TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Current_Impl.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

#include "SSLIOP_Current_Impl.h"

#include "ace/OS_String.h"


ACE_RCSID (SSLIOP,
           SSLIOP_Current_Impl,
           "$Id$")


#if !defined (__ACE_INLINE__)
# include "SSLIOP_Current_Impl.inl"
#endif /* __ACE_INLINE__ */

#include "SSLIOP_X509.h"
#include "SSLIOP_ClientCredentials.h"

#include <openssl/x509.h>


TAO::SSLIOP::Current_Impl::~Current_Impl (void)
{
}

SecurityLevel3::ClientCredentials_ptr
TAO::SSLIOP::Current_Impl::client_credentials (
    ACE_ENV_SINGLE_ARG_DECL)
  ACE_THROW_SPEC ((CORBA::SystemException))
{
  TAO::SSLIOP::X509_var cert = ::SSL_get_peer_certificate (this->ssl_);
  if (cert.ptr () == 0)
    ACE_THROW_RETURN (CORBA::BAD_OPERATION (),
                      SecurityLevel3::ClientCredentials::_nil ());

  SecurityLevel3::ClientCredentials_ptr creds;
  ACE_NEW_THROW_EX (creds,
                    TAO::SSLIOP::ClientCredentials (cert.in (),
                                                    0,
                                                    this->ssl_),
                    CORBA::NO_MEMORY (
                      CORBA::SystemException::_tao_minor_code (
                        TAO_DEFAULT_MINOR_CODE,
                        ENOMEM),
                      CORBA::COMPLETED_NO));
  ACE_CHECK_RETURN (SecurityLevel3::ClientCredentials::_nil ());

  return creds;
}

CORBA::Boolean
TAO::SSLIOP::Current_Impl::request_is_local (ACE_ENV_SINGLE_ARG_DECL)
  ACE_THROW_SPEC ((CORBA::SystemException))
{
  ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0);
}

void
TAO::SSLIOP::Current_Impl::get_peer_certificate (
  ::SSLIOP::ASN_1_Cert *certificate)
{
  if (this->ssl_ == 0)
    return;

  TAO::SSLIOP::X509_var cert = ::SSL_get_peer_certificate (this->ssl_);
  if (cert.ptr () == 0)
    return;

  // Get the size of the ASN.1 encoding.
  const int cert_length = ::i2d_X509 (cert.in (), 0);
  if (cert_length <= 0)
    return;

  certificate->length (cert_length);

  CORBA::Octet *buffer = certificate->get_buffer ();

  // Convert from the internal X509 representation to the DER encoding
  // representation.
  (void) ::i2d_X509 (cert.in (), &buffer);
}

void
TAO::SSLIOP::Current_Impl::get_peer_certificate_chain (
  ::SSLIOP::SSL_Cert *cert_chain)
{
  if (this->ssl_ == 0)
    return;

  STACK_OF (X509) *certs = ::SSL_get_peer_cert_chain (this->ssl_);
  if (certs == 0)
    return;

  const int chain_length = sk_X509_num (certs);
  cert_chain->length (chain_length);

  // Copy the peer certificate chain to the SSLIOP::SSL_Cert
  // sequence.
  for (int i = 0; i < chain_length; ++i)
    {
      // Extract the certificate from the OpenSSL X509 stack.
      ::X509 *x = sk_X509_value (certs, i);

      // Get the size of the ASN.1 encoding.
      const int cert_length = ::i2d_X509 (x, 0);
      if (cert_length <= 0)
        continue;  // @@ What do we do if there is an error?

      ::SSLIOP::ASN_1_Cert &certificate = (*cert_chain)[i];
      certificate.length (cert_length);

      CORBA::Octet *buffer = certificate.get_buffer ();

      // Convert from the internal X509 representation to the DER
      // encoding representation.
      (void) ::i2d_X509 (x, &buffer);
    }
}

CORBA::ULong
TAO::SSLIOP::Current_Impl::tag (void) const
{
  return ::SSLIOP::TAG_SSL_SEC_TRANS;
}