00001 // -*- C++ -*- 00002 00003 //============================================================================= 00004 /** 00005 * @file SSLIOP_Endpoint.h 00006 * 00007 * SSLIOP_Endpoint.h,v 1.28 2006/07/04 07:55:52 jwillemsen Exp 00008 * 00009 * SSLIOP implementation of PP Framework Endpoint interface. 00010 * 00011 * @author Marina Spivak <marina@cs.wustl.edu> 00012 * @author Ossama Othman <ossama@uci.edu> 00013 */ 00014 //============================================================================= 00015 00016 #ifndef TAO_SSLIOP_ENDPOINT_H 00017 #define TAO_SSLIOP_ENDPOINT_H 00018 00019 #include /**/ "ace/pre.h" 00020 00021 #include "orbsvcs/SSLIOP/SSLIOP_Export.h" 00022 00023 #if !defined (ACE_LACKS_PRAGMA_ONCE) 00024 # pragma once 00025 #endif /* ACE_LACKS_PRAGMA_ONCE */ 00026 00027 #include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h" 00028 00029 #include "orbsvcs/SSLIOPC.h" 00030 #include "orbsvcs/SecurityC.h" 00031 00032 #include "tao/IIOP_Endpoint.h" 00033 #include "ace/INET_Addr.h" 00034 00035 TAO_BEGIN_VERSIONED_NAMESPACE_DECL 00036 00037 namespace TAO 00038 { 00039 /// Tag for storing multiple ssl endpoints within a single profile. 00040 const ACE_UINT32 TAG_SSL_ENDPOINTS = 0x54414f01U; 00041 } 00042 00043 // namespace TAO 00044 // { 00045 // namespace SSLIOP 00046 // { 00047 /** 00048 * @class Endpoint 00049 * 00050 * @brief SSLIOP-specific implementation of PP Framework Endpoint 00051 * interface. 00052 * 00053 * 00054 */ 00055 class TAO_SSLIOP_Export TAO_SSLIOP_Endpoint : public TAO_Endpoint 00056 { 00057 public: 00058 00059 friend class TAO_SSLIOP_Profile; 00060 00061 /// Constructor 00062 TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component, 00063 TAO_IIOP_Endpoint *iiop_endp); 00064 00065 /// Destructor. 00066 virtual ~TAO_SSLIOP_Endpoint (void); 00067 00068 /** 00069 * @name TAO_Endpoint Methods 00070 * 00071 * See Endpoint.h for their documentation. 00072 */ 00073 //@{ 00074 virtual TAO_Endpoint *next (void); 00075 virtual int addr_to_string (char *buffer, size_t length); 00076 00077 /// Return true if this endpoint is equivalent to @param 00078 /// other_endpoint. The relationship is defined as equivalency of 00079 /// their qop, hostname and ssl ports (if non-zero). 00080 /// Two endpoints may be equivalent even if their iiop counterparts are 00081 /// not. In fact, there are cases (as with the LPL processing) 00082 /// when those counterparts are not known at all. 00083 CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); 00084 00085 /// Return a copy of the corresponding endpoints by allocating 00086 /// memory. 00087 virtual TAO_Endpoint *duplicate (void); 00088 00089 /// Return a hash value for this object. Note that only the IP 00090 /// address and port are used to generate the hash value. This may 00091 /// cause a few more hash table collisions in the transport cache, 00092 /// because a synthesized SSLIOP endpoints for an address will 00093 /// have the same hash value as a fully qualified one. The 00094 /// redeeming feature is that it makes / bi-directional SSLIOP work 00095 /// by allowing descendent class (Synthetic_Endpoint) instances to 00096 /// be used as keys in the cache manager and match other fully 00097 /// qualified endpoint. (which were used earlier to cache a 00098 /// particular transport) 00099 virtual CORBA::ULong hash (void); 00100 //@} 00101 00102 /** 00103 * @name SSLIOP_Endpoint-specific Methods 00104 */ 00105 //@{ 00106 /// Return SSL component corresponding to this endpoint. 00107 const ::SSLIOP::SSL &ssl_component (void) const; 00108 00109 /// Accessor to our IIOP counterpart. 00110 TAO_IIOP_Endpoint *iiop_endpoint (void) const; 00111 00112 /// Mutator to our IIOP counterpart. 00113 /** 00114 * @param destroy If set to @c true, the TAO::SSLIOP::Endpoint 00115 * object retains ownership of the given 00116 * TAO_IIOP_Endpoint. 00117 */ 00118 void iiop_endpoint (TAO_IIOP_Endpoint *endpoint, bool destroy); 00119 00120 /// Return the SSLIOP-specific ACE_INET_Addr. 00121 const ACE_INET_Addr &object_addr (void) const; 00122 00123 /// Set the Quality-of-Protection, establishment of trust, and 00124 /// credentials for this endpoint. This is all done in one function 00125 /// so that the guard may be used uniformly. 00126 void set_sec_attrs (::Security::QOP qop, 00127 const ::Security::EstablishTrust &trust, 00128 const TAO::SSLIOP::OwnCredentials_ptr creds); 00129 00130 /// Get the Quality-of-Protection settings for this endpoint. 00131 ::Security::QOP qop (void) const; 00132 00133 /// Get the establishment of trust settings for this endpoint. 00134 ::Security::EstablishTrust trust (void) const; 00135 00136 /// Get the credentials for this endpoint. 00137 /** 00138 * @note This method does not follow C++ mapping memory 00139 * management rules. Specifically, no duplication or 00140 * reference counting occurs in this method. This is so 00141 * that no additional locks occur when checking the 00142 * transport cache. 00143 */ 00144 TAO::SSLIOP::OwnCredentials * credentials (void) const; 00145 //@} 00146 00147 00148 /// Credentials are not supplied by the constructor, and it is 00149 /// valid to have a nil credential, for instance if the 00150 /// SSL_use_certificate() method returns 0. Therefore it is 00151 /// necessary to have a new method to distinguish between a 00152 /// credential that is nil because it has not been set, vs one 00153 /// that was set to nil explicitly. 00154 int credentials_set (void) const; 00155 00156 protected: 00157 00158 /// Cache the SSL tagged component in a decoded format. Notice 00159 /// that we do not need to marshal this object! 00160 ::SSLIOP::SSL ssl_component_; 00161 00162 private: 00163 00164 /// Cached instance of ACE_INET_Addr for use in making invocations, 00165 /// etc. 00166 mutable ACE_INET_Addr object_addr_; 00167 00168 /// IIOP Endpoints can be stringed into a list. Return the next 00169 /// endpoint in the list, if any. 00170 TAO_SSLIOP_Endpoint *next_; 00171 00172 /// IIOP counterpart. 00173 /** 00174 * Since SSLIOP is an 'extension' of IIOP, each SSLIOP_Endpoint 00175 * contains SSL-specific information plus a pointer to the 00176 * IIOP_Endpoint containing the IIOP portion of our address. 00177 */ 00178 TAO_IIOP_Endpoint *iiop_endpoint_; 00179 00180 /// Flag that determines whether or not the iiop_endpoint_ member is 00181 /// deallocated with delete(). 00182 bool destroy_iiop_endpoint_; 00183 00184 /// Quailty-of-Protection settings for this endpoint object. 00185 ::Security::QOP qop_; 00186 00187 /// Establishment of trust settings for this endpoint object. 00188 ::Security::EstablishTrust trust_; 00189 00190 /// SSLIOP-specific credentials for this endpoint object. 00191 TAO::SSLIOP::OwnCredentials_var credentials_; 00192 00193 /// A flag indicating that credentials_ was explicitly initialized 00194 int credentials_set_; 00195 }; 00196 00197 /** 00198 * @class SSLIOP_Synthetic_Endpoint 00199 * 00200 * @brief SSLIOP-specific implementation of PP Framework Endpoint 00201 * interface, representing synthetic endpoints. An endpoints 00202 * is synthetic whenever there is insuficient data to fully 00203 * initialize an SSLIOP endpoint: qop, trust, credentials, 00204 * etc. Such as when creating an SSLIOP endpoint in response 00205 * of a Listen Point List or accepting a connection. 00206 * 00207 * LPL and IOR-originated endpoints can now compare as 00208 * equivalent, if they denote the same host, port and 00209 * protection. That would have given some false 00210 * positives in some very obscure cases (same SSL port, but 00211 * different protection or undelying IIOP port, or vice versa) 00212 * The "synthetic eVndpoint" has its very own is_equivalent() 00213 * to help eliminate any false positives and make the process 00214 * more clear. 00215 * 00216 */ 00217 class TAO_SSLIOP_Export TAO_SSLIOP_Synthetic_Endpoint : public TAO_SSLIOP_Endpoint 00218 { 00219 public: 00220 00221 /// Constructor 00222 TAO_SSLIOP_Synthetic_Endpoint (TAO_IIOP_Endpoint *iiop_endp); 00223 00224 /// Destructor. 00225 virtual ~TAO_SSLIOP_Synthetic_Endpoint (void); 00226 00227 /** 00228 * Return true if this endpoint is equivalent to @param 00229 * other_endpoint. 00230 * Two synthetic endpoints are equivalent iff their iiop counterparts are 00231 * equivalent, and, if both have non-zero ssl ports, their ssl 00232 * ports are the same. 00233 */ 00234 CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); 00235 00236 /// Return a copy of the corresponding endpoints by allocating 00237 /// memory. 00238 virtual TAO_Endpoint *duplicate (void); 00239 00240 private: 00241 TAO_SSLIOP_Synthetic_Endpoint (const ::SSLIOP::SSL *ssl); 00242 00243 }; 00244 00245 // } // End SSLIOP namespace. 00246 // } // End TAO namespace. 00247 00248 TAO_END_VERSIONED_NAMESPACE_DECL 00249 00250 #if defined (__ACE_INLINE__) 00251 #include "orbsvcs/SSLIOP/SSLIOP_Endpoint.i" 00252 #endif /* __ACE_INLINE__ */ 00253 00254 #include /**/ "ace/post.h" 00255 00256 #endif /* TAO_SSLIOP_ENDPOINT_H */
1.3.6