zeroc-ice 3.6b1 → 3.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/{ext/ice/BZIP_LICENSE → BZIP2_LICENSE} +0 -0
- data/ICE_LICENSE +8 -14
- data/LICENSE +2 -1
- data/{ext/ice/MCPP_LICENSE → MCPP_LICENSE} +2 -9
- data/bin/slice2rb +1 -1
- data/ext/Communicator.cpp +1 -1
- data/ext/Communicator.h +1 -1
- data/ext/Config.h +1 -22
- data/ext/Connection.cpp +125 -13
- data/ext/Connection.h +1 -1
- data/ext/Endpoint.cpp +62 -3
- data/ext/Endpoint.h +1 -1
- data/ext/ImplicitContext.cpp +1 -1
- data/ext/ImplicitContext.h +1 -1
- data/ext/Init.cpp +8 -1
- data/ext/Logger.cpp +1 -1
- data/ext/Logger.h +1 -1
- data/ext/ObjectFactory.cpp +1 -1
- data/ext/ObjectFactory.h +1 -1
- data/ext/Operation.cpp +1 -1
- data/ext/Operation.h +1 -1
- data/ext/Properties.cpp +1 -1
- data/ext/Properties.h +1 -1
- data/ext/Proxy.cpp +1 -1
- data/ext/Proxy.h +1 -1
- data/ext/Slice.cpp +1 -1
- data/ext/Slice.h +1 -1
- data/ext/Types.cpp +65 -17
- data/ext/Types.h +4 -1
- data/ext/Util.cpp +49 -58
- data/ext/Util.h +1 -1
- data/ext/extconf.rb +17 -15
- data/ext/ice/cpp/include/Ice/ACMF.h +1 -1
- data/ext/ice/cpp/include/Ice/Application.h +1 -1
- data/ext/ice/cpp/include/Ice/AsyncResult.h +1 -1
- data/ext/ice/cpp/include/Ice/AsyncResultF.h +1 -1
- data/ext/ice/cpp/include/Ice/BasicStream.h +1 -1
- data/ext/ice/cpp/include/Ice/BatchRequestInterceptor.h +52 -0
- data/ext/ice/cpp/include/Ice/BatchRequestQueueF.h +25 -0
- data/ext/ice/cpp/include/Ice/Buffer.h +1 -1
- data/ext/ice/cpp/include/Ice/BuiltinSequences.h +12 -4
- data/ext/ice/cpp/include/Ice/Communicator.h +12 -4
- data/ext/ice/cpp/include/Ice/CommunicatorAsync.h +1 -1
- data/ext/ice/cpp/include/Ice/CommunicatorF.h +12 -4
- data/ext/ice/cpp/include/Ice/Config.h +13 -8
- data/ext/ice/cpp/include/Ice/Connection.h +41 -16
- data/ext/ice/cpp/include/Ice/ConnectionAsync.h +1 -1
- data/ext/ice/cpp/include/Ice/ConnectionF.h +12 -4
- data/ext/ice/cpp/include/Ice/ConnectionFactoryF.h +1 -1
- data/ext/ice/cpp/include/Ice/ConnectionIF.h +1 -1
- data/ext/ice/cpp/include/Ice/Current.h +12 -4
- data/ext/ice/cpp/include/Ice/DefaultObjectFactory.h +1 -1
- data/ext/ice/cpp/include/Ice/DeprecatedStringConverter.h +1 -1
- data/ext/ice/cpp/include/Ice/DispatchInterceptor.h +1 -1
- data/ext/ice/cpp/include/Ice/Dispatcher.h +1 -1
- data/ext/ice/cpp/include/Ice/DynamicLibrary.h +1 -1
- data/ext/ice/cpp/include/Ice/DynamicLibraryF.h +1 -1
- data/ext/ice/cpp/include/Ice/Endpoint.h +16 -6
- data/ext/ice/cpp/include/Ice/EndpointF.h +12 -4
- data/ext/ice/cpp/include/Ice/EndpointTypes.h +12 -4
- data/ext/ice/cpp/include/Ice/Exception.h +3 -3
- data/ext/ice/cpp/include/Ice/FacetMap.h +12 -4
- data/ext/ice/cpp/include/Ice/FactoryTable.h +1 -1
- data/ext/ice/cpp/include/Ice/FactoryTableInit.h +1 -1
- data/ext/ice/cpp/include/Ice/Format.h +1 -1
- data/ext/ice/cpp/include/Ice/Functional.h +1 -1
- data/ext/ice/cpp/include/Ice/GCObject.h +5 -1
- data/ext/ice/cpp/include/Ice/Handle.h +1 -1
- data/ext/ice/cpp/include/Ice/Ice.h +4 -3
- data/ext/ice/cpp/include/Ice/Identity.h +13 -5
- data/ext/ice/cpp/include/Ice/ImplicitContext.h +12 -4
- data/ext/ice/cpp/include/Ice/ImplicitContextF.h +12 -4
- data/ext/ice/cpp/include/Ice/Incoming.h +1 -1
- data/ext/ice/cpp/include/Ice/IncomingAsync.h +1 -1
- data/ext/ice/cpp/include/Ice/IncomingAsyncF.h +1 -1
- data/ext/ice/cpp/include/Ice/Initialize.h +4 -2
- data/ext/ice/cpp/include/Ice/InstanceF.h +1 -1
- data/ext/ice/cpp/include/Ice/Instrumentation.h +12 -4
- data/ext/ice/cpp/include/Ice/InstrumentationF.h +12 -4
- data/ext/ice/cpp/include/Ice/LocalException.h +12 -4
- data/ext/ice/cpp/include/Ice/LocalObject.h +1 -1
- data/ext/ice/cpp/include/Ice/LocalObjectF.h +1 -1
- data/ext/ice/cpp/include/Ice/Locator.h +137 -129
- data/ext/ice/cpp/include/Ice/LocatorF.h +12 -4
- data/ext/ice/cpp/include/Ice/Logger.h +12 -4
- data/ext/ice/cpp/include/Ice/LoggerF.h +12 -4
- data/ext/ice/cpp/include/Ice/LoggerUtil.h +1 -1
- data/ext/ice/cpp/include/Ice/Metrics.h +144 -136
- data/ext/ice/cpp/include/Ice/MetricsAdminI.h +1 -1
- data/ext/ice/cpp/include/Ice/MetricsFunctional.h +1 -1
- data/ext/ice/cpp/include/Ice/MetricsObserverI.h +35 -26
- data/ext/ice/cpp/include/Ice/NativePropertiesAdmin.h +1 -1
- data/ext/ice/cpp/include/Ice/Object.h +1 -1
- data/ext/ice/cpp/include/Ice/ObjectAdapter.h +12 -4
- data/ext/ice/cpp/include/Ice/ObjectAdapterF.h +12 -4
- data/ext/ice/cpp/include/Ice/ObjectAdapterFactoryF.h +1 -1
- data/ext/ice/cpp/include/Ice/ObjectF.h +1 -1
- data/ext/ice/cpp/include/Ice/ObjectFactory.h +12 -4
- data/ext/ice/cpp/include/Ice/ObjectFactoryF.h +12 -4
- data/ext/ice/cpp/include/Ice/ObjectFactoryManagerF.h +1 -1
- data/ext/ice/cpp/include/Ice/ObserverHelper.h +1 -1
- data/ext/ice/cpp/include/Ice/Outgoing.h +67 -39
- data/ext/ice/cpp/include/Ice/OutgoingAsync.h +31 -34
- data/ext/ice/cpp/include/Ice/OutgoingAsyncF.h +4 -4
- data/ext/ice/cpp/include/Ice/Plugin.h +12 -4
- data/ext/ice/cpp/include/Ice/PluginF.h +12 -4
- data/ext/ice/cpp/include/Ice/Process.h +36 -28
- data/ext/ice/cpp/include/Ice/ProcessF.h +12 -4
- data/ext/ice/cpp/include/Ice/Properties.h +12 -4
- data/ext/ice/cpp/include/Ice/PropertiesAdmin.h +86 -78
- data/ext/ice/cpp/include/Ice/PropertiesF.h +12 -4
- data/ext/ice/cpp/include/Ice/Protocol.h +1 -1
- data/ext/ice/cpp/include/Ice/Proxy.h +6 -2
- data/ext/ice/cpp/include/Ice/ProxyF.h +1 -1
- data/ext/ice/cpp/include/Ice/ProxyFactoryF.h +1 -1
- data/ext/ice/cpp/include/Ice/ProxyHandle.h +1 -1
- data/ext/ice/cpp/include/Ice/ReferenceF.h +1 -1
- data/ext/ice/cpp/include/Ice/RemoteLogger.h +137 -129
- data/ext/ice/cpp/include/Ice/RequestHandlerF.h +1 -1
- data/ext/ice/cpp/include/Ice/ResponseHandlerF.h +1 -1
- data/ext/ice/cpp/include/Ice/Router.h +37 -29
- data/ext/ice/cpp/include/Ice/RouterF.h +12 -4
- data/ext/ice/cpp/include/Ice/ServantLocator.h +12 -4
- data/ext/ice/cpp/include/Ice/ServantLocatorF.h +12 -4
- data/ext/ice/cpp/include/Ice/ServantManagerF.h +1 -1
- data/ext/ice/cpp/include/Ice/Service.h +1 -1
- data/ext/ice/cpp/include/Ice/SliceChecksumDict.h +12 -4
- data/ext/ice/cpp/include/Ice/SliceChecksums.h +1 -1
- data/ext/ice/cpp/include/Ice/SlicedData.h +1 -6
- data/ext/ice/cpp/include/Ice/SlicedDataF.h +1 -1
- data/ext/ice/cpp/include/Ice/Stream.h +3 -5
- data/ext/ice/cpp/include/Ice/StreamF.h +1 -1
- data/ext/ice/cpp/include/Ice/StreamHelpers.h +1 -1
- data/ext/ice/cpp/include/Ice/ThreadPoolF.h +1 -1
- data/ext/ice/cpp/include/Ice/UserExceptionFactory.h +1 -1
- data/ext/ice/cpp/include/Ice/Version.h +14 -6
- data/ext/ice/cpp/include/IceSSL/Config.h +19 -1
- data/ext/ice/cpp/include/IceSSL/ConnectionInfo.h +61 -7
- data/ext/ice/cpp/include/IceSSL/EndpointInfo.h +52 -5
- data/ext/ice/cpp/include/IceSSL/IceSSL.h +2 -2
- data/ext/ice/cpp/include/IceSSL/Plugin.h +32 -26
- data/ext/ice/cpp/include/IceUtil/AbstractMutex.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Atomic.h +186 -0
- data/ext/ice/cpp/include/IceUtil/Cache.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Cond.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Config.h +31 -20
- data/ext/ice/cpp/include/IceUtil/CountDownLatch.h +1 -1
- data/ext/ice/cpp/include/IceUtil/CtrlCHandler.h +1 -1
- data/ext/ice/cpp/include/IceUtil/DisableWarnings.h +9 -2
- data/ext/ice/cpp/include/IceUtil/Exception.h +4 -3
- data/ext/ice/cpp/include/IceUtil/Functional.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Handle.h +1 -1
- data/ext/ice/cpp/include/IceUtil/IceUtil.h +2 -2
- data/ext/ice/cpp/include/IceUtil/IconvStringConverter.h +1 -1
- data/ext/ice/cpp/include/IceUtil/InputUtil.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Iterator.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Lock.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Monitor.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Mutex.h +1 -1
- data/ext/ice/cpp/include/IceUtil/MutexProtocol.h +1 -1
- data/ext/ice/cpp/include/IceUtil/MutexPtrLock.h +1 -1
- data/ext/ice/cpp/include/IceUtil/MutexPtrTryLock.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Optional.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Options.h +1 -1
- data/ext/ice/cpp/include/IceUtil/OutputUtil.h +8 -11
- data/ext/ice/cpp/include/IceUtil/PopDisableWarnings.h +1 -1
- data/ext/ice/cpp/include/IceUtil/PushDisableWarnings.h +5 -1
- data/ext/ice/cpp/include/IceUtil/Random.h +1 -1
- data/ext/ice/cpp/include/IceUtil/RecMutex.h +1 -1
- data/ext/ice/cpp/include/IceUtil/SHA1.h +8 -26
- data/ext/ice/cpp/include/IceUtil/ScannerConfig.h +5 -5
- data/ext/ice/cpp/include/IceUtil/ScopedArray.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Shared.h +3 -37
- data/ext/ice/cpp/include/IceUtil/StringUtil.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Thread.h +1 -1
- data/ext/ice/cpp/include/IceUtil/ThreadException.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Time.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Timer.h +1 -1
- data/ext/ice/cpp/include/IceUtil/UUID.h +1 -1
- data/ext/ice/cpp/include/IceUtil/UndefSysMacros.h +1 -1
- data/ext/ice/cpp/include/IceUtil/UniquePtr.h +1 -1
- data/ext/ice/cpp/include/Slice/CPlusPlusUtil.h +7 -6
- data/ext/ice/cpp/include/Slice/Checksum.h +1 -1
- data/ext/ice/cpp/include/Slice/CsUtil.h +1 -1
- data/ext/ice/cpp/include/Slice/DotNetNames.h +1 -1
- data/ext/ice/cpp/include/Slice/FileTracker.h +1 -1
- data/ext/ice/cpp/include/Slice/JavaUtil.h +3 -1
- data/ext/ice/cpp/include/Slice/ObjCUtil.h +127 -0
- data/ext/ice/cpp/include/Slice/PHPUtil.h +1 -1
- data/ext/ice/cpp/include/Slice/Parser.h +18 -12
- data/ext/ice/cpp/include/Slice/Preprocessor.h +6 -4
- data/ext/ice/cpp/include/Slice/PythonUtil.h +1 -1
- data/ext/ice/cpp/include/Slice/RubyUtil.h +1 -1
- data/ext/ice/cpp/include/Slice/Util.h +20 -2
- data/ext/ice/cpp/src/Ice/ACM.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ACM.h +1 -1
- data/ext/ice/cpp/src/Ice/Acceptor.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Acceptor.h +1 -1
- data/ext/ice/cpp/src/Ice/AcceptorF.h +1 -1
- data/ext/ice/cpp/src/Ice/AsyncResult.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Base64.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Base64.h +1 -1
- data/ext/ice/cpp/src/Ice/BasicStream.cpp +7 -5
- data/ext/ice/cpp/src/Ice/BatchRequestQueue.cpp +227 -0
- data/ext/ice/cpp/src/Ice/BatchRequestQueue.h +59 -0
- data/ext/ice/cpp/src/Ice/Buffer.cpp +3 -3
- data/ext/ice/cpp/src/Ice/BuiltinSequences.cpp +10 -4
- data/ext/ice/cpp/src/Ice/CollocatedRequestHandler.cpp +82 -282
- data/ext/ice/cpp/src/Ice/CollocatedRequestHandler.h +8 -21
- data/ext/ice/cpp/src/Ice/Communicator.cpp +11 -5
- data/ext/ice/cpp/src/Ice/CommunicatorF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/CommunicatorI.cpp +6 -6
- data/ext/ice/cpp/src/Ice/CommunicatorI.h +1 -1
- data/ext/ice/cpp/src/Ice/ConnectRequestHandler.cpp +42 -180
- data/ext/ice/cpp/src/Ice/ConnectRequestHandler.h +10 -19
- data/ext/ice/cpp/src/Ice/ConnectRequestHandlerF.h +25 -0
- data/ext/ice/cpp/src/Ice/Connection.cpp +17 -11
- data/ext/ice/cpp/src/Ice/ConnectionF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ConnectionFactory.cpp +137 -51
- data/ext/ice/cpp/src/Ice/ConnectionFactory.h +18 -8
- data/ext/ice/cpp/src/Ice/ConnectionI.cpp +105 -391
- data/ext/ice/cpp/src/Ice/ConnectionI.h +25 -23
- data/ext/ice/cpp/src/Ice/ConnectionRequestHandler.cpp +5 -29
- data/ext/ice/cpp/src/Ice/ConnectionRequestHandler.h +3 -8
- data/ext/ice/cpp/src/Ice/Connector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Connector.h +1 -1
- data/ext/ice/cpp/src/Ice/ConnectorF.h +1 -1
- data/ext/ice/cpp/src/Ice/Current.cpp +10 -4
- data/ext/ice/cpp/src/Ice/DefaultsAndOverrides.cpp +1 -1
- data/ext/ice/cpp/src/Ice/DefaultsAndOverrides.h +1 -1
- data/ext/ice/cpp/src/Ice/DefaultsAndOverridesF.h +1 -1
- data/ext/ice/cpp/src/Ice/DeprecatedStringConverter.cpp +1 -1
- data/ext/ice/cpp/src/Ice/DispatchInterceptor.cpp +1 -1
- data/ext/ice/cpp/src/Ice/DynamicLibrary.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Endpoint.cpp +17 -11
- data/ext/ice/cpp/src/Ice/EndpointF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/EndpointFactory.cpp +19 -1
- data/ext/ice/cpp/src/Ice/EndpointFactory.h +13 -1
- data/ext/ice/cpp/src/Ice/EndpointFactoryF.h +1 -1
- data/ext/ice/cpp/src/Ice/EndpointFactoryManager.cpp +1 -1
- data/ext/ice/cpp/src/Ice/EndpointFactoryManager.h +1 -1
- data/ext/ice/cpp/src/Ice/EndpointFactoryManagerF.h +1 -1
- data/ext/ice/cpp/src/Ice/EndpointI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/EndpointI.h +33 -1
- data/ext/ice/cpp/src/Ice/EndpointIF.h +1 -1
- data/ext/ice/cpp/src/Ice/EndpointTypes.cpp +10 -4
- data/ext/ice/cpp/src/Ice/EventHandler.cpp +1 -1
- data/ext/ice/cpp/src/Ice/EventHandler.h +4 -1
- data/ext/ice/cpp/src/Ice/EventHandlerF.h +1 -1
- data/ext/ice/cpp/src/Ice/Exception.cpp +20 -11
- data/ext/ice/cpp/src/Ice/FacetMap.cpp +10 -4
- data/ext/ice/cpp/src/Ice/FactoryTable.cpp +1 -1
- data/ext/ice/cpp/src/Ice/FactoryTableInit.cpp +2 -2
- data/ext/ice/cpp/src/Ice/GCObject.cpp +1 -1
- data/ext/ice/cpp/src/Ice/HashUtil.h +1 -1
- data/ext/ice/cpp/src/Ice/HttpParser.cpp +27 -15
- data/ext/ice/cpp/src/Ice/HttpParser.h +4 -6
- data/ext/ice/cpp/src/Ice/IPEndpointI.cpp +7 -1
- data/ext/ice/cpp/src/Ice/IPEndpointI.h +2 -1
- data/ext/ice/cpp/src/Ice/IPEndpointIF.h +1 -1
- data/ext/ice/cpp/src/Ice/Identity.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ImplicitContext.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ImplicitContextF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ImplicitContextI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ImplicitContextI.h +1 -1
- data/ext/ice/cpp/src/Ice/Incoming.cpp +22 -20
- data/ext/ice/cpp/src/Ice/IncomingAsync.cpp +1 -1
- data/ext/ice/cpp/src/Ice/IncomingRequest.h +1 -1
- data/ext/ice/cpp/src/Ice/Initialize.cpp +31 -5
- data/ext/ice/cpp/src/Ice/Instance.cpp +102 -59
- data/ext/ice/cpp/src/Ice/Instance.h +28 -2
- data/ext/ice/cpp/src/Ice/Instrumentation.cpp +20 -14
- data/ext/ice/cpp/src/Ice/InstrumentationF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/InstrumentationI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/InstrumentationI.h +1 -1
- data/ext/ice/cpp/src/Ice/LocalException.cpp +10 -4
- data/ext/ice/cpp/src/Ice/LocalObject.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Locator.cpp +83 -77
- data/ext/ice/cpp/src/Ice/LocatorF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/LocatorInfo.cpp +77 -69
- data/ext/ice/cpp/src/Ice/LocatorInfo.h +1 -1
- data/ext/ice/cpp/src/Ice/LocatorInfoF.h +1 -1
- data/ext/ice/cpp/src/Ice/Logger.cpp +11 -5
- data/ext/ice/cpp/src/Ice/LoggerAdminI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/LoggerAdminI.h +1 -1
- data/ext/ice/cpp/src/Ice/LoggerF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/LoggerI.cpp +10 -8
- data/ext/ice/cpp/src/Ice/LoggerI.h +1 -1
- data/ext/ice/cpp/src/Ice/LoggerUtil.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Metrics.cpp +122 -116
- data/ext/ice/cpp/src/Ice/MetricsAdminI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/MetricsObserverI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Network.cpp +63 -19
- data/ext/ice/cpp/src/Ice/Network.h +10 -3
- data/ext/ice/cpp/src/Ice/NetworkF.h +1 -1
- data/ext/ice/cpp/src/Ice/NetworkProxy.cpp +1 -1
- data/ext/ice/cpp/src/Ice/NetworkProxy.h +1 -1
- data/ext/ice/cpp/src/Ice/NetworkProxyF.h +1 -1
- data/ext/ice/cpp/src/Ice/Object.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ObjectAdapter.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ObjectAdapterF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.cpp +9 -9
- data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.h +2 -2
- data/ext/ice/cpp/src/Ice/ObjectAdapterI.cpp +3 -3
- data/ext/ice/cpp/src/Ice/ObjectAdapterI.h +5 -5
- data/ext/ice/cpp/src/Ice/ObjectFactory.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ObjectFactoryF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ObjectFactoryManager.cpp +9 -10
- data/ext/ice/cpp/src/Ice/ObjectFactoryManager.h +1 -1
- data/ext/ice/cpp/src/Ice/ObserverHelper.cpp +1 -1
- data/ext/ice/cpp/src/Ice/OpaqueEndpointI.cpp +6 -5
- data/ext/ice/cpp/src/Ice/OpaqueEndpointI.h +1 -1
- data/ext/ice/cpp/src/Ice/Outgoing.cpp +209 -254
- data/ext/ice/cpp/src/Ice/OutgoingAsync.cpp +120 -106
- data/ext/ice/cpp/src/Ice/Plugin.cpp +12 -6
- data/ext/ice/cpp/src/Ice/PluginF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/PluginManagerI.cpp +21 -2
- data/ext/ice/cpp/src/Ice/Process.cpp +25 -19
- data/ext/ice/cpp/src/Ice/ProcessF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/Properties.cpp +11 -5
- data/ext/ice/cpp/src/Ice/PropertiesAdmin.cpp +39 -33
- data/ext/ice/cpp/src/Ice/PropertiesAdminI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/PropertiesAdminI.h +1 -1
- data/ext/ice/cpp/src/Ice/PropertiesF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/PropertiesI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/PropertiesI.h +1 -1
- data/ext/ice/cpp/src/Ice/PropertyNames.cpp +12 -8
- data/ext/ice/cpp/src/Ice/PropertyNames.h +2 -2
- data/ext/ice/cpp/src/Ice/Protocol.cpp +7 -7
- data/ext/ice/cpp/src/Ice/ProtocolInstance.cpp +9 -6
- data/ext/ice/cpp/src/Ice/ProtocolInstance.h +25 -7
- data/ext/ice/cpp/src/Ice/ProtocolInstanceF.h +1 -1
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacade.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacade.h +1 -1
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacadeF.h +1 -1
- data/ext/ice/cpp/src/Ice/Proxy.cpp +32 -13
- data/ext/ice/cpp/src/Ice/ProxyFactory.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ProxyFactory.h +1 -1
- data/ext/ice/cpp/src/Ice/Reference.cpp +101 -86
- data/ext/ice/cpp/src/Ice/Reference.h +16 -9
- data/ext/ice/cpp/src/Ice/ReferenceFactory.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ReferenceFactory.h +1 -1
- data/ext/ice/cpp/src/Ice/ReferenceFactoryF.h +1 -1
- data/ext/ice/cpp/src/Ice/RegisterPlugins.cpp +28 -0
- data/ext/ice/cpp/src/Ice/RegisterPlugins.h +25 -0
- data/ext/ice/cpp/src/Ice/RemoteLogger.cpp +92 -86
- data/ext/ice/cpp/src/Ice/ReplyStatus.h +1 -1
- data/ext/ice/cpp/src/Ice/RequestHandler.cpp +1 -1
- data/ext/ice/cpp/src/Ice/RequestHandler.h +4 -8
- data/ext/ice/cpp/src/Ice/RequestHandlerFactory.cpp +24 -16
- data/ext/ice/cpp/src/Ice/RequestHandlerFactory.h +5 -4
- data/ext/ice/cpp/src/Ice/ResponseHandler.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ResponseHandler.h +3 -3
- data/ext/ice/cpp/src/Ice/RetryQueue.cpp +16 -5
- data/ext/ice/cpp/src/Ice/RetryQueue.h +3 -2
- data/ext/ice/cpp/src/Ice/RetryQueueF.h +1 -1
- data/ext/ice/cpp/src/Ice/Router.cpp +27 -21
- data/ext/ice/cpp/src/Ice/RouterF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/RouterInfo.cpp +1 -1
- data/ext/ice/cpp/src/Ice/RouterInfo.h +1 -1
- data/ext/ice/cpp/src/Ice/RouterInfoF.h +1 -1
- data/ext/ice/cpp/src/Ice/Selector.cpp +480 -1
- data/ext/ice/cpp/src/Ice/Selector.h +130 -1
- data/ext/ice/cpp/src/Ice/ServantLocator.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ServantLocatorF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ServantManager.cpp +29 -23
- data/ext/ice/cpp/src/Ice/ServantManager.h +1 -1
- data/ext/ice/cpp/src/Ice/SharedContext.h +1 -1
- data/ext/ice/cpp/src/Ice/SliceChecksumDict.cpp +10 -4
- data/ext/ice/cpp/src/Ice/SliceChecksums.cpp +1 -1
- data/ext/ice/cpp/src/Ice/SlicedData.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Stream.cpp +1 -1
- data/ext/ice/cpp/src/Ice/StreamI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/StreamI.h +1 -1
- data/ext/ice/cpp/src/Ice/StreamSocket.cpp +30 -22
- data/ext/ice/cpp/src/Ice/StreamSocket.h +7 -4
- data/ext/ice/cpp/src/Ice/StringConverterPlugin.cpp +1 -1
- data/ext/ice/cpp/src/Ice/SysLoggerI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/SysLoggerI.h +1 -1
- data/ext/ice/cpp/src/Ice/TcpAcceptor.cpp +8 -8
- data/ext/ice/cpp/src/Ice/TcpAcceptor.h +1 -1
- data/ext/ice/cpp/src/Ice/TcpConnector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/TcpConnector.h +1 -1
- data/ext/ice/cpp/src/Ice/TcpEndpointI.cpp +21 -38
- data/ext/ice/cpp/src/Ice/TcpEndpointI.h +5 -6
- data/ext/ice/cpp/src/Ice/TcpTransceiver.cpp +29 -4
- data/ext/ice/cpp/src/Ice/TcpTransceiver.h +7 -2
- data/ext/ice/cpp/src/Ice/ThreadPool.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ThreadPool.h +1 -1
- data/ext/ice/cpp/src/Ice/TraceLevels.cpp +2 -2
- data/ext/ice/cpp/src/Ice/TraceLevels.h +1 -1
- data/ext/ice/cpp/src/Ice/TraceLevelsF.h +1 -1
- data/ext/ice/cpp/src/Ice/TraceUtil.cpp +16 -7
- data/ext/ice/cpp/src/Ice/TraceUtil.h +1 -1
- data/ext/ice/cpp/src/Ice/Transceiver.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Transceiver.h +2 -1
- data/ext/ice/cpp/src/Ice/TransceiverF.h +1 -1
- data/ext/ice/cpp/src/Ice/UdpConnector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/UdpConnector.h +1 -1
- data/ext/ice/cpp/src/Ice/UdpEndpointI.cpp +13 -39
- data/ext/ice/cpp/src/Ice/UdpEndpointI.h +2 -5
- data/ext/ice/cpp/src/Ice/UdpTransceiver.cpp +46 -10
- data/ext/ice/cpp/src/Ice/UdpTransceiver.h +3 -2
- data/ext/ice/cpp/src/Ice/Version.cpp +12 -6
- data/ext/ice/cpp/src/Ice/WSAcceptor.cpp +1 -1
- data/ext/ice/cpp/src/Ice/WSAcceptor.h +1 -1
- data/ext/ice/cpp/src/Ice/WSConnector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/WSConnector.h +1 -1
- data/ext/ice/cpp/src/Ice/WSEndpoint.cpp +6 -38
- data/ext/ice/cpp/src/Ice/WSEndpoint.h +12 -1
- data/ext/ice/cpp/src/Ice/WSTransceiver.cpp +31 -35
- data/ext/ice/cpp/src/Ice/WSTransceiver.h +13 -1
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.cpp +66 -60
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.h +106 -100
- data/ext/ice/cpp/src/IceDiscovery/LocatorI.cpp +1 -1
- data/ext/ice/cpp/src/IceDiscovery/LocatorI.h +1 -1
- data/ext/ice/cpp/src/IceDiscovery/LookupI.cpp +76 -36
- data/ext/ice/cpp/src/IceDiscovery/LookupI.h +1 -1
- data/ext/ice/cpp/src/IceDiscovery/PluginI.cpp +19 -6
- data/ext/ice/cpp/src/IceDiscovery/PluginI.h +1 -1
- data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.cpp +452 -0
- data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.h +732 -0
- data/ext/ice/cpp/src/IceLocatorDiscovery/PluginI.cpp +520 -0
- data/ext/ice/cpp/src/IceLocatorDiscovery/PluginI.h +36 -0
- data/ext/ice/cpp/src/IceSSL/AcceptorI.cpp +8 -8
- data/ext/ice/cpp/src/IceSSL/AcceptorI.h +1 -1
- data/ext/ice/cpp/src/IceSSL/Certificate.cpp +49 -47
- data/ext/ice/cpp/src/IceSSL/ConnectionInfo.cpp +13 -5
- data/ext/ice/cpp/src/IceSSL/ConnectorI.cpp +1 -1
- data/ext/ice/cpp/src/IceSSL/ConnectorI.h +1 -1
- data/ext/ice/cpp/src/IceSSL/EndpointI.cpp +10 -38
- data/ext/ice/cpp/src/IceSSL/EndpointI.h +4 -3
- data/ext/ice/cpp/src/IceSSL/EndpointInfo.cpp +13 -5
- data/ext/ice/cpp/src/IceSSL/Instance.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/Instance.h +1 -1
- data/ext/ice/cpp/src/IceSSL/InstanceF.h +1 -1
- data/ext/ice/cpp/src/IceSSL/OpenSSLEngine.cpp +107 -111
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +130 -47
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h +11 -3
- data/ext/ice/cpp/src/IceSSL/PluginI.cpp +8 -14
- data/ext/ice/cpp/src/IceSSL/PluginI.h +1 -1
- data/ext/ice/cpp/src/IceSSL/RFC2253.cpp +1 -1
- data/ext/ice/cpp/src/IceSSL/RFC2253.h +1 -1
- data/ext/ice/cpp/src/IceSSL/SChannelEngine.cpp +238 -156
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp +93 -66
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h +7 -3
- data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/SSLEngine.h +32 -35
- data/ext/ice/cpp/src/IceSSL/SSLEngineF.h +1 -1
- data/ext/ice/cpp/src/IceSSL/SecureTransportEngine.cpp +244 -360
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +59 -29
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h +8 -4
- data/ext/ice/cpp/src/IceSSL/TrustManager.cpp +1 -1
- data/ext/ice/cpp/src/IceSSL/TrustManager.h +1 -1
- data/ext/ice/cpp/src/IceSSL/TrustManagerF.h +1 -1
- data/ext/ice/cpp/src/IceSSL/Util.cpp +427 -620
- data/ext/ice/cpp/src/IceSSL/Util.h +72 -15
- data/ext/ice/cpp/src/IceUtil/ArgVector.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/ArgVector.h +1 -1
- data/ext/ice/cpp/src/IceUtil/Cond.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/ConvertUTF.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/ConvertUTF.h +1 -1
- data/ext/ice/cpp/src/IceUtil/CountDownLatch.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/CtrlCHandler.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Exception.cpp +105 -96
- data/ext/ice/cpp/src/IceUtil/FileUtil.cpp +2 -1
- data/ext/ice/cpp/src/IceUtil/FileUtil.h +9 -1
- data/ext/ice/cpp/src/IceUtil/InputUtil.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/MutexProtocol.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Options.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/OutputUtil.cpp +12 -25
- data/ext/ice/cpp/src/IceUtil/Random.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/RecMutex.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/SHA1.cpp +72 -10
- data/ext/ice/cpp/src/IceUtil/Shared.cpp +3 -132
- data/ext/ice/cpp/src/IceUtil/StopWatch.h +1 -1
- data/ext/ice/cpp/src/IceUtil/StringConverter.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/StringUtil.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Thread.cpp +16 -1
- data/ext/ice/cpp/src/IceUtil/ThreadException.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Time.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Timer.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/UUID.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Unicode.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Unicode.h +1 -1
- data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp +62 -55
- data/ext/ice/cpp/src/Slice/Checksum.cpp +1 -1
- data/ext/ice/cpp/src/Slice/CsUtil.cpp +8 -29
- data/ext/ice/cpp/src/Slice/DotNetNames.cpp +1 -1
- data/ext/ice/cpp/src/Slice/FileTracker.cpp +1 -1
- data/ext/ice/cpp/src/Slice/Grammar.cpp +1 -1
- data/ext/ice/cpp/src/Slice/GrammarUtil.h +1 -1
- data/ext/ice/cpp/src/Slice/JavaUtil.cpp +145 -172
- data/ext/ice/cpp/src/Slice/MD5.cpp +1 -1
- data/ext/ice/cpp/src/Slice/MD5.h +1 -1
- data/ext/ice/cpp/src/Slice/ObjCUtil.cpp +1310 -0
- data/ext/ice/cpp/src/Slice/PHPUtil.cpp +1 -1
- data/ext/ice/cpp/src/Slice/Parser.cpp +65 -187
- data/ext/ice/cpp/src/Slice/Preprocessor.cpp +61 -9
- data/ext/ice/cpp/src/Slice/Python.cpp +36 -3
- data/ext/ice/cpp/src/Slice/PythonUtil.cpp +10 -10
- data/ext/ice/cpp/src/Slice/Ruby.cpp +34 -3
- data/ext/ice/cpp/src/Slice/RubyUtil.cpp +8 -7
- data/ext/ice/cpp/src/Slice/Scanner.cpp +1 -1
- data/ext/ice/cpp/src/Slice/Util.cpp +137 -30
- data/ext/ice/mcpp/LICENSE +29 -0
- data/ext/ice/mcpp/Makefile +60 -0
- data/ext/ice/mcpp/Makefile.mak +46 -0
- data/ext/ice/mcpp/README.md +30 -0
- data/ext/ice/mcpp/config.h +89 -0
- data/ext/ice/mcpp/configed.H +1 -146
- data/ext/ice/mcpp/directive.c +115 -410
- data/ext/ice/mcpp/eval.c +38 -377
- data/ext/ice/mcpp/expand.c +155 -852
- data/ext/ice/mcpp/internal.H +10 -44
- data/ext/ice/mcpp/main.c +6 -345
- data/ext/ice/mcpp/mbchar.c +17 -654
- data/ext/ice/mcpp/mcpp.gyp +62 -0
- data/ext/ice/mcpp/support.c +116 -943
- data/ext/ice/mcpp/system.H +0 -23
- data/ext/ice/mcpp/system.c +81 -2321
- data/ice.gemspec +3 -4
- data/lib/Glacier2.rb +1 -1
- data/lib/Glacier2/Metrics.rb +2 -2
- data/lib/Glacier2/PermissionsVerifier.rb +2 -2
- data/lib/Glacier2/PermissionsVerifierF.rb +2 -2
- data/lib/Glacier2/Router.rb +2 -2
- data/lib/Glacier2/RouterF.rb +2 -2
- data/lib/Glacier2/SSLInfo.rb +2 -2
- data/lib/Glacier2/Session.rb +2 -2
- data/lib/Ice.rb +1 -1
- data/lib/Ice/BuiltinSequences.rb +2 -2
- data/lib/Ice/Communicator.rb +2 -2
- data/lib/Ice/CommunicatorF.rb +2 -2
- data/lib/Ice/Connection.rb +26 -14
- data/lib/Ice/ConnectionF.rb +2 -2
- data/lib/Ice/Current.rb +2 -2
- data/lib/Ice/Endpoint.rb +4 -2
- data/lib/Ice/EndpointF.rb +2 -2
- data/lib/Ice/EndpointTypes.rb +2 -2
- data/lib/Ice/FacetMap.rb +2 -2
- data/lib/Ice/Identity.rb +2 -2
- data/lib/Ice/ImplicitContext.rb +2 -2
- data/lib/Ice/ImplicitContextF.rb +2 -2
- data/lib/Ice/Instrumentation.rb +2 -2
- data/lib/Ice/InstrumentationF.rb +2 -2
- data/lib/Ice/LocalException.rb +2 -2
- data/lib/Ice/Locator.rb +2 -2
- data/lib/Ice/LocatorF.rb +2 -2
- data/lib/Ice/Logger.rb +2 -2
- data/lib/Ice/LoggerF.rb +2 -2
- data/lib/Ice/Metrics.rb +2 -2
- data/lib/Ice/ObjectAdapterF.rb +2 -2
- data/lib/Ice/ObjectFactory.rb +2 -2
- data/lib/Ice/ObjectFactoryF.rb +2 -2
- data/lib/Ice/Plugin.rb +2 -2
- data/lib/Ice/PluginF.rb +2 -2
- data/lib/Ice/Process.rb +2 -2
- data/lib/Ice/ProcessF.rb +2 -2
- data/lib/Ice/Properties.rb +2 -2
- data/lib/Ice/PropertiesAdmin.rb +2 -2
- data/lib/Ice/PropertiesF.rb +2 -2
- data/lib/Ice/Router.rb +2 -2
- data/lib/Ice/RouterF.rb +2 -2
- data/lib/Ice/SliceChecksumDict.rb +2 -2
- data/lib/Ice/Version.rb +2 -2
- data/lib/IceBox.rb +1 -1
- data/lib/IceBox/IceBox.rb +2 -2
- data/lib/IceGrid.rb +1 -1
- data/lib/IceGrid/Admin.rb +2 -2
- data/lib/IceGrid/Descriptor.rb +2 -2
- data/lib/IceGrid/Exception.rb +2 -2
- data/lib/IceGrid/FileParser.rb +2 -2
- data/lib/IceGrid/Locator.rb +2 -2
- data/lib/IceGrid/Observer.rb +2 -2
- data/lib/IceGrid/Query.rb +2 -2
- data/lib/IceGrid/Registry.rb +2 -2
- data/lib/IceGrid/Session.rb +2 -2
- data/lib/IceGrid/UserAccountMapper.rb +2 -2
- data/lib/IcePatch2.rb +1 -1
- data/lib/IcePatch2/FileInfo.rb +52 -2
- data/lib/IcePatch2/FileServer.rb +33 -4
- data/lib/IceStorm.rb +1 -1
- data/lib/IceStorm/IceStorm.rb +2 -2
- data/lib/IceStorm/Metrics.rb +2 -2
- data/slice/Freeze/BackgroundSaveEvictor.ice +2 -2
- data/slice/Freeze/CatalogData.ice +2 -2
- data/slice/Freeze/Connection.ice +2 -2
- data/slice/Freeze/ConnectionF.ice +2 -2
- data/slice/Freeze/DB.ice +2 -2
- data/slice/Freeze/Evictor.ice +2 -2
- data/slice/Freeze/EvictorF.ice +2 -2
- data/slice/Freeze/EvictorStorage.ice +2 -2
- data/slice/Freeze/Exception.ice +2 -2
- data/slice/Freeze/Transaction.ice +2 -2
- data/slice/Freeze/TransactionalEvictor.ice +2 -2
- data/slice/Glacier2/Metrics.ice +7 -6
- data/slice/Glacier2/PermissionsVerifier.ice +4 -3
- data/slice/Glacier2/PermissionsVerifierF.ice +3 -2
- data/slice/Glacier2/Router.ice +4 -3
- data/slice/Glacier2/RouterF.ice +3 -2
- data/slice/Glacier2/SSLInfo.ice +3 -2
- data/slice/Glacier2/Session.ice +12 -11
- data/slice/Ice/BuiltinSequences.ice +4 -3
- data/slice/Ice/Communicator.ice +22 -25
- data/slice/Ice/CommunicatorF.ice +3 -2
- data/slice/Ice/Connection.ice +39 -11
- data/slice/Ice/ConnectionF.ice +3 -2
- data/slice/Ice/Current.ice +4 -3
- data/slice/Ice/Endpoint.ice +11 -3
- data/slice/Ice/EndpointF.ice +3 -2
- data/slice/Ice/EndpointTypes.ice +3 -2
- data/slice/Ice/FacetMap.ice +3 -2
- data/slice/Ice/Identity.ice +3 -2
- data/slice/Ice/ImplicitContext.ice +3 -2
- data/slice/Ice/ImplicitContextF.ice +3 -2
- data/slice/Ice/Instrumentation.ice +4 -2
- data/slice/Ice/InstrumentationF.ice +4 -2
- data/slice/Ice/LocalException.ice +29 -10
- data/slice/Ice/Locator.ice +5 -3
- data/slice/Ice/LocatorF.ice +3 -2
- data/slice/Ice/Logger.ice +3 -2
- data/slice/Ice/LoggerF.ice +3 -2
- data/slice/Ice/Metrics.ice +15 -14
- data/slice/Ice/ObjectAdapter.ice +5 -4
- data/slice/Ice/ObjectAdapterF.ice +3 -2
- data/slice/Ice/ObjectFactory.ice +3 -2
- data/slice/Ice/ObjectFactoryF.ice +3 -2
- data/slice/Ice/Plugin.ice +3 -2
- data/slice/Ice/PluginF.ice +3 -2
- data/slice/Ice/Process.ice +3 -2
- data/slice/Ice/ProcessF.ice +3 -2
- data/slice/Ice/Properties.ice +3 -2
- data/slice/Ice/PropertiesAdmin.ice +3 -2
- data/slice/Ice/PropertiesF.ice +3 -2
- data/slice/Ice/RemoteLogger.ice +3 -2
- data/slice/Ice/Router.ice +3 -2
- data/slice/Ice/RouterF.ice +3 -2
- data/slice/Ice/ServantLocator.ice +3 -2
- data/slice/Ice/ServantLocatorF.ice +3 -2
- data/slice/Ice/SliceChecksumDict.ice +3 -2
- data/slice/Ice/Version.ice +3 -2
- data/slice/IceBox/IceBox.ice +2 -2
- data/slice/IceDiscovery/IceDiscovery.ice +2 -2
- data/slice/IceGrid/Admin.ice +49 -48
- data/slice/IceGrid/Descriptor.ice +3 -2
- data/slice/IceGrid/Exception.ice +6 -5
- data/slice/IceGrid/FileParser.ice +4 -3
- data/slice/IceGrid/Locator.ice +4 -3
- data/slice/IceGrid/Observer.ice +28 -27
- data/slice/IceGrid/PluginFacade.ice +3 -2
- data/slice/IceGrid/Query.ice +3 -2
- data/slice/IceGrid/Registry.ice +4 -3
- data/slice/IceGrid/Session.ice +9 -8
- data/slice/IceGrid/UserAccountMapper.ice +4 -3
- data/slice/{IceGrid/Discovery.ice → IceLocatorDiscovery/IceLocatorDiscovery.ice} +12 -14
- data/slice/IcePatch2/FileInfo.ice +31 -2
- data/slice/IcePatch2/FileServer.ice +63 -5
- data/slice/IceSSL/ConnectionInfo.ice +17 -2
- data/slice/IceSSL/EndpointInfo.ice +21 -3
- data/slice/IceStorm/IceStorm.ice +3 -2
- data/slice/IceStorm/Metrics.ice +4 -3
- metadata +27 -23
- data/ext/ice/cpp/include/Ice/Makefile +0 -26
- data/ext/ice/cpp/include/IceSSL/Makefile +0 -26
- data/ext/ice/cpp/include/IceUtil/Makefile +0 -26
- data/ext/ice/cpp/include/Slice/Makefile +0 -26
- data/ext/ice/cpp/src/Ice/Application.cpp +0 -760
- data/ext/ice/cpp/src/Ice/EventLoggerMsg.h +0 -53
- data/ext/ice/cpp/src/Ice/Makefile +0 -190
- data/ext/ice/cpp/src/Ice/Service.cpp +0 -1897
- data/ext/ice/cpp/src/IceDiscovery/Makefile +0 -61
- data/ext/ice/cpp/src/IceSSL/Makefile +0 -82
- data/ext/ice/cpp/src/IceUtil/Makefile +0 -68
- data/ext/ice/cpp/src/Slice/Makefile +0 -65
- data/ext/ice/mcpp/config.h.Darwin +0 -227
- data/ext/ice/mcpp/config.h.Linux +0 -227
- data/ext/ice/mcpp/config.h.MINGW +0 -7
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -65,6 +65,19 @@ Init init;
|
|
65
65
|
}
|
66
66
|
#endif
|
67
67
|
|
68
|
+
extern "C"
|
69
|
+
{
|
70
|
+
|
71
|
+
int
|
72
|
+
IceSSL_opensslVerifyCallback(int ok, X509_STORE_CTX* ctx)
|
73
|
+
{
|
74
|
+
SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
|
75
|
+
TransceiverI* p = reinterpret_cast<TransceiverI*>(SSL_get_ex_data(ssl, 0));
|
76
|
+
return p->verifyCallback(ok, ctx);
|
77
|
+
}
|
78
|
+
|
79
|
+
}
|
80
|
+
|
68
81
|
IceInternal::NativeInfoPtr
|
69
82
|
IceSSL::TransceiverI::getNativeInfo()
|
70
83
|
{
|
@@ -102,6 +115,35 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
|
|
102
115
|
throw ex;
|
103
116
|
}
|
104
117
|
SSL_set_bio(_ssl, bio, bio);
|
118
|
+
|
119
|
+
//
|
120
|
+
// Store a pointer to ourself for use in OpenSSL callbacks.
|
121
|
+
//
|
122
|
+
SSL_set_ex_data(_ssl, 0, this);
|
123
|
+
|
124
|
+
//
|
125
|
+
// Determine whether a certificate is required from the peer.
|
126
|
+
//
|
127
|
+
{
|
128
|
+
int sslVerifyMode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
129
|
+
switch(_engine->getVerifyPeer())
|
130
|
+
{
|
131
|
+
case 0:
|
132
|
+
sslVerifyMode = SSL_VERIFY_NONE;
|
133
|
+
break;
|
134
|
+
case 1:
|
135
|
+
sslVerifyMode = SSL_VERIFY_PEER;
|
136
|
+
break;
|
137
|
+
case 2:
|
138
|
+
sslVerifyMode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
139
|
+
break;
|
140
|
+
default:
|
141
|
+
{
|
142
|
+
assert(false);
|
143
|
+
}
|
144
|
+
}
|
145
|
+
SSL_set_verify(_ssl, sslVerifyMode, IceSSL_opensslVerifyCallback);
|
146
|
+
}
|
105
147
|
}
|
106
148
|
|
107
149
|
while(!SSL_is_init_finished(_ssl))
|
@@ -125,7 +167,6 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
|
|
125
167
|
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x100000bfL
|
126
168
|
sync.release();
|
127
169
|
#endif
|
128
|
-
|
129
170
|
if(ret <= 0)
|
130
171
|
{
|
131
172
|
switch(SSL_get_error(_ssl, ret))
|
@@ -217,8 +258,7 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
|
|
217
258
|
if(_engine->securityTraceLevel() >= 1)
|
218
259
|
{
|
219
260
|
ostringstream ostr;
|
220
|
-
ostr << "IceSSL: ignoring certificate verification failure:\n"
|
221
|
-
<< X509_verify_cert_error_string(result);
|
261
|
+
ostr << "IceSSL: ignoring certificate verification failure:\n" << X509_verify_cert_error_string(result);
|
222
262
|
_instance->logger()->trace(_instance->traceCategory(), ostr.str());
|
223
263
|
}
|
224
264
|
}
|
@@ -236,7 +276,12 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
|
|
236
276
|
throw ex;
|
237
277
|
}
|
238
278
|
}
|
239
|
-
|
279
|
+
else
|
280
|
+
{
|
281
|
+
_verified = true;
|
282
|
+
}
|
283
|
+
|
284
|
+
_engine->verifyPeer(_stream->fd(), _host, NativeConnectionInfoPtr::dynamicCast(getInfo()));
|
240
285
|
|
241
286
|
if(_engine->securityTraceLevel() >= 1)
|
242
287
|
{
|
@@ -529,7 +574,18 @@ IceSSL::TransceiverI::toDetailedString() const
|
|
529
574
|
Ice::ConnectionInfoPtr
|
530
575
|
IceSSL::TransceiverI::getInfo() const
|
531
576
|
{
|
532
|
-
|
577
|
+
NativeConnectionInfoPtr info = new NativeConnectionInfo();
|
578
|
+
fillConnectionInfo(info, info->nativeCerts);
|
579
|
+
return info;
|
580
|
+
}
|
581
|
+
|
582
|
+
Ice::ConnectionInfoPtr
|
583
|
+
IceSSL::TransceiverI::getWSInfo(const Ice::HeaderDict& headers) const
|
584
|
+
{
|
585
|
+
WSSNativeConnectionInfoPtr info = new WSSNativeConnectionInfo();
|
586
|
+
fillConnectionInfo(info, info->nativeCerts);
|
587
|
+
info->headers = headers;
|
588
|
+
return info;
|
533
589
|
}
|
534
590
|
|
535
591
|
void
|
@@ -537,6 +593,57 @@ IceSSL::TransceiverI::checkSendSize(const IceInternal::Buffer&)
|
|
537
593
|
{
|
538
594
|
}
|
539
595
|
|
596
|
+
void
|
597
|
+
IceSSL::TransceiverI::setBufferSize(int rcvSize, int sndSize)
|
598
|
+
{
|
599
|
+
_stream->setBufferSize(rcvSize, sndSize);
|
600
|
+
}
|
601
|
+
|
602
|
+
int
|
603
|
+
IceSSL::TransceiverI::verifyCallback(int ok, X509_STORE_CTX* c)
|
604
|
+
{
|
605
|
+
if(!ok && _engine->securityTraceLevel() >= 1)
|
606
|
+
{
|
607
|
+
X509* cert = X509_STORE_CTX_get_current_cert(c);
|
608
|
+
int err = X509_STORE_CTX_get_error(c);
|
609
|
+
char buf[256];
|
610
|
+
|
611
|
+
Trace out(_engine->getLogger(), _engine->securityTraceCategory());
|
612
|
+
out << "certificate verification failure\n";
|
613
|
+
|
614
|
+
X509_NAME_oneline(X509_get_issuer_name(cert), buf, static_cast<int>(sizeof(buf)));
|
615
|
+
out << "issuer = " << buf << '\n';
|
616
|
+
X509_NAME_oneline(X509_get_subject_name(cert), buf, static_cast<int>(sizeof(buf)));
|
617
|
+
out << "subject = " << buf << '\n';
|
618
|
+
out << "depth = " << X509_STORE_CTX_get_error_depth(c) << '\n';
|
619
|
+
out << "error = " << X509_verify_cert_error_string(err) << '\n';
|
620
|
+
out << IceInternal::fdToString(SSL_get_fd(_ssl));
|
621
|
+
}
|
622
|
+
|
623
|
+
//
|
624
|
+
// Initialize the native certs with the verified certificate chain. SSL_get_peer_cert_chain
|
625
|
+
// doesn't return the verified chain, it returns the chain sent by the peer.
|
626
|
+
//
|
627
|
+
STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(c);
|
628
|
+
if(chain != 0)
|
629
|
+
{
|
630
|
+
_nativeCerts.clear();
|
631
|
+
for(int i = 0; i < sk_X509_num(chain); ++i)
|
632
|
+
{
|
633
|
+
_nativeCerts.push_back(new Certificate(X509_dup(sk_X509_value(chain, i))));
|
634
|
+
}
|
635
|
+
sk_X509_pop_free(chain, X509_free);
|
636
|
+
}
|
637
|
+
|
638
|
+
//
|
639
|
+
// Always return 1 to prevent SSL_connect/SSL_accept from
|
640
|
+
// returning SSL_ERROR_SSL for verification failures. This ensure
|
641
|
+
// that we can raise SecurityException for verification failures
|
642
|
+
// rather than a ProtocolException.
|
643
|
+
//
|
644
|
+
return 1;
|
645
|
+
}
|
646
|
+
|
540
647
|
IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance, const IceInternal::StreamSocketPtr& stream,
|
541
648
|
const string& hostOrAdapterName, bool incoming) :
|
542
649
|
_instance(instance),
|
@@ -545,6 +652,7 @@ IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance, const IceInterna
|
|
545
652
|
_adapterName(incoming ? hostOrAdapterName : ""),
|
546
653
|
_incoming(incoming),
|
547
654
|
_stream(stream),
|
655
|
+
_verified(false),
|
548
656
|
_ssl(0)
|
549
657
|
{
|
550
658
|
}
|
@@ -553,55 +661,30 @@ IceSSL::TransceiverI::~TransceiverI()
|
|
553
661
|
{
|
554
662
|
}
|
555
663
|
|
556
|
-
|
557
|
-
IceSSL::TransceiverI::
|
664
|
+
void
|
665
|
+
IceSSL::TransceiverI::fillConnectionInfo(const ConnectionInfoPtr& info, std::vector<CertificatePtr>& nativeCerts) const
|
558
666
|
{
|
559
|
-
|
560
|
-
IceInternal::fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress,
|
667
|
+
IceInternal::fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress,
|
561
668
|
info->remotePort);
|
562
|
-
|
669
|
+
if(_stream->fd() != INVALID_SOCKET)
|
670
|
+
{
|
671
|
+
info->rcvSize = IceInternal::getRecvBufferSize(_stream->fd());
|
672
|
+
info->sndSize = IceInternal::getSendBufferSize(_stream->fd());
|
673
|
+
}
|
674
|
+
info->adapterName = _adapterName;
|
675
|
+
info->incoming = _incoming;
|
676
|
+
info->verified = _verified;
|
677
|
+
nativeCerts = _nativeCerts;
|
678
|
+
for(vector<CertificatePtr>::const_iterator p = _nativeCerts.begin(); p != _nativeCerts.end(); ++p)
|
679
|
+
{
|
680
|
+
info->certs.push_back((*p)->encode());
|
681
|
+
}
|
563
682
|
if(_ssl != 0)
|
564
683
|
{
|
565
|
-
//
|
566
|
-
// On the client side, SSL_get_peer_cert_chain returns the entire chain of certs.
|
567
|
-
// On the server side, the peer certificate must be obtained separately.
|
568
|
-
//
|
569
|
-
// Since we have no clear idea whether the connection is server or client side,
|
570
|
-
// the peer certificate is obtained separately and compared against the first
|
571
|
-
// certificate in the chain. If they are not the same, it is added to the chain.
|
572
|
-
//
|
573
|
-
X509* cert = SSL_get_peer_certificate(_ssl);
|
574
|
-
STACK_OF(X509)* chain = SSL_get_peer_cert_chain(_ssl);
|
575
|
-
if(cert != 0 && (chain == 0 || sk_X509_num(chain) == 0 || cert != sk_X509_value(chain, 0)))
|
576
|
-
{
|
577
|
-
CertificatePtr certificate = new Certificate(cert);
|
578
|
-
info->nativeCerts.push_back(certificate);
|
579
|
-
info->certs.push_back(certificate->encode());
|
580
|
-
}
|
581
|
-
else
|
582
|
-
{
|
583
|
-
X509_free(cert);
|
584
|
-
}
|
585
|
-
|
586
|
-
if(chain != 0)
|
587
|
-
{
|
588
|
-
for(int i = 0; i < sk_X509_num(chain); ++i)
|
589
|
-
{
|
590
|
-
//
|
591
|
-
// Duplicate the certificate since the stack comes straight from the SSL connection.
|
592
|
-
//
|
593
|
-
CertificatePtr certificate = new Certificate(X509_dup(sk_X509_value(chain, i)));
|
594
|
-
info->nativeCerts.push_back(certificate);
|
595
|
-
info->certs.push_back(certificate->encode());
|
596
|
-
}
|
597
|
-
}
|
598
|
-
|
599
684
|
info->cipher = SSL_get_cipher_name(_ssl); // Nothing needs to be free'd.
|
600
685
|
}
|
601
|
-
|
602
686
|
info->adapterName = _adapterName;
|
603
687
|
info->incoming = _incoming;
|
604
|
-
return info;
|
605
688
|
}
|
606
689
|
|
607
690
|
#endif
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -11,6 +11,7 @@
|
|
11
11
|
#define ICE_SSL_TRANSCEIVER_I_H
|
12
12
|
|
13
13
|
#include <IceSSL/Config.h>
|
14
|
+
#include <IceSSL/Util.h>
|
14
15
|
#include <IceSSL/InstanceF.h>
|
15
16
|
#include <IceSSL/Plugin.h>
|
16
17
|
#include <IceSSL/SSLEngineF.h>
|
@@ -18,6 +19,7 @@
|
|
18
19
|
#include <Ice/Transceiver.h>
|
19
20
|
#include <Ice/Network.h>
|
20
21
|
#include <Ice/StreamSocket.h>
|
22
|
+
#include <Ice/WSTransceiver.h>
|
21
23
|
|
22
24
|
#ifdef ICE_USE_OPENSSL
|
23
25
|
|
@@ -30,7 +32,7 @@ namespace IceSSL
|
|
30
32
|
class ConnectorI;
|
31
33
|
class AcceptorI;
|
32
34
|
|
33
|
-
class TransceiverI : public IceInternal::Transceiver
|
35
|
+
class TransceiverI : public IceInternal::Transceiver, public IceInternal::WSTransceiverDelegate
|
34
36
|
{
|
35
37
|
public:
|
36
38
|
|
@@ -45,14 +47,18 @@ public:
|
|
45
47
|
virtual std::string toString() const;
|
46
48
|
virtual std::string toDetailedString() const;
|
47
49
|
virtual Ice::ConnectionInfoPtr getInfo() const;
|
50
|
+
virtual Ice::ConnectionInfoPtr getWSInfo(const Ice::HeaderDict&) const;
|
48
51
|
virtual void checkSendSize(const IceInternal::Buffer&);
|
52
|
+
virtual void setBufferSize(int rcvSize, int sndSize);
|
53
|
+
|
54
|
+
int verifyCallback(int , X509_STORE_CTX*);
|
49
55
|
|
50
56
|
private:
|
51
57
|
|
52
58
|
TransceiverI(const InstancePtr&, const IceInternal::StreamSocketPtr&, const std::string&, bool);
|
53
59
|
virtual ~TransceiverI();
|
54
60
|
|
55
|
-
|
61
|
+
void fillConnectionInfo(const ConnectionInfoPtr&, std::vector<CertificatePtr>&) const;
|
56
62
|
|
57
63
|
friend class ConnectorI;
|
58
64
|
friend class AcceptorI;
|
@@ -63,6 +69,8 @@ private:
|
|
63
69
|
const std::string _adapterName;
|
64
70
|
const bool _incoming;
|
65
71
|
const IceInternal::StreamSocketPtr _stream;
|
72
|
+
bool _verified;
|
73
|
+
std::vector<CertificatePtr> _nativeCerts;
|
66
74
|
|
67
75
|
SSL* _ssl;
|
68
76
|
};
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -12,7 +12,6 @@
|
|
12
12
|
#include <IceSSL/SSLEngine.h>
|
13
13
|
#include <IceSSL/EndpointI.h>
|
14
14
|
|
15
|
-
#include <Ice/WSEndpoint.h>
|
16
15
|
#include <Ice/ProtocolPluginFacade.h>
|
17
16
|
#include <Ice/ProtocolInstance.h>
|
18
17
|
#include <Ice/LocalException.h>
|
@@ -27,7 +26,7 @@ using namespace IceSSL;
|
|
27
26
|
extern "C"
|
28
27
|
{
|
29
28
|
|
30
|
-
|
29
|
+
ICE_SSL_API Ice::Plugin*
|
31
30
|
createIceSSL(const CommunicatorPtr& communicator, const string& /*name*/, const StringSeq& /*args*/)
|
32
31
|
{
|
33
32
|
return new PluginI(communicator);
|
@@ -38,28 +37,23 @@ createIceSSL(const CommunicatorPtr& communicator, const string& /*name*/, const
|
|
38
37
|
//
|
39
38
|
// Plugin implementation.
|
40
39
|
//
|
41
|
-
IceSSL::PluginI::PluginI(const Ice::CommunicatorPtr&
|
40
|
+
IceSSL::PluginI::PluginI(const Ice::CommunicatorPtr& com)
|
42
41
|
{
|
43
42
|
#if defined(ICE_USE_SECURE_TRANSPORT)
|
44
|
-
_engine = new SecureTransportEngine(
|
43
|
+
_engine = new SecureTransportEngine(com);
|
45
44
|
#elif defined(ICE_USE_SCHANNEL)
|
46
|
-
_engine = new SChannelEngine(
|
45
|
+
_engine = new SChannelEngine(com);
|
47
46
|
#else
|
48
|
-
_engine = new OpenSSLEngine(
|
47
|
+
_engine = new OpenSSLEngine(com);
|
49
48
|
#endif
|
50
|
-
|
51
|
-
IceInternal::ProtocolPluginFacadePtr facade = IceInternal::getProtocolPluginFacade(communicator);
|
52
|
-
|
49
|
+
|
53
50
|
//
|
54
51
|
// Register the endpoint factory. We have to do this now, rather
|
55
52
|
// than in initialize, because the communicator may need to
|
56
53
|
// interpret proxies before the plug-in is fully initialized.
|
57
54
|
//
|
58
55
|
IceInternal::EndpointFactoryPtr sslFactory = new EndpointFactoryI(new Instance(_engine, EndpointType, "ssl"));
|
59
|
-
|
60
|
-
|
61
|
-
IceInternal::ProtocolInstancePtr wss = new IceInternal::ProtocolInstance(communicator, WSSEndpointType, "wss");
|
62
|
-
facade->addEndpointFactory(new IceInternal::WSEndpointFactory(wss, sslFactory->clone(wss)));
|
56
|
+
IceInternal::getProtocolPluginFacade(com)->addEndpointFactory(sslFactory);
|
63
57
|
}
|
64
58
|
|
65
59
|
void
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -31,7 +31,7 @@ Shared* IceSSL::upCast(IceSSL::SChannelEngine* p) { return p; }
|
|
31
31
|
namespace
|
32
32
|
{
|
33
33
|
|
34
|
-
#
|
34
|
+
#if defined(__MINGW32__) || (defined(_MSC_VER) && (_MSC_VER <= 1500))
|
35
35
|
//
|
36
36
|
// CERT_CHAIN_ENGINE_CONFIG struct in mingw headers doesn't include
|
37
37
|
// new members added in Windows 7, we add our ouwn definition and
|
@@ -53,36 +53,63 @@ struct CertChainEngineConfig
|
|
53
53
|
HCERTSTORE hExclusiveRoot;
|
54
54
|
HCERTSTORE hExclusiveTrustedPeople;
|
55
55
|
};
|
56
|
-
|
56
|
+
|
57
|
+
#endif
|
57
58
|
|
58
59
|
void
|
59
|
-
|
60
|
+
addCertificatesToStore(const string& file, HCERTSTORE store, PCCERT_CONTEXT* cert = 0)
|
60
61
|
{
|
61
62
|
vector<char> buffer;
|
62
63
|
readFile(file, buffer);
|
63
|
-
|
64
|
-
outBuffer.resize(buffer.size());
|
65
|
-
DWORD outLength = static_cast<DWORD>(outBuffer.size());
|
66
|
-
|
67
|
-
if(!CryptStringToBinary(&buffer[0], static_cast<DWORD>(buffer.size()), CRYPT_STRING_BASE64HEADER,
|
68
|
-
&outBuffer[0], &outLength, 0, 0))
|
64
|
+
if(buffer.empty())
|
69
65
|
{
|
70
|
-
|
71
|
-
// Base64 data should always be bigger than binary
|
72
|
-
//
|
73
|
-
assert(GetLastError() != ERROR_MORE_DATA);
|
74
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
75
|
-
"IceSSL: error decoding certificate:\n" + lastErrorToString());
|
66
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: certificate file is empty:\n" + file);
|
76
67
|
}
|
77
68
|
|
78
|
-
|
79
|
-
|
69
|
+
string strbuf(buffer.begin(), buffer.end());
|
70
|
+
string::size_type size, startpos, endpos = 0;
|
71
|
+
bool first = true;
|
72
|
+
while(true)
|
80
73
|
{
|
81
|
-
|
74
|
+
startpos = strbuf.find("-----BEGIN CERTIFICATE-----", endpos);
|
75
|
+
if(startpos != string::npos)
|
76
|
+
{
|
77
|
+
endpos = strbuf.find("-----END CERTIFICATE-----", startpos);
|
78
|
+
size = endpos - startpos + sizeof("-----END CERTIFICATE-----");
|
79
|
+
}
|
80
|
+
else if(first)
|
82
81
|
{
|
82
|
+
startpos = 0;
|
83
|
+
endpos = string::npos;
|
84
|
+
size = strbuf.size();
|
85
|
+
}
|
86
|
+
else
|
87
|
+
{
|
88
|
+
break;
|
89
|
+
}
|
90
|
+
|
91
|
+
vector<BYTE> outBuffer;
|
92
|
+
outBuffer.resize(size);
|
93
|
+
DWORD outLength = static_cast<DWORD>(outBuffer.size());
|
94
|
+
if(!CryptStringToBinary(&buffer[startpos], static_cast<DWORD>(size), CRYPT_STRING_ANY, &outBuffer[0],
|
95
|
+
&outLength, 0, 0))
|
96
|
+
{
|
97
|
+
assert(GetLastError() != ERROR_MORE_DATA); // Base64 data should always be bigger than binary
|
83
98
|
throw PluginInitializationException(__FILE__, __LINE__,
|
84
|
-
|
99
|
+
"IceSSL: error decoding certificate:\n" + lastErrorToString());
|
85
100
|
}
|
101
|
+
|
102
|
+
if(!CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &outBuffer[0],
|
103
|
+
outLength, CERT_STORE_ADD_NEW, first ? cert : 0))
|
104
|
+
{
|
105
|
+
if(GetLastError() != static_cast<DWORD>(CRYPT_E_EXISTS))
|
106
|
+
{
|
107
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
108
|
+
"IceSSL: error decoding certificate:\n" + lastErrorToString());
|
109
|
+
}
|
110
|
+
}
|
111
|
+
|
112
|
+
first = false;
|
86
113
|
}
|
87
114
|
}
|
88
115
|
|
@@ -189,16 +216,16 @@ SChannelEngine::initialize()
|
|
189
216
|
defaultProtocols.push_back("tls1_0");
|
190
217
|
defaultProtocols.push_back("tls1_1");
|
191
218
|
defaultProtocols.push_back("tls1_2");
|
192
|
-
const_cast<DWORD&>(_protocols) =
|
193
|
-
|
219
|
+
const_cast<DWORD&>(_protocols) =
|
220
|
+
parseProtocols(properties->getPropertyAsListWithDefault(prefix + "Protocols", defaultProtocols));
|
194
221
|
|
195
222
|
//
|
196
223
|
// Check for a default directory. We look in this directory for
|
197
224
|
// files mentioned in the configuration.
|
198
225
|
//
|
199
|
-
string defaultDir = properties->getProperty(prefix + "DefaultDir");
|
226
|
+
const string defaultDir = properties->getProperty(prefix + "DefaultDir");
|
200
227
|
|
201
|
-
int passwordRetryMax = properties->getPropertyAsIntWithDefault(prefix + "PasswordRetryMax", 3);
|
228
|
+
const int passwordRetryMax = properties->getPropertyAsIntWithDefault(prefix + "PasswordRetryMax", 3);
|
202
229
|
PasswordPromptPtr passwordPrompt = getPasswordPrompt();
|
203
230
|
setPassword(properties->getProperty(prefix + "Password"));
|
204
231
|
|
@@ -229,38 +256,50 @@ SChannelEngine::initialize()
|
|
229
256
|
getLogger()->trace(securityTraceCategory(), os.str());
|
230
257
|
}
|
231
258
|
|
232
|
-
string
|
233
|
-
if(
|
259
|
+
string certStoreLocation = properties->getPropertyWithDefault(prefix + "CertStoreLocation", "CurrentUser");
|
260
|
+
if(certStoreLocation != "CurrentUser" && certStoreLocation != "LocalMachine")
|
234
261
|
{
|
235
|
-
getLogger()->warning("
|
236
|
-
|
262
|
+
getLogger()->warning("invalid IceSSL.CertStoreLocation value `" + certStoreLocation +
|
263
|
+
"' adjusted to `CurrentUser'");
|
264
|
+
certStoreLocation = "CurrentUser";
|
237
265
|
}
|
238
266
|
|
239
267
|
//
|
240
268
|
// Create trusted CA store with contents of CertAuthFile
|
241
269
|
//
|
242
|
-
string caFile = properties->getProperty(prefix + "
|
243
|
-
if(
|
270
|
+
string caFile = properties->getProperty(prefix + "CAs");
|
271
|
+
if(caFile.empty())
|
272
|
+
{
|
273
|
+
caFile = properties->getProperty(prefix + "CertAuthFile");
|
274
|
+
}
|
275
|
+
if(!caFile.empty() || properties->getPropertyAsInt("IceSSL.UsePlatformCAs") <= 0)
|
244
276
|
{
|
245
277
|
_rootStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0);
|
246
278
|
if(!_rootStore)
|
247
279
|
{
|
248
280
|
throw PluginInitializationException(__FILE__, __LINE__,
|
249
|
-
|
281
|
+
"IceSSL: error creating in memory certificate store:\n" +
|
282
|
+
lastErrorToString());
|
250
283
|
}
|
251
|
-
|
252
|
-
|
284
|
+
}
|
285
|
+
if(!caFile.empty())
|
286
|
+
{
|
287
|
+
string resolved;
|
288
|
+
if(!checkPath(caFile, defaultDir, false, resolved))
|
253
289
|
{
|
254
290
|
throw PluginInitializationException(__FILE__, __LINE__,
|
255
291
|
"IceSSL: CA certificate file not found:\n" + caFile);
|
256
292
|
}
|
257
293
|
|
258
|
-
|
294
|
+
addCertificatesToStore(resolved, _rootStore);
|
295
|
+
}
|
259
296
|
|
297
|
+
if(_rootStore)
|
298
|
+
{
|
260
299
|
//
|
261
300
|
// Create a chain engine that uses our Trusted Root Store
|
262
301
|
//
|
263
|
-
#
|
302
|
+
#if defined(__MINGW32__) || (defined(_MSC_VER) && (_MSC_VER <= 1500))
|
264
303
|
CertChainEngineConfig config;
|
265
304
|
memset(&config, 0, sizeof(CertChainEngineConfig));
|
266
305
|
config.cbSize = sizeof(CertChainEngineConfig);
|
@@ -275,40 +314,30 @@ SChannelEngine::initialize()
|
|
275
314
|
// Build the chain using the LocalMachine registry location as opposed
|
276
315
|
// to the CurrentUser location.
|
277
316
|
//
|
278
|
-
if(
|
317
|
+
if(certStoreLocation == "LocalMachine")
|
279
318
|
{
|
280
319
|
config.dwFlags = CERT_CHAIN_USE_LOCAL_MACHINE_STORE;
|
281
320
|
}
|
282
321
|
|
283
|
-
#
|
322
|
+
#if defined(__MINGW32__) || (defined(_MSC_VER) && (_MSC_VER <= 1500))
|
284
323
|
if(!CertCreateCertificateChainEngine(reinterpret_cast<CERT_CHAIN_ENGINE_CONFIG*>(&config), &_chainEngine))
|
285
324
|
#else
|
286
325
|
if(!CertCreateCertificateChainEngine(&config, &_chainEngine))
|
287
326
|
#endif
|
288
327
|
{
|
289
328
|
throw PluginInitializationException(__FILE__, __LINE__,
|
290
|
-
|
329
|
+
"IceSSL: error creating certificate chain engine:\n" +
|
330
|
+
lastErrorToString());
|
291
331
|
}
|
292
332
|
}
|
293
333
|
else
|
294
334
|
{
|
295
|
-
_chainEngine = (
|
296
|
-
}
|
297
|
-
|
298
|
-
//
|
299
|
-
// Import the application certificate and private keys.
|
300
|
-
//
|
301
|
-
string keySet = properties->getPropertyWithDefault(prefix + "KeySet", "DefaultKeySet");
|
302
|
-
if(keySet != "DefaultKeySet" && keySet != "UserKeySet" && keySet != "MachineKeySet")
|
303
|
-
{
|
304
|
-
getLogger()->warning("Invalid IceSSL.KeySet value `" + keySet + "' adjusted to `DefaultKeySet'");
|
305
|
-
keySet = "DefaultKeySet";
|
335
|
+
_chainEngine = (certStoreLocation == "LocalMachine") ? HCCE_LOCAL_MACHINE : HCCE_CURRENT_USER;
|
306
336
|
}
|
307
337
|
|
308
|
-
DWORD importFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET : CRYPT_USER_KEYSET;
|
309
|
-
|
310
338
|
string certFile = properties->getProperty(prefix + "CertFile");
|
311
|
-
string keyFile = properties->
|
339
|
+
string keyFile = properties->getProperty(prefix + "KeyFile");
|
340
|
+
string findCert = properties->getProperty("IceSSL.FindCert");
|
312
341
|
|
313
342
|
if(!certFile.empty())
|
314
343
|
{
|
@@ -320,29 +349,39 @@ SChannelEngine::initialize()
|
|
320
349
|
}
|
321
350
|
|
322
351
|
vector<string> keyFiles;
|
323
|
-
if(!
|
352
|
+
if(!keyFile.empty())
|
324
353
|
{
|
325
|
-
|
326
|
-
|
327
|
-
|
354
|
+
if(!splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2)
|
355
|
+
{
|
356
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
357
|
+
"IceSSL: invalid value for " + prefix + "KeyFile:\n" + keyFile);
|
358
|
+
}
|
328
359
|
|
329
|
-
|
330
|
-
|
331
|
-
|
332
|
-
|
360
|
+
if(certFiles.size() != keyFiles.size())
|
361
|
+
{
|
362
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
363
|
+
"IceSSL: " + prefix + "KeyFile does not agree with " + prefix + "CertFile");
|
364
|
+
}
|
333
365
|
}
|
334
366
|
|
335
367
|
for(size_t i = 0; i < certFiles.size(); ++i)
|
336
368
|
{
|
337
369
|
string certFile = certFiles[i];
|
338
|
-
|
370
|
+
string resolved;
|
371
|
+
if(!checkPath(certFile, defaultDir, false, resolved))
|
339
372
|
{
|
340
373
|
throw PluginInitializationException(__FILE__, __LINE__,
|
341
374
|
"IceSSL: certificate file not found:\n" + certFile);
|
342
375
|
}
|
376
|
+
certFile = resolved;
|
343
377
|
|
344
378
|
vector<char> buffer;
|
345
379
|
readFile(certFile, buffer);
|
380
|
+
if(buffer.empty())
|
381
|
+
{
|
382
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
383
|
+
"IceSSL: certificate file is empty:\n" + certFile);
|
384
|
+
}
|
346
385
|
|
347
386
|
CRYPT_DATA_BLOB pfxBlob;
|
348
387
|
pfxBlob.cbData = static_cast<DWORD>(buffer.size());
|
@@ -352,6 +391,7 @@ SChannelEngine::initialize()
|
|
352
391
|
PCCERT_CONTEXT cert = 0;
|
353
392
|
int err = 0;
|
354
393
|
int count = 0;
|
394
|
+
DWORD importFlags = (certStoreLocation == "LocalMachine") ? CRYPT_MACHINE_KEYSET : CRYPT_USER_KEYSET;
|
355
395
|
do
|
356
396
|
{
|
357
397
|
string s = password(false);
|
@@ -362,19 +402,48 @@ SChannelEngine::initialize()
|
|
362
402
|
|
363
403
|
if(store)
|
364
404
|
{
|
365
|
-
|
366
|
-
|
405
|
+
//
|
406
|
+
// Try to find a certificate chain.
|
407
|
+
//
|
408
|
+
CERT_CHAIN_FIND_BY_ISSUER_PARA para;
|
409
|
+
memset(¶, 0, sizeof(CERT_CHAIN_FIND_BY_ISSUER_PARA));
|
410
|
+
para.cbSize = sizeof(CERT_CHAIN_FIND_BY_ISSUER_PARA);
|
411
|
+
|
412
|
+
DWORD ff = CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG; // Don't fetch anything from the Internet
|
413
|
+
PCCERT_CHAIN_CONTEXT chain = 0;
|
414
|
+
while(!cert)
|
415
|
+
{
|
416
|
+
chain = CertFindChainInStore(store, X509_ASN_ENCODING, ff, CERT_CHAIN_FIND_BY_ISSUER, ¶, chain);
|
417
|
+
if(!chain)
|
418
|
+
{
|
419
|
+
break; // No more chains found in the store.
|
420
|
+
}
|
421
|
+
|
422
|
+
if(chain->cChain > 0 && chain->rgpChain[0]->cElement > 0)
|
423
|
+
{
|
424
|
+
cert = CertDuplicateCertificateContext(chain->rgpChain[0]->rgpElement[0]->pCertContext);
|
425
|
+
}
|
426
|
+
CertFreeCertificateChain(chain);
|
427
|
+
}
|
428
|
+
|
429
|
+
//
|
430
|
+
// Check if we can find a certificate if we couldn't find a chain.
|
431
|
+
//
|
432
|
+
if(!cert)
|
433
|
+
{
|
434
|
+
cert = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0, CERT_FIND_ANY, 0, cert);
|
435
|
+
}
|
367
436
|
if(!cert)
|
368
437
|
{
|
369
438
|
throw PluginInitializationException(__FILE__, __LINE__,
|
370
|
-
|
439
|
+
"IceSSL: certificate error:\n" + lastErrorToString());
|
371
440
|
}
|
372
|
-
|
441
|
+
_allCerts.push_back(cert);
|
442
|
+
_stores.push_back(store);
|
373
443
|
continue;
|
374
444
|
}
|
375
445
|
|
376
446
|
assert(err);
|
377
|
-
|
378
447
|
if(err != CRYPT_E_BAD_ENCODE)
|
379
448
|
{
|
380
449
|
throw PluginInitializationException(__FILE__, __LINE__,
|
@@ -384,14 +453,24 @@ SChannelEngine::initialize()
|
|
384
453
|
//
|
385
454
|
// Try to load certificate & key as PEM files.
|
386
455
|
//
|
456
|
+
if(keyFiles.empty())
|
457
|
+
{
|
458
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no key file specified");
|
459
|
+
}
|
460
|
+
|
387
461
|
err = 0;
|
388
462
|
keyFile = keyFiles[i];
|
389
|
-
if(!checkPath(keyFile, defaultDir, false))
|
463
|
+
if(!checkPath(keyFile, defaultDir, false, resolved))
|
390
464
|
{
|
391
465
|
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile);
|
392
466
|
}
|
467
|
+
keyFile = resolved;
|
393
468
|
|
394
469
|
readFile(keyFile, buffer);
|
470
|
+
if(buffer.empty())
|
471
|
+
{
|
472
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file is empty:\n" + keyFile);
|
473
|
+
}
|
395
474
|
|
396
475
|
vector<BYTE> outBuffer;
|
397
476
|
outBuffer.resize(buffer.size());
|
@@ -403,31 +482,56 @@ SChannelEngine::initialize()
|
|
403
482
|
if(!CryptStringToBinary(&buffer[0], static_cast<DWORD>(buffer.size()), CRYPT_STRING_BASE64HEADER,
|
404
483
|
&outBuffer[0], &outLength, 0, 0))
|
405
484
|
{
|
406
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
407
|
-
|
485
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key `" + keyFile +
|
486
|
+
"':\n" + lastErrorToString());
|
408
487
|
}
|
409
488
|
|
410
489
|
PCRYPT_PRIVATE_KEY_INFO keyInfo = 0;
|
411
490
|
BYTE* key = 0;
|
412
491
|
HCRYPTKEY hKey = 0;
|
413
|
-
|
414
492
|
try
|
415
493
|
{
|
494
|
+
//
|
495
|
+
// First try to decode as a PKCS#8 key, if that fails try PKCS#1.
|
496
|
+
//
|
416
497
|
DWORD decodedLength = 0;
|
417
|
-
if(
|
418
|
-
|
498
|
+
if(CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_PRIVATE_KEY_INFO, &outBuffer[0], outLength,
|
499
|
+
CRYPT_DECODE_ALLOC_FLAG, 0, &keyInfo, &decodedLength))
|
419
500
|
{
|
420
|
-
|
421
|
-
|
501
|
+
//
|
502
|
+
// Check that we are using a RSA Key
|
503
|
+
//
|
504
|
+
if(strcmp(keyInfo->Algorithm.pszObjId, szOID_RSA_RSA))
|
505
|
+
{
|
506
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
507
|
+
string("IceSSL: error unknow key algorithm: `") +
|
508
|
+
keyInfo->Algorithm.pszObjId + "'");
|
509
|
+
}
|
510
|
+
|
511
|
+
//
|
512
|
+
// Decode the private key BLOB
|
513
|
+
//
|
514
|
+
if(!CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY,
|
515
|
+
keyInfo->PrivateKey.pbData, keyInfo->PrivateKey.cbData,
|
516
|
+
CRYPT_DECODE_ALLOC_FLAG, 0, &key, &outLength))
|
517
|
+
{
|
518
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key `" +
|
519
|
+
keyFile + "':\n" + lastErrorToString());
|
520
|
+
}
|
521
|
+
LocalFree(keyInfo);
|
522
|
+
keyInfo = 0;
|
422
523
|
}
|
423
|
-
|
424
|
-
//
|
425
|
-
// Check that we are using a RSA Key
|
426
|
-
//
|
427
|
-
if(strcmp(keyInfo->Algorithm.pszObjId, szOID_RSA_RSA))
|
524
|
+
else
|
428
525
|
{
|
429
|
-
|
430
|
-
|
526
|
+
//
|
527
|
+
// Decode the private key BLOB
|
528
|
+
//
|
529
|
+
if(!CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY,
|
530
|
+
&outBuffer[0], outLength, CRYPT_DECODE_ALLOC_FLAG, 0, &key, &outLength))
|
531
|
+
{
|
532
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key `" +
|
533
|
+
keyFile + "':\n" + lastErrorToString());
|
534
|
+
}
|
431
535
|
}
|
432
536
|
|
433
537
|
//
|
@@ -436,35 +540,26 @@ SChannelEngine::initialize()
|
|
436
540
|
const wstring keySetName = stringToWstring(generateUUID());
|
437
541
|
HCRYPTPROV cryptProv = 0;
|
438
542
|
|
439
|
-
DWORD contextFlags =
|
440
|
-
|
441
|
-
|
442
|
-
if(!CryptAcquireContextW(&cryptProv, keySetName.c_str(), MS_DEF_PROV_W, PROV_RSA_FULL, contextFlags))
|
543
|
+
DWORD contextFlags = CRYPT_NEWKEYSET;
|
544
|
+
if(certStoreLocation == "LocalMachine")
|
443
545
|
{
|
444
|
-
|
445
|
-
|
446
|
-
}
|
546
|
+
contextFlags |= CRYPT_MACHINE_KEYSET;
|
547
|
+
} ;
|
447
548
|
|
448
|
-
|
449
|
-
|
450
|
-
//
|
451
|
-
if(!CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY,
|
452
|
-
keyInfo->PrivateKey.pbData, keyInfo->PrivateKey.cbData,
|
453
|
-
CRYPT_DECODE_ALLOC_FLAG, 0, &key, &outLength))
|
549
|
+
if(!CryptAcquireContextW(&cryptProv, keySetName.c_str(), MS_ENHANCED_PROV_W, PROV_RSA_FULL,
|
550
|
+
contextFlags))
|
454
551
|
{
|
455
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
456
|
-
|
552
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error acquiring cryptographic "
|
553
|
+
"context:\n" + lastErrorToString());
|
457
554
|
}
|
458
|
-
LocalFree(keyInfo);
|
459
|
-
keyInfo = 0;
|
460
555
|
|
461
556
|
//
|
462
557
|
// Import the private key
|
463
558
|
//
|
464
559
|
if(!CryptImportKey(cryptProv, key, outLength, 0, 0, &hKey))
|
465
560
|
{
|
466
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
467
|
-
|
561
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error importing key `" + keyFile +
|
562
|
+
"':\n" + lastErrorToString());
|
468
563
|
}
|
469
564
|
LocalFree(key);
|
470
565
|
key = 0;
|
@@ -478,11 +573,11 @@ SChannelEngine::initialize()
|
|
478
573
|
store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0);
|
479
574
|
if(!store)
|
480
575
|
{
|
481
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
482
|
-
|
576
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error creating certificate "
|
577
|
+
"store:\n" + lastErrorToString());
|
483
578
|
}
|
484
579
|
|
485
|
-
|
580
|
+
addCertificatesToStore(certFile, store, &cert);
|
486
581
|
|
487
582
|
//
|
488
583
|
// Associate key & certificate
|
@@ -493,14 +588,14 @@ SChannelEngine::initialize()
|
|
493
588
|
keyProvInfo.pwszProvName = const_cast<wchar_t*>(MS_DEF_PROV_W);
|
494
589
|
keyProvInfo.dwProvType = PROV_RSA_FULL;
|
495
590
|
keyProvInfo.dwKeySpec = AT_KEYEXCHANGE;
|
496
|
-
|
497
591
|
if(!CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo))
|
498
592
|
{
|
499
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
500
|
-
|
593
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error seting certificate "
|
594
|
+
"property:\n" + lastErrorToString());
|
501
595
|
}
|
502
596
|
|
503
|
-
|
597
|
+
_importedCerts.push_back(cert);
|
598
|
+
_allCerts.push_back(cert);
|
504
599
|
_stores.push_back(store);
|
505
600
|
}
|
506
601
|
catch(...)
|
@@ -532,31 +627,16 @@ SChannelEngine::initialize()
|
|
532
627
|
throw;
|
533
628
|
}
|
534
629
|
}
|
535
|
-
|
536
|
-
_allCerts.insert(_allCerts.end(), _certs.begin(), _certs.end());
|
537
630
|
}
|
538
|
-
|
539
|
-
const string findPrefix = prefix + "FindCert.";
|
540
|
-
map<string, string> certProps = properties->getPropertiesForPrefix(findPrefix);
|
541
|
-
if(!certProps.empty())
|
631
|
+
else if(!findCert.empty())
|
542
632
|
{
|
543
|
-
|
544
|
-
|
545
|
-
|
546
|
-
const string val = i->second;
|
547
|
-
|
548
|
-
if(!val.empty())
|
549
|
-
{
|
550
|
-
string storeSpec = name.substr(findPrefix.size());
|
551
|
-
vector<PCCERT_CONTEXT> certs = findCertificates(name, storeSpec, val, _stores);
|
552
|
-
_allCerts.insert(_allCerts.end(), certs.begin(), certs.end());
|
553
|
-
}
|
554
|
-
}
|
555
|
-
|
556
|
-
if(_allCerts.empty())
|
633
|
+
string certStore = properties->getPropertyWithDefault(prefix + "CertStore", "My");
|
634
|
+
vector<PCCERT_CONTEXT> certs = findCertificates(certStoreLocation, certStore, findCert, _stores);
|
635
|
+
if(certs.empty())
|
557
636
|
{
|
558
637
|
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no certificates found");
|
559
638
|
}
|
639
|
+
_allCerts.insert(_allCerts.end(), certs.begin(), certs.end());
|
560
640
|
}
|
561
641
|
_initialized = true;
|
562
642
|
}
|
@@ -627,10 +707,15 @@ SChannelEngine::newCredentialsHandle(bool incoming)
|
|
627
707
|
// the root certificate either way.
|
628
708
|
//
|
629
709
|
cred.dwFlags = SCH_CRED_NO_SYSTEM_MAPPER;
|
630
|
-
|
631
|
-
|
632
|
-
|
633
|
-
|
710
|
+
|
711
|
+
//
|
712
|
+
// There's no way to prevent SChannel from sending "CA names" to the
|
713
|
+
// client. Recent Windows versions don't CA names but older ones do
|
714
|
+
// send all the trusted root CA names. We provide the root store to
|
715
|
+
// ensure that for these older Windows versions, we also include the
|
716
|
+
// CA names of our trusted roots.
|
717
|
+
//
|
718
|
+
cred.hRootStore = _rootStore;
|
634
719
|
}
|
635
720
|
else
|
636
721
|
{
|
@@ -646,9 +731,9 @@ SChannelEngine::newCredentialsHandle(bool incoming)
|
|
646
731
|
CredHandle credHandle;
|
647
732
|
memset(&credHandle, 0, sizeof(credHandle));
|
648
733
|
|
649
|
-
SECURITY_STATUS err =
|
650
|
-
|
651
|
-
|
734
|
+
SECURITY_STATUS err = AcquireCredentialsHandle(0, const_cast<char*>(UNISP_NAME),
|
735
|
+
(incoming ? SECPKG_CRED_INBOUND : SECPKG_CRED_OUTBOUND),
|
736
|
+
0, &cred, 0, 0, &credHandle, 0);
|
652
737
|
|
653
738
|
if(err != SEC_E_OK)
|
654
739
|
{
|
@@ -692,33 +777,30 @@ SChannelEngine::destroy()
|
|
692
777
|
CertCloseStore(_rootStore, 0);
|
693
778
|
}
|
694
779
|
|
695
|
-
for(vector<PCCERT_CONTEXT>::const_iterator i =
|
780
|
+
for(vector<PCCERT_CONTEXT>::const_iterator i = _importedCerts.begin(); i != _importedCerts.end(); ++i)
|
696
781
|
{
|
697
|
-
PCCERT_CONTEXT cert = *i;
|
698
|
-
|
699
782
|
//
|
700
|
-
//
|
783
|
+
// Retrieve the certificate CERT_KEY_PROV_INFO_PROP_ID property, we use the CRYPT_KEY_PROV_INFO
|
784
|
+
// data to remove the key set associated with the certificate.
|
701
785
|
//
|
702
|
-
|
786
|
+
DWORD length = 0;
|
787
|
+
if(!CertGetCertificateContextProperty(*i, CERT_KEY_PROV_INFO_PROP_ID, 0, &length))
|
703
788
|
{
|
704
|
-
|
705
|
-
|
706
|
-
|
707
|
-
|
708
|
-
|
709
|
-
|
710
|
-
{
|
711
|
-
vector<char> buf(length);
|
712
|
-
if(CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, &buf[0], &length))
|
713
|
-
{
|
714
|
-
CRYPT_KEY_PROV_INFO* keyProvInfo = reinterpret_cast<CRYPT_KEY_PROV_INFO*>(&buf[0]);
|
715
|
-
HCRYPTPROV cryptProv = 0;
|
716
|
-
CryptAcquireContextW(&cryptProv, keyProvInfo->pwszContainerName, keyProvInfo->pwszProvName,
|
717
|
-
keyProvInfo->dwProvType, CRYPT_DELETEKEYSET);
|
718
|
-
}
|
719
|
-
CertFreeCertificateContext(cert);
|
720
|
-
}
|
789
|
+
continue;
|
790
|
+
}
|
791
|
+
vector<char> buf(length);
|
792
|
+
if(!CertGetCertificateContextProperty(*i, CERT_KEY_PROV_INFO_PROP_ID, &buf[0], &length))
|
793
|
+
{
|
794
|
+
continue;
|
721
795
|
}
|
796
|
+
CRYPT_KEY_PROV_INFO* key = reinterpret_cast<CRYPT_KEY_PROV_INFO*>(&buf[0]);
|
797
|
+
HCRYPTPROV prov = 0;
|
798
|
+
CryptAcquireContextW(&prov, key->pwszContainerName, key->pwszProvName, key->dwProvType, CRYPT_DELETEKEYSET);
|
799
|
+
}
|
800
|
+
|
801
|
+
for(vector<PCCERT_CONTEXT>::const_iterator i = _allCerts.begin(); i != _allCerts.end(); ++i)
|
802
|
+
{
|
803
|
+
CertFreeCertificateContext(*i);
|
722
804
|
}
|
723
805
|
|
724
806
|
for(vector<HCERTSTORE>::const_iterator i = _stores.begin(); i != _stores.end(); ++i)
|