diff options
Diffstat (limited to 'cpp/src/IceSSL/TrustManager.cpp')
| -rw-r--r-- | cpp/src/IceSSL/TrustManager.cpp | 174 |
1 files changed, 87 insertions, 87 deletions
diff --git a/cpp/src/IceSSL/TrustManager.cpp b/cpp/src/IceSSL/TrustManager.cpp index f505cca8e37..5e620615fe9 100644 --- a/cpp/src/IceSSL/TrustManager.cpp +++ b/cpp/src/IceSSL/TrustManager.cpp @@ -31,25 +31,25 @@ TrustManager::TrustManager(const Ice::CommunicatorPtr& communicator) : string key; try { - key = "IceSSL.TrustOnly"; - _all = parse(properties->getProperty(key)); - key = "IceSSL.TrustOnly.Client"; - _client = parse(properties->getProperty(key)); - key = "IceSSL.TrustOnly.Server"; - _allServer = parse(properties->getProperty(key)); - Ice::PropertyDict dict = properties->getPropertiesForPrefix("IceSSL.TrustOnly.Server."); - for(Ice::PropertyDict::const_iterator p = dict.begin(); p != dict.end(); ++p) - { - string name = p->first.substr(string("IceSSL.TrustOnly.Server.").size()); - key = p->first; - _server[name] = parse(p->second); - } + key = "IceSSL.TrustOnly"; + _all = parse(properties->getProperty(key)); + key = "IceSSL.TrustOnly.Client"; + _client = parse(properties->getProperty(key)); + key = "IceSSL.TrustOnly.Server"; + _allServer = parse(properties->getProperty(key)); + Ice::PropertyDict dict = properties->getPropertiesForPrefix("IceSSL.TrustOnly.Server."); + for(Ice::PropertyDict::const_iterator p = dict.begin(); p != dict.end(); ++p) + { + string name = p->first.substr(string("IceSSL.TrustOnly.Server.").size()); + key = p->first; + _server[name] = parse(p->second); + } } catch(const ParseException& e) { - Ice::PluginInitializationException ex(__FILE__, __LINE__); - ex.reason = "IceSSL: invalid property " + key + ":\n" + e.reason; - throw ex; + Ice::PluginInitializationException ex(__FILE__, __LINE__); + ex.reason = "IceSSL: invalid property " + key + ":\n" + e.reason; + throw ex; } } @@ -59,30 +59,30 @@ TrustManager::verify(const ConnectionInfo& info) list<list<DistinguishedName> > trustset; if(_all.size() > 0) { - trustset.push_back(_all); + trustset.push_back(_all); } if(info.incoming) { - if(_allServer.size() > 0) - { - trustset.push_back(_allServer); - } - if(info.adapterName.size() > 0) - { - map<string, list<DistinguishedName> >::const_iterator p = _server.find(info.adapterName); - if(p != _server.end()) - { - trustset.push_back(p->second); - } - } + if(_allServer.size() > 0) + { + trustset.push_back(_allServer); + } + if(info.adapterName.size() > 0) + { + map<string, list<DistinguishedName> >::const_iterator p = _server.find(info.adapterName); + if(p != _server.end()) + { + trustset.push_back(p->second); + } + } } else { - if(_client.size() > 0) - { - trustset.push_back(_client); - } + if(_client.size() > 0) + { + trustset.push_back(_client); + } } // @@ -90,7 +90,7 @@ TrustManager::verify(const ConnectionInfo& info) // if(trustset.size() == 0) { - return true; + return true; } // @@ -98,50 +98,50 @@ TrustManager::verify(const ConnectionInfo& info) // if(info.certs.size() != 0) { - DistinguishedName subject = info.certs[0]->getSubjectDN(); - if(_traceLevel > 0) - { - Ice::Trace trace(_communicator->getLogger(), "Security"); - if(info.incoming) - { - trace << "trust manager evaluating client:\n" - << "subject = " << string(subject) << '\n' - << "adapter = " << info.adapterName << '\n' - << "local addr = " << IceInternal::addrToString(info.localAddr) << '\n' - << "remote addr = " << IceInternal::addrToString(info.remoteAddr); - } - else - { - trace << "trust manager evaluating server:\n" - << "subject = " << string(subject) << '\n' - << "local addr = " << IceInternal::addrToString(info.localAddr) << '\n' - << "remote addr = " << IceInternal::addrToString(info.remoteAddr); - } - } - - // - // Try matching against everything in the trust set. - // - for(list<list<DistinguishedName> >::const_iterator p = trustset.begin(); p != trustset.end(); ++p) - { - if(_traceLevel > 1) - { - Ice::Trace trace(_communicator->getLogger(), "Security"); - trace << "trust manager matching PDNs:\n"; - for(list<DistinguishedName>::const_iterator r = p->begin(); r != p->end(); ++r) - { - if(r != p->begin()) - { - trace << ';'; - } - trace << string(*r); - } - } - if(match(*p, subject)) - { - return true; - } - } + DistinguishedName subject = info.certs[0]->getSubjectDN(); + if(_traceLevel > 0) + { + Ice::Trace trace(_communicator->getLogger(), "Security"); + if(info.incoming) + { + trace << "trust manager evaluating client:\n" + << "subject = " << string(subject) << '\n' + << "adapter = " << info.adapterName << '\n' + << "local addr = " << IceInternal::addrToString(info.localAddr) << '\n' + << "remote addr = " << IceInternal::addrToString(info.remoteAddr); + } + else + { + trace << "trust manager evaluating server:\n" + << "subject = " << string(subject) << '\n' + << "local addr = " << IceInternal::addrToString(info.localAddr) << '\n' + << "remote addr = " << IceInternal::addrToString(info.remoteAddr); + } + } + + // + // Try matching against everything in the trust set. + // + for(list<list<DistinguishedName> >::const_iterator p = trustset.begin(); p != trustset.end(); ++p) + { + if(_traceLevel > 1) + { + Ice::Trace trace(_communicator->getLogger(), "Security"); + trace << "trust manager matching PDNs:\n"; + for(list<DistinguishedName>::const_iterator r = p->begin(); r != p->end(); ++r) + { + if(r != p->begin()) + { + trace << ';'; + } + trace << string(*r); + } + } + if(match(*p, subject)) + { + return true; + } + } } return false; @@ -152,10 +152,10 @@ TrustManager::match(const list< DistinguishedName>& matchSet, const Distinguishe { for(list<DistinguishedName>::const_iterator r = matchSet.begin(); r != matchSet.end(); ++r) { - if(subject.match(*r)) - { - return true; - } + if(subject.match(*r)) + { + return true; + } } return false; } @@ -166,11 +166,11 @@ TrustManager::parse(const string& value) const list<DistinguishedName> result; if(!value.empty()) { - RFC2253::RDNSeqSeq dns = RFC2253::parse(value); - for(RFC2253::RDNSeqSeq::const_iterator p = dns.begin(); p != dns.end(); ++p) - { - result.push_back(DistinguishedName(*p)); - } + RFC2253::RDNSeqSeq dns = RFC2253::parse(value); + for(RFC2253::RDNSeqSeq::const_iterator p = dns.begin(); p != dns.end(); ++p) + { + result.push_back(DistinguishedName(*p)); + } } return result; } |