zeroc-ice 3.6b1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/ICE_LICENSE +54 -0
- data/LICENSE +339 -0
- data/bin/slice2rb +17 -0
- data/ext/Communicator.cpp +596 -0
- data/ext/Communicator.h +25 -0
- data/ext/Config.h +111 -0
- data/ext/Connection.cpp +381 -0
- data/ext/Connection.h +26 -0
- data/ext/Endpoint.cpp +311 -0
- data/ext/Endpoint.h +27 -0
- data/ext/ImplicitContext.cpp +152 -0
- data/ext/ImplicitContext.h +25 -0
- data/ext/Init.cpp +52 -0
- data/ext/Logger.cpp +151 -0
- data/ext/Logger.h +28 -0
- data/ext/ObjectFactory.cpp +140 -0
- data/ext/ObjectFactory.h +50 -0
- data/ext/Operation.cpp +676 -0
- data/ext/Operation.h +36 -0
- data/ext/Properties.cpp +369 -0
- data/ext/Properties.h +25 -0
- data/ext/Proxy.cpp +1354 -0
- data/ext/Proxy.h +27 -0
- data/ext/Slice.cpp +223 -0
- data/ext/Slice.h +22 -0
- data/ext/Types.cpp +3160 -0
- data/ext/Types.h +545 -0
- data/ext/Util.cpp +792 -0
- data/ext/Util.h +511 -0
- data/ext/extconf.rb +118 -0
- data/ext/ice/BZIP_LICENSE +42 -0
- data/ext/ice/MCPP_LICENSE +36 -0
- data/ext/ice/bzip2/blocksort.c +1094 -0
- data/ext/ice/bzip2/bzlib.c +1572 -0
- data/ext/ice/bzip2/bzlib.h +282 -0
- data/ext/ice/bzip2/bzlib_private.h +509 -0
- data/ext/ice/bzip2/compress.c +672 -0
- data/ext/ice/bzip2/crctable.c +104 -0
- data/ext/ice/bzip2/decompress.c +646 -0
- data/ext/ice/bzip2/huffman.c +205 -0
- data/ext/ice/bzip2/randtable.c +84 -0
- data/ext/ice/cpp/include/Ice/ACMF.h +30 -0
- data/ext/ice/cpp/include/Ice/Application.h +156 -0
- data/ext/ice/cpp/include/Ice/AsyncResult.h +363 -0
- data/ext/ice/cpp/include/Ice/AsyncResultF.h +26 -0
- data/ext/ice/cpp/include/Ice/BasicStream.h +1315 -0
- data/ext/ice/cpp/include/Ice/Buffer.h +159 -0
- data/ext/ice/cpp/include/Ice/BuiltinSequences.h +74 -0
- data/ext/ice/cpp/include/Ice/Communicator.h +194 -0
- data/ext/ice/cpp/include/Ice/CommunicatorAsync.h +115 -0
- data/ext/ice/cpp/include/Ice/CommunicatorF.h +60 -0
- data/ext/ice/cpp/include/Ice/Config.h +97 -0
- data/ext/ice/cpp/include/Ice/Connection.h +495 -0
- data/ext/ice/cpp/include/Ice/ConnectionAsync.h +115 -0
- data/ext/ice/cpp/include/Ice/ConnectionF.h +72 -0
- data/ext/ice/cpp/include/Ice/ConnectionFactoryF.h +30 -0
- data/ext/ice/cpp/include/Ice/ConnectionIF.h +37 -0
- data/ext/ice/cpp/include/Ice/Current.h +94 -0
- data/ext/ice/cpp/include/Ice/DefaultObjectFactory.h +48 -0
- data/ext/ice/cpp/include/Ice/DeprecatedStringConverter.h +62 -0
- data/ext/ice/cpp/include/Ice/DispatchInterceptor.h +33 -0
- data/ext/ice/cpp/include/Ice/Dispatcher.h +51 -0
- data/ext/ice/cpp/include/Ice/DynamicLibrary.h +105 -0
- data/ext/ice/cpp/include/Ice/DynamicLibraryF.h +29 -0
- data/ext/ice/cpp/include/Ice/Endpoint.h +350 -0
- data/ext/ice/cpp/include/Ice/EndpointF.h +97 -0
- data/ext/ice/cpp/include/Ice/EndpointTypes.h +74 -0
- data/ext/ice/cpp/include/Ice/Exception.h +114 -0
- data/ext/ice/cpp/include/Ice/FacetMap.h +56 -0
- data/ext/ice/cpp/include/Ice/FactoryTable.h +69 -0
- data/ext/ice/cpp/include/Ice/FactoryTableInit.h +87 -0
- data/ext/ice/cpp/include/Ice/Format.h +39 -0
- data/ext/ice/cpp/include/Ice/Functional.h +138 -0
- data/ext/ice/cpp/include/Ice/GCObject.h +73 -0
- data/ext/ice/cpp/include/Ice/Handle.h +192 -0
- data/ext/ice/cpp/include/Ice/Ice.h +54 -0
- data/ext/ice/cpp/include/Ice/Identity.h +160 -0
- data/ext/ice/cpp/include/Ice/ImplicitContext.h +96 -0
- data/ext/ice/cpp/include/Ice/ImplicitContextF.h +60 -0
- data/ext/ice/cpp/include/Ice/Incoming.h +131 -0
- data/ext/ice/cpp/include/Ice/IncomingAsync.h +108 -0
- data/ext/ice/cpp/include/Ice/IncomingAsyncF.h +35 -0
- data/ext/ice/cpp/include/Ice/Initialize.h +141 -0
- data/ext/ice/cpp/include/Ice/InstanceF.h +26 -0
- data/ext/ice/cpp/include/Ice/Instrumentation.h +377 -0
- data/ext/ice/cpp/include/Ice/InstrumentationF.h +71 -0
- data/ext/ice/cpp/include/Ice/LocalException.h +1022 -0
- data/ext/ice/cpp/include/Ice/LocalObject.h +36 -0
- data/ext/ice/cpp/include/Ice/LocalObjectF.h +26 -0
- data/ext/ice/cpp/include/Ice/Locator.h +2191 -0
- data/ext/ice/cpp/include/Ice/LocatorF.h +89 -0
- data/ext/ice/cpp/include/Ice/Logger.h +94 -0
- data/ext/ice/cpp/include/Ice/LoggerF.h +60 -0
- data/ext/ice/cpp/include/Ice/LoggerUtil.h +153 -0
- data/ext/ice/cpp/include/Ice/Makefile +26 -0
- data/ext/ice/cpp/include/Ice/Metrics.h +2989 -0
- data/ext/ice/cpp/include/Ice/MetricsAdminI.h +662 -0
- data/ext/ice/cpp/include/Ice/MetricsFunctional.h +144 -0
- data/ext/ice/cpp/include/Ice/MetricsObserverI.h +576 -0
- data/ext/ice/cpp/include/Ice/NativePropertiesAdmin.h +55 -0
- data/ext/ice/cpp/include/Ice/Object.h +165 -0
- data/ext/ice/cpp/include/Ice/ObjectAdapter.h +162 -0
- data/ext/ice/cpp/include/Ice/ObjectAdapterF.h +60 -0
- data/ext/ice/cpp/include/Ice/ObjectAdapterFactoryF.h +26 -0
- data/ext/ice/cpp/include/Ice/ObjectF.h +26 -0
- data/ext/ice/cpp/include/Ice/ObjectFactory.h +86 -0
- data/ext/ice/cpp/include/Ice/ObjectFactoryF.h +60 -0
- data/ext/ice/cpp/include/Ice/ObjectFactoryManagerF.h +26 -0
- data/ext/ice/cpp/include/Ice/ObserverHelper.h +177 -0
- data/ext/ice/cpp/include/Ice/Outgoing.h +197 -0
- data/ext/ice/cpp/include/Ice/OutgoingAsync.h +264 -0
- data/ext/ice/cpp/include/Ice/OutgoingAsyncF.h +38 -0
- data/ext/ice/cpp/include/Ice/Plugin.h +121 -0
- data/ext/ice/cpp/include/Ice/PluginF.h +66 -0
- data/ext/ice/cpp/include/Ice/Process.h +568 -0
- data/ext/ice/cpp/include/Ice/ProcessF.h +77 -0
- data/ext/ice/cpp/include/Ice/Properties.h +130 -0
- data/ext/ice/cpp/include/Ice/PropertiesAdmin.h +824 -0
- data/ext/ice/cpp/include/Ice/PropertiesF.h +83 -0
- data/ext/ice/cpp/include/Ice/Protocol.h +242 -0
- data/ext/ice/cpp/include/Ice/Proxy.h +2448 -0
- data/ext/ice/cpp/include/Ice/ProxyF.h +78 -0
- data/ext/ice/cpp/include/Ice/ProxyFactoryF.h +26 -0
- data/ext/ice/cpp/include/Ice/ProxyHandle.h +330 -0
- data/ext/ice/cpp/include/Ice/ReferenceF.h +34 -0
- data/ext/ice/cpp/include/Ice/RemoteLogger.h +1496 -0
- data/ext/ice/cpp/include/Ice/RequestHandlerF.h +29 -0
- data/ext/ice/cpp/include/Ice/ResponseHandlerF.h +25 -0
- data/ext/ice/cpp/include/Ice/Router.h +1155 -0
- data/ext/ice/cpp/include/Ice/RouterF.h +77 -0
- data/ext/ice/cpp/include/Ice/ServantLocator.h +90 -0
- data/ext/ice/cpp/include/Ice/ServantLocatorF.h +60 -0
- data/ext/ice/cpp/include/Ice/ServantManagerF.h +26 -0
- data/ext/ice/cpp/include/Ice/Service.h +260 -0
- data/ext/ice/cpp/include/Ice/SliceChecksumDict.h +56 -0
- data/ext/ice/cpp/include/Ice/SliceChecksums.h +34 -0
- data/ext/ice/cpp/include/Ice/SlicedData.h +103 -0
- data/ext/ice/cpp/include/Ice/SlicedDataF.h +34 -0
- data/ext/ice/cpp/include/Ice/Stream.h +449 -0
- data/ext/ice/cpp/include/Ice/StreamF.h +30 -0
- data/ext/ice/cpp/include/Ice/StreamHelpers.h +877 -0
- data/ext/ice/cpp/include/Ice/ThreadPoolF.h +28 -0
- data/ext/ice/cpp/include/Ice/UserExceptionFactory.h +56 -0
- data/ext/ice/cpp/include/Ice/Version.h +254 -0
- data/ext/ice/cpp/include/IceSSL/Config.h +23 -0
- data/ext/ice/cpp/include/IceSSL/ConnectionInfo.h +119 -0
- data/ext/ice/cpp/include/IceSSL/EndpointInfo.h +101 -0
- data/ext/ice/cpp/include/IceSSL/IceSSL.h +22 -0
- data/ext/ice/cpp/include/IceSSL/Makefile +26 -0
- data/ext/ice/cpp/include/IceSSL/Plugin.h +558 -0
- data/ext/ice/cpp/include/IceUtil/AbstractMutex.h +119 -0
- data/ext/ice/cpp/include/IceUtil/Cache.h +362 -0
- data/ext/ice/cpp/include/IceUtil/Cond.h +323 -0
- data/ext/ice/cpp/include/IceUtil/Config.h +234 -0
- data/ext/ice/cpp/include/IceUtil/CountDownLatch.h +50 -0
- data/ext/ice/cpp/include/IceUtil/CtrlCHandler.h +70 -0
- data/ext/ice/cpp/include/IceUtil/DisableWarnings.h +45 -0
- data/ext/ice/cpp/include/IceUtil/Exception.h +184 -0
- data/ext/ice/cpp/include/IceUtil/Functional.h +389 -0
- data/ext/ice/cpp/include/IceUtil/Handle.h +266 -0
- data/ext/ice/cpp/include/IceUtil/IceUtil.h +51 -0
- data/ext/ice/cpp/include/IceUtil/IconvStringConverter.h +302 -0
- data/ext/ice/cpp/include/IceUtil/InputUtil.h +47 -0
- data/ext/ice/cpp/include/IceUtil/Iterator.h +36 -0
- data/ext/ice/cpp/include/IceUtil/Lock.h +135 -0
- data/ext/ice/cpp/include/IceUtil/Makefile +26 -0
- data/ext/ice/cpp/include/IceUtil/Monitor.h +249 -0
- data/ext/ice/cpp/include/IceUtil/Mutex.h +357 -0
- data/ext/ice/cpp/include/IceUtil/MutexProtocol.h +28 -0
- data/ext/ice/cpp/include/IceUtil/MutexPtrLock.h +83 -0
- data/ext/ice/cpp/include/IceUtil/MutexPtrTryLock.h +82 -0
- data/ext/ice/cpp/include/IceUtil/Optional.h +322 -0
- data/ext/ice/cpp/include/IceUtil/Options.h +141 -0
- data/ext/ice/cpp/include/IceUtil/OutputUtil.h +362 -0
- data/ext/ice/cpp/include/IceUtil/PopDisableWarnings.h +19 -0
- data/ext/ice/cpp/include/IceUtil/PushDisableWarnings.h +26 -0
- data/ext/ice/cpp/include/IceUtil/Random.h +24 -0
- data/ext/ice/cpp/include/IceUtil/RecMutex.h +113 -0
- data/ext/ice/cpp/include/IceUtil/SHA1.h +65 -0
- data/ext/ice/cpp/include/IceUtil/ScannerConfig.h +44 -0
- data/ext/ice/cpp/include/IceUtil/ScopedArray.h +97 -0
- data/ext/ice/cpp/include/IceUtil/Shared.h +168 -0
- data/ext/ice/cpp/include/IceUtil/StringConverter.h +175 -0
- data/ext/ice/cpp/include/IceUtil/StringUtil.h +91 -0
- data/ext/ice/cpp/include/IceUtil/Thread.h +181 -0
- data/ext/ice/cpp/include/IceUtil/ThreadException.h +108 -0
- data/ext/ice/cpp/include/IceUtil/Time.h +209 -0
- data/ext/ice/cpp/include/IceUtil/Timer.h +143 -0
- data/ext/ice/cpp/include/IceUtil/UUID.h +22 -0
- data/ext/ice/cpp/include/IceUtil/UndefSysMacros.h +42 -0
- data/ext/ice/cpp/include/IceUtil/UniquePtr.h +101 -0
- data/ext/ice/cpp/include/Slice/CPlusPlusUtil.h +64 -0
- data/ext/ice/cpp/include/Slice/Checksum.h +26 -0
- data/ext/ice/cpp/include/Slice/CsUtil.h +92 -0
- data/ext/ice/cpp/include/Slice/DotNetNames.h +34 -0
- data/ext/ice/cpp/include/Slice/FileTracker.h +71 -0
- data/ext/ice/cpp/include/Slice/JavaUtil.h +277 -0
- data/ext/ice/cpp/include/Slice/Makefile +26 -0
- data/ext/ice/cpp/include/Slice/PHPUtil.h +50 -0
- data/ext/ice/cpp/include/Slice/Parser.h +1116 -0
- data/ext/ice/cpp/include/Slice/Preprocessor.h +68 -0
- data/ext/ice/cpp/include/Slice/PythonUtil.h +64 -0
- data/ext/ice/cpp/include/Slice/RubyUtil.h +54 -0
- data/ext/ice/cpp/include/Slice/Util.h +33 -0
- data/ext/ice/cpp/src/Ice/ACM.cpp +343 -0
- data/ext/ice/cpp/src/Ice/ACM.h +117 -0
- data/ext/ice/cpp/src/Ice/Acceptor.cpp +16 -0
- data/ext/ice/cpp/src/Ice/Acceptor.h +41 -0
- data/ext/ice/cpp/src/Ice/AcceptorF.h +30 -0
- data/ext/ice/cpp/src/Ice/Application.cpp +760 -0
- data/ext/ice/cpp/src/Ice/AsyncResult.cpp +599 -0
- data/ext/ice/cpp/src/Ice/Base64.cpp +269 -0
- data/ext/ice/cpp/src/Ice/Base64.h +36 -0
- data/ext/ice/cpp/src/Ice/BasicStream.cpp +3393 -0
- data/ext/ice/cpp/src/Ice/Buffer.cpp +98 -0
- data/ext/ice/cpp/src/Ice/BuiltinSequences.cpp +34 -0
- data/ext/ice/cpp/src/Ice/CollocatedRequestHandler.cpp +718 -0
- data/ext/ice/cpp/src/Ice/CollocatedRequestHandler.h +106 -0
- data/ext/ice/cpp/src/Ice/Communicator.cpp +45 -0
- data/ext/ice/cpp/src/Ice/CommunicatorF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/CommunicatorI.cpp +386 -0
- data/ext/ice/cpp/src/Ice/CommunicatorI.h +112 -0
- data/ext/ice/cpp/src/Ice/ConnectRequestHandler.cpp +546 -0
- data/ext/ice/cpp/src/Ice/ConnectRequestHandler.h +97 -0
- data/ext/ice/cpp/src/Ice/Connection.cpp +58 -0
- data/ext/ice/cpp/src/Ice/ConnectionF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/ConnectionFactory.cpp +1639 -0
- data/ext/ice/cpp/src/Ice/ConnectionFactory.h +236 -0
- data/ext/ice/cpp/src/Ice/ConnectionI.cpp +3876 -0
- data/ext/ice/cpp/src/Ice/ConnectionI.h +364 -0
- data/ext/ice/cpp/src/Ice/ConnectionRequestHandler.cpp +115 -0
- data/ext/ice/cpp/src/Ice/ConnectionRequestHandler.h +50 -0
- data/ext/ice/cpp/src/Ice/Connector.cpp +16 -0
- data/ext/ice/cpp/src/Ice/Connector.h +36 -0
- data/ext/ice/cpp/src/Ice/ConnectorF.h +26 -0
- data/ext/ice/cpp/src/Ice/Current.cpp +38 -0
- data/ext/ice/cpp/src/Ice/DefaultsAndOverrides.cpp +168 -0
- data/ext/ice/cpp/src/Ice/DefaultsAndOverrides.h +57 -0
- data/ext/ice/cpp/src/Ice/DefaultsAndOverridesF.h +26 -0
- data/ext/ice/cpp/src/Ice/DeprecatedStringConverter.cpp +60 -0
- data/ext/ice/cpp/src/Ice/DispatchInterceptor.cpp +49 -0
- data/ext/ice/cpp/src/Ice/DynamicLibrary.cpp +281 -0
- data/ext/ice/cpp/src/Ice/Endpoint.cpp +53 -0
- data/ext/ice/cpp/src/Ice/EndpointF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/EndpointFactory.cpp +25 -0
- data/ext/ice/cpp/src/Ice/EndpointFactory.h +44 -0
- data/ext/ice/cpp/src/Ice/EndpointFactoryF.h +26 -0
- data/ext/ice/cpp/src/Ice/EndpointFactoryManager.cpp +208 -0
- data/ext/ice/cpp/src/Ice/EndpointFactoryManager.h +46 -0
- data/ext/ice/cpp/src/Ice/EndpointFactoryManagerF.h +26 -0
- data/ext/ice/cpp/src/Ice/EndpointI.cpp +87 -0
- data/ext/ice/cpp/src/Ice/EndpointI.h +165 -0
- data/ext/ice/cpp/src/Ice/EndpointIF.h +41 -0
- data/ext/ice/cpp/src/Ice/EndpointTypes.cpp +38 -0
- data/ext/ice/cpp/src/Ice/EventHandler.cpp +35 -0
- data/ext/ice/cpp/src/Ice/EventHandler.h +78 -0
- data/ext/ice/cpp/src/Ice/EventHandlerF.h +26 -0
- data/ext/ice/cpp/src/Ice/EventLoggerMsg.h +53 -0
- data/ext/ice/cpp/src/Ice/Exception.cpp +832 -0
- data/ext/ice/cpp/src/Ice/FacetMap.cpp +34 -0
- data/ext/ice/cpp/src/Ice/FactoryTable.cpp +158 -0
- data/ext/ice/cpp/src/Ice/FactoryTableInit.cpp +95 -0
- data/ext/ice/cpp/src/Ice/GCObject.cpp +444 -0
- data/ext/ice/cpp/src/Ice/HashUtil.h +59 -0
- data/ext/ice/cpp/src/Ice/HttpParser.cpp +680 -0
- data/ext/ice/cpp/src/Ice/HttpParser.h +124 -0
- data/ext/ice/cpp/src/Ice/IPEndpointI.cpp +733 -0
- data/ext/ice/cpp/src/Ice/IPEndpointI.h +157 -0
- data/ext/ice/cpp/src/Ice/IPEndpointIF.h +29 -0
- data/ext/ice/cpp/src/Ice/Identity.cpp +42 -0
- data/ext/ice/cpp/src/Ice/ImplicitContext.cpp +41 -0
- data/ext/ice/cpp/src/Ice/ImplicitContextF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/ImplicitContextI.cpp +639 -0
- data/ext/ice/cpp/src/Ice/ImplicitContextI.h +51 -0
- data/ext/ice/cpp/src/Ice/Incoming.cpp +757 -0
- data/ext/ice/cpp/src/Ice/IncomingAsync.cpp +340 -0
- data/ext/ice/cpp/src/Ice/IncomingRequest.h +37 -0
- data/ext/ice/cpp/src/Ice/Initialize.cpp +401 -0
- data/ext/ice/cpp/src/Ice/Instance.cpp +1928 -0
- data/ext/ice/cpp/src/Ice/Instance.h +198 -0
- data/ext/ice/cpp/src/Ice/Instrumentation.cpp +68 -0
- data/ext/ice/cpp/src/Ice/InstrumentationF.cpp +43 -0
- data/ext/ice/cpp/src/Ice/InstrumentationI.cpp +1083 -0
- data/ext/ice/cpp/src/Ice/InstrumentationI.h +262 -0
- data/ext/ice/cpp/src/Ice/LocalException.cpp +2091 -0
- data/ext/ice/cpp/src/Ice/LocalObject.cpp +29 -0
- data/ext/ice/cpp/src/Ice/Locator.cpp +1946 -0
- data/ext/ice/cpp/src/Ice/LocatorF.cpp +39 -0
- data/ext/ice/cpp/src/Ice/LocatorInfo.cpp +917 -0
- data/ext/ice/cpp/src/Ice/LocatorInfo.h +193 -0
- data/ext/ice/cpp/src/Ice/LocatorInfoF.h +34 -0
- data/ext/ice/cpp/src/Ice/Logger.cpp +40 -0
- data/ext/ice/cpp/src/Ice/LoggerAdminI.cpp +862 -0
- data/ext/ice/cpp/src/Ice/LoggerAdminI.h +46 -0
- data/ext/ice/cpp/src/Ice/LoggerF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/LoggerI.cpp +199 -0
- data/ext/ice/cpp/src/Ice/LoggerI.h +57 -0
- data/ext/ice/cpp/src/Ice/LoggerUtil.cpp +107 -0
- data/ext/ice/cpp/src/Ice/Makefile +190 -0
- data/ext/ice/cpp/src/Ice/Metrics.cpp +2159 -0
- data/ext/ice/cpp/src/Ice/MetricsAdminI.cpp +669 -0
- data/ext/ice/cpp/src/Ice/MetricsObserverI.cpp +14 -0
- data/ext/ice/cpp/src/Ice/Network.cpp +2694 -0
- data/ext/ice/cpp/src/Ice/Network.h +291 -0
- data/ext/ice/cpp/src/Ice/NetworkF.h +28 -0
- data/ext/ice/cpp/src/Ice/NetworkProxy.cpp +325 -0
- data/ext/ice/cpp/src/Ice/NetworkProxy.h +74 -0
- data/ext/ice/cpp/src/Ice/NetworkProxyF.h +26 -0
- data/ext/ice/cpp/src/Ice/Object.cpp +440 -0
- data/ext/ice/cpp/src/Ice/ObjectAdapter.cpp +41 -0
- data/ext/ice/cpp/src/Ice/ObjectAdapterF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.cpp +241 -0
- data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.h +52 -0
- data/ext/ice/cpp/src/Ice/ObjectAdapterI.cpp +1498 -0
- data/ext/ice/cpp/src/Ice/ObjectAdapterI.h +155 -0
- data/ext/ice/cpp/src/Ice/ObjectFactory.cpp +41 -0
- data/ext/ice/cpp/src/Ice/ObjectFactoryF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/ObjectFactoryManager.cpp +140 -0
- data/ext/ice/cpp/src/Ice/ObjectFactoryManager.h +43 -0
- data/ext/ice/cpp/src/Ice/ObserverHelper.cpp +84 -0
- data/ext/ice/cpp/src/Ice/OpaqueEndpointI.cpp +407 -0
- data/ext/ice/cpp/src/Ice/OpaqueEndpointI.h +70 -0
- data/ext/ice/cpp/src/Ice/Outgoing.cpp +737 -0
- data/ext/ice/cpp/src/Ice/OutgoingAsync.cpp +874 -0
- data/ext/ice/cpp/src/Ice/Plugin.cpp +43 -0
- data/ext/ice/cpp/src/Ice/PluginF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/PluginManagerI.cpp +503 -0
- data/ext/ice/cpp/src/Ice/PluginManagerI.h +67 -0
- data/ext/ice/cpp/src/Ice/Process.cpp +299 -0
- data/ext/ice/cpp/src/Ice/ProcessF.cpp +39 -0
- data/ext/ice/cpp/src/Ice/Properties.cpp +45 -0
- data/ext/ice/cpp/src/Ice/PropertiesAdmin.cpp +555 -0
- data/ext/ice/cpp/src/Ice/PropertiesAdminI.cpp +207 -0
- data/ext/ice/cpp/src/Ice/PropertiesAdminI.h +45 -0
- data/ext/ice/cpp/src/Ice/PropertiesF.cpp +39 -0
- data/ext/ice/cpp/src/Ice/PropertiesI.cpp +759 -0
- data/ext/ice/cpp/src/Ice/PropertiesI.h +78 -0
- data/ext/ice/cpp/src/Ice/PropertyNames.cpp +1293 -0
- data/ext/ice/cpp/src/Ice/PropertyNames.h +81 -0
- data/ext/ice/cpp/src/Ice/Protocol.cpp +137 -0
- data/ext/ice/cpp/src/Ice/ProtocolInstance.cpp +98 -0
- data/ext/ice/cpp/src/Ice/ProtocolInstance.h +91 -0
- data/ext/ice/cpp/src/Ice/ProtocolInstanceF.h +26 -0
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacade.cpp +51 -0
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacade.h +67 -0
- data/ext/ice/cpp/src/Ice/ProtocolPluginFacadeF.h +26 -0
- data/ext/ice/cpp/src/Ice/Proxy.cpp +1810 -0
- data/ext/ice/cpp/src/Ice/ProxyFactory.cpp +305 -0
- data/ext/ice/cpp/src/Ice/ProxyFactory.h +57 -0
- data/ext/ice/cpp/src/Ice/Reference.cpp +1947 -0
- data/ext/ice/cpp/src/Ice/Reference.h +305 -0
- data/ext/ice/cpp/src/Ice/ReferenceFactory.cpp +937 -0
- data/ext/ice/cpp/src/Ice/ReferenceFactory.h +81 -0
- data/ext/ice/cpp/src/Ice/ReferenceFactoryF.h +24 -0
- data/ext/ice/cpp/src/Ice/RemoteLogger.cpp +958 -0
- data/ext/ice/cpp/src/Ice/ReplyStatus.h +29 -0
- data/ext/ice/cpp/src/Ice/RequestHandler.cpp +40 -0
- data/ext/ice/cpp/src/Ice/RequestHandler.h +90 -0
- data/ext/ice/cpp/src/Ice/RequestHandlerFactory.cpp +70 -0
- data/ext/ice/cpp/src/Ice/RequestHandlerFactory.h +41 -0
- data/ext/ice/cpp/src/Ice/ResponseHandler.cpp +20 -0
- data/ext/ice/cpp/src/Ice/ResponseHandler.h +39 -0
- data/ext/ice/cpp/src/Ice/RetryQueue.cpp +154 -0
- data/ext/ice/cpp/src/Ice/RetryQueue.h +69 -0
- data/ext/ice/cpp/src/Ice/RetryQueueF.h +24 -0
- data/ext/ice/cpp/src/Ice/Router.cpp +849 -0
- data/ext/ice/cpp/src/Ice/RouterF.cpp +39 -0
- data/ext/ice/cpp/src/Ice/RouterInfo.cpp +381 -0
- data/ext/ice/cpp/src/Ice/RouterInfo.h +148 -0
- data/ext/ice/cpp/src/Ice/RouterInfoF.h +30 -0
- data/ext/ice/cpp/src/Ice/Selector.cpp +926 -0
- data/ext/ice/cpp/src/Ice/Selector.h +231 -0
- data/ext/ice/cpp/src/Ice/ServantLocator.cpp +41 -0
- data/ext/ice/cpp/src/Ice/ServantLocatorF.cpp +38 -0
- data/ext/ice/cpp/src/Ice/ServantManager.cpp +495 -0
- data/ext/ice/cpp/src/Ice/ServantManager.h +74 -0
- data/ext/ice/cpp/src/Ice/Service.cpp +1897 -0
- data/ext/ice/cpp/src/Ice/SharedContext.h +51 -0
- data/ext/ice/cpp/src/Ice/SliceChecksumDict.cpp +34 -0
- data/ext/ice/cpp/src/Ice/SliceChecksums.cpp +80 -0
- data/ext/ice/cpp/src/Ice/SlicedData.cpp +80 -0
- data/ext/ice/cpp/src/Ice/Stream.cpp +53 -0
- data/ext/ice/cpp/src/Ice/StreamI.cpp +832 -0
- data/ext/ice/cpp/src/Ice/StreamI.h +198 -0
- data/ext/ice/cpp/src/Ice/StreamSocket.cpp +521 -0
- data/ext/ice/cpp/src/Ice/StreamSocket.h +85 -0
- data/ext/ice/cpp/src/Ice/StringConverterPlugin.cpp +145 -0
- data/ext/ice/cpp/src/Ice/SysLoggerI.cpp +167 -0
- data/ext/ice/cpp/src/Ice/SysLoggerI.h +43 -0
- data/ext/ice/cpp/src/Ice/TcpAcceptor.cpp +235 -0
- data/ext/ice/cpp/src/Ice/TcpAcceptor.h +67 -0
- data/ext/ice/cpp/src/Ice/TcpConnector.cpp +133 -0
- data/ext/ice/cpp/src/Ice/TcpConnector.h +51 -0
- data/ext/ice/cpp/src/Ice/TcpEndpointI.cpp +397 -0
- data/ext/ice/cpp/src/Ice/TcpEndpointI.h +93 -0
- data/ext/ice/cpp/src/Ice/TcpTransceiver.cpp +127 -0
- data/ext/ice/cpp/src/Ice/TcpTransceiver.h +61 -0
- data/ext/ice/cpp/src/Ice/ThreadPool.cpp +1357 -0
- data/ext/ice/cpp/src/Ice/ThreadPool.h +399 -0
- data/ext/ice/cpp/src/Ice/TraceLevels.cpp +43 -0
- data/ext/ice/cpp/src/Ice/TraceLevels.h +50 -0
- data/ext/ice/cpp/src/Ice/TraceLevelsF.h +26 -0
- data/ext/ice/cpp/src/Ice/TraceUtil.cpp +452 -0
- data/ext/ice/cpp/src/Ice/TraceUtil.h +28 -0
- data/ext/ice/cpp/src/Ice/Transceiver.cpp +24 -0
- data/ext/ice/cpp/src/Ice/Transceiver.h +52 -0
- data/ext/ice/cpp/src/Ice/TransceiverF.h +38 -0
- data/ext/ice/cpp/src/Ice/UdpConnector.cpp +144 -0
- data/ext/ice/cpp/src/Ice/UdpConnector.h +51 -0
- data/ext/ice/cpp/src/Ice/UdpEndpointI.cpp +483 -0
- data/ext/ice/cpp/src/Ice/UdpEndpointI.h +95 -0
- data/ext/ice/cpp/src/Ice/UdpTransceiver.cpp +1156 -0
- data/ext/ice/cpp/src/Ice/UdpTransceiver.h +123 -0
- data/ext/ice/cpp/src/Ice/Version.cpp +46 -0
- data/ext/ice/cpp/src/Ice/WSAcceptor.cpp +103 -0
- data/ext/ice/cpp/src/Ice/WSAcceptor.h +61 -0
- data/ext/ice/cpp/src/Ice/WSConnector.cpp +113 -0
- data/ext/ice/cpp/src/Ice/WSConnector.h +51 -0
- data/ext/ice/cpp/src/Ice/WSEndpoint.cpp +441 -0
- data/ext/ice/cpp/src/Ice/WSEndpoint.h +97 -0
- data/ext/ice/cpp/src/Ice/WSTransceiver.cpp +1728 -0
- data/ext/ice/cpp/src/Ice/WSTransceiver.h +149 -0
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.cpp +594 -0
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.h +1035 -0
- data/ext/ice/cpp/src/IceDiscovery/LocatorI.cpp +208 -0
- data/ext/ice/cpp/src/IceDiscovery/LocatorI.h +78 -0
- data/ext/ice/cpp/src/IceDiscovery/LookupI.cpp +308 -0
- data/ext/ice/cpp/src/IceDiscovery/LookupI.h +183 -0
- data/ext/ice/cpp/src/IceDiscovery/Makefile +61 -0
- data/ext/ice/cpp/src/IceDiscovery/PluginI.cpp +148 -0
- data/ext/ice/cpp/src/IceDiscovery/PluginI.h +39 -0
- data/ext/ice/cpp/src/IceSSL/AcceptorI.cpp +258 -0
- data/ext/ice/cpp/src/IceSSL/AcceptorI.h +66 -0
- data/ext/ice/cpp/src/IceSSL/Certificate.cpp +1334 -0
- data/ext/ice/cpp/src/IceSSL/ConnectionInfo.cpp +42 -0
- data/ext/ice/cpp/src/IceSSL/ConnectorI.cpp +151 -0
- data/ext/ice/cpp/src/IceSSL/ConnectorI.h +56 -0
- data/ext/ice/cpp/src/IceSSL/EndpointI.cpp +397 -0
- data/ext/ice/cpp/src/IceSSL/EndpointI.h +96 -0
- data/ext/ice/cpp/src/IceSSL/EndpointInfo.cpp +41 -0
- data/ext/ice/cpp/src/IceSSL/Instance.cpp +38 -0
- data/ext/ice/cpp/src/IceSSL/Instance.h +42 -0
- data/ext/ice/cpp/src/IceSSL/InstanceF.h +34 -0
- data/ext/ice/cpp/src/IceSSL/Makefile +82 -0
- data/ext/ice/cpp/src/IceSSL/OpenSSLEngine.cpp +1001 -0
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +607 -0
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h +75 -0
- data/ext/ice/cpp/src/IceSSL/PluginI.cpp +102 -0
- data/ext/ice/cpp/src/IceSSL/PluginI.h +56 -0
- data/ext/ice/cpp/src/IceSSL/RFC2253.cpp +541 -0
- data/ext/ice/cpp/src/IceSSL/RFC2253.h +67 -0
- data/ext/ice/cpp/src/IceSSL/SChannelEngine.cpp +729 -0
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp +1062 -0
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h +130 -0
- data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp +291 -0
- data/ext/ice/cpp/src/IceSSL/SSLEngine.h +264 -0
- data/ext/ice/cpp/src/IceSSL/SSLEngineF.h +41 -0
- data/ext/ice/cpp/src/IceSSL/SecureTransportEngine.cpp +1514 -0
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +609 -0
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h +91 -0
- data/ext/ice/cpp/src/IceSSL/TrustManager.cpp +246 -0
- data/ext/ice/cpp/src/IceSSL/TrustManager.h +51 -0
- data/ext/ice/cpp/src/IceSSL/TrustManagerF.h +26 -0
- data/ext/ice/cpp/src/IceSSL/Util.cpp +1423 -0
- data/ext/ice/cpp/src/IceSSL/Util.h +136 -0
- data/ext/ice/cpp/src/IceUtil/ArgVector.cpp +65 -0
- data/ext/ice/cpp/src/IceUtil/ArgVector.h +41 -0
- data/ext/ice/cpp/src/IceUtil/Cond.cpp +386 -0
- data/ext/ice/cpp/src/IceUtil/ConvertUTF.cpp +477 -0
- data/ext/ice/cpp/src/IceUtil/ConvertUTF.h +144 -0
- data/ext/ice/cpp/src/IceUtil/CountDownLatch.cpp +184 -0
- data/ext/ice/cpp/src/IceUtil/CtrlCHandler.cpp +273 -0
- data/ext/ice/cpp/src/IceUtil/Exception.cpp +782 -0
- data/ext/ice/cpp/src/IceUtil/FileUtil.cpp +532 -0
- data/ext/ice/cpp/src/IceUtil/FileUtil.h +159 -0
- data/ext/ice/cpp/src/IceUtil/InputUtil.cpp +41 -0
- data/ext/ice/cpp/src/IceUtil/Makefile +68 -0
- data/ext/ice/cpp/src/IceUtil/MutexProtocol.cpp +24 -0
- data/ext/ice/cpp/src/IceUtil/Options.cpp +1049 -0
- data/ext/ice/cpp/src/IceUtil/OutputUtil.cpp +591 -0
- data/ext/ice/cpp/src/IceUtil/Random.cpp +185 -0
- data/ext/ice/cpp/src/IceUtil/RecMutex.cpp +257 -0
- data/ext/ice/cpp/src/IceUtil/SHA1.cpp +126 -0
- data/ext/ice/cpp/src/IceUtil/Shared.cpp +200 -0
- data/ext/ice/cpp/src/IceUtil/StopWatch.h +54 -0
- data/ext/ice/cpp/src/IceUtil/StringConverter.cpp +450 -0
- data/ext/ice/cpp/src/IceUtil/StringUtil.cpp +842 -0
- data/ext/ice/cpp/src/IceUtil/Thread.cpp +809 -0
- data/ext/ice/cpp/src/IceUtil/ThreadException.cpp +172 -0
- data/ext/ice/cpp/src/IceUtil/Time.cpp +306 -0
- data/ext/ice/cpp/src/IceUtil/Timer.cpp +251 -0
- data/ext/ice/cpp/src/IceUtil/UUID.cpp +174 -0
- data/ext/ice/cpp/src/IceUtil/Unicode.cpp +131 -0
- data/ext/ice/cpp/src/IceUtil/Unicode.h +49 -0
- data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp +1139 -0
- data/ext/ice/cpp/src/Slice/Checksum.cpp +452 -0
- data/ext/ice/cpp/src/Slice/CsUtil.cpp +2650 -0
- data/ext/ice/cpp/src/Slice/DotNetNames.cpp +146 -0
- data/ext/ice/cpp/src/Slice/FileTracker.cpp +203 -0
- data/ext/ice/cpp/src/Slice/Grammar.cpp +4755 -0
- data/ext/ice/cpp/src/Slice/Grammar.h +98 -0
- data/ext/ice/cpp/src/Slice/GrammarUtil.h +234 -0
- data/ext/ice/cpp/src/Slice/JavaUtil.cpp +4376 -0
- data/ext/ice/cpp/src/Slice/MD5.cpp +57 -0
- data/ext/ice/cpp/src/Slice/MD5.h +44 -0
- data/ext/ice/cpp/src/Slice/MD5I.cpp +385 -0
- data/ext/ice/cpp/src/Slice/MD5I.h +91 -0
- data/ext/ice/cpp/src/Slice/Makefile +65 -0
- data/ext/ice/cpp/src/Slice/PHPUtil.cpp +156 -0
- data/ext/ice/cpp/src/Slice/Parser.cpp +6386 -0
- data/ext/ice/cpp/src/Slice/Preprocessor.cpp +686 -0
- data/ext/ice/cpp/src/Slice/Python.cpp +675 -0
- data/ext/ice/cpp/src/Slice/PythonUtil.cpp +2614 -0
- data/ext/ice/cpp/src/Slice/Ruby.cpp +317 -0
- data/ext/ice/cpp/src/Slice/RubyUtil.cpp +1774 -0
- data/ext/ice/cpp/src/Slice/Scanner.cpp +2426 -0
- data/ext/ice/cpp/src/Slice/Util.cpp +325 -0
- data/ext/ice/mcpp/config.h.Darwin +227 -0
- data/ext/ice/mcpp/config.h.Linux +227 -0
- data/ext/ice/mcpp/config.h.MINGW +7 -0
- data/ext/ice/mcpp/configed.H +382 -0
- data/ext/ice/mcpp/directive.c +1699 -0
- data/ext/ice/mcpp/eval.c +1673 -0
- data/ext/ice/mcpp/expand.c +2980 -0
- data/ext/ice/mcpp/internal.H +564 -0
- data/ext/ice/mcpp/main.c +1131 -0
- data/ext/ice/mcpp/mbchar.c +869 -0
- data/ext/ice/mcpp/mcpp_lib.h +31 -0
- data/ext/ice/mcpp/mcpp_out.h +13 -0
- data/ext/ice/mcpp/support.c +2811 -0
- data/ext/ice/mcpp/system.H +396 -0
- data/ext/ice/mcpp/system.c +4940 -0
- data/ice.gemspec +41 -0
- data/lib/Glacier2.rb +12 -0
- data/lib/Glacier2/Metrics.rb +99 -0
- data/lib/Glacier2/PermissionsVerifier.rb +168 -0
- data/lib/Glacier2/PermissionsVerifierF.rb +34 -0
- data/lib/Glacier2/Router.rb +141 -0
- data/lib/Glacier2/RouterF.rb +29 -0
- data/lib/Glacier2/SSLInfo.rb +79 -0
- data/lib/Glacier2/Session.rb +470 -0
- data/lib/Ice.rb +659 -0
- data/lib/Ice/BuiltinSequences.rb +64 -0
- data/lib/Ice/Communicator.rb +93 -0
- data/lib/Ice/CommunicatorF.rb +28 -0
- data/lib/Ice/Connection.rb +414 -0
- data/lib/Ice/ConnectionF.rb +36 -0
- data/lib/Ice/Current.rb +152 -0
- data/lib/Ice/Endpoint.rb +265 -0
- data/lib/Ice/EndpointF.rb +52 -0
- data/lib/Ice/EndpointTypes.rb +77 -0
- data/lib/Ice/FacetMap.rb +28 -0
- data/lib/Ice/Identity.rb +70 -0
- data/lib/Ice/ImplicitContext.rb +59 -0
- data/lib/Ice/ImplicitContextF.rb +28 -0
- data/lib/Ice/Instrumentation.rb +425 -0
- data/lib/Ice/InstrumentationF.rb +35 -0
- data/lib/Ice/LocalException.rb +1081 -0
- data/lib/Ice/Locator.rb +314 -0
- data/lib/Ice/LocatorF.rb +34 -0
- data/lib/Ice/Logger.rb +57 -0
- data/lib/Ice/LoggerF.rb +28 -0
- data/lib/Ice/Metrics.rb +696 -0
- data/lib/Ice/ObjectAdapterF.rb +28 -0
- data/lib/Ice/ObjectFactory.rb +53 -0
- data/lib/Ice/ObjectFactoryF.rb +28 -0
- data/lib/Ice/Plugin.rb +87 -0
- data/lib/Ice/PluginF.rb +32 -0
- data/lib/Ice/Process.rb +93 -0
- data/lib/Ice/ProcessF.rb +29 -0
- data/lib/Ice/Properties.rb +65 -0
- data/lib/Ice/PropertiesAdmin.rb +104 -0
- data/lib/Ice/PropertiesF.rb +33 -0
- data/lib/Ice/Router.rb +163 -0
- data/lib/Ice/RouterF.rb +29 -0
- data/lib/Ice/SliceChecksumDict.rb +28 -0
- data/lib/Ice/Version.rb +100 -0
- data/lib/IceBox.rb +10 -0
- data/lib/IceBox/IceBox.rb +272 -0
- data/lib/IceGrid.rb +17 -0
- data/lib/IceGrid/Admin.rb +1076 -0
- data/lib/IceGrid/Descriptor.rb +1505 -0
- data/lib/IceGrid/Exception.rb +401 -0
- data/lib/IceGrid/FileParser.rb +105 -0
- data/lib/IceGrid/Locator.rb +105 -0
- data/lib/IceGrid/Observer.rb +571 -0
- data/lib/IceGrid/Query.rb +168 -0
- data/lib/IceGrid/Registry.rb +120 -0
- data/lib/IceGrid/Session.rb +114 -0
- data/lib/IceGrid/UserAccountMapper.rb +101 -0
- data/lib/IcePatch2.rb +10 -0
- data/lib/IcePatch2/FileInfo.rb +75 -0
- data/lib/IcePatch2/FileServer.rb +141 -0
- data/lib/IceStorm.rb +11 -0
- data/lib/IceStorm/IceStorm.rb +463 -0
- data/lib/IceStorm/Metrics.rb +155 -0
- data/slice/Freeze/BackgroundSaveEvictor.ice +111 -0
- data/slice/Freeze/CatalogData.ice +49 -0
- data/slice/Freeze/Connection.ice +111 -0
- data/slice/Freeze/ConnectionF.ice +20 -0
- data/slice/Freeze/DB.ice +37 -0
- data/slice/Freeze/Evictor.ice +339 -0
- data/slice/Freeze/EvictorF.ice +22 -0
- data/slice/Freeze/EvictorStorage.ice +72 -0
- data/slice/Freeze/Exception.ice +100 -0
- data/slice/Freeze/Transaction.ice +57 -0
- data/slice/Freeze/TransactionalEvictor.ice +50 -0
- data/slice/Glacier2/Metrics.ice +77 -0
- data/slice/Glacier2/PermissionsVerifier.ice +105 -0
- data/slice/Glacier2/PermissionsVerifierF.ice +21 -0
- data/slice/Glacier2/Router.ice +178 -0
- data/slice/Glacier2/RouterF.ice +20 -0
- data/slice/Glacier2/SSLInfo.ice +50 -0
- data/slice/Glacier2/Session.ice +273 -0
- data/slice/Ice/BuiltinSequences.ice +48 -0
- data/slice/Ice/Communicator.ice +567 -0
- data/slice/Ice/CommunicatorF.ice +20 -0
- data/slice/Ice/Connection.ice +323 -0
- data/slice/Ice/ConnectionF.ice +22 -0
- data/slice/Ice/Current.ice +160 -0
- data/slice/Ice/Endpoint.ice +227 -0
- data/slice/Ice/EndpointF.ice +32 -0
- data/slice/Ice/EndpointTypes.ice +38 -0
- data/slice/Ice/FacetMap.ice +25 -0
- data/slice/Ice/Identity.ice +59 -0
- data/slice/Ice/ImplicitContext.ice +109 -0
- data/slice/Ice/ImplicitContextF.ice +20 -0
- data/slice/Ice/Instrumentation.ice +499 -0
- data/slice/Ice/InstrumentationF.ice +26 -0
- data/slice/Ice/LocalException.ice +1015 -0
- data/slice/Ice/Locator.ice +227 -0
- data/slice/Ice/LocatorF.ice +21 -0
- data/slice/Ice/Logger.ice +86 -0
- data/slice/Ice/LoggerF.ice +20 -0
- data/slice/Ice/Metrics.ice +422 -0
- data/slice/Ice/ObjectAdapter.ice +673 -0
- data/slice/Ice/ObjectAdapterF.ice +20 -0
- data/slice/Ice/ObjectFactory.ice +60 -0
- data/slice/Ice/ObjectFactoryF.ice +20 -0
- data/slice/Ice/Plugin.ice +117 -0
- data/slice/Ice/PluginF.ice +21 -0
- data/slice/Ice/Process.ice +54 -0
- data/slice/Ice/ProcessF.ice +20 -0
- data/slice/Ice/Properties.ice +228 -0
- data/slice/Ice/PropertiesAdmin.ice +75 -0
- data/slice/Ice/PropertiesF.ice +21 -0
- data/slice/Ice/RemoteLogger.ice +232 -0
- data/slice/Ice/Router.ice +83 -0
- data/slice/Ice/RouterF.ice +20 -0
- data/slice/Ice/ServantLocator.ice +117 -0
- data/slice/Ice/ServantLocatorF.ice +20 -0
- data/slice/Ice/SliceChecksumDict.ice +25 -0
- data/slice/Ice/Version.ice +39 -0
- data/slice/IceBox/IceBox.ice +194 -0
- data/slice/IceDiscovery/IceDiscovery.ice +32 -0
- data/slice/IceGrid/Admin.ice +1578 -0
- data/slice/IceGrid/Descriptor.ice +1079 -0
- data/slice/IceGrid/Discovery.ice +73 -0
- data/slice/IceGrid/Exception.ice +383 -0
- data/slice/IceGrid/FileParser.ice +61 -0
- data/slice/IceGrid/Locator.ice +56 -0
- data/slice/IceGrid/Observer.ice +394 -0
- data/slice/IceGrid/PluginFacade.ice +316 -0
- data/slice/IceGrid/Query.ice +130 -0
- data/slice/IceGrid/Registry.ice +138 -0
- data/slice/IceGrid/Session.ice +124 -0
- data/slice/IceGrid/UserAccountMapper.ice +58 -0
- data/slice/IcePatch2/FileInfo.ice +49 -0
- data/slice/IcePatch2/FileServer.ice +129 -0
- data/slice/IceSSL/ConnectionInfo.ice +34 -0
- data/slice/IceSSL/EndpointInfo.ice +41 -0
- data/slice/IceStorm/IceStorm.ice +405 -0
- data/slice/IceStorm/Metrics.ice +71 -0
- metadata +737 -0
@@ -0,0 +1,91 @@
|
|
1
|
+
// **********************************************************************
|
2
|
+
//
|
3
|
+
// Copyright (c) 2003-2014 ZeroC, Inc. All rights reserved.
|
4
|
+
//
|
5
|
+
// This copy of Ice is licensed to you under the terms described in the
|
6
|
+
// ICE_LICENSE file included in this distribution.
|
7
|
+
//
|
8
|
+
// **********************************************************************
|
9
|
+
|
10
|
+
#ifndef ICE_SSL_SECURE_TRANSPORT_TRANSCEIVER_I_H
|
11
|
+
#define ICE_SSL_SECURE_TRANSPORT_TRANSCEIVER_I_H
|
12
|
+
|
13
|
+
#include <IceSSL/Config.h>
|
14
|
+
#include <IceSSL/InstanceF.h>
|
15
|
+
#include <IceSSL/SSLEngineF.h>
|
16
|
+
#include <IceSSL/Plugin.h>
|
17
|
+
|
18
|
+
#include <Ice/Transceiver.h>
|
19
|
+
#include <Ice/Network.h>
|
20
|
+
#include <Ice/StreamSocket.h>
|
21
|
+
|
22
|
+
#ifdef ICE_USE_SECURE_TRANSPORT
|
23
|
+
|
24
|
+
#include <Security/Security.h>
|
25
|
+
#include <CoreFoundation/CoreFoundation.h>
|
26
|
+
|
27
|
+
namespace IceSSL
|
28
|
+
{
|
29
|
+
|
30
|
+
class ConnectorI;
|
31
|
+
class AcceptorI;
|
32
|
+
|
33
|
+
class TransceiverI : public IceInternal::Transceiver
|
34
|
+
{
|
35
|
+
public:
|
36
|
+
|
37
|
+
virtual IceInternal::NativeInfoPtr getNativeInfo();
|
38
|
+
|
39
|
+
virtual IceInternal::SocketOperation initialize(IceInternal::Buffer&, IceInternal::Buffer&, bool&);
|
40
|
+
virtual IceInternal::SocketOperation closing(bool, const Ice::LocalException&);
|
41
|
+
virtual void close();
|
42
|
+
virtual IceInternal::SocketOperation write(IceInternal::Buffer&);
|
43
|
+
virtual IceInternal::SocketOperation read(IceInternal::Buffer&, bool&);
|
44
|
+
|
45
|
+
virtual std::string protocol() const;
|
46
|
+
virtual std::string toString() const;
|
47
|
+
virtual std::string toDetailedString() const;
|
48
|
+
virtual Ice::ConnectionInfoPtr getInfo() const;
|
49
|
+
virtual void checkSendSize(const IceInternal::Buffer&);
|
50
|
+
|
51
|
+
OSStatus writeRaw(const char*, size_t*) const;
|
52
|
+
OSStatus readRaw(char*, size_t*) const;
|
53
|
+
|
54
|
+
private:
|
55
|
+
|
56
|
+
TransceiverI(const InstancePtr&, const IceInternal::StreamSocketPtr&, const std::string&, bool);
|
57
|
+
virtual ~TransceiverI();
|
58
|
+
|
59
|
+
virtual NativeConnectionInfoPtr getNativeConnectionInfo() const;
|
60
|
+
|
61
|
+
friend class ConnectorI;
|
62
|
+
friend class AcceptorI;
|
63
|
+
|
64
|
+
const InstancePtr _instance;
|
65
|
+
const SecureTransportEnginePtr _engine;
|
66
|
+
const std::string _host;
|
67
|
+
const std::string _adapterName;
|
68
|
+
const bool _incoming;
|
69
|
+
const IceInternal::StreamSocketPtr _stream;
|
70
|
+
|
71
|
+
SSLContextRef _ssl;
|
72
|
+
SecTrustRef _trust;
|
73
|
+
|
74
|
+
size_t _buffered;
|
75
|
+
enum SSLWantFlags
|
76
|
+
{
|
77
|
+
SSLWantRead = 0x1,
|
78
|
+
SSLWantWrite = 0x2
|
79
|
+
};
|
80
|
+
|
81
|
+
mutable Ice::Byte _flags;
|
82
|
+
size_t _maxSendPacketSize;
|
83
|
+
size_t _maxRecvPacketSize;
|
84
|
+
};
|
85
|
+
typedef IceUtil::Handle<TransceiverI> TransceiverIPtr;
|
86
|
+
|
87
|
+
}
|
88
|
+
|
89
|
+
#endif
|
90
|
+
|
91
|
+
#endif
|
@@ -0,0 +1,246 @@
|
|
1
|
+
// **********************************************************************
|
2
|
+
//
|
3
|
+
// Copyright (c) 2003-2014 ZeroC, Inc. All rights reserved.
|
4
|
+
//
|
5
|
+
// This copy of Ice is licensed to you under the terms described in the
|
6
|
+
// ICE_LICENSE file included in this distribution.
|
7
|
+
//
|
8
|
+
// **********************************************************************
|
9
|
+
|
10
|
+
#include <IceSSL/TrustManager.h>
|
11
|
+
#include <IceSSL/RFC2253.h>
|
12
|
+
|
13
|
+
#include <Ice/Properties.h>
|
14
|
+
#include <Ice/Communicator.h>
|
15
|
+
#include <Ice/LocalException.h>
|
16
|
+
#include <Ice/Logger.h>
|
17
|
+
#include <Ice/LoggerUtil.h>
|
18
|
+
#include <Ice/Network.h>
|
19
|
+
|
20
|
+
using namespace std;
|
21
|
+
using namespace IceSSL;
|
22
|
+
|
23
|
+
IceUtil::Shared* IceSSL::upCast(IceSSL::TrustManager* p) { return p; }
|
24
|
+
|
25
|
+
TrustManager::TrustManager(const Ice::CommunicatorPtr& communicator) :
|
26
|
+
_communicator(communicator)
|
27
|
+
{
|
28
|
+
Ice::PropertiesPtr properties = communicator->getProperties();
|
29
|
+
_traceLevel = properties->getPropertyAsInt("IceSSL.Trace.Security");
|
30
|
+
string key;
|
31
|
+
try
|
32
|
+
{
|
33
|
+
key = "IceSSL.TrustOnly";
|
34
|
+
parse(properties->getProperty(key), _rejectAll, _acceptAll);
|
35
|
+
key = "IceSSL.TrustOnly.Client";
|
36
|
+
parse(properties->getProperty(key), _rejectClient, _acceptClient);
|
37
|
+
key = "IceSSL.TrustOnly.Server";
|
38
|
+
parse(properties->getProperty(key), _rejectAllServer, _acceptAllServer);
|
39
|
+
Ice::PropertyDict dict = properties->getPropertiesForPrefix("IceSSL.TrustOnly.Server.");
|
40
|
+
for(Ice::PropertyDict::const_iterator p = dict.begin(); p != dict.end(); ++p)
|
41
|
+
{
|
42
|
+
string name = p->first.substr(string("IceSSL.TrustOnly.Server.").size());
|
43
|
+
key = p->first;
|
44
|
+
list<DistinguishedName> reject, accept;
|
45
|
+
parse(p->second, reject, accept);
|
46
|
+
if(!reject.empty())
|
47
|
+
{
|
48
|
+
_rejectServer[name] = reject;
|
49
|
+
}
|
50
|
+
if(!accept.empty())
|
51
|
+
{
|
52
|
+
_acceptServer[name] = accept;
|
53
|
+
}
|
54
|
+
}
|
55
|
+
}
|
56
|
+
catch(const ParseException& e)
|
57
|
+
{
|
58
|
+
Ice::PluginInitializationException ex(__FILE__, __LINE__);
|
59
|
+
ex.reason = "IceSSL: invalid property " + key + ":\n" + e.reason;
|
60
|
+
throw ex;
|
61
|
+
}
|
62
|
+
}
|
63
|
+
|
64
|
+
bool
|
65
|
+
TrustManager::verify(const NativeConnectionInfoPtr& info)
|
66
|
+
{
|
67
|
+
list<list<DistinguishedName> > reject, accept;
|
68
|
+
|
69
|
+
if(_rejectAll.size() > 0)
|
70
|
+
{
|
71
|
+
reject.push_back(_rejectAll);
|
72
|
+
}
|
73
|
+
if(info->incoming)
|
74
|
+
{
|
75
|
+
if(_rejectAllServer.size() > 0)
|
76
|
+
{
|
77
|
+
reject.push_back(_rejectAllServer);
|
78
|
+
}
|
79
|
+
if(info->adapterName.size() > 0)
|
80
|
+
{
|
81
|
+
map<string, list<DistinguishedName> >::const_iterator p = _rejectServer.find(info->adapterName);
|
82
|
+
if(p != _rejectServer.end())
|
83
|
+
{
|
84
|
+
reject.push_back(p->second);
|
85
|
+
}
|
86
|
+
}
|
87
|
+
}
|
88
|
+
else
|
89
|
+
{
|
90
|
+
if(_rejectClient.size() > 0)
|
91
|
+
{
|
92
|
+
reject.push_back(_rejectClient);
|
93
|
+
}
|
94
|
+
}
|
95
|
+
|
96
|
+
if(_acceptAll.size() > 0)
|
97
|
+
{
|
98
|
+
accept.push_back(_acceptAll);
|
99
|
+
}
|
100
|
+
if(info->incoming)
|
101
|
+
{
|
102
|
+
if(_acceptAllServer.size() > 0)
|
103
|
+
{
|
104
|
+
accept.push_back(_acceptAllServer);
|
105
|
+
}
|
106
|
+
if(info->adapterName.size() > 0)
|
107
|
+
{
|
108
|
+
map<string, list<DistinguishedName> >::const_iterator p = _acceptServer.find(info->adapterName);
|
109
|
+
if(p != _acceptServer.end())
|
110
|
+
{
|
111
|
+
accept.push_back(p->second);
|
112
|
+
}
|
113
|
+
}
|
114
|
+
}
|
115
|
+
else
|
116
|
+
{
|
117
|
+
if(_acceptClient.size() > 0)
|
118
|
+
{
|
119
|
+
accept.push_back(_acceptClient);
|
120
|
+
}
|
121
|
+
}
|
122
|
+
|
123
|
+
//
|
124
|
+
// If there is nothing to match against, then we accept the cert.
|
125
|
+
//
|
126
|
+
if(reject.empty() && accept.empty())
|
127
|
+
{
|
128
|
+
return true;
|
129
|
+
}
|
130
|
+
|
131
|
+
//
|
132
|
+
// If there is no certificate then we match false.
|
133
|
+
//
|
134
|
+
if(info->nativeCerts.size() != 0)
|
135
|
+
{
|
136
|
+
DistinguishedName subject = info->nativeCerts[0]->getSubjectDN();
|
137
|
+
if(_traceLevel > 0)
|
138
|
+
{
|
139
|
+
Ice::Trace trace(_communicator->getLogger(), "Security");
|
140
|
+
if(info->incoming)
|
141
|
+
{
|
142
|
+
trace << "trust manager evaluating client:\n"
|
143
|
+
<< "subject = " << string(subject) << '\n'
|
144
|
+
<< "adapter = " << info->adapterName << '\n'
|
145
|
+
<< "local addr = " << info->localAddress << ":" << info->localPort << '\n'
|
146
|
+
<< "remote addr = " << info->remoteAddress << ":" << info->remotePort;
|
147
|
+
}
|
148
|
+
else
|
149
|
+
{
|
150
|
+
trace << "trust manager evaluating server:\n"
|
151
|
+
<< "subject = " << string(subject) << '\n'
|
152
|
+
<< "local addr = " << info->localAddress << ":" << info->localPort << '\n'
|
153
|
+
<< "remote addr = " << info->remoteAddress << ":" << info->remotePort;
|
154
|
+
}
|
155
|
+
}
|
156
|
+
|
157
|
+
//
|
158
|
+
// Fail if we match anything in the reject set.
|
159
|
+
//
|
160
|
+
for(list<list<DistinguishedName> >::const_iterator p = reject.begin(); p != reject.end(); ++p)
|
161
|
+
{
|
162
|
+
if(_traceLevel > 1)
|
163
|
+
{
|
164
|
+
Ice::Trace trace(_communicator->getLogger(), "Security");
|
165
|
+
trace << "trust manager rejecting PDNs:\n";
|
166
|
+
for(list<DistinguishedName>::const_iterator r = p->begin(); r != p->end(); ++r)
|
167
|
+
{
|
168
|
+
if(r != p->begin())
|
169
|
+
{
|
170
|
+
trace << ';';
|
171
|
+
}
|
172
|
+
trace << string(*r);
|
173
|
+
}
|
174
|
+
}
|
175
|
+
if(match(*p, subject))
|
176
|
+
{
|
177
|
+
return false;
|
178
|
+
}
|
179
|
+
}
|
180
|
+
|
181
|
+
//
|
182
|
+
// Succeed if we match anything in the accept set.
|
183
|
+
//
|
184
|
+
for(list<list<DistinguishedName> >::const_iterator p = accept.begin(); p != accept.end(); ++p)
|
185
|
+
{
|
186
|
+
if(_traceLevel > 1)
|
187
|
+
{
|
188
|
+
Ice::Trace trace(_communicator->getLogger(), "Security");
|
189
|
+
trace << "trust manager accepting PDNs:\n";
|
190
|
+
for(list<DistinguishedName>::const_iterator r = p->begin(); r != p->end(); ++r)
|
191
|
+
{
|
192
|
+
if(r != p->begin())
|
193
|
+
{
|
194
|
+
trace << ';';
|
195
|
+
}
|
196
|
+
trace << string(*r);
|
197
|
+
}
|
198
|
+
}
|
199
|
+
if(match(*p, subject))
|
200
|
+
{
|
201
|
+
return true;
|
202
|
+
}
|
203
|
+
}
|
204
|
+
|
205
|
+
//
|
206
|
+
// At this point we accept the connection if there are no explicit accept rules.
|
207
|
+
//
|
208
|
+
return accept.empty();
|
209
|
+
}
|
210
|
+
|
211
|
+
return false;
|
212
|
+
}
|
213
|
+
|
214
|
+
bool
|
215
|
+
TrustManager::match(const list< DistinguishedName>& matchSet, const DistinguishedName& subject) const
|
216
|
+
{
|
217
|
+
for(list<DistinguishedName>::const_iterator r = matchSet.begin(); r != matchSet.end(); ++r)
|
218
|
+
{
|
219
|
+
if(subject.match(*r))
|
220
|
+
{
|
221
|
+
return true;
|
222
|
+
}
|
223
|
+
}
|
224
|
+
return false;
|
225
|
+
}
|
226
|
+
|
227
|
+
void
|
228
|
+
TrustManager::parse(const string& value, list<DistinguishedName>& reject, list<DistinguishedName>& accept) const
|
229
|
+
{
|
230
|
+
if(!value.empty())
|
231
|
+
{
|
232
|
+
RFC2253::RDNEntrySeq dns = RFC2253::parse(value);
|
233
|
+
|
234
|
+
for(RFC2253::RDNEntrySeq::const_iterator p = dns.begin(); p != dns.end(); ++p)
|
235
|
+
{
|
236
|
+
if(p->negate)
|
237
|
+
{
|
238
|
+
reject.push_back(DistinguishedName(p->rdn));
|
239
|
+
}
|
240
|
+
else
|
241
|
+
{
|
242
|
+
accept.push_back(DistinguishedName(p->rdn));
|
243
|
+
}
|
244
|
+
}
|
245
|
+
}
|
246
|
+
}
|
@@ -0,0 +1,51 @@
|
|
1
|
+
// **********************************************************************
|
2
|
+
//
|
3
|
+
// Copyright (c) 2003-2014 ZeroC, Inc. All rights reserved.
|
4
|
+
//
|
5
|
+
// This copy of Ice is licensed to you under the terms described in the
|
6
|
+
// ICE_LICENSE file included in this distribution.
|
7
|
+
//
|
8
|
+
// **********************************************************************
|
9
|
+
|
10
|
+
#ifndef ICE_SSL_TRUST_MANAGER_H
|
11
|
+
#define ICE_SSL_TRUST_MANAGER_H
|
12
|
+
|
13
|
+
#include <Ice/CommunicatorF.h>
|
14
|
+
#include <IceSSL/TrustManagerF.h>
|
15
|
+
#include <IceSSL/Plugin.h>
|
16
|
+
#include <IceSSL/RFC2253.h>
|
17
|
+
#include <list>
|
18
|
+
|
19
|
+
namespace IceSSL
|
20
|
+
{
|
21
|
+
|
22
|
+
class TrustManager : public IceUtil::Shared
|
23
|
+
{
|
24
|
+
public:
|
25
|
+
|
26
|
+
TrustManager(const Ice::CommunicatorPtr&);
|
27
|
+
|
28
|
+
bool verify(const NativeConnectionInfoPtr&);
|
29
|
+
|
30
|
+
private:
|
31
|
+
|
32
|
+
bool match(const std::list< DistinguishedName> &, const DistinguishedName&) const;
|
33
|
+
void parse(const std::string&, std::list<DistinguishedName>&, std::list<DistinguishedName>&) const;
|
34
|
+
|
35
|
+
const Ice::CommunicatorPtr _communicator;
|
36
|
+
int _traceLevel;
|
37
|
+
|
38
|
+
std::list<DistinguishedName> _rejectAll;
|
39
|
+
std::list<DistinguishedName> _rejectClient;
|
40
|
+
std::list<DistinguishedName> _rejectAllServer;
|
41
|
+
std::map<std::string, std::list<DistinguishedName> > _rejectServer;
|
42
|
+
|
43
|
+
std::list<DistinguishedName> _acceptAll;
|
44
|
+
std::list<DistinguishedName> _acceptClient;
|
45
|
+
std::list<DistinguishedName> _acceptAllServer;
|
46
|
+
std::map<std::string, std::list<DistinguishedName> > _acceptServer;
|
47
|
+
};
|
48
|
+
|
49
|
+
}
|
50
|
+
|
51
|
+
#endif
|
@@ -0,0 +1,26 @@
|
|
1
|
+
// **********************************************************************
|
2
|
+
//
|
3
|
+
// Copyright (c) 2003-2014 ZeroC, Inc. All rights reserved.
|
4
|
+
//
|
5
|
+
// This copy of Ice is licensed to you under the terms described in the
|
6
|
+
// ICE_LICENSE file included in this distribution.
|
7
|
+
//
|
8
|
+
// **********************************************************************
|
9
|
+
|
10
|
+
#ifndef ICE_SSL_TRUST_MANAGER_F_H
|
11
|
+
#define ICE_SSL_TRUST_MANAGER_F_H
|
12
|
+
|
13
|
+
#include <IceUtil/Shared.h>
|
14
|
+
|
15
|
+
#include <Ice/Handle.h>
|
16
|
+
|
17
|
+
namespace IceSSL
|
18
|
+
{
|
19
|
+
|
20
|
+
class TrustManager;
|
21
|
+
IceUtil::Shared* upCast(IceSSL::TrustManager*);
|
22
|
+
typedef IceInternal::Handle<TrustManager> TrustManagerPtr;
|
23
|
+
|
24
|
+
}
|
25
|
+
|
26
|
+
#endif
|
@@ -0,0 +1,1423 @@
|
|
1
|
+
// **********************************************************************
|
2
|
+
//
|
3
|
+
// Copyright (c) 2003-2014 ZeroC, Inc. All rights reserved.
|
4
|
+
//
|
5
|
+
// This copy of Ice is licensed to you under the terms described in the
|
6
|
+
// ICE_LICENSE file included in this distribution.
|
7
|
+
//
|
8
|
+
// **********************************************************************
|
9
|
+
|
10
|
+
#include <IceUtil/Config.h>
|
11
|
+
#ifdef _WIN32
|
12
|
+
# include <winsock2.h>
|
13
|
+
#endif
|
14
|
+
|
15
|
+
#include <IceSSL/Util.h>
|
16
|
+
#include <IceUtil/FileUtil.h>
|
17
|
+
#include <IceUtil/StringUtil.h>
|
18
|
+
|
19
|
+
#include <Ice/LocalException.h>
|
20
|
+
#include <Ice/Network.h>
|
21
|
+
#include <Ice/Object.h>
|
22
|
+
|
23
|
+
#ifdef ICE_USE_OPENSSL
|
24
|
+
# include <openssl/err.h>
|
25
|
+
//
|
26
|
+
// Avoid old style cast warnings from OpenSSL macros
|
27
|
+
//
|
28
|
+
# pragma GCC diagnostic ignored "-Wold-style-cast"
|
29
|
+
#endif
|
30
|
+
|
31
|
+
using namespace std;
|
32
|
+
using namespace Ice;
|
33
|
+
using namespace IceUtil;
|
34
|
+
using namespace IceSSL;
|
35
|
+
|
36
|
+
void
|
37
|
+
IceSSL::readFile(const string& file, vector<char>& buffer)
|
38
|
+
{
|
39
|
+
IceUtilInternal::ifstream is(file, ios::in | ios::binary);
|
40
|
+
if(!is.good())
|
41
|
+
{
|
42
|
+
throw CertificateReadException(__FILE__, __LINE__, "error opening file " + file);
|
43
|
+
}
|
44
|
+
|
45
|
+
is.seekg(0, is.end);
|
46
|
+
buffer.resize(static_cast<int>(is.tellg()));
|
47
|
+
is.seekg(0, is.beg);
|
48
|
+
|
49
|
+
is.read(&buffer[0], buffer.size());
|
50
|
+
|
51
|
+
if(!is.good())
|
52
|
+
{
|
53
|
+
throw CertificateReadException(__FILE__, __LINE__, "error reading file " + file);
|
54
|
+
}
|
55
|
+
}
|
56
|
+
|
57
|
+
#ifndef ICE_USE_OPENSSL
|
58
|
+
namespace
|
59
|
+
{
|
60
|
+
bool
|
61
|
+
parseBytes(const string& arg, vector<unsigned char>& buffer)
|
62
|
+
{
|
63
|
+
string v = IceUtilInternal::toUpper(arg);
|
64
|
+
|
65
|
+
//
|
66
|
+
// Check for any invalid characters.
|
67
|
+
//
|
68
|
+
size_t pos = v.find_first_not_of(" :0123456789ABCDEF");
|
69
|
+
if(pos != string::npos)
|
70
|
+
{
|
71
|
+
return false;
|
72
|
+
}
|
73
|
+
|
74
|
+
//
|
75
|
+
// Remove any separator characters.
|
76
|
+
//
|
77
|
+
ostringstream s;
|
78
|
+
for(string::const_iterator i = v.begin(); i != v.end(); ++i)
|
79
|
+
{
|
80
|
+
if(*i == ' ' || *i == ':')
|
81
|
+
{
|
82
|
+
continue;
|
83
|
+
}
|
84
|
+
s << *i;
|
85
|
+
}
|
86
|
+
v = s.str();
|
87
|
+
|
88
|
+
//
|
89
|
+
// Convert the bytes.
|
90
|
+
//
|
91
|
+
for(size_t i = 0, length = v.size(); i + 2 <= length;)
|
92
|
+
{
|
93
|
+
buffer.push_back(static_cast<unsigned char>(strtol(v.substr(i, 2).c_str(), 0, 16)));
|
94
|
+
i += 2;
|
95
|
+
}
|
96
|
+
return true;
|
97
|
+
}
|
98
|
+
}
|
99
|
+
#endif
|
100
|
+
|
101
|
+
#ifdef ICE_USE_OPENSSL
|
102
|
+
namespace
|
103
|
+
{
|
104
|
+
|
105
|
+
# ifndef OPENSSL_NO_DH
|
106
|
+
|
107
|
+
// The following arrays are predefined Diffie Hellman group parameters.
|
108
|
+
// These are known strong primes, distributed with the OpenSSL library
|
109
|
+
// in the files dh512.pem, dh1024.pem, dh2048.pem and dh4096.pem.
|
110
|
+
// They are not keys themselves, but the basis for generating DH keys
|
111
|
+
// on the fly.
|
112
|
+
|
113
|
+
unsigned char dh512_p[] =
|
114
|
+
{
|
115
|
+
0xF5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
|
116
|
+
0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
|
117
|
+
0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
|
118
|
+
0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
|
119
|
+
0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
|
120
|
+
0xE9,0x2A,0x05,0x5F,
|
121
|
+
};
|
122
|
+
|
123
|
+
unsigned char dh512_g[] = { 0x02 };
|
124
|
+
|
125
|
+
unsigned char dh1024_p[] =
|
126
|
+
{
|
127
|
+
0xF4,0x88,0xFD,0x58,0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,
|
128
|
+
0x91,0x07,0x36,0x6B,0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,
|
129
|
+
0x88,0xB3,0x1C,0x7C,0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,
|
130
|
+
0x43,0xF0,0xA5,0x5B,0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,
|
131
|
+
0x38,0xD3,0x34,0xFD,0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,
|
132
|
+
0xDE,0x33,0x21,0x2C,0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,
|
133
|
+
0x18,0x11,0x8D,0x7C,0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,
|
134
|
+
0x19,0xC8,0x07,0x29,0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,
|
135
|
+
0xD0,0x0A,0x50,0x9B,0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,
|
136
|
+
0x41,0x9F,0x9C,0x7C,0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,
|
137
|
+
0xA2,0x5E,0xC3,0x55,0xE9,0x2F,0x78,0xC7,
|
138
|
+
};
|
139
|
+
|
140
|
+
unsigned char dh1024_g[] = { 0x02 };
|
141
|
+
|
142
|
+
unsigned char dh2048_p[] =
|
143
|
+
{
|
144
|
+
0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
|
145
|
+
0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
|
146
|
+
0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
|
147
|
+
0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
|
148
|
+
0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
|
149
|
+
0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
|
150
|
+
0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
|
151
|
+
0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
|
152
|
+
0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
|
153
|
+
0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
|
154
|
+
0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
|
155
|
+
0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
|
156
|
+
0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
|
157
|
+
0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
|
158
|
+
0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
|
159
|
+
0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
|
160
|
+
0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
|
161
|
+
0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
|
162
|
+
0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
|
163
|
+
0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
|
164
|
+
0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
|
165
|
+
0xE9,0x32,0x0B,0x3B,
|
166
|
+
};
|
167
|
+
|
168
|
+
unsigned char dh2048_g[] = { 0x02 };
|
169
|
+
|
170
|
+
unsigned char dh4096_p[] =
|
171
|
+
{
|
172
|
+
0xFA,0x14,0x72,0x52,0xC1,0x4D,0xE1,0x5A,0x49,0xD4,0xEF,0x09,
|
173
|
+
0x2D,0xC0,0xA8,0xFD,0x55,0xAB,0xD7,0xD9,0x37,0x04,0x28,0x09,
|
174
|
+
0xE2,0xE9,0x3E,0x77,0xE2,0xA1,0x7A,0x18,0xDD,0x46,0xA3,0x43,
|
175
|
+
0x37,0x23,0x90,0x97,0xF3,0x0E,0xC9,0x03,0x50,0x7D,0x65,0xCF,
|
176
|
+
0x78,0x62,0xA6,0x3A,0x62,0x22,0x83,0xA1,0x2F,0xFE,0x79,0xBA,
|
177
|
+
0x35,0xFF,0x59,0xD8,0x1D,0x61,0xDD,0x1E,0x21,0x13,0x17,0xFE,
|
178
|
+
0xCD,0x38,0x87,0x9E,0xF5,0x4F,0x79,0x10,0x61,0x8D,0xD4,0x22,
|
179
|
+
0xF3,0x5A,0xED,0x5D,0xEA,0x21,0xE9,0x33,0x6B,0x48,0x12,0x0A,
|
180
|
+
0x20,0x77,0xD4,0x25,0x60,0x61,0xDE,0xF6,0xB4,0x4F,0x1C,0x63,
|
181
|
+
0x40,0x8B,0x3A,0x21,0x93,0x8B,0x79,0x53,0x51,0x2C,0xCA,0xB3,
|
182
|
+
0x7B,0x29,0x56,0xA8,0xC7,0xF8,0xF4,0x7B,0x08,0x5E,0xA6,0xDC,
|
183
|
+
0xA2,0x45,0x12,0x56,0xDD,0x41,0x92,0xF2,0xDD,0x5B,0x8F,0x23,
|
184
|
+
0xF0,0xF3,0xEF,0xE4,0x3B,0x0A,0x44,0xDD,0xED,0x96,0x84,0xF1,
|
185
|
+
0xA8,0x32,0x46,0xA3,0xDB,0x4A,0xBE,0x3D,0x45,0xBA,0x4E,0xF8,
|
186
|
+
0x03,0xE5,0xDD,0x6B,0x59,0x0D,0x84,0x1E,0xCA,0x16,0x5A,0x8C,
|
187
|
+
0xC8,0xDF,0x7C,0x54,0x44,0xC4,0x27,0xA7,0x3B,0x2A,0x97,0xCE,
|
188
|
+
0xA3,0x7D,0x26,0x9C,0xAD,0xF4,0xC2,0xAC,0x37,0x4B,0xC3,0xAD,
|
189
|
+
0x68,0x84,0x7F,0x99,0xA6,0x17,0xEF,0x6B,0x46,0x3A,0x7A,0x36,
|
190
|
+
0x7A,0x11,0x43,0x92,0xAD,0xE9,0x9C,0xFB,0x44,0x6C,0x3D,0x82,
|
191
|
+
0x49,0xCC,0x5C,0x6A,0x52,0x42,0xF8,0x42,0xFB,0x44,0xF9,0x39,
|
192
|
+
0x73,0xFB,0x60,0x79,0x3B,0xC2,0x9E,0x0B,0xDC,0xD4,0xA6,0x67,
|
193
|
+
0xF7,0x66,0x3F,0xFC,0x42,0x3B,0x1B,0xDB,0x4F,0x66,0xDC,0xA5,
|
194
|
+
0x8F,0x66,0xF9,0xEA,0xC1,0xED,0x31,0xFB,0x48,0xA1,0x82,0x7D,
|
195
|
+
0xF8,0xE0,0xCC,0xB1,0xC7,0x03,0xE4,0xF8,0xB3,0xFE,0xB7,0xA3,
|
196
|
+
0x13,0x73,0xA6,0x7B,0xC1,0x0E,0x39,0xC7,0x94,0x48,0x26,0x00,
|
197
|
+
0x85,0x79,0xFC,0x6F,0x7A,0xAF,0xC5,0x52,0x35,0x75,0xD7,0x75,
|
198
|
+
0xA4,0x40,0xFA,0x14,0x74,0x61,0x16,0xF2,0xEB,0x67,0x11,0x6F,
|
199
|
+
0x04,0x43,0x3D,0x11,0x14,0x4C,0xA7,0x94,0x2A,0x39,0xA1,0xC9,
|
200
|
+
0x90,0xCF,0x83,0xC6,0xFF,0x02,0x8F,0xA3,0x2A,0xAC,0x26,0xDF,
|
201
|
+
0x0B,0x8B,0xBE,0x64,0x4A,0xF1,0xA1,0xDC,0xEE,0xBA,0xC8,0x03,
|
202
|
+
0x82,0xF6,0x62,0x2C,0x5D,0xB6,0xBB,0x13,0x19,0x6E,0x86,0xC5,
|
203
|
+
0x5B,0x2B,0x5E,0x3A,0xF3,0xB3,0x28,0x6B,0x70,0x71,0x3A,0x8E,
|
204
|
+
0xFF,0x5C,0x15,0xE6,0x02,0xA4,0xCE,0xED,0x59,0x56,0xCC,0x15,
|
205
|
+
0x51,0x07,0x79,0x1A,0x0F,0x25,0x26,0x27,0x30,0xA9,0x15,0xB2,
|
206
|
+
0xC8,0xD4,0x5C,0xCC,0x30,0xE8,0x1B,0xD8,0xD5,0x0F,0x19,0xA8,
|
207
|
+
0x80,0xA4,0xC7,0x01,0xAA,0x8B,0xBA,0x53,0xBB,0x47,0xC2,0x1F,
|
208
|
+
0x6B,0x54,0xB0,0x17,0x60,0xED,0x79,0x21,0x95,0xB6,0x05,0x84,
|
209
|
+
0x37,0xC8,0x03,0xA4,0xDD,0xD1,0x06,0x69,0x8F,0x4C,0x39,0xE0,
|
210
|
+
0xC8,0x5D,0x83,0x1D,0xBE,0x6A,0x9A,0x99,0xF3,0x9F,0x0B,0x45,
|
211
|
+
0x29,0xD4,0xCB,0x29,0x66,0xEE,0x1E,0x7E,0x3D,0xD7,0x13,0x4E,
|
212
|
+
0xDB,0x90,0x90,0x58,0xCB,0x5E,0x9B,0xCD,0x2E,0x2B,0x0F,0xA9,
|
213
|
+
0x4E,0x78,0xAC,0x05,0x11,0x7F,0xE3,0x9E,0x27,0xD4,0x99,0xE1,
|
214
|
+
0xB9,0xBD,0x78,0xE1,0x84,0x41,0xA0,0xDF,
|
215
|
+
};
|
216
|
+
|
217
|
+
unsigned char dh4096_g[] = { 0x02 };
|
218
|
+
|
219
|
+
}
|
220
|
+
|
221
|
+
//
|
222
|
+
// Convert a predefined parameter set into a DH value.
|
223
|
+
//
|
224
|
+
static DH*
|
225
|
+
convertDH(unsigned char* p, int plen, unsigned char* g, int glen)
|
226
|
+
{
|
227
|
+
assert(p != 0);
|
228
|
+
assert(g != 0);
|
229
|
+
|
230
|
+
DH* dh = DH_new();
|
231
|
+
|
232
|
+
if(dh != 0)
|
233
|
+
{
|
234
|
+
dh->p = BN_bin2bn(p, plen, 0);
|
235
|
+
dh->g = BN_bin2bn(g, glen, 0);
|
236
|
+
|
237
|
+
if((dh->p == 0) || (dh->g == 0))
|
238
|
+
{
|
239
|
+
DH_free(dh);
|
240
|
+
dh = 0;
|
241
|
+
}
|
242
|
+
}
|
243
|
+
|
244
|
+
return dh;
|
245
|
+
}
|
246
|
+
|
247
|
+
IceSSL::DHParams::DHParams() :
|
248
|
+
_dh512(0), _dh1024(0), _dh2048(0), _dh4096(0)
|
249
|
+
{
|
250
|
+
}
|
251
|
+
|
252
|
+
IceSSL::DHParams::~DHParams()
|
253
|
+
{
|
254
|
+
for(ParamList::iterator p = _params.begin(); p != _params.end(); ++p)
|
255
|
+
{
|
256
|
+
DH_free(p->second);
|
257
|
+
}
|
258
|
+
DH_free(_dh512);
|
259
|
+
DH_free(_dh1024);
|
260
|
+
DH_free(_dh2048);
|
261
|
+
DH_free(_dh4096);
|
262
|
+
}
|
263
|
+
|
264
|
+
bool
|
265
|
+
IceSSL::DHParams::add(int keyLength, const string& file)
|
266
|
+
{
|
267
|
+
BIO* bio = BIO_new(BIO_s_file());
|
268
|
+
if(BIO_read_filename(bio, file.c_str()) <= 0)
|
269
|
+
{
|
270
|
+
BIO_free(bio);
|
271
|
+
return false;
|
272
|
+
}
|
273
|
+
DH* dh = PEM_read_bio_DHparams(bio, 0, 0, 0);
|
274
|
+
BIO_free(bio);
|
275
|
+
if(!dh)
|
276
|
+
{
|
277
|
+
return false;
|
278
|
+
}
|
279
|
+
ParamList::iterator p = _params.begin();
|
280
|
+
while(p != _params.end() && keyLength > p->first)
|
281
|
+
{
|
282
|
+
++p;
|
283
|
+
}
|
284
|
+
_params.insert(p, KeyParamPair(keyLength, dh));
|
285
|
+
return true;
|
286
|
+
}
|
287
|
+
|
288
|
+
DH*
|
289
|
+
IceSSL::DHParams::get(int keyLength)
|
290
|
+
{
|
291
|
+
//
|
292
|
+
// First check the set of parameters specified by the user.
|
293
|
+
// Return the first set whose key length is at least keyLength.
|
294
|
+
//
|
295
|
+
for(ParamList::iterator p = _params.begin(); p != _params.end(); ++p)
|
296
|
+
{
|
297
|
+
if(p->first >= keyLength)
|
298
|
+
{
|
299
|
+
return p->second;
|
300
|
+
}
|
301
|
+
}
|
302
|
+
|
303
|
+
//
|
304
|
+
// No match found. Use one of the predefined parameter sets instead.
|
305
|
+
//
|
306
|
+
IceUtil::Mutex::Lock sync(*this);
|
307
|
+
|
308
|
+
if(keyLength >= 4096)
|
309
|
+
{
|
310
|
+
if(!_dh4096)
|
311
|
+
{
|
312
|
+
_dh4096 = convertDH(dh4096_p, (int) sizeof(dh4096_p), dh4096_g, (int) sizeof(dh4096_g));
|
313
|
+
}
|
314
|
+
return _dh4096;
|
315
|
+
}
|
316
|
+
else if(keyLength >= 2048)
|
317
|
+
{
|
318
|
+
if(!_dh2048)
|
319
|
+
{
|
320
|
+
_dh2048 = convertDH(dh2048_p, (int) sizeof(dh2048_p), dh2048_g, (int) sizeof(dh2048_g));
|
321
|
+
}
|
322
|
+
return _dh2048;
|
323
|
+
}
|
324
|
+
else if(keyLength >= 1024)
|
325
|
+
{
|
326
|
+
if(!_dh1024)
|
327
|
+
{
|
328
|
+
_dh1024 = convertDH(dh1024_p, (int) sizeof(dh1024_p), dh1024_g, (int) sizeof(dh1024_g));
|
329
|
+
}
|
330
|
+
return _dh1024;
|
331
|
+
}
|
332
|
+
else
|
333
|
+
{
|
334
|
+
if(!_dh512)
|
335
|
+
{
|
336
|
+
_dh512 = convertDH(dh512_p, (int) sizeof(dh512_p), dh512_g, (int) sizeof(dh512_g));
|
337
|
+
}
|
338
|
+
return _dh512;
|
339
|
+
}
|
340
|
+
}
|
341
|
+
|
342
|
+
# endif
|
343
|
+
|
344
|
+
string
|
345
|
+
IceSSL::getSslErrors(bool verbose)
|
346
|
+
{
|
347
|
+
ostringstream ostr;
|
348
|
+
|
349
|
+
const char* file;
|
350
|
+
const char* data;
|
351
|
+
int line;
|
352
|
+
int flags;
|
353
|
+
unsigned long err;
|
354
|
+
int count = 0;
|
355
|
+
while((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
|
356
|
+
{
|
357
|
+
if(count > 0)
|
358
|
+
{
|
359
|
+
ostr << endl;
|
360
|
+
}
|
361
|
+
|
362
|
+
if(verbose)
|
363
|
+
{
|
364
|
+
if(count > 0)
|
365
|
+
{
|
366
|
+
ostr << endl;
|
367
|
+
}
|
368
|
+
|
369
|
+
char buf[200];
|
370
|
+
ERR_error_string_n(err, buf, sizeof(buf));
|
371
|
+
|
372
|
+
ostr << "error # = " << err << endl;
|
373
|
+
ostr << "message = " << buf << endl;
|
374
|
+
ostr << "location = " << file << ", " << line;
|
375
|
+
if(flags & ERR_TXT_STRING)
|
376
|
+
{
|
377
|
+
ostr << endl;
|
378
|
+
ostr << "data = " << data;
|
379
|
+
}
|
380
|
+
}
|
381
|
+
else
|
382
|
+
{
|
383
|
+
const char* reason = ERR_reason_error_string(err);
|
384
|
+
ostr << (reason == NULL ? "unknown reason" : reason);
|
385
|
+
if(flags & ERR_TXT_STRING)
|
386
|
+
{
|
387
|
+
ostr << ": " << data;
|
388
|
+
}
|
389
|
+
}
|
390
|
+
|
391
|
+
++count;
|
392
|
+
}
|
393
|
+
|
394
|
+
ERR_clear_error();
|
395
|
+
|
396
|
+
return ostr.str();
|
397
|
+
}
|
398
|
+
|
399
|
+
#elif defined(ICE_USE_SECURE_TRANSPORT)
|
400
|
+
|
401
|
+
string
|
402
|
+
IceSSL::errorToString(CFErrorRef err)
|
403
|
+
{
|
404
|
+
ostringstream os;
|
405
|
+
if(err)
|
406
|
+
{
|
407
|
+
CFStringRef s = CFErrorCopyDescription(err);
|
408
|
+
os << "(error: " << CFErrorGetCode(err) << " description: " << fromCFString(s) << ")";
|
409
|
+
CFRelease(s);
|
410
|
+
}
|
411
|
+
return os.str();
|
412
|
+
}
|
413
|
+
|
414
|
+
string
|
415
|
+
IceSSL::errorToString(OSStatus status)
|
416
|
+
{
|
417
|
+
ostringstream os;
|
418
|
+
os << "(error: " << status;
|
419
|
+
CFStringRef s = SecCopyErrorMessageString(status, 0);
|
420
|
+
if(s)
|
421
|
+
{
|
422
|
+
os << " description: " << fromCFString(s);
|
423
|
+
CFRelease(s);
|
424
|
+
}
|
425
|
+
os << ")";
|
426
|
+
return os.str();
|
427
|
+
}
|
428
|
+
|
429
|
+
std::string
|
430
|
+
IceSSL::fromCFString(CFStringRef v)
|
431
|
+
{
|
432
|
+
string s;
|
433
|
+
if(v)
|
434
|
+
{
|
435
|
+
CFIndex size = CFStringGetMaximumSizeForEncoding(CFStringGetLength(v), kCFStringEncodingUTF8);
|
436
|
+
vector<char> buffer;
|
437
|
+
buffer.resize(size + 1);
|
438
|
+
CFStringGetCString(v, &buffer[0], buffer.size(), kCFStringEncodingUTF8);
|
439
|
+
s.assign(&buffer[0]);
|
440
|
+
}
|
441
|
+
return s;
|
442
|
+
}
|
443
|
+
|
444
|
+
CFDictionaryRef
|
445
|
+
IceSSL::getCertificateProperty(SecCertificateRef cert, CFTypeRef key)
|
446
|
+
{
|
447
|
+
CFArrayRef keys = CFArrayCreate(NULL, &key , 1, &kCFTypeArrayCallBacks);
|
448
|
+
CFErrorRef err = 0;
|
449
|
+
CFDictionaryRef values = SecCertificateCopyValues(cert, keys, &err);
|
450
|
+
CFRelease(keys);
|
451
|
+
|
452
|
+
if(err)
|
453
|
+
{
|
454
|
+
CertificateEncodingException ex(__FILE__, __LINE__, err);
|
455
|
+
throw ex;
|
456
|
+
}
|
457
|
+
|
458
|
+
assert(values);
|
459
|
+
CFDictionaryRef property = (CFDictionaryRef)CFDictionaryGetValue(values, key);
|
460
|
+
if(property)
|
461
|
+
{
|
462
|
+
CFRetain(property);
|
463
|
+
}
|
464
|
+
CFRelease(values);
|
465
|
+
return property;
|
466
|
+
}
|
467
|
+
|
468
|
+
namespace
|
469
|
+
{
|
470
|
+
|
471
|
+
//
|
472
|
+
// Retrive the certificate subject key identifier, the caller must release the returned CFData
|
473
|
+
// object.
|
474
|
+
//
|
475
|
+
CFDataRef
|
476
|
+
getSubjectKeyIdentifier(SecCertificateRef cert)
|
477
|
+
{
|
478
|
+
CFDataRef data = 0;
|
479
|
+
CFDictionaryRef property = getCertificateProperty(cert, kSecOIDSubjectKeyIdentifier);
|
480
|
+
if(property)
|
481
|
+
{
|
482
|
+
CFArrayRef propertyValues = (CFArrayRef)CFDictionaryGetValue(property, kSecPropertyKeyValue);
|
483
|
+
for(int i = 0, length = CFArrayGetCount(propertyValues); i < length; ++i)
|
484
|
+
{
|
485
|
+
CFDictionaryRef dict = (CFDictionaryRef)CFArrayGetValueAtIndex(propertyValues, i);
|
486
|
+
CFStringRef label = (CFStringRef)CFDictionaryGetValue(dict, kSecPropertyKeyLabel);
|
487
|
+
if(CFEqual(label, CFSTR("Key Identifier")))
|
488
|
+
{
|
489
|
+
data = (CFDataRef)CFDictionaryGetValue(dict, kSecPropertyKeyValue);
|
490
|
+
CFRetain(data);
|
491
|
+
break;
|
492
|
+
}
|
493
|
+
}
|
494
|
+
CFRelease(property);
|
495
|
+
}
|
496
|
+
return data;
|
497
|
+
}
|
498
|
+
|
499
|
+
//
|
500
|
+
// Check the certificate basic constraints to check if the certificate is marked as a CA.
|
501
|
+
//
|
502
|
+
bool
|
503
|
+
isCA(SecCertificateRef cert)
|
504
|
+
{
|
505
|
+
bool ca = false;
|
506
|
+
CFDictionaryRef property = getCertificateProperty(cert, kSecOIDBasicConstraints);
|
507
|
+
if(property)
|
508
|
+
{
|
509
|
+
CFArrayRef propertyValues = (CFArrayRef)CFDictionaryGetValue(property, kSecPropertyKeyValue);
|
510
|
+
for(int i = 0, size = CFArrayGetCount(propertyValues); i < size; ++i)
|
511
|
+
{
|
512
|
+
CFDictionaryRef dict = (CFDictionaryRef)CFArrayGetValueAtIndex(propertyValues, i);
|
513
|
+
CFStringRef label = (CFStringRef)CFDictionaryGetValue(dict, kSecPropertyKeyLabel);
|
514
|
+
if(CFEqual(label, CFSTR("Certificate Authority")))
|
515
|
+
{
|
516
|
+
CFStringRef value = (CFStringRef)CFDictionaryGetValue(dict, kSecPropertyKeyValue);
|
517
|
+
if(CFEqual(value, CFSTR("Yes")))
|
518
|
+
{
|
519
|
+
ca = true;
|
520
|
+
}
|
521
|
+
break;
|
522
|
+
}
|
523
|
+
}
|
524
|
+
CFRelease(property);
|
525
|
+
}
|
526
|
+
return ca;
|
527
|
+
}
|
528
|
+
|
529
|
+
//
|
530
|
+
// Search the keychain for an existing item with the same hash and type,
|
531
|
+
// the hash is the certificate subject key identifier. For private key
|
532
|
+
// items the hash should match kSecAttrApplicationLabel attribute, for
|
533
|
+
// certificate items it should match the kSecAttrSubjectKeyID attribute.
|
534
|
+
//
|
535
|
+
SecKeychainItemRef
|
536
|
+
copyMatching(SecKeychainRef keychain, CFDataRef hash, CFTypeRef type)
|
537
|
+
{
|
538
|
+
assert(keychain);
|
539
|
+
assert(hash);
|
540
|
+
assert(type == kSecClassKey || type == kSecClassCertificate);
|
541
|
+
|
542
|
+
const void* values[] = {keychain};
|
543
|
+
CFArrayRef searchList = CFArrayCreate(kCFAllocatorDefault, values, 1, &kCFTypeArrayCallBacks);
|
544
|
+
|
545
|
+
CFMutableDictionaryRef query =
|
546
|
+
CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
|
547
|
+
|
548
|
+
CFDictionarySetValue(query, kSecClass, type);
|
549
|
+
CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne);
|
550
|
+
CFDictionarySetValue(query, kSecMatchSearchList, searchList);
|
551
|
+
CFDictionarySetValue(query, type == kSecClassKey ? kSecAttrApplicationLabel : kSecAttrSubjectKeyID, hash);
|
552
|
+
CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue);
|
553
|
+
|
554
|
+
SecKeychainItemRef item = 0;
|
555
|
+
OSStatus err = SecItemCopyMatching(query, (CFTypeRef*)&item);
|
556
|
+
|
557
|
+
CFRelease(searchList);
|
558
|
+
CFRelease(query);
|
559
|
+
|
560
|
+
if(err != noErr && err != errSecItemNotFound)
|
561
|
+
{
|
562
|
+
throw CertificateReadException(__FILE__, __LINE__,
|
563
|
+
"Error searching for keychain items\n" + errorToString(err));
|
564
|
+
}
|
565
|
+
|
566
|
+
return item;
|
567
|
+
}
|
568
|
+
|
569
|
+
//
|
570
|
+
// Add an item to the keychain, if the keychain already has this item return the existing item,
|
571
|
+
// otherwise return the new added item.
|
572
|
+
//
|
573
|
+
SecKeychainItemRef
|
574
|
+
addToKeychain(SecKeychainRef keychain, SecKeychainItemRef item, CFDataRef hash, CFTypeRef type)
|
575
|
+
{
|
576
|
+
assert(keychain);
|
577
|
+
assert(item);
|
578
|
+
assert(hash);
|
579
|
+
|
580
|
+
SecKeychainItemRef newItem = copyMatching(keychain, hash, type);
|
581
|
+
if(!newItem)
|
582
|
+
{
|
583
|
+
CFMutableDictionaryRef query = CFDictionaryCreateMutable(kCFAllocatorDefault,
|
584
|
+
0,
|
585
|
+
&kCFTypeDictionaryKeyCallBacks,
|
586
|
+
&kCFTypeDictionaryValueCallBacks);
|
587
|
+
|
588
|
+
CFDictionarySetValue(query, kSecUseKeychain, keychain);
|
589
|
+
CFDictionarySetValue(query, kSecClass, type);
|
590
|
+
CFDictionarySetValue(query, kSecValueRef, item);
|
591
|
+
CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue);
|
592
|
+
|
593
|
+
CFArrayRef added = 0;
|
594
|
+
OSStatus err = SecItemAdd(query, (CFTypeRef*)&added);
|
595
|
+
CFRelease(query);
|
596
|
+
|
597
|
+
if(err != noErr)
|
598
|
+
{
|
599
|
+
ostringstream os;
|
600
|
+
os << "Failure adding " << (type == kSecClassKey ? "key" : "certificate")
|
601
|
+
<< " to keychain\n" << errorToString(err);
|
602
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
603
|
+
}
|
604
|
+
newItem = (SecKeychainItemRef)CFArrayGetValueAtIndex(added, 0);
|
605
|
+
CFRetain(newItem);
|
606
|
+
CFRelease(added);
|
607
|
+
}
|
608
|
+
|
609
|
+
assert(newItem);
|
610
|
+
|
611
|
+
return newItem;
|
612
|
+
}
|
613
|
+
|
614
|
+
//
|
615
|
+
// Load keychain items (Certificates or Private Keys) from a file. On return items param contain
|
616
|
+
// the list of items, the caller must release it.
|
617
|
+
//
|
618
|
+
void
|
619
|
+
loadKeychainItems(CFArrayRef* items, CFTypeRef type, const string& file, SecExternalFormat* format,
|
620
|
+
SecKeychainRef keychain, const string& passphrase, const PasswordPromptPtr& prompt,
|
621
|
+
int passwordRetryMax)
|
622
|
+
{
|
623
|
+
assert(type == kSecClassCertificate || type == kSecClassKey);
|
624
|
+
vector<char> buffer;
|
625
|
+
readFile(file, buffer);
|
626
|
+
|
627
|
+
CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
|
628
|
+
reinterpret_cast<const UInt8*>(&buffer[0]),
|
629
|
+
buffer.size(),
|
630
|
+
kCFAllocatorNull);
|
631
|
+
|
632
|
+
SecExternalItemType itemType = kSecItemTypeUnknown;
|
633
|
+
|
634
|
+
SecItemImportExportKeyParameters params;
|
635
|
+
memset(¶ms, 0, sizeof(params));
|
636
|
+
params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
|
637
|
+
|
638
|
+
{
|
639
|
+
const void* values[] = {kSecACLAuthorizationAny};
|
640
|
+
params.keyUsage = CFArrayCreate(0, values, 1, 0);
|
641
|
+
}
|
642
|
+
|
643
|
+
params.flags |= kSecKeyNoAccessControl;
|
644
|
+
|
645
|
+
OSStatus err = noErr;
|
646
|
+
int count = 0;
|
647
|
+
|
648
|
+
while(true)
|
649
|
+
{
|
650
|
+
if(!passphrase.empty())
|
651
|
+
{
|
652
|
+
assert(!params.passphrase);
|
653
|
+
params.passphrase = toCFString(passphrase);
|
654
|
+
}
|
655
|
+
err = SecItemImport(data, 0, format, &itemType, 0, ¶ms, *format == kSecFormatPKCS12 ? keychain : 0,
|
656
|
+
items);
|
657
|
+
if(params.passphrase)
|
658
|
+
{
|
659
|
+
CFRelease(params.passphrase);
|
660
|
+
params.passphrase = 0;
|
661
|
+
}
|
662
|
+
|
663
|
+
if(err == noErr)
|
664
|
+
{
|
665
|
+
break;
|
666
|
+
}
|
667
|
+
|
668
|
+
//
|
669
|
+
// Try PKCS12 format.
|
670
|
+
//
|
671
|
+
if(err == errSecUnknownFormat && *format != kSecFormatPKCS12)
|
672
|
+
{
|
673
|
+
*format = kSecFormatPKCS12;
|
674
|
+
itemType = kSecItemTypeAggregate;
|
675
|
+
continue;
|
676
|
+
}
|
677
|
+
|
678
|
+
//
|
679
|
+
// Error
|
680
|
+
//
|
681
|
+
if(!passphrase.empty() || (err != errSecPassphraseRequired &&
|
682
|
+
err != errSecInvalidData &&
|
683
|
+
err != errSecPkcs12VerifyFailure))
|
684
|
+
{
|
685
|
+
break;
|
686
|
+
}
|
687
|
+
|
688
|
+
if(prompt && count < passwordRetryMax)
|
689
|
+
{
|
690
|
+
params.passphrase = toCFString(prompt->getPassword());
|
691
|
+
}
|
692
|
+
//
|
693
|
+
// Configure the default OS X password prompt if passphrase is required
|
694
|
+
// and the user doesn't provide a passphrase or password prompt.
|
695
|
+
//
|
696
|
+
else if(!prompt && !(params.flags & kSecKeySecurePassphrase))
|
697
|
+
{
|
698
|
+
params.flags |= kSecKeySecurePassphrase;
|
699
|
+
ostringstream os;
|
700
|
+
os << "Enter the password for\n" << file;
|
701
|
+
params.alertPrompt = toCFString(os.str());
|
702
|
+
continue;
|
703
|
+
}
|
704
|
+
//
|
705
|
+
// Password retry.
|
706
|
+
//
|
707
|
+
if(++count >= passwordRetryMax)
|
708
|
+
{
|
709
|
+
break;
|
710
|
+
}
|
711
|
+
}
|
712
|
+
|
713
|
+
if(params.alertPrompt)
|
714
|
+
{
|
715
|
+
CFRelease(params.alertPrompt);
|
716
|
+
}
|
717
|
+
|
718
|
+
CFRelease(data);
|
719
|
+
|
720
|
+
if(err != noErr)
|
721
|
+
{
|
722
|
+
ostringstream os;
|
723
|
+
os << "Error reading " << (type == kSecClassCertificate ? "certificate " : "private key ")
|
724
|
+
<< "from file: `" << file << "'\n" << errorToString(err);
|
725
|
+
throw CertificateReadException(__FILE__, __LINE__, os.str());
|
726
|
+
}
|
727
|
+
}
|
728
|
+
|
729
|
+
}
|
730
|
+
|
731
|
+
//
|
732
|
+
// Helper function to generate the private key label (display name) used
|
733
|
+
// in the keychain.
|
734
|
+
//
|
735
|
+
string
|
736
|
+
IceSSL::keyLabel(SecCertificateRef cert)
|
737
|
+
{
|
738
|
+
CFStringRef commonName;
|
739
|
+
OSStatus err = SecCertificateCopyCommonName(cert, &commonName);
|
740
|
+
if(err != noErr)
|
741
|
+
{
|
742
|
+
throw CertificateReadException(__FILE__, __LINE__, "certificate error:\n" + errorToString(err));
|
743
|
+
}
|
744
|
+
string label = fromCFString(commonName);
|
745
|
+
CFRelease(commonName);
|
746
|
+
return label.empty() ? "Imported Private Key" : (label + " - Private Key");
|
747
|
+
}
|
748
|
+
|
749
|
+
//
|
750
|
+
// Imports a certificate private key and optionally add it to a keychain.
|
751
|
+
//
|
752
|
+
void
|
753
|
+
IceSSL::loadPrivateKey(SecKeyRef* key, const string& label, CFDataRef hash, SecKeychainRef keychain,
|
754
|
+
const string& file, const string& passphrase, const PasswordPromptPtr& prompt,
|
755
|
+
int passwordRetryMax)
|
756
|
+
{
|
757
|
+
assert(key);
|
758
|
+
CFArrayRef items = 0;
|
759
|
+
try
|
760
|
+
{
|
761
|
+
SecExternalFormat format = kSecFormatUnknown;
|
762
|
+
loadKeychainItems(&items, kSecClassKey, file, &format, keychain, passphrase, prompt, passwordRetryMax);
|
763
|
+
if(items)
|
764
|
+
{
|
765
|
+
int count = CFArrayGetCount(items);
|
766
|
+
for(int i = 0; i < count; ++i)
|
767
|
+
{
|
768
|
+
SecKeychainItemRef item = (SecKeychainItemRef)CFArrayGetValueAtIndex(items, 0);
|
769
|
+
if(SecKeyGetTypeID() == CFGetTypeID(item))
|
770
|
+
{
|
771
|
+
CFRetain(item);
|
772
|
+
*key = (SecKeyRef)item;
|
773
|
+
|
774
|
+
CFRelease(items);
|
775
|
+
items = 0;
|
776
|
+
|
777
|
+
if(keychain)
|
778
|
+
{
|
779
|
+
SecKeychainItemRef newItem = addToKeychain(keychain, item, hash, kSecClassKey);
|
780
|
+
assert(newItem);
|
781
|
+
CFRelease(*key);
|
782
|
+
*key = (SecKeyRef)newItem;
|
783
|
+
if(hash)
|
784
|
+
{
|
785
|
+
//
|
786
|
+
// Create the association between the private key and the certificate,
|
787
|
+
// kSecKeyLabel attribute should match the subject key identifier.
|
788
|
+
//
|
789
|
+
SecKeychainAttribute attr;
|
790
|
+
attr.tag = kSecKeyLabel;
|
791
|
+
attr.data = (void*)CFDataGetBytePtr(hash);
|
792
|
+
attr.length = CFDataGetLength(hash);
|
793
|
+
|
794
|
+
SecKeychainAttributeList attrs;
|
795
|
+
attrs.attr = &attr;
|
796
|
+
attrs.count = 1;
|
797
|
+
|
798
|
+
SecKeychainItemModifyAttributesAndData(newItem, &attrs, 0, 0);
|
799
|
+
}
|
800
|
+
|
801
|
+
if(!label.empty())
|
802
|
+
{
|
803
|
+
//
|
804
|
+
// kSecKeyPrintName attribute correspond to the keychain display
|
805
|
+
// name.
|
806
|
+
//
|
807
|
+
SecKeychainAttribute att;
|
808
|
+
att.tag = kSecKeyPrintName;
|
809
|
+
att.data = (void*)label.c_str();
|
810
|
+
att.length = label.size();
|
811
|
+
|
812
|
+
SecKeychainAttributeList attrs;
|
813
|
+
attrs.attr = &att;
|
814
|
+
attrs.count = 1;
|
815
|
+
|
816
|
+
SecKeychainItemModifyAttributesAndData(newItem, &attrs, 0, 0);
|
817
|
+
}
|
818
|
+
}
|
819
|
+
break;
|
820
|
+
}
|
821
|
+
}
|
822
|
+
}
|
823
|
+
|
824
|
+
if(!*key)
|
825
|
+
{
|
826
|
+
throw CertificateReadException(__FILE__, __LINE__,
|
827
|
+
"Certificate error:\n error importing certificate from " + file);
|
828
|
+
}
|
829
|
+
}
|
830
|
+
catch(...)
|
831
|
+
{
|
832
|
+
if(items)
|
833
|
+
{
|
834
|
+
CFRelease(items);
|
835
|
+
}
|
836
|
+
|
837
|
+
if(*key)
|
838
|
+
{
|
839
|
+
CFRelease(*key);
|
840
|
+
*key = 0;
|
841
|
+
}
|
842
|
+
|
843
|
+
throw;
|
844
|
+
}
|
845
|
+
}
|
846
|
+
|
847
|
+
//
|
848
|
+
// Imports a certificate and private key and optionally add then to a keychain.
|
849
|
+
//
|
850
|
+
void
|
851
|
+
IceSSL::loadCertificate(SecCertificateRef* cert, CFDataRef* hash, SecKeyRef* key, SecKeychainRef keychain,
|
852
|
+
const string& file, const string& passphrase, const PasswordPromptPtr& prompt,
|
853
|
+
int passwordRetryMax)
|
854
|
+
{
|
855
|
+
assert(cert);
|
856
|
+
CFArrayRef items = 0;
|
857
|
+
SecIdentityRef identity = 0;
|
858
|
+
|
859
|
+
try
|
860
|
+
{
|
861
|
+
SecExternalFormat format = kSecFormatUnknown;
|
862
|
+
loadKeychainItems(&items, kSecClassCertificate, file, &format, keychain, passphrase, prompt, passwordRetryMax);
|
863
|
+
|
864
|
+
if(items)
|
865
|
+
{
|
866
|
+
int count = CFArrayGetCount(items);
|
867
|
+
|
868
|
+
for(int i = 0; i < count; ++i)
|
869
|
+
{
|
870
|
+
SecKeychainItemRef item = (SecKeychainItemRef)CFArrayGetValueAtIndex(items, i);
|
871
|
+
if(format == kSecFormatPKCS12)
|
872
|
+
{
|
873
|
+
OSStatus err = noErr;
|
874
|
+
if(SecIdentityGetTypeID() == CFGetTypeID(item))
|
875
|
+
{
|
876
|
+
if((err = SecIdentityCopyCertificate((SecIdentityRef)item, cert)) != noErr)
|
877
|
+
{
|
878
|
+
throw CertificateReadException(__FILE__, __LINE__, "Certificate error:\n" +
|
879
|
+
errorToString(err));
|
880
|
+
}
|
881
|
+
|
882
|
+
if((err = SecIdentityCopyPrivateKey((SecIdentityRef)item, key)) != noErr)
|
883
|
+
{
|
884
|
+
throw CertificateReadException(__FILE__, __LINE__, "Certificate error:\n" +
|
885
|
+
errorToString(err));
|
886
|
+
}
|
887
|
+
break;
|
888
|
+
}
|
889
|
+
else if(SecCertificateGetTypeID() == CFGetTypeID(item))
|
890
|
+
{
|
891
|
+
CFRetain(item);
|
892
|
+
*cert = (SecCertificateRef)item;
|
893
|
+
|
894
|
+
if((err = SecIdentityCreateWithCertificate(keychain, *cert, &identity)) != noErr)
|
895
|
+
{
|
896
|
+
throw CertificateReadException(__FILE__, __LINE__, "Certificate error:\n" +
|
897
|
+
errorToString(err));
|
898
|
+
}
|
899
|
+
if((err = SecIdentityCopyPrivateKey(identity, key)) != noErr)
|
900
|
+
{
|
901
|
+
throw CertificateReadException(__FILE__, __LINE__, "Certificate error:\n" +
|
902
|
+
errorToString(err));
|
903
|
+
}
|
904
|
+
|
905
|
+
CFRelease(identity);
|
906
|
+
identity = 0;
|
907
|
+
break;
|
908
|
+
}
|
909
|
+
}
|
910
|
+
else if(SecCertificateGetTypeID() == CFGetTypeID(item))
|
911
|
+
{
|
912
|
+
CFRetain(item);
|
913
|
+
*cert = (SecCertificateRef)item;
|
914
|
+
|
915
|
+
//
|
916
|
+
// Copy the public key hash, that is used when added the private key
|
917
|
+
// to create an association between the certificate and the corresponding
|
918
|
+
// private key.
|
919
|
+
//
|
920
|
+
if(hash)
|
921
|
+
{
|
922
|
+
*hash = getSubjectKeyIdentifier(*cert);
|
923
|
+
|
924
|
+
if(keychain)
|
925
|
+
{
|
926
|
+
SecKeychainItemRef newItem = addToKeychain(keychain, item, *hash, kSecClassCertificate);
|
927
|
+
assert(newItem);
|
928
|
+
CFRelease(*cert);
|
929
|
+
*cert = (SecCertificateRef)newItem;
|
930
|
+
}
|
931
|
+
}
|
932
|
+
break;
|
933
|
+
}
|
934
|
+
}
|
935
|
+
|
936
|
+
CFRelease(items);
|
937
|
+
items = 0;
|
938
|
+
}
|
939
|
+
|
940
|
+
if(!*cert)
|
941
|
+
{
|
942
|
+
throw CertificateReadException(__FILE__, __LINE__,
|
943
|
+
"Certificate error:\n error importing certificate from " + file);
|
944
|
+
}
|
945
|
+
}
|
946
|
+
catch(...)
|
947
|
+
{
|
948
|
+
if(*cert)
|
949
|
+
{
|
950
|
+
CFRelease(*cert);
|
951
|
+
*cert = 0;
|
952
|
+
}
|
953
|
+
|
954
|
+
if(hash && *hash)
|
955
|
+
{
|
956
|
+
CFRelease(*hash);
|
957
|
+
*hash = 0;
|
958
|
+
}
|
959
|
+
|
960
|
+
if(items)
|
961
|
+
{
|
962
|
+
CFRelease(items);
|
963
|
+
}
|
964
|
+
|
965
|
+
if(identity)
|
966
|
+
{
|
967
|
+
CFRelease(identity);
|
968
|
+
}
|
969
|
+
|
970
|
+
if(key && *key)
|
971
|
+
{
|
972
|
+
CFRelease(*key);
|
973
|
+
*key = 0;
|
974
|
+
}
|
975
|
+
|
976
|
+
throw;
|
977
|
+
}
|
978
|
+
}
|
979
|
+
|
980
|
+
CFArrayRef
|
981
|
+
IceSSL::loadCACertificates(const string& file, const string& passphrase, const PasswordPromptPtr& prompt,
|
982
|
+
int passwordRetryMax)
|
983
|
+
{
|
984
|
+
CFArrayRef items = 0;
|
985
|
+
SecExternalFormat format = kSecFormatUnknown;
|
986
|
+
loadKeychainItems(&items, kSecClassCertificate, file, &format, 0, passphrase, prompt, passwordRetryMax);
|
987
|
+
CFMutableArrayRef certificateAuthorities = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
|
988
|
+
if(items)
|
989
|
+
{
|
990
|
+
for(CFIndex i = 0, size = CFArrayGetCount(items); i < size; ++i)
|
991
|
+
{
|
992
|
+
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(items, i);
|
993
|
+
if(isCA(cert))
|
994
|
+
{
|
995
|
+
CFArrayAppendValue(certificateAuthorities, cert);
|
996
|
+
}
|
997
|
+
}
|
998
|
+
CFRelease(items);
|
999
|
+
}
|
1000
|
+
return certificateAuthorities;
|
1001
|
+
}
|
1002
|
+
|
1003
|
+
SecCertificateRef
|
1004
|
+
IceSSL::findCertificates(SecKeychainRef keychain, const string& prop, const string& value)
|
1005
|
+
{
|
1006
|
+
//
|
1007
|
+
// Search the keychain using key:value pairs. The following keys are supported:
|
1008
|
+
//
|
1009
|
+
// Label
|
1010
|
+
// Serial
|
1011
|
+
// Subject
|
1012
|
+
// SubjectKeyId
|
1013
|
+
//
|
1014
|
+
// A value must be enclosed in single or double quotes if it contains whitespace.
|
1015
|
+
//
|
1016
|
+
CFMutableDictionaryRef query =
|
1017
|
+
CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
|
1018
|
+
|
1019
|
+
const void* values[] = { keychain };
|
1020
|
+
CFArrayRef searchList = CFArrayCreate(kCFAllocatorDefault, values, 1, &kCFTypeArrayCallBacks);
|
1021
|
+
|
1022
|
+
CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne);
|
1023
|
+
CFDictionarySetValue(query, kSecMatchSearchList, searchList);
|
1024
|
+
CFDictionarySetValue(query, kSecClass, kSecClassCertificate);
|
1025
|
+
CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue);
|
1026
|
+
CFDictionarySetValue(query, kSecMatchCaseInsensitive, kCFBooleanTrue);
|
1027
|
+
|
1028
|
+
size_t start = 0;
|
1029
|
+
size_t pos;
|
1030
|
+
while((pos = value.find(':', start)) != string::npos)
|
1031
|
+
{
|
1032
|
+
string field = IceUtilInternal::toUpper(IceUtilInternal::trim(value.substr(start, pos - start)));
|
1033
|
+
string arg;
|
1034
|
+
try
|
1035
|
+
{
|
1036
|
+
if(field != "LABEL" && field != "SERIAL" && field != "SUBJECT" && field != "SUBJECTKEYID")
|
1037
|
+
{
|
1038
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: unknown key in `" + value + "'");
|
1039
|
+
}
|
1040
|
+
|
1041
|
+
start = pos + 1;
|
1042
|
+
while(start < value.size() && (value[start] == ' ' || value[start] == '\t'))
|
1043
|
+
{
|
1044
|
+
++start;
|
1045
|
+
}
|
1046
|
+
|
1047
|
+
if(start == value.size())
|
1048
|
+
{
|
1049
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: missing argument in `" + value + "'");
|
1050
|
+
}
|
1051
|
+
|
1052
|
+
if(value[start] == '"' || value[start] == '\'')
|
1053
|
+
{
|
1054
|
+
size_t end = start;
|
1055
|
+
++end;
|
1056
|
+
while(end < value.size())
|
1057
|
+
{
|
1058
|
+
if(value[end] == value[start] && value[end - 1] != '\\')
|
1059
|
+
{
|
1060
|
+
break;
|
1061
|
+
}
|
1062
|
+
++end;
|
1063
|
+
}
|
1064
|
+
if(end == value.size() || value[end] != value[start])
|
1065
|
+
{
|
1066
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1067
|
+
"IceSSL: unmatched quote in `" + value + "'");
|
1068
|
+
}
|
1069
|
+
++start;
|
1070
|
+
arg = value.substr(start, end - start);
|
1071
|
+
start = end + 1;
|
1072
|
+
}
|
1073
|
+
else
|
1074
|
+
{
|
1075
|
+
size_t end = value.find_first_of(" \t", start);
|
1076
|
+
if(end == string::npos)
|
1077
|
+
{
|
1078
|
+
arg = value.substr(start);
|
1079
|
+
start = value.size();
|
1080
|
+
}
|
1081
|
+
else
|
1082
|
+
{
|
1083
|
+
arg = value.substr(start, end - start);
|
1084
|
+
start = end + 1;
|
1085
|
+
}
|
1086
|
+
}
|
1087
|
+
}
|
1088
|
+
catch(...)
|
1089
|
+
{
|
1090
|
+
CFRelease(searchList);
|
1091
|
+
CFRelease(query);
|
1092
|
+
throw;
|
1093
|
+
}
|
1094
|
+
|
1095
|
+
if(field == "SUBJECT" || field == "LABEL")
|
1096
|
+
{
|
1097
|
+
CFDictionarySetValue(query, field == "LABEL" ? kSecAttrLabel : kSecMatchSubjectContains, toCFString(arg));
|
1098
|
+
}
|
1099
|
+
else if(field == "SUBJECTKEYID" || field == "SERIAL")
|
1100
|
+
{
|
1101
|
+
vector<unsigned char> buffer;
|
1102
|
+
if(!parseBytes(arg, buffer))
|
1103
|
+
{
|
1104
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1105
|
+
"IceSSL: invalid value `" + value + "' for property `" + prop + "'");
|
1106
|
+
}
|
1107
|
+
CFDataRef data = CFDataCreate(kCFAllocatorDefault, &buffer[0], buffer.size());
|
1108
|
+
CFDictionarySetValue(query, field == "SUBJECTKEYID" ? kSecAttrSubjectKeyID : kSecAttrSerialNumber, data);
|
1109
|
+
}
|
1110
|
+
}
|
1111
|
+
|
1112
|
+
SecKeychainItemRef item = 0;
|
1113
|
+
OSStatus err = SecItemCopyMatching(query, (CFTypeRef*)&item);
|
1114
|
+
CFRelease(searchList);
|
1115
|
+
CFRelease(query);
|
1116
|
+
if(err != noErr && err != errSecItemNotFound)
|
1117
|
+
{
|
1118
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1119
|
+
"Error searching for keychain items\n" + errorToString(err));
|
1120
|
+
}
|
1121
|
+
return (SecCertificateRef)item;
|
1122
|
+
}
|
1123
|
+
#elif defined(ICE_USE_SCHANNEL)
|
1124
|
+
|
1125
|
+
namespace
|
1126
|
+
{
|
1127
|
+
//
|
1128
|
+
// Parse a string of the form "location.name" into two parts.
|
1129
|
+
//
|
1130
|
+
void
|
1131
|
+
parseStore(const string& prop, const string& store, DWORD& loc, string& sname)
|
1132
|
+
{
|
1133
|
+
size_t pos = store.find('.');
|
1134
|
+
if(pos == string::npos)
|
1135
|
+
{
|
1136
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: property `" + prop + "' has invalid format");
|
1137
|
+
}
|
1138
|
+
|
1139
|
+
const string sloc = IceUtilInternal::toUpper(store.substr(0, pos));
|
1140
|
+
if(sloc == "CURRENTUSER")
|
1141
|
+
{
|
1142
|
+
loc = CERT_SYSTEM_STORE_CURRENT_USER;
|
1143
|
+
}
|
1144
|
+
else if(sloc == "LOCALMACHINE")
|
1145
|
+
{
|
1146
|
+
loc = CERT_SYSTEM_STORE_LOCAL_MACHINE;
|
1147
|
+
}
|
1148
|
+
else
|
1149
|
+
{
|
1150
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1151
|
+
"IceSSL: unknown store location `" + sloc + "' in " + prop);
|
1152
|
+
}
|
1153
|
+
|
1154
|
+
sname = store.substr(pos + 1);
|
1155
|
+
if(sname.empty())
|
1156
|
+
{
|
1157
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid store name in " + prop);
|
1158
|
+
}
|
1159
|
+
}
|
1160
|
+
|
1161
|
+
void
|
1162
|
+
addMatchingCertificates(HCERTSTORE source, HCERTSTORE target, DWORD findType, const void* findParam)
|
1163
|
+
{
|
1164
|
+
PCCERT_CONTEXT next = 0;
|
1165
|
+
do
|
1166
|
+
{
|
1167
|
+
if((next = CertFindCertificateInStore(source, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0,
|
1168
|
+
findType, findParam, next)))
|
1169
|
+
{
|
1170
|
+
if(!CertAddCertificateContextToStore(target, next, CERT_STORE_ADD_ALWAYS, 0))
|
1171
|
+
{
|
1172
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1173
|
+
"IceSSL: error adding certificate to store:\n" + IceUtilInternal::lastErrorToString());
|
1174
|
+
}
|
1175
|
+
}
|
1176
|
+
}
|
1177
|
+
while(next);
|
1178
|
+
}
|
1179
|
+
|
1180
|
+
}
|
1181
|
+
|
1182
|
+
vector<PCCERT_CONTEXT>
|
1183
|
+
IceSSL::findCertificates(const string& prop, const string& storeSpec, const string& value, vector<HCERTSTORE>& stores)
|
1184
|
+
{
|
1185
|
+
DWORD storeLoc = 0;
|
1186
|
+
string storeName;
|
1187
|
+
parseStore(prop, storeSpec, storeLoc, storeName);
|
1188
|
+
|
1189
|
+
HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, storeLoc, stringToWstring(storeName).c_str());
|
1190
|
+
if(!store)
|
1191
|
+
{
|
1192
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1193
|
+
"IceSSL: failure while opening store specified by " + prop + ":\n" + IceUtilInternal::lastErrorToString());
|
1194
|
+
}
|
1195
|
+
|
1196
|
+
//
|
1197
|
+
// Start with all of the certificates in the collection and filter as necessary.
|
1198
|
+
//
|
1199
|
+
// - If the value is "*", return all certificates.
|
1200
|
+
// - Otherwise, search using key:value pairs. The following keys are supported:
|
1201
|
+
//
|
1202
|
+
// Issuer
|
1203
|
+
// IssuerDN
|
1204
|
+
// Serial
|
1205
|
+
// Subject
|
1206
|
+
// SubjectDN
|
1207
|
+
// SubjectKeyId
|
1208
|
+
// Thumbprint
|
1209
|
+
//
|
1210
|
+
// A value must be enclosed in single or double quotes if it contains whitespace.
|
1211
|
+
//
|
1212
|
+
HCERTSTORE tmpStore = 0;
|
1213
|
+
try
|
1214
|
+
{
|
1215
|
+
if(value != "*")
|
1216
|
+
{
|
1217
|
+
size_t start = 0;
|
1218
|
+
size_t pos;
|
1219
|
+
while((pos = value.find(':', start)) != string::npos)
|
1220
|
+
{
|
1221
|
+
string field = IceUtilInternal::toUpper(IceUtilInternal::trim(value.substr(start, pos - start)));
|
1222
|
+
if(field != "SUBJECT" && field != "SUBJECTDN" && field != "ISSUER" && field != "ISSUERDN" &&
|
1223
|
+
field != "THUMBPRINT" && field != "SUBJECTKEYID" && field != "SERIAL")
|
1224
|
+
{
|
1225
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: unknown key in `" + value + "'");
|
1226
|
+
}
|
1227
|
+
|
1228
|
+
start = pos + 1;
|
1229
|
+
while(start < value.size() && (value[start] == ' ' || value[start] == '\t'))
|
1230
|
+
{
|
1231
|
+
++start;
|
1232
|
+
}
|
1233
|
+
|
1234
|
+
if(start == value.size())
|
1235
|
+
{
|
1236
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: missing argument in `" + value + "'");
|
1237
|
+
}
|
1238
|
+
|
1239
|
+
string arg;
|
1240
|
+
if(value[start] == '"' || value[start] == '\'')
|
1241
|
+
{
|
1242
|
+
size_t end = start;
|
1243
|
+
++end;
|
1244
|
+
while(end < value.size())
|
1245
|
+
{
|
1246
|
+
if(value[end] == value[start] && value[end - 1] != '\\')
|
1247
|
+
{
|
1248
|
+
break;
|
1249
|
+
}
|
1250
|
+
++end;
|
1251
|
+
}
|
1252
|
+
if(end == value.size() || value[end] != value[start])
|
1253
|
+
{
|
1254
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1255
|
+
"IceSSL: unmatched quote in `" + value + "'");
|
1256
|
+
}
|
1257
|
+
++start;
|
1258
|
+
arg = value.substr(start, end - start);
|
1259
|
+
start = end + 1;
|
1260
|
+
}
|
1261
|
+
else
|
1262
|
+
{
|
1263
|
+
size_t end = value.find_first_of(" \t", start);
|
1264
|
+
if(end == string::npos)
|
1265
|
+
{
|
1266
|
+
arg = value.substr(start);
|
1267
|
+
start = value.size();
|
1268
|
+
}
|
1269
|
+
else
|
1270
|
+
{
|
1271
|
+
arg = value.substr(start, end - start);
|
1272
|
+
start = end + 1;
|
1273
|
+
}
|
1274
|
+
}
|
1275
|
+
|
1276
|
+
tmpStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0);
|
1277
|
+
if(!tmpStore)
|
1278
|
+
{
|
1279
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1280
|
+
"IceSSL: error adding certificate to store:\n" + IceUtilInternal::lastErrorToString());
|
1281
|
+
}
|
1282
|
+
|
1283
|
+
if(field == "SUBJECT" || field == "ISSUER")
|
1284
|
+
{
|
1285
|
+
const wstring argW = stringToWstring(arg);
|
1286
|
+
DWORD findType = field == "SUBJECT" ? CERT_FIND_SUBJECT_STR : CERT_FIND_ISSUER_STR;
|
1287
|
+
addMatchingCertificates(store, tmpStore, findType, argW.c_str());
|
1288
|
+
}
|
1289
|
+
else if(field == "SUBJECTDN" || field == "ISSUERDN")
|
1290
|
+
{
|
1291
|
+
const wstring argW = stringToWstring(arg);
|
1292
|
+
DWORD length = 0;
|
1293
|
+
if(!CertStrToNameW(X509_ASN_ENCODING, argW.c_str(), CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
|
1294
|
+
0, 0, &length, 0))
|
1295
|
+
{
|
1296
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1297
|
+
"IceSSL: invalid value `" + value + "' for property `" + prop + "'\n" +
|
1298
|
+
IceUtilInternal::lastErrorToString());
|
1299
|
+
}
|
1300
|
+
|
1301
|
+
vector<BYTE> buffer(length);
|
1302
|
+
if(!CertStrToNameW(X509_ASN_ENCODING, argW.c_str(), CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
|
1303
|
+
0, &buffer[0], &length, 0))
|
1304
|
+
{
|
1305
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1306
|
+
"IceSSL: invalid value `" + value + "' for property `" + prop + "'\n" +
|
1307
|
+
IceUtilInternal::lastErrorToString());
|
1308
|
+
}
|
1309
|
+
|
1310
|
+
CERT_NAME_BLOB name = { length, &buffer[0] };
|
1311
|
+
DWORD findType = field == "SUBJECTDN" ? CERT_FIND_SUBJECT_NAME : CERT_FIND_ISSUER_NAME;
|
1312
|
+
addMatchingCertificates(store, tmpStore, findType, &name);
|
1313
|
+
}
|
1314
|
+
else if(field == "THUMBPRINT" || field == "SUBJECTKEYID")
|
1315
|
+
{
|
1316
|
+
vector<BYTE> buffer;
|
1317
|
+
if(!parseBytes(arg, buffer))
|
1318
|
+
{
|
1319
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1320
|
+
"IceSSL: invalid value `" + value + "' for property `" + prop + "'");
|
1321
|
+
}
|
1322
|
+
|
1323
|
+
CRYPT_HASH_BLOB hash = { static_cast<DWORD>(buffer.size()), &buffer[0] };
|
1324
|
+
DWORD findType = field == "THUMBPRINT" ? CERT_FIND_HASH : CERT_FIND_KEY_IDENTIFIER;
|
1325
|
+
addMatchingCertificates(store, tmpStore, findType, &hash);
|
1326
|
+
}
|
1327
|
+
else if(field == "SERIAL")
|
1328
|
+
{
|
1329
|
+
vector<BYTE> buffer;
|
1330
|
+
if(!parseBytes(arg, buffer))
|
1331
|
+
{
|
1332
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1333
|
+
"IceSSL: invalid value `" + value + "' for property `" + prop + "'");
|
1334
|
+
}
|
1335
|
+
|
1336
|
+
CRYPT_INTEGER_BLOB serial = { static_cast<DWORD>(buffer.size()), &buffer[0] };
|
1337
|
+
PCCERT_CONTEXT next = 0;
|
1338
|
+
do
|
1339
|
+
{
|
1340
|
+
if((next = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0,
|
1341
|
+
CERT_FIND_ANY, 0, next)))
|
1342
|
+
{
|
1343
|
+
if(CertCompareIntegerBlob(&serial, &next->pCertInfo->SerialNumber))
|
1344
|
+
{
|
1345
|
+
if(!CertAddCertificateContextToStore(tmpStore, next, CERT_STORE_ADD_ALWAYS, 0))
|
1346
|
+
{
|
1347
|
+
throw PluginInitializationException(__FILE__, __LINE__,
|
1348
|
+
"IceSSL: error adding certificate to store:\n" +
|
1349
|
+
IceUtilInternal::lastErrorToString());
|
1350
|
+
}
|
1351
|
+
}
|
1352
|
+
}
|
1353
|
+
}
|
1354
|
+
while(next);
|
1355
|
+
}
|
1356
|
+
CertCloseStore(store, 0);
|
1357
|
+
store = tmpStore;
|
1358
|
+
}
|
1359
|
+
}
|
1360
|
+
}
|
1361
|
+
catch(...)
|
1362
|
+
{
|
1363
|
+
if(store && store != tmpStore)
|
1364
|
+
{
|
1365
|
+
CertCloseStore(store, 0);
|
1366
|
+
}
|
1367
|
+
|
1368
|
+
if(tmpStore)
|
1369
|
+
{
|
1370
|
+
CertCloseStore(tmpStore, 0);
|
1371
|
+
tmpStore = 0;
|
1372
|
+
}
|
1373
|
+
throw;
|
1374
|
+
}
|
1375
|
+
|
1376
|
+
vector<PCCERT_CONTEXT> certs;
|
1377
|
+
if(store)
|
1378
|
+
{
|
1379
|
+
PCCERT_CONTEXT next = 0;
|
1380
|
+
do
|
1381
|
+
{
|
1382
|
+
if((next = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, 0,
|
1383
|
+
next)))
|
1384
|
+
{
|
1385
|
+
certs.push_back(next);
|
1386
|
+
}
|
1387
|
+
}
|
1388
|
+
while(next);
|
1389
|
+
stores.push_back(store);
|
1390
|
+
}
|
1391
|
+
return certs;
|
1392
|
+
}
|
1393
|
+
#endif
|
1394
|
+
|
1395
|
+
bool
|
1396
|
+
IceSSL::checkPath(string& path, const string& defaultDir, bool dir)
|
1397
|
+
{
|
1398
|
+
//
|
1399
|
+
// Check if file exists. If not, try prepending the default
|
1400
|
+
// directory and check again. If the path exists, the string
|
1401
|
+
// argument is modified and true is returned. Otherwise
|
1402
|
+
// false is returned.
|
1403
|
+
//
|
1404
|
+
IceUtilInternal::structstat st;
|
1405
|
+
int err = IceUtilInternal::stat(path, &st);
|
1406
|
+
if(err == 0)
|
1407
|
+
{
|
1408
|
+
return dir ? S_ISDIR(st.st_mode) != 0 : S_ISREG(st.st_mode) != 0;
|
1409
|
+
}
|
1410
|
+
|
1411
|
+
if(!defaultDir.empty())
|
1412
|
+
{
|
1413
|
+
string s = defaultDir + IceUtilInternal::separator + path;
|
1414
|
+
err = ::IceUtilInternal::stat(s.c_str(), &st);
|
1415
|
+
if(err == 0 && ((!dir && S_ISREG(st.st_mode)) || (dir && S_ISDIR(st.st_mode))))
|
1416
|
+
{
|
1417
|
+
path = s;
|
1418
|
+
return true;
|
1419
|
+
}
|
1420
|
+
}
|
1421
|
+
|
1422
|
+
return false;
|
1423
|
+
}
|