diff --git a/cpp/config/Make.xcodesdk.rules b/cpp/config/Make.xcodesdk.rules index 985329ac828..170d28c2e29 100644 --- a/cpp/config/Make.xcodesdk.rules +++ b/cpp/config/Make.xcodesdk.rules @@ -67,6 +67,14 @@ $$(eval $$(call install-data-files,$$(wildcard include/IceUtil/*.h),include,\ $(install_sdkdir)/$3.sdk/usr/include,$5_install)) endif +ifneq ($$(and $(filter Ice,$2),$(filter-out $(sdk_includedirs),$3-Ice/SSL)),) +sdk_includedirs += $3-Ice/SSL +$$(eval $$(call install-data-files,$$(wildcard include/Ice/SSL/*.h),include,\ + $(top_srcdir)/sdk/$3.sdk/usr/include,$5)) +$$(eval $$(call install-data-files,$$(wildcard include/Ice/SSL/*.h),include,\ + $(install_sdkdir)/$3.sdk/usr/include,$5_install)) +endif + $5_clean:: $(Q)$(RM) -r $(top_srcdir)/sdk/$3.sdk/usr/include/$2 diff --git a/cpp/include/Ice/Communicator.h b/cpp/include/Ice/Communicator.h index e99603e9816..f0f088f96f6 100644 --- a/cpp/include/Ice/Communicator.h +++ b/cpp/include/Ice/Communicator.h @@ -15,7 +15,7 @@ #include "Plugin.h" #include "Properties.h" #include "Proxy.h" -#include "ServerAuthenticationOptions.h" +#include "SSL/ServerAuthenticationOptions.h" #ifdef ICE_SWIFT # include diff --git a/cpp/include/Ice/Ice.h b/cpp/include/Ice/Ice.h index f677c6afa4b..356e18ee1f3 100644 --- a/cpp/include/Ice/Ice.h +++ b/cpp/include/Ice/Ice.h @@ -19,8 +19,6 @@ // We don't need to see the following headers when building the generated code. -# include "Certificate.h" -# include "ClientAuthenticationOptions.h" # include "Communicator.h" # include "Connection.h" # include "IconvStringConverter.h" @@ -36,10 +34,12 @@ # include "Properties.h" # include "ProxyFunctions.h" # include "RegisterPlugins.h" -# include "SSLConnectionInfo.h" -# include "SSLEndpointInfo.h" +# include "SSL/Certificate.h" +# include "SSL/ClientAuthenticationOptions.h" +# include "SSL/ConnectionInfo.h" +# include "SSL/EndpointInfo.h" +# include "SSL/ServerAuthenticationOptions.h" # include "ServantLocator.h" -# include "ServerAuthenticationOptions.h" # include "SlicedData.h" # include "StringConverter.h" # include "UUID.h" diff --git a/cpp/include/Ice/Initialize.h b/cpp/include/Ice/Initialize.h index a093725680d..b18641d3f40 100644 --- a/cpp/include/Ice/Initialize.h +++ b/cpp/include/Ice/Initialize.h @@ -6,7 +6,6 @@ #define ICE_INITIALIZE_H #include "BatchRequest.h" -#include "ClientAuthenticationOptions.h" #include "CommunicatorF.h" #include "Connection.h" #include "Ice/BuiltinSequences.h" @@ -16,6 +15,7 @@ #include "Logger.h" #include "Plugin.h" #include "PropertiesF.h" +#include "SSL/ClientAuthenticationOptions.h" #include "ValueFactory.h" namespace Ice diff --git a/cpp/include/Ice/Certificate.h b/cpp/include/Ice/SSL/Certificate.h similarity index 98% rename from cpp/include/Ice/Certificate.h rename to cpp/include/Ice/SSL/Certificate.h index d897bd9d95a..3b287ec8295 100644 --- a/cpp/include/Ice/Certificate.h +++ b/cpp/include/Ice/SSL/Certificate.h @@ -2,13 +2,12 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICE_CERTIFICATE_H -#define ICE_CERTIFICATE_H +#ifndef ICE_SSL_CERTIFICATE_H +#define ICE_SSL_CERTIFICATE_H -#include "Config.h" -#include "Exception.h" -#include "Plugin.h" -#include "SSLConnectionInfoF.h" +#include "../Config.h" +#include "../Exception.h" +#include "ConnectionInfoF.h" #include #include @@ -16,7 +15,7 @@ #include #include -namespace IceSSL +namespace Ice::SSL { /** * The key usage "digitalSignature" bit is set diff --git a/cpp/include/Ice/ClientAuthenticationOptions.h b/cpp/include/Ice/SSL/ClientAuthenticationOptions.h similarity index 94% rename from cpp/include/Ice/ClientAuthenticationOptions.h rename to cpp/include/Ice/SSL/ClientAuthenticationOptions.h index 2c703ce0943..c1780d1bb65 100644 --- a/cpp/include/Ice/ClientAuthenticationOptions.h +++ b/cpp/include/Ice/SSL/ClientAuthenticationOptions.h @@ -5,8 +5,8 @@ #ifndef ICE_SSL_CLIENT_AUTHENTICATION_OPTIONS_H #define ICE_SSL_CLIENT_AUTHENTICATION_OPTIONS_H -#include "SSLConfig.h" -#include "SSLConnectionInfo.h" +#include "Config.h" +#include "ConnectionInfo.h" #include @@ -132,7 +132,7 @@ namespace Ice::SSL * ... * .clientAuthenticationOptions = ClientAuthenticationOptions{ * .serverCertificateValidationCallback = - * [](SecTrustRef trust, const IceSSL::ConnectionInfoPtr& info) + * [](SecTrustRef trust, const ConnectionInfoPtr& info) * { * ... * return SecTrustEvaluateWithError(trust, nullptr); @@ -144,7 +144,7 @@ namespace Ice::SSL * @param context A CtxtHandle representing the security context associated with the current connection. This * context contains security data relevant for validation, such as the client's certificate chain and cipher * suite. - * @param info The IceSSL::ConnectionInfoPtr object that provides additional connection-related data which might + * @param info The ConnectionInfoPtr object that provides additional connection-related data which might * be relevant for contextual certificate validation. * @return true if the certificate chain is valid and the connection should proceed; false if the certificate * chain is invalid and the connection should be aborted. @@ -153,8 +153,7 @@ namespace Ice::SSL * [See * SecTrustEvaluateWithError](https://developer.apple.com/documentation/security/2980705-sectrustevaluatewitherror?language=objc) */ - std::function - serverCertificateValidationCallback; + std::function serverCertificateValidationCallback; }; // Alias for portable code using ClientAuthenticationOptions = SchannelClientAuthenticationOptions; @@ -280,7 +279,7 @@ namespace Ice::SSL * ... * .clientAuthenticationOptions = ClientAuthenticationOptions{ * .serverCertificateValidationCallback = - * [](SecTrustRef trust, const IceSSL::ConnectionInfoPtr& info) + * [](SecTrustRef trust, const ConnectionInfoPtr& info) * { * ... * return SecTrustEvaluateWithError(trust, nullptr); @@ -290,7 +289,7 @@ namespace Ice::SSL * ``` * * @param trust The trust object that contains the server's certificate chain. - * @param info The IceSSL::ConnectionInfoPtr object that provides additional connection-related data which might + * @param info The ConnectionInfoPtr object that provides additional connection-related data which might * be relevant for contextual certificate validation. * @return true if the certificate chain is valid and the connection should proceed; false if the certificate * chain is invalid and the connection should be aborted. @@ -299,8 +298,7 @@ namespace Ice::SSL * [See * SecTrustEvaluateWithError](https://developer.apple.com/documentation/security/2980705-sectrustevaluatewitherror?language=objc) */ - std::function - serverCertificateValidationCallback; + std::function serverCertificateValidationCallback; }; // Alias for portable code using ClientAuthenticationOptions = SecureTransportClientAuthenticationOptions; @@ -327,14 +325,14 @@ namespace Ice::SSL * @param host The target host name. * @return A pointer to a SSL_CTX objet representing the SSL configuration for the new outgoing connection. * - * Example of setting clientSslContextSelectionCallback: + * Example of setting clientSSLContextSelectionCallback: * ```cpp * SSL_CTX* _sslContext = SSL_CTX_new(TLS_method()); * ... * auto initData = Ice::InitializationData { * ... * .clientAuthenticationOptions = ClientAuthenticationOptions { - * .clientSslContextSelectionCallback = [this](const std::string&) { + * .clientSSLContextSelectionCallback = [this](const std::string&) { * // Ensure the SSL context remains valid for the lifetime of the connection. * SSL_CTX_up_ref(_sslContext); * return _sslContext; @@ -350,7 +348,7 @@ namespace Ice::SSL * @see Detailed OpenSSL documentation on SSL_CTX management: * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_new.html */ - std::function clientSslContextSelectionCallback; + std::function clientSSLContextSelectionCallback; /** * A callback that is invoked before initiating a new SSL handshake. This callback provides an opportunity to @@ -387,7 +385,7 @@ namespace Ice::SSL * @param verified A boolean indicating whether the preliminary certificate verification done by OpenSSL's * built-in mechanisms succeeded or failed. True if the preliminary checks passed, false otherwise. * @param ctx A pointer to an X509_STORE_CTX object, which contains the certificate chain to be verified. - * @param info The IceSSL::ConnectionInfoPtr object that provides additional connection-related data + * @param info The ConnectionInfoPtr object that provides additional connection-related data * which might be relevant for contextual certificate validation. * @return true if the certificate chain is valid and the connection should proceed; false if the certificate * chain is invalid and the connection should be aborted. @@ -399,7 +397,7 @@ namespace Ice::SSL * ... * .clientAuthenticationOptions = ClientAuthenticationOptions { * .serverCertificateValidationCallback = - * [this](bool verified, X509_STORE_CTX* ctx, const IceSSL::ConnectionInfoPtr& info) { + * [this](bool verified, X509_STORE_CTX* ctx, const ConnectionInfoPtr& info) { * ... * return verified; * } @@ -413,7 +411,7 @@ namespace Ice::SSL * @see More about X509_STORE_CTX management: * https://www.openssl.org/docs/manmaster/man3/X509_STORE_CTX_new.html */ - std::function + std::function serverCertificateValidationCallback; }; // Alias for portable code diff --git a/cpp/include/Ice/SSLConfig.h b/cpp/include/Ice/SSL/Config.h similarity index 100% rename from cpp/include/Ice/SSLConfig.h rename to cpp/include/Ice/SSL/Config.h diff --git a/cpp/include/Ice/SSLConnectionInfo.h b/cpp/include/Ice/SSL/ConnectionInfo.h similarity index 97% rename from cpp/include/Ice/SSLConnectionInfo.h rename to cpp/include/Ice/SSL/ConnectionInfo.h index 79d109be62a..a55970d0206 100644 --- a/cpp/include/Ice/SSLConnectionInfo.h +++ b/cpp/include/Ice/SSL/ConnectionInfo.h @@ -6,8 +6,8 @@ #define ICE_SSL_CONNECTION_INFO_H #include "Certificate.h" +#include "ConnectionInfoF.h" #include "Ice/Connection.h" -#include "SSLConnectionInfoF.h" #if defined(__clang__) # pragma clang diagnostic push @@ -17,7 +17,7 @@ # pragma GCC diagnostic ignored "-Wshadow" #endif -namespace IceSSL +namespace Ice::SSL { /** * Provides access to the connection details of an SSL connection. diff --git a/cpp/include/Ice/SSLConnectionInfoF.h b/cpp/include/Ice/SSL/ConnectionInfoF.h similarity index 92% rename from cpp/include/Ice/SSLConnectionInfoF.h rename to cpp/include/Ice/SSL/ConnectionInfoF.h index 95ae9d48fdc..29137290bfb 100644 --- a/cpp/include/Ice/SSLConnectionInfoF.h +++ b/cpp/include/Ice/SSL/ConnectionInfoF.h @@ -7,7 +7,7 @@ #include -namespace IceSSL +namespace Ice::SSL { class ConnectionInfo; using ConnectionInfoPtr = std::shared_ptr; diff --git a/cpp/include/Ice/SSLEndpointInfo.h b/cpp/include/Ice/SSL/EndpointInfo.h similarity index 97% rename from cpp/include/Ice/SSLEndpointInfo.h rename to cpp/include/Ice/SSL/EndpointInfo.h index 7095d297d7f..107f34a250a 100644 --- a/cpp/include/Ice/SSLEndpointInfo.h +++ b/cpp/include/Ice/SSL/EndpointInfo.h @@ -5,7 +5,7 @@ #ifndef ICE_SSL_ENDPOINT_INFO_H #define ICE_SSL_ENDPOINT_INFO_H -#include "Endpoint.h" +#include "../Endpoint.h" #if defined(__clang__) # pragma clang diagnostic push @@ -15,7 +15,7 @@ # pragma GCC diagnostic ignored "-Wshadow" #endif -namespace IceSSL +namespace Ice::SSL { /** * Provides access to an SSL endpoint information. diff --git a/cpp/include/Ice/OpenSSL.h b/cpp/include/Ice/SSL/OpenSSL.h similarity index 91% rename from cpp/include/Ice/OpenSSL.h rename to cpp/include/Ice/SSL/OpenSSL.h index 38f84105a81..180b066d6e2 100644 --- a/cpp/include/Ice/OpenSSL.h +++ b/cpp/include/Ice/SSL/OpenSSL.h @@ -2,15 +2,15 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICE_OPENSSL_H -#define ICE_OPENSSL_H +#ifndef ICE_SSL_OPENSSL_H +#define ICE_SSL_OPENSSL_H #include "Certificate.h" #include #include -namespace IceSSL::OpenSSL +namespace Ice::SSL::OpenSSL { class Certificate; using CertificatePtr = std::shared_ptr; @@ -18,7 +18,7 @@ namespace IceSSL::OpenSSL /** * Encapsulates an OpenSSL X.509 certificate. */ - class ICE_API Certificate : public virtual IceSSL::Certificate + class ICE_API Certificate : public virtual Ice::SSL::Certificate { public: /** diff --git a/cpp/include/Ice/SChannel.h b/cpp/include/Ice/SSL/Schannel.h similarity index 83% rename from cpp/include/Ice/SChannel.h rename to cpp/include/Ice/SSL/Schannel.h index ecc3a9b1821..8759e170ef7 100644 --- a/cpp/include/Ice/SChannel.h +++ b/cpp/include/Ice/SSL/Schannel.h @@ -2,21 +2,14 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICE_SCHANNEL_H -#define ICE_SCHANNEL_H +#ifndef ICE_SSL_SCHANNEL_H +#define ICE_SSL_SCHANNEL_H #ifdef _WIN32 # include "Certificate.h" -// We need to include windows.h before wincrypt.h. -// clang-format off -# ifndef NOMINMAX -# define NOMINMAX -# endif -# include -# include -// clang-format on +# include "Config.h" -namespace IceSSL::SChannel +namespace Ice::SSL::Schannel { class Certificate; using CertificatePtr = std::shared_ptr; @@ -24,7 +17,7 @@ namespace IceSSL::SChannel /** * This convenience class is a wrapper around a native certificate. */ - class ICE_API Certificate : public virtual IceSSL::Certificate + class ICE_API Certificate : public virtual Ice::SSL::Certificate { public: /** diff --git a/cpp/include/Ice/SecureTransport.h b/cpp/include/Ice/SSL/SecureTransport.h similarity index 89% rename from cpp/include/Ice/SecureTransport.h rename to cpp/include/Ice/SSL/SecureTransport.h index cc528f71fdb..c9f5677495f 100644 --- a/cpp/include/Ice/SecureTransport.h +++ b/cpp/include/Ice/SSL/SecureTransport.h @@ -2,15 +2,15 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICE_SECURE_TRANSPORT_H -#define ICE_SECURE_TRANSPORT_H +#ifndef ICE_SSL_SECURE_TRANSPORT_H +#define ICE_SSL_SECURE_TRANSPORT_H #ifdef __APPLE__ # include "Certificate.h" -# include +# include "Config.h" -namespace IceSSL::SecureTransport +namespace Ice::SSL::SecureTransport { class Certificate; using CertificatePtr = std::shared_ptr; @@ -18,7 +18,7 @@ namespace IceSSL::SecureTransport /** * This convenience class is a wrapper around a native certificate. */ - class ICE_API Certificate : public virtual IceSSL::Certificate + class ICE_API Certificate : public virtual Ice::SSL::Certificate { public: /** diff --git a/cpp/include/Ice/ServerAuthenticationOptions.h b/cpp/include/Ice/SSL/ServerAuthenticationOptions.h similarity index 95% rename from cpp/include/Ice/ServerAuthenticationOptions.h rename to cpp/include/Ice/SSL/ServerAuthenticationOptions.h index 21235d63cae..1f66f920f8f 100644 --- a/cpp/include/Ice/ServerAuthenticationOptions.h +++ b/cpp/include/Ice/SSL/ServerAuthenticationOptions.h @@ -5,8 +5,8 @@ #ifndef ICE_SSL_SERVER_AUTHENTICATION_OPTIONS_H #define ICE_SSL_SERVER_AUTHENTICATION_OPTIONS_H -#include "SSLConfig.h" -#include "SSLConnectionInfo.h" +#include "Config.h" +#include "ConnectionInfo.h" #include @@ -139,7 +139,7 @@ namespace Ice::SSL * "ssl -h 127.0.0.1 -p 10000", * ServerAuthenticationOptions { * .clientCertificateValidationCallback = - * [](CtxtHandle context, const IceSSL::ConnectionInfoPtr& info) { + * [](CtxtHandle context, const ConnectionInfoPtr& info) { * ... * } * }); @@ -148,7 +148,7 @@ namespace Ice::SSL * @param context A CtxtHandle representing the security context associated with the current connection. This * context contains security data relevant for validation, such as the client's certificate chain and cipher * suite. - * @param info The IceSSL::ConnectionInfoPtr object that provides additional connection-related data which might + * @param info The ConnectionInfoPtr object that provides additional connection-related data which might * be relevant for contextual certificate validation. * @return true if the certificate chain is valid and the connection should proceed; false if the certificate * chain is invalid and the connection should be aborted. @@ -157,8 +157,7 @@ namespace Ice::SSL * [See * SecTrustEvaluateWithError](https://developer.apple.com/documentation/security/2980705-sectrustevaluatewitherror?language=objc) */ - std::function - clientCertificateValidationCallback; + std::function clientCertificateValidationCallback; }; // Alias for portable code using ServerAuthenticationOptions = SchannelServerAuthenticationOptions; @@ -291,7 +290,7 @@ namespace Ice::SSL * // Require client certificate * .clientCertificateRequired = kAlwaysAuthenticate, * .clientCertificateValidationCallback = - * [](SecTrustRef trust, const IceSSL::ConnectionInfoPtr& info) { + * [](SecTrustRef trust, const ConnectionInfoPtr& info) { * ... * return SecTrustEvaluateWithError(trust, nullptr); * } @@ -299,7 +298,7 @@ namespace Ice::SSL * ``` * * @param trust The trust object that contains the client's certificate chain. - * @param info The IceSSL::ConnectionInfoPtr object that provides additional connection-related data which might + * @param info The ConnectionInfoPtr object that provides additional connection-related data which might * be relevant for contextual certificate validation. * @return true if the certificate chain is valid and the connection should proceed; false if the certificate * chain is invalid and the connection should be aborted. @@ -308,8 +307,7 @@ namespace Ice::SSL * [See * SecTrustEvaluateWithError](https://developer.apple.com/documentation/security/2980705-sectrustevaluatewitherror?language=objc) */ - std::function - clientCertificateValidationCallback; + std::function clientCertificateValidationCallback; }; // Alias for portable code using ServerAuthenticationOptions = SecureTransportServerAuthenticationOptions; @@ -337,7 +335,7 @@ namespace Ice::SSL * @param adapterName The name of the object adapter that accepted the connection. * @return A pointer to a SSL_CTX objet representing the SSL configuration for the new incoming connection. * - * Example of setting serverSslContextSelectionCallback: + * Example of setting serverSSLContextSelectionCallback: * ```cpp * SSL_CTX* _sslContext = SSL_CTX_new(TLS_method()); * ... @@ -345,7 +343,7 @@ namespace Ice::SSL * "Hello", * "ssl -h 127.0.0.1 -p 10000", * ServerAuthenticationOptions { - * .serverSslContextSelectionCallback = [this](const std::string&) { + * .serverSSLContextSelectionCallback = [this](const std::string&) { * // Ensure the SSL context remains valid for the lifetime of the connection. * SSL_CTX_up_ref(_sslContext); * return _sslContext; @@ -359,7 +357,7 @@ namespace Ice::SSL * @see Detailed OpenSSL documentation on SSL_CTX management: * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_new.html */ - std::function serverSslContextSelectionCallback; + std::function serverSSLContextSelectionCallback; /** * A callback that is invoked before initiating a new SSL handshake. This callback provides an opportunity to @@ -395,7 +393,7 @@ namespace Ice::SSL * @param verified A boolean indicating whether the preliminary certificate verification done by OpenSSL's * built-in mechanisms succeeded or failed. True if the preliminary checks passed, false otherwise. * @param ctx A pointer to an X509_STORE_CTX object, which contains the certificate chain to be verified. - * @param info The IceSSL::ConnectionInfoPtr object that provides additional connection-related data + * @param info The ConnectionInfoPtr object that provides additional connection-related data * which might be relevant for contextual certificate validation. * @return true if the certificate chain is valid and the connection should proceed; false if the certificate * chain is invalid and the connection should be aborted. @@ -408,7 +406,7 @@ namespace Ice::SSL * "ssl -h 127.0.0.1 -p 10000", * ServerAuthenticationOptions { * .clientCertificateValidationCallback = - * [this](bool verified, X509_STORE_CTX* ctx, const IceSSL::ConnectionInfoPtr& info) { + * [this](bool verified, X509_STORE_CTX* ctx, const ConnectionInfoPtr& info) { * ... * return verified; * } @@ -421,7 +419,7 @@ namespace Ice::SSL * @see More about X509_STORE_CTX management: * https://www.openssl.org/docs/manmaster/man3/X509_STORE_CTX_new.html */ - std::function + std::function clientCertificateValidationCallback; }; // Alias for portable code diff --git a/cpp/src/Glacier2/SessionRouterI.cpp b/cpp/src/Glacier2/SessionRouterI.cpp index 0d357c50d73..fb3cc8919aa 100644 --- a/cpp/src/Glacier2/SessionRouterI.cpp +++ b/cpp/src/Glacier2/SessionRouterI.cpp @@ -302,7 +302,7 @@ CreateSession::CreateSession(shared_ptr sessionRouter, const str } } { - auto info = dynamic_pointer_cast(current.con->getInfo()); + auto info = dynamic_pointer_cast(current.con->getInfo()); if (info) { if (info->certs.size() > 0) @@ -637,7 +637,7 @@ SessionRouterI::createSessionFromSecureConnectionAsync( // try { - auto info = dynamic_pointer_cast(current.con->getInfo()); + auto info = dynamic_pointer_cast(current.con->getInfo()); if (!info) { exception(make_exception_ptr(PermissionDeniedException("not ssl connection"))); @@ -659,7 +659,7 @@ SessionRouterI::createSessionFromSecureConnectionAsync( userDN = info->certs[0]->getSubjectDN(); } } - catch (const IceSSL::CertificateEncodingException&) + catch (const SSL::CertificateEncodingException&) { exception(make_exception_ptr(PermissionDeniedException("certificate encoding exception"))); return; diff --git a/cpp/src/Ice/EndpointI.h b/cpp/src/Ice/EndpointI.h index 95bd778f81c..b33c9004d4b 100644 --- a/cpp/src/Ice/EndpointI.h +++ b/cpp/src/Ice/EndpointI.h @@ -10,7 +10,7 @@ #include "EndpointIF.h" #include "Ice/Endpoint.h" #include "Ice/EndpointSelectionType.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "TransceiverF.h" #include diff --git a/cpp/src/Ice/Instance.cpp b/cpp/src/Ice/Instance.cpp index 28ac0770c3a..8624c463597 100644 --- a/cpp/src/Ice/Instance.cpp +++ b/cpp/src/Ice/Instance.cpp @@ -3,7 +3,6 @@ // #include "Instance.h" -#include "../IceSSL/SSLEngine.h" #include "CheckIdentity.h" #include "ConnectionFactory.h" #include "ConsoleUtil.h" @@ -38,6 +37,7 @@ #include "RegisterPluginsInit.h" #include "RetryQueue.h" #include "RouterInfo.h" +#include "SSL/SSLEngine.h" #include "ThreadPool.h" #include "TimeUtil.h" #include "TraceLevels.h" @@ -49,11 +49,11 @@ #include #if defined(_WIN32) -# include "../IceSSL/SChannelEngine.h" +# include "SSL/SchannelEngine.h" #elif defined(__APPLE__) -# include "../IceSSL/SecureTransportEngine.h" +# include "SSL/SecureTransportEngine.h" #else -# include "../IceSSL/OpenSSLEngine.h" +# include "SSL/OpenSSLEngine.h" #endif #ifdef __APPLE__ @@ -1310,11 +1310,11 @@ IceInternal::Instance::initialize(const Ice::CommunicatorPtr& communicator) } #if defined(_WIN32) - _sslEngine = make_shared(shared_from_this()); + _sslEngine = make_shared(shared_from_this()); #elif defined(__APPLE__) - _sslEngine = make_shared(shared_from_this()); + _sslEngine = make_shared(shared_from_this()); #else - _sslEngine = make_shared(shared_from_this()); + _sslEngine = make_shared(shared_from_this()); #endif _sslEngine->initialize(); } diff --git a/cpp/src/Ice/Instance.h b/cpp/src/Ice/Instance.h index 3cdac2a9204..af19c94ad1d 100644 --- a/cpp/src/Ice/Instance.h +++ b/cpp/src/Ice/Instance.h @@ -5,7 +5,6 @@ #ifndef ICE_INSTANCE_H #define ICE_INSTANCE_H -#include "../IceSSL/SSLEngineF.h" #include "ConnectionFactoryF.h" #include "ConnectionOptions.h" #include "DefaultsAndOverridesF.h" @@ -30,6 +29,7 @@ #include "ReferenceFactoryF.h" #include "RetryQueueF.h" #include "RouterInfoF.h" +#include "SSL/SSLEngineF.h" #include "ThreadPoolF.h" #include "TraceLevelsF.h" @@ -126,7 +126,7 @@ namespace IceInternal void setSndBufSizeWarn(std::int16_t type, int size); void setRcvBufSizeWarn(std::int16_t type, int size); - IceSSL::SSLEnginePtr sslEngine() const { return _sslEngine; } + Ice::SSL::SSLEnginePtr sslEngine() const { return _sslEngine; } private: Instance(const Ice::InitializationData&); @@ -201,7 +201,7 @@ namespace IceInternal ImplicitContextKind _implicitContextKind; // Only set when _implicitContextKind == Shared. Ice::ImplicitContextPtr _sharedImplicitContext; - IceSSL::SSLEnginePtr _sslEngine; + Ice::SSL::SSLEnginePtr _sslEngine; }; class ProcessI : public Ice::Process diff --git a/cpp/src/Ice/Makefile.mk b/cpp/src/Ice/Makefile.mk index 1cb97120d4c..cddeda36837 100644 --- a/cpp/src/Ice/Makefile.mk +++ b/cpp/src/Ice/Makefile.mk @@ -13,9 +13,9 @@ Ice_libs := bz2 Ice_extra_sources := $(wildcard src/IceUtil/*.cpp) ifeq ($(os),Darwin) -Ice_extra_sources += $(filter-out src/IceSSL/OpenSSL%.cpp src/IceSSL/SChannel%.cpp, $(wildcard src/IceSSL/*.cpp)) +Ice_extra_sources += $(filter-out src/Ice/SSL/OpenSSL%.cpp src/Ice/SSL/Schannel%.cpp, $(wildcard src/Ice/SSL/*.cpp)) else -Ice_extra_sources += $(filter-out src/IceSSL/SecureTransport%.cpp src/IceSSL/SChannel%.cpp, $(wildcard src/IceSSL/*.cpp)) +Ice_extra_sources += $(filter-out src/Ice/SSL/SecureTransport%.cpp src/Ice/SSL/Schannel%.cpp, $(wildcard src/Ice/SSL/*.cpp)) endif Ice_excludes = src/Ice/DLLMain.cpp diff --git a/cpp/src/Ice/ObjectAdapterI.h b/cpp/src/Ice/ObjectAdapterI.h index 20be70e4831..337b353f49e 100644 --- a/cpp/src/Ice/ObjectAdapterI.h +++ b/cpp/src/Ice/ObjectAdapterI.h @@ -15,7 +15,7 @@ #include "Ice/ObjectAdapter.h" #include "Ice/ObjectF.h" #include "Ice/Proxy.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "LocatorInfoF.h" #include "ObjectAdapterFactoryF.h" #include "RouterInfoF.h" diff --git a/cpp/src/Ice/OpaqueEndpointI.h b/cpp/src/Ice/OpaqueEndpointI.h index ccf13d44fdc..ad08fad3d10 100644 --- a/cpp/src/Ice/OpaqueEndpointI.h +++ b/cpp/src/Ice/OpaqueEndpointI.h @@ -7,7 +7,7 @@ #include "EndpointFactory.h" #include "EndpointI.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include diff --git a/cpp/src/IceSSL/CertificateI.cpp b/cpp/src/Ice/SSL/CertificateI.cpp similarity index 91% rename from cpp/src/IceSSL/CertificateI.cpp rename to cpp/src/Ice/SSL/CertificateI.cpp index 0171f6c2719..322b101efd9 100644 --- a/cpp/src/IceSSL/CertificateI.cpp +++ b/cpp/src/Ice/SSL/CertificateI.cpp @@ -3,7 +3,7 @@ // #include "CertificateI.h" -#include "../Ice/Base64.h" +#include "../Base64.h" #include "Ice/LocalException.h" #include "Ice/Object.h" #include "Ice/StringConverter.h" @@ -15,12 +15,12 @@ using namespace std; using namespace Ice; using namespace IceInternal; -using namespace IceSSL; +using namespace Ice::SSL; // // Map a certificate OID to its alias // -const CertificateOID IceSSL::certificateOIDS[] = { +const CertificateOID Ice::SSL::certificateOIDS[] = { {"2.5.4.3", "CN"}, {"2.5.4.4", "SN"}, {"2.5.4.5", "DeviceSerialNumber"}, @@ -37,7 +37,7 @@ const CertificateOID IceSSL::certificateOIDS[] = { {"1.2.840.113549.1.9.2", "unstructuredName"}, {"1.2.840.113549.1.9.1", "emailAddress"}, {"0.9.2342.19200300.100.1.25", "DC"}}; -const int IceSSL::certificateOIDSSize = sizeof(IceSSL::certificateOIDS) / sizeof(CertificateOID); +const int Ice::SSL::certificateOIDSSize = sizeof(Ice::SSL::certificateOIDS) / sizeof(CertificateOID); CertificateReadException::CertificateReadException(const char* file, int line, string r) noexcept : Exception(file, line), @@ -48,7 +48,7 @@ CertificateReadException::CertificateReadException(const char* file, int line, s string CertificateReadException::ice_id() const { - return "::IceSSL::CertificateReadException"; + return "::Ice::SSL::CertificateReadException"; } CertificateEncodingException::CertificateEncodingException(const char* file, int line, string r) noexcept @@ -60,7 +60,7 @@ CertificateEncodingException::CertificateEncodingException(const char* file, int string CertificateEncodingException::ice_id() const { - return "::IceSSL::CertificateEncodingException"; + return "::Ice::SSL::CertificateEncodingException"; } ParseException::ParseException(const char* file, int line, string r) noexcept @@ -72,14 +72,14 @@ ParseException::ParseException(const char* file, int line, string r) noexcept string ParseException::ice_id() const { - return "::IceSSL::ParseException"; + return "::Ice::SSL::ParseException"; } DistinguishedName::DistinguishedName(const string& dn) : _rdns(RFC2253::parseStrict(dn)) { unescape(); } DistinguishedName::DistinguishedName(const list>& rdns) : _rdns(rdns) { unescape(); } -namespace IceSSL +namespace Ice::SSL { bool operator==(const DistinguishedName& lhs, const DistinguishedName& rhs) { @@ -156,7 +156,7 @@ DistinguishedName::unescape() } bool -CertificateI::operator!=(const IceSSL::Certificate& other) const +CertificateI::operator!=(const Ice::SSL::Certificate& other) const { return !operator==(other); } diff --git a/cpp/src/IceSSL/CertificateI.h b/cpp/src/Ice/SSL/CertificateI.h similarity index 81% rename from cpp/src/IceSSL/CertificateI.h rename to cpp/src/Ice/SSL/CertificateI.h index 0d1914fa66d..ffa034cebdf 100644 --- a/cpp/src/IceSSL/CertificateI.h +++ b/cpp/src/Ice/SSL/CertificateI.h @@ -2,15 +2,15 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_CERTIFICATE_I_H -#define ICESSL_CERTIFICATE_I_H +#ifndef ICE_SSL_CERTIFICATE_I_H +#define ICE_SSL_CERTIFICATE_I_H -#include "Ice/Certificate.h" +#include "Ice/SSL/Certificate.h" #include #include -namespace IceSSL +namespace Ice::SSL { // // Map a certificate OID to its alias @@ -27,10 +27,10 @@ namespace IceSSL // // Certificate common implementation // - class ICE_API CertificateI : public virtual IceSSL::Certificate + class ICE_API CertificateI : public virtual Ice::SSL::Certificate { public: - virtual bool operator!=(const IceSSL::Certificate&) const; + virtual bool operator!=(const Ice::SSL::Certificate&) const; virtual std::vector getX509Extensions() const; virtual X509ExtensionPtr getX509Extension(const std::string&) const; diff --git a/cpp/src/IceSSL/OpenSSLCertificateI.cpp b/cpp/src/Ice/SSL/OpenSSLCertificateI.cpp similarity index 97% rename from cpp/src/IceSSL/OpenSSLCertificateI.cpp rename to cpp/src/Ice/SSL/OpenSSLCertificateI.cpp index 2d28ba7cae3..885da8b0f87 100644 --- a/cpp/src/IceSSL/OpenSSLCertificateI.cpp +++ b/cpp/src/Ice/SSL/OpenSSLCertificateI.cpp @@ -3,7 +3,7 @@ // #include "CertificateI.h" -#include "Ice/OpenSSL.h" +#include "Ice/SSL/OpenSSL.h" #include "OpenSSLUtil.h" #include "RFC2253.h" @@ -15,7 +15,7 @@ #include #include -using namespace IceSSL; +using namespace Ice::SSL; using namespace std; // @@ -214,11 +214,11 @@ namespace OpenSSLCertificateI(x509_st*); ~OpenSSLCertificateI(); - virtual bool operator==(const IceSSL::Certificate&) const; + virtual bool operator==(const Ice::SSL::Certificate&) const; virtual vector getAuthorityKeyIdentifier() const; virtual vector getSubjectKeyIdentifier() const; - virtual bool verify(const IceSSL::CertificatePtr&) const; + virtual bool verify(const Ice::SSL::CertificatePtr&) const; virtual string encode() const; virtual chrono::system_clock::time_point getNotAfter() const; @@ -300,7 +300,7 @@ OpenSSLCertificateI::~OpenSSLCertificateI() } bool -OpenSSLCertificateI::operator==(const IceSSL::Certificate& r) const +OpenSSLCertificateI::operator==(const Ice::SSL::Certificate& r) const { const OpenSSLCertificateI* p = dynamic_cast(&r); if (!p) @@ -358,7 +358,7 @@ OpenSSLCertificateI::getSubjectKeyIdentifier() const } bool -OpenSSLCertificateI::verify(const IceSSL::CertificatePtr& cert) const +OpenSSLCertificateI::verify(const Ice::SSL::CertificatePtr& cert) const { OpenSSLCertificateI* c = dynamic_cast(cert.get()); if (c) @@ -379,7 +379,7 @@ OpenSSLCertificateI::encode() const if (i <= 0) { BIO_free(out); - throw CertificateEncodingException(__FILE__, __LINE__, OpenSSL::getSslErrors(false)); + throw CertificateEncodingException(__FILE__, __LINE__, OpenSSL::getErrors(false)); } BUF_MEM* p; BIO_get_mem_ptr(out, &p); @@ -581,12 +581,12 @@ OpenSSL::Certificate::load(const std::string& file) BIO_free(cert); if (x == nullptr) { - throw CertificateReadException(__FILE__, __LINE__, "error reading file:\n" + getSslErrors(false)); + throw CertificateReadException(__FILE__, __LINE__, "error reading file:\n" + getErrors(false)); } // Calling it with -1 for the side effects, this ensure that the extensions info is loaded if (X509_check_purpose(x, -1, -1) == -1) { - throw CertificateReadException(__FILE__, __LINE__, "error loading certificate:\n" + getSslErrors(false)); + throw CertificateReadException(__FILE__, __LINE__, "error loading certificate:\n" + getErrors(false)); } return make_shared(x); } @@ -599,12 +599,12 @@ OpenSSL::Certificate::decode(const std::string& encoding) BIO_free(cert); if (x == nullptr) { - throw CertificateEncodingException(__FILE__, __LINE__, getSslErrors(false)); + throw CertificateEncodingException(__FILE__, __LINE__, getErrors(false)); } // Calling it with -1 for the side effects, this ensure that the extensions info is loaded if (X509_check_purpose(x, -1, -1) == -1) { - throw CertificateReadException(__FILE__, __LINE__, "error loading certificate:\n" + getSslErrors(false)); + throw CertificateReadException(__FILE__, __LINE__, "error loading certificate:\n" + getErrors(false)); } return make_shared(x); } diff --git a/cpp/src/IceSSL/OpenSSLEngine.cpp b/cpp/src/Ice/SSL/OpenSSLEngine.cpp similarity index 96% rename from cpp/src/IceSSL/OpenSSLEngine.cpp rename to cpp/src/Ice/SSL/OpenSSLEngine.cpp index b24f1c5f2da..0b22d9f5673 100644 --- a/cpp/src/IceSSL/OpenSSLEngine.cpp +++ b/cpp/src/Ice/SSL/OpenSSLEngine.cpp @@ -8,8 +8,8 @@ #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/LoggerUtil.h" -#include "Ice/OpenSSL.h" #include "Ice/Properties.h" +#include "Ice/SSL/OpenSSL.h" #include "IceUtil/FileUtil.h" #include "IceUtil/StringUtil.h" #include "OpenSSLEngineF.h" @@ -34,11 +34,10 @@ using namespace std; using namespace Ice; using namespace Ice::SSL; -using namespace IceSSL; extern "C" { - int IceSSL_opensslPasswordCallback(char* buf, int size, int /*flag*/, void* userData) + int Ice_SSL_opensslPasswordCallback(char* buf, int size, int /*flag*/, void* userData) { OpenSSL::SSLEngine* p = reinterpret_cast(userData); assert(p); @@ -71,7 +70,9 @@ namespace } } -OpenSSL::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) : IceSSL::SSLEngine(instance), _ctx(nullptr) {} +OpenSSL::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) : Ice::SSL::SSLEngine(instance), _ctx(nullptr) +{ +} OpenSSL::SSLEngine::~SSLEngine() {} @@ -81,7 +82,7 @@ OpenSSL::SSLEngine::initialize() lock_guard lock(_mutex); try { - IceSSL::SSLEngine::initialize(); + Ice::SSL::SSLEngine::initialize(); const string propPrefix = "IceSSL."; PropertiesPtr properties = getProperties(); @@ -412,7 +413,7 @@ ClientAuthenticationOptions OpenSSL::SSLEngine::createClientAuthenticationOptions(const std::string&) const { return ClientAuthenticationOptions{ - .clientSslContextSelectionCallback = + .clientSSLContextSelectionCallback = [this](const string&) { // Ensure the SSL context remains valid for the lifetime of the connection. @@ -458,7 +459,7 @@ OpenSSL::SSLEngine::createClientAuthenticationOptions(const std::string&) const SSL_set_verify(ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); }, .serverCertificateValidationCallback = - [this](bool ok, X509_STORE_CTX* ctx, const IceSSL::ConnectionInfoPtr& info) + [this](bool ok, X509_STORE_CTX* ctx, const Ice::SSL::ConnectionInfoPtr& info) { return validationCallback(ok, ctx, info); }, }; } @@ -467,7 +468,7 @@ ServerAuthenticationOptions OpenSSL::SSLEngine::createServerAuthenticationOptions() const { return ServerAuthenticationOptions{ - .serverSslContextSelectionCallback = + .serverSSLContextSelectionCallback = [this](const string&) { // Ensure the SSL context remains valid for the lifetime of the connection. @@ -493,12 +494,12 @@ OpenSSL::SSLEngine::createServerAuthenticationOptions() const SSL_set_verify(ssl, sslVerifyMode, 0); }, .clientCertificateValidationCallback = - [this](bool ok, X509_STORE_CTX* ctx, const IceSSL::ConnectionInfoPtr& info) + [this](bool ok, X509_STORE_CTX* ctx, const Ice::SSL::ConnectionInfoPtr& info) { return validationCallback(ok, ctx, info); }}; } bool -OpenSSL::SSLEngine::validationCallback(bool ok, X509_STORE_CTX* ctx, const IceSSL::ConnectionInfoPtr& info) const +OpenSSL::SSLEngine::validationCallback(bool ok, X509_STORE_CTX* ctx, const Ice::SSL::ConnectionInfoPtr& info) const { // At this point before the SSL handshake is completed, the connection info doesn't contain the peer's // certificate chain required for verifyPeer. We set it here. @@ -506,7 +507,7 @@ OpenSSL::SSLEngine::validationCallback(bool ok, X509_STORE_CTX* ctx, const IceSS if (ok) { // TODO we should refactor verifyPeer to not depend on the Certificate API in a follow-up PR. - vector certs; + vector certs; STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(ctx); if (chain != 0) { @@ -517,7 +518,7 @@ OpenSSL::SSLEngine::validationCallback(bool ok, X509_STORE_CTX* ctx, const IceSS } sk_X509_pop_free(chain, X509_free); } - const_cast(info)->certs = certs; + const_cast(info)->certs = certs; verifyPeer(info); } return ok; @@ -526,7 +527,7 @@ OpenSSL::SSLEngine::validationCallback(bool ok, X509_STORE_CTX* ctx, const IceSS string OpenSSL::SSLEngine::sslErrors() const { - return getSslErrors(securityTraceLevel() >= 1); + return getErrors(securityTraceLevel() >= 1); } void diff --git a/cpp/src/IceSSL/OpenSSLEngine.h b/cpp/src/Ice/SSL/OpenSSLEngine.h similarity index 83% rename from cpp/src/IceSSL/OpenSSLEngine.h rename to cpp/src/Ice/SSL/OpenSSLEngine.h index e8fef193306..dbb0e858f42 100644 --- a/cpp/src/IceSSL/OpenSSLEngine.h +++ b/cpp/src/Ice/SSL/OpenSSLEngine.h @@ -7,15 +7,15 @@ #include "../Ice/InstanceF.h" #include "Ice/BuiltinSequences.h" -#include "Ice/ClientAuthenticationOptions.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ClientAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "OpenSSLUtil.h" #include "SSLEngine.h" #include "SSLInstanceF.h" -namespace IceSSL::OpenSSL +namespace Ice::SSL::OpenSSL { - class SSLEngine final : public IceSSL::SSLEngine + class SSLEngine final : public Ice::SSL::SSLEngine { public: SSLEngine(const IceInternal::InstancePtr&); @@ -29,7 +29,7 @@ namespace IceSSL::OpenSSL Ice::SSL::ServerAuthenticationOptions createServerAuthenticationOptions() const final; private: - bool validationCallback(bool, X509_STORE_CTX*, const IceSSL::ConnectionInfoPtr&) const; + bool validationCallback(bool, X509_STORE_CTX*, const Ice::SSL::ConnectionInfoPtr&) const; // The SSL_CTX object configured with IceSSL properties. This object is shared across all SSL incoming and // outgoing connections that do not specify custom ServerAuthenticationOptions or ClientAuthenticationOptions. SSL_CTX* _ctx; diff --git a/cpp/src/IceSSL/OpenSSLEngineF.h b/cpp/src/Ice/SSL/OpenSSLEngineF.h similarity index 62% rename from cpp/src/IceSSL/OpenSSLEngineF.h rename to cpp/src/Ice/SSL/OpenSSLEngineF.h index 269e861550d..5cf80c94de3 100644 --- a/cpp/src/IceSSL/OpenSSLEngineF.h +++ b/cpp/src/Ice/SSL/OpenSSLEngineF.h @@ -2,12 +2,12 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_OPENSSL_ENGINE_F_H -#define ICESSL_OPENSSL_ENGINE_F_H +#ifndef ICE_SSL_OPENSSL_ENGINE_F_H +#define ICE_SSL_OPENSSL_ENGINE_F_H #include -namespace IceSSL::OpenSSL +namespace Ice::SSL::OpenSSL { class SSLEngine; using SSLEnginePtr = std::shared_ptr; diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp b/cpp/src/Ice/SSL/OpenSSLTransceiverI.cpp similarity index 96% rename from cpp/src/IceSSL/OpenSSLTransceiverI.cpp rename to cpp/src/Ice/SSL/OpenSSLTransceiverI.cpp index d63b43857ca..9a389238b84 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +++ b/cpp/src/Ice/SSL/OpenSSLTransceiverI.cpp @@ -3,13 +3,12 @@ // #include "OpenSSLTransceiverI.h" -#include "../Ice/Network.h" #include "Ice/Buffer.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/LoggerUtil.h" -#include "Ice/OpenSSL.h" -#include "Ice/SSLConnectionInfo.h" +#include "Ice/SSL/ConnectionInfo.h" +#include "Ice/SSL/OpenSSL.h" #include "OpenSSLEngine.h" #include "SSLEngine.h" #include "SSLInstance.h" @@ -25,11 +24,10 @@ using namespace std; using namespace Ice; using namespace Ice::SSL; -using namespace IceSSL; extern "C" { - int IceSSL_opensslVerifyCallback(int ok, X509_STORE_CTX* ctx) + int Ice_SSL_opensslVerifyCallback(int ok, X509_STORE_CTX* ctx) { ::SSL* ssl = reinterpret_cast<::SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); OpenSSL::TransceiverI* p = reinterpret_cast(SSL_get_ex_data(ssl, 0)); @@ -39,9 +37,10 @@ extern "C" namespace { - std::function createDefaultVerificationCallback() + std::function + createDefaultVerificationCallback() { - return [](bool, X509_STORE_CTX* ctx, const IceSSL::ConnectionInfoPtr&) + return [](bool, X509_STORE_CTX* ctx, const Ice::SSL::ConnectionInfoPtr&) { ::SSL* ssl = static_cast<::SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); long result = SSL_get_verify_result(ssl); @@ -100,7 +99,7 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:: throw SecurityException(__FILE__, __LINE__, "openssl failure"); } - _sslCtx = _localSslContextSelectionCallback(_incoming ? _adapterName : _host); + _sslCtx = _localSSLContextSelectionCallback(_incoming ? _adapterName : _host); if (!_sslCtx) { throw SecurityException(__FILE__, __LINE__, "SSL error: the SSL context selection callback returned null"); @@ -119,7 +118,7 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:: SSL_set_bio(_ssl, bio, bio); SSL_set_ex_data(_ssl, 0, this); - SSL_set_verify(_ssl, SSL_get_verify_mode(_ssl), IceSSL_opensslVerifyCallback); + SSL_set_verify(_ssl, SSL_get_verify_mode(_ssl), Ice_SSL_opensslVerifyCallback); if (_sslNewSessionCallback) { @@ -687,7 +686,7 @@ OpenSSL::TransceiverI::TransceiverI( _sentBytes(0), _maxSendPacketSize(0), _maxRecvPacketSize(0), - _localSslContextSelectionCallback(serverAuthenticationOptions.serverSslContextSelectionCallback), + _localSSLContextSelectionCallback(serverAuthenticationOptions.serverSSLContextSelectionCallback), _remoteCertificateVerificationCallback( serverAuthenticationOptions.clientCertificateValidationCallback ? serverAuthenticationOptions.clientCertificateValidationCallback @@ -714,7 +713,7 @@ OpenSSL::TransceiverI::TransceiverI( _sentBytes(0), _maxSendPacketSize(0), _maxRecvPacketSize(0), - _localSslContextSelectionCallback(clientAuthenticationOptions.clientSslContextSelectionCallback), + _localSSLContextSelectionCallback(clientAuthenticationOptions.clientSSLContextSelectionCallback), _remoteCertificateVerificationCallback( clientAuthenticationOptions.serverCertificateValidationCallback ? clientAuthenticationOptions.serverCertificateValidationCallback diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.h b/cpp/src/Ice/SSL/OpenSSLTransceiverI.h similarity index 81% rename from cpp/src/IceSSL/OpenSSLTransceiverI.h rename to cpp/src/Ice/SSL/OpenSSLTransceiverI.h index d47ed2f10ed..b004d01d209 100644 --- a/cpp/src/IceSSL/OpenSSLTransceiverI.h +++ b/cpp/src/Ice/SSL/OpenSSLTransceiverI.h @@ -5,14 +5,14 @@ #ifndef ICESSL_OPENSSL_TRANSCEIVER_I_H #define ICESSL_OPENSSL_TRANSCEIVER_I_H -#include "../Ice/Network.h" -#include "../Ice/StreamSocket.h" -#include "../Ice/Transceiver.h" -#include "../Ice/WSTransceiver.h" -#include "Ice/Certificate.h" -#include "Ice/ClientAuthenticationOptions.h" +#include "../Network.h" +#include "../StreamSocket.h" +#include "../Transceiver.h" +#include "../WSTransceiver.h" #include "Ice/Config.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/Certificate.h" +#include "Ice/SSL/ClientAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "OpenSSLEngineF.h" #include "SSLInstanceF.h" #include "SSLUtil.h" @@ -22,7 +22,7 @@ typedef struct ssl_st SSL; typedef struct bio_st BIO; -namespace IceSSL::OpenSSL +namespace Ice::SSL::OpenSSL { class TransceiverI final : public IceInternal::Transceiver { @@ -60,17 +60,17 @@ namespace IceSSL::OpenSSL bool receive(); bool send(); - friend class IceSSL::OpenSSL::SSLEngine; + friend class Ice::SSL::OpenSSL::SSLEngine; const InstancePtr _instance; - const IceSSL::OpenSSL::SSLEnginePtr _engine; + const Ice::SSL::OpenSSL::SSLEnginePtr _engine; const std::string _host; const std::string _adapterName; const bool _incoming; const IceInternal::TransceiverPtr _delegate; bool _connected; std::string _cipher; - std::vector _certs; + std::vector _certs; ::SSL* _ssl; SSL_CTX* _sslCtx; BIO* _memBio; @@ -79,8 +79,8 @@ namespace IceSSL::OpenSSL int _sentBytes; size_t _maxSendPacketSize; size_t _maxRecvPacketSize; - std::function _localSslContextSelectionCallback; - std::function + std::function _localSSLContextSelectionCallback; + std::function _remoteCertificateVerificationCallback; std::function _sslNewSessionCallback; std::exception_ptr _verificationException; diff --git a/cpp/src/IceSSL/OpenSSLUtil.cpp b/cpp/src/Ice/SSL/OpenSSLUtil.cpp similarity index 97% rename from cpp/src/IceSSL/OpenSSLUtil.cpp rename to cpp/src/Ice/SSL/OpenSSLUtil.cpp index 979c9de5d34..7ab74bb35c4 100644 --- a/cpp/src/IceSSL/OpenSSLUtil.cpp +++ b/cpp/src/Ice/SSL/OpenSSLUtil.cpp @@ -20,7 +20,7 @@ using namespace std; string -IceSSL::OpenSSL::getSslErrors(bool verbose) +Ice::SSL::OpenSSL::getErrors(bool verbose) { ostringstream ostr; diff --git a/cpp/src/IceSSL/OpenSSLUtil.h b/cpp/src/Ice/SSL/OpenSSLUtil.h similarity index 57% rename from cpp/src/IceSSL/OpenSSLUtil.h rename to cpp/src/Ice/SSL/OpenSSLUtil.h index e0f1f73af84..5cbf4e309e1 100644 --- a/cpp/src/IceSSL/OpenSSLUtil.h +++ b/cpp/src/Ice/SSL/OpenSSLUtil.h @@ -2,17 +2,17 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_OPENSSL_UTIL_I_H -#define ICESSL_OPENSSL_UTIL_I_H +#ifndef ICE_SSL_OPENSSL_UTIL_I_H +#define ICE_SSL_OPENSSL_UTIL_I_H #include #include -namespace IceSSL::OpenSSL +namespace Ice::SSL::OpenSSL { // Accumulate the OpenSSL error stack into a string. - std::string getSslErrors(bool); + std::string getErrors(bool); } #endif diff --git a/cpp/src/IceSSL/RFC2253.cpp b/cpp/src/Ice/SSL/RFC2253.cpp similarity index 99% rename from cpp/src/IceSSL/RFC2253.cpp rename to cpp/src/Ice/SSL/RFC2253.cpp index b2ca3520622..167abb8b663 100644 --- a/cpp/src/IceSSL/RFC2253.cpp +++ b/cpp/src/Ice/SSL/RFC2253.cpp @@ -3,7 +3,7 @@ // #include "RFC2253.h" -#include "Ice/Certificate.h" +#include "Ice/SSL/Certificate.h" #include "IceUtil/StringUtil.h" #include @@ -11,7 +11,7 @@ #include using namespace std; -using namespace IceSSL; +using namespace Ice::SSL; namespace { diff --git a/cpp/src/IceSSL/RFC2253.h b/cpp/src/Ice/SSL/RFC2253.h similarity index 90% rename from cpp/src/IceSSL/RFC2253.h rename to cpp/src/Ice/SSL/RFC2253.h index bfeb8c44190..3ca69b1bc5a 100644 --- a/cpp/src/IceSSL/RFC2253.h +++ b/cpp/src/Ice/SSL/RFC2253.h @@ -2,8 +2,8 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_RFC_2253_H -#define ICESSL_RFC_2253_H +#ifndef ICE_SSL_RFC_2253_H +#define ICE_SSL_RFC_2253_H #include "Ice/Config.h" @@ -11,7 +11,7 @@ #include // -// The methods in the IceSSL::RFC2253 namespace implement a parser +// The methods in the Ice::SSL::RFC2253 namespace implement a parser // for relative distinguished name (RDN) pairs using the parsing // rules outlined in sections 3 and 4 of RFC 2253. // @@ -23,7 +23,7 @@ // results in the pair ("O","Sue\, Grabit and Runn") and not // ("O","Sue, Grabit and Runn"). // -namespace IceSSL::RFC2253 +namespace Ice::SSL::RFC2253 { using RDNSeq = std::list>; diff --git a/cpp/src/IceSSL/SSLAcceptorI.cpp b/cpp/src/Ice/SSL/SSLAcceptorI.cpp similarity index 74% rename from cpp/src/IceSSL/SSLAcceptorI.cpp rename to cpp/src/Ice/SSL/SSLAcceptorI.cpp index dcd72eba5fa..2be2dc1b526 100644 --- a/cpp/src/IceSSL/SSLAcceptorI.cpp +++ b/cpp/src/Ice/SSL/SSLAcceptorI.cpp @@ -10,8 +10,8 @@ #include "SSLUtil.h" #if defined(_WIN32) -# include "SChannelEngine.h" -# include "SChannelTransceiverI.h" +# include "SchannelEngine.h" +# include "SchannelTransceiverI.h" #elif defined(__APPLE__) # include "SecureTransportTransceiverI.h" #else @@ -20,30 +20,30 @@ using namespace std; using namespace Ice; -using namespace IceSSL; +using namespace Ice::SSL; IceInternal::NativeInfoPtr -IceSSL::AcceptorI::getNativeInfo() +Ice::SSL::AcceptorI::getNativeInfo() { return _delegate->getNativeInfo(); } #if defined(ICE_USE_IOCP) IceInternal::AsyncInfo* -IceSSL::AcceptorI::getAsyncInfo(IceInternal::SocketOperation status) +Ice::SSL::AcceptorI::getAsyncInfo(IceInternal::SocketOperation status) { return _delegate->getNativeInfo()->getAsyncInfo(status); } #endif void -IceSSL::AcceptorI::close() +Ice::SSL::AcceptorI::close() { _delegate->close(); } IceInternal::EndpointIPtr -IceSSL::AcceptorI::listen() +Ice::SSL::AcceptorI::listen() { _endpoint = _endpoint->endpoint(_delegate->listen()); return _endpoint; @@ -51,20 +51,20 @@ IceSSL::AcceptorI::listen() #if defined(ICE_USE_IOCP) void -IceSSL::AcceptorI::startAccept() +Ice::SSL::AcceptorI::startAccept() { _delegate->startAccept(); } void -IceSSL::AcceptorI::finishAccept() +Ice::SSL::AcceptorI::finishAccept() { _delegate->finishAccept(); } #endif IceInternal::TransceiverPtr -IceSSL::AcceptorI::accept() +Ice::SSL::AcceptorI::accept() { optional serverAuthenticationOptions = _serverAuthenticationOptions; if (!serverAuthenticationOptions) @@ -73,19 +73,19 @@ IceSSL::AcceptorI::accept() } assert(serverAuthenticationOptions); #if defined(_WIN32) - return make_shared( + return make_shared( _instance, _delegate->accept(), _adapterName, *serverAuthenticationOptions); #elif defined(__APPLE__) - return make_shared( + return make_shared( _instance, _delegate->accept(), _adapterName, *serverAuthenticationOptions); #else - return make_shared( + return make_shared( _instance, _delegate->accept(), _adapterName, @@ -94,24 +94,24 @@ IceSSL::AcceptorI::accept() } string -IceSSL::AcceptorI::protocol() const +Ice::SSL::AcceptorI::protocol() const { return _delegate->protocol(); } string -IceSSL::AcceptorI::toString() const +Ice::SSL::AcceptorI::toString() const { return _delegate->toString(); } string -IceSSL::AcceptorI::toDetailedString() const +Ice::SSL::AcceptorI::toDetailedString() const { return _delegate->toDetailedString(); } -IceSSL::AcceptorI::AcceptorI( +Ice::SSL::AcceptorI::AcceptorI( const EndpointIPtr& endpoint, const InstancePtr& instance, const IceInternal::AcceptorPtr& del, @@ -125,4 +125,4 @@ IceSSL::AcceptorI::AcceptorI( { } -IceSSL::AcceptorI::~AcceptorI() {} +Ice::SSL::AcceptorI::~AcceptorI() {} diff --git a/cpp/src/IceSSL/SSLAcceptorI.h b/cpp/src/Ice/SSL/SSLAcceptorI.h similarity index 84% rename from cpp/src/IceSSL/SSLAcceptorI.h rename to cpp/src/Ice/SSL/SSLAcceptorI.h index c8ffc70aab8..e2771cfeebb 100644 --- a/cpp/src/IceSSL/SSLAcceptorI.h +++ b/cpp/src/Ice/SSL/SSLAcceptorI.h @@ -2,19 +2,19 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_ACCEPTOR_I_H -#define ICESSL_ACCEPTOR_I_H +#ifndef ICE_SSL_ACCEPTOR_I_H +#define ICE_SSL_ACCEPTOR_I_H -#include "../Ice/Acceptor.h" -#include "../Ice/Network.h" -#include "../Ice/TransceiverF.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "../Acceptor.h" +#include "../Network.h" +#include "../TransceiverF.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "SSLInstanceF.h" #include #include -namespace IceSSL +namespace Ice::SSL { class AcceptorI final : public IceInternal::Acceptor, public IceInternal::NativeInfo { @@ -51,4 +51,4 @@ namespace IceSSL }; } -#endif // IceSSL namespace end +#endif diff --git a/cpp/src/IceSSL/SSLConnectorI.cpp b/cpp/src/Ice/SSL/SSLConnectorI.cpp similarity index 66% rename from cpp/src/IceSSL/SSLConnectorI.cpp rename to cpp/src/Ice/SSL/SSLConnectorI.cpp index f3763980d0e..c333aaeaafb 100644 --- a/cpp/src/IceSSL/SSLConnectorI.cpp +++ b/cpp/src/Ice/SSL/SSLConnectorI.cpp @@ -5,19 +5,19 @@ #include "SSLConnectorI.h" #include "SSLInstance.h" -#include "../Ice/NetworkProxy.h" -#include "../Ice/StreamSocket.h" -#include "Ice/ClientAuthenticationOptions.h" +#include "../NetworkProxy.h" +#include "../StreamSocket.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/LoggerUtil.h" +#include "Ice/SSL/ClientAuthenticationOptions.h" #include "SSLEndpointI.h" #include "SSLEngine.h" #include "SSLUtil.h" #if defined(_WIN32) -# include "SChannelEngine.h" -# include "SChannelTransceiverI.h" +# include "SchannelEngine.h" +# include "SchannelTransceiverI.h" #elif defined(__APPLE__) # include "SecureTransportEngine.h" # include "SecureTransportTransceiverI.h" @@ -28,10 +28,10 @@ using namespace std; using namespace Ice; -using namespace IceSSL; +using namespace Ice::SSL; IceInternal::TransceiverPtr -IceSSL::ConnectorI::connect() +Ice::SSL::ConnectorI::connect() { optional clientAuthenticationOptions = _instance->engine()->getInitializationData().clientAuthenticationOptions; @@ -41,36 +41,32 @@ IceSSL::ConnectorI::connect() } assert(clientAuthenticationOptions); #if defined(_WIN32) - return make_shared(_instance, _delegate->connect(), _host, *clientAuthenticationOptions); + return make_shared(_instance, _delegate->connect(), _host, *clientAuthenticationOptions); #elif defined(__APPLE__) - return make_shared( + return make_shared( _instance, _delegate->connect(), _host, *clientAuthenticationOptions); #else - return make_shared( - _instance, - _delegate->connect(), - _host, - *clientAuthenticationOptions); + return make_shared(_instance, _delegate->connect(), _host, *clientAuthenticationOptions); #endif } int16_t -IceSSL::ConnectorI::type() const +Ice::SSL::ConnectorI::type() const { return _delegate->type(); } string -IceSSL::ConnectorI::toString() const +Ice::SSL::ConnectorI::toString() const { return _delegate->toString(); } bool -IceSSL::ConnectorI::operator==(const IceInternal::Connector& r) const +Ice::SSL::ConnectorI::operator==(const IceInternal::Connector& r) const { const ConnectorI* p = dynamic_cast(&r); if (!p) @@ -87,7 +83,7 @@ IceSSL::ConnectorI::operator==(const IceInternal::Connector& r) const } bool -IceSSL::ConnectorI::operator<(const IceInternal::Connector& r) const +Ice::SSL::ConnectorI::operator<(const IceInternal::Connector& r) const { const ConnectorI* p = dynamic_cast(&r); if (!p) @@ -103,11 +99,11 @@ IceSSL::ConnectorI::operator<(const IceInternal::Connector& r) const return Ice::targetLess(_delegate, p->_delegate); } -IceSSL::ConnectorI::ConnectorI(const InstancePtr& instance, const IceInternal::ConnectorPtr& del, const string& h) +Ice::SSL::ConnectorI::ConnectorI(const InstancePtr& instance, const IceInternal::ConnectorPtr& del, const string& h) : _instance(instance), _delegate(del), _host(h) { } -IceSSL::ConnectorI::~ConnectorI() {} +Ice::SSL::ConnectorI::~ConnectorI() {} diff --git a/cpp/src/IceSSL/SSLConnectorI.h b/cpp/src/Ice/SSL/SSLConnectorI.h similarity index 79% rename from cpp/src/IceSSL/SSLConnectorI.h rename to cpp/src/Ice/SSL/SSLConnectorI.h index 10310aa210a..aa2dbe2dd7f 100644 --- a/cpp/src/IceSSL/SSLConnectorI.h +++ b/cpp/src/Ice/SSL/SSLConnectorI.h @@ -2,16 +2,16 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_CONNECTOR_I_H -#define ICESSL_CONNECTOR_I_H +#ifndef ICE_SSL_CONNECTOR_I_H +#define ICE_SSL_CONNECTOR_I_H -#include "../Ice/Connector.h" -#include "../Ice/Network.h" -#include "../Ice/TransceiverF.h" +#include "../Connector.h" +#include "../Network.h" +#include "../TransceiverF.h" #include "SSLInstanceF.h" -namespace IceSSL +namespace Ice::SSL { class EndpointI; @@ -36,6 +36,6 @@ namespace IceSSL const std::string _host; }; -} // IceSSL namespace end +} #endif diff --git a/cpp/src/IceSSL/SSLEndpointI.cpp b/cpp/src/Ice/SSL/SSLEndpointI.cpp similarity index 75% rename from cpp/src/IceSSL/SSLEndpointI.cpp rename to cpp/src/Ice/SSL/SSLEndpointI.cpp index 4744dd582fd..7f29bfea912 100644 --- a/cpp/src/IceSSL/SSLEndpointI.cpp +++ b/cpp/src/Ice/SSL/SSLEndpointI.cpp @@ -3,9 +3,9 @@ // #include "SSLEndpointI.h" -#include "../Ice/DefaultsAndOverrides.h" -#include "../Ice/EndpointFactoryManager.h" -#include "../Ice/HashUtil.h" +#include "../DefaultsAndOverrides.h" +#include "../EndpointFactoryManager.h" +#include "../HashUtil.h" #include "Ice/Comparable.h" #include "Ice/InputStream.h" #include "Ice/LocalException.h" @@ -17,20 +17,20 @@ using namespace std; using namespace Ice; -using namespace IceSSL; +using namespace Ice::SSL; extern "C" { Plugin* createIceSSL(const CommunicatorPtr& communicator, const string&, const StringSeq&) { IceInternal::InstancePtr instance = IceInternal::getInstance(communicator); - IceSSL::SSLEnginePtr engine = instance->sslEngine(); + Ice::SSL::SSLEnginePtr engine = instance->sslEngine(); IceInternal::EndpointFactoryManagerPtr endpointFactoryManager = instance->endpointFactoryManager(); - IceSSL::InstancePtr sslInstance = make_shared(engine, SSLEndpointType, "ssl"); + Ice::SSL::InstancePtr sslInstance = make_shared(engine, SSLEndpointType, "ssl"); return new IceInternal::EndpointFactoryPlugin( communicator, - make_shared(sslInstance, TCPEndpointType)); + make_shared(sslInstance, TCPEndpointType)); } } @@ -58,23 +58,23 @@ namespace } } // Implement virtual destructors out of line to avoid weak vtables. -IceSSL::ConnectionInfo::~ConnectionInfo() {} -IceSSL::EndpointInfo::~EndpointInfo() {} +Ice::SSL::ConnectionInfo::~ConnectionInfo() {} +Ice::SSL::EndpointInfo::~EndpointInfo() {} -IceSSL::EndpointI::EndpointI(const InstancePtr& instance, const IceInternal::EndpointIPtr& del) +Ice::SSL::EndpointI::EndpointI(const InstancePtr& instance, const IceInternal::EndpointIPtr& del) : _instance(instance), _delegate(del) { } void -IceSSL::EndpointI::streamWriteImpl(Ice::OutputStream* stream) const +Ice::SSL::EndpointI::streamWriteImpl(Ice::OutputStream* stream) const { _delegate->streamWriteImpl(stream); } Ice::EndpointInfoPtr -IceSSL::EndpointI::getInfo() const noexcept +Ice::SSL::EndpointI::getInfo() const noexcept { EndpointInfoPtr info = make_shared>(const_cast(this)->shared_from_this()); @@ -85,25 +85,25 @@ IceSSL::EndpointI::getInfo() const noexcept } int16_t -IceSSL::EndpointI::type() const +Ice::SSL::EndpointI::type() const { return _delegate->type(); } const std::string& -IceSSL::EndpointI::protocol() const +Ice::SSL::EndpointI::protocol() const { return _delegate->protocol(); } int32_t -IceSSL::EndpointI::timeout() const +Ice::SSL::EndpointI::timeout() const { return _delegate->timeout(); } IceInternal::EndpointIPtr -IceSSL::EndpointI::timeout(int32_t timeout) const +Ice::SSL::EndpointI::timeout(int32_t timeout) const { if (timeout == _delegate->timeout()) { @@ -116,13 +116,13 @@ IceSSL::EndpointI::timeout(int32_t timeout) const } const string& -IceSSL::EndpointI::connectionId() const +Ice::SSL::EndpointI::connectionId() const { return _delegate->connectionId(); } IceInternal::EndpointIPtr -IceSSL::EndpointI::connectionId(const string& connectionId) const +Ice::SSL::EndpointI::connectionId(const string& connectionId) const { if (connectionId == _delegate->connectionId()) { @@ -135,13 +135,13 @@ IceSSL::EndpointI::connectionId(const string& connectionId) const } bool -IceSSL::EndpointI::compress() const +Ice::SSL::EndpointI::compress() const { return _delegate->compress(); } IceInternal::EndpointIPtr -IceSSL::EndpointI::compress(bool compress) const +Ice::SSL::EndpointI::compress(bool compress) const { if (compress == _delegate->compress()) { @@ -154,25 +154,25 @@ IceSSL::EndpointI::compress(bool compress) const } bool -IceSSL::EndpointI::datagram() const +Ice::SSL::EndpointI::datagram() const { return _delegate->datagram(); } bool -IceSSL::EndpointI::secure() const +Ice::SSL::EndpointI::secure() const { return _delegate->secure(); } IceInternal::TransceiverPtr -IceSSL::EndpointI::transceiver() const +Ice::SSL::EndpointI::transceiver() const { return nullptr; } void -IceSSL::EndpointI::connectorsAsync( +Ice::SSL::EndpointI::connectorsAsync( Ice::EndpointSelectionType selType, function)> response, function exception) const @@ -194,7 +194,7 @@ IceSSL::EndpointI::connectorsAsync( } IceInternal::AcceptorPtr -IceSSL::EndpointI::acceptor( +Ice::SSL::EndpointI::acceptor( const string& adapterName, const optional& serverAuthenticationOptions) const { @@ -207,7 +207,7 @@ IceSSL::EndpointI::acceptor( } EndpointIPtr -IceSSL::EndpointI::endpoint(const IceInternal::EndpointIPtr& delEndp) const +Ice::SSL::EndpointI::endpoint(const IceInternal::EndpointIPtr& delEndp) const { if (delEndp.get() == _delegate.get()) { @@ -220,7 +220,7 @@ IceSSL::EndpointI::endpoint(const IceInternal::EndpointIPtr& delEndp) const } vector -IceSSL::EndpointI::expandIfWildcard() const +Ice::SSL::EndpointI::expandIfWildcard() const { vector endps = _delegate->expandIfWildcard(); for (vector::iterator p = endps.begin(); p != endps.end(); ++p) @@ -238,7 +238,7 @@ IceSSL::EndpointI::expandIfWildcard() const } vector -IceSSL::EndpointI::expandHost(IceInternal::EndpointIPtr& publish) const +Ice::SSL::EndpointI::expandHost(IceInternal::EndpointIPtr& publish) const { vector endps = _delegate->expandHost(publish); if (publish.get() == _delegate.get()) @@ -264,7 +264,7 @@ IceSSL::EndpointI::expandHost(IceInternal::EndpointIPtr& publish) const } bool -IceSSL::EndpointI::equivalent(const IceInternal::EndpointIPtr& endpoint) const +Ice::SSL::EndpointI::equivalent(const IceInternal::EndpointIPtr& endpoint) const { const EndpointI* endpointI = dynamic_cast(endpoint.get()); if (!endpointI) @@ -275,19 +275,19 @@ IceSSL::EndpointI::equivalent(const IceInternal::EndpointIPtr& endpoint) const } int32_t -IceSSL::EndpointI::hash() const +Ice::SSL::EndpointI::hash() const { return _delegate->hash(); } string -IceSSL::EndpointI::options() const +Ice::SSL::EndpointI::options() const { return _delegate->options(); } bool -IceSSL::EndpointI::operator==(const Ice::Endpoint& r) const +Ice::SSL::EndpointI::operator==(const Ice::Endpoint& r) const { const EndpointI* p = dynamic_cast(&r); if (!p) @@ -309,7 +309,7 @@ IceSSL::EndpointI::operator==(const Ice::Endpoint& r) const } bool -IceSSL::EndpointI::operator<(const Ice::Endpoint& r) const +Ice::SSL::EndpointI::operator<(const Ice::Endpoint& r) const { const EndpointI* p = dynamic_cast(&r); if (!p) @@ -340,25 +340,25 @@ IceSSL::EndpointI::operator<(const Ice::Endpoint& r) const } bool -IceSSL::EndpointI::checkOption(const string& /*option*/, const string& /*argument*/, const string& /*endpoint*/) +Ice::SSL::EndpointI::checkOption(const string& /*option*/, const string& /*argument*/, const string& /*endpoint*/) { return false; } -IceSSL::EndpointFactoryI::EndpointFactoryI(const InstancePtr& instance, int16_t type) +Ice::SSL::EndpointFactoryI::EndpointFactoryI(const InstancePtr& instance, int16_t type) : IceInternal::EndpointFactoryWithUnderlying(instance, type), _sslInstance(instance) { } void -IceSSL::EndpointFactoryI::destroy() +Ice::SSL::EndpointFactoryI::destroy() { _sslInstance = nullptr; } IceInternal::EndpointFactoryPtr -IceSSL::EndpointFactoryI::cloneWithUnderlying(const IceInternal::ProtocolInstancePtr& instance, int16_t underlying) +Ice::SSL::EndpointFactoryI::cloneWithUnderlying(const IceInternal::ProtocolInstancePtr& instance, int16_t underlying) const { return make_shared( @@ -367,13 +367,14 @@ IceSSL::EndpointFactoryI::cloneWithUnderlying(const IceInternal::ProtocolInstanc } IceInternal::EndpointIPtr -IceSSL::EndpointFactoryI::createWithUnderlying(const IceInternal::EndpointIPtr& underlying, vector&, bool) const +Ice::SSL::EndpointFactoryI::createWithUnderlying(const IceInternal::EndpointIPtr& underlying, vector&, bool) + const { return make_shared(_sslInstance, underlying); } IceInternal::EndpointIPtr -IceSSL::EndpointFactoryI::readWithUnderlying(const IceInternal::EndpointIPtr& underlying, Ice::InputStream*) const +Ice::SSL::EndpointFactoryI::readWithUnderlying(const IceInternal::EndpointIPtr& underlying, Ice::InputStream*) const { return make_shared(_sslInstance, underlying); } diff --git a/cpp/src/IceSSL/SSLEndpointI.h b/cpp/src/Ice/SSL/SSLEndpointI.h similarity index 94% rename from cpp/src/IceSSL/SSLEndpointI.h rename to cpp/src/Ice/SSL/SSLEndpointI.h index 31ab498275b..dd41440149a 100644 --- a/cpp/src/IceSSL/SSLEndpointI.h +++ b/cpp/src/Ice/SSL/SSLEndpointI.h @@ -5,15 +5,15 @@ #ifndef ICESSL_ENDPOINT_I_H #define ICESSL_ENDPOINT_I_H -#include "../Ice/EndpointFactory.h" -#include "../Ice/EndpointI.h" -#include "../Ice/IPEndpointI.h" -#include "../Ice/Network.h" -#include "Ice/SSLEndpointInfo.h" +#include "../EndpointFactory.h" +#include "../EndpointI.h" +#include "../IPEndpointI.h" +#include "../Network.h" +#include "Ice/SSL/EndpointInfo.h" #include "SSLEngineF.h" #include "SSLInstanceF.h" -namespace IceSSL +namespace Ice::SSL { class EndpointI final : public IceInternal::EndpointI, public std::enable_shared_from_this { diff --git a/cpp/src/IceSSL/SSLEngine.cpp b/cpp/src/Ice/SSL/SSLEngine.cpp similarity index 83% rename from cpp/src/IceSSL/SSLEngine.cpp rename to cpp/src/Ice/SSL/SSLEngine.cpp index 5f163e9e22a..76b6c12d63d 100644 --- a/cpp/src/IceSSL/SSLEngine.cpp +++ b/cpp/src/Ice/SSL/SSLEngine.cpp @@ -3,13 +3,13 @@ // #include "SSLEngine.h" -#include "../Ice/Instance.h" +#include "../Instance.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/LoggerUtil.h" #include "Ice/Properties.h" -#include "Ice/SSLConnectionInfo.h" +#include "Ice/SSL/ConnectionInfo.h" #include "IceUtil/StringUtil.h" #include "TrustManager.h" @@ -18,9 +18,9 @@ using namespace std; using namespace Ice; using namespace IceUtil; -using namespace IceSSL; +using namespace Ice::SSL; -IceSSL::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) +Ice::SSL::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) : _instance(instance), _trustManager(make_shared(instance)), _revocationCheckCacheOnly(false), @@ -28,26 +28,28 @@ IceSSL::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) { } +Ice::SSL::SSLEngine::~SSLEngine() {} + Ice::LoggerPtr -IceSSL::SSLEngine::getLogger() const +Ice::SSL::SSLEngine::getLogger() const { return _instance->initializationData().logger; } Ice::PropertiesPtr -IceSSL::SSLEngine::getProperties() const +Ice::SSL::SSLEngine::getProperties() const { return _instance->initializationData().properties; } Ice::InitializationData -IceSSL::SSLEngine::getInitializationData() const +Ice::SSL::SSLEngine::getInitializationData() const { return _instance->initializationData(); } void -IceSSL::SSLEngine::initialize() +Ice::SSL::SSLEngine::initialize() { const string propPrefix = "IceSSL."; const PropertiesPtr properties = getProperties(); @@ -64,7 +66,10 @@ IceSSL::SSLEngine::initialize() if (_verifyPeer < 0 || _verifyPeer > 2) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: invalid value for " + propPrefix + "VerifyPeer"); + throw InitializationException( + __FILE__, + __LINE__, + "SSL transport: invalid value for " + propPrefix + "VerifyPeer"); } _securityTraceLevel = properties->getPropertyAsInt("IceSSL.Trace.Security"); @@ -76,7 +81,7 @@ IceSSL::SSLEngine::initialize() } void -IceSSL::SSLEngine::verifyPeerCertName(const ConnectionInfoPtr& info, const string& address) const +Ice::SSL::SSLEngine::verifyPeerCertName(const ConnectionInfoPtr& info, const string& address) const { // For an outgoing connection, we compare the proxy address (if any) against fields in the server's certificate // (if any). @@ -134,7 +139,7 @@ IceSSL::SSLEngine::verifyPeerCertName(const ConnectionInfoPtr& info, const strin if (!certNameOK) { ostringstream ostr; - ostr << "IceSSL: "; + ostr << "SSL transport: "; if (_verifyPeer > 0) { ostr << "ignoring "; @@ -156,7 +161,7 @@ IceSSL::SSLEngine::verifyPeerCertName(const ConnectionInfoPtr& info, const strin } void -IceSSL::SSLEngine::verifyPeer(const ConnectionInfoPtr& info) const +Ice::SSL::SSLEngine::verifyPeer(const ConnectionInfoPtr& info) const { if (!_trustManager->verify(info)) { @@ -170,43 +175,43 @@ IceSSL::SSLEngine::verifyPeer(const ConnectionInfoPtr& info) const } bool -IceSSL::SSLEngine::getCheckCertName() const +Ice::SSL::SSLEngine::getCheckCertName() const { return _checkCertName; } bool -IceSSL::SSLEngine::getServerNameIndication() const +Ice::SSL::SSLEngine::getServerNameIndication() const { return _serverNameIndication; } int -IceSSL::SSLEngine::getVerifyPeer() const +Ice::SSL::SSLEngine::getVerifyPeer() const { return _verifyPeer; } int -IceSSL::SSLEngine::securityTraceLevel() const +Ice::SSL::SSLEngine::securityTraceLevel() const { return _securityTraceLevel; } std::string -IceSSL::SSLEngine::securityTraceCategory() const +Ice::SSL::SSLEngine::securityTraceCategory() const { return _securityTraceCategory; } bool -IceSSL::SSLEngine::getRevocationCheckCacheOnly() const +Ice::SSL::SSLEngine::getRevocationCheckCacheOnly() const { return _revocationCheckCacheOnly; } int -IceSSL::SSLEngine::getRevocationCheck() const +Ice::SSL::SSLEngine::getRevocationCheck() const { return _revocationCheck; } diff --git a/cpp/src/IceSSL/SSLEngine.h b/cpp/src/Ice/SSL/SSLEngine.h similarity index 77% rename from cpp/src/IceSSL/SSLEngine.h rename to cpp/src/Ice/SSL/SSLEngine.h index 01bfb5bfb3a..bf195c3c05f 100644 --- a/cpp/src/IceSSL/SSLEngine.h +++ b/cpp/src/Ice/SSL/SSLEngine.h @@ -2,17 +2,17 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_ENGINE_H -#define ICESSL_ENGINE_H +#ifndef ICE_SSL_ENGINE_H +#define ICE_SSL_ENGINE_H -#include "../Ice/Network.h" -#include "../Ice/TransceiverF.h" -#include "Ice/Certificate.h" -#include "Ice/ClientAuthenticationOptions.h" +#include "../Network.h" +#include "../TransceiverF.h" #include "Ice/CommunicatorF.h" #include "Ice/Initialize.h" #include "Ice/InstanceF.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/Certificate.h" +#include "Ice/SSL/ClientAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "SSLEngineF.h" #include "SSLInstanceF.h" #include "SSLUtil.h" @@ -20,12 +20,13 @@ #include -namespace IceSSL +namespace Ice::SSL { class ICE_API SSLEngine { public: SSLEngine(const IceInternal::InstancePtr&); + ~SSLEngine(); Ice::LoggerPtr getLogger() const; Ice::PropertiesPtr getProperties() const; @@ -43,8 +44,8 @@ namespace IceSSL virtual void verifyPeer(const ConnectionInfoPtr&) const; void verifyPeerCertName(const ConnectionInfoPtr&, const std::string&) const; - virtual Ice::SSL::ClientAuthenticationOptions createClientAuthenticationOptions(const std::string&) const = 0; - virtual Ice::SSL::ServerAuthenticationOptions createServerAuthenticationOptions() const = 0; + virtual ClientAuthenticationOptions createClientAuthenticationOptions(const std::string&) const = 0; + virtual ServerAuthenticationOptions createServerAuthenticationOptions() const = 0; bool getCheckCertName() const; bool getServerNameIndication() const; diff --git a/cpp/src/IceSSL/SSLEngineF.h b/cpp/src/Ice/SSL/SSLEngineF.h similarity index 69% rename from cpp/src/IceSSL/SSLEngineF.h rename to cpp/src/Ice/SSL/SSLEngineF.h index 515a4ed0d92..2e2fc2abf38 100644 --- a/cpp/src/IceSSL/SSLEngineF.h +++ b/cpp/src/Ice/SSL/SSLEngineF.h @@ -2,12 +2,12 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_ENGINE_F_H -#define ICESSL_ENGINE_F_H +#ifndef ICE_SSL_ENGINE_F_H +#define ICE_SSL_ENGINE_F_H #include -namespace IceSSL +namespace Ice::SSL { class SSLEngine; using SSLEnginePtr = std::shared_ptr; diff --git a/cpp/src/IceSSL/SSLInstance.cpp b/cpp/src/Ice/SSL/SSLInstance.cpp similarity index 66% rename from cpp/src/IceSSL/SSLInstance.cpp rename to cpp/src/Ice/SSL/SSLInstance.cpp index 36584ce3895..3ce83a26396 100644 --- a/cpp/src/IceSSL/SSLInstance.cpp +++ b/cpp/src/Ice/SSL/SSLInstance.cpp @@ -7,9 +7,9 @@ using namespace std; using namespace Ice; -using namespace IceSSL; +using namespace Ice::SSL; -IceSSL::Instance::Instance(const SSLEnginePtr& engine, int16_t type, const string& protocol) +Ice::SSL::Instance::Instance(const SSLEnginePtr& engine, int16_t type, const string& protocol) : ProtocolInstance(engine->instance(), type, protocol, true), _engine(engine) { diff --git a/cpp/src/IceSSL/SSLInstance.h b/cpp/src/Ice/SSL/SSLInstance.h similarity index 78% rename from cpp/src/IceSSL/SSLInstance.h rename to cpp/src/Ice/SSL/SSLInstance.h index a85757179cb..d848bbc5e39 100644 --- a/cpp/src/IceSSL/SSLInstance.h +++ b/cpp/src/Ice/SSL/SSLInstance.h @@ -2,14 +2,14 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_INSTANCE_H -#define ICESSL_INSTANCE_H +#ifndef ICE_SSL_INSTANCE_H +#define ICE_SSL_INSTANCE_H -#include "../Ice/ProtocolInstance.h" +#include "../ProtocolInstance.h" #include "SSLEngineF.h" #include "SSLInstanceF.h" -namespace IceSSL +namespace Ice::SSL { class ICE_API Instance final : public IceInternal::ProtocolInstance { diff --git a/cpp/src/IceSSL/SSLInstanceF.h b/cpp/src/Ice/SSL/SSLInstanceF.h similarity index 76% rename from cpp/src/IceSSL/SSLInstanceF.h rename to cpp/src/Ice/SSL/SSLInstanceF.h index 0d932403654..d4c720c32e8 100644 --- a/cpp/src/IceSSL/SSLInstanceF.h +++ b/cpp/src/Ice/SSL/SSLInstanceF.h @@ -2,12 +2,12 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_INSTANCE_F_H -#define ICESSL_INSTANCE_F_H +#ifndef ICE_SSL_INSTANCE_F_H +#define ICE_SSL_INSTANCE_F_H #include -namespace IceSSL +namespace Ice::SSL { class Instance; using InstancePtr = std::shared_ptr; diff --git a/cpp/src/IceSSL/SSLUtil.cpp b/cpp/src/Ice/SSL/SSLUtil.cpp similarity index 90% rename from cpp/src/IceSSL/SSLUtil.cpp rename to cpp/src/Ice/SSL/SSLUtil.cpp index b8cd03da376..3f8c24fad57 100644 --- a/cpp/src/IceSSL/SSLUtil.cpp +++ b/cpp/src/Ice/SSL/SSLUtil.cpp @@ -7,10 +7,10 @@ # include #endif -#include "../Ice/Base64.h" -#include "../Ice/Network.h" -#include "Ice/Certificate.h" +#include "../Base64.h" +#include "../Network.h" #include "Ice/LocalException.h" +#include "Ice/SSL/Certificate.h" #include "Ice/StringConverter.h" #include "Ice/UniqueRef.h" #include "IceUtil/FileUtil.h" @@ -23,12 +23,12 @@ using namespace std; using namespace Ice; using namespace IceInternal; using namespace IceUtil; -using namespace IceSSL; +using namespace Ice::SSL; #if defined(__APPLE__) std::string -IceSSL::fromCFString(CFStringRef v) +Ice::SSL::fromCFString(CFStringRef v) { string s; if (v) @@ -45,7 +45,7 @@ IceSSL::fromCFString(CFStringRef v) #endif bool -IceSSL::parseBytes(const string& arg, vector& buffer) +Ice::SSL::parseBytes(const string& arg, vector& buffer) { string v = IceUtilInternal::toUpper(arg); @@ -78,7 +78,7 @@ IceSSL::parseBytes(const string& arg, vector& buffer) } void -IceSSL::readFile(const string& file, vector& buffer) +Ice::SSL::readFile(const string& file, vector& buffer) { ifstream is(IceUtilInternal::streamFilename(file).c_str(), ios::in | ios::binary); if (!is.good()) @@ -101,7 +101,7 @@ IceSSL::readFile(const string& file, vector& buffer) } bool -IceSSL::checkPath(const string& path, const string& defaultDir, bool dir, string& resolved) +Ice::SSL::checkPath(const string& path, const string& defaultDir, bool dir, string& resolved) { #if defined(ICE_USE_SECURE_TRANSPORT_IOS) || defined(ICE_SWIFT) CFBundleRef bundle = CFBundleGetMainBundle(); diff --git a/cpp/src/IceSSL/SSLUtil.h b/cpp/src/Ice/SSL/SSLUtil.h similarity index 95% rename from cpp/src/IceSSL/SSLUtil.h rename to cpp/src/Ice/SSL/SSLUtil.h index 664bdbf0ef5..0fabf3937c9 100644 --- a/cpp/src/IceSSL/SSLUtil.h +++ b/cpp/src/Ice/SSL/SSLUtil.h @@ -2,8 +2,8 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_UTIL_H -#define ICESSL_UTIL_H +#ifndef ICE_SSL_UTIL_H +#define ICE_SSL_UTIL_H #include #include @@ -18,7 +18,7 @@ # endif #endif -namespace IceSSL +namespace Ice::SSL { #if defined(__APPLE__) // diff --git a/cpp/src/IceSSL/SChannelCertificateI.cpp b/cpp/src/Ice/SSL/SchannelCertificateI.cpp similarity index 88% rename from cpp/src/IceSSL/SChannelCertificateI.cpp rename to cpp/src/Ice/SSL/SchannelCertificateI.cpp index e7e5afa6f82..db9c8daae46 100644 --- a/cpp/src/IceSSL/SChannelCertificateI.cpp +++ b/cpp/src/Ice/SSL/SchannelCertificateI.cpp @@ -2,10 +2,10 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "../Ice/StringUtil.h" +#include "../StringUtil.h" #include "CertificateI.h" -#include "Ice/Certificate.h" -#include "Ice/SChannel.h" +#include "Ice/SSL/Certificate.h" +#include "Ice/SSL/Schannel.h" #include "Ice/StringConverter.h" #include "SSLUtil.h" @@ -18,7 +18,7 @@ using namespace std; using namespace Ice; -using namespace IceSSL; +using namespace Ice::SSL; namespace { @@ -34,10 +34,10 @@ namespace }; using CertInfoHolderPtr = shared_ptr; - class SCHannelX509ExtensionI : public X509Extension + class SchannelX509ExtensionI : public X509Extension { public: - SCHannelX509ExtensionI(CERT_EXTENSION, const string&, const CertInfoHolderPtr&); + SchannelX509ExtensionI(CERT_EXTENSION, const string&, const CertInfoHolderPtr&); virtual bool isCritical() const; virtual string getOID() const; virtual vector getData() const; @@ -48,13 +48,13 @@ namespace CertInfoHolderPtr _certInfo; // Keep a reference on the CERT_INFO struct that holds the extension }; - class SChannelCertificateI : public SChannel::Certificate, public CertificateI + class SchannelCertificateI : public Schannel::Certificate, public CertificateI { public: - SChannelCertificateI(CERT_SIGNED_CONTENT_INFO*); - ~SChannelCertificateI(); + SchannelCertificateI(CERT_SIGNED_CONTENT_INFO*); + ~SchannelCertificateI(); - virtual bool operator==(const IceSSL::Certificate&) const; + virtual bool operator==(const Ice::SSL::Certificate&) const; virtual vector getAuthorityKeyIdentifier() const; virtual vector getSubjectKeyIdentifier() const; @@ -264,7 +264,7 @@ namespace } // End anonymous namespace -SCHannelX509ExtensionI::SCHannelX509ExtensionI(CERT_EXTENSION extension, const string& oid, const CertInfoHolderPtr& ci) +SchannelX509ExtensionI::SchannelX509ExtensionI(CERT_EXTENSION extension, const string& oid, const CertInfoHolderPtr& ci) : _extension(extension), _oid(oid), _certInfo(ci) @@ -272,19 +272,19 @@ SCHannelX509ExtensionI::SCHannelX509ExtensionI(CERT_EXTENSION extension, const s } bool -SCHannelX509ExtensionI::isCritical() const +SchannelX509ExtensionI::isCritical() const { return _extension.fCritical != 0; } string -SCHannelX509ExtensionI::getOID() const +SchannelX509ExtensionI::getOID() const { return _oid; } vector -SCHannelX509ExtensionI::getData() const +SchannelX509ExtensionI::getData() const { vector data; data.resize(_extension.Value.cbData); @@ -292,7 +292,7 @@ SCHannelX509ExtensionI::getData() const return data; } -SChannelCertificateI::SChannelCertificateI(CERT_SIGNED_CONTENT_INFO* cert) : _cert(cert) +SchannelCertificateI::SchannelCertificateI(CERT_SIGNED_CONTENT_INFO* cert) : _cert(cert) { if (!_cert) { @@ -327,7 +327,7 @@ SChannelCertificateI::SChannelCertificateI(CERT_SIGNED_CONTENT_INFO* cert) : _ce } } -SChannelCertificateI::~SChannelCertificateI() +SchannelCertificateI::~SchannelCertificateI() { if (_cert) { @@ -336,9 +336,9 @@ SChannelCertificateI::~SChannelCertificateI() } bool -SChannelCertificateI::operator==(const IceSSL::Certificate& r) const +SchannelCertificateI::operator==(const Ice::SSL::Certificate& r) const { - const SChannelCertificateI* p = dynamic_cast(&r); + const SchannelCertificateI* p = dynamic_cast(&r); if (!p) { return false; @@ -348,7 +348,7 @@ SChannelCertificateI::operator==(const IceSSL::Certificate& r) const } vector -SChannelCertificateI::getAuthorityKeyIdentifier() const +SchannelCertificateI::getAuthorityKeyIdentifier() const { vector keyid; PCERT_EXTENSION extension = @@ -381,7 +381,7 @@ SChannelCertificateI::getAuthorityKeyIdentifier() const } vector -SChannelCertificateI::getSubjectKeyIdentifier() const +SchannelCertificateI::getSubjectKeyIdentifier() const { vector keyid; PCERT_EXTENSION extension = @@ -414,10 +414,10 @@ SChannelCertificateI::getSubjectKeyIdentifier() const } bool -SChannelCertificateI::verify(const CertificatePtr& cert) const +SchannelCertificateI::verify(const CertificatePtr& cert) const { bool result = false; - SChannelCertificateI* c = dynamic_cast(cert.get()); + SchannelCertificateI* c = dynamic_cast(cert.get()); if (c) { BYTE* buffer = 0; @@ -438,7 +438,7 @@ SChannelCertificateI::verify(const CertificatePtr& cert) const } string -SChannelCertificateI::encode() const +SchannelCertificateI::encode() const { string s; DWORD length = 0; @@ -483,19 +483,19 @@ SChannelCertificateI::encode() const } chrono::system_clock::time_point -SChannelCertificateI::getNotAfter() const +SchannelCertificateI::getNotAfter() const { return filetimeToTime(_certInfo->NotAfter); } chrono::system_clock::time_point -SChannelCertificateI::getNotBefore() const +SchannelCertificateI::getNotBefore() const { return filetimeToTime(_certInfo->NotBefore); } string -SChannelCertificateI::getSerialNumber() const +SchannelCertificateI::getSerialNumber() const { ostringstream os; for (int i = _certInfo->SerialNumber.cbData - 1; i >= 0; --i) @@ -513,43 +513,43 @@ SChannelCertificateI::getSerialNumber() const } DistinguishedName -SChannelCertificateI::getIssuerDN() const +SchannelCertificateI::getIssuerDN() const { return DistinguishedName(certNameToString(&_certInfo->Issuer)); } vector> -SChannelCertificateI::getIssuerAlternativeNames() const +SchannelCertificateI::getIssuerAlternativeNames() const { return certificateAltNames(_certInfo, szOID_ISSUER_ALT_NAME2); } DistinguishedName -SChannelCertificateI::getSubjectDN() const +SchannelCertificateI::getSubjectDN() const { return DistinguishedName(certNameToString(&_certInfo->Subject)); } vector> -SChannelCertificateI::getSubjectAlternativeNames() const +SchannelCertificateI::getSubjectAlternativeNames() const { return certificateAltNames(_certInfo, szOID_SUBJECT_ALT_NAME2); } int -SChannelCertificateI::getVersion() const +SchannelCertificateI::getVersion() const { return _certInfo->dwVersion; } CERT_SIGNED_CONTENT_INFO* -SChannelCertificateI::getCert() const +SchannelCertificateI::getCert() const { return _cert; } void -SChannelCertificateI::loadX509Extensions() const +SchannelCertificateI::loadX509Extensions() const { lock_guard lock(_mutex); if (_extensions.empty()) @@ -557,13 +557,13 @@ SChannelCertificateI::loadX509Extensions() const for (size_t i = 0; i < _certInfo->cExtension; ++i) { CERT_EXTENSION ext = _certInfo->rgExtension[i]; - _extensions.push_back(std::make_shared(ext, ext.pszObjId, _certInfoHolder)); + _extensions.push_back(std::make_shared(ext, ext.pszObjId, _certInfoHolder)); } } } unsigned int -SChannelCertificateI::getKeyUsage() const +SchannelCertificateI::getKeyUsage() const { unsigned int keyUsage = 0; BYTE usage[2]; @@ -614,7 +614,7 @@ SChannelCertificateI::getKeyUsage() const } unsigned int -SChannelCertificateI::getExtendedKeyUsage() const +SchannelCertificateI::getExtendedKeyUsage() const { unsigned int extendedKeyUsage = 0; const CERT_CONTEXT* certContext = @@ -698,36 +698,36 @@ SChannelCertificateI::getExtendedKeyUsage() const return extendedKeyUsage; } -SChannel::CertificatePtr -SChannel::Certificate::create(CERT_SIGNED_CONTENT_INFO* cert) +Schannel::CertificatePtr +Schannel::Certificate::create(CERT_SIGNED_CONTENT_INFO* cert) { - return make_shared(cert); + return make_shared(cert); } -SChannel::CertificatePtr -SChannel::Certificate::load(const std::string& file) +Schannel::CertificatePtr +Schannel::Certificate::load(const std::string& file) { CERT_SIGNED_CONTENT_INFO* cert; loadCertificate(&cert, file); - return make_shared(cert); + return make_shared(cert); } -SChannel::CertificatePtr -SChannel::Certificate::decode(const std::string& encoding) +Schannel::CertificatePtr +Schannel::Certificate::decode(const std::string& encoding) { CERT_SIGNED_CONTENT_INFO* cert; loadCertificate(&cert, encoding.c_str(), static_cast(encoding.size())); - return make_shared(cert); + return make_shared(cert); } -IceSSL::CertificatePtr -IceSSL::Certificate::load(const std::string& file) +Ice::SSL::CertificatePtr +Ice::SSL::Certificate::load(const std::string& file) { - return IceSSL::SChannel::Certificate::load(file); + return Ice::SSL::Schannel::Certificate::load(file); } -IceSSL::CertificatePtr -IceSSL::Certificate::decode(const std::string& encoding) +Ice::SSL::CertificatePtr +Ice::SSL::Certificate::decode(const std::string& encoding) { - return IceSSL::SChannel::Certificate::decode(encoding); + return Ice::SSL::Schannel::Certificate::decode(encoding); } diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/Ice/SSL/SchannelEngine.cpp similarity index 89% rename from cpp/src/IceSSL/SChannelEngine.cpp rename to cpp/src/Ice/SSL/SchannelEngine.cpp index e8246941e99..80fb4ed6967 100644 --- a/cpp/src/IceSSL/SChannelEngine.cpp +++ b/cpp/src/Ice/SSL/SchannelEngine.cpp @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "SChannelEngine.h" +#include "SchannelEngine.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" @@ -10,8 +10,8 @@ #include "Ice/UUID.h" #include "IceUtil/FileUtil.h" #include "IceUtil/StringUtil.h" -#include "SChannelTransceiverI.h" #include "SSLUtil.h" +#include "SchannelTransceiverI.h" #include @@ -43,7 +43,7 @@ using namespace std; using namespace Ice; using namespace IceUtil; using namespace IceUtilInternal; -using namespace IceSSL; +using namespace Ice::SSL; namespace { @@ -67,7 +67,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: error adding certificate to store:\n" + IceUtilInternal::lastErrorToString()); + "SSL transport: error adding certificate to store:\n" + IceUtilInternal::lastErrorToString()); } } } while (next); @@ -88,7 +88,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: failed to open certificate store `" + storeName + "':\n" + + "SSL transport: failed to open certificate store `" + storeName + "':\n" + IceUtilInternal::lastErrorToString()); } @@ -115,7 +115,7 @@ namespace { if (value.find(':', 0) == string::npos) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: no key in `" + value + "'"); + throw InitializationException(__FILE__, __LINE__, "SSL transport: no key in `" + value + "'"); } size_t start = 0; size_t pos; @@ -125,7 +125,10 @@ namespace if (field != "SUBJECT" && field != "SUBJECTDN" && field != "ISSUER" && field != "ISSUERDN" && field != "THUMBPRINT" && field != "SUBJECTKEYID" && field != "SERIAL") { - throw InitializationException(__FILE__, __LINE__, "IceSSL: unknown key in `" + value + "'"); + throw InitializationException( + __FILE__, + __LINE__, + "SSL transport: unknown key in `" + value + "'"); } start = pos + 1; @@ -139,7 +142,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: missing argument in `" + value + "'"); + "SSL transport: missing argument in `" + value + "'"); } string arg; @@ -160,7 +163,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: unmatched quote in `" + value + "'"); + "SSL transport: unmatched quote in `" + value + "'"); } ++start; arg = value.substr(start, end - start); @@ -187,7 +190,8 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: error adding certificate to store:\n" + IceUtilInternal::lastErrorToString()); + "SSL transport: error adding certificate to store:\n" + + IceUtilInternal::lastErrorToString()); } if (field == "SUBJECT" || field == "ISSUER") @@ -212,7 +216,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property:\n" + + "SSL transport: invalid value `" + value + "' for `IceSSL.FindCert' property:\n" + IceUtilInternal::lastErrorToString()); } @@ -222,7 +226,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property:\n" + + "SSL transport: invalid value `" + value + "' for `IceSSL.FindCert' property:\n" + IceUtilInternal::lastErrorToString()); } @@ -240,7 +244,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: invalid `IceSSL.FindCert' property: can't decode the value"); + "SSL transport: invalid `IceSSL.FindCert' property: can't decode the value"); } CRYPT_HASH_BLOB hash = {static_cast(buffer.size()), &buffer[0]}; @@ -255,7 +259,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property"); + "SSL transport: invalid value `" + value + "' for `IceSSL.FindCert' property"); } CRYPT_INTEGER_BLOB serial = {static_cast(buffer.size()), &buffer[0]}; @@ -277,7 +281,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: error adding certificate to store:\n" + + "SSL transport: error adding certificate to store:\n" + IceUtilInternal::lastErrorToString()); } } @@ -332,7 +336,7 @@ namespace readFile(file, buffer); if (buffer.empty()) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: certificate file is empty:\n" + file); + throw InitializationException(__FILE__, __LINE__, "SSL transport: certificate file is empty:\n" + file); } string strbuf(buffer.begin(), buffer.end()); @@ -373,7 +377,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: error decoding certificate:\n" + lastErrorToString()); + "SSL transport: error decoding certificate:\n" + lastErrorToString()); } if (!CertAddEncodedCertificateToStore( @@ -389,7 +393,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: error decoding certificate:\n" + lastErrorToString()); + "SSL transport: error decoding certificate:\n" + lastErrorToString()); } } @@ -398,8 +402,8 @@ namespace } } -SChannel::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) - : IceSSL::SSLEngine(instance), +Schannel::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) + : Ice::SSL::SSLEngine(instance), _rootStore(nullptr), _chainEngine(nullptr), _strongCrypto(false) @@ -407,16 +411,16 @@ SChannel::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) } void -SChannel::SSLEngine::initialize() +Schannel::SSLEngine::initialize() { // - // BUGFIX: we use a global mutex for the initialization of SChannel to - // avoid crashes occurring with last SChannel updates see: + // BUGFIX: we use a global mutex for the initialization of Schannel to + // avoid crashes occurring with last Schannel updates see: // https://github.com/zeroc-ice/ice/issues/242 // lock_guard globalLock(globalMutex); - IceSSL::SSLEngine::initialize(); + Ice::SSL::SSLEngine::initialize(); const string prefix = "IceSSL."; const PropertiesPtr properties = getProperties(); @@ -446,7 +450,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error creating in memory certificate store:\n" + lastErrorToString()); + "SSL transport: error creating in memory certificate store:\n" + lastErrorToString()); } } if (!caFile.empty()) @@ -454,7 +458,10 @@ SChannel::SSLEngine::initialize() string resolved; if (!checkPath(caFile, defaultDir, false, resolved)) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: CA certificate file not found:\n" + caFile); + throw InitializationException( + __FILE__, + __LINE__, + "SSL transport: CA certificate file not found:\n" + caFile); } addCertificatesToStore(resolved, _rootStore); @@ -484,7 +491,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error creating certificate chain engine:\n" + lastErrorToString()); + "SSL transport: error creating certificate chain engine:\n" + lastErrorToString()); } } else @@ -504,7 +511,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: invalid value for " + prefix + "CertFile:\n" + certFileValue); + "SSL transport: invalid value for " + prefix + "CertFile:\n" + certFileValue); } vector keyFiles; @@ -515,7 +522,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: invalid value for " + prefix + "KeyFile:\n" + keyFile); + "SSL transport: invalid value for " + prefix + "KeyFile:\n" + keyFile); } if (certFiles.size() != keyFiles.size()) @@ -523,7 +530,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: " + prefix + "KeyFile does not agree with " + prefix + "CertFile"); + "SSL transport: " + prefix + "KeyFile does not agree with " + prefix + "CertFile"); } } @@ -533,7 +540,10 @@ SChannel::SSLEngine::initialize() string resolved; if (!checkPath(certFile, defaultDir, false, resolved)) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: certificate file not found:\n" + certFile); + throw InitializationException( + __FILE__, + __LINE__, + "SSL transport: certificate file not found:\n" + certFile); } certFile = resolved; @@ -541,7 +551,10 @@ SChannel::SSLEngine::initialize() readFile(certFile, buffer); if (buffer.empty()) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: certificate file is empty:\n" + certFile); + throw InitializationException( + __FILE__, + __LINE__, + "SSL transport: certificate file is empty:\n" + certFile); } CRYPT_DATA_BLOB pfxBlob; @@ -595,7 +608,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: certificate error:\n" + lastErrorToString()); + "SSL transport: certificate error:\n" + lastErrorToString()); } _allCerts.push_back(cert); _stores.push_back(store); @@ -608,27 +621,27 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error decoding certificate:\n" + lastErrorToString()); + "SSL transport: error decoding certificate:\n" + lastErrorToString()); } // Try to load certificate & key as PEM files. if (keyFiles.empty()) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: no key file specified"); + throw InitializationException(__FILE__, __LINE__, "SSL transport: no key file specified"); } err = 0; keyFile = keyFiles[i]; if (!checkPath(keyFile, defaultDir, false, resolved)) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile); + throw InitializationException(__FILE__, __LINE__, "SSL transport: key file not found:\n" + keyFile); } keyFile = resolved; readFile(keyFile, buffer); if (buffer.empty()) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: key file is empty:\n" + keyFile); + throw InitializationException(__FILE__, __LINE__, "SSL transport: key file is empty:\n" + keyFile); } vector outBuffer; @@ -648,7 +661,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error decoding key `" + keyFile + "':\n" + lastErrorToString()); + "SSL transport: error decoding key `" + keyFile + "':\n" + lastErrorToString()); } PCRYPT_PRIVATE_KEY_INFO keyInfo = nullptr; @@ -674,7 +687,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - string("IceSSL: error unknow key algorithm: `") + keyInfo->Algorithm.pszObjId + "'"); + string("SSL transport: error unknow key algorithm: `") + keyInfo->Algorithm.pszObjId + "'"); } // Decode the private key BLOB. @@ -691,7 +704,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error decoding key `" + keyFile + "':\n" + lastErrorToString()); + "SSL transport: error decoding key `" + keyFile + "':\n" + lastErrorToString()); } LocalFree(keyInfo); keyInfo = nullptr; @@ -712,7 +725,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error decoding key `" + keyFile + "':\n" + lastErrorToString()); + "SSL transport: error decoding key `" + keyFile + "':\n" + lastErrorToString()); } } @@ -736,9 +749,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error acquiring cryptographic " - "context:\n" + - lastErrorToString()); + "SSL transport: error acquiring cryptographic context:\n" + lastErrorToString()); } // Import the private key. @@ -747,7 +758,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error importing key `" + keyFile + "':\n" + lastErrorToString()); + "SSL transport: error importing key `" + keyFile + "':\n" + lastErrorToString()); } LocalFree(key); key = nullptr; @@ -762,9 +773,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error creating certificate " - "store:\n" + - lastErrorToString()); + "SSL transport: error creating certificate store:\n" + lastErrorToString()); } addCertificatesToStore(certFile, store, &cert); @@ -781,9 +790,7 @@ SChannel::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: error setting certificate " - "property:\n" + - lastErrorToString()); + "SSL transport: error setting certificate property:\n" + lastErrorToString()); } _importedCerts.push_back(cert); @@ -826,14 +833,14 @@ SChannel::SSLEngine::initialize() vector certs = findCertificates(certStoreLocation, certStore, findCert, _stores); if (certs.empty()) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: no certificates found"); + throw InitializationException(__FILE__, __LINE__, "SSL transport: no certificates found"); } _allCerts.insert(_allCerts.end(), certs.begin(), certs.end()); } } string -SChannel::SSLEngine::getCipherName(ALG_ID cipher) const +Schannel::SSLEngine::getCipherName(ALG_ID cipher) const { switch (cipher) { @@ -913,7 +920,7 @@ SChannel::SSLEngine::getCipherName(ALG_ID cipher) const } SCHANNEL_CRED -SChannel::SSLEngine::newCredentialsHandle(bool incoming) const +Schannel::SSLEngine::newCredentialsHandle(bool incoming) const { SCHANNEL_CRED cred; memset(&cred, 0, sizeof(cred)); @@ -922,11 +929,11 @@ SChannel::SSLEngine::newCredentialsHandle(bool incoming) const // TODO move this flags to the newSessionCallback for the properties configuration. if (incoming) { - // Don't set SCH_SEND_ROOT_CERT as it seems to cause problems with Java certificate validation and SChannel + // Don't set SCH_SEND_ROOT_CERT as it seems to cause problems with Java certificate validation and Schannel // doesn't seems to send the root certificate either way. cred.dwFlags = SCH_CRED_NO_SYSTEM_MAPPER | SCH_CRED_DISABLE_RECONNECTS; - // There's no way to prevent SChannel from sending "CA names" to the client. Recent Windows versions don't CA + // There's no way to prevent Schannel from sending "CA names" to the client. Recent Windows versions don't CA // names but older ones do send all the trusted root CA names. We provide the root store to ensure that for // these older Windows versions, we also include the CA names of our trusted roots. cred.hRootStore = _rootStore; @@ -944,7 +951,7 @@ SChannel::SSLEngine::newCredentialsHandle(bool incoming) const } void -SChannel::SSLEngine::destroy() +Schannel::SSLEngine::destroy() { if (_chainEngine && _chainEngine != HCCE_CURRENT_USER && _chainEngine != HCCE_LOCAL_MACHINE) { @@ -987,7 +994,7 @@ SChannel::SSLEngine::destroy() } Ice::SSL::ClientAuthenticationOptions -SChannel::SSLEngine::createClientAuthenticationOptions(const string& host) const +Schannel::SSLEngine::createClientAuthenticationOptions(const string& host) const { return Ice::SSL::ClientAuthenticationOptions{ .clientCertificateSelectionCallback = @@ -1007,7 +1014,7 @@ SChannel::SSLEngine::createClientAuthenticationOptions(const string& host) const } Ice::SSL::ServerAuthenticationOptions -SChannel::SSLEngine::createServerAuthenticationOptions() const +Schannel::SSLEngine::createServerAuthenticationOptions() const { return Ice::SSL::ServerAuthenticationOptions{ .serverCertificateSelectionCallback = @@ -1047,7 +1054,7 @@ namespace } bool -SChannel::SSLEngine::validationCallback( +Schannel::SSLEngine::validationCallback( CtxtHandle ssl, const ConnectionInfoPtr& info, bool incoming, @@ -1060,7 +1067,7 @@ SChannel::SSLEngine::validationCallback( if (err && (err != SEC_E_NO_CREDENTIALS || certificateRequired)) { ostringstream os; - os << "IceSSL: certificate verification failure:\n" << IceUtilInternal::errorToString(err); + os << "SSL transport: certificate verification failure:\n" << IceUtilInternal::errorToString(err); throw SecurityException(__FILE__, __LINE__, os.str()); } @@ -1091,7 +1098,7 @@ SChannel::SSLEngine::validationCallback( if (!CertGetCertificateChain(_chainEngine, cert, 0, cert->hCertStore, &chainP, dwFlags, 0, &certChain)) { ostringstream os; - os << "IceSSL: certificate verification failure:\n" << lastErrorToString(); + os << "SSL transport: certificate verification failure:\n" << lastErrorToString(); throw SecurityException(__FILE__, __LINE__, os.str()); } ScopedCertChainContext scopedChainContext(certChain); @@ -1122,14 +1129,14 @@ SChannel::SSLEngine::validationCallback( if (!CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, certChain, &policyPara, &policyStatus)) { ostringstream os; - os << "IceSSL: certificate verification failure:\n" << lastErrorToString(); + os << "SSL transport: certificate verification failure:\n" << lastErrorToString(); throw SecurityException(__FILE__, __LINE__, os.str()); } if (policyStatus.dwError) { ostringstream os; - os << "IceSSL: certificate verification failure:\n" << policyStatusToString(policyStatus.dwError); + os << "SSL transport: certificate verification failure:\n" << policyStatusToString(policyStatus.dwError); throw SecurityException(__FILE__, __LINE__, os.str()); } @@ -1143,7 +1150,7 @@ SChannel::SSLEngine::validationCallback( } string -SChannel::SSLEngine::policyStatusToString(DWORD policyStatus) const +Schannel::SSLEngine::policyStatusToString(DWORD policyStatus) const { assert(policyStatus); ostringstream os; @@ -1259,11 +1266,11 @@ SChannel::SSLEngine::policyStatusToString(DWORD policyStatus) const } string -SChannel::SSLEngine::errorStatusToString(DWORD errorStatus) const +Schannel::SSLEngine::errorStatusToString(DWORD errorStatus) const { assert(errorStatus != CERT_TRUST_NO_ERROR); ostringstream os; - os << "IceSSL: certificate verification failure:"; + os << "SSL transport: certificate verification failure:"; if (errorStatus & CERT_TRUST_IS_NOT_TIME_VALID) { diff --git a/cpp/src/IceSSL/SChannelEngine.h b/cpp/src/Ice/SSL/SchannelEngine.h similarity index 71% rename from cpp/src/IceSSL/SChannelEngine.h rename to cpp/src/Ice/SSL/SchannelEngine.h index 38aabc512a7..5b7747dd683 100644 --- a/cpp/src/IceSSL/SChannelEngine.h +++ b/cpp/src/Ice/SSL/SchannelEngine.h @@ -2,25 +2,25 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_SCHANNEL_ENGINE_H -#define ICESSL_SCHANNEL_ENGINE_H +#ifndef ICE_SSL_SCHANNEL_ENGINE_H +#define ICE_SSL_SCHANNEL_ENGINE_H #ifdef _WIN32 -# include "Ice/ClientAuthenticationOptions.h" # include "Ice/InstanceF.h" -# include "Ice/SSLConnectionInfo.h" -# include "Ice/ServerAuthenticationOptions.h" -# include "SChannelEngineF.h" +# include "Ice/SSL/ClientAuthenticationOptions.h" +# include "Ice/SSL/ConnectionInfo.h" +# include "Ice/SSL/ServerAuthenticationOptions.h" # include "SSLEngine.h" +# include "SchannelEngineF.h" # include # include # include -namespace IceSSL::SChannel +namespace Ice::SSL::Schannel { - class SSLEngine final : public IceSSL::SSLEngine, public std::enable_shared_from_this + class SSLEngine final : public Ice::SSL::SSLEngine, public std::enable_shared_from_this { public: SSLEngine(const IceInternal::InstancePtr&); @@ -42,7 +42,7 @@ namespace IceSSL::SChannel SCHANNEL_CRED newCredentialsHandle(bool) const; private: - bool validationCallback(CtxtHandle, const IceSSL::ConnectionInfoPtr&, bool, const std::string&) const; + bool validationCallback(CtxtHandle, const Ice::SSL::ConnectionInfoPtr&, bool, const std::string&) const; std::string errorStatusToString(DWORD errorStatus) const; std::string policyStatusToString(DWORD policyStatus) const; diff --git a/cpp/src/Ice/SSL/SchannelEngineF.h b/cpp/src/Ice/SSL/SchannelEngineF.h new file mode 100644 index 00000000000..120e3a03b29 --- /dev/null +++ b/cpp/src/Ice/SSL/SchannelEngineF.h @@ -0,0 +1,20 @@ +// +// Copyright (c) ZeroC, Inc. All rights reserved. +// + +#ifndef ICE_SSL_SCHANNEL_ENGINE_F_H +# define ICE_ßSSL_SCHANNEL_ENGINE_F_H + +# ifdef _WIN32 + +# include + +namespace Ice::SSL::Schannel +{ + class SSLEngine; + using SSLEnginePtr = std::shared_ptr; +} + +# endif + +#endif diff --git a/cpp/src/IceSSL/SChannelTransceiverI.cpp b/cpp/src/Ice/SSL/SchannelTransceiverI.cpp similarity index 87% rename from cpp/src/IceSSL/SChannelTransceiverI.cpp rename to cpp/src/Ice/SSL/SchannelTransceiverI.cpp index c282b3a4815..d3dc4f995a1 100644 --- a/cpp/src/IceSSL/SChannelTransceiverI.cpp +++ b/cpp/src/Ice/SSL/SchannelTransceiverI.cpp @@ -2,22 +2,23 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#include "SChannelTransceiverI.h" +#include "SchannelTransceiverI.h" #include "Ice/Buffer.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/LoggerUtil.h" -#include "Ice/SSLConnectionInfo.h" +#include "Ice/SSL/ConnectionInfo.h" +#include "Ice/SSL/Schannel.h" #include "IceUtil/StringUtil.h" -#include "SChannelEngine.h" #include "SSLInstance.h" #include "SSLUtil.h" +#include "SchannelEngine.h" #include using namespace std; using namespace Ice; -using namespace IceSSL; +using namespace Ice::SSL; #ifndef CERT_CHAIN_DISABLE_AIA # define CERT_CHAIN_DISABLE_AIA 0x00002000 @@ -66,13 +67,13 @@ namespace } IceInternal::NativeInfoPtr -SChannel::TransceiverI::getNativeInfo() +Schannel::TransceiverI::getNativeInfo() { return _delegate->getNativeInfo(); } IceInternal::SocketOperation -SChannel::TransceiverI::sslHandshake() +Schannel::TransceiverI::sslHandshake() { DWORD flags = 0; if (_incoming) @@ -120,7 +121,7 @@ SChannel::TransceiverI::sslHandshake() throw SecurityException( __FILE__, __LINE__, - "IceSSL: failed to acquire credentials handle:\n" + IceUtilInternal::lastErrorToString()); + "SSL transport: failed to acquire credentials handle:\n" + IceUtilInternal::lastErrorToString()); } _ctxFlags = 0; @@ -148,7 +149,7 @@ SChannel::TransceiverI::sslHandshake() if (err != SEC_E_OK && err != SEC_I_CONTINUE_NEEDED) { ostringstream os; - os << "IceSSL: handshake failure:\n" << IceUtilInternal::errorToString(err); + os << "SSL transport: handshake failure:\n" << IceUtilInternal::errorToString(err); throw SecurityException(__FILE__, __LINE__, os.str()); } @@ -317,64 +318,64 @@ SChannel::TransceiverI::sslHandshake() { if (!(_ctxFlags & ASC_REQ_SEQUENCE_DETECT)) { - os << "\n - IceSSL: SChannel failed to setup sequence detect"; + os << "\n - SSL transport: Schannel failed to setup sequence detect"; } if (!(_ctxFlags & ASC_REQ_REPLAY_DETECT)) { - os << "\n - IceSSL: SChannel failed to setup replay detect"; + os << "\n - SSL transport: Schannel failed to setup replay detect"; } if (!(_ctxFlags & ASC_REQ_CONFIDENTIALITY)) { - os << "\n - IceSSL: SChannel failed to setup confidentiality"; + os << "\n - SSL transport: Schannel failed to setup confidentiality"; } if (!(_ctxFlags & ASC_REQ_EXTENDED_ERROR)) { - os << "\n - IceSSL: SChannel failed to setup extended error"; + os << "\n - SSL transport: Schannel failed to setup extended error"; } if (!(_ctxFlags & ASC_REQ_ALLOCATE_MEMORY)) { - os << "\n - IceSSL: SChannel failed to setup memory allocation"; + os << "\n - SSL transport: Schannel failed to setup memory allocation"; } if (!(_ctxFlags & ASC_REQ_STREAM)) { - os << "\n - IceSSL: SChannel failed to setup stream"; + os << "\n - SSL transport: Schannel failed to setup stream"; } } else { if (!(_ctxFlags & ISC_REQ_SEQUENCE_DETECT)) { - os << "\n - IceSSL: SChannel failed to setup sequence detect"; + os << "\n - SSL transport: Schannel failed to setup sequence detect"; } if (!(_ctxFlags & ISC_REQ_REPLAY_DETECT)) { - os << "\n - IceSSL: SChannel failed to setup replay detect"; + os << "\n - SSL transport: Schannel failed to setup replay detect"; } if (!(_ctxFlags & ISC_REQ_CONFIDENTIALITY)) { - os << "\n - IceSSL: SChannel failed to setup confidentiality"; + os << "\n - SSL transport: Schannel failed to setup confidentiality"; } if (!(_ctxFlags & ISC_REQ_EXTENDED_ERROR)) { - os << "\n - IceSSL: SChannel failed to setup extended error"; + os << "\n - SSL transport: Schannel failed to setup extended error"; } if (!(_ctxFlags & ISC_REQ_ALLOCATE_MEMORY)) { - os << "\n - IceSSL: SChannel failed to setup memory allocation"; + os << "\n - SSL transport: Schannel failed to setup memory allocation"; } if (!(_ctxFlags & ISC_REQ_STREAM)) { - os << "\n - IceSSL: SChannel failed to setup stream"; + os << "\n - SSL transport: Schannel failed to setup stream"; } } throw SecurityException(__FILE__, __LINE__, os.str()); @@ -384,7 +385,7 @@ SChannel::TransceiverI::sslHandshake() if (err != SEC_E_OK) { ostringstream os; - os << "IceSSL: failure to query stream sizes attributes:\n" << IceUtilInternal::errorToString(err); + os << "SSL transport: failure to query stream sizes attributes:\n" << IceUtilInternal::errorToString(err); throw SecurityException(__FILE__, __LINE__, os.str()); } @@ -393,7 +394,7 @@ SChannel::TransceiverI::sslHandshake() if (err != SEC_E_OK && err != SEC_E_NO_CREDENTIALS) { ostringstream os; - os << "IceSSL: failure to query remote certificate context:\n" << IceUtilInternal::errorToString(err); + os << "SSL transport: failure to query remote certificate context:\n" << IceUtilInternal::errorToString(err); throw SecurityException(__FILE__, __LINE__, os.str()); } @@ -412,11 +413,11 @@ SChannel::TransceiverI::sslHandshake() &pvStructInfoSize)) { ostringstream os; - os << "IceSSL: error decoding peer certificate:\n" << IceUtilInternal::lastErrorToString(); + os << "SSL transport: error decoding peer certificate:\n" << IceUtilInternal::lastErrorToString(); CertFreeCertificateContext(cert); throw SecurityException(__FILE__, __LINE__, os.str()); } - _peerCertificates.push_back(SChannel::Certificate::create(pvStructInfo)); + _peerCertificates.push_back(Schannel::Certificate::create(pvStructInfo)); CertFreeCertificateContext(cert); } @@ -439,7 +440,7 @@ SChannel::TransceiverI::sslHandshake() // data before it can decrypt the complete message. // size_t -SChannel::TransceiverI::decryptMessage(IceInternal::Buffer& buffer) +Schannel::TransceiverI::decryptMessage(IceInternal::Buffer& buffer) { assert(_readBuffer.i != _readBuffer.b.begin() || !_readUnprocessed.b.empty()); @@ -489,7 +490,7 @@ SChannel::TransceiverI::decryptMessage(IceInternal::Buffer& buffer) throw ProtocolException( __FILE__, __LINE__, - "IceSSL: protocol error during read:\n" + IceUtilInternal::errorToString(err)); + "SSL transport: protocol error during read:\n" + IceUtilInternal::errorToString(err)); } SecBuffer* dataBuffer = getSecBufferWithType(inBufferDesc, SECBUFFER_DATA); @@ -531,7 +532,7 @@ SChannel::TransceiverI::decryptMessage(IceInternal::Buffer& buffer) // number of bytes is less than the message size, the function must be called again. // size_t -SChannel::TransceiverI::encryptMessage(IceInternal::Buffer& buffer) +Schannel::TransceiverI::encryptMessage(IceInternal::Buffer& buffer) { // // Limit the message size to cbMaximumMessage which is the maximum size data that can be @@ -561,7 +562,7 @@ SChannel::TransceiverI::encryptMessage(IceInternal::Buffer& buffer) throw ProtocolException( __FILE__, __LINE__, - "IceSSL: protocol error encrypting message:\n" + IceUtilInternal::errorToString(err)); + "SSL transport: protocol error encrypting message:\n" + IceUtilInternal::errorToString(err)); } // EncryptMessage resizes the buffers, so resize the write buffer as well to reflect this. @@ -572,7 +573,7 @@ SChannel::TransceiverI::encryptMessage(IceInternal::Buffer& buffer) } IceInternal::SocketOperation -SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::Buffer& writeBuffer) +Schannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::Buffer& writeBuffer) { if (_state == StateNotInitialized) { @@ -591,12 +592,12 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal: } if (_remoteCertificateValidationCallback && - !_remoteCertificateValidationCallback(_ssl, dynamic_pointer_cast(getInfo()))) + !_remoteCertificateValidationCallback(_ssl, dynamic_pointer_cast(getInfo()))) { throw SecurityException( __FILE__, __LINE__, - "IceSSL: certificate verification failed. the certificate was explicitly rejected by the remote " + "SSL transport: certificate verification failed. the certificate was explicitly rejected by the remote " "certificate validation callback."); } @@ -610,7 +611,7 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal: } IceInternal::SocketOperation -SChannel::TransceiverI::closing(bool initiator, exception_ptr) +Schannel::TransceiverI::closing(bool initiator, exception_ptr) { // If we are initiating the connection closure, wait for the peer // to close the TCP/IP connection. Otherwise, close immediately. @@ -618,7 +619,7 @@ SChannel::TransceiverI::closing(bool initiator, exception_ptr) } void -SChannel::TransceiverI::close() +Schannel::TransceiverI::close() { if (_ssl.dwLower || _ssl.dwUpper) { @@ -647,7 +648,7 @@ SChannel::TransceiverI::close() } IceInternal::SocketOperation -SChannel::TransceiverI::write(IceInternal::Buffer& buf) +Schannel::TransceiverI::write(IceInternal::Buffer& buf) { if (_state == StateNotInitialized) { @@ -682,7 +683,7 @@ SChannel::TransceiverI::write(IceInternal::Buffer& buf) } IceInternal::SocketOperation -SChannel::TransceiverI::read(IceInternal::Buffer& buf) +Schannel::TransceiverI::read(IceInternal::Buffer& buf) { if (_state == StateNotInitialized) { @@ -724,7 +725,7 @@ SChannel::TransceiverI::read(IceInternal::Buffer& buf) #ifdef ICE_USE_IOCP bool -SChannel::TransceiverI::startWrite(IceInternal::Buffer& buffer) +Schannel::TransceiverI::startWrite(IceInternal::Buffer& buffer) { if (_state == StateNotInitialized) { @@ -741,7 +742,7 @@ SChannel::TransceiverI::startWrite(IceInternal::Buffer& buffer) } void -SChannel::TransceiverI::finishWrite(IceInternal::Buffer& buf) +Schannel::TransceiverI::finishWrite(IceInternal::Buffer& buf) { if (_state == StateNotInitialized) { @@ -763,7 +764,7 @@ SChannel::TransceiverI::finishWrite(IceInternal::Buffer& buf) } void -SChannel::TransceiverI::startRead(IceInternal::Buffer& buffer) +Schannel::TransceiverI::startRead(IceInternal::Buffer& buffer) { if (_state == StateNotInitialized) { @@ -774,7 +775,7 @@ SChannel::TransceiverI::startRead(IceInternal::Buffer& buffer) } void -SChannel::TransceiverI::finishRead(IceInternal::Buffer& buf) +Schannel::TransceiverI::finishRead(IceInternal::Buffer& buf) { if (_state == StateNotInitialized) { @@ -802,31 +803,31 @@ SChannel::TransceiverI::finishRead(IceInternal::Buffer& buf) #endif bool -SChannel::TransceiverI::isWaitingToBeRead() const noexcept +Schannel::TransceiverI::isWaitingToBeRead() const noexcept { return _delegate->isWaitingToBeRead(); } string -SChannel::TransceiverI::protocol() const +Schannel::TransceiverI::protocol() const { return _instance->protocol(); } string -SChannel::TransceiverI::toString() const +Schannel::TransceiverI::toString() const { return _delegate->toString(); } string -SChannel::TransceiverI::toDetailedString() const +Schannel::TransceiverI::toDetailedString() const { return toString(); } Ice::ConnectionInfoPtr -SChannel::TransceiverI::getInfo() const +Schannel::TransceiverI::getInfo() const { auto info = std::make_shared(); info->underlying = _delegate->getInfo(); @@ -837,23 +838,23 @@ SChannel::TransceiverI::getInfo() const } void -SChannel::TransceiverI::checkSendSize(const IceInternal::Buffer&) +Schannel::TransceiverI::checkSendSize(const IceInternal::Buffer&) { } void -SChannel::TransceiverI::setBufferSize(int rcvSize, int sndSize) +Schannel::TransceiverI::setBufferSize(int rcvSize, int sndSize) { _delegate->setBufferSize(rcvSize, sndSize); } -SChannel::TransceiverI::TransceiverI( +Schannel::TransceiverI::TransceiverI( const InstancePtr& instance, const IceInternal::TransceiverPtr& delegate, const string& adapterName, const Ice::SSL::ServerAuthenticationOptions& serverAuthenticationOptions) : _instance(instance), - _engine(dynamic_pointer_cast(instance->engine())), + _engine(dynamic_pointer_cast(instance->engine())), _host(""), _adapterName(adapterName), _incoming(true), @@ -871,13 +872,13 @@ SChannel::TransceiverI::TransceiverI( { } -SChannel::TransceiverI::TransceiverI( +Schannel::TransceiverI::TransceiverI( const InstancePtr& instance, const IceInternal::TransceiverPtr& delegate, const string& host, const Ice::SSL::ClientAuthenticationOptions& clientAuthenticationOptions) : _instance(instance), - _engine(dynamic_pointer_cast(instance->engine())), + _engine(dynamic_pointer_cast(instance->engine())), _host(host), _adapterName(""), _incoming(false), @@ -895,17 +896,17 @@ SChannel::TransceiverI::TransceiverI( { } -SChannel::TransceiverI::~TransceiverI() {} +Schannel::TransceiverI::~TransceiverI() {} bool -SChannel::TransceiverI::writeRaw(IceInternal::Buffer& buf) +Schannel::TransceiverI::writeRaw(IceInternal::Buffer& buf) { _delegate->write(buf); return buf.i == buf.b.end(); } bool -SChannel::TransceiverI::readRaw(IceInternal::Buffer& buf) +Schannel::TransceiverI::readRaw(IceInternal::Buffer& buf) { IceInternal::Buffer::Container::iterator p = buf.i; _delegate->read(buf); diff --git a/cpp/src/IceSSL/SChannelTransceiverI.h b/cpp/src/Ice/SSL/SchannelTransceiverI.h similarity index 87% rename from cpp/src/IceSSL/SChannelTransceiverI.h rename to cpp/src/Ice/SSL/SchannelTransceiverI.h index 0ba2044b8d3..fe6675a54e3 100644 --- a/cpp/src/IceSSL/SChannelTransceiverI.h +++ b/cpp/src/Ice/SSL/SchannelTransceiverI.h @@ -2,19 +2,19 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_SCHANNELTRANSCEIVER_I_H -#define ICESSL_SCHANNELTRANSCEIVER_I_H +#ifndef ICE_SSL_SCHANNEL_TRANSCEIVER_I_H +#define ICE_SSL_SCHANNEL_TRANSCEIVER_I_H #ifdef _WIN32 -# include "../Ice/Network.h" -# include "../Ice/StreamSocket.h" -# include "../Ice/Transceiver.h" -# include "../Ice/WSTransceiver.h" +# include "../Network.h" +# include "../StreamSocket.h" +# include "../Transceiver.h" +# include "../WSTransceiver.h" # include "Ice/Buffer.h" # include "Ice/Config.h" -# include "SChannelEngineF.h" # include "SSLInstanceF.h" +# include "SchannelEngineF.h" # ifdef SECURITY_WIN32 # undef SECURITY_WIN32 @@ -30,7 +30,7 @@ # include # undef SECURITY_WIN32 -namespace IceSSL::SChannel +namespace Ice::SSL::Schannel { class TransceiverI final : public IceInternal::Transceiver { @@ -87,7 +87,7 @@ namespace IceSSL::SChannel }; const InstancePtr _instance; - const IceSSL::SChannel::SSLEnginePtr _engine; + const Ice::SSL::Schannel::SSLEnginePtr _engine; const std::string _host; const std::string _adapterName; const bool _incoming; @@ -115,8 +115,8 @@ namespace IceSSL::SChannel std::function _sslNewSessionCallback; SecPkgContext_StreamSizes _sizes; std::string _cipher; - std::vector _peerCertificates; - std::function _remoteCertificateValidationCallback; + std::vector _peerCertificates; + std::function _remoteCertificateValidationCallback; bool _clientCertificateRequired; PCCERT_CONTEXT _certificate; HCERTSTORE _rootStore; diff --git a/cpp/src/IceSSL/SecureTransportCertificateI.cpp b/cpp/src/Ice/SSL/SecureTransportCertificateI.cpp similarity index 96% rename from cpp/src/IceSSL/SecureTransportCertificateI.cpp rename to cpp/src/Ice/SSL/SecureTransportCertificateI.cpp index 30ee1d0e4be..d1195b51b15 100644 --- a/cpp/src/IceSSL/SecureTransportCertificateI.cpp +++ b/cpp/src/Ice/SSL/SecureTransportCertificateI.cpp @@ -8,10 +8,10 @@ // #include "IceUtil/DisableWarnings.h" -#include "../Ice/Base64.h" +#include "../Base64.h" #include "CertificateI.h" #include "Ice/LocalException.h" -#include "Ice/SecureTransport.h" +#include "Ice/SSL/SecureTransport.h" #include "Ice/UniqueRef.h" #include "RFC2253.h" #include "SecureTransportUtil.h" @@ -24,8 +24,8 @@ using namespace Ice; using namespace IceInternal; -using namespace IceSSL; -using namespace IceSSL::SecureTransport; +using namespace Ice::SSL; +using namespace Ice::SSL::SecureTransport; using namespace std; @@ -238,16 +238,17 @@ namespace #endif - class SecureTransportCertificateI final : public IceSSL::SecureTransport::Certificate, public IceSSL::CertificateI + class SecureTransportCertificateI final : public Ice::SSL::SecureTransport::Certificate, + public Ice::SSL::CertificateI { public: SecureTransportCertificateI(SecCertificateRef); - virtual bool operator==(const IceSSL::Certificate&) const; + virtual bool operator==(const Ice::SSL::Certificate&) const; virtual vector getAuthorityKeyIdentifier() const; virtual vector getSubjectKeyIdentifier() const; - virtual bool verify(const IceSSL::CertificatePtr&) const; + virtual bool verify(const Ice::SSL::CertificatePtr&) const; virtual string encode() const; virtual chrono::system_clock::time_point getNotAfter() const; @@ -414,7 +415,7 @@ SecureTransportCertificateI::SecureTransportCertificateI(SecCertificateRef cert) } bool -SecureTransportCertificateI::operator==(const IceSSL::Certificate& r) const +SecureTransportCertificateI::operator==(const Ice::SSL::Certificate& r) const { const SecureTransportCertificateI* p = dynamic_cast(&r); if (!p) @@ -504,7 +505,7 @@ SecureTransportCertificateI::getSubjectKeyIdentifier() const } bool -SecureTransportCertificateI::verify(const IceSSL::CertificatePtr& cert) const +SecureTransportCertificateI::verify(const Ice::SSL::CertificatePtr& cert) const { bool valid = false; SecureTransportCertificateI* c = dynamic_cast(cert.get()); @@ -872,14 +873,14 @@ SecureTransportCertificateI::getExtendedKeyUsage() const #endif } -IceSSL::SecureTransport::CertificatePtr -IceSSL::SecureTransport::Certificate::create(SecCertificateRef cert) +Ice::SSL::SecureTransport::CertificatePtr +Ice::SSL::SecureTransport::Certificate::create(SecCertificateRef cert) { return make_shared(cert); } -IceSSL::SecureTransport::CertificatePtr -IceSSL::SecureTransport::Certificate::load(const std::string& file) +Ice::SSL::SecureTransport::CertificatePtr +Ice::SSL::SecureTransport::Certificate::load(const std::string& file) { string resolved; if (checkPath(file, "", false, resolved)) @@ -892,8 +893,8 @@ IceSSL::SecureTransport::Certificate::load(const std::string& file) } } -IceSSL::SecureTransport::CertificatePtr -IceSSL::SecureTransport::Certificate::decode(const std::string& encoding) +Ice::SSL::SecureTransport::CertificatePtr +Ice::SSL::SecureTransport::Certificate::decode(const std::string& encoding) { #ifdef ICE_USE_SECURE_TRANSPORT_IOS string::size_type size = 0; @@ -949,14 +950,14 @@ IceSSL::SecureTransport::Certificate::decode(const std::string& encoding) #endif } -IceSSL::CertificatePtr -IceSSL::Certificate::load(const std::string& file) +Ice::SSL::CertificatePtr +Ice::SSL::Certificate::load(const std::string& file) { - return IceSSL::SecureTransport::Certificate::load(file); + return Ice::SSL::SecureTransport::Certificate::load(file); } -IceSSL::CertificatePtr -IceSSL::Certificate::decode(const std::string& encoding) +Ice::SSL::CertificatePtr +Ice::SSL::Certificate::decode(const std::string& encoding) { - return IceSSL::SecureTransport::Certificate::decode(encoding); + return Ice::SSL::SecureTransport::Certificate::decode(encoding); } diff --git a/cpp/src/IceSSL/SecureTransportEngine.cpp b/cpp/src/Ice/SSL/SecureTransportEngine.cpp similarity index 94% rename from cpp/src/IceSSL/SecureTransportEngine.cpp rename to cpp/src/Ice/SSL/SecureTransportEngine.cpp index b893ca343f9..f376494e6d7 100644 --- a/cpp/src/IceSSL/SecureTransportEngine.cpp +++ b/cpp/src/Ice/SSL/SecureTransportEngine.cpp @@ -3,14 +3,14 @@ // #include "SecureTransportEngine.h" -#include "../Ice/Instance.h" -#include "../Ice/TraceLevels.h" -#include "Ice/Certificate.h" +#include "../Instance.h" +#include "../TraceLevels.h" #include "Ice/Config.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/LoggerUtil.h" #include "Ice/Properties.h" +#include "Ice/SSL/Certificate.h" #include "IceUtil/FileUtil.h" #include "IceUtil/StringUtil.h" #include "SSLEngine.h" @@ -27,8 +27,7 @@ using namespace IceUtil; using namespace Ice; using namespace Ice::SSL; using namespace IceInternal; -using namespace IceSSL; -using namespace IceSSL::SecureTransport; +using namespace Ice::SSL::SecureTransport; namespace { @@ -558,19 +557,21 @@ namespace } SecureTransport::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) - : IceSSL::SSLEngine(instance), + : Ice::SSL::SSLEngine(instance), _certificateAuthorities(nullptr), _chain(nullptr) { } +SecureTransport::SSLEngine::~SSLEngine() {} + // // Setup the engine. // void SecureTransport::SSLEngine::initialize() { - IceSSL::SSLEngine::initialize(); + Ice::SSL::SSLEngine::initialize(); const PropertiesPtr properties = getProperties(); @@ -592,7 +593,10 @@ SecureTransport::SSLEngine::initialize() string resolved; if (!checkPath(caFile, defaultDir, false, resolved)) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: CA certificate file not found:\n" + caFile); + throw InitializationException( + __FILE__, + __LINE__, + "SSL transport: CA certificate file not found:\n" + caFile); } _certificateAuthorities.reset(loadCACertificates(resolved)); } @@ -622,7 +626,7 @@ SecureTransport::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: invalid value for IceSSL.CertFile:\n" + certFile); + "SSL transport: invalid value for IceSSL.CertFile:\n" + certFile); } vector keyFiles; { @@ -634,14 +638,14 @@ SecureTransport::SSLEngine::initialize() throw InitializationException( __FILE__, __LINE__, - "IceSSL: invalid value for IceSSL.KeyFile:\n" + keyFile); + "SSL transport: invalid value for IceSSL.KeyFile:\n" + keyFile); } if (files.size() != keyFiles.size()) { throw InitializationException( __FILE__, __LINE__, - "IceSSL: IceSSL.KeyFile does not agree with IceSSL.CertFile"); + "SSL transport: IceSSL.KeyFile does not agree with IceSSL.CertFile"); } } } @@ -654,7 +658,10 @@ SecureTransport::SSLEngine::initialize() if (!checkPath(file, defaultDir, false, resolved)) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: certificate file not found:\n" + file); + throw InitializationException( + __FILE__, + __LINE__, + "SSL transport: certificate file not found:\n" + file); } file = resolved; @@ -662,7 +669,7 @@ SecureTransport::SSLEngine::initialize() { if (!checkPath(keyFile, defaultDir, false, resolved)) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile); + throw InitializationException(__FILE__, __LINE__, "SSL transport: key file not found:\n" + keyFile); } keyFile = resolved; } @@ -716,7 +723,7 @@ SecureTransport::SSLEngine::createClientAuthenticationOptions(const string& host return chain; }, .trustedRootCertificates = _certificateAuthorities.get(), - .serverCertificateValidationCallback = [this, host](SecTrustRef trust, const IceSSL::ConnectionInfoPtr& info) + .serverCertificateValidationCallback = [this, host](SecTrustRef trust, const Ice::SSL::ConnectionInfoPtr& info) { return validationCallback(trust, info, host); }}; } @@ -740,7 +747,7 @@ SecureTransport::SSLEngine::createServerAuthenticationOptions() const // It is safe to capture 'this' in the callbacks below as SSLEngine is managed by the communicator // and is guaranteed to outlive all connections. return ServerAuthenticationOptions{ - .clientCertificateValidationCallback = [this](SecTrustRef trust, const IceSSL::ConnectionInfoPtr& info) + .clientCertificateValidationCallback = [this](SecTrustRef trust, const Ice::SSL::ConnectionInfoPtr& info) { return validationCallback(trust, info, ""); }, .clientCertificateRequired = clientCertificateRequired, .trustedRootCertificates = _certificateAuthorities.get(), @@ -763,7 +770,7 @@ SecureTransport::SSLEngine::newContext(bool incoming) const SSLCreateContext(kCFAllocatorDefault, incoming ? kSSLServerSide : kSSLClientSide, kSSLStreamType); if (!ssl) { - throw SecurityException(__FILE__, __LINE__, "IceSSL: unable to create SSL context"); + throw SecurityException(__FILE__, __LINE__, "SSL transport: unable to create SSL context"); } OSStatus err = SSLSetSessionOption( @@ -776,7 +783,7 @@ SecureTransport::SSLEngine::newContext(bool incoming) const throw SecurityException( __FILE__, __LINE__, - "IceSSL: error while setting SSL option:\n" + sslErrorToString(err)); + "SSL transport: error while setting SSL option:\n" + sslErrorToString(err)); } return ssl; @@ -793,7 +800,7 @@ SecureTransport::SSLEngine::validationCallback(SecTrustRef trust, const Connecti // Do not allow to fetch missing intermediate certificates from the network. if ((err = SecTrustSetNetworkFetchAllowed(trust, false))) { - throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + sslErrorToString(err)); + throw SecurityException(__FILE__, __LINE__, "SSL transport: handshake failure:\n" + sslErrorToString(err)); } UniqueRef policies(CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks)); @@ -822,14 +829,17 @@ SecureTransport::SSLEngine::validationCallback(SecTrustRef trust, const Connecti UniqueRef revocationPolicy(SecPolicyCreateRevocation(revocationFlags)); if (!revocationPolicy) { - throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure: error creating revocation policy"); + throw SecurityException( + __FILE__, + __LINE__, + "SSL transport: handshake failure: error creating revocation policy"); } CFArrayAppendValue(policies.get(), revocationPolicy.get()); } if ((err = SecTrustSetPolicies(trust, policies.get()))) { - throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + sslErrorToString(err)); + throw SecurityException(__FILE__, __LINE__, "SSL transport: handshake failure:\n" + sslErrorToString(err)); } // @@ -838,7 +848,7 @@ SecureTransport::SSLEngine::validationCallback(SecTrustRef trust, const Connecti if (!SecTrustEvaluateWithError(trust, &trustErr.get())) { ostringstream os; - os << "IceSSL: certificate verification failure:\n" << trustErrorToString(trustErr.get()); + os << "SSL transport: certificate verification failure:\n" << trustErrorToString(trustErr.get()); string msg = os.str(); if (instance()->traceLevels()->network >= 1) { diff --git a/cpp/src/IceSSL/SecureTransportEngine.h b/cpp/src/Ice/SSL/SecureTransportEngine.h similarity index 64% rename from cpp/src/IceSSL/SecureTransportEngine.h rename to cpp/src/Ice/SSL/SecureTransportEngine.h index 2ba8afe61c2..9324d9d736a 100644 --- a/cpp/src/IceSSL/SecureTransportEngine.h +++ b/cpp/src/Ice/SSL/SecureTransportEngine.h @@ -2,26 +2,27 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_SECURE_TRANSPORT_ENGINE_H -#define ICESSL_SECURE_TRANSPORT_ENGINE_H +#ifndef ICE_SSL_SECURE_TRANSPORT_ENGINE_H +#define ICE_SSL_SECURE_TRANSPORT_ENGINE_H #ifdef __APPLE__ -# include "Ice/ClientAuthenticationOptions.h" # include "Ice/InstanceF.h" -# include "Ice/ServerAuthenticationOptions.h" +# include "Ice/SSL/ClientAuthenticationOptions.h" +# include "Ice/SSL/ServerAuthenticationOptions.h" # include "Ice/UniqueRef.h" # include "SSLEngine.h" # include # include -namespace IceSSL::SecureTransport +namespace Ice::SSL::SecureTransport { - class SSLEngine final : public IceSSL::SSLEngine, public std::enable_shared_from_this + class SSLEngine final : public Ice::SSL::SSLEngine, public std::enable_shared_from_this { public: SSLEngine(const IceInternal::InstancePtr&); + ~SSLEngine(); void initialize() final; void destroy() final; @@ -29,7 +30,7 @@ namespace IceSSL::SecureTransport Ice::SSL::ClientAuthenticationOptions createClientAuthenticationOptions(const std::string& host) const final; Ice::SSL::ServerAuthenticationOptions createServerAuthenticationOptions() const final; SSLContextRef newContext(bool) const; - bool validationCallback(SecTrustRef trust, const IceSSL::ConnectionInfoPtr&, const std::string&) const; + bool validationCallback(SecTrustRef trust, const Ice::SSL::ConnectionInfoPtr&, const std::string&) const; std::string getCipherName(SSLCipherSuite) const; diff --git a/cpp/src/IceSSL/SecureTransportEngineF.h b/cpp/src/Ice/SSL/SecureTransportEngineF.h similarity index 60% rename from cpp/src/IceSSL/SecureTransportEngineF.h rename to cpp/src/Ice/SSL/SecureTransportEngineF.h index b7c943e9208..6c900bde7b0 100644 --- a/cpp/src/IceSSL/SecureTransportEngineF.h +++ b/cpp/src/Ice/SSL/SecureTransportEngineF.h @@ -2,14 +2,14 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_SECURE_TRANSPORT_ENGINE_F_H -#define ICESSL_SECURE_TRANSPORT_ENGINE_F_H +#ifndef ICE_SSL_SECURE_TRANSPORT_ENGINE_F_H +#define ICE_SSL_SECURE_TRANSPORT_ENGINE_F_H #ifdef __APPLE__ # include -namespace IceSSL::SecureTransport +namespace Ice::SSL::SecureTransport { class SSLEngine; using SSLEnginePtr = std::shared_ptr; diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/Ice/SSL/SecureTransportTransceiverI.cpp similarity index 85% rename from cpp/src/IceSSL/SecureTransportTransceiverI.cpp rename to cpp/src/Ice/SSL/SecureTransportTransceiverI.cpp index fc23d90de1d..ca10ce1fedb 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +++ b/cpp/src/Ice/SSL/SecureTransportTransceiverI.cpp @@ -5,7 +5,7 @@ #include "SecureTransportTransceiverI.h" #include "Ice/LocalException.h" #include "Ice/LoggerUtil.h" -#include "Ice/SSLConnectionInfo.h" +#include "Ice/SSL/ConnectionInfo.h" #include "SSLInstance.h" #include "SecureTransportEngine.h" #include "SecureTransportUtil.h" @@ -18,9 +18,8 @@ using namespace std; using namespace Ice; using namespace Ice::SSL; +using namespace Ice::SSL::SecureTransport; using namespace IceInternal; -using namespace IceSSL; -using namespace IceSSL::SecureTransport; namespace { @@ -67,13 +66,13 @@ namespace } IceInternal::NativeInfoPtr -IceSSL::SecureTransport::TransceiverI::getNativeInfo() +Ice::SSL::SecureTransport::TransceiverI::getNativeInfo() { return _delegate->getNativeInfo(); } IceInternal::SocketOperation -IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::Buffer& writeBuffer) +Ice::SSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::Buffer& writeBuffer) { if (!_connected) { @@ -130,7 +129,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe throw SecurityException( __FILE__, __LINE__, - "IceSSL: error while setting the SSL context certificate:\n" + sslErrorToString(err)); + "SSL transport: error while setting the SSL context certificate:\n" + sslErrorToString(err)); } } } @@ -140,7 +139,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe throw SecurityException( __FILE__, __LINE__, - "IceSSL: setting IO functions failed\n" + sslErrorToString(err)); + "SSL transport: setting IO functions failed\n" + sslErrorToString(err)); } if ((err = SSLSetConnection(_ssl.get(), reinterpret_cast(this)))) @@ -148,7 +147,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe throw SecurityException( __FILE__, __LINE__, - "IceSSL: setting SSL connection failed\n" + sslErrorToString(err)); + "SSL transport: setting SSL connection failed\n" + sslErrorToString(err)); } // @@ -161,7 +160,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe throw SecurityException( __FILE__, __LINE__, - "IceSSL: setting SNI host failed `" + _host + "'\n" + sslErrorToString(err)); + "SSL transport: setting SNI host failed `" + _host + "'\n" + sslErrorToString(err)); } } } @@ -205,7 +204,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe { SecCertificateRef cert = SecTrustGetCertificateAtIndex(_trust.get(), i); CFRetain(cert); - _peerCerts.push_back(IceSSL::SecureTransport::Certificate::create(cert)); + _peerCerts.push_back(Ice::SSL::SecureTransport::Certificate::create(cert)); } if (_trustedRootCertificates) @@ -215,7 +214,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe throw SecurityException( __FILE__, __LINE__, - "IceSSL: handshake failure:\n" + sslErrorToString(err)); + "SSL transport: handshake failure:\n" + sslErrorToString(err)); } if ((err = SecTrustSetAnchorCertificatesOnly(_trust.get(), true))) @@ -223,15 +222,15 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe throw SecurityException( __FILE__, __LINE__, - "IceSSL: handshake failure:\n" + sslErrorToString(err)); + "SSL transport: handshake failure:\n" + sslErrorToString(err)); } } - function + function remoteCertificateValidationCallback = _remoteCertificateValidationCallback ? _remoteCertificateValidationCallback - : [this](SecTrustRef trust, const IceSSL::ConnectionInfoPtr& info) + : [this](SecTrustRef trust, const Ice::SSL::ConnectionInfoPtr& info) { return _engine->validationCallback(trust, info, _incoming ? _adapterName : _host); }; if (remoteCertificateValidationCallback( @@ -254,7 +253,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe } ostringstream os; - os << "IceSSL: ssl error occurred for new " << (_incoming ? "incoming" : "outgoing") << " connection:\n" + os << "SSL transport: ssl error occurred for new " << (_incoming ? "incoming" : "outgoing") << " connection:\n" << _delegate->toString() << "\n" << sslErrorToString(err); throw ProtocolException(__FILE__, __LINE__, os.str()); @@ -291,7 +290,7 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe } IceInternal::SocketOperation -IceSSL::SecureTransport::TransceiverI::closing(bool initiator, exception_ptr) +Ice::SSL::SecureTransport::TransceiverI::closing(bool initiator, exception_ptr) { // If we are initiating the connection closure, wait for the peer // to close the TCP/IP connection. Otherwise, close immediately. @@ -299,7 +298,7 @@ IceSSL::SecureTransport::TransceiverI::closing(bool initiator, exception_ptr) } void -IceSSL::SecureTransport::TransceiverI::close() +Ice::SSL::SecureTransport::TransceiverI::close() { if (_trust) { @@ -322,7 +321,7 @@ IceSSL::SecureTransport::TransceiverI::close() } IceInternal::SocketOperation -IceSSL::SecureTransport::TransceiverI::write(IceInternal::Buffer& buf) +Ice::SSL::SecureTransport::TransceiverI::write(IceInternal::Buffer& buf) { if (!_connected) { @@ -367,7 +366,10 @@ IceSSL::SecureTransport::TransceiverI::write(IceInternal::Buffer& buf) // if (err <= -9800 && err >= -9849) { - throw ProtocolException(__FILE__, __LINE__, "IceSSL: error during write:\n" + sslErrorToString(err)); + throw ProtocolException( + __FILE__, + __LINE__, + "SSL transport: error during write:\n" + sslErrorToString(err)); } errno = err; @@ -401,7 +403,7 @@ IceSSL::SecureTransport::TransceiverI::write(IceInternal::Buffer& buf) } IceInternal::SocketOperation -IceSSL::SecureTransport::TransceiverI::read(IceInternal::Buffer& buf) +Ice::SSL::SecureTransport::TransceiverI::read(IceInternal::Buffer& buf) { if (!_connected) { @@ -440,7 +442,10 @@ IceSSL::SecureTransport::TransceiverI::read(IceInternal::Buffer& buf) // if (err <= -9800 && err >= -9849) { - throw ProtocolException(__FILE__, __LINE__, "IceSSL: error during read:\n" + sslErrorToString(err)); + throw ProtocolException( + __FILE__, + __LINE__, + "SSL transport: error during read:\n" + sslErrorToString(err)); } errno = err; @@ -477,33 +482,33 @@ IceSSL::SecureTransport::TransceiverI::read(IceInternal::Buffer& buf) } bool -IceSSL::SecureTransport::TransceiverI::isWaitingToBeRead() const noexcept +Ice::SSL::SecureTransport::TransceiverI::isWaitingToBeRead() const noexcept { return _delegate->isWaitingToBeRead(); } string -IceSSL::SecureTransport::TransceiverI::protocol() const +Ice::SSL::SecureTransport::TransceiverI::protocol() const { return _instance->protocol(); } string -IceSSL::SecureTransport::TransceiverI::toString() const +Ice::SSL::SecureTransport::TransceiverI::toString() const { return _delegate->toString(); } string -IceSSL::SecureTransport::TransceiverI::toDetailedString() const +Ice::SSL::SecureTransport::TransceiverI::toDetailedString() const { return toString(); } Ice::ConnectionInfoPtr -IceSSL::SecureTransport::TransceiverI::getInfo() const +Ice::SSL::SecureTransport::TransceiverI::getInfo() const { - auto info = make_shared(); + auto info = make_shared(); info->underlying = _delegate->getInfo(); info->incoming = _incoming; info->adapterName = _adapterName; @@ -512,23 +517,23 @@ IceSSL::SecureTransport::TransceiverI::getInfo() const } void -IceSSL::SecureTransport::TransceiverI::checkSendSize(const IceInternal::Buffer&) +Ice::SSL::SecureTransport::TransceiverI::checkSendSize(const IceInternal::Buffer&) { } void -IceSSL::SecureTransport::TransceiverI::setBufferSize(int rcvSize, int sndSize) +Ice::SSL::SecureTransport::TransceiverI::setBufferSize(int rcvSize, int sndSize) { _delegate->setBufferSize(rcvSize, sndSize); } -IceSSL::SecureTransport::TransceiverI::TransceiverI( - const IceSSL::InstancePtr& instance, +Ice::SSL::SecureTransport::TransceiverI::TransceiverI( + const Ice::SSL::InstancePtr& instance, const IceInternal::TransceiverPtr& delegate, const string& adapterName, const ServerAuthenticationOptions& serverAuthenticationOptions) : _instance(instance), - _engine(dynamic_pointer_cast(instance->engine())), + _engine(dynamic_pointer_cast(instance->engine())), _host(""), _adapterName(adapterName), _incoming(true), @@ -544,13 +549,13 @@ IceSSL::SecureTransport::TransceiverI::TransceiverI( { } -IceSSL::SecureTransport::TransceiverI::TransceiverI( - const IceSSL::InstancePtr& instance, +Ice::SSL::SecureTransport::TransceiverI::TransceiverI( + const Ice::SSL::InstancePtr& instance, const IceInternal::TransceiverPtr& delegate, const string& host, const ClientAuthenticationOptions& clientAuthenticationOptions) : _instance(instance), - _engine(dynamic_pointer_cast(instance->engine())), + _engine(dynamic_pointer_cast(instance->engine())), _host(host), _adapterName(""), _incoming(false), @@ -566,10 +571,10 @@ IceSSL::SecureTransport::TransceiverI::TransceiverI( { } -IceSSL::SecureTransport::TransceiverI::~TransceiverI() {} +Ice::SSL::SecureTransport::TransceiverI::~TransceiverI() {} OSStatus -IceSSL::SecureTransport::TransceiverI::writeRaw(const byte* data, size_t* length) const +Ice::SSL::SecureTransport::TransceiverI::writeRaw(const byte* data, size_t* length) const { _tflags &= ~SSLWantWrite; @@ -602,7 +607,7 @@ IceSSL::SecureTransport::TransceiverI::writeRaw(const byte* data, size_t* length } OSStatus -IceSSL::SecureTransport::TransceiverI::readRaw(byte* data, size_t* length) const +Ice::SSL::SecureTransport::TransceiverI::readRaw(byte* data, size_t* length) const { _tflags &= ~SSLWantRead; diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.h b/cpp/src/Ice/SSL/SecureTransportTransceiverI.h similarity index 86% rename from cpp/src/IceSSL/SecureTransportTransceiverI.h rename to cpp/src/Ice/SSL/SecureTransportTransceiverI.h index b866982338e..335e12d9ba7 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.h +++ b/cpp/src/Ice/SSL/SecureTransportTransceiverI.h @@ -2,17 +2,17 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_SECURE_TRANSPORT_TRANSCEIVER_I_H -#define ICESSL_SECURE_TRANSPORT_TRANSCEIVER_I_H +#ifndef ICE_SSL_SECURE_TRANSPORT_TRANSCEIVER_I_H +#define ICE_SSL_SECURE_TRANSPORT_TRANSCEIVER_I_H #ifdef __APPLE__ -# include "../Ice/Network.h" -# include "../Ice/Transceiver.h" -# include "Ice/Certificate.h" -# include "Ice/ClientAuthenticationOptions.h" +# include "../Network.h" +# include "../Transceiver.h" # include "Ice/Config.h" -# include "Ice/ServerAuthenticationOptions.h" +# include "Ice/SSL/Certificate.h" +# include "Ice/SSL/ClientAuthenticationOptions.h" +# include "Ice/SSL/ServerAuthenticationOptions.h" # include "Ice/UniqueRef.h" # include "SSLInstanceF.h" # include "SecureTransportEngineF.h" @@ -21,7 +21,7 @@ # include # include -namespace IceSSL::SecureTransport +namespace Ice::SSL::SecureTransport { class TransceiverI final : public IceInternal::Transceiver { @@ -80,7 +80,7 @@ namespace IceSSL::SecureTransport std::vector _peerCerts; size_t _buffered; std::function _sslNewSessionCallback; - std::function + std::function _remoteCertificateValidationCallback; std::function _localCertificateSelectionCallback; SSLAuthenticate _clientCertificateRequired; diff --git a/cpp/src/IceSSL/SecureTransportUtil.cpp b/cpp/src/Ice/SSL/SecureTransportUtil.cpp similarity index 88% rename from cpp/src/IceSSL/SecureTransportUtil.cpp rename to cpp/src/Ice/SSL/SecureTransportUtil.cpp index 1299582512f..51b0ed22521 100644 --- a/cpp/src/IceSSL/SecureTransportUtil.cpp +++ b/cpp/src/Ice/SSL/SecureTransportUtil.cpp @@ -3,7 +3,7 @@ // #include "SecureTransportUtil.h" -#include "../Ice/Base64.h" +#include "../Base64.h" #include "Ice/LocalException.h" #include "Ice/UniqueRef.h" #include "IceUtil/FileUtil.h" @@ -17,8 +17,8 @@ using namespace Ice; using namespace IceInternal; -using namespace IceSSL; -using namespace IceSSL::SecureTransport; +using namespace Ice::SSL; +using namespace Ice::SSL::SecureTransport; using namespace std; #if defined(__clang__) @@ -51,7 +51,7 @@ namespace } string -IceSSL::SecureTransport::sslErrorToString(CFErrorRef err) +Ice::SSL::SecureTransport::sslErrorToString(CFErrorRef err) { ostringstream os; if (err) @@ -63,7 +63,7 @@ IceSSL::SecureTransport::sslErrorToString(CFErrorRef err) } string -IceSSL::SecureTransport::sslErrorToString(OSStatus status) +Ice::SSL::SecureTransport::sslErrorToString(OSStatus status) { ostringstream os; os << "(error: " << status; @@ -80,7 +80,7 @@ IceSSL::SecureTransport::sslErrorToString(OSStatus status) #if defined(ICE_USE_SECURE_TRANSPORT_MACOS) CFDictionaryRef -IceSSL::SecureTransport::getCertificateProperty(SecCertificateRef cert, CFTypeRef key) +Ice::SSL::SecureTransport::getCertificateProperty(SecCertificateRef cert, CFTypeRef key) { UniqueRef property; UniqueRef keys(CFArrayCreate(nullptr, &key, 1, &kCFTypeArrayCallBacks)); @@ -89,7 +89,7 @@ IceSSL::SecureTransport::getCertificateProperty(SecCertificateRef cert, CFTypeRe if (err) { ostringstream os; - os << "IceSSL: error getting property for certificate:\n" << sslErrorToString(err); + os << "SSL transport: error getting property for certificate:\n" << sslErrorToString(err); throw CertificateReadException(__FILE__, __LINE__, os.str()); } @@ -154,7 +154,7 @@ namespace if (err != noErr) { ostringstream os; - os << "IceSSL: error reading " << (type == kSecItemTypePrivateKey ? "private key" : "certificate"); + os << "SSL transport: error reading " << (type == kSecItemTypePrivateKey ? "private key" : "certificate"); os << " `" << file << "':\n" << sslErrorToString(err); throw CertificateReadException(__FILE__, __LINE__, os.str()); } @@ -162,7 +162,7 @@ namespace if (type != kSecItemTypeUnknown && importType != kSecItemTypeAggregate && importType != type) { ostringstream os; - os << "IceSSL: error reading " << (type == kSecItemTypePrivateKey ? "private key" : "certificate"); + os << "SSL transport: error reading " << (type == kSecItemTypePrivateKey ? "private key" : "certificate"); os << " `" << file << "' doesn't contain the expected item"; throw CertificateReadException(__FILE__, __LINE__, os.str()); } @@ -182,7 +182,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: unable to retrieve default keychain:\n" + sslErrorToString(err)); + "SSL transport: unable to retrieve default keychain:\n" + sslErrorToString(err)); } } else @@ -204,7 +204,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: unable to open keychain: `" + keychainPath + "'\n" + sslErrorToString(err)); + "SSL transport: unable to open keychain: `" + keychainPath + "'\n" + sslErrorToString(err)); } } @@ -219,7 +219,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: unable to unlock keychain:\n" + sslErrorToString(err)); + "SSL transport: unable to unlock keychain:\n" + sslErrorToString(err)); } } else if (err == errSecNoSuchKeychain) @@ -237,7 +237,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: unable to create keychain:\n" + sslErrorToString(err)); + "SSL transport: unable to create keychain:\n" + sslErrorToString(err)); } } else @@ -245,7 +245,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: unable to open keychain:\n" + sslErrorToString(err)); + "SSL transport: unable to open keychain:\n" + sslErrorToString(err)); } // @@ -261,7 +261,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: error setting keychain settings:\n" + sslErrorToString(err)); + "SSL transport: error setting keychain settings:\n" + sslErrorToString(err)); } return keychain.release(); @@ -319,7 +319,7 @@ namespace if (err != noErr) { ostringstream os; - os << "IceSSL: error creating certificate identity:\n" << sslErrorToString(err); + os << "SSL transport: error creating certificate identity:\n" << sslErrorToString(err); throw CertificateReadException(__FILE__, __LINE__, os.str()); } return identity.release(); @@ -327,7 +327,7 @@ namespace else if (err != errSecItemNotFound) { ostringstream os; - os << "IceSSL: error searching for keychain items:\n" << sslErrorToString(err); + os << "SSL transport: error searching for keychain items:\n" << sslErrorToString(err); throw CertificateReadException(__FILE__, __LINE__, os.str()); } @@ -350,7 +350,7 @@ namespace } if (!key) { - throw CertificateReadException(__FILE__, __LINE__, "IceSSL: no key in file `" + file + "'"); + throw CertificateReadException(__FILE__, __LINE__, "SSL transport: no key in file `" + file + "'"); } // @@ -373,7 +373,7 @@ namespace if (err != noErr) { ostringstream os; - os << "IceSSL: failure adding certificate to keychain\n" << sslErrorToString(err); + os << "SSL transport: failure adding certificate to keychain\n" << sslErrorToString(err); throw CertificateReadException(__FILE__, __LINE__, os.str()); } item.retain(static_cast(const_cast(CFArrayGetValueAtIndex(added.get(), 0)))); @@ -418,7 +418,7 @@ namespace if (err != noErr) { ostringstream os; - os << "IceSSL: error creating certificate identity:\n" << sslErrorToString(err); + os << "SSL transport: error creating certificate identity:\n" << sslErrorToString(err); throw CertificateReadException(__FILE__, __LINE__, os.str()); } return identity.release(); @@ -452,7 +452,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: certificate " + file + " is not a valid PEM-encoded certificate"); + "SSL transport: certificate " + file + " is not a valid PEM-encoded certificate"); } size = endpos - startpos; } @@ -478,7 +478,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: certificate " + file + " is not a valid PEM-encoded certificate"); + "SSL transport: certificate " + file + " is not a valid PEM-encoded certificate"); } CFArrayAppendValue(const_cast(certs.get()), cert.get()); first = false; @@ -493,7 +493,7 @@ namespace throw InitializationException( __FILE__, __LINE__, - "IceSSL: certificate " + file + " is not a valid DER-encoded certificate"); + "SSL transport: certificate " + file + " is not a valid DER-encoded certificate"); } CFArrayAppendValue(const_cast(certs.get()), cert.get()); } @@ -507,7 +507,7 @@ namespace // Imports a certificate (it might contain an identity or certificate depending on the format). // CFArrayRef -IceSSL::SecureTransport::loadCertificateChain( +Ice::SSL::SecureTransport::loadCertificateChain( const string& file, #if defined(ICE_USE_SECURE_TRANSPORT_IOS) const string& /*keyFile*/, @@ -534,7 +534,7 @@ IceSSL::SecureTransport::loadCertificateChain( if (err != noErr) { ostringstream os; - os << "IceSSL: unable to import certificate from file " << file << " (error = " << err << ")"; + os << "SSL transport: unable to import certificate from file " << file << " (error = " << err << ")"; throw InitializationException(__FILE__, __LINE__, os.str()); } @@ -554,7 +554,7 @@ IceSSL::SecureTransport::loadCertificateChain( if (!chain) { ostringstream os; - os << "IceSSL: couldn't find identity in file " << file; + os << "SSL transport: couldn't find identity in file " << file; throw InitializationException(__FILE__, __LINE__, os.str()); } #else @@ -572,7 +572,7 @@ IceSSL::SecureTransport::loadCertificateChain( if (SecCertificateGetTypeID() != CFGetTypeID(cert)) { ostringstream os; - os << "IceSSL: couldn't find certificate in `" << file << "'"; + os << "SSL transport: couldn't find certificate in `" << file << "'"; throw CertificateReadException(__FILE__, __LINE__, os.str()); } @@ -590,7 +590,7 @@ IceSSL::SecureTransport::loadCertificateChain( } SecCertificateRef -IceSSL::SecureTransport::loadCertificate(const string& file) +Ice::SSL::SecureTransport::loadCertificate(const string& file) { UniqueRef cert; #if defined(ICE_USE_SECURE_TRANSPORT_IOS) @@ -605,7 +605,7 @@ IceSSL::SecureTransport::loadCertificate(const string& file) } CFArrayRef -IceSSL::SecureTransport::loadCACertificates(const string& file) +Ice::SSL::SecureTransport::loadCACertificates(const string& file) { #if defined(ICE_USE_SECURE_TRANSPORT_IOS) return loadCerts(file); @@ -629,9 +629,9 @@ IceSSL::SecureTransport::loadCACertificates(const string& file) CFArrayRef #if defined(ICE_USE_SECURE_TRANSPORT_IOS) -IceSSL::SecureTransport::findCertificateChain(const std::string&, const std::string&, const string& value) +Ice::SSL::SecureTransport::findCertificateChain(const std::string&, const std::string&, const string& value) #else -IceSSL::SecureTransport::findCertificateChain( +Ice::SSL::SecureTransport::findCertificateChain( const std::string& keychainPath, const std::string& keychainPassword, const string& value) @@ -670,7 +670,7 @@ IceSSL::SecureTransport::findCertificateChain( string arg; if (field != "LABEL" && field != "SERIAL" && field != "SUBJECT" && field != "SUBJECTKEYID") { - throw InitializationException(__FILE__, __LINE__, "IceSSL: unknown key in `" + value + "'"); + throw InitializationException(__FILE__, __LINE__, "SSL transport: unknown key in `" + value + "'"); } start = pos + 1; @@ -681,7 +681,7 @@ IceSSL::SecureTransport::findCertificateChain( if (start == value.size()) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: missing argument in `" + value + "'"); + throw InitializationException(__FILE__, __LINE__, "SSL transport: missing argument in `" + value + "'"); } if (value[start] == '"' || value[start] == '\'') @@ -698,7 +698,7 @@ IceSSL::SecureTransport::findCertificateChain( } if (end == value.size() || value[end] != value[start]) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: unmatched quote in `" + value + "'"); + throw InitializationException(__FILE__, __LINE__, "SSL transport: unmatched quote in `" + value + "'"); } ++start; arg = value.substr(start, end - start); @@ -730,7 +730,7 @@ IceSSL::SecureTransport::findCertificateChain( vector buffer; if (!parseBytes(arg, buffer)) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: invalid value `" + value + "'"); + throw InitializationException(__FILE__, __LINE__, "SSL transport: invalid value `" + value + "'"); } UniqueRef v(CFDataCreate(kCFAllocatorDefault, &buffer[0], static_cast(buffer.size()))); CFDictionarySetValue( @@ -743,7 +743,7 @@ IceSSL::SecureTransport::findCertificateChain( if (!valid) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: invalid value `" + value + "'"); + throw InitializationException(__FILE__, __LINE__, "SSL transport: invalid value `" + value + "'"); } UniqueRef cert; @@ -753,7 +753,7 @@ IceSSL::SecureTransport::findCertificateChain( throw InitializationException( __FILE__, __LINE__, - "IceSSL: find certificate `" + value + "' failed:\n" + sslErrorToString(err)); + "SSL transport: find certificate `" + value + "' failed:\n" + sslErrorToString(err)); } // @@ -767,13 +767,16 @@ IceSSL::SecureTransport::findCertificateChain( throw InitializationException( __FILE__, __LINE__, - "IceSSL: error creating trust object" + (err ? ":\n" + sslErrorToString(err) : "")); + "SSL transport: error creating trust object" + (err ? ":\n" + sslErrorToString(err) : "")); } SecTrustResultType trustResult; if ((err = SecTrustEvaluate(trust.get(), &trustResult))) { - throw InitializationException(__FILE__, __LINE__, "IceSSL: error evaluating trust:\n" + sslErrorToString(err)); + throw InitializationException( + __FILE__, + __LINE__, + "SSL transport: error evaluating trust:\n" + sslErrorToString(err)); } CFIndex chainLength = SecTrustGetCertificateCount(trust.get()); @@ -804,7 +807,8 @@ IceSSL::SecureTransport::findCertificateChain( if (err != noErr) { ostringstream os; - os << "IceSSL: couldn't create identity for certificate found in the keychain:\n" << sslErrorToString(err); + os << "SSL transport: couldn't create identity for certificate found in the keychain:\n" + << sslErrorToString(err); throw InitializationException(__FILE__, __LINE__, os.str()); } @@ -829,7 +833,8 @@ IceSSL::SecureTransport::findCertificateChain( if (err != noErr) { ostringstream os; - os << "IceSSL: couldn't create identity for certificate found in the keychain:\n" << sslErrorToString(err); + os << "SSL transport: couldn't create identity for certificate found in the keychain:\n" + << sslErrorToString(err); throw InitializationException(__FILE__, __LINE__, os.str()); } CFArraySetValueAtIndex(const_cast(items.get()), 0, identity.get()); diff --git a/cpp/src/IceSSL/SecureTransportUtil.h b/cpp/src/Ice/SSL/SecureTransportUtil.h similarity index 84% rename from cpp/src/IceSSL/SecureTransportUtil.h rename to cpp/src/Ice/SSL/SecureTransportUtil.h index edf8c905c30..88b99018aa4 100644 --- a/cpp/src/IceSSL/SecureTransportUtil.h +++ b/cpp/src/Ice/SSL/SecureTransportUtil.h @@ -2,15 +2,15 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_SECURE_TRANSPORT_UTIL_H -#define ICESSL_SECURE_TRANSPORT_UTIL_H +#ifndef ICE_SSL_SECURE_TRANSPORT_UTIL_H +#define ICE_SSL_SECURE_TRANSPORT_UTIL_H #ifdef __APPLE__ -# include "Ice/SecureTransport.h" +# include "Ice/SSL/SecureTransport.h" # include "SSLUtil.h" -namespace IceSSL::SecureTransport +namespace Ice::SSL::SecureTransport { std::string sslErrorToString(CFErrorRef); std::string sslErrorToString(OSStatus); diff --git a/cpp/src/IceSSL/TrustManager.cpp b/cpp/src/Ice/SSL/TrustManager.cpp similarity index 95% rename from cpp/src/IceSSL/TrustManager.cpp rename to cpp/src/Ice/SSL/TrustManager.cpp index a9022af597d..a20d9801b16 100644 --- a/cpp/src/IceSSL/TrustManager.cpp +++ b/cpp/src/Ice/SSL/TrustManager.cpp @@ -3,18 +3,18 @@ // #include "TrustManager.h" -#include "../Ice/Instance.h" -#include "../Ice/Network.h" +#include "../Instance.h" +#include "../Network.h" #include "Ice/Communicator.h" #include "Ice/LocalException.h" #include "Ice/Logger.h" #include "Ice/LoggerUtil.h" #include "Ice/Properties.h" -#include "Ice/SSLConnectionInfo.h" +#include "Ice/SSL/ConnectionInfo.h" #include "RFC2253.h" using namespace std; -using namespace IceSSL; +using namespace Ice::SSL; TrustManager::TrustManager(const IceInternal::InstancePtr& instance) : _instance(instance) { @@ -48,7 +48,10 @@ TrustManager::TrustManager(const IceInternal::InstancePtr& instance) : _instance } catch (const ParseException& ex) { - throw Ice::InitializationException(__FILE__, __LINE__, "IceSSL: invalid property " + key + ":\n" + ex.reason); + throw Ice::InitializationException( + __FILE__, + __LINE__, + "SSL transport: invalid property " + key + ":\n" + ex.reason); } } diff --git a/cpp/src/IceSSL/TrustManager.h b/cpp/src/Ice/SSL/TrustManager.h similarity index 87% rename from cpp/src/IceSSL/TrustManager.h rename to cpp/src/Ice/SSL/TrustManager.h index 2a88dc4ef3f..b9c65401625 100644 --- a/cpp/src/IceSSL/TrustManager.h +++ b/cpp/src/Ice/SSL/TrustManager.h @@ -2,18 +2,18 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_TRUST_MANAGER_H -#define ICESSL_TRUST_MANAGER_H +#ifndef ICE_SSL_TRUST_MANAGER_H +#define ICE_SSL_TRUST_MANAGER_H -#include "Ice/Certificate.h" #include "Ice/InstanceF.h" -#include "Ice/SSLConnectionInfoF.h" +#include "Ice/SSL/Certificate.h" +#include "Ice/SSL/ConnectionInfoF.h" #include "RFC2253.h" #include "TrustManagerF.h" #include #include -namespace IceSSL +namespace Ice::SSL { class TrustManager { diff --git a/cpp/src/IceSSL/TrustManagerF.h b/cpp/src/Ice/SSL/TrustManagerF.h similarity index 66% rename from cpp/src/IceSSL/TrustManagerF.h rename to cpp/src/Ice/SSL/TrustManagerF.h index 7a2635e5623..740f176c39f 100644 --- a/cpp/src/IceSSL/TrustManagerF.h +++ b/cpp/src/Ice/SSL/TrustManagerF.h @@ -2,12 +2,12 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -#ifndef ICESSL_TRUST_MANAGER_F_H -#define ICESSL_TRUST_MANAGER_F_H +#ifndef ICE_SSL_TRUST_MANAGER_F_H +#define ICE_SSL_TRUST_MANAGER_F_H #include -namespace IceSSL +namespace Ice::SSL { class TrustManager; using TrustManagerPtr = std::shared_ptr; diff --git a/cpp/src/Ice/TcpEndpointI.h b/cpp/src/Ice/TcpEndpointI.h index 00f86c30a55..3a9e61e47a2 100644 --- a/cpp/src/Ice/TcpEndpointI.h +++ b/cpp/src/Ice/TcpEndpointI.h @@ -7,7 +7,7 @@ #include "EndpointFactory.h" #include "IPEndpointI.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "IceUtil/Config.h" #include "Network.h" // for IceIternal::Address diff --git a/cpp/src/Ice/UdpEndpointI.h b/cpp/src/Ice/UdpEndpointI.h index 333ffa5af7a..696a113dc71 100644 --- a/cpp/src/Ice/UdpEndpointI.h +++ b/cpp/src/Ice/UdpEndpointI.h @@ -7,7 +7,7 @@ #include "EndpointFactory.h" #include "IPEndpointI.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "IceUtil/Config.h" #include "Network.h" diff --git a/cpp/src/Ice/WSEndpoint.h b/cpp/src/Ice/WSEndpoint.h index a250214f56c..5118f48fb88 100644 --- a/cpp/src/Ice/WSEndpoint.h +++ b/cpp/src/Ice/WSEndpoint.h @@ -10,7 +10,7 @@ #include "IPEndpointIF.h" #include "Ice/Endpoint.h" #include "Ice/InstanceF.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "ProtocolInstance.h" #include diff --git a/cpp/src/Ice/ios/StreamEndpointI.h b/cpp/src/Ice/ios/StreamEndpointI.h index 8070a0bb59a..6a660a53bb3 100644 --- a/cpp/src/Ice/ios/StreamEndpointI.h +++ b/cpp/src/Ice/ios/StreamEndpointI.h @@ -14,7 +14,7 @@ # include "../ProtocolInstance.h" # include "../WSEndpoint.h" # include "Ice/InstanceF.h" -# include "Ice/ServerAuthenticationOptions.h" +# include "Ice/SSL/ServerAuthenticationOptions.h" # include "Ice/UniqueRef.h" # include diff --git a/cpp/src/Ice/msbuild/ice/ice.vcxproj b/cpp/src/Ice/msbuild/ice/ice.vcxproj index 4505bd53279..a8d42bb09a4 100644 --- a/cpp/src/Ice/msbuild/ice/ice.vcxproj +++ b/cpp/src/Ice/msbuild/ice/ice.vcxproj @@ -163,18 +163,6 @@ - - - - - - - - - - - - @@ -185,6 +173,18 @@ + + + + + + + + + + + + @@ -985,6 +985,21 @@ + + + + + + + + + + + + + + + @@ -1004,4 +1019,4 @@ - + \ No newline at end of file diff --git a/cpp/src/Ice/msbuild/ice/ice.vcxproj.filters b/cpp/src/Ice/msbuild/ice/ice.vcxproj.filters index 729e2302a28..242002bc7c0 100644 --- a/cpp/src/Ice/msbuild/ice/ice.vcxproj.filters +++ b/cpp/src/Ice/msbuild/ice/ice.vcxproj.filters @@ -71,7 +71,7 @@ {efb1387e-a41e-4b1e-958c-88d9bb342a60} - + {9e29ae46-f871-4a8f-aeee-60426e193a89} @@ -576,44 +576,44 @@ Source Files - - Source Files\IceSSL + + Source Files - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files\IceSSL + + Source Files\SSL - - Source Files + + Source Files\SSL @@ -1006,6 +1006,51 @@ Header Files + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + + + Source Files\SSL + @@ -1048,4 +1093,4 @@ Slice Files - + \ No newline at end of file diff --git a/cpp/src/IceGrid/AdminSessionI.cpp b/cpp/src/IceGrid/AdminSessionI.cpp index 9c43b00e53f..b4f7c772ad6 100644 --- a/cpp/src/IceGrid/AdminSessionI.cpp +++ b/cpp/src/IceGrid/AdminSessionI.cpp @@ -540,7 +540,7 @@ AdminSSLSessionManagerI::create(Glacier2::SSLInfo info, optionalgetSubjectDN(); } catch (const Ice::Exception& ex) diff --git a/cpp/src/IceGrid/InternalRegistryI.cpp b/cpp/src/IceGrid/InternalRegistryI.cpp index 587f2591dc3..053bcd17acf 100644 --- a/cpp/src/IceGrid/InternalRegistryI.cpp +++ b/cpp/src/IceGrid/InternalRegistryI.cpp @@ -4,7 +4,7 @@ #include "IceUtil/DisableWarnings.h" -#include "../IceSSL/RFC2253.h" +#include "../Ice/SSL/RFC2253.h" #include "Database.h" #include "FileCache.h" #include "Ice/Ice.h" @@ -65,7 +65,7 @@ InternalRegistryI::registerNode( { try { - auto sslConnInfo = dynamic_pointer_cast(current.con->getInfo()); + auto sslConnInfo = dynamic_pointer_cast(current.con->getInfo()); if (sslConnInfo) { if (sslConnInfo->certs.empty() || !sslConnInfo->certs[0]->getSubjectDN().match("CN=" + info->name)) @@ -138,7 +138,7 @@ InternalRegistryI::registerReplica( { try { - auto sslConnInfo = dynamic_pointer_cast(current.con->getInfo()); + auto sslConnInfo = dynamic_pointer_cast(current.con->getInfo()); if (sslConnInfo) { if (sslConnInfo->certs.empty() || !sslConnInfo->certs[0]->getSubjectDN().match("CN=" + info->name)) diff --git a/cpp/src/IceGrid/RegistryI.cpp b/cpp/src/IceGrid/RegistryI.cpp index f7dfadfade3..37741293685 100644 --- a/cpp/src/IceGrid/RegistryI.cpp +++ b/cpp/src/IceGrid/RegistryI.cpp @@ -1197,7 +1197,7 @@ RegistryI::getSSLInfo(const ConnectionPtr& connection, string& userDN) Glacier2::SSLInfo sslinfo; try { - auto info = dynamic_pointer_cast(connection->getInfo()); + auto info = dynamic_pointer_cast(connection->getInfo()); if (!info) { throw PermissionDeniedException("not ssl connection"); @@ -1217,7 +1217,7 @@ RegistryI::getSSLInfo(const ConnectionPtr& connection, string& userDN) userDN = info->certs[0]->getSubjectDN(); } } - catch (const IceSSL::CertificateEncodingException&) + catch (const Ice::SSL::CertificateEncodingException&) { throw PermissionDeniedException("certificate encoding exception"); } diff --git a/cpp/src/IceGrid/SessionI.cpp b/cpp/src/IceGrid/SessionI.cpp index bd8d037db04..14a9215b888 100644 --- a/cpp/src/IceGrid/SessionI.cpp +++ b/cpp/src/IceGrid/SessionI.cpp @@ -345,7 +345,7 @@ ClientSSLSessionManagerI::create( { try { - auto cert = IceSSL::Certificate::decode(info.certs[0]); + auto cert = Ice::SSL::Certificate::decode(info.certs[0]); userDN = cert->getSubjectDN(); } catch (const Ice::Exception& e) diff --git a/cpp/src/IceIAP/EndpointI.h b/cpp/src/IceIAP/EndpointI.h index cf4d3e4a47c..d164c7da30b 100644 --- a/cpp/src/IceIAP/EndpointI.h +++ b/cpp/src/IceIAP/EndpointI.h @@ -8,7 +8,7 @@ #include "../Ice/EndpointFactory.h" #include "../Ice/EndpointI.h" #include "../Ice/ProtocolInstanceF.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include diff --git a/cpp/src/IceSSL/SChannelEngineF.h b/cpp/src/IceSSL/SChannelEngineF.h deleted file mode 100644 index 9fcd4ea1962..00000000000 --- a/cpp/src/IceSSL/SChannelEngineF.h +++ /dev/null @@ -1,22 +0,0 @@ -// -// Copyright (c) ZeroC, Inc. All rights reserved. -// - -#ifndef ICESSL_SCHANNEL_ENGINE_F_H -#define ICESSL_SCHANNEL_ENGINE_F_H - -#ifdef _WIN32 - -# include "Ice/SChannel.h" - -# include - -namespace IceSSL::SChannel -{ - class SSLEngine; - using SSLEnginePtr = std::shared_ptr; -} - -#endif - -#endif diff --git a/cpp/test/Glacier2/ssl/Server.cpp b/cpp/test/Glacier2/ssl/Server.cpp index e8757d44966..34e91d632c4 100644 --- a/cpp/test/Glacier2/ssl/Server.cpp +++ b/cpp/test/Glacier2/ssl/Server.cpp @@ -52,14 +52,14 @@ class SSLPermissionsVerifierI final : public Glacier2::SSLPermissionsVerifier { testContext(true, current.adapter->getCommunicator(), current.ctx); - auto cert = IceSSL::Certificate::decode(info.certs[0]); + auto cert = Ice::SSL::Certificate::decode(info.certs[0]); test( cert->getIssuerDN() == - IceSSL::DistinguishedName( + Ice::SSL::DistinguishedName( "emailAddress=info@zeroc.com,C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=Ice Tests CA")); test( cert->getSubjectDN() == - IceSSL::DistinguishedName( + Ice::SSL::DistinguishedName( "emailAddress=info@zeroc.com,C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=client")); test(cert->checkValidity()); @@ -120,18 +120,18 @@ class SSLSessionManagerI final : public Glacier2::SSLSessionManager try { - auto cert = IceSSL::Certificate::decode(info.certs[0]); + auto cert = Ice::SSL::Certificate::decode(info.certs[0]); test( cert->getIssuerDN() == - IceSSL::DistinguishedName( + Ice::SSL::DistinguishedName( "emailAddress=info@zeroc.com,C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=Ice Tests CA")); test( cert->getSubjectDN() == - IceSSL::DistinguishedName( + Ice::SSL::DistinguishedName( "emailAddress=info@zeroc.com,C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=client")); test(cert->checkValidity()); } - catch (const IceSSL::CertificateReadException&) + catch (const Ice::SSL::CertificateReadException&) { test(false); } diff --git a/cpp/test/Ice/background/EndpointI.h b/cpp/test/Ice/background/EndpointI.h index 573d3f21172..8e383406853 100644 --- a/cpp/test/Ice/background/EndpointI.h +++ b/cpp/test/Ice/background/EndpointI.h @@ -7,7 +7,7 @@ #include "Configuration.h" #include "Ice/EndpointI.h" -#include "Ice/ServerAuthenticationOptions.h" +#include "Ice/SSL/ServerAuthenticationOptions.h" #include "Test.h" class EndpointI; diff --git a/cpp/test/Ice/info/AllTests.cpp b/cpp/test/Ice/info/AllTests.cpp index 5d70b9fe332..05114c8cd04 100644 --- a/cpp/test/Ice/info/AllTests.cpp +++ b/cpp/test/Ice/info/AllTests.cpp @@ -69,7 +69,7 @@ allTests(Test::TestHelper* helper) test( (ipEndpoint->type() == Ice::TCPEndpointType && dynamic_pointer_cast(info)) || - (ipEndpoint->type() == Ice::SSLEndpointType && dynamic_pointer_cast(info)) || + (ipEndpoint->type() == Ice::SSLEndpointType && dynamic_pointer_cast(info)) || (ipEndpoint->type() == Ice::WSEndpointType && dynamic_pointer_cast(info)) || (ipEndpoint->type() == Ice::WSSEndpointType && dynamic_pointer_cast(info))); @@ -235,7 +235,7 @@ allTests(Test::TestHelper* helper) if (testIntf->ice_getConnection()->type() == "wss") { - IceSSL::ConnectionInfoPtr wssinfo = dynamic_pointer_cast(wsinfo->underlying); + auto wssinfo = dynamic_pointer_cast(wsinfo->underlying); #if TARGET_OS_IPHONE == 0 test(!wssinfo->certs.empty()); #endif diff --git a/cpp/test/IceGrid/session/Server.cpp b/cpp/test/IceGrid/session/Server.cpp index 3fc584031df..536a8c35a1b 100644 --- a/cpp/test/IceGrid/session/Server.cpp +++ b/cpp/test/IceGrid/session/Server.cpp @@ -31,14 +31,14 @@ class SSLPermissionsVerifierI final : public Glacier2::SSLPermissionsVerifier throw Glacier2::PermissionDeniedException("reason"); } test(info.certs.size() > 0); - auto cert = IceSSL::Certificate::decode(info.certs[0]); + auto cert = Ice::SSL::Certificate::decode(info.certs[0]); test( cert->getIssuerDN() == - IceSSL::DistinguishedName( + Ice::SSL::DistinguishedName( "emailAddress=info@zeroc.com,C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=Ice Tests CA")); test( cert->getSubjectDN() == - IceSSL::DistinguishedName( + Ice::SSL::DistinguishedName( "emailAddress=info@zeroc.com,C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=client")); test(cert->checkValidity()); diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp index 83b78e23f28..fb0dde072b9 100644 --- a/cpp/test/IceSSL/configuration/AllTests.cpp +++ b/cpp/test/IceSSL/configuration/AllTests.cpp @@ -17,7 +17,7 @@ #if defined(__APPLE__) # include # if TARGET_OS_IPHONE != 0 -# include "IceSSL/SecureTransportUtil.h" // For loadCertificateChain +# include "Ice/SSL/SecureTransportUtil.h" // For loadCertificateChain # endif #endif @@ -181,10 +181,10 @@ class ImportCerts for (int i = 0; certificates[i] != 0; ++i) { string resolved; - if (IceSSL::checkPath(certificates[i], defaultDir, false, resolved)) + if (Ice::SSL::checkPath(certificates[i], defaultDir, false, resolved)) { IceInternal::UniqueRef certs( - IceSSL::SecureTransport::loadCertificateChain(resolved, "", "", "", "password")); + Ice::SSL::SecureTransport::loadCertificateChain(resolved, "", "", "", "password")); SecIdentityRef identity = static_cast(const_cast(CFArrayGetValueAtIndex(certs.get(), 0))); CFRetain(identity); @@ -210,7 +210,7 @@ class ImportCerts // for(int i = 0; i < CFArrayGetCount(array); ++i) // { // printf("Cert %d: %s\n", i, (new - // IceSSL::Certificate((SecCertificateRef)CFArrayGetValueAtIndex(array, i)))->toString().c_str()); + // Ice::SSL::Certificate((SecCertificateRef)CFArrayGetValueAtIndex(array, i)))->toString().c_str()); // } } } @@ -363,7 +363,7 @@ createClientProps(const Ice::PropertiesPtr& defaultProps, bool p12, const string } void -verify(const IceSSL::CertificatePtr& cert, const IceSSL::CertificatePtr& ca) +verify(const Ice::SSL::CertificatePtr& cert, const Ice::SSL::CertificatePtr& ca) { cerr << "Verify signature: "; if (cert->verify(ca)) @@ -404,7 +404,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) string sep = ":"; #endif - IceSSL::ConnectionInfoPtr info; + Ice::SSL::ConnectionInfoPtr info; cout << "testing certificate verification... " << flush; { @@ -534,9 +534,10 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) try { #if defined(_WIN32) && defined(ICE_USE_OPENSSL) - IceSSL::CertificatePtr clientCert = IceSSL::OpenSSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); + Ice::SSL::CertificatePtr clientCert = + Ice::SSL::OpenSSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); #else - IceSSL::CertificatePtr clientCert = IceSSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); + Ice::SSL::CertificatePtr clientCert = Ice::SSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); #endif server->checkCert(clientCert->getSubjectDN().toString(), clientCert->getIssuerDN().toString()); @@ -547,11 +548,12 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) // Validate some aspects of the Certificate class. // #if defined(_WIN32) && defined(ICE_USE_OPENSSL) - IceSSL::CertificatePtr serverCert = IceSSL::OpenSSL::Certificate::load(defaultDir + "/s_rsa_ca1_pub.pem"); - test(Ice::targetEqualTo(IceSSL::OpenSSL::Certificate::decode(serverCert->encode()), serverCert)); + Ice::SSL::CertificatePtr serverCert = + Ice::SSL::OpenSSL::Certificate::load(defaultDir + "/s_rsa_ca1_pub.pem"); + test(Ice::targetEqualTo(Ice::SSL::OpenSSL::Certificate::decode(serverCert->encode()), serverCert)); #else - IceSSL::CertificatePtr serverCert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_pub.pem"); - test(Ice::targetEqualTo(IceSSL::Certificate::decode(serverCert->encode()), serverCert)); + Ice::SSL::CertificatePtr serverCert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_pub.pem"); + test(Ice::targetEqualTo(Ice::SSL::Certificate::decode(serverCert->encode()), serverCert)); #endif test(Ice::targetEqualTo(serverCert, serverCert)); #if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 @@ -561,11 +563,11 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) #endif #if defined(_WIN32) && defined(ICE_USE_OPENSSL) - IceSSL::CertificatePtr caCert = IceSSL::OpenSSL::Certificate::load(defaultDir + "/cacert1.pem"); - IceSSL::CertificatePtr caCert2 = IceSSL::OpenSSL::Certificate::load(defaultDir + "/cacert2.pem"); + Ice::SSL::CertificatePtr caCert = Ice::SSL::OpenSSL::Certificate::load(defaultDir + "/cacert1.pem"); + Ice::SSL::CertificatePtr caCert2 = Ice::SSL::OpenSSL::Certificate::load(defaultDir + "/cacert2.pem"); #else - IceSSL::CertificatePtr caCert = IceSSL::Certificate::load(defaultDir + "/cacert1.pem"); - IceSSL::CertificatePtr caCert2 = IceSSL::Certificate::load(defaultDir + "/cacert2.pem"); + Ice::SSL::CertificatePtr caCert = Ice::SSL::Certificate::load(defaultDir + "/cacert1.pem"); + Ice::SSL::CertificatePtr caCert2 = Ice::SSL::Certificate::load(defaultDir + "/cacert2.pem"); #endif test(Ice::targetEqualTo(caCert, caCert)); #if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 @@ -579,7 +581,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) test(!serverCert->verify(caCert2)); test(caCert->verify(caCert)); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); + info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); // TODO provide the peer certificate. /*test(info->certs.size() == 2); @@ -617,9 +619,10 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) try { #if defined(_WIN32) && defined(ICE_USE_OPENSSL) - IceSSL::CertificatePtr clientCert = IceSSL::OpenSSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); + Ice::SSL::CertificatePtr clientCert = + Ice::SSL::OpenSSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); #else - IceSSL::CertificatePtr clientCert = IceSSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); + Ice::SSL::CertificatePtr clientCert = Ice::SSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); #endif server->checkCert(clientCert->getSubjectDN().toString(), clientCert->getIssuerDN().toString()); } @@ -981,64 +984,64 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) for (int i = 0; certificates[i] != 0; ++i) { - IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + certificates[i]); + Ice::SSL::CertificatePtr cert = Ice::SSL::Certificate::load(defaultDir + certificates[i]); test(toHexString(cert->getAuthorityKeyIdentifier()) == authorities[i]); test(toHexString(cert->getSubjectKeyIdentifier()) == subjects[i]); } - IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + "/cacert1.pem"); + Ice::SSL::CertificatePtr cert = Ice::SSL::Certificate::load(defaultDir + "/cacert1.pem"); unsigned int keyUsage = cert->getKeyUsage(); test( keyUsage == - (IceSSL::KEY_USAGE_DIGITAL_SIGNATURE | IceSSL::KEY_USAGE_KEY_CERT_SIGN | IceSSL::KEY_USAGE_CRL_SIGN)); + (Ice::SSL::KEY_USAGE_DIGITAL_SIGNATURE | Ice::SSL::KEY_USAGE_KEY_CERT_SIGN | Ice::SSL::KEY_USAGE_CRL_SIGN)); // Digital Signature, Certificate Sign, CRL Sign - cert = IceSSL::Certificate::load(defaultDir + "/cacert3.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/cacert3.pem"); keyUsage = cert->getKeyUsage(); test( keyUsage == - (IceSSL::KEY_USAGE_DIGITAL_SIGNATURE | IceSSL::KEY_USAGE_KEY_CERT_SIGN | IceSSL::KEY_USAGE_CRL_SIGN)); + (Ice::SSL::KEY_USAGE_DIGITAL_SIGNATURE | Ice::SSL::KEY_USAGE_KEY_CERT_SIGN | Ice::SSL::KEY_USAGE_CRL_SIGN)); // Digital Signature, Certificate Sign, CRL Sign - cert = IceSSL::Certificate::load(defaultDir + "/cacert4.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/cacert4.pem"); keyUsage = cert->getKeyUsage(); test( keyUsage == - (IceSSL::KEY_USAGE_DIGITAL_SIGNATURE | IceSSL::KEY_USAGE_KEY_CERT_SIGN | IceSSL::KEY_USAGE_CRL_SIGN)); + (Ice::SSL::KEY_USAGE_DIGITAL_SIGNATURE | Ice::SSL::KEY_USAGE_KEY_CERT_SIGN | Ice::SSL::KEY_USAGE_CRL_SIGN)); } { - IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + "/rsa_ca1_none_pub.pem"); + Ice::SSL::CertificatePtr cert = Ice::SSL::Certificate::load(defaultDir + "/rsa_ca1_none_pub.pem"); unsigned int keyUsage = cert->getExtendedKeyUsage(); test(keyUsage == 0); - cert = IceSSL::Certificate::load(defaultDir + "/rsa_ca1_serverAuth_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/rsa_ca1_serverAuth_pub.pem"); keyUsage = cert->getExtendedKeyUsage(); - test(keyUsage == IceSSL::EXTENDED_KEY_USAGE_SERVER_AUTH); + test(keyUsage == Ice::SSL::EXTENDED_KEY_USAGE_SERVER_AUTH); - cert = IceSSL::Certificate::load(defaultDir + "/rsa_ca1_clientAuth_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/rsa_ca1_clientAuth_pub.pem"); keyUsage = cert->getExtendedKeyUsage(); - test(keyUsage == IceSSL::EXTENDED_KEY_USAGE_CLIENT_AUTH); + test(keyUsage == Ice::SSL::EXTENDED_KEY_USAGE_CLIENT_AUTH); - cert = IceSSL::Certificate::load(defaultDir + "/rsa_ca1_codeSigning_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/rsa_ca1_codeSigning_pub.pem"); keyUsage = cert->getExtendedKeyUsage(); - test(keyUsage == IceSSL::EXTENDED_KEY_USAGE_CODE_SIGNING); + test(keyUsage == Ice::SSL::EXTENDED_KEY_USAGE_CODE_SIGNING); - cert = IceSSL::Certificate::load(defaultDir + "/rsa_ca1_emailProtection_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/rsa_ca1_emailProtection_pub.pem"); keyUsage = cert->getExtendedKeyUsage(); - test(keyUsage == IceSSL::EXTENDED_KEY_USAGE_EMAIL_PROTECTION); + test(keyUsage == Ice::SSL::EXTENDED_KEY_USAGE_EMAIL_PROTECTION); - cert = IceSSL::Certificate::load(defaultDir + "/rsa_ca1_timeStamping_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/rsa_ca1_timeStamping_pub.pem"); keyUsage = cert->getExtendedKeyUsage(); - test(keyUsage == IceSSL::EXTENDED_KEY_USAGE_TIME_STAMPING); + test(keyUsage == Ice::SSL::EXTENDED_KEY_USAGE_TIME_STAMPING); - cert = IceSSL::Certificate::load(defaultDir + "/rsa_ca1_ocspSigning_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/rsa_ca1_ocspSigning_pub.pem"); keyUsage = cert->getExtendedKeyUsage(); - test(keyUsage == IceSSL::EXTENDED_KEY_USAGE_OCSP_SIGNING); + test(keyUsage == Ice::SSL::EXTENDED_KEY_USAGE_OCSP_SIGNING); - cert = IceSSL::Certificate::load(defaultDir + "/rsa_ca1_anyExtendedKeyUsage_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/rsa_ca1_anyExtendedKeyUsage_pub.pem"); keyUsage = cert->getExtendedKeyUsage(); - test(keyUsage == IceSSL::EXTENDED_KEY_USAGE_ANY_KEY_USAGE); + test(keyUsage == Ice::SSL::EXTENDED_KEY_USAGE_ANY_KEY_USAGE); } { @@ -1046,45 +1049,45 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) vector> expectedAltNames; expectedAltNames.push_back(make_pair(7, "127.0.0.1")); expectedAltNames.push_back(make_pair(2, "client")); - IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); + Ice::SSL::CertificatePtr cert = Ice::SSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); // Digital Signature, Non Repudiation, Key Encipherment unsigned int keyUsage = cert->getKeyUsage(); test( - keyUsage == (IceSSL::KEY_USAGE_DIGITAL_SIGNATURE | IceSSL::KEY_USAGE_NON_REPUDIATION | - IceSSL::KEY_USAGE_KEY_ENCIPHERMENT)); + keyUsage == (Ice::SSL::KEY_USAGE_DIGITAL_SIGNATURE | Ice::SSL::KEY_USAGE_NON_REPUDIATION | + Ice::SSL::KEY_USAGE_KEY_ENCIPHERMENT)); expectedAltNames.clear(); expectedAltNames.push_back(make_pair(7, "127.0.0.1")); expectedAltNames.push_back(make_pair(2, "server")); - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); keyUsage = cert->getKeyUsage(); test( - keyUsage == (IceSSL::KEY_USAGE_DIGITAL_SIGNATURE | IceSSL::KEY_USAGE_NON_REPUDIATION | - IceSSL::KEY_USAGE_KEY_ENCIPHERMENT)); + keyUsage == (Ice::SSL::KEY_USAGE_DIGITAL_SIGNATURE | Ice::SSL::KEY_USAGE_NON_REPUDIATION | + Ice::SSL::KEY_USAGE_KEY_ENCIPHERMENT)); expectedAltNames.clear(); expectedAltNames.push_back(make_pair(2, "localhost")); - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn1_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn1_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); expectedAltNames.clear(); expectedAltNames.push_back(make_pair(2, "localhostXX")); - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn2_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn2_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); expectedAltNames.clear(); expectedAltNames.push_back(make_pair(7, "127.0.0.1")); - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn6_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn6_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); expectedAltNames.clear(); expectedAltNames.push_back(make_pair(7, "127.0.0.2")); - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn7_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn7_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn8_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn8_pub.pem"); test(cert->getSubjectAlternativeNames().empty()); expectedAltNames.clear(); @@ -1093,13 +1096,13 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) # ifdef ICE_USE_SECURE_TRANSPORT expectedAltNames.push_back(make_pair(7, "0000:0000:0000:0000:0000:0000:0000:0001")); # endif - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn9_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn9_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); expectedAltNames.clear(); expectedAltNames.push_back(make_pair(2, "host1")); expectedAltNames.push_back(make_pair(2, "host2")); - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn10_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn10_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); expectedAltNames.clear(); @@ -1107,7 +1110,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) expectedAltNames.push_back(make_pair(7, "127.0.0.2")); expectedAltNames.push_back(make_pair(2, "host1")); expectedAltNames.push_back(make_pair(2, "host2")); - cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn11_pub.pem"); + cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_cn11_pub.pem"); test(cert->getSubjectAlternativeNames() == expectedAltNames); # endif } @@ -1271,11 +1274,11 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) const string customExt413 = "30:17:01:01:FF:0C:0E:4D:79:20:55:54:46:38:20:53:74:72:69:6E:67:02:02:03:FF"; - IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + "/cacert_custom.pem"); - vector extensions = cert->getX509Extensions(); + Ice::SSL::CertificatePtr cert = Ice::SSL::Certificate::load(defaultDir + "/cacert_custom.pem"); + vector extensions = cert->getX509Extensions(); test(extensions.size() == 7); - IceSSL::X509ExtensionPtr ext = cert->getX509Extension("2.5.29.19"); // Subject key identifier + Ice::SSL::X509ExtensionPtr ext = cert->getX509Extension("2.5.29.19"); // Subject key identifier test(ext); test(toHexString(ext->getData()) == basicConstraints); test(ext->getOID() == "2.5.29.19"); @@ -1327,7 +1330,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) // #if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 { - IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + "/s_rsa_ca1_exp_pub.pem"); + Ice::SSL::CertificatePtr cert = Ice::SSL::Certificate::load(defaultDir + "/s_rsa_ca1_exp_pub.pem"); test(!cert->checkValidity()); } #endif @@ -1361,7 +1364,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) // #if !defined(__APPLE__) || TARGET_OS_IPHONE == 0 { - IceSSL::CertificatePtr cert = IceSSL::Certificate::load(defaultDir + "/c_rsa_ca1_exp_pub.pem"); + Ice::SSL::CertificatePtr cert = Ice::SSL::Certificate::load(defaultDir + "/c_rsa_ca1_exp_pub.pem"); test(!cert->checkValidity()); } #endif @@ -2562,7 +2565,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) optional server = fact->createServer(d); server->ice_ping(); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); + info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); fact->destroyServer(server); comm->destroy(); @@ -2582,7 +2585,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server = fact->createServer(d); server->ice_ping(); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); + info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); fact->destroyServer(server); comm->destroy(); @@ -2601,7 +2604,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) // Revoked certificate is accepted because IceSSL.RevocationCheck=0 disable revocation checks server->ice_ping(); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); + info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); fact->destroyServer(server); comm->destroy(); @@ -2680,7 +2683,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server = fact->createServer(d); server->ice_ping(); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); + info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); fact->destroyServer(server); comm->destroy(); @@ -2710,7 +2713,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) optional server = fact->createServer(d); server->ice_ping(); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); + info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); fact->destroyServer(server); comm->destroy(); @@ -2746,7 +2749,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server = fact->createServer(d); server->ice_ping(); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); + info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); fact->destroyServer(server); comm->destroy(); @@ -2794,7 +2797,7 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) server = fact->createServer(d); server->ice_ping(); - info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); + info = dynamic_pointer_cast(server->ice_getConnection()->getInfo()); fact->destroyServer(server); comm->destroy(); # endif diff --git a/cpp/test/IceSSL/configuration/TestI.cpp b/cpp/test/IceSSL/configuration/TestI.cpp index b3269407f05..f9dfb1fdc6f 100644 --- a/cpp/test/IceSSL/configuration/TestI.cpp +++ b/cpp/test/IceSSL/configuration/TestI.cpp @@ -16,7 +16,7 @@ ServerI::noCert(const Ice::Current& c) { try { - IceSSL::ConnectionInfoPtr info = dynamic_pointer_cast(c.con->getInfo()); + Ice::SSL::ConnectionInfoPtr info = dynamic_pointer_cast(c.con->getInfo()); test(info->certs.size() == 0); } catch (const Ice::LocalException& ex) @@ -33,11 +33,11 @@ ServerI::checkCert(string, string, const Ice::Current&) /* try { - IceSSL::ConnectionInfoPtr info = dynamic_pointer_cast(c.con->getInfo()); + Ice::SSL::ConnectionInfoPtr info = dynamic_pointer_cast(c.con->getInfo()); test(info->certs.size() == 2); - test(info->certs[0]->getSubjectDN() == IceSSL::DistinguishedName(subjectDN)); - test(info->certs[0]->getIssuerDN() == IceSSL::DistinguishedName(issuerDN)); + test(info->certs[0]->getSubjectDN() == Ice::SSL::DistinguishedName(subjectDN)); + test(info->certs[0]->getIssuerDN() == Ice::SSL::DistinguishedName(issuerDN)); } catch (const Ice::LocalException&) { diff --git a/csharp/src/Ice/Internal/Instance.cs b/csharp/src/Ice/Internal/Instance.cs index aef9daccf5b..dd1afdaf304 100644 --- a/csharp/src/Ice/Internal/Instance.cs +++ b/csharp/src/Ice/Internal/Instance.cs @@ -963,7 +963,7 @@ internal void initialize(Ice.Communicator communicator, Ice.InitializationData i _networkProxy = createNetworkProxy(_initData.properties, _protocolSupport); - _sslEngine = new IceSSL.SSLEngine(communicator); + _sslEngine = new Ice.SSL.SSLEngine(communicator); _endpointFactoryManager = new EndpointFactoryManager(this); @@ -976,8 +976,8 @@ internal void initialize(Ice.Communicator communicator, Ice.InitializationData i ProtocolInstance wsInstance = new ProtocolInstance(this, Ice.WSEndpointType.value, "ws", false); _endpointFactoryManager.add(new WSEndpointFactory(wsInstance, Ice.TCPEndpointType.value)); - var sslInstance = new IceSSL.Instance(_sslEngine, Ice.SSLEndpointType.value, "ssl"); - _endpointFactoryManager.add(new IceSSL.EndpointFactoryI(sslInstance, Ice.TCPEndpointType.value)); + var sslInstance = new Ice.SSL.Instance(_sslEngine, Ice.SSLEndpointType.value, "ssl"); + _endpointFactoryManager.add(new Ice.SSL.EndpointFactoryI(sslInstance, Ice.TCPEndpointType.value)); ProtocolInstance wssInstance = new ProtocolInstance(this, Ice.WSSEndpointType.value, "wss", true); _endpointFactoryManager.add(new WSEndpointFactory(wssInstance, Ice.SSLEndpointType.value)); @@ -1609,7 +1609,7 @@ private NetworkProxy createNetworkProxy(Ice.Properties props, int protocolSuppor private HashSet _adminFacetFilter = new(); private Ice.Identity _adminIdentity; private Dictionary _setBufSizeWarn = new(); - private IceSSL.SSLEngine _sslEngine; + private Ice.SSL.SSLEngine _sslEngine; private static bool _printProcessIdDone; private static bool _oneOffDone; private static readonly object _staticLock = new object(); diff --git a/csharp/src/Ice/IceSSL/AcceptorI.cs b/csharp/src/Ice/SSL/AcceptorI.cs similarity index 99% rename from csharp/src/Ice/IceSSL/AcceptorI.cs rename to csharp/src/Ice/SSL/AcceptorI.cs index b2477fc1f5d..b882035d14c 100644 --- a/csharp/src/Ice/IceSSL/AcceptorI.cs +++ b/csharp/src/Ice/SSL/AcceptorI.cs @@ -3,7 +3,7 @@ using System.Net.Security; using System.Security.Cryptography.X509Certificates; -namespace IceSSL; +namespace Ice.SSL; internal class AcceptorI : Ice.Internal.Acceptor { diff --git a/csharp/src/Ice/IceSSL/ConnectionInfo.cs b/csharp/src/Ice/SSL/ConnectionInfo.cs similarity index 97% rename from csharp/src/Ice/IceSSL/ConnectionInfo.cs rename to csharp/src/Ice/SSL/ConnectionInfo.cs index a351db9adf3..12db7d14e4e 100644 --- a/csharp/src/Ice/IceSSL/ConnectionInfo.cs +++ b/csharp/src/Ice/SSL/ConnectionInfo.cs @@ -2,7 +2,7 @@ using System.Security.Cryptography.X509Certificates; -namespace IceSSL; +namespace Ice.SSL; public class ConnectionInfo : Ice.ConnectionInfo { diff --git a/csharp/src/Ice/IceSSL/ConnectorI.cs b/csharp/src/Ice/SSL/ConnectorI.cs similarity index 98% rename from csharp/src/Ice/IceSSL/ConnectorI.cs rename to csharp/src/Ice/SSL/ConnectorI.cs index 84cede2067f..d94f3f3ca4c 100644 --- a/csharp/src/Ice/IceSSL/ConnectorI.cs +++ b/csharp/src/Ice/SSL/ConnectorI.cs @@ -1,6 +1,6 @@ // Copyright (c) ZeroC, Inc. -namespace IceSSL; +namespace Ice.SSL; internal sealed class ConnectorI : Ice.Internal.Connector { diff --git a/csharp/src/Ice/IceSSL/EndpointI.cs b/csharp/src/Ice/SSL/EndpointI.cs similarity index 99% rename from csharp/src/Ice/IceSSL/EndpointI.cs rename to csharp/src/Ice/SSL/EndpointI.cs index 8f7dbc2f6bc..d05274bc825 100644 --- a/csharp/src/Ice/IceSSL/EndpointI.cs +++ b/csharp/src/Ice/SSL/EndpointI.cs @@ -2,7 +2,7 @@ using System.Net.Security; -namespace IceSSL; +namespace Ice.SSL; internal sealed class EndpointI : Ice.Internal.EndpointI { diff --git a/csharp/src/Ice/IceSSL/EndpointInfo.cs b/csharp/src/Ice/SSL/EndpointInfo.cs similarity index 93% rename from csharp/src/Ice/IceSSL/EndpointInfo.cs rename to csharp/src/Ice/SSL/EndpointInfo.cs index b798bdd4c18..84eac947421 100644 --- a/csharp/src/Ice/IceSSL/EndpointInfo.cs +++ b/csharp/src/Ice/SSL/EndpointInfo.cs @@ -1,6 +1,6 @@ // Copyright (c) ZeroC, Inc. -namespace IceSSL; +namespace Ice.SSL; public abstract class EndpointInfo : Ice.EndpointInfo { diff --git a/csharp/src/Ice/IceSSL/Instance.cs b/csharp/src/Ice/SSL/Instance.cs similarity index 98% rename from csharp/src/Ice/IceSSL/Instance.cs rename to csharp/src/Ice/SSL/Instance.cs index ff636d5508a..be54ac7c541 100644 --- a/csharp/src/Ice/IceSSL/Instance.cs +++ b/csharp/src/Ice/SSL/Instance.cs @@ -3,7 +3,7 @@ using System.Net.Security; using System.Security.Cryptography.X509Certificates; -namespace IceSSL; +namespace Ice.SSL; internal class Instance : Ice.Internal.ProtocolInstance { diff --git a/csharp/src/Ice/IceSSL/RFC2253.cs b/csharp/src/Ice/SSL/RFC2253.cs similarity index 99% rename from csharp/src/Ice/IceSSL/RFC2253.cs rename to csharp/src/Ice/SSL/RFC2253.cs index 2766e5a6475..927df9dbcf2 100644 --- a/csharp/src/Ice/IceSSL/RFC2253.cs +++ b/csharp/src/Ice/SSL/RFC2253.cs @@ -6,11 +6,11 @@ // // See RFC 2253 and RFC 1779. // -namespace IceSSL; +namespace Ice.SSL; internal class RFC2253 { - public class ParseException : Exception + public class ParseException : System.Exception { public ParseException(string reason) => this.reason = reason; diff --git a/csharp/src/Ice/IceSSL/SSLEngine.cs b/csharp/src/Ice/SSL/SSLEngine.cs similarity index 99% rename from csharp/src/Ice/IceSSL/SSLEngine.cs rename to csharp/src/Ice/SSL/SSLEngine.cs index a260bfd0eef..3fc97e5d6ba 100644 --- a/csharp/src/Ice/IceSSL/SSLEngine.cs +++ b/csharp/src/Ice/SSL/SSLEngine.cs @@ -8,7 +8,7 @@ using System.Security.Cryptography.X509Certificates; using System.Text; -namespace IceSSL; +namespace Ice.SSL; internal class SSLEngine { diff --git a/csharp/src/Ice/IceSSL/TransceiverI.cs b/csharp/src/Ice/SSL/TransceiverI.cs similarity index 99% rename from csharp/src/Ice/IceSSL/TransceiverI.cs rename to csharp/src/Ice/SSL/TransceiverI.cs index e968cd4a679..9f464dff7f1 100644 --- a/csharp/src/Ice/IceSSL/TransceiverI.cs +++ b/csharp/src/Ice/SSL/TransceiverI.cs @@ -6,7 +6,7 @@ using System.Security.Authentication; using System.Security.Cryptography.X509Certificates; -namespace IceSSL; +namespace Ice.SSL; internal sealed class TransceiverI : Ice.Internal.Transceiver { diff --git a/csharp/src/Ice/IceSSL/TrustManager.cs b/csharp/src/Ice/SSL/TrustManager.cs similarity index 99% rename from csharp/src/Ice/IceSSL/TrustManager.cs rename to csharp/src/Ice/SSL/TrustManager.cs index 0ddd64f7de2..bd62f539f47 100644 --- a/csharp/src/Ice/IceSSL/TrustManager.cs +++ b/csharp/src/Ice/SSL/TrustManager.cs @@ -4,7 +4,7 @@ using System.Security.Cryptography.X509Certificates; using System.Text; -namespace IceSSL; +namespace Ice.SSL; internal sealed class TrustManager { diff --git a/csharp/test/Ice/info/AllTests.cs b/csharp/test/Ice/info/AllTests.cs index befbcea2ea4..4c883af4a93 100644 --- a/csharp/test/Ice/info/AllTests.cs +++ b/csharp/test/Ice/info/AllTests.cs @@ -58,7 +58,7 @@ public static void allTests(global::Test.TestHelper helper) tcpEndpoint.type() == Ice.WSEndpointType.value && !tcpEndpoint.secure() || tcpEndpoint.type() == Ice.WSSEndpointType.value && tcpEndpoint.secure()); test(tcpEndpoint.type() == Ice.TCPEndpointType.value && info is Ice.TCPEndpointInfo || - tcpEndpoint.type() == Ice.SSLEndpointType.value && info is IceSSL.EndpointInfo || + tcpEndpoint.type() == Ice.SSLEndpointType.value && info is Ice.SSL.EndpointInfo || tcpEndpoint.type() == Ice.WSEndpointType.value && info is Ice.WSEndpointInfo || tcpEndpoint.type() == Ice.WSSEndpointType.value && info is Ice.WSEndpointInfo); diff --git a/csharp/test/IceSSL/configuration/AllTests.cs b/csharp/test/IceSSL/configuration/AllTests.cs index 7527147670c..719dcbe5464 100644 --- a/csharp/test/IceSSL/configuration/AllTests.cs +++ b/csharp/test/IceSSL/configuration/AllTests.cs @@ -215,7 +215,7 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string test try { server.noCert(); - test(((IceSSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified); + test(((Ice.SSL.ConnectionInfo)server.ice_getConnection().getInfo()).verified); } catch (Ice.LocalException ex) { @@ -292,7 +292,7 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string test new X509Certificate2(defaultDir + "/s_rsa_ca1.p12", "password"); X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem"); - IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo(); + Ice.SSL.ConnectionInfo info = (Ice.SSL.ConnectionInfo)server.ice_getConnection().getInfo(); test(info.certs.Length == 1); test(info.verified); @@ -737,7 +737,7 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string test clientCommunicator.stringToProxy(serverCommunicator.proxyToString(proxy))); pingable.ping(); - IceSSL.ConnectionInfo connectionInfo = pingable.ice_getCachedConnection().getInfo() as IceSSL.ConnectionInfo; + Ice.SSL.ConnectionInfo connectionInfo = pingable.ice_getCachedConnection().getInfo() as Ice.SSL.ConnectionInfo; test(connectionInfo is not null); test(connectionInfo.verified); test(connectionInfo.certs.Length == 1); @@ -781,7 +781,7 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string test PingablePrx pingable = PingablePrxHelper.uncheckedCast(clientCommunicator.stringToProxy(serverCommunicator.proxyToString(proxy))); pingable.ping(); - IceSSL.ConnectionInfo connectionInfo = pingable.ice_getCachedConnection().getInfo() as IceSSL.ConnectionInfo; + Ice.SSL.ConnectionInfo connectionInfo = pingable.ice_getCachedConnection().getInfo() as Ice.SSL.ConnectionInfo; test(connectionInfo is not null); test(connectionInfo.verified); test(connectionInfo.certs.Length == 1); @@ -1813,7 +1813,7 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string test { try { - IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)p.ice_getConnection().getInfo().underlying; + Ice.SSL.ConnectionInfo info = (Ice.SSL.ConnectionInfo)p.ice_getConnection().getInfo().underlying; test(info.verified); break; } diff --git a/csharp/test/IceSSL/configuration/TestI.cs b/csharp/test/IceSSL/configuration/TestI.cs index 733d4c56b4c..db560eeb4bd 100644 --- a/csharp/test/IceSSL/configuration/TestI.cs +++ b/csharp/test/IceSSL/configuration/TestI.cs @@ -15,7 +15,7 @@ public override void { try { - IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); + Ice.SSL.ConnectionInfo info = (Ice.SSL.ConnectionInfo)current.con.getInfo(); test(info.certs.Length == 0); } catch (Ice.LocalException) @@ -29,7 +29,7 @@ public override void { try { - IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); + Ice.SSL.ConnectionInfo info = (Ice.SSL.ConnectionInfo)current.con.getInfo(); test(info.verified); test(info.certs.Length == 1 && info.certs[0].Subject.Equals(subjectDN) && @@ -46,7 +46,7 @@ public override void { try { - IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo(); + Ice.SSL.ConnectionInfo info = (Ice.SSL.ConnectionInfo)current.con.getInfo(); test(info.cipher.Equals(cipher)); } catch (Ice.LocalException) diff --git a/java/src/Ice/src/main/java/com/zeroc/Ice/Communicator.java b/java/src/Ice/src/main/java/com/zeroc/Ice/Communicator.java index c8b80809b92..6b716f86a51 100644 --- a/java/src/Ice/src/main/java/com/zeroc/Ice/Communicator.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/Communicator.java @@ -163,10 +163,10 @@ java.util.Map proxyToProperty( * * @param name The object adapter name. * @param sslEngineFactory The SSL engine factory used by the server-side ssl transport of the new - * object adapter. When set to a non-null value all IceSSL configuration properties are + * object adapter. When set to a non-null value all Ice.SSL configuration properties are * ignored, and any SSL configuration must be done through the SSLEngineFactory. Pass null if * the object adapter does not use secure endpoints, or if the ssl transport is configured - * through IceSSL configuration properties. Passing null is equivalent to calling {@link + * through Ice.SSL configuration properties. Passing null is equivalent to calling {@link * createObjectAdapterWithEndpoints(String, String)}. * @return The new object adapter. * @see #createObjectAdapterWithEndpoints @@ -174,7 +174,7 @@ java.util.Map proxyToProperty( * @see Properties */ ObjectAdapter createObjectAdapter( - String name, com.zeroc.IceSSL.SSLEngineFactory sslEngineFactory); + String name, com.zeroc.Ice.SSL.SSLEngineFactory sslEngineFactory); /** * Create a new object adapter with endpoints. This operation sets the property @@ -200,10 +200,10 @@ ObjectAdapter createObjectAdapter( * @param name The object adapter name. * @param endpoints The endpoints for the object adapter. * @param sslEngineFactory The SSL engine factory used by the server-side ssl transport of the new - * object adapter. When set to a non-null value all IceSSL configuration properties are + * object adapter. When set to a non-null value all Ice.SSL configuration properties are * ignored, and any SSL configuration must be done through the SSLEngineFactory. Pass null if * the object adapter does not use secure endpoints, or if the ssl transport is configured - * through IceSSL configuration properties. Passing null is equivalent to calling {@link + * through Ice.SSL configuration properties. Passing null is equivalent to calling {@link * createObjectAdapterWithEndpoints(String, String)}. * @return The new object adapter. * @see #createObjectAdapter @@ -211,7 +211,7 @@ ObjectAdapter createObjectAdapter( * @see Properties */ ObjectAdapter createObjectAdapterWithEndpoints( - String name, String endpoints, com.zeroc.IceSSL.SSLEngineFactory sslEngineFactory); + String name, String endpoints, com.zeroc.Ice.SSL.SSLEngineFactory sslEngineFactory); /** * Create a new object adapter with a router. This operation creates a routed object adapter. diff --git a/java/src/Ice/src/main/java/com/zeroc/Ice/CommunicatorI.java b/java/src/Ice/src/main/java/com/zeroc/Ice/CommunicatorI.java index a9ed5e33371..4a4c0df0edc 100644 --- a/java/src/Ice/src/main/java/com/zeroc/Ice/CommunicatorI.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/CommunicatorI.java @@ -75,7 +75,7 @@ public ObjectAdapter createObjectAdapter(String name) { @Override public ObjectAdapter createObjectAdapter( - String name, com.zeroc.IceSSL.SSLEngineFactory sslEngineFactory) { + String name, com.zeroc.Ice.SSL.SSLEngineFactory sslEngineFactory) { if (name.length() == 0 && sslEngineFactory != null) { throw new IllegalArgumentException("name cannot be empty when using an SSLEngineFactory"); } @@ -89,7 +89,7 @@ public ObjectAdapter createObjectAdapterWithEndpoints(String name, String endpoi @Override public ObjectAdapter createObjectAdapterWithEndpoints( - String name, String endpoints, com.zeroc.IceSSL.SSLEngineFactory sslEngineFactory) { + String name, String endpoints, com.zeroc.Ice.SSL.SSLEngineFactory sslEngineFactory) { if (name.length() == 0) { name = java.util.UUID.randomUUID().toString(); } diff --git a/java/src/Ice/src/main/java/com/zeroc/Ice/InitializationData.java b/java/src/Ice/src/main/java/com/zeroc/Ice/InitializationData.java index a4898d92c6e..23f7f652bea 100644 --- a/java/src/Ice/src/main/java/com/zeroc/Ice/InitializationData.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/InitializationData.java @@ -4,7 +4,7 @@ package com.zeroc.Ice; -import com.zeroc.IceSSL.SSLEngineFactory; +import com.zeroc.Ice.SSL.SSLEngineFactory; /** * A class that encapsulates data to initialize a communicator. @@ -84,8 +84,8 @@ public InitializationData clone() { /** * The SSL engine factory used to configure the client-side ssl transport. If non-null all the - * IceSSL configuration properties are ignored, and any SSL configuration must be done through the - * SSLEngineFactory. + * Ice.SSL configuration properties are ignored, and any SSL configuration must be done through + * the SSLEngineFactory. */ public SSLEngineFactory clientSSLEngineFactory; } diff --git a/java/src/Ice/src/main/java/com/zeroc/Ice/ObjectAdapterI.java b/java/src/Ice/src/main/java/com/zeroc/Ice/ObjectAdapterI.java index ba1f11bad97..5988f4f7228 100644 --- a/java/src/Ice/src/main/java/com/zeroc/Ice/ObjectAdapterI.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/ObjectAdapterI.java @@ -4,9 +4,9 @@ package com.zeroc.Ice; +import com.zeroc.Ice.SSL.SSLEngineFactory; import com.zeroc.IceInternal.EndpointI; import com.zeroc.IceInternal.IncomingConnectionFactory; -import com.zeroc.IceSSL.SSLEngineFactory; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -702,7 +702,7 @@ public ObjectAdapterI( String name, RouterPrx router, boolean noConfig, - com.zeroc.IceSSL.SSLEngineFactory sslEngineFactory) { + com.zeroc.Ice.SSL.SSLEngineFactory sslEngineFactory) { _instance = instance; _communicator = communicator; _objectAdapterFactory = objectAdapterFactory; @@ -1294,5 +1294,5 @@ boolean filterProperties(List unknownProps) { private int _directCount; // The number of direct proxies dispatching on this object adapter. private boolean _noConfig; private final int _messageSizeMax; - private final com.zeroc.IceSSL.SSLEngineFactory _sslEngineFactory; + private final com.zeroc.Ice.SSL.SSLEngineFactory _sslEngineFactory; } diff --git a/java/src/Ice/src/main/java/com/zeroc/Ice/Properties.java b/java/src/Ice/src/main/java/com/zeroc/Ice/Properties.java index feb75c92192..9244dd53a6a 100644 --- a/java/src/Ice/src/main/java/com/zeroc/Ice/Properties.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/Properties.java @@ -163,8 +163,8 @@ public interface Properties { /** * Convert a sequence of command-line options into properties. All options that begin with one of * the following prefixes are converted into properties: --Ice, --IceBox - * , --IceGrid, --IceSSL, --IceStorm, --Freeze - * , and --Glacier2. + * , --IceGrid, --Ice.SSL, --IceStorm, --Freeze + * , and --Glacier2. * * @param options The command-line options. * @return The command-line options that do not start with one of the listed prefixes, in their diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/AcceptorI.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/AcceptorI.java similarity index 98% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/AcceptorI.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/AcceptorI.java index 4a155f6e8ec..306f1d24a6a 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/AcceptorI.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/AcceptorI.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; final class AcceptorI implements com.zeroc.IceInternal.Acceptor { @Override diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/ConnectionInfo.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/ConnectionInfo.java similarity index 84% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/ConnectionInfo.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/ConnectionInfo.java index 484f363d0ec..36a8ce84cac 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/ConnectionInfo.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/ConnectionInfo.java @@ -1,19 +1,8 @@ // // Copyright (c) ZeroC, Inc. All rights reserved. // -// -// Ice version 3.7.10 -// -// -// -// Generated from file `ConnectionInfo.ice' -// -// Warning: do not edit this file. -// -// -// -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; /** Provides access to the connection details of an SSL connection */ public class ConnectionInfo extends com.zeroc.Ice.ConnectionInfo { diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/ConnectorI.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/ConnectorI.java similarity index 98% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/ConnectorI.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/ConnectorI.java index 68314c73da6..91b1ccf26f2 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/ConnectorI.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/ConnectorI.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; final class ConnectorI implements com.zeroc.IceInternal.Connector { @Override diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointFactoryI.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointFactoryI.java similarity index 97% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointFactoryI.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointFactoryI.java index dcf7cda1c57..78a9e723915 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointFactoryI.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointFactoryI.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; public final class EndpointFactoryI extends com.zeroc.IceInternal.EndpointFactoryWithUnderlying { public EndpointFactoryI(Instance instance, short type) { diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointI.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointI.java similarity index 99% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointI.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointI.java index a1105f6aaad..faac85972a8 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointI.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointI.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; final class EndpointI extends com.zeroc.IceInternal.EndpointI { public EndpointI(Instance instance, com.zeroc.IceInternal.EndpointI delegate) { diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointInfo.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointInfo.java similarity index 74% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointInfo.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointInfo.java index f2d3f2b135f..08ec495b662 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/EndpointInfo.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/EndpointInfo.java @@ -1,19 +1,8 @@ // // Copyright (c) ZeroC, Inc. All rights reserved. // -// -// Ice version 3.7.10 -// -// -// -// Generated from file `EndpointInfo.ice' -// -// Warning: do not edit this file. -// -// -// -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; /** Provides access to an SSL endpoint information. */ public abstract class EndpointInfo extends com.zeroc.Ice.EndpointInfo { diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/Instance.java similarity index 97% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/Instance.java index 0313554d956..f8111653436 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/Instance.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; import com.zeroc.Ice.InitializationData; diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/RFC2253.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/RFC2253.java similarity index 99% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/RFC2253.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/RFC2253.java index 4f71508bc65..06f28bf8254 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/RFC2253.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/RFC2253.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; // // See RFC 2253 and RFC 1779. diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/SSLEngine.java similarity index 94% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/SSLEngine.java index c075f4f1097..0fd98163079 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/SSLEngine.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; import com.zeroc.Ice.InitializationException; import java.io.InputStream; @@ -121,7 +121,8 @@ public void initialize() { } else { keystoreStream = openResource(keystorePath); if (keystoreStream == null) { - throw new InitializationException("IceSSL: keystore not found:\n" + keystorePath); + throw new InitializationException( + "SSL transport: keystore not found:\n" + keystorePath); } } @@ -142,7 +143,7 @@ public void initialize() { keystorePassword = null; } catch (java.io.IOException ex) { throw new InitializationException( - "IceSSL: unable to load keystore:\n" + keystorePath, ex); + "SSL transport: unable to load keystore:\n" + keystorePath, ex); } finally { if (keystoreStream != null) { try { @@ -192,7 +193,7 @@ public void initialize() { // if (!keys.isKeyEntry(alias)) { throw new InitializationException( - "IceSSL: keystore does not contain an entry with alias `" + alias + "'"); + "SSL trasnsport: keystore does not contain an entry with alias `" + alias + "'"); } for (int i = 0; i < keyManagers.length; ++i) { @@ -225,7 +226,7 @@ public void initialize() { truststoreStream = openResource(truststorePath); if (truststoreStream == null) { throw new InitializationException( - "IceSSL: truststore not found:\n" + truststorePath); + "SSL transport: truststore not found:\n" + truststorePath); } } @@ -247,7 +248,7 @@ public void initialize() { truststorePassword = null; } catch (java.io.IOException ex) { throw new InitializationException( - "IceSSL: unable to load truststore:\n" + truststorePath, ex); + "SSL transport: unable to load truststore:\n" + truststorePath, ex); } finally { if (truststoreStream != null) { try { @@ -313,7 +314,7 @@ public X509Certificate[] getAcceptedIssuers() { // must be non-empty // if (trustStore != null && trustStore.size() == 0) { - throw new InitializationException("IceSSL: truststore is empty"); + throw new InitializationException("SSL transport: truststore is empty"); } if (trustManagers == null) { @@ -329,7 +330,7 @@ public X509Certificate[] getAcceptedIssuers() { _context = javax.net.ssl.SSLContext.getInstance("TLS"); _context.init(keyManagers, trustManagers, null); } catch (java.security.GeneralSecurityException ex) { - throw new InitializationException("IceSSL: unable to initialize context", ex); + throw new InitializationException("SSL transport: unable to initialize context", ex); } } @@ -358,7 +359,7 @@ javax.net.ssl.SSLEngine createSSLEngine(boolean incoming, String host, int port) } engine.setUseClientMode(!incoming); } catch (Exception ex) { - throw new com.zeroc.Ice.SecurityException("IceSSL: couldn't create SSL engine", ex); + throw new com.zeroc.Ice.SecurityException("SSL transport: couldn't create SSL engine", ex); } if (incoming) { @@ -426,7 +427,8 @@ void verifyPeer(String address, ConnectionInfo info, String desc) { // if (!info.incoming) { if (_verifyPeer > 0 && !info.verified) { - throw new com.zeroc.Ice.SecurityException("IceSSL: server did not supply a certificate"); + throw new com.zeroc.Ice.SecurityException( + "SSL trasnsport: server did not supply a certificate"); } } diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngineFactory.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/SSLEngineFactory.java similarity index 95% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngineFactory.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/SSLEngineFactory.java index 2a27b8e4241..719f353c149 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngineFactory.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/SSLEngineFactory.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; /** A factory for javax.net.ssl.SSLEngine objects. */ @FunctionalInterface diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/TransceiverI.java similarity index 95% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/TransceiverI.java index 7df9989e365..1250f4d4deb 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/TransceiverI.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; import com.zeroc.IceInternal.SocketOperation; import java.nio.*; @@ -46,7 +46,7 @@ public int initialize( _engine.beginHandshake(); } catch (javax.net.ssl.SSLException ex) { _engine = null; - throw new com.zeroc.Ice.SecurityException("IceSSL: handshake error", ex); + throw new com.zeroc.Ice.SecurityException("SSL transport: handshake error", ex); } _appInput = ByteBuffer.allocate(_engine.getSession().getApplicationBufferSize() * 2); @@ -81,7 +81,7 @@ public int initialize( // // Additional verification. // - _instance.verifyPeer(_host, (com.zeroc.IceSSL.ConnectionInfo) getInfo(), _delegate.toString()); + _instance.verifyPeer(_host, (com.zeroc.Ice.SSL.ConnectionInfo) getInfo(), _delegate.toString()); if (_instance.securityTraceLevel() >= 1) { _instance.traceConnection(_delegate.toString(), _engine, _incoming); @@ -121,12 +121,7 @@ public void close() { } } } catch (SSLException ex) { - // // We can't throw in close. - // - // Ice.SecurityException se = new Ice.SecurityException( - // "IceSSL: SSL failure while shutting down socket", ex); - // } try { @@ -140,7 +135,7 @@ public void close() { // We would probably need to wait for a response in shutdown() to avoid this. // For now, we'll ignore this exception. // - // _instance.logger().error("IceSSL: error during close\n" + ex.getMessage()); + // _instance.logger().error("SSL transport: error during close\n" + ex.getMessage()); } } @@ -219,7 +214,7 @@ else if (status == Status.BUFFER_UNDERFLOW // the buffer with a complete request which must be processed. } } catch (SSLException ex) { - throw new com.zeroc.Ice.SecurityException("IceSSL: error during read", ex); + throw new com.zeroc.Ice.SecurityException("SSL transport: error during read", ex); } // @@ -399,7 +394,7 @@ private int handshakeNonBlocking() { } } } catch (SSLException ex) { - throw new com.zeroc.Ice.SecurityException("IceSSL: handshake error", ex); + throw new com.zeroc.Ice.SecurityException("SSL transport: handshake error", ex); } return SocketOperation.None; } @@ -446,7 +441,7 @@ private int writeNonBlocking(ByteBuffer buf) { } } } catch (SSLException ex) { - throw new com.zeroc.Ice.SecurityException("IceSSL: error while encoding message", ex); + throw new com.zeroc.Ice.SecurityException("SSL transport: error while encoding message", ex); } assert (_netOutput.b.position() == 0); diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/TrustManager.java similarity index 98% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/TrustManager.java index a49f6d78474..d8a70f38182 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/TrustManager.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; class TrustManager { TrustManager(com.zeroc.Ice.Communicator communicator) { @@ -37,7 +37,7 @@ class TrustManager { } } catch (RFC2253.ParseException e) { throw new com.zeroc.Ice.InitializationException( - "IceSSL: invalid property " + key + ":\n" + e.reason); + "Ice.SSL: invalid property " + key + ":\n" + e.reason); } } @@ -162,7 +162,7 @@ boolean verify(ConnectionInfo info, String desc) { _communicator .getLogger() .warning( - "IceSSL: unable to parse certificate DN `" + "Ice.SSL: unable to parse certificate DN `" + subjectName + "'\nreason: " + e.reason); diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/X509KeyManagerI.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/X509KeyManagerI.java similarity index 95% rename from java/src/Ice/src/main/java/com/zeroc/IceSSL/X509KeyManagerI.java rename to java/src/Ice/src/main/java/com/zeroc/Ice/SSL/X509KeyManagerI.java index 888202a1410..0f79916844b 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/X509KeyManagerI.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/X509KeyManagerI.java @@ -2,7 +2,7 @@ // Copyright (c) ZeroC, Inc. All rights reserved. // -package com.zeroc.IceSSL; +package com.zeroc.Ice.SSL; import javax.net.ssl.X509ExtendedKeyManager; @@ -16,7 +16,7 @@ final class X509KeyManagerI extends X509ExtendedKeyManager { @Override public String chooseClientAlias( String[] keyType, java.security.Principal[] issuers, java.net.Socket socket) { - // Don't bother checking for acceptable issuers if the user configured IceSSL.Alias + // Don't bother checking for acceptable issuers if the user configured Ice.SSL.Alias if (!_override) { String alias = _delegate.chooseClientAlias(keyType, issuers, socket); if (alias != null && !alias.isEmpty()) { @@ -29,7 +29,7 @@ public String chooseClientAlias( @Override public String chooseEngineClientAlias( String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine) { - // Don't bother checking for acceptable issuers if the user configured IceSSL.Alias + // Don't bother checking for acceptable issuers if the user configured Ice.SSL.Alias if (!_override) { String alias = _delegate.chooseEngineClientAlias(keyType, issuers, engine); if (alias != null && !alias.isEmpty()) { @@ -43,7 +43,7 @@ public String chooseEngineClientAlias( public String chooseServerAlias( String keyType, java.security.Principal[] issuers, java.net.Socket socket) { if (!_override) { - // Don't bother checking for acceptable issuers if the user configured IceSSL.Alias. + // Don't bother checking for acceptable issuers if the user configured Ice.SSL.Alias. String alias = _delegate.chooseServerAlias(keyType, issuers, socket); if (alias != null && !alias.isEmpty()) { return alias; @@ -55,7 +55,7 @@ public String chooseServerAlias( @Override public String chooseEngineServerAlias( String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine) { - // Don't bother checking for acceptable issuers if the user configured IceSSL.Alias + // Don't bother checking for acceptable issuers if the user configured Ice.SSL.Alias if (!_override) { String alias = _delegate.chooseEngineServerAlias(keyType, issuers, engine); if (alias != null && !alias.isEmpty()) { diff --git a/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/package-info.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/package-info.java new file mode 100644 index 00000000000..76dade6682b --- /dev/null +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SSL/package-info.java @@ -0,0 +1,6 @@ +// +// Copyright (c) ZeroC, Inc. All rights reserved. +// + +/** APIs for the Ice SSL transport, the SSL transport provides encryption using SSL/TLS. */ +package com.zeroc.Ice.SSL; diff --git a/java/src/Ice/src/main/java/com/zeroc/Ice/SecurityException.java b/java/src/Ice/src/main/java/com/zeroc/Ice/SecurityException.java index 1c1ae640e62..3d1434118f5 100644 --- a/java/src/Ice/src/main/java/com/zeroc/Ice/SecurityException.java +++ b/java/src/Ice/src/main/java/com/zeroc/Ice/SecurityException.java @@ -15,7 +15,7 @@ package com.zeroc.Ice; -/** This exception indicates a failure in a security subsystem, such as the IceSSL plug-in. */ +/** This exception indicates a failure in a security subsystem, such as the Ice.SSL plug-in. */ public class SecurityException extends LocalException { public SecurityException() { this.reason = ""; diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/EndpointI.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/EndpointI.java index e58f801a8cf..7e8839094a3 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/EndpointI.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/EndpointI.java @@ -113,7 +113,7 @@ public abstract void connectors_async( // is available. // public abstract Acceptor acceptor( - String adapterName, com.zeroc.IceSSL.SSLEngineFactory sslEngineFactory); + String adapterName, com.zeroc.Ice.SSL.SSLEngineFactory sslEngineFactory); // // Expand endpoint out in to separate endpoints for each local diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/Instance.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/Instance.java index 8afc8aec9e3..319b7433dd9 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/Instance.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/Instance.java @@ -878,7 +878,7 @@ public void initialize( _networkProxy = createNetworkProxy(_initData.properties, _protocolSupport); - _sslEngine = new com.zeroc.IceSSL.SSLEngine(communicator); + _sslEngine = new com.zeroc.Ice.SSL.SSLEngine(communicator); _endpointFactoryManager = new EndpointFactoryManager(this); ProtocolInstance tcpProtocol = @@ -889,10 +889,10 @@ public void initialize( new ProtocolInstance(this, com.zeroc.Ice.UDPEndpointType.value, "udp", false); _endpointFactoryManager.add(new UdpEndpointFactory(udpProtocol)); - com.zeroc.IceSSL.Instance sslInstance = - new com.zeroc.IceSSL.Instance(_sslEngine, com.zeroc.Ice.SSLEndpointType.value, "ssl"); + com.zeroc.Ice.SSL.Instance sslInstance = + new com.zeroc.Ice.SSL.Instance(_sslEngine, com.zeroc.Ice.SSLEndpointType.value, "ssl"); _endpointFactoryManager.add( - new com.zeroc.IceSSL.EndpointFactoryI(sslInstance, com.zeroc.Ice.TCPEndpointType.value)); + new com.zeroc.Ice.SSL.EndpointFactoryI(sslInstance, com.zeroc.Ice.TCPEndpointType.value)); ProtocolInstance wsProtocol = new ProtocolInstance(this, com.zeroc.Ice.WSEndpointType.value, "ws", false); @@ -1552,7 +1552,7 @@ private NetworkProxy createNetworkProxy( private static boolean _oneOffDone = false; private QueueExecutorService _queueExecutorService; private QueueExecutor _queueExecutor; - private com.zeroc.IceSSL.SSLEngine _sslEngine; + private com.zeroc.Ice.SSL.SSLEngine _sslEngine; private Map _builtInModulePackagePrefixes = java.util.Collections.unmodifiableMap( diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/LoggerAdminI.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/LoggerAdminI.java index 62596e9dea2..9cad632ea2f 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/LoggerAdminI.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/LoggerAdminI.java @@ -352,7 +352,6 @@ private static com.zeroc.Ice.Communicator createSendLogCommunicator( com.zeroc.Ice.Properties mainProps = communicator.getProperties(); copyProperties("Ice.Default.Locator", mainProps, initData.properties); - copyProperties("Ice.Plugin.IceSSL", mainProps, initData.properties); copyProperties("IceSSL.", mainProps, initData.properties); String[] extraProps = mainProps.getPropertyAsList("Ice.Admin.Logger.Properties"); diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/ObjectAdapterFactory.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/ObjectAdapterFactory.java index 9e12467e8d4..aa895f99e7d 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/ObjectAdapterFactory.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/ObjectAdapterFactory.java @@ -6,7 +6,7 @@ import com.zeroc.Ice.ObjectAdapter; import com.zeroc.Ice.ObjectAdapterI; -import com.zeroc.IceSSL.SSLEngineFactory; +import com.zeroc.Ice.SSL.SSLEngineFactory; public final class ObjectAdapterFactory { public void shutdown() { diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/OpaqueEndpointI.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/OpaqueEndpointI.java index f41d03b1129..dd9d6f555c1 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/OpaqueEndpointI.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/OpaqueEndpointI.java @@ -5,7 +5,7 @@ package com.zeroc.IceInternal; import com.zeroc.Ice.EndpointParseException; -import com.zeroc.IceSSL.SSLEngineFactory; +import com.zeroc.Ice.SSL.SSLEngineFactory; import com.zeroc.IceUtilInternal.Base64; final class OpaqueEndpointI extends EndpointI { diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/TcpEndpointI.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/TcpEndpointI.java index 6ec0b0f7ad2..edb574f6efb 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/TcpEndpointI.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/TcpEndpointI.java @@ -4,7 +4,7 @@ package com.zeroc.IceInternal; -import com.zeroc.IceSSL.SSLEngineFactory; +import com.zeroc.Ice.SSL.SSLEngineFactory; final class TcpEndpointI extends IPEndpointI { public TcpEndpointI( diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/UdpEndpointI.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/UdpEndpointI.java index c727d4db6a7..a25daccdd96 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/UdpEndpointI.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/UdpEndpointI.java @@ -5,7 +5,7 @@ package com.zeroc.IceInternal; import com.zeroc.Ice.EndpointParseException; -import com.zeroc.IceSSL.SSLEngineFactory; +import com.zeroc.Ice.SSL.SSLEngineFactory; final class UdpEndpointI extends IPEndpointI { public UdpEndpointI( diff --git a/java/src/Ice/src/main/java/com/zeroc/IceInternal/WSEndpoint.java b/java/src/Ice/src/main/java/com/zeroc/IceInternal/WSEndpoint.java index 544428db8a5..a08e19195ad 100644 --- a/java/src/Ice/src/main/java/com/zeroc/IceInternal/WSEndpoint.java +++ b/java/src/Ice/src/main/java/com/zeroc/IceInternal/WSEndpoint.java @@ -4,8 +4,8 @@ package com.zeroc.IceInternal; +import com.zeroc.Ice.SSL.SSLEngineFactory; import com.zeroc.Ice.WSEndpointInfo; -import com.zeroc.IceSSL.SSLEngineFactory; final class WSEndpoint extends EndpointI { public WSEndpoint(ProtocolInstance instance, EndpointI del, String res) { diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/package-info.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/package-info.java deleted file mode 100644 index 00e613ce582..00000000000 --- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/package-info.java +++ /dev/null @@ -1,6 +0,0 @@ -// -// Copyright (c) ZeroC, Inc. All rights reserved. -// - -/** APIs for the IceSSL transport plug-in. IceSSL provides encryption using SSL/TLS. */ -package com.zeroc.IceSSL; diff --git a/java/src/Ice/src/main/java/module-info.java b/java/src/Ice/src/main/java/module-info.java index dc7349944f7..ac9da1fe039 100644 --- a/java/src/Ice/src/main/java/module-info.java +++ b/java/src/Ice/src/main/java/module-info.java @@ -4,7 +4,7 @@ module com.zeroc.ice { exports com.zeroc.Ice; - exports com.zeroc.IceSSL; + exports com.zeroc.Ice.SSL; exports com.zeroc.Ice.Instrumentation; exports com.zeroc.Ice.IceMX; exports com.zeroc.IceInternal; diff --git a/java/src/IceBT/src/main/java/com/zeroc/IceBT/EndpointI.java b/java/src/IceBT/src/main/java/com/zeroc/IceBT/EndpointI.java index c5bd6d14ab8..6396467d43c 100644 --- a/java/src/IceBT/src/main/java/com/zeroc/IceBT/EndpointI.java +++ b/java/src/IceBT/src/main/java/com/zeroc/IceBT/EndpointI.java @@ -153,7 +153,8 @@ public void connectors_async(EndpointSelectionType selType, EndpointI_connectors } @Override - public Acceptor acceptor(String adapterName, com.zeroc.IceSSL.SSLEngineFactory sslEngineFactory) { + public Acceptor acceptor( + String adapterName, com.zeroc.Ice.SSL.SSLEngineFactory sslEngineFactory) { return new AcceptorI(this, _instance, adapterName, _uuid, _name); } diff --git a/java/src/IceBox/src/main/java/com/zeroc/IceBox/ServiceManagerI.java b/java/src/IceBox/src/main/java/com/zeroc/IceBox/ServiceManagerI.java index 80445a7e1c8..a101a35469a 100644 --- a/java/src/IceBox/src/main/java/com/zeroc/IceBox/ServiceManagerI.java +++ b/java/src/IceBox/src/main/java/com/zeroc/IceBox/ServiceManagerI.java @@ -504,7 +504,7 @@ private synchronized void start( // // Remaining command line options are passed to the communicator. This is - // necessary for Ice plug-in properties (e.g.: IceSSL). + // necessary for Ice plug-in properties (e.g.: Ice.SSL). // java.util.List remainingArgs = new java.util.ArrayList<>(); info.communicator = Util.initialize(serviceArgs, initData, remainingArgs); diff --git a/java/test/android/controller/src/main/java/com/zeroc/testcontroller/ControllerApp.java b/java/test/android/controller/src/main/java/com/zeroc/testcontroller/ControllerApp.java index c4e2da5133d..dce9adcde05 100644 --- a/java/test/android/controller/src/main/java/com/zeroc/testcontroller/ControllerApp.java +++ b/java/test/android/controller/src/main/java/com/zeroc/testcontroller/ControllerApp.java @@ -276,8 +276,8 @@ public ControllerHelperI(TestSuiteBundle bundle, String[] args) { public void communicatorInitialized(Communicator communicator) { com.zeroc.Ice.Properties properties = communicator.getProperties(); if (properties.getProperty("Ice.Plugin.IceSSL").equals("com.zeroc.IceSSL.PluginFactory")) { - com.zeroc.IceSSL.Plugin plugin = - (com.zeroc.IceSSL.Plugin) communicator.getPluginManager().getPlugin("IceSSL"); + com.zeroc.Ice.SSL.Plugin plugin = + (com.zeroc.Ice.SSL.Plugin) communicator.getPluginManager().getPlugin("IceSSL"); String keystore = communicator.getProperties().getProperty("IceSSL.Keystore"); properties.setProperty("IceSSL.Keystore", ""); int resource = keystore.equals("client.bks") ? R.raw.client : R.raw.server; diff --git a/java/test/src/main/java/test/Ice/background/EndpointI.java b/java/test/src/main/java/test/Ice/background/EndpointI.java index 435fc3c0278..5296c15664f 100644 --- a/java/test/src/main/java/test/Ice/background/EndpointI.java +++ b/java/test/src/main/java/test/Ice/background/EndpointI.java @@ -134,7 +134,7 @@ public void exception(com.zeroc.Ice.LocalException exception) { @Override public com.zeroc.IceInternal.Acceptor acceptor( - String adapterName, com.zeroc.IceSSL.SSLEngineFactory sslEngineFactory) { + String adapterName, com.zeroc.Ice.SSL.SSLEngineFactory sslEngineFactory) { return new Acceptor(this, _configuration, _endpoint.acceptor(adapterName, sslEngineFactory)); } diff --git a/java/test/src/main/java/test/Ice/binding/AllTests.java b/java/test/src/main/java/test/Ice/binding/AllTests.java index e5ee9fe20f9..9addf4555b7 100644 --- a/java/test/src/main/java/test/Ice/binding/AllTests.java +++ b/java/test/src/main/java/test/Ice/binding/AllTests.java @@ -710,7 +710,7 @@ public static void allTests(test.TestHelper helper) { } out.println("ok"); - if (communicator.getProperties().getProperty("Ice.Plugin.IceSSL").length() > 0) { + if (communicator.getProperties().getProperty("Ice.Plugin.Ice.SSL").length() > 0) { out.print("testing unsecure vs. secure endpoints... "); out.flush(); { diff --git a/java/test/src/main/java/test/Ice/info/AllTests.java b/java/test/src/main/java/test/Ice/info/AllTests.java index fc5c418fe45..3d8b2012e0c 100644 --- a/java/test/src/main/java/test/Ice/info/AllTests.java +++ b/java/test/src/main/java/test/Ice/info/AllTests.java @@ -77,7 +77,7 @@ public static void allTests(test.TestHelper helper) { test( tcpEndpoint.type() == TCPEndpointType.value && info instanceof TCPEndpointInfo || tcpEndpoint.type() == SSLEndpointType.value - && info instanceof com.zeroc.IceSSL.EndpointInfo + && info instanceof com.zeroc.Ice.SSL.EndpointInfo || tcpEndpoint.type() == WSEndpointType.value && info instanceof WSEndpointInfo || tcpEndpoint.type() == WSSEndpointType.value && info instanceof WSEndpointInfo); diff --git a/java/test/src/main/java/test/IceSSL/configuration/AllTests.java b/java/test/src/main/java/test/IceSSL/configuration/AllTests.java index f654b36b790..364b92effb4 100644 --- a/java/test/src/main/java/test/IceSSL/configuration/AllTests.java +++ b/java/test/src/main/java/test/IceSSL/configuration/AllTests.java @@ -107,7 +107,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) InitializationData initData; // - // Test IceSSL.VerifyPeer=0. Client does not have a certificate, + // Test Ice.SSL.VerifyPeer=0. Client does not have a certificate, // but it still verifies the server's. // initData = createClientProps(defaultProperties, "", "cacert1"); @@ -119,7 +119,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) ServerPrx server = fact.createServer(d); try { server.noCert(); - test(((com.zeroc.IceSSL.ConnectionInfo) server.ice_getConnection().getInfo()).verified); + test(((com.zeroc.Ice.SSL.ConnectionInfo) server.ice_getConnection().getInfo()).verified); } catch (com.zeroc.Ice.LocalException ex) { ex.printStackTrace(); test(false); @@ -128,7 +128,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) comm.destroy(); // - // Test IceSSL.VerifyPeer=1. Client does not have a certificate. + // Test Ice.SSL.VerifyPeer=1. Client does not have a certificate. // initData = createClientProps(defaultProperties, "", "cacert1"); comm = Util.initialize(args, initData); @@ -146,7 +146,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) fact.destroyServer(server); // - // Test IceSSL.VerifyPeer=2. This should fail because the client + // Test Ice.SSL.VerifyPeer=2. This should fail because the client // does not supply a certificate. // d = createServerProps(defaultProperties, "s_rsa_ca1", ""); @@ -168,7 +168,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) comm.destroy(); // - // Test IceSSL.VerifyPeer=1. Client has a certificate. + // Test Ice.SSL.VerifyPeer=1. Client has a certificate. // // Provide "cacert1" to the client to verify the server // certificate (without this the client connection wouln't be @@ -191,8 +191,8 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) java.security.cert.X509Certificate serverCert = loadCertificate(defaultDir + "/s_rsa_ca1.jks", "cert"); - com.zeroc.IceSSL.ConnectionInfo info = - (com.zeroc.IceSSL.ConnectionInfo) server.ice_getConnection().getInfo(); + com.zeroc.Ice.SSL.ConnectionInfo info = + (com.zeroc.Ice.SSL.ConnectionInfo) server.ice_getConnection().getInfo(); test(info.certs.length == 1); test(info.verified); @@ -205,7 +205,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) fact.destroyServer(server); // - // Test IceSSL.VerifyPeer=2. Client has a certificate. + // Test Ice.SSL.VerifyPeer=2. Client has a certificate. // d = createServerProps(defaultProperties, "s_rsa_ca1", "cacert1"); d.put("IceSSL.VerifyPeer", "2"); @@ -225,7 +225,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) comm.destroy(); // - // Test IceSSL.VerifyPeer=1. This should fail because the + // Test Ice.SSL.VerifyPeer=1. This should fail because the // client doesn't trust the server's CA. // initData = createClientProps(defaultProperties, "", ""); @@ -250,7 +250,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) comm.destroy(); // - // Test IceSSL.VerifyPeer=1. This should fail because the + // Test Ice.SSL.VerifyPeer=1. This should fail because the // server doesn't trust the client's CA. // initData = createClientProps(defaultProperties, "c_rsa_ca2", ""); @@ -322,7 +322,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) comm.destroy(); // - // Verify that IceSSL.CheckCertName has no effect in a server. + // Verify that Ice.SSL.CheckCertName has no effect in a server. // initData = createClientProps(defaultProperties, "c_rsa_ca1", "cacert1"); comm = Util.initialize(args, initData); @@ -539,7 +539,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) // // Target host does not match the certificate DNS altName, connection should // succeed - // because IceSSL.CheckCertName is set to 0. + // because Ice.SSL.CheckCertName is set to 0. // { initData = createClientProps(defaultProperties, "c_rsa_ca1", "cacert1"); @@ -659,7 +659,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) } out.println("ok"); - out.print("testing IceSSL.TrustOnly... "); + out.print("testing Ice.SSL.TrustOnly... "); out.flush(); { initData = createClientProps(defaultProperties, "c_rsa_ca1", "cacert1"); @@ -1012,7 +1012,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) } out.println("ok"); - out.print("testing IceSSL.TrustOnly.Client... "); + out.print("testing Ice.SSL.TrustOnly.Client... "); out.flush(); { initData = createClientProps(defaultProperties, "c_rsa_ca1", "cacert1"); @@ -1113,7 +1113,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) } out.println("ok"); - out.print("testing IceSSL.TrustOnly.Server... "); + out.print("testing Ice.SSL.TrustOnly.Server... "); out.flush(); { initData = createClientProps(defaultProperties, "c_rsa_ca1", "cacert1"); @@ -1213,7 +1213,7 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) } out.println("ok"); - out.print("testing IceSSL.TrustOnly.Server.... "); + out.print("testing Ice.SSL.TrustOnly.Server.... "); out.flush(); { initData = createClientProps(defaultProperties, "c_rsa_ca1", "cacert1"); @@ -1347,8 +1347,8 @@ public static ServerFactoryPrx allTests(test.TestHelper helper, String testDir) try { com.zeroc.Ice.WSConnectionInfo info = (com.zeroc.Ice.WSConnectionInfo) p.ice_getConnection().getInfo(); - com.zeroc.IceSSL.ConnectionInfo sslinfo = - (com.zeroc.IceSSL.ConnectionInfo) info.underlying; + com.zeroc.Ice.SSL.ConnectionInfo sslinfo = + (com.zeroc.Ice.SSL.ConnectionInfo) info.underlying; test(sslinfo.verified); break; } catch (com.zeroc.Ice.LocalException ex) { diff --git a/java/test/src/main/java/test/IceSSL/configuration/ServerI.java b/java/test/src/main/java/test/IceSSL/configuration/ServerI.java index 15b493687c1..824418890ad 100644 --- a/java/test/src/main/java/test/IceSSL/configuration/ServerI.java +++ b/java/test/src/main/java/test/IceSSL/configuration/ServerI.java @@ -14,8 +14,8 @@ class ServerI implements Server { @Override public void noCert(com.zeroc.Ice.Current current) { try { - com.zeroc.IceSSL.ConnectionInfo info = - (com.zeroc.IceSSL.ConnectionInfo) current.con.getInfo(); + com.zeroc.Ice.SSL.ConnectionInfo info = + (com.zeroc.Ice.SSL.ConnectionInfo) current.con.getInfo(); test(info.certs == null); } catch (com.zeroc.Ice.LocalException ex) { test(false); @@ -25,8 +25,8 @@ public void noCert(com.zeroc.Ice.Current current) { @Override public void checkCert(String subjectDN, String issuerDN, com.zeroc.Ice.Current current) { try { - com.zeroc.IceSSL.ConnectionInfo info = - (com.zeroc.IceSSL.ConnectionInfo) current.con.getInfo(); + com.zeroc.Ice.SSL.ConnectionInfo info = + (com.zeroc.Ice.SSL.ConnectionInfo) current.con.getInfo(); java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) info.certs[0]; test(info.verified); test( @@ -41,8 +41,8 @@ public void checkCert(String subjectDN, String issuerDN, com.zeroc.Ice.Current c @Override public void checkCipher(String cipher, com.zeroc.Ice.Current current) { try { - com.zeroc.IceSSL.ConnectionInfo info = - (com.zeroc.IceSSL.ConnectionInfo) current.con.getInfo(); + com.zeroc.Ice.SSL.ConnectionInfo info = + (com.zeroc.Ice.SSL.ConnectionInfo) current.con.getInfo(); test(info.cipher.indexOf(cipher) >= 0); } catch (com.zeroc.Ice.LocalException ex) { test(false); diff --git a/matlab/lib/+IceSSL/ConnectionInfo.m b/matlab/lib/+Ice/+SSL/ConnectionInfo.m similarity index 100% rename from matlab/lib/+IceSSL/ConnectionInfo.m rename to matlab/lib/+Ice/+SSL/ConnectionInfo.m diff --git a/matlab/lib/+IceSSL/EndpointInfo.m b/matlab/lib/+Ice/+SSL/EndpointInfo.m similarity index 100% rename from matlab/lib/+IceSSL/EndpointInfo.m rename to matlab/lib/+Ice/+SSL/EndpointInfo.m diff --git a/matlab/lib/+Ice/Connection.m b/matlab/lib/+Ice/Connection.m index d0a1745abb9..5bfb00e6e5d 100644 --- a/matlab/lib/+Ice/Connection.m +++ b/matlab/lib/+Ice/Connection.m @@ -216,8 +216,8 @@ function throwException(obj) info.remotePort, info.rcvSize, info.sndSize); case 'ssl' - r = IceSSL.ConnectionInfo(underlying, info.incoming, info.adapterName, info.connectionId, ... - info.cipher, info.certs, info.verified); + r = Ice.SSL.ConnectionInfo(underlying, info.incoming, info.adapterName, info.connectionId, ... + info.cipher, info.certs, info.verified); case 'udp' r = Ice.UDPConnectionInfo(underlying, info.incoming, info.adapterName, info.connectionId, ... diff --git a/matlab/lib/+Ice/Endpoint.m b/matlab/lib/+Ice/Endpoint.m index 170557b87a0..2a9bd96f7a5 100644 --- a/matlab/lib/+Ice/Endpoint.m +++ b/matlab/lib/+Ice/Endpoint.m @@ -62,7 +62,7 @@ info.host, info.port, info.sourceAddress); case Ice.SSLEndpointType.value - r = IceSSL.EndpointInfo(info.type, info.secure, underlying, info.timeout, info.compress); + r = Ice.SSL.EndpointInfo(info.type, info.secure, underlying, info.timeout, info.compress); case Ice.UDPEndpointType.value r = Ice.UDPEndpointInfo(info.type, underlying, info.timeout, info.compress, info.host, ... diff --git a/matlab/lib/+Ice/SecurityException.m b/matlab/lib/+Ice/SecurityException.m index a5cf4fa5295..9755e04ba48 100644 --- a/matlab/lib/+Ice/SecurityException.m +++ b/matlab/lib/+Ice/SecurityException.m @@ -1,6 +1,6 @@ % SecurityException Summary of SecurityException % -% This exception indicates a failure in a security subsystem, such as the IceSSL plug-in. +% This exception indicates a failure in a security subsystem, such as the SSL transport. % % SecurityException Properties: % reason - The reason for the failure. diff --git a/matlab/src/Connection.cpp b/matlab/src/Connection.cpp index a9332f202bd..2f3d1b5a000 100644 --- a/matlab/src/Connection.cpp +++ b/matlab/src/Connection.cpp @@ -72,7 +72,7 @@ namespace string type = "other"; - shared_ptr ipInfo = dynamic_pointer_cast(info); + auto ipInfo = dynamic_pointer_cast(info); if (ipInfo) { type = "ip"; @@ -82,7 +82,7 @@ namespace mxSetFieldByNumber(r, 0, Field::RemotePort, createInt(ipInfo->remotePort)); } - shared_ptr udpInfo = dynamic_pointer_cast(info); + auto udpInfo = dynamic_pointer_cast(info); if (udpInfo) { type = "udp"; @@ -92,7 +92,7 @@ namespace mxSetFieldByNumber(r, 0, Field::SndSize, createInt(udpInfo->sndSize)); } - shared_ptr tcpInfo = dynamic_pointer_cast(info); + auto tcpInfo = dynamic_pointer_cast(info); if (tcpInfo) { type = "tcp"; @@ -100,14 +100,14 @@ namespace mxSetFieldByNumber(r, 0, Field::SndSize, createInt(tcpInfo->sndSize)); } - shared_ptr wsInfo = dynamic_pointer_cast(info); + auto wsInfo = dynamic_pointer_cast(info); if (wsInfo) { type = "ws"; mxSetFieldByNumber(r, 0, Field::Headers, createStringMap(wsInfo->headers)); } - shared_ptr sslInfo = dynamic_pointer_cast(info); + auto sslInfo = dynamic_pointer_cast(info); if (sslInfo) { type = "ssl"; diff --git a/matlab/src/Endpoint.cpp b/matlab/src/Endpoint.cpp index 41745b0cdb5..4a5f56351ea 100644 --- a/matlab/src/Endpoint.cpp +++ b/matlab/src/Endpoint.cpp @@ -111,7 +111,7 @@ namespace mxSetFieldByNumber(r, 0, Field::Resource, createStringFromUTF8(wsInfo->resource)); } - if (dynamic_pointer_cast(info)) + if (dynamic_pointer_cast(info)) { mxSetFieldByNumber(r, 0, Field::InfoType, createInt(Ice::SSLEndpointType)); } diff --git a/matlab/src/Util.cpp b/matlab/src/Util.cpp index 08a148fe7d8..5fb2e0db70f 100644 --- a/matlab/src/Util.cpp +++ b/matlab/src/Util.cpp @@ -614,7 +614,7 @@ IceMatlab::createByteList(const vector& bytes) } mxArray* -IceMatlab::createCertificateList(const vector& certs) +IceMatlab::createCertificateList(const vector& certs) { auto r = mxCreateCellMatrix(1, static_cast(certs.size())); mwIndex i = 0; diff --git a/matlab/src/Util.h b/matlab/src/Util.h index 065d96cac34..255ab027685 100644 --- a/matlab/src/Util.h +++ b/matlab/src/Util.h @@ -41,7 +41,7 @@ namespace IceMatlab void getStringList(mxArray*, std::vector&); mxArray* createByteArray(const std::byte*, const std::byte*); mxArray* createByteList(const std::vector&); - mxArray* createCertificateList(const std::vector&); + mxArray* createCertificateList(const std::vector&); std::string idToClass(const std::string&); diff --git a/matlab/test/Ice/binding/AllTests.m b/matlab/test/Ice/binding/AllTests.m index 05f49e89b69..4e312befd00 100644 --- a/matlab/test/Ice/binding/AllTests.m +++ b/matlab/test/Ice/binding/AllTests.m @@ -756,65 +756,63 @@ function allTests(helper) fprintf('ok\n'); - if length(communicator.getProperties().getProperty('Ice.Plugin.IceSSL')) > 0 - fprintf('testing unsecure vs. secure endpoints... '); + fprintf('testing unsecure vs. secure endpoints... '); - adapters = {}; - adapters{end + 1} = rcom.createObjectAdapter('Adapter81', 'ssl'); - adapters{end + 1} = rcom.createObjectAdapter('Adapter82', 'tcp'); + adapters = {}; + adapters{end + 1} = rcom.createObjectAdapter('Adapter81', 'ssl'); + adapters{end + 1} = rcom.createObjectAdapter('Adapter82', 'tcp'); - test = AllTests.createTestIntfPrx(adapters); - for i = 1:5 - assert(strcmp(test.getAdapterName(), 'Adapter82')); - test.ice_getConnection().close(Ice.ConnectionClose.GracefullyWithWait); - end + test = AllTests.createTestIntfPrx(adapters); + for i = 1:5 + assert(strcmp(test.getAdapterName(), 'Adapter82')); + test.ice_getConnection().close(Ice.ConnectionClose.GracefullyWithWait); + end - testSecure = test.ice_secure(true); - assert(testSecure.ice_isSecure()); - testSecure = test.ice_secure(false); - assert(~testSecure.ice_isSecure()); - testSecure = test.ice_secure(true); - assert(testSecure.ice_isSecure()); - assert(test.ice_getConnection() ~= testSecure.ice_getConnection()); + testSecure = test.ice_secure(true); + assert(testSecure.ice_isSecure()); + testSecure = test.ice_secure(false); + assert(~testSecure.ice_isSecure()); + testSecure = test.ice_secure(true); + assert(testSecure.ice_isSecure()); + assert(test.ice_getConnection() ~= testSecure.ice_getConnection()); - rcom.deactivateObjectAdapter(adapters{2}); + rcom.deactivateObjectAdapter(adapters{2}); - for i = 1:5 - assert(strcmp(test.getAdapterName(), 'Adapter81')); - test.ice_getConnection().close(Ice.ConnectionClose.GracefullyWithWait); - end + for i = 1:5 + assert(strcmp(test.getAdapterName(), 'Adapter81')); + test.ice_getConnection().close(Ice.ConnectionClose.GracefullyWithWait); + end - endpts = test.ice_getEndpoints(); - rcom.createObjectAdapter('Adapter83', endpts{2}.toString()); % Reactivate tcp OA. + endpts = test.ice_getEndpoints(); + rcom.createObjectAdapter('Adapter83', endpts{2}.toString()); % Reactivate tcp OA. - for i = 1:5 - assert(strcmp(test.getAdapterName(), 'Adapter83')); - test.ice_getConnection().close(Ice.ConnectionClose.GracefullyWithWait); - end + for i = 1:5 + assert(strcmp(test.getAdapterName(), 'Adapter83')); + test.ice_getConnection().close(Ice.ConnectionClose.GracefullyWithWait); + end - rcom.deactivateObjectAdapter(adapters{1}); - try - testSecure.ice_ping(); - assert(false); - catch ex - if isa(ex, 'Ice.ConnectFailedException') - % - % Usually the actual type of this exception is ConnectionRefusedException, - % but not always. See bug 3179. - % - elseif isa(ex, 'Ice.ConnectTimeoutException') - % - % On Windows, we set Ice.Override.ConnectTimeout to speed up testing. - % - else - rethrow(ex); - end + rcom.deactivateObjectAdapter(adapters{1}); + try + testSecure.ice_ping(); + assert(false); + catch ex + if isa(ex, 'Ice.ConnectFailedException') + % + % Usually the actual type of this exception is ConnectionRefusedException, + % but not always. See bug 3179. + % + elseif isa(ex, 'Ice.ConnectTimeoutException') + % + % On Windows, we set Ice.Override.ConnectTimeout to speed up testing. + % + else + rethrow(ex); end + end - AllTests.deactivate(rcom, adapters); + AllTests.deactivate(rcom, adapters); - fprintf('ok\n'); - end + fprintf('ok\n'); rcom.shutdown(); end diff --git a/matlab/test/Ice/info/AllTests.m b/matlab/test/Ice/info/AllTests.m index cc3d2137864..69842a5bb16 100644 --- a/matlab/test/Ice/info/AllTests.m +++ b/matlab/test/Ice/info/AllTests.m @@ -31,9 +31,9 @@ function allTests(helper) tcpEndpoint.type() == Ice.WSSEndpointType.value && tcpEndpoint.secure()); % TODO: With SSL types - %tcpEndpoint.type() == Ice.SSLEndpointType.value && isa(info, 'IceSSL.EndpointInfo') || + %tcpEndpoint.type() == Ice.SSLEndpointType.value && isa(info, 'Ice.SSL.EndpointInfo') || assert(tcpEndpoint.type() == Ice.TCPEndpointType.value && isa(info, 'Ice.TCPEndpointInfo') || ... - tcpEndpoint.type() == Ice.SSLEndpointType.value && isa(info, 'IceSSL.EndpointInfo') || ... + tcpEndpoint.type() == Ice.SSLEndpointType.value && isa(info, 'Ice.SSL.EndpointInfo') || ... tcpEndpoint.type() == Ice.WSEndpointType.value && isa(info, 'Ice.WSEndpointInfo') || ... tcpEndpoint.type() == Ice.WSSEndpointType.value && isa(info, 'Ice.WSEndpointInfo')); diff --git a/php/src/Connection.cpp b/php/src/Connection.cpp index b1f6d02d256..e9b6cccd039 100644 --- a/php/src/Connection.cpp +++ b/php/src/Connection.cpp @@ -561,7 +561,7 @@ IcePHP::createConnectionInfo(zval* zv, const Ice::ConnectionInfoPtr& p) add_property_long(zv, "sndSize", static_cast(info->sndSize)); } } - else if (dynamic_pointer_cast(p)) + else if (dynamic_pointer_cast(p)) { status = object_init_ex(zv, sslConnectionInfoClassEntry); } @@ -580,9 +580,9 @@ IcePHP::createConnectionInfo(zval* zv, const Ice::ConnectionInfoPtr& p) return false; } - if (dynamic_pointer_cast(p)) + if (dynamic_pointer_cast(p)) { - auto info = dynamic_pointer_cast(p); + auto info = dynamic_pointer_cast(p); zval zarr; AutoDestroy listDestroyer(&zarr); diff --git a/php/src/Endpoint.cpp b/php/src/Endpoint.cpp index 2e437f30a82..ffd8adeeec5 100644 --- a/php/src/Endpoint.cpp +++ b/php/src/Endpoint.cpp @@ -374,7 +374,7 @@ IcePHP::createEndpointInfo(zval* zv, const Ice::EndpointInfoPtr& p) zval_ptr_dtor(&rawBytes); // add_property_zval increased the refcount of rawBytes } } - else if (dynamic_pointer_cast(p)) + else if (dynamic_pointer_cast(p)) { status = object_init_ex(zv, sslEndpointInfoClassEntry); } diff --git a/python/modules/IcePy/ConnectionInfo.cpp b/python/modules/IcePy/ConnectionInfo.cpp index 134a24bde31..2771114925a 100644 --- a/python/modules/IcePy/ConnectionInfo.cpp +++ b/python/modules/IcePy/ConnectionInfo.cpp @@ -207,11 +207,11 @@ extern "C" static PyObject* sslConnectionInfoGetCerts(ConnectionInfoObject* self, PyObject* /*args*/) { - auto info = dynamic_pointer_cast(*self->connectionInfo); + auto info = dynamic_pointer_cast(*self->connectionInfo); assert(info); PyObject* certs = PyList_New(0); Ice::StringSeq encoded; - for (vector::const_iterator i = info->certs.begin(); i != info->certs.end(); ++i) + for (vector::const_iterator i = info->certs.begin(); i != info->certs.end(); ++i) { encoded.push_back((*i)->encode()); } @@ -692,7 +692,7 @@ IcePy::createConnectionInfo(const Ice::ConnectionInfoPtr& connectionInfo) { type = &UDPConnectionInfoType; } - else if (dynamic_pointer_cast(connectionInfo)) + else if (dynamic_pointer_cast(connectionInfo)) { type = &SSLConnectionInfoType; } diff --git a/python/modules/IcePy/EndpointInfo.cpp b/python/modules/IcePy/EndpointInfo.cpp index 49fe1572f51..f98d5958aed 100644 --- a/python/modules/IcePy/EndpointInfo.cpp +++ b/python/modules/IcePy/EndpointInfo.cpp @@ -739,7 +739,7 @@ IcePy::createEndpointInfo(const Ice::EndpointInfoPtr& endpointInfo) { type = &UDPEndpointInfoType; } - else if (dynamic_pointer_cast(endpointInfo)) + else if (dynamic_pointer_cast(endpointInfo)) { type = &SSLEndpointInfoType; } diff --git a/ruby/src/IceRuby/Connection.cpp b/ruby/src/IceRuby/Connection.cpp index 350cf12769f..abf04158299 100644 --- a/ruby/src/IceRuby/Connection.cpp +++ b/ruby/src/IceRuby/Connection.cpp @@ -274,13 +274,13 @@ IceRuby::createConnectionInfo(const Ice::ConnectionInfoPtr& p) rb_ivar_set(info, rb_intern("@rcvSize"), INT2FIX(udp->rcvSize)); rb_ivar_set(info, rb_intern("@sndSize"), INT2FIX(udp->sndSize)); } - else if (dynamic_pointer_cast(p)) + else if (dynamic_pointer_cast(p)) { info = Data_Wrap_Struct(_sslConnectionInfoClass, 0, IceRuby_ConnectionInfo_free, new Ice::ConnectionInfoPtr(p)); - IceSSL::ConnectionInfoPtr ssl = dynamic_pointer_cast(p); + Ice::SSL::ConnectionInfoPtr ssl = dynamic_pointer_cast(p); Ice::StringSeq encoded; - for (vector::const_iterator i = ssl->certs.begin(); i != ssl->certs.end(); ++i) + for (vector::const_iterator i = ssl->certs.begin(); i != ssl->certs.end(); ++i) { encoded.push_back((*i)->encode()); } diff --git a/ruby/src/IceRuby/Endpoint.cpp b/ruby/src/IceRuby/Endpoint.cpp index c7f88592cf7..aaed69c5be5 100644 --- a/ruby/src/IceRuby/Endpoint.cpp +++ b/ruby/src/IceRuby/Endpoint.cpp @@ -149,7 +149,7 @@ IceRuby::createEndpointInfo(const Ice::EndpointInfoPtr& p) rb_ivar_set(info, rb_intern("@rawBytes"), v); rb_ivar_set(info, rb_intern("@rawEncoding"), createEncodingVersion(opaque->rawEncoding)); } - else if (dynamic_pointer_cast(p)) + else if (dynamic_pointer_cast(p)) { info = Data_Wrap_Struct(_sslEndpointInfoClass, 0, IceRuby_EndpointInfo_free, new Ice::EndpointInfoPtr(p)); } diff --git a/swift/Rakefile b/swift/Rakefile index e06c194e211..8ccb2bbf47b 100644 --- a/swift/Rakefile +++ b/swift/Rakefile @@ -145,7 +145,7 @@ def create_platform_targets(project, platform, bindist) # Ice for C++ static libraries # cpp_components = ["Ice", "IceDiscovery", "IceLocatorDiscovery"] - cpp_source_dirs = { "Ice" => ["IceUtil", "Ice", "IceSSL"] } + cpp_source_dirs = { "Ice" => ["IceUtil", "Ice", "Ice/SSL"] } if platform == :ios then cpp_source_dirs["Ice"] << "IceIAP" cpp_source_dirs["Ice"] << "Ice/ios" @@ -154,7 +154,7 @@ def create_platform_targets(project, platform, bindist) excludes = { "Ice" => ["DLLMain.cpp", "OpenSSL*", - "SChannel*"] + "Schannel*"] } if platform == :ios then diff --git a/swift/src/IceImpl/Connection.mm b/swift/src/IceImpl/Connection.mm index d0aaf1820e1..bd7ed57d159 100644 --- a/swift/src/IceImpl/Connection.mm +++ b/swift/src/IceImpl/Connection.mm @@ -322,7 +322,7 @@ - (BOOL)throwException:(NSError**)error headers:toNSDictionary(wsInfo->headers)]; } - auto sslInfo = std::dynamic_pointer_cast(infoPtr); + auto sslInfo = std::dynamic_pointer_cast(infoPtr); if (sslInfo) { return [factory createSSLConnectionInfo:underlying diff --git a/swift/src/IceImpl/Convert.h b/swift/src/IceImpl/Convert.h index 00146ec46c4..26921d8aca7 100644 --- a/swift/src/IceImpl/Convert.h +++ b/swift/src/IceImpl/Convert.h @@ -11,7 +11,7 @@ @class ICERuntimeException; -namespace IceSSL +namespace Ice::SSL { class Certificate; } @@ -46,7 +46,7 @@ fromObjC(id object, std::string& s) NSObject* toObjC(const std::shared_ptr& endpoint); void fromObjC(id object, std::shared_ptr& endpoint); -NSObject* toObjC(const std::shared_ptr& cert); +NSObject* toObjC(const std::shared_ptr& cert); template NSMutableArray* diff --git a/swift/src/IceImpl/Convert.mm b/swift/src/IceImpl/Convert.mm index 25a0ccdb2e3..a5e86740193 100644 --- a/swift/src/IceImpl/Convert.mm +++ b/swift/src/IceImpl/Convert.mm @@ -418,7 +418,7 @@ } NSObject* -toObjC(const std::shared_ptr& cert) +toObjC(const std::shared_ptr& cert) { return toNSString(cert->encode()); } diff --git a/swift/src/IceImpl/Endpoint.mm b/swift/src/IceImpl/Endpoint.mm index ff1f46e95e3..be606dd9437 100644 --- a/swift/src/IceImpl/Endpoint.mm +++ b/swift/src/IceImpl/Endpoint.mm @@ -117,7 +117,7 @@ + (id)createEndpointInfo:(std::shared_ptr)infoPtr resource:toNSString(wsInfo->resource)]; } - if (std::dynamic_pointer_cast(infoPtr)) + if (std::dynamic_pointer_cast(infoPtr)) { return [factory createSSLEndpointInfo:handle underlying:underlying