diff options
Diffstat (limited to 'trunk/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h')
-rw-r--r-- | trunk/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h | 257 |
1 files changed, 257 insertions, 0 deletions
diff --git a/trunk/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h b/trunk/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h new file mode 100644 index 00000000000..eacb3f95893 --- /dev/null +++ b/trunk/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Endpoint.h @@ -0,0 +1,257 @@ +// -*- C++ -*- + +//============================================================================= +/** + * @file SSLIOP_Endpoint.h + * + * $Id$ + * + * SSLIOP implementation of PP Framework Endpoint interface. + * + * @author Marina Spivak <marina@cs.wustl.edu> + * @author Ossama Othman <ossama@uci.edu> + */ +//============================================================================= + +#ifndef TAO_SSLIOP_ENDPOINT_H +#define TAO_SSLIOP_ENDPOINT_H + +#include /**/ "ace/pre.h" + +#include "orbsvcs/SSLIOP/SSLIOP_Export.h" + +#if !defined (ACE_LACKS_PRAGMA_ONCE) +# pragma once +#endif /* ACE_LACKS_PRAGMA_ONCE */ + +#include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h" + +#include "orbsvcs/SSLIOPC.h" +#include "orbsvcs/SecurityC.h" + +#include "tao/IIOP_Endpoint.h" +#include "ace/INET_Addr.h" + +TAO_BEGIN_VERSIONED_NAMESPACE_DECL + +namespace TAO +{ + /// Tag for storing multiple ssl endpoints within a single profile. + const ACE_UINT32 TAG_SSL_ENDPOINTS = 0x54414f01U; +} + +// namespace TAO +// { +// namespace SSLIOP +// { + /** + * @class Endpoint + * + * @brief SSLIOP-specific implementation of PP Framework Endpoint + * interface. + * + * + */ + class TAO_SSLIOP_Export TAO_SSLIOP_Endpoint : public TAO_Endpoint + { + public: + + friend class TAO_SSLIOP_Profile; + + /// Constructor + TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component, + TAO_IIOP_Endpoint *iiop_endp); + + /// Destructor. + virtual ~TAO_SSLIOP_Endpoint (void); + + /** + * @name TAO_Endpoint Methods + * + * See Endpoint.h for their documentation. + */ + //@{ + virtual TAO_Endpoint *next (void); + virtual int addr_to_string (char *buffer, size_t length); + + /// Return true if this endpoint is equivalent to @a + /// other_endpoint The relationship is defined as equivalency of + /// their qop, hostname and ssl ports (if non-zero). + /// Two endpoints may be equivalent even if their iiop counterparts are + /// not. In fact, there are cases (as with the LPL processing) + /// when those counterparts are not known at all. + CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); + + /// Return a copy of the corresponding endpoints by allocating + /// memory. + virtual TAO_Endpoint *duplicate (void); + + /// Return a hash value for this object. Note that only the IP + /// address and port are used to generate the hash value. This may + /// cause a few more hash table collisions in the transport cache, + /// because a synthesized SSLIOP endpoints for an address will + /// have the same hash value as a fully qualified one. The + /// redeeming feature is that it makes / bi-directional SSLIOP work + /// by allowing descendent class (Synthetic_Endpoint) instances to + /// be used as keys in the cache manager and match other fully + /// qualified endpoint. (which were used earlier to cache a + /// particular transport) + virtual CORBA::ULong hash (void); + //@} + + /** + * @name SSLIOP_Endpoint-specific Methods + */ + //@{ + /// Return SSL component corresponding to this endpoint. + const ::SSLIOP::SSL &ssl_component (void) const; + + /// Accessor to our IIOP counterpart. + TAO_IIOP_Endpoint *iiop_endpoint (void) const; + + /// Mutator to our IIOP counterpart. + /** + * @param endpoint The new endpoint + * @param destroy If set to @c true, the TAO::SSLIOP::Endpoint + * object retains ownership of the given + * TAO_IIOP_Endpoint. + */ + void iiop_endpoint (TAO_IIOP_Endpoint *endpoint, bool destroy); + + /// Return the SSLIOP-specific ACE_INET_Addr. + const ACE_INET_Addr &object_addr (void) const; + + /// Set the Quality-of-Protection, establishment of trust, and + /// credentials for this endpoint. This is all done in one function + /// so that the guard may be used uniformly. + void set_sec_attrs (::Security::QOP qop, + const ::Security::EstablishTrust &trust, + const TAO::SSLIOP::OwnCredentials_ptr creds); + + /// Get the Quality-of-Protection settings for this endpoint. + ::Security::QOP qop (void) const; + + /// Get the establishment of trust settings for this endpoint. + ::Security::EstablishTrust trust (void) const; + + /// Get the credentials for this endpoint. + /** + * @note This method does not follow C++ mapping memory + * management rules. Specifically, no duplication or + * reference counting occurs in this method. This is so + * that no additional locks occur when checking the + * transport cache. + */ + TAO::SSLIOP::OwnCredentials * credentials (void) const; + //@} + + + /// Credentials are not supplied by the constructor, and it is + /// valid to have a nil credential, for instance if the + /// SSL_use_certificate() method returns 0. Therefore it is + /// necessary to have a new method to distinguish between a + /// credential that is nil because it has not been set, vs one + /// that was set to nil explicitly. + int credentials_set (void) const; + + protected: + + /// Cache the SSL tagged component in a decoded format. Notice + /// that we do not need to marshal this object! + ::SSLIOP::SSL ssl_component_; + + private: + + /// Cached instance of ACE_INET_Addr for use in making invocations, + /// etc. + mutable ACE_INET_Addr object_addr_; + + /// IIOP Endpoints can be stringed into a list. Return the next + /// endpoint in the list, if any. + TAO_SSLIOP_Endpoint *next_; + + /// IIOP counterpart. + /** + * Since SSLIOP is an 'extension' of IIOP, each SSLIOP_Endpoint + * contains SSL-specific information plus a pointer to the + * IIOP_Endpoint containing the IIOP portion of our address. + */ + TAO_IIOP_Endpoint *iiop_endpoint_; + + /// Flag that determines whether or not the iiop_endpoint_ member is + /// deallocated with delete(). + bool destroy_iiop_endpoint_; + + /// Quailty-of-Protection settings for this endpoint object. + ::Security::QOP qop_; + + /// Establishment of trust settings for this endpoint object. + ::Security::EstablishTrust trust_; + + /// SSLIOP-specific credentials for this endpoint object. + TAO::SSLIOP::OwnCredentials_var credentials_; + + /// A flag indicating that credentials_ was explicitly initialized + int credentials_set_; + }; + + /** + * @class SSLIOP_Synthetic_Endpoint + * + * @brief SSLIOP-specific implementation of PP Framework Endpoint + * interface, representing synthetic endpoints. An endpoints + * is synthetic whenever there is insuficient data to fully + * initialize an SSLIOP endpoint: qop, trust, credentials, + * etc. Such as when creating an SSLIOP endpoint in response + * of a Listen Point List or accepting a connection. + * + * LPL and IOR-originated endpoints can now compare as + * equivalent, if they denote the same host, port and + * protection. That would have given some false + * positives in some very obscure cases (same SSL port, but + * different protection or undelying IIOP port, or vice versa) + * The "synthetic eVndpoint" has its very own is_equivalent() + * to help eliminate any false positives and make the process + * more clear. + * + */ + class TAO_SSLIOP_Export TAO_SSLIOP_Synthetic_Endpoint : public TAO_SSLIOP_Endpoint + { + public: + + /// Constructor + TAO_SSLIOP_Synthetic_Endpoint (TAO_IIOP_Endpoint *iiop_endp); + + /// Destructor. + virtual ~TAO_SSLIOP_Synthetic_Endpoint (void); + + /** + * Return true if this endpoint is equivalent to @param + * other_endpoint. + * Two synthetic endpoints are equivalent iff their iiop counterparts are + * equivalent, and, if both have non-zero ssl ports, their ssl + * ports are the same. + */ + CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); + + /// Return a copy of the corresponding endpoints by allocating + /// memory. + virtual TAO_Endpoint *duplicate (void); + + private: + TAO_SSLIOP_Synthetic_Endpoint (const ::SSLIOP::SSL *ssl); + + }; + +// } // End SSLIOP namespace. +// } // End TAO namespace. + +TAO_END_VERSIONED_NAMESPACE_DECL + +#if defined (__ACE_INLINE__) +#include "orbsvcs/SSLIOP/SSLIOP_Endpoint.inl" +#endif /* __ACE_INLINE__ */ + +#include /**/ "ace/post.h" + +#endif /* TAO_SSLIOP_ENDPOINT_H */ |