Пример #1
0
Glacier2::SessionPrx
AdminSSLSessionManagerI::create(const Glacier2::SSLInfo& info, 
                                const Glacier2::SessionControlPrx& ctl,
                                const Ice::Current&)
{
    string userDN;
    if(!info.certs.empty()) // TODO: Require userDN?
    {
        try
        {
            IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
            userDN = cert->getSubjectDN();
        }
        catch(const Ice::Exception& e)
        {
            // This shouldn't happen, the SSLInfo is supposed to be encoded by Glacier2.
            Ice::Error out(_factory->getTraceLevels()->logger);
            out << "SSL session manager couldn't decode SSL certificates:\n" << e;

            Glacier2::CannotCreateSessionException ex;
            ex.reason = "internal server error";
            throw ex;
        }
    }

    return _factory->createGlacier2Session(userDN, ctl);
}
Пример #2
0
    virtual Glacier2::SessionPrx
    create(const Glacier2::SSLInfo& info, const Glacier2::SessionControlPrx&, const Ice::Current& current)
    {
        testContext(true, current.ctx);

        test(info.remoteHost == "127.0.0.1");
        test(info.localHost == "127.0.0.1");
        test(info.localPort == 12348);

        try
        {
            IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
            test(cert->getIssuerDN() == IceSSL::DistinguishedName(
                "[email protected],CN=ZeroC Test CA,OU=Ice,O=ZeroC\\, Inc.,L=Palm Beach Gardens,"
                "ST=Florida,C=US"));
            test(cert->getSubjectDN() == IceSSL::DistinguishedName(
                "CN=Client,[email protected],OU=Ice,O=ZeroC\\, Inc.,ST=Florida,C=US"));
            test(cert->checkValidity());
        }
        catch(const IceSSL::CertificateReadException&)
        {
            test(false);
        }

        Glacier2::SessionPtr session = new SessionI(true, true);
        return Glacier2::SessionPrx::uncheckedCast(current.adapter->addWithUUID(session));
    }
Пример #3
0
    virtual bool
    authorize(const Glacier2::SSLInfo& info, string&, const Ice::Current& current) const
    {
        testContext(true, current.ctx);

        IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
        test(cert->getIssuerDN() == IceSSL::DistinguishedName(
            "[email protected],CN=ZeroC Test CA,OU=Ice,O=ZeroC\\, Inc.,"
             "L=Palm Beach Gardens,ST=Florida,C=US"));
        test(cert->getSubjectDN() == IceSSL::DistinguishedName(
            "CN=Client,[email protected],OU=Ice,O=ZeroC\\, Inc.,ST=Florida,C=US"));
        test(cert->checkValidity());

        return true;
    }
Пример #4
0
    virtual bool
    authorize(const Glacier2::SSLInfo& info, string&, const Ice::Current& current) const
    {
        if(current.ctx.find("throw") != current.ctx.end())
        {
            throw Test::ExtendedPermissionDeniedException("reason");
        }
        test(info.certs.size() > 0);
        IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
        test(cert->getIssuerDN() == IceSSL::DistinguishedName(
                 "[email protected],C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=Ice Tests CA"));
        test(cert->getSubjectDN() == IceSSL::DistinguishedName(
                 "[email protected],C=US,ST=Florida,L=Jupiter,O=ZeroC\\, Inc.,OU=Ice,CN=client"));
        test(cert->checkValidity());

        return true;
    }
Пример #5
0
    virtual bool
    authorize(const Glacier2::SSLInfo& info, string&, const Ice::Current& current) const
    {
        if(current.ctx.find("throw") != current.ctx.end())
        {
            throw Test::ExtendedPermissionDeniedException("reason");
        }

        IceSSL::CertificatePtr cert = IceSSL::Certificate::decode(info.certs[0]);
        test(cert->getIssuerDN() == IceSSL::DistinguishedName(
             "[email protected],CN=ZeroC Test CA,OU=Ice,O=ZeroC\\, Inc.,L=Palm Beach Gardens,"
             "ST=Florida,C=US"));
        test(cert->getSubjectDN() == IceSSL::DistinguishedName(
             "CN=Client,[email protected],OU=Ice,O=ZeroC\\, Inc.,ST=Florida,C=US"));
        test(cert->checkValidity());

        return true;
    }
Пример #6
0
bool
OpenSSLCertificateI::verify(const IceSSL::CertificatePtr& cert) const
{
    OpenSSLCertificateI* c = dynamic_cast<OpenSSLCertificateI*>(cert.get());
    if(c)
    {
        EVP_PKEY* key = X509_get_pubkey(c->_cert);
        bool verified = X509_verify(_cert, key) > 0;
        EVP_PKEY_free(key);
        return verified;
    }
    return false;
}