zeroc-ice 3.6b1 → 3.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/{ext/ice/BZIP_LICENSE → BZIP2_LICENSE} +0 -0
- data/ICE_LICENSE +8 -14
- data/LICENSE +2 -1
- data/{ext/ice/MCPP_LICENSE → MCPP_LICENSE} +2 -9
- data/bin/slice2rb +1 -1
- data/ext/Communicator.cpp +1 -1
- data/ext/Communicator.h +1 -1
- data/ext/Config.h +1 -22
- data/ext/Connection.cpp +125 -13
- data/ext/Connection.h +1 -1
- data/ext/Endpoint.cpp +62 -3
- data/ext/Endpoint.h +1 -1
- data/ext/ImplicitContext.cpp +1 -1
- data/ext/ImplicitContext.h +1 -1
- data/ext/Init.cpp +8 -1
- data/ext/Logger.cpp +1 -1
- data/ext/Logger.h +1 -1
- data/ext/ObjectFactory.cpp +1 -1
- data/ext/ObjectFactory.h +1 -1
- data/ext/Operation.cpp +1 -1
- data/ext/Operation.h +1 -1
- data/ext/Properties.cpp +1 -1
- data/ext/Properties.h +1 -1
- data/ext/Proxy.cpp +1 -1
- data/ext/Proxy.h +1 -1
- data/ext/Slice.cpp +1 -1
- data/ext/Slice.h +1 -1
- data/ext/Types.cpp +65 -17
- data/ext/Types.h +4 -1
- data/ext/Util.cpp +49 -58
- data/ext/Util.h +1 -1
- data/ext/extconf.rb +17 -15
- data/ext/ice/cpp/include/Ice/ACMF.h +1 -1
- data/ext/ice/cpp/include/Ice/Application.h +1 -1
- data/ext/ice/cpp/include/Ice/AsyncResult.h +1 -1
- data/ext/ice/cpp/include/Ice/AsyncResultF.h +1 -1
- data/ext/ice/cpp/include/Ice/BasicStream.h +1 -1
- data/ext/ice/cpp/include/Ice/BatchRequestInterceptor.h +52 -0
- data/ext/ice/cpp/include/Ice/BatchRequestQueueF.h +25 -0
- data/ext/ice/cpp/include/Ice/Buffer.h +1 -1
- data/ext/ice/cpp/include/Ice/BuiltinSequences.h +12 -4
- data/ext/ice/cpp/include/Ice/Communicator.h +12 -4
- data/ext/ice/cpp/include/Ice/CommunicatorAsync.h +1 -1
- data/ext/ice/cpp/include/Ice/CommunicatorF.h +12 -4
- data/ext/ice/cpp/include/Ice/Config.h +13 -8
- data/ext/ice/cpp/include/Ice/Connection.h +41 -16
- data/ext/ice/cpp/include/Ice/ConnectionAsync.h +1 -1
- data/ext/ice/cpp/include/Ice/ConnectionF.h +12 -4
- data/ext/ice/cpp/include/Ice/ConnectionFactoryF.h +1 -1
- data/ext/ice/cpp/include/Ice/ConnectionIF.h +1 -1
- data/ext/ice/cpp/include/Ice/Current.h +12 -4
- data/ext/ice/cpp/include/Ice/DefaultObjectFactory.h +1 -1
- data/ext/ice/cpp/include/Ice/DeprecatedStringConverter.h +1 -1
- data/ext/ice/cpp/include/Ice/DispatchInterceptor.h +1 -1
- data/ext/ice/cpp/include/Ice/Dispatcher.h +1 -1
- data/ext/ice/cpp/include/Ice/DynamicLibrary.h +1 -1
- data/ext/ice/cpp/include/Ice/DynamicLibraryF.h +1 -1
- data/ext/ice/cpp/include/Ice/Endpoint.h +16 -6
- data/ext/ice/cpp/include/Ice/EndpointF.h +12 -4
- data/ext/ice/cpp/include/Ice/EndpointTypes.h +12 -4
- data/ext/ice/cpp/include/Ice/Exception.h +3 -3
- data/ext/ice/cpp/include/Ice/FacetMap.h +12 -4
- data/ext/ice/cpp/include/Ice/FactoryTable.h +1 -1
- data/ext/ice/cpp/include/Ice/FactoryTableInit.h +1 -1
- data/ext/ice/cpp/include/Ice/Format.h +1 -1
- data/ext/ice/cpp/include/Ice/Functional.h +1 -1
- data/ext/ice/cpp/include/Ice/GCObject.h +5 -1
- data/ext/ice/cpp/include/Ice/Handle.h +1 -1
- data/ext/ice/cpp/include/Ice/Ice.h +4 -3
- data/ext/ice/cpp/include/Ice/Identity.h +13 -5
- data/ext/ice/cpp/include/Ice/ImplicitContext.h +12 -4
- data/ext/ice/cpp/include/Ice/ImplicitContextF.h +12 -4
- data/ext/ice/cpp/include/Ice/Incoming.h +1 -1
- data/ext/ice/cpp/include/Ice/IncomingAsync.h +1 -1
- data/ext/ice/cpp/include/Ice/IncomingAsyncF.h +1 -1
- data/ext/ice/cpp/include/Ice/Initialize.h +4 -2
- data/ext/ice/cpp/include/Ice/InstanceF.h +1 -1
- data/ext/ice/cpp/include/Ice/Instrumentation.h +12 -4
- data/ext/ice/cpp/include/Ice/InstrumentationF.h +12 -4
- data/ext/ice/cpp/include/Ice/LocalException.h +12 -4
- data/ext/ice/cpp/include/Ice/LocalObject.h +1 -1
- data/ext/ice/cpp/include/Ice/LocalObjectF.h +1 -1
- data/ext/ice/cpp/include/Ice/Locator.h +137 -129
- data/ext/ice/cpp/include/Ice/LocatorF.h +12 -4
- data/ext/ice/cpp/include/Ice/Logger.h +12 -4
- data/ext/ice/cpp/include/Ice/LoggerF.h +12 -4
- data/ext/ice/cpp/include/Ice/LoggerUtil.h +1 -1
- data/ext/ice/cpp/include/Ice/Metrics.h +144 -136
- data/ext/ice/cpp/include/Ice/MetricsAdminI.h +1 -1
- data/ext/ice/cpp/include/Ice/MetricsFunctional.h +1 -1
- data/ext/ice/cpp/include/Ice/MetricsObserverI.h +35 -26
- data/ext/ice/cpp/include/Ice/NativePropertiesAdmin.h +1 -1
- data/ext/ice/cpp/include/Ice/Object.h +1 -1
- data/ext/ice/cpp/include/Ice/ObjectAdapter.h +12 -4
- data/ext/ice/cpp/include/Ice/ObjectAdapterF.h +12 -4
- data/ext/ice/cpp/include/Ice/ObjectAdapterFactoryF.h +1 -1
- data/ext/ice/cpp/include/Ice/ObjectF.h +1 -1
- data/ext/ice/cpp/include/Ice/ObjectFactory.h +12 -4
- data/ext/ice/cpp/include/Ice/ObjectFactoryF.h +12 -4
- data/ext/ice/cpp/include/Ice/ObjectFactoryManagerF.h +1 -1
- data/ext/ice/cpp/include/Ice/ObserverHelper.h +1 -1
- data/ext/ice/cpp/include/Ice/Outgoing.h +67 -39
- data/ext/ice/cpp/include/Ice/OutgoingAsync.h +31 -34
- data/ext/ice/cpp/include/Ice/OutgoingAsyncF.h +4 -4
- data/ext/ice/cpp/include/Ice/Plugin.h +12 -4
- data/ext/ice/cpp/include/Ice/PluginF.h +12 -4
- data/ext/ice/cpp/include/Ice/Process.h +36 -28
- data/ext/ice/cpp/include/Ice/ProcessF.h +12 -4
- data/ext/ice/cpp/include/Ice/Properties.h +12 -4
- data/ext/ice/cpp/include/Ice/PropertiesAdmin.h +86 -78
- data/ext/ice/cpp/include/Ice/PropertiesF.h +12 -4
- data/ext/ice/cpp/include/Ice/Protocol.h +1 -1
- data/ext/ice/cpp/include/Ice/Proxy.h +6 -2
- data/ext/ice/cpp/include/Ice/ProxyF.h +1 -1
- data/ext/ice/cpp/include/Ice/ProxyFactoryF.h +1 -1
- data/ext/ice/cpp/include/Ice/ProxyHandle.h +1 -1
- data/ext/ice/cpp/include/Ice/ReferenceF.h +1 -1
- data/ext/ice/cpp/include/Ice/RemoteLogger.h +137 -129
- data/ext/ice/cpp/include/Ice/RequestHandlerF.h +1 -1
- data/ext/ice/cpp/include/Ice/ResponseHandlerF.h +1 -1
- data/ext/ice/cpp/include/Ice/Router.h +37 -29
- data/ext/ice/cpp/include/Ice/RouterF.h +12 -4
- data/ext/ice/cpp/include/Ice/ServantLocator.h +12 -4
- data/ext/ice/cpp/include/Ice/ServantLocatorF.h +12 -4
- data/ext/ice/cpp/include/Ice/ServantManagerF.h +1 -1
- data/ext/ice/cpp/include/Ice/Service.h +1 -1
- data/ext/ice/cpp/include/Ice/SliceChecksumDict.h +12 -4
- data/ext/ice/cpp/include/Ice/SliceChecksums.h +1 -1
- data/ext/ice/cpp/include/Ice/SlicedData.h +1 -6
- data/ext/ice/cpp/include/Ice/SlicedDataF.h +1 -1
- data/ext/ice/cpp/include/Ice/Stream.h +3 -5
- data/ext/ice/cpp/include/Ice/StreamF.h +1 -1
- data/ext/ice/cpp/include/Ice/StreamHelpers.h +1 -1
- data/ext/ice/cpp/include/Ice/ThreadPoolF.h +1 -1
- data/ext/ice/cpp/include/Ice/UserExceptionFactory.h +1 -1
- data/ext/ice/cpp/include/Ice/Version.h +14 -6
- data/ext/ice/cpp/include/IceSSL/Config.h +19 -1
- data/ext/ice/cpp/include/IceSSL/ConnectionInfo.h +61 -7
- data/ext/ice/cpp/include/IceSSL/EndpointInfo.h +52 -5
- data/ext/ice/cpp/include/IceSSL/IceSSL.h +2 -2
- data/ext/ice/cpp/include/IceSSL/Plugin.h +32 -26
- data/ext/ice/cpp/include/IceUtil/AbstractMutex.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Atomic.h +186 -0
- data/ext/ice/cpp/include/IceUtil/Cache.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Cond.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Config.h +31 -20
- data/ext/ice/cpp/include/IceUtil/CountDownLatch.h +1 -1
- data/ext/ice/cpp/include/IceUtil/CtrlCHandler.h +1 -1
- data/ext/ice/cpp/include/IceUtil/DisableWarnings.h +9 -2
- data/ext/ice/cpp/include/IceUtil/Exception.h +4 -3
- data/ext/ice/cpp/include/IceUtil/Functional.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Handle.h +1 -1
- data/ext/ice/cpp/include/IceUtil/IceUtil.h +2 -2
- data/ext/ice/cpp/include/IceUtil/IconvStringConverter.h +1 -1
- data/ext/ice/cpp/include/IceUtil/InputUtil.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Iterator.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Lock.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Monitor.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Mutex.h +1 -1
- data/ext/ice/cpp/include/IceUtil/MutexProtocol.h +1 -1
- data/ext/ice/cpp/include/IceUtil/MutexPtrLock.h +1 -1
- data/ext/ice/cpp/include/IceUtil/MutexPtrTryLock.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Optional.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Options.h +1 -1
- data/ext/ice/cpp/include/IceUtil/OutputUtil.h +8 -11
- data/ext/ice/cpp/include/IceUtil/PopDisableWarnings.h +1 -1
- data/ext/ice/cpp/include/IceUtil/PushDisableWarnings.h +5 -1
- data/ext/ice/cpp/include/IceUtil/Random.h +1 -1
- data/ext/ice/cpp/include/IceUtil/RecMutex.h +1 -1
- data/ext/ice/cpp/include/IceUtil/SHA1.h +8 -26
- data/ext/ice/cpp/include/IceUtil/ScannerConfig.h +5 -5
- data/ext/ice/cpp/include/IceUtil/ScopedArray.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Shared.h +3 -37
- data/ext/ice/cpp/include/IceUtil/StringUtil.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Thread.h +1 -1
- data/ext/ice/cpp/include/IceUtil/ThreadException.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Time.h +1 -1
- data/ext/ice/cpp/include/IceUtil/Timer.h +1 -1
- data/ext/ice/cpp/include/IceUtil/UUID.h +1 -1
- data/ext/ice/cpp/include/IceUtil/UndefSysMacros.h +1 -1
- data/ext/ice/cpp/include/IceUtil/UniquePtr.h +1 -1
- data/ext/ice/cpp/include/Slice/CPlusPlusUtil.h +7 -6
- data/ext/ice/cpp/include/Slice/Checksum.h +1 -1
- data/ext/ice/cpp/include/Slice/CsUtil.h +1 -1
- data/ext/ice/cpp/include/Slice/DotNetNames.h +1 -1
- data/ext/ice/cpp/include/Slice/FileTracker.h +1 -1
- data/ext/ice/cpp/include/Slice/JavaUtil.h +3 -1
- data/ext/ice/cpp/include/Slice/ObjCUtil.h +127 -0
- data/ext/ice/cpp/include/Slice/PHPUtil.h +1 -1
- data/ext/ice/cpp/include/Slice/Parser.h +18 -12
- data/ext/ice/cpp/include/Slice/Preprocessor.h +6 -4
- data/ext/ice/cpp/include/Slice/PythonUtil.h +1 -1
- data/ext/ice/cpp/include/Slice/RubyUtil.h +1 -1
- data/ext/ice/cpp/include/Slice/Util.h +20 -2
- data/ext/ice/cpp/src/Ice/ACM.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ACM.h +1 -1
- data/ext/ice/cpp/src/Ice/Acceptor.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Acceptor.h +1 -1
- data/ext/ice/cpp/src/Ice/AcceptorF.h +1 -1
- data/ext/ice/cpp/src/Ice/AsyncResult.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Base64.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Base64.h +1 -1
- data/ext/ice/cpp/src/Ice/BasicStream.cpp +7 -5
- data/ext/ice/cpp/src/Ice/BatchRequestQueue.cpp +227 -0
- data/ext/ice/cpp/src/Ice/BatchRequestQueue.h +59 -0
- data/ext/ice/cpp/src/Ice/Buffer.cpp +3 -3
- data/ext/ice/cpp/src/Ice/BuiltinSequences.cpp +10 -4
- data/ext/ice/cpp/src/Ice/CollocatedRequestHandler.cpp +82 -282
- data/ext/ice/cpp/src/Ice/CollocatedRequestHandler.h +8 -21
- data/ext/ice/cpp/src/Ice/Communicator.cpp +11 -5
- data/ext/ice/cpp/src/Ice/CommunicatorF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/CommunicatorI.cpp +6 -6
- data/ext/ice/cpp/src/Ice/CommunicatorI.h +1 -1
- data/ext/ice/cpp/src/Ice/ConnectRequestHandler.cpp +42 -180
- data/ext/ice/cpp/src/Ice/ConnectRequestHandler.h +10 -19
- data/ext/ice/cpp/src/Ice/ConnectRequestHandlerF.h +25 -0
- data/ext/ice/cpp/src/Ice/Connection.cpp +17 -11
- data/ext/ice/cpp/src/Ice/ConnectionF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ConnectionFactory.cpp +137 -51
- data/ext/ice/cpp/src/Ice/ConnectionFactory.h +18 -8
- data/ext/ice/cpp/src/Ice/ConnectionI.cpp +105 -391
- data/ext/ice/cpp/src/Ice/ConnectionI.h +25 -23
- data/ext/ice/cpp/src/Ice/ConnectionRequestHandler.cpp +5 -29
- data/ext/ice/cpp/src/Ice/ConnectionRequestHandler.h +3 -8
- data/ext/ice/cpp/src/Ice/Connector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Connector.h +1 -1
- data/ext/ice/cpp/src/Ice/ConnectorF.h +1 -1
- data/ext/ice/cpp/src/Ice/Current.cpp +10 -4
- data/ext/ice/cpp/src/Ice/DefaultsAndOverrides.cpp +1 -1
- data/ext/ice/cpp/src/Ice/DefaultsAndOverrides.h +1 -1
- data/ext/ice/cpp/src/Ice/DefaultsAndOverridesF.h +1 -1
- data/ext/ice/cpp/src/Ice/DeprecatedStringConverter.cpp +1 -1
- data/ext/ice/cpp/src/Ice/DispatchInterceptor.cpp +1 -1
- data/ext/ice/cpp/src/Ice/DynamicLibrary.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Endpoint.cpp +17 -11
- data/ext/ice/cpp/src/Ice/EndpointF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/EndpointFactory.cpp +19 -1
- data/ext/ice/cpp/src/Ice/EndpointFactory.h +13 -1
- data/ext/ice/cpp/src/Ice/EndpointFactoryF.h +1 -1
- data/ext/ice/cpp/src/Ice/EndpointFactoryManager.cpp +1 -1
- data/ext/ice/cpp/src/Ice/EndpointFactoryManager.h +1 -1
- data/ext/ice/cpp/src/Ice/EndpointFactoryManagerF.h +1 -1
- data/ext/ice/cpp/src/Ice/EndpointI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/EndpointI.h +33 -1
- data/ext/ice/cpp/src/Ice/EndpointIF.h +1 -1
- data/ext/ice/cpp/src/Ice/EndpointTypes.cpp +10 -4
- data/ext/ice/cpp/src/Ice/EventHandler.cpp +1 -1
- data/ext/ice/cpp/src/Ice/EventHandler.h +4 -1
- data/ext/ice/cpp/src/Ice/EventHandlerF.h +1 -1
- data/ext/ice/cpp/src/Ice/Exception.cpp +20 -11
- data/ext/ice/cpp/src/Ice/FacetMap.cpp +10 -4
- data/ext/ice/cpp/src/Ice/FactoryTable.cpp +1 -1
- data/ext/ice/cpp/src/Ice/FactoryTableInit.cpp +2 -2
- data/ext/ice/cpp/src/Ice/GCObject.cpp +1 -1
- data/ext/ice/cpp/src/Ice/HashUtil.h +1 -1
- data/ext/ice/cpp/src/Ice/HttpParser.cpp +27 -15
- data/ext/ice/cpp/src/Ice/HttpParser.h +4 -6
- data/ext/ice/cpp/src/Ice/IPEndpointI.cpp +7 -1
- data/ext/ice/cpp/src/Ice/IPEndpointI.h +2 -1
- data/ext/ice/cpp/src/Ice/IPEndpointIF.h +1 -1
- data/ext/ice/cpp/src/Ice/Identity.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ImplicitContext.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ImplicitContextF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ImplicitContextI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ImplicitContextI.h +1 -1
- data/ext/ice/cpp/src/Ice/Incoming.cpp +22 -20
- data/ext/ice/cpp/src/Ice/IncomingAsync.cpp +1 -1
- data/ext/ice/cpp/src/Ice/IncomingRequest.h +1 -1
- data/ext/ice/cpp/src/Ice/Initialize.cpp +31 -5
- data/ext/ice/cpp/src/Ice/Instance.cpp +102 -59
- data/ext/ice/cpp/src/Ice/Instance.h +28 -2
- data/ext/ice/cpp/src/Ice/Instrumentation.cpp +20 -14
- data/ext/ice/cpp/src/Ice/InstrumentationF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/InstrumentationI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/InstrumentationI.h +1 -1
- data/ext/ice/cpp/src/Ice/LocalException.cpp +10 -4
- data/ext/ice/cpp/src/Ice/LocalObject.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Locator.cpp +83 -77
- data/ext/ice/cpp/src/Ice/LocatorF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/LocatorInfo.cpp +77 -69
- data/ext/ice/cpp/src/Ice/LocatorInfo.h +1 -1
- data/ext/ice/cpp/src/Ice/LocatorInfoF.h +1 -1
- data/ext/ice/cpp/src/Ice/Logger.cpp +11 -5
- data/ext/ice/cpp/src/Ice/LoggerAdminI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/LoggerAdminI.h +1 -1
- data/ext/ice/cpp/src/Ice/LoggerF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/LoggerI.cpp +10 -8
- data/ext/ice/cpp/src/Ice/LoggerI.h +1 -1
- data/ext/ice/cpp/src/Ice/LoggerUtil.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Metrics.cpp +122 -116
- data/ext/ice/cpp/src/Ice/MetricsAdminI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/MetricsObserverI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Network.cpp +63 -19
- data/ext/ice/cpp/src/Ice/Network.h +10 -3
- data/ext/ice/cpp/src/Ice/NetworkF.h +1 -1
- data/ext/ice/cpp/src/Ice/NetworkProxy.cpp +1 -1
- data/ext/ice/cpp/src/Ice/NetworkProxy.h +1 -1
- data/ext/ice/cpp/src/Ice/NetworkProxyF.h +1 -1
- data/ext/ice/cpp/src/Ice/Object.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ObjectAdapter.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ObjectAdapterF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.cpp +9 -9
- data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.h +2 -2
- data/ext/ice/cpp/src/Ice/ObjectAdapterI.cpp +3 -3
- data/ext/ice/cpp/src/Ice/ObjectAdapterI.h +5 -5
- data/ext/ice/cpp/src/Ice/ObjectFactory.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ObjectFactoryF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ObjectFactoryManager.cpp +9 -10
- data/ext/ice/cpp/src/Ice/ObjectFactoryManager.h +1 -1
- data/ext/ice/cpp/src/Ice/ObserverHelper.cpp +1 -1
- data/ext/ice/cpp/src/Ice/OpaqueEndpointI.cpp +6 -5
- data/ext/ice/cpp/src/Ice/OpaqueEndpointI.h +1 -1
- data/ext/ice/cpp/src/Ice/Outgoing.cpp +209 -254
- data/ext/ice/cpp/src/Ice/OutgoingAsync.cpp +120 -106
- data/ext/ice/cpp/src/Ice/Plugin.cpp +12 -6
- data/ext/ice/cpp/src/Ice/PluginF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/PluginManagerI.cpp +21 -2
- data/ext/ice/cpp/src/Ice/Process.cpp +25 -19
- data/ext/ice/cpp/src/Ice/ProcessF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/Properties.cpp +11 -5
- data/ext/ice/cpp/src/Ice/PropertiesAdmin.cpp +39 -33
- data/ext/ice/cpp/src/Ice/PropertiesAdminI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/PropertiesAdminI.h +1 -1
- data/ext/ice/cpp/src/Ice/PropertiesF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/PropertiesI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/PropertiesI.h +1 -1
- data/ext/ice/cpp/src/Ice/PropertyNames.cpp +12 -8
- data/ext/ice/cpp/src/Ice/PropertyNames.h +2 -2
- data/ext/ice/cpp/src/Ice/Protocol.cpp +7 -7
- data/ext/ice/cpp/src/Ice/ProtocolInstance.cpp +9 -6
- data/ext/ice/cpp/src/Ice/ProtocolInstance.h +25 -7
- data/ext/ice/cpp/src/Ice/ProtocolInstanceF.h +1 -1
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacade.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacade.h +1 -1
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacadeF.h +1 -1
- data/ext/ice/cpp/src/Ice/Proxy.cpp +32 -13
- data/ext/ice/cpp/src/Ice/ProxyFactory.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ProxyFactory.h +1 -1
- data/ext/ice/cpp/src/Ice/Reference.cpp +101 -86
- data/ext/ice/cpp/src/Ice/Reference.h +16 -9
- data/ext/ice/cpp/src/Ice/ReferenceFactory.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ReferenceFactory.h +1 -1
- data/ext/ice/cpp/src/Ice/ReferenceFactoryF.h +1 -1
- data/ext/ice/cpp/src/Ice/RegisterPlugins.cpp +28 -0
- data/ext/ice/cpp/src/Ice/RegisterPlugins.h +25 -0
- data/ext/ice/cpp/src/Ice/RemoteLogger.cpp +92 -86
- data/ext/ice/cpp/src/Ice/ReplyStatus.h +1 -1
- data/ext/ice/cpp/src/Ice/RequestHandler.cpp +1 -1
- data/ext/ice/cpp/src/Ice/RequestHandler.h +4 -8
- data/ext/ice/cpp/src/Ice/RequestHandlerFactory.cpp +24 -16
- data/ext/ice/cpp/src/Ice/RequestHandlerFactory.h +5 -4
- data/ext/ice/cpp/src/Ice/ResponseHandler.cpp +1 -1
- data/ext/ice/cpp/src/Ice/ResponseHandler.h +3 -3
- data/ext/ice/cpp/src/Ice/RetryQueue.cpp +16 -5
- data/ext/ice/cpp/src/Ice/RetryQueue.h +3 -2
- data/ext/ice/cpp/src/Ice/RetryQueueF.h +1 -1
- data/ext/ice/cpp/src/Ice/Router.cpp +27 -21
- data/ext/ice/cpp/src/Ice/RouterF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/RouterInfo.cpp +1 -1
- data/ext/ice/cpp/src/Ice/RouterInfo.h +1 -1
- data/ext/ice/cpp/src/Ice/RouterInfoF.h +1 -1
- data/ext/ice/cpp/src/Ice/Selector.cpp +480 -1
- data/ext/ice/cpp/src/Ice/Selector.h +130 -1
- data/ext/ice/cpp/src/Ice/ServantLocator.cpp +11 -5
- data/ext/ice/cpp/src/Ice/ServantLocatorF.cpp +10 -4
- data/ext/ice/cpp/src/Ice/ServantManager.cpp +29 -23
- data/ext/ice/cpp/src/Ice/ServantManager.h +1 -1
- data/ext/ice/cpp/src/Ice/SharedContext.h +1 -1
- data/ext/ice/cpp/src/Ice/SliceChecksumDict.cpp +10 -4
- data/ext/ice/cpp/src/Ice/SliceChecksums.cpp +1 -1
- data/ext/ice/cpp/src/Ice/SlicedData.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Stream.cpp +1 -1
- data/ext/ice/cpp/src/Ice/StreamI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/StreamI.h +1 -1
- data/ext/ice/cpp/src/Ice/StreamSocket.cpp +30 -22
- data/ext/ice/cpp/src/Ice/StreamSocket.h +7 -4
- data/ext/ice/cpp/src/Ice/StringConverterPlugin.cpp +1 -1
- data/ext/ice/cpp/src/Ice/SysLoggerI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/SysLoggerI.h +1 -1
- data/ext/ice/cpp/src/Ice/TcpAcceptor.cpp +8 -8
- data/ext/ice/cpp/src/Ice/TcpAcceptor.h +1 -1
- data/ext/ice/cpp/src/Ice/TcpConnector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/TcpConnector.h +1 -1
- data/ext/ice/cpp/src/Ice/TcpEndpointI.cpp +21 -38
- data/ext/ice/cpp/src/Ice/TcpEndpointI.h +5 -6
- data/ext/ice/cpp/src/Ice/TcpTransceiver.cpp +29 -4
- data/ext/ice/cpp/src/Ice/TcpTransceiver.h +7 -2
- data/ext/ice/cpp/src/Ice/ThreadPool.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ThreadPool.h +1 -1
- data/ext/ice/cpp/src/Ice/TraceLevels.cpp +2 -2
- data/ext/ice/cpp/src/Ice/TraceLevels.h +1 -1
- data/ext/ice/cpp/src/Ice/TraceLevelsF.h +1 -1
- data/ext/ice/cpp/src/Ice/TraceUtil.cpp +16 -7
- data/ext/ice/cpp/src/Ice/TraceUtil.h +1 -1
- data/ext/ice/cpp/src/Ice/Transceiver.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Transceiver.h +2 -1
- data/ext/ice/cpp/src/Ice/TransceiverF.h +1 -1
- data/ext/ice/cpp/src/Ice/UdpConnector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/UdpConnector.h +1 -1
- data/ext/ice/cpp/src/Ice/UdpEndpointI.cpp +13 -39
- data/ext/ice/cpp/src/Ice/UdpEndpointI.h +2 -5
- data/ext/ice/cpp/src/Ice/UdpTransceiver.cpp +46 -10
- data/ext/ice/cpp/src/Ice/UdpTransceiver.h +3 -2
- data/ext/ice/cpp/src/Ice/Version.cpp +12 -6
- data/ext/ice/cpp/src/Ice/WSAcceptor.cpp +1 -1
- data/ext/ice/cpp/src/Ice/WSAcceptor.h +1 -1
- data/ext/ice/cpp/src/Ice/WSConnector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/WSConnector.h +1 -1
- data/ext/ice/cpp/src/Ice/WSEndpoint.cpp +6 -38
- data/ext/ice/cpp/src/Ice/WSEndpoint.h +12 -1
- data/ext/ice/cpp/src/Ice/WSTransceiver.cpp +31 -35
- data/ext/ice/cpp/src/Ice/WSTransceiver.h +13 -1
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.cpp +66 -60
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.h +106 -100
- data/ext/ice/cpp/src/IceDiscovery/LocatorI.cpp +1 -1
- data/ext/ice/cpp/src/IceDiscovery/LocatorI.h +1 -1
- data/ext/ice/cpp/src/IceDiscovery/LookupI.cpp +76 -36
- data/ext/ice/cpp/src/IceDiscovery/LookupI.h +1 -1
- data/ext/ice/cpp/src/IceDiscovery/PluginI.cpp +19 -6
- data/ext/ice/cpp/src/IceDiscovery/PluginI.h +1 -1
- data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.cpp +452 -0
- data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.h +732 -0
- data/ext/ice/cpp/src/IceLocatorDiscovery/PluginI.cpp +520 -0
- data/ext/ice/cpp/src/IceLocatorDiscovery/PluginI.h +36 -0
- data/ext/ice/cpp/src/IceSSL/AcceptorI.cpp +8 -8
- data/ext/ice/cpp/src/IceSSL/AcceptorI.h +1 -1
- data/ext/ice/cpp/src/IceSSL/Certificate.cpp +49 -47
- data/ext/ice/cpp/src/IceSSL/ConnectionInfo.cpp +13 -5
- data/ext/ice/cpp/src/IceSSL/ConnectorI.cpp +1 -1
- data/ext/ice/cpp/src/IceSSL/ConnectorI.h +1 -1
- data/ext/ice/cpp/src/IceSSL/EndpointI.cpp +10 -38
- data/ext/ice/cpp/src/IceSSL/EndpointI.h +4 -3
- data/ext/ice/cpp/src/IceSSL/EndpointInfo.cpp +13 -5
- data/ext/ice/cpp/src/IceSSL/Instance.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/Instance.h +1 -1
- data/ext/ice/cpp/src/IceSSL/InstanceF.h +1 -1
- data/ext/ice/cpp/src/IceSSL/OpenSSLEngine.cpp +107 -111
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +130 -47
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h +11 -3
- data/ext/ice/cpp/src/IceSSL/PluginI.cpp +8 -14
- data/ext/ice/cpp/src/IceSSL/PluginI.h +1 -1
- data/ext/ice/cpp/src/IceSSL/RFC2253.cpp +1 -1
- data/ext/ice/cpp/src/IceSSL/RFC2253.h +1 -1
- data/ext/ice/cpp/src/IceSSL/SChannelEngine.cpp +238 -156
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp +93 -66
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h +7 -3
- data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/SSLEngine.h +32 -35
- data/ext/ice/cpp/src/IceSSL/SSLEngineF.h +1 -1
- data/ext/ice/cpp/src/IceSSL/SecureTransportEngine.cpp +244 -360
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +59 -29
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h +8 -4
- data/ext/ice/cpp/src/IceSSL/TrustManager.cpp +1 -1
- data/ext/ice/cpp/src/IceSSL/TrustManager.h +1 -1
- data/ext/ice/cpp/src/IceSSL/TrustManagerF.h +1 -1
- data/ext/ice/cpp/src/IceSSL/Util.cpp +427 -620
- data/ext/ice/cpp/src/IceSSL/Util.h +72 -15
- data/ext/ice/cpp/src/IceUtil/ArgVector.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/ArgVector.h +1 -1
- data/ext/ice/cpp/src/IceUtil/Cond.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/ConvertUTF.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/ConvertUTF.h +1 -1
- data/ext/ice/cpp/src/IceUtil/CountDownLatch.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/CtrlCHandler.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Exception.cpp +105 -96
- data/ext/ice/cpp/src/IceUtil/FileUtil.cpp +2 -1
- data/ext/ice/cpp/src/IceUtil/FileUtil.h +9 -1
- data/ext/ice/cpp/src/IceUtil/InputUtil.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/MutexProtocol.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Options.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/OutputUtil.cpp +12 -25
- data/ext/ice/cpp/src/IceUtil/Random.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/RecMutex.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/SHA1.cpp +72 -10
- data/ext/ice/cpp/src/IceUtil/Shared.cpp +3 -132
- data/ext/ice/cpp/src/IceUtil/StopWatch.h +1 -1
- data/ext/ice/cpp/src/IceUtil/StringConverter.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/StringUtil.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Thread.cpp +16 -1
- data/ext/ice/cpp/src/IceUtil/ThreadException.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Time.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Timer.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/UUID.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Unicode.cpp +1 -1
- data/ext/ice/cpp/src/IceUtil/Unicode.h +1 -1
- data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp +62 -55
- data/ext/ice/cpp/src/Slice/Checksum.cpp +1 -1
- data/ext/ice/cpp/src/Slice/CsUtil.cpp +8 -29
- data/ext/ice/cpp/src/Slice/DotNetNames.cpp +1 -1
- data/ext/ice/cpp/src/Slice/FileTracker.cpp +1 -1
- data/ext/ice/cpp/src/Slice/Grammar.cpp +1 -1
- data/ext/ice/cpp/src/Slice/GrammarUtil.h +1 -1
- data/ext/ice/cpp/src/Slice/JavaUtil.cpp +145 -172
- data/ext/ice/cpp/src/Slice/MD5.cpp +1 -1
- data/ext/ice/cpp/src/Slice/MD5.h +1 -1
- data/ext/ice/cpp/src/Slice/ObjCUtil.cpp +1310 -0
- data/ext/ice/cpp/src/Slice/PHPUtil.cpp +1 -1
- data/ext/ice/cpp/src/Slice/Parser.cpp +65 -187
- data/ext/ice/cpp/src/Slice/Preprocessor.cpp +61 -9
- data/ext/ice/cpp/src/Slice/Python.cpp +36 -3
- data/ext/ice/cpp/src/Slice/PythonUtil.cpp +10 -10
- data/ext/ice/cpp/src/Slice/Ruby.cpp +34 -3
- data/ext/ice/cpp/src/Slice/RubyUtil.cpp +8 -7
- data/ext/ice/cpp/src/Slice/Scanner.cpp +1 -1
- data/ext/ice/cpp/src/Slice/Util.cpp +137 -30
- data/ext/ice/mcpp/LICENSE +29 -0
- data/ext/ice/mcpp/Makefile +60 -0
- data/ext/ice/mcpp/Makefile.mak +46 -0
- data/ext/ice/mcpp/README.md +30 -0
- data/ext/ice/mcpp/config.h +89 -0
- data/ext/ice/mcpp/configed.H +1 -146
- data/ext/ice/mcpp/directive.c +115 -410
- data/ext/ice/mcpp/eval.c +38 -377
- data/ext/ice/mcpp/expand.c +155 -852
- data/ext/ice/mcpp/internal.H +10 -44
- data/ext/ice/mcpp/main.c +6 -345
- data/ext/ice/mcpp/mbchar.c +17 -654
- data/ext/ice/mcpp/mcpp.gyp +62 -0
- data/ext/ice/mcpp/support.c +116 -943
- data/ext/ice/mcpp/system.H +0 -23
- data/ext/ice/mcpp/system.c +81 -2321
- data/ice.gemspec +3 -4
- data/lib/Glacier2.rb +1 -1
- data/lib/Glacier2/Metrics.rb +2 -2
- data/lib/Glacier2/PermissionsVerifier.rb +2 -2
- data/lib/Glacier2/PermissionsVerifierF.rb +2 -2
- data/lib/Glacier2/Router.rb +2 -2
- data/lib/Glacier2/RouterF.rb +2 -2
- data/lib/Glacier2/SSLInfo.rb +2 -2
- data/lib/Glacier2/Session.rb +2 -2
- data/lib/Ice.rb +1 -1
- data/lib/Ice/BuiltinSequences.rb +2 -2
- data/lib/Ice/Communicator.rb +2 -2
- data/lib/Ice/CommunicatorF.rb +2 -2
- data/lib/Ice/Connection.rb +26 -14
- data/lib/Ice/ConnectionF.rb +2 -2
- data/lib/Ice/Current.rb +2 -2
- data/lib/Ice/Endpoint.rb +4 -2
- data/lib/Ice/EndpointF.rb +2 -2
- data/lib/Ice/EndpointTypes.rb +2 -2
- data/lib/Ice/FacetMap.rb +2 -2
- data/lib/Ice/Identity.rb +2 -2
- data/lib/Ice/ImplicitContext.rb +2 -2
- data/lib/Ice/ImplicitContextF.rb +2 -2
- data/lib/Ice/Instrumentation.rb +2 -2
- data/lib/Ice/InstrumentationF.rb +2 -2
- data/lib/Ice/LocalException.rb +2 -2
- data/lib/Ice/Locator.rb +2 -2
- data/lib/Ice/LocatorF.rb +2 -2
- data/lib/Ice/Logger.rb +2 -2
- data/lib/Ice/LoggerF.rb +2 -2
- data/lib/Ice/Metrics.rb +2 -2
- data/lib/Ice/ObjectAdapterF.rb +2 -2
- data/lib/Ice/ObjectFactory.rb +2 -2
- data/lib/Ice/ObjectFactoryF.rb +2 -2
- data/lib/Ice/Plugin.rb +2 -2
- data/lib/Ice/PluginF.rb +2 -2
- data/lib/Ice/Process.rb +2 -2
- data/lib/Ice/ProcessF.rb +2 -2
- data/lib/Ice/Properties.rb +2 -2
- data/lib/Ice/PropertiesAdmin.rb +2 -2
- data/lib/Ice/PropertiesF.rb +2 -2
- data/lib/Ice/Router.rb +2 -2
- data/lib/Ice/RouterF.rb +2 -2
- data/lib/Ice/SliceChecksumDict.rb +2 -2
- data/lib/Ice/Version.rb +2 -2
- data/lib/IceBox.rb +1 -1
- data/lib/IceBox/IceBox.rb +2 -2
- data/lib/IceGrid.rb +1 -1
- data/lib/IceGrid/Admin.rb +2 -2
- data/lib/IceGrid/Descriptor.rb +2 -2
- data/lib/IceGrid/Exception.rb +2 -2
- data/lib/IceGrid/FileParser.rb +2 -2
- data/lib/IceGrid/Locator.rb +2 -2
- data/lib/IceGrid/Observer.rb +2 -2
- data/lib/IceGrid/Query.rb +2 -2
- data/lib/IceGrid/Registry.rb +2 -2
- data/lib/IceGrid/Session.rb +2 -2
- data/lib/IceGrid/UserAccountMapper.rb +2 -2
- data/lib/IcePatch2.rb +1 -1
- data/lib/IcePatch2/FileInfo.rb +52 -2
- data/lib/IcePatch2/FileServer.rb +33 -4
- data/lib/IceStorm.rb +1 -1
- data/lib/IceStorm/IceStorm.rb +2 -2
- data/lib/IceStorm/Metrics.rb +2 -2
- data/slice/Freeze/BackgroundSaveEvictor.ice +2 -2
- data/slice/Freeze/CatalogData.ice +2 -2
- data/slice/Freeze/Connection.ice +2 -2
- data/slice/Freeze/ConnectionF.ice +2 -2
- data/slice/Freeze/DB.ice +2 -2
- data/slice/Freeze/Evictor.ice +2 -2
- data/slice/Freeze/EvictorF.ice +2 -2
- data/slice/Freeze/EvictorStorage.ice +2 -2
- data/slice/Freeze/Exception.ice +2 -2
- data/slice/Freeze/Transaction.ice +2 -2
- data/slice/Freeze/TransactionalEvictor.ice +2 -2
- data/slice/Glacier2/Metrics.ice +7 -6
- data/slice/Glacier2/PermissionsVerifier.ice +4 -3
- data/slice/Glacier2/PermissionsVerifierF.ice +3 -2
- data/slice/Glacier2/Router.ice +4 -3
- data/slice/Glacier2/RouterF.ice +3 -2
- data/slice/Glacier2/SSLInfo.ice +3 -2
- data/slice/Glacier2/Session.ice +12 -11
- data/slice/Ice/BuiltinSequences.ice +4 -3
- data/slice/Ice/Communicator.ice +22 -25
- data/slice/Ice/CommunicatorF.ice +3 -2
- data/slice/Ice/Connection.ice +39 -11
- data/slice/Ice/ConnectionF.ice +3 -2
- data/slice/Ice/Current.ice +4 -3
- data/slice/Ice/Endpoint.ice +11 -3
- data/slice/Ice/EndpointF.ice +3 -2
- data/slice/Ice/EndpointTypes.ice +3 -2
- data/slice/Ice/FacetMap.ice +3 -2
- data/slice/Ice/Identity.ice +3 -2
- data/slice/Ice/ImplicitContext.ice +3 -2
- data/slice/Ice/ImplicitContextF.ice +3 -2
- data/slice/Ice/Instrumentation.ice +4 -2
- data/slice/Ice/InstrumentationF.ice +4 -2
- data/slice/Ice/LocalException.ice +29 -10
- data/slice/Ice/Locator.ice +5 -3
- data/slice/Ice/LocatorF.ice +3 -2
- data/slice/Ice/Logger.ice +3 -2
- data/slice/Ice/LoggerF.ice +3 -2
- data/slice/Ice/Metrics.ice +15 -14
- data/slice/Ice/ObjectAdapter.ice +5 -4
- data/slice/Ice/ObjectAdapterF.ice +3 -2
- data/slice/Ice/ObjectFactory.ice +3 -2
- data/slice/Ice/ObjectFactoryF.ice +3 -2
- data/slice/Ice/Plugin.ice +3 -2
- data/slice/Ice/PluginF.ice +3 -2
- data/slice/Ice/Process.ice +3 -2
- data/slice/Ice/ProcessF.ice +3 -2
- data/slice/Ice/Properties.ice +3 -2
- data/slice/Ice/PropertiesAdmin.ice +3 -2
- data/slice/Ice/PropertiesF.ice +3 -2
- data/slice/Ice/RemoteLogger.ice +3 -2
- data/slice/Ice/Router.ice +3 -2
- data/slice/Ice/RouterF.ice +3 -2
- data/slice/Ice/ServantLocator.ice +3 -2
- data/slice/Ice/ServantLocatorF.ice +3 -2
- data/slice/Ice/SliceChecksumDict.ice +3 -2
- data/slice/Ice/Version.ice +3 -2
- data/slice/IceBox/IceBox.ice +2 -2
- data/slice/IceDiscovery/IceDiscovery.ice +2 -2
- data/slice/IceGrid/Admin.ice +49 -48
- data/slice/IceGrid/Descriptor.ice +3 -2
- data/slice/IceGrid/Exception.ice +6 -5
- data/slice/IceGrid/FileParser.ice +4 -3
- data/slice/IceGrid/Locator.ice +4 -3
- data/slice/IceGrid/Observer.ice +28 -27
- data/slice/IceGrid/PluginFacade.ice +3 -2
- data/slice/IceGrid/Query.ice +3 -2
- data/slice/IceGrid/Registry.ice +4 -3
- data/slice/IceGrid/Session.ice +9 -8
- data/slice/IceGrid/UserAccountMapper.ice +4 -3
- data/slice/{IceGrid/Discovery.ice → IceLocatorDiscovery/IceLocatorDiscovery.ice} +12 -14
- data/slice/IcePatch2/FileInfo.ice +31 -2
- data/slice/IcePatch2/FileServer.ice +63 -5
- data/slice/IceSSL/ConnectionInfo.ice +17 -2
- data/slice/IceSSL/EndpointInfo.ice +21 -3
- data/slice/IceStorm/IceStorm.ice +3 -2
- data/slice/IceStorm/Metrics.ice +4 -3
- metadata +27 -23
- data/ext/ice/cpp/include/Ice/Makefile +0 -26
- data/ext/ice/cpp/include/IceSSL/Makefile +0 -26
- data/ext/ice/cpp/include/IceUtil/Makefile +0 -26
- data/ext/ice/cpp/include/Slice/Makefile +0 -26
- data/ext/ice/cpp/src/Ice/Application.cpp +0 -760
- data/ext/ice/cpp/src/Ice/EventLoggerMsg.h +0 -53
- data/ext/ice/cpp/src/Ice/Makefile +0 -190
- data/ext/ice/cpp/src/Ice/Service.cpp +0 -1897
- data/ext/ice/cpp/src/IceDiscovery/Makefile +0 -61
- data/ext/ice/cpp/src/IceSSL/Makefile +0 -82
- data/ext/ice/cpp/src/IceUtil/Makefile +0 -68
- data/ext/ice/cpp/src/Slice/Makefile +0 -65
- data/ext/ice/mcpp/config.h.Darwin +0 -227
- data/ext/ice/mcpp/config.h.Linux +0 -227
- data/ext/ice/mcpp/config.h.MINGW +0 -7
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -95,7 +95,7 @@ socketRead(SSLConnectionRef connection, void* data, size_t* length)
|
|
95
95
|
return transceiver->readRaw(reinterpret_cast<char*>(data), length);
|
96
96
|
}
|
97
97
|
|
98
|
-
|
98
|
+
bool
|
99
99
|
checkTrustResult(SecTrustRef trust, const SecureTransportEnginePtr& engine, const InstancePtr& instance)
|
100
100
|
{
|
101
101
|
OSStatus err = noErr;
|
@@ -112,7 +112,7 @@ checkTrustResult(SecTrustRef trust, const SecureTransportEnginePtr& engine, cons
|
|
112
112
|
//
|
113
113
|
if((err = SecTrustSetNetworkFetchAllowed(trust, false)))
|
114
114
|
{
|
115
|
-
throw
|
115
|
+
throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + errorToString(err));
|
116
116
|
}
|
117
117
|
|
118
118
|
//
|
@@ -120,7 +120,7 @@ checkTrustResult(SecTrustRef trust, const SecureTransportEnginePtr& engine, cons
|
|
120
120
|
//
|
121
121
|
if((err = SecTrustEvaluate(trust, &trustResult)))
|
122
122
|
{
|
123
|
-
throw
|
123
|
+
throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + errorToString(err));
|
124
124
|
}
|
125
125
|
}
|
126
126
|
|
@@ -132,14 +132,15 @@ checkTrustResult(SecTrustRef trust, const SecureTransportEnginePtr& engine, cons
|
|
132
132
|
//
|
133
133
|
// Trust verify success.
|
134
134
|
//
|
135
|
-
|
135
|
+
return true;
|
136
136
|
}
|
137
|
-
|
138
|
-
//case
|
139
|
-
case
|
140
|
-
case
|
141
|
-
case
|
142
|
-
case
|
137
|
+
default:
|
138
|
+
// case kSecTrustResultInvalid:
|
139
|
+
// //case kSecTrustResultConfirm: // Used in old OS X versions
|
140
|
+
// case kSecTrustResultDeny:
|
141
|
+
// case kSecTrustResultRecoverableTrustFailure:
|
142
|
+
// case kSecTrustResultFatalTrustFailure:
|
143
|
+
// case kSecTrustResultOtherError:
|
143
144
|
{
|
144
145
|
if(engine->getVerifyPeer() == 0)
|
145
146
|
{
|
@@ -149,7 +150,7 @@ checkTrustResult(SecTrustRef trust, const SecureTransportEnginePtr& engine, cons
|
|
149
150
|
os << "IceSSL: ignoring certificate verification failure\n" << trustResultDescription(trustResult);
|
150
151
|
instance->logger()->trace(instance->traceCategory(), os.str());
|
151
152
|
}
|
152
|
-
|
153
|
+
return false;
|
153
154
|
}
|
154
155
|
else
|
155
156
|
{
|
@@ -160,7 +161,7 @@ checkTrustResult(SecTrustRef trust, const SecureTransportEnginePtr& engine, cons
|
|
160
161
|
{
|
161
162
|
instance->logger()->trace(instance->traceCategory(), msg);
|
162
163
|
}
|
163
|
-
throw
|
164
|
+
throw SecurityException(__FILE__, __LINE__, msg);
|
164
165
|
}
|
165
166
|
}
|
166
167
|
}
|
@@ -197,7 +198,7 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
|
|
197
198
|
|
198
199
|
if((err = SSLSetConnection(_ssl, reinterpret_cast<SSLConnectionRef>(this))))
|
199
200
|
{
|
200
|
-
throw SecurityException(__FILE__, __LINE__, "IceSSL: setting SSL connection failed\n" +
|
201
|
+
throw SecurityException(__FILE__, __LINE__, "IceSSL: setting SSL connection failed\n" +
|
201
202
|
errorToString(err));
|
202
203
|
}
|
203
204
|
}
|
@@ -226,14 +227,17 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
|
|
226
227
|
err = SSLCopyPeerTrust(_ssl, &_trust);
|
227
228
|
if(_incoming && err == errSSLBadCert && _engine->getVerifyPeer() == 1)
|
228
229
|
{
|
229
|
-
//
|
230
|
-
//
|
231
|
-
//
|
230
|
+
//
|
231
|
+
// This is expected if the client doesn't provide a
|
232
|
+
// certificate (occurs since 10.10). The server is
|
233
|
+
// configured to verify to not require the client
|
234
|
+
// certificate so we ignore the failure.
|
235
|
+
//
|
232
236
|
continue;
|
233
237
|
}
|
234
238
|
if(err == noErr)
|
235
239
|
{
|
236
|
-
checkTrustResult(_trust, _engine, _instance);
|
240
|
+
_verified = checkTrustResult(_trust, _engine, _instance);
|
237
241
|
continue; // Call SSLHandshake to resume the handsake.
|
238
242
|
}
|
239
243
|
// Let it fall through, this will raise a SecurityException with the SSLCopyPeerTrust error.
|
@@ -254,7 +258,7 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
|
|
254
258
|
<< "remote address = " << desc << "\n" << errorToString(err);
|
255
259
|
throw ProtocolException(__FILE__, __LINE__, os.str());
|
256
260
|
}
|
257
|
-
_engine->verifyPeer(_stream->fd(), _host,
|
261
|
+
_engine->verifyPeer(_stream->fd(), _host, NativeConnectionInfoPtr::dynamicCast(getInfo()));
|
258
262
|
|
259
263
|
if(_instance->engine()->securityTraceLevel() >= 1)
|
260
264
|
{
|
@@ -481,7 +485,18 @@ IceSSL::TransceiverI::toDetailedString() const
|
|
481
485
|
Ice::ConnectionInfoPtr
|
482
486
|
IceSSL::TransceiverI::getInfo() const
|
483
487
|
{
|
484
|
-
|
488
|
+
NativeConnectionInfoPtr info = new NativeConnectionInfo();
|
489
|
+
fillConnectionInfo(info, info->nativeCerts);
|
490
|
+
return info;
|
491
|
+
}
|
492
|
+
|
493
|
+
Ice::ConnectionInfoPtr
|
494
|
+
IceSSL::TransceiverI::getWSInfo(const Ice::HeaderDict& headers) const
|
495
|
+
{
|
496
|
+
WSSNativeConnectionInfoPtr info = new WSSNativeConnectionInfo();
|
497
|
+
fillConnectionInfo(info, info->nativeCerts);
|
498
|
+
info->headers = headers;
|
499
|
+
return info;
|
485
500
|
}
|
486
501
|
|
487
502
|
void
|
@@ -489,9 +504,15 @@ IceSSL::TransceiverI::checkSendSize(const IceInternal::Buffer&)
|
|
489
504
|
{
|
490
505
|
}
|
491
506
|
|
492
|
-
|
493
|
-
|
494
|
-
|
507
|
+
void
|
508
|
+
IceSSL::TransceiverI::setBufferSize(int rcvSize, int sndSize)
|
509
|
+
{
|
510
|
+
_stream->setBufferSize(rcvSize, sndSize);
|
511
|
+
}
|
512
|
+
|
513
|
+
IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance,
|
514
|
+
const IceInternal::StreamSocketPtr& stream,
|
515
|
+
const string& hostOrAdapterName,
|
495
516
|
bool incoming) :
|
496
517
|
_instance(instance),
|
497
518
|
_engine(SecureTransportEnginePtr::dynamicCast(instance->engine())),
|
@@ -501,6 +522,7 @@ IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance,
|
|
501
522
|
_stream(stream),
|
502
523
|
_ssl(0),
|
503
524
|
_trust(0),
|
525
|
+
_verified(false),
|
504
526
|
_buffered(0)
|
505
527
|
{
|
506
528
|
//
|
@@ -515,12 +537,16 @@ IceSSL::TransceiverI::~TransceiverI()
|
|
515
537
|
{
|
516
538
|
}
|
517
539
|
|
518
|
-
|
519
|
-
IceSSL::TransceiverI::
|
540
|
+
void
|
541
|
+
IceSSL::TransceiverI::fillConnectionInfo(const ConnectionInfoPtr& info, std::vector<CertificatePtr>& nativeCerts) const
|
520
542
|
{
|
521
|
-
|
522
|
-
IceInternal::fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress,
|
543
|
+
IceInternal::fdToAddressAndPort(_stream->fd(), info->localAddress, info->localPort, info->remoteAddress,
|
523
544
|
info->remotePort);
|
545
|
+
if(_stream->fd() != INVALID_SOCKET)
|
546
|
+
{
|
547
|
+
info->rcvSize = IceInternal::getRecvBufferSize(_stream->fd());
|
548
|
+
info->sndSize = IceInternal::getSendBufferSize(_stream->fd());
|
549
|
+
}
|
524
550
|
|
525
551
|
if(_ssl)
|
526
552
|
{
|
@@ -530,18 +556,22 @@ IceSSL::TransceiverI::getNativeConnectionInfo() const
|
|
530
556
|
CFRetain(cert);
|
531
557
|
|
532
558
|
CertificatePtr certificate = new Certificate(cert);
|
533
|
-
|
559
|
+
nativeCerts.push_back(certificate);
|
534
560
|
info->certs.push_back(certificate->encode());
|
535
561
|
}
|
536
562
|
|
537
563
|
SSLCipherSuite cipher;
|
538
564
|
SSLGetNegotiatedCipher(_ssl, &cipher);
|
539
565
|
info->cipher = _engine->getCipherName(cipher);
|
566
|
+
info->verified = _verified;
|
567
|
+
}
|
568
|
+
else
|
569
|
+
{
|
570
|
+
info->verified = false;
|
540
571
|
}
|
541
572
|
|
542
573
|
info->adapterName = _adapterName;
|
543
574
|
info->incoming = _incoming;
|
544
|
-
return info;
|
545
575
|
}
|
546
576
|
|
547
577
|
OSStatus
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -18,6 +18,7 @@
|
|
18
18
|
#include <Ice/Transceiver.h>
|
19
19
|
#include <Ice/Network.h>
|
20
20
|
#include <Ice/StreamSocket.h>
|
21
|
+
#include <Ice/WSTransceiver.h>
|
21
22
|
|
22
23
|
#ifdef ICE_USE_SECURE_TRANSPORT
|
23
24
|
|
@@ -30,7 +31,7 @@ namespace IceSSL
|
|
30
31
|
class ConnectorI;
|
31
32
|
class AcceptorI;
|
32
33
|
|
33
|
-
class TransceiverI : public IceInternal::Transceiver
|
34
|
+
class TransceiverI : public IceInternal::Transceiver, public IceInternal::WSTransceiverDelegate
|
34
35
|
{
|
35
36
|
public:
|
36
37
|
|
@@ -46,7 +47,9 @@ public:
|
|
46
47
|
virtual std::string toString() const;
|
47
48
|
virtual std::string toDetailedString() const;
|
48
49
|
virtual Ice::ConnectionInfoPtr getInfo() const;
|
50
|
+
virtual Ice::ConnectionInfoPtr getWSInfo(const Ice::HeaderDict&) const;
|
49
51
|
virtual void checkSendSize(const IceInternal::Buffer&);
|
52
|
+
virtual void setBufferSize(int rcvSize, int sndSize);
|
50
53
|
|
51
54
|
OSStatus writeRaw(const char*, size_t*) const;
|
52
55
|
OSStatus readRaw(char*, size_t*) const;
|
@@ -56,7 +59,7 @@ private:
|
|
56
59
|
TransceiverI(const InstancePtr&, const IceInternal::StreamSocketPtr&, const std::string&, bool);
|
57
60
|
virtual ~TransceiverI();
|
58
61
|
|
59
|
-
|
62
|
+
void fillConnectionInfo(const ConnectionInfoPtr&, std::vector<CertificatePtr>&) const;
|
60
63
|
|
61
64
|
friend class ConnectorI;
|
62
65
|
friend class AcceptorI;
|
@@ -70,7 +73,8 @@ private:
|
|
70
73
|
|
71
74
|
SSLContextRef _ssl;
|
72
75
|
SecTrustRef _trust;
|
73
|
-
|
76
|
+
bool _verified;
|
77
|
+
|
74
78
|
size_t _buffered;
|
75
79
|
enum SSLWantFlags
|
76
80
|
{
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -1,6 +1,6 @@
|
|
1
1
|
// **********************************************************************
|
2
2
|
//
|
3
|
-
// Copyright (c) 2003-
|
3
|
+
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
|
4
4
|
//
|
5
5
|
// This copy of Ice is licensed to you under the terms described in the
|
6
6
|
// ICE_LICENSE file included in this distribution.
|
@@ -24,7 +24,7 @@
|
|
24
24
|
# include <openssl/err.h>
|
25
25
|
//
|
26
26
|
// Avoid old style cast warnings from OpenSSL macros
|
27
|
-
//
|
27
|
+
//
|
28
28
|
# pragma GCC diagnostic ignored "-Wold-style-cast"
|
29
29
|
#endif
|
30
30
|
|
@@ -41,22 +41,26 @@ IceSSL::readFile(const string& file, vector<char>& buffer)
|
|
41
41
|
{
|
42
42
|
throw CertificateReadException(__FILE__, __LINE__, "error opening file " + file);
|
43
43
|
}
|
44
|
-
|
44
|
+
|
45
45
|
is.seekg(0, is.end);
|
46
46
|
buffer.resize(static_cast<int>(is.tellg()));
|
47
47
|
is.seekg(0, is.beg);
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
if(!is.good())
|
48
|
+
|
49
|
+
if(!buffer.empty())
|
52
50
|
{
|
53
|
-
|
51
|
+
is.read(&buffer[0], buffer.size());
|
52
|
+
if(!is.good())
|
53
|
+
{
|
54
|
+
throw CertificateReadException(__FILE__, __LINE__, "error reading file " + file);
|
55
|
+
}
|
54
56
|
}
|
55
57
|
}
|
56
58
|
|
57
59
|
#ifndef ICE_USE_OPENSSL
|
60
|
+
|
58
61
|
namespace
|
59
62
|
{
|
63
|
+
|
60
64
|
bool
|
61
65
|
parseBytes(const string& arg, vector<unsigned char>& buffer)
|
62
66
|
{
|
@@ -95,10 +99,13 @@ parseBytes(const string& arg, vector<unsigned char>& buffer)
|
|
95
99
|
}
|
96
100
|
return true;
|
97
101
|
}
|
102
|
+
|
98
103
|
}
|
104
|
+
|
99
105
|
#endif
|
100
106
|
|
101
|
-
#
|
107
|
+
#if defined(ICE_USE_OPENSSL)
|
108
|
+
|
102
109
|
namespace
|
103
110
|
{
|
104
111
|
|
@@ -426,7 +433,7 @@ IceSSL::errorToString(OSStatus status)
|
|
426
433
|
return os.str();
|
427
434
|
}
|
428
435
|
|
429
|
-
std::string
|
436
|
+
std::string
|
430
437
|
IceSSL::fromCFString(CFStringRef v)
|
431
438
|
{
|
432
439
|
string s;
|
@@ -448,13 +455,13 @@ IceSSL::getCertificateProperty(SecCertificateRef cert, CFTypeRef key)
|
|
448
455
|
CFErrorRef err = 0;
|
449
456
|
CFDictionaryRef values = SecCertificateCopyValues(cert, keys, &err);
|
450
457
|
CFRelease(keys);
|
451
|
-
|
452
458
|
if(err)
|
453
459
|
{
|
454
|
-
|
455
|
-
|
460
|
+
ostringstream os;
|
461
|
+
os << "IceSSL: error getting property for certificate:\n" << errorToString(err);
|
462
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
456
463
|
}
|
457
|
-
|
464
|
+
|
458
465
|
assert(values);
|
459
466
|
CFDictionaryRef property = (CFDictionaryRef)CFDictionaryGetValue(values, key);
|
460
467
|
if(property)
|
@@ -468,540 +475,351 @@ IceSSL::getCertificateProperty(SecCertificateRef cert, CFTypeRef key)
|
|
468
475
|
namespace
|
469
476
|
{
|
470
477
|
|
471
|
-
//
|
472
|
-
// Retrive the certificate subject key identifier, the caller must release the returned CFData
|
473
|
-
// object.
|
474
|
-
//
|
475
|
-
CFDataRef
|
476
|
-
getSubjectKeyIdentifier(SecCertificateRef cert)
|
477
|
-
{
|
478
|
-
CFDataRef data = 0;
|
479
|
-
CFDictionaryRef property = getCertificateProperty(cert, kSecOIDSubjectKeyIdentifier);
|
480
|
-
if(property)
|
481
|
-
{
|
482
|
-
CFArrayRef propertyValues = (CFArrayRef)CFDictionaryGetValue(property, kSecPropertyKeyValue);
|
483
|
-
for(int i = 0, length = CFArrayGetCount(propertyValues); i < length; ++i)
|
484
|
-
{
|
485
|
-
CFDictionaryRef dict = (CFDictionaryRef)CFArrayGetValueAtIndex(propertyValues, i);
|
486
|
-
CFStringRef label = (CFStringRef)CFDictionaryGetValue(dict, kSecPropertyKeyLabel);
|
487
|
-
if(CFEqual(label, CFSTR("Key Identifier")))
|
488
|
-
{
|
489
|
-
data = (CFDataRef)CFDictionaryGetValue(dict, kSecPropertyKeyValue);
|
490
|
-
CFRetain(data);
|
491
|
-
break;
|
492
|
-
}
|
493
|
-
}
|
494
|
-
CFRelease(property);
|
495
|
-
}
|
496
|
-
return data;
|
497
|
-
}
|
498
|
-
|
499
478
|
//
|
500
479
|
// Check the certificate basic constraints to check if the certificate is marked as a CA.
|
501
480
|
//
|
502
481
|
bool
|
503
482
|
isCA(SecCertificateRef cert)
|
504
483
|
{
|
505
|
-
|
506
|
-
CFDictionaryRef property = getCertificateProperty(cert, kSecOIDBasicConstraints);
|
484
|
+
UniqueRef<CFDictionaryRef> property(getCertificateProperty(cert, kSecOIDBasicConstraints));
|
507
485
|
if(property)
|
508
486
|
{
|
509
|
-
CFArrayRef propertyValues = (CFArrayRef)CFDictionaryGetValue(property, kSecPropertyKeyValue);
|
487
|
+
CFArrayRef propertyValues = (CFArrayRef)CFDictionaryGetValue(property.get(), kSecPropertyKeyValue);
|
510
488
|
for(int i = 0, size = CFArrayGetCount(propertyValues); i < size; ++i)
|
511
489
|
{
|
512
490
|
CFDictionaryRef dict = (CFDictionaryRef)CFArrayGetValueAtIndex(propertyValues, i);
|
513
491
|
CFStringRef label = (CFStringRef)CFDictionaryGetValue(dict, kSecPropertyKeyLabel);
|
514
492
|
if(CFEqual(label, CFSTR("Certificate Authority")))
|
515
493
|
{
|
516
|
-
|
517
|
-
if(CFEqual(value, CFSTR("Yes")))
|
518
|
-
{
|
519
|
-
ca = true;
|
520
|
-
}
|
521
|
-
break;
|
494
|
+
return CFEqual((CFStringRef)CFDictionaryGetValue(dict, kSecPropertyKeyValue), CFSTR("Yes"));
|
522
495
|
}
|
523
496
|
}
|
524
|
-
CFRelease(property);
|
525
|
-
}
|
526
|
-
return ca;
|
527
|
-
}
|
528
|
-
|
529
|
-
//
|
530
|
-
// Search the keychain for an existing item with the same hash and type,
|
531
|
-
// the hash is the certificate subject key identifier. For private key
|
532
|
-
// items the hash should match kSecAttrApplicationLabel attribute, for
|
533
|
-
// certificate items it should match the kSecAttrSubjectKeyID attribute.
|
534
|
-
//
|
535
|
-
SecKeychainItemRef
|
536
|
-
copyMatching(SecKeychainRef keychain, CFDataRef hash, CFTypeRef type)
|
537
|
-
{
|
538
|
-
assert(keychain);
|
539
|
-
assert(hash);
|
540
|
-
assert(type == kSecClassKey || type == kSecClassCertificate);
|
541
|
-
|
542
|
-
const void* values[] = {keychain};
|
543
|
-
CFArrayRef searchList = CFArrayCreate(kCFAllocatorDefault, values, 1, &kCFTypeArrayCallBacks);
|
544
|
-
|
545
|
-
CFMutableDictionaryRef query =
|
546
|
-
CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
|
547
|
-
|
548
|
-
CFDictionarySetValue(query, kSecClass, type);
|
549
|
-
CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne);
|
550
|
-
CFDictionarySetValue(query, kSecMatchSearchList, searchList);
|
551
|
-
CFDictionarySetValue(query, type == kSecClassKey ? kSecAttrApplicationLabel : kSecAttrSubjectKeyID, hash);
|
552
|
-
CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue);
|
553
|
-
|
554
|
-
SecKeychainItemRef item = 0;
|
555
|
-
OSStatus err = SecItemCopyMatching(query, (CFTypeRef*)&item);
|
556
|
-
|
557
|
-
CFRelease(searchList);
|
558
|
-
CFRelease(query);
|
559
|
-
|
560
|
-
if(err != noErr && err != errSecItemNotFound)
|
561
|
-
{
|
562
|
-
throw CertificateReadException(__FILE__, __LINE__,
|
563
|
-
"Error searching for keychain items\n" + errorToString(err));
|
564
497
|
}
|
565
|
-
|
566
|
-
return item;
|
567
|
-
}
|
568
|
-
|
569
|
-
//
|
570
|
-
// Add an item to the keychain, if the keychain already has this item return the existing item,
|
571
|
-
// otherwise return the new added item.
|
572
|
-
//
|
573
|
-
SecKeychainItemRef
|
574
|
-
addToKeychain(SecKeychainRef keychain, SecKeychainItemRef item, CFDataRef hash, CFTypeRef type)
|
575
|
-
{
|
576
|
-
assert(keychain);
|
577
|
-
assert(item);
|
578
|
-
assert(hash);
|
579
|
-
|
580
|
-
SecKeychainItemRef newItem = copyMatching(keychain, hash, type);
|
581
|
-
if(!newItem)
|
582
|
-
{
|
583
|
-
CFMutableDictionaryRef query = CFDictionaryCreateMutable(kCFAllocatorDefault,
|
584
|
-
0,
|
585
|
-
&kCFTypeDictionaryKeyCallBacks,
|
586
|
-
&kCFTypeDictionaryValueCallBacks);
|
587
|
-
|
588
|
-
CFDictionarySetValue(query, kSecUseKeychain, keychain);
|
589
|
-
CFDictionarySetValue(query, kSecClass, type);
|
590
|
-
CFDictionarySetValue(query, kSecValueRef, item);
|
591
|
-
CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue);
|
592
|
-
|
593
|
-
CFArrayRef added = 0;
|
594
|
-
OSStatus err = SecItemAdd(query, (CFTypeRef*)&added);
|
595
|
-
CFRelease(query);
|
596
|
-
|
597
|
-
if(err != noErr)
|
598
|
-
{
|
599
|
-
ostringstream os;
|
600
|
-
os << "Failure adding " << (type == kSecClassKey ? "key" : "certificate")
|
601
|
-
<< " to keychain\n" << errorToString(err);
|
602
|
-
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
603
|
-
}
|
604
|
-
newItem = (SecKeychainItemRef)CFArrayGetValueAtIndex(added, 0);
|
605
|
-
CFRetain(newItem);
|
606
|
-
CFRelease(added);
|
607
|
-
}
|
608
|
-
|
609
|
-
assert(newItem);
|
610
|
-
|
611
|
-
return newItem;
|
498
|
+
return false;
|
612
499
|
}
|
613
500
|
|
614
501
|
//
|
615
502
|
// Load keychain items (Certificates or Private Keys) from a file. On return items param contain
|
616
503
|
// the list of items, the caller must release it.
|
617
504
|
//
|
618
|
-
|
619
|
-
loadKeychainItems(
|
620
|
-
|
621
|
-
int passwordRetryMax)
|
505
|
+
CFArrayRef
|
506
|
+
loadKeychainItems(const string& file, SecExternalItemType type, SecKeychainRef keychain, const string& passphrase,
|
507
|
+
const PasswordPromptPtr& prompt, int retryMax)
|
622
508
|
{
|
623
|
-
assert(type == kSecClassCertificate || type == kSecClassKey);
|
624
509
|
vector<char> buffer;
|
625
510
|
readFile(file, buffer);
|
626
|
-
|
627
|
-
|
628
|
-
|
629
|
-
|
630
|
-
|
631
|
-
|
632
|
-
SecExternalItemType itemType = kSecItemTypeUnknown;
|
633
|
-
|
511
|
+
UniqueRef<CFDataRef> data(CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
|
512
|
+
reinterpret_cast<const UInt8*>(&buffer[0]),
|
513
|
+
buffer.size(),
|
514
|
+
kCFAllocatorNull));
|
515
|
+
|
634
516
|
SecItemImportExportKeyParameters params;
|
635
517
|
memset(¶ms, 0, sizeof(params));
|
636
518
|
params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
|
637
|
-
|
519
|
+
params.flags |= kSecKeyNoAccessControl;
|
520
|
+
if(!passphrase.empty())
|
638
521
|
{
|
639
|
-
|
640
|
-
params.keyUsage = CFArrayCreate(0, values, 1, 0);
|
522
|
+
params.passphrase = toCFString(passphrase);
|
641
523
|
}
|
642
|
-
|
643
|
-
params.flags |= kSecKeyNoAccessControl;
|
644
524
|
|
645
|
-
|
646
|
-
|
647
|
-
|
648
|
-
|
525
|
+
CFArrayRef items;
|
526
|
+
SecExternalItemType importType = type;
|
527
|
+
SecExternalFormat format = type == kSecItemTypeUnknown ? kSecFormatPKCS12 : kSecFormatUnknown;
|
528
|
+
UniqueRef<CFStringRef> path(toCFString(file));
|
529
|
+
OSStatus err = SecItemImport(data.get(), path.get(), &format, &importType, 0, ¶ms, keychain, &items);
|
530
|
+
|
531
|
+
//
|
532
|
+
// If passphrase failure and no password was configured, we obtain
|
533
|
+
// the password from the given prompt or configure the import to
|
534
|
+
// prompt the user with an alert dialog.
|
535
|
+
//
|
536
|
+
if(passphrase.empty() &&
|
537
|
+
(err == errSecPassphraseRequired || err == errSecInvalidData || err == errSecPkcs12VerifyFailure))
|
649
538
|
{
|
650
|
-
if(!
|
651
|
-
{
|
652
|
-
assert(!params.passphrase);
|
653
|
-
params.passphrase = toCFString(passphrase);
|
654
|
-
}
|
655
|
-
err = SecItemImport(data, 0, format, &itemType, 0, ¶ms, *format == kSecFormatPKCS12 ? keychain : 0,
|
656
|
-
items);
|
657
|
-
if(params.passphrase)
|
658
|
-
{
|
659
|
-
CFRelease(params.passphrase);
|
660
|
-
params.passphrase = 0;
|
661
|
-
}
|
662
|
-
|
663
|
-
if(err == noErr)
|
664
|
-
{
|
665
|
-
break;
|
666
|
-
}
|
667
|
-
|
668
|
-
//
|
669
|
-
// Try PKCS12 format.
|
670
|
-
//
|
671
|
-
if(err == errSecUnknownFormat && *format != kSecFormatPKCS12)
|
672
|
-
{
|
673
|
-
*format = kSecFormatPKCS12;
|
674
|
-
itemType = kSecItemTypeAggregate;
|
675
|
-
continue;
|
676
|
-
}
|
677
|
-
|
678
|
-
//
|
679
|
-
// Error
|
680
|
-
//
|
681
|
-
if(!passphrase.empty() || (err != errSecPassphraseRequired &&
|
682
|
-
err != errSecInvalidData &&
|
683
|
-
err != errSecPkcs12VerifyFailure))
|
684
|
-
{
|
685
|
-
break;
|
686
|
-
}
|
687
|
-
|
688
|
-
if(prompt && count < passwordRetryMax)
|
689
|
-
{
|
690
|
-
params.passphrase = toCFString(prompt->getPassword());
|
691
|
-
}
|
692
|
-
//
|
693
|
-
// Configure the default OS X password prompt if passphrase is required
|
694
|
-
// and the user doesn't provide a passphrase or password prompt.
|
695
|
-
//
|
696
|
-
else if(!prompt && !(params.flags & kSecKeySecurePassphrase))
|
539
|
+
if(!prompt)
|
697
540
|
{
|
698
541
|
params.flags |= kSecKeySecurePassphrase;
|
699
542
|
ostringstream os;
|
700
543
|
os << "Enter the password for\n" << file;
|
701
544
|
params.alertPrompt = toCFString(os.str());
|
702
|
-
continue;
|
703
545
|
}
|
704
|
-
|
705
|
-
|
706
|
-
|
707
|
-
|
546
|
+
|
547
|
+
int count = 0;
|
548
|
+
while((err == errSecPassphraseRequired || err == errSecInvalidData || err == errSecPkcs12VerifyFailure) &&
|
549
|
+
count < retryMax)
|
708
550
|
{
|
709
|
-
|
551
|
+
if(prompt)
|
552
|
+
{
|
553
|
+
if(params.passphrase)
|
554
|
+
{
|
555
|
+
CFRelease(params.passphrase);
|
556
|
+
}
|
557
|
+
params.passphrase = toCFString(prompt->getPassword());
|
558
|
+
}
|
559
|
+
err = SecItemImport(data.get(), path.get(), &format, &importType, 0, ¶ms, keychain, &items);
|
560
|
+
++count;
|
561
|
+
}
|
562
|
+
|
563
|
+
if(params.alertPrompt)
|
564
|
+
{
|
565
|
+
CFRelease(params.alertPrompt);
|
710
566
|
}
|
711
567
|
}
|
712
|
-
|
713
|
-
if(params.
|
568
|
+
|
569
|
+
if(params.passphrase)
|
714
570
|
{
|
715
|
-
CFRelease(params.
|
571
|
+
CFRelease(params.passphrase);
|
716
572
|
}
|
717
|
-
|
718
|
-
CFRelease(data);
|
719
|
-
|
573
|
+
|
720
574
|
if(err != noErr)
|
721
575
|
{
|
722
576
|
ostringstream os;
|
723
|
-
os << "
|
724
|
-
|
577
|
+
os << "IceSSL: error reading " << (type == kSecItemTypePrivateKey ? "private key" : "certificate");
|
578
|
+
os << " `" << file << "':\n" << errorToString(err);
|
725
579
|
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
726
580
|
}
|
727
|
-
}
|
728
|
-
|
729
|
-
}
|
730
581
|
|
731
|
-
|
732
|
-
// Helper function to generate the private key label (display name) used
|
733
|
-
// in the keychain.
|
734
|
-
//
|
735
|
-
string
|
736
|
-
IceSSL::keyLabel(SecCertificateRef cert)
|
737
|
-
{
|
738
|
-
CFStringRef commonName;
|
739
|
-
OSStatus err = SecCertificateCopyCommonName(cert, &commonName);
|
740
|
-
if(err != noErr)
|
582
|
+
if(type != kSecItemTypeUnknown && importType != kSecItemTypeAggregate && importType != type)
|
741
583
|
{
|
742
|
-
|
584
|
+
CFRelease(items);
|
585
|
+
ostringstream os;
|
586
|
+
os << "IceSSL: error reading " << (type == kSecItemTypePrivateKey ? "private key" : "certificate");
|
587
|
+
os << " `" << file << "' doesn't contain the expected item";
|
588
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
743
589
|
}
|
744
|
-
|
745
|
-
|
746
|
-
|
590
|
+
|
591
|
+
return items;
|
592
|
+
}
|
593
|
+
|
747
594
|
}
|
748
595
|
|
749
596
|
//
|
750
597
|
// Imports a certificate private key and optionally add it to a keychain.
|
751
598
|
//
|
752
|
-
|
753
|
-
IceSSL::loadPrivateKey(
|
754
|
-
const
|
755
|
-
int passwordRetryMax)
|
599
|
+
SecIdentityRef
|
600
|
+
IceSSL::loadPrivateKey(const string& file, SecCertificateRef cert, SecKeychainRef keychain, const string& password,
|
601
|
+
const PasswordPromptPtr& prompt, int retryMax)
|
756
602
|
{
|
757
|
-
|
758
|
-
|
759
|
-
|
603
|
+
//
|
604
|
+
// Check if we already imported the certificate
|
605
|
+
//
|
606
|
+
UniqueRef<CFDataRef> hash;
|
607
|
+
UniqueRef<CFDictionaryRef> subjectKeyProperty(getCertificateProperty(cert, kSecOIDSubjectKeyIdentifier));
|
608
|
+
if(subjectKeyProperty)
|
760
609
|
{
|
761
|
-
|
762
|
-
|
763
|
-
if(items)
|
610
|
+
CFArrayRef values = (CFArrayRef)CFDictionaryGetValue(subjectKeyProperty.get(), kSecPropertyKeyValue);
|
611
|
+
for(int i = 0; i < CFArrayGetCount(values); ++i)
|
764
612
|
{
|
765
|
-
|
766
|
-
|
613
|
+
CFDictionaryRef dict = (CFDictionaryRef)CFArrayGetValueAtIndex(values, i);
|
614
|
+
if(CFEqual(CFDictionaryGetValue(dict, kSecPropertyKeyLabel), CFSTR("Key Identifier")))
|
767
615
|
{
|
768
|
-
|
769
|
-
|
770
|
-
{
|
771
|
-
CFRetain(item);
|
772
|
-
*key = (SecKeyRef)item;
|
773
|
-
|
774
|
-
CFRelease(items);
|
775
|
-
items = 0;
|
776
|
-
|
777
|
-
if(keychain)
|
778
|
-
{
|
779
|
-
SecKeychainItemRef newItem = addToKeychain(keychain, item, hash, kSecClassKey);
|
780
|
-
assert(newItem);
|
781
|
-
CFRelease(*key);
|
782
|
-
*key = (SecKeyRef)newItem;
|
783
|
-
if(hash)
|
784
|
-
{
|
785
|
-
//
|
786
|
-
// Create the association between the private key and the certificate,
|
787
|
-
// kSecKeyLabel attribute should match the subject key identifier.
|
788
|
-
//
|
789
|
-
SecKeychainAttribute attr;
|
790
|
-
attr.tag = kSecKeyLabel;
|
791
|
-
attr.data = (void*)CFDataGetBytePtr(hash);
|
792
|
-
attr.length = CFDataGetLength(hash);
|
793
|
-
|
794
|
-
SecKeychainAttributeList attrs;
|
795
|
-
attrs.attr = &attr;
|
796
|
-
attrs.count = 1;
|
797
|
-
|
798
|
-
SecKeychainItemModifyAttributesAndData(newItem, &attrs, 0, 0);
|
799
|
-
}
|
800
|
-
|
801
|
-
if(!label.empty())
|
802
|
-
{
|
803
|
-
//
|
804
|
-
// kSecKeyPrintName attribute correspond to the keychain display
|
805
|
-
// name.
|
806
|
-
//
|
807
|
-
SecKeychainAttribute att;
|
808
|
-
att.tag = kSecKeyPrintName;
|
809
|
-
att.data = (void*)label.c_str();
|
810
|
-
att.length = label.size();
|
811
|
-
|
812
|
-
SecKeychainAttributeList attrs;
|
813
|
-
attrs.attr = &att;
|
814
|
-
attrs.count = 1;
|
815
|
-
|
816
|
-
SecKeychainItemModifyAttributesAndData(newItem, &attrs, 0, 0);
|
817
|
-
}
|
818
|
-
}
|
819
|
-
break;
|
820
|
-
}
|
616
|
+
hash.retain(CFDictionaryGetValue(dict, kSecPropertyKeyValue));
|
617
|
+
break;
|
821
618
|
}
|
822
619
|
}
|
823
|
-
|
824
|
-
if(!*key)
|
825
|
-
{
|
826
|
-
throw CertificateReadException(__FILE__, __LINE__,
|
827
|
-
"Certificate error:\n error importing certificate from " + file);
|
828
|
-
}
|
829
620
|
}
|
830
|
-
|
831
|
-
{
|
832
|
-
|
621
|
+
|
622
|
+
const void* values[] = { keychain };
|
623
|
+
UniqueRef<CFArrayRef> searchList(CFArrayCreate(kCFAllocatorDefault, values, 1, &kCFTypeArrayCallBacks));
|
624
|
+
|
625
|
+
UniqueRef<CFMutableDictionaryRef> query(CFDictionaryCreateMutable(0,
|
626
|
+
0,
|
627
|
+
&kCFTypeDictionaryKeyCallBacks,
|
628
|
+
&kCFTypeDictionaryValueCallBacks));
|
629
|
+
|
630
|
+
CFDictionarySetValue(query.get(), kSecClass, kSecClassCertificate);
|
631
|
+
CFDictionarySetValue(query.get(), kSecMatchLimit, kSecMatchLimitOne);
|
632
|
+
CFDictionarySetValue(query.get(), kSecMatchSearchList, searchList.get());
|
633
|
+
CFDictionarySetValue(query.get(), kSecAttrSubjectKeyID, hash.get());
|
634
|
+
CFDictionarySetValue(query.get(), kSecReturnRef, kCFBooleanTrue);
|
635
|
+
|
636
|
+
CFTypeRef value = 0;
|
637
|
+
OSStatus err = SecItemCopyMatching(query.get(), &value);
|
638
|
+
UniqueRef<SecCertificateRef> item(value);
|
639
|
+
if(err == noErr)
|
640
|
+
{
|
641
|
+
//
|
642
|
+
// If the certificate has already been imported, create the
|
643
|
+
// identity. The key should also have been imported.
|
644
|
+
//
|
645
|
+
SecIdentityRef identity;
|
646
|
+
err = SecIdentityCreateWithCertificate(keychain, item.get(), &identity);
|
647
|
+
if(err != noErr)
|
833
648
|
{
|
834
|
-
|
649
|
+
ostringstream os;
|
650
|
+
os << "IceSSL: error creating certificate identity:\n" << errorToString(err);
|
651
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
835
652
|
}
|
836
|
-
|
837
|
-
|
653
|
+
return identity;
|
654
|
+
}
|
655
|
+
else if(err != errSecItemNotFound)
|
656
|
+
{
|
657
|
+
ostringstream os;
|
658
|
+
os << "IceSSL: error searching for keychain items:\n" << errorToString(err);
|
659
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
660
|
+
}
|
661
|
+
|
662
|
+
//
|
663
|
+
// If the certificate isn't already in the keychain, load the
|
664
|
+
// private key into the keychain and add the certificate.
|
665
|
+
//
|
666
|
+
UniqueRef<CFArrayRef> items(loadKeychainItems(file, kSecItemTypePrivateKey, keychain, password, prompt, retryMax));
|
667
|
+
int count = CFArrayGetCount(items.get());
|
668
|
+
UniqueRef<SecKeyRef> key;
|
669
|
+
for(int i = 0; i < count; ++i)
|
670
|
+
{
|
671
|
+
SecKeychainItemRef item = (SecKeychainItemRef)CFArrayGetValueAtIndex(items.get(), 0);
|
672
|
+
if(SecKeyGetTypeID() == CFGetTypeID(item))
|
838
673
|
{
|
839
|
-
|
840
|
-
|
674
|
+
key.retain(item);
|
675
|
+
break;
|
841
676
|
}
|
842
|
-
|
843
|
-
throw;
|
844
677
|
}
|
678
|
+
if(!key)
|
679
|
+
{
|
680
|
+
throw CertificateReadException(__FILE__, __LINE__, "IceSSL: no key in file `" + file + "'");
|
681
|
+
}
|
682
|
+
|
683
|
+
//
|
684
|
+
// Add the certificate to the keychain
|
685
|
+
//
|
686
|
+
query.reset(CFDictionaryCreateMutable(kCFAllocatorDefault,
|
687
|
+
0,
|
688
|
+
&kCFTypeDictionaryKeyCallBacks,
|
689
|
+
&kCFTypeDictionaryValueCallBacks));
|
690
|
+
|
691
|
+
CFDictionarySetValue(query.get(), kSecUseKeychain, keychain);
|
692
|
+
CFDictionarySetValue(query.get(), kSecClass, kSecClassCertificate);
|
693
|
+
CFDictionarySetValue(query.get(), kSecValueRef, cert);
|
694
|
+
CFDictionarySetValue(query.get(), kSecReturnRef, kCFBooleanTrue);
|
695
|
+
|
696
|
+
value = 0;
|
697
|
+
err = SecItemAdd(query.get(), (CFTypeRef*)&value);
|
698
|
+
UniqueRef<CFArrayRef> added(value);
|
699
|
+
if(err != noErr)
|
700
|
+
{
|
701
|
+
ostringstream os;
|
702
|
+
os << "IceSSL: failure adding certificate to keychain\n" << errorToString(err);
|
703
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
704
|
+
}
|
705
|
+
item.retain(CFArrayGetValueAtIndex(added.get(), 0));
|
706
|
+
|
707
|
+
//
|
708
|
+
// Create the association between the private key and the certificate,
|
709
|
+
// kSecKeyLabel attribute should match the subject key identifier.
|
710
|
+
//
|
711
|
+
vector<SecKeychainAttribute> attributes;
|
712
|
+
if(hash)
|
713
|
+
{
|
714
|
+
SecKeychainAttribute attr;
|
715
|
+
attr.tag = kSecKeyLabel;
|
716
|
+
attr.data = (void*)CFDataGetBytePtr(hash.get());
|
717
|
+
attr.length = CFDataGetLength(hash.get());
|
718
|
+
attributes.push_back(attr);
|
719
|
+
}
|
720
|
+
|
721
|
+
//
|
722
|
+
// kSecKeyPrintName attribute correspond to the keychain display
|
723
|
+
// name.
|
724
|
+
//
|
725
|
+
string label;
|
726
|
+
CFStringRef commonName = 0;
|
727
|
+
if(SecCertificateCopyCommonName(item.get(), &commonName) == noErr)
|
728
|
+
{
|
729
|
+
label = fromCFString(commonName);
|
730
|
+
CFRelease(commonName);
|
731
|
+
|
732
|
+
SecKeychainAttribute attr;
|
733
|
+
attr.tag = kSecKeyPrintName;
|
734
|
+
attr.data = (void*)label.c_str();
|
735
|
+
attr.length = label.size();
|
736
|
+
attributes.push_back(attr);
|
737
|
+
}
|
738
|
+
|
739
|
+
SecKeychainAttributeList attrs;
|
740
|
+
attrs.attr = &attributes[0];
|
741
|
+
attrs.count = attributes.size();
|
742
|
+
SecKeychainItemModifyAttributesAndData((SecKeychainItemRef)key.get(), &attrs, 0, 0);
|
743
|
+
|
744
|
+
SecIdentityRef identity;
|
745
|
+
err = SecIdentityCreateWithCertificate(keychain, item.get(), &identity);
|
746
|
+
if(err != noErr)
|
747
|
+
{
|
748
|
+
ostringstream os;
|
749
|
+
os << "IceSSL: error creating certificate identity:\n" << errorToString(err);
|
750
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
751
|
+
}
|
752
|
+
return identity;
|
845
753
|
}
|
846
754
|
|
847
755
|
//
|
848
|
-
// Imports a certificate
|
756
|
+
// Imports a certificate (it might contain an identity or certificate depending on the format).
|
849
757
|
//
|
850
|
-
|
851
|
-
IceSSL::
|
852
|
-
|
853
|
-
int passwordRetryMax)
|
758
|
+
CFArrayRef
|
759
|
+
IceSSL::loadCertificateChain(const string& file, const string& keyFile, SecKeychainRef keychain,
|
760
|
+
const string& password, const PasswordPromptPtr& prompt, int retryMax)
|
854
761
|
{
|
855
|
-
|
856
|
-
CFArrayRef items = 0;
|
857
|
-
SecIdentityRef identity = 0;
|
858
|
-
|
859
|
-
try
|
762
|
+
if(keyFile.empty())
|
860
763
|
{
|
861
|
-
|
862
|
-
loadKeychainItems(&items, kSecClassCertificate, file, &format, keychain, passphrase, prompt, passwordRetryMax);
|
863
|
-
|
864
|
-
if(items)
|
865
|
-
{
|
866
|
-
int count = CFArrayGetCount(items);
|
867
|
-
|
868
|
-
for(int i = 0; i < count; ++i)
|
869
|
-
{
|
870
|
-
SecKeychainItemRef item = (SecKeychainItemRef)CFArrayGetValueAtIndex(items, i);
|
871
|
-
if(format == kSecFormatPKCS12)
|
872
|
-
{
|
873
|
-
OSStatus err = noErr;
|
874
|
-
if(SecIdentityGetTypeID() == CFGetTypeID(item))
|
875
|
-
{
|
876
|
-
if((err = SecIdentityCopyCertificate((SecIdentityRef)item, cert)) != noErr)
|
877
|
-
{
|
878
|
-
throw CertificateReadException(__FILE__, __LINE__, "Certificate error:\n" +
|
879
|
-
errorToString(err));
|
880
|
-
}
|
881
|
-
|
882
|
-
if((err = SecIdentityCopyPrivateKey((SecIdentityRef)item, key)) != noErr)
|
883
|
-
{
|
884
|
-
throw CertificateReadException(__FILE__, __LINE__, "Certificate error:\n" +
|
885
|
-
errorToString(err));
|
886
|
-
}
|
887
|
-
break;
|
888
|
-
}
|
889
|
-
else if(SecCertificateGetTypeID() == CFGetTypeID(item))
|
890
|
-
{
|
891
|
-
CFRetain(item);
|
892
|
-
*cert = (SecCertificateRef)item;
|
893
|
-
|
894
|
-
if((err = SecIdentityCreateWithCertificate(keychain, *cert, &identity)) != noErr)
|
895
|
-
{
|
896
|
-
throw CertificateReadException(__FILE__, __LINE__, "Certificate error:\n" +
|
897
|
-
errorToString(err));
|
898
|
-
}
|
899
|
-
if((err = SecIdentityCopyPrivateKey(identity, key)) != noErr)
|
900
|
-
{
|
901
|
-
throw CertificateReadException(__FILE__, __LINE__, "Certificate error:\n" +
|
902
|
-
errorToString(err));
|
903
|
-
}
|
904
|
-
|
905
|
-
CFRelease(identity);
|
906
|
-
identity = 0;
|
907
|
-
break;
|
908
|
-
}
|
909
|
-
}
|
910
|
-
else if(SecCertificateGetTypeID() == CFGetTypeID(item))
|
911
|
-
{
|
912
|
-
CFRetain(item);
|
913
|
-
*cert = (SecCertificateRef)item;
|
914
|
-
|
915
|
-
//
|
916
|
-
// Copy the public key hash, that is used when added the private key
|
917
|
-
// to create an association between the certificate and the corresponding
|
918
|
-
// private key.
|
919
|
-
//
|
920
|
-
if(hash)
|
921
|
-
{
|
922
|
-
*hash = getSubjectKeyIdentifier(*cert);
|
923
|
-
|
924
|
-
if(keychain)
|
925
|
-
{
|
926
|
-
SecKeychainItemRef newItem = addToKeychain(keychain, item, *hash, kSecClassCertificate);
|
927
|
-
assert(newItem);
|
928
|
-
CFRelease(*cert);
|
929
|
-
*cert = (SecCertificateRef)newItem;
|
930
|
-
}
|
931
|
-
}
|
932
|
-
break;
|
933
|
-
}
|
934
|
-
}
|
935
|
-
|
936
|
-
CFRelease(items);
|
937
|
-
items = 0;
|
938
|
-
}
|
939
|
-
|
940
|
-
if(!*cert)
|
941
|
-
{
|
942
|
-
throw CertificateReadException(__FILE__, __LINE__,
|
943
|
-
"Certificate error:\n error importing certificate from " + file);
|
944
|
-
}
|
764
|
+
return loadKeychainItems(file, kSecItemTypeUnknown, keychain, password, prompt, retryMax);
|
945
765
|
}
|
946
|
-
|
766
|
+
else
|
947
767
|
{
|
948
|
-
|
949
|
-
|
950
|
-
|
951
|
-
|
952
|
-
|
953
|
-
|
954
|
-
if(
|
955
|
-
{
|
956
|
-
CFRelease(*hash);
|
957
|
-
*hash = 0;
|
958
|
-
}
|
959
|
-
|
960
|
-
if(items)
|
961
|
-
{
|
962
|
-
CFRelease(items);
|
963
|
-
}
|
964
|
-
|
965
|
-
if(identity)
|
966
|
-
{
|
967
|
-
CFRelease(identity);
|
968
|
-
}
|
969
|
-
|
970
|
-
if(key && *key)
|
768
|
+
//
|
769
|
+
// Load the certificate, don't load into the keychain as it
|
770
|
+
// might already have been imported.
|
771
|
+
//
|
772
|
+
UniqueRef<CFArrayRef> items(loadKeychainItems(file, kSecItemTypeCertificate, 0, password, prompt, retryMax));
|
773
|
+
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(items.get(), 0);
|
774
|
+
if(SecCertificateGetTypeID() != CFGetTypeID(cert))
|
971
775
|
{
|
972
|
-
|
973
|
-
|
776
|
+
ostringstream os;
|
777
|
+
os << "IceSSL: couldn't find certificate in `" << file << "'";
|
778
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
974
779
|
}
|
975
|
-
|
976
|
-
|
780
|
+
|
781
|
+
//
|
782
|
+
// Load the private key for the given certificate. This will
|
783
|
+
// add the certificate/key to the keychain if they aren't
|
784
|
+
// already present in the keychain.
|
785
|
+
//
|
786
|
+
UniqueRef<SecIdentityRef> identity(loadPrivateKey(keyFile, cert, keychain, password, prompt, retryMax));
|
787
|
+
CFMutableArrayRef a = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, items.get());
|
788
|
+
CFArraySetValueAtIndex(a, 0, identity.get());
|
789
|
+
return a;
|
977
790
|
}
|
978
791
|
}
|
979
792
|
|
793
|
+
SecCertificateRef
|
794
|
+
IceSSL::loadCertificate(const string& file)
|
795
|
+
{
|
796
|
+
CFArrayRef items = loadKeychainItems(file, kSecItemTypeCertificate, 0, "", 0, 0);
|
797
|
+
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(items, 0);
|
798
|
+
CFRetain(cert);
|
799
|
+
CFRelease(items);
|
800
|
+
return cert;
|
801
|
+
}
|
802
|
+
|
980
803
|
CFArrayRef
|
981
|
-
IceSSL::loadCACertificates(const string& file
|
982
|
-
int passwordRetryMax)
|
804
|
+
IceSSL::loadCACertificates(const string& file)
|
983
805
|
{
|
984
|
-
CFArrayRef items
|
985
|
-
SecExternalFormat format = kSecFormatUnknown;
|
986
|
-
loadKeychainItems(&items, kSecClassCertificate, file, &format, 0, passphrase, prompt, passwordRetryMax);
|
806
|
+
UniqueRef<CFArrayRef> items(loadKeychainItems(file, kSecItemTypeCertificate, 0, "", 0, 0));
|
987
807
|
CFMutableArrayRef certificateAuthorities = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
|
988
|
-
|
808
|
+
int count = CFArrayGetCount(items.get());
|
809
|
+
for(CFIndex i = 0; i < count; ++i)
|
989
810
|
{
|
990
|
-
|
811
|
+
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(items.get(), i);
|
812
|
+
assert(SecCertificateGetTypeID() == CFGetTypeID(cert));
|
813
|
+
if(isCA(cert))
|
991
814
|
{
|
992
|
-
|
993
|
-
if(isCA(cert))
|
994
|
-
{
|
995
|
-
CFArrayAppendValue(certificateAuthorities, cert);
|
996
|
-
}
|
815
|
+
CFArrayAppendValue(certificateAuthorities, cert);
|
997
816
|
}
|
998
|
-
CFRelease(items);
|
999
817
|
}
|
1000
818
|
return certificateAuthorities;
|
1001
819
|
}
|
1002
820
|
|
1003
821
|
SecCertificateRef
|
1004
|
-
IceSSL::
|
822
|
+
IceSSL::findCertificate(SecKeychainRef keychain, const string& value)
|
1005
823
|
{
|
1006
824
|
//
|
1007
825
|
// Search the keychain using key:value pairs. The following keys are supported:
|
@@ -1013,17 +831,19 @@ IceSSL::findCertificates(SecKeychainRef keychain, const string& prop, const stri
|
|
1013
831
|
//
|
1014
832
|
// A value must be enclosed in single or double quotes if it contains whitespace.
|
1015
833
|
//
|
1016
|
-
CFMutableDictionaryRef query
|
1017
|
-
|
1018
|
-
|
834
|
+
UniqueRef<CFMutableDictionaryRef> query(CFDictionaryCreateMutable(0,
|
835
|
+
0,
|
836
|
+
&kCFTypeDictionaryKeyCallBacks,
|
837
|
+
&kCFTypeDictionaryValueCallBacks));
|
838
|
+
|
1019
839
|
const void* values[] = { keychain };
|
1020
|
-
CFArrayRef searchList
|
1021
|
-
|
1022
|
-
CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne);
|
1023
|
-
CFDictionarySetValue(query, kSecMatchSearchList, searchList);
|
1024
|
-
CFDictionarySetValue(query, kSecClass, kSecClassCertificate);
|
1025
|
-
CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue);
|
1026
|
-
CFDictionarySetValue(query, kSecMatchCaseInsensitive, kCFBooleanTrue);
|
840
|
+
UniqueRef<CFArrayRef> searchList(CFArrayCreate(kCFAllocatorDefault, values, 1, &kCFTypeArrayCallBacks));
|
841
|
+
|
842
|
+
CFDictionarySetValue(query.get(), kSecMatchLimit, kSecMatchLimitOne);
|
843
|
+
CFDictionarySetValue(query.get(), kSecMatchSearchList, searchList.get());
|
844
|
+
CFDictionarySetValue(query.get(), kSecClass, kSecClassCertificate);
|
845
|
+
CFDictionarySetValue(query.get(), kSecReturnRef, kCFBooleanTrue);
|
846
|
+
CFDictionarySetValue(query.get(), kSecMatchCaseInsensitive, kCFBooleanTrue);
|
1027
847
|
|
1028
848
|
size_t start = 0;
|
1029
849
|
size_t pos;
|
@@ -1031,145 +851,107 @@ IceSSL::findCertificates(SecKeychainRef keychain, const string& prop, const stri
|
|
1031
851
|
{
|
1032
852
|
string field = IceUtilInternal::toUpper(IceUtilInternal::trim(value.substr(start, pos - start)));
|
1033
853
|
string arg;
|
1034
|
-
|
854
|
+
if(field != "LABEL" && field != "SERIAL" && field != "SUBJECT" && field != "SUBJECTKEYID")
|
1035
855
|
{
|
1036
|
-
|
1037
|
-
|
1038
|
-
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: unknown key in `" + value + "'");
|
1039
|
-
}
|
856
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: unknown key in `" + value + "'");
|
857
|
+
}
|
1040
858
|
|
1041
|
-
|
1042
|
-
|
1043
|
-
|
1044
|
-
|
1045
|
-
|
1046
|
-
|
1047
|
-
|
1048
|
-
|
1049
|
-
|
1050
|
-
|
859
|
+
start = pos + 1;
|
860
|
+
while(start < value.size() && (value[start] == ' ' || value[start] == '\t'))
|
861
|
+
{
|
862
|
+
++start;
|
863
|
+
}
|
864
|
+
|
865
|
+
if(start == value.size())
|
866
|
+
{
|
867
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: missing argument in `" + value + "'");
|
868
|
+
}
|
1051
869
|
|
1052
|
-
|
870
|
+
if(value[start] == '"' || value[start] == '\'')
|
871
|
+
{
|
872
|
+
size_t end = start;
|
873
|
+
++end;
|
874
|
+
while(end < value.size())
|
1053
875
|
{
|
1054
|
-
|
1055
|
-
++end;
|
1056
|
-
while(end < value.size())
|
1057
|
-
{
|
1058
|
-
if(value[end] == value[start] && value[end - 1] != '\\')
|
1059
|
-
{
|
1060
|
-
break;
|
1061
|
-
}
|
1062
|
-
++end;
|
1063
|
-
}
|
1064
|
-
if(end == value.size() || value[end] != value[start])
|
876
|
+
if(value[end] == value[start] && value[end - 1] != '\\')
|
1065
877
|
{
|
1066
|
-
|
1067
|
-
"IceSSL: unmatched quote in `" + value + "'");
|
878
|
+
break;
|
1068
879
|
}
|
1069
|
-
++
|
1070
|
-
arg = value.substr(start, end - start);
|
1071
|
-
start = end + 1;
|
880
|
+
++end;
|
1072
881
|
}
|
1073
|
-
|
882
|
+
if(end == value.size() || value[end] != value[start])
|
1074
883
|
{
|
1075
|
-
|
1076
|
-
if(end == string::npos)
|
1077
|
-
{
|
1078
|
-
arg = value.substr(start);
|
1079
|
-
start = value.size();
|
1080
|
-
}
|
1081
|
-
else
|
1082
|
-
{
|
1083
|
-
arg = value.substr(start, end - start);
|
1084
|
-
start = end + 1;
|
1085
|
-
}
|
884
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: unmatched quote in `" + value + "'");
|
1086
885
|
}
|
886
|
+
++start;
|
887
|
+
arg = value.substr(start, end - start);
|
888
|
+
start = end + 1;
|
1087
889
|
}
|
1088
|
-
|
890
|
+
else
|
1089
891
|
{
|
1090
|
-
|
1091
|
-
|
1092
|
-
|
892
|
+
size_t end = value.find_first_of(" \t", start);
|
893
|
+
if(end == string::npos)
|
894
|
+
{
|
895
|
+
arg = value.substr(start);
|
896
|
+
start = value.size();
|
897
|
+
}
|
898
|
+
else
|
899
|
+
{
|
900
|
+
arg = value.substr(start, end - start);
|
901
|
+
start = end + 1;
|
902
|
+
}
|
1093
903
|
}
|
1094
904
|
|
1095
905
|
if(field == "SUBJECT" || field == "LABEL")
|
1096
906
|
{
|
1097
|
-
|
907
|
+
UniqueRef<CFStringRef> v(toCFString(arg));
|
908
|
+
CFDictionarySetValue(query.get(), field == "LABEL" ? kSecAttrLabel : kSecMatchSubjectContains, v.get());
|
1098
909
|
}
|
1099
910
|
else if(field == "SUBJECTKEYID" || field == "SERIAL")
|
1100
911
|
{
|
1101
912
|
vector<unsigned char> buffer;
|
1102
913
|
if(!parseBytes(arg, buffer))
|
1103
914
|
{
|
1104
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1105
|
-
"IceSSL: invalid value `" + value + "' for property `" + prop + "'");
|
915
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value `" + value + "'");
|
1106
916
|
}
|
1107
|
-
CFDataRef
|
1108
|
-
CFDictionarySetValue(query, field == "SUBJECTKEYID" ? kSecAttrSubjectKeyID : kSecAttrSerialNumber,
|
917
|
+
UniqueRef<CFDataRef> v(CFDataCreate(kCFAllocatorDefault, &buffer[0], buffer.size()));
|
918
|
+
CFDictionarySetValue(query.get(), field == "SUBJECTKEYID" ? kSecAttrSubjectKeyID : kSecAttrSerialNumber,
|
919
|
+
v.get());
|
1109
920
|
}
|
1110
921
|
}
|
1111
922
|
|
1112
|
-
|
1113
|
-
OSStatus err = SecItemCopyMatching(query, (CFTypeRef*)&item);
|
1114
|
-
CFRelease(searchList);
|
1115
|
-
CFRelease(query);
|
1116
|
-
if(err != noErr && err != errSecItemNotFound)
|
923
|
+
if(CFDictionaryGetCount(query.get()) == 5)
|
1117
924
|
{
|
1118
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1119
|
-
"Error searching for keychain items\n" + errorToString(err));
|
925
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value `" + value + "'");
|
1120
926
|
}
|
1121
|
-
return (SecCertificateRef)item;
|
1122
|
-
}
|
1123
|
-
#elif defined(ICE_USE_SCHANNEL)
|
1124
927
|
|
1125
|
-
|
1126
|
-
|
1127
|
-
|
1128
|
-
// Parse a string of the form "location.name" into two parts.
|
1129
|
-
//
|
1130
|
-
void
|
1131
|
-
parseStore(const string& prop, const string& store, DWORD& loc, string& sname)
|
1132
|
-
{
|
1133
|
-
size_t pos = store.find('.');
|
1134
|
-
if(pos == string::npos)
|
928
|
+
SecCertificateRef cert = 0;
|
929
|
+
OSStatus err = SecItemCopyMatching(query.get(), (CFTypeRef*)&cert);
|
930
|
+
if(err != noErr)
|
1135
931
|
{
|
1136
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
932
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
933
|
+
"IceSSL: find certificate `" + value + "' failed:\n" + errorToString(err));
|
1137
934
|
}
|
935
|
+
return cert;
|
936
|
+
}
|
1138
937
|
|
1139
|
-
|
1140
|
-
if(sloc == "CURRENTUSER")
|
1141
|
-
{
|
1142
|
-
loc = CERT_SYSTEM_STORE_CURRENT_USER;
|
1143
|
-
}
|
1144
|
-
else if(sloc == "LOCALMACHINE")
|
1145
|
-
{
|
1146
|
-
loc = CERT_SYSTEM_STORE_LOCAL_MACHINE;
|
1147
|
-
}
|
1148
|
-
else
|
1149
|
-
{
|
1150
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1151
|
-
"IceSSL: unknown store location `" + sloc + "' in " + prop);
|
1152
|
-
}
|
938
|
+
#elif defined(ICE_USE_SCHANNEL)
|
1153
939
|
|
1154
|
-
|
1155
|
-
|
1156
|
-
{
|
1157
|
-
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid store name in " + prop);
|
1158
|
-
}
|
1159
|
-
}
|
940
|
+
namespace
|
941
|
+
{
|
1160
942
|
|
1161
943
|
void
|
1162
944
|
addMatchingCertificates(HCERTSTORE source, HCERTSTORE target, DWORD findType, const void* findParam)
|
1163
945
|
{
|
1164
946
|
PCCERT_CONTEXT next = 0;
|
1165
947
|
do
|
1166
|
-
{
|
1167
|
-
if((next = CertFindCertificateInStore(source, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0,
|
948
|
+
{
|
949
|
+
if((next = CertFindCertificateInStore(source, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0,
|
1168
950
|
findType, findParam, next)))
|
1169
951
|
{
|
1170
952
|
if(!CertAddCertificateContextToStore(target, next, CERT_STORE_ADD_ALWAYS, 0))
|
1171
953
|
{
|
1172
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
954
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1173
955
|
"IceSSL: error adding certificate to store:\n" + IceUtilInternal::lastErrorToString());
|
1174
956
|
}
|
1175
957
|
}
|
@@ -1179,18 +961,24 @@ addMatchingCertificates(HCERTSTORE source, HCERTSTORE target, DWORD findType, co
|
|
1179
961
|
|
1180
962
|
}
|
1181
963
|
|
1182
|
-
vector<PCCERT_CONTEXT>
|
1183
|
-
IceSSL::findCertificates(const string&
|
964
|
+
vector<PCCERT_CONTEXT>
|
965
|
+
IceSSL::findCertificates(const string& location, const string& name, const string& value, vector<HCERTSTORE>& stores)
|
1184
966
|
{
|
1185
|
-
DWORD storeLoc
|
1186
|
-
|
1187
|
-
|
967
|
+
DWORD storeLoc;
|
968
|
+
if(location == "CurrentUser")
|
969
|
+
{
|
970
|
+
storeLoc = CERT_SYSTEM_STORE_CURRENT_USER;
|
971
|
+
}
|
972
|
+
else
|
973
|
+
{
|
974
|
+
storeLoc = CERT_SYSTEM_STORE_LOCAL_MACHINE;
|
975
|
+
}
|
1188
976
|
|
1189
|
-
HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, storeLoc, stringToWstring(
|
977
|
+
HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, storeLoc, stringToWstring(name).c_str());
|
1190
978
|
if(!store)
|
1191
979
|
{
|
1192
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1193
|
-
|
980
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: failed to open certificate store `" + name +
|
981
|
+
"':\n" + IceUtilInternal::lastErrorToString());
|
1194
982
|
}
|
1195
983
|
|
1196
984
|
//
|
@@ -1214,12 +1002,16 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
|
|
1214
1002
|
{
|
1215
1003
|
if(value != "*")
|
1216
1004
|
{
|
1005
|
+
if(value.find(':', 0) == string::npos)
|
1006
|
+
{
|
1007
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no key in `" + value + "'");
|
1008
|
+
}
|
1217
1009
|
size_t start = 0;
|
1218
1010
|
size_t pos;
|
1219
1011
|
while((pos = value.find(':', start)) != string::npos)
|
1220
1012
|
{
|
1221
1013
|
string field = IceUtilInternal::toUpper(IceUtilInternal::trim(value.substr(start, pos - start)));
|
1222
|
-
if(field != "SUBJECT" && field != "SUBJECTDN" && field != "ISSUER" && field != "ISSUERDN" &&
|
1014
|
+
if(field != "SUBJECT" && field != "SUBJECTDN" && field != "ISSUER" && field != "ISSUERDN" &&
|
1223
1015
|
field != "THUMBPRINT" && field != "SUBJECTKEYID" && field != "SERIAL")
|
1224
1016
|
{
|
1225
1017
|
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: unknown key in `" + value + "'");
|
@@ -1230,10 +1022,11 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
|
|
1230
1022
|
{
|
1231
1023
|
++start;
|
1232
1024
|
}
|
1233
|
-
|
1025
|
+
|
1234
1026
|
if(start == value.size())
|
1235
1027
|
{
|
1236
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1028
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1029
|
+
"IceSSL: missing argument in `" + value + "'");
|
1237
1030
|
}
|
1238
1031
|
|
1239
1032
|
string arg;
|
@@ -1251,7 +1044,7 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
|
|
1251
1044
|
}
|
1252
1045
|
if(end == value.size() || value[end] != value[start])
|
1253
1046
|
{
|
1254
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1047
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1255
1048
|
"IceSSL: unmatched quote in `" + value + "'");
|
1256
1049
|
}
|
1257
1050
|
++start;
|
@@ -1276,7 +1069,7 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
|
|
1276
1069
|
tmpStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0);
|
1277
1070
|
if(!tmpStore)
|
1278
1071
|
{
|
1279
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1072
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1280
1073
|
"IceSSL: error adding certificate to store:\n" + IceUtilInternal::lastErrorToString());
|
1281
1074
|
}
|
1282
1075
|
|
@@ -1289,35 +1082,45 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
|
|
1289
1082
|
else if(field == "SUBJECTDN" || field == "ISSUERDN")
|
1290
1083
|
{
|
1291
1084
|
const wstring argW = stringToWstring(arg);
|
1292
|
-
DWORD
|
1293
|
-
|
1294
|
-
|
1085
|
+
DWORD flags[] = {
|
1086
|
+
CERT_OID_NAME_STR,
|
1087
|
+
CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
|
1088
|
+
CERT_OID_NAME_STR | CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG,
|
1089
|
+
CERT_OID_NAME_STR | CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG | CERT_NAME_STR_REVERSE_FLAG
|
1090
|
+
};
|
1091
|
+
for(size_t i = 0; i < sizeof(flags) / sizeof(DWORD); ++i)
|
1295
1092
|
{
|
1296
|
-
|
1297
|
-
|
1298
|
-
|
1299
|
-
|
1093
|
+
DWORD length = 0;
|
1094
|
+
if(!CertStrToNameW(X509_ASN_ENCODING, argW.c_str(), flags[i], 0, 0, &length, 0))
|
1095
|
+
{
|
1096
|
+
throw PluginInitializationException(
|
1097
|
+
__FILE__, __LINE__,
|
1098
|
+
"IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property:\n" +
|
1099
|
+
IceUtilInternal::lastErrorToString());
|
1100
|
+
}
|
1300
1101
|
|
1301
|
-
|
1302
|
-
|
1303
|
-
|
1304
|
-
|
1305
|
-
|
1306
|
-
|
1307
|
-
|
1308
|
-
|
1102
|
+
vector<BYTE> buffer(length);
|
1103
|
+
if(!CertStrToNameW(X509_ASN_ENCODING, argW.c_str(), flags[i], 0, &buffer[0], &length, 0))
|
1104
|
+
{
|
1105
|
+
throw PluginInitializationException(
|
1106
|
+
__FILE__, __LINE__,
|
1107
|
+
"IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property:\n" +
|
1108
|
+
IceUtilInternal::lastErrorToString());
|
1109
|
+
}
|
1309
1110
|
|
1310
|
-
|
1311
|
-
|
1312
|
-
|
1111
|
+
CERT_NAME_BLOB name = { length, &buffer[0] };
|
1112
|
+
|
1113
|
+
DWORD findType = field == "SUBJECTDN" ? CERT_FIND_SUBJECT_NAME : CERT_FIND_ISSUER_NAME;
|
1114
|
+
addMatchingCertificates(store, tmpStore, findType, &name);
|
1115
|
+
}
|
1313
1116
|
}
|
1314
1117
|
else if(field == "THUMBPRINT" || field == "SUBJECTKEYID")
|
1315
1118
|
{
|
1316
1119
|
vector<BYTE> buffer;
|
1317
1120
|
if(!parseBytes(arg, buffer))
|
1318
1121
|
{
|
1319
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1320
|
-
"IceSSL: invalid
|
1122
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1123
|
+
"IceSSL: invalid `IceSSL.FindCert' property: can't decode the value");
|
1321
1124
|
}
|
1322
1125
|
|
1323
1126
|
CRYPT_HASH_BLOB hash = { static_cast<DWORD>(buffer.size()), &buffer[0] };
|
@@ -1329,22 +1132,22 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
|
|
1329
1132
|
vector<BYTE> buffer;
|
1330
1133
|
if(!parseBytes(arg, buffer))
|
1331
1134
|
{
|
1332
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1333
|
-
"IceSSL: invalid value `" + value + "' for
|
1135
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1136
|
+
"IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property");
|
1334
1137
|
}
|
1335
|
-
|
1138
|
+
|
1336
1139
|
CRYPT_INTEGER_BLOB serial = { static_cast<DWORD>(buffer.size()), &buffer[0] };
|
1337
1140
|
PCCERT_CONTEXT next = 0;
|
1338
1141
|
do
|
1339
1142
|
{
|
1340
|
-
if((next = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0,
|
1143
|
+
if((next = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0,
|
1341
1144
|
CERT_FIND_ANY, 0, next)))
|
1342
1145
|
{
|
1343
1146
|
if(CertCompareIntegerBlob(&serial, &next->pCertInfo->SerialNumber))
|
1344
1147
|
{
|
1345
1148
|
if(!CertAddCertificateContextToStore(tmpStore, next, CERT_STORE_ADD_ALWAYS, 0))
|
1346
1149
|
{
|
1347
|
-
throw PluginInitializationException(__FILE__, __LINE__,
|
1150
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1348
1151
|
"IceSSL: error adding certificate to store:\n" +
|
1349
1152
|
IceUtilInternal::lastErrorToString());
|
1350
1153
|
}
|
@@ -1378,8 +1181,8 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
|
|
1378
1181
|
{
|
1379
1182
|
PCCERT_CONTEXT next = 0;
|
1380
1183
|
do
|
1381
|
-
{
|
1382
|
-
if((next = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, 0,
|
1184
|
+
{
|
1185
|
+
if((next = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, 0,
|
1383
1186
|
next)))
|
1384
1187
|
{
|
1385
1188
|
certs.push_back(next);
|
@@ -1393,31 +1196,35 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
|
|
1393
1196
|
#endif
|
1394
1197
|
|
1395
1198
|
bool
|
1396
|
-
IceSSL::checkPath(string& path, const string& defaultDir, bool dir)
|
1199
|
+
IceSSL::checkPath(const string& path, const string& defaultDir, bool dir, string& resolved)
|
1397
1200
|
{
|
1398
|
-
|
1399
|
-
// Check if file exists. If not, try prepending the default
|
1400
|
-
// directory and check again. If the path exists, the string
|
1401
|
-
// argument is modified and true is returned. Otherwise
|
1402
|
-
// false is returned.
|
1403
|
-
//
|
1404
|
-
IceUtilInternal::structstat st;
|
1405
|
-
int err = IceUtilInternal::stat(path, &st);
|
1406
|
-
if(err == 0)
|
1201
|
+
if(IceUtilInternal::isAbsolutePath(path))
|
1407
1202
|
{
|
1408
|
-
|
1203
|
+
if((dir && IceUtilInternal::directoryExists(path)) || (!dir && IceUtilInternal::fileExists(path)))
|
1204
|
+
{
|
1205
|
+
resolved = path;
|
1206
|
+
return true;
|
1207
|
+
}
|
1208
|
+
return false;
|
1409
1209
|
}
|
1410
1210
|
|
1211
|
+
//
|
1212
|
+
// If a default directory is provided, the given path is relative to the default directory.
|
1213
|
+
//
|
1214
|
+
string tmp;
|
1411
1215
|
if(!defaultDir.empty())
|
1412
1216
|
{
|
1413
|
-
|
1414
|
-
|
1415
|
-
|
1416
|
-
|
1417
|
-
|
1418
|
-
return true;
|
1419
|
-
}
|
1217
|
+
tmp = defaultDir + IceUtilInternal::separator + path;
|
1218
|
+
}
|
1219
|
+
else
|
1220
|
+
{
|
1221
|
+
tmp = path;
|
1420
1222
|
}
|
1421
1223
|
|
1224
|
+
if((dir && IceUtilInternal::directoryExists(tmp)) || (!dir && IceUtilInternal::fileExists(tmp)))
|
1225
|
+
{
|
1226
|
+
resolved = tmp;
|
1227
|
+
return true;
|
1228
|
+
}
|
1422
1229
|
return false;
|
1423
1230
|
}
|