diff options
Diffstat (limited to 'TAO/orbsvcs/orbsvcs/SSLIOP')
39 files changed, 915 insertions, 544 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h index d4da8a87a43..5ea0b77669f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h @@ -24,7 +24,7 @@ #include "SSLIOP_Current.h" -#include "orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" #include "tao/IIOP_Connection_Handler.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp index b2c65d931e1..a13d41276d7 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp @@ -10,7 +10,6 @@ #include "tao/Thread_Lane_Resources.h" #include "tao/Connect_Strategy.h" #include "tao/Wait_Strategy.h" -#include "tao/Profile_Transport_Resolver.h" #include "ace/Strategies_T.h" @@ -126,7 +125,7 @@ TAO::IIOP_SSL_Connector::set_validate_endpoint (TAO_Endpoint *endpoint) if (TAO_debug_level > 0) { ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) IIOP_SSL connection failed.\n") + ACE_TEXT ("TAO (%P|%t) IIOP connection failed.\n") ACE_TEXT ("TAO (%P|%t) This is most likely ") ACE_TEXT ("due to a hostname lookup ") ACE_TEXT ("failure.\n"))); @@ -140,7 +139,7 @@ TAO::IIOP_SSL_Connector::set_validate_endpoint (TAO_Endpoint *endpoint) TAO_Transport * TAO::IIOP_SSL_Connector::make_connection ( - TAO::Profile_Transport_Resolver *r, + TAO::Profile_Transport_Resolver *, TAO_Transport_Descriptor_Interface &desc, ACE_Time_Value *max_wait_time) { @@ -164,16 +163,6 @@ TAO::IIOP_SSL_Connector::make_connection ( this->active_connect_strategy_->synch_options (max_wait_time, synch_options); - // If we don't need to block for a transport just set the timeout to - // be zero. - ACE_Time_Value tmp_zero (ACE_Time_Value::zero); - if (!r->blocked ()) - { - synch_options.timeout (ACE_Time_Value::zero); - max_wait_time = &tmp_zero; - } - - IIOP_SSL_Connection_Handler *svc_handler = 0; // Connect. @@ -200,45 +189,97 @@ TAO::IIOP_SSL_Connector::make_connection ( // another thread pick up the completion and potentially deletes the // handler before we get a chance to increment the reference count. - // Make sure that we always do a remove_reference - ACE_Event_Handler_var svc_handler_auto_ptr (svc_handler); + // No immediate result. Wait for completion. + if (result == -1 && errno == EWOULDBLOCK) + { + if (TAO_debug_level) + ACE_DEBUG ((LM_DEBUG, + "TAO (%P|%t) - IIOP_SSL_Connector::make_connection(), " + "going to wait for connection completion on local" + "handle [%d]\n", + svc_handler->get_handle ())); + + // Wait for connection completion. No need to specify timeout + // to wait() since the correct timeout was passed to the + // Connector. The Connector will close the handler in the case + // of timeouts, so the event will complete (either success or + // failure) within timeout. + result = + this->active_connect_strategy_->wait (svc_handler, + 0); + + if (TAO_debug_level > 2) + { + ACE_DEBUG ((LM_DEBUG, + "TAO (%P|%t) - IIOP_SSL_Connector::make_connection(), " + "wait done for handle[%d], result = %d\n", + svc_handler->get_handle (), result)); + } - TAO_Transport *transport = - svc_handler->transport (); + // There are three possibilities when wait() returns: (a) + // connection succeeded; (b) connection failed; (c) wait() + // failed because of some other error. It is easy to deal with + // (a) and (b). (c) is tricky since the connection is still + // pending and may get completed by some other thread. The + // following code deals with (c). - if (result == -1) - { - // No immediate result, wait for completion - if (errno == EWOULDBLOCK) + // Check if the handler has been closed. + int closed = + svc_handler->is_closed (); + + // In case of failures and close() has not be called. + if (result == -1 && + !closed) { - // Try to wait until connection completion. Incase we block, then we - // get a connected transport or not. In case of non block we get - // a connected or not connected transport - if (!this->wait_for_connection_completion (r, - transport, - max_wait_time)) + // First, cancel from connector. + this->base_connector_.cancel (svc_handler); + + // Double check to make sure the handler has not been closed + // yet. This double check is required to ensure that the + // connection handler was not closed yet by some other + // thread since it was still registered with the connector. + // Once connector.cancel() has been processed, we are + // assured that the connector will no longer open/close this + // handler. + closed = + svc_handler->is_closed (); + + // If closed, there is nothing to do here. If not closed, + // it was either opened or is still pending. + if (!closed) { - if (TAO_debug_level > 2) - ACE_ERROR ((LM_ERROR, "TAO (%P|%t) - IIOP_SSL_Connector::" - "make_connection, " - "wait for completion failed\n")); + // Check if the handler has been opened. + int open = + svc_handler->is_open (); + + // Some other thread was able to open the handler even + // though wait failed for this thread. + if (open) + // Overwrite <result>. + result = 0; + else + { + // Assert that it is still connecting. + ACE_ASSERT (svc_handler->is_connecting ()); + + // Force close the handler now. + svc_handler->close (); + } } } - else - { - // Transport is not usable - transport = 0; - } } - // In case of errors transport is zero - if (transport == 0) + // Irrespective of success or failure, remove the extra #REFCOUNT#. + svc_handler->remove_reference (); + + // In case of errors. + if (result == -1) { // Give users a clue to the problem. if (TAO_debug_level) { ACE_DEBUG ((LM_ERROR, - "TAO (%P|%t) - IIOP_SSL_Connector::make_connection, " + "TAO (%P|%t) - IIOP_Connector::make_connection, " "connection to <%s:%d> failed (%p)\n", iiop_endpoint->host (), iiop_endpoint->port (), "errno")); @@ -251,11 +292,14 @@ TAO::IIOP_SSL_Connector::make_connection ( // #REFCOUNT# is one. if (TAO_debug_level > 2) ACE_DEBUG ((LM_DEBUG, - "TAO (%P|%t) - IIOP_SSL_Connector::make_connection, " + "TAO (%P|%t) - IIOP_Connector::make_connection, " "new connection to <%s:%d> on Transport[%d]\n", iiop_endpoint->host (), iiop_endpoint->port (), svc_handler->peer ().get_handle ())); + TAO_Transport *transport = + svc_handler->transport (); + // Add the handler to Cache int retval = this->orb_core ()->lane_resources ().transport_cache ().cache_transport ( @@ -271,54 +315,36 @@ TAO::IIOP_SSL_Connector::make_connection ( if (TAO_debug_level > 0) { ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - IIOP_SSL_Connector::make_connection, " + "TAO (%P|%t) - IIOP_Connector::make_connection, " "could not add the new connection to cache\n")); } return 0; } - if (transport->is_connected () && - transport->wait_strategy ()->register_handler () != 0) - { - // Registration failures. + // If the wait strategy wants us to be registered with the reactor + // then we do so. If registeration is required and it succeeds, + // #REFCOUNT# becomes two. + retval = transport->wait_strategy ()->register_handler (); - // Purge from the connection cache, if we are not in the cache, this - // just does nothing. - (void) transport->purge_entry (); + // Registration failures. + if (retval != 0) + { + // Purge from the connection cache. + transport->purge_entry (); // Close the handler. - (void) transport->close_connection (); + svc_handler->close (); if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - IIOP_SSL_Connector [%d]::make_connection, " - "could not register the transport " - "in the reactor.\n", - transport->id ())); + { + ACE_ERROR ((LM_ERROR, + "TAO (%P|%t) - IIOP_Connector::make_connection, " + "could not register the new connection in the reactor\n")); + } return 0; } return transport; } - -int -TAO::IIOP_SSL_Connector::cancel_svc_handler ( - TAO_Connection_Handler * svc_handler) -{ - IIOP_SSL_Connection_Handler* handler= - dynamic_cast<IIOP_SSL_Connection_Handler*>(svc_handler); - - if (handler) - { - // Cancel from the connector - this->base_connector_.cancel (handler); - - return 0; - } - else - { - return -1; - } -} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h index ab1b6449ec6..24f4481fc61 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h @@ -81,8 +81,6 @@ namespace TAO TAO_Transport *make_connection (TAO::Profile_Transport_Resolver *r, TAO_Transport_Descriptor_Interface &desc, ACE_Time_Value *timeout = 0); - - virtual int cancel_svc_handler (TAO_Connection_Handler * svc_handler); //@} private: diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h index 35c7786ddc8..b0868330068 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h @@ -30,8 +30,8 @@ #include "SSLIOP_Connection_Handler.h" #include "SSLIOP_Accept_Strategy.h" -#include "orbsvcs/SSLIOPC.h" /* CSIv1 */ -#include "orbsvcs/CSIIOPC.h" /* CSIv2 */ +#include "orbsvcs/orbsvcs/SSLIOPC.h" /* CSIv1 */ +#include "orbsvcs/orbsvcs/CSIIOPC.h" /* CSIv2 */ namespace TAO { diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp index d22485f2af1..286959c539d 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp @@ -1,7 +1,6 @@ // $Id$ #include "SSLIOP_ClientCredentials.h" -#include "SSLIOP_OwnCredentials.h" ACE_RCSID (SSLIOP, @@ -9,12 +8,8 @@ ACE_RCSID (SSLIOP, "$Id$") -TAO::SSLIOP::ClientCredentials::ClientCredentials ( - X509 * cert, - EVP_PKEY *evp, - SSL * ssl) - : SSLIOP_Credentials (cert, evp), - ssl_ (TAO::SSLIOP::OpenSSL_traits< ::SSL >::_duplicate (ssl)) +TAO::SSLIOP::ClientCredentials::ClientCredentials (X509 *cert, EVP_PKEY *evp) + : TAO::SSLIOP::Credentials (cert, evp) { } @@ -86,53 +81,34 @@ SecurityLevel3::OwnCredentials_ptr TAO::SSLIOP::ClientCredentials::parent_credentials (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - SecurityLevel3::OwnCredentials_ptr creds = - SecurityLevel3::OwnCredentials::_nil (); - - ACE_NEW_THROW_EX (creds, - TAO::SSLIOP::OwnCredentials ( - ::SSL_get_certificate (this->ssl_.in ()), - ::SSL_get_privatekey (this->ssl_.in ())), - CORBA::NO_MEMORY ()); - ACE_CHECK_RETURN (creds); - - return creds; + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), + SecurityLevel3::OwnCredentials::_nil ()); } CORBA::Boolean -TAO::SSLIOP::ClientCredentials::client_authentication ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::SSLIOP::ClientCredentials::client_authentication (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - // If the client presented no certificate (i.e. cert_.ptr() == 0), - // the client was not authenticated. Otherwise, verify the peer's - // certificate. - - return - this->x509_.in () != 0 - && SSL_get_verify_result (this->ssl_.in ()) == X509_V_OK; + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } CORBA::Boolean TAO::SSLIOP::ClientCredentials::target_authentication (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), false); + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } CORBA::Boolean TAO::SSLIOP::ClientCredentials::confidentiality (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), false); + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } CORBA::Boolean -TAO::SSLIOP::ClientCredentials::integrity (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::SSLIOP::ClientCredentials::integrity (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - // TAO's SSLIOP pluggable transport always provides integrity. Note - // that if we - - return true; + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h index 647a42edd0b..c4a1b7e7240 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h @@ -16,16 +16,15 @@ #include /**/ "ace/pre.h" -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h" #if !defined (ACE_LACKS_PRAGMA_ONCE) # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "orbsvcs/SSLIOP/SSLIOP_Credentials.h" -#include "orbsvcs/SSLIOP/SSLIOP_SSL.h" +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h" -#include "orbsvcs/SecurityLevel3C.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" #include "tao/LocalObject.h" @@ -36,7 +35,6 @@ #pragma warning(disable:4250) #endif /* _MSC_VER */ - namespace TAO { namespace SSLIOP @@ -50,14 +48,12 @@ namespace TAO */ class TAO_SSLIOP_Export ClientCredentials : public virtual SecurityLevel3::ClientCredentials, - public virtual SSLIOP_Credentials + public virtual Credentials { public: /// Constructor - ClientCredentials (::X509 * cert, - ::EVP_PKEY * evp, - ::SSL * ssl); + ClientCredentials (::X509 *cert, ::EVP_PKEY *evp); /** * @name SecurityLevel3::Credentials Methods @@ -131,12 +127,6 @@ namespace TAO */ ~ClientCredentials (void); - private: - - /// Reference to the OpenSSL @c SSL data structure associated - /// with the current security context (e.g. SSL connection). - TAO::SSLIOP::SSL_var ssl_; - }; } // End SSLIOP namespace diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp index 980a4d6cf68..6660602351c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp @@ -164,11 +164,10 @@ TAO::SSLIOP::Connection_Handler::open (void *) this->peer ().get_handle ())); } - // Set that the transport is now connected, if fails we return -1 + // Set the id in the transport now that we're active. // Use C-style cast b/c otherwise we get warnings on lots of - // compilers - if (!this->transport ()->post_open ((size_t) this->get_handle ())) - return -1; + // compilers. + this->transport ()->id ((size_t) this->get_handle ()); // @@ Not needed this->state_changed (TAO_LF_Event::LFS_SUCCESS); @@ -191,7 +190,16 @@ TAO::SSLIOP::Connection_Handler::close_connection (void) int TAO::SSLIOP::Connection_Handler::handle_input (ACE_HANDLE h) { - return this->handle_input_eh (h, this); + const int result = + this->handle_input_eh (h, this); + + if (result == -1) + { + this->close_connection (); + return 0; + } + + return result; } int @@ -230,7 +238,9 @@ TAO::SSLIOP::Connection_Handler::handle_close (ACE_HANDLE, int TAO::SSLIOP::Connection_Handler::close (u_long) { - return this->close_handler (); + this->state_changed (TAO_LF_Event::LFS_CONNECTION_CLOSED); + this->transport ()->remove_reference (); + return 0; } int diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp index ba933c34608..cc2f125e75a 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp @@ -4,7 +4,7 @@ #include "SSLIOP_Util.h" #include "SSLIOP_X509.h" -#include "orbsvcs/SecurityLevel2C.h" +#include "orbsvcs/orbsvcs/SecurityLevel2C.h" #include "tao/debug.h" #include "tao/ORB_Core.h" @@ -126,7 +126,7 @@ TAO::SSLIOP::Connector::connect (TAO::Profile_Transport_Resolver *resolver, { if (TAO_debug_level > 0) ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) - Connector::connect, ") + ACE_TEXT ("TAO (%P|%t) Connector::connect - ") ACE_TEXT ("looking for SSLIOP connection.\n"))); TAO_Endpoint *endpoint = desc->endpoint (); @@ -370,7 +370,7 @@ TAO::SSLIOP::Connector::ssliop_connect ( // If the invocation wants integrity without confidentiality but the // server does not support "no protection," then it won't be - // possible to provide integrity. In order to support integrity + // possible provide integrity. In order to support integrity // without confidentiality, encryption must be disabled but secure // hashes must remain enabled. This is achieved using the "eNULL" // cipher. However, the "eNULL" cipher is only enabled on the @@ -411,29 +411,15 @@ TAO::SSLIOP::Connector::ssliop_connect ( { if (TAO_debug_level > 2) ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) - SSLIOP_Connector::ssliop_connect, ") + ACE_TEXT ("(%P|%t) SSLIOP_Connector::connect ") ACE_TEXT ("got existing transport[%d]\n"), transport->id ())); - - // When the transport is not connected wait for completion - if (!transport->is_connected()) - { - if (!this->wait_for_connection_completion (resolver, - transport, - max_wait_time)) - { - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) - SSLIOP_Connector::ssliop_connect,") - ACE_TEXT ("wait for completion failed\n"))); - - } - } } else { if (TAO_debug_level > 4) ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) - SSLIOP_Connector::ssliop_connect, ") + ACE_TEXT ("(%P|%t) SSLIOP_Connector::connect ") ACE_TEXT ("making a new connection \n"))); // Purge connections (if necessary) @@ -461,7 +447,7 @@ TAO::SSLIOP::Connector::ssliop_connect ( { if (TAO_debug_level > 0) ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to create SSLIOP ") + ACE_TEXT ("(%P|%t) Unable to create SSLIOP ") ACE_TEXT ("service handler.\n"))); return 0; @@ -515,7 +501,7 @@ TAO::SSLIOP::Connector::ssliop_connect ( ACE_THROW_RETURN (CORBA::INV_POLICY (), 0); } - TAO::SSLIOP::OwnCredentials_var credentials = + TAO::SSLIOP::Credentials_var credentials = this->retrieve_credentials (resolver->stub (), svc_handler->peer ().ssl () ACE_ENV_ARG_PARAMETER); @@ -529,15 +515,6 @@ TAO::SSLIOP::Connector::ssliop_connect ( this->active_connect_strategy_->synch_options (max_wait_time, synch_options); - // If we don't need to block for a transport just set the timeout to - // be zero. - ACE_Time_Value tmp_zero (ACE_Time_Value::zero); - if (!resolver->blocked ()) - { - synch_options.timeout (ACE_Time_Value::zero); - max_wait_time = &tmp_zero; - } - // We obtain the transport in the <svc_handler> variable. As we // know now that the connection is not available in Cache we can // make a new connection @@ -553,39 +530,91 @@ TAO::SSLIOP::Connector::ssliop_connect ( // the #REFCOUNT# on the handler is one since close() gets // called on the handler. - // Make sure that we always do a remove_reference - ACE_Event_Handler_var svc_handler_auto_ptr (svc_handler); + // No immediate result. Wait for completion. + if (result == -1 && errno == EWOULDBLOCK) + { + if (TAO_debug_level > 2) + ACE_DEBUG ((LM_DEBUG, + "TAO (%P|%t) - SSLIOP_Connector::ssliop_connect(), " + "going to wait for connection completion on local" + "handle [%d]\n", + svc_handler->get_handle ())); + + // Wait for connection completion. No need to specify timeout + // to wait() since the correct timeout was passed to the + // Connector. The Connector will close the handler in the case + // of timeouts, so the event will complete (either success or + // failure) within timeout. + result = + this->active_connect_strategy_->wait (svc_handler, + 0); + + if (TAO_debug_level > 2) + { + ACE_DEBUG ((LM_DEBUG, + "TAO (%P|%t) - IIOP_Connector::make_connection" + "wait done for handle[%d], result = %d\n", + svc_handler->get_handle (), result)); + } - transport = - svc_handler->transport (); + // There are three possibilities when wait() returns: (a) + // connection succeeded; (b) connection failed; (c) wait() + // failed because of some other error. It is easy to deal with + // (a) and (b). (c) is tricky since the connection is still + // pending and may get completed by some other thread. The + // following code deals with (c). - if (result == -1) - { - // No immediate result, wait for completion - if (errno == EWOULDBLOCK) + // Check if the handler has been closed. + int closed = + svc_handler->is_closed (); + + // In case of failures and close() has not be called. + if (result == -1 && + !closed) { - // Try to wait until connection completion. Incase we block, then we - // get a connected transport or not. In case of non block we get - // a connected or not connected transport - if (!this->wait_for_connection_completion (resolver, - transport, - max_wait_time)) + // First, cancel from connector. + this->base_connector_.cancel (svc_handler); + + // Double check to make sure the handler has not been closed + // yet. This double check is required to ensure that the + // connection handler was not closed yet by some other + // thread since it was still registered with the connector. + // Once connector.cancel() has been processed, we are + // assured that the connector will no longer open/close this + // handler. + closed = + svc_handler->is_closed (); + + // If closed, there is nothing to do here. If not closed, + // it was either opened or is still pending. + if (!closed) { - if (TAO_debug_level > 2) - ACE_ERROR ((LM_ERROR, "TAO (%P|%t) - SSLIOP_Connector::" - "ssliop_connect, " - "wait for completion failed\n")); + // Check if the handler has been opened. + int open = + svc_handler->is_open (); + + // Some other thread was able to open the handler even + // though wait failed for this thread. + if (open) + // Overwrite <result>. + result = 0; + else + { + // Assert that it is still connecting. + ACE_ASSERT (svc_handler->is_connecting ()); + + // Force close the handler now. + svc_handler->close (); + } } } - else - { - // Transport is not usable - transport = 0; - } } - // In case of errors transport is zero - if (transport == 0) + // Irrespective of success or failure, remove the extra #REFCOUNT#. + svc_handler->remove_reference (); + + // In case of errors. + if (result == -1) { // Give users a clue to the problem. if (TAO_debug_level) @@ -594,7 +623,7 @@ TAO::SSLIOP::Connector::ssliop_connect ( ssl_endpoint->addr_to_string (buffer, sizeof (buffer) - 1); ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) - SSL connection to ") + ACE_TEXT ("TAO (%P|%t) %N:%l, SSL connection to ") ACE_TEXT ("<%s:%d> failed (%p)\n"), buffer, remote_address.get_port_number (), @@ -608,11 +637,14 @@ TAO::SSLIOP::Connector::ssliop_connect ( // #REFCOUNT# is one. if (TAO_debug_level > 2) ACE_DEBUG ((LM_DEBUG, - "TAO (%P|%t) - SSLIOP_Connector::ssliop_connect, " + "TAO (%P|%t) - SSLIOP_Connector::ssliop_connect(): " "new SSL connection to port %d on transport[%d]\n", remote_address.get_port_number (), svc_handler->peer ().get_handle ())); + transport = + svc_handler->transport (); + ssl_endpoint->qop (qop); ssl_endpoint->trust (trust); ssl_endpoint->credentials (credentials.in ()); @@ -632,31 +664,34 @@ TAO::SSLIOP::Connector::ssliop_connect ( if (TAO_debug_level > 0) { ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - SLIIOP_Connector::ssliop_connect, " + "TAO (%P|%t) - IIOP_Connector::make_connection, " "could not add the new connection to cache\n")); } return 0; } - if (transport->is_connected () && - transport->wait_strategy ()->register_handler () != 0) - { - // Registration failures. + // If the wait strategy wants us to be registered with the reactor + // then we do so. If registeration is required and it succeeds, + // #REFCOUNT# becomes two. + retval = transport->wait_strategy ()->register_handler (); - // Purge from the connection cache, if we are not in the cache, this - // just does nothing. - (void) transport->purge_entry (); + // Registration failures. + if (retval != 0) + { + // Purge from the connection cache. + transport->purge_entry (); // Close the handler. - (void) transport->close_connection (); + svc_handler->close (); if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - SSLIOP_Connector [%d]::ssliop_connect, " - "could not register the transport " - "in the reactor.\n", - transport->id ())); + { + ACE_ERROR ((LM_ERROR, + "TAO (%P|%t) - IIOP_Connector::make_connection, " + "could not register the new connection in the " + "reactor\n")); + } return 0; } @@ -725,12 +760,6 @@ TAO::SSLIOP::Connector::retrieve_credentials (TAO_Stub *stub, // Use the default certificate and private key, i.e. the one set // in the SSL_CTX that was used when creating the SSL data // structure. - - /** - * @todo Check if the CredentialsCurator contains a default set - * of SSLIOP OwnCredentials. - */ - TAO::SSLIOP::OwnCredentials_ptr & c = ssliop_credentials.out (); ACE_NEW_THROW_EX (c, TAO::SSLIOP::OwnCredentials ( @@ -742,23 +771,3 @@ TAO::SSLIOP::Connector::retrieve_credentials (TAO_Stub *stub, return ssliop_credentials._retn (); } - -int -TAO::SSLIOP::Connector::cancel_svc_handler ( - TAO_Connection_Handler * svc_handler) -{ - TAO::SSLIOP::Connection_Handler* handler= - dynamic_cast<TAO::SSLIOP::Connection_Handler*>(svc_handler); - - if (handler) - { - // Cancel from the connector - this->base_connector_.cancel (handler); - - return 0; - } - else - { - return -1; - } -} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h index 9a3a5ddb1a2..85e4362153c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h @@ -81,9 +81,6 @@ namespace TAO */ virtual TAO_Profile * make_profile (ACE_ENV_SINGLE_ARG_DECL); - /// Cancel the passed cvs handler from the connector - virtual int cancel_svc_handler (TAO_Connection_Handler * svc_handler); - /// IIOP-specific connection establishment. /** * @note The IIOP endpoint is extracted from the SSLIOP endpoint. diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp index 163f86e28e6..268cc69b796 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp @@ -2,6 +2,8 @@ #include "tao/ORB_Constants.h" +//#include <openssl/bn.h> + ACE_RCSID (SSLIOP, SSLIOP_Credentials, @@ -13,9 +15,9 @@ ACE_RCSID (SSLIOP, #endif /* __ACE_INLINE__ */ -TAO::SSLIOP_Credentials::SSLIOP_Credentials (::X509 *cert, ::EVP_PKEY *evp) - : x509_ (TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (cert)), - evp_ (TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (evp)), +TAO::SSLIOP::Credentials::Credentials (::X509 *cert, ::EVP_PKEY *evp) + : x509_ (TAO::SSLIOP::_duplicate (cert)), + evp_ (TAO::SSLIOP::_duplicate (evp)), id_ (), creds_usage_ (SecurityLevel3::CU_Indefinite), expiry_time_ (), @@ -74,33 +76,33 @@ TAO::SSLIOP_Credentials::SSLIOP_Credentials (::X509 *cert, ::EVP_PKEY *evp) } } -TAO::SSLIOP_Credentials::~SSLIOP_Credentials (void) +TAO::SSLIOP::Credentials::~Credentials (void) { } char * -TAO::SSLIOP_Credentials::creds_id (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::SSLIOP::Credentials::creds_id (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { return CORBA::string_dup (this->id_.in ()); } SecurityLevel3::CredentialsUsage -TAO::SSLIOP_Credentials::creds_usage (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::SSLIOP::Credentials::creds_usage (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { return SecurityLevel3::CU_Indefinite; } TimeBase::UtcT -TAO::SSLIOP_Credentials::expiry_time (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::SSLIOP::Credentials::expiry_time (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { return this->expiry_time_; } SecurityLevel3::CredentialsState -TAO::SSLIOP_Credentials::creds_state (ACE_ENV_SINGLE_ARG_DECL) +TAO::SSLIOP::Credentials::creds_state (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { const ::X509 *x = this->x509_.in (); @@ -148,7 +150,7 @@ TAO::SSLIOP_Credentials::creds_state (ACE_ENV_SINGLE_ARG_DECL) } char * -TAO::SSLIOP_Credentials::add_relinquished_listener ( +TAO::SSLIOP::Credentials::add_relinquished_listener ( SecurityLevel3::RelinquishedCredentialsListener_ptr /* listener */ ACE_ENV_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) @@ -157,7 +159,7 @@ TAO::SSLIOP_Credentials::add_relinquished_listener ( } void -TAO::SSLIOP_Credentials::remove_relinquished_listener (const char * /* id */ +TAO::SSLIOP::Credentials::remove_relinquished_listener (const char * /* id */ ACE_ENV_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { @@ -165,58 +167,40 @@ TAO::SSLIOP_Credentials::remove_relinquished_listener (const char * /* id */ } bool -TAO::SSLIOP_Credentials::operator== (const TAO::SSLIOP_Credentials &rhs) +TAO::SSLIOP::Credentials::operator== (const TAO::SSLIOP::Credentials &rhs) { - ::X509 * xa = this->x509_.in (); - ::X509 * xb = rhs.x509_.in (); + X509 * xa = this->x509_.in (); + X509 * xb = rhs.x509_.in (); // EVP_PKEY *ea = this->evp_.in (); // EVP_PKEY *eb = rhs.evp_.in (); - ACE_DECLARE_NEW_CORBA_ENV; - // No need for a full blown ACE_TRY/CATCH block. - - const SecurityLevel3::CredentialsType lct = - this->creds_type (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (false); - - const SecurityLevel3::CredentialsType rct = - const_cast<TAO::SSLIOP_Credentials &> (rhs).creds_type ( - ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (false); - - // Don't bother check the creds_id and expiry_time attributes. They - // are checked implicitly by the below X509_cmp() call. - // - // Additionally, the creds_state attribute is not included in the - // check since it is not considered important when distinguishing - // between two Credentials. - return - lct == rct - && this->creds_usage_ == rhs.creds_usage_ - && ((xa == xb) || (xa != 0 && xb != 0 && ::X509_cmp (xa, xb) == 0)) +// this->accepting_options_supported_ == rhs.accepting_options_supported_ +// && this->accepting_options_required_ == rhs.accepting_options_required_ +// && this->invocation_options_supported_ == rhs.invocation_options_supported_ && this->invocation_options_required_ == rhs.invocation_options_required_ + ((xa == xb) || (xa != 0 && xb != 0 && ::X509_cmp (xa, xb) == 0)) // && ((ea == eb) || (ea != 0 && eb != 0 && ::EVP_PKEY_cmp (ea, eb) == 0)) ; } CORBA::ULong -TAO::SSLIOP_Credentials::hash (void) const +TAO::SSLIOP::Credentials::hash (void) const { - ::X509 * x509 = this->x509_.in (); + ::X509 *x509 = this->x509_.in (); return (x509 == 0 ? 0 : ::X509_issuer_name_hash (x509)); } TAO::SSLIOP::Credentials_ptr -TAO::SSLIOP_Credentials::_narrow (CORBA::Object_ptr obj +TAO::SSLIOP::Credentials::_narrow (CORBA::Object_ptr obj ACE_ENV_ARG_DECL_NOT_USED) { - return TAO::SSLIOP_Credentials::_duplicate ( - dynamic_cast<TAO::SSLIOP_Credentials *> (obj)); + return TAO::SSLIOP::Credentials::_duplicate ( + dynamic_cast<TAO::SSLIOP::Credentials *> (obj)); } TAO::SSLIOP::Credentials_ptr -TAO::SSLIOP_Credentials::_duplicate (TAO::SSLIOP::Credentials_ptr obj) +TAO::SSLIOP::Credentials::_duplicate (TAO::SSLIOP::Credentials_ptr obj) { if (!CORBA::is_nil (obj)) obj->_add_ref (); @@ -229,7 +213,7 @@ TAO::SSLIOP_Credentials::_duplicate (TAO::SSLIOP::Credentials_ptr obj) TAO::SSLIOP::Credentials_ptr tao_TAO_SSLIOP_Credentials_duplicate (TAO::SSLIOP::Credentials_ptr p) { - return TAO::SSLIOP_Credentials::_duplicate (p); + return TAO::SSLIOP::Credentials::_duplicate (p); } void @@ -241,35 +225,22 @@ tao_TAO_SSLIOP_Credentials_release (TAO::SSLIOP::Credentials_ptr p) TAO::SSLIOP::Credentials_ptr tao_TAO_SSLIOP_Credentials_nil (void) { - return TAO::SSLIOP_Credentials::_nil (); + return TAO::SSLIOP::Credentials::_nil (); } TAO::SSLIOP::Credentials_ptr tao_TAO_SSLIOP_Credentials_narrow (CORBA::Object *p ACE_ENV_ARG_DECL) { - return TAO::SSLIOP_Credentials::_narrow (p - ACE_ENV_ARG_PARAMETER); + return TAO::SSLIOP::Credentials::_narrow (p + ACE_ENV_ARG_PARAMETER); } CORBA::Object_ptr tao_TAO_SSLIOP_Credentials_upcast (void *src) { - TAO::SSLIOP_Credentials **tmp = - static_cast<TAO::SSLIOP_Credentials **> (src); + TAO::SSLIOP::Credentials **tmp = + static_cast<TAO::SSLIOP::Credentials **> (src); return *tmp; } - - -#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) - -template class TAO_Pseudo_Var_T<TAO::SSLIOP_Credentials>; -template class TAO_Pseudo_Out_T<TAO::SSLIOP_Credentials, TAO::SSLIOP_Credentials_var>; - -#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) - -# pragma instantiate TAO_Pseudo_Var_T<TAO::SSLIOP_Credentials> -# pragma instantiate TAO_Pseudo_Out_T<TAO::SSLIOP_Credentials, TAO::SSLIOP_Credentials_var> - -#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h index 89b27c15a62..4a53212775d 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h @@ -23,43 +23,36 @@ #include "SSLIOP_X509.h" #include "SSLIOP_EVP_PKEY.h" -#include "orbsvcs/SecurityLevel3C.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" #include "tao/LocalObject.h" namespace TAO { - class SSLIOP_Credentials; + namespace SSLIOP + { - namespace SSLIOP - { - typedef SSLIOP_Credentials* Credentials_ptr; - typedef TAO_Pseudo_Var_T<SSLIOP_Credentials> Credentials_var; - typedef TAO_Pseudo_Out_T<SSLIOP_Credentials, Credentials_var> Credentials_out; - } + class Credentials; + typedef Credentials* Credentials_ptr; + typedef TAO_Pseudo_Var_T<Credentials> Credentials_var; + typedef TAO_Pseudo_Out_T<Credentials, Credentials_var> Credentials_out; /** - * @class SSLIOP_Credentials + * @class Credentials * * @brief SSLIOP-specific implementation of the * SecurityLevel3::Credentials interface. * * This class encapsulates the X.509 certificate associated with a * given a principal. - * - * @note Why is this class not the TAO::SSLIOP namespace? Because - * brain damaged MSVC++ 6 cannot call a base class - * constructor of class declared in a namespace that is more - * than one level deep in a sub-class base member - * initializer list. */ - class TAO_SSLIOP_Export SSLIOP_Credentials + class TAO_SSLIOP_Export Credentials : public virtual SecurityLevel3::Credentials, public virtual TAO_Local_RefCounted_Object { public: /// Constructor - SSLIOP_Credentials (::X509 * cert, ::EVP_PKEY * evp); + Credentials (::X509 * cert, ::EVP_PKEY * evp); /** * @name SecurityLevel3::Credentials Methods @@ -116,19 +109,19 @@ namespace TAO ::EVP_PKEY *evp (void); //@} - bool operator== (const SSLIOP_Credentials &rhs); + bool operator== (const Credentials &rhs); CORBA::ULong hash (void) const; // The static operations. - static SSLIOP::Credentials_ptr _duplicate (SSLIOP::Credentials_ptr obj); + static Credentials_ptr _duplicate (Credentials_ptr obj); - static SSLIOP::Credentials_ptr _narrow (CORBA::Object_ptr obj - ACE_ENV_ARG_DECL); + static Credentials_ptr _narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL); - static SSLIOP::Credentials_ptr _nil (void) + static Credentials_ptr _nil (void) { - return (SSLIOP::Credentials_ptr) 0; + return (Credentials_ptr) 0; } //@} @@ -140,17 +133,17 @@ namespace TAO * Protected destructor to enforce proper memory management * through the reference counting mechanism. */ - ~SSLIOP_Credentials (void); + ~Credentials (void); protected: /// Reference to the X.509 certificate associated with this SSLIOP /// Credentials object. - SSLIOP::X509_var x509_; + X509_var x509_; /// Reference to the private key associated with the X.509 /// certificate. - SSLIOP::EVP_PKEY_var evp_; + EVP_PKEY_var evp_; /// Credentials Identifier. CORBA::String_var id_; @@ -166,7 +159,7 @@ namespace TAO }; -// } // End SSLIOP namespace + } // End SSLIOP namespace } // End TAO namespace #if defined (__ACE_INLINE__) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl index 8c353c74cff..e33e9380658 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl @@ -3,15 +3,13 @@ // $Id$ ACE_INLINE ::X509 * -TAO::SSLIOP_Credentials::x509 (void) +TAO::SSLIOP::Credentials::x509 (void) { - return - TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (this->x509_.in ()); + return TAO::SSLIOP::_duplicate (this->x509_.in ()); } ACE_INLINE ::EVP_PKEY * -TAO::SSLIOP_Credentials::evp (void) +TAO::SSLIOP::Credentials::evp (void) { - return - TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (this->evp_.in ()); + return TAO::SSLIOP::_duplicate (this->evp_.in ()); } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp index 088255970f4..d2eef3da6bf 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp @@ -32,7 +32,7 @@ TAO_SSLIOP_password_callback (char *buf, // what you get when you try to be overly efficient. :-) // -Ossama - const char * password = static_cast<char *> (userdata); + const char *password = static_cast<char *> (userdata); int pwlen = -1; @@ -41,7 +41,7 @@ TAO_SSLIOP_password_callback (char *buf, pwlen = ACE_OS::strlen (password); int copy_len = pwlen + 1; // Include the NULL terminator - + // Clear the portion of the buffer that exceeds the space that // will be occupied by the password. if (copy_len < size) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h index e1d1e5778bf..4a391c83497 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h @@ -15,16 +15,16 @@ #define TAO_SSLIOP_CREDENTIALS_ACQUIRER_H #include /**/ "ace/pre.h" -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h" #if !defined (ACE_LACKS_PRAGMA_ONCE) # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "orbsvcs/Security/SL3_CredentialsCurator.h" +#include "orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h" -#include "orbsvcs/SSLIOPC.h" -#include "orbsvcs/SecurityLevel3C.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" #include "tao/LocalObject.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h index 6918b068b0d..791dcde0da5 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h @@ -16,15 +16,15 @@ #include /**/ "ace/pre.h" -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h" #if !defined (ACE_LACKS_PRAGMA_ONCE) # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "orbsvcs/Security/SL3_CredentialsAcquirerFactory.h" +#include "orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.h" -#include "orbsvcs/SecurityLevel3C.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" namespace TAO diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp index 9b18545640b..0b458f46647 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp @@ -114,7 +114,7 @@ TAO::SSLIOP::Current::setup (TAO::SSLIOP::Current_Impl *&prev_impl, void TAO::SSLIOP::Current::teardown (TAO::SSLIOP::Current_Impl *prev_impl, - bool &setup_done) + bool &setup_done) { if (setup_done) { @@ -193,13 +193,128 @@ tao_TAO_SSLIOP_Current_upcast ( return *tmp; } +// ************************************************************* +// Operations for class TAO::SSLIOP::Current_var +// ************************************************************* -#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) +TAO::SSLIOP::Current_var::Current_var (void) // default constructor + : ptr_ (TAO::SSLIOP::Current::_nil ()) +{ +} + +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::ptr (void) const +{ + return this->ptr_; +} + +TAO::SSLIOP::Current_var::Current_var ( + const ::TAO::SSLIOP::Current_var &p) + : TAO_Base_var (), + ptr_ (TAO::SSLIOP::Current::_duplicate (p.ptr ())) +{ +} + +TAO::SSLIOP::Current_var::~Current_var (void) +{ + CORBA::release (this->ptr_); +} + +TAO::SSLIOP::Current_var & +TAO::SSLIOP::Current_var::operator= (TAO::SSLIOP::Current_ptr p) +{ + CORBA::release (this->ptr_); + this->ptr_ = p; + return *this; +} + +TAO::SSLIOP::Current_var & +TAO::SSLIOP::Current_var::operator= (const ::TAO::SSLIOP::Current_var &p) +{ + if (this != &p) + { + CORBA::release (this->ptr_); + this->ptr_ = ::TAO::SSLIOP::Current::_duplicate (p.ptr ()); + } + return *this; +} + +TAO::SSLIOP::Current_var::operator const ::TAO::SSLIOP::Current_ptr &() const +{ + return this->ptr_; +} + +TAO::SSLIOP::Current_var::operator ::TAO::SSLIOP::Current_ptr &() +{ + return this->ptr_; +} + +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::operator-> (void) const +{ + return this->ptr_; +} + +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::in (void) const +{ + return this->ptr_; +} -template class TAO_Pseudo_Var_T<TAO::SSLIOP::Current>; +::TAO::SSLIOP::Current_ptr & +TAO::SSLIOP::Current_var::inout (void) +{ + return this->ptr_; +} -#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) +::TAO::SSLIOP::Current_ptr & +TAO::SSLIOP::Current_var::out (void) +{ + CORBA::release (this->ptr_); + this->ptr_ = ::TAO::SSLIOP::Current::_nil (); + return this->ptr_; +} -# pragma instantiate TAO_Pseudo_Var_T<TAO::SSLIOP::Current> +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::_retn (void) +{ + // yield ownership of managed obj reference + ::TAO::SSLIOP::Current_ptr val = this->ptr_; + this->ptr_ = ::TAO::SSLIOP::Current::_nil (); + return val; +} -#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::tao_duplicate (TAO::SSLIOP::Current_ptr p) +{ + return ::TAO::SSLIOP::Current::_duplicate (p); +} + +void +TAO::SSLIOP::Current_var::tao_release (TAO::SSLIOP::Current_ptr p) +{ + CORBA::release (p); +} + +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::tao_nil (void) +{ + return ::TAO::SSLIOP::Current::_nil (); +} + +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::tao_narrow ( + CORBA::Object *p + ACE_ENV_ARG_DECL + ) +{ + return ::TAO::SSLIOP::Current::_narrow (p ACE_ENV_ARG_PARAMETER); +} + +CORBA::Object * +TAO::SSLIOP::Current_var::tao_upcast (void *src) +{ + TAO::SSLIOP::Current **tmp = + static_cast<TAO::SSLIOP::Current **> (src); + return *tmp; +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h index 1921057cfc4..1ff1ab76fb4 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h @@ -23,7 +23,7 @@ #include "SSLIOP_Current_Impl.h" -#include "orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" #include "tao/ORB_Core.h" // This is to remove "inherits via dominance" warnings from MSVC. @@ -41,8 +41,8 @@ namespace TAO namespace SSLIOP { class Current; + class Current_var; typedef Current * Current_ptr; - typedef TAO_Pseudo_Var_T<Current> Current_var; /** * @class Current @@ -112,12 +112,24 @@ namespace TAO * compiler for all IDL interfaces. */ //@{ +#if !defined(__GNUC__) || !defined (ACE_HAS_GNUG_PRE_2_8) + typedef Current_ptr _ptr_type; + typedef Current_var _var_type; +#endif /* ! __GNUC__ || g++ >= 2.8 */ + + static int _tao_class_id; + // The static operations. static Current_ptr _duplicate (Current_ptr obj); static Current_ptr _narrow (CORBA::Object_ptr obj ACE_ENV_ARG_DECL); + + static Current_ptr _unchecked_narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL); + + static Current_ptr _nil (void) { return (Current_ptr)0; @@ -157,6 +169,42 @@ namespace TAO }; + class Current_var : public TAO_Base_var + { + public: + Current_var (void); // default constructor + Current_var (Current_ptr p) : ptr_ (p) {} + Current_var (const Current_var &); // copy constructor + ~Current_var (void); // destructor + + Current_var &operator= (Current_ptr); + Current_var &operator= (const Current_var &); + Current_ptr operator-> (void) const; + + operator const Current_ptr &() const; + operator Current_ptr &(); + // in, inout, out, _retn + Current_ptr in (void) const; + Current_ptr &inout (void); + Current_ptr &out (void); + Current_ptr _retn (void); + Current_ptr ptr (void) const; + + // Hooks used by template sequence and object manager classes + // for non-defined forward declared interfaces. + static Current_ptr tao_duplicate (Current_ptr); + static void tao_release (Current_ptr); + static Current_ptr tao_nil (void); + static Current_ptr tao_narrow (CORBA::Object * + ACE_ENV_ARG_DECL); + static CORBA::Object * tao_upcast (void *); + + private: + Current_ptr ptr_; + // Unimplemented - prevents widening assignment. + Current_var (const TAO_Base_var &rhs); + Current_var &operator= (const TAO_Base_var &rhs); + }; } // End SSLIOP namespace. } // End TAO namespace. diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp index eb7ff19899a..ee65fa48380 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp @@ -34,9 +34,7 @@ TAO::SSLIOP::Current_Impl::client_credentials ( SecurityLevel3::ClientCredentials_ptr creds; ACE_NEW_THROW_EX (creds, - TAO::SSLIOP::ClientCredentials (cert.in (), - 0, - this->ssl_), + TAO::SSLIOP::ClientCredentials (cert.in (), 0), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h index 5502393a62b..6ba6569f23b 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h @@ -21,8 +21,8 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "orbsvcs/SSLIOPC.h" -#include "orbsvcs/Security/SL3_SecurityCurrent_Impl.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.h" #include "tao/ORB_Core.h" #include <openssl/ssl.h> diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp index 1f95833d035..2f461de27f1 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp @@ -2,81 +2,12 @@ #include "SSLIOP_EVP_PKEY.h" -#include <openssl/x509.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include <openssl/dh.h> - ACE_RCSID (SSLIOP, SSLIOP_EVP_PKEY, "$Id$") -::EVP_PKEY * -TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::copy (::EVP_PKEY const & key) -{ - ::EVP_PKEY * pkey = const_cast< ::EVP_PKEY *> (&key); - - // We're using the EVP_PKEY_var even though it depends on this - // trait function. This works since we're not actually using - // any of the EVP_PKEY_var methods that call this copy() - // trait. This allows us to maintain exception safety. - TAO::SSLIOP::EVP_PKEY_var p = ::EVP_PKEY_new (); - - switch (::EVP_PKEY_type (pkey->type)) - { - case EVP_PKEY_RSA: - { - RSA * rsa = ::EVP_PKEY_get1_RSA (pkey); - if (rsa != 0) - { - // Not exception safe! - ::EVP_PKEY_set1_RSA (p.in (), RSAPrivateKey_dup (rsa)); - ::RSA_free (rsa); - } - } - break; - - case EVP_PKEY_DSA: - { - DSA * dsa = ::EVP_PKEY_get1_DSA (pkey); - if (dsa != 0) - { - // Not exception safe! - ::EVP_PKEY_set1_DSA (p.in (), DSAparams_dup (dsa)); - ::DSA_free (dsa); - } - } - break; - - case EVP_PKEY_DH: - { - DH * dh = ::EVP_PKEY_get1_DH (pkey); - if (dh != 0) - { - // Not exception safe! - ::EVP_PKEY_set1_DH (p.in (), DHparams_dup (dh)); - ::DH_free (dh); - } - } - break; - - default: - // We should never get here! - return 0; - } - - return p._retn (); -} - - -#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) - -template class TAO::SSLIOP::OpenSSL_st_var< ::EVP_PKEY >; - -#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) - -# pragma instantiate TAO::SSLIOP::OpenSSL_st_var< ::EVP_PKEY > - -#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ +#if !defined (__ACE_INLINE__) +#include "SSLIOP_EVP_PKEY.inl" +#endif /* !__ACE_INLINE__ */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h index 903828b73d5..a316efd37c7 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h @@ -6,7 +6,7 @@ * * $Id$ * - * @author Ossama Othman <ossama@dre,vanderbilt.edu> + * @author Ossama Othman <ossama@uci.edu> */ //============================================================================= @@ -21,56 +21,83 @@ #pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "SSLIOP_OpenSSL_st_T.h" +#include "tao/varbase.h" -#include <openssl/evp.h> #include <openssl/crypto.h> - +#include <openssl/evp.h> namespace TAO { namespace SSLIOP { - // OpenSSL @c EVP_PKEY structure traits specialization. - template <> - struct OpenSSL_traits< ::EVP_PKEY > + /** + * @name CORBA-style Reference Count Manipulation Methods + */ + /// Increase the reference count on the given EVP_PKEY structure. + ::EVP_PKEY *_duplicate (::EVP_PKEY *key); + + /// Decrease the reference count on the given EVP_PKEY structure. + void release (::EVP_PKEY *key); + + /** + * @class EVP_PKEY_var + * + * @brief "_var" class for the OpenSSL @param EVP_PKEY structure. + * + * This class is simply used to make operations on instances of + * the OpenSSL @param EVP_PKEY structures exception safe. It is + * only used internally by the SSLIOP pluggable protocol. + */ + class EVP_PKEY_var : private TAO_Base_var { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_EVP_PKEY }; + public: - /// Increase the reference count on the given OpenSSL structure. /** - * @note This used to be in a function template but MSVC++ 6 - * can't handle function templates correctly so reproduce - * the code in each specialization. *sigh* + * @name Constructors */ - static ::EVP_PKEY * _duplicate (::EVP_PKEY * st) - { - if (st != 0) - CRYPTO_add (&(st->references), - 1, - LOCK_ID); - - return st; - } - - /// Perform deep copy of the given OpenSSL structure. - static ::EVP_PKEY * copy (::EVP_PKEY const & key); - - /// Decrease the reference count on the given OpenSSL - /// structure. - static void release (::EVP_PKEY * st) - { - ::EVP_PKEY_free (st); - } - }; + //@{ + EVP_PKEY_var (void); + EVP_PKEY_var (::EVP_PKEY *x); + EVP_PKEY_var (const EVP_PKEY_var &); + //@} + + /// Destructor + ~EVP_PKEY_var (void); + + EVP_PKEY_var &operator= (::EVP_PKEY *); + EVP_PKEY_var &operator= (const EVP_PKEY_var &); + const ::EVP_PKEY *operator-> (void) const; + ::EVP_PKEY *operator-> (void); + + operator const ::EVP_PKEY &() const; + operator ::EVP_PKEY &(); - typedef OpenSSL_st_var< ::EVP_PKEY > EVP_PKEY_var; + ::EVP_PKEY *in (void) const; + ::EVP_PKEY *&inout (void); + ::EVP_PKEY *&out (void); + ::EVP_PKEY *_retn (void); + ::EVP_PKEY *ptr (void) const; + + private: + + // Unimplemented - prevents widening assignment. + EVP_PKEY_var (const TAO_Base_var &rhs); + EVP_PKEY_var &operator= (const TAO_Base_var &rhs); + + private: + + /// The OpenSSL @c EVP_PKEY structure that represents a private + /// key. + ::EVP_PKEY *evp_; + + }; } // End SSLIOP namespace. } // End TAO namespace. +#if defined (__ACE_INLINE__) +#include "SSLIOP_EVP_PKEY.inl" +#endif /* __ACE_INLINE__ */ #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl new file mode 100644 index 00000000000..e20b30e774d --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl @@ -0,0 +1,129 @@ +// -*- C++ -*- +// +// $Id$ + +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::_duplicate (::EVP_PKEY *key) +{ + // OpenSSL provides no function to increase the reference count on + // the EVP_PKEY structure, so we do it manually. + if (key != 0) + CRYPTO_add (&(key->references), 1, CRYPTO_LOCK_EVP_PKEY); + + return key; +} + +ACE_INLINE void +TAO::SSLIOP::release (::EVP_PKEY *key) +{ + // OpenSSL's EVP_PKEY_free() function already handles reference + // counting properly. + ::EVP_PKEY_free (key); +} + + +// ------------------------------------------------------------------- + +ACE_INLINE +TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (void) + : evp_ (0) +{ +} + +ACE_INLINE +TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (::EVP_PKEY *x) + : evp_ (x) +{ +} + +ACE_INLINE +TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (const TAO::SSLIOP::EVP_PKEY_var &p) + : TAO_Base_var (), + evp_ (TAO::SSLIOP::_duplicate (p.ptr ())) +{ +} + +ACE_INLINE +TAO::SSLIOP::EVP_PKEY_var::~EVP_PKEY_var (void) +{ + TAO::SSLIOP::release (this->evp_); +} + +ACE_INLINE TAO::SSLIOP::EVP_PKEY_var & +TAO::SSLIOP::EVP_PKEY_var::operator= (::EVP_PKEY *p) +{ + TAO::SSLIOP::release (this->evp_); + this->evp_ = p; + return *this; +} + +ACE_INLINE TAO::SSLIOP::EVP_PKEY_var & +TAO::SSLIOP::EVP_PKEY_var::operator= (const TAO::SSLIOP::EVP_PKEY_var &p) +{ + if (this != &p) + { + TAO::SSLIOP::release (this->evp_); + this->evp_ = TAO::SSLIOP::_duplicate (p.ptr ()); + } + + return *this; +} + +ACE_INLINE const ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::operator-> (void) const +{ + return this->evp_; +} + +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::operator-> (void) +{ + return this->evp_; +} + +ACE_INLINE +TAO::SSLIOP::EVP_PKEY_var::operator const ::EVP_PKEY &() const +{ + return *this->evp_; +} + +ACE_INLINE +TAO::SSLIOP::EVP_PKEY_var::operator ::EVP_PKEY &() +{ + return *this->evp_; +} + +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::in (void) const +{ + return this->evp_; +} + +ACE_INLINE ::EVP_PKEY *& +TAO::SSLIOP::EVP_PKEY_var::inout (void) +{ + return this->evp_; +} + +ACE_INLINE ::EVP_PKEY *& +TAO::SSLIOP::EVP_PKEY_var::out (void) +{ + EVP_PKEY_free (this->evp_); + this->evp_ = 0; + return this->evp_; +} + +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::_retn (void) +{ + // Yield ownership of the EVP_PKEY structure. + ::EVP_PKEY *x = this->evp_; + this->evp_ = 0; + return x; +} + +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::ptr (void) const +{ + return this->evp_; +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp index 3493cd303a9..0816283f5c9 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp @@ -15,7 +15,7 @@ ACE_RCSID (SSLIOP, #endif /* __ACE_INLINE__ */ TAO_SSLIOP_Endpoint::TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component, - TAO_IIOP_Endpoint *iiop_endp) + TAO_IIOP_Endpoint *iiop_endp) : TAO_Endpoint (IOP::TAG_INTERNET_IOP), object_addr_ (), next_ (0), diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h index fdd3490f063..d4060f8c02a 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h @@ -24,10 +24,10 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "SSLIOP_OwnCredentials.h" +#include "SSLIOP_Credentials.h" -#include "orbsvcs/SSLIOPC.h" -#include "orbsvcs/SecurityC.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/SecurityC.h" #include "tao/IIOP_Endpoint.h" #include "ace/INET_Addr.h" @@ -123,7 +123,7 @@ namespace TAO ::Security::EstablishTrust trust (void) const; /// Set the credentials for this endpoint. - void credentials (TAO::SSLIOP::OwnCredentials_ptr creds); + void credentials (TAO::SSLIOP::Credentials_ptr creds); /// Get the credentials for this endpoint. /** @@ -133,7 +133,7 @@ namespace TAO * that no additional locks occur when checking the * transport cache. */ - TAO::SSLIOP::OwnCredentials * credentials (void) const; + TAO::SSLIOP::Credentials * credentials (void) const; //@} private: @@ -169,7 +169,7 @@ namespace TAO ::Security::EstablishTrust trust_; /// SSLIOP-specific credentials for this endpoint object. - TAO::SSLIOP::OwnCredentials_var credentials_; + TAO::SSLIOP::Credentials_var credentials_; }; diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i index 4fa34d67f41..eb58d3dcc56 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i @@ -68,12 +68,12 @@ TAO_SSLIOP_Endpoint::trust (void) const } ACE_INLINE void -TAO_SSLIOP_Endpoint::credentials (const TAO::SSLIOP::OwnCredentials_ptr creds) +TAO_SSLIOP_Endpoint::credentials (const TAO::SSLIOP::Credentials_ptr creds) { - this->credentials_ = TAO::SSLIOP::OwnCredentials::_duplicate (creds); + this->credentials_ = TAO::SSLIOP::Credentials::_duplicate (creds); } -ACE_INLINE TAO::SSLIOP::OwnCredentials * +ACE_INLINE TAO::SSLIOP::Credentials * TAO_SSLIOP_Endpoint::credentials (void) const { return this->credentials_.in (); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp index fbb32f89f96..390ab77de3c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp @@ -4,7 +4,7 @@ #include "SSLIOP_ORBInitializer.h" #include "ace/OS_NS_strings.h" -#include "orbsvcs/Security/Security_ORBInitializer.h" /// @todo should go away +#include "orbsvcs/orbsvcs/Security/Security_ORBInitializer.h" /// @todo should go away //#include "orbsvcs/CSIIOPC.h" @@ -74,7 +74,7 @@ TAO::SSLIOP::Protocol_Factory::make_acceptor (void) int TAO::SSLIOP::Protocol_Factory::init (int argc, - char* argv[]) + char* argv[]) { char *certificate_path = 0; char *private_key_path = 0; @@ -473,7 +473,6 @@ TAO::SSLIOP::Protocol_Factory::requires_explicit_endpoint (void) const return 0; } - ACE_STATIC_SVC_DEFINE (TAO_SSLIOP_Protocol_Factory, ACE_TEXT ("SSLIOP_Factory"), ACE_SVC_OBJ_T, diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h index 73a16174959..a80578eb718 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h @@ -25,8 +25,8 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "orbsvcs/SecurityC.h" -#include "orbsvcs/CSIIOPC.h" +#include "orbsvcs/orbsvcs/SecurityC.h" +#include "orbsvcs/orbsvcs/CSIIOPC.h" #include "tao/Protocol_Factory.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h index 9e47848971a..45740ab8cd0 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h @@ -21,7 +21,7 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" #include "tao/PortableInterceptorC.h" #include "tao/LocalObject.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp index efa08eeb608..d7fe7e70c57 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp @@ -11,11 +11,11 @@ ACE_RCSID (SSLIOP, //#include "SSLIOP_IORInterceptor.h" #include "SSLIOP_CredentialsAcquirerFactory.h" -#include "orbsvcs/Security/SL3_SecurityCurrent.h" -#include "orbsvcs/Security/SL3_CredentialsCurator.h" +#include "orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.h" +#include "orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h" -#include "orbsvcs/SSLIOPC.h" -#include "orbsvcs/CSIIOPC.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/CSIIOPC.h" #include "tao/Exception.h" #include "tao/ORBInitInfo.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h index 544208d40b7..01f626a049d 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h @@ -22,8 +22,8 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "orbsvcs/CSIIOPC.h" -#include "orbsvcs/SecurityC.h" +#include "orbsvcs/orbsvcs/CSIIOPC.h" +#include "orbsvcs/orbsvcs/SecurityC.h" #include "tao/PortableInterceptorC.h" #include "tao/LocalObject.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp index 4205fcb5cee..8541a3771fb 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp @@ -9,7 +9,7 @@ ACE_RCSID (SSLIOP, TAO::SSLIOP::OwnCredentials::OwnCredentials (X509 *cert, EVP_PKEY *evp) - : SSLIOP_Credentials (cert, evp) + : TAO::SSLIOP::Credentials (cert, evp) { } @@ -71,15 +71,3 @@ TAO::SSLIOP::OwnCredentials::release_credentials ( { this->creds_state_ = SecurityLevel3::CS_PendingRelease; } - -#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) - -template class TAO_Pseudo_Var_T<TAO::SSLIOP::OwnCredentials>; -template class TAO_Pseudo_Out_T<TAO::SSLIOP::OwnCredentials, TAO::SSLIOP::OwnCredentials_var>; - -#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) - -# pragma instantiate TAO_Pseudo_Var_T<TAO::SSLIOP::OwnCredentials> -# pragma instantiate TAO_Pseudo_Out_T<TAO::SSLIOP::OwnCredentials, TAO::SSLIOP::OwnCredentials_var> - -#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h index 2dfed018858..c973e328066 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h @@ -43,15 +43,15 @@ namespace TAO /** * @class OwnCredentials * - * @brief Credentials representing our identity, not our peer's - * identity. + * @brief Credentials representing the our identity, not our + * peer's identity. * * @c OwnCredentials are a representation of our identity, not our * peer's identity. */ class TAO_SSLIOP_Export OwnCredentials : public virtual SecurityLevel3::OwnCredentials, - public virtual SSLIOP_Credentials + public virtual Credentials { public: diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp index dac7198565b..bce9948546c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp @@ -9,7 +9,7 @@ ACE_RCSID (SSLIOP, TAO::SSLIOP::TargetCredentials::TargetCredentials (::X509 *cert, ::EVP_PKEY *evp) - : SSLIOP_Credentials (cert, evp) + : TAO::SSLIOP::Credentials (cert, evp) { } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h index 98b4a75ec87..e4ae65b222f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h @@ -6,7 +6,7 @@ * * $Id$ * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> + * @author Ossama Othman <ossama@uci.edu> */ //============================================================================= @@ -38,7 +38,7 @@ namespace TAO */ class TAO_SSLIOP_Export TargetCredentials : public virtual SecurityLevel3::TargetCredentials, - public virtual SSLIOP_Credentials + public virtual Credentials { public: diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp index 036b2043a81..d16a4418066 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp @@ -6,12 +6,6 @@ ACE_RCSID (SSLIOP, "$Id$") -#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) - -template class TAO::SSLIOP::OpenSSL_st_var< ::X509 >; - -#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) - -# pragma instantiate TAO::SSLIOP::OpenSSL_st_var< ::X509 > - -#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ +#if !defined (__ACE_INLINE__) +#include "SSLIOP_X509.inl" +#endif /* !__ACE_INLINE__ */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h index 6937053169b..e80e4383d4f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h @@ -21,60 +21,86 @@ #pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "SSLIOP_OpenSSL_st_T.h" +#include "tao/varbase.h" #include <openssl/x509.h> #include <openssl/crypto.h> - namespace TAO { namespace SSLIOP { - // OpenSSL @c X509 structure traits specialization. - template <> - struct OpenSSL_traits< ::X509 > + /** + * @name CORBA-style Reference Count Manipulation Methods + */ + /// Increase the reference count on the given X509 structure. + ::X509 *_duplicate (::X509 *cert); + + /// Decrease the reference count on the given X509 structure. + void release (::X509 *cert); + + /** + * @class X509_var + * + * @brief "_var" class for the OpenSSL @param X509 structure. + * + * This class is simply used to make operations on instances of + * the OpenSSL @c X509 structures exception safe. It is only used + * internally by the SSLIOP pluggable protocol. + */ + class X509_var : private TAO_Base_var { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_X509 }; + public: - /// Increase the reference count on the given OpenSSL structure. /** - * @note This used to be in a function template but MSVC++ 6 - * can't handle function templates correctly so reproduce - * the code in each specialization. *sigh* + * @name Constructors */ - static ::X509 * _duplicate (::X509 * st) - { - if (st != 0) - CRYPTO_add (&(st->references), - 1, - LOCK_ID); - - return st; - } - - /// Perform deep copy of the given OpenSSL structure. - static ::X509 * copy (::X509 const & st) - { - return ::X509_dup (const_cast< ::X509 *> (&st)); - } - - /// Decrease the reference count on the given OpenSSL - /// structure. - static void release (::X509 * st) - { - ::X509_free (st); - } - }; + //@{ + X509_var (void); + X509_var (::X509 *x); + X509_var (const X509_var &); + X509_var (const ::X509 &x); + //@} + + /// Destructor + ~X509_var (void); + + X509_var &operator= (::X509 *); + X509_var &operator= (const X509_var &); + X509_var &operator= (const ::X509 &); + const ::X509 *operator-> (void) const; + ::X509 *operator-> (void); + + operator const ::X509 &() const; + operator ::X509 &(); + + ::X509 *in (void) const; + ::X509 *&inout (void); + ::X509 *&out (void); + ::X509 *_retn (void); + ::X509 *ptr (void) const; - typedef OpenSSL_st_var< ::X509 > X509_var; + private: + // Unimplemented - prevents widening assignment. + X509_var (const TAO_Base_var &rhs); + X509_var &operator= (const TAO_Base_var &rhs); + + private: + + /// The OpenSSL X509 structure that represents a X.509 certificate. + ::X509 *x509_; + + }; } // End SSLIOP namespace. } // End TAO namespace. +#if defined (__ACE_INLINE__) +#include "SSLIOP_X509.inl" +#endif /* __ACE_INLINE__ */ + + #include /**/ "ace/post.h" #endif /* TAO_SSLIOP_X509_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl new file mode 100644 index 00000000000..f45342d12a0 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl @@ -0,0 +1,148 @@ +// -*- C++ -*- +// +// $Id$ + +ACE_INLINE ::X509 * +TAO::SSLIOP::_duplicate (::X509 *cert) +{ + // OpenSSL provides no function to increase the reference count on + // the X509 structure, so we do it manually. (X509_dup() performs a + // deep copy, not a shallow copy.) + if (cert != 0) + CRYPTO_add (&(cert->references), 1, CRYPTO_LOCK_X509); + + return cert; +} + +ACE_INLINE void +TAO::SSLIOP::release (::X509 *cert) +{ + // OpenSSL's X509_free() function already handles reference counting + // properly. + ::X509_free (cert); +} + + +// ------------------------------------------------------------------- + +ACE_INLINE +TAO::SSLIOP::X509_var::X509_var (void) + : x509_ (0) +{ +} + +ACE_INLINE +TAO::SSLIOP::X509_var::X509_var (::X509 *x) + : x509_ (x) +{ +} + +ACE_INLINE +TAO::SSLIOP::X509_var::X509_var (const TAO::SSLIOP::X509_var &p) + : TAO_Base_var (), + x509_ (TAO::SSLIOP::_duplicate (p.ptr ())) +{ +} + +ACE_INLINE +TAO::SSLIOP::X509_var::X509_var (const ::X509 &p) +{ + this->x509_ = X509_dup (const_cast< ::X509 * > (&p)); +} + +ACE_INLINE +TAO::SSLIOP::X509_var::~X509_var (void) +{ + TAO::SSLIOP::release (this->x509_); +} + +ACE_INLINE TAO::SSLIOP::X509_var & +TAO::SSLIOP::X509_var::operator= (::X509 *p) +{ + TAO::SSLIOP::release (this->x509_); + this->x509_ = p; + return *this; +} + +ACE_INLINE ::TAO::SSLIOP::X509_var & +TAO::SSLIOP::X509_var::operator= (const ::TAO::SSLIOP::X509_var &p) +{ + if (this != &p) + { + TAO::SSLIOP::release (this->x509_); + this->x509_ = TAO::SSLIOP::_duplicate (p.ptr ()); + } + + return *this; +} + +ACE_INLINE TAO::SSLIOP::X509_var & +TAO::SSLIOP::X509_var::operator= (const ::X509 &p) +{ + if (this->x509_ != &p) + { + TAO::SSLIOP::release (this->x509_); + this->x509_ = X509_dup (const_cast< ::X509 * > (&p)); + } + + return *this; +} + +ACE_INLINE const ::X509 * +TAO::SSLIOP::X509_var::operator-> (void) const +{ + return this->x509_; +} + +ACE_INLINE ::X509 * +TAO::SSLIOP::X509_var::operator-> (void) +{ + return this->x509_; +} + +ACE_INLINE +TAO::SSLIOP::X509_var::operator const ::X509 &() const +{ + return *this->x509_; +} + +ACE_INLINE +TAO::SSLIOP::X509_var::operator ::X509 &() +{ + return *this->x509_; +} + +ACE_INLINE ::X509 * +TAO::SSLIOP::X509_var::in (void) const +{ + return this->x509_; +} + +ACE_INLINE ::X509 *& +TAO::SSLIOP::X509_var::inout (void) +{ + return this->x509_; +} + +ACE_INLINE ::X509 *& +TAO::SSLIOP::X509_var::out (void) +{ + X509_free (this->x509_); + this->x509_ = 0; + return this->x509_; +} + +ACE_INLINE ::X509 * +TAO::SSLIOP::X509_var::_retn (void) +{ + // Yield ownership of the X509 structure. + ::X509 *x = this->x509_; + this->x509_ = 0; + return x; +} + +ACE_INLINE ::X509 * +TAO::SSLIOP::X509_var::ptr (void) const +{ + return this->x509_; +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.h b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.h index e19b6659bf6..a4a7fc21cb0 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.h @@ -45,7 +45,7 @@ #include "tao/Sequence_T.h" #include "tao/Seq_Var_T.h" #include "tao/Seq_Out_T.h" -#include "orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" #if defined (TAO_EXPORT_MACRO) #undef TAO_EXPORT_MACRO diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.pidl b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.pidl index 969aaad85f6..64feb29fa16 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.pidl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.pidl @@ -35,7 +35,7 @@ #ifndef _SSL_ENDPOINTS_IDL_ #define _SSL_ENDPOINTS_IDL_ -#include "orbsvcs/SSLIOP.idl" +#include "orbsvcs/orbsvcs/SSLIOP.idl" // Stores information for a collection of SSLIOP endpoints. typedef sequence <SSLIOP::SSL> TAO_SSLEndpointSequence; |