diff --git a/config/Make.rules.Darwin b/config/Make.rules.Darwin index ab6a8b40474..b00978a867f 100644 --- a/config/Make.rules.Darwin +++ b/config/Make.rules.Darwin @@ -91,21 +91,19 @@ unescape-ldflags = $(subst -framework+,-framework$(space),$1) Ice_system_libs := -ldl # Frameworks for macos -IceSSL[macosx]_system_libs := -framework Security -framework CoreFoundation +Ice[macosx]_system_libs := -framework Security -framework CoreFoundation # Frameworks requires for iphoneos -Ice[iphoneos]_system_libs := -framework CFNetwork -framework UIKit -framework Foundation -IceSSL[iphoneos]_system_libs := -framework Security +Ice[iphoneos]_system_libs := -framework CFNetwork -framework UIKit -framework Foundation -framework Security IceIAP[iphoneos]_system_libs := -framework ExternalAccessory # Same frameworks as iphoneos for iphonesimulator Ice[iphonesimulator]_system_libs := $(Ice[iphoneos]_system_libs) -IceSSL[iphonesimulator]_system_libs := $(IceSSL[iphoneos]_system_libs) IceIAP[iphonesimulator]_system_libs := $(IceIAP[iphoneos]_system_libs) icegridadmin[macosx]_system_libs := -ledit -lncurses icestormadmin[macosx]_system_libs := -ledit -lncurses -Glacier2CryptPermissionsVerifier[macosx]_system_libs := $(IceSSL[macosx]_system_libs) -Glacier2CryptPermissionsVerifier[iphoneos]_system_libs := $(IceSSL[iphoneos]_system_libs) -Glacier2CryptPermissionsVerifier[iphonesimulator]_system_libs := $(IceSSL[iphonesimulator]_system_libs) +Glacier2CryptPermissionsVerifier[macosx]_system_libs := $(Ice[macosx]_system_libs) +Glacier2CryptPermissionsVerifier[iphoneos]_system_libs := $(Ice[iphoneos]_system_libs) +Glacier2CryptPermissionsVerifier[iphonesimulator]_system_libs := $(Ice[iphonesimulator]_system_libs) diff --git a/config/Make.rules.Linux b/config/Make.rules.Linux index 02e20de81c6..c126c5d9451 100644 --- a/config/Make.rules.Linux +++ b/config/Make.rules.Linux @@ -179,11 +179,10 @@ endif endif IceUtil_system_libs = -lrt $(if $(filter yes,$(libbacktrace)),-lbacktrace) -Ice_system_libs = -ldl -lcrypto $(IceUtil_system_libs) +Ice_system_libs = -ldl -lssl -lcrypto $(IceUtil_system_libs) ifeq ($(shell pkg-config --exists libsystemd 2> /dev/null && echo yes),yes) Ice_system_libs += $(shell pkg-config --libs libsystemd) endif -IceSSL_system_libs = -lssl -lcrypto Glacier2CryptPermissionsVerifier_system_libs = -lcrypt icegridadmin_system_libs = -ledit @@ -196,6 +195,6 @@ icestormadmin_system_libs = -ledit # ifneq ($(filter debian ubuntu yocto poky,$(linux_id)),) ifeq ($(shell pkg-config --exists bluez dbus-1 2> /dev/null && echo yes),yes) -IceBT_system_libs = $(IceSSL_system_libs) $(shell pkg-config --libs dbus-1) +IceBT_system_libs = $(shell pkg-config --libs dbus-1) endif endif diff --git a/cpp/Makefile b/cpp/Makefile index 7182cc15745..66c1a0619f8 100644 --- a/cpp/Makefile +++ b/cpp/Makefile @@ -13,7 +13,7 @@ include $(lang_srcdir)/config/Make.rules # that other projects might depend on so it's important to parse them first for the # generated headers variable to be defined when we load other projects. # -load_first = Ice IceSSL IceBox Glacier2Lib IceGridLib IceStormLib +load_first = Ice IceBox Glacier2Lib IceGridLib IceStormLib # # Create projects for all the Slice translators from src/slice2* and load source projects. diff --git a/cpp/config/Make.rules b/cpp/config/Make.rules index 1e4d0832840..cf3dbdd77a5 100644 --- a/cpp/config/Make.rules +++ b/cpp/config/Make.rules @@ -25,7 +25,6 @@ $(eval $(call validate-config)) # coreandstub_components = IceUtil \ Ice \ - IceSSL \ IceDiscovery \ IceLocatorDiscovery \ Glacier2 \ @@ -98,12 +97,11 @@ define create-cpp-test-project $1_srcext := cpp $1_dependencies := $$(or $$($1_dependencies),TestCommon Ice) -# Also link with IceSSL and IceBT (Debian/Ubuntu/Yocto) when compiling the project with the static configuration +# Also link with IceBT (Debian/Ubuntu/Yocto) when compiling the project with the static configuration $1[static]_cppflags += $(if $(IceBT_system_libs),-DICE_HAS_BT) -$1[static]_dependencies := IceSSL $(if $(IceBT_system_libs),IceBT) +$1[static]_dependencies := $(if $(IceBT_system_libs),IceBT) # Dependencies and target dirs for Xcode SDK test projects -$1[xcodesdk]_dependencies := IceSSL $1[iphoneos-xcodesdk]_targetdir := test/ios/bundles/Bundles-iphoneos/$(subst /,_,$1) $1[iphonesimulator-xcodesdk]_targetdir := test/ios/bundles/Bundles-iphonesimulator/$(subst /,_,$1) diff --git a/cpp/config/Make.xcodesdk.rules b/cpp/config/Make.xcodesdk.rules index 29757e79df0..985329ac828 100644 --- a/cpp/config/Make.xcodesdk.rules +++ b/cpp/config/Make.xcodesdk.rules @@ -15,7 +15,7 @@ xcodesdk_targetdir = $(if $(filter %/build,$5),xcodesdk,$(if $(is-iostest-p xcodesdk_installdir = $(if $(filter %/build,$5),xcodesdk,$(if $(is-iostest-program),,../sdk/$2.sdk/usr/lib)) xcodesdk_targetrule = $(if $(is-iostest-program),iostest,$(if $(filter-out program,$($1_target)),static)) -xcodesdk_components = Ice IceSSL Glacier2 IceStorm IceGrid IceDiscovery IceLocatorDiscovery IceIAP TestCommon +xcodesdk_components = Ice Glacier2 IceStorm IceGrid IceDiscovery IceLocatorDiscovery IceIAP TestCommon xcodesdk_projects = test/Ice/% test/IceSSL/configuration xcodesdk_excludes = $(addprefix test/Ice/,background \ faultTolerance \ diff --git a/cpp/include/Ice/RegisterPlugins.h b/cpp/include/Ice/RegisterPlugins.h index 5bb872c3cd9..c3b5d26ca79 100644 --- a/cpp/include/Ice/RegisterPlugins.h +++ b/cpp/include/Ice/RegisterPlugins.h @@ -55,9 +55,7 @@ namespace Ice * plug-in property is set to 1. */ ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceWS(bool loadOnInitialize = true); -#endif -#ifndef ICESSL_API_EXPORTS /** * When using static libraries, calling this function ensures the SSL transport is * linked with the application. @@ -119,7 +117,6 @@ namespace Ice #if defined(_MSC_VER) && !defined(ICE_BUILDING_SRC) # pragma comment(lib, ICE_LIBNAME("IceDiscovery")) # pragma comment(lib, ICE_LIBNAME("IceLocatorDiscovery")) -# pragma comment(lib, ICE_LIBNAME("IceSSL")) #endif } diff --git a/cpp/include/IceSSL/Plugin.h b/cpp/include/IceSSL/Certificate.h similarity index 89% rename from cpp/include/IceSSL/Plugin.h rename to cpp/include/IceSSL/Certificate.h index 84b5f3fe39e..f815fd7260e 100644 --- a/cpp/include/IceSSL/Plugin.h +++ b/cpp/include/IceSSL/Certificate.h @@ -5,8 +5,8 @@ #ifndef ICESSL_PLUGIN_H #define ICESSL_PLUGIN_H -#include "Config.h" #include "ConnectionInfoF.h" +#include "Ice/Config.h" #include "Ice/Exception.h" #include "Ice/Plugin.h" @@ -68,9 +68,7 @@ namespace IceSSL UnknownTrustFailure, }; - ICESSL_API TrustError getTrustError(const IceSSL::ConnectionInfoPtr&); - ICESSL_API std::string getTrustErrorDescription(TrustError); - ICESSL_API std::string getHost(const IceSSL::ConnectionInfoPtr&); + ICE_API std::string getTrustErrorDescription(TrustError); /** * The key usage "digitalSignature" bit is set @@ -108,7 +106,6 @@ namespace IceSSL * The key usage "decipherOnly" bit is set */ const unsigned int KEY_USAGE_DECIPHER_ONLY = 1u << 8; - /** * The extended key usage "anyKeyUsage" bit is set */ @@ -140,9 +137,8 @@ namespace IceSSL /** * Thrown if the certificate cannot be read. - * \headerfile IceSSL/IceSSL.h */ - class ICESSL_API CertificateReadException : public Ice::Exception + class ICE_API CertificateReadException : public Ice::Exception { public: using Ice::Exception::Exception; @@ -160,9 +156,8 @@ namespace IceSSL /** * Thrown if the certificate cannot be encoded. - * \headerfile IceSSL/IceSSL.h */ - class ICESSL_API CertificateEncodingException : public Ice::Exception + class ICE_API CertificateEncodingException : public Ice::Exception { public: using Ice::Exception::Exception; @@ -180,9 +175,8 @@ namespace IceSSL /** * This exception is thrown if a distinguished name cannot be parsed. - * \headerfile IceSSL/IceSSL.h */ - class ICESSL_API ParseException : public Ice::Exception + class ICE_API ParseException : public Ice::Exception { public: using Ice::Exception::Exception; @@ -209,9 +203,8 @@ namespace IceSSL * toString() always returns exactly the same information as was * provided in the constructor (i.e., "ZeroC, Inc." will not turn * into ZeroC\, Inc.). - * \headerfile IceSSL/IceSSL.h */ - class ICESSL_API DistinguishedName + class ICE_API DistinguishedName { public: /** @@ -233,12 +226,12 @@ namespace IceSSL /** * Performs an exact match. The order of the RDN components is important. */ - friend ICESSL_API bool operator==(const DistinguishedName&, const DistinguishedName&); + friend ICE_API bool operator==(const DistinguishedName&, const DistinguishedName&); /** * Performs an exact match. The order of the RDN components is important. */ - friend ICESSL_API bool operator<(const DistinguishedName&, const DistinguishedName&); + friend ICE_API bool operator<(const DistinguishedName&, const DistinguishedName&); /** * Performs a partial match with another DistinguishedName. @@ -300,9 +293,8 @@ namespace IceSSL /** * Represents an X509 Certificate extension. - * \headerfile IceSSL/IceSSL.h */ - class ICESSL_API X509Extension + class ICE_API X509Extension { public: /** @@ -331,9 +323,8 @@ namespace IceSSL /** * This convenience class is a wrapper around a native certificate. * The interface is inspired by java.security.cert.X509Certificate. - * \headerfile IceSSL/IceSSL.h */ - class ICESSL_API Certificate : public std::enable_shared_from_this + class ICE_API Certificate : public std::enable_shared_from_this { public: /** @@ -394,7 +385,7 @@ namespace IceSSL * KEY_USAGE_ENCIPHER_ONLY and KEY_USAGE_DECIPHER_ONLY can be used to check what * key usage bits are set. */ - unsigned int getKeyUsage() const; + virtual unsigned int getKeyUsage() const = 0; /** * Returns the value of the extended key usage extension. The flags EXTENDED_KEY_USAGE_ANY_KEY_USAGE, @@ -403,7 +394,7 @@ namespace IceSSL * EXTENDED_KEY_USAGE_TIME_STAMPING and EXTENDED_KEY_USAGE_OCSP_SIGNING can be used to check what * extended key usage bits are set. */ - unsigned int getExtendedKeyUsage() const; + virtual unsigned int getExtendedKeyUsage() const = 0; /** * Obtains the not-after validity time. @@ -513,33 +504,6 @@ namespace IceSSL */ static CertificatePtr decode(const std::string& str); }; - - /** - * Represents the IceSSL plug-in object. - * \headerfile IceSSL/IceSSL.h - */ - class ICESSL_API Plugin : public Ice::Plugin - { - public: - virtual ~Plugin(); - - /** - * Load the certificate from a file. The certificate must use the - * PEM encoding format. - * @param file The certificate file. - * @throws CertificateReadException if the file cannot be read. - */ - virtual CertificatePtr load(const std::string& file) const = 0; - - /** - * Decode a certificate from a string that uses the PEM encoding - * format. - * @param str A string containing the encoded certificate. - * @throws CertificateEncodingException if an error occurs. - */ - virtual CertificatePtr decode(const std::string& str) const = 0; - }; - using PluginPtr = std::shared_ptr; } #endif diff --git a/cpp/include/IceSSL/Config.h b/cpp/include/IceSSL/Config.h deleted file mode 100644 index 6999dac5b70..00000000000 --- a/cpp/include/IceSSL/Config.h +++ /dev/null @@ -1,31 +0,0 @@ -// -// Copyright (c) ZeroC, Inc. All rights reserved. -// - -#ifndef ICESSL_CONFIG_H -#define ICESSL_CONFIG_H - -#include "Ice/Config.h" - -#ifndef ICESSL_API -# if defined(ICE_STATIC_LIBS) -# define ICESSL_API /**/ -# elif defined(ICESSL_API_EXPORTS) -# define ICESSL_API ICE_DECLSPEC_EXPORT -# else -# define ICESSL_API ICE_DECLSPEC_IMPORT -# endif -#endif - -// -// Automatically link IceSSL[D].lib with Visual C++ -// -#if !defined(ICE_BUILDING_ICESSL) && defined(ICESSL_API_EXPORTS) -# define ICE_BUILDING_ICESSL -#endif - -#if defined(_MSC_VER) && !defined(ICE_BUILDING_ICESSL) -# pragma comment(lib, ICE_LIBNAME("IceSSL")) -#endif - -#endif diff --git a/cpp/include/IceSSL/ConnectionInfo.h b/cpp/include/IceSSL/ConnectionInfo.h index 8b0701ec1e5..a4629c465c8 100644 --- a/cpp/include/IceSSL/ConnectionInfo.h +++ b/cpp/include/IceSSL/ConnectionInfo.h @@ -5,9 +5,9 @@ #ifndef ICESSL_CONNECTION_INFO_H #define ICESSL_CONNECTION_INFO_H +#include "Certificate.h" #include "ConnectionInfoF.h" #include "Ice/Connection.h" -#include "Plugin.h" #if defined(__clang__) # pragma clang diagnostic push @@ -20,8 +20,7 @@ namespace IceSSL { /** - * Provides access to the connection details of an SSL connection - * \headerfile IceSSL/IceSSL.h + * Provides access to the connection details of an SSL connection. */ class ConnectionInfo : public Ice::ConnectionInfo { @@ -68,6 +67,9 @@ namespace IceSSL * The certificate chain verification status. */ bool verified; + + TrustError errorCode; + std::string host; }; } diff --git a/cpp/include/IceSSL/EndpointInfo.h b/cpp/include/IceSSL/EndpointInfo.h index 8a878681d2e..9b3ea5a1880 100644 --- a/cpp/include/IceSSL/EndpointInfo.h +++ b/cpp/include/IceSSL/EndpointInfo.h @@ -19,7 +19,6 @@ namespace IceSSL { /** * Provides access to an SSL endpoint information. - * \headerfile IceSSL/IceSSL.h */ class EndpointInfo : public Ice::EndpointInfo { diff --git a/cpp/include/IceSSL/IceSSL.h b/cpp/include/IceSSL/IceSSL.h deleted file mode 100644 index 0e1f6ce7a8d..00000000000 --- a/cpp/include/IceSSL/IceSSL.h +++ /dev/null @@ -1,22 +0,0 @@ -// -// Copyright (c) ZeroC, Inc. All rights reserved. -// - -#ifndef ICESSL_ICESSL_H -#define ICESSL_ICESSL_H - -#include "Config.h" -#include "Plugin.h" - -#if defined(_WIN32) -# include "SChannel.h" -#elif defined(__APPLE__) -# include "SecureTransport.h" -#else -# include "OpenSSL.h" -#endif - -#include "ConnectionInfo.h" -#include "EndpointInfo.h" - -#endif diff --git a/cpp/include/IceSSL/OpenSSL.h b/cpp/include/IceSSL/OpenSSL.h index 51f196979a8..098bc850c27 100644 --- a/cpp/include/IceSSL/OpenSSL.h +++ b/cpp/include/IceSSL/OpenSSL.h @@ -5,137 +5,54 @@ #ifndef ICESSL_OPENSSL_H #define ICESSL_OPENSSL_H -#include "Plugin.h" +#include "Certificate.h" #include #include -// -// Automatically link IceSSLOpenSSL[D].lib with Visual C++ -// -#if defined(_MSC_VER) -# if !defined(ICE_BUILDING_ICESSL_OPENSSL) && defined(ICESSL_OPENSSL_API_EXPORTS) -# define ICE_BUILDING_ICESSL_OPENSSL -# endif - -# if !defined(ICE_BUILDING_ICESSL_OPENSSL) -# pragma comment(lib, ICE_LIBNAME("IceSSLOpenSSL")) -# endif -#endif - -#ifndef ICESSL_OPENSSL_API -# if defined(ICE_STATIC_LIBS) -# define ICESSL_OPENSSL_API /**/ -# elif defined(ICESSL_OPENSSL_API_EXPORTS) -# define ICESSL_OPENSSL_API ICE_DECLSPEC_EXPORT -# else -# define ICESSL_OPENSSL_API ICE_DECLSPEC_IMPORT -# endif -#endif - -#if defined(_WIN32) && !defined(ICESSL_OPENSSL_API_EXPORTS) - -namespace Ice +namespace IceSSL::OpenSSL { + class Certificate; + using CertificatePtr = std::shared_ptr; + /** - * When using static libraries, calling this function ensures the OpenSSL version of the IceSSL plug-in is - * linked with the application. - * @param loadOnInitialize If true, the plug-in is loaded (created) during communicator initialization. - * If false, the plug-in is only loaded during communicator initialization if its corresponding plug-in - * property is set to 1. + * Encapsulates an OpenSSL X.509 certificate. */ - ICE_PLUGIN_REGISTER_DECLSPEC_IMPORT void registerIceSSLOpenSSL(bool loadOnInitialize = true); -} -#endif - -namespace IceSSL -{ - namespace OpenSSL + class ICE_API Certificate : public virtual IceSSL::Certificate { - class Certificate; - using CertificatePtr = std::shared_ptr; - + public: /** - * Encapsulates an OpenSSL X.509 certificate. - * \headerfile IceSSL/IceSSL.h + * Construct a certificate using a native certificate. + * The Certificate class assumes ownership of the given native + * certificate. + * @param cert The native certificate. + * @return A new certificate object. */ - class ICESSL_OPENSSL_API Certificate : public virtual IceSSL::Certificate - { - public: - /** - * Construct a certificate using a native certificate. - * The Certificate class assumes ownership of the given native - * certificate. - * @param cert The native certificate. - * @return A new certificate object. - */ - static CertificatePtr create(x509_st* cert); - - /** - * Load the certificate from a file. The certificate must use the - * PEM encoding format. - * @param file The certificate file. - * @return A new certificate object. - * @throws CertificateReadException if the file cannot be read. - */ - static CertificatePtr load(const std::string& file); - - /** - * Decode a certificate from a string that uses the PEM encoding format. - * @param cert A string containing the PEM-encoded certificate. - * @return A new certificate object. - * @throws CertificateEncodingException if an error occurs. - */ - static CertificatePtr decode(const std::string& cert); - - /** - * Retrieve the native X509 certificate value wrapped by this object. - * @return The native certificate. The returned reference is only valid for the lifetime of this - * object. You can increment it with X509_dup. - */ - virtual x509_st* getCert() const = 0; - }; + static CertificatePtr create(x509_st* cert); /** - * Represents the IceSSL plug-in object. - * \headerfile IceSSL/IceSSL.h + * Load the certificate from a file. The certificate must use the + * PEM encoding format. + * @param file The certificate file. + * @return A new certificate object. + * @throws CertificateReadException if the file cannot be read. */ - class ICESSL_OPENSSL_API Plugin : public virtual IceSSL::Plugin - { - public: - /** - * Obtains the OpenSSL version number. - * @return The version. - */ - virtual std::int64_t getOpenSSLVersion() const = 0; - - /** - * Establishes the OpenSSL context. This must be done before the - * plug-in is initialized, therefore the application must define - * the property Ice.InitPlugins=0, set the context, and finally - * invoke Ice::PluginManager::initializePlugins. - * - * When the application supplies its own OpenSSL context, the - * plug-in ignores configuration properties related to certificates, - * keys, and passwords. - * - * Note that the plug-in assumes ownership of the given context. - * - * @param ctx The OpenSSL context. - */ - virtual void setContext(SSL_CTX* ctx) = 0; - - /** - * Obtains the SSL context. Use caution when modifying this value. - * Changes made to this value have no effect on existing connections. - * @return The OpenSSL context. - */ - virtual SSL_CTX* getContext() = 0; - }; - using PluginPtr = std::shared_ptr; + static CertificatePtr load(const std::string& file); - } // OpenSSL namespace end - -} // IceSSL namespace end + /** + * Decode a certificate from a string that uses the PEM encoding format. + * @param cert A string containing the PEM-encoded certificate. + * @return A new certificate object. + * @throws CertificateEncodingException if an error occurs. + */ + static CertificatePtr decode(const std::string& cert); + /** + * Retrieve the native X509 certificate value wrapped by this object. + * @return The native certificate. The returned reference is only valid for the lifetime of this + * object. You can increment it with X509_dup. + */ + virtual x509_st* getCert() const = 0; + }; +} #endif diff --git a/cpp/include/IceSSL/SChannel.h b/cpp/include/IceSSL/SChannel.h index cbc7ed2509c..c3bba47530a 100644 --- a/cpp/include/IceSSL/SChannel.h +++ b/cpp/include/IceSSL/SChannel.h @@ -6,7 +6,7 @@ #define ICESSL_SCHANNEL_H #ifdef _WIN32 -# include "Plugin.h" +# include "Certificate.h" // We need to include windows.h before wincrypt.h. // clang-format off # ifndef NOMINMAX @@ -16,59 +16,52 @@ # include // clang-format on -namespace IceSSL +namespace IceSSL::SChannel { - namespace SChannel - { - class Certificate; - using CertificatePtr = std::shared_ptr; + class Certificate; + using CertificatePtr = std::shared_ptr; + /** + * This convenience class is a wrapper around a native certificate. + */ + class ICE_API Certificate : public virtual IceSSL::Certificate + { + public: /** - * This convenience class is a wrapper around a native certificate. - * \headerfile IceSSL/IceSSL.h + * Constructs a certificate using a native certificate. + * The Certificate class assumes ownership of the given native + * certificate. + * @param info The certificate data. + * @return The new certificate instance. */ - class ICESSL_API Certificate : public virtual IceSSL::Certificate - { - public: - /** - * Constructs a certificate using a native certificate. - * The Certificate class assumes ownership of the given native - * certificate. - * @param info The certificate data. - * @return The new certificate instance. - */ - static CertificatePtr create(CERT_SIGNED_CONTENT_INFO* info); - - /** - * Loads the certificate from a file. The certificate must use the - * PEM encoding format. - * @param file The certificate file. - * @return The new certificate instance. - * @throws CertificateReadException if the file cannot be read. - */ - static CertificatePtr load(const std::string& file); + static CertificatePtr create(CERT_SIGNED_CONTENT_INFO* info); - /** - * Decodes a certificate from a string that uses the PEM encoding format. - * @param str A string containing the encoded certificate. - * @return The new certificate instance. - * @throws CertificateEncodingException if an error occurs. - */ - static CertificatePtr decode(const std::string& str); - - /** - * Obtains the native X509 certificate value wrapped by this object. - * @return A reference to the native certificate. - * The returned reference is only valid for the lifetime of this - * object. The returned reference is a pointer to a struct. - */ - virtual CERT_SIGNED_CONTENT_INFO* getCert() const = 0; - }; - - } // SChannel namespace end + /** + * Loads the certificate from a file. The certificate must use the + * PEM encoding format. + * @param file The certificate file. + * @return The new certificate instance. + * @throws CertificateReadException if the file cannot be read. + */ + static CertificatePtr load(const std::string& file); -} // IceSSL namespace end + /** + * Decodes a certificate from a string that uses the PEM encoding format. + * @param str A string containing the encoded certificate. + * @return The new certificate instance. + * @throws CertificateEncodingException if an error occurs. + */ + static CertificatePtr decode(const std::string& str); + /** + * Obtains the native X509 certificate value wrapped by this object. + * @return A reference to the native certificate. + * The returned reference is only valid for the lifetime of this + * object. The returned reference is a pointer to a struct. + */ + virtual CERT_SIGNED_CONTENT_INFO* getCert() const = 0; + }; +} #endif #endif diff --git a/cpp/include/IceSSL/SecureTransport.h b/cpp/include/IceSSL/SecureTransport.h index f5bdf347fb9..c7516aef505 100644 --- a/cpp/include/IceSSL/SecureTransport.h +++ b/cpp/include/IceSSL/SecureTransport.h @@ -7,62 +7,56 @@ #ifdef __APPLE__ -# include "Plugin.h" +# include "Certificate.h" # include -namespace IceSSL +namespace IceSSL::SecureTransport { - namespace SecureTransport - { - class Certificate; - using CertificatePtr = std::shared_ptr; + class Certificate; + using CertificatePtr = std::shared_ptr; + /** + * This convenience class is a wrapper around a native certificate. + */ + class ICE_API Certificate : public virtual IceSSL::Certificate + { + public: /** - * This convenience class is a wrapper around a native certificate. - * \headerfile IceSSL/IceSSL.h + * Constructs a certificate using a native certificate. + * The Certificate class assumes ownership of the given native + * certificate. + * @param cert The certificate cert. + * @return The new certificate instance. */ - class ICESSL_API Certificate : public virtual IceSSL::Certificate - { - public: - /** - * Constructs a certificate using a native certificate. - * The Certificate class assumes ownership of the given native - * certificate. - * @param cert The certificate cert. - * @return The new certificate instance. - */ - static CertificatePtr create(SecCertificateRef cert); - - /** - * Loads the certificate from a file. The certificate must use the - * PEM encoding format. - * @param file The certificate file. - * @return The new certificate instance. - * @throws CertificateReadException if the file cannot be read. - */ - static CertificatePtr load(const std::string& file); + static CertificatePtr create(SecCertificateRef cert); - /** - * Decodes a certificate from a string that uses the PEM encoding format. - * @param str A string containing the encoded certificate. - * @return The new certificate instance. - * @throws CertificateEncodingException if an error occurs. - */ - static CertificatePtr decode(const std::string& str); - - /** - * Obtains the native X509 certificate value wrapped by this object. - * @return A reference to the native certificate. - * The returned reference is only valid for the lifetime of this - * object. You can increment the reference count of the returned - * object with CFRetain. - */ - virtual SecCertificateRef getCert() const = 0; - }; + /** + * Loads the certificate from a file. The certificate must use the + * PEM encoding format. + * @param file The certificate file. + * @return The new certificate instance. + * @throws CertificateReadException if the file cannot be read. + */ + static CertificatePtr load(const std::string& file); - } // SecureTransport namespace end + /** + * Decodes a certificate from a string that uses the PEM encoding format. + * @param str A string containing the encoded certificate. + * @return The new certificate instance. + * @throws CertificateEncodingException if an error occurs. + */ + static CertificatePtr decode(const std::string& str); -} // IceSSL namespace end + /** + * Obtains the native X509 certificate value wrapped by this object. + * @return A reference to the native certificate. + * The returned reference is only valid for the lifetime of this + * object. You can increment the reference count of the returned + * object with CFRetain. + */ + virtual SecCertificateRef getCert() const = 0; + }; +} #endif diff --git a/cpp/msbuild/ice.openssl.test.sln b/cpp/msbuild/ice.openssl.test.sln deleted file mode 100644 index 61437d860c0..00000000000 --- a/cpp/msbuild/ice.openssl.test.sln +++ /dev/null @@ -1,66 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 17 -VisualStudioVersion = 17.9.34321.82 -MinimumVisualStudioVersion = 10.0.40219.1 -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Common", "Common", "{2D52604F-E2AD-4586-BBD7-BD13536C702C}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcommon", "..\test\Common\msbuild\testcommon.vcxproj", "{C7223CC8-0AAA-470B-ACB3-12B9DE75525C}" -EndProject -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "IceSSL", "IceSSL", "{8DC4FC60-61F2-4D58-8DB1-615460DEF993}" -EndProject -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "configuration", "configuration", "{2557CF58-4848-4D0A-8D42-E0F7C7158A6B}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clientopenssl", "..\test\IceSSL\configuration\msbuild\clientopenssl\clientopenssl.vcxproj", "{34135D29-7ABF-416E-80A9-4077BD6A126F}" - ProjectSection(ProjectDependencies) = postProject - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C} = {C7223CC8-0AAA-470B-ACB3-12B9DE75525C} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "serveropenssl", "..\test\IceSSL\configuration\msbuild\serveropenssl\serveropenssl.vcxproj", "{1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}" - ProjectSection(ProjectDependencies) = postProject - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C} = {C7223CC8-0AAA-470B-ACB3-12B9DE75525C} - EndProjectSection -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Debug|x64 = Debug|x64 - Release|Win32 = Release|Win32 - Release|x64 = Release|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C}.Debug|Win32.ActiveCfg = Debug|Win32 - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C}.Debug|Win32.Build.0 = Debug|Win32 - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C}.Debug|x64.ActiveCfg = Debug|x64 - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C}.Debug|x64.Build.0 = Debug|x64 - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C}.Release|Win32.ActiveCfg = Release|Win32 - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C}.Release|Win32.Build.0 = Release|Win32 - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C}.Release|x64.ActiveCfg = Release|x64 - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C}.Release|x64.Build.0 = Release|x64 - {34135D29-7ABF-416E-80A9-4077BD6A126F}.Debug|Win32.ActiveCfg = Debug|Win32 - {34135D29-7ABF-416E-80A9-4077BD6A126F}.Debug|Win32.Build.0 = Debug|Win32 - {34135D29-7ABF-416E-80A9-4077BD6A126F}.Debug|x64.ActiveCfg = Debug|x64 - {34135D29-7ABF-416E-80A9-4077BD6A126F}.Debug|x64.Build.0 = Debug|x64 - {34135D29-7ABF-416E-80A9-4077BD6A126F}.Release|Win32.ActiveCfg = Release|Win32 - {34135D29-7ABF-416E-80A9-4077BD6A126F}.Release|Win32.Build.0 = Release|Win32 - {34135D29-7ABF-416E-80A9-4077BD6A126F}.Release|x64.ActiveCfg = Release|x64 - {34135D29-7ABF-416E-80A9-4077BD6A126F}.Release|x64.Build.0 = Release|x64 - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}.Debug|Win32.ActiveCfg = Debug|Win32 - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}.Debug|Win32.Build.0 = Debug|Win32 - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}.Debug|x64.ActiveCfg = Debug|x64 - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}.Debug|x64.Build.0 = Debug|x64 - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}.Release|Win32.ActiveCfg = Release|Win32 - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}.Release|Win32.Build.0 = Release|Win32 - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}.Release|x64.ActiveCfg = Release|x64 - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39}.Release|x64.Build.0 = Release|x64 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection - GlobalSection(NestedProjects) = preSolution - {C7223CC8-0AAA-470B-ACB3-12B9DE75525C} = {2D52604F-E2AD-4586-BBD7-BD13536C702C} - {2557CF58-4848-4D0A-8D42-E0F7C7158A6B} = {8DC4FC60-61F2-4D58-8DB1-615460DEF993} - {34135D29-7ABF-416E-80A9-4077BD6A126F} = {2557CF58-4848-4D0A-8D42-E0F7C7158A6B} - {1A83DE5F-3401-4D5D-B9FE-A930D5B15F39} = {2557CF58-4848-4D0A-8D42-E0F7C7158A6B} - EndGlobalSection -EndGlobal diff --git a/cpp/msbuild/ice.proj b/cpp/msbuild/ice.proj index 4701493f725..627b01ffe97 100644 --- a/cpp/msbuild/ice.proj +++ b/cpp/msbuild/ice.proj @@ -31,7 +31,6 @@ - @@ -84,22 +83,6 @@ Configuration=Release;Platform=x64;VisualStudioVersion=$(VisualStudioVersion) - - - - - Configuration=Debug;Platform=Win32 - - - Configuration=Debug;Platform=x64 - - - Configuration=Release;Platform=Win32 - - - Configuration=Release;Platform=x64 - - @@ -115,13 +98,6 @@ Configuration=$(Configuration);Platform=$(Platform);VisualStudioVersion=$(VisualStudioVersion) - - - - - Configuration=$(Configuration);Platform=$(Platform) - - @@ -147,22 +123,11 @@ - - - - diff --git a/cpp/msbuild/ice.sln b/cpp/msbuild/ice.sln index 8485d3586be..58b12ecf7b3 100644 --- a/cpp/msbuild/ice.sln +++ b/cpp/msbuild/ice.sln @@ -150,7 +150,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "icegridnode", "..\src\IceGr {142A9562-8DEC-4B1B-9B15-2CAD8304447B} = {142A9562-8DEC-4B1B-9B15-2CAD8304447B} {2940A3C2-A9BA-44AA-AF65-00479C783407} = {2940A3C2-A9BA-44AA-AF65-00479C783407} {4F8DD63C-3359-42F2-A6A8-80F7D55593AC} = {4F8DD63C-3359-42F2-A6A8-80F7D55593AC} - {5923B17D-2873-4245-87A7-FB8F4BE12501} = {5923B17D-2873-4245-87A7-FB8F4BE12501} {90EC26E8-AFFA-4E44-B068-AB5849A96FDD} = {90EC26E8-AFFA-4E44-B068-AB5849A96FDD} {9E13C4B5-5DA9-43C1-9304-AEAC035E854D} = {9E13C4B5-5DA9-43C1-9304-AEAC035E854D} {A28E5839-97F3-4874-BB77-E425787CF2ED} = {A28E5839-97F3-4874-BB77-E425787CF2ED} @@ -162,22 +161,15 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "icegridregistry", "..\src\I {142A9562-8DEC-4B1B-9B15-2CAD8304447B} = {142A9562-8DEC-4B1B-9B15-2CAD8304447B} {2940A3C2-A9BA-44AA-AF65-00479C783407} = {2940A3C2-A9BA-44AA-AF65-00479C783407} {4F8DD63C-3359-42F2-A6A8-80F7D55593AC} = {4F8DD63C-3359-42F2-A6A8-80F7D55593AC} - {5923B17D-2873-4245-87A7-FB8F4BE12501} = {5923B17D-2873-4245-87A7-FB8F4BE12501} {90EC26E8-AFFA-4E44-B068-AB5849A96FDD} = {90EC26E8-AFFA-4E44-B068-AB5849A96FDD} {9E13C4B5-5DA9-43C1-9304-AEAC035E854D} = {9E13C4B5-5DA9-43C1-9304-AEAC035E854D} {A28E5839-97F3-4874-BB77-E425787CF2ED} = {A28E5839-97F3-4874-BB77-E425787CF2ED} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "icessl", "..\src\IceSSL\msbuild\icessl\icessl.vcxproj", "{5923B17D-2873-4245-87A7-FB8F4BE12501}" - ProjectSection(ProjectDependencies) = postProject - {3AB9772C-6113-4F1C-90FB-5368E7486C11} = {3AB9772C-6113-4F1C-90FB-5368E7486C11} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "glacier2router", "..\src\Glacier2\msbuild\glacier2router.vcxproj", "{541CF1D6-95FD-4499-AB02-75CCCEE660B0}" ProjectSection(ProjectDependencies) = postProject {2940A3C2-A9BA-44AA-AF65-00479C783407} = {2940A3C2-A9BA-44AA-AF65-00479C783407} {3AB9772C-6113-4F1C-90FB-5368E7486C11} = {3AB9772C-6113-4F1C-90FB-5368E7486C11} - {5923B17D-2873-4245-87A7-FB8F4BE12501} = {5923B17D-2873-4245-87A7-FB8F4BE12501} EndProjectSection EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "icegriddb", "..\src\icegriddb\msbuild\icegriddb.vcxproj", "{369524F4-D374-44F4-BCFD-408934595701}" @@ -194,11 +186,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "icebridge", "..\src\IceBrid EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "slice2rb", "..\src\slice2rb\msbuild\slice2rb.vcxproj", "{A79E9EB0-878C-4EDB-9804-2D262D6008DB}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "icesslopenssl", "..\src\IceSSL\msbuild\icesslopenssl\icesslopenssl.vcxproj", "{D0DC2305-37FE-4D03-BE05-AC8912678DC8}" - ProjectSection(ProjectDependencies) = postProject - {5923B17D-2873-4245-87A7-FB8F4BE12501} = {5923B17D-2873-4245-87A7-FB8F4BE12501} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ice2slice", "..\src\ice2slice\msbuild\ice2slice.vcxproj", "{773EA63E-40AE-45B8-82B4-82B54CF309F8}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "glacier2cryptpermissionsverifier", "..\src\Glacier2CryptPermissionsVerifier\msbuild\glacier2cryptpermissionsverifier\glacier2cryptpermissionsverifier.vcxproj", "{BF2077E4-D837-486B-9356-24FA5F659808}" @@ -430,14 +417,6 @@ Global {64490115-464B-4DC3-B7C6-D0AF1B68B6F9}.Release|Win32.Build.0 = Release|Win32 {64490115-464B-4DC3-B7C6-D0AF1B68B6F9}.Release|x64.ActiveCfg = Release|x64 {64490115-464B-4DC3-B7C6-D0AF1B68B6F9}.Release|x64.Build.0 = Release|x64 - {5923B17D-2873-4245-87A7-FB8F4BE12501}.Debug|Win32.ActiveCfg = Debug|Win32 - {5923B17D-2873-4245-87A7-FB8F4BE12501}.Debug|Win32.Build.0 = Debug|Win32 - {5923B17D-2873-4245-87A7-FB8F4BE12501}.Debug|x64.ActiveCfg = Debug|x64 - {5923B17D-2873-4245-87A7-FB8F4BE12501}.Debug|x64.Build.0 = Debug|x64 - {5923B17D-2873-4245-87A7-FB8F4BE12501}.Release|Win32.ActiveCfg = Release|Win32 - {5923B17D-2873-4245-87A7-FB8F4BE12501}.Release|Win32.Build.0 = Release|Win32 - {5923B17D-2873-4245-87A7-FB8F4BE12501}.Release|x64.ActiveCfg = Release|x64 - {5923B17D-2873-4245-87A7-FB8F4BE12501}.Release|x64.Build.0 = Release|x64 {541CF1D6-95FD-4499-AB02-75CCCEE660B0}.Debug|Win32.ActiveCfg = Debug|Win32 {541CF1D6-95FD-4499-AB02-75CCCEE660B0}.Debug|Win32.Build.0 = Debug|Win32 {541CF1D6-95FD-4499-AB02-75CCCEE660B0}.Debug|x64.ActiveCfg = Debug|x64 @@ -470,14 +449,6 @@ Global {A79E9EB0-878C-4EDB-9804-2D262D6008DB}.Release|Win32.Build.0 = Release|Win32 {A79E9EB0-878C-4EDB-9804-2D262D6008DB}.Release|x64.ActiveCfg = Release|x64 {A79E9EB0-878C-4EDB-9804-2D262D6008DB}.Release|x64.Build.0 = Release|x64 - {D0DC2305-37FE-4D03-BE05-AC8912678DC8}.Debug|Win32.ActiveCfg = Debug|Win32 - {D0DC2305-37FE-4D03-BE05-AC8912678DC8}.Debug|Win32.Build.0 = Debug|Win32 - {D0DC2305-37FE-4D03-BE05-AC8912678DC8}.Debug|x64.ActiveCfg = Debug|x64 - {D0DC2305-37FE-4D03-BE05-AC8912678DC8}.Debug|x64.Build.0 = Debug|x64 - {D0DC2305-37FE-4D03-BE05-AC8912678DC8}.Release|Win32.ActiveCfg = Release|Win32 - {D0DC2305-37FE-4D03-BE05-AC8912678DC8}.Release|Win32.Build.0 = Release|Win32 - {D0DC2305-37FE-4D03-BE05-AC8912678DC8}.Release|x64.ActiveCfg = Release|x64 - {D0DC2305-37FE-4D03-BE05-AC8912678DC8}.Release|x64.Build.0 = Release|x64 {773EA63E-40AE-45B8-82B4-82B54CF309F8}.Debug|Win32.ActiveCfg = Debug|Win32 {773EA63E-40AE-45B8-82B4-82B54CF309F8}.Debug|Win32.Build.0 = Debug|Win32 {773EA63E-40AE-45B8-82B4-82B54CF309F8}.Debug|x64.ActiveCfg = Debug|x64 diff --git a/cpp/src/Glacier2/Makefile.mk b/cpp/src/Glacier2/Makefile.mk index bc073a35671..04bc21c0cbd 100644 --- a/cpp/src/Glacier2/Makefile.mk +++ b/cpp/src/Glacier2/Makefile.mk @@ -5,7 +5,7 @@ $(project)_programs := glacier2router $(project)_sliceflags := --include-dir Glacier2 $(project)_generated_includedir := $(project)/generated/Glacier2 -$(project)_dependencies := Glacier2 IceSSL Ice +$(project)_dependencies := Glacier2 Ice glacier2router_targetdir := $(bindir) diff --git a/cpp/src/Glacier2/SessionRouterI.cpp b/cpp/src/Glacier2/SessionRouterI.cpp index 616b03c67d3..ccbfa8535b3 100644 --- a/cpp/src/Glacier2/SessionRouterI.cpp +++ b/cpp/src/Glacier2/SessionRouterI.cpp @@ -6,11 +6,10 @@ #include "SessionRouterI.h" #include "FilterManager.h" #include "Glacier2/PermissionsVerifier.h" -#include "RouterI.h" - #include "Ice/UUID.h" - -#include "IceSSL/IceSSL.h" +#include "IceSSL/Certificate.h" +#include "IceSSL/ConnectionInfo.h" +#include "RouterI.h" using namespace std; using namespace Ice; diff --git a/cpp/src/Ice/Instance.cpp b/cpp/src/Ice/Instance.cpp index 8d63ae9283f..fbf55c42d9e 100644 --- a/cpp/src/Ice/Instance.cpp +++ b/cpp/src/Ice/Instance.cpp @@ -3,6 +3,8 @@ // #include "Instance.h" +#include "../IceSSL/SSLEngine.h" +#include "CheckIdentity.h" #include "ConnectionFactory.h" #include "ConsoleUtil.h" #include "DefaultsAndOverrides.h" @@ -16,7 +18,12 @@ #include "Ice/LoggerUtil.h" #include "Ice/ObserverHelper.h" #include "Ice/Properties.h" +#include "Ice/ProxyFunctions.h" #include "Ice/Router.h" +#include "Ice/UUID.h" +#include "IceUtil/DisableWarnings.h" +#include "IceUtil/FileUtil.h" +#include "IceUtil/StringUtil.h" #include "InstrumentationI.h" #include "LocatorInfo.h" #include "LoggerAdminI.h" @@ -37,18 +44,18 @@ #include "ValueFactoryManagerI.h" #include "WSEndpoint.h" -#include "Ice/UUID.h" -#include "IceUtil/DisableWarnings.h" -#include "IceUtil/FileUtil.h" -#include "IceUtil/StringUtil.h" - -#include "CheckIdentity.h" -#include "Ice/ProxyFunctions.h" - #include #include #include +#if defined(_WIN32) +# include "../IceSSL/SChannelEngine.h" +#elif defined(__APPLE__) +# include "../IceSSL/SecureTransportEngine.h" +#else +# include "../IceSSL/OpenSSLEngine.h" +#endif + #ifdef __APPLE__ # include "OSLogLoggerI.h" #endif @@ -1263,6 +1270,15 @@ IceInternal::Instance::initialize(const Ice::CommunicatorPtr& communicator) _retryIntervals.push_back(v > 0 ? v : 0); } } + +#if defined(_WIN32) + _sslEngine = make_shared(shared_from_this()); +#elif defined(__APPLE__) + _sslEngine = make_shared(shared_from_this()); +#else + _sslEngine = make_shared(shared_from_this()); +#endif + _sslEngine->initialize(); } catch (...) { @@ -1729,6 +1745,8 @@ IceInternal::Instance::destroy() _adminAdapter = nullptr; _adminFacets.clear(); + _sslEngine = nullptr; + _state = StateDestroyed; _conditionVariable.notify_all(); } diff --git a/cpp/src/Ice/Instance.h b/cpp/src/Ice/Instance.h index bd0f16b8ed2..762fb60891b 100644 --- a/cpp/src/Ice/Instance.h +++ b/cpp/src/Ice/Instance.h @@ -5,6 +5,7 @@ #ifndef ICE_INSTANCE_H #define ICE_INSTANCE_H +#include "../IceSSL/SSLEngineF.h" #include "ACM.h" #include "ConnectionFactoryF.h" #include "DefaultsAndOverridesF.h" @@ -25,14 +26,13 @@ #include "NetworkF.h" #include "NetworkProxyF.h" #include "ObjectAdapterFactoryF.h" +#include "Protocol.h" #include "ReferenceFactoryF.h" #include "RetryQueueF.h" #include "RouterInfoF.h" #include "ThreadPoolF.h" #include "TraceLevelsF.h" -#include "Protocol.h" - #include namespace Ice @@ -125,6 +125,8 @@ namespace IceInternal void setSndBufSizeWarn(std::int16_t type, int size); void setRcvBufSizeWarn(std::int16_t type, int size); + IceSSL::SSLEnginePtr sslEngine() const { return _sslEngine; } + private: Instance(const Ice::InitializationData&); void initialize(const Ice::CommunicatorPtr&); @@ -199,6 +201,7 @@ namespace IceInternal ImplicitContextKind _implicitContextKind; // Only set when _implicitContextKind == Shared. Ice::ImplicitContextPtr _sharedImplicitContext; + IceSSL::SSLEnginePtr _sslEngine; }; class ProcessI : public Ice::Process diff --git a/cpp/src/Ice/LoggerI.cpp b/cpp/src/Ice/LoggerI.cpp index a09f5e871d4..3de809d50ff 100644 --- a/cpp/src/Ice/LoggerI.cpp +++ b/cpp/src/Ice/LoggerI.cpp @@ -22,10 +22,7 @@ namespace { mutex outputMutex; - // - // Timeout in milliseconds after which rename will be attempted - // in case of failures renaming files. That is set to 5 minutes. - // + // Timeout after which rename will be attempted in case of failures renaming files. That is set to 5 minutes. const chrono::minutes retryTimeout = chrono::minutes(5); } diff --git a/cpp/src/Ice/Makefile.mk b/cpp/src/Ice/Makefile.mk index e1c6a81eaff..1cb97120d4c 100644 --- a/cpp/src/Ice/Makefile.mk +++ b/cpp/src/Ice/Makefile.mk @@ -11,6 +11,12 @@ Ice_ldflags = $(iconv_ldflags) Ice_sliceflags := --include-dir Ice Ice_libs := bz2 Ice_extra_sources := $(wildcard src/IceUtil/*.cpp) + +ifeq ($(os),Darwin) +Ice_extra_sources += $(filter-out src/IceSSL/OpenSSL%.cpp src/IceSSL/SChannel%.cpp, $(wildcard src/IceSSL/*.cpp)) +else +Ice_extra_sources += $(filter-out src/IceSSL/SecureTransport%.cpp src/IceSSL/SChannel%.cpp, $(wildcard src/IceSSL/*.cpp)) +endif Ice_excludes = src/Ice/DLLMain.cpp ifeq ($(os),Linux) diff --git a/cpp/src/Ice/RegisterPluginsInit.cpp b/cpp/src/Ice/RegisterPluginsInit.cpp index 8af7d2b8903..b966f306061 100644 --- a/cpp/src/Ice/RegisterPluginsInit.cpp +++ b/cpp/src/Ice/RegisterPluginsInit.cpp @@ -12,11 +12,13 @@ extern "C" Ice::Plugin* createIceUDP(const Ice::CommunicatorPtr&, const std::string&, const Ice::StringSeq&); Ice::Plugin* createIceTCP(const Ice::CommunicatorPtr&, const std::string&, const Ice::StringSeq&); Ice::Plugin* createIceWS(const Ice::CommunicatorPtr&, const std::string&, const Ice::StringSeq&); + Ice::Plugin* createIceSSL(const Ice::CommunicatorPtr&, const std::string&, const Ice::StringSeq&); } IceInternal::RegisterPluginsInit::RegisterPluginsInit() { Ice::registerPluginFactory("IceTCP", createIceTCP, true); + Ice::registerPluginFactory("IceSSL", createIceSSL, true); // // Only include the UDP and WS transport plugins with non-static builds or Gem/PyPI/Swift diff --git a/cpp/src/Ice/msbuild/ice/ice.vcxproj b/cpp/src/Ice/msbuild/ice/ice.vcxproj index f70ef417ffc..89f57a22020 100644 --- a/cpp/src/Ice/msbuild/ice/ice.vcxproj +++ b/cpp/src/Ice/msbuild/ice/ice.vcxproj @@ -68,7 +68,7 @@ 4996;%(DisableSpecificWarnings) - advapi32.lib;ws2_32.lib;Iphlpapi.lib;rpcrt4.lib;DbgHelp.lib;Shlwapi.lib + advapi32.lib;ws2_32.lib;Iphlpapi.lib;rpcrt4.lib;DbgHelp.lib;Shlwapi.lib;secur32.lib;crypt32.lib @@ -77,7 +77,7 @@ 4996;%(DisableSpecificWarnings) - advapi32.lib;ws2_32.lib;Iphlpapi.lib;rpcrt4.lib;DbgHelp.lib;Shlwapi.lib + advapi32.lib;ws2_32.lib;Iphlpapi.lib;rpcrt4.lib;DbgHelp.lib;Shlwapi.lib;secur32.lib;crypt32.lib @@ -86,7 +86,7 @@ 4996;%(DisableSpecificWarnings) - advapi32.lib;ws2_32.lib;Iphlpapi.lib;rpcrt4.lib;DbgHelp.lib;Shlwapi.lib + advapi32.lib;ws2_32.lib;Iphlpapi.lib;rpcrt4.lib;DbgHelp.lib;Shlwapi.lib;secur32.lib;crypt32.lib @@ -95,7 +95,7 @@ 4996;%(DisableSpecificWarnings) - advapi32.lib;ws2_32.lib;Iphlpapi.lib;rpcrt4.lib;DbgHelp.lib;Shlwapi.lib + advapi32.lib;ws2_32.lib;Iphlpapi.lib;rpcrt4.lib;DbgHelp.lib;Shlwapi.lib;secur32.lib;crypt32.lib @@ -163,6 +163,19 @@ + + + + + + + + + + + + + diff --git a/cpp/src/Ice/msbuild/ice/ice.vcxproj.filters b/cpp/src/Ice/msbuild/ice/ice.vcxproj.filters index a45bf70325f..87aaf8435ce 100644 --- a/cpp/src/Ice/msbuild/ice/ice.vcxproj.filters +++ b/cpp/src/Ice/msbuild/ice/ice.vcxproj.filters @@ -71,6 +71,9 @@ {efb1387e-a41e-4b1e-958c-88d9bb342a60} + + {9e29ae46-f871-4a8f-aeee-60426e193a89} + @@ -576,6 +579,45 @@ Source Files + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + + + Source Files\IceSSL + Source Files @@ -1012,4 +1054,4 @@ Slice Files - \ No newline at end of file + diff --git a/cpp/src/IceGrid/AdminSessionI.cpp b/cpp/src/IceGrid/AdminSessionI.cpp index 67586d45285..f8b01ff8adc 100644 --- a/cpp/src/IceGrid/AdminSessionI.cpp +++ b/cpp/src/IceGrid/AdminSessionI.cpp @@ -7,10 +7,8 @@ #include "Database.h" #include "Ice/Ice.h" #include "Ice/UUID.h" +#include "IceSSL/Certificate.h" #include "RegistryI.h" - -#include "IceSSL/Plugin.h" - #include "SynchronizationException.h" using namespace std; diff --git a/cpp/src/IceGrid/InternalRegistryI.cpp b/cpp/src/IceGrid/InternalRegistryI.cpp index e2ae8bb8119..702e851a991 100644 --- a/cpp/src/IceGrid/InternalRegistryI.cpp +++ b/cpp/src/IceGrid/InternalRegistryI.cpp @@ -8,7 +8,8 @@ #include "../IceSSL/RFC2253.h" #include "Database.h" #include "FileCache.h" -#include "IceSSL/IceSSL.h" +#include "IceSSL/Certificate.h" +#include "IceSSL/ConnectionInfo.h" #include "InternalRegistryI.h" #include "NodeSessionI.h" #include "ReapThread.h" diff --git a/cpp/src/IceGrid/Makefile.mk b/cpp/src/IceGrid/Makefile.mk index 011550aea77..5d2e0e8a647 100644 --- a/cpp/src/IceGrid/Makefile.mk +++ b/cpp/src/IceGrid/Makefile.mk @@ -65,12 +65,12 @@ $(project)_targetdir := $(bindir) icegridnode_sources := $(addprefix $(currentdir)/,$(local_node_srcs) $(local_registry_srcs) IceGridNode.cpp) \ $(slicedir)/IceLocatorDiscovery/IceLocatorDiscovery.ice -icegridnode_dependencies := IceBox IceStormService IceStorm IceXML IceSSL IceDB +icegridnode_dependencies := IceBox IceStormService IceStorm IceXML IceDB icegridnode_cppflags := $(if $(lmdb_includedir),-I$(lmdb_includedir)) icegridregistry_sources := $(addprefix $(currentdir)/,$(local_registry_srcs) IceGridRegistry.cpp) \ $(slicedir)/IceLocatorDiscovery/IceLocatorDiscovery.ice -icegridregistry_dependencies := IceBox IceStormService IceStorm IceXML IceSSL IceDB $(local_dependencies) +icegridregistry_dependencies := IceBox IceStormService IceStorm IceXML IceDB $(local_dependencies) icegridregistry_cppflags := $(if $(lmdb_includedir),-I$(lmdb_includedir)) icegridadmin_dependencies := IceBox IceXML IceLocatorDiscovery diff --git a/cpp/src/IceGrid/RegistryI.cpp b/cpp/src/IceGrid/RegistryI.cpp index 1dbe8d6472c..9cf45c20909 100644 --- a/cpp/src/IceGrid/RegistryI.cpp +++ b/cpp/src/IceGrid/RegistryI.cpp @@ -2,30 +2,29 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // +#include "RegistryI.h" #include "../Ice/Network.h" #include "../Ice/ProtocolPluginFacade.h" // Just to get the hostname -#include "Ice/Ice.h" -#include "Ice/UUID.h" -#include "IceUtil/FileUtil.h" - #include "../IceStorm/Service.h" -#include "Glacier2/NullPermissionsVerifier.h" -#include "Glacier2/PermissionsVerifier.h" -#include "IceSSL/IceSSL.h" - #include "AdminCallbackRouter.h" #include "AdminI.h" #include "AdminSessionI.h" #include "Database.h" #include "FileCache.h" #include "FileUserAccountMapperI.h" +#include "Glacier2/NullPermissionsVerifier.h" +#include "Glacier2/PermissionsVerifier.h" +#include "Ice/Ice.h" +#include "Ice/UUID.h" #include "IceLocatorDiscovery.h" +#include "IceSSL/Certificate.h" +#include "IceSSL/ConnectionInfo.h" +#include "IceUtil/FileUtil.h" #include "InternalRegistryI.h" #include "LocatorI.h" #include "LocatorRegistryI.h" #include "QueryI.h" #include "ReapThread.h" -#include "RegistryI.h" #include "SessionI.h" #include "SessionServantManager.h" #include "TraceLevels.h" diff --git a/cpp/src/IceGrid/SessionI.cpp b/cpp/src/IceGrid/SessionI.cpp index beb15264062..708e12b96dc 100644 --- a/cpp/src/IceGrid/SessionI.cpp +++ b/cpp/src/IceGrid/SessionI.cpp @@ -7,11 +7,10 @@ #include "Ice/Ice.h" #include "Ice/UUID.h" #include "IceGrid/Admin.h" +#include "IceSSL/Certificate.h" #include "LocatorI.h" #include "QueryI.h" -#include "IceSSL/Plugin.h" - using namespace std; using namespace IceGrid; diff --git a/cpp/src/IceSSL/CertificateI.cpp b/cpp/src/IceSSL/CertificateI.cpp index a9069fdf5e0..0171f6c2719 100644 --- a/cpp/src/IceSSL/CertificateI.cpp +++ b/cpp/src/IceSSL/CertificateI.cpp @@ -9,9 +9,8 @@ #include "Ice/StringConverter.h" #include "IceUtil/DisableWarnings.h" #include "IceUtil/StringUtil.h" -#include "PluginI.h" #include "RFC2253.h" -#include "Util.h" +#include "SSLUtil.h" using namespace std; using namespace Ice; @@ -213,25 +212,3 @@ CertificateI::toString() const os << "subject: " << string(getSubjectDN()) << "\n"; return os.str(); } - -unsigned int -Certificate::getKeyUsage() const -{ - const CertificateExtendedInfo* impl = dynamic_cast(this); - if (impl) - { - return impl->getKeyUsage(); - } - return 0; -} - -unsigned int -Certificate::getExtendedKeyUsage() const -{ - const CertificateExtendedInfo* impl = dynamic_cast(this); - if (impl) - { - return impl->getExtendedKeyUsage(); - } - return 0; -} diff --git a/cpp/src/IceSSL/CertificateI.h b/cpp/src/IceSSL/CertificateI.h index d7cafb5fc15..5495a0c3f53 100644 --- a/cpp/src/IceSSL/CertificateI.h +++ b/cpp/src/IceSSL/CertificateI.h @@ -5,7 +5,7 @@ #ifndef ICESSL_CERTIFICATE_I_H #define ICESSL_CERTIFICATE_I_H -#include "IceSSL/Plugin.h" +#include "IceSSL/Certificate.h" #include #include @@ -15,19 +15,19 @@ namespace IceSSL // // Map a certificate OID to its alias // - struct ICESSL_API CertificateOID + struct ICE_API CertificateOID { const char* name; const char* alias; }; - extern const ICESSL_API CertificateOID certificateOIDS[]; - extern const ICESSL_API int certificateOIDSSize; + extern const ICE_API CertificateOID certificateOIDS[]; + extern const ICE_API int certificateOIDSSize; // // Certificate common implementation // - class ICESSL_API CertificateI : public virtual IceSSL::Certificate + class ICE_API CertificateI : public virtual IceSSL::Certificate { public: virtual bool operator!=(const IceSSL::Certificate&) const; @@ -40,13 +40,8 @@ namespace IceSSL virtual std::string toString() const; protected: - // - // Implementations that support retrieving X509 extensions must - // reimplement this method to lazzy initialize the extensions - // list. - // - // The default implementation just throw FeatureNotSupportedException - // + // Implementations that support retrieving X509 extensions must reimplement this method to lazzy initialize + // the extensions list. The default implementation just throw FeatureNotSupportedException. virtual void loadX509Extensions() const; mutable std::vector _extensions; }; diff --git a/cpp/src/IceSSL/IceSSL.rc b/cpp/src/IceSSL/IceSSL.rc deleted file mode 100644 index 58cf137ecd8..00000000000 --- a/cpp/src/IceSSL/IceSSL.rc +++ /dev/null @@ -1,33 +0,0 @@ -#include "IceUtil/ResourceConfig.h" - -#define ICE_INTERNALNAME ICE_LIBNAME("icessl") "\0" -#define ICE_ORIGINALFILENAME ICE_LIBNAME("icessl") ".dll\0" - -VS_VERSION_INFO VERSIONINFO -FILEVERSION ICE_VERSION -PRODUCTVERSION ICE_VERSION -FILEFLAGSMASK VS_FFI_FILEFLAGSMASK -FILEOS VOS_NT_WINDOWS32 -FILETYPE VFT_DLL -FILESUBTYPE VFT2_UNKNOWN -FILEFLAGS VER_DEBUG -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904e4" - BEGIN - VALUE "CompanyName", ICE_COMPANY_NAME - VALUE "FileDescription", "IceSSL C++ Plug-in\0" - VALUE "FileVersion", ICE_STRING_VERSION - VALUE "InternalName", ICE_INTERNALNAME - VALUE "LegalCopyright", ICE_COPYRIGHT - VALUE "OriginalFilename", ICE_ORIGINALFILENAME - VALUE "ProductName", ICE_PRODUCT_NAME - VALUE "ProductVersion", ICE_STRING_VERSION - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x409, 1252 - END -END diff --git a/cpp/src/IceSSL/IceSSLOpenSSL.rc b/cpp/src/IceSSL/IceSSLOpenSSL.rc deleted file mode 100644 index ba33efa9345..00000000000 --- a/cpp/src/IceSSL/IceSSLOpenSSL.rc +++ /dev/null @@ -1,33 +0,0 @@ -#include "IceUtil/ResourceConfig.h" - -#define ICE_INTERNALNAME ICE_LIBNAME("icesslopenssl") "\0" -#define ICE_ORIGINALFILENAME ICE_LIBNAME("icesslopenssl") ".dll\0" - -VS_VERSION_INFO VERSIONINFO -FILEVERSION ICE_VERSION -PRODUCTVERSION ICE_VERSION -FILEFLAGSMASK VS_FFI_FILEFLAGSMASK -FILEOS VOS_NT_WINDOWS32 -FILETYPE VFT_DLL -FILESUBTYPE VFT2_UNKNOWN -FILEFLAGS VER_DEBUG -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904e4" - BEGIN - VALUE "CompanyName", ICE_COMPANY_NAME - VALUE "FileDescription", "IceSSL OpenSSL C++ Plug-in\0" - VALUE "FileVersion", ICE_STRING_VERSION - VALUE "InternalName", ICE_INTERNALNAME - VALUE "LegalCopyright", ICE_COPYRIGHT - VALUE "OriginalFilename", ICE_ORIGINALFILENAME - VALUE "ProductName", ICE_PRODUCT_NAME - VALUE "ProductVersion", ICE_STRING_VERSION - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x409, 1252 - END -END diff --git a/cpp/src/IceSSL/Makefile.mk b/cpp/src/IceSSL/Makefile.mk deleted file mode 100644 index f16f94ff884..00000000000 --- a/cpp/src/IceSSL/Makefile.mk +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (c) ZeroC, Inc. All rights reserved. -# - -$(project)_libraries := IceSSL - -IceSSL_targetdir := $(libdir) -IceSSL_dependencies := Ice -IceSSL_cppflags := -DICESSL_API_EXPORTS - -# -# Exclude sources that are not build with the default -# implementation. -# -IceSSL_excludes += $(wildcard src/IceSSL/SChannel*.cpp) - -ifeq ($(os),Darwin) -IceSSL_excludes += $(wildcard src/IceSSL/OpenSSL*.cpp) -else -IceSSL_cppflags += -DICESSL_OPENSSL_API_EXPORTS -IceSSL_excludes += $(wildcard src/IceSSL/SecureTransport*.cpp) -endif - -projects += $(project) diff --git a/cpp/src/IceSSL/OpenSSLCertificateI.cpp b/cpp/src/IceSSL/OpenSSLCertificateI.cpp index fc6e4859ab1..12b9bc05607 100644 --- a/cpp/src/IceSSL/OpenSSLCertificateI.cpp +++ b/cpp/src/IceSSL/OpenSSLCertificateI.cpp @@ -5,7 +5,6 @@ #include "CertificateI.h" #include "IceSSL/OpenSSL.h" #include "OpenSSLUtil.h" -#include "PluginI.h" #include "RFC2253.h" #include @@ -210,9 +209,7 @@ namespace x509_st* _cert; }; - class OpenSSLCertificateI : public IceSSL::OpenSSL::Certificate, - public CertificateI, - public IceSSL::CertificateExtendedInfo + class OpenSSLCertificateI : public IceSSL::OpenSSL::Certificate, public CertificateI { public: OpenSSLCertificateI(x509_st*); @@ -614,3 +611,15 @@ IceSSL::OpenSSL::Certificate::decode(const std::string& encoding) } return make_shared(x); } + +IceSSL::CertificatePtr +IceSSL::Certificate::load(const std::string& file) +{ + return IceSSL::OpenSSL::Certificate::load(file); +} + +IceSSL::CertificatePtr +IceSSL::Certificate::decode(const std::string& encoding) +{ + return IceSSL::OpenSSL::Certificate::decode(encoding); +} diff --git a/cpp/src/IceSSL/OpenSSLEngine.cpp b/cpp/src/IceSSL/OpenSSLEngine.cpp index 38e7594c9cf..de530e0e461 100644 --- a/cpp/src/IceSSL/OpenSSLEngine.cpp +++ b/cpp/src/IceSSL/OpenSSLEngine.cpp @@ -2,22 +2,19 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "IceSSL/Config.h" - #include "OpenSSLEngine.h" -#include "OpenSSLEngineF.h" -#include "OpenSSLTransceiverI.h" -#include "TrustManager.h" -#include "Util.h" - #include "Ice/Communicator.h" +#include "Ice/Config.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/LoggerUtil.h" #include "Ice/Properties.h" - #include "IceUtil/FileUtil.h" #include "IceUtil/StringUtil.h" +#include "OpenSSLEngineF.h" +#include "OpenSSLTransceiverI.h" +#include "SSLUtil.h" +#include "TrustManager.h" #include @@ -76,7 +73,7 @@ namespace } } -OpenSSL::SSLEngine::SSLEngine(const CommunicatorPtr& communicator) : IceSSL::SSLEngine(communicator), _ctx(0) {} +OpenSSL::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) : IceSSL::SSLEngine(instance), _ctx(0) {} OpenSSL::SSLEngine::~SSLEngine() {} @@ -84,17 +81,12 @@ void OpenSSL::SSLEngine::initialize() { lock_guard lock(_mutex); - if (_initialized) - { - return; - } - try { IceSSL::SSLEngine::initialize(); const string propPrefix = "IceSSL."; - PropertiesPtr properties = communicator()->getProperties(); + PropertiesPtr properties = getProperties(); // Create an SSL context if the application hasn't supplied one. if (!_ctx) @@ -509,20 +501,6 @@ OpenSSL::SSLEngine::initialize() _ctx = nullptr; throw; } - - _initialized = true; -} - -void -OpenSSL::SSLEngine::context(SSL_CTX* context) -{ - if (initialized()) - { - throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: plug-in is already initialized"); - } - - assert(!_ctx); - _ctx = context; } SSL_CTX* diff --git a/cpp/src/IceSSL/OpenSSLEngine.h b/cpp/src/IceSSL/OpenSSLEngine.h index 44baa5dc30c..1eee85d5eaa 100644 --- a/cpp/src/IceSSL/OpenSSLEngine.h +++ b/cpp/src/IceSSL/OpenSSLEngine.h @@ -5,39 +5,34 @@ #ifndef ICESSL_OPENSSL_ENGINE_H #define ICESSL_OPENSSL_ENGINE_H -#include "InstanceF.h" +#include "../Ice/InstanceF.h" +#include "Ice/BuiltinSequences.h" #include "OpenSSLUtil.h" #include "SSLEngine.h" +#include "SSLInstanceF.h" -#include "Ice/BuiltinSequences.h" - -namespace IceSSL +namespace IceSSL::OpenSSL { - namespace OpenSSL + class SSLEngine final : public IceSSL::SSLEngine { - class SSLEngine final : public IceSSL::SSLEngine - { - public: - SSLEngine(const Ice::CommunicatorPtr&); - ~SSLEngine(); - - void initialize() final; - void destroy() final; - IceInternal::TransceiverPtr - createTransceiver(const IceSSL::InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool) - final; - SSL_CTX* context() const; - void context(SSL_CTX*); - std::string sslErrors() const; - std::string password() const { return _password; } - - private: - SSL_CTX* _ctx; - std::string _password; - }; - - } // OpenSSL namespace end - -} // IceSSL namespace endif + public: + SSLEngine(const IceInternal::InstancePtr&); + ~SSLEngine(); + + void initialize() final; + void destroy() final; + IceInternal::TransceiverPtr + createTransceiver(const IceSSL::InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool) + final; + SSL_CTX* context() const; + std::string sslErrors() const; + std::string password() const { return _password; } + + private: + SSL_CTX* _ctx; + std::string _password; + }; + +} #endif diff --git a/cpp/src/IceSSL/OpenSSLEngineF.h b/cpp/src/IceSSL/OpenSSLEngineF.h index 029000660d3..269e861550d 100644 --- a/cpp/src/IceSSL/OpenSSLEngineF.h +++ b/cpp/src/IceSSL/OpenSSLEngineF.h @@ -7,15 +7,9 @@ #include -namespace IceSSL +namespace IceSSL::OpenSSL { - namespace OpenSSL - { - class SSLEngine; - using SSLEnginePtr = std::shared_ptr; - - } // OpenSSL namespace end - -} // IceSSL namespace end - + class SSLEngine; + using SSLEnginePtr = std::shared_ptr; +} #endif diff --git a/cpp/src/IceSSL/OpenSSLPluginI.cpp b/cpp/src/IceSSL/OpenSSLPluginI.cpp deleted file mode 100644 index 5decd9f7036..00000000000 --- a/cpp/src/IceSSL/OpenSSLPluginI.cpp +++ /dev/null @@ -1,119 +0,0 @@ -// -// Copyright (c) ZeroC, Inc. All rights reserved. -// - -#include "Ice/Initialize.h" -#include "IceSSL/OpenSSL.h" -#include "OpenSSLEngine.h" -#include "PluginI.h" - -using namespace std; - -namespace -{ - class PluginI : public IceSSL::PluginI, public IceSSL::OpenSSL::Plugin - { - public: - PluginI(const Ice::CommunicatorPtr&); - - virtual int64_t getOpenSSLVersion() const; - virtual IceSSL::CertificatePtr create(x509_st*) const; - virtual IceSSL::CertificatePtr load(const std::string&) const; - virtual IceSSL::CertificatePtr decode(const std::string&) const; - virtual void setContext(SSL_CTX*); - virtual SSL_CTX* getContext(); - }; - -} // anonymous namespace end - -// -// Plugin implementation. -// -PluginI::PluginI(const Ice::CommunicatorPtr& com) : IceSSL::PluginI(com, make_shared(com)) -{ -} - -int64_t -PluginI::getOpenSSLVersion() const -{ - return SSLeay(); -} - -IceSSL::CertificatePtr -PluginI::create(x509_st* cert) const -{ - return IceSSL::OpenSSL::Certificate::create(cert); -} - -IceSSL::CertificatePtr -PluginI::load(const std::string& file) const -{ - return IceSSL::OpenSSL::Certificate::load(file); -} - -IceSSL::CertificatePtr -PluginI::decode(const std::string& encoding) const -{ - return IceSSL::OpenSSL::Certificate::load(encoding); -} - -void -PluginI::setContext(SSL_CTX* context) -{ - IceSSL::OpenSSL::SSLEngine* engine = dynamic_cast(_engine.get()); - assert(engine); - engine->context(context); -} - -SSL_CTX* -PluginI::getContext() -{ - IceSSL::OpenSSL::SSLEngine* engine = dynamic_cast(_engine.get()); - assert(engine); - return engine->context(); -} - -#ifdef _WIN32 -// -// Plug-in factory function. -// -extern "C" ICESSL_OPENSSL_API Ice::Plugin* -createIceSSLOpenSSL(const Ice::CommunicatorPtr& communicator, const string& /*name*/, const Ice::StringSeq& /*args*/) -{ - return new PluginI(communicator); -} - -namespace Ice -{ - ICESSL_OPENSSL_API void registerIceSSLOpenSSL(bool loadOnInitialize) - { - Ice::registerPluginFactory("IceSSL", createIceSSLOpenSSL, loadOnInitialize); - } -} - -#else - -extern "C" ICESSL_API Ice::Plugin* -createIceSSL(const Ice::CommunicatorPtr& communicator, const string& /*name*/, const Ice::StringSeq& /*args*/) -{ - return new PluginI(communicator); -} - -// -// The following functions are defined only when OpenSSL is the default -// implementation. In Windows the default implementation is always -// SChannel. -// -IceSSL::CertificatePtr -IceSSL::Certificate::load(const std::string& file) -{ - return IceSSL::OpenSSL::Certificate::load(file); -} - -IceSSL::CertificatePtr -IceSSL::Certificate::decode(const std::string& encoding) -{ - return IceSSL::OpenSSL::Certificate::decode(encoding); -} - -#endif diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp index 19a13ed607b..c2f40b79076 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +++ b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp @@ -3,20 +3,17 @@ // #include "OpenSSLTransceiverI.h" -#include "OpenSSLEngine.h" - -#include "IceSSL/ConnectionInfo.h" -#include "IceSSL/OpenSSL.h" -#include "Instance.h" -#include "PluginI.h" -#include "SSLEngine.h" -#include "Util.h" - #include "../Ice/Network.h" #include "Ice/Buffer.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/LoggerUtil.h" +#include "IceSSL/ConnectionInfo.h" +#include "IceSSL/OpenSSL.h" +#include "OpenSSLEngine.h" +#include "SSLEngine.h" +#include "SSLInstance.h" +#include "SSLUtil.h" #include #include @@ -169,18 +166,7 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:: } else { -#ifdef ICE_USE_IOCP - assert(_sentBytes == 0); - _maxSendPacketSize = std::max(512, IceInternal::getSendBufferSize(fd)); - _maxRecvPacketSize = std::max(512, IceInternal::getRecvBufferSize(fd)); - if (!BIO_new_bio_pair(&bio, _maxSendPacketSize, &_memBio, _maxRecvPacketSize)) - { - bio = 0; - _memBio = 0; - } -#else bio = BIO_new_socket(fd, 0); -#endif } if (!bio) @@ -720,141 +706,6 @@ OpenSSL::TransceiverI::read(IceInternal::Buffer& buf) return IceInternal::SocketOperationNone; } -#ifdef ICE_USE_IOCP - -bool -OpenSSL::TransceiverI::startWrite(IceInternal::Buffer& buffer) -{ - if (!_connected) - { - return _delegate->startWrite(buffer); - } - - if (_writeBuffer.i == _writeBuffer.b.end()) - { - assert(_sentBytes == 0); - int packetSize = std::min(static_cast(_maxSendPacketSize), static_cast(buffer.b.end() - buffer.i)); - _sentBytes = SSL_write(_ssl, reinterpret_cast(&*buffer.i), packetSize); - - assert(BIO_ctrl_pending(_memBio)); - _writeBuffer.b.resize(BIO_ctrl_pending(_memBio)); - _writeBuffer.i = _writeBuffer.b.begin(); - BIO_read(_memBio, _writeBuffer.i, static_cast(_writeBuffer.b.size())); - } - - return _delegate->startWrite(_writeBuffer) && buffer.i == buffer.b.end(); -} - -void -OpenSSL::TransceiverI::finishWrite(IceInternal::Buffer& buffer) -{ - if (!_connected) - { - _delegate->finishWrite(buffer); - return; - } - - _delegate->finishWrite(_writeBuffer); - if (_sentBytes) - { - buffer.i += _sentBytes; - _sentBytes = 0; - } -} - -void -OpenSSL::TransceiverI::startRead(IceInternal::Buffer& buffer) -{ - if (!_connected) - { - _delegate->startRead(buffer); - return; - } - - if (_readBuffer.i == _readBuffer.b.end()) - { - assert(!buffer.b.empty() && buffer.i != buffer.b.end()); - ERR_clear_error(); // Clear any spurious errors. -# ifndef NDEBUG - int ret = -# endif - SSL_read(_ssl, reinterpret_cast(&*buffer.i), static_cast(buffer.b.end() - buffer.i)); - assert(ret <= 0 && SSL_get_error(_ssl, ret) == SSL_ERROR_WANT_READ); - - assert(BIO_ctrl_get_read_request(_memBio)); - _readBuffer.b.resize(BIO_ctrl_get_read_request(_memBio)); - _readBuffer.i = _readBuffer.b.begin(); - } - - assert(!_readBuffer.b.empty() && _readBuffer.i != _readBuffer.b.end()); - - _delegate->startRead(_readBuffer); -} - -void -OpenSSL::TransceiverI::finishRead(IceInternal::Buffer& buffer) -{ - if (!_connected) - { - _delegate->finishRead(buffer); - return; - } - - _delegate->finishRead(_readBuffer); - if (_readBuffer.i == _readBuffer.b.end()) - { - int n = BIO_write(_memBio, _readBuffer.b.begin(), static_cast(_readBuffer.b.size())); - if (n < 0) // Expected if the transceiver was closed. - { - throw SecurityException(__FILE__, __LINE__, "SSL bio write failed"); - } - - assert(n == static_cast(_readBuffer.b.size())); - ERR_clear_error(); // Clear any spurious errors. - int ret = SSL_read(_ssl, reinterpret_cast(&*buffer.i), static_cast(buffer.b.end() - buffer.i)); - if (ret <= 0) - { - switch (SSL_get_error(_ssl, ret)) - { - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_WRITE: - { - assert(false); - return; - } - case SSL_ERROR_ZERO_RETURN: - { - throw ConnectionLostException(__FILE__, __LINE__, 0); - } - case SSL_ERROR_WANT_READ: - { - return; - } - case SSL_ERROR_SYSCALL: - { - if (IceInternal::connectionLost() || IceInternal::getSocketErrno() == 0) - { - throw ConnectionLostException(__FILE__, __LINE__, IceInternal::getSocketErrno()); - } - else - { - throw SocketException(__FILE__, __LINE__, IceInternal::getSocketErrno()); - } - } - case SSL_ERROR_SSL: - { - throw ProtocolException( - __FILE__, - __LINE__, - "SSL protocol error during read:\n" + _engine->sslErrors()); - } - } - } - buffer.i += ret; - } -} -#endif - bool OpenSSL::TransceiverI::isWaitingToBeRead() const noexcept { @@ -882,7 +733,7 @@ OpenSSL::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr OpenSSL::TransceiverI::getInfo() const { - ExtendedConnectionInfoPtr info = std::make_shared(); + auto info = std::make_shared(); info->underlying = _delegate->getInfo(); info->incoming = _incoming; info->adapterName = _adapterName; diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.h b/cpp/src/IceSSL/OpenSSLTransceiverI.h index 8cc0bb07b88..9a6a97e7370 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.h +++ b/cpp/src/IceSSL/OpenSSLTransceiverI.h @@ -9,79 +9,74 @@ #include "../Ice/StreamSocket.h" #include "../Ice/Transceiver.h" #include "../Ice/WSTransceiver.h" -#include "IceSSL/Config.h" -#include "IceSSL/Plugin.h" -#include "InstanceF.h" +#include "Ice/Config.h" +#include "IceSSL/Certificate.h" #include "OpenSSLEngineF.h" -#include "Util.h" +#include "SSLInstanceF.h" +#include "SSLUtil.h" #include typedef struct ssl_st SSL; typedef struct bio_st BIO; -namespace IceSSL +namespace IceSSL::OpenSSL { - namespace OpenSSL + class TransceiverI final : public IceInternal::Transceiver { - class TransceiverI final : public IceInternal::Transceiver - { - public: - TransceiverI(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool); - ~TransceiverI(); - IceInternal::NativeInfoPtr getNativeInfo() final; + public: + TransceiverI(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool); + ~TransceiverI(); + IceInternal::NativeInfoPtr getNativeInfo() final; - IceInternal::SocketOperation initialize(IceInternal::Buffer&, IceInternal::Buffer&) final; - IceInternal::SocketOperation closing(bool, std::exception_ptr) final; - void close() final; - IceInternal::SocketOperation write(IceInternal::Buffer&) final; - IceInternal::SocketOperation read(IceInternal::Buffer&) final; + IceInternal::SocketOperation initialize(IceInternal::Buffer&, IceInternal::Buffer&) final; + IceInternal::SocketOperation closing(bool, std::exception_ptr) final; + void close() final; + IceInternal::SocketOperation write(IceInternal::Buffer&) final; + IceInternal::SocketOperation read(IceInternal::Buffer&) final; #ifdef ICE_USE_IOCP - bool startWrite(IceInternal::Buffer&) final; - void finishWrite(IceInternal::Buffer&) final; - void startRead(IceInternal::Buffer&) final; - void finishRead(IceInternal::Buffer&) final; + bool startWrite(IceInternal::Buffer&) final; + void finishWrite(IceInternal::Buffer&) final; + void startRead(IceInternal::Buffer&) final; + void finishRead(IceInternal::Buffer&) final; #endif - bool isWaitingToBeRead() const noexcept final; - std::string protocol() const final; - std::string toString() const final; - std::string toDetailedString() const final; - Ice::ConnectionInfoPtr getInfo() const final; - void checkSendSize(const IceInternal::Buffer&) final; - void setBufferSize(int rcvSize, int sndSize) final; + bool isWaitingToBeRead() const noexcept final; + std::string protocol() const final; + std::string toString() const final; + std::string toDetailedString() const final; + Ice::ConnectionInfoPtr getInfo() const final; + void checkSendSize(const IceInternal::Buffer&) final; + void setBufferSize(int rcvSize, int sndSize) final; - int verifyCallback(int, X509_STORE_CTX*); + int verifyCallback(int, X509_STORE_CTX*); - private: - bool receive(); - bool send(); + private: + bool receive(); + bool send(); - friend class IceSSL::OpenSSL::SSLEngine; + friend class IceSSL::OpenSSL::SSLEngine; - const InstancePtr _instance; - const IceSSL::OpenSSL::SSLEnginePtr _engine; - const std::string _host; - const std::string _adapterName; - const bool _incoming; - const IceInternal::TransceiverPtr _delegate; - bool _connected; - std::string _cipher; - std::vector _certs; - bool _verified; - TrustError _trustError; + const InstancePtr _instance; + const IceSSL::OpenSSL::SSLEnginePtr _engine; + const std::string _host; + const std::string _adapterName; + const bool _incoming; + const IceInternal::TransceiverPtr _delegate; + bool _connected; + std::string _cipher; + std::vector _certs; + bool _verified; + TrustError _trustError; - SSL* _ssl; - BIO* _memBio; - IceInternal::Buffer _writeBuffer; - IceInternal::Buffer _readBuffer; - int _sentBytes; - size_t _maxSendPacketSize; - size_t _maxRecvPacketSize; - }; - using TransceiverIPtr = std::shared_ptr; - - } // OpenSSL namespace end - -} // IceSSL namespace end + SSL* _ssl; + BIO* _memBio; + IceInternal::Buffer _writeBuffer; + IceInternal::Buffer _readBuffer; + int _sentBytes; + size_t _maxSendPacketSize; + size_t _maxRecvPacketSize; + }; + using TransceiverIPtr = std::shared_ptr; +} #endif diff --git a/cpp/src/IceSSL/OpenSSLUtil.cpp b/cpp/src/IceSSL/OpenSSLUtil.cpp index 66e5c752494..979c9de5d34 100644 --- a/cpp/src/IceSSL/OpenSSLUtil.cpp +++ b/cpp/src/IceSSL/OpenSSLUtil.cpp @@ -19,177 +19,6 @@ using namespace std; -namespace -{ -#ifndef OPENSSL_NO_DH - - // - // The following arrays are predefined Diffie Hellman group parameters. - // It is highly recommended that applications provide their own Diffie - // Hellman parameters. - // - - static DH* convertDH(const unsigned char* buf, int len) { return d2i_DHparams(0, &buf, len); } - - unsigned char dh512[] = {0x30, 0x46, 0x02, 0x41, 0x00, 0xa0, 0xf5, 0x3d, 0x77, 0xbd, 0x03, 0x3e, 0xa2, 0x45, 0xa6, - 0xa5, 0xe7, 0x5a, 0xfd, 0xad, 0x05, 0x1e, 0x8b, 0x07, 0x63, 0x2a, 0x6a, 0xe7, 0xab, 0x91, - 0xec, 0xaf, 0x2a, 0x48, 0x96, 0xda, 0xc5, 0x29, 0x47, 0x8e, 0xf7, 0x29, 0x0b, 0x9c, 0x1d, - 0x0e, 0x2d, 0xdb, 0x1e, 0xff, 0x92, 0x09, 0xdf, 0x9f, 0xf7, 0x28, 0xcd, 0xe3, 0x86, 0x06, - 0x78, 0x9d, 0xa6, 0xe2, 0x32, 0x43, 0x2d, 0x8d, 0xeb, 0x02, 0x01, 0x02}; - - unsigned char dh1024[] = { - 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0xc4, 0x74, 0xb0, 0x83, 0x04, 0x83, 0x17, 0x7b, 0x41, 0xb1, 0xff, - 0xe8, 0xd7, 0x3e, 0x0e, 0xa4, 0xd9, 0xdb, 0x44, 0x47, 0xc9, 0xf7, 0xe7, 0x46, 0x75, 0xcd, 0x0d, 0x05, 0x8a, - 0xde, 0x9f, 0x35, 0x67, 0xa3, 0x46, 0x95, 0xa2, 0x54, 0x59, 0xd4, 0x04, 0xeb, 0x5a, 0x30, 0x74, 0xab, 0xc2, - 0x3c, 0x6d, 0xaf, 0x62, 0x70, 0x97, 0xf2, 0x2a, 0xd3, 0xff, 0xe3, 0x93, 0xf1, 0x4c, 0x51, 0x41, 0x48, 0x5b, - 0x9e, 0x72, 0xf9, 0x2c, 0xe2, 0x3c, 0xd8, 0x44, 0x99, 0xec, 0xf6, 0x90, 0x31, 0x9f, 0xe5, 0x15, 0x86, 0xd3, - 0x96, 0x87, 0x96, 0x1e, 0x16, 0xc1, 0x71, 0xd1, 0x31, 0xa0, 0x3a, 0xcb, 0xf0, 0xab, 0xe5, 0x8b, 0x81, 0x93, - 0x98, 0x6d, 0xfc, 0x4e, 0x38, 0x68, 0xf5, 0x2c, 0x90, 0x13, 0x80, 0xa4, 0x23, 0xe1, 0x6b, 0xb9, 0x02, 0x7e, - 0x77, 0x45, 0x24, 0xdf, 0x89, 0x81, 0xb3, 0xae, 0x1b, 0x02, 0x01, 0x02}; - - unsigned char dh2048[] = { - 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0x81, 0x36, 0x57, 0x4d, 0x5b, 0xbe, 0xe6, 0x70, 0x6d, - 0xd7, 0x1f, 0x69, 0x85, 0x29, 0x4a, 0x3c, 0xe2, 0x60, 0x73, 0x61, 0x82, 0x57, 0xd0, 0xd0, 0x13, 0x93, 0xf4, - 0xeb, 0x29, 0x9c, 0xfb, 0x35, 0x55, 0x39, 0x47, 0x8d, 0x26, 0xa7, 0x6b, 0x2c, 0x40, 0xc1, 0xd0, 0x69, 0xf6, - 0xc0, 0x0e, 0x0e, 0x5c, 0x6e, 0xae, 0xab, 0x40, 0x4d, 0xdf, 0x3a, 0xfb, 0x21, 0x47, 0x04, 0xbb, 0x10, 0x40, - 0x51, 0xaf, 0x7d, 0x6a, 0xc7, 0x1d, 0x1f, 0x0d, 0xbd, 0x34, 0xa7, 0x48, 0xff, 0x9e, 0xc2, 0x70, 0x3a, 0x00, - 0x68, 0x0f, 0x61, 0xd8, 0x80, 0xeb, 0x73, 0x4b, 0xe3, 0x02, 0x9b, 0xbb, 0x9c, 0x29, 0x23, 0x44, 0xb2, 0xaa, - 0x73, 0xea, 0x56, 0xee, 0x46, 0xa3, 0x70, 0xe1, 0xd6, 0x8b, 0x6c, 0x5f, 0xe1, 0xce, 0x57, 0x21, 0xe3, 0xd3, - 0x35, 0x3d, 0xa9, 0xe1, 0x89, 0x64, 0x52, 0x02, 0xbb, 0x44, 0x52, 0x04, 0xba, 0x22, 0x70, 0x56, 0x52, 0x6b, - 0x95, 0x85, 0xa8, 0x3e, 0x21, 0x6a, 0xbf, 0x5b, 0x22, 0x1c, 0x6c, 0x49, 0xbb, 0xf5, 0x97, 0x38, 0x33, 0xef, - 0x7e, 0xf8, 0x37, 0x73, 0xd8, 0x4a, 0xd5, 0xfe, 0xfd, 0xb7, 0x12, 0x62, 0xe1, 0xa9, 0xdd, 0x98, 0xc0, 0xa0, - 0x0f, 0xf8, 0x52, 0x7a, 0xfe, 0x50, 0xd5, 0xa6, 0x18, 0xf1, 0x93, 0x90, 0xa4, 0x4d, 0x48, 0x65, 0xac, 0x93, - 0xbf, 0xeb, 0xaa, 0xbf, 0x46, 0xa2, 0x2f, 0xc6, 0xe7, 0xef, 0x0d, 0xec, 0x07, 0x39, 0x71, 0x98, 0xc7, 0xe3, - 0x24, 0xac, 0x81, 0x0f, 0xe2, 0x9a, 0xaf, 0x7e, 0x51, 0x54, 0x15, 0x09, 0xed, 0x47, 0x64, 0xfe, 0x0b, 0xaf, - 0x9a, 0x5f, 0x36, 0xa2, 0x0c, 0x36, 0x2b, 0x59, 0x58, 0x88, 0xa2, 0xf6, 0xa0, 0x5c, 0x4a, 0x9f, 0x58, 0xf2, - 0x51, 0x47, 0x39, 0xdd, 0xc8, 0xd1, 0x77, 0xd3, 0x5f, 0x3f, 0x73, 0x1b, 0xa3, 0x02, 0x01, 0x02}; - - unsigned char dh4096[] = { - 0x30, 0x82, 0x02, 0x08, 0x02, 0x82, 0x02, 0x01, 0x00, 0x9e, 0x50, 0x2b, 0x53, 0x42, 0x4d, 0x05, 0xa8, 0xbf, - 0xd0, 0x22, 0x4d, 0xd3, 0xb1, 0x54, 0x01, 0x0e, 0xab, 0xe6, 0x6e, 0x65, 0xf4, 0xb2, 0x1f, 0x95, 0x6a, 0xc9, - 0xe7, 0xf5, 0x9c, 0x14, 0xe9, 0x43, 0xa3, 0x96, 0x5f, 0x2e, 0x3a, 0x5e, 0x85, 0x4d, 0x2a, 0xaa, 0xe3, 0xf9, - 0x4a, 0x46, 0x14, 0xab, 0xc6, 0x6e, 0x15, 0x6b, 0x63, 0x1d, 0xed, 0x34, 0x73, 0x54, 0xf3, 0xa6, 0x79, 0xcb, - 0xb8, 0x67, 0x9e, 0xf8, 0xb2, 0x9a, 0x27, 0x6e, 0x61, 0x51, 0xaf, 0x37, 0xf4, 0x67, 0xad, 0x14, 0x79, 0x53, - 0x62, 0x0c, 0xf4, 0x26, 0x14, 0x92, 0xf8, 0x30, 0x32, 0xe2, 0x36, 0x85, 0x4e, 0x80, 0x49, 0xc2, 0x95, 0x4f, - 0x92, 0x18, 0x04, 0x8c, 0x20, 0xa3, 0xf0, 0x3a, 0x04, 0xc5, 0x6c, 0xf0, 0xc7, 0xd4, 0xb8, 0xd9, 0xaf, 0xeb, - 0x46, 0xe2, 0x1d, 0xbc, 0xf7, 0xa5, 0x49, 0xf6, 0xa0, 0x33, 0xf9, 0x0d, 0x6a, 0xcc, 0x4d, 0xec, 0xee, 0xc6, - 0xd5, 0xd7, 0xf3, 0x97, 0x05, 0x8c, 0x56, 0x65, 0xfa, 0x73, 0xae, 0x47, 0x02, 0xcd, 0x89, 0xc1, 0xef, 0xe4, - 0x15, 0x61, 0x6e, 0x8e, 0x49, 0xfa, 0x5f, 0xa4, 0x3c, 0x07, 0x06, 0xb8, 0x5f, 0x16, 0xa5, 0x99, 0xa7, 0x0e, - 0xa2, 0xb1, 0x6a, 0xa6, 0x57, 0x96, 0x52, 0xe2, 0x23, 0x4b, 0x06, 0xb5, 0xe1, 0x8c, 0x98, 0x4f, 0x19, 0xb4, - 0x2b, 0x48, 0xdf, 0xb8, 0xb0, 0xcd, 0xa2, 0x13, 0xba, 0xc7, 0xbf, 0x79, 0xf3, 0x5e, 0xe0, 0x49, 0xb8, 0x8e, - 0x28, 0x4b, 0x10, 0xd9, 0x6c, 0x87, 0x84, 0xf8, 0xde, 0x70, 0x47, 0x82, 0x61, 0x0c, 0x1c, 0xb0, 0xf8, 0x55, - 0xde, 0xd4, 0xb8, 0xe8, 0x96, 0xa9, 0x2c, 0x0d, 0xcd, 0x29, 0x19, 0x4e, 0x15, 0x4a, 0xaa, 0xa0, 0x58, 0xfb, - 0xd6, 0x20, 0xbd, 0x24, 0x52, 0x2c, 0x3f, 0x18, 0xab, 0x9d, 0x39, 0x21, 0xf5, 0x4c, 0xa5, 0x47, 0x72, 0x10, - 0xce, 0x7b, 0x27, 0x94, 0x0f, 0x58, 0xe7, 0x3a, 0x2c, 0x8a, 0xf0, 0x8c, 0x1e, 0x56, 0xdc, 0x36, 0xa7, 0x40, - 0x17, 0xab, 0x8e, 0x8c, 0x34, 0xe2, 0x5d, 0xb2, 0xde, 0x95, 0x5e, 0x90, 0x03, 0x1c, 0xc8, 0x12, 0x0a, 0x83, - 0x25, 0x25, 0x8b, 0xdd, 0x49, 0x3a, 0x6b, 0x57, 0x12, 0x54, 0xe1, 0x3c, 0xe8, 0x7e, 0x23, 0x8c, 0x4c, 0x5f, - 0x2d, 0x4c, 0xe8, 0x6e, 0x31, 0x8f, 0x9d, 0xb8, 0x2e, 0x30, 0xf4, 0x7f, 0x8a, 0x1f, 0xc9, 0x1d, 0x12, 0xe0, - 0x86, 0x5d, 0x6c, 0x3d, 0xcf, 0x35, 0x30, 0x2f, 0xcb, 0xac, 0x86, 0xaf, 0x5c, 0x00, 0x72, 0xac, 0x88, 0xe8, - 0x52, 0x9a, 0x0b, 0x93, 0xe7, 0x66, 0xae, 0x6e, 0x49, 0x82, 0x2c, 0x92, 0x18, 0x9c, 0x91, 0x86, 0x4f, 0xc9, - 0x3c, 0x23, 0x2e, 0xff, 0xff, 0xe5, 0xec, 0x1a, 0x8f, 0x9a, 0x54, 0x5b, 0x42, 0xb4, 0x1e, 0x63, 0x63, 0xed, - 0x99, 0x5c, 0x51, 0xe2, 0x02, 0xed, 0x18, 0x81, 0x25, 0xc6, 0xc6, 0xaf, 0x62, 0xf6, 0x09, 0x9b, 0xd4, 0x36, - 0x34, 0x42, 0x0d, 0x11, 0xe9, 0x95, 0x31, 0x0c, 0x71, 0x43, 0xd8, 0x24, 0xf2, 0xe2, 0x1e, 0x17, 0xc1, 0xae, - 0x06, 0x13, 0x1d, 0xde, 0xbf, 0xe6, 0x62, 0x1a, 0xc2, 0x0f, 0x2d, 0xf5, 0x5c, 0xf3, 0x09, 0x62, 0x6f, 0x64, - 0x3b, 0xad, 0x33, 0xce, 0xd3, 0xbd, 0x4c, 0x2c, 0x44, 0x1e, 0x16, 0x06, 0x1e, 0xdb, 0x01, 0xa1, 0xd7, 0x82, - 0x83, 0xa3, 0x39, 0x0b, 0xc7, 0x61, 0x6c, 0xa6, 0x23, 0xfb, 0x40, 0xa0, 0x3b, 0xdf, 0x35, 0xab, 0x4f, 0xed, - 0x04, 0x16, 0x42, 0x6c, 0x8f, 0x5b, 0x9a, 0xcd, 0x07, 0x03, 0xca, 0x35, 0x42, 0x58, 0xef, 0xca, 0xcd, 0x6d, - 0x8b, 0xd9, 0x96, 0x43, 0xa2, 0x13, 0x18, 0xc1, 0x21, 0x50, 0xc2, 0xf5, 0xab, 0x6b, 0xdc, 0xf4, 0x5b, 0x02, - 0x01, 0x02}; -} - -IceSSL::OpenSSL::DHParams::DHParams() : _dh512(0), _dh1024(0), _dh2048(0), _dh4096(0) {} - -IceSSL::OpenSSL::DHParams::~DHParams() -{ - for (ParamList::iterator p = _params.begin(); p != _params.end(); ++p) - { - DH_free(p->second); - } - DH_free(_dh512); - DH_free(_dh1024); - DH_free(_dh2048); - DH_free(_dh4096); -} - -bool -IceSSL::OpenSSL::DHParams::add(int keyLength, const string& file) -{ - BIO* bio = BIO_new(BIO_s_file()); - if (BIO_read_filename(bio, file.c_str()) <= 0) - { - BIO_free(bio); - return false; - } - DH* dh = PEM_read_bio_DHparams(bio, 0, 0, 0); - BIO_free(bio); - if (!dh) - { - return false; - } - ParamList::iterator p = _params.begin(); - while (p != _params.end() && keyLength > p->first) - { - ++p; - } - _params.insert(p, KeyParamPair(keyLength, dh)); - return true; -} - -DH* -IceSSL::OpenSSL::DHParams::get(int keyLength) -{ - // - // First check the set of parameters specified by the user. - // Return the first set whose key length is at least keyLength. - // - for (ParamList::iterator p = _params.begin(); p != _params.end(); ++p) - { - if (p->first >= keyLength) - { - return p->second; - } - } - - // - // No match found. Use one of the predefined parameter sets instead. - // - lock_guard lock(_mutex); - if (keyLength >= 4096) - { - if (!_dh4096) - { - _dh4096 = convertDH(dh4096, (int)sizeof(dh4096)); - } - return _dh4096; - } - else if (keyLength >= 2048) - { - if (!_dh2048) - { - _dh2048 = convertDH(dh2048, (int)sizeof(dh2048)); - } - return _dh2048; - } - else if (keyLength >= 1024) - { - if (!_dh1024) - { - _dh1024 = convertDH(dh1024, (int)sizeof(dh1024)); - } - return _dh1024; - } - else - { - if (!_dh512) - { - _dh512 = convertDH(dh512, (int)sizeof(dh512)); - } - return _dh512; - } -} - -#endif - string IceSSL::OpenSSL::getSslErrors(bool verbose) { diff --git a/cpp/src/IceSSL/OpenSSLUtil.h b/cpp/src/IceSSL/OpenSSLUtil.h index 282a44e68fb..e0f1f73af84 100644 --- a/cpp/src/IceSSL/OpenSSLUtil.h +++ b/cpp/src/IceSSL/OpenSSLUtil.h @@ -7,48 +7,12 @@ #include -#include -#include -#include #include -namespace IceSSL +namespace IceSSL::OpenSSL { - namespace OpenSSL - { -#ifndef OPENSSL_NO_DH - - class DHParams - { - public: - DHParams(); - ~DHParams(); - - bool add(int, const std::string&); - DH* get(int); - - private: - typedef std::pair KeyParamPair; - typedef std::list ParamList; - ParamList _params; - std::mutex _mutex; - - DH* _dh512; - DH* _dh1024; - DH* _dh2048; - DH* _dh4096; - }; - using DHParamsPtr = std::shared_ptr; - -#endif - - // - // Accumulate the OpenSSL error stack into a string. - // - std::string getSslErrors(bool); - - } // OpenSSL namespace end - -} // IceSSL namespace end + // Accumulate the OpenSSL error stack into a string. + std::string getSslErrors(bool); +} #endif diff --git a/cpp/src/IceSSL/PluginI.cpp b/cpp/src/IceSSL/PluginI.cpp index 813278f3973..89742ba8388 100644 --- a/cpp/src/IceSSL/PluginI.cpp +++ b/cpp/src/IceSSL/PluginI.cpp @@ -2,77 +2,19 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "PluginI.h" -#include "EndpointI.h" -#include "Instance.h" -#include "SSLEngine.h" - #include "../Ice/ProtocolInstance.h" #include "../Ice/ProtocolPluginFacade.h" #include "Ice/LocalException.h" #include "Ice/RegisterPlugins.h" +#include "IceSSL/Certificate.h" +#include "SSLEndpointI.h" +#include "SSLEngine.h" +#include "SSLInstance.h" using namespace std; using namespace Ice; using namespace IceSSL; -IceSSL::Plugin::~Plugin() -{ - // Out of line to avoid weak vtable -} - -// -// Plugin implementation. -// -PluginI::PluginI(const Ice::CommunicatorPtr& com, const SSLEnginePtr& engine) : _engine(engine) -{ - // - // Register the endpoint factory. We have to do this now, rather - // than in initialize, because the communicator may need to - // interpret proxies before the plug-in is fully initialized. - // - InstancePtr instance = make_shared(_engine, SSLEndpointType, "ssl"); // SSL based on TCP - IceInternal::getProtocolPluginFacade(com)->addEndpointFactory( - make_shared(instance, TCPEndpointType)); -} - -void -PluginI::initialize() -{ - _engine->initialize(); -} - -void -PluginI::destroy() -{ - _engine->destroy(); - _engine = 0; -} - -extern "C" -{ - ICESSL_API Ice::Plugin* createIceSSL(const CommunicatorPtr&, const string&, const StringSeq&); -} - -namespace Ice -{ - ICESSL_API void registerIceSSL(bool loadOnInitialize) - { - Ice::registerPluginFactory("IceSSL", createIceSSL, loadOnInitialize); - } -} - -IceSSL::TrustError -IceSSL::getTrustError(const IceSSL::ConnectionInfoPtr& info) -{ - auto extendedInfo = dynamic_pointer_cast(info); - if (extendedInfo) - { - return extendedInfo->errorCode; - } - return info->verified ? IceSSL::TrustError::NoError : IceSSL::TrustError::UnknownTrustFailure; -} - std::string IceSSL::getTrustErrorDescription(TrustError error) { @@ -168,10 +110,3 @@ IceSSL::getTrustErrorDescription(TrustError error) assert(false); return "unknown failure"; } - -std::string -IceSSL::getHost(const IceSSL::ConnectionInfoPtr& info) -{ - auto extendedInfo = dynamic_pointer_cast(info); - return extendedInfo ? extendedInfo->host : ""; -} diff --git a/cpp/src/IceSSL/PluginI.h b/cpp/src/IceSSL/PluginI.h deleted file mode 100644 index 7696d1b1dde..00000000000 --- a/cpp/src/IceSSL/PluginI.h +++ /dev/null @@ -1,51 +0,0 @@ -// -// Copyright (c) ZeroC, Inc. All rights reserved. -// - -#ifndef ICESSL_PLUGIN_I_H -#define ICESSL_PLUGIN_I_H - -#include "Ice/CommunicatorF.h" -#include "IceSSL/ConnectionInfo.h" -#include "IceSSL/Plugin.h" -#include "SSLEngineF.h" - -namespace IceSSL -{ - class ExtendedConnectionInfo : public ConnectionInfo - { - public: - TrustError errorCode; - std::string host; - }; - using ExtendedConnectionInfoPtr = std::shared_ptr; - - // TODO: This class provides new certificate virtual methods that canot be added directly to the certificate class - // without breaking binary compatibility. The class can be removed once the relevant methods can be marked as - // virtual in the certificate class in the next major release (3.8.x). - class ICESSL_API CertificateExtendedInfo - { - public: - virtual unsigned int getKeyUsage() const = 0; - virtual unsigned int getExtendedKeyUsage() const = 0; - }; - - class ICESSL_API PluginI : public virtual IceSSL::Plugin - { - public: - PluginI(const Ice::CommunicatorPtr&, const IceSSL::SSLEnginePtr&); - // - // From Ice::Plugin. - // - virtual void initialize(); - virtual void destroy(); - - virtual CertificatePtr load(const std::string&) const = 0; - virtual CertificatePtr decode(const std::string&) const = 0; - - protected: - SSLEnginePtr _engine; - }; -} - -#endif diff --git a/cpp/src/IceSSL/RFC2253.cpp b/cpp/src/IceSSL/RFC2253.cpp index bfd234117c8..88c9021a949 100644 --- a/cpp/src/IceSSL/RFC2253.cpp +++ b/cpp/src/IceSSL/RFC2253.cpp @@ -2,11 +2,13 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // +#include "RFC2253.h" +#include "IceSSL/Certificate.h" #include "IceUtil/StringUtil.h" -#include "Ice/Object.h" -#include "IceSSL/Plugin.h" -#include "RFC2253.h" +#include +#include +#include using namespace std; using namespace IceSSL; diff --git a/cpp/src/IceSSL/RFC2253.h b/cpp/src/IceSSL/RFC2253.h index 97a14ad5ef4..4c54729e8f6 100644 --- a/cpp/src/IceSSL/RFC2253.h +++ b/cpp/src/IceSSL/RFC2253.h @@ -5,9 +5,10 @@ #ifndef ICESSL_RFC_2253_H #define ICESSL_RFC_2253_H -#include "IceSSL/Config.h" +#include "Ice/Config.h" #include +#include // // The methods in the IceSSL::RFC2253 namespace implement a parser @@ -22,41 +23,38 @@ // results in the pair ("O","Sue\, Grabit and Runn") and not // ("O","Sue, Grabit and Runn"). // -namespace IceSSL +namespace IceSSL::RFC2253 { - namespace RFC2253 + typedef std::list> RDNSeq; + + struct ICE_API RDNEntry { - typedef std::list> RDNSeq; - - struct ICESSL_API RDNEntry - { - RDNSeq rdn; - bool negate; - }; - typedef std::list RDNEntrySeq; - - // - // This function separates DNs with the ';' character. A list of RDN - // pairs may optionally be prefixed with '!' to indicate a negation. - // The function returns a list of RDNEntry structures. Any failure in - // parsing results in a ParseException being thrown. - // - ICESSL_API RDNEntrySeq parse(const std::string&); - - // - // RDNs are separated with ',' and ';'. - // - // This function returns a list of RDN pairs. Any failure in parsing - // results in a ParseException being thrown. - // - ICESSL_API RDNSeq parseStrict(const std::string&); - - // - // Unescape the string. - // - ICESSL_API std::string unescape(const std::string&); - - } + RDNSeq rdn; + bool negate; + }; + typedef std::list RDNEntrySeq; + + // + // This function separates DNs with the ';' character. A list of RDN + // pairs may optionally be prefixed with '!' to indicate a negation. + // The function returns a list of RDNEntry structures. Any failure in + // parsing results in a ParseException being thrown. + // + ICE_API RDNEntrySeq parse(const std::string&); + + // + // RDNs are separated with ',' and ';'. + // + // This function returns a list of RDN pairs. Any failure in parsing + // results in a ParseException being thrown. + // + ICE_API RDNSeq parseStrict(const std::string&); + + // + // Unescape the string. + // + ICE_API std::string unescape(const std::string&); + } #endif diff --git a/cpp/src/IceSSL/SChannelCertificateI.cpp b/cpp/src/IceSSL/SChannelCertificateI.cpp index 8b4e7a92797..b183cbe6dab 100644 --- a/cpp/src/IceSSL/SChannelCertificateI.cpp +++ b/cpp/src/IceSSL/SChannelCertificateI.cpp @@ -5,9 +5,9 @@ #include "../Ice/StringUtil.h" #include "CertificateI.h" #include "Ice/StringConverter.h" +#include "IceSSL/Certificate.h" #include "IceSSL/SChannel.h" -#include "PluginI.h" -#include "Util.h" +#include "SSLUtil.h" #include @@ -48,9 +48,7 @@ namespace CertInfoHolderPtr _certInfo; // Keep a reference on the CERT_INFO struct that holds the extension }; - class SChannelCertificateI : public SChannel::Certificate, - public CertificateI, - public IceSSL::CertificateExtendedInfo + class SChannelCertificateI : public SChannel::Certificate, public CertificateI { public: SChannelCertificateI(CERT_SIGNED_CONTENT_INFO*); @@ -721,3 +719,15 @@ SChannel::Certificate::decode(const std::string& encoding) loadCertificate(&cert, encoding.c_str(), static_cast(encoding.size())); return make_shared(cert); } + +IceSSL::CertificatePtr +IceSSL::Certificate::load(const std::string& file) +{ + return IceSSL::SChannel::Certificate::load(file); +} + +IceSSL::CertificatePtr +IceSSL::Certificate::decode(const std::string& encoding) +{ + return IceSSL::SChannel::Certificate::decode(encoding); +} diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/IceSSL/SChannelEngine.cpp index 1b003af3f6f..c7ec0514f6a 100644 --- a/cpp/src/IceSSL/SChannelEngine.cpp +++ b/cpp/src/IceSSL/SChannelEngine.cpp @@ -3,21 +3,19 @@ // #include "SChannelEngine.h" -#include "IceSSL/Plugin.h" -#include "SChannelTransceiverI.h" -#include "Util.h" - #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/StringConverter.h" - #include "Ice/UUID.h" #include "IceUtil/FileUtil.h" #include "IceUtil/StringUtil.h" +#include "SChannelTransceiverI.h" +#include "SSLUtil.h" #include +#include #include // @@ -540,8 +538,8 @@ namespace } } -SChannel::SSLEngine::SSLEngine(const CommunicatorPtr& communicator) - : IceSSL::SSLEngine(communicator), +SChannel::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) + : IceSSL::SSLEngine(instance), _rootStore(0), _chainEngine(0), _strongCrypto(false) @@ -558,20 +556,10 @@ SChannel::SSLEngine::initialize() // lock_guard globalLock(globalMutex); - // - // We still have to acquire the instance mutex because it is used by the base - // class to access _initialized data member. - // - lock_guard lock(_mutex); - if (_initialized) - { - return; - } - IceSSL::SSLEngine::initialize(); const string prefix = "IceSSL."; - const PropertiesPtr properties = communicator()->getProperties(); + const PropertiesPtr properties = getProperties(); const_cast(_strongCrypto) = properties->getPropertyAsIntWithDefault(prefix + "SchannelStrongCrypto", 0) > 0; @@ -1018,7 +1006,6 @@ SChannel::SSLEngine::initialize() } _allCerts.insert(_allCerts.end(), certs.begin(), certs.end()); } - _initialized = true; } string diff --git a/cpp/src/IceSSL/SChannelEngine.h b/cpp/src/IceSSL/SChannelEngine.h index 931a69cf7b4..5ff28a01fa7 100644 --- a/cpp/src/IceSSL/SChannelEngine.h +++ b/cpp/src/IceSSL/SChannelEngine.h @@ -7,9 +7,13 @@ #ifdef _WIN32 +# include "Ice/InstanceF.h" # include "SChannelEngineF.h" # include "SSLEngine.h" +# include +# include + // // SECURITY_WIN32 or SECURITY_KERNEL, must be defined before including security.h // indicating who is compiling the code. @@ -26,50 +30,46 @@ # include # undef SECURITY_WIN32 -namespace IceSSL +namespace IceSSL::SChannel { - namespace SChannel + class SSLEngine final : public IceSSL::SSLEngine { - class SSLEngine final : public IceSSL::SSLEngine - { - public: - SSLEngine(const Ice::CommunicatorPtr&); - - // - // Setup the engine. - // - void initialize() final; + public: + SSLEngine(const IceInternal::InstancePtr&); - IceInternal::TransceiverPtr - createTransceiver(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool) final; + // + // Setup the engine. + // + void initialize() final; - // - // Destroy the engine. - // - void destroy() final; + IceInternal::TransceiverPtr + createTransceiver(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool) final; - std::string getCipherName(ALG_ID) const; + // + // Destroy the engine. + // + void destroy() final; - CredHandle newCredentialsHandle(bool); + std::string getCipherName(ALG_ID) const; - HCERTCHAINENGINE chainEngine() const; + CredHandle newCredentialsHandle(bool); - private: - void parseCiphers(const std::string&); + HCERTCHAINENGINE chainEngine() const; - std::vector _allCerts; - std::vector _importedCerts; + private: + void parseCiphers(const std::string&); - std::vector _stores; - HCERTSTORE _rootStore; + std::vector _allCerts; + std::vector _importedCerts; - HCERTCHAINENGINE _chainEngine; - std::vector _ciphers; + std::vector _stores; + HCERTSTORE _rootStore; - const bool _strongCrypto; - }; + HCERTCHAINENGINE _chainEngine; + std::vector _ciphers; - } + const bool _strongCrypto; + }; } #endif diff --git a/cpp/src/IceSSL/SChannelEngineF.h b/cpp/src/IceSSL/SChannelEngineF.h index 15e405a7d1b..713a414f029 100644 --- a/cpp/src/IceSSL/SChannelEngineF.h +++ b/cpp/src/IceSSL/SChannelEngineF.h @@ -11,14 +11,10 @@ # include -namespace IceSSL +namespace IceSSL::SChannel { - namespace SChannel - { - class SSLEngine; - using SSLEnginePtr = std::shared_ptr; - - } + class SSLEngine; + using SSLEnginePtr = std::shared_ptr; } #endif diff --git a/cpp/src/IceSSL/SChannelPluginI.cpp b/cpp/src/IceSSL/SChannelPluginI.cpp deleted file mode 100644 index 7db4db183a9..00000000000 --- a/cpp/src/IceSSL/SChannelPluginI.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// Copyright (c) ZeroC, Inc. All rights reserved. -// - -#include "PluginI.h" -#include "SChannelEngine.h" - -#include "Ice/Initialize.h" - -using namespace std; - -namespace -{ - class PluginI : public IceSSL::PluginI - { - public: - PluginI(const Ice::CommunicatorPtr&); - - virtual IceSSL::CertificatePtr create(CERT_SIGNED_CONTENT_INFO*) const; - virtual IceSSL::CertificatePtr load(const std::string&) const; - virtual IceSSL::CertificatePtr decode(const std::string&) const; - }; - -} - -PluginI::PluginI(const Ice::CommunicatorPtr& com) : IceSSL::PluginI(com, make_shared(com)) -{ -} - -IceSSL::CertificatePtr -PluginI::create(CERT_SIGNED_CONTENT_INFO* cert) const -{ - return IceSSL::SChannel::Certificate::create(cert); -} - -IceSSL::CertificatePtr -PluginI::load(const std::string& file) const -{ - return IceSSL::SChannel::Certificate::load(file); -} - -IceSSL::CertificatePtr -PluginI::decode(const std::string& encoding) const -{ - return IceSSL::SChannel::Certificate::load(encoding); -} - -// -// Plug-in factory function. -// -extern "C" ICESSL_API Ice::Plugin* -createIceSSL(const Ice::CommunicatorPtr& communicator, const string& /*name*/, const Ice::StringSeq& /*args*/) -{ - return new PluginI(communicator); -} - -IceSSL::CertificatePtr -IceSSL::Certificate::load(const std::string& file) -{ - return IceSSL::SChannel::Certificate::load(file); -} - -IceSSL::CertificatePtr -IceSSL::Certificate::decode(const std::string& encoding) -{ - return IceSSL::SChannel::Certificate::decode(encoding); -} diff --git a/cpp/src/IceSSL/SChannelTransceiverI.cpp b/cpp/src/IceSSL/SChannelTransceiverI.cpp index d4f2c907b32..d48d8f6a1da 100644 --- a/cpp/src/IceSSL/SChannelTransceiverI.cpp +++ b/cpp/src/IceSSL/SChannelTransceiverI.cpp @@ -3,18 +3,15 @@ // #include "SChannelTransceiverI.h" - -#include "IceUtil/StringUtil.h" - #include "Ice/Buffer.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/LoggerUtil.h" #include "IceSSL/ConnectionInfo.h" -#include "Instance.h" -#include "PluginI.h" +#include "IceUtil/StringUtil.h" #include "SChannelEngine.h" -#include "Util.h" +#include "SSLInstance.h" +#include "SSLUtil.h" using namespace std; using namespace Ice; @@ -906,7 +903,7 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal: { _trustError = IceSSL::TrustError::HostNameMismatch; _verified = false; - dynamic_pointer_cast(info)->errorCode = IceSSL::TrustError::HostNameMismatch; + info->errorCode = IceSSL::TrustError::HostNameMismatch; info->verified = false; if (_engine->getVerifyPeer() > 0) { @@ -1163,7 +1160,7 @@ SChannel::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr SChannel::TransceiverI::getInfo() const { - ExtendedConnectionInfoPtr info = std::make_shared(); + auto info = std::make_shared(); info->underlying = _delegate->getInfo(); info->incoming = _incoming; info->adapterName = _adapterName; diff --git a/cpp/src/IceSSL/SChannelTransceiverI.h b/cpp/src/IceSSL/SChannelTransceiverI.h index e37d1acacb1..677ca0ed355 100644 --- a/cpp/src/IceSSL/SChannelTransceiverI.h +++ b/cpp/src/IceSSL/SChannelTransceiverI.h @@ -12,10 +12,9 @@ # include "../Ice/Transceiver.h" # include "../Ice/WSTransceiver.h" # include "Ice/Buffer.h" -# include "IceSSL/Config.h" -# include "IceSSL/Plugin.h" -# include "InstanceF.h" +# include "Ice/Config.h" # include "SChannelEngineF.h" +# include "SSLInstanceF.h" # ifdef SECURITY_WIN32 # undef SECURITY_WIN32 @@ -31,96 +30,91 @@ # include # undef SECURITY_WIN32 -namespace IceSSL +namespace IceSSL::SChannel { - namespace SChannel + class TransceiverI final : public IceInternal::Transceiver { - class TransceiverI final : public IceInternal::Transceiver - { - public: - TransceiverI(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool); - ~TransceiverI(); - IceInternal::NativeInfoPtr getNativeInfo() final; - - IceInternal::SocketOperation initialize(IceInternal::Buffer&, IceInternal::Buffer&) final; - IceInternal::SocketOperation closing(bool, std::exception_ptr) final; - void close(); - IceInternal::SocketOperation write(IceInternal::Buffer&) final; - IceInternal::SocketOperation read(IceInternal::Buffer&) final; + public: + TransceiverI(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool); + ~TransceiverI(); + IceInternal::NativeInfoPtr getNativeInfo() final; + + IceInternal::SocketOperation initialize(IceInternal::Buffer&, IceInternal::Buffer&) final; + IceInternal::SocketOperation closing(bool, std::exception_ptr) final; + void close(); + IceInternal::SocketOperation write(IceInternal::Buffer&) final; + IceInternal::SocketOperation read(IceInternal::Buffer&) final; # ifdef ICE_USE_IOCP - bool startWrite(IceInternal::Buffer&) final; - void finishWrite(IceInternal::Buffer&) final; - void startRead(IceInternal::Buffer&) final; - void finishRead(IceInternal::Buffer&) final; + bool startWrite(IceInternal::Buffer&) final; + void finishWrite(IceInternal::Buffer&) final; + void startRead(IceInternal::Buffer&) final; + void finishRead(IceInternal::Buffer&) final; # endif - bool isWaitingToBeRead() const noexcept final; - std::string protocol() const final; - std::string toString() const final; - std::string toDetailedString() const final; - Ice::ConnectionInfoPtr getInfo() const final; - void checkSendSize(const IceInternal::Buffer&) final; - void setBufferSize(int rcvSize, int sndSize) final; - - private: - IceInternal::SocketOperation sslHandshake(); - - size_t decryptMessage(IceInternal::Buffer&); - size_t encryptMessage(IceInternal::Buffer&); - - bool writeRaw(IceInternal::Buffer&); - bool readRaw(IceInternal::Buffer&); - - enum State - { - StateNotInitialized, - StateHandshakeNotStarted, - StateHandshakeReadContinue, - StateHandshakeWriteContinue, - StateHandshakeWriteNoContinue, - StateHandshakeComplete - }; - - const InstancePtr _instance; - const IceSSL::SChannel::SSLEnginePtr _engine; - const std::string _host; - const std::string _adapterName; - const bool _incoming; - const IceInternal::TransceiverPtr _delegate; - State _state; - DWORD _ctxFlags; - - // - // Buffered encrypted data that has not been written. - // - IceInternal::Buffer _writeBuffer; - size_t _bufferedW; - - // - // Buffered data that has not been decrypted. - // - IceInternal::Buffer _readBuffer; - - // - // Buffered data that was decrypted but not yet processed. - // - IceInternal::Buffer _readUnprocessed; - - CtxtHandle _ssl; - bool _sslInitialized; - CredHandle _credentials; - bool _credentialsInitialized; - SecPkgContext_StreamSizes _sizes; - std::string _cipher; - std::vector _certs; - bool _verified; - TrustError _trustError; - }; - using TransceiverIPtr = std::shared_ptr; + bool isWaitingToBeRead() const noexcept final; + std::string protocol() const final; + std::string toString() const final; + std::string toDetailedString() const final; + Ice::ConnectionInfoPtr getInfo() const final; + void checkSendSize(const IceInternal::Buffer&) final; + void setBufferSize(int rcvSize, int sndSize) final; + + private: + IceInternal::SocketOperation sslHandshake(); - } // SChannel namespace end + size_t decryptMessage(IceInternal::Buffer&); + size_t encryptMessage(IceInternal::Buffer&); -} // IceSSL namespace end + bool writeRaw(IceInternal::Buffer&); + bool readRaw(IceInternal::Buffer&); + + enum State + { + StateNotInitialized, + StateHandshakeNotStarted, + StateHandshakeReadContinue, + StateHandshakeWriteContinue, + StateHandshakeWriteNoContinue, + StateHandshakeComplete + }; + const InstancePtr _instance; + const IceSSL::SChannel::SSLEnginePtr _engine; + const std::string _host; + const std::string _adapterName; + const bool _incoming; + const IceInternal::TransceiverPtr _delegate; + State _state; + DWORD _ctxFlags; + + // + // Buffered encrypted data that has not been written. + // + IceInternal::Buffer _writeBuffer; + size_t _bufferedW; + + // + // Buffered data that has not been decrypted. + // + IceInternal::Buffer _readBuffer; + + // + // Buffered data that was decrypted but not yet processed. + // + IceInternal::Buffer _readUnprocessed; + + CtxtHandle _ssl; + bool _sslInitialized; + CredHandle _credentials; + bool _credentialsInitialized; + SecPkgContext_StreamSizes _sizes; + std::string _cipher; + std::vector _certs; + bool _verified; + TrustError _trustError; + }; + using TransceiverIPtr = std::shared_ptr; + +} #endif #endif diff --git a/cpp/src/IceSSL/AcceptorI.cpp b/cpp/src/IceSSL/SSLAcceptorI.cpp similarity index 84% rename from cpp/src/IceSSL/AcceptorI.cpp rename to cpp/src/IceSSL/SSLAcceptorI.cpp index 4f33e2a7bd6..6cad6a91fa2 100644 --- a/cpp/src/IceSSL/AcceptorI.cpp +++ b/cpp/src/IceSSL/SSLAcceptorI.cpp @@ -2,12 +2,12 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "AcceptorI.h" -#include "EndpointI.h" -#include "Instance.h" +#include "SSLAcceptorI.h" +#include "SSLEndpointI.h" #include "SSLEngine.h" +#include "SSLInstance.h" -#include "Util.h" +#include "SSLUtil.h" #include "Ice/LocalException.h" @@ -59,14 +59,6 @@ IceSSL::AcceptorI::finishAccept() IceInternal::TransceiverPtr IceSSL::AcceptorI::accept() { - // - // The plug-in may not be initialized. - // - if (!_instance->initialized()) - { - throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: plug-in is not initialized"); - } - return _instance->engine()->createTransceiver(_instance, _delegate->accept(), _adapterName, true); } diff --git a/cpp/src/IceSSL/AcceptorI.h b/cpp/src/IceSSL/SSLAcceptorI.h similarity index 97% rename from cpp/src/IceSSL/AcceptorI.h rename to cpp/src/IceSSL/SSLAcceptorI.h index 3f88edae4fa..4731ccb4834 100644 --- a/cpp/src/IceSSL/AcceptorI.h +++ b/cpp/src/IceSSL/SSLAcceptorI.h @@ -8,7 +8,7 @@ #include "../Ice/Acceptor.h" #include "../Ice/Network.h" #include "../Ice/TransceiverF.h" -#include "InstanceF.h" +#include "SSLInstanceF.h" #include diff --git a/cpp/src/IceSSL/ConnectorI.cpp b/cpp/src/IceSSL/SSLConnectorI.cpp similarity index 83% rename from cpp/src/IceSSL/ConnectorI.cpp rename to cpp/src/IceSSL/SSLConnectorI.cpp index de8063965e7..b94fbb485d7 100644 --- a/cpp/src/IceSSL/ConnectorI.cpp +++ b/cpp/src/IceSSL/SSLConnectorI.cpp @@ -2,17 +2,17 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "ConnectorI.h" -#include "Instance.h" +#include "SSLConnectorI.h" +#include "SSLInstance.h" #include "../Ice/NetworkProxy.h" #include "../Ice/StreamSocket.h" -#include "EndpointI.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/LoggerUtil.h" +#include "SSLEndpointI.h" #include "SSLEngine.h" -#include "Util.h" +#include "SSLUtil.h" using namespace std; using namespace Ice; @@ -21,14 +21,6 @@ using namespace IceSSL; IceInternal::TransceiverPtr IceSSL::ConnectorI::connect() { - // - // The plug-in may not be initialized. - // - if (!_instance->initialized()) - { - throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: plug-in is not initialized"); - } - return _instance->engine()->createTransceiver(_instance, _delegate->connect(), _host, false); } diff --git a/cpp/src/IceSSL/ConnectorI.h b/cpp/src/IceSSL/SSLConnectorI.h similarity index 97% rename from cpp/src/IceSSL/ConnectorI.h rename to cpp/src/IceSSL/SSLConnectorI.h index ad03bbf8069..10310aa210a 100644 --- a/cpp/src/IceSSL/ConnectorI.h +++ b/cpp/src/IceSSL/SSLConnectorI.h @@ -9,7 +9,7 @@ #include "../Ice/Network.h" #include "../Ice/TransceiverF.h" -#include "InstanceF.h" +#include "SSLInstanceF.h" namespace IceSSL { diff --git a/cpp/src/IceSSL/EndpointI.cpp b/cpp/src/IceSSL/SSLEndpointI.cpp similarity index 89% rename from cpp/src/IceSSL/EndpointI.cpp rename to cpp/src/IceSSL/SSLEndpointI.cpp index f25241e5329..ce903552420 100644 --- a/cpp/src/IceSSL/EndpointI.cpp +++ b/cpp/src/IceSSL/SSLEndpointI.cpp @@ -2,22 +2,46 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "EndpointI.h" +#include "SSLEndpointI.h" #include "../Ice/DefaultsAndOverrides.h" +#include "../Ice/EndpointFactoryManager.h" #include "../Ice/HashUtil.h" -#include "AcceptorI.h" -#include "ConnectorI.h" #include "Ice/Comparable.h" #include "Ice/InputStream.h" #include "Ice/LocalException.h" #include "Ice/Object.h" #include "Ice/OutputStream.h" -#include "Instance.h" +#include "SSLAcceptorI.h" +#include "SSLConnectorI.h" +#include "SSLInstance.h" using namespace std; using namespace Ice; using namespace IceSSL; +extern "C" +{ + Plugin* createIceSSL(const CommunicatorPtr& communicator, const string&, const StringSeq&) + { + IceInternal::InstancePtr instance = IceInternal::getInstance(communicator); + IceSSL::SSLEnginePtr engine = instance->sslEngine(); + IceInternal::EndpointFactoryManagerPtr endpointFactoryManager = instance->endpointFactoryManager(); + IceSSL::InstancePtr sslInstance = make_shared(engine, SSLEndpointType, "ssl"); + + return new IceInternal::EndpointFactoryPlugin( + communicator, + make_shared(sslInstance, TCPEndpointType)); + } +} + +namespace Ice +{ + ICE_API void registerIceSSL(bool loadOnInitialize) + { + Ice::registerPluginFactory("IceSSL", createIceSSL, loadOnInitialize); + } +} + namespace { Ice::IPEndpointInfoPtr getIPEndpointInfo(const Ice::EndpointInfoPtr& info) diff --git a/cpp/src/IceSSL/EndpointI.h b/cpp/src/IceSSL/SSLEndpointI.h similarity index 99% rename from cpp/src/IceSSL/EndpointI.h rename to cpp/src/IceSSL/SSLEndpointI.h index 85ef7160ca5..9ba82fd5f69 100644 --- a/cpp/src/IceSSL/EndpointI.h +++ b/cpp/src/IceSSL/SSLEndpointI.h @@ -10,8 +10,8 @@ #include "../Ice/IPEndpointI.h" #include "../Ice/Network.h" #include "IceSSL/EndpointInfo.h" -#include "InstanceF.h" #include "SSLEngineF.h" +#include "SSLInstanceF.h" namespace IceSSL { diff --git a/cpp/src/IceSSL/SSLEngine.cpp b/cpp/src/IceSSL/SSLEngine.cpp index 5aeb5af4e8c..74cd76f9b00 100644 --- a/cpp/src/IceSSL/SSLEngine.cpp +++ b/cpp/src/IceSSL/SSLEngine.cpp @@ -3,16 +3,15 @@ // #include "SSLEngine.h" -#include "IceSSL/ConnectionInfo.h" -#include "TrustManager.h" - -#include "IceUtil/StringUtil.h" - +#include "../Ice/Instance.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/LoggerUtil.h" #include "Ice/Properties.h" +#include "IceSSL/ConnectionInfo.h" +#include "IceUtil/StringUtil.h" +#include "TrustManager.h" #include @@ -21,28 +20,31 @@ using namespace Ice; using namespace IceUtil; using namespace IceSSL; -IceSSL::SSLEngine::SSLEngine(const Ice::CommunicatorPtr& communicator) - : _initialized(false), - _communicator(communicator), - _logger(communicator->getLogger()), - _trustManager(make_shared(communicator)), +IceSSL::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) + : _instance(instance), + _trustManager(make_shared(instance)), _revocationCheckCacheOnly(false), _revocationCheck(0) { } -bool -IceSSL::SSLEngine::initialized() const +Ice::LoggerPtr +IceSSL::SSLEngine::getLogger() const +{ + return _instance->initializationData().logger; +} + +Ice::PropertiesPtr +IceSSL::SSLEngine::getProperties() const { - lock_guard lock(_mutex); - return _initialized; + return _instance->initializationData().properties; } void IceSSL::SSLEngine::initialize() { const string propPrefix = "IceSSL."; - const PropertiesPtr properties = communicator()->getProperties(); + const PropertiesPtr properties = getProperties(); // CheckCertName determines whether we compare the name in a peer's certificate against its hostname. _checkCertName = properties->getPropertyAsIntWithDefault(propPrefix + "CheckCertName", 0) > 0; @@ -138,7 +140,7 @@ IceSSL::SSLEngine::verifyPeerCertName(const string& address, const ConnectionInf string msg = ostr.str(); if (_securityTraceLevel >= 1) { - Trace out(_logger, _securityTraceCategory); + Trace out(getLogger(), _securityTraceCategory); out << msg; } throw SecurityException(__FILE__, __LINE__, msg); @@ -154,7 +156,7 @@ IceSSL::SSLEngine::verifyPeer(const string& /*address*/, const ConnectionInfoPtr string msg = string(info->incoming ? "incoming" : "outgoing") + " connection rejected by trust manager"; if (_securityTraceLevel >= 1) { - _logger->trace(_securityTraceCategory, msg + "\n" + desc); + getLogger()->trace(_securityTraceCategory, msg + "\n" + desc); } throw SecurityException(__FILE__, __LINE__, msg); } diff --git a/cpp/src/IceSSL/SSLEngine.h b/cpp/src/IceSSL/SSLEngine.h index 8fb1008c2fa..fe93188ba95 100644 --- a/cpp/src/IceSSL/SSLEngine.h +++ b/cpp/src/IceSSL/SSLEngine.h @@ -5,33 +5,33 @@ #ifndef ICESSL_ENGINE_H #define ICESSL_ENGINE_H -#include "IceSSL/Plugin.h" -#include "InstanceF.h" -#include "SSLEngineF.h" -#include "TrustManagerF.h" -#include "Util.h" - #include "../Ice/Network.h" #include "../Ice/TransceiverF.h" #include "Ice/CommunicatorF.h" +#include "Ice/InstanceF.h" +#include "IceSSL/Certificate.h" +#include "SSLEngineF.h" +#include "SSLInstanceF.h" +#include "SSLUtil.h" +#include "TrustManagerF.h" #include namespace IceSSL { - class ICESSL_API SSLEngine + class ICE_API SSLEngine { public: - SSLEngine(const Ice::CommunicatorPtr&); + SSLEngine(const IceInternal::InstancePtr&); + + Ice::LoggerPtr getLogger() const; + Ice::PropertiesPtr getProperties() const; - Ice::CommunicatorPtr communicator() const { return _communicator; } - Ice::LoggerPtr getLogger() const { return _logger; }; + IceInternal::InstancePtr instance() const { return _instance; } // Setup the engine. virtual void initialize() = 0; - virtual bool initialized() const; - // Destroy the engine. virtual void destroy() = 0; @@ -52,12 +52,10 @@ namespace IceSSL std::string securityTraceCategory() const; protected: - bool _initialized; mutable std::mutex _mutex; private: - const Ice::CommunicatorPtr _communicator; - const Ice::LoggerPtr _logger; + const IceInternal::InstancePtr _instance; const TrustManagerPtr _trustManager; std::string _password; diff --git a/cpp/src/IceSSL/SSLEngineF.h b/cpp/src/IceSSL/SSLEngineF.h index 5884fc0fce9..515a4ed0d92 100644 --- a/cpp/src/IceSSL/SSLEngineF.h +++ b/cpp/src/IceSSL/SSLEngineF.h @@ -5,8 +5,6 @@ #ifndef ICESSL_ENGINE_F_H #define ICESSL_ENGINE_F_H -#include "IceSSL/Plugin.h" - #include namespace IceSSL diff --git a/cpp/src/IceSSL/Instance.cpp b/cpp/src/IceSSL/SSLInstance.cpp similarity index 60% rename from cpp/src/IceSSL/Instance.cpp rename to cpp/src/IceSSL/SSLInstance.cpp index 80333587c37..36584ce3895 100644 --- a/cpp/src/IceSSL/Instance.cpp +++ b/cpp/src/IceSSL/SSLInstance.cpp @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "Instance.h" +#include "SSLInstance.h" #include "SSLEngine.h" using namespace std; @@ -10,13 +10,7 @@ using namespace Ice; using namespace IceSSL; IceSSL::Instance::Instance(const SSLEnginePtr& engine, int16_t type, const string& protocol) - : ProtocolInstance(engine->communicator(), type, protocol, true), + : ProtocolInstance(engine->instance(), type, protocol, true), _engine(engine) { } - -bool -IceSSL::Instance::initialized() const -{ - return _engine->initialized(); -} diff --git a/cpp/src/IceSSL/Instance.h b/cpp/src/IceSSL/SSLInstance.h similarity index 75% rename from cpp/src/IceSSL/Instance.h rename to cpp/src/IceSSL/SSLInstance.h index 428f16e9c1f..a85757179cb 100644 --- a/cpp/src/IceSSL/Instance.h +++ b/cpp/src/IceSSL/SSLInstance.h @@ -6,20 +6,18 @@ #define ICESSL_INSTANCE_H #include "../Ice/ProtocolInstance.h" -#include "InstanceF.h" #include "SSLEngineF.h" +#include "SSLInstanceF.h" namespace IceSSL { - class ICESSL_API Instance final : public IceInternal::ProtocolInstance + class ICE_API Instance final : public IceInternal::ProtocolInstance { public: Instance(const SSLEnginePtr&, std::int16_t, const std::string&); SSLEnginePtr engine() const { return _engine; } - bool initialized() const; - private: const SSLEnginePtr _engine; }; diff --git a/cpp/src/IceSSL/InstanceF.h b/cpp/src/IceSSL/SSLInstanceF.h similarity index 100% rename from cpp/src/IceSSL/InstanceF.h rename to cpp/src/IceSSL/SSLInstanceF.h diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/SSLUtil.cpp similarity index 98% rename from cpp/src/IceSSL/Util.cpp rename to cpp/src/IceSSL/SSLUtil.cpp index 9982087f4e1..51467aa0da4 100644 --- a/cpp/src/IceSSL/Util.cpp +++ b/cpp/src/IceSSL/SSLUtil.cpp @@ -7,16 +7,15 @@ # include #endif -#include "IceUtil/FileUtil.h" -#include "IceUtil/StringUtil.h" -#include "Util.h" - #include "../Ice/Base64.h" #include "../Ice/Network.h" #include "Ice/LocalException.h" -#include "Ice/Object.h" #include "Ice/StringConverter.h" #include "Ice/UniqueRef.h" +#include "IceSSL/Certificate.h" +#include "IceUtil/FileUtil.h" +#include "IceUtil/StringUtil.h" +#include "SSLUtil.h" #include diff --git a/cpp/src/IceSSL/Util.h b/cpp/src/IceSSL/SSLUtil.h similarity index 82% rename from cpp/src/IceSSL/Util.h rename to cpp/src/IceSSL/SSLUtil.h index 3b4b5bd4133..664bdbf0ef5 100644 --- a/cpp/src/IceSSL/Util.h +++ b/cpp/src/IceSSL/SSLUtil.h @@ -5,8 +5,6 @@ #ifndef ICESSL_UTIL_H #define ICESSL_UTIL_H -#include "IceSSL/Plugin.h" - #include #include #include @@ -48,12 +46,12 @@ namespace IceSSL // const AltNameObjectIdentifier = 8; // Read a file into memory buffer. - ICESSL_API void readFile(const std::string&, std::vector&); + ICE_API void readFile(const std::string&, std::vector&); // Determine if a file or directory exists, with an optional default directory. - ICESSL_API bool checkPath(const std::string&, const std::string&, bool, std::string&); + ICE_API bool checkPath(const std::string&, const std::string&, bool, std::string&); - ICESSL_API bool parseBytes(const std::string&, std::vector&); + ICE_API bool parseBytes(const std::string&, std::vector&); } #endif diff --git a/cpp/src/IceSSL/SecureTransportCertificateI.cpp b/cpp/src/IceSSL/SecureTransportCertificateI.cpp index 61edcc88770..aaeed897870 100644 --- a/cpp/src/IceSSL/SecureTransportCertificateI.cpp +++ b/cpp/src/IceSSL/SecureTransportCertificateI.cpp @@ -8,16 +8,14 @@ // #include "IceUtil/DisableWarnings.h" +#include "../Ice/Base64.h" #include "CertificateI.h" +#include "Ice/LocalException.h" +#include "Ice/UniqueRef.h" #include "IceSSL/SecureTransport.h" -#include "PluginI.h" #include "RFC2253.h" #include "SecureTransportUtil.h" -#include "../Ice/Base64.h" -#include "Ice/LocalException.h" -#include "Ice/UniqueRef.h" - #include #include @@ -240,9 +238,7 @@ namespace #endif - class SecureTransportCertificateI final : public IceSSL::SecureTransport::Certificate, - public IceSSL::CertificateI, - public IceSSL::CertificateExtendedInfo + class SecureTransportCertificateI final : public IceSSL::SecureTransport::Certificate, public IceSSL::CertificateI { public: SecureTransportCertificateI(SecCertificateRef); @@ -952,3 +948,15 @@ IceSSL::SecureTransport::Certificate::decode(const std::string& encoding) return make_shared(reinterpret_cast(item.release())); #endif } + +IceSSL::CertificatePtr +IceSSL::Certificate::load(const std::string& file) +{ + return IceSSL::SecureTransport::Certificate::load(file); +} + +IceSSL::CertificatePtr +IceSSL::Certificate::decode(const std::string& encoding) +{ + return IceSSL::SecureTransport::Certificate::decode(encoding); +} diff --git a/cpp/src/IceSSL/SecureTransportEngine.cpp b/cpp/src/IceSSL/SecureTransportEngine.cpp index 2db645365fd..3743ee82568 100644 --- a/cpp/src/IceSSL/SecureTransportEngine.cpp +++ b/cpp/src/IceSSL/SecureTransportEngine.cpp @@ -2,25 +2,20 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "IceSSL/Config.h" - #include "SecureTransportEngine.h" -#include "SecureTransportEngineF.h" - -#include "IceUtil/FileUtil.h" -#include "IceUtil/StringUtil.h" - -#include "Ice/Communicator.h" +#include "Ice/Config.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/LoggerUtil.h" #include "Ice/Properties.h" - -#include "IceSSL/Plugin.h" +#include "IceSSL/Certificate.h" +#include "IceUtil/FileUtil.h" +#include "IceUtil/StringUtil.h" #include "SSLEngine.h" +#include "SSLUtil.h" +#include "SecureTransportEngineF.h" #include "SecureTransportTransceiverI.h" #include "SecureTransportUtil.h" -#include "Util.h" #include @@ -740,8 +735,8 @@ namespace map CiphersHelper::ciphers() { return _ciphers; } } -IceSSL::SecureTransport::SSLEngine::SSLEngine(const Ice::CommunicatorPtr& communicator) - : IceSSL::SSLEngine(communicator), +IceSSL::SecureTransport::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) + : IceSSL::SSLEngine(instance), _certificateAuthorities(0), _chain(0) { @@ -753,15 +748,9 @@ IceSSL::SecureTransport::SSLEngine::SSLEngine(const Ice::CommunicatorPtr& commun void IceSSL::SecureTransport::SSLEngine::initialize() { - lock_guard lock(_mutex); - if (_initialized) - { - return; - } - IceSSL::SSLEngine::initialize(); - const PropertiesPtr properties = communicator()->getProperties(); + const PropertiesPtr properties = getProperties(); // // Check for a default directory. We look in this directory for @@ -915,7 +904,6 @@ IceSSL::SecureTransport::SSLEngine::initialize() } getLogger()->trace(securityTraceCategory(), os.str()); } - _initialized = true; } // diff --git a/cpp/src/IceSSL/SecureTransportEngine.h b/cpp/src/IceSSL/SecureTransportEngine.h index 0e24c8f8e6b..8c52f9777d6 100644 --- a/cpp/src/IceSSL/SecureTransportEngine.h +++ b/cpp/src/IceSSL/SecureTransportEngine.h @@ -7,46 +7,41 @@ #ifdef __APPLE__ +# include "Ice/InstanceF.h" # include "Ice/UniqueRef.h" # include "SSLEngine.h" # include # include -namespace IceSSL +namespace IceSSL::SecureTransport { - namespace SecureTransport + class SSLEngine final : public IceSSL::SSLEngine { - class SSLEngine final : public IceSSL::SSLEngine - { - public: - SSLEngine(const Ice::CommunicatorPtr&); + public: + SSLEngine(const IceInternal::InstancePtr&); - void initialize() final; - void destroy() final; - IceInternal::TransceiverPtr - createTransceiver(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool) final; + void initialize() final; + void destroy() final; + IceInternal::TransceiverPtr + createTransceiver(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool) final; - SSLContextRef newContext(bool); - CFArrayRef getCertificateAuthorities() const; - std::string getCipherName(SSLCipherSuite) const; + SSLContextRef newContext(bool); + CFArrayRef getCertificateAuthorities() const; + std::string getCipherName(SSLCipherSuite) const; - private: - void parseCiphers(const std::string&); + private: + void parseCiphers(const std::string&); - IceInternal::UniqueRef _certificateAuthorities; - IceInternal::UniqueRef _chain; + IceInternal::UniqueRef _certificateAuthorities; + IceInternal::UniqueRef _chain; # if TARGET_OS_IPHONE == 0 - std::vector _dhParams; + std::vector _dhParams; # endif - std::vector _ciphers; - }; - - } // SecureTransport namespace end - -} // IceSSL namespace end - + std::vector _ciphers; + }; +} #endif #endif diff --git a/cpp/src/IceSSL/SecureTransportEngineF.h b/cpp/src/IceSSL/SecureTransportEngineF.h index 99224274e6c..b7c943e9208 100644 --- a/cpp/src/IceSSL/SecureTransportEngineF.h +++ b/cpp/src/IceSSL/SecureTransportEngineF.h @@ -7,18 +7,12 @@ #ifdef __APPLE__ -# include "IceSSL/Plugin.h" - # include -namespace IceSSL +namespace IceSSL::SecureTransport { - namespace SecureTransport - { - class SSLEngine; - using SSLEnginePtr = std::shared_ptr; - - } + class SSLEngine; + using SSLEnginePtr = std::shared_ptr; } #endif diff --git a/cpp/src/IceSSL/SecureTransportPluginI.cpp b/cpp/src/IceSSL/SecureTransportPluginI.cpp deleted file mode 100644 index 0f85ee89cf7..00000000000 --- a/cpp/src/IceSSL/SecureTransportPluginI.cpp +++ /dev/null @@ -1,73 +0,0 @@ -// -// Copyright (c) ZeroC, Inc. All rights reserved. -// - -#include "IceSSL/SecureTransport.h" -#include "PluginI.h" -#include "SecureTransportEngine.h" - -#include "Ice/Initialize.h" - -using namespace Ice; -using namespace std; - -namespace -{ - class PluginI : public IceSSL::PluginI - { - public: - PluginI(const Ice::CommunicatorPtr&); - - virtual IceSSL::CertificatePtr create(SecCertificateRef) const; - virtual IceSSL::CertificatePtr load(const std::string&) const; - virtual IceSSL::CertificatePtr decode(const std::string&) const; - }; - -} // anonymous namespace end - -// -// Plugin implementation. -// -PluginI::PluginI(const Ice::CommunicatorPtr& com) - : IceSSL::PluginI(com, make_shared(com)) -{ -} - -IceSSL::CertificatePtr -PluginI::create(SecCertificateRef cert) const -{ - return IceSSL::SecureTransport::Certificate::create(cert); -} - -IceSSL::CertificatePtr -PluginI::load(const std::string& file) const -{ - return IceSSL::SecureTransport::Certificate::load(file); -} - -IceSSL::CertificatePtr -PluginI::decode(const std::string& encoding) const -{ - return IceSSL::SecureTransport::Certificate::load(encoding); -} - -// -// Plug-in factory function. -// -extern "C" ICESSL_API Ice::Plugin* -createIceSSL(const Ice::CommunicatorPtr& communicator, const string& /*name*/, const Ice::StringSeq& /*args*/) -{ - return new PluginI(communicator); -} - -IceSSL::CertificatePtr -IceSSL::Certificate::load(const std::string& file) -{ - return IceSSL::SecureTransport::Certificate::load(file); -} - -IceSSL::CertificatePtr -IceSSL::Certificate::decode(const std::string& encoding) -{ - return IceSSL::SecureTransport::Certificate::decode(encoding); -} diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp index a70591d3894..4f4a51ac93e 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp @@ -3,15 +3,13 @@ // #include "SecureTransportTransceiverI.h" +#include "Ice/LocalException.h" +#include "Ice/LoggerUtil.h" #include "IceSSL/ConnectionInfo.h" -#include "Instance.h" -#include "PluginI.h" +#include "SSLInstance.h" #include "SecureTransportEngine.h" #include "SecureTransportUtil.h" -#include "Ice/LocalException.h" -#include "Ice/LoggerUtil.h" - // Disable deprecation warnings from SecureTransport APIs #include "IceUtil/DisableWarnings.h" @@ -619,7 +617,7 @@ IceSSL::SecureTransport::TransceiverI::toDetailedString() const Ice::ConnectionInfoPtr IceSSL::SecureTransport::TransceiverI::getInfo() const { - auto info = make_shared(); + auto info = make_shared(); info->underlying = _delegate->getInfo(); info->incoming = _incoming; info->adapterName = _adapterName; diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.h b/cpp/src/IceSSL/SecureTransportTransceiverI.h index 6e38111dd30..f83fec20c6f 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.h +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.h @@ -7,81 +7,74 @@ #ifdef __APPLE__ -# include "IceSSL/Config.h" -# include "IceSSL/Plugin.h" -# include "InstanceF.h" -# include "SecureTransportEngineF.h" - # include "../Ice/Network.h" # include "../Ice/Transceiver.h" +# include "Ice/Config.h" # include "Ice/UniqueRef.h" +# include "IceSSL/Certificate.h" +# include "SSLInstanceF.h" +# include "SecureTransportEngineF.h" # include # include # include -namespace IceSSL +namespace IceSSL::SecureTransport { - namespace SecureTransport + class TransceiverI final : public IceInternal::Transceiver { - class TransceiverI final : public IceInternal::Transceiver + public: + TransceiverI(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool); + ~TransceiverI(); + IceInternal::NativeInfoPtr getNativeInfo() final; + + IceInternal::SocketOperation initialize(IceInternal::Buffer&, IceInternal::Buffer&) final; + IceInternal::SocketOperation closing(bool, std::exception_ptr) final; + void close() final; + IceInternal::SocketOperation write(IceInternal::Buffer&) final; + IceInternal::SocketOperation read(IceInternal::Buffer&) final; + + bool isWaitingToBeRead() const noexcept final; + std::string protocol() const final; + std::string toString() const final; + std::string toDetailedString() const final; + Ice::ConnectionInfoPtr getInfo() const final; + void checkSendSize(const IceInternal::Buffer&) final; + void setBufferSize(int rcvSize, int sndSize) final; + + OSStatus writeRaw(const std::byte*, size_t*) const; + OSStatus readRaw(std::byte*, size_t*) const; + + private: + const InstancePtr _instance; + const SSLEnginePtr _engine; + const std::string _host; + const std::string _adapterName; + const bool _incoming; + const IceInternal::TransceiverPtr _delegate; + + IceInternal::UniqueRef _ssl; + IceInternal::UniqueRef _trust; + bool _connected; + + enum SSLWantFlags { - public: - TransceiverI(const InstancePtr&, const IceInternal::TransceiverPtr&, const std::string&, bool); - ~TransceiverI(); - IceInternal::NativeInfoPtr getNativeInfo() final; - - IceInternal::SocketOperation initialize(IceInternal::Buffer&, IceInternal::Buffer&) final; - IceInternal::SocketOperation closing(bool, std::exception_ptr) final; - void close() final; - IceInternal::SocketOperation write(IceInternal::Buffer&) final; - IceInternal::SocketOperation read(IceInternal::Buffer&) final; - - bool isWaitingToBeRead() const noexcept final; - - std::string protocol() const final; - std::string toString() const final; - std::string toDetailedString() const final; - Ice::ConnectionInfoPtr getInfo() const final; - void checkSendSize(const IceInternal::Buffer&) final; - void setBufferSize(int rcvSize, int sndSize) final; - - OSStatus writeRaw(const std::byte*, size_t*) const; - OSStatus readRaw(std::byte*, size_t*) const; - - private: - const InstancePtr _instance; - const SSLEnginePtr _engine; - const std::string _host; - const std::string _adapterName; - const bool _incoming; - const IceInternal::TransceiverPtr _delegate; - - IceInternal::UniqueRef _ssl; - IceInternal::UniqueRef _trust; - bool _connected; - - enum SSLWantFlags - { - SSLWantRead = 0x1, - SSLWantWrite = 0x2 - }; - - mutable std::uint8_t _tflags; - size_t _maxSendPacketSize; - size_t _maxRecvPacketSize; - std::string _cipher; - std::vector _certs; - TrustError _trustError; - bool _verified; - size_t _buffered; + SSLWantRead = 0x1, + SSLWantWrite = 0x2 }; - using TransceiverIPtr = std::shared_ptr; - - } // SecureTransport namespace end - -} // IceSSL namespace end + mutable std::uint8_t _tflags; + size_t _maxSendPacketSize; + size_t _maxRecvPacketSize; + std::string _cipher; + std::vector _certs; + TrustError _trustError; + bool _verified; + size_t _buffered; + }; + using TransceiverIPtr = std::shared_ptr; + +} #endif #endif diff --git a/cpp/src/IceSSL/SecureTransportUtil.cpp b/cpp/src/IceSSL/SecureTransportUtil.cpp index 71f760b4abf..deacbfbe402 100644 --- a/cpp/src/IceSSL/SecureTransportUtil.cpp +++ b/cpp/src/IceSSL/SecureTransportUtil.cpp @@ -3,12 +3,9 @@ // #include "SecureTransportUtil.h" -#include "IceSSL/Plugin.h" - #include "../Ice/Base64.h" #include "Ice/LocalException.h" #include "Ice/UniqueRef.h" - #include "IceUtil/FileUtil.h" #include "IceUtil/StringUtil.h" diff --git a/cpp/src/IceSSL/SecureTransportUtil.h b/cpp/src/IceSSL/SecureTransportUtil.h index f09b0c0b535..4d112c5af55 100644 --- a/cpp/src/IceSSL/SecureTransportUtil.h +++ b/cpp/src/IceSSL/SecureTransportUtil.h @@ -8,40 +8,35 @@ #ifdef __APPLE__ # include "IceSSL/SecureTransport.h" -# include "Util.h" +# include "SSLUtil.h" -namespace IceSSL +namespace IceSSL::SecureTransport { - namespace SecureTransport - { - std::string sslErrorToString(CFErrorRef); - std::string sslErrorToString(OSStatus); + std::string sslErrorToString(CFErrorRef); + std::string sslErrorToString(OSStatus); # if defined(ICE_USE_SECURE_TRANSPORT_MACOS) - // - // Retrieve a certificate property - // - CFDictionaryRef getCertificateProperty(SecCertificateRef, CFTypeRef); + // + // Retrieve a certificate property + // + CFDictionaryRef getCertificateProperty(SecCertificateRef, CFTypeRef); # endif - // - // Read certificate from a file. - // - CFArrayRef loadCertificateChain( - const std::string&, - const std::string&, - const std::string&, - const std::string&, - const std::string&); - - SecCertificateRef loadCertificate(const std::string&); - CFArrayRef loadCACertificates(const std::string&); - CFArrayRef findCertificateChain(const std::string&, const std::string&, const std::string&); - - } // SecureTransport namespace end - -} // IceSSL namespace end - + // + // Read certificate from a file. + // + CFArrayRef loadCertificateChain( + const std::string&, + const std::string&, + const std::string&, + const std::string&, + const std::string&); + + SecCertificateRef loadCertificate(const std::string&); + CFArrayRef loadCACertificates(const std::string&); + CFArrayRef findCertificateChain(const std::string&, const std::string&, const std::string&); + +} #endif #endif diff --git a/cpp/src/IceSSL/TrustManager.cpp b/cpp/src/IceSSL/TrustManager.cpp index 88c734b9f42..542c68443e1 100644 --- a/cpp/src/IceSSL/TrustManager.cpp +++ b/cpp/src/IceSSL/TrustManager.cpp @@ -3,22 +3,22 @@ // #include "TrustManager.h" -#include "IceSSL/ConnectionInfo.h" -#include "RFC2253.h" - +#include "../Ice/Instance.h" #include "../Ice/Network.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/LoggerUtil.h" #include "Ice/Properties.h" +#include "IceSSL/ConnectionInfo.h" +#include "RFC2253.h" using namespace std; using namespace IceSSL; -TrustManager::TrustManager(const Ice::CommunicatorPtr& communicator) : _communicator(communicator) +TrustManager::TrustManager(const IceInternal::InstancePtr& instance) : _instance(instance) { - Ice::PropertiesPtr properties = communicator->getProperties(); + Ice::PropertiesPtr properties = _instance->initializationData().properties; _traceLevel = properties->getPropertyAsInt("IceSSL.Trace.Security"); string key; try @@ -126,7 +126,7 @@ TrustManager::verify(const ConnectionInfoPtr& info, const std::string& desc) DistinguishedName subject = info->certs[0]->getSubjectDN(); if (_traceLevel > 0) { - Ice::Trace trace(_communicator->getLogger(), "Security"); + Ice::Trace trace(_instance->initializationData().logger, "Security"); if (info->incoming) { trace << "trust manager evaluating client:\n" @@ -146,7 +146,7 @@ TrustManager::verify(const ConnectionInfoPtr& info, const std::string& desc) { if (_traceLevel > 1) { - Ice::Trace trace(_communicator->getLogger(), "Security"); + Ice::Trace trace(_instance->initializationData().logger, "Security"); trace << "trust manager rejecting PDNs:\n"; for (list::const_iterator r = p->begin(); r != p->end(); ++r) { @@ -168,7 +168,7 @@ TrustManager::verify(const ConnectionInfoPtr& info, const std::string& desc) { if (_traceLevel > 1) { - Ice::Trace trace(_communicator->getLogger(), "Security"); + Ice::Trace trace(_instance->initializationData().logger, "Security"); trace << "trust manager accepting PDNs:\n"; for (list::const_iterator r = p->begin(); r != p->end(); ++r) { diff --git a/cpp/src/IceSSL/TrustManager.h b/cpp/src/IceSSL/TrustManager.h index 32d4f04577c..ec60ce81f96 100644 --- a/cpp/src/IceSSL/TrustManager.h +++ b/cpp/src/IceSSL/TrustManager.h @@ -5,8 +5,9 @@ #ifndef ICESSL_TRUST_MANAGER_H #define ICESSL_TRUST_MANAGER_H -#include "Ice/CommunicatorF.h" -#include "IceSSL/Plugin.h" +#include "Ice/InstanceF.h" +#include "IceSSL/Certificate.h" +#include "IceSSL/ConnectionInfoF.h" #include "RFC2253.h" #include "TrustManagerF.h" #include @@ -17,7 +18,7 @@ namespace IceSSL class TrustManager { public: - TrustManager(const Ice::CommunicatorPtr&); + TrustManager(const IceInternal::InstancePtr&); bool verify(const ConnectionInfoPtr&, const std::string&); @@ -25,9 +26,8 @@ namespace IceSSL bool match(const std::list&, const DistinguishedName&) const; void parse(const std::string&, std::list&, std::list&) const; - const Ice::CommunicatorPtr _communicator; int _traceLevel; - + IceInternal::InstancePtr _instance; std::list _rejectAll; std::list _rejectClient; std::list _rejectAllServer; diff --git a/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj b/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj deleted file mode 100644 index 2e5af8199fc..00000000000 --- a/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - Debug - Win32 - - - Release - Win32 - - - Debug - x64 - - - Release - x64 - - - - {5923B17D-2873-4245-87A7-FB8F4BE12501} - IceSSL - - - - DynamicLibrary - true - $(DefaultPlatformToolset) - - - DynamicLibrary - false - $(DefaultPlatformToolset) - - - DynamicLibrary - true - $(DefaultPlatformToolset) - - - DynamicLibrary - false - $(DefaultPlatformToolset) - - - - - - - - - - - - - - - - - - - - - - ICESSL_API_EXPORTS;%(PreprocessorDefinitions) - - - advapi32.lib;secur32.lib;crypt32.lib;ws2_32.lib - - - - - ICESSL_API_EXPORTS;%(PreprocessorDefinitions) - - - advapi32.lib;secur32.lib;crypt32.lib;ws2_32.lib - - - - - ICESSL_API_EXPORTS;%(PreprocessorDefinitions) - - - advapi32.lib;secur32.lib;crypt32.lib;ws2_32.lib - - - - - ICESSL_API_EXPORTS;%(PreprocessorDefinitions) - - - advapi32.lib;secur32.lib;crypt32.lib;ws2_32.lib - - - - - $(IceSrcRootDir)\include\generated\$(Platform)\$(Configuration)\IceSSL\ - IceSSL - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. - - - - - \ No newline at end of file diff --git a/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj.filters b/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj.filters deleted file mode 100644 index 15dcb3cd0a7..00000000000 --- a/cpp/src/IceSSL/msbuild/icessl/icessl.vcxproj.filters +++ /dev/null @@ -1,165 +0,0 @@ - - - - - {4d9f616e-1934-41a2-8ba4-83b5113d1ee9} - rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms - - - {dc46ba85-888a-44c6-a892-02ca81802a4f} - h;hh;hpp;hxx;hm;inl;inc;xsd - - - {7f20c422-9df1-492a-8b6f-5dd7f3188a7a} - cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx - - - {9007c33c-0c7e-42bb-8400-baae022a4a6d} - ice - - - {e9fe80ae-1aff-4267-84d9-1f75b1b573a6} - - - {0f9d0820-dd66-4cea-a839-576ef894e6da} - - - {85447365-08ad-4445-93c9-5b2d697c26d3} - - - {3970e819-06e0-4ff0-90ae-36e4d3e2599e} - - - {e29283e2-0bcc-4737-ba65-4d7818277667} - - - {37734e94-4269-46ce-a869-b343baada79c} - - - {799ccbb8-b61f-49d0-ab9b-c35577f4fc90} - - - {919084ad-57a8-4656-8e9c-7e297ade0cba} - - - {a9faf6cb-dac5-4226-b78f-e8d540941d95} - - - {5b553fdf-f103-40de-901e-e625bbac9df6} - - - {4a704c57-97d4-44e6-a7fe-54071c38a0d1} - - - {d5c1d6b6-0241-4fb2-8d58-451aee18ef20} - - - - - Resource Files - - - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - - - - \ No newline at end of file diff --git a/cpp/src/IceSSL/msbuild/icessl/packages.config b/cpp/src/IceSSL/msbuild/icessl/packages.config deleted file mode 100644 index fb43e38f42f..00000000000 --- a/cpp/src/IceSSL/msbuild/icessl/packages.config +++ /dev/null @@ -1,4 +0,0 @@ - - - - \ No newline at end of file diff --git a/cpp/src/IceSSL/msbuild/icesslopenssl/icesslopenssl.vcxproj b/cpp/src/IceSSL/msbuild/icesslopenssl/icesslopenssl.vcxproj deleted file mode 100644 index 91295881cf6..00000000000 --- a/cpp/src/IceSSL/msbuild/icesslopenssl/icesslopenssl.vcxproj +++ /dev/null @@ -1,120 +0,0 @@ - - - - - Debug - Win32 - - - Release - Win32 - - - Debug - x64 - - - Release - x64 - - - - {D0DC2305-37FE-4D03-BE05-AC8912678DC8} - - - - DynamicLibrary - true - $(DefaultPlatformToolset) - - - DynamicLibrary - false - $(DefaultPlatformToolset) - - - DynamicLibrary - true - $(DefaultPlatformToolset) - - - DynamicLibrary - false - $(DefaultPlatformToolset) - - - - - - - - - - - - - - - - - - - - - - ICESSL_OPENSSL_API_EXPORTS;%(PreprocessorDefinitions) - - - - - ICESSL_OPENSSL_API_EXPORTS;%(PreprocessorDefinitions) - - - - - ICESSL_OPENSSL_API_EXPORTS;%(PreprocessorDefinitions) - - - - - ICESSL_OPENSSL_API_EXPORTS;%(PreprocessorDefinitions) - - - - - generated - $(IceSrcRootDir)\include\generated\$(Platform)\$(Configuration)\IceSSL\ - IceSSL - - - - - - - - - - - - - - - - - - - - - - - - - - - - - This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. - - - - \ No newline at end of file diff --git a/cpp/src/IceSSL/msbuild/icesslopenssl/icesslopenssl.vcxproj.filters b/cpp/src/IceSSL/msbuild/icesslopenssl/icesslopenssl.vcxproj.filters deleted file mode 100644 index ba897fac5cd..00000000000 --- a/cpp/src/IceSSL/msbuild/icesslopenssl/icesslopenssl.vcxproj.filters +++ /dev/null @@ -1,96 +0,0 @@ - - - - - {0255b63a-660b-4a1c-805f-0abe632c5677} - ice - - - {956d2580-1d49-4b49-a059-988288782db2} - h;hh;hpp;hxx;hm;inl;inc;xsd - - - {e83d242d-b1ea-4c9c-b23c-e89105597587} - cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx - - - {448e5844-aa20-4e5e-8876-57eb2a5cbe2f} - rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms - - - {8fbefc16-ee09-44ab-b2b4-d752bd5377ea} - - - {9ad49193-c783-4a96-a912-221addf43f04} - - - {0feba132-cf9d-4d8f-b4d6-20001d1d8ae6} - - - {c0691be0-ad4d-45b0-9b58-ff51634b7abe} - - - {c9a4873d-7104-447e-a4c6-393349a8ff39} - - - {e34f5387-2c17-4311-b257-1344b9008865} - - - {c662649c-a902-4c7e-8616-ea54f436eb45} - - - {9ff83beb-868b-4a94-9b0e-3afc3bab37d6} - - - {2a739cdd-800d-4fb5-b656-2e647b26bd3f} - - - {bf287f75-264e-406d-a75e-b19d15f4a387} - - - {2d055007-bfcb-4301-8c18-3c394e9d2b71} - - - {d89224e9-0392-47b3-9a1a-f4b0b186ab08} - - - - - Resource Files - - - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - Source Files - - - - - Header Files - - - Header Files - - - Header Files - - - Header Files - - - - - - \ No newline at end of file diff --git a/cpp/src/IceSSL/msbuild/icesslopenssl/packages.config b/cpp/src/IceSSL/msbuild/icesslopenssl/packages.config deleted file mode 100644 index 4eec2753837..00000000000 --- a/cpp/src/IceSSL/msbuild/icesslopenssl/packages.config +++ /dev/null @@ -1,4 +0,0 @@ - - - - \ No newline at end of file diff --git a/cpp/test/Common/Makefile.mk b/cpp/test/Common/Makefile.mk index c5694db89ca..63174c63e49 100644 --- a/cpp/test/Common/Makefile.mk +++ b/cpp/test/Common/Makefile.mk @@ -11,7 +11,7 @@ $(project)_caninstall := no # because TestCommon isn't installed with the binary distribution. # TestCommon[shared]_targetdir := $(call mappingdir,$(currentdir),lib) -TestCommon_dependencies := IceSSL Ice +TestCommon_dependencies := Ice TestCommon_cppflags := -DTEST_API_EXPORTS -I$(includedir) -Itest/include projects += $(project) diff --git a/cpp/test/Glacier2/ssl/Makefile.mk b/cpp/test/Glacier2/ssl/Makefile.mk index b777bea87f1..651d334cca1 100644 --- a/cpp/test/Glacier2/ssl/Makefile.mk +++ b/cpp/test/Glacier2/ssl/Makefile.mk @@ -3,6 +3,6 @@ # $(test)_client_dependencies = Glacier2 -$(test)_server_dependencies = Glacier2 IceSSL +$(test)_server_dependencies = Glacier2 tests += $(test) diff --git a/cpp/test/Glacier2/ssl/Server.cpp b/cpp/test/Glacier2/ssl/Server.cpp index 021c5a0646d..37a0eaeeba8 100644 --- a/cpp/test/Glacier2/ssl/Server.cpp +++ b/cpp/test/Glacier2/ssl/Server.cpp @@ -5,7 +5,7 @@ #include "Glacier2/PermissionsVerifier.h" #include "Glacier2/Session.h" #include "Ice/Ice.h" -#include "IceSSL/Plugin.h" +#include "IceSSL/Certificate.h" #include "TestHelper.h" using namespace std; diff --git a/cpp/test/Ice/info/AllTests.cpp b/cpp/test/Ice/info/AllTests.cpp index d000d8f0de8..af5c91c00ef 100644 --- a/cpp/test/Ice/info/AllTests.cpp +++ b/cpp/test/Ice/info/AllTests.cpp @@ -3,7 +3,8 @@ // #include "Ice/Ice.h" -#include "IceSSL/IceSSL.h" +#include "IceSSL/ConnectionInfo.h" +#include "IceSSL/EndpointInfo.h" #include "TestHelper.h" #include "TestI.h" diff --git a/cpp/test/Ice/info/Makefile.mk b/cpp/test/Ice/info/Makefile.mk index b25325f88cc..aada02cd66b 100644 --- a/cpp/test/Ice/info/Makefile.mk +++ b/cpp/test/Ice/info/Makefile.mk @@ -3,6 +3,6 @@ # $(test)_client_sources = Test.ice TestI.cpp Client.cpp AllTests.cpp -$(test)_dependencies = TestCommon IceSSL Ice +$(test)_dependencies = TestCommon Ice tests += $(test) diff --git a/cpp/test/Ice/info/TestI.cpp b/cpp/test/Ice/info/TestI.cpp index 9985514821d..fd10d2b05ff 100644 --- a/cpp/test/Ice/info/TestI.cpp +++ b/cpp/test/Ice/info/TestI.cpp @@ -4,7 +4,7 @@ #include "TestI.h" #include "Ice/Ice.h" -#include "IceSSL/IceSSL.h" +#include "IceSSL/ConnectionInfo.h" #include "TestHelper.h" using namespace std; diff --git a/cpp/test/Ice/proxy/AllTests.cpp b/cpp/test/Ice/proxy/AllTests.cpp index e5dcebc1b85..cbddfe944b6 100644 --- a/cpp/test/Ice/proxy/AllTests.cpp +++ b/cpp/test/Ice/proxy/AllTests.cpp @@ -1231,20 +1231,6 @@ allTests(TestHelper* helper) if (communicator->getProperties()->getPropertyAsInt("Ice.IPv6") == 0 && communicator->getProperties()->getProperty("Ice.Default.Host") == "127.0.0.1") { - // SSL enabled? - bool ssl; - try - { - communicator->stringToProxy("dummy:ssl"); - ssl = true; - } - catch (const Ice::EndpointParseException&) - { - ssl = false; - } - - const bool tcp = communicator->getProperties()->getProperty("Ice.Default.Protocol") == "tcp"; - // Two legal TCP endpoints expressed as opaque endpoints p1 = communicator->stringToProxy("test -e 1.0:opaque -e 1.0 -t 1 -v CTEyNy4wLjAuMeouAAAQJwAAAA==:opaque -e 1.0 " "-t 1 -v CTEyNy4wLjAuMusuAAAQJwAAAA=="); @@ -1258,16 +1244,7 @@ allTests(TestHelper* helper) p1 = communicator->stringToProxy( "test -e 1.0:opaque -e 1.0 -t 2 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -e 1.0 -t 99 -v abch"); pstr = communicator->proxyToString(p1); - if (ssl) - { - test(pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch"); - } - else if (tcp) - { - test( - pstr == - "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch"); - } + test(pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch"); // // Test that the proxy with an SSL endpoint and a nonsense @@ -1277,20 +1254,7 @@ allTests(TestHelper* helper) // optional p2 = derived->echo(p1); pstr = communicator->proxyToString(p2); - if (ssl) - { - test(pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch"); - } - else if (tcp) - { - if (pstr != "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch") - { - cerr << pstr << endl; - } - test( - pstr == - "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch"); - } + test(pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch"); } cout << "ok" << endl; diff --git a/cpp/test/Ice/services/Makefile.mk b/cpp/test/Ice/services/Makefile.mk index 8862c788eee..85c29428e1a 100644 --- a/cpp/test/Ice/services/Makefile.mk +++ b/cpp/test/Ice/services/Makefile.mk @@ -2,6 +2,6 @@ # Copyright (c) ZeroC, Inc. All rights reserved. # -$(test)_dependencies = Glacier2 IceStorm IceGrid TestCommon IceSSL Ice +$(test)_dependencies = Glacier2 IceStorm IceGrid TestCommon Ice tests += $(test) diff --git a/cpp/test/IceDiscovery/simple/Makefile.mk b/cpp/test/IceDiscovery/simple/Makefile.mk index be9267180e2..4479418edd3 100644 --- a/cpp/test/IceDiscovery/simple/Makefile.mk +++ b/cpp/test/IceDiscovery/simple/Makefile.mk @@ -2,6 +2,6 @@ # Copyright (c) ZeroC, Inc. All rights reserved. # -$(test)_dependencies = IceDiscovery TestCommon IceSSL Ice +$(test)_dependencies = IceDiscovery TestCommon Ice tests += $(test) diff --git a/cpp/test/IceGrid/session/Makefile.mk b/cpp/test/IceGrid/session/Makefile.mk index a4c677e2046..c3f7650497a 100644 --- a/cpp/test/IceGrid/session/Makefile.mk +++ b/cpp/test/IceGrid/session/Makefile.mk @@ -6,7 +6,7 @@ $(test)_programs = client server verifier $(test)_client_dependencies = IceGrid Glacier2 -$(test)_server_dependencies = Glacier2 IceSSL +$(test)_server_dependencies = Glacier2 $(test)_verifier_sources = PermissionsVerifier.cpp $(test)_verifier_dependencies = Glacier2 diff --git a/cpp/test/IceGrid/session/PermissionsVerifier.cpp b/cpp/test/IceGrid/session/PermissionsVerifier.cpp index 66d51ea53a0..f3989c46d2d 100644 --- a/cpp/test/IceGrid/session/PermissionsVerifier.cpp +++ b/cpp/test/IceGrid/session/PermissionsVerifier.cpp @@ -4,7 +4,6 @@ #include "Glacier2/PermissionsVerifier.h" #include "Ice/Ice.h" -#include "IceSSL/Plugin.h" #include "TestHelper.h" using namespace std; diff --git a/cpp/test/IceGrid/session/Server.cpp b/cpp/test/IceGrid/session/Server.cpp index 16dbf6271f4..daab89e5cee 100644 --- a/cpp/test/IceGrid/session/Server.cpp +++ b/cpp/test/IceGrid/session/Server.cpp @@ -4,7 +4,7 @@ #include "Glacier2/PermissionsVerifier.h" #include "Ice/Ice.h" -#include "IceSSL/Plugin.h" +#include "IceSSL/Certificate.h" #include "TestHelper.h" using namespace std; diff --git a/cpp/test/IceGrid/simple/Makefile.mk b/cpp/test/IceGrid/simple/Makefile.mk index db608d9c2ad..bfb5b352efa 100644 --- a/cpp/test/IceGrid/simple/Makefile.mk +++ b/cpp/test/IceGrid/simple/Makefile.mk @@ -2,6 +2,6 @@ # Copyright (c) ZeroC, Inc. All rights reserved. # -$(test)_dependencies = IceLocatorDiscovery IceGrid Glacier2 TestCommon IceSSL Ice +$(test)_dependencies = IceLocatorDiscovery IceGrid Glacier2 TestCommon Ice tests += $(test) diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp index add46bbc98b..4ffeed64bda 100644 --- a/cpp/test/IceSSL/configuration/AllTests.cpp +++ b/cpp/test/IceSSL/configuration/AllTests.cpp @@ -3,7 +3,8 @@ // #include "Ice/Ice.h" -#include "IceSSL/IceSSL.h" +#include "IceSSL/Certificate.h" +#include "IceSSL/ConnectionInfo.h" #include "Test.h" #include "TestHelper.h" @@ -11,6 +12,7 @@ #include #include #include +#include #include "Ice/UniqueRef.h" @@ -29,17 +31,20 @@ # define ICE_USE_SECURE_TRANSPORT_MACOS 1 # endif #elif defined(_WIN32) -# if !defined(ICE_USE_OPENSSL) -# define ICE_USE_SCHANNEL 1 +# define ICE_USE_SCHANNEL 1 +// We need to include windows.h before wincrypt.h. +// clang-format off +# ifndef NOMINMAX +# define NOMINMAX # endif +# include +# include +// clang-format on + #else # define ICE_USE_OPENSSL 1 #endif -#if defined(_WIN32) && defined(ICE_USE_OPENSSL) -# include "IceSSL/OpenSSL.h" -#endif - using namespace std; using namespace Ice; @@ -275,12 +280,6 @@ static PropertiesPtr createClientProps(const Ice::PropertiesPtr& defaultProps, bool p12) { PropertiesPtr result = createProperties(); - // - // Don't set the plugin property, the client registered the plugin with registerIceSSL. - // -#if defined(_WIN32) && defined(ICE_USE_OPENSSL) - result->setProperty("Ice.Plugin.IceSSL", "IceSSLOpenSSL:createIceSSLOpenSSL"); -#endif result->setProperty("IceSSL.DefaultDir", defaultProps->getProperty("IceSSL.DefaultDir")); result->setProperty("Ice.Default.Host", defaultProps->getProperty("Ice.Default.Host")); if (!defaultProps->getProperty("Ice.IPv6").empty()) @@ -307,11 +306,6 @@ static Test::Properties createServerProps(const Ice::PropertiesPtr& defaultProps, bool p12) { Test::Properties result; -#if defined(_WIN32) && defined(ICE_USE_OPENSSL) - result["Ice.Plugin.IceSSL"] = "IceSSLOpenSSL:createIceSSLOpenSSL"; -#else - result["Ice.Plugin.IceSSL"] = "IceSSL:createIceSSL"; -#endif result["IceSSL.DefaultDir"] = defaultProps->getProperty("IceSSL.DefaultDir"); result["Ice.Default.Host"] = defaultProps->getProperty("Ice.Default.Host"); if (!defaultProps->getProperty("Ice.IPv6").empty()) @@ -444,23 +438,6 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) string sep = ":"; #endif -#ifdef ICE_USE_OPENSSL - int64_t openSSLVersion; - { - // - // Get the IceSSL engine name and version - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12); - CommunicatorPtr comm = initialize(initData); - auto plugin = dynamic_pointer_cast(comm->getPluginManager()->getPlugin("IceSSL")); - test(plugin); - openSSLVersion = plugin->getOpenSSLVersion(); - comm->destroy(); - } - const string anonCiphers = openSSLVersion >= 0x10100000L ? "ADH:@SECLEVEL=0" : "ADH"; -#endif - IceSSL::ConnectionInfoPtr info; cout << "testing certificate verification... " << flush; @@ -631,7 +608,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(info->certs.size() == 2); test(info->verified); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); test(Ice::targetEqualTo(caCert, info->certs[1])); test(Ice::targetEqualTo(serverCert, info->certs[0])); @@ -841,8 +818,8 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(info->verified); - test(getHost(info) == "localhost"); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->host == "localhost"); + test(info->errorCode == IceSSL::TrustError::NoError); fact->destroyServer(server); comm->destroy(); @@ -862,8 +839,8 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::HostNameMismatch); - test(getHost(info) == "localhost"); + test(info->errorCode == IceSSL::TrustError::HostNameMismatch); + test(info->host == "localhost"); fact->destroyServer(server); comm->destroy(); @@ -886,13 +863,13 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) if (isCatalinaOrGreater || isIOS13OrGreater) { test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::HostNameMismatch); + test(info->errorCode == IceSSL::TrustError::HostNameMismatch); } else { test(info->verified); } - test(getHost(info) == "localhost"); + test(info->host == "localhost"); fact->destroyServer(server); comm->destroy(); @@ -913,8 +890,8 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::HostNameMismatch); - test(getHost(info) == "localhost"); + test(info->errorCode == IceSSL::TrustError::HostNameMismatch); + test(info->host == "localhost"); fact->destroyServer(server); comm->destroy(); @@ -935,8 +912,8 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::HostNameMismatch); - test(getHost(info) == "localhost"); + test(info->errorCode == IceSSL::TrustError::HostNameMismatch); + test(info->host == "localhost"); fact->destroyServer(server); comm->destroy(); @@ -961,8 +938,8 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(info->verified); - test(getTrustError(info) == IceSSL::TrustError::NoError); - test(getHost(info) == "127.0.0.1"); + test(info->errorCode == IceSSL::TrustError::NoError); + test(info->host == "127.0.0.1"); fact->destroyServer(server); comm->destroy(); @@ -982,8 +959,8 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::HostNameMismatch); - test(getHost(info) == "127.0.0.1"); + test(info->errorCode == IceSSL::TrustError::HostNameMismatch); + test(info->host == "127.0.0.1"); fact->destroyServer(server); comm->destroy(); @@ -1008,8 +985,8 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::HostNameMismatch); - test(getHost(info) == "127.0.0.1"); + test(info->errorCode == IceSSL::TrustError::HostNameMismatch); + test(info->host == "127.0.0.1"); fact->destroyServer(server); comm->destroy(); } @@ -1194,7 +1171,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(info->certs.size() == 1); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::PartialChain); + test(info->errorCode == IceSSL::TrustError::PartialChain); } catch (const Ice::LocalException& ex) { @@ -1216,10 +1193,10 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); #ifdef ICE_USE_OPENSSL test(info->certs.size() == 2); // TODO: Fix OpenSSL - test(getTrustError(info) == IceSSL::TrustError::UntrustedRoot); + test(info->errorCode == IceSSL::TrustError::UntrustedRoot); #else test(info->certs.size() == 1); - test(getTrustError(info) == IceSSL::TrustError::PartialChain); + test(info->errorCode == IceSSL::TrustError::PartialChain); #endif test(!info->verified); } @@ -1246,10 +1223,10 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); #if defined(ICE_USE_SCHANNEL) test(info->certs.size() == 1); // SChannel never sends the root certificate - test(getTrustError(info) == IceSSL::TrustError::PartialChain); + test(info->errorCode == IceSSL::TrustError::PartialChain); #else test(info->certs.size() == 2); - test(getTrustError(info) == IceSSL::TrustError::UntrustedRoot); + test(info->errorCode == IceSSL::TrustError::UntrustedRoot); #endif test(!info->verified); } @@ -1282,7 +1259,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(info->certs.size() == 2); test(info->verified); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); } catch (const Ice::LocalException& ex) { @@ -1417,7 +1394,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::InvalidTime); + test(info->errorCode == IceSSL::TrustError::InvalidTime); fact->destroyServer(server); comm->destroy(); @@ -1543,242 +1520,6 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) cout << "ok" << endl; #endif - // TODO disabled for now - /* - cout << "testing ciphers... " << flush; - { - // - // With OpenSSL 1.1.1 the initialization will success because TLS 1.3 - // ciphersuites are still enabled. They are not affected by IceSSL.Ciphers - // properties - // - #if !(defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010100fL) - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1"); - initData.properties->setProperty("IceSSL.Ciphers", "UNKNOWN"); - try - { - initialize(initData); - test(false); - } - catch(const Ice::PluginInitializationException&) - { - } - #endif - } - #ifndef ICE_USE_SCHANNEL - { - // - // The server has a certificate but the client doesn't. They should - // negotiate to use ADH since we explicitly enable it. - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12); - # ifdef ICE_USE_OPENSSL - initData.properties->setProperty("IceSSL.Ciphers", anonCiphers); - # if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010100fL - // - // With OpenSSL 1.1 disable tls1.3 so that client and server negotiate - // an anon cipher - // - initData.properties->setProperty("IceSSL.Protocols", "tls1_2,tls1_1"); - # endif - # else - initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)"); - # endif - CommunicatorPtr comm = initialize(initData); - optional fact = Test::ServerFactoryPrx(comm, factoryRef); - test(fact); - Test::Properties d = createServerProps(defaultProps, p12, "s_rsa_ca1", "cacert1"); - # ifdef ICE_USE_OPENSSL - // - // With OpenSSL 1.1.0 we need to set SECLEVEL=0 to allow ADH ciphers - // - string cipherSub = "ADH-"; - d["IceSSL.Ciphers"] = "RSA:" + anonCiphers; - # else - string cipherSub = "DH_"; - d["IceSSL.Ciphers"] = "(RSA_*) (DH_anon*)"; - # endif - d["IceSSL.VerifyPeer"] = "1"; - optional server = fact->createServer(d); - try - { - server->checkCipher(cipherSub); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); - test(info->cipher.compare(0, cipherSub.size(), cipherSub) == 0); - } - catch(const LocalException& ex) - { - # ifndef ICE_USE_SECURE_TRANSPORT - // - // macOS 10.10 bug the handshake fails attempting client auth - // with anon cipher. - // - cerr << ex << endl; - test(false); - # endif - } - fact->destroyServer(server); - comm->destroy(); - } - - { - // - // This should fail because we disabled all anonymous ciphers and the server doesn't - // provide a certificate. - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12); - # ifdef ICE_USE_OPENSSL - initData.properties->setProperty("IceSSL.Ciphers", "ALL:!ADH"); - # else - initData.properties->setProperty("IceSSL.Ciphers", "ALL !(DH_anon*)"); - # endif - CommunicatorPtr comm = initialize(initData); - optional fact = Test::ServerFactoryPrx(comm, factoryRef); - test(fact); - Test::Properties d = createServerProps(defaultProps, p12); - d["IceSSL.VerifyPeer"] = "0"; - optional server = fact->createServer(d); - try - { - server->ice_ping(); - test(false); - } - catch(const ProtocolException&) - { - // Expected - } - catch(const ConnectionLostException&) - { - // Expected - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); - } - fact->destroyServer(server); - comm->destroy(); - } - # ifdef ICE_USE_SECURE_TRANSPORT - { - // - // This should fail because the client disabled all ciphers. - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1"); - initData.properties->setProperty("IceSSL.Ciphers", "NONE"); - try - { - CommunicatorPtr comm = initialize(initData); - test(false); - } - catch(const Ice::PluginInitializationException&) - { - //Expected when disabled all cipher suites. - } - catch(const Ice::LocalException& ex) - { - cerr << ex << endl; - test(false); - } - } - - { - // - // Test IceSSL.DHParams - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12); - initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)"); - CommunicatorPtr comm = initialize(initData); - optional fact = Test::ServerFactoryPrx(comm, factoryRef); - test(fact); - Test::Properties d = createServerProps(defaultProps, p12); - d["IceSSL.Ciphers"] = "(DH_anon*)"; - d["IceSSL.DHParams"] = "dh_params1024.der"; - d["IceSSL.VerifyPeer"] = "0"; - optional server = fact->createServer(d); - try - { - server->checkCipher("DH_anon"); - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); - } - fact->destroyServer(server); - comm->destroy(); - } - # endif - #else // SChannel ciphers - { - // - // Client and server should negotiate to use 3DES as it is enabled in both. - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1"); - initData.properties->setProperty("IceSSL.Ciphers", "3DES"); - - CommunicatorPtr comm = initialize(initData); - optional fact = Test::ServerFactoryPrx(comm, factoryRef); - test(fact); - - Test::Properties d = createServerProps(defaultProps, p12, "s_rsa_ca1", "cacert1"); - d["IceSSL.Ciphers"] = "3DES AES_256"; - - optional server = fact->createServer(d); - try - { - server->checkCipher("3DES"); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); - test(info->cipher.compare(0, 4, "3DES") == 0); - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); - } - fact->destroyServer(server); - comm->destroy(); - } - { - // - // Client and server doesn't enable a common cipher negotiate to use 3DES as it is enabled in both. - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1"); - initData.properties->setProperty("IceSSL.Ciphers", "3DES"); - - CommunicatorPtr comm = initialize(initData); - optional fact = Test::ServerFactoryPrx(comm, factoryRef); - test(fact); - - Test::Properties d = createServerProps(defaultProps, p12, "s_rsa_ca1", "cacert1"); - d["IceSSL.Ciphers"] = "AES_256"; - optional server = fact->createServer(d); - try - { - server->checkCipher("3DES"); - test(false); - } - catch(const Ice::ConnectionLostException&) - { - //expected - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); - } - fact->destroyServer(server); - comm->destroy(); - } - #endif - */ cout << "testing IceSSL.TrustOnly... " << flush; // // iOS support only provides access to the CN of the certificate so we @@ -2861,7 +2602,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); test(info->verified); fact->destroyServer(server); comm->destroy(); @@ -2883,7 +2624,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); test(info->verified); fact->destroyServer(server); comm->destroy(); @@ -2904,7 +2645,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) // Revoked certificate is accpeted because IceSSL.RevocationCheck=0 disable revocation checks server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); test(info->verified); fact->destroyServer(server); comm->destroy(); @@ -2926,7 +2667,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::Revoked); + test(info->errorCode == IceSSL::TrustError::Revoked); fact->destroyServer(server); comm->destroy(); @@ -2952,7 +2693,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::Revoked); + test(info->errorCode == IceSSL::TrustError::Revoked); fact->destroyServer(server); comm->destroy(); @@ -2976,7 +2717,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(info->verified); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); fact->destroyServer(server); comm->destroy(); @@ -3007,7 +2748,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); test(info->verified); fact->destroyServer(server); @@ -3045,7 +2786,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); test(info->verified); fact->destroyServer(server); comm->destroy(); @@ -3068,7 +2809,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::Revoked); + test(info->errorCode == IceSSL::TrustError::Revoked); fact->destroyServer(server); comm->destroy(); @@ -3091,7 +2832,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(info->verified); - test(getTrustError(info) == IceSSL::TrustError::NoError); + test(info->errorCode == IceSSL::TrustError::NoError); fact->destroyServer(server); comm->destroy(); # endif @@ -3113,7 +2854,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server->ice_ping(); info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); test(!info->verified); - test(getTrustError(info) == IceSSL::TrustError::RevocationStatusUnknown); + test(info->errorCode == IceSSL::TrustError::RevocationStatusUnknown); fact->destroyServer(server); comm->destroy(); @@ -3197,7 +2938,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) IceSSL::ConnectionInfoPtr sslInfo = dynamic_pointer_cast(wsinfo->underlying); test(sslInfo->verified); - test(getHost(sslInfo) == "zeroc.com"); + test(sslInfo->host == "zeroc.com"); break; } catch (const Ice::LocalException& ex) diff --git a/cpp/test/IceSSL/configuration/Client.cpp b/cpp/test/IceSSL/configuration/Client.cpp index 1404eced282..2aa8fec06ab 100644 --- a/cpp/test/IceSSL/configuration/Client.cpp +++ b/cpp/test/IceSSL/configuration/Client.cpp @@ -3,14 +3,9 @@ // #include "Ice/Ice.h" -#include "IceSSL/IceSSL.h" #include "Test.h" #include "TestHelper.h" -#if defined(ICE_USE_OPENSSL) -# include "IceSSL/OpenSSL.h" -#endif - #include using namespace std; diff --git a/cpp/test/IceSSL/configuration/Makefile.mk b/cpp/test/IceSSL/configuration/Makefile.mk index ff0cbf6490b..210c7ebfdef 100644 --- a/cpp/test/IceSSL/configuration/Makefile.mk +++ b/cpp/test/IceSSL/configuration/Makefile.mk @@ -2,7 +2,7 @@ # Copyright (c) ZeroC, Inc. All rights reserved. # -$(test)_dependencies = TestCommon IceSSL Ice +$(test)_dependencies = TestCommon Ice # # Disable var tracking assignments for Linux with this test @@ -11,7 +11,7 @@ ifneq ($(linux_id),) $(test)_cppflags += $(if $(filter yes,$(OPTIMIZE)),-fno-var-tracking-assignments) endif -# Need to load certificates with functions from src/IceSSL/Util.h +# Need to load certificates with functions from src/IceSSL/SSLUtil.h $(test)[iphoneos]_cppflags := -Isrc $(test)[iphonesimulator]_cppflags := -Isrc diff --git a/cpp/test/IceSSL/configuration/TestI.cpp b/cpp/test/IceSSL/configuration/TestI.cpp index 6919e3ecc8d..9e7bf9f066d 100644 --- a/cpp/test/IceSSL/configuration/TestI.cpp +++ b/cpp/test/IceSSL/configuration/TestI.cpp @@ -4,8 +4,8 @@ #include "TestI.h" #include "Ice/Ice.h" +#include "IceSSL/Certificate.h" #include "IceSSL/ConnectionInfo.h" -#include "IceSSL/Plugin.h" #include "TestHelper.h" using namespace std; diff --git a/cpp/test/ios/controller/C++ Test Controller.xcodeproj/project.pbxproj b/cpp/test/ios/controller/C++ Test Controller.xcodeproj/project.pbxproj index 23b1e3175d3..65d99def0a2 100644 --- a/cpp/test/ios/controller/C++ Test Controller.xcodeproj/project.pbxproj +++ b/cpp/test/ios/controller/C++ Test Controller.xcodeproj/project.pbxproj @@ -389,7 +389,6 @@ "-L../../Common/build/$(PLATFORM_NAME)/xcodesdk", "-lTestCommon", "-lIceDiscovery", - "-lIceSSL", "-lIce", "-lbz2", "-liconv", @@ -425,7 +424,6 @@ "-L../../Common/build/$(PLATFORM_NAME)/xcodesdk", "-lTestCommon", "-lIceDiscovery", - "-lIceSSL", "-lIce", "-lbz2", "-liconv", @@ -457,7 +455,6 @@ "-L../../Common/build/$(PLATFORM_NAME)/xcodesdk", "-lTestCommon", "-lIce", - "-lIceSSL", "-lIceDiscovery", "-lbz2", "-liconv", @@ -489,7 +486,6 @@ "-lTestCommon", "-lIce", "-lIceDiscovery", - "-lIceSSL", "-lbz2", "-liconv", ); diff --git a/matlab/Makefile b/matlab/Makefile index 01d21b4a39e..3de5a631f20 100644 --- a/matlab/Makefile +++ b/matlab/Makefile @@ -14,7 +14,7 @@ icetoolbox_file = toolbox/ice-$(version)-R$(matlab_version)-linux.mltbx # Load C++ dependencies # $(eval $(call load-translator-dependencies,$(top_srcdir)/cpp/src/slice2matlab)) -$(eval $(call load-dependencies,$(addprefix $(top_srcdir)/cpp/src/,Ice IceSSL IceLocatorDiscovery IceDiscovery))) +$(eval $(call load-dependencies,$(addprefix $(top_srcdir)/cpp/src/,Ice IceLocatorDiscovery IceDiscovery))) # # Load MATLAB rules after loading C++ dependencies @@ -108,7 +108,6 @@ $(icetoolbox_file):: $(icethunk_target) $(slice2matlab_path) $(lang_srcdir)/lib/ cp -rf $(lang_srcdir)/lib/generated/+* $(lang_srcdir)/toolbox/build cp -rf $(lang_srcdir)/lib/x86_64-linux-gnu/* $(lang_srcdir)/toolbox/build cp -rLf $(cpp_libdir)/libIce.so.38a0 $(lang_srcdir)/toolbox/build - cp -rLf $(cpp_libdir)/libIceSSL.so.38a0 $(lang_srcdir)/toolbox/build cp -rLf $(cpp_libdir)/libIceDiscovery.so.38a0 $(lang_srcdir)/toolbox/build cp -rLf $(cpp_libdir)/libIceLocatorDiscovery.so.38a0 $(lang_srcdir)/toolbox/build # Slice files diff --git a/matlab/msbuild/ice.proj b/matlab/msbuild/ice.proj index 076da5267cb..768c4f3a1f3 100644 --- a/matlab/msbuild/ice.proj +++ b/matlab/msbuild/ice.proj @@ -45,7 +45,7 @@ diff --git a/matlab/src/Connection.cpp b/matlab/src/Connection.cpp index 4ca4d0d83fb..1e6c74f923c 100644 --- a/matlab/src/Connection.cpp +++ b/matlab/src/Connection.cpp @@ -4,7 +4,7 @@ #include "Future.h" #include "Ice/Ice.h" -#include "IceSSL/IceSSL.h" +#include "IceSSL/ConnectionInfo.h" #include "Util.h" #include "ice.h" diff --git a/matlab/src/Endpoint.cpp b/matlab/src/Endpoint.cpp index 48a6ce9d8dc..2b1330be2f6 100644 --- a/matlab/src/Endpoint.cpp +++ b/matlab/src/Endpoint.cpp @@ -3,7 +3,7 @@ // #include "Ice/Ice.h" -#include "IceSSL/IceSSL.h" +#include "IceSSL/EndpointInfo.h" #include "Util.h" #include "ice.h" diff --git a/matlab/src/Makefile.mk b/matlab/src/Makefile.mk index f9337465b52..5a9a428b94f 100644 --- a/matlab/src/Makefile.mk +++ b/matlab/src/Makefile.mk @@ -14,9 +14,9 @@ IceMatlab_cppflags := -I$(project) \ IceMatlab_system_libs := $(matlab_ldflags) \ -L$(top_srcdir)/cpp/lib/x86_64-linux-gnu \ -Wl,-rpath=\$$ORIGIN \ - -lIce -lIceSSL -lIceDiscovery -lIceLocatorDiscovery + -lIce -lIceDiscovery -lIceLocatorDiscovery -IceMatlab_dependencies := IceDiscovery IceLocatorDiscovery IceSSL Ice +IceMatlab_dependencies := IceDiscovery IceLocatorDiscovery Ice projects += $(project) srcs:: $(project) diff --git a/matlab/src/Util.h b/matlab/src/Util.h index a9294585d45..a078be4415a 100644 --- a/matlab/src/Util.h +++ b/matlab/src/Util.h @@ -3,7 +3,7 @@ // #include "Ice/Ice.h" -#include "IceSSL/IceSSL.h" +#include "IceSSL/Certificate.h" #if defined(__GNUC__) # pragma GCC diagnostic ignored "-Wredundant-decls" diff --git a/matlab/src/msbuild/ice/ice.vcxproj b/matlab/src/msbuild/ice/ice.vcxproj index 26e984f24da..ee3a087ca9a 100644 --- a/matlab/src/msbuild/ice/ice.vcxproj +++ b/matlab/src/msbuild/ice/ice.vcxproj @@ -102,14 +102,12 @@ - - @@ -121,4 +119,4 @@ - \ No newline at end of file + diff --git a/matlab/test/Ice/proxy/AllTests.m b/matlab/test/Ice/proxy/AllTests.m index 60ee8820a3b..7c4ed9cf4d2 100644 --- a/matlab/test/Ice/proxy/AllTests.m +++ b/matlab/test/Ice/proxy/AllTests.m @@ -843,12 +843,7 @@ assert(strcmp(communicator.proxyToString(p2), 'test -t -e 1.1:tcp -h 127.0.0.1 -p 12010 -t 10000')); if communicator.getProperties().getPropertyAsInt('Ice.IPv6') == 0 - % Working? - ssl = strcmp(communicator.getProperties().getProperty('Ice.Default.Protocol'), 'ssl'); - tcp = strcmp(communicator.getProperties().getProperty('Ice.Default.Protocol'), 'tcp'); - if tcp - p1.ice_encodingVersion(Ice.EncodingVersion(1, 0)).ice_ping(); - end + p1.ice_encodingVersion(Ice.EncodingVersion(1, 0)).ice_ping(); % Two legal TCP endpoints expressed as opaque endpoints p1 = communicator.stringToProxy('test -e 1.0:opaque -t 1 -e 1.0 -v CTEyNy4wLjAuMeouAAAQJwAAAA==:opaque -t 1 -e 1.0 -v CTEyNy4wLjAuMusuAAAQJwAAAA=='); @@ -861,11 +856,7 @@ % p1 = communicator.stringToProxy('test -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch'); pstr = communicator.proxyToString(p1); - if ssl - assert(strcmp(pstr, 'test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch')); - elseif tcp - assert(strcmp(pstr, 'test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch')); - end + assert(strcmp(pstr, 'test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch')); % % Try to invoke on the SSL endpoint to verify that we get a @@ -876,13 +867,7 @@ p1.ice_encodingVersion(Ice.EncodingVersion(1, 0)).ice_ping(); assert(false); catch ex - if isa(ex, 'Ice.NoEndpointException') - assert(~ssl); - elseif isa(ex, 'Ice.ConnectFailedException') - assert(~tcp); - else - rethrow(ex); - end + assert(isa(ex, 'Ice.ConnectFailedException')); end % @@ -893,11 +878,7 @@ % p2 = derived.echo(p1); pstr = communicator.proxyToString(p2); - if ssl - assert(strcmp(pstr, 'test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch')); - elseif tcp - assert(strcmp(pstr, 'test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch')); - end + assert(strcmp(pstr, 'test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch')); end fprintf('ok\n'); diff --git a/php/Makefile b/php/Makefile index f713846bab1..11c75b0205d 100644 --- a/php/Makefile +++ b/php/Makefile @@ -11,7 +11,7 @@ include $(top_srcdir)/config/Make.rules # Load C++ dependencies # $(eval $(call load-translator-dependencies,$(top_srcdir)/cpp/src/slice2php)) -$(eval $(call load-dependencies,$(addprefix $(top_srcdir)/cpp/src/,Ice IceSSL IceDiscovery IceLocatorDiscovery))) +$(eval $(call load-dependencies,$(addprefix $(top_srcdir)/cpp/src/,Ice IceDiscovery IceLocatorDiscovery))) # # Load php rules after loading C++ dependencies diff --git a/php/src/Connection.cpp b/php/src/Connection.cpp index 26ea58d0c84..7883ddee72e 100644 --- a/php/src/Connection.cpp +++ b/php/src/Connection.cpp @@ -4,11 +4,10 @@ #include "Connection.h" #include "Endpoint.h" +#include "IceSSL/ConnectionInfo.h" #include "Types.h" #include "Util.h" -#include "IceSSL/IceSSL.h" - using namespace std; using namespace IcePHP; diff --git a/php/src/Endpoint.cpp b/php/src/Endpoint.cpp index e276fa5d48a..17d0dc5310a 100644 --- a/php/src/Endpoint.cpp +++ b/php/src/Endpoint.cpp @@ -3,9 +3,8 @@ // #include "Endpoint.h" -#include "Util.h" - #include "IceSSL/EndpointInfo.h" +#include "Util.h" using namespace std; using namespace IcePHP; diff --git a/php/src/Makefile.mk b/php/src/Makefile.mk index 7061e2a6f3d..9ad14359324 100644 --- a/php/src/Makefile.mk +++ b/php/src/Makefile.mk @@ -10,7 +10,7 @@ IcePHP_targetdir := lib IcePHP_installdir := $(install_phplibdir) IcePHP_cppflags := -I$(top_srcdir)/cpp/src $(ice_cpp_cppflags) $(php_cppflags) IcePHP_ldflags := $(php_ldflags) -IcePHP_dependencies := IceDiscovery IceLocatorDiscovery IceSSL Ice +IcePHP_dependencies := IceDiscovery IceLocatorDiscovery Ice IcePHP_extra_sources := $(wildcard $(top_srcdir)/cpp/src/Slice/*.cpp) \ $(top_srcdir)/cpp/src/slice2php/PHPUtil.cpp \ diff --git a/php/test/Ice/proxy/Client.php b/php/test/Ice/proxy/Client.php index 48b9a93ed57..df8a1e7e5c5 100644 --- a/php/test/Ice/proxy/Client.php +++ b/php/test/Ice/proxy/Client.php @@ -645,7 +645,6 @@ function allTests($helper) // Working? if($communicator->getProperties()->getPropertyAsInt("Ice.IPv6") == 0) { - $ssl = $communicator->getProperties()->getProperty("Ice.Default.Protocol") == "ssl"; $tcp = $communicator->getProperties()->getProperty("Ice.Default.Protocol") == "tcp"; // Two legal TCP endpoints expressed as opaque endpoints @@ -659,14 +658,7 @@ function allTests($helper) // $p1 = $communicator->stringToProxy("test -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch"); $pstr = $communicator->proxyToString($p1); - if($ssl) - { - test($pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch"); - } - elseif($tcp) - { - test($pstr == "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch"); - } + test($pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch"); // // Try to invoke on the SSL endpoint to verify that we get a @@ -678,20 +670,8 @@ function allTests($helper) $p1->ice_encodingVersion($Ice_Encoding_1_0)->ice_ping(); test(false); } - catch(Exception $ex) + catch(Ice\ConnectionRefusedException $ex) { - if($ex instanceof Ice\NoEndpointException) - { - test(!$ssl); - } - elseif($ex instanceof Ice\ConnectionRefusedException) - { - test(!$tcp); - } - else - { - throw $ex; - } } // @@ -702,14 +682,7 @@ function allTests($helper) // $p2 = $derived->_echo($p1); $pstr = $communicator->proxyToString($p2); - if($ssl) - { - test($pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch"); - } - elseif($tcp) - { - test($pstr == "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch"); - } + test($pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch"); } echo "ok\n"; diff --git a/python/Makefile b/python/Makefile index 5ba482da820..8f7cbf4dc7c 100644 --- a/python/Makefile +++ b/python/Makefile @@ -10,7 +10,7 @@ include $(top_srcdir)/config/Make.rules # # Load C++ dependencies # -$(eval $(call load-dependencies,$(addprefix $(top_srcdir)/cpp/src/,Ice IceSSL IceLocatorDiscovery IceDiscovery))) +$(eval $(call load-dependencies,$(addprefix $(top_srcdir)/cpp/src/,Ice IceLocatorDiscovery IceDiscovery))) # # Load python rules after loading C++ dependencies diff --git a/python/modules/IcePy/EndpointInfo.cpp b/python/modules/IcePy/EndpointInfo.cpp index 88225fd9213..3dcec083861 100644 --- a/python/modules/IcePy/EndpointInfo.cpp +++ b/python/modules/IcePy/EndpointInfo.cpp @@ -3,7 +3,7 @@ // #include "EndpointInfo.h" -#include "IceSSL/IceSSL.h" +#include "IceSSL/EndpointInfo.h" #include "Util.h" using namespace std; diff --git a/python/modules/IcePy/Makefile.mk b/python/modules/IcePy/Makefile.mk index b57c64539c9..c18a09816af 100644 --- a/python/modules/IcePy/Makefile.mk +++ b/python/modules/IcePy/Makefile.mk @@ -9,7 +9,7 @@ IcePy_targetname := IcePy IcePy_targetdir := $(lang_srcdir)/python IcePy_installdir := $(install_pythondir) IcePy_cppflags := $(ice_cpp_cppflags) -I$(top_srcdir)/cpp/src $(python_cppflags) -IcePy_dependencies := IceDiscovery IceLocatorDiscovery IceSSL Ice +IcePy_dependencies := IceDiscovery IceLocatorDiscovery Ice IcePy_libs := mcpp IcePy_extra_sources := $(wildcard $(top_srcdir)/cpp/src/Slice/*.cpp) \ $(top_srcdir)/cpp/src/slice2py/PythonUtil.cpp \ diff --git a/python/modules/IcePy/msbuild/icepy.vcxproj b/python/modules/IcePy/msbuild/icepy.vcxproj index 3dbf0d5b121..5277485bd26 100644 --- a/python/modules/IcePy/msbuild/icepy.vcxproj +++ b/python/modules/IcePy/msbuild/icepy.vcxproj @@ -195,7 +195,6 @@ - diff --git a/python/msbuild/ice.proj b/python/msbuild/ice.proj index 2955188a697..929013a8a31 100644 --- a/python/msbuild/ice.proj +++ b/python/msbuild/ice.proj @@ -15,7 +15,7 @@ - slice2py;icessl;icediscovery;icelocatordiscovery;glacier2router;glacier2cryptpermissionsverifier + slice2py;icediscovery;icelocatordiscovery;glacier2router;glacier2cryptpermissionsverifier diff --git a/python/test/Ice/proxy/AllTests.py b/python/test/Ice/proxy/AllTests.py index f608ae7971c..a7c9fb378a0 100644 --- a/python/test/Ice/proxy/AllTests.py +++ b/python/test/Ice/proxy/AllTests.py @@ -478,7 +478,7 @@ def allTests(helper, communicator, collocated): # Verify that ToStringMode is passed correctly # euroStr = "\u20ac" - ident = Ice.Identity("test", "\x7F{}".format(euroStr)) + ident = Ice.Identity("test", "\x7f{}".format(euroStr)) idStr = Ice.identityToString(ident, Ice.ToStringMode.Unicode) test(idStr == "\\u007f{}/test".format(euroStr)) @@ -1002,10 +1002,6 @@ def allTests(helper, communicator, collocated): ) if communicator.getProperties().getPropertyAsInt("Ice.IPv6") == 0: - # Working? - ssl = communicator.getProperties().getProperty("Ice.Default.Protocol") == "ssl" - tcp = communicator.getProperties().getProperty("Ice.Default.Protocol") == "tcp" - # Two legal TCP endpoints expressed as opaque endpoints p1 = communicator.stringToProxy( "test -e 1.0:opaque -t 1 -e 1.0 -v CTEyNy4wLjAuMeouAAAQJwAAAA==:opaque -t 1 -e 1.0 -v CTEyNy4wLjAuMusuAAAQJwAAAA==" @@ -1024,29 +1020,17 @@ def allTests(helper, communicator, collocated): "test -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch" ) pstr = communicator.proxyToString(p1) - if ssl: - test( - pstr - == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch" - ) - elif tcp: - test( - pstr - == "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch" - ) + test( + pstr + == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch" + ) - # - # Try to invoke on the SSL endpoint to verify that we get a - # NoEndpointException (or ConnectionRefusedException when - # running with SSL). - # + # Try to invoke on the SSL endpoint to verify that we get a ConnectionRefusedException. try: p1.ice_encodingVersion(Ice.Encoding_1_0).ice_ping() test(False) - except Ice.NoEndpointException: - test(not ssl) except Ice.ConnectFailedException: - test(not tcp) + pass # # Test that the proxy with an SSL endpoint and a nonsense @@ -1056,16 +1040,10 @@ def allTests(helper, communicator, collocated): # p2 = derived.echo(p1) pstr = communicator.proxyToString(p2) - if ssl: - test( - pstr - == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch" - ) - elif tcp: - test( - pstr - == "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch" - ) + test( + pstr + == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch" + ) print("ok") diff --git a/ruby/Makefile b/ruby/Makefile index a3e947be0d5..9e62d9e6647 100644 --- a/ruby/Makefile +++ b/ruby/Makefile @@ -10,7 +10,7 @@ include $(top_srcdir)/config/Make.rules # # Load C++ dependencies # -$(eval $(call load-dependencies,$(addprefix $(top_srcdir)/cpp/src/,Ice IceSSL IceLocatorDiscovery IceDiscovery))) +$(eval $(call load-dependencies,$(addprefix $(top_srcdir)/cpp/src/,Ice IceLocatorDiscovery IceDiscovery))) $(eval $(call load-translator-dependencies,$(top_srcdir)/cpp/src/slice2rb)) # diff --git a/ruby/src/IceRuby/Makefile.mk b/ruby/src/IceRuby/Makefile.mk index b84a3af4dc4..dbc5d3fcf2a 100644 --- a/ruby/src/IceRuby/Makefile.mk +++ b/ruby/src/IceRuby/Makefile.mk @@ -10,7 +10,7 @@ IceRuby_targetdir := $(lang_srcdir)/ruby IceRuby_installdir := $(install_rubylibdir) IceRuby_cppflags := $(ice_cpp_cppflags) -I$(top_srcdir)/cpp/src $(ruby_cppflags) IceRuby_system_libs := $(ruby_ldflags) -IceRuby_dependencies := IceDiscovery IceLocatorDiscovery IceSSL Ice +IceRuby_dependencies := IceDiscovery IceLocatorDiscovery Ice IceRuby_libs := mcpp IceRuby_extra_sources := $(wildcard $(top_srcdir)/cpp/src/Slice/*.cpp) \ $(top_srcdir)/cpp/src/slice2rb/RubyUtil.cpp \ diff --git a/ruby/test/Ice/proxy/AllTests.rb b/ruby/test/Ice/proxy/AllTests.rb index c54df1d0e78..40b98684e98 100644 --- a/ruby/test/Ice/proxy/AllTests.rb +++ b/ruby/test/Ice/proxy/AllTests.rb @@ -804,9 +804,6 @@ def allTests(helper, communicator) # Working? if communicator.getProperties().getPropertyAsInt("Ice.IPv6") == 0 - ssl = communicator.getProperties().getProperty("Ice.Default.Protocol") == "ssl" - tcp = communicator.getProperties().getProperty("Ice.Default.Protocol") == "tcp" - # Two legal TCP endpoints expressed as opaque endpoints p1 = communicator.stringToProxy("test -e 1.0:opaque -t 1 -e 1.0 -v CTEyNy4wLjAuMeouAAAQJwAAAA==:opaque -t 1 -e 1.0 -v CTEyNy4wLjAuMusuAAAQJwAAAA==") pstr = communicator.proxyToString(p1) @@ -818,11 +815,7 @@ def allTests(helper, communicator) # p1 = communicator.stringToProxy("test -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch") pstr = communicator.proxyToString(p1) - if ssl - test(pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch") - elsif tcp - test(pstr == "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch") - end + test(pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch") # # Try to invoke on the SSL endpoint to verify that we get a @@ -832,10 +825,7 @@ def allTests(helper, communicator) begin p1.ice_encodingVersion(Ice::Encoding_1_0).ice_ping() test(false) - rescue Ice::NoEndpointException - test(!ssl) rescue Ice::ConnectionRefusedException - test(!tcp) end # @@ -846,11 +836,7 @@ def allTests(helper, communicator) # p2 = derived.echo(p1) pstr = communicator.proxyToString(p2) - if ssl - test(pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch") - elsif tcp - test(pstr == "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch") - end + test(pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch") end puts "ok" diff --git a/scripts/Util.py b/scripts/Util.py index b551ec6f62c..fdb9ebf83c9 100644 --- a/scripts/Util.py +++ b/scripts/Util.py @@ -1287,7 +1287,7 @@ def getProps(self, process, current): def getSSLProps(self, process, current): sslProps = { - "Ice.Plugin.IceSSL": self.getPluginEntryPoint("IceSSL", process, current), + "Ice.Plugin.IceSSL": "", "IceSSL.Password": "password", "IceSSL.DefaultDir": "" if current.config.buildPlatform == "iphoneos" @@ -3902,7 +3902,6 @@ def getActivityName(self): class CSharpMapping(Mapping): - def getTargetFramework(self, current): return "net8.0" diff --git a/swift/Rakefile b/swift/Rakefile index a726af3445e..b81125490d5 100644 --- a/swift/Rakefile +++ b/swift/Rakefile @@ -143,7 +143,7 @@ def create_platform_targets(project, platform, bindist) unless bindist # - # Ice for C++11 static libraries + # Ice for C++ static libraries # cpp_components = ["Ice", "IceDiscovery", "IceLocatorDiscovery"] cpp_source_dirs = { "Ice" => ["IceUtil", "Ice", "IceSSL"] } @@ -166,7 +166,7 @@ def create_platform_targets(project, platform, bindist) ice_cpp_target = nil cpp_components.each do | component | - target = project.new_target(:static_library, "#{component} C++11 #{platform_name}", platform) + target = project.new_target(:static_library, "#{component} C++ #{platform_name}", platform) cpp_targets << target group = project_group(project, "slice/#{component}") diff --git a/swift/src/IceImpl/Config.h b/swift/src/IceImpl/Config.h index 956917b4998..493414a760a 100644 --- a/swift/src/IceImpl/Config.h +++ b/swift/src/IceImpl/Config.h @@ -11,7 +11,9 @@ #ifdef __cplusplus # include "Ice/Ice.h" -# include "IceSSL/IceSSL.h" +# include "IceSSL/Certificate.h" +# include "IceSSL/ConnectionInfo.h" +# include "IceSSL/EndpointInfo.h" # if TARGET_OS_IPHONE # include "IceIAP/IceIAP.h" diff --git a/swift/src/IceImpl/IceUtil.mm b/swift/src/IceImpl/IceUtil.mm index 7a8ed088f5f..da736623bb8 100644 --- a/swift/src/IceImpl/IceUtil.mm +++ b/swift/src/IceImpl/IceUtil.mm @@ -23,7 +23,6 @@ // Register plug-ins included in the Ice framework (a single binary file) // See also RegisterPluginsInit.cpp in cpp/src/Ice // - Ice::registerIceSSL(false); Ice::registerIceDiscovery(false); Ice::registerIceLocatorDiscovery(false); #if defined(__APPLE__) && TARGET_OS_IPHONE != 0 diff --git a/swift/test/Ice/proxy/AllTests.swift b/swift/test/Ice/proxy/AllTests.swift index 683c48eb55e..0231c69d5b7 100644 --- a/swift/test/Ice/proxy/AllTests.swift +++ b/swift/test/Ice/proxy/AllTests.swift @@ -869,10 +869,6 @@ public func allTests(_ helper: TestHelper) throws -> MyClassPrx { try test(communicator.proxyToString(p2) == "test -t -e 1.1:tcp -h 127.0.0.1 -p 12010 -t 10000") if communicator.getProperties().getPropertyAsInt("Ice.IPv6") == 0 { - // Working? - let ssl = communicator.getProperties().getProperty("Ice.Default.Protocol") == "ssl" - let tcp = communicator.getProperties().getProperty("Ice.Default.Protocol") == "tcp" - // Two legal TCP endpoints expressed as opaque endpoints p1 = try communicator.stringToProxy( "test -e 1.0:" + "opaque -e 1.0 -t 1 -v CTEyNy4wLjAuMeouAAAQJwAAAA==:" @@ -887,15 +883,9 @@ public func allTests(_ helper: TestHelper) throws -> MyClassPrx { "test -e 1.0:" + "opaque -e 1.0 -t 2 -v CTEyNy4wLjAuMREnAAD/////AA==:" + "opaque -e 1.0 -t 99 -v abch")! pstr = communicator.proxyToString(p1) - if ssl { - try test( - pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch") - } else if tcp { - try test( - pstr - == "test -t -e 1.0:opaque -t 2 -e 1.0 -v CTEyNy4wLjAuMREnAAD/////AA==:opaque -t 99 -e 1.0 -v abch" - ) - } + try test( + pstr == "test -t -e 1.0:ssl -h 127.0.0.1 -p 10001 -t infinite:opaque -t 99 -e 1.0 -v abch" + ) } writer.writeLine("ok") diff --git a/swift/test/IceSSL/configuration/AllTests.swift b/swift/test/IceSSL/configuration/AllTests.swift index d73b76ce345..93c47801854 100644 --- a/swift/test/IceSSL/configuration/AllTests.swift +++ b/swift/test/IceSSL/configuration/AllTests.swift @@ -104,22 +104,6 @@ public func allTests(_ helper: TestHelper, _ defaultDir: String) throws -> SSLSe let os = ProcessInfo().operatingSystemVersion let isCatalinaOrGreater = (os.majorVersion, os.minorVersion) >= (10, 15) - output.write("testing manual initialization... ") - do { - let properties = createClientProps(defaultProperties) - properties.setProperty(key: "Ice.InitPlugins", value: "0") - let comm = try helper.initialize(properties) - let p = try comm.stringToProxy("dummy:ssl -p 9999")! - do { - try p.ice_ping() - try test(false) - } catch is PluginInitializationException { - // Expected. - } - comm.destroy() - } - output.writeLine("ok") - output.write("testing certificate verification... ") do { // @@ -467,59 +451,6 @@ public func allTests(_ helper: TestHelper, _ defaultDir: String) throws -> SSLSe comm.destroy() output.writeLine("ok") - output.write("testing ciphers... ") - - properties = createClientProps( - defaultProperties: defaultProperties, cert: "c_rsa_ca1", ca: "cacert1") - properties.setProperty(key: "IceSSL.Ciphers", value: "UNKNOWN") - do { - _ = try helper.initialize(properties) - try test(false) - } catch is Ice.PluginInitializationException { - // Expected - } - - // - // The server has a certificate but the client doesn't. They should - // negotiate to use ADH since we explicitly enable it. - // - properties = createClientProps(defaultProperties) - properties.setProperty(key: "IceSSL.Ciphers", value: "(DH_anon*)") - comm = try helper.initialize(properties) - fact = try checkedCast(prx: comm.stringToProxy(factoryRef)!, type: SSLServerFactoryPrx.self)! - d = createServerProps(defaultProperties: defaultProperties, cert: "s_rsa_ca1", ca: "cacert1") - let cipherSub = "DH_anon" - d["IceSSL.Ciphers"] = "(RSA_*) (DH_anon*)" - d["IceSSL.VerifyPeer"] = "1" - server = try fact.createServer(d)! - - do { - try server.checkCipher(cipherSub) - let info = try server.ice_getConnection()!.getInfo() as! SSLConnectionInfo - try test(info.cipher.starts(with: cipherSub)) - } catch is LocalException { - // - // macOS 10.10 bug the handshake fails attempting client auth - // with anon cipher. - // - } - try fact.destroyServer(server) - comm.destroy() - - // - // This should fail because the client disabled all ciphers. - // - properties = createClientProps( - defaultProperties: defaultProperties, cert: "c_rsa_ca1", ca: "cacert1") - properties.setProperty(key: "IceSSL.Ciphers", value: "NONE") - do { - comm = try helper.initialize(properties) - try test(false) - } catch is Ice.PluginInitializationException { - // Expected when disabled all cipher suites. - } - output.writeLine("ok") - output.write("testing IceSSL.TrustOnly... ") // // iOS support only provides access to the CN of the certificate so we