Glacier2::SessionPrx AdminSSLSessionManagerI::create(const Glacier2::SSLInfo& info, const Glacier2::SessionControlPrx& ctl, const Ice::Current&) { string userDN; if(!info.certs.empty()) // TODO: Require userDN? { try { IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]); userDN = cert->getSubjectDN(); } catch(const Ice::Exception& e) { // This shouldn't happen, the SSLInfo is supposed to be encoded by Glacier2. Ice::Error out(_factory->getTraceLevels()->logger); out << "SSL session manager couldn't decode SSL certificates:\n" << e; Glacier2::CannotCreateSessionException ex; ex.reason = "internal server error"; throw ex; } } return _factory->createGlacier2Session(userDN, ctl); }
virtual Glacier2::SessionPrx create(const Glacier2::SSLInfo& info, const Glacier2::SessionControlPrx&, const Ice::Current& current) { testContext(true, current.ctx); test(info.remoteHost == "127.0.0.1"); test(info.localHost == "127.0.0.1"); test(info.localPort == 12348); try { IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]); test(cert->getIssuerDN() == IceSSL::DistinguishedName( "[email protected],CN=ZeroC Test CA,OU=Ice,O=ZeroC\\, Inc.,L=Palm Beach Gardens," "ST=Florida,C=US")); test(cert->getSubjectDN() == IceSSL::DistinguishedName( "CN=Client,[email protected],OU=Ice,O=ZeroC\\, Inc.,ST=Florida,C=US")); test(cert->checkValidity()); } catch(const IceSSL::CertificateReadException&) { test(false); } Glacier2::SessionPtr session = new SessionI(true, true); return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(session)); }
virtual bool authorize(const Glacier2::SSLInfo& info, string&, const Ice::Current& current) const { testContext(true, current.ctx); IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]); test(cert->getIssuerDN() == IceSSL::DistinguishedName( "[email protected],CN=ZeroC Test CA,OU=Ice,O=ZeroC\\, Inc.," "L=Palm Beach Gardens,ST=Florida,C=US")); test(cert->getSubjectDN() == IceSSL::DistinguishedName( "CN=Client,[email protected],OU=Ice,O=ZeroC\\, Inc.,ST=Florida,C=US")); test(cert->checkValidity()); return true; }
virtual bool authorize(const Glacier2::SSLInfo& info, string&, const Ice::Current& current) const { if(current.ctx.find("throw") != current.ctx.end()) { throw Test::ExtendedPermissionDeniedException("reason"); } test(info.certs.size() > 0); IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]); test(cert->getIssuerDN() == IceSSL::DistinguishedName( "[email protected],C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=Ice Tests CA")); test(cert->getSubjectDN() == IceSSL::DistinguishedName( "[email protected],C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=client")); test(cert->checkValidity()); return true; }
virtual bool authorize(const Glacier2::SSLInfo& info, string&, const Ice::Current& current) const { if(current.ctx.find("throw") != current.ctx.end()) { throw Test::ExtendedPermissionDeniedException("reason"); } IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]); test(cert->getIssuerDN() == IceSSL::DistinguishedName( "[email protected],CN=ZeroC Test CA,OU=Ice,O=ZeroC\\, Inc.,L=Palm Beach Gardens," "ST=Florida,C=US")); test(cert->getSubjectDN() == IceSSL::DistinguishedName( "CN=Client,[email protected],OU=Ice,O=ZeroC\\, Inc.,ST=Florida,C=US")); test(cert->checkValidity()); return true; }
bool OpenSSLCertificateI::verify(const IceSSL::CertificatePtr& cert) const { OpenSSLCertificateI* c = dynamic_cast<OpenSSLCertificateI*>(cert.get()); if(c) { EVP_PKEY* key = X509_get_pubkey(c->_cert); bool verified = X509_verify(_cert, key) > 0; EVP_PKEY_free(key); return verified; } return false; }