You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ta...@apache.org on 2013/08/07 21:34:50 UTC
svn commit: r1511451 - in
/activemq/activemq-cpp/trunk/activemq-cpp/src/main: activemq/transport/tcp/
decaf/internal/net/ssl/openssl/ decaf/net/ssl/
Author: tabish
Date: Wed Aug 7 19:34:50 2013
New Revision: 1511451
URL: http://svn.apache.org/r1511451
Log:
fix for: https://issues.apache.org/jira/browse/AMQCPP-505
SSL transport will set the Server Name field based on the connection URI.
Modified:
activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp
activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp
activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h
activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp
activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h
activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h
activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp
activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h
activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp
activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp Wed Aug 7 19:34:50 2013
@@ -74,6 +74,14 @@ void SslTransport::configureSocket(Socke
"Socket passed was not an SSLSocket instance.");
}
+ SSLParameters params = sslSocket->getSSLParameters();
+
+ std::vector<std::string> serverNames;
+ serverNames.push_back(this->getLocation().getHost());
+ params.setServerNames(serverNames);
+
+ sslSocket->setSSLParameters(params);
+
TcpTransport::configureSocket(socket);
}
DECAF_CATCH_RETHROW(NullPointerException)
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp Wed Aug 7 19:34:50 2013
@@ -362,3 +362,8 @@ void TcpTransport::setTcpNoDelay(bool tc
bool TcpTransport::isTcpNoDelay() const {
return this->impl->tcpNoDelay;
}
+
+////////////////////////////////////////////////////////////////////////////////
+decaf::net::URI TcpTransport::getLocation() const {
+ return this->impl->location;
+}
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h Wed Aug 7 19:34:50 2013
@@ -107,6 +107,8 @@ namespace tcp {
protected:
+ decaf::net::URI getLocation() const;
+
virtual void beforeNextIsStarted();
virtual void afterNextIsStopped();
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp Wed Aug 7 19:34:50 2013
@@ -36,20 +36,21 @@ using namespace decaf::internal::net::ss
#ifdef HAVE_OPENSSL
////////////////////////////////////////////////////////////////////////////////
-OpenSSLParameters::OpenSSLParameters( SSL_CTX* context ) : needClientAuth( false ),
- wantClientAuth( false ),
- useClientMode( true ),
- context( context ),
- ssl( NULL ),
- enabledCipherSuites(),
- enabledProtocols() {
+OpenSSLParameters::OpenSSLParameters(SSL_CTX* context) : needClientAuth(false),
+ wantClientAuth(false),
+ useClientMode(true),
+ context(context),
+ ssl(NULL),
+ enabledCipherSuites(),
+ enabledProtocols(),
+ serverNames() {
- if( context == NULL ) {
- throw NullPointerException( __FILE__, __LINE__, "SSL Context was NULL" );
+ if (context == NULL) {
+ throw NullPointerException(__FILE__, __LINE__, "SSL Context was NULL");
}
// Create a new SSL instance for this Parameters object, each one needs its own.
- this->ssl = SSL_new( context );
+ this->ssl = SSL_new(context);
}
#endif
@@ -59,12 +60,10 @@ OpenSSLParameters::~OpenSSLParameters()
try {
#ifdef HAVE_OPENSSL
-
- SSL_free( this->ssl );
-
+ SSL_free(this->ssl);
#endif
}
- DECAF_CATCH_NOTHROW( Exception )
+ DECAF_CATCH_NOTHROW(Exception)
DECAF_CATCHALL_NOTHROW()
}
@@ -84,8 +83,7 @@ std::vector<std::string> OpenSSLParamete
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLParameters::setEnabledCipherSuites( const std::vector<std::string>& suites ) {
-
+void OpenSSLParameters::setEnabledCipherSuites(const std::vector<std::string>& suites) {
// Cache the setting for quicker retrieval
this->enabledCipherSuites = suites;
}
@@ -96,13 +94,23 @@ std::vector<std::string> OpenSSLParamete
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLParameters::setEnabledProtocols( const std::vector<std::string>& protocols ) {
-
+void OpenSSLParameters::setEnabledProtocols(const std::vector<std::string>& protocols) {
// Cache the setting for quicker retrieval
this->enabledProtocols = protocols;
}
////////////////////////////////////////////////////////////////////////////////
+std::vector<std::string> OpenSSLParameters::getServerNames() const {
+ return this->serverNames;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+void OpenSSLParameters::setServerNames(const std::vector<std::string>& serverNames) {
+ // Cache the setting for quicker retrieval
+ this->serverNames = serverNames;
+}
+
+////////////////////////////////////////////////////////////////////////////////
OpenSSLParameters* OpenSSLParameters::clone() const {
#ifdef HAVE_OPENSSL
@@ -111,6 +119,7 @@ OpenSSLParameters* OpenSSLParameters::cl
cloned->enabledProtocols = this->enabledProtocols;
cloned->enabledCipherSuites = this->enabledCipherSuites;
+ cloned->serverNames = this->serverNames;
cloned->needClientAuth = this->needClientAuth;
cloned->wantClientAuth = this->wantClientAuth;
cloned->useClientMode = this->useClientMode;
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h Wed Aug 7 19:34:50 2013
@@ -52,16 +52,17 @@ namespace openssl {
std::vector<std::string> enabledCipherSuites;
std::vector<std::string> enabledProtocols;
+ std::vector<std::string> serverNames;
private:
- OpenSSLParameters( const OpenSSLParameters& );
- OpenSSLParameters& operator= ( const OpenSSLParameters& );
+ OpenSSLParameters(const OpenSSLParameters&);
+ OpenSSLParameters& operator=(const OpenSSLParameters&);
public:
#ifdef HAVE_OPENSSL
- OpenSSLParameters( SSL_CTX* context );
+ OpenSSLParameters(SSL_CTX* context);
#endif
virtual ~OpenSSLParameters();
@@ -98,11 +99,15 @@ namespace openssl {
std::vector<std::string> getEnabledCipherSuites() const;
- void setEnabledCipherSuites( const std::vector<std::string>& suites );
+ void setEnabledCipherSuites(const std::vector<std::string>& suites);
std::vector<std::string> getEnabledProtocols() const;
- void setEnabledProtocols( const std::vector<std::string>& protocols );
+ void setEnabledProtocols(const std::vector<std::string>& protocols);
+
+ std::vector<std::string> getServerNames() const;
+
+ void setServerNames(const std::vector<std::string>& serverNames);
#ifdef HAVE_OPENSSL
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp Wed Aug 7 19:34:50 2013
@@ -69,20 +69,17 @@ namespace openssl {
public:
- SocketData() : handshakeStarted( false ),
- handshakeCompleted( false ),
+ SocketData() : handshakeStarted(false),
+ handshakeCompleted(false),
commonName(),
handshakeLock() {
}
- ~SocketData() {
- }
+ ~SocketData() {}
#ifdef HAVE_OPENSSL
- static int verifyCallback( int verified, X509_STORE_CTX* store DECAF_UNUSED ) {
-
- if( !verified ) {
-
+ static int verifyCallback(int verified, X509_STORE_CTX* store DECAF_UNUSED) {
+ if (!verified) {
// Trap debug info here about why the Certificate failed to validate.
}
@@ -95,70 +92,61 @@ namespace openssl {
}}}}}
////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters ) :
- SSLSocket(), data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters) :
+ SSLSocket(), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
- if( parameters == NULL ) {
- throw NullPointerException(
- __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+ if (parameters == NULL) {
+ throw NullPointerException(__FILE__, __LINE__,
+ "The OpenSSL Parameters object instance passed was NULL.");
}
}
////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters, const InetAddress* address, int port ) :
- SSLSocket( address, port ), data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters, const InetAddress* address, int port) :
+ SSLSocket(address, port), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
- if( parameters == NULL ) {
- throw NullPointerException(
- __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+ if (parameters == NULL) {
+ throw NullPointerException(__FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL.");
}
}
////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters, const InetAddress* address, int port,
- const InetAddress* localAddress, int localPort ) :
- SSLSocket( address, port, localAddress, localPort ),
- data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters, const InetAddress* address, int port, const InetAddress* localAddress, int localPort) :
+ SSLSocket(address, port, localAddress, localPort), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
- if( parameters == NULL ) {
- throw NullPointerException(
- __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+ if (parameters == NULL) {
+ throw NullPointerException(__FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL.");
}
}
////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters, const std::string& host, int port ) :
- SSLSocket( host, port ),
- data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters, const std::string& host, int port) :
+ SSLSocket(host, port), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
- if( parameters == NULL ) {
- throw NullPointerException(
- __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+ if (parameters == NULL) {
+ throw NullPointerException(__FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL.");
}
}
////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters, const std::string& host, int port,
- const InetAddress* localAddress, int localPort ) :
- SSLSocket( host, port, localAddress, localPort ),
- data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters, const std::string& host, int port, const InetAddress* localAddress, int localPort) :
+ SSLSocket(host, port, localAddress, localPort), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
- if( parameters == NULL ) {
- throw NullPointerException(
- __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+ if (parameters == NULL) {
+ throw NullPointerException(__FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL.");
}
}
////////////////////////////////////////////////////////////////////////////////
OpenSSLSocket::~OpenSSLSocket() {
- try{
+ try {
SSLSocket::close();
#ifdef HAVE_OPENSSL
- if( this->parameters->getSSL() ) {
- SSL_set_shutdown( this->parameters->getSSL(), SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN );
- SSL_shutdown( this->parameters->getSSL() );
+ if (this->parameters->getSSL()) {
+ SSL_set_shutdown(this->parameters->getSSL(), SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+ SSL_shutdown(this->parameters->getSSL());
}
#endif
@@ -167,40 +155,36 @@ OpenSSLSocket::~OpenSSLSocket() {
delete input;
delete output;
}
- DECAF_CATCH_NOTHROW( Exception )
- DECAF_CATCHALL_NOTHROW()
-}
+ DECAF_CATCH_NOTHROW(Exception)
+ DECAF_CATCHALL_NOTHROW()}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::connect( const std::string& host, int port, int timeout ) {
+void OpenSSLSocket::connect(const std::string& host, int port, int timeout) {
- try{
+ try {
#ifdef HAVE_OPENSSL
// Perform the actual Socket connection work
- SSLSocket::connect( host, port, timeout );
+ SSLSocket::connect(host, port, timeout);
// If we actually connected then we can connect the Socket to an OpenSSL
// BIO filter so that we can use it in OpenSSL APIs.
- if( isConnected() ) {
+ if (isConnected()) {
- BIO* bio = BIO_new( BIO_s_socket() );
- if( !bio ) {
- throw SocketException(
- __FILE__, __LINE__, "Failed to create SSL IO Bindings");
+ BIO* bio = BIO_new(BIO_s_socket());
+ if (!bio) {
+ throw SocketException(__FILE__, __LINE__, "Failed to create SSL IO Bindings");
}
- const SocketFileDescriptor* fd =
- dynamic_cast<const SocketFileDescriptor*>( this->impl->getFileDescriptor() );
+ const SocketFileDescriptor* fd = dynamic_cast<const SocketFileDescriptor*>(this->impl->getFileDescriptor());
- if( fd == NULL ) {
- throw SocketException(
- __FILE__, __LINE__, "Invalid File Descriptor returned from Socket" );
+ if (fd == NULL) {
+ throw SocketException(__FILE__, __LINE__, "Invalid File Descriptor returned from Socket");
}
- BIO_set_fd( bio, (int)fd->getValue(), BIO_NOCLOSE );
- SSL_set_bio( this->parameters->getSSL(), bio, bio );
+ BIO_set_fd(bio, (int )fd->getValue(), BIO_NOCLOSE);
+ SSL_set_bio(this->parameters->getSSL(), bio, bio);
// Later when startHandshake is called we will check for this common name
// in the provided certificate
@@ -210,33 +194,33 @@ void OpenSSLSocket::connect( const std::
throw SocketException( __FILE__, __LINE__, "Not Supported" );
#endif
}
- DECAF_CATCH_RETHROW( IOException )
- DECAF_CATCH_RETHROW( IllegalArgumentException )
- DECAF_CATCH_EXCEPTION_CONVERT( Exception, IOException )
- DECAF_CATCHALL_THROW( IOException )
+ DECAF_CATCH_RETHROW(IOException)
+ DECAF_CATCH_RETHROW(IllegalArgumentException)
+ DECAF_CATCH_EXCEPTION_CONVERT(Exception, IOException)
+ DECAF_CATCHALL_THROW(IOException)
}
////////////////////////////////////////////////////////////////////////////////
void OpenSSLSocket::close() {
- try{
+ try {
- if( isClosed() ) {
+ if (isClosed()) {
return;
}
SSLSocket::close();
- if( this->input != NULL ) {
+ if (this->input != NULL) {
this->input->close();
}
- if( this->output != NULL ) {
+ if (this->output != NULL) {
this->output->close();
}
}
- DECAF_CATCH_RETHROW( IOException )
- DECAF_CATCH_EXCEPTION_CONVERT( Exception, IOException )
- DECAF_CATCHALL_THROW( IOException )
+ DECAF_CATCH_RETHROW(IOException)
+ DECAF_CATCH_EXCEPTION_CONVERT(Exception, IOException)
+ DECAF_CATCHALL_THROW(IOException)
}
////////////////////////////////////////////////////////////////////////////////
@@ -244,16 +228,16 @@ decaf::io::InputStream* OpenSSLSocket::g
checkClosed();
- try{
- if( this->input == NULL ) {
- this->input = new OpenSSLSocketInputStream( this );
+ try {
+ if (this->input == NULL) {
+ this->input = new OpenSSLSocketInputStream(this);
}
return this->input;
}
- DECAF_CATCH_RETHROW( IOException )
- DECAF_CATCH_EXCEPTION_CONVERT( Exception, IOException )
- DECAF_CATCHALL_THROW( IOException )
+ DECAF_CATCH_RETHROW(IOException)
+ DECAF_CATCH_EXCEPTION_CONVERT(Exception, IOException)
+ DECAF_CATCHALL_THROW(IOException)
}
////////////////////////////////////////////////////////////////////////////////
@@ -261,44 +245,55 @@ decaf::io::OutputStream* OpenSSLSocket::
checkClosed();
- try{
- if( this->output == NULL ) {
- this->output = new OpenSSLSocketOutputStream( this );
+ try {
+ if (this->output == NULL) {
+ this->output = new OpenSSLSocketOutputStream(this);
}
return this->output;
}
- DECAF_CATCH_RETHROW( IOException )
- DECAF_CATCH_EXCEPTION_CONVERT( Exception, IOException )
- DECAF_CATCHALL_THROW( IOException )
+ DECAF_CATCH_RETHROW(IOException)
+ DECAF_CATCH_EXCEPTION_CONVERT(Exception, IOException)
+ DECAF_CATCHALL_THROW(IOException)
}
////////////////////////////////////////////////////////////////////////////////
void OpenSSLSocket::shutdownInput() {
-
- throw SocketException(
- __FILE__, __LINE__, "Not supported for SSL Sockets" );
+ throw SocketException(__FILE__, __LINE__, "Not supported for SSL Sockets");
}
////////////////////////////////////////////////////////////////////////////////
void OpenSSLSocket::shutdownOutput() {
-
- throw SocketException(
- __FILE__, __LINE__, "Not supported for SSL Sockets" );
+ throw SocketException(__FILE__, __LINE__, "Not supported for SSL Sockets");
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setOOBInline( bool value DECAF_UNUSED ) {
+void OpenSSLSocket::setOOBInline(bool value DECAF_UNUSED) {
+ throw SocketException(__FILE__, __LINE__, "Not supported for SSL Sockets");
+}
- throw SocketException(
- __FILE__, __LINE__, "Not supported for SSL Sockets" );
+////////////////////////////////////////////////////////////////////////////////
+void OpenSSLSocket::sendUrgentData(int data DECAF_UNUSED) {
+ throw SocketException(__FILE__, __LINE__, "Not supported for SSL Sockets");
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::sendUrgentData( int data DECAF_UNUSED ) {
+decaf::net::ssl::SSLParameters OpenSSLSocket::getSSLParameters() const {
+
+ SSLParameters params(this->getEnabledCipherSuites(), this->getEnabledProtocols());
- throw SocketException(
- __FILE__, __LINE__, "Not supported for SSL Sockets" );
+ params.setServerNames(this->parameters->getServerNames());
+ params.setNeedClientAuth(this->parameters->getNeedClientAuth());
+ params.setWantClientAuth(this->parameters->getWantClientAuth());
+
+ return params;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+void OpenSSLSocket::setSSLParameters(const decaf::net::ssl::SSLParameters& value) {
+ this->parameters->setEnabledCipherSuites(value.getCipherSuites());
+ this->parameters->setEnabledProtocols(value.getProtocols());
+ this->parameters->setServerNames(value.getServerNames());
}
////////////////////////////////////////////////////////////////////////////////
@@ -317,8 +312,8 @@ std::vector<std::string> OpenSSLSocket::
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setEnabledCipherSuites( const std::vector<std::string>& suites ) {
- this->parameters->setEnabledCipherSuites( suites );
+void OpenSSLSocket::setEnabledCipherSuites(const std::vector<std::string>& suites) {
+ this->parameters->setEnabledCipherSuites(suites);
}
////////////////////////////////////////////////////////////////////////////////
@@ -327,19 +322,19 @@ std::vector<std::string> OpenSSLSocket::
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setEnabledProtocols( const std::vector<std::string>& protocols ) {
- this->parameters->setEnabledProtocols( protocols );
+void OpenSSLSocket::setEnabledProtocols(const std::vector<std::string>& protocols) {
+ this->parameters->setEnabledProtocols(protocols);
}
////////////////////////////////////////////////////////////////////////////////
void OpenSSLSocket::startHandshake() {
- if( !this->isConnected() ) {
- throw IOException( __FILE__, __LINE__, "Socket is not connected." );
+ if (!this->isConnected()) {
+ throw IOException(__FILE__, __LINE__, "Socket is not connected.");
}
- if( this->isClosed() ) {
- throw IOException( __FILE__, __LINE__, "Socket already closed." );
+ if (this->isClosed()) {
+ throw IOException(__FILE__, __LINE__, "Socket already closed.");
}
try {
@@ -347,68 +342,73 @@ void OpenSSLSocket::startHandshake() {
#ifdef HAVE_OPENSSL
synchronized( &(this->data->handshakeLock ) ) {
- if( this->data->handshakeStarted ) {
+ if (this->data->handshakeStarted) {
return;
}
this->data->handshakeStarted = true;
- bool peerVerifyDisabled =
- Boolean::parseBoolean( System::getProperty( "decaf.net.ssl.disablePeerVerification", "false" ) );
+ bool peerVerifyDisabled = Boolean::parseBoolean(System::getProperty("decaf.net.ssl.disablePeerVerification", "false"));
- if( this->parameters->getUseClientMode() ) {
+ if (this->parameters->getUseClientMode()) {
// Since we are a client we want to enforce peer verification, we set a
// callback so we can collect data on why a verify failed for debugging.
- if(!peerVerifyDisabled) {
- SSL_set_verify( this->parameters->getSSL(), SSL_VERIFY_PEER, SocketData::verifyCallback );
+ if (!peerVerifyDisabled) {
+ SSL_set_verify(this->parameters->getSSL(), SSL_VERIFY_PEER, SocketData::verifyCallback);
} else {
- SSL_set_verify( this->parameters->getSSL(), SSL_VERIFY_NONE, NULL );
+ SSL_set_verify(this->parameters->getSSL(), SSL_VERIFY_NONE, NULL);
+ }
+
+ std::vector<std::string> serverNames = this->parameters->getServerNames();
+ if (!serverNames.empty()) {
+ std::string serverName = serverNames.at(0);
+ SSL_set_tlsext_host_name(this->parameters->getSSL(), serverName.c_str());
}
- int result = SSL_connect( this->parameters->getSSL() );
+ int result = SSL_connect(this->parameters->getSSL());
// Checks the error status, when things go right we still perform a deeper
// check on the provided certificate to ensure that it matches the host name
// that we connected to, this prevents someone from using any certificate
// signed by a signing authority that we trust.
- switch( SSL_get_error( this->parameters->getSSL(), result ) ) {
- case SSL_ERROR_NONE:
- if(!peerVerifyDisabled) {
- verifyServerCert( this->data->commonName );
- }
- break;
- case SSL_ERROR_SSL:
- case SSL_ERROR_ZERO_RETURN:
- case SSL_ERROR_SYSCALL:
- SSLSocket::close();
- throw OpenSSLSocketException( __FILE__, __LINE__ );
+ switch (SSL_get_error(this->parameters->getSSL(), result)) {
+ case SSL_ERROR_NONE:
+ if (!peerVerifyDisabled) {
+ verifyServerCert(this->data->commonName);
+ }
+ break;
+ case SSL_ERROR_SSL:
+ case SSL_ERROR_ZERO_RETURN:
+ case SSL_ERROR_SYSCALL:
+ SSLSocket::close();
+ throw OpenSSLSocketException(__FILE__, __LINE__);
}
- } else { // We are in Server Mode.
+ } else { // We are in Server Mode.
int mode = SSL_VERIFY_NONE;
- if(!peerVerifyDisabled) {
+ if (!peerVerifyDisabled) {
- if( this->parameters->getWantClientAuth() ) {
+ if (this->parameters->getWantClientAuth()) {
mode = SSL_VERIFY_PEER;
}
- if( this->parameters->getNeedClientAuth() ) {
+ if (this->parameters->getNeedClientAuth()) {
mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
}
}
- // Since we are a client we want to enforce peer verification, we set a
+ // Since we are a server we want to enforce peer verification, we set a
// callback so we can collect data on why a verify failed for debugging.
- SSL_set_verify( this->parameters->getSSL(), mode, SocketData::verifyCallback );
+ SSL_set_verify(this->parameters->getSSL(), mode, SocketData::verifyCallback);
- int result = SSL_accept( this->parameters->getSSL() );
+ int result = SSL_accept(this->parameters->getSSL());
- if( result != SSL_ERROR_NONE ) {
+ if (result != SSL_ERROR_NONE) {
SSLSocket::close();
- throw OpenSSLSocketException( __FILE__, __LINE__ );
+ throw OpenSSLSocketException(__FILE__, __LINE__);
}
}
@@ -418,20 +418,20 @@ void OpenSSLSocket::startHandshake() {
throw IOException( __FILE__, __LINE__, "SSL Not Supported." );
#endif
}
- DECAF_CATCH_RETHROW( IOException )
- DECAF_CATCHALL_THROW( IOException )
+ DECAF_CATCH_RETHROW(IOException)
+ DECAF_CATCHALL_THROW(IOException)
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setUseClientMode( bool value ) {
+void OpenSSLSocket::setUseClientMode(bool value) {
synchronized( &( this->data->handshakeLock ) ) {
- if( this->data->handshakeStarted ) {
- throw IllegalArgumentException(
- __FILE__, __LINE__, "Handshake has already been started cannot change mode." );
+ if (this->data->handshakeStarted) {
+ throw IllegalArgumentException(__FILE__, __LINE__,
+ "Handshake has already been started cannot change mode.");
}
- this->parameters->setUseClientMode( value );
+ this->parameters->setUseClientMode(value);
}
}
@@ -441,8 +441,8 @@ bool OpenSSLSocket::getUseClientMode() c
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setNeedClientAuth( bool value ) {
- this->parameters->setNeedClientAuth( value );
+void OpenSSLSocket::setNeedClientAuth(bool value) {
+ this->parameters->setNeedClientAuth(value);
}
////////////////////////////////////////////////////////////////////////////////
@@ -451,8 +451,8 @@ bool OpenSSLSocket::getNeedClientAuth()
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setWantClientAuth( bool value ) {
- this->parameters->setWantClientAuth( value );
+void OpenSSLSocket::setWantClientAuth(bool value) {
+ this->parameters->setWantClientAuth(value);
}
////////////////////////////////////////////////////////////////////////////////
@@ -461,151 +461,145 @@ bool OpenSSLSocket::getWantClientAuth()
}
////////////////////////////////////////////////////////////////////////////////
-int OpenSSLSocket::read( unsigned char* buffer, int size, int offset, int length ) {
+int OpenSSLSocket::read(unsigned char* buffer, int size, int offset, int length) {
- try{
- if( this->isClosed() ){
- throw IOException(
- __FILE__, __LINE__, "The Stream has been closed" );
+ try {
+ if (this->isClosed()) {
+ throw IOException(__FILE__, __LINE__, "The Stream has been closed");
}
- if( this->isInputShutdown() == true ) {
+ if (this->isInputShutdown() == true) {
return -1;
}
- if( length == 0 ) {
+ if (length == 0) {
return 0;
}
- if( buffer == NULL ) {
- throw NullPointerException(
- __FILE__, __LINE__, "Buffer passed is Null" );
+ if (buffer == NULL) {
+ throw NullPointerException(__FILE__, __LINE__, "Buffer passed is Null");
}
- if( size < 0 ) {
- throw IndexOutOfBoundsException(
- __FILE__, __LINE__, "size parameter out of Bounds: %d.", size );
+ if (size < 0) {
+ throw IndexOutOfBoundsException(__FILE__, __LINE__,
+ "size parameter out of Bounds: %d.", size);
}
- if( offset > size || offset < 0 ) {
- throw IndexOutOfBoundsException(
- __FILE__, __LINE__, "offset parameter out of Bounds: %d.", offset );
+ if (offset > size || offset < 0) {
+ throw IndexOutOfBoundsException(__FILE__, __LINE__,
+ "offset parameter out of Bounds: %d.", offset);
}
- if( length < 0 || length > size - offset ) {
- throw IndexOutOfBoundsException(
- __FILE__, __LINE__, "length parameter out of Bounds: %d.", length );
+ if (length < 0 || length > size - offset) {
+ throw IndexOutOfBoundsException(__FILE__, __LINE__,
+ "length parameter out of Bounds: %d.", length);
}
#ifdef HAVE_OPENSSL
- if( !this->data->handshakeCompleted ) {
+ if (!this->data->handshakeCompleted) {
this->startHandshake();
}
// Read data from the socket.
- int result = SSL_read( this->parameters->getSSL(), buffer + offset, length );
+ int result = SSL_read(this->parameters->getSSL(), buffer + offset, length);
- switch( SSL_get_error( this->parameters->getSSL(), result ) ) {
- case SSL_ERROR_NONE:
- return result;
- case SSL_ERROR_ZERO_RETURN:
- if( !isClosed() ) {
- this->shutdownInput();
- return -1;
- }
- default:
- throw OpenSSLSocketException( __FILE__, __LINE__ );
+ switch (SSL_get_error(this->parameters->getSSL(), result)) {
+ case SSL_ERROR_NONE:
+ return result;
+ case SSL_ERROR_ZERO_RETURN:
+ if (!isClosed()) {
+ this->shutdownInput();
+ return -1;
+ }
+ default:
+ throw OpenSSLSocketException(__FILE__, __LINE__);
}
#else
throw SocketException( __FILE__, __LINE__, "Not Supported" );
#endif
}
- DECAF_CATCH_RETHROW( IOException )
- DECAF_CATCH_RETHROW( NullPointerException )
- DECAF_CATCH_RETHROW( IndexOutOfBoundsException )
- DECAF_CATCHALL_THROW( IOException )
+ DECAF_CATCH_RETHROW(IOException)
+ DECAF_CATCH_RETHROW(NullPointerException)
+ DECAF_CATCH_RETHROW(IndexOutOfBoundsException)
+ DECAF_CATCHALL_THROW(IOException)
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::write( const unsigned char* buffer, int size, int offset, int length ) {
+void OpenSSLSocket::write(const unsigned char* buffer, int size, int offset, int length) {
- try{
+ try {
- if( length == 0 ) {
+ if (length == 0) {
return;
}
- if( buffer == NULL ) {
- throw NullPointerException(
- __FILE__, __LINE__,
- "TcpSocketOutputStream::write - passed buffer is null" );
+ if (buffer == NULL) {
+ throw NullPointerException(__FILE__, __LINE__,
+ "TcpSocketOutputStream::write - passed buffer is null");
}
- if( isClosed() ) {
- throw IOException(
- __FILE__, __LINE__,
- "TcpSocketOutputStream::write - This Stream has been closed." );
+ if (isClosed()) {
+ throw IOException(__FILE__, __LINE__,
+ "TcpSocketOutputStream::write - This Stream has been closed.");
}
- if( size < 0 ) {
- throw IndexOutOfBoundsException(
- __FILE__, __LINE__, "size parameter out of Bounds: %d.", size );
+ if (size < 0) {
+ throw IndexOutOfBoundsException(__FILE__, __LINE__,
+ "size parameter out of Bounds: %d.", size);
}
- if( offset > size || offset < 0 ) {
- throw IndexOutOfBoundsException(
- __FILE__, __LINE__, "offset parameter out of Bounds: %d.", offset );
+ if (offset > size || offset < 0) {
+ throw IndexOutOfBoundsException(__FILE__, __LINE__,
+ "offset parameter out of Bounds: %d.", offset);
}
- if( length < 0 || length > size - offset ) {
- throw IndexOutOfBoundsException(
- __FILE__, __LINE__, "length parameter out of Bounds: %d.", length );
+ if (length < 0 || length > size - offset) {
+ throw IndexOutOfBoundsException(__FILE__, __LINE__,
+ "length parameter out of Bounds: %d.", length);
}
#ifdef HAVE_OPENSSL
- if( !this->data->handshakeCompleted ) {
+ if (!this->data->handshakeCompleted) {
this->startHandshake();
}
int remaining = length;
- while( remaining > 0 && !isClosed() ) {
+ while (remaining > 0 && !isClosed()) {
- int written = SSL_write( this->parameters->getSSL(), buffer + offset, remaining );
+ int written = SSL_write(this->parameters->getSSL(), buffer + offset, remaining);
- switch( SSL_get_error( this->parameters->getSSL(), written ) ) {
- case SSL_ERROR_NONE:
- offset += written;
- remaining -= written;
- break;
- case SSL_ERROR_ZERO_RETURN:
- throw SocketException(
- __FILE__, __LINE__,
- "The connection was broken unexpectedly." );
- default:
- throw OpenSSLSocketException( __FILE__, __LINE__ );
+ switch (SSL_get_error(this->parameters->getSSL(), written)) {
+ case SSL_ERROR_NONE:
+ offset += written;
+ remaining -= written;
+ break;
+ case SSL_ERROR_ZERO_RETURN:
+ throw SocketException(__FILE__, __LINE__, "The connection was broken unexpectedly.");
+ default:
+ throw OpenSSLSocketException(__FILE__, __LINE__);
}
}
#else
throw SocketException( __FILE__, __LINE__, "Not Supported" );
#endif
}
- DECAF_CATCH_RETHROW( IOException )
- DECAF_CATCH_RETHROW( NullPointerException )
- DECAF_CATCH_RETHROW( IndexOutOfBoundsException )
- DECAF_CATCHALL_THROW( IOException )
+ DECAF_CATCH_RETHROW(IOException)
+ DECAF_CATCH_RETHROW(NullPointerException)
+ DECAF_CATCH_RETHROW(IndexOutOfBoundsException)
+ DECAF_CATCHALL_THROW(IOException)
}
////////////////////////////////////////////////////////////////////////////////
int OpenSSLSocket::available() {
- try{
+ try {
#ifdef HAVE_OPENSSL
- if( !isClosed() ) {
- return SSL_pending( this->parameters->getSSL() );
+ if (!isClosed()) {
+ return SSL_pending(this->parameters->getSSL());
}
#else
throw SocketException( __FILE__, __LINE__, "Not Supported" );
@@ -613,28 +607,26 @@ int OpenSSLSocket::available() {
return -1;
}
- DECAF_CATCH_RETHROW( IOException )
- DECAF_CATCHALL_THROW( IOException )
+ DECAF_CATCH_RETHROW(IOException)
+ DECAF_CATCHALL_THROW(IOException)
}
////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::verifyServerCert( const std::string& serverName ) {
+void OpenSSLSocket::verifyServerCert(const std::string& serverName) {
#ifdef HAVE_OPENSSL
- X509* cert = SSL_get_peer_certificate( this->parameters->getSSL() );
+ X509* cert = SSL_get_peer_certificate(this->parameters->getSSL());
- if( cert == NULL ) {
+ if (cert == NULL) {
this->close();
- throw OpenSSLSocketException(
- __FILE__, __LINE__,
- "No server certificate for verify for host: %s", serverName.c_str() );
+ throw OpenSSLSocketException(__FILE__, __LINE__, "No server certificate for verify for host: %s", serverName.c_str());
}
class Finalizer {
private:
- Finalizer( const Finalizer& );
- Finalizer& operator= ( const Finalizer& );
+ Finalizer(const Finalizer&);
+ Finalizer& operator=(const Finalizer&);
private:
@@ -642,49 +634,46 @@ void OpenSSLSocket::verifyServerCert( co
public:
- Finalizer( X509* cert ) : cert( cert ) {
- }
-
+ Finalizer(X509* cert) : cert(cert) {}
~Finalizer() {
- if( cert != NULL ) {
- X509_free( cert );
+ if (cert != NULL) {
+ X509_free(cert);
}
}
};
// Store the Certificate to be cleaned up when the method returns
- Finalizer final( cert );
+ Finalizer final(cert);
// We check the extensions first since newer x509v3 Certificates are recommended
// to store the FQDN in the dsnName field of the subjectAltName extension. If we
// don't find it there then we can check the commonName field which is where older
// Certificates placed the FQDN.
- int extensions = X509_get_ext_count( cert );
+ int extensions = X509_get_ext_count(cert);
- for( int ix = 0; ix < extensions; ix++ ) {
+ for (int ix = 0; ix < extensions; ix++) {
- X509_EXTENSION* extension = X509_get_ext( cert, ix );
- const char* extensionName = OBJ_nid2sn( OBJ_obj2nid( X509_EXTENSION_get_object( extension ) ) );
+ X509_EXTENSION* extension = X509_get_ext(cert, ix);
+ const char* extensionName = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
- if( StringUtils::compare( "subjectAltName", extensionName ) == 0 ) {
+ if (StringUtils::compare("subjectAltName", extensionName) == 0) {
- X509V3_EXT_METHOD* method = (X509V3_EXT_METHOD*)X509V3_EXT_get( extension );
- if( method == NULL ) {
+ X509V3_EXT_METHOD* method = (X509V3_EXT_METHOD*) X509V3_EXT_get(extension);
+ if (method == NULL) {
break;
}
const unsigned char* data = extension->value->data;
- STACK_OF(CONF_VALUE)* confValue =
- method->i2v( method, method->it ?
- ASN1_item_d2i(NULL, &data, extension->value->length, ASN1_ITEM_ptr(method->it)) :
- method->d2i( NULL, &data, extension->value->length ), NULL );
+ STACK_OF(CONF_VALUE)* confValue = method->i2v(method,
+ method->it ?
+ ASN1_item_d2i(NULL, &data, extension->value->length, ASN1_ITEM_ptr(method->it)) :
+ method->d2i(NULL, &data, extension->value->length), NULL);
CONF_VALUE* value = NULL;
- for( int iy = 0; iy < sk_CONF_VALUE_num( confValue ); iy++ ) {
+ for (int iy = 0; iy < sk_CONF_VALUE_num( confValue ); iy++) {
value = sk_CONF_VALUE_value( confValue, iy );
- if( ( StringUtils::compare( value->name, "DNS" ) == 0 ) &&
- StringUtils::compare( value->value, serverName.c_str() ) == 0 ) {
+ if ((StringUtils::compare(value->name, "DNS") == 0) && StringUtils::compare(value->value, serverName.c_str()) == 0) {
// Found it.
return;
@@ -693,18 +682,18 @@ void OpenSSLSocket::verifyServerCert( co
}
}
- X509_NAME* subject = X509_get_subject_name( cert );
+ X509_NAME* subject = X509_get_subject_name(cert);
char buffer[256];
- if( subject != NULL && X509_NAME_get_text_by_NID( subject, NID_commonName, buffer, 256 ) > 0 ) {
+ if (subject != NULL && X509_NAME_get_text_by_NID(subject, NID_commonName, buffer, 256) > 0) {
buffer[255] = 0;
- if( StringUtils::compare( buffer, serverName.c_str() ) == 0 ) {
+ if (StringUtils::compare(buffer, serverName.c_str()) == 0) {
return;
}
}
// We got here so no match to serverName in the Certificate
- throw OpenSSLSocketException(
- __FILE__, __LINE__, "Server Certificate Name doesn't match the URI Host Name value." );
+ throw OpenSSLSocketException(__FILE__, __LINE__,
+ "Server Certificate Name doesn't match the URI Host Name value.");
#endif
}
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h Wed Aug 7 19:34:50 2013
@@ -40,7 +40,7 @@ namespace openssl {
*
* @since 1.0
*/
- class DECAF_API OpenSSLSocket : public decaf::net::ssl::SSLSocket {
+ class DECAF_API OpenSSLSocket: public decaf::net::ssl::SSLSocket {
private:
// Private data related to the OpenSSL Socket impl.
@@ -57,31 +57,30 @@ namespace openssl {
private:
- OpenSSLSocket( const OpenSSLSocket& );
- OpenSSLSocket& operator= ( const OpenSSLSocket& );
+ OpenSSLSocket(const OpenSSLSocket&);
+ OpenSSLSocket& operator=(const OpenSSLSocket&);
public:
- OpenSSLSocket( OpenSSLParameters* parameters );
+ OpenSSLSocket(OpenSSLParameters* parameters);
- OpenSSLSocket( OpenSSLParameters* parameters, const decaf::net::InetAddress* address, int port );
+ OpenSSLSocket(OpenSSLParameters* parameters, const decaf::net::InetAddress* address, int port);
- OpenSSLSocket( OpenSSLParameters* parameters, const decaf::net::InetAddress* address, int port,
- const decaf::net::InetAddress* localAddress, int localPort );
+ OpenSSLSocket(OpenSSLParameters* parameters, const decaf::net::InetAddress* address, int port, const decaf::net::InetAddress* localAddress, int localPort);
- OpenSSLSocket( OpenSSLParameters* parameters, const std::string& host, int port );
+ OpenSSLSocket(OpenSSLParameters* parameters, const std::string& host, int port);
- OpenSSLSocket( OpenSSLParameters* parameters, const std::string& host, int port,
- const decaf::net::InetAddress* localAddress, int localPort );
+ OpenSSLSocket(OpenSSLParameters* parameters, const std::string& host, int port, const decaf::net::InetAddress* localAddress, int localPort);
virtual ~OpenSSLSocket();
- public: // Socket Overrides.
+ public:
+ // Socket Overrides.
/**
* {@inheritDoc}
*/
- virtual void connect( const std::string& host, int port, int timeout );
+ virtual void connect(const std::string& host, int port, int timeout);
/**
* {@inheritDoc}
@@ -111,14 +110,24 @@ namespace openssl {
/**
* {@inheritDoc}
*/
- virtual void setOOBInline( bool value );
+ virtual void setOOBInline(bool value);
/**
* {@inheritDoc}
*/
- virtual void sendUrgentData( int data );
+ virtual void sendUrgentData(int data);
+
+ public: // SSLSocket Overrides
- public: // SSLSocket Overrides
+ /**
+ * {@inheritDoc}
+ */
+ virtual decaf::net::ssl::SSLParameters getSSLParameters() const;
+
+ /**
+ * {@inheritDoc}
+ */
+ virtual void setSSLParameters(const decaf::net::ssl::SSLParameters& value);
/**
* {@inheritDoc}
@@ -138,7 +147,7 @@ namespace openssl {
/**
* {@inheritDoc}
*/
- virtual void setEnabledCipherSuites( const std::vector<std::string>& suites );
+ virtual void setEnabledCipherSuites(const std::vector<std::string>& suites);
/**
* {@inheritDoc}
@@ -148,7 +157,7 @@ namespace openssl {
/**
* {@inheritDoc}
*/
- virtual void setEnabledProtocols( const std::vector<std::string>& protocols );
+ virtual void setEnabledProtocols(const std::vector<std::string>& protocols);
/**
* {@inheritDoc}
@@ -158,7 +167,7 @@ namespace openssl {
/**
* {@inheritDoc}
*/
- virtual void setUseClientMode( bool value );
+ virtual void setUseClientMode(bool value);
/**
* {@inheritDoc}
@@ -168,7 +177,7 @@ namespace openssl {
/**
* {@inheritDoc}
*/
- virtual void setNeedClientAuth( bool value );
+ virtual void setNeedClientAuth(bool value);
/**
* {@inheritDoc}
@@ -178,7 +187,7 @@ namespace openssl {
/**
* {@inheritDoc}
*/
- virtual void setWantClientAuth( bool value );
+ virtual void setWantClientAuth(bool value);
/**
* {@inheritDoc}
@@ -205,7 +214,7 @@ namespace openssl {
* @throw NullPointerException if buffer is Null.
* @throw IndexOutOfBoundsException if offset + length is greater than buffer size.
*/
- int read( unsigned char* buffer, int size, int offset, int length );
+ int read(unsigned char* buffer, int size, int offset, int length);
/**
* Writes the specified data in the passed in buffer to the Socket.
@@ -223,7 +232,7 @@ namespace openssl {
* @throw NullPointerException if buffer is Null.
* @throw IndexOutOfBoundsException if offset + length is greater than buffer size.
*/
- void write( const unsigned char* buffer, int size, int offset, int length );
+ void write(const unsigned char* buffer, int size, int offset, int length);
/**
* Gets the number of bytes in the Socket buffer that can be read without blocking.
@@ -238,7 +247,7 @@ namespace openssl {
// Perform some additional checks on the Server's Certificate to ensure that
// its really valid.
- void verifyServerCert( const std::string& serverName );
+ void verifyServerCert(const std::string& serverName);
};
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp Wed Aug 7 19:34:50 2013
@@ -22,18 +22,18 @@ using namespace decaf::net;
using namespace decaf::net::ssl;
////////////////////////////////////////////////////////////////////////////////
-SSLParameters::SSLParameters() : cipherSuites(), protocols(), needClientAuth( false ), wantClientAuth( false ) {
+SSLParameters::SSLParameters() :
+ cipherSuites(), protocols(), serverNames(), needClientAuth(false), wantClientAuth(false) {
}
////////////////////////////////////////////////////////////////////////////////
-SSLParameters::SSLParameters( const std::vector<std::string>& cipherSuites ) :
- cipherSuites( cipherSuites ), protocols(), needClientAuth( false ), wantClientAuth( false ) {
+SSLParameters::SSLParameters(const std::vector<std::string>& cipherSuites) :
+ cipherSuites(cipherSuites), protocols(), serverNames(), needClientAuth(false), wantClientAuth(false) {
}
////////////////////////////////////////////////////////////////////////////////
-SSLParameters::SSLParameters( const std::vector<std::string>& cipherSuites,
- const std::vector<std::string>& protocols ) :
- cipherSuites( cipherSuites ), protocols( protocols ), needClientAuth( false ), wantClientAuth( false ) {
+SSLParameters::SSLParameters(const std::vector<std::string>& cipherSuites, const std::vector<std::string>& protocols) :
+ cipherSuites(cipherSuites), protocols(protocols), serverNames(), needClientAuth(false), wantClientAuth(false) {
}
////////////////////////////////////////////////////////////////////////////////
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h Wed Aug 7 19:34:50 2013
@@ -32,6 +32,7 @@ namespace ssl {
std::vector<std::string> cipherSuites;
std::vector<std::string> protocols;
+ std::vector<std::string> serverNames;
bool needClientAuth;
bool wantClientAuth;
@@ -50,7 +51,7 @@ namespace ssl {
* @param cipherSuites
* The vector of cipherSuites for this SSLParameters instance (can be empty).
*/
- SSLParameters( const std::vector<std::string>& cipherSuites );
+ SSLParameters(const std::vector<std::string>& cipherSuites);
/**
* Creates a new SSLParameters instance with the given cipherSuites value and protocols
@@ -61,8 +62,7 @@ namespace ssl {
* @param protocols
* The vector of protocols for this SSLParameters instance (can be empty).
*/
- SSLParameters( const std::vector<std::string>& cipherSuites,
- const std::vector<std::string>& protocols );
+ SSLParameters(const std::vector<std::string>& cipherSuites, const std::vector<std::string>& protocols);
virtual ~SSLParameters();
@@ -79,7 +79,7 @@ namespace ssl {
* @param cipherSuites
* The vector of cipherSuites (can be an empty vector).
*/
- void setCipherSuites( const std::vector<std::string>& cipherSuites ) {
+ void setCipherSuites(const std::vector<std::string>& cipherSuites) {
this->cipherSuites = cipherSuites;
}
@@ -96,7 +96,7 @@ namespace ssl {
* @param protocols
* the vector of protocols (or an empty vector)
*/
- void setProtocols( const std::vector<std::string>& protocols ) {
+ void setProtocols(const std::vector<std::string>& protocols) {
this->protocols = protocols;
}
@@ -113,7 +113,7 @@ namespace ssl {
*
* @param whether client authentication should be requested.
*/
- void setWantClientAuth( bool wantClientAuth ) {
+ void setWantClientAuth(bool wantClientAuth) {
this->wantClientAuth = wantClientAuth;
this->needClientAuth = false;
}
@@ -132,11 +132,34 @@ namespace ssl {
* @param needClientAuth
* whether client authentication should be required.
*/
- void setNeedClientAuth( bool needClientAuth ) {
+ void setNeedClientAuth(bool needClientAuth) {
this->needClientAuth = needClientAuth;
this->wantClientAuth = false;
}
+ /**
+ * Sets the Server Names that this client wants to encode for use during the
+ * SSL Handshaking phase. The list is copied so the values cannot be changed
+ * later.
+ *
+ * @param serverNames
+ * The server name to encode into the SSL handshake.
+ */
+ void setServerNames(const std::vector<std::string>& serverNames) {
+ this->serverNames = serverNames;
+ }
+
+ /**
+ * Gets the currently set list of server names used. This method returns a copy
+ * of the list so that it cannot be modified. If updates are needed a new list
+ * must be set via {#setServerNames}.
+ *
+ * @returns a list of server names if any were previously configured.
+ */
+ std::vector<std::string> getServerNames() const {
+ return this->serverNames;
+ }
+
};
}}}
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp Wed Aug 7 19:34:50 2013
@@ -30,21 +30,19 @@ SSLSocket::SSLSocket() : Socket() {
}
////////////////////////////////////////////////////////////////////////////////
-SSLSocket::SSLSocket( const InetAddress* address, int port ) : Socket( address, port ) {
+SSLSocket::SSLSocket(const InetAddress* address, int port) : Socket(address, port) {
}
////////////////////////////////////////////////////////////////////////////////
-SSLSocket::SSLSocket( const InetAddress* address, int port, const InetAddress* localAddress, int localPort ) :
- Socket( address, port, localAddress, localPort ) {
+SSLSocket::SSLSocket(const InetAddress* address, int port, const InetAddress* localAddress, int localPort) : Socket(address, port, localAddress, localPort) {
}
////////////////////////////////////////////////////////////////////////////////
-SSLSocket::SSLSocket( const std::string& host, int port ) : Socket( host, port ) {
+SSLSocket::SSLSocket(const std::string& host, int port) : Socket(host, port) {
}
////////////////////////////////////////////////////////////////////////////////
-SSLSocket::SSLSocket( const std::string& host, int port, const InetAddress* localAddress, int localPort ) :
- Socket( host, port, localAddress, localPort ) {
+SSLSocket::SSLSocket(const std::string& host, int port, const InetAddress* localAddress, int localPort) : Socket(host, port, localAddress, localPort) {
}
////////////////////////////////////////////////////////////////////////////////
@@ -54,26 +52,25 @@ SSLSocket::~SSLSocket() {
////////////////////////////////////////////////////////////////////////////////
SSLParameters SSLSocket::getSSLParameters() const {
- SSLParameters params( this->getEnabledCipherSuites(),
- this->getEnabledProtocols() );
+ SSLParameters params(this->getEnabledCipherSuites(), this->getEnabledProtocols());
return params;
}
////////////////////////////////////////////////////////////////////////////////
-void SSLSocket::setSSLParameters( const SSLParameters& value ) {
+void SSLSocket::setSSLParameters(const SSLParameters& value) {
- try{
+ try {
- if( !value.getCipherSuites().empty() ) {
- this->setEnabledCipherSuites( value.getCipherSuites() );
+ if (!value.getCipherSuites().empty()) {
+ this->setEnabledCipherSuites(value.getCipherSuites());
}
- if( !value.getProtocols().empty() ) {
- this->setEnabledProtocols( value.getProtocols() );
+ if (!value.getProtocols().empty()) {
+ this->setEnabledProtocols(value.getProtocols());
}
}
- DECAF_CATCH_RETHROW( IllegalArgumentException )
- DECAF_CATCH_EXCEPTION_CONVERT( Exception, IllegalArgumentException )
- DECAF_CATCHALL_THROW( IllegalArgumentException )
+ DECAF_CATCH_RETHROW(IllegalArgumentException)
+ DECAF_CATCH_EXCEPTION_CONVERT(Exception, IllegalArgumentException)
+ DECAF_CATCHALL_THROW(IllegalArgumentException)
}
Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h Wed Aug 7 19:34:50 2013
@@ -51,7 +51,7 @@ namespace ssl {
* @throws NullPointerException if the InetAddress instance in NULL.
* @throws IllegalArgumentException if the port if not in range [0...65535]
*/
- SSLSocket( const InetAddress* address, int port );
+ SSLSocket(const InetAddress* address, int port);
/**
* Creates a new SSLSocket instance and connects it to the given address and port.
@@ -71,7 +71,7 @@ namespace ssl {
* @throws NullPointerException if the InetAddress instance in NULL.
* @throws IllegalArgumentException if the port if not in range [0...65535]
*/
- SSLSocket( const InetAddress* address, int port, const InetAddress* localAddress, int localPort );
+ SSLSocket(const InetAddress* address, int port, const InetAddress* localAddress, int localPort);
/**
* Creates a new SSLSocket instance and connects it to the given host and port.
@@ -87,7 +87,7 @@ namespace ssl {
* @throws IOException if an I/O error occurs while connecting the Socket.
* @throws IllegalArgumentException if the port if not in range [0...65535]
*/
- SSLSocket( const std::string& host, int port );
+ SSLSocket(const std::string& host, int port);
/**
* Creates a new SSLSocket instance and connects it to the given host and port.
@@ -107,7 +107,7 @@ namespace ssl {
* @throws IOException if an I/O error occurs while connecting the Socket.
* @throws IllegalArgumentException if the port if not in range [0...65535]
*/
- SSLSocket( const std::string& host, int port, const InetAddress* localAddress, int localPort );
+ SSLSocket(const std::string& host, int port, const InetAddress* localAddress, int localPort);
virtual ~SSLSocket();
@@ -147,7 +147,7 @@ namespace ssl {
*
* @throws IllegalArgumentException if the vector is empty or one of the names is invalid.
*/
- virtual void setEnabledCipherSuites( const std::vector<std::string>& suites ) = 0;
+ virtual void setEnabledCipherSuites(const std::vector<std::string>& suites) = 0;
/**
* Returns a vector containing the names of all the currently enabled Protocols for
@@ -167,7 +167,7 @@ namespace ssl {
*
* @throws IllegalArgumentException if the vector is empty or one of the names is invalid.
*/
- virtual void setEnabledProtocols( const std::vector<std::string>& protocols ) = 0;
+ virtual void setEnabledProtocols(const std::vector<std::string>& protocols) = 0;
/**
* Returns an SSLParameters object for this SSLSocket instance.
@@ -195,7 +195,7 @@ namespace ssl {
* @throws IllegalArgumentException if an error occurs while calling setEnabledCipherSuites
* or setEnabledProtocols.
*/
- virtual void setSSLParameters( const SSLParameters& value );
+ virtual void setSSLParameters(const SSLParameters& value);
/**
* Initiates a handshake for this SSL Connection, this can be necessary for several reasons such
@@ -221,7 +221,7 @@ namespace ssl {
*
* @throw IllegalArguementException if the handshake process has begun and mode is lcoked.
*/
- virtual void setUseClientMode( bool value ) = 0;
+ virtual void setUseClientMode(bool value) = 0;
/**
* Gets whether this Socket is in Client or Server mode, true indicates that the mode is
@@ -242,7 +242,7 @@ namespace ssl {
* @param value
* The value indicating if a client is required to authenticate itself or not.
*/
- virtual void setNeedClientAuth( bool value ) = 0;
+ virtual void setNeedClientAuth(bool value) = 0;
/**
* Returns if this socket is configured to require client authentication, true means that is has
@@ -265,7 +265,7 @@ namespace ssl {
* @param value
* The value indicating if a client is requested to authenticate itself or not.
*/
- virtual void setWantClientAuth( bool value ) = 0;
+ virtual void setWantClientAuth(bool value) = 0;
/**
* Returns if this socket is configured to request client authentication, true means that is has