summaryrefslogtreecommitdiff
path: root/cs/src/IceSSL/TrustManager.cs
diff options
context:
space:
mode:
Diffstat (limited to 'cs/src/IceSSL/TrustManager.cs')
-rwxr-xr-xcs/src/IceSSL/TrustManager.cs262
1 files changed, 131 insertions, 131 deletions
diff --git a/cs/src/IceSSL/TrustManager.cs b/cs/src/IceSSL/TrustManager.cs
index 9e14e6c68b9..699d6a194b7 100755
--- a/cs/src/IceSSL/TrustManager.cs
+++ b/cs/src/IceSSL/TrustManager.cs
@@ -18,108 +18,108 @@ namespace IceSSL
{
internal TrustManager(Ice.Communicator communicator)
{
- Debug.Assert(communicator != null);
- communicator_ = communicator;
- Ice.Properties properties = communicator.getProperties();
- traceLevel_ = properties.getPropertyAsInt("IceSSL.Trace.Security");
- string key = null;
- try
- {
- key = "IceSSL.TrustOnly";
- all_ = parse(properties.getProperty(key));
- key = "IceSSL.TrustOnly.Client";
- client_ = parse(properties.getProperty(key));
- key = "IceSSL.TrustOnly.Server";
- allServer_ = parse(properties.getProperty(key));
- Ice.PropertyDict dict = properties.getPropertiesForPrefix("IceSSL.TrustOnly.Server.");
+ Debug.Assert(communicator != null);
+ communicator_ = communicator;
+ Ice.Properties properties = communicator.getProperties();
+ traceLevel_ = properties.getPropertyAsInt("IceSSL.Trace.Security");
+ string key = null;
+ try
+ {
+ key = "IceSSL.TrustOnly";
+ all_ = parse(properties.getProperty(key));
+ key = "IceSSL.TrustOnly.Client";
+ client_ = parse(properties.getProperty(key));
+ key = "IceSSL.TrustOnly.Server";
+ allServer_ = parse(properties.getProperty(key));
+ Ice.PropertyDict dict = properties.getPropertiesForPrefix("IceSSL.TrustOnly.Server.");
foreach (DictionaryEntry entry in dict)
{
- string dkey = (string)entry.Key;
- string dname = dkey.Substring("IceSSL.TrustOnly.Server.".Length);
+ string dkey = (string)entry.Key;
+ string dname = dkey.Substring("IceSSL.TrustOnly.Server.".Length);
server_[dname] = parse((string)entry.Value);
- }
- }
- catch(RFC2253.ParseException e)
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: invalid property " + key + ":\n" + e.reason;
- throw ex;
- }
+ }
+ }
+ catch(RFC2253.ParseException e)
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: invalid property " + key + ":\n" + e.reason;
+ throw ex;
+ }
}
internal bool
verify(ConnectionInfo info)
{
- ArrayList trustset = new ArrayList();
- if(all_.Count != 0)
- {
- trustset.Add(all_);
- }
+ ArrayList trustset = new ArrayList();
+ if(all_.Count != 0)
+ {
+ trustset.Add(all_);
+ }
- if(info.incoming)
- {
- if(allServer_.Count != 0)
- {
- trustset.Add(allServer_);
- }
- if(info.adapterName.Length > 0)
- {
+ if(info.incoming)
+ {
+ if(allServer_.Count != 0)
+ {
+ trustset.Add(allServer_);
+ }
+ if(info.adapterName.Length > 0)
+ {
ArrayList p = (ArrayList)server_[info.adapterName];
- if(p != null)
- {
- trustset.Add(p);
- }
- }
- }
- else
- {
- if(client_.Count != 0)
- {
- trustset.Add(client_);
- }
- }
+ if(p != null)
+ {
+ trustset.Add(p);
+ }
+ }
+ }
+ else
+ {
+ if(client_.Count != 0)
+ {
+ trustset.Add(client_);
+ }
+ }
- //
- // If there is nothing to match against, then we accept the cert.
- //
- if(trustset.Count == 0)
- {
- return true;
- }
+ //
+ // If there is nothing to match against, then we accept the cert.
+ //
+ if(trustset.Count == 0)
+ {
+ return true;
+ }
- //
- // If there is no certificate then we match false.
- //
- if(info.certs.Length != 0)
- {
- X500DistinguishedName subjectDN = info.certs[0].SubjectName;
+ //
+ // If there is no certificate then we match false.
+ //
+ if(info.certs.Length != 0)
+ {
+ X500DistinguishedName subjectDN = info.certs[0].SubjectName;
string subjectName = subjectDN.Name;
Debug.Assert(subjectName != null);
- try
- {
- //
- // Decompose the subject DN into the RDNs.
- //
- if(traceLevel_ > 0)
- {
- if(info.incoming)
- {
- communicator_.getLogger().trace("Security", "trust manager evaluating client:\n" +
- "subject = " + subjectName + "\n" +
- "adapter = " + info.adapterName + "\n" +
- "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" +
- "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr));
- }
- else
- {
- communicator_.getLogger().trace("Security", "trust manager evaluating server:\n" +
- "subject = " + subjectName + "\n" +
- "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" +
- "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr));
- }
- }
+ try
+ {
+ //
+ // Decompose the subject DN into the RDNs.
+ //
+ if(traceLevel_ > 0)
+ {
+ if(info.incoming)
+ {
+ communicator_.getLogger().trace("Security", "trust manager evaluating client:\n" +
+ "subject = " + subjectName + "\n" +
+ "adapter = " + info.adapterName + "\n" +
+ "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" +
+ "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr));
+ }
+ else
+ {
+ communicator_.getLogger().trace("Security", "trust manager evaluating server:\n" +
+ "subject = " + subjectName + "\n" +
+ "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" +
+ "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr));
+ }
+ }
- ArrayList dn = RFC2253.parseStrict(subjectName);
+ ArrayList dn = RFC2253.parseStrict(subjectName);
//
// Unescape the DN. Note that this isn't done in
@@ -133,11 +133,11 @@ namespace IceSSL
dn[i] = p;
}
- //
- // Try matching against everything in the trust set.
- //
+ //
+ // Try matching against everything in the trust set.
+ //
foreach(ArrayList matchSet in trustset)
- {
+ {
if(traceLevel_ > 0)
{
string s = "trust manager matching PDNs:\n";
@@ -149,7 +149,7 @@ namespace IceSSL
s += ';';
}
addSemi = true;
- bool addComma = false;
+ bool addComma = false;
foreach(RFC2253.RDNPair rdn in rdnSet)
{
if(addComma)
@@ -168,16 +168,16 @@ namespace IceSSL
{
return true;
}
- }
- }
- catch(RFC2253.ParseException e)
- {
- communicator_.getLogger().warning(
- "IceSSL: unable to parse certificate DN `" + subjectName + "'\nreason: " + e.reason);
- }
- }
+ }
+ }
+ catch(RFC2253.ParseException e)
+ {
+ communicator_.getLogger().warning(
+ "IceSSL: unable to parse certificate DN `" + subjectName + "'\nreason: " + e.reason);
+ }
+ }
- return false;
+ return false;
}
private bool
@@ -185,44 +185,44 @@ namespace IceSSL
{
foreach(ArrayList item in matchSet)
{
- if(matchRDNs(item, subject))
- {
- return true;
- }
- }
- return false;
+ if(matchRDNs(item, subject))
+ {
+ return true;
+ }
+ }
+ return false;
}
private bool
matchRDNs(ArrayList match, ArrayList subject)
{
- foreach(RFC2253.RDNPair matchRDN in match)
- {
+ foreach(RFC2253.RDNPair matchRDN in match)
+ {
bool found = false;
foreach(RFC2253.RDNPair subjectRDN in subject)
- {
- if(matchRDN.key.Equals(subjectRDN.key))
- {
- found = true;
- if(!matchRDN.value.Equals(subjectRDN.value))
- {
- return false;
- }
- }
- }
- if(!found)
- {
- return false;
- }
- }
- return true;
+ {
+ if(matchRDN.key.Equals(subjectRDN.key))
+ {
+ found = true;
+ if(!matchRDN.value.Equals(subjectRDN.value))
+ {
+ return false;
+ }
+ }
+ }
+ if(!found)
+ {
+ return false;
+ }
+ }
+ return true;
}
// Note that unlike the C++ & Java implementation this returns unescaped data.
ArrayList
parse(string value)
{
- //
+ //
// As with the Java implementation, the DN that comes from
// the X500DistinguishedName does not necessarily match
// the user's input form. Therefore we need to normalize the
@@ -230,11 +230,11 @@ namespace IceSSL
//
ArrayList l = RFC2253.parse(value);
for(int i = 0; i < l.Count; ++i)
- {
- ArrayList dn = (ArrayList)l[i];
+ {
+ ArrayList dn = (ArrayList)l[i];
for(int j = 0; j < dn.Count; ++j)
- {
- RFC2253.RDNPair pair = (RFC2253.RDNPair)dn[j];
+ {
+ RFC2253.RDNPair pair = (RFC2253.RDNPair)dn[j];
// Normalize the RDN key.
if (pair.key == "emailAddress")
{
@@ -249,7 +249,7 @@ namespace IceSSL
dn[j] = pair;
}
}
- return l;
+ return l;
}
private Ice.Communicator communicator_;
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 13:46:34 +0000