diff options
| author | William R. Otte <wotte@dre.vanderbilt.edu> | 2006-07-24 15:50:11 +0000 |
|---|---|---|
| committer | William R. Otte <wotte@dre.vanderbilt.edu> | 2006-07-24 15:50:11 +0000 |
| commit | 6b846cf03c0bcbd8c276cb0af61a181e5f98eaae (patch) | |
| tree | da50d054f9c761c3f6a5923f6979e93306c56d68 /TAO/orbsvcs/orbsvcs/SSLIOP | |
| parent | 0e555b9150d38e3b3473ba325b56db2642e6352b (diff) | |
| download | ATCD-6b846cf03c0bcbd8c276cb0af61a181e5f98eaae.tar.gz | |
Repo restructuring
Diffstat (limited to 'TAO/orbsvcs/orbsvcs/SSLIOP')
66 files changed, 0 insertions, 10626 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.cpp deleted file mode 100644 index 89bea659c76..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.cpp +++ /dev/null @@ -1,39 +0,0 @@ -#include "orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h" - -#include "tao/ORB_Core.h" -#include "tao/debug.h" - - -ACE_RCSID (SSLIOP, - IIOP_SSL_Acceptor, - "$Id$") - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::IIOP_SSL_Acceptor::IIOP_SSL_Acceptor (CORBA::Boolean flag) - : TAO_IIOP_Acceptor (flag), - base_acceptor_ (), - creation_strategy_ (0), - concurrency_strategy_ (0), - accept_strategy_ (0) -{ -} - -TAO::IIOP_SSL_Acceptor::~IIOP_SSL_Acceptor (void) -{ - // Make sure we are closed before we start destroying the - // strategies. - this->close (); - - delete this->creation_strategy_; - delete this->concurrency_strategy_; - delete this->accept_strategy_; -} - -int -TAO::IIOP_SSL_Acceptor::close (void) -{ - return this->base_acceptor_.close (); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h deleted file mode 100644 index 951e2ab73be..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h +++ /dev/null @@ -1,86 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file IIOP_SSL_Acceptor.h - * - * $Id$ - * - * SSL-aware IIOP specific acceptor processing - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - - -#ifndef TAO_IIOP_SSL_ACCEPTOR_H -#define TAO_IIOP_SSL_ACCEPTOR_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "tao/IIOP_Acceptor.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - - /** - * @class IIOP_SSL_Acceptor - * - * @brief An SSL aware IIOP acceptor. - * - * The class differs from the non-SSL aware TAO_IIOP_Acceptor class - * since it uses a different a set of Acceptor strategies. In - * particular, it overrides the open_i() method to use the Acceptor - * strategies tailored to use the SSL aware server connection handler. - * See the TAO_IIOP_SSL_Connection_Handler notes for details. - */ - class IIOP_SSL_Acceptor : public TAO_IIOP_Acceptor - { - public: - - typedef ACE_Strategy_Acceptor<IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> TAO_IIOP_SSL_BASE_ACCEPTOR; - typedef TAO_Creation_Strategy<IIOP_SSL_Connection_Handler> TAO_IIOP_SSL_CREATION_STRATEGY; - typedef TAO_Concurrency_Strategy<IIOP_SSL_Connection_Handler> TAO_IIOP_SSL_CONCURRENCY_STRATEGY; - typedef TAO_Accept_Strategy<IIOP_SSL_Connection_Handler, ACE_SOCK_ACCEPTOR> TAO_IIOP_SSL_ACCEPT_STRATEGY; - - /// Constructor. - IIOP_SSL_Acceptor (CORBA::Boolean flag = 0); - - /// Destructor. - ~IIOP_SSL_Acceptor (void); - - virtual int close (void); - - private: - - /// The concrete acceptor, as a pointer to it's base class. - TAO_IIOP_SSL_BASE_ACCEPTOR base_acceptor_; - - /** - * @name Acceptor Strategies - * - * Server side creation, concurrency and accept strategies. - */ - //@{ - TAO_IIOP_SSL_CREATION_STRATEGY *creation_strategy_; - TAO_IIOP_SSL_CONCURRENCY_STRATEGY *concurrency_strategy_; - TAO_IIOP_SSL_ACCEPT_STRATEGY *accept_strategy_; - //@} - - }; - -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_IIOP_SSL_ACCEPTOR_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp deleted file mode 100644 index fb9a61ba32b..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.cpp +++ /dev/null @@ -1,90 +0,0 @@ -#include "orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h" -#include "orbsvcs/SSLIOP/IIOP_SSL_Transport.h" -#include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h" -#include "tao/Timeprobe.h" -#include "tao/ORB_Core.h" -#include "tao/ORB.h" -#include "tao/debug.h" - - -ACE_RCSID (SSLIOP, - IIOP_SSL_Connection_Handler, - "$Id$") - - -#if !defined (__ACE_INLINE__) -#include "orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl" -#endif /* __ACE_INLINE__ */ - -#if defined (ACE_ENABLE_TIMEPROBES) - -static const char * const TAO_IIOP_SSL_Connect_Timeprobe_Description[] = -{ - "IIOP_SSL_Connection_Handler::handle_input - start", - "IIOP_SSL_Connection_Handler::handle_input - end", - - "IIOP_SSL_Connection_Handler::handle_locate - start", - "IIOP_SSL_Connection_Handler::handle_locate - end", - - "IIOP_SSL_Connection_Handler::receive_request - end", - - "IIOP_SSL_Connection_Handler::send_request - start", - "IIOP_SSL_Connection_Handler::send_request - end"}; - -enum -{ - // Timeprobe description table start key - TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_INPUT_START = 320, - TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_INPUT_END, - - TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_LOCATE_START, - TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_LOCATE_END, - - TAO_IIOP_SSL_CONNECTION_HANDLER_RECEIVE_REQUEST_END - -}; - -// Setup Timeprobes -ACE_TIMEPROBE_EVENT_DESCRIPTIONS (TAO_IIOP_SSL_Connect_Timeprobe_Description, - TAO_IIOP_SSL_CONNECTION_HANDLER_HANDLE_INPUT_START); - -#endif /* ACE_ENABLE_TIMEPROBES */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::IIOP_SSL_Connection_Handler::IIOP_SSL_Connection_Handler ( - ACE_Thread_Manager *t) - : TAO_IIOP_Connection_Handler (t) -{ - // This constructor should *never* get called, it is just here to - // make the compiler happy: the default implementation of the - // Creation_Strategy requires a constructor with that signature, we - // don't use that implementation, but some (most?) compilers - // instantiate it anyway. - ACE_ASSERT (0); -} - - -TAO::IIOP_SSL_Connection_Handler::IIOP_SSL_Connection_Handler ( - TAO_ORB_Core *orb_core, - CORBA::Boolean /* flag */) - : TAO_IIOP_Connection_Handler (orb_core, 0) -{ - // Delete the transport with TAO_IIOP_Connection_Handler. - delete this->transport (); - - IIOP_SSL_Transport* specific_transport = 0; - ACE_NEW (specific_transport, - IIOP_SSL_Transport (this, - orb_core, - 0)); - - // store this pointer - this->transport (specific_transport); -} - -TAO::IIOP_SSL_Connection_Handler::~IIOP_SSL_Connection_Handler (void) -{ -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h deleted file mode 100644 index 3c81122ede9..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h +++ /dev/null @@ -1,122 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file IIOP_SSL_Connection_Handler.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - - -#ifndef TAO_IIOP_SSL_CONNECTION_HANDLER_H -#define TAO_IIOP_SSL_CONNECTION_HANDLER_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Current.h" - -#include "orbsvcs/SSLIOPC.h" -#include "tao/IIOP_Connection_Handler.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - - /** - * @class IIOP_SSL_Connection_Handler - * - * @brief - * IIOP connection handler designed to be "SSL aware," i.e. it is - * aware of the existence of the SSLIOP connection handler. It - * makes sure that SSL session state from a previous connection is - * not associated with the non-SSL connection handled by this - * handler. - * - * This class is just a place holder to create the - * TAO_IIOP_SSL_Transport which does the work of clearing the TSS - * SSL state. - */ - class IIOP_SSL_Connection_Handler : public TAO_IIOP_Connection_Handler - { - public: - - /// Constructor. - IIOP_SSL_Connection_Handler (ACE_Thread_Manager* t = 0); - IIOP_SSL_Connection_Handler (TAO_ORB_Core *orb_core, - CORBA::Boolean flag); - - /// Destructor. - ~IIOP_SSL_Connection_Handler (void); - - }; - - // **************************************************************** - - /** - * @class Null_SSL_State_Guard - * - * @brief - * This class sets up null TSS SSL state upon instantiation, and - * restores the previous TSS SSL state when that instance goes out - * of scope. - * - * This guard is used to make TSS SSL state configuration and - * deconfiguration during an upcall exception safe. Exceptions are - * not supposed to be propagated up to the scope this guard is used - * in, so this guard may be unnecessary. However, since proper TSS - * SSL state configuration/deconfiguration is critical to proper - * security support, this guard is used to ensure that - * configuration/deconfiguration is exception safe. - */ - class Null_SSL_State_Guard - { - public: - - /// Constructor that sets up the null TSS SSL state. - Null_SSL_State_Guard (TAO::SSLIOP::Current_ptr current, - int &result); - - /// Destructor that restores the previous TSS SSL state. - ~Null_SSL_State_Guard (void); - - private: - - /// The SSLIOP::Current implementation that was previously - /// associated with the current thread and invocation. - /** - * It is stored here until the invocation completes, after which - * it placed back into TSS. - */ - TAO::SSLIOP::Current_Impl *previous_current_impl_; - - /// Reference to the SSLIOP::Current object. - TAO::SSLIOP::Current_ptr current_; - - /// Flag that specifies whether or not setup of the SSLIOP::Current - /// object completed for the current thread and invocation. - bool setup_done_; - - }; - -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined (__ACE_INLINE__) -#include "orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl" -#endif /* __ACE_INLINE__ */ - - -#include /**/ "ace/post.h" - -#endif /* TAO_IIOP_SSL_CONNECTION_HANDLER_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl deleted file mode 100644 index 7a0b3d4b320..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.inl +++ /dev/null @@ -1,33 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -ACE_INLINE -TAO::Null_SSL_State_Guard::Null_SSL_State_Guard ( - TAO::SSLIOP::Current_ptr current, - int &result) - : previous_current_impl_ (0), - current_ (current), // No need to duplicate - setup_done_ (false) -{ - // Invalidate the TSS SSL session state to make sure that SSL state - // from a previous SSL connection is not confused with this non-SSL - // connection. - current->setup (this->previous_current_impl_, - 0, // Null SSL state - this->setup_done_); - - result = 0; -} - -ACE_INLINE -TAO::Null_SSL_State_Guard::~Null_SSL_State_Guard (void) -{ - // Restore the previous TSS SSL state. - this->current_->teardown (this->previous_current_impl_, - this->setup_done_); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp deleted file mode 100644 index 51a3db9a486..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.cpp +++ /dev/null @@ -1,288 +0,0 @@ -#include "orbsvcs/SSLIOP/IIOP_SSL_Connector.h" - -#include "tao/debug.h" -#include "tao/ORB_Core.h" -#include "tao/Environment.h" -#include "tao/IIOP_Endpoint.h" -#include "tao/Transport_Cache_Manager.h" -#include "tao/Thread_Lane_Resources.h" -#include "tao/Connect_Strategy.h" -#include "tao/Wait_Strategy.h" -#include "tao/Profile_Transport_Resolver.h" -#include "tao/Transport.h" - -#include "ace/Strategies_T.h" - - -ACE_RCSID (SSLIOP, - IIOP_SSL_Connector, - "$Id$") - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::IIOP_SSL_Connector::IIOP_SSL_Connector (CORBA::Boolean flag) - : TAO_IIOP_Connector (flag), - connect_strategy_ (), - base_connector_ () -{ -} - -TAO::IIOP_SSL_Connector::~IIOP_SSL_Connector (void) -{ -} - -int -TAO::IIOP_SSL_Connector::open (TAO_ORB_Core *orb_core) -{ - this->orb_core (orb_core); - - // Create our connect strategy - if (this->create_connect_strategy () == -1) - return -1; - - // Our connect creation strategy - CONNECT_CREATION_STRATEGY *connect_creation_strategy = 0; - - ACE_NEW_RETURN (connect_creation_strategy, - CONNECT_CREATION_STRATEGY (orb_core->thr_mgr (), - orb_core, - this->lite_flag_), - -1); - - // Our activation strategy - CONNECT_CONCURRENCY_STRATEGY *concurrency_strategy = 0; - - ACE_NEW_RETURN (concurrency_strategy, - CONNECT_CONCURRENCY_STRATEGY (orb_core), - -1); - - - return this->base_connector_.open (this->orb_core ()->reactor (), - connect_creation_strategy, - &this->connect_strategy_, - concurrency_strategy); -} - -int -TAO::IIOP_SSL_Connector::close (void) -{ - delete this->base_connector_.creation_strategy (); - delete this->base_connector_.concurrency_strategy (); - return this->base_connector_.close (); -} - -int -TAO::IIOP_SSL_Connector::set_validate_endpoint (TAO_Endpoint *endpoint) -{ - if (endpoint->tag () != IOP::TAG_INTERNET_IOP) - return -1; - - TAO_IIOP_Endpoint *iiop_endpoint = - dynamic_cast<TAO_IIOP_Endpoint *> (endpoint); - - if (iiop_endpoint == 0) - return -1; - - const ACE_INET_Addr &remote_address = - iiop_endpoint->object_addr (); - - // Verify that the remote ACE_INET_Addr was initialized properly. - // Failure can occur if hostname lookup failed when initializing the - // remote ACE_INET_Addr. - if (remote_address.get_type () != AF_INET) - { - if (TAO_debug_level > 0) - { - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) IIOP_SSL connection failed.\n") - ACE_TEXT ("TAO (%P|%t) This is most likely ") - ACE_TEXT ("due to a hostname lookup ") - ACE_TEXT ("failure.\n"))); - } - - return -1; - } - - return 0; -} - -TAO_Transport * -TAO::IIOP_SSL_Connector::make_connection ( - TAO::Profile_Transport_Resolver *r, - TAO_Transport_Descriptor_Interface &desc, - ACE_Time_Value *max_wait_time) -{ - TAO_IIOP_Endpoint *iiop_endpoint = - dynamic_cast<TAO_IIOP_Endpoint *> (desc.endpoint ()); - - if (iiop_endpoint == 0) - return 0; - - const ACE_INET_Addr &remote_address = - iiop_endpoint->object_addr (); - - if (TAO_debug_level > 4) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("(%P|%t) IIOP_SSL_Connector::connect ") - ACE_TEXT ("making a new connection \n"))); - - // Get the right synch options - ACE_Synch_Options synch_options; - - this->active_connect_strategy_->synch_options (max_wait_time, - synch_options); - - // If we don't need to block for a transport just set the timeout to - // be zero. - ACE_Time_Value tmp_zero (ACE_Time_Value::zero); - if (!r->blocked_connect ()) - { - synch_options.timeout (ACE_Time_Value::zero); - max_wait_time = &tmp_zero; - } - - - IIOP_SSL_Connection_Handler *svc_handler = 0; - - // Connect. - int result = - this->base_connector_.connect (svc_handler, - remote_address, - synch_options); - - // The connect() method creates the service handler and bumps the - // #REFCOUNT# up one extra. There are three possibilities from - // calling connect(): (a) connection succeeds immediately - in this - // case, the #REFCOUNT# on the handler is two; (b) connection - // completion is pending - in this case, the #REFCOUNT# on the - // handler is also two; (c) connection fails immediately - in this - // case, the #REFCOUNT# on the handler is one since close() gets - // called on the handler. - // - // The extra reference count in - // TAO_Connect_Creation_Strategy::make_svc_handler() is needed in - // the case when connection completion is pending and we are going - // to wait on a variable in the handler to changes, signifying - // success or failure. Note, that this increment cannot be done - // once the connect() returns since this might be too late if - // another thread pick up the completion and potentially deletes the - // handler before we get a chance to increment the reference count. - - // Make sure that we always do a remove_reference - ACE_Event_Handler_var svc_handler_auto_ptr (svc_handler); - - TAO_Transport *transport = - svc_handler->transport (); - - if (result == -1) - { - // No immediate result, wait for completion - if (errno == EWOULDBLOCK) - { - // Try to wait until connection completion. Incase we block, then we - // get a connected transport or not. In case of non block we get - // a connected or not connected transport - if (!this->wait_for_connection_completion (r, - transport, - max_wait_time)) - { - if (TAO_debug_level > 2) - ACE_ERROR ((LM_ERROR, "TAO (%P|%t) - IIOP_SSL_Connector::" - "make_connection, " - "wait for completion failed\n")); - } - } - else - { - // Transport is not usable - transport = 0; - } - } - - // In case of errors transport is zero - if (transport == 0) - { - // Give users a clue to the problem. - if (TAO_debug_level) - { - ACE_DEBUG ((LM_ERROR, - "TAO (%P|%t) - IIOP_SSL_Connector::make_connection, " - "connection to <%s:%d> failed (%p)\n", - iiop_endpoint->host (), iiop_endpoint->port (), - "errno")); - } - - return 0; - } - - // At this point, the connection has be successfully connected. - // #REFCOUNT# is one. - if (TAO_debug_level > 2) - ACE_DEBUG ((LM_DEBUG, - "TAO (%P|%t) - IIOP_SSL_Connector::make_connection, " - "new connection to <%s:%d> on Transport[%d]\n", - iiop_endpoint->host (), iiop_endpoint->port (), - svc_handler->peer ().get_handle ())); - - // Add the handler to Cache - int retval = - this->orb_core ()->lane_resources ().transport_cache ().cache_transport ( - &desc, - transport); - - // Failure in adding to cache. - if (retval != 0) - { - // Close the handler. - svc_handler->close (); - - if (TAO_debug_level > 0) - { - ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - IIOP_SSL_Connector::make_connection, " - "could not add the new connection to cache\n")); - } - - return 0; - } - - if (transport->is_connected () && - transport->wait_strategy ()->register_handler () != 0) - { - // Registration failures. - - // Purge from the connection cache, if we are not in the cache, this - // just does nothing. - (void) transport->purge_entry (); - - // Close the handler. - (void) transport->close_connection (); - - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - IIOP_SSL_Connector [%d]::make_connection, " - "could not register the transport " - "in the reactor.\n", - transport->id ())); - - return 0; - } - - return transport; -} - -int -TAO::IIOP_SSL_Connector::cancel_svc_handler ( - TAO_Connection_Handler * svc_handler) -{ - IIOP_SSL_Connection_Handler* handler= - dynamic_cast<IIOP_SSL_Connection_Handler*> (svc_handler); - - if (handler) - // Cancel from the connector - return this->base_connector_.cancel (handler); - - return -1; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h deleted file mode 100644 index b051fa19cae..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Connector.h +++ /dev/null @@ -1,104 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file IIOP_SSL_Connector.h - * - * $Id$ - * - * IIOP specific connector processing -- SSL aware version - * - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - - -#ifndef TAO_IIOP_SSL_CONNECTOR_H -#define TAO_IIOP_SSL_CONNECTOR_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "tao/IIOP_Connector.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - /** - * @class IIOP_SSL_Connector - * - * @brief IIOP-specific Connector (SSL aware) bridge for pluggable - * protocols. - * - * Concrete instance of the TAO_Connector class. Responsible - * for establishing a connection with a server and is called from the - * Connector_Registry. - */ - class IIOP_SSL_Connector : public TAO_IIOP_Connector - { - public: - - /// Constructor. - IIOP_SSL_Connector (CORBA::Boolean flag = 0); - - /// Destructor. - ~IIOP_SSL_Connector (void); - - int open (TAO_ORB_Core *orb_core); - int close (void); - - public: - - typedef TAO_Connect_Concurrency_Strategy<IIOP_SSL_Connection_Handler> - CONNECT_CONCURRENCY_STRATEGY; - - typedef TAO_Connect_Creation_Strategy<IIOP_SSL_Connection_Handler> - CONNECT_CREATION_STRATEGY; - - typedef ACE_Connect_Strategy<IIOP_SSL_Connection_Handler, - ACE_SOCK_CONNECTOR> - CONNECT_STRATEGY ; - - typedef ACE_Strategy_Connector<IIOP_SSL_Connection_Handler, - ACE_SOCK_CONNECTOR> - BASE_CONNECTOR; - - protected: - - /** - * @name The TAO_Connector Methods - * - * Check the documentation in tao/Transport_Connector.h for details. - */ - //@{ - int set_validate_endpoint (TAO_Endpoint *ep); - - TAO_Transport *make_connection (TAO::Profile_Transport_Resolver *r, - TAO_Transport_Descriptor_Interface &desc, - ACE_Time_Value *timeout = 0); - - virtual int cancel_svc_handler (TAO_Connection_Handler * svc_handler); - //@} - - private: - - /// Our connect strategy - CONNECT_STRATEGY connect_strategy_; - - /// The connector initiating connection requests for IIOP_SSL. - BASE_CONNECTOR base_connector_; - }; - -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_IIOP_SSL_CONNECTOR_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp deleted file mode 100644 index 1a5d1724a2e..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.cpp +++ /dev/null @@ -1,54 +0,0 @@ -#include "orbsvcs/SSLIOP/IIOP_SSL_Transport.h" -#include "orbsvcs/SSLIOP/IIOP_SSL_Connection_Handler.h" -#include "orbsvcs/SSLIOP/SSLIOP_Util.h" - -#include "tao/ORB_Core.h" -#include "tao/ORB.h" -#include "tao/Timeprobe.h" -#include "tao/debug.h" - - -ACE_RCSID (SSLIOP, - IIOP_SSL_Transport, - "$Id$") - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::IIOP_SSL_Transport::IIOP_SSL_Transport ( - IIOP_SSL_Connection_Handler *handler, - TAO_ORB_Core *orb_core, - CORBA::Boolean flag) - : TAO_IIOP_Transport (handler, - orb_core, - flag) -{ - this->current_ = - TAO::SSLIOP::Util::current (orb_core); -} - -TAO::IIOP_SSL_Transport::~IIOP_SSL_Transport (void) -{ -} - -int -TAO::IIOP_SSL_Transport::handle_input (TAO_Resume_Handle &rh, - ACE_Time_Value *max_wait_time, - int block) -{ - int result = 0; - - // Invalidate the TSS SSL session state to make sure that SSL state - // from a previous SSL connection is not confused with this non-SSL - // connection. - TAO::Null_SSL_State_Guard guard (this->current_.in (), result); - - if (result != 0) - return -1; - - return - this->TAO_IIOP_Transport::handle_input (rh, - max_wait_time, - block); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h b/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h deleted file mode 100644 index a6c1aa7ea0f..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/IIOP_SSL_Transport.h +++ /dev/null @@ -1,90 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file IIOP_SSL_Transport.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - - -#ifndef TAO_IIOP_SSL_TRANSPORT_H -#define TAO_IIOP_SSL_TRANSPORT_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Current.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "tao/IIOP_Transport.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -class TAO_ORB_Core; -class TAO_Resume_Handle; - -namespace TAO -{ - class IIOP_SSL_Connection_Handler; - - /** - * @class IIOP_SSL_Transport - * - * @brief - * IIOP Transport designed to be "SSL aware," i.e. it is - * aware of the existence of the SSLIOP Transport. It makes - * sure that SSL session state from a previous connection is not - * associated with the non-SSL connection handled by this handler. - * - * However, this class overrides the handle_input() method to - * invalidate the current TSS SSL state during a standard IIOP - * (insecure) upcall. This prevents SSL session state from a - * previous SSL connection from being associated with non-SSL - * connections processed by this connection handler. In particular, - * this is very important for closing a security hole in nested - * upcalls. For example, an SSLIOP request is made. During that - * secure upcall, an insecure nested upcall is made. A naive - * implementation would associate the TSS SSL state from the secure - * upcall with the insecure upcall. This implementation closes that - * security hole. - */ - class IIOP_SSL_Transport : public TAO_IIOP_Transport - { - public: - /// Constructor. - IIOP_SSL_Transport (IIOP_SSL_Connection_Handler *handler, - TAO_ORB_Core *orb_core, - CORBA::Boolean flag = 0); - - /// Default destructor. - ~IIOP_SSL_Transport (void); - - /** @name Overridden Template Methods - * - * Please check the documentation in "tao/Transport.h" for more - * details. - */ - virtual int handle_input (TAO_Resume_Handle &rh, - ACE_Time_Value *max_wait_time = 0, - int block = 0); - - protected: - - /// Reference to the TAO::SSLIOP::Current object. - TAO::SSLIOP::Current_var current_; - - }; - -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_IIOP_SSL_TRANSPORT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.cpp deleted file mode 100644 index 5de9b828787..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.cpp +++ /dev/null @@ -1,66 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_Accept_Strategy, - "$Id$") - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Accept_Strategy::Accept_Strategy ( - TAO_ORB_Core * orb_core, - const ACE_Time_Value & timeout) - : TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler, - ACE_SSL_SOCK_ACCEPTOR> (orb_core), - timeout_ (timeout) -{ -} - -int -TAO::SSLIOP::Accept_Strategy::accept_svc_handler (handler_type * svc_handler) -{ - ACE_TRACE ("TAO::SSLIOP::Accept_Strategy::accept_svc_handler"); - - // The following code is basically the same code found in - // ACE_Accept_Strategy::accept_svc_handler(). The only difference - // is that a timeout value is passed to the peer acceptor's accept() - // method. A timeout is necessary to prevent malicious or - // misbehaved clients from only completing the TCP handshake and not - // the SSL handshake. Without the timeout, a denial-of-service - // vulnerability would exist where multiple incomplete SSL passive - // connections (i.e. where only the TCP handshake is completed) - // could result in the server process running out of file - // descriptors. That would be due to the SSL handshaking process - // blocking/waiting for the handshake to complete. - - // The timeout value will be modified. Make a copy. - ACE_Time_Value timeout (this->timeout_); - - // Try to find out if the implementation of the reactor that we are - // using requires us to reset the event association for the newly - // created handle. This is because the newly created handle will - // inherit the properties of the listen handle, including its event - // associations. - const int reset_new_handle = this->reactor_->uses_event_associations (); - - if (this->peer_acceptor_.accept (svc_handler->peer (), // stream - 0, // remote address - &timeout, // timeout - 1, // restart - reset_new_handle // reset new handler - ) == -1) - { - // Ensure that errno is preserved in case the svc_handler - // close() method resets it. - ACE_Errno_Guard error (errno); - - // Close down handler to avoid memory leaks. - svc_handler->close (0); - - return -1; - } - else - return 0; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h deleted file mode 100644 index 0ce82cca857..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h +++ /dev/null @@ -1,98 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Accept_Strategy.h - * - * $Id$ - * - * IIOP/SSL specific accept strategy - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_ACCEPT_STRATEGY_H -#define TAO_SSLIOP_ACCEPT_STRATEGY_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h" - -#include "tao/Acceptor_Impl.h" - -#include "ace/SSL/SSL_SOCK_Acceptor.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - - /** - * @class Accept_Strategy - * - * @brief SSLIOP-specific accept strategy that builds on the - * TAO_Accept_Strategy implementation. - * - * This accept strategy builds on on the TAO_Accept_Strategy - * implementation. It sub-classes that class, and overrides the - * accept_svc_handler() method so that a timeout value may be - * passed to the underlying peer acceptor. This is necessary to - * defend against a simple Denial-of-Service attack. - * @par - * Since SSL requires two handshakes, one TCP and one SSL, it is - * possible for a malicious client to establish a TCP connection - * to the SSL port, and never complete the SSL handshake. The - * underlying SSL passive connection code would block/hang waiting - * for the SSL handshake to complete. Given enough incomplete - * connections where only the TCP handshake is completed, a server - * process could potentially run out of available file - * descriptors, thus preventing legitimate client connections from - * being established. - * @par. - * The timeout defense alluded to above bounds the time this sort of - * DoS attack lasts. - */ - class Accept_Strategy - : public TAO_Accept_Strategy<TAO::SSLIOP::Connection_Handler, - ACE_SSL_SOCK_ACCEPTOR> - { - public: - - /// Constructor. - Accept_Strategy (TAO_ORB_Core * orb_core, - const ACE_Time_Value & timeout); - - /// Overridden method that forces a passive connection timeout value - /// to be passed to the underlying acceptor. - virtual int accept_svc_handler (handler_type * svc_handler); - - private: - - /// The accept() timeout. - /** - * This timeout includes the overall time to complete the SSL - * handshake. This includes both the TCP handshake and the SSL - * handshake. - */ - const ACE_Time_Value timeout_; - - }; - - } // End SSLIOP namespace -} // End TAO namespace - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_ACCEPT_STRATEGY_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp deleted file mode 100644 index 41428c0a1ed..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.cpp +++ /dev/null @@ -1,684 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Acceptor.h" -#include "orbsvcs/SSLIOP/SSLIOP_Profile.h" - -#include "tao/MProfile.h" -#include "tao/ORB_Core.h" -#include "tao/Server_Strategy_Factory.h" -#include "tao/Codeset_Manager.h" -#include "tao/CDR.h" -#include "tao/debug.h" - -#if !defined(__ACE_INLINE__) -#include "orbsvcs/SSLIOP/SSLIOP_Acceptor.i" -#endif /* __ACE_INLINE__ */ - - -ACE_RCSID (SSLIOP, - SSLIOP_Acceptor, - "$Id$") - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Acceptor::Acceptor (::Security::QOP qop, - const ACE_Time_Value & timeout) - : TAO::IIOP_SSL_Acceptor (), - ssl_acceptor_ (), - creation_strategy_ (0), - concurrency_strategy_ (0), - accept_strategy_ (0), - timeout_ (timeout) -{ - // --- CSIv1 --- - - // Clear all bits in the SSLIOP::SSL association option fields. - this->ssl_component_.target_supports = 0; - this->ssl_component_.target_requires = 0; - - // SSLIOP requires these Security::AssociationOptions by default. - ACE_SET_BITS (this->ssl_component_.target_requires, - ::Security::Integrity - | ::Security::Confidentiality - | ::Security::NoDelegation); - - // SSLIOP supports these Security::AssociationOptions by default. - ACE_SET_BITS (this->ssl_component_.target_supports, - ::Security::Integrity - | ::Security::Confidentiality - | ::Security::EstablishTrustInTarget - | ::Security::NoDelegation); - - // Initialize the default SSL port to zero (wild card port). - this->ssl_component_.port = 0; - - // @@ This should go away once we support setting security - // association options through policies. - if (qop == ::Security::SecQOPNoProtection) - ACE_SET_BITS (this->ssl_component_.target_supports, - ::Security::NoProtection); - - - // --- CSIv2 --- - - // Clear all bits in the CSIIOP::TLS_SEC_TRANS association option - // fields. - this->csiv2_component_.target_supports = 0; - this->csiv2_component_.target_requires = 0; - - // SSLIOP requires these CSIIOP::AssociationOptions by default. - ACE_SET_BITS (this->csiv2_component_.target_requires, - CSIIOP::Integrity - | CSIIOP::Confidentiality - | CSIIOP::NoDelegation); - - // SSLIOP supports these CSIIOP::AssociationOptions by default. - ACE_SET_BITS (this->csiv2_component_.target_supports, - CSIIOP::Integrity - | CSIIOP::Confidentiality - | CSIIOP::EstablishTrustInTarget - | CSIIOP::NoDelegation); - - // @@ This should go away once we support setting security - // association options through policies. - if (qop == CSIIOP::NoProtection) - ACE_SET_BITS (this->csiv2_component_.target_supports, - CSIIOP::NoProtection); -} - -TAO::SSLIOP::Acceptor::~Acceptor (void) -{ - // Make sure we are closed before we start destroying the - // strategies. - this->close (); - - delete this->creation_strategy_; - delete this->concurrency_strategy_; - delete this->accept_strategy_; -} - -int -TAO::SSLIOP::Acceptor::create_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority) -{ - // Sanity check. - if (this->endpoint_count_ == 0) - return -1; - - // Check if multiple endpoints should be put in one profile or - // if they should be spread across multiple profiles. - if (priority == TAO_INVALID_PRIORITY) - return this->create_new_profile (object_key, - mprofile, - priority); - else - return this->create_shared_profile (object_key, - mprofile, - priority); -} - -int -TAO::SSLIOP::Acceptor::create_new_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority) -{ - // Adding this->endpoint_count_ to the TAO_MProfile. - const int count = mprofile.profile_count (); - if ((mprofile.size () - count) < this->endpoint_count_ - && mprofile.grow (count + this->endpoint_count_) == -1) - return -1; - - // Create a profile for each acceptor endpoint. - for (size_t i = 0; i < this->endpoint_count_; ++i) - { - TAO_SSLIOP_Profile *pfile = 0; - - // @@ We need to create an SSLIOP::SSL component for the object - // we're creating an MProfile for. This will allow us to - // properly embed secure invocation policies in the generated - // IOR, i.e. secure invocation policies on a per-object - // basis, rather than on a per-endpoint basis. If no secure - // invocation policies have been set then we should use the - // below default SSLIOP::SSL component. - ACE_NEW_RETURN (pfile, - TAO_SSLIOP_Profile (this->hosts_[i], - this->addrs_[i].get_port_number (), - object_key, - this->addrs_[i], - this->version_, - this->orb_core_, - &(this->ssl_component_)), - -1); - pfile->endpoint ()->priority (priority); - - if (mprofile.give_profile (pfile) == -1) - { - pfile->_decr_refcnt (); - pfile = 0; - return -1; - } - - if (this->orb_core_->orb_params ()->std_profile_components () == 0) - continue; - - pfile->tagged_components ().set_orb_type (TAO_ORB_TYPE); - - TAO_Codeset_Manager *csm = this->orb_core_->codeset_manager(); - if (csm) - csm->set_codeset (pfile->tagged_components()); - - IOP::TaggedComponent component; - component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; - - // @@???? Check this code, only intended as guideline... - TAO_OutputCDR cdr; - cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); - - // @@ We need to create an SSLIOP::SSL component for the object - // we're creating an MProfile for. This will allow us to - // properly embed secure invocation policies in the generated - // IOR, i.e. secure invocation policies on a per-object - // basis, rather than on a per-endpoint basis. If no secure - // invocation policies have been set then we should use the - // below default SSLIOP::SSL component. - cdr << this->ssl_component_; - - // TAO extension, replace the contents of the octet sequence with - // the CDR stream - const CORBA::ULong length = cdr.total_length (); - component.component_data.length (length); - CORBA::Octet *buf = component.component_data.get_buffer (); - for (const ACE_Message_Block *i = cdr.begin (); - i != 0; - i = i->cont ()) - { - ACE_OS::memcpy (buf, i->rd_ptr (), i->length ()); - buf += i->length (); - } - - pfile->tagged_components ().set_component (component); - } - - return 0; -} - - -int -TAO::SSLIOP::Acceptor::create_shared_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority) -{ - size_t index = 0; - TAO_Profile *pfile = 0; - TAO_SSLIOP_Profile *ssliop_profile = 0; - - // First see if <mprofile> already contains a SSLIOP profile. - for (TAO_PHandle i = 0; i != mprofile.profile_count (); ++i) - { - pfile = mprofile.get_profile (i); - if (pfile->tag () == IOP::TAG_INTERNET_IOP) - { - ssliop_profile = dynamic_cast<TAO_SSLIOP_Profile *> (pfile); - if (ssliop_profile == 0) - return -1; - break; - } - } - - // If <mprofile> doesn't contain SSLIOP_Profile, we need to create - // one. - if (ssliop_profile == 0) - { - // @@ We need to create an SSLIOP::SSL component for the object - // we're creating an MProfile for. This will allow us to - // properly embed secure invocation policies in the generated - // IOR, i.e. secure invocation policies on a per-object - // basis, rather than on a per-endpoint basis. If no secure - // invocation policies have been set then we should use the - // below default SSLIOP::SSL component. - ACE_NEW_RETURN (ssliop_profile, - TAO_SSLIOP_Profile (this->hosts_[0], - this->addrs_[0].get_port_number (), - object_key, - this->addrs_[0], - this->version_, - this->orb_core_, - &(this->ssl_component_)), - -1); - - TAO_SSLIOP_Endpoint *ssliop_endp = - dynamic_cast<TAO_SSLIOP_Endpoint *> (ssliop_profile->endpoint ()); - - ssliop_endp->priority (priority); - ssliop_endp->iiop_endpoint ()->priority (priority); - - if (mprofile.give_profile (ssliop_profile) == -1) - { - ssliop_profile->_decr_refcnt (); - ssliop_profile = 0; - return -1; - } - - if (this->orb_core_->orb_params ()->std_profile_components () != 0) - { - ssliop_profile->tagged_components ().set_orb_type (TAO_ORB_TYPE); - - TAO_Codeset_Manager *csm = this->orb_core_->codeset_manager(); - if (csm) - csm->set_codeset(ssliop_profile->tagged_components()); - - IOP::TaggedComponent component; - component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; - // @@???? Check this code, only intended as guideline... - TAO_OutputCDR cdr; - cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); - - // @@ We need to create an SSLIOP::SSL component for the - // object we're creating an MProfile for. This will - // allow us to properly embed secure invocation policies - // in the generated IOR, i.e. secure invocation policies - // on a per-object basis, rather than on a per-endpoint - // basis. If no secure invocation policies have been set - // then we should use the below default SSLIOP::SSL - // component. - cdr << this->ssl_component_; - - // TAO extension, replace the contents of the octet sequence with - // the CDR stream - CORBA::ULong length = cdr.total_length (); - component.component_data.length (length); - CORBA::Octet *buf = component.component_data.get_buffer (); - for (const ACE_Message_Block *i = cdr.begin (); - i != 0; - i = i->cont ()) - { - ACE_OS::memcpy (buf, i->rd_ptr (), i->length ()); - buf += i->length (); - } - - ssliop_profile->tagged_components ().set_component (component); - } - - index = 1; - } - - // Add any remaining endpoints to the SSLIOP_Profile. - for (; - index < this->endpoint_count_; - ++index) - { - TAO_SSLIOP_Endpoint *ssl_endp = 0; - TAO_IIOP_Endpoint *iiop_endp = 0; - ACE_NEW_RETURN (iiop_endp, - TAO_IIOP_Endpoint (this->hosts_[index], - this->addrs_[index].get_port_number (), - this->addrs_[index]), - -1); - iiop_endp->priority (priority); - - ACE_NEW_RETURN (ssl_endp, - TAO_SSLIOP_Endpoint (&(this->ssl_component_), - iiop_endp), - -1); - - ssl_endp->priority (priority); - ssliop_profile->add_endpoint (ssl_endp); - } - - return 0; -} - -int -TAO::SSLIOP::Acceptor::is_collocated (const TAO_Endpoint *endpoint) -{ - const TAO_SSLIOP_Endpoint *endp = - dynamic_cast<const TAO_SSLIOP_Endpoint *> (endpoint); - - // Make sure the dynamically cast pointer is valid. - if (endp == 0) - return 0; - - for (size_t i = 0; i < this->endpoint_count_; ++i) - { - // @@ TODO The following code looks funky, why only the address - // is compared? What about the IIOP address? Why force a - // DNS lookup every time an SSLIOP object is decoded: - // - // http://deuce.doc.wustl.edu/bugzilla/show_bug.cgi?id=1220 - // - if (endp->iiop_endpoint ()->object_addr () == this->addrs_[i]) - return 1; // Collocated - } - - return 0; // Not collocated -} - -int -TAO::SSLIOP::Acceptor::close (void) -{ - int r = this->ssl_acceptor_.close (); - if (this->IIOP_SSL_Acceptor::close () != 0) - r = -1; - - return r; -} - -int -TAO::SSLIOP::Acceptor::open (TAO_ORB_Core *orb_core, - ACE_Reactor *reactor, - int major, - int minor, - const char *address, - const char *options) -{ - // Ensure that neither the endpoint configuration nor the ORB - // configuration violate security measures. - if (this->verify_secure_configuration (orb_core, - major, - minor) != 0) - return -1; - - ACE_INET_Addr addr; - ACE_CString specified_hostname; - if (this->parse_address (address, addr, specified_hostname) == -1) - return -1; - - // Open the non-SSL enabled endpoints, then open the SSL enabled - // endpoints. - if (this->IIOP_SSL_Acceptor::open (orb_core, - reactor, - major, - minor, - address, - options) != 0) - return -1; - - // The SSL port is set in the parse_options() method. All we have - // to do is call open_i() - addr.set_port_number (this->ssl_component_.port); - - return this->ssliop_open_i (orb_core, - addr, - reactor); -} - -int -TAO::SSLIOP::Acceptor::open_default (TAO_ORB_Core *orb_core, - ACE_Reactor *reactor, - int major, - int minor, - const char *options) -{ - // Ensure that neither the endpoint configuration nor the ORB - // configuration violate security measures. - if (this->verify_secure_configuration (orb_core, - major, - minor) != 0) - return -1; - - // Open the non-SSL enabled endpoints, then open the SSL enabled - // endpoints. - if (this->IIOP_SSL_Acceptor::open_default (orb_core, - reactor, - major, - minor, - options) == -1) - return -1; - - // Now that each network interface's hostname has been cached, open - // an endpoint on each network interface using the INADDR_ANY - // address. - ACE_INET_Addr addr; - - // this->ssl_component_.port is initialized to zero or it is set in - // this->parse_options(). - if (addr.set (this->ssl_component_.port, - static_cast<ACE_UINT32> (INADDR_ANY), - 1) != 0) - return -1; - - return this->ssliop_open_i (orb_core, - addr, - reactor); -} - -int -TAO::SSLIOP::Acceptor::ssliop_open_i (TAO_ORB_Core *orb_core, - const ACE_INET_Addr& addr, - ACE_Reactor *reactor) -{ - this->orb_core_ = orb_core; - - // Explicitly disable GIOPlite support since it introduces security - // holes. - static const int giop_lite = 0; - - ACE_NEW_RETURN (this->creation_strategy_, - CREATION_STRATEGY (this->orb_core_, - giop_lite), - -1); - - ACE_NEW_RETURN (this->concurrency_strategy_, - CONCURRENCY_STRATEGY (this->orb_core_), - -1); - - ACE_NEW_RETURN (this->accept_strategy_, - ACCEPT_STRATEGY (this->orb_core_, - this->timeout_), - -1); - - u_short requested_port = addr.get_port_number (); - if (requested_port == 0) - { - // don't care, i.e., let the OS choose an ephemeral port - if (this->ssl_acceptor_.open (addr, - reactor, - this->creation_strategy_, - this->accept_strategy_, - this->concurrency_strategy_, - 0, 0, 0, 1, - this->reuse_addr_) == -1) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("\n\nTAO (%P|%t) ") - ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), - ACE_TEXT ("cannot open acceptor"))); - return -1; - } - } - else - { - ACE_INET_Addr a(addr); - - int found_a_port = 0; - ACE_UINT32 last_port = requested_port + this->port_span_ - 1; - if (last_port > ACE_MAX_DEFAULT_PORT) - { - last_port = ACE_MAX_DEFAULT_PORT; - } - - for (ACE_UINT32 p = requested_port; p <= last_port; p++) - { - if (TAO_debug_level > 5) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) IIOP_Acceptor::open_i() ") - ACE_TEXT ("trying to listen on port %d\n"), p)); - - // Now try to actually open on that port - a.set_port_number ((u_short)p); - if (this->ssl_acceptor_.open (a, - reactor, - this->creation_strategy_, - this->accept_strategy_, - this->concurrency_strategy_, - 0, 0, 0, 1, - this->reuse_addr_) != -1) - { - found_a_port = 1; - break; - } - } - - // Now, if we couldn't locate a port, we punt - if (! found_a_port) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("\n\nTAO (%P|%t) ") - ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), - ACE_TEXT ("cannot open acceptor"))); - return -1; - } - } - - ACE_INET_Addr ssl_address; - - // We do this to make sure the port number the endpoint is listening - // on gets set in the addr. - if (this->ssl_acceptor_.acceptor ().get_local_addr (ssl_address) != 0) - { - // @@ Should this be a catastrophic error??? - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("\n\nTAO (%P|%t) ") - ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), - ACE_TEXT ("cannot get local addr"))); - return -1; - } - - // Reset the SSL endpoint port to the one chosen by the OS (or by - // the user if provided. - this->ssl_component_.port = ssl_address.get_port_number (); - - (void) this->ssl_acceptor_.acceptor().enable (ACE_CLOEXEC); - // This avoids having child processes acquire the listen socket - // thereby denying the server the opportunity to restart on a - // well-known endpoint. This does not affect the aberrent behavior - // on Win32 platforms. - - if (TAO_debug_level > 5) - { - for (size_t i = 0; i < this->endpoint_count_; ++i) - { - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) ") - ACE_TEXT ("SSLIOP_Acceptor::open_i - ") - ACE_TEXT ("listening on: <%s:%u>\n"), - this->hosts_[i], - this->ssl_component_.port)); - } - } - - return 0; -} - -int -TAO::SSLIOP::Acceptor::parse_options_i (int &argc, ACE_CString ** argv) -{ - //first, do the base class parser, then parse the leftovers. - int result = this->IIOP_SSL_Acceptor::parse_options_i(argc,argv); - if (result == -1) - return result; - - // then parse out our own options. - int i = 0; - while (i < argc) - { - // since the base class has already iterated over the list once, - // it has vound any ill-formed options. Therefore we don't need - // to do that again here. - int slot = argv[i]->find ("="); - ACE_CString name = argv[i]->substring (0, slot); - ACE_CString value = argv[i]->substring (slot + 1); - - if (name == "priority") - { - ACE_ERROR_RETURN ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Invalid SSLIOP endpoint format: ") - ACE_TEXT ("endpoint priorities no longer supported. \n"), - value.c_str ()), - -1); - } - else if (ACE_OS::strcmp (name.c_str (), "ssl_port") == 0) - { - int ssl_port = ACE_OS::atoi (value.c_str ()); - - if (ssl_port >= 0 && ssl_port < 65536) - this->ssl_component_.port = ssl_port; - else - ACE_ERROR_RETURN ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Invalid ") - ACE_TEXT ("IIOP/SSL endpoint ") - ACE_TEXT ("port: <%s>\n"), - value.c_str ()), - -1); - } - else - { - // the name is not known, skip to the next option - i++; - continue; - } - // at the end, we've consumed this argument. Shift the list and - // put this one on the end. This technique has the effect of - // putting them in reverse order, but that doesn't matter, since - // these arguments are only whole strings. - argc--; - ACE_CString *temp = argv[i]; - for (int j = i; j <= argc-1; j++) - argv[j] = argv[j+1]; - argv[argc] = temp; - - } - return 0; -} - -int -TAO::SSLIOP::Acceptor::verify_secure_configuration (TAO_ORB_Core *orb_core, - int major, - int minor) -{ - // Sanity check. - if (major < 1) - { - // There is no such thing as IIOP 0.x. - errno = EINVAL; - return -1; - } - - // In order to support a secure connection, the SSLIOP::SSL tagged - // component must be embedded in the IOR. This isn't possible if - // the user elects to disable standard profile components. - // Similarly, IIOP 1.0 does not support tagged components, which - // makes it impossible to embed the SSLIOP::SSL tagged component - // within the IOR. If the given object explicitly disallows - // insecure invocations and standard profile components are - // disabled, then return with an error since secure invocations - // cannot be supported without standard profile components. - // - // Note that it isn't enough to support NoProtection. NoProtection - // must be required since "support" does not preclude the secure - // port from being used. - - if ((orb_core->orb_params ()->std_profile_components () == 0 - || (major == 1 && minor == 0)) - && ACE_BIT_DISABLED (this->ssl_component_.target_requires, - ::Security::NoProtection)) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) Cannot support secure ") - ACE_TEXT ("IIOP over SSL connection if\n") - ACE_TEXT ("(%P|%t) standard profile ") - ACE_TEXT ("components are disabled\n") - ACE_TEXT ("(%P|%t) or IIOP 1.0 endpoint is ") - ACE_TEXT ("used.\n"))); - - errno = EINVAL; - return -1; - } - - return 0; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h deleted file mode 100644 index f8c12442dc3..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.h +++ /dev/null @@ -1,169 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Acceptor.h - * - * $Id$ - * - * IIOP/SSL specific acceptor processing - * - * - * @author Carlos O'Ryan <coryan@uci.edu> - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_ACCEPTOR_H -#define TAO_SSLIOP_ACCEPTOR_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/IIOP_SSL_Acceptor.h" -#include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h" -#include "orbsvcs/SSLIOP/SSLIOP_Accept_Strategy.h" - -#include "orbsvcs/SSLIOPC.h" /* CSIv1 */ -#include "orbsvcs/CSIIOPC.h" /* CSIv2 */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - - /** - * @class Acceptor - * - * @brief The SSLIOP-specific bridge class for the concrete acceptor. - */ - class Acceptor - : public IIOP_SSL_Acceptor - { - public: - - /// Constructor. - Acceptor (::Security::QOP qop, - const ACE_Time_Value & timeout); - - /// Destructor. - ~Acceptor (void); - - typedef ACE_Strategy_Acceptor<Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> BASE_ACCEPTOR; - typedef TAO_Creation_Strategy<Connection_Handler> CREATION_STRATEGY; - typedef TAO_Concurrency_Strategy<Connection_Handler> CONCURRENCY_STRATEGY; - typedef Accept_Strategy ACCEPT_STRATEGY; - - /** - * @name The TAO_Acceptor Methods - * - * Check the documentation in tao/Pluggable.h for details. - */ - //@{ - virtual int open (TAO_ORB_Core *orb_core, - ACE_Reactor *reactor, - int version_major, - int version_minor, - const char *address, - const char *options = 0); - virtual int open_default (TAO_ORB_Core *orb_core, - ACE_Reactor *reactor, - int version_major, - int version_minor, - const char *options = 0); - virtual int close (void); - virtual int create_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority); - virtual int is_collocated (const TAO_Endpoint* endpoint); - //@} - - /// Retrieve the CSIv1 SSLIOP::SSL component associated with the - /// endpoints set up by this acceptor. - const ::SSLIOP::SSL &ssl_component (void) const; - - private: - - /// Implement the common part of the open*() methods. - int ssliop_open_i (TAO_ORB_Core *orb_core, - const ACE_INET_Addr& addr, - ACE_Reactor *reactor); - - /// Parse protocol specific options. - virtual int parse_options_i (int &argc, ACE_CString ** argv); - - /// Ensure that neither the endpoint configuration nor the ORB - /// configuration violate security measures. - int verify_secure_configuration (TAO_ORB_Core *orb_core, - int major, - int minor); - - /// Helper method to add a new profile to the mprofile for - /// each endpoint. - int create_new_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority); - - /// Helper method to create a profile that contains all of - /// our endpoints. - int create_shared_profile (const TAO::ObjectKey &object_key, - TAO_MProfile &mprofile, - CORBA::Short priority); - - private: - - /// The concrete acceptor, as a pointer to it's base class. - BASE_ACCEPTOR ssl_acceptor_; - - /** - * @name Acceptor Strategies - * - * Strategies used when accepting an incoming connection. - */ - CREATION_STRATEGY *creation_strategy_; - CONCURRENCY_STRATEGY *concurrency_strategy_; - ACCEPT_STRATEGY *accept_strategy_; - - /// The CSIv1 SSL component. - /** - * This is the SSLIOP endpoint-specific tagged component that is - * embedded in a given IOR. - */ - ::SSLIOP::SSL ssl_component_; - - /// The SSLIOP CSIv2 tagged component. - /** - * - */ - CSIIOP::TLS_SEC_TRANS csiv2_component_; - - /// The accept() timeout. - /** - * This timeout includes the overall time to complete the SSL - * handshake. This includes both the TCP handshake and the SSL - * handshake. - */ - const ACE_Time_Value timeout_; - - }; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined(__ACE_INLINE__) -#include "orbsvcs/SSLIOP/SSLIOP_Acceptor.i" -#endif /* __ACE_INLINE__ */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_ACCEPTOR_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.i deleted file mode 100644 index 9dd630f54ef..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Acceptor.i +++ /dev/null @@ -1,14 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -ACE_INLINE const SSLIOP::SSL & -TAO::SSLIOP::Acceptor::ssl_component (void) const -{ - return this->ssl_component_; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp deleted file mode 100644 index 4cf1fe799fb..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.cpp +++ /dev/null @@ -1,142 +0,0 @@ -// $Id$ - -#include "orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h" -#include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_ClientCredentials, - "$Id$") - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::ClientCredentials::ClientCredentials ( - X509 * cert, - EVP_PKEY *evp, - SSL * ssl) - : SSLIOP_Credentials (cert, evp), - ssl_ (TAO::SSLIOP::OpenSSL_traits< ::SSL >::_duplicate (ssl)) -{ -} - -TAO::SSLIOP::ClientCredentials::~ClientCredentials (void) -{ -} - -SecurityLevel3::CredentialsType -TAO::SSLIOP::ClientCredentials::creds_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return SecurityLevel3::CT_ClientCredentials; -} - -char * -TAO::SSLIOP::ClientCredentials::context_id (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::Principal * -TAO::SSLIOP::ClientCredentials::client_principal (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::StatementList * -TAO::SSLIOP::ClientCredentials::client_supporting_statements ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::ResourceNameList * -TAO::SSLIOP::ClientCredentials::client_restricted_resources ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::Principal * -TAO::SSLIOP::ClientCredentials::target_principal (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::StatementList * -TAO::SSLIOP::ClientCredentials::target_supporting_statements ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::ResourceNameList * -TAO::SSLIOP::ClientCredentials::target_restricted_resources ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::OwnCredentials_ptr -TAO::SSLIOP::ClientCredentials::parent_credentials (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - SecurityLevel3::OwnCredentials_ptr creds = - SecurityLevel3::OwnCredentials::_nil (); - - ACE_NEW_THROW_EX (creds, - TAO::SSLIOP::OwnCredentials ( - ::SSL_get_certificate (this->ssl_.in ()), - ::SSL_get_privatekey (this->ssl_.in ())), - CORBA::NO_MEMORY ()); - ACE_CHECK_RETURN (creds); - - return creds; -} - -CORBA::Boolean -TAO::SSLIOP::ClientCredentials::client_authentication ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // If the client presented no certificate (i.e. cert_.ptr() == 0), - // the client was not authenticated. Otherwise, verify the peer's - // certificate. - - return - this->x509_.in () != 0 - && SSL_get_verify_result (this->ssl_.in ()) == X509_V_OK; -} - -CORBA::Boolean -TAO::SSLIOP::ClientCredentials::target_authentication (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), false); -} - -CORBA::Boolean -TAO::SSLIOP::ClientCredentials::confidentiality (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), false); -} - -CORBA::Boolean -TAO::SSLIOP::ClientCredentials::integrity (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // TAO's SSLIOP pluggable transport always provides integrity. Note - // that if we - - return true; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h deleted file mode 100644 index ce621276918..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h +++ /dev/null @@ -1,153 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_ClientCredentials.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_CLIENT_CREDENTIALS_H -#define TAO_SSLIOP_CLIENT_CREDENTIALS_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Credentials.h" -#include "orbsvcs/SSLIOP/SSLIOP_SSL.h" - -#include "orbsvcs/SecurityLevel3C.h" - -#include "tao/LocalObject.h" - -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:4250) -#endif /* _MSC_VER */ - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - /** - * @class ClientCredentials - * - * @brief - * - * - */ - class ClientCredentials - : public virtual SecurityLevel3::ClientCredentials, - public virtual SSLIOP_Credentials - { - public: - - /// Constructor - ClientCredentials (::X509 * cert, - ::EVP_PKEY * evp, - ::SSL * ssl); - - /** - * @name SecurityLevel3::Credentials Methods - * - * Methods required by the SecurityLevel3::Credentials - * interface. - */ - //@{ - virtual SecurityLevel3::CredentialsType creds_type ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /** - * @name SecurityLevel3::ClientCredentials Methods - * - * Methods required by the SecurityLevel3::ClientCredentials - * interface. - */ - //@{ - virtual char * context_id (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::Principal * client_principal ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::StatementList * client_supporting_statements ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::ResourceNameList * client_restricted_resources ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::Principal * target_principal ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::StatementList * target_supporting_statements ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::ResourceNameList * target_restricted_resources ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::OwnCredentials_ptr parent_credentials ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean client_authentication (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean target_authentication (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean confidentiality (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean integrity (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - protected: - - /// Destructor - /** - * Protected destructor to enforce proper memory management - * through the reference counting mechanism. - */ - ~ClientCredentials (void); - - private: - - /// Reference to the OpenSSL @c SSL data structure associated - /// with the current security context (e.g. SSL connection). - TAO::SSLIOP::SSL_var ssl_; - - }; - - } // End SSLIOP namespace -} // End TAO namespace - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_CLIENT_CREDENTIALS_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp deleted file mode 100644 index 3d652c1df81..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.cpp +++ /dev/null @@ -1,445 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h" -#include "orbsvcs/SSLIOP/SSLIOP_Endpoint.h" -#include "orbsvcs/SSLIOP/SSLIOP_Util.h" - -#include "tao/debug.h" -#include "tao/Base_Transport_Property.h" -#include "tao/ORB_Core.h" -#include "tao/IIOP_Endpoint.h" -#include "tao/IIOP_Connection_Handler.h" -#include "tao/Transport_Cache_Manager.h" -#include "tao/Thread_Lane_Resources.h" -#include "tao/Wait_Strategy.h" -#include "tao/Protocols_Hooks.h" -#include "ace/os_include/netinet/os_tcp.h" -#include "ace/os_include/os_netdb.h" - -#if !defined (__ACE_INLINE__) -# include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i" -#endif /* ! __ACE_INLINE__ */ - -ACE_RCSID (SSLIOP, - SSLIOP_Connection_Handler, - "$Id$") - -// **************************************************************** - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Connection_Handler::Connection_Handler ( - ACE_Thread_Manager *t) - : SVC_HANDLER (t, 0 , 0), - TAO_Connection_Handler (0), - current_ () -{ - // This constructor should *never* get called, it is just here to - // make the compiler happy: the default implementation of the - // Creation_Strategy requires a constructor with that signature, we - // don't use that implementation, but some (most?) compilers - // instantiate it anyway. - ACE_ASSERT (0); -} - -TAO::SSLIOP::Connection_Handler::Connection_Handler ( - TAO_ORB_Core *orb_core, - CORBA::Boolean /* flag */) // SSLIOP does *not* support GIOPlite - : SVC_HANDLER (orb_core->thr_mgr (), 0, 0), - TAO_Connection_Handler (orb_core), - current_ () -{ - this->current_ = - TAO::SSLIOP::Util::current (orb_core); - - TAO::SSLIOP::Transport* specific_transport = 0; - ACE_NEW (specific_transport, - TAO::SSLIOP::Transport (this, orb_core, 0)); - - // store this pointer (indirectly increment ref count) - this->transport (specific_transport); -} - -TAO::SSLIOP::Connection_Handler::~Connection_Handler (void) -{ - delete this->transport (); -} - -int -TAO::SSLIOP::Connection_Handler::open_handler (void *v) -{ - return this->open (v); -} - -int -TAO::SSLIOP::Connection_Handler::open (void *) -{ - TAO_IIOP_Protocol_Properties protocol_properties; - - // Initialize values from ORB params. - protocol_properties.send_buffer_size_ = - this->orb_core ()->orb_params ()->sock_sndbuf_size (); - protocol_properties.recv_buffer_size_ = - this->orb_core ()->orb_params ()->sock_rcvbuf_size (); - protocol_properties.no_delay_ = - this->orb_core ()->orb_params ()->nodelay (); - - TAO_Protocols_Hooks *tph = - this->orb_core ()->get_protocols_hooks (); - - int client = - this->transport ()->opened_as () == TAO::TAO_CLIENT_ROLE;; - - ACE_DECLARE_NEW_CORBA_ENV; - - ACE_TRY - { - if (client) - { - tph->client_protocol_properties_at_orb_level ( - protocol_properties - ACE_ENV_ARG_PARAMETER); - ACE_TRY_CHECK; - } - else - { - tph->server_protocol_properties_at_orb_level ( - protocol_properties - ACE_ENV_ARG_PARAMETER); - ACE_TRY_CHECK; - } - } - ACE_CATCHANY - { - return -1; - } - ACE_ENDTRY; - ACE_CHECK_RETURN (-1); - - if (this->set_socket_option (this->peer (), - protocol_properties.send_buffer_size_, - protocol_properties.recv_buffer_size_) == -1) - return -1; - -#if !defined (ACE_LACKS_TCP_NODELAY) - if (this->peer ().set_option (ACE_IPPROTO_TCP, - TCP_NODELAY, - (void *) &protocol_properties.no_delay_, - sizeof (protocol_properties.no_delay_)) == -1) - return -1; -#endif /* ! ACE_LACKS_TCP_NODELAY */ - - if (this->transport ()->wait_strategy ()->non_blocking ()) - { - if (this->peer ().enable (ACE_NONBLOCK) == -1) - return -1; - - // Enable partial SSL writes. - // - // By default, OpenSSL attempts to send the entire chunk of - // data. This is fine for relatively small chunks of data. - // However, if SSL_write() returns with an SSL_ERROR_WANT_WRITE - // (basically an EWOULDBLOCK) when using non-blocking I/O, TAO - // may attempt to resend the same data with a potentially - // different buffer address. Such a scenario is prone to happen - // when sending large chunks of data that cause flow control to - // occur. For most protocol implementations this is fine. - // OpenSSL, on the other hand, requires that the same arguments - // be passed to SSL_write() if an SSL_ERROR_WANT_WRITE error - // occured on a previous SSL_write() attempt, which cannot be - // guaranteed by TAO's current message queuing/construction - // code, often resulting in a "bad write retry" OpenSSL error. - // To work around this issue, we enable partial SSL_write()s in - // SSL/TLS connections created by TAO's SSLIOP pluggable - // protocol. Doing so makes SSL_write() behave like write(2). - // - // This isn't an issue when using blocking I/O. - (void) ::SSL_set_mode (this->peer ().ssl (), - SSL_MODE_ENABLE_PARTIAL_WRITE); - (void) ::SSL_set_mode (this->peer ().ssl (), - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); - } - - // Called by the <Strategy_Acceptor> when the handler is - // completely connected. - ACE_INET_Addr remote_addr; - if (this->peer ().get_remote_addr (remote_addr) == -1) - return -1; - - ACE_INET_Addr local_addr; - if (this->peer ().get_local_addr (local_addr) == -1) - return -1; - - int use_dotted_decimal_addresses = - this->orb_core ()->orb_params ()->use_dotted_decimal_addresses (); - - if (local_addr.get_ip_address () == remote_addr.get_ip_address () - && local_addr.get_port_number () == remote_addr.get_port_number ()) - { - if (TAO_debug_level > 0) - { - char remote_as_string[MAXHOSTNAMELEN + 16]; - char local_as_string[MAXHOSTNAMELEN + 16]; - - (void) remote_addr.addr_to_string (remote_as_string, - sizeof (remote_as_string), - use_dotted_decimal_addresses); - (void) local_addr.addr_to_string (local_as_string, - sizeof (local_as_string), - use_dotted_decimal_addresses); - ACE_ERROR ((LM_ERROR, - "TAO(%P|%t) - TAO::SSLIOP::Connection_Handler::open, " - "Holy Cow! The remote addr and " - "local addr are identical (%s == %s)\n", - remote_as_string, local_as_string)); - } - - return -1; - } - - if (TAO_debug_level > 0) - { - char client[MAXHOSTNAMELEN + 16]; - - // Verify that we can resolve the peer hostname. - if (remote_addr.addr_to_string (client, - sizeof (client), - use_dotted_decimal_addresses) == -1) - { - ACE_OS::strcpy (client, "*unable to obtain*"); - } - - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP connection from ") - ACE_TEXT ("client <%s> on [%d]\n"), - client, - this->peer ().get_handle ())); - - // Verify that we can resolve our hostname. - if (local_addr.addr_to_string (client, - sizeof (client), - use_dotted_decimal_addresses) == -1) - { - ACE_OS::strcpy (client, "*unable to obtain*"); - } - - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP connection accepted from ") - ACE_TEXT ("server <%s> on [%d]\n"), - client, - this->get_handle ())); - } - - // Set that the transport is now connected, if fails we return -1 - // Use C-style cast b/c otherwise we get warnings on lots of - // compilers - if (!this->transport ()->post_open ((size_t) this->get_handle ())) - return -1; - - // @@ Not needed - this->state_changed (TAO_LF_Event::LFS_SUCCESS, - this->orb_core ()->leader_follower ()); - - return 0; -} - -int -TAO::SSLIOP::Connection_Handler::resume_handler (void) -{ - return ACE_Event_Handler::ACE_APPLICATION_RESUMES_HANDLER; -} - -int -TAO::SSLIOP::Connection_Handler::close_connection (void) -{ - return this->close_connection_eh (this); -} - -int -TAO::SSLIOP::Connection_Handler::handle_input (ACE_HANDLE h) -{ - return this->handle_input_eh (h, this); -} - -int -TAO::SSLIOP::Connection_Handler::handle_output (ACE_HANDLE handle) -{ - const int result = - this->handle_output_eh (handle, this); - - if (result == -1) - { - this->close_connection (); - return 0; - } - - return result; -} - -int -TAO::SSLIOP::Connection_Handler::handle_timeout (const ACE_Time_Value &, - const void *) -{ - // We don't use this upcall for I/O. This is only used by the - // Connector to indicate that the connection timedout. Therefore, - // we should call close(). - return this->close (); -} - -int -TAO::SSLIOP::Connection_Handler::handle_close (ACE_HANDLE, - ACE_Reactor_Mask) -{ - ACE_ASSERT (0); - return 0; -} - -int -TAO::SSLIOP::Connection_Handler::close (u_long) -{ - return this->close_handler (); -} - -int -TAO::SSLIOP::Connection_Handler::release_os_resources (void) -{ - return this->peer().close (); -} - -void -TAO::SSLIOP::Connection_Handler::pos_io_hook (int & return_value) -{ - if (return_value == 0 && ::SSL_pending (this->peer ().ssl ())) - return_value = 1; -} - -int -TAO::SSLIOP::Connection_Handler::add_transport_to_cache (void) -{ - ACE_INET_Addr addr; - - // Get the peername. - // - // Note that the port set in the ACE_INET_Addr is actually the SSL - // port! - if (this->peer ().get_remote_addr (addr) == -1) - return -1; - - // Construct an IIOP_Endpoint object - TAO_IIOP_Endpoint tmpoint ( - addr, - this->orb_core()->orb_params()->use_dotted_decimal_addresses()); - - // @@ This is broken. We need to include the SecurityAssociation - // options to be able to truly distinguish cached SSLIOP - // transports. - const ::SSLIOP::SSL ssl = - { - 0, // target_supports - 0, // target_requires - addr.get_port_number () // port - }; - - TAO_SSLIOP_Endpoint endpoint (&ssl, - &tmpoint); - - // Construct a property object - TAO_Base_Transport_Property prop (&endpoint); - - TAO::Transport_Cache_Manager &cache = - this->orb_core ()->lane_resources ().transport_cache (); - - // Add the handler to Cache - return cache.cache_idle_transport (&prop, - this->transport ()); -} - -int -TAO::SSLIOP::Connection_Handler::process_listen_point_list ( - IIOP::ListenPointList &listen_list) -{ - // Get the size of the list - const CORBA::ULong len = listen_list.length (); - - for (CORBA::ULong i = 0; i < len; ++i) - { - IIOP::ListenPoint listen_point = listen_list[i]; - ACE_INET_Addr addr (listen_point.port, - listen_point.host.in ()); - - - if (TAO_debug_level > 0) - { - ACE_DEBUG ((LM_DEBUG, - "(%P|%t) Listening port [%d] on [%s]\n", - listen_point.port, - listen_point.host.in ())); - } - - // Construct an IIOP_Endpoint object using the host as provided - // in the listen point list. We must use the host in that form - // because that's also how the ORB on the other side will - // advertise the host in an IOR. - // - // Note that the port in the ACE_INET_Addr is actually the SSL - // port! - TAO_IIOP_Endpoint tmpoint (listen_point.host.in (), - listen_point.port, - addr); - - // @@ This is broken. Instead of just using the default CORBA - // SecurityAssociation options, by not supplying SSLIOP::SSL - // instance in the endpoint constructor, we need to include the - // actual SecurityAssociation options so that the invocation to - // the originator is attempted with the appropriate security - // settings. Unfortunately, there is currently no portable way to - // send the SecurityAssociation options with the - // IIOP::ListenPointList. Presumably the new Firewall - // specification will address this deficiency. - TAO_SSLIOP_Synthetic_Endpoint endpoint (&tmpoint); - - // Construct a property object - TAO_Base_Transport_Property prop (&endpoint); - - // Mark the connection as bidirectional - prop.set_bidir_flag (1); - - // The property for this handler has changed. Recache the - // handler with this property - const int retval = this->transport ()->recache_transport (&prop); - if (retval == -1) - return retval; - - // Make the handler idle and ready for use - this->transport ()->make_idle (); - } - - return 0; -} - -int -TAO::SSLIOP::Connection_Handler::setup_ssl_state ( - TAO::SSLIOP::Current_Impl *&previous_current_impl, - TAO::SSLIOP::Current_Impl *new_current_impl, - bool &setup_done) -{ - // Make the SSL session state available to the SSLIOP::Current - // TSS object. - new_current_impl->ssl (this->peer ().ssl ()); - - // The following call is reentrant and thread-safe - this->current_->setup (previous_current_impl, - new_current_impl, - setup_done); - - return 0; -} - -void -TAO::SSLIOP::Connection_Handler::teardown_ssl_state ( - TAO::SSLIOP::Current_Impl *previous_current_impl, - bool &setup_done) -{ - this->current_->teardown (previous_current_impl, - setup_done); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h deleted file mode 100644 index 9ce3ba997af..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h +++ /dev/null @@ -1,202 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Connection_Handler.h - * - * $Id$ - * - * @author Carlos O'Ryan <coryan@uci.edu> - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_CONNECTION_HANDLER_H -#define TAO_SSLIOP_CONNECTION_HANDLER_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Current.h" -#include "orbsvcs/SSLIOP/SSLIOP_Transport.h" - -#include "tao/Connection_Handler.h" -#include "tao/IIOPC.h" - -#include "ace/Reactor.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -class TAO_IIOP_Properties; - -namespace TAO -{ - namespace SSLIOP - { - - /** - * @class Connection_Handler - * - * @brief Handles requests on a single connection. - * - * The Connection handler which is common for the Acceptor and - * the Connector - */ - class Connection_Handler - : public SVC_HANDLER, - public TAO_Connection_Handler - { - public: - - Connection_Handler (ACE_Thread_Manager* t = 0); - - /// Constructor. - /** - * @param arg Parameter is used by the Acceptor to pass the - * protocol configuration properties for this - * connection. - */ - Connection_Handler (TAO_ORB_Core *orb_core, - CORBA::Boolean flag); - - /// Destructor. - ~Connection_Handler (void); - - /** - * @name Connection Handler overloads - * - * Connection Handler overloads. - */ - //@{ - virtual int open_handler (void *); - //@} - - /// Close called by the Acceptor or Connector when connection - /// establishment fails. - int close (u_long = 0); - - //@{ - /** @name Event Handler overloads - */ - virtual int resume_handler (void); - virtual int close_connection (void); - virtual int handle_input (ACE_HANDLE); - virtual int handle_output (ACE_HANDLE); - virtual int handle_close (ACE_HANDLE, ACE_Reactor_Mask); - virtual int handle_timeout (const ACE_Time_Value ¤t_time, - const void *act = 0); - virtual int open (void *); - //@} - - /// Add ourselves to cache. - int add_transport_to_cache (void); - - /// Process the @a listen_list. - int process_listen_point_list (IIOP::ListenPointList &listen_list); - - /// Make the SSL session state available to the SSLIOP::Current - /// object. - int setup_ssl_state (TAO::SSLIOP::Current_Impl *&previous_current_impl, - TAO::SSLIOP::Current_Impl *new_current_impl, - bool &setup_done); - - /// Teardown the SSL session state. - void teardown_ssl_state ( - TAO::SSLIOP::Current_Impl *previous_current_impl, - bool &setup_done); - - protected: - - //@{ - /** - * @name TAO_Connection Handler overloads - */ - virtual int release_os_resources (void); - virtual void pos_io_hook (int & return_value); - //@} - - protected: - - /// Reference to the SSLIOP::Current object (downcast to gain - /// access to the low-level management methods). - TAO::SSLIOP::Current_var current_; - - private: - - /// TCP configuration for this connection. - TAO_IIOP_Properties *tcp_properties_; - - }; - - // **************************************************************** - - /** - * @class State_Guard - * - * @brief This Class that sets up TSS SSL states upon - * instantiation, and tears down the TSS SSL state when - * that instance goes out of scope. - * - * This guard is used to make TSS SSL state configuration and - * deconfiguration during an upcall exception safe. Exceptions - * are not supposed to be propagated up to the scope this guard is - * used in, so this guard may be unnecessary. However, since - * proper TSS SSL state configuration/deconfiguration is critical - * to proper security support, this guard is used to ensure that - * configuration/deconfiguration is exception safe. - */ - class State_Guard - { - public: - - /// Constructor that sets up the TSS SSL state. - State_Guard (TAO::SSLIOP::Connection_Handler *handler, - int &result); - - /// Destructor that tears down the TSS SSL state. - ~State_Guard (void); - - private: - - /// Pointer to the connection handler currently handling the - /// request/upcall. - Connection_Handler *handler_; - - /// The SSLIOP::Current implementation that was previously - /// associated with the current thread and invocation. - /** - * It is stored here until the invocation completes, after which it - * placed back into TSS. - */ - Current_Impl *previous_current_impl_; - - /// The SSLIOP::Current implementation to be associated with the - /// current invocation. - Current_Impl current_impl_; - - /// Flag that specifies whether or not setup of the SSLIOP::Current - /// object completed for the current thread and invocation. - bool setup_done_; - - }; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - - -#if defined (__ACE_INLINE__) -#include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i" -#endif /* __ACE_INLINE__ */ - - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_CONNECTION_HANDLER_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i deleted file mode 100644 index 193fc62f426..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connection_Handler.i +++ /dev/null @@ -1,29 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -ACE_INLINE -TAO::SSLIOP::State_Guard::State_Guard ( - TAO::SSLIOP::Connection_Handler *handler, - int &result) - : handler_ (handler), - previous_current_impl_ (0), - current_impl_ (), - setup_done_ (false) -{ - // Set up the SSLIOP::Current object. - result = this->handler_->setup_ssl_state (this->previous_current_impl_, - &(this->current_impl_), - this->setup_done_); -} - -ACE_INLINE -TAO::SSLIOP::State_Guard::~State_Guard (void) -{ - this->handler_->teardown_ssl_state (this->previous_current_impl_, - this->setup_done_); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp deleted file mode 100644 index 3635555cb98..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp +++ /dev/null @@ -1,862 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Connector.h" -#include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h" -#include "orbsvcs/SSLIOP/SSLIOP_Profile.h" -#include "orbsvcs/SSLIOP/SSLIOP_X509.h" - -#include "orbsvcs/SecurityLevel2C.h" - -#include "tao/debug.h" -#include "tao/ORB_Core.h" -#include "tao/Client_Strategy_Factory.h" -#include "tao/Environment.h" -#include "tao/Base_Transport_Property.h" -#include "tao/Transport_Cache_Manager.h" -#include "tao/Thread_Lane_Resources.h" -#include "tao/Stub.h" -#include "tao/Transport_Connector.h" -#include "tao/Blocked_Connect_Strategy.h" -#include "tao/Wait_Strategy.h" -#include "tao/Profile_Transport_Resolver.h" -#include "ace/Auto_Ptr.h" -#include "ace/os_include/os_netdb.h" - -ACE_RCSID (SSLIOP, - SSLIOP_Connector, - "$Id$") - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Connector::Connector (::Security::QOP qop) - : TAO::IIOP_SSL_Connector (), - qop_ (qop), - connect_strategy_ (), - base_connector_ () -{ -} - -int -TAO::SSLIOP::Connector::open (TAO_ORB_Core *orb_core) -{ - // Since the ACE_Strategy_Connector (and ACE_Connector) cannot - // handle non-blocking connections with protocols that have more - // than one handshake, such as SSL, force blocking connections for - // SSLIOP. This deficiency will be addressed soon. - ACE_NEW_RETURN (this->active_connect_strategy_, - TAO_Blocked_Connect_Strategy (orb_core), - -1); - - if (this->TAO::IIOP_SSL_Connector::open (orb_core) == -1) - return -1; - - // Our connect creation strategy - CONNECT_CREATION_STRATEGY *connect_creation_strategy = 0; - - ACE_NEW_RETURN (connect_creation_strategy, - CONNECT_CREATION_STRATEGY - (orb_core->thr_mgr (), - orb_core, - 0 /* Forcibly disable TAO's GIOPlite feature. - It introduces a security hole. */), - -1); - - // Our activation strategy - CONNECT_CONCURRENCY_STRATEGY *concurrency_strategy = 0; - - ACE_NEW_RETURN (concurrency_strategy, - CONNECT_CONCURRENCY_STRATEGY (orb_core), - -1); - - ACE_Reactor *r = this->orb_core ()->reactor (); - - return this->base_connector_.open (r, - connect_creation_strategy, - &this->connect_strategy_, - concurrency_strategy); -} - -int -TAO::SSLIOP::Connector::close (void) -{ - (void) this->TAO::IIOP_SSL_Connector::close (); - - delete this->base_connector_.creation_strategy (); - delete this->base_connector_.concurrency_strategy (); - return this->base_connector_.close (); -} - -TAO_Transport * -TAO::SSLIOP::Connector::connect (TAO::Profile_Transport_Resolver *resolver, - TAO_Transport_Descriptor_Interface *desc, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL) -{ - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) - Connector::connect, ") - ACE_TEXT ("looking for SSLIOP connection.\n"))); - - TAO_Endpoint *endpoint = desc->endpoint (); - - if (endpoint->tag () != IOP::TAG_INTERNET_IOP) - return 0; - - TAO_SSLIOP_Endpoint *ssl_endpoint = - dynamic_cast<TAO_SSLIOP_Endpoint *> (endpoint); - - if (ssl_endpoint == 0) - return 0; - - // @@ TODO: The EstablishTrust policy should be evaluated once per - // connection, not once per invocation. This should - // improve performance. - // - // Check if the user overrode the default establishment of trust - // policy for the current object. - CORBA::Policy_var policy = - resolver->stub ()->get_policy (::Security::SecEstablishTrustPolicy - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - SecurityLevel2::EstablishTrustPolicy_var trust_policy = - SecurityLevel2::EstablishTrustPolicy::_narrow (policy.in () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - // We use a pointer and temporary to make it obvious to determine - // if no establishment of trust policy was set. Specifically, if - // the "trust" pointer below is zero, then the SSLIOP pluggable - // protocol default value will be used. - ::Security::EstablishTrust trust = { 0 , 0 }; - if (!CORBA::is_nil (trust_policy.in ())) - { - trust = trust_policy->trust (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - } - - // Flag that states whether any form of establishment of trust - // should occur. - CORBA::Boolean const establish_trust = - trust.trust_in_target || trust.trust_in_client; - - // @@ Should this be in a "policy validator?" - // - // If the SSL port is zero, then no SSLIOP tagged component was - // available in the IOR, meaning that there is no way to establish - // trust. Throw an exception. - if (ssl_endpoint->ssl_component ().port == 0 - && establish_trust) - { - if (TAO_debug_level > 0) - { - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("TAO_SSLIOP (%P|%t) ERROR: ") - ACE_TEXT ("Cannot establish trust since ") - ACE_TEXT ("no SSLIOP tagged component was ") - ACE_TEXT ("found in the IOR.\n"))); - } - - ACE_THROW_RETURN (CORBA::INV_POLICY (), // @@ Correct exception? - 0); - } - - // Check if the user overrode the default Quality-of-Protection for - // the current object. - policy = resolver->stub ()->get_policy (::Security::SecQOPPolicy - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - SecurityLevel2::QOPPolicy_var qop_policy = - SecurityLevel2::QOPPolicy::_narrow (policy.in () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - // Temporary variable used to avoid overwriting the default value - // set when the ORB was initialized. - ::Security::QOP qop = this->qop_; - - if (!CORBA::is_nil (qop_policy.in ())) - { - qop = qop_policy->qop (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - } - - // If the SSL port is zero, then no SSLIOP tagged component was - // available in the IOR, meaning that there is no way to make a - // secure invocation. Throw an exception. - if (qop != ::Security::SecQOPNoProtection - && ssl_endpoint->ssl_component ().port == 0) - { - if (TAO_debug_level > 0) - { - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("TAO_SSLIOP (%P|%t) ERROR: ") - ACE_TEXT ("Cannot make secure invocation since ") - ACE_TEXT ("no SSLIOP tagged component was ") - ACE_TEXT ("found in the IOR.\n"))); - } - - ACE_THROW_RETURN (CORBA::INV_POLICY (), // @@ Correct exception? - 0); - } - - if ((!establish_trust && qop == ::Security::SecQOPNoProtection) - || ssl_endpoint->ssl_component ().port == 0) - { - return this->iiop_connect (ssl_endpoint, - resolver, - timeout - ACE_ENV_ARG_PARAMETER); - } - - return this->ssliop_connect (ssl_endpoint, - qop, - trust, - resolver, - desc, - timeout - ACE_ENV_ARG_PARAMETER); -} - - -TAO_Profile * -TAO::SSLIOP::Connector::create_profile (TAO_InputCDR& cdr) -{ - TAO_Profile *pfile = 0; - ACE_NEW_RETURN (pfile, - TAO_SSLIOP_Profile (this->orb_core ()), - 0); - - const int r = pfile->decode (cdr); - if (r == -1) - { - pfile->_decr_refcnt (); - pfile = 0; - } - - return pfile; -} - -TAO_Profile * -TAO::SSLIOP::Connector::make_profile (ACE_ENV_SINGLE_ARG_DECL) -{ - // The endpoint should be of the form: - // N.n@host:port/object_key - // or: - // host:port/object_key - - TAO_Profile *profile = 0; - ACE_NEW_THROW_EX (profile, - TAO_SSLIOP_Profile (this->orb_core (), - 0), // SSL component - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (0); - - return profile; -} - - -TAO_Profile * -TAO::SSLIOP::Connector::make_secure_profile (ACE_ENV_SINGLE_ARG_DECL) -{ - // The endpoint should be of the form: - // N.n@host:port/object_key - // or: - // host:port/object_key - - TAO_Profile *profile = 0; - ACE_NEW_THROW_EX (profile, - TAO_SSLIOP_Profile (this->orb_core (), - 1), // SSL component - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (0); - - return profile; -} - - - -TAO_Profile * -TAO::SSLIOP::Connector::corbaloc_scan (const char *endpoint, - size_t &len - ACE_ENV_ARG_DECL) -{ - int ssl_only = 0; - if (this->check_prefix (endpoint) == 0) - { - ssl_only = 1; - } - else - { - if (this->TAO_IIOP_Connector::check_prefix (endpoint) != 0) - return 0; - } - - // Determine the (first in a list of possibly > 1) endpoint address - const char *comma_pos = ACE_OS::strchr (endpoint,','); - const char *slash_pos = ACE_OS::strchr (endpoint,'/'); - if (comma_pos == 0 && slash_pos == 0) - { - if (TAO_debug_level) - { - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT("(%P|%t) SSLIOP_Connector::corbaloc_scan warning: ") - ACE_TEXT("supplied string contains no comma or slash: %s\n"), - endpoint)); - } - len = ACE_OS::strlen (endpoint); - } - else if (slash_pos != 0 || comma_pos > slash_pos) - { - // The endpoint address does not extend past the first '/' or ',' - len = slash_pos - endpoint; - } - else - { - len = comma_pos - endpoint; - } - - //Create the corresponding profile - TAO_Profile *ptmp = 0; - if (ssl_only) - { - ptmp = this->make_secure_profile (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - } - else - { - ptmp = this->make_profile (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - } - - return ptmp; -} - - -int -TAO::SSLIOP::Connector::check_prefix (const char *endpoint) -{ - // Check for a valid string - if (!endpoint || !*endpoint) return -1; // Failure - - const char *protocol[] = { "ssliop", "sslioploc" }; - - size_t first_slot = ACE_OS::strchr (endpoint, ':') - endpoint; - - size_t len0 = ACE_OS::strlen (protocol[0]); - size_t len1 = ACE_OS::strlen (protocol[1]); - - // Check for the proper prefix in the IOR. If the proper prefix - // isn't in the IOR then it is not an IOR we can use. - if (first_slot == len0 && ACE_OS::strncmp (endpoint, protocol[0], len0) == 0) - return 0; - - if (first_slot == len1 && ACE_OS::strncmp (endpoint, protocol[1], len1) == 0) - return 0; - - // Failure: not an SSLIOP IOR - // DO NOT throw an exception here. - return -1; -} - - -TAO_Transport* -TAO::SSLIOP::Connector::iiop_connect ( - TAO_SSLIOP_Endpoint *ssl_endpoint, - TAO::Profile_Transport_Resolver *resolver, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL) -{ - const ::SSLIOP::SSL &ssl_component = ssl_endpoint->ssl_component (); - - // Only allow connection to the insecure IIOP port if the endpoint - // explicitly allows it, i.e. if the Security::NoProtection security - // association bit is set in the SSLIOP::SSL::target_supports field. - // The server performs the same permission check, so this check is - // an optimization since a connection will not be established - // needlessly, i.e. rejected due to lack of permission. - // - // Note that it is still possible for the standard non-SSLIOP aware - // IIOP pluggable protocol to attempt to connect to the insecure - // port. In that case, the server will have to prevent the - // connection, and subsequently the request, from completing. - if (ACE_BIT_DISABLED (ssl_component.target_supports, - ::Security::NoProtection)) - ACE_THROW_RETURN (CORBA::NO_PERMISSION ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - EPERM), - CORBA::COMPLETED_NO), - 0); - - TAO_IIOP_Endpoint *iiop_endpoint = ssl_endpoint->iiop_endpoint (); - - // An IIOP-only transport descriptor must be used instead of the one - // passed to this method since the latter is used for SSLIOP - // connections. Doing so prevents an IIOP-only cached transport - // from being associated with an SSLIOP connection. - TAO_Base_Transport_Property iiop_desc (iiop_endpoint); - - // Note that the IIOP-only transport descriptor is used! - return - this->TAO::IIOP_SSL_Connector::connect ( - resolver, - &iiop_desc, - timeout - ACE_ENV_ARG_PARAMETER); -} - -TAO_Transport * -TAO::SSLIOP::Connector::ssliop_connect ( - TAO_SSLIOP_Endpoint *ssl_endpoint, - ::Security::QOP qop, - const ::Security::EstablishTrust &trust, - TAO::Profile_Transport_Resolver *resolver, - TAO_Transport_Descriptor_Interface *desc, - ACE_Time_Value *max_wait_time - ACE_ENV_ARG_DECL) -{ - const ::SSLIOP::SSL &ssl_component = ssl_endpoint->ssl_component (); - - // @@ The following check for "required insecurity" seems odd, but - // I haven't seen anything in the Security spec that says this - // policy isn't possible. - // -Ossama - - // If the endpoint requires an insecure connection, i.e. the - // Security::NoProtection security association bit in the - // SSLIOP::SSL::target_requires field is enabled, then prevent an - // SSL connection from occuring. - if (ACE_BIT_ENABLED (ssl_component.target_requires, - ::Security::NoProtection)) - ACE_THROW_RETURN (CORBA::NO_PERMISSION ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - EPERM), - CORBA::COMPLETED_NO), - 0); - - // If the invocation wants integrity without confidentiality but the - // server does not support "no protection," then it won't be - // possible to provide integrity. In order to support integrity - // without confidentiality, encryption must be disabled but secure - // hashes must remain enabled. This is achieved using the "eNULL" - // cipher. However, the "eNULL" cipher is only enabled on the - // server side if "no protection" is enabled. - if (ACE_BIT_DISABLED (ssl_component.target_supports, - ::Security::NoProtection) - && qop == ::Security::SecQOPIntegrity) - ACE_THROW_RETURN (CORBA::INV_POLICY (), 0); - - const ACE_INET_Addr &remote_address = - ssl_endpoint->object_addr (); - - // Verify that the remote ACE_INET_Addr was initialized - // properly. Failure can occur if hostname lookup failed when - // initializing the remote ACE_INET_Addr. - if (remote_address.get_type () != AF_INET) - { - if (TAO_debug_level > 0) - { - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP connection failed.\n") - ACE_TEXT ("TAO (%P|%t) This is most likely ") - ACE_TEXT ("due to a hostname lookup ") - ACE_TEXT ("failure.\n"))); - } - - return 0; - } - - int result = 0; - TAO::SSLIOP::Connection_Handler *svc_handler = 0; - TAO_Transport *transport = 0; - - // Before we can check the cache to find an existing connection, we - // need to make sure the ssl_endpoint is fully initialized with the - // local security information. This endpoint initalized by the - // profile does not (and cannot) contain the desired QOP, trust, or - // credential information which is necesary to uniquely identify - // this connection. - if (!ssl_endpoint->credentials_set ()) - { - if (TAO_debug_level > 2) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Initializing SSLIOP_Endpoint \n") - )); - - if (this->base_connector_.creation_strategy ()->make_svc_handler ( - svc_handler) != 0) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to create SSLIOP ") - ACE_TEXT ("service handler.\n"))); - - return 0; - } - - ACE_Auto_Basic_Ptr<TAO::SSLIOP::Connection_Handler> - safe_handler (svc_handler); - TAO::SSLIOP::OwnCredentials_var credentials = - this->retrieve_credentials (resolver->stub (), - svc_handler->peer ().ssl () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - svc_handler = safe_handler.release (); - ssl_endpoint->set_sec_attrs (qop, trust, credentials.in()); - } - - // Check the Cache first for connections - if (this->orb_core ()->lane_resources ().transport_cache ().find_transport ( - desc, - transport) == 0) - { - if (TAO_debug_level > 2) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) - SSLIOP_Connector::ssliop_connect, ") - ACE_TEXT ("got existing transport[%d]\n"), - transport->id ())); - - // When the transport is not connected wait for completion - if (!transport->is_connected()) - { - if (!this->wait_for_connection_completion (resolver, - transport, - max_wait_time)) - { - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) - SSLIOP_Connector::ssliop_connect,") - ACE_TEXT ("wait for completion failed\n"))); - - } - } - } - else - { - if (TAO_debug_level > 4) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) - SSLIOP_Connector::ssliop_connect, ") - ACE_TEXT ("making a new connection \n"))); - - // Purge connections (if necessary) - this->orb_core ()->lane_resources ().transport_cache ().purge (); - - // The svc_handler is created beforehand so that we can get - // access to the underlying ACE_SSL_SOCK_Stream (the peer) and - // its SSL pointer member prior to descending into the - // ACE_Strategy_Connector (the "base_connector_"). This is - // thread-safe and reentrant, hence no synchronization is - // necessary. - // - // The make_svc_handler() method creates the service handler and - // bumps the #REFCOUNT# up one extra. The extra reference count - // in TAO_Connect_Creation_Strategy::make_svc_handler() is - // needed in the case when connection completion is pending and - // we are going to wait on a variable in the handler to changes, - // signifying success or failure. Note, that this increment - // cannot be done once the connect() returns since this might be - // too late if another thread pick up the completion and - // potentially deletes the handler before we get a chance to - // increment the reference count. - if (svc_handler == 0 && - this->base_connector_.creation_strategy ()->make_svc_handler ( - svc_handler) != 0) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to create SSLIOP ") - ACE_TEXT ("service handler.\n"))); - - return 0; - } - - ACE_Auto_Basic_Ptr<TAO::SSLIOP::Connection_Handler> - safe_handler (svc_handler); - - // Setup the establishment of trust connection properties, if - // any. - int verify_mode = 0; - - // On the server side, "trust_in_client" requires that a peer - // (client) certificate exist. Fail if one doesn't exist. - // - // In SSLIOP's case, trust_in_client also implies - // trust_in_target. - if (trust.trust_in_client) - verify_mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; - - // Require verification of the target's certificate. - else if (trust.trust_in_target) - verify_mode = SSL_VERIFY_PEER; - - // Trust in neither the client nor the target is explicitly - // specified. Use the default setting. - else - verify_mode = - ACE_SSL_Context::instance ()->default_verify_mode (); - - ::SSL_set_verify (svc_handler->peer ().ssl (), - verify_mode, - 0); - - // The "eNULL" cipher disables encryption but still uses a - // secure hash (e.g. SHA1 or MD5) to ensure integrity. (Try the - // command "openssl ciphers -v eNULL".) - // - // Note that it is not possible to completely disable protection - // here. - if ((qop == ::Security::SecQOPNoProtection - || qop == ::Security::SecQOPIntegrity) - && ::SSL_set_cipher_list (svc_handler->peer ().ssl (), - "eNULL") == 0) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("(%P|%t) Unable to set eNULL ") - ACE_TEXT ("SSL cipher.\n"))); - - ACE_THROW_RETURN (CORBA::INV_POLICY (), 0); - } - - svc_handler = safe_handler.release (); - - // Get the right synch options - ACE_Synch_Options synch_options; - - this->active_connect_strategy_->synch_options (max_wait_time, - synch_options); - - // If we don't need to block for a transport just set the timeout to - // be zero. - ACE_Time_Value tmp_zero (ACE_Time_Value::zero); - if (!resolver->blocked_connect ()) - { - synch_options.timeout (ACE_Time_Value::zero); - max_wait_time = &tmp_zero; - } - - // We obtain the transport in the <svc_handler> variable. As we - // know now that the connection is not available in Cache we can - // make a new connection - result = this->base_connector_.connect (svc_handler, - remote_address, - synch_options); - - // There are three possibilities from calling connect(): (a) - // connection succeeds immediately - in this case, the - // #REFCOUNT# on the handler is two; (b) connection completion - // is pending - in this case, the #REFCOUNT# on the handler is - // also two; (c) connection fails immediately - in this case, - // the #REFCOUNT# on the handler is one since close() gets - // called on the handler. - - // Make sure that we always do a remove_reference - ACE_Event_Handler_var svc_handler_auto_ptr (svc_handler); - - transport = - svc_handler->transport (); - - if (result == -1) - { - // No immediate result, wait for completion - if (errno == EWOULDBLOCK) - { - // Try to wait until connection completion. Incase we block, then we - // get a connected transport or not. In case of non block we get - // a connected or not connected transport - if (!this->wait_for_connection_completion (resolver, - transport, - max_wait_time)) - { - if (TAO_debug_level > 2) - ACE_ERROR ((LM_ERROR, "TAO (%P|%t) - SSLIOP_Connector::" - "ssliop_connect, " - "wait for completion failed\n")); - } - } - else - { - // Transport is not usable - transport = 0; - } - } - - // In case of errors transport is zero - if (transport == 0) - { - // Give users a clue to the problem. - if (TAO_debug_level) - { - char buffer [MAXHOSTNAMELEN + 6 + 1]; - ssl_endpoint->addr_to_string (buffer, - sizeof (buffer) - 1); - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) - SSL connection to ") - ACE_TEXT ("<%s:%d> failed (%p)\n"), - buffer, - remote_address.get_port_number (), - ACE_TEXT ("errno"))); - } - - return 0; - } - - // At this point, the connection has be successfully connected. - // #REFCOUNT# is one. - if (TAO_debug_level > 2) - ACE_DEBUG ((LM_DEBUG, - "TAO (%P|%t) - SSLIOP_Connector::ssliop_connect, " - "new SSL connection to port %d on transport[%d]\n", - remote_address.get_port_number (), - svc_handler->peer ().get_handle ())); - - // Add the handler to Cache - int retval = - this->orb_core ()-> - lane_resources ().transport_cache ().cache_transport (desc, - transport); - - // Failure in adding to cache. - if (retval != 0) - { - // Close the handler. - svc_handler->close (); - - if (TAO_debug_level > 0) - { - ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - SLIIOP_Connector::ssliop_connect, " - "could not add the new connection to cache\n")); - } - - return 0; - } - - if (transport->is_connected () && - transport->wait_strategy ()->register_handler () != 0) - { - // Registration failures. - - // Purge from the connection cache, if we are not in the cache, this - // just does nothing. - (void) transport->purge_entry (); - - // Close the handler. - (void) transport->close_connection (); - - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - SSLIOP_Connector [%d]::ssliop_connect, " - "could not register the transport " - "in the reactor.\n", - transport->id ())); - - return 0; - } - } - - return transport; -} - -TAO::SSLIOP::OwnCredentials * -TAO::SSLIOP::Connector::retrieve_credentials (TAO_Stub *stub, - SSL *ssl - ACE_ENV_ARG_DECL) -{ - // Check if the user overrode the default invocation credentials. - CORBA::Policy_var policy = - stub->get_policy (::SecurityLevel3::ContextEstablishmentPolicyType - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); - - SecurityLevel3::ContextEstablishmentPolicy_var creds_policy = - SecurityLevel3::ContextEstablishmentPolicy::_narrow ( - policy.in () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); - - TAO::SSLIOP::OwnCredentials_var ssliop_credentials; - - // Set the Credentials (X.509 certificates and corresponding private - // keys) to be used for this invocation. - if (!CORBA::is_nil (creds_policy.in ())) - { - SecurityLevel3::OwnCredentialsList_var creds_list = - creds_policy->creds_list (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); - - if (creds_list->length () > 0) - { - // Assume that we've got an SSLIOP credential. - SecurityLevel3::Credentials_ptr credentials = - creds_list[0u]; - - ssliop_credentials = - TAO::SSLIOP::OwnCredentials::_narrow (credentials - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); - - if (!CORBA::is_nil (ssliop_credentials.in ())) - { - TAO::SSLIOP::X509_var x509 = ssliop_credentials->x509 (); - if (::SSL_use_certificate (ssl, x509.in ()) != 1) - return TAO::SSLIOP::OwnCredentials::_nil (); - - TAO::SSLIOP::EVP_PKEY_var evp = ssliop_credentials->evp (); - if (evp.in () != 0 - && ::SSL_use_PrivateKey (ssl, evp.in ()) != 1) - { - // Invalidate the certificate we just set. - (void) ::SSL_use_certificate (ssl, 0); - return TAO::SSLIOP::OwnCredentials::_nil (); - } - } - } - } - else - { - // Use the default certificate and private key, i.e. the one set - // in the SSL_CTX that was used when creating the SSL data - // structure. - - /** - * @todo Check if the CredentialsCurator contains a default set - * of SSLIOP OwnCredentials. - */ - - TAO::SSLIOP::OwnCredentials_ptr & c = ssliop_credentials.out (); - ACE_NEW_THROW_EX (c, - TAO::SSLIOP::OwnCredentials ( - ::SSL_get_certificate (ssl), - ::SSL_get_privatekey (ssl)), - CORBA::NO_MEMORY ()); - ACE_CHECK_RETURN (TAO::SSLIOP::OwnCredentials::_nil ()); - } - - return ssliop_credentials._retn (); -} - -int -TAO::SSLIOP::Connector::cancel_svc_handler ( - TAO_Connection_Handler * svc_handler) -{ - TAO::SSLIOP::Connection_Handler* handler= - dynamic_cast<TAO::SSLIOP::Connection_Handler*> (svc_handler); - - if (handler) - // Cancel from the connector - return this->base_connector_.cancel (handler); - - return -1; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h deleted file mode 100644 index 99578662196..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h +++ /dev/null @@ -1,162 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Connector.h - * - * $Id$ - * - * SSLIOP specific connector processing - * - * @author Carlos O'Ryan - * @author Ossama Othman - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_CONNECTOR_H -#define TAO_SSLIOP_CONNECTOR_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/IIOP_SSL_Connector.h" -#include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h" - -#include "ace/SSL/SSL_SOCK_Connector.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -/// Forward declarations. -class TAO_Base_Transport_Property; - -class TAO_SSLIOP_Endpoint; - -namespace TAO -{ - namespace SSLIOP - { - class OwnCredentials; - - /** - * @class Connector - * - * @brief SSLIOP-specific Connector bridge for pluggable protocols. - * - * Concrete instance of the TAO_Connector class. Responsible - * for establishing a connection with a server and is called from - * the Connector_Registry. - */ - class Connector : public TAO::IIOP_SSL_Connector - { - public: - - /// Constructor. - Connector (::Security::QOP qop); - - /** - * @name The TAO_Connector methods - * - * Please check the documentation in Transport_Connector.h - */ - //@{ - virtual int open (TAO_ORB_Core *orb_core); - virtual int close (void); - virtual TAO_Transport *connect (TAO::Profile_Transport_Resolver *r, - TAO_Transport_Descriptor_Interface *desc, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL); - - virtual TAO_Profile *create_profile (TAO_InputCDR& cdr); - virtual int check_prefix (const char *endpoint); - virtual TAO_Profile * corbaloc_scan (const char *ior, - size_t &len - ACE_ENV_ARG_DECL); - - //@} - - protected: - - /** - * @name @c TAO_Connector Methods - * - * Methods required by the @c TAO_Connector base class. - * - * @see @c TAO_Connector - */ - //@{ - virtual TAO_Profile * make_profile (ACE_ENV_SINGLE_ARG_DECL); - virtual int cancel_svc_handler (TAO_Connection_Handler * svc_handler); - //@} - - /// SSL-specific profile - TAO_Profile * make_secure_profile (ACE_ENV_SINGLE_ARG_DECL); - - /// IIOP-specific connection establishment. - /** - * @note The IIOP endpoint is extracted from the SSLIOP endpoint. - */ - TAO_Transport* iiop_connect (TAO_SSLIOP_Endpoint *ssliop_endpoint, - TAO::Profile_Transport_Resolver *r, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL); - - /// SSLIOP-specific connection establishment. - TAO_Transport* ssliop_connect (TAO_SSLIOP_Endpoint *ssliop_endpoint, - ::Security::QOP qop, - const ::Security::EstablishTrust &trust, - TAO::Profile_Transport_Resolver *r, - TAO_Transport_Descriptor_Interface *desc, - ACE_Time_Value *timeout - ACE_ENV_ARG_DECL); - - /// Retrieve SSLIOP credentials from the policy overrides list - /// and set up the underlying SSL connection to use the X.509 - /// certificates stored within them. - TAO::SSLIOP::OwnCredentials * retrieve_credentials (TAO_Stub *stub, - SSL *ssl - ACE_ENV_ARG_DECL); - - public: - - typedef TAO_Connect_Concurrency_Strategy<Connection_Handler> - CONNECT_CONCURRENCY_STRATEGY; - - typedef TAO_Connect_Creation_Strategy<Connection_Handler> - CONNECT_CREATION_STRATEGY; - - typedef ACE_Connect_Strategy<Connection_Handler, - ACE_SSL_SOCK_CONNECTOR> - CONNECT_STRATEGY; - - typedef ACE_Strategy_Connector<Connection_Handler, - ACE_SSL_SOCK_CONNECTOR> - BASE_CONNECTOR; - - private: - - /// If zero, connect to IIOP over SSL port by default. - /// Otherwise, connect to the insecure IIOP port. - ::Security::QOP qop_; - - /// Our connect strategy - CONNECT_STRATEGY connect_strategy_; - - /// The connector initiating connection requests for IIOP. - BASE_CONNECTOR base_connector_; - - }; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_CONNECTOR_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp deleted file mode 100644 index 9f8804ad604..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.cpp +++ /dev/null @@ -1,267 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Credentials.h" - -#include "tao/ORB_Constants.h" - -#include "ace/SString.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_Credentials, - "$Id$") - - -#if !defined (__ACE_INLINE__) -# include "orbsvcs/SSLIOP/SSLIOP_Credentials.inl" -#endif /* __ACE_INLINE__ */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP_Credentials::SSLIOP_Credentials (::X509 *cert, ::EVP_PKEY *evp) - : x509_ (TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (cert)), - evp_ (TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (evp)), - id_ (), - creds_usage_ (SecurityLevel3::CU_Indefinite), - expiry_time_ (), - creds_state_ (SecurityLevel3::CS_Invalid) -{ - ::X509 *x = cert; - - if (x != 0) - { - // We use the X.509 certificate's serial number as the - // credentials Id. - BIGNUM * bn = ASN1_INTEGER_to_BN (::X509_get_serialNumber (x), 0); - if (BN_is_zero (bn)) - this->id_ = CORBA::string_dup ("X509: 00"); - else - { - char * id = BN_bn2hex (bn); - - ACE_CString s = - ACE_CString ("X509: ") - + ACE_CString (const_cast<const char *> (id)); - - this->id_ = CORBA::string_dup (s.c_str ()); - -#ifdef OPENSSL_free - OPENSSL_free (id); -#else - // Older versions of OpenSSL didn't define the OpenSSL - // macro. - CRYPTO_free (id); -#endif /* OPENSSL_free */ - } - - // ------------------------------------------- - - TimeBase::UtcT & t = this->expiry_time_; - - const ASN1_TIME * exp = X509_get_notAfter (x); - - if (exp->length > ACE_SIZEOF_LONG_LONG) - { - // @@ Will this ever happen? - - // Overflow! - t.time = ACE_UINT64_LITERAL (0xffffffffffffffff); - } - else - { - t.time = 0; - for (int i = 0; i < exp->length; ++i) - { - t.time <<= 8; - t.time |= (unsigned char) exp->data[i]; - } - } - } -} - -TAO::SSLIOP_Credentials::~SSLIOP_Credentials (void) -{ -} - -char * -TAO::SSLIOP_Credentials::creds_id (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return CORBA::string_dup (this->id_.in ()); -} - -SecurityLevel3::CredentialsUsage -TAO::SSLIOP_Credentials::creds_usage (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return SecurityLevel3::CU_Indefinite; -} - -TimeBase::UtcT -TAO::SSLIOP_Credentials::expiry_time (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return this->expiry_time_; -} - -SecurityLevel3::CredentialsState -TAO::SSLIOP_Credentials::creds_state (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - const ::X509 *x = this->x509_.in (); - - // The pointer to the underlying X509 structure should only be zero - // if destroy() was called on this Credentials object. - if (x == 0) - ACE_THROW_RETURN (CORBA::BAD_OPERATION (), - SecurityLevel3::CS_Invalid); - - if (this->creds_state_ == SecurityLevel3::CS_Valid) - { - // Make sure the X.509 certificate is still valid. - - const int after_status = - ::X509_cmp_current_time (X509_get_notAfter (x)); - - if (after_status == 0) - { - // Error in certificate's "not after" field. - ACE_THROW_RETURN (CORBA::BAD_PARAM (), // @@ Correct exception? - SecurityLevel3::CS_Invalid); - } - else if (after_status > 0) // Certificate has expired. - this->creds_state_ = SecurityLevel3::CS_Expired; - } - else if (this->creds_state_ == SecurityLevel3::CS_Invalid) - { - // Check if the X.509 certificate has become valid. - - const int before_status = - ::X509_cmp_current_time (X509_get_notBefore (x)); - - if (before_status == 0) - { - // Error in certificate's "not before" field. - ACE_THROW_RETURN (CORBA::BAD_PARAM (), // @@ Correct exception? - SecurityLevel3::CS_Invalid); - } - else if (before_status < 0) // Certificate is now valid. - this->creds_state_ = SecurityLevel3::CS_Valid; - } - - return this->creds_state_; -} - -char * -TAO::SSLIOP_Credentials::add_relinquished_listener ( - SecurityLevel3::RelinquishedCredentialsListener_ptr /* listener */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -void -TAO::SSLIOP_Credentials::remove_relinquished_listener (const char * /* id */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW (CORBA::NO_IMPLEMENT ()); -} - -bool -TAO::SSLIOP_Credentials::operator== (const TAO::SSLIOP_Credentials &rhs) -{ - ::X509 * xa = this->x509_.in (); - ::X509 * xb = rhs.x509_.in (); - // EVP_PKEY *ea = this->evp_.in (); - // EVP_PKEY *eb = rhs.evp_.in (); - - ACE_DECLARE_NEW_CORBA_ENV; - // No need for a full blown ACE_TRY/CATCH block. - - const SecurityLevel3::CredentialsType lct = - this->creds_type (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (false); - - const SecurityLevel3::CredentialsType rct = - const_cast<TAO::SSLIOP_Credentials &> (rhs).creds_type ( - ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (false); - - // Don't bother check the creds_id and expiry_time attributes. They - // are checked implicitly by the below X509_cmp() call. - // - // Additionally, the creds_state attribute is not included in the - // check since it is not considered important when distinguishing - // between two Credentials. - - return - lct == rct - && this->creds_usage_ == rhs.creds_usage_ - && ((xa == xb) || (xa != 0 && xb != 0 && ::X509_cmp (xa, xb) == 0)) -// && ((ea == eb) || (ea != 0 && eb != 0 && ::EVP_PKEY_cmp (ea, eb) == 0)) - ; -} - -CORBA::ULong -TAO::SSLIOP_Credentials::hash (void) const -{ - ::X509 * x509 = this->x509_.in (); - - return (x509 == 0 ? 0 : ::X509_issuer_name_hash (x509)); -} - -TAO::SSLIOP::Credentials_ptr -TAO::SSLIOP_Credentials::_narrow (CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_NOT_USED) -{ - return TAO::SSLIOP_Credentials::_duplicate ( - dynamic_cast<TAO::SSLIOP_Credentials *> (obj)); -} - -TAO::SSLIOP::Credentials_ptr -TAO::SSLIOP_Credentials::_duplicate (TAO::SSLIOP::Credentials_ptr obj) -{ - if (!CORBA::is_nil (obj)) - obj->_add_ref (); - - return obj; -} - -// ----------------------------------------------------------- - -TAO::SSLIOP::Credentials_ptr -tao_TAO_SSLIOP_Credentials_duplicate (TAO::SSLIOP::Credentials_ptr p) -{ - return TAO::SSLIOP_Credentials::_duplicate (p); -} - -void -tao_TAO_SSLIOP_Credentials_release (TAO::SSLIOP::Credentials_ptr p) -{ - CORBA::release (p); -} - -TAO::SSLIOP::Credentials_ptr -tao_TAO_SSLIOP_Credentials_nil (void) -{ - return TAO::SSLIOP_Credentials::_nil (); -} - -TAO::SSLIOP::Credentials_ptr -tao_TAO_SSLIOP_Credentials_narrow (CORBA::Object *p - ACE_ENV_ARG_DECL) -{ - return TAO::SSLIOP_Credentials::_narrow (p - ACE_ENV_ARG_PARAMETER); -} - -CORBA::Object_ptr -tao_TAO_SSLIOP_Credentials_upcast (void *src) -{ - TAO::SSLIOP_Credentials **tmp = - static_cast<TAO::SSLIOP_Credentials **> (src); - - return *tmp; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h deleted file mode 100644 index 5fdf4f78e6c..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.h +++ /dev/null @@ -1,186 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Credentials.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - -#ifndef TAO_SSLIOP_CREDENTIALS_H -#define TAO_SSLIOP_CREDENTIALS_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_X509.h" -#include "orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h" -#include "orbsvcs/SecurityLevel3C.h" -#include "tao/LocalObject.h" - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - class SSLIOP_Credentials; - - namespace SSLIOP - { - typedef SSLIOP_Credentials* Credentials_ptr; - typedef TAO_Pseudo_Var_T<SSLIOP_Credentials> Credentials_var; - typedef TAO_Pseudo_Out_T<SSLIOP_Credentials> Credentials_out; - } - - /** - * @class SSLIOP_Credentials - * - * @brief SSLIOP-specific implementation of the - * SecurityLevel3::Credentials interface. - * - * This class encapsulates the X.509 certificate associated with a - * given a principal. - * - * @note Why is this class not the TAO::SSLIOP namespace? Because - * brain damaged MSVC++ 6 cannot call a base class - * constructor of class declared in a namespace that is more - * than one level deep in a sub-class base member - * initializer list. - */ - class TAO_SSLIOP_Export SSLIOP_Credentials - : public virtual SecurityLevel3::Credentials, - public virtual TAO_Local_RefCounted_Object - { - public: - typedef SSLIOP::Credentials_ptr _ptr_type; - typedef SSLIOP::Credentials_var _var_type; - typedef SSLIOP::Credentials_out _out_type; - - /// Constructor - SSLIOP_Credentials (::X509 * cert, ::EVP_PKEY * evp); - - /** - * @name SecurityLevel3::Credentials Methods - * - * Methods required by the SecurityLevel3::Credentials - * interface. - */ - //@{ - virtual char * creds_id (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual - SecurityLevel3::CredentialsType creds_type (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) = 0; - - virtual SecurityLevel3::CredentialsUsage creds_usage ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual TimeBase::UtcT expiry_time (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::CredentialsState creds_state ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual char * add_relinquished_listener ( - SecurityLevel3::RelinquishedCredentialsListener_ptr listener - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void remove_relinquished_listener (const char * id - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - - //@{ - /// Return a pointer to the underlying X.509 certificate. - /** - * @note Caller owns the returned object. Use a - * TAO::SSLIOP::X509_var. - */ - ::X509 *x509 (void); - //@} - - /// Return a pointer to the underlying private key. - /** - * @return Non-zero value if private key is used. - * - * @note Caller owns the returned object. Use a - * TAO::SSLIOP::EVP_PKEY_var. - */ - ::EVP_PKEY *evp (void); - //@} - - bool operator== (const SSLIOP_Credentials &rhs); - - CORBA::ULong hash (void) const; - - // The static operations. - static SSLIOP::Credentials_ptr _duplicate (SSLIOP::Credentials_ptr obj); - - static SSLIOP::Credentials_ptr _narrow (CORBA::Object_ptr obj - ACE_ENV_ARG_DECL); - - static SSLIOP::Credentials_ptr _nil (void) - { - return (SSLIOP::Credentials_ptr) 0; - } - - //@} - - protected: - - /// Destructor. - /** - * Protected destructor to enforce proper memory management - * through the reference counting mechanism. - */ - ~SSLIOP_Credentials (void); - - protected: - - /// Reference to the X.509 certificate associated with this SSLIOP - /// Credentials object. - SSLIOP::X509_var x509_; - - /// Reference to the private key associated with the X.509 - /// certificate. - SSLIOP::EVP_PKEY_var evp_; - - /// Credentials Identifier. - CORBA::String_var id_; - - /// The intended usage of the Credentials. - SecurityLevel3::CredentialsUsage creds_usage_; - - /// The time these Credentials expire. - TimeBase::UtcT expiry_time_; - - /// The validity of the Credentials. - SecurityLevel3::CredentialsState creds_state_; - - }; - -// } // End SSLIOP namespace -} // End TAO namespace - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined (__ACE_INLINE__) -# include "orbsvcs/SSLIOP/SSLIOP_Credentials.inl" -#endif /* __ACE_INLINE__ */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_CREDENTIALS_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl deleted file mode 100644 index 42970eb800f..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Credentials.inl +++ /dev/null @@ -1,21 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -ACE_INLINE ::X509 * -TAO::SSLIOP_Credentials::x509 (void) -{ - return - TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (this->x509_.in ()); -} - -ACE_INLINE ::EVP_PKEY * -TAO::SSLIOP_Credentials::evp (void) -{ - return - TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (this->evp_.in ()); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp deleted file mode 100644 index fcccd07cc67..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.cpp +++ /dev/null @@ -1,388 +0,0 @@ -// $Id$ - -#include "orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h" -#include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h" - -#include "tao/debug.h" -#include "tao/ORB_Constants.h" - -#include "ace/SSL/SSL_Context.h" - -#include "ace/OS_NS_stdio.h" - -#include <openssl/x509.h> -#include <openssl/pem.h> - - -ACE_RCSID (SSLIOP, - SSLIOP_CredentialsAcquirer, - "$Id$") - - -// ------------------------------------------------------- - -#if (defined (TAO_HAS_VERSIONED_NAMESPACE) && TAO_HAS_VERSIONED_NAMESPACE == 1) -# define TAO_SSLIOP_PASSWORD_CALLBACK_NAME ACE_PREPROC_CONCATENATE(TAO_VERSIONED_NAMESPACE_NAME, _TAO_SSLIOP_password_callback) -#else -# define TAO_SSLIOP_PASSWORD_CALLBACK_NAME TAO_SSLIOP_password_callback -#endif /* TAO_HAS_VERSIONED_NAMESPACE == 1 */ - - -extern "C" -int -TAO_SSLIOP_PASSWORD_CALLBACK_NAME (char *buf, - int size, - int /* rwflag */, - void *userdata) -{ - // @@ I'm probably over complicating this implementation, but that's - // what you get when you try to be overly efficient. :-) - // -Ossama - - const char * password = static_cast<char *> (userdata); - - int pwlen = -1; - - if (password != 0) - { - pwlen = ACE_OS::strlen (password); - - int copy_len = pwlen + 1; // Include the NULL terminator - - // Clear the portion of the buffer that exceeds the space that - // will be occupied by the password. - if (copy_len < size) - ACE_OS::memset (buf + copy_len, 0, size - copy_len); - - // Make sure we don't overflow the OpenSSL supplied buffer. - // Truncate the password if necessary. - copy_len = (copy_len > size) ? size : copy_len; - - ACE_OS::memcpy (buf, password, copy_len); - - // NULL terminate the truncated password. - if (copy_len > size) - { - pwlen = size - 1; - buf[pwlen] = '\0'; - } - } - - return pwlen; -} - -// ------------------------------------------------------- - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::CredentialsAcquirer::CredentialsAcquirer ( - TAO::SL3::CredentialsCurator_ptr curator, - const CORBA::Any & acquisition_arguments) - : lock_ (), - curator_ (TAO::SL3::CredentialsCurator::_duplicate (curator)), - acquisition_arguments_ (acquisition_arguments), - destroyed_ (false) -{ -} - -TAO::SSLIOP::CredentialsAcquirer::~CredentialsAcquirer (void) -{ -} - -char * -TAO::SSLIOP::CredentialsAcquirer::acquisition_method (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - return CORBA::string_dup ("SL3TLS"); -} - -SecurityLevel3::AcquisitionStatus -TAO::SSLIOP::CredentialsAcquirer::current_status (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (SecurityLevel3::AQST_Failed); - - return SecurityLevel3::AQST_Succeeded; // @@ Really? -} - -CORBA::ULong -TAO::SSLIOP::CredentialsAcquirer::nth_iteration (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - // SSL/TLS credentials is single-step process from the point-of-view - // of the caller. - return 1; -} - -CORBA::Any * -TAO::SSLIOP::CredentialsAcquirer::get_continuation_data ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // SSL/TLS credentials acquisition does generate continuation data. - ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (), 0); -} - -SecurityLevel3::AcquisitionStatus -TAO::SSLIOP::CredentialsAcquirer::continue_acquisition ( - const CORBA::Any & /* acquisition_arguments */ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // SSL/TLS credentials acquisition does generate continuation data. - ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (), - SecurityLevel3::AQST_Failed); -} - -SecurityLevel3::OwnCredentials_ptr -TAO::SSLIOP::CredentialsAcquirer::get_credentials (CORBA::Boolean on_list - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ()); - - ::SSLIOP::AuthData *data; - - if (!(this->acquisition_arguments_ >>= data)) - ACE_THROW_RETURN (CORBA::BAD_PARAM (), - SecurityLevel3::OwnCredentials::_nil ()); - - TAO::SSLIOP::X509_var x509 = this->make_X509 (data->certificate); - - if (x509.in () == 0) - ACE_THROW_RETURN (CORBA::BAD_PARAM (), - SecurityLevel3::OwnCredentials::_nil ()); - - TAO::SSLIOP::EVP_PKEY_var evp = this->make_EVP_PKEY (data->key); - - if (evp.in () == 0) - ACE_THROW_RETURN (CORBA::BAD_PARAM (), - SecurityLevel3::OwnCredentials::_nil ()); - - // Verify that the private key is consistent with the certificate. - if (::X509_check_private_key (x509.in (), evp.in ()) != 1) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("(%P|%t) ERROR: Private key is not ") - ACE_TEXT ("consistent with X.509 certificate"))); - - ACE_THROW_RETURN (CORBA::BAD_PARAM (), - SecurityLevel3::OwnCredentials::_nil ()); - } - - TAO::SSLIOP::OwnCredentials * creds; - ACE_NEW_THROW_EX (creds, - TAO::SSLIOP::OwnCredentials (x509.in (), evp.in ()), - CORBA::NO_MEMORY ()); - ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ()); - - SecurityLevel3::OwnCredentials_var credentials = creds; - - if (on_list) - { - this->curator_->_tao_add_own_credentials (creds - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ()); - } - - this->destroy (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ()); - - return credentials._retn (); -} - -void -TAO::SSLIOP::CredentialsAcquirer::destroy (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK; - - ACE_GUARD (TAO_SYNCH_MUTEX, - guard, - this->lock_); - - if (!this->destroyed_) - { - this->destroyed_ = true; - - // Release our reference to the CredentialsCurator. - (void) this->curator_.out (); - } -} - -void -TAO::SSLIOP::CredentialsAcquirer::check_validity (ACE_ENV_SINGLE_ARG_DECL) -{ - ACE_GUARD (TAO_SYNCH_MUTEX, - guard, - this->lock_); - - if (this->destroyed_) - ACE_THROW (CORBA::BAD_INV_ORDER ()); -} - -::X509 * -TAO::SSLIOP::CredentialsAcquirer::make_X509 (const ::SSLIOP::File &certificate) -{ - // No password is used or needed when reading ASN.1 encoded - // certificates. - - const char *filename = certificate.filename.in (); - - if (filename == 0) - return 0; - - FILE *fp = 0; - ::X509 *x = 0; - - if (certificate.type == ::SSLIOP::ASN1) - { - // ASN.1/DER encoded certificate - - // No password is used or needed when reading ASN.1 encoded - // certificates. - - const char *filename = certificate.filename.in (); - - if (filename == 0) - return 0; - - fp = ACE_OS::fopen (filename, "rb"); - - if (fp == 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"), - ACE_TEXT ("fopen"))); - - return 0; - } - - // Read ASN.1 / DER encoded X.509 certificate from a file, and - // convert it to OpenSSL's internal X.509 format. - x = ::d2i_X509_fp (fp, 0); - } - else - { - // PEM encoded certificate - - fp = ACE_OS::fopen (filename, "r"); - - if (fp == 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"), - ACE_TEXT ("fopen"))); - - return 0; - } - - const char *password = certificate.password.in (); - - // Read PEM encoded X.509 certificate from a file, and convert - // it to OpenSSL's internal X.509 format. - x = PEM_read_X509 (fp, - 0, - TAO_SSLIOP_PASSWORD_CALLBACK_NAME, - const_cast<char *> (password)); - } - - (void) ACE_OS::fclose (fp); - - if (x == 0 && TAO_debug_level > 0) - ACE_SSL_Context::report_error (); - - return x; -} - -::EVP_PKEY * -TAO::SSLIOP::CredentialsAcquirer::make_EVP_PKEY (const ::SSLIOP::File &key) -{ - // No password is used or needed when reading ASN.1 encoded - // private keys. - - const char *filename = key.filename.in (); - - if (filename == 0) - return 0; - - FILE *fp = 0; - ::EVP_PKEY *evp = 0; - - if (key.type == ::SSLIOP::ASN1) - { - // ASN.1/DER encoded private key - - // No password is used or needed when reading ASN.1 encoded - // private keys. - - const char *filename = key.filename.in (); - - if (filename == 0) - return 0; - - fp = ACE_OS::fopen (filename, "rb"); - - if (fp == 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ") - ACE_TEXT ("- %p\n"), - ACE_TEXT ("fopen"))); - - return 0; - } - - // Read ASN.1 / DER encoded private key from a file, and convert - // it to OpenSSL's internal private key format. - evp = ::d2i_PrivateKey_fp (fp, 0); - } - else - { - // PEM encoded private key - - fp = ACE_OS::fopen (filename, "r"); - - if (fp == 0) - { - if (TAO_debug_level > 0) - ACE_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ") - ACE_TEXT ("- %p\n"), - ACE_TEXT ("fopen"))); - - return 0; - } - - const char *password = key.password.in (); - - // Read PEM encoded private key from a file, and convert it to - // OpenSSL's internal private key format. - evp = PEM_read_PrivateKey (fp, - 0, - TAO_SSLIOP_PASSWORD_CALLBACK_NAME, - const_cast<char *> (password)); - } - - (void) ACE_OS::fclose (fp); - - if (evp == 0 && TAO_debug_level > 0) - ACE_SSL_Context::report_error (); - - return evp; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h deleted file mode 100644 index 734ca4d1884..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h +++ /dev/null @@ -1,154 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_CredentialsAcquirer.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_CREDENTIALS_ACQUIRER_H -#define TAO_SSLIOP_CREDENTIALS_ACQUIRER_H - -#include /**/ "ace/pre.h" -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/Security/SL3_CredentialsCurator.h" - -#include "orbsvcs/SSLIOPC.h" -#include "orbsvcs/SecurityLevel3C.h" - -#include "tao/LocalObject.h" - -#include <openssl/opensslconf.h> - - -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:4250) -#endif /* _MSC_VER */ - - -/// Forward declarations for OpenSSL data structures. -extern "C" -{ - typedef struct x509_st X509; - typedef struct evp_pkey_st EVP_PKEY; -} - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - /** - * @class CredentialsAcquirer - * - * @brief SSLIOP-specific SecurityLevel3::CredentialsAcquirer - * implementation. - * - * This class generates SSLIOP-specific credentials. - */ - class TAO_SSLIOP_Export CredentialsAcquirer - : public virtual SecurityLevel3::CredentialsAcquirer, - public virtual TAO_Local_RefCounted_Object - { - public: - - /// Constructor - CredentialsAcquirer (TAO::SL3::CredentialsCurator_ptr curator, - const CORBA::Any & acquisition_arguments); - - /** - * @name SecurityLevel3::CredentialsAcquirer Methods - * - * Methods required by the SecurityLevel3::CredentialsAcquirer - * interface. - */ - //@{ - virtual char * acquisition_method (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::AcquisitionStatus current_status ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::ULong nth_iteration (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Any * get_continuation_data (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::AcquisitionStatus continue_acquisition ( - const CORBA::Any & acquisition_arguments - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::OwnCredentials_ptr get_credentials ( - CORBA::Boolean on_list - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void destroy (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - protected: - - /// Destructor - /** - * Protected destructor to enforce proper memory management - * through the reference counting mechanism. - */ - ~CredentialsAcquirer (void); - - private: - - /// Verify that this CredentialsAcquirer object is still valid, - /// i.e. hasn't been destroyed. - void check_validity (ACE_ENV_SINGLE_ARG_DECL); - - /// Create an OpenSSL X.509 certificate data structure. - static ::X509 * make_X509 (const ::SSLIOP::File &certificate); - - /// Create an OpenSSL EVP_PKEY key data structure. - static ::EVP_PKEY * make_EVP_PKEY (const ::SSLIOP::File &key); - - private: - - /// Lock used for synchronization. - TAO_SYNCH_MUTEX lock_; - - /// Reference to the TAO CredentialsCurator implementation. - TAO::SL3::CredentialsCurator_var curator_; - - /// SSLIOP-specific credentials acquisition arguments. - const CORBA::Any & acquisition_arguments_; - - /// Has this CredentialsAcquirer object completed credentials - /// acquisition or been explicitly destroyed? - bool destroyed_; - - }; - - } // End SSLIOP namespace -} // End TAO namespace - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_CREDENTIALS_ACQUIRER_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.cpp deleted file mode 100644 index 06ac8c86977..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.cpp +++ /dev/null @@ -1,30 +0,0 @@ -// $Id$ - -#include "orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h" -#include "orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirer.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_CredentialsAcquirerFactory, - "$Id$") - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -SecurityLevel3::CredentialsAcquirer_ptr -TAO::SSLIOP::CredentialsAcquirerFactory::make ( - TAO::SL3::CredentialsCurator_ptr curator, - const CORBA::Any & acquisition_arguments - ACE_ENV_ARG_DECL) -{ - SecurityLevel3::CredentialsAcquirer_ptr ca; - ACE_NEW_THROW_EX (ca, - TAO::SSLIOP::CredentialsAcquirer (curator, - acquisition_arguments), - CORBA::NO_MEMORY ()); - ACE_CHECK_RETURN (SecurityLevel3::CredentialsAcquirer::_nil ()); - - return ca; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h deleted file mode 100644 index dcc44e36919..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h +++ /dev/null @@ -1,65 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_CredentialsAcquirerFactory.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_CREDENTIALS_ACQUIRER_FACTORY_H -#define TAO_SSLIOP_CREDENTIALS_ACQUIRER_FACTORY_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/Security/SL3_CredentialsAcquirerFactory.h" - -#include "orbsvcs/SecurityLevel3C.h" - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - - /** - * @class CredentialsAcquirerFactory - * - * @brief SSLIOP-specific TAO::SL3::CredentialsAcquirerFactory - * implementation. - * - * This class generates SSLIOP::CredentialsAcquirer instances. - */ - class TAO_SSLIOP_Export CredentialsAcquirerFactory - : public virtual TAO::SL3::CredentialsAcquirerFactory - { - public: - - /// Create a TAO::SSLIOP::CredentialsAcquirerFactory. - virtual SecurityLevel3::CredentialsAcquirer_ptr make ( - TAO::SL3::CredentialsCurator_ptr curator, - const CORBA::Any & acquisition_arguments - ACE_ENV_ARG_DECL); - - }; - - } // End SSLIOP namespace -} // End TAO namespace - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_CREDENTIALS_ACQUIRER_FACTORY_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp deleted file mode 100644 index 9d39c05ba21..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.cpp +++ /dev/null @@ -1,197 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Current.h" -#include "tao/debug.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_Current, - "$Id$") - - -#if !defined (__ACE_INLINE__) -# include "orbsvcs/SSLIOP/SSLIOP_Current.inl" -#endif /* __ACE_INLINE__ */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Current::Current (TAO_ORB_Core *orb_core) - : tss_slot_ (0), - orb_core_ (orb_core) -{ -} - -TAO::SSLIOP::Current::~Current (void) -{ -} - -::SSLIOP::ASN_1_Cert * -TAO::SSLIOP::Current::get_peer_certificate ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException, - SSLIOP::Current::NoContext)) -{ - TAO::SSLIOP::Current_Impl *impl = this->implementation (); - - // If the implementation pointer returned from TSS is zero, then - // we're not in the middle of a request or an upcall. Throw an - // exception to indicate that. - if (impl == 0) - ACE_THROW_RETURN (::SSLIOP::Current::NoContext (), 0); - - // A valid value must always be returned, so instantiate a sequence - // regardless of whether or not it is populated with certificates. - ::SSLIOP::ASN_1_Cert *c = 0; - ACE_NEW_THROW_EX (c, - ::SSLIOP::ASN_1_Cert, - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (0); - - ::SSLIOP::ASN_1_Cert_var certificate = c; - - // Populate the sequence with the DER encoded certificate. - impl->get_peer_certificate (c); - - return certificate._retn (); -} - -SSLIOP::SSL_Cert * -TAO::SSLIOP::Current::get_peer_certificate_chain ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException, - SSLIOP::Current::NoContext)) -{ - TAO::SSLIOP::Current_Impl *impl = this->implementation (); - - // If the implementation pointer returned from TSS is zero, then - // we're not in the middle of a request or an upcall. Throw an - // exception to indicate that. - if (impl == 0) - ACE_THROW_RETURN (SSLIOP::Current::NoContext (), 0); - - // A valid value must always be returned, so instantiate a sequence - // regardless of whether or not it is populated with certificates. - ::SSLIOP::SSL_Cert *c = 0; - ACE_NEW_THROW_EX (c, - ::SSLIOP::SSL_Cert, - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (0); - - ::SSLIOP::SSL_Cert_var cert_chain = c; - - // Populate the sequence with the chain of DER encoded certificates. - impl->get_peer_certificate_chain (c); - - return cert_chain._retn (); -} - -CORBA::Boolean -TAO::SSLIOP::Current::no_context (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return (this->implementation () == 0 ? 1 : 0); -} - -void -TAO::SSLIOP::Current::setup (TAO::SSLIOP::Current_Impl *&prev_impl, - TAO::SSLIOP::Current_Impl *new_impl, - bool &setup_done) -{ - // Set the current context and remember the old one. - - prev_impl = this->implementation (); - - (void) this->implementation (new_impl); // Check for error? - - // Setup is complete. - setup_done = true; -} - -void -TAO::SSLIOP::Current::teardown (TAO::SSLIOP::Current_Impl *prev_impl, - bool &setup_done) -{ - if (setup_done) - { - // Reset the old context. - (void) this->implementation (prev_impl); - setup_done = false; - } -} - -TAO::SSLIOP::Current_ptr -TAO::SSLIOP::Current::_narrow ( - CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_NOT_USED) -{ - return TAO::SSLIOP::Current::_duplicate ( - dynamic_cast<TAO::SSLIOP::Current *> (obj)); -} - -TAO::SSLIOP::Current_ptr -TAO::SSLIOP::Current::_duplicate (TAO::SSLIOP::Current_ptr obj) -{ - if (!CORBA::is_nil (obj)) - obj->_add_ref (); - - return obj; -} - -const char * -TAO::SSLIOP::Current::_interface_repository_id (void) const -{ - return "IDL:TAO/SSLIOP/Current:1.0"; -} - -// ---------------------------------------------------------------- - -TAO::SSLIOP::Current_ptr -tao_TAO_SSLIOP_Current_duplicate ( - TAO::SSLIOP::Current_ptr p - ) -{ - return TAO::SSLIOP::Current::_duplicate (p); -} - -void -tao_TAO_SSLIOP_Current_release ( - TAO::SSLIOP::Current_ptr p - ) -{ - CORBA::release (p); -} - -TAO::SSLIOP::Current_ptr -tao_TAO_SSLIOP_Current_nil ( - void - ) -{ - return TAO::SSLIOP::Current::_nil (); -} - -TAO::SSLIOP::Current_ptr -tao_TAO_SSLIOP_Current_narrow ( - CORBA::Object *p - ACE_ENV_ARG_DECL - ) -{ - return TAO::SSLIOP::Current::_narrow (p ACE_ENV_ARG_PARAMETER); -} - -CORBA::Object * -tao_TAO_SSLIOP_Current_upcast ( - void *src - ) -{ - TAO::SSLIOP::Current **tmp = - static_cast<TAO::SSLIOP::Current **> (src); - return *tmp; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h deleted file mode 100644 index 02b68b6f60b..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.h +++ /dev/null @@ -1,177 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file SSLIOP_Current.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -// =================================================================== - -#ifndef TAO_SSLIOP_CURRENT_H -#define TAO_SSLIOP_CURRENT_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Current_Impl.h" - -#include "orbsvcs/SSLIOPC.h" -#include "tao/ORB_Core.h" -#include "tao/LocalObject.h" - -// This is to remove "inherits via dominance" warnings from MSVC. -// MSVC is being a little too paranoid. -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:4250) -#endif /* _MSC_VER */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - class Current; - typedef Current * Current_ptr; - typedef TAO_Pseudo_Var_T<Current> Current_var; - typedef TAO_Pseudo_Out_T<Current> Current_out; - - /** - * @class Current - * - * @brief Implementation of the TAO SSLIOP::Current extension. - * - * This object can be used to obtain SSL session related - * information about the current execution context. For example, - * SSL peer certificate chains for the current request can be - * obtained from this object. - */ - class Current - : public ::SSLIOP::Current, - public TAO_Local_RefCounted_Object - { - public: - typedef Current_ptr _ptr_type; - typedef Current_var _var_type; - typedef Current_out _out_type; - - /// Constructor. - Current (TAO_ORB_Core *orb_core); - - /// Return the peer certificate associated with the current - /// request. - virtual ::SSLIOP::ASN_1_Cert * get_peer_certificate ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException, - ::SSLIOP::Current::NoContext)); - - /** - * Return the certificate chain associated with the current - * execution context. If no SSL session is being used for the - * request or upcall, then the NoContext exception is raised. - * On the client side, the chain does include the peer (server) - * certficate. However, the certificate chain on the server - * side does NOT contain the peer (client) certificate. - */ - virtual ::SSLIOP::SSL_Cert * get_peer_certificate_chain ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException, - ::SSLIOP::Current::NoContext)); - - /** - * This method is mostly useful as an inexpensive means of - * determining whether or not SSL session state is available. - * - * @return @c true if the current execution context is not - * within a SSL session. - */ - virtual CORBA::Boolean no_context (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Set the TSS slot ID assigned to this object. - void tss_slot (size_t slot); - - /// Setup the Current. - void setup (Current_Impl *& prev_impl, - Current_Impl * new_impl, - bool &setup_done); - - /// Teardown the Current for this request. - void teardown (Current_Impl *prev_impl, - bool &setup_done); - - /** - * @name Downcast and Reference Counting Methods - * - * These are basically the same methods generated by the IDL - * compiler for all IDL interfaces. - */ - //@{ - // The static operations. - static Current_ptr _duplicate (Current_ptr obj); - - static Current_ptr _narrow (CORBA::Object_ptr obj - ACE_ENV_ARG_DECL); - - static Current_ptr _nil (void) - { - return (Current_ptr)0; - } - - virtual const char* _interface_repository_id (void) const; - //@} - - protected: - - /// Destructor - ~Current (void); - - /// Set the TSS SSLIOP::Current implementation. - int implementation (Current_Impl *impl); - - /// Return the TSS SSLIOP::Current implementation. - Current_Impl *implementation (void); - - private: - - /// Prevent copying through the copy constructor and the assignment - /// operator. - //@{ - Current (const Current &); - void operator= (const Current &); - //@} - - private: - - /// TSS slot assigned to this object. - size_t tss_slot_; - - /// Pointer to the ORB Core corresponding to the ORB with which this - /// object is registered. - TAO_ORB_Core * const orb_core_; - }; - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined (__ACE_INLINE__) -# include "orbsvcs/SSLIOP/SSLIOP_Current.inl" -#endif /* __ACE_INLINE__ */ - -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_CURRENT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.inl deleted file mode 100644 index 1584b919606..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current.inl +++ /dev/null @@ -1,40 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -ACE_INLINE void -TAO::SSLIOP::Current::tss_slot (size_t slot) -{ - this->tss_slot_ = slot; -} - -ACE_INLINE int -TAO::SSLIOP::Current::implementation (TAO::SSLIOP::Current_Impl *impl) -{ - if (this->orb_core_ == 0) - return -1; - - return this->orb_core_->set_tss_resource (this->tss_slot_, impl); -} - -ACE_INLINE TAO::SSLIOP::Current_Impl * -TAO::SSLIOP::Current::implementation (void) -{ - if (this->orb_core_ == 0) - return 0; - - TAO::SL3::SecurityCurrent_Impl *impl = - static_cast<TAO::SL3::SecurityCurrent_Impl *> ( - this->orb_core_->get_tss_resource (this->tss_slot_)); - - // Make sure we've got SSL session state in TSS before allowing - // further use of the SSLIOP::Current object. - if (impl != 0 && impl->tag () == ::SSLIOP::TAG_SSL_SEC_TRANS) - return dynamic_cast<TAO::SSLIOP::Current_Impl *> (impl); - - return 0; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp deleted file mode 100644 index 27f173dfaac..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp +++ /dev/null @@ -1,128 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Current_Impl.h" - -#include "ace/OS_String.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_Current_Impl, - "$Id$") - - -#if !defined (__ACE_INLINE__) -# include "orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl" -#endif /* __ACE_INLINE__ */ - -#include "orbsvcs/SSLIOP/SSLIOP_X509.h" -#include "orbsvcs/SSLIOP/SSLIOP_ClientCredentials.h" - -#include "tao/ORB_Constants.h" - -#include <openssl/x509.h> - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Current_Impl::~Current_Impl (void) -{ -} - -SecurityLevel3::ClientCredentials_ptr -TAO::SSLIOP::Current_Impl::client_credentials ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - TAO::SSLIOP::X509_var cert = ::SSL_get_peer_certificate (this->ssl_); - if (cert.ptr () == 0) - ACE_THROW_RETURN (CORBA::BAD_OPERATION (), - SecurityLevel3::ClientCredentials::_nil ()); - - SecurityLevel3::ClientCredentials_ptr creds; - ACE_NEW_THROW_EX (creds, - TAO::SSLIOP::ClientCredentials (cert.in (), - 0, - this->ssl_), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (SecurityLevel3::ClientCredentials::_nil ()); - - return creds; -} - -CORBA::Boolean -TAO::SSLIOP::Current_Impl::request_is_local (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -void -TAO::SSLIOP::Current_Impl::get_peer_certificate ( - ::SSLIOP::ASN_1_Cert *certificate) -{ - if (this->ssl_ == 0) - return; - - TAO::SSLIOP::X509_var cert = ::SSL_get_peer_certificate (this->ssl_); - if (cert.ptr () == 0) - return; - - // Get the size of the ASN.1 encoding. - const int cert_length = ::i2d_X509 (cert.in (), 0); - if (cert_length <= 0) - return; - - certificate->length (cert_length); - - CORBA::Octet *buffer = certificate->get_buffer (); - - // Convert from the internal X509 representation to the DER encoding - // representation. - (void) ::i2d_X509 (cert.in (), &buffer); -} - -void -TAO::SSLIOP::Current_Impl::get_peer_certificate_chain ( - ::SSLIOP::SSL_Cert *cert_chain) -{ - if (this->ssl_ == 0) - return; - - STACK_OF (X509) *certs = ::SSL_get_peer_cert_chain (this->ssl_); - if (certs == 0) - return; - - const int chain_length = sk_X509_num (certs); - cert_chain->length (chain_length); - - // Copy the peer certificate chain to the SSLIOP::SSL_Cert - // sequence. - for (int i = 0; i < chain_length; ++i) - { - // Extract the certificate from the OpenSSL X509 stack. - ::X509 *x = sk_X509_value (certs, i); - - // Get the size of the ASN.1 encoding. - const int cert_length = ::i2d_X509 (x, 0); - if (cert_length <= 0) - continue; // @@ What do we do if there is an error? - - ::SSLIOP::ASN_1_Cert &certificate = (*cert_chain)[i]; - certificate.length (cert_length); - - CORBA::Octet *buffer = certificate.get_buffer (); - - // Convert from the internal X509 representation to the DER - // encoding representation. - (void) ::i2d_X509 (x, &buffer); - } -} - -CORBA::ULong -TAO::SSLIOP::Current_Impl::tag (void) const -{ - return ::SSLIOP::TAG_SSL_SEC_TRANS; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h deleted file mode 100644 index 32bc8c7a283..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.h +++ /dev/null @@ -1,113 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file SSLIOP_Current_Impl.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - -#ifndef TAO_SSLIOP_CURRENT_IMPL_H -#define TAO_SSLIOP_CURRENT_IMPL_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOPC.h" -#include "orbsvcs/Security/SL3_SecurityCurrent_Impl.h" - -#include <openssl/ssl.h> - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - /** - * @class Current_Impl - * - * @brief TSS portion of the TAO SSLIOP::Current extension, and - * the SSLIOP-specific SecurityLevel3::SecurityCurrent - * object. - * - * This class encapsulates the thread-specific state of an SSL - * session during a given upcall. - */ - class Current_Impl : public TAO::SL3::SecurityCurrent_Impl - { - public: - - /// Constructor. - Current_Impl (void); - - /// Destructor - ~Current_Impl (void); - - /// Implementation of the SSLIOP-specific - /// SecurityLevel3::client_credentials() method. - virtual SecurityLevel3::ClientCredentials_ptr client_credentials ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Implementation of the SSLIOP-specific - /// SecurityLevel3::request_is_local() method. - virtual CORBA::Boolean request_is_local ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - /// Return the SSL peer certificate associated with the - /// current request as an octet sequence, i.e. a DER encoded - /// certificate. - void get_peer_certificate (::SSLIOP::ASN_1_Cert *certificate); - - /// Return the SSL peer certificate chain associated with the - /// current request as a sequence of DER encoded certificates. - void get_peer_certificate_chain (::SSLIOP::SSL_Cert *cert_chain); - - /// Set the pointer to the underlying SSL session state. - void ssl (SSL *s); - - /// Return pointer to the SSL session state for the current upcall. - SSL *ssl (void); - - protected: - - /// Return the unique tag that identifies the concrete subclass. - virtual CORBA::ULong tag (void) const; - - private: - - /// Prevent copying through the copy constructor and the assignment - /// operator. - //@{ - Current_Impl (const Current_Impl &); - void operator= (const Current_Impl &); - //@} - - private: - - /// The SSL session state corresponding to the current upcall. - SSL *ssl_; - - }; - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined (__ACE_INLINE__) -# include "orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl" -#endif /* __ACE_INLINE__ */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_CURRENT_IMPL_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl deleted file mode 100644 index d1f4b91ee81..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.inl +++ /dev/null @@ -1,26 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -ACE_INLINE -TAO::SSLIOP::Current_Impl::Current_Impl (void) - : ssl_ (0) -{ -} - -ACE_INLINE void -TAO::SSLIOP::Current_Impl::ssl (SSL *s) -{ - this->ssl_ = s; -} - -ACE_INLINE SSL * -TAO::SSLIOP::Current_Impl::ssl (void) -{ - return this->ssl_; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp deleted file mode 100644 index 020904b53d2..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp +++ /dev/null @@ -1,76 +0,0 @@ -// -*- C++ -*- - -#include "orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h" - -#include <openssl/x509.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include <openssl/dh.h> -#include "orbsvcs/SSLIOP/params_dup.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_EVP_PKEY, - "$Id$") - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -::EVP_PKEY * -TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::copy (::EVP_PKEY const & key) -{ - ::EVP_PKEY * pkey = const_cast< ::EVP_PKEY *> (&key); - - // We're using the EVP_PKEY_var even though it depends on this - // trait function. This works since we're not actually using - // any of the EVP_PKEY_var methods that call this copy() - // trait. This allows us to maintain exception safety. - TAO::SSLIOP::EVP_PKEY_var p = ::EVP_PKEY_new (); - - switch (::EVP_PKEY_type (pkey->type)) - { - case EVP_PKEY_RSA: - { - RSA * rsa = ::EVP_PKEY_get1_RSA (pkey); - if (rsa != 0) - { - // Not exception safe! - ::EVP_PKEY_set1_RSA (p.in (), RSAPrivateKey_dup (rsa)); - ::RSA_free (rsa); - } - } - break; - - case EVP_PKEY_DSA: - { - DSA * dsa = ::EVP_PKEY_get1_DSA (pkey); - if (dsa != 0) - { - // Not exception safe! - ::EVP_PKEY_set1_DSA (p.in (), DSAPARAMS_DUP_WRAPPER_NAME (dsa)); - ::DSA_free (dsa); - } - } - break; - - case EVP_PKEY_DH: - { - DH * dh = ::EVP_PKEY_get1_DH (pkey); - if (dh != 0) - { - // Not exception safe! - ::EVP_PKEY_set1_DH (p.in (), DHPARAMS_DUP_WRAPPER_NAME (dh)); - ::DH_free (dh); - } - } - break; - - default: - // We should never get here! - return 0; - } - - return p._retn (); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h deleted file mode 100644 index 8c43b8a5b68..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h +++ /dev/null @@ -1,79 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_EVP_PKEY.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre,vanderbilt.edu> - */ -//============================================================================= - -#ifndef TAO_SSLIOP_EVP_PKEY_H -#define TAO_SSLIOP_EVP_PKEY_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h" - -#include <openssl/evp.h> -#include <openssl/crypto.h> - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - // OpenSSL @c EVP_PKEY structure traits specialization. - template <> - struct OpenSSL_traits< ::EVP_PKEY > - { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_EVP_PKEY }; - - /// Increase the reference count on the given OpenSSL structure. - /** - * @note This used to be in a function template but MSVC++ 6 - * can't handle function templates correctly so reproduce - * the code in each specialization. *sigh* - */ - static ::EVP_PKEY * _duplicate (::EVP_PKEY * st) - { - if (st != 0) - CRYPTO_add (&(st->references), - 1, - LOCK_ID); - - return st; - } - - /// Perform deep copy of the given OpenSSL structure. - static ::EVP_PKEY * copy (::EVP_PKEY const & key); - - /// Decrease the reference count on the given OpenSSL - /// structure. - static void release (::EVP_PKEY * st) - { - ::EVP_PKEY_free (st); - } - }; - - typedef OpenSSL_st_var< ::EVP_PKEY > EVP_PKEY_var; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_EVP_PKEY_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp deleted file mode 100644 index 62061e03009..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.cpp +++ /dev/null @@ -1,382 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Endpoint.h" - -#include "tao/IIOP_Endpoint.h" - -#include "ace/OS_NS_stdio.h" -#include "ace/OS_NS_string.h" -#include "ace/os_include/os_netdb.h" - -#include "tao/debug.h" - -ACE_RCSID (SSLIOP, - SSLIOP_Endpoint, - "$Id$") - - -#if !defined (__ACE_INLINE__) -# include "orbsvcs/SSLIOP/SSLIOP_Endpoint.i" -#endif /* __ACE_INLINE__ */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO_SSLIOP_Endpoint::TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component, - TAO_IIOP_Endpoint *iiop_endp) - : TAO_Endpoint (IOP::TAG_INTERNET_IOP), - object_addr_ (), - next_ (0), - iiop_endpoint_ (iiop_endp), - destroy_iiop_endpoint_ (false), - qop_ (::Security::SecQOPIntegrityAndConfidentiality), -#if !defined (VXWORKS) && !defined (__QNX__) - // Some compilers don't like the initialization - trust_ (), -#endif /* !VXWORKS && !__QNX__ */ - credentials_ (), - credentials_set_ (0) -{ - if (ssl_component != 0) - { - // Copy the security association options in the IOR's SSL tagged - // component. - this->ssl_component_.target_supports = ssl_component->target_supports; - this->ssl_component_.target_requires = ssl_component->target_requires; - this->ssl_component_.port = ssl_component->port; - } - else - { - // No SSL tagged component is available so construct a default - // set of security association options, in addition to the IANA - // assigned IIOP over SSL port (684). This is generally a - // client side issue. - - // Clear all bits in the SSLIOP::SSL association option fields. - this->ssl_component_.target_supports = 0; - this->ssl_component_.target_requires = 0; - - // SSLIOP requires these Security::AssociationOptions by default. - ACE_SET_BITS (this->ssl_component_.target_requires, - ::Security::Integrity - | ::Security::Confidentiality - | ::Security::NoDelegation); - - // SSLIOP supports these Security::AssociationOptions by - // default. - // - // Note that the Security::NoProtection bit is set since we - // can't be sure if the server supports SSL, and TAO's SSLIOP - // implementation must support IIOP over SSL and plain IIOP. - ACE_SET_BITS (this->ssl_component_.target_supports, - ::Security::Integrity - | ::Security::Confidentiality - | ::Security::EstablishTrustInTarget - | ::Security::NoProtection - | ::Security::NoDelegation); - - // Initialize the default SSL port to zero, not the IANA - // assigned IIOP over SSL port (684). We usually only get here - // if we're creating a profile on the client side using an IOR - // that does not contain an SSLIOP tagged component. - this->ssl_component_.port = 0; - } - - // Invalidate the Addr until the first attempt to use it is made. - this->object_addr_.set_type (-1); - - this->trust_.trust_in_target = 1; - this->trust_.trust_in_client = 1; -} - -TAO_SSLIOP_Endpoint::~TAO_SSLIOP_Endpoint (void) -{ - if (this->destroy_iiop_endpoint_) - delete this->iiop_endpoint_; -} - -#if 0 -static void -dump_endpoint (const char* msg, const TAO_Endpoint *other_endpoint) -{ - - TAO_Endpoint *endpt = const_cast<TAO_Endpoint *> (other_endpoint); - - TAO_SSLIOP_Endpoint *endpoint = - dynamic_cast<TAO_SSLIOP_Endpoint *> (endpt); - - if (endpoint == 0) - { - ACE_DEBUG ((LM_DEBUG, "TAO (%P|%t) endpoint - %s: Unable to cast an endpoint to SSLIOP_Endpoint\n", msg)); - return; - } - - char hostaddr[MAXHOSTNAMELEN + 16]; - int gothost = endpoint->addr_to_string (hostaddr, sizeof hostaddr); - - ACE_DEBUG ((LM_INFO, "TAO (%P|%t) SSLIOPEndpoint %s - %@ {%s, ssl=%d, iiop=%d," - " qop=%d, trst=(%d,%d), c=%@, crdh=0x%x}, h=0x%x\n", - msg, - endpoint, - (gothost == 0 ? hostaddr : "*UNKNOWN*"), - endpoint->ssl_component ().port , - endpoint->iiop_endpoint ()->port (), - endpoint->qop() , - endpoint->trust().trust_in_target , - endpoint->trust().trust_in_client , - endpoint->credentials() , - (endpoint->credentials_set () ? endpoint->credentials()->hash () : 0) , - endpoint->hash ())); -} -#endif /* 0 */ - -int -TAO_SSLIOP_Endpoint::addr_to_string (char *buffer, size_t length) -{ - size_t actual_len = - ACE_OS::strlen (this->iiop_endpoint_->host ()) // chars in host name - + sizeof (':') // delimiter - + ACE_OS::strlen ("65536") // max port - + sizeof ('\0'); - - if (length < actual_len) - return -1; - - ACE_OS::sprintf (buffer, - "%s:%d", - this->iiop_endpoint_->host (), - this->ssl_component_.port); - - return 0; -} - - -TAO_Endpoint * -TAO_SSLIOP_Endpoint::next (void) -{ - return this->next_; -} - -CORBA::Boolean -TAO_SSLIOP_Endpoint::is_equivalent (const TAO_Endpoint *other_endpoint) -{ - TAO_Endpoint *endpt = const_cast<TAO_Endpoint *> (other_endpoint); - - TAO_SSLIOP_Endpoint *endpoint = - dynamic_cast<TAO_SSLIOP_Endpoint *> (endpt); - - if (endpoint == 0) - return 0; - - ::Security::EstablishTrust t = endpoint->trust (); - - if ((this->ssl_component_.port != 0 - && endpoint->ssl_component_.port != 0 - && this->ssl_component_.port != endpoint->ssl_component_.port) - || this->qop_ != endpoint->qop () - || this->trust_.trust_in_target != t.trust_in_target - || this->trust_.trust_in_client != t.trust_in_client - || (!CORBA::is_nil (this->credentials_.in ()) - && !(*this->credentials_.in () == *endpoint->credentials ()))) - { - return 0; - } - - // Comparing the underlying iiop endpoints is wrong, as their port - // numbers often may not make sense. Or may not being used anyway. - // Therefore, we only need to directly compare the hosts. See also the - // comments in the hash() method. - if (this->iiop_endpoint() == 0 || endpoint->iiop_endpoint() == 0) - return 0; - - if ((ACE_OS::strcmp (this->iiop_endpoint()->host (), - endpoint->iiop_endpoint()->host ()) != 0)) - return 0; - - return 1; -} - -TAO_Endpoint * -TAO_SSLIOP_Endpoint::duplicate (void) -{ - TAO_SSLIOP_Endpoint *endpoint = 0; - - // @@ We need to set the priority of the newly formed endpoint. It - // shouldnt be a problem as long as SSL is not used with RTCORBA. - ACE_NEW_RETURN (endpoint, - TAO_SSLIOP_Endpoint (&this->ssl_component_, - 0), - 0); - - if (this->credentials_set_) - endpoint->set_sec_attrs (this->qop_,this->trust_, this->credentials_.in()); - - endpoint->iiop_endpoint (this->iiop_endpoint_, true); - endpoint->hash_val_ = this->hash_val_; - return endpoint; -} - -CORBA::ULong -TAO_SSLIOP_Endpoint::hash (void) -{ - // there is actually the potential for a race of the inverse case, - // since setting the security attributes will reset the hash_val_, - // it is possible this test to pass, but then have the hash reset - // before the value is returned. - if (this->hash_val_ != 0) - return this->hash_val_; - - // Do this with no locks held, as it may try to acquire it, too. - const ACE_INET_Addr &oaddr = this->object_addr(); - - { // nested scope for the lock - ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, - guard, - this->addr_lookup_lock_, - this->hash_val_); - // .. DCL - if (this->hash_val_ != 0) - return this->hash_val_; - - - // Note that we are not using the underlying IIOP endpoint's hash - // value in order to avoid the influence of the IIOP port number, - // since it is ignored anyway. When it features a - // purely fictional port number, as when accepting an SSL - // connection, the unsecured port is undefined and - // had we used it in computing the hash it would have broken the - // bi-directional support - as the 'guessed' IIOP port value will - // hardly match the one specified in the bi-dir service context. - this->hash_val_ = - oaddr.get_ip_address () - + this->ssl_component_.port; - } - - return this->hash_val_; -} - - -const ACE_INET_Addr & -TAO_SSLIOP_Endpoint::object_addr (void) const -{ - // The object_addr_ is initialized here, rather than at IOR decode - // time for several reasons: - // 1. A request on the object may never be invoked. - // 2. The DNS setup may have changed dynamically. - // ...etc.. - - // Double checked locking optimization. - if (this->object_addr_.get_type () != AF_INET) - { - const ACE_INET_Addr &iiop_addr = this->iiop_endpoint_->object_addr (); - - ACE_GUARD_RETURN (TAO_SYNCH_MUTEX, - guard, - this->addr_lookup_lock_, - this->object_addr_); - - if (this->object_addr_.get_type () != AF_INET) - { - this->object_addr_ = iiop_addr; - this->object_addr_.set_port_number (this->ssl_component_.port); - } - } - - return this->object_addr_; -} - -void -TAO_SSLIOP_Endpoint::set_sec_attrs (::Security::QOP q, - const ::Security::EstablishTrust &t, - const TAO::SSLIOP::OwnCredentials_ptr c) -{ - if (this->credentials_set_) - return; - - ACE_GUARD (TAO_SYNCH_MUTEX, - guard, - this->addr_lookup_lock_); - - // double-check - if (this->credentials_set_) - return; - - this->qop_ = q; - this->trust_ = t; - this->credentials_ = TAO::SSLIOP::OwnCredentials::_duplicate (c); - this->credentials_set_ = 1; - - // reset the hash value to force a recomputation. - this->hash_val_ = 0; -} - - - - -TAO_SSLIOP_Synthetic_Endpoint::~TAO_SSLIOP_Synthetic_Endpoint () -{ -} - -TAO_SSLIOP_Synthetic_Endpoint::TAO_SSLIOP_Synthetic_Endpoint (const ::SSLIOP::SSL *ssl) - : TAO_SSLIOP_Endpoint (ssl, 0) -{ -} - - -TAO_SSLIOP_Synthetic_Endpoint::TAO_SSLIOP_Synthetic_Endpoint (TAO_IIOP_Endpoint *iiop_endp) - : TAO_SSLIOP_Endpoint ((const ::SSLIOP::SSL *)0, iiop_endp) -{ - this->ssl_component_.port = iiop_endp->port (); -} - - -CORBA::Boolean -TAO_SSLIOP_Synthetic_Endpoint::is_equivalent (const TAO_Endpoint *other_endpoint) -{ - TAO_Endpoint *endpt = const_cast<TAO_Endpoint *> (other_endpoint); - - TAO_SSLIOP_Endpoint *endpoint = - dynamic_cast<TAO_SSLIOP_Endpoint *> (endpt); - - if (endpoint == 0) - return 0; - - if ((this->ssl_component ().port != 0 - && endpoint->ssl_component ().port != 0 - && this->ssl_component ().port != endpoint->ssl_component ().port) - || this->qop () < endpoint->qop ()) - { - return 0; - } - - // Comparing the underlying iiop endpoints is wrong, as their port - // numbers often may not make sense, or are not being used anyway. - // Therefore, directly comparing the hosts at this point. See also the - // comments in the hash() method - if (this->iiop_endpoint() == 0 || endpoint->iiop_endpoint() == 0) - return 0; - - if ((ACE_OS::strcmp (this->iiop_endpoint()->host (), - endpoint->iiop_endpoint()->host ()) != 0)) - return 0; - - return 1; -} - -TAO_Endpoint * -TAO_SSLIOP_Synthetic_Endpoint::duplicate (void) -{ - TAO_SSLIOP_Synthetic_Endpoint *endpoint = 0; - - // @@ We need to set the priority of the newly formed endpoint. It - // shouldnt be a problem as long as SSL is not used with RTCORBA. - ACE_NEW_RETURN (endpoint, - TAO_SSLIOP_Synthetic_Endpoint (&(this->ssl_component ())), - 0); - - if (this->credentials_set()) - endpoint->set_sec_attrs (this->qop (),this->trust (), this->credentials ()); - - endpoint->iiop_endpoint (this->iiop_endpoint (), true); - endpoint->hash_val_ = this->hash (); - return endpoint; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h deleted file mode 100644 index d05fec097ad..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h +++ /dev/null @@ -1,256 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Endpoint.h - * - * $Id$ - * - * SSLIOP implementation of PP Framework Endpoint interface. - * - * @author Marina Spivak <marina@cs.wustl.edu> - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - -#ifndef TAO_SSLIOP_ENDPOINT_H -#define TAO_SSLIOP_ENDPOINT_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h" - -#include "orbsvcs/SSLIOPC.h" -#include "orbsvcs/SecurityC.h" - -#include "tao/IIOP_Endpoint.h" -#include "ace/INET_Addr.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - /// Tag for storing multiple ssl endpoints within a single profile. - const ACE_UINT32 TAG_SSL_ENDPOINTS = 0x54414f01U; -} - -// namespace TAO -// { -// namespace SSLIOP -// { - /** - * @class Endpoint - * - * @brief SSLIOP-specific implementation of PP Framework Endpoint - * interface. - * - * - */ - class TAO_SSLIOP_Export TAO_SSLIOP_Endpoint : public TAO_Endpoint - { - public: - - friend class TAO_SSLIOP_Profile; - - /// Constructor - TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component, - TAO_IIOP_Endpoint *iiop_endp); - - /// Destructor. - virtual ~TAO_SSLIOP_Endpoint (void); - - /** - * @name TAO_Endpoint Methods - * - * See Endpoint.h for their documentation. - */ - //@{ - virtual TAO_Endpoint *next (void); - virtual int addr_to_string (char *buffer, size_t length); - - /// Return true if this endpoint is equivalent to @param - /// other_endpoint. The relationship is defined as equivalency of - /// their qop, hostname and ssl ports (if non-zero). - /// Two endpoints may be equivalent even if their iiop counterparts are - /// not. In fact, there are cases (as with the LPL processing) - /// when those counterparts are not known at all. - CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); - - /// Return a copy of the corresponding endpoints by allocating - /// memory. - virtual TAO_Endpoint *duplicate (void); - - /// Return a hash value for this object. Note that only the IP - /// address and port are used to generate the hash value. This may - /// cause a few more hash table collisions in the transport cache, - /// because a synthesized SSLIOP endpoints for an address will - /// have the same hash value as a fully qualified one. The - /// redeeming feature is that it makes / bi-directional SSLIOP work - /// by allowing descendent class (Synthetic_Endpoint) instances to - /// be used as keys in the cache manager and match other fully - /// qualified endpoint. (which were used earlier to cache a - /// particular transport) - virtual CORBA::ULong hash (void); - //@} - - /** - * @name SSLIOP_Endpoint-specific Methods - */ - //@{ - /// Return SSL component corresponding to this endpoint. - const ::SSLIOP::SSL &ssl_component (void) const; - - /// Accessor to our IIOP counterpart. - TAO_IIOP_Endpoint *iiop_endpoint (void) const; - - /// Mutator to our IIOP counterpart. - /** - * @param destroy If set to @c true, the TAO::SSLIOP::Endpoint - * object retains ownership of the given - * TAO_IIOP_Endpoint. - */ - void iiop_endpoint (TAO_IIOP_Endpoint *endpoint, bool destroy); - - /// Return the SSLIOP-specific ACE_INET_Addr. - const ACE_INET_Addr &object_addr (void) const; - - /// Set the Quality-of-Protection, establishment of trust, and - /// credentials for this endpoint. This is all done in one function - /// so that the guard may be used uniformly. - void set_sec_attrs (::Security::QOP qop, - const ::Security::EstablishTrust &trust, - const TAO::SSLIOP::OwnCredentials_ptr creds); - - /// Get the Quality-of-Protection settings for this endpoint. - ::Security::QOP qop (void) const; - - /// Get the establishment of trust settings for this endpoint. - ::Security::EstablishTrust trust (void) const; - - /// Get the credentials for this endpoint. - /** - * @note This method does not follow C++ mapping memory - * management rules. Specifically, no duplication or - * reference counting occurs in this method. This is so - * that no additional locks occur when checking the - * transport cache. - */ - TAO::SSLIOP::OwnCredentials * credentials (void) const; - //@} - - - /// Credentials are not supplied by the constructor, and it is - /// valid to have a nil credential, for instance if the - /// SSL_use_certificate() method returns 0. Therefore it is - /// necessary to have a new method to distinguish between a - /// credential that is nil because it has not been set, vs one - /// that was set to nil explicitly. - int credentials_set (void) const; - - protected: - - /// Cache the SSL tagged component in a decoded format. Notice - /// that we do not need to marshal this object! - ::SSLIOP::SSL ssl_component_; - - private: - - /// Cached instance of ACE_INET_Addr for use in making invocations, - /// etc. - mutable ACE_INET_Addr object_addr_; - - /// IIOP Endpoints can be stringed into a list. Return the next - /// endpoint in the list, if any. - TAO_SSLIOP_Endpoint *next_; - - /// IIOP counterpart. - /** - * Since SSLIOP is an 'extension' of IIOP, each SSLIOP_Endpoint - * contains SSL-specific information plus a pointer to the - * IIOP_Endpoint containing the IIOP portion of our address. - */ - TAO_IIOP_Endpoint *iiop_endpoint_; - - /// Flag that determines whether or not the iiop_endpoint_ member is - /// deallocated with delete(). - bool destroy_iiop_endpoint_; - - /// Quailty-of-Protection settings for this endpoint object. - ::Security::QOP qop_; - - /// Establishment of trust settings for this endpoint object. - ::Security::EstablishTrust trust_; - - /// SSLIOP-specific credentials for this endpoint object. - TAO::SSLIOP::OwnCredentials_var credentials_; - - /// A flag indicating that credentials_ was explicitly initialized - int credentials_set_; - }; - - /** - * @class SSLIOP_Synthetic_Endpoint - * - * @brief SSLIOP-specific implementation of PP Framework Endpoint - * interface, representing synthetic endpoints. An endpoints - * is synthetic whenever there is insuficient data to fully - * initialize an SSLIOP endpoint: qop, trust, credentials, - * etc. Such as when creating an SSLIOP endpoint in response - * of a Listen Point List or accepting a connection. - * - * LPL and IOR-originated endpoints can now compare as - * equivalent, if they denote the same host, port and - * protection. That would have given some false - * positives in some very obscure cases (same SSL port, but - * different protection or undelying IIOP port, or vice versa) - * The "synthetic eVndpoint" has its very own is_equivalent() - * to help eliminate any false positives and make the process - * more clear. - * - */ - class TAO_SSLIOP_Export TAO_SSLIOP_Synthetic_Endpoint : public TAO_SSLIOP_Endpoint - { - public: - - /// Constructor - TAO_SSLIOP_Synthetic_Endpoint (TAO_IIOP_Endpoint *iiop_endp); - - /// Destructor. - virtual ~TAO_SSLIOP_Synthetic_Endpoint (void); - - /** - * Return true if this endpoint is equivalent to @param - * other_endpoint. - * Two synthetic endpoints are equivalent iff their iiop counterparts are - * equivalent, and, if both have non-zero ssl ports, their ssl - * ports are the same. - */ - CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); - - /// Return a copy of the corresponding endpoints by allocating - /// memory. - virtual TAO_Endpoint *duplicate (void); - - private: - TAO_SSLIOP_Synthetic_Endpoint (const ::SSLIOP::SSL *ssl); - - }; - -// } // End SSLIOP namespace. -// } // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined (__ACE_INLINE__) -#include "orbsvcs/SSLIOP/SSLIOP_Endpoint.i" -#endif /* __ACE_INLINE__ */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_ENDPOINT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i deleted file mode 100644 index 9ea9beb96b6..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.i +++ /dev/null @@ -1,70 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -ACE_INLINE TAO_IIOP_Endpoint * -TAO_SSLIOP_Endpoint::iiop_endpoint (void) const -{ - return this->iiop_endpoint_; -} - -ACE_INLINE void -TAO_SSLIOP_Endpoint::iiop_endpoint (TAO_IIOP_Endpoint *iiop_endpoint, - bool destroy) -{ - if (iiop_endpoint != 0) - { - TAO_IIOP_Endpoint *new_endpoint = 0; - - if (destroy) - { - TAO_Endpoint *endpoint = iiop_endpoint->duplicate (); - - new_endpoint = dynamic_cast<TAO_IIOP_Endpoint *> (endpoint); - - } - else - new_endpoint = iiop_endpoint; - - if (this->destroy_iiop_endpoint_) - delete this->iiop_endpoint_; - - this->iiop_endpoint_ = new_endpoint; - this->destroy_iiop_endpoint_ = destroy; - } -} - -ACE_INLINE const ::SSLIOP::SSL & -TAO_SSLIOP_Endpoint::ssl_component (void) const -{ - return this->ssl_component_; -} - -ACE_INLINE ::Security::QOP -TAO_SSLIOP_Endpoint::qop (void) const -{ - return this->qop_; -} - -ACE_INLINE ::Security::EstablishTrust -TAO_SSLIOP_Endpoint::trust (void) const -{ - return this->trust_; -} - -ACE_INLINE TAO::SSLIOP::OwnCredentials * -TAO_SSLIOP_Endpoint::credentials (void) const -{ - return this->credentials_.in (); -} - -ACE_INLINE int -TAO_SSLIOP_Endpoint::credentials_set (void) const -{ - return this->credentials_set_; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h deleted file mode 100644 index 806577d0855..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Export.h +++ /dev/null @@ -1,40 +0,0 @@ - -// -*- C++ -*- -// $Id$ -// Definition for Win32 Export directives. -// This file is generated automatically by generate_export_file.pl -// ------------------------------ -#ifndef TAO_SSLIOP_EXPORT_H -#define TAO_SSLIOP_EXPORT_H - -#include "ace/config-all.h" - -#if defined (TAO_AS_STATIC_LIBS) -# if !defined (TAO_SSLIOP_HAS_DLL) -# define TAO_SSLIOP_HAS_DLL 0 -# endif /* ! TAO_SSLIOP_HAS_DLL */ -#else -# if !defined (TAO_SSLIOP_HAS_DLL) -# define TAO_SSLIOP_HAS_DLL 1 -# endif /* ! TAO_SSLIOP_HAS_DLL */ -#endif - -#if defined (TAO_SSLIOP_HAS_DLL) && (TAO_SSLIOP_HAS_DLL == 1) -# if defined (TAO_SSLIOP_BUILD_DLL) -# define TAO_SSLIOP_Export ACE_Proper_Export_Flag -# define TAO_SSLIOP_SINGLETON_DECLARATION(T) ACE_EXPORT_SINGLETON_DECLARATION (T) -# define TAO_SSLIOP_SINGLETON_DECLARE(SINGLETON_TYPE, CLASS, LOCK) ACE_EXPORT_SINGLETON_DECLARE(SINGLETON_TYPE, CLASS, LOCK) -# else /* TAO_SSLIOP_BUILD_DLL */ -# define TAO_SSLIOP_Export ACE_Proper_Import_Flag -# define TAO_SSLIOP_SINGLETON_DECLARATION(T) ACE_IMPORT_SINGLETON_DECLARATION (T) -# define TAO_SSLIOP_SINGLETON_DECLARE(SINGLETON_TYPE, CLASS, LOCK) ACE_IMPORT_SINGLETON_DECLARE(SINGLETON_TYPE, CLASS, LOCK) -# endif /* TAO_SSLIOP_BUILD_DLL */ -#else /* TAO_SSLIOP_HAS_DLL == 1 */ -# define TAO_SSLIOP_Export -# define TAO_SSLIOP_SINGLETON_DECLARATION(T) -# define TAO_SSLIOP_SINGLETON_DECLARE(SINGLETON_TYPE, CLASS, LOCK) -#endif /* TAO_SSLIOP_HAS_DLL == 1 */ - -#endif /* TAO_SSLIOP_EXPORT_H */ - -// End of auto generated file. diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp deleted file mode 100644 index 49a369925e7..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ /dev/null @@ -1,614 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Factory.h" -#include "orbsvcs/SSLIOP/SSLIOP_Acceptor.h" -#include "orbsvcs/SSLIOP/SSLIOP_Connector.h" -#include "orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h" -#include "ace/OS_NS_strings.h" - -#include "orbsvcs/Security/Security_ORBInitializer.h" /// @todo should go away - -#include "tao/debug.h" -#include "tao/ORBInitializer_Registry.h" - -#include "ace/SSL/sslconf.h" -#include "ace/SSL/SSL_Context.h" - -ACE_RCSID (SSLIOP, - SSLIOP_Factory, - "$Id$") - - -// An SSL session id seed value. Needs not be too unique, just somewhat -// different. See the OpenSSL manual -static const unsigned char session_id_context_[] = - "$Id$"; - -// Protocol name prefix -static const char * const the_prefix[] = {"iiop", "ssliop"}; - -// An OS-dependent path separator character -static ACE_TCHAR const TAO_PATH_SEPARATOR_STRING[] = -#if defined(ACE_WIN32) - ACE_TEXT (";"); -#else - ACE_TEXT (":"); -#endif - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - static const long ACCEPT_TIMEOUT = 10; // Default accept timeout - // in seconds. - } -} - -TAO::SSLIOP::Protocol_Factory::Protocol_Factory (void) - : TAO_Protocol_Factory (IOP::TAG_INTERNET_IOP), - qop_ (::Security::SecQOPIntegrityAndConfidentiality), - timeout_ (TAO::SSLIOP::ACCEPT_TIMEOUT) -{ -} - -TAO::SSLIOP::Protocol_Factory::~Protocol_Factory (void) -{ -} - -int -TAO::SSLIOP::Protocol_Factory::match_prefix (const ACE_CString &prefix) -{ - // Check for the proper prefix for this protocol. - return (ACE_OS::strcasecmp (prefix.c_str (), ::the_prefix[0]) == 0) - || (ACE_OS::strcasecmp (prefix.c_str (), ::the_prefix[1]) == 0); -} - -const char * -TAO::SSLIOP::Protocol_Factory::prefix (void) const -{ - // Note: This method doesn't seem to be used anywhere. Moreover, - // keeping it may make things more confusing - a Factory can - // well be handling multiple protocol prefixes, not just one! - // Shouldn't it be deprecated? - return ::the_prefix[0]; -} - -char -TAO::SSLIOP::Protocol_Factory::options_delimiter (void) const -{ - return '/'; -} - -TAO_Acceptor * -TAO::SSLIOP::Protocol_Factory::make_acceptor (void) -{ - TAO_Acceptor *acceptor = 0; - - ACE_NEW_RETURN (acceptor, - TAO::SSLIOP::Acceptor (this->qop_, - this->timeout_), - 0); - - return acceptor; -} - - -// Parses a X509 path. Beware: This function modifies -// the buffer pointed to by arg! -int -TAO::SSLIOP::Protocol_Factory::parse_x509_file (char *arg, - char **path) -{ - ACE_ASSERT (arg != 0); - ACE_ASSERT (path != 0); - - char *lst = 0; - const char *type_name = ACE_OS::strtok_r (arg, ":", &lst); - *path = ACE_OS::strtok_r (0, "", &lst); - - if (ACE_OS::strcasecmp (type_name, "ASN1") == 0) - return SSL_FILETYPE_ASN1; - - if (ACE_OS::strcasecmp (type_name, "PEM") == 0) - return SSL_FILETYPE_PEM; - - return -1; -} - - -int -TAO::SSLIOP::Protocol_Factory::init (int argc, - char* argv[]) -{ - char *certificate_path = 0; - char *private_key_path = 0; - char *dhparams_path = 0; - char *ca_file = 0; - char *ca_dir = 0; - char *rand_path = 0; - - int certificate_type = -1; - int private_key_type = -1; - int dhparams_type = -1; - - int prevdebug = -1; - - CSIIOP::AssociationOptions csiv2_target_supports = - CSIIOP::Integrity | CSIIOP::Confidentiality; - CSIIOP::AssociationOptions csiv2_target_requires = - CSIIOP::Integrity | CSIIOP::Confidentiality; - - // Force the Singleton instance to be initialized/instantiated. - // Some SSLIOP option combinations below will result in the - // Singleton instance never being initialized. In that case, - // problems may occur later on due to lack of initialization of the - // underlying SSL library (e.g. OpenSSL), which occurs when an - // ACE_SSL_Context is instantiated. - - // The code is cleaner this way anyway. - ACE_SSL_Context * ssl_ctx = ACE_SSL_Context::instance (); - ACE_ASSERT (ssl_ctx != 0); - - size_t session_id_len = - (sizeof session_id_context_ >= SSL_MAX_SSL_SESSION_ID_LENGTH) - ? SSL_MAX_SSL_SESSION_ID_LENGTH - : sizeof session_id_context_; - - // Note that this function returns 1, if the operation succeded. - // See SSL_CTX_set_session_id_context(3) - if( 1 != ::SSL_CTX_set_session_id_context (ssl_ctx->context(), - session_id_context_, - session_id_len)) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set the session id ") - ACE_TEXT ("context to \'%s\'\n"), session_id_context_)); - - return -1; - } - - for (int curarg = 0; curarg != argc; ++curarg) - { - if ((ACE_OS::strcasecmp (argv[curarg], - "-verbose") == 0) - || (ACE_OS::strcasecmp (argv[curarg], - "-v") == 0)) - { - if (TAO_debug_level == 0) - { - prevdebug = TAO_debug_level; - TAO_debug_level = 1; - } - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLNoProtection") == 0) - { - // Enable the eNULL cipher. Note that enabling the "eNULL" - // cipher only disables encryption. However, certificate - // exchanges will still occur. - if (::SSL_CTX_set_cipher_list (ssl_ctx->context (), - "DEFAULT:eNULL") == 0) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set eNULL ") - ACE_TEXT ("SSL cipher in SSLIOP ") - ACE_TEXT ("factory.\n"))); - - return -1; - } - - // This does not disable secure invocations on the server - // side. It merely enables insecure ones. On the client - // side, secure invocations will be disabled unless - // overridden by a SecurityLevel2::QOPPolicy in the object - // reference. - this->qop_ = ::Security::SecQOPNoProtection; - - ACE_SET_BITS (csiv2_target_supports, - CSIIOP::NoProtection); - - ACE_CLR_BITS (csiv2_target_requires, - CSIIOP::Confidentiality); - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLCertificate") == 0) - { - curarg++; - if (curarg < argc) - { - certificate_type = parse_x509_file (argv[curarg], &certificate_path); - } - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLPrivateKey") == 0) - { - curarg++; - if (curarg < argc) - { - private_key_type = parse_x509_file (argv[curarg], &private_key_path); - } - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLAuthenticate") == 0) - { - curarg++; - if (curarg < argc) - { - int mode = SSL_VERIFY_NONE; - if (ACE_OS::strcasecmp (argv[curarg], "NONE") == 0) - { - mode = SSL_VERIFY_NONE; - } - else if (ACE_OS::strcasecmp (argv[curarg], "SERVER") == 0) - { - mode = SSL_VERIFY_PEER; - - ACE_SET_BITS (csiv2_target_supports, - CSIIOP::EstablishTrustInTarget - | CSIIOP::EstablishTrustInClient); - } - else if (ACE_OS::strcasecmp (argv[curarg], "CLIENT") == 0 - || ACE_OS::strcasecmp (argv[curarg], - "SERVER_AND_CLIENT") == 0) - { - mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; - - ACE_SET_BITS (csiv2_target_supports, - CSIIOP::EstablishTrustInTarget - | CSIIOP::EstablishTrustInClient); - - ACE_SET_BITS (csiv2_target_requires, - CSIIOP::EstablishTrustInClient); - } - - ssl_ctx->default_verify_mode (mode); - } - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLAcceptTimeout") == 0) - { - curarg++; - if (curarg < argc) - { - float timeout = 0; - - if (sscanf (argv[curarg], "%f", &timeout) != 1 - || timeout < 0) - ACE_ERROR_RETURN ((LM_ERROR, - "ERROR: Invalid -SSLAcceptTimeout " - "value: %s.\n", - argv[curarg]), - -1); - else - this->timeout_.set (timeout); - } - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLDHparams") == 0) - { - curarg++; - if (curarg < argc) - { - dhparams_type = parse_x509_file (argv[curarg], &dhparams_path); - } - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLCAfile") == 0) - { - curarg++; - if (curarg < argc) - { - (void) parse_x509_file (argv[curarg], &ca_file); - } - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLCApath") == 0) - { - curarg++; - if (curarg < argc) - { - ca_dir = argv[curarg]; - } - } - - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLrand") == 0) - { - curarg++; - if (curarg < argc) - { - rand_path = argv[curarg]; - } - } - } - - // Load some (more) entropy from the user specified sources - // in addition to what's pointed to by ACE_SSL_RAND_FILE_ENV - if (rand_path != 0) - { - short errors = 0; - char *file_name = 0; - const char *path = ACE_OS::strtok_r (rand_path, - TAO_PATH_SEPARATOR_STRING, - &file_name); - while ( path != 0) - { - if( -1 == ssl_ctx->seed_file (path, -1)) - { - errors++; - - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Failed to load ") - ACE_TEXT ("more entropy from <%s>: %m\n"), path)); - } - else - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Loaded ") - ACE_TEXT ("more entropy from <%s>\n"), path)); - } - - path = ACE_OS::strtok_r (0, TAO_PATH_SEPARATOR_STRING, &file_name); - } - - if (errors > 0) - return -1; - } - - // Load any trusted certificates explicitely rather than relying on - // previously set SSL_CERT_FILE and/or SSL_CERT_PATH environment variable - if (ca_file != 0 || ca_dir != 0) - { - if (ssl_ctx->load_trusted_ca (ca_file, ca_dir) != 0) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to load ") - ACE_TEXT ("CA certs from %s%s%s\n"), - ((ca_file != 0) ? ca_file : ACE_TEXT ("a file pointed to by ") - ACE_TEXT (ACE_SSL_CERT_FILE_ENV) - ACE_TEXT (" env var (if any)")), - ACE_TEXT (" and "), - ((ca_dir != 0) ? ca_dir : ACE_TEXT ("a directory pointed to by ") - ACE_TEXT (ACE_SSL_CERT_DIR_ENV) - ACE_TEXT (" env var (if any)")))); - - return -1; - } - else - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") - ACE_TEXT ("Trusted Certificates from %s%s%s\n"), - ((ca_file != 0) ? ca_file : ACE_TEXT ("a file pointed to by ") - ACE_TEXT (ACE_SSL_CERT_FILE_ENV) - ACE_TEXT (" env var (if any)")), - ACE_TEXT (" and "), - ((ca_dir != 0) ? ca_dir : ACE_TEXT ("a directory pointed to by ") - ACE_TEXT (ACE_SSL_CERT_DIR_ENV) - ACE_TEXT (" env var (if any)")))); - } - } - - // Load in the DH params. If there was a file explicitly specified, - // then we do that here, otherwise we load them in from the cert file. - // Note that we only do this on the server side, I think so we might - // need to defer this 'til later in the acceptor or something... - if (dhparams_path == 0) - { - // If the user didn't explicitly specify a DH parameters file, we - // also might find it concatenated in the certificate file. - // So, we set the dhparams to that if it wasn't explicitly set. - dhparams_path = certificate_path; - dhparams_type = certificate_type; - } - - if (dhparams_path != 0) - { - if (ssl_ctx->dh_params (dhparams_path, - dhparams_type) != 0) - { - if (dhparams_path != certificate_path) - { - // We only want to fail catastrophically if the user specified - // a dh parameter file and we were unable to actually find it - // and load from it. - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP_Factory: ") - ACE_TEXT ("unable to set ") - ACE_TEXT ("DH parameters <%s>\n"), - dhparams_path)); - return -1; - } - else - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_INFO, - ACE_TEXT ("(%P|%t) SSLIOP_Factory: ") - ACE_TEXT ("No DH parameters found in ") - ACE_TEXT ("certificate <%s>; either none ") - ACE_TEXT ("are needed (RSA) or problems ") - ACE_TEXT ("will ensue later.\n"), - dhparams_path)); - } - } - else - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_INFO, - ACE_TEXT ("(%P|%t) SSLIOP loaded ") - ACE_TEXT ("Diffie-Hellman params ") - ACE_TEXT ("from %s\n"), - dhparams_path)); - } - } - - // The certificate must be set before the private key since the - // ACE_SSL_Context attempts to check the private key for - // consistency. That check requires the certificate to be available - // in the underlying SSL_CTX. - if (certificate_path != 0) - { - if (ssl_ctx->certificate (certificate_path, - certificate_type) != 0) - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set ") - ACE_TEXT ("SSL certificate <%s> ") - ACE_TEXT ("in SSLIOP factory.\n"), - certificate_path)); - - return -1; - } - else - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") - ACE_TEXT ("SSL certificate ") - ACE_TEXT ("from %s\n"), - certificate_path)); - } - } - - if (private_key_path != 0) - { - if (ssl_ctx->private_key (private_key_path, - private_key_type) != 0) - { - if (TAO_debug_level > 0) - { - ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set ") - ACE_TEXT ("SSL private key ") - ACE_TEXT ("<%s> in SSLIOP factory.\n"), - private_key_path)); - } - - return -1; - } - else - { - if (TAO_debug_level > 0) - ACE_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") - ACE_TEXT ("Private Key ") - ACE_TEXT ("from %s\n"), - private_key_path)); - } - } - - if (this->register_orb_initializer (csiv2_target_supports, - csiv2_target_requires) != 0) - return -1; - - if (prevdebug != -1) - TAO_debug_level = prevdebug; - - return 0; -} - -int -TAO::SSLIOP::Protocol_Factory::register_orb_initializer ( - CSIIOP::AssociationOptions csiv2_target_supports, - CSIIOP::AssociationOptions csiv2_target_requires) -{ - ACE_DECLARE_NEW_CORBA_ENV; - ACE_TRY - { - // @todo: This hard-coding should be fixed once SECIOP is - // supported. - // Register the Security ORB initializer. - PortableInterceptor::ORBInitializer_ptr tmp; - ACE_NEW_THROW_EX (tmp, - TAO::Security::ORBInitializer, - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_TRY_CHECK; - - PortableInterceptor::ORBInitializer_var initializer = tmp; - - PortableInterceptor::register_orb_initializer (initializer.in () - ACE_ENV_ARG_PARAMETER); - ACE_TRY_CHECK; - - // Register the SSLIOP ORB initializer. - // PortableInterceptor::ORBInitializer_ptr tmp; - ACE_NEW_THROW_EX (tmp, - TAO::SSLIOP::ORBInitializer (this->qop_, - csiv2_target_supports, - csiv2_target_requires), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_TRY_CHECK; - - //PortableInterceptor::ORBInitializer_var initializer = tmp; - initializer = tmp; - - PortableInterceptor::register_orb_initializer (initializer.in () - ACE_ENV_ARG_PARAMETER); - ACE_TRY_CHECK; - } - ACE_CATCHANY - { - ACE_PRINT_EXCEPTION (ACE_ANY_EXCEPTION, - "Unable to register SSLIOP ORB " - "initializer."); - return -1; - } - ACE_ENDTRY; - ACE_CHECK_RETURN (-1); - - return 0; -} - - -TAO_Connector * -TAO::SSLIOP::Protocol_Factory::make_connector (void) -{ - TAO_Connector *connector = 0; - - ACE_NEW_RETURN (connector, - TAO::SSLIOP::Connector (this->qop_), - 0); - return connector; -} - -int -TAO::SSLIOP::Protocol_Factory::requires_explicit_endpoint (void) const -{ - return 0; -} - -TAO_END_VERSIONED_NAMESPACE_DECL - -ACE_STATIC_SVC_DEFINE (TAO_SSLIOP_Protocol_Factory, - ACE_TEXT ("SSLIOP_Factory"), - ACE_SVC_OBJ_T, - &ACE_SVC_NAME (TAO_SSLIOP_Protocol_Factory), - ACE_Service_Type::DELETE_THIS - | ACE_Service_Type::DELETE_OBJ, - 0) - -ACE_FACTORY_DEFINE (TAO_SSLIOP, TAO_SSLIOP_Protocol_Factory) diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h deleted file mode 100644 index 169e12b7bf2..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h +++ /dev/null @@ -1,141 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Factory.h - * - * $Id$ - * - * SSLIOP implementation of PP Framework Protocol_Factory interface. - * - * @author Carlos O'Ryan <coryan@uci.edu> - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_FACTORY_H -#define TAO_SSLIOP_FACTORY_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SecurityC.h" -#include "orbsvcs/CSIIOPC.h" - -#include "tao/Protocol_Factory.h" - -#include "ace/Service_Config.h" - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -class TAO_Acceptor; -class TAO_Connector; - -namespace TAO -{ - namespace SSLIOP - { - - /** - * @class Protocol_Factory - * - * @brief SSLIOP-specific protocol factory implementation. - * - * This class implements the SSLIOP-specific protocol factory - * implementation for use in TAO's pluggable protocols framework. - */ - class TAO_SSLIOP_Export Protocol_Factory - : public TAO_Protocol_Factory - { - public: - - /// Constructor. - Protocol_Factory (void); - - /// Destructor. - virtual ~Protocol_Factory (void); - - // = Service Configurator hooks. - /// Dynamic linking hook - virtual int init (int argc, char* argv[]); - - /// Verify prefix is a match - virtual int match_prefix (const ACE_CString & prefix); - - /// Returns the prefix used by the protocol. - virtual const char * prefix (void) const; - - /// Return the character used to mark where an endpoint ends and - /// where its options begin. - virtual char options_delimiter (void) const; - - // = Check Protocol_Factory.h for a description of these methods. - virtual TAO_Acceptor * make_acceptor (void); - virtual TAO_Connector * make_connector (void); - virtual int requires_explicit_endpoint (void) const; - - private: - - /// Parse an X509 file path, which is expected to looks like: - /// <X509Path> ::= <Prefix> ':' <Path> - /// <Prefix> ::= 'PEM' | 'ASN1' - /// <Path> ::= any-string - /// Returns either SSL_FILETYPE_ASN1, SSL_FILETYPE_PEM or -1 - /// if the prefix can not be recognized. The *path will point - /// to the part of the original buffer, after the initial ':', - /// or will contain 0, if no path was specified. - /// - /// Beware: This function modifies the buffer pointed to by arg! - /// - static int parse_x509_file (char *arg, char **path); - - /// Create and register the SSLIOP ORB initializer. - int register_orb_initializer ( - CSIIOP::AssociationOptions csiv2_target_supports, - CSIIOP::AssociationOptions csiv2_target_requires); - - private: - - /// Default quality-of-protection settings for the SSLIOP - /// pluggable protocol. - ::Security::QOP qop_; - - /// The accept() timeout. - /** - * This timeout includes the overall time to complete the SSL - * handshake. This includes both the TCP handshake and the SSL - * handshake. - */ - ACE_Time_Value timeout_; - - /// The SSLIOP-specific CSIv2 transport mechanism component. - /** - * This SSLIOP-specific structure is embedded in the CSIv2 transport - * mechanism list of the @c CSIIOP::CompoundSecMechList IOR tagged - * component. - */ - // CSIIOP::TLS_SEC_TRANS * csiv2_component_; - - }; - } // End SSLIOP namespace. -} // End TAO namespace. - -// Work around preprocessor tokenization. -typedef TAO::SSLIOP::Protocol_Factory TAO_SSLIOP_Protocol_Factory; - -TAO_END_VERSIONED_NAMESPACE_DECL - -ACE_STATIC_SVC_DECLARE_EXPORT (TAO_SSLIOP, TAO_SSLIOP_Protocol_Factory) -ACE_STATIC_SVC_REQUIRE (TAO_SSLIOP_Protocol_Factory) -ACE_FACTORY_DECLARE (TAO_SSLIOP, TAO_SSLIOP_Protocol_Factory) - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_FACTORY_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp deleted file mode 100644 index 5e90c389e80..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.cpp +++ /dev/null @@ -1,175 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h" - -#include "orbsvcs/SecurityLevel2C.h" - -#include "tao/ORB_Constants.h" -#include "tao/PortableServer/PS_CurrentC.h" -#include "tao/debug.h" - -#if defined(SSLIOP_DEBUG_PEER_CERTIFICATE) -#include <openssl/x509.h> // @@ For debugging code below -#endif /* DEBUG_PEER_CERTIFICATES */ - -ACE_RCSID (SSLIOP, - SSLIOP_Invocation_Interceptor, - "$Id$") - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Server_Invocation_Interceptor::Server_Invocation_Interceptor ( - ::SSLIOP::Current_ptr current, - ::Security::QOP qop) - : ssliop_current_ (::SSLIOP::Current::_duplicate (current)), - qop_ (qop) -{ -} - -TAO::SSLIOP::Server_Invocation_Interceptor::~Server_Invocation_Interceptor ( - void) -{ -} - -char * -TAO::SSLIOP::Server_Invocation_Interceptor::name ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return CORBA::string_dup ("TAO::SSLIOP::Server_Invocation_Interceptor"); -} - -void -TAO::SSLIOP::Server_Invocation_Interceptor::destroy ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ -} - - -void -TAO::SSLIOP::Server_Invocation_Interceptor::receive_request_service_contexts ( - PortableInterceptor::ServerRequestInfo_ptr /*ri*/ - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)) -{ - // The current upcall is not being performed through an SSL - // connection. If server is configured to disallow insecure - // invocations then throw a CORBA::NO_PERMISSION exception. - // @@ TODO: Once the SecurityManager is implemented, query it - // for the current object's - // SecureInvocationPolicy of type - // SecTargetSecureInvocationPolicy so that we can - // accept or reject requests on a per-object basis - // instead on a per-endpoint basis. - CORBA::Boolean const no_ssl = - this->ssliop_current_->no_context (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK; - - if (TAO_debug_level >= 3) - ACE_DEBUG ((LM_DEBUG, "SSLIOP (%P|%t) Interceptor (context), ssl=%d\n", !(no_ssl))); - - if (no_ssl && this->qop_ != ::Security::SecQOPNoProtection) - ACE_THROW (CORBA::NO_PERMISSION ()); - -#if defined(DEBUG_PEER_CERTIFICATES) - ACE_TRY - { - // If the request was not made through an SSL connection, then - // this method will throw the SSLIOP::Current::NoContext - // exception. Otherwise, it will return a DER encoded X509 - // certificate. - ::SSLIOP::ASN_1_Cert_var cert = - this->ssliop_current_->get_peer_certificate ( - ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_TRY_CHECK; - - // @@ The following debugging code works but I don't think that - // we should include it since it dumps alot of information, - // i.e. prints two lines of information per request. - if (TAO_debug_level > 1) - { - CORBA::Octet *der_cert = cert->get_buffer (); - - X509 *peer = ::d2i_X509 (0, &der_cert, cert->length ()); - if (peer != 0) - { - char buf[BUFSIZ] = { 0 }; - - ::X509_NAME_oneline (::X509_get_subject_name (peer), - buf, - BUFSIZ); - - ACE_DEBUG ((LM_DEBUG, - "(%P|%t) Certificate subject: %s\n", - buf)); - - ::X509_NAME_oneline (::X509_get_issuer_name (peer), - buf, - BUFSIZ); - - ACE_DEBUG ((LM_DEBUG, - "(%P|%t) Certificate issuer: %s\n", - buf)); - - - ::X509_free (peer); - } - } - } - ACE_CATCH (::SSLIOP::Current::NoContext, exc) - { - // The current upcall is not being performed through an SSL - // connection. If server is configured to disallow insecure - // invocations then throw a CORBA::NO_PERMISSION exception. - // @@ TODO: Once the SecurityManager is implemented, query it - // for the current object's - // SecureInvocationPolicy of type - // SecTargetSecureInvocationPolicy so that we can - // accept or reject requests on a per-object basis - // instead on a per-endpoint basis. - if (this->qop_ != ::Security::SecQOPNoProtection) - ACE_THROW (CORBA::NO_PERMISSION ()); - } - ACE_ENDTRY; - ACE_CHECK; -#endif /* DEBUG_PEER_CERTIFICATES */ -} - - -void -TAO::SSLIOP::Server_Invocation_Interceptor::receive_request ( - PortableInterceptor::ServerRequestInfo_ptr /* ri */ - ACE_ENV_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)) -{ -} - -void -TAO::SSLIOP::Server_Invocation_Interceptor::send_reply ( - PortableInterceptor::ServerRequestInfo_ptr /* ri */ - ACE_ENV_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ -} - -void -TAO::SSLIOP::Server_Invocation_Interceptor::send_exception ( - PortableInterceptor::ServerRequestInfo_ptr /* ri */ - ACE_ENV_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)) -{ -} - -void -TAO::SSLIOP::Server_Invocation_Interceptor::send_other ( - PortableInterceptor::ServerRequestInfo_ptr /* ri */ - ACE_ENV_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)) -{ -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h deleted file mode 100644 index 9ab7aaffad1..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h +++ /dev/null @@ -1,148 +0,0 @@ -// -*- C++ -*- - -// =================================================================== -/** - * @file SSLIOP_Invocation_Interceptor.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -// =================================================================== - -#ifndef TAO_SSLIOP_INVOCATION_INTERCEPTOR_H -#define TAO_SSLIOP_INVOCATION_INTERCEPTOR_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOPC.h" -#include "tao/PortableInterceptorC.h" -#include "tao/PI_Server/PI_Server.h" -#include "tao/LocalObject.h" - -// This is to remove "inherits via dominance" warnings from MSVC. -// MSVC is being a little too paranoid. -#if defined (_MSC_VER) -#pragma warning(push) -#pragma warning(disable:4250) -#endif /* _MSC_VER */ - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - /** - * @class Server_Invocation_Interceptor - * - * @brief Secure invocation server request interceptor. - * - * This server request interceptor rejects insecure request - * invocations if the effective target object policy requires - * secure invocations. - */ - class Server_Invocation_Interceptor - : public virtual PortableInterceptor::ServerRequestInterceptor, - public virtual TAO_Local_RefCounted_Object - { - public: - - /// Constructor. - Server_Invocation_Interceptor (::SSLIOP::Current_ptr current, - ::Security::QOP qop); - - /** - * @name PortableInterceptor::ServerRequestInterceptor Methods - * - * Methods required by the - * PortableInterceptor::ServerRequestInterceptor interface. - */ - //@{ - virtual char * name (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void destroy (ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void receive_request_service_contexts ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)); - - virtual void receive_request ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)); - - virtual void send_reply ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void send_exception ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)); - - virtual void send_other ( - PortableInterceptor::ServerRequestInfo_ptr ri - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException, - PortableInterceptor::ForwardRequest)); - //@} - - protected: - - /// Destructor - /** - * Protected destructor to force deallocation by the reference - * counting mechanism. - */ - ~Server_Invocation_Interceptor (void); - - private: - - /** - * @name Copying and Assignment - * - * Protected to prevent copying through the copy constructor and the - * assignment operator. - */ - //@{ - Server_Invocation_Interceptor (const Server_Invocation_Interceptor &); - void operator= (const Server_Invocation_Interceptor &); - //@} - - private: - - /// Reference to the current SSLIOP execution context. - ::SSLIOP::Current_var ssliop_current_; - - /// The default quality-of-protection settings in use. - ::Security::QOP qop_; - - }; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined (_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_INVOCATION_INTERCEPTOR_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp deleted file mode 100644 index 6f36fa774c5..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.cpp +++ /dev/null @@ -1,248 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_ORBInitializer, - "$Id$") - - -#include "orbsvcs/SSLIOP/SSLIOP_Current.h" -#include "orbsvcs/SSLIOP/SSLIOP_Invocation_Interceptor.h" -//#include "SSLIOP_IORInterceptor.h" -#include "orbsvcs/SSLIOP/SSLIOP_CredentialsAcquirerFactory.h" - -#include "orbsvcs/Security/SL3_SecurityCurrent.h" -#include "orbsvcs/Security/SL3_CredentialsCurator.h" - -#include "orbsvcs/SSLIOPC.h" -#include "orbsvcs/CSIIOPC.h" - -#include "tao/Exception.h" -#include "tao/PI/ORBInitInfo.h" -#include "tao/debug.h" - -#include "ace/Auto_Ptr.h" - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::ORBInitializer::ORBInitializer ( - ::Security::QOP qop, - CSIIOP::AssociationOptions csiv2_target_supports, - CSIIOP::AssociationOptions csiv2_target_requires) - : qop_ (qop), - csiv2_target_supports_ (csiv2_target_supports), - csiv2_target_requires_ (csiv2_target_requires) -{ -} - -void -TAO::SSLIOP::ORBInitializer::pre_init ( - PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - TAO_ORBInitInfo_var tao_info = - TAO_ORBInitInfo::_narrow (info - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - if (CORBA::is_nil (tao_info.in ())) - ACE_THROW (CORBA::INV_OBJREF ()); - - // SSLIOP doesn't use the ORB Core until a request invocation occurs - // so there is no problem in retrieving the ORB Core pointer in this - // pre_init() method. - TAO_ORB_Core *orb_core = tao_info->orb_core (); - - // Create the SSLIOP::Current object. - // Note that a new SSLIOP::Current object is created for each ORB. - // It wouldn't be very useful to share security context information - // with another ORB that isn't configured with security, for - // example. - SSLIOP::Current_ptr current; - ACE_NEW_THROW_EX (current, - TAO::SSLIOP::Current (orb_core), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK; - - SSLIOP::Current_var ssliop_current = current; - - // Register the SSLIOP::Current object reference with the ORB. - info->register_initial_reference ("SSLIOPCurrent", - ssliop_current.in () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; -} - -void -TAO::SSLIOP::ORBInitializer::post_init ( - PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - // Note we do not store the SSLIOP::Current as a class member since - // we need to avoid potential problems where the same - // SSLIOP::Current object is shared between ORBs. Each ORB should - // have its own unique SSLIOP::Current object. By obtaining the - // SSLIOP::Current object from the resolve_initial_references() - // mechanism, we are guaranteed that the SSLIOP::Current object is - // specific to the ORB being initialized since a new SSLIOP::Current - // object is registered for each ORB in this ORBInitializer's - // pre_init() method. - - CORBA::Object_var obj = - info->resolve_initial_references ("SSLIOPCurrent" - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - SSLIOP::Current_var ssliop_current = - SSLIOP::Current::_narrow (obj.in () ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - if (!CORBA::is_nil (ssliop_current.in ())) - { - TAO::SSLIOP::Current *tao_current = - dynamic_cast<TAO::SSLIOP::Current *> (ssliop_current.in ()); - - if (tao_current != 0) - { - const size_t slot = - this->get_tss_slot_id (info ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - tao_current->tss_slot (slot); - } - else - ACE_THROW (CORBA::INTERNAL ()); - } - - // Create the SSLIOP secure invocation server request interceptor. - PortableInterceptor::ServerRequestInterceptor_ptr si = - PortableInterceptor::ServerRequestInterceptor::_nil (); - ACE_NEW_THROW_EX (si, - TAO::SSLIOP::Server_Invocation_Interceptor ( - ssliop_current.in (), - this->qop_), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO::VMCID, - ENOMEM), - CORBA::COMPLETED_NO)); - ACE_CHECK; - - PortableInterceptor::ServerRequestInterceptor_var si_interceptor = - si; - - // Register the SSLIOP secure invocation server request interceptor - // with the ORB. - info->add_server_request_interceptor (si_interceptor.in () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - -// TAO_ORBInitInfo_var tao_info = -// TAO_ORBInitInfo::_narrow (info -// ACE_ENV_ARG_PARAMETER); -// ACE_CHECK; - -// if (CORBA::is_nil (tao_info.in ())) -// ACE_THROW (CORBA::INV_OBJREF ()); - -// TAO_ORB_Core * orb_core = tao_info->orb_core (); - -// // Create the SSLIOP IOR interceptor. -// PortableInterceptor::IORInterceptor_ptr ii = -// PortableInterceptor::IORInterceptor::_nil (); -// ACE_NEW_THROW_EX (ii, -// TAO::SSLIOP::IORInterceptor (orb_core, -// this->csiv2_target_supports_, -// this->csiv2_target_requires_), -// CORBA::NO_MEMORY ( -// CORBA::SystemException::_tao_minor_code ( -// TAO::VMCID, -// ENOMEM), -// CORBA::COMPLETED_NO)); -// ACE_CHECK; - -// PortableInterceptor::IORInterceptor_var ior_interceptor = -// ii; - -// // Register the SSLIOP IORInterceptor. -// info->add_ior_interceptor (ior_interceptor.in () -// ACE_ENV_ARG_PARAMETER); -// ACE_CHECK; - - // Register the SSLIOP-specific vault with the - // PrincipalAuthenticator. - obj = info->resolve_initial_references ("SecurityLevel3:SecurityManager" - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - SecurityLevel3::SecurityManager_var manager = - SecurityLevel3::SecurityManager::_narrow (obj.in () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - SecurityLevel3::CredentialsCurator_var curator = - manager->credentials_curator (ACE_ENV_SINGLE_ARG_PARAMETER); - ACE_CHECK; - - TAO::SL3::CredentialsCurator_var tao_curator = - TAO::SL3::CredentialsCurator::_narrow (curator.in () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - TAO::SSLIOP::CredentialsAcquirerFactory * factory; - ACE_NEW_THROW_EX (factory, - TAO::SSLIOP::CredentialsAcquirerFactory, - CORBA::NO_MEMORY ()); - ACE_CHECK; - - auto_ptr<TAO::SSLIOP::CredentialsAcquirerFactory> safe_factory; - - tao_curator->register_acquirer_factory ("SL3TLS", - factory - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - (void) safe_factory.release (); // CredentialsCurator now owns - // CredentialsAcquirerFactory. -} - -size_t -TAO::SSLIOP::ORBInitializer::get_tss_slot_id ( - PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL) -{ - // Obtain the Security Service TSS slot ID from the SecurityCurrent - // object. - CORBA::Object_var obj = - info->resolve_initial_references ("SecurityLevel3:SecurityCurrent" - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - SecurityLevel3::SecurityCurrent_var current = - SecurityLevel3::SecurityCurrent::_narrow (obj.in () - ACE_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (0); - - TAO::SL3::SecurityCurrent * security_current = - dynamic_cast<TAO::SL3::SecurityCurrent *> (current.in ()); - - if (security_current == 0) - { - ACE_DEBUG ((LM_DEBUG, - "Unable to obtain TSS slot ID from " - "\"SecurityCurrent\" object.\n")); - - ACE_THROW_RETURN (CORBA::INTERNAL (), 0); - } - - return security_current->tss_slot (); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h deleted file mode 100644 index 905b526d000..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_ORBInitializer.h +++ /dev/null @@ -1,100 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_ORBInitializer.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_ORB_INITIALIZER_H -#define TAO_SSLIOP_ORB_INITIALIZER_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/CSIIOPC.h" -#include "orbsvcs/SecurityC.h" - -#include "tao/PI/PI.h" -#include "tao/LocalObject.h" - -// This is to remove "inherits via dominance" warnings from MSVC. -// MSVC is being a little too paranoid. -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:4250) -#endif /* _MSC_VER */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - - /** - * @name ORBInitializer - * - * @brief - * ORB initializer that registers all SSLIOP-specific interceptors and - * object references. - */ - class ORBInitializer - : public virtual PortableInterceptor::ORBInitializer, - public virtual TAO_Local_RefCounted_Object - { - public: - - /// Constructor. - ORBInitializer (::Security::QOP qop, - CSIIOP::AssociationOptions csiv2_target_supports, - CSIIOP::AssociationOptions csiv2_target_requires); - - virtual void pre_init (PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void post_init (PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL_WITH_DEFAULTS) - ACE_THROW_SPEC ((CORBA::SystemException)); - - private: - - // Obtain the TSS slot ID assigned to the "SSLIOPCurrent" object. - size_t get_tss_slot_id (PortableInterceptor::ORBInitInfo_ptr info - ACE_ENV_ARG_DECL); - - private: - - /// The default quality-of-protection settings in use. - ::Security::QOP qop_; - - /// Default support CSIv2 association options. - CSIIOP::AssociationOptions csiv2_target_supports_; - - /// Default required CSIv2 association options. - CSIIOP::AssociationOptions csiv2_target_requires_; - }; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_ORB_INITIALIZER_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp deleted file mode 100644 index f20eb554f4c..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp +++ /dev/null @@ -1,17 +0,0 @@ -// $Id$ - -#ifndef TAO_SSLIOP_OPENSSL_ST_T_CPP -#define TAO_SSLIOP_OPENSSL_ST_T_CPP - -#include "orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - - -#if !defined (__ACE_INLINE__) -#include "orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl" -#endif /* !__ACE_INLINE__ */ - -#endif /* TAO_SSLIOP_OPENSSL_ST_T_CPP */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h deleted file mode 100644 index 1fee4c1504b..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h +++ /dev/null @@ -1,139 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_OpenSSL_st_T.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - -#ifndef TAO_SSLIOP_OPENSSL_ST_T_H -#define TAO_SSLIOP_OPENSSL_ST_T_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "tao/Versioned_Namespace.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - /** - * @struct OpenSSL_traits - * - * @brief Template traits structure for OpenSSL data structures. - * - * Template traits structure containing constants and functions - * specific to a given OpenSSL data structure. - */ - template <typename T> - struct OpenSSL_traits; - - /** - * @name CORBA-style Reference Count Manipulation Methods - * - * These reference count manipulation methods are generally - * specific to OpenSSL structures. - */ - /// Increase the reference count on the given OpenSSL structure. - template <typename T> - T * _duplicate (T * st); - - /// Deep copy the given OpenSSL structure. - template <typename T> - T * copy (T const & st); - - /// Decrease the reference count on the given OpenSSL structure. - template <typename T> - void release (T * st); - - /** - * @class OpenSSL_st_var - * - * @brief "_var" class for the OpenSSL @param T structure. - * - * This class is simply used to make operations on instances of - * the OpenSSL @c T structure exception safe. It is only used - * internally by the SSLIOP pluggable transport. - */ - template <typename T> - class OpenSSL_st_var - { - public: - - /** - * @name Constructors - * - * Constructors. - */ - //@{ - OpenSSL_st_var (void); - OpenSSL_st_var (T * st); - OpenSSL_st_var (OpenSSL_st_var<T> const & v); - OpenSSL_st_var (T const & st); - //@} - - /// Destructor - ~OpenSSL_st_var (void); - - /** - * @name Assignment operators. - * - * Assignment operators. - */ - //@{ - OpenSSL_st_var<T> & operator= (T* st); - OpenSSL_st_var<T> & operator= (OpenSSL_st_var<T> const & v); - OpenSSL_st_var<T> & operator= (T const & st); - //@} - - T const * operator-> (void) const; - T* operator-> (void); - - operator const T& () const; - operator T& (); - - T* in (void) const; - T*& inout (void); - T*& out (void); - T* _retn (void); - T* ptr (void) const; - - private: - - /// The OpenSSL structure whose reference count is managed. - T * st_; - - }; - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - - -#if defined (__ACE_INLINE__) -#include "orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl" -#endif /* __ACE_INLINE__ */ - -#if defined (ACE_TEMPLATES_REQUIRE_SOURCE) -# include "orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.cpp" -#endif /* ACE_TEMPLATES_REQUIRE_SOURCE */ - -#if defined (ACE_TEMPLATES_REQUIRE_PRAGMA) -# pragma implementation ("SSLIOP_OpenSSL_st_T.cpp") -#endif /* ACE_TEMPLATES_REQUIRE_PRAGMA */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_OPENSSL_ST_T_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl deleted file mode 100644 index 0233a73fc01..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl +++ /dev/null @@ -1,165 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - - -#include <openssl/crypto.h> - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -template <typename T> ACE_INLINE T * -TAO::SSLIOP::_duplicate (T * st) -{ - // Shallow copy. - - // OpenSSL provides no structure-specific functions to increase the - // reference count on the structure it defines, so we do it - // manually. - if (st != 0) - CRYPTO_add (&(st->references), - 1, - TAO::SSLIOP::OpenSSL_traits<T>::LOCK_ID); - - return st; -} - -template <typename T> ACE_INLINE T * -TAO::SSLIOP::copy (T const & st) -{ - // Deep copy. - return TAO::SSLIOP::OpenSSL_traits<T>::copy (st); -} - -template <typename T> ACE_INLINE void -TAO::SSLIOP::release (T * st) -{ - TAO::SSLIOP::OpenSSL_traits<T>::release (st); -} - -// ------------------------------------------------------------------- - -template <typename T> ACE_INLINE -TAO::SSLIOP::OpenSSL_st_var<T>::OpenSSL_st_var (void) - : st_ (0) -{ -} - -template <typename T> ACE_INLINE -TAO::SSLIOP::OpenSSL_st_var<T>::OpenSSL_st_var (T * st) - : st_ (st) -{ -} - -template <typename T> ACE_INLINE -TAO::SSLIOP::OpenSSL_st_var<T>::OpenSSL_st_var ( - TAO::SSLIOP::OpenSSL_st_var<T> const & st) - : st_ (TAO::SSLIOP::OpenSSL_traits<T>::_duplicate (st.ptr ())) -{ -} - -template <typename T> ACE_INLINE -TAO::SSLIOP::OpenSSL_st_var<T>::OpenSSL_st_var (T const & st) - : st_ (TAO::SSLIOP::OpenSSL_traits<T>::copy (st)) -{ -} - -template <typename T> ACE_INLINE -TAO::SSLIOP::OpenSSL_st_var<T>::~OpenSSL_st_var (void) -{ - TAO::SSLIOP::OpenSSL_traits<T>::release (this->st_); - // TAO::SSLIOP::release (this->st_); -} - -template <typename T> ACE_INLINE TAO::SSLIOP::OpenSSL_st_var<T> & -TAO::SSLIOP::OpenSSL_st_var<T>::operator= (T * st) -{ - TAO::SSLIOP::OpenSSL_traits<T>::release (this->st_); - this->st_ = st; - return *this; -} - -template <typename T> ACE_INLINE TAO::SSLIOP::OpenSSL_st_var<T> & -TAO::SSLIOP::OpenSSL_st_var<T>::operator= ( - TAO::SSLIOP::OpenSSL_st_var<T> const & st) -{ - if (this != &st) - { - TAO::SSLIOP::OpenSSL_traits<T>::release (this->st_); - this->st_ = TAO::SSLIOP::OpenSSL_traits<T>::_duplicate (st.ptr ()); - } - - return *this; -} - -template <typename T> ACE_INLINE TAO::SSLIOP::OpenSSL_st_var<T> & -TAO::SSLIOP::OpenSSL_st_var<T>::operator= (T const & st) -{ - if (this->st_ != &st) - { - TAO::SSLIOP::OpenSSL_traits<T>::release (this->st_); - this->st_ = TAO::SSLIOP::OpenSSL_traits<T>::copy (st); - } - - return *this; -} - -template <typename T> ACE_INLINE T const * -TAO::SSLIOP::OpenSSL_st_var<T>::operator-> (void) const -{ - return this->st_; -} - -template <typename T> ACE_INLINE T * -TAO::SSLIOP::OpenSSL_st_var<T>::operator-> (void) -{ - return this->st_; -} - -template <typename T> ACE_INLINE -TAO::SSLIOP::OpenSSL_st_var<T>::operator T const &() const -{ - return *this->st_; -} - -template <typename T> ACE_INLINE -TAO::SSLIOP::OpenSSL_st_var<T>::operator T &() -{ - return *this->st_; -} - -template <typename T> ACE_INLINE T * -TAO::SSLIOP::OpenSSL_st_var<T>::in (void) const -{ - return this->st_; -} - -template <typename T> ACE_INLINE T *& -TAO::SSLIOP::OpenSSL_st_var<T>::inout (void) -{ - return this->st_; -} - -template <typename T> ACE_INLINE T *& -TAO::SSLIOP::OpenSSL_st_var<T>::out (void) -{ - TAO::SSLIOP::OpenSSL_traits<T>::release (this->st_); - this->st_ = 0; - return this->st_; -} - -template <typename T> ACE_INLINE T * -TAO::SSLIOP::OpenSSL_st_var<T>::_retn (void) -{ - // Yield ownership of the OpenSSL structure. - T * st = this->st_; - this->st_ = 0; - return st; -} - -template <typename T> ACE_INLINE T * -TAO::SSLIOP::OpenSSL_st_var<T>::ptr (void) const -{ - return this->st_; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp deleted file mode 100644 index 7d90833fff5..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.cpp +++ /dev/null @@ -1,77 +0,0 @@ -// $Id$ - -#include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_OwnCredentials, - "$Id$") - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::OwnCredentials::OwnCredentials (X509 *cert, EVP_PKEY *evp) - : SSLIOP_Credentials (cert, evp) -{ -} - -TAO::SSLIOP::OwnCredentials::~OwnCredentials (void) -{ -} - -TAO::SSLIOP::OwnCredentials_ptr -TAO::SSLIOP::OwnCredentials::_duplicate (TAO::SSLIOP::OwnCredentials_ptr obj) -{ - if (!CORBA::is_nil (obj)) - obj->_add_ref (); - - return obj; -} - -TAO::SSLIOP::OwnCredentials_ptr -TAO::SSLIOP::OwnCredentials::_narrow (CORBA::Object_ptr obj - ACE_ENV_ARG_DECL_NOT_USED) -{ - return TAO::SSLIOP::OwnCredentials::_duplicate ( - dynamic_cast<TAO::SSLIOP::OwnCredentials *> (obj)); -} - -TAO::SSLIOP::OwnCredentials_ptr -TAO::SSLIOP::OwnCredentials::_nil (void) -{ - return (OwnCredentials *) 0; - -} - -SecurityLevel3::CredentialsType -TAO::SSLIOP::OwnCredentials::creds_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return SecurityLevel3::CT_OwnCredentials; -} - -SecurityLevel3::CredsInitiator_ptr -TAO::SSLIOP::OwnCredentials::creds_initiator (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), - SecurityLevel3::CredsInitiator::_nil ()); -} - -SecurityLevel3::CredsAcceptor_ptr -TAO::SSLIOP::OwnCredentials::creds_acceptor (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), - SecurityLevel3::CredsAcceptor::_nil ()); -} - -void -TAO::SSLIOP::OwnCredentials::release_credentials ( - ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - this->creds_state_ = SecurityLevel3::CS_PendingRelease; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h deleted file mode 100644 index 8376cda69dc..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h +++ /dev/null @@ -1,121 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_OwnCredentials.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_OWN_CREDENTIALS_H -#define TAO_SSLIOP_OWN_CREDENTIALS_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Credentials.h" - -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:4250) -#endif /* _MSC_VER */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - class OwnCredentials; - typedef OwnCredentials* OwnCredentials_ptr; - typedef TAO_Pseudo_Var_T<OwnCredentials> OwnCredentials_var; - typedef TAO_Pseudo_Out_T<OwnCredentials> OwnCredentials_out; - - /** - * @class OwnCredentials - * - * @brief Credentials representing our identity, not our peer's - * identity. - * - * @c OwnCredentials are a representation of our identity, not our - * peer's identity. - */ - class OwnCredentials - : public virtual SecurityLevel3::OwnCredentials, - public virtual SSLIOP_Credentials - { - public: - typedef OwnCredentials_ptr _ptr_type; - typedef OwnCredentials_var _var_type; - typedef OwnCredentials_out _out_type; - - /// Constructor - OwnCredentials (::X509 *cert, ::EVP_PKEY *evp); - - static OwnCredentials_ptr _duplicate (OwnCredentials_ptr obj); - static OwnCredentials_ptr _nil (void); - static OwnCredentials_ptr _narrow (CORBA::Object_ptr obj - ACE_ENV_ARG_DECL); - - /** - * @name SecurityLevel3::TargetCredentials Methods - * - * Methods required by the SecurityLevel3::Credentials - * interface. - */ - //@{ - SecurityLevel3::CredentialsType creds_type (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /** - * @name SecurityLevel3::OwnCredentials Methods - * - * Methods required by the SecurityLevel3::OwnCredentials - * interface. - */ - //@{ - virtual SecurityLevel3::CredsInitiator_ptr creds_initiator ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::CredsAcceptor_ptr creds_acceptor ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void release_credentials (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - protected: - - /// Destructor - /** - * Protected destructor to enforce proper memory management - * through the reference counting mechanism. - */ - ~OwnCredentials (void); - }; - - } // End SSLIOP namespace -} // End TAO namespace - - -TAO_END_VERSIONED_NAMESPACE_DECL - -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_OWN_CREDENTIALS_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.cpp deleted file mode 100644 index f9c084779cd..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.cpp +++ /dev/null @@ -1,357 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Profile.h" -#include "orbsvcs/SSLIOP/ssl_endpointsC.h" -#include "tao/CDR.h" -#include "tao/Environment.h" -#include "ace/OS_NS_string.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_Profile, - "$Id$") - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO_SSLIOP_Profile::TAO_SSLIOP_Profile (const ACE_INET_Addr & addr, - const TAO::ObjectKey & object_key, - const TAO_GIOP_Message_Version & version, - TAO_ORB_Core * orb_core, - const ::SSLIOP::SSL * ssl_component) - : TAO_IIOP_Profile (addr, - object_key, - version, - orb_core), - ssl_endpoint_ (ssl_component, 0), - ssl_only_ (0) -{ - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); -} - -TAO_SSLIOP_Profile::TAO_SSLIOP_Profile (const char * host, - CORBA::UShort port, - const TAO::ObjectKey & object_key, - const ACE_INET_Addr & addr, - const TAO_GIOP_Message_Version & version, - TAO_ORB_Core * orb_core, - const ::SSLIOP::SSL * ssl_component) - : TAO_IIOP_Profile (host, - port, - object_key, - addr, - version, - orb_core), - ssl_endpoint_ (ssl_component, 0), - ssl_only_ (0) -{ - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); -} - -TAO_SSLIOP_Profile::TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core, - const ::SSLIOP::SSL * ssl_component) - : TAO_IIOP_Profile (orb_core), - ssl_endpoint_ (ssl_component, 0), - ssl_only_ (0) -{ - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); -} - -TAO_SSLIOP_Profile::TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core, int ssl_only) - : TAO_IIOP_Profile (orb_core), - ssl_endpoint_ (0, 0), - ssl_only_ (ssl_only) -{ - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); -} - -TAO_SSLIOP_Profile::~TAO_SSLIOP_Profile (void) -{ - // Clean up the list of endpoints since we own it. - // Skip the head, since it is not dynamically allocated. - TAO_Endpoint *tmp = 0; - - for (TAO_Endpoint *next = this->ssl_endpoint_.next (); - next != 0; - next = tmp) - { - tmp = next->next (); - delete next; - } -} - -// return codes: -// -1 -> error -// 0 -> can't understand this version -// 1 -> success. -int -TAO_SSLIOP_Profile::decode (TAO_InputCDR & cdr) -{ - int r = this->TAO_IIOP_Profile::decode (cdr); - if (r != 1) - return r; - - // Attempt to decode SSLIOP::SSL tagged component. It may not be - // there if we are dealing with pure IIOP profile. - int ssl_component_found = 0; - IOP::TaggedComponent component; - component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; - - if (this->tagged_components ().get_component (component)) - { - TAO_InputCDR cdr (reinterpret_cast<const char*> ( - component.component_data.get_buffer ()), - component.component_data.length ()); - CORBA::Boolean byte_order; - if ((cdr >> ACE_InputCDR::to_boolean (byte_order)) == 0) - return -1; - cdr.reset_byte_order (static_cast<int> (byte_order)); - - if (cdr >> this->ssl_endpoint_.ssl_component_) - ssl_component_found = 1; - else - return -1; - } - - // Since IIOP portion of the profile has already been decoded, we - // know how many endpoints it should contain and can finish - // initialization accordingly. - if (this->count_ < 2) - { - // This profile contains only one endpoint. Finish initializing - // it. - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); - this->ssl_endpoint_.priority (this->endpoint_.priority ()); - return 1; - } - else - { - // This profile contains more than one endpoint. - if (ssl_component_found) - { - // It is true ssl profile, i.e., not just IIOP, so must have - // ssl endpoints encoded. - - if (this->decode_tagged_endpoints () == -1) - return -1; - - return 1; - } - else - { - // IIOP profile - doesn't have ssl endpoints encoded. We - // must create 'dummy' ssl endpoint list anyways, in order to - // make iiop endpoints accessable and usable. - for (size_t i = 0; - i < this->count_; - ++i) - { - TAO_SSLIOP_Endpoint *endpoint = 0; - ACE_NEW_RETURN (endpoint, - TAO_SSLIOP_Endpoint (0, 0), - -1); - this->add_endpoint (endpoint); - } - - // Now that we have a complete list of ssl endpoins, we can - // connect them with their iiop counterparts. - TAO_IIOP_Endpoint *iiop_endp = &this->endpoint_; - - for (TAO_SSLIOP_Endpoint * ssl_endp = &this->ssl_endpoint_; - ssl_endp != 0; - ssl_endp = ssl_endp->next_) - { - ssl_endp->iiop_endpoint (iiop_endp, true); - ssl_endp->priority (iiop_endp->priority ()); - iiop_endp = iiop_endp->next_; - } - - return 1; - } - } -} - -CORBA::Boolean -TAO_SSLIOP_Profile::do_is_equivalent (const TAO_Profile * other_profile) -{ - const TAO_SSLIOP_Profile *op = - dynamic_cast<const TAO_SSLIOP_Profile *> (other_profile); - - // Make sure we have a TAO_SSLIOP_Profile. - if (op == 0) - return 0; - - // Now verify TAO_SSLIOP_Endpoint equivalence. - const TAO_SSLIOP_Endpoint *other_endp = &op->ssl_endpoint_; - for (TAO_SSLIOP_Endpoint *endp = &this->ssl_endpoint_; - endp != 0; - endp = endp->next_) - { - if (endp->is_equivalent (other_endp)) - other_endp = other_endp->next_; - else - return 0; - } - - return 1; -} - -TAO_Endpoint* -TAO_SSLIOP_Profile::endpoint (void) -{ - return &this->ssl_endpoint_; -} - -void -TAO_SSLIOP_Profile::add_endpoint (TAO_SSLIOP_Endpoint * endp) -{ - endp->next_ = this->ssl_endpoint_.next_; - this->ssl_endpoint_.next_ = endp; - - // We do not want to add our IIOP endpoint counterpart when we are - // decoding a profile, and IIOP endpoints have been added before we - // even get to SSLIOP-specific decoding. - if (endp->iiop_endpoint () != 0) - this->TAO_IIOP_Profile::add_endpoint (endp->iiop_endpoint ()); -} - -int -TAO_SSLIOP_Profile::encode_endpoints (void) -{ - // If we have more than one endpoint, we encode info about others - // into a tagged component for wire transfer. - if (this->count_ > 1) - { - // Encode all endpoints except the first one, since it is always - // transferred through standard profile component. - - // Create a data structure and fill it with endpoint info for wire - // transfer. - TAO_SSLEndpointSequence endpoints; - endpoints.length (this->count_ - 1); - - const TAO_SSLIOP_Endpoint *endpoint = this->ssl_endpoint_.next_; - for (size_t i = 0; - i < this->count_ - 1; - ++i) - { - endpoints[i] = endpoint->ssl_component (); - endpoint = endpoint->next_; - } - - // Encode the data structure. - TAO_OutputCDR out_cdr; - if ((out_cdr << ACE_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER) - == 0) - || (out_cdr << endpoints) == 0) - return -1; - - const CORBA::ULong length = out_cdr.total_length (); - - IOP::TaggedComponent tagged_component; - tagged_component.tag = TAO::TAG_SSL_ENDPOINTS; - tagged_component.component_data.length (length); - CORBA::Octet *buf = - tagged_component.component_data.get_buffer (); - - for (const ACE_Message_Block *iterator = out_cdr.begin (); - iterator != 0; - iterator = iterator->cont ()) - { - CORBA::ULong i_length = iterator->length (); - ACE_OS::memcpy (buf, iterator->rd_ptr (), i_length); - - buf += i_length; - } - - // Add component with encoded endpoint data to this profile's - // TaggedComponents. - tagged_components_.set_component (tagged_component); - } - - return this->TAO_IIOP_Profile::encode_endpoints (); -} - -int -TAO_SSLIOP_Profile::decode_tagged_endpoints (void) -{ - IOP::TaggedComponent tagged_component; - tagged_component.tag = TAO::TAG_SSL_ENDPOINTS; - - if (this->tagged_components_.get_component (tagged_component)) - { - const CORBA::Octet *buf = - tagged_component.component_data.get_buffer (); - - TAO_InputCDR in_cdr (reinterpret_cast<const char* > (buf), - tagged_component.component_data.length ()); - - // Extract the Byte Order. - CORBA::Boolean byte_order; - if ((in_cdr >> ACE_InputCDR::to_boolean (byte_order)) == 0) - return -1; - in_cdr.reset_byte_order (static_cast<int> (byte_order)); - - // Extract endpoints sequence. - TAO_SSLEndpointSequence endpoints; - if ((in_cdr >> endpoints) == 0) - return -1; - - // Use information extracted from the tagged component to - // populate the profile. Begin from the end of the sequence to - // preserve endpoint order, since <add_endpoint> method reverses - // the order of endpoints in the list. - for (CORBA::ULong i = endpoints.length () - 1; - (i + 1) != 0; - --i) - { - TAO_SSLIOP_Endpoint *endpoint = 0; - ACE_NEW_RETURN (endpoint, - TAO_SSLIOP_Endpoint (0, 0), - -1); - endpoint->ssl_component_ = endpoints[i]; - this->add_endpoint (endpoint); - } - - // Now that we have a complete list of ssl endpoins, we can - // connect them with their iiop counterparts, which have been - // extracted/chained during the IIOP profile decoding. - TAO_IIOP_Endpoint *iiop_endp = &this->endpoint_; - - for (TAO_SSLIOP_Endpoint * ssl_endp = &this->ssl_endpoint_; - ssl_endp != 0; - ssl_endp = ssl_endp->next_) - { - ssl_endp->iiop_endpoint (iiop_endp, true); - ssl_endp->priority (iiop_endp->priority ()); - iiop_endp = iiop_endp->next_; - } - - return 0; - } - - // Since this method is only called if we are expecting - // TAO_TAG_SSL_ENDPOINTS component, failure to find it is an error. - return -1; -} - -void -TAO_SSLIOP_Profile::parse_string (const char * ior - ACE_ENV_ARG_DECL) -{ - TAO_IIOP_Profile::parse_string (ior - ACE_ENV_ARG_PARAMETER); - ACE_CHECK; - - this->ssl_endpoint_.iiop_endpoint (&this->endpoint_, true); - - if( ssl_only_) - { - this->ssl_endpoint_.ssl_component_.port = this->endpoint_.port_; - - // Note that the Security::NoProtection bit is cleared since we - // are sure the server supports SSL (we're told so) - ACE_CLR_BITS (this->ssl_endpoint_.ssl_component_.target_supports, - Security::NoProtection); - } -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.h deleted file mode 100644 index 849914f148d..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Profile.h +++ /dev/null @@ -1,179 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Profile.h - * - * $Id$ - * - * SSLIOP profile specific processing - * - * @author Carlos O'Ryan <coryan@uci.edu> - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_PROFILE_H -#define TAO_SSLIOP_PROFILE_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Endpoint.h" -#include "tao/IIOP_Profile.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -// namespace TAO -// { -// namespace SSLIOP -// { - - /** - * @class Profile - * - * @brief This class defines the protocol specific attributes - * required for locating ORBs over a TCP/IP network, using - * either IIOP or IIOP/SSL for communication. - * - * This class extends TAO_IIOP_Profile to support secure - * communication using SSL. - */ - class TAO_SSLIOP_Profile : public TAO_IIOP_Profile - { - public: - /// Profile constructor, same as above except the object_key has - /// already been marshaled. - TAO_SSLIOP_Profile (const ACE_INET_Addr & addr, - const TAO::ObjectKey & object_key, - const TAO_GIOP_Message_Version & version, - TAO_ORB_Core * orb_core, - const ::SSLIOP::SSL * ssl_component); - - /// Profile constructor, this is the most efficient since it - /// doesn't require any address resolution processing. - TAO_SSLIOP_Profile (const char *host, - CORBA::UShort port, - const TAO::ObjectKey & object_key, - const ACE_INET_Addr & addr, - const TAO_GIOP_Message_Version & version, - TAO_ORB_Core * orb_core, - const ::SSLIOP::SSL * ssl_component); - - /// Create profile with the given SSLIOP tagged component. - TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core, - const ::SSLIOP::SSL * ssl_component); - - /// Profile constructor. ssl_only != 0 will force secure - /// connections, pnly. - TAO_SSLIOP_Profile (TAO_ORB_Core * orb_core, int ssl_only = 0); - - - // = Please see Profile.h for the documentation of these methods. - virtual int decode (TAO_InputCDR& cdr); - virtual int encode_endpoints (void); - virtual TAO_Endpoint *endpoint (void); - - /** - * Override parse_string() from the base class to update the SSL - * endpoint's iiop endpoint once the base class has completed - * parsing the string. - *@par - * Initialize this object using the given input string. - * URL-style string contain only one endpoint. - */ - virtual void parse_string (const char * string - ACE_ENV_ARG_DECL); - - /** - * Add @a endp to this profile's list of endpoints (it is - * inserted next to the head of the list). This profiles takes - * ownership of @a endp. If @a endp's @c iiop_endpoint_ member - * is not 0, it is added to our parent's class endpoint list. - */ - void add_endpoint (TAO_SSLIOP_Endpoint * endp); - - protected: - - /// Destructor. - /** - * Protected destructor to enforce proper memory management - * through the reference counting mechanism. - */ - ~TAO_SSLIOP_Profile (void); - - /// Profile equivalence template method. - /** - * @see TAO_Profile::do_is_equivalent() - */ - virtual CORBA::Boolean do_is_equivalent ( - const TAO_Profile * other_profile); - - private: - - /** - * Helper for @c decode. Decodes TAO_TAG_SSL_ENDPOINTS from a - * tagged component. Decode only if RTCORBA is enabled. - * - * @return 0 on success and -1 on failure. - * - * @note This should be enabled only when RTCORBA is enabled, - * but sadly others pay the price (of footprint) under - * normal operations. - */ - int decode_tagged_endpoints (void); - - /** - * Head of this profile's list of endpoints. This endpoint is - * not dynamically allocated because a profile always contains - * at least one endpoint. - * @par - * Currently, a profile contains more than one endpoint, i.e., - * list contains more than just the head, only when RTCORBA is - * enabled. However, in the near future, this will be used in - * non-RT mode as well, e.g., to support @c - * TAG_ALTERNATE_IIOP_ADDRESS feature. - * @par - * Since SSLIOP profile is an extension of IIOP profile, its - * addressing info is contained in two places: IIOP parent - * class contains all iiop addressing while this class contains - * SSL-specific addressing additions to iiop. This means that - * there are two lists of endpoints: one maintained in the - * parent class and one maintained here. Each ssl endpoint - * maintains a pointer to its counterpart in the parent class - * endpoint list. - * @par - * For transmission of IIOP addressing information, see - * @c TAO_IIOP_Profile. Addressing info of the default SSL - * endpoint, i.e., head of the list, is transmitted using - * standard SSLIOP::TAG_SSL_SEC_TRANS tagged component. See - * @c encode_endpoints method documentation above for how the - * rest of the SSL endpoint list is transmitted. - */ - TAO_SSLIOP_Endpoint ssl_endpoint_; - - /** - * Allways treat this endpoint as secure, even if the constructor - * did not explicitely specify a tagged component for SSL. - * @par - * Most likely the parse_string() will supply a subset of the - * attributes - port number, for instance. - */ - int ssl_only_; - - }; - -// } // End SSLIOP namespace. -// } // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_PROFILE_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h deleted file mode 100644 index b9b01e4a85d..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h +++ /dev/null @@ -1,85 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_SSL.h - * - * OpenSSL @c SSL data structure specializations and typedefs. - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - -#ifndef TAO_SSLIOP_SSL_H -#define TAO_SSLIOP_SSL_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h" - -#include <openssl/ssl.h> -#include <openssl/crypto.h> - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - // OpenSSL @c SSL structure traits specialization. - template <> - struct OpenSSL_traits< ::SSL > - { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_SSL }; - - /// Increase the reference count on the given OpenSSL structure. - /** - * @note This used to be in a function template but MSVC++ 6 - * can't handle function templates correctly so reproduce - * the code in each specialization. *sigh* - */ - static ::SSL * _duplicate (::SSL * st) - { - if (st != 0) - CRYPTO_add (&(st->references), - 1, - LOCK_ID); - - return st; - } - - /// Perform deep copy of the given OpenSSL structure. - static ::SSL * copy (::SSL const & st) - { - return ::SSL_dup (const_cast< ::SSL * > (&st)); - } - - /// Decrease the reference count on the given OpenSSL - /// structure. - static void release (::SSL * st) - { - ::SSL_free (st); - } - }; - - typedef OpenSSL_st_var< ::SSL > SSL_var; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_SSL_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp deleted file mode 100644 index a081a95c168..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.cpp +++ /dev/null @@ -1,134 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_TargetCredentials, - "$Id$") - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::TargetCredentials::TargetCredentials (::X509 *cert, - ::EVP_PKEY *evp) - : SSLIOP_Credentials (cert, evp) -{ -} - - -SecurityLevel3::CredentialsType -TAO::SSLIOP::TargetCredentials::creds_type (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - return SecurityLevel3::CT_TargetCredentials; -} - -char * -TAO::SSLIOP::TargetCredentials::context_id (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::Principal * -TAO::SSLIOP::TargetCredentials::client_principal (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::StatementList * -TAO::SSLIOP::TargetCredentials::client_supporting_statements ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::ResourceNameList * -TAO::SSLIOP::TargetCredentials::client_restricted_resources ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::Principal * -TAO::SSLIOP::TargetCredentials::target_principal (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::StatementList * -TAO::SSLIOP::TargetCredentials::target_supporting_statements ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::ResourceNameList * -TAO::SSLIOP::TargetCredentials::target_restricted_resources ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -SecurityLevel3::OwnCredentials_ptr -TAO::SSLIOP::TargetCredentials::parent_credentials (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), - SecurityLevel3::OwnCredentials::_nil ()); -} - -CORBA::Boolean -TAO::SSLIOP::TargetCredentials::client_authentication (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -CORBA::Boolean -TAO::SSLIOP::TargetCredentials::target_authentication (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -CORBA::Boolean -TAO::SSLIOP::TargetCredentials::confidentiality (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -CORBA::Boolean -TAO::SSLIOP::TargetCredentials::integrity (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -CORBA::Boolean -TAO::SSLIOP::TargetCredentials::target_embodied (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -CORBA::Boolean -TAO::SSLIOP::TargetCredentials::target_endorsed (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); -} - -void -TAO::SSLIOP::TargetCredentials::release (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) -{ - ACE_THROW (CORBA::NO_IMPLEMENT ()); -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h deleted file mode 100644 index 920db9d2e61..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_TargetCredentials.h +++ /dev/null @@ -1,129 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_TargetCredentials.h - * - * $Id$ - * - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - -#ifndef TAO_SSLIOP_TARGET_CREDENTIALS_H -#define TAO_SSLIOP_TARGET_CREDENTIALS_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Credentials.h" - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - /** - * @class TargetCredentials - * - * @brief SSLIOP-specific implementation of the - * SecurityLevel3::TargetCredentials interface. - * - * This class implements SSLIOP-specific - * SecurityLevel3::TargetCredentials. - */ - class TAO_SSLIOP_Export TargetCredentials - : public virtual SecurityLevel3::TargetCredentials, - public virtual SSLIOP_Credentials - { - public: - - TargetCredentials (::X509 *cert, ::EVP_PKEY *evp); - - /** - * @name SecurityLevel3::Credentials Methods - * - * Methods required by the SecurityLevel3::Credentials - * interface. - */ - //@{ - virtual SecurityLevel3::CredentialsType creds_type ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - /** - * @name SecurityLevel3::TargetCredentials Methods - * - * Methods required by the SecurityLevel3::TargetCredentials - * interface. - */ - //@{ - virtual char * context_id (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::Principal * client_principal ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::StatementList * client_supporting_statements ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::ResourceNameList * client_restricted_resources ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::Principal * target_principal ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::StatementList * target_supporting_statements ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::ResourceNameList * target_restricted_resources ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual SecurityLevel3::OwnCredentials_ptr parent_credentials ( - ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean client_authentication (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean target_authentication (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean confidentiality (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean integrity (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean target_embodied (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual CORBA::Boolean target_endorsed (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - - virtual void release (ACE_ENV_SINGLE_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)); - //@} - - }; - } -} - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_TARGET_CREDENTIALS_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp deleted file mode 100644 index 3f60b36bcdf..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.cpp +++ /dev/null @@ -1,385 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h" -#include "orbsvcs/SSLIOP/SSLIOP_Transport.h" -#include "orbsvcs/SSLIOP/SSLIOP_Profile.h" -#include "orbsvcs/SSLIOP/SSLIOP_Acceptor.h" - -#include "tao/debug.h" - -#include "tao/Timeprobe.h" -#include "tao/CDR.h" -#include "tao/Transport_Mux_Strategy.h" -#include "tao/Wait_Strategy.h" -#include "tao/Stub.h" -#include "tao/ORB_Core.h" -#include "tao/debug.h" -#include "tao/GIOP_Message_Base.h" -#include "tao/Acceptor_Registry.h" -#include "tao/Thread_Lane_Resources.h" - -ACE_RCSID (SSLIOP, - SSLIOP_Transport, - "$Id$") - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Transport::Transport ( - TAO::SSLIOP::Connection_Handler *handler, - TAO_ORB_Core *orb_core, - CORBA::Boolean /* flag */) - : TAO_Transport (IOP::TAG_INTERNET_IOP, orb_core), - connection_handler_ (handler), - messaging_object_ (0) -{ - // Use the normal GIOP object - ACE_NEW (this->messaging_object_, - TAO_GIOP_Message_Base (orb_core, this)); -} - -TAO::SSLIOP::Transport::~Transport (void) -{ - delete this->messaging_object_; -} - -ACE_Event_Handler * -TAO::SSLIOP::Transport::event_handler_i (void) -{ - return this->connection_handler_; -} - -TAO_Connection_Handler * -TAO::SSLIOP::Transport::connection_handler_i (void) -{ - return this->connection_handler_; -} - -TAO_Pluggable_Messaging * -TAO::SSLIOP::Transport::messaging_object (void) -{ - return this->messaging_object_; -} - -int -TAO::SSLIOP::Transport::handle_input (TAO_Resume_Handle &rh, - ACE_Time_Value *max_wait_time, - int block) -{ - int result = 0; - - // Set up the SSLIOP::Current object. - TAO::SSLIOP::State_Guard ssl_state_guard (this->connection_handler_, - result); - - if (result == -1) - return -1; - - return TAO_Transport::handle_input (rh, - max_wait_time, - block); -} - -ssize_t -TAO::SSLIOP::Transport::send (iovec *iov, - int iovcnt, - size_t &bytes_transferred, - const ACE_Time_Value *max_wait_time) -{ - const ssize_t retval = - this->connection_handler_->peer ().sendv (iov, iovcnt, max_wait_time); - - if (retval > 0) - bytes_transferred = retval; - - return retval; -} - -ssize_t -TAO::SSLIOP::Transport::recv (char *buf, - size_t len, - const ACE_Time_Value *max_wait_time) -{ - const ssize_t n = this->connection_handler_->peer ().recv (buf, - len, - max_wait_time); - - // Most of the errors handling is common for - // Now the message has been read - if (n == -1 - && TAO_debug_level > 4 - && errno != ETIME) - { - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) - %p \n"), - ACE_TEXT ("TAO - read message failure ") - ACE_TEXT ("recv_i () \n"))); - } - - // Error handling - if (n == -1) - { - if (errno == EWOULDBLOCK) - return 0; - - return -1; - } - // @@ What are the other error handling here?? - else if (n == 0) - { - return -1; - } - - return n; -} - -int -TAO::SSLIOP::Transport::send_request (TAO_Stub *stub, - TAO_ORB_Core *orb_core, - TAO_OutputCDR &stream, - int message_semantics, - ACE_Time_Value *max_wait_time) -{ - if (this->ws_->sending_request (orb_core, - message_semantics) == -1) - return -1; - - if (this->send_message (stream, - stub, - message_semantics, - max_wait_time) == -1) - - return -1; - - return 0; -} - -int -TAO::SSLIOP::Transport::send_message (TAO_OutputCDR &stream, - TAO_Stub *stub, - int message_semantics, - ACE_Time_Value *max_wait_time) -{ - // Format the message in the stream first - if (this->messaging_object_->format_message (stream) != 0) - return -1; - - // Strictly speaking, should not need to loop here because the - // socket never gets set to a nonblocking mode ... some Linux - // versions seem to need it though. Leaving it costs little. - - // This guarantees to send all data (bytes) or return an error. - const ssize_t n = this->send_message_shared (stub, - message_semantics, - stream.begin (), - max_wait_time); - - if (n == -1) - { - if (TAO_debug_level) - ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO: (%P|%t|%N|%l) closing transport ") - ACE_TEXT ("%d after fault %p\n"), - this->id (), - ACE_TEXT ("send_message ()\n"))); - - return -1; - } - - return 1; -} - - -int -TAO::SSLIOP::Transport::generate_request_header ( - TAO_Operation_Details &opdetails, - TAO_Target_Specification &spec, - TAO_OutputCDR &msg) -{ - // Check whether we have a Bi Dir IIOP policy set, whether the - // messaging objects are ready to handle bidirectional connections - // and also make sure that we have not recd. or sent any information - // regarding this before... - if (this->orb_core ()->bidir_giop_policy () - && this->messaging_object_->is_ready_for_bidirectional (msg) - && this->bidirectional_flag () < 0) - { - this->set_bidir_context_info (opdetails); - - // Set the flag to 1 - this->bidirectional_flag (1); - - // At the moment we enable BiDIR giop we have to get a new - // request id to make sure that we follow the even/odd rule - // for request id's. We only need to do this when enabled - // it, after that the Transport Mux Strategy will make sure - // that the rule is followed - opdetails.request_id (this->tms ()->request_id ()); - } - - // We are going to pass on this request to the underlying messaging - // layer. It should take care of this request - return TAO_Transport::generate_request_header (opdetails, - spec, - msg); -} - -int -TAO::SSLIOP::Transport::messaging_init (CORBA::Octet major, - CORBA::Octet minor) -{ - this->messaging_object_->init (major, - minor); - return 1; -} - - -int -TAO::SSLIOP::Transport::tear_listen_point_list (TAO_InputCDR &cdr) -{ - CORBA::Boolean byte_order; - if ((cdr >> ACE_InputCDR::to_boolean (byte_order)) == 0) - return -1; - - cdr.reset_byte_order (static_cast<int> (byte_order)); - - IIOP::ListenPointList listen_list; - if ((cdr >> listen_list) == 0) - return -1; - - // As we have received a bidirectional information, set the flag to - // 0 - this->bidirectional_flag (0); - - return this->connection_handler_->process_listen_point_list (listen_list); -} - - - -void -TAO::SSLIOP::Transport::set_bidir_context_info ( - TAO_Operation_Details &opdetails) -{ - // Get a handle on to the acceptor registry - TAO_Acceptor_Registry &ar = - this->orb_core ()->lane_resources ().acceptor_registry (); - - // Get the first acceptor in the registry - TAO_AcceptorSetIterator acceptor = ar.begin (); - - IIOP::ListenPointList listen_point_list; - - for (; - acceptor != ar.end (); - acceptor++) - { - // Check whether it is a IIOP acceptor - if ((*acceptor)->tag () == IOP::TAG_INTERNET_IOP) - { - if (this->get_listen_point (listen_point_list, - *acceptor) == -1) - { - ACE_ERROR ((LM_ERROR, - "TAO (%P|%t) - SSLIOP_Transport::set_bidir_info, ", - "error getting listen_point \n")); - - return; - } - } - } - - // We have the ListenPointList at this point. Create a output CDR - // stream at this point - TAO_OutputCDR cdr; - - // Marshall the information into the stream - if ((cdr << ACE_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER) == 0) - || (cdr << listen_point_list) == 0) - return; - - // Add this info in to the svc_list - opdetails.request_service_context ().set_context (IOP::BI_DIR_IIOP, - cdr); - return; -} - - -int -TAO::SSLIOP::Transport::get_listen_point ( - IIOP::ListenPointList &listen_point_list, - TAO_Acceptor *acceptor) -{ - TAO::SSLIOP::Acceptor *ssliop_acceptor = - dynamic_cast<TAO::SSLIOP::Acceptor *> (acceptor); - - if (ssliop_acceptor == 0) - return -1; - - // Get the array of IIOP (not SSLIOP!) endpoints serviced by the - // SSLIOP_Acceptor. - const ACE_INET_Addr *endpoint_addr = - ssliop_acceptor->endpoints (); - - // Get the count - const size_t count = - ssliop_acceptor->endpoint_count (); - - // The SSL port is stored in the SSLIOP::SSL component associated - // with the SSLIOP_Acceptor. - const ::SSLIOP::SSL &ssl = ssliop_acceptor->ssl_component (); - - // Get the local address of the connection - ACE_INET_Addr local_addr; - { - if (this->connection_handler_->peer ().get_local_addr (local_addr) - == -1) - { - ACE_ERROR_RETURN ((LM_ERROR, - ACE_TEXT ("(%P|%t) Could not resolve local host") - ACE_TEXT (" address in get_listen_point()\n")), - -1); - } - - } - - // Note: Looks like there is no point in sending the list of - // endpoints on interfaces on which this connection has not - // been established. If this is wrong, please correct me. - CORBA::String_var local_interface; - - // Get the hostname for the local address - if (ssliop_acceptor->hostname (this->orb_core_, - local_addr, - local_interface.out ()) == -1) - { - ACE_ERROR_RETURN ((LM_ERROR, - ACE_TEXT ("(%P|%t) Could not resolve local host") - ACE_TEXT (" name \n")), - -1); - } - - for (size_t index = 0; index < count; ++index) - { - if (local_addr.get_ip_address () - == endpoint_addr[index].get_ip_address ()) - { - // Get the count of the number of elements - const CORBA::ULong len = listen_point_list.length (); - - // Increase the length by 1 - listen_point_list.length (len + 1); - - // We have the connection and the acceptor endpoint on the - // same interface - IIOP::ListenPoint & point = listen_point_list[len]; - point.host = CORBA::string_dup (local_interface.in ()); - - // All endpoints, if more than one, serviced by the - // SSLIOP_Acceptor should be listening on the same port (due - // to the bind to the INADDR_ANY address). - point.port = ssl.port; - } - } - - return 1; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h deleted file mode 100644 index fec7a5ee95f..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Transport.h +++ /dev/null @@ -1,159 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Transport.h - * - * $Id$ - * - * SSLIOP Transport specific processing. - * - * @author Carlos O'Ryan <coryan@ece.uci.edu> - * @author Ossama Othman <ossama@dre.vanderbilt.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_TRANSPORT_H -#define TAO_SSLIOP_TRANSPORT_H - -#include /**/ "ace/pre.h" - -#include "orbsvcs/SSLIOP/SSLIOP_Export.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "tao/Transport.h" -#include "tao/operation_details.h" -#include "tao/GIOP_Message_Version.h" -#include "tao/Pluggable_Messaging_Utils.h" -#include "tao/IIOPC.h" - -#include "ace/SSL/SSL_SOCK_Stream.h" - -#include "ace/Svc_Handler.h" - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -// Forward decls. -class TAO_ORB_Core; -class TAO_Pluggable_Messaging; -class TAO_Acceptor; - -namespace TAO -{ - namespace SSLIOP - { - typedef ACE_Svc_Handler<ACE_SSL_SOCK_STREAM, ACE_NULL_SYNCH> SVC_HANDLER; - - class Handler_Base; - class Connection_Handler; - - /** - * @class Transport - * - * @brief SSLIOP-specific transport implementation. - * - * SSLIOP-specific transport implementation. - */ - class TAO_SSLIOP_Export Transport : public TAO_Transport - { - public: - - /// Constructor. - Transport (Connection_Handler *handler, - TAO_ORB_Core *orb_core, - CORBA::Boolean flag); - - /// Default destructor. - ~Transport (void); - - /// Overload of the handle_input () in the TAO_Transport - /// class. This is required to set up the state guard. The - /// thread-per-connection and wait on RW strategies call this - /// handle_input (). - virtual int handle_input (TAO_Resume_Handle &rh, - ACE_Time_Value *max_wait_time = 0, - int block = 0); - - protected: - /** @name Overridden Template Methods - * - * These are implementations of template methods declared by - * TAO_Transport. - */ - //@{ - virtual ACE_Event_Handler * event_handler_i (void); - virtual TAO_Connection_Handler *connection_handler_i (void); - - virtual TAO_Pluggable_Messaging *messaging_object (void); - - /// Write the complete Message_Block chain to the connection. - virtual ssize_t send (iovec *iov, int iovcnt, - size_t &bytes_transferred, - const ACE_Time_Value *timeout = 0); - - /// Read len bytes from into buf. - virtual ssize_t recv (char *buf, - size_t len, - const ACE_Time_Value *s = 0); - - public: - /// @todo These methods IMHO should have more meaningful - /// names. The names seem to indicate nothing. - virtual int send_request (TAO_Stub *stub, - TAO_ORB_Core *orb_core, - TAO_OutputCDR &stream, - int message_semantics, - ACE_Time_Value *max_wait_time); - - virtual int send_message (TAO_OutputCDR &stream, - TAO_Stub *stub = 0, - int message_semantics = - TAO_Transport::TAO_TWOWAY_REQUEST, - ACE_Time_Value *max_time_wait = 0); - - virtual int generate_request_header (TAO_Operation_Details &opdetails, - TAO_Target_Specification &spec, - TAO_OutputCDR &msg); - - /// Initialising the messaging object - virtual int messaging_init (CORBA::Octet major, - CORBA::Octet minor); - - /// Open teh service context list and process it. - virtual int tear_listen_point_list (TAO_InputCDR &cdr); - //@} - - private: - - /// Set the Bidirectional context info in the service context - /// list. - void set_bidir_context_info (TAO_Operation_Details &opdetails); - - /// Add the listen points in @a acceptor to the @a - /// listen_point_list if this connection is in the same - /// interface as that of the endpoints in the @a acceptor. - int get_listen_point (IIOP::ListenPointList &listen_point_list, - TAO_Acceptor *acceptor); - - private: - - /// The connection service handler used for accessing lower layer - /// communication protocols. - Connection_Handler *connection_handler_; - - /// Our messaging object. - TAO_Pluggable_Messaging *messaging_object_; - }; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" -#endif /* TAO_SSLIOP_TRANSPORT_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.cpp deleted file mode 100644 index 385e58f64e2..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.cpp +++ /dev/null @@ -1,58 +0,0 @@ -#include "orbsvcs/SSLIOP/SSLIOP_Util.h" - - -ACE_RCSID (SSLIOP, - SSLIOP_Util, - "$Id$") - - -#include "orbsvcs/SSLIOP/SSLIOP_Connection_Handler.h" -#include "orbsvcs/SSLIOP/SSLIOP_Current.h" - -#include "tao/ORB_Core.h" -#include "tao/debug.h" - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -TAO::SSLIOP::Current_ptr -TAO::SSLIOP::Util::current ( - TAO_ORB_Core *orb_core) -{ - ACE_DECLARE_NEW_CORBA_ENV; - ACE_TRY - { - // Go straight to the object_ref_table in the ORB Core to avoid - // the ORB::resolve_initial_references() mechanism's complaints - // about the fact that the ORB isn't fully initialized yet - // (happens on the client side). - CORBA::Object_var obj = - orb_core->object_ref_table ().resolve_initial_reference ( - "SSLIOPCurrent"); - - TAO::SSLIOP::Current_var tao_current = - TAO::SSLIOP::Current::_narrow (obj.in () - ACE_ENV_ARG_PARAMETER); - ACE_TRY_CHECK; - - if (CORBA::is_nil (tao_current.in ())) - ACE_TRY_THROW (CORBA::INV_OBJREF ()); - - return tao_current._retn (); - } - ACE_CATCHANY - { - if (TAO_debug_level > 0) - ACE_PRINT_EXCEPTION (ACE_ANY_EXCEPTION, - "Could not resolve " - "\"SSLIOPCurrent\" object"); - - return 0; - } - ACE_ENDTRY; - ACE_CHECK_RETURN (0); - - return 0; -} - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.h deleted file mode 100644 index 15e3e5f1545..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Util.h +++ /dev/null @@ -1,65 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_Util.h - * - * $Id$ - * - * Utility class used by the SSLIOP pluggable protocol. - * - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - - -#ifndef TAO_SSLIOP_UTIL_H -#define TAO_SSLIOP_UTIL_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_Current.h" - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -class TAO_ORB_Core; -class TAO_IIOP_Properties; - -namespace TAO -{ - namespace SSLIOP - { - /** - * @class Util - * - * @brief Class that provides utility/helper methods for several - * classes in the SSLIOP pluggable protocol. - * - * Methods useful to many classes in the SSLIOP pluggable protocol - * are centrally located in this uility class. - */ - class Util - { - public: - - /// Access Current. - static TAO::SSLIOP::Current_ptr current ( - TAO_ORB_Core *orb_core); - - }; - - } // End SSLIOP namespace. -} // End TAO namespace. - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_UTIL_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h deleted file mode 100644 index fc46e69fa9c..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h +++ /dev/null @@ -1,84 +0,0 @@ -// -*- C++ -*- - -//============================================================================= -/** - * @file SSLIOP_X509.h - * - * $Id$ - * - * @author Ossama Othman <ossama@uci.edu> - */ -//============================================================================= - -#ifndef TAO_SSLIOP_X509_H -#define TAO_SSLIOP_X509_H - -#include /**/ "ace/pre.h" - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -#pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.h" - -#include <openssl/x509.h> -#include <openssl/crypto.h> - - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -namespace TAO -{ - namespace SSLIOP - { - // OpenSSL @c X509 structure traits specialization. - template <> - struct OpenSSL_traits< ::X509 > - { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_X509 }; - - /// Increase the reference count on the given OpenSSL structure. - /** - * @note This used to be in a function template but MSVC++ 6 - * can't handle function templates correctly so reproduce - * the code in each specialization. *sigh* - */ - static ::X509 * _duplicate (::X509 * st) - { - if (st != 0) - CRYPTO_add (&(st->references), - 1, - LOCK_ID); - - return st; - } - - /// Perform deep copy of the given OpenSSL structure. - static ::X509 * copy (::X509 const & st) - { - return ::X509_dup (const_cast< ::X509 *> (&st)); - } - - /// Decrease the reference count on the given OpenSSL - /// structure. - static void release (::X509 * st) - { - ::X509_free (st); - } - }; - - typedef OpenSSL_st_var< ::X509 > X509_var; - - } // End SSLIOP namespace. -} // End TAO namespace. - - -TAO_END_VERSIONED_NAMESPACE_DECL - -#include /**/ "ace/post.h" - -#endif /* TAO_SSLIOP_X509_H */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/params_dup.c b/TAO/orbsvcs/orbsvcs/SSLIOP/params_dup.c deleted file mode 100644 index cea38d78e06..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/params_dup.c +++ /dev/null @@ -1,19 +0,0 @@ -// $Id$ - -#include "params_dup.h" - -#include <openssl/asn1.h> - - -DSA * -DSAPARAMS_DUP_WRAPPER_NAME (DSA * dsa) -{ - return DSAparams_dup (dsa); -} - -DH * -DHPARAMS_DUP_WRAPPER_NAME (DH * dh) -{ - return DHparams_dup (dh); -} - diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/params_dup.h b/TAO/orbsvcs/orbsvcs/SSLIOP/params_dup.h deleted file mode 100644 index 350705ec2d0..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/params_dup.h +++ /dev/null @@ -1,44 +0,0 @@ -/* $Id$ */ - -#ifndef TAO_SSLIOP_PARAMS_DUP_H -#define TAO_SSLIOP_PARAMS_DUP_H - -#include /**/ "ace/pre.h" - -#include "ace/config-macros.h" -#include "tao/Versioned_Namespace.h" - -// As of 0.9.7e, OpenSSL's DSAparams_dup() and DHparams_dup() macros -// contain casts that are invalid in C++. These C wrapper functions -// allows them to be called from C++. - -#include <openssl/dsa.h> -#include <openssl/dh.h> - -#if (defined (TAO_HAS_VERSIONED_NAMESPACE) && TAO_HAS_VERSIONED_NAMESPACE == 1) - -# define DSAPARAMS_DUP_WRAPPER_NAME ACE_PREPROC_CONCATENATE(TAO_VERSIONED_NAMESPACE_NAME, _DSAparams_dup_wrapper) -# define DHPARAMS_DUP_WRAPPER_NAME ACE_PREPROC_CONCATENATE(TAO_VERSIONED_NAMESPACE_NAME, _DHparams_dup_wrapper) - -#else - -# define DSAPARAMS_DUP_WRAPPER_NAME DSAparams_dup_wrapper -# define DHPARAMS_DUP_WRAPPER_NAME DHparams_dup_wrapper - -#endif /* ACE_HAS_VERSIONED_NAMESPACE == 1 */ - - -#ifdef __cplusplus -extern "C" { -#endif - -extern DSA *DSAPARAMS_DUP_WRAPPER_NAME (DSA *dsa); -extern DH *DHPARAMS_DUP_WRAPPER_NAME (DH *dh); - -#ifdef __cplusplus -} -#endif - -#include /**/ "ace/post.h" - -#endif diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.pidl b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.pidl deleted file mode 100644 index 93bbab422d8..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpoints.pidl +++ /dev/null @@ -1,33 +0,0 @@ -// $Id$ -// ================================================================ - -/** - * This file contains idl definition for data structures used to - * encapsulate data in TAO_TAG_SSL_ENDPOINTS tagged component. This - * TAO-specific component is used for transmission of multiple - * endpoints per single SSLIOP profile. See SSLIOP_Profile.* - * for more details. - * - * This file was used to generate the code in - * ssl_endpoints.* The command used to generate code - * is: - * - * tao_idl - * -Sa -Sc -Gp -Gd -DCORBA3 -Sci - * -Wb,export_macro=TAO_SSLIOP_Export \ - * -Wb,pre_include="ace/pre.h" \ - * -Wb,post_include="ace/post.h" \ - * ssl_endpoints.pidl - */ - -#ifndef _SSL_ENDPOINTS_IDL_ -#define _SSL_ENDPOINTS_IDL_ - -#include "orbsvcs/SSLIOP.idl" - -/// Stores information for a collection of SSLIOP endpoints. -typedef sequence <SSLIOP::SSL> TAO_SSLEndpointSequence; - -#pragma prefix "" - -#endif /* _SSL_ENDPOINTS_IDL_ */ diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpointsC.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpointsC.cpp deleted file mode 100644 index b9d85e7b2b7..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpointsC.cpp +++ /dev/null @@ -1,165 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -// **** Code generated by the The ACE ORB (TAO) IDL Compiler **** -// TAO and the TAO IDL Compiler have been developed by: -// Center for Distributed Object Computing -// Washington University -// St. Louis, MO -// USA -// http://www.cs.wustl.edu/~schmidt/doc-center.html -// and -// Distributed Object Computing Laboratory -// University of California at Irvine -// Irvine, CA -// USA -// http://doc.ece.uci.edu/ -// and -// Institute for Software Integrated Systems -// Vanderbilt University -// Nashville, TN -// USA -// http://www.isis.vanderbilt.edu/ -// -// Information about TAO is available at: -// http://www.cs.wustl.edu/~schmidt/TAO.html - -// TAO_IDL - Generated from -// be\be_codegen.cpp:291 - - -#include "tao/AnyTypeCode/Null_RefCount_Policy.h" -#include "tao/AnyTypeCode/TypeCode_Constants.h" -#include "tao/AnyTypeCode/Alias_TypeCode_Static.h" -#include "tao/AnyTypeCode/Sequence_TypeCode_Static.h" -#include "tao/AnyTypeCode/String_TypeCode_Static.h" -#include "orbsvcs/SSLIOP/ssl_endpointsC.h" -#include "tao/CDR.h" - -#if defined (__BORLANDC__) -#pragma option -w-rvl -w-rch -w-ccc -w-aus -w-sig -#endif /* __BORLANDC__ */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -// TAO_IDL - Generated from -// be\be_visitor_arg_traits.cpp:69 - -// Arg traits specializations. -namespace TAO -{ -} - - -// TAO_IDL - Generated from -// be\be_visitor_sequence/sequence_cs.cpp:65 - -#if !defined (_TAO_SSLENDPOINTSEQUENCE_CS_) -#define _TAO_SSLENDPOINTSEQUENCE_CS_ - -TAO_SSLEndpointSequence::TAO_SSLEndpointSequence (void) -{} - -TAO_SSLEndpointSequence::TAO_SSLEndpointSequence ( - CORBA::ULong max - ) - : TAO::unbounded_value_sequence< - SSLIOP::SSL - > - (max) -{} - -TAO_SSLEndpointSequence::TAO_SSLEndpointSequence ( - CORBA::ULong max, - CORBA::ULong length, - SSLIOP::SSL * buffer, - CORBA::Boolean release - ) - : TAO::unbounded_value_sequence< - SSLIOP::SSL - > - (max, length, buffer, release) -{} - -TAO_SSLEndpointSequence::TAO_SSLEndpointSequence ( - const TAO_SSLEndpointSequence &seq - ) - : TAO::unbounded_value_sequence< - SSLIOP::SSL - > - (seq) -{} - -TAO_SSLEndpointSequence::~TAO_SSLEndpointSequence (void) -{} - -#endif /* end #if !defined */ - -// TAO_IDL - Generated from -// be\be_visitor_typecode/alias_typecode.cpp:31 - - - -// TAO_IDL - Generated from -// be\be_visitor_typecode/typecode_defn.cpp:925 - - -#ifndef _TAO_TYPECODE_TAO_SSLEndpointSequence_GUARD -#define _TAO_TYPECODE_TAO_SSLEndpointSequence_GUARD -namespace TAO -{ - namespace TypeCode - { - TAO::TypeCode::Sequence< ::CORBA::TypeCode_ptr const *, - TAO::Null_RefCount_Policy> - TAO_SSLEndpointSequence_0 ( - CORBA::tk_sequence, - &SSLIOP::_tc_SSL, - 0U); - - ::CORBA::TypeCode_ptr const tc_TAO_SSLEndpointSequence_0 = - &TAO_SSLEndpointSequence_0; - - } -} - - -#endif /* _TAO_TYPECODE_TAO_SSLEndpointSequence_GUARD */ -static TAO::TypeCode::Alias<char const *, - CORBA::TypeCode_ptr const *, - TAO::Null_RefCount_Policy> - _tao_tc_TAO_SSLEndpointSequence ( - CORBA::tk_alias, - "IDL:TAO_SSLEndpointSequence:1.0", - "TAO_SSLEndpointSequence", - &TAO::TypeCode::tc_TAO_SSLEndpointSequence_0); - -::CORBA::TypeCode_ptr const _tc_TAO_SSLEndpointSequence = - &_tao_tc_TAO_SSLEndpointSequence; - -// TAO_IDL - Generated from -// be\be_visitor_sequence/cdr_op_cs.cpp:96 - -#if !defined _TAO_CDR_OP_TAO_SSLEndpointSequence_CPP_ -#define _TAO_CDR_OP_TAO_SSLEndpointSequence_CPP_ - -CORBA::Boolean operator<< ( - TAO_OutputCDR &strm, - const TAO_SSLEndpointSequence &_tao_sequence - ) -{ - return TAO::marshal_sequence(strm, _tao_sequence); -} - -CORBA::Boolean operator>> ( - TAO_InputCDR &strm, - TAO_SSLEndpointSequence &_tao_sequence - ) -{ - return TAO::demarshal_sequence(strm, _tao_sequence); -} - -#endif /* _TAO_CDR_OP_TAO_SSLEndpointSequence_CPP_ */ - -TAO_END_VERSIONED_NAMESPACE_DECL diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpointsC.h b/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpointsC.h deleted file mode 100644 index 5d117696d17..00000000000 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/ssl_endpointsC.h +++ /dev/null @@ -1,158 +0,0 @@ -// -*- C++ -*- -// -// $Id$ - -// **** Code generated by the The ACE ORB (TAO) IDL Compiler **** -// TAO and the TAO IDL Compiler have been developed by: -// Center for Distributed Object Computing -// Washington University -// St. Louis, MO -// USA -// http://www.cs.wustl.edu/~schmidt/doc-center.html -// and -// Distributed Object Computing Laboratory -// University of California at Irvine -// Irvine, CA -// USA -// http://doc.ece.uci.edu/ -// and -// Institute for Software Integrated Systems -// Vanderbilt University -// Nashville, TN -// USA -// http://www.isis.vanderbilt.edu/ -// -// Information about TAO is available at: -// http://www.cs.wustl.edu/~schmidt/TAO.html - -// TAO_IDL - Generated from -// be\be_codegen.cpp:153 - -#ifndef _TAO_IDL_ORIG_SSL_ENDPOINTSC_H_ -#define _TAO_IDL_ORIG_SSL_ENDPOINTSC_H_ - -#include /**/ "ace/pre.h" - - -#include "ace/config-all.h" - -#if !defined (ACE_LACKS_PRAGMA_ONCE) -# pragma once -#endif /* ACE_LACKS_PRAGMA_ONCE */ - -#include "tao/ORB.h" -#include "tao/SystemException.h" -#include "tao/Environment.h" -#include "tao/Sequence_T.h" -#include "tao/Seq_Var_T.h" -#include "tao/Seq_Out_T.h" - -#include "orbsvcs/SSLIOPC.h" - -#if defined (TAO_EXPORT_MACRO) -#undef TAO_EXPORT_MACRO -#endif -#define TAO_EXPORT_MACRO TAO_SSLIOP_Export - -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:4250) -#endif /* _MSC_VER */ - -#if defined (__BORLANDC__) -#pragma option push -w-rvl -w-rch -w-ccc -w-inl -#endif /* __BORLANDC__ */ - -TAO_BEGIN_VERSIONED_NAMESPACE_DECL - -// TAO_IDL - Generated from -// be\be_visitor_sequence/sequence_ch.cpp:101 - -#if !defined (_TAO_SSLENDPOINTSEQUENCE_CH_) -#define _TAO_SSLENDPOINTSEQUENCE_CH_ - -class TAO_SSLEndpointSequence; - -typedef - TAO_FixedSeq_Var_T< - TAO_SSLEndpointSequence - > - TAO_SSLEndpointSequence_var; - -typedef - TAO_Seq_Out_T< - TAO_SSLEndpointSequence - > - TAO_SSLEndpointSequence_out; - -class TAO_SSLIOP_Export TAO_SSLEndpointSequence - : public - TAO::unbounded_value_sequence< - SSLIOP::SSL - > -{ -public: - TAO_SSLEndpointSequence (void); - TAO_SSLEndpointSequence (CORBA::ULong max); - TAO_SSLEndpointSequence ( - CORBA::ULong max, - CORBA::ULong length, - SSLIOP::SSL* buffer, - CORBA::Boolean release = false - ); - TAO_SSLEndpointSequence (const TAO_SSLEndpointSequence &); - ~TAO_SSLEndpointSequence (void); - - typedef TAO_SSLEndpointSequence_var _var_type; -}; - -#endif /* end #if !defined */ - -// TAO_IDL - Generated from -// be\be_visitor_typecode/typecode_decl.cpp:44 - -extern TAO_SSLIOP_Export ::CORBA::TypeCode_ptr const _tc_TAO_SSLEndpointSequence; - -// TAO_IDL - Generated from -// be\be_visitor_traits.cpp:61 - -// Traits specializations. -namespace TAO -{ -} - -// TAO_IDL - Generated from -// be\be_visitor_sequence/cdr_op_ch.cpp:71 - -#if !defined _TAO_CDR_OP_TAO_SSLEndpointSequence_H_ -#define _TAO_CDR_OP_TAO_SSLEndpointSequence_H_ - -TAO_SSLIOP_Export CORBA::Boolean operator<< ( - TAO_OutputCDR &, - const TAO_SSLEndpointSequence & - ); -TAO_SSLIOP_Export CORBA::Boolean operator>> ( - TAO_InputCDR &, - TAO_SSLEndpointSequence & - ); - -#endif /* _TAO_CDR_OP_TAO_SSLEndpointSequence_H_ */ - -TAO_END_VERSIONED_NAMESPACE_DECL - -// TAO_IDL - Generated from -// be\be_codegen.cpp:955 - -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ - -#if defined (__BORLANDC__) -#pragma option pop -#endif /* __BORLANDC__ */ - -#include /**/ "ace/post.h" - -#endif /* ifndef */ - - |