RubyGems - zeroc-ice - Versions diffs - 3.7.3 → 3.7.7 - Mend

zeroc-ice 3.7.3 → 3.7.7

Files changed (227) hide show

checksums.yaml +4 -4
data/ext/Communicator.cpp +3 -0
data/ext/Config.h +11 -0
data/ext/Types.cpp +18 -2
data/ext/Util.cpp +15 -3
data/ext/Util.h +36 -0
data/ext/ice/cpp/include/Ice/Exception.h +3 -3
data/ext/ice/cpp/include/Ice/Functional.h +3 -1
data/ext/ice/cpp/include/Ice/IconvStringConverter.h +1 -1
data/ext/ice/cpp/include/Ice/Initialize.h +1 -1
data/ext/ice/cpp/include/Ice/Object.h +7 -0
data/ext/ice/cpp/include/Ice/Optional.h +1 -1
data/ext/ice/cpp/include/Ice/OutgoingAsync.h +15 -0
data/ext/ice/cpp/include/Ice/Proxy.h +56 -25
data/ext/ice/cpp/include/Ice/Service.h +1 -1
data/ext/ice/cpp/include/IceSSL/Plugin.h +142 -0
data/ext/ice/cpp/include/IceUtil/Config.h +3 -2
data/ext/ice/cpp/include/IceUtil/Functional.h +3 -1
data/ext/ice/cpp/include/IceUtil/MutexPtrLock.h +4 -4
data/ext/ice/cpp/include/IceUtil/ResourceConfig.h +2 -2
data/ext/ice/cpp/include/generated/Ice/BuiltinSequences.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Communicator.h +10 -4
data/ext/ice/cpp/include/generated/Ice/CommunicatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Connection.h +58 -15
data/ext/ice/cpp/include/generated/Ice/ConnectionF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Current.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Endpoint.h +50 -14
data/ext/ice/cpp/include/generated/Ice/EndpointF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/EndpointTypes.h +2 -2
data/ext/ice/cpp/include/generated/Ice/FacetMap.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Identity.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ImplicitContext.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ImplicitContextF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Instrumentation.h +62 -2
data/ext/ice/cpp/include/generated/Ice/InstrumentationF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/LocalException.h +523 -127
data/ext/ice/cpp/include/generated/Ice/Locator.h +62 -14
data/ext/ice/cpp/include/generated/Ice/LocatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Logger.h +8 -2
data/ext/ice/cpp/include/generated/Ice/LoggerF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Metrics.h +79 -27
data/ext/ice/cpp/include/generated/Ice/ObjectAdapter.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ObjectAdapterF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ObjectFactory.h +8 -2
data/ext/ice/cpp/include/generated/Ice/Plugin.h +14 -2
data/ext/ice/cpp/include/generated/Ice/PluginF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Process.h +10 -4
data/ext/ice/cpp/include/generated/Ice/ProcessF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Properties.h +8 -2
data/ext/ice/cpp/include/generated/Ice/PropertiesAdmin.h +11 -5
data/ext/ice/cpp/include/generated/Ice/PropertiesF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/RemoteLogger.h +26 -8
data/ext/ice/cpp/include/generated/Ice/Router.h +18 -6
data/ext/ice/cpp/include/generated/Ice/RouterF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ServantLocator.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ServantLocatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/SliceChecksumDict.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ValueFactory.h +14 -2
data/ext/ice/cpp/include/generated/Ice/Version.h +2 -2
data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfo.h +10 -5
data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfoF.h +2 -2
data/ext/ice/cpp/include/generated/IceSSL/EndpointInfo.h +8 -3
data/ext/ice/cpp/src/Ice/ArgVector.cpp +1 -1
data/ext/ice/cpp/src/Ice/BuiltinSequences.cpp +2 -2
data/ext/ice/cpp/src/Ice/Communicator.cpp +2 -2
data/ext/ice/cpp/src/Ice/CommunicatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Connection.cpp +2 -2
data/ext/ice/cpp/src/Ice/ConnectionF.cpp +2 -2
data/ext/ice/cpp/src/Ice/ConnectionFactory.cpp +3 -3
data/ext/ice/cpp/src/Ice/Current.cpp +2 -2
data/ext/ice/cpp/src/Ice/Endpoint.cpp +2 -2
data/ext/ice/cpp/src/Ice/EndpointF.cpp +2 -2
data/ext/ice/cpp/src/Ice/EndpointTypes.cpp +2 -2
data/ext/ice/cpp/src/Ice/FacetMap.cpp +2 -2
data/ext/ice/cpp/src/Ice/Identity.cpp +2 -2
data/ext/ice/cpp/src/Ice/ImplicitContext.cpp +2 -2
data/ext/ice/cpp/src/Ice/ImplicitContextF.cpp +2 -2
data/ext/ice/cpp/src/Ice/ImplicitContextI.cpp +1 -1
data/ext/ice/cpp/src/Ice/Initialize.cpp +1 -1
data/ext/ice/cpp/src/Ice/InputStream.cpp +29 -14
data/ext/ice/cpp/src/Ice/Instance.cpp +3 -0
data/ext/ice/cpp/src/Ice/Instance.h +2 -0
data/ext/ice/cpp/src/Ice/Instrumentation.cpp +2 -2
data/ext/ice/cpp/src/Ice/InstrumentationF.cpp +2 -2
data/ext/ice/cpp/src/Ice/LocalException.cpp +398 -2
data/ext/ice/cpp/src/Ice/Locator.cpp +32 -2
data/ext/ice/cpp/src/Ice/LocatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/LocatorInfo.cpp +3 -3
data/ext/ice/cpp/src/Ice/Logger.cpp +2 -2
data/ext/ice/cpp/src/Ice/LoggerF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Metrics.cpp +8 -2
data/ext/ice/cpp/src/Ice/Network.cpp +1 -1
data/ext/ice/cpp/src/Ice/Network.h +0 -0
data/ext/ice/cpp/src/Ice/ObjectAdapter.cpp +2 -2
data/ext/ice/cpp/src/Ice/ObjectAdapterF.cpp +2 -2
data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.cpp +4 -4
data/ext/ice/cpp/src/Ice/ObjectAdapterI.cpp +8 -8
data/ext/ice/cpp/src/Ice/ObjectFactory.cpp +2 -2
data/ext/ice/cpp/src/Ice/Plugin.cpp +2 -2
data/ext/ice/cpp/src/Ice/PluginF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Process.cpp +2 -2
data/ext/ice/cpp/src/Ice/ProcessF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Properties.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertiesAdmin.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertiesF.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertyNames.cpp +6 -3
data/ext/ice/cpp/src/Ice/PropertyNames.h +1 -1
data/ext/ice/cpp/src/Ice/ProxyFactory.cpp +9 -0
data/ext/ice/cpp/src/Ice/RemoteLogger.cpp +8 -2
data/ext/ice/cpp/src/Ice/RetryQueue.cpp +5 -2
data/ext/ice/cpp/src/Ice/Router.cpp +2 -2
data/ext/ice/cpp/src/Ice/RouterF.cpp +2 -2
data/ext/ice/cpp/src/Ice/RouterInfo.cpp +6 -2
data/ext/ice/cpp/src/Ice/SHA1.cpp +2 -0
data/ext/ice/cpp/src/Ice/ServantLocator.cpp +2 -2
data/ext/ice/cpp/src/Ice/ServantLocatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/SliceChecksumDict.cpp +2 -2
data/ext/ice/cpp/src/Ice/StreamSocket.cpp +0 -0
data/ext/ice/cpp/src/Ice/Thread.cpp +2 -2
data/ext/ice/cpp/src/Ice/ThreadPool.cpp +5 -1
data/ext/ice/cpp/src/Ice/ThreadPool.h +0 -4
data/ext/ice/cpp/src/Ice/UdpTransceiver.cpp +0 -0
data/ext/ice/cpp/src/Ice/ValueFactory.cpp +2 -2
data/ext/ice/cpp/src/Ice/Version.cpp +2 -2
data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.cpp +2 -2
data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.h +491 -6
data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.cpp +2 -2
data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.h +16 -4
data/ext/ice/cpp/src/IceLocatorDiscovery/PluginI.cpp +12 -1
data/ext/ice/cpp/src/IceSSL/CertificateI.cpp +23 -1
data/ext/ice/cpp/src/IceSSL/ConnectionInfo.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/ConnectionInfoF.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/EndpointInfo.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/OpenSSLCertificateI.cpp +124 -19
data/ext/ice/cpp/src/IceSSL/OpenSSLEngine.cpp +60 -1
data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +105 -2
data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceSSL/OpenSSLUtil.cpp +2 -0
data/ext/ice/cpp/src/IceSSL/PluginI.cpp +114 -0
data/ext/ice/cpp/src/IceSSL/PluginI.h +21 -0
data/ext/ice/cpp/src/IceSSL/SChannelCertificateI.cpp +142 -1
data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp +117 -3
data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp +20 -1
data/ext/ice/cpp/src/IceSSL/SSLEngine.h +4 -0
data/ext/ice/cpp/src/IceSSL/SecureTransportCertificateI.cpp +133 -2
data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +151 -89
data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceSSL/Util.cpp +0 -0
data/ext/ice/cpp/src/IceUtil/StringConverter.cpp +6 -0
data/ext/ice/cpp/src/IceUtil/Time.cpp +8 -10
data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp +6 -2
data/ext/ice/cpp/src/Slice/JavaUtil.cpp +12 -4
data/ext/ice/cpp/src/Slice/PHPUtil.cpp +4 -0
data/ext/ice/cpp/src/Slice/Parser.cpp +11 -7
data/ext/ice/cpp/src/Slice/Parser.h +2 -2
data/ext/ice/cpp/src/Slice/Preprocessor.cpp +12 -0
data/ext/ice/cpp/src/Slice/Preprocessor.h +1 -1
data/ext/ice/cpp/src/Slice/Python.cpp +1 -1
data/ext/ice/cpp/src/Slice/PythonUtil.cpp +17 -5
data/ext/ice/cpp/src/Slice/Scanner.cpp +621 -369
data/ext/ice/mcpp/CMakeLists.txt +80 -0
data/ext/ice/mcpp/expand.c +6 -6
data/ice.gemspec +1 -1
data/lib/Glacier2/Metrics.rb +1 -1
data/lib/Glacier2/PermissionsVerifier.rb +1 -1
data/lib/Glacier2/PermissionsVerifierF.rb +1 -1
data/lib/Glacier2/Router.rb +1 -1
data/lib/Glacier2/RouterF.rb +1 -1
data/lib/Glacier2/SSLInfo.rb +1 -1
data/lib/Glacier2/Session.rb +1 -1
data/lib/Ice/BuiltinSequences.rb +1 -1
data/lib/Ice/Communicator.rb +1 -1
data/lib/Ice/CommunicatorF.rb +1 -1
data/lib/Ice/Connection.rb +1 -1
data/lib/Ice/ConnectionF.rb +1 -1
data/lib/Ice/Current.rb +1 -1
data/lib/Ice/Endpoint.rb +1 -1
data/lib/Ice/EndpointF.rb +1 -1
data/lib/Ice/EndpointTypes.rb +1 -1
data/lib/Ice/FacetMap.rb +1 -1
data/lib/Ice/Identity.rb +1 -1
data/lib/Ice/ImplicitContext.rb +1 -1
data/lib/Ice/ImplicitContextF.rb +1 -1
data/lib/Ice/Instrumentation.rb +1 -1
data/lib/Ice/InstrumentationF.rb +1 -1
data/lib/Ice/LocalException.rb +1 -1
data/lib/Ice/Locator.rb +1 -1
data/lib/Ice/LocatorF.rb +1 -1
data/lib/Ice/Logger.rb +1 -1
data/lib/Ice/LoggerF.rb +1 -1
data/lib/Ice/Metrics.rb +1 -1
data/lib/Ice/ObjectAdapter.rb +1 -1
data/lib/Ice/ObjectAdapterF.rb +1 -1
data/lib/Ice/ObjectFactory.rb +1 -1
data/lib/Ice/Plugin.rb +1 -1
data/lib/Ice/PluginF.rb +1 -1
data/lib/Ice/Process.rb +1 -1
data/lib/Ice/ProcessF.rb +1 -1
data/lib/Ice/Properties.rb +1 -1
data/lib/Ice/PropertiesAdmin.rb +1 -1
data/lib/Ice/PropertiesF.rb +1 -1
data/lib/Ice/RemoteLogger.rb +1 -1
data/lib/Ice/Router.rb +1 -1
data/lib/Ice/RouterF.rb +1 -1
data/lib/Ice/ServantLocator.rb +1 -1
data/lib/Ice/ServantLocatorF.rb +1 -1
data/lib/Ice/SliceChecksumDict.rb +1 -1
data/lib/Ice/ValueFactory.rb +1 -1
data/lib/Ice/Version.rb +1 -1
data/lib/IceBox/IceBox.rb +1 -1
data/lib/IceGrid/Admin.rb +1 -1
data/lib/IceGrid/Descriptor.rb +1 -1
data/lib/IceGrid/Exception.rb +1 -1
data/lib/IceGrid/FileParser.rb +1 -1
data/lib/IceGrid/PluginFacade.rb +1 -1
data/lib/IceGrid/Registry.rb +1 -1
data/lib/IceGrid/Session.rb +1 -1
data/lib/IceGrid/UserAccountMapper.rb +1 -1
data/lib/IcePatch2/FileInfo.rb +1 -1
data/lib/IcePatch2/FileServer.rb +1 -1
data/lib/IceStorm/IceStorm.rb +1 -1
data/lib/IceStorm/Metrics.rb +1 -1
data/slice/Ice/Communicator.ice +1 -1
data/slice/IceBox/IceBox.ice +17 -2
data/slice/IceDiscovery/IceDiscovery.ice +56 -0
metadata +4 -4

data/ext/ice/cpp/src/IceSSL/SecureTransportCertificateI.cpp CHANGED Viewed

@@ -8,7 +8,7 @@
 //
 #include <IceUtil/DisableWarnings.h>
-#include <IceSSL/Plugin.h>
+#include <IceSSL/PluginI.h>
 #include <IceSSL/SecureTransport.h>
 #include <IceSSL/CertificateI.h>
 #include <IceSSL/SecureTransportUtil.h>
@@ -32,6 +32,29 @@ using namespace std;
 namespace
 {
+static unsigned char _ekuAnyKeyUsage[4] = {0x55, 0x1d, 0x25, 0x00};
+static unsigned char _ekuServerAuthentication[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01};
+static unsigned char _ekuClientAuthentication[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02};
+static unsigned char _ekuCodeSigning[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03};
+static unsigned char _ekuEmailProtection[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04};
+static unsigned char _ekuTimeStamping[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08};
+static unsigned char _ekuOCSPSigning[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09};
+static CFDataRef ekuAnyKeyUsage =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuAnyKeyUsage, 4, kCFAllocatorNull);
+static CFDataRef ekuServerAuthentication =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuServerAuthentication, 8, kCFAllocatorNull);
+static CFDataRef ekuClientAuthentication =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuClientAuthentication, 8, kCFAllocatorNull);
+static CFDataRef ekuCodeSigning =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuCodeSigning, 8, kCFAllocatorNull);
+static CFDataRef ekuEmailProtection =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuEmailProtection, 8, kCFAllocatorNull);
+static CFDataRef ekuTimeStamping =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuTimeStamping, 8, kCFAllocatorNull);
+static CFDataRef ekuOCSPSigning =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuOCSPSigning, 8, kCFAllocatorNull);
 string
 certificateOIDAlias(const string& name)
 {
@@ -226,7 +249,8 @@ private:
 #endif
 class SecureTransportCertificateI ICE_FINAL : public IceSSL::SecureTransport::Certificate,
-                                              public IceSSL::CertificateI
+                                              public IceSSL::CertificateI,
+                                              public IceSSL::CertificateExtendedInfo
 {
 public:
@@ -254,6 +278,8 @@ public:
     virtual vector<pair<int, string> > getSubjectAlternativeNames() const;
     virtual int getVersion() const;
     virtual SecCertificateRef getCert() const;
+    virtual unsigned int getKeyUsage() const;
+    virtual unsigned int getExtendedKeyUsage() const;
 private:
@@ -792,6 +818,111 @@ SecureTransportCertificateI::initializeAttributes() const
 }
 #endif
+unsigned int
+SecureTransportCertificateI::getKeyUsage() const
+{
+#ifdef ICE_USE_SECURE_TRANSPORT_IOS
+    throw Ice::FeatureNotSupportedException(__FILE__, __LINE__);
+#else
+    unsigned int keyUsage = 0;
+    UniqueRef<CFDictionaryRef> property(getCertificateProperty(_cert.get(), kSecOIDKeyUsage));
+    if(property)
+    {
+        CFNumberRef value = static_cast<CFNumberRef>(CFDictionaryGetValue(property.get(), kSecPropertyKeyValue));
+        if(value)
+        {
+            unsigned int usageBits = 0;
+            CFNumberGetValue(value, kCFNumberSInt32Type, &usageBits);
+            if(usageBits & kSecKeyUsageDigitalSignature)
+            {
+                keyUsage |= KEY_USAGE_DIGITAL_SIGNATURE;
+            }
+            if(usageBits & kSecKeyUsageNonRepudiation)
+            {
+                keyUsage |= KEY_USAGE_NON_REPUDIATION;
+            }
+            if(usageBits & kSecKeyUsageKeyEncipherment)
+            {
+                keyUsage |= KEY_USAGE_KEY_ENCIPHERMENT;
+            }
+            if(usageBits & kSecKeyUsageDataEncipherment)
+            {
+                keyUsage |= KEY_USAGE_DATA_ENCIPHERMENT;
+            }
+            if(usageBits & kSecKeyUsageKeyAgreement)
+            {
+                keyUsage |= KEY_USAGE_KEY_AGREEMENT;
+            }
+            if(usageBits & kSecKeyUsageKeyCertSign)
+            {
+                keyUsage |= KEY_USAGE_KEY_CERT_SIGN;
+            }
+            if(usageBits & kSecKeyUsageCRLSign)
+            {
+                keyUsage |= KEY_USAGE_CRL_SIGN;
+            }
+            if(usageBits & kSecKeyUsageEncipherOnly)
+            {
+                keyUsage |= KEY_USAGE_ENCIPHER_ONLY;
+            }
+            if(usageBits & kSecKeyUsageDecipherOnly)
+            {
+                keyUsage |= KEY_USAGE_DECIPHER_ONLY;
+            }
+        }
+    }
+    return keyUsage;
+#endif
+}
+unsigned int
+SecureTransportCertificateI::getExtendedKeyUsage() const
+{
+#ifdef ICE_USE_SECURE_TRANSPORT_IOS
+    throw Ice::FeatureNotSupportedException(__FILE__, __LINE__);
+#else
+    unsigned int extendedKeyUsage = 0;
+    UniqueRef<CFDictionaryRef> property(getCertificateProperty(_cert.get(), kSecOIDExtendedKeyUsage));
+    if(property)
+    {
+        CFArrayRef usages = static_cast<CFArrayRef>(CFDictionaryGetValue(property.get(), kSecPropertyKeyValue));
+        if(usages)
+        {
+            long size = CFArrayGetCount(usages);
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuAnyKeyUsage))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_ANY_KEY_USAGE;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuServerAuthentication))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_SERVER_AUTH;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuClientAuthentication))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_CLIENT_AUTH;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuCodeSigning))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_CODE_SIGNING;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuEmailProtection))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_EMAIL_PROTECTION;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuTimeStamping))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_TIME_STAMPING;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuOCSPSigning))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_OCSP_SIGNING;
+            }
+        }
+    }
+    return extendedKeyUsage;
+#endif
+}
 IceSSL::SecureTransport::CertificatePtr
 IceSSL::SecureTransport::Certificate::create(SecCertificateRef cert)
 {

data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp CHANGED Viewed

@@ -4,6 +4,7 @@
 #include <IceSSL/SecureTransportTransceiverI.h>
 #include <IceSSL/Instance.h>
+#include <IceSSL/PluginI.h>
 #include <IceSSL/SecureTransportEngine.h>
 #include <IceSSL/SecureTransportUtil.h>
 #include <IceSSL/ConnectionInfo.h>
@@ -20,36 +21,6 @@ using namespace IceSSL::SecureTransport;
 namespace
 {
-string
-trustResultDescription(SecTrustResultType result)
-{
-    switch(result)
-    {
-        case kSecTrustResultInvalid:
-        {
-            return "Invalid setting or result";
-        }
-        case kSecTrustResultDeny:
-        {
-            return "The user specified that the certificate should not be trusted";
-        }
-        case kSecTrustResultRecoverableTrustFailure:
-        case kSecTrustResultFatalTrustFailure:
-        {
-            return "Trust denied";
-        }
-        case kSecTrustResultOtherError:
-        {
-            return "Other error internal error";
-        }
-        default:
-        {
-            assert(false);
-            return "";
-        }
-    }
-}
 string
 protocolName(SSLProtocol protocol)
 {
@@ -92,99 +63,187 @@ socketRead(SSLConnectionRef connection, void* data, size_t* length)
     return transceiver->readRaw(reinterpret_cast<char*>(data), length);
 }
-bool
+TrustError errorToTrustError(CFErrorRef err)
+{
+    long errorCode = CFErrorGetCode(err);
+    switch (errorCode)
+    {
+        case errSecPathLengthConstraintExceeded:
+        {
+            return IceSSL::ICE_ENUM(TrustError, ChainTooLong);
+        }
+        case errSecUnknownCRLExtension:
+        case errSecUnknownCriticalExtensionFlag:
+        {
+            return IceSSL::ICE_ENUM(TrustError, HasNonSupportedCriticalExtension);
+        }
+        case errSecHostNameMismatch:
+        {
+            return IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
+        }
+        case errSecCodeSigningNoBasicConstraints:
+        case errSecNoBasicConstraints:
+        case errSecNoBasicConstraintsCA:
+        {
+            return IceSSL::ICE_ENUM(TrustError, InvalidBasicConstraints);
+        }
+        case errSecMissingRequiredExtension:
+        case errSecUnknownCertExtension:
+        {
+            return IceSSL::ICE_ENUM(TrustError, InvalidExtension);
+        }
+        case errSecCertificateNameNotAllowed:
+        case errSecInvalidName:
+        {
+            return IceSSL::ICE_ENUM(TrustError, InvalidNameConstraints);
+        }
+        case errSecCertificatePolicyNotAllowed:
+        case errSecInvalidPolicyIdentifiers:
+        case errSecInvalidCertificateRef:
+        case errSecInvalidDigestAlgorithm:
+        case errSecUnsupportedKeySize:
+        {
+            return IceSSL::ICE_ENUM(TrustError, InvalidPolicyConstraints);
+        }
+        case errSecInvalidExtendedKeyUsage:
+        case errSecInvalidKeyUsageForPolicy:
+        {
+            return IceSSL::ICE_ENUM(TrustError, InvalidPurpose);
+        }
+        case errSecInvalidSignature:
+        {
+            return IceSSL::ICE_ENUM(TrustError, InvalidSignature);
+        }
+        case errSecCertificateExpired:
+        case errSecCertificateNotValidYet:
+        case errSecCertificateValidityPeriodTooLong:
+        {
+            return IceSSL::ICE_ENUM(TrustError, InvalidTime);
+        }
+        case errSecCreateChainFailed:
+        {
+            return IceSSL::ICE_ENUM(TrustError, PartialChain);
+        }
+        case errSecCertificateRevoked:
+        {
+            return IceSSL::ICE_ENUM(TrustError, Revoked);
+        }
+        case errSecIncompleteCertRevocationCheck:
+        case errSecOCSPNotTrustedToAnchor:
+        {
+            return IceSSL::ICE_ENUM(TrustError, RevocationStatusUnknown);
+        }
+        case errSecNotTrusted:
+        case errSecVerifyActionFailed:
+        {
+            return IceSSL::ICE_ENUM(TrustError, UntrustedRoot);
+        }
+        default:
+        {
+            return IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
+        }
+    }
+}
+TrustError
 checkTrustResult(SecTrustRef trust,
                  const IceSSL::SecureTransport::SSLEnginePtr& engine,
                  const IceSSL::InstancePtr& instance,
                  const string& host)
 {
     OSStatus err = noErr;
-    SecTrustResultType trustResult = kSecTrustResultOtherError;
+    UniqueRef<CFErrorRef> trustErr;
     if(trust)
     {
-        if((err = SecTrustSetAnchorCertificates(trust, engine->getCertificateAuthorities())))
-        {
-            throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + sslErrorToString(err));
-        }
-        //
-        // Disable network fetch, we don't want this to block.
-        //
+        // Do not allow to fetch missing intermediate certificates from the network.
         if((err = SecTrustSetNetworkFetchAllowed(trust, false)))
         {
             throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + sslErrorToString(err));
         }
-        //
-        // Add SSL trust policy if we need to check the certificate name.
-        //
+        UniqueRef<CFMutableArrayRef> policies(CFArrayCreateMutable(kCFAllocatorDefault, 0,  &kCFTypeArrayCallBacks));
+        // Add SSL trust policy if we need to check the certificate name, otherwise use basic x509 policy.
         if(engine->getCheckCertName() && !host.empty())
         {
             UniqueRef<CFStringRef> hostref(toCFString(host));
-            UniqueRef<SecPolicyRef> policy(SecPolicyCreateSSL(false, hostref.get()));
-            UniqueRef<CFArrayRef> policies;
-            if((err = SecTrustCopyPolicies(trust, &policies.get())))
+            UniqueRef<SecPolicyRef> policy(SecPolicyCreateSSL(true, hostref.get()));
+            CFArrayAppendValue(policies.get(), policy.get());
+        }
+        else
+        {
+            UniqueRef<SecPolicyRef> policy(SecPolicyCreateBasicX509());
+            CFArrayAppendValue(policies.get(), policy.get());
+        }
+        int revocationCheck = engine->getRevocationCheck();
+        if(revocationCheck > 0)
+        {
+            CFOptionFlags revocationFlags = kSecRevocationUseAnyAvailableMethod | kSecRevocationRequirePositiveResponse;
+            if(engine->getRevocationCheckCacheOnly())
             {
-                throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + sslErrorToString(err));
+                revocationFlags |= kSecRevocationNetworkAccessDisabled;
             }
-            UniqueRef<CFMutableArrayRef> newPolicies(CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, policies.get()));
-            CFArrayAppendValue(newPolicies.get(), policy.get());
-            if((err = SecTrustSetPolicies(trust, newPolicies.get())))
+            UniqueRef<SecPolicyRef> revocationPolicy(SecPolicyCreateRevocation(revocationFlags));
+            if(!revocationPolicy)
             {
-                throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + sslErrorToString(err));
+                throw SecurityException(__FILE__,
+                                        __LINE__,
+                                        "IceSSL: handshake failure: error creating revocation policy");
             }
+            CFArrayAppendValue(policies.get(), revocationPolicy.get());
         }
-        //
-        // Evaluate the trust
-        //
-        if((err = SecTrustEvaluate(trust, &trustResult)))
+        if((err = SecTrustSetPolicies(trust, policies.get())))
         {
             throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + sslErrorToString(err));
         }
-    }
-    switch(trustResult)
-    {
-    case kSecTrustResultUnspecified:
-    case kSecTrustResultProceed:
-    {
-        //
-        // Trust verify success.
-        //
-        return true;
-    }
-    default:
-    // case kSecTrustResultInvalid:
-    // case kSecTrustResultConfirm: // Used in old macOS versions
-    // case kSecTrustResultDeny:
-    // case kSecTrustResultRecoverableTrustFailure:
-    // case kSecTrustResultFatalTrustFailure:
-    // case kSecTrustResultOtherError:
-    {
-        if(engine->getVerifyPeer() == 0)
+        CFArrayRef certificateAuthorities = engine->getCertificateAuthorities();
+        if(certificateAuthorities != 0)
         {
-            if(instance->traceLevel() >= 1)
+            if((err = SecTrustSetAnchorCertificates(trust, certificateAuthorities)))
             {
-                ostringstream os;
-                os << "IceSSL: ignoring certificate verification failure:\n" << trustResultDescription(trustResult);
-                instance->logger()->trace(instance->traceCategory(), os.str());
+                throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + sslErrorToString(err));
             }
-            return false;
+            SecTrustSetAnchorCertificatesOnly(trust, true);
+        }
+        //
+        // Evaluate the trust
+        //
+        if(SecTrustEvaluateWithError(trust, &trustErr.get()))
+        {
+            return IceSSL::ICE_ENUM(TrustError, NoError);
         }
         else
         {
-            ostringstream os;
-            os << "IceSSL: certificate verification failure:\n" << trustResultDescription(trustResult);
-            string msg = os.str();
-            if(instance->traceLevel() >= 1)
+            TrustError trustError = errorToTrustError(trustErr.get());
+            if(engine->getVerifyPeer() == 0)
+            {
+                if(instance->traceLevel() >= 1)
+                {
+                    ostringstream os;
+                    os << "IceSSL: ignoring certificate verification failure:\n"
+                       << getTrustErrorDescription(trustError);
+                    instance->logger()->trace(instance->traceCategory(), os.str());
+                }
+                return trustError;
+            }
+            else
             {
-                instance->logger()->trace(instance->traceCategory(), msg);
+                ostringstream os;
+                os << "IceSSL: certificate verification failure:\n" << getTrustErrorDescription(trustError);
+                string msg = os.str();
+                if(instance->traceLevel() >= 1)
+                {
+                    instance->logger()->trace(instance->traceCategory(), msg);
+                }
+                throw SecurityException(__FILE__, __LINE__, msg);
             }
-            throw SecurityException(__FILE__, __LINE__, msg);
         }
     }
-    }
+    return IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
 }
 }
@@ -288,7 +347,8 @@ IceSSL::SecureTransport::TransceiverI::initialize(IceInternal::Buffer& readBuffe
             }
             if(err == noErr)
             {
-                _verified = checkTrustResult(_trust.get(), _engine, _instance, _host);
+                _trustError = checkTrustResult(_trust.get(), _engine, _instance, _host);
+                _verified = _trustError == IceSSL::ICE_ENUM(TrustError, NoError);
                 continue; // Call SSLHandshake to resume the handsake.
             }
             // Let it fall through, this will raise a SecurityException with the SSLCopyPeerTrust error.
@@ -546,13 +606,15 @@ IceSSL::SecureTransport::TransceiverI::toDetailedString() const
 Ice::ConnectionInfoPtr
 IceSSL::SecureTransport::TransceiverI::getInfo() const
 {
-    IceSSL::ConnectionInfoPtr info = ICE_MAKE_SHARED(IceSSL::ConnectionInfo);
+    IceSSL::ExtendedConnectionInfoPtr info = ICE_MAKE_SHARED(IceSSL::ExtendedConnectionInfo);
     info->underlying = _delegate->getInfo();
     info->incoming = _incoming;
     info->adapterName = _adapterName;
     info->cipher = _cipher;
     info->certs = _certs;
     info->verified = _verified;
+    info->errorCode = _trustError;
+    info->host = _incoming ? "" : _host;
     return info;
 }

data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h CHANGED Viewed

@@ -77,6 +77,7 @@ private:
     size_t _maxRecvPacketSize;
     std::string _cipher;
     std::vector<CertificatePtr> _certs;
+    TrustError _trustError;
     bool _verified;
     size_t _buffered;
 };

data/ext/ice/cpp/src/IceSSL/Util.cpp CHANGED Viewed

File without changes

data/ext/ice/cpp/src/IceUtil/StringConverter.cpp CHANGED Viewed

@@ -2,6 +2,12 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
+#if defined(_MSC_VER) && (_MSVC_LANG >= 201703L)
+    // TODO codecvt was deprecated in C++17 and cause build failures with VC++ compiler
+    // we should replace this code with MultiByteToWideChar() and WideCharToMultiByte()
+#   define  _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING
+#endif
 #include <IceUtil/StringConverter.h>
 #include <IceUtil/MutexPtrLock.h>
 #include <IceUtil/Mutex.h>

data/ext/ice/cpp/src/IceUtil/Time.cpp CHANGED Viewed

@@ -97,7 +97,7 @@ IceUtil::Time::now(Clock clock)
         struct timeb tb;
         ftime(&tb);
 #  endif
-        return Time(static_cast<Int64>(tb.time) * ICE_INT64(1000000) + tb.millitm * 1000);
+        return Time(static_cast<Int64>(tb.time) * ICE_INT64(1000000) + Int64(tb.millitm) * 1000);
 #else
         struct timeval tv;
         if(gettimeofday(&tv, 0) < 0)
@@ -130,7 +130,7 @@ IceUtil::Time::now(Clock clock)
             struct timeb tb;
             ftime(&tb);
 #  endif
-            return Time(static_cast<Int64>(tb.time) * ICE_INT64(1000000) + tb.millitm * 1000);
+            return Time(static_cast<Int64>(tb.time) * ICE_INT64(1000000) + Int64(tb.millitm) * 1000);
         }
 #elif defined(__hppa)
         //
@@ -246,7 +246,7 @@ IceUtil::Time::toDateTime() const
     os << toString("%x %H:%M:%S") << ".";
     os.fill('0');
     os.width(3);
-    os << static_cast<long>(_usec % 1000000 / 1000);
+    os << static_cast<Int64>(_usec % 1000000 / 1000);
     return os.str();
 }
@@ -278,19 +278,17 @@ IceUtil::Time::toDuration() const
 std::string
 IceUtil::Time::toString(const std::string& format) const
 {
-    time_t time = static_cast<long>(_usec / 1000000);
+    time_t time = static_cast<time_t>(_usec / 1000000);
-    struct tm* t;
-#ifdef _WIN32
-    t = localtime(&time);
-#else
     struct tm tr;
+#ifdef _MSC_VER
+    localtime_s(&tr, &time);
+#else
     localtime_r(&time, &tr);
-    t = &tr;
 #endif
     char buf[32];
-    if(strftime(buf, sizeof(buf), format.c_str(), t) == 0)
+    if(strftime(buf, sizeof(buf), format.c_str(), &tr) == 0)
     {
         return std::string();
     }

data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp CHANGED Viewed

@@ -1196,8 +1196,8 @@ lookupKwd(const string& name)
         "decltype", "default", "delete", "do", "double", "dynamic_cast",
         "else", "enum", "explicit", "export", "extern", "false", "float", "for", "friend",
         "goto", "if", "inline", "int", "long", "mutable", "namespace", "new", "noexcept", "not", "not_eq",
-        "operator", "or", "or_eq", "private", "protected", "public", "register", "reinterpret_cast", "return",
-        "short", "signed", "sizeof", "static", "static_assert", "static_cast", "struct", "switch",
+        "operator", "or", "or_eq", "private", "protected", "public", "register", "reinterpret_cast", "requires",
+        "return", "short", "signed", "sizeof", "static", "static_assert", "static_cast", "struct", "switch",
         "template", "this", "thread_local", "throw", "true", "try", "typedef", "typeid", "typename",
         "union", "unsigned", "using", "virtual", "void", "volatile", "wchar_t", "while", "xor", "xor_eq"
     };
@@ -1257,7 +1257,11 @@ Slice::fixKwd(const string& name)
         return lookupKwd(name);
     }
     StringList ids = splitScopedName(name);
+#ifdef ICE_CPP11_COMPILER
+    transform(ids.begin(), ids.end(), ids.begin(), [](const string& id) -> string { return lookupKwd(id); });
+#else
     transform(ids.begin(), ids.end(), ids.begin(), ptr_fun(lookupKwd));
+#endif
     stringstream result;
     for(StringList::const_iterator i = ids.begin(); i != ids.end(); ++i)
     {

data/ext/ice/cpp/src/Slice/JavaUtil.cpp CHANGED Viewed

@@ -139,7 +139,7 @@ public:
         static const string prefix = "java:";
         //
-        // Validate global metadata in the top-level file and all included files.
+        // Validate file metadata in the top-level file and all included files.
         //
         StringList files = p->allFiles();
@@ -166,7 +166,7 @@ public:
                     }
                     else
                     {
-                        dc->warning(InvalidMetaData, file, "",  "ignoring invalid global metadata `" + s + "'");
+                        dc->warning(InvalidMetaData, file, "",  "ignoring invalid file metadata `" + s + "'");
                         globalMetaData.remove(s);
                         continue;
                     }
@@ -868,7 +868,11 @@ Slice::JavaCompatGenerator::fixKwd(const string& name) const
         return lookupKwd(name);
     }
     StringList ids = splitScopedName(name);
+#ifdef ICE_CPP11_COMPILER
+    transform(ids.begin(), ids.end(), ids.begin(), [](const string& id) -> string { return lookupKwd(id); });
+#else
     transform(ids.begin(), ids.end(), ids.begin(), ptr_fun(lookupKwd));
+#endif
     stringstream result;
     for(StringList::const_iterator i = ids.begin(); i != ids.end(); ++i)
     {
@@ -953,7 +957,7 @@ Slice::JavaCompatGenerator::getPackagePrefix(const ContainedPtr& cont) const
     assert(m);
     //
-    // The java:package metadata can be defined as global metadata or applied to a top-level module.
+    // The java:package metadata can be defined as file metadata or applied to a top-level module.
     // We check for the metadata at the top-level module first and then fall back to the global scope.
     //
     static const string prefix = "java:package:";
@@ -3348,7 +3352,11 @@ Slice::JavaGenerator::fixKwd(const string& name) const
         return lookupKwd(name);
     }
     StringList ids = splitScopedName(name);
+#ifdef ICE_CPP11_COMPILER
+    transform(ids.begin(), ids.end(), ids.begin(), [](const string& id) -> string { return lookupKwd(id); });
+#else
     transform(ids.begin(), ids.end(), ids.begin(), ptr_fun(lookupKwd));
+#endif
     stringstream result;
     for(StringList::const_iterator i = ids.begin(); i != ids.end(); ++i)
     {
@@ -3433,7 +3441,7 @@ Slice::JavaGenerator::getPackagePrefix(const ContainedPtr& cont) const
     assert(m);
     //
-    // The java:package metadata can be defined as global metadata or applied to a top-level module.
+    // The java:package metadata can be defined as file metadata or applied to a top-level module.
     // We check for the metadata at the top-level module first and then fall back to the global scope.
     //
     static const string prefix = "java:package:";

data/ext/ice/cpp/src/Slice/PHPUtil.cpp CHANGED Viewed

@@ -128,7 +128,11 @@ Slice::PHP::fixIdent(const string& ident)
         return lookupKwd(ident);
     }
     vector<string> ids = splitScopedName(ident);
+#ifdef ICE_CPP11_COMPILER
+    transform(ids.begin(), ids.end(), ids.begin(), [](const string& id) -> string { return lookupKwd(id); });
+#else
     transform(ids.begin(), ids.end(), ids.begin(), ptr_fun(lookupKwd));
+#endif
     stringstream result;
     for(vector<string>::const_iterator i = ids.begin(); i != ids.end(); ++i)
     {