TAO::SSLIOP_Credentials Class Reference

SSLIOP-specific implementation of the SecurityLevel3::Credentials interface. More...

#include <SSLIOP_Credentials.h>

Inheritance diagram for TAO::SSLIOP_Credentials:

[legend]Collaboration diagram for TAO::SSLIOP_Credentials:


Public Types
typedef SSLIOP::Credentials_ptr	_ptr_type
typedef SSLIOP::Credentials_var	_var_type
typedef SSLIOP::Credentials_out	_out_type
Public Member Functions
	SSLIOP_Credentials (::X509 cert,::EVP_PKEY evp)
	Constructor.
::EVP_PKEY *	evp (void)
	Return a pointer to the underlying private key.
bool	operator== (const SSLIOP_Credentials &rhs)
CORBA::ULong	hash (void) const
SecurityLevel3::Credentials Methods
Methods required by the SecurityLevel3::Credentials interface.
virtual char *	creds_id () throw (CORBA::SystemException)
virtual SecurityLevel3::CredentialsType	creds_type ()=0 throw (CORBA::SystemException)
virtual SecurityLevel3::CredentialsUsage	creds_usage () throw (CORBA::SystemException)
virtual TimeBase::UtcT	expiry_time () throw (CORBA::SystemException)
virtual SecurityLevel3::CredentialsState	creds_state () throw (CORBA::SystemException)
virtual char *	add_relinquished_listener (SecurityLevel3::RelinquishedCredentialsListener_ptr listener) throw (CORBA::SystemException)
virtual void	remove_relinquished_listener (const char *id) throw (CORBA::SystemException)

::X509 *	x509 (void)
	Return a pointer to the underlying X.509 certificate.
Static Public Member Functions
SSLIOP::Credentials_ptr	_duplicate (SSLIOP::Credentials_ptr obj)
SSLIOP::Credentials_ptr	_narrow (CORBA::Object_ptr obj)
SSLIOP::Credentials_ptr	_nil (void)
Protected Member Functions
	~SSLIOP_Credentials (void)
	Destructor.
Protected Attributes
SSLIOP::X509_var	x509_
SSLIOP::EVP_PKEY_var	evp_
CORBA::String_var	id_
	Credentials Identifier.
SecurityLevel3::CredentialsUsage	creds_usage_
	The intended usage of the Credentials.
TimeBase::UtcT	expiry_time_
	The time these Credentials expire.
SecurityLevel3::CredentialsState	creds_state_
	The validity of the Credentials.

Detailed Description

SSLIOP-specific implementation of the SecurityLevel3::Credentials interface.

This class encapsulates the X.509 certificate associated with a given a principal.

Note:: Why is this class not the TAO::SSLIOP namespace? Because brain damaged MSVC++ 6 cannot call a base class constructor of class declared in a namespace that is more than one level deep in a sub-class base member initializer list.

Definition at line 58 of file SSLIOP_Credentials.h.

Member Typedef Documentation

typedef SSLIOP::Credentials_out TAO::SSLIOP_Credentials::_out_type

Reimplemented from CORBA::LocalObject.
Reimplemented in TAO::SSLIOP::OwnCredentials.
Definition at line 65 of file SSLIOP_Credentials.h.

typedef SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_ptr_type

Reimplemented from CORBA::LocalObject.
Reimplemented in TAO::SSLIOP::OwnCredentials.
Definition at line 63 of file SSLIOP_Credentials.h.

typedef SSLIOP::Credentials_var TAO::SSLIOP_Credentials::_var_type

Reimplemented from CORBA::LocalObject.
Reimplemented in TAO::SSLIOP::OwnCredentials.
Definition at line 64 of file SSLIOP_Credentials.h.

Constructor & Destructor Documentation

TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP_Credentials::SSLIOP_Credentials ( ::X509 * cert,

::EVP_PKEY * evp

)

Constructor.

Definition at line 19 of file SSLIOP_Credentials.cpp.
References ACE_CString, ACE_SIZEOF_LONG_LONG, ACE_UINT64_LITERAL, EVP_PKEY, expiry_time_, CORBA::string_dup(), TimeBase::UtcT::time, and X509.

00020 : x509_ (TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (cert)), 00021 evp_ (TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (evp)), 00022 id_ (), 00023 creds_usage_ (SecurityLevel3::CU_Indefinite), 00024 expiry_time_ (), 00025 creds_state_ (SecurityLevel3::CS_Invalid) 00026 { 00027 ::X509 *x = cert; 00028 00029 if (x != 0) 00030 { 00031 // We use the X.509 certificate's serial number as the 00032 // credentials Id. 00033 BIGNUM * bn = ASN1_INTEGER_to_BN (::X509_get_serialNumber (x), 0); 00034 if (BN_is_zero (bn)) 00035 this->id_ = CORBA::string_dup ("X509: 00"); 00036 else 00037 { 00038 char * id = BN_bn2hex (bn); 00039 00040 ACE_CString s = 00041 ACE_CString ("X509: ") 00042 + ACE_CString (const_cast<const char *> (id)); 00043 00044 this->id_ = CORBA::string_dup (s.c_str ()); 00045 00046 #ifdef OPENSSL_free 00047 OPENSSL_free (id); 00048 #else 00049 // Older versions of OpenSSL didn't define the OpenSSL 00050 // macro. 00051 CRYPTO_free (id); 00052 #endif /* OPENSSL_free */ 00053 } 00054 00055 // ------------------------------------------- 00056 00057 TimeBase::UtcT & t = this->expiry_time_; 00058 00059 const ASN1_TIME * exp = X509_get_notAfter (x); 00060 00061 if (exp->length > ACE_SIZEOF_LONG_LONG) 00062 { 00063 // @@ Will this ever happen? 00064 00065 // Overflow! 00066 t.time = ACE_UINT64_LITERAL (0xffffffffffffffff); 00067 } 00068 else 00069 { 00070 t.time = 0; 00071 for (int i = 0; i < exp->length; ++i) 00072 { 00073 t.time <<= 8; 00074 t.time |= (unsigned char) exp->data[i]; 00075 } 00076 } 00077 } 00078 }

TAO::SSLIOP_Credentials::~SSLIOP_Credentials ( void ) [protected]

Destructor.
Protected destructor to enforce proper memory management through the reference counting mechanism.
Definition at line 80 of file SSLIOP_Credentials.cpp.

00081 { 00082 }

Member Function Documentation

TAO::SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_duplicate ( SSLIOP::Credentials_ptr obj ) [static]

Definition at line 222 of file SSLIOP_Credentials.cpp.
References TAO_Local_RefCounted_Object::_add_ref(), TAO::SSLIOP::Credentials_ptr, and CORBA::is_nil().
Referenced by _narrow(), and tao_TAO_SSLIOP_Credentials_duplicate().

00223 { 00224 if (!CORBA::is_nil (obj)) 00225 obj->_add_ref (); 00226 00227 return obj; 00228 }

TAO::SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_narrow ( CORBA::Object_ptr obj ) [static]

Reimplemented from CORBA::LocalObject.
Reimplemented in TAO::SSLIOP::OwnCredentials.
Definition at line 214 of file SSLIOP_Credentials.cpp.
References _duplicate().
Referenced by tao_TAO_SSLIOP_Credentials_narrow().

00216 { 00217 return TAO::SSLIOP_Credentials::_duplicate ( 00218 dynamic_cast<TAO::SSLIOP_Credentials *> (obj)); 00219 }

SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_nil ( void ) [inline, static]

Reimplemented from CORBA::LocalObject.
Reimplemented in TAO::SSLIOP::OwnCredentials.
Definition at line 135 of file SSLIOP_Credentials.h.
References TAO::SSLIOP::Credentials_ptr.
Referenced by tao_TAO_SSLIOP_Credentials_nil().

00136 { 00137 return (SSLIOP::Credentials_ptr) 0; 00138 }

char * TAO::SSLIOP_Credentials::add_relinquished_listener ( SecurityLevel3::RelinquishedCredentialsListener_ptr listener ) throw (CORBA::SystemException) [virtual]

Definition at line 154 of file SSLIOP_Credentials.cpp.
References ACE_THROW_RETURN.

00158 { 00159 ACE_THROW_RETURN (CORBA::NO_IMPLEMENT (), 0); 00160 }

virtual char* TAO::SSLIOP_Credentials::creds_id ( ) throw (CORBA::SystemException) [virtual]

virtual SecurityLevel3::CredentialsState TAO::SSLIOP_Credentials::creds_state ( ) throw (CORBA::SystemException) [virtual]

virtual SecurityLevel3::CredentialsType TAO::SSLIOP_Credentials::creds_type ( ) throw (CORBA::SystemException) [pure virtual]

Implemented in TAO::SSLIOP::ClientCredentials.
Referenced by operator==().

virtual SecurityLevel3::CredentialsUsage TAO::SSLIOP_Credentials::creds_usage ( ) throw (CORBA::SystemException) [virtual]

ACE_INLINE::EVP_PKEY * TAO::SSLIOP_Credentials::evp ( void )

Return a pointer to the underlying private key.

Returns:
Non-zero value if private key is used.

Note:
Caller owns the returned object. Use a TAO::SSLIOP::EVP_PKEY_var.

Definition at line 15 of file SSLIOP_Credentials.inl.
References TAO::SSLIOP::_duplicate().

00016 { 00017 return 00018 TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (this->evp_.in ()); 00019 }

virtual TimeBase::UtcT TAO::SSLIOP_Credentials::expiry_time ( ) throw (CORBA::SystemException) [virtual]

CORBA::ULong TAO::SSLIOP_Credentials::hash ( void ) const

Definition at line 206 of file SSLIOP_Credentials.cpp.
References TAO::SSLIOP::OpenSSL_st_var< T >::in(), x509(), and x509_.

00207 { 00208 ::X509 * x509 = this->x509_.in (); 00209 00210 return (x509 == 0 ? 0 : ::X509_issuer_name_hash (x509)); 00211 }

bool TAO::SSLIOP_Credentials::operator== ( const SSLIOP_Credentials & rhs )

Definition at line 171 of file SSLIOP_Credentials.cpp.
References ACE_CHECK_RETURN, ACE_DECLARE_NEW_CORBA_ENV, ACE_ENV_SINGLE_ARG_PARAMETER, creds_type(), creds_usage_, TAO::SSLIOP::OpenSSL_st_var< T >::in(), and x509_.

00172 { 00173 ::X509 * xa = this->x509_.in (); 00174 ::X509 * xb = rhs.x509_.in (); 00175 // EVP_PKEY *ea = this->evp_.in (); 00176 // EVP_PKEY *eb = rhs.evp_.in (); 00177 00178 ACE_DECLARE_NEW_CORBA_ENV; 00179 // No need for a full blown ACE_TRY/CATCH block. 00180 00181 const SecurityLevel3::CredentialsType lct = 00182 this->creds_type (ACE_ENV_SINGLE_ARG_PARAMETER); 00183 ACE_CHECK_RETURN (false); 00184 00185 const SecurityLevel3::CredentialsType rct = 00186 const_cast<TAO::SSLIOP_Credentials &> (rhs).creds_type ( 00187 ACE_ENV_SINGLE_ARG_PARAMETER); 00188 ACE_CHECK_RETURN (false); 00189 00190 // Don't bother check the creds_id and expiry_time attributes. They 00191 // are checked implicitly by the below X509_cmp() call. 00192 // 00193 // Additionally, the creds_state attribute is not included in the 00194 // check since it is not considered important when distinguishing 00195 // between two Credentials. 00196 00197 return 00198 lct == rct 00199 && this->creds_usage_ == rhs.creds_usage_ 00200 && ((xa == xb) || (xa != 0 && xb != 0 && ::X509_cmp (xa, xb) == 0)) 00201 // && ((ea == eb) || (ea != 0 && eb != 0 && ::EVP_PKEY_cmp (ea, eb) == 0)) 00202 ; 00203 }

void TAO::SSLIOP_Credentials::remove_relinquished_listener ( const char * id ) throw (CORBA::SystemException) [virtual]

Definition at line 163 of file SSLIOP_Credentials.cpp.
References ACE_THROW.

00166 { 00167 ACE_THROW (CORBA::NO_IMPLEMENT ()); 00168 }

TAO_BEGIN_VERSIONED_NAMESPACE_DECL ACE_INLINE::X509 * TAO::SSLIOP_Credentials::x509 ( void )

Return a pointer to the underlying X.509 certificate.

Note:
Caller owns the returned object. Use a TAO::SSLIOP::X509_var.

Definition at line 8 of file SSLIOP_Credentials.inl.
References TAO::SSLIOP::_duplicate().
Referenced by hash().

00009 { 00010 return 00011 TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (this->x509_.in ()); 00012 }

Member Data Documentation

SecurityLevel3::CredentialsState TAO::SSLIOP_Credentials::creds_state_ [protected]

The validity of the Credentials.

Definition at line 171 of file SSLIOP_Credentials.h.

SecurityLevel3::CredentialsUsage TAO::SSLIOP_Credentials::creds_usage_ [protected]

The intended usage of the Credentials.

Definition at line 165 of file SSLIOP_Credentials.h.
Referenced by operator==().

SSLIOP::EVP_PKEY_var TAO::SSLIOP_Credentials::evp_ [protected]

Reference to the private key associated with the X.509 certificate.
Definition at line 159 of file SSLIOP_Credentials.h.

TimeBase::UtcT TAO::SSLIOP_Credentials::expiry_time_ [protected]

The time these Credentials expire.

Definition at line 168 of file SSLIOP_Credentials.h.
Referenced by SSLIOP_Credentials().

CORBA::String_var TAO::SSLIOP_Credentials::id_ [protected]

Credentials Identifier.

Definition at line 162 of file SSLIOP_Credentials.h.

SSLIOP::X509_var TAO::SSLIOP_Credentials::x509_ [protected]

Reference to the X.509 certificate associated with this SSLIOP Credentials object.
Definition at line 155 of file SSLIOP_Credentials.h.
Referenced by hash(), and operator==().

The documentation for this class was generated from the following files:

Generated on Thu Nov 9 13:55:36 2006 for TAO_SSLIOP by

1.3.6

TAO::SSLIOP_Credentials Class Reference

Public Types

Public Member Functions

Static Public Member Functions

Protected Member Functions

Protected Attributes

Detailed Description

Member Typedef Documentation

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation