From 2bd5828b0abe716fc58672b41dfc781271683416 Mon Sep 17 00:00:00 2001 From: Ossama Othman Date: Fri, 13 Aug 2004 02:19:47 +0000 Subject: ChangeLogTag:Thu Aug 12 18:45:20 2004 Ossama Othman --- TAO/ChangeLog | 73 +++++++++ .../orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp | 44 ++++-- .../orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h | 12 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp | 10 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp | 2 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp | 4 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp | 70 ++++++++- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h | 85 +++-------- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl | 129 ---------------- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h | 8 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i | 6 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp | 3 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp | 22 +++ TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h | 162 ++++++++++++++++++++ TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl | 165 +++++++++++++++++++++ TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h | 4 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.cpp | 19 +++ TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h | 66 +++++++++ TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp | 12 +- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h | 88 +++-------- TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl | 148 ------------------ 21 files changed, 695 insertions(+), 437 deletions(-) delete mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.cpp create mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h delete mode 100644 TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl diff --git a/TAO/ChangeLog b/TAO/ChangeLog index c1ccde02a85..f2b32af80c4 100644 --- a/TAO/ChangeLog +++ b/TAO/ChangeLog @@ -1,3 +1,76 @@ +Thu Aug 12 18:45:20 2004 Ossama Othman + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h + + Added new OpenSSL "SSL" data structure constructor parameter, + and accompanying cached member. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp + (ClientCredentials): + + Initialize new SSL data structure member with given SSL + argument. + + (parent_credentials, client_authentication, integrity): + + Implemented these methods. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp (ssliop_connect): + + Do not widen the retrieved OwnCredentials pointer to a + Credentials pointer. We really want to retain the narrower + interface for later use. Furthermore, it is more correct to + store an OwnCredentials reference in an endpoint rather than one + that has been widened to a Credentials reference. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp: + + Cosmetic updates. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp + (client_credentials): + + Pass the underlying SSL data structur to the ClientCredentials + constructor. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h: + + The types that were defined in these files are now implemented + in terms of the new TAO::SSLIOP::OpenSSL_st_T<> template. + Reduces code duplication and maintenance burden. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i: + + Cache and return an OwnCredentials reference, not a wider + Credentials reference. It is more correct to use the former. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl: + + New template used to implement a "_var" class for OpenSSL data + structures such as "X509, EVP_PKEY" and "SSL". + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h: + + Corrected typo in documentation. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h: + + New files containing TAO::SSLIOP::SSL_var typdef and + accompanying explicit template instantiations. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl: + + Removed these files. They are no longer used. + Thu Aug 12 17:52:36 2004 Ossama Othman * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp (operator==): diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp index b8da26d9d43..3ac4c70db99 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp @@ -1,6 +1,7 @@ // $Id$ #include "SSLIOP_ClientCredentials.h" +#include "SSLIOP_OwnCredentials.h" ACE_RCSID (SSLIOP, @@ -8,8 +9,12 @@ ACE_RCSID (SSLIOP, "$Id$") -TAO::SSLIOP::ClientCredentials::ClientCredentials (X509 *cert, EVP_PKEY *evp) - : SSLIOP_Credentials (cert, evp) +TAO::SSLIOP::ClientCredentials::ClientCredentials ( + X509 * cert, + EVP_PKEY *evp, + SSL * ssl) + : SSLIOP_Credentials (cert, evp), + ssl_ (TAO::SSLIOP::_duplicate (ssl)) { } @@ -81,34 +86,53 @@ SecurityLevel3::OwnCredentials_ptr TAO::SSLIOP::ClientCredentials::parent_credentials (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), - SecurityLevel3::OwnCredentials::_nil ()); + SecurityLevel3::OwnCredentials_ptr creds = + SecurityLevel3::OwnCredentials::_nil (); + + ACE_NEW_THROW_EX (creds, + TAO::SSLIOP::OwnCredentials ( + ::SSL_get_certificate (this->ssl_.in ()), + ::SSL_get_privatekey (this->ssl_.in ())), + CORBA::NO_MEMORY ()); + ACE_CHECK_RETURN (creds); + + return creds; } CORBA::Boolean -TAO::SSLIOP::ClientCredentials::client_authentication (ACE_ENV_SINGLE_ARG_DECL) +TAO::SSLIOP::ClientCredentials::client_authentication ( + ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); + // If the client presented no certificate (i.e. cert_.ptr() == 0), + // the client was not authenticated. Otherwise, verify the peer's + // certificate. + + return + this->x509_.in () != 0 + && SSL_get_verify_result (this->ssl_.in ()) == X509_V_OK; } CORBA::Boolean TAO::SSLIOP::ClientCredentials::target_authentication (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), false); } CORBA::Boolean TAO::SSLIOP::ClientCredentials::confidentiality (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), false); } CORBA::Boolean -TAO::SSLIOP::ClientCredentials::integrity (ACE_ENV_SINGLE_ARG_DECL) +TAO::SSLIOP::ClientCredentials::integrity (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); + // TAO's SSLIOP pluggable transport always provides integrity. Note + // that if we + + return true; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h index 06f37977679..aacb3c5a950 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h @@ -23,6 +23,7 @@ #endif /* ACE_LACKS_PRAGMA_ONCE */ #include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h" +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h" #include "orbsvcs/orbsvcs/SecurityLevel3C.h" @@ -35,6 +36,7 @@ #pragma warning(disable:4250) #endif /* _MSC_VER */ + namespace TAO { namespace SSLIOP @@ -53,7 +55,9 @@ namespace TAO public: /// Constructor - ClientCredentials (::X509 *cert, ::EVP_PKEY *evp); + ClientCredentials (::X509 * cert, + ::EVP_PKEY * evp, + ::SSL * ssl); /** * @name SecurityLevel3::Credentials Methods @@ -127,6 +131,12 @@ namespace TAO */ ~ClientCredentials (void); + private: + + /// Reference to the OpenSSL @c SSL data structure associated + /// with the current security context (e.g. SSL connection). + TAO::SSLIOP::SSL_var ssl_; + }; } // End SSLIOP namespace diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp index f38b37ef4bc..816b8829f44 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp @@ -370,7 +370,7 @@ TAO::SSLIOP::Connector::ssliop_connect ( // If the invocation wants integrity without confidentiality but the // server does not support "no protection," then it won't be - // possible provide integrity. In order to support integrity + // possible to provide integrity. In order to support integrity // without confidentiality, encryption must be disabled but secure // hashes must remain enabled. This is achieved using the "eNULL" // cipher. However, the "eNULL" cipher is only enabled on the @@ -515,7 +515,7 @@ TAO::SSLIOP::Connector::ssliop_connect ( ACE_THROW_RETURN (CORBA::INV_POLICY (), 0); } - TAO::SSLIOP::Credentials_var credentials = + TAO::SSLIOP::OwnCredentials_var credentials = this->retrieve_credentials (resolver->stub (), svc_handler->peer ().ssl () ACE_ENV_ARG_PARAMETER); @@ -725,6 +725,12 @@ TAO::SSLIOP::Connector::retrieve_credentials (TAO_Stub *stub, // Use the default certificate and private key, i.e. the one set // in the SSL_CTX that was used when creating the SSL data // structure. + + /** + * @todo Check if the CredentialsCurator contains a default set + * of SSLIOP OwnCredentials. + */ + TAO::SSLIOP::OwnCredentials_ptr & c = ssliop_credentials.out (); ACE_NEW_THROW_EX (c, TAO::SSLIOP::OwnCredentials ( diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp index 0b458f46647..779a979e9e8 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp @@ -114,7 +114,7 @@ TAO::SSLIOP::Current::setup (TAO::SSLIOP::Current_Impl *&prev_impl, void TAO::SSLIOP::Current::teardown (TAO::SSLIOP::Current_Impl *prev_impl, - bool &setup_done) + bool &setup_done) { if (setup_done) { diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp index ee65fa48380..eb7ff19899a 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp @@ -34,7 +34,9 @@ TAO::SSLIOP::Current_Impl::client_credentials ( SecurityLevel3::ClientCredentials_ptr creds; ACE_NEW_THROW_EX (creds, - TAO::SSLIOP::ClientCredentials (cert.in (), 0), + TAO::SSLIOP::ClientCredentials (cert.in (), + 0, + this->ssl_), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp index 2f461de27f1..df7560b41f0 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp @@ -8,6 +8,70 @@ ACE_RCSID (SSLIOP, "$Id$") -#if !defined (__ACE_INLINE__) -#include "SSLIOP_EVP_PKEY.inl" -#endif /* !__ACE_INLINE__ */ +::EVP_PKEY * +TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::copy (::EVP_PKEY const & key) +{ + ::EVP_PKEY * pkey = const_cast< ::EVP_PKEY *> (&key); + + // We're using the EVP_PKEY_var even though it depends on this + // trait function. This works since we're not actually using + // any of the EVP_PKEY_var methods that call this copy() + // trait. This allows us to maintain exception safety. + TAO::SSLIOP::EVP_PKEY_var p = ::EVP_PKEY_new (); + + switch (::EVP_PKEY_type (pkey->type)) + { + case EVP_PKEY_RSA: + { + RSA * rsa = ::EVP_PKEY_get1_RSA (pkey); + if (rsa != 0) + { + // Not exception safe! + ::EVP_PKEY_set1_RSA (p.in (), ::RSAPrivateKey_dup (rsa)); + ::RSA_free (rsa); + } + } + break; + + case EVP_PKEY_DSA: + { + DSA * dsa = ::EVP_PKEY_get1_DSA (pkey); + if (dsa != 0) + { + // Not exception safe! + ::EVP_PKEY_set1_DSA (p.in (), DSAparams_dup (dsa)); + ::DSA_free (dsa); + } + } + break; + + case EVP_PKEY_DH: + { + DH * dh = ::EVP_PKEY_get1_DH (pkey); + if (dh != 0) + { + // Not exception safe! + ::EVP_PKEY_set1_DH (p.in (), DHparams_dup (dh)); + ::DH_free (dh); + } + } + break; + + default: + // We should never get here! + return 0; + } + + return p._retn (); +} + + +#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) + +template class TAO::SSLIOP::OpenSSL_st_var< ::EVP_PKEY >; + +#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) + +# pragma instantiate TAO::SSLIOP::OpenSSL_st_var< ::EVP_PKEY > + +#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h index a316efd37c7..cfd1384aebf 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h @@ -6,7 +6,7 @@ * * $Id$ * - * @author Ossama Othman + * @author Ossama Othman */ //============================================================================= @@ -21,83 +21,40 @@ #pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "tao/varbase.h" +#include "SSLIOP_OpenSSL_st_T.h" #include #include + namespace TAO { namespace SSLIOP { - /** - * @name CORBA-style Reference Count Manipulation Methods - */ - /// Increase the reference count on the given EVP_PKEY structure. - ::EVP_PKEY *_duplicate (::EVP_PKEY *key); - - /// Decrease the reference count on the given EVP_PKEY structure. - void release (::EVP_PKEY *key); - - /** - * @class EVP_PKEY_var - * - * @brief "_var" class for the OpenSSL @param EVP_PKEY structure. - * - * This class is simply used to make operations on instances of - * the OpenSSL @param EVP_PKEY structures exception safe. It is - * only used internally by the SSLIOP pluggable protocol. - */ - class EVP_PKEY_var : private TAO_Base_var + // OpenSSL @c EVP_PKEY structure traits specialization. + template <> + struct OpenSSL_traits< ::EVP_PKEY > { - public: - - /** - * @name Constructors - */ - //@{ - EVP_PKEY_var (void); - EVP_PKEY_var (::EVP_PKEY *x); - EVP_PKEY_var (const EVP_PKEY_var &); - //@} - - /// Destructor - ~EVP_PKEY_var (void); - - EVP_PKEY_var &operator= (::EVP_PKEY *); - EVP_PKEY_var &operator= (const EVP_PKEY_var &); - const ::EVP_PKEY *operator-> (void) const; - ::EVP_PKEY *operator-> (void); - - operator const ::EVP_PKEY &() const; - operator ::EVP_PKEY &(); - - ::EVP_PKEY *in (void) const; - ::EVP_PKEY *&inout (void); - ::EVP_PKEY *&out (void); - ::EVP_PKEY *_retn (void); - ::EVP_PKEY *ptr (void) const; - - private: - - // Unimplemented - prevents widening assignment. - EVP_PKEY_var (const TAO_Base_var &rhs); - EVP_PKEY_var &operator= (const TAO_Base_var &rhs); - - private: - - /// The OpenSSL @c EVP_PKEY structure that represents a private - /// key. - ::EVP_PKEY *evp_; - + /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference + /// count manipulation function. + static const long LOCK_ID = CRYPTO_LOCK_EVP_PKEY; + + /// Perform deep copy of the given OpenSSL structure. + static ::EVP_PKEY * copy (::EVP_PKEY const & key); + + /// Decrease the reference count on the given OpenSSL + /// structure. + static void release (::EVP_PKEY * st) + { + ::EVP_PKEY_free (st); + } }; + typedef OpenSSL_st_var< ::EVP_PKEY > EVP_PKEY_var; + } // End SSLIOP namespace. } // End TAO namespace. -#if defined (__ACE_INLINE__) -#include "SSLIOP_EVP_PKEY.inl" -#endif /* __ACE_INLINE__ */ #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl deleted file mode 100644 index e20b30e774d..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl +++ /dev/null @@ -1,129 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -ACE_INLINE ::EVP_PKEY * -TAO::SSLIOP::_duplicate (::EVP_PKEY *key) -{ - // OpenSSL provides no function to increase the reference count on - // the EVP_PKEY structure, so we do it manually. - if (key != 0) - CRYPTO_add (&(key->references), 1, CRYPTO_LOCK_EVP_PKEY); - - return key; -} - -ACE_INLINE void -TAO::SSLIOP::release (::EVP_PKEY *key) -{ - // OpenSSL's EVP_PKEY_free() function already handles reference - // counting properly. - ::EVP_PKEY_free (key); -} - - -// ------------------------------------------------------------------- - -ACE_INLINE -TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (void) - : evp_ (0) -{ -} - -ACE_INLINE -TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (::EVP_PKEY *x) - : evp_ (x) -{ -} - -ACE_INLINE -TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (const TAO::SSLIOP::EVP_PKEY_var &p) - : TAO_Base_var (), - evp_ (TAO::SSLIOP::_duplicate (p.ptr ())) -{ -} - -ACE_INLINE -TAO::SSLIOP::EVP_PKEY_var::~EVP_PKEY_var (void) -{ - TAO::SSLIOP::release (this->evp_); -} - -ACE_INLINE TAO::SSLIOP::EVP_PKEY_var & -TAO::SSLIOP::EVP_PKEY_var::operator= (::EVP_PKEY *p) -{ - TAO::SSLIOP::release (this->evp_); - this->evp_ = p; - return *this; -} - -ACE_INLINE TAO::SSLIOP::EVP_PKEY_var & -TAO::SSLIOP::EVP_PKEY_var::operator= (const TAO::SSLIOP::EVP_PKEY_var &p) -{ - if (this != &p) - { - TAO::SSLIOP::release (this->evp_); - this->evp_ = TAO::SSLIOP::_duplicate (p.ptr ()); - } - - return *this; -} - -ACE_INLINE const ::EVP_PKEY * -TAO::SSLIOP::EVP_PKEY_var::operator-> (void) const -{ - return this->evp_; -} - -ACE_INLINE ::EVP_PKEY * -TAO::SSLIOP::EVP_PKEY_var::operator-> (void) -{ - return this->evp_; -} - -ACE_INLINE -TAO::SSLIOP::EVP_PKEY_var::operator const ::EVP_PKEY &() const -{ - return *this->evp_; -} - -ACE_INLINE -TAO::SSLIOP::EVP_PKEY_var::operator ::EVP_PKEY &() -{ - return *this->evp_; -} - -ACE_INLINE ::EVP_PKEY * -TAO::SSLIOP::EVP_PKEY_var::in (void) const -{ - return this->evp_; -} - -ACE_INLINE ::EVP_PKEY *& -TAO::SSLIOP::EVP_PKEY_var::inout (void) -{ - return this->evp_; -} - -ACE_INLINE ::EVP_PKEY *& -TAO::SSLIOP::EVP_PKEY_var::out (void) -{ - EVP_PKEY_free (this->evp_); - this->evp_ = 0; - return this->evp_; -} - -ACE_INLINE ::EVP_PKEY * -TAO::SSLIOP::EVP_PKEY_var::_retn (void) -{ - // Yield ownership of the EVP_PKEY structure. - ::EVP_PKEY *x = this->evp_; - this->evp_ = 0; - return x; -} - -ACE_INLINE ::EVP_PKEY * -TAO::SSLIOP::EVP_PKEY_var::ptr (void) const -{ - return this->evp_; -} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h index efbc96a362b..05456cc7c54 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h @@ -24,7 +24,7 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "SSLIOP_Credentials.h" +#include "SSLIOP_OwnCredentials.h" #include "orbsvcs/orbsvcs/SSLIOPC.h" #include "orbsvcs/orbsvcs/SecurityC.h" @@ -123,7 +123,7 @@ namespace TAO ::Security::EstablishTrust trust (void) const; /// Set the credentials for this endpoint. - void credentials (TAO::SSLIOP::Credentials_ptr creds); + void credentials (TAO::SSLIOP::OwnCredentials_ptr creds); /// Get the credentials for this endpoint. /** @@ -133,7 +133,7 @@ namespace TAO * that no additional locks occur when checking the * transport cache. */ - TAO::SSLIOP_Credentials * credentials (void) const; + TAO::SSLIOP::OwnCredentials * credentials (void) const; //@} private: @@ -169,7 +169,7 @@ namespace TAO ::Security::EstablishTrust trust_; /// SSLIOP-specific credentials for this endpoint object. - TAO::SSLIOP::Credentials_var credentials_; + TAO::SSLIOP::OwnCredentials_var credentials_; }; diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i index 07094162893..4fa34d67f41 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i @@ -68,12 +68,12 @@ TAO_SSLIOP_Endpoint::trust (void) const } ACE_INLINE void -TAO_SSLIOP_Endpoint::credentials (const TAO::SSLIOP::Credentials_ptr creds) +TAO_SSLIOP_Endpoint::credentials (const TAO::SSLIOP::OwnCredentials_ptr creds) { - this->credentials_ = TAO::SSLIOP_Credentials::_duplicate (creds); + this->credentials_ = TAO::SSLIOP::OwnCredentials::_duplicate (creds); } -ACE_INLINE TAO::SSLIOP_Credentials * +ACE_INLINE TAO::SSLIOP::OwnCredentials * TAO_SSLIOP_Endpoint::credentials (void) const { return this->credentials_.in (); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp index 390ab77de3c..48e4343961d 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp @@ -74,7 +74,7 @@ TAO::SSLIOP::Protocol_Factory::make_acceptor (void) int TAO::SSLIOP::Protocol_Factory::init (int argc, - char* argv[]) + char* argv[]) { char *certificate_path = 0; char *private_key_path = 0; @@ -473,6 +473,7 @@ TAO::SSLIOP::Protocol_Factory::requires_explicit_endpoint (void) const return 0; } + ACE_STATIC_SVC_DEFINE (TAO_SSLIOP_Protocol_Factory, ACE_TEXT ("SSLIOP_Factory"), ACE_SVC_OBJ_T, diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp new file mode 100644 index 00000000000..0bf1723c320 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp @@ -0,0 +1,22 @@ +// $Id$ + +#ifndef TAO_SSLIOP_OPENSSL_ST_T_CPP +#define TAO_SSLIOP_OPENSSL_ST_T_CPP + +#include "SSLIOP_OpenSSL_st_T.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + + +ACE_RCSID (SSLIOP, + SSLIOP_OpenSSL_st_T, + "$Id$") + + +#if !defined (__ACE_INLINE__) +#include "SSLIOP_OpenSSL_st_T.inl" +#endif /* !__ACE_INLINE__ */ + +#endif /* TAO_SSLIOP_OPENSSL_ST_T_CPP */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h new file mode 100644 index 00000000000..52a87cb6707 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h @@ -0,0 +1,162 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SSLIOP_OpenSSL_st_T.h + * + * $Id$ + * + * @author Ossama Othman + */ +//============================================================================= + +#ifndef TAO_SSLIOP_OPENSSL_ST_T_H +#define TAO_SSLIOP_OPENSSL_ST_T_H + +#include /**/ "ace/pre.h" + +#include "ace/config-all.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +#pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "tao/varbase.h" + + +namespace TAO +{ + namespace SSLIOP + { + /** + * @class OpenSSL_traits + * + * @brief Template traits class for OpenSSL data structures. + * + * Template traits class containing constants and functions + * specific to a given OpenSSL data structure. + */ + template + struct OpenSSL_traits + { + /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference + /// count manipulation function. + static const long LOCK_ID = -1; + + /// Perform deep copy of the given OpenSSL structure. + static T * copy (T const & st) + { + // Unimplemented. + + return 0; + } + + /// Decrease the reference count on the given OpenSSL + /// structure. + static void release (T * st) + { + // Unimplemented. + } + }; + + /** + * @name CORBA-style Reference Count Manipulation Methods + * + * These reference count manipulation methods are generally + * specific to OpenSSL structures. + */ + /// Increase the reference count on the given OpenSSL structure. + template + T * _duplicate (T * st); + + /// Deep copy the given OpenSSL structure. + template + T * copy (T * st); + + /// Decrease the reference count on the given OpenSSL structure. + template + void release (T * st); + + /** + * @class OpenSSL_st_var + * + * @brief "_var" class for the OpenSSL @param T structure. + * + * This class is simply used to make operations on instances of + * the OpenSSL @c T structure exception safe. It is only used + * internally by the SSLIOP pluggable transport. + */ + template + class OpenSSL_st_var : private TAO_Base_var + { + public: + + /** + * @name Constructors + * + * Constructors. + */ + //@{ + OpenSSL_st_var (void); + OpenSSL_st_var (T * st); + OpenSSL_st_var (OpenSSL_st_var const & v); + OpenSSL_st_var (T const & st); + //@} + + /// Destructor + ~OpenSSL_st_var (void); + + /** + * @name Assignment operators. + * + * Assignment operators. + */ + //@{ + OpenSSL_st_var & operator= (T* st); + OpenSSL_st_var & operator= (OpenSSL_st_var const & v); + OpenSSL_st_var & operator= (T const & st); + //@} + + T const * operator-> (void) const; + T* operator-> (void); + + operator const T& () const; + operator T& (); + + T* in (void) const; + T*& inout (void); + T*& out (void); + T* _retn (void); + T* ptr (void) const; + + private: + + // Unimplemented - prevents widening assignment. + OpenSSL_st_var (const TAO_Base_var &rhs); + OpenSSL_st_var &operator= (const TAO_Base_var &rhs); + + private: + + /// The OpenSSL structure whose reference count is managed. + T * st_; + + }; + } // End SSLIOP namespace. +} // End TAO namespace. + + +#if defined (__ACE_INLINE__) +#include "SSLIOP_OpenSSL_st_T.inl" +#endif /* __ACE_INLINE__ */ + +#if defined (ACE_TEMPLATES_REQUIRE_SOURCE) +# include "SSLIOP_OpenSSL_st_T.cpp" +#endif /* ACE_TEMPLATES_REQUIRE_SOURCE */ + +#if defined (ACE_TEMPLATES_REQUIRE_PRAGMA) +# pragma implementation ("SSLIOP_OpenSSL_st_T.cpp") +#endif /* ACE_TEMPLATES_REQUIRE_PRAGMA */ + +#include /**/ "ace/post.h" + +#endif /* TAO_SSLIOP_OPENSSL_ST_T_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl new file mode 100644 index 00000000000..e9a15927af1 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl @@ -0,0 +1,165 @@ +// -*- C++ -*- +// +// $Id$ + + +#include + + +template ACE_INLINE T * +TAO::SSLIOP::_duplicate (T * st) +{ + // Shallow copy. + + // OpenSSL provides no structure-specific functions to increase the + // reference count on the structure it defines, so we do it + // manually. + if (st != 0) + CRYPTO_add (&(st->references), + 1, + TAO::SSLIOP::OpenSSL_traits::LOCK_ID); + + return st; +} + +template ACE_INLINE T * +TAO::SSLIOP::copy (T const & st) +{ + // Deep copy. + return TAO::SSLIOP::OpenSSL_traits::copy (st); +} + +template ACE_INLINE void +TAO::SSLIOP::release (T * st) +{ + TAO::SSLIOP::OpenSSL_traits::release (st); +} + +// ------------------------------------------------------------------- + +template ACE_INLINE +TAO::SSLIOP::OpenSSL_st_var::OpenSSL_st_var (void) + : TAO_Base_var (), + st_ (0) +{ +} + +template ACE_INLINE +TAO::SSLIOP::OpenSSL_st_var::OpenSSL_st_var (T * st) + : TAO_Base_var (), + st_ (st) +{ +} + +template ACE_INLINE +TAO::SSLIOP::OpenSSL_st_var::OpenSSL_st_var ( + TAO::SSLIOP::OpenSSL_st_var const & st) + : TAO_Base_var (), + st_ (TAO::SSLIOP::_duplicate (st.ptr ())) +{ +} + +template ACE_INLINE +TAO::SSLIOP::OpenSSL_st_var::OpenSSL_st_var (T const & st) + : TAO_Base_var (), + st_ (TAO::SSLIOP::copy (st)) +{ +} + +template ACE_INLINE +TAO::SSLIOP::OpenSSL_st_var::~OpenSSL_st_var (void) +{ + TAO::SSLIOP::release (this->st_); +} + +template ACE_INLINE TAO::SSLIOP::OpenSSL_st_var & +TAO::SSLIOP::OpenSSL_st_var::operator= (T * st) +{ + TAO::SSLIOP::release (this->st_); + this->st_ = st; + return *this; +} + +template ACE_INLINE TAO::SSLIOP::OpenSSL_st_var & +TAO::SSLIOP::OpenSSL_st_var::operator= ( + TAO::SSLIOP::OpenSSL_st_var const & st) +{ + if (this != &st) + { + TAO::SSLIOP::release (this->st_); + this->st_ = TAO::SSLIOP::_duplicate (st.ptr ()); + } + + return *this; +} + +template ACE_INLINE TAO::SSLIOP::OpenSSL_st_var & +TAO::SSLIOP::OpenSSL_st_var::operator= (T const & st) +{ + if (this->st_ != &st) + { + TAO::SSLIOP::release (this->st_); + this->st_ = TAO::SSLIOP::copy (st); + } + + return *this; +} + +template ACE_INLINE T const * +TAO::SSLIOP::OpenSSL_st_var::operator-> (void) const +{ + return this->st_; +} + +template ACE_INLINE T * +TAO::SSLIOP::OpenSSL_st_var::operator-> (void) +{ + return this->st_; +} + +template ACE_INLINE +TAO::SSLIOP::OpenSSL_st_var::operator T const &() const +{ + return *this->st_; +} + +template ACE_INLINE +TAO::SSLIOP::OpenSSL_st_var::operator T &() +{ + return *this->st_; +} + +template ACE_INLINE T * +TAO::SSLIOP::OpenSSL_st_var::in (void) const +{ + return this->st_; +} + +template ACE_INLINE T *& +TAO::SSLIOP::OpenSSL_st_var::inout (void) +{ + return this->st_; +} + +template ACE_INLINE T *& +TAO::SSLIOP::OpenSSL_st_var::out (void) +{ + TAO::SSLIOP::release (this->st_); + this->st_ = 0; + return this->st_; +} + +template ACE_INLINE T * +TAO::SSLIOP::OpenSSL_st_var::_retn (void) +{ + // Yield ownership of the OpenSSL structure. + T * st = this->st_; + this->st_ = 0; + return st; +} + +template ACE_INLINE T * +TAO::SSLIOP::OpenSSL_st_var::ptr (void) const +{ + return this->st_; +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h index b608c80917b..2dfed018858 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h @@ -43,8 +43,8 @@ namespace TAO /** * @class OwnCredentials * - * @brief Credentials representing the our identity, not our - * peer's identity. + * @brief Credentials representing our identity, not our peer's + * identity. * * @c OwnCredentials are a representation of our identity, not our * peer's identity. diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.cpp new file mode 100644 index 00000000000..e3a35b326dd --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.cpp @@ -0,0 +1,19 @@ +// $Id$ + +#include "SSLIOP_SSL.h" + + +ACE_RCSID (SSLIOP, + SSLIOP_SSL, + "$Id$") + + +#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) + +template class TAO::SSLIOP::OpenSSL_st_var< ::SSL >; + +#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) + +# pragma instantiate TAO::SSLIOP::OpenSSL_st_var< ::SSL > + +#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h new file mode 100644 index 00000000000..2506e8642ce --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h @@ -0,0 +1,66 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SSLIOP_SSL.h + * + * OpenSSL @c SSL data structure specializations and typedefs. + * + * $Id$ + * + * @author Ossama Othman + */ +//============================================================================= + +#ifndef TAO_SSLIOP_SSL_H +#define TAO_SSLIOP_SSL_H + +#include /**/ "ace/pre.h" + +#include "ace/config-all.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +#pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "SSLIOP_OpenSSL_st_T.h" + +#include +#include + + +namespace TAO +{ + namespace SSLIOP + { + // OpenSSL @c SSL structure traits specialization. + template <> + struct OpenSSL_traits< ::SSL > + { + /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference + /// count manipulation function. + static const long LOCK_ID = CRYPTO_LOCK_SSL; + + /// Perform deep copy of the given OpenSSL structure. + static ::SSL * copy (::SSL const & st) + { + return ::SSL_dup (const_cast< ::SSL * > (&st)); + } + + /// Decrease the reference count on the given OpenSSL + /// structure. + static void release (::SSL * st) + { + ::SSL_free (st); + } + }; + + typedef OpenSSL_st_var< ::SSL > SSL_var; + + } // End SSLIOP namespace. +} // End TAO namespace. + + +#include /**/ "ace/post.h" + +#endif /* TAO_SSLIOP_SSL_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp index d16a4418066..036b2043a81 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp @@ -6,6 +6,12 @@ ACE_RCSID (SSLIOP, "$Id$") -#if !defined (__ACE_INLINE__) -#include "SSLIOP_X509.inl" -#endif /* !__ACE_INLINE__ */ +#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) + +template class TAO::SSLIOP::OpenSSL_st_var< ::X509 >; + +#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) + +# pragma instantiate TAO::SSLIOP::OpenSSL_st_var< ::X509 > + +#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h index e80e4383d4f..06d44dd9204 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h @@ -21,86 +21,44 @@ #pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "tao/varbase.h" +#include "SSLIOP_OpenSSL_st_T.h" #include #include + namespace TAO { namespace SSLIOP { - /** - * @name CORBA-style Reference Count Manipulation Methods - */ - /// Increase the reference count on the given X509 structure. - ::X509 *_duplicate (::X509 *cert); - - /// Decrease the reference count on the given X509 structure. - void release (::X509 *cert); - - /** - * @class X509_var - * - * @brief "_var" class for the OpenSSL @param X509 structure. - * - * This class is simply used to make operations on instances of - * the OpenSSL @c X509 structures exception safe. It is only used - * internally by the SSLIOP pluggable protocol. - */ - class X509_var : private TAO_Base_var + // OpenSSL @c X509 structure traits specialization. + template <> + struct OpenSSL_traits< ::X509 > { - public: - - /** - * @name Constructors - */ - //@{ - X509_var (void); - X509_var (::X509 *x); - X509_var (const X509_var &); - X509_var (const ::X509 &x); - //@} - - /// Destructor - ~X509_var (void); - - X509_var &operator= (::X509 *); - X509_var &operator= (const X509_var &); - X509_var &operator= (const ::X509 &); - const ::X509 *operator-> (void) const; - ::X509 *operator-> (void); - - operator const ::X509 &() const; - operator ::X509 &(); - - ::X509 *in (void) const; - ::X509 *&inout (void); - ::X509 *&out (void); - ::X509 *_retn (void); - ::X509 *ptr (void) const; - - private: - - // Unimplemented - prevents widening assignment. - X509_var (const TAO_Base_var &rhs); - X509_var &operator= (const TAO_Base_var &rhs); - - private: + /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference + /// count manipulation function. + static const long LOCK_ID = CRYPTO_LOCK_X509; + + /// Perform deep copy of the given OpenSSL structure. + static ::X509 * copy (::X509 const & st) + { + return ::X509_dup (const_cast< ::X509 *> (&st)); + } + + /// Decrease the reference count on the given OpenSSL + /// structure. + static void release (::X509 * st) + { + ::X509_free (st); + } + }; - /// The OpenSSL X509 structure that represents a X.509 certificate. - ::X509 *x509_; + typedef OpenSSL_st_var< ::X509 > X509_var; - }; } // End SSLIOP namespace. } // End TAO namespace. -#if defined (__ACE_INLINE__) -#include "SSLIOP_X509.inl" -#endif /* __ACE_INLINE__ */ - - #include /**/ "ace/post.h" #endif /* TAO_SSLIOP_X509_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl deleted file mode 100644 index f45342d12a0..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl +++ /dev/null @@ -1,148 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -ACE_INLINE ::X509 * -TAO::SSLIOP::_duplicate (::X509 *cert) -{ - // OpenSSL provides no function to increase the reference count on - // the X509 structure, so we do it manually. (X509_dup() performs a - // deep copy, not a shallow copy.) - if (cert != 0) - CRYPTO_add (&(cert->references), 1, CRYPTO_LOCK_X509); - - return cert; -} - -ACE_INLINE void -TAO::SSLIOP::release (::X509 *cert) -{ - // OpenSSL's X509_free() function already handles reference counting - // properly. - ::X509_free (cert); -} - - -// ------------------------------------------------------------------- - -ACE_INLINE -TAO::SSLIOP::X509_var::X509_var (void) - : x509_ (0) -{ -} - -ACE_INLINE -TAO::SSLIOP::X509_var::X509_var (::X509 *x) - : x509_ (x) -{ -} - -ACE_INLINE -TAO::SSLIOP::X509_var::X509_var (const TAO::SSLIOP::X509_var &p) - : TAO_Base_var (), - x509_ (TAO::SSLIOP::_duplicate (p.ptr ())) -{ -} - -ACE_INLINE -TAO::SSLIOP::X509_var::X509_var (const ::X509 &p) -{ - this->x509_ = X509_dup (const_cast< ::X509 * > (&p)); -} - -ACE_INLINE -TAO::SSLIOP::X509_var::~X509_var (void) -{ - TAO::SSLIOP::release (this->x509_); -} - -ACE_INLINE TAO::SSLIOP::X509_var & -TAO::SSLIOP::X509_var::operator= (::X509 *p) -{ - TAO::SSLIOP::release (this->x509_); - this->x509_ = p; - return *this; -} - -ACE_INLINE ::TAO::SSLIOP::X509_var & -TAO::SSLIOP::X509_var::operator= (const ::TAO::SSLIOP::X509_var &p) -{ - if (this != &p) - { - TAO::SSLIOP::release (this->x509_); - this->x509_ = TAO::SSLIOP::_duplicate (p.ptr ()); - } - - return *this; -} - -ACE_INLINE TAO::SSLIOP::X509_var & -TAO::SSLIOP::X509_var::operator= (const ::X509 &p) -{ - if (this->x509_ != &p) - { - TAO::SSLIOP::release (this->x509_); - this->x509_ = X509_dup (const_cast< ::X509 * > (&p)); - } - - return *this; -} - -ACE_INLINE const ::X509 * -TAO::SSLIOP::X509_var::operator-> (void) const -{ - return this->x509_; -} - -ACE_INLINE ::X509 * -TAO::SSLIOP::X509_var::operator-> (void) -{ - return this->x509_; -} - -ACE_INLINE -TAO::SSLIOP::X509_var::operator const ::X509 &() const -{ - return *this->x509_; -} - -ACE_INLINE -TAO::SSLIOP::X509_var::operator ::X509 &() -{ - return *this->x509_; -} - -ACE_INLINE ::X509 * -TAO::SSLIOP::X509_var::in (void) const -{ - return this->x509_; -} - -ACE_INLINE ::X509 *& -TAO::SSLIOP::X509_var::inout (void) -{ - return this->x509_; -} - -ACE_INLINE ::X509 *& -TAO::SSLIOP::X509_var::out (void) -{ - X509_free (this->x509_); - this->x509_ = 0; - return this->x509_; -} - -ACE_INLINE ::X509 * -TAO::SSLIOP::X509_var::_retn (void) -{ - // Yield ownership of the X509 structure. - ::X509 *x = this->x509_; - this->x509_ = 0; - return x; -} - -ACE_INLINE ::X509 * -TAO::SSLIOP::X509_var::ptr (void) const -{ - return this->x509_; -} -- cgit v1.2.1