1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
// -*- C++ -*-
//=============================================================================
/**
* @file SSLIOP_Endpoint.h
*
* $Id$
*
* SSLIOP implementation of PP Framework Endpoint interface.
*
* @author Marina Spivak <marina@cs.wustl.edu>
* @author Ossama Othman <ossama@uci.edu>
*/
//=============================================================================
#ifndef TAO_SSLIOP_ENDPOINT_H
#define TAO_SSLIOP_ENDPOINT_H
#include /**/ "ace/pre.h"
#include "orbsvcs/SSLIOP/SSLIOP_Export.h"
#if !defined (ACE_LACKS_PRAGMA_ONCE)
# pragma once
#endif /* ACE_LACKS_PRAGMA_ONCE */
#include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h"
#include "orbsvcs/SSLIOPC.h"
#include "orbsvcs/SecurityC.h"
#include "tao/IIOP_Endpoint.h"
#include "ace/INET_Addr.h"
TAO_BEGIN_VERSIONED_NAMESPACE_DECL
namespace TAO
{
/// Tag for storing multiple ssl endpoints within a single profile.
const ACE_UINT32 TAG_SSL_ENDPOINTS = 0x54414f01U;
}
// namespace TAO
// {
// namespace SSLIOP
// {
/**
* @class Endpoint
*
* @brief SSLIOP-specific implementation of PP Framework Endpoint
* interface.
*
*
*/
class TAO_SSLIOP_Export TAO_SSLIOP_Endpoint : public TAO_Endpoint
{
public:
friend class TAO_SSLIOP_Profile;
/// Constructor
TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component,
TAO_IIOP_Endpoint *iiop_endp);
/// Destructor.
virtual ~TAO_SSLIOP_Endpoint (void);
/// Need to have an assignment operator since the SSLIOP_Profile class
/// may have to reorder its list of endpoints based on filtering by
/// the EndpointPolicy.
TAO_SSLIOP_Endpoint & operator= (const TAO_SSLIOP_Endpoint& other);
/**
* @name TAO_Endpoint Methods
*
* See Endpoint.h for their documentation.
*/
//@{
virtual TAO_Endpoint *next (void);
virtual int addr_to_string (char *buffer, size_t length);
/// Return true if this endpoint is equivalent to @a
/// other_endpoint The relationship is defined as equivalency of
/// their qop, hostname and ssl ports (if non-zero).
/// Two endpoints may be equivalent even if their iiop counterparts are
/// not. In fact, there are cases (as with the LPL processing)
/// when those counterparts are not known at all.
CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint);
/// Return a copy of the corresponding endpoints by allocating
/// memory.
virtual TAO_Endpoint *duplicate (void);
/// Return a hash value for this object. Note that only the IP
/// address and port are used to generate the hash value. This may
/// cause a few more hash table collisions in the transport cache,
/// because a synthesized SSLIOP endpoints for an address will
/// have the same hash value as a fully qualified one. The
/// redeeming feature is that it makes / bi-directional SSLIOP work
/// by allowing descendent class (Synthetic_Endpoint) instances to
/// be used as keys in the cache manager and match other fully
/// qualified endpoint. (which were used earlier to cache a
/// particular transport)
virtual CORBA::ULong hash (void);
//@}
/**
* @name SSLIOP_Endpoint-specific Methods
*/
//@{
/// Return SSL component corresponding to this endpoint.
const ::SSLIOP::SSL &ssl_component (void) const;
/// Accessor to our IIOP counterpart.
TAO_IIOP_Endpoint *iiop_endpoint (void) const;
/// Mutator to our IIOP counterpart.
/**
* @param endpoint The new endpoint
* @param destroy If set to @c true, the TAO::SSLIOP::Endpoint
* object retains ownership of the given
* TAO_IIOP_Endpoint.
*/
void iiop_endpoint (TAO_IIOP_Endpoint *endpoint, bool destroy);
/// Return the SSLIOP-specific ACE_INET_Addr.
const ACE_INET_Addr &object_addr (void) const;
/// Set the Quality-of-Protection, establishment of trust, and
/// credentials for this endpoint. This is all done in one function
/// so that the guard may be used uniformly.
void set_sec_attrs (::Security::QOP qop,
const ::Security::EstablishTrust &trust,
const TAO::SSLIOP::OwnCredentials_ptr creds);
/// Get the Quality-of-Protection settings for this endpoint.
::Security::QOP qop (void) const;
/// Get the establishment of trust settings for this endpoint.
::Security::EstablishTrust trust (void) const;
/// Get the credentials for this endpoint.
/**
* @note This method does not follow C++ mapping memory
* management rules. Specifically, no duplication or
* reference counting occurs in this method. This is so
* that no additional locks occur when checking the
* transport cache.
*/
TAO::SSLIOP::OwnCredentials * credentials (void) const;
//@}
/// Credentials are not supplied by the constructor, and it is
/// valid to have a nil credential, for instance if the
/// SSL_use_certificate() method returns 0. Therefore it is
/// necessary to have a new method to distinguish between a
/// credential that is nil because it has not been set, vs one
/// that was set to nil explicitly.
int credentials_set (void) const;
protected:
/// Cache the SSL tagged component in a decoded format. Notice
/// that we do not need to marshal this object!
::SSLIOP::SSL ssl_component_;
private:
/// Cached instance of ACE_INET_Addr for use in making invocations,
/// etc.
mutable ACE_INET_Addr object_addr_;
/// IIOP Endpoints can be stringed into a list. Return the next
/// endpoint in the list, if any.
TAO_SSLIOP_Endpoint *next_;
/// IIOP counterpart.
/**
* Since SSLIOP is an 'extension' of IIOP, each SSLIOP_Endpoint
* contains SSL-specific information plus a pointer to the
* IIOP_Endpoint containing the IIOP portion of our address.
*/
TAO_IIOP_Endpoint *iiop_endpoint_;
/// Flag that determines whether or not the iiop_endpoint_ member is
/// deallocated with delete().
bool destroy_iiop_endpoint_;
/// Quailty-of-Protection settings for this endpoint object.
::Security::QOP qop_;
/// Establishment of trust settings for this endpoint object.
::Security::EstablishTrust trust_;
/// SSLIOP-specific credentials for this endpoint object.
TAO::SSLIOP::OwnCredentials_var credentials_;
/// A flag indicating that credentials_ was explicitly initialized
int credentials_set_;
};
/**
* @class SSLIOP_Synthetic_Endpoint
*
* @brief SSLIOP-specific implementation of PP Framework Endpoint
* interface, representing synthetic endpoints. An endpoints
* is synthetic whenever there is insuficient data to fully
* initialize an SSLIOP endpoint: qop, trust, credentials,
* etc. Such as when creating an SSLIOP endpoint in response
* of a Listen Point List or accepting a connection.
*
* LPL and IOR-originated endpoints can now compare as
* equivalent, if they denote the same host, port and
* protection. That would have given some false
* positives in some very obscure cases (same SSL port, but
* different protection or undelying IIOP port, or vice versa)
* The "synthetic eVndpoint" has its very own is_equivalent()
* to help eliminate any false positives and make the process
* more clear.
*
*/
class TAO_SSLIOP_Export TAO_SSLIOP_Synthetic_Endpoint : public TAO_SSLIOP_Endpoint
{
public:
/// Constructor
TAO_SSLIOP_Synthetic_Endpoint (TAO_IIOP_Endpoint *iiop_endp);
/// Destructor.
virtual ~TAO_SSLIOP_Synthetic_Endpoint (void);
/**
* Return true if this endpoint is equivalent to @param
* other_endpoint.
* Two synthetic endpoints are equivalent if their iiop counterparts are
* equivalent, and, if both have non-zero ssl ports, their ssl
* ports are the same.
*/
CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint);
/// Return a copy of the corresponding endpoints by allocating
/// memory.
virtual TAO_Endpoint *duplicate (void);
private:
TAO_SSLIOP_Synthetic_Endpoint (const ::SSLIOP::SSL *ssl);
};
// } // End SSLIOP namespace.
// } // End TAO namespace.
TAO_END_VERSIONED_NAMESPACE_DECL
#if defined (__ACE_INLINE__)
#include "orbsvcs/SSLIOP/SSLIOP_Endpoint.inl"
#endif /* __ACE_INLINE__ */
#include /**/ "ace/post.h"
#endif /* TAO_SSLIOP_ENDPOINT_H */
|
