void
IceSSL::SSLEngine::initialize()
{
const string propPrefix = "IceSSL.";
const PropertiesPtr properties = communicator()->getProperties();
//
// CheckCertName determines whether we compare the name in a peer's
// certificate against its hostname.
//
_checkCertName = properties->getPropertyAsIntWithDefault(propPrefix + "CheckCertName", 0) > 0;
//
// VerifyDepthMax establishes the maximum length of a peer's certificate
// chain, including the peer's certificate. A value of 0 means there is
// no maximum.
//
_verifyDepthMax = properties->getPropertyAsIntWithDefault(propPrefix + "VerifyDepthMax", 3);
//
// VerifyPeer determines whether certificate validation failures abort a connection.
//
_verifyPeer = properties->getPropertyAsIntWithDefault(propPrefix + "VerifyPeer", 2);
if(_verifyPeer < 0 || _verifyPeer > 2)
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for " + propPrefix +
"VerifyPeer");
}
_securityTraceLevel = properties->getPropertyAsInt("IceSSL.Trace.Security");
_securityTraceCategory = "Security";
}
void
IceGrid::setupThreadPool(const PropertiesPtr& properties, const string& name, int size, int sizeMax, bool serialize)
{
if(properties->getPropertyAsIntWithDefault(name + ".Size", 0) < size)
{
ostringstream os;
os << size;
properties->setProperty(name + ".Size", os.str());
}
else
{
size = properties->getPropertyAsInt(name + ".Size");
}
if(sizeMax > 0 && properties->getPropertyAsIntWithDefault(name + ".SizeMax", 0) < sizeMax)
{
if(size >= sizeMax)
{
sizeMax = size * 10;
}
ostringstream os;
os << sizeMax;
properties->setProperty(name + ".SizeMax", os.str());
}
if(serialize)
{
properties->setProperty(name + ".Serialize", "1");
}
}
void Analyzer::reload(const PropertiesPtr& properties) {
MCE_INFO("Analyzer::reload type: " << type_);
int defaultmin = properties->getPropertyAsIntWithDefault("Analyzer."+type_+".Default.Min", INT_MIN);
int defaultmax = properties->getPropertyAsIntWithDefault("Analyzer."+type_+".Default.Max", INT_MAX);
int defaultmoremin = properties->getPropertyAsIntWithDefault("Analyzer."+type_+".Default.MoreMin", INT_MIN);
int defaultmoremax = properties->getPropertyAsIntWithDefault("Analyzer."+type_+".Default.MoreMax", INT_MAX);
LimiterPtr defaulter = new Limiter(defaultmoremin, defaultmin, defaultmax, defaultmoremax);
map<string, LimiterPtr> limits;
PropertyDict patterns = properties->getPropertiesForPrefix("Analyzer."+type_+".Patterns");
for (PropertyDict::iterator pattern = patterns.begin(); pattern != patterns.end(); ++pattern) {
vector<string> strings;
boost::algorithm::split(strings, pattern->second, boost::algorithm::is_any_of(" "));
limits[strings.at(0)]=new Limiter(lexical_cast<int>(strings.at(1)),lexical_cast<int>(strings.at(2)),lexical_cast<int>(strings.at(3)),lexical_cast<int>(strings.at(4)));
}
{
RWRecMutex::WLock lock(mutex_);
limits_ = limits;
default_ = defaulter;
}
MCE_DEBUG("Analyzer::reload done");
}
MetricsMapI::MetricsMapI(const std::string& mapPrefix, const PropertiesPtr& properties) :
_properties(properties->getPropertiesForPrefix(mapPrefix)),
_retain(properties->getPropertyAsIntWithDefault(mapPrefix + "RetainDetached", 10)),
_accept(parseRule(properties, mapPrefix + "Accept")),
_reject(parseRule(properties, mapPrefix + "Reject"))
{
validateProperties(mapPrefix, properties);
string groupBy = properties->getPropertyWithDefault(mapPrefix + "GroupBy", "id");
vector<string>& groupByAttributes = const_cast<vector<string>&>(_groupByAttributes);
vector<string>& groupBySeparators = const_cast<vector<string>&>(_groupBySeparators);
if(!groupBy.empty())
{
string v;
bool attribute = IceUtilInternal::isAlpha(groupBy[0]) || IceUtilInternal::isDigit(groupBy[0]);
if(!attribute)
{
groupByAttributes.push_back("");
}
for(string::const_iterator p = groupBy.begin(); p != groupBy.end(); ++p)
{
bool isAlphaNum = IceUtilInternal::isAlpha(*p) || IceUtilInternal::isDigit(*p) || *p == '.';
if(attribute && !isAlphaNum)
{
groupByAttributes.push_back(v);
v = *p;
attribute = false;
}
else if(!attribute && isAlphaNum)
{
groupBySeparators.push_back(v);
v = *p;
attribute = true;
}
else
{
v += *p;
}
}
if(attribute)
{
groupByAttributes.push_back(v);
}
else
{
groupBySeparators.push_back(v);
}
}
}
IceInternal::ThreadPool::ThreadPool(const InstancePtr& instance, const string& prefix, int timeout) :
_instance(instance),
_dispatcher(_instance->initializationData().dispatcher),
_destroyed(false),
_prefix(prefix),
_selector(instance),
_nextThreadId(0),
_size(0),
_sizeIO(0),
_sizeMax(0),
_sizeWarn(0),
_serialize(_instance->initializationData().properties->getPropertyAsInt(_prefix + ".Serialize") > 0),
_hasPriority(false),
_priority(0),
_serverIdleTime(timeout),
_threadIdleTime(0),
_stackSize(0),
_inUse(0),
#if !defined(ICE_USE_IOCP) && !defined(ICE_OS_WINRT)
_inUseIO(0),
_nextHandler(_handlers.end()),
#endif
_promote(true)
{
PropertiesPtr properties = _instance->initializationData().properties;
#ifndef ICE_OS_WINRT
# ifdef _WIN32
SYSTEM_INFO sysInfo;
GetSystemInfo(&sysInfo);
int nProcessors = sysInfo.dwNumberOfProcessors;
# else
int nProcessors = static_cast<int>(sysconf(_SC_NPROCESSORS_ONLN));
# endif
#endif
//
// We use just one thread as the default. This is the fastest
// possible setting, still allows one level of nesting, and
// doesn't require to make the servants thread safe.
//
int size = properties->getPropertyAsIntWithDefault(_prefix + ".Size", 1);
if(size < 1)
{
Warning out(_instance->initializationData().logger);
out << _prefix << ".Size < 1; Size adjusted to 1";
size = 1;
}
int sizeMax = properties->getPropertyAsIntWithDefault(_prefix + ".SizeMax", size);
#ifndef ICE_OS_WINRT
if(sizeMax == -1)
{
sizeMax = nProcessors;
}
#endif
if(sizeMax < size)
{
Warning out(_instance->initializationData().logger);
out << _prefix << ".SizeMax < " << _prefix << ".Size; SizeMax adjusted to Size (" << size << ")";
sizeMax = size;
}
int sizeWarn = properties->getPropertyAsInt(_prefix + ".SizeWarn");
if(sizeWarn != 0 && sizeWarn < size)
{
Warning out(_instance->initializationData().logger);
out << _prefix << ".SizeWarn < " << _prefix << ".Size; adjusted SizeWarn to Size (" << size << ")";
sizeWarn = size;
}
else if(sizeWarn > sizeMax)
{
Warning out(_instance->initializationData().logger);
out << _prefix << ".SizeWarn > " << _prefix << ".SizeMax; adjusted SizeWarn to SizeMax (" << sizeMax << ")";
sizeWarn = sizeMax;
}
int threadIdleTime = properties->getPropertyAsIntWithDefault(_prefix + ".ThreadIdleTime", 60);
if(threadIdleTime < 0)
{
Warning out(_instance->initializationData().logger);
out << _prefix << ".ThreadIdleTime < 0; ThreadIdleTime adjusted to 0";
threadIdleTime = 0;
}
const_cast<int&>(_size) = size;
const_cast<int&>(_sizeMax) = sizeMax;
const_cast<int&>(_sizeWarn) = sizeWarn;
#ifndef ICE_OS_WINRT
const_cast<int&>(_sizeIO) = min(sizeMax, nProcessors);
#else
const_cast<int&>(_sizeIO) = sizeMax;
#endif
const_cast<int&>(_threadIdleTime) = threadIdleTime;
#ifdef ICE_USE_IOCP
_selector.setup(_sizeIO);
#endif
int stackSize = properties->getPropertyAsInt(_prefix + ".StackSize");
if(stackSize < 0)
{
Warning out(_instance->initializationData().logger);
out << _prefix << ".StackSize < 0; Size adjusted to OS default";
stackSize = 0;
}
const_cast<size_t&>(_stackSize) = static_cast<size_t>(stackSize);
const_cast<bool&>(_hasPriority) = properties->getProperty(_prefix + ".ThreadPriority") != "";
const_cast<int&>(_priority) = properties->getPropertyAsInt(_prefix + ".ThreadPriority");
if(!_hasPriority)
{
const_cast<bool&>(_hasPriority) = properties->getProperty("Ice.ThreadPriority") != "";
const_cast<int&>(_priority) = properties->getPropertyAsInt("Ice.ThreadPriority");
}
_workQueue = new ThreadPoolWorkQueue(_instance, _selector);
if(_instance->traceLevels()->threadPool >= 1)
{
Trace out(_instance->initializationData().logger, _instance->traceLevels()->threadPoolCat);
out << "creating " << _prefix << ": Size = " << _size << ", SizeMax = " << _sizeMax << ", SizeWarn = "
<< _sizeWarn;
}
__setNoDelete(true);
try
{
for(int i = 0 ; i < _size ; ++i)
{
EventHandlerThreadPtr thread = new EventHandlerThread(this, nextThreadId());
if(_hasPriority)
{
thread->start(_stackSize, _priority);
}
else
{
thread->start(_stackSize);
}
_threads.insert(thread);
}
}
catch(const IceUtil::Exception& ex)
{
{
Error out(_instance->initializationData().logger);
out << "cannot create thread for `" << _prefix << "':\n" << ex;
}
destroy();
joinWithAllThreads();
__setNoDelete(false);
throw;
}
catch(...)
{
__setNoDelete(false);
throw;
}
__setNoDelete(false);
}
void
ServiceI::start(
const string& name,
const CommunicatorPtr& communicator,
const StringSeq& /*args*/)
{
PropertiesPtr properties = communicator->getProperties();
validateProperties(name, properties, communicator->getLogger());
int id = properties->getPropertyAsIntWithDefault(name + ".NodeId", -1);
// If we are using a replicated deployment and if the topic
// manager thread pool max size is not set then ensure it is set
// to some suitably high number. This ensures no deadlocks in the
// replicated case due to call forwarding from replicas to
// coordinators.
if(id != -1 && properties->getProperty(name + ".TopicManager.ThreadPool.SizeMax").empty())
{
properties->setProperty(name + ".TopicManager.ThreadPool.SizeMax", "100");
}
Ice::ObjectAdapterPtr topicAdapter = communicator->createObjectAdapter(name + ".TopicManager");
Ice::ObjectAdapterPtr publishAdapter = communicator->createObjectAdapter(name + ".Publish");
//
// We use the name of the service for the name of the database environment.
//
string instanceName = properties->getPropertyWithDefault(name + ".InstanceName", "IceStorm");
Identity topicManagerId;
topicManagerId.category = instanceName;
topicManagerId.name = "TopicManager";
if(properties->getPropertyAsIntWithDefault(name+ ".Transient", 0) > 0)
{
_instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter, 0);
try
{
TransientTopicManagerImplPtr manager = new TransientTopicManagerImpl(_instance);
_managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->add(manager, topicManagerId));
}
catch(const Ice::Exception& ex)
{
_instance = 0;
LoggerOutputBase s;
s << "exception while starting IceStorm service " << name << ":\n";
s << ex;
IceBox::FailureException e(__FILE__, __LINE__);
e.reason = s.str();
throw e;
}
topicAdapter->activate();
publishAdapter->activate();
return;
}
if(id == -1) // No replication.
{
_instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter);
try
{
_manager = new TopicManagerImpl(_instance);
_managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->add(_manager->getServant(), topicManagerId));
}
catch(const Ice::Exception& ex)
{
_instance = 0;
LoggerOutputBase s;
s << "exception while starting IceStorm service " << name << ":\n";
s << ex;
IceBox::FailureException e(__FILE__, __LINE__);
e.reason = s.str();
throw e;
}
}
else
{
// Here we want to create a map of id -> election node
// proxies.
map<int, NodePrx> nodes;
string topicManagerAdapterId = properties->getProperty(name + ".TopicManager.AdapterId");
// We support two possible deployments. The first is a manual
// deployment, the second is IceGrid.
//
// Here we check for the manual deployment
const string prefix = name + ".Nodes.";
Ice::PropertyDict props = properties->getPropertiesForPrefix(prefix);
if(!props.empty())
{
for(Ice::PropertyDict::const_iterator p = props.begin(); p != props.end(); ++p)
{
int nodeid = atoi(p->first.substr(prefix.size()).c_str());
nodes[nodeid] = NodePrx::uncheckedCast(communicator->propertyToProxy(p->first));
}
}
else
{
// If adapter id's are defined for the topic manager or
// node adapters then we consider this an IceGrid based
// deployment.
string nodeAdapterId = properties->getProperty(name + ".Node.AdapterId");
// Validate first that the adapter ids match for the node
// and the topic manager otherwise some other deployment
// is being used.
const string suffix = ".TopicManager";
if(topicManagerAdapterId.empty() || nodeAdapterId.empty() ||
topicManagerAdapterId.replace(
topicManagerAdapterId.find(suffix), suffix.size(), ".Node") != nodeAdapterId)
{
Ice::Error error(communicator->getLogger());
error << "deployment error: `" << topicManagerAdapterId << "' prefix does not match `"
<< nodeAdapterId << "'";
throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect");
}
// Determine the set of node id and node proxies.
//
// This is determined by locating all topic manager
// replicas, and then working out the node for that
// replica.
//
// We work out the node id by removing the instance
// name. The node id must follow.
//
IceGrid::LocatorPrx locator = IceGrid::LocatorPrx::checkedCast(communicator->getDefaultLocator());
assert(locator);
IceGrid::QueryPrx query = locator->getLocalQuery();
Ice::ObjectProxySeq replicas = query->findAllReplicas(
communicator->stringToProxy(instanceName + "/TopicManager"));
for(Ice::ObjectProxySeq::const_iterator p = replicas.begin(); p != replicas.end(); ++p)
{
string adapterid = (*p)->ice_getAdapterId();
// Replace TopicManager with the node endpoint.
adapterid = adapterid.replace(adapterid.find(suffix), suffix.size(), ".Node");
// The adapter id must start with the instance name.
if(adapterid.find(instanceName) != 0)
{
Ice::Error error(communicator->getLogger());
error << "deployment error: `" << adapterid << "' does not start with `" << instanceName << "'";
throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect");
}
// The node id follows. We find the first digit (the
// start of the node id, and then the end of the
// digits).
string::size_type start = instanceName.size();
while(start < adapterid.size() && !IceUtilInternal::isDigit(adapterid[start]))
{
++start;
}
string::size_type end = start;
while(end < adapterid.size() && IceUtilInternal::isDigit(adapterid[end]))
{
++end;
}
if(start == end)
{
// We must have at least one digit, otherwise there is
// some sort of deployment error.
Ice::Error error(communicator->getLogger());
error << "deployment error: node id does not follow instance name. instance name:"
<< instanceName << " adapter id: " << adapterid;
throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect");
}
int nodeid = atoi(adapterid.substr(start, end-start).c_str());
ostringstream os;
os << "node" << nodeid;
Ice::Identity id;
id.category = instanceName;
id.name = os.str();
nodes[nodeid] = NodePrx::uncheckedCast((*p)->ice_adapterId(adapterid)->ice_identity(id));
}
}
if(nodes.size() < 3)
{
Ice::Error error(communicator->getLogger());
error << "Replication requires at least 3 Nodes";
throw IceBox::FailureException(__FILE__, __LINE__, "Replication requires at least 3 Nodes");
}
try
{
// If the node thread pool size is not set then initialize
// to the number of nodes + 1 and disable thread pool size
// warnings.
if(properties->getProperty(name + ".Node.ThreadPool.Size").empty())
{
ostringstream os;
os << nodes.size() + 1;
properties->setProperty(name + ".Node.ThreadPool.Size", os.str());
properties->setProperty(name + ".Node.ThreadPool.SizeWarn", "0");
}
if(properties->getProperty(name + ".Node.MessageSizeMax").empty())
{
properties->setProperty(name + ".Node.MessageSizeMax", "0"); // No limit on data exchanged internally
}
Ice::ObjectAdapterPtr nodeAdapter = communicator->createObjectAdapter(name + ".Node");
_instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter,
nodeAdapter, nodes[id]);
_instance->observers()->setMajority(static_cast<unsigned int>(nodes.size())/2);
// Trace replication information.
TraceLevelsPtr traceLevels = _instance->traceLevels();
if(traceLevels->election > 0)
{
Ice::Trace out(traceLevels->logger, traceLevels->electionCat);
out << "I am node " << id << "\n";
for(map<int, NodePrx>::const_iterator p = nodes.begin(); p != nodes.end(); ++p)
{
out << "\tnode: " << p->first << " proxy: " << p->second->ice_toString() << "\n";
}
}
if(topicManagerAdapterId.empty())
{
// We're not using an IceGrid deployment. Here we need
// a proxy which is used to create proxies to the
// replicas later.
_managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->createProxy(topicManagerId));
}
else
{
// If we're using IceGrid deployment we need to create
// indirect proxies.
_managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->createIndirectProxy(topicManagerId));
}
_manager = new TopicManagerImpl(_instance);
topicAdapter->add(_manager->getServant(), topicManagerId);
ostringstream os; // The node object identity.
os << "node" << id;
Ice::Identity nodeid;
nodeid.category = instanceName;
nodeid.name = os.str();
NodeIPtr node = new NodeI(_instance, _manager, _managerProxy, id, nodes);
_instance->setNode(node);
nodeAdapter->add(node, nodeid);
nodeAdapter->activate();
node->start();
}
catch(const Ice::Exception& ex)
{
_instance = 0;
LoggerOutputBase s;
s << "exception while starting IceStorm service " << name << ":\n";
s << ex;
IceBox::FailureException e(__FILE__, __LINE__);
e.reason = s.str();
throw e;
}
}
topicAdapter->add(new FinderI(TopicManagerPrx::uncheckedCast(topicAdapter->createProxy(topicManagerId))),
communicator->stringToIdentity("IceStorm/Finder"));
topicAdapter->activate();
publishAdapter->activate();
}
bool
RouterService::start(int argc, char* argv[], int& status)
{
bool nowarn;
IceUtilInternal::Options opts;
opts.addOpt("h", "help");
opts.addOpt("v", "version");
opts.addOpt("", "nowarn");
vector<string> args;
try
{
args = opts.parse(argc, const_cast<const char**>(argv));
}
catch(const IceUtilInternal::BadOptException& e)
{
error(e.reason);
usage(argv[0]);
return false;
}
if(opts.isSet("help"))
{
usage(argv[0]);
status = EXIT_SUCCESS;
return false;
}
if(opts.isSet("version"))
{
print(ICE_STRING_VERSION);
status = EXIT_SUCCESS;
return false;
}
nowarn = opts.isSet("nowarn");
if(!args.empty())
{
consoleErr << argv[0] << ": too many arguments" << endl;
usage(argv[0]);
return false;
}
PropertiesPtr properties = communicator()->getProperties();
//
// Initialize the client object adapter.
//
const string clientEndpointsProperty = "Glacier2.Client.Endpoints";
if(properties->getProperty(clientEndpointsProperty).empty())
{
error("property `" + clientEndpointsProperty + "' is not set");
return false;
}
if(properties->getPropertyAsInt("Glacier2.SessionTimeout") > 0 &&
properties->getProperty("Glacier2.Client.ACM.Timeout").empty())
{
ostringstream os;
os << properties->getPropertyAsInt("Glacier2.SessionTimeout");
properties->setProperty("Glacier2.Client.ACM.Timeout", os.str());
}
if(properties->getProperty("Glacier2.Client.ACM.Close").empty())
{
properties->setProperty("Glacier2.Client.ACM.Close", "4"); // Forcefull close on invocation and idle.
}
ObjectAdapterPtr clientAdapter = communicator()->createObjectAdapter("Glacier2.Client");
//
// Initialize the server object adapter only if server endpoints
// are defined.
//
const string serverEndpointsProperty = "Glacier2.Server.Endpoints";
ObjectAdapterPtr serverAdapter;
if(!properties->getProperty(serverEndpointsProperty).empty())
{
serverAdapter = communicator()->createObjectAdapter("Glacier2.Server");
}
string instanceName = communicator()->getProperties()->getPropertyWithDefault("Glacier2.InstanceName", "Glacier2");
vector<string> verifierProperties;
verifierProperties.push_back("Glacier2.PermissionsVerifier");
verifierProperties.push_back("Glacier2.SSLPermissionsVerifier");
Glacier2Internal::setupNullPermissionsVerifier(communicator(), instanceName, verifierProperties);
string verifierProperty = verifierProperties[0];
PermissionsVerifierPrx verifier;
ObjectPrx obj;
try
{
//
// We use propertyToProxy instead of stringToProxy because the property
// can provide proxy attributes
//
obj = communicator()->propertyToProxy(verifierProperty);
}
catch(const std::exception& ex)
{
ServiceError err(this);
err << "permissions verifier `" << communicator()->getProperties()->getProperty(verifierProperty)
<< "' is invalid:\n" << ex;
return false;
}
if(obj)
{
try
{
verifier = PermissionsVerifierPrx::checkedCast(obj);
if(!verifier)
{
ServiceError err(this);
err << "permissions verifier `" << communicator()->getProperties()->getProperty(verifierProperty)
<< "' is invalid";
return false;
}
}
catch(const Ice::Exception& ex)
{
if(!nowarn)
{
ServiceWarning warn(this);
warn << "unable to contact permissions verifier `"
<< communicator()->getProperties()->getProperty(verifierProperty) << "'\n" << ex;
}
verifier = PermissionsVerifierPrx::uncheckedCast(obj);
}
}
//
// Get the session manager if specified.
//
string sessionManagerProperty = "Glacier2.SessionManager";
string sessionManagerPropertyValue = properties->getProperty(sessionManagerProperty);
SessionManagerPrx sessionManager;
if(!sessionManagerPropertyValue.empty())
{
try
{
obj = communicator()->propertyToProxy(sessionManagerProperty);
}
catch(const std::exception& ex)
{
ServiceError err(this);
err << "session manager `" << sessionManagerPropertyValue << "' is invalid\n:" << ex;
return false;
}
try
{
sessionManager = SessionManagerPrx::checkedCast(obj);
if(!sessionManager)
{
error("session manager `" + sessionManagerPropertyValue + "' is invalid");
return false;
}
}
catch(const std::exception& ex)
{
if(!nowarn)
{
ServiceWarning warn(this);
warn << "unable to contact session manager `" << sessionManagerPropertyValue << "'\n" << ex;
}
sessionManager = SessionManagerPrx::uncheckedCast(obj);
}
sessionManager =
SessionManagerPrx::uncheckedCast(sessionManager->ice_connectionCached(false)->ice_locatorCacheTimeout(
properties->getPropertyAsIntWithDefault("Glacier2.SessionManager.LocatorCacheTimeout", 600)));
}
//
// Check for an SSL permissions verifier.
//
string sslVerifierProperty = verifierProperties[1];
SSLPermissionsVerifierPrx sslVerifier;
try
{
obj = communicator()->propertyToProxy(sslVerifierProperty);
}
catch(const std::exception& ex)
{
ServiceError err(this);
err << "ssl permissions verifier `" << communicator()->getProperties()->getProperty(sslVerifierProperty)
<< "' is invalid:\n" << ex;
return false;
}
if(obj)
{
try
{
sslVerifier = SSLPermissionsVerifierPrx::checkedCast(obj);
if(!sslVerifier)
{
ServiceError err(this);
err << "ssl permissions verifier `"
<< communicator()->getProperties()->getProperty(sslVerifierProperty)
<< "' is invalid";
}
}
catch(const Ice::Exception& ex)
{
if(!nowarn)
{
ServiceWarning warn(this);
warn << "unable to contact ssl permissions verifier `"
<< communicator()->getProperties()->getProperty(sslVerifierProperty) << "'\n"
<< ex;
}
sslVerifier = SSLPermissionsVerifierPrx::uncheckedCast(obj);
}
}
//
// Get the SSL session manager if specified.
//
string sslSessionManagerProperty = "Glacier2.SSLSessionManager";
string sslSessionManagerPropertyValue = properties->getProperty(sslSessionManagerProperty);
SSLSessionManagerPrx sslSessionManager;
if(!sslSessionManagerPropertyValue.empty())
{
try
{
obj = communicator()->propertyToProxy(sslSessionManagerProperty);
}
catch(const std::exception& ex)
{
ServiceError err(this);
err << "ssl session manager `" << sslSessionManagerPropertyValue << "' is invalid:\n" << ex;
return false;
}
try
{
sslSessionManager = SSLSessionManagerPrx::checkedCast(obj);
if(!sslSessionManager)
{
error("ssl session manager `" + sslSessionManagerPropertyValue + "' is invalid");
return false;
}
}
catch(const Ice::Exception& ex)
{
if(!nowarn)
{
ServiceWarning warn(this);
warn << "unable to contact ssl session manager `" << sslSessionManagerPropertyValue
<< "'\n" << ex;
}
sslSessionManager = SSLSessionManagerPrx::uncheckedCast(obj);
}
sslSessionManager =
SSLSessionManagerPrx::uncheckedCast(sslSessionManager->ice_connectionCached(false)->ice_locatorCacheTimeout(
properties->getPropertyAsIntWithDefault("Glacier2.SSLSessionManager.LocatorCacheTimeout", 600)));
}
if(!verifier && !sslVerifier)
{
error("Glacier2 requires a permissions verifier or password file");
return false;
}
//
// Create the instance object.
//
try
{
_instance = new Glacier2::Instance(communicator(), clientAdapter, serverAdapter);
}
catch(const Ice::InitializationException& ex)
{
error("Glacier2 initialization failed:\n" + ex.reason);
return false;
}
//
// Create the session router. The session router registers itself
// and all required servant locators, so no registration has to be
// done here.
//
_sessionRouter = new SessionRouterI(_instance, verifier, sessionManager, sslVerifier, sslSessionManager);
//
// Th session router is used directly as servant for the main
// Glacier2 router Ice object.
//
Identity routerId;
routerId.category = instanceName;
routerId.name = "router";
Glacier2::RouterPrx routerPrx = Glacier2::RouterPrx::uncheckedCast(clientAdapter->add(_sessionRouter, routerId));
//
// Add the Ice router finder object to allow retrieving the router
// proxy with just the endpoint information of the router.
//
Identity finderId;
finderId.category = "Ice";
finderId.name = "RouterFinder";
clientAdapter->add(new FinderI(routerPrx), finderId);
if(_instance->getObserver())
{
_instance->getObserver()->setObserverUpdater(_sessionRouter);
}
//
// Everything ok, let's go.
//
try
{
clientAdapter->activate();
if(serverAdapter)
{
serverAdapter->activate();
}
}
catch(const std::exception& ex)
{
{
ServiceError err(this);
err << "caught exception activating object adapters\n" << ex;
}
stop();
return false;
}
return true;
}
//
// Setup the engine.
//
void
IceSSL::SecureTransportEngine::initialize()
{
IceUtil::Mutex::Lock lock(_mutex);
if(_initialized)
{
return;
}
SSLEngine::initialize();
const PropertiesPtr properties = communicator()->getProperties();
//
// Check for a default directory. We look in this directory for
// files mentioned in the configuration.
//
const string defaultDir = properties->getProperty("IceSSL.DefaultDir");
//
// Load the CA certificates used to authenticate peers into
// _certificateAuthorities array.
//
try
{
string caFile = properties->getProperty("IceSSL.CAs");
if(caFile.empty())
{
caFile = properties->getProperty("IceSSL.CertAuthFile");
}
if(!caFile.empty())
{
string resolved;
if(!checkPath(caFile, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: CA certificate file not found:\n" + caFile);
}
_certificateAuthorities.reset(loadCACertificates(resolved));
}
else if(properties->getPropertyAsInt("IceSSL.UsePlatformCAs") <= 0)
{
// Setup an empty list of Root CAs to not use the system root CAs.
_certificateAuthorities.reset(CFArrayCreate(0, 0, 0, 0));
}
}
catch(const CertificateReadException& ce)
{
throw PluginInitializationException(__FILE__, __LINE__, ce.reason);
}
const string password = properties->getProperty("IceSSL.Password");
const int passwordRetryMax = properties->getPropertyAsIntWithDefault("IceSSL.PasswordRetryMax", 3);
PasswordPromptPtr passwordPrompt = getPasswordPrompt();
string certFile = properties->getProperty("IceSSL.CertFile");
string keyFile = properties->getProperty("IceSSL.KeyFile");
string findCert = properties->getProperty("IceSSL.FindCert");
string keychain = properties->getProperty("IceSSL.Keychain");
string keychainPassword = properties->getProperty("IceSSL.KeychainPassword");
if(!certFile.empty())
{
vector<string> files;
if(!IceUtilInternal::splitString(certFile, IceUtilInternal::pathsep, files) || files.size() > 2)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: invalid value for IceSSL.CertFile:\n" + certFile);
}
vector<string> keyFiles;
if(!keyFile.empty())
{
if(!IceUtilInternal::splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: invalid value for IceSSL.KeyFile:\n" + keyFile);
}
if(files.size() != keyFiles.size())
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: IceSSL.KeyFile does not agree with IceSSL.CertFile");
}
}
for(int i = 0; i < files.size(); ++i)
{
string file = files[i];
string keyFile = keyFiles.empty() ? "" : keyFiles[i];
string resolved;
if(!checkPath(file, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: certificate file not found:\n" + file);
}
file = resolved;
if(!keyFile.empty())
{
if(!checkPath(keyFile, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile);
}
keyFile = resolved;
}
try
{
_chain.reset(loadCertificateChain(file, keyFile, keychain, keychainPassword, password, passwordPrompt,
passwordRetryMax));
break;
}
catch(const CertificateReadException& ce)
{
//
// If this is the last certificate rethrow the exception as PluginInitializationException,
// otherwise try the next certificate.
//
if(i == files.size() - 1)
{
throw PluginInitializationException(__FILE__, __LINE__, ce.reason);
}
}
}
}
else if(!findCert.empty())
{
_chain.reset(findCertificateChain(keychain, keychainPassword, findCert));
}
//
// DiffieHellmanParams in DER format.
//
#if defined(ICE_USE_SECURE_TRANSPORT_MACOS)
string dhFile = properties->getProperty("IceSSL.DHParams");
if(!dhFile.empty())
{
string resolved;
if(!checkPath(dhFile, defaultDir, false, resolved))
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: DH params file not found:\n" + dhFile);
}
readFile(resolved, _dhParams);
}
#endif
//
// Establish the cipher list.
//
const string ciphers = properties->getProperty("IceSSL.Ciphers");
CiphersHelper::initialize();
if(!ciphers.empty())
{
parseCiphers(ciphers);
}
if(securityTraceLevel() >= 1)
{
ostringstream os;
os << "enabling SSL ciphersuites:";
if(_ciphers.empty())
{
map<string, SSLCipherSuite> enabled = CiphersHelper::ciphers();
for(map<string, SSLCipherSuite>::const_iterator i = enabled.begin(); i != enabled.end(); ++i)
{
os << "\n " << i->first;
}
}
else
{
for(vector<SSLCipherSuite>::const_iterator i = _ciphers.begin(); i != _ciphers.end(); ++i)
{
os << "\n " << getCipherName(*i);
}
}
getLogger()->trace(securityTraceCategory(), os.str());
}
//
// Parse protocols
//
const string protocolVersionMax = properties->getProperty("IceSSL.ProtocolVersionMax");
if(!protocolVersionMax.empty())
{
_protocolVersionMax = parseProtocol(protocolVersionMax);
}
//
// The default min protocol version is set to TLS1.0 to avoid security issues with SSLv3
//
const string protocolVersionMin = properties->getPropertyWithDefault("IceSSL.ProtocolVersionMin", "tls1_0");
if(!protocolVersionMin.empty())
{
_protocolVersionMin = parseProtocol(protocolVersionMin);
}
_initialized = true;
}
bool
RegistryI::start(bool nowarn)
{
assert(_communicator);
PropertiesPtr properties = _communicator->getProperties();
//
// Initialize the database environment.
//
string dbPath = properties->getProperty("IceGrid.Registry.Data");
if(dbPath.empty())
{
Error out(_communicator->getLogger());
out << "property `IceGrid.Registry.Data' is not set";
return false;
}
else
{
struct stat filestat;
if(stat(dbPath.c_str(), &filestat) != 0 || !S_ISDIR(filestat.st_mode))
{
Error out(_communicator->getLogger());
SyscallException ex(__FILE__, __LINE__);
ex.error = getSystemErrno();
out << "property `IceGrid.Registry.Data' is set to an invalid path:\n" << ex;
return false;
}
}
//
// Check that required properties are set and valid.
//
if(properties->getProperty("IceGrid.Registry.Client.Endpoints").empty())
{
Error out(_communicator->getLogger());
out << "property `IceGrid.Registry.Client.Endpoints' is not set";
return false;
}
if(properties->getProperty("IceGrid.Registry.Server.Endpoints").empty())
{
Error out(_communicator->getLogger());
out << "property `IceGrid.Registry.Server.Endpoints' is not set";
return false;
}
if(properties->getProperty("IceGrid.Registry.Internal.Endpoints").empty())
{
Error out(_communicator->getLogger());
out << "property `IceGrid.Registry.Internal.Endpoints' is not set";
return false;
}
if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty())
{
if(!nowarn)
{
Warning out(_communicator->getLogger());
out << "session manager endpoints `IceGrid.Registry.SessionManager.Endpoints' enabled";
}
}
properties->setProperty("Ice.PrintProcessId", "0");
properties->setProperty("Ice.ServerIdleTime", "0");
properties->setProperty("IceGrid.Registry.Client.AdapterId", "");
properties->setProperty("IceGrid.Registry.Server.AdapterId", "");
properties->setProperty("IceGrid.Registry.SessionManager.AdapterId", "");
properties->setProperty("IceGrid.Registry.Internal.AdapterId", "");
setupThreadPool(properties, "Ice.ThreadPool.Client", 1, 100);
setupThreadPool(properties, "IceGrid.Registry.Client.ThreadPool", 1, 10);
setupThreadPool(properties, "IceGrid.Registry.Server.ThreadPool", 1, 10);
setupThreadPool(properties, "IceGrid.Registry.SessionManager.ThreadPool", 1, 10);
setupThreadPool(properties, "IceGrid.Registry.Internal.ThreadPool", 1, 100);
_replicaName = properties->getPropertyWithDefault("IceGrid.Registry.ReplicaName", "Master");
_master = _replicaName == "Master";
_sessionTimeout = properties->getPropertyAsIntWithDefault("IceGrid.Registry.SessionTimeout", 30);
//
// Get the instance name
//
if(_master)
{
_instanceName = properties->getProperty("IceGrid.InstanceName");
if(_instanceName.empty())
{
if(_communicator->getDefaultLocator())
{
_instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category;
}
else
{
_instanceName = "IceGrid";
}
}
}
else
{
if(properties->getProperty("Ice.Default.Locator").empty())
{
Error out(_communicator->getLogger());
out << "property `Ice.Default.Locator' is not set";
return false;
}
_instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category;
}
//
// Ensure that nothing is running on this port. This is also
// useful to ensure that we don't run twice the same instance of
// the service too (which would cause the database environment of
// the already running instance to be "corrupted".)
//
try
{
string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints");
string strPrx = _instanceName + "/Locator:" + endpoints;
_communicator->stringToProxy(strPrx)->ice_timeout(5000)->ice_ping();
Error out(_communicator->getLogger());
out << "an IceGrid registry is already running and listening on the client endpoints `" << endpoints << "'";
return false;
}
catch(const Ice::LocalException&)
{
}
properties->setProperty("Freeze.DbEnv.Registry.DbHome", dbPath);
properties->setProperty("Freeze.DbEnv.Registry.DbPrivate", "0");
//
// Create the reaper thread.
//
_reaper = new ReapThread();
_reaper->start();
//
// Create the internal registry object adapter.
//
ObjectAdapterPtr registryAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Internal");
registryAdapter->activate();
//
// Create the internal IceStorm service.
//
Identity registryTopicManagerId;
registryTopicManagerId.category = _instanceName;
registryTopicManagerId.name = "RegistryTopicManager";
_iceStorm = IceStorm::Service::create(_communicator,
registryAdapter,
registryAdapter,
"IceGrid.Registry",
registryTopicManagerId,
"Registry");
const IceStorm::TopicManagerPrx topicManager = _iceStorm->getTopicManager();
//
// Create the registry database.
//
_database = new Database(registryAdapter, topicManager, _instanceName, _traceLevels, getInfo());
_wellKnownObjects = new WellKnownObjectsManager(_database);
//
// Get the saved replica/node proxies and remove them from the
// database.
//
Ice::ObjectProxySeq proxies;
Ice::ObjectProxySeq::const_iterator p;
NodePrxSeq nodes;
proxies = _database->getInternalObjectsByType(Node::ice_staticId());
for(p = proxies.begin(); p != proxies.end(); ++p)
{
nodes.push_back(NodePrx::uncheckedCast(*p));
}
InternalRegistryPrxSeq replicas;
proxies = _database->getObjectsByType(InternalRegistry::ice_staticId());
for(p = proxies.begin(); p != proxies.end(); ++p)
{
replicas.push_back(InternalRegistryPrx::uncheckedCast(*p));
}
//
// NOTE: The internal registry object must be added only once the
// node/replica proxies are retrieved and removed from the
// database. Otherwise, if some replica/node register as soon as
// the internal registry is setup we might clear valid proxies.
//
InternalRegistryPrx internalRegistry = setupInternalRegistry(registryAdapter);
if(_master)
{
nodes = registerReplicas(internalRegistry, replicas, nodes);
registerNodes(internalRegistry, nodes);
}
else
{
InternalReplicaInfoPtr info = _platform.getInternalReplicaInfo();
_session.create(_replicaName, info, _database, _wellKnownObjects, internalRegistry);
registerNodes(internalRegistry, _session.getNodes(nodes));
}
ObjectAdapterPtr serverAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Server");
_clientAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Client");
ObjectAdapterPtr sessionManagerAdapter;
if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty())
{
sessionManagerAdapter = _communicator->createObjectAdapter("IceGrid.Registry.SessionManager");
}
Ice::Identity dummy;
dummy.name = "dummy";
_wellKnownObjects->addEndpoint("Client", _clientAdapter->createDirectProxy(dummy));
_wellKnownObjects->addEndpoint("Server", serverAdapter->createDirectProxy(dummy));
if(sessionManagerAdapter)
{
_wellKnownObjects->addEndpoint("SessionManager", sessionManagerAdapter->createDirectProxy(dummy));
}
_wellKnownObjects->addEndpoint("Internal", registryAdapter->createDirectProxy(dummy));
setupNullPermissionsVerifier(registryAdapter);
if(!setupUserAccountMapper(registryAdapter))
{
return false;
}
QueryPrx query = setupQuery(_clientAdapter);
RegistryPrx registry = setupRegistry(_clientAdapter);
Ice::LocatorRegistryPrx locatorRegistry = setupLocatorRegistry(serverAdapter);
LocatorPrx internalLocator = setupLocator(_clientAdapter, registryAdapter, locatorRegistry, registry, query);
//
// Add a default servant locator to the client object adapter. The
// default servant ensure that request on session objects are from
// the same connection as the connection that created the session.
//
_sessionServantLocator = new SessionServantLocatorI(_clientAdapter, _instanceName);
_clientAdapter->addServantLocator(_sessionServantLocator, "");
setupClientSessionFactory(registryAdapter, sessionManagerAdapter, internalLocator, nowarn);
setupAdminSessionFactory(registryAdapter, sessionManagerAdapter, internalLocator, nowarn);
_wellKnownObjects->finish();
if(_master)
{
_wellKnownObjects->registerAll();
}
else
{
_session.registerAllWellKnownObjects();
}
//
// We are ready to go!
//
serverAdapter->activate();
_clientAdapter->activate();
if(sessionManagerAdapter)
{
sessionManagerAdapter->activate();
}
return true;
}
bool
RegistryI::startImpl()
{
assert(_communicator);
PropertiesPtr properties = _communicator->getProperties();
//
// Check that required properties are set and valid.
//
if(properties->getProperty("IceGrid.Registry.Client.Endpoints").empty())
{
Error out(_communicator->getLogger());
out << "property `IceGrid.Registry.Client.Endpoints' is not set";
return false;
}
if(properties->getProperty("IceGrid.Registry.Server.Endpoints").empty())
{
Error out(_communicator->getLogger());
out << "property `IceGrid.Registry.Server.Endpoints' is not set";
return false;
}
if(properties->getProperty("IceGrid.Registry.Internal.Endpoints").empty())
{
Error out(_communicator->getLogger());
out << "property `IceGrid.Registry.Internal.Endpoints' is not set";
return false;
}
if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty())
{
if(!_nowarn)
{
Warning out(_communicator->getLogger());
out << "session manager endpoints `IceGrid.Registry.SessionManager.Endpoints' enabled";
if(properties->getPropertyAsInt("IceGrid.Registry.SessionFilters") == 0)
{
out << " (with Glacier2 filters disabled)";
}
}
}
if(!properties->getProperty("IceGrid.Registry.AdminSessionManager.Endpoints").empty())
{
if(!_nowarn)
{
Warning out(_communicator->getLogger());
out << "administrative session manager endpoints `IceGrid.Registry.AdminSessionManager.Endpoints' enabled";
if(properties->getPropertyAsInt("IceGrid.Registry.AdminSessionFilters") == 0)
{
out << " (with Glacier2 filters disabled)";
}
}
}
properties->setProperty("Ice.PrintProcessId", "0");
properties->setProperty("Ice.ServerIdleTime", "0");
properties->setProperty("IceGrid.Registry.Client.AdapterId", "");
properties->setProperty("IceGrid.Registry.Server.AdapterId", "");
properties->setProperty("IceGrid.Registry.SessionManager.AdapterId", "");
properties->setProperty("IceGrid.Registry.Internal.AdapterId", "");
setupThreadPool(properties, "IceGrid.Registry.Client.ThreadPool", 1, 10);
setupThreadPool(properties, "IceGrid.Registry.Server.ThreadPool", 1, 10, true); // Serialize for admin callbacks
setupThreadPool(properties, "IceGrid.Registry.SessionManager.ThreadPool", 1, 10);
setupThreadPool(properties, "IceGrid.Registry.Internal.ThreadPool", 1, 100);
_replicaName = properties->getPropertyWithDefault("IceGrid.Registry.ReplicaName", "Master");
_master = _replicaName == "Master";
_sessionTimeout = properties->getPropertyAsIntWithDefault("IceGrid.Registry.SessionTimeout", 30);
if(!_master && properties->getProperty("Ice.Default.Locator").empty())
{
if(properties->getProperty("Ice.Default.Locator").empty())
{
Error out(_communicator->getLogger());
out << "property `Ice.Default.Locator' is not set";
return false;
}
}
//
// Get the instance name
//
if(_master)
{
_instanceName = properties->getProperty("IceGrid.InstanceName");
if(_instanceName.empty())
{
if(_communicator->getDefaultLocator())
{
_instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category;
}
else
{
_instanceName = "IceGrid";
}
}
}
else
{
_instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category;
}
//
// Ensure that nothing is running on this port. This is also
// useful to ensure that we don't run twice the same instance of
// the service too (which would cause the database environment of
// the already running instance to be "corrupted".)
//
try
{
string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints");
string strPrx = _instanceName + "/Locator:" + endpoints;
_communicator->stringToProxy(strPrx)->ice_timeout(5000)->ice_ping();
Error out(_communicator->getLogger());
out << "an IceGrid registry is already running and listening on the client endpoints `" << endpoints << "'";
return false;
}
catch(const Ice::LocalException&)
{
}
//
// Create the reaper thread.
//
_reaper = new ReapThread();
_reaper->start();
//
// Create the internal registry object adapter.
//
ObjectAdapterPtr registryAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Internal");
registryAdapter->activate();
//
// Create the internal IceStorm service.
//
Identity registryTopicManagerId;
registryTopicManagerId.category = _instanceName;
registryTopicManagerId.name = "RegistryTopicManager";
_iceStorm = IceStormInternal::Service::create(_communicator,
registryAdapter,
registryAdapter,
"IceGrid.Registry",
registryTopicManagerId,
"Registry");
const IceStorm::TopicManagerPrx topicManager = _iceStorm->getTopicManager();
//
// Create the registry database.
//
DatabasePluginPtr plugin;
try
{
plugin = DatabasePluginPtr::dynamicCast(_communicator->getPluginManager()->getPlugin("DB"));
}
catch(const NotRegisteredException&)
{
}
if(!plugin)
{
Error out(_communicator->getLogger());
out << "no database plugin configured with `Ice.Plugin.DB' or plugin is not a database plugin";
return false;
}
_database = new Database(registryAdapter, topicManager, _instanceName, _traceLevels, getInfo(), plugin, _readonly);
_wellKnownObjects = new WellKnownObjectsManager(_database);
//
// Get the saved replica/node proxies.
//
ObjectProxySeq proxies;
ObjectProxySeq::const_iterator p;
NodePrxSeq nodes;
proxies = _database->getInternalObjectsByType(Node::ice_staticId());
for(p = proxies.begin(); p != proxies.end(); ++p)
{
nodes.push_back(NodePrx::uncheckedCast(*p));
}
InternalRegistryPrxSeq replicas;
proxies = _database->getObjectsByType(InternalRegistry::ice_staticId());
for(p = proxies.begin(); p != proxies.end(); ++p)
{
replicas.push_back(InternalRegistryPrx::uncheckedCast(*p));
}
//
// NOTE: The internal registry object must be added only once the
// node/replica proxies are retrieved. Otherwise, if some
// replica/node register as soon as the internal registry is setup
// we might clear valid proxies.
//
InternalRegistryPrx internalRegistry = setupInternalRegistry(registryAdapter);
if(_master)
{
nodes = registerReplicas(internalRegistry, replicas, nodes);
registerNodes(internalRegistry, nodes);
}
else
{
InternalReplicaInfoPtr info = _platform.getInternalReplicaInfo();
_session.create(_replicaName, info, _database, _wellKnownObjects, internalRegistry);
registerNodes(internalRegistry, _session.getNodes(nodes));
}
_serverAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Server");
_clientAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Client");
Ice::Identity dummy;
dummy.name = "dummy";
_wellKnownObjects->addEndpoint("Client", _clientAdapter->createDirectProxy(dummy));
_wellKnownObjects->addEndpoint("Server", _serverAdapter->createDirectProxy(dummy));
_wellKnownObjects->addEndpoint("Internal", registryAdapter->createDirectProxy(dummy));
setupNullPermissionsVerifier(registryAdapter);
if(!setupUserAccountMapper(registryAdapter))
{
return false;
}
QueryPrx query = setupQuery(_clientAdapter);
RegistryPrx registry = setupRegistry(_clientAdapter);
Ice::LocatorRegistryPrx locatorRegistry = setupLocatorRegistry(_serverAdapter);
LocatorPrx internalLocator = setupLocator(_clientAdapter, registryAdapter, locatorRegistry, registry, query);
//
// Create the session servant manager. The session servant manager is responsible
// for managing sessions servants and to ensure that session servants are only
// accessed by the connection that created the session. The session servant manager
// also takes care of providing the router servant for server admin objects.
//
ObjectPtr serverAdminRouter = new RegistryServerAdminRouter(_database);
AdminCallbackRouterPtr adminCallbackRouter = new AdminCallbackRouter;
_servantManager = new SessionServantManager(_clientAdapter, _instanceName, true, getServerAdminCategory(),
serverAdminRouter, adminCallbackRouter);
_clientAdapter->addServantLocator(_servantManager, "");
_serverAdapter->addServantLocator(new DefaultServantLocator(adminCallbackRouter), "");
ObjectAdapterPtr sessionAdpt = setupClientSessionFactory(registryAdapter, internalLocator);
ObjectAdapterPtr admSessionAdpt = setupAdminSessionFactory(registryAdapter, serverAdminRouter, internalLocator);
_wellKnownObjects->finish();
if(_master)
{
_wellKnownObjects->registerAll();
}
else
{
_session.registerAllWellKnownObjects();
}
//
// We are ready to go!
//
_serverAdapter->activate();
_clientAdapter->activate();
if(sessionAdpt)
{
sessionAdpt->activate();
}
if(admSessionAdpt)
{
admSessionAdpt->activate();
}
return true;
}
IceInternal::DefaultsAndOverrides::DefaultsAndOverrides(const PropertiesPtr& properties) :
overrideTimeout(false),
overrideTimeoutValue(-1),
overrideConnectTimeout(false),
overrideConnectTimeoutValue(-1),
overrideCloseTimeout(false),
overrideCloseTimeoutValue(-1),
overrideCompress(false),
overrideCompressValue(false),
overrideSecure(false),
overrideSecureValue(false)
{
const_cast<string&>(defaultProtocol) = properties->getPropertyWithDefault("Ice.Default.Protocol", "tcp");
const_cast<string&>(defaultHost) = properties->getProperty("Ice.Default.Host");
string value;
value = properties->getProperty("Ice.Override.Timeout");
if(!value.empty())
{
const_cast<bool&>(overrideTimeout) = true;
const_cast<Int&>(overrideTimeoutValue) = properties->getPropertyAsInt("Ice.Override.Timeout");
}
value = properties->getProperty("Ice.Override.ConnectTimeout");
if(!value.empty())
{
const_cast<bool&>(overrideConnectTimeout) = true;
const_cast<Int&>(overrideConnectTimeoutValue) = properties->getPropertyAsInt("Ice.Override.ConnectTimeout");
}
value = properties->getProperty("Ice.Override.CloseTimeout");
if(!value.empty())
{
const_cast<bool&>(overrideCloseTimeout) = true;
const_cast<Int&>(overrideCloseTimeoutValue) = properties->getPropertyAsInt("Ice.Override.CloseTimeout");
}
value = properties->getProperty("Ice.Override.Compress");
if(!value.empty())
{
const_cast<bool&>(overrideCompress) = true;
const_cast<bool&>(overrideCompressValue) = properties->getPropertyAsInt("Ice.Override.Compress");
}
value = properties->getProperty("Ice.Override.Secure");
if(!value.empty())
{
const_cast<bool&>(overrideSecure) = true;
const_cast<bool&>(overrideSecureValue) = properties->getPropertyAsInt("Ice.Override.Secure");
}
const_cast<bool&>(defaultCollocationOptimization) =
properties->getPropertyAsIntWithDefault("Ice.Default.CollocationOptimized", 1) > 0;
value = properties->getPropertyWithDefault("Ice.Default.EndpointSelection", "Random");
if(value == "Random")
{
defaultEndpointSelection = Random;
}
else if(value == "Ordered")
{
defaultEndpointSelection = Ordered;
}
else
{
EndpointSelectionTypeParseException ex(__FILE__, __LINE__);
ex.str = "illegal value `" + value + "'; expected `Random' or `Ordered'";
throw ex;
}
const_cast<int&>(defaultLocatorCacheTimeout) =
properties->getPropertyAsIntWithDefault("Ice.Default.LocatorCacheTimeout", -1);
const_cast<bool&>(defaultPreferSecure) =
properties->getPropertyAsIntWithDefault("Ice.Default.PreferSecure", 0) > 0;
value = properties->getPropertyWithDefault("Ice.Default.EncodingVersion", encodingVersionToString(currentEncoding));
defaultEncoding = stringToEncodingVersion(value);
checkSupportedEncoding(defaultEncoding);
bool slicedFormat = properties->getPropertyAsIntWithDefault("Ice.Default.SlicedFormat", 0) > 0;
const_cast<FormatType&>(defaultFormat) = slicedFormat ? SlicedFormat : CompactFormat;
}
IceInternal::DefaultsAndOverrides::DefaultsAndOverrides(const PropertiesPtr& properties, const LoggerPtr& logger) :
overrideTimeout(false),
overrideTimeoutValue(-1),
overrideConnectTimeout(false),
overrideConnectTimeoutValue(-1),
overrideCloseTimeout(false),
overrideCloseTimeoutValue(-1),
overrideCompress(false),
overrideCompressValue(false),
overrideSecure(false),
overrideSecureValue(false)
{
const_cast<string&>(defaultProtocol) = properties->getPropertyWithDefault("Ice.Default.Protocol", "tcp");
const_cast<string&>(defaultHost) = properties->getProperty("Ice.Default.Host");
string value;
#ifndef ICE_OS_WINRT
value = properties->getProperty("Ice.Default.SourceAddress");
if(!value.empty())
{
const_cast<Address&>(defaultSourceAddress) = getNumericAddress(value);
if(!isAddressValid(defaultSourceAddress))
{
InitializationException ex(__FILE__, __LINE__);
ex.reason = "invalid IP address set for Ice.Default.SourceAddress: `" + value + "'";
throw ex;
}
}
#endif
value = properties->getProperty("Ice.Override.Timeout");
if(!value.empty())
{
const_cast<bool&>(overrideTimeout) = true;
const_cast<Int&>(overrideTimeoutValue) = properties->getPropertyAsInt("Ice.Override.Timeout");
if(overrideTimeoutValue < 1 && overrideTimeoutValue != -1)
{
const_cast<Int&>(overrideTimeoutValue) = -1;
Warning out(logger);
out << "invalid value for Ice.Override.Timeout `" << properties->getProperty("Ice.Override.Timeout")
<< "': defaulting to -1";
}
}
value = properties->getProperty("Ice.Override.ConnectTimeout");
if(!value.empty())
{
const_cast<bool&>(overrideConnectTimeout) = true;
const_cast<Int&>(overrideConnectTimeoutValue) = properties->getPropertyAsInt("Ice.Override.ConnectTimeout");
if(overrideConnectTimeoutValue < 1 && overrideConnectTimeoutValue != -1)
{
const_cast<Int&>(overrideConnectTimeoutValue) = -1;
Warning out(logger);
out << "invalid value for Ice.Override.ConnectTimeout `"
<< properties->getProperty("Ice.Override.ConnectTimeout") << "': defaulting to -1";
}
}
value = properties->getProperty("Ice.Override.CloseTimeout");
if(!value.empty())
{
const_cast<bool&>(overrideCloseTimeout) = true;
const_cast<Int&>(overrideCloseTimeoutValue) = properties->getPropertyAsInt("Ice.Override.CloseTimeout");
if(overrideCloseTimeoutValue < 1 && overrideCloseTimeoutValue != -1)
{
const_cast<Int&>(overrideCloseTimeoutValue) = -1;
Warning out(logger);
out << "invalid value for Ice.Override.CloseTimeout `"
<< properties->getProperty("Ice.Override.CloseTimeout") << "': defaulting to -1";
}
}
value = properties->getProperty("Ice.Override.Compress");
if(!value.empty())
{
const_cast<bool&>(overrideCompress) = true;
const_cast<bool&>(overrideCompressValue) = properties->getPropertyAsInt("Ice.Override.Compress") > 0;
}
value = properties->getProperty("Ice.Override.Secure");
if(!value.empty())
{
const_cast<bool&>(overrideSecure) = true;
const_cast<bool&>(overrideSecureValue) = properties->getPropertyAsInt("Ice.Override.Secure") > 0;
}
const_cast<bool&>(defaultCollocationOptimization) =
properties->getPropertyAsIntWithDefault("Ice.Default.CollocationOptimized", 1) > 0;
value = properties->getPropertyWithDefault("Ice.Default.EndpointSelection", "Random");
if(value == "Random")
{
defaultEndpointSelection = Random;
}
else if(value == "Ordered")
{
defaultEndpointSelection = Ordered;
}
else
{
EndpointSelectionTypeParseException ex(__FILE__, __LINE__);
ex.str = "illegal value `" + value + "'; expected `Random' or `Ordered'";
throw ex;
}
const_cast<int&>(defaultTimeout) =
properties->getPropertyAsIntWithDefault("Ice.Default.Timeout", 60000);
if(defaultTimeout < 1 && defaultTimeout != -1)
{
const_cast<Int&>(defaultTimeout) = 60000;
Warning out(logger);
out << "invalid value for Ice.Default.Timeout `" << properties->getProperty("Ice.Default.Timeout")
<< "': defaulting to 60000";
}
const_cast<int&>(defaultInvocationTimeout) =
properties->getPropertyAsIntWithDefault("Ice.Default.InvocationTimeout", -1);
if(defaultInvocationTimeout < 1 && defaultInvocationTimeout != -1 && defaultInvocationTimeout != -2)
{
const_cast<Int&>(defaultInvocationTimeout) = -1;
Warning out(logger);
out << "invalid value for Ice.Default.InvocationTimeout `"
<< properties->getProperty("Ice.Default.InvocationTimeout") << "': defaulting to -1";
}
const_cast<int&>(defaultLocatorCacheTimeout) =
properties->getPropertyAsIntWithDefault("Ice.Default.LocatorCacheTimeout", -1);
if(defaultLocatorCacheTimeout < -1)
{
const_cast<Int&>(defaultLocatorCacheTimeout) = -1;
Warning out(logger);
out << "invalid value for Ice.Default.LocatorCacheTimeout `"
<< properties->getProperty("Ice.Default.LocatorCacheTimeout") << "': defaulting to -1";
}
const_cast<bool&>(defaultPreferSecure) =
properties->getPropertyAsIntWithDefault("Ice.Default.PreferSecure", 0) > 0;
value = properties->getPropertyWithDefault("Ice.Default.EncodingVersion", encodingVersionToString(currentEncoding));
defaultEncoding = stringToEncodingVersion(value);
checkSupportedEncoding(defaultEncoding);
bool slicedFormat = properties->getPropertyAsIntWithDefault("Ice.Default.SlicedFormat", 0) > 0;
const_cast<FormatType&>(defaultFormat) = slicedFormat ? SlicedFormat : CompactFormat;
}
RoutableReferencePtr
IceInternal::ReferenceFactory::create(const Identity& ident,
const string& facet,
Reference::Mode mode,
bool secure,
const vector<EndpointIPtr>& endpoints,
const string& adapterId,
const string& propertyPrefix)
{
DefaultsAndOverridesPtr defaultsAndOverrides = _instance->defaultsAndOverrides();
//
// Default local proxy options.
//
LocatorInfoPtr locatorInfo = _instance->locatorManager()->get(_defaultLocator);
RouterInfoPtr routerInfo = _instance->routerManager()->get(_defaultRouter);
bool collocationOptimized = defaultsAndOverrides->defaultCollocationOptimization;
bool cacheConnection = true;
bool preferSecure = defaultsAndOverrides->defaultPreferSecure;
Ice::EndpointSelectionType endpointSelection = defaultsAndOverrides->defaultEndpointSelection;
int locatorCacheTimeout = defaultsAndOverrides->defaultLocatorCacheTimeout;
//
// Override the defaults with the proxy properties if a property prefix is defined.
//
if(!propertyPrefix.empty())
{
PropertiesPtr properties = _instance->initializationData().properties;
if(properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0)
{
checkForUnknownProperties(propertyPrefix);
}
string property;
property = propertyPrefix + ".Locator";
LocatorPrx locator = LocatorPrx::uncheckedCast(_communicator->propertyToProxy(property));
if(locator)
{
locatorInfo = _instance->locatorManager()->get(locator);
}
property = propertyPrefix + ".Router";
RouterPrx router = RouterPrx::uncheckedCast(_communicator->propertyToProxy(property));
if(router)
{
if(propertyPrefix.size() > 7 && propertyPrefix.substr(propertyPrefix.size() - 7, 7) == ".Router")
{
Warning out(_instance->initializationData().logger);
out << "`" << property << "=" << properties->getProperty(property)
<< "': cannot set a router on a router; setting ignored";
}
else
{
routerInfo = _instance->routerManager()->get(router);
}
}
property = propertyPrefix + ".CollocationOptimized";
collocationOptimized = properties->getPropertyAsIntWithDefault(property, collocationOptimized) > 0;
property = propertyPrefix + ".ConnectionCached";
cacheConnection = properties->getPropertyAsIntWithDefault(property, cacheConnection) > 0;
property = propertyPrefix + ".PreferSecure";
preferSecure = properties->getPropertyAsIntWithDefault(property, preferSecure) > 0;
property = propertyPrefix + ".EndpointSelection";
if(!properties->getProperty(property).empty())
{
string type = properties->getProperty(property);
if(type == "Random")
{
endpointSelection = Random;
}
else if(type == "Ordered")
{
endpointSelection = Ordered;
}
else
{
EndpointSelectionTypeParseException ex(__FILE__, __LINE__);
ex.str = "illegal value `" + type + "'; expected `Random' or `Ordered'";
throw ex;
}
}
property = propertyPrefix + ".LocatorCacheTimeout";
locatorCacheTimeout = properties->getPropertyAsIntWithDefault(property, locatorCacheTimeout);
}
//
// Create new reference
//
return new RoutableReference(_instance,
_communicator,
ident,
facet,
mode,
secure,
endpoints,
adapterId,
locatorInfo,
routerInfo,
collocationOptimized,
cacheConnection,
preferSecure,
endpointSelection,
locatorCacheTimeout);
}
void
IceServiceInstaller::install(const PropertiesPtr& properties)
{
_debug = properties->getPropertyAsInt("Debug") != 0;
initializeSid(properties->getPropertyWithDefault("ObjectName", "NT Authority\\LocalService"));
const string defaultDisplayName[] =
{
"IceGrid registry (" + _icegridInstanceName + ")",
"IceGrid node (" + _nodeName + " within " + _icegridInstanceName + ")",
"Glacier2 router (" + _glacier2InstanceName + ")"
};
const string defaultDescription[] =
{
"Location and deployment service for Ice applications",
"Starts and monitors Ice servers",
"Ice Firewall traversal service"
};
string displayName = properties->getPropertyWithDefault("DisplayName", defaultDisplayName[_serviceType]);
string description = properties->getPropertyWithDefault("Description", defaultDescription[_serviceType]);
string imagePath = properties->getProperty("ImagePath");
if(imagePath == "")
{
char buffer[MAX_PATH];
DWORD size = GetModuleFileName(0, buffer, MAX_PATH);
if(size == 0)
{
throw "Can't get full path to self: " + IceUtilInternal::errorToString(GetLastError());
}
imagePath = string(buffer, size);
imagePath.replace(imagePath.rfind('\\'), string::npos, "\\" + serviceTypeToLowerString(_serviceType) + ".exe");
}
else
{
imagePath = fixDirSeparator(imagePath);
}
if(!fileExists(imagePath))
{
throw imagePath + ": not found";
}
string dependency;
if(_serviceType == icegridregistry)
{
if(properties->getPropertyAsInt("DependOnRegistry") != 0)
{
throw "The IceGrid registry service can't depend on itself";
}
string registryDataDir = fixDirSeparator(_serviceProperties->getProperty("IceGrid.Registry.Data"));
if(registryDataDir == "")
{
throw "IceGrid.Registry.Data must be set in " + _configFile;
}
if(!IceUtilInternal::isAbsolutePath(registryDataDir))
{
throw "'" + registryDataDir + "' is a relative path; IceGrid.Registry.Data must be an absolute path";
}
if(!mkdir(registryDataDir))
{
grantPermissions(registryDataDir, SE_FILE_OBJECT, true, true);
}
}
else if(_serviceType == icegridnode)
{
string nodeDataDir = fixDirSeparator(_serviceProperties->getProperty("IceGrid.Node.Data"));
if(nodeDataDir == "")
{
throw "IceGrid.Node.Data must be set in " + _configFile;
}
if(!IceUtilInternal::isAbsolutePath(nodeDataDir))
{
throw "'" + nodeDataDir + "' is a relative path; IceGrid.Node.Data must be an absolute path";
}
if(!mkdir(nodeDataDir))
{
grantPermissions(nodeDataDir, SE_FILE_OBJECT, true, true);
}
grantPermissions("MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib", SE_REGISTRY_KEY, true);
if(properties->getPropertyAsInt("DependOnRegistry") != 0)
{
dependency = "icegridregistry." + _icegridInstanceName;
}
}
else if(_serviceType == glacier2router)
{
if(properties->getPropertyAsInt("DependOnRegistry") != 0)
{
if(_icegridInstanceName == "")
{
throw "Ice.Default.Locator must be set in " + _configFile + " when DependOnRegistry is not zero";
}
dependency = "icegridregistry." + _icegridInstanceName;
}
}
if(!_configFile.find("HKLM\\") == 0)
{
grantPermissions(_configFile);
}
string eventLog = properties->getProperty("EventLog");
if(eventLog == "")
{
eventLog = "Application";
}
else
{
addLog(eventLog);
}
string eventLogSource = _serviceProperties->getPropertyWithDefault("Ice.EventLog.Source", _serviceName);
addSource(eventLogSource, eventLog, getIceDLLPath(imagePath));
SC_HANDLE scm = OpenSCManager(0, 0, SC_MANAGER_ALL_ACCESS);
if(scm == 0)
{
DWORD res = GetLastError();
throw "Cannot open SCM: " + IceUtilInternal::errorToString(res);
}
string deps = dependency;
if(deps.empty())
{
const string candidates[] = { "netprofm", "Nla" };
const int candidatesLen = 2;
for(int i = 0; i < candidatesLen; ++i)
{
SC_HANDLE service = OpenService(scm, candidates[i].c_str(), GENERIC_READ);
if(service != 0)
{
deps = candidates[i];
CloseServiceHandle(service);
break; // for
}
}
}
deps += '\0'; // must be double-null terminated
string command = "\"" + imagePath + "\" --service " + _serviceName + " --Ice.Config=\"";
//
// Get the full path of config file.
//
if(!_configFile.find("HKLM\\") == 0)
{
char fullPath[MAX_PATH];
if(GetFullPathName(_configFile.c_str(), MAX_PATH, fullPath, 0) > MAX_PATH)
{
throw "Could not compute the full path of " + _configFile;
}
command += string(fullPath) + "\"";
}
else
{
command += _configFile + "\"";
}
bool autoStart = properties->getPropertyAsIntWithDefault("AutoStart", 1) != 0;
string password = properties->getProperty("Password");
SC_HANDLE service = CreateServiceW(
scm,
IceUtil::stringToWstring(_serviceName).c_str(),
IceUtil::stringToWstring(displayName).c_str(),
SERVICE_ALL_ACCESS,
SERVICE_WIN32_OWN_PROCESS,
autoStart ? SERVICE_AUTO_START : SERVICE_DEMAND_START,
SERVICE_ERROR_NORMAL,
IceUtil::stringToWstring(command).c_str(),
0,
0,
IceUtil::stringToWstring(deps).c_str(),
IceUtil::stringToWstring(_sidName).c_str(),
IceUtil::stringToWstring(password).c_str());
if(service == 0)
{
DWORD res = GetLastError();
CloseServiceHandle(scm);
throw "Cannot create service" + _serviceName + ": " + IceUtilInternal::errorToString(res);
}
//
// Set description
//
wstring uDescription = IceUtil::stringToWstring(description);
SERVICE_DESCRIPTIONW sd = { const_cast<wchar_t*>(uDescription.c_str()) };
if(!ChangeServiceConfig2W(service, SERVICE_CONFIG_DESCRIPTION, &sd))
{
DWORD res = GetLastError();
CloseServiceHandle(scm);
CloseServiceHandle(service);
throw "Cannot set description for service" + _serviceName + ": " + IceUtilInternal::errorToString(res);
}
CloseServiceHandle(scm);
CloseServiceHandle(service);
}
RoutableReferencePtr
IceInternal::ReferenceFactory::create(const Identity& ident,
const string& facet,
Reference::Mode mode,
bool secure,
const Ice::ProtocolVersion& protocol,
const Ice::EncodingVersion& encoding,
const vector<EndpointIPtr>& endpoints,
const string& adapterId,
const string& propertyPrefix)
{
DefaultsAndOverridesPtr defaultsAndOverrides = _instance->defaultsAndOverrides();
//
// Default local proxy options.
//
LocatorInfoPtr locatorInfo;
if(_defaultLocator)
{
if(_defaultLocator->ice_getEncodingVersion() != encoding)
{
locatorInfo = _instance->locatorManager()->get(_defaultLocator->ice_encodingVersion(encoding));
}
else
{
locatorInfo = _instance->locatorManager()->get(_defaultLocator);
}
}
RouterInfoPtr routerInfo = _instance->routerManager()->get(_defaultRouter);
bool collocationOptimized = defaultsAndOverrides->defaultCollocationOptimization;
bool cacheConnection = true;
bool preferSecure = defaultsAndOverrides->defaultPreferSecure;
Ice::EndpointSelectionType endpointSelection = defaultsAndOverrides->defaultEndpointSelection;
int locatorCacheTimeout = defaultsAndOverrides->defaultLocatorCacheTimeout;
int invocationTimeout = defaultsAndOverrides->defaultInvocationTimeout;
Ice::Context ctx;
//
// Override the defaults with the proxy properties if a property prefix is defined.
//
if(!propertyPrefix.empty())
{
PropertiesPtr properties = _instance->initializationData().properties;
if(properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0)
{
checkForUnknownProperties(propertyPrefix);
}
string property;
property = propertyPrefix + ".Locator";
LocatorPrx locator = LocatorPrx::uncheckedCast(_communicator->propertyToProxy(property));
if(locator)
{
if(locator->ice_getEncodingVersion() != encoding)
{
locatorInfo = _instance->locatorManager()->get(locator->ice_encodingVersion(encoding));
}
else
{
locatorInfo = _instance->locatorManager()->get(locator);
}
}
property = propertyPrefix + ".Router";
RouterPrx router = RouterPrx::uncheckedCast(_communicator->propertyToProxy(property));
if(router)
{
if(propertyPrefix.size() > 7 && propertyPrefix.substr(propertyPrefix.size() - 7, 7) == ".Router")
{
Warning out(_instance->initializationData().logger);
out << "`" << property << "=" << properties->getProperty(property)
<< "': cannot set a router on a router; setting ignored";
}
else
{
routerInfo = _instance->routerManager()->get(router);
}
}
property = propertyPrefix + ".CollocationOptimized";
collocationOptimized = properties->getPropertyAsIntWithDefault(property, collocationOptimized) > 0;
property = propertyPrefix + ".ConnectionCached";
cacheConnection = properties->getPropertyAsIntWithDefault(property, cacheConnection) > 0;
property = propertyPrefix + ".PreferSecure";
preferSecure = properties->getPropertyAsIntWithDefault(property, preferSecure) > 0;
property = propertyPrefix + ".EndpointSelection";
if(!properties->getProperty(property).empty())
{
string type = properties->getProperty(property);
if(type == "Random")
{
endpointSelection = Random;
}
else if(type == "Ordered")
{
endpointSelection = Ordered;
}
else
{
EndpointSelectionTypeParseException ex(__FILE__, __LINE__);
ex.str = "illegal value `" + type + "'; expected `Random' or `Ordered'";
throw ex;
}
}
property = propertyPrefix + ".LocatorCacheTimeout";
string value = properties->getProperty(property);
if(!value.empty())
{
locatorCacheTimeout = properties->getPropertyAsIntWithDefault(property, locatorCacheTimeout);
if(locatorCacheTimeout < -1)
{
locatorCacheTimeout = -1;
Warning out(_instance->initializationData().logger);
out << "invalid value for " << property << "`" << properties->getProperty(property) << "'"
<< ": defaulting to -1";
}
}
property = propertyPrefix + ".InvocationTimeout";
value = properties->getProperty(property);
if(!value.empty())
{
invocationTimeout = properties->getPropertyAsIntWithDefault(property, invocationTimeout);
if(invocationTimeout < 1 && invocationTimeout != -1)
{
invocationTimeout = -1;
Warning out(_instance->initializationData().logger);
out << "invalid value for " << property << "`" << properties->getProperty(property) << "'"
<< ": defaulting to -1";
}
}
property = propertyPrefix + ".Context.";
PropertyDict contexts = properties->getPropertiesForPrefix(property);
for(PropertyDict::const_iterator p = contexts.begin(); p != contexts.end(); ++p)
{
ctx.insert(make_pair(p->first.substr(property.length()), p->second));
}
}
//
// Create new reference
//
return new RoutableReference(_instance,
_communicator,
ident,
facet,
mode,
secure,
protocol,
encoding,
endpoints,
adapterId,
locatorInfo,
routerInfo,
collocationOptimized,
cacheConnection,
preferSecure,
endpointSelection,
locatorCacheTimeout,
invocationTimeout,
ctx);
}
Ice::ObjectAdapterI::ObjectAdapterI(const InstancePtr& instance, const CommunicatorPtr& communicator,
const ObjectAdapterFactoryPtr& objectAdapterFactory, const string& name,
const string& endpointInfo, const RouterPrx& router, bool noConfig) :
_deactivated(false),
_instance(instance),
_communicator(communicator),
_objectAdapterFactory(objectAdapterFactory),
_servantManager(new ServantManager(instance, name)),
_activateOneOffDone(false),
_name(name),
_directCount(0),
_waitForActivate(false),
_destroying(false),
_destroyed(false),
_noConfig(noConfig),
_threadPerConnection(false),
_threadPerConnectionStackSize(0)
{
if(_noConfig)
{
return;
}
PropertiesPtr properties = instance->initializationData().properties;
StringSeq unknownProps;
bool noProps = filterProperties(unknownProps);
//
// Warn about unknown object adapter properties.
//
if(unknownProps.size() != 0 && properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0)
{
Warning out(_instance->initializationData().logger);
out << "found unknown properties for object adapter '" << _name << "':";
for(unsigned int i = 0; i < unknownProps.size(); ++i)
{
out << "\n " << unknownProps[i];
}
}
//
// Make sure named adapter has some configuration
//
if(endpointInfo.empty() && router == 0 && noProps)
{
InitializationException ex(__FILE__, __LINE__);
ex.reason = "object adapter \"" + _name + "\" requires configuration.";
throw ex;
}
const_cast<string&>(_id) = properties->getProperty(_name + ".AdapterId");
const_cast<string&>(_replicaGroupId) = properties->getProperty(_name + ".ReplicaGroupId");
__setNoDelete(true);
try
{
_threadPerConnection = properties->getPropertyAsInt(_name + ".ThreadPerConnection") > 0;
int threadPoolSize = properties->getPropertyAsInt(_name + ".ThreadPool.Size");
int threadPoolSizeMax = properties->getPropertyAsInt(_name + ".ThreadPool.SizeMax");
if(_threadPerConnection && (threadPoolSize > 0 || threadPoolSizeMax > 0))
{
InitializationException ex(__FILE__, __LINE__);
ex.reason = "object adapter \"" + _name + "\" cannot be configured for both\n"
"thread pool and thread per connection";
throw ex;
}
if(!_threadPerConnection && threadPoolSize == 0 && threadPoolSizeMax == 0)
{
_threadPerConnection = _instance->threadPerConnection();
}
if(_threadPerConnection)
{
int stackSize =
properties->getPropertyAsIntWithDefault(_name + ".ThreadPerConnection.StackSize",
static_cast<Int>(_instance->threadPerConnectionStackSize()));
if(stackSize < 0)
{
stackSize = 0;
}
_threadPerConnectionStackSize = stackSize;
}
//
// Create the per-adapter thread pool, if necessary. This is done before the creation of the incoming
// connection factory as the thread pool is needed during creation for the call to incFdsInUse.
//
if(threadPoolSize > 0 || threadPoolSizeMax > 0)
{
_threadPool = new ThreadPool(_instance, _name + ".ThreadPool", 0);
}
if(!router)
{
const_cast<RouterPrx&>(router) = RouterPrx::uncheckedCast(
_instance->proxyFactory()->propertyToProxy(_name + ".Router"));
}
if(router)
{
_routerInfo = _instance->routerManager()->get(router);
if(_routerInfo)
{
//
// Make sure this router is not already registered with another adapter.
//
if(_routerInfo->getAdapter())
{
throw AlreadyRegisteredException(__FILE__, __LINE__, "object adapter with router",
_instance->identityToString(router->ice_getIdentity()));
}
//
// Add the router's server proxy endpoints to this object
// adapter.
//
vector<EndpointIPtr> endpoints = _routerInfo->getServerEndpoints();
copy(endpoints.begin(), endpoints.end(), back_inserter(_routerEndpoints));
sort(_routerEndpoints.begin(), _routerEndpoints.end()); // Must be sorted.
_routerEndpoints.erase(unique(_routerEndpoints.begin(), _routerEndpoints.end()),
_routerEndpoints.end());
//
// Associate this object adapter with the router. This way,
// new outgoing connections to the router's client proxy will
// use this object adapter for callbacks.
//
_routerInfo->setAdapter(this);
//
// Also modify all existing outgoing connections to the
// router's client proxy to use this object adapter for
// callbacks.
//
_instance->outgoingConnectionFactory()->setRouterInfo(_routerInfo);
}
}
else
{
//
// Parse the endpoints, but don't store them in the adapter.
// The connection factory might change it, for example, to
// fill in the real port number.
//
vector<EndpointIPtr> endpoints;
if(endpointInfo.empty())
{
endpoints = parseEndpoints(properties->getProperty(_name + ".Endpoints"));
}
else
{
endpoints = parseEndpoints(endpointInfo);
}
for(vector<EndpointIPtr>::iterator p = endpoints.begin(); p != endpoints.end(); ++p)
{
_incomingConnectionFactories.push_back(new IncomingConnectionFactory(instance, *p, this, _name));
}
if(endpoints.empty())
{
TraceLevelsPtr tl = _instance->traceLevels();
if(tl->network >= 2)
{
Trace out(_instance->initializationData().logger, tl->networkCat);
out << "created adapter `" << name << "' without endpoints";
}
}
//
// Parse published endpoints. If set, these are used in proxies
// instead of the connection factory endpoints.
//
string endpts = properties->getProperty(_name + ".PublishedEndpoints");
_publishedEndpoints = parseEndpoints(endpts);
if(_publishedEndpoints.empty())
{
transform(_incomingConnectionFactories.begin(), _incomingConnectionFactories.end(),
back_inserter(_publishedEndpoints), Ice::constMemFun(&IncomingConnectionFactory::endpoint));
}
//
// Filter out any endpoints that are not meant to be published.
//
_publishedEndpoints.erase(remove_if(_publishedEndpoints.begin(), _publishedEndpoints.end(),
not1(Ice::constMemFun(&EndpointI::publish))), _publishedEndpoints.end());
}
if(!properties->getProperty(_name + ".Locator").empty())
{
setLocator(LocatorPrx::uncheckedCast(_instance->proxyFactory()->propertyToProxy(_name + ".Locator")));
}
else
{
setLocator(_instance->referenceFactory()->getDefaultLocator());
}
}
catch(...)
{
destroy();
__setNoDelete(false);
throw;
}
__setNoDelete(false);
}
bool
NodeService::startImpl(int argc, char* argv[], int& status)
{
bool nowarn = false;
bool readonly = false;
string initFromReplica;
string desc;
vector<string> targets;
for(int i = 1; i < argc; ++i)
{
if(strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0)
{
usage(argv[0]);
status = EXIT_SUCCESS;
return false;
}
else if(strcmp(argv[i], "-v") == 0 || strcmp(argv[i], "--version") == 0)
{
print(ICE_STRING_VERSION);
status = EXIT_SUCCESS;
return false;
}
else if(strcmp(argv[i], "--nowarn") == 0)
{
nowarn = true;
}
else if(strcmp(argv[i], "--readonly") == 0)
{
readonly = true;
}
else if(strcmp(argv[i], "--initdb-from-replica") == 0)
{
if(i + 1 >= argc)
{
error("missing replica argument for option `" + string(argv[i]) + "'");
usage(argv[0]);
return false;
}
initFromReplica = argv[++i];
}
else if(strcmp(argv[i], "--deploy") == 0)
{
if(i + 1 >= argc)
{
error("missing descriptor argument for option `" + string(argv[i]) + "'");
usage(argv[0]);
return false;
}
desc = argv[++i];
while(i + 1 < argc && argv[++i][0] != '-')
{
targets.push_back(argv[i]);
}
}
else
{
error("invalid option: `" + string(argv[i]) + "'");
usage(argv[0]);
return false;
}
}
PropertiesPtr properties = communicator()->getProperties();
//
// Disable server idle time. Otherwise, the adapter would be
// shutdown prematurely and the deactivation would fail.
// Deactivation of the node relies on the object adapter
// to be active since it needs to terminate servers.
//
// TODO: implement Ice.ServerIdleTime in the activator
// termination listener instead?
//
properties->setProperty("Ice.ServerIdleTime", "0");
//
// Warn the user that setting Ice.ThreadPool.Server isn't useful.
//
if(!nowarn && properties->getPropertyAsIntWithDefault("Ice.ThreadPool.Server.Size", 0) > 0)
{
Warning out(communicator()->getLogger());
out << "setting `Ice.ThreadPool.Server.Size' is not useful, ";
out << "you should set individual adapter thread pools instead.";
}
setupThreadPool(properties, "IceGrid.Node.ThreadPool", 1, 100);
//
// Create the activator.
//
TraceLevelsPtr traceLevels = new TraceLevels(communicator(), "IceGrid.Node");
_activator = new Activator(traceLevels);
//
// Collocate the IceGrid registry if we need to.
//
if(properties->getPropertyAsInt("IceGrid.Node.CollocateRegistry") > 0)
{
_registry = new CollocatedRegistry(communicator(), _activator, nowarn, readonly, initFromReplica);
if(!_registry->start())
{
return false;
}
//
// Set the default locator property to point to the collocated
// locator (this property is passed by the activator to each
// activated server). The default locator is also needed by
// the node session manager.
//
if(properties->getProperty("Ice.Default.Locator").empty())
{
Identity locatorId;
locatorId.category = properties->getPropertyWithDefault("IceGrid.InstanceName", "IceGrid");
locatorId.name = "Locator";
string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints");
string locPrx = "\"" + communicator()->identityToString(locatorId) + "\" :" + endpoints;
communicator()->setDefaultLocator(Ice::LocatorPrx::uncheckedCast(communicator()->stringToProxy(locPrx)));
properties->setProperty("Ice.Default.Locator", locPrx);
}
}
else if(properties->getProperty("Ice.Default.Locator").empty())
{
error("property `Ice.Default.Locator' is not set");
return false;
}
//
// Initialize the database environment (first setup the directory structure if needed).
//
string dataPath = properties->getProperty("IceGrid.Node.Data");
string dbPath;
if(dataPath.empty())
{
error("property `IceGrid.Node.Data' is not set");
return false;
}
else
{
if(!IceUtilInternal::directoryExists(dataPath))
{
FileException ex(__FILE__, __LINE__);
ex.path = dataPath;
ex.error = IceInternal::getSystemErrno();
ServiceError err(this);
err << "property `IceGrid.Node.Data' is set to an invalid path:\n" << ex;
return false;
}
//
// Creates subdirectories.
//
if(dataPath[dataPath.length() - 1] != '/')
{
dataPath += "/";
}
IcePatch2::createDirectory(dataPath + "servers");
IcePatch2::createDirectory(dataPath + "tmp");
IcePatch2::createDirectory(dataPath + "distrib");
#ifdef _WIN32
//
// Make sure these directories are not indexed by the Windows
// indexing service (which can cause random "Access Denied"
// errors if indexing runs at the same time as the node is
// creating/deleting files).
//
try
{
setNoIndexingAttribute(dataPath + "servers");
setNoIndexingAttribute(dataPath + "tmp");
setNoIndexingAttribute(dataPath + "distrib");
}
catch(const FileException& ex)
{
if(!nowarn)
{
Warning out(communicator()->getLogger());
out << "couldn't disable file indexing:\n" << ex;
}
}
#endif
}
//
// Check that required properties are set and valid.
//
if(properties->getProperty("IceGrid.Node.Endpoints").empty())
{
error("property `IceGrid.Node.Endpoints' is not set");
return false;
}
string name = properties->getProperty("IceGrid.Node.Name");
if(name.empty())
{
error("property `IceGrid.Node.Name' is not set");
return false;
}
//
// Setup the Freeze database environment home directory. The name of the database
// environment for the IceGrid node is the name of the node.
//
properties->setProperty("Freeze.DbEnv." + name + ".DbHome", dbPath);
//
// Create the node object adapter.
//
_adapter = communicator()->createObjectAdapter("IceGrid.Node");
//
// Setup the user account mapper if configured.
//
string mapperProperty = "IceGrid.Node.UserAccountMapper";
string mapperPropertyValue = properties->getProperty(mapperProperty);
UserAccountMapperPrx mapper;
if(!mapperPropertyValue.empty())
{
try
{
mapper = UserAccountMapperPrx::uncheckedCast(communicator()->propertyToProxy(mapperProperty));
}
catch(const std::exception& ex)
{
ServiceError err(this);
err << "user account mapper `" << mapperProperty << "' is invalid:\n" << ex;
return false;
}
}
else
{
string userAccountFileProperty = properties->getProperty("IceGrid.Node.UserAccounts");
if(!userAccountFileProperty.empty())
{
try
{
Ice::ObjectPrx object = _adapter->addWithUUID(new FileUserAccountMapperI(userAccountFileProperty));
object = object->ice_collocationOptimized(true);
mapper = UserAccountMapperPrx::uncheckedCast(object);
}
catch(const std::string& msg)
{
error(msg);
return false;
}
}
}
//
// Create a new timer to handle server activation/deactivation timeouts.
//
_timer = new IceUtil::Timer();
//
// The IceGrid instance name.
//
const string instanceName = communicator()->getDefaultLocator()->ice_getIdentity().category;
_sessions.reset(new NodeSessionManager(communicator()));
//
// Create the server factory. The server factory creates persistent objects
// for the server and server adapter. It also takes care of installing the
// evictors and object factories necessary to store these objects.
//
Identity id = communicator()->stringToIdentity(instanceName + "/Node-" + name);
NodePrx nodeProxy = NodePrx::uncheckedCast(_adapter->createProxy(id));
_node = new NodeI(_adapter, *_sessions, _activator, _timer, traceLevels, nodeProxy, name, mapper);
_adapter->add(_node, nodeProxy->ice_getIdentity());
_adapter->addServantLocator(new DefaultServantLocator(new NodeServerAdminRouter(_node)),
_node->getServerAdminCategory());
//
// Start the platform info thread if needed.
//
_node->getPlatformInfo().start();
//
// Ensures that the locator is reachable.
//
if(!nowarn)
{
try
{
communicator()->getDefaultLocator()->ice_timeout(1000)->ice_ping();
}
catch(const Ice::LocalException& ex)
{
Warning out(communicator()->getLogger());
out << "couldn't reach the IceGrid registry (this is expected ";
out << "if it's down, otherwise please check the value of the ";
out << "Ice.Default.Locator property):\n" << ex;
}
}
//
// Create the node sessions with the registries.
//
_sessions->create(_node);
//
// In some tests, we deploy icegridnodes using IceGrid:
//
if(properties->getProperty("Ice.Admin.Endpoints") != "")
{
//
// Replace Process facet and create Admin object
//
try
{
ProcessPtr origProcess = ProcessPtr::dynamicCast(communicator()->removeAdminFacet("Process"));
communicator()->addAdminFacet(new ProcessI(_activator, origProcess), "Process");
communicator()->getAdmin();
}
catch(const Ice::NotRegisteredException&)
{
//
// Some plug-in removed the Process facet, so we don't replace it.
// (unlikely error though)
//
}
}
//
// Start the activator.
//
_activator->start();
//
// Activate the adapter.
//
_adapter->activate();
//
// Notify the node session manager that the node can start
// accepting incoming connections.
//
_sessions->activate();
string bundleName = properties->getProperty("IceGrid.Node.PrintServersReady");
if(!bundleName.empty() || !desc.empty())
{
enableInterrupt();
if(!_sessions->waitForCreate())
{
//
// Create was interrupted, return true as if the service was
// correctly initiliazed to make sure it's properly stopped.
//
return true;
}
disableInterrupt();
}
//
// Deploy application if a descriptor is passed as a command-line option.
//
if(!desc.empty())
{
try
{
Ice::Identity regId;
regId.category = instanceName;
regId.name = "Registry";
RegistryPrx registry = RegistryPrx::checkedCast(communicator()->getDefaultLocator()->findObjectById(regId));
if(!registry)
{
throw "invalid registry";
}
registry = registry->ice_preferSecure(true); // Use SSL if available.
IceGrid::AdminSessionPrx session;
if(communicator()->getProperties()->getPropertyAsInt("IceGridAdmin.AuthenticateUsingSSL"))
{
session = registry->createAdminSessionFromSecureConnection();
}
else
{
string id = communicator()->getProperties()->getProperty("IceGridAdmin.Username");
string password = communicator()->getProperties()->getProperty("IceGridAdmin.Password");
while(id.empty())
{
cout << "user id: " << flush;
getline(cin, id);
id = IceUtilInternal::trim(id);
}
if(password.empty())
{
cout << "password: "******"failed to deploy application `" << desc << "':\n" << ex;
}
catch(const AccessDeniedException& ex)
{
ServiceWarning warn(this);
warn << "failed to deploy application `" << desc << "':\n"
<< "registry database is locked by `" << ex.lockUserId << "'";
}
catch(const std::exception& ex)
{
ServiceWarning warn(this);
warn << "failed to deploy application `" << desc << "':\n" << ex;
}
catch(const string& reason)
{
ServiceWarning warn(this);
warn << "failed to deploy application `" << desc << "':\n" << reason;
}
}
if(!bundleName.empty())
{
print(bundleName + " ready");
}
return true;
}
void
Ice::ObjectAdapterI::initialize(const RouterPrx& router)
{
if(_noConfig)
{
_reference = _instance->referenceFactory()->create("dummy -t", "");
return;
}
PropertiesPtr properties = _instance->initializationData().properties;
StringSeq unknownProps;
bool noProps = filterProperties(unknownProps);
//
// Warn about unknown object adapter properties.
//
if(unknownProps.size() != 0 && properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0)
{
Warning out(_instance->initializationData().logger);
out << "found unknown properties for object adapter `" << _name << "':";
for(unsigned int i = 0; i < unknownProps.size(); ++i)
{
out << "\n " << unknownProps[i];
}
}
try
{
//
// Make sure named adapter has some configuration
//
if(router == 0 && noProps)
{
InitializationException ex(__FILE__, __LINE__);
ex.reason = "object adapter `" + _name + "' requires configuration";
throw ex;
}
const_cast<string&>(_id) = properties->getProperty(_name + ".AdapterId");
const_cast<string&>(_replicaGroupId) = properties->getProperty(_name + ".ReplicaGroupId");
//
// Setup a reference to be used to get the default proxy options
// when creating new proxies. By default, create twoway proxies.
//
string proxyOptions = properties->getPropertyWithDefault(_name + ".ProxyOptions", "-t");
try
{
_reference = _instance->referenceFactory()->create("dummy " + proxyOptions, "");
}
catch(const ProxyParseException&)
{
InitializationException ex(__FILE__, __LINE__);
ex.reason = "invalid proxy options `" + proxyOptions + "' for object adapter `" + _name + "'";
throw ex;
}
int threadPoolSize = properties->getPropertyAsInt(_name + ".ThreadPool.Size");
int threadPoolSizeMax = properties->getPropertyAsInt(_name + ".ThreadPool.SizeMax");
bool hasPriority = properties->getProperty(_name + ".ThreadPool.ThreadPriority") != "";
//
// Create the per-adapter thread pool, if necessary. This is done before the creation of the incoming
// connection factory as the thread pool is needed during creation for the call to incFdsInUse.
//
if(threadPoolSize > 0 || threadPoolSizeMax > 0 || hasPriority)
{
_threadPool = new ThreadPool(_instance, _name + ".ThreadPool", 0);
}
_hasAcmTimeout = properties->getProperty(_name + ".ACM") != "";
if(_hasAcmTimeout)
{
_acmTimeout = properties->getPropertyAsInt(_name + ".ACM");
_instance->connectionMonitor()->checkIntervalForACM(_acmTimeout);
}
if(!router)
{
const_cast<RouterPrx&>(router) = RouterPrx::uncheckedCast(
_instance->proxyFactory()->propertyToProxy(_name + ".Router"));
}
if(router)
{
_routerInfo = _instance->routerManager()->get(router);
if(_routerInfo)
{
//
// Make sure this router is not already registered with another adapter.
//
if(_routerInfo->getAdapter())
{
throw AlreadyRegisteredException(__FILE__, __LINE__, "object adapter with router",
_instance->identityToString(router->ice_getIdentity()));
}
//
// Add the router's server proxy endpoints to this object
// adapter.
//
vector<EndpointIPtr> endpoints = _routerInfo->getServerEndpoints();
copy(endpoints.begin(), endpoints.end(), back_inserter(_routerEndpoints));
sort(_routerEndpoints.begin(), _routerEndpoints.end()); // Must be sorted.
_routerEndpoints.erase(unique(_routerEndpoints.begin(), _routerEndpoints.end()),
_routerEndpoints.end());
//
// Associate this object adapter with the router. This way,
// new outgoing connections to the router's client proxy will
// use this object adapter for callbacks.
//
_routerInfo->setAdapter(this);
//
// Also modify all existing outgoing connections to the
// router's client proxy to use this object adapter for
// callbacks.
//
_instance->outgoingConnectionFactory()->setRouterInfo(_routerInfo);
}
}
else
{
//
// Parse the endpoints, but don't store them in the adapter.
// The connection factory might change it, for example, to
// fill in the real port number.
//
vector<EndpointIPtr> endpoints = parseEndpoints(properties->getProperty(_name + ".Endpoints"), true);
for(vector<EndpointIPtr>::iterator p = endpoints.begin(); p != endpoints.end(); ++p)
{
IncomingConnectionFactoryPtr factory = new IncomingConnectionFactory(_instance, *p, this);
factory->initialize(_name);
_incomingConnectionFactories.push_back(factory);
}
if(endpoints.empty())
{
TraceLevelsPtr tl = _instance->traceLevels();
if(tl->network >= 2)
{
Trace out(_instance->initializationData().logger, tl->networkCat);
out << "created adapter `" << _name << "' without endpoints";
}
}
//
// Parse the published endpoints.
//
_publishedEndpoints = parsePublishedEndpoints();
}
if(!properties->getProperty(_name + ".Locator").empty())
{
setLocator(LocatorPrx::uncheckedCast(_instance->proxyFactory()->propertyToProxy(_name + ".Locator")));
}
else
{
setLocator(_instance->referenceFactory()->getDefaultLocator());
}
}
catch(...)
{
destroy();
throw;
}
}
void
SChannelEngine::initialize()
{
Mutex::Lock lock(_mutex);
if(_initialized)
{
return;
}
SSLEngine::initialize();
const string prefix = "IceSSL.";
const PropertiesPtr properties = communicator()->getProperties();
//
// Protocols selects which protocols to enable, by default we only enable TLS1.0
// TLS1.1 and TLS1.2 to avoid security issues with SSLv3
//
vector<string> defaultProtocols;
defaultProtocols.push_back("tls1_0");
defaultProtocols.push_back("tls1_1");
defaultProtocols.push_back("tls1_2");
const_cast<DWORD&>(_protocols) =
parseProtocols(properties->getPropertyAsListWithDefault(prefix + "Protocols", defaultProtocols));
//
// Check for a default directory. We look in this directory for
// files mentioned in the configuration.
//
string defaultDir = properties->getProperty(prefix + "DefaultDir");
int passwordRetryMax = properties->getPropertyAsIntWithDefault(prefix + "PasswordRetryMax", 3);
PasswordPromptPtr passwordPrompt = getPasswordPrompt();
setPassword(properties->getProperty(prefix + "Password"));
string ciphers = properties->getProperty(prefix + "Ciphers");
if(!ciphers.empty())
{
parseCiphers(ciphers);
}
if(securityTraceLevel() >= 1)
{
ostringstream os;
os << "enabling SSL ciphersuites:";
if(_ciphers.empty())
{
for(int i = 0; i < supportedCiphersSize; ++i)
{
os << "\n " << getCipherName(supportedCiphers[i]);
}
}
else
{
for(vector<ALG_ID>::const_iterator i = _ciphers.begin(); i != _ciphers.end(); ++i)
{
os << "\n " << getCipherName(*i);
}
}
getLogger()->trace(securityTraceCategory(), os.str());
}
string certStore = properties->getPropertyWithDefault(prefix + "CertStore", "CurrentUser");
if(certStore != "CurrentUser" && certStore != "LocalMachine")
{
getLogger()->warning("Invalid IceSSL.CertStore value `" + certStore + "' adjusted to `CurrentUser'");
certStore = "CurrentUser";
}
//
// Create trusted CA store with contents of CertAuthFile
//
string caFile = properties->getProperty(prefix + "CertAuthFile");
if(!caFile.empty())
{
_rootStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0);
if(!_rootStore)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error creating in memory certificate store:\n" + lastErrorToString());
}
if(!checkPath(caFile, defaultDir, false))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: CA certificate file not found:\n" + caFile);
}
addCertificateToStore(caFile, _rootStore);
//
// Create a chain engine that uses our Trusted Root Store
//
#ifdef __MINGW32__
CertChainEngineConfig config;
memset(&config, 0, sizeof(CertChainEngineConfig));
config.cbSize = sizeof(CertChainEngineConfig);
#else
CERT_CHAIN_ENGINE_CONFIG config;
memset(&config, 0, sizeof(CERT_CHAIN_ENGINE_CONFIG));
config.cbSize = sizeof(CERT_CHAIN_ENGINE_CONFIG);
#endif
config.hExclusiveRoot = _rootStore;
//
// Build the chain using the LocalMachine registry location as opposed
// to the CurrentUser location.
//
if(certStore == "LocalMachine")
{
config.dwFlags = CERT_CHAIN_USE_LOCAL_MACHINE_STORE;
}
#ifdef __MINGW32__
if(!CertCreateCertificateChainEngine(reinterpret_cast<CERT_CHAIN_ENGINE_CONFIG*>(&config), &_chainEngine))
#else
if(!CertCreateCertificateChainEngine(&config, &_chainEngine))
#endif
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error creating certificate chain engine:\n" + lastErrorToString());
}
}
else
{
_chainEngine = (certStore == "LocalMachine") ? HCCE_LOCAL_MACHINE : HCCE_CURRENT_USER;
}
//
// Import the application certificate and private keys.
//
string keySet = properties->getPropertyWithDefault(prefix + "KeySet", "DefaultKeySet");
if(keySet != "DefaultKeySet" && keySet != "UserKeySet" && keySet != "MachineKeySet")
{
getLogger()->warning("Invalid IceSSL.KeySet value `" + keySet + "' adjusted to `DefaultKeySet'");
keySet = "DefaultKeySet";
}
DWORD importFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET : CRYPT_USER_KEYSET;
string certFile = properties->getProperty(prefix + "CertFile");
string keyFile = properties->getPropertyWithDefault(prefix + "KeyFile", certFile);
if(!certFile.empty())
{
vector<string> certFiles;
if(!splitString(certFile, IceUtilInternal::pathsep, certFiles) || certFiles.size() > 2)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: invalid value for " + prefix + "CertFile:\n" + certFile);
}
vector<string> keyFiles;
if(!splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: invalid value for " + prefix + "KeyFile:\n" + keyFile);
}
if(certFiles.size() != keyFiles.size())
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: " + prefix + "KeyFile does not agree with " + prefix + "CertFile");
}
for(size_t i = 0; i < certFiles.size(); ++i)
{
string certFile = certFiles[i];
if(!checkPath(certFile, defaultDir, false))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: certificate file not found:\n" + certFile);
}
vector<char> buffer;
readFile(certFile, buffer);
CRYPT_DATA_BLOB pfxBlob;
pfxBlob.cbData = static_cast<DWORD>(buffer.size());
pfxBlob.pbData = reinterpret_cast<BYTE*>(&buffer[0]);
HCERTSTORE store = 0;
PCCERT_CONTEXT cert = 0;
int err = 0;
int count = 0;
do
{
string s = password(false);
store = PFXImportCertStore(&pfxBlob, stringToWstring(s).c_str(), importFlags);
err = store ? 0 : GetLastError();
}
while(err == ERROR_INVALID_PASSWORD && passwordPrompt && ++count < passwordRetryMax);
if(store)
{
_stores.push_back(store);
cert = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0, CERT_FIND_ANY, 0, cert);
if(!cert)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: certificate error:\n" + lastErrorToString());
}
_certs.push_back(cert);
continue;
}
assert(err);
if(err != CRYPT_E_BAD_ENCODE)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error decoding certificate:\n" + lastErrorToString());
}
//
// Try to load certificate & key as PEM files.
//
err = 0;
keyFile = keyFiles[i];
if(!checkPath(keyFile, defaultDir, false))
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile);
}
readFile(keyFile, buffer);
vector<BYTE> outBuffer;
outBuffer.resize(buffer.size());
DWORD outLength = static_cast<DWORD>(buffer.size());
//
// Convert the PEM encoded buffer to DER binary format.
//
if(!CryptStringToBinary(&buffer[0], static_cast<DWORD>(buffer.size()), CRYPT_STRING_BASE64HEADER,
&outBuffer[0], &outLength, 0, 0))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error decoding key:\n" + lastErrorToString());
}
PCRYPT_PRIVATE_KEY_INFO keyInfo = 0;
BYTE* key = 0;
HCRYPTKEY hKey = 0;
try
{
DWORD decodedLength = 0;
if(!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_PRIVATE_KEY_INFO, &outBuffer[0], outLength,
CRYPT_DECODE_ALLOC_FLAG, 0, &keyInfo, &decodedLength))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error decoding key:\n" + lastErrorToString());
}
//
// Check that we are using a RSA Key
//
if(strcmp(keyInfo->Algorithm.pszObjId, szOID_RSA_RSA))
{
throw PluginInitializationException(__FILE__, __LINE__,
string("IceSSL: error unknow key algorithm: `") + keyInfo->Algorithm.pszObjId + "'");
}
//
// Create a new RSA key set to store our key
//
const wstring keySetName = stringToWstring(generateUUID());
HCRYPTPROV cryptProv = 0;
DWORD contextFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET :
CRYPT_NEWKEYSET;
if(!CryptAcquireContextW(&cryptProv, keySetName.c_str(), MS_DEF_PROV_W, PROV_RSA_FULL, contextFlags))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error acquiring cryptographic context:\n" + lastErrorToString());
}
//
// Decode the private key BLOB
//
if(!CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY,
keyInfo->PrivateKey.pbData, keyInfo->PrivateKey.cbData,
CRYPT_DECODE_ALLOC_FLAG, 0, &key, &outLength))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error decoding key:\n" + lastErrorToString());
}
LocalFree(keyInfo);
keyInfo = 0;
//
// Import the private key
//
if(!CryptImportKey(cryptProv, key, outLength, 0, 0, &hKey))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error importing key:\n" + lastErrorToString());
}
LocalFree(key);
key = 0;
CryptDestroyKey(hKey);
hKey = 0;
//
// Create a new memory store to place the certificate
//
store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0);
if(!store)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error creating certificate store:\n" + lastErrorToString());
}
addCertificateToStore(certFile, store, &cert);
//
// Associate key & certificate
//
CRYPT_KEY_PROV_INFO keyProvInfo;
memset(&keyProvInfo, 0, sizeof(keyProvInfo));
keyProvInfo.pwszContainerName = const_cast<wchar_t*>(keySetName.c_str());
keyProvInfo.pwszProvName = const_cast<wchar_t*>(MS_DEF_PROV_W);
keyProvInfo.dwProvType = PROV_RSA_FULL;
keyProvInfo.dwKeySpec = AT_KEYEXCHANGE;
if(!CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo))
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: error seting certificate property:\n" + lastErrorToString());
}
_certs.push_back(cert);
_stores.push_back(store);
}
catch(...)
{
if(keyInfo)
{
LocalFree(keyInfo);
}
if(key)
{
LocalFree(key);
}
if(hKey)
{
CryptDestroyKey(hKey);
}
if(cert)
{
CertFreeCertificateContext(cert);
}
if(store)
{
CertCloseStore(store, 0);
}
throw;
}
}
_allCerts.insert(_allCerts.end(), _certs.begin(), _certs.end());
}
const string findPrefix = prefix + "FindCert.";
map<string, string> certProps = properties->getPropertiesForPrefix(findPrefix);
if(!certProps.empty())
{
for(map<string, string>::const_iterator i = certProps.begin(); i != certProps.end(); ++i)
{
const string name = i->first;
const string val = i->second;
if(!val.empty())
{
string storeSpec = name.substr(findPrefix.size());
vector<PCCERT_CONTEXT> certs = findCertificates(name, storeSpec, val, _stores);
_allCerts.insert(_allCerts.end(), certs.begin(), certs.end());
}
}
if(_allCerts.empty())
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no certificates found");
}
}
_initialized = true;
}
