i < 10)
- {
- goto err;
- }
-
- if (v[i-1] == 'Z')
- {
- gmt=1;
- }
-
- for (i = 0; i < 10; i++)
- {
- if ((v[i] > '9') || (v[i] < '0'))
- {
- goto err;
- }
- }
-
- y = (v[0] - '0') * 10 + (v[1] - '0');
-
- if (y < 50)
- {
- y+=100;
- }
-
- M = (v[2] - '0') * 10 + (v[3] - '0');
-
- if ((M > 12) || (M < 1))
- {
- goto err;
- }
-
- d = (v[4] - '0') * 10 + (v[5] - '0');
- h = (v[6] - '0') * 10 + (v[7] - '0');
- m = (v[8] - '0') * 10 + (v[9] - '0');
-
- if ((v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
- {
- s = (v[10] - '0') * 10 + (v[11] - '0');
- }
-
- sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y+1900, (gmt)?" GMT":"");
- return string(buf);
-
-err:
- return string("Bad time value");
-}
-
-string
-getASN1time(ASN1_TIME *tm)
-{
- string theTime;
-
- switch (tm->type)
- {
- case V_ASN1_UTCTIME :
- {
- theTime = getUTCTime(tm);
- }
-
- case V_ASN1_GENERALIZEDTIME :
- {
- theTime = getGeneralizedTime(tm);
- }
-
- default :
- {
- theTime = "Bad time value";
- }
- }
-
- return theTime;
-}
-
-extern "C"
-{
-
-RSA*
-tmpRSACallback(SSL *s, int isExport, int keyLength)
-{
- IceSecurity::Ssl::System* sslSystem = IceSecurity::Ssl::Factory::getSystemFromHandle(s);
-
- IceSecurity::Ssl::OpenSSL::System* openSslSystem = dynamic_cast<IceSecurity::Ssl::OpenSSL::System*>(sslSystem);
-
- RSA* rsaKey = openSslSystem->getRSAKey(s, isExport, keyLength);
-
- IceSecurity::Ssl::Factory::releaseSystemFromHandle(s, sslSystem);
-
- return rsaKey;
-}
-
-DH*
-tmpDHCallback(SSL *s, int isExport, int keyLength)
-{
- IceSecurity::Ssl::System* sslSystem = IceSecurity::Ssl::Factory::getSystemFromHandle(s);
-
- IceSecurity::Ssl::OpenSSL::System* openSslSystem = dynamic_cast<IceSecurity::Ssl::OpenSSL::System*>(sslSystem);
-
- DH* dh = openSslSystem->getDHParams(s, isExport, keyLength);
-
- IceSecurity::Ssl::Factory::releaseSystemFromHandle(s, sslSystem);
-
- return dh;
-}
-
-// verifyCallback - Certificate Verification callback function.
-int
-verifyCallback(int ok, X509_STORE_CTX *ctx)
-{
- X509* err_cert = X509_STORE_CTX_get_current_cert(ctx);
- int verifyError = X509_STORE_CTX_get_error(ctx);
- int depth = X509_STORE_CTX_get_error_depth(ctx);
-
- // If we have no errors so far, and the certificate chain is too long
- if ((verifyError != X509_V_OK) && (10 < depth))
- {
- verifyError = X509_V_ERR_CERT_CHAIN_TOO_LONG;
- }
-
- if (verifyError != X509_V_OK)
- {
- // If we have ANY errors, we bail out.
- ok = 0;
- }
-
- // Only if PROTOCOL level logging is on do we worry about this.
- if (IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
- {
- char buf[256];
-
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
-
- ostringstream outStringStream;
-
- outStringStream << "depth = " << depth << ":" << buf << endl;
-
- if (!ok)
- {
- outStringStream << "verify error: num = " << verifyError << " : " << X509_verify_cert_error_string(verifyError) << endl;
-
- }
-
- switch (verifyError)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- {
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf));
- outStringStream << "issuer = " << buf << endl;
- break;
- }
-
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- {
- outStringStream << "notBefore =" << getASN1time(X509_get_notBefore(ctx->current_cert)) << endl;
- break;
- }
-
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- {
- outStringStream << "notAfter =" << getASN1time(X509_get_notAfter(ctx->current_cert)) << endl;
- break;
- }
- }
-
- outStringStream << "verify return = " << ok << endl;
-
- IceSecurity::Ssl::OpenSSL::System::_globalLogger->trace(IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->securityCat, outStringStream.str());
- }
-
- return ok;
-}
-
-// This code duplicates functionality that existed in the BIO library of
-// OpenSSL, but outputs to a Logger compatible source (ostringstream).
-void
-dump(ostringstream& outStringStream, const char* s, int len)
-{
- unsigned char ch;
- char hexStr[8];
-
- int trunc = 0;
-
- // Calculate how much white space we're truncating.
- for(; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--)
- {
- trunc++;
- }
-
- int dump_width = 12;
-
- int rows = len / dump_width;
-
- if ((rows * dump_width) < len)
- {
- rows++;
- }
-
- if (rows > 0)
- {
- outStringStream << endl;
- }
-
- for(int i = 0; i < rows; i++)
- {
- // Would like to have not used sprintf(), but
- // I could not find an appropriate STL methodology
- // for preserving the field width.
- sprintf(hexStr,"%04x",(i * dump_width));
- outStringStream << hexStr << " - ";
-
- int j;
-
- // Hex Dump
- for(j = 0; j < dump_width; j++)
- {
- if (((i * dump_width) + j) >= len)
- {
- outStringStream << " ";
- }
- else
- {
- char sep = (j == 7 ? '-' : ' ');
-
- // Get a character from the dump we've been handed.
- ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
-
- // Would like to have not used sprintf(), but
- // I could not find an appropriate STL methodology
- // for preserving the field width.
- sprintf(hexStr,"%02x",ch);
- outStringStream << hexStr << sep;
- }
- }
-
- outStringStream << " ";
-
- // Printable characters dump.
- for(j = 0; j < dump_width; j++)
- {
- if (((i * dump_width) + j) >= len)
- {
- break;
- }
-
- ch = ((unsigned char) * (s + i * dump_width + j)) & 0xff;
-
- // Print printables only.
- ch = ((ch >= ' ') && (ch <= '~')) ? ch : '.';
-
- outStringStream << ch;
- }
-
- outStringStream << endl;
- }
-
- if (trunc > 0)
- {
- outStringStream << hex << (len + trunc) << " - " << "<SPACES/NULS>" << endl;
- }
-}
-
-long
-bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret)
-{
- if (IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->security >= IceSecurity::SECURITY_PROTOCOL)
- {
- ostringstream outStringStream;
-
- if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
- {
- outStringStream << "PTC ";
- outStringStream << "read from " << hex << (void *)bio << " [" << hex << (void *)argp;
- outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x";
- outStringStream << hex << ret << "))";
- dump(outStringStream, argp,(int)ret);
- }
- else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
- {
- outStringStream << "PTC ";
- outStringStream << "write to " << hex << (void *)bio << " [" << hex << (void *)argp;
- outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x";
- outStringStream << hex << ret << "))";
- dump(outStringStream, argp,(int)ret);
- }
-
- if (cmd == (BIO_CB_READ|BIO_CB_RETURN) || cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
- {
- IceSecurity::Ssl::OpenSSL::System::_globalLogger->trace(IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->securityCat, outStringStream.str());
- }
- }
-
- return ret;
-}
-
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::printContextInfo(SSL_CTX* context)
-{
- if (SECURITY_LEVEL_PROTOCOL)
- {
- ostringstream s;
-
- s << endl;
- s << "SSL_CTX Structure" << endl;
- s << "=================" << endl;
- s << "options: 0x" << hex << context->options << endl;
- s << "mode: 0x" << hex << context->mode << endl;
-
- s << "session_cache_size: " << context->session_cache_size << endl;
- s << "session_cache_mode: 0x" << hex << context->session_cache_mode << endl;
- s << "session_timeout: " << Int(context->session_timeout) << endl << endl;
-
- s << "Stats" << endl;
- s << "Connect: " << context->stats.sess_connect << " (New Connect Started)" << endl;
- s << "Renegotiate: " << context->stats.sess_connect_renegotiate << " (Renegotiation Requested)" << endl;
- s << "Connect Good: " << context->stats.sess_connect_good << " (Connect/Renegotiation finished)";
- s << endl << endl;
-
- s << "Accept: " << context->stats.sess_accept << " (New Accept Started)" << endl;
- s << "Renegotiate: " << context->stats.sess_accept_renegotiate << " (Renegotiation Requested)" << endl;
- s << "Accept Good: " << context->stats.sess_accept_good << " (Accept/Renegotiation finished)";
- s << endl << endl;
-
- s << "Miss: " << context->stats.sess_miss << " (Session Lookup Misses)" << endl;
- s << "Timeout: " << context->stats.sess_timeout << " (Reuse attempt on Timeouted Session)" << endl;
- s << "Cache Full: " << context->stats.sess_cache_full << " (Session Removed due to full cache)" << endl;
- s << "Hit: " << context->stats.sess_hit << " (Session Reuse actually done.)" << endl;
- s << "CB Hit: " << context->stats.sess_cb_hit << " (Session ID supplied by Callback)" << endl;
-
- s << "read_ahead: " << context->read_ahead << endl;
- s << "verify_mode: 0x" << hex << context->verify_mode << endl;
- s << "verify_depth: " << Int(context->verify_depth) << endl;
-
- PROTOCOL(s.str());
- }
-}
-
-IceSecurity::Ssl::Connection*
-IceSecurity::Ssl::OpenSSL::System::createServerConnection(int socket)
-{
- METHOD_INV("OpenSSL::System::createServerConnection()");
-
- SSL* sslConnection = createConnection(_sslServerContext, socket);
-
- // Set the Accept Connection state for this connection.
- SSL_set_accept_state(sslConnection);
-
- Connection* connection = new ServerConnection(sslConnection, _systemID);
-
- connection->setTrace(_traceLevels);
- connection->setLogger(_logger);
-
- continueInit:
- try
- {
- while (!connection->init()) { }
- }
- catch (const TimeoutException&)
- {
- // Ignore, this might happen a lot during handshake.
- goto continueInit;
- }
- catch (...)
- {
- if (connection != 0)
- {
- delete connection;
- connection = 0;
- }
-
- throw;
- }
-
- METHOD_RET("OpenSSL::System::createServerConnection()");
-
- return connection;
-}
-
-IceSecurity::Ssl::Connection*
-IceSecurity::Ssl::OpenSSL::System::createClientConnection(int socket)
-{
- METHOD_INV("OpenSSL::System::createClientConnection()");
-
- SSL* sslConnection = createConnection(_sslClientContext, socket);
-
- // Set the Connect Connection state for this connection.
- SSL_set_connect_state(sslConnection);
-
- Connection* connection = new ClientConnection(sslConnection, _systemID);
-
- connection->setTrace(_traceLevels);
- connection->setLogger(_logger);
-
- continueInit:
- try
- {
- while (!connection->init()) { }
- }
- catch (const TimeoutException&)
- {
- // Ignore, this might happen a lot during handshake.
- goto continueInit;
- }
- catch (...)
- {
- if (connection != 0)
- {
- delete connection;
- connection = 0;
- }
-
- throw;
- }
-
- METHOD_RET("OpenSSL::System::createClientConnection()");
-
- return connection;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::shutdown()
-{
- METHOD_INV("OpenSSL::System::shutdown()");
-
- if (_sslServerContext != 0)
- {
- SSL_CTX_free(_sslServerContext);
-
- _sslServerContext = 0;
- }
-
- if (_sslClientContext != 0)
- {
- SSL_CTX_free(_sslClientContext);
-
- _sslClientContext = 0;
- }
-
- // Free our temporary RSA keys.
- RSAMap::iterator iRSA = _tempRSAKeys.begin();
- RSAMap::iterator eRSA = _tempRSAKeys.end();
-
- while (iRSA != eRSA)
- {
- RSA_free((*iRSA).second);
- iRSA++;
- }
-
- // Free our temporary DH params.
- DHMap::iterator iDH = _tempDHKeys.begin();
- DHMap::iterator eDH = _tempDHKeys.end();
-
- while (iDH != eDH)
- {
- DH_free((*iDH).second);
- iDH++;
- }
-
- METHOD_RET("OpenSSL::System::shutdown()");
-}
-
-bool
-IceSecurity::Ssl::OpenSSL::System::isConfigLoaded()
-{
- METHOD_INS("OpenSSL::System::isConfigLoaded()");
-
- return _configLoaded;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::loadConfig()
-{
- METHOD_INV("OpenSSL::System::loadConfig()");
-
- // This step is required in order to supply callback functions
- // with access to the TraceLevels and Logger.
- if (_globalTraceLevels == 0)
- {
- _globalTraceLevels = _traceLevels;
- _globalLogger = _logger;
- }
-
- const string& systemID = getSystemID();
- Parser sslConfig(systemID);
-
- sslConfig.setTrace(_traceLevels);
- sslConfig.setLogger(_logger);
-
- // Actually parse the file now.
- sslConfig.process();
-
- GeneralConfig clientGeneral;
- CertificateAuthority clientCertAuth;
- BaseCertificates clientBaseCerts;
-
- // Walk the parse tree, get the Client configuration.
- if (sslConfig.loadClientConfig(clientGeneral, clientCertAuth, clientBaseCerts))
- {
- if (SECURITY_LEVEL_PROTOCOL)
- {
- ostringstream s;
-
- s << endl;
- s << "General Configuration - Client" << endl;
- s << "------------------------------" << endl;
- s << clientGeneral << endl << endl;
-
- s << "Base Certificates - Client" << endl;
- s << "--------------------------" << endl;
- s << clientBaseCerts << endl;
-
- PROTOCOL(s.str());
- }
-
- initClient(clientGeneral, clientCertAuth, clientBaseCerts);
- }
-
- GeneralConfig serverGeneral;
- CertificateAuthority serverCertAuth;
- BaseCertificates serverBaseCerts;
- TempCertificates serverTempCerts;
-
- // Walk the parse tree, get the Server configuration.
- if (sslConfig.loadServerConfig(serverGeneral, serverCertAuth, serverBaseCerts, serverTempCerts))
- {
- if (SECURITY_LEVEL_PROTOCOL)
- {
- ostringstream s;
-
- s << endl;
- s << "General Configuration - Server" << endl;
- s << "------------------------------" << endl;
- s << serverGeneral << endl << endl;
-
- s << "Base Certificates - Server" << endl;
- s << "--------------------------" << endl;
- s << serverBaseCerts << endl << endl;
-
- s << "Temp Certificates - Server" << endl;
- s << "--------------------------" << endl;
- s << serverTempCerts << endl;
-
- PROTOCOL(s.str());
- }
-
- initServer(serverGeneral, serverCertAuth, serverBaseCerts, serverTempCerts);
- }
-
- METHOD_RET("OpenSSL::System::loadConfig()");
-}
-
-RSA*
-IceSecurity::Ssl::OpenSSL::System::getRSAKey(SSL *s, int isExport, int keyLength)
-{
- METHOD_INV("OpenSSL::System::getRSAKey()");
-
- JTCSyncT<JTCMutex> sync(_tempRSAKeysMutex);
-
- RSA* rsa_tmp = 0;
-
- RSAMap::iterator retVal = _tempRSAKeys.find(keyLength);
-
- // Does the key already exist?
- if (retVal != _tempRSAKeys.end())
- {
- // Yes! Use it.
- rsa_tmp = (*retVal).second;
- }
- else
- {
- const RSACertMap::iterator& it = _tempRSAFileMap.find(keyLength);
-
- if (it != _tempRSAFileMap.end())
- {
- CertificateDesc& rsaKeyCert = (*it).second;
-
- const string& privKeyFile = rsaKeyCert.getPrivate().getFileName();
- const string& pubCertFile = rsaKeyCert.getPublic().getFileName();
-
- RSA* rsaCert = 0;
- RSA* rsaKey = 0;
- BIO* bio = 0;
-
- if ((bio = BIO_new_file(pubCertFile.c_str(), "r")) != 0)
- {
- rsaCert = PEM_read_bio_RSAPublicKey(bio, 0, 0, 0);
-
- BIO_free(bio);
- bio = 0;
- }
-
- if (rsaCert != 0)
- {
- if ((bio = BIO_new_file(privKeyFile.c_str(), "r")) != 0)
- {
- rsaKey = PEM_read_bio_RSAPrivateKey(bio, &rsaCert, 0, 0);
-
- BIO_free(bio);
- bio = 0;
- }
- }
-
- // Now, if all was well, the Certificate and Key should both be loaded into
- // rsaCert. We check to ensure that both are not 0, because if either are,
- // one of the reads failed.
-
- if ((rsaCert != 0) && (rsaKey != 0))
- {
- rsa_tmp = rsaCert;
- }
- else
- {
- RSA_free(rsaCert);
- rsaCert = 0;
- }
- }
-
- // Last ditch effort - generate a key on the fly.
- if (rsa_tmp == 0)
- {
- rsa_tmp = RSA_generate_key(keyLength, RSA_F4, 0, 0);
- }
-
- // Save in our temporary key cache.
- if (rsa_tmp == 0)
- {
- _tempRSAKeys[keyLength] = rsa_tmp;
- }
- }
-
- METHOD_RET("OpenSSL::System::getRSAKey()");
-
- return rsa_tmp;
-}
-
-DH*
-IceSecurity::Ssl::OpenSSL::System::getDHParams(SSL *s, int isExport, int keyLength)
-{
- METHOD_INV("OpenSSL::System::getDHParams()");
-
- JTCSyncT<JTCMutex> sync(_tempDHKeysMutex);
-
- DH *dh_tmp = 0;
-
- const DHMap::iterator& retVal = _tempDHKeys.find(keyLength);
-
- // Does the key already exist?
- if (retVal != _tempDHKeys.end())
- {
- // Yes! Use it.
- dh_tmp = (*retVal).second;
- }
- else
- {
- const DHParamsMap::iterator& it = _tempDHParamsFileMap.find(keyLength);
-
- if (it != _tempDHParamsFileMap.end())
- {
- DiffieHellmanParamsFile& dhParamsFile = (*it).second;
-
- string dhFile = dhParamsFile.getFileName();
-
- dh_tmp = loadDHParam(dhFile.c_str());
-
- if (dh_tmp != 0)
- {
- _tempDHKeys[keyLength] = dh_tmp;
- }
- }
- }
-
- METHOD_RET("OpenSSL::System::getDHParams()");
-
- return dh_tmp;
-}
-
-//
-// Protected
-//
-
-IceSecurity::Ssl::OpenSSL::System::System(string& systemID) :
- IceSecurity::Ssl::System(systemID)
-{
- _configLoaded = false;
-
- _sessionContext = "iceServer";
-
- _sslServerContext = 0;
- _sslClientContext = 0;
-
- SSL_load_error_strings();
-
- OpenSSL_add_ssl_algorithms();
-}
-
-IceSecurity::Ssl::OpenSSL::System::~System()
-{
- METHOD_INV("OpenSSL::~System()");
-
- shutdown();
-
- METHOD_RET("OpenSSL::~System()");
-}
-
-//
-// Private
-//
-
-void
-IceSecurity::Ssl::OpenSSL::System::initClient(GeneralConfig& general,
- CertificateAuthority& certAuth,
- BaseCertificates& baseCerts)
-{
- METHOD_INV("OpenSSL::System::initClient()");
-
- // Init the Random Number System.
- initRandSystem(general.getRandomBytesFiles());
-
- // Create an SSL Context based on the context params.
- _sslClientContext = createContext(general.getProtocol());
-
- // Begin setting up the SSL Context.
- if (_sslClientContext != 0)
- {
- // Get the cipherlist and set it in the context.
- setCipherList(_sslClientContext, general.getCipherList());
-
- // Set the certificate verification mode.
- SSL_CTX_set_verify(_sslClientContext, general.getVerifyMode(), verifyCallback);
-
- // Set the certificate verify depth to 10 deep.
- SSL_CTX_set_verify_depth(_sslClientContext, general.getVerifyDepth());
-
- // Process the RSA Certificate (if present).
- if (baseCerts.getRSACert().getKeySize() != 0)
- {
- processCertificate(_sslClientContext, baseCerts.getRSACert());
- }
-
- // Process the DSA Certificate (if present).
- if (baseCerts.getDSACert().getKeySize() != 0)
- {
- processCertificate(_sslClientContext, baseCerts.getDSACert());
- }
-
- // Set the DH key agreement parameters.
- if (baseCerts.getDHParams().getKeySize() != 0)
- {
- setDHParams(_sslClientContext, baseCerts);
- }
-
- // Load the Certificate Authority files, and check them.
- loadCAFiles(_sslClientContext, certAuth);
- }
-
- METHOD_RET("OpenSSL::System::initClient()");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::initServer(GeneralConfig& general,
- CertificateAuthority& certAuth,
- BaseCertificates& baseCerts,
- TempCertificates& tempCerts)
-{
- METHOD_INV("OpenSSL::System::initServer()");
-
- // Init the Random Number System.
- initRandSystem(general.getRandomBytesFiles());
-
- // Create an SSL Context based on the context params.
- _sslServerContext = createContext(general.getProtocol());
-
- // Begin setting up the SSL Context.
- if (_sslServerContext != 0)
- {
- // On servers, Attempt to use non-export (strong) encryption
- // first. This option does not always work, and in the OpenSSL
- // documentation is declared as 'broken'.
- // SSL_CTX_set_options(_sslServerContext,SSL_OP_NON_EXPORT_FIRST);
-
- // Always use a new DH key when using Diffie-Hellman key agreement.
- SSL_CTX_set_options(_sslServerContext, SSL_OP_SINGLE_DH_USE);
-
- loadTempCerts(tempCerts);
-
- // Load the Certificate Authority files, and check them.
- loadAndCheckCAFiles(_sslServerContext, certAuth);
-
- // Process the RSA Certificate (if present).
- if (baseCerts.getRSACert().getKeySize() != 0)
- {
- processCertificate(_sslServerContext, baseCerts.getRSACert());
- }
-
- // Process the DSA Certificate (if present).
- if (baseCerts.getDSACert().getKeySize() != 0)
- {
- processCertificate(_sslServerContext, baseCerts.getDSACert());
- }
-
- // Set the DH key agreement parameters.
- if (baseCerts.getDHParams().getKeySize() != 0)
- {
- setDHParams(_sslServerContext, baseCerts);
- }
-
- // Set the RSA Callback routine in case we need to build a temporary RSA key.
- SSL_CTX_set_tmp_rsa_callback(_sslServerContext, tmpRSACallback);
-
- // Set the DH Callback routine in case we need a temporary DH key.
- SSL_CTX_set_tmp_dh_callback(_sslServerContext, tmpDHCallback);
-
- // Get the cipherlist and set it in the context.
- setCipherList(_sslServerContext, general.getCipherList());
-
- // Set the certificate verification mode.
- SSL_CTX_set_verify(_sslServerContext, general.getVerifyMode(), verifyCallback);
-
- // Set the certificate verify depth
- SSL_CTX_set_verify_depth(_sslServerContext, general.getVerifyDepth());
-
- // Set the default context for the SSL system (can be overridden if needed) [SERVER ONLY].
- SSL_CTX_set_session_id_context(_sslServerContext,
- reinterpret_cast<const unsigned char *>(_sessionContext.c_str()),
- _sessionContext.size());
- }
-
- printContextInfo(_sslServerContext);
-
- METHOD_RET("OpenSSL::System::initServer()");
-}
-
-SSL_METHOD*
-IceSecurity::Ssl::OpenSSL::System::getSslMethod(SslProtocol sslVersion)
-{
- METHOD_INV("OpenSSL::System::getSslMethod()");
-
- SSL_METHOD* sslMethod = 0;
-
- switch (sslVersion)
- {
- case SSL_V2 :
- {
- sslMethod = SSLv2_method();
- break;
- }
-
- case SSL_V23 :
- {
- sslMethod = SSLv23_method();
- break;
- }
-
- case SSL_V3 :
- {
- sslMethod = SSLv3_method();
- break;
- }
-
- case TLS_V1 :
- {
- sslMethod = TLSv1_method();
- break;
- }
-
- default :
- {
- string errorString;
-
- errorString = "SSL Version ";
- errorString += sslVersion;
- errorString += " not supported.";
-
- EXCEPTION(errorString);
-
- throw ContextException(errorString.c_str(), __FILE__, __LINE__);
- }
- }
-
- METHOD_RET("OpenSSL::System::getSslMethod()");
-
- return sslMethod;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::processCertificate(SSL_CTX* sslContext, const CertificateDesc& certificateDesc)
-{
- METHOD_INV("OpenSSL::System::processCertificate()");
-
- const CertificateFile& publicCert = certificateDesc.getPublic();
- const CertificateFile& privateKey = certificateDesc.getPrivate();
-
- addKeyCert(sslContext, publicCert, privateKey);
-
- METHOD_RET("OpenSSL::System::processCertificate()");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::addKeyCert(SSL_CTX* sslContext,
- const CertificateFile& publicCert,
- const CertificateFile& privateKey)
-{
- METHOD_INV("OpenSSL::System::addKeyCert()");
-
- if (!publicCert.getFileName().empty())
- {
- string publicCertFile = publicCert.getFileName();
- const char* publicFile = publicCertFile.c_str();
- int publicEncoding = publicCert.getEncoding();
-
- string privCertFile = privateKey.getFileName();
- const char* privKeyFile = privCertFile.c_str();
- int privKeyFileType = privateKey.getEncoding();
-
- // Set which Public Key file to use.
- if (SSL_CTX_use_certificate_file(sslContext, publicFile, publicEncoding) <= 0)
- {
- string errorString;
-
- errorString = "Unable to get certificate from '";
- errorString += publicFile;
- errorString += "'\n";
- errorString += sslGetErrors();
-
- EXCEPTION(errorString);
-
- throw ContextException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- if (privateKey.getFileName().empty())
- {
- WARNING("No Private Key specified - using the certificate.");
-
- privKeyFile = publicFile;
- privKeyFileType = publicEncoding;
- }
-
- // Set which Private Key file to use.
- if (SSL_CTX_use_PrivateKey_file(sslContext, privKeyFile, privKeyFileType) <= 0)
- {
- string errorString;
-
- errorString = "unable to get private key from '";
- errorString += privKeyFile;
- errorString += "'\n";
- errorString += sslGetErrors();
-
- EXCEPTION(errorString);
-
- throw ContextException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- // Check to see if the Private and Public keys that have been
- // set against the SSL context match up.
- if (!SSL_CTX_check_private_key(sslContext))
- {
- string errorString = "Private key does not match the certificate public key";
-
- EXCEPTION(errorString);
-
- throw ContextException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- }
-
- METHOD_RET("OpenSSL::System::addKeyCert()");
-}
-
-
-SSL_CTX*
-IceSecurity::Ssl::OpenSSL::System::createContext(SslProtocol sslProtocol)
-{
- METHOD_INV("OpenSSL::System::createContext()");
-
- SSL_CTX* context = SSL_CTX_new(getSslMethod(sslProtocol));
-
- if (context == 0)
- {
- string errorString = "Unable to create SSL Context.";
-
- EXCEPTION(errorString);
-
- throw ContextException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- METHOD_RET("OpenSSL::System::createContext()");
-
- return context;
-}
-
-
-//
-// TODO: Clean this up. This routine is pretty much ripped off from the OpenSSL
-// routine ERR_print_errors_fp(), except we got rid of the file pointer.
-//
-string
-IceSecurity::Ssl::OpenSSL::System::sslGetErrors()
-{
- METHOD_INV("OpenSSL::System::sslGetErrors()");
-
- string errorMessage;
- char buf[200], bigBuffer[1024];
- const char* file;
- const char* data = 0;
- int line, flags;
-
- unsigned long es = CRYPTO_thread_id();
-
- while ((line = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
- {
- // Request an error from the OpenSSL library
- ERR_error_string_n(line, buf, sizeof(buf));
-
- sprintf(bigBuffer,"%lu:%s:%s:%d:%s\n",es,buf,file,line,(flags&ERR_TXT_STRING)?data:"");
-
- errorMessage += bigBuffer;
- }
-
- METHOD_RET("OpenSSL::System::sslGetErrors()");
-
- return errorMessage;
-}
-
-SSL*
-IceSecurity::Ssl::OpenSSL::System::createConnection(SSL_CTX* sslContext, int socket)
-{
- METHOD_INV("OpenSSL::System::createConnection()");
-
- SSL *sslConnection = 0;
-
- sslConnection = SSL_new(sslContext);
-
- SSL_clear(sslConnection);
-
- SSL_set_fd(sslConnection, socket);
-
- if (SECURITY_LEVEL_PROTOCOL_DEBUG)
- {
- sslConnection->debug = 1;
- BIO_set_callback(SSL_get_rbio(sslConnection), bio_dump_cb);
- BIO_set_callback_arg(SSL_get_rbio(sslConnection), 0);
- BIO_set_callback(SSL_get_wbio(sslConnection), bio_dump_cb);
- BIO_set_callback_arg(SSL_get_rbio(sslConnection), 0);
- }
-
- // Map the SSL Connection to this SslSystem
- // This is required for the OpenSSL callbacks
- // to work properly.
- Factory::addSystemHandle(sslConnection, this);
-
- METHOD_RET("OpenSSL::System::createConnection()");
-
- return sslConnection;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::loadCAFiles(SSL_CTX* sslContext, CertificateAuthority& certAuth)
-{
- METHOD_INV("OpenSSL::System::loadCAFiles()");
-
- string caFile = certAuth.getCAFileName();
- string caPath = certAuth.getCAPath();
-
- loadCAFiles(sslContext, caFile.c_str(), caPath.c_str());
-
- METHOD_RET("OpenSSL::System::loadCAFiles()");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::loadCAFiles(SSL_CTX* sslContext, const char* caFile, const char* caPath)
-{
- METHOD_INV("OpenSSL::System::loadCAFiles()");
-
- if (sslContext != 0)
- {
- // The following checks are required to send the expected values to the OpenSSL library.
- // It does not like receiving "", but prefers NULLs.
- if ((caFile != 0) && (strlen(caFile) == 0))
- {
- caFile = 0;
- }
-
- if ((caPath != 0) && (strlen(caPath) == 0))
- {
- caPath = 0;
- }
-
- // Check the Certificate Authority file(s).
- if ((!SSL_CTX_load_verify_locations(sslContext, caFile, caPath)) ||
- (!SSL_CTX_set_default_verify_paths(sslContext)))
- {
- // Non Fatal.
- WARNING("Unable to load/verify Certificate Authorities.");
- }
- }
-
- METHOD_RET("OpenSSL::System::loadCAFiles()");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::loadAndCheckCAFiles(SSL_CTX* sslContext, CertificateAuthority& certAuth)
-{
- METHOD_INV("OpenSSL::System::loadAndCheckCAFiles()");
-
- if (sslContext != 0)
- {
- string caFile = certAuth.getCAFileName();
- string caPath = certAuth.getCAPath();
-
- // Check the Certificate Authority file(s).
- loadCAFiles(sslContext, caFile.c_str(), caPath.c_str());
-
- if (!caPath.empty())
- {
- STACK_OF(X509_NAME)* certNames = SSL_load_client_CA_file(caFile.c_str());
-
- if (certNames != 0)
- {
- SSL_CTX_set_client_CA_list(sslContext, certNames);
- }
- else
- {
- WARNING("Unable to set SSL context Certificate Authorities.");
- }
- }
- }
-
- METHOD_RET("OpenSSL::System::loadAndCheckCAFiles()");
-}
-
-DH*
-IceSecurity::Ssl::OpenSSL::System::loadDHParam(const char* dhfile)
-{
- METHOD_INV(string("OpenSSL::System::loadDHParam(") + dhfile + string(")"));
-
- DH* ret = 0;
- BIO* bio;
-
- if ((bio = BIO_new_file(dhfile,"r")) != 0)
- {
- ret = PEM_read_bio_DHparams(bio, 0, 0, 0);
- }
-
- if (bio != 0)
- {
- BIO_free(bio);
- }
-
- METHOD_RET(string("OpenSSL::System::loadDHParam(") + dhfile + string(")"));
-
- return ret;
-}
-
-DH*
-IceSecurity::Ssl::OpenSSL::System::getTempDH(unsigned char* p, int plen, unsigned char* g, int glen)
-{
- METHOD_INV("OpenSSL::System::getTempDH()");
-
- DH* dh = 0;
-
- if ((dh = DH_new()) != 0)
- {
- dh->p = BN_bin2bn(p, plen, 0);
-
- dh->g = BN_bin2bn(g, glen, 0);
-
- if ((dh->p == 0) || (dh->g == 0))
- {
- DH_free(dh);
- dh = 0;
- }
- }
-
- METHOD_RET("OpenSSL::System::getTempDH()");
-
- return dh;
-}
-
-DH*
-IceSecurity::Ssl::OpenSSL::System::getTempDH512()
-{
- METHOD_INV("OpenSSL::System::getTempDH512()");
-
- DH* dh = getTempDH(_tempDiffieHellman512p, sizeof(_tempDiffieHellman512p),
- _tempDiffieHellman512g, sizeof(_tempDiffieHellman512g));
-
- METHOD_RET("OpenSSL::System::getTempDH512()");
-
- return dh;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::setDHParams(SSL_CTX* sslContext, BaseCertificates& baseCerts)
-{
- METHOD_INV("OpenSSL::System::setDHParams()");
-
- string dhFile;
- int encoding = 0;
-
- if (baseCerts.getDHParams().getKeySize() != 0)
- {
- dhFile = baseCerts.getDHParams().getFileName();
- encoding = baseCerts.getDHParams().getEncoding();
- }
- else if (baseCerts.getRSACert().getKeySize() != 0)
- {
- dhFile = baseCerts.getRSACert().getPublic().getFileName();
- encoding = baseCerts.getRSACert().getPublic().getEncoding();
- }
-
- DH* dh = 0;
-
- // File type must be PEM - that's the only way we can load
- // DH Params, apparently.
- if ((!dhFile.empty()) && (encoding == SSL_FILETYPE_PEM))
- {
- dh = loadDHParam(dhFile.c_str());
- }
-
- if (dh == 0)
- {
- WARNING("Could not load Diffie-Hellman params, generating a temporary 512bit key.");
-
- dh = getTempDH512();
- }
-
- if (dh != 0)
- {
- SSL_CTX_set_tmp_dh(sslContext, dh);
-
- DH_free(dh);
- }
-
- METHOD_RET("OpenSSL::System::setDHParams()");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::setCipherList(SSL_CTX* sslContext, const string& cipherList)
-{
- METHOD_INV("OpenSSL::System::setCipherList()");
-
- if (!cipherList.empty() && (!SSL_CTX_set_cipher_list(sslContext, cipherList.c_str())))
- {
- string errorString = "Error setting cipher list.";
-
- EXCEPTION(errorString);
-
- throw ContextException(errorString.c_str(), __FILE__, __LINE__);
- }
-
- METHOD_RET("OpenSSL::System::setCipherList()");
-}
-
-int
-IceSecurity::Ssl::OpenSSL::System::seedRand()
-{
- METHOD_INV("OpenSSL::System::seedRand()");
-
- int retCode = 1;
- char buffer[1024];
-
-#ifdef WINDOWS
- RAND_screen();
-#endif
-
- const char* file = RAND_file_name(buffer, sizeof(buffer));
-
- if (file == 0 || !RAND_load_file(file, -1))
- {
- retCode = 0;
- }
- else
- {
- _randSeeded = 1;
- }
-
- METHOD_RET("OpenSSL::System::seedRand()");
-
- return retCode;
-}
-
-long
-IceSecurity::Ssl::OpenSSL::System::loadRandFiles(const string& names)
-{
- METHOD_INV("OpenSSL::System::loadRandFiles(" + names + ")");
-
- long tot = 0;
-
- if (!names.empty())
- {
- int egd;
-
- // Make a modifiable copy of the string.
- char* namesString = new char[names.length() + 1];
- strcpy(namesString, names.c_str());
-
- char seps[5];
-
- sprintf(seps, "%c", LIST_SEPARATOR_CHAR);
-
- char* token = strtok(namesString, seps);
-
- while (token != 0)
- {
- egd = RAND_egd(token);
-
- if (egd > 0)
- {
- tot += egd;
- }
- else
- {
- tot += RAND_load_file(token, -1);
- }
-
- token = strtok(0, seps);
- }
-
- if (tot > 512)
- {
- _randSeeded = 1;
- }
-
- delete []namesString;
- }
-
- METHOD_RET("OpenSSL::System::loadRandFiles(" + names + ")");
-
- return tot;
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::initRandSystem(const string& randBytesFiles)
-{
- METHOD_INV("OpenSSL::System::initRandSystem(" + randBytesFiles + ")");
-
- if (!_randSeeded)
- {
- long randBytesLoaded = 0;
-
- if (!seedRand() && randBytesFiles.empty() && !RAND_status())
- {
- WARNING("There is a lack of random data, consider specifying a random data file.");
- }
-
- if (!randBytesFiles.empty())
- {
- randBytesLoaded = loadRandFiles(randBytesFiles);
- }
- }
-
- METHOD_RET("OpenSSL::System::initRandSystem(" + randBytesFiles + ")");
-}
-
-void
-IceSecurity::Ssl::OpenSSL::System::loadTempCerts(TempCertificates& tempCerts)
-{
- METHOD_INV("OpenSSL::System::loadTempCerts()");
-
- RSAVector::iterator iRSA = tempCerts.getRSACerts().begin();
- RSAVector::iterator eRSA = tempCerts.getRSACerts().end();
-
- while (iRSA != eRSA)
- {
- _tempRSAFileMap[(*iRSA).getKeySize()] = *iRSA;
- iRSA++;
- }
-
- DSAVector::iterator iDSA = tempCerts.getDSACerts().begin();
- DSAVector::iterator eDSA = tempCerts.getDSACerts().end();
-
- while (iDSA != eDSA)
- {
- _tempDSAFileMap[(*iDSA).getKeySize()] = *iDSA;
- iDSA++;
- }
-
- DHVector::iterator iDHP = tempCerts.getDHParams().begin();
- DHVector::iterator eDHP = tempCerts.getDHParams().end();
-
- while (iDHP != eDHP)
- {
- _tempDHParamsFileMap[(*iDHP).getKeySize()] = *iDHP;
- iDHP++;
- }
-
- METHOD_RET("OpenSSL::System::loadTempCerts()");
-}
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifdef WIN32 +#pragma warning(disable:4786) +#endif + +#include <sstream> +#include <openssl/err.h> +#include <openssl/e_os.h> +#include <openssl/rand.h> +#include <Ice/Security.h> +#include <Ice/SslSystem.h> +#include <Ice/SslException.h> +#include <Ice/SslConnectionOpenSSLClient.h> +#include <Ice/SslConnectionOpenSSLServer.h> +#include <Ice/SslConfig.h> + +using namespace std; + +namespace IceSecurity +{ + +namespace Ssl +{ + +namespace OpenSSL +{ + +// +// TODO: These Diffie-Hellman params have been blatantly stolen from +// OpenSSL's demo programs. We SHOULD define our own here, but +// these will suffice for testing purposes. Please note, these +// are not keys themselves, simply a DH Group that allows OpenSSL +// to create Diffie-Hellman keys. +// + +// Instantiation of temporary Diffie-Hellman 512bit key. +unsigned char System::_tempDiffieHellman512p[] = +{ + 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, + 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, + 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, + 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, + 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, + 0x47,0x74,0xE8,0x33, +}; + +unsigned char System::_tempDiffieHellman512g[] = +{ + 0x02, +}; + +// TODO: Very possibly a problem later if we have mutliple loggers going on simultaneously. +// This is a horrible necessity in order to make the trace levels +// and logger available to the bio_dump_cb() callback function. +// Otherwise, we would have to jump through hoops, creating a mapping +// from BIO pointers to the relevent System object. The system object +// will initialize these. NOTE: If we SHOULD have multiple loggers +// going on simultaneously, this will definitely cause a problem. +TraceLevelsPtr System::_globalTraceLevels = 0; +Ice::LoggerPtr System::_globalLogger = 0; + +} + +} + +} + +using IceSecurity::Ssl::OpenSSL::ContextException; + +// +// NOTE: The following (mon, getGeneralizedTime, getUTCTime and getASN1time are routines that +// have been abducted from the OpenSSL X509 library, and modified to work with the STL +// basic_string template. + +static const char *mon[12]= +{ + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" +}; + +string +getGeneralizedTime(ASN1_GENERALIZEDTIME *tm) +{ + char buf[30]; + char *v; + int gmt=0; + int i; + int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; + + i = tm->length; + v = (char *) tm->data; + + if (i < 12) + { + goto err; + } + + if (v[i-1] == 'Z') + { + gmt=1; + } + + for (i=0; i<12; i++) + { + if ((v[i] > '9') || (v[i] < '0')) + { + goto err; + } + } + + y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] - '0'); + M = (v[4] - '0') * 10 + (v[5] - '0'); + + if ((M > 12) || (M < 1)) + { + goto err; + } + + d = (v[6] - '0') * 10 + (v[7] - '0'); + h = (v[8] - '0') * 10 + (v[9] - '0'); + m = (v[10] - '0') * 10 + (v[11] - '0'); + + if ((v[12] >= '0') && (v[12] <= '9') && + (v[13] >= '0') && (v[13] <= '9')) + { + s = (v[12] - '0') * 10 + (v[13] - '0'); + } + + sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y, (gmt)?" GMT":""); + return string(buf); + +err: + return string("Bad time value"); +} + +string +getUTCTime(ASN1_UTCTIME *tm) +{ + char buf[30]; + char *v; + int gmt=0; + int i; + int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; + + i = tm->length; + v = (char *) tm->data; + + if (i < 10) + { + goto err; + } + + if (v[i-1] == 'Z') + { + gmt=1; + } + + for (i = 0; i < 10; i++) + { + if ((v[i] > '9') || (v[i] < '0')) + { + goto err; + } + } + + y = (v[0] - '0') * 10 + (v[1] - '0'); + + if (y < 50) + { + y+=100; + } + + M = (v[2] - '0') * 10 + (v[3] - '0'); + + if ((M > 12) || (M < 1)) + { + goto err; + } + + d = (v[4] - '0') * 10 + (v[5] - '0'); + h = (v[6] - '0') * 10 + (v[7] - '0'); + m = (v[8] - '0') * 10 + (v[9] - '0'); + + if ((v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) + { + s = (v[10] - '0') * 10 + (v[11] - '0'); + } + + sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y+1900, (gmt)?" GMT":""); + return string(buf); + +err: + return string("Bad time value"); +} + +string +getASN1time(ASN1_TIME *tm) +{ + string theTime; + + switch (tm->type) + { + case V_ASN1_UTCTIME : + { + theTime = getUTCTime(tm); + } + + case V_ASN1_GENERALIZEDTIME : + { + theTime = getGeneralizedTime(tm); + } + + default : + { + theTime = "Bad time value"; + } + } + + return theTime; +} + +extern "C" +{ + +RSA* +tmpRSACallback(SSL *s, int isExport, int keyLength) +{ + IceSecurity::Ssl::System* sslSystem = IceSecurity::Ssl::Factory::getSystemFromHandle(s); + + IceSecurity::Ssl::OpenSSL::System* openSslSystem = dynamic_cast<IceSecurity::Ssl::OpenSSL::System*>(sslSystem); + + RSA* rsaKey = openSslSystem->getRSAKey(s, isExport, keyLength); + + IceSecurity::Ssl::Factory::releaseSystemFromHandle(s, sslSystem); + + return rsaKey; +} + +DH* +tmpDHCallback(SSL *s, int isExport, int keyLength) +{ + IceSecurity::Ssl::System* sslSystem = IceSecurity::Ssl::Factory::getSystemFromHandle(s); + + IceSecurity::Ssl::OpenSSL::System* openSslSystem = dynamic_cast<IceSecurity::Ssl::OpenSSL::System*>(sslSystem); + + DH* dh = openSslSystem->getDHParams(s, isExport, keyLength); + + IceSecurity::Ssl::Factory::releaseSystemFromHandle(s, sslSystem); + + return dh; +} + +// verifyCallback - Certificate Verification callback function. +int +verifyCallback(int ok, X509_STORE_CTX *ctx) +{ + X509* err_cert = X509_STORE_CTX_get_current_cert(ctx); + int verifyError = X509_STORE_CTX_get_error(ctx); + int depth = X509_STORE_CTX_get_error_depth(ctx); + + // If we have no errors so far, and the certificate chain is too long + if ((verifyError != X509_V_OK) && (10 < depth)) + { + verifyError = X509_V_ERR_CERT_CHAIN_TOO_LONG; + } + + if (verifyError != X509_V_OK) + { + // If we have ANY errors, we bail out. + ok = 0; + } + + // Only if PROTOCOL level logging is on do we worry about this. + if (IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->security >= IceSecurity::SECURITY_PROTOCOL) + { + char buf[256]; + + X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); + + ostringstream outStringStream; + + outStringStream << "depth = " << depth << ":" << buf << endl; + + if (!ok) + { + outStringStream << "verify error: num = " << verifyError << " : " << X509_verify_cert_error_string(verifyError) << endl; + + } + + switch (verifyError) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + { + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf)); + outStringStream << "issuer = " << buf << endl; + break; + } + + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + { + outStringStream << "notBefore =" << getASN1time(X509_get_notBefore(ctx->current_cert)) << endl; + break; + } + + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + { + outStringStream << "notAfter =" << getASN1time(X509_get_notAfter(ctx->current_cert)) << endl; + break; + } + } + + outStringStream << "verify return = " << ok << endl; + + IceSecurity::Ssl::OpenSSL::System::_globalLogger->trace(IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->securityCat, outStringStream.str()); + } + + return ok; +} + +// This code duplicates functionality that existed in the BIO library of +// OpenSSL, but outputs to a Logger compatible source (ostringstream). +void +dump(ostringstream& outStringStream, const char* s, int len) +{ + unsigned char ch; + char hexStr[8]; + + int trunc = 0; + + // Calculate how much white space we're truncating. + for(; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) + { + trunc++; + } + + int dump_width = 12; + + int rows = len / dump_width; + + if ((rows * dump_width) < len) + { + rows++; + } + + if (rows > 0) + { + outStringStream << endl; + } + + for(int i = 0; i < rows; i++) + { + // Would like to have not used sprintf(), but + // I could not find an appropriate STL methodology + // for preserving the field width. + sprintf(hexStr,"%04x",(i * dump_width)); + outStringStream << hexStr << " - "; + + int j; + + // Hex Dump + for(j = 0; j < dump_width; j++) + { + if (((i * dump_width) + j) >= len) + { + outStringStream << " "; + } + else + { + char sep = (j == 7 ? '-' : ' '); + + // Get a character from the dump we've been handed. + ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; + + // Would like to have not used sprintf(), but + // I could not find an appropriate STL methodology + // for preserving the field width. + sprintf(hexStr,"%02x",ch); + outStringStream << hexStr << sep; + } + } + + outStringStream << " "; + + // Printable characters dump. + for(j = 0; j < dump_width; j++) + { + if (((i * dump_width) + j) >= len) + { + break; + } + + ch = ((unsigned char) * (s + i * dump_width + j)) & 0xff; + + // Print printables only. + ch = ((ch >= ' ') && (ch <= '~')) ? ch : '.'; + + outStringStream << ch; + } + + outStringStream << endl; + } + + if (trunc > 0) + { + outStringStream << hex << (len + trunc) << " - " << "<SPACES/NULS>" << endl; + } +} + +long +bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) +{ + if (IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->security >= IceSecurity::SECURITY_PROTOCOL) + { + ostringstream outStringStream; + + if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) + { + outStringStream << "PTC "; + outStringStream << "read from " << hex << (void *)bio << " [" << hex << (void *)argp; + outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x"; + outStringStream << hex << ret << "))"; + dump(outStringStream, argp,(int)ret); + } + else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) + { + outStringStream << "PTC "; + outStringStream << "write to " << hex << (void *)bio << " [" << hex << (void *)argp; + outStringStream << "] (" << dec << argi << " bytes => " << ret << " (0x"; + outStringStream << hex << ret << "))"; + dump(outStringStream, argp,(int)ret); + } + + if (cmd == (BIO_CB_READ|BIO_CB_RETURN) || cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) + { + IceSecurity::Ssl::OpenSSL::System::_globalLogger->trace(IceSecurity::Ssl::OpenSSL::System::_globalTraceLevels->securityCat, outStringStream.str()); + } + } + + return ret; +} + +} + +void +IceSecurity::Ssl::OpenSSL::System::printContextInfo(SSL_CTX* context) +{ + if (SECURITY_LEVEL_PROTOCOL) + { + ostringstream s; + + s << endl; + s << "SSL_CTX Structure" << endl; + s << "=================" << endl; + s << "options: 0x" << hex << context->options << endl; + s << "mode: 0x" << hex << context->mode << endl; + + s << "session_cache_size: " << context->session_cache_size << endl; + s << "session_cache_mode: 0x" << hex << context->session_cache_mode << endl; + s << "session_timeout: " << Int(context->session_timeout) << endl << endl; + + s << "Stats" << endl; + s << "Connect: " << context->stats.sess_connect << " (New Connect Started)" << endl; + s << "Renegotiate: " << context->stats.sess_connect_renegotiate << " (Renegotiation Requested)" << endl; + s << "Connect Good: " << context->stats.sess_connect_good << " (Connect/Renegotiation finished)"; + s << endl << endl; + + s << "Accept: " << context->stats.sess_accept << " (New Accept Started)" << endl; + s << "Renegotiate: " << context->stats.sess_accept_renegotiate << " (Renegotiation Requested)" << endl; + s << "Accept Good: " << context->stats.sess_accept_good << " (Accept/Renegotiation finished)"; + s << endl << endl; + + s << "Miss: " << context->stats.sess_miss << " (Session Lookup Misses)" << endl; + s << "Timeout: " << context->stats.sess_timeout << " (Reuse attempt on Timeouted Session)" << endl; + s << "Cache Full: " << context->stats.sess_cache_full << " (Session Removed due to full cache)" << endl; + s << "Hit: " << context->stats.sess_hit << " (Session Reuse actually done.)" << endl; + s << "CB Hit: " << context->stats.sess_cb_hit << " (Session ID supplied by Callback)" << endl; + + s << "read_ahead: " << context->read_ahead << endl; + s << "verify_mode: 0x" << hex << context->verify_mode << endl; + s << "verify_depth: " << Int(context->verify_depth) << endl; + + PROTOCOL(s.str()); + } +} + +IceSecurity::Ssl::Connection* +IceSecurity::Ssl::OpenSSL::System::createServerConnection(int socket) +{ + METHOD_INV("OpenSSL::System::createServerConnection()"); + + SSL* sslConnection = createConnection(_sslServerContext, socket); + + // Set the Accept Connection state for this connection. + SSL_set_accept_state(sslConnection); + + Connection* connection = new ServerConnection(sslConnection, _systemID); + + connection->setTrace(_traceLevels); + connection->setLogger(_logger); + + continueInit: + try + { + while (!connection->init()) { } + } + catch (const TimeoutException&) + { + // Ignore, this might happen a lot during handshake. + goto continueInit; + } + catch (...) + { + if (connection != 0) + { + delete connection; + connection = 0; + } + + throw; + } + + METHOD_RET("OpenSSL::System::createServerConnection()"); + + return connection; +} + +IceSecurity::Ssl::Connection* +IceSecurity::Ssl::OpenSSL::System::createClientConnection(int socket) +{ + METHOD_INV("OpenSSL::System::createClientConnection()"); + + SSL* sslConnection = createConnection(_sslClientContext, socket); + + // Set the Connect Connection state for this connection. + SSL_set_connect_state(sslConnection); + + Connection* connection = new ClientConnection(sslConnection, _systemID); + + connection->setTrace(_traceLevels); + connection->setLogger(_logger); + + continueInit: + try + { + while (!connection->init()) { } + } + catch (const TimeoutException&) + { + // Ignore, this might happen a lot during handshake. + goto continueInit; + } + catch (...) + { + if (connection != 0) + { + delete connection; + connection = 0; + } + + throw; + } + + METHOD_RET("OpenSSL::System::createClientConnection()"); + + return connection; +} + +void +IceSecurity::Ssl::OpenSSL::System::shutdown() +{ + METHOD_INV("OpenSSL::System::shutdown()"); + + if (_sslServerContext != 0) + { + SSL_CTX_free(_sslServerContext); + + _sslServerContext = 0; + } + + if (_sslClientContext != 0) + { + SSL_CTX_free(_sslClientContext); + + _sslClientContext = 0; + } + + // Free our temporary RSA keys. + RSAMap::iterator iRSA = _tempRSAKeys.begin(); + RSAMap::iterator eRSA = _tempRSAKeys.end(); + + while (iRSA != eRSA) + { + RSA_free((*iRSA).second); + iRSA++; + } + + // Free our temporary DH params. + DHMap::iterator iDH = _tempDHKeys.begin(); + DHMap::iterator eDH = _tempDHKeys.end(); + + while (iDH != eDH) + { + DH_free((*iDH).second); + iDH++; + } + + METHOD_RET("OpenSSL::System::shutdown()"); +} + +bool +IceSecurity::Ssl::OpenSSL::System::isConfigLoaded() +{ + METHOD_INS("OpenSSL::System::isConfigLoaded()"); + + return _configLoaded; +} + +void +IceSecurity::Ssl::OpenSSL::System::loadConfig() +{ + METHOD_INV("OpenSSL::System::loadConfig()"); + + // This step is required in order to supply callback functions + // with access to the TraceLevels and Logger. + if (_globalTraceLevels == 0) + { + _globalTraceLevels = _traceLevels; + _globalLogger = _logger; + } + + const string& systemID = getSystemID(); + Parser sslConfig(systemID); + + sslConfig.setTrace(_traceLevels); + sslConfig.setLogger(_logger); + + // Actually parse the file now. + sslConfig.process(); + + GeneralConfig clientGeneral; + CertificateAuthority clientCertAuth; + BaseCertificates clientBaseCerts; + + // Walk the parse tree, get the Client configuration. + if (sslConfig.loadClientConfig(clientGeneral, clientCertAuth, clientBaseCerts)) + { + if (SECURITY_LEVEL_PROTOCOL) + { + ostringstream s; + + s << endl; + s << "General Configuration - Client" << endl; + s << "------------------------------" << endl; + s << clientGeneral << endl << endl; + + s << "Base Certificates - Client" << endl; + s << "--------------------------" << endl; + s << clientBaseCerts << endl; + + PROTOCOL(s.str()); + } + + initClient(clientGeneral, clientCertAuth, clientBaseCerts); + } + + GeneralConfig serverGeneral; + CertificateAuthority serverCertAuth; + BaseCertificates serverBaseCerts; + TempCertificates serverTempCerts; + + // Walk the parse tree, get the Server configuration. + if (sslConfig.loadServerConfig(serverGeneral, serverCertAuth, serverBaseCerts, serverTempCerts)) + { + if (SECURITY_LEVEL_PROTOCOL) + { + ostringstream s; + + s << endl; + s << "General Configuration - Server" << endl; + s << "------------------------------" << endl; + s << serverGeneral << endl << endl; + + s << "Base Certificates - Server" << endl; + s << "--------------------------" << endl; + s << serverBaseCerts << endl << endl; + + s << "Temp Certificates - Server" << endl; + s << "--------------------------" << endl; + s << serverTempCerts << endl; + + PROTOCOL(s.str()); + } + + initServer(serverGeneral, serverCertAuth, serverBaseCerts, serverTempCerts); + } + + METHOD_RET("OpenSSL::System::loadConfig()"); +} + +RSA* +IceSecurity::Ssl::OpenSSL::System::getRSAKey(SSL *s, int isExport, int keyLength) +{ + METHOD_INV("OpenSSL::System::getRSAKey()"); + + JTCSyncT<JTCMutex> sync(_tempRSAKeysMutex); + + RSA* rsa_tmp = 0; + + RSAMap::iterator retVal = _tempRSAKeys.find(keyLength); + + // Does the key already exist? + if (retVal != _tempRSAKeys.end()) + { + // Yes! Use it. + rsa_tmp = (*retVal).second; + } + else + { + const RSACertMap::iterator& it = _tempRSAFileMap.find(keyLength); + + if (it != _tempRSAFileMap.end()) + { + CertificateDesc& rsaKeyCert = (*it).second; + + const string& privKeyFile = rsaKeyCert.getPrivate().getFileName(); + const string& pubCertFile = rsaKeyCert.getPublic().getFileName(); + + RSA* rsaCert = 0; + RSA* rsaKey = 0; + BIO* bio = 0; + + if ((bio = BIO_new_file(pubCertFile.c_str(), "r")) != 0) + { + rsaCert = PEM_read_bio_RSAPublicKey(bio, 0, 0, 0); + + BIO_free(bio); + bio = 0; + } + + if (rsaCert != 0) + { + if ((bio = BIO_new_file(privKeyFile.c_str(), "r")) != 0) + { + rsaKey = PEM_read_bio_RSAPrivateKey(bio, &rsaCert, 0, 0); + + BIO_free(bio); + bio = 0; + } + } + + // Now, if all was well, the Certificate and Key should both be loaded into + // rsaCert. We check to ensure that both are not 0, because if either are, + // one of the reads failed. + + if ((rsaCert != 0) && (rsaKey != 0)) + { + rsa_tmp = rsaCert; + } + else + { + RSA_free(rsaCert); + rsaCert = 0; + } + } + + // Last ditch effort - generate a key on the fly. + if (rsa_tmp == 0) + { + rsa_tmp = RSA_generate_key(keyLength, RSA_F4, 0, 0); + } + + // Save in our temporary key cache. + if (rsa_tmp == 0) + { + _tempRSAKeys[keyLength] = rsa_tmp; + } + } + + METHOD_RET("OpenSSL::System::getRSAKey()"); + + return rsa_tmp; +} + +DH* +IceSecurity::Ssl::OpenSSL::System::getDHParams(SSL *s, int isExport, int keyLength) +{ + METHOD_INV("OpenSSL::System::getDHParams()"); + + JTCSyncT<JTCMutex> sync(_tempDHKeysMutex); + + DH *dh_tmp = 0; + + const DHMap::iterator& retVal = _tempDHKeys.find(keyLength); + + // Does the key already exist? + if (retVal != _tempDHKeys.end()) + { + // Yes! Use it. + dh_tmp = (*retVal).second; + } + else + { + const DHParamsMap::iterator& it = _tempDHParamsFileMap.find(keyLength); + + if (it != _tempDHParamsFileMap.end()) + { + DiffieHellmanParamsFile& dhParamsFile = (*it).second; + + string dhFile = dhParamsFile.getFileName(); + + dh_tmp = loadDHParam(dhFile.c_str()); + + if (dh_tmp != 0) + { + _tempDHKeys[keyLength] = dh_tmp; + } + } + } + + METHOD_RET("OpenSSL::System::getDHParams()"); + + return dh_tmp; +} + +// +// Protected +// + +IceSecurity::Ssl::OpenSSL::System::System(string& systemID) : + IceSecurity::Ssl::System(systemID) +{ + _configLoaded = false; + + _sessionContext = "iceServer"; + + _sslServerContext = 0; + _sslClientContext = 0; + + SSL_load_error_strings(); + + OpenSSL_add_ssl_algorithms(); +} + +IceSecurity::Ssl::OpenSSL::System::~System() +{ + METHOD_INV("OpenSSL::~System()"); + + shutdown(); + + METHOD_RET("OpenSSL::~System()"); +} + +// +// Private +// + +void +IceSecurity::Ssl::OpenSSL::System::initClient(GeneralConfig& general, + CertificateAuthority& certAuth, + BaseCertificates& baseCerts) +{ + METHOD_INV("OpenSSL::System::initClient()"); + + // Init the Random Number System. + initRandSystem(general.getRandomBytesFiles()); + + // Create an SSL Context based on the context params. + _sslClientContext = createContext(general.getProtocol()); + + // Begin setting up the SSL Context. + if (_sslClientContext != 0) + { + // Get the cipherlist and set it in the context. + setCipherList(_sslClientContext, general.getCipherList()); + + // Set the certificate verification mode. + SSL_CTX_set_verify(_sslClientContext, general.getVerifyMode(), verifyCallback); + + // Set the certificate verify depth to 10 deep. + SSL_CTX_set_verify_depth(_sslClientContext, general.getVerifyDepth()); + + // Process the RSA Certificate (if present). + if (baseCerts.getRSACert().getKeySize() != 0) + { + processCertificate(_sslClientContext, baseCerts.getRSACert()); + } + + // Process the DSA Certificate (if present). + if (baseCerts.getDSACert().getKeySize() != 0) + { + processCertificate(_sslClientContext, baseCerts.getDSACert()); + } + + // Set the DH key agreement parameters. + if (baseCerts.getDHParams().getKeySize() != 0) + { + setDHParams(_sslClientContext, baseCerts); + } + + // Load the Certificate Authority files, and check them. + loadCAFiles(_sslClientContext, certAuth); + } + + METHOD_RET("OpenSSL::System::initClient()"); +} + +void +IceSecurity::Ssl::OpenSSL::System::initServer(GeneralConfig& general, + CertificateAuthority& certAuth, + BaseCertificates& baseCerts, + TempCertificates& tempCerts) +{ + METHOD_INV("OpenSSL::System::initServer()"); + + // Init the Random Number System. + initRandSystem(general.getRandomBytesFiles()); + + // Create an SSL Context based on the context params. + _sslServerContext = createContext(general.getProtocol()); + + // Begin setting up the SSL Context. + if (_sslServerContext != 0) + { + // On servers, Attempt to use non-export (strong) encryption + // first. This option does not always work, and in the OpenSSL + // documentation is declared as 'broken'. + // SSL_CTX_set_options(_sslServerContext,SSL_OP_NON_EXPORT_FIRST); + + // Always use a new DH key when using Diffie-Hellman key agreement. + SSL_CTX_set_options(_sslServerContext, SSL_OP_SINGLE_DH_USE); + + loadTempCerts(tempCerts); + + // Load the Certificate Authority files, and check them. + loadAndCheckCAFiles(_sslServerContext, certAuth); + + // Process the RSA Certificate (if present). + if (baseCerts.getRSACert().getKeySize() != 0) + { + processCertificate(_sslServerContext, baseCerts.getRSACert()); + } + + // Process the DSA Certificate (if present). + if (baseCerts.getDSACert().getKeySize() != 0) + { + processCertificate(_sslServerContext, baseCerts.getDSACert()); + } + + // Set the DH key agreement parameters. + if (baseCerts.getDHParams().getKeySize() != 0) + { + setDHParams(_sslServerContext, baseCerts); + } + + // Set the RSA Callback routine in case we need to build a temporary RSA key. + SSL_CTX_set_tmp_rsa_callback(_sslServerContext, tmpRSACallback); + + // Set the DH Callback routine in case we need a temporary DH key. + SSL_CTX_set_tmp_dh_callback(_sslServerContext, tmpDHCallback); + + // Get the cipherlist and set it in the context. + setCipherList(_sslServerContext, general.getCipherList()); + + // Set the certificate verification mode. + SSL_CTX_set_verify(_sslServerContext, general.getVerifyMode(), verifyCallback); + + // Set the certificate verify depth + SSL_CTX_set_verify_depth(_sslServerContext, general.getVerifyDepth()); + + // Set the default context for the SSL system (can be overridden if needed) [SERVER ONLY]. + SSL_CTX_set_session_id_context(_sslServerContext, + reinterpret_cast<const unsigned char *>(_sessionContext.c_str()), + _sessionContext.size()); + } + + printContextInfo(_sslServerContext); + + METHOD_RET("OpenSSL::System::initServer()"); +} + +SSL_METHOD* +IceSecurity::Ssl::OpenSSL::System::getSslMethod(SslProtocol sslVersion) +{ + METHOD_INV("OpenSSL::System::getSslMethod()"); + + SSL_METHOD* sslMethod = 0; + + switch (sslVersion) + { + case SSL_V2 : + { + sslMethod = SSLv2_method(); + break; + } + + case SSL_V23 : + { + sslMethod = SSLv23_method(); + break; + } + + case SSL_V3 : + { + sslMethod = SSLv3_method(); + break; + } + + case TLS_V1 : + { + sslMethod = TLSv1_method(); + break; + } + + default : + { + string errorString; + + errorString = "SSL Version "; + errorString += sslVersion; + errorString += " not supported."; + + EXCEPTION(errorString); + + throw ContextException(errorString.c_str(), __FILE__, __LINE__); + } + } + + METHOD_RET("OpenSSL::System::getSslMethod()"); + + return sslMethod; +} + +void +IceSecurity::Ssl::OpenSSL::System::processCertificate(SSL_CTX* sslContext, const CertificateDesc& certificateDesc) +{ + METHOD_INV("OpenSSL::System::processCertificate()"); + + const CertificateFile& publicCert = certificateDesc.getPublic(); + const CertificateFile& privateKey = certificateDesc.getPrivate(); + + addKeyCert(sslContext, publicCert, privateKey); + + METHOD_RET("OpenSSL::System::processCertificate()"); +} + +void +IceSecurity::Ssl::OpenSSL::System::addKeyCert(SSL_CTX* sslContext, + const CertificateFile& publicCert, + const CertificateFile& privateKey) +{ + METHOD_INV("OpenSSL::System::addKeyCert()"); + + if (!publicCert.getFileName().empty()) + { + string publicCertFile = publicCert.getFileName(); + const char* publicFile = publicCertFile.c_str(); + int publicEncoding = publicCert.getEncoding(); + + string privCertFile = privateKey.getFileName(); + const char* privKeyFile = privCertFile.c_str(); + int privKeyFileType = privateKey.getEncoding(); + + // Set which Public Key file to use. + if (SSL_CTX_use_certificate_file(sslContext, publicFile, publicEncoding) <= 0) + { + string errorString; + + errorString = "Unable to get certificate from '"; + errorString += publicFile; + errorString += "'\n"; + errorString += sslGetErrors(); + + EXCEPTION(errorString); + + throw ContextException(errorString.c_str(), __FILE__, __LINE__); + } + + if (privateKey.getFileName().empty()) + { + WARNING("No Private Key specified - using the certificate."); + + privKeyFile = publicFile; + privKeyFileType = publicEncoding; + } + + // Set which Private Key file to use. + if (SSL_CTX_use_PrivateKey_file(sslContext, privKeyFile, privKeyFileType) <= 0) + { + string errorString; + + errorString = "unable to get private key from '"; + errorString += privKeyFile; + errorString += "'\n"; + errorString += sslGetErrors(); + + EXCEPTION(errorString); + + throw ContextException(errorString.c_str(), __FILE__, __LINE__); + } + + // Check to see if the Private and Public keys that have been + // set against the SSL context match up. + if (!SSL_CTX_check_private_key(sslContext)) + { + string errorString = "Private key does not match the certificate public key"; + + EXCEPTION(errorString); + + throw ContextException(errorString.c_str(), __FILE__, __LINE__); + } + + } + + METHOD_RET("OpenSSL::System::addKeyCert()"); +} + + +SSL_CTX* +IceSecurity::Ssl::OpenSSL::System::createContext(SslProtocol sslProtocol) +{ + METHOD_INV("OpenSSL::System::createContext()"); + + SSL_CTX* context = SSL_CTX_new(getSslMethod(sslProtocol)); + + if (context == 0) + { + string errorString = "Unable to create SSL Context."; + + EXCEPTION(errorString); + + throw ContextException(errorString.c_str(), __FILE__, __LINE__); + } + + METHOD_RET("OpenSSL::System::createContext()"); + + return context; +} + + +// +// TODO: Clean this up. This routine is pretty much ripped off from the OpenSSL +// routine ERR_print_errors_fp(), except we got rid of the file pointer. +// +string +IceSecurity::Ssl::OpenSSL::System::sslGetErrors() +{ + METHOD_INV("OpenSSL::System::sslGetErrors()"); + + string errorMessage; + char buf[200], bigBuffer[1024]; + const char* file; + const char* data = 0; + int line, flags; + + unsigned long es = CRYPTO_thread_id(); + + while ((line = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) + { + // Request an error from the OpenSSL library + ERR_error_string_n(line, buf, sizeof(buf)); + + sprintf(bigBuffer,"%lu:%s:%s:%d:%s\n",es,buf,file,line,(flags&ERR_TXT_STRING)?data:""); + + errorMessage += bigBuffer; + } + + METHOD_RET("OpenSSL::System::sslGetErrors()"); + + return errorMessage; +} + +SSL* +IceSecurity::Ssl::OpenSSL::System::createConnection(SSL_CTX* sslContext, int socket) +{ + METHOD_INV("OpenSSL::System::createConnection()"); + + SSL *sslConnection = 0; + + sslConnection = SSL_new(sslContext); + + SSL_clear(sslConnection); + + SSL_set_fd(sslConnection, socket); + + if (SECURITY_LEVEL_PROTOCOL_DEBUG) + { + sslConnection->debug = 1; + BIO_set_callback(SSL_get_rbio(sslConnection), bio_dump_cb); + BIO_set_callback_arg(SSL_get_rbio(sslConnection), 0); + BIO_set_callback(SSL_get_wbio(sslConnection), bio_dump_cb); + BIO_set_callback_arg(SSL_get_rbio(sslConnection), 0); + } + + // Map the SSL Connection to this SslSystem + // This is required for the OpenSSL callbacks + // to work properly. + Factory::addSystemHandle(sslConnection, this); + + METHOD_RET("OpenSSL::System::createConnection()"); + + return sslConnection; +} + +void +IceSecurity::Ssl::OpenSSL::System::loadCAFiles(SSL_CTX* sslContext, CertificateAuthority& certAuth) +{ + METHOD_INV("OpenSSL::System::loadCAFiles()"); + + string caFile = certAuth.getCAFileName(); + string caPath = certAuth.getCAPath(); + + loadCAFiles(sslContext, caFile.c_str(), caPath.c_str()); + + METHOD_RET("OpenSSL::System::loadCAFiles()"); +} + +void +IceSecurity::Ssl::OpenSSL::System::loadCAFiles(SSL_CTX* sslContext, const char* caFile, const char* caPath) +{ + METHOD_INV("OpenSSL::System::loadCAFiles()"); + + if (sslContext != 0) + { + // The following checks are required to send the expected values to the OpenSSL library. + // It does not like receiving "", but prefers NULLs. + if ((caFile != 0) && (strlen(caFile) == 0)) + { + caFile = 0; + } + + if ((caPath != 0) && (strlen(caPath) == 0)) + { + caPath = 0; + } + + // Check the Certificate Authority file(s). + if ((!SSL_CTX_load_verify_locations(sslContext, caFile, caPath)) || + (!SSL_CTX_set_default_verify_paths(sslContext))) + { + // Non Fatal. + WARNING("Unable to load/verify Certificate Authorities."); + } + } + + METHOD_RET("OpenSSL::System::loadCAFiles()"); +} + +void +IceSecurity::Ssl::OpenSSL::System::loadAndCheckCAFiles(SSL_CTX* sslContext, CertificateAuthority& certAuth) +{ + METHOD_INV("OpenSSL::System::loadAndCheckCAFiles()"); + + if (sslContext != 0) + { + string caFile = certAuth.getCAFileName(); + string caPath = certAuth.getCAPath(); + + // Check the Certificate Authority file(s). + loadCAFiles(sslContext, caFile.c_str(), caPath.c_str()); + + if (!caPath.empty()) + { + STACK_OF(X509_NAME)* certNames = SSL_load_client_CA_file(caFile.c_str()); + + if (certNames != 0) + { + SSL_CTX_set_client_CA_list(sslContext, certNames); + } + else + { + WARNING("Unable to set SSL context Certificate Authorities."); + } + } + } + + METHOD_RET("OpenSSL::System::loadAndCheckCAFiles()"); +} + +DH* +IceSecurity::Ssl::OpenSSL::System::loadDHParam(const char* dhfile) +{ + METHOD_INV(string("OpenSSL::System::loadDHParam(") + dhfile + string(")")); + + DH* ret = 0; + BIO* bio; + + if ((bio = BIO_new_file(dhfile,"r")) != 0) + { + ret = PEM_read_bio_DHparams(bio, 0, 0, 0); + } + + if (bio != 0) + { + BIO_free(bio); + } + + METHOD_RET(string("OpenSSL::System::loadDHParam(") + dhfile + string(")")); + + return ret; +} + +DH* +IceSecurity::Ssl::OpenSSL::System::getTempDH(unsigned char* p, int plen, unsigned char* g, int glen) +{ + METHOD_INV("OpenSSL::System::getTempDH()"); + + DH* dh = 0; + + if ((dh = DH_new()) != 0) + { + dh->p = BN_bin2bn(p, plen, 0); + + dh->g = BN_bin2bn(g, glen, 0); + + if ((dh->p == 0) || (dh->g == 0)) + { + DH_free(dh); + dh = 0; + } + } + + METHOD_RET("OpenSSL::System::getTempDH()"); + + return dh; +} + +DH* +IceSecurity::Ssl::OpenSSL::System::getTempDH512() +{ + METHOD_INV("OpenSSL::System::getTempDH512()"); + + DH* dh = getTempDH(_tempDiffieHellman512p, sizeof(_tempDiffieHellman512p), + _tempDiffieHellman512g, sizeof(_tempDiffieHellman512g)); + + METHOD_RET("OpenSSL::System::getTempDH512()"); + + return dh; +} + +void +IceSecurity::Ssl::OpenSSL::System::setDHParams(SSL_CTX* sslContext, BaseCertificates& baseCerts) +{ + METHOD_INV("OpenSSL::System::setDHParams()"); + + string dhFile; + int encoding = 0; + + if (baseCerts.getDHParams().getKeySize() != 0) + { + dhFile = baseCerts.getDHParams().getFileName(); + encoding = baseCerts.getDHParams().getEncoding(); + } + else if (baseCerts.getRSACert().getKeySize() != 0) + { + dhFile = baseCerts.getRSACert().getPublic().getFileName(); + encoding = baseCerts.getRSACert().getPublic().getEncoding(); + } + + DH* dh = 0; + + // File type must be PEM - that's the only way we can load + // DH Params, apparently. + if ((!dhFile.empty()) && (encoding == SSL_FILETYPE_PEM)) + { + dh = loadDHParam(dhFile.c_str()); + } + + if (dh == 0) + { + WARNING("Could not load Diffie-Hellman params, generating a temporary 512bit key."); + + dh = getTempDH512(); + } + + if (dh != 0) + { + SSL_CTX_set_tmp_dh(sslContext, dh); + + DH_free(dh); + } + + METHOD_RET("OpenSSL::System::setDHParams()"); +} + +void +IceSecurity::Ssl::OpenSSL::System::setCipherList(SSL_CTX* sslContext, const string& cipherList) +{ + METHOD_INV("OpenSSL::System::setCipherList()"); + + if (!cipherList.empty() && (!SSL_CTX_set_cipher_list(sslContext, cipherList.c_str()))) + { + string errorString = "Error setting cipher list."; + + EXCEPTION(errorString); + + throw ContextException(errorString.c_str(), __FILE__, __LINE__); + } + + METHOD_RET("OpenSSL::System::setCipherList()"); +} + +int +IceSecurity::Ssl::OpenSSL::System::seedRand() +{ + METHOD_INV("OpenSSL::System::seedRand()"); + + int retCode = 1; + char buffer[1024]; + +#ifdef WINDOWS + RAND_screen(); +#endif + + const char* file = RAND_file_name(buffer, sizeof(buffer)); + + if (file == 0 || !RAND_load_file(file, -1)) + { + retCode = 0; + } + else + { + _randSeeded = 1; + } + + METHOD_RET("OpenSSL::System::seedRand()"); + + return retCode; +} + +long +IceSecurity::Ssl::OpenSSL::System::loadRandFiles(const string& names) +{ + METHOD_INV("OpenSSL::System::loadRandFiles(" + names + ")"); + + long tot = 0; + + if (!names.empty()) + { + int egd; + + // Make a modifiable copy of the string. + char* namesString = new char[names.length() + 1]; + strcpy(namesString, names.c_str()); + + char seps[5]; + + sprintf(seps, "%c", LIST_SEPARATOR_CHAR); + + char* token = strtok(namesString, seps); + + while (token != 0) + { + egd = RAND_egd(token); + + if (egd > 0) + { + tot += egd; + } + else + { + tot += RAND_load_file(token, -1); + } + + token = strtok(0, seps); + } + + if (tot > 512) + { + _randSeeded = 1; + } + + delete []namesString; + } + + METHOD_RET("OpenSSL::System::loadRandFiles(" + names + ")"); + + return tot; +} + +void +IceSecurity::Ssl::OpenSSL::System::initRandSystem(const string& randBytesFiles) +{ + METHOD_INV("OpenSSL::System::initRandSystem(" + randBytesFiles + ")"); + + if (!_randSeeded) + { + long randBytesLoaded = 0; + + if (!seedRand() && randBytesFiles.empty() && !RAND_status()) + { + WARNING("There is a lack of random data, consider specifying a random data file."); + } + + if (!randBytesFiles.empty()) + { + randBytesLoaded = loadRandFiles(randBytesFiles); + } + } + + METHOD_RET("OpenSSL::System::initRandSystem(" + randBytesFiles + ")"); +} + +void +IceSecurity::Ssl::OpenSSL::System::loadTempCerts(TempCertificates& tempCerts) +{ + METHOD_INV("OpenSSL::System::loadTempCerts()"); + + RSAVector::iterator iRSA = tempCerts.getRSACerts().begin(); + RSAVector::iterator eRSA = tempCerts.getRSACerts().end(); + + while (iRSA != eRSA) + { + _tempRSAFileMap[(*iRSA).getKeySize()] = *iRSA; + iRSA++; + } + + DSAVector::iterator iDSA = tempCerts.getDSACerts().begin(); + DSAVector::iterator eDSA = tempCerts.getDSACerts().end(); + + while (iDSA != eDSA) + { + _tempDSAFileMap[(*iDSA).getKeySize()] = *iDSA; + iDSA++; + } + + DHVector::iterator iDHP = tempCerts.getDHParams().begin(); + DHVector::iterator eDHP = tempCerts.getDHParams().end(); + + while (iDHP != eDHP) + { + _tempDHParamsFileMap[(*iDHP).getKeySize()] = *iDHP; + iDHP++; + } + + METHOD_RET("OpenSSL::System::loadTempCerts()"); +} diff --git a/cpp/src/Ice/SslSystemOpenSSL.h b/cpp/src/Ice/SslSystemOpenSSL.h index ad1d7e81eac..d09e1efd696 100644 --- a/cpp/src/Ice/SslSystemOpenSSL.h +++ b/cpp/src/Ice/SslSystemOpenSSL.h @@ -1,197 +1,197 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifndef ICE_SSL_SYSTEM_OPENSSL_H
-#define ICE_SSL_SYSTEM_OPENSSL_H
-
-#include <openssl/ssl.h>
-#include <string>
-#include <map>
-#include <JTC/JTC.h>
-#include <Ice/Config.h>
-#include <Ice/TraceLevels.h>
-#include <Ice/Logger.h>
-#include <Ice/SslFactory.h>
-#include <Ice/SslSystem.h>
-#include <Ice/SslConnection.h>
-#include <Ice/SslConnectionOpenSSL.h>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-typedef enum
-{
- SSL_V2 = 1, // Only speak SSLv2
- SSL_V23, // Speak SSLv2 and SSLv3
- SSL_V3, // Only speak SSLv3
- TLS_V1 // Only speak TLSv1
-} SslProtocol;
-
-}
-
-}
-
-#include <Ice/SslGeneralConfig.h>
-#include <Ice/SslCertificateDesc.h>
-#include <Ice/SslCertificateAuthority.h>
-#include <Ice/SslBaseCerts.h>
-#include <Ice/SslTempCerts.h>
-
-extern "C"
-{
- RSA* tmpRSACallback(SSL*, int, int);
- DH* tmpDHCallback(SSL*, int, int);
-}
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-class GeneralConfig;
-
-namespace OpenSSL
-{
-
-using namespace Ice;
-using namespace IceSecurity::Ssl;
-
-using std::map;
-using std::string;
-
-typedef map<int,RSA*> RSAMap;
-typedef map<int,DH*> DHMap;
-
-typedef map<int,CertificateDesc> RSACertMap;
-typedef map<int,CertificateDesc> DSACertMap;
-typedef map<int,DiffieHellmanParamsFile> DHParamsMap;
-
-class System : public IceSecurity::Ssl::System
-{
-
-public:
-
- void printContextInfo(SSL_CTX*);
-
- // This is how we create a Server connection.
- virtual IceSecurity::Ssl::Connection* createServerConnection(int);
-
- // This is how we create a Client connection.
- virtual IceSecurity::Ssl::Connection* createClientConnection(int);
-
- // Shuts down the SSL System.
- virtual void shutdown();
-
- virtual bool isConfigLoaded();
- virtual void loadConfig();
-
- // Returns the desired RSA Key, or creates it if not already created.
- // This is public because the tmpRSACallback must be able to access it.
- RSA* getRSAKey(SSL*, int, int);
-
- // Returns the desired DH Params. If the Params do not already exist, and the key
- // requested is a 512bit or 1024bit key, we use the compiled-in temporary params.
- // If the key is some other length, we read the desired key, based on length,
- // from a DH Param file.
- // This is public because the tmpDHCallback must be able to access it.
- DH* getDHParams(SSL*, int, int);
-
- static TraceLevelsPtr _globalTraceLevels;
- static Ice::LoggerPtr _globalLogger;
-
-protected:
-
- System(string&);
- ~System();
-
-private:
-
- // Base Diffie-Hellman 512bit key (only to be used for key exchange).
- static unsigned char _tempDiffieHellman512p[];
- static unsigned char _tempDiffieHellman512g[];
-
- // Default SSL Contexts, for both Server and Client connections.
- SSL_CTX* _sslServerContext;
- SSL_CTX* _sslClientContext;
-
- // Keep a cache of all temporary RSA keys.
- RSAMap _tempRSAKeys;
- JTCMutex _tempRSAKeysMutex;
-
- // Keep a cache of all temporary Diffie-Hellman keys.
- DHMap _tempDHKeys;
- JTCMutex _tempDHKeysMutex;
-
- // Maps of all temporary keying information.
- // The files themselves will not be loaded until
- // needed.
- RSACertMap _tempRSAFileMap;
- DSACertMap _tempDSAFileMap;
- DHParamsMap _tempDHParamsFileMap;
-
- // The Session ID Context (Server Only).
- string _sessionContext;
-
- // Flag as to whether the Random Number system has been seeded.
- int _randSeeded;
-
- bool _configLoaded;
-
- // Call to initialize the SSL system.
- void initClient(GeneralConfig&, CertificateAuthority&, BaseCertificates&);
- void initServer(GeneralConfig&, CertificateAuthority&, BaseCertificates&, TempCertificates&);
-
- SSL_METHOD* getSslMethod(SslProtocol);
-
- void processCertificate(SSL_CTX*, const CertificateDesc&);
- void addKeyCert(SSL_CTX*, const CertificateFile&, const CertificateFile&);
-
- SSL_CTX* createContext(SslProtocol);
-
- // Retrieves errors from the OpenSSL library.
- string sslGetErrors();
-
- // Create a connection.
- SSL* createConnection(SSL_CTX*, int);
-
- // Methods for loading CAFiles into a Context.
- void loadCAFiles(SSL_CTX*, CertificateAuthority&);
- void loadCAFiles(SSL_CTX*, const char*, const char*);
- void loadAndCheckCAFiles(SSL_CTX*, CertificateAuthority&);
-
- DH* loadDHParam(const char *);
- DH* getTempDH(unsigned char*, int, unsigned char*, int);
- DH* getTempDH512();
- void setDHParams(SSL_CTX*, BaseCertificates&);
-
- void setCipherList(SSL_CTX*, const string&);
-
- // Cryptographic Random Number System related routines.
- int seedRand();
- long loadRandFiles(const string&);
- void initRandSystem(const string&);
-
- void loadTempCerts(TempCertificates&);
-
- friend class IceSecurity::Ssl::Factory;
- friend class Connection;
-
-};
-
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** +#ifndef ICE_SSL_SYSTEM_OPENSSL_H +#define ICE_SSL_SYSTEM_OPENSSL_H + +#include <openssl/ssl.h> +#include <string> +#include <map> +#include <JTC/JTC.h> +#include <Ice/Config.h> +#include <Ice/TraceLevels.h> +#include <Ice/Logger.h> +#include <Ice/SslFactory.h> +#include <Ice/SslSystem.h> +#include <Ice/SslConnection.h> +#include <Ice/SslConnectionOpenSSL.h> + +namespace IceSecurity +{ + +namespace Ssl +{ + +typedef enum +{ + SSL_V2 = 1, // Only speak SSLv2 + SSL_V23, // Speak SSLv2 and SSLv3 + SSL_V3, // Only speak SSLv3 + TLS_V1 // Only speak TLSv1 +} SslProtocol; + +} + +} + +#include <Ice/SslGeneralConfig.h> +#include <Ice/SslCertificateDesc.h> +#include <Ice/SslCertificateAuthority.h> +#include <Ice/SslBaseCerts.h> +#include <Ice/SslTempCerts.h> + +extern "C" +{ + RSA* tmpRSACallback(SSL*, int, int); + DH* tmpDHCallback(SSL*, int, int); +} + +namespace IceSecurity +{ + +namespace Ssl +{ + +class GeneralConfig; + +namespace OpenSSL +{ + +using namespace Ice; +using namespace IceSecurity::Ssl; + +using std::map; +using std::string; + +typedef map<int,RSA*> RSAMap; +typedef map<int,DH*> DHMap; + +typedef map<int,CertificateDesc> RSACertMap; +typedef map<int,CertificateDesc> DSACertMap; +typedef map<int,DiffieHellmanParamsFile> DHParamsMap; + +class System : public IceSecurity::Ssl::System +{ + +public: + + void printContextInfo(SSL_CTX*); + + // This is how we create a Server connection. + virtual IceSecurity::Ssl::Connection* createServerConnection(int); + + // This is how we create a Client connection. + virtual IceSecurity::Ssl::Connection* createClientConnection(int); + + // Shuts down the SSL System. + virtual void shutdown(); + + virtual bool isConfigLoaded(); + virtual void loadConfig(); + + // Returns the desired RSA Key, or creates it if not already created. + // This is public because the tmpRSACallback must be able to access it. + RSA* getRSAKey(SSL*, int, int); + + // Returns the desired DH Params. If the Params do not already exist, and the key + // requested is a 512bit or 1024bit key, we use the compiled-in temporary params. + // If the key is some other length, we read the desired key, based on length, + // from a DH Param file. + // This is public because the tmpDHCallback must be able to access it. + DH* getDHParams(SSL*, int, int); + + static TraceLevelsPtr _globalTraceLevels; + static Ice::LoggerPtr _globalLogger; + +protected: + + System(string&); + ~System(); + +private: + + // Base Diffie-Hellman 512bit key (only to be used for key exchange). + static unsigned char _tempDiffieHellman512p[]; + static unsigned char _tempDiffieHellman512g[]; + + // Default SSL Contexts, for both Server and Client connections. + SSL_CTX* _sslServerContext; + SSL_CTX* _sslClientContext; + + // Keep a cache of all temporary RSA keys. + RSAMap _tempRSAKeys; + JTCMutex _tempRSAKeysMutex; + + // Keep a cache of all temporary Diffie-Hellman keys. + DHMap _tempDHKeys; + JTCMutex _tempDHKeysMutex; + + // Maps of all temporary keying information. + // The files themselves will not be loaded until + // needed. + RSACertMap _tempRSAFileMap; + DSACertMap _tempDSAFileMap; + DHParamsMap _tempDHParamsFileMap; + + // The Session ID Context (Server Only). + string _sessionContext; + + // Flag as to whether the Random Number system has been seeded. + int _randSeeded; + + bool _configLoaded; + + // Call to initialize the SSL system. + void initClient(GeneralConfig&, CertificateAuthority&, BaseCertificates&); + void initServer(GeneralConfig&, CertificateAuthority&, BaseCertificates&, TempCertificates&); + + SSL_METHOD* getSslMethod(SslProtocol); + + void processCertificate(SSL_CTX*, const CertificateDesc&); + void addKeyCert(SSL_CTX*, const CertificateFile&, const CertificateFile&); + + SSL_CTX* createContext(SslProtocol); + + // Retrieves errors from the OpenSSL library. + string sslGetErrors(); + + // Create a connection. + SSL* createConnection(SSL_CTX*, int); + + // Methods for loading CAFiles into a Context. + void loadCAFiles(SSL_CTX*, CertificateAuthority&); + void loadCAFiles(SSL_CTX*, const char*, const char*); + void loadAndCheckCAFiles(SSL_CTX*, CertificateAuthority&); + + DH* loadDHParam(const char *); + DH* getTempDH(unsigned char*, int, unsigned char*, int); + DH* getTempDH512(); + void setDHParams(SSL_CTX*, BaseCertificates&); + + void setCipherList(SSL_CTX*, const string&); + + // Cryptographic Random Number System related routines. + int seedRand(); + long loadRandFiles(const string&); + void initRandSystem(const string&); + + void loadTempCerts(TempCertificates&); + + friend class IceSecurity::Ssl::Factory; + friend class Connection; + +}; + +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslTempCerts.cpp b/cpp/src/Ice/SslTempCerts.cpp index 3deebdffd59..6397175865b 100644 --- a/cpp/src/Ice/SslTempCerts.cpp +++ b/cpp/src/Ice/SslTempCerts.cpp @@ -1,41 +1,41 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/SslTempCerts.h>
-
-IceSecurity::Ssl::TempCertificates::TempCertificates()
-{
-}
-
-IceSecurity::Ssl::TempCertificates::~TempCertificates()
-{
- _rsaCerts.clear();
- _dsaCerts.clear();
- _rsaCerts.clear();
-}
-
-void
-IceSecurity::Ssl::TempCertificates::addRSACert(CertificateDesc& certDesc)
-{
- _rsaCerts.push_back(certDesc);
-}
-
-void
-IceSecurity::Ssl::TempCertificates::addDSACert(CertificateDesc& certDesc)
-{
- _dsaCerts.push_back(certDesc);
-}
-
-void
-IceSecurity::Ssl::TempCertificates::addDHParams(DiffieHellmanParamsFile& dhParams)
-{
- _dhParams.push_back(dhParams);
-}
-
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <Ice/SslTempCerts.h> + +IceSecurity::Ssl::TempCertificates::TempCertificates() +{ +} + +IceSecurity::Ssl::TempCertificates::~TempCertificates() +{ + _rsaCerts.clear(); + _dsaCerts.clear(); + _rsaCerts.clear(); +} + +void +IceSecurity::Ssl::TempCertificates::addRSACert(CertificateDesc& certDesc) +{ + _rsaCerts.push_back(certDesc); +} + +void +IceSecurity::Ssl::TempCertificates::addDSACert(CertificateDesc& certDesc) +{ + _dsaCerts.push_back(certDesc); +} + +void +IceSecurity::Ssl::TempCertificates::addDHParams(DiffieHellmanParamsFile& dhParams) +{ + _dhParams.push_back(dhParams); +} + diff --git a/cpp/src/Ice/SslTempCerts.h b/cpp/src/Ice/SslTempCerts.h index 47048a5bc0b..a150673909b 100644 --- a/cpp/src/Ice/SslTempCerts.h +++ b/cpp/src/Ice/SslTempCerts.h @@ -1,89 +1,89 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_TEMP_CERTS_H
-#define ICE_SSL_TEMP_CERTS_H
-
-#include <Ice/SslCertificateDesc.h>
-#include <ostream>
-
-namespace IceSecurity
-{
-
-namespace Ssl
-{
-
-class TempCertificates
-{
-
-public:
- TempCertificates();
- ~TempCertificates();
-
- void addRSACert(CertificateDesc&);
- void addDSACert(CertificateDesc&);
- void addDHParams(DiffieHellmanParamsFile&);
-
- inline RSAVector& getRSACerts() { return _rsaCerts; };
- inline DSAVector& getDSACerts() { return _dsaCerts; };
- inline DHVector& getDHParams() { return _dhParams; };
-
-protected:
- RSAVector _rsaCerts;
- DSAVector _dsaCerts;
- DHVector _dhParams;
-};
-
-using std::endl;
-
-template<class Stream>
-inline Stream& operator << (Stream& target, TempCertificates& tmpCerts)
-{
- RSAVector::iterator iRSA = tmpCerts.getRSACerts().begin();
- RSAVector::iterator eRSA = tmpCerts.getRSACerts().end();
-
- while (iRSA != eRSA)
- {
- target << "RSA" << endl << "{" << endl;
- target << *iRSA;
- target << "}" << endl << endl;
- iRSA++;
- }
-
- DSAVector::iterator iDSA = tmpCerts.getDSACerts().begin();
- DSAVector::iterator eDSA = tmpCerts.getDSACerts().end();
-
- while (iDSA != eDSA)
- {
- target << "DSA" << endl << "{" << endl;
- target << *iDSA;
- target << "}" << endl << endl;
- iDSA++;
- }
-
- DHVector::iterator iDHP = tmpCerts.getDHParams().begin();
- DHVector::iterator eDHP = tmpCerts.getDHParams().end();
-
- while (iDHP != eDHP)
- {
- target << "DH" << endl << "{" << endl;
- target << *iDHP;
- target << "}" << endl << endl;
- iDHP++;
- }
-
- return target;
-}
-
-}
-
-}
-
-#endif
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#ifndef ICE_SSL_TEMP_CERTS_H +#define ICE_SSL_TEMP_CERTS_H + +#include <Ice/SslCertificateDesc.h> +#include <ostream> + +namespace IceSecurity +{ + +namespace Ssl +{ + +class TempCertificates +{ + +public: + TempCertificates(); + ~TempCertificates(); + + void addRSACert(CertificateDesc&); + void addDSACert(CertificateDesc&); + void addDHParams(DiffieHellmanParamsFile&); + + inline RSAVector& getRSACerts() { return _rsaCerts; }; + inline DSAVector& getDSACerts() { return _dsaCerts; }; + inline DHVector& getDHParams() { return _dhParams; }; + +protected: + RSAVector _rsaCerts; + DSAVector _dsaCerts; + DHVector _dhParams; +}; + +using std::endl; + +template<class Stream> +inline Stream& operator << (Stream& target, TempCertificates& tmpCerts) +{ + RSAVector::iterator iRSA = tmpCerts.getRSACerts().begin(); + RSAVector::iterator eRSA = tmpCerts.getRSACerts().end(); + + while (iRSA != eRSA) + { + target << "RSA" << endl << "{" << endl; + target << *iRSA; + target << "}" << endl << endl; + iRSA++; + } + + DSAVector::iterator iDSA = tmpCerts.getDSACerts().begin(); + DSAVector::iterator eDSA = tmpCerts.getDSACerts().end(); + + while (iDSA != eDSA) + { + target << "DSA" << endl << "{" << endl; + target << *iDSA; + target << "}" << endl << endl; + iDSA++; + } + + DHVector::iterator iDHP = tmpCerts.getDHParams().begin(); + DHVector::iterator eDHP = tmpCerts.getDHParams().end(); + + while (iDHP != eDHP) + { + target << "DH" << endl << "{" << endl; + target << *iDHP; + target << "}" << endl << endl; + iDHP++; + } + + return target; +} + +} + +} + +#endif diff --git a/cpp/src/Ice/SslTransceiver.cpp b/cpp/src/Ice/SslTransceiver.cpp index 2a153b3d375..d0de45476b2 100644 --- a/cpp/src/Ice/SslTransceiver.cpp +++ b/cpp/src/Ice/SslTransceiver.cpp @@ -7,27 +7,27 @@ // All Rights Reserved // // ********************************************************************** -
-#include <Ice/Security.h>
-#include <Ice/SslConnection.h>
-#include <Ice/SslTransceiver.h>
+ +#include <Ice/Security.h> +#include <Ice/SslConnection.h> +#include <Ice/SslTransceiver.h> #include <Ice/Instance.h> #include <Ice/TraceLevels.h> #include <Ice/Logger.h> #include <Ice/Buffer.h> #include <Ice/Network.h> #include <Ice/Exception.h> -#include <Ice/SslException.h>
-#include <sstream>
+#include <Ice/SslException.h> +#include <sstream> using namespace std; using namespace Ice; using namespace IceInternal; -using IceSecurity::SecurityException;
-using IceSecurity::Ssl::InitException;
-using IceSecurity::Ssl::ReInitException;
-using IceSecurity::Ssl::ShutdownException;
-
+using IceSecurity::SecurityException; +using IceSecurity::Ssl::InitException; +using IceSecurity::Ssl::ReInitException; +using IceSecurity::Ssl::ShutdownException; + int IceInternal::SslTransceiver::fd() { @@ -37,8 +37,8 @@ IceInternal::SslTransceiver::fd() void IceInternal::SslTransceiver::close() { - METHOD_INV("SslTransceiver::close()");
-
+ METHOD_INV("SslTransceiver::close()"); + if (_traceLevels->network >= 1) { ostringstream s; @@ -47,19 +47,19 @@ IceInternal::SslTransceiver::close() } int fd = _fd; - cleanUpSSL();
+ cleanUpSSL(); _fd = INVALID_SOCKET; ::shutdown(fd, SHUT_RDWR); // helps to unblock threads in recv() closeSocket(fd); -
- METHOD_RET("SslTransceiver::close()");
+ + METHOD_RET("SslTransceiver::close()"); } void IceInternal::SslTransceiver::shutdown() { - METHOD_INV("SslTransceiver::shutdown()");
-
+ METHOD_INV("SslTransceiver::shutdown()"); + if (_traceLevels->network >= 2) { ostringstream s; @@ -68,31 +68,31 @@ IceInternal::SslTransceiver::shutdown() } ::shutdown(_fd, SHUT_WR); // Shutdown socket for writing -
- METHOD_RET("SslTransceiver::shutdown()");
+ + METHOD_RET("SslTransceiver::shutdown()"); } void IceInternal::SslTransceiver::write(Buffer& buf, int timeout) -{
- METHOD_INV("SslTransceiver::write()")
- _sslConnection->write(buf, timeout);
- METHOD_RET("SslTransceiver::write()");
+{ + METHOD_INV("SslTransceiver::write()") + _sslConnection->write(buf, timeout); + METHOD_RET("SslTransceiver::write()"); } void IceInternal::SslTransceiver::read(Buffer& buf, int timeout) { - METHOD_INV("SslTransceiver::read()");
-
- if (!_sslConnection->read(buf, timeout))
- {
- ConnectionLostException clEx(__FILE__, __LINE__);
- clEx.error = 0;
- throw clEx;
- }
-
- METHOD_RET("SslTransceiver::read()");
+ METHOD_INV("SslTransceiver::read()"); + + if (!_sslConnection->read(buf, timeout)) + { + ConnectionLostException clEx(__FILE__, __LINE__); + clEx.error = 0; + throw clEx; + } + + METHOD_RET("SslTransceiver::read()"); } string @@ -101,15 +101,15 @@ IceInternal::SslTransceiver::toString() const return fdToString(_fd); } -IceInternal::SslTransceiver::SslTransceiver(const InstancePtr& instance, int fd, Connection* sslConnection) :
- _instance(instance),
- _fd(fd),
- _traceLevels(instance->traceLevels()),
- _logger(instance->logger()),
- _sslConnection(sslConnection)
+IceInternal::SslTransceiver::SslTransceiver(const InstancePtr& instance, int fd, Connection* sslConnection) : + _instance(instance), + _fd(fd), + _traceLevels(instance->traceLevels()), + _logger(instance->logger()), + _sslConnection(sslConnection) { - assert(sslConnection != 0);
-
+ assert(sslConnection != 0); + FD_ZERO(&_rFdSet); FD_ZERO(&_wFdSet); } @@ -117,17 +117,17 @@ IceInternal::SslTransceiver::SslTransceiver(const InstancePtr& instance, int fd, IceInternal::SslTransceiver::~SslTransceiver() { assert(_fd == INVALID_SOCKET); -
- cleanUpSSL();
+ + cleanUpSSL(); +} + +void +IceInternal::SslTransceiver::cleanUpSSL() +{ + if (_sslConnection != 0) + { + _sslConnection->shutdown(); + delete _sslConnection; + _sslConnection = 0; + } } -
-void
-IceInternal::SslTransceiver::cleanUpSSL()
-{
- if (_sslConnection != 0)
- {
- _sslConnection->shutdown();
- delete _sslConnection;
- _sslConnection = 0;
- }
-}
diff --git a/cpp/src/Ice/SslTransceiver.h b/cpp/src/Ice/SslTransceiver.h index 13c3ab8998f..c4a1290e12f 100644 --- a/cpp/src/Ice/SslTransceiver.h +++ b/cpp/src/Ice/SslTransceiver.h @@ -11,7 +11,7 @@ #ifndef ICE_SSL_TRANSCEIVER_H #define ICE_SSL_TRANSCEIVER_H -#include <Ice/SslConnection.h>
+#include <Ice/SslConnection.h> #include <Ice/InstanceF.h> #include <Ice/TraceLevelsF.h> #include <Ice/LoggerF.h> @@ -20,8 +20,8 @@ namespace IceInternal { -using IceSecurity::Ssl::Connection;
-
+using IceSecurity::Ssl::Connection; + class SslConnector; class SslAcceptor; @@ -38,10 +38,10 @@ public: private: - SslTransceiver(const InstancePtr&, int, Connection*);
-
- virtual ~SslTransceiver();
- void cleanUpSSL();
+ SslTransceiver(const InstancePtr&, int, Connection*); + + virtual ~SslTransceiver(); + void cleanUpSSL(); friend class SslConnector; friend class SslAcceptor; @@ -51,8 +51,8 @@ private: ::Ice::LoggerPtr _logger; fd_set _rFdSet; fd_set _wFdSet; -
- Connection* _sslConnection;
+ + Connection* _sslConnection; }; } diff --git a/cpp/src/Ice/TraceLevels.cpp b/cpp/src/Ice/TraceLevels.cpp index f397356b32a..87fc3fe070c 100644 --- a/cpp/src/Ice/TraceLevels.cpp +++ b/cpp/src/Ice/TraceLevels.cpp @@ -24,8 +24,8 @@ IceInternal::TraceLevels::TraceLevels(const PropertiesPtr& properties) : protocol(0), protocolCat("Protocol"), retry(0), - retryCat("Retry"),
- security(0),
+ retryCat("Retry"), + security(0), securityCat("Security") { string value; @@ -48,12 +48,12 @@ IceInternal::TraceLevels::TraceLevels(const PropertiesPtr& properties) : { const_cast<int&>(retry) = atoi(value.c_str()); } -
- value = properties->getProperty(keyBase + securityCat);
- if (!value.empty())
- {
- const_cast<int&>(security) = atoi(value.c_str());
- }
+ + value = properties->getProperty(keyBase + securityCat); + if (!value.empty()) + { + const_cast<int&>(security) = atoi(value.c_str()); + } } IceInternal::TraceLevels::~TraceLevels() diff --git a/cpp/src/Ice/TraceLevels.h b/cpp/src/Ice/TraceLevels.h index b17b42cfb1f..4a1fc54d4a4 100644 --- a/cpp/src/Ice/TraceLevels.h +++ b/cpp/src/Ice/TraceLevels.h @@ -31,8 +31,8 @@ public: const char* protocolCat; const int retry; const char* retryCat; - const int security;
- const char* securityCat;
+ const int security; + const char* securityCat; }; } diff --git a/cpp/src/IcePack/AdminI.cpp b/cpp/src/IcePack/AdminI.cpp index f87635c319d..0a0408c7fcf 100644 --- a/cpp/src/IcePack/AdminI.cpp +++ b/cpp/src/IcePack/AdminI.cpp @@ -27,7 +27,7 @@ IcePack::AdminI::add(const ServerDescription& desc) if (desc.object) { - _serverDescriptions[desc.object->_getIdentity()] = desc; + _serverDescriptions[desc.object->_ice_getIdentity()] = desc; } } diff --git a/cpp/src/IcePack/Client.cpp b/cpp/src/IcePack/Client.cpp index 797316f0ada..f084c800e57 100644 --- a/cpp/src/IcePack/Client.cpp +++ b/cpp/src/IcePack/Client.cpp @@ -129,13 +129,13 @@ run(int argc, char* argv[], const CommunicatorPtr& communicator) cerr << argv[0] << ": property `" << adminEndpointsProperty << "' is not set" << endl; return EXIT_FAILURE; } -
- string protocol = properties->getProperty("Ice.Protocol");
- string secureFlag;
- if (!protocol.compare("ssl"))
- {
- secureFlag = " -s ";
- }
+ + string protocol = properties->getProperty("Ice.Protocol"); + string secureFlag; + if (!protocol.compare("ssl")) + { + secureFlag = " -s "; + } Ice::ObjectPrx base = communicator->stringToProxy("admin" + secureFlag + ":" + adminEndpoints); AdminPrx admin = AdminPrx::checkedCast(base); diff --git a/cpp/src/IcePack/Forward.cpp b/cpp/src/IcePack/Forward.cpp index 58a63a89b11..4235ff0083b 100644 --- a/cpp/src/IcePack/Forward.cpp +++ b/cpp/src/IcePack/Forward.cpp @@ -110,7 +110,7 @@ IcePack::Forward::locate(const ObjectAdapterPtr& adapter, const string& ident, c // server timeout, a crash, or an explicit // shutdown method. // - desc.object->_ping(); + desc.object->_ice_ping(); // // Everything ok, the server is now up and diff --git a/cpp/src/IceUtil/Exception.cpp b/cpp/src/IceUtil/Exception.cpp index ccc6abbd48c..1f7a678a7ee 100644 --- a/cpp/src/IceUtil/Exception.cpp +++ b/cpp/src/IceUtil/Exception.cpp @@ -13,14 +13,14 @@ using namespace std; IceUtil::Exception::Exception() : - _theFile(0), - _theLine(0) + _file(0), + _line(0) { } IceUtil::Exception::Exception(const char* file, int line) : - _theFile(file), - _theLine(line) + _file(file), + _line(line) { } @@ -29,49 +29,49 @@ IceUtil::Exception::~Exception() } string -IceUtil::Exception::_name() const +IceUtil::Exception::_ice_name() const { return "IceUtil::Exception"; } void -IceUtil::Exception::_print(ostream& out) const +IceUtil::Exception::_ice_print(ostream& out) const { - if (_file() && _line() > 0) + if (_file && _line > 0) { - out << _file() << ':' << _line() << ": "; + out << _file << ':' << _line << ": "; } - out << _name(); + out << _ice_name(); } IceUtil::Exception* -IceUtil::Exception::_clone() const +IceUtil::Exception::_ice_clone() const { return new Exception(*this); } void -IceUtil::Exception::_throw() const +IceUtil::Exception::_ice_throw() const { throw *this; } const char* -IceUtil::Exception::_file() const +IceUtil::Exception::_ice_file() const { - return _theFile; + return _file; } int -IceUtil::Exception::_line() const +IceUtil::Exception::_ice_line() const { - return _theLine; + return _line; } ostream& IceUtil::operator<<(ostream& out, const IceUtil::Exception& ex) { - ex._print(out); + ex._ice_print(out); return out; } @@ -81,25 +81,25 @@ IceUtil::NullHandleException::NullHandleException(const char* file, int line) : } string -IceUtil::NullHandleException::_name() const +IceUtil::NullHandleException::_ice_name() const { return "IceUtil::NullHandleException"; } string -IceUtil::NullHandleException::_description() const +IceUtil::NullHandleException::_ice_description() const { return "operation call on null handle"; } IceUtil::Exception* -IceUtil::NullHandleException::_clone() const +IceUtil::NullHandleException::_ice_clone() const { return new NullHandleException(*this); } void -IceUtil::NullHandleException::_throw() const +IceUtil::NullHandleException::_ice_throw() const { throw *this; } diff --git a/cpp/src/slice2cpp/Gen.cpp b/cpp/src/slice2cpp/Gen.cpp index 156212eaed4..b9822da41ea 100644 --- a/cpp/src/slice2cpp/Gen.cpp +++ b/cpp/src/slice2cpp/Gen.cpp @@ -243,25 +243,25 @@ Slice::Gen::TypesVisitor::visitExceptionStart(const ExceptionPtr& p) C << eb; } - H << nl << _dllExport << "virtual ::std::string _name() const;"; - C << sp << nl << "::std::string" << nl << scoped.substr(2) << "::_name() const"; + H << nl << _dllExport << "virtual ::std::string _ice_name() const;"; + C << sp << nl << "::std::string" << nl << scoped.substr(2) << "::_ice_name() const"; C << sb; C << nl << "return \"" << scoped.substr(2) << "\";"; C << eb; if (p->isLocal()) { - H << nl << _dllExport << "virtual void _print(::std::ostream&) const;"; + H << nl << _dllExport << "virtual void _ice_print(::std::ostream&) const;"; } - H << nl << _dllExport << "virtual ::Ice::Exception* _clone() const;"; - C << sp << nl << "::Ice::Exception*" << nl << scoped.substr(2) << "::_clone() const"; + H << nl << _dllExport << "virtual ::Ice::Exception* _ice_clone() const;"; + C << sp << nl << "::Ice::Exception*" << nl << scoped.substr(2) << "::_ice_clone() const"; C << sb; C << nl << "return new " << name << "(*this);"; C << eb; - H << nl << _dllExport << "virtual void _throw() const;"; - C << sp << nl << "void" << nl << scoped.substr(2) << "::_throw() const"; + H << nl << _dllExport << "virtual void _ice_throw() const;"; + C << sp << nl << "void" << nl << scoped.substr(2) << "::_ice_throw() const"; C << sb; C << nl << "throw *this;"; C << eb; @@ -1540,7 +1540,7 @@ Slice::Gen::ObjectVisitor::visitClassDefStart(const ClassDefPtr& p) H << sp; H << nl << exp2 << "static const char* __ids[" << ids.size() << "];"; H << nl << exp2 << "static const char* __classIds[" << classIds.size() << "];"; - H << nl << exp2 << "virtual bool _isA(const ::std::string&);"; + H << nl << exp2 << "virtual bool _ice_isA(const ::std::string&);"; H << nl << exp2 << "virtual const char** __getClassIds();"; C << sp; C << nl << "const char* " << scoped.substr(2) << "::__ids[" << ids.size() << "] ="; @@ -1569,7 +1569,7 @@ Slice::Gen::ObjectVisitor::visitClassDefStart(const ClassDefPtr& p) } C << eb << ';'; C << sp; - C << nl << "bool" << nl << scoped.substr(2) << "::_isA(const ::std::string& s)"; + C << nl << "bool" << nl << scoped.substr(2) << "::_ice_isA(const ::std::string& s)"; C << sb; C << nl << "const char** b = __ids;"; C << nl << "const char** e = __ids + " << ids.size() << ';'; @@ -1614,8 +1614,8 @@ Slice::Gen::ObjectVisitor::visitClassDefEnd(const ClassDefPtr& p) { StringList allOpNames; transform(allOps.begin(), allOps.end(), back_inserter(allOpNames), ::IceUtil::memFun(&Operation::name)); - allOpNames.push_back("_isA"); - allOpNames.push_back("_ping"); + allOpNames.push_back("_ice_isA"); + allOpNames.push_back("_ice_ping"); allOpNames.sort(); allOpNames.unique(); @@ -1625,7 +1625,7 @@ Slice::Gen::ObjectVisitor::visitClassDefEnd(const ClassDefPtr& p) StringList allMutatingOpNames; transform(allMutatingOps.begin(), allMutatingOps.end(), back_inserter(allMutatingOpNames), ::IceUtil::memFun(&Operation::name)); - // Don't add _isA and _ping. These operations are non-mutating. + // Don't add _ice_isA and _ice_ping. These operations are non-mutating. allMutatingOpNames.sort(); allMutatingOpNames.unique(); @@ -2018,10 +2018,10 @@ Slice::Gen::IceVisitor::visitClassDefStart(const ClassDefPtr& p) C << nl << "d = 0;"; C << nl << "if (b)"; C << sb; - C << nl << "if (f == b->_getFacet())"; + C << nl << "if (f == b->_ice_getFacet())"; C << sb; C << nl << "d = dynamic_cast< ::IceProxy" << scoped << "*>(b.get());"; - C << nl << "if (!d && b->_isA(\"" << scoped << "\"))"; + C << nl << "if (!d && b->_ice_isA(\"" << scoped << "\"))"; C << sb; C << nl << "d = new ::IceProxy" << scoped << ";"; C << nl << "d->__copyFrom(b);"; @@ -2029,10 +2029,10 @@ Slice::Gen::IceVisitor::visitClassDefStart(const ClassDefPtr& p) C << eb; C << nl << "else"; C << sb; - C << nl << "::Ice::ObjectPrx bb = b->_newFacet(f);"; + C << nl << "::Ice::ObjectPrx bb = b->_ice_newFacet(f);"; C << nl << "try"; C << sb; - C << nl << "if (bb->_isA(\"" << scoped << "\"))"; + C << nl << "if (bb->_ice_isA(\"" << scoped << "\"))"; C << sb; C << nl << "d = new ::IceProxy" << scoped << ";"; C << nl << "d->__copyFrom(bb);"; @@ -2051,7 +2051,7 @@ Slice::Gen::IceVisitor::visitClassDefStart(const ClassDefPtr& p) C << nl << "d = 0;"; C << nl << "if (b)"; C << sb; - C << nl << "if (f == b->_getFacet())"; + C << nl << "if (f == b->_ice_getFacet())"; C << sb; C << nl << "d = dynamic_cast< ::IceProxy" << scoped << "*>(b.get());"; C << nl << "if (!d)"; @@ -2062,7 +2062,7 @@ Slice::Gen::IceVisitor::visitClassDefStart(const ClassDefPtr& p) C << eb; C << nl << "else"; C << sb; - C << nl << "::Ice::ObjectPrx bb = b->_newFacet(f);"; + C << nl << "::Ice::ObjectPrx bb = b->_ice_newFacet(f);"; C << nl << "d = new ::IceProxy" << scoped << ";"; C << nl << "d->__copyFrom(bb);"; C << eb; diff --git a/cpp/test/Ice/exceptions/AllTests.cpp b/cpp/test/Ice/exceptions/AllTests.cpp index 7112e8f985a..bd2b65646f1 100644 --- a/cpp/test/Ice/exceptions/AllTests.cpp +++ b/cpp/test/Ice/exceptions/AllTests.cpp @@ -50,26 +50,26 @@ allTests(const Ice::CommunicatorPtr& communicator, bool collocated) { cout << "testing stringToProxy... " << flush; string ref; -
- Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
- string secure;
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- if (protocol.compare("ssl") == 0)
- {
- secure = " -s ";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
- ref = "thrower" + secure + ":" + endpts;
-
+ + Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + string secure; + + if (protocol.empty()) + { + protocol = "tcp"; + } + + if (protocol.compare("ssl") == 0) + { + secure = " -s "; + } + + string endpts = protocol + " -p 12345 -t 2000"; + + ref = "thrower" + secure + ":" + endpts; + Ice::ObjectPrx base = communicator->stringToProxy(ref); test(base); cout << "ok" << endl; diff --git a/cpp/test/Ice/exceptions/Collocated.cpp b/cpp/test/Ice/exceptions/Collocated.cpp index c7e199b9eff..6b067900c42 100644 --- a/cpp/test/Ice/exceptions/Collocated.cpp +++ b/cpp/test/Ice/exceptions/Collocated.cpp @@ -16,15 +16,15 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + string endpts = protocol + " -p 12345 -t 2000"; Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); Ice::ObjectPtr object = new ThrowerI(adapter); diff --git a/cpp/test/Ice/exceptions/Server.cpp b/cpp/test/Ice/exceptions/Server.cpp index 3f9234a91ee..86c07ae74b5 100644 --- a/cpp/test/Ice/exceptions/Server.cpp +++ b/cpp/test/Ice/exceptions/Server.cpp @@ -16,15 +16,15 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + string endpts = protocol + " -p 12345 -t 2000"; Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); Ice::ObjectPtr object = new ThrowerI(adapter); diff --git a/cpp/test/Ice/facets/AllTests.cpp b/cpp/test/Ice/facets/AllTests.cpp index dace7b6a474..e9d7076be60 100644 --- a/cpp/test/Ice/facets/AllTests.cpp +++ b/cpp/test/Ice/facets/AllTests.cpp @@ -17,22 +17,22 @@ using namespace std; GPrx allTests(const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- string secure;
-
- if (protocol.compare("ssl") == 0)
- {
- secure = " -s ";
- }
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + + string secure; + + if (protocol.compare("ssl") == 0) + { + secure = " -s "; + } + cout << "testing stringToProxy... " << flush; string ref = "d" + secure + ":" + protocol + " -p 12345 -t 2000"; Ice::ObjectPrx db = communicator->stringToProxy(ref); diff --git a/cpp/test/Ice/facets/Collocated.cpp b/cpp/test/Ice/facets/Collocated.cpp index c6749cce3ff..1c60e13137c 100644 --- a/cpp/test/Ice/facets/Collocated.cpp +++ b/cpp/test/Ice/facets/Collocated.cpp @@ -16,27 +16,27 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + string endpts = protocol + " -p 12345 -t 2000"; Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); Ice::ObjectPtr d = new DI; adapter->add(d, "d"); - d->_addFacet(d, "facetABCD"); - d->_addFacet(new FI, "facetEF"); - d->_addFacet(new GI(communicator), "facetG"); + d->_ice_addFacet(d, "facetABCD"); + d->_ice_addFacet(new FI, "facetEF"); + d->_ice_addFacet(new GI(communicator), "facetG"); GPrx allTests(const Ice::CommunicatorPtr&); allTests(communicator); - d->_removeAllFacets(); // Break cyclic dependencies + d->_ice_removeAllFacets(); // Break cyclic dependencies return EXIT_SUCCESS; } diff --git a/cpp/test/Ice/facets/Server.cpp b/cpp/test/Ice/facets/Server.cpp index 07ffaffa3d9..35c7805b1dc 100644 --- a/cpp/test/Ice/facets/Server.cpp +++ b/cpp/test/Ice/facets/Server.cpp @@ -16,27 +16,27 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + string endpts = protocol + " -p 12345 -t 2000"; Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); Ice::ObjectPtr d = new DI; adapter->add(d, "d"); - d->_addFacet(d, "facetABCD"); - d->_addFacet(new FI, "facetEF"); - d->_addFacet(new GI(communicator), "facetG"); + d->_ice_addFacet(d, "facetABCD"); + d->_ice_addFacet(new FI, "facetEF"); + d->_ice_addFacet(new GI(communicator), "facetG"); adapter->activate(); communicator->waitForShutdown(); - d->_removeAllFacets(); // Break cyclic dependencies + d->_ice_removeAllFacets(); // Break cyclic dependencies return EXIT_SUCCESS; } diff --git a/cpp/test/Ice/faultTolerance/AllTests.cpp b/cpp/test/Ice/faultTolerance/AllTests.cpp index 164dda0093e..7e09b2db5f8 100644 --- a/cpp/test/Ice/faultTolerance/AllTests.cpp +++ b/cpp/test/Ice/faultTolerance/AllTests.cpp @@ -17,22 +17,22 @@ using namespace std; void allTests(const Ice::CommunicatorPtr& communicator, const vector<int>& ports) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- string secure;
-
- if (protocol.compare("ssl") == 0)
- {
- secure = " -s ";
- }
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + + string secure; + + if (protocol.compare("ssl") == 0) + { + secure = " -s "; + } + cout << "testing stringToProxy... " << flush; ostringstream ref; ref << "test" << secure; @@ -101,7 +101,7 @@ allTests(const Ice::CommunicatorPtr& communicator, const vector<int>& ports) cout << "testing whether all servers are gone... " << flush; try { - obj->_ping(); + obj->_ice_ping(); test(false); } catch(const Ice::SocketException&) diff --git a/cpp/test/Ice/faultTolerance/Server.cpp b/cpp/test/Ice/faultTolerance/Server.cpp index d2c3d021b20..d011339fbf1 100644 --- a/cpp/test/Ice/faultTolerance/Server.cpp +++ b/cpp/test/Ice/faultTolerance/Server.cpp @@ -50,15 +50,15 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) } ostringstream endpts; - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + endpts << protocol << " -p " << port; Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts.str()); Ice::ObjectPtr object = new TestI(adapter); diff --git a/cpp/test/Ice/locationForward/AllTests.cpp b/cpp/test/Ice/locationForward/AllTests.cpp index 429bc73bd6b..ee29f5c5732 100644 --- a/cpp/test/Ice/locationForward/AllTests.cpp +++ b/cpp/test/Ice/locationForward/AllTests.cpp @@ -17,20 +17,20 @@ using namespace std; void allTests(const Ice::CommunicatorPtr& communicator, int port, int lastPort) { - Ice::PropertiesPtr properties = communicator->getProperties();
- string protocol = properties->getProperty("Ice.Protocol");
- string secure;
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- if (protocol.compare("ssl") == 0)
- {
- secure = " -s ";
- }
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + string protocol = properties->getProperty("Ice.Protocol"); + string secure; + + if (protocol.empty()) + { + protocol = "tcp"; + } + + if (protocol.compare("ssl") == 0) + { + secure = " -s "; + } + cout << "testing stringToProxy... " << flush; ostringstream ref; ref << "test" << secure << ":" << protocol << " -t 2000 -p " << port; @@ -58,7 +58,7 @@ allTests(const Ice::CommunicatorPtr& communicator, int port, int lastPort) cout << "testing whether all servers are gone... " << flush; try { - lastObj->_ping(); + lastObj->_ice_ping(); test(false); } catch(const Ice::SocketException&) diff --git a/cpp/test/Ice/locationForward/Server.cpp b/cpp/test/Ice/locationForward/Server.cpp index 4b34b29fcc7..ebcd494fba4 100644 --- a/cpp/test/Ice/locationForward/Server.cpp +++ b/cpp/test/Ice/locationForward/Server.cpp @@ -61,16 +61,16 @@ run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) return EXIT_FAILURE; } - ostringstream endpts;
- - Ice::PropertiesPtr properties = communicator->getProperties();
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
+ ostringstream endpts; + + Ice::PropertiesPtr properties = communicator->getProperties(); + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + endpts << protocol << " -p " << port; Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts.str()); Ice::ObjectPtr object = new TestI(adapter, fwd); diff --git a/cpp/test/Ice/objects/AllTests.cpp b/cpp/test/Ice/objects/AllTests.cpp index bef71a088b2..e68f049a2ef 100644 --- a/cpp/test/Ice/objects/AllTests.cpp +++ b/cpp/test/Ice/objects/AllTests.cpp @@ -18,26 +18,26 @@ InitialPrx allTests(const Ice::CommunicatorPtr& communicator, bool collocated) { cout << "testing stringToProxy... " << flush; -
- Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
- string secure;
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- if (protocol.compare("ssl") == 0)
- {
- secure = " -s ";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
- string ref = "initial" + secure + ":" + endpts;
-
+ + Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + string secure; + + if (protocol.empty()) + { + protocol = "tcp"; + } + + if (protocol.compare("ssl") == 0) + { + secure = " -s "; + } + + string endpts = protocol + " -p 12345 -t 2000"; + + string ref = "initial" + secure + ":" + endpts; + Ice::ObjectPrx base = communicator->stringToProxy(ref); test(base); cout << "ok" << endl; @@ -179,13 +179,13 @@ allTests(const Ice::CommunicatorPtr& communicator, bool collocated) cout << "ok" << endl; cout << "checking facet consistency... " << flush; - BPtr fb1 = BPtr::dynamicCast(b1->_findFacet("b1")); + BPtr fb1 = BPtr::dynamicCast(b1->_ice_findFacet("b1")); test(fb1); - BPtr fb2 = BPtr::dynamicCast(b1->_findFacet("b2")); + BPtr fb2 = BPtr::dynamicCast(b1->_ice_findFacet("b2")); test(fb2); - CPtr fc = CPtr::dynamicCast(b1->_findFacet("c")); + CPtr fc = CPtr::dynamicCast(b1->_ice_findFacet("c")); test(fc); - DPtr fd = DPtr::dynamicCast(b1->_findFacet("d")); + DPtr fd = DPtr::dynamicCast(b1->_ice_findFacet("d")); test(fd); test(b1 == fb1); test(fb1->a == fb2); @@ -209,7 +209,7 @@ allTests(const Ice::CommunicatorPtr& communicator, bool collocated) BPtr::dynamicCast(fb1->a)->b = 0; fb1->a = 0; fb1->b = 0; - fb1->_removeAllFacets(); + fb1->_ice_removeAllFacets(); fb2->a = 0; fb2->b = 0; fb2->c = 0; @@ -246,13 +246,13 @@ allTests(const Ice::CommunicatorPtr& communicator, bool collocated) cout << "ok" << endl; cout << "checking facet consistency... " << flush; - fb1 = BPtr::dynamicCast(b1->_findFacet("b1")); + fb1 = BPtr::dynamicCast(b1->_ice_findFacet("b1")); test(fb1); - fb2 = BPtr::dynamicCast(b1->_findFacet("b2")); + fb2 = BPtr::dynamicCast(b1->_ice_findFacet("b2")); test(fb2); - fc = CPtr::dynamicCast(b1->_findFacet("c")); + fc = CPtr::dynamicCast(b1->_ice_findFacet("c")); test(fc); - fd = DPtr::dynamicCast(b1->_findFacet("d")); + fd = DPtr::dynamicCast(b1->_ice_findFacet("d")); test(fd); test(b1 == fb1); test(b2 == fb2); @@ -278,7 +278,7 @@ allTests(const Ice::CommunicatorPtr& communicator, bool collocated) { fb1->a = 0; fb1->b = 0; - fb1->_removeAllFacets(); + fb1->_ice_removeAllFacets(); fb2->a = 0; fb2->b = 0; fb2->c = 0; diff --git a/cpp/test/Ice/objects/Collocated.cpp b/cpp/test/Ice/objects/Collocated.cpp index 17bef65262b..73797c5cd22 100644 --- a/cpp/test/Ice/objects/Collocated.cpp +++ b/cpp/test/Ice/objects/Collocated.cpp @@ -16,17 +16,17 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + + string endpts = protocol + " -p 12345 -t 2000"; + Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); InitialPtr initial = new InitialI(adapter); adapter->add(initial, "initial"); diff --git a/cpp/test/Ice/objects/Server.cpp b/cpp/test/Ice/objects/Server.cpp index e9d357682e4..ae9e7a1fdbb 100644 --- a/cpp/test/Ice/objects/Server.cpp +++ b/cpp/test/Ice/objects/Server.cpp @@ -16,17 +16,17 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + + string endpts = protocol + " -p 12345 -t 2000"; + Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); InitialPtr initial = new InitialI(adapter); adapter->add(initial, "initial"); diff --git a/cpp/test/Ice/objects/TestI.cpp b/cpp/test/Ice/objects/TestI.cpp index b3962d8bfb7..118bca866cb 100644 --- a/cpp/test/Ice/objects/TestI.cpp +++ b/cpp/test/Ice/objects/TestI.cpp @@ -44,17 +44,17 @@ InitialI::shutdown() _b1->a = 0; _b1->b = 0; _b1->c = 0; - _b1->_removeAllFacets(); + _b1->_ice_removeAllFacets(); _b2->a = 0; _b2->b = 0; _b2->c = 0; - _b2->_removeAllFacets(); + _b2->_ice_removeAllFacets(); _c->b = 0; - _c->_removeAllFacets(); + _c->_ice_removeAllFacets(); _d->a = 0; _d->b = 0; _d->c = 0; - _d->_removeAllFacets(); + _d->_ice_removeAllFacets(); } BPtr @@ -93,8 +93,8 @@ InitialI::getAll(BPtr& b1, BPtr& b2, CPtr& c, DPtr& d) void InitialI::addFacetsToB1() { - _b1->_addFacet(_b1, "b1"); - _b1->_addFacet(_b2, "b2"); - _b1->_addFacet(_c, "c"); - _b1->_addFacet(_d, "d"); + _b1->_ice_addFacet(_b1, "b1"); + _b1->_ice_addFacet(_b2, "b2"); + _b1->_ice_addFacet(_c, "c"); + _b1->_ice_addFacet(_d, "d"); } diff --git a/cpp/test/Ice/operations/AllTests.cpp b/cpp/test/Ice/operations/AllTests.cpp index 31d4e104cce..56b168a5b97 100644 --- a/cpp/test/Ice/operations/AllTests.cpp +++ b/cpp/test/Ice/operations/AllTests.cpp @@ -17,29 +17,29 @@ using namespace std; Test::MyClassPrx allTests(const Ice::CommunicatorPtr& communicator) { - string ref;
-
- Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
- string secure;
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- if (protocol.compare("ssl") == 0)
- {
- secure = " -s ";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
- ref = "test" + secure + ":" + endpts;
-
- cout << "testing stringToProxy... " << flush;
-
+ string ref; + + Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + string secure; + + if (protocol.empty()) + { + protocol = "tcp"; + } + + if (protocol.compare("ssl") == 0) + { + secure = " -s "; + } + + string endpts = protocol + " -p 12345 -t 2000"; + + ref = "test" + secure + ":" + endpts; + + cout << "testing stringToProxy... " << flush; + Ice::ObjectPrx base = communicator->stringToProxy(ref); test(base); cout << "ok" << endl; diff --git a/cpp/test/Ice/operations/Collocated.cpp b/cpp/test/Ice/operations/Collocated.cpp index aff78d1f7a1..f9cff35f073 100644 --- a/cpp/test/Ice/operations/Collocated.cpp +++ b/cpp/test/Ice/operations/Collocated.cpp @@ -16,17 +16,17 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + + string endpts = protocol + " -p 12345 -t 2000"; + Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); Ice::ObjectPtr object = new MyDerivedClassI(adapter, "test"); adapter->add(object, "test"); diff --git a/cpp/test/Ice/operations/Server.cpp b/cpp/test/Ice/operations/Server.cpp index f05b2d93c2d..0bf6a159aba 100644 --- a/cpp/test/Ice/operations/Server.cpp +++ b/cpp/test/Ice/operations/Server.cpp @@ -16,17 +16,17 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + + string endpts = protocol + " -p 12345 -t 2000"; + Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); Ice::ObjectPtr object = new MyDerivedClassI(adapter, "test"); adapter->add(object, "test"); diff --git a/cpp/test/Ice/operations/Twoways.cpp b/cpp/test/Ice/operations/Twoways.cpp index d3d8683b3c0..6511aad58c7 100644 --- a/cpp/test/Ice/operations/Twoways.cpp +++ b/cpp/test/Ice/operations/Twoways.cpp @@ -133,23 +133,17 @@ twoways(const Test::MyClassPrx& p) r = p->opMyClass(p, c1, c2); test(c1 == p); test(c2 != p); -// test(r == p); // ASN: Fails! - test(c1->_getIdentity() == "test"); - test(c2->_getIdentity() == "noSuchIdentity"); - test(r->_getIdentity() == "test"); -// r->opVoid(); // ASN: fails + test(r == p); + test(c1->_ice_getIdentity() == "test"); + test(c2->_ice_getIdentity() == "noSuchIdentity"); + test(r->_ice_getIdentity() == "test"); + r->opVoid(); c1->opVoid(); try { c2->opVoid(); test(false); - }
- catch(const Ice::NoEndpointException&)
- {
- // ASN: Due to the same problem as listed for r, this proxy is not secure. It then, in Proxy.cpp line 547, we get
- // as NoEndpointException as the reference is not secure and all secure endpoints (the only ones that should be there)
- // have been culled.
- } + } catch(const Ice::ObjectNotExistException&) { } @@ -157,8 +151,8 @@ twoways(const Test::MyClassPrx& p) r = p->opMyClass(0, c1, c2); test(c1 == 0); test(c2 != 0); -// test(r == p); // ASN: fails -// r->opVoid(); // ASN: fails + test(r == p); + r->opVoid(); try { c1->opVoid(); diff --git a/cpp/test/IcePack/simple/AllTests.cpp b/cpp/test/IcePack/simple/AllTests.cpp index 04868931e57..ac7fb392f76 100644 --- a/cpp/test/IcePack/simple/AllTests.cpp +++ b/cpp/test/IcePack/simple/AllTests.cpp @@ -18,28 +18,28 @@ TestPrx allTests(const Ice::CommunicatorPtr& communicator) { cout << "testing stringToProxy... " << flush; - string ref;
-
- Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
- string secure;
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- if (protocol.compare("ssl") == 0)
- {
- secure = " -s ";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
-
- ref = "test" + secure + ":" + endpts;
-
+ string ref; + + Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + string secure; + + if (protocol.empty()) + { + protocol = "tcp"; + } + + if (protocol.compare("ssl") == 0) + { + secure = " -s "; + } + + string endpts = protocol + " -p 12345 -t 2000"; + + + ref = "test" + secure + ":" + endpts; + Ice::ObjectPrx base = communicator->stringToProxy(ref); test(base); cout << "ok" << endl; @@ -51,7 +51,7 @@ allTests(const Ice::CommunicatorPtr& communicator) cout << "ok" << endl; cout << "pinging server... " << flush; - obj->_ping(); + obj->_ice_ping(); cout << "ok" << endl; return obj; diff --git a/cpp/test/IcePack/simple/Collocated.cpp b/cpp/test/IcePack/simple/Collocated.cpp index 42909b86383..7010e000e9c 100644 --- a/cpp/test/IcePack/simple/Collocated.cpp +++ b/cpp/test/IcePack/simple/Collocated.cpp @@ -16,17 +16,17 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- string endpts = protocol + " -p 12345 -t 2000";
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + + string endpts = protocol + " -p 12345 -t 2000"; + Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); Ice::ObjectPtr object = new TestI(adapter); adapter->add(object, "test"); diff --git a/cpp/test/IcePack/simple/Server.cpp b/cpp/test/IcePack/simple/Server.cpp index 516ba100a56..5f0e2947d8a 100644 --- a/cpp/test/IcePack/simple/Server.cpp +++ b/cpp/test/IcePack/simple/Server.cpp @@ -16,17 +16,17 @@ using namespace std; int run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator) { - Ice::PropertiesPtr properties = communicator->getProperties();
-
- string protocol = properties->getProperty("Ice.Protocol");
-
- if (protocol.empty())
- {
- protocol = "tcp";
- }
-
- string endpts = protocol + " -p 12345 -t 5000";
-
+ Ice::PropertiesPtr properties = communicator->getProperties(); + + string protocol = properties->getProperty("Ice.Protocol"); + + if (protocol.empty()) + { + protocol = "tcp"; + } + + string endpts = protocol + " -p 12345 -t 5000"; + Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("TestAdapter", endpts); Ice::ObjectPtr object = new TestI(adapter); adapter->add(object, "test"); |