diff options
Diffstat (limited to 'TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp')
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp | 166 |
1 files changed, 34 insertions, 132 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp index 39edf70a22c..ee65fa48380 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp @@ -1,168 +1,70 @@ -// -*- C++ -*- - #include "SSLIOP_Current_Impl.h" + #include "ace/OS_String.h" -ACE_RCSID (TAO_SSLIOP, + +ACE_RCSID (SSLIOP, SSLIOP_Current_Impl, "$Id$") + #if !defined (__ACE_INLINE__) # include "SSLIOP_Current_Impl.inl" #endif /* __ACE_INLINE__ */ #include "SSLIOP_X509.h" -#include "SSLIOP_ReceivedCredentials.h" +#include "SSLIOP_ClientCredentials.h" #include <openssl/x509.h> -TAO_SSLIOP_Current_Impl::~TAO_SSLIOP_Current_Impl (void) -{ -} - -Security::AttributeList * -TAO_SSLIOP_Current_Impl::get_attributes ( - const Security::AttributeTypeList &attributes - ACE_ENV_ARG_DECL) - ACE_THROW_SPEC ((CORBA::SystemException)) +TAO::SSLIOP::Current_Impl::~Current_Impl (void) { - CORBA::ULong len = attributes.length (); - - // A valid value must always be returned, so instantiate a sequence - // regardless of whether or not it is populated. - // - // The maximum length of the AttributeList will never be larger than - // the length of the AttributeTypeList. - Security::AttributeList * attribute_list = 0; - ACE_NEW_THROW_EX (attribute_list, - Security::AttributeList (len), - CORBA::NO_MEMORY ( - CORBA::SystemException::_tao_minor_code ( - TAO_DEFAULT_MINOR_CODE, - ENOMEM), - CORBA::COMPLETED_NO)); - - Security::AttributeList_var safe_attribute_list = attribute_list; - - if (this->ssl_ == 0) - return safe_attribute_list._retn (); - - // @@ @todo If the Security::AttributeTypeList length is zero, then - // return all of the attributes. - - for (CORBA::ULong i = 0; i < len; ++i) - { - const Security::AttributeType &attribute = attributes[i]; - - // @@ Hacks just to get things going. Cleanup soon! - if (attribute.attribute_family.family_definer == 0 // OMG (?) - && attribute.attribute_family.family == 1 // privileges - && attribute.attribute_type == Security::AccessId) - { - CORBA::ULong j = attribute_list->length (); - attribute_list->length (j + 1); - - // ---------------------------------------------------- - // Set the attribute_type field. - // ---------------------------------------------------- - safe_attribute_list[j].attribute_type.attribute_type = - attribute.attribute_type; - - // ---------------------------------------------------- - // Set the defining_authority field. - // ---------------------------------------------------- - // SSLIOP uses X.509 certificates - const char x509[] = "x509"; - safe_attribute_list[j].defining_authority.length (sizeof (x509)); - CORBA::Octet *buf = - safe_attribute_list[j].defining_authority.get_buffer (); - ACE_OS_String::memcpy (buf, x509, sizeof (x509)); - - // ---------------------------------------------------- - // Set the DER encoded X.509 certificate as the value - // field. - // ---------------------------------------------------- - - // @@ This code should be refactored. The same operations - // are done in this->get_peer_certificate. - - TAO_SSLIOP_X509_var cert = - ::SSL_get_peer_certificate (this->ssl_); - if (cert.ptr () == 0) - { - // An error occurred, so do not include this attribute - // in the AttributeList. Drop the length to its - // previous value. - // @@ Not exactly exception-safe. C'est la vie. - attribute_list->length (j); - continue; - } - - // Get the size of the ASN.1 encoding. - int cert_length = ::i2d_X509 (cert.in (), 0); - if (cert_length <= 0) - { - // An error occurred, so do not include this attribute - // in the AttributeList. Drop the length to its - // previous value. - // @@ Not exactly exception-safe. C'est la vie. - attribute_list->length (j); - continue; - } - - safe_attribute_list[j].value.length (cert_length); - - CORBA::Octet *buffer = - safe_attribute_list[j].value.get_buffer (); - - // Convert from the internal X509 representation to the DER - // encoding representation. - (void) ::i2d_X509 (cert.in (), &buffer); - } - } - - return safe_attribute_list._retn (); } -SecurityLevel2::ReceivedCredentials_ptr -TAO_SSLIOP_Current_Impl::received_credentials ( +SecurityLevel3::ClientCredentials_ptr +TAO::SSLIOP::Current_Impl::client_credentials ( ACE_ENV_SINGLE_ARG_DECL) ACE_THROW_SPEC ((CORBA::SystemException)) { - TAO_SSLIOP_X509_var cert = ::SSL_get_peer_certificate (this->ssl_); + TAO::SSLIOP::X509_var cert = ::SSL_get_peer_certificate (this->ssl_); if (cert.ptr () == 0) ACE_THROW_RETURN (CORBA::BAD_OPERATION (), - SecurityLevel2::ReceivedCredentials::_nil ()); + SecurityLevel3::ClientCredentials::_nil ()); - TAO_SSLIOP_ReceivedCredentials *c = 0; - ACE_NEW_THROW_EX (c, - TAO_SSLIOP_ReceivedCredentials (cert.in (), 0), + SecurityLevel3::ClientCredentials_ptr creds; + ACE_NEW_THROW_EX (creds, + TAO::SSLIOP::ClientCredentials (cert.in (), 0), CORBA::NO_MEMORY ( CORBA::SystemException::_tao_minor_code ( TAO_DEFAULT_MINOR_CODE, ENOMEM), CORBA::COMPLETED_NO)); - ACE_CHECK_RETURN (SecurityLevel2::ReceivedCredentials::_nil ()); + ACE_CHECK_RETURN (SecurityLevel3::ClientCredentials::_nil ()); - SecurityLevel2::ReceivedCredentials_var creds = c; + return creds; +} - return creds._retn (); +CORBA::Boolean +TAO::SSLIOP::Current_Impl::request_is_local (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); } void -TAO_SSLIOP_Current_Impl::get_peer_certificate ( - SSLIOP::ASN_1_Cert *certificate) +TAO::SSLIOP::Current_Impl::get_peer_certificate ( + ::SSLIOP::ASN_1_Cert *certificate) { if (this->ssl_ == 0) return; - TAO_SSLIOP_X509_var cert = ::SSL_get_peer_certificate (this->ssl_); + TAO::SSLIOP::X509_var cert = ::SSL_get_peer_certificate (this->ssl_); if (cert.ptr () == 0) return; // Get the size of the ASN.1 encoding. - int cert_length = ::i2d_X509 (cert.in (), 0); + const int cert_length = ::i2d_X509 (cert.in (), 0); if (cert_length <= 0) return; @@ -176,17 +78,17 @@ TAO_SSLIOP_Current_Impl::get_peer_certificate ( } void -TAO_SSLIOP_Current_Impl::get_peer_certificate_chain ( - SSLIOP::SSL_Cert *cert_chain) +TAO::SSLIOP::Current_Impl::get_peer_certificate_chain ( + ::SSLIOP::SSL_Cert *cert_chain) { if (this->ssl_ == 0) return; - STACK_OF(X509) *certs = ::SSL_get_peer_cert_chain (this->ssl_); + STACK_OF (X509) *certs = ::SSL_get_peer_cert_chain (this->ssl_); if (certs == 0) return; - int chain_length = sk_X509_num (certs); + const int chain_length = sk_X509_num (certs); cert_chain->length (chain_length); // Copy the peer certificate chain to the SSLIOP::SSL_Cert @@ -194,14 +96,14 @@ TAO_SSLIOP_Current_Impl::get_peer_certificate_chain ( for (int i = 0; i < chain_length; ++i) { // Extract the certificate from the OpenSSL X509 stack. - X509 *x = sk_X509_value (certs, i); + ::X509 *x = sk_X509_value (certs, i); // Get the size of the ASN.1 encoding. - int cert_length = ::i2d_X509 (x, 0); + const int cert_length = ::i2d_X509 (x, 0); if (cert_length <= 0) continue; // @@ What do we do if there is an error? - SSLIOP::ASN_1_Cert &certificate = (*cert_chain)[i]; + ::SSLIOP::ASN_1_Cert &certificate = (*cert_chain)[i]; certificate.length (cert_length); CORBA::Octet *buffer = certificate.get_buffer (); @@ -213,7 +115,7 @@ TAO_SSLIOP_Current_Impl::get_peer_certificate_chain ( } CORBA::ULong -TAO_SSLIOP_Current_Impl::tag (void) const +TAO::SSLIOP::Current_Impl::tag (void) const { - return SSLIOP::TAG_SSL_SEC_TRANS; + return ::SSLIOP::TAG_SSL_SEC_TRANS; } |