diff options
Diffstat (limited to 'cpp/src')
| -rw-r--r-- | cpp/src/IceSSL/ClientContext.cpp | 8 | ||||
| -rw-r--r-- | cpp/src/IceSSL/ClientContext.h | 2 | ||||
| -rw-r--r-- | cpp/src/IceSSL/Context.cpp | 36 | ||||
| -rw-r--r-- | cpp/src/IceSSL/Context.h | 8 | ||||
| -rw-r--r-- | cpp/src/IceSSL/DefaultCertificateVerifier.cpp | 7 | ||||
| -rw-r--r-- | cpp/src/IceSSL/DefaultCertificateVerifier.h | 6 | ||||
| -rw-r--r-- | cpp/src/IceSSL/OpenSSLPluginI.cpp | 23 | ||||
| -rw-r--r-- | cpp/src/IceSSL/OpenSSLPluginI.h | 1 | ||||
| -rw-r--r-- | cpp/src/IceSSL/ServerContext.cpp | 10 | ||||
| -rw-r--r-- | cpp/src/IceSSL/ServerContext.h | 2 |
10 files changed, 48 insertions, 55 deletions
diff --git a/cpp/src/IceSSL/ClientContext.cpp b/cpp/src/IceSSL/ClientContext.cpp index 8ca2d41b36a..8708ca58508 100644 --- a/cpp/src/IceSSL/ClientContext.cpp +++ b/cpp/src/IceSSL/ClientContext.cpp @@ -12,6 +12,7 @@ // // ********************************************************************** +#include <Ice/Communicator.h> #include <Ice/LoggerUtil.h> #include <IceSSL/Exception.h> @@ -33,7 +34,7 @@ IceSSL::ClientContext::configure(const GeneralConfig& generalConfig, if(_traceLevels->security >= SECURITY_PROTOCOL) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "\n"; out << "general configuration (client)\n"; @@ -71,9 +72,8 @@ IceSSL::ClientContext::createTransceiver(int socket, const OpenSSLPluginIPtr& pl return transceiver; } -IceSSL::ClientContext::ClientContext(const TraceLevelsPtr& traceLevels, const LoggerPtr& logger, - const PropertiesPtr& properties) : - Context(traceLevels, logger, properties) +IceSSL::ClientContext::ClientContext(const TraceLevelsPtr& traceLevels, const CommunicatorPtr& communicator) : + Context(traceLevels, communicator) { _rsaPrivateKeyProperty = "IceSSL.Client.Overrides.RSA.PrivateKey"; _rsaPublicKeyProperty = "IceSSL.Client.Overrides.RSA.Certificate"; diff --git a/cpp/src/IceSSL/ClientContext.h b/cpp/src/IceSSL/ClientContext.h index f39de89f713..06f6e8adcc2 100644 --- a/cpp/src/IceSSL/ClientContext.h +++ b/cpp/src/IceSSL/ClientContext.h @@ -33,7 +33,7 @@ public: protected: - ClientContext(const TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); + ClientContext(const TraceLevelsPtr&, const Ice::CommunicatorPtr&); friend class OpenSSLPluginI; }; diff --git a/cpp/src/IceSSL/Context.cpp b/cpp/src/IceSSL/Context.cpp index 635ea1b3a3d..37d8b53f995 100644 --- a/cpp/src/IceSSL/Context.cpp +++ b/cpp/src/IceSSL/Context.cpp @@ -12,6 +12,7 @@ // // ********************************************************************** +#include <Ice/Communicator.h> #include <Ice/LoggerUtil.h> #include <Ice/Properties.h> @@ -124,8 +125,8 @@ IceSSL::Context::configure(const GeneralConfig& generalConfig, SSL_CTX_set_verify_depth(_sslContext, generalConfig.getVerifyDepth()); // Determine the number of retries the user gets on passphrase entry. - string passphraseRetries = _properties->getPropertyWithDefault(_passphraseRetriesProperty, - _maxPassphraseRetriesDefault); + string passphraseRetries = _communicator->getProperties()->getPropertyWithDefault(_passphraseRetriesProperty, + _maxPassphraseRetriesDefault); int retries = atoi(passphraseRetries.c_str()); retries = (retries < 0 ? 0 : retries); _maxPassphraseTries = retries + 1; @@ -147,12 +148,11 @@ IceSSL::Context::configure(const GeneralConfig& generalConfig, // Protected // -IceSSL::Context::Context(const TraceLevelsPtr& traceLevels, const LoggerPtr& logger, const PropertiesPtr& properties) : +IceSSL::Context::Context(const TraceLevelsPtr& traceLevels, const CommunicatorPtr& communicator) : _traceLevels(traceLevels), - _logger(logger), - _properties(properties) + _communicator(communicator) { - _certificateVerifier = new DefaultCertificateVerifier(traceLevels, logger); + _certificateVerifier = new DefaultCertificateVerifier(traceLevels, communicator); _sslContext = 0; _maxPassphraseRetriesDefault = "4"; @@ -187,7 +187,7 @@ IceSSL::Context::getSslMethod(SslProtocol sslVersion) { if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN ssl version " << sslVersion; out << " not supported (defaulting to SSL_V23)"; } @@ -256,7 +256,7 @@ IceSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth) { if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN unable to load certificate authorities."; } } @@ -267,13 +267,13 @@ IceSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth) if(!setDefaultVerifyPathsRet && (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN unable to verify certificate authorities."; } } // Now we add whatever override/addition that we wish to put into the trusted certificates list - string caCertBase64 = _properties->getProperty(_caCertificateProperty); + string caCertBase64 = _communicator->getProperties()->getProperty(_caCertificateProperty); if(!caCertBase64.empty()) { addTrustedCertificateBase64(caCertBase64); @@ -290,12 +290,12 @@ IceSSL::Context::setKeyCert(const CertificateDesc& certDesc, if(!privateProperty.empty()) { - privateKey = _properties->getProperty(privateProperty); + privateKey = _communicator->getProperties()->getProperty(privateProperty); } if(!publicProperty.empty()) { - publicKey = _properties->getProperty(publicProperty); + publicKey = _communicator->getProperties()->getProperty(publicProperty); } if(!privateKey.empty() && !publicKey.empty()) @@ -390,7 +390,7 @@ IceSSL::Context::addKeyCert(const CertificateFile& privateKey, const Certificate { if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN no private key specified -- using the certificate"; } @@ -557,7 +557,7 @@ IceSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& { if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN no private key specified -- using the certificate"; } @@ -577,7 +577,7 @@ IceSSL::Context::addKeyCert(const string& privateKey, const string& publicKey) { if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN no private key specified -- using the certificate"; } @@ -609,7 +609,7 @@ IceSSL::Context::transceiverSetup(const SslTransceiverPtr& transceiver, int time // This timeout is implemented once on the first read after hanshake. transceiver->setHandshakeReadTimeout(timeout < 5000 ? 5000 : timeout); - int retries = _properties->getPropertyAsIntWithDefault(_connectionHandshakeRetries, 10); + int retries = _communicator->getProperties()->getPropertyAsIntWithDefault(_connectionHandshakeRetries, 10); transceiver->setHandshakeRetries(retries); } @@ -621,7 +621,7 @@ IceSSL::Context::setCipherList(const string& cipherList) if(!cipherList.empty() && (!SSL_CTX_set_cipher_list(_sslContext, cipherList.c_str())) && (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN error setting cipher list " << cipherList << " -- using default list" << "\n"; out << sslGetErrors(); } @@ -645,7 +645,7 @@ IceSSL::Context::setDHParams(const BaseCertificates& baseCerts) { if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN Could not load Diffie-Hellman params, generating a temporary 512bit key."; } diff --git a/cpp/src/IceSSL/Context.h b/cpp/src/IceSSL/Context.h index 6ee2c4805a7..05a572bea3c 100644 --- a/cpp/src/IceSSL/Context.h +++ b/cpp/src/IceSSL/Context.h @@ -15,8 +15,7 @@ #ifndef ICESSL_CONTEXT_H #define ICESSL_CONTEXT_H -#include <Ice/LoggerF.h> -#include <Ice/PropertiesF.h> +#include <Ice/CommunicatorF.h> #include <Ice/BuiltinSequences.h> #include <IceSSL/OpenSSL.h> #include <IceSSL/TraceLevelsF.h> @@ -60,7 +59,7 @@ public: protected: - Context(const TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); + Context(const TraceLevelsPtr&, const Ice::CommunicatorPtr&); SSL_METHOD* getSslMethod(SslProtocol); void createContext(SslProtocol); @@ -90,8 +89,7 @@ protected: void setDHParams(const BaseCertificates&); TraceLevelsPtr _traceLevels; - Ice::LoggerPtr _logger; - Ice::PropertiesPtr _properties; + Ice::CommunicatorPtr _communicator; std::string _rsaPrivateKeyProperty; std::string _rsaPublicKeyProperty; diff --git a/cpp/src/IceSSL/DefaultCertificateVerifier.cpp b/cpp/src/IceSSL/DefaultCertificateVerifier.cpp index 739d1d3ace4..d0f46e8c224 100644 --- a/cpp/src/IceSSL/DefaultCertificateVerifier.cpp +++ b/cpp/src/IceSSL/DefaultCertificateVerifier.cpp @@ -12,6 +12,7 @@ // // ********************************************************************** +#include <Ice/Communicator.h> #include <Ice/LoggerUtil.h> #include <IceSSL/OpenSSL.h> #include <IceSSL/DefaultCertificateVerifier.h> @@ -23,9 +24,9 @@ using namespace std; IceSSL::DefaultCertificateVerifier::DefaultCertificateVerifier(const IceSSL::TraceLevelsPtr& traceLevels, - const Ice::LoggerPtr& logger) : + const Ice::CommunicatorPtr& communicator) : _traceLevels(traceLevels), - _logger(logger) + _communicator(communicator) { } @@ -64,7 +65,7 @@ IceSSL::DefaultCertificateVerifier::verify(int preVerifyOkay, X509_STORE_CTX* x5 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, int(sizeof(buf))); - Ice::Trace out(_logger, _traceLevels->securityCat); + Ice::Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "depth = " << dec << errorDepth << ":" << buf << "\n"; diff --git a/cpp/src/IceSSL/DefaultCertificateVerifier.h b/cpp/src/IceSSL/DefaultCertificateVerifier.h index 386ec98d4b5..93f173fda89 100644 --- a/cpp/src/IceSSL/DefaultCertificateVerifier.h +++ b/cpp/src/IceSSL/DefaultCertificateVerifier.h @@ -15,7 +15,7 @@ #ifndef ICE_SSL_DEFAULT_CERTIFICATE_VERIFIER_H #define ICE_SSL_DEFAULT_CERTIFICATE_VERIFIER_H -#include <Ice/LoggerF.h> +#include <Ice/CommunicatorF.h> #include <IceSSL/TraceLevelsF.h> #include <IceSSL/CertificateVerifierOpenSSL.h> @@ -26,14 +26,14 @@ class DefaultCertificateVerifier : public IceSSL::CertificateVerifierOpenSSL { public: - DefaultCertificateVerifier(const IceSSL::TraceLevelsPtr&, const Ice::LoggerPtr&); + DefaultCertificateVerifier(const IceSSL::TraceLevelsPtr&, const Ice::CommunicatorPtr&); virtual int verify(int, X509_STORE_CTX*, SSL*); private: IceSSL::TraceLevelsPtr _traceLevels; - Ice::LoggerPtr _logger; + Ice::CommunicatorPtr _communicator; }; } diff --git a/cpp/src/IceSSL/OpenSSLPluginI.cpp b/cpp/src/IceSSL/OpenSSLPluginI.cpp index b6de9514f20..3fac21cc55d 100644 --- a/cpp/src/IceSSL/OpenSSLPluginI.cpp +++ b/cpp/src/IceSSL/OpenSSLPluginI.cpp @@ -179,14 +179,9 @@ std::vector<unsigned long> IceSSL::OpenSSLPluginI::_threadIdCache; IceSSL::OpenSSLPluginI::OpenSSLPluginI(const ProtocolPluginFacadePtr& protocolPluginFacade) : _protocolPluginFacade(protocolPluginFacade), _traceLevels(new TraceLevels(_protocolPluginFacade)), - _logger(_protocolPluginFacade->getCommunicator()->getLogger()), _properties(_protocolPluginFacade->getCommunicator()->getProperties()), - _serverContext(new TraceLevels(protocolPluginFacade), - protocolPluginFacade->getCommunicator()->getLogger(), - protocolPluginFacade->getCommunicator()->getProperties()), - _clientContext(new TraceLevels(protocolPluginFacade), - protocolPluginFacade->getCommunicator()->getLogger(), - protocolPluginFacade->getCommunicator()->getProperties()), + _serverContext(new TraceLevels(protocolPluginFacade), protocolPluginFacade->getCommunicator()), + _clientContext(new TraceLevels(protocolPluginFacade), protocolPluginFacade->getCommunicator()), _randSeeded(0) { SSL_load_error_strings(); @@ -371,7 +366,7 @@ IceSSL::OpenSSLPluginI::loadConfig(ContextType contextType, throw configEx; } - ConfigParser sslConfig(configFile, certPath, _traceLevels, _logger); + ConfigParser sslConfig(configFile, certPath, _traceLevels, getLogger()); // Actually parse the file now. sslConfig.process(); @@ -409,7 +404,7 @@ IceSSL::OpenSSLPluginI::loadConfig(ContextType contextType, if(_traceLevels->security >= IceSSL::SECURITY_PROTOCOL) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(getLogger(), _traceLevels->securityCat); out << "temporary certificates (server)\n"; out << "-------------------------------\n"; @@ -500,7 +495,7 @@ IceSSL::OpenSSLPluginI::getRSAKey(int isExport, int keyLength) } else if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(getLogger(), _traceLevels->securityCat); out << "WRN Unable to obtain a " << dec << keyLength << "-bit RSA key.\n"; } } @@ -576,7 +571,7 @@ IceSSL::OpenSSLPluginI::getDHParams(int isExport, int keyLength) } else if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(getLogger(), _traceLevels->securityCat); out << "WRN Unable to obtain a " << dec << keyLength << "-bit Diffie-Hellman parameter group.\n"; } } @@ -681,7 +676,7 @@ IceSSL::OpenSSLPluginI::setRSAKeys(ContextType contextType, IceSSL::CertificateVerifierPtr IceSSL::OpenSSLPluginI::getDefaultCertVerifier() { - return new DefaultCertificateVerifier(getTraceLevels(), getLogger()); + return new DefaultCertificateVerifier(getTraceLevels(), _protocolPluginFacade->getCommunicator()); } IceSSL::CertificateVerifierPtr @@ -704,7 +699,7 @@ IceSSL::OpenSSLPluginI::getTraceLevels() const LoggerPtr IceSSL::OpenSSLPluginI::getLogger() const { - return _logger; + return _protocolPluginFacade->getCommunicator()->getLogger(); } StatsPtr @@ -822,7 +817,7 @@ IceSSL::OpenSSLPluginI::initRandSystem(const string& randBytesFiles) // In this case, there are two options open to us - specify a random data file using the // RANDFILE environment variable, or specify additional random data files in the // SSL configuration file. - Trace out(_logger, _traceLevels->securityCat); + Trace out(getLogger(), _traceLevels->securityCat); out << "WRN there is a lack of random data, consider specifying additional random data files"; } diff --git a/cpp/src/IceSSL/OpenSSLPluginI.h b/cpp/src/IceSSL/OpenSSLPluginI.h index d140d93c05e..d6c2dd12946 100644 --- a/cpp/src/IceSSL/OpenSSLPluginI.h +++ b/cpp/src/IceSSL/OpenSSLPluginI.h @@ -93,7 +93,6 @@ private: const IceInternal::ProtocolPluginFacadePtr _protocolPluginFacade; const TraceLevelsPtr _traceLevels; - const Ice::LoggerPtr _logger; const Ice::PropertiesPtr _properties; IceSSL::ServerContext _serverContext; diff --git a/cpp/src/IceSSL/ServerContext.cpp b/cpp/src/IceSSL/ServerContext.cpp index 6b927caffda..a7270c801cd 100644 --- a/cpp/src/IceSSL/ServerContext.cpp +++ b/cpp/src/IceSSL/ServerContext.cpp @@ -12,6 +12,7 @@ // // ********************************************************************** +#include <Ice/Communicator.h> #include <Ice/LoggerUtil.h> #include <IceSSL/Exception.h> @@ -56,7 +57,7 @@ IceSSL::ServerContext::configure(const GeneralConfig& generalConfig, if(_traceLevels->security >= SECURITY_PROTOCOL) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "\n"; out << "general configuration (server)\n"; @@ -96,9 +97,8 @@ IceSSL::ServerContext::createTransceiver(int socket, const OpenSSLPluginIPtr& pl // Protected // -IceSSL::ServerContext::ServerContext(const TraceLevelsPtr& traceLevels, const LoggerPtr& logger, - const PropertiesPtr& properties) : - Context(traceLevels, logger, properties) +IceSSL::ServerContext::ServerContext(const TraceLevelsPtr& traceLevels, const CommunicatorPtr& communicator) : + Context(traceLevels, communicator) { _rsaPrivateKeyProperty = "IceSSL.Server.Overrides.RSA.PrivateKey"; _rsaPublicKeyProperty = "IceSSL.Server.Overrides.RSA.Certificate"; @@ -129,7 +129,7 @@ IceSSL::ServerContext::loadCertificateAuthority(const CertificateAuthority& cert { if(_traceLevels->security >= SECURITY_WARNINGS) { - Trace out(_logger, _traceLevels->securityCat); + Trace out(_communicator->getLogger(), _traceLevels->securityCat); out << "WRN unable to load certificate authorities certificate names from " << caFile << "\n"; out << sslGetErrors(); } diff --git a/cpp/src/IceSSL/ServerContext.h b/cpp/src/IceSSL/ServerContext.h index da0d87fec0a..f7c7c22424d 100644 --- a/cpp/src/IceSSL/ServerContext.h +++ b/cpp/src/IceSSL/ServerContext.h @@ -33,7 +33,7 @@ public: protected: - ServerContext(const TraceLevelsPtr&, const Ice::LoggerPtr&, const Ice::PropertiesPtr&); + ServerContext(const TraceLevelsPtr&, const Ice::CommunicatorPtr&); virtual void loadCertificateAuthority(const CertificateAuthority& certAuth); |