summaryrefslogtreecommitdiff
path: root/cpp/src
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src')
-rw-r--r--cpp/src/Ice/CertificateAuthority.h4
-rw-r--r--cpp/src/Ice/CertificateDesc.h12
-rw-r--r--cpp/src/Ice/CertificateVerifierOpenSSL.cpp56
-rw-r--r--cpp/src/Ice/CommunicatorI.cpp28
-rw-r--r--cpp/src/Ice/ConfigParser.h10
-rw-r--r--cpp/src/Ice/ConfigParserErrorReporter.h24
-rw-r--r--cpp/src/Ice/ContextOpenSSL.cpp1222
-rw-r--r--cpp/src/Ice/ContextOpenSSL.h244
-rw-r--r--cpp/src/Ice/ContextOpenSSLClient.cpp172
-rw-r--r--cpp/src/Ice/ContextOpenSSLClient.h88
-rw-r--r--cpp/src/Ice/ContextOpenSSLF.h74
-rw-r--r--cpp/src/Ice/ContextOpenSSLServer.cpp284
-rw-r--r--cpp/src/Ice/ContextOpenSSLServer.h92
-rw-r--r--cpp/src/Ice/DHParams.cpp70
-rw-r--r--cpp/src/Ice/DHParams.h92
-rw-r--r--cpp/src/Ice/DHParamsF.h74
-rw-r--r--cpp/src/Ice/DefaultCertificateVerifier.cpp208
-rw-r--r--cpp/src/Ice/DefaultCertificateVerifier.h88
-rw-r--r--cpp/src/Ice/Endpoint.cpp12
-rw-r--r--cpp/src/Ice/GeneralConfig.cpp4
-rw-r--r--cpp/src/Ice/GeneralConfig.h2
-rw-r--r--cpp/src/Ice/OpenSSL.h76
-rw-r--r--cpp/src/Ice/OpenSSLJanitors.cpp284
-rw-r--r--cpp/src/Ice/OpenSSLJanitors.h204
-rw-r--r--cpp/src/Ice/OpenSSLUtils.cpp716
-rw-r--r--cpp/src/Ice/OpenSSLUtils.h98
-rw-r--r--cpp/src/Ice/RSACertificateGen.cpp708
-rw-r--r--cpp/src/Ice/RSAKeyPair.cpp174
-rw-r--r--cpp/src/Ice/RSAPrivateKey.cpp242
-rw-r--r--cpp/src/Ice/RSAPublicKey.cpp244
-rw-r--r--cpp/src/Ice/SingleCertificateVerifier.cpp12
-rw-r--r--cpp/src/Ice/SingleCertificateVerifier.h4
-rw-r--r--cpp/src/Ice/SslConnection.cpp18
-rw-r--r--cpp/src/Ice/SslConnection.h12
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSL.cpp296
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSL.h14
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSLClient.cpp52
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSLClient.h12
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSLF.h10
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSLServer.cpp8
-rw-r--r--cpp/src/Ice/SslConnectionOpenSSLServer.h12
-rw-r--r--cpp/src/Ice/SslException2.cpp182
-rw-r--r--cpp/src/Ice/SslExtensionInternal.cpp72
-rw-r--r--cpp/src/Ice/SslExtensionInternal.h78
-rw-r--r--cpp/src/Ice/SslFactory.cpp24
-rw-r--r--cpp/src/Ice/SslFactory.h4
-rw-r--r--cpp/src/Ice/SslIceUtils.cpp8
-rw-r--r--cpp/src/Ice/SslTransceiver.cpp2
-rw-r--r--cpp/src/Ice/SystemInternal.h8
-rw-r--r--cpp/src/Ice/SystemOpenSSL.h28
-rw-r--r--cpp/src/Ice/TempCerts.h4
-rw-r--r--cpp/src/IceBox/.depend1
52 files changed, 3233 insertions, 3234 deletions
diff --git a/cpp/src/Ice/CertificateAuthority.h b/cpp/src/Ice/CertificateAuthority.h
index df3680d6236..99b723ae182 100644
--- a/cpp/src/Ice/CertificateAuthority.h
+++ b/cpp/src/Ice/CertificateAuthority.h
@@ -19,7 +19,7 @@ namespace IceSSL
class CertificateAuthority
{
public:
-
+
CertificateAuthority();
CertificateAuthority(std::string&, std::string&);
CertificateAuthority(CertificateAuthority&);
@@ -31,7 +31,7 @@ public:
const std::string& getCAPath() const;
private:
-
+
std::string _fileName;
std::string _path;
};
diff --git a/cpp/src/Ice/CertificateDesc.h b/cpp/src/Ice/CertificateDesc.h
index b908ca981bd..abb406ee1ea 100644
--- a/cpp/src/Ice/CertificateDesc.h
+++ b/cpp/src/Ice/CertificateDesc.h
@@ -24,7 +24,7 @@ namespace IceSSL
class CertificateFile
{
public:
-
+
CertificateFile();
CertificateFile(const std::string&, const int);
CertificateFile(const CertificateFile&);
@@ -33,7 +33,7 @@ public:
int getEncoding() const;
protected:
-
+
std::string _fileName;
int _encoding;
};
@@ -41,7 +41,7 @@ protected:
class DiffieHellmanParamsFile : public CertificateFile
{
public:
-
+
DiffieHellmanParamsFile();
DiffieHellmanParamsFile(const int, const std::string&, const int);
DiffieHellmanParamsFile(const DiffieHellmanParamsFile&);
@@ -49,14 +49,14 @@ public:
int getKeySize() const;
protected:
-
+
int _keySize;
};
class CertificateDesc
{
public:
-
+
CertificateDesc();
CertificateDesc(const int, const CertificateFile&, const CertificateFile&);
CertificateDesc(const CertificateDesc&);
@@ -67,7 +67,7 @@ public:
const CertificateFile& getPrivate() const;
protected:
-
+
int _keySize;
CertificateFile _public;
CertificateFile _private;
diff --git a/cpp/src/Ice/CertificateVerifierOpenSSL.cpp b/cpp/src/Ice/CertificateVerifierOpenSSL.cpp
index e6c5f3a67c1..1ddd5554af1 100644
--- a/cpp/src/Ice/CertificateVerifierOpenSSL.cpp
+++ b/cpp/src/Ice/CertificateVerifierOpenSSL.cpp
@@ -1,28 +1,28 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/CertificateVerifierOpenSSL.h>
-
-IceSSL::OpenSSL::CertificateVerifier::~CertificateVerifier()
-{
-}
-
-void
-IceInternal::incRef(::IceSSL::OpenSSL::CertificateVerifier* p)
-{
- p->__incRef();
-}
-
-void
-IceInternal::decRef(::IceSSL::OpenSSL::CertificateVerifier* p)
-{
- p->__decRef();
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/CertificateVerifierOpenSSL.h>
+
+IceSSL::OpenSSL::CertificateVerifier::~CertificateVerifier()
+{
+}
+
+void
+IceInternal::incRef(::IceSSL::OpenSSL::CertificateVerifier* p)
+{
+ p->__incRef();
+}
+
+void
+IceInternal::decRef(::IceSSL::OpenSSL::CertificateVerifier* p)
+{
+ p->__decRef();
+}
+
diff --git a/cpp/src/Ice/CommunicatorI.cpp b/cpp/src/Ice/CommunicatorI.cpp
index f62aa6f4ec4..bc98c080681 100644
--- a/cpp/src/Ice/CommunicatorI.cpp
+++ b/cpp/src/Ice/CommunicatorI.cpp
@@ -18,8 +18,8 @@
#include <Ice/UserExceptionFactoryManager.h>
#include <Ice/ObjectAdapterFactory.h>
#include <Ice/LoggerUtil.h>
-#include <Ice/Exception.h>
-#include <Ice/SslExtensionInternal.h>
+#include <Ice/Exception.h>
+#include <Ice/SslExtensionInternal.h>
#include <Ice/SystemInternal.h>
using namespace std;
@@ -229,18 +229,18 @@ Ice::CommunicatorI::setDefaultRouter(const RouterPrx& router)
{
_instance->referenceFactory()->setDefaultRouter(router);
}
-
-::IceSSL::SslExtensionPtr
-Ice::CommunicatorI::getSslExtension()
-{
- return ::IceSSL::SslExtensionPtr(new ::IceSSL::SslExtensionInternal(_instance));
-}
-
-::IceSSL::SystemPtr
-Ice::CommunicatorI::getSslSystem()
-{
- return ::IceSSL::SystemPtr::dynamicCast(_instance->getSslSystem());
-}
+
+::IceSSL::SslExtensionPtr
+Ice::CommunicatorI::getSslExtension()
+{
+ return ::IceSSL::SslExtensionPtr(new ::IceSSL::SslExtensionInternal(_instance));
+}
+
+::IceSSL::SystemPtr
+Ice::CommunicatorI::getSslSystem()
+{
+ return ::IceSSL::SystemPtr::dynamicCast(_instance->getSslSystem());
+}
Ice::CommunicatorI::CommunicatorI(const PropertiesPtr& properties)
{
diff --git a/cpp/src/Ice/ConfigParser.h b/cpp/src/Ice/ConfigParser.h
index 8907a332517..10d2ffb5335 100644
--- a/cpp/src/Ice/ConfigParser.h
+++ b/cpp/src/Ice/ConfigParser.h
@@ -27,8 +27,8 @@ namespace IceSSL
class ConfigParser
{
public:
-
- // Construction based on the indicated config file, or config file and
+
+ // Construction based on the indicated config file, or config file and
// certificate path.
ConfigParser(const std::string&);
ConfigParser(const std::string&, const std::string&);
@@ -77,9 +77,9 @@ private:
// Populate a certificate file object, basis of all certificates.
void loadCertificateFile(DOM_Node, CertificateFile&);
-
- // Parses the certificate encoding format from a string representation
- // to the proper integer value used by the underlying SSL framework.
+
+ // Parses the certificate encoding format from a string representation
+ // to the proper integer value used by the underlying SSL framework.
int parseEncoding(std::string&);
std::string toString(const DOMString&);
diff --git a/cpp/src/Ice/ConfigParserErrorReporter.h b/cpp/src/Ice/ConfigParserErrorReporter.h
index 5cc5f9630d6..fb8127bfd5d 100644
--- a/cpp/src/Ice/ConfigParserErrorReporter.h
+++ b/cpp/src/Ice/ConfigParserErrorReporter.h
@@ -11,7 +11,7 @@
#ifndef ICE_SSL_CONFIG_ERROR_REPORTER_H
#define ICE_SSL_CONFIG_ERROR_REPORTER_H
-#include <iostream>
+#include <iostream>
#include <IceUtil/Shared.h>
#include <util/XercesDefs.hpp>
#include <dom/DOMString.hpp>
@@ -38,7 +38,7 @@ public:
bool getSawErrors() const;
-private:
+private:
// This is set if we get any errors, and is queryable via a getter method.
// It's used by the main code to suppress output if there are errors.
@@ -47,19 +47,19 @@ private:
IceInternal::TraceLevelsPtr _traceLevels;
Ice::LoggerPtr _logger;
};
-
-typedef IceInternal::Handle<ConfigParserErrorReporter> ConfigParserErrorReporterPtr;
+
+typedef IceInternal::Handle<ConfigParserErrorReporter> ConfigParserErrorReporterPtr;
std::ostream& operator << (std::ostream& target, const DOMString& s);
}
-namespace IceInternal
-{
-
-void incRef(::IceSSL::ConfigParserErrorReporter*);
-void decRef(::IceSSL::ConfigParserErrorReporter*);
-
-}
-
+namespace IceInternal
+{
+
+void incRef(::IceSSL::ConfigParserErrorReporter*);
+void decRef(::IceSSL::ConfigParserErrorReporter*);
+
+}
+
#endif
diff --git a/cpp/src/Ice/ContextOpenSSL.cpp b/cpp/src/Ice/ContextOpenSSL.cpp
index 3275f65d432..b301d1c4ff4 100644
--- a/cpp/src/Ice/ContextOpenSSL.cpp
+++ b/cpp/src/Ice/ContextOpenSSL.cpp
@@ -1,611 +1,611 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/Instance.h>
-#include <Ice/Properties.h>
-
-#include <Ice/DefaultCertificateVerifier.h>
-#include <Ice/SslException.h>
-#include <Ice/RSAKeyPair.h>
-#include <Ice/CertificateDesc.h>
-#include <Ice/SslConnectionOpenSSL.h>
-#include <Ice/ContextOpenSSL.h>
-
-#include <Ice/OpenSSLJanitors.h>
-#include <Ice/OpenSSLUtils.h>
-#include <openssl/err.h>
-
-using IceSSL::ConnectionPtr;
-
-void ::IceInternal::incRef(::IceSSL::OpenSSL::Context* p) { p->__incRef(); }
-void ::IceInternal::decRef(::IceSSL::OpenSSL::Context* p) { p->__decRef(); }
-
-IceSSL::OpenSSL::Context::~Context()
-{
- if (_sslContext != 0)
- {
- SSL_CTX_free(_sslContext);
-
- _sslContext = 0;
- }
-}
-
-bool
-IceSSL::OpenSSL::Context::isConfigured()
-{
- return (_sslContext != 0 ? true : false);
-}
-
-void
-IceSSL::OpenSSL::Context::setCertificateVerifier(const CertificateVerifierPtr& verifier)
-{
- _certificateVerifier = verifier;
-}
-
-void
-IceSSL::OpenSSL::Context::addTrustedCertificateBase64(const std::string& trustedCertString)
-{
- RSAPublicKey pubKey(trustedCertString);
-
- addTrustedCertificate(pubKey);
-}
-
-void
-IceSSL::OpenSSL::Context::addTrustedCertificate(const Ice::ByteSeq& trustedCert)
-{
- RSAPublicKey pubKey(trustedCert);
-
- addTrustedCertificate(pubKey);
-}
-
-void
-IceSSL::OpenSSL::Context::setRSAKeysBase64(const std::string& privateKey,
- const std::string& publicKey)
-{
- addKeyCert(privateKey, publicKey);
-}
-
-void
-IceSSL::OpenSSL::Context::setRSAKeys(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)
-{
- addKeyCert(privateKey, publicKey);
-}
-
-void
-IceSSL::OpenSSL::Context::configure(const GeneralConfig& generalConfig,
- const CertificateAuthority& certificateAuthority,
- const BaseCertificates& baseCertificates)
-{
- // Create an SSL Context based on the context params.
- createContext(generalConfig.getProtocol());
-
- // Get the cipherlist and set it in the context.
- setCipherList(generalConfig.getCipherList());
-
- // Set the certificate verification mode.
- SSL_CTX_set_verify(_sslContext, generalConfig.getVerifyMode(), verifyCallback);
-
- // Set the certificate verify depth
- SSL_CTX_set_verify_depth(_sslContext, generalConfig.getVerifyDepth());
-
- // Process the RSA Certificate
- setKeyCert(baseCertificates.getRSACert(), _rsaPrivateKeyProperty, _rsaPublicKeyProperty);
-
- // Process the DSA Certificate
- setKeyCert(baseCertificates.getDSACert(), _dsaPrivateKeyProperty, _dsaPublicKeyProperty);
-
- // Set the DH key agreement parameters.
- if (baseCertificates.getDHParams().getKeySize() != 0)
- {
- setDHParams(baseCertificates);
- }
-}
-
-//
-// Protected
-//
-
-IceSSL::OpenSSL::Context::Context(const IceInternal::InstancePtr& instance) :
- _traceLevels(instance->traceLevels()),
- _logger(instance->logger()),
- _properties(instance->properties())
-{
- assert(_traceLevels != 0);
- assert(_logger != 0);
- assert(_properties != 0);
-
- _certificateVerifier = new DefaultCertificateVerifier(instance);
- _sslContext = 0;
-}
-
-SSL_METHOD*
-IceSSL::OpenSSL::Context::getSslMethod(SslProtocol sslVersion)
-{
- SSL_METHOD* sslMethod = 0;
-
- switch (sslVersion)
- {
- case SSL_V2 :
- {
- sslMethod = SSLv2_method();
- break;
- }
-
- case SSL_V23 :
- {
- sslMethod = SSLv23_method();
- break;
- }
-
- case SSL_V3 :
- {
- sslMethod = SSLv3_method();
- break;
- }
-
- case TLS_V1 :
- {
- sslMethod = TLSv1_method();
- break;
- }
-
- default :
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- std::string errorString;
-
- errorString = "ssl version ";
- errorString += sslVersion;
- errorString += " not supported (defaulting to SSL_V23)";
- _logger->trace(_traceLevels->securityCat, "WRN " + errorString);
- }
-
- sslMethod = SSLv23_method();
- }
- }
-
- return sslMethod;
-}
-
-void
-IceSSL::OpenSSL::Context::createContext(SslProtocol sslProtocol)
-{
- if (_sslContext != 0)
- {
- SSL_CTX_free(_sslContext);
- _sslContext = 0;
- }
-
- _sslContext = SSL_CTX_new(getSslMethod(sslProtocol));
-
- if (_sslContext == 0)
- {
- IceSSL::OpenSSL::ContextInitializationException contextInitEx(__FILE__, __LINE__);
-
- contextInitEx._message = "unable to create ssl context\n" + sslGetErrors();
-
- throw contextInitEx;
- }
-
- // Turn off session caching, supposedly fixes a problem with multithreading.
- SSL_CTX_set_session_cache_mode(_sslContext, SSL_SESS_CACHE_OFF);
-}
-
-void
-IceSSL::OpenSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth)
-{
- assert(_sslContext != 0);
-
- std::string fileName = certAuth.getCAFileName();
- std::string certPath = certAuth.getCAPath();
-
- const char* caFile = 0;
- const char* caPath = 0;
-
- // The following checks are required to send the expected values to the OpenSSL library.
- // It does not like receiving "", but prefers NULLs.
-
- if (!fileName.empty())
- {
- caFile = fileName.c_str();
- }
-
- if (!certPath.length())
- {
- caPath = certPath.c_str();
- }
-
- // SSL_CTX_set_default_passwd_cb(sslContext, passwordCallback);
-
- // Check the Certificate Authority file(s).
- int loadVerifyRet = SSL_CTX_load_verify_locations(_sslContext, caFile, caPath);
-
- if (!loadVerifyRet)
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN unable to load certificate authorities.");
- }
- }
- else
- {
- int setDefaultVerifyPathsRet = SSL_CTX_set_default_verify_paths(_sslContext);
-
-
- if (!setDefaultVerifyPathsRet && (_traceLevels->security >= IceSSL::SECURITY_WARNINGS))
- {
- _logger->trace(_traceLevels->securityCat, "WRN unable to verify certificate authorities.");
- }
- }
-
- // Now we add whatever override/addition that we wish to put into the trusted certificates list
- std::string caCertBase64 = _properties->getProperty(_caCertificateProperty);
- if (!caCertBase64.empty())
- {
- addTrustedCertificateBase64(caCertBase64);
- }
-}
-
-void
-IceSSL::OpenSSL::Context::setKeyCert(const CertificateDesc& certDesc,
- const std::string& privateProperty,
- const std::string& publicProperty)
-{
- std::string privateKey;
- std::string publicKey;
-
- if (!privateProperty.empty())
- {
- privateKey = _properties->getProperty(privateProperty);
- }
-
- if (!publicProperty.empty())
- {
- publicKey = _properties->getProperty(publicProperty);
- }
-
- if (!privateKey.empty() && !publicKey.empty())
- {
- addKeyCert(privateKey, publicKey);
- }
- else if (certDesc.getKeySize() != 0)
- {
- const CertificateFile& privateKey = certDesc.getPrivate();
- const CertificateFile& publicKey = certDesc.getPublic();
-
- addKeyCert(privateKey, publicKey);
- }
-}
-
-void
-IceSSL::OpenSSL::Context::checkKeyCert()
-{
- assert(_sslContext != 0);
-
- // Check to see if the Private and Public keys that have been
- // set against the SSL context match up.
- if (!SSL_CTX_check_private_key(_sslContext))
- {
- IceSSL::OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
-
- certKeyMatchEx._message = "private key does not match the certificate public key";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- certKeyMatchEx._message += "\n";
- certKeyMatchEx._message += sslError;
- }
-
- throw certKeyMatchEx;
- }
-}
-
-void
-IceSSL::OpenSSL::Context::addTrustedCertificate(const RSAPublicKey& trustedCertificate)
-{
- if (_sslContext == 0)
- {
- IceSSL::OpenSSL::ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__);
-
- contextConfigEx._message = "ssl context not configured";
-
- throw contextConfigEx;
- }
-
- X509_STORE* certStore = SSL_CTX_get_cert_store(_sslContext);
-
- assert(certStore != 0);
-
- if (X509_STORE_add_cert(certStore, trustedCertificate.getX509PublicKey()) == 0)
- {
- IceSSL::OpenSSL::TrustedCertificateAddException trustEx(__FILE__, __LINE__);
-
- trustEx._message = sslGetErrors();
-
- throw trustEx;
- }
-}
-
-void
-IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const CertificateFile& publicCert)
-{
- assert(_sslContext != 0);
-
- if (!publicCert.getFileName().empty())
- {
- std::string publicCertFile = publicCert.getFileName();
- const char* publicFile = publicCertFile.c_str();
- int publicEncoding = publicCert.getEncoding();
-
- std::string privCertFile = privateKey.getFileName();
- const char* privKeyFile = privCertFile.c_str();
- int privKeyFileType = privateKey.getEncoding();
-
- // Set which Public Key file to use.
- if (SSL_CTX_use_certificate_file(_sslContext, publicFile, publicEncoding) <= 0)
- {
- IceSSL::OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
-
- certLoadEx._message = "unable to load certificate from '";
- certLoadEx._message += publicFile;
- certLoadEx._message += "'\n";
- certLoadEx._message += sslGetErrors();
-
- throw certLoadEx;
- }
-
- if (privateKey.getFileName().empty())
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN no private key specified -- using the certificate");
- }
-
- privKeyFile = publicFile;
- privKeyFileType = publicEncoding;
- }
-
- // Set which Private Key file to use.
- if (SSL_CTX_use_PrivateKey_file(_sslContext, privKeyFile, privKeyFileType) <= 0)
- {
- int errCode = ERR_GET_REASON(ERR_peek_error());
-
- // Note: Because OpenSSL currently (V0.9.6b) performs a check to see if the
- // key matches the private key when calling SSL_CTX_use_PrivateKey_file().
- if (errCode == X509_R_KEY_VALUES_MISMATCH || errCode == X509_R_KEY_TYPE_MISMATCH)
- {
- IceSSL::OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
-
- certKeyMatchEx._message = "private key does not match the certificate public key";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- certKeyMatchEx._message += "\n";
- certKeyMatchEx._message += sslError;
- }
-
- throw certKeyMatchEx;
- }
- else
- {
- IceSSL::OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
-
- pklEx._message = "unable to load private key from '";
- pklEx._message += privKeyFile;
- pklEx._message += "'\n";
- pklEx._message += sslGetErrors();
-
- throw pklEx;
- }
- }
-
- checkKeyCert();
- }
-}
-
-void
-IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair)
-{
- if (_sslContext == 0)
- {
- IceSSL::OpenSSL::ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__);
-
- contextConfigEx._message = "ssl context not configured";
-
- throw contextConfigEx;
- }
-
- // Note: Normally I would use an X509Janitor and RSAJanitor to ensure that
- // memory was being freed properly when exceptions are thrown, but
- // both SSL_CTX_use_certificate and SSL_CTX_use_RSAPrivateKey free
- // certificate/key memory regardless if the call succeeded.
-
- // Set which Public Key file to use.
- if (SSL_CTX_use_certificate(_sslContext, keyPair.getX509PublicKey()) <= 0)
- {
- IceSSL::OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
-
- certLoadEx._message = "unable to set certificate from memory";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- certLoadEx._message += "\n";
- certLoadEx._message += sslError;
- }
-
- throw certLoadEx;
- }
-
- // Set which Private Key file to use.
- if (SSL_CTX_use_RSAPrivateKey(_sslContext, keyPair.getRSAPrivateKey()) <= 0)
- {
- int errCode = ERR_GET_REASON(ERR_peek_error());
-
- // Note: Because OpenSSL currently (V0.9.6b) performs a check to see if the
- // key matches the private key when calling SSL_CTX_use_PrivateKey_file().
- if (errCode == X509_R_KEY_VALUES_MISMATCH || errCode == X509_R_KEY_TYPE_MISMATCH)
- {
- IceSSL::OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
-
- certKeyMatchEx._message = "private key does not match the certificate public key";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- certKeyMatchEx._message += "\n";
- certKeyMatchEx._message += sslError;
- }
-
- throw certKeyMatchEx;
- }
- else
- {
- IceSSL::OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
-
- pklEx._message = "unable to set private key from memory";
- std::string sslError = sslGetErrors();
-
- if (!sslError.empty())
- {
- pklEx._message += "\n";
- pklEx._message += sslError;
- }
-
- throw pklEx;
- }
- }
-
- checkKeyCert();
-}
-
-void
-IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)
-{
- Ice::ByteSeq privKey = privateKey;
-
- if (privKey.empty())
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN no private key specified -- using the certificate");
- }
-
- privKey = publicKey;
- }
-
- // Make a key pair based on the DER encoded byte sequences.
- addKeyCert(RSAKeyPair(privKey, publicKey));
-}
-
-void
-IceSSL::OpenSSL::Context::addKeyCert(const std::string& privateKey, const std::string& publicKey)
-{
- std::string privKey = privateKey;
-
- if (privKey.empty())
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat, "WRN no private key specified -- using the certificate");
- }
-
- privKey = publicKey;
- }
-
- // Make a key pair based on the Base64 encoded strings.
- addKeyCert(RSAKeyPair(privKey, publicKey));
-}
-
-SSL*
-IceSSL::OpenSSL::Context::createSSLConnection(int socket)
-{
- assert(_sslContext != 0);
-
- SSL* sslConnection = SSL_new(_sslContext);
- assert(sslConnection != 0);
-
- SSL_clear(sslConnection);
-
- SSL_set_fd(sslConnection, socket);
-
- return sslConnection;
-}
-
-void
-IceSSL::OpenSSL::Context::connectionSetup(const ConnectionPtr& connection)
-{
- // Set the Post-Handshake Read timeout
- // This timeout is implemented once on the first read after hanshake.
- int handshakeReadTimeout;
- std::string value = _properties->getProperty(_handshakeTimeoutProperty);
-
- if (!value.empty())
- {
- handshakeReadTimeout = atoi(value.c_str());
- }
- else
- {
- handshakeReadTimeout = 5000;
- }
-
- connection->setHandshakeReadTimeout(handshakeReadTimeout);
-}
-
-void
-IceSSL::OpenSSL::Context::setCipherList(const std::string& cipherList)
-{
- assert(_sslContext != 0);
-
- if (!cipherList.empty() && (!SSL_CTX_set_cipher_list(_sslContext, cipherList.c_str())) &&
- (_traceLevels->security >= IceSSL::SECURITY_WARNINGS))
- {
- std::string errorString = "WRN error setting cipher list " + cipherList + " -- using default list\n";
- errorString += sslGetErrors();
- _logger->trace(_traceLevels->securityCat, errorString);
- }
-}
-
-void
-IceSSL::OpenSSL::Context::setDHParams(const BaseCertificates& baseCerts)
-{
- DH* dh = 0;
-
- std::string dhFile = baseCerts.getDHParams().getFileName();
- int encoding = baseCerts.getDHParams().getEncoding();
-
- // File type must be PEM - that's the only way we can load DH Params, apparently.
- if ((!dhFile.empty()) && (encoding == SSL_FILETYPE_PEM))
- {
- dh = loadDHParam(dhFile.c_str());
- }
-
- if (dh == 0)
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- _logger->trace(_traceLevels->securityCat,
- "WRN Could not load Diffie-Hellman params, generating a temporary 512bit key.");
- }
-
- dh = getTempDH512();
- }
-
- if (dh != 0)
- {
- SSL_CTX_set_tmp_dh(_sslContext, dh);
-
- DH_free(dh);
- }
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/Instance.h>
+#include <Ice/Properties.h>
+
+#include <Ice/DefaultCertificateVerifier.h>
+#include <Ice/SslException.h>
+#include <Ice/RSAKeyPair.h>
+#include <Ice/CertificateDesc.h>
+#include <Ice/SslConnectionOpenSSL.h>
+#include <Ice/ContextOpenSSL.h>
+
+#include <Ice/OpenSSLJanitors.h>
+#include <Ice/OpenSSLUtils.h>
+#include <openssl/err.h>
+
+using IceSSL::ConnectionPtr;
+
+void ::IceInternal::incRef(::IceSSL::OpenSSL::Context* p) { p->__incRef(); }
+void ::IceInternal::decRef(::IceSSL::OpenSSL::Context* p) { p->__decRef(); }
+
+IceSSL::OpenSSL::Context::~Context()
+{
+ if (_sslContext != 0)
+ {
+ SSL_CTX_free(_sslContext);
+
+ _sslContext = 0;
+ }
+}
+
+bool
+IceSSL::OpenSSL::Context::isConfigured()
+{
+ return (_sslContext != 0 ? true : false);
+}
+
+void
+IceSSL::OpenSSL::Context::setCertificateVerifier(const CertificateVerifierPtr& verifier)
+{
+ _certificateVerifier = verifier;
+}
+
+void
+IceSSL::OpenSSL::Context::addTrustedCertificateBase64(const std::string& trustedCertString)
+{
+ RSAPublicKey pubKey(trustedCertString);
+
+ addTrustedCertificate(pubKey);
+}
+
+void
+IceSSL::OpenSSL::Context::addTrustedCertificate(const Ice::ByteSeq& trustedCert)
+{
+ RSAPublicKey pubKey(trustedCert);
+
+ addTrustedCertificate(pubKey);
+}
+
+void
+IceSSL::OpenSSL::Context::setRSAKeysBase64(const std::string& privateKey,
+ const std::string& publicKey)
+{
+ addKeyCert(privateKey, publicKey);
+}
+
+void
+IceSSL::OpenSSL::Context::setRSAKeys(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)
+{
+ addKeyCert(privateKey, publicKey);
+}
+
+void
+IceSSL::OpenSSL::Context::configure(const GeneralConfig& generalConfig,
+ const CertificateAuthority& certificateAuthority,
+ const BaseCertificates& baseCertificates)
+{
+ // Create an SSL Context based on the context params.
+ createContext(generalConfig.getProtocol());
+
+ // Get the cipherlist and set it in the context.
+ setCipherList(generalConfig.getCipherList());
+
+ // Set the certificate verification mode.
+ SSL_CTX_set_verify(_sslContext, generalConfig.getVerifyMode(), verifyCallback);
+
+ // Set the certificate verify depth
+ SSL_CTX_set_verify_depth(_sslContext, generalConfig.getVerifyDepth());
+
+ // Process the RSA Certificate
+ setKeyCert(baseCertificates.getRSACert(), _rsaPrivateKeyProperty, _rsaPublicKeyProperty);
+
+ // Process the DSA Certificate
+ setKeyCert(baseCertificates.getDSACert(), _dsaPrivateKeyProperty, _dsaPublicKeyProperty);
+
+ // Set the DH key agreement parameters.
+ if (baseCertificates.getDHParams().getKeySize() != 0)
+ {
+ setDHParams(baseCertificates);
+ }
+}
+
+//
+// Protected
+//
+
+IceSSL::OpenSSL::Context::Context(const IceInternal::InstancePtr& instance) :
+ _traceLevels(instance->traceLevels()),
+ _logger(instance->logger()),
+ _properties(instance->properties())
+{
+ assert(_traceLevels != 0);
+ assert(_logger != 0);
+ assert(_properties != 0);
+
+ _certificateVerifier = new DefaultCertificateVerifier(instance);
+ _sslContext = 0;
+}
+
+SSL_METHOD*
+IceSSL::OpenSSL::Context::getSslMethod(SslProtocol sslVersion)
+{
+ SSL_METHOD* sslMethod = 0;
+
+ switch (sslVersion)
+ {
+ case SSL_V2 :
+ {
+ sslMethod = SSLv2_method();
+ break;
+ }
+
+ case SSL_V23 :
+ {
+ sslMethod = SSLv23_method();
+ break;
+ }
+
+ case SSL_V3 :
+ {
+ sslMethod = SSLv3_method();
+ break;
+ }
+
+ case TLS_V1 :
+ {
+ sslMethod = TLSv1_method();
+ break;
+ }
+
+ default :
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ std::string errorString;
+
+ errorString = "ssl version ";
+ errorString += sslVersion;
+ errorString += " not supported (defaulting to SSL_V23)";
+ _logger->trace(_traceLevels->securityCat, "WRN " + errorString);
+ }
+
+ sslMethod = SSLv23_method();
+ }
+ }
+
+ return sslMethod;
+}
+
+void
+IceSSL::OpenSSL::Context::createContext(SslProtocol sslProtocol)
+{
+ if (_sslContext != 0)
+ {
+ SSL_CTX_free(_sslContext);
+ _sslContext = 0;
+ }
+
+ _sslContext = SSL_CTX_new(getSslMethod(sslProtocol));
+
+ if (_sslContext == 0)
+ {
+ IceSSL::OpenSSL::ContextInitializationException contextInitEx(__FILE__, __LINE__);
+
+ contextInitEx._message = "unable to create ssl context\n" + sslGetErrors();
+
+ throw contextInitEx;
+ }
+
+ // Turn off session caching, supposedly fixes a problem with multithreading.
+ SSL_CTX_set_session_cache_mode(_sslContext, SSL_SESS_CACHE_OFF);
+}
+
+void
+IceSSL::OpenSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth)
+{
+ assert(_sslContext != 0);
+
+ std::string fileName = certAuth.getCAFileName();
+ std::string certPath = certAuth.getCAPath();
+
+ const char* caFile = 0;
+ const char* caPath = 0;
+
+ // The following checks are required to send the expected values to the OpenSSL library.
+ // It does not like receiving "", but prefers NULLs.
+
+ if (!fileName.empty())
+ {
+ caFile = fileName.c_str();
+ }
+
+ if (!certPath.length())
+ {
+ caPath = certPath.c_str();
+ }
+
+ // SSL_CTX_set_default_passwd_cb(sslContext, passwordCallback);
+
+ // Check the Certificate Authority file(s).
+ int loadVerifyRet = SSL_CTX_load_verify_locations(_sslContext, caFile, caPath);
+
+ if (!loadVerifyRet)
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ _logger->trace(_traceLevels->securityCat, "WRN unable to load certificate authorities.");
+ }
+ }
+ else
+ {
+ int setDefaultVerifyPathsRet = SSL_CTX_set_default_verify_paths(_sslContext);
+
+
+ if (!setDefaultVerifyPathsRet && (_traceLevels->security >= IceSSL::SECURITY_WARNINGS))
+ {
+ _logger->trace(_traceLevels->securityCat, "WRN unable to verify certificate authorities.");
+ }
+ }
+
+ // Now we add whatever override/addition that we wish to put into the trusted certificates list
+ std::string caCertBase64 = _properties->getProperty(_caCertificateProperty);
+ if (!caCertBase64.empty())
+ {
+ addTrustedCertificateBase64(caCertBase64);
+ }
+}
+
+void
+IceSSL::OpenSSL::Context::setKeyCert(const CertificateDesc& certDesc,
+ const std::string& privateProperty,
+ const std::string& publicProperty)
+{
+ std::string privateKey;
+ std::string publicKey;
+
+ if (!privateProperty.empty())
+ {
+ privateKey = _properties->getProperty(privateProperty);
+ }
+
+ if (!publicProperty.empty())
+ {
+ publicKey = _properties->getProperty(publicProperty);
+ }
+
+ if (!privateKey.empty() && !publicKey.empty())
+ {
+ addKeyCert(privateKey, publicKey);
+ }
+ else if (certDesc.getKeySize() != 0)
+ {
+ const CertificateFile& privateKey = certDesc.getPrivate();
+ const CertificateFile& publicKey = certDesc.getPublic();
+
+ addKeyCert(privateKey, publicKey);
+ }
+}
+
+void
+IceSSL::OpenSSL::Context::checkKeyCert()
+{
+ assert(_sslContext != 0);
+
+ // Check to see if the Private and Public keys that have been
+ // set against the SSL context match up.
+ if (!SSL_CTX_check_private_key(_sslContext))
+ {
+ IceSSL::OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
+
+ certKeyMatchEx._message = "private key does not match the certificate public key";
+ std::string sslError = sslGetErrors();
+
+ if (!sslError.empty())
+ {
+ certKeyMatchEx._message += "\n";
+ certKeyMatchEx._message += sslError;
+ }
+
+ throw certKeyMatchEx;
+ }
+}
+
+void
+IceSSL::OpenSSL::Context::addTrustedCertificate(const RSAPublicKey& trustedCertificate)
+{
+ if (_sslContext == 0)
+ {
+ IceSSL::OpenSSL::ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__);
+
+ contextConfigEx._message = "ssl context not configured";
+
+ throw contextConfigEx;
+ }
+
+ X509_STORE* certStore = SSL_CTX_get_cert_store(_sslContext);
+
+ assert(certStore != 0);
+
+ if (X509_STORE_add_cert(certStore, trustedCertificate.getX509PublicKey()) == 0)
+ {
+ IceSSL::OpenSSL::TrustedCertificateAddException trustEx(__FILE__, __LINE__);
+
+ trustEx._message = sslGetErrors();
+
+ throw trustEx;
+ }
+}
+
+void
+IceSSL::OpenSSL::Context::addKeyCert(const CertificateFile& privateKey, const CertificateFile& publicCert)
+{
+ assert(_sslContext != 0);
+
+ if (!publicCert.getFileName().empty())
+ {
+ std::string publicCertFile = publicCert.getFileName();
+ const char* publicFile = publicCertFile.c_str();
+ int publicEncoding = publicCert.getEncoding();
+
+ std::string privCertFile = privateKey.getFileName();
+ const char* privKeyFile = privCertFile.c_str();
+ int privKeyFileType = privateKey.getEncoding();
+
+ // Set which Public Key file to use.
+ if (SSL_CTX_use_certificate_file(_sslContext, publicFile, publicEncoding) <= 0)
+ {
+ IceSSL::OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
+
+ certLoadEx._message = "unable to load certificate from '";
+ certLoadEx._message += publicFile;
+ certLoadEx._message += "'\n";
+ certLoadEx._message += sslGetErrors();
+
+ throw certLoadEx;
+ }
+
+ if (privateKey.getFileName().empty())
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ _logger->trace(_traceLevels->securityCat, "WRN no private key specified -- using the certificate");
+ }
+
+ privKeyFile = publicFile;
+ privKeyFileType = publicEncoding;
+ }
+
+ // Set which Private Key file to use.
+ if (SSL_CTX_use_PrivateKey_file(_sslContext, privKeyFile, privKeyFileType) <= 0)
+ {
+ int errCode = ERR_GET_REASON(ERR_peek_error());
+
+ // Note: Because OpenSSL currently (V0.9.6b) performs a check to see if the
+ // key matches the private key when calling SSL_CTX_use_PrivateKey_file().
+ if (errCode == X509_R_KEY_VALUES_MISMATCH || errCode == X509_R_KEY_TYPE_MISMATCH)
+ {
+ IceSSL::OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
+
+ certKeyMatchEx._message = "private key does not match the certificate public key";
+ std::string sslError = sslGetErrors();
+
+ if (!sslError.empty())
+ {
+ certKeyMatchEx._message += "\n";
+ certKeyMatchEx._message += sslError;
+ }
+
+ throw certKeyMatchEx;
+ }
+ else
+ {
+ IceSSL::OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
+
+ pklEx._message = "unable to load private key from '";
+ pklEx._message += privKeyFile;
+ pklEx._message += "'\n";
+ pklEx._message += sslGetErrors();
+
+ throw pklEx;
+ }
+ }
+
+ checkKeyCert();
+ }
+}
+
+void
+IceSSL::OpenSSL::Context::addKeyCert(const RSAKeyPair& keyPair)
+{
+ if (_sslContext == 0)
+ {
+ IceSSL::OpenSSL::ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__);
+
+ contextConfigEx._message = "ssl context not configured";
+
+ throw contextConfigEx;
+ }
+
+ // Note: Normally I would use an X509Janitor and RSAJanitor to ensure that
+ // memory was being freed properly when exceptions are thrown, but
+ // both SSL_CTX_use_certificate and SSL_CTX_use_RSAPrivateKey free
+ // certificate/key memory regardless if the call succeeded.
+
+ // Set which Public Key file to use.
+ if (SSL_CTX_use_certificate(_sslContext, keyPair.getX509PublicKey()) <= 0)
+ {
+ IceSSL::OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
+
+ certLoadEx._message = "unable to set certificate from memory";
+ std::string sslError = sslGetErrors();
+
+ if (!sslError.empty())
+ {
+ certLoadEx._message += "\n";
+ certLoadEx._message += sslError;
+ }
+
+ throw certLoadEx;
+ }
+
+ // Set which Private Key file to use.
+ if (SSL_CTX_use_RSAPrivateKey(_sslContext, keyPair.getRSAPrivateKey()) <= 0)
+ {
+ int errCode = ERR_GET_REASON(ERR_peek_error());
+
+ // Note: Because OpenSSL currently (V0.9.6b) performs a check to see if the
+ // key matches the private key when calling SSL_CTX_use_PrivateKey_file().
+ if (errCode == X509_R_KEY_VALUES_MISMATCH || errCode == X509_R_KEY_TYPE_MISMATCH)
+ {
+ IceSSL::OpenSSL::CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
+
+ certKeyMatchEx._message = "private key does not match the certificate public key";
+ std::string sslError = sslGetErrors();
+
+ if (!sslError.empty())
+ {
+ certKeyMatchEx._message += "\n";
+ certKeyMatchEx._message += sslError;
+ }
+
+ throw certKeyMatchEx;
+ }
+ else
+ {
+ IceSSL::OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
+
+ pklEx._message = "unable to set private key from memory";
+ std::string sslError = sslGetErrors();
+
+ if (!sslError.empty())
+ {
+ pklEx._message += "\n";
+ pklEx._message += sslError;
+ }
+
+ throw pklEx;
+ }
+ }
+
+ checkKeyCert();
+}
+
+void
+IceSSL::OpenSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)
+{
+ Ice::ByteSeq privKey = privateKey;
+
+ if (privKey.empty())
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ _logger->trace(_traceLevels->securityCat, "WRN no private key specified -- using the certificate");
+ }
+
+ privKey = publicKey;
+ }
+
+ // Make a key pair based on the DER encoded byte sequences.
+ addKeyCert(RSAKeyPair(privKey, publicKey));
+}
+
+void
+IceSSL::OpenSSL::Context::addKeyCert(const std::string& privateKey, const std::string& publicKey)
+{
+ std::string privKey = privateKey;
+
+ if (privKey.empty())
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ _logger->trace(_traceLevels->securityCat, "WRN no private key specified -- using the certificate");
+ }
+
+ privKey = publicKey;
+ }
+
+ // Make a key pair based on the Base64 encoded strings.
+ addKeyCert(RSAKeyPair(privKey, publicKey));
+}
+
+SSL*
+IceSSL::OpenSSL::Context::createSSLConnection(int socket)
+{
+ assert(_sslContext != 0);
+
+ SSL* sslConnection = SSL_new(_sslContext);
+ assert(sslConnection != 0);
+
+ SSL_clear(sslConnection);
+
+ SSL_set_fd(sslConnection, socket);
+
+ return sslConnection;
+}
+
+void
+IceSSL::OpenSSL::Context::connectionSetup(const ConnectionPtr& connection)
+{
+ // Set the Post-Handshake Read timeout
+ // This timeout is implemented once on the first read after hanshake.
+ int handshakeReadTimeout;
+ std::string value = _properties->getProperty(_handshakeTimeoutProperty);
+
+ if (!value.empty())
+ {
+ handshakeReadTimeout = atoi(value.c_str());
+ }
+ else
+ {
+ handshakeReadTimeout = 5000;
+ }
+
+ connection->setHandshakeReadTimeout(handshakeReadTimeout);
+}
+
+void
+IceSSL::OpenSSL::Context::setCipherList(const std::string& cipherList)
+{
+ assert(_sslContext != 0);
+
+ if (!cipherList.empty() && (!SSL_CTX_set_cipher_list(_sslContext, cipherList.c_str())) &&
+ (_traceLevels->security >= IceSSL::SECURITY_WARNINGS))
+ {
+ std::string errorString = "WRN error setting cipher list " + cipherList + " -- using default list\n";
+ errorString += sslGetErrors();
+ _logger->trace(_traceLevels->securityCat, errorString);
+ }
+}
+
+void
+IceSSL::OpenSSL::Context::setDHParams(const BaseCertificates& baseCerts)
+{
+ DH* dh = 0;
+
+ std::string dhFile = baseCerts.getDHParams().getFileName();
+ int encoding = baseCerts.getDHParams().getEncoding();
+
+ // File type must be PEM - that's the only way we can load DH Params, apparently.
+ if ((!dhFile.empty()) && (encoding == SSL_FILETYPE_PEM))
+ {
+ dh = loadDHParam(dhFile.c_str());
+ }
+
+ if (dh == 0)
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ _logger->trace(_traceLevels->securityCat,
+ "WRN Could not load Diffie-Hellman params, generating a temporary 512bit key.");
+ }
+
+ dh = getTempDH512();
+ }
+
+ if (dh != 0)
+ {
+ SSL_CTX_set_tmp_dh(_sslContext, dh);
+
+ DH_free(dh);
+ }
+}
+
diff --git a/cpp/src/Ice/ContextOpenSSL.h b/cpp/src/Ice/ContextOpenSSL.h
index de8f89f388b..c8225795ecc 100644
--- a/cpp/src/Ice/ContextOpenSSL.h
+++ b/cpp/src/Ice/ContextOpenSSL.h
@@ -1,122 +1,122 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONTEXT_OPENSSL_H
-#define ICE_SSL_CONTEXT_OPENSSL_H
-
-#include <IceUtil/Config.h>
-#include <IceUtil/Shared.h>
-#include <Ice/InstanceF.h>
-#include <Ice/TraceLevelsF.h>
-#include <Ice/LoggerF.h>
-#include <Ice/PropertiesF.h>
-#include <Ice/BuiltinSequences.h>
-
-#include <Ice/OpenSSL.h>
-
-#include <Ice/CertificateVerifierOpenSSL.h>
-
-#include <Ice/GeneralConfig.h>
-#include <Ice/CertificateAuthority.h>
-#include <Ice/BaseCerts.h>
-#include <Ice/TempCerts.h>
-
-#include <Ice/SslConnectionF.h>
-#include <Ice/SslConnectionOpenSSLF.h>
-#include <Ice/ContextOpenSSLF.h>
-#include <Ice/RSAPublicKey.h>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-class System;
-class RSAKeyPair;
-
-class Context : public IceUtil::Shared
-{
-public:
-
- virtual ~Context();
-
- bool isConfigured();
-
- virtual void setCertificateVerifier(const CertificateVerifierPtr&);
-
- virtual void addTrustedCertificateBase64(const std::string&);
-
- virtual void addTrustedCertificate(const Ice::ByteSeq&);
-
- virtual void setRSAKeysBase64(const std::string&, const std::string&);
-
- virtual void setRSAKeys(const Ice::ByteSeq&, const Ice::ByteSeq&);
-
- virtual void configure(const IceSSL::GeneralConfig&,
- const IceSSL::CertificateAuthority&,
- const IceSSL::BaseCertificates&);
-
- // Takes a socket fd as the first parameter.
- virtual ::IceSSL::ConnectionPtr createConnection(int, const IceSSL::SystemInternalPtr&) = 0;
-
-protected:
- Context(const IceInternal::InstancePtr&);
-
- SSL_METHOD* getSslMethod(SslProtocol);
- void createContext(SslProtocol);
-
- virtual void loadCertificateAuthority(const CertificateAuthority&);
-
- void setKeyCert(const IceSSL::CertificateDesc&, const std::string&, const std::string&);
-
- void checkKeyCert();
-
- void addTrustedCertificate(const IceSSL::OpenSSL::RSAPublicKey&);
-
- void addKeyCert(const IceSSL::CertificateFile&, const IceSSL::CertificateFile&);
-
- void addKeyCert(const RSAKeyPair&);
-
- void addKeyCert(const Ice::ByteSeq&, const Ice::ByteSeq&);
-
- void addKeyCert(const std::string&, const std::string&);
-
- SSL* createSSLConnection(int);
-
- void connectionSetup(const IceSSL::OpenSSL::ConnectionPtr& connection);
-
- void setCipherList(const std::string&);
-
- void setDHParams(const IceSSL::BaseCertificates&);
-
- IceInternal::TraceLevelsPtr _traceLevels;
- Ice::LoggerPtr _logger;
- Ice::PropertiesPtr _properties;
-
- std::string _rsaPrivateKeyProperty;
- std::string _rsaPublicKeyProperty;
- std::string _dsaPrivateKeyProperty;
- std::string _dsaPublicKeyProperty;
- std::string _caCertificateProperty;
- std::string _handshakeTimeoutProperty;
-
- IceSSL::CertificateVerifierPtr _certificateVerifier;
-
- SSL_CTX* _sslContext;
-
- friend class IceSSL::OpenSSL::System;
-};
-
-}
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_CONTEXT_OPENSSL_H
+#define ICE_SSL_CONTEXT_OPENSSL_H
+
+#include <IceUtil/Config.h>
+#include <IceUtil/Shared.h>
+#include <Ice/InstanceF.h>
+#include <Ice/TraceLevelsF.h>
+#include <Ice/LoggerF.h>
+#include <Ice/PropertiesF.h>
+#include <Ice/BuiltinSequences.h>
+
+#include <Ice/OpenSSL.h>
+
+#include <Ice/CertificateVerifierOpenSSL.h>
+
+#include <Ice/GeneralConfig.h>
+#include <Ice/CertificateAuthority.h>
+#include <Ice/BaseCerts.h>
+#include <Ice/TempCerts.h>
+
+#include <Ice/SslConnectionF.h>
+#include <Ice/SslConnectionOpenSSLF.h>
+#include <Ice/ContextOpenSSLF.h>
+#include <Ice/RSAPublicKey.h>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+class System;
+class RSAKeyPair;
+
+class Context : public IceUtil::Shared
+{
+public:
+
+ virtual ~Context();
+
+ bool isConfigured();
+
+ virtual void setCertificateVerifier(const CertificateVerifierPtr&);
+
+ virtual void addTrustedCertificateBase64(const std::string&);
+
+ virtual void addTrustedCertificate(const Ice::ByteSeq&);
+
+ virtual void setRSAKeysBase64(const std::string&, const std::string&);
+
+ virtual void setRSAKeys(const Ice::ByteSeq&, const Ice::ByteSeq&);
+
+ virtual void configure(const IceSSL::GeneralConfig&,
+ const IceSSL::CertificateAuthority&,
+ const IceSSL::BaseCertificates&);
+
+ // Takes a socket fd as the first parameter.
+ virtual ::IceSSL::ConnectionPtr createConnection(int, const IceSSL::SystemInternalPtr&) = 0;
+
+protected:
+ Context(const IceInternal::InstancePtr&);
+
+ SSL_METHOD* getSslMethod(SslProtocol);
+ void createContext(SslProtocol);
+
+ virtual void loadCertificateAuthority(const CertificateAuthority&);
+
+ void setKeyCert(const IceSSL::CertificateDesc&, const std::string&, const std::string&);
+
+ void checkKeyCert();
+
+ void addTrustedCertificate(const IceSSL::OpenSSL::RSAPublicKey&);
+
+ void addKeyCert(const IceSSL::CertificateFile&, const IceSSL::CertificateFile&);
+
+ void addKeyCert(const RSAKeyPair&);
+
+ void addKeyCert(const Ice::ByteSeq&, const Ice::ByteSeq&);
+
+ void addKeyCert(const std::string&, const std::string&);
+
+ SSL* createSSLConnection(int);
+
+ void connectionSetup(const IceSSL::OpenSSL::ConnectionPtr& connection);
+
+ void setCipherList(const std::string&);
+
+ void setDHParams(const IceSSL::BaseCertificates&);
+
+ IceInternal::TraceLevelsPtr _traceLevels;
+ Ice::LoggerPtr _logger;
+ Ice::PropertiesPtr _properties;
+
+ std::string _rsaPrivateKeyProperty;
+ std::string _rsaPublicKeyProperty;
+ std::string _dsaPrivateKeyProperty;
+ std::string _dsaPublicKeyProperty;
+ std::string _caCertificateProperty;
+ std::string _handshakeTimeoutProperty;
+
+ IceSSL::CertificateVerifierPtr _certificateVerifier;
+
+ SSL_CTX* _sslContext;
+
+ friend class IceSSL::OpenSSL::System;
+};
+
+}
+
+}
+
+#endif
diff --git a/cpp/src/Ice/ContextOpenSSLClient.cpp b/cpp/src/Ice/ContextOpenSSLClient.cpp
index 3689f00151b..ac0beb99b53 100644
--- a/cpp/src/Ice/ContextOpenSSLClient.cpp
+++ b/cpp/src/Ice/ContextOpenSSLClient.cpp
@@ -1,86 +1,86 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/SslException.h>
-#include <Ice/SslConnectionOpenSSL.h>
-#include <Ice/ContextOpenSSLClient.h>
-#include <Ice/SslConnectionOpenSSLClient.h>
-
-#include <Ice/TraceLevels.h>
-#include <Ice/Logger.h>
-
-#include <iostream>
-
-using IceSSL::ConnectionPtr;
-using IceSSL::SystemInternalPtr;
-
-void
-IceSSL::OpenSSL::ClientContext::configure(const GeneralConfig& generalConfig,
- const CertificateAuthority& certificateAuthority,
- const BaseCertificates& baseCertificates)
-{
- Context::configure(generalConfig, certificateAuthority, baseCertificates);
-
- loadCertificateAuthority(certificateAuthority);
-
- if (_traceLevels->security >= IceSSL::SECURITY_PROTOCOL)
- {
- std::ostringstream s;
-
- s << std::endl;
- s << "general configuration (client)" << std::endl;
- s << "------------------------------" << std::endl;
- s << generalConfig << std::endl << std::endl;
-
- s << "certificate authority (client)" << std::endl;
- s << "------------------------------" << std::endl;
- s << "file: " << certificateAuthority.getCAFileName() << std::endl;
- s << "path: " << certificateAuthority.getCAPath() << std::endl;
-
- s << "base certificates (client)" << std::endl;
- s << "--------------------------" << std::endl;
- s << baseCertificates << std::endl;
-
- _logger->trace(_traceLevels->securityCat, s.str());
- }
-}
-
-IceSSL::ConnectionPtr
-IceSSL::OpenSSL::ClientContext::createConnection(int socket, const SystemInternalPtr& system)
-{
- if (_sslContext == 0)
- {
- IceSSL::OpenSSL::ContextNotConfiguredException contextEx(__FILE__, __LINE__);
-
- throw contextEx;
- }
-
- ConnectionPtr connection = new ClientConnection(_traceLevels,
- _logger,
- _certificateVerifier,
- createSSLConnection(socket),
- system);
-
- connectionSetup(connection);
-
- return connection;
-}
-
-IceSSL::OpenSSL::ClientContext::ClientContext(const IceInternal::InstancePtr& instance) :
- Context(instance)
-{
- _rsaPrivateKeyProperty = "Ice.SSL.Client.Overrides.RSA.PrivateKey";
- _rsaPublicKeyProperty = "Ice.SSL.Client.Overrides.RSA.Certificate";
- _dsaPrivateKeyProperty = "Ice.SSL.Client.Overrides.DSA.PrivateKey";
- _dsaPublicKeyProperty = "Ice.SSL.Client.Overrides.DSA.Certificate";
- _caCertificateProperty = "Ice.SSL.Client.Overrides.CACertificate";
- _handshakeTimeoutProperty = "Ice.SSL.Client.Handshake.ReadTimeout";
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/SslException.h>
+#include <Ice/SslConnectionOpenSSL.h>
+#include <Ice/ContextOpenSSLClient.h>
+#include <Ice/SslConnectionOpenSSLClient.h>
+
+#include <Ice/TraceLevels.h>
+#include <Ice/Logger.h>
+
+#include <iostream>
+
+using IceSSL::ConnectionPtr;
+using IceSSL::SystemInternalPtr;
+
+void
+IceSSL::OpenSSL::ClientContext::configure(const GeneralConfig& generalConfig,
+ const CertificateAuthority& certificateAuthority,
+ const BaseCertificates& baseCertificates)
+{
+ Context::configure(generalConfig, certificateAuthority, baseCertificates);
+
+ loadCertificateAuthority(certificateAuthority);
+
+ if (_traceLevels->security >= IceSSL::SECURITY_PROTOCOL)
+ {
+ std::ostringstream s;
+
+ s << std::endl;
+ s << "general configuration (client)" << std::endl;
+ s << "------------------------------" << std::endl;
+ s << generalConfig << std::endl << std::endl;
+
+ s << "certificate authority (client)" << std::endl;
+ s << "------------------------------" << std::endl;
+ s << "file: " << certificateAuthority.getCAFileName() << std::endl;
+ s << "path: " << certificateAuthority.getCAPath() << std::endl;
+
+ s << "base certificates (client)" << std::endl;
+ s << "--------------------------" << std::endl;
+ s << baseCertificates << std::endl;
+
+ _logger->trace(_traceLevels->securityCat, s.str());
+ }
+}
+
+IceSSL::ConnectionPtr
+IceSSL::OpenSSL::ClientContext::createConnection(int socket, const SystemInternalPtr& system)
+{
+ if (_sslContext == 0)
+ {
+ IceSSL::OpenSSL::ContextNotConfiguredException contextEx(__FILE__, __LINE__);
+
+ throw contextEx;
+ }
+
+ ConnectionPtr connection = new ClientConnection(_traceLevels,
+ _logger,
+ _certificateVerifier,
+ createSSLConnection(socket),
+ system);
+
+ connectionSetup(connection);
+
+ return connection;
+}
+
+IceSSL::OpenSSL::ClientContext::ClientContext(const IceInternal::InstancePtr& instance) :
+ Context(instance)
+{
+ _rsaPrivateKeyProperty = "Ice.SSL.Client.Overrides.RSA.PrivateKey";
+ _rsaPublicKeyProperty = "Ice.SSL.Client.Overrides.RSA.Certificate";
+ _dsaPrivateKeyProperty = "Ice.SSL.Client.Overrides.DSA.PrivateKey";
+ _dsaPublicKeyProperty = "Ice.SSL.Client.Overrides.DSA.Certificate";
+ _caCertificateProperty = "Ice.SSL.Client.Overrides.CACertificate";
+ _handshakeTimeoutProperty = "Ice.SSL.Client.Handshake.ReadTimeout";
+}
+
diff --git a/cpp/src/Ice/ContextOpenSSLClient.h b/cpp/src/Ice/ContextOpenSSLClient.h
index 8bbf3ee364b..0a848eb5d78 100644
--- a/cpp/src/Ice/ContextOpenSSLClient.h
+++ b/cpp/src/Ice/ContextOpenSSLClient.h
@@ -1,44 +1,44 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONTEXT_OPENSSL_CLIENT_H
-#define ICE_SSL_CONTEXT_OPENSSL_CLIENT_H
-
-#include <Ice/ContextOpenSSL.h>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-class ClientContext : public Context
-{
-public:
-
- virtual void configure(const IceSSL::GeneralConfig&,
- const IceSSL::CertificateAuthority&,
- const IceSSL::BaseCertificates&);
-
- // Takes a socket fd as the first parameter.
- virtual IceSSL::ConnectionPtr createConnection(int, const IceSSL::SystemInternalPtr&);
-
-protected:
-
- ClientContext(const IceInternal::InstancePtr&);
-
- friend class IceSSL::OpenSSL::System;
-};
-
-}
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_CONTEXT_OPENSSL_CLIENT_H
+#define ICE_SSL_CONTEXT_OPENSSL_CLIENT_H
+
+#include <Ice/ContextOpenSSL.h>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+class ClientContext : public Context
+{
+public:
+
+ virtual void configure(const IceSSL::GeneralConfig&,
+ const IceSSL::CertificateAuthority&,
+ const IceSSL::BaseCertificates&);
+
+ // Takes a socket fd as the first parameter.
+ virtual IceSSL::ConnectionPtr createConnection(int, const IceSSL::SystemInternalPtr&);
+
+protected:
+
+ ClientContext(const IceInternal::InstancePtr&);
+
+ friend class IceSSL::OpenSSL::System;
+};
+
+}
+
+}
+
+#endif
diff --git a/cpp/src/Ice/ContextOpenSSLF.h b/cpp/src/Ice/ContextOpenSSLF.h
index 322c3d0b5aa..fd338e10a58 100644
--- a/cpp/src/Ice/ContextOpenSSLF.h
+++ b/cpp/src/Ice/ContextOpenSSLF.h
@@ -1,37 +1,37 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONTEXT_OPENSSL_F_H
-#define ICE_SSL_CONTEXT_OPENSSL_F_H
-
-#include <Ice/Handle.h>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-class Context;
-typedef IceInternal::Handle<Context> ContextPtr;
-
-}
-
-}
-
-namespace IceInternal
-{
-
-void incRef(::IceSSL::OpenSSL::Context*);
-void decRef(::IceSSL::OpenSSL::Context*);
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_CONTEXT_OPENSSL_F_H
+#define ICE_SSL_CONTEXT_OPENSSL_F_H
+
+#include <Ice/Handle.h>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+class Context;
+typedef IceInternal::Handle<Context> ContextPtr;
+
+}
+
+}
+
+namespace IceInternal
+{
+
+void incRef(::IceSSL::OpenSSL::Context*);
+void decRef(::IceSSL::OpenSSL::Context*);
+
+}
+
+#endif
diff --git a/cpp/src/Ice/ContextOpenSSLServer.cpp b/cpp/src/Ice/ContextOpenSSLServer.cpp
index 97775069a12..89ee2b7c78a 100644
--- a/cpp/src/Ice/ContextOpenSSLServer.cpp
+++ b/cpp/src/Ice/ContextOpenSSLServer.cpp
@@ -1,142 +1,142 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/SslException.h>
-#include <Ice/SslConnectionOpenSSL.h>
-#include <Ice/ContextOpenSSLServer.h>
-#include <Ice/SslConnectionOpenSSLServer.h>
-#include <Ice/OpenSSLUtils.h>
-
-#include <Ice/TraceLevels.h>
-#include <Ice/Logger.h>
-
-#include <iostream.h>
-
-using IceSSL::ConnectionPtr;
-using IceSSL::SystemInternalPtr;
-
-void
-IceSSL::OpenSSL::ServerContext::configure(const GeneralConfig& generalConfig,
- const CertificateAuthority& certificateAuthority,
- const BaseCertificates& baseCertificates)
-{
- Context::configure(generalConfig, certificateAuthority, baseCertificates);
-
- assert(_sslContext != 0);
-
- // On servers, Attempt to use non-export (strong) encryption
- // first. This option does not always work, and in the OpenSSL
- // documentation is declared as 'broken'.
- // SSL_CTX_set_options(_sslContext, SSL_OP_NON_EXPORT_FIRST);
-
- // Always use a new DH key when using Diffie-Hellman key agreement.
- SSL_CTX_set_options(_sslContext, SSL_OP_SINGLE_DH_USE);
-
- // Set the RSA Callback routine in case we need to build a temporary (ephemeral) RSA key.
- SSL_CTX_set_tmp_rsa_callback(_sslContext, tmpRSACallback);
-
- // Set the DH Callback routine in case we need a temporary (ephemeral) DH key.
- SSL_CTX_set_tmp_dh_callback(_sslContext, tmpDHCallback);
-
- loadCertificateAuthority(certificateAuthority);
-
- // Set the session context for the SSL system [SERVER ONLY].
- std::string connectionContext = generalConfig.getContext();
- SSL_CTX_set_session_id_context(_sslContext,
- reinterpret_cast<const unsigned char *>(connectionContext.c_str()),
- connectionContext.size());
-
- if (_traceLevels->security >= IceSSL::SECURITY_PROTOCOL)
- {
- std::ostringstream s;
-
- s << std::endl;
- s << "general configuration (server)" << std::endl;
- s << "------------------------------" << std::endl;
- s << generalConfig << std::endl << std::endl;
-
- s << "CA file: " << certificateAuthority.getCAFileName() << std::endl;
- s << "CA path: " << certificateAuthority.getCAPath() << std::endl;
-
- s << "base certificates (server)" << std::endl;
- s << "--------------------------" << std::endl;
- s << baseCertificates << std::endl << std::endl;
-
- _logger->trace(_traceLevels->securityCat, s.str());
- }
-}
-
-IceSSL::ConnectionPtr
-IceSSL::OpenSSL::ServerContext::createConnection(int socket, const SystemInternalPtr& system)
-{
- if (_sslContext == 0)
- {
- IceSSL::OpenSSL::ContextNotConfiguredException contextEx(__FILE__, __LINE__);
-
- throw contextEx;
- }
-
- ConnectionPtr connection = new ServerConnection(_traceLevels,
- _logger,
- _certificateVerifier,
- createSSLConnection(socket),
- system);
-
- connectionSetup(connection);
-
- return connection;
-}
-
-//
-// Protected
-//
-
-IceSSL::OpenSSL::ServerContext::ServerContext(const IceInternal::InstancePtr& instance) :
- Context(instance)
-{
- _rsaPrivateKeyProperty = "Ice.SSL.Server.Overrides.RSA.PrivateKey";
- _rsaPublicKeyProperty = "Ice.SSL.Server.Overrides.RSA.Certificate";
- _dsaPrivateKeyProperty = "Ice.SSL.Server.Overrides.DSA.PrivateKey";
- _dsaPublicKeyProperty = "Ice.SSL.Server.Overrides.DSA.Certificate";
- _caCertificateProperty = "Ice.SSL.Server.Overrides.CACertificate";
- _handshakeTimeoutProperty = "Ice.SSL.Server.Handshake.ReadTimeout";
-}
-
-void
-IceSSL::OpenSSL::ServerContext::loadCertificateAuthority(const CertificateAuthority& certAuth)
-{
- assert(_sslContext != 0);
-
- Context::loadCertificateAuthority(certAuth);
-
- std::string caFile = certAuth.getCAFileName();
-
- if (caFile.empty())
- {
- return;
- }
-
- STACK_OF(X509_NAME)* certNames = SSL_load_client_CA_file(caFile.c_str());
-
- if (certNames == 0)
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- std::string errorString = "unable to load certificate authorities certificate names from " + caFile + "\n";
- errorString += sslGetErrors();
- _logger->trace(_traceLevels->securityCat, "WRN " + errorString);
- }
- }
- else
- {
- SSL_CTX_set_client_CA_list(_sslContext, certNames);
- }
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/SslException.h>
+#include <Ice/SslConnectionOpenSSL.h>
+#include <Ice/ContextOpenSSLServer.h>
+#include <Ice/SslConnectionOpenSSLServer.h>
+#include <Ice/OpenSSLUtils.h>
+
+#include <Ice/TraceLevels.h>
+#include <Ice/Logger.h>
+
+#include <iostream.h>
+
+using IceSSL::ConnectionPtr;
+using IceSSL::SystemInternalPtr;
+
+void
+IceSSL::OpenSSL::ServerContext::configure(const GeneralConfig& generalConfig,
+ const CertificateAuthority& certificateAuthority,
+ const BaseCertificates& baseCertificates)
+{
+ Context::configure(generalConfig, certificateAuthority, baseCertificates);
+
+ assert(_sslContext != 0);
+
+ // On servers, Attempt to use non-export (strong) encryption
+ // first. This option does not always work, and in the OpenSSL
+ // documentation is declared as 'broken'.
+ // SSL_CTX_set_options(_sslContext, SSL_OP_NON_EXPORT_FIRST);
+
+ // Always use a new DH key when using Diffie-Hellman key agreement.
+ SSL_CTX_set_options(_sslContext, SSL_OP_SINGLE_DH_USE);
+
+ // Set the RSA Callback routine in case we need to build a temporary (ephemeral) RSA key.
+ SSL_CTX_set_tmp_rsa_callback(_sslContext, tmpRSACallback);
+
+ // Set the DH Callback routine in case we need a temporary (ephemeral) DH key.
+ SSL_CTX_set_tmp_dh_callback(_sslContext, tmpDHCallback);
+
+ loadCertificateAuthority(certificateAuthority);
+
+ // Set the session context for the SSL system [SERVER ONLY].
+ std::string connectionContext = generalConfig.getContext();
+ SSL_CTX_set_session_id_context(_sslContext,
+ reinterpret_cast<const unsigned char *>(connectionContext.c_str()),
+ connectionContext.size());
+
+ if (_traceLevels->security >= IceSSL::SECURITY_PROTOCOL)
+ {
+ std::ostringstream s;
+
+ s << std::endl;
+ s << "general configuration (server)" << std::endl;
+ s << "------------------------------" << std::endl;
+ s << generalConfig << std::endl << std::endl;
+
+ s << "CA file: " << certificateAuthority.getCAFileName() << std::endl;
+ s << "CA path: " << certificateAuthority.getCAPath() << std::endl;
+
+ s << "base certificates (server)" << std::endl;
+ s << "--------------------------" << std::endl;
+ s << baseCertificates << std::endl << std::endl;
+
+ _logger->trace(_traceLevels->securityCat, s.str());
+ }
+}
+
+IceSSL::ConnectionPtr
+IceSSL::OpenSSL::ServerContext::createConnection(int socket, const SystemInternalPtr& system)
+{
+ if (_sslContext == 0)
+ {
+ IceSSL::OpenSSL::ContextNotConfiguredException contextEx(__FILE__, __LINE__);
+
+ throw contextEx;
+ }
+
+ ConnectionPtr connection = new ServerConnection(_traceLevels,
+ _logger,
+ _certificateVerifier,
+ createSSLConnection(socket),
+ system);
+
+ connectionSetup(connection);
+
+ return connection;
+}
+
+//
+// Protected
+//
+
+IceSSL::OpenSSL::ServerContext::ServerContext(const IceInternal::InstancePtr& instance) :
+ Context(instance)
+{
+ _rsaPrivateKeyProperty = "Ice.SSL.Server.Overrides.RSA.PrivateKey";
+ _rsaPublicKeyProperty = "Ice.SSL.Server.Overrides.RSA.Certificate";
+ _dsaPrivateKeyProperty = "Ice.SSL.Server.Overrides.DSA.PrivateKey";
+ _dsaPublicKeyProperty = "Ice.SSL.Server.Overrides.DSA.Certificate";
+ _caCertificateProperty = "Ice.SSL.Server.Overrides.CACertificate";
+ _handshakeTimeoutProperty = "Ice.SSL.Server.Handshake.ReadTimeout";
+}
+
+void
+IceSSL::OpenSSL::ServerContext::loadCertificateAuthority(const CertificateAuthority& certAuth)
+{
+ assert(_sslContext != 0);
+
+ Context::loadCertificateAuthority(certAuth);
+
+ std::string caFile = certAuth.getCAFileName();
+
+ if (caFile.empty())
+ {
+ return;
+ }
+
+ STACK_OF(X509_NAME)* certNames = SSL_load_client_CA_file(caFile.c_str());
+
+ if (certNames == 0)
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ std::string errorString = "unable to load certificate authorities certificate names from " + caFile + "\n";
+ errorString += sslGetErrors();
+ _logger->trace(_traceLevels->securityCat, "WRN " + errorString);
+ }
+ }
+ else
+ {
+ SSL_CTX_set_client_CA_list(_sslContext, certNames);
+ }
+}
+
diff --git a/cpp/src/Ice/ContextOpenSSLServer.h b/cpp/src/Ice/ContextOpenSSLServer.h
index 4b6716e5daa..da5e094a367 100644
--- a/cpp/src/Ice/ContextOpenSSLServer.h
+++ b/cpp/src/Ice/ContextOpenSSLServer.h
@@ -1,46 +1,46 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONTEXT_OPENSSL_SERVER_H
-#define ICE_SSL_CONTEXT_OPENSSL_SERVER_H
-
-#include <Ice/ContextOpenSSL.h>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-class ServerContext : public Context
-{
-public:
-
- virtual void configure(const IceSSL::GeneralConfig&,
- const IceSSL::CertificateAuthority&,
- const IceSSL::BaseCertificates&);
-
- // Takes a socket fd as the first parameter.
- virtual IceSSL::ConnectionPtr createConnection(int, const IceSSL::SystemInternalPtr&);
-
-protected:
-
- ServerContext(const IceInternal::InstancePtr&);
-
- virtual void loadCertificateAuthority(const IceSSL::CertificateAuthority& certAuth);
-
- friend class IceSSL::OpenSSL::System;
-};
-
-}
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_CONTEXT_OPENSSL_SERVER_H
+#define ICE_SSL_CONTEXT_OPENSSL_SERVER_H
+
+#include <Ice/ContextOpenSSL.h>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+class ServerContext : public Context
+{
+public:
+
+ virtual void configure(const IceSSL::GeneralConfig&,
+ const IceSSL::CertificateAuthority&,
+ const IceSSL::BaseCertificates&);
+
+ // Takes a socket fd as the first parameter.
+ virtual IceSSL::ConnectionPtr createConnection(int, const IceSSL::SystemInternalPtr&);
+
+protected:
+
+ ServerContext(const IceInternal::InstancePtr&);
+
+ virtual void loadCertificateAuthority(const IceSSL::CertificateAuthority& certAuth);
+
+ friend class IceSSL::OpenSSL::System;
+};
+
+}
+
+}
+
+#endif
diff --git a/cpp/src/Ice/DHParams.cpp b/cpp/src/Ice/DHParams.cpp
index c67ade7e5e6..232923a213c 100644
--- a/cpp/src/Ice/DHParams.cpp
+++ b/cpp/src/Ice/DHParams.cpp
@@ -1,35 +1,35 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/DHParams.h>
-
-void ::IceInternal::incRef(::IceSSL::OpenSSL::DHParams* p) { p->__incRef(); }
-void ::IceInternal::decRef(::IceSSL::OpenSSL::DHParams* p) { p->__decRef(); }
-
-IceSSL::OpenSSL::DHParams::DHParams(DH* dhParams) :
- _dhParams(dhParams)
-{
- assert(_dhParams != 0);
-}
-
-IceSSL::OpenSSL::DHParams::~DHParams()
-{
- if (_dhParams != 0)
- {
- DH_free(_dhParams);
- }
-}
-
-DH*
-IceSSL::OpenSSL::DHParams::get() const
-{
- return _dhParams;
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/DHParams.h>
+
+void ::IceInternal::incRef(::IceSSL::OpenSSL::DHParams* p) { p->__incRef(); }
+void ::IceInternal::decRef(::IceSSL::OpenSSL::DHParams* p) { p->__decRef(); }
+
+IceSSL::OpenSSL::DHParams::DHParams(DH* dhParams) :
+ _dhParams(dhParams)
+{
+ assert(_dhParams != 0);
+}
+
+IceSSL::OpenSSL::DHParams::~DHParams()
+{
+ if (_dhParams != 0)
+ {
+ DH_free(_dhParams);
+ }
+}
+
+DH*
+IceSSL::OpenSSL::DHParams::get() const
+{
+ return _dhParams;
+}
+
diff --git a/cpp/src/Ice/DHParams.h b/cpp/src/Ice/DHParams.h
index f55d7670890..922a82da230 100644
--- a/cpp/src/Ice/DHParams.h
+++ b/cpp/src/Ice/DHParams.h
@@ -1,46 +1,46 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_DH_PARAMS_H
-#define ICE_DH_PARAMS_H
-
-#include <IceUtil/Config.h>
-#include <IceUtil/Shared.h>
-#include <openssl/ssl.h>
-#include <Ice/DHParamsF.h>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-class DHParams : public IceUtil::Shared
-{
-public:
-
- // Construction from DH Params structure (simple initialization).
- DHParams(DH*);
-
- ~DHParams();
-
- // Get the internal key structure as per the OpenSSL implementation.
- DH* get() const;
-
-private:
-
- DH* _dhParams;
-};
-
-}
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_DH_PARAMS_H
+#define ICE_DH_PARAMS_H
+
+#include <IceUtil/Config.h>
+#include <IceUtil/Shared.h>
+#include <openssl/ssl.h>
+#include <Ice/DHParamsF.h>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+class DHParams : public IceUtil::Shared
+{
+public:
+
+ // Construction from DH Params structure (simple initialization).
+ DHParams(DH*);
+
+ ~DHParams();
+
+ // Get the internal key structure as per the OpenSSL implementation.
+ DH* get() const;
+
+private:
+
+ DH* _dhParams;
+};
+
+}
+
+}
+
+#endif
diff --git a/cpp/src/Ice/DHParamsF.h b/cpp/src/Ice/DHParamsF.h
index b8b8274ec88..abe97b9f4e6 100644
--- a/cpp/src/Ice/DHParamsF.h
+++ b/cpp/src/Ice/DHParamsF.h
@@ -1,37 +1,37 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_DH_PARAMS_F_H
-#define ICE_DH_PARAMS_F_H
-
-#include <Ice/Handle.h>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-class DHParams;
-typedef IceInternal::Handle<DHParams> DHParamsPtr;
-
-}
-
-}
-
-namespace IceInternal
-{
-
-void incRef(::IceSSL::OpenSSL::DHParams*);
-void decRef(::IceSSL::OpenSSL::DHParams*);
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_DH_PARAMS_F_H
+#define ICE_DH_PARAMS_F_H
+
+#include <Ice/Handle.h>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+class DHParams;
+typedef IceInternal::Handle<DHParams> DHParamsPtr;
+
+}
+
+}
+
+namespace IceInternal
+{
+
+void incRef(::IceSSL::OpenSSL::DHParams*);
+void decRef(::IceSSL::OpenSSL::DHParams*);
+
+}
+
+#endif
diff --git a/cpp/src/Ice/DefaultCertificateVerifier.cpp b/cpp/src/Ice/DefaultCertificateVerifier.cpp
index 0bbf51c25cb..ef68e432374 100644
--- a/cpp/src/Ice/DefaultCertificateVerifier.cpp
+++ b/cpp/src/Ice/DefaultCertificateVerifier.cpp
@@ -1,104 +1,104 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/OpenSSL.h>
-#include <Ice/DefaultCertificateVerifier.h>
-#include <Ice/OpenSSLUtils.h>
-#include <ostream>
-
-using namespace std;
-
-IceSSL::OpenSSL::DefaultCertificateVerifier::DefaultCertificateVerifier(
- const IceInternal::InstancePtr& instance) :
- _traceLevels(instance->traceLevels()),
- _logger(instance->logger())
-{
-}
-
-int
-IceSSL::OpenSSL::DefaultCertificateVerifier::verify(int preVerifyOkay,
- X509_STORE_CTX* x509StoreContext,
- SSL* sslConnection)
-{
- //
- // Default verification steps.
- //
-
- int verifyError = X509_STORE_CTX_get_error(x509StoreContext);
- int errorDepth = X509_STORE_CTX_get_error_depth(x509StoreContext);
- int verifyDepth = SSL_get_verify_depth(sslConnection);
-
- // A verify error has been encountered.
- if (verifyError != X509_V_OK)
- {
- // We have a limited verify depth, and we have had to delve too deeply
- // into the certificate chain to find an acceptable root certificate.
- if ((verifyDepth != -1) && (verifyDepth < errorDepth))
- {
- verifyError = X509_V_ERR_CERT_CHAIN_TOO_LONG;
- X509_STORE_CTX_set_error(x509StoreContext, verifyError);
- }
-
- // If we have ANY errors, we bail out.
- preVerifyOkay = 0;
- }
-
- // Only if ICE_PROTOCOL level logging is on do we worry about this.
- if (_traceLevels->security >= IceSSL::SECURITY_PROTOCOL)
- {
- char buf[256];
-
- X509* err_cert = X509_STORE_CTX_get_current_cert(x509StoreContext);
-
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
-
- ostringstream outStringStream;
-
- outStringStream << "depth = " << dec << errorDepth << ":" << buf << std::endl;
-
- if (!preVerifyOkay)
- {
- outStringStream << "verify error: num = " << verifyError << " : "
- << X509_verify_cert_error_string(verifyError) << endl;
-
- }
-
- switch (verifyError)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- {
- X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
- outStringStream << "issuer = " << buf << endl;
- break;
- }
-
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- {
- outStringStream << "notBefore = " << getASN1time(X509_get_notBefore(err_cert)) << endl;
- break;
- }
-
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- {
- outStringStream << "notAfter = " << getASN1time(X509_get_notAfter(err_cert)) << endl;
- break;
- }
- }
-
- outStringStream << "verify return = " << preVerifyOkay << endl;
-
- _logger->trace(_traceLevels->securityCat, outStringStream.str());
- }
-
- return preVerifyOkay;
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/OpenSSL.h>
+#include <Ice/DefaultCertificateVerifier.h>
+#include <Ice/OpenSSLUtils.h>
+#include <ostream>
+
+using namespace std;
+
+IceSSL::OpenSSL::DefaultCertificateVerifier::DefaultCertificateVerifier(
+ const IceInternal::InstancePtr& instance) :
+ _traceLevels(instance->traceLevels()),
+ _logger(instance->logger())
+{
+}
+
+int
+IceSSL::OpenSSL::DefaultCertificateVerifier::verify(int preVerifyOkay,
+ X509_STORE_CTX* x509StoreContext,
+ SSL* sslConnection)
+{
+ //
+ // Default verification steps.
+ //
+
+ int verifyError = X509_STORE_CTX_get_error(x509StoreContext);
+ int errorDepth = X509_STORE_CTX_get_error_depth(x509StoreContext);
+ int verifyDepth = SSL_get_verify_depth(sslConnection);
+
+ // A verify error has been encountered.
+ if (verifyError != X509_V_OK)
+ {
+ // We have a limited verify depth, and we have had to delve too deeply
+ // into the certificate chain to find an acceptable root certificate.
+ if ((verifyDepth != -1) && (verifyDepth < errorDepth))
+ {
+ verifyError = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+ X509_STORE_CTX_set_error(x509StoreContext, verifyError);
+ }
+
+ // If we have ANY errors, we bail out.
+ preVerifyOkay = 0;
+ }
+
+ // Only if ICE_PROTOCOL level logging is on do we worry about this.
+ if (_traceLevels->security >= IceSSL::SECURITY_PROTOCOL)
+ {
+ char buf[256];
+
+ X509* err_cert = X509_STORE_CTX_get_current_cert(x509StoreContext);
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
+
+ ostringstream outStringStream;
+
+ outStringStream << "depth = " << dec << errorDepth << ":" << buf << std::endl;
+
+ if (!preVerifyOkay)
+ {
+ outStringStream << "verify error: num = " << verifyError << " : "
+ << X509_verify_cert_error_string(verifyError) << endl;
+
+ }
+
+ switch (verifyError)
+ {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ {
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
+ outStringStream << "issuer = " << buf << endl;
+ break;
+ }
+
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ {
+ outStringStream << "notBefore = " << getASN1time(X509_get_notBefore(err_cert)) << endl;
+ break;
+ }
+
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ {
+ outStringStream << "notAfter = " << getASN1time(X509_get_notAfter(err_cert)) << endl;
+ break;
+ }
+ }
+
+ outStringStream << "verify return = " << preVerifyOkay << endl;
+
+ _logger->trace(_traceLevels->securityCat, outStringStream.str());
+ }
+
+ return preVerifyOkay;
+}
+
diff --git a/cpp/src/Ice/DefaultCertificateVerifier.h b/cpp/src/Ice/DefaultCertificateVerifier.h
index fae743f833e..7731f17d2f5 100644
--- a/cpp/src/Ice/DefaultCertificateVerifier.h
+++ b/cpp/src/Ice/DefaultCertificateVerifier.h
@@ -1,44 +1,44 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_DEFAULT_CERTIFICATE_VERIFIER_H
-#define ICE_SSL_DEFAULT_CERTIFICATE_VERIFIER_H
-
-#include <IceUtil/Config.h>
-#include <Ice/Logger.h>
-#include <Ice/TraceLevels.h>
-#include <Ice/Instance.h>
-#include <Ice/CertificateVerifierOpenSSL.h>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-class DefaultCertificateVerifier : public IceSSL::OpenSSL::CertificateVerifier
-{
-public:
-
- DefaultCertificateVerifier(const IceInternal::InstancePtr&);
-
- virtual int verify(int, X509_STORE_CTX*, SSL*);
-
-private:
-
- IceInternal::TraceLevelsPtr _traceLevels;
- Ice::LoggerPtr _logger;
-};
-
-}
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_DEFAULT_CERTIFICATE_VERIFIER_H
+#define ICE_SSL_DEFAULT_CERTIFICATE_VERIFIER_H
+
+#include <IceUtil/Config.h>
+#include <Ice/Logger.h>
+#include <Ice/TraceLevels.h>
+#include <Ice/Instance.h>
+#include <Ice/CertificateVerifierOpenSSL.h>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+class DefaultCertificateVerifier : public IceSSL::OpenSSL::CertificateVerifier
+{
+public:
+
+ DefaultCertificateVerifier(const IceInternal::InstancePtr&);
+
+ virtual int verify(int, X509_STORE_CTX*, SSL*);
+
+private:
+
+ IceInternal::TraceLevelsPtr _traceLevels;
+ Ice::LoggerPtr _logger;
+};
+
+}
+
+}
+
+#endif
diff --git a/cpp/src/Ice/Endpoint.cpp b/cpp/src/Ice/Endpoint.cpp
index f95044baa34..b88afdc2bcf 100644
--- a/cpp/src/Ice/Endpoint.cpp
+++ b/cpp/src/Ice/Endpoint.cpp
@@ -66,7 +66,7 @@ IceInternal::Endpoint::endpointFromString(const InstancePtr& instance, const str
{
return new UdpEndpoint(instance, str.substr(end));
}
-
+
throw EndpointParseException(__FILE__, __LINE__);
}
@@ -95,7 +95,7 @@ IceInternal::Endpoint::streamRead(BasicStream* s, EndpointPtr& v)
v = new UdpEndpoint(s);
break;
}
-
+
default:
{
v = new UnknownEndpoint(type, s);
@@ -552,7 +552,7 @@ IceInternal::TcpEndpoint::operator<(const Endpoint& r) const
{
return false; // tcp is not "less than" udp
}
-
+
if (dynamic_cast<const UnknownEndpoint*>(&r))
{
return false; // tcp is not "less than" unknown
@@ -887,7 +887,7 @@ IceInternal::SslEndpoint::operator<(const Endpoint& r) const
{
return false; // ssl is not "less than" udp
}
-
+
if (dynamic_cast<const UnknownEndpoint*>(&r))
{
return false; // ssl is not "less than" unknown
@@ -1217,7 +1217,7 @@ IceInternal::UdpEndpoint::operator<(const Endpoint& r) const
{
return true; // udp is "less than" tcp
}
-
+
if (dynamic_cast<const UnknownEndpoint*>(&r))
{
return false; // udp is not "less than" unknown
@@ -1270,4 +1270,4 @@ IceInternal::UdpEndpoint::operator<(const Endpoint& r) const
return false;
}
-
+
diff --git a/cpp/src/Ice/GeneralConfig.cpp b/cpp/src/Ice/GeneralConfig.cpp
index 24de463101e..9eabc98d548 100644
--- a/cpp/src/Ice/GeneralConfig.cpp
+++ b/cpp/src/Ice/GeneralConfig.cpp
@@ -29,8 +29,8 @@ IceSSL::GeneralConfig::GeneralConfig()
_sslVersion = SSL_V23;
_verifyMode = SSL_VERIFY_NONE;
-
- // Unlimited verifcation depth.
+
+ // Unlimited verifcation depth.
_verifyDepth = -1;
_context = "";
diff --git a/cpp/src/Ice/GeneralConfig.h b/cpp/src/Ice/GeneralConfig.h
index 228504dbebf..db9938fb70c 100644
--- a/cpp/src/Ice/GeneralConfig.h
+++ b/cpp/src/Ice/GeneralConfig.h
@@ -19,7 +19,7 @@ namespace IceSSL
class GeneralConfig
{
-public:
+public:
GeneralConfig();
diff --git a/cpp/src/Ice/OpenSSL.h b/cpp/src/Ice/OpenSSL.h
index 6fbf6aebb57..ddb4219e321 100644
--- a/cpp/src/Ice/OpenSSL.h
+++ b/cpp/src/Ice/OpenSSL.h
@@ -1,38 +1,38 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-#ifndef ICE_OPENSSL_H
-#define ICE_OPENSSL_H
-
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-typedef enum
-{
- NO_SECURITY_TRACE = 0,
- SECURITY_WARNINGS,
- SECURITY_PARSE_WARNINGS,
- SECURITY_PROTOCOL,
- SECURITY_PROTOCOL_DEBUG
-} SecurityTraceLevel;
-
-enum SslProtocol
-{
- SSL_V2 = 1, // Only speak SSLv2
- SSL_V23, // Speak SSLv2 and SSLv3
- SSL_V3, // Only speak SSLv3
- TLS_V1 // Only speak TLSv1
-};
-
-}
-
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+#ifndef ICE_OPENSSL_H
+#define ICE_OPENSSL_H
+
+#include <openssl/ssl.h>
+
+namespace IceSSL
+{
+
+typedef enum
+{
+ NO_SECURITY_TRACE = 0,
+ SECURITY_WARNINGS,
+ SECURITY_PARSE_WARNINGS,
+ SECURITY_PROTOCOL,
+ SECURITY_PROTOCOL_DEBUG
+} SecurityTraceLevel;
+
+enum SslProtocol
+{
+ SSL_V2 = 1, // Only speak SSLv2
+ SSL_V23, // Speak SSLv2 and SSLv3
+ SSL_V3, // Only speak SSLv3
+ TLS_V1 // Only speak TLSv1
+};
+
+}
+
+
+#endif
diff --git a/cpp/src/Ice/OpenSSLJanitors.cpp b/cpp/src/Ice/OpenSSLJanitors.cpp
index 197b5c6dedd..f28564789b2 100644
--- a/cpp/src/Ice/OpenSSLJanitors.cpp
+++ b/cpp/src/Ice/OpenSSLJanitors.cpp
@@ -1,142 +1,142 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/OpenSSLJanitors.h>
-
-IceSSL::OpenSSL::RSAJanitor::RSAJanitor(RSA* rsa) :
- _rsa(rsa)
-{
- assert(_rsa != 0);
-}
-
-IceSSL::OpenSSL::RSAJanitor::~RSAJanitor()
-{
- if (_rsa)
- {
- RSA_free(_rsa);
- }
-}
-
-void
-IceSSL::OpenSSL::RSAJanitor::clear()
-{
- _rsa = 0;
-}
-
-RSA*
-IceSSL::OpenSSL::RSAJanitor::get() const
-{
- return _rsa;
-}
-
-IceSSL::OpenSSL::EVP_PKEYJanitor::EVP_PKEYJanitor(EVP_PKEY* evp_pkey) :
- _evp_pkey(evp_pkey)
-{
- assert(_evp_pkey != 0);
-}
-
-IceSSL::OpenSSL::EVP_PKEYJanitor::~EVP_PKEYJanitor()
-{
- if (_evp_pkey)
- {
- EVP_PKEY_free(_evp_pkey);
- }
-}
-
-void
-IceSSL::OpenSSL::EVP_PKEYJanitor::clear()
-{
- _evp_pkey = 0;
-}
-
-EVP_PKEY*
-IceSSL::OpenSSL::EVP_PKEYJanitor::get() const
-{
- return _evp_pkey;
-}
-
-IceSSL::OpenSSL::X509_REQJanitor::X509_REQJanitor(X509_REQ* x509_req) :
- _x509_req(x509_req)
-{
- assert(_x509_req != 0);
-}
-
-IceSSL::OpenSSL::X509_REQJanitor::~X509_REQJanitor()
-{
- if (_x509_req)
- {
- X509_REQ_free(_x509_req);
- }
-}
-
-void
-IceSSL::OpenSSL::X509_REQJanitor::clear()
-{
- _x509_req = 0;
-}
-
-X509_REQ*
-IceSSL::OpenSSL::X509_REQJanitor::get() const
-{
- return _x509_req;
-}
-
-IceSSL::OpenSSL::X509Janitor::X509Janitor(X509* x509) :
- _x509(x509)
-{
- assert(_x509 != 0);
-}
-
-IceSSL::OpenSSL::X509Janitor::~X509Janitor()
-{
- if (_x509)
- {
- X509_free(_x509);
- }
-}
-
-void
-IceSSL::OpenSSL::X509Janitor::clear()
-{
- _x509 = 0;
-}
-
-X509*
-IceSSL::OpenSSL::X509Janitor::get() const
-{
- return _x509;
-}
-
-IceSSL::OpenSSL::BIOJanitor::BIOJanitor(BIO* bio) :
- _bio(bio)
-{
- assert(_bio != 0);
-}
-
-IceSSL::OpenSSL::BIOJanitor::~BIOJanitor()
-{
- if (_bio)
- {
- BIO_free(_bio);
- }
-}
-
-void
-IceSSL::OpenSSL::BIOJanitor::clear()
-{
- _bio = 0;
-}
-
-BIO*
-IceSSL::OpenSSL::BIOJanitor::get() const
-{
- return _bio;
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/OpenSSLJanitors.h>
+
+IceSSL::OpenSSL::RSAJanitor::RSAJanitor(RSA* rsa) :
+ _rsa(rsa)
+{
+ assert(_rsa != 0);
+}
+
+IceSSL::OpenSSL::RSAJanitor::~RSAJanitor()
+{
+ if (_rsa)
+ {
+ RSA_free(_rsa);
+ }
+}
+
+void
+IceSSL::OpenSSL::RSAJanitor::clear()
+{
+ _rsa = 0;
+}
+
+RSA*
+IceSSL::OpenSSL::RSAJanitor::get() const
+{
+ return _rsa;
+}
+
+IceSSL::OpenSSL::EVP_PKEYJanitor::EVP_PKEYJanitor(EVP_PKEY* evp_pkey) :
+ _evp_pkey(evp_pkey)
+{
+ assert(_evp_pkey != 0);
+}
+
+IceSSL::OpenSSL::EVP_PKEYJanitor::~EVP_PKEYJanitor()
+{
+ if (_evp_pkey)
+ {
+ EVP_PKEY_free(_evp_pkey);
+ }
+}
+
+void
+IceSSL::OpenSSL::EVP_PKEYJanitor::clear()
+{
+ _evp_pkey = 0;
+}
+
+EVP_PKEY*
+IceSSL::OpenSSL::EVP_PKEYJanitor::get() const
+{
+ return _evp_pkey;
+}
+
+IceSSL::OpenSSL::X509_REQJanitor::X509_REQJanitor(X509_REQ* x509_req) :
+ _x509_req(x509_req)
+{
+ assert(_x509_req != 0);
+}
+
+IceSSL::OpenSSL::X509_REQJanitor::~X509_REQJanitor()
+{
+ if (_x509_req)
+ {
+ X509_REQ_free(_x509_req);
+ }
+}
+
+void
+IceSSL::OpenSSL::X509_REQJanitor::clear()
+{
+ _x509_req = 0;
+}
+
+X509_REQ*
+IceSSL::OpenSSL::X509_REQJanitor::get() const
+{
+ return _x509_req;
+}
+
+IceSSL::OpenSSL::X509Janitor::X509Janitor(X509* x509) :
+ _x509(x509)
+{
+ assert(_x509 != 0);
+}
+
+IceSSL::OpenSSL::X509Janitor::~X509Janitor()
+{
+ if (_x509)
+ {
+ X509_free(_x509);
+ }
+}
+
+void
+IceSSL::OpenSSL::X509Janitor::clear()
+{
+ _x509 = 0;
+}
+
+X509*
+IceSSL::OpenSSL::X509Janitor::get() const
+{
+ return _x509;
+}
+
+IceSSL::OpenSSL::BIOJanitor::BIOJanitor(BIO* bio) :
+ _bio(bio)
+{
+ assert(_bio != 0);
+}
+
+IceSSL::OpenSSL::BIOJanitor::~BIOJanitor()
+{
+ if (_bio)
+ {
+ BIO_free(_bio);
+ }
+}
+
+void
+IceSSL::OpenSSL::BIOJanitor::clear()
+{
+ _bio = 0;
+}
+
+BIO*
+IceSSL::OpenSSL::BIOJanitor::get() const
+{
+ return _bio;
+}
+
diff --git a/cpp/src/Ice/OpenSSLJanitors.h b/cpp/src/Ice/OpenSSLJanitors.h
index 1140d2bc6c7..63802ae50ba 100644
--- a/cpp/src/Ice/OpenSSLJanitors.h
+++ b/cpp/src/Ice/OpenSSLJanitors.h
@@ -1,102 +1,102 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_JANITORS_H
-#define ICE_SSL_JANITORS_H
-
-#include <IceUtil/Config.h>
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-class RSAJanitor
-{
-public:
-
- RSAJanitor(RSA*);
- ~RSAJanitor();
-
- void clear();
- RSA* get() const;
-
-private:
-
- RSA* _rsa;
-};
-
-class EVP_PKEYJanitor
-{
-public:
-
- EVP_PKEYJanitor(EVP_PKEY*);
- ~EVP_PKEYJanitor();
-
- void clear();
- EVP_PKEY* get() const;
-
-private:
-
- EVP_PKEY* _evp_pkey;
-};
-
-class X509_REQJanitor
-{
-public:
-
- X509_REQJanitor(X509_REQ*);
- ~X509_REQJanitor();
-
- void clear();
- X509_REQ* get() const;
-
-private:
-
- X509_REQ* _x509_req;
-};
-
-class X509Janitor
-{
-public:
-
- X509Janitor(X509*);
- ~X509Janitor();
-
- void clear();
- X509* get() const;
-
-private:
-
- X509* _x509;
-};
-
-class BIOJanitor
-{
-public:
-
- BIOJanitor(BIO*);
- ~BIOJanitor();
-
- void clear();
- BIO* get() const;
-
-private:
-
- BIO* _bio;
-};
-
-}
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_JANITORS_H
+#define ICE_SSL_JANITORS_H
+
+#include <IceUtil/Config.h>
+#include <openssl/ssl.h>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+class RSAJanitor
+{
+public:
+
+ RSAJanitor(RSA*);
+ ~RSAJanitor();
+
+ void clear();
+ RSA* get() const;
+
+private:
+
+ RSA* _rsa;
+};
+
+class EVP_PKEYJanitor
+{
+public:
+
+ EVP_PKEYJanitor(EVP_PKEY*);
+ ~EVP_PKEYJanitor();
+
+ void clear();
+ EVP_PKEY* get() const;
+
+private:
+
+ EVP_PKEY* _evp_pkey;
+};
+
+class X509_REQJanitor
+{
+public:
+
+ X509_REQJanitor(X509_REQ*);
+ ~X509_REQJanitor();
+
+ void clear();
+ X509_REQ* get() const;
+
+private:
+
+ X509_REQ* _x509_req;
+};
+
+class X509Janitor
+{
+public:
+
+ X509Janitor(X509*);
+ ~X509Janitor();
+
+ void clear();
+ X509* get() const;
+
+private:
+
+ X509* _x509;
+};
+
+class BIOJanitor
+{
+public:
+
+ BIOJanitor(BIO*);
+ ~BIOJanitor();
+
+ void clear();
+ BIO* get() const;
+
+private:
+
+ BIO* _bio;
+};
+
+}
+
+}
+
+#endif
diff --git a/cpp/src/Ice/OpenSSLUtils.cpp b/cpp/src/Ice/OpenSSLUtils.cpp
index 132778e4078..ecd5e1cc62a 100644
--- a/cpp/src/Ice/OpenSSLUtils.cpp
+++ b/cpp/src/Ice/OpenSSLUtils.cpp
@@ -1,358 +1,358 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/OpenSSLUtils.h>
-#include <Ice/SystemInternalF.h>
-#include <Ice/SystemOpenSSL.h>
-#include <Ice/SslFactory.h>
-#include <IceUtil/Mutex.h>
-#include <openssl/err.h>
-#include <assert.h>
-
-using std::string;
-
-//
-// TODO: These Diffie-Hellman params have been blatantly stolen from
-// OpenSSL's demo programs. We SHOULD define our own here, but
-// these will suffice for testing purposes. Please note, these
-// are not keys themselves, simply a DH Group that allows OpenSSL
-// to create Diffie-Hellman keys.
-//
-
-// Instantiation of temporary Diffie-Hellman 512bit key.
-unsigned char tempDiffieHellman512p[] =
-{
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
-};
-
-unsigned char tempDiffieHellman512g[] =
-{
- 0x02,
-};
-
-// Ensures that the sslGetErrors() function is synchronized.
-static ::IceUtil::Mutex sslErrorsMutex;
-
-//
-// NOTE: The following (mon, getGeneralizedTime, getUTCTime and getASN1time)
-// are routines that have been abducted from the OpenSSL X509 library,
-// and modified to work with the STL basic_string template.
-
-static const char *mon[12]=
-{
- "Jan","Feb","Mar","Apr","May","Jun",
- "Jul","Aug","Sep","Oct","Nov","Dec"
-};
-
-string
-IceSSL::OpenSSL::getGeneralizedTime(ASN1_GENERALIZEDTIME *tm)
-{
- assert(tm != 0);
-
- char buf[30];
- int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
- int i = tm->length;
-
- char* v = (char *) tm->data;
-
- if (i < 12)
- {
- goto err;
- }
-
- if (v[i-1] == 'Z')
- {
- gmt=1;
- }
-
- for (i=0; i<12; i++)
- {
- if ((v[i] > '9') || (v[i] < '0'))
- {
- goto err;
- }
- }
-
- y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] - '0');
- M = (v[4] - '0') * 10 + (v[5] - '0');
-
- if ((M > 12) || (M < 1))
- {
- goto err;
- }
-
- d = (v[6] - '0') * 10 + (v[7] - '0');
- h = (v[8] - '0') * 10 + (v[9] - '0');
- m = (v[10] - '0') * 10 + (v[11] - '0');
-
- if ((v[12] >= '0') && (v[12] <= '9') &&
- (v[13] >= '0') && (v[13] <= '9'))
- {
- s = (v[12] - '0') * 10 + (v[13] - '0');
- }
-
- sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y, (gmt)?" GMT":"");
- return string(buf);
-
-err:
- return string("Bad time value");
-}
-
-string
-IceSSL::OpenSSL::getUTCTime(ASN1_UTCTIME *tm)
-{
- assert(tm != 0);
-
- char buf[30];
- int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
- int i = tm->length;
- char* v = (char *) tm->data;
-
- if (i < 10)
- {
- goto err;
- }
-
- if (v[i-1] == 'Z')
- {
- gmt=1;
- }
-
- for (i = 0; i < 10; i++)
- {
- if ((v[i] > '9') || (v[i] < '0'))
- {
- goto err;
- }
- }
-
- y = (v[0] - '0') * 10 + (v[1] - '0');
-
- if (y < 50)
- {
- y+=100;
- }
-
- M = (v[2] - '0') * 10 + (v[3] - '0');
-
- if ((M > 12) || (M < 1))
- {
- goto err;
- }
-
- d = (v[4] - '0') * 10 + (v[5] - '0');
- h = (v[6] - '0') * 10 + (v[7] - '0');
- m = (v[8] - '0') * 10 + (v[9] - '0');
-
- if ((v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
- {
- s = (v[10] - '0') * 10 + (v[11] - '0');
- }
-
- sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y+1900, (gmt)?" GMT":"");
- return string(buf);
-
-err:
- return string("Bad time value");
-}
-
-string
-IceSSL::OpenSSL::getASN1time(ASN1_TIME *tm)
-{
- assert(tm != 0);
-
- string theTime;
-
- switch (tm->type)
- {
- case V_ASN1_UTCTIME :
- {
- theTime = getUTCTime(tm);
- break;
- }
-
- case V_ASN1_GENERALIZEDTIME :
- {
- theTime = getGeneralizedTime(tm);
- break;
- }
-
- default :
- {
- theTime = "Bad time value";
- break;
- }
- }
-
- return theTime;
-}
-
-DH*
-IceSSL::OpenSSL::loadDHParam(const char* dhfile)
-{
- assert(dhfile != 0);
-
- DH* ret = 0;
- BIO* bio = BIO_new_file(dhfile,"r");
-
- if (bio != 0)
- {
- ret = PEM_read_bio_DHparams(bio, 0, 0, 0);
- BIO_free(bio);
- }
-
- return ret;
-}
-
-DH*
-IceSSL::OpenSSL::getTempDH(unsigned char* p, int plen, unsigned char* g, int glen)
-{
- assert(p != 0);
- assert(g != 0);
-
- DH* dh = DH_new();
-
- if (dh != 0)
- {
- dh->p = BN_bin2bn(p, plen, 0);
-
- dh->g = BN_bin2bn(g, glen, 0);
-
- if ((dh->p == 0) || (dh->g == 0))
- {
- DH_free(dh);
- dh = 0;
- }
- }
-
- return dh;
-}
-
-DH*
-IceSSL::OpenSSL::getTempDH512()
-{
- DH* dh = getTempDH(tempDiffieHellman512p, sizeof(tempDiffieHellman512p),
- tempDiffieHellman512g, sizeof(tempDiffieHellman512g));
-
- return dh;
-}
-
-string
-IceSSL::OpenSSL::sslGetErrors()
-{
- IceUtil::Mutex::Lock sync(sslErrorsMutex);
-
- string errorMessage;
- char buf[200];
- char bigBuffer[1024];
- const char* file = 0;
- const char* data = 0;
- int line = 0;
- int flags = 0;
- unsigned errorCode = 0;
- int errorNum = 1;
-
- unsigned long es = CRYPTO_thread_id();
-
- while ((errorCode = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
- {
- sprintf(bigBuffer,"%6d - Thread ID: %lu\n", errorNum, es);
- errorMessage += bigBuffer;
-
- sprintf(bigBuffer,"%6d - Error: %u\n", errorNum, errorCode);
- errorMessage += bigBuffer;
-
- // Request an error from the OpenSSL library
- ERR_error_string_n(errorCode, buf, sizeof(buf));
- sprintf(bigBuffer,"%6d - Message: %s\n", errorNum, buf);
- errorMessage += bigBuffer;
-
- sprintf(bigBuffer,"%6d - Location: %s, %d\n", errorNum, file, line);
- errorMessage += bigBuffer;
-
- if (flags & ERR_TXT_STRING)
- {
- sprintf(bigBuffer,"%6d - Data: %s\n", errorNum, data);
- errorMessage += bigBuffer;
- }
-
- errorNum++;
- }
-
- ERR_clear_error();
-
- return errorMessage;
-}
-
-extern "C"
-{
-
-RSA*
-tmpRSACallback(SSL* sslConnection, int isExport, int keyLength)
-{
- assert(sslConnection != 0);
-
- IceSSL::SystemInternalPtr sslSystem = IceSSL::Factory::getSystemFromHandle(sslConnection);
- assert(sslSystem != 0);
-
- IceSSL::OpenSSL::System* openSslSystem = dynamic_cast<IceSSL::OpenSSL::System*>(sslSystem.get());
- assert(openSslSystem != 0);
-
- RSA* rsaKey = openSslSystem->getRSAKey(isExport, keyLength);
- assert(rsaKey != 0);
-
- return rsaKey;
-}
-
-DH*
-tmpDHCallback(SSL* sslConnection, int isExport, int keyLength)
-{
- assert(sslConnection != 0);
-
- IceSSL::SystemInternalPtr sslSystem = IceSSL::Factory::getSystemFromHandle(sslConnection);
- assert(sslSystem != 0);
-
- IceSSL::OpenSSL::System* openSslSystem = dynamic_cast<IceSSL::OpenSSL::System*>(sslSystem.get());
- assert(openSslSystem != 0);
-
- DH* dh = openSslSystem->getDHParams(isExport, keyLength);
- assert(dh != 0);
-
- return dh;
-}
-
-// verifyCallback - Certificate Verification callback function.
-int
-verifyCallback(int ok, X509_STORE_CTX* ctx)
-{
- assert(ctx != 0);
-
- // Tricky method to get access to our connection. I would use SSL_get_ex_data() to get
- // the Connection object, if only I had some way to retrieve the index of the object
- // in this function. Hence, we have to invent our own reference system here.
- SSL* sslConnection = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
- assert(sslConnection != 0);
-
- IceSSL::OpenSSL::ConnectionPtr connection = IceSSL::OpenSSL::Connection::getConnection(sslConnection);
- assert(connection != 0);
-
- // Call the connection, get it to perform the verification.
- return connection->verifyCertificate(ok, ctx);
-}
-
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/OpenSSLUtils.h>
+#include <Ice/SystemInternalF.h>
+#include <Ice/SystemOpenSSL.h>
+#include <Ice/SslFactory.h>
+#include <IceUtil/Mutex.h>
+#include <openssl/err.h>
+#include <assert.h>
+
+using std::string;
+
+//
+// TODO: These Diffie-Hellman params have been blatantly stolen from
+// OpenSSL's demo programs. We SHOULD define our own here, but
+// these will suffice for testing purposes. Please note, these
+// are not keys themselves, simply a DH Group that allows OpenSSL
+// to create Diffie-Hellman keys.
+//
+
+// Instantiation of temporary Diffie-Hellman 512bit key.
+unsigned char tempDiffieHellman512p[] =
+{
+ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+ 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+ 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+ 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+ 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+ 0x47,0x74,0xE8,0x33,
+};
+
+unsigned char tempDiffieHellman512g[] =
+{
+ 0x02,
+};
+
+// Ensures that the sslGetErrors() function is synchronized.
+static ::IceUtil::Mutex sslErrorsMutex;
+
+//
+// NOTE: The following (mon, getGeneralizedTime, getUTCTime and getASN1time)
+// are routines that have been abducted from the OpenSSL X509 library,
+// and modified to work with the STL basic_string template.
+
+static const char *mon[12]=
+{
+ "Jan","Feb","Mar","Apr","May","Jun",
+ "Jul","Aug","Sep","Oct","Nov","Dec"
+};
+
+string
+IceSSL::OpenSSL::getGeneralizedTime(ASN1_GENERALIZEDTIME *tm)
+{
+ assert(tm != 0);
+
+ char buf[30];
+ int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+
+ int i = tm->length;
+
+ char* v = (char *) tm->data;
+
+ if (i < 12)
+ {
+ goto err;
+ }
+
+ if (v[i-1] == 'Z')
+ {
+ gmt=1;
+ }
+
+ for (i=0; i<12; i++)
+ {
+ if ((v[i] > '9') || (v[i] < '0'))
+ {
+ goto err;
+ }
+ }
+
+ y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] - '0');
+ M = (v[4] - '0') * 10 + (v[5] - '0');
+
+ if ((M > 12) || (M < 1))
+ {
+ goto err;
+ }
+
+ d = (v[6] - '0') * 10 + (v[7] - '0');
+ h = (v[8] - '0') * 10 + (v[9] - '0');
+ m = (v[10] - '0') * 10 + (v[11] - '0');
+
+ if ((v[12] >= '0') && (v[12] <= '9') &&
+ (v[13] >= '0') && (v[13] <= '9'))
+ {
+ s = (v[12] - '0') * 10 + (v[13] - '0');
+ }
+
+ sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y, (gmt)?" GMT":"");
+ return string(buf);
+
+err:
+ return string("Bad time value");
+}
+
+string
+IceSSL::OpenSSL::getUTCTime(ASN1_UTCTIME *tm)
+{
+ assert(tm != 0);
+
+ char buf[30];
+ int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+
+ int i = tm->length;
+ char* v = (char *) tm->data;
+
+ if (i < 10)
+ {
+ goto err;
+ }
+
+ if (v[i-1] == 'Z')
+ {
+ gmt=1;
+ }
+
+ for (i = 0; i < 10; i++)
+ {
+ if ((v[i] > '9') || (v[i] < '0'))
+ {
+ goto err;
+ }
+ }
+
+ y = (v[0] - '0') * 10 + (v[1] - '0');
+
+ if (y < 50)
+ {
+ y+=100;
+ }
+
+ M = (v[2] - '0') * 10 + (v[3] - '0');
+
+ if ((M > 12) || (M < 1))
+ {
+ goto err;
+ }
+
+ d = (v[4] - '0') * 10 + (v[5] - '0');
+ h = (v[6] - '0') * 10 + (v[7] - '0');
+ m = (v[8] - '0') * 10 + (v[9] - '0');
+
+ if ((v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
+ {
+ s = (v[10] - '0') * 10 + (v[11] - '0');
+ }
+
+ sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y+1900, (gmt)?" GMT":"");
+ return string(buf);
+
+err:
+ return string("Bad time value");
+}
+
+string
+IceSSL::OpenSSL::getASN1time(ASN1_TIME *tm)
+{
+ assert(tm != 0);
+
+ string theTime;
+
+ switch (tm->type)
+ {
+ case V_ASN1_UTCTIME :
+ {
+ theTime = getUTCTime(tm);
+ break;
+ }
+
+ case V_ASN1_GENERALIZEDTIME :
+ {
+ theTime = getGeneralizedTime(tm);
+ break;
+ }
+
+ default :
+ {
+ theTime = "Bad time value";
+ break;
+ }
+ }
+
+ return theTime;
+}
+
+DH*
+IceSSL::OpenSSL::loadDHParam(const char* dhfile)
+{
+ assert(dhfile != 0);
+
+ DH* ret = 0;
+ BIO* bio = BIO_new_file(dhfile,"r");
+
+ if (bio != 0)
+ {
+ ret = PEM_read_bio_DHparams(bio, 0, 0, 0);
+ BIO_free(bio);
+ }
+
+ return ret;
+}
+
+DH*
+IceSSL::OpenSSL::getTempDH(unsigned char* p, int plen, unsigned char* g, int glen)
+{
+ assert(p != 0);
+ assert(g != 0);
+
+ DH* dh = DH_new();
+
+ if (dh != 0)
+ {
+ dh->p = BN_bin2bn(p, plen, 0);
+
+ dh->g = BN_bin2bn(g, glen, 0);
+
+ if ((dh->p == 0) || (dh->g == 0))
+ {
+ DH_free(dh);
+ dh = 0;
+ }
+ }
+
+ return dh;
+}
+
+DH*
+IceSSL::OpenSSL::getTempDH512()
+{
+ DH* dh = getTempDH(tempDiffieHellman512p, sizeof(tempDiffieHellman512p),
+ tempDiffieHellman512g, sizeof(tempDiffieHellman512g));
+
+ return dh;
+}
+
+string
+IceSSL::OpenSSL::sslGetErrors()
+{
+ IceUtil::Mutex::Lock sync(sslErrorsMutex);
+
+ string errorMessage;
+ char buf[200];
+ char bigBuffer[1024];
+ const char* file = 0;
+ const char* data = 0;
+ int line = 0;
+ int flags = 0;
+ unsigned errorCode = 0;
+ int errorNum = 1;
+
+ unsigned long es = CRYPTO_thread_id();
+
+ while ((errorCode = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
+ {
+ sprintf(bigBuffer,"%6d - Thread ID: %lu\n", errorNum, es);
+ errorMessage += bigBuffer;
+
+ sprintf(bigBuffer,"%6d - Error: %u\n", errorNum, errorCode);
+ errorMessage += bigBuffer;
+
+ // Request an error from the OpenSSL library
+ ERR_error_string_n(errorCode, buf, sizeof(buf));
+ sprintf(bigBuffer,"%6d - Message: %s\n", errorNum, buf);
+ errorMessage += bigBuffer;
+
+ sprintf(bigBuffer,"%6d - Location: %s, %d\n", errorNum, file, line);
+ errorMessage += bigBuffer;
+
+ if (flags & ERR_TXT_STRING)
+ {
+ sprintf(bigBuffer,"%6d - Data: %s\n", errorNum, data);
+ errorMessage += bigBuffer;
+ }
+
+ errorNum++;
+ }
+
+ ERR_clear_error();
+
+ return errorMessage;
+}
+
+extern "C"
+{
+
+RSA*
+tmpRSACallback(SSL* sslConnection, int isExport, int keyLength)
+{
+ assert(sslConnection != 0);
+
+ IceSSL::SystemInternalPtr sslSystem = IceSSL::Factory::getSystemFromHandle(sslConnection);
+ assert(sslSystem != 0);
+
+ IceSSL::OpenSSL::System* openSslSystem = dynamic_cast<IceSSL::OpenSSL::System*>(sslSystem.get());
+ assert(openSslSystem != 0);
+
+ RSA* rsaKey = openSslSystem->getRSAKey(isExport, keyLength);
+ assert(rsaKey != 0);
+
+ return rsaKey;
+}
+
+DH*
+tmpDHCallback(SSL* sslConnection, int isExport, int keyLength)
+{
+ assert(sslConnection != 0);
+
+ IceSSL::SystemInternalPtr sslSystem = IceSSL::Factory::getSystemFromHandle(sslConnection);
+ assert(sslSystem != 0);
+
+ IceSSL::OpenSSL::System* openSslSystem = dynamic_cast<IceSSL::OpenSSL::System*>(sslSystem.get());
+ assert(openSslSystem != 0);
+
+ DH* dh = openSslSystem->getDHParams(isExport, keyLength);
+ assert(dh != 0);
+
+ return dh;
+}
+
+// verifyCallback - Certificate Verification callback function.
+int
+verifyCallback(int ok, X509_STORE_CTX* ctx)
+{
+ assert(ctx != 0);
+
+ // Tricky method to get access to our connection. I would use SSL_get_ex_data() to get
+ // the Connection object, if only I had some way to retrieve the index of the object
+ // in this function. Hence, we have to invent our own reference system here.
+ SSL* sslConnection = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
+ assert(sslConnection != 0);
+
+ IceSSL::OpenSSL::ConnectionPtr connection = IceSSL::OpenSSL::Connection::getConnection(sslConnection);
+ assert(connection != 0);
+
+ // Call the connection, get it to perform the verification.
+ return connection->verifyCertificate(ok, ctx);
+}
+
+}
+
diff --git a/cpp/src/Ice/OpenSSLUtils.h b/cpp/src/Ice/OpenSSLUtils.h
index 45307cce044..76baab9c269 100644
--- a/cpp/src/Ice/OpenSSLUtils.h
+++ b/cpp/src/Ice/OpenSSLUtils.h
@@ -1,49 +1,49 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <openssl/ssl.h>
-#include <string>
-
-namespace IceSSL
-{
-
-namespace OpenSSL
-{
-
-std::string getGeneralizedTime(ASN1_GENERALIZEDTIME*);
-
-std::string getUTCTime(ASN1_UTCTIME*);
-
-std::string getASN1time(ASN1_TIME*);
-
-DH* loadDHParam(const char*);
-
-DH* getTempDH(unsigned char*, int, unsigned char*, int);
-
-DH* getTempDH512();
-
-std::string sslGetErrors();
-
-}
-
-}
-
-extern "C"
-{
-
-RSA* tmpRSACallback(SSL*, int, int);
-
-DH* tmpDHCallback(SSL*, int, int);
-
-int verifyCallback(int, X509_STORE_CTX*);
-
-int passwordCallback(char*, int, int, void*);
-
-}
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <openssl/ssl.h>
+#include <string>
+
+namespace IceSSL
+{
+
+namespace OpenSSL
+{
+
+std::string getGeneralizedTime(ASN1_GENERALIZEDTIME*);
+
+std::string getUTCTime(ASN1_UTCTIME*);
+
+std::string getASN1time(ASN1_TIME*);
+
+DH* loadDHParam(const char*);
+
+DH* getTempDH(unsigned char*, int, unsigned char*, int);
+
+DH* getTempDH512();
+
+std::string sslGetErrors();
+
+}
+
+}
+
+extern "C"
+{
+
+RSA* tmpRSACallback(SSL*, int, int);
+
+DH* tmpDHCallback(SSL*, int, int);
+
+int verifyCallback(int, X509_STORE_CTX*);
+
+int passwordCallback(char*, int, int, void*);
+
+}
diff --git a/cpp/src/Ice/RSACertificateGen.cpp b/cpp/src/Ice/RSACertificateGen.cpp
index 379b5f5a1b5..0845fca915c 100644
--- a/cpp/src/Ice/RSACertificateGen.cpp
+++ b/cpp/src/Ice/RSACertificateGen.cpp
@@ -1,354 +1,354 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-#include <Ice/RSACertificateGen.h>
-#include <Ice/OpenSSLJanitors.h>
-#include <Ice/RSAKeyPair.h>
-#include <Ice/RSAPrivateKey.h>
-#include <Ice/RSAPublicKey.h>
-#include <Ice/SslException.h>
-#include <Ice/OpenSSLUtils.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-using std::string;
-using std::back_inserter;
-
-using namespace IceSSL::OpenSSL;
-
-long
-IceSSL::OpenSSL::RSACertificateGenContext::minutesToSeconds(long minutes)
-{
- return minutes * 60L;
-}
-
-long
-IceSSL::OpenSSL::RSACertificateGenContext::hoursToSeconds(long hours)
-{
- return minutesToSeconds(hours * 60L);
-}
-
-long
-IceSSL::OpenSSL::RSACertificateGenContext::daysToSeconds(long days)
-{
- return hoursToSeconds(days * 24L);
-}
-
-long
-IceSSL::OpenSSL::RSACertificateGenContext::weeksToSeconds(long weeks)
-{
- return daysToSeconds(weeks * 7L);
-}
-
-long
-IceSSL::OpenSSL::RSACertificateGenContext::yearsToSeconds(long years)
-{
- return weeksToSeconds(years * 365L);
-}
-
-IceSSL::OpenSSL::RSACertificateGenContext::RSACertificateGenContext() :
- _modulusLength(0),
- _secondsValid(0)
-{
-}
-
-IceSSL::OpenSSL::RSACertificateGenContext::~RSACertificateGenContext()
-{
-}
-
-void
-IceSSL::OpenSSL::RSACertificateGenContext::setCountry(const string& country)
-{
- _country = country;
-}
-
-void
-IceSSL::OpenSSL::RSACertificateGenContext::setStateProvince(const string& stateProvince)
-{
- _stateProvince = stateProvince;
-}
-
-void
-IceSSL::OpenSSL::RSACertificateGenContext::setLocality(const string& locality)
-{
- _locality = locality;
-}
-
-void
-IceSSL::OpenSSL::RSACertificateGenContext::setOrganization(const string& organization)
-{
- _organization = organization;
-}
-
-void
-IceSSL::OpenSSL::RSACertificateGenContext::setOrgainizationalUnit(const string& organizationalUnit)
-{
- _organizationalUnit = organizationalUnit;
-}
-
-void
-IceSSL::OpenSSL::RSACertificateGenContext::setCommonName(const string& commonName)
-{
- _commonName = commonName;
-}
-
-void
-IceSSL::OpenSSL::RSACertificateGenContext::setBitStrength(int bitStrength)
-{
- _modulusLength = bitStrength;
-}
-
-void
-IceSSL::OpenSSL::RSACertificateGenContext::setSecondsValid(long secondsValid)
-{
- _secondsValid = secondsValid;
-}
-
-unsigned char*
-IceSSL::OpenSSL::RSACertificateGenContext::getCountry() const
-{
- unsigned char* country = reinterpret_cast<unsigned char *>(const_cast<char*>(_country.c_str()));
-
- assert(country != 0);
-
- return country;
-}
-
-unsigned char*
-IceSSL::OpenSSL::RSACertificateGenContext::getStateProvince() const
-{
- unsigned char* stateProvince = reinterpret_cast<unsigned char *>(const_cast<char*>(_stateProvince.c_str()));
-
- assert(stateProvince != 0);
-
- return stateProvince;
-}
-
-unsigned char*
-IceSSL::OpenSSL::RSACertificateGenContext::getLocality() const
-{
- unsigned char* locality = reinterpret_cast<unsigned char *>(const_cast<char*>(_locality.c_str()));
-
- assert(locality != 0);
-
- return locality;
-}
-
-unsigned char*
-IceSSL::OpenSSL::RSACertificateGenContext::getOrganization() const
-{
- unsigned char* organization = reinterpret_cast<unsigned char *>(const_cast<char*>(_organization.c_str()));
-
- assert(organization != 0);
-
- return organization;
-}
-
-unsigned char*
-IceSSL::OpenSSL::RSACertificateGenContext::getOrgainizationalUnit() const
-{
- unsigned char* orgUnit = reinterpret_cast<unsigned char *>(const_cast<char*>(_organizationalUnit.c_str()));
-
- assert(orgUnit != 0);
-
- return orgUnit;
-}
-
-unsigned char*
-IceSSL::OpenSSL::RSACertificateGenContext::getCommonName() const
-{
- unsigned char* commonName = reinterpret_cast<unsigned char *>(const_cast<char*>(_commonName.c_str()));
-
- assert(commonName != 0);
-
- return commonName;
-}
-
-int
-IceSSL::OpenSSL::RSACertificateGenContext::getModulusLength() const
-{
- return _modulusLength;
-}
-
-long
-IceSSL::OpenSSL::RSACertificateGenContext::getSecondsValid() const
-{
- return _secondsValid;
-}
-
-IceSSL::OpenSSL::RSACertificateGen::RSACertificateGen()
-{
- ERR_load_crypto_strings();
-}
-
-IceSSL::OpenSSL::RSACertificateGen::~RSACertificateGen()
-{
-}
-
-IceSSL::OpenSSL::RSAKeyPairPtr
-IceSSL::OpenSSL::RSACertificateGen::generate(const RSACertificateGenContext& context)
-{
- // Generate an RSA key pair.
- RSAJanitor rsaJanitor(RSA_generate_key(context.getModulusLength(), RSA_F4, 0, 0));
- RSA* rsaKeyPair = rsaJanitor.get();
-
- assert(rsaKeyPair != 0);
-
- EVP_PKEYJanitor evpPkeyJanitor(EVP_PKEY_new());
- EVP_PKEY* pkey = evpPkeyJanitor.get();
- assert(pkey != 0);
- EVP_PKEY_assign_RSA(pkey, rsaKeyPair);
-
- // The RSA structure now belongs (temporarily) to the EVP_PKEY
- rsaJanitor.clear();
-
- // Create a signing request
- X509_REQJanitor x509ReqJanitor(X509_REQ_new());
- X509_REQ* signingRequest = x509ReqJanitor.get();
- assert(signingRequest != 0);
-
- X509Janitor x509Janitor(X509_new());
- X509* x509SelfSigned = x509Janitor.get();
- assert(x509SelfSigned != 0);
-
- // Set version to V3.
- assert(X509_set_version(x509SelfSigned, 2) != 0);
-
- ASN1_INTEGER_set(X509_get_serialNumber(x509SelfSigned), 0);
-
- // NOTE: This is wierd. It looks like, for some reason, that the typedef of
- // X509_NAME gets lost in this code module. I am using the straight struct
- // here because X509_NAME isn't here.
-
- // X509_NAME* subjectName = X509_REQ_get_subject_name(signingRequest);
- struct X509_name_st* subjectName = X509_REQ_get_subject_name(signingRequest);
-
- // Set valid time period.
- X509_gmtime_adj(X509_get_notBefore(x509SelfSigned), 0);
- X509_gmtime_adj(X509_get_notAfter(x509SelfSigned), context.getSecondsValid());
-
- // Set up subject/issuer Distinguished Name (DN).
- X509_NAME_add_entry_by_txt(subjectName, "C", MBSTRING_ASC, context.getCountry(), -1, -1, 0);
- X509_NAME_add_entry_by_txt(subjectName, "ST", MBSTRING_ASC, context.getStateProvince(), -1, -1, 0);
- X509_NAME_add_entry_by_txt(subjectName, "L", MBSTRING_ASC, context.getLocality(), -1, -1, 0);
- X509_NAME_add_entry_by_txt(subjectName, "O", MBSTRING_ASC, context.getOrganization(), -1, -1, 0);
- X509_NAME_add_entry_by_txt(subjectName, "OU", MBSTRING_ASC, context.getOrgainizationalUnit(), -1, -1, 0);
- X509_NAME_add_entry_by_txt(subjectName, "CN", MBSTRING_ASC, context.getCommonName(), -1, -1, 0);
-
- // Self signed - set issuer and subject names identical
- X509_set_issuer_name(x509SelfSigned, subjectName);
- X509_set_subject_name(x509SelfSigned, subjectName);
-
- // Set the public key in the self signed certificate from the request.
- X509_set_pubkey(x509SelfSigned, pkey);
-
- // Sign the public key using an MD5 digest.
- if (!X509_sign(x509SelfSigned, pkey, EVP_md5()))
- {
- throw IceSSL::CertificateSigningException(__FILE__, __LINE__);
- }
-
- // Verify the Signature (paranoia).
- if (!X509_REQ_verify(signingRequest, pkey))
- {
- throw IceSSL::CertificateSignatureException(__FILE__, __LINE__);
- }
-
- // Nasty Hack: Getting the pkey to let go of our rsaKeyPair - we own that now.
- pkey->pkey.ptr = 0;
-
- RSAPrivateKeyPtr privKeyPtr = new RSAPrivateKey(rsaKeyPair);
- RSAPublicKeyPtr pubKeyPtr = new RSAPublicKey(x509SelfSigned);
- RSAKeyPair* keyPairPtr = new RSAKeyPair(privKeyPtr, pubKeyPtr);
-
- // Do not let the janitors clean up, we're keeping the keys for ourselves.
- rsaJanitor.clear();
- x509Janitor.clear();
-
- return keyPairPtr;
-}
-
-IceSSL::OpenSSL::RSAKeyPairPtr
-IceSSL::OpenSSL::RSACertificateGen::loadKeyPair(const std::string& keyFile, const std::string& certFile)
-{
- //
- // Read in the X509 Certificate Structure
- //
- BIOJanitor certBIO(BIO_new_file(certFile.c_str(), "r"));
- if (certBIO.get() == 0)
- {
- IceSSL::OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
-
- certLoadEx._message = "unable to load certificate from '";
- certLoadEx._message += certFile;
- certLoadEx._message += "'\n";
- certLoadEx._message += sslGetErrors();
-
- throw certLoadEx;
- }
-
- X509Janitor x509Janitor(PEM_read_bio_X509(certBIO.get(), 0, 0, 0));
-
- if (x509Janitor.get() == 0)
- {
- IceSSL::OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
-
- certLoadEx._message = "unable to load certificate from '";
- certLoadEx._message += certFile;
- certLoadEx._message += "'\n";
- certLoadEx._message += sslGetErrors();
-
- throw certLoadEx;
- }
-
- //
- // Read in the RSA Private Key Structure
- //
- BIOJanitor keyBIO(BIO_new_file(keyFile.c_str(), "r"));
- if (keyBIO.get() == 0)
- {
- IceSSL::OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
-
- pklEx._message = "unable to load private key from '";
- pklEx._message += keyFile;
- pklEx._message += "'\n";
- pklEx._message += sslGetErrors();
-
- throw pklEx;
- }
-
- RSAJanitor rsaJanitor(PEM_read_bio_RSAPrivateKey(keyBIO.get(), 0, 0, 0));
-
- if (rsaJanitor.get() == 0)
- {
- IceSSL::OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
-
- pklEx._message = "unable to load private key from '";
- pklEx._message += keyFile;
- pklEx._message += "'\n";
- pklEx._message += sslGetErrors();
-
- throw pklEx;
- }
-
- //
- // Construct our RSAKeyPair
- //
- RSAPrivateKeyPtr privKeyPtr = new RSAPrivateKey(rsaJanitor.get());
- RSAPublicKeyPtr pubKeyPtr = new RSAPublicKey(x509Janitor.get());
- RSAKeyPairPtr keyPairPtr = new RSAKeyPair(privKeyPtr, pubKeyPtr);
-
- // Do not let the janitors clean up, we're keeping these keys.
- rsaJanitor.clear();
- x509Janitor.clear();
-
- return keyPairPtr;
-}
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <IceUtil/Config.h>
+#include <Ice/RSACertificateGen.h>
+#include <Ice/OpenSSLJanitors.h>
+#include <Ice/RSAKeyPair.h>
+#include <Ice/RSAPrivateKey.h>
+#include <Ice/RSAPublicKey.h>
+#include <Ice/SslException.h>
+#include <Ice/OpenSSLUtils.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+using std::string;
+using std::back_inserter;
+
+using namespace IceSSL::OpenSSL;
+
+long
+IceSSL::OpenSSL::RSACertificateGenContext::minutesToSeconds(long minutes)
+{
+ return minutes * 60L;
+}
+
+long
+IceSSL::OpenSSL::RSACertificateGenContext::hoursToSeconds(long hours)
+{
+ return minutesToSeconds(hours * 60L);
+}
+
+long
+IceSSL::OpenSSL::RSACertificateGenContext::daysToSeconds(long days)
+{
+ return hoursToSeconds(days * 24L);
+}
+
+long
+IceSSL::OpenSSL::RSACertificateGenContext::weeksToSeconds(long weeks)
+{
+ return daysToSeconds(weeks * 7L);
+}
+
+long
+IceSSL::OpenSSL::RSACertificateGenContext::yearsToSeconds(long years)
+{
+ return weeksToSeconds(years * 365L);
+}
+
+IceSSL::OpenSSL::RSACertificateGenContext::RSACertificateGenContext() :
+ _modulusLength(0),
+ _secondsValid(0)
+{
+}
+
+IceSSL::OpenSSL::RSACertificateGenContext::~RSACertificateGenContext()
+{
+}
+
+void
+IceSSL::OpenSSL::RSACertificateGenContext::setCountry(const string& country)
+{
+ _country = country;
+}
+
+void
+IceSSL::OpenSSL::RSACertificateGenContext::setStateProvince(const string& stateProvince)
+{
+ _stateProvince = stateProvince;
+}
+
+void
+IceSSL::OpenSSL::RSACertificateGenContext::setLocality(const string& locality)
+{
+ _locality = locality;
+}
+
+void
+IceSSL::OpenSSL::RSACertificateGenContext::setOrganization(const string& organization)
+{
+ _organization = organization;
+}
+
+void
+IceSSL::OpenSSL::RSACertificateGenContext::setOrgainizationalUnit(const string& organizationalUnit)
+{
+ _organizationalUnit = organizationalUnit;
+}
+
+void
+IceSSL::OpenSSL::RSACertificateGenContext::setCommonName(const string& commonName)
+{
+ _commonName = commonName;
+}
+
+void
+IceSSL::OpenSSL::RSACertificateGenContext::setBitStrength(int bitStrength)
+{
+ _modulusLength = bitStrength;
+}
+
+void
+IceSSL::OpenSSL::RSACertificateGenContext::setSecondsValid(long secondsValid)
+{
+ _secondsValid = secondsValid;
+}
+
+unsigned char*
+IceSSL::OpenSSL::RSACertificateGenContext::getCountry() const
+{
+ unsigned char* country = reinterpret_cast<unsigned char *>(const_cast<char*>(_country.c_str()));
+
+ assert(country != 0);
+
+ return country;
+}
+
+unsigned char*
+IceSSL::OpenSSL::RSACertificateGenContext::getStateProvince() const
+{
+ unsigned char* stateProvince = reinterpret_cast<unsigned char *>(const_cast<char*>(_stateProvince.c_str()));
+
+ assert(stateProvince != 0);
+
+ return stateProvince;
+}
+
+unsigned char*
+IceSSL::OpenSSL::RSACertificateGenContext::getLocality() const
+{
+ unsigned char* locality = reinterpret_cast<unsigned char *>(const_cast<char*>(_locality.c_str()));
+
+ assert(locality != 0);
+
+ return locality;
+}
+
+unsigned char*
+IceSSL::OpenSSL::RSACertificateGenContext::getOrganization() const
+{
+ unsigned char* organization = reinterpret_cast<unsigned char *>(const_cast<char*>(_organization.c_str()));
+
+ assert(organization != 0);
+
+ return organization;
+}
+
+unsigned char*
+IceSSL::OpenSSL::RSACertificateGenContext::getOrgainizationalUnit() const
+{
+ unsigned char* orgUnit = reinterpret_cast<unsigned char *>(const_cast<char*>(_organizationalUnit.c_str()));
+
+ assert(orgUnit != 0);
+
+ return orgUnit;
+}
+
+unsigned char*
+IceSSL::OpenSSL::RSACertificateGenContext::getCommonName() const
+{
+ unsigned char* commonName = reinterpret_cast<unsigned char *>(const_cast<char*>(_commonName.c_str()));
+
+ assert(commonName != 0);
+
+ return commonName;
+}
+
+int
+IceSSL::OpenSSL::RSACertificateGenContext::getModulusLength() const
+{
+ return _modulusLength;
+}
+
+long
+IceSSL::OpenSSL::RSACertificateGenContext::getSecondsValid() const
+{
+ return _secondsValid;
+}
+
+IceSSL::OpenSSL::RSACertificateGen::RSACertificateGen()
+{
+ ERR_load_crypto_strings();
+}
+
+IceSSL::OpenSSL::RSACertificateGen::~RSACertificateGen()
+{
+}
+
+IceSSL::OpenSSL::RSAKeyPairPtr
+IceSSL::OpenSSL::RSACertificateGen::generate(const RSACertificateGenContext& context)
+{
+ // Generate an RSA key pair.
+ RSAJanitor rsaJanitor(RSA_generate_key(context.getModulusLength(), RSA_F4, 0, 0));
+ RSA* rsaKeyPair = rsaJanitor.get();
+
+ assert(rsaKeyPair != 0);
+
+ EVP_PKEYJanitor evpPkeyJanitor(EVP_PKEY_new());
+ EVP_PKEY* pkey = evpPkeyJanitor.get();
+ assert(pkey != 0);
+ EVP_PKEY_assign_RSA(pkey, rsaKeyPair);
+
+ // The RSA structure now belongs (temporarily) to the EVP_PKEY
+ rsaJanitor.clear();
+
+ // Create a signing request
+ X509_REQJanitor x509ReqJanitor(X509_REQ_new());
+ X509_REQ* signingRequest = x509ReqJanitor.get();
+ assert(signingRequest != 0);
+
+ X509Janitor x509Janitor(X509_new());
+ X509* x509SelfSigned = x509Janitor.get();
+ assert(x509SelfSigned != 0);
+
+ // Set version to V3.
+ assert(X509_set_version(x509SelfSigned, 2) != 0);
+
+ ASN1_INTEGER_set(X509_get_serialNumber(x509SelfSigned), 0);
+
+ // NOTE: This is wierd. It looks like, for some reason, that the typedef of
+ // X509_NAME gets lost in this code module. I am using the straight struct
+ // here because X509_NAME isn't here.
+
+ // X509_NAME* subjectName = X509_REQ_get_subject_name(signingRequest);
+ struct X509_name_st* subjectName = X509_REQ_get_subject_name(signingRequest);
+
+ // Set valid time period.
+ X509_gmtime_adj(X509_get_notBefore(x509SelfSigned), 0);
+ X509_gmtime_adj(X509_get_notAfter(x509SelfSigned), context.getSecondsValid());
+
+ // Set up subject/issuer Distinguished Name (DN).
+ X509_NAME_add_entry_by_txt(subjectName, "C", MBSTRING_ASC, context.getCountry(), -1, -1, 0);
+ X509_NAME_add_entry_by_txt(subjectName, "ST", MBSTRING_ASC, context.getStateProvince(), -1, -1, 0);
+ X509_NAME_add_entry_by_txt(subjectName, "L", MBSTRING_ASC, context.getLocality(), -1, -1, 0);
+ X509_NAME_add_entry_by_txt(subjectName, "O", MBSTRING_ASC, context.getOrganization(), -1, -1, 0);
+ X509_NAME_add_entry_by_txt(subjectName, "OU", MBSTRING_ASC, context.getOrgainizationalUnit(), -1, -1, 0);
+ X509_NAME_add_entry_by_txt(subjectName, "CN", MBSTRING_ASC, context.getCommonName(), -1, -1, 0);
+
+ // Self signed - set issuer and subject names identical
+ X509_set_issuer_name(x509SelfSigned, subjectName);
+ X509_set_subject_name(x509SelfSigned, subjectName);
+
+ // Set the public key in the self signed certificate from the request.
+ X509_set_pubkey(x509SelfSigned, pkey);
+
+ // Sign the public key using an MD5 digest.
+ if (!X509_sign(x509SelfSigned, pkey, EVP_md5()))
+ {
+ throw IceSSL::CertificateSigningException(__FILE__, __LINE__);
+ }
+
+ // Verify the Signature (paranoia).
+ if (!X509_REQ_verify(signingRequest, pkey))
+ {
+ throw IceSSL::CertificateSignatureException(__FILE__, __LINE__);
+ }
+
+ // Nasty Hack: Getting the pkey to let go of our rsaKeyPair - we own that now.
+ pkey->pkey.ptr = 0;
+
+ RSAPrivateKeyPtr privKeyPtr = new RSAPrivateKey(rsaKeyPair);
+ RSAPublicKeyPtr pubKeyPtr = new RSAPublicKey(x509SelfSigned);
+ RSAKeyPair* keyPairPtr = new RSAKeyPair(privKeyPtr, pubKeyPtr);
+
+ // Do not let the janitors clean up, we're keeping the keys for ourselves.
+ rsaJanitor.clear();
+ x509Janitor.clear();
+
+ return keyPairPtr;
+}
+
+IceSSL::OpenSSL::RSAKeyPairPtr
+IceSSL::OpenSSL::RSACertificateGen::loadKeyPair(const std::string& keyFile, const std::string& certFile)
+{
+ //
+ // Read in the X509 Certificate Structure
+ //
+ BIOJanitor certBIO(BIO_new_file(certFile.c_str(), "r"));
+ if (certBIO.get() == 0)
+ {
+ IceSSL::OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
+
+ certLoadEx._message = "unable to load certificate from '";
+ certLoadEx._message += certFile;
+ certLoadEx._message += "'\n";
+ certLoadEx._message += sslGetErrors();
+
+ throw certLoadEx;
+ }
+
+ X509Janitor x509Janitor(PEM_read_bio_X509(certBIO.get(), 0, 0, 0));
+
+ if (x509Janitor.get() == 0)
+ {
+ IceSSL::OpenSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
+
+ certLoadEx._message = "unable to load certificate from '";
+ certLoadEx._message += certFile;
+ certLoadEx._message += "'\n";
+ certLoadEx._message += sslGetErrors();
+
+ throw certLoadEx;
+ }
+
+ //
+ // Read in the RSA Private Key Structure
+ //
+ BIOJanitor keyBIO(BIO_new_file(keyFile.c_str(), "r"));
+ if (keyBIO.get() == 0)
+ {
+ IceSSL::OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
+
+ pklEx._message = "unable to load private key from '";
+ pklEx._message += keyFile;
+ pklEx._message += "'\n";
+ pklEx._message += sslGetErrors();
+
+ throw pklEx;
+ }
+
+ RSAJanitor rsaJanitor(PEM_read_bio_RSAPrivateKey(keyBIO.get(), 0, 0, 0));
+
+ if (rsaJanitor.get() == 0)
+ {
+ IceSSL::OpenSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
+
+ pklEx._message = "unable to load private key from '";
+ pklEx._message += keyFile;
+ pklEx._message += "'\n";
+ pklEx._message += sslGetErrors();
+
+ throw pklEx;
+ }
+
+ //
+ // Construct our RSAKeyPair
+ //
+ RSAPrivateKeyPtr privKeyPtr = new RSAPrivateKey(rsaJanitor.get());
+ RSAPublicKeyPtr pubKeyPtr = new RSAPublicKey(x509Janitor.get());
+ RSAKeyPairPtr keyPairPtr = new RSAKeyPair(privKeyPtr, pubKeyPtr);
+
+ // Do not let the janitors clean up, we're keeping these keys.
+ rsaJanitor.clear();
+ x509Janitor.clear();
+
+ return keyPairPtr;
+}
diff --git a/cpp/src/Ice/RSAKeyPair.cpp b/cpp/src/Ice/RSAKeyPair.cpp
index f6ccedff747..3cae356d441 100644
--- a/cpp/src/Ice/RSAKeyPair.cpp
+++ b/cpp/src/Ice/RSAKeyPair.cpp
@@ -1,87 +1,87 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-#include <IceUtil/Base64.h>
-#include <Ice/RSAKeyPair.h>
-#include <Ice/RSAPrivateKey.h>
-#include <Ice/RSAPublicKey.h>
-#include <assert.h>
-
-void ::IceInternal::incRef(::IceSSL::OpenSSL::RSAKeyPair* p) { p->__incRef(); }
-void ::IceInternal::decRef(::IceSSL::OpenSSL::RSAKeyPair* p) { p->__decRef(); }
-
-using std::back_inserter;
-using std::string;
-using Ice::ByteSeq;
-using IceUtil::Base64;
-
-IceSSL::OpenSSL::RSAKeyPair::RSAKeyPair(const string& key, const string& cert) :
- _privateKey(new RSAPrivateKey(key)),
- _publicKey(new RSAPublicKey(cert))
-{
- assert(_privateKey != 0);
- assert(_publicKey != 0);
-}
-
-IceSSL::OpenSSL::RSAKeyPair::RSAKeyPair(const ByteSeq& keySeq, const ByteSeq& certSeq) :
- _privateKey(new RSAPrivateKey(keySeq)),
- _publicKey(new RSAPublicKey(certSeq))
-{
- assert(_privateKey != 0);
- assert(_publicKey != 0);
-}
-
-IceSSL::OpenSSL::RSAKeyPair::~RSAKeyPair()
-{
-}
-
-void
-IceSSL::OpenSSL::RSAKeyPair::keyToBase64(string& b64Key)
-{
- _privateKey->keyToBase64(b64Key);
-}
-
-void
-IceSSL::OpenSSL::RSAKeyPair::certToBase64(string& b64Cert)
-{
- _publicKey->certToBase64(b64Cert);
-}
-
-void
-IceSSL::OpenSSL::RSAKeyPair::keyToByteSeq(ByteSeq& keySeq)
-{
- _privateKey->keyToByteSeq(keySeq);
-}
-
-void
-IceSSL::OpenSSL::RSAKeyPair::certToByteSeq(ByteSeq& certSeq)
-{
- _publicKey->certToByteSeq(certSeq);
-}
-
-RSA*
-IceSSL::OpenSSL::RSAKeyPair::getRSAPrivateKey() const
-{
- return _privateKey->get();
-}
-
-X509*
-IceSSL::OpenSSL::RSAKeyPair::getX509PublicKey() const
-{
- return _publicKey->getX509PublicKey();
-}
-
-IceSSL::OpenSSL::RSAKeyPair::RSAKeyPair(const RSAPrivateKeyPtr& rsa, const RSAPublicKeyPtr& x509) :
- _privateKey(rsa),
- _publicKey(x509)
-{
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <IceUtil/Config.h>
+#include <IceUtil/Base64.h>
+#include <Ice/RSAKeyPair.h>
+#include <Ice/RSAPrivateKey.h>
+#include <Ice/RSAPublicKey.h>
+#include <assert.h>
+
+void ::IceInternal::incRef(::IceSSL::OpenSSL::RSAKeyPair* p) { p->__incRef(); }
+void ::IceInternal::decRef(::IceSSL::OpenSSL::RSAKeyPair* p) { p->__decRef(); }
+
+using std::back_inserter;
+using std::string;
+using Ice::ByteSeq;
+using IceUtil::Base64;
+
+IceSSL::OpenSSL::RSAKeyPair::RSAKeyPair(const string& key, const string& cert) :
+ _privateKey(new RSAPrivateKey(key)),
+ _publicKey(new RSAPublicKey(cert))
+{
+ assert(_privateKey != 0);
+ assert(_publicKey != 0);
+}
+
+IceSSL::OpenSSL::RSAKeyPair::RSAKeyPair(const ByteSeq& keySeq, const ByteSeq& certSeq) :
+ _privateKey(new RSAPrivateKey(keySeq)),
+ _publicKey(new RSAPublicKey(certSeq))
+{
+ assert(_privateKey != 0);
+ assert(_publicKey != 0);
+}
+
+IceSSL::OpenSSL::RSAKeyPair::~RSAKeyPair()
+{
+}
+
+void
+IceSSL::OpenSSL::RSAKeyPair::keyToBase64(string& b64Key)
+{
+ _privateKey->keyToBase64(b64Key);
+}
+
+void
+IceSSL::OpenSSL::RSAKeyPair::certToBase64(string& b64Cert)
+{
+ _publicKey->certToBase64(b64Cert);
+}
+
+void
+IceSSL::OpenSSL::RSAKeyPair::keyToByteSeq(ByteSeq& keySeq)
+{
+ _privateKey->keyToByteSeq(keySeq);
+}
+
+void
+IceSSL::OpenSSL::RSAKeyPair::certToByteSeq(ByteSeq& certSeq)
+{
+ _publicKey->certToByteSeq(certSeq);
+}
+
+RSA*
+IceSSL::OpenSSL::RSAKeyPair::getRSAPrivateKey() const
+{
+ return _privateKey->get();
+}
+
+X509*
+IceSSL::OpenSSL::RSAKeyPair::getX509PublicKey() const
+{
+ return _publicKey->getX509PublicKey();
+}
+
+IceSSL::OpenSSL::RSAKeyPair::RSAKeyPair(const RSAPrivateKeyPtr& rsa, const RSAPublicKeyPtr& x509) :
+ _privateKey(rsa),
+ _publicKey(x509)
+{
+}
+
diff --git a/cpp/src/Ice/RSAPrivateKey.cpp b/cpp/src/Ice/RSAPrivateKey.cpp
index d099ede789f..8df0f157fce 100644
--- a/cpp/src/Ice/RSAPrivateKey.cpp
+++ b/cpp/src/Ice/RSAPrivateKey.cpp
@@ -1,121 +1,121 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-#include <IceUtil/Base64.h>
-#include <Ice/RSAPrivateKey.h>
-#include <Ice/SslIceUtils.h>
-#include <Ice/OpenSSLUtils.h>
-#include <Ice/SslException.h>
-#include <assert.h>
-
-void ::IceInternal::incRef(::IceSSL::OpenSSL::RSAPrivateKey* p) { p->__incRef(); }
-void ::IceInternal::decRef(::IceSSL::OpenSSL::RSAPrivateKey* p) { p->__decRef(); }
-
-using std::back_inserter;
-using std::string;
-using Ice::ByteSeq;
-using IceUtil::Base64;
-
-IceSSL::OpenSSL::RSAPrivateKey::RSAPrivateKey(const string& key)
-{
- assert(!key.empty());
-
- _privateKey = 0;
-
- ByteSeq keySeq = Base64::decode(key);
-
- byteSeqToKey(keySeq);
-}
-
-IceSSL::OpenSSL::RSAPrivateKey::RSAPrivateKey(const ByteSeq& keySeq)
-{
- assert(!keySeq.empty());
-
- _privateKey = 0;
-
- byteSeqToKey(keySeq);
-}
-
-IceSSL::OpenSSL::RSAPrivateKey::RSAPrivateKey(RSA* rsa) :
- _privateKey(rsa)
-{
- assert(_privateKey != 0);
-}
-
-IceSSL::OpenSSL::RSAPrivateKey::~RSAPrivateKey()
-{
- if (_privateKey != 0)
- {
- RSA_free(_privateKey);
- }
-}
-
-void
-IceSSL::OpenSSL::RSAPrivateKey::keyToBase64(string& b64Key)
-{
- ByteSeq keySeq;
- keyToByteSeq(keySeq);
- b64Key = Base64::encode(keySeq);
-}
-
-void
-IceSSL::OpenSSL::RSAPrivateKey::keyToByteSeq(ByteSeq& keySeq)
-{
- assert(_privateKey);
-
- // Output the Private Key to a char buffer
- unsigned int privKeySize = i2d_RSAPrivateKey(_privateKey, 0);
-
- assert(privKeySize > 0);
-
- unsigned char* privateKeyBuffer = new unsigned char[privKeySize];
- assert(privateKeyBuffer != 0);
-
- // We have to do this because i2d_RSAPrivateKey changes the pointer.
- unsigned char* privKeyBuff = privateKeyBuffer;
- i2d_RSAPrivateKey(_privateKey, &privKeyBuff);
-
- IceSSL::ucharToByteSeq(privateKeyBuffer, privKeySize, keySeq);
-
- delete [] privateKeyBuffer;
-}
-
-RSA*
-IceSSL::OpenSSL::RSAPrivateKey::get() const
-{
- return _privateKey;
-}
-
-void
-IceSSL::OpenSSL::RSAPrivateKey::byteSeqToKey(const ByteSeq& keySeq)
-{
- unsigned char* privateKeyBuffer = byteSeqToUChar(keySeq);
- assert(privateKeyBuffer != 0);
-
- unsigned char* privKeyBuff = privateKeyBuffer;
- unsigned char** privKeyBuffpp = &privKeyBuff;
- RSA** rsapp = &_privateKey;
-
- _privateKey = d2i_RSAPrivateKey(rsapp, privKeyBuffpp, (long)keySeq.size());
-
- if (_privateKey == 0)
- {
- IceSSL::PrivateKeyParseException pkParseException(__FILE__, __LINE__);
-
- pkParseException._message = "unable to parse provided private key\n" + sslGetErrors();
-
- throw pkParseException;
- }
-
- // ML: Not deleted if an exception is raised!
- delete [] privateKeyBuffer;
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <IceUtil/Config.h>
+#include <IceUtil/Base64.h>
+#include <Ice/RSAPrivateKey.h>
+#include <Ice/SslIceUtils.h>
+#include <Ice/OpenSSLUtils.h>
+#include <Ice/SslException.h>
+#include <assert.h>
+
+void ::IceInternal::incRef(::IceSSL::OpenSSL::RSAPrivateKey* p) { p->__incRef(); }
+void ::IceInternal::decRef(::IceSSL::OpenSSL::RSAPrivateKey* p) { p->__decRef(); }
+
+using std::back_inserter;
+using std::string;
+using Ice::ByteSeq;
+using IceUtil::Base64;
+
+IceSSL::OpenSSL::RSAPrivateKey::RSAPrivateKey(const string& key)
+{
+ assert(!key.empty());
+
+ _privateKey = 0;
+
+ ByteSeq keySeq = Base64::decode(key);
+
+ byteSeqToKey(keySeq);
+}
+
+IceSSL::OpenSSL::RSAPrivateKey::RSAPrivateKey(const ByteSeq& keySeq)
+{
+ assert(!keySeq.empty());
+
+ _privateKey = 0;
+
+ byteSeqToKey(keySeq);
+}
+
+IceSSL::OpenSSL::RSAPrivateKey::RSAPrivateKey(RSA* rsa) :
+ _privateKey(rsa)
+{
+ assert(_privateKey != 0);
+}
+
+IceSSL::OpenSSL::RSAPrivateKey::~RSAPrivateKey()
+{
+ if (_privateKey != 0)
+ {
+ RSA_free(_privateKey);
+ }
+}
+
+void
+IceSSL::OpenSSL::RSAPrivateKey::keyToBase64(string& b64Key)
+{
+ ByteSeq keySeq;
+ keyToByteSeq(keySeq);
+ b64Key = Base64::encode(keySeq);
+}
+
+void
+IceSSL::OpenSSL::RSAPrivateKey::keyToByteSeq(ByteSeq& keySeq)
+{
+ assert(_privateKey);
+
+ // Output the Private Key to a char buffer
+ unsigned int privKeySize = i2d_RSAPrivateKey(_privateKey, 0);
+
+ assert(privKeySize > 0);
+
+ unsigned char* privateKeyBuffer = new unsigned char[privKeySize];
+ assert(privateKeyBuffer != 0);
+
+ // We have to do this because i2d_RSAPrivateKey changes the pointer.
+ unsigned char* privKeyBuff = privateKeyBuffer;
+ i2d_RSAPrivateKey(_privateKey, &privKeyBuff);
+
+ IceSSL::ucharToByteSeq(privateKeyBuffer, privKeySize, keySeq);
+
+ delete [] privateKeyBuffer;
+}
+
+RSA*
+IceSSL::OpenSSL::RSAPrivateKey::get() const
+{
+ return _privateKey;
+}
+
+void
+IceSSL::OpenSSL::RSAPrivateKey::byteSeqToKey(const ByteSeq& keySeq)
+{
+ unsigned char* privateKeyBuffer = byteSeqToUChar(keySeq);
+ assert(privateKeyBuffer != 0);
+
+ unsigned char* privKeyBuff = privateKeyBuffer;
+ unsigned char** privKeyBuffpp = &privKeyBuff;
+ RSA** rsapp = &_privateKey;
+
+ _privateKey = d2i_RSAPrivateKey(rsapp, privKeyBuffpp, (long)keySeq.size());
+
+ if (_privateKey == 0)
+ {
+ IceSSL::PrivateKeyParseException pkParseException(__FILE__, __LINE__);
+
+ pkParseException._message = "unable to parse provided private key\n" + sslGetErrors();
+
+ throw pkParseException;
+ }
+
+ // ML: Not deleted if an exception is raised!
+ delete [] privateKeyBuffer;
+}
+
diff --git a/cpp/src/Ice/RSAPublicKey.cpp b/cpp/src/Ice/RSAPublicKey.cpp
index f40076d8111..b8918884522 100644
--- a/cpp/src/Ice/RSAPublicKey.cpp
+++ b/cpp/src/Ice/RSAPublicKey.cpp
@@ -1,122 +1,122 @@
-// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-#include <IceUtil/Base64.h>
-#include <Ice/RSAPublicKey.h>
-#include <Ice/SslIceUtils.h>
-#include <Ice/OpenSSLUtils.h>
-#include <Ice/SslException.h>
-#include <assert.h>
-
-void ::IceInternal::incRef(::IceSSL::OpenSSL::RSAPublicKey* p) { p->__incRef(); }
-void ::IceInternal::decRef(::IceSSL::OpenSSL::RSAPublicKey* p) { p->__decRef(); }
-
-using std::back_inserter;
-using std::string;
-using Ice::ByteSeq;
-using IceUtil::Base64;
-
-IceSSL::OpenSSL::RSAPublicKey::RSAPublicKey(const string& cert)
-{
- assert(!cert.empty());
-
- _publicKey = 0;
-
- ByteSeq certSeq = Base64::decode(cert);
-
- byteSeqToCert(certSeq);
-}
-
-IceSSL::OpenSSL::RSAPublicKey::RSAPublicKey(const ByteSeq& certSeq)
-{
- assert(!certSeq.empty());
-
- _publicKey = 0;
-
- byteSeqToCert(certSeq);
-}
-
-IceSSL::OpenSSL::RSAPublicKey::~RSAPublicKey()
-{
- if (_publicKey != 0)
- {
- X509_free(_publicKey);
- }
-}
-
-void
-IceSSL::OpenSSL::RSAPublicKey::certToBase64(string& b64Cert)
-{
- ByteSeq certSeq;
- certToByteSeq(certSeq);
- b64Cert = Base64::encode(certSeq);
-}
-
-void
-IceSSL::OpenSSL::RSAPublicKey::certToByteSeq(ByteSeq& certSeq)
-{
- assert(_publicKey);
-
- // Output the Public Key to a char buffer
- unsigned int pubKeySize = i2d_X509(_publicKey, 0);
-
- assert(pubKeySize > 0);
-
- unsigned char* publicKeyBuffer = new unsigned char[pubKeySize];
- assert(publicKeyBuffer != 0);
-
- // We have to do this because i2d_X509_PUBKEY changes the pointer.
- unsigned char* pubKeyBuff = publicKeyBuffer;
- i2d_X509(_publicKey, &pubKeyBuff);
-
- IceSSL::ucharToByteSeq(publicKeyBuffer, pubKeySize, certSeq);
-
- delete []publicKeyBuffer;
-}
-
-X509*
-IceSSL::OpenSSL::RSAPublicKey::getX509PublicKey() const
-{
- return _publicKey;
-}
-
-IceSSL::OpenSSL::RSAPublicKey::RSAPublicKey(X509* x509) :
- _publicKey(x509)
-{
-}
-
-void
-IceSSL::OpenSSL::RSAPublicKey::byteSeqToCert(const ByteSeq& certSeq)
-{
- unsigned char* publicKeyBuffer = byteSeqToUChar(certSeq);
- assert(publicKeyBuffer != 0);
-
- // We have to do this because d2i_X509 changes the pointer.
- unsigned char* pubKeyBuff = publicKeyBuffer;
- unsigned char** pubKeyBuffpp = &pubKeyBuff;
-
- X509** x509pp = &_publicKey;
-
- _publicKey = d2i_X509(x509pp, pubKeyBuffpp, (long)certSeq.size());
-
- if (_publicKey == 0)
- {
- IceSSL::CertificateParseException certParseException(__FILE__, __LINE__);
-
- certParseException._message = "unable to parse provided public key\n" + sslGetErrors();
-
- throw certParseException;
- }
-
- delete []publicKeyBuffer;
-}
-
-
+// **********************************************************************
+//
+// Copyright (c) 2001
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <IceUtil/Config.h>
+#include <IceUtil/Base64.h>
+#include <Ice/RSAPublicKey.h>
+#include <Ice/SslIceUtils.h>
+#include <Ice/OpenSSLUtils.h>
+#include <Ice/SslException.h>
+#include <assert.h>
+
+void ::IceInternal::incRef(::IceSSL::OpenSSL::RSAPublicKey* p) { p->__incRef(); }
+void ::IceInternal::decRef(::IceSSL::OpenSSL::RSAPublicKey* p) { p->__decRef(); }
+
+using std::back_inserter;
+using std::string;
+using Ice::ByteSeq;
+using IceUtil::Base64;
+
+IceSSL::OpenSSL::RSAPublicKey::RSAPublicKey(const string& cert)
+{
+ assert(!cert.empty());
+
+ _publicKey = 0;
+
+ ByteSeq certSeq = Base64::decode(cert);
+
+ byteSeqToCert(certSeq);
+}
+
+IceSSL::OpenSSL::RSAPublicKey::RSAPublicKey(const ByteSeq& certSeq)
+{
+ assert(!certSeq.empty());
+
+ _publicKey = 0;
+
+ byteSeqToCert(certSeq);
+}
+
+IceSSL::OpenSSL::RSAPublicKey::~RSAPublicKey()
+{
+ if (_publicKey != 0)
+ {
+ X509_free(_publicKey);
+ }
+}
+
+void
+IceSSL::OpenSSL::RSAPublicKey::certToBase64(string& b64Cert)
+{
+ ByteSeq certSeq;
+ certToByteSeq(certSeq);
+ b64Cert = Base64::encode(certSeq);
+}
+
+void
+IceSSL::OpenSSL::RSAPublicKey::certToByteSeq(ByteSeq& certSeq)
+{
+ assert(_publicKey);
+
+ // Output the Public Key to a char buffer
+ unsigned int pubKeySize = i2d_X509(_publicKey, 0);
+
+ assert(pubKeySize > 0);
+
+ unsigned char* publicKeyBuffer = new unsigned char[pubKeySize];
+ assert(publicKeyBuffer != 0);
+
+ // We have to do this because i2d_X509_PUBKEY changes the pointer.
+ unsigned char* pubKeyBuff = publicKeyBuffer;
+ i2d_X509(_publicKey, &pubKeyBuff);
+
+ IceSSL::ucharToByteSeq(publicKeyBuffer, pubKeySize, certSeq);
+
+ delete []publicKeyBuffer;
+}
+
+X509*
+IceSSL::OpenSSL::RSAPublicKey::getX509PublicKey() const
+{
+ return _publicKey;
+}
+
+IceSSL::OpenSSL::RSAPublicKey::RSAPublicKey(X509* x509) :
+ _publicKey(x509)
+{
+}
+
+void
+IceSSL::OpenSSL::RSAPublicKey::byteSeqToCert(const ByteSeq& certSeq)
+{
+ unsigned char* publicKeyBuffer = byteSeqToUChar(certSeq);
+ assert(publicKeyBuffer != 0);
+
+ // We have to do this because d2i_X509 changes the pointer.
+ unsigned char* pubKeyBuff = publicKeyBuffer;
+ unsigned char** pubKeyBuffpp = &pubKeyBuff;
+
+ X509** x509pp = &_publicKey;
+
+ _publicKey = d2i_X509(x509pp, pubKeyBuffpp, (long)certSeq.size());
+
+ if (_publicKey == 0)
+ {
+ IceSSL::CertificateParseException certParseException(__FILE__, __LINE__);
+
+ certParseException._message = "unable to parse provided public key\n" + sslGetErrors();
+
+ throw certParseException;
+ }
+
+ delete []publicKeyBuffer;
+}
+
+
diff --git a/cpp/src/Ice/SingleCertificateVerifier.cpp b/cpp/src/Ice/SingleCertificateVerifier.cpp
index 9b76e44aa26..2467bd1e7f2 100644
--- a/cpp/src/Ice/SingleCertificateVerifier.cpp
+++ b/cpp/src/Ice/SingleCertificateVerifier.cpp
@@ -9,12 +9,12 @@
// **********************************************************************
#include <Ice/SingleCertificateVerifier.h>
-#include <Ice/SslIceUtils.h>
+#include <Ice/SslIceUtils.h>
#include <openssl/err.h>
#include <algorithm>
#include <iostream>
-using namespace std;
+using namespace std;
using Ice::ByteSeq;
IceSSL::OpenSSL::SingleCertificateVerifier::SingleCertificateVerifier(const ByteSeq& publicKey) :
@@ -23,8 +23,8 @@ IceSSL::OpenSSL::SingleCertificateVerifier::SingleCertificateVerifier(const Byte
}
int
-IceSSL::OpenSSL::SingleCertificateVerifier::verify(int preVerifyOkay,
- X509_STORE_CTX* x509StoreContext,
+IceSSL::OpenSSL::SingleCertificateVerifier::verify(int preVerifyOkay,
+ X509_STORE_CTX* x509StoreContext,
SSL* sslConnection)
{
// Short circuit - if the peer cert wasn't good enough for OpenSSL,
@@ -97,7 +97,7 @@ IceSSL::OpenSSL::SingleCertificateVerifier::verify(int preVerifyOkay,
return preVerifyOkay;
}
-
+
ByteSeq
IceSSL::OpenSSL::SingleCertificateVerifier::toByteSeq(X509* certificate)
{
@@ -110,7 +110,7 @@ IceSSL::OpenSSL::SingleCertificateVerifier::toByteSeq(X509* certificate)
i2d_X509(certificate, &certPtr);
// Yet another conversion to a ByteSeq (easy comparison this way).
- IceSSL::ucharToByteSeq(certBuffer, certSize, certByteSeq);
+ IceSSL::ucharToByteSeq(certBuffer, certSize, certByteSeq);
delete []certBuffer;
return certByteSeq;
diff --git a/cpp/src/Ice/SingleCertificateVerifier.h b/cpp/src/Ice/SingleCertificateVerifier.h
index fe3ec7d152a..20a0c78324c 100644
--- a/cpp/src/Ice/SingleCertificateVerifier.h
+++ b/cpp/src/Ice/SingleCertificateVerifier.h
@@ -22,7 +22,7 @@ namespace OpenSSL
class SingleCertificateVerifier : public IceSSL::OpenSSL::CertificateVerifier
{
-public:
+public:
SingleCertificateVerifier(const Ice::ByteSeq&);
@@ -30,7 +30,7 @@ public:
Ice::ByteSeq toByteSeq(X509*);
-protected:
+protected:
Ice::ByteSeq _publicKey;
};
diff --git a/cpp/src/Ice/SslConnection.cpp b/cpp/src/Ice/SslConnection.cpp
index 511344a72e6..30a00540caf 100644
--- a/cpp/src/Ice/SslConnection.cpp
+++ b/cpp/src/Ice/SslConnection.cpp
@@ -13,19 +13,19 @@
void ::IceInternal::incRef(::IceSSL::Connection* p) { p->__incRef(); }
void ::IceInternal::decRef(::IceSSL::Connection* p) { p->__decRef(); }
-IceSSL::Connection::Connection(const IceInternal::TraceLevelsPtr& traceLevels,
- const Ice::LoggerPtr& logger,
- const CertificateVerifierPtr& certificateVerifier) :
- _traceLevels(traceLevels),
- _logger(logger),
+IceSSL::Connection::Connection(const IceInternal::TraceLevelsPtr& traceLevels,
+ const Ice::LoggerPtr& logger,
+ const CertificateVerifierPtr& certificateVerifier) :
+ _traceLevels(traceLevels),
+ _logger(logger),
_certificateVerifier(certificateVerifier)
-{
- assert(_traceLevels != 0);
- assert(_logger != 0);
+{
+ assert(_traceLevels != 0);
+ assert(_logger != 0);
assert(_certificateVerifier != 0);
}
IceSSL::Connection::~Connection()
-{
+{
}
diff --git a/cpp/src/Ice/SslConnection.h b/cpp/src/Ice/SslConnection.h
index fe77bb45ff0..3acfd387c08 100644
--- a/cpp/src/Ice/SslConnection.h
+++ b/cpp/src/Ice/SslConnection.h
@@ -23,10 +23,10 @@ namespace IceSSL
class Connection : public IceUtil::Shared
{
-public:
+public:
- Connection(const IceInternal::TraceLevelsPtr&,
- const Ice::LoggerPtr&,
+ Connection(const IceInternal::TraceLevelsPtr&,
+ const Ice::LoggerPtr&,
const IceSSL::CertificateVerifierPtr&);
virtual ~Connection();
@@ -35,10 +35,10 @@ public:
virtual int read(IceInternal::Buffer&, int) = 0;
virtual int write(IceInternal::Buffer&, int) = 0;
-protected:
+protected:
- IceInternal::TraceLevelsPtr _traceLevels;
- Ice::LoggerPtr _logger;
+ IceInternal::TraceLevelsPtr _traceLevels;
+ Ice::LoggerPtr _logger;
CertificateVerifierPtr _certificateVerifier;
};
diff --git a/cpp/src/Ice/SslConnectionOpenSSL.cpp b/cpp/src/Ice/SslConnectionOpenSSL.cpp
index 289015b64a1..7bc74e0559d 100644
--- a/cpp/src/Ice/SslConnectionOpenSSL.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSL.cpp
@@ -20,7 +20,7 @@
#include <openssl/err.h>
#include <string>
#include <sstream>
-#include <Ice/Network.h>
+#include <Ice/Network.h>
#include <Ice/OpenSSL.h>
#include <Ice/SslException.h>
#include <Ice/SslFactory.h>
@@ -69,15 +69,15 @@ void ::IceInternal::decRef(::IceSSL::OpenSSL::Connection* p) { p->__decRef(); }
// but unfortunately, it appears that this is not properly picked up.
//
-IceSSL::OpenSSL::Connection::Connection(const IceInternal::TraceLevelsPtr& traceLevels,
- const Ice::LoggerPtr& logger,
+IceSSL::OpenSSL::Connection::Connection(const IceInternal::TraceLevelsPtr& traceLevels,
+ const Ice::LoggerPtr& logger,
const IceSSL::CertificateVerifierPtr& certificateVerifier,
- SSL* sslConnection,
+ SSL* sslConnection,
const IceSSL::SystemInternalPtr& system) :
IceSSL::Connection(traceLevels, logger, certificateVerifier),
_sslConnection(sslConnection)
{
- assert(_sslConnection != 0);
+ assert(_sslConnection != 0);
assert(system != 0);
Factory::addSystemHandle(_sslConnection, system);
@@ -109,10 +109,10 @@ void
IceSSL::OpenSSL::Connection::shutdown()
{
if (_sslConnection == 0)
- {
- return;
+ {
+ return;
}
-
+
if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
{
_logger->trace(_traceLevels->securityCat, "WRN " +
@@ -120,7 +120,7 @@ IceSSL::OpenSSL::Connection::shutdown()
fdToString(SSL_get_fd(_sslConnection)));
}
- int shutdown = 0;
+ int shutdown = 0;
int numRetries = 100;
int retries = -numRetries;
@@ -142,7 +142,7 @@ IceSSL::OpenSSL::Connection::shutdown()
void
IceSSL::OpenSSL::Connection::setHandshakeReadTimeout(int timeout)
-{
+{
_handshakeReadTimeout = timeout;
}
@@ -160,12 +160,12 @@ IceSSL::OpenSSL::Connection::getConnection(SSL* sslPtr)
return ConnectionPtr(connection);
}
-//
-// Note: Do not throw exceptions from verifyCertificate - it would rip through the OpenSSL system,
-// interfering with the usual handling and alert system of the handshake. Exceptions should
-// be caught here (if they can be generated), logged and then a fail return code (0) should
-// returned.
-//
+//
+// Note: Do not throw exceptions from verifyCertificate - it would rip through the OpenSSL system,
+// interfering with the usual handling and alert system of the handshake. Exceptions should
+// be caught here (if they can be generated), logged and then a fail return code (0) should
+// returned.
+//
int
IceSSL::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX* x509StoreContext)
{
@@ -179,24 +179,24 @@ IceSSL::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX
// Check to make sure we have a proper verifier for the operation.
if (verifier)
{
- // Use the verifier to verify the certificate
- try
+ // Use the verifier to verify the certificate
+ try
{
- preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection);
- }
- catch (const Ice::LocalException& localEx)
- {
- if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
- {
- ostringstream s;
-
- s << "WRN exception during certificate verification: " << std::endl;
- s << localEx << flush;
-
- _logger->trace(_traceLevels->securityCat, s.str());
- }
-
- preVerifyOkay = 0;
+ preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection);
+ }
+ catch (const Ice::LocalException& localEx)
+ {
+ if (_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
+ {
+ ostringstream s;
+
+ s << "WRN exception during certificate verification: " << std::endl;
+ s << localEx << flush;
+
+ _logger->trace(_traceLevels->securityCat, s.str());
+ }
+
+ preVerifyOkay = 0;
}
}
else
@@ -232,8 +232,8 @@ IceSSL::OpenSSL::Connection::verifyCertificate(int preVerifyOkay, X509_STORE_CTX
int
IceSSL::OpenSSL::Connection::connect()
{
- assert(_sslConnection != 0);
-
+ assert(_sslConnection != 0);
+
int result = SSL_connect(_sslConnection);
setLastError(result);
@@ -244,20 +244,20 @@ IceSSL::OpenSSL::Connection::connect()
int
IceSSL::OpenSSL::Connection::accept()
{
- assert(_sslConnection != 0);
-
+ assert(_sslConnection != 0);
+
int result = SSL_accept(_sslConnection);
setLastError(result);
return result;
}
-
+
// NOTE: Currently not used, maybe later.
int
IceSSL::OpenSSL::Connection::renegotiate()
{
- assert(_sslConnection != 0);
+ assert(_sslConnection != 0);
return SSL_renegotiate(_sslConnection);
}
@@ -267,7 +267,7 @@ IceSSL::OpenSSL::Connection::initialize(int timeout)
int retCode = 0;
while (true)
- {
+ {
// One lucky thread will get the honor of carrying out the hanshake,
// if there is one to perform. The HandshakeSentinel effectively
// establishes a first-come, first-serve policy. One thread will own
@@ -305,25 +305,25 @@ IceSSL::OpenSSL::Connection::initialize(int timeout)
return retCode;
}
-int
-IceSSL::OpenSSL::Connection::pending()
-{
- assert(_sslConnection != 0);
- return SSL_pending(_sslConnection);
-}
-
-int
-IceSSL::OpenSSL::Connection::getLastError() const
-{
- assert(_sslConnection != 0);
- return SSL_get_error(_sslConnection, _lastError);
-}
-
+int
+IceSSL::OpenSSL::Connection::pending()
+{
+ assert(_sslConnection != 0);
+ return SSL_pending(_sslConnection);
+}
+
+int
+IceSSL::OpenSSL::Connection::getLastError() const
+{
+ assert(_sslConnection != 0);
+ return SSL_get_error(_sslConnection, _lastError);
+}
+
int
IceSSL::OpenSSL::Connection::sslRead(char* buffer, int bufferSize)
{
- assert(_sslConnection != 0);
-
+ assert(_sslConnection != 0);
+
int bytesRead = SSL_read(_sslConnection, buffer, bufferSize);
setLastError(bytesRead);
@@ -334,8 +334,8 @@ IceSSL::OpenSSL::Connection::sslRead(char* buffer, int bufferSize)
int
IceSSL::OpenSSL::Connection::sslWrite(char* buffer, int bufferSize)
{
- assert(_sslConnection != 0);
-
+ assert(_sslConnection != 0);
+
int bytesWritten = SSL_write(_sslConnection, buffer, bufferSize);
setLastError(bytesWritten);
@@ -343,78 +343,78 @@ IceSSL::OpenSSL::Connection::sslWrite(char* buffer, int bufferSize)
return bytesWritten;
}
-int
-IceSSL::OpenSSL::Connection::select(int timeout, bool write)
-{
- int ret;
-
- assert(_sslConnection != 0);
- SOCKET fd = SSL_get_fd(_sslConnection);
-
- fd_set rwFdSet;
- struct timeval tv;
-
- if (timeout >= 0)
- {
- tv.tv_sec = timeout / 1000;
- tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000;
- }
-
- do
- {
- FD_ZERO(&rwFdSet);
- FD_SET(fd, &rwFdSet);
-
- if (timeout >= 0)
- {
- if (write)
- {
- ret = ::select(fd + 1, 0, &rwFdSet, 0, &tv);
- }
- else
- {
- ret = ::select(fd + 1, &rwFdSet, 0, 0, &tv);
- }
- }
- else
- {
- if (write)
- {
- ret = ::select(fd + 1, 0, &rwFdSet, 0, 0);
- }
- else
- {
- ret = ::select(fd + 1, &rwFdSet, 0, 0, 0);
- }
- }
- }
- while (ret == SOCKET_ERROR && interrupted());
-
- if (ret == SOCKET_ERROR)
- {
- SocketException ex(__FILE__, __LINE__);
- ex.error = getSocketErrno();
- throw ex;
- }
-
- if (ret == 0)
- {
- throw TimeoutException(__FILE__, __LINE__);
- }
-
- return FD_ISSET(fd, &rwFdSet);
+int
+IceSSL::OpenSSL::Connection::select(int timeout, bool write)
+{
+ int ret;
+
+ assert(_sslConnection != 0);
+ SOCKET fd = SSL_get_fd(_sslConnection);
+
+ fd_set rwFdSet;
+ struct timeval tv;
+
+ if (timeout >= 0)
+ {
+ tv.tv_sec = timeout / 1000;
+ tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000;
+ }
+
+ do
+ {
+ FD_ZERO(&rwFdSet);
+ FD_SET(fd, &rwFdSet);
+
+ if (timeout >= 0)
+ {
+ if (write)
+ {
+ ret = ::select(fd + 1, 0, &rwFdSet, 0, &tv);
+ }
+ else
+ {
+ ret = ::select(fd + 1, &rwFdSet, 0, 0, &tv);
+ }
+ }
+ else
+ {
+ if (write)
+ {
+ ret = ::select(fd + 1, 0, &rwFdSet, 0, 0);
+ }
+ else
+ {
+ ret = ::select(fd + 1, &rwFdSet, 0, 0, 0);
+ }
+ }
+ }
+ while (ret == SOCKET_ERROR && interrupted());
+
+ if (ret == SOCKET_ERROR)
+ {
+ SocketException ex(__FILE__, __LINE__);
+ ex.error = getSocketErrno();
+ throw ex;
+ }
+
+ if (ret == 0)
+ {
+ throw TimeoutException(__FILE__, __LINE__);
+ }
+
+ return FD_ISSET(fd, &rwFdSet);
}
int
IceSSL::OpenSSL::Connection::readSelect(int timeout)
{
- return select(timeout, false);
+ return select(timeout, false);
}
int
IceSSL::OpenSSL::Connection::writeSelect(int timeout)
-{
- return select(timeout, true);
+{
+ return select(timeout, true);
}
int
@@ -569,14 +569,14 @@ IceSSL::OpenSSL::Connection::read(Buffer& buf, int timeout)
return totalBytesRead;
}
-
+
void
IceSSL::OpenSSL::Connection::addConnection(SSL* sslPtr, Connection* connection)
{
assert(sslPtr);
assert(connection);
IceUtil::Mutex::Lock sync(_connectionRepositoryMutex);
- _connectionMap[sslPtr] = connection;
+ _connectionMap[sslPtr] = connection;
}
void
@@ -589,10 +589,10 @@ IceSSL::OpenSSL::Connection::removeConnection(SSL* sslPtr)
void
IceSSL::OpenSSL::Connection::showCertificateChain(BIO* bio)
-{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+{
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
STACK_OF(X509)* sk;
// Big nasty buffer
@@ -622,9 +622,9 @@ IceSSL::OpenSSL::Connection::showCertificateChain(BIO* bio)
void
IceSSL::OpenSSL::Connection::showPeerCertificate(BIO* bio, const char* connType)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
X509* peerCert = 0;
char buffer[4096];
@@ -655,16 +655,16 @@ IceSSL::OpenSSL::Connection::showPeerCertificate(BIO* bio, const char* connType)
void
IceSSL::OpenSSL::Connection::showSharedCiphers(BIO* bio)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
char buffer[4096];
char* strPointer = 0;
if ((strPointer = SSL_get_shared_ciphers(_sslConnection, buffer, sizeof(buffer))) != 0)
{
- // This works only for SSL 2. In later protocol versions, the client does not know
- // what other ciphers (in addition to the one to be used in the current connection)
+ // This works only for SSL 2. In later protocol versions, the client does not know
+ // what other ciphers (in addition to the one to be used in the current connection)
// the server supports.
BIO_printf(bio, "---\nShared Ciphers:\n");
@@ -697,9 +697,9 @@ IceSSL::OpenSSL::Connection::showSharedCiphers(BIO* bio)
void
IceSSL::OpenSSL::Connection::showSessionInfo(BIO* bio)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
if (_sslConnection->hit)
{
BIO_printf(bio, "Reused session-id\n");
@@ -711,9 +711,9 @@ IceSSL::OpenSSL::Connection::showSessionInfo(BIO* bio)
void
IceSSL::OpenSSL::Connection::showSelectedCipherInfo(BIO* bio)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
const char* str;
SSL_CIPHER* cipher;
@@ -730,9 +730,9 @@ IceSSL::OpenSSL::Connection::showSelectedCipherInfo(BIO* bio)
void
IceSSL::OpenSSL::Connection::showHandshakeStats(BIO* bio)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+
BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(_sslConnection)),
BIO_number_written(SSL_get_wbio(_sslConnection)));
@@ -741,10 +741,10 @@ IceSSL::OpenSSL::Connection::showHandshakeStats(BIO* bio)
void
IceSSL::OpenSSL::Connection::showClientCAList(BIO* bio, const char* connType)
{
- assert(_sslConnection != 0);
- assert(bio != 0);
- assert(connType != 0);
-
+ assert(_sslConnection != 0);
+ assert(bio != 0);
+ assert(connType != 0);
+
char buffer[4096];
STACK_OF(X509_NAME)* sk = SSL_get_client_CA_list(_sslConnection);
diff --git a/cpp/src/Ice/SslConnectionOpenSSL.h b/cpp/src/Ice/SslConnectionOpenSSL.h
index 929ca453c1d..e755e002cc1 100644
--- a/cpp/src/Ice/SslConnectionOpenSSL.h
+++ b/cpp/src/Ice/SslConnectionOpenSSL.h
@@ -27,7 +27,7 @@ namespace OpenSSL
class SafeFlag
{
-public:
+public:
SafeFlag(bool flagVal = false)
{
@@ -72,7 +72,7 @@ public:
}
private:
-
+
::IceUtil::Mutex _mutex;
bool _flag;
};
@@ -117,10 +117,10 @@ class Connection : public IceSSL::Connection
{
public:
- Connection(const IceInternal::TraceLevelsPtr&,
- const Ice::LoggerPtr&,
- const IceSSL::CertificateVerifierPtr&,
- SSL*,
+ Connection(const IceInternal::TraceLevelsPtr&,
+ const Ice::LoggerPtr&,
+ const IceSSL::CertificateVerifierPtr&,
+ SSL*,
const IceSSL::SystemInternalPtr&);
virtual ~Connection();
@@ -151,7 +151,7 @@ protected:
int sslRead(char*, int);
int sslWrite(char*, int);
- int select(int, bool);
+ int select(int, bool);
int readSelect(int);
int writeSelect(int);
diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
index b07b9566b71..9519309ece5 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
@@ -13,7 +13,7 @@
#include <Ice/OpenSSLUtils.h>
#include <Ice/Network.h>
#include <Ice/OpenSSL.h>
-#include <Ice/SslException.h>
+#include <Ice/SslException.h>
#include <Ice/OpenSSLJanitors.h>
#include <Ice/SslConnectionOpenSSLClient.h>
@@ -170,39 +170,39 @@ IceSSL::OpenSSL::ClientConnection::init(int timeout)
protocolEx._message = "encountered an EOF during handshake that violates the ssl protocol\n";
protocolEx._message += sslGetErrors();
- throw protocolEx;
+ throw protocolEx;
}
}
case SSL_ERROR_SSL:
{
- int verifyError = SSL_get_verify_result(_sslConnection);
-
- if (verifyError != X509_V_OK && verifyError != 1)
- {
- CertificateVerificationException certVerEx(__FILE__, __LINE__);
-
- certVerEx._message = "ssl certificate verification error";
-
- string errors = sslGetErrors();
-
- if (!errors.empty())
- {
- certVerEx._message += "\n";
- certVerEx._message += errors;
- }
-
- throw certVerEx;
- }
- else
- {
+ int verifyError = SSL_get_verify_result(_sslConnection);
+
+ if (verifyError != X509_V_OK && verifyError != 1)
+ {
+ CertificateVerificationException certVerEx(__FILE__, __LINE__);
+
+ certVerEx._message = "ssl certificate verification error";
+
+ string errors = sslGetErrors();
+
+ if (!errors.empty())
+ {
+ certVerEx._message += "\n";
+ certVerEx._message += errors;
+ }
+
+ throw certVerEx;
+ }
+ else
+ {
ProtocolException protocolEx(__FILE__, __LINE__);
protocolEx._message = "encountered a violation of the ssl protocol during handshake\n";
protocolEx._message += sslGetErrors();
throw protocolEx;
- }
+ }
}
}
@@ -294,8 +294,8 @@ IceSSL::OpenSSL::ClientConnection::write(Buffer& buf, int timeout)
case SSL_ERROR_SYSCALL:
{
- // NOTE: The OpenSSL demo client only raises and error condition if there were
- // actually bytes written. This is considered to be an error status
+ // NOTE: The OpenSSL demo client only raises and error condition if there were
+ // actually bytes written. This is considered to be an error status
// requiring shutdown.
// If nothing was written, the demo client stops writing - we continue.
// This is potentially something wierd to watch out for.
@@ -374,7 +374,7 @@ IceSSL::OpenSSL::ClientConnection::showConnectionInfo()
{
// Only in extreme cases do we enable this, partially because it doesn't use the Logger.
if ((_traceLevels->security >= IceSSL::SECURITY_PROTOCOL_DEBUG) && 0)
- {
+ {
BIOJanitor bioJanitor(BIO_new_fp(stdout, BIO_NOCLOSE));
BIO* bio = bioJanitor.get();
diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.h b/cpp/src/Ice/SslConnectionOpenSSLClient.h
index da6c13f1c04..27547898961 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLClient.h
+++ b/cpp/src/Ice/SslConnectionOpenSSLClient.h
@@ -22,14 +22,14 @@ namespace OpenSSL
class ClientConnection : public Connection
{
public:
-
- ClientConnection(const IceInternal::TraceLevelsPtr&,
- const Ice::LoggerPtr&,
- const IceSSL::CertificateVerifierPtr&,
- SSL*,
+
+ ClientConnection(const IceInternal::TraceLevelsPtr&,
+ const Ice::LoggerPtr&,
+ const IceSSL::CertificateVerifierPtr&,
+ SSL*,
const IceSSL::SystemInternalPtr&);
virtual ~ClientConnection();
-
+
virtual void shutdown();
virtual int init(int timeout = 0);
diff --git a/cpp/src/Ice/SslConnectionOpenSSLF.h b/cpp/src/Ice/SslConnectionOpenSSLF.h
index 69a536facea..4c35b8166a3 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLF.h
+++ b/cpp/src/Ice/SslConnectionOpenSSLF.h
@@ -16,13 +16,13 @@
namespace IceSSL
{
-namespace OpenSSL
-{
-
+namespace OpenSSL
+{
+
class Connection;
typedef IceInternal::Handle<Connection> ConnectionPtr;
-
-}
+
+}
}
diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
index a86f18edede..86f169fd3c7 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSLServer.cpp
@@ -13,7 +13,7 @@
#include <Ice/OpenSSLUtils.h>
#include <Ice/Network.h>
#include <Ice/OpenSSL.h>
-#include <Ice/SslException.h>
+#include <Ice/SslException.h>
#include <Ice/OpenSSLJanitors.h>
#include <Ice/SslConnectionOpenSSLServer.h>
@@ -141,7 +141,7 @@ IceSSL::OpenSSL::ServerConnection::init(int timeout)
}
}
- // Find out what the error was (if any).
+ // Find out what the error was (if any).
switch (getLastError())
{
case SSL_ERROR_WANT_READ:
@@ -372,8 +372,8 @@ IceSSL::OpenSSL::ServerConnection::showConnectionInfo()
// Only in extreme cases do we enable this, partially because it doesn't use the Logger.
if ((_traceLevels->security >= IceSSL::SECURITY_PROTOCOL_DEBUG) && 0)
{
- BIOJanitor bioJanitor(BIO_new_fp(stdout, BIO_NOCLOSE));
- BIO* bio = bioJanitor.get();
+ BIOJanitor bioJanitor(BIO_new_fp(stdout, BIO_NOCLOSE));
+ BIO* bio = bioJanitor.get();
showCertificateChain(bio);
diff --git a/cpp/src/Ice/SslConnectionOpenSSLServer.h b/cpp/src/Ice/SslConnectionOpenSSLServer.h
index e96afdb002d..599be04efb2 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLServer.h
+++ b/cpp/src/Ice/SslConnectionOpenSSLServer.h
@@ -22,14 +22,14 @@ namespace OpenSSL
class ServerConnection : public Connection
{
public:
-
- ServerConnection(const IceInternal::TraceLevelsPtr&,
- const Ice::LoggerPtr&,
- const IceSSL::CertificateVerifierPtr&,
- SSL*,
+
+ ServerConnection(const IceInternal::TraceLevelsPtr&,
+ const Ice::LoggerPtr&,
+ const IceSSL::CertificateVerifierPtr&,
+ SSL*,
const IceSSL::SystemInternalPtr&);
virtual ~ServerConnection();
-
+
virtual void shutdown();
virtual int init(int timeout = 0);
diff --git a/cpp/src/Ice/SslException2.cpp b/cpp/src/Ice/SslException2.cpp
index d693a6f73a4..a6f297b61a6 100644
--- a/cpp/src/Ice/SslException2.cpp
+++ b/cpp/src/Ice/SslException2.cpp
@@ -33,12 +33,12 @@ IceSSL::SslException::ice_print(ostream& out) const
}
}
-void
-IceSSL::ConfigurationLoadingException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
+void
+IceSSL::ConfigurationLoadingException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
void
IceSSL::ConfigParseException::ice_print(ostream& out) const
{
@@ -57,48 +57,48 @@ IceSSL::ProtocolException::ice_print(ostream& out) const
SslException::ice_print(out);
}
-void
-IceSSL::CertificateVerificationException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateSigningException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateSignatureException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateParseException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::PrivateKeyException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::PrivateKeyParseException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
+void
+IceSSL::CertificateVerificationException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::CertificateException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::CertificateSigningException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::CertificateSignatureException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::CertificateParseException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::PrivateKeyException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::PrivateKeyParseException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
void
IceSSL::CertificateVerifierTypeException::ice_print(ostream& out) const
{
@@ -110,46 +110,46 @@ IceSSL::OpenSSL::ContextException::ice_print(ostream& out) const
{
SslException::ice_print(out);
}
-
-void
-IceSSL::OpenSSL::ContextInitializationException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::OpenSSL::ContextNotConfiguredException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::OpenSSL::UnsupportedContextException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::OpenSSL::CertificateLoadException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::OpenSSL::PrivateKeyLoadException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::OpenSSL::CertificateKeyMatchException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
-void
-IceSSL::OpenSSL::TrustedCertificateAddException::ice_print(ostream& out) const
-{
- SslException::ice_print(out);
-}
-
+
+void
+IceSSL::OpenSSL::ContextInitializationException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::OpenSSL::ContextNotConfiguredException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::OpenSSL::UnsupportedContextException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::OpenSSL::CertificateLoadException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::OpenSSL::PrivateKeyLoadException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::OpenSSL::CertificateKeyMatchException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
+void
+IceSSL::OpenSSL::TrustedCertificateAddException::ice_print(ostream& out) const
+{
+ SslException::ice_print(out);
+}
+
diff --git a/cpp/src/Ice/SslExtensionInternal.cpp b/cpp/src/Ice/SslExtensionInternal.cpp
index fe8d8006593..328649abd51 100644
--- a/cpp/src/Ice/SslExtensionInternal.cpp
+++ b/cpp/src/Ice/SslExtensionInternal.cpp
@@ -1,36 +1,36 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/SslExtensionInternal.h>
-#include <Ice/DefaultCertificateVerifier.h>
-#include <Ice/SingleCertificateVerifier.h>
-#include <Ice/BuiltinSequences.h>
-
-IceSSL::SslExtensionInternal::SslExtensionInternal(const IceInternal::InstancePtr& instance) :
- _instance(instance)
-{
-}
-
-IceSSL::SslExtensionInternal::~SslExtensionInternal()
-{
-}
-
-::IceSSL::CertificateVerifierPtr
-IceSSL::SslExtensionInternal::getDefaultCertVerifier()
-{
- return ::IceSSL::CertificateVerifierPtr(new IceSSL::OpenSSL::DefaultCertificateVerifier(_instance));
-}
-
-::IceSSL::CertificateVerifierPtr
-IceSSL::SslExtensionInternal::getSingleCertVerifier(const ::Ice::ByteSeq& certSeq)
-{
- return ::IceSSL::CertificateVerifierPtr(new IceSSL::OpenSSL::SingleCertificateVerifier(certSeq));
-}
-
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#include <Ice/SslExtensionInternal.h>
+#include <Ice/DefaultCertificateVerifier.h>
+#include <Ice/SingleCertificateVerifier.h>
+#include <Ice/BuiltinSequences.h>
+
+IceSSL::SslExtensionInternal::SslExtensionInternal(const IceInternal::InstancePtr& instance) :
+ _instance(instance)
+{
+}
+
+IceSSL::SslExtensionInternal::~SslExtensionInternal()
+{
+}
+
+::IceSSL::CertificateVerifierPtr
+IceSSL::SslExtensionInternal::getDefaultCertVerifier()
+{
+ return ::IceSSL::CertificateVerifierPtr(new IceSSL::OpenSSL::DefaultCertificateVerifier(_instance));
+}
+
+::IceSSL::CertificateVerifierPtr
+IceSSL::SslExtensionInternal::getSingleCertVerifier(const ::Ice::ByteSeq& certSeq)
+{
+ return ::IceSSL::CertificateVerifierPtr(new IceSSL::OpenSSL::SingleCertificateVerifier(certSeq));
+}
+
diff --git a/cpp/src/Ice/SslExtensionInternal.h b/cpp/src/Ice/SslExtensionInternal.h
index 7f368210308..f1e8ec65ce5 100644
--- a/cpp/src/Ice/SslExtensionInternal.h
+++ b/cpp/src/Ice/SslExtensionInternal.h
@@ -1,39 +1,39 @@
-// **********************************************************************
-//
-// Copyright (c) 2002
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_EXTENSION_INTERNAL_H
-#define ICE_SSL_EXTENSION_INTERNAL_H
-
-#include <Ice/InstanceF.h>
-#include <Ice/SslExtension.h>
-#include <Ice/CertificateVerifierF.h>
-
-namespace IceSSL
-{
-
-class SslExtensionInternal : public SslExtension
-{
-public:
-
- SslExtensionInternal(const IceInternal::InstancePtr&);
- virtual ~SslExtensionInternal();
-
- virtual ::IceSSL::CertificateVerifierPtr getDefaultCertVerifier();
-
- virtual ::IceSSL::CertificateVerifierPtr getSingleCertVerifier(const ::Ice::ByteSeq&);
-
-protected:
-
- IceInternal::InstancePtr _instance;
-};
-
-}
-
-#endif
+// **********************************************************************
+//
+// Copyright (c) 2002
+// MutableRealms, Inc.
+// Huntsville, AL, USA
+//
+// All Rights Reserved
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_EXTENSION_INTERNAL_H
+#define ICE_SSL_EXTENSION_INTERNAL_H
+
+#include <Ice/InstanceF.h>
+#include <Ice/SslExtension.h>
+#include <Ice/CertificateVerifierF.h>
+
+namespace IceSSL
+{
+
+class SslExtensionInternal : public SslExtension
+{
+public:
+
+ SslExtensionInternal(const IceInternal::InstancePtr&);
+ virtual ~SslExtensionInternal();
+
+ virtual ::IceSSL::CertificateVerifierPtr getDefaultCertVerifier();
+
+ virtual ::IceSSL::CertificateVerifierPtr getSingleCertVerifier(const ::Ice::ByteSeq&);
+
+protected:
+
+ IceInternal::InstancePtr _instance;
+};
+
+}
+
+#endif
diff --git a/cpp/src/Ice/SslFactory.cpp b/cpp/src/Ice/SslFactory.cpp
index 77ca0314eaa..791cce078aa 100644
--- a/cpp/src/Ice/SslFactory.cpp
+++ b/cpp/src/Ice/SslFactory.cpp
@@ -44,14 +44,14 @@ extern "C"
class SslLockKeeper
{
public:
-
+
SslLockKeeper();
~SslLockKeeper();
IceUtil::Mutex sslLocks[CRYPTO_NUM_LOCKS];
};
-
+
SslLockKeeper lockKeeper;
}
@@ -68,16 +68,16 @@ void IceSSL::lockingCallback(int mode, int type, const char *file, int line)
}
}
-IceSSL::SslLockKeeper::SslLockKeeper()
-{
- CRYPTO_set_locking_callback((void (*)(int, int, const char*, int))IceSSL::lockingCallback);
-}
-
-IceSSL::SslLockKeeper::~SslLockKeeper()
-{
- CRYPTO_set_locking_callback(NULL);
-}
-
+IceSSL::SslLockKeeper::SslLockKeeper()
+{
+ CRYPTO_set_locking_callback((void (*)(int, int, const char*, int))IceSSL::lockingCallback);
+}
+
+IceSSL::SslLockKeeper::~SslLockKeeper()
+{
+ CRYPTO_set_locking_callback(NULL);
+}
+
IceSSL::SystemInternalPtr
IceSSL::Factory::getSystem(const IceInternal::InstancePtr& instance)
{
diff --git a/cpp/src/Ice/SslFactory.h b/cpp/src/Ice/SslFactory.h
index 2bd8742e31d..ec84b840cba 100644
--- a/cpp/src/Ice/SslFactory.h
+++ b/cpp/src/Ice/SslFactory.h
@@ -33,7 +33,7 @@ typedef std::map<void*, SystemInternalPtr> SslHandleSystemMap;
class Factory
{
public:
-
+
static SystemInternalPtr getSystem(const IceInternal::InstancePtr&);
// System Handle related methods
@@ -41,7 +41,7 @@ public:
static void removeSystemHandle(void*);
static SystemInternalPtr getSystemFromHandle(void*);
-private:
+private:
static SslHandleSystemMap _sslHandleSystemRepository;
static ::IceUtil::Mutex _systemRepositoryMutex;
diff --git a/cpp/src/Ice/SslIceUtils.cpp b/cpp/src/Ice/SslIceUtils.cpp
index 20dea0c15ae..92f8cd35c5f 100644
--- a/cpp/src/Ice/SslIceUtils.cpp
+++ b/cpp/src/Ice/SslIceUtils.cpp
@@ -14,7 +14,7 @@
void
IceSSL::ucharToByteSeq(unsigned char* ucharBuffer, int length, Ice::ByteSeq& destBuffer)
-{
+{
assert(ucharBuffer != 0);
destBuffer.reserve(length);
std::copy(ucharBuffer, (ucharBuffer + length), std::back_inserter(destBuffer));
@@ -27,9 +27,9 @@ IceSSL::byteSeqToUChar(const Ice::ByteSeq& sequence)
assert(seqSize > 0);
- unsigned char* ucharSeq = new unsigned char[seqSize];
-
- assert(ucharSeq != 0);
+ unsigned char* ucharSeq = new unsigned char[seqSize];
+
+ assert(ucharSeq != 0);
unsigned char* ucharPtr = ucharSeq;
std::copy(sequence.begin(), sequence.end(), ucharPtr);
diff --git a/cpp/src/Ice/SslTransceiver.cpp b/cpp/src/Ice/SslTransceiver.cpp
index f8a17d761ee..8d967b85765 100644
--- a/cpp/src/Ice/SslTransceiver.cpp
+++ b/cpp/src/Ice/SslTransceiver.cpp
@@ -102,5 +102,5 @@ IceInternal::SslTransceiver::SslTransceiver(const InstancePtr& instance,
IceInternal::SslTransceiver::~SslTransceiver()
{
- assert(_fd == INVALID_SOCKET);
+ assert(_fd == INVALID_SOCKET);
}
diff --git a/cpp/src/Ice/SystemInternal.h b/cpp/src/Ice/SystemInternal.h
index 6c8fb0718c4..5563fbae64a 100644
--- a/cpp/src/Ice/SystemInternal.h
+++ b/cpp/src/Ice/SystemInternal.h
@@ -40,10 +40,10 @@ public:
virtual void setCertificateVerifier(ContextType, const CertificateVerifierPtr&) = 0;
- virtual void addTrustedCertificateBase64(ContextType, const std::string&) = 0;
-
- virtual void addTrustedCertificate(ContextType, const Ice::ByteSeq&) = 0;
-
+ virtual void addTrustedCertificateBase64(ContextType, const std::string&) = 0;
+
+ virtual void addTrustedCertificate(ContextType, const Ice::ByteSeq&) = 0;
+
virtual void setRSAKeysBase64(ContextType, const std::string&, const std::string&) = 0;
virtual void setRSAKeys(ContextType, const ::Ice::ByteSeq&, const ::Ice::ByteSeq&) = 0;
diff --git a/cpp/src/Ice/SystemOpenSSL.h b/cpp/src/Ice/SystemOpenSSL.h
index 0b8a70c16b4..8536c3e1301 100644
--- a/cpp/src/Ice/SystemOpenSSL.h
+++ b/cpp/src/Ice/SystemOpenSSL.h
@@ -10,9 +10,9 @@
#ifndef ICE_SSL_SYSTEM_OPENSSL_H
#define ICE_SSL_SYSTEM_OPENSSL_H
-#include <Ice/Config.h>
+#include <Ice/Config.h>
#include <Ice/TraceLevelsF.h>
-#include <Ice/LoggerF.h>
+#include <Ice/LoggerF.h>
#include <IceUtil/RecMutex.h>
#include <Ice/GeneralConfig.h>
@@ -31,9 +31,9 @@
#include <openssl/ssl.h>
#include <string>
#include <map>
-
-#include <Ice/RSAPrivateKeyF.h>
-#include <Ice/DHParamsF.h>
+
+#include <Ice/RSAPrivateKeyF.h>
+#include <Ice/DHParamsF.h>
namespace IceSSL
{
@@ -42,9 +42,9 @@ class GeneralConfig;
namespace OpenSSL
{
-
-typedef std::map<int,RSAPrivateKeyPtr> RSAMap;
-typedef std::map<int,DHParamsPtr> DHMap;
+
+typedef std::map<int,RSAPrivateKeyPtr> RSAMap;
+typedef std::map<int,DHParamsPtr> DHMap;
typedef std::map<int,CertificateDesc> RSACertMap;
typedef std::map<int,DiffieHellmanParamsFile> DHParamsMap;
@@ -74,8 +74,8 @@ public:
virtual void addTrustedCertificateBase64(ContextType, const std::string&);
- virtual void addTrustedCertificate(ContextType, const Ice::ByteSeq&);
-
+ virtual void addTrustedCertificate(ContextType, const Ice::ByteSeq&);
+
virtual void setRSAKeysBase64(ContextType, const std::string&, const std::string&);
virtual void setRSAKeys(ContextType, const Ice::ByteSeq&, const Ice::ByteSeq&);
@@ -89,11 +89,11 @@ private:
ServerContext _serverContext;
ClientContext _clientContext;
-
- // Mutex to ensure synchronization of calls to configure
- // the contexts and calls to create connections.
+
+ // Mutex to ensure synchronization of calls to configure
+ // the contexts and calls to create connections.
::IceUtil::RecMutex _configMutex;
-
+
// Keep a cache of all temporary RSA keys.
RSAMap _tempRSAKeys;
::IceUtil::Mutex _tempRSAKeysMutex;
diff --git a/cpp/src/Ice/TempCerts.h b/cpp/src/Ice/TempCerts.h
index 88f3b203e90..029292d76ca 100644
--- a/cpp/src/Ice/TempCerts.h
+++ b/cpp/src/Ice/TempCerts.h
@@ -20,7 +20,7 @@ namespace IceSSL
class TempCertificates
{
public:
-
+
TempCertificates();
~TempCertificates();
@@ -30,7 +30,7 @@ public:
RSAVector& getRSACerts();
DHVector& getDHParams();
-protected:
+protected:
RSAVector _rsaCerts;
DHVector _dhParams;
diff --git a/cpp/src/IceBox/.depend b/cpp/src/IceBox/.depend
index 1b8329277ee..cb0130e7e31 100644
--- a/cpp/src/IceBox/.depend
+++ b/cpp/src/IceBox/.depend
@@ -1,5 +1,4 @@
IceBox.o: IceBox.cpp ../../include/Ice/Stream.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../../include/IceBox/IceBox.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactory.h
-Exception.o: Exception.cpp ../../include/IceBox/IceBox.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/CommunicatorF.h ../../include/Ice/PropertiesF.h ../../include/Ice/Stream.h
ServiceManagerI.o: ServiceManagerI.cpp ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/SystemF.h ../../include/Ice/SslExtensionF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../../include/Ice/DynamicLibrary.h ../../include/Ice/DynamicLibraryF.h ../IceBox/ServiceManagerI.h ../../include/IceBox/IceBox.h
Server.o: Server.cpp ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/SystemF.h ../../include/Ice/SslExtensionF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../IceBox/ServiceManagerI.h ../../include/IceBox/IceBox.h ../../include/Ice/DynamicLibraryF.h
Admin.o: Admin.cpp ../../include/Ice/Application.h ../../include/Ice/Ice.h ../../include/Ice/Initialize.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ObjectF.h ../../include/Ice/Handle.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalException.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/InstanceF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionF.h ../../include/Ice/EndpointF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/Current.h ../../include/Ice/Identity.h ../../include/Ice/Object.h ../../include/Ice/Outgoing.h ../../include/IceUtil/Monitor.h ../../include/IceUtil/Cond.h ../../include/Ice/BasicStream.h ../../include/Ice/Buffer.h ../../include/Ice/Incoming.h ../../include/Ice/Direct.h ../../include/Ice/ServantLocatorF.h ../../include/Ice/UserExceptionFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/SystemF.h ../../include/Ice/SslExtensionF.h ../../include/Ice/ObjectFactory.h ../../include/Ice/UserExceptionFactory.h ../../include/Ice/ObjectAdapter.h ../../include/Ice/ServantLocator.h ../../include/Ice/IdentityUtil.h ../../include/IceBox/IceBox.h
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-04 10:57:24 +0000