Archived

This forum has been archived. Please start a new discussion on GitHub.

IcePatch2 with IceSSL: Configuration of password for private key

jafont
jafont
in Help Center

Hi,

I am trying to use IcePatch2 together with IceSSL, since I want the file transfers to be ciphered.

In the configuration of IceSSL, I do not write the password of the private key in the configuation file for icepatch2server and icepatch2client , because this is a security risk. In consequence, they prompt for that password when they start.

The problem is that icepatch2server is run automatically at start-up, so I need to inject that password through another way.

I know that it is possible to inject SSL passwords for "hand-coded" servers via the class PasswordCallback. I have used this class in servers developed in my application. However, I do not know if this can be also done in some way for icepatch2server. Is there a way to inject the password? or do I have to code my self version of icepatch2server?

Regarding the client side, IcePatch2 provides a Client Library (IcePatch2 library) to use with clients. Therefore, I think I will not have any problems with a client which configures IceSSL with PasswordCallback and then uses the IcePatch2 library. Am I right?

Regards,
Juan

Tagged:

Comments

  • benoit
    benoit Rennes, France

    Hi,

    You should be able to implement an Ice plug-in to install an IceSSL password prompt. You will need to make sure the IceSSL plugin is loaded first and to install the password prompt when the plugin is loaded not initialized. Here's some sample code that should work to install the password prompt:

    // C++98
#include <Ice/Ice.h>
#include <IceSSL/IceSSL.h>

using namespace std;

class PluginI : public Ice::Plugin
{
public:

     PluginI(const Ice::CommunicatorPtr& communicator)
     {
         class PasswordPromptI : public IceSSL::PasswordPrompt
         {
         public:

             virtual std::string getPassword() { return "password"; }
         };
         IceSSL::PluginPtr ssl = IceSSL::PluginPtr::dynamicCast(communicator->getPluginManager()->getPlugin("IceSSL"));
         ssl->setPasswordPrompt(new PasswordPromptI);
     }

     void
     initialize()
     {
     }

     void
     destroy()
     {
     }

private:

    Ice::CommunicatorPtr _communicator;
};

extern "C"
{

ICE_DECLSPEC_EXPORT ::Ice::Plugin*
create(const Ice::CommunicatorPtr& communicator, const string&, const Ice::StringSeq&)
{
    return new PluginI(communicator);
}

}

    You should then be able to load this plugin with the icepatch2server.

    See cpp/Ice/plugin and https://doc.zeroc.com/display/Ice36/Plug-in+Facility for additional information on how to implement an Ice plug-in.

    Cheers,
    Benoit.

Categories