diff --git a/OpenSim/Framework/Communications/ISecureInventoryService.cs b/OpenSim/Framework/Communications/ISecureInventoryService.cs
new file mode 100644
index 0000000000..0e7861a0ce
--- /dev/null
+++ b/OpenSim/Framework/Communications/ISecureInventoryService.cs
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSim Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System.Collections.Generic;
+using libsecondlife;
+using OpenSim.Framework.Communications.Cache;
+
+namespace OpenSim.Framework.Communications
+{
+
+ ///
+ /// Defines all the operations one can perform on a user's inventory.
+ ///
+ public interface ISecureInventoryService
+ {
+ string Host
+ {
+ get;
+ }
+ ///
+ /// Request the inventory for a user. This is an asynchronous operation that will call the callback when the
+ /// inventory has been received
+ ///
+ ///
+ ///
+ void RequestInventoryForUser(LLUUID userID, LLUUID session_id, InventoryReceiptCallback callback);
+
+ ///
+ /// Add a new folder to the user's inventory
+ ///
+ ///
+ /// true if the folder was successfully added
+ bool AddFolder(InventoryFolderBase folder, LLUUID session_id);
+
+ ///
+ /// Update a folder in the user's inventory
+ ///
+ ///
+ /// true if the folder was successfully updated
+ bool UpdateFolder(InventoryFolderBase folder, LLUUID session_id);
+
+ ///
+ /// Move an inventory folder to a new location
+ ///
+ /// A folder containing the details of the new location
+ /// true if the folder was successfully moved
+ bool MoveFolder(InventoryFolderBase folder, LLUUID session_id);
+
+ ///
+ /// Purge an inventory folder of all its items and subfolders.
+ ///
+ ///
+ /// true if the folder was successfully purged
+ bool PurgeFolder(InventoryFolderBase folder, LLUUID session_id);
+
+ ///
+ /// Add a new item to the user's inventory
+ ///
+ ///
+ /// true if the item was successfully added
+ bool AddItem(InventoryItemBase item, LLUUID session_id);
+
+ ///
+ /// Update an item in the user's inventory
+ ///
+ ///
+ /// true if the item was successfully updated
+ bool UpdateItem(InventoryItemBase item, LLUUID session_id);
+
+ ///
+ /// Delete an item from the user's inventory
+ ///
+ ///
+ /// true if the item was successfully deleted
+ bool DeleteItem(InventoryItemBase item, LLUUID session_id);
+
+ ///
+ /// Create a new inventory for the given user.
+ ///
+ ///
+ /// true if the inventory was successfully created, false otherwise
+ bool CreateNewUserInventory(LLUUID user);
+
+ bool HasInventoryForUser(LLUUID userID);
+
+ ///
+ /// Retrieve the root inventory folder for the given user.
+ ///
+ ///
+ /// null if no root folder was found
+ InventoryFolderBase RequestRootFolder(LLUUID userID);
+
+ ///
+ /// Returns a list of all the folders in a given user's inventory.
+ ///
+ ///
+ /// A flat list of the user's inventory folder tree,
+ /// null if there is no inventory for this user
+ List GetInventorySkeleton(LLUUID userId);
+ }
+}
diff --git a/OpenSim/Framework/Servers/RestSessionService.cs b/OpenSim/Framework/Servers/RestSessionService.cs
new file mode 100644
index 0000000000..3c79844f0a
--- /dev/null
+++ b/OpenSim/Framework/Servers/RestSessionService.cs
@@ -0,0 +1,223 @@
+using System;
+using System.IO;
+using System.Net;
+using System.Collections.Generic;
+using System.Text;
+using System.Xml;
+using System.Xml.Serialization;
+
+namespace OpenSim.Framework.Servers
+{
+ public class RestSessionObject
+ {
+ private string sid;
+ private string aid;
+ private TRequest request_body;
+
+ public string SessionID
+ {
+ get { return sid; }
+ set { sid = value; }
+ }
+
+ public string AvatarID
+ {
+ get { return aid; }
+ set { aid = value; }
+ }
+
+ public TRequest Body
+ {
+ get { return request_body; }
+ set { request_body = value; }
+ }
+ }
+
+ public class SynchronousRestSessionObjectPoster
+ {
+ public static TResponse BeginPostObject(string verb, string requestUrl, TRequest obj, string sid, string aid)
+ {
+ RestSessionObject sobj = new RestSessionObject();
+ sobj.SessionID = sid;
+ sobj.AvatarID = aid;
+ sobj.Body = obj;
+
+ Type type = typeof(RestSessionObject);
+
+ WebRequest request = WebRequest.Create(requestUrl);
+ request.Method = verb;
+ request.ContentType = "text/xml";
+
+ MemoryStream buffer = new MemoryStream();
+
+ XmlWriterSettings settings = new XmlWriterSettings();
+ settings.Encoding = Encoding.UTF8;
+
+ using (XmlWriter writer = XmlWriter.Create(buffer, settings))
+ {
+ XmlSerializer serializer = new XmlSerializer(type);
+ serializer.Serialize(writer, sobj);
+ writer.Flush();
+ }
+
+ int length = (int)buffer.Length;
+ request.ContentLength = length;
+
+ Stream requestStream = request.GetRequestStream();
+ requestStream.Write(buffer.ToArray(), 0, length);
+ TResponse deserial = default(TResponse);
+ using (WebResponse resp = request.GetResponse())
+ {
+ XmlSerializer deserializer = new XmlSerializer(typeof(TResponse));
+ deserial = (TResponse)deserializer.Deserialize(resp.GetResponseStream());
+ }
+ return deserial;
+ }
+ }
+
+ public class RestSessionObjectPosterResponse
+ {
+
+ public ReturnResponse ResponseCallback;
+
+ public void BeginPostObject(string requestUrl, TRequest obj, string sid, string aid)
+ {
+ BeginPostObject("POST", requestUrl, obj, sid, aid);
+ }
+
+ public void BeginPostObject(string verb, string requestUrl, TRequest obj, string sid, string aid)
+ {
+ RestSessionObject sobj = new RestSessionObject();
+ sobj.SessionID = sid;
+ sobj.AvatarID = aid;
+ sobj.Body = obj;
+
+ Type type = typeof(RestSessionObject);
+
+ WebRequest request = WebRequest.Create(requestUrl);
+ request.Method = verb;
+ request.ContentType = "text/xml";
+
+ MemoryStream buffer = new MemoryStream();
+
+ XmlWriterSettings settings = new XmlWriterSettings();
+ settings.Encoding = Encoding.UTF8;
+
+ using (XmlWriter writer = XmlWriter.Create(buffer, settings))
+ {
+ XmlSerializer serializer = new XmlSerializer(type);
+ serializer.Serialize(writer, sobj);
+ writer.Flush();
+ }
+
+ int length = (int)buffer.Length;
+ request.ContentLength = length;
+
+ Stream requestStream = request.GetRequestStream();
+ requestStream.Write(buffer.ToArray(), 0, length);
+ // IAsyncResult result = request.BeginGetResponse(AsyncCallback, request);
+ request.BeginGetResponse(AsyncCallback, request);
+ }
+
+ private void AsyncCallback(IAsyncResult result)
+ {
+ WebRequest request = (WebRequest)result.AsyncState;
+ using (WebResponse resp = request.EndGetResponse(result))
+ {
+ TResponse deserial;
+ XmlSerializer deserializer = new XmlSerializer(typeof(TResponse));
+ Stream stream = resp.GetResponseStream();
+
+ // This is currently a bad debug stanza since it gobbles us the response...
+ // StreamReader reader = new StreamReader(stream);
+ // m_log.DebugFormat("[REST OBJECT POSTER RESPONSE]: Received {0}", reader.ReadToEnd());
+
+ deserial = (TResponse)deserializer.Deserialize(stream);
+
+ if (deserial != null && ResponseCallback != null)
+ {
+ ResponseCallback(deserial);
+ }
+ }
+ }
+ }
+
+ public delegate bool CheckIdentityMethod(string sid, string aid);
+
+ public class RestDeserialiseSecureHandler : BaseRequestHandler, IStreamHandler
+ where TRequest : new()
+ {
+ private RestDeserialiseMethod m_method;
+ private CheckIdentityMethod m_smethod;
+
+ public RestDeserialiseSecureHandler(string httpMethod, string path, RestDeserialiseMethod method, CheckIdentityMethod smethod)
+ : base(httpMethod, path)
+ {
+ m_smethod = smethod;
+ m_method = method;
+ }
+
+ public void Handle(string path, Stream request, Stream responseStream,
+ OSHttpRequest httpRequest, OSHttpResponse httpResponse)
+ {
+ RestSessionObject deserial;
+ using (XmlTextReader xmlReader = new XmlTextReader(request))
+ {
+ XmlSerializer deserializer = new XmlSerializer(typeof(RestSessionObject));
+ deserial = (RestSessionObject)deserializer.Deserialize(xmlReader);
+ }
+
+ TResponse response = default(TResponse);
+ if (m_smethod(deserial.SessionID, deserial.AvatarID))
+ {
+ response = m_method(deserial.Body);
+ }
+
+ using (XmlWriter xmlWriter = XmlTextWriter.Create(responseStream))
+ {
+ XmlSerializer serializer = new XmlSerializer(typeof(TResponse));
+ serializer.Serialize(xmlWriter, response);
+ }
+ }
+ }
+
+ public delegate bool CheckTrustedSourceMethod(IPEndPoint peer);
+
+ public class RestDeserialiseTrustedHandler : BaseRequestHandler, IStreamHandler
+ where TRequest : new()
+ {
+ private RestDeserialiseMethod m_method;
+ private CheckTrustedSourceMethod m_tmethod;
+
+ public RestDeserialiseTrustedHandler(string httpMethod, string path, RestDeserialiseMethod method, CheckTrustedSourceMethod tmethod)
+ : base(httpMethod, path)
+ {
+ m_tmethod = tmethod;
+ m_method = method;
+ }
+
+ public void Handle(string path, Stream request, Stream responseStream,
+ OSHttpRequest httpRequest, OSHttpResponse httpResponse)
+ {
+ TRequest deserial;
+ using (XmlTextReader xmlReader = new XmlTextReader(request))
+ {
+ XmlSerializer deserializer = new XmlSerializer(typeof(TRequest));
+ deserial = (TRequest)deserializer.Deserialize(xmlReader);
+ }
+
+ TResponse response = default(TResponse);
+ if (m_tmethod(httpRequest.RemoteIPEndPoint))
+ {
+ response = m_method(deserial);
+ }
+
+ using (XmlWriter xmlWriter = XmlTextWriter.Create(responseStream))
+ {
+ XmlSerializer serializer = new XmlSerializer(typeof(TResponse));
+ serializer.Serialize(xmlWriter, response);
+ }
+ }
+ }
+
+}
diff --git a/OpenSim/Region/Communications/OGS1/OGS1SecureInvenotryService.cs b/OpenSim/Region/Communications/OGS1/OGS1SecureInvenotryService.cs
new file mode 100644
index 0000000000..61c4e06816
--- /dev/null
+++ b/OpenSim/Region/Communications/OGS1/OGS1SecureInvenotryService.cs
@@ -0,0 +1,324 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSim Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Reflection;
+using libsecondlife;
+using log4net;
+using OpenSim.Framework;
+using OpenSim.Framework.Communications;
+using OpenSim.Framework.Communications.Cache;
+using OpenSim.Framework.Servers;
+using OpenSim.Framework.Statistics;
+
+namespace OpenSim.Region.Communications.OGS1
+{
+ public class OGS1SecureInventoryService : ISecureInventoryService
+ {
+ private static readonly ILog m_log
+ = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+ private string _inventoryServerUrl;
+ private Uri m_Uri;
+ private Dictionary m_RequestingInventory
+ = new Dictionary();
+
+ public OGS1SecureInventoryService(string inventoryServerUrl)
+ {
+ _inventoryServerUrl = inventoryServerUrl;
+ m_Uri = new Uri(_inventoryServerUrl);
+ }
+
+ #region IInventoryServices Members
+
+ public string Host
+ {
+ get { return m_Uri.Host; }
+ }
+
+ ///
+ ///
+ ///
+ ///
+ ///
+ public void RequestInventoryForUser(LLUUID userID, LLUUID session_id, InventoryReceiptCallback callback)
+ {
+ if (!m_RequestingInventory.ContainsKey(userID))
+ {
+ m_RequestingInventory.Add(userID, callback);
+
+ try
+ {
+ m_log.InfoFormat(
+ "[OGS1 INVENTORY SERVICE]: Requesting inventory from {0}/GetInventory/ for user {1}",
+ _inventoryServerUrl, userID);
+
+ RestSessionObjectPosterResponse requester
+ = new RestSessionObjectPosterResponse();
+ requester.ResponseCallback = InventoryResponse;
+
+ requester.BeginPostObject(_inventoryServerUrl + "/GetInventory/", userID.UUID, session_id.ToString(), userID.ToString());
+ }
+ catch (WebException e)
+ {
+ if (StatsManager.SimExtraStats != null)
+ StatsManager.SimExtraStats.AddInventoryServiceRetrievalFailure();
+
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Request inventory operation failed, {0} {1}",
+ e.Source, e.Message);
+ }
+ }
+ else
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: RequestInventoryForUser() - could you not find user profile for {0}", userID);
+ }
+ }
+
+ ///
+ /// Callback used by the inventory server GetInventory request
+ ///
+ ///
+ private void InventoryResponse(InventoryCollection response)
+ {
+ LLUUID userID = response.UserID;
+ if (m_RequestingInventory.ContainsKey(userID))
+ {
+ m_log.InfoFormat("[OGS1 INVENTORY SERVICE]: " +
+ "Received inventory response for user {0} containing {1} folders and {2} items",
+ userID, response.Folders.Count, response.Items.Count);
+
+ InventoryFolderImpl rootFolder = null;
+ InventoryReceiptCallback callback = m_RequestingInventory[userID];
+
+ ICollection folders = new List();
+ ICollection items = new List();
+
+ foreach (InventoryFolderBase folder in response.Folders)
+ {
+ if (folder.ParentID == LLUUID.Zero)
+ {
+ rootFolder = new InventoryFolderImpl(folder);
+ folders.Add(rootFolder);
+
+ break;
+ }
+ }
+
+ if (rootFolder != null)
+ {
+ foreach (InventoryFolderBase folder in response.Folders)
+ {
+ if (folder.ID != rootFolder.ID)
+ {
+ folders.Add(new InventoryFolderImpl(folder));
+ }
+ }
+
+ foreach (InventoryItemBase item in response.Items)
+ {
+ items.Add(item);
+ }
+ }
+ else
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Did not get back an inventory containing a root folder for user {0}", userID);
+ }
+
+ callback(folders, items);
+
+ m_RequestingInventory.Remove(userID);
+ }
+ else
+ {
+ m_log.WarnFormat(
+ "[OGS1 INVENTORY SERVICE]: " +
+ "Received inventory response for {0} for which we do not have a record of requesting!",
+ userID);
+ }
+ }
+
+ ///
+ ///
+ ///
+ public bool AddFolder(InventoryFolderBase folder, LLUUID session_id)
+ {
+ try
+ {
+ return SynchronousRestSessionObjectPoster.BeginPostObject(
+ "POST", _inventoryServerUrl + "/NewFolder/", folder, session_id.ToString(), folder.Owner.ToString());
+ }
+ catch (WebException e)
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Add new inventory folder operation failed, {0} {1}",
+ e.Source, e.Message);
+ }
+
+ return false;
+ }
+
+ ///
+ ///
+ ///
+ ///
+ public bool UpdateFolder(InventoryFolderBase folder, LLUUID session_id)
+ {
+ try
+ {
+ return SynchronousRestSessionObjectPoster.BeginPostObject(
+ "POST", _inventoryServerUrl + "/UpdateFolder/", folder, session_id.ToString(), folder.Owner.ToString());
+ }
+ catch (WebException e)
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Update inventory folder operation failed, {0} {1}",
+ e.Source, e.Message);
+ }
+
+ return false;
+ }
+
+ ///
+ ///
+ ///
+ ///
+ public bool MoveFolder(InventoryFolderBase folder, LLUUID session_id)
+ {
+ try
+ {
+ return SynchronousRestSessionObjectPoster.BeginPostObject(
+ "POST", _inventoryServerUrl + "/MoveFolder/", folder, session_id.ToString(), folder.Owner.ToString());
+ }
+ catch (WebException e)
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Move inventory folder operation failed, {0} {1}",
+ e.Source, e.Message);
+ }
+
+ return false;
+ }
+
+ ///
+ ///
+ ///
+ public bool PurgeFolder(InventoryFolderBase folder, LLUUID session_id)
+ {
+ try
+ {
+ return SynchronousRestSessionObjectPoster.BeginPostObject(
+ "POST", _inventoryServerUrl + "/PurgeFolder/", folder, session_id.ToString(), folder.Owner.ToString());
+ }
+ catch (WebException e)
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Move inventory folder operation failed, {0} {1}",
+ e.Source, e.Message);
+ }
+
+ return false;
+ }
+
+ ///
+ ///
+ ///
+ public bool AddItem(InventoryItemBase item, LLUUID session_id)
+ {
+ try
+ {
+ return SynchronousRestSessionObjectPoster.BeginPostObject(
+ "POST", _inventoryServerUrl + "/NewItem/", item, session_id.ToString(), item.Owner.ToString());
+ }
+ catch (WebException e)
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Add new inventory item operation failed, {0} {1}",
+ e.Source, e.Message);
+ }
+
+ return false;
+ }
+
+ // TODO: this is a temporary workaround, the UpdateInventoryItem method need to be implemented
+ public bool UpdateItem(InventoryItemBase item, LLUUID session_id)
+ {
+ try
+ {
+ return SynchronousRestSessionObjectPoster.BeginPostObject(
+ "POST", _inventoryServerUrl + "/NewItem/", item, session_id.ToString(), item.Owner.ToString());
+ }
+ catch (WebException e)
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Update new inventory item operation failed, {0} {1}",
+ e.Source, e.Message);
+ }
+
+ return false;
+ }
+
+ ///
+ ///
+ ///
+ public bool DeleteItem(InventoryItemBase item, LLUUID session_id)
+ {
+ try
+ {
+ return SynchronousRestSessionObjectPoster.BeginPostObject(
+ "POST", _inventoryServerUrl + "/DeleteItem/", item, session_id.ToString(), item.Owner.ToString());
+ }
+ catch (WebException e)
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: Delete inventory item operation failed, {0} {1}",
+ e.Source, e.Message);
+ }
+
+ return false;
+ }
+
+ public bool HasInventoryForUser(LLUUID userID)
+ {
+ return false;
+ }
+
+ public InventoryFolderBase RequestRootFolder(LLUUID userID)
+ {
+ return null;
+ }
+
+ public bool CreateNewUserInventory(LLUUID user)
+ {
+ return false;
+ }
+
+ // See IInventoryServices
+ public List GetInventorySkeleton(LLUUID userId)
+ {
+ m_log.ErrorFormat("[OGS1 INVENTORY SERVICE]: The GetInventorySkeleton() method here should never be called!");
+
+ return new List();
+ }
+
+ #endregion
+ }
+}