diff options
Diffstat (limited to 'TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp')
-rw-r--r-- | TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp b/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp new file mode 100644 index 00000000000..68fd1fec4db --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp @@ -0,0 +1,187 @@ +/* -*- C++ -*- $Id$ */ + +#include <ace/OS.h> +#include <ace/Get_Opt.h> + +#include "MessengerC.h" +#include "orbsvcs/SecurityC.h" + +// Policy Example 1 +// ================ +// +// Example of a client that downgrades +// from message protection to no message +// protection and upgrades from no +// peer authentication to authentication +// of targets, i.e., authentication of +// servers. +// +// The server's service configuration file +// for this example is +// +// # server.conf +// dynamic SSLIOP_Factory Service_Object * +// TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() +// "-SSLNoProtection +// -SSLAuthenticate SERVER_AND_CLIENT +// -SSLPrivateKey PEM:serverkey.pem +// -SSLCertificate PEM:servercert.pem" +// +// static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +// +// The clients service configuration file +// for this example is: +// +// # client.conf +// dynamic SSLIOP_Factory Service_Object * +// TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() +// "-SSLAuthenticate NONE +// -SSLPrivateKey PEM:clientkey.pem +// -SSLCertificate PEM:clientcert.pem" +// +// static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +// +// Policy Example 2 +// ================ +// +// Example of client upgrading from +// no message protection and no +// no authentication to message +// protection and authentication +// of targets, i.e., authentication +// of servers. +// +// The server's service configuration file for this example is +// +// # server.conf +// dynamic SSLIOP_Factory Service_Object * +// TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() +// "-SSLAuthenticate SERVER_AND_CLIENT +// -SSLPrivateKey PEM:serverkey.pem +// -SSLCertificate PEM:servercert.pem" +// +// static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +// +// The client's service configuration file +// for this example is: +// +// # client.conf +// dynamic SSLIOP_Factory Service_Object * +// TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() +// "-SSLNoProtection +// -SSLAuthenticate NONE +// -SSLPrivateKey PEM:clientkey.pem +// -SSLCertificate PEM:clientcert.pem" +// +// static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +// + + +int which = 0; + +int +parse_args (int argc, ACE_TCHAR *argv[]) +{ + ACE_Get_Opt get_opts (argc, argv, "e:"); + int c; + + while ((c = get_opts ()) != -1) + switch (c) + { + case 'e': + which = ACE_OS::atoi(get_opts.optarg); + if(which < 1 || 2 < which) + ACE_ERROR_RETURN ((LM_ERROR, + "Usage: %s " + "-e [12]" + "\n", + argv [0]), + -1); + break; + case '?': + default: + ACE_ERROR_RETURN ((LM_ERROR, + "Usage: %s " + "-e [12]" + "\n", + argv [0]), + -1); + } + // Indicates sucessful parsing of the command line + return 0; +} + +int +ACE_TMAIN (int argc, ACE_TCHAR *argv[]) +{ + try { + + CORBA::ORB_var orb = + CORBA::ORB_init( argc, argv ); + + CORBA::Object_var obj = + orb->string_to_object( "file://Messenger.ior" ); + + if (parse_args (argc, argv) != 0) + return 1; + else if(which < 1 || 2 < which) + return 1; + + Security::QOP qop; + CORBA::Any protection; + Security::EstablishTrust establish_trust; + CORBA::Any trust; + CORBA::PolicyList policy_list (2); + + if (which == 1) + { + qop = Security::SecQOPNoProtection; + //qop = Security::SecQOPIntegrity; + + establish_trust.trust_in_client = 0; + establish_trust.trust_in_target = 1; + } + else + { + qop = Security::SecQOPIntegrityAndConfidentiality; + + establish_trust.trust_in_client = 0; + establish_trust.trust_in_target = 1; + } + + protection <<= qop; + trust <<= establish_trust; + + CORBA::Policy_var policy = + orb->create_policy (Security::SecQOPPolicy, protection); + + CORBA::Policy_var policy2 = + orb->create_policy (Security::SecEstablishTrustPolicy, trust); + + policy_list.length (1); + policy_list[0] = CORBA::Policy::_duplicate (policy.in ()); + policy_list.length (2); + policy_list[1] = CORBA::Policy::_duplicate (policy2.in ()); + + CORBA::Object_var object = + obj->_set_policy_overrides (policy_list, + CORBA::SET_OVERRIDE); + + Messenger_var messenger = + Messenger::_narrow( object.in() ); + + CORBA::String_var message = + CORBA::string_dup( "Implementing security policy now!" ); + + messenger->send_message( "Chief of Security", + "New Directive", + message.inout() ); + } + catch(const CORBA::Exception& ex) { + ex._tao_print_exception("Client: main block"); + return 1; + } + + return 0; +} + |