#include <SSLIOP_CredentialsAcquirer.h>
Inheritance diagram for TAO::SSLIOP::CredentialsAcquirer:
Public Member Functions | |
| CredentialsAcquirer (TAO::SL3::CredentialsCurator_ptr curator, const CORBA::Any &acquisition_arguments) | |
| Constructor. | |
SecurityLevel3::CredentialsAcquirer Methods | |
Methods required by the SecurityLevel3::CredentialsAcquirer interface. | |
| virtual char * | acquisition_method () throw (CORBA::SystemException) |
| virtual SecurityLevel3::AcquisitionStatus | current_status () throw (CORBA::SystemException) |
| virtual CORBA::ULong | nth_iteration () throw (CORBA::SystemException) |
| virtual CORBA::Any * | get_continuation_data () throw (CORBA::SystemException) |
| virtual SecurityLevel3::AcquisitionStatus | continue_acquisition (const CORBA::Any &acquisition_arguments) throw (CORBA::SystemException) |
| virtual SecurityLevel3::OwnCredentials_ptr | get_credentials (CORBA::Boolean on_list) throw (CORBA::SystemException) |
| virtual void | destroy () throw (CORBA::SystemException) |
Protected Member Functions | |
| ~CredentialsAcquirer (void) | |
| Destructor. | |
Private Member Functions | |
| void | check_validity () |
Static Private Member Functions | |
| ::X509 * | make_X509 (const::SSLIOP::File &certificate) |
| Create an OpenSSL X.509 certificate data structure. | |
| ::EVP_PKEY * | make_EVP_PKEY (const::SSLIOP::File &key) |
| Create an OpenSSL EVP_PKEY key data structure. | |
Private Attributes | |
| TAO_SYNCH_MUTEX | lock_ |
| Lock used for synchronization. | |
| TAO::SL3::CredentialsCurator_var | curator_ |
| Reference to the TAO CredentialsCurator implementation. | |
| const CORBA::Any & | acquisition_arguments_ |
| SSLIOP-specific credentials acquisition arguments. | |
| bool | destroyed_ |
This class generates SSLIOP-specific credentials.
Definition at line 61 of file SSLIOP_CredentialsAcquirer.h.
|
||||||||||||
|
Constructor.
Definition at line 78 of file SSLIOP_CredentialsAcquirer.cpp.
00081 : lock_ (), 00082 curator_ (TAO::SL3::CredentialsCurator::_duplicate (curator)), 00083 acquisition_arguments_ (acquisition_arguments), 00084 destroyed_ (false) 00085 { 00086 } |
|
|
Destructor. Protected destructor to enforce proper memory management through the reference counting mechanism. Definition at line 88 of file SSLIOP_CredentialsAcquirer.cpp.
00089 {
00090 }
|
|
|
|
|
|
Verify that this CredentialsAcquirer object is still valid, i.e. hasn't been destroyed. |
|
|
Definition at line 134 of file SSLIOP_CredentialsAcquirer.cpp. References ACE_THROW_RETURN.
00138 {
00139 // SSL/TLS credentials acquisition does generate continuation data.
00140 ACE_THROW_RETURN (CORBA::BAD_INV_ORDER (),
00141 SecurityLevel3::AQST_Failed);
00142 }
|
|
|
|
|
|
|
|
|
|
|
|
Definition at line 145 of file SSLIOP_CredentialsAcquirer.cpp. References ACE_CHECK_RETURN, ACE_DEBUG, ACE_ENV_ARG_PARAMETER, ACE_ENV_SINGLE_ARG_PARAMETER, ACE_NEW_THROW_EX, ACE_TEXT(), ACE_THROW_RETURN, TAO::SSLIOP::EVP_PKEY_var, TAO::SSLIOP::OpenSSL_st_var< T >::in(), LM_ERROR, TAO_debug_level, and TAO::SSLIOP::X509_var.
00148 {
00149 this->check_validity (ACE_ENV_SINGLE_ARG_PARAMETER);
00150 ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ());
00151
00152 ::SSLIOP::AuthData *data;
00153
00154 if (!(this->acquisition_arguments_ >>= data))
00155 ACE_THROW_RETURN (CORBA::BAD_PARAM (),
00156 SecurityLevel3::OwnCredentials::_nil ());
00157
00158 TAO::SSLIOP::X509_var x509 = this->make_X509 (data->certificate);
00159
00160 if (x509.in () == 0)
00161 ACE_THROW_RETURN (CORBA::BAD_PARAM (),
00162 SecurityLevel3::OwnCredentials::_nil ());
00163
00164 TAO::SSLIOP::EVP_PKEY_var evp = this->make_EVP_PKEY (data->key);
00165
00166 if (evp.in () == 0)
00167 ACE_THROW_RETURN (CORBA::BAD_PARAM (),
00168 SecurityLevel3::OwnCredentials::_nil ());
00169
00170 // Verify that the private key is consistent with the certificate.
00171 if (::X509_check_private_key (x509.in (), evp.in ()) != 1)
00172 {
00173 if (TAO_debug_level > 0)
00174 ACE_DEBUG ((LM_ERROR,
00175 ACE_TEXT ("(%P|%t) ERROR: Private key is not ")
00176 ACE_TEXT ("consistent with X.509 certificate")));
00177
00178 ACE_THROW_RETURN (CORBA::BAD_PARAM (),
00179 SecurityLevel3::OwnCredentials::_nil ());
00180 }
00181
00182 TAO::SSLIOP::OwnCredentials * creds;
00183 ACE_NEW_THROW_EX (creds,
00184 TAO::SSLIOP::OwnCredentials (x509.in (), evp.in ()),
00185 CORBA::NO_MEMORY ());
00186 ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ());
00187
00188 SecurityLevel3::OwnCredentials_var credentials = creds;
00189
00190 if (on_list)
00191 {
00192 this->curator_->_tao_add_own_credentials (creds
00193 ACE_ENV_ARG_PARAMETER);
00194 ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ());
00195 }
00196
00197 this->destroy (ACE_ENV_SINGLE_ARG_PARAMETER);
00198 ACE_CHECK_RETURN (SecurityLevel3::OwnCredentials::_nil ());
00199
00200 return credentials._retn ();
00201 }
|
|
|
Create an OpenSSL EVP_PKEY key data structure.
Definition at line 311 of file SSLIOP_CredentialsAcquirer.cpp. References ACE_ERROR, ACE_TEXT(), ACE_OS::fclose(), SSLIOP::File::filename, ACE_OS::fopen(), LM_ERROR, SSLIOP::File::password, TAO_debug_level, TAO_SSLIOP_PASSWORD_CALLBACK_NAME, and SSLIOP::File::type.
00312 {
00313 // No password is used or needed when reading ASN.1 encoded
00314 // private keys.
00315
00316 const char *filename = key.filename.in ();
00317
00318 if (filename == 0)
00319 return 0;
00320
00321 FILE *fp = 0;
00322 ::EVP_PKEY *evp = 0;
00323
00324 if (key.type == ::SSLIOP::ASN1)
00325 {
00326 // ASN.1/DER encoded private key
00327
00328 // No password is used or needed when reading ASN.1 encoded
00329 // private keys.
00330
00331 const char *filename = key.filename.in ();
00332
00333 if (filename == 0)
00334 return 0;
00335
00336 fp = ACE_OS::fopen (filename, "rb");
00337
00338 if (fp == 0)
00339 {
00340 if (TAO_debug_level > 0)
00341 ACE_ERROR ((LM_ERROR,
00342 ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ")
00343 ACE_TEXT ("- %p\n"),
00344 ACE_TEXT ("fopen")));
00345
00346 return 0;
00347 }
00348
00349 // Read ASN.1 / DER encoded private key from a file, and convert
00350 // it to OpenSSL's internal private key format.
00351 evp = ::d2i_PrivateKey_fp (fp, 0);
00352 }
00353 else
00354 {
00355 // PEM encoded private key
00356
00357 fp = ACE_OS::fopen (filename, "r");
00358
00359 if (fp == 0)
00360 {
00361 if (TAO_debug_level > 0)
00362 ACE_ERROR ((LM_ERROR,
00363 ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ")
00364 ACE_TEXT ("- %p\n"),
00365 ACE_TEXT ("fopen")));
00366
00367 return 0;
00368 }
00369
00370 const char *password = key.password.in ();
00371
00372 // Read PEM encoded private key from a file, and convert it to
00373 // OpenSSL's internal private key format.
00374 evp = PEM_read_PrivateKey (fp,
00375 0,
00376 TAO_SSLIOP_PASSWORD_CALLBACK_NAME,
00377 const_cast<char *> (password));
00378 }
00379
00380 (void) ACE_OS::fclose (fp);
00381
00382 if (evp == 0 && TAO_debug_level > 0)
00383 ACE_SSL_Context::report_error ();
00384
00385 return evp;
00386 }
|
|
|
Create an OpenSSL X.509 certificate data structure.
Definition at line 235 of file SSLIOP_CredentialsAcquirer.cpp. References ACE_ERROR, ACE_TEXT(), ACE_OS::fclose(), SSLIOP::File::filename, ACE_OS::fopen(), LM_ERROR, SSLIOP::File::password, TAO_debug_level, TAO_SSLIOP_PASSWORD_CALLBACK_NAME, and SSLIOP::File::type.
00236 {
00237 // No password is used or needed when reading ASN.1 encoded
00238 // certificates.
00239
00240 const char *filename = certificate.filename.in ();
00241
00242 if (filename == 0)
00243 return 0;
00244
00245 FILE *fp = 0;
00246 ::X509 *x = 0;
00247
00248 if (certificate.type == ::SSLIOP::ASN1)
00249 {
00250 // ASN.1/DER encoded certificate
00251
00252 // No password is used or needed when reading ASN.1 encoded
00253 // certificates.
00254
00255 const char *filename = certificate.filename.in ();
00256
00257 if (filename == 0)
00258 return 0;
00259
00260 fp = ACE_OS::fopen (filename, "rb");
00261
00262 if (fp == 0)
00263 {
00264 if (TAO_debug_level > 0)
00265 ACE_ERROR ((LM_ERROR,
00266 ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"),
00267 ACE_TEXT ("fopen")));
00268
00269 return 0;
00270 }
00271
00272 // Read ASN.1 / DER encoded X.509 certificate from a file, and
00273 // convert it to OpenSSL's internal X.509 format.
00274 x = ::d2i_X509_fp (fp, 0);
00275 }
00276 else
00277 {
00278 // PEM encoded certificate
00279
00280 fp = ACE_OS::fopen (filename, "r");
00281
00282 if (fp == 0)
00283 {
00284 if (TAO_debug_level > 0)
00285 ACE_ERROR ((LM_ERROR,
00286 ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"),
00287 ACE_TEXT ("fopen")));
00288
00289 return 0;
00290 }
00291
00292 const char *password = certificate.password.in ();
00293
00294 // Read PEM encoded X.509 certificate from a file, and convert
00295 // it to OpenSSL's internal X.509 format.
00296 x = PEM_read_X509 (fp,
00297 0,
00298 TAO_SSLIOP_PASSWORD_CALLBACK_NAME,
00299 const_cast<char *> (password));
00300 }
00301
00302 (void) ACE_OS::fclose (fp);
00303
00304 if (x == 0 && TAO_debug_level > 0)
00305 ACE_SSL_Context::report_error ();
00306
00307 return x;
00308 }
|
|
|
|
|
|
SSLIOP-specific credentials acquisition arguments.
Definition at line 135 of file SSLIOP_CredentialsAcquirer.h. |
|
|
Reference to the TAO CredentialsCurator implementation.
Definition at line 132 of file SSLIOP_CredentialsAcquirer.h. |
|
|
Has this CredentialsAcquirer object completed credentials acquisition or been explicitly destroyed? Definition at line 139 of file SSLIOP_CredentialsAcquirer.h. |
|
|
Lock used for synchronization.
Definition at line 129 of file SSLIOP_CredentialsAcquirer.h. |
1.3.6