diff options
Diffstat (limited to 'TAO/DevGuideExamples/Security/PolicyControllingApp')
17 files changed, 636 insertions, 0 deletions
diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger.idl b/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger.idl new file mode 100644 index 00000000000..05cf30bf5f9 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger.idl @@ -0,0 +1,11 @@ +/* -*- C++ -*- $Id$ */ + +// messenger.idl + +interface Messenger + { + boolean send_message ( in string user_name, + in string subject, + inout string message ); + }; + diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp b/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp new file mode 100644 index 00000000000..68fd1fec4db --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp @@ -0,0 +1,187 @@ +/* -*- C++ -*- $Id$ */ + +#include <ace/OS.h> +#include <ace/Get_Opt.h> + +#include "MessengerC.h" +#include "orbsvcs/SecurityC.h" + +// Policy Example 1 +// ================ +// +// Example of a client that downgrades +// from message protection to no message +// protection and upgrades from no +// peer authentication to authentication +// of targets, i.e., authentication of +// servers. +// +// The server's service configuration file +// for this example is +// +// # server.conf +// dynamic SSLIOP_Factory Service_Object * +// TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() +// "-SSLNoProtection +// -SSLAuthenticate SERVER_AND_CLIENT +// -SSLPrivateKey PEM:serverkey.pem +// -SSLCertificate PEM:servercert.pem" +// +// static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +// +// The clients service configuration file +// for this example is: +// +// # client.conf +// dynamic SSLIOP_Factory Service_Object * +// TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() +// "-SSLAuthenticate NONE +// -SSLPrivateKey PEM:clientkey.pem +// -SSLCertificate PEM:clientcert.pem" +// +// static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +// +// Policy Example 2 +// ================ +// +// Example of client upgrading from +// no message protection and no +// no authentication to message +// protection and authentication +// of targets, i.e., authentication +// of servers. +// +// The server's service configuration file for this example is +// +// # server.conf +// dynamic SSLIOP_Factory Service_Object * +// TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() +// "-SSLAuthenticate SERVER_AND_CLIENT +// -SSLPrivateKey PEM:serverkey.pem +// -SSLCertificate PEM:servercert.pem" +// +// static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +// +// The client's service configuration file +// for this example is: +// +// # client.conf +// dynamic SSLIOP_Factory Service_Object * +// TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() +// "-SSLNoProtection +// -SSLAuthenticate NONE +// -SSLPrivateKey PEM:clientkey.pem +// -SSLCertificate PEM:clientcert.pem" +// +// static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +// + + +int which = 0; + +int +parse_args (int argc, ACE_TCHAR *argv[]) +{ + ACE_Get_Opt get_opts (argc, argv, "e:"); + int c; + + while ((c = get_opts ()) != -1) + switch (c) + { + case 'e': + which = ACE_OS::atoi(get_opts.optarg); + if(which < 1 || 2 < which) + ACE_ERROR_RETURN ((LM_ERROR, + "Usage: %s " + "-e [12]" + "\n", + argv [0]), + -1); + break; + case '?': + default: + ACE_ERROR_RETURN ((LM_ERROR, + "Usage: %s " + "-e [12]" + "\n", + argv [0]), + -1); + } + // Indicates sucessful parsing of the command line + return 0; +} + +int +ACE_TMAIN (int argc, ACE_TCHAR *argv[]) +{ + try { + + CORBA::ORB_var orb = + CORBA::ORB_init( argc, argv ); + + CORBA::Object_var obj = + orb->string_to_object( "file://Messenger.ior" ); + + if (parse_args (argc, argv) != 0) + return 1; + else if(which < 1 || 2 < which) + return 1; + + Security::QOP qop; + CORBA::Any protection; + Security::EstablishTrust establish_trust; + CORBA::Any trust; + CORBA::PolicyList policy_list (2); + + if (which == 1) + { + qop = Security::SecQOPNoProtection; + //qop = Security::SecQOPIntegrity; + + establish_trust.trust_in_client = 0; + establish_trust.trust_in_target = 1; + } + else + { + qop = Security::SecQOPIntegrityAndConfidentiality; + + establish_trust.trust_in_client = 0; + establish_trust.trust_in_target = 1; + } + + protection <<= qop; + trust <<= establish_trust; + + CORBA::Policy_var policy = + orb->create_policy (Security::SecQOPPolicy, protection); + + CORBA::Policy_var policy2 = + orb->create_policy (Security::SecEstablishTrustPolicy, trust); + + policy_list.length (1); + policy_list[0] = CORBA::Policy::_duplicate (policy.in ()); + policy_list.length (2); + policy_list[1] = CORBA::Policy::_duplicate (policy2.in ()); + + CORBA::Object_var object = + obj->_set_policy_overrides (policy_list, + CORBA::SET_OVERRIDE); + + Messenger_var messenger = + Messenger::_narrow( object.in() ); + + CORBA::String_var message = + CORBA::string_dup( "Implementing security policy now!" ); + + messenger->send_message( "Chief of Security", + "New Directive", + message.inout() ); + } + catch(const CORBA::Exception& ex) { + ex._tao_print_exception("Client: main block"); + return 1; + } + + return 0; +} + diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerServer.cpp b/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerServer.cpp new file mode 100644 index 00000000000..c6fdabeeb1e --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/MessengerServer.cpp @@ -0,0 +1,46 @@ +/* -*- C++ -*- $Id$ */ + +#include "Messenger_i.h" +#include <iostream> +#include <fstream> +int +ACE_TMAIN (int argc, ACE_TCHAR *argv[]) +{ + try { + // Initialize orb + CORBA::ORB_var orb = CORBA::ORB_init( argc, argv ); + + //Get reference to Root POA + CORBA::Object_var obj = orb->resolve_initial_references( "RootPOA" ); + PortableServer::POA_var poa = PortableServer::POA::_narrow( obj.in() ); + + // Activate POA Manager + PortableServer::POAManager_var mgr = poa->the_POAManager(); + mgr->activate(); + + // Create an object + Messenger_i messenger_servant; + + // Register the servant with the RootPOA, obtain its object + // reference, stringify it, and write it to a file. + PortableServer::ObjectId_var oid = + poa->activate_object( &messenger_servant ); + CORBA::Object_var messenger_obj = poa->id_to_reference( oid.in() ); + CORBA::String_var str = orb->object_to_string( messenger_obj.in() ); + std::ofstream iorFile( "Messenger.ior" ); + iorFile << str.in() << std::endl; + iorFile.close(); + std::cout << "IOR written to file Messenger.ior" << std::endl; + + // Accept requests + orb->run(); + orb->destroy(); + } + + catch(const CORBA::Exception& ex) { + ex._tao_print_exception("Server Error: main block"); + return 1; + } + + return 0; +} diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger_i.cpp b/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger_i.cpp new file mode 100644 index 00000000000..a7164df866b --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger_i.cpp @@ -0,0 +1,28 @@ +/* -*- C++ -*- $Id$ */ + +#include "Messenger_i.h" +#include <iostream> +// Implementation skeleton constructor +Messenger_i::Messenger_i (void) + { + } + +// Implementation skeleton destructor +Messenger_i::~Messenger_i (void) + { + } + +CORBA::Boolean Messenger_i::send_message ( + const char * user_name, + const char * subject, + char *& message + ) + throw(CORBA::SystemException) + + { + std::cout << "Message from: " << user_name << std::endl; + std::cout << "Subject: " << subject << std::endl; + std::cout << "Message: " << message << std::endl; + return 1; + } + diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger_i.h b/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger_i.h new file mode 100644 index 00000000000..7fdf50bdb45 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/Messenger_i.h @@ -0,0 +1,32 @@ +/* -*- C++ -*- $Id$ */ + +#ifndef MESSENGERI_H_ +#define MESSENGERI_H_ + +#include "MessengerS.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +#pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +//Class Messenger_i +class Messenger_i : public virtual POA_Messenger +{ +public: + //Constructor + Messenger_i (void); + + //Destructor + virtual ~Messenger_i (void); + +virtual CORBA::Boolean send_message ( + const char * user_name, + const char * subject, + char *& message + ) + throw (CORBA::SystemException); + +}; + + +#endif /* MESSENGERI_H_ */ diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/PolicyControllingApp.mpc b/TAO/DevGuideExamples/Security/PolicyControllingApp/PolicyControllingApp.mpc new file mode 100644 index 00000000000..2a2b7c7c4a2 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/PolicyControllingApp.mpc @@ -0,0 +1,13 @@ +project(*Server): portableserver, orbsvcsexe, security, ssliop { + Source_Files { + Messenger_i.cpp + MessengerServer.cpp + } +} + +project(*Client): orbsvcsexe, security, ssliop { + Source_Files { + MessengerC.cpp + MessengerClient.cpp + } +} diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/README b/TAO/DevGuideExamples/Security/PolicyControllingApp/README new file mode 100644 index 00000000000..bf3b57390a4 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/README @@ -0,0 +1,144 @@ +TAO Security + +DevGuideExamples/Security/PolicyControllingApp/README + +This directory contains an illustration of a security aware +application that modifies security service policies. Similar +to the security unaware application example, these examples +vary the client and server's configurations. However, there +are also different paths through the client application that +demonstrate different policy settings. + +For readability, long text lines from the example's service +configuration files are split into multiple lines. A backslash +indicates the end of partial line except for the final fragment. +The backslashes should be removed and the fragments joined for +use with the example programs. + +For simplicity, the pass phrases have been stripped from the +private keys included with these examples in the 1.2a release. +This *should not* be construed as a recommended practice. Instead, +OCI strongly recommends that the security requirements of each +real-world application be evaluated carefully and that appropriate +procedures and practice be established accordingly. Private keys +without pass phrase protection are easily compromised and may +allow an unauthorized party to masquerade as an authorized system +user. + +Prior to running the server in these examples, the SSL_CERT_FILE +environment variable must be set, e.g., + # /bin/bash + export SSL_CERT_FILE=cacert.pem +or + rem Windows + set SSL_CERT_FILE=cacert.pem + +Example 1: Client sets Quality of Protection to NoProtection +------------------------------------------------------------ +The server is configured to accept both secured and unsecured +invocations (by setting -SSLNoProtection). The client is +configured to make secured invocations only. The client +application sets the quality of protection policy to +no protection to make an unsecured invocation to the server. + +The server's configuration is: + +# +# server.conf +# +dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \ + "-SSLNoProtection \ + -SSLAuthenticate SERVER_AND_CLIENT \ + -SSLPrivateKey PEM:serverkey.pem \ + -SSLCertificate PEM:servercert.pem" + +static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +# +# end of server.conf +# + +The client's configuration is: + +# +# client.conf +# +dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \ + "-SSLAuthenticate NONE \ + -SSLPrivateKey PEM:clientkey.pem \ + -SSLCertificate PEM:clientcert.pem" + +static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +# +# end of client.conf +# + +To run the server: + ./MessengerServer -ORBSvcConf server.conf + +To run the client: + ./MessengerClient -e 1 -ORBSvcConf client.conf + +Note: as presented in the 1.2a Developer's Guide, the client code +for this first example also manipulates the establish trust +policy. After the text went to print, changes in TAO have required +a change to this example such that the establish trust policy can't +be modified as shown in the text without causing an exception. This +example has been modified accordingly to execute without causing an +exception. + +Example 2: Client sets Quality of Protection to IntegrityAndConfidentiality +and EstablishTrust to authenticate the server +--------------------------------------------------------------------------- +The server is configured to accept secured invocations only. The client +is configured to issue unsecured invocations by default (-SSLNoProtection is +set). The client sets the quality of protection policy to integrity and +confidentiality and establish trust policy to authenticate the server. This +can only be achieved via a secured invocation. + +The server's configuration is: + +# +# server1.conf +# +dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \ + "-SSLAuthenticate SERVER_AND_CLIENT \ + -SSLPrivateKey PEM:serverkey.pem \ + -SSLCertificate PEM:servercert.pem" + +static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +# +# end of server1.conf +# + +The client's configuration is: + +# +# client1.conf +# +dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \ + "-SSLNoProtection \ + -SSLAuthenticate NONE \ + -SSLPrivateKey PEM:clientkey.pem \ + -SSLCertificate PEM:clientcert.pem" + +static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" +# +# end of client1.conf +# + +To run the server: + ./MessengerServer -ORBSvcConf server1.conf + +To run the client: + ./MessengerClient -e 2 -ORBSvcConf client1.conf + + +-------------------------------------------------- +Files: DevGuideExamples/Security/PolicyControllingApp + +Messenger.idl - Messenger interface definition. +Messenger_i.h - Messenger servant class definition. +Messenger_i.cpp - Messenger servant implementation. +MessengerServer.cpp - MessengerServer process main. +MessengerClient.cpp - MessengerClient process main. + diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/cacert.pem b/TAO/DevGuideExamples/Security/PolicyControllingApp/cacert.pem new file mode 100644 index 00000000000..c493d28a523 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/cacert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDujCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgTCE1pc3NvdXJpMRIwEAYDVQQHEwlTdC4gTG91aXMxHzAdBgNVBAoT +Fk9iamVjdCBDb21wdXRpbmcsIEluYy4xDDAKBgNVBAsTA1RBTzEdMBsGA1UEAxMU +Q2VydGlmeWluZyBBdXRob3JpdHkxHDAaBgkqhkiG9w0BCQEWDWNhQG9jaXdlYi5j +b20wHhcNMDMwNzIzMjAyNDIwWhcNMTMwNzIwMjAyNDIwWjCBoDELMAkGA1UEBhMC +VVMxETAPBgNVBAgTCE1pc3NvdXJpMRIwEAYDVQQHEwlTdC4gTG91aXMxHzAdBgNV +BAoTFk9iamVjdCBDb21wdXRpbmcsIEluYy4xDDAKBgNVBAsTA1RBTzEdMBsGA1UE +AxMUQ2VydGlmeWluZyBBdXRob3JpdHkxHDAaBgkqhkiG9w0BCQEWDWNhQG9jaXdl +Yi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO4QS4bqrXVuBnHsOg1/ +gijXjiWhFTngG/sDLWAA52fHIobyFo5//7UaLedke0fkwqsmky8hjzSbXGJsGI5g +Yjp2Va7WeJhRQNr8VYWobCq00f//drHN2NF5M23Cx0JF9WfyfWpqq5TQRGtVZ+We ++q4S6wH1exZrVGHfkp5Xq5FvAgMBAAGjggEAMIH9MB0GA1UdDgQWBBQvTY0YWmHq +o2TMOKba/ECH9ayXZzCBzQYDVR0jBIHFMIHCgBQvTY0YWmHqo2TMOKba/ECH9ayX +Z6GBpqSBozCBoDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1pc3NvdXJpMRIwEAYD +VQQHEwlTdC4gTG91aXMxHzAdBgNVBAoTFk9iamVjdCBDb21wdXRpbmcsIEluYy4x +DDAKBgNVBAsTA1RBTzEdMBsGA1UEAxMUQ2VydGlmeWluZyBBdXRob3JpdHkxHDAa +BgkqhkiG9w0BCQEWDWNhQG9jaXdlYi5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkq +hkiG9w0BAQQFAAOBgQBgjn97nbyyjFxyHC8vheAiDCQRblI4lZbZC6vSmxxqEGze +eAMiTYL2iK3vj2Ot3V2/o5VdLyEYV4RBP2iq1XuMYXjmL2ni+NVgepyXceynH8/b +72yciZZcDE5FVUaMUHAgZUpxsGSDyD70LnOFwBxuvxtlMtG5vXYNvwF/FJPs1g== +-----END CERTIFICATE----- diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/client.conf b/TAO/DevGuideExamples/Security/PolicyControllingApp/client.conf new file mode 100644 index 00000000000..1130e620d7b --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/client.conf @@ -0,0 +1,6 @@ +# $Id$ + +# client.conf +dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLAuthenticate NONE -SSLPrivateKey PEM:clientkey.pem -SSLCertificate PEM:clientcert.pem" + +static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/client1.conf b/TAO/DevGuideExamples/Security/PolicyControllingApp/client1.conf new file mode 100644 index 00000000000..23f4e0a5859 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/client1.conf @@ -0,0 +1,6 @@ +# $Id$ + +# client.conf +dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLNoProtection -SSLAuthenticate NONE -SSLPrivateKey PEM:clientkey.pem -SSLCertificate PEM:clientcert.pem" + +static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/clientcert.pem b/TAO/DevGuideExamples/Security/PolicyControllingApp/clientcert.pem new file mode 100644 index 00000000000..56616fcd469 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/clientcert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAhACAQQwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlVTMREwDwYD +VQQIEwhNaXNzb3VyaTESMBAGA1UEBxMJU3QuIExvdWlzMR8wHQYDVQQKExZPYmpl +Y3QgQ29tcHV0aW5nLCBJbmMuMQwwCgYDVQQLEwNUQU8xHTAbBgNVBAMTFENlcnRp +ZnlpbmcgQXV0aG9yaXR5MRwwGgYJKoZIhvcNAQkBFg1jYUBvY2l3ZWIuY29tMB4X +DTAzMDgwODAwMjIwN1oXDTEzMDgwNTAwMjIwN1owgZYxCzAJBgNVBAYTAlVTMREw +DwYDVQQIEwhNaXNzb3VyaTESMBAGA1UEBxMJU3QuIExvdWlzMR8wHQYDVQQKExZP +YmplY3QgQ29tcHV0aW5nLCBJbmMuMQwwCgYDVQQLEwNUQU8xDzANBgNVBAMTBmNs +aWVudDEgMB4GCSqGSIb3DQEJARYRY2xpZW50QG9jaXdlYi5jb20wgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMYaaQgEmp2zv0t+MAEGf5GIsKSIB1YFrkkVR6Qv +LP0t9FHDPGFawh/aK3Yq+l7RiNpK1H5SSOaIavm4xV/3tpHxzuRjd0H3fdhaoAgD +xvcYZ75l662PEa25MCJsp40tACO0hGNOQCJ8kWVmT4xEhKcFl3xm+1OvNbwDM/pA +t4WpAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEArs6S6qud6D9t6AcGJS91XWqbBY1G +rSgmv9yFbvUyrGAQuMpyNuYTGlZA+Nd3EAjYlwP4fWbzUMM0MEtd3Xl0Aep0O39W +Cgp9HxDaJi3b4h63cd/B0su+2CNd4P6+NOX+IxgrrioCgKSnu6Nxy14fb03RQhjl +a3vOY5Juf8ySB/M= +-----END CERTIFICATE----- diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/clientkey.pem b/TAO/DevGuideExamples/Security/PolicyControllingApp/clientkey.pem new file mode 100644 index 00000000000..2b4af2322ad --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/clientkey.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDGGmkIBJqds79LfjABBn+RiLCkiAdWBa5JFUekLyz9LfRRwzxh +WsIf2it2Kvpe0YjaStR+UkjmiGr5uMVf97aR8c7kY3dB933YWqAIA8b3GGe+Zeut +jxGtuTAibKeNLQAjtIRjTkAifJFlZk+MRISnBZd8ZvtTrzW8AzP6QLeFqQIDAQAB +AoGAJx1X16lxDepLvxAvUkSCM64Vkqb5K9b7TprRBm36KBNGxk4SQfa1laxyIGbk +AIzGxLM5uadtlXciCCSfdA9pEJbjtxSRJt2RbOWioT3sfIzXO7SCMHuuRjnPK3P8 +rgFmOOpo/ldVZ3mBJajxzWTEFXMUTAC4tB2j2B6of7MG5fECQQDu+uKzI2QjiTpW +5WFd/vzpS2SpDHks4sEu0F6zk1Zhbsc3KoJd3xxSLhKFLLoRDVZsDKE3opr7WRNT ++sjoGRY3AkEA1DZArJqLeWuB8L8GjC/AtMXsxlSe3Iy9X+4uffZ/y5A1JbYidLJl +3FlejMoQqp0EpbHO+mRCMSHyJqAFW1ZTHwJBANjv3oMHiYvIsrDXIQAWzLdqvUHI +FOfuH7fDZ3RUN4HS8fzeFeHo+uiO8jj6VR3NoboL7P14GoA4aBc//MjUnRkCQQCH +KZ770NtxFKaIvkLfWzL0cPQkRpWAiCu+RChclnpDH7CaOm2rwkzakhmEttbytFvX +ZW8dUGpQfPyM2XNP/6WlAkEAoOQ5UI1WREbjoJs5mTwTG1gTrQjShQwjC0dqt66s +bOS5os5EePGdctm//Xq7uR4/6hB6T7npPYqiyfWix1SINQ== +-----END RSA PRIVATE KEY----- diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/run_test.pl b/TAO/DevGuideExamples/Security/PolicyControllingApp/run_test.pl new file mode 100644 index 00000000000..16cd049b735 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/run_test.pl @@ -0,0 +1,67 @@ +eval '(exit $?0)' && eval 'exec perl -S $0 ${1+"$@"}' + & eval 'exec perl -S $0 $argv:q' + if 0; + +use Env (ACE_ROOT); +use lib "$ACE_ROOT/bin"; +use PerlACE::Run_Test; + +$file = PerlACE::LocalFile("Messenger.ior"); + +unlink $file; + +$ENV{'SSL_CERT_FILE'} = 'cacert.pem'; + +# start MessengerServer +$S = new PerlACE::Process("MessengerServer", + "-ORBSvcConf server.conf"); + +$S1 = new PerlACE::Process("MessengerServer", + "-ORBSvcConf server1.conf"); + +$C = new PerlACE::Process("MessengerClient", + "-e 1 -ORBSvcConf client.conf"); + +$C1 = new PerlACE::Process("MessengerClient", + "-e 2 -ORBSvcConf client1.conf"); + + +print STDERR "\n\nSecurity Policy Controlling Application Examples\n"; +print STDERR "------------------------------------------------\n"; + +print STDERR "Starting Messenger Server, example 1...\n\n"; +$S->Spawn(); +if (PerlACE::waitforfile_timed ($file, 5) == -1) { + print STDERR "ERROR: cannot find file <$file>\n"; + $SV->Kill (); + exit 1; +} + +print STDERR "\nStarting MessengerClient, example 1...\n\n"; +if ($C->SpawnWaitKill(10) != 0) { + $S->Kill(); + exit (1); +} + +unlink $file; +$S->Kill(); + +print STDERR "\nStarting Messenger Server, example 2...\n\n"; +$S1->Spawn(); +if (PerlACE::waitforfile_timed ($file, 5) == -1) { + print STDERR "ERROR: cannot find file <$file>\n"; + $SV->Kill (); + exit 1; +} + +print STDERR "\nStarting MessengerClient, example 2...\n\n"; +if ($C1->SpawnWaitKill(10) != 0) { + $S->Kill(); + exit (1); +} + +# clean-up +$S1->Kill(); + +exit 0; + diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/server.conf b/TAO/DevGuideExamples/Security/PolicyControllingApp/server.conf new file mode 100644 index 00000000000..380312b03fc --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/server.conf @@ -0,0 +1,5 @@ +# $Id$ + +# server.conf +dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLNoProtection -SSLAuthenticate SERVER_AND_CLIENT -SSLPrivateKey PEM:serverkey.pem -SSLCertificate PEM:servercert.pem" +static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/server1.conf b/TAO/DevGuideExamples/Security/PolicyControllingApp/server1.conf new file mode 100644 index 00000000000..f975ec687f8 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/server1.conf @@ -0,0 +1,5 @@ +# $Id$ + +# server.conf +dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLAuthenticate SERVER_AND_CLIENT -SSLPrivateKey PEM:serverkey.pem -SSLCertificate PEM:servercert.pem" +static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/servercert.pem b/TAO/DevGuideExamples/Security/PolicyControllingApp/servercert.pem new file mode 100644 index 00000000000..9659fb07334 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/servercert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAhACAQMwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlVTMREwDwYD +VQQIEwhNaXNzb3VyaTESMBAGA1UEBxMJU3QuIExvdWlzMR8wHQYDVQQKExZPYmpl +Y3QgQ29tcHV0aW5nLCBJbmMuMQwwCgYDVQQLEwNUQU8xHTAbBgNVBAMTFENlcnRp +ZnlpbmcgQXV0aG9yaXR5MRwwGgYJKoZIhvcNAQkBFg1jYUBvY2l3ZWIuY29tMB4X +DTAzMDgwODAwMjAyOVoXDTEzMDgwNTAwMjAyOVowgZYxCzAJBgNVBAYTAlVTMREw +DwYDVQQIEwhNaXNzb3VyaTESMBAGA1UEBxMJU3QuIExvdWlzMR8wHQYDVQQKExZP +YmplY3QgQ29tcHV0aW5nLCBJbmMuMQwwCgYDVQQLEwNUQU8xDzANBgNVBAMTBlNl +cnZlcjEgMB4GCSqGSIb3DQEJARYRc2VydmVyQG9jaXdlYi5jb20wgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAKw+tjwQz/stcesfm6WvnB6D/FTYu79tHzGUDlSV +N+kycFYcZfsRmIEo5afG+epOwlp1f9Wpij23AMY4BcdcSP9R4yhH46uMFThQhkn9 +fraZ8slcgVog5G6MwXmsWb5gThjgiT0KPSQHkEU0bryw+CiM4oV+9dSaFBLa3Uqc +iQZdAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAur+t7sIqGjqAPgFtFcgByAJTvNYb +UDZ43AGd22tCtT/usoy/x9qsQv8jwd8kA8yUNQUmjRxR4vEkZ06L6HF8Ii1QmU/E +fZ7YcjXjWxgnCEQGSXuHLhmlIMAlXNvX1XzNddu/NuRbSP3lYS/j32W8gTb6MdyL +8bOkIqRpVY0ek80= +-----END CERTIFICATE----- diff --git a/TAO/DevGuideExamples/Security/PolicyControllingApp/serverkey.pem b/TAO/DevGuideExamples/Security/PolicyControllingApp/serverkey.pem new file mode 100644 index 00000000000..c61b8152649 --- /dev/null +++ b/TAO/DevGuideExamples/Security/PolicyControllingApp/serverkey.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCsPrY8EM/7LXHrH5ulr5weg/xU2Lu/bR8xlA5UlTfpMnBWHGX7 +EZiBKOWnxvnqTsJadX/VqYo9twDGOAXHXEj/UeMoR+OrjBU4UIZJ/X62mfLJXIFa +IORujMF5rFm+YE4Y4Ik9Cj0kB5BFNG68sPgojOKFfvXUmhQS2t1KnIkGXQIDAQAB +AoGBAKjg08wQr9qVtBvT4ceRZoCE5+JIncwSMYNqpqJHq4n46iuDrHl9xwjcEE9v +x5jzn5sRmUTj9aaMxzWRuBi/YtFVmgsl8lNiBOniIkFYqIyXfzNgX+2qyRzgOtAo +0ByWFsqkLmW9cUXWaICkM49b9Jz7SnmPs+9VWGiNrjgJSiABAkEA4eFIc82mP2KJ +wap8LJV7GLBA3iiVRmOgVb0TvRMitFWPGdGKFcsAVVkogQ/zIixKeZKc5enMhAI9 +i3Q2tmolZQJBAMM2hlSbJZncMjooKBlp2VZgUpEjbBPpD9XGgA5BO2RfKi3B29T9 +2v8I3m9WbCxbtFKlHcjNT3GToGCoi4S1qZkCQDcn7qwwZE8H/cFnoui0G5ncuApH +eKP2gdlN0TsTKB9G4SmZzBEkP9GXcteJEIKgtBLZpSxTGdiGP4cE+rMyWi0CQDam +TgbjhCxFq74CPe+XZWO8BYFiREByr58uOe1Dr8fSqHE040EGbEeXiQXsUM4+QgYc ++XCcoY/vPyewJ5bYcIkCQERqwlO9/JUiX2w01l82tMxVK8DmN3QwHWJxNexD5Ewf +QFG6FYFPNHCR2f+MUSMFp1djUSVpCrWbppmlr96uZ48= +-----END RSA PRIVATE KEY----- |