void IceSSL::SSLEngine::initialize() { const string propPrefix = "IceSSL."; const PropertiesPtr properties = communicator()->getProperties(); // // CheckCertName determines whether we compare the name in a peer's // certificate against its hostname. // _checkCertName = properties->getPropertyAsIntWithDefault(propPrefix + "CheckCertName", 0) > 0; // // VerifyDepthMax establishes the maximum length of a peer's certificate // chain, including the peer's certificate. A value of 0 means there is // no maximum. // _verifyDepthMax = properties->getPropertyAsIntWithDefault(propPrefix + "VerifyDepthMax", 3); // // VerifyPeer determines whether certificate validation failures abort a connection. // _verifyPeer = properties->getPropertyAsIntWithDefault(propPrefix + "VerifyPeer", 2); if(_verifyPeer < 0 || _verifyPeer > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for " + propPrefix + "VerifyPeer"); } _securityTraceLevel = properties->getPropertyAsInt("IceSSL.Trace.Security"); _securityTraceCategory = "Security"; }
void IceGrid::setupThreadPool(const PropertiesPtr& properties, const string& name, int size, int sizeMax, bool serialize) { if(properties->getPropertyAsIntWithDefault(name + ".Size", 0) < size) { ostringstream os; os << size; properties->setProperty(name + ".Size", os.str()); } else { size = properties->getPropertyAsInt(name + ".Size"); } if(sizeMax > 0 && properties->getPropertyAsIntWithDefault(name + ".SizeMax", 0) < sizeMax) { if(size >= sizeMax) { sizeMax = size * 10; } ostringstream os; os << sizeMax; properties->setProperty(name + ".SizeMax", os.str()); } if(serialize) { properties->setProperty(name + ".Serialize", "1"); } }
void Analyzer::reload(const PropertiesPtr& properties) { MCE_INFO("Analyzer::reload type: " << type_); int defaultmin = properties->getPropertyAsIntWithDefault("Analyzer."+type_+".Default.Min", INT_MIN); int defaultmax = properties->getPropertyAsIntWithDefault("Analyzer."+type_+".Default.Max", INT_MAX); int defaultmoremin = properties->getPropertyAsIntWithDefault("Analyzer."+type_+".Default.MoreMin", INT_MIN); int defaultmoremax = properties->getPropertyAsIntWithDefault("Analyzer."+type_+".Default.MoreMax", INT_MAX); LimiterPtr defaulter = new Limiter(defaultmoremin, defaultmin, defaultmax, defaultmoremax); map<string, LimiterPtr> limits; PropertyDict patterns = properties->getPropertiesForPrefix("Analyzer."+type_+".Patterns"); for (PropertyDict::iterator pattern = patterns.begin(); pattern != patterns.end(); ++pattern) { vector<string> strings; boost::algorithm::split(strings, pattern->second, boost::algorithm::is_any_of(" ")); limits[strings.at(0)]=new Limiter(lexical_cast<int>(strings.at(1)),lexical_cast<int>(strings.at(2)),lexical_cast<int>(strings.at(3)),lexical_cast<int>(strings.at(4))); } { RWRecMutex::WLock lock(mutex_); limits_ = limits; default_ = defaulter; } MCE_DEBUG("Analyzer::reload done"); }
MetricsMapI::MetricsMapI(const std::string& mapPrefix, const PropertiesPtr& properties) : _properties(properties->getPropertiesForPrefix(mapPrefix)), _retain(properties->getPropertyAsIntWithDefault(mapPrefix + "RetainDetached", 10)), _accept(parseRule(properties, mapPrefix + "Accept")), _reject(parseRule(properties, mapPrefix + "Reject")) { validateProperties(mapPrefix, properties); string groupBy = properties->getPropertyWithDefault(mapPrefix + "GroupBy", "id"); vector<string>& groupByAttributes = const_cast<vector<string>&>(_groupByAttributes); vector<string>& groupBySeparators = const_cast<vector<string>&>(_groupBySeparators); if(!groupBy.empty()) { string v; bool attribute = IceUtilInternal::isAlpha(groupBy[0]) || IceUtilInternal::isDigit(groupBy[0]); if(!attribute) { groupByAttributes.push_back(""); } for(string::const_iterator p = groupBy.begin(); p != groupBy.end(); ++p) { bool isAlphaNum = IceUtilInternal::isAlpha(*p) || IceUtilInternal::isDigit(*p) || *p == '.'; if(attribute && !isAlphaNum) { groupByAttributes.push_back(v); v = *p; attribute = false; } else if(!attribute && isAlphaNum) { groupBySeparators.push_back(v); v = *p; attribute = true; } else { v += *p; } } if(attribute) { groupByAttributes.push_back(v); } else { groupBySeparators.push_back(v); } } }
IceInternal::ThreadPool::ThreadPool(const InstancePtr& instance, const string& prefix, int timeout) : _instance(instance), _dispatcher(_instance->initializationData().dispatcher), _destroyed(false), _prefix(prefix), _selector(instance), _nextThreadId(0), _size(0), _sizeIO(0), _sizeMax(0), _sizeWarn(0), _serialize(_instance->initializationData().properties->getPropertyAsInt(_prefix + ".Serialize") > 0), _hasPriority(false), _priority(0), _serverIdleTime(timeout), _threadIdleTime(0), _stackSize(0), _inUse(0), #if !defined(ICE_USE_IOCP) && !defined(ICE_OS_WINRT) _inUseIO(0), _nextHandler(_handlers.end()), #endif _promote(true) { PropertiesPtr properties = _instance->initializationData().properties; #ifndef ICE_OS_WINRT # ifdef _WIN32 SYSTEM_INFO sysInfo; GetSystemInfo(&sysInfo); int nProcessors = sysInfo.dwNumberOfProcessors; # else int nProcessors = static_cast<int>(sysconf(_SC_NPROCESSORS_ONLN)); # endif #endif // // We use just one thread as the default. This is the fastest // possible setting, still allows one level of nesting, and // doesn't require to make the servants thread safe. // int size = properties->getPropertyAsIntWithDefault(_prefix + ".Size", 1); if(size < 1) { Warning out(_instance->initializationData().logger); out << _prefix << ".Size < 1; Size adjusted to 1"; size = 1; } int sizeMax = properties->getPropertyAsIntWithDefault(_prefix + ".SizeMax", size); #ifndef ICE_OS_WINRT if(sizeMax == -1) { sizeMax = nProcessors; } #endif if(sizeMax < size) { Warning out(_instance->initializationData().logger); out << _prefix << ".SizeMax < " << _prefix << ".Size; SizeMax adjusted to Size (" << size << ")"; sizeMax = size; } int sizeWarn = properties->getPropertyAsInt(_prefix + ".SizeWarn"); if(sizeWarn != 0 && sizeWarn < size) { Warning out(_instance->initializationData().logger); out << _prefix << ".SizeWarn < " << _prefix << ".Size; adjusted SizeWarn to Size (" << size << ")"; sizeWarn = size; } else if(sizeWarn > sizeMax) { Warning out(_instance->initializationData().logger); out << _prefix << ".SizeWarn > " << _prefix << ".SizeMax; adjusted SizeWarn to SizeMax (" << sizeMax << ")"; sizeWarn = sizeMax; } int threadIdleTime = properties->getPropertyAsIntWithDefault(_prefix + ".ThreadIdleTime", 60); if(threadIdleTime < 0) { Warning out(_instance->initializationData().logger); out << _prefix << ".ThreadIdleTime < 0; ThreadIdleTime adjusted to 0"; threadIdleTime = 0; } const_cast<int&>(_size) = size; const_cast<int&>(_sizeMax) = sizeMax; const_cast<int&>(_sizeWarn) = sizeWarn; #ifndef ICE_OS_WINRT const_cast<int&>(_sizeIO) = min(sizeMax, nProcessors); #else const_cast<int&>(_sizeIO) = sizeMax; #endif const_cast<int&>(_threadIdleTime) = threadIdleTime; #ifdef ICE_USE_IOCP _selector.setup(_sizeIO); #endif int stackSize = properties->getPropertyAsInt(_prefix + ".StackSize"); if(stackSize < 0) { Warning out(_instance->initializationData().logger); out << _prefix << ".StackSize < 0; Size adjusted to OS default"; stackSize = 0; } const_cast<size_t&>(_stackSize) = static_cast<size_t>(stackSize); const_cast<bool&>(_hasPriority) = properties->getProperty(_prefix + ".ThreadPriority") != ""; const_cast<int&>(_priority) = properties->getPropertyAsInt(_prefix + ".ThreadPriority"); if(!_hasPriority) { const_cast<bool&>(_hasPriority) = properties->getProperty("Ice.ThreadPriority") != ""; const_cast<int&>(_priority) = properties->getPropertyAsInt("Ice.ThreadPriority"); } _workQueue = new ThreadPoolWorkQueue(_instance, _selector); if(_instance->traceLevels()->threadPool >= 1) { Trace out(_instance->initializationData().logger, _instance->traceLevels()->threadPoolCat); out << "creating " << _prefix << ": Size = " << _size << ", SizeMax = " << _sizeMax << ", SizeWarn = " << _sizeWarn; } __setNoDelete(true); try { for(int i = 0 ; i < _size ; ++i) { EventHandlerThreadPtr thread = new EventHandlerThread(this, nextThreadId()); if(_hasPriority) { thread->start(_stackSize, _priority); } else { thread->start(_stackSize); } _threads.insert(thread); } } catch(const IceUtil::Exception& ex) { { Error out(_instance->initializationData().logger); out << "cannot create thread for `" << _prefix << "':\n" << ex; } destroy(); joinWithAllThreads(); __setNoDelete(false); throw; } catch(...) { __setNoDelete(false); throw; } __setNoDelete(false); }
void ServiceI::start( const string& name, const CommunicatorPtr& communicator, const StringSeq& /*args*/) { PropertiesPtr properties = communicator->getProperties(); validateProperties(name, properties, communicator->getLogger()); int id = properties->getPropertyAsIntWithDefault(name + ".NodeId", -1); // If we are using a replicated deployment and if the topic // manager thread pool max size is not set then ensure it is set // to some suitably high number. This ensures no deadlocks in the // replicated case due to call forwarding from replicas to // coordinators. if(id != -1 && properties->getProperty(name + ".TopicManager.ThreadPool.SizeMax").empty()) { properties->setProperty(name + ".TopicManager.ThreadPool.SizeMax", "100"); } Ice::ObjectAdapterPtr topicAdapter = communicator->createObjectAdapter(name + ".TopicManager"); Ice::ObjectAdapterPtr publishAdapter = communicator->createObjectAdapter(name + ".Publish"); // // We use the name of the service for the name of the database environment. // string instanceName = properties->getPropertyWithDefault(name + ".InstanceName", "IceStorm"); Identity topicManagerId; topicManagerId.category = instanceName; topicManagerId.name = "TopicManager"; if(properties->getPropertyAsIntWithDefault(name+ ".Transient", 0) > 0) { _instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter, 0); try { TransientTopicManagerImplPtr manager = new TransientTopicManagerImpl(_instance); _managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->add(manager, topicManagerId)); } catch(const Ice::Exception& ex) { _instance = 0; LoggerOutputBase s; s << "exception while starting IceStorm service " << name << ":\n"; s << ex; IceBox::FailureException e(__FILE__, __LINE__); e.reason = s.str(); throw e; } topicAdapter->activate(); publishAdapter->activate(); return; } if(id == -1) // No replication. { _instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter); try { _manager = new TopicManagerImpl(_instance); _managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->add(_manager->getServant(), topicManagerId)); } catch(const Ice::Exception& ex) { _instance = 0; LoggerOutputBase s; s << "exception while starting IceStorm service " << name << ":\n"; s << ex; IceBox::FailureException e(__FILE__, __LINE__); e.reason = s.str(); throw e; } } else { // Here we want to create a map of id -> election node // proxies. map<int, NodePrx> nodes; string topicManagerAdapterId = properties->getProperty(name + ".TopicManager.AdapterId"); // We support two possible deployments. The first is a manual // deployment, the second is IceGrid. // // Here we check for the manual deployment const string prefix = name + ".Nodes."; Ice::PropertyDict props = properties->getPropertiesForPrefix(prefix); if(!props.empty()) { for(Ice::PropertyDict::const_iterator p = props.begin(); p != props.end(); ++p) { int nodeid = atoi(p->first.substr(prefix.size()).c_str()); nodes[nodeid] = NodePrx::uncheckedCast(communicator->propertyToProxy(p->first)); } } else { // If adapter id's are defined for the topic manager or // node adapters then we consider this an IceGrid based // deployment. string nodeAdapterId = properties->getProperty(name + ".Node.AdapterId"); // Validate first that the adapter ids match for the node // and the topic manager otherwise some other deployment // is being used. const string suffix = ".TopicManager"; if(topicManagerAdapterId.empty() || nodeAdapterId.empty() || topicManagerAdapterId.replace( topicManagerAdapterId.find(suffix), suffix.size(), ".Node") != nodeAdapterId) { Ice::Error error(communicator->getLogger()); error << "deployment error: `" << topicManagerAdapterId << "' prefix does not match `" << nodeAdapterId << "'"; throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect"); } // Determine the set of node id and node proxies. // // This is determined by locating all topic manager // replicas, and then working out the node for that // replica. // // We work out the node id by removing the instance // name. The node id must follow. // IceGrid::LocatorPrx locator = IceGrid::LocatorPrx::checkedCast(communicator->getDefaultLocator()); assert(locator); IceGrid::QueryPrx query = locator->getLocalQuery(); Ice::ObjectProxySeq replicas = query->findAllReplicas( communicator->stringToProxy(instanceName + "/TopicManager")); for(Ice::ObjectProxySeq::const_iterator p = replicas.begin(); p != replicas.end(); ++p) { string adapterid = (*p)->ice_getAdapterId(); // Replace TopicManager with the node endpoint. adapterid = adapterid.replace(adapterid.find(suffix), suffix.size(), ".Node"); // The adapter id must start with the instance name. if(adapterid.find(instanceName) != 0) { Ice::Error error(communicator->getLogger()); error << "deployment error: `" << adapterid << "' does not start with `" << instanceName << "'"; throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect"); } // The node id follows. We find the first digit (the // start of the node id, and then the end of the // digits). string::size_type start = instanceName.size(); while(start < adapterid.size() && !IceUtilInternal::isDigit(adapterid[start])) { ++start; } string::size_type end = start; while(end < adapterid.size() && IceUtilInternal::isDigit(adapterid[end])) { ++end; } if(start == end) { // We must have at least one digit, otherwise there is // some sort of deployment error. Ice::Error error(communicator->getLogger()); error << "deployment error: node id does not follow instance name. instance name:" << instanceName << " adapter id: " << adapterid; throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect"); } int nodeid = atoi(adapterid.substr(start, end-start).c_str()); ostringstream os; os << "node" << nodeid; Ice::Identity id; id.category = instanceName; id.name = os.str(); nodes[nodeid] = NodePrx::uncheckedCast((*p)->ice_adapterId(adapterid)->ice_identity(id)); } } if(nodes.size() < 3) { Ice::Error error(communicator->getLogger()); error << "Replication requires at least 3 Nodes"; throw IceBox::FailureException(__FILE__, __LINE__, "Replication requires at least 3 Nodes"); } try { // If the node thread pool size is not set then initialize // to the number of nodes + 1 and disable thread pool size // warnings. if(properties->getProperty(name + ".Node.ThreadPool.Size").empty()) { ostringstream os; os << nodes.size() + 1; properties->setProperty(name + ".Node.ThreadPool.Size", os.str()); properties->setProperty(name + ".Node.ThreadPool.SizeWarn", "0"); } if(properties->getProperty(name + ".Node.MessageSizeMax").empty()) { properties->setProperty(name + ".Node.MessageSizeMax", "0"); // No limit on data exchanged internally } Ice::ObjectAdapterPtr nodeAdapter = communicator->createObjectAdapter(name + ".Node"); _instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter, nodeAdapter, nodes[id]); _instance->observers()->setMajority(static_cast<unsigned int>(nodes.size())/2); // Trace replication information. TraceLevelsPtr traceLevels = _instance->traceLevels(); if(traceLevels->election > 0) { Ice::Trace out(traceLevels->logger, traceLevels->electionCat); out << "I am node " << id << "\n"; for(map<int, NodePrx>::const_iterator p = nodes.begin(); p != nodes.end(); ++p) { out << "\tnode: " << p->first << " proxy: " << p->second->ice_toString() << "\n"; } } if(topicManagerAdapterId.empty()) { // We're not using an IceGrid deployment. Here we need // a proxy which is used to create proxies to the // replicas later. _managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->createProxy(topicManagerId)); } else { // If we're using IceGrid deployment we need to create // indirect proxies. _managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->createIndirectProxy(topicManagerId)); } _manager = new TopicManagerImpl(_instance); topicAdapter->add(_manager->getServant(), topicManagerId); ostringstream os; // The node object identity. os << "node" << id; Ice::Identity nodeid; nodeid.category = instanceName; nodeid.name = os.str(); NodeIPtr node = new NodeI(_instance, _manager, _managerProxy, id, nodes); _instance->setNode(node); nodeAdapter->add(node, nodeid); nodeAdapter->activate(); node->start(); } catch(const Ice::Exception& ex) { _instance = 0; LoggerOutputBase s; s << "exception while starting IceStorm service " << name << ":\n"; s << ex; IceBox::FailureException e(__FILE__, __LINE__); e.reason = s.str(); throw e; } } topicAdapter->add(new FinderI(TopicManagerPrx::uncheckedCast(topicAdapter->createProxy(topicManagerId))), communicator->stringToIdentity("IceStorm/Finder")); topicAdapter->activate(); publishAdapter->activate(); }
bool RouterService::start(int argc, char* argv[], int& status) { bool nowarn; IceUtilInternal::Options opts; opts.addOpt("h", "help"); opts.addOpt("v", "version"); opts.addOpt("", "nowarn"); vector<string> args; try { args = opts.parse(argc, const_cast<const char**>(argv)); } catch(const IceUtilInternal::BadOptException& e) { error(e.reason); usage(argv[0]); return false; } if(opts.isSet("help")) { usage(argv[0]); status = EXIT_SUCCESS; return false; } if(opts.isSet("version")) { print(ICE_STRING_VERSION); status = EXIT_SUCCESS; return false; } nowarn = opts.isSet("nowarn"); if(!args.empty()) { consoleErr << argv[0] << ": too many arguments" << endl; usage(argv[0]); return false; } PropertiesPtr properties = communicator()->getProperties(); // // Initialize the client object adapter. // const string clientEndpointsProperty = "Glacier2.Client.Endpoints"; if(properties->getProperty(clientEndpointsProperty).empty()) { error("property `" + clientEndpointsProperty + "' is not set"); return false; } if(properties->getPropertyAsInt("Glacier2.SessionTimeout") > 0 && properties->getProperty("Glacier2.Client.ACM.Timeout").empty()) { ostringstream os; os << properties->getPropertyAsInt("Glacier2.SessionTimeout"); properties->setProperty("Glacier2.Client.ACM.Timeout", os.str()); } if(properties->getProperty("Glacier2.Client.ACM.Close").empty()) { properties->setProperty("Glacier2.Client.ACM.Close", "4"); // Forcefull close on invocation and idle. } ObjectAdapterPtr clientAdapter = communicator()->createObjectAdapter("Glacier2.Client"); // // Initialize the server object adapter only if server endpoints // are defined. // const string serverEndpointsProperty = "Glacier2.Server.Endpoints"; ObjectAdapterPtr serverAdapter; if(!properties->getProperty(serverEndpointsProperty).empty()) { serverAdapter = communicator()->createObjectAdapter("Glacier2.Server"); } string instanceName = communicator()->getProperties()->getPropertyWithDefault("Glacier2.InstanceName", "Glacier2"); vector<string> verifierProperties; verifierProperties.push_back("Glacier2.PermissionsVerifier"); verifierProperties.push_back("Glacier2.SSLPermissionsVerifier"); Glacier2Internal::setupNullPermissionsVerifier(communicator(), instanceName, verifierProperties); string verifierProperty = verifierProperties[0]; PermissionsVerifierPrx verifier; ObjectPrx obj; try { // // We use propertyToProxy instead of stringToProxy because the property // can provide proxy attributes // obj = communicator()->propertyToProxy(verifierProperty); } catch(const std::exception& ex) { ServiceError err(this); err << "permissions verifier `" << communicator()->getProperties()->getProperty(verifierProperty) << "' is invalid:\n" << ex; return false; } if(obj) { try { verifier = PermissionsVerifierPrx::checkedCast(obj); if(!verifier) { ServiceError err(this); err << "permissions verifier `" << communicator()->getProperties()->getProperty(verifierProperty) << "' is invalid"; return false; } } catch(const Ice::Exception& ex) { if(!nowarn) { ServiceWarning warn(this); warn << "unable to contact permissions verifier `" << communicator()->getProperties()->getProperty(verifierProperty) << "'\n" << ex; } verifier = PermissionsVerifierPrx::uncheckedCast(obj); } } // // Get the session manager if specified. // string sessionManagerProperty = "Glacier2.SessionManager"; string sessionManagerPropertyValue = properties->getProperty(sessionManagerProperty); SessionManagerPrx sessionManager; if(!sessionManagerPropertyValue.empty()) { try { obj = communicator()->propertyToProxy(sessionManagerProperty); } catch(const std::exception& ex) { ServiceError err(this); err << "session manager `" << sessionManagerPropertyValue << "' is invalid\n:" << ex; return false; } try { sessionManager = SessionManagerPrx::checkedCast(obj); if(!sessionManager) { error("session manager `" + sessionManagerPropertyValue + "' is invalid"); return false; } } catch(const std::exception& ex) { if(!nowarn) { ServiceWarning warn(this); warn << "unable to contact session manager `" << sessionManagerPropertyValue << "'\n" << ex; } sessionManager = SessionManagerPrx::uncheckedCast(obj); } sessionManager = SessionManagerPrx::uncheckedCast(sessionManager->ice_connectionCached(false)->ice_locatorCacheTimeout( properties->getPropertyAsIntWithDefault("Glacier2.SessionManager.LocatorCacheTimeout", 600))); } // // Check for an SSL permissions verifier. // string sslVerifierProperty = verifierProperties[1]; SSLPermissionsVerifierPrx sslVerifier; try { obj = communicator()->propertyToProxy(sslVerifierProperty); } catch(const std::exception& ex) { ServiceError err(this); err << "ssl permissions verifier `" << communicator()->getProperties()->getProperty(sslVerifierProperty) << "' is invalid:\n" << ex; return false; } if(obj) { try { sslVerifier = SSLPermissionsVerifierPrx::checkedCast(obj); if(!sslVerifier) { ServiceError err(this); err << "ssl permissions verifier `" << communicator()->getProperties()->getProperty(sslVerifierProperty) << "' is invalid"; } } catch(const Ice::Exception& ex) { if(!nowarn) { ServiceWarning warn(this); warn << "unable to contact ssl permissions verifier `" << communicator()->getProperties()->getProperty(sslVerifierProperty) << "'\n" << ex; } sslVerifier = SSLPermissionsVerifierPrx::uncheckedCast(obj); } } // // Get the SSL session manager if specified. // string sslSessionManagerProperty = "Glacier2.SSLSessionManager"; string sslSessionManagerPropertyValue = properties->getProperty(sslSessionManagerProperty); SSLSessionManagerPrx sslSessionManager; if(!sslSessionManagerPropertyValue.empty()) { try { obj = communicator()->propertyToProxy(sslSessionManagerProperty); } catch(const std::exception& ex) { ServiceError err(this); err << "ssl session manager `" << sslSessionManagerPropertyValue << "' is invalid:\n" << ex; return false; } try { sslSessionManager = SSLSessionManagerPrx::checkedCast(obj); if(!sslSessionManager) { error("ssl session manager `" + sslSessionManagerPropertyValue + "' is invalid"); return false; } } catch(const Ice::Exception& ex) { if(!nowarn) { ServiceWarning warn(this); warn << "unable to contact ssl session manager `" << sslSessionManagerPropertyValue << "'\n" << ex; } sslSessionManager = SSLSessionManagerPrx::uncheckedCast(obj); } sslSessionManager = SSLSessionManagerPrx::uncheckedCast(sslSessionManager->ice_connectionCached(false)->ice_locatorCacheTimeout( properties->getPropertyAsIntWithDefault("Glacier2.SSLSessionManager.LocatorCacheTimeout", 600))); } if(!verifier && !sslVerifier) { error("Glacier2 requires a permissions verifier or password file"); return false; } // // Create the instance object. // try { _instance = new Glacier2::Instance(communicator(), clientAdapter, serverAdapter); } catch(const Ice::InitializationException& ex) { error("Glacier2 initialization failed:\n" + ex.reason); return false; } // // Create the session router. The session router registers itself // and all required servant locators, so no registration has to be // done here. // _sessionRouter = new SessionRouterI(_instance, verifier, sessionManager, sslVerifier, sslSessionManager); // // Th session router is used directly as servant for the main // Glacier2 router Ice object. // Identity routerId; routerId.category = instanceName; routerId.name = "router"; Glacier2::RouterPrx routerPrx = Glacier2::RouterPrx::uncheckedCast(clientAdapter->add(_sessionRouter, routerId)); // // Add the Ice router finder object to allow retrieving the router // proxy with just the endpoint information of the router. // Identity finderId; finderId.category = "Ice"; finderId.name = "RouterFinder"; clientAdapter->add(new FinderI(routerPrx), finderId); if(_instance->getObserver()) { _instance->getObserver()->setObserverUpdater(_sessionRouter); } // // Everything ok, let's go. // try { clientAdapter->activate(); if(serverAdapter) { serverAdapter->activate(); } } catch(const std::exception& ex) { { ServiceError err(this); err << "caught exception activating object adapters\n" << ex; } stop(); return false; } return true; }
// // Setup the engine. // void IceSSL::SecureTransportEngine::initialize() { IceUtil::Mutex::Lock lock(_mutex); if(_initialized) { return; } SSLEngine::initialize(); const PropertiesPtr properties = communicator()->getProperties(); // // Check for a default directory. We look in this directory for // files mentioned in the configuration. // const string defaultDir = properties->getProperty("IceSSL.DefaultDir"); // // Load the CA certificates used to authenticate peers into // _certificateAuthorities array. // try { string caFile = properties->getProperty("IceSSL.CAs"); if(caFile.empty()) { caFile = properties->getProperty("IceSSL.CertAuthFile"); } if(!caFile.empty()) { string resolved; if(!checkPath(caFile, defaultDir, false, resolved)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: CA certificate file not found:\n" + caFile); } _certificateAuthorities.reset(loadCACertificates(resolved)); } else if(properties->getPropertyAsInt("IceSSL.UsePlatformCAs") <= 0) { // Setup an empty list of Root CAs to not use the system root CAs. _certificateAuthorities.reset(CFArrayCreate(0, 0, 0, 0)); } } catch(const CertificateReadException& ce) { throw PluginInitializationException(__FILE__, __LINE__, ce.reason); } const string password = properties->getProperty("IceSSL.Password"); const int passwordRetryMax = properties->getPropertyAsIntWithDefault("IceSSL.PasswordRetryMax", 3); PasswordPromptPtr passwordPrompt = getPasswordPrompt(); string certFile = properties->getProperty("IceSSL.CertFile"); string keyFile = properties->getProperty("IceSSL.KeyFile"); string findCert = properties->getProperty("IceSSL.FindCert"); string keychain = properties->getProperty("IceSSL.Keychain"); string keychainPassword = properties->getProperty("IceSSL.KeychainPassword"); if(!certFile.empty()) { vector<string> files; if(!IceUtilInternal::splitString(certFile, IceUtilInternal::pathsep, files) || files.size() > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for IceSSL.CertFile:\n" + certFile); } vector<string> keyFiles; if(!keyFile.empty()) { if(!IceUtilInternal::splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for IceSSL.KeyFile:\n" + keyFile); } if(files.size() != keyFiles.size()) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: IceSSL.KeyFile does not agree with IceSSL.CertFile"); } } for(int i = 0; i < files.size(); ++i) { string file = files[i]; string keyFile = keyFiles.empty() ? "" : keyFiles[i]; string resolved; if(!checkPath(file, defaultDir, false, resolved)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: certificate file not found:\n" + file); } file = resolved; if(!keyFile.empty()) { if(!checkPath(keyFile, defaultDir, false, resolved)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile); } keyFile = resolved; } try { _chain.reset(loadCertificateChain(file, keyFile, keychain, keychainPassword, password, passwordPrompt, passwordRetryMax)); break; } catch(const CertificateReadException& ce) { // // If this is the last certificate rethrow the exception as PluginInitializationException, // otherwise try the next certificate. // if(i == files.size() - 1) { throw PluginInitializationException(__FILE__, __LINE__, ce.reason); } } } } else if(!findCert.empty()) { _chain.reset(findCertificateChain(keychain, keychainPassword, findCert)); } // // DiffieHellmanParams in DER format. // #if defined(ICE_USE_SECURE_TRANSPORT_MACOS) string dhFile = properties->getProperty("IceSSL.DHParams"); if(!dhFile.empty()) { string resolved; if(!checkPath(dhFile, defaultDir, false, resolved)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: DH params file not found:\n" + dhFile); } readFile(resolved, _dhParams); } #endif // // Establish the cipher list. // const string ciphers = properties->getProperty("IceSSL.Ciphers"); CiphersHelper::initialize(); if(!ciphers.empty()) { parseCiphers(ciphers); } if(securityTraceLevel() >= 1) { ostringstream os; os << "enabling SSL ciphersuites:"; if(_ciphers.empty()) { map<string, SSLCipherSuite> enabled = CiphersHelper::ciphers(); for(map<string, SSLCipherSuite>::const_iterator i = enabled.begin(); i != enabled.end(); ++i) { os << "\n " << i->first; } } else { for(vector<SSLCipherSuite>::const_iterator i = _ciphers.begin(); i != _ciphers.end(); ++i) { os << "\n " << getCipherName(*i); } } getLogger()->trace(securityTraceCategory(), os.str()); } // // Parse protocols // const string protocolVersionMax = properties->getProperty("IceSSL.ProtocolVersionMax"); if(!protocolVersionMax.empty()) { _protocolVersionMax = parseProtocol(protocolVersionMax); } // // The default min protocol version is set to TLS1.0 to avoid security issues with SSLv3 // const string protocolVersionMin = properties->getPropertyWithDefault("IceSSL.ProtocolVersionMin", "tls1_0"); if(!protocolVersionMin.empty()) { _protocolVersionMin = parseProtocol(protocolVersionMin); } _initialized = true; }
bool RegistryI::start(bool nowarn) { assert(_communicator); PropertiesPtr properties = _communicator->getProperties(); // // Initialize the database environment. // string dbPath = properties->getProperty("IceGrid.Registry.Data"); if(dbPath.empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Data' is not set"; return false; } else { struct stat filestat; if(stat(dbPath.c_str(), &filestat) != 0 || !S_ISDIR(filestat.st_mode)) { Error out(_communicator->getLogger()); SyscallException ex(__FILE__, __LINE__); ex.error = getSystemErrno(); out << "property `IceGrid.Registry.Data' is set to an invalid path:\n" << ex; return false; } } // // Check that required properties are set and valid. // if(properties->getProperty("IceGrid.Registry.Client.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Client.Endpoints' is not set"; return false; } if(properties->getProperty("IceGrid.Registry.Server.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Server.Endpoints' is not set"; return false; } if(properties->getProperty("IceGrid.Registry.Internal.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Internal.Endpoints' is not set"; return false; } if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty()) { if(!nowarn) { Warning out(_communicator->getLogger()); out << "session manager endpoints `IceGrid.Registry.SessionManager.Endpoints' enabled"; } } properties->setProperty("Ice.PrintProcessId", "0"); properties->setProperty("Ice.ServerIdleTime", "0"); properties->setProperty("IceGrid.Registry.Client.AdapterId", ""); properties->setProperty("IceGrid.Registry.Server.AdapterId", ""); properties->setProperty("IceGrid.Registry.SessionManager.AdapterId", ""); properties->setProperty("IceGrid.Registry.Internal.AdapterId", ""); setupThreadPool(properties, "Ice.ThreadPool.Client", 1, 100); setupThreadPool(properties, "IceGrid.Registry.Client.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.Server.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.SessionManager.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.Internal.ThreadPool", 1, 100); _replicaName = properties->getPropertyWithDefault("IceGrid.Registry.ReplicaName", "Master"); _master = _replicaName == "Master"; _sessionTimeout = properties->getPropertyAsIntWithDefault("IceGrid.Registry.SessionTimeout", 30); // // Get the instance name // if(_master) { _instanceName = properties->getProperty("IceGrid.InstanceName"); if(_instanceName.empty()) { if(_communicator->getDefaultLocator()) { _instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category; } else { _instanceName = "IceGrid"; } } } else { if(properties->getProperty("Ice.Default.Locator").empty()) { Error out(_communicator->getLogger()); out << "property `Ice.Default.Locator' is not set"; return false; } _instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category; } // // Ensure that nothing is running on this port. This is also // useful to ensure that we don't run twice the same instance of // the service too (which would cause the database environment of // the already running instance to be "corrupted".) // try { string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints"); string strPrx = _instanceName + "/Locator:" + endpoints; _communicator->stringToProxy(strPrx)->ice_timeout(5000)->ice_ping(); Error out(_communicator->getLogger()); out << "an IceGrid registry is already running and listening on the client endpoints `" << endpoints << "'"; return false; } catch(const Ice::LocalException&) { } properties->setProperty("Freeze.DbEnv.Registry.DbHome", dbPath); properties->setProperty("Freeze.DbEnv.Registry.DbPrivate", "0"); // // Create the reaper thread. // _reaper = new ReapThread(); _reaper->start(); // // Create the internal registry object adapter. // ObjectAdapterPtr registryAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Internal"); registryAdapter->activate(); // // Create the internal IceStorm service. // Identity registryTopicManagerId; registryTopicManagerId.category = _instanceName; registryTopicManagerId.name = "RegistryTopicManager"; _iceStorm = IceStorm::Service::create(_communicator, registryAdapter, registryAdapter, "IceGrid.Registry", registryTopicManagerId, "Registry"); const IceStorm::TopicManagerPrx topicManager = _iceStorm->getTopicManager(); // // Create the registry database. // _database = new Database(registryAdapter, topicManager, _instanceName, _traceLevels, getInfo()); _wellKnownObjects = new WellKnownObjectsManager(_database); // // Get the saved replica/node proxies and remove them from the // database. // Ice::ObjectProxySeq proxies; Ice::ObjectProxySeq::const_iterator p; NodePrxSeq nodes; proxies = _database->getInternalObjectsByType(Node::ice_staticId()); for(p = proxies.begin(); p != proxies.end(); ++p) { nodes.push_back(NodePrx::uncheckedCast(*p)); } InternalRegistryPrxSeq replicas; proxies = _database->getObjectsByType(InternalRegistry::ice_staticId()); for(p = proxies.begin(); p != proxies.end(); ++p) { replicas.push_back(InternalRegistryPrx::uncheckedCast(*p)); } // // NOTE: The internal registry object must be added only once the // node/replica proxies are retrieved and removed from the // database. Otherwise, if some replica/node register as soon as // the internal registry is setup we might clear valid proxies. // InternalRegistryPrx internalRegistry = setupInternalRegistry(registryAdapter); if(_master) { nodes = registerReplicas(internalRegistry, replicas, nodes); registerNodes(internalRegistry, nodes); } else { InternalReplicaInfoPtr info = _platform.getInternalReplicaInfo(); _session.create(_replicaName, info, _database, _wellKnownObjects, internalRegistry); registerNodes(internalRegistry, _session.getNodes(nodes)); } ObjectAdapterPtr serverAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Server"); _clientAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Client"); ObjectAdapterPtr sessionManagerAdapter; if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty()) { sessionManagerAdapter = _communicator->createObjectAdapter("IceGrid.Registry.SessionManager"); } Ice::Identity dummy; dummy.name = "dummy"; _wellKnownObjects->addEndpoint("Client", _clientAdapter->createDirectProxy(dummy)); _wellKnownObjects->addEndpoint("Server", serverAdapter->createDirectProxy(dummy)); if(sessionManagerAdapter) { _wellKnownObjects->addEndpoint("SessionManager", sessionManagerAdapter->createDirectProxy(dummy)); } _wellKnownObjects->addEndpoint("Internal", registryAdapter->createDirectProxy(dummy)); setupNullPermissionsVerifier(registryAdapter); if(!setupUserAccountMapper(registryAdapter)) { return false; } QueryPrx query = setupQuery(_clientAdapter); RegistryPrx registry = setupRegistry(_clientAdapter); Ice::LocatorRegistryPrx locatorRegistry = setupLocatorRegistry(serverAdapter); LocatorPrx internalLocator = setupLocator(_clientAdapter, registryAdapter, locatorRegistry, registry, query); // // Add a default servant locator to the client object adapter. The // default servant ensure that request on session objects are from // the same connection as the connection that created the session. // _sessionServantLocator = new SessionServantLocatorI(_clientAdapter, _instanceName); _clientAdapter->addServantLocator(_sessionServantLocator, ""); setupClientSessionFactory(registryAdapter, sessionManagerAdapter, internalLocator, nowarn); setupAdminSessionFactory(registryAdapter, sessionManagerAdapter, internalLocator, nowarn); _wellKnownObjects->finish(); if(_master) { _wellKnownObjects->registerAll(); } else { _session.registerAllWellKnownObjects(); } // // We are ready to go! // serverAdapter->activate(); _clientAdapter->activate(); if(sessionManagerAdapter) { sessionManagerAdapter->activate(); } return true; }
bool RegistryI::startImpl() { assert(_communicator); PropertiesPtr properties = _communicator->getProperties(); // // Check that required properties are set and valid. // if(properties->getProperty("IceGrid.Registry.Client.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Client.Endpoints' is not set"; return false; } if(properties->getProperty("IceGrid.Registry.Server.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Server.Endpoints' is not set"; return false; } if(properties->getProperty("IceGrid.Registry.Internal.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Internal.Endpoints' is not set"; return false; } if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty()) { if(!_nowarn) { Warning out(_communicator->getLogger()); out << "session manager endpoints `IceGrid.Registry.SessionManager.Endpoints' enabled"; if(properties->getPropertyAsInt("IceGrid.Registry.SessionFilters") == 0) { out << " (with Glacier2 filters disabled)"; } } } if(!properties->getProperty("IceGrid.Registry.AdminSessionManager.Endpoints").empty()) { if(!_nowarn) { Warning out(_communicator->getLogger()); out << "administrative session manager endpoints `IceGrid.Registry.AdminSessionManager.Endpoints' enabled"; if(properties->getPropertyAsInt("IceGrid.Registry.AdminSessionFilters") == 0) { out << " (with Glacier2 filters disabled)"; } } } properties->setProperty("Ice.PrintProcessId", "0"); properties->setProperty("Ice.ServerIdleTime", "0"); properties->setProperty("IceGrid.Registry.Client.AdapterId", ""); properties->setProperty("IceGrid.Registry.Server.AdapterId", ""); properties->setProperty("IceGrid.Registry.SessionManager.AdapterId", ""); properties->setProperty("IceGrid.Registry.Internal.AdapterId", ""); setupThreadPool(properties, "IceGrid.Registry.Client.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.Server.ThreadPool", 1, 10, true); // Serialize for admin callbacks setupThreadPool(properties, "IceGrid.Registry.SessionManager.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.Internal.ThreadPool", 1, 100); _replicaName = properties->getPropertyWithDefault("IceGrid.Registry.ReplicaName", "Master"); _master = _replicaName == "Master"; _sessionTimeout = properties->getPropertyAsIntWithDefault("IceGrid.Registry.SessionTimeout", 30); if(!_master && properties->getProperty("Ice.Default.Locator").empty()) { if(properties->getProperty("Ice.Default.Locator").empty()) { Error out(_communicator->getLogger()); out << "property `Ice.Default.Locator' is not set"; return false; } } // // Get the instance name // if(_master) { _instanceName = properties->getProperty("IceGrid.InstanceName"); if(_instanceName.empty()) { if(_communicator->getDefaultLocator()) { _instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category; } else { _instanceName = "IceGrid"; } } } else { _instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category; } // // Ensure that nothing is running on this port. This is also // useful to ensure that we don't run twice the same instance of // the service too (which would cause the database environment of // the already running instance to be "corrupted".) // try { string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints"); string strPrx = _instanceName + "/Locator:" + endpoints; _communicator->stringToProxy(strPrx)->ice_timeout(5000)->ice_ping(); Error out(_communicator->getLogger()); out << "an IceGrid registry is already running and listening on the client endpoints `" << endpoints << "'"; return false; } catch(const Ice::LocalException&) { } // // Create the reaper thread. // _reaper = new ReapThread(); _reaper->start(); // // Create the internal registry object adapter. // ObjectAdapterPtr registryAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Internal"); registryAdapter->activate(); // // Create the internal IceStorm service. // Identity registryTopicManagerId; registryTopicManagerId.category = _instanceName; registryTopicManagerId.name = "RegistryTopicManager"; _iceStorm = IceStormInternal::Service::create(_communicator, registryAdapter, registryAdapter, "IceGrid.Registry", registryTopicManagerId, "Registry"); const IceStorm::TopicManagerPrx topicManager = _iceStorm->getTopicManager(); // // Create the registry database. // DatabasePluginPtr plugin; try { plugin = DatabasePluginPtr::dynamicCast(_communicator->getPluginManager()->getPlugin("DB")); } catch(const NotRegisteredException&) { } if(!plugin) { Error out(_communicator->getLogger()); out << "no database plugin configured with `Ice.Plugin.DB' or plugin is not a database plugin"; return false; } _database = new Database(registryAdapter, topicManager, _instanceName, _traceLevels, getInfo(), plugin, _readonly); _wellKnownObjects = new WellKnownObjectsManager(_database); // // Get the saved replica/node proxies. // ObjectProxySeq proxies; ObjectProxySeq::const_iterator p; NodePrxSeq nodes; proxies = _database->getInternalObjectsByType(Node::ice_staticId()); for(p = proxies.begin(); p != proxies.end(); ++p) { nodes.push_back(NodePrx::uncheckedCast(*p)); } InternalRegistryPrxSeq replicas; proxies = _database->getObjectsByType(InternalRegistry::ice_staticId()); for(p = proxies.begin(); p != proxies.end(); ++p) { replicas.push_back(InternalRegistryPrx::uncheckedCast(*p)); } // // NOTE: The internal registry object must be added only once the // node/replica proxies are retrieved. Otherwise, if some // replica/node register as soon as the internal registry is setup // we might clear valid proxies. // InternalRegistryPrx internalRegistry = setupInternalRegistry(registryAdapter); if(_master) { nodes = registerReplicas(internalRegistry, replicas, nodes); registerNodes(internalRegistry, nodes); } else { InternalReplicaInfoPtr info = _platform.getInternalReplicaInfo(); _session.create(_replicaName, info, _database, _wellKnownObjects, internalRegistry); registerNodes(internalRegistry, _session.getNodes(nodes)); } _serverAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Server"); _clientAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Client"); Ice::Identity dummy; dummy.name = "dummy"; _wellKnownObjects->addEndpoint("Client", _clientAdapter->createDirectProxy(dummy)); _wellKnownObjects->addEndpoint("Server", _serverAdapter->createDirectProxy(dummy)); _wellKnownObjects->addEndpoint("Internal", registryAdapter->createDirectProxy(dummy)); setupNullPermissionsVerifier(registryAdapter); if(!setupUserAccountMapper(registryAdapter)) { return false; } QueryPrx query = setupQuery(_clientAdapter); RegistryPrx registry = setupRegistry(_clientAdapter); Ice::LocatorRegistryPrx locatorRegistry = setupLocatorRegistry(_serverAdapter); LocatorPrx internalLocator = setupLocator(_clientAdapter, registryAdapter, locatorRegistry, registry, query); // // Create the session servant manager. The session servant manager is responsible // for managing sessions servants and to ensure that session servants are only // accessed by the connection that created the session. The session servant manager // also takes care of providing the router servant for server admin objects. // ObjectPtr serverAdminRouter = new RegistryServerAdminRouter(_database); AdminCallbackRouterPtr adminCallbackRouter = new AdminCallbackRouter; _servantManager = new SessionServantManager(_clientAdapter, _instanceName, true, getServerAdminCategory(), serverAdminRouter, adminCallbackRouter); _clientAdapter->addServantLocator(_servantManager, ""); _serverAdapter->addServantLocator(new DefaultServantLocator(adminCallbackRouter), ""); ObjectAdapterPtr sessionAdpt = setupClientSessionFactory(registryAdapter, internalLocator); ObjectAdapterPtr admSessionAdpt = setupAdminSessionFactory(registryAdapter, serverAdminRouter, internalLocator); _wellKnownObjects->finish(); if(_master) { _wellKnownObjects->registerAll(); } else { _session.registerAllWellKnownObjects(); } // // We are ready to go! // _serverAdapter->activate(); _clientAdapter->activate(); if(sessionAdpt) { sessionAdpt->activate(); } if(admSessionAdpt) { admSessionAdpt->activate(); } return true; }
IceInternal::DefaultsAndOverrides::DefaultsAndOverrides(const PropertiesPtr& properties) : overrideTimeout(false), overrideTimeoutValue(-1), overrideConnectTimeout(false), overrideConnectTimeoutValue(-1), overrideCloseTimeout(false), overrideCloseTimeoutValue(-1), overrideCompress(false), overrideCompressValue(false), overrideSecure(false), overrideSecureValue(false) { const_cast<string&>(defaultProtocol) = properties->getPropertyWithDefault("Ice.Default.Protocol", "tcp"); const_cast<string&>(defaultHost) = properties->getProperty("Ice.Default.Host"); string value; value = properties->getProperty("Ice.Override.Timeout"); if(!value.empty()) { const_cast<bool&>(overrideTimeout) = true; const_cast<Int&>(overrideTimeoutValue) = properties->getPropertyAsInt("Ice.Override.Timeout"); } value = properties->getProperty("Ice.Override.ConnectTimeout"); if(!value.empty()) { const_cast<bool&>(overrideConnectTimeout) = true; const_cast<Int&>(overrideConnectTimeoutValue) = properties->getPropertyAsInt("Ice.Override.ConnectTimeout"); } value = properties->getProperty("Ice.Override.CloseTimeout"); if(!value.empty()) { const_cast<bool&>(overrideCloseTimeout) = true; const_cast<Int&>(overrideCloseTimeoutValue) = properties->getPropertyAsInt("Ice.Override.CloseTimeout"); } value = properties->getProperty("Ice.Override.Compress"); if(!value.empty()) { const_cast<bool&>(overrideCompress) = true; const_cast<bool&>(overrideCompressValue) = properties->getPropertyAsInt("Ice.Override.Compress"); } value = properties->getProperty("Ice.Override.Secure"); if(!value.empty()) { const_cast<bool&>(overrideSecure) = true; const_cast<bool&>(overrideSecureValue) = properties->getPropertyAsInt("Ice.Override.Secure"); } const_cast<bool&>(defaultCollocationOptimization) = properties->getPropertyAsIntWithDefault("Ice.Default.CollocationOptimized", 1) > 0; value = properties->getPropertyWithDefault("Ice.Default.EndpointSelection", "Random"); if(value == "Random") { defaultEndpointSelection = Random; } else if(value == "Ordered") { defaultEndpointSelection = Ordered; } else { EndpointSelectionTypeParseException ex(__FILE__, __LINE__); ex.str = "illegal value `" + value + "'; expected `Random' or `Ordered'"; throw ex; } const_cast<int&>(defaultLocatorCacheTimeout) = properties->getPropertyAsIntWithDefault("Ice.Default.LocatorCacheTimeout", -1); const_cast<bool&>(defaultPreferSecure) = properties->getPropertyAsIntWithDefault("Ice.Default.PreferSecure", 0) > 0; value = properties->getPropertyWithDefault("Ice.Default.EncodingVersion", encodingVersionToString(currentEncoding)); defaultEncoding = stringToEncodingVersion(value); checkSupportedEncoding(defaultEncoding); bool slicedFormat = properties->getPropertyAsIntWithDefault("Ice.Default.SlicedFormat", 0) > 0; const_cast<FormatType&>(defaultFormat) = slicedFormat ? SlicedFormat : CompactFormat; }
IceInternal::DefaultsAndOverrides::DefaultsAndOverrides(const PropertiesPtr& properties, const LoggerPtr& logger) : overrideTimeout(false), overrideTimeoutValue(-1), overrideConnectTimeout(false), overrideConnectTimeoutValue(-1), overrideCloseTimeout(false), overrideCloseTimeoutValue(-1), overrideCompress(false), overrideCompressValue(false), overrideSecure(false), overrideSecureValue(false) { const_cast<string&>(defaultProtocol) = properties->getPropertyWithDefault("Ice.Default.Protocol", "tcp"); const_cast<string&>(defaultHost) = properties->getProperty("Ice.Default.Host"); string value; #ifndef ICE_OS_WINRT value = properties->getProperty("Ice.Default.SourceAddress"); if(!value.empty()) { const_cast<Address&>(defaultSourceAddress) = getNumericAddress(value); if(!isAddressValid(defaultSourceAddress)) { InitializationException ex(__FILE__, __LINE__); ex.reason = "invalid IP address set for Ice.Default.SourceAddress: `" + value + "'"; throw ex; } } #endif value = properties->getProperty("Ice.Override.Timeout"); if(!value.empty()) { const_cast<bool&>(overrideTimeout) = true; const_cast<Int&>(overrideTimeoutValue) = properties->getPropertyAsInt("Ice.Override.Timeout"); if(overrideTimeoutValue < 1 && overrideTimeoutValue != -1) { const_cast<Int&>(overrideTimeoutValue) = -1; Warning out(logger); out << "invalid value for Ice.Override.Timeout `" << properties->getProperty("Ice.Override.Timeout") << "': defaulting to -1"; } } value = properties->getProperty("Ice.Override.ConnectTimeout"); if(!value.empty()) { const_cast<bool&>(overrideConnectTimeout) = true; const_cast<Int&>(overrideConnectTimeoutValue) = properties->getPropertyAsInt("Ice.Override.ConnectTimeout"); if(overrideConnectTimeoutValue < 1 && overrideConnectTimeoutValue != -1) { const_cast<Int&>(overrideConnectTimeoutValue) = -1; Warning out(logger); out << "invalid value for Ice.Override.ConnectTimeout `" << properties->getProperty("Ice.Override.ConnectTimeout") << "': defaulting to -1"; } } value = properties->getProperty("Ice.Override.CloseTimeout"); if(!value.empty()) { const_cast<bool&>(overrideCloseTimeout) = true; const_cast<Int&>(overrideCloseTimeoutValue) = properties->getPropertyAsInt("Ice.Override.CloseTimeout"); if(overrideCloseTimeoutValue < 1 && overrideCloseTimeoutValue != -1) { const_cast<Int&>(overrideCloseTimeoutValue) = -1; Warning out(logger); out << "invalid value for Ice.Override.CloseTimeout `" << properties->getProperty("Ice.Override.CloseTimeout") << "': defaulting to -1"; } } value = properties->getProperty("Ice.Override.Compress"); if(!value.empty()) { const_cast<bool&>(overrideCompress) = true; const_cast<bool&>(overrideCompressValue) = properties->getPropertyAsInt("Ice.Override.Compress") > 0; } value = properties->getProperty("Ice.Override.Secure"); if(!value.empty()) { const_cast<bool&>(overrideSecure) = true; const_cast<bool&>(overrideSecureValue) = properties->getPropertyAsInt("Ice.Override.Secure") > 0; } const_cast<bool&>(defaultCollocationOptimization) = properties->getPropertyAsIntWithDefault("Ice.Default.CollocationOptimized", 1) > 0; value = properties->getPropertyWithDefault("Ice.Default.EndpointSelection", "Random"); if(value == "Random") { defaultEndpointSelection = Random; } else if(value == "Ordered") { defaultEndpointSelection = Ordered; } else { EndpointSelectionTypeParseException ex(__FILE__, __LINE__); ex.str = "illegal value `" + value + "'; expected `Random' or `Ordered'"; throw ex; } const_cast<int&>(defaultTimeout) = properties->getPropertyAsIntWithDefault("Ice.Default.Timeout", 60000); if(defaultTimeout < 1 && defaultTimeout != -1) { const_cast<Int&>(defaultTimeout) = 60000; Warning out(logger); out << "invalid value for Ice.Default.Timeout `" << properties->getProperty("Ice.Default.Timeout") << "': defaulting to 60000"; } const_cast<int&>(defaultInvocationTimeout) = properties->getPropertyAsIntWithDefault("Ice.Default.InvocationTimeout", -1); if(defaultInvocationTimeout < 1 && defaultInvocationTimeout != -1 && defaultInvocationTimeout != -2) { const_cast<Int&>(defaultInvocationTimeout) = -1; Warning out(logger); out << "invalid value for Ice.Default.InvocationTimeout `" << properties->getProperty("Ice.Default.InvocationTimeout") << "': defaulting to -1"; } const_cast<int&>(defaultLocatorCacheTimeout) = properties->getPropertyAsIntWithDefault("Ice.Default.LocatorCacheTimeout", -1); if(defaultLocatorCacheTimeout < -1) { const_cast<Int&>(defaultLocatorCacheTimeout) = -1; Warning out(logger); out << "invalid value for Ice.Default.LocatorCacheTimeout `" << properties->getProperty("Ice.Default.LocatorCacheTimeout") << "': defaulting to -1"; } const_cast<bool&>(defaultPreferSecure) = properties->getPropertyAsIntWithDefault("Ice.Default.PreferSecure", 0) > 0; value = properties->getPropertyWithDefault("Ice.Default.EncodingVersion", encodingVersionToString(currentEncoding)); defaultEncoding = stringToEncodingVersion(value); checkSupportedEncoding(defaultEncoding); bool slicedFormat = properties->getPropertyAsIntWithDefault("Ice.Default.SlicedFormat", 0) > 0; const_cast<FormatType&>(defaultFormat) = slicedFormat ? SlicedFormat : CompactFormat; }
RoutableReferencePtr IceInternal::ReferenceFactory::create(const Identity& ident, const string& facet, Reference::Mode mode, bool secure, const vector<EndpointIPtr>& endpoints, const string& adapterId, const string& propertyPrefix) { DefaultsAndOverridesPtr defaultsAndOverrides = _instance->defaultsAndOverrides(); // // Default local proxy options. // LocatorInfoPtr locatorInfo = _instance->locatorManager()->get(_defaultLocator); RouterInfoPtr routerInfo = _instance->routerManager()->get(_defaultRouter); bool collocationOptimized = defaultsAndOverrides->defaultCollocationOptimization; bool cacheConnection = true; bool preferSecure = defaultsAndOverrides->defaultPreferSecure; Ice::EndpointSelectionType endpointSelection = defaultsAndOverrides->defaultEndpointSelection; int locatorCacheTimeout = defaultsAndOverrides->defaultLocatorCacheTimeout; // // Override the defaults with the proxy properties if a property prefix is defined. // if(!propertyPrefix.empty()) { PropertiesPtr properties = _instance->initializationData().properties; if(properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0) { checkForUnknownProperties(propertyPrefix); } string property; property = propertyPrefix + ".Locator"; LocatorPrx locator = LocatorPrx::uncheckedCast(_communicator->propertyToProxy(property)); if(locator) { locatorInfo = _instance->locatorManager()->get(locator); } property = propertyPrefix + ".Router"; RouterPrx router = RouterPrx::uncheckedCast(_communicator->propertyToProxy(property)); if(router) { if(propertyPrefix.size() > 7 && propertyPrefix.substr(propertyPrefix.size() - 7, 7) == ".Router") { Warning out(_instance->initializationData().logger); out << "`" << property << "=" << properties->getProperty(property) << "': cannot set a router on a router; setting ignored"; } else { routerInfo = _instance->routerManager()->get(router); } } property = propertyPrefix + ".CollocationOptimized"; collocationOptimized = properties->getPropertyAsIntWithDefault(property, collocationOptimized) > 0; property = propertyPrefix + ".ConnectionCached"; cacheConnection = properties->getPropertyAsIntWithDefault(property, cacheConnection) > 0; property = propertyPrefix + ".PreferSecure"; preferSecure = properties->getPropertyAsIntWithDefault(property, preferSecure) > 0; property = propertyPrefix + ".EndpointSelection"; if(!properties->getProperty(property).empty()) { string type = properties->getProperty(property); if(type == "Random") { endpointSelection = Random; } else if(type == "Ordered") { endpointSelection = Ordered; } else { EndpointSelectionTypeParseException ex(__FILE__, __LINE__); ex.str = "illegal value `" + type + "'; expected `Random' or `Ordered'"; throw ex; } } property = propertyPrefix + ".LocatorCacheTimeout"; locatorCacheTimeout = properties->getPropertyAsIntWithDefault(property, locatorCacheTimeout); } // // Create new reference // return new RoutableReference(_instance, _communicator, ident, facet, mode, secure, endpoints, adapterId, locatorInfo, routerInfo, collocationOptimized, cacheConnection, preferSecure, endpointSelection, locatorCacheTimeout); }
void IceServiceInstaller::install(const PropertiesPtr& properties) { _debug = properties->getPropertyAsInt("Debug") != 0; initializeSid(properties->getPropertyWithDefault("ObjectName", "NT Authority\\LocalService")); const string defaultDisplayName[] = { "IceGrid registry (" + _icegridInstanceName + ")", "IceGrid node (" + _nodeName + " within " + _icegridInstanceName + ")", "Glacier2 router (" + _glacier2InstanceName + ")" }; const string defaultDescription[] = { "Location and deployment service for Ice applications", "Starts and monitors Ice servers", "Ice Firewall traversal service" }; string displayName = properties->getPropertyWithDefault("DisplayName", defaultDisplayName[_serviceType]); string description = properties->getPropertyWithDefault("Description", defaultDescription[_serviceType]); string imagePath = properties->getProperty("ImagePath"); if(imagePath == "") { char buffer[MAX_PATH]; DWORD size = GetModuleFileName(0, buffer, MAX_PATH); if(size == 0) { throw "Can't get full path to self: " + IceUtilInternal::errorToString(GetLastError()); } imagePath = string(buffer, size); imagePath.replace(imagePath.rfind('\\'), string::npos, "\\" + serviceTypeToLowerString(_serviceType) + ".exe"); } else { imagePath = fixDirSeparator(imagePath); } if(!fileExists(imagePath)) { throw imagePath + ": not found"; } string dependency; if(_serviceType == icegridregistry) { if(properties->getPropertyAsInt("DependOnRegistry") != 0) { throw "The IceGrid registry service can't depend on itself"; } string registryDataDir = fixDirSeparator(_serviceProperties->getProperty("IceGrid.Registry.Data")); if(registryDataDir == "") { throw "IceGrid.Registry.Data must be set in " + _configFile; } if(!IceUtilInternal::isAbsolutePath(registryDataDir)) { throw "'" + registryDataDir + "' is a relative path; IceGrid.Registry.Data must be an absolute path"; } if(!mkdir(registryDataDir)) { grantPermissions(registryDataDir, SE_FILE_OBJECT, true, true); } } else if(_serviceType == icegridnode) { string nodeDataDir = fixDirSeparator(_serviceProperties->getProperty("IceGrid.Node.Data")); if(nodeDataDir == "") { throw "IceGrid.Node.Data must be set in " + _configFile; } if(!IceUtilInternal::isAbsolutePath(nodeDataDir)) { throw "'" + nodeDataDir + "' is a relative path; IceGrid.Node.Data must be an absolute path"; } if(!mkdir(nodeDataDir)) { grantPermissions(nodeDataDir, SE_FILE_OBJECT, true, true); } grantPermissions("MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib", SE_REGISTRY_KEY, true); if(properties->getPropertyAsInt("DependOnRegistry") != 0) { dependency = "icegridregistry." + _icegridInstanceName; } } else if(_serviceType == glacier2router) { if(properties->getPropertyAsInt("DependOnRegistry") != 0) { if(_icegridInstanceName == "") { throw "Ice.Default.Locator must be set in " + _configFile + " when DependOnRegistry is not zero"; } dependency = "icegridregistry." + _icegridInstanceName; } } if(!_configFile.find("HKLM\\") == 0) { grantPermissions(_configFile); } string eventLog = properties->getProperty("EventLog"); if(eventLog == "") { eventLog = "Application"; } else { addLog(eventLog); } string eventLogSource = _serviceProperties->getPropertyWithDefault("Ice.EventLog.Source", _serviceName); addSource(eventLogSource, eventLog, getIceDLLPath(imagePath)); SC_HANDLE scm = OpenSCManager(0, 0, SC_MANAGER_ALL_ACCESS); if(scm == 0) { DWORD res = GetLastError(); throw "Cannot open SCM: " + IceUtilInternal::errorToString(res); } string deps = dependency; if(deps.empty()) { const string candidates[] = { "netprofm", "Nla" }; const int candidatesLen = 2; for(int i = 0; i < candidatesLen; ++i) { SC_HANDLE service = OpenService(scm, candidates[i].c_str(), GENERIC_READ); if(service != 0) { deps = candidates[i]; CloseServiceHandle(service); break; // for } } } deps += '\0'; // must be double-null terminated string command = "\"" + imagePath + "\" --service " + _serviceName + " --Ice.Config=\""; // // Get the full path of config file. // if(!_configFile.find("HKLM\\") == 0) { char fullPath[MAX_PATH]; if(GetFullPathName(_configFile.c_str(), MAX_PATH, fullPath, 0) > MAX_PATH) { throw "Could not compute the full path of " + _configFile; } command += string(fullPath) + "\""; } else { command += _configFile + "\""; } bool autoStart = properties->getPropertyAsIntWithDefault("AutoStart", 1) != 0; string password = properties->getProperty("Password"); SC_HANDLE service = CreateServiceW( scm, IceUtil::stringToWstring(_serviceName).c_str(), IceUtil::stringToWstring(displayName).c_str(), SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, autoStart ? SERVICE_AUTO_START : SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, IceUtil::stringToWstring(command).c_str(), 0, 0, IceUtil::stringToWstring(deps).c_str(), IceUtil::stringToWstring(_sidName).c_str(), IceUtil::stringToWstring(password).c_str()); if(service == 0) { DWORD res = GetLastError(); CloseServiceHandle(scm); throw "Cannot create service" + _serviceName + ": " + IceUtilInternal::errorToString(res); } // // Set description // wstring uDescription = IceUtil::stringToWstring(description); SERVICE_DESCRIPTIONW sd = { const_cast<wchar_t*>(uDescription.c_str()) }; if(!ChangeServiceConfig2W(service, SERVICE_CONFIG_DESCRIPTION, &sd)) { DWORD res = GetLastError(); CloseServiceHandle(scm); CloseServiceHandle(service); throw "Cannot set description for service" + _serviceName + ": " + IceUtilInternal::errorToString(res); } CloseServiceHandle(scm); CloseServiceHandle(service); }
RoutableReferencePtr IceInternal::ReferenceFactory::create(const Identity& ident, const string& facet, Reference::Mode mode, bool secure, const Ice::ProtocolVersion& protocol, const Ice::EncodingVersion& encoding, const vector<EndpointIPtr>& endpoints, const string& adapterId, const string& propertyPrefix) { DefaultsAndOverridesPtr defaultsAndOverrides = _instance->defaultsAndOverrides(); // // Default local proxy options. // LocatorInfoPtr locatorInfo; if(_defaultLocator) { if(_defaultLocator->ice_getEncodingVersion() != encoding) { locatorInfo = _instance->locatorManager()->get(_defaultLocator->ice_encodingVersion(encoding)); } else { locatorInfo = _instance->locatorManager()->get(_defaultLocator); } } RouterInfoPtr routerInfo = _instance->routerManager()->get(_defaultRouter); bool collocationOptimized = defaultsAndOverrides->defaultCollocationOptimization; bool cacheConnection = true; bool preferSecure = defaultsAndOverrides->defaultPreferSecure; Ice::EndpointSelectionType endpointSelection = defaultsAndOverrides->defaultEndpointSelection; int locatorCacheTimeout = defaultsAndOverrides->defaultLocatorCacheTimeout; int invocationTimeout = defaultsAndOverrides->defaultInvocationTimeout; Ice::Context ctx; // // Override the defaults with the proxy properties if a property prefix is defined. // if(!propertyPrefix.empty()) { PropertiesPtr properties = _instance->initializationData().properties; if(properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0) { checkForUnknownProperties(propertyPrefix); } string property; property = propertyPrefix + ".Locator"; LocatorPrx locator = LocatorPrx::uncheckedCast(_communicator->propertyToProxy(property)); if(locator) { if(locator->ice_getEncodingVersion() != encoding) { locatorInfo = _instance->locatorManager()->get(locator->ice_encodingVersion(encoding)); } else { locatorInfo = _instance->locatorManager()->get(locator); } } property = propertyPrefix + ".Router"; RouterPrx router = RouterPrx::uncheckedCast(_communicator->propertyToProxy(property)); if(router) { if(propertyPrefix.size() > 7 && propertyPrefix.substr(propertyPrefix.size() - 7, 7) == ".Router") { Warning out(_instance->initializationData().logger); out << "`" << property << "=" << properties->getProperty(property) << "': cannot set a router on a router; setting ignored"; } else { routerInfo = _instance->routerManager()->get(router); } } property = propertyPrefix + ".CollocationOptimized"; collocationOptimized = properties->getPropertyAsIntWithDefault(property, collocationOptimized) > 0; property = propertyPrefix + ".ConnectionCached"; cacheConnection = properties->getPropertyAsIntWithDefault(property, cacheConnection) > 0; property = propertyPrefix + ".PreferSecure"; preferSecure = properties->getPropertyAsIntWithDefault(property, preferSecure) > 0; property = propertyPrefix + ".EndpointSelection"; if(!properties->getProperty(property).empty()) { string type = properties->getProperty(property); if(type == "Random") { endpointSelection = Random; } else if(type == "Ordered") { endpointSelection = Ordered; } else { EndpointSelectionTypeParseException ex(__FILE__, __LINE__); ex.str = "illegal value `" + type + "'; expected `Random' or `Ordered'"; throw ex; } } property = propertyPrefix + ".LocatorCacheTimeout"; string value = properties->getProperty(property); if(!value.empty()) { locatorCacheTimeout = properties->getPropertyAsIntWithDefault(property, locatorCacheTimeout); if(locatorCacheTimeout < -1) { locatorCacheTimeout = -1; Warning out(_instance->initializationData().logger); out << "invalid value for " << property << "`" << properties->getProperty(property) << "'" << ": defaulting to -1"; } } property = propertyPrefix + ".InvocationTimeout"; value = properties->getProperty(property); if(!value.empty()) { invocationTimeout = properties->getPropertyAsIntWithDefault(property, invocationTimeout); if(invocationTimeout < 1 && invocationTimeout != -1) { invocationTimeout = -1; Warning out(_instance->initializationData().logger); out << "invalid value for " << property << "`" << properties->getProperty(property) << "'" << ": defaulting to -1"; } } property = propertyPrefix + ".Context."; PropertyDict contexts = properties->getPropertiesForPrefix(property); for(PropertyDict::const_iterator p = contexts.begin(); p != contexts.end(); ++p) { ctx.insert(make_pair(p->first.substr(property.length()), p->second)); } } // // Create new reference // return new RoutableReference(_instance, _communicator, ident, facet, mode, secure, protocol, encoding, endpoints, adapterId, locatorInfo, routerInfo, collocationOptimized, cacheConnection, preferSecure, endpointSelection, locatorCacheTimeout, invocationTimeout, ctx); }
Ice::ObjectAdapterI::ObjectAdapterI(const InstancePtr& instance, const CommunicatorPtr& communicator, const ObjectAdapterFactoryPtr& objectAdapterFactory, const string& name, const string& endpointInfo, const RouterPrx& router, bool noConfig) : _deactivated(false), _instance(instance), _communicator(communicator), _objectAdapterFactory(objectAdapterFactory), _servantManager(new ServantManager(instance, name)), _activateOneOffDone(false), _name(name), _directCount(0), _waitForActivate(false), _destroying(false), _destroyed(false), _noConfig(noConfig), _threadPerConnection(false), _threadPerConnectionStackSize(0) { if(_noConfig) { return; } PropertiesPtr properties = instance->initializationData().properties; StringSeq unknownProps; bool noProps = filterProperties(unknownProps); // // Warn about unknown object adapter properties. // if(unknownProps.size() != 0 && properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0) { Warning out(_instance->initializationData().logger); out << "found unknown properties for object adapter '" << _name << "':"; for(unsigned int i = 0; i < unknownProps.size(); ++i) { out << "\n " << unknownProps[i]; } } // // Make sure named adapter has some configuration // if(endpointInfo.empty() && router == 0 && noProps) { InitializationException ex(__FILE__, __LINE__); ex.reason = "object adapter \"" + _name + "\" requires configuration."; throw ex; } const_cast<string&>(_id) = properties->getProperty(_name + ".AdapterId"); const_cast<string&>(_replicaGroupId) = properties->getProperty(_name + ".ReplicaGroupId"); __setNoDelete(true); try { _threadPerConnection = properties->getPropertyAsInt(_name + ".ThreadPerConnection") > 0; int threadPoolSize = properties->getPropertyAsInt(_name + ".ThreadPool.Size"); int threadPoolSizeMax = properties->getPropertyAsInt(_name + ".ThreadPool.SizeMax"); if(_threadPerConnection && (threadPoolSize > 0 || threadPoolSizeMax > 0)) { InitializationException ex(__FILE__, __LINE__); ex.reason = "object adapter \"" + _name + "\" cannot be configured for both\n" "thread pool and thread per connection"; throw ex; } if(!_threadPerConnection && threadPoolSize == 0 && threadPoolSizeMax == 0) { _threadPerConnection = _instance->threadPerConnection(); } if(_threadPerConnection) { int stackSize = properties->getPropertyAsIntWithDefault(_name + ".ThreadPerConnection.StackSize", static_cast<Int>(_instance->threadPerConnectionStackSize())); if(stackSize < 0) { stackSize = 0; } _threadPerConnectionStackSize = stackSize; } // // Create the per-adapter thread pool, if necessary. This is done before the creation of the incoming // connection factory as the thread pool is needed during creation for the call to incFdsInUse. // if(threadPoolSize > 0 || threadPoolSizeMax > 0) { _threadPool = new ThreadPool(_instance, _name + ".ThreadPool", 0); } if(!router) { const_cast<RouterPrx&>(router) = RouterPrx::uncheckedCast( _instance->proxyFactory()->propertyToProxy(_name + ".Router")); } if(router) { _routerInfo = _instance->routerManager()->get(router); if(_routerInfo) { // // Make sure this router is not already registered with another adapter. // if(_routerInfo->getAdapter()) { throw AlreadyRegisteredException(__FILE__, __LINE__, "object adapter with router", _instance->identityToString(router->ice_getIdentity())); } // // Add the router's server proxy endpoints to this object // adapter. // vector<EndpointIPtr> endpoints = _routerInfo->getServerEndpoints(); copy(endpoints.begin(), endpoints.end(), back_inserter(_routerEndpoints)); sort(_routerEndpoints.begin(), _routerEndpoints.end()); // Must be sorted. _routerEndpoints.erase(unique(_routerEndpoints.begin(), _routerEndpoints.end()), _routerEndpoints.end()); // // Associate this object adapter with the router. This way, // new outgoing connections to the router's client proxy will // use this object adapter for callbacks. // _routerInfo->setAdapter(this); // // Also modify all existing outgoing connections to the // router's client proxy to use this object adapter for // callbacks. // _instance->outgoingConnectionFactory()->setRouterInfo(_routerInfo); } } else { // // Parse the endpoints, but don't store them in the adapter. // The connection factory might change it, for example, to // fill in the real port number. // vector<EndpointIPtr> endpoints; if(endpointInfo.empty()) { endpoints = parseEndpoints(properties->getProperty(_name + ".Endpoints")); } else { endpoints = parseEndpoints(endpointInfo); } for(vector<EndpointIPtr>::iterator p = endpoints.begin(); p != endpoints.end(); ++p) { _incomingConnectionFactories.push_back(new IncomingConnectionFactory(instance, *p, this, _name)); } if(endpoints.empty()) { TraceLevelsPtr tl = _instance->traceLevels(); if(tl->network >= 2) { Trace out(_instance->initializationData().logger, tl->networkCat); out << "created adapter `" << name << "' without endpoints"; } } // // Parse published endpoints. If set, these are used in proxies // instead of the connection factory endpoints. // string endpts = properties->getProperty(_name + ".PublishedEndpoints"); _publishedEndpoints = parseEndpoints(endpts); if(_publishedEndpoints.empty()) { transform(_incomingConnectionFactories.begin(), _incomingConnectionFactories.end(), back_inserter(_publishedEndpoints), Ice::constMemFun(&IncomingConnectionFactory::endpoint)); } // // Filter out any endpoints that are not meant to be published. // _publishedEndpoints.erase(remove_if(_publishedEndpoints.begin(), _publishedEndpoints.end(), not1(Ice::constMemFun(&EndpointI::publish))), _publishedEndpoints.end()); } if(!properties->getProperty(_name + ".Locator").empty()) { setLocator(LocatorPrx::uncheckedCast(_instance->proxyFactory()->propertyToProxy(_name + ".Locator"))); } else { setLocator(_instance->referenceFactory()->getDefaultLocator()); } } catch(...) { destroy(); __setNoDelete(false); throw; } __setNoDelete(false); }
bool NodeService::startImpl(int argc, char* argv[], int& status) { bool nowarn = false; bool readonly = false; string initFromReplica; string desc; vector<string> targets; for(int i = 1; i < argc; ++i) { if(strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0) { usage(argv[0]); status = EXIT_SUCCESS; return false; } else if(strcmp(argv[i], "-v") == 0 || strcmp(argv[i], "--version") == 0) { print(ICE_STRING_VERSION); status = EXIT_SUCCESS; return false; } else if(strcmp(argv[i], "--nowarn") == 0) { nowarn = true; } else if(strcmp(argv[i], "--readonly") == 0) { readonly = true; } else if(strcmp(argv[i], "--initdb-from-replica") == 0) { if(i + 1 >= argc) { error("missing replica argument for option `" + string(argv[i]) + "'"); usage(argv[0]); return false; } initFromReplica = argv[++i]; } else if(strcmp(argv[i], "--deploy") == 0) { if(i + 1 >= argc) { error("missing descriptor argument for option `" + string(argv[i]) + "'"); usage(argv[0]); return false; } desc = argv[++i]; while(i + 1 < argc && argv[++i][0] != '-') { targets.push_back(argv[i]); } } else { error("invalid option: `" + string(argv[i]) + "'"); usage(argv[0]); return false; } } PropertiesPtr properties = communicator()->getProperties(); // // Disable server idle time. Otherwise, the adapter would be // shutdown prematurely and the deactivation would fail. // Deactivation of the node relies on the object adapter // to be active since it needs to terminate servers. // // TODO: implement Ice.ServerIdleTime in the activator // termination listener instead? // properties->setProperty("Ice.ServerIdleTime", "0"); // // Warn the user that setting Ice.ThreadPool.Server isn't useful. // if(!nowarn && properties->getPropertyAsIntWithDefault("Ice.ThreadPool.Server.Size", 0) > 0) { Warning out(communicator()->getLogger()); out << "setting `Ice.ThreadPool.Server.Size' is not useful, "; out << "you should set individual adapter thread pools instead."; } setupThreadPool(properties, "IceGrid.Node.ThreadPool", 1, 100); // // Create the activator. // TraceLevelsPtr traceLevels = new TraceLevels(communicator(), "IceGrid.Node"); _activator = new Activator(traceLevels); // // Collocate the IceGrid registry if we need to. // if(properties->getPropertyAsInt("IceGrid.Node.CollocateRegistry") > 0) { _registry = new CollocatedRegistry(communicator(), _activator, nowarn, readonly, initFromReplica); if(!_registry->start()) { return false; } // // Set the default locator property to point to the collocated // locator (this property is passed by the activator to each // activated server). The default locator is also needed by // the node session manager. // if(properties->getProperty("Ice.Default.Locator").empty()) { Identity locatorId; locatorId.category = properties->getPropertyWithDefault("IceGrid.InstanceName", "IceGrid"); locatorId.name = "Locator"; string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints"); string locPrx = "\"" + communicator()->identityToString(locatorId) + "\" :" + endpoints; communicator()->setDefaultLocator(Ice::LocatorPrx::uncheckedCast(communicator()->stringToProxy(locPrx))); properties->setProperty("Ice.Default.Locator", locPrx); } } else if(properties->getProperty("Ice.Default.Locator").empty()) { error("property `Ice.Default.Locator' is not set"); return false; } // // Initialize the database environment (first setup the directory structure if needed). // string dataPath = properties->getProperty("IceGrid.Node.Data"); string dbPath; if(dataPath.empty()) { error("property `IceGrid.Node.Data' is not set"); return false; } else { if(!IceUtilInternal::directoryExists(dataPath)) { FileException ex(__FILE__, __LINE__); ex.path = dataPath; ex.error = IceInternal::getSystemErrno(); ServiceError err(this); err << "property `IceGrid.Node.Data' is set to an invalid path:\n" << ex; return false; } // // Creates subdirectories. // if(dataPath[dataPath.length() - 1] != '/') { dataPath += "/"; } IcePatch2::createDirectory(dataPath + "servers"); IcePatch2::createDirectory(dataPath + "tmp"); IcePatch2::createDirectory(dataPath + "distrib"); #ifdef _WIN32 // // Make sure these directories are not indexed by the Windows // indexing service (which can cause random "Access Denied" // errors if indexing runs at the same time as the node is // creating/deleting files). // try { setNoIndexingAttribute(dataPath + "servers"); setNoIndexingAttribute(dataPath + "tmp"); setNoIndexingAttribute(dataPath + "distrib"); } catch(const FileException& ex) { if(!nowarn) { Warning out(communicator()->getLogger()); out << "couldn't disable file indexing:\n" << ex; } } #endif } // // Check that required properties are set and valid. // if(properties->getProperty("IceGrid.Node.Endpoints").empty()) { error("property `IceGrid.Node.Endpoints' is not set"); return false; } string name = properties->getProperty("IceGrid.Node.Name"); if(name.empty()) { error("property `IceGrid.Node.Name' is not set"); return false; } // // Setup the Freeze database environment home directory. The name of the database // environment for the IceGrid node is the name of the node. // properties->setProperty("Freeze.DbEnv." + name + ".DbHome", dbPath); // // Create the node object adapter. // _adapter = communicator()->createObjectAdapter("IceGrid.Node"); // // Setup the user account mapper if configured. // string mapperProperty = "IceGrid.Node.UserAccountMapper"; string mapperPropertyValue = properties->getProperty(mapperProperty); UserAccountMapperPrx mapper; if(!mapperPropertyValue.empty()) { try { mapper = UserAccountMapperPrx::uncheckedCast(communicator()->propertyToProxy(mapperProperty)); } catch(const std::exception& ex) { ServiceError err(this); err << "user account mapper `" << mapperProperty << "' is invalid:\n" << ex; return false; } } else { string userAccountFileProperty = properties->getProperty("IceGrid.Node.UserAccounts"); if(!userAccountFileProperty.empty()) { try { Ice::ObjectPrx object = _adapter->addWithUUID(new FileUserAccountMapperI(userAccountFileProperty)); object = object->ice_collocationOptimized(true); mapper = UserAccountMapperPrx::uncheckedCast(object); } catch(const std::string& msg) { error(msg); return false; } } } // // Create a new timer to handle server activation/deactivation timeouts. // _timer = new IceUtil::Timer(); // // The IceGrid instance name. // const string instanceName = communicator()->getDefaultLocator()->ice_getIdentity().category; _sessions.reset(new NodeSessionManager(communicator())); // // Create the server factory. The server factory creates persistent objects // for the server and server adapter. It also takes care of installing the // evictors and object factories necessary to store these objects. // Identity id = communicator()->stringToIdentity(instanceName + "/Node-" + name); NodePrx nodeProxy = NodePrx::uncheckedCast(_adapter->createProxy(id)); _node = new NodeI(_adapter, *_sessions, _activator, _timer, traceLevels, nodeProxy, name, mapper); _adapter->add(_node, nodeProxy->ice_getIdentity()); _adapter->addServantLocator(new DefaultServantLocator(new NodeServerAdminRouter(_node)), _node->getServerAdminCategory()); // // Start the platform info thread if needed. // _node->getPlatformInfo().start(); // // Ensures that the locator is reachable. // if(!nowarn) { try { communicator()->getDefaultLocator()->ice_timeout(1000)->ice_ping(); } catch(const Ice::LocalException& ex) { Warning out(communicator()->getLogger()); out << "couldn't reach the IceGrid registry (this is expected "; out << "if it's down, otherwise please check the value of the "; out << "Ice.Default.Locator property):\n" << ex; } } // // Create the node sessions with the registries. // _sessions->create(_node); // // In some tests, we deploy icegridnodes using IceGrid: // if(properties->getProperty("Ice.Admin.Endpoints") != "") { // // Replace Process facet and create Admin object // try { ProcessPtr origProcess = ProcessPtr::dynamicCast(communicator()->removeAdminFacet("Process")); communicator()->addAdminFacet(new ProcessI(_activator, origProcess), "Process"); communicator()->getAdmin(); } catch(const Ice::NotRegisteredException&) { // // Some plug-in removed the Process facet, so we don't replace it. // (unlikely error though) // } } // // Start the activator. // _activator->start(); // // Activate the adapter. // _adapter->activate(); // // Notify the node session manager that the node can start // accepting incoming connections. // _sessions->activate(); string bundleName = properties->getProperty("IceGrid.Node.PrintServersReady"); if(!bundleName.empty() || !desc.empty()) { enableInterrupt(); if(!_sessions->waitForCreate()) { // // Create was interrupted, return true as if the service was // correctly initiliazed to make sure it's properly stopped. // return true; } disableInterrupt(); } // // Deploy application if a descriptor is passed as a command-line option. // if(!desc.empty()) { try { Ice::Identity regId; regId.category = instanceName; regId.name = "Registry"; RegistryPrx registry = RegistryPrx::checkedCast(communicator()->getDefaultLocator()->findObjectById(regId)); if(!registry) { throw "invalid registry"; } registry = registry->ice_preferSecure(true); // Use SSL if available. IceGrid::AdminSessionPrx session; if(communicator()->getProperties()->getPropertyAsInt("IceGridAdmin.AuthenticateUsingSSL")) { session = registry->createAdminSessionFromSecureConnection(); } else { string id = communicator()->getProperties()->getProperty("IceGridAdmin.Username"); string password = communicator()->getProperties()->getProperty("IceGridAdmin.Password"); while(id.empty()) { cout << "user id: " << flush; getline(cin, id); id = IceUtilInternal::trim(id); } if(password.empty()) { cout << "password: "******"failed to deploy application `" << desc << "':\n" << ex; } catch(const AccessDeniedException& ex) { ServiceWarning warn(this); warn << "failed to deploy application `" << desc << "':\n" << "registry database is locked by `" << ex.lockUserId << "'"; } catch(const std::exception& ex) { ServiceWarning warn(this); warn << "failed to deploy application `" << desc << "':\n" << ex; } catch(const string& reason) { ServiceWarning warn(this); warn << "failed to deploy application `" << desc << "':\n" << reason; } } if(!bundleName.empty()) { print(bundleName + " ready"); } return true; }
void Ice::ObjectAdapterI::initialize(const RouterPrx& router) { if(_noConfig) { _reference = _instance->referenceFactory()->create("dummy -t", ""); return; } PropertiesPtr properties = _instance->initializationData().properties; StringSeq unknownProps; bool noProps = filterProperties(unknownProps); // // Warn about unknown object adapter properties. // if(unknownProps.size() != 0 && properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0) { Warning out(_instance->initializationData().logger); out << "found unknown properties for object adapter `" << _name << "':"; for(unsigned int i = 0; i < unknownProps.size(); ++i) { out << "\n " << unknownProps[i]; } } try { // // Make sure named adapter has some configuration // if(router == 0 && noProps) { InitializationException ex(__FILE__, __LINE__); ex.reason = "object adapter `" + _name + "' requires configuration"; throw ex; } const_cast<string&>(_id) = properties->getProperty(_name + ".AdapterId"); const_cast<string&>(_replicaGroupId) = properties->getProperty(_name + ".ReplicaGroupId"); // // Setup a reference to be used to get the default proxy options // when creating new proxies. By default, create twoway proxies. // string proxyOptions = properties->getPropertyWithDefault(_name + ".ProxyOptions", "-t"); try { _reference = _instance->referenceFactory()->create("dummy " + proxyOptions, ""); } catch(const ProxyParseException&) { InitializationException ex(__FILE__, __LINE__); ex.reason = "invalid proxy options `" + proxyOptions + "' for object adapter `" + _name + "'"; throw ex; } int threadPoolSize = properties->getPropertyAsInt(_name + ".ThreadPool.Size"); int threadPoolSizeMax = properties->getPropertyAsInt(_name + ".ThreadPool.SizeMax"); bool hasPriority = properties->getProperty(_name + ".ThreadPool.ThreadPriority") != ""; // // Create the per-adapter thread pool, if necessary. This is done before the creation of the incoming // connection factory as the thread pool is needed during creation for the call to incFdsInUse. // if(threadPoolSize > 0 || threadPoolSizeMax > 0 || hasPriority) { _threadPool = new ThreadPool(_instance, _name + ".ThreadPool", 0); } _hasAcmTimeout = properties->getProperty(_name + ".ACM") != ""; if(_hasAcmTimeout) { _acmTimeout = properties->getPropertyAsInt(_name + ".ACM"); _instance->connectionMonitor()->checkIntervalForACM(_acmTimeout); } if(!router) { const_cast<RouterPrx&>(router) = RouterPrx::uncheckedCast( _instance->proxyFactory()->propertyToProxy(_name + ".Router")); } if(router) { _routerInfo = _instance->routerManager()->get(router); if(_routerInfo) { // // Make sure this router is not already registered with another adapter. // if(_routerInfo->getAdapter()) { throw AlreadyRegisteredException(__FILE__, __LINE__, "object adapter with router", _instance->identityToString(router->ice_getIdentity())); } // // Add the router's server proxy endpoints to this object // adapter. // vector<EndpointIPtr> endpoints = _routerInfo->getServerEndpoints(); copy(endpoints.begin(), endpoints.end(), back_inserter(_routerEndpoints)); sort(_routerEndpoints.begin(), _routerEndpoints.end()); // Must be sorted. _routerEndpoints.erase(unique(_routerEndpoints.begin(), _routerEndpoints.end()), _routerEndpoints.end()); // // Associate this object adapter with the router. This way, // new outgoing connections to the router's client proxy will // use this object adapter for callbacks. // _routerInfo->setAdapter(this); // // Also modify all existing outgoing connections to the // router's client proxy to use this object adapter for // callbacks. // _instance->outgoingConnectionFactory()->setRouterInfo(_routerInfo); } } else { // // Parse the endpoints, but don't store them in the adapter. // The connection factory might change it, for example, to // fill in the real port number. // vector<EndpointIPtr> endpoints = parseEndpoints(properties->getProperty(_name + ".Endpoints"), true); for(vector<EndpointIPtr>::iterator p = endpoints.begin(); p != endpoints.end(); ++p) { IncomingConnectionFactoryPtr factory = new IncomingConnectionFactory(_instance, *p, this); factory->initialize(_name); _incomingConnectionFactories.push_back(factory); } if(endpoints.empty()) { TraceLevelsPtr tl = _instance->traceLevels(); if(tl->network >= 2) { Trace out(_instance->initializationData().logger, tl->networkCat); out << "created adapter `" << _name << "' without endpoints"; } } // // Parse the published endpoints. // _publishedEndpoints = parsePublishedEndpoints(); } if(!properties->getProperty(_name + ".Locator").empty()) { setLocator(LocatorPrx::uncheckedCast(_instance->proxyFactory()->propertyToProxy(_name + ".Locator"))); } else { setLocator(_instance->referenceFactory()->getDefaultLocator()); } } catch(...) { destroy(); throw; } }
void SChannelEngine::initialize() { Mutex::Lock lock(_mutex); if(_initialized) { return; } SSLEngine::initialize(); const string prefix = "IceSSL."; const PropertiesPtr properties = communicator()->getProperties(); // // Protocols selects which protocols to enable, by default we only enable TLS1.0 // TLS1.1 and TLS1.2 to avoid security issues with SSLv3 // vector<string> defaultProtocols; defaultProtocols.push_back("tls1_0"); defaultProtocols.push_back("tls1_1"); defaultProtocols.push_back("tls1_2"); const_cast<DWORD&>(_protocols) = parseProtocols(properties->getPropertyAsListWithDefault(prefix + "Protocols", defaultProtocols)); // // Check for a default directory. We look in this directory for // files mentioned in the configuration. // string defaultDir = properties->getProperty(prefix + "DefaultDir"); int passwordRetryMax = properties->getPropertyAsIntWithDefault(prefix + "PasswordRetryMax", 3); PasswordPromptPtr passwordPrompt = getPasswordPrompt(); setPassword(properties->getProperty(prefix + "Password")); string ciphers = properties->getProperty(prefix + "Ciphers"); if(!ciphers.empty()) { parseCiphers(ciphers); } if(securityTraceLevel() >= 1) { ostringstream os; os << "enabling SSL ciphersuites:"; if(_ciphers.empty()) { for(int i = 0; i < supportedCiphersSize; ++i) { os << "\n " << getCipherName(supportedCiphers[i]); } } else { for(vector<ALG_ID>::const_iterator i = _ciphers.begin(); i != _ciphers.end(); ++i) { os << "\n " << getCipherName(*i); } } getLogger()->trace(securityTraceCategory(), os.str()); } string certStore = properties->getPropertyWithDefault(prefix + "CertStore", "CurrentUser"); if(certStore != "CurrentUser" && certStore != "LocalMachine") { getLogger()->warning("Invalid IceSSL.CertStore value `" + certStore + "' adjusted to `CurrentUser'"); certStore = "CurrentUser"; } // // Create trusted CA store with contents of CertAuthFile // string caFile = properties->getProperty(prefix + "CertAuthFile"); if(!caFile.empty()) { _rootStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0); if(!_rootStore) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error creating in memory certificate store:\n" + lastErrorToString()); } if(!checkPath(caFile, defaultDir, false)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: CA certificate file not found:\n" + caFile); } addCertificateToStore(caFile, _rootStore); // // Create a chain engine that uses our Trusted Root Store // #ifdef __MINGW32__ CertChainEngineConfig config; memset(&config, 0, sizeof(CertChainEngineConfig)); config.cbSize = sizeof(CertChainEngineConfig); #else CERT_CHAIN_ENGINE_CONFIG config; memset(&config, 0, sizeof(CERT_CHAIN_ENGINE_CONFIG)); config.cbSize = sizeof(CERT_CHAIN_ENGINE_CONFIG); #endif config.hExclusiveRoot = _rootStore; // // Build the chain using the LocalMachine registry location as opposed // to the CurrentUser location. // if(certStore == "LocalMachine") { config.dwFlags = CERT_CHAIN_USE_LOCAL_MACHINE_STORE; } #ifdef __MINGW32__ if(!CertCreateCertificateChainEngine(reinterpret_cast<CERT_CHAIN_ENGINE_CONFIG*>(&config), &_chainEngine)) #else if(!CertCreateCertificateChainEngine(&config, &_chainEngine)) #endif { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error creating certificate chain engine:\n" + lastErrorToString()); } } else { _chainEngine = (certStore == "LocalMachine") ? HCCE_LOCAL_MACHINE : HCCE_CURRENT_USER; } // // Import the application certificate and private keys. // string keySet = properties->getPropertyWithDefault(prefix + "KeySet", "DefaultKeySet"); if(keySet != "DefaultKeySet" && keySet != "UserKeySet" && keySet != "MachineKeySet") { getLogger()->warning("Invalid IceSSL.KeySet value `" + keySet + "' adjusted to `DefaultKeySet'"); keySet = "DefaultKeySet"; } DWORD importFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET : CRYPT_USER_KEYSET; string certFile = properties->getProperty(prefix + "CertFile"); string keyFile = properties->getPropertyWithDefault(prefix + "KeyFile", certFile); if(!certFile.empty()) { vector<string> certFiles; if(!splitString(certFile, IceUtilInternal::pathsep, certFiles) || certFiles.size() > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for " + prefix + "CertFile:\n" + certFile); } vector<string> keyFiles; if(!splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for " + prefix + "KeyFile:\n" + keyFile); } if(certFiles.size() != keyFiles.size()) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: " + prefix + "KeyFile does not agree with " + prefix + "CertFile"); } for(size_t i = 0; i < certFiles.size(); ++i) { string certFile = certFiles[i]; if(!checkPath(certFile, defaultDir, false)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: certificate file not found:\n" + certFile); } vector<char> buffer; readFile(certFile, buffer); CRYPT_DATA_BLOB pfxBlob; pfxBlob.cbData = static_cast<DWORD>(buffer.size()); pfxBlob.pbData = reinterpret_cast<BYTE*>(&buffer[0]); HCERTSTORE store = 0; PCCERT_CONTEXT cert = 0; int err = 0; int count = 0; do { string s = password(false); store = PFXImportCertStore(&pfxBlob, stringToWstring(s).c_str(), importFlags); err = store ? 0 : GetLastError(); } while(err == ERROR_INVALID_PASSWORD && passwordPrompt && ++count < passwordRetryMax); if(store) { _stores.push_back(store); cert = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0, CERT_FIND_ANY, 0, cert); if(!cert) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: certificate error:\n" + lastErrorToString()); } _certs.push_back(cert); continue; } assert(err); if(err != CRYPT_E_BAD_ENCODE) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding certificate:\n" + lastErrorToString()); } // // Try to load certificate & key as PEM files. // err = 0; keyFile = keyFiles[i]; if(!checkPath(keyFile, defaultDir, false)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile); } readFile(keyFile, buffer); vector<BYTE> outBuffer; outBuffer.resize(buffer.size()); DWORD outLength = static_cast<DWORD>(buffer.size()); // // Convert the PEM encoded buffer to DER binary format. // if(!CryptStringToBinary(&buffer[0], static_cast<DWORD>(buffer.size()), CRYPT_STRING_BASE64HEADER, &outBuffer[0], &outLength, 0, 0)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key:\n" + lastErrorToString()); } PCRYPT_PRIVATE_KEY_INFO keyInfo = 0; BYTE* key = 0; HCRYPTKEY hKey = 0; try { DWORD decodedLength = 0; if(!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_PRIVATE_KEY_INFO, &outBuffer[0], outLength, CRYPT_DECODE_ALLOC_FLAG, 0, &keyInfo, &decodedLength)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key:\n" + lastErrorToString()); } // // Check that we are using a RSA Key // if(strcmp(keyInfo->Algorithm.pszObjId, szOID_RSA_RSA)) { throw PluginInitializationException(__FILE__, __LINE__, string("IceSSL: error unknow key algorithm: `") + keyInfo->Algorithm.pszObjId + "'"); } // // Create a new RSA key set to store our key // const wstring keySetName = stringToWstring(generateUUID()); HCRYPTPROV cryptProv = 0; DWORD contextFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET : CRYPT_NEWKEYSET; if(!CryptAcquireContextW(&cryptProv, keySetName.c_str(), MS_DEF_PROV_W, PROV_RSA_FULL, contextFlags)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error acquiring cryptographic context:\n" + lastErrorToString()); } // // Decode the private key BLOB // if(!CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, keyInfo->PrivateKey.pbData, keyInfo->PrivateKey.cbData, CRYPT_DECODE_ALLOC_FLAG, 0, &key, &outLength)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key:\n" + lastErrorToString()); } LocalFree(keyInfo); keyInfo = 0; // // Import the private key // if(!CryptImportKey(cryptProv, key, outLength, 0, 0, &hKey)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error importing key:\n" + lastErrorToString()); } LocalFree(key); key = 0; CryptDestroyKey(hKey); hKey = 0; // // Create a new memory store to place the certificate // store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0); if(!store) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error creating certificate store:\n" + lastErrorToString()); } addCertificateToStore(certFile, store, &cert); // // Associate key & certificate // CRYPT_KEY_PROV_INFO keyProvInfo; memset(&keyProvInfo, 0, sizeof(keyProvInfo)); keyProvInfo.pwszContainerName = const_cast<wchar_t*>(keySetName.c_str()); keyProvInfo.pwszProvName = const_cast<wchar_t*>(MS_DEF_PROV_W); keyProvInfo.dwProvType = PROV_RSA_FULL; keyProvInfo.dwKeySpec = AT_KEYEXCHANGE; if(!CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error seting certificate property:\n" + lastErrorToString()); } _certs.push_back(cert); _stores.push_back(store); } catch(...) { if(keyInfo) { LocalFree(keyInfo); } if(key) { LocalFree(key); } if(hKey) { CryptDestroyKey(hKey); } if(cert) { CertFreeCertificateContext(cert); } if(store) { CertCloseStore(store, 0); } throw; } } _allCerts.insert(_allCerts.end(), _certs.begin(), _certs.end()); } const string findPrefix = prefix + "FindCert."; map<string, string> certProps = properties->getPropertiesForPrefix(findPrefix); if(!certProps.empty()) { for(map<string, string>::const_iterator i = certProps.begin(); i != certProps.end(); ++i) { const string name = i->first; const string val = i->second; if(!val.empty()) { string storeSpec = name.substr(findPrefix.size()); vector<PCCERT_CONTEXT> certs = findCertificates(name, storeSpec, val, _stores); _allCerts.insert(_allCerts.end(), certs.begin(), certs.end()); } } if(_allCerts.empty()) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no certificates found"); } } _initialized = true; }