From c97c4be950e6b9b37b3cedbf521e285bfd6e0b08 Mon Sep 17 00:00:00 2001
From: Benoit Foucher <benoit@zeroc.com>
Date: Mon, 22 May 2006 16:06:20 +0000
Subject: Added session servant locator to secure access to session servants.

---
 cpp/src/IceGrid/AdminSessionI.cpp | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

(limited to 'cpp/src/IceGrid/AdminSessionI.cpp')

diff --git a/cpp/src/IceGrid/AdminSessionI.cpp b/cpp/src/IceGrid/AdminSessionI.cpp
index 7d0f2e30424..32b9ef5e70f 100644
--- a/cpp/src/IceGrid/AdminSessionI.cpp
+++ b/cpp/src/IceGrid/AdminSessionI.cpp
@@ -285,9 +285,23 @@ Glacier2::SessionPrx
 AdminSSLSessionManagerI::create(const Glacier2::SSLInfo& info, const Glacier2::SessionControlPrx&, 
 				const Ice::Current& current)
 {
-    IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
-    string id = cert->getSubjectDN();
-    AdminSessionIPtr session = new AdminSessionI(id, _database, _timeout, _registryObserverTopic, _nodeObserverTopic);
-    return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(session));
-}
+    string userDN;
+    if(!info.certs.empty()) // TODO: Require userDN?
+    {
+	try
+	{
+	    IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
+	    userDN = cert->getSubjectDN();
+	}
+	catch(const Ice::Exception& ex)
+	{
+	    // This shouldn't happen, the SSLInfo is supposed to be encoded by Glacier2.
+	    Ice::Error out(_database->getTraceLevels()->logger);
+	    out << "SSL session manager couldn't decode SSL certificates";
+	    return 0;
+	}
+    }
 
+    AdminSessionIPtr s = new AdminSessionI(userDN, _database, _timeout, _registryObserverTopic, _nodeObserverTopic);
+    return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(s));
+}
-- 
cgit v1.2.3