1 files changed, 127 insertions, 1 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp
index 98ca06e800d..01537fa9499 100644
--- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp
+++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp
@@ -4,7 +4,9 @@
 
 #include "SSLIOP_Current_Impl.h"
 
-ACE_RCSID (TAO_SSLIOP, SSLIOP_Current_Impl, "$Id$")
+ACE_RCSID (TAO_SSLIOP,
+           SSLIOP_Current_Impl,
+           "$Id$")
 
 #if !defined (__ACE_INLINE__)
 # include "SSLIOP_Current_Impl.inl"
@@ -12,6 +14,7 @@ ACE_RCSID (TAO_SSLIOP, SSLIOP_Current_Impl, "$Id$")
 
 #include <openssl/x509.h>
 
+
 TAO_SSLIOP_Current_Impl::TAO_SSLIOP_Current_Impl (void)
   : ssl_ (0)
 {
@@ -21,6 +24,123 @@ TAO_SSLIOP_Current_Impl::~TAO_SSLIOP_Current_Impl (void)
 {
 }
 
+Security::AttributeList *
+TAO_SSLIOP_Current_Impl::get_attributes (
+    const Security::AttributeTypeList &attributes,
+    CORBA::Environment &ACE_TRY_ENV)
+  ACE_THROW_SPEC ((CORBA::SystemException))
+{
+  CORBA::ULong len = attributes.length ();
+
+  // A valid value must always be returned, so instantiate a sequence
+  // regardless of whether or not it is populated.
+  //
+  // The maximum length of the AttributeList will never be larger than
+  // the length of the AttributeTypeList.
+  Security::AttributeList * attribute_list = 0;
+  ACE_NEW_THROW_EX (attribute_list,
+                    Security::AttributeList (len),
+                    CORBA::NO_MEMORY (
+                      CORBA::SystemException::_tao_minor_code (
+                        TAO_DEFAULT_MINOR_CODE,
+                        ENOMEM),
+                      CORBA::COMPLETED_NO));
+
+  Security::AttributeList_var safe_attribute_list = attribute_list;
+
+  if (this->ssl_ == 0)
+    return safe_attribute_list._retn ();
+
+  CORBA::ULong j = 0;
+  for (CORBA::ULong i = 0; i < len; ++i)
+    {
+      const Security::AttributeType &attribute = attributes[i];
+
+      // @@ Hacks just to get things going.  Cleanup soon!
+      if (attribute.attribute_family.family_definer == 0  // OMG (?)
+          && attribute.attribute_family.family == 1  // privileges
+          && attribute.attribute_type == 2)  // AccessId
+        {
+          attribute_list->length (++j);
+
+          // ----------------------------------------------------
+          // Set the attribute_type field.
+          // ----------------------------------------------------
+          safe_attribute_list[j].attribute_type.attribute_type =
+            attribute.attribute_type;
+
+          // ----------------------------------------------------
+          // Set the defining_authority field.
+          // ----------------------------------------------------
+          // SSLIOP uses X.509 certificates
+          const char x509[] = "x509";
+          safe_attribute_list[j].defining_authority.length (sizeof (x509));
+          CORBA::Octet *buf =
+            safe_attribute_list[j].defining_authority.get_buffer ();
+          ACE_OS_String::memcpy (buf, x509, sizeof (x509));
+
+          // ----------------------------------------------------
+          // Set the DER encoded X.509 certificate as the value
+          // field.
+          // ----------------------------------------------------
+
+          // @@ This code should be refactored.  The same operations
+          //    are done in this->get_peer_certificate.
+
+          X509 *cert = ::SSL_get_peer_certificate (this->ssl_);
+          if (cert == 0)
+            {
+              // An error occurred, so do not include this attribute
+              // in the AttributeList.  Drop the length to its
+              // previous value.
+              // @@ Not exactly exception-safe.  C'est la vie.
+              attribute_list->length (--j);
+              continue;
+            }
+
+          // Get the size of the ASN.1 encoding.
+          int cert_length = ::i2d_X509 (cert, 0);
+          if (cert_length <= 0)
+            {
+              // An error occurred, so do not include this attribute
+              // in the AttributeList.  Drop the length to its
+              // previous value.
+              // @@ Not exactly exception-safe.  C'est la vie.
+              attribute_list->length (--j);
+              continue;
+            }
+
+          safe_attribute_list[j].value.length (cert_length);
+
+          CORBA::Octet *buffer =
+            safe_attribute_list[j].value.get_buffer ();
+
+          // Convert from the internal X509 representation to the DER
+          // encoding representation.
+          (void) ::i2d_X509 (cert, &buffer);
+
+          // Release the X509 certificate since it has already been
+          // copied to the octet sequence.
+          ::X509_free (cert);
+        }
+    }
+
+  return safe_attribute_list._retn ();
+}
+
+SecurityLevel2::ReceivedCredentials_ptr
+TAO_SSLIOP_Current_Impl::received_credentials (
+    CORBA::Environment &ACE_TRY_ENV)
+  ACE_THROW_SPEC ((CORBA::SystemException))
+{
+  ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (
+                      CORBA::SystemException::_tao_minor_code (
+                        TAO_DEFAULT_MINOR_CODE,
+                        ENOTSUP),
+                      CORBA::COMPLETED_NO),
+                    SecurityLevel2::ReceivedCredentials::_nil ());
+}
+
 void
 TAO_SSLIOP_Current_Impl::get_peer_certificate (
   SSLIOP::ASN_1_Cert *certificate)
@@ -86,3 +206,9 @@ TAO_SSLIOP_Current_Impl::get_peer_certificate_chain (
       (void) ::i2d_X509 (x, &buffer);
     }
 }
+
+CORBA::ULong
+TAO_SSLIOP_Current_Impl::tag (void) const
+{
+  return SSLIOP::TAG_SSL_SEC_TRANS;
+}