diff options
| author | Ossama Othman <ossama-othman@users.noreply.github.com> | 2004-07-31 13:06:28 +0000 |
|---|---|---|
| committer | Ossama Othman <ossama-othman@users.noreply.github.com> | 2004-07-31 13:06:28 +0000 |
| commit | 382483a725e7b52cef2e1568e355edf2a4ed1435 (patch) | |
| tree | c5ab363067d2a900c58e1827d11a69956632e213 | |
| parent | 7aecf02178e3b811a29d87146d705c3da9fcdf3a (diff) | |
| download | ATCD-382483a725e7b52cef2e1568e355edf2a4ed1435.tar.gz | |
ChangeLogTag:Sat Jul 31 00:43:37 2004 Ossama Othman <ossama@dre.vanderbilt.edu>
108 files changed, 5752 insertions, 6141 deletions
diff --git a/TAO/ChangeLog b/TAO/ChangeLog index fdb1384179f..d4f7c56aca2 100644 --- a/TAO/ChangeLog +++ b/TAO/ChangeLog @@ -1,3 +1,152 @@ +Sat Jul 31 00:43:37 2004 Ossama Othman <ossama@dre.vanderbilt.edu> + + The following changes represent a basic/core implemenation of the + CSIv2 specification and slight variation of the informal standard + SecurityLevel3 API. Higher level features requiring the Security + Attribute Service will be pushed to the next beta. + + * orbsvcs/orbsvcs/Security.mpc: + + Removed obsolete IDL files from the source list, and added newer + ones. + + * orbsvcs/orbsvcs/Security/SL2_EstablishTrustPolicy.cpp: + * orbsvcs/orbsvcs/Security/SL2_EstablishTrustPolicy.h: + * orbsvcs/orbsvcs/Security/SL2_QOPPolicy.cpp: + * orbsvcs/orbsvcs/Security/SL2_QOPPolicy.h: + + Renamed these files by prepending "SL2_" to them to make it + clear they are SecurityLevel2 policy implementations. + + * orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.cpp: + * orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.h: + * orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.cpp: + * orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h: + * orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.cpp: + * orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.h: + * orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.inl: + * orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.cpp: + * orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.h: + + New SecurityLevel3 related sources. + + * orbsvcs/orbsvcs/Security/CSI_Utils.cpp: + * orbsvcs/orbsvcs/Security/SL3_ObjectCredentialsPolicy.cpp: + * orbsvcs/orbsvcs/Security/SL3_SecurityManager.cpp: + * orbsvcs/orbsvcs/Security/SL3_SecurityManager.h: + * orbsvcs/orbsvcs/Security/Security_Current.cpp: + * orbsvcs/orbsvcs/Security/Security_Current.h: + * orbsvcs/orbsvcs/Security/Security_Current.inl: + * orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp: + * orbsvcs/orbsvcs/Security/Security_Current_Impl.h: + * orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp: + * orbsvcs/orbsvcs/Security/Security_ORBInitializer.h: + * orbsvcs/orbsvcs/Security/Security_PolicyFactory.cpp: + * orbsvcs/orbsvcs/Security/Security_PolicyFactory.h: + + Enabled some CSIv2/SecurityLevel3 features. + + Code cleanup. + + * orbsvcs/orbsvcs/Security/EstablishTrustPolicy.cpp: + * orbsvcs/orbsvcs/Security/EstablishTrustPolicy.h: + * orbsvcs/orbsvcs/Security/InvocationCredentialsPolicy.cpp: + * orbsvcs/orbsvcs/Security/InvocationCredentialsPolicy.h: + * orbsvcs/orbsvcs/Security/MechanismPolicy.cpp: + * orbsvcs/orbsvcs/Security/MechanismPolicy.h: + * orbsvcs/orbsvcs/Security/PrincipalAuthenticator.cpp: + * orbsvcs/orbsvcs/Security/PrincipalAuthenticator.h: + * orbsvcs/orbsvcs/Security/QOPPolicy.cpp: + * orbsvcs/orbsvcs/Security/QOPPolicy.h: + * orbsvcs/orbsvcs/Security/SecurityManager.cpp: + * orbsvcs/orbsvcs/Security/SecurityManager.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_ReceivedCredentials.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_ReceivedCredentials.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.h: + + Removed these files. They were either obsolete, not maintained + or have been renamed. + + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.cpp: + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h: + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp: + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h: + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl: + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp: + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h: + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp: + * orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.i: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.inl: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl: + * orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.cpp: + * orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.i: + + Integrated basic CSIv2 features. + + Most classes are now in the TAO::SSLIOP namespace. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h: + + New SSLIOP-specific implementations of SecurityLevel3 or related + interfaces. + + * orbsvcs/tests/Security/Secure_Invocation/Foo_i.cpp: + * orbsvcs/tests/Security/Secure_Invocation/Foo_i.h: + * orbsvcs/tests/Security/Secure_Invocation/README: + * orbsvcs/tests/Security/Secure_Invocation/server.cpp: + + The SecurityLevel2::Current object this test used is no longer + supported. Updated to use the SecurityLevel3::SecurityCurrent + object instead. + Sat Jul 31 03:16:12 2004 Balachandran Natarajan <bala@dre.vanderbilt.edu> * Release: Include TAO.mwc which is very important. diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.cpp index baaa868fd42..4ff4b3ce7cf 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.cpp @@ -1,7 +1,3 @@ -// -*- C++ -*- -// -// $Id$ - #include "IIOP_SSL_Acceptor.h" #include "SSLIOP_Util.h" @@ -10,37 +6,37 @@ #include "tao/debug.h" -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, IIOP_SSL_Acceptor, "$Id$") #if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) -template class ACE_Acceptor<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR>; -template class ACE_Strategy_Acceptor<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR>; -template class ACE_Accept_Strategy<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR>; -template class ACE_Creation_Strategy<TAO_IIOP_SSL_Connection_Handler>; -template class ACE_Concurrency_Strategy<TAO_IIOP_SSL_Connection_Handler>; -template class ACE_Scheduling_Strategy<TAO_IIOP_SSL_Connection_Handler>; -template class TAO_Creation_Strategy<TAO_IIOP_SSL_Connection_Handler>; -template class TAO_Concurrency_Strategy<TAO_IIOP_SSL_Connection_Handler>; -template class TAO_Accept_Strategy<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR>; +template class ACE_Acceptor<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR>; +template class ACE_Strategy_Acceptor<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR>; +template class ACE_Accept_Strategy<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR>; +template class ACE_Creation_Strategy<TAO::IIOP_SSL_Connection_Handler>; +template class ACE_Concurrency_Strategy<TAO::IIOP_SSL_Connection_Handler>; +template class ACE_Scheduling_Strategy<TAO::IIOP_SSL_Connection_Handler>; +template class TAO_Creation_Strategy<TAO::IIOP_SSL_Connection_Handler>; +template class TAO_Concurrency_Strategy<TAO::IIOP_SSL_Connection_Handler>; +template class TAO_Accept_Strategy<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR>; #elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) -#pragma instantiate ACE_Acceptor<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> -#pragma instantiate ACE_Strategy_Acceptor<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> -#pragma instantiate ACE_Accept_Strategy<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> -#pragma instantiate ACE_Creation_Strategy<TAO_IIOP_SSL_Connection_Handler> -#pragma instantiate ACE_Concurrency_Strategy<TAO_IIOP_SSL_Connection_Handler> -#pragma instantiate ACE_Scheduling_Strategy<TAO_IIOP_SSL_Connection_Handler> -#pragma instantiate TAO_Creation_Strategy<TAO_IIOP_SSL_Connection_Handler> -#pragma instantiate TAO_Concurrency_Strategy<TAO_IIOP_SSL_Connection_Handler> -#pragma instantiate TAO_Accept_Strategy<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> +#pragma instantiate ACE_Acceptor<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> +#pragma instantiate ACE_Strategy_Acceptor<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> +#pragma instantiate ACE_Accept_Strategy<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> +#pragma instantiate ACE_Creation_Strategy<TAO::IIOP_SSL_Connection_Handler> +#pragma instantiate ACE_Concurrency_Strategy<TAO::IIOP_SSL_Connection_Handler> +#pragma instantiate ACE_Scheduling_Strategy<TAO::IIOP_SSL_Connection_Handler> +#pragma instantiate TAO_Creation_Strategy<TAO::IIOP_SSL_Connection_Handler> +#pragma instantiate TAO_Concurrency_Strategy<TAO::IIOP_SSL_Connection_Handler> +#pragma instantiate TAO_Accept_Strategy<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> #endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ -TAO_IIOP_SSL_Acceptor::TAO_IIOP_SSL_Acceptor (CORBA::Boolean flag) +TAO::IIOP_SSL_Acceptor::IIOP_SSL_Acceptor (CORBA::Boolean flag) : TAO_IIOP_Acceptor (flag), base_acceptor_ (), creation_strategy_ (0), @@ -50,7 +46,7 @@ TAO_IIOP_SSL_Acceptor::TAO_IIOP_SSL_Acceptor (CORBA::Boolean flag) { } -TAO_IIOP_SSL_Acceptor::~TAO_IIOP_SSL_Acceptor (void) +TAO::IIOP_SSL_Acceptor::~IIOP_SSL_Acceptor (void) { // Make sure we are closed before we start destroying the // strategies. @@ -62,18 +58,18 @@ TAO_IIOP_SSL_Acceptor::~TAO_IIOP_SSL_Acceptor (void) } int -TAO_IIOP_SSL_Acceptor::close (void) +TAO::IIOP_SSL_Acceptor::close (void) { return this->base_acceptor_.close (); } int -TAO_IIOP_SSL_Acceptor::open_i (const ACE_INET_Addr& addr, - ACE_Reactor *reactor) +TAO::IIOP_SSL_Acceptor::open_i (const ACE_INET_Addr& addr, + ACE_Reactor *reactor) { - if (TAO_SSLIOP_Util::setup_handler_state (this->orb_core_, - &(this->tcp_properties_), - this->handler_state_) != 0) + if (SSLIOP::Util::setup_handler_state (this->orb_core_, + &(this->tcp_properties_), + this->handler_state_) != 0) return -1; ACE_NEW_RETURN (this->creation_strategy_, @@ -123,7 +119,7 @@ TAO_IIOP_SSL_Acceptor::open_i (const ACE_INET_Addr& addr, // interface then the endpoint created on each interface will be on // the same port. This is how a wildcard socket bind() is supposed // to work. - u_short port = address.get_port_number (); + const unsigned short port = address.get_port_number (); for (size_t j = 0; j < this->endpoint_count_; ++j) this->addrs_[j].set_port_number (port, 1); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h index d322d022f9e..4d8e9a03e30 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h @@ -8,7 +8,7 @@ * * SSL-aware IIOP specific acceptor processing * - * @author Ossama Othman <ossama@uci.edu> + * @author Ossama Othman <ossama@dre.vanderbilt.edu> */ //============================================================================= @@ -18,76 +18,77 @@ #include /**/ "ace/pre.h" -#include "SSLIOP_Export.h" +#include "IIOP_SSL_Connection_Handler.h" #if !defined (ACE_LACKS_PRAGMA_ONCE) # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "IIOP_SSL_Connection_Handler.h" #include "SSLIOP_Connection_Handler.h" #include "tao/IIOP_Acceptor.h" -// TAO IIOP_SSL_Acceptor concrete call defination - -/** - * @class TAO_IIOP_SSL_Acceptor - * - * @brief An SSL aware IIOP acceptor. - * - * The class differs from the non-SSL aware TAO_IIOP_Acceptor class - * since it uses a different a set of Acceptor strategies. In - * particular, it overrides the open_i() method to use the Acceptor - * strategies tailored to use the SSL aware server connection handler. - * See the TAO_IIOP_SSL_Connection_Handler notes for details. - */ -class TAO_SSLIOP_Export TAO_IIOP_SSL_Acceptor - : public TAO_IIOP_Acceptor +namespace TAO { -public: - typedef ACE_Strategy_Acceptor<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> TAO_IIOP_SSL_BASE_ACCEPTOR; - typedef TAO_Creation_Strategy<TAO_IIOP_SSL_Connection_Handler> TAO_IIOP_SSL_CREATION_STRATEGY; - typedef TAO_Concurrency_Strategy<TAO_IIOP_SSL_Connection_Handler> TAO_IIOP_SSL_CONCURRENCY_STRATEGY; - typedef TAO_Accept_Strategy<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> TAO_IIOP_SSL_ACCEPT_STRATEGY; + /** + * @class IIOP_SSL_Acceptor + * + * @brief An SSL aware IIOP acceptor. + * + * The class differs from the non-SSL aware TAO_IIOP_Acceptor class + * since it uses a different a set of Acceptor strategies. In + * particular, it overrides the open_i() method to use the Acceptor + * strategies tailored to use the SSL aware server connection handler. + * See the TAO_IIOP_SSL_Connection_Handler notes for details. + */ + class IIOP_SSL_Acceptor : public TAO_IIOP_Acceptor + { + public: + + typedef ACE_Strategy_Acceptor<IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> TAO_IIOP_SSL_BASE_ACCEPTOR; + typedef TAO_Creation_Strategy<IIOP_SSL_Connection_Handler> TAO_IIOP_SSL_CREATION_STRATEGY; + typedef TAO_Concurrency_Strategy<IIOP_SSL_Connection_Handler> TAO_IIOP_SSL_CONCURRENCY_STRATEGY; + typedef TAO_Accept_Strategy<IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> TAO_IIOP_SSL_ACCEPT_STRATEGY; - /// Constructor. - TAO_IIOP_SSL_Acceptor (CORBA::Boolean flag = 0); + /// Constructor. + IIOP_SSL_Acceptor (CORBA::Boolean flag = 0); - /// Destructor. - ~TAO_IIOP_SSL_Acceptor (void); + /// Destructor. + ~IIOP_SSL_Acceptor (void); - virtual int close (void); + virtual int close (void); -protected: + protected: - /// Implement the common part of the open*() methods. This method is - /// virtual to allow a derived class implementation to be invoked - /// instead. - virtual int open_i (const ACE_INET_Addr &addr, - ACE_Reactor *reactor); + /// Implement the common part of the open*() methods. This method + /// is virtual to allow a derived class implementation to be + /// invoked instead. + virtual int open_i (const ACE_INET_Addr &addr, + ACE_Reactor *reactor); -private: + private: - /// The concrete acceptor, as a pointer to it's base class. - TAO_IIOP_SSL_BASE_ACCEPTOR base_acceptor_; + /// The concrete acceptor, as a pointer to it's base class. + TAO_IIOP_SSL_BASE_ACCEPTOR base_acceptor_; - /** - * @name Acceptor Strategies - * - * Server side creation, concurrency and accept strategies. - */ - //@{ - TAO_IIOP_SSL_CREATION_STRATEGY *creation_strategy_; - TAO_IIOP_SSL_CONCURRENCY_STRATEGY *concurrency_strategy_; - TAO_IIOP_SSL_ACCEPT_STRATEGY *accept_strategy_; - //@} + /** + * @name Acceptor Strategies + * + * Server side creation, concurrency and accept strategies. + */ + //@{ + TAO_IIOP_SSL_CREATION_STRATEGY *creation_strategy_; + TAO_IIOP_SSL_CONCURRENCY_STRATEGY *concurrency_strategy_; + TAO_IIOP_SSL_ACCEPT_STRATEGY *accept_strategy_; + //@} + + /// State that will be passed to each SSLIOP connection handler upon + /// creation. + SSLIOP::Connection_Handler_State handler_state_; - /// State that will be passed to each SSLIOP connection handler upon - /// creation. - TAO_SSLIOP_Connection_Handler_State handler_state_; + }; -}; +} // End TAO namespace. #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp index 0ac94b6c5bc..e7238c07a28 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp @@ -1,6 +1,3 @@ -// $Id$ - - #include "IIOP_SSL_Connection_Handler.h" #include "IIOP_SSL_Transport.h" #include "SSLIOP_Connection_Handler.h" @@ -9,7 +6,8 @@ #include "tao/ORB.h" #include "tao/debug.h" -ACE_RCSID (TAO_SSLIOP, + +ACE_RCSID (SSLIOP, IIOP_SSL_Connection_Handler, "$Id$") @@ -52,8 +50,8 @@ ACE_TIMEPROBE_EVENT_DESCRIPTIONS (TAO_IIOP_SSL_Connect_Timeprobe_Description, #endif /* ACE_ENABLE_TIMEPROBES */ -TAO_IIOP_SSL_Connection_Handler:: -TAO_IIOP_SSL_Connection_Handler (ACE_Thread_Manager *t) +TAO::IIOP_SSL_Connection_Handler::IIOP_SSL_Connection_Handler ( + ACE_Thread_Manager *t) : TAO_IIOP_Connection_Handler (t) { // This constructor should *never* get called, it is just here to @@ -65,25 +63,23 @@ TAO_IIOP_SSL_Connection_Handler (ACE_Thread_Manager *t) } -TAO_IIOP_SSL_Connection_Handler:: -TAO_IIOP_SSL_Connection_Handler (TAO_ORB_Core *orb_core, - CORBA::Boolean /*flag*/, - void *arg) - : TAO_IIOP_Connection_Handler (orb_core, - (ACE_static_cast ( - TAO_SSLIOP_Connection_Handler_State *, - arg))->tcp_properties) +TAO::IIOP_SSL_Connection_Handler::IIOP_SSL_Connection_Handler ( + TAO_ORB_Core *orb_core, + CORBA::Boolean /*flag*/, + void *arg) + : TAO_IIOP_Connection_Handler ( + orb_core, + (static_cast<TAO::SSLIOP::Connection_Handler_State *> (arg))->tcp_properties) { - TAO_SSLIOP_Connection_Handler_State *s = - ACE_static_cast (TAO_SSLIOP_Connection_Handler_State *, - arg); + TAO::SSLIOP::Connection_Handler_State *s = + static_cast<TAO::SSLIOP::Connection_Handler_State *> (arg); - TAO_IIOP_SSL_Transport* specific_transport = 0; + IIOP_SSL_Transport* specific_transport = 0; ACE_NEW (specific_transport, - TAO_IIOP_SSL_Transport (this, - orb_core, - s->ssliop_current.in (), - 0)); + IIOP_SSL_Transport (this, + orb_core, + s->ssliop_current.in (), + 0)); // Delete the transport with TAO_IIOP_Connection_Handler. delete this->transport (); @@ -92,10 +88,8 @@ TAO_IIOP_SSL_Connection_Handler (TAO_ORB_Core *orb_core, this->transport (specific_transport); } -TAO_IIOP_SSL_Connection_Handler:: -~TAO_IIOP_SSL_Connection_Handler (void) +TAO::IIOP_SSL_Connection_Handler::~IIOP_SSL_Connection_Handler (void) { } - // **************************************************************** diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h index 62ca1f973fd..5ea0b77669f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h @@ -6,7 +6,7 @@ * * $Id$ * - * @author Ossama Othman <ossama@uci.edu> + * @author Ossama Othman <ossama@dre.vanderbilt.edu> */ //============================================================================= @@ -22,92 +22,93 @@ #pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ +#include "SSLIOP_Current.h" + #include "orbsvcs/orbsvcs/SSLIOPC.h" #include "tao/IIOP_Connection_Handler.h" -#include "SSLIOP_Current.h" -class TAO_SSLIOP_Current_Impl; - -/** - * @class TAO_IIOP_SSL_Connection_Handler - * - * @brief - * IIOP connection handler designed to be "SSL aware," i.e. it is - * aware of the existence of the SSLIOP connection handler. It makes - * sure that SSL session state from a previous connection is not - * associated with the non-SSL connection handled by this handler. - * - * This class is just a place holder to create the - * TAO_IIOP_SSL_Transport which does the work of clearing the TSS SSL - * state - */ -class TAO_SSLIOP_Export TAO_IIOP_SSL_Connection_Handler - : public TAO_IIOP_Connection_Handler +namespace TAO { -public: - /// Constructor. <arg> parameter is used by the Acceptor to pass the - /// protocol configuration properties for this connection. - TAO_IIOP_SSL_Connection_Handler (ACE_Thread_Manager* t = 0); - TAO_IIOP_SSL_Connection_Handler (TAO_ORB_Core *orb_core, - CORBA::Boolean flag, - void *arg); + /** + * @class IIOP_SSL_Connection_Handler + * + * @brief + * IIOP connection handler designed to be "SSL aware," i.e. it is + * aware of the existence of the SSLIOP connection handler. It + * makes sure that SSL session state from a previous connection is + * not associated with the non-SSL connection handled by this + * handler. + * + * This class is just a place holder to create the + * TAO_IIOP_SSL_Transport which does the work of clearing the TSS + * SSL state. + */ + class IIOP_SSL_Connection_Handler : public TAO_IIOP_Connection_Handler + { + public: + + /// Constructor. + IIOP_SSL_Connection_Handler (ACE_Thread_Manager* t = 0); + IIOP_SSL_Connection_Handler (TAO_ORB_Core *orb_core, + CORBA::Boolean flag, + void *arg); - /// Destructor. - ~TAO_IIOP_SSL_Connection_Handler (void); + /// Destructor. + ~IIOP_SSL_Connection_Handler (void); -protected: + }; -}; + // **************************************************************** -// **************************************************************** + /** + * @class Null_SSL_State_Guard + * + * @brief + * This class sets up null TSS SSL state upon instantiation, and + * restores the previous TSS SSL state when that instance goes out + * of scope. + * + * This guard is used to make TSS SSL state configuration and + * deconfiguration during an upcall exception safe. Exceptions are + * not supposed to be propagated up to the scope this guard is used + * in, so this guard may be unnecessary. However, since proper TSS + * SSL state configuration/deconfiguration is critical to proper + * security support, this guard is used to ensure that + * configuration/deconfiguration is exception safe. + */ + class Null_SSL_State_Guard + { + public: -/** - * @class TAO_Null_SSL_State_Guard - * - * @brief - * This class sets up null TSS SSL state upon instantiation, and - * restores the previous TSS SSL state when that instance goes out of - * scope. - * - * This guard is used to make TSS SSL state configuration and - * deconfiguration during an upcall exception safe. Exceptions are - * not supposed to be propagated up to the scope this guard is used - * in, so this guard may be unnecessary. However, since proper TSS - * SSL state configuration/deconfiguration is critical to proper - * security support, this guard is used to ensure that - * configuration/deconfiguration is exception safe. - */ -class TAO_Null_SSL_State_Guard -{ -public: + /// Constructor that sets up the null TSS SSL state. + Null_SSL_State_Guard (TAO::SSLIOP::Current_ptr current, + int &result); - /// Constructor that sets up the null TSS SSL state. - TAO_Null_SSL_State_Guard (TAO_SSLIOP_Current_ptr current, - int &result); + /// Destructor that restores the previous TSS SSL state. + ~Null_SSL_State_Guard (void); - /// Destructor that restores the previous TSS SSL state. - ~TAO_Null_SSL_State_Guard (void); + private: -private: + /// The SSLIOP::Current implementation that was previously + /// associated with the current thread and invocation. + /** + * It is stored here until the invocation completes, after which + * it placed back into TSS. + */ + TAO::SSLIOP::Current_Impl *previous_current_impl_; - /// The SSLIOP::Current implementation that was previously - /// associated with the current thread and invocation. - /** - * It is stored here until the invocation completes, after which it - * placed back into TSS. - */ - TAO_SSLIOP_Current_Impl *previous_current_impl_; + /// Reference to the SSLIOP::Current object. + TAO::SSLIOP::Current_ptr current_; - /// Reference to the SSLIOP::Current object. - TAO_SSLIOP_Current_ptr current_; + /// Flag that specifies whether or not setup of the SSLIOP::Current + /// object completed for the current thread and invocation. + bool setup_done_; - /// Flag that specifies whether or not setup of the SSLIOP::Current - /// object completed for the current thread and invocation. - CORBA::Boolean setup_done_; + }; -}; +} // End TAO namespace. #if defined (__ACE_INLINE__) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl index 68cec015bdb..0d8b95058be 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl @@ -3,12 +3,12 @@ // $Id$ ACE_INLINE -TAO_Null_SSL_State_Guard::TAO_Null_SSL_State_Guard ( - TAO_SSLIOP_Current_ptr current, +TAO::Null_SSL_State_Guard::Null_SSL_State_Guard ( + TAO::SSLIOP::Current_ptr current, int &result) : previous_current_impl_ (0), current_ (current), // No need to duplicate - setup_done_ (0) + setup_done_ (false) { // Invalidate the TSS SSL session state to make sure that SSL state // from a previous SSL connection is not confused with this non-SSL @@ -21,7 +21,7 @@ TAO_Null_SSL_State_Guard::TAO_Null_SSL_State_Guard ( } ACE_INLINE -TAO_Null_SSL_State_Guard::~TAO_Null_SSL_State_Guard (void) +TAO::Null_SSL_State_Guard::~Null_SSL_State_Guard (void) { // Restore the previous TSS SSL state. this->current_->teardown (this->previous_current_impl_, diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp index da78ea6a981..a13d41276d7 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp @@ -1,7 +1,3 @@ -// -*- C++ -*- -// -// $Id$ - #include "IIOP_SSL_Connector.h" #include "SSLIOP_Util.h" @@ -18,47 +14,47 @@ #include "ace/Strategies_T.h" -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, IIOP_SSL_Connector, "$Id$") #if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) -template class TAO_Connect_Concurrency_Strategy<TAO_IIOP_SSL_Connection_Handler>; -template class TAO_Connect_Creation_Strategy<TAO_IIOP_SSL_Connection_Handler>; -template class ACE_Strategy_Connector<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR>; -template class ACE_Connect_Strategy<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR>; -template class ACE_Connector_Base<TAO_IIOP_SSL_Connection_Handler>; -template class ACE_Connector<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR>; -template class ACE_NonBlocking_Connect_Handler<TAO_IIOP_SSL_Connection_Handler>; +template class TAO_Connect_Concurrency_Strategy<TAO::IIOP_SSL_Connection_Handler>; +template class TAO_Connect_Creation_Strategy<TAO::IIOP_SSL_Connection_Handler>; +template class ACE_Strategy_Connector<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR>; +template class ACE_Connect_Strategy<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR>; +template class ACE_Connector_Base<TAO::IIOP_SSL_Connection_Handler>; +template class ACE_Connector<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR>; +template class ACE_NonBlocking_Connect_Handler<TAO::IIOP_SSL_Connection_Handler>; #elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) -#pragma instantiate TAO_Connect_Concurrency_Strategy<TAO_IIOP_SSL_Connection_Handler> -#pragma instantiate TAO_Connect_Creation_Strategy<TAO_IIOP_SSL_Connection_Handler> -#pragma instantiate ACE_Strategy_Connector<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR> -#pragma instantiate ACE_Connect_Strategy<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR> -#pragma instantiate ACE_Connector_Base<TAO_IIOP_SSL_Connection_Handler> -#pragma instantiate ACE_Connector<TAO_IIOP_SSL_Connection_Handler, ACE_SOCK_Connector> -#pragma instantiate ACE_NonBlocking_Connect_Handler<TAO_IIOP_SSL_Connection_Handler> +#pragma instantiate TAO_Connect_Concurrency_Strategy<TAO::IIOP_SSL_Connection_Handler> +#pragma instantiate TAO_Connect_Creation_Strategy<TAO::IIOP_SSL_Connection_Handler> +#pragma instantiate ACE_Strategy_Connector<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR> +#pragma instantiate ACE_Connect_Strategy<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_CONNECTOR> +#pragma instantiate ACE_Connector_Base<TAO::IIOP_SSL_Connection_Handler> +#pragma instantiate ACE_Connector<TAO::IIOP_SSL_Connection_Handler, ACE_SOCK_Connector> +#pragma instantiate ACE_NonBlocking_Connect_Handler<TAO::IIOP_SSL_Connection_Handler> #endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ -TAO_IIOP_SSL_Connector::TAO_IIOP_SSL_Connector (CORBA::Boolean flag) +TAO::IIOP_SSL_Connector::IIOP_SSL_Connector (CORBA::Boolean flag) : TAO_IIOP_Connector (flag), connect_strategy_ (), base_connector_ () { } -TAO_IIOP_SSL_Connector::~TAO_IIOP_SSL_Connector (void) +TAO::IIOP_SSL_Connector::~IIOP_SSL_Connector (void) { } int -TAO_IIOP_SSL_Connector::open (TAO_ORB_Core *orb_core) +TAO::IIOP_SSL_Connector::open (TAO_ORB_Core *orb_core) { this->orb_core (orb_core); @@ -69,27 +65,26 @@ TAO_IIOP_SSL_Connector::open (TAO_ORB_Core *orb_core) if (this->init_tcp_properties () != 0) return -1; - if (TAO_SSLIOP_Util::setup_handler_state (orb_core, - &(this->tcp_properties_), - this->handler_state_) != 0) + if (TAO::SSLIOP::Util::setup_handler_state (orb_core, + &(this->tcp_properties_), + this->handler_state_) != 0) return -1; - /// Our connect creation strategy - TAO_IIOP_SSL_CONNECT_CREATION_STRATEGY *connect_creation_strategy = 0; + // Our connect creation strategy + CONNECT_CREATION_STRATEGY *connect_creation_strategy = 0; ACE_NEW_RETURN (connect_creation_strategy, - TAO_IIOP_SSL_CONNECT_CREATION_STRATEGY - (orb_core->thr_mgr (), - orb_core, - &(this->handler_state_), - this->lite_flag_), + CONNECT_CREATION_STRATEGY (orb_core->thr_mgr (), + orb_core, + &(this->handler_state_), + this->lite_flag_), -1); - /// Our activation strategy - TAO_IIOP_SSL_CONNECT_CONCURRENCY_STRATEGY *concurrency_strategy = 0; + // Our activation strategy + CONNECT_CONCURRENCY_STRATEGY *concurrency_strategy = 0; ACE_NEW_RETURN (concurrency_strategy, - TAO_IIOP_SSL_CONNECT_CONCURRENCY_STRATEGY (orb_core), + CONNECT_CONCURRENCY_STRATEGY (orb_core), -1); @@ -100,7 +95,7 @@ TAO_IIOP_SSL_Connector::open (TAO_ORB_Core *orb_core) } int -TAO_IIOP_SSL_Connector::close (void) +TAO::IIOP_SSL_Connector::close (void) { delete this->base_connector_.creation_strategy (); delete this->base_connector_.concurrency_strategy (); @@ -108,14 +103,13 @@ TAO_IIOP_SSL_Connector::close (void) } int -TAO_IIOP_SSL_Connector::set_validate_endpoint (TAO_Endpoint *endpoint) +TAO::IIOP_SSL_Connector::set_validate_endpoint (TAO_Endpoint *endpoint) { if (endpoint->tag () != IOP::TAG_INTERNET_IOP) return -1; TAO_IIOP_Endpoint *iiop_endpoint = - ACE_dynamic_cast (TAO_IIOP_Endpoint *, - endpoint); + dynamic_cast<TAO_IIOP_Endpoint *> (endpoint); if (iiop_endpoint == 0) return -1; @@ -144,14 +138,13 @@ TAO_IIOP_SSL_Connector::set_validate_endpoint (TAO_Endpoint *endpoint) } TAO_Transport * -TAO_IIOP_SSL_Connector::make_connection ( +TAO::IIOP_SSL_Connector::make_connection ( TAO::Profile_Transport_Resolver *, TAO_Transport_Descriptor_Interface &desc, ACE_Time_Value *max_wait_time) { TAO_IIOP_Endpoint *iiop_endpoint = - ACE_dynamic_cast (TAO_IIOP_Endpoint *, - desc.endpoint ()); + dynamic_cast<TAO_IIOP_Endpoint *> (desc.endpoint ()); if (iiop_endpoint == 0) return 0; @@ -170,7 +163,7 @@ TAO_IIOP_SSL_Connector::make_connection ( this->active_connect_strategy_->synch_options (max_wait_time, synch_options); - TAO_IIOP_SSL_Connection_Handler *svc_handler = 0; + IIOP_SSL_Connection_Handler *svc_handler = 0; // Connect. int result = @@ -213,7 +206,7 @@ TAO_IIOP_SSL_Connector::make_connection ( // failure) within timeout. result = this->active_connect_strategy_->wait (svc_handler, - max_wait_time); + 0); if (TAO_debug_level > 2) { @@ -309,8 +302,9 @@ TAO_IIOP_SSL_Connector::make_connection ( // Add the handler to Cache int retval = - this->orb_core ()->lane_resources ().transport_cache ().cache_transport (&desc, - transport); + this->orb_core ()->lane_resources ().transport_cache ().cache_transport ( + &desc, + transport); // Failure in adding to cache. if (retval != 0) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h index c021d7de687..24f4481fc61 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h @@ -18,84 +18,86 @@ #include /**/ "ace/pre.h" -#include "SSLIOP_Export.h" +#include "IIOP_SSL_Connection_Handler.h" #if !defined (ACE_LACKS_PRAGMA_ONCE) # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "IIOP_SSL_Connection_Handler.h" #include "SSLIOP_Connection_Handler.h" #include "tao/IIOP_Connector.h" - -/** - * @class TAO_IIOP_SSL_Connector - * - * @brief IIOP-specific Connector (SSL aware) bridge for pluggable - * protocols. - * - * Concrete instance of the TAO_Connector class. Responsible - * for establishing a connection with a server and is called from the - * Connector_Registry. - */ -class TAO_SSLIOP_Export TAO_IIOP_SSL_Connector : public TAO_IIOP_Connector +namespace TAO { -public: + /** + * @class IIOP_SSL_Connector + * + * @brief IIOP-specific Connector (SSL aware) bridge for pluggable + * protocols. + * + * Concrete instance of the TAO_Connector class. Responsible + * for establishing a connection with a server and is called from the + * Connector_Registry. + */ + class IIOP_SSL_Connector : public TAO_IIOP_Connector + { + public: - /// Constructor. - TAO_IIOP_SSL_Connector (CORBA::Boolean flag = 0); + /// Constructor. + IIOP_SSL_Connector (CORBA::Boolean flag = 0); - /// Destructor. - ~TAO_IIOP_SSL_Connector (void); + /// Destructor. + ~IIOP_SSL_Connector (void); - int open (TAO_ORB_Core *orb_core); - int close (void); + int open (TAO_ORB_Core *orb_core); + int close (void); + public: -public: + typedef TAO_Connect_Concurrency_Strategy<IIOP_SSL_Connection_Handler> + CONNECT_CONCURRENCY_STRATEGY; - typedef TAO_Connect_Concurrency_Strategy<TAO_IIOP_SSL_Connection_Handler> - TAO_IIOP_SSL_CONNECT_CONCURRENCY_STRATEGY; + typedef TAO_Connect_Creation_Strategy<IIOP_SSL_Connection_Handler> + CONNECT_CREATION_STRATEGY; - typedef TAO_Connect_Creation_Strategy<TAO_IIOP_SSL_Connection_Handler> - TAO_IIOP_SSL_CONNECT_CREATION_STRATEGY; + typedef ACE_Connect_Strategy<IIOP_SSL_Connection_Handler, + ACE_SOCK_CONNECTOR> + CONNECT_STRATEGY ; - typedef ACE_Connect_Strategy<TAO_IIOP_SSL_Connection_Handler, - ACE_SOCK_CONNECTOR> - TAO_IIOP_SSL_CONNECT_STRATEGY ; + typedef ACE_Strategy_Connector<IIOP_SSL_Connection_Handler, + ACE_SOCK_CONNECTOR> + BASE_CONNECTOR; - typedef ACE_Strategy_Connector<TAO_IIOP_SSL_Connection_Handler, - ACE_SOCK_CONNECTOR> - TAO_IIOP_SSL_BASE_CONNECTOR; + protected: -protected: - /** - * @name The TAO_Connector Methods - * - * Check the documentation in tao/Transport_Connector.h for details. - */ - //@{ - int set_validate_endpoint (TAO_Endpoint *ep); + /** + * @name The TAO_Connector Methods + * + * Check the documentation in tao/Transport_Connector.h for details. + */ + //@{ + int set_validate_endpoint (TAO_Endpoint *ep); + + TAO_Transport *make_connection (TAO::Profile_Transport_Resolver *r, + TAO_Transport_Descriptor_Interface &desc, + ACE_Time_Value *timeout = 0); + //@} - TAO_Transport *make_connection (TAO::Profile_Transport_Resolver *r, - TAO_Transport_Descriptor_Interface &desc, - ACE_Time_Value *timeout = 0); - //@} + private: -private: + /// Our connect strategy + CONNECT_STRATEGY connect_strategy_; - /// Our connect strategy - TAO_IIOP_SSL_CONNECT_STRATEGY connect_strategy_; + /// The connector initiating connection requests for IIOP_SSL. + BASE_CONNECTOR base_connector_; - /// The connector initiating connection requests for IIOP_SSL. - TAO_IIOP_SSL_BASE_CONNECTOR base_connector_; + /// State that will be passed to each SSLIOP connection handler upon + /// creation. + TAO::SSLIOP::Connection_Handler_State handler_state_; - /// State that will be passed to each SSLIOP connection handler upon - /// creation. - TAO_SSLIOP_Connection_Handler_State handler_state_; + }; -}; +} // End TAO namespace. #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp index 09ba47f567d..7c81753642a 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp @@ -1,44 +1,44 @@ -// -*- C++ -*- - #include "IIOP_SSL_Transport.h" #include "IIOP_SSL_Connection_Handler.h" -#include "tao/Timeprobe.h" #include "tao/ORB_Core.h" #include "tao/ORB.h" +#include "tao/Timeprobe.h" #include "tao/debug.h" -ACE_RCSID (TAO_SSLIOP, + +ACE_RCSID (SSLIOP, IIOP_SSL_Transport, "$Id$") -TAO_IIOP_SSL_Transport::TAO_IIOP_SSL_Transport ( - TAO_IIOP_SSL_Connection_Handler *handler, + +TAO::IIOP_SSL_Transport::IIOP_SSL_Transport ( + IIOP_SSL_Connection_Handler *handler, TAO_ORB_Core *orb_core, - TAO_SSLIOP_Current_ptr current, + TAO::SSLIOP::Current_ptr current, CORBA::Boolean flag) : TAO_IIOP_Transport (handler, orb_core, - flag) + flag), + current_ (TAO::SSLIOP::Current::_duplicate (current)) { - this->current_ = TAO_SSLIOP_Current::_duplicate (current); } -TAO_IIOP_SSL_Transport::~TAO_IIOP_SSL_Transport (void) +TAO::IIOP_SSL_Transport::~IIOP_SSL_Transport (void) { } int -TAO_IIOP_SSL_Transport::handle_input (TAO_Resume_Handle &rh, - ACE_Time_Value *max_wait_time, - int block) +TAO::IIOP_SSL_Transport::handle_input (TAO_Resume_Handle &rh, + ACE_Time_Value *max_wait_time, + int block) { int result = 0; // Invalidate the TSS SSL session state to make sure that SSL state // from a previous SSL connection is not confused with this non-SSL // connection. - TAO_Null_SSL_State_Guard guard (this->current_.in (), result); + TAO::Null_SSL_State_Guard guard (this->current_.in (), result); if (result != 0) return -1; diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h index 9433395cd9b..aa4cdedd41c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h @@ -16,71 +16,73 @@ #include /**/ "ace/pre.h" -#include "SSLIOP_Export.h" +#include "SSLIOP_Current.h" #if !defined (ACE_LACKS_PRAGMA_ONCE) #pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "SSLIOP_Current.h" - #include "tao/IIOP_Transport.h" class TAO_ORB_Core; -class TAO_IIOP_SSL_Connection_Handler; class TAO_Resume_Handle; - -/** - * @class TAO_IIOP_SSL_Transport - * - * @brief - * IIOP Transport designed to be "SSL aware," i.e. it is - * aware of the existence of the SSLIOP Transport. It makes - * sure that SSL session state from a previous connection is not - * associated with the non-SSL connection handled by this handler. - * - * However, this class overrides the handle_input() method to - * invalidate the current TSS SSL state during a standard IIOP - * (insecure) upcall. This prevents SSL session state from a previous - * SSL connection from being associated with non-SSL connections - * processed by this connection handler. In particular, this is very - * important for closing a security hole in nested upcalls. For - * example, an SSLIOP request is made. During that secure upcall, an - * insecure nested upcall is made. A naive implementation would - * associate the TSS SSL state from the secure upcall with the - * insecure upcall. This implementation closes that security hole. - */ - -class TAO_SSLIOP_Export TAO_IIOP_SSL_Transport : public TAO_IIOP_Transport +namespace TAO { -public: - /// Constructor. - TAO_IIOP_SSL_Transport (TAO_IIOP_SSL_Connection_Handler *handler, - TAO_ORB_Core *orb_core, - TAO_SSLIOP_Current_ptr current, - CORBA::Boolean flag = 0); - - /// Default destructor. - ~TAO_IIOP_SSL_Transport (void); + class IIOP_SSL_Connection_Handler; - /** @name Overridden Template Methods + /** + * @class IIOP_SSL_Transport * - * Please check the documentation in "tao/Transport.h" for more - * details. + * @brief + * IIOP Transport designed to be "SSL aware," i.e. it is + * aware of the existence of the SSLIOP Transport. It makes + * sure that SSL session state from a previous connection is not + * associated with the non-SSL connection handled by this handler. + * + * However, this class overrides the handle_input() method to + * invalidate the current TSS SSL state during a standard IIOP + * (insecure) upcall. This prevents SSL session state from a + * previous SSL connection from being associated with non-SSL + * connections processed by this connection handler. In particular, + * this is very important for closing a security hole in nested + * upcalls. For example, an SSLIOP request is made. During that + * secure upcall, an insecure nested upcall is made. A naive + * implementation would associate the TSS SSL state from the secure + * upcall with the insecure upcall. This implementation closes that + * security hole. */ - virtual int handle_input (TAO_Resume_Handle &rh, - ACE_Time_Value *max_wait_time = 0, - int block = 0); -protected: + class IIOP_SSL_Transport : public TAO_IIOP_Transport + { + public: + /// Constructor. + IIOP_SSL_Transport (IIOP_SSL_Connection_Handler *handler, + TAO_ORB_Core *orb_core, + TAO::SSLIOP::Current_ptr current, + CORBA::Boolean flag = 0); + + /// Default destructor. + ~IIOP_SSL_Transport (void); - /// Reference to the SSLIOP::Current object (downcast to gain access - /// to the low-level management methods). - TAO_SSLIOP_Current_var current_; + /** @name Overridden Template Methods + * + * Please check the documentation in "tao/Transport.h" for more + * details. + */ + virtual int handle_input (TAO_Resume_Handle &rh, + ACE_Time_Value *max_wait_time = 0, + int block = 0); -}; + protected: + /// Reference to the TAO::SSLIOP::Current object. + TAO::SSLIOP::Current_var current_; + + }; + +} // End TAO namespace. #include /**/ "ace/post.h" -#endif /*TAO_IIOP_SSL_TRANSPORT_H*/ + +#endif /* TAO_IIOP_SSL_TRANSPORT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.cpp index aeb5b30a1ab..99ea46cccad 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.cpp @@ -6,19 +6,19 @@ ACE_RCSID (SSLIOP, "$Id$") -TAO_SSLIOP_Accept_Strategy::TAO_SSLIOP_Accept_Strategy ( +TAO::SSLIOP::Accept_Strategy::Accept_Strategy ( TAO_ORB_Core * orb_core, const ACE_Time_Value & timeout) - : TAO_Accept_Strategy<TAO_SSLIOP_Connection_Handler, + : TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> (orb_core), timeout_ (timeout) { } int -TAO_SSLIOP_Accept_Strategy::accept_svc_handler (handler_type * svc_handler) +TAO::SSLIOP::Accept_Strategy::accept_svc_handler (handler_type * svc_handler) { - ACE_TRACE ("TAO_SSLIOP_Accept_Strategy::accept_svc_handler"); + ACE_TRACE ("TAO::SSLIOP::Accept_Strategy::accept_svc_handler"); // The following code is basically the same code found in // ACE_Accept_Strategy::accept_svc_handler(). The only difference @@ -40,7 +40,7 @@ TAO_SSLIOP_Accept_Strategy::accept_svc_handler (handler_type * svc_handler) // created handle. This is because the newly created handle will // inherit the properties of the listen handle, including its event // associations. - int reset_new_handle = this->reactor_->uses_event_associations (); + const int reset_new_handle = this->reactor_->uses_event_associations (); if (this->peer_acceptor_.accept (svc_handler->peer (), // stream 0, // remote address @@ -61,12 +61,12 @@ TAO_SSLIOP_Accept_Strategy::accept_svc_handler (handler_type * svc_handler) #if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) -template class ACE_Accept_Strategy<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR>; -template class TAO_Accept_Strategy<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR>; +template class ACE_Accept_Strategy<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR>; +template class TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR>; #elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) -# pragma instantiate ACE_Accept_Strategy<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> -# pragma instantiate TAO_Accept_Strategy<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> +# pragma instantiate ACE_Accept_Strategy<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> +# pragma instantiate TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> #endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h index 45a32853b0f..285376f4faa 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h @@ -8,7 +8,7 @@ * * IIOP/SSL specific accept strategy * - * @author Ossama Othman <ossama@uci.edu> + * @author Ossama Othman <ossama@dre.vanderbilt.edu> */ //============================================================================= @@ -31,55 +31,64 @@ #include "ace/SSL/SSL_SOCK_Acceptor.h" -/** - * @class TAO_SSLIOP_Accept_Strategy - * - * @brief SSLIOP-specific accept strategy that builds on the - * TAO_Accept_Strategy implementation. - * - * This accept strategy builds on on the TAO_Accept_Strategy - * implementation. It sub-classes that class, and overrides the - * accept_svc_handler() method so that a timeout value may be passed - * to the underlying peer acceptor. This is necessary to defend - * against a simple Denial-of-Service attack. - * @par - * Since SSL requires two handshakes, one TCP and one SSL, it is - * possible for a malicious client to establish a TCP connection to - * the SSL port, and never complete the SSL handshake. The underlying - * SSL passive connection code would block/hang waiting for the SSL - * handshake to complete. Given enough incomplete connections where - * only the TCP handshake is completed, a server process could - * potentially run out of available file descriptors, thus preventing - * legitimate client connections from being established. - * @par. - * The timeout defense alluded to above bounds the time this sort of - * DoS attack lasts. - */ -class TAO_SSLIOP_Accept_Strategy - : public TAO_Accept_Strategy<TAO_SSLIOP_Connection_Handler, - ACE_SSL_SOCK_ACCEPTOR> +namespace TAO { -public: - - /// Constructor. - TAO_SSLIOP_Accept_Strategy (TAO_ORB_Core * orb_core, - const ACE_Time_Value & timeout); - - /// Overridden method that forces a passive connection timeout value - /// to be passed to the underlying acceptor. - virtual int accept_svc_handler (handler_type * svc_handler); - -private: - - /// The accept() timeout. - /** - * This timeout includes the overall time to complete the SSL - * handshake. This includes both the TCP handshake and the SSL - * handshake. - */ - const ACE_Time_Value timeout_; - -}; + namespace SSLIOP + { + + /** + * @class Accept_Strategy + * + * @brief SSLIOP-specific accept strategy that builds on the + * TAO_Accept_Strategy implementation. + * + * This accept strategy builds on on the TAO_Accept_Strategy + * implementation. It sub-classes that class, and overrides the + * accept_svc_handler() method so that a timeout value may be + * passed to the underlying peer acceptor. This is necessary to + * defend against a simple Denial-of-Service attack. + * @par + * Since SSL requires two handshakes, one TCP and one SSL, it is + * possible for a malicious client to establish a TCP connection + * to the SSL port, and never complete the SSL handshake. The + * underlying SSL passive connection code would block/hang waiting + * for the SSL handshake to complete. Given enough incomplete + * connections where only the TCP handshake is completed, a server + * process could potentially run out of available file + * descriptors, thus preventing legitimate client connections from + * being established. + * @par. + * The timeout defense alluded to above bounds the time this sort of + * DoS attack lasts. + */ + class Accept_Strategy + : public TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler, + ACE_SSL_SOCK_ACCEPTOR> + { + public: + + /// Constructor. + Accept_Strategy (TAO_ORB_Core * orb_core, + const ACE_Time_Value & timeout); + + /// Overridden method that forces a passive connection timeout value + /// to be passed to the underlying acceptor. + virtual int accept_svc_handler (handler_type * svc_handler); + + private: + + /// The accept() timeout. + /** + * This timeout includes the overall time to complete the SSL + * handshake. This includes both the TCP handshake and the SSL + * handshake. + */ + const ACE_Time_Value timeout_; + + }; + + } // End SSLIOP namespace +} // End TAO namespace #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp index b7e7dad4c88..49f67043231 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp @@ -1,5 +1,3 @@ -// $Id$ - #include "SSLIOP_Acceptor.h" #include "SSLIOP_Profile.h" #include "SSLIOP_Current.h" @@ -8,43 +6,45 @@ #include "tao/MProfile.h" #include "tao/ORB_Core.h" #include "tao/Server_Strategy_Factory.h" -#include "tao/debug.h" #include "tao/Codeset_Manager.h" #include "tao/CDR.h" +#include "tao/debug.h" #if !defined(__ACE_INLINE__) #include "SSLIOP_Acceptor.i" #endif /* __ACE_INLINE__ */ -ACE_RCSID (TAO_SSLIOP, + +ACE_RCSID (SSLIOP, SSLIOP_Acceptor, "$Id$") + #if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) -template class ACE_Acceptor<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR>; -template class ACE_Strategy_Acceptor<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR>; -template class ACE_Creation_Strategy<TAO_SSLIOP_Connection_Handler>; -template class ACE_Concurrency_Strategy<TAO_SSLIOP_Connection_Handler>; -template class ACE_Scheduling_Strategy<TAO_SSLIOP_Connection_Handler>; -template class TAO_Creation_Strategy<TAO_SSLIOP_Connection_Handler>; -template class TAO_Concurrency_Strategy<TAO_SSLIOP_Connection_Handler>; +template class ACE_Acceptor<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR>; +template class ACE_Strategy_Acceptor<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR>; +template class ACE_Creation_Strategy<TAO::SSLIOP::Connection_Handler>; +template class ACE_Concurrency_Strategy<TAO::SSLIOP::Connection_Handler>; +template class ACE_Scheduling_Strategy<TAO::SSLIOP::Connection_Handler>; +template class TAO_Creation_Strategy<TAO::SSLIOP::Connection_Handler>; +template class TAO_Concurrency_Strategy<TAO::SSLIOP::Connection_Handler>; #elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) -#pragma instantiate ACE_Acceptor<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> -#pragma instantiate ACE_Strategy_Acceptor<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> -#pragma instantiate ACE_Creation_Strategy<TAO_SSLIOP_Connection_Handler> -#pragma instantiate ACE_Concurrency_Strategy<TAO_SSLIOP_Connection_Handler> -#pragma instantiate ACE_Scheduling_Strategy<TAO_SSLIOP_Connection_Handler> -#pragma instantiate TAO_Creation_Strategy<TAO_SSLIOP_Connection_Handler> -#pragma instantiate TAO_Concurrency_Strategy<TAO_SSLIOP_Connection_Handler> +#pragma instantiate ACE_Acceptor<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> +#pragma instantiate ACE_Strategy_Acceptor<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> +#pragma instantiate ACE_Creation_Strategy<TAO::SSLIOP::Connection_Handler> +#pragma instantiate ACE_Concurrency_Strategy<TAO::SSLIOP::Connection_Handler> +#pragma instantiate ACE_Scheduling_Strategy<TAO::SSLIOP::Connection_Handler> +#pragma instantiate TAO_Creation_Strategy<TAO::SSLIOP::Connection_Handler> +#pragma instantiate TAO_Concurrency_Strategy<TAO::SSLIOP::Connection_Handler> #endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ -TAO_SSLIOP_Acceptor::TAO_SSLIOP_Acceptor (Security::QOP qop, - const ACE_Time_Value & timeout) - : TAO_IIOP_SSL_Acceptor (), +TAO::SSLIOP::Acceptor::Acceptor (::Security::QOP qop, + const ACE_Time_Value & timeout) + : TAO::IIOP_SSL_Acceptor (), ssl_acceptor_ (), creation_strategy_ (0), concurrency_strategy_ (0), @@ -52,34 +52,63 @@ TAO_SSLIOP_Acceptor::TAO_SSLIOP_Acceptor (Security::QOP qop, handler_state_ (), timeout_ (timeout) { + // --- CSIv1 --- + // Clear all bits in the SSLIOP::SSL association option fields. this->ssl_component_.target_supports = 0; this->ssl_component_.target_requires = 0; // SSLIOP requires these Security::AssociationOptions by default. ACE_SET_BITS (this->ssl_component_.target_requires, - Security::Integrity - | Security::Confidentiality - | Security::NoDelegation); + ::Security::Integrity + | ::Security::Confidentiality + | ::Security::NoDelegation); // SSLIOP supports these Security::AssociationOptions by default. ACE_SET_BITS (this->ssl_component_.target_supports, - Security::Integrity - | Security::Confidentiality - | Security::EstablishTrustInTarget - | Security::NoDelegation); + ::Security::Integrity + | ::Security::Confidentiality + | ::Security::EstablishTrustInTarget + | ::Security::NoDelegation); // Initialize the default SSL port to zero (wild card port). this->ssl_component_.port = 0; // @@ This should go away once we support setting security // association options through policies. - if (qop == Security::SecQOPNoProtection) + if (qop == ::Security::SecQOPNoProtection) ACE_SET_BITS (this->ssl_component_.target_supports, - Security::NoProtection); + ::Security::NoProtection); + + + // --- CSIv2 --- + + // Clear all bits in the CSIIOP::TLS_SEC_TRANS association option + // fields. + this->csiv2_component_.target_supports = 0; + this->csiv2_component_.target_requires = 0; + + // SSLIOP requires these CSIIOP::AssociationOptions by default. + ACE_SET_BITS (this->csiv2_component_.target_requires, + CSIIOP::Integrity + | CSIIOP::Confidentiality + | CSIIOP::NoDelegation); + + // SSLIOP supports these CSIIOP::AssociationOptions by default. + ACE_SET_BITS (this->csiv2_component_.target_supports, + CSIIOP::Integrity + | CSIIOP::Confidentiality + | CSIIOP::EstablishTrustInTarget + | CSIIOP::NoDelegation); + + // @@ This should go away once we support setting security + // association options through policies. + if (qop == CSIIOP::NoProtection) + ACE_SET_BITS (this->csiv2_component_.target_supports, + CSIIOP::NoProtection); } -TAO_SSLIOP_Acceptor::~TAO_SSLIOP_Acceptor (void) +TAO::SSLIOP::Acceptor::~Acceptor (void) { // Make sure we are closed before we start destroying the // strategies. @@ -91,9 +120,9 @@ TAO_SSLIOP_Acceptor::~TAO_SSLIOP_Acceptor (void) } int -TAO_SSLIOP_Acceptor::create_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority) +TAO::SSLIOP::Acceptor::create_profile (const TAO::ObjectKey &object_key, + TAO_MProfile &mprofile, + CORBA::Short priority) { // Sanity check. if (this->endpoint_count_ == 0) @@ -112,12 +141,12 @@ TAO_SSLIOP_Acceptor::create_profile (const TAO::ObjectKey &object_key, } int -TAO_SSLIOP_Acceptor::create_new_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority) +TAO::SSLIOP::Acceptor::create_new_profile (const TAO::ObjectKey &object_key, + TAO_MProfile &mprofile, + CORBA::Short priority) { // Adding this->endpoint_count_ to the TAO_MProfile. - int count = mprofile.profile_count (); + const int count = mprofile.profile_count (); if ((mprofile.size () - count) < this->endpoint_count_ && mprofile.grow (count + this->endpoint_count_) == -1) return -1; @@ -136,12 +165,12 @@ TAO_SSLIOP_Acceptor::create_new_profile (const TAO::ObjectKey &object_key, // below default SSLIOP::SSL component. ACE_NEW_RETURN (pfile, TAO_SSLIOP_Profile (this->hosts_[i], - this->addrs_[i].get_port_number (), - object_key, - this->addrs_[i], - this->version_, - this->orb_core_, - &(this->ssl_component_)), + this->addrs_[i].get_port_number (), + object_key, + this->addrs_[i], + this->version_, + this->orb_core_, + &(this->ssl_component_)), -1); pfile->endpoint ()->priority (priority); @@ -157,11 +186,11 @@ TAO_SSLIOP_Acceptor::create_new_profile (const TAO::ObjectKey &object_key, pfile->tagged_components ().set_orb_type (TAO_ORB_TYPE); - this->orb_core_->codeset_manager()-> - set_codeset(pfile->tagged_components()); + this->orb_core_->codeset_manager ()-> + set_codeset (pfile->tagged_components()); IOP::TaggedComponent component; - component.tag = SSLIOP::TAG_SSL_SEC_TRANS; + component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; // @@???? Check this code, only intended as guideline... TAO_OutputCDR cdr; @@ -178,7 +207,7 @@ TAO_SSLIOP_Acceptor::create_new_profile (const TAO::ObjectKey &object_key, // TAO extension, replace the contents of the octet sequence with // the CDR stream - CORBA::ULong length = cdr.total_length (); + const CORBA::ULong length = cdr.total_length (); component.component_data.length (length); CORBA::Octet *buf = component.component_data.get_buffer (); for (const ACE_Message_Block *i = cdr.begin (); @@ -197,9 +226,9 @@ TAO_SSLIOP_Acceptor::create_new_profile (const TAO::ObjectKey &object_key, int -TAO_SSLIOP_Acceptor::create_shared_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority) +TAO::SSLIOP::Acceptor::create_shared_profile (const TAO::ObjectKey &object_key, + TAO_MProfile &mprofile, + CORBA::Short priority) { size_t index = 0; TAO_Profile *pfile = 0; @@ -211,8 +240,7 @@ TAO_SSLIOP_Acceptor::create_shared_profile (const TAO::ObjectKey &object_key, pfile = mprofile.get_profile (i); if (pfile->tag () == IOP::TAG_INTERNET_IOP) { - ssliop_profile = ACE_dynamic_cast (TAO_SSLIOP_Profile *, - pfile); + ssliop_profile = dynamic_cast<TAO_SSLIOP_Profile *> (pfile); if (ssliop_profile == 0) return -1; break; @@ -232,17 +260,16 @@ TAO_SSLIOP_Acceptor::create_shared_profile (const TAO::ObjectKey &object_key, // below default SSLIOP::SSL component. ACE_NEW_RETURN (ssliop_profile, TAO_SSLIOP_Profile (this->hosts_[0], - this->addrs_[0].get_port_number (), - object_key, - this->addrs_[0], - this->version_, - this->orb_core_, - &(this->ssl_component_)), + this->addrs_[0].get_port_number (), + object_key, + this->addrs_[0], + this->version_, + this->orb_core_, + &(this->ssl_component_)), -1); TAO_SSLIOP_Endpoint *ssliop_endp = - ACE_dynamic_cast (TAO_SSLIOP_Endpoint *, - ssliop_profile->endpoint ()); + dynamic_cast<TAO_SSLIOP_Endpoint *> (ssliop_profile->endpoint ()); ssliop_endp->priority (priority); ssliop_endp->iiop_endpoint ()->priority (priority); @@ -262,7 +289,7 @@ TAO_SSLIOP_Acceptor::create_shared_profile (const TAO::ObjectKey &object_key, set_codeset(ssliop_profile->tagged_components()); IOP::TaggedComponent component; - component.tag = SSLIOP::TAG_SSL_SEC_TRANS; + component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; // @@???? Check this code, only intended as guideline... TAO_OutputCDR cdr; cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); @@ -323,11 +350,10 @@ TAO_SSLIOP_Acceptor::create_shared_profile (const TAO::ObjectKey &object_key, } int -TAO_SSLIOP_Acceptor::is_collocated (const TAO_Endpoint *endpoint) +TAO::SSLIOP::Acceptor::is_collocated (const TAO_Endpoint *endpoint) { const TAO_SSLIOP_Endpoint *endp = - ACE_dynamic_cast (const TAO_SSLIOP_Endpoint *, - endpoint); + dynamic_cast<const TAO_SSLIOP_Endpoint *> (endpoint); // Make sure the dynamically cast pointer is valid. if (endp == 0) @@ -349,22 +375,22 @@ TAO_SSLIOP_Acceptor::is_collocated (const TAO_Endpoint *endpoint) } int -TAO_SSLIOP_Acceptor::close (void) +TAO::SSLIOP::Acceptor::close (void) { int r = this->ssl_acceptor_.close (); - if (this->TAO_IIOP_SSL_Acceptor::close () != 0) + if (this->IIOP_SSL_Acceptor::close () != 0) r = -1; return r; } int -TAO_SSLIOP_Acceptor::open (TAO_ORB_Core *orb_core, - ACE_Reactor *reactor, - int major, - int minor, - const char *address, - const char *options) +TAO::SSLIOP::Acceptor::open (TAO_ORB_Core *orb_core, + ACE_Reactor *reactor, + int major, + int minor, + const char *address, + const char *options) { // Ensure that neither the endpoint configuration nor the ORB // configuration violate security measures. @@ -375,12 +401,12 @@ TAO_SSLIOP_Acceptor::open (TAO_ORB_Core *orb_core, // Open the non-SSL enabled endpoints, then open the SSL enabled // endpoints. - if (this->TAO_IIOP_SSL_Acceptor::open (orb_core, - reactor, - major, - minor, - address, - options) != 0) + if (this->IIOP_SSL_Acceptor::open (orb_core, + reactor, + major, + minor, + address, + options) != 0) return -1; // The SSL port is set in the parse_options() method. All we have @@ -394,11 +420,11 @@ TAO_SSLIOP_Acceptor::open (TAO_ORB_Core *orb_core, } int -TAO_SSLIOP_Acceptor::open_default (TAO_ORB_Core *orb_core, - ACE_Reactor *reactor, - int major, - int minor, - const char *options) +TAO::SSLIOP::Acceptor::open_default (TAO_ORB_Core *orb_core, + ACE_Reactor *reactor, + int major, + int minor, + const char *options) { // Ensure that neither the endpoint configuration nor the ORB // configuration violate security measures. @@ -409,11 +435,11 @@ TAO_SSLIOP_Acceptor::open_default (TAO_ORB_Core *orb_core, // Open the non-SSL enabled endpoints, then open the SSL enabled // endpoints. - if (this->TAO_IIOP_SSL_Acceptor::open_default (orb_core, - reactor, - major, - minor, - options) == -1) + if (this->IIOP_SSL_Acceptor::open_default (orb_core, + reactor, + major, + minor, + options) == -1) return -1; // Now that each network interface's hostname has been cached, open @@ -424,7 +450,7 @@ TAO_SSLIOP_Acceptor::open_default (TAO_ORB_Core *orb_core, // this->ssl_component_.port is initialized to zero or it is set in // this->parse_options(). if (addr.set (this->ssl_component_.port, - ACE_static_cast(ACE_UINT32, INADDR_ANY), + static_cast<ACE_UINT32> (INADDR_ANY), 1) != 0) return -1; @@ -434,34 +460,34 @@ TAO_SSLIOP_Acceptor::open_default (TAO_ORB_Core *orb_core, } int -TAO_SSLIOP_Acceptor::ssliop_open_i (TAO_ORB_Core *orb_core, - const ACE_INET_Addr& addr, - ACE_Reactor *reactor) +TAO::SSLIOP::Acceptor::ssliop_open_i (TAO_ORB_Core *orb_core, + const ACE_INET_Addr& addr, + ACE_Reactor *reactor) { this->orb_core_ = orb_core; - int giop_lite = 0; // Explicitly disable GIOPlite support since it introduces security // holes. + static const int giop_lite = 0; - if (TAO_SSLIOP_Util::setup_handler_state (this->orb_core_, - &(this->tcp_properties_), - this->handler_state_) != 0) + if (TAO::SSLIOP::Util::setup_handler_state (this->orb_core_, + &(this->tcp_properties_), + this->handler_state_) != 0) return -1; ACE_NEW_RETURN (this->creation_strategy_, - TAO_SSLIOP_CREATION_STRATEGY (this->orb_core_, - &(this->handler_state_), - giop_lite), + CREATION_STRATEGY (this->orb_core_, + &(this->handler_state_), + giop_lite), -1); ACE_NEW_RETURN (this->concurrency_strategy_, - TAO_SSLIOP_CONCURRENCY_STRATEGY (this->orb_core_), + CONCURRENCY_STRATEGY (this->orb_core_), -1); ACE_NEW_RETURN (this->accept_strategy_, - TAO_SSLIOP_ACCEPT_STRATEGY (this->orb_core_, - this->timeout_), + ACCEPT_STRATEGY (this->orb_core_, + this->timeout_), -1); if (this->ssl_acceptor_.open (addr, @@ -497,11 +523,11 @@ TAO_SSLIOP_Acceptor::ssliop_open_i (TAO_ORB_Core *orb_core, // the user if provided. this->ssl_component_.port = ssl_address.get_port_number (); - (void) this->ssl_acceptor_.acceptor().enable (ACE_CLOEXEC); // This avoids having child processes acquire the listen socket // thereby denying the server the opportunity to restart on a // well-known endpoint. This does not affect the aberrent behavior // on Win32 platforms. + (void) this->ssl_acceptor_.acceptor ().enable (ACE_CLOEXEC); if (TAO_debug_level > 5) { @@ -520,7 +546,7 @@ TAO_SSLIOP_Acceptor::ssliop_open_i (TAO_ORB_Core *orb_core, } int -TAO_SSLIOP_Acceptor::parse_options (const char *str) +TAO::SSLIOP::Acceptor::parse_options (const char *str) { if (str == 0) return 0; // No options to parse. Not a problem. @@ -531,7 +557,7 @@ TAO_SSLIOP_Acceptor::parse_options (const char *str) ACE_CString options (str); - size_t len = options.length (); + const size_t len = options.length (); const char option_delimiter = '&'; @@ -544,7 +570,7 @@ TAO_SSLIOP_Acceptor::parse_options (const char *str) // before the object key. for (size_t i = 0; i < len; ++i) if (options[i] == option_delimiter) - option_count++; + ++option_count; // The idea behind the following loop is to split the options into // (option, name) pairs. @@ -579,9 +605,9 @@ TAO_SSLIOP_Acceptor::parse_options (const char *str) { ACE_CString opt = options.substring (begin, end); - int slot = opt.find ("="); + const int slot = opt.find ("="); - if (slot == ACE_static_cast (int, len - 1) + if (slot == static_cast<int> (len - 1) || slot == ACE_CString::npos) ACE_ERROR_RETURN ((LM_ERROR, ACE_TEXT ("TAO (%P|%t) IIOP/SSL") @@ -609,7 +635,7 @@ TAO_SSLIOP_Acceptor::parse_options (const char *str) } else if (ACE_OS::strcmp (name.c_str (), "ssl_port") == 0) { - int ssl_port = ACE_OS::atoi (value.c_str ()); + const int ssl_port = ACE_OS::atoi (value.c_str ()); if (ssl_port >= 0 && ssl_port < 65536) this->ssl_component_.port = ssl_port; @@ -634,13 +660,14 @@ TAO_SSLIOP_Acceptor::parse_options (const char *str) -1); } } + return 0; } int -TAO_SSLIOP_Acceptor::verify_secure_configuration (TAO_ORB_Core *orb_core, - int major, - int minor) +TAO::SSLIOP::Acceptor::verify_secure_configuration (TAO_ORB_Core *orb_core, + int major, + int minor) { // Sanity check. if (major < 1) @@ -667,7 +694,7 @@ TAO_SSLIOP_Acceptor::verify_secure_configuration (TAO_ORB_Core *orb_core, if ((orb_core->orb_params ()->std_profile_components () == 0 || (major == 1 && minor == 0)) && ACE_BIT_DISABLED (this->ssl_component_.target_requires, - Security::NoProtection)) + ::Security::NoProtection)) { if (TAO_debug_level > 0) ACE_ERROR ((LM_ERROR, diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h index 5d761b5858a..b0868330068 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h @@ -30,125 +30,135 @@ #include "SSLIOP_Connection_Handler.h" #include "SSLIOP_Accept_Strategy.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" /* CSIv1 */ +#include "orbsvcs/orbsvcs/CSIIOPC.h" /* CSIv2 */ -#include "orbsvcs/orbsvcs/SSLIOPC.h" - - - -/** - * @class TAO_SSLIOP_Acceptor - * - * @brief The SSLIOP-specific bridge class for the concrete acceptor. - */ -class TAO_SSLIOP_Export TAO_SSLIOP_Acceptor - : public TAO_IIOP_SSL_Acceptor +namespace TAO { - -public: - - /// Constructor. - TAO_SSLIOP_Acceptor (Security::QOP qop, - const ACE_Time_Value & timeout); - - /// Destructor. - ~TAO_SSLIOP_Acceptor (void); - - typedef ACE_Strategy_Acceptor<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> TAO_SSLIOP_BASE_ACCEPTOR; - typedef TAO_Creation_Strategy<TAO_SSLIOP_Connection_Handler> TAO_SSLIOP_CREATION_STRATEGY; - typedef TAO_Concurrency_Strategy<TAO_SSLIOP_Connection_Handler> TAO_SSLIOP_CONCURRENCY_STRATEGY; - typedef TAO_SSLIOP_Accept_Strategy TAO_SSLIOP_ACCEPT_STRATEGY; - - /** - * @name The TAO_Acceptor Methods - * - * Check the documentation in tao/Pluggable.h for details. - */ - //@{ - virtual int open (TAO_ORB_Core *orb_core, - ACE_Reactor *reactor, - int version_major, - int version_minor, - const char *address, - const char *options = 0); - virtual int open_default (TAO_ORB_Core *orb_core, - ACE_Reactor *reactor, - int version_major, - int version_minor, - const char *options = 0); - virtual int close (void); - virtual int create_profile (const TAO::ObjectKey &object_key, + namespace SSLIOP + { + + /** + * @class Acceptor + * + * @brief The SSLIOP-specific bridge class for the concrete acceptor. + */ + class TAO_SSLIOP_Export Acceptor + : public IIOP_SSL_Acceptor + { + public: + + /// Constructor. + Acceptor (::Security::QOP qop, + const ACE_Time_Value & timeout); + + /// Destructor. + ~Acceptor (void); + + typedef ACE_Strategy_Acceptor<Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> BASE_ACCEPTOR; + typedef TAO_Creation_Strategy<Connection_Handler> CREATION_STRATEGY; + typedef TAO_Concurrency_Strategy<Connection_Handler> CONCURRENCY_STRATEGY; + typedef Accept_Strategy ACCEPT_STRATEGY; + + /** + * @name The TAO_Acceptor Methods + * + * Check the documentation in tao/Pluggable.h for details. + */ + //@{ + virtual int open (TAO_ORB_Core *orb_core, + ACE_Reactor *reactor, + int version_major, + int version_minor, + const char *address, + const char *options = 0); + virtual int open_default (TAO_ORB_Core *orb_core, + ACE_Reactor *reactor, + int version_major, + int version_minor, + const char *options = 0); + virtual int close (void); + virtual int create_profile (const TAO::ObjectKey &object_key, + TAO_MProfile &mprofile, + CORBA::Short priority); + virtual int is_collocated (const TAO_Endpoint* endpoint); + //@} + + /// Retrieve the CSIv1 SSLIOP::SSL component associated with the + /// endpoints set up by this acceptor. + const ::SSLIOP::SSL &ssl_component (void) const; + + private: + + /// Implement the common part of the open*() methods. + int ssliop_open_i (TAO_ORB_Core *orb_core, + const ACE_INET_Addr& addr, + ACE_Reactor *reactor); + + /// Parse protocol specific options. + int parse_options (const char *options); + + /// Ensure that neither the endpoint configuration nor the ORB + /// configuration violate security measures. + int verify_secure_configuration (TAO_ORB_Core *orb_core, + int major, + int minor); + + /// Helper method to add a new profile to the mprofile for + /// each endpoint. + int create_new_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority); - virtual int is_collocated (const TAO_Endpoint* endpoint); - //@} - - /// Retrieve the SSLIOP::SSL component associated with the endpoints - /// set up by this acceptor. - const SSLIOP::SSL &ssl_component (void) const; - -private: - - /// Implement the common part of the open*() methods. - int ssliop_open_i (TAO_ORB_Core *orb_core, - const ACE_INET_Addr& addr, - ACE_Reactor *reactor); - - /// Parse protocol specific options. - int parse_options (const char *options); - - - /// Ensure that neither the endpoint configuration nor the ORB - /// configuration violate security measures. - int verify_secure_configuration (TAO_ORB_Core *orb_core, - int major, - int minor); - - /// Helper method to add a new profile to the mprofile for - /// each endpoint. - int create_new_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority); - - /// Helper method to create a profile that contains all of - /// our endpoints. - int create_shared_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority); - -private: - - /// The concrete acceptor, as a pointer to it's base class. - TAO_SSLIOP_BASE_ACCEPTOR ssl_acceptor_; - - /** - * @name Acceptor Strategies - * - * Strategies used when accepting an incoming connection. - */ - TAO_SSLIOP_CREATION_STRATEGY *creation_strategy_; - TAO_SSLIOP_CONCURRENCY_STRATEGY *concurrency_strategy_; - TAO_SSLIOP_ACCEPT_STRATEGY *accept_strategy_; - - /// The SSL component. - /** - * This is the SSLIOP endpoint-specific tagged component that is - * embedded in a given IOR. - */ - SSLIOP::SSL ssl_component_; - - /// State that will be passed to each SSLIOP connection handler upon - /// creation. - TAO_SSLIOP_Connection_Handler_State handler_state_; - - /// The accept() timeout. - /** - * This timeout includes the overall time to complete the SSL - * handshake. This includes both the TCP handshake and the SSL - * handshake. - */ - const ACE_Time_Value timeout_; - -}; + + /// Helper method to create a profile that contains all of + /// our endpoints. + int create_shared_profile (const TAO::ObjectKey &object_key, + TAO_MProfile &mprofile, + CORBA::Short priority); + + private: + + /// The concrete acceptor, as a pointer to it's base class. + BASE_ACCEPTOR ssl_acceptor_; + + /** + * @name Acceptor Strategies + * + * Strategies used when accepting an incoming connection. + */ + CREATION_STRATEGY *creation_strategy_; + CONCURRENCY_STRATEGY *concurrency_strategy_; + ACCEPT_STRATEGY *accept_strategy_; + + /// The CSIv1 SSL component. + /** + * This is the SSLIOP endpoint-specific tagged component that is + * embedded in a given IOR. + */ + ::SSLIOP::SSL ssl_component_; + + /// The SSLIOP CSIv2 tagged component. + /** + * + */ + CSIIOP::TLS_SEC_TRANS csiv2_component_; + + /// State that will be passed to each SSLIOP connection handler upon + /// creation. + Connection_Handler_State handler_state_; + + /// The accept() timeout. + /** + * This timeout includes the overall time to complete the SSL + * handshake. This includes both the TCP handshake and the SSL + * handshake. + */ + const ACE_Time_Value timeout_; + + }; + + } // End SSLIOP namespace. +} // End TAO namespace. #if defined(__ACE_INLINE__) #include "SSLIOP_Acceptor.i" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.i index 8fe65662e6e..d37f85ba422 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.i +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.i @@ -4,7 +4,7 @@ ACE_INLINE const SSLIOP::SSL & -TAO_SSLIOP_Acceptor::ssl_component (void) const +TAO::SSLIOP::Acceptor::ssl_component (void) const { return this->ssl_component_; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp new file mode 100644 index 00000000000..f62dd0d2cce --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp @@ -0,0 +1,114 @@ +// $Id$ + +#include "SSLIOP_ClientCredentials.h" + + +ACE_RCSID (SSLIOP, + SSLIOP_ClientCredentials, + "$Id$") + + +TAO::SSLIOP::ClientCredentials::ClientCredentials (X509 *cert, EVP_PKEY *evp) + : Credentials (cert, evp) +{ +} + +TAO::SSLIOP::ClientCredentials::~ClientCredentials (void) +{ +} + +SecurityLevel3::CredentialsType +TAO::SSLIOP::ClientCredentials::creds_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + return SecurityLevel3::CT_ClientCredentials; +} + +char * +TAO::SSLIOP::ClientCredentials::context_id (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::Principal * +TAO::SSLIOP::ClientCredentials::client_principal (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::StatementList * +TAO::SSLIOP::ClientCredentials::client_supporting_statements ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::ResourceNameList * +TAO::SSLIOP::ClientCredentials::client_restricted_resources ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::Principal * +TAO::SSLIOP::ClientCredentials::target_principal (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::StatementList * +TAO::SSLIOP::ClientCredentials::target_supporting_statements ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::ResourceNameList * +TAO::SSLIOP::ClientCredentials::target_restricted_resources ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::OwnCredentials_ptr +TAO::SSLIOP::ClientCredentials::parent_credentials (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), + SecurityLevel3::OwnCredentials::_nil ()); +} + +CORBA::Boolean +TAO::SSLIOP::ClientCredentials::client_authentication (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +CORBA::Boolean +TAO::SSLIOP::ClientCredentials::target_authentication (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +CORBA::Boolean +TAO::SSLIOP::ClientCredentials::confidentiality (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +CORBA::Boolean +TAO::SSLIOP::ClientCredentials::integrity (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h new file mode 100644 index 00000000000..79f74778de8 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h @@ -0,0 +1,142 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SSLIOP_ClientCredentials.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +//============================================================================= + + +#ifndef TAO_SSLIOP_CLIENT_CREDENTIALS_H +#define TAO_SSLIOP_CLIENT_CREDENTIALS_H + +#include "ace/pre.h" + +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h" + +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" + +#include "tao/LocalObject.h" + +#if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +#pragma warning(push) +#endif /* _MSC_VER >= 1200 */ +#pragma warning(disable:4250) +#endif /* _MSC_VER */ + +namespace TAO +{ + namespace SSLIOP + { + /** + * @class ClientCredentials + * + * @brief + * + * + */ + class TAO_SSLIOP_Export ClientCredentials + : public virtual SecurityLevel3::ClientCredentials, + public virtual Credentials + { + public: + + /// Constructor + ClientCredentials (::X509 *cert, ::EVP_PKEY *evp); + + /** + * @name SecurityLevel3::Credentials Methods + * + * Methods required by the SecurityLevel3::Credentials + * interface. + */ + //@{ + virtual SecurityLevel3::CredentialsType creds_type ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /** + * @name SecurityLevel3::ClientCredentials Methods + * + * Methods required by the SecurityLevel3::ClientCredentials + * interface. + */ + //@{ + virtual char * context_id (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::Principal * client_principal ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::StatementList * client_supporting_statements ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::ResourceNameList * client_restricted_resources ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::Principal * target_principal ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::StatementList * target_supporting_statements ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::ResourceNameList * target_restricted_resources ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::OwnCredentials_ptr parent_credentials ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean client_authentication (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean target_authentication (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean confidentiality (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean integrity (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + protected: + + /// Destructor + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechanism. + */ + ~ClientCredentials (void); + + }; + + } // End SSLIOP namespace +} // End TAO namespace + + +#if defined(_MSC_VER) && (_MSC_VER >= 1200) +#pragma warning(pop) +#endif /* _MSC_VER */ + +#include "ace/post.h" + +#endif /* TAO_SSLIOP_CLIENT_CREDENTIALS_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp index 49ff9cd8009..6660602351c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp @@ -1,5 +1,4 @@ #include "SSLIOP_Connection_Handler.h" -#include "SSLIOP_Current.h" #include "SSLIOP_Endpoint.h" #include "tao/debug.h" @@ -23,9 +22,9 @@ ACE_RCSID (SSLIOP, // **************************************************************** -TAO_SSLIOP_Connection_Handler::TAO_SSLIOP_Connection_Handler ( +TAO::SSLIOP::Connection_Handler::Connection_Handler ( ACE_Thread_Manager *t) - : TAO_SSL_SVC_HANDLER (t, 0 , 0), + : SVC_HANDLER (t, 0 , 0), TAO_Connection_Handler (0), current_ (), tcp_properties_ (0) @@ -38,44 +37,43 @@ TAO_SSLIOP_Connection_Handler::TAO_SSLIOP_Connection_Handler ( ACE_ASSERT (0); } - -TAO_SSLIOP_Connection_Handler::TAO_SSLIOP_Connection_Handler ( +TAO::SSLIOP::Connection_Handler::Connection_Handler ( TAO_ORB_Core *orb_core, CORBA::Boolean /* flag */, // SSLIOP does *not* support GIOPlite void *arg) - : TAO_SSL_SVC_HANDLER (orb_core->thr_mgr (), 0, 0), + : SVC_HANDLER (orb_core->thr_mgr (), 0, 0), TAO_Connection_Handler (orb_core), current_ (), tcp_properties_ (0) { - TAO_SSLIOP_Connection_Handler_State *s = - ACE_static_cast (TAO_SSLIOP_Connection_Handler_State *, arg); + TAO::SSLIOP::Connection_Handler_State *s = + static_cast<TAO::SSLIOP::Connection_Handler_State *> (arg); this->tcp_properties_ = s->tcp_properties; this->current_ = s->ssliop_current; - TAO_SSLIOP_Transport* specific_transport = 0; + TAO::SSLIOP::Transport* specific_transport = 0; ACE_NEW (specific_transport, - TAO_SSLIOP_Transport (this, orb_core, 0)); + TAO::SSLIOP::Transport (this, orb_core, 0)); // store this pointer (indirectly increment ref count) this->transport (specific_transport); } -TAO_SSLIOP_Connection_Handler::~TAO_SSLIOP_Connection_Handler (void) +TAO::SSLIOP::Connection_Handler::~Connection_Handler (void) { delete this->transport (); } int -TAO_SSLIOP_Connection_Handler::open_handler (void *v) +TAO::SSLIOP::Connection_Handler::open_handler (void *v) { return this->open (v); } int -TAO_SSLIOP_Connection_Handler::open (void *) +TAO::SSLIOP::Connection_Handler::open (void *) { if (this->set_socket_option (this->peer (), tcp_properties_->send_buffer_size, @@ -142,7 +140,7 @@ TAO_SSLIOP_Connection_Handler::open (void *) (void) local_addr.addr_to_string (local_as_string, sizeof (local_as_string)); ACE_ERROR ((LM_ERROR, - "TAO(%P|%t) - TAO_SSLIOP_Connection_Handler::open, " + "TAO(%P|%t) - TAO::SSLIOP::Connection_Handler::open, " "Holy Cow! The remote addr and " "local addr are identical (%s == %s)\n", remote_as_string, local_as_string)); @@ -178,19 +176,19 @@ TAO_SSLIOP_Connection_Handler::open (void *) } int -TAO_SSLIOP_Connection_Handler::resume_handler (void) +TAO::SSLIOP::Connection_Handler::resume_handler (void) { return ACE_Event_Handler::ACE_APPLICATION_RESUMES_HANDLER; } int -TAO_SSLIOP_Connection_Handler::close_connection (void) +TAO::SSLIOP::Connection_Handler::close_connection (void) { return this->close_connection_eh (this); } int -TAO_SSLIOP_Connection_Handler::handle_input (ACE_HANDLE h) +TAO::SSLIOP::Connection_Handler::handle_input (ACE_HANDLE h) { const int result = this->handle_input_eh (h, this); @@ -205,7 +203,7 @@ TAO_SSLIOP_Connection_Handler::handle_input (ACE_HANDLE h) } int -TAO_SSLIOP_Connection_Handler::handle_output (ACE_HANDLE handle) +TAO::SSLIOP::Connection_Handler::handle_output (ACE_HANDLE handle) { const int result = this->handle_output_eh (handle, this); @@ -220,7 +218,7 @@ TAO_SSLIOP_Connection_Handler::handle_output (ACE_HANDLE handle) } int -TAO_SSLIOP_Connection_Handler::handle_timeout (const ACE_Time_Value &, +TAO::SSLIOP::Connection_Handler::handle_timeout (const ACE_Time_Value &, const void *) { // We don't use this upcall for I/O. This is only used by the @@ -230,7 +228,7 @@ TAO_SSLIOP_Connection_Handler::handle_timeout (const ACE_Time_Value &, } int -TAO_SSLIOP_Connection_Handler::handle_close (ACE_HANDLE, +TAO::SSLIOP::Connection_Handler::handle_close (ACE_HANDLE, ACE_Reactor_Mask) { ACE_ASSERT (0); @@ -238,7 +236,7 @@ TAO_SSLIOP_Connection_Handler::handle_close (ACE_HANDLE, } int -TAO_SSLIOP_Connection_Handler::close (u_long) +TAO::SSLIOP::Connection_Handler::close (u_long) { this->state_changed (TAO_LF_Event::LFS_CONNECTION_CLOSED); this->transport ()->remove_reference (); @@ -246,20 +244,20 @@ TAO_SSLIOP_Connection_Handler::close (u_long) } int -TAO_SSLIOP_Connection_Handler::release_os_resources (void) +TAO::SSLIOP::Connection_Handler::release_os_resources (void) { return this->peer().close (); } void -TAO_SSLIOP_Connection_Handler::pos_io_hook (int & return_value) +TAO::SSLIOP::Connection_Handler::pos_io_hook (int & return_value) { if (return_value == 0 && ::SSL_pending (this->peer ().ssl ())) return_value = 1; } int -TAO_SSLIOP_Connection_Handler::add_transport_to_cache (void) +TAO::SSLIOP::Connection_Handler::add_transport_to_cache (void) { ACE_INET_Addr addr; @@ -278,7 +276,7 @@ TAO_SSLIOP_Connection_Handler::add_transport_to_cache (void) // @@ This is broken. We need to include the SecurityAssociation // options to be able to truly distinguish cached SSLIOP // transports. - SSLIOP::SSL ssl = + const ::SSLIOP::SSL ssl = { 0, // target_supports 0, // target_requires @@ -300,7 +298,7 @@ TAO_SSLIOP_Connection_Handler::add_transport_to_cache (void) } int -TAO_SSLIOP_Connection_Handler::process_listen_point_list ( +TAO::SSLIOP::Connection_Handler::process_listen_point_list ( IIOP::ListenPointList &listen_list) { // Get the size of the list @@ -317,7 +315,8 @@ TAO_SSLIOP_Connection_Handler::process_listen_point_list ( { ACE_DEBUG ((LM_DEBUG, "(%P|%t) Listening port [%d] on [%s]\n", - listen_point.port, listen_point.host.in ())); + listen_point.port, + listen_point.host.in ())); } // Construct an IIOP_Endpoint object @@ -326,7 +325,7 @@ TAO_SSLIOP_Connection_Handler::process_listen_point_list ( // Note that the port in the ACE_INET_Addr is actually the SSL // port! TAO_IIOP_Endpoint tmpoint (addr, - this->orb_core()->orb_params()->use_dotted_decimal_addresses()); + this->orb_core()->orb_params()->use_dotted_decimal_addresses ()); // @@ This is broken. We need to include the // SecurityAssociation options so that the invocation to the @@ -335,7 +334,7 @@ TAO_SSLIOP_Connection_Handler::process_listen_point_list ( // way to send the SecurityAssociation options with the // IIOP::ListenPointList. Presumably the new Firewall // specification will address this deficiency. - SSLIOP::SSL ssl = + const ::SSLIOP::SSL ssl = { 0, // target_supports 0, // target_requires @@ -366,10 +365,10 @@ TAO_SSLIOP_Connection_Handler::process_listen_point_list ( } int -TAO_SSLIOP_Connection_Handler::setup_ssl_state ( - TAO_SSLIOP_Current_Impl *&previous_current_impl, - TAO_SSLIOP_Current_Impl *new_current_impl, - CORBA::Boolean &setup_done) +TAO::SSLIOP::Connection_Handler::setup_ssl_state ( + TAO::SSLIOP::Current_Impl *&previous_current_impl, + TAO::SSLIOP::Current_Impl *new_current_impl, + bool &setup_done) { // Make the SSL session state available to the SSLIOP::Current // TSS object. @@ -384,9 +383,9 @@ TAO_SSLIOP_Connection_Handler::setup_ssl_state ( } void -TAO_SSLIOP_Connection_Handler::teardown_ssl_state ( - TAO_SSLIOP_Current_Impl *previous_current_impl, - CORBA::Boolean &setup_done) +TAO::SSLIOP::Connection_Handler::teardown_ssl_state ( + TAO::SSLIOP::Current_Impl *previous_current_impl, + bool &setup_done) { this->current_->teardown (previous_current_impl, setup_done); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h index aba2041810f..61b9b9eb86f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h @@ -23,170 +23,185 @@ #pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "ace/Reactor.h" +#include "SSLIOP_Transport.h" +#include "SSLIOP_Current.h" #include "tao/Connection_Handler.h" #include "tao/IIOPC.h" -#include "SSLIOP_Transport.h" -#include "SSLIOP_Current.h" +#include "ace/Reactor.h" class TAO_IIOP_Properties; -/** - * @class TAO_SSLIOP_Connection_Handler - * - * @brief Handles requests on a single connection. - * - * The Connection handler which is common for the Acceptor and - * the Connector - */ -class TAO_SSLIOP_Connection_Handler - : public TAO_SSL_SVC_HANDLER, - public TAO_Connection_Handler +namespace TAO { -public: - - TAO_SSLIOP_Connection_Handler (ACE_Thread_Manager* t = 0); - - /// Constructor. <arg> parameter is used by the Acceptor to pass the - /// protocol configuration properties for this connection. - TAO_SSLIOP_Connection_Handler (TAO_ORB_Core *orb_core, - CORBA::Boolean flag, - void *arg); - - - /// Destructor. - ~TAO_SSLIOP_Connection_Handler (void); - - //@{ - /** @name Connection Handler overloads - */ - virtual int open_handler (void *); - //@} - - /// Close called by the Acceptor or Connector when connection - /// establishment fails. - int close (u_long = 0); - - //@{ - /** @name Event Handler overloads - */ - virtual int resume_handler (void); - virtual int close_connection (void); - virtual int handle_input (ACE_HANDLE); - virtual int handle_output (ACE_HANDLE); - virtual int handle_close (ACE_HANDLE, ACE_Reactor_Mask); - virtual int handle_timeout (const ACE_Time_Value ¤t_time, - const void *act = 0); - virtual int open (void *); - //@} - - /// Add ourselves to Cache. - int add_transport_to_cache (void); - - /// Process the <listen_list> - int process_listen_point_list (IIOP::ListenPointList &listen_list); - - /// Make the SSL session state available to the SSLIOP::Current - /// object. - int setup_ssl_state (TAO_SSLIOP_Current_Impl *&previous_current_impl, - TAO_SSLIOP_Current_Impl *new_current_impl, - CORBA::Boolean &setup_done); - - /// Teardown the SSL session state. - void teardown_ssl_state (TAO_SSLIOP_Current_Impl *previous_current_impl, - CORBA::Boolean &setup_done); - -protected: - - //@{ - /** - * @name TAO_Connection Handler overloads - */ - virtual int release_os_resources (void); - virtual void pos_io_hook (int & return_value); - //@} - -protected: - - /// Reference to the SSLIOP::Current object (downcast to gain access - /// to the low-level management methods). - TAO_SSLIOP_Current_var current_; - -private: - - /// TCP configuration for this connection. - TAO_IIOP_Properties *tcp_properties_; - -}; - -// **************************************************************** - -class TAO_SSLIOP_Connection_Handler_State -{ -public: - - /// TCP configuration for the connection associated with the - /// connection handler. - TAO_IIOP_Properties *tcp_properties; - - /// Reference to the (downcast) SSLIOP::Current object. - TAO_SSLIOP_Current_var ssliop_current; - -}; - -// **************************************************************** - -/** - * @class TAO_SSL_State_Guard - * - * @brief - * This Class that sets up TSS SSL states upon instantiation, and - * tears down the TSS SSL state when that instance goes out of scope. - * - * This guard is used to make TSS SSL state configuration and - * deconfiguration during an upcall exception safe. Exceptions are - * not supposed to be propagated up to the scope this guard is used - * in, so this guard may be unnecessary. However, since proper TSS - * SSL state configuration/deconfiguration is critical to proper - * security support, this guard is used to ensure that - * configuration/deconfiguration is exception safe. - */ -class TAO_SSL_State_Guard -{ -public: - - /// Constructor that sets up the TSS SSL state. - TAO_SSL_State_Guard (TAO_SSLIOP_Connection_Handler *handler, - int &result); - - /// Destructor that tears down the TSS SSL state. - ~TAO_SSL_State_Guard (void); - -private: - - /// Pointer to the connection handler currently handling the - /// request/upcall. - TAO_SSLIOP_Connection_Handler *handler_; - - /// The SSLIOP::Current implementation that was previously - /// associated with the current thread and invocation. - /** - * It is stored here until the invocation completes, after which it - * placed back into TSS. - */ - TAO_SSLIOP_Current_Impl *previous_current_impl_; - - /// The SSLIOP::Current implementation to be associated with the - /// current invocation. - TAO_SSLIOP_Current_Impl current_impl_; - - /// Flag that specifies whether or not setup of the SSLIOP::Current - /// object completed for the current thread and invocation. - CORBA::Boolean setup_done_; - -}; + namespace SSLIOP + { + + /** + * @class Connection_Handler + * + * @brief Handles requests on a single connection. + * + * The Connection handler which is common for the Acceptor and + * the Connector + */ + class Connection_Handler + : public SVC_HANDLER, + public TAO_Connection_Handler + { + public: + + Connection_Handler (ACE_Thread_Manager* t = 0); + + /// Constructor. + /** + * @param arg Parameter is used by the Acceptor to pass the + * protocol configuration properties for this + * connection. + */ + Connection_Handler (TAO_ORB_Core *orb_core, + CORBA::Boolean flag, + void *arg); + + /// Destructor. + ~Connection_Handler (void); + + /** + * @name Connection Handler overloads + * + * Connection Handler overloads. + */ + //@{ + virtual int open_handler (void *); + //@} + + /// Close called by the Acceptor or Connector when connection + /// establishment fails. + int close (u_long = 0); + + //@{ + /** @name Event Handler overloads + */ + virtual int resume_handler (void); + virtual int close_connection (void); + virtual int handle_input (ACE_HANDLE); + virtual int handle_output (ACE_HANDLE); + virtual int handle_close (ACE_HANDLE, ACE_Reactor_Mask); + virtual int handle_timeout (const ACE_Time_Value ¤t_time, + const void *act = 0); + virtual int open (void *); + //@} + + /// Add ourselves to cache. + int add_transport_to_cache (void); + + /// Process the @a listen_list. + int process_listen_point_list (IIOP::ListenPointList &listen_list); + + /// Make the SSL session state available to the SSLIOP::Current + /// object. + int setup_ssl_state (TAO::SSLIOP::Current_Impl *&previous_current_impl, + TAO::SSLIOP::Current_Impl *new_current_impl, + bool &setup_done); + + /// Teardown the SSL session state. + void teardown_ssl_state ( + TAO::SSLIOP::Current_Impl *previous_current_impl, + bool &setup_done); + + protected: + + //@{ + /** + * @name TAO_Connection Handler overloads + */ + virtual int release_os_resources (void); + virtual void pos_io_hook (int & return_value); + //@} + + protected: + + /// Reference to the SSLIOP::Current object (downcast to gain + /// access to the low-level management methods). + TAO::SSLIOP::Current_var current_; + + private: + + /// TCP configuration for this connection. + TAO_IIOP_Properties *tcp_properties_; + + }; + + // **************************************************************** + + class Connection_Handler_State + { + public: + + /// TCP configuration for the connection associated with the + /// connection handler. + TAO_IIOP_Properties *tcp_properties; + + /// Reference to the (downcast) SSLIOP::Current object. + TAO::SSLIOP::Current_var ssliop_current; + + }; + + // **************************************************************** + + /** + * @class State_Guard + * + * @brief This Class that sets up TSS SSL states upon + * instantiation, and tears down the TSS SSL state when + * that instance goes out of scope. + * + * This guard is used to make TSS SSL state configuration and + * deconfiguration during an upcall exception safe. Exceptions + * are not supposed to be propagated up to the scope this guard is + * used in, so this guard may be unnecessary. However, since + * proper TSS SSL state configuration/deconfiguration is critical + * to proper security support, this guard is used to ensure that + * configuration/deconfiguration is exception safe. + */ + class State_Guard + { + public: + + /// Constructor that sets up the TSS SSL state. + State_Guard (TAO::SSLIOP::Connection_Handler *handler, + int &result); + + /// Destructor that tears down the TSS SSL state. + ~State_Guard (void); + + private: + + /// Pointer to the connection handler currently handling the + /// request/upcall. + Connection_Handler *handler_; + + /// The SSLIOP::Current implementation that was previously + /// associated with the current thread and invocation. + /** + * It is stored here until the invocation completes, after which it + * placed back into TSS. + */ + Current_Impl *previous_current_impl_; + + /// The SSLIOP::Current implementation to be associated with the + /// current invocation. + Current_Impl current_impl_; + + /// Flag that specifies whether or not setup of the SSLIOP::Current + /// object completed for the current thread and invocation. + bool setup_done_; + + }; + + } // End SSLIOP namespace. +} // End TAO namespace. #if defined (__ACE_INLINE__) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i index 5d396e84fd3..0131b083abc 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i @@ -4,13 +4,13 @@ ACE_INLINE -TAO_SSL_State_Guard::TAO_SSL_State_Guard ( - TAO_SSLIOP_Connection_Handler *handler, +TAO::SSLIOP::State_Guard::State_Guard ( + TAO::SSLIOP::Connection_Handler *handler, int &result) : handler_ (handler), previous_current_impl_ (0), current_impl_ (), - setup_done_ (0) + setup_done_ (false) { // Set up the SSLIOP::Current object. result = this->handler_->setup_ssl_state (this->previous_current_impl_, @@ -19,7 +19,7 @@ TAO_SSL_State_Guard::TAO_SSL_State_Guard ( } ACE_INLINE -TAO_SSL_State_Guard::~TAO_SSL_State_Guard (void) +TAO::SSLIOP::State_Guard::~State_Guard (void) { this->handler_->teardown_ssl_state (this->previous_current_impl_, this->setup_done_); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp index 2b702c4a601..647eaf84e63 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp @@ -1,9 +1,11 @@ #include "SSLIOP_Connector.h" -#include "SSLIOP_Credentials.h" +#include "SSLIOP_OwnCredentials.h" #include "SSLIOP_Profile.h" #include "SSLIOP_Util.h" #include "SSLIOP_X509.h" +#include "orbsvcs/orbsvcs/SecurityLevel2C.h" + #include "tao/debug.h" #include "tao/ORB_Core.h" #include "tao/Client_Strategy_Factory.h" @@ -21,38 +23,38 @@ -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, SSLIOP_Connector, "$Id$") #if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) -template class TAO_Connect_Concurrency_Strategy<TAO_SSLIOP_Connection_Handler>; -template class TAO_Connect_Creation_Strategy<TAO_SSLIOP_Connection_Handler>; -template class ACE_Strategy_Connector<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_CONNECTOR>; -template class ACE_Connect_Strategy<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_CONNECTOR>; -template class ACE_Connector_Base<TAO_SSLIOP_Connection_Handler>; -template class ACE_Connector<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_CONNECTOR>; -template class ACE_NonBlocking_Connect_Handler<TAO_SSLIOP_Connection_Handler>; -template class ACE_Auto_Basic_Ptr<TAO_SSLIOP_Connection_Handler>; +template class TAO_Connect_Concurrency_Strategy<TAO::SSLIOP::Connection_Handler>; +template class TAO_Connect_Creation_Strategy<TAO::SSLIOP::Connection_Handler>; +template class ACE_Strategy_Connector<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_CONNECTOR>; +template class ACE_Connect_Strategy<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_CONNECTOR>; +template class ACE_Connector_Base<TAO::SSLIOP::Connection_Handler>; +template class ACE_Connector<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_CONNECTOR>; +template class ACE_NonBlocking_Connect_Handler<TAO::SSLIOP::Connection_Handler>; +template class ACE_Auto_Basic_Ptr<TAO::SSLIOP::Connection_Handler>; #elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) -#pragma instantiate TAO_Connect_Concurrency_Strategy<TAO_SSLIOP_Connection_Handler> -#pragma instantiate TAO_Connect_Creation_Strategy<TAO_SSLIOP_Connection_Handler> -#pragma instantiate ACE_Strategy_Connector<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_CONNECTOR> -#pragma instantiate ACE_Connect_Strategy<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_CONNECTOR> -#pragma instantiate ACE_Connector_Base<TAO_SSLIOP_Connection_Handler> -#pragma instantiate ACE_Connector<TAO_SSLIOP_Connection_Handler, ACE_SSL_SOCK_CONNECTOR> -#pragma instantiate ACE_NonBlocking_Connect_Handler<TAO_SSLIOP_Connection_Handler> -#pragma instantiate ACE_Auto_Basic_Ptr<TAO_SSLIOP_Connection_Handler> +#pragma instantiate TAO_Connect_Concurrency_Strategy<TAO::SSLIOP::Connection_Handler> +#pragma instantiate TAO_Connect_Creation_Strategy<TAO::SSLIOP::Connection_Handler> +#pragma instantiate ACE_Strategy_Connector<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_CONNECTOR> +#pragma instantiate ACE_Connect_Strategy<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_CONNECTOR> +#pragma instantiate ACE_Connector_Base<TAO::SSLIOP::Connection_Handler> +#pragma instantiate ACE_Connector<TAO::SSLIOP::Connection_Handler, ACE_SSL_SOCK_CONNECTOR> +#pragma instantiate ACE_NonBlocking_Connect_Handler<TAO::SSLIOP::Connection_Handler> +#pragma instantiate ACE_Auto_Basic_Ptr<TAO::SSLIOP::Connection_Handler> #endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ -TAO_SSLIOP_Connector::TAO_SSLIOP_Connector (Security::QOP qop) - : TAO_IIOP_SSL_Connector (), +TAO::SSLIOP::Connector::Connector (::Security::QOP qop) + : TAO::IIOP_SSL_Connector (), qop_ (qop), connect_strategy_ (), base_connector_ (), @@ -61,7 +63,7 @@ TAO_SSLIOP_Connector::TAO_SSLIOP_Connector (Security::QOP qop) } int -TAO_SSLIOP_Connector::open (TAO_ORB_Core *orb_core) +TAO::SSLIOP::Connector::open (TAO_ORB_Core *orb_core) { // Since the ACE_Strategy_Connector (and ACE_Connector) cannot // handle non-blocking connections with protocols that have more @@ -71,19 +73,19 @@ TAO_SSLIOP_Connector::open (TAO_ORB_Core *orb_core) TAO_Blocked_Connect_Strategy (orb_core), -1); - if (this->TAO_IIOP_SSL_Connector::open (orb_core) == -1) + if (this->TAO::IIOP_SSL_Connector::open (orb_core) == -1) return -1; - if (TAO_SSLIOP_Util::setup_handler_state (orb_core, - &(this->tcp_properties_), - this->handler_state_) != 0) + if (TAO::SSLIOP::Util::setup_handler_state (orb_core, + &(this->tcp_properties_), + this->handler_state_) != 0) return -1; // Our connect creation strategy - TAO_SSLIOP_CONNECT_CREATION_STRATEGY *connect_creation_strategy = 0; + CONNECT_CREATION_STRATEGY *connect_creation_strategy = 0; ACE_NEW_RETURN (connect_creation_strategy, - TAO_SSLIOP_CONNECT_CREATION_STRATEGY + CONNECT_CREATION_STRATEGY (orb_core->thr_mgr (), orb_core, &(this->handler_state_), @@ -92,10 +94,10 @@ TAO_SSLIOP_Connector::open (TAO_ORB_Core *orb_core) -1); // Our activation strategy - TAO_SSLIOP_CONNECT_CONCURRENCY_STRATEGY *concurrency_strategy = 0; + CONNECT_CONCURRENCY_STRATEGY *concurrency_strategy = 0; ACE_NEW_RETURN (concurrency_strategy, - TAO_SSLIOP_CONNECT_CONCURRENCY_STRATEGY (orb_core), + CONNECT_CONCURRENCY_STRATEGY (orb_core), -1); ACE_Reactor *r = this->orb_core ()->reactor (); @@ -107,9 +109,9 @@ TAO_SSLIOP_Connector::open (TAO_ORB_Core *orb_core) } int -TAO_SSLIOP_Connector::close (void) +TAO::SSLIOP::Connector::close (void) { - (void) this->TAO_IIOP_SSL_Connector::close (); + (void) this->TAO::IIOP_SSL_Connector::close (); delete this->base_connector_.creation_strategy (); delete this->base_connector_.concurrency_strategy (); @@ -117,10 +119,10 @@ TAO_SSLIOP_Connector::close (void) } TAO_Transport * -TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, - TAO_Transport_Descriptor_Interface *desc, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL) +TAO::SSLIOP::Connector::connect (TAO::Profile_Transport_Resolver *resolver, + TAO_Transport_Descriptor_Interface *desc, + ACE_Time_Value *timeout + ACE_ENV_ARG_DECL) { if (TAO_debug_level > 0) ACE_DEBUG ((LM_DEBUG, @@ -133,8 +135,7 @@ TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, return 0; TAO_SSLIOP_Endpoint *ssl_endpoint = - ACE_dynamic_cast (TAO_SSLIOP_Endpoint *, - endpoint); + dynamic_cast<TAO_SSLIOP_Endpoint *> (endpoint); if (ssl_endpoint == 0) return 0; @@ -146,8 +147,8 @@ TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, // Check if the user overrode the default establishment of trust // policy for the current object. CORBA::Policy_var policy = - resolver->stub ()->get_policy (Security::SecEstablishTrustPolicy - ACE_ENV_ARG_PARAMETER); + resolver->stub ()->get_policy (::Security::SecEstablishTrustPolicy + ACE_ENV_ARG_PARAMETER); ACE_CHECK_RETURN (0); SecurityLevel2::EstablishTrustPolicy_var trust_policy = @@ -159,7 +160,7 @@ TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, // if no establishment of trust policy was set. Specifically, if // the "trust" pointer below is zero, then the SSLIOP pluggable // protocol default value will be used. - Security::EstablishTrust trust = { 0 , 0 }; + ::Security::EstablishTrust trust = { 0 , 0 }; if (!CORBA::is_nil (trust_policy.in ())) { trust = trust_policy->trust (ACE_ENV_SINGLE_ARG_PARAMETER); @@ -194,7 +195,7 @@ TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, // Check if the user overrode the default Quality-of-Protection for // the current object. - policy = resolver->stub ()->get_policy (Security::SecQOPPolicy + policy = resolver->stub ()->get_policy (::Security::SecQOPPolicy ACE_ENV_ARG_PARAMETER); ACE_CHECK_RETURN (0); @@ -205,7 +206,7 @@ TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, // Temporary variable used to avoid overwriting the default value // set when the ORB was initialized. - Security::QOP qop = this->qop_; + ::Security::QOP qop = this->qop_; if (!CORBA::is_nil (qop_policy.in ())) { @@ -216,7 +217,7 @@ TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, // If the SSL port is zero, then no SSLIOP tagged component was // available in the IOR, meaning that there is no way to make a // secure invocation. Throw an exception. - if (qop != Security::SecQOPNoProtection + if (qop != ::Security::SecQOPNoProtection && ssl_endpoint->ssl_component ().port == 0) { if (TAO_debug_level > 0) @@ -232,7 +233,7 @@ TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, 0); } - if ((!establish_trust && qop == Security::SecQOPNoProtection) + if ((!establish_trust && qop == ::Security::SecQOPNoProtection) || ssl_endpoint->ssl_component ().port == 0) { return this->iiop_connect (ssl_endpoint, @@ -252,14 +253,14 @@ TAO_SSLIOP_Connector::connect (TAO::Profile_Transport_Resolver *resolver, TAO_Profile * -TAO_SSLIOP_Connector::create_profile (TAO_InputCDR& cdr) +TAO::SSLIOP::Connector::create_profile (TAO_InputCDR& cdr) { TAO_Profile *pfile; ACE_NEW_RETURN (pfile, TAO_SSLIOP_Profile (this->orb_core ()), 0); - int r = pfile->decode (cdr); + const int r = pfile->decode (cdr); if (r == -1) { pfile->_decr_refcnt (); @@ -270,7 +271,7 @@ TAO_SSLIOP_Connector::create_profile (TAO_InputCDR& cdr) } TAO_Profile * -TAO_SSLIOP_Connector::make_profile (ACE_ENV_SINGLE_ARG_DECL) +TAO::SSLIOP::Connector::make_profile (ACE_ENV_SINGLE_ARG_DECL) { // The endpoint should be of the form: // N.n@host:port/object_key @@ -280,7 +281,7 @@ TAO_SSLIOP_Connector::make_profile (ACE_ENV_SINGLE_ARG_DECL) TAO_Profile *profile = 0; ACE_NEW_THROW_EX (profile, TAO_SSLIOP_Profile (this->orb_core (), - 0), // SSL component + 0), // SSL component CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -292,12 +293,13 @@ TAO_SSLIOP_Connector::make_profile (ACE_ENV_SINGLE_ARG_DECL) } TAO_Transport* -TAO_SSLIOP_Connector::iiop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, - TAO::Profile_Transport_Resolver *resolver, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL) +TAO::SSLIOP::Connector::iiop_connect ( + TAO_SSLIOP_Endpoint *ssl_endpoint, + TAO::Profile_Transport_Resolver *resolver, + ACE_Time_Value *timeout + ACE_ENV_ARG_DECL) { - const SSLIOP::SSL &ssl_component = ssl_endpoint->ssl_component (); + const ::SSLIOP::SSL &ssl_component = ssl_endpoint->ssl_component (); // Only allow connection to the insecure IIOP port if the endpoint // explicitly allows it, i.e. if the Security::NoProtection security @@ -311,7 +313,7 @@ TAO_SSLIOP_Connector::iiop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, // port. In that case, the server will have to prevent the // connection, and subsequently the request, from completing. if (ACE_BIT_DISABLED (ssl_component.target_supports, - Security::NoProtection)) + ::Security::NoProtection)) ACE_THROW_RETURN (CORBA::NO_PERMISSION ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -328,22 +330,23 @@ TAO_SSLIOP_Connector::iiop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, TAO_Base_Transport_Property iiop_desc (iiop_endpoint); // Note that the IIOP-only transport descriptor is used! - return this->TAO_IIOP_SSL_Connector::connect (resolver, - &iiop_desc, - timeout - ACE_ENV_ARG_PARAMETER); + return this->TAO::IIOP_SSL_Connector::connect (resolver, + &iiop_desc, + timeout + ACE_ENV_ARG_PARAMETER); } TAO_Transport * -TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, - Security::QOP qop, - const Security::EstablishTrust &trust, - TAO::Profile_Transport_Resolver *resolver, - TAO_Transport_Descriptor_Interface *desc, - ACE_Time_Value *max_wait_time - ACE_ENV_ARG_DECL) +TAO::SSLIOP::Connector::ssliop_connect ( + TAO_SSLIOP_Endpoint *ssl_endpoint, + ::Security::QOP qop, + const ::Security::EstablishTrust &trust, + TAO::Profile_Transport_Resolver *resolver, + TAO_Transport_Descriptor_Interface *desc, + ACE_Time_Value *max_wait_time + ACE_ENV_ARG_DECL) { - const SSLIOP::SSL &ssl_component = ssl_endpoint->ssl_component (); + const ::SSLIOP::SSL &ssl_component = ssl_endpoint->ssl_component (); // @@ The following check for "required insecurity" seems odd, but // I haven't seen anything in the Security spec that says this @@ -355,7 +358,7 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, // SSLIOP::SSL::target_requires field is enabled, then prevent an // SSL connection from occuring. if (ACE_BIT_ENABLED (ssl_component.target_requires, - Security::NoProtection)) + ::Security::NoProtection)) ACE_THROW_RETURN (CORBA::NO_PERMISSION ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -371,8 +374,8 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, // cipher. However, the "eNULL" cipher is only enabled on the // server side if "no protection" is enabled. if (ACE_BIT_DISABLED (ssl_component.target_supports, - Security::NoProtection) - && qop == Security::SecQOPIntegrity) + ::Security::NoProtection) + && qop == ::Security::SecQOPIntegrity) ACE_THROW_RETURN (CORBA::INV_POLICY (), 0); const ACE_INET_Addr &remote_address = @@ -396,7 +399,7 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, } int result = 0; - TAO_SSLIOP_Connection_Handler *svc_handler = 0; + TAO::SSLIOP::Connection_Handler *svc_handler = 0; TAO_Transport *transport = 0; // Check the Cache first for connections @@ -448,7 +451,7 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, return 0; } - ACE_Auto_Basic_Ptr<TAO_SSLIOP_Connection_Handler> + ACE_Auto_Basic_Ptr<TAO::SSLIOP::Connection_Handler> safe_handler (svc_handler); // Setup the establishment of trust connection properties, if @@ -483,8 +486,8 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, // // Note that it is not possible to completely disable protection // here. - if ((qop == Security::SecQOPNoProtection - || qop == Security::SecQOPIntegrity) + if ((qop == ::Security::SecQOPNoProtection + || qop == ::Security::SecQOPIntegrity) && ::SSL_set_cipher_list (svc_handler->peer ().ssl (), "eNULL") == 0) { @@ -496,7 +499,7 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, ACE_THROW_RETURN (CORBA::INV_POLICY (), 0); } - TAO_SSLIOP_Credentials_var credentials = + TAO::SSLIOP::Credentials_var credentials = this->retrieve_credentials (resolver->stub (), svc_handler->peer ().ssl () ACE_ENV_ARG_PARAMETER); @@ -542,7 +545,7 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, // failure) within timeout. result = this->active_connect_strategy_->wait (svc_handler, - max_wait_time); + 0); if (TAO_debug_level > 2) { @@ -646,8 +649,9 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, // Add the handler to Cache int retval = - this->orb_core ()->lane_resources ().transport_cache ().cache_transport (desc, - transport); + this->orb_core ()-> + lane_resources ().transport_cache ().cache_transport (desc, + transport); // Failure in adding to cache. if (retval != 0) @@ -683,7 +687,8 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, { ACE_ERROR ((LM_ERROR, "TAO (%P|%t) - IIOP_Connector::make_connection, " - "could not register the new connection in the reactor\n")); + "could not register the new connection in the " + "reactor\n")); } return 0; @@ -693,59 +698,57 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, return transport; } -TAO_SSLIOP_Credentials * -TAO_SSLIOP_Connector::retrieve_credentials (TAO_Stub *stub, - SSL *ssl - ACE_ENV_ARG_DECL) +TAO::SSLIOP::OwnCredentials * +TAO::SSLIOP::Connector::retrieve_credentials (TAO_Stub *stub, + SSL *ssl + ACE_ENV_ARG_DECL) { // Check if the user overrode the default invocation credentials. CORBA::Policy_var policy = - stub->get_policy (Security::SecInvocationCredentialsPolicy + stub->get_policy (::SecurityLevel3::ContextEstablishmentPolicyType ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (TAO_SSLIOP_Credentials::_nil ()); + ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); - SecurityLevel2::InvocationCredentialsPolicy_var creds_policy = - SecurityLevel2::InvocationCredentialsPolicy::_narrow ( + SecurityLevel3::ContextEstablishmentPolicy_var creds_policy = + SecurityLevel3::ContextEstablishmentPolicy::_narrow ( policy.in () ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (TAO_SSLIOP_Credentials::_nil ()); + ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); - TAO_SSLIOP_Credentials_var ssliop_credentials; + TAO::SSLIOP::OwnCredentials_var ssliop_credentials; // Set the Credentials (X.509 certificates and corresponding private // keys) to be used for this invocation. if (!CORBA::is_nil (creds_policy.in ())) { - SecurityLevel2::CredentialsList_var creds_list = - creds_policy->creds (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (TAO_SSLIOP_Credentials::_nil ()); + SecurityLevel3::OwnCredentialsList_var creds_list = + creds_policy->creds_list (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); if (creds_list->length () > 0) { - // Only use the first credential. All others are supposed - // to be used for delegation but SSLIOP in CSIv1 does not - // support delegation. (Compare to CSIv2.) - SecurityLevel2::Credentials_ptr credentials = - creds_list[(CORBA::ULong) 0]; + // Assume that we've got an SSLIOP credential. + SecurityLevel3::Credentials_ptr credentials = + creds_list[0u]; ssliop_credentials = - TAO_SSLIOP_Credentials::_narrow (credentials - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (TAO_SSLIOP_Credentials::_nil ()); + TAO::SSLIOP::OwnCredentials::_narrow (credentials + ACE_ENV_ARG_PARAMETER); + ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); if (!CORBA::is_nil (ssliop_credentials.in ())) { - TAO_SSLIOP_X509_var x509 = ssliop_credentials->x509 (); + TAO::SSLIOP::X509_var x509 = ssliop_credentials->x509 (); if (::SSL_use_certificate (ssl, x509.in ()) != 1) - return TAO_SSLIOP_Credentials::_nil (); + return TAO::SSLIOP::OwnCredentials::_nil (); - TAO_SSLIOP_EVP_PKEY_var evp = ssliop_credentials->evp (); + TAO::SSLIOP::EVP_PKEY_var evp = ssliop_credentials->evp (); if (evp.in () != 0 && ::SSL_use_PrivateKey (ssl, evp.in ()) != 1) { // Invalidate the certificate we just set. (void) ::SSL_use_certificate (ssl, 0); - return TAO_SSLIOP_Credentials::_nil (); + return TAO::SSLIOP::OwnCredentials::_nil (); } } } @@ -755,12 +758,13 @@ TAO_SSLIOP_Connector::retrieve_credentials (TAO_Stub *stub, // Use the default certificate and private key, i.e. the one set // in the SSL_CTX that was used when creating the SSL data // structure. - TAO_SSLIOP_Credentials_ptr & c = ssliop_credentials.out (); + TAO::SSLIOP::OwnCredentials_ptr & c = ssliop_credentials.out (); ACE_NEW_THROW_EX (c, - TAO_SSLIOP_Credentials (::SSL_get_certificate (ssl), - ::SSL_get_privatekey (ssl)), + TAO::SSLIOP::OwnCredentials ( + ::SSL_get_certificate (ssl), + ::SSL_get_privatekey (ssl)), CORBA::NO_MEMORY ()); - ACE_CHECK_RETURN (TAO_SSLIOP_Credentials::_nil ()); + ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); } return ssliop_credentials._retn (); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h index 5068f9e1385..85e4362153c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h @@ -31,111 +31,117 @@ /// Forward declarations. class TAO_Base_Transport_Property; + class TAO_SSLIOP_Endpoint; -class TAO_SSLIOP_Credentials; -/** - * @class TAO_SSLIOP_Connector - * - * @brief SSLIOP-specific Connector bridge for pluggable protocols. - * - * Concrete instance of the TAO_Connector class. Responsible - * for establishing a connection with a server and is called from - * the Connector_Registry. - */ -class TAO_SSLIOP_Export TAO_SSLIOP_Connector : public TAO_IIOP_SSL_Connector +namespace TAO { -public: - /// Constructor. - TAO_SSLIOP_Connector (Security::QOP qop); - - /** - * @name The TAO_Connector methods - * - * Please check the documentation in Transport_Connector.h - */ - //@{ - virtual int open (TAO_ORB_Core *orb_core); - virtual int close (void); - virtual TAO_Transport *connect (TAO::Profile_Transport_Resolver *r, - TAO_Transport_Descriptor_Interface *desc, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL); - - virtual TAO_Profile *create_profile (TAO_InputCDR& cdr); - //@} - -protected: - - /** - * @name More TAO_Connector methods - * - * Please check the documentation in Pluggable.h. - */ - virtual TAO_Profile * make_profile (ACE_ENV_SINGLE_ARG_DECL); - - /// IIOP-specific connection establishment. - /** - * @note The IIOP endpoint is extracted from the SSLIOP endpoint. - */ - TAO_Transport* iiop_connect ( - TAO_SSLIOP_Endpoint *ssliop_endpoint, - TAO::Profile_Transport_Resolver *r, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL); - - /// SSLIOP-specific connection establishment. - TAO_Transport* ssliop_connect ( - TAO_SSLIOP_Endpoint *ssliop_endpoint, - Security::QOP qop, - const Security::EstablishTrust &trust, - TAO::Profile_Transport_Resolver *r, - TAO_Transport_Descriptor_Interface *desc, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL); - - /// Retrieve SSLIOP credentials from the policy overrides list and - /// set up the underlying SSL connection to use the X.509 - /// certificates stored within them. - TAO_SSLIOP_Credentials * retrieve_credentials (TAO_Stub *stub, - SSL *ssl - ACE_ENV_ARG_DECL); - -public: - - - typedef TAO_Connect_Concurrency_Strategy<TAO_SSLIOP_Connection_Handler> - TAO_SSLIOP_CONNECT_CONCURRENCY_STRATEGY; - - typedef TAO_Connect_Creation_Strategy<TAO_SSLIOP_Connection_Handler> - TAO_SSLIOP_CONNECT_CREATION_STRATEGY; - - typedef ACE_Connect_Strategy<TAO_SSLIOP_Connection_Handler, - ACE_SSL_SOCK_CONNECTOR> - TAO_SSLIOP_CONNECT_STRATEGY ; - - typedef ACE_Strategy_Connector<TAO_SSLIOP_Connection_Handler, + namespace SSLIOP + { + class OwnCredentials; + + /** + * @class Connector + * + * @brief SSLIOP-specific Connector bridge for pluggable protocols. + * + * Concrete instance of the TAO_Connector class. Responsible + * for establishing a connection with a server and is called from + * the Connector_Registry. + */ + class TAO_SSLIOP_Export Connector : public TAO::IIOP_SSL_Connector + { + public: + + /// Constructor. + Connector (::Security::QOP qop); + + /** + * @name The TAO_Connector methods + * + * Please check the documentation in Transport_Connector.h + */ + //@{ + virtual int open (TAO_ORB_Core *orb_core); + virtual int close (void); + virtual TAO_Transport *connect (TAO::Profile_Transport_Resolver *r, + TAO_Transport_Descriptor_Interface *desc, + ACE_Time_Value *timeout + ACE_ENV_ARG_DECL); + + virtual TAO_Profile *create_profile (TAO_InputCDR& cdr); + //@} + + protected: + + /** + * @name More TAO_Connector methods + * + * Please check the documentation in Pluggable.h. + */ + virtual TAO_Profile * make_profile (ACE_ENV_SINGLE_ARG_DECL); + + /// IIOP-specific connection establishment. + /** + * @note The IIOP endpoint is extracted from the SSLIOP endpoint. + */ + TAO_Transport* iiop_connect (TAO_SSLIOP_Endpoint *ssliop_endpoint, + TAO::Profile_Transport_Resolver *r, + ACE_Time_Value *timeout + ACE_ENV_ARG_DECL); + + /// SSLIOP-specific connection establishment. + TAO_Transport* ssliop_connect (TAO_SSLIOP_Endpoint *ssliop_endpoint, + ::Security::QOP qop, + const ::Security::EstablishTrust &trust, + TAO::Profile_Transport_Resolver *r, + TAO_Transport_Descriptor_Interface *desc, + ACE_Time_Value *timeout + ACE_ENV_ARG_DECL); + + /// Retrieve SSLIOP credentials from the policy overrides list + /// and set up the underlying SSL connection to use the X.509 + /// certificates stored within them. + TAO::SSLIOP::OwnCredentials * retrieve_credentials (TAO_Stub *stub, + SSL *ssl + ACE_ENV_ARG_DECL); + + public: + + typedef TAO_Connect_Concurrency_Strategy<Connection_Handler> + CONNECT_CONCURRENCY_STRATEGY; + + typedef TAO_Connect_Creation_Strategy<Connection_Handler> + CONNECT_CREATION_STRATEGY; + + typedef ACE_Connect_Strategy<Connection_Handler, + ACE_SSL_SOCK_CONNECTOR> + CONNECT_STRATEGY; + + typedef ACE_Strategy_Connector<Connection_Handler, ACE_SSL_SOCK_CONNECTOR> - TAO_SSLIOP_BASE_CONNECTOR; + BASE_CONNECTOR; -private: + private: - /// If zero, connect to IIOP over SSL port by default. - /// Otherwise, connect to the insecure IIOP port. - Security::QOP qop_; + /// If zero, connect to IIOP over SSL port by default. + /// Otherwise, connect to the insecure IIOP port. + ::Security::QOP qop_; - /// Our connect strategy - TAO_SSLIOP_CONNECT_STRATEGY connect_strategy_; + /// Our connect strategy + CONNECT_STRATEGY connect_strategy_; - /// The connector initiating connection requests for IIOP. - TAO_SSLIOP_BASE_CONNECTOR base_connector_; + /// The connector initiating connection requests for IIOP. + BASE_CONNECTOR base_connector_; - /// State that will be passed to each SSLIOP connection handler upon - /// creation. - TAO_SSLIOP_Connection_Handler_State handler_state_; + /// State that will be passed to each SSLIOP connection handler upon + /// creation. + Connection_Handler_State handler_state_; -}; + }; + } // End SSLIOP namespace. +} // End TAO namespace. #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp index 12371531c04..4604767441e 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp @@ -1,10 +1,11 @@ -// -*- C++ -*- - #include "SSLIOP_Credentials.h" #include "tao/ORB_Constants.h" -ACE_RCSID (TAO_SSLIOP, +//#include <openssl/bn.h> + + +ACE_RCSID (SSLIOP, SSLIOP_Credentials, "$Id$") @@ -14,418 +15,186 @@ ACE_RCSID (TAO_SSLIOP, #endif /* __ACE_INLINE__ */ -// SSLIOP does not support delegation, nor does it support detection -// of replayed or misordered GIOP messages. -const Security::AssociationOptions TAO_SSLIOP_DISALLOWED_ASSOCIATIONS = - Security::DetectReplay - | Security::DetectMisordering - | Security::SimpleDelegation - | Security::CompositeDelegation; - -TAO_SSLIOP_Credentials::TAO_SSLIOP_Credentials (X509 *cert, EVP_PKEY *evp) - : accepting_options_supported_ (Security::Integrity - | Security::Confidentiality - | Security::EstablishTrustInTarget - | Security::NoDelegation), - accepting_options_required_ (Security::Integrity - | Security::Confidentiality - | Security::NoDelegation), - invocation_options_supported_ (accepting_options_supported_), - invocation_options_required_ (Security::NoDelegation), - x509_ (TAO_SSLIOP_X509::_duplicate (cert)), - evp_ (TAO_SSLIOP_EVP_PKEY::_duplicate (evp)) -{ -} - -TAO_SSLIOP_Credentials::~TAO_SSLIOP_Credentials (void) -{ -} - -SecurityLevel2::Credentials_ptr -TAO_SSLIOP_Credentials::copy (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - TAO_SSLIOP_Credentials *c = 0; - ACE_NEW_THROW_EX (c, - TAO_SSLIOP_Credentials (this->x509_.in (), - this->evp_.in ()), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (SecurityLevel2::Credentials::_nil ()); - - return c; -} - -void -TAO_SSLIOP_Credentials::destroy (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ -} - -Security::InvocationCredentialsType -TAO_SSLIOP_Credentials::credentials_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return Security::SecOwnCredentials; -} - -Security::AuthenticationStatus -TAO_SSLIOP_Credentials::authentication_state (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // @@ Is the following statement correct? - - // No "continued authentication" occurs in SSL. Authentication is - // done in one step during SSL session establishment. - - return Security::SecAuthSuccess; -} - -char * -TAO_SSLIOP_Credentials::mechanism (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) +TAO::SSLIOP::Credentials::Credentials (::X509 *cert, ::EVP_PKEY *evp) + : x509_ (TAO::SSLIOP::_duplicate (cert)), + evp_ (TAO::SSLIOP::_duplicate (evp)), + id_ (), + creds_usage_ (SecurityLevel3::CU_Indefinite), + expiry_time_ (), + creds_state_ (SecurityLevel3::CS_Invalid) { - // @todo Is the following correct? + ::X509 *x = cert; - // Mechanism ID is the same as the stringified component ID. For - // example, SSLIOP's IOP:ComponentId is 20 - // (SSLIOP::TAG_SSL_SEC_TRANS) meaning that its mechanism ID is - // "20." - return CORBA::string_dup ("20"); -} - -Security::AssociationOptions -TAO_SSLIOP_Credentials::accepting_options_supported ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return this->accepting_options_supported_; -} + if (x != 0) + { + // We use the X.509 certificate's serial number as the + // credentials Id. + BIGNUM * bn = ASN1_INTEGER_to_BN (::X509_get_serialNumber (x), 0); + if (BN_is_zero (bn)) + this->id_ = CORBA::string_dup ("X509: 00"); + else + { + char * id = BN_bn2hex (bn); -void -TAO_SSLIOP_Credentials::accepting_options_supported ( - Security::AssociationOptions accepting_options_supported - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // @todo Verify that the given accepting options are valid + ACE_CString s = + ACE_CString ("X509: ") + + ACE_CString (const_cast<const char *> (id)); - // SSLIOP does not support delegation, nor does it support detection - // of replayed or misordered GIOP messages. + this->id_ = CORBA::string_dup (s.c_str ()); - // "accepting_options_supported" should not have "less" capability - // then "accepting_options_required." + ::OPENSSL_free (id); + } - if ((accepting_options_supported & ::TAO_SSLIOP_DISALLOWED_ASSOCIATIONS) - || (accepting_options_supported ^ this->accepting_options_required_)) - ACE_THROW (CORBA::BAD_PARAM ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - EINVAL), - CORBA::COMPLETED_NO)); + // ------------------------------------------- - this->accepting_options_supported_ = accepting_options_supported; -} + TimeBase::UtcT & t = this->expiry_time_; -Security::AssociationOptions -TAO_SSLIOP_Credentials::accepting_options_required ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return this->accepting_options_required_; -} + const ASN1_TIME * exp = X509_get_notAfter (x); -void -TAO_SSLIOP_Credentials::accepting_options_required ( - Security::AssociationOptions accepting_options_required - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // "accepting_options_required" should not have "more" capability - // then "accepting_options_supported." - - if ((accepting_options_required & ::TAO_SSLIOP_DISALLOWED_ASSOCIATIONS) - || (accepting_options_required ^ this->accepting_options_supported_)) - ACE_THROW (CORBA::BAD_PARAM ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - EINVAL), - CORBA::COMPLETED_NO)); - - this->accepting_options_required_ = accepting_options_required; -} - -Security::AssociationOptions -TAO_SSLIOP_Credentials::invocation_options_supported ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return this->invocation_options_supported_; -} + if (exp->length > ACE_SIZEOF_LONG_LONG) + { + // @@ Will this ever happen? -void -TAO_SSLIOP_Credentials::invocation_options_supported ( - Security::AssociationOptions invocation_options_supported - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - if ((invocation_options_supported & ::TAO_SSLIOP_DISALLOWED_ASSOCIATIONS) - || (invocation_options_supported ^ this->invocation_options_required_)) - ACE_THROW (CORBA::BAD_PARAM ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - EINVAL), - CORBA::COMPLETED_NO)); - - this->invocation_options_supported_ = invocation_options_supported; + // Overflow! + t.time = ACE_UINT64_LITERAL (0xffffffffffffffff); + } + else + { + t.time = 0; + for (int i = 0; i < exp->length; ++i) + { + t.time <<= 8; + t.time |= (unsigned char) exp->data[i]; + } + } + } } -Security::AssociationOptions -TAO_SSLIOP_Credentials::invocation_options_required ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) +TAO::SSLIOP::Credentials::~Credentials (void) { - return this->invocation_options_required_; } -void -TAO_SSLIOP_Credentials::invocation_options_required ( - Security::AssociationOptions invocation_options_required - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - if ((invocation_options_required & ::TAO_SSLIOP_DISALLOWED_ASSOCIATIONS) - || (invocation_options_required ^ this->invocation_options_supported_)) - ACE_THROW (CORBA::BAD_PARAM ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - EINVAL), - CORBA::COMPLETED_NO)); - - this->invocation_options_required_ = invocation_options_required; -} - -CORBA::Boolean -TAO_SSLIOP_Credentials::get_security_feature ( - Security::CommunicationDirection /* direction */, - Security::SecurityFeature /* feature */ - ACE_ENV_ARG_DECL) +char * +TAO::SSLIOP::Credentials::creds_id (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); + return CORBA::string_dup (this->id_.in ()); } -CORBA::Boolean -TAO_SSLIOP_Credentials::set_attributes ( - const Security::AttributeList & /* requested_attributes */, - Security::AttributeList_out /* actual_attributes */ - ACE_ENV_ARG_DECL) +SecurityLevel3::CredentialsUsage +TAO::SSLIOP::Credentials::creds_usage (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); + return SecurityLevel3::CU_Indefinite; } -Security::AttributeList * -TAO_SSLIOP_Credentials::get_attributes ( - const Security::AttributeTypeList & /* attributes */ - ACE_ENV_ARG_DECL) +TimeBase::UtcT +TAO::SSLIOP::Credentials::expiry_time (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); + return this->expiry_time_; } -CORBA::Boolean -TAO_SSLIOP_Credentials::is_valid ( - Security::UtcT_out expiry_time - ACE_ENV_ARG_DECL) +SecurityLevel3::CredentialsState +TAO::SSLIOP::Credentials::creds_state (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - X509 *x = this->x509_.in (); + const ::X509 *x = this->x509_.in (); // The pointer to the underlying X509 structure should only be zero // if destroy() was called on this Credentials object. if (x == 0) - ACE_THROW_RETURN (CORBA::BAD_OPERATION (), 0); + ACE_THROW_RETURN (CORBA::BAD_OPERATION (), + SecurityLevel3::CS_Invalid); - int before_status = ::X509_cmp_current_time (X509_get_notBefore (x)); - int after_status = ::X509_cmp_current_time (X509_get_notAfter (x)); - - if (before_status == 0 || after_status == 0) + if (this->creds_state_ == SecurityLevel3::CS_Valid) { - // Error in certificate's "not before" or "not after" field. - ACE_THROW_RETURN (CORBA::BAD_PARAM (), // @@ Correct exception? - 0); - } - - ASN1_TIME *exp = X509_get_notAfter (x); + // Make sure the X.509 certificate is still valid. - if (exp->length > ACE_SIZEOF_LONG_LONG) - { - // @@ Will this ever happen? + const int after_status = + ::X509_cmp_current_time (X509_get_notAfter (x)); - // Overflow! - expiry_time.time = ACE_UINT64_LITERAL (0xffffffffffffffff); - } - else - { - expiry_time.time = 0; - for (int i = 0; i < exp->length; ++i) + if (after_status == 0) { - expiry_time.time <<= 8; - expiry_time.time |= (unsigned char) exp->data[i]; + // Error in certificate's "not after" field. + ACE_THROW_RETURN (CORBA::BAD_PARAM (), // @@ Correct exception? + SecurityLevel3::CS_Invalid); } + else if (after_status > 0) // Certificate has expired. + this->creds_state_ = SecurityLevel3::CS_Expired; } - - if (before_status > 0 // Certificate is not yet valid. - || after_status < 0) // Certificate is expired. - return 0; - - return 1; -} - -CORBA::Boolean -TAO_SSLIOP_Credentials::refresh (const CORBA::Any & /* refresh_data */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // Until it is clear the code below is correct, throw a - // CORBA::NO_IMPLEMENT exception. - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); - - // @@ I "if zeroed" out the following code since I'm not sure if the - // code below is correct, or if it possible to to refresh the - // X.509 certificates for the given SSL session by renegotiating - // the that session. - -#if 0 - // @@ What about the private key? Do we need to refresh it as well? - - SSLIOP::ASN_1_Cert *der_cert = 0; - char *cert_filename = 0; - - // Attempt to extract a certificate in DER format from the Any. - if (refresh_data >>= der_cert) + else if (this->creds_state_ == SecurityLevel3::CS_Invalid) { - if (::SSL_use_certificate_ASN1 (this->ssl_, - der_cert->get_buffer (), - der_cert->length ()) <= 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - "(%P|%t) ERROR: Unable to refresh SSLIOP " - "credentials using certificate in ASN.1 " - "format.\n")); + // Check if the X.509 certificate has become valid. - ACE_THROW_RETURN (CORBA::BAD_OPERATION (), 0); - } - } + const int before_status = + ::X509_cmp_current_time (X509_get_notBefore (x)); - // Attempt to extract a filename that contains the certificate from - // the Any. - else if (refresh_data >>= cert_filename) - { - // @@ Should we do this sort of thing, i.e. first try to open a - // PEM file, and then an ASN.1 file? - - // Try extracting a PEM formatted certificate from the given - // file. - if (::SSL_use_certificate_file (this->ssl_, - cert_filename, - SSL_FILETYPE_PEM) <= 0) + if (before_status == 0) { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_WARNING, - "(%P|%t) WARNING: Unable to refresh SSLIOP " - "credentials using PEM certificate in file \"%s\"\n", - cert_filename)); + // Error in certificate's "not before" field. + ACE_THROW_RETURN (CORBA::BAD_PARAM (), // @@ Correct exception? + SecurityLevel3::CS_Invalid); } - - // Try extracted an ASN.1 formatted certificate from the given - // file. - else if (::SSL_use_certificate_file (this->ssl_, - cert_filename, - SSL_FILETYPE_ASN1) <= 0) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_WARNING, - "(%P|%t) WARNING: Unable to refresh SSLIOP " - "credentials using ASN.1 certificate in file \"%s\"\n", - cert_filename)); - } - - else - ACE_THROW_RETURN (CORBA::BAD_OPERATION (), 0); + else if (before_status < 0) // Certificate is now valid. + this->creds_state_ = SecurityLevel3::CS_Valid; } - else - ACE_THROW_RETURN (CORBA::BAD_PARAM (), 0); - // Renegotiate the SSL session to force the new settings to be used. - if (::SSL_renegotiate (this->ssl_) <= 0) - ACE_THROW_RETURN (CORBA::BAD_OPERATION (), 0); + return this->creds_state_; +} + +char * +TAO::SSLIOP::Credentials::add_relinquished_listener ( + SecurityLevel3::RelinquishedCredentialsListener_ptr /* listener */ + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} - return 1; -#endif /* 0 */ +void +TAO::SSLIOP::Credentials::remove_relinquished_listener (const char * /* id */ + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW (CORBA::NO_IMPLEMENT ()); } bool -TAO_SSLIOP_Credentials::operator== (const TAO_SSLIOP_Credentials &rhs) +TAO::SSLIOP::Credentials::operator== (const TAO::SSLIOP::Credentials &rhs) { - X509 *xa = this->x509_.in (); - X509 *xb = rhs.x509_.in (); + X509 * xa = this->x509_.in (); + X509 * xb = rhs.x509_.in (); // EVP_PKEY *ea = this->evp_.in (); // EVP_PKEY *eb = rhs.evp_.in (); return - this->accepting_options_supported_ == rhs.accepting_options_supported_ - && this->accepting_options_required_ == rhs.accepting_options_required_ - && this->invocation_options_supported_ == rhs.invocation_options_supported_ - && this->invocation_options_required_ == rhs.invocation_options_required_ - && ((xa == xb) || (xa != 0 && xb != 0 && ::X509_cmp (xa, xb) == 0)) - // && ((ea == eb) || (ea != 0 && eb != 0 && ::EVP_PKEY_cmp (ea, eb) == 0)) +// this->accepting_options_supported_ == rhs.accepting_options_supported_ +// && this->accepting_options_required_ == rhs.accepting_options_required_ +// && this->invocation_options_supported_ == rhs.invocation_options_supported_ && this->invocation_options_required_ == rhs.invocation_options_required_ + ((xa == xb) || (xa != 0 && xb != 0 && ::X509_cmp (xa, xb) == 0)) +// && ((ea == eb) || (ea != 0 && eb != 0 && ::EVP_PKEY_cmp (ea, eb) == 0)) ; } CORBA::ULong -TAO_SSLIOP_Credentials::hash (void) const +TAO::SSLIOP::Credentials::hash (void) const { - X509 *x509 = this->x509_.in (); + ::X509 *x509 = this->x509_.in (); return (x509 == 0 ? 0 : ::X509_issuer_name_hash (x509)); } -TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials::_narrow (CORBA::Object_ptr obj +TAO::SSLIOP::Credentials_ptr +TAO::SSLIOP::Credentials::_narrow (CORBA::Object_ptr obj ACE_ENV_ARG_DECL_NOT_USED) { - return TAO_SSLIOP_Credentials::_duplicate ( - dynamic_cast<TAO_SSLIOP_Credentials *> (obj)); + return TAO::SSLIOP::Credentials::_duplicate ( + dynamic_cast<TAO::SSLIOP::Credentials *> (obj)); } -TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials::_duplicate (TAO_SSLIOP_Credentials_ptr obj) +TAO::SSLIOP::Credentials_ptr +TAO::SSLIOP::Credentials::_duplicate (TAO::SSLIOP::Credentials_ptr obj) { if (!CORBA::is_nil (obj)) obj->_add_ref (); @@ -435,229 +204,37 @@ TAO_SSLIOP_Credentials::_duplicate (TAO_SSLIOP_Credentials_ptr obj) // ----------------------------------------------------------- -int TAO_SSLIOP_Credentials::_tao_class_id = 0; - -TAO_SSLIOP_Credentials_ptr -tao_TAO_SSLIOP_Credentials_duplicate ( - TAO_SSLIOP_Credentials_ptr p - ) +TAO::SSLIOP::Credentials_ptr +tao_TAO_SSLIOP_Credentials_duplicate (TAO::SSLIOP::Credentials_ptr p) { - return TAO_SSLIOP_Credentials::_duplicate (p); + return TAO::SSLIOP::Credentials::_duplicate (p); } void -tao_TAO_SSLIOP_Credentials_release ( - TAO_SSLIOP_Credentials_ptr p - ) +tao_TAO_SSLIOP_Credentials_release (TAO::SSLIOP::Credentials_ptr p) { CORBA::release (p); } -TAO_SSLIOP_Credentials_ptr -tao_TAO_SSLIOP_Credentials_nil ( - void - ) -{ - return TAO_SSLIOP_Credentials::_nil (); -} - -TAO_SSLIOP_Credentials_ptr -tao_TAO_SSLIOP_Credentials_narrow ( - CORBA::Object *p - ACE_ENV_ARG_DECL - ) -{ - return TAO_SSLIOP_Credentials::_narrow (p ACE_ENV_ARG_PARAMETER); -} - -CORBA::Object * -tao_TAO_SSLIOP_Credentials_upcast ( - void *src - ) -{ - TAO_SSLIOP_Credentials **tmp = - ACE_static_cast (TAO_SSLIOP_Credentials **, src); - return *tmp; -} - -// ************************************************************* -// Operations for class TAO_SSLIOP_Credentials_var -// ************************************************************* - -TAO_SSLIOP_Credentials_var::TAO_SSLIOP_Credentials_var (void) // default constructor - : ptr_ (TAO_SSLIOP_Credentials::_nil ()) -{} - -::TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials_var::ptr (void) const -{ - return this->ptr_; -} - -TAO_SSLIOP_Credentials_var::TAO_SSLIOP_Credentials_var (const ::TAO_SSLIOP_Credentials_var &p) // copy constructor - : TAO_Base_var (), - ptr_ (TAO_SSLIOP_Credentials::_duplicate (p.ptr ())) -{} - -TAO_SSLIOP_Credentials_var::~TAO_SSLIOP_Credentials_var (void) // destructor -{ - CORBA::release (this->ptr_); -} - -TAO_SSLIOP_Credentials_var & -TAO_SSLIOP_Credentials_var::operator= (TAO_SSLIOP_Credentials_ptr p) -{ - CORBA::release (this->ptr_); - this->ptr_ = p; - return *this; -} - -TAO_SSLIOP_Credentials_var & -TAO_SSLIOP_Credentials_var::operator= (const ::TAO_SSLIOP_Credentials_var &p) -{ - if (this != &p) - { - CORBA::release (this->ptr_); - this->ptr_ = ::TAO_SSLIOP_Credentials::_duplicate (p.ptr ()); - } - return *this; -} - -TAO_SSLIOP_Credentials_var::operator const ::TAO_SSLIOP_Credentials_ptr &() const // cast -{ - return this->ptr_; -} - -TAO_SSLIOP_Credentials_var::operator ::TAO_SSLIOP_Credentials_ptr &() // cast -{ - return this->ptr_; -} - -::TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials_var::operator-> (void) const -{ - return this->ptr_; -} - -::TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials_var::in (void) const -{ - return this->ptr_; -} - -::TAO_SSLIOP_Credentials_ptr & -TAO_SSLIOP_Credentials_var::inout (void) -{ - return this->ptr_; -} - -::TAO_SSLIOP_Credentials_ptr & -TAO_SSLIOP_Credentials_var::out (void) -{ - CORBA::release (this->ptr_); - this->ptr_ = ::TAO_SSLIOP_Credentials::_nil (); - return this->ptr_; -} - -::TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials_var::_retn (void) -{ - // yield ownership of managed obj reference - ::TAO_SSLIOP_Credentials_ptr val = this->ptr_; - this->ptr_ = ::TAO_SSLIOP_Credentials::_nil (); - return val; -} - -::TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials_var::tao_duplicate (TAO_SSLIOP_Credentials_ptr p) -{ - return ::TAO_SSLIOP_Credentials::_duplicate (p); -} - -void -TAO_SSLIOP_Credentials_var::tao_release (TAO_SSLIOP_Credentials_ptr p) +TAO::SSLIOP::Credentials_ptr +tao_TAO_SSLIOP_Credentials_nil (void) { - CORBA::release (p); + return TAO::SSLIOP::Credentials::_nil (); } -::TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials_var::tao_nil (void) +TAO::SSLIOP::Credentials_ptr +tao_TAO_SSLIOP_Credentials_narrow (CORBA::Object *p + ACE_ENV_ARG_DECL) { - return ::TAO_SSLIOP_Credentials::_nil (); + return TAO::SSLIOP::Credentials::_narrow (p + ACE_ENV_ARG_PARAMETER); } -::TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials_var::tao_narrow ( - CORBA::Object *p - ACE_ENV_ARG_DECL - ) +CORBA::Object_ptr +tao_TAO_SSLIOP_Credentials_upcast (void *src) { - return ::TAO_SSLIOP_Credentials::_narrow (p ACE_ENV_ARG_PARAMETER); -} + TAO::SSLIOP::Credentials **tmp = + static_cast<TAO::SSLIOP::Credentials **> (src); -CORBA::Object * -TAO_SSLIOP_Credentials_var::tao_upcast (void *src) -{ - TAO_SSLIOP_Credentials **tmp = - ACE_static_cast (TAO_SSLIOP_Credentials **, src); return *tmp; } - -// ************************************************************* -// Operations for class TAO_SSLIOP_Credentials_out -// ************************************************************* - -TAO_SSLIOP_Credentials_out::TAO_SSLIOP_Credentials_out (TAO_SSLIOP_Credentials_ptr &p) - : ptr_ (p) -{ - this->ptr_ = ::TAO_SSLIOP_Credentials::_nil (); -} - -TAO_SSLIOP_Credentials_out::TAO_SSLIOP_Credentials_out (TAO_SSLIOP_Credentials_var &p) // constructor from _var - : ptr_ (p.out ()) -{ - CORBA::release (this->ptr_); - this->ptr_ = ::TAO_SSLIOP_Credentials::_nil (); -} - -TAO_SSLIOP_Credentials_out::TAO_SSLIOP_Credentials_out (const ::TAO_SSLIOP_Credentials_out &p) // copy constructor - : ptr_ (ACE_const_cast (TAO_SSLIOP_Credentials_out &, p).ptr_) -{} - -::TAO_SSLIOP_Credentials_out & -TAO_SSLIOP_Credentials_out::operator= (const ::TAO_SSLIOP_Credentials_out &p) -{ - this->ptr_ = ACE_const_cast (TAO_SSLIOP_Credentials_out&, p).ptr_; - return *this; -} - -TAO_SSLIOP_Credentials_out & -TAO_SSLIOP_Credentials_out::operator= (const ::TAO_SSLIOP_Credentials_var &p) -{ - this->ptr_ = ::TAO_SSLIOP_Credentials::_duplicate (p.ptr ()); - return *this; -} - -TAO_SSLIOP_Credentials_out & -TAO_SSLIOP_Credentials_out::operator= (TAO_SSLIOP_Credentials_ptr p) -{ - this->ptr_ = p; - return *this; -} - -TAO_SSLIOP_Credentials_out::operator ::TAO_SSLIOP_Credentials_ptr &() // cast -{ - return this->ptr_; -} - -::TAO_SSLIOP_Credentials_ptr & -TAO_SSLIOP_Credentials_out::ptr (void) // ptr -{ - return this->ptr_; -} - -::TAO_SSLIOP_Credentials_ptr -TAO_SSLIOP_Credentials_out::operator-> (void) -{ - return this->ptr_; -} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h index 50722c09367..4a53212775d 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h @@ -6,7 +6,7 @@ * * $Id$ * - * @author Ossama Othman <ossama@uci.edu> + * @author Ossama Othman <ossama@dre.vanderbilt.edu> */ //============================================================================= @@ -23,286 +23,144 @@ #include "SSLIOP_X509.h" #include "SSLIOP_EVP_PKEY.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" #include "tao/LocalObject.h" -#include "orbsvcs/orbsvcs/SecurityLevel2C.h" +namespace TAO +{ + namespace SSLIOP + { + + class Credentials; + typedef Credentials* Credentials_ptr; + typedef TAO_Pseudo_Var_T<Credentials> Credentials_var; + typedef TAO_Pseudo_Out_T<Credentials, Credentials_var> Credentials_out; + + /** + * @class Credentials + * + * @brief SSLIOP-specific implementation of the + * SecurityLevel3::Credentials interface. + * + * This class encapsulates the X.509 certificate associated with a + * given a principal. + */ + class TAO_SSLIOP_Export Credentials + : public virtual SecurityLevel3::Credentials, + public virtual TAO_Local_RefCounted_Object + { + public: -class TAO_SSLIOP_Credentials; -typedef TAO_SSLIOP_Credentials* TAO_SSLIOP_Credentials_ptr; + /// Constructor + Credentials (::X509 * cert, ::EVP_PKEY * evp); -class TAO_SSLIOP_Credentials_var : public TAO_Base_var -{ -public: - TAO_SSLIOP_Credentials_var (void); // default constructor - TAO_SSLIOP_Credentials_var (TAO_SSLIOP_Credentials_ptr p) : ptr_ (p) {} - TAO_SSLIOP_Credentials_var (const TAO_SSLIOP_Credentials_var &); // copy constructor - ~TAO_SSLIOP_Credentials_var (void); // destructor - - TAO_SSLIOP_Credentials_var &operator= (TAO_SSLIOP_Credentials_ptr); - TAO_SSLIOP_Credentials_var &operator= (const TAO_SSLIOP_Credentials_var &); - TAO_SSLIOP_Credentials_ptr operator-> (void) const; - - operator const TAO_SSLIOP_Credentials_ptr &() const; - operator TAO_SSLIOP_Credentials_ptr &(); - // in, inout, out, _retn - TAO_SSLIOP_Credentials_ptr in (void) const; - TAO_SSLIOP_Credentials_ptr &inout (void); - TAO_SSLIOP_Credentials_ptr &out (void); - TAO_SSLIOP_Credentials_ptr _retn (void); - TAO_SSLIOP_Credentials_ptr ptr (void) const; - - // Hooks used by template sequence and object manager classes - // for non-defined forward declared interfaces. - static TAO_SSLIOP_Credentials_ptr tao_duplicate (TAO_SSLIOP_Credentials_ptr); - static void tao_release (TAO_SSLIOP_Credentials_ptr); - static TAO_SSLIOP_Credentials_ptr tao_nil (void); - static TAO_SSLIOP_Credentials_ptr tao_narrow ( - CORBA::Object * - ACE_ENV_ARG_DECL_NOT_USED - ); - static CORBA::Object * tao_upcast (void *); - -private: - TAO_SSLIOP_Credentials_ptr ptr_; - // Unimplemented - prevents widening assignment. - TAO_SSLIOP_Credentials_var (const TAO_Base_var &rhs); - TAO_SSLIOP_Credentials_var &operator= (const TAO_Base_var &rhs); -}; - - -class TAO_SSLIOP_Credentials_out -{ -public: - TAO_SSLIOP_Credentials_out (TAO_SSLIOP_Credentials_ptr &); - TAO_SSLIOP_Credentials_out (TAO_SSLIOP_Credentials_var &); - TAO_SSLIOP_Credentials_out (const TAO_SSLIOP_Credentials_out &); - TAO_SSLIOP_Credentials_out &operator= (const TAO_SSLIOP_Credentials_out &); - TAO_SSLIOP_Credentials_out &operator= (const TAO_SSLIOP_Credentials_var &); - TAO_SSLIOP_Credentials_out &operator= (TAO_SSLIOP_Credentials_ptr); - operator TAO_SSLIOP_Credentials_ptr &(); - TAO_SSLIOP_Credentials_ptr &ptr (void); - TAO_SSLIOP_Credentials_ptr operator-> (void); - -private: - TAO_SSLIOP_Credentials_ptr &ptr_; -}; + /** + * @name SecurityLevel3::Credentials Methods + * + * Methods required by the SecurityLevel3::Credentials + * interface. + */ + //@{ + virtual char * creds_id (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + virtual + SecurityLevel3::CredentialsType creds_type (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) = 0; -/** - * @class TAO_SSLIOP_Credentials - * - * @brief SSLIOP-specific implementation of the - * SecurityLevel2::Credentials interface. - * - * This class encapsulates the X.509 certificate associated with a - * given a principal. - */ -class TAO_SSLIOP_Credentials - : public virtual SecurityLevel2::Credentials, - public virtual TAO_Local_RefCounted_Object -{ -public: - - /// Constructor - TAO_SSLIOP_Credentials (X509 *cert, EVP_PKEY *evp); - - /// Return a duplicate (specifically a deep copy) of this credential - /// object. - virtual SecurityLevel2::Credentials_ptr copy ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void destroy ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return the invocation credentials type this object is. - /** - * If this Credentials object was created by the - * PrincipalAuthenticator then the "own" credentials type - * (i.e. Security::SecOwnCredentials) is returned. Specifically, - * the credentials represented by this Credentials object are our - * own, not the peer's credentials. - * @par - * If this Credentials object corresponds to the credentials - * received from the peer, then the "received" credentials type - * (i.e. Security::SecReceivedCredentials) is returned. - * @par - * If this Credentials object corresponds to the target object's - * credentials then the "target" credentials type - * (i.e. Security::SecTargetCredentials) is returned. - */ - virtual Security::InvocationCredentialsType credentials_type ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AuthenticationStatus authentication_state ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual char * mechanism ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AssociationOptions accepting_options_supported ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void accepting_options_supported ( - Security::AssociationOptions accepting_options_supported - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AssociationOptions accepting_options_required ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void accepting_options_required ( - Security::AssociationOptions accepting_options_required - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AssociationOptions invocation_options_supported ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void invocation_options_supported ( - Security::AssociationOptions invocation_options_supported - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AssociationOptions invocation_options_required ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void invocation_options_required ( - Security::AssociationOptions invocation_options_required - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean get_security_feature ( - Security::CommunicationDirection direction, - Security::SecurityFeature feature - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean set_attributes ( - const Security::AttributeList & requested_attributes, - Security::AttributeList_out actual_attributes - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AttributeList * get_attributes ( - const Security::AttributeTypeList & attributes - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Verify that this credential is still valid. - virtual CORBA::Boolean is_valid ( - Security::UtcT_out expiry_time - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean refresh ( - const CORBA::Any & refresh_data - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - //@{ - /// Return a pointer to the underlying X.509 certificate. - /** - * @note Caller owns the returned object. Use a - * TAO_SSLIOP_X509_var. - */ - X509 *x509 (void); - //@} - - /// Return a pointer to the underlying private key. - /** - * @return Non-zero value if private key is used. - * - * @note Caller owns the returned object. Use a - * TAO_SSLIOP_EVP_PKEY_var. - */ - EVP_PKEY *evp (void); - //@} - - bool operator== (const TAO_SSLIOP_Credentials &rhs); - - CORBA::ULong hash (void) const; - - //@{ -#if !defined(__GNUC__) || !defined (ACE_HAS_GNUG_PRE_2_8) - typedef TAO_SSLIOP_Credentials_ptr _ptr_type; - typedef TAO_SSLIOP_Credentials_var _var_type; -#endif /* ! __GNUC__ || g++ >= 2.8 */ - - static int _tao_class_id; - - // The static operations. - static TAO_SSLIOP_Credentials_ptr _duplicate (TAO_SSLIOP_Credentials_ptr obj); - - static TAO_SSLIOP_Credentials_ptr _narrow ( - CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_WITH_DEFAULTS - ); - - static TAO_SSLIOP_Credentials_ptr _nil (void) - { - return (TAO_SSLIOP_Credentials_ptr)0; - } - - //@} - -protected: - - /// Destructor. - /** - * Destructor is protected to enforce proper reference counting. - * Specifically, this reference counted object should only be - * deallocated by the reference counting mechanism. - */ - ~TAO_SSLIOP_Credentials (void); - -protected: - - /// Security association options supported by this Credentials - /// object when accepting client invocations. - /** - * This attribute corresponds to the SSLIOP::target_supports field - * in the security association options in the SSLIOP tagged - * component that is embedded in IORs created by SSLIOP-enabled - * server side ORBs. - */ - Security::AssociationOptions accepting_options_supported_; - - /// Security association options required by this Credentials - /// object when accepting client invocations. - /** - * This attribute corresponds to the SSLIOP::target_requires field - * in the security association options in the SSLIOP tagged - * component that is embedded in IORs created by SSLIOP-enabled - * server side ORBs. - */ - Security::AssociationOptions accepting_options_required_; - - /// Security association options supported by this Credentials - /// object when invoking operations on the target object. - Security::AssociationOptions invocation_options_supported_; - - /// Security association options required by this Credentials - /// object when invoking operations on the target object. - Security::AssociationOptions invocation_options_required_; - - /// Reference to the X.509 certificate associated with this SSLIOP - /// Credentials object. - TAO_SSLIOP_X509_var x509_; - - /// Reference to the private key associated with the X.509 - /// certificate. - TAO_SSLIOP_EVP_PKEY_var evp_; - -}; + virtual SecurityLevel3::CredentialsUsage creds_usage ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual TimeBase::UtcT expiry_time (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::CredentialsState creds_state ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual char * add_relinquished_listener ( + SecurityLevel3::RelinquishedCredentialsListener_ptr listener + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void remove_relinquished_listener (const char * id + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + + //@{ + /// Return a pointer to the underlying X.509 certificate. + /** + * @note Caller owns the returned object. Use a + * TAO::SSLIOP::X509_var. + */ + ::X509 *x509 (void); + //@} + + /// Return a pointer to the underlying private key. + /** + * @return Non-zero value if private key is used. + * + * @note Caller owns the returned object. Use a + * TAO::SSLIOP::EVP_PKEY_var. + */ + ::EVP_PKEY *evp (void); + //@} + + bool operator== (const Credentials &rhs); + + CORBA::ULong hash (void) const; + + // The static operations. + static Credentials_ptr _duplicate (Credentials_ptr obj); + + static Credentials_ptr _narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL); + + static Credentials_ptr _nil (void) + { + return (Credentials_ptr) 0; + } + + //@} + + protected: + + /// Destructor. + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechanism. + */ + ~Credentials (void); + + protected: + + /// Reference to the X.509 certificate associated with this SSLIOP + /// Credentials object. + X509_var x509_; + + /// Reference to the private key associated with the X.509 + /// certificate. + EVP_PKEY_var evp_; + + /// Credentials Identifier. + CORBA::String_var id_; + + /// The intended usage of the Credentials. + SecurityLevel3::CredentialsUsage creds_usage_; + + /// The time these Credentials expire. + TimeBase::UtcT expiry_time_; + + /// The validity of the Credentials. + SecurityLevel3::CredentialsState creds_state_; + + }; + + } // End SSLIOP namespace +} // End TAO namespace #if defined (__ACE_INLINE__) # include "SSLIOP_Credentials.inl" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl index 7d584ee6aa8..e33e9380658 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl @@ -2,14 +2,14 @@ // // $Id$ -ACE_INLINE X509 * -TAO_SSLIOP_Credentials::x509 (void) +ACE_INLINE ::X509 * +TAO::SSLIOP::Credentials::x509 (void) { - return TAO_SSLIOP_X509::_duplicate (this->x509_.in ()); + return TAO::SSLIOP::_duplicate (this->x509_.in ()); } -ACE_INLINE EVP_PKEY * -TAO_SSLIOP_Credentials::evp (void) +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::Credentials::evp (void) { - return TAO_SSLIOP_EVP_PKEY::_duplicate (this->evp_.in ()); + return TAO::SSLIOP::_duplicate (this->evp_.in ()); } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp new file mode 100644 index 00000000000..d2eef3da6bf --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp @@ -0,0 +1,377 @@ +// $Id$ + +#include "SSLIOP_CredentialsAcquirer.h" +#include "SSLIOP_OwnCredentials.h" + +#include "tao/debug.h" +#include "tao/ORB_Constants.h" + +#include "ace/SSL/SSL_Context.h" + +#include "ace/OS_NS_stdio.h" + +#include <openssl/x509.h> +#include <openssl/pem.h> + + +ACE_RCSID (SSLIOP, + SSLIOP_CredentialsAcquirer, + "$Id$") + + +// ------------------------------------------------------- + +extern "C" +int +TAO_SSLIOP_password_callback (char *buf, + int size, + int /* rwflag */, + void *userdata) +{ + // @@ I'm probably over complicating this implementation, but that's + // what you get when you try to be overly efficient. :-) + // -Ossama + + const char *password = static_cast<char *> (userdata); + + int pwlen = -1; + + if (password != 0) + { + pwlen = ACE_OS::strlen (password); + + int copy_len = pwlen + 1; // Include the NULL terminator + + // Clear the portion of the buffer that exceeds the space that + // will be occupied by the password. + if (copy_len < size) + ACE_OS::memset (buf + copy_len, 0, size - copy_len); + + // Make sure we don't overflow the OpenSSL supplied buffer. + // Truncate the password if necessary. + copy_len = (copy_len > size) ? size : copy_len; + + ACE_OS::memcpy (buf, password, copy_len); + + // NULL terminate the truncated password. + if (copy_len > size) + { + pwlen = size - 1; + buf[pwlen] = '\0'; + } + } + + return pwlen; +} + +// ------------------------------------------------------- + +TAO::SSLIOP::CredentialsAcquirer::CredentialsAcquirer ( + TAO::SL3::CredentialsCurator_ptr curator, + const CORBA::Any & acquisition_arguments) + : lock_ (), + curator_ (TAO::SL3::CredentialsCurator::_duplicate (curator)), + acquisition_arguments_ (acquisition_arguments), + destroyed_ (false) +{ +} + +TAO::SSLIOP::CredentialsAcquirer::~CredentialsAcquirer (void) +{ +} + +char * +TAO::SSLIOP::CredentialsAcquirer::acquisition_method (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK_RETURN (0); + + return CORBA::string_dup ("SL3TLS"); +} + +SecurityLevel3::AcquisitionStatus +TAO::SSLIOP::CredentialsAcquirer::current_status (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK_RETURN (SecurityLevel3::AQST_Failed); + + return SecurityLevel3::AQST_Succeeded; // @@ Really? +} + +CORBA::ULong +TAO::SSLIOP::CredentialsAcquirer::nth_iteration (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK_RETURN (0); + + // SSL/TLS credentials is single-step process from the point-of-view + // of the caller. + return 1; +} + +CORBA::Any * +TAO::SSLIOP::CredentialsAcquirer::get_continuation_data ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + // SSL/TLS credentials acquisition does generate continuation data. + ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (), 0); +} + +SecurityLevel3::AcquisitionStatus +TAO::SSLIOP::CredentialsAcquirer::continue_acquisition ( + const CORBA::Any & /* acquisition_arguments */ + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + // SSL/TLS credentials acquisition does generate continuation data. + ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (), + SecurityLevel3::AQST_Failed); +} + +SecurityLevel3::OwnCredentials_ptr +TAO::SSLIOP::CredentialsAcquirer::get_credentials (CORBA::Boolean on_list + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ()); + + ::SSLIOP::AuthData *data; + + if (!(this->acquisition_arguments_ >>= data)) + ACE_THROW_RETURN (CORBA::BAD_PARAM (), + SecurityLevel3::OwnCredentials::_nil ()); + + TAO::SSLIOP::X509_var x509 = this->make_X509 (data->certificate); + + if (x509.in () == 0) + ACE_THROW_RETURN (CORBA::BAD_PARAM (), + SecurityLevel3::OwnCredentials::_nil ()); + + TAO::SSLIOP::EVP_PKEY_var evp = this->make_EVP_PKEY (data->key); + + if (evp.in () == 0) + ACE_THROW_RETURN (CORBA::BAD_PARAM (), + SecurityLevel3::OwnCredentials::_nil ()); + + // Verify that the private key is consistent with the certificate. + if (::X509_check_private_key (x509.in (), evp.in ()) != 1) + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("(%P|%t) ERROR: Private key is not ") + ACE_TEXT ("consistent with X.509 certificate"))); + + ACE_THROW_RETURN (CORBA::BAD_PARAM (), + SecurityLevel3::OwnCredentials::_nil ()); + } + + TAO::SSLIOP::OwnCredentials * creds; + ACE_NEW_THROW_EX (creds, + TAO::SSLIOP::OwnCredentials (x509.in (), evp.in ()), + CORBA::NO_MEMORY ()); + ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ()); + + SecurityLevel3::OwnCredentials_var credentials = creds; + + if (on_list) + { + this->curator_->_tao_add_own_credentials (creds + ACE_ENV_ARG_PARAMETER); + ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ()); + } + + this->destroy (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ()); + + return credentials._retn (); +} + +void +TAO::SSLIOP::CredentialsAcquirer::destroy (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK; + + ACE_GUARD (TAO_SYNCH_MUTEX, + guard, + this->lock_); + + if (!this->destroyed_) + { + this->destroyed_ = true; + + // Release our reference to the CredentialsCurator. + (void) this->curator_.out (); + } +} + +void +TAO::SSLIOP::CredentialsAcquirer::check_validity (ACE_ENV_SINGLE_ARG_DECL) +{ + ACE_GUARD (TAO_SYNCH_MUTEX, + guard, + this->lock_); + + if (this->destroyed_) + ACE_THROW (CORBA::BAD_INV_ORDER ()); +} + +::X509 * +TAO::SSLIOP::CredentialsAcquirer::make_X509 (const ::SSLIOP::File &certificate) +{ + // No password is used or needed when reading ASN.1 encoded + // certificates. + + const char *filename = certificate.filename.in (); + + if (filename == 0) + return 0; + + FILE *fp = 0; + ::X509 *x = 0; + + if (certificate.type == ::SSLIOP::ASN1) + { + // ASN.1/DER encoded certificate + + // No password is used or needed when reading ASN.1 encoded + // certificates. + + const char *filename = certificate.filename.in (); + + if (filename == 0) + return 0; + + fp = ACE_OS::fopen (filename, "rb"); + + if (fp == 0) + { + if (TAO_debug_level > 0) + ACE_ERROR ((LM_ERROR, + ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"), + ACE_TEXT ("fopen"))); + + return 0; + } + + // Read ASN.1 / DER encoded X.509 certificate from a file, and + // convert it to OpenSSL's internal X.509 format. + x = ::d2i_X509_fp (fp, 0); + } + else + { + // PEM encoded certificate + + fp = ACE_OS::fopen (filename, "r"); + + if (fp == 0) + { + if (TAO_debug_level > 0) + ACE_ERROR ((LM_ERROR, + ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"), + ACE_TEXT ("fopen"))); + + return 0; + } + + const char *password = certificate.password.in (); + + // Read PEM encoded X.509 certificate from a file, and convert + // it to OpenSSL's internal X.509 format. + x = PEM_read_X509 (fp, + 0, + TAO_SSLIOP_password_callback, + const_cast<char *> (password)); + } + + (void) ACE_OS::fclose (fp); + + if (x == 0 && TAO_debug_level > 0) + ACE_SSL_Context::report_error (); + + return x; +} + +::EVP_PKEY * +TAO::SSLIOP::CredentialsAcquirer::make_EVP_PKEY (const ::SSLIOP::File &key) +{ + // No password is used or needed when reading ASN.1 encoded + // private keys. + + const char *filename = key.filename.in (); + + if (filename == 0) + return 0; + + FILE *fp = 0; + ::EVP_PKEY *evp = 0; + + if (key.type == ::SSLIOP::ASN1) + { + // ASN.1/DER encoded private key + + // No password is used or needed when reading ASN.1 encoded + // private keys. + + const char *filename = key.filename.in (); + + if (filename == 0) + return 0; + + fp = ACE_OS::fopen (filename, "rb"); + + if (fp == 0) + { + if (TAO_debug_level > 0) + ACE_ERROR ((LM_ERROR, + ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ") + ACE_TEXT ("- %p\n"), + ACE_TEXT ("fopen"))); + + return 0; + } + + // Read ASN.1 / DER encoded private key from a file, and convert + // it to OpenSSL's internal private key format. + evp = ::d2i_PrivateKey_fp (fp, 0); + } + else + { + // PEM encoded private key + + fp = ACE_OS::fopen (filename, "r"); + + if (fp == 0) + { + if (TAO_debug_level > 0) + ACE_ERROR ((LM_ERROR, + ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ") + ACE_TEXT ("- %p\n"), + ACE_TEXT ("fopen"))); + + return 0; + } + + const char *password = key.password.in (); + + // Read PEM encoded private key from a file, and convert it to + // OpenSSL's internal private key format. + evp = PEM_read_PrivateKey (fp, + 0, + TAO_SSLIOP_password_callback, + const_cast<char *> (password)); + } + + (void) ACE_OS::fclose (fp); + + if (evp == 0 && TAO_debug_level > 0) + ACE_SSL_Context::report_error (); + + return evp; +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h new file mode 100644 index 00000000000..11ec8ff43e9 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h @@ -0,0 +1,154 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SSLIOP_CredentialsAcquirer.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +//============================================================================= + + +#ifndef TAO_SSLIOP_CREDENTIALS_ACQUIRER_H +#define TAO_SSLIOP_CREDENTIALS_ACQUIRER_H + +#include "ace/pre.h" +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h" + +#include "orbsvcs/orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" + +#include "tao/LocalObject.h" + +#include <openssl/opensslconf.h> + + +#if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +#pragma warning(push) +#endif /* _MSC_VER >= 1200 */ +#pragma warning(disable:4250) +#endif /* _MSC_VER */ + + +/// Forward declarations for OpenSSL data structures. +extern "C" +{ + typedef struct x509_st X509; + typedef struct evp_pkey_st EVP_PKEY; +} + + +namespace TAO +{ + namespace SSLIOP + { + /** + * @class CredentialsAcquirer + * + * @brief SSLIOP-specific SecurityLevel3::CredentialsAcquirer + * implementation. + * + * This class generates SSLIOP-specific credentials. + */ + class TAO_SSLIOP_Export CredentialsAcquirer + : public virtual SecurityLevel3::CredentialsAcquirer, + public virtual TAO_Local_RefCounted_Object + { + public: + + /// Constructor + CredentialsAcquirer (TAO::SL3::CredentialsCurator_ptr curator, + const CORBA::Any & acquisition_arguments); + + /** + * @name SecurityLevel3::CredentialsAcquirer Methods + * + * Methods required by the SecurityLevel3::CredentialsAcquirer + * interface. + */ + //@{ + virtual char * acquisition_method (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::AcquisitionStatus current_status ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::ULong nth_iteration (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Any * get_continuation_data (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::AcquisitionStatus continue_acquisition ( + const CORBA::Any & acquisition_arguments + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::OwnCredentials_ptr get_credentials ( + CORBA::Boolean on_list + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void destroy (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + protected: + + /// Destructor + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechanism. + */ + ~CredentialsAcquirer (void); + + private: + + /// Verify that this CredentialsAcquirer object is still valid, + /// i.e. hasn't been destroyed. + void check_validity (ACE_ENV_SINGLE_ARG_DECL); + + /// Create an OpenSSL X.509 certificate data structure. + static ::X509 * make_X509 (const ::SSLIOP::File &certificate); + + /// Create an OpenSSL EVP_PKEY key data structure. + static ::EVP_PKEY * make_EVP_PKEY (const ::SSLIOP::File &key); + + private: + + /// Lock used for synchronization. + TAO_SYNCH_MUTEX lock_; + + /// Reference to the TAO CredentialsCurator implementation. + TAO::SL3::CredentialsCurator_var curator_; + + /// SSLIOP-specific credentials acquisition arguments. + const CORBA::Any & acquisition_arguments_; + + /// Has this CredentialsAcquirer object completed credentials + /// acquisition or been explicitly destroyed? + bool destroyed_; + + }; + + } // End SSLIOP namespace +} // End TAO namespace + + +#if defined(_MSC_VER) && (_MSC_VER >= 1200) +#pragma warning(pop) +#endif /* _MSC_VER */ + +#include "ace/post.h" + +#endif /* TAO_SSLIOP_CREDENTIALS_ACQUIRER_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.cpp new file mode 100644 index 00000000000..1f5593c6108 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.cpp @@ -0,0 +1,26 @@ +// $Id$ + +#include "SSLIOP_CredentialsAcquirerFactory.h" +#include "SSLIOP_CredentialsAcquirer.h" + + +ACE_RCSID (SSLIOP, + SSLIOP_CredentialsAcquirerFactory, + "$Id$") + + +SecurityLevel3::CredentialsAcquirer_ptr +TAO::SSLIOP::CredentialsAcquirerFactory::make ( + TAO::SL3::CredentialsCurator_ptr curator, + const CORBA::Any & acquisition_arguments + ACE_ENV_ARG_DECL) +{ + SecurityLevel3::CredentialsAcquirer_ptr ca; + ACE_NEW_THROW_EX (ca, + TAO::SSLIOP::CredentialsAcquirer (curator, + acquisition_arguments), + CORBA::NO_MEMORY ()); + ACE_CHECK_RETURN (SecurityLevel3::CredentialsAcquirer::_nil ()); + + return ca; +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h new file mode 100644 index 00000000000..a8cbe17ec27 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h @@ -0,0 +1,62 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SSLIOP_CredentialsAcquirerFactory.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +//============================================================================= + + +#ifndef TAO_SSLIOP_CREDENTIALS_ACQUIRER_FACTORY_H +#define TAO_SSLIOP_CREDENTIALS_ACQUIRER_FACTORY_H + +#include "ace/pre.h" + +#include "orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.h" + +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" + + +namespace TAO +{ + namespace SSLIOP + { + + /** + * @class CredentialsAcquirerFactory + * + * @brief SSLIOP-specific TAO::SL3::CredentialsAcquirerFactory + * implementation. + * + * This class generates SSLIOP::CredentialsAcquirer instances. + */ + class TAO_SSLIOP_Export CredentialsAcquirerFactory + : public virtual TAO::SL3::CredentialsAcquirerFactory + { + public: + + /// Create a TAO::SSLIOP::CredentialsAcquirerFactory. + virtual SecurityLevel3::CredentialsAcquirer_ptr make ( + TAO::SL3::CredentialsCurator_ptr curator, + const CORBA::Any & acquisition_arguments + ACE_ENV_ARG_DECL); + + }; + + } // End SSLIOP namespace +} // End TAO namespace + + +#include "ace/post.h" + +#endif /* TAO_SSLIOP_CREDENTIALS_ACQUIRER_FACTORY_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp index 11d9fd900a1..0b458f46647 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp @@ -1,10 +1,8 @@ -// -*- C++ -*- - #include "SSLIOP_Current.h" #include "tao/debug.h" -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, SSLIOP_Current, "$Id$") @@ -14,38 +12,35 @@ ACE_RCSID (TAO_SSLIOP, #endif /* __ACE_INLINE__ */ -int TAO_SSLIOP_Current::_tao_class_id = 0; - - -TAO_SSLIOP_Current::TAO_SSLIOP_Current (TAO_ORB_Core *orb_core) +TAO::SSLIOP::Current::Current (TAO_ORB_Core *orb_core) : tss_slot_ (0), orb_core_ (orb_core) { } -TAO_SSLIOP_Current::~TAO_SSLIOP_Current (void) +TAO::SSLIOP::Current::~Current (void) { } -SSLIOP::ASN_1_Cert * -TAO_SSLIOP_Current::get_peer_certificate ( +::SSLIOP::ASN_1_Cert * +TAO::SSLIOP::Current::get_peer_certificate ( ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException, SSLIOP::Current::NoContext)) { - TAO_SSLIOP_Current_Impl *impl = this->implementation (); + TAO::SSLIOP::Current_Impl *impl = this->implementation (); // If the implementation pointer returned from TSS is zero, then // we're not in the middle of a request or an upcall. Throw an // exception to indicate that. if (impl == 0) - ACE_THROW_RETURN (SSLIOP::Current::NoContext (), 0); + ACE_THROW_RETURN (::SSLIOP::Current::NoContext (), 0); // A valid value must always be returned, so instantiate a sequence // regardless of whether or not it is populated with certificates. - SSLIOP::ASN_1_Cert *c = 0; + ::SSLIOP::ASN_1_Cert *c = 0; ACE_NEW_THROW_EX (c, - SSLIOP::ASN_1_Cert, + ::SSLIOP::ASN_1_Cert, CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -53,7 +48,7 @@ TAO_SSLIOP_Current::get_peer_certificate ( CORBA::COMPLETED_NO)); ACE_CHECK_RETURN (0); - SSLIOP::ASN_1_Cert_var certificate = c; + ::SSLIOP::ASN_1_Cert_var certificate = c; // Populate the sequence with the DER encoded certificate. impl->get_peer_certificate (c); @@ -62,12 +57,12 @@ TAO_SSLIOP_Current::get_peer_certificate ( } SSLIOP::SSL_Cert * -TAO_SSLIOP_Current::get_peer_certificate_chain ( +TAO::SSLIOP::Current::get_peer_certificate_chain ( ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException, SSLIOP::Current::NoContext)) { - TAO_SSLIOP_Current_Impl *impl = this->implementation (); + TAO::SSLIOP::Current_Impl *impl = this->implementation (); // If the implementation pointer returned from TSS is zero, then // we're not in the middle of a request or an upcall. Throw an @@ -77,9 +72,9 @@ TAO_SSLIOP_Current::get_peer_certificate_chain ( // A valid value must always be returned, so instantiate a sequence // regardless of whether or not it is populated with certificates. - SSLIOP::SSL_Cert *c = 0; + ::SSLIOP::SSL_Cert *c = 0; ACE_NEW_THROW_EX (c, - SSLIOP::SSL_Cert, + ::SSLIOP::SSL_Cert, CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -87,7 +82,7 @@ TAO_SSLIOP_Current::get_peer_certificate_chain ( CORBA::COMPLETED_NO)); ACE_CHECK_RETURN (0); - SSLIOP::SSL_Cert_var cert_chain = c; + ::SSLIOP::SSL_Cert_var cert_chain = c; // Populate the sequence with the chain of DER encoded certificates. impl->get_peer_certificate_chain (c); @@ -96,16 +91,16 @@ TAO_SSLIOP_Current::get_peer_certificate_chain ( } CORBA::Boolean -TAO_SSLIOP_Current::no_context (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::SSLIOP::Current::no_context (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { return (this->implementation () == 0 ? 1 : 0); } void -TAO_SSLIOP_Current::setup (TAO_SSLIOP_Current_Impl *&prev_impl, - TAO_SSLIOP_Current_Impl *new_impl, - CORBA::Boolean &setup_done) +TAO::SSLIOP::Current::setup (TAO::SSLIOP::Current_Impl *&prev_impl, + TAO::SSLIOP::Current_Impl *new_impl, + bool &setup_done) { // Set the current context and remember the old one. @@ -114,32 +109,32 @@ TAO_SSLIOP_Current::setup (TAO_SSLIOP_Current_Impl *&prev_impl, (void) this->implementation (new_impl); // Check for error? // Setup is complete. - setup_done = 1; + setup_done = true; } void -TAO_SSLIOP_Current::teardown (TAO_SSLIOP_Current_Impl *prev_impl, - CORBA::Boolean &setup_done) +TAO::SSLIOP::Current::teardown (TAO::SSLIOP::Current_Impl *prev_impl, + bool &setup_done) { if (setup_done) { // Reset the old context. (void) this->implementation (prev_impl); - setup_done = 0; + setup_done = false; } } -TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current::_narrow ( +TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current::_narrow ( CORBA::Object_ptr obj ACE_ENV_ARG_DECL_NOT_USED) { - return TAO_SSLIOP_Current::_duplicate ( - dynamic_cast<TAO_SSLIOP_Current *> (obj)); + return TAO::SSLIOP::Current::_duplicate ( + dynamic_cast<TAO::SSLIOP::Current *> (obj)); } -TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current::_duplicate (TAO_SSLIOP_Current_ptr obj) +TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current::_duplicate (TAO::SSLIOP::Current_ptr obj) { if (!CORBA::is_nil (obj)) obj->_add_ref (); @@ -148,44 +143,44 @@ TAO_SSLIOP_Current::_duplicate (TAO_SSLIOP_Current_ptr obj) } const char * -TAO_SSLIOP_Current::_interface_repository_id (void) const +TAO::SSLIOP::Current::_interface_repository_id (void) const { - return "IDL:TAO_SSLIOP_Current:1.0"; + return "IDL:TAO/SSLIOP/Current:1.0"; } // ---------------------------------------------------------------- -TAO_SSLIOP_Current_ptr +TAO::SSLIOP::Current_ptr tao_TAO_SSLIOP_Current_duplicate ( - TAO_SSLIOP_Current_ptr p + TAO::SSLIOP::Current_ptr p ) { - return TAO_SSLIOP_Current::_duplicate (p); + return TAO::SSLIOP::Current::_duplicate (p); } void tao_TAO_SSLIOP_Current_release ( - TAO_SSLIOP_Current_ptr p + TAO::SSLIOP::Current_ptr p ) { CORBA::release (p); } -TAO_SSLIOP_Current_ptr +TAO::SSLIOP::Current_ptr tao_TAO_SSLIOP_Current_nil ( void ) { - return TAO_SSLIOP_Current::_nil (); + return TAO::SSLIOP::Current::_nil (); } -TAO_SSLIOP_Current_ptr +TAO::SSLIOP::Current_ptr tao_TAO_SSLIOP_Current_narrow ( CORBA::Object *p ACE_ENV_ARG_DECL ) { - return TAO_SSLIOP_Current::_narrow (p ACE_ENV_ARG_PARAMETER); + return TAO::SSLIOP::Current::_narrow (p ACE_ENV_ARG_PARAMETER); } CORBA::Object * @@ -193,133 +188,133 @@ tao_TAO_SSLIOP_Current_upcast ( void *src ) { - TAO_SSLIOP_Current **tmp = - ACE_static_cast (TAO_SSLIOP_Current **, src); + TAO::SSLIOP::Current **tmp = + static_cast<TAO::SSLIOP::Current **> (src); return *tmp; } // ************************************************************* -// Operations for class TAO_SSLIOP_Current_var +// Operations for class TAO::SSLIOP::Current_var // ************************************************************* -TAO_SSLIOP_Current_var::TAO_SSLIOP_Current_var (void) // default constructor - : ptr_ (TAO_SSLIOP_Current::_nil ()) +TAO::SSLIOP::Current_var::Current_var (void) // default constructor + : ptr_ (TAO::SSLIOP::Current::_nil ()) { } -::TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current_var::ptr (void) const +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::ptr (void) const { return this->ptr_; } -TAO_SSLIOP_Current_var::TAO_SSLIOP_Current_var ( - const ::TAO_SSLIOP_Current_var &p) +TAO::SSLIOP::Current_var::Current_var ( + const ::TAO::SSLIOP::Current_var &p) : TAO_Base_var (), - ptr_ (TAO_SSLIOP_Current::_duplicate (p.ptr ())) + ptr_ (TAO::SSLIOP::Current::_duplicate (p.ptr ())) { } -TAO_SSLIOP_Current_var::~TAO_SSLIOP_Current_var (void) +TAO::SSLIOP::Current_var::~Current_var (void) { CORBA::release (this->ptr_); } -TAO_SSLIOP_Current_var & -TAO_SSLIOP_Current_var::operator= (TAO_SSLIOP_Current_ptr p) +TAO::SSLIOP::Current_var & +TAO::SSLIOP::Current_var::operator= (TAO::SSLIOP::Current_ptr p) { CORBA::release (this->ptr_); this->ptr_ = p; return *this; } -TAO_SSLIOP_Current_var & -TAO_SSLIOP_Current_var::operator= (const ::TAO_SSLIOP_Current_var &p) +TAO::SSLIOP::Current_var & +TAO::SSLIOP::Current_var::operator= (const ::TAO::SSLIOP::Current_var &p) { if (this != &p) { CORBA::release (this->ptr_); - this->ptr_ = ::TAO_SSLIOP_Current::_duplicate (p.ptr ()); + this->ptr_ = ::TAO::SSLIOP::Current::_duplicate (p.ptr ()); } return *this; } -TAO_SSLIOP_Current_var::operator const ::TAO_SSLIOP_Current_ptr &() const +TAO::SSLIOP::Current_var::operator const ::TAO::SSLIOP::Current_ptr &() const { return this->ptr_; } -TAO_SSLIOP_Current_var::operator ::TAO_SSLIOP_Current_ptr &() +TAO::SSLIOP::Current_var::operator ::TAO::SSLIOP::Current_ptr &() { return this->ptr_; } -::TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current_var::operator-> (void) const +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::operator-> (void) const { return this->ptr_; } -::TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current_var::in (void) const +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::in (void) const { return this->ptr_; } -::TAO_SSLIOP_Current_ptr & -TAO_SSLIOP_Current_var::inout (void) +::TAO::SSLIOP::Current_ptr & +TAO::SSLIOP::Current_var::inout (void) { return this->ptr_; } -::TAO_SSLIOP_Current_ptr & -TAO_SSLIOP_Current_var::out (void) +::TAO::SSLIOP::Current_ptr & +TAO::SSLIOP::Current_var::out (void) { CORBA::release (this->ptr_); - this->ptr_ = ::TAO_SSLIOP_Current::_nil (); + this->ptr_ = ::TAO::SSLIOP::Current::_nil (); return this->ptr_; } -::TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current_var::_retn (void) +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::_retn (void) { // yield ownership of managed obj reference - ::TAO_SSLIOP_Current_ptr val = this->ptr_; - this->ptr_ = ::TAO_SSLIOP_Current::_nil (); + ::TAO::SSLIOP::Current_ptr val = this->ptr_; + this->ptr_ = ::TAO::SSLIOP::Current::_nil (); return val; } -::TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current_var::tao_duplicate (TAO_SSLIOP_Current_ptr p) +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::tao_duplicate (TAO::SSLIOP::Current_ptr p) { - return ::TAO_SSLIOP_Current::_duplicate (p); + return ::TAO::SSLIOP::Current::_duplicate (p); } void -TAO_SSLIOP_Current_var::tao_release (TAO_SSLIOP_Current_ptr p) +TAO::SSLIOP::Current_var::tao_release (TAO::SSLIOP::Current_ptr p) { CORBA::release (p); } -::TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current_var::tao_nil (void) +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::tao_nil (void) { - return ::TAO_SSLIOP_Current::_nil (); + return ::TAO::SSLIOP::Current::_nil (); } -::TAO_SSLIOP_Current_ptr -TAO_SSLIOP_Current_var::tao_narrow ( +::TAO::SSLIOP::Current_ptr +TAO::SSLIOP::Current_var::tao_narrow ( CORBA::Object *p ACE_ENV_ARG_DECL ) { - return ::TAO_SSLIOP_Current::_narrow (p ACE_ENV_ARG_PARAMETER); + return ::TAO::SSLIOP::Current::_narrow (p ACE_ENV_ARG_PARAMETER); } CORBA::Object * -TAO_SSLIOP_Current_var::tao_upcast (void *src) +TAO::SSLIOP::Current_var::tao_upcast (void *src) { - TAO_SSLIOP_Current **tmp = - ACE_static_cast (TAO_SSLIOP_Current **, src); + TAO::SSLIOP::Current **tmp = + static_cast<TAO::SSLIOP::Current **> (src); return *tmp; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h index dcb498ddd4c..1ff1ab76fb4 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h @@ -6,7 +6,7 @@ * * $Id$ * - * @author Ossama Othman <ossama@uci.edu> + * @author Ossama Othman <ossama@dre.vanderbilt.edu> */ // =================================================================== @@ -36,176 +36,177 @@ #endif /* _MSC_VER */ -class TAO_SSLIOP_Current; -class TAO_SSLIOP_Current_var; -typedef TAO_SSLIOP_Current *TAO_SSLIOP_Current_ptr; - - -/** - * @class TAO_SSLIOP_Current - * - * @brief Implementation of the TAO SSLIOP::Current extension. - * - * This object can be used to obtain SSL session related information - * about the current execution context. For example, SSL peer - * certificate chains for the current request can be obtained from - * this object. - */ -class TAO_SSLIOP_Export TAO_SSLIOP_Current - : public SSLIOP::Current, - public TAO_Local_RefCounted_Object +namespace TAO { -public: - - /// Constructor. - TAO_SSLIOP_Current (TAO_ORB_Core *orb_core); - - /// Return the peer certificate associated with the current - /// request. - virtual SSLIOP::ASN_1_Cert * get_peer_certificate ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - SSLIOP::Current::NoContext)); - - /// Return the certificate chain associated with the current - /// execution context. If no SSL session is being used for the - /// request or upcall, then the NoContext exception is raised. - /// - /// On the client side, the chain does include the peer (server) - /// certficate. However, the certificate chain on the server side - /// does NOT contain the peer (client) certificate. - virtual SSLIOP::SSL_Cert * get_peer_certificate_chain ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - SSLIOP::Current::NoContext)); - - /// Returns true if the current execution context is not within a - /// SSL session. This method is mostly useful as an inexpensive - /// means of determining whether or not SSL session state is - /// available. - virtual CORBA::Boolean no_context ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Set the TSS slot ID assigned to this object. - void tss_slot (size_t slot); - - /// Setup the Current. - void setup (TAO_SSLIOP_Current_Impl *&prev_impl, - TAO_SSLIOP_Current_Impl *new_impl, - CORBA::Boolean &setup_done); - - /// Teardown the Current for this request. - void teardown (TAO_SSLIOP_Current_Impl *prev_impl, - CORBA::Boolean &setup_done); - - /** - * @name Downcast and Reference Counting Methods - * - * These are basically the same methods generated by the IDL - * compiler for all IDL interfaces. - */ - //@{ + namespace SSLIOP + { + class Current; + class Current_var; + typedef Current * Current_ptr; + + /** + * @class Current + * + * @brief Implementation of the TAO SSLIOP::Current extension. + * + * This object can be used to obtain SSL session related + * information about the current execution context. For example, + * SSL peer certificate chains for the current request can be + * obtained from this object. + */ + class TAO_SSLIOP_Export Current + : public ::SSLIOP::Current, + public TAO_Local_RefCounted_Object + { + public: + + /// Constructor. + Current (TAO_ORB_Core *orb_core); + + /// Return the peer certificate associated with the current + /// request. + virtual ::SSLIOP::ASN_1_Cert * get_peer_certificate ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException, + ::SSLIOP::Current::NoContext)); + + /** + * Return the certificate chain associated with the current + * execution context. If no SSL session is being used for the + * request or upcall, then the NoContext exception is raised. + * On the client side, the chain does include the peer (server) + * certficate. However, the certificate chain on the server + * side does NOT contain the peer (client) certificate. + */ + virtual ::SSLIOP::SSL_Cert * get_peer_certificate_chain ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException, + ::SSLIOP::Current::NoContext)); + + /** + * This method is mostly useful as an inexpensive means of + * determining whether or not SSL session state is available. + * + * @return @c true if the current execution context is not + * within a SSL session. + */ + virtual CORBA::Boolean no_context (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + /// Set the TSS slot ID assigned to this object. + void tss_slot (size_t slot); + + /// Setup the Current. + void setup (Current_Impl *& prev_impl, + Current_Impl * new_impl, + bool &setup_done); + + /// Teardown the Current for this request. + void teardown (Current_Impl *prev_impl, + bool &setup_done); + + /** + * @name Downcast and Reference Counting Methods + * + * These are basically the same methods generated by the IDL + * compiler for all IDL interfaces. + */ + //@{ #if !defined(__GNUC__) || !defined (ACE_HAS_GNUG_PRE_2_8) - typedef TAO_SSLIOP_Current_ptr _ptr_type; - typedef TAO_SSLIOP_Current_var _var_type; + typedef Current_ptr _ptr_type; + typedef Current_var _var_type; #endif /* ! __GNUC__ || g++ >= 2.8 */ - static int _tao_class_id; + static int _tao_class_id; - // The static operations. - static TAO_SSLIOP_Current_ptr _duplicate (TAO_SSLIOP_Current_ptr obj); + // The static operations. + static Current_ptr _duplicate (Current_ptr obj); - static TAO_SSLIOP_Current_ptr _narrow ( - CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_WITH_DEFAULTS); + static Current_ptr _narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL); - static TAO_SSLIOP_Current_ptr _unchecked_narrow ( - CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_WITH_DEFAULTS); + static Current_ptr _unchecked_narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL); - static TAO_SSLIOP_Current_ptr _nil (void) - { - return (TAO_SSLIOP_Current_ptr)0; - } + static Current_ptr _nil (void) + { + return (Current_ptr)0; + } - virtual const char* _interface_repository_id (void) const; - //@} + virtual const char* _interface_repository_id (void) const; + //@} -protected: + protected: - /// Destructor - /// Protected to force allocation on the heap. - ~TAO_SSLIOP_Current (void); + /// Destructor + ~Current (void); - /// Set the TSS SSLIOP::Current implementation. - int implementation (TAO_SSLIOP_Current_Impl *impl); + /// Set the TSS SSLIOP::Current implementation. + int implementation (Current_Impl *impl); - /// Return the TSS SSLIOP::Current implementation. - TAO_SSLIOP_Current_Impl *implementation (void); + /// Return the TSS SSLIOP::Current implementation. + Current_Impl *implementation (void); -private: + private: - /// Prevent copying through the copy constructor and the assignment - /// operator. - //@{ - ACE_UNIMPLEMENTED_FUNC ( - TAO_SSLIOP_Current (const TAO_SSLIOP_Current &)) - ACE_UNIMPLEMENTED_FUNC (void operator= (const TAO_SSLIOP_Current &)) - //@} + /// Prevent copying through the copy constructor and the assignment + /// operator. + //@{ + ACE_UNIMPLEMENTED_FUNC (Current (const Current &)) + ACE_UNIMPLEMENTED_FUNC (void operator= (const Current &)) + //@} -private: + private: - /// TSS slot assigned to this object. - size_t tss_slot_; + /// TSS slot assigned to this object. + size_t tss_slot_; - /// Pointer to the ORB Core corresponding to the ORB with which this - /// object is registered. - TAO_ORB_Core *orb_core_; + /// Pointer to the ORB Core corresponding to the ORB with which this + /// object is registered. + TAO_ORB_Core *orb_core_; -}; - -class TAO_SSLIOP_Current_var : public TAO_Base_var -{ -public: - TAO_SSLIOP_Current_var (void); // default constructor - TAO_SSLIOP_Current_var (TAO_SSLIOP_Current_ptr p) : ptr_ (p) {} - TAO_SSLIOP_Current_var (const TAO_SSLIOP_Current_var &); // copy constructor - ~TAO_SSLIOP_Current_var (void); // destructor - - TAO_SSLIOP_Current_var &operator= (TAO_SSLIOP_Current_ptr); - TAO_SSLIOP_Current_var &operator= (const TAO_SSLIOP_Current_var &); - TAO_SSLIOP_Current_ptr operator-> (void) const; - - operator const TAO_SSLIOP_Current_ptr &() const; - operator TAO_SSLIOP_Current_ptr &(); - // in, inout, out, _retn - TAO_SSLIOP_Current_ptr in (void) const; - TAO_SSLIOP_Current_ptr &inout (void); - TAO_SSLIOP_Current_ptr &out (void); - TAO_SSLIOP_Current_ptr _retn (void); - TAO_SSLIOP_Current_ptr ptr (void) const; - - // Hooks used by template sequence and object manager classes - // for non-defined forward declared interfaces. - static TAO_SSLIOP_Current_ptr tao_duplicate (TAO_SSLIOP_Current_ptr); - static void tao_release (TAO_SSLIOP_Current_ptr); - static TAO_SSLIOP_Current_ptr tao_nil (void); - static TAO_SSLIOP_Current_ptr tao_narrow ( - CORBA::Object * - ACE_ENV_ARG_DECL_NOT_USED - ); - static CORBA::Object * tao_upcast (void *); - -private: - TAO_SSLIOP_Current_ptr ptr_; - // Unimplemented - prevents widening assignment. - TAO_SSLIOP_Current_var (const TAO_Base_var &rhs); - TAO_SSLIOP_Current_var &operator= (const TAO_Base_var &rhs); -}; + }; + class Current_var : public TAO_Base_var + { + public: + Current_var (void); // default constructor + Current_var (Current_ptr p) : ptr_ (p) {} + Current_var (const Current_var &); // copy constructor + ~Current_var (void); // destructor + + Current_var &operator= (Current_ptr); + Current_var &operator= (const Current_var &); + Current_ptr operator-> (void) const; + + operator const Current_ptr &() const; + operator Current_ptr &(); + // in, inout, out, _retn + Current_ptr in (void) const; + Current_ptr &inout (void); + Current_ptr &out (void); + Current_ptr _retn (void); + Current_ptr ptr (void) const; + + // Hooks used by template sequence and object manager classes + // for non-defined forward declared interfaces. + static Current_ptr tao_duplicate (Current_ptr); + static void tao_release (Current_ptr); + static Current_ptr tao_nil (void); + static Current_ptr tao_narrow (CORBA::Object * + ACE_ENV_ARG_DECL); + static CORBA::Object * tao_upcast (void *); + + private: + Current_ptr ptr_; + // Unimplemented - prevents widening assignment. + Current_var (const TAO_Base_var &rhs); + Current_var &operator= (const TAO_Base_var &rhs); + }; + } // End SSLIOP namespace. +} // End TAO namespace. #if defined (__ACE_INLINE__) # include "SSLIOP_Current.inl" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.inl index 92645108d36..cef3feb365c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.inl @@ -3,13 +3,13 @@ // $Id$ ACE_INLINE void -TAO_SSLIOP_Current::tss_slot (size_t slot) +TAO::SSLIOP::Current::tss_slot (size_t slot) { this->tss_slot_ = slot; } ACE_INLINE int -TAO_SSLIOP_Current::implementation (TAO_SSLIOP_Current_Impl *impl) +TAO::SSLIOP::Current::implementation (TAO::SSLIOP::Current_Impl *impl) { if (this->orb_core_ == 0) return -1; @@ -17,21 +17,20 @@ TAO_SSLIOP_Current::implementation (TAO_SSLIOP_Current_Impl *impl) return this->orb_core_->set_tss_resource (this->tss_slot_, impl); } -ACE_INLINE TAO_SSLIOP_Current_Impl * -TAO_SSLIOP_Current::implementation (void) +ACE_INLINE TAO::SSLIOP::Current_Impl * +TAO::SSLIOP::Current::implementation (void) { if (this->orb_core_ == 0) return 0; - TAO_Security_Current_Impl *impl = - ACE_static_cast (TAO_Security_Current_Impl *, - this->orb_core_->get_tss_resource (this->tss_slot_)); + TAO::SL3::SecurityCurrent_Impl *impl = + static_cast<TAO::SL3::SecurityCurrent_Impl *> ( + this->orb_core_->get_tss_resource (this->tss_slot_)); // Make sure we've got SSL session state in TSS before allowing // further use of the SSLIOP::Current object. - if (impl != 0 && impl->tag () == SSLIOP::TAG_SSL_SEC_TRANS) - return ACE_dynamic_cast (TAO_SSLIOP_Current_Impl *, - impl); + if (impl != 0 && impl->tag () == ::SSLIOP::TAG_SSL_SEC_TRANS) + return dynamic_cast<TAO::SSLIOP::Current_Impl *> (impl); return 0; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp index 39edf70a22c..ee65fa48380 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp @@ -1,168 +1,70 @@ -// -*- C++ -*- - #include "SSLIOP_Current_Impl.h" + #include "ace/OS_String.h" -ACE_RCSID (TAO_SSLIOP, + +ACE_RCSID (SSLIOP, SSLIOP_Current_Impl, "$Id$") + #if !defined (__ACE_INLINE__) # include "SSLIOP_Current_Impl.inl" #endif /* __ACE_INLINE__ */ #include "SSLIOP_X509.h" -#include "SSLIOP_ReceivedCredentials.h" +#include "SSLIOP_ClientCredentials.h" #include <openssl/x509.h> -TAO_SSLIOP_Current_Impl::~TAO_SSLIOP_Current_Impl (void) -{ -} - -Security::AttributeList * -TAO_SSLIOP_Current_Impl::get_attributes ( - const Security::AttributeTypeList &attributes - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) +TAO::SSLIOP::Current_Impl::~Current_Impl (void) { - CORBA::ULong len = attributes.length (); - - // A valid value must always be returned, so instantiate a sequence - // regardless of whether or not it is populated. - // - // The maximum length of the AttributeList will never be larger than - // the length of the AttributeTypeList. - Security::AttributeList * attribute_list = 0; - ACE_NEW_THROW_EX (attribute_list, - Security::AttributeList (len), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - - Security::AttributeList_var safe_attribute_list = attribute_list; - - if (this->ssl_ == 0) - return safe_attribute_list._retn (); - - // @@ @todo If the Security::AttributeTypeList length is zero, then - // return all of the attributes. - - for (CORBA::ULong i = 0; i < len; ++i) - { - const Security::AttributeType &attribute = attributes[i]; - - // @@ Hacks just to get things going. Cleanup soon! - if (attribute.attribute_family.family_definer == 0 // OMG (?) - && attribute.attribute_family.family == 1 // privileges - && attribute.attribute_type == Security::AccessId) - { - CORBA::ULong j = attribute_list->length (); - attribute_list->length (j + 1); - - // ---------------------------------------------------- - // Set the attribute_type field. - // ---------------------------------------------------- - safe_attribute_list[j].attribute_type.attribute_type = - attribute.attribute_type; - - // ---------------------------------------------------- - // Set the defining_authority field. - // ---------------------------------------------------- - // SSLIOP uses X.509 certificates - const char x509[] = "x509"; - safe_attribute_list[j].defining_authority.length (sizeof (x509)); - CORBA::Octet *buf = - safe_attribute_list[j].defining_authority.get_buffer (); - ACE_OS_String::memcpy (buf, x509, sizeof (x509)); - - // ---------------------------------------------------- - // Set the DER encoded X.509 certificate as the value - // field. - // ---------------------------------------------------- - - // @@ This code should be refactored. The same operations - // are done in this->get_peer_certificate. - - TAO_SSLIOP_X509_var cert = - ::SSL_get_peer_certificate (this->ssl_); - if (cert.ptr () == 0) - { - // An error occurred, so do not include this attribute - // in the AttributeList. Drop the length to its - // previous value. - // @@ Not exactly exception-safe. C'est la vie. - attribute_list->length (j); - continue; - } - - // Get the size of the ASN.1 encoding. - int cert_length = ::i2d_X509 (cert.in (), 0); - if (cert_length <= 0) - { - // An error occurred, so do not include this attribute - // in the AttributeList. Drop the length to its - // previous value. - // @@ Not exactly exception-safe. C'est la vie. - attribute_list->length (j); - continue; - } - - safe_attribute_list[j].value.length (cert_length); - - CORBA::Octet *buffer = - safe_attribute_list[j].value.get_buffer (); - - // Convert from the internal X509 representation to the DER - // encoding representation. - (void) ::i2d_X509 (cert.in (), &buffer); - } - } - - return safe_attribute_list._retn (); } -SecurityLevel2::ReceivedCredentials_ptr -TAO_SSLIOP_Current_Impl::received_credentials ( +SecurityLevel3::ClientCredentials_ptr +TAO::SSLIOP::Current_Impl::client_credentials ( ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - TAO_SSLIOP_X509_var cert = ::SSL_get_peer_certificate (this->ssl_); + TAO::SSLIOP::X509_var cert = ::SSL_get_peer_certificate (this->ssl_); if (cert.ptr () == 0) ACE_THROW_RETURN (CORBA::BAD_OPERATION (), - SecurityLevel2::ReceivedCredentials::_nil ()); + SecurityLevel3::ClientCredentials::_nil ()); - TAO_SSLIOP_ReceivedCredentials *c = 0; - ACE_NEW_THROW_EX (c, - TAO_SSLIOP_ReceivedCredentials (cert.in (), 0), + SecurityLevel3::ClientCredentials_ptr creds; + ACE_NEW_THROW_EX (creds, + TAO::SSLIOP::ClientCredentials (cert.in (), 0), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, ENOMEM), CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (SecurityLevel2::ReceivedCredentials::_nil ()); + ACE_CHECK_RETURN (SecurityLevel3::ClientCredentials::_nil ()); - SecurityLevel2::ReceivedCredentials_var creds = c; + return creds; +} - return creds._retn (); +CORBA::Boolean +TAO::SSLIOP::Current_Impl::request_is_local (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } void -TAO_SSLIOP_Current_Impl::get_peer_certificate ( - SSLIOP::ASN_1_Cert *certificate) +TAO::SSLIOP::Current_Impl::get_peer_certificate ( + ::SSLIOP::ASN_1_Cert *certificate) { if (this->ssl_ == 0) return; - TAO_SSLIOP_X509_var cert = ::SSL_get_peer_certificate (this->ssl_); + TAO::SSLIOP::X509_var cert = ::SSL_get_peer_certificate (this->ssl_); if (cert.ptr () == 0) return; // Get the size of the ASN.1 encoding. - int cert_length = ::i2d_X509 (cert.in (), 0); + const int cert_length = ::i2d_X509 (cert.in (), 0); if (cert_length <= 0) return; @@ -176,17 +78,17 @@ TAO_SSLIOP_Current_Impl::get_peer_certificate ( } void -TAO_SSLIOP_Current_Impl::get_peer_certificate_chain ( - SSLIOP::SSL_Cert *cert_chain) +TAO::SSLIOP::Current_Impl::get_peer_certificate_chain ( + ::SSLIOP::SSL_Cert *cert_chain) { if (this->ssl_ == 0) return; - STACK_OF(X509) *certs = ::SSL_get_peer_cert_chain (this->ssl_); + STACK_OF (X509) *certs = ::SSL_get_peer_cert_chain (this->ssl_); if (certs == 0) return; - int chain_length = sk_X509_num (certs); + const int chain_length = sk_X509_num (certs); cert_chain->length (chain_length); // Copy the peer certificate chain to the SSLIOP::SSL_Cert @@ -194,14 +96,14 @@ TAO_SSLIOP_Current_Impl::get_peer_certificate_chain ( for (int i = 0; i < chain_length; ++i) { // Extract the certificate from the OpenSSL X509 stack. - X509 *x = sk_X509_value (certs, i); + ::X509 *x = sk_X509_value (certs, i); // Get the size of the ASN.1 encoding. - int cert_length = ::i2d_X509 (x, 0); + const int cert_length = ::i2d_X509 (x, 0); if (cert_length <= 0) continue; // @@ What do we do if there is an error? - SSLIOP::ASN_1_Cert &certificate = (*cert_chain)[i]; + ::SSLIOP::ASN_1_Cert &certificate = (*cert_chain)[i]; certificate.length (cert_length); CORBA::Octet *buffer = certificate.get_buffer (); @@ -213,7 +115,7 @@ TAO_SSLIOP_Current_Impl::get_peer_certificate_chain ( } CORBA::ULong -TAO_SSLIOP_Current_Impl::tag (void) const +TAO::SSLIOP::Current_Impl::tag (void) const { - return SSLIOP::TAG_SSL_SEC_TRANS; + return ::SSLIOP::TAG_SSL_SEC_TRANS; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h index b969ac5c993..6ba6569f23b 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h @@ -21,80 +21,85 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include <openssl/ssl.h> - #include "orbsvcs/orbsvcs/SSLIOPC.h" -#include "orbsvcs/orbsvcs/Security/Security_Current_Impl.h" +#include "orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.h" #include "tao/ORB_Core.h" -/** - * @class TAO_SSLIOP_Current_Impl - * - * @brief TSS portion of the TAO SSLIOP::Current extension. - * - * This class encapsulates the thread-specific state of an SSL - * session during a given upcall. - */ -class TAO_SSLIOP_Current_Impl - : public TAO_Security_Current_Impl -{ -public: - - /// Constructor. - TAO_SSLIOP_Current_Impl (void); - - /// Destructor - ~TAO_SSLIOP_Current_Impl (void); - - /// SSLIOP-specific version of the - /// SecurityLevel1::Current::get_attributes() method. - virtual Security::AttributeList * get_attributes ( - const Security::AttributeTypeList &attributes - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// SSLIOP-specific version of the - /// SecurityLevel2::Current::received_credentials() method. - virtual SecurityLevel2::ReceivedCredentials_ptr received_credentials ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return the SSL peer certificate associated with the - /// current request as an octet sequence, i.e. a DER encoded - /// certificate. - void get_peer_certificate (SSLIOP::ASN_1_Cert *certificate); - - /// Return the SSL peer certificate chain associated with the - /// current request as a sequence of DER encoded certificates. - void get_peer_certificate_chain (SSLIOP::SSL_Cert *cert_chain); - - /// Set the pointer to the underlying SSL session state. - void ssl (SSL *s); - - /// Return pointer to the SSL session state for the current upcall. - SSL *ssl (void); - -protected: - - /// Return the unique tag that identifies the concrete subclass. - virtual CORBA::ULong tag (void) const; - -private: - - /// Prevent copying through the copy constructor and the assignment - /// operator. - //@{ - ACE_UNIMPLEMENTED_FUNC ( - TAO_SSLIOP_Current_Impl (const TAO_SSLIOP_Current_Impl &)) - ACE_UNIMPLEMENTED_FUNC (void operator= (const TAO_SSLIOP_Current_Impl &)) - //@} - -private: - - /// The SSL session state corresponding to the current upcall. - SSL *ssl_; +#include <openssl/ssl.h> -}; +namespace TAO +{ + namespace SSLIOP + { + /** + * @class Current_Impl + * + * @brief TSS portion of the TAO SSLIOP::Current extension, and + * the SSLIOP-specific SecurityLevel3::SecurityCurrent + * object. + * + * This class encapsulates the thread-specific state of an SSL + * session during a given upcall. + */ + class Current_Impl : public TAO::SL3::SecurityCurrent_Impl + { + public: + + /// Constructor. + Current_Impl (void); + + /// Destructor + ~Current_Impl (void); + + /// Implementation of the SSLIOP-specific + /// SecurityLevel3::client_credentials() method. + virtual SecurityLevel3::ClientCredentials_ptr client_credentials ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + /// Implementation of the SSLIOP-specific + /// SecurityLevel3::request_is_local() method. + virtual CORBA::Boolean request_is_local ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + /// Return the SSL peer certificate associated with the + /// current request as an octet sequence, i.e. a DER encoded + /// certificate. + void get_peer_certificate (::SSLIOP::ASN_1_Cert *certificate); + + /// Return the SSL peer certificate chain associated with the + /// current request as a sequence of DER encoded certificates. + void get_peer_certificate_chain (::SSLIOP::SSL_Cert *cert_chain); + + /// Set the pointer to the underlying SSL session state. + void ssl (SSL *s); + + /// Return pointer to the SSL session state for the current upcall. + SSL *ssl (void); + + protected: + + /// Return the unique tag that identifies the concrete subclass. + virtual CORBA::ULong tag (void) const; + + private: + + /// Prevent copying through the copy constructor and the assignment + /// operator. + //@{ + Current_Impl (const Current_Impl &); + void operator= (const Current_Impl &); + //@} + + private: + + /// The SSL session state corresponding to the current upcall. + SSL *ssl_; + + }; + } // End SSLIOP namespace. +} // End TAO namespace. #if defined (__ACE_INLINE__) # include "SSLIOP_Current_Impl.inl" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl index 1f37e648c36..73f2e9a988b 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl @@ -4,19 +4,19 @@ ACE_INLINE -TAO_SSLIOP_Current_Impl::TAO_SSLIOP_Current_Impl (void) +TAO::SSLIOP::Current_Impl::Current_Impl (void) : ssl_ (0) { } ACE_INLINE void -TAO_SSLIOP_Current_Impl::ssl (SSL *s) +TAO::SSLIOP::Current_Impl::ssl (SSL *s) { this->ssl_ = s; } ACE_INLINE SSL * -TAO_SSLIOP_Current_Impl::ssl (void) +TAO::SSLIOP::Current_Impl::ssl (void) { return this->ssl_; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp index 8f259357ea8..2f461de27f1 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp @@ -3,7 +3,7 @@ #include "SSLIOP_EVP_PKEY.h" -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, SSLIOP_EVP_PKEY, "$Id$") diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h index 79495f02828..a316efd37c7 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h @@ -26,84 +26,74 @@ #include <openssl/crypto.h> #include <openssl/evp.h> - -/** - * @class TAO_SSLIOP_EVP_PKEY - * - * @brief Class/namespace that contains TAO-specific OpenSSL EVP_PKEY - * data structure manipulation functions. - * - * This class provides CORBA-like _duplicate() and release() methods. - * They are simply EVP_PKEY CORBA-style reference count manipulation - * methods. - */ -class TAO_SSLIOP_EVP_PKEY +namespace TAO { -public: - - /** - * @name CORBA-style Reference Count Manipulation Methods - */ - /// Increase the reference count on the given EVP_PKEY structure. - static EVP_PKEY *_duplicate (EVP_PKEY *key); - - /// Decrease the reference count on the given EVP_PKEY structure. - static void release (EVP_PKEY *key); - -}; - -/** - * @class TAO_SSLIOP_EVP_PKEY_var - * - * @brief "_var" class for the OpenSSL @param EVP_PKEY structure. - * - * This class is simply used to make operations on instances of the - * OpenSSL @param EVP_PKEY structures exception safe. It is only used - * internally by the SSLIOP pluggable protocol. - */ -class TAO_SSLIOP_EVP_PKEY_var : public TAO_Base_var -{ -public: - - /** - * @name Constructors - */ - //@{ - TAO_SSLIOP_EVP_PKEY_var (void); - TAO_SSLIOP_EVP_PKEY_var (EVP_PKEY *x); - TAO_SSLIOP_EVP_PKEY_var (const TAO_SSLIOP_EVP_PKEY_var &); - //@} - - /// Destructor - ~TAO_SSLIOP_EVP_PKEY_var (void); - - TAO_SSLIOP_EVP_PKEY_var &operator= (EVP_PKEY *); - TAO_SSLIOP_EVP_PKEY_var &operator= (const TAO_SSLIOP_EVP_PKEY_var &); - const EVP_PKEY *operator-> (void) const; - EVP_PKEY *operator-> (void); - - operator const EVP_PKEY &() const; - operator EVP_PKEY &(); - - EVP_PKEY *in (void) const; - EVP_PKEY *&inout (void); - EVP_PKEY *&out (void); - EVP_PKEY *_retn (void); - EVP_PKEY *ptr (void) const; - -private: - - // Unimplemented - prevents widening assignment. - TAO_SSLIOP_EVP_PKEY_var (const TAO_Base_var &rhs); - TAO_SSLIOP_EVP_PKEY_var &operator= (const TAO_Base_var &rhs); - -private: - - /// The OpenSSL EVP_PKEY structure that represents a private key. - EVP_PKEY *evp_; - -}; - + namespace SSLIOP + { + /** + * @name CORBA-style Reference Count Manipulation Methods + */ + /// Increase the reference count on the given EVP_PKEY structure. + ::EVP_PKEY *_duplicate (::EVP_PKEY *key); + + /// Decrease the reference count on the given EVP_PKEY structure. + void release (::EVP_PKEY *key); + + /** + * @class EVP_PKEY_var + * + * @brief "_var" class for the OpenSSL @param EVP_PKEY structure. + * + * This class is simply used to make operations on instances of + * the OpenSSL @param EVP_PKEY structures exception safe. It is + * only used internally by the SSLIOP pluggable protocol. + */ + class EVP_PKEY_var : private TAO_Base_var + { + public: + + /** + * @name Constructors + */ + //@{ + EVP_PKEY_var (void); + EVP_PKEY_var (::EVP_PKEY *x); + EVP_PKEY_var (const EVP_PKEY_var &); + //@} + + /// Destructor + ~EVP_PKEY_var (void); + + EVP_PKEY_var &operator= (::EVP_PKEY *); + EVP_PKEY_var &operator= (const EVP_PKEY_var &); + const ::EVP_PKEY *operator-> (void) const; + ::EVP_PKEY *operator-> (void); + + operator const ::EVP_PKEY &() const; + operator ::EVP_PKEY &(); + + ::EVP_PKEY *in (void) const; + ::EVP_PKEY *&inout (void); + ::EVP_PKEY *&out (void); + ::EVP_PKEY *_retn (void); + ::EVP_PKEY *ptr (void) const; + + private: + + // Unimplemented - prevents widening assignment. + EVP_PKEY_var (const TAO_Base_var &rhs); + EVP_PKEY_var &operator= (const TAO_Base_var &rhs); + + private: + + /// The OpenSSL @c EVP_PKEY structure that represents a private + /// key. + ::EVP_PKEY *evp_; + + }; + + } // End SSLIOP namespace. +} // End TAO namespace. #if defined (__ACE_INLINE__) #include "SSLIOP_EVP_PKEY.inl" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl index 6fd5035385a..e20b30e774d 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.inl @@ -2,8 +2,8 @@ // // $Id$ -ACE_INLINE EVP_PKEY * -TAO_SSLIOP_EVP_PKEY::_duplicate (EVP_PKEY *key) +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::_duplicate (::EVP_PKEY *key) { // OpenSSL provides no function to increase the reference count on // the EVP_PKEY structure, so we do it manually. @@ -14,7 +14,7 @@ TAO_SSLIOP_EVP_PKEY::_duplicate (EVP_PKEY *key) } ACE_INLINE void -TAO_SSLIOP_EVP_PKEY::release (EVP_PKEY *key) +TAO::SSLIOP::release (::EVP_PKEY *key) { // OpenSSL's EVP_PKEY_free() function already handles reference // counting properly. @@ -25,105 +25,105 @@ TAO_SSLIOP_EVP_PKEY::release (EVP_PKEY *key) // ------------------------------------------------------------------- ACE_INLINE -TAO_SSLIOP_EVP_PKEY_var::TAO_SSLIOP_EVP_PKEY_var (void) +TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (void) : evp_ (0) { } ACE_INLINE -TAO_SSLIOP_EVP_PKEY_var::TAO_SSLIOP_EVP_PKEY_var (EVP_PKEY *x) +TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (::EVP_PKEY *x) : evp_ (x) { } ACE_INLINE -TAO_SSLIOP_EVP_PKEY_var::TAO_SSLIOP_EVP_PKEY_var (const ::TAO_SSLIOP_EVP_PKEY_var &p) +TAO::SSLIOP::EVP_PKEY_var::EVP_PKEY_var (const TAO::SSLIOP::EVP_PKEY_var &p) : TAO_Base_var (), - evp_ (TAO_SSLIOP_EVP_PKEY::_duplicate (p.ptr ())) + evp_ (TAO::SSLIOP::_duplicate (p.ptr ())) { } ACE_INLINE -TAO_SSLIOP_EVP_PKEY_var::~TAO_SSLIOP_EVP_PKEY_var (void) +TAO::SSLIOP::EVP_PKEY_var::~EVP_PKEY_var (void) { - TAO_SSLIOP_EVP_PKEY::release (this->evp_); + TAO::SSLIOP::release (this->evp_); } -ACE_INLINE TAO_SSLIOP_EVP_PKEY_var & -TAO_SSLIOP_EVP_PKEY_var::operator= (EVP_PKEY *p) +ACE_INLINE TAO::SSLIOP::EVP_PKEY_var & +TAO::SSLIOP::EVP_PKEY_var::operator= (::EVP_PKEY *p) { - TAO_SSLIOP_EVP_PKEY::release (this->evp_); + TAO::SSLIOP::release (this->evp_); this->evp_ = p; return *this; } -ACE_INLINE ::TAO_SSLIOP_EVP_PKEY_var & -TAO_SSLIOP_EVP_PKEY_var::operator= (const ::TAO_SSLIOP_EVP_PKEY_var &p) +ACE_INLINE TAO::SSLIOP::EVP_PKEY_var & +TAO::SSLIOP::EVP_PKEY_var::operator= (const TAO::SSLIOP::EVP_PKEY_var &p) { if (this != &p) { - TAO_SSLIOP_EVP_PKEY::release (this->evp_); - this->evp_ = TAO_SSLIOP_EVP_PKEY::_duplicate (p.ptr ()); + TAO::SSLIOP::release (this->evp_); + this->evp_ = TAO::SSLIOP::_duplicate (p.ptr ()); } return *this; } -ACE_INLINE const EVP_PKEY * -TAO_SSLIOP_EVP_PKEY_var::operator-> (void) const +ACE_INLINE const ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::operator-> (void) const { return this->evp_; } -ACE_INLINE EVP_PKEY * -TAO_SSLIOP_EVP_PKEY_var::operator-> (void) +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::operator-> (void) { return this->evp_; } ACE_INLINE -TAO_SSLIOP_EVP_PKEY_var::operator const EVP_PKEY &() const +TAO::SSLIOP::EVP_PKEY_var::operator const ::EVP_PKEY &() const { return *this->evp_; } ACE_INLINE -TAO_SSLIOP_EVP_PKEY_var::operator EVP_PKEY &() +TAO::SSLIOP::EVP_PKEY_var::operator ::EVP_PKEY &() { return *this->evp_; } -ACE_INLINE EVP_PKEY * -TAO_SSLIOP_EVP_PKEY_var::in (void) const +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::in (void) const { return this->evp_; } -ACE_INLINE EVP_PKEY *& -TAO_SSLIOP_EVP_PKEY_var::inout (void) +ACE_INLINE ::EVP_PKEY *& +TAO::SSLIOP::EVP_PKEY_var::inout (void) { return this->evp_; } -ACE_INLINE EVP_PKEY *& -TAO_SSLIOP_EVP_PKEY_var::out (void) +ACE_INLINE ::EVP_PKEY *& +TAO::SSLIOP::EVP_PKEY_var::out (void) { EVP_PKEY_free (this->evp_); this->evp_ = 0; return this->evp_; } -ACE_INLINE EVP_PKEY * -TAO_SSLIOP_EVP_PKEY_var::_retn (void) +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::_retn (void) { // Yield ownership of the EVP_PKEY structure. - EVP_PKEY *x = this->evp_; + ::EVP_PKEY *x = this->evp_; this->evp_ = 0; return x; } -ACE_INLINE EVP_PKEY * -TAO_SSLIOP_EVP_PKEY_var::ptr (void) const +ACE_INLINE ::EVP_PKEY * +TAO::SSLIOP::EVP_PKEY_var::ptr (void) const { return this->evp_; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp index 3821163f851..0816283f5c9 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp @@ -1,27 +1,27 @@ -// This may look like C, but it's really -*- C++ -*- -// -// $Id$ - #include "SSLIOP_Endpoint.h" -#include "SSLIOP_Connection_Handler.h" + #include "tao/IIOP_Endpoint.h" +#include "ace/OS_NS_stdio.h" + + ACE_RCSID (SSLIOP, SSLIOP_Endpoint, "$Id$") + #if !defined (__ACE_INLINE__) # include "SSLIOP_Endpoint.i" #endif /* __ACE_INLINE__ */ -TAO_SSLIOP_Endpoint::TAO_SSLIOP_Endpoint (const SSLIOP::SSL *ssl_component, - TAO_IIOP_Endpoint *iiop_endp) +TAO_SSLIOP_Endpoint::TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component, + TAO_IIOP_Endpoint *iiop_endp) : TAO_Endpoint (IOP::TAG_INTERNET_IOP), object_addr_ (), next_ (0), iiop_endpoint_ (iiop_endp), - destroy_iiop_endpoint_ (0), - qop_ (Security::SecQOPIntegrityAndConfidentiality), + destroy_iiop_endpoint_ (false), + qop_ (::Security::SecQOPIntegrityAndConfidentiality), #if !defined (VXWORKS) && !defined (__QNX__) // Some compilers don't like the initialization trust_ (), @@ -49,9 +49,9 @@ TAO_SSLIOP_Endpoint::TAO_SSLIOP_Endpoint (const SSLIOP::SSL *ssl_component, // SSLIOP requires these Security::AssociationOptions by default. ACE_SET_BITS (this->ssl_component_.target_requires, - Security::Integrity - | Security::Confidentiality - | Security::NoDelegation); + ::Security::Integrity + | ::Security::Confidentiality + | ::Security::NoDelegation); // SSLIOP supports these Security::AssociationOptions by // default. @@ -60,11 +60,11 @@ TAO_SSLIOP_Endpoint::TAO_SSLIOP_Endpoint (const SSLIOP::SSL *ssl_component, // can't be sure if the server supports SSL, and TAO's SSLIOP // implementation must support IIOP over SSL and plain IIOP. ACE_SET_BITS (this->ssl_component_.target_supports, - Security::Integrity - | Security::Confidentiality - | Security::EstablishTrustInTarget - | Security::NoProtection - | Security::NoDelegation); + ::Security::Integrity + | ::Security::Confidentiality + | ::Security::EstablishTrustInTarget + | ::Security::NoProtection + | ::Security::NoDelegation); // Initialize the default SSL port to zero, not the IANA // assigned IIOP over SSL port (684). We usually only get here @@ -116,16 +116,15 @@ TAO_SSLIOP_Endpoint::next (void) CORBA::Boolean TAO_SSLIOP_Endpoint::is_equivalent (const TAO_Endpoint *other_endpoint) { - TAO_Endpoint *endpt = ACE_const_cast (TAO_Endpoint *, - other_endpoint); + TAO_Endpoint *endpt = const_cast<TAO_Endpoint *> (other_endpoint); TAO_SSLIOP_Endpoint *endpoint = - ACE_dynamic_cast (TAO_SSLIOP_Endpoint *, endpt); + dynamic_cast<TAO_SSLIOP_Endpoint *> (endpt); if (endpoint == 0) return 0; - Security::EstablishTrust t = endpoint->trust (); + ::Security::EstablishTrust t = endpoint->trust (); if ((this->ssl_component_.port != 0 && endpoint->ssl_component_.port != 0 @@ -150,14 +149,14 @@ TAO_SSLIOP_Endpoint::duplicate (void) // shouldnt be a problem as long as SSL is not used with RTCORBA. ACE_NEW_RETURN (endpoint, TAO_SSLIOP_Endpoint (&this->ssl_component_, - 0), + 0), 0); endpoint->qop (this->qop_); endpoint->trust (this->trust_); endpoint->credentials (this->credentials_.in ()); // Shallow copy - endpoint->iiop_endpoint (this->iiop_endpoint_, 1); + endpoint->iiop_endpoint (this->iiop_endpoint_, true); return endpoint; } @@ -204,25 +203,17 @@ TAO_SSLIOP_Endpoint::object_addr (void) const // Double checked locking optimization. if (this->object_addr_.get_type () != AF_INET) { - // We need to modify the object_addr_ in this method. Do so - // using a non-const copy of the <this> pointer. - ACE_INET_Addr &ssl_addr = - ACE_const_cast (ACE_INET_Addr &, this->object_addr_); - const ACE_INET_Addr &iiop_addr = this->iiop_endpoint_->object_addr (); - TAO_SSLIOP_Endpoint *ssl_endpoint = - ACE_const_cast (TAO_SSLIOP_Endpoint *, this); - ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, guard, - ssl_endpoint->addr_lookup_lock_, + this->addr_lookup_lock_, this->object_addr_); if (this->object_addr_.get_type () != AF_INET) { - ssl_addr = iiop_addr; - ssl_addr.set_port_number (this->ssl_component_.port); + this->object_addr_ = iiop_addr; + this->object_addr_.set_port_number (this->ssl_component_.port); } } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h index 1e2c6a52314..d4060f8c02a 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h @@ -24,148 +24,157 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ -#include "ace/INET_Addr.h" - -#include "tao/IIOP_Endpoint.h" -#include "orbsvcs/orbsvcs/SSLIOPC.h" - #include "SSLIOP_Credentials.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/SecurityC.h" -/// Tag for storing multiple ssl endpoints within a single profile. -const ACE_UINT32 TAO_TAG_SSL_ENDPOINTS = 0x54414f01U; - +#include "tao/IIOP_Endpoint.h" +#include "ace/INET_Addr.h" -/** - * @class TAO_SSLIOP_Endpoint - * - * @brief SSLIOP-specific implementation of PP Framework Endpoint - * interface. - * - * - */ -class TAO_SSLIOP_Export TAO_SSLIOP_Endpoint : public TAO_Endpoint +namespace TAO { -public: - - friend class TAO_SSLIOP_Profile; - - - /// Constructor - TAO_SSLIOP_Endpoint (const SSLIOP::SSL *ssl_component, - TAO_IIOP_Endpoint *iiop_endp); - - /// Destructor. - ~TAO_SSLIOP_Endpoint (void); - - /** - * @name TAO_Endpoint Methods - * - * See Endpoint.h for their documentation. - */ - //@{ - virtual TAO_Endpoint *next (void); - virtual int addr_to_string (char *buffer, size_t length); - - /// Return true if this endpoint is equivalent to @param - /// other_endpoint. - /** - * Two endpoints are equivalent iff their iiop counterparts are - * equivalent, and, if both have non-zero ssl ports, their ssl ports - * are the same. - */ - CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); - - /// Return a copy of the corresponding endpoints by allocating - /// memory. - virtual TAO_Endpoint *duplicate (void); - - /// Return a hash value for this object. - virtual CORBA::ULong hash (void); - //@} - - /** - * @name SSLIOP_Endpoint-specific Methods - */ - //@{ - /// Return SSL component corresponding to this endpoint. - const SSLIOP::SSL &ssl_component (void) const; - - /// Accessor to our IIOP counterpart. - TAO_IIOP_Endpoint *iiop_endpoint (void) const; - - /// Mutator to our IIOP counterpart. - /** - * @param destroy If set to a non-zero value, then the - * TAO_SSLIOP_Endpoint object retains ownership of - * the given TAO_IIOP_Endpoint. - */ - void iiop_endpoint (TAO_IIOP_Endpoint *endpoint, int destroy); - - /// Return the SSLIOP-specific ACE_INET_Addr. - const ACE_INET_Addr &object_addr (void) const; - - /// Set the Quality-of-Protection settings for this endpoint. - void qop (Security::QOP qop); - - /// Get the Quality-of-Protection settings for this endpoint. - Security::QOP qop (void) const; - - /// Set the establishment of trust settings for this endpoint. - void trust (const Security::EstablishTrust &trust); - - /// Get the establishment of trust settings for this endpoint. - Security::EstablishTrust trust (void) const; - - /// Set the credentials for this endpoint. - void credentials (TAO_SSLIOP_Credentials_ptr creds); - - /// Get the credentials for this endpoint. - /** - * @note This method does not follow C++ mapping memory management - * rules. Specifically, no duplication or reference counting - * occurs in this method. This is so that no additional locks - * occur when checking the transport cache. - */ - TAO_SSLIOP_Credentials * credentials (void) const; - //@} - -private: - - /// Cache the SSL tagged component in a decoded format. Notice that - /// we do not need to marshal this object! - SSLIOP::SSL ssl_component_; - - /// Cached instance of ACE_INET_Addr for use in making invocations, - /// etc. - ACE_INET_Addr object_addr_; - - /// IIOP Endpoints can be stringed into a list. Return the next - /// endpoint in the list, if any. - TAO_SSLIOP_Endpoint *next_; - - /// IIOP counterpart. - /** - * Since SSLIOP is an 'extension' of IIOP, each SSLIOP_Endpoint - * contains SSL-specific information plus a pointer to the - * IIOP_Endpoint containing the IIOP portion of our address. - */ - TAO_IIOP_Endpoint *iiop_endpoint_; - - /// Flag that determines whether or not the iiop_endpoint_ member is - /// deallocated with delete(). - int destroy_iiop_endpoint_; - - /// Quailty-of-Protection settings for this endpoint object. - Security::QOP qop_; - - /// Establishment of trust settings for this endpoint object. - Security::EstablishTrust trust_; - - /// SSLIOP-specific credentials for this endpoint object. - TAO_SSLIOP_Credentials_var credentials_; - -}; + /// Tag for storing multiple ssl endpoints within a single profile. + const ACE_UINT32 TAG_SSL_ENDPOINTS = 0x54414f01U; +} + +// namespace TAO +// { +// namespace SSLIOP +// { + /** + * @class Endpoint + * + * @brief SSLIOP-specific implementation of PP Framework Endpoint + * interface. + * + * + */ + class TAO_SSLIOP_Export TAO_SSLIOP_Endpoint : public TAO_Endpoint + { + public: + + friend class TAO_SSLIOP_Profile; + + /// Constructor + TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component, + TAO_IIOP_Endpoint *iiop_endp); + + /// Destructor. + ~TAO_SSLIOP_Endpoint (void); + + /** + * @name TAO_Endpoint Methods + * + * See Endpoint.h for their documentation. + */ + //@{ + virtual TAO_Endpoint *next (void); + virtual int addr_to_string (char *buffer, size_t length); + + /// Return true if this endpoint is equivalent to @param + /// other_endpoint. + /** + * Two endpoints are equivalent iff their iiop counterparts are + * equivalent, and, if both have non-zero ssl ports, their ssl + * ports are the same. + */ + CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); + + /// Return a copy of the corresponding endpoints by allocating + /// memory. + virtual TAO_Endpoint *duplicate (void); + + /// Return a hash value for this object. + virtual CORBA::ULong hash (void); + //@} + + /** + * @name SSLIOP_Endpoint-specific Methods + */ + //@{ + /// Return SSL component corresponding to this endpoint. + const ::SSLIOP::SSL &ssl_component (void) const; + + /// Accessor to our IIOP counterpart. + TAO_IIOP_Endpoint *iiop_endpoint (void) const; + + /// Mutator to our IIOP counterpart. + /** + * @param destroy If set to @c true, the TAO::SSLIOP::Endpoint + * object retains ownership of the given + * TAO_IIOP_Endpoint. + */ + void iiop_endpoint (TAO_IIOP_Endpoint *endpoint, bool destroy); + + /// Return the SSLIOP-specific ACE_INET_Addr. + const ACE_INET_Addr &object_addr (void) const; + + /// Set the Quality-of-Protection settings for this endpoint. + void qop (::Security::QOP qop); + + /// Get the Quality-of-Protection settings for this endpoint. + ::Security::QOP qop (void) const; + + /// Set the establishment of trust settings for this endpoint. + void trust (const ::Security::EstablishTrust &trust); + + /// Get the establishment of trust settings for this endpoint. + ::Security::EstablishTrust trust (void) const; + + /// Set the credentials for this endpoint. + void credentials (TAO::SSLIOP::Credentials_ptr creds); + + /// Get the credentials for this endpoint. + /** + * @note This method does not follow C++ mapping memory + * management rules. Specifically, no duplication or + * reference counting occurs in this method. This is so + * that no additional locks occur when checking the + * transport cache. + */ + TAO::SSLIOP::Credentials * credentials (void) const; + //@} + + private: + + /// Cache the SSL tagged component in a decoded format. Notice + /// that we do not need to marshal this object! + ::SSLIOP::SSL ssl_component_; + + /// Cached instance of ACE_INET_Addr for use in making invocations, + /// etc. + mutable ACE_INET_Addr object_addr_; + + /// IIOP Endpoints can be stringed into a list. Return the next + /// endpoint in the list, if any. + TAO_SSLIOP_Endpoint *next_; + + /// IIOP counterpart. + /** + * Since SSLIOP is an 'extension' of IIOP, each SSLIOP_Endpoint + * contains SSL-specific information plus a pointer to the + * IIOP_Endpoint containing the IIOP portion of our address. + */ + TAO_IIOP_Endpoint *iiop_endpoint_; + + /// Flag that determines whether or not the iiop_endpoint_ member is + /// deallocated with delete(). + bool destroy_iiop_endpoint_; + + /// Quailty-of-Protection settings for this endpoint object. + ::Security::QOP qop_; + + /// Establishment of trust settings for this endpoint object. + ::Security::EstablishTrust trust_; + + /// SSLIOP-specific credentials for this endpoint object. + TAO::SSLIOP::Credentials_var credentials_; + + }; + +// } // End SSLIOP namespace. +// } // End TAO namespace. #if defined (__ACE_INLINE__) #include "SSLIOP_Endpoint.i" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i index 74a3a98409f..eb58d3dcc56 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i @@ -11,7 +11,7 @@ TAO_SSLIOP_Endpoint::iiop_endpoint (void) const ACE_INLINE void TAO_SSLIOP_Endpoint::iiop_endpoint (TAO_IIOP_Endpoint *iiop_endpoint, - int destroy) + bool destroy) { if (iiop_endpoint != 0) { @@ -21,8 +21,7 @@ TAO_SSLIOP_Endpoint::iiop_endpoint (TAO_IIOP_Endpoint *iiop_endpoint, { TAO_Endpoint *endpoint = iiop_endpoint->duplicate (); - new_endpoint = ACE_dynamic_cast (TAO_IIOP_Endpoint *, - endpoint); + new_endpoint = dynamic_cast<TAO_IIOP_Endpoint *> (endpoint); } else @@ -36,7 +35,7 @@ TAO_SSLIOP_Endpoint::iiop_endpoint (TAO_IIOP_Endpoint *iiop_endpoint, } } -ACE_INLINE const SSLIOP::SSL & +ACE_INLINE const ::SSLIOP::SSL & TAO_SSLIOP_Endpoint::ssl_component (void) const { return this->ssl_component_; @@ -45,36 +44,36 @@ TAO_SSLIOP_Endpoint::ssl_component (void) const ACE_INLINE void -TAO_SSLIOP_Endpoint::qop (Security::QOP q) +TAO_SSLIOP_Endpoint::qop (::Security::QOP q) { this->qop_ = q; } -ACE_INLINE Security::QOP +ACE_INLINE ::Security::QOP TAO_SSLIOP_Endpoint::qop (void) const { return this->qop_; } ACE_INLINE void -TAO_SSLIOP_Endpoint::trust (const Security::EstablishTrust &t) +TAO_SSLIOP_Endpoint::trust (const ::Security::EstablishTrust &t) { this->trust_ = t; } -ACE_INLINE Security::EstablishTrust +ACE_INLINE ::Security::EstablishTrust TAO_SSLIOP_Endpoint::trust (void) const { return this->trust_; } ACE_INLINE void -TAO_SSLIOP_Endpoint::credentials (const TAO_SSLIOP_Credentials_ptr creds) +TAO_SSLIOP_Endpoint::credentials (const TAO::SSLIOP::Credentials_ptr creds) { - this->credentials_ = TAO_SSLIOP_Credentials::_duplicate (creds); + this->credentials_ = TAO::SSLIOP::Credentials::_duplicate (creds); } -ACE_INLINE TAO_SSLIOP_Credentials * +ACE_INLINE TAO::SSLIOP::Credentials * TAO_SSLIOP_Endpoint::credentials (void) const { return this->credentials_.in (); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp index 919530741e4..390ab77de3c 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp @@ -6,69 +6,74 @@ #include "orbsvcs/orbsvcs/Security/Security_ORBInitializer.h" /// @todo should go away +//#include "orbsvcs/CSIIOPC.h" + #include "tao/debug.h" #include "ace/SSL/SSL_Context.h" -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, SSLIOP_Factory, "$Id$") static const char prefix_[] = "iiop"; -static const long TAO_SSLIOP_ACCEPT_TIMEOUT = 10; // Default accept - // timeout in - // seconds. +namespace TAO +{ + namespace SSLIOP + { + static const long ACCEPT_TIMEOUT = 10; // Default accept timeout + // in seconds. + } +} -TAO_SSLIOP_Protocol_Factory::TAO_SSLIOP_Protocol_Factory (void) +TAO::SSLIOP::Protocol_Factory::Protocol_Factory (void) : TAO_Protocol_Factory (IOP::TAG_INTERNET_IOP), - major_ (TAO_DEF_GIOP_MAJOR), - minor_ (TAO_DEF_GIOP_MINOR), - qop_ (Security::SecQOPIntegrityAndConfidentiality), - timeout_ (TAO_SSLIOP_ACCEPT_TIMEOUT) + qop_ (::Security::SecQOPIntegrityAndConfidentiality), + timeout_ (TAO::SSLIOP::ACCEPT_TIMEOUT) { } -TAO_SSLIOP_Protocol_Factory::~TAO_SSLIOP_Protocol_Factory (void) +TAO::SSLIOP::Protocol_Factory::~Protocol_Factory (void) { } int -TAO_SSLIOP_Protocol_Factory::match_prefix (const ACE_CString &prefix) +TAO::SSLIOP::Protocol_Factory::match_prefix (const ACE_CString &prefix) { // Check for the proper prefix for this protocol. return (ACE_OS::strcasecmp (prefix.c_str (), ::prefix_) == 0); } const char * -TAO_SSLIOP_Protocol_Factory::prefix (void) const +TAO::SSLIOP::Protocol_Factory::prefix (void) const { return ::prefix_; } char -TAO_SSLIOP_Protocol_Factory::options_delimiter (void) const +TAO::SSLIOP::Protocol_Factory::options_delimiter (void) const { return '/'; } TAO_Acceptor * -TAO_SSLIOP_Protocol_Factory::make_acceptor (void) +TAO::SSLIOP::Protocol_Factory::make_acceptor (void) { TAO_Acceptor *acceptor = 0; ACE_NEW_RETURN (acceptor, - TAO_SSLIOP_Acceptor (this->qop_, - this->timeout_), + TAO::SSLIOP::Acceptor (this->qop_, + this->timeout_), 0); return acceptor; } int -TAO_SSLIOP_Protocol_Factory::init (int argc, +TAO::SSLIOP::Protocol_Factory::init (int argc, char* argv[]) { char *certificate_path = 0; @@ -81,6 +86,11 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, int prevdebug = -1; + CSIIOP::AssociationOptions csiv2_target_supports = + CSIIOP::Integrity | CSIIOP::Confidentiality; + CSIIOP::AssociationOptions csiv2_target_requires = + CSIIOP::Integrity | CSIIOP::Confidentiality; + // Force the Singleton instance to be initialized/instantiated. // Some SSLIOP option combinations below will result in the // Singleton instance never being initialized. In that case, @@ -129,7 +139,13 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, // side, secure invocations will be disabled unless // overridden by a SecurityLevel2::QOPPolicy in the object // reference. - this->qop_ = Security::SecQOPNoProtection; + this->qop_ = ::Security::SecQOPNoProtection; + + ACE_SET_BITS (csiv2_target_supports, + CSIIOP::NoProtection); + + ACE_CLR_BITS (csiv2_target_requires, + CSIIOP::Confidentiality); } else if (ACE_OS::strcasecmp (argv[curarg], @@ -192,12 +208,23 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, else if (ACE_OS::strcasecmp (argv[curarg], "SERVER") == 0) { mode = SSL_VERIFY_PEER; + + ACE_SET_BITS (csiv2_target_supports, + CSIIOP::EstablishTrustInTarget + | CSIIOP::EstablishTrustInClient); } else if (ACE_OS::strcasecmp (argv[curarg], "CLIENT") == 0 || ACE_OS::strcasecmp (argv[curarg], "SERVER_AND_CLIENT") == 0) { mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + + ACE_SET_BITS (csiv2_target_supports, + CSIIOP::EstablishTrustInTarget + | CSIIOP::EstablishTrustInClient); + + ACE_SET_BITS (csiv2_target_requires, + CSIIOP::EstablishTrustInClient); } ssl_ctx->default_verify_mode (mode); @@ -358,7 +385,8 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, } } - if (this->register_orb_initializer () != 0) + if (this->register_orb_initializer (csiv2_target_supports, + csiv2_target_requires) != 0) return -1; if (prevdebug != -1) @@ -368,7 +396,9 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, } int -TAO_SSLIOP_Protocol_Factory::register_orb_initializer (void) +TAO::SSLIOP::Protocol_Factory::register_orb_initializer ( + CSIIOP::AssociationOptions csiv2_target_supports, + CSIIOP::AssociationOptions csiv2_target_requires) { ACE_DECLARE_NEW_CORBA_ENV; ACE_TRY @@ -378,7 +408,7 @@ TAO_SSLIOP_Protocol_Factory::register_orb_initializer (void) // Register the Security ORB initializer. PortableInterceptor::ORBInitializer_ptr tmp; ACE_NEW_THROW_EX (tmp, - TAO_Security_ORBInitializer, + TAO::Security::ORBInitializer, CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -395,7 +425,9 @@ TAO_SSLIOP_Protocol_Factory::register_orb_initializer (void) // Register the SSLIOP ORB initializer. // PortableInterceptor::ORBInitializer_ptr tmp; ACE_NEW_THROW_EX (tmp, - TAO_SSLIOP_ORBInitializer (this->qop_), + TAO::SSLIOP::ORBInitializer (this->qop_, + csiv2_target_supports, + csiv2_target_requires), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -418,24 +450,25 @@ TAO_SSLIOP_Protocol_Factory::register_orb_initializer (void) return -1; } ACE_ENDTRY; + ACE_CHECK_RETURN (-1); return 0; } TAO_Connector * -TAO_SSLIOP_Protocol_Factory::make_connector (void) +TAO::SSLIOP::Protocol_Factory::make_connector (void) { TAO_Connector *connector = 0; ACE_NEW_RETURN (connector, - TAO_SSLIOP_Connector (this->qop_), + TAO::SSLIOP::Connector (this->qop_), 0); return connector; } int -TAO_SSLIOP_Protocol_Factory::requires_explicit_endpoint (void) const +TAO::SSLIOP::Protocol_Factory::requires_explicit_endpoint (void) const { return 0; } @@ -444,8 +477,8 @@ ACE_STATIC_SVC_DEFINE (TAO_SSLIOP_Protocol_Factory, ACE_TEXT ("SSLIOP_Factory"), ACE_SVC_OBJ_T, &ACE_SVC_NAME (TAO_SSLIOP_Protocol_Factory), - ACE_Service_Type::DELETE_THIS | - ACE_Service_Type::DELETE_OBJ, + ACE_Service_Type::DELETE_THIS + | ACE_Service_Type::DELETE_OBJ, 0) ACE_FACTORY_DEFINE (TAO_SSLIOP, TAO_SSLIOP_Protocol_Factory) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h index 12b278b22cf..a80578eb718 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h @@ -26,71 +26,95 @@ #endif /* ACE_LACKS_PRAGMA_ONCE */ #include "orbsvcs/orbsvcs/SecurityC.h" +#include "orbsvcs/orbsvcs/CSIIOPC.h" #include "tao/Protocol_Factory.h" #include "ace/Service_Config.h" + class TAO_Acceptor; class TAO_Connector; -/** - * @class TAO_SSLIOP_Protocol_Factory - * - * @brief SSLIOP-specific protocol factory implementation. - * - * This class implements the SSLIOP-specific protocol factory - * implementation for use in TAO's pluggable protocols framework. - */ -class TAO_SSLIOP_Export TAO_SSLIOP_Protocol_Factory - : public TAO_Protocol_Factory -{ -public: - TAO_SSLIOP_Protocol_Factory (void); - virtual ~TAO_SSLIOP_Protocol_Factory (void); - - // = Service Configurator hooks. - virtual int init (int argc, char* argv[]); - // Dynamic linking hook - - /// Create and register the SSLIOP ORB initializer. - int register_orb_initializer (void); - - virtual int match_prefix (const ACE_CString &prefix); - // Verify prefix is a match - virtual const char *prefix (void) const; - // Returns the prefix used by the protocol. - - virtual char options_delimiter (void) const; - // Return the character used to mark where an endpoint ends and - // where its options begin. - - // = Check Protocol_Factory.h for a description of these methods. - virtual TAO_Acceptor *make_acceptor (void); - virtual TAO_Connector *make_connector (void); - virtual int requires_explicit_endpoint (void) const; - -private: - - /// Changing the version number can be used to provide backwards - /// compatibility with old clients. - int major_; - int minor_; - - /// Default quality-of-protection settings for the SSLIOP pluggable - /// protocol. - Security::QOP qop_; - - /// The accept() timeout. - /** - * This timeout includes the overall time to complete the SSL - * handshake. This includes both the TCP handshake and the SSL - * handshake. - */ - ACE_Time_Value timeout_; - -}; +namespace TAO +{ + namespace SSLIOP + { + + /** + * @class Protocol_Factory + * + * @brief SSLIOP-specific protocol factory implementation. + * + * This class implements the SSLIOP-specific protocol factory + * implementation for use in TAO's pluggable protocols framework. + */ + class TAO_SSLIOP_Export Protocol_Factory + : public TAO_Protocol_Factory + { + public: + + /// Constructor. + Protocol_Factory (void); + + /// Destructor. + virtual ~Protocol_Factory (void); + + // = Service Configurator hooks. + /// Dynamic linking hook + virtual int init (int argc, char* argv[]); + + /// Verify prefix is a match + virtual int match_prefix (const ACE_CString & prefix); + + /// Returns the prefix used by the protocol. + virtual const char * prefix (void) const; + + /// Return the character used to mark where an endpoint ends and + /// where its options begin. + virtual char options_delimiter (void) const; + + // = Check Protocol_Factory.h for a description of these methods. + virtual TAO_Acceptor * make_acceptor (void); + virtual TAO_Connector * make_connector (void); + virtual int requires_explicit_endpoint (void) const; + + private: + + /// Create and register the SSLIOP ORB initializer. + int register_orb_initializer ( + CSIIOP::AssociationOptions csiv2_target_supports, + CSIIOP::AssociationOptions csiv2_target_requires); + + private: + + /// Default quality-of-protection settings for the SSLIOP + /// pluggable protocol. + ::Security::QOP qop_; + + /// The accept() timeout. + /** + * This timeout includes the overall time to complete the SSL + * handshake. This includes both the TCP handshake and the SSL + * handshake. + */ + ACE_Time_Value timeout_; + + /// The SSLIOP-specific CSIv2 transport mechanism component. + /** + * This SSLIOP-specific structure is embedded in the CSIv2 transport + * mechanism list of the @c CSIIOP::CompoundSecMechList IOR tagged + * component. + */ + CSIIOP::TLS_SEC_TRANS * csiv2_component_; + + }; + } // End SSLIOP namespace. +} // End TAO namespace. + +// Work around preprocessor tokenization. +typedef TAO::SSLIOP::Protocol_Factory TAO_SSLIOP_Protocol_Factory; ACE_STATIC_SVC_DECLARE_EXPORT (TAO_SSLIOP, TAO_SSLIOP_Protocol_Factory) ACE_STATIC_SVC_REQUIRE (TAO_SSLIOP_Protocol_Factory) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp index e10055a6dab..0bac6e26251 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp @@ -1,38 +1,38 @@ -// -*- C++ -*- -// -// $Id$ - #include "SSLIOP_Invocation_Interceptor.h" #include "tao/debug.h" // #include <openssl/x509.h> // @@ For debugging code below -ACE_RCSID (TAO_SSLIOP, SSLIOP_Invocation_Interceptor, "$Id$") -TAO_SSLIOP_Server_Invocation_Interceptor:: -TAO_SSLIOP_Server_Invocation_Interceptor (SSLIOP::Current_ptr current, - Security::QOP qop) - : ssliop_current_ (SSLIOP::Current::_duplicate (current)), +ACE_RCSID (SSLIOP, + SSLIOP_Invocation_Interceptor, + "$Id$") + + +TAO::SSLIOP::Server_Invocation_Interceptor::Server_Invocation_Interceptor ( + ::SSLIOP::Current_ptr current, + ::Security::QOP qop) + : ssliop_current_ (::SSLIOP::Current::_duplicate (current)), qop_ (qop) { } -TAO_SSLIOP_Server_Invocation_Interceptor:: -~TAO_SSLIOP_Server_Invocation_Interceptor (void) +TAO::SSLIOP::Server_Invocation_Interceptor::~Server_Invocation_Interceptor ( + void) { } char * -TAO_SSLIOP_Server_Invocation_Interceptor::name ( +TAO::SSLIOP::Server_Invocation_Interceptor::name ( ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { - return CORBA::string_dup ("TAO_SSLIOP_Server_Invocation_Interceptor"); + return CORBA::string_dup ("TAO::SSLIOP::Server_Invocation_Interceptor"); } void -TAO_SSLIOP_Server_Invocation_Interceptor::destroy ( +TAO::SSLIOP::Server_Invocation_Interceptor::destroy ( ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { @@ -40,7 +40,7 @@ TAO_SSLIOP_Server_Invocation_Interceptor::destroy ( void -TAO_SSLIOP_Server_Invocation_Interceptor::receive_request_service_contexts ( +TAO::SSLIOP::Server_Invocation_Interceptor::receive_request_service_contexts ( PortableInterceptor::ServerRequestInfo_ptr /* ri */ ACE_ENV_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException, @@ -59,7 +59,7 @@ TAO_SSLIOP_Server_Invocation_Interceptor::receive_request_service_contexts ( this->ssliop_current_->no_context (ACE_ENV_SINGLE_ARG_PARAMETER); ACE_CHECK; - if (no_ssl && this->qop_ != Security::SecQOPNoProtection) + if (no_ssl && this->qop_ != ::Security::SecQOPNoProtection) ACE_THROW (CORBA::NO_PERMISSION ()); #if 0 @@ -69,8 +69,9 @@ TAO_SSLIOP_Server_Invocation_Interceptor::receive_request_service_contexts ( // this method will throw the SSLIOP::Current::NoContext // exception. Otherwise, it will return a DER encoded X509 // certificate. - SSLIOP::ASN_1_Cert_var cert = - this->ssliop_current_->get_peer_certificate (ACE_ENV_SINGLE_ARG_PARAMETER); + ::SSLIOP::ASN_1_Cert_var cert = + this->ssliop_current_->get_peer_certificate ( + ACE_ENV_SINGLE_ARG_PARAMETER); ACE_TRY_CHECK; // @@ The following debugging code works but I don't think that @@ -106,7 +107,7 @@ TAO_SSLIOP_Server_Invocation_Interceptor::receive_request_service_contexts ( } } } - ACE_CATCH (SSLIOP::Current::NoContext, exc) + ACE_CATCH (::SSLIOP::Current::NoContext, exc) { // The current upcall is not being performed through an SSL // connection. If server is configured to disallow insecure @@ -117,7 +118,7 @@ TAO_SSLIOP_Server_Invocation_Interceptor::receive_request_service_contexts ( // SecTargetSecureInvocationPolicy so that we can // accept or reject requests on a per-object basis // instead on a per-endpoint basis. - if (this->qop_ != Security::SecQOPNoProtection) + if (this->qop_ != ::Security::SecQOPNoProtection) ACE_THROW (CORBA::NO_PERMISSION ()); } ACE_ENDTRY; @@ -126,7 +127,7 @@ TAO_SSLIOP_Server_Invocation_Interceptor::receive_request_service_contexts ( } void -TAO_SSLIOP_Server_Invocation_Interceptor::receive_request ( +TAO::SSLIOP::Server_Invocation_Interceptor::receive_request ( PortableInterceptor::ServerRequestInfo_ptr /* ri */ ACE_ENV_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException, @@ -135,7 +136,7 @@ TAO_SSLIOP_Server_Invocation_Interceptor::receive_request ( } void -TAO_SSLIOP_Server_Invocation_Interceptor::send_reply ( +TAO::SSLIOP::Server_Invocation_Interceptor::send_reply ( PortableInterceptor::ServerRequestInfo_ptr /* ri */ ACE_ENV_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) @@ -143,7 +144,7 @@ TAO_SSLIOP_Server_Invocation_Interceptor::send_reply ( } void -TAO_SSLIOP_Server_Invocation_Interceptor::send_exception ( +TAO::SSLIOP::Server_Invocation_Interceptor::send_exception ( PortableInterceptor::ServerRequestInfo_ptr /* ri */ ACE_ENV_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException, @@ -152,7 +153,7 @@ TAO_SSLIOP_Server_Invocation_Interceptor::send_exception ( } void -TAO_SSLIOP_Server_Invocation_Interceptor::send_other ( +TAO::SSLIOP::Server_Invocation_Interceptor::send_other ( PortableInterceptor::ServerRequestInfo_ptr /* ri */ ACE_ENV_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException, diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h index f1e410d49c3..45740ab8cd0 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h @@ -35,100 +35,106 @@ #endif /* _MSC_VER */ -/** - * @class TAO_SSLIOP_Server_Invocation_Interceptor - * - * @brief Secure invocation server request interceptor. - * - * This server request interceptor rejects insecure request - * invocations if the effective target object policy requires secure - * invocations. - */ -class TAO_SSLIOP_Export TAO_SSLIOP_Server_Invocation_Interceptor - : public virtual PortableInterceptor::ServerRequestInterceptor, - public virtual TAO_Local_RefCounted_Object +namespace TAO { -public: - - /// Constructor. - TAO_SSLIOP_Server_Invocation_Interceptor (SSLIOP::Current_ptr current, - Security::QOP qop); - - /** - * @name PortableInterceptor::ServerRequestInterceptor Methods - * - * Methods required by the - * PortableInterceptor::ServerRequestInterceptor interface. - */ - //@{ - virtual char * name (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void destroy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void receive_request_service_contexts ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)); - - virtual void receive_request ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)); - - virtual void send_reply ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void send_exception ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)); - - virtual void send_other ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)); - //@} - -protected: - - /// Destructor - /** - * Protected destructor to force deallocation by the reference - * counting mechanism. - */ - ~TAO_SSLIOP_Server_Invocation_Interceptor (void); - -private: - - /** - * @name Copying and Assignment - * - * Protected to prevent copying through the copy constructor and the - * assignment operator. - */ - //@{ - ACE_UNIMPLEMENTED_FUNC ( - TAO_SSLIOP_Server_Invocation_Interceptor (const TAO_SSLIOP_Server_Invocation_Interceptor &)) - ACE_UNIMPLEMENTED_FUNC (void operator= (const TAO_SSLIOP_Server_Invocation_Interceptor &)) - //@} - -private: - - /// Reference to the current SSLIOP execution context. - SSLIOP::Current_var ssliop_current_; - - /// The default quality-of-protection settings in use. - Security::QOP qop_; - -}; + namespace SSLIOP + { + /** + * @class Server_Invocation_Interceptor + * + * @brief Secure invocation server request interceptor. + * + * This server request interceptor rejects insecure request + * invocations if the effective target object policy requires + * secure invocations. + */ + class TAO_SSLIOP_Export Server_Invocation_Interceptor + : public virtual PortableInterceptor::ServerRequestInterceptor, + public virtual TAO_Local_RefCounted_Object + { + public: + + /// Constructor. + Server_Invocation_Interceptor (::SSLIOP::Current_ptr current, + ::Security::QOP qop); + + /** + * @name PortableInterceptor::ServerRequestInterceptor Methods + * + * Methods required by the + * PortableInterceptor::ServerRequestInterceptor interface. + */ + //@{ + virtual char * name (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void destroy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void receive_request_service_contexts ( + PortableInterceptor::ServerRequestInfo_ptr ri + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException, + PortableInterceptor::ForwardRequest)); + + virtual void receive_request ( + PortableInterceptor::ServerRequestInfo_ptr ri + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException, + PortableInterceptor::ForwardRequest)); + + virtual void send_reply ( + PortableInterceptor::ServerRequestInfo_ptr ri + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void send_exception ( + PortableInterceptor::ServerRequestInfo_ptr ri + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException, + PortableInterceptor::ForwardRequest)); + + virtual void send_other ( + PortableInterceptor::ServerRequestInfo_ptr ri + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException, + PortableInterceptor::ForwardRequest)); + //@} + + protected: + + /// Destructor + /** + * Protected destructor to force deallocation by the reference + * counting mechanism. + */ + ~Server_Invocation_Interceptor (void); + + private: + + /** + * @name Copying and Assignment + * + * Protected to prevent copying through the copy constructor and the + * assignment operator. + */ + //@{ + ACE_UNIMPLEMENTED_FUNC (Server_Invocation_Interceptor (const Server_Invocation_Interceptor &)) + ACE_UNIMPLEMENTED_FUNC (void operator= (const Server_Invocation_Interceptor &)) + //@} + + private: + + /// Reference to the current SSLIOP execution context. + ::SSLIOP::Current_var ssliop_current_; + + /// The default quality-of-protection settings in use. + ::Security::QOP qop_; + + }; + + } // End SSLIOP namespace. +} // End TAO namespace. #if defined (_MSC_VER) && (_MSC_VER >= 1200) #pragma warning(pop) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp index 61451bbc62a..d7fe7e70c57 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp @@ -1,31 +1,41 @@ -// -*- C++ -*- - #include "SSLIOP_ORBInitializer.h" -#include "SSLIOP_Vault.h" -#include "tao/debug.h" -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, SSLIOP_ORBInitializer, "$Id$") + #include "SSLIOP_Current.h" #include "SSLIOP_Invocation_Interceptor.h" -#include "orbsvcs/orbsvcs/SSLIOPC.h" +//#include "SSLIOP_IORInterceptor.h" +#include "SSLIOP_CredentialsAcquirerFactory.h" + +#include "orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.h" +#include "orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h" -#include "orbsvcs/orbsvcs/Security/Security_Current.h" -#include "orbsvcs/orbsvcs/Security/PrincipalAuthenticator.h" +#include "orbsvcs/orbsvcs/SSLIOPC.h" +#include "orbsvcs/orbsvcs/CSIIOPC.h" #include "tao/Exception.h" #include "tao/ORBInitInfo.h" +#include "tao/debug.h" + +#include "ace/Auto_Ptr.h" + -TAO_SSLIOP_ORBInitializer::TAO_SSLIOP_ORBInitializer (Security::QOP qop) - : qop_ (qop) +TAO::SSLIOP::ORBInitializer::ORBInitializer ( + ::Security::QOP qop, + CSIIOP::AssociationOptions csiv2_target_supports, + CSIIOP::AssociationOptions csiv2_target_requires) + : qop_ (qop), + csiv2_target_supports_ (csiv2_target_supports), + csiv2_target_requires_ (csiv2_target_requires) { } void -TAO_SSLIOP_ORBInitializer::pre_init ( +TAO::SSLIOP::ORBInitializer::pre_init ( PortableInterceptor::ORBInitInfo_ptr info ACE_ENV_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) @@ -48,9 +58,9 @@ TAO_SSLIOP_ORBInitializer::pre_init ( // It wouldn't be very useful to share security context information // with another ORB that isn't configured with security, for // example. - SSLIOP::Current_ptr current = SSLIOP::Current::_nil (); + SSLIOP::Current_ptr current; ACE_NEW_THROW_EX (current, - TAO_SSLIOP_Current (orb_core), + TAO::SSLIOP::Current (orb_core), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -68,7 +78,7 @@ TAO_SSLIOP_ORBInitializer::pre_init ( } void -TAO_SSLIOP_ORBInitializer::post_init ( +TAO::SSLIOP::ORBInitializer::post_init ( PortableInterceptor::ORBInitInfo_ptr info ACE_ENV_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) @@ -84,7 +94,8 @@ TAO_SSLIOP_ORBInitializer::post_init ( // pre_init() method. CORBA::Object_var obj = - info->resolve_initial_references ("SSLIOPCurrent" ACE_ENV_ARG_PARAMETER); + info->resolve_initial_references ("SSLIOPCurrent" + ACE_ENV_ARG_PARAMETER); ACE_CHECK; SSLIOP::Current_var ssliop_current = @@ -93,13 +104,13 @@ TAO_SSLIOP_ORBInitializer::post_init ( if (!CORBA::is_nil (ssliop_current.in ())) { - TAO_SSLIOP_Current *tao_current = - ACE_dynamic_cast (TAO_SSLIOP_Current *, - ssliop_current.in ()); + TAO::SSLIOP::Current *tao_current = + dynamic_cast<TAO::SSLIOP::Current *> (ssliop_current.in ()); if (tao_current != 0) { - size_t slot = this->get_tss_slot_id (info ACE_ENV_ARG_PARAMETER); + const size_t slot = + this->get_tss_slot_id (info ACE_ENV_ARG_PARAMETER); ACE_CHECK; tao_current->tss_slot (slot); @@ -112,7 +123,7 @@ TAO_SSLIOP_ORBInitializer::post_init ( PortableInterceptor::ServerRequestInterceptor_ptr si = PortableInterceptor::ServerRequestInterceptor::_nil (); ACE_NEW_THROW_EX (si, - TAO_SSLIOP_Server_Invocation_Interceptor ( + TAO::SSLIOP::Server_Invocation_Interceptor ( ssliop_current.in (), this->qop_), CORBA::NO_MEMORY ( @@ -131,59 +142,94 @@ TAO_SSLIOP_ORBInitializer::post_init ( ACE_ENV_ARG_PARAMETER); ACE_CHECK; +// TAO_ORBInitInfo_var tao_info = +// TAO_ORBInitInfo::_narrow (info +// ACE_ENV_ARG_PARAMETER); +// ACE_CHECK; + +// if (CORBA::is_nil (tao_info.in ())) +// ACE_THROW (CORBA::INV_OBJREF ()); + +// TAO_ORB_Core * orb_core = tao_info->orb_core (); + +// // Create the SSLIOP IOR interceptor. +// PortableInterceptor::IORInterceptor_ptr ii = +// PortableInterceptor::IORInterceptor::_nil (); +// ACE_NEW_THROW_EX (ii, +// TAO::SSLIOP::IORInterceptor (orb_core, +// this->csiv2_target_supports_, +// this->csiv2_target_requires_), +// CORBA::NO_MEMORY ( +// CORBA::SystemException::_tao_minor_code ( +// TAO_DEFAULT_MINOR_CODE, +// ENOMEM), +// CORBA::COMPLETED_NO)); +// ACE_CHECK; + +// PortableInterceptor::IORInterceptor_var ior_interceptor = +// ii; + +// // Register the SSLIOP IORInterceptor. +// info->add_ior_interceptor (ior_interceptor.in () +// ACE_ENV_ARG_PARAMETER); +// ACE_CHECK; + // Register the SSLIOP-specific vault with the // PrincipalAuthenticator. - obj = info->resolve_initial_references ("SecurityManager" + obj = info->resolve_initial_references ("SecurityLevel3:SecurityManager" ACE_ENV_ARG_PARAMETER); ACE_CHECK; - SecurityLevel2::SecurityManager_var manager = - SecurityLevel2::SecurityManager::_narrow (obj.in () + SecurityLevel3::SecurityManager_var manager = + SecurityLevel3::SecurityManager::_narrow (obj.in () ACE_ENV_ARG_PARAMETER); ACE_CHECK; - SecurityLevel2::PrincipalAuthenticator_var pa = - manager->principal_authenticator (ACE_ENV_SINGLE_ARG_PARAMETER); + SecurityLevel3::CredentialsCurator_var curator = + manager->credentials_curator (ACE_ENV_SINGLE_ARG_PARAMETER); ACE_CHECK; - TAO_PrincipalAuthenticator_var tao_pa = - TAO_PrincipalAuthenticator::_narrow (pa.in () - ACE_ENV_ARG_PARAMETER); + TAO::SL3::CredentialsCurator_var tao_curator = + TAO::SL3::CredentialsCurator::_narrow (curator.in () + ACE_ENV_ARG_PARAMETER); ACE_CHECK; - SecurityReplaceable::Vault_ptr vault; - ACE_NEW_THROW_EX (vault, - TAO_SSLIOP_Vault, + TAO::SSLIOP::CredentialsAcquirerFactory * factory; + ACE_NEW_THROW_EX (factory, + TAO::SSLIOP::CredentialsAcquirerFactory, CORBA::NO_MEMORY ()); ACE_CHECK; - SecurityReplaceable::Vault_var safe_vault = vault; // :-) + auto_ptr<TAO::SSLIOP::CredentialsAcquirerFactory> safe_factory; - tao_pa->register_vault (vault - ACE_ENV_ARG_PARAMETER); + tao_curator->register_acquirer_factory ("SL3TLS", + factory + ACE_ENV_ARG_PARAMETER); ACE_CHECK; + + (void) safe_factory.release (); // CredentialsCurator now owns + // CredentialsAcquirerFactory. } size_t -TAO_SSLIOP_ORBInitializer::get_tss_slot_id ( +TAO::SSLIOP::ORBInitializer::get_tss_slot_id ( PortableInterceptor::ORBInitInfo_ptr info ACE_ENV_ARG_DECL) { // Obtain the Security Service TSS slot ID from the SecurityCurrent // object. CORBA::Object_var obj = - info->resolve_initial_references ("SecurityCurrent" + info->resolve_initial_references ("SecurityLevel3:SecurityCurrent" ACE_ENV_ARG_PARAMETER); ACE_CHECK_RETURN (0); - SecurityLevel2::Current_var current = - SecurityLevel2::Current::_narrow (obj.in () - ACE_ENV_ARG_PARAMETER); + SecurityLevel3::SecurityCurrent_var current = + SecurityLevel3::SecurityCurrent::_narrow (obj.in () + ACE_ENV_ARG_PARAMETER); ACE_CHECK_RETURN (0); - TAO_Security_Current *security_current = - ACE_dynamic_cast (TAO_Security_Current *, - current.in ()); + TAO::SL3::SecurityCurrent * security_current = + dynamic_cast<TAO::SL3::SecurityCurrent *> (current.in ()); if (security_current == 0) { @@ -196,3 +242,24 @@ TAO_SSLIOP_ORBInitializer::get_tss_slot_id ( return security_current->tss_slot (); } + + +#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) + +# if defined (ACE_LACKS_AUTO_PTR) \ + || !(defined (ACE_HAS_STANDARD_CPP_LIBRARY) \ + && (ACE_HAS_STANDARD_CPP_LIBRARY != 0)) +template class ACE_Auto_Basic_Ptr<TAO::SSLIOP::CredentialsAcquirerFactory>; +# endif /* ACE_LACKS_AUTO_PTR */ +template class auto_ptr<TAO::SSLIOP::CredentialsAcquirerFactory>; + +#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) + +# if defined (ACE_LACKS_AUTO_PTR) \ + || !(defined (ACE_HAS_STANDARD_CPP_LIBRARY) \ + && (ACE_HAS_STANDARD_CPP_LIBRARY != 0)) +#pragma instantiate ACE_Auto_Basic_Ptr<TAO::SSLIOP::CredentialsAcquirerFactory> +# endif /* ACE_LACKS_AUTO_PTR */ +#pragma instanstiate auto_ptr<TAO::SSLIOP::CredentialsAcquirerFactory> + +#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h index b56aef414e6..01f626a049d 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h @@ -22,6 +22,7 @@ # pragma once #endif /* ACE_LACKS_PRAGMA_ONCE */ +#include "orbsvcs/orbsvcs/CSIIOPC.h" #include "orbsvcs/orbsvcs/SecurityC.h" #include "tao/PortableInterceptorC.h" @@ -36,43 +37,57 @@ #pragma warning(disable:4250) #endif /* _MSC_VER */ -/** - * @name TAO_SSLIOP_ORBInitializer - * - * @brief - * ORB initializer that registers all SSLIOP-specific interceptors and - * object references. - */ -class TAO_SSLIOP_Export TAO_SSLIOP_ORBInitializer : - public virtual PortableInterceptor::ORBInitializer, - public virtual TAO_Local_RefCounted_Object +namespace TAO { -public: + namespace SSLIOP + { + + /** + * @name ORBInitializer + * + * @brief + * ORB initializer that registers all SSLIOP-specific interceptors and + * object references. + */ + class TAO_SSLIOP_Export ORBInitializer : + public virtual PortableInterceptor::ORBInitializer, + public virtual TAO_Local_RefCounted_Object + { + public: + + /// Constructor. + ORBInitializer (::Security::QOP qop, + CSIIOP::AssociationOptions csiv2_target_supports, + CSIIOP::AssociationOptions csiv2_target_requires); + + virtual void pre_init (PortableInterceptor::ORBInitInfo_ptr info + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); - /// Constructor. - TAO_SSLIOP_ORBInitializer (Security::QOP qop); + virtual void post_init (PortableInterceptor::ORBInitInfo_ptr info + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); - virtual void pre_init (PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); + private: - virtual void post_init (PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); + // Obtain the TSS slot ID assigned to the "SSLIOPCurrent" object. + size_t get_tss_slot_id (PortableInterceptor::ORBInitInfo_ptr info + ACE_ENV_ARG_DECL); -private: + private: - // Obtain the TSS slot ID assigned to the "SSLIOPCurrent" object. - size_t get_tss_slot_id ( - PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL); + /// The default quality-of-protection settings in use. + ::Security::QOP qop_; -private: + /// Default support CSIv2 association options. + CSIIOP::AssociationOptions csiv2_target_supports_; - /// The default quality-of-protection settings in use. - Security::QOP qop_; + /// Default required CSIv2 association options. + CSIIOP::AssociationOptions csiv2_target_requires_; + }; -}; + } // End SSLIOP namespace. +} // End TAO namespace. #if defined(_MSC_VER) && (_MSC_VER >= 1200) #pragma warning(pop) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp new file mode 100644 index 00000000000..e6d12123c70 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp @@ -0,0 +1,73 @@ +// $Id$ + +#include "SSLIOP_OwnCredentials.h" + + +ACE_RCSID (SSLIOP, + SSLIOP_OwnCredentials, + "$Id$") + + +TAO::SSLIOP::OwnCredentials::OwnCredentials (X509 *cert, EVP_PKEY *evp) + : Credentials (cert, evp) +{ +} + +TAO::SSLIOP::OwnCredentials::~OwnCredentials (void) +{ +} + +TAO::SSLIOP::OwnCredentials_ptr +TAO::SSLIOP::OwnCredentials::_duplicate (TAO::SSLIOP::OwnCredentials_ptr obj) +{ + if (!CORBA::is_nil (obj)) + obj->_add_ref (); + + return obj; +} + +TAO::SSLIOP::OwnCredentials_ptr +TAO::SSLIOP::OwnCredentials::_narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL_NOT_USED) +{ + return TAO::SSLIOP::OwnCredentials::_duplicate ( + dynamic_cast<TAO::SSLIOP::OwnCredentials *> (obj)); +} + +TAO::SSLIOP::OwnCredentials_ptr +TAO::SSLIOP::OwnCredentials::_nil (void) +{ + return (OwnCredentials *) 0; + +} + +SecurityLevel3::CredentialsType +TAO::SSLIOP::OwnCredentials::creds_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + return SecurityLevel3::CT_OwnCredentials; +} + +SecurityLevel3::CredsInitiator_ptr +TAO::SSLIOP::OwnCredentials::creds_initiator (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), + SecurityLevel3::CredsInitiator::_nil ()); +} + +SecurityLevel3::CredsAcceptor_ptr +TAO::SSLIOP::OwnCredentials::creds_acceptor (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), + SecurityLevel3::CredsAcceptor::_nil ()); +} + +void +TAO::SSLIOP::OwnCredentials::release_credentials ( + ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + this->creds_state_ = SecurityLevel3::CS_PendingRelease; +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h new file mode 100644 index 00000000000..bdce35e81cf --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h @@ -0,0 +1,117 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SSLIOP_OwnCredentials.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +//============================================================================= + + +#ifndef TAO_SSLIOP_OWN_CREDENTIALS_H +#define TAO_SSLIOP_OWN_CREDENTIALS_H + +#include "ace/pre.h" + +#include "SSLIOP_Export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "SSLIOP_Credentials.h" + +#if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +#pragma warning(push) +#endif /* _MSC_VER >= 1200 */ +#pragma warning(disable:4250) +#endif /* _MSC_VER */ + +namespace TAO +{ + namespace SSLIOP + { + class OwnCredentials; + typedef OwnCredentials* OwnCredentials_ptr; + typedef TAO_Pseudo_Var_T<OwnCredentials> OwnCredentials_var; + typedef TAO_Pseudo_Out_T<OwnCredentials, OwnCredentials_var> OwnCredentials_out; + + /** + * @class OwnCredentials + * + * @brief Credentials representing the our identity, not our + * peer's identity. + * + * @c OwnCredentials are a representation of our identity, not our + * peer's identity. + */ + class TAO_SSLIOP_Export OwnCredentials + : public virtual SecurityLevel3::OwnCredentials, + public virtual Credentials + { + public: + + /// Constructor + OwnCredentials (::X509 *cert, ::EVP_PKEY *evp); + + static OwnCredentials_ptr _duplicate (OwnCredentials_ptr obj); + static OwnCredentials_ptr _nil (void); + static OwnCredentials_ptr _narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL); + + /** + * @name SecurityLevel3::TargetCredentials Methods + * + * Methods required by the SecurityLevel3::Credentials + * interface. + */ + //@{ + SecurityLevel3::CredentialsType creds_type (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /** + * @name SecurityLevel3::OwnCredentials Methods + * + * Methods required by the SecurityLevel3::OwnCredentials + * interface. + */ + //@{ + virtual SecurityLevel3::CredsInitiator_ptr creds_initiator ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::CredsAcceptor_ptr creds_acceptor ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void release_credentials (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + protected: + + /// Destructor + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechanism. + */ + ~OwnCredentials (void); + + }; + + } // End SSLIOP namespace +} // End TAO namespace + + +#if defined(_MSC_VER) && (_MSC_VER >= 1200) +#pragma warning(pop) +#endif /* _MSC_VER */ + +#include "ace/post.h" + +#endif /* TAO_SSLIOP_OWN_CREDENTIALS_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.cpp index 59f5314065e..23642aaa94a 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.cpp @@ -5,7 +5,7 @@ #include "ace/OS_NS_string.h" -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, SSLIOP_Profile, "$Id$") @@ -14,29 +14,27 @@ ACE_RCSID (TAO_SSLIOP, # include "SSLIOP_Profile.i" #endif /* __ACE_INLINE__ */ -TAO_SSLIOP_Profile::TAO_SSLIOP_Profile ( - const ACE_INET_Addr & addr, - const TAO::ObjectKey & object_key, - const TAO_GIOP_Message_Version & version, - TAO_ORB_Core * orb_core, - const SSLIOP::SSL * ssl_component) +TAO_SSLIOP_Profile::TAO_SSLIOP_Profile (const ACE_INET_Addr & addr, + const TAO::ObjectKey & object_key, + const TAO_GIOP_Message_Version & version, + TAO_ORB_Core * orb_core, + const ::SSLIOP::SSL * ssl_component) : TAO_IIOP_Profile (addr, object_key, version, orb_core), ssl_endpoint_ (ssl_component, 0) { - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, 1); + this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); } -TAO_SSLIOP_Profile::TAO_SSLIOP_Profile ( - const char * host, - CORBA::UShort port, - const TAO::ObjectKey & object_key, - const ACE_INET_Addr & addr, - const TAO_GIOP_Message_Version & version, - TAO_ORB_Core * orb_core, - const SSLIOP::SSL * ssl_component) +TAO_SSLIOP_Profile::TAO_SSLIOP_Profile (const char * host, + CORBA::UShort port, + const TAO::ObjectKey & object_key, + const ACE_INET_Addr & addr, + const TAO_GIOP_Message_Version & version, + TAO_ORB_Core * orb_core, + const ::SSLIOP::SSL * ssl_component) : TAO_IIOP_Profile (host, port, object_key, @@ -45,22 +43,22 @@ TAO_SSLIOP_Profile::TAO_SSLIOP_Profile ( orb_core), ssl_endpoint_ (ssl_component, 0) { - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, 1); + this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); } TAO_SSLIOP_Profile::TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core, - const SSLIOP::SSL * ssl_component) + const ::SSLIOP::SSL * ssl_component) : TAO_IIOP_Profile (orb_core), ssl_endpoint_ (ssl_component, 0) { - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, 1); + this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); } TAO_SSLIOP_Profile::TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core) : TAO_IIOP_Profile (orb_core), ssl_endpoint_ (0, 0) { - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, 1); + this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); } TAO_SSLIOP_Profile::~TAO_SSLIOP_Profile (void) @@ -93,18 +91,17 @@ TAO_SSLIOP_Profile::decode (TAO_InputCDR & cdr) // there if we are dealing with pure IIOP profile. int ssl_component_found = 0; IOP::TaggedComponent component; - component.tag = SSLIOP::TAG_SSL_SEC_TRANS; + component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; if (this->tagged_components ().get_component (component)) { - TAO_InputCDR cdr (ACE_reinterpret_cast ( - const char*, + TAO_InputCDR cdr (reinterpret_cast<const char*> ( component.component_data.get_buffer ()), component.component_data.length ()); CORBA::Boolean byte_order; if ((cdr >> ACE_InputCDR::to_boolean (byte_order)) == 0) return -1; - cdr.reset_byte_order (ACE_static_cast (int, byte_order)); + cdr.reset_byte_order (static_cast<int> (byte_order)); if (cdr >> this->ssl_endpoint_.ssl_component_) ssl_component_found = 1; @@ -119,7 +116,7 @@ TAO_SSLIOP_Profile::decode (TAO_InputCDR & cdr) { // This profile contains only one endpoint. Finish initializing // it. - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, 1); + this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); this->ssl_endpoint_.priority (this->endpoint_.priority ()); return 1; } @@ -160,7 +157,7 @@ TAO_SSLIOP_Profile::decode (TAO_InputCDR & cdr) ssl_endp != 0; ssl_endp = ssl_endp->next_) { - ssl_endp->iiop_endpoint (iiop_endp, 1); + ssl_endp->iiop_endpoint (iiop_endp, true); ssl_endp->priority (iiop_endp->priority ()); iiop_endp = iiop_endp->next_; } @@ -174,7 +171,7 @@ CORBA::Boolean TAO_SSLIOP_Profile::do_is_equivalent (const TAO_Profile * other_profile) { const TAO_SSLIOP_Profile *op = - ACE_dynamic_cast (const TAO_SSLIOP_Profile *, other_profile); + dynamic_cast<const TAO_SSLIOP_Profile *> (other_profile); // Make sure we have a TAO_SSLIOP_Profile. if (op == 0) @@ -248,7 +245,7 @@ TAO_SSLIOP_Profile::encode_endpoints (void) const CORBA::ULong length = out_cdr.total_length (); IOP::TaggedComponent tagged_component; - tagged_component.tag = TAO_TAG_SSL_ENDPOINTS; + tagged_component.tag = TAO::TAG_SSL_ENDPOINTS; tagged_component.component_data.length (length); CORBA::Octet *buf = tagged_component.component_data.get_buffer (); @@ -275,21 +272,21 @@ int TAO_SSLIOP_Profile::decode_tagged_endpoints (void) { IOP::TaggedComponent tagged_component; - tagged_component.tag = TAO_TAG_SSL_ENDPOINTS; + tagged_component.tag = TAO::TAG_SSL_ENDPOINTS; if (this->tagged_components_.get_component (tagged_component)) { const CORBA::Octet *buf = tagged_component.component_data.get_buffer (); - TAO_InputCDR in_cdr (ACE_reinterpret_cast (const char*, buf), + TAO_InputCDR in_cdr (reinterpret_cast<const char* > (buf), tagged_component.component_data.length ()); // Extract the Byte Order. CORBA::Boolean byte_order; if ((in_cdr >> ACE_InputCDR::to_boolean (byte_order)) == 0) return -1; - in_cdr.reset_byte_order (ACE_static_cast(int, byte_order)); + in_cdr.reset_byte_order (static_cast<int> (byte_order)); // Extract endpoints sequence. TAO_SSLEndpointSequence endpoints; @@ -321,7 +318,7 @@ TAO_SSLIOP_Profile::decode_tagged_endpoints (void) ssl_endp != 0; ssl_endp = ssl_endp->next_) { - ssl_endp->iiop_endpoint (iiop_endp, 1); + ssl_endp->iiop_endpoint (iiop_endp, true); ssl_endp->priority (iiop_endp->priority ()); iiop_endp = iiop_endp->next_; } @@ -342,5 +339,5 @@ TAO_SSLIOP_Profile::parse_string (const char * ior ACE_ENV_ARG_PARAMETER); ACE_CHECK; - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, 1); + this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.h index b83036b7a0c..026765b860b 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.h @@ -28,121 +28,136 @@ #include "SSLIOP_Endpoint.h" #include "tao/IIOP_Profile.h" -class TAO_SSLIOP_Client_Connection_Handler; +// namespace TAO +// { +// namespace SSLIOP +// { + + /** + * @class Profile + * + * @brief This class defines the protocol specific attributes + * required for locating ORBs over a TCP/IP network, using + * either IIOP or IIOP/SSL for communication. + * + * This class extends TAO_IIOP_Profile to support secure + * communication using SSL. + */ + class TAO_SSLIOP_Export TAO_SSLIOP_Profile : public TAO_IIOP_Profile + { + public: + /// Profile constructor, same as above except the object_key has + /// already been marshaled. + TAO_SSLIOP_Profile (const ACE_INET_Addr & addr, + const TAO::ObjectKey & object_key, + const TAO_GIOP_Message_Version & version, + TAO_ORB_Core * orb_core, + const ::SSLIOP::SSL * ssl_component); + + /// Profile constructor, this is the most efficient since it + /// doesn't require any address resolution processing. + TAO_SSLIOP_Profile (const char *host, + CORBA::UShort port, + const TAO::ObjectKey & object_key, + const ACE_INET_Addr & addr, + const TAO_GIOP_Message_Version & version, + TAO_ORB_Core * orb_core, + const ::SSLIOP::SSL * ssl_component); + + /// Create profile with the given SSLIOP tagged component. + TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core, + const ::SSLIOP::SSL * ssl_component); + + /// Profile constructor, default. + TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core); + + // = Please see Profile.h for the documentation of these methods. + virtual int decode (TAO_InputCDR& cdr); + virtual int encode_endpoints (void); + virtual TAO_Endpoint *endpoint (void); + + /** + * Override parse_string() from the base class to update the SSL + * endpoint's iiop endpoint once the base class has completed + * parsing the string. + *@par + * Initialize this object using the given input string. + * URL-style string contain only one endpoint. + */ + virtual void parse_string (const char * string + ACE_ENV_ARG_DECL); + + /** + * Add @a endp to this profile's list of endpoints (it is + * inserted next to the head of the list). This profiles takes + * ownership of @a endp. If @a endp's @c iiop_endpoint_ member + * is not 0, it is added to our parent's class endpoint list. + */ + void add_endpoint (TAO_SSLIOP_Endpoint * endp); + + protected: + + /// Destructor. + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechanism. + */ + ~TAO_SSLIOP_Profile (void); + + /// Profile equivalence template method. + /** + * @see TAO_Profile::do_is_equivalent() + */ + virtual CORBA::Boolean do_is_equivalent ( + const TAO_Profile * other_profile); + + private: + + /** + * Helper for @c decode. Decodes TAO_TAG_SSL_ENDPOINTS from a + * tagged component. Decode only if RTCORBA is enabled. + * + * @return 0 on success and -1 on failure. + * + * @note This should be enabled only when RTCORBA is enabled, + * but sadly others pay the price (of footprint) under + * normal operations. + */ + int decode_tagged_endpoints (void); + + /** + * Head of this profile's list of endpoints. This endpoint is + * not dynamically allocated because a profile always contains + * at least one endpoint. + * @par + * Currently, a profile contains more than one endpoint, i.e., + * list contains more than just the head, only when RTCORBA is + * enabled. However, in the near future, this will be used in + * non-RT mode as well, e.g., to support @c + * TAG_ALTERNATE_IIOP_ADDRESS feature. + * @par + * Since SSLIOP profile is an extension of IIOP profile, its + * addressing info is contained in two places: IIOP parent + * class contains all iiop addressing while this class contains + * SSL-specific addressing additions to iiop. This means that + * there are two lists of endpoints: one maintained in the + * parent class and one maintained here. Each ssl endpoint + * maintains a pointer to its counterpart in the parent class + * endpoint list. + * @par + * For transmission of IIOP addressing information, see + * @c TAO_IIOP_Profile. Addressing info of the default SSL + * endpoint, i.e., head of the list, is transmitted using + * standard SSLIOP::TAG_SSL_SEC_TRANS tagged component. See + * @c encode_endpoints method documentation above for how the + * rest of the SSL endpoint list is transmitted. + */ + TAO_SSLIOP_Endpoint ssl_endpoint_; + }; + +// } // End SSLIOP namespace. +// } // End TAO namespace. -/** - * @class TAO_SSLIOP_Profile - * - * @brief This class defines the protocol specific attributes required - * for locating ORBs over a TCP/IP network, using either IIOP or - * IIOP/SSL for communication. - * - * This class extends TAO_IIOP_Profile to support secure - * communication using SSL. - */ -class TAO_SSLIOP_Export TAO_SSLIOP_Profile : public TAO_IIOP_Profile -{ -public: - /// Profile constructor, same as above except the object_key has - /// already been marshaled. - TAO_SSLIOP_Profile (const ACE_INET_Addr & addr, - const TAO::ObjectKey & object_key, - const TAO_GIOP_Message_Version & version, - TAO_ORB_Core * orb_core, - const SSLIOP::SSL * ssl_component); - - /// Profile constructor, this is the most efficient since it - /// doesn't require any address resolution processing. - TAO_SSLIOP_Profile (const char *host, - CORBA::UShort port, - const TAO::ObjectKey & object_key, - const ACE_INET_Addr & addr, - const TAO_GIOP_Message_Version & version, - TAO_ORB_Core * orb_core, - const SSLIOP::SSL * ssl_component); - - /// Create profile with the given SSLIOP tagged component. - TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core, - const SSLIOP::SSL * ssl_component); - - /// Profile constructor, default. - TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core); - - /// Destructor is to be called only through _decr_refcnt(). - ~TAO_SSLIOP_Profile (void); - - // = Please see Profile.h for the documentation of these methods. - virtual int decode (TAO_InputCDR& cdr); - virtual int encode_endpoints (void); - virtual TAO_Endpoint *endpoint (void); - - /** - * Override parse_string() from the base class to update the ssl - * endpoint's iiop endpoint once the base class has completed parsing - * the string. - *@par - * Initialize this object using the given input string. - * Url-style string contain only one endpoint. - */ - virtual void parse_string (const char * string - ACE_ENV_ARG_DECL); - - /** - * Add <endp> to this profile's list of endpoints (it is inserted - * next to the head of the list). This profiles takes ownership of - * <endp>. If <endp>'s <iiop_endpoint_> member is not 0, it is - * added to our parent's class endpoint list. - */ - void add_endpoint (TAO_SSLIOP_Endpoint * endp); - -protected: - - /// Profile equivalence template method. - /** - * @see TAO_Profile::do_is_equivalent() - */ - virtual CORBA::Boolean do_is_equivalent (const TAO_Profile * other_profile); - -private: - - /** - * Helper for <decode>. Decodes TAO_TAG_SSL_ENDPOINTS from a tagged - * component. Decode only if RTCORBA is enabled. Return 0 on - * success and -1 on failure. - * - * @NOTE: This should be enabled only when RTCORBA is enabled, but - * sadly others pay the price (of footprint) under normal - * operations. - */ - int decode_tagged_endpoints (void); - - /** - * Head of this profile's list of endpoints. This endpoint is not - * dynamically allocated because a profile always contains at least - * one endpoint. - * @par - * Currently, a profile contains more than one endpoint, i.e., list - * contains more than just the head, only when RTCORBA is enabled. - * However, in the near future, this will be used in nonRT mode as - * well, e.g., to support TAG_ALTERNATE_IIOP_ADDRESS feature. - * @par - * Since SSLIOP profile is an extension of IIOP profile, its - * addressing info is contained in two places: IIOP parent class - * contains all iiop addressing while this class contains - * ssl-specific addressing additions to iiop. This means that - * there are two lists of endpoints: one maintained in the parent - * class and one maintained here. Each ssl endpoint maintains a - * pointer to its counterpart in the parent class endpoint list. - * @par - * For transmission of iiop addressing information, see - * TAO_IIOP_Profile. Addressing info of the default ssl endpoint, - * i.e., head of the list, is transmitted using standard - * SSLIOP::TAG_SSL_SEC_TRANS tagged component. See - * <encode_endpoints> method documentation above for how the rest of - * the ssl endpoint list is transmitted. - */ - TAO_SSLIOP_Endpoint ssl_endpoint_; -}; #if defined (__ACE_INLINE__) # include "SSLIOP_Profile.i" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ReceivedCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ReceivedCredentials.cpp deleted file mode 100644 index d7e23ac18b8..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ReceivedCredentials.cpp +++ /dev/null @@ -1,113 +0,0 @@ -// -*- C++ -*- - -#include "SSLIOP_ReceivedCredentials.h" -#include "tao/ORB_Constants.h" - -ACE_RCSID (TAO_SSLIOP, - SSLIOP_ReceivedCredentials, - "$Id$") - - -TAO_SSLIOP_ReceivedCredentials::TAO_SSLIOP_ReceivedCredentials (X509 *cert, - EVP_PKEY *evp) - : TAO_SSLIOP_Credentials (cert, evp) -{ -} - -SecurityLevel2::Credentials_ptr -TAO_SSLIOP_ReceivedCredentials::copy (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - TAO_SSLIOP_ReceivedCredentials *c = 0; - ACE_NEW_THROW_EX (c, - TAO_SSLIOP_ReceivedCredentials (this->x509_.in (), - this->evp_.in ()), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (SecurityLevel2::Credentials::_nil ()); - - return c; -} - -Security::InvocationCredentialsType -TAO_SSLIOP_ReceivedCredentials::credentials_type ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return Security::SecReceivedCredentials; -} - -SecurityLevel2::Credentials_ptr -TAO_SSLIOP_ReceivedCredentials::accepting_credentials ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - SecurityLevel2::Credentials::_nil ()); -} - -Security::AssociationOptions -TAO_SSLIOP_ReceivedCredentials::association_options_used ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - Security::Integrity - | Security::Confidentiality - | Security::NoDelegation); -} - -Security::DelegationState -TAO_SSLIOP_ReceivedCredentials::delegation_state ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // It is not possible to perform credentials delegation with SSLIOP, - // meaning that the peer (i.e., the remote principal) is always the - // invocation initiator. - return Security::SecInitiator; -} - -Security::DelegationMode -TAO_SSLIOP_ReceivedCredentials::delegation_mode ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // SSLIOP does not support delegation. - return Security::SecDelModeNoDelegation; -} - -// --------------------------- - -TAO_SSLIOP_ReceivedCredentials_ptr -TAO_SSLIOP_ReceivedCredentials::_narrow (CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_NOT_USED) -{ - return TAO_SSLIOP_ReceivedCredentials::_duplicate ( - dynamic_cast<TAO_SSLIOP_ReceivedCredentials *> (obj)); -} - -TAO_SSLIOP_ReceivedCredentials_ptr -TAO_SSLIOP_ReceivedCredentials::_duplicate ( - TAO_SSLIOP_ReceivedCredentials_ptr obj) -{ - if (!CORBA::is_nil (obj)) - obj->_add_ref (); - - return obj; -} - -// ----------------------------------------------------------- - -int TAO_SSLIOP_ReceivedCredentials::_tao_class_id = 0; diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ReceivedCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ReceivedCredentials.h deleted file mode 100644 index f7d1e4649ed..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ReceivedCredentials.h +++ /dev/null @@ -1,114 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_ReceivedCredentials.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - -#ifndef TAO_SSLIOP_RECEIVED_CREDENTIALS_H -#define TAO_SSLIOP_RECEIVED_CREDENTIALS_H - -#include /**/ "ace/pre.h" - -#include "SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "SSLIOP_Credentials.h" - -class TAO_SSLIOP_ReceivedCredentials; -typedef TAO_SSLIOP_ReceivedCredentials* TAO_SSLIOP_ReceivedCredentials_ptr; - -/** - * @class TAO_SSLIOP_ReceivedCredentials - * - * @brief SSLIOP-specific implementation of the - * SecurityLevel2::ReceivedCredentials interface. - * - * An SSLIOP "received credential" encapsulates the peers X.509 - * certificate. - */ -class TAO_SSLIOP_ReceivedCredentials - : public virtual TAO_SSLIOP_Credentials, - public virtual SecurityLevel2::ReceivedCredentials -{ -public: - - /// Constructor. - TAO_SSLIOP_ReceivedCredentials (X509 *cert, EVP_PKEY *evp); - - /** - * @name SecurityLevel2::Credentials Methods - * - * SecurityLevel2::Credentials methods implemented for - * SecurityLevel2::ReceivedCredentials. - */ - //@{ - virtual SecurityLevel2::Credentials_ptr copy ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::InvocationCredentialsType credentials_type ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /** - * @name SecurityLevel2::ReceivedCredentials Methods - * - * Methods required by the SecurityLevel2::ReceivedCredentials - * interface. - */ - //@{ - virtual SecurityLevel2::Credentials_ptr accepting_credentials ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AssociationOptions association_options_used ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::DelegationState delegation_state ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::DelegationMode delegation_mode ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - //@{ -#if !defined(__GNUC__) || !defined (ACE_HAS_GNUG_PRE_2_8) - typedef TAO_SSLIOP_ReceivedCredentials_ptr _ptr_type; - // typedef TAO_SSLIOP_ReceivedCredentials_var _var_type; -#endif /* ! __GNUC__ || g++ >= 2.8 */ - - static int _tao_class_id; - - // The static operations. - static TAO_SSLIOP_ReceivedCredentials_ptr _duplicate (TAO_SSLIOP_ReceivedCredentials_ptr obj); - - static TAO_SSLIOP_ReceivedCredentials_ptr _narrow ( - CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_WITH_DEFAULTS - ); - - static TAO_SSLIOP_ReceivedCredentials_ptr _nil (void) - { - return (TAO_SSLIOP_ReceivedCredentials_ptr)0; - } - //@} - -}; - - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_RECEIVED_CREDENTIALS_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp index 5cea912c202..900c512b303 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp @@ -1,91 +1,132 @@ -// -*- C++ -*- - #include "SSLIOP_TargetCredentials.h" #include "tao/ORB_Constants.h" -ACE_RCSID (TAO_SSLIOP, + +ACE_RCSID (SSLIOP, SSLIOP_TargetCredentials, "$Id$") -TAO_SSLIOP_TargetCredentials::TAO_SSLIOP_TargetCredentials (X509 *cert, - EVP_PKEY *evp) - : TAO_SSLIOP_Credentials (cert, evp) +TAO::SSLIOP::TargetCredentials::TargetCredentials (::X509 *cert, + ::EVP_PKEY *evp) + : Credentials (cert, evp) { } -SecurityLevel2::Credentials_ptr -TAO_SSLIOP_TargetCredentials::copy (ACE_ENV_SINGLE_ARG_DECL) + +SecurityLevel3::CredentialsType +TAO::SSLIOP::TargetCredentials::creds_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { - TAO_SSLIOP_TargetCredentials *c = 0; - ACE_NEW_THROW_EX (c, - TAO_SSLIOP_TargetCredentials (this->x509_.in (), - this->evp_.in ()), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (SecurityLevel2::Credentials::_nil ()); + return SecurityLevel3::CT_TargetCredentials; +} - return c; +char * +TAO::SSLIOP::TargetCredentials::context_id (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } -Security::InvocationCredentialsType -TAO_SSLIOP_TargetCredentials::credentials_type ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +SecurityLevel3::Principal * +TAO::SSLIOP::TargetCredentials::client_principal (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - return Security::SecTargetCredentials; + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } -SecurityLevel2::Credentials_ptr -TAO_SSLIOP_TargetCredentials::initiating_credentials ( +SecurityLevel3::StatementList * +TAO::SSLIOP::TargetCredentials::client_supporting_statements ( ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - SecurityLevel2::Credentials::_nil ()); + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } -Security::AssociationOptions -TAO_SSLIOP_TargetCredentials::association_options_used ( +SecurityLevel3::ResourceNameList * +TAO::SSLIOP::TargetCredentials::client_restricted_resources ( ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::Principal * +TAO::SSLIOP::TargetCredentials::target_principal (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::StatementList * +TAO::SSLIOP::TargetCredentials::target_supporting_statements ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::ResourceNameList * +TAO::SSLIOP::TargetCredentials::target_restricted_resources ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +SecurityLevel3::OwnCredentials_ptr +TAO::SSLIOP::TargetCredentials::parent_credentials (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), + SecurityLevel3::OwnCredentials::_nil ()); } -// --------------------------- +CORBA::Boolean +TAO::SSLIOP::TargetCredentials::client_authentication (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} -TAO_SSLIOP_TargetCredentials_ptr -TAO_SSLIOP_TargetCredentials::_narrow (CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_NOT_USED) +CORBA::Boolean +TAO::SSLIOP::TargetCredentials::target_authentication (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) { - return TAO_SSLIOP_TargetCredentials::_duplicate ( - dynamic_cast<TAO_SSLIOP_TargetCredentials *> (obj)); + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } -TAO_SSLIOP_TargetCredentials_ptr -TAO_SSLIOP_TargetCredentials::_duplicate ( - TAO_SSLIOP_TargetCredentials_ptr obj) +CORBA::Boolean +TAO::SSLIOP::TargetCredentials::confidentiality (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) { - if (!CORBA::is_nil (obj)) - obj->_add_ref (); + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} - return obj; +CORBA::Boolean +TAO::SSLIOP::TargetCredentials::integrity (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } -// ----------------------------------------------------------- +CORBA::Boolean +TAO::SSLIOP::TargetCredentials::target_embodied (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} + +CORBA::Boolean +TAO::SSLIOP::TargetCredentials::target_endorsed (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); +} -int TAO_SSLIOP_TargetCredentials::_tao_class_id = 0; +void +TAO::SSLIOP::TargetCredentials::release (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW (CORBA::NO_IMPLEMENT ()); +} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h index 736d03bd03b..e4ae65b222f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h @@ -23,82 +23,102 @@ #include "SSLIOP_Credentials.h" -class TAO_SSLIOP_TargetCredentials; -typedef TAO_SSLIOP_TargetCredentials* TAO_SSLIOP_TargetCredentials_ptr; - -/** - * @class TAO_SSLIOP_TargetCredentials - * - * @brief SSLIOP-specific implementation of the - * SecurityLevel2::TargetCredentials interface. - * - * - */ -class TAO_SSLIOP_TargetCredentials - : public virtual TAO_SSLIOP_Credentials, - public virtual SecurityLevel2::TargetCredentials +namespace TAO { -public: - - TAO_SSLIOP_TargetCredentials (X509 *cert, EVP_PKEY *evp); - - /** - * @name SecurityLevel2::Credentials Methods - * - * SecurityLevel2::Credentials methods implemented for - * SecurityLevel2::TargetCredentials. - */ - //@{ - virtual SecurityLevel2::Credentials_ptr copy ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::InvocationCredentialsType credentials_type ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /** - * @name SecurityLevel2::TargetCredentials Methods - * - * Methods required by the SecurityLevel2::TargetCredentials - * interface. - */ - //@{ - virtual SecurityLevel2::Credentials_ptr initiating_credentials ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AssociationOptions association_options_used ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - //@{ -#if !defined(__GNUC__) || !defined (ACE_HAS_GNUG_PRE_2_8) - typedef TAO_SSLIOP_TargetCredentials_ptr _ptr_type; - // typedef TAO_SSLIOP_TargetCredentials_var _var_type; -#endif /* ! __GNUC__ || g++ >= 2.8 */ - - static int _tao_class_id; - - // The static operations. - static TAO_SSLIOP_TargetCredentials_ptr _duplicate (TAO_SSLIOP_TargetCredentials_ptr obj); - - static TAO_SSLIOP_TargetCredentials_ptr _narrow ( - CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_WITH_DEFAULTS - ); - - static TAO_SSLIOP_TargetCredentials_ptr _nil (void) + namespace SSLIOP + { + /** + * @class TargetCredentials + * + * @brief SSLIOP-specific implementation of the + * SecurityLevel3::TargetCredentials interface. + * + * This class implements SSLIOP-specific + * SecurityLevel3::TargetCredentials. + */ + class TAO_SSLIOP_Export TargetCredentials + : public virtual SecurityLevel3::TargetCredentials, + public virtual Credentials { - return (TAO_SSLIOP_TargetCredentials_ptr)0; - } - - //@} - -}; - + public: + + TargetCredentials (::X509 *cert, ::EVP_PKEY *evp); + + /** + * @name SecurityLevel3::Credentials Methods + * + * Methods required by the SecurityLevel3::Credentials + * interface. + */ + //@{ + virtual SecurityLevel3::CredentialsType creds_type ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /** + * @name SecurityLevel3::TargetCredentials Methods + * + * Methods required by the SecurityLevel3::TargetCredentials + * interface. + */ + //@{ + virtual char * context_id (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::Principal * client_principal ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::StatementList * client_supporting_statements ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::ResourceNameList * client_restricted_resources ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::Principal * target_principal ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::StatementList * target_supporting_statements ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::ResourceNameList * target_restricted_resources ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::OwnCredentials_ptr parent_credentials ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean client_authentication (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean target_authentication (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean confidentiality (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean integrity (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean target_embodied (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean target_endorsed (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void release (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + }; + } +} #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp index 7a93d319a3b..c3a337419e8 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp @@ -22,8 +22,8 @@ ACE_RCSID (SSLIOP, "$Id$") -TAO_SSLIOP_Transport::TAO_SSLIOP_Transport ( - TAO_SSLIOP_Connection_Handler *handler, +TAO::SSLIOP::Transport::Transport ( + TAO::SSLIOP::Connection_Handler *handler, TAO_ORB_Core *orb_core, CORBA::Boolean /* flag */) : TAO_Transport (IOP::TAG_INTERNET_IOP, orb_core), @@ -35,39 +35,39 @@ TAO_SSLIOP_Transport::TAO_SSLIOP_Transport ( TAO_GIOP_Message_Base (orb_core)); } -TAO_SSLIOP_Transport::~TAO_SSLIOP_Transport (void) +TAO::SSLIOP::Transport::~Transport (void) { delete this->messaging_object_; } ACE_Event_Handler * -TAO_SSLIOP_Transport::event_handler_i (void) +TAO::SSLIOP::Transport::event_handler_i (void) { return this->connection_handler_; } TAO_Connection_Handler * -TAO_SSLIOP_Transport::connection_handler_i (void) +TAO::SSLIOP::Transport::connection_handler_i (void) { return this->connection_handler_; } TAO_Pluggable_Messaging * -TAO_SSLIOP_Transport::messaging_object (void) +TAO::SSLIOP::Transport::messaging_object (void) { return this->messaging_object_; } int -TAO_SSLIOP_Transport::handle_input (TAO_Resume_Handle &rh, - ACE_Time_Value *max_wait_time, - int block) +TAO::SSLIOP::Transport::handle_input (TAO_Resume_Handle &rh, + ACE_Time_Value *max_wait_time, + int block) { int result = 0; // Set up the SSLIOP::Current object. - TAO_SSL_State_Guard ssl_state_guard (this->connection_handler_, - result); + TAO::SSLIOP::State_Guard ssl_state_guard (this->connection_handler_, + result); if (result == -1) return -1; @@ -78,10 +78,10 @@ TAO_SSLIOP_Transport::handle_input (TAO_Resume_Handle &rh, } ssize_t -TAO_SSLIOP_Transport::send (iovec *iov, - int iovcnt, - size_t &bytes_transferred, - const ACE_Time_Value *max_wait_time) +TAO::SSLIOP::Transport::send (iovec *iov, + int iovcnt, + size_t &bytes_transferred, + const ACE_Time_Value *max_wait_time) { const ssize_t retval = this->connection_handler_->peer ().sendv (iov, iovcnt, max_wait_time); @@ -93,9 +93,9 @@ TAO_SSLIOP_Transport::send (iovec *iov, } ssize_t -TAO_SSLIOP_Transport::recv (char *buf, - size_t len, - const ACE_Time_Value *max_wait_time) +TAO::SSLIOP::Transport::recv (char *buf, + size_t len, + const ACE_Time_Value *max_wait_time) { const ssize_t n = this->connection_handler_->peer ().recv (buf, len, @@ -131,11 +131,11 @@ TAO_SSLIOP_Transport::recv (char *buf, } int -TAO_SSLIOP_Transport::send_request (TAO_Stub *stub, - TAO_ORB_Core *orb_core, - TAO_OutputCDR &stream, - int message_semantics, - ACE_Time_Value *max_wait_time) +TAO::SSLIOP::Transport::send_request (TAO_Stub *stub, + TAO_ORB_Core *orb_core, + TAO_OutputCDR &stream, + int message_semantics, + ACE_Time_Value *max_wait_time) { if (this->ws_->sending_request (orb_core, message_semantics) == -1) @@ -152,10 +152,10 @@ TAO_SSLIOP_Transport::send_request (TAO_Stub *stub, } int -TAO_SSLIOP_Transport::send_message (TAO_OutputCDR &stream, - TAO_Stub *stub, - int message_semantics, - ACE_Time_Value *max_wait_time) +TAO::SSLIOP::Transport::send_message (TAO_OutputCDR &stream, + TAO_Stub *stub, + int message_semantics, + ACE_Time_Value *max_wait_time) { // Format the message in the stream first if (this->messaging_object_->format_message (stream) != 0) @@ -188,7 +188,7 @@ TAO_SSLIOP_Transport::send_message (TAO_OutputCDR &stream, int -TAO_SSLIOP_Transport::generate_request_header ( +TAO::SSLIOP::Transport::generate_request_header ( TAO_Operation_Details &opdetails, TAO_Target_Specification &spec, TAO_OutputCDR &msg) @@ -219,8 +219,8 @@ TAO_SSLIOP_Transport::generate_request_header ( } int -TAO_SSLIOP_Transport::messaging_init (CORBA::Octet major, - CORBA::Octet minor) +TAO::SSLIOP::Transport::messaging_init (CORBA::Octet major, + CORBA::Octet minor) { this->messaging_object_->init (major, minor); @@ -229,13 +229,13 @@ TAO_SSLIOP_Transport::messaging_init (CORBA::Octet major, int -TAO_SSLIOP_Transport::tear_listen_point_list (TAO_InputCDR &cdr) +TAO::SSLIOP::Transport::tear_listen_point_list (TAO_InputCDR &cdr) { CORBA::Boolean byte_order; if ((cdr >> ACE_InputCDR::to_boolean (byte_order)) == 0) return -1; - cdr.reset_byte_order (ACE_static_cast (int, byte_order)); + cdr.reset_byte_order (static_cast<int> (byte_order)); IIOP::ListenPointList listen_list; if ((cdr >> listen_list) == 0) @@ -251,7 +251,8 @@ TAO_SSLIOP_Transport::tear_listen_point_list (TAO_InputCDR &cdr) void -TAO_SSLIOP_Transport::set_bidir_context_info (TAO_Operation_Details &opdetails) +TAO::SSLIOP::Transport::set_bidir_context_info ( + TAO_Operation_Details &opdetails) { // Get a handle on to the acceptor registry TAO_Acceptor_Registry &ar = @@ -298,13 +299,12 @@ TAO_SSLIOP_Transport::set_bidir_context_info (TAO_Operation_Details &opdetails) int -TAO_SSLIOP_Transport::get_listen_point ( +TAO::SSLIOP::Transport::get_listen_point ( IIOP::ListenPointList &listen_point_list, TAO_Acceptor *acceptor) { - TAO_SSLIOP_Acceptor *ssliop_acceptor = - ACE_dynamic_cast (TAO_SSLIOP_Acceptor *, - acceptor); + TAO::SSLIOP::Acceptor *ssliop_acceptor = + dynamic_cast<TAO::SSLIOP::Acceptor *> (acceptor); if (ssliop_acceptor == 0) return -1; @@ -320,7 +320,7 @@ TAO_SSLIOP_Transport::get_listen_point ( // The SSL port is stored in the SSLIOP::SSL component associated // with the SSLIOP_Acceptor. - const SSLIOP::SSL &ssl = ssliop_acceptor->ssl_component (); + const ::SSLIOP::SSL &ssl = ssliop_acceptor->ssl_component (); // Get the local address of the connection ACE_INET_Addr local_addr; diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h index 770ba31d602..67ff72eaac9 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h @@ -36,121 +36,119 @@ #include "ace/Svc_Handler.h" // Forward decls. -class TAO_SSLIOP_Handler_Base; -class TAO_SSLIOP_Connection_Handler; class TAO_ORB_Core; class TAO_Pluggable_Messaging; class TAO_Acceptor; -typedef ACE_Svc_Handler<ACE_SSL_SOCK_STREAM, ACE_NULL_SYNCH> - TAO_SSL_SVC_HANDLER; - - -class TAO_SSLIOP_Export TAO_SSLIOP_Transport : public TAO_Transport +namespace TAO { -public: - - /// Constructor. - TAO_SSLIOP_Transport (TAO_SSLIOP_Connection_Handler *handler, - TAO_ORB_Core *orb_core, - CORBA::Boolean flag); - - /// Default destructor. - ~TAO_SSLIOP_Transport (void); - -#if 0 - /// Return the connection service handler - TAO_SSL_SVC_HANDLER *service_handler (void); - - /// The TAO_Transport methods, please check the documentation in - /// "tao/Pluggable.h" for more details. - virtual ACE_HANDLE handle (void); -#endif - - - /// Overload of the handle_input () in the TAO_Transport - /// class. This is required to set up the state guard. The - /// thread-per-connection and wait on RW strategies call this - /// handle_input (). - virtual int handle_input (TAO_Resume_Handle &rh, - ACE_Time_Value *max_wait_time = 0, - int block = 0); -protected: - /** @name Overridden Template Methods - * - * These are implementations of template methods declared by TAO_Transport. - */ - //@{ - - virtual ACE_Event_Handler * event_handler_i (void); - virtual TAO_Connection_Handler *connection_handler_i (void); - - virtual TAO_Pluggable_Messaging *messaging_object (void); - - - /// Write the complete Message_Block chain to the connection. - virtual ssize_t send (iovec *iov, int iovcnt, - size_t &bytes_transferred, - const ACE_Time_Value *timeout = 0); - - /// Read len bytes from into buf. - virtual ssize_t recv (char *buf, - size_t len, - const ACE_Time_Value *s = 0); - -public: - /// @@TODO: These methods IMHO should have more meaningful - /// names. The names seem to indicate nothing. - virtual int send_request (TAO_Stub *stub, - TAO_ORB_Core *orb_core, - TAO_OutputCDR &stream, - int message_semantics, - ACE_Time_Value *max_wait_time); - - virtual int send_message (TAO_OutputCDR &stream, - TAO_Stub *stub = 0, - int message_semantics = TAO_Transport::TAO_TWOWAY_REQUEST, - ACE_Time_Value *max_time_wait = 0); - - virtual int generate_request_header (TAO_Operation_Details &opdetails, - TAO_Target_Specification &spec, - TAO_OutputCDR &msg); - - /// Initialising the messaging object - virtual int messaging_init (CORBA::Octet major, - CORBA::Octet minor); - - /// Open teh service context list and process it. - virtual int tear_listen_point_list (TAO_InputCDR &cdr); - -#if 0 - // Access the connection handler - virtual TAO_Connection_Handler* connection_handler (void) const; -#endif - - //@} - -private: - - /// Set the Bidirectional context info in the service context list - void set_bidir_context_info (TAO_Operation_Details &opdetails); - - /// Add the listen points in <acceptor> to the <listen_point_list> - /// if this connection is in the same interface as that of the - /// endpoints in the <acceptor> - int get_listen_point (IIOP::ListenPointList &listen_point_list, - TAO_Acceptor *acceptor); - -private: - - /// The connection service handler used for accessing lower layer - /// communication protocols. - TAO_SSLIOP_Connection_Handler *connection_handler_; - - /// Our messaging object. - TAO_Pluggable_Messaging *messaging_object_; -}; - + namespace SSLIOP + { + typedef ACE_Svc_Handler<ACE_SSL_SOCK_STREAM, ACE_NULL_SYNCH> SVC_HANDLER; + + class Handler_Base; + class Connection_Handler; + + /** + * @class Transport + * + * @brief SSLIOP-specific transport implementation. + * + * SSLIOP-specific transport implementation. + */ + class TAO_SSLIOP_Export Transport : public TAO_Transport + { + public: + + /// Constructor. + Transport (Connection_Handler *handler, + TAO_ORB_Core *orb_core, + CORBA::Boolean flag); + + /// Default destructor. + ~Transport (void); + + /// Overload of the handle_input () in the TAO_Transport + /// class. This is required to set up the state guard. The + /// thread-per-connection and wait on RW strategies call this + /// handle_input (). + virtual int handle_input (TAO_Resume_Handle &rh, + ACE_Time_Value *max_wait_time = 0, + int block = 0); + + protected: + /** @name Overridden Template Methods + * + * These are implementations of template methods declared by + * TAO_Transport. + */ + //@{ + virtual ACE_Event_Handler * event_handler_i (void); + virtual TAO_Connection_Handler *connection_handler_i (void); + + virtual TAO_Pluggable_Messaging *messaging_object (void); + + /// Write the complete Message_Block chain to the connection. + virtual ssize_t send (iovec *iov, int iovcnt, + size_t &bytes_transferred, + const ACE_Time_Value *timeout = 0); + + /// Read len bytes from into buf. + virtual ssize_t recv (char *buf, + size_t len, + const ACE_Time_Value *s = 0); + + public: + /// @todo These methods IMHO should have more meaningful + /// names. The names seem to indicate nothing. + virtual int send_request (TAO_Stub *stub, + TAO_ORB_Core *orb_core, + TAO_OutputCDR &stream, + int message_semantics, + ACE_Time_Value *max_wait_time); + + virtual int send_message (TAO_OutputCDR &stream, + TAO_Stub *stub = 0, + int message_semantics = + TAO_Transport::TAO_TWOWAY_REQUEST, + ACE_Time_Value *max_time_wait = 0); + + virtual int generate_request_header (TAO_Operation_Details &opdetails, + TAO_Target_Specification &spec, + TAO_OutputCDR &msg); + + /// Initialising the messaging object + virtual int messaging_init (CORBA::Octet major, + CORBA::Octet minor); + + /// Open teh service context list and process it. + virtual int tear_listen_point_list (TAO_InputCDR &cdr); + //@} + + private: + + /// Set the Bidirectional context info in the service context + /// list. + void set_bidir_context_info (TAO_Operation_Details &opdetails); + + /// Add the listen points in @a acceptor to the @a + /// listen_point_list if this connection is in the same + /// interface as that of the endpoints in the @a acceptor. + int get_listen_point (IIOP::ListenPointList &listen_point_list, + TAO_Acceptor *acceptor); + + private: + + /// The connection service handler used for accessing lower layer + /// communication protocols. + Connection_Handler *connection_handler_; + + /// Our messaging object. + TAO_Pluggable_Messaging *messaging_object_; + }; + + } // End SSLIOP namespace. +} // End TAO namespace. #include /**/ "ace/post.h" #endif /* TAO_SSLIOP_TRANSPORT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.cpp index d72b4869017..2ae4d2713c8 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.cpp @@ -1,9 +1,7 @@ -// -*- C++ -*- - #include "SSLIOP_Util.h" -ACE_RCSID (TAO_SSLIOP, +ACE_RCSID (SSLIOP, SSLIOP_Util, "$Id$") @@ -16,9 +14,10 @@ ACE_RCSID (TAO_SSLIOP, int -TAO_SSLIOP_Util::setup_handler_state (TAO_ORB_Core *orb_core, - TAO_IIOP_Properties *tcp_properties, - TAO_SSLIOP_Connection_Handler_State &s) +TAO::SSLIOP::Util::setup_handler_state ( + TAO_ORB_Core *orb_core, + TAO_IIOP_Properties *tcp_properties, + TAO::SSLIOP::Connection_Handler_State &s) { ACE_DECLARE_NEW_CORBA_ENV; ACE_TRY @@ -33,17 +32,9 @@ TAO_SSLIOP_Util::setup_handler_state (TAO_ORB_Core *orb_core, ACE_ENV_ARG_PARAMETER); ACE_TRY_CHECK; - SSLIOP::Current_var current = - SSLIOP::Current::_narrow (obj.in () - ACE_ENV_ARG_PARAMETER); - ACE_TRY_CHECK; - - if (CORBA::is_nil (current.in ())) - ACE_TRY_THROW (CORBA::INV_OBJREF ()); - - TAO_SSLIOP_Current_var tao_current = - TAO_SSLIOP_Current::_narrow (current.in () - ACE_ENV_ARG_PARAMETER); + TAO::SSLIOP::Current_var tao_current = + TAO::SSLIOP::Current::_narrow (obj.in () + ACE_ENV_ARG_PARAMETER); ACE_TRY_CHECK; if (CORBA::is_nil (tao_current.in ())) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.h index 3ae59e37073..29b9ffe1496 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.h @@ -27,28 +27,37 @@ class TAO_ORB_Core; class TAO_IIOP_Properties; -class TAO_SSLIOP_Connection_Handler_State; -/** - * @class TAO_SSLIOP_Util - * - * @brief Class that provides utility/helper methods for several - * classes in the SSLIOP pluggable protocol. - * - * Methods useful to many classes in the SSLIOP pluggable protocol are - * centrally located in this uility class. - */ -class TAO_SSLIOP_Util +namespace TAO { -public: + namespace SSLIOP + { + class Connection_Handler_State; + + /** + * @class Util + * + * @brief Class that provides utility/helper methods for several + * classes in the SSLIOP pluggable protocol. + * + * Methods useful to many classes in the SSLIOP pluggable protocol + * are centrally located in this uility class. + */ + class Util + { + public: + + /// Setup the state that will be passed to the connection handler + /// when the handler is constructed. + static int setup_handler_state ( + TAO_ORB_Core *orb_core, + TAO_IIOP_Properties *tcp_properties, + Connection_Handler_State &state); - /// Setup the state that will be passed to the connection handler - /// when the handler is constructed. - static int setup_handler_state (TAO_ORB_Core *orb_core, - TAO_IIOP_Properties *tcp_properties, - TAO_SSLIOP_Connection_Handler_State &state); + }; -}; + } // End SSLIOP namespace. +} // End TAO namespace. #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.cpp deleted file mode 100644 index 2361e98c88c..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.cpp +++ /dev/null @@ -1,388 +0,0 @@ -#include "SSLIOP_Vault.h" - -ACE_RCSID (SSLIOP, - SSLIOP_Vault, - "$Id$") - - -#include <openssl/x509.h> -#include <openssl/pem.h> - -#include "SSLIOP_Credentials.h" - -#include "tao/debug.h" -#include "tao/ORB_Constants.h" - -#include "ace/SSL/SSL_Context.h" - -#include "ace/OS_NS_stdio.h" - -extern "C" -int -TAO_SSLIOP_password_callback (char *buf, - int size, - int /* rwflag */, - void *userdata) -{ - // @@ I'm probably over complicating this implementation, but that's - // what you get when you try to be overly efficient. :-) - // -Ossama - - const char *password = ACE_static_cast (char *, userdata); - - int pwlen = -1; - - if (password != 0) - { - pwlen = ACE_OS::strlen (password); - - int copy_len = pwlen + 1; // Include the NULL terminator - - // Clear the portion of the buffer that exceeds the space that - // will be occupied by the password. - if (copy_len < size) - ACE_OS::memset (buf + copy_len, 0, size - copy_len); - - // Make sure we don't overflow the OpenSSL supplied buffer. - // Truncate the password if necessary. - copy_len = (copy_len > size) ? size : copy_len; - - ACE_OS::memcpy (buf, password, copy_len); - - // NULL terminate the truncated password. - if (copy_len > size) - { - pwlen = size - 1; - buf[pwlen] = '\0'; - } - } - - return pwlen; -} - - -TAO_SSLIOP_Vault::TAO_SSLIOP_Vault (void) -{ -} - -TAO_SSLIOP_Vault::~TAO_SSLIOP_Vault (void) -{ -} - -Security::AuthenticationMethodList * -TAO_SSLIOP_Vault::get_supported_authen_methods ( - const char * /* mechanism */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); -} - -Security::OIDList * -TAO_SSLIOP_Vault::supported_mech_oids (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); -} - -Security::AuthenticationStatus -TAO_SSLIOP_Vault::acquire_credentials ( - Security::AuthenticationMethod /* method */, - const char * mechanism, - const char * /* security_name */, - const CORBA::Any & auth_data, - const Security::AttributeList & /* privileges */, - SecurityLevel2::Credentials_out creds, - CORBA::Any_out /* continuation_data */, - CORBA::Any_out /* auth_specific_data */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // Check if we support the given mechanism. - // - // @@ FIXME: "SSL" may not be correct. We really should figure out - // what mechanism(s) is/are valid. - if (ACE_OS::strcmp (mechanism, "SSL") != 0) - return Security::SecAuthFailure; - - SSLIOP::AuthData *data; - - if (!(auth_data >>= data)) - ACE_THROW_RETURN (CORBA::BAD_PARAM (), Security::SecAuthFailure); - - TAO_SSLIOP_X509_var x509 = this->make_X509 (data->certificate); - - if (x509.in () == 0) - return Security::SecAuthFailure; - - TAO_SSLIOP_EVP_PKEY_var evp = this->make_EVP_PKEY (data->key); - - if (evp.in () == 0) - return Security::SecAuthFailure; - - // Verify that the private key is consistent with the certificate. - if (::X509_check_private_key (x509.in (), evp.in ()) != 1) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("(%P|%t) ERROR: Private key is not ") - ACE_TEXT ("consistent with X.509 certificate"))); - - return Security::SecAuthFailure; - } - - ACE_NEW_THROW_EX (creds, - TAO_SSLIOP_Credentials (x509.in (), evp.in ()), - CORBA::NO_MEMORY ()); - ACE_CHECK_RETURN (Security::SecAuthFailure); - - return Security::SecAuthSuccess; -} - -Security::AuthenticationStatus -TAO_SSLIOP_Vault::continue_credentials_acquisition ( - const CORBA::Any & /* response_data */, - SecurityLevel2::Credentials_ptr /* creds */, - CORBA::Any_out /* continuation_data */, - CORBA::Any_out /* auth_specific_data */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - Security::SecAuthFailure); -} - -IOP::TaggedComponentList * -TAO_SSLIOP_Vault::create_ior_components ( - SecurityLevel2::Credentials_ptr /* creds_list */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); -} - -Security::AssociationStatus -TAO_SSLIOP_Vault::init_security_context ( - SecurityLevel2::Credentials_ptr /* creds */, - const char * /* target_security_name */, - CORBA::Object_ptr /* target */, - Security::DelegationMode /* delegation_mode */, - const Security::OptionsDirectionPairList & /* association_options */, - const char * /* mechanism */, - const Security::Opaque & /* comp_data */, - const Security::ChannelBindings & /* chan_binding */, - Security::OpaqueBuffer_out /* security_token */, - SecurityReplaceable::ClientSecurityContext_out /* security_context */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - Security::SecAssocFailure); -} - -Security::AssociationStatus -TAO_SSLIOP_Vault::accept_security_context ( - const SecurityLevel2::CredentialsList & /* creds_list */, - const Security::ChannelBindings & /* chan_bindings */, - const Security::Opaque & /* in_token */, - Security::Opaque_out /* out_token */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - Security::SecAssocFailure); -} - -Security::MechandOptionsList * -TAO_SSLIOP_Vault::get_supported_mechs ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); -} - -X509 * -TAO_SSLIOP_Vault::make_X509 (const SSLIOP::File &certificate) -{ - // No password is used or needed when reading ASN.1 encoded - // certificates. - - const char *filename = certificate.filename.in (); - - if (filename == 0) - return 0; - - FILE *fp = 0; - X509 *x = 0; - - if (certificate.type == SSLIOP::ASN1) - { - // ASN.1/DER encoded certificate - - // No password is used or needed when reading ASN.1 encoded - // certificates. - - const char *filename = certificate.filename.in (); - - if (filename == 0) - return 0; - - fp = ACE_OS::fopen (filename, "rb"); - - if (fp == 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP_Vault::make_X509 - %p\n"), - ACE_TEXT ("fopen"))); - - return 0; - } - - // Read ASN.1 / DER encoded X.509 certificate from a file, and - // convert it to OpenSSL's internal X.509 format. - x = ::d2i_X509_fp (fp, 0); - } - else - { - // PEM encoded certificate - - fp = ACE_OS::fopen (filename, "r"); - - if (fp == 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP_Vault::make_X509 - %p\n"), - ACE_TEXT ("fopen"))); - - return 0; - } - - const char *password = certificate.password.in (); - - // Read PEM encoded X.509 certificate from a file, and convert - // it to OpenSSL's internal X.509 format. - x = PEM_read_X509 (fp, - 0, - TAO_SSLIOP_password_callback, - ACE_const_cast (char *, password)); - } - - (void) ACE_OS::fclose (fp); - - if (x == 0 && TAO_debug_level > 0) - ACE_SSL_Context::report_error (); - - return x; -} - -EVP_PKEY * -TAO_SSLIOP_Vault::make_EVP_PKEY (const SSLIOP::File &key) -{ - // No password is used or needed when reading ASN.1 encoded - // private keys. - - const char *filename = key.filename.in (); - - if (filename == 0) - return 0; - - FILE *fp = 0; - EVP_PKEY *evp = 0; - - if (key.type == SSLIOP::ASN1) - { - // ASN.1/DER encoded private key - - // No password is used or needed when reading ASN.1 encoded - // private keys. - - const char *filename = key.filename.in (); - - if (filename == 0) - return 0; - - fp = ACE_OS::fopen (filename, "rb"); - - if (fp == 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP_Vault::make_EVP_PKEY ") - ACE_TEXT ("- %p\n"), - ACE_TEXT ("fopen"))); - - return 0; - } - - // Read ASN.1 / DER encoded private key from a file, and convert - // it to OpenSSL's internal private key format. - evp = ::d2i_PrivateKey_fp (fp, 0); - } - else - { - // PEM encoded private key - - fp = ACE_OS::fopen (filename, "r"); - - if (fp == 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP_Vault::make_EVP_PKEY ") - ACE_TEXT ("- %p\n"), - ACE_TEXT ("fopen"))); - - return 0; - } - - const char *password = key.password.in (); - - // Read PEM encoded private key from a file, and convert it to - // OpenSSL's internal private key format. - evp = PEM_read_PrivateKey (fp, - 0, - TAO_SSLIOP_password_callback, - ACE_const_cast (char *, password)); - } - - (void) ACE_OS::fclose (fp); - - if (evp == 0 && TAO_debug_level > 0) - ACE_SSL_Context::report_error (); - - return evp; -} diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.h deleted file mode 100644 index 2385ba7a70a..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.h +++ /dev/null @@ -1,153 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file SSLIOP_Vault.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - - -#ifndef TAO_SSLIOP_VAULT_H -#define TAO_SSLIOP_VAULT_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/orbsvcs/SecurityReplaceableC.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/orbsvcs/SSLIOPC.h" -#include "tao/LocalObject.h" - -#include <openssl/opensslconf.h> - - -/// Forward declarations for OpenSSL data structures. -extern "C" -{ - typedef struct x509_st X509; - typedef struct evp_pkey_st EVP_PKEY; -} - - -/** - * @class TAO_SSLIOP_Vault - * - * @brief SSLIOP-specific implementation of the - * SecurityReplaceable::Vault interface. - * - * This class implements the SSLIOP-specific functionality used when - * creating SSL credentials (X.509 certificates) with the - * SecurityLevel2::PrincipalAuthenticator interface. - */ -class TAO_SSLIOP_Vault - : public virtual SecurityReplaceable::Vault, - public virtual TAO_Local_RefCounted_Object -{ -public: - - /// Constructor - TAO_SSLIOP_Vault (void); - - /// Destructor - virtual ~TAO_SSLIOP_Vault (void); - - /** - * @name SecurityReplaceable::Vault Methods - * - * Methods required by the SecurityReplaceable::Vault interface. - */ - //@{ - - virtual Security::AuthenticationMethodList * get_supported_authen_methods ( - const char * mechanism - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::OIDList * supported_mech_oids ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Authenticate the principal, request privileges and create - /// Credentials. - /** - * Created credentials will be placed in the SecurityManager - * object's own_credentials list. - * @par - * If authenticate() returns with a Security::SecAuthContinue, - * e.g. due to an inability to complete authentication in a single - * operation, then authentication must completed using the - * continue_authentication() method. - */ - virtual Security::AuthenticationStatus acquire_credentials ( - Security::AuthenticationMethod method, - const char * mechanism, - const char * security_name, - const CORBA::Any & auth_data, - const Security::AttributeList & privileges, - SecurityLevel2::Credentials_out creds, - CORBA::Any_out continuation_data, - CORBA::Any_out auth_specific_data - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AuthenticationStatus continue_credentials_acquisition ( - const CORBA::Any & response_data, - SecurityLevel2::Credentials_ptr creds, - CORBA::Any_out continuation_data, - CORBA::Any_out auth_specific_data - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual IOP::TaggedComponentList * create_ior_components ( - SecurityLevel2::Credentials_ptr creds_list - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AssociationStatus init_security_context ( - SecurityLevel2::Credentials_ptr creds, - const char * target_security_name, - CORBA::Object_ptr target, - Security::DelegationMode delegation_mode, - const Security::OptionsDirectionPairList & association_options, - const char * mechanism, - const Security::Opaque & comp_data, - const Security::ChannelBindings & chan_binding, - Security::OpaqueBuffer_out security_token, - SecurityReplaceable::ClientSecurityContext_out security_context - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::AssociationStatus accept_security_context ( - const SecurityLevel2::CredentialsList & creds_list, - const Security::ChannelBindings & chan_bindings, - const Security::Opaque & in_token, - Security::Opaque_out out_token - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual Security::MechandOptionsList * get_supported_mechs ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - -protected: - - /// Create an OpenSSL X509 structure using the provided - /// authentication data. - X509 * make_X509 (const SSLIOP::File &certificate); - - /// Create an OpenSSL EVP_PKEY structure using the provided - /// authentication data. - EVP_PKEY * make_EVP_PKEY (const SSLIOP::File &key); - -}; - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_VAULT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp index 8c6223d4ff7..d16a4418066 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.cpp @@ -1,8 +1,7 @@ -// -*- C++ -*- - #include "SSLIOP_X509.h" -ACE_RCSID (TAO_SSLIOP, + +ACE_RCSID (SSLIOP, SSLIOP_X509, "$Id$") diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h index 19b61185eb2..e80e4383d4f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h @@ -26,83 +26,74 @@ #include <openssl/x509.h> #include <openssl/crypto.h> -/** - * @class TAO_SSLIOP_X509 - * - * @brief Class/namespace that contains TAO-specific X.509 manipulation - * functions. - * - * This class provides CORBA-like _duplicate() and release() methods. - * They are simply X509 reference count manipulation methods. - */ -class TAO_SSLIOP_X509 +namespace TAO { -public: - - /** - * @name CORBA-style Reference Count Manipulation Methods - */ - /// Increase the reference count on the given X509 structure. - static X509 *_duplicate (X509 *cert); - - /// Decrease the reference count on the given X509 structure. - static void release (X509 *cert); - -}; - -/** - * @class TAO_SSLIOP_X509_var - * - * @brief "_var" class for the OpenSSL @param X509 structure. - * - * This class is simply used to make operations on instances of the - * OpenSSL @param X509 structures exception safe. It is only used - * internally by the SSLIOP pluggable protocol. - */ -class TAO_SSLIOP_X509_var : public TAO_Base_var -{ -public: - - /** - * @name Constructors - */ - //@{ - TAO_SSLIOP_X509_var (void); - TAO_SSLIOP_X509_var (X509 *x); - TAO_SSLIOP_X509_var (const TAO_SSLIOP_X509_var &); - TAO_SSLIOP_X509_var (const X509 &x); - //@} - - /// Destructor - ~TAO_SSLIOP_X509_var (void); - - TAO_SSLIOP_X509_var &operator= (X509 *); - TAO_SSLIOP_X509_var &operator= (const TAO_SSLIOP_X509_var &); - TAO_SSLIOP_X509_var &operator= (const X509 &); - const X509 *operator-> (void) const; - X509 *operator-> (void); - - operator const X509 &() const; - operator X509 &(); - - X509 *in (void) const; - X509 *&inout (void); - X509 *&out (void); - X509 *_retn (void); - X509 *ptr (void) const; - -private: - - // Unimplemented - prevents widening assignment. - TAO_SSLIOP_X509_var (const TAO_Base_var &rhs); - TAO_SSLIOP_X509_var &operator= (const TAO_Base_var &rhs); - -private: - - /// The OpenSSL X509 structure that represents a X.509 certificate. - X509 *x509_; - -}; + namespace SSLIOP + { + /** + * @name CORBA-style Reference Count Manipulation Methods + */ + /// Increase the reference count on the given X509 structure. + ::X509 *_duplicate (::X509 *cert); + + /// Decrease the reference count on the given X509 structure. + void release (::X509 *cert); + + /** + * @class X509_var + * + * @brief "_var" class for the OpenSSL @param X509 structure. + * + * This class is simply used to make operations on instances of + * the OpenSSL @c X509 structures exception safe. It is only used + * internally by the SSLIOP pluggable protocol. + */ + class X509_var : private TAO_Base_var + { + public: + + /** + * @name Constructors + */ + //@{ + X509_var (void); + X509_var (::X509 *x); + X509_var (const X509_var &); + X509_var (const ::X509 &x); + //@} + + /// Destructor + ~X509_var (void); + + X509_var &operator= (::X509 *); + X509_var &operator= (const X509_var &); + X509_var &operator= (const ::X509 &); + const ::X509 *operator-> (void) const; + ::X509 *operator-> (void); + + operator const ::X509 &() const; + operator ::X509 &(); + + ::X509 *in (void) const; + ::X509 *&inout (void); + ::X509 *&out (void); + ::X509 *_retn (void); + ::X509 *ptr (void) const; + + private: + + // Unimplemented - prevents widening assignment. + X509_var (const TAO_Base_var &rhs); + X509_var &operator= (const TAO_Base_var &rhs); + + private: + + /// The OpenSSL X509 structure that represents a X.509 certificate. + ::X509 *x509_; + + }; + } // End SSLIOP namespace. +} // End TAO namespace. #if defined (__ACE_INLINE__) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl index bd52e689398..f45342d12a0 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.inl @@ -2,8 +2,8 @@ // // $Id$ -ACE_INLINE X509 * -TAO_SSLIOP_X509::_duplicate (X509 *cert) +ACE_INLINE ::X509 * +TAO::SSLIOP::_duplicate (::X509 *cert) { // OpenSSL provides no function to increase the reference count on // the X509 structure, so we do it manually. (X509_dup() performs a @@ -15,7 +15,7 @@ TAO_SSLIOP_X509::_duplicate (X509 *cert) } ACE_INLINE void -TAO_SSLIOP_X509::release (X509 *cert) +TAO::SSLIOP::release (::X509 *cert) { // OpenSSL's X509_free() function already handles reference counting // properly. @@ -26,123 +26,123 @@ TAO_SSLIOP_X509::release (X509 *cert) // ------------------------------------------------------------------- ACE_INLINE -TAO_SSLIOP_X509_var::TAO_SSLIOP_X509_var (void) +TAO::SSLIOP::X509_var::X509_var (void) : x509_ (0) { } ACE_INLINE -TAO_SSLIOP_X509_var::TAO_SSLIOP_X509_var (X509 *x) +TAO::SSLIOP::X509_var::X509_var (::X509 *x) : x509_ (x) { } ACE_INLINE -TAO_SSLIOP_X509_var::TAO_SSLIOP_X509_var (const ::TAO_SSLIOP_X509_var &p) +TAO::SSLIOP::X509_var::X509_var (const TAO::SSLIOP::X509_var &p) : TAO_Base_var (), - x509_ (TAO_SSLIOP_X509::_duplicate (p.ptr ())) + x509_ (TAO::SSLIOP::_duplicate (p.ptr ())) { } ACE_INLINE -TAO_SSLIOP_X509_var::TAO_SSLIOP_X509_var (const X509 &p) +TAO::SSLIOP::X509_var::X509_var (const ::X509 &p) { - this->x509_ = X509_dup (ACE_const_cast (X509 *, &p)); + this->x509_ = X509_dup (const_cast< ::X509 * > (&p)); } ACE_INLINE -TAO_SSLIOP_X509_var::~TAO_SSLIOP_X509_var (void) +TAO::SSLIOP::X509_var::~X509_var (void) { - TAO_SSLIOP_X509::release (this->x509_); + TAO::SSLIOP::release (this->x509_); } -ACE_INLINE TAO_SSLIOP_X509_var & -TAO_SSLIOP_X509_var::operator= (X509 *p) +ACE_INLINE TAO::SSLIOP::X509_var & +TAO::SSLIOP::X509_var::operator= (::X509 *p) { - TAO_SSLIOP_X509::release (this->x509_); + TAO::SSLIOP::release (this->x509_); this->x509_ = p; return *this; } -ACE_INLINE ::TAO_SSLIOP_X509_var & -TAO_SSLIOP_X509_var::operator= (const ::TAO_SSLIOP_X509_var &p) +ACE_INLINE ::TAO::SSLIOP::X509_var & +TAO::SSLIOP::X509_var::operator= (const ::TAO::SSLIOP::X509_var &p) { if (this != &p) { - TAO_SSLIOP_X509::release (this->x509_); - this->x509_ = TAO_SSLIOP_X509::_duplicate (p.ptr ()); + TAO::SSLIOP::release (this->x509_); + this->x509_ = TAO::SSLIOP::_duplicate (p.ptr ()); } return *this; } -ACE_INLINE TAO_SSLIOP_X509_var & -TAO_SSLIOP_X509_var::operator= (const X509 &p) +ACE_INLINE TAO::SSLIOP::X509_var & +TAO::SSLIOP::X509_var::operator= (const ::X509 &p) { if (this->x509_ != &p) { - TAO_SSLIOP_X509::release (this->x509_); - this->x509_ = X509_dup (ACE_const_cast (X509 *, &p)); + TAO::SSLIOP::release (this->x509_); + this->x509_ = X509_dup (const_cast< ::X509 * > (&p)); } return *this; } -ACE_INLINE const X509 * -TAO_SSLIOP_X509_var::operator-> (void) const +ACE_INLINE const ::X509 * +TAO::SSLIOP::X509_var::operator-> (void) const { return this->x509_; } -ACE_INLINE X509 * -TAO_SSLIOP_X509_var::operator-> (void) +ACE_INLINE ::X509 * +TAO::SSLIOP::X509_var::operator-> (void) { return this->x509_; } ACE_INLINE -TAO_SSLIOP_X509_var::operator const X509 &() const +TAO::SSLIOP::X509_var::operator const ::X509 &() const { return *this->x509_; } ACE_INLINE -TAO_SSLIOP_X509_var::operator X509 &() +TAO::SSLIOP::X509_var::operator ::X509 &() { return *this->x509_; } -ACE_INLINE X509 * -TAO_SSLIOP_X509_var::in (void) const +ACE_INLINE ::X509 * +TAO::SSLIOP::X509_var::in (void) const { return this->x509_; } -ACE_INLINE X509 *& -TAO_SSLIOP_X509_var::inout (void) +ACE_INLINE ::X509 *& +TAO::SSLIOP::X509_var::inout (void) { return this->x509_; } -ACE_INLINE X509 *& -TAO_SSLIOP_X509_var::out (void) +ACE_INLINE ::X509 *& +TAO::SSLIOP::X509_var::out (void) { X509_free (this->x509_); this->x509_ = 0; return this->x509_; } -ACE_INLINE X509 * -TAO_SSLIOP_X509_var::_retn (void) +ACE_INLINE ::X509 * +TAO::SSLIOP::X509_var::_retn (void) { // Yield ownership of the X509 structure. - X509 *x = this->x509_; + ::X509 *x = this->x509_; this->x509_ = 0; return x; } -ACE_INLINE X509 * -TAO_SSLIOP_X509_var::ptr (void) const +ACE_INLINE ::X509 * +TAO::SSLIOP::X509_var::ptr (void) const { return this->x509_; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.cpp index f14611973fc..ad3402eacb0 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.cpp @@ -87,7 +87,7 @@ void TAO_SSLEndpointSequence::_tao_any_destructor ( ) { TAO_SSLEndpointSequence * _tao_tmp_pointer = - ACE_static_cast (TAO_SSLEndpointSequence *, _tao_void_pointer); + static_cast<TAO_SSLEndpointSequence *> (_tao_void_pointer); delete _tao_tmp_pointer; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.i b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.i index 82c17537e90..23a58a17976 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.i +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.i @@ -28,4 +28,3 @@ // TAO_IDL - Generated from // be/be_visitor_sequence/cdr_op_ci.cpp:81 - diff --git a/TAO/orbsvcs/orbsvcs/Security.mpc b/TAO/orbsvcs/orbsvcs/Security.mpc index abe521f962f..c329d000bee 100644 --- a/TAO/orbsvcs/orbsvcs/Security.mpc +++ b/TAO/orbsvcs/orbsvcs/Security.mpc @@ -16,7 +16,6 @@ project(Security) : orbsvcslib, corba_messaging, core, portableserver { SecurityLevel1.idl SecurityLevel2.idl SecurityLevel3.idl - SecurityReplaceable.idl } Source_Files(ORBSVCS_COMPONENTS) { @@ -31,8 +30,6 @@ project(Security) : orbsvcslib, corba_messaging, core, portableserver { SecurityLevel2C.cpp SecurityLevel2S.cpp SecurityLevel3C.cpp - SecurityReplaceableC.cpp - SecurityReplaceableS.cpp Security } } diff --git a/TAO/orbsvcs/orbsvcs/Security/CSI_Utils.cpp b/TAO/orbsvcs/orbsvcs/Security/CSI_Utils.cpp index e40d3c5b07c..8ae4f3bef13 100644 --- a/TAO/orbsvcs/orbsvcs/Security/CSI_Utils.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/CSI_Utils.cpp @@ -55,15 +55,12 @@ TAO::CSI_Utils::extract_sas_service_context ( sc.context_data.get_buffer ()), sc.context_data.length ()); - CORBA::Boolean byte_order; + ACE_CDR::Boolean byte_order; if (!(cdr >> ACE_InputCDR::to_boolean (byte_order))) return false; cdr.reset_byte_order (static_cast<int> (byte_order)); - if (!(cdr >> sas_context)) - return false; - - return true; + return (cdr >> sas_context); } diff --git a/TAO/orbsvcs/orbsvcs/Security/EstablishTrustPolicy.cpp b/TAO/orbsvcs/orbsvcs/Security/EstablishTrustPolicy.cpp deleted file mode 100644 index 25c738b4b79..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/EstablishTrustPolicy.cpp +++ /dev/null @@ -1,56 +0,0 @@ -// -*- C++ -*- - -#include "EstablishTrustPolicy.h" - -#include "tao/ORB_Constants.h" - -ACE_RCSID (Security, - EstablishTrustPolicy, - "$Id$") - -TAO_EstablishTrustPolicy::TAO_EstablishTrustPolicy ( - const Security::EstablishTrust &trust) - : trust_ (trust) -{ -} - -TAO_EstablishTrustPolicy::~TAO_EstablishTrustPolicy (void) -{ -} - -CORBA::PolicyType -TAO_EstablishTrustPolicy::policy_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return Security::SecEstablishTrustPolicy; -} - -CORBA::Policy_ptr -TAO_EstablishTrustPolicy::copy (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - TAO_EstablishTrustPolicy *policy = 0; - ACE_NEW_THROW_EX (policy, - TAO_EstablishTrustPolicy (this->trust_), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (CORBA::Policy::_nil ()); - - return policy; -} - -void -TAO_EstablishTrustPolicy::destroy (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ -} - -Security::EstablishTrust -TAO_EstablishTrustPolicy::trust (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return this->trust_; -} diff --git a/TAO/orbsvcs/orbsvcs/Security/EstablishTrustPolicy.h b/TAO/orbsvcs/orbsvcs/Security/EstablishTrustPolicy.h deleted file mode 100644 index 64edd020121..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/EstablishTrustPolicy.h +++ /dev/null @@ -1,95 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file EstablishTrustPolicy.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - - -#ifndef TAO_ESTABLISH_TRUST_POLICY_H -#define TAO_ESTABLISH_TRUST_POLICY_H - -#include /**/ "ace/pre.h" - -#include "security_export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/orbsvcs/SecurityLevel2C.h" - -#include "tao/LocalObject.h" - -/** - * @class TAO_EstablishTrustPolicy - * - * @brief Implementation of the SecurityLevel2::EstablishTrustPolicy. - * - * This policy can be used to enable or disable establishment of trust - * in the client or the target or both on a per-object basis. For - * example, it can be set as a policy override using the standard - * CORBA::Object::_set_policy_overrides() method. - * @par - * This policy can be created by using the CORBA::ORB::create_policy() - * method by passing it the Security::SecEstablishTrustPolicy policy - * type, and the appropriate Security::EstablishTrust structure - * (inserted into a CORBA::Any). - */ -class TAO_Security_Export TAO_EstablishTrustPolicy - : public virtual SecurityLevel2::EstablishTrustPolicy, - public virtual TAO_Local_RefCounted_Object -{ - friend class TAO_Security_PolicyFactory; - -public: - - /** - * @name CORBA::Policy Methods - */ - //@{ - virtual CORBA::PolicyType policy_type (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Policy_ptr copy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void destroy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /// Return the "establish trust" value associated with this - /// policy. - virtual Security::EstablishTrust trust ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - -protected: - - /// Constructor - TAO_EstablishTrustPolicy (const Security::EstablishTrust &trust); - - /// Destructor - /** - * Protected destructor to enforce the fact this class is reference - * counted, and should not be destroyed using delete() by anything - * other than the reference counting mechanism. - */ - ~TAO_EstablishTrustPolicy (void); - -private: - - /// Quality of protection which can be specified for an object - /// reference and used to protect messages. - Security::EstablishTrust trust_; - -}; - -#include /**/ "ace/post.h" - -#endif /* TAO_ESTABLISH_TRUST_POLICY_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/InvocationCredentialsPolicy.cpp b/TAO/orbsvcs/orbsvcs/Security/InvocationCredentialsPolicy.cpp deleted file mode 100644 index d1a4a66486d..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/InvocationCredentialsPolicy.cpp +++ /dev/null @@ -1,69 +0,0 @@ -// -*- C++ -*- - -#include "InvocationCredentialsPolicy.h" - -#include "tao/ORB_Constants.h" - -ACE_RCSID (Security, - InvocationCredentialsPolicy, - "$Id$") - - -TAO_InvocationCredentialsPolicy::TAO_InvocationCredentialsPolicy ( - const SecurityLevel2::CredentialsList &creds) - : creds_ (creds) -{ -} - -TAO_InvocationCredentialsPolicy::~TAO_InvocationCredentialsPolicy (void) -{ -} - -CORBA::PolicyType -TAO_InvocationCredentialsPolicy::policy_type ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return Security::SecInvocationCredentialsPolicy; -} - -CORBA::Policy_ptr -TAO_InvocationCredentialsPolicy::copy (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - TAO_InvocationCredentialsPolicy *policy = 0; - ACE_NEW_THROW_EX (policy, - TAO_InvocationCredentialsPolicy (this->creds_), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (CORBA::Policy::_nil ()); - - return policy; -} - -void -TAO_InvocationCredentialsPolicy::destroy ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ -} - -SecurityLevel2::CredentialsList * -TAO_InvocationCredentialsPolicy::creds (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - SecurityLevel2::CredentialsList *creds = 0; - ACE_NEW_THROW_EX (creds, - SecurityLevel2::CredentialsList (this->creds_), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (0); - - return creds; -} diff --git a/TAO/orbsvcs/orbsvcs/Security/InvocationCredentialsPolicy.h b/TAO/orbsvcs/orbsvcs/Security/InvocationCredentialsPolicy.h deleted file mode 100644 index cc871c40a40..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/InvocationCredentialsPolicy.h +++ /dev/null @@ -1,102 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file InvocationCredentialsPolicy.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - - -#ifndef TAO_INVOCATION_CREDENTIALS_POLICY_H -#define TAO_INVOCATION_CREDENTIALS_POLICY_H - -#include /**/ "ace/pre.h" - -#include "security_export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/orbsvcs/SecurityLevel2C.h" - -#include "tao/LocalObject.h" - -/** - * @class TAO_InvocationCredentialsPolicy - * - * @brief Implementation of the - * SecurityLevel2::InvocationCredentialsPolicy interface. - * - * This policy can be used to specify which credentials may be used - * for invocations on a per-object basis. For example, it can be set - * as a policy override using the standard - * CORBA::Object::_set_policy_overrides() method. - * @par - * If supported by the underlying security mechanism, multiple - * credentials can be associated with a given invocation in order - * to gain more privileges. - * @par - * This policy can be created by using the CORBA::ORB::create_policy() - * method by passing it the Security::SecInvocationCredentialsPolicy - * policy type, and the appropriate - * SecurityLevel2::CredentialsList (inserted into a CORBA::Any). - */ -class TAO_Security_Export TAO_InvocationCredentialsPolicy - : public virtual SecurityLevel2::InvocationCredentialsPolicy, - public virtual TAO_Local_RefCounted_Object -{ - friend class TAO_Security_PolicyFactory; - -public: - - /** - * @name CORBA::Policy Methods - */ - //@{ - virtual CORBA::PolicyType policy_type ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Policy_ptr copy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void destroy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /// Return the list of invocation credentials associated with this - /// policy. - virtual SecurityLevel2::CredentialsList * creds ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - -protected: - - /// Constructor - TAO_InvocationCredentialsPolicy ( - const SecurityLevel2::CredentialsList &creds); - - /// Destructor - /** - * Protected destructor to enforce the fact this class is reference - * counted, and should not be destroyed using delete() by anything - * other than the reference counting mechanism. - */ - ~TAO_InvocationCredentialsPolicy (void); - -private: - - /// List of credentials that can be used for a given invocation. - /// Only one is used at any given time. - SecurityLevel2::CredentialsList creds_; - -}; - -#include /**/ "ace/post.h" - -#endif /* TAO_INVOCATION_CREDENTIALS_POLICY_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/MechanismPolicy.cpp b/TAO/orbsvcs/orbsvcs/Security/MechanismPolicy.cpp deleted file mode 100644 index 2875db511d0..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/MechanismPolicy.cpp +++ /dev/null @@ -1,65 +0,0 @@ -// -*- C++ -*- - -#include "MechanismPolicy.h" -#include "tao/ORB_Constants.h" - -ACE_RCSID (Security, - MechanismPolicy, - "$Id$") - -TAO_MechanismPolicy::TAO_MechanismPolicy ( - const Security::MechanismTypeList &mechanisms) - : mechanisms_ (mechanisms) -{ -} - -TAO_MechanismPolicy::~TAO_MechanismPolicy (void) -{ -} - -CORBA::PolicyType -TAO_MechanismPolicy::policy_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return Security::SecMechanismsPolicy; -} - -CORBA::Policy_ptr -TAO_MechanismPolicy::copy (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - TAO_MechanismPolicy *policy = 0; - ACE_NEW_THROW_EX (policy, - TAO_MechanismPolicy (this->mechanisms_), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (CORBA::Policy::_nil ()); - - return policy; -} - -void -TAO_MechanismPolicy::destroy (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ -} - -Security::MechanismTypeList * -TAO_MechanismPolicy::mechanisms (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - Security::MechanismTypeList *mechs = 0; - ACE_NEW_THROW_EX (mechs, - Security::MechanismTypeList (this->mechanisms_), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (0); - - return mechs; -} diff --git a/TAO/orbsvcs/orbsvcs/Security/MechanismPolicy.h b/TAO/orbsvcs/orbsvcs/Security/MechanismPolicy.h deleted file mode 100644 index b7e7549e266..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/MechanismPolicy.h +++ /dev/null @@ -1,94 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file MechanismPolicy.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - - -#ifndef TAO_MECHANISM_POLICY_H -#define TAO_MECHANISM_POLICY_H - -#include /**/ "ace/pre.h" - -#include "security_export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/orbsvcs/SecurityLevel2C.h" -#include "tao/LocalObject.h" - -/** - * @class TAO_MechanismPolicy - * - * @brief Implementation of the SecurityLevel2::MechanismPolicy interface. - * - * This policy can be used to specify which mechanisms may be used for - * invocation on a per-object basis. For example, it can be set - * as a policy override using the standard - * CORBA::Object::_set_policy_overrides() method. - * @note Only security mechanism will be used for a given invocation. - * @par - * This policy can be created by using the CORBA::ORB::create_policy() - * method by passing it the Security::SecMechanismPolicy policy type, - * and the appropriate Security::MechanismTypeList (inserted into a - * CORBA::Any). - */ -class TAO_Security_Export TAO_MechanismPolicy - : public virtual SecurityLevel2::MechanismPolicy, - public virtual TAO_Local_RefCounted_Object -{ - friend class TAO_Security_PolicyFactory; - -public: - - /** - * @name CORBA::Policy Methods - */ - //@{ - virtual CORBA::PolicyType policy_type (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Policy_ptr copy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void destroy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /// Return the list of mechanism types associated with this policy. - virtual Security::MechanismTypeList* mechanisms ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - -protected: - - /// Constructor - TAO_MechanismPolicy (const Security::MechanismTypeList &mechanisms); - - /// Destructor - /** - * Protected destructor to enforce the fact this class is reference - * counted, and should not be destroyed using delete() by anything - * other than the reference counting mechanism. - */ - ~TAO_MechanismPolicy (void); - -private: - - /// List of mechanisms that can be used for a given invocation. - /// Only one is used at any given time. - Security::MechanismTypeList mechanisms_; - -}; - -#include /**/ "ace/post.h" - -#endif /* TAO_MECHANISM_POLICY_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/PrincipalAuthenticator.cpp b/TAO/orbsvcs/orbsvcs/Security/PrincipalAuthenticator.cpp deleted file mode 100644 index 00bc6861588..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/PrincipalAuthenticator.cpp +++ /dev/null @@ -1,449 +0,0 @@ -// -*- C++ -*- - -#include "PrincipalAuthenticator.h" -#include "SecurityManager.h" - -#include "tao/ORB_Constants.h" - -ACE_RCSID (Security, - PrincipalAuthenticator, - "$Id$") - - -TAO_PrincipalAuthenticator::TAO_PrincipalAuthenticator ( - TAO_SecurityManager *manager) - : vaults_ (), - security_manager_ (manager) -{ - // Make sure the SecurityManager exists at least as long as this - // PrincipalAuthenticator. - (void) SecurityLevel2::SecurityManager::_duplicate (manager); -} - -TAO_PrincipalAuthenticator::~TAO_PrincipalAuthenticator (void) -{ - size_t count = this->vaults_.size (); - - for (size_t i = 0; i < count; ++i) - CORBA::release (ACE_static_cast (SecurityReplaceable::Vault_ptr, - this->vaults_[i])); - - CORBA::release (this->security_manager_); -} - -Security::AuthenticationMethodList * -TAO_PrincipalAuthenticator::get_supported_authen_methods ( - const char * /* mechanism */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ -#if 0 - Security::AuthenticationMethodList *tmp = 0; - ACE_NEW_THROW_EX (tmp, - Security::AuthenticationMethodList, - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (0); - - Security::AuthenticationMethodList_var list = tmp; - -WHAT DO WE DO WITH THE "mechanism" parameter! - -// CORBA::ULong count = this->vaults_.size (); -// list->length (count); - -// for (CORBA::ULong i = 0; i < count; ++i) -// list[i] = this->vaults_[i]->authentication_method (); - -// return list._retn (); -#else - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); -#endif /* 0 */ -} - -Security::AuthenticationStatus -TAO_PrincipalAuthenticator::authenticate ( - Security::AuthenticationMethod method, - const char * mechanism, - const char * security_name, - const CORBA::Any & auth_data, - const Security::AttributeList & privileges, - SecurityLevel2::Credentials_out creds, - CORBA::Any_out continuation_data, - CORBA::Any_out auth_specific_data - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - Security::AuthenticationStatus status = Security::SecAuthFailure; - - size_t count = this->vaults_.size (); - - // Iterate over the registered vaults until one that can - // authenticate the credentials is found. - for (size_t i = 0; i < count; ++i) - { - SecurityReplaceable::Vault_ptr vault = - ACE_static_cast (SecurityReplaceable::Vault_ptr, - this->vaults_[i]); - - status = vault->acquire_credentials (method, - mechanism, - security_name, - auth_data, - privileges, - creds, - continuation_data, - auth_specific_data - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (Security::SecAuthFailure); - - if (status == Security::SecAuthSuccess - || status == Security::SecAuthContinue) - break; - } - - if (status == Security::SecAuthSuccess) - { - this->security_manager_->add_own_credentials (creds - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (Security::SecAuthFailure); - } - - return status; -} - -Security::AuthenticationStatus -TAO_PrincipalAuthenticator::continue_authentication ( - const CORBA::Any & response_data, - SecurityLevel2::Credentials_ptr creds, - CORBA::Any_out continuation_data, - CORBA::Any_out auth_specific_data - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - Security::AuthenticationStatus status = Security::SecAuthFailure; - - size_t count = this->vaults_.size (); - - // Iterate over the registered vaults until one that can - // authenticate the credentials is found. - for (size_t i = 0; i < count; ++i) - { - SecurityReplaceable::Vault_ptr vault = - ACE_static_cast (SecurityReplaceable::Vault_ptr, - this->vaults_[i]); - - status = - vault->continue_credentials_acquisition (response_data, - creds, - continuation_data, - auth_specific_data - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (Security::SecAuthFailure); - - if (status == Security::SecAuthSuccess - || status == Security::SecAuthContinue) - break; - } - - if (status == Security::SecAuthSuccess) - { - this->security_manager_->add_own_credentials (creds - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (Security::SecAuthFailure); - } - - return status; -} - -void -TAO_PrincipalAuthenticator::register_vault ( - SecurityReplaceable::Vault_ptr vault - ACE_ENV_ARG_DECL) -{ - if (!CORBA::is_nil (vault)) - { - size_t old_size = this->vaults_.size (); - this->vaults_.size (old_size + 1); - this->vaults_[old_size] = - SecurityReplaceable::Vault::_duplicate (vault); - } - else - ACE_THROW (CORBA::BAD_PARAM ()); -} - -TAO_PrincipalAuthenticator_ptr -tao_TAO_PrincipalAuthenticator_duplicate ( - TAO_PrincipalAuthenticator_ptr p - ) -{ - return TAO_PrincipalAuthenticator::_duplicate (p); -} - -void -tao_TAO_PrincipalAuthenticator_release ( - TAO_PrincipalAuthenticator_ptr p - ) -{ - CORBA::release (p); -} - -TAO_PrincipalAuthenticator_ptr -tao_TAO_PrincipalAuthenticator_nil ( - void - ) -{ - return TAO_PrincipalAuthenticator::_nil (); -} - -TAO_PrincipalAuthenticator_ptr -tao_TAO_PrincipalAuthenticator_narrow ( - CORBA::Object *p - ACE_ENV_ARG_DECL - ) -{ - return TAO_PrincipalAuthenticator::_narrow (p ACE_ENV_ARG_PARAMETER); -} - -CORBA::Object * -tao_TAO_PrincipalAuthenticator_upcast ( - void *src - ) -{ - TAO_PrincipalAuthenticator **tmp = - ACE_static_cast (TAO_PrincipalAuthenticator **, src); - return *tmp; -} - -// ************************************************************* -// Operations for class TAO_PrincipalAuthenticator_var -// ************************************************************* - -TAO_PrincipalAuthenticator_var::TAO_PrincipalAuthenticator_var (void) // default constructor - : ptr_ (TAO_PrincipalAuthenticator::_nil ()) -{} - -::TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator_var::ptr (void) const -{ - return this->ptr_; -} - -TAO_PrincipalAuthenticator_var::TAO_PrincipalAuthenticator_var ( - const ::TAO_PrincipalAuthenticator_var &p) - : TAO_Base_var (), - ptr_ (TAO_PrincipalAuthenticator::_duplicate (p.ptr ())) -{} - -TAO_PrincipalAuthenticator_var::~TAO_PrincipalAuthenticator_var (void) -{ - CORBA::release (this->ptr_); -} - -TAO_PrincipalAuthenticator_var & -TAO_PrincipalAuthenticator_var::operator= (TAO_PrincipalAuthenticator_ptr p) -{ - CORBA::release (this->ptr_); - this->ptr_ = p; - return *this; -} - -TAO_PrincipalAuthenticator_var & -TAO_PrincipalAuthenticator_var::operator= (const ::TAO_PrincipalAuthenticator_var &p) -{ - if (this != &p) - { - CORBA::release (this->ptr_); - this->ptr_ = ::TAO_PrincipalAuthenticator::_duplicate (p.ptr ()); - } - return *this; -} - -TAO_PrincipalAuthenticator_var::operator const ::TAO_PrincipalAuthenticator_ptr &() const // cast -{ - return this->ptr_; -} - -TAO_PrincipalAuthenticator_var::operator ::TAO_PrincipalAuthenticator_ptr &() // cast -{ - return this->ptr_; -} - -::TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator_var::operator-> (void) const -{ - return this->ptr_; -} - -::TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator_var::in (void) const -{ - return this->ptr_; -} - -::TAO_PrincipalAuthenticator_ptr & -TAO_PrincipalAuthenticator_var::inout (void) -{ - return this->ptr_; -} - -::TAO_PrincipalAuthenticator_ptr & -TAO_PrincipalAuthenticator_var::out (void) -{ - CORBA::release (this->ptr_); - this->ptr_ = ::TAO_PrincipalAuthenticator::_nil (); - return this->ptr_; -} - -::TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator_var::_retn (void) -{ - // yield ownership of managed obj reference - ::TAO_PrincipalAuthenticator_ptr val = this->ptr_; - this->ptr_ = ::TAO_PrincipalAuthenticator::_nil (); - return val; -} - -::TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator_var::tao_duplicate (TAO_PrincipalAuthenticator_ptr p) -{ - return ::TAO_PrincipalAuthenticator::_duplicate (p); -} - -void -TAO_PrincipalAuthenticator_var::tao_release (TAO_PrincipalAuthenticator_ptr p) -{ - CORBA::release (p); -} - -::TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator_var::tao_nil (void) -{ - return ::TAO_PrincipalAuthenticator::_nil (); -} - -::TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator_var::tao_narrow ( - CORBA::Object *p - ACE_ENV_ARG_DECL - ) -{ - return ::TAO_PrincipalAuthenticator::_narrow (p ACE_ENV_ARG_PARAMETER); -} - -CORBA::Object * -TAO_PrincipalAuthenticator_var::tao_upcast (void *src) -{ - TAO_PrincipalAuthenticator **tmp = - ACE_static_cast (TAO_PrincipalAuthenticator **, src); - return *tmp; -} - -// ************************************************************* -// Operations for class TAO_PrincipalAuthenticator_out -// ************************************************************* - -TAO_PrincipalAuthenticator_out::TAO_PrincipalAuthenticator_out (TAO_PrincipalAuthenticator_ptr &p) - : ptr_ (p) -{ - this->ptr_ = ::TAO_PrincipalAuthenticator::_nil (); -} - -TAO_PrincipalAuthenticator_out::TAO_PrincipalAuthenticator_out (TAO_PrincipalAuthenticator_var &p) // constructor from _var - : ptr_ (p.out ()) -{ - CORBA::release (this->ptr_); - this->ptr_ = ::TAO_PrincipalAuthenticator::_nil (); -} - -TAO_PrincipalAuthenticator_out::TAO_PrincipalAuthenticator_out (const ::TAO_PrincipalAuthenticator_out &p) // copy constructor - : ptr_ (ACE_const_cast (TAO_PrincipalAuthenticator_out &, p).ptr_) -{} - -::TAO_PrincipalAuthenticator_out & -TAO_PrincipalAuthenticator_out::operator= (const ::TAO_PrincipalAuthenticator_out &p) -{ - this->ptr_ = ACE_const_cast (TAO_PrincipalAuthenticator_out&, p).ptr_; - return *this; -} - -TAO_PrincipalAuthenticator_out & -TAO_PrincipalAuthenticator_out::operator= (const ::TAO_PrincipalAuthenticator_var &p) -{ - this->ptr_ = ::TAO_PrincipalAuthenticator::_duplicate (p.ptr ()); - return *this; -} - -TAO_PrincipalAuthenticator_out & -TAO_PrincipalAuthenticator_out::operator= (TAO_PrincipalAuthenticator_ptr p) -{ - this->ptr_ = p; - return *this; -} - -TAO_PrincipalAuthenticator_out::operator ::TAO_PrincipalAuthenticator_ptr &() // cast -{ - return this->ptr_; -} - -::TAO_PrincipalAuthenticator_ptr & -TAO_PrincipalAuthenticator_out::ptr (void) // ptr -{ - return this->ptr_; -} - -::TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator_out::operator-> (void) -{ - return this->ptr_; -} - - -TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator::_narrow ( - CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_NOT_USED) -{ - if (CORBA::is_nil (obj)) - { - return TAO_PrincipalAuthenticator::_nil (); - } - - TAO_PrincipalAuthenticator_ptr proxy = - dynamic_cast<TAO_PrincipalAuthenticator_ptr> (obj); - - return TAO_PrincipalAuthenticator::_duplicate (proxy); -} - -TAO_PrincipalAuthenticator_ptr -TAO_PrincipalAuthenticator::_duplicate (TAO_PrincipalAuthenticator_ptr obj) -{ - if (!CORBA::is_nil (obj)) - obj->_add_ref (); - return obj; -} - -const char* -TAO_PrincipalAuthenticator::_interface_repository_id (void) const -{ - return "IDL:TAO_PrincipalAuthenticator:1.0"; -} - - -#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) - -template class ACE_Array_Base<TAO_PrincipalAuthenticator_Impl *>; - -#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) - -#pragma instantiate ACE_Array_Base<TAO_PrincipalAuthenticator_Impl *> - -#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/Security/PrincipalAuthenticator.h b/TAO/orbsvcs/orbsvcs/Security/PrincipalAuthenticator.h deleted file mode 100644 index e8cb8b03dae..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/PrincipalAuthenticator.h +++ /dev/null @@ -1,227 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file PrincipalAuthenticator.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - - -#ifndef TAO_PRINCIPAL_AUTHENTICATOR_H -#define TAO_PRINCIPAL_AUTHENTICATOR_H - -#include /**/ "ace/pre.h" - -#include "security_export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/orbsvcs/SecurityReplaceableC.h" - -#include "tao/LocalObject.h" - -#include "ace/Array_Base.h" - -class TAO_PrincipalAuthenticator; -typedef TAO_PrincipalAuthenticator *TAO_PrincipalAuthenticator_ptr; -class TAO_PrincipalAuthenticator_var; -class TAO_PrincipalAuthenticator_Impl; - -class TAO_SecurityManager; - -/** - * @class TAO_PrincipalAuthenticator - * - * @brief Implementation of the SecurityLevel2::PrincipalAuthenticator - * interface. - * - * This class implements the chain-of-responsibility design pattern to - * decide which security mechanism - */ -class TAO_Security_Export TAO_PrincipalAuthenticator - : public virtual SecurityLevel2::PrincipalAuthenticator, - public virtual TAO_Local_RefCounted_Object -{ -public: - - /// Constructor - TAO_PrincipalAuthenticator (TAO_SecurityManager *manager); - - /** - * @name SecurityLevel2::PrincipalAuthenticator Methods - * - * Methods exposed by the SecurityLevel2::PrincipalAuthenticator - * interface. - */ - //@{ - /// Return the authentication methods supported by the given - /// mechanism. - virtual Security::AuthenticationMethodList * get_supported_authen_methods ( - const char * mechanism - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Authenticate the principal, request privileges and create - /// Credentials. - /** - * Created Credentials will be placed in the SecurityManager - * object's own_credentials list. - * @par - * If authenticate() returns with a Security::SecAuthContinue, - * e.g. due to an inability to complete authentication in a single - * operation, then authentication must completed using the - * continue_authentication() method. - */ - virtual Security::AuthenticationStatus authenticate ( - Security::AuthenticationMethod method, - const char * mechanism, - const char * security_name, - const CORBA::Any & auth_data, - const Security::AttributeList & privileges, - SecurityLevel2::Credentials_out creds, - CORBA::Any_out continuation_data, - CORBA::Any_out auth_specific_data - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Continue partially completed authentication process. - virtual Security::AuthenticationStatus continue_authentication ( - const CORBA::Any & response_data, - SecurityLevel2::Credentials_ptr creds, - CORBA::Any_out continuation_data, - CORBA::Any_out auth_specific_data - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /// Register a security mechanism-specific (e.g. SSLIOP, Kerberos, - /// etc.) SecurityReplaceable::Vault implementation with the - /// PrincipalAuthenticator object (i.e. this object). - /** - * @note This is a TAO-specific extension. - */ - void register_vault (SecurityReplaceable::Vault_ptr vault - ACE_ENV_ARG_DECL_WITH_DEFAULTS); - - /** - * @name Downcast Related Methods - * - * Methods used for downcasting and manipulating the reference count - * of this interface. - */ - //@{ -#if !defined(__GNUC__) || !defined (ACE_HAS_GNUG_PRE_2_8) - typedef TAO_PrincipalAuthenticator_ptr _ptr_type; - typedef TAO_PrincipalAuthenticator_var _var_type; -#endif /* ! __GNUC__ || g++ >= 2.8 */ - - // The static operations. - static TAO_PrincipalAuthenticator_ptr _duplicate (TAO_PrincipalAuthenticator_ptr obj); - - static TAO_PrincipalAuthenticator_ptr _narrow ( - CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_WITH_DEFAULTS - ); - - static TAO_PrincipalAuthenticator_ptr _nil (void) - { - return (TAO_PrincipalAuthenticator_ptr)0; - } - - virtual const char* _interface_repository_id (void) const; - //@} - -protected: - - /// Destructor - /** - * Protected destructor to enforce the fact this class is reference - * counted, and should not be destroyed using delete() by anything - * other than the reference counting mechanism. - */ - ~TAO_PrincipalAuthenticator (void); - -private: - - /// Array of registered security mechanism-specific Vaults. - ACE_Array_Base<void *> vaults_; - - /// Pointer to the SecurityManager that "owns" this - /// PrincipalAuthenticator. - TAO_SecurityManager * security_manager_; - -}; - - -class TAO_Security_Export TAO_PrincipalAuthenticator_var : public TAO_Base_var -{ -public: - TAO_PrincipalAuthenticator_var (void); // default constructor - TAO_PrincipalAuthenticator_var (TAO_PrincipalAuthenticator_ptr p) : ptr_ (p) {} - TAO_PrincipalAuthenticator_var (const TAO_PrincipalAuthenticator_var &); // copy constructor - ~TAO_PrincipalAuthenticator_var (void); // destructor - - TAO_PrincipalAuthenticator_var &operator= (TAO_PrincipalAuthenticator_ptr); - TAO_PrincipalAuthenticator_var &operator= (const TAO_PrincipalAuthenticator_var &); - TAO_PrincipalAuthenticator_ptr operator-> (void) const; - - operator const TAO_PrincipalAuthenticator_ptr &() const; - operator TAO_PrincipalAuthenticator_ptr &(); - // in, inout, out, _retn - TAO_PrincipalAuthenticator_ptr in (void) const; - TAO_PrincipalAuthenticator_ptr &inout (void); - TAO_PrincipalAuthenticator_ptr &out (void); - TAO_PrincipalAuthenticator_ptr _retn (void); - TAO_PrincipalAuthenticator_ptr ptr (void) const; - - // Hooks used by template sequence and object manager classes - // for non-defined forward declared interfaces. - static TAO_PrincipalAuthenticator_ptr tao_duplicate (TAO_PrincipalAuthenticator_ptr); - static void tao_release (TAO_PrincipalAuthenticator_ptr); - static TAO_PrincipalAuthenticator_ptr tao_nil (void); - static TAO_PrincipalAuthenticator_ptr tao_narrow ( - CORBA::Object * - ACE_ENV_ARG_DECL_NOT_USED - ); - static CORBA::Object * tao_upcast (void *); - -private: - - TAO_PrincipalAuthenticator_ptr ptr_; - // Unimplemented - prevents widening assignment. - TAO_PrincipalAuthenticator_var (const TAO_Base_var &rhs); - TAO_PrincipalAuthenticator_var &operator= (const TAO_Base_var &rhs); - -}; - - -class TAO_Security_Export TAO_PrincipalAuthenticator_out -{ -public: - - TAO_PrincipalAuthenticator_out (TAO_PrincipalAuthenticator_ptr &); - TAO_PrincipalAuthenticator_out (TAO_PrincipalAuthenticator_var &); - TAO_PrincipalAuthenticator_out (const TAO_PrincipalAuthenticator_out &); - TAO_PrincipalAuthenticator_out &operator= (const TAO_PrincipalAuthenticator_out &); - TAO_PrincipalAuthenticator_out &operator= (const TAO_PrincipalAuthenticator_var &); - TAO_PrincipalAuthenticator_out &operator= (TAO_PrincipalAuthenticator_ptr); - operator TAO_PrincipalAuthenticator_ptr &(); - TAO_PrincipalAuthenticator_ptr &ptr (void); - TAO_PrincipalAuthenticator_ptr operator-> (void); - -private: - - TAO_PrincipalAuthenticator_ptr &ptr_; - -}; - - -#include /**/ "ace/post.h" - -#endif /* TAO_PRINCIPAL_AUTHENTICATOR_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/QOPPolicy.h b/TAO/orbsvcs/orbsvcs/Security/QOPPolicy.h deleted file mode 100644 index 30fbe55eb1c..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/QOPPolicy.h +++ /dev/null @@ -1,94 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file QOPPolicy.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - - -#ifndef TAO_QOP_POLICY_H -#define TAO_QOP_POLICY_H - -#include /**/ "ace/pre.h" - -#include "security_export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/orbsvcs/SecurityLevel2C.h" - -#include "tao/LocalObject.h" - -/** - * @class TAO_QOPPolicy - * - * @brief Implementation of the SecurityLevel2::QOPPolicy interface. - * - * This policy can be used to affect the quality of protection (QoP) - * for invocation on a per-object basis. For example, it can be set - * as a policy override using the standard - * CORBA::Object::_set_policy_overrides() method. - * @par - * This policy can be created by using the CORBA::ORB::create_policy() - * method by passing it the Security::SecQOPPolicy policy - * type, and the appropriate Security::QOP enumeration (inserted into - * a CORBA::Any). - */ -class TAO_Security_Export TAO_QOPPolicy - : public virtual SecurityLevel2::QOPPolicy, - public virtual TAO_Local_RefCounted_Object -{ - friend class TAO_Security_PolicyFactory; - -public: - - /** - * @name CORBA::Policy Methods - */ - //@{ - virtual CORBA::PolicyType policy_type (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Policy_ptr copy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void destroy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /// Return the Quality-of-Protection value associated with this - /// policy. - virtual Security::QOP qop (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - -protected: - - /// Constructor - TAO_QOPPolicy (Security::QOP qop); - - /// Destructor - /** - * Protected destructor to enforce the fact this class is reference - * counted, and should not be destroyed using delete() by anything - * other than the reference counting mechanism. - */ - ~TAO_QOPPolicy (void); - -private: - - /// Quality of protection which can be specified for an object - /// reference and used to protect messages. - Security::QOP qop_; - -}; - -#include /**/ "ace/post.h" - -#endif /* TAO_QOP_POLICY_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/SL2_EstablishTrustPolicy.cpp b/TAO/orbsvcs/orbsvcs/Security/SL2_EstablishTrustPolicy.cpp new file mode 100644 index 00000000000..fb61097ebaf --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL2_EstablishTrustPolicy.cpp @@ -0,0 +1,59 @@ +// -*- C++ -*- + +#include "SL2_EstablishTrustPolicy.h" + +#include "tao/ORB_Constants.h" + + +ACE_RCSID (Security, + SL2_EstablishTrustPolicy, + "$Id$") + + +TAO::Security::EstablishTrustPolicy::EstablishTrustPolicy ( + const ::Security::EstablishTrust &trust) + : trust_ (trust) +{ +} + +TAO::Security::EstablishTrustPolicy::~EstablishTrustPolicy (void) +{ +} + +CORBA::PolicyType +TAO::Security::EstablishTrustPolicy::policy_type ( + ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + return ::Security::SecEstablishTrustPolicy; +} + +CORBA::Policy_ptr +TAO::Security::EstablishTrustPolicy::copy (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + TAO::Security::EstablishTrustPolicy *policy = 0; + ACE_NEW_THROW_EX (policy, + TAO::Security::EstablishTrustPolicy (this->trust_), + CORBA::NO_MEMORY ( + CORBA::SystemException::_tao_minor_code ( + TAO_DEFAULT_MINOR_CODE, + ENOMEM), + CORBA::COMPLETED_NO)); + ACE_CHECK_RETURN (CORBA::Policy::_nil ()); + + return policy; +} + +void +TAO::Security::EstablishTrustPolicy::destroy (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ +} + +::Security::EstablishTrust +TAO::Security::EstablishTrustPolicy::trust (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + return this->trust_; +} diff --git a/TAO/orbsvcs/orbsvcs/Security/SL2_EstablishTrustPolicy.h b/TAO/orbsvcs/orbsvcs/Security/SL2_EstablishTrustPolicy.h new file mode 100644 index 00000000000..7818fa3504f --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL2_EstablishTrustPolicy.h @@ -0,0 +1,102 @@ +// -*- C++ -*- + +// =================================================================== +/** + * @file SL2_EstablishTrustPolicy.h + * + * $Id$ + * + * @author Ossama Othman <ossama@uci.edu> + */ +// =================================================================== + + +#ifndef TAO_ESTABLISH_TRUST_POLICY_H +#define TAO_ESTABLISH_TRUST_POLICY_H + +#include /**/ "ace/pre.h" + +#include "security_export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/orbsvcs/SecurityLevel2C.h" + +#include "tao/LocalObject.h" + +namespace TAO +{ + namespace Security + { + + /** + * @class EstablishTrustPolicy + * + * @brief Implementation of the + * SecurityLevel2::EstablishTrustPolicy. + * + * This policy can be used to enable or disable establishment of + * trust in the client or the target or both on a per-object + * basis. For example, it can be set as a policy override using + * the standard CORBA::Object::_set_policy_overrides() method. + @par + * This policy can be created by using the + * CORBA::ORB::create_policy() method by passing it the + * Security::SecEstablishTrustPolicy policy type, and the + * + * appropriate Security::EstablishTrust structure (inserted into a + * CORBA::Any). + */ + class TAO_Security_Export EstablishTrustPolicy + : public virtual SecurityLevel2::EstablishTrustPolicy, + public virtual TAO_Local_RefCounted_Object + { + public: + + /// Constructor + EstablishTrustPolicy (const ::Security::EstablishTrust &trust); + + /** + * @name CORBA::Policy Methods + */ + //@{ + virtual CORBA::PolicyType policy_type (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Policy_ptr copy (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void destroy (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /// Return the "establish trust" value associated with this + /// policy. + virtual ::Security::EstablishTrust trust (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + protected: + + /// Destructor + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechanism. + */ + ~EstablishTrustPolicy (void); + + private: + + /// Quality of protection which can be specified for an object + /// reference and used to protect messages. + ::Security::EstablishTrust trust_; + + }; + + } // End Security namespace +} // End TAO namespace + +#include /**/ "ace/post.h" + +#endif /* TAO_ESTABLISH_TRUST_POLICY_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/QOPPolicy.cpp b/TAO/orbsvcs/orbsvcs/Security/SL2_QOPPolicy.cpp index ce0cb49c772..f716d9c03b7 100644 --- a/TAO/orbsvcs/orbsvcs/Security/QOPPolicy.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/SL2_QOPPolicy.cpp @@ -1,36 +1,38 @@ // -*- C++ -*- -#include "QOPPolicy.h" +#include "SL2_QOPPolicy.h" #include "tao/ORB_Constants.h" + ACE_RCSID (Security, - QOPPolicy, + SL2_QOPPolicy, "$Id$") -TAO_QOPPolicy::TAO_QOPPolicy (Security::QOP qop) + +TAO::Security::QOPPolicy::QOPPolicy (::Security::QOP qop) : qop_ (qop) { } -TAO_QOPPolicy::~TAO_QOPPolicy (void) +TAO::Security::QOPPolicy::~QOPPolicy (void) { } CORBA::PolicyType -TAO_QOPPolicy::policy_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::Security::QOPPolicy::policy_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { - return Security::SecQOPPolicy; + return ::Security::SecQOPPolicy; } CORBA::Policy_ptr -TAO_QOPPolicy::copy (ACE_ENV_SINGLE_ARG_DECL) +TAO::Security::QOPPolicy::copy (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - TAO_QOPPolicy *policy = 0; + TAO::Security::QOPPolicy * policy = 0; ACE_NEW_THROW_EX (policy, - TAO_QOPPolicy (this->qop_), + TAO::Security::QOPPolicy (this->qop_), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -42,13 +44,13 @@ TAO_QOPPolicy::copy (ACE_ENV_SINGLE_ARG_DECL) } void -TAO_QOPPolicy::destroy (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::Security::QOPPolicy::destroy (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { } Security::QOP -TAO_QOPPolicy::qop (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) +TAO::Security::QOPPolicy::qop (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) ACE_THROW_SPEC ((CORBA::SystemException)) { return this->qop_; diff --git a/TAO/orbsvcs/orbsvcs/Security/SL2_QOPPolicy.h b/TAO/orbsvcs/orbsvcs/Security/SL2_QOPPolicy.h new file mode 100644 index 00000000000..6cf09884257 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL2_QOPPolicy.h @@ -0,0 +1,100 @@ +// -*- C++ -*- + +// =================================================================== +/** + * @file SL2_QOPPolicy.h + * + * $Id$ + * + * @author Ossama Othman <ossama@uci.edu> + */ +// =================================================================== + + +#ifndef TAO_SL2_QOP_POLICY_H +#define TAO_SL2_QOP_POLICY_H + +#include /**/ "ace/pre.h" + +#include "security_export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/orbsvcs/SecurityLevel2C.h" + +#include "tao/LocalObject.h" + + +namespace TAO +{ + namespace Security + { + /** + * @class QOPPolicy + * + * @brief Implementation of the SecurityLevel2::QOPPolicy + * interface. + * + * This policy can be used to affect the quality of protection + * (QoP) for invocation on a per-object basis. For example, it + * can be set as a policy override using the standard + * CORBA::Object::_set_policy_overrides() method. + * @par + * This policy can be created by using the + * CORBA::ORB::create_policy() method by passing it the + * Security::SecQOPPolicy policy type, and the appropriate + * Security::QOP enumeration (inserted into a CORBA::Any). + */ + class TAO_Security_Export QOPPolicy + : public virtual SecurityLevel2::QOPPolicy, + public virtual TAO_Local_RefCounted_Object + { + public: + + /// Constructor + QOPPolicy (::Security::QOP qop); + + /** + * @name CORBA::Policy Methods + */ + //@{ + virtual CORBA::PolicyType policy_type (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Policy_ptr copy (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void destroy (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /// Return the Quality-of-Protection value associated with this + /// policy. + virtual ::Security::QOP qop (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + protected: + + /// Destructor + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechansim. + */ + ~QOPPolicy (void); + + private: + + /// Quality of protection which can be specified for an object + /// reference and used to protect messages. + ::Security::QOP qop_; + + }; + + } // End Security namespace +} // End TAO namespace + +#include /**/ "ace/post.h" + +#endif /* TAO_SL2_QOP_POLICY_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.cpp b/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.cpp new file mode 100644 index 00000000000..28e1650facf --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.cpp @@ -0,0 +1,11 @@ +#include "SL3_CredentialsAcquirerFactory.h" + + +ACE_RCSID (Security, + SL3_CredentialsAcquirerFactory, + "$Id$") + + +TAO::SL3::CredentialsAcquirerFactory::~CredentialsAcquirerFactory (void) +{ +} diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.h b/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.h new file mode 100644 index 00000000000..2d63dde1290 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsAcquirerFactory.h @@ -0,0 +1,65 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SL3_CredentialsAcquirerFactory.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +//============================================================================= + + +#ifndef TAO_SL3_CREDENTIALS_ACQUIRER_FACTORY_H +#define TAO_SL3_CREDENTIALS_ACQUIRER_FACTORY_H + +#include "ace/pre.h" + +#include "orbsvcs/orbsvcs/Security/security_export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h" + +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" + + +namespace TAO +{ + namespace SL3 + { + + /** + * @class CredentialsAcquirerFactory + * + * @brief Abstract base class for all concrete + * CredentialsAcquirerFactory implementations. + * + * All concrete CredentialsAcquirerFactory classes must implement + * this interface. + */ + class TAO_Security_Export CredentialsAcquirerFactory + { + public: + + /// Destructor. + virtual ~CredentialsAcquirerFactory (void); + + /// Create a TAO::SL3::CredentialsAcquirerFactory. + virtual SecurityLevel3::CredentialsAcquirer_ptr make ( + TAO::SL3::CredentialsCurator_ptr curator, + const CORBA::Any & acquisition_arguments + ACE_ENV_ARG_DECL) = 0; + + }; + + } // End SL3 namespace +} // End TAO namespace + + +#include "ace/post.h" + +#endif /* TAO_SL3_CREDENTIALS_ACQUIRER_FACTORY_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.cpp b/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.cpp new file mode 100644 index 00000000000..ff700221dc9 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.cpp @@ -0,0 +1,308 @@ +// $Id$ + +#include "SL3_CredentialsCurator.h" +#include "SL3_CredentialsAcquirerFactory.h" + + +ACE_RCSID (Security, + SL3_CredentialsCurator, + "$Id$") + + +namespace TAO +{ + namespace SL3 + { + static const size_t CREDENTIALS_TABLE_SIZE = 128; + } +} + +TAO::SL3::CredentialsCurator::CredentialsCurator (void) + : lock_ (), + acquirer_factories_ (), + credentials_table_ (TAO::SL3::CREDENTIALS_TABLE_SIZE) +{ +} + +TAO::SL3::CredentialsCurator::~CredentialsCurator (void) +{ + const Factory_Iterator fend = this->acquirer_factories_.end (); + for (Factory_Iterator i = this->acquirer_factories_.begin (); + i != fend; + ++i) + { + // Deallocate the CredentialsId. + CORBA::string_free (const_cast<char *> ((*i).ext_id_)); + + delete (*i).int_id_; + } + + this->acquirer_factories_.close (); + + const Credentials_Iterator end = this->credentials_table_.end (); + for (Credentials_Iterator j = this->credentials_table_.begin (); + j != end; + ++j) + { + // Deallocate the CredentialsId. + CORBA::string_free (const_cast<char *> ((*j).ext_id_)); + } + + this->credentials_table_.close (); +} + +TAO::SL3::CredentialsCurator_ptr +TAO::SL3::CredentialsCurator::_duplicate (TAO::SL3::CredentialsCurator_ptr obj) +{ + if (!CORBA::is_nil (obj)) + obj->_add_ref (); + + return obj; +} + +TAO::SL3::CredentialsCurator_ptr +TAO::SL3::CredentialsCurator::_narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL_NOT_USED) +{ + return TAO::SL3::CredentialsCurator::_duplicate ( + dynamic_cast<TAO::SL3::CredentialsCurator *> (obj)); +} + +TAO::SL3::CredentialsCurator_ptr +TAO::SL3::CredentialsCurator::_nil (void) +{ + return (CredentialsCurator *) 0; +} + +SecurityLevel3::AcquisitionMethodList * +TAO::SL3::CredentialsCurator::supported_methods (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + SecurityLevel3::AcquisitionMethodList * list; + ACE_NEW_THROW_EX (list, + SecurityLevel3::AcquisitionMethodList, + CORBA::NO_MEMORY ()); + SecurityLevel3::AcquisitionMethodList_var methods = list; + + ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, + guard, + this->lock_, + 0); + + methods->length (this->acquirer_factories_.current_size ()); + + CORBA::ULong n = 0; + + const Factory_Iterator end = this->acquirer_factories_.end (); + for (Factory_Iterator i = this->acquirer_factories_.begin (); + i != end; + ++i) + { + methods[n++] = CORBA::string_dup ((*i).ext_id_); + } + + return methods._retn (); +} + +SecurityLevel3::CredentialsAcquirer_ptr +TAO::SL3::CredentialsCurator::acquire_credentials ( + const char * acquisition_method, + const CORBA::Any & acquisition_arguments + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + TAO::SL3::CredentialsAcquirerFactory * factory; + + if (this->acquirer_factories_.find (acquisition_method, + factory) == 0) + { + return factory->make (this, + acquisition_arguments + ACE_ENV_ARG_PARAMETER); + } + + ACE_THROW_RETURN (CORBA::BAD_PARAM (), + SecurityLevel3::CredentialsAcquirer::_nil ()); + +} + +SecurityLevel3::OwnCredentialsList * +TAO::SL3::CredentialsCurator::default_creds_list (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + SecurityLevel3::OwnCredentialsList * list; + ACE_NEW_THROW_EX (list, + SecurityLevel3::OwnCredentialsList, + CORBA::NO_MEMORY ()); + ACE_CHECK_RETURN (0); + + SecurityLevel3::OwnCredentialsList_var creds_list = list; + + ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, + guard, + this->lock_, + 0); + + creds_list->length (this->credentials_table_.current_size ()); + + CORBA::ULong n = 0; + + const Credentials_Iterator end = this->credentials_table_.end (); + for (Credentials_Iterator i = this->credentials_table_.begin (); + i != end; + ++i) + { + creds_list[n++] = + SecurityLevel3::OwnCredentials::_duplicate ((*i).int_id_); + } + + return creds_list._retn (); +} + +SecurityLevel3::CredentialsIdList * +TAO::SL3::CredentialsCurator::default_creds_ids (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + SecurityLevel3::CredentialsIdList * list; + ACE_NEW_THROW_EX (list, + SecurityLevel3::CredentialsIdList, + CORBA::NO_MEMORY ()); + SecurityLevel3::CredentialsIdList_var creds_ids = list; + + ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, + guard, + this->lock_, + 0); + + creds_ids->length (this->credentials_table_.current_size ()); + + CORBA::ULong n = 0; + + const Credentials_Iterator end = this->credentials_table_.end (); + for (Credentials_Iterator i = this->credentials_table_.begin (); + i != end; + ++i) + { + creds_ids[n++] = CORBA::string_dup ((*i).ext_id_); + } + + return creds_ids._retn (); +} + +SecurityLevel3::OwnCredentials_ptr +TAO::SL3::CredentialsCurator::get_own_credentials ( + const char * credentials_id + ACE_ENV_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + Credentials_Table::ENTRY * entry; + + ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, + guard, + this->lock_, + SecurityLevel3::OwnCredentials::_nil ()); + + if (this->credentials_table_.find (credentials_id, entry) != 0) + { + return SecurityLevel3::OwnCredentials::_nil (); + } + + return + SecurityLevel3::OwnCredentials::_duplicate (entry->int_id_.in ()); +} + +void +TAO::SL3::CredentialsCurator::release_own_credentials ( + const char * credentials_id + ACE_ENV_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + Credentials_Table::ENTRY * entry; + + ACE_GUARD (TAO_SYNCH_MUTEX, guard, this->lock_); + + if (this->credentials_table_.find (credentials_id, entry) == 0) + { + // Deallocate the external ID (a const char *) before unbinding. + CORBA::string_free (const_cast<char *> (entry->ext_id_)); + + (void) this->credentials_table_.unbind (entry); + } +} + +void +TAO::SL3::CredentialsCurator:: register_acquirer_factory ( + const char * acquisition_method, + TAO::SL3::CredentialsAcquirerFactory * factory + ACE_ENV_ARG_DECL) +{ + if (acquisition_method == 0 || factory == 0) + ACE_THROW (CORBA::BAD_PARAM ()); + + CORBA::String_var method = CORBA::string_dup (acquisition_method); + + ACE_GUARD (TAO_SYNCH_MUTEX, guard, this->lock_); + + const int result = + this->acquirer_factories_.bind (method.in (), factory); + + if (result == 1) // Entry already exists in table. + ACE_THROW (CORBA::BAD_INV_ORDER ()); + else if (result == -1) // Failure. + ACE_THROW (CORBA::INTERNAL ()); + + // Otherwise success! +} + +void +TAO::SL3::CredentialsCurator::_tao_add_own_credentials ( + SecurityLevel3::OwnCredentials_ptr credentials + ACE_ENV_ARG_DECL) +{ + CORBA::String_var credentials_id = + credentials->creds_id (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK; + + SecurityLevel3::OwnCredentials_var creds = + SecurityLevel3::OwnCredentials::_duplicate (credentials); + + if (this->credentials_table_.bind (credentials_id.in (), + creds) != 0) + { + ACE_THROW (CORBA::NO_RESOURCES ()); + } + + (void) credentials_id._retn (); // Credentials table nows owns the id. +} + + + +#if defined (ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION) + +template class ACE_Map_Entry<const char *, TAO::SL3::CredentialsAcquirerFactory *>; +template class ACE_Map_Iterator_Base<const char *, TAO::SL3::CredentialsAcquirerFactory *, ACE_Null_Mutex>; +template class ACE_Map_Iterator<const char *, TAO::SL3::CredentialsAcquirerFactory *, ACE_Null_Mutex>; +template class ACE_Map_Reverse_Iterator<const char *, TAO::SL3::CredentialsAcquirerFactory *, ACE_Null_Mutex>; +template class ACE_Map_Manager<const char *, TAO::SL3::CredentialsAcquirerFactory *, ACE_Null_Mutex>; + +template class ACE_Hash_Map_Entry<const char *, SecurityLevel3::OwnCredentials_var>; +template class ACE_Hash_Map_Manager_Ex<const char *, SecurityLevel3::OwnCredentials_var, ACE_Hash<const char *>, ACE_Equal_To<const char *>, ACE_Null_Mutex>; +template class ACE_Hash_Map_Iterator_Base_Ex<const char *, SecurityLevel3::OwnCredentials_var, ACE_Hash<const char *>, ACE_Equal_To<const char *>, ACE_Null_Mutex>; +template class ACE_Hash_Map_Iterator_Ex<const char *, SecurityLevel3::OwnCredentials_var, ACE_Hash<const char *>, ACE_Equal_To<const char *>, ACE_Null_Mutex>; +template class ACE_Hash_Map_Reverse_Iterator_Ex<const char *, SecurityLevel3::OwnCredentials_var, ACE_Hash<const char *>, ACE_Equal_To<const char *>, ACE_Null_Mutex>; + +#elif defined (ACE_HAS_TEMPLATE_INSTANTIATION_PRAGMA) + +#pragma instantiate ACE_Map_Entry<const char *, TAO::SL3::CredentialsAcquirerFactory *> +#pragma instantiate ACE_Map_Iterator_Base<const char *, TAO::SL3::CredentialsAcquirerFactory *, ACE_Null_Mutex> +#pragma instantiate ACE_Map_Iterator<const char *, TAO::SL3::CredentialsAcquirerFactory *, ACE_Null_Mutex> +#pragma instantiate ACE_Map_Reverse_Iterator<const char *, TAO::SL3::CredentialsAcquirerFactory *, ACE_Null_Mutex> +#pragma instantiate ACE_Map_Manager<const char *, TAO::SL3::CredentialsAcquirerFactory *, ACE_Null_Mutex> + +#pragma instantiate ACE_Hash_Map_Entry<const char *, SecurityLevel3::OwnCredentials_var> +#pragma instantiate ACE_Hash_Map_Manager_Ex<const char *, SecurityLevel3::OwnCredentials_var, ACE_Hash<const char *>, ACE_Equal_To<const char *>, ACE_Null_Mutex> +#pragma instantiate ACE_Hash_Map_Iterator_Base_Ex<const char *, SecurityLevel3::OwnCredentials_var, ACE_Hash<const char *>, ACE_Equal_To<const char *>, ACE_Null_Mutex> +#pragma instantiate ACE_Hash_Map_Iterator_Ex<const char *, SecurityLevel3::OwnCredentials_var, ACE_Hash<const char *>, ACE_Equal_To<const char *>, ACE_Null_Mutex> +#pragma instantiate ACE_Hash_Map_Reverse_Iterator_Ex<const char *, SecurityLevel3::OwnCredentials_var, ACE_Hash<const char *>, ACE_Equal_To<const char *>, ACE_Null_Mutex> + +#endif /* ACE_HAS_EXPLICIT_TEMPLATE_INSTANTIATION */ diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h b/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h new file mode 100644 index 00000000000..ce4f7172b8e --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_CredentialsCurator.h @@ -0,0 +1,171 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SL3_CredentialsCurator.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +//============================================================================= + + +#ifndef TAO_SL3_CREDENTIALS_CURATOR_H +#define TAO_SL3_CREDENTIALS_CURATOR_H + +#include "ace/pre.h" +#include "orbsvcs/orbsvcs/Security/security_export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" + +#include "tao/LocalObject.h" + +#include "ace/Hash_Map_Manager_T.h" +#include "ace/Map_Manager.h" + + +#if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +#pragma warning(push) +#endif /* _MSC_VER >= 1200 */ +#pragma warning(disable:4250) +#endif /* _MSC_VER */ + +namespace TAO +{ + namespace SL3 + { + class CredentialsAcquirerFactory; + + class CredentialsCurator; + typedef CredentialsCurator* CredentialsCurator_ptr; + typedef TAO_Pseudo_Var_T<CredentialsCurator> CredentialsCurator_var; + typedef TAO_Pseudo_Out_T<CredentialsCurator, CredentialsCurator_var> CredentialsCurator_out; + + /** + * @class CredentialsCurator + * + * @brief Implementation of the SecurityLevel3::CredentialsCurator + * object. + * + * This class provides a means for creating and managing + * OwnCredentials. + */ + class TAO_Security_Export CredentialsCurator + : public virtual SecurityLevel3::CredentialsCurator, + public virtual TAO_Local_RefCounted_Object + { + public: + + /** + * The type of table that maps acquisition method to acquirer + * factory. + */ + typedef ACE_Map_Manager<const char *, + TAO::SL3::CredentialsAcquirerFactory *, + ACE_Null_Mutex> Acquirer_Factory_Table; + typedef Acquirer_Factory_Table::iterator Factory_Iterator; + + typedef ACE_Hash_Map_Manager_Ex <const char *, + SecurityLevel3::OwnCredentials_var, + ACE_Hash<const char *>, + ACE_Equal_To<const char *>, + ACE_Null_Mutex> Credentials_Table; + typedef Credentials_Table::iterator Credentials_Iterator; + + /// Constructor + CredentialsCurator (void); + + static CredentialsCurator_ptr _duplicate (CredentialsCurator_ptr obj); + static CredentialsCurator_ptr _nil (void); + static CredentialsCurator_ptr _narrow (CORBA::Object_ptr obj + ACE_ENV_ARG_DECL); + + /** + * @name SecurityLevel3::CredentialsCurator Methods + * + * Methods required by the SecurityLevel3::CredentialsCurator + * interface. + */ + //@{ + virtual SecurityLevel3::AcquisitionMethodList * supported_methods ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::CredentialsAcquirer_ptr acquire_credentials ( + const char * acquisition_method, + const CORBA::Any & acquisition_arguments + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::OwnCredentialsList * default_creds_list ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::CredentialsIdList * default_creds_ids ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual SecurityLevel3::OwnCredentials_ptr get_own_credentials ( + const char * credentials_id + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void release_own_credentials (const char * credentials_id + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /// Register CredentialsAcquirer factory. + /** + * @note The CredentialsCurator retains ownership of the + * factory. + */ + void register_acquirer_factory ( + const char * acquisition_method, + TAO::SL3::CredentialsAcquirerFactory * factory + ACE_ENV_ARG_DECL); + + /// TAO-specific means of adding credentials to this + /// CredentialsCurator's "own credentials" list. + void _tao_add_own_credentials ( + SecurityLevel3::OwnCredentials_ptr credentials + ACE_ENV_ARG_DECL); + + protected: + + /// Destructor + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechanism. + */ + ~CredentialsCurator (void); + + private: + + /// Lock used to synchronize access to underlying tables. + TAO_SYNCH_MUTEX lock_; + + /// Table of CredentialsAcquirer factories. + Acquirer_Factory_Table acquirer_factories_; + + /// Table of OwnCredentials. + Credentials_Table credentials_table_; + }; + + } // End SL3 namespace +} // End TAO namespace + + +#if defined(_MSC_VER) && (_MSC_VER >= 1200) +#pragma warning(pop) +#endif /* _MSC_VER */ + +#include "ace/post.h" + +#endif /* TAO_SL3_CREDENTIALS_CURATOR_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_ObjectCredentialsPolicy.cpp b/TAO/orbsvcs/orbsvcs/Security/SL3_ObjectCredentialsPolicy.cpp index 672782e9a0d..c11ce4a57af 100644 --- a/TAO/orbsvcs/orbsvcs/Security/SL3_ObjectCredentialsPolicy.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_ObjectCredentialsPolicy.cpp @@ -3,7 +3,7 @@ #include "SL3_ObjectCredentialsPolicy.h" -ACE_RCSID (CSIv2, +ACE_RCSID (Security, SL3_ObjectCredentialsPolicy, "$Id$") diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.cpp b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.cpp new file mode 100644 index 00000000000..2ad9a8ca9fc --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.cpp @@ -0,0 +1,57 @@ +// $Id$ + +#include "SL3_SecurityCurrent.h" + + +ACE_RCSID (Security, + SL3_SecurityCurrent, + "$Id$") + + +#if !defined (__ACE_INLINE__) +# include "SL3_SecurityCurrent.inl" +#endif /* __ACE_INLINE__ */ + + +TAO::SL3::SecurityCurrent::SecurityCurrent (size_t tss_slot, + TAO_ORB_Core * oc) + : tss_slot_ (tss_slot), + orb_core_ (oc) +{ +} + + +TAO::SL3::SecurityCurrent::~SecurityCurrent (void) +{ +} + +SecurityLevel3::ClientCredentials_ptr +TAO::SL3::SecurityCurrent::client_credentials (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + TAO::SL3::SecurityCurrent_Impl * impl = this->implementation (); + + // If the implementation pointer returned from TSS is zero, then + // we're not in the middle of a request/upcall. Throw an exception + // to indicate that. + if (impl == 0) + ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (), + SecurityLevel3::ClientCredentials::_nil ()); + + return impl->client_credentials (ACE_ENV_SINGLE_ARG_PARAMETER); +} + +CORBA::Boolean +TAO::SL3::SecurityCurrent::request_is_local (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + TAO::SL3::SecurityCurrent_Impl * impl = this->implementation (); + + // If the implementation pointer returned from TSS is zero, then + // we're not in the middle of a request/upcall. Throw an exception + // to indicate that. + if (impl == 0) + ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (), false); + + return impl->request_is_local (ACE_ENV_SINGLE_ARG_PARAMETER); +} diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.h b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.h new file mode 100644 index 00000000000..f8c7332396c --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.h @@ -0,0 +1,152 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SL3_SecurityCurrent.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +//============================================================================= + + +#ifndef TAO_SL3_SECURITY_CURRENT_H +#define TAO_SL3_SECURITY_CURRENT_H + +#include "ace/pre.h" + +#include "orbsvcs/orbsvcs/Security/security_export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "SL3_SecurityCurrent_Impl.h" + +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" + +#include "tao/LocalObject.h" + +#if defined(_MSC_VER) +#if (_MSC_VER >= 1200) +#pragma warning(push) +#endif /* _MSC_VER >= 1200 */ +#pragma warning(disable:4250) +#endif /* _MSC_VER */ + + +class TAO_ORB_Core; + +namespace TAO +{ + namespace SL3 + { + /** + * @class SecurityCurrent + * + * @brief SecurityLevel3::SecurityCurrent implementation. + * + * Thread-specific information may be retrieved from the target + * security service through this object. + * + * @note This SecurityCurrent implementation basically a variant + * of the bridge design pattern. All operations are + * delegated on to concrete implementations. + */ + class TAO_Security_Export SecurityCurrent + : public virtual SecurityLevel3::SecurityCurrent, + public virtual TAO_Local_RefCounted_Object + { + public: + + /// Constructor + SecurityCurrent (size_t tss_slot, TAO_ORB_Core * oc); + + /** + * @name SecurityLevel3::SecurityCurrent Methods + * + * Methods required by the SecurityLevel3::SecurityCurrent + * interface. + */ + //@{ + virtual SecurityLevel3::ClientCredentials_ptr client_credentials ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual CORBA::Boolean request_is_local (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + /// Return the TSS slot ID assigned to the "SecurityCurrent" + /// object. + /** + * The concrete thread-specific storage SecurityCurrent + * implementations will each use this slot ID. + */ + size_t tss_slot (void) const; + + protected: + + /// Destructor + /** + * Protected destructor to enforce proper memory management + * through the reference counting mechanism. + */ + ~SecurityCurrent (void); + + private: + + /// Set the thread-specific storage + /// SecurityLevel3::SecurityCurrent implementation. + /** + * The pointer is actually one to a concrete implementation provided + * by the underlying security mechanism. For example, SSLIOP + * implements its own SSLIOP-specific operations corresponding + * to the ones exposed by the SecurityCurrent interface. + * Similarly, SECIOP would do the same. + * @par + * There is no function that places the implementation pointer + * in TSS. The underlying security mechanism does that. + */ + SecurityCurrent_Impl * implementation (void); + + private: + + /** + * @name Retricted Copying and Assignment + * + * Prevent copying through the copy constructor and the + * assignment operator. + */ + //@{ + SecurityCurrent (const SecurityCurrent &); + void operator= (const SecurityCurrent &); + //@} + + private: + + /// Thread-specific storage slot assigned to this object. + const size_t tss_slot_; + + /// Pointer to the ORB Core corresponding to the ORB with which + /// this object is registered. + TAO_ORB_Core *orb_core_; + + }; + + } // End SL3 namespace +} // End TAO namespace + + +#if defined (__ACE_INLINE__) +# include "SL3_SecurityCurrent.inl" +#endif /* __ACE_INLINE__ */ + +#if defined(_MSC_VER) && (_MSC_VER >= 1200) +#pragma warning(pop) +#endif /* _MSC_VER */ + +#include "ace/post.h" + +#endif /* TAO_SL3_SECURITY_CURRENT_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.inl b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.inl new file mode 100644 index 00000000000..ca53b8175b0 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent.inl @@ -0,0 +1,22 @@ +// -*- C++ -*- +// +// $Id$ + +#include "tao/ORB_Core.h" + + +ACE_INLINE size_t +TAO::SL3::SecurityCurrent::tss_slot (void) const +{ + return this->tss_slot_; +} + +ACE_INLINE TAO::SL3::SecurityCurrent_Impl * +TAO::SL3::SecurityCurrent::implementation (void) +{ + TAO::SL3::SecurityCurrent_Impl *impl = + static_cast<TAO::SL3::SecurityCurrent_Impl *> ( + this->orb_core_->get_tss_resource (this->tss_slot_)); + + return impl; +} diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.cpp b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.cpp new file mode 100644 index 00000000000..a0e96f0ed65 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.cpp @@ -0,0 +1,12 @@ +// -*- C++ -*- + +#include "SL3_SecurityCurrent_Impl.h" + +ACE_RCSID (Security, + SL3_Security_Current_Impl, + "$Id$") + + +TAO::SL3::SecurityCurrent_Impl::~SecurityCurrent_Impl (void) +{ +} diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.h b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.h new file mode 100644 index 00000000000..01862f6f390 --- /dev/null +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityCurrent_Impl.h @@ -0,0 +1,80 @@ +// -*- C++ -*- + +// =================================================================== +/** + * @file Security_Current_Impl.h + * + * $Id$ + * + * @author Ossama Othman <ossama@dre.vanderbilt.edu> + */ +// =================================================================== + +#ifndef TAO_SL3_SECURITY_CURRENT_IMPL_H +#define TAO_SL3_SECURITY_CURRENT_IMPL_H + +#include /**/ "ace/pre.h" + +#include "ace/config-all.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "security_export.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" + +namespace TAO +{ + namespace SL3 + { + /** + * @class SecurityCurrent_Impl + * + * @brief Base class for the TSS portion of any underlying + * security mechanism. + * + * This class provides the same interface as the + * SecurityLevel3::SecurityCurrent object. However, it is not + * derived from that interface since we need to explicitly avoid + * virtual inheritance so that it is safe to store subclasses in a + * "void * *" and later cast that pointer back to the subclass + * pointer type. + */ + class TAO_Security_Export SecurityCurrent_Impl + { + public: + + /// Destructor. + virtual ~SecurityCurrent_Impl (void); + + /** + * @name SecurityLevel3::Current Methods + * + * These methods are founds in the SecurityLevel3::Current + * interface. + */ + //@{ + /// Return the Credentials received from the client associate with + /// the current request. + virtual SecurityLevel3::ClientCredentials_ptr client_credentials ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) = 0; + + /// Is the current request local? + virtual CORBA::Boolean request_is_local ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) = 0; + //@} + + /// Return the unique tag that identifies the concrete subclass. + virtual CORBA::ULong tag (void) const = 0; + + }; + + } // End Security namespace. +} // End TAO namespace. + +#include /**/ "ace/post.h" + +#endif /* TAO_SL3_SECURITY_CURRENT_IMPL_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityManager.cpp b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityManager.cpp index 747bdf128bb..8dede16ad3d 100644 --- a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityManager.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityManager.cpp @@ -5,7 +5,7 @@ #include "SL3_ObjectCredentialsPolicy.h" -ACE_RCSID (CSIv2, +ACE_RCSID (Security, SL3_SecurityManager, "$Id$") diff --git a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityManager.h b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityManager.h index 42aa487c50f..a7efd8cb1a1 100644 --- a/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityManager.h +++ b/TAO/orbsvcs/orbsvcs/Security/SL3_SecurityManager.h @@ -104,7 +104,6 @@ namespace TAO }; } // End SL3 namespace - } // End TAO namespace diff --git a/TAO/orbsvcs/orbsvcs/Security/SecurityManager.cpp b/TAO/orbsvcs/orbsvcs/Security/SecurityManager.cpp deleted file mode 100644 index beb61a87ca3..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/SecurityManager.cpp +++ /dev/null @@ -1,220 +0,0 @@ -// -*- C++ -*- - -#include "SecurityManager.h" - -ACE_RCSID (Security, - SecurityManager, - "$Id$") - - -#include "PrincipalAuthenticator.h" - -#include "tao/ORB_Constants.h" - - -TAO_SecurityManager::TAO_SecurityManager (void) - : lock_ (), - principal_authenticator_ () -{ -} - -TAO_SecurityManager::~TAO_SecurityManager (void) -{ -} - -Security::MechandOptionsList * -TAO_SecurityManager::supported_mechanisms (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - 0); -} - -SecurityLevel2::CredentialsList * -TAO_SecurityManager::own_credentials (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, - monitor, - this->lock_, - 0); - - SecurityLevel2::CredentialsList *creds_list = 0; - ACE_NEW_THROW_EX (creds_list, - SecurityLevel2::CredentialsList (this->own_credentials_), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (0); - - return creds_list; -} - -SecurityLevel2::RequiredRights_ptr -TAO_SecurityManager::required_rights_object (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - SecurityLevel2::RequiredRights::_nil ()); -} - -SecurityLevel2::PrincipalAuthenticator_ptr -TAO_SecurityManager::principal_authenticator (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - { - ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, - monitor, - this->lock_, - SecurityLevel2::PrincipalAuthenticator::_nil ()); - - if (CORBA::is_nil (this->principal_authenticator_.in ())) - { - TAO_PrincipalAuthenticator *pa = 0; - ACE_NEW_THROW_EX (pa, - TAO_PrincipalAuthenticator (this), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (SecurityLevel2::PrincipalAuthenticator::_nil ()); - - this->principal_authenticator_ = pa; - } - } - - return - SecurityLevel2::PrincipalAuthenticator::_duplicate ( - this->principal_authenticator_.in ()); -} - -SecurityLevel2::AccessDecision_ptr -TAO_SecurityManager::access_decision (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - SecurityLevel2::AccessDecision::_nil ()); -} - -SecurityLevel2::AuditDecision_ptr -TAO_SecurityManager::audit_decision (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - SecurityLevel2::AuditDecision::_nil ()); -} - -SecurityLevel2::TargetCredentials_ptr -TAO_SecurityManager::get_target_credentials (CORBA::Object_ptr /* obj_ref */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - SecurityLevel2::TargetCredentials::_nil ()); -} - -void -TAO_SecurityManager::remove_own_credentials ( - SecurityLevel2::Credentials_ptr creds - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_GUARD (TAO_SYNCH_MUTEX, monitor, this->lock_); - - // Check if the given Credentials are already in the "own - // credentials" list. - - const CORBA::ULong len = this->own_credentials_.length (); - - // @@ A linear search. Yuck! - for (CORBA::ULong i = 0; i < len; ++i) - if (this->own_credentials_[i].in () == creds) - { - if (i == len - 1) - this->own_credentials_.length (len - 1); - else - { - // Avoid building a new CredentialsList. Just invalidate - // the Credentials in the current position in the - // CredentialsList. - // - // This is has the disadvantage that it will leave "holes" - // in the CredentialsList. - this->own_credentials_[i] = SecurityLevel2::Credentials::_nil (); - } - - return; - } - - ACE_THROW (CORBA::BAD_PARAM ()); -} - -CORBA::Policy_ptr -TAO_SecurityManager::get_security_policy (CORBA::PolicyType /* policy_type */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOTSUP), - CORBA::COMPLETED_NO), - CORBA::Policy::_nil ()); -} - -void -TAO_SecurityManager::add_own_credentials (SecurityLevel2::Credentials_ptr creds - ACE_ENV_ARG_DECL) -{ - ACE_GUARD (TAO_SYNCH_MUTEX, monitor, this->lock_); - - // Check if the given Credentials are already in the "own - // credentials" list. - - const CORBA::ULong len = this->own_credentials_.length (); - - CORBA::ULong empty_slot = 0; - - // @@ A linear search. Yuck! - for (CORBA::ULong i = 0; i < len; ++i) - if (this->own_credentials_[i].in () == creds) - ACE_THROW (CORBA::BAD_PARAM ()); - else if (empty_slot == 0 - && CORBA::is_nil (this->own_credentials_[i])) - empty_slot = i; - - if (empty_slot != 0) - { - this->own_credentials_[empty_slot] = - SecurityLevel2::Credentials::_duplicate (creds); - } - else - { - this->own_credentials_.length (len + 1); - this->own_credentials_[len] = - SecurityLevel2::Credentials::_duplicate (creds); - } -} diff --git a/TAO/orbsvcs/orbsvcs/Security/SecurityManager.h b/TAO/orbsvcs/orbsvcs/Security/SecurityManager.h deleted file mode 100644 index 720caa7c68a..00000000000 --- a/TAO/orbsvcs/orbsvcs/Security/SecurityManager.h +++ /dev/null @@ -1,172 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file SecurityManager.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - - -#ifndef TAO_SECURITY_MANAGER_H -#define TAO_SECURITY_MANAGER_H - -#include /**/ "ace/pre.h" - -#include "security_export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/orbsvcs/SecurityLevel2C.h" - -#include "tao/LocalObject.h" - -/** - * @class TAO_SecurityManager - * - * @brief Implementation of the SecurityLevel2::SecurityManager - * interface. - * - * A reference to the SecurityManager object can be retrieved by - * calling CORBA::ORB::resolve_initial_references ("SecurityManager"); - */ -class TAO_Security_Export TAO_SecurityManager - : public virtual SecurityLevel2::SecurityManager, - public virtual TAO_Local_RefCounted_Object -{ -public: - - /// Constructor - TAO_SecurityManager (void); - - /** - * @name SecurityLevel2::SecurityManager Methods - * - * Methods exposed by the SecurityLevel2::SecurityManager - * interface. - */ - //@{ - /// Return a sequence containing the security mechanisms supported - /// by the Security Service. - virtual Security::MechandOptionsList * supported_mechanisms ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return the list of Credentials currently associated with the - /// application itself, i.e. its own credentials. - virtual SecurityLevel2::CredentialsList * own_credentials ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return a reference to the RequiredRights object. - /** - * The RequiredRights object is only useful to the application if - * the application needs to perform its own rights-based access - * control. - */ - virtual SecurityLevel2::RequiredRights_ptr required_rights_object ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return a reference to the PrincipalAuthenticator object. - /** - * The PrincipalAuthenticator is used to authenticate principals and - * create credentials for them. - */ - virtual SecurityLevel2::PrincipalAuthenticator_ptr principal_authenticator ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return a reference to the AccessDecision object. - /** - * The AccessDecision object can be used to determine accessibility - * of objects. - */ - virtual SecurityLevel2::AccessDecision_ptr access_decision ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return a reference to the AuditDecision object. - /** - * The AuditDecision object can be used to determine what needs to - * be audited for a given object. - */ - virtual SecurityLevel2::AuditDecision_ptr audit_decision ( - ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return the TargetCredentials associated with the given object - /// reference. - virtual SecurityLevel2::TargetCredentials_ptr get_target_credentials ( - CORBA::Object_ptr obj_ref - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Remove the given credential from the application's own - /// Credentials list. - /** - * @note A CORBA::BAD_PARAM exception will be thrown if the given - * credential is not in the SecurityManager's "own - * credentials" list. - */ - virtual void remove_own_credentials ( - SecurityLevel2::Credentials_ptr creds - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return the security policy currently in effect corresponding to - /// the given policy type. - virtual CORBA::Policy_ptr get_security_policy ( - CORBA::PolicyType policy_type - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /** - * @name TAO-specific Methods - * - * Methods used internally by TAO's Security Service. - */ - //@{ - /// Add the given credentials to the SecurityManager's "own - /// credentials" list. - /** - * This method is generally only used by the PrincipalAuthenticator - * when credentials are created and authenticated. - */ - void add_own_credentials (SecurityLevel2::Credentials_ptr creds - ACE_ENV_ARG_DECL); - //@} - -protected: - - /// Destructor - /** - * Protected destructor to enforce the fact this class is reference - * counted, and should not be destroyed using delete() by anything - * other than the reference counting mechanism. - */ - ~TAO_SecurityManager (void); - -private: - - /// Lock used to synchronize access to the SecurityManager's state. - TAO_SYNCH_MUTEX lock_; - - /// List of SecurityManager's own credentials, i.e. those created by - /// its PrincipalAuthenticator. - SecurityLevel2::CredentialsList own_credentials_; - - /// Reference to the PrinicipalAuthenticator. - SecurityLevel2::PrincipalAuthenticator_var principal_authenticator_; - -}; - -#include /**/ "ace/post.h" - -#endif /* TAO_SECURITY_MANAGER_H */ diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp b/TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp index d0cb2584117..321151fc753 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current.cpp @@ -3,7 +3,7 @@ #include "Security_Current.h" #include "tao/debug.h" -ACE_RCSID (TAO_Security, +ACE_RCSID (Security, Security_Current, "$Id$") @@ -29,7 +29,7 @@ TAO_Security_Current::get_attributes ( ACE_ENV_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - TAO_Security_Current_Impl *impl = this->implementation (); + TAO::Security::Current_Impl *impl = this->implementation (); // If the implementation pointer returned from TSS is zero, then // we're not in the middle of a request/upcall. Throw an exception @@ -45,7 +45,7 @@ TAO_Security_Current::received_credentials ( ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - TAO_Security_Current_Impl *impl = this->implementation (); + TAO::Security::Current_Impl *impl = this->implementation (); // If the implementation pointer returned from TSS is zero, then // we're not in the middle of a request/upcall. Throw an exception diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current.h b/TAO/orbsvcs/orbsvcs/Security/Security_Current.h index ffd37e4e84b..c1be7b22e78 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_Current.h +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current.h @@ -109,7 +109,7 @@ protected: * There is no function that places the implementation pointer in * TSS. The underlying security mechanism does that. */ - TAO_Security_Current_Impl *implementation (void); + TAO::Security::Current_Impl *implementation (void); private: diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current.inl b/TAO/orbsvcs/orbsvcs/Security/Security_Current.inl index 67dca1a858c..c194ecf4d1a 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_Current.inl +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current.inl @@ -8,15 +8,15 @@ TAO_Security_Current::tss_slot (void) const return this->tss_slot_; } -ACE_INLINE TAO_Security_Current_Impl * +ACE_INLINE TAO::Security::Current_Impl * TAO_Security_Current::implementation (void) { if (this->orb_core_ == 0 && this->init () != 0) return 0; - TAO_Security_Current_Impl *impl = - ACE_static_cast (TAO_Security_Current_Impl *, - this->orb_core_->get_tss_resource (this->tss_slot_)); + TAO::Security::Current_Impl *impl = + static_cast<TAO::Security::Current_Impl *> ( + this->orb_core_->get_tss_resource (this->tss_slot_)); return impl; } diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp b/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp index a5635bb4954..57f35df99d7 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.cpp @@ -2,11 +2,11 @@ #include "Security_Current_Impl.h" -ACE_RCSID (TAO_Security, - Security_Current_Impl, +ACE_RCSID (Security, + SL3_Security_Current_Impl, "$Id$") -TAO_Security_Current_Impl::~TAO_Security_Current_Impl (void) +TAO::Security::Current_Impl::~Current_Impl (void) { } diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.h b/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.h index 01fc12d4061..7ffe96e6d1b 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.h +++ b/TAO/orbsvcs/orbsvcs/Security/Security_Current_Impl.h @@ -24,58 +24,67 @@ #include "security_export.h" #include "orbsvcs/orbsvcs/SecurityLevel2C.h" -/** - * @class TAO_Security_Current_Impl - * - * @brief Base class for the TSS portion of any underlying security - * mechanism. - * - * This class provides the same interface as the - * SecurityLevel2::Current object. However, it is not derived from - * that interface since we need to explicitly avoid virtual - * inheritance so that it is safe to store subclasses in a "void *" - * and later cast that pointer back to the subclass pointer type. - */ -class TAO_Security_Export TAO_Security_Current_Impl +namespace TAO { -public: + namespace Security + { + /** + * @class Current_Impl + * + * @brief Base class for the TSS portion of any underlying + * security mechanism. + * + * This class provides the same interface as the + * SecurityLevel3::Current object. However, it is not derived + * from that interface since we need to explicitly avoid virtual + * inheritance so that it is safe to store subclasses in a "void + * *" and later cast that pointer back to the subclass pointer + * type. + */ + class TAO_Security_Export Current_Impl + { + public: + + /// Destructor. + virtual ~Current_Impl (void); - /// Destructor. - virtual ~TAO_Security_Current_Impl (void); + /** + * @name SecurityLevel1::Current Methods + * + * These methods are founds in the SecurityLevel1::Current + * interface. + */ + //@{ + /// Return the security attributes corresponding to the types in + /// the given attribute type list associated with the current + /// request. + virtual ::Security::AttributeList * get_attributes ( + const ::Security::AttributeTypeList & attributes + ACE_ENV_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) = 0; + //@} - /** - * @name SecurityLevel1::Current Methods - * - * These methods are founds in the SecurityLevel1::Current - * interface. - */ - //@{ - /// Return the security attributes corresponding to the types in the - /// given attribute type list associated with the current request. - virtual Security::AttributeList * get_attributes ( - const Security::AttributeTypeList & attributes - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) = 0; - //@} + /** + * @name SecurityLevel2::Current Methods + * + * These methods are founds in the SecurityLevel2::Current + * interface. + */ + //@{ + /// Return the Credentials received from the client associate with + /// the current request. + virtual SecurityLevel2::ReceivedCredentials_ptr received_credentials ( + ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) = 0; + //@} - /** - * @name SecurityLevel2::Current Methods - * - * These methods are founds in the SecurityLevel2::Current - * interface. - */ - //@{ - /// Return the Credentials received from the client associate with - /// the current request. - virtual SecurityLevel2::ReceivedCredentials_ptr received_credentials ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) = 0; - //@} + /// Return the unique tag that identifies the concrete subclass. + virtual CORBA::ULong tag (void) const = 0; - /// Return the unique tag that identifies the concrete subclass. - virtual CORBA::ULong tag (void) const = 0; + }; -}; + } // End Security namespace. +} // End TAO namespace. #include /**/ "ace/post.h" diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp b/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp index 2ea9438589c..633a0bbda5d 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.cpp @@ -1,29 +1,34 @@ // -*- C++ -*- #include "Security_ORBInitializer.h" -#include "tao/debug.h" -ACE_RCSID (TAO_Security, +ACE_RCSID (Security, Security_ORBInitializer, "$Id$") -#include "tao/ORBInitInfo.h" -#include "Security_Current.h" -#include "SecurityManager.h" -#include "Security_PolicyFactory.h" +// #include "Security_Current.h" +#include "SL3_SecurityCurrent.h" +#include "SL3_CredentialsCurator.h" +#include "SL3_SecurityManager.h" + +#include "orbsvcs/orbsvcs/SecurityC.h" + +#include "tao/ORBInitInfo.h" +#include "tao/debug.h" void -TAO_Security_ORBInitializer::pre_init ( +TAO::Security::ORBInitializer::pre_init ( PortableInterceptor::ORBInitInfo_ptr info ACE_ENV_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { // Narrow to a TAO_ORBInitInfo object to get access to the // allocate_tss_slot_id() TAO extension. - TAO_ORBInitInfo_var tao_info = TAO_ORBInitInfo::_narrow (info - ACE_ENV_ARG_PARAMETER); + TAO_ORBInitInfo_var tao_info = + TAO_ORBInitInfo::_narrow (info + ACE_ENV_ARG_PARAMETER); ACE_CHECK; if (CORBA::is_nil (tao_info.in ())) @@ -38,19 +43,48 @@ TAO_Security_ORBInitializer::pre_init ( ACE_THROW (CORBA::INTERNAL ()); } +// // Reserve a TSS slot in the ORB core internal TSS resources for the +// // thread-specific portion of Security::Current. +// size_t old_tss_slot = tao_info->allocate_tss_slot_id (0 +// ACE_ENV_ARG_PARAMETER); +// ACE_CHECK; + +// CORBA::String_var orb_id = info->orb_id (ACE_ENV_SINGLE_ARG_PARAMETER); +// ACE_CHECK; + +// // Create the SecurityLevel2::Current object. +// SecurityLevel2::Current_ptr current = SecurityLevel2::Current::_nil (); +// ACE_NEW_THROW_EX (current, +// TAO_Security_Current (old_tss_slot, orb_id.in ()), +// CORBA::NO_MEMORY ( +// CORBA::SystemException::_tao_minor_code ( +// TAO_DEFAULT_MINOR_CODE, +// ENOMEM), +// CORBA::COMPLETED_NO)); +// ACE_CHECK; + +// SecurityLevel2::Current_var security_current = current; + +// // Register the SecurityLevel2::Current object reference with the +// // ORB. +// info->register_initial_reference ("SecurityCurrent", +// security_current.in () +// ACE_ENV_ARG_PARAMETER); +// ACE_CHECK; + // Reserve a TSS slot in the ORB core internal TSS resources for the - // thread-specific portion of Security::Current. + // thread-specific portion of SecurityLevel3::SecurityCurrent + // object. size_t tss_slot = tao_info->allocate_tss_slot_id (0 ACE_ENV_ARG_PARAMETER); ACE_CHECK; - CORBA::String_var orb_id = info->orb_id (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK; - // Create the SecurityLevel2::Current object. - SecurityLevel2::Current_ptr current = SecurityLevel2::Current::_nil (); - ACE_NEW_THROW_EX (current, - TAO_Security_Current (tss_slot, orb_id.in ()), + // Create the SecurityLevel3::Current object. + SecurityLevel3::SecurityCurrent_ptr current3; + ACE_NEW_THROW_EX (current3, + TAO::SL3::SecurityCurrent (tss_slot, + tao_info->orb_core ()), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -58,20 +92,19 @@ TAO_Security_ORBInitializer::pre_init ( CORBA::COMPLETED_NO)); ACE_CHECK; - SecurityLevel2::Current_var security_current = current; + SecurityLevel3::SecurityCurrent_var security_current3 = current3; // Register the SecurityLevel2::Current object reference with the // ORB. - info->register_initial_reference ("SecurityCurrent", - security_current.in () + info->register_initial_reference ("SecurityLevel3:SecurityCurrent", + security_current3.in () ACE_ENV_ARG_PARAMETER); ACE_CHECK; - // Create the SecurityLevel2::SecurityManager object. - SecurityLevel2::SecurityManager_ptr manager = - SecurityLevel2::SecurityManager::_nil (); - ACE_NEW_THROW_EX (manager, - TAO_SecurityManager, + // Create the SecurityLevel3::CredentialsCurator object. + SecurityLevel3::CredentialsCurator_ptr curator; + ACE_NEW_THROW_EX (curator, + TAO::SL3::CredentialsCurator, CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -79,18 +112,38 @@ TAO_Security_ORBInitializer::pre_init ( CORBA::COMPLETED_NO)); ACE_CHECK; - SecurityLevel2::SecurityManager_var security_manager = manager; + SecurityLevel3::CredentialsCurator_var credentials_curator = curator; - // Register the SecurityLevel2::Current object reference with the - // ORB. - info->register_initial_reference ("SecurityManager", - security_manager.in () + // Register the SecurityLevel3::CredentialsCurator object reference + // with the ORB. + info->register_initial_reference ("SecurityLevel3:CredentialsCurator", + credentials_curator.in () + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + + // Create the SecurityLevel3::SecurityManager object. + SecurityLevel3::SecurityManager_ptr manager3; + ACE_NEW_THROW_EX (manager3, + TAO::SL3::SecurityManager (credentials_curator.in ()), + CORBA::NO_MEMORY ( + CORBA::SystemException::_tao_minor_code ( + TAO_DEFAULT_MINOR_CODE, + ENOMEM), + CORBA::COMPLETED_NO)); + ACE_CHECK; + + SecurityLevel3::SecurityManager_var security_manager3 = manager3; + + // Register the SecurityLevel3::SecurityManager object reference + // with the ORB. + info->register_initial_reference ("SecurityLevel3:SecurityManager", + security_manager3.in () ACE_ENV_ARG_PARAMETER); ACE_CHECK; } void -TAO_Security_ORBInitializer::post_init ( +TAO::Security::ORBInitializer::post_init ( PortableInterceptor::ORBInitInfo_ptr info ACE_ENV_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) @@ -101,7 +154,7 @@ TAO_Security_ORBInitializer::post_init ( } void -TAO_Security_ORBInitializer::register_policy_factories ( +TAO::Security::ORBInitializer::register_policy_factories ( PortableInterceptor::ORBInitInfo_ptr info ACE_ENV_ARG_DECL) { @@ -118,41 +171,56 @@ TAO_Security_ORBInitializer::register_policy_factories ( CORBA::PolicyType type; - type = Security::SecQOPPolicy; + type = ::Security::SecQOPPolicy; info->register_policy_factory (type, policy_factory ACE_ENV_ARG_PARAMETER); ACE_CHECK; - type = Security::SecMechanismsPolicy; + type = ::Security::SecMechanismsPolicy; info->register_policy_factory (type, policy_factory ACE_ENV_ARG_PARAMETER); ACE_CHECK; - type = Security::SecInvocationCredentialsPolicy; + type = ::Security::SecInvocationCredentialsPolicy; info->register_policy_factory (type, policy_factory ACE_ENV_ARG_PARAMETER); ACE_CHECK; - type = Security::SecFeaturePolicy; // Deprecated + type = ::Security::SecFeaturePolicy; // Deprecated info->register_policy_factory (type, policy_factory ACE_ENV_ARG_PARAMETER); ACE_CHECK; - type = Security::SecDelegationDirectivePolicy; + type = ::Security::SecDelegationDirectivePolicy; info->register_policy_factory (type, policy_factory ACE_ENV_ARG_PARAMETER); ACE_CHECK; - type = Security::SecEstablishTrustPolicy; + type = ::Security::SecEstablishTrustPolicy; info->register_policy_factory (type, policy_factory ACE_ENV_ARG_PARAMETER); ACE_CHECK; + + type = SecurityLevel3::ContextEstablishmentPolicyType; + info->register_policy_factory (type, + policy_factory + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + + + type = SecurityLevel3::ObjectCredentialsPolicyType; + info->register_policy_factory (type, + policy_factory + ACE_ENV_ARG_PARAMETER); + ACE_CHECK; + + // ---------------------------------------------------------------- } diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.h b/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.h index d944c832cfb..0a6d87988ea 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.h +++ b/TAO/orbsvcs/orbsvcs/Security/Security_ORBInitializer.h @@ -41,34 +41,59 @@ #endif /* _MSC_VER */ /// Security ORB initializer. -class TAO_Security_Export TAO_Security_ORBInitializer - : public virtual PortableInterceptor::ORBInitializer, - public virtual TAO_Local_RefCounted_Object +namespace TAO { -public: - - virtual void pre_init (PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void post_init (PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - -private: - - /// Register Security policy factories. - void register_policy_factories ( - PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL); - -private: - - /// PolicyFactory that is used to create all security related - /// policies capable of being created via ORB::create_policy(). - TAO_Security_PolicyFactory policy_factory_; - -}; + namespace Security + { + + /** + * @class ORBInitializer + * + * @brief ORBInitializer that configures CORBA Security features + * into an ORB. + * + * This ORBInitializer configures CORBA Security features into an + * ORB, such as CSIv2, security objects, security policy + * factories, etc, into an ORB. + */ + class TAO_Security_Export ORBInitializer + : public virtual PortableInterceptor::ORBInitializer, + public virtual TAO_Local_RefCounted_Object + { + public: + + /** + * @name PortableInterceptor::ORBInitializer Methods. + * + * Methods required by the PortableInterceptor::ORBInitializer + * interface. + */ + //@{ + virtual void pre_init (PortableInterceptor::ORBInitInfo_ptr info + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + + virtual void post_init (PortableInterceptor::ORBInitInfo_ptr info + ACE_ENV_ARG_DECL_WITH_DEFAULTS) + ACE_THROW_SPEC ((CORBA::SystemException)); + //@} + + private: + + /// Register Security policy factories. + void register_policy_factories (PortableInterceptor::ORBInitInfo_ptr info + ACE_ENV_ARG_DECL); + + private: + + /// PolicyFactory that is used to create all security related + /// policies capable of being created via ORB::create_policy(). + TAO::Security::PolicyFactory policy_factory_; + + }; + + } // End Security namespace +} // End TAO namespace #if defined(_MSC_VER) && (_MSC_VER >= 1200) #pragma warning(pop) diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_PolicyFactory.cpp b/TAO/orbsvcs/orbsvcs/Security/Security_PolicyFactory.cpp index 4fde1773bdf..be257f8089c 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_PolicyFactory.cpp +++ b/TAO/orbsvcs/orbsvcs/Security/Security_PolicyFactory.cpp @@ -6,16 +6,20 @@ ACE_RCSID (Security, Security_PolicyFactory, "$Id$") +#include "SL2_QOPPolicy.h" +#include "SL2_EstablishTrustPolicy.h" + +#include "SL3_ContextEstablishmentPolicy.h" +#include "SL3_ObjectCredentialsPolicy.h" + #include "orbsvcs/orbsvcs/SecurityLevel2C.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" -#include "QOPPolicy.h" -#include "EstablishTrustPolicy.h" -#include "InvocationCredentialsPolicy.h" #include "tao/ORB_Constants.h" CORBA::Policy_ptr -TAO_Security_PolicyFactory::create_policy ( +TAO::Security::PolicyFactory::create_policy ( CORBA::PolicyType type, const CORBA::Any &value ACE_ENV_ARG_DECL) @@ -26,9 +30,9 @@ TAO_Security_PolicyFactory::create_policy ( // ORB::create_policy() mechanism. Only those that can be created // using that mechanism are supported by this factory. - if (type == Security::SecQOPPolicy) + if (type == ::Security::SecQOPPolicy) { - Security::QOP qop; + ::Security::QOP qop; // Extract the desired Quality-of-Protection value from the // given Any. @@ -40,9 +44,9 @@ TAO_Security_PolicyFactory::create_policy ( CORBA::COMPLETED_NO), CORBA::Policy::_nil ()); - TAO_QOPPolicy *qop_policy = 0; + TAO::Security::QOPPolicy * qop_policy = 0; ACE_NEW_THROW_EX (qop_policy, - TAO_QOPPolicy (qop), + TAO::Security::QOPPolicy (qop), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -53,9 +57,9 @@ TAO_Security_PolicyFactory::create_policy ( return qop_policy; } - else if (type == Security::SecEstablishTrustPolicy) + else if (type == ::Security::SecEstablishTrustPolicy) { - Security::EstablishTrust *trust = 0; + ::Security::EstablishTrust *trust = 0; // Extract the desired establishing of trust value from the // given Any. @@ -67,9 +71,9 @@ TAO_Security_PolicyFactory::create_policy ( CORBA::COMPLETED_NO), CORBA::Policy::_nil ()); - TAO_EstablishTrustPolicy *trust_policy = 0; + TAO::Security::EstablishTrustPolicy * trust_policy = 0; ACE_NEW_THROW_EX (trust_policy, - TAO_EstablishTrustPolicy (*trust), + TAO::Security::EstablishTrustPolicy (*trust), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -80,9 +84,42 @@ TAO_Security_PolicyFactory::create_policy ( return trust_policy; } - else if (type == Security::SecInvocationCredentialsPolicy) + else if (type == SecurityLevel3::ContextEstablishmentPolicyType) + { + SecurityLevel3::ContextEstablishmentPolicyArgument * args = 0; + + // Extract the desired establishing of trust value from the + // given Any. + if (!(value >>= args)) + ACE_THROW_RETURN (CORBA::BAD_PARAM ( + CORBA::SystemException::_tao_minor_code ( + TAO_DEFAULT_MINOR_CODE, + EINVAL), + CORBA::COMPLETED_NO), + CORBA::Policy::_nil ()); + + TAO::SL3::ContextEstablishmentPolicy * policy = 0; + ACE_NEW_THROW_EX (policy, + TAO::SL3::ContextEstablishmentPolicy ( + args->creds_directive, + args->creds_list, + args->use_client_auth, + args->use_target_auth, + args->use_confidentiality, + args->use_integrity), + CORBA::NO_MEMORY ( + CORBA::SystemException::_tao_minor_code ( + TAO_DEFAULT_MINOR_CODE, + ENOMEM), + CORBA::COMPLETED_NO)); + ACE_CHECK_RETURN (CORBA::Policy::_nil ()); + + return policy; + } + + else if (type == SecurityLevel3::ObjectCredentialsPolicyType) { - SecurityLevel2::CredentialsList *creds = 0; + SecurityLevel3::OwnCredentialsList * creds = 0; // Extract the desired establishing of trust value from the // given Any. @@ -94,9 +131,9 @@ TAO_Security_PolicyFactory::create_policy ( CORBA::COMPLETED_NO), CORBA::Policy::_nil ()); - TAO_InvocationCredentialsPolicy *inv_policy = 0; - ACE_NEW_THROW_EX (inv_policy, - TAO_InvocationCredentialsPolicy (*creds), + TAO::SL3::ObjectCredentialsPolicy * policy = 0; + ACE_NEW_THROW_EX (policy, + TAO::SL3::ObjectCredentialsPolicy (*creds), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, @@ -104,12 +141,13 @@ TAO_Security_PolicyFactory::create_policy ( CORBA::COMPLETED_NO)); ACE_CHECK_RETURN (CORBA::Policy::_nil ()); - return inv_policy; + return policy; } - else if (type == Security::SecMechanismsPolicy - || type == Security::SecFeaturePolicy // Deprecated. - || type == Security::SecDelegationDirectivePolicy) + else if (type == ::Security::SecInvocationCredentialsPolicy + || type == ::Security::SecMechanismsPolicy + || type == ::Security::SecFeaturePolicy // Deprecated. + || type == ::Security::SecDelegationDirectivePolicy) ACE_THROW_RETURN (CORBA::PolicyError (CORBA::UNSUPPORTED_POLICY), CORBA::Policy::_nil ()); else diff --git a/TAO/orbsvcs/orbsvcs/Security/Security_PolicyFactory.h b/TAO/orbsvcs/orbsvcs/Security/Security_PolicyFactory.h index 5ce0e95db85..8628c20eb91 100644 --- a/TAO/orbsvcs/orbsvcs/Security/Security_PolicyFactory.h +++ b/TAO/orbsvcs/orbsvcs/Security/Security_PolicyFactory.h @@ -34,19 +34,33 @@ #pragma warning(disable:4250) #endif /* _MSC_VER */ -/// Policy factory for all security related policies. -class TAO_Security_Export TAO_Security_PolicyFactory - : public PortableInterceptor::PolicyFactory, - public CORBA::LocalObject +namespace TAO { -public: + namespace Security + { - virtual CORBA::Policy_ptr create_policy (CORBA::PolicyType type, - const CORBA::Any & value + /** + * @class PolicyFactory + * + * @brief Policy factory for all security related policies. + * + * Policy factory for all security related policies. + */ + class TAO_Security_Export PolicyFactory + : public PortableInterceptor::PolicyFactory, + public CORBA::LocalObject + { + public: + + virtual CORBA::Policy_ptr create_policy (CORBA::PolicyType type, + const CORBA::Any & value ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - CORBA::PolicyError)); -}; + ACE_THROW_SPEC ((CORBA::SystemException, + CORBA::PolicyError)); + }; + + } // End Security namespace +} // End TAO namespace #if defined(_MSC_VER) && (_MSC_VER >= 1200) diff --git a/TAO/orbsvcs/tests/Security/Secure_Invocation/Foo_i.cpp b/TAO/orbsvcs/tests/Security/Secure_Invocation/Foo_i.cpp index d9dd890158c..e7fb1763591 100644 --- a/TAO/orbsvcs/tests/Security/Secure_Invocation/Foo_i.cpp +++ b/TAO/orbsvcs/tests/Security/Secure_Invocation/Foo_i.cpp @@ -1,18 +1,19 @@ // -*- C++ -*- -#include <openssl/x509.h> +#include "Foo_i.h" #include "ace/OS_NS_string.h" -#include "Foo_i.h" + ACE_RCSID (Secure_Invocation, Foo_i, "$Id$") + Foo_i::Foo_i (CORBA::ORB_ptr orb, - SecurityLevel2::Current_ptr current) + SecurityLevel3::SecurityCurrent_ptr current) : orb_ (CORBA::ORB::_duplicate (orb)), - current_ (SecurityLevel2::Current::_duplicate (current)) + current_ (SecurityLevel3::SecurityCurrent::_duplicate (current)) { } @@ -21,92 +22,20 @@ Foo_i::baz (ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException, Foo::Bar::NoSecurityAttributes)) { - Security::AttributeType desired_attribute; - - desired_attribute.attribute_family.family_definer = 0; - - desired_attribute.attribute_family.family = 1; // privilege attribute - - desired_attribute.attribute_type = Security::AccessId; - - // Set up the AttributeTypeList that requests the AccessId from the - // "SecurityCurrent" object. - Security::AttributeTypeList attribute_type_list; - attribute_type_list.length (1); - attribute_type_list[0] = desired_attribute; - - // Get the desired security attributes - Security::AttributeList_var attribute_list = - this->current_->get_attributes (attribute_type_list - ACE_ENV_ARG_PARAMETER); + SecurityLevel3::ClientCredentials_var credentials = + this->current_->client_credentials (ACE_ENV_SINGLE_ARG_PARAMETER); ACE_CHECK; - // If the SecurityLevel1::Current::get_attributes() call above - // succeeds, then it is likely that some security context - // information is available for this upcall. The following code - // verifies that this is actually the case. - - CORBA::ULong len = attribute_list->length (); - if (len == 0) - { - // The desired security attribute was not available. This - // indicates a failure in the underlying security mechanism - // support. - ACE_THROW (Foo::Bar::NoSecurityAttributes ()); - } - - // Assume X.509 certificates are in use. - const char x509[] = "x509"; - Security::OID x509_defining_authority; - x509_defining_authority.length (sizeof (x509)); - - CORBA::Octet *buf = - x509_defining_authority.get_buffer (); - - ACE_OS_String::memcpy (buf, x509, sizeof (x509)); - - for (CORBA::ULong i = 0; i < len; ++i) - { - Security::SecAttribute &attribute = attribute_list[i]; - - if (attribute.attribute_type.attribute_type == Security::AccessId - && x509_defining_authority == attribute.defining_authority) - { - // Obtain the underlying buffer from the - // SecAttribute. - CORBA::Octet *der_cert = attribute.value.get_buffer (); - - char buf[BUFSIZ]; - - // Convert the DER encoded X.509 certificate into OpenSSL's - // internal format. - X509 *peer = ::d2i_X509 (0, - &der_cert, - attribute.value.length ()); - - ::X509_NAME_oneline (::X509_get_issuer_name (peer), - buf, - BUFSIZ); - - ACE_DEBUG ((LM_DEBUG, - "\n" - "Security::SecAttribute %u -- Certificate Issuer\n" - "===============================================\n" - "%s\n", - i, - buf)); + CORBA::String_var id = + credentials->creds_id (ACE_ENV_SINGLE_ARG_PARAMETER); + ACE_CHECK; - ::X509_free (peer); - } - else - { - ACE_DEBUG ((LM_WARNING, - "(%P|%t) WARNING: Unknown attribute type <%u> or " - "defining authority in SecAttribute %u.\n", - attribute.attribute_type, - i)); - } - } + ACE_DEBUG ((LM_DEBUG, + "\n" + "ClientCredentials ID\n" + "====================\n" + "%s\n", + id.in ())); } void diff --git a/TAO/orbsvcs/tests/Security/Secure_Invocation/Foo_i.h b/TAO/orbsvcs/tests/Security/Secure_Invocation/Foo_i.h index 87f1b47f673..3188c58be17 100644 --- a/TAO/orbsvcs/tests/Security/Secure_Invocation/Foo_i.h +++ b/TAO/orbsvcs/tests/Security/Secure_Invocation/Foo_i.h @@ -16,7 +16,7 @@ #define SECURE_INVOCATION_FOO_I_H #include "FooS.h" -#include "orbsvcs/orbsvcs/SecurityLevel2C.h" +#include "orbsvcs/orbsvcs/SecurityLevel3C.h" class Foo_i : public virtual POA_Foo::Bar , public virtual PortableServer::RefCountServantBase @@ -25,7 +25,7 @@ public: /// Constructor. Foo_i (CORBA::ORB_ptr, - SecurityLevel2::Current_ptr current); + SecurityLevel3::SecurityCurrent_ptr current); /// Test method. virtual void baz (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) @@ -41,7 +41,7 @@ private: CORBA::ORB_var orb_; /// Reference to the "SecurityCurrent" object. - SecurityLevel2::Current_var current_; + SecurityLevel3::SecurityCurrent_var current_; }; diff --git a/TAO/orbsvcs/tests/Security/Secure_Invocation/README b/TAO/orbsvcs/tests/Security/Secure_Invocation/README index 34e594feabf..a4078c896d3 100644 --- a/TAO/orbsvcs/tests/Security/Secure_Invocation/README +++ b/TAO/orbsvcs/tests/Security/Secure_Invocation/README @@ -19,12 +19,10 @@ contents may differ): Activated as <IOR:...> (1768|1628) Received CORBA::NO_PERMISSION from server, as expected. -Secure_Invocation test passed. +ClientCredentials ID +==================== +X509: 06 -Security::SecAttribute 0 -- Certificate Issuer -=============================================== -/C=US/ST=CA/L=Irvine/O=UCI/OU=DOC/CN=Foo/Email=nobody@doc.ece.uci.edu +Event loop finished. Secure_Invocation test passed. - -Event loop finished. diff --git a/TAO/orbsvcs/tests/Security/Secure_Invocation/server.cpp b/TAO/orbsvcs/tests/Security/Secure_Invocation/server.cpp index 42268fb2142..64ab5c952a5 100644 --- a/TAO/orbsvcs/tests/Security/Secure_Invocation/server.cpp +++ b/TAO/orbsvcs/tests/Security/Secure_Invocation/server.cpp @@ -65,13 +65,14 @@ main (int argc, char *argv[]) if (parse_args (argc, argv) != 0) return 1; - obj = orb->resolve_initial_references ("SecurityCurrent" - ACE_ENV_ARG_PARAMETER); + obj = + orb->resolve_initial_references ("SecurityLevel3:SecurityCurrent" + ACE_ENV_ARG_PARAMETER); ACE_TRY_CHECK; - SecurityLevel2::Current_var security_current = - SecurityLevel2::Current::_narrow (obj.in () - ACE_ENV_ARG_PARAMETER); + SecurityLevel3::SecurityCurrent_var security_current = + SecurityLevel3::SecurityCurrent::_narrow (obj.in () + ACE_ENV_ARG_PARAMETER); ACE_TRY_CHECK; if (CORBA::is_nil (security_current.in ())) @@ -83,7 +84,7 @@ main (int argc, char *argv[]) Foo_i *server_impl = 0; ACE_NEW_RETURN (server_impl, - Foo_i (orb.in (), + Foo_i (orb.in (), security_current.in ()), -1); |