Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members | Related Pages | Search for 

TAO::IIOP_SSL_Transport Class Reference

IIOP Transport designed to be "SSL aware," i.e. it is aware of the existence of the SSLIOP Transport. It makes sure that SSL session state from a previous connection is not associated with the non-SSL connection handled by this handler. More...

#include <IIOP_SSL_Transport.h>

Inheritance diagram for TAO::IIOP_SSL_Transport:

Inheritance graph
[legend]
Collaboration diagram for TAO::IIOP_SSL_Transport:

Collaboration graph
[legend]
List of all members.

Overridden Template Methods

Please check the documentation in "tao/Transport.h" for more details.

virtual int handle_input (TAO_Resume_Handle &rh, ACE_Time_Value *max_wait_time=0, int block=0)
TAO::SSLIOP::Current_var current_
 Reference to the TAO::SSLIOP::Current object.


Public Member Functions

 IIOP_SSL_Transport (IIOP_SSL_Connection_Handler *handler, TAO_ORB_Core *orb_core, CORBA::Boolean flag=0)
 Constructor.

 ~IIOP_SSL_Transport (void)
 Default destructor.

Detailed Description

IIOP Transport designed to be "SSL aware," i.e. it is aware of the existence of the SSLIOP Transport. It makes sure that SSL session state from a previous connection is not associated with the non-SSL connection handled by this handler.

However, this class overrides the handle_input() method to invalidate the current TSS SSL state during a standard IIOP (insecure) upcall. This prevents SSL session state from a previous SSL connection from being associated with non-SSL connections processed by this connection handler. In particular, this is very important for closing a security hole in nested upcalls. For example, an SSLIOP request is made. During that secure upcall, an insecure nested upcall is made. A naive implementation would associate the TSS SSL state from the secure upcall with the insecure upcall. This implementation closes that security hole.

Definition at line 57 of file IIOP_SSL_Transport.h.

Constructor & Destructor Documentation

TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::IIOP_SSL_Transport::IIOP_SSL_Transport IIOP_SSL_Connection_Handler handler,
TAO_ORB_Core orb_core,
CORBA::Boolean  flag = 0
 

Constructor.

Definition at line 17 of file IIOP_SSL_Transport.cpp.

References TAO::SSLIOP::Util::current(). 

00021   : TAO_IIOP_Transport (handler,
00022                         orb_core,
00023                         flag)
00024 {
00025   this->current_ =
00026     TAO::SSLIOP::Util::current (orb_core);
00027 }

TAO::IIOP_SSL_Transport::~IIOP_SSL_Transport void   ) 
 

Default destructor.

Definition at line 29 of file IIOP_SSL_Transport.cpp. 

00030 {
00031 }

Member Function Documentation

int TAO::IIOP_SSL_Transport::handle_input TAO_Resume_Handle rh,
ACE_Time_Value max_wait_time = 0,
int  block = 0
[virtual]
 

Reimplemented from TAO_Transport.

Definition at line 34 of file IIOP_SSL_Transport.cpp.

References TAO_Transport::handle_input(). 

00037 {
00038   int result = 0;
00039 
00040   // Invalidate the TSS SSL session state to make sure that SSL state
00041   // from a previous SSL connection is not confused with this non-SSL
00042   // connection.
00043   TAO::Null_SSL_State_Guard guard (this->current_.in (), result);
00044 
00045   if (result != 0)
00046     return -1;
00047 
00048   return
00049     this->TAO_IIOP_Transport::handle_input (rh,
00050                                             max_wait_time,
00051                                             block);
00052 }

Member Data Documentation

TAO::SSLIOP::Current_var TAO::IIOP_SSL_Transport::current_ [protected]
 

Reference to the TAO::SSLIOP::Current object.

Definition at line 80 of file IIOP_SSL_Transport.h.

The documentation for this class was generated from the following files:
Generated on Thu Nov 9 13:55:34 2006 for TAO_SSLIOP by doxygen 1.3.6