qpid-proton git commit: PROTON-1138: clearer naming of SASL options; make private various implementation details

[cl...@apache.org]

Repository: qpid-proton
Updated Branches:
  refs/heads/master cd58e7774 -> af64ead9d


PROTON-1138: clearer naming of SASL options; make private various implementation details


Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/af64ead9
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/af64ead9
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/af64ead9

Branch: refs/heads/master
Commit: af64ead9dde90a47c3c3d93ed52c8885fc51e0e7
Parents: cd58e77
Author: Clifford Jansen <cl...@apache.org>
Authored: Tue Mar 1 10:11:45 2016 -0500
Committer: Clifford Jansen <cl...@apache.org>
Committed: Tue Mar 1 10:11:45 2016 -0500

----------------------------------------------------------------------
 examples/cpp/ssl.cpp                            |  7 +++--
 examples/cpp/ssl_client_cert.cpp                | 10 +++---
 .../bindings/cpp/include/proton/connection.hpp  |  8 ++---
 .../cpp/include/proton/connection_options.hpp   | 24 +++++----------
 proton-c/bindings/cpp/include/proton/link.hpp   | 23 ++++++--------
 proton-c/bindings/cpp/include/proton/ssl.hpp    |  9 ++----
 .../bindings/cpp/src/connection_options.cpp     | 32 +++++++-------------
 7 files changed, 42 insertions(+), 71 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/examples/cpp/ssl.cpp
----------------------------------------------------------------------
diff --git a/examples/cpp/ssl.cpp b/examples/cpp/ssl.cpp
index e2fc54e..209a766 100644
--- a/examples/cpp/ssl.cpp
+++ b/examples/cpp/ssl.cpp
@@ -74,10 +74,11 @@ class hello_world_direct : public proton::handler {
         e.container().server_connection_options(server_opts);
 
         // Configure client with a Certificate Authority database populated with the server's self signed certificate.
+        // Since the test certifcate's credentials are unlikely to match this host's name, downgrade the verification
+        // from VERIFY_PEER_NAME to VERIFY_PEER.
         connection_options client_opts;
-        client_opts.ssl_client_options(platform_CA("tserver"));
-        // Validate the server certificate against the known name in the certificate.
-        client_opts.peer_hostname("test_server");
+        ssl_client_options ssl_cli(platform_CA("tserver"), proton::ssl::VERIFY_PEER);
+        client_opts.ssl_client_options(ssl_cli);
         e.container().client_connection_options(client_opts);
 
         s_handler.acceptor = e.container().listen(url);

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/examples/cpp/ssl_client_cert.cpp
----------------------------------------------------------------------
diff --git a/examples/cpp/ssl_client_cert.cpp b/examples/cpp/ssl_client_cert.cpp
index de1a0d7..c49957a 100644
--- a/examples/cpp/ssl_client_cert.cpp
+++ b/examples/cpp/ssl_client_cert.cpp
@@ -83,17 +83,17 @@ class hello_world_direct : public proton::handler {
         ssl_server_options srv_ssl(server_cert, client_CA);
         connection_options server_opts;
         server_opts.ssl_server_options(srv_ssl).handler(&s_handler);
-        server_opts.allowed_mechs("EXTERNAL");
+        server_opts.sasl_allowed_mechs("EXTERNAL");
         e.container().server_connection_options(server_opts);
 
         // Configure client.
         ssl_certificate client_cert = platform_certificate("tclient", "tclientpw");
         std::string server_CA = platform_CA("tserver");
-        ssl_client_options ssl_cli(client_cert, server_CA);
+        // Since the test certifcate's credentials are unlikely to match this host's name, downgrade the verification
+        // from VERIFY_PEER_NAME to VERIFY_PEER.
+        ssl_client_options ssl_cli(client_cert, server_CA, proton::ssl::VERIFY_PEER);
         connection_options client_opts;
-        client_opts.ssl_client_options(ssl_cli).allowed_mechs("EXTERNAL");
-        // Validate the server certificate against this name:
-        client_opts.peer_hostname("test_server");
+        client_opts.ssl_client_options(ssl_cli).sasl_allowed_mechs("EXTERNAL");
         e.container().client_connection_options(client_opts);
 
         s_handler.inbound_listener = e.container().listen(url);

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/include/proton/connection.hpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/include/proton/connection.hpp b/proton-c/bindings/cpp/include/proton/connection.hpp
index e841748..8761176 100644
--- a/proton-c/bindings/cpp/include/proton/connection.hpp
+++ b/proton-c/bindings/cpp/include/proton/connection.hpp
@@ -63,12 +63,6 @@ PN_CPP_CLASS_EXTERN connection : public object<pn_connection_t>, public endpoint
     /// Return the AMQP host name for the connection.
     PN_CPP_EXTERN std::string host() const;
 
-    /// @cond INTERNAL
-    /// XXX this should be a connection option, right? - make private
-    /// Set the AMQP host name for the connection
-    PN_CPP_EXTERN void host(const std::string& h);
-    /// @endcond
-
     /// Return the container ID for the connection.
     PN_CPP_EXTERN std::string container_id() const;
 
@@ -123,6 +117,7 @@ PN_CPP_CLASS_EXTERN connection : public object<pn_connection_t>, public endpoint
   private:
     PN_CPP_EXTERN void user(const std::string &);
     PN_CPP_EXTERN void password(const std::string &);
+    PN_CPP_EXTERN void host(const std::string& h);
 
     /// @cond INTERNAL
     friend class connection_context;
@@ -131,6 +126,7 @@ PN_CPP_CLASS_EXTERN connection : public object<pn_connection_t>, public endpoint
     friend class connector;
     friend class transport;
     friend class container_impl;
+    friend class session;
     /// @endcond
 };
 

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/include/proton/connection_options.hpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/include/proton/connection_options.hpp b/proton-c/bindings/cpp/include/proton/connection_options.hpp
index ae437a2..473da0e 100644
--- a/proton-c/bindings/cpp/include/proton/connection_options.hpp
+++ b/proton-c/bindings/cpp/include/proton/connection_options.hpp
@@ -114,24 +114,16 @@ class connection_options {
     /// Set SSL server options.
     PN_CPP_EXTERN connection_options& ssl_server_options(const class ssl_server_options &);
 
-    /// @cond INTERNAL
-
-    /// XXX remove - confirmed
-    PN_CPP_EXTERN connection_options& peer_hostname(const std::string &name);
-
-    /// XXX remove - confirmed
-    PN_CPP_EXTERN connection_options& resume_id(const std::string &id);
-    
-    /// @endcond
-
     /// Enable or disable SASL.
     PN_CPP_EXTERN connection_options& sasl_enabled(bool);
-    
-    /// @cond INTERNAL
-    /// XXX sasl_ prefix - confirmed
-    PN_CPP_EXTERN connection_options& allow_insecure_mechs(bool);
-    PN_CPP_EXTERN connection_options& allowed_mechs(const std::string &);
-    /// @endcond
+
+    /// Force the enabling of SASL mechanisms that disclose clear text
+    /// passwords over the connection.  By default, such mechanisms
+    /// are disabled.
+    PN_CPP_EXTERN connection_options& sasl_allow_insecure_mechs(bool);
+
+    /// Specify the allowed mechanisms for use on the connection.
+    PN_CPP_EXTERN connection_options& sasl_allowed_mechs(const std::string &);
 
     /// Set the SASL configuration name.
     PN_CPP_EXTERN connection_options& sasl_config_name(const std::string &);

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/include/proton/link.hpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/include/proton/link.hpp b/proton-c/bindings/cpp/include/proton/link.hpp
index 90cb2f9..07c1ebf 100644
--- a/proton-c/bindings/cpp/include/proton/link.hpp
+++ b/proton-c/bindings/cpp/include/proton/link.hpp
@@ -129,20 +129,6 @@ PN_CPP_CLASS_EXTERN link : public object<pn_link_t> , public endpoint {
     /// Unset any custom handler.
     PN_CPP_EXTERN void detach_handler();
 
-    /// @cond INTERNAL
-
-    /// XXX ask about use case, revisit names - make private
-    /// Get message data from current delivery on link.
-    PN_CPP_EXTERN ssize_t recv(char* buffer, size_t size);
-
-    /// XXX ask about use case, revisit names - make private
-    /// Advance the link one delivery.
-    PN_CPP_EXTERN bool advance();
-
-    /// XXX make private
-    /// Navigate the links in a connection - get next link with state.
-    PN_CPP_EXTERN link next(endpoint::state) const;
-
     /// XXX local versus remote, mutability
     /// XXX - remove setters
     /// XXX - local_sender_settle_mode and local_receiver_settle_mode
@@ -154,6 +140,15 @@ PN_CPP_CLASS_EXTERN link : public object<pn_link_t> , public endpoint {
     PN_CPP_EXTERN link_options::receiver_settle_mode remote_receiver_settle_mode();
 
     /// @endcond
+  private:
+    PN_CPP_EXTERN ssize_t recv(char* buffer, size_t size);
+    PN_CPP_EXTERN bool advance();
+    PN_CPP_EXTERN link next(endpoint::state) const;
+
+    /// @cond INTERNAL
+    friend class message;
+    friend class link_iterator;
+    /// @endcond
 };
 
 /// @cond INTERNAL

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/include/proton/ssl.hpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/include/proton/ssl.hpp b/proton-c/bindings/cpp/include/proton/ssl.hpp
index 7cfdc69..b14ad95 100644
--- a/proton-c/bindings/cpp/include/proton/ssl.hpp
+++ b/proton-c/bindings/cpp/include/proton/ssl.hpp
@@ -161,18 +161,15 @@ class ssl_server_options : private internal::ssl_domain {
 /// SSL configuration for outbound connections.
 class ssl_client_options : private internal::ssl_domain {
   public:
-    /// Create SSL client options.
+    /// Create SSL client options (no client certificate).
     PN_CPP_EXTERN ssl_client_options(const std::string &trust_db,
                                      enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);
 
-    /// Create SSL client options.
-    ///
-    /// @internal
-    /// XXX how is this distinct?
+    /// Create SSL client options with a client certificate.
     PN_CPP_EXTERN ssl_client_options(ssl_certificate&, const std::string &trust_db,
                                      enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);
 
-    /// Server SSL options restricted to available anonymous cipher
+    /// SSL connections restricted to available anonymous cipher
     /// suites on the platform.
     PN_CPP_EXTERN ssl_client_options();
 

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/src/connection_options.cpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/src/connection_options.cpp b/proton-c/bindings/cpp/src/connection_options.cpp
index 5bc35aa..a5ee99e 100644
--- a/proton-c/bindings/cpp/src/connection_options.cpp
+++ b/proton-c/bindings/cpp/src/connection_options.cpp
@@ -56,11 +56,9 @@ class connection_options::impl {
     option<reconnect_timer> reconnect;
     option<class ssl_client_options> ssl_client_options;
     option<class ssl_server_options> ssl_server_options;
-    option<std::string> peer_hostname;
-    option<std::string> resume_id;
     option<bool> sasl_enabled;
-    option<std::string> allowed_mechs;
-    option<bool> allow_insecure_mechs;
+    option<std::string> sasl_allowed_mechs;
+    option<bool> sasl_allow_insecure_mechs;
     option<std::string> sasl_config_name;
     option<std::string> sasl_config_path;
 
@@ -78,13 +76,9 @@ class connection_options::impl {
         {
             // SSL
             if (outbound && outbound->address().scheme() == url::AMQPS) {
-                const char* id = resume_id.value.empty() ? NULL : resume_id.value.c_str();
                 pn_ssl_t *ssl = pn_ssl(pnt);
-                if (pn_ssl_init(ssl, ssl_client_options.value.pn_domain(), id))
+                if (pn_ssl_init(ssl, ssl_client_options.value.pn_domain(), NULL))
                     throw error(MSG("client SSL/TLS initialization error"));
-                if (peer_hostname.set && !peer_hostname.value.empty())
-                    if (pn_ssl_set_peer_hostname(ssl, peer_hostname.value.c_str()))
-                        throw error(MSG("error in SSL/TLS peer hostname \"") << peer_hostname.value << '"');
             } else if (!outbound) {
                 pn_acceptor_t *pnp = pn_connection_acceptor(pnc);
                 if (pnp) {
@@ -102,10 +96,10 @@ class connection_options::impl {
             if (!sasl_enabled.set || sasl_enabled.value) {
                 if (sasl_enabled.set)  // Explicitly set, not just default behaviour.
                     t.sasl();          // Force a sasl instance.  Lazily create one otherwise.
-                if (allow_insecure_mechs.set)
-                    t.sasl().allow_insecure_mechs(allow_insecure_mechs.value);
-                if (allowed_mechs.set)
-                    t.sasl().allowed_mechs(allowed_mechs.value);
+                if (sasl_allow_insecure_mechs.set)
+                    t.sasl().allow_insecure_mechs(sasl_allow_insecure_mechs.value);
+                if (sasl_allowed_mechs.set)
+                    t.sasl().allowed_mechs(sasl_allowed_mechs.value);
                 if (sasl_config_name.set)
                     t.sasl().config_name(sasl_config_name.value);
                 if (sasl_config_path.set)
@@ -141,11 +135,9 @@ class connection_options::impl {
         reconnect.override(x.reconnect);
         ssl_client_options.override(x.ssl_client_options);
         ssl_server_options.override(x.ssl_server_options);
-        resume_id.override(x.resume_id);
-        peer_hostname.override(x.peer_hostname);
         sasl_enabled.override(x.sasl_enabled);
-        allow_insecure_mechs.override(x.allow_insecure_mechs);
-        allowed_mechs.override(x.allowed_mechs);
+        sasl_allow_insecure_mechs.override(x.sasl_allow_insecure_mechs);
+        sasl_allowed_mechs.override(x.sasl_allowed_mechs);
         sasl_config_name.override(x.sasl_config_name);
         sasl_config_path.override(x.sasl_config_path);
     }
@@ -175,11 +167,9 @@ connection_options& connection_options::link_prefix(const std::string &id) { imp
 connection_options& connection_options::reconnect(const reconnect_timer &rc) { impl_->reconnect = rc; return *this; }
 connection_options& connection_options::ssl_client_options(const class ssl_client_options &c) { impl_->ssl_client_options = c; return *this; }
 connection_options& connection_options::ssl_server_options(const class ssl_server_options &c) { impl_->ssl_server_options = c; return *this; }
-connection_options& connection_options::resume_id(const std::string &id) { impl_->resume_id = id; return *this; }
-connection_options& connection_options::peer_hostname(const std::string &name) { impl_->peer_hostname = name; return *this; }
 connection_options& connection_options::sasl_enabled(bool b) { impl_->sasl_enabled = b; return *this; }
-connection_options& connection_options::allow_insecure_mechs(bool b) { impl_->allow_insecure_mechs = b; return *this; }
-connection_options& connection_options::allowed_mechs(const std::string &s) { impl_->allowed_mechs = s; return *this; }
+connection_options& connection_options::sasl_allow_insecure_mechs(bool b) { impl_->sasl_allow_insecure_mechs = b; return *this; }
+connection_options& connection_options::sasl_allowed_mechs(const std::string &s) { impl_->sasl_allowed_mechs = s; return *this; }
 connection_options& connection_options::sasl_config_name(const std::string &n) { impl_->sasl_config_name = n; return *this; }
 connection_options& connection_options::sasl_config_path(const std::string &p) { impl_->sasl_config_path = p; return *this; }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org