TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Vault.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

// -*- C++ -*-

// ===================================================================
/**
 *  @file   SSLIOP_Vault.h
 *
 *  $Id$
 *
 *  @author Ossama Othman <ossama@uci.edu>
 */
// ===================================================================


#ifndef TAO_SSLIOP_VAULT_H
#define TAO_SSLIOP_VAULT_H

#include "ace/pre.h"

#include "orbsvcs/SecurityReplaceableC.h"

#if !defined (ACE_LACKS_PRAGMA_ONCE)
# pragma once
#endif /* ACE_LACKS_PRAGMA_ONCE */

#include "orbsvcs/SSLIOPC.h"

#include <openssl/opensslconf.h>


/// Forward declarations for OpenSSL data structures.
extern "C"
{
  typedef struct x509_st X509;
  typedef struct evp_pkey_st EVP_PKEY;
}


/**
 * @class TAO_SSLIOP_Vault
 *
 * @brief SSLIOP-specific implementation of the
 *        SecurityReplaceable::Vault interface.
 *
 * This class implements the SSLIOP-specific functionality used when
 * creating SSL credentials (X.509 certificates) with the
 * SecurityLevel2::PrincipalAuthenticator interface.
 */
class TAO_SSLIOP_Vault
  : public virtual SecurityReplaceable::Vault,
    public virtual TAO_Local_RefCounted_Object
{
public:

  /// Constructor
  TAO_SSLIOP_Vault (void);

  /// Destructor
  virtual ~TAO_SSLIOP_Vault (void);

  /**
   * @name SecurityReplaceable::Vault Methods
   *
   * Methods required by the SecurityReplaceable::Vault interface.
   */
  //@{

  virtual Security::AuthenticationMethodList * get_supported_authen_methods (
      const char * mechanism
      ACE_ENV_ARG_DECL_WITH_DEFAULTS)
    ACE_THROW_SPEC ((CORBA::SystemException));

  virtual Security::OIDList * supported_mech_oids (
      ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS)
    ACE_THROW_SPEC ((CORBA::SystemException));

  /// Authenticate the principal, request privileges and create
  /// Credentials.
  /**
   * Created credentials will be placed in the SecurityManager
   * object's own_credentials list.
   * @par
   * If authenticate() returns with a Security::SecAuthContinue,
   * e.g. due to an inability to complete authentication in a single
   * operation, then authentication must completed using the
   * continue_authentication() method.
   */
  virtual Security::AuthenticationStatus acquire_credentials (
      Security::AuthenticationMethod method,
      const char * mechanism,
      const char * security_name,
      const CORBA::Any & auth_data,
      const Security::AttributeList & privileges,
      SecurityLevel2::Credentials_out creds,
      CORBA::Any_out continuation_data,
      CORBA::Any_out auth_specific_data
      ACE_ENV_ARG_DECL_WITH_DEFAULTS)
    ACE_THROW_SPEC ((CORBA::SystemException));

  virtual Security::AuthenticationStatus continue_credentials_acquisition (
      const CORBA::Any & response_data,
        SecurityLevel2::Credentials_ptr creds,
        CORBA::Any_out continuation_data,
        CORBA::Any_out auth_specific_data
      ACE_ENV_ARG_DECL_WITH_DEFAULTS)
    ACE_THROW_SPEC ((CORBA::SystemException));

  virtual IOP::TaggedComponentList * create_ior_components (
      SecurityLevel2::Credentials_ptr creds_list
      ACE_ENV_ARG_DECL_WITH_DEFAULTS)
    ACE_THROW_SPEC ((CORBA::SystemException));

  virtual Security::AssociationStatus init_security_context (
      SecurityLevel2::Credentials_ptr creds,
      const char * target_security_name,
      CORBA::Object_ptr target,
      Security::DelegationMode delegation_mode,
      const Security::OptionsDirectionPairList & association_options,
      const char * mechanism,
      const Security::Opaque & comp_data,
      const Security::ChannelBindings & chan_binding,
      Security::OpaqueBuffer_out security_token,
      SecurityReplaceable::ClientSecurityContext_out security_context
      ACE_ENV_ARG_DECL_WITH_DEFAULTS)
    ACE_THROW_SPEC ((CORBA::SystemException));

  virtual Security::AssociationStatus accept_security_context (
      const SecurityLevel2::CredentialsList & creds_list,
      const Security::ChannelBindings & chan_bindings,
      const Security::Opaque & in_token,
      Security::Opaque_out out_token
      ACE_ENV_ARG_DECL_WITH_DEFAULTS)
    ACE_THROW_SPEC ((CORBA::SystemException));

  virtual Security::MechandOptionsList * get_supported_mechs (
      ACE_ENV_SINGLE_ARG_DECL_WITH_DEFAULTS)
    ACE_THROW_SPEC ((CORBA::SystemException));

protected:

  /// Create an OpenSSL X509 structure using the provided
  /// authentication data.
  X509 * make_X509 (const SSLIOP::File &certificate);

  /// Create an OpenSSL EVP_PKEY structure using the provided
  /// authentication data.
  EVP_PKEY * make_EVP_PKEY (const SSLIOP::File &key);

};

#include "ace/post.h"

#endif  /* TAO_SSLIOP_VAULT_H */