#include <SSLIOP_Endpoint.h>
Inheritance diagram for TAO_SSLIOP_Endpoint:
Public Member Functions | |
| TAO_SSLIOP_Endpoint (const::SSLIOP::SSL *ssl_component, TAO_IIOP_Endpoint *iiop_endp) | |
| Constructor. | |
| virtual | ~TAO_SSLIOP_Endpoint (void) |
| Destructor. | |
| int | credentials_set (void) const |
TAO_Endpoint Methods | |
| virtual TAO_Endpoint * | next (void) |
| virtual int | addr_to_string (char *buffer, size_t length) |
| CORBA::Boolean | is_equivalent (const TAO_Endpoint *other_endpoint) |
| virtual TAO_Endpoint * | duplicate (void) |
| virtual CORBA::ULong | hash (void) |
SSLIOP_Endpoint-specific Methods | |
| const::SSLIOP::SSL & | ssl_component (void) const |
| Return SSL component corresponding to this endpoint. | |
| TAO_IIOP_Endpoint * | iiop_endpoint (void) const |
| Accessor to our IIOP counterpart. | |
| void | iiop_endpoint (TAO_IIOP_Endpoint *endpoint, bool destroy) |
| Mutator to our IIOP counterpart. | |
| const ACE_INET_Addr & | object_addr (void) const |
| Return the SSLIOP-specific ACE_INET_Addr. | |
| void | set_sec_attrs (::Security::QOP qop, const::Security::EstablishTrust &trust, const TAO::SSLIOP::OwnCredentials_ptr creds) |
| ::Security::QOP | qop (void) const |
| Get the Quality-of-Protection settings for this endpoint. | |
| ::Security::EstablishTrust | trust (void) const |
| Get the establishment of trust settings for this endpoint. | |
| TAO::SSLIOP::OwnCredentials * | credentials (void) const |
| Get the credentials for this endpoint. | |
Protected Attributes | |
| ::SSLIOP::SSL | ssl_component_ |
Private Attributes | |
| ACE_INET_Addr | object_addr_ |
| TAO_SSLIOP_Endpoint * | next_ |
| TAO_IIOP_Endpoint * | iiop_endpoint_ |
| IIOP counterpart. | |
| bool | destroy_iiop_endpoint_ |
| ::Security::QOP | qop_ |
| Quailty-of-Protection settings for this endpoint object. | |
| ::Security::EstablishTrust | trust_ |
| Establishment of trust settings for this endpoint object. | |
| TAO::SSLIOP::OwnCredentials_var | credentials_ |
| SSLIOP-specific credentials for this endpoint object. | |
| int | credentials_set_ |
| A flag indicating that credentials_ was explicitly initialized. | |
Friends | |
| class | TAO_SSLIOP_Profile |
|
||||||||||||
|
Constructor.
Definition at line 22 of file SSLIOP_Endpoint.cpp. References ACE_SET_BITS, SSLIOP::SSL::port, ACE_Addr::set_type(), SSLIOP::SSL::target_requires, SSLIOP::SSL::target_supports, Security::EstablishTrust::trust_in_client, and Security::EstablishTrust::trust_in_target.
00024 : TAO_Endpoint (IOP::TAG_INTERNET_IOP), 00025 object_addr_ (), 00026 next_ (0), 00027 iiop_endpoint_ (iiop_endp), 00028 destroy_iiop_endpoint_ (false), 00029 qop_ (::Security::SecQOPIntegrityAndConfidentiality), 00030 #if !defined (VXWORKS) && !defined (__QNX__) 00031 // Some compilers don't like the initialization 00032 trust_ (), 00033 #endif /* !VXWORKS && !__QNX__ */ 00034 credentials_ (), 00035 credentials_set_ (0) 00036 { 00037 if (ssl_component != 0) 00038 { 00039 // Copy the security association options in the IOR's SSL tagged 00040 // component. 00041 this->ssl_component_.target_supports = ssl_component->target_supports; 00042 this->ssl_component_.target_requires = ssl_component->target_requires; 00043 this->ssl_component_.port = ssl_component->port; 00044 } 00045 else 00046 { 00047 // No SSL tagged component is available so construct a default 00048 // set of security association options, in addition to the IANA 00049 // assigned IIOP over SSL port (684). This is generally a 00050 // client side issue. 00051 00052 // Clear all bits in the SSLIOP::SSL association option fields. 00053 this->ssl_component_.target_supports = 0; 00054 this->ssl_component_.target_requires = 0; 00055 00056 // SSLIOP requires these Security::AssociationOptions by default. 00057 ACE_SET_BITS (this->ssl_component_.target_requires, 00058 ::Security::Integrity 00059 | ::Security::Confidentiality 00060 | ::Security::NoDelegation); 00061 00062 // SSLIOP supports these Security::AssociationOptions by 00063 // default. 00064 // 00065 // Note that the Security::NoProtection bit is set since we 00066 // can't be sure if the server supports SSL, and TAO's SSLIOP 00067 // implementation must support IIOP over SSL and plain IIOP. 00068 ACE_SET_BITS (this->ssl_component_.target_supports, 00069 ::Security::Integrity 00070 | ::Security::Confidentiality 00071 | ::Security::EstablishTrustInTarget 00072 | ::Security::NoProtection 00073 | ::Security::NoDelegation); 00074 00075 // Initialize the default SSL port to zero, not the IANA 00076 // assigned IIOP over SSL port (684). We usually only get here 00077 // if we're creating a profile on the client side using an IOR 00078 // that does not contain an SSLIOP tagged component. 00079 this->ssl_component_.port = 0; 00080 } 00081 00082 // Invalidate the Addr until the first attempt to use it is made. 00083 this->object_addr_.set_type (-1); 00084 00085 this->trust_.trust_in_target = 1; 00086 this->trust_.trust_in_client = 1; 00087 } |
|
|
Destructor.
Definition at line 89 of file SSLIOP_Endpoint.cpp. References destroy_iiop_endpoint_, and iiop_endpoint_.
00090 {
00091 if (this->destroy_iiop_endpoint_)
00092 delete this->iiop_endpoint_;
00093 }
|
|
||||||||||||
|
Implements TAO_Endpoint. Definition at line 131 of file SSLIOP_Endpoint.cpp. References SSLIOP::SSL::port, ACE_OS::sprintf(), and ACE_OS::strlen().
00132 {
00133 size_t actual_len =
00134 ACE_OS::strlen (this->iiop_endpoint_->host ()) // chars in host name
00135 + sizeof (':') // delimiter
00136 + ACE_OS::strlen ("65536") // max port
00137 + sizeof ('\0');
00138
00139 if (length < actual_len)
00140 return -1;
00141
00142 ACE_OS::sprintf (buffer,
00143 "%s:%d",
00144 this->iiop_endpoint_->host (),
00145 this->ssl_component_.port);
00146
00147 return 0;
00148 }
|
|
|
Get the credentials for this endpoint.
Definition at line 59 of file SSLIOP_Endpoint.i. References credentials_, and TAO_Pseudo_Var_T< T >::in(). Referenced by TAO_SSLIOP_Synthetic_Endpoint::duplicate(), and is_equivalent().
00060 {
00061 return this->credentials_.in ();
00062 }
|
|
|
Credentials are not supplied by the constructor, and it is valid to have a nil credential, for instance if the SSL_use_certificate() method returns 0. Therefore it is necessary to have a new method to distinguish between a credential that is nil because it has not been set, vs one that was set to nil explicitly. Definition at line 65 of file SSLIOP_Endpoint.i. References credentials_set_. Referenced by TAO_SSLIOP_Synthetic_Endpoint::duplicate().
00066 {
00067 return this->credentials_set_;
00068 }
|
|
|
Return a copy of the corresponding endpoints by allocating memory. Implements TAO_Endpoint. Reimplemented in TAO_SSLIOP_Synthetic_Endpoint. Definition at line 197 of file SSLIOP_Endpoint.cpp. References ACE_NEW_RETURN, credentials_set_, TAO_Endpoint::hash_val_, iiop_endpoint(), and set_sec_attrs().
00198 {
00199 TAO_SSLIOP_Endpoint *endpoint = 0;
00200
00201 // @@ We need to set the priority of the newly formed endpoint. It
00202 // shouldnt be a problem as long as SSL is not used with RTCORBA.
00203 ACE_NEW_RETURN (endpoint,
00204 TAO_SSLIOP_Endpoint (&this->ssl_component_,
00205 0),
00206 0);
00207
00208 if (this->credentials_set_)
00209 endpoint->set_sec_attrs (this->qop_,this->trust_, this->credentials_.in());
00210
00211 endpoint->iiop_endpoint (this->iiop_endpoint_, true);
00212 endpoint->hash_val_ = this->hash_val_;
00213 return endpoint;
00214 }
|
|
|
Return a hash value for this object. Note that only the IP address and port are used to generate the hash value. This may cause a few more hash table collisions in the transport cache, because a synthesized SSLIOP endpoints for an address will have the same hash value as a fully qualified one. The redeeming feature is that it makes / bi-directional SSLIOP work by allowing descendent class (Synthetic_Endpoint) instances to be used as keys in the cache manager and match other fully qualified endpoint. (which were used earlier to cache a particular transport) Implements TAO_Endpoint. Definition at line 217 of file SSLIOP_Endpoint.cpp. References ACE_GUARD_RETURN, ACE_INET_Addr::get_ip_address(), object_addr(), SSLIOP::SSL::port, and TAO_SYNCH_MUTEX. Referenced by TAO_SSLIOP_Synthetic_Endpoint::duplicate().
00218 {
00219 // there is actually the potential for a race of the inverse case,
00220 // since setting the security attributes will reset the hash_val_,
00221 // it is possible this test to pass, but then have the hash reset
00222 // before the value is returned.
00223 if (this->hash_val_ != 0)
00224 return this->hash_val_;
00225
00226 // Do this with no locks held, as it may try to acquire it, too.
00227 const ACE_INET_Addr &oaddr = this->object_addr();
00228
00229 { // nested scope for the lock
00230 ACE_GUARD_RETURN (TAO_SYNCH_MUTEX,
00231 guard,
00232 this->addr_lookup_lock_,
00233 this->hash_val_);
00234 // .. DCL
00235 if (this->hash_val_ != 0)
00236 return this->hash_val_;
00237
00238
00239 // Note that we are not using the underlying IIOP endpoint's hash
00240 // value in order to avoid the influence of the IIOP port number,
00241 // since it is ignored anyway. When it features a
00242 // purely fictional port number, as when accepting an SSL
00243 // connection, the unsecured port is undefined and
00244 // had we used it in computing the hash it would have broken the
00245 // bi-directional support - as the 'guessed' IIOP port value will
00246 // hardly match the one specified in the bi-dir service context.
00247 this->hash_val_ =
00248 oaddr.get_ip_address ()
00249 + this->ssl_component_.port;
00250 }
00251
00252 return this->hash_val_;
00253 }
|
|
||||||||||||
|
Mutator to our IIOP counterpart.
Definition at line 15 of file SSLIOP_Endpoint.i. References destroy_iiop_endpoint_, TAO_IIOP_Endpoint::duplicate(), and iiop_endpoint_.
00017 {
00018 if (iiop_endpoint != 0)
00019 {
00020 TAO_IIOP_Endpoint *new_endpoint = 0;
00021
00022 if (destroy)
00023 {
00024 TAO_Endpoint *endpoint = iiop_endpoint->duplicate ();
00025
00026 new_endpoint = dynamic_cast<TAO_IIOP_Endpoint *> (endpoint);
00027
00028 }
00029 else
00030 new_endpoint = iiop_endpoint;
00031
00032 if (this->destroy_iiop_endpoint_)
00033 delete this->iiop_endpoint_;
00034
00035 this->iiop_endpoint_ = new_endpoint;
00036 this->destroy_iiop_endpoint_ = destroy;
00037 }
00038 }
|
|
|
Accessor to our IIOP counterpart.
Definition at line 9 of file SSLIOP_Endpoint.i. References iiop_endpoint_. Referenced by TAO_SSLIOP_Profile::add_endpoint(), TAO::SSLIOP::Acceptor::create_shared_profile(), TAO_SSLIOP_Profile::decode(), TAO_SSLIOP_Profile::decode_tagged_endpoints(), TAO_SSLIOP_Synthetic_Endpoint::duplicate(), duplicate(), TAO::SSLIOP::Acceptor::is_collocated(), TAO_SSLIOP_Synthetic_Endpoint::is_equivalent(), is_equivalent(), TAO_SSLIOP_Profile::parse_string(), and TAO_SSLIOP_Profile::TAO_SSLIOP_Profile().
00010 {
00011 return this->iiop_endpoint_;
00012 }
|
|
|
Return true if this endpoint is equivalent to
Implements TAO_Endpoint. Reimplemented in TAO_SSLIOP_Synthetic_Endpoint. Definition at line 158 of file SSLIOP_Endpoint.cpp. References credentials(), credentials_, TAO_IIOP_Endpoint::host(), iiop_endpoint(), TAO_Pseudo_Var_T< T >::in(), CORBA::is_nil(), SSLIOP::SSL::port, qop(), ssl_component_, ACE_OS::strcmp(), trust(), Security::EstablishTrust::trust_in_client, and Security::EstablishTrust::trust_in_target. Referenced by TAO_SSLIOP_Profile::do_is_equivalent().
00159 {
00160 TAO_Endpoint *endpt = const_cast<TAO_Endpoint *> (other_endpoint);
00161
00162 TAO_SSLIOP_Endpoint *endpoint =
00163 dynamic_cast<TAO_SSLIOP_Endpoint *> (endpt);
00164
00165 if (endpoint == 0)
00166 return 0;
00167
00168 ::Security::EstablishTrust t = endpoint->trust ();
00169
00170 if ((this->ssl_component_.port != 0
00171 && endpoint->ssl_component_.port != 0
00172 && this->ssl_component_.port != endpoint->ssl_component_.port)
00173 || this->qop_ != endpoint->qop ()
00174 || this->trust_.trust_in_target != t.trust_in_target
00175 || this->trust_.trust_in_client != t.trust_in_client
00176 || (!CORBA::is_nil (this->credentials_.in ())
00177 && !(*this->credentials_.in () == *endpoint->credentials ())))
00178 {
00179 return 0;
00180 }
00181
00182 // Comparing the underlying iiop endpoints is wrong, as their port
00183 // numbers often may not make sense. Or may not being used anyway.
00184 // Therefore, we only need to directly compare the hosts. See also the
00185 // comments in the hash() method.
00186 if (this->iiop_endpoint() == 0 || endpoint->iiop_endpoint() == 0)
00187 return 0;
00188
00189 if ((ACE_OS::strcmp (this->iiop_endpoint()->host (),
00190 endpoint->iiop_endpoint()->host ()) != 0))
00191 return 0;
00192
00193 return 1;
00194 }
|
|
|
Implements TAO_Endpoint. Definition at line 152 of file SSLIOP_Endpoint.cpp. Referenced by TAO_SSLIOP_Profile::~TAO_SSLIOP_Profile().
00153 {
00154 return this->next_;
00155 }
|
|
|
Return the SSLIOP-specific ACE_INET_Addr.
Definition at line 257 of file SSLIOP_Endpoint.cpp. References ACE_GUARD_RETURN, ACE_Addr::get_type(), iiop_endpoint_, TAO_IIOP_Endpoint::object_addr(), ACE_INET_Addr::set_port_number(), and TAO_SYNCH_MUTEX. Referenced by hash().
00258 {
00259 // The object_addr_ is initialized here, rather than at IOR decode
00260 // time for several reasons:
00261 // 1. A request on the object may never be invoked.
00262 // 2. The DNS setup may have changed dynamically.
00263 // ...etc..
00264
00265 // Double checked locking optimization.
00266 if (this->object_addr_.get_type () != AF_INET)
00267 {
00268 const ACE_INET_Addr &iiop_addr = this->iiop_endpoint_->object_addr ();
00269
00270 ACE_GUARD_RETURN (TAO_SYNCH_MUTEX,
00271 guard,
00272 this->addr_lookup_lock_,
00273 this->object_addr_);
00274
00275 if (this->object_addr_.get_type () != AF_INET)
00276 {
00277 this->object_addr_ = iiop_addr;
00278 this->object_addr_.set_port_number (this->ssl_component_.port);
00279 }
00280 }
00281
00282 return this->object_addr_;
00283 }
|
|
|
Get the Quality-of-Protection settings for this endpoint.
Definition at line 47 of file SSLIOP_Endpoint.i. Referenced by TAO_SSLIOP_Synthetic_Endpoint::is_equivalent(), and is_equivalent().
00048 {
00049 return this->qop_;
00050 }
|
|
||||||||||||||||
|
Set the Quality-of-Protection, establishment of trust, and credentials for this endpoint. This is all done in one function so that the guard may be used uniformly. Definition at line 286 of file SSLIOP_Endpoint.cpp. References TAO::SSLIOP::OwnCredentials::_duplicate(), ACE_GUARD, credentials_, credentials_set_, TAO::SSLIOP::OwnCredentials_ptr, and TAO_SYNCH_MUTEX. Referenced by TAO_SSLIOP_Synthetic_Endpoint::duplicate(), and duplicate().
00289 {
00290 if (this->credentials_set_)
00291 return;
00292
00293 ACE_GUARD (TAO_SYNCH_MUTEX,
00294 guard,
00295 this->addr_lookup_lock_);
00296
00297 // double-check
00298 if (this->credentials_set_)
00299 return;
00300
00301 this->qop_ = q;
00302 this->trust_ = t;
00303 this->credentials_ = TAO::SSLIOP::OwnCredentials::_duplicate (c);
00304 this->credentials_set_ = 1;
00305
00306 // reset the hash value to force a recomputation.
00307 this->hash_val_ = 0;
00308 }
|
|
|
Return SSL component corresponding to this endpoint.
Definition at line 41 of file SSLIOP_Endpoint.i. Referenced by TAO_SSLIOP_Profile::encode_endpoints(), and TAO_SSLIOP_Synthetic_Endpoint::is_equivalent().
00042 {
00043 return this->ssl_component_;
00044 }
|
|
|
Get the establishment of trust settings for this endpoint.
Definition at line 53 of file SSLIOP_Endpoint.i. Referenced by TAO_SSLIOP_Synthetic_Endpoint::duplicate(), and is_equivalent().
00054 {
00055 return this->trust_;
00056 }
|
|
|
Definition at line 59 of file SSLIOP_Endpoint.h. |
|
|
SSLIOP-specific credentials for this endpoint object.
Definition at line 191 of file SSLIOP_Endpoint.h. Referenced by credentials(), is_equivalent(), and set_sec_attrs(). |
|
|
A flag indicating that credentials_ was explicitly initialized.
Definition at line 194 of file SSLIOP_Endpoint.h. Referenced by credentials_set(), duplicate(), and set_sec_attrs(). |
|
|
Flag that determines whether or not the iiop_endpoint_ member is deallocated with delete(). Definition at line 182 of file SSLIOP_Endpoint.h. Referenced by iiop_endpoint(), and ~TAO_SSLIOP_Endpoint(). |
|
|
IIOP counterpart. Since SSLIOP is an 'extension' of IIOP, each SSLIOP_Endpoint contains SSL-specific information plus a pointer to the IIOP_Endpoint containing the IIOP portion of our address. Definition at line 178 of file SSLIOP_Endpoint.h. Referenced by iiop_endpoint(), object_addr(), and ~TAO_SSLIOP_Endpoint(). |
|
|
IIOP Endpoints can be stringed into a list. Return the next endpoint in the list, if any. Definition at line 170 of file SSLIOP_Endpoint.h. Referenced by TAO_SSLIOP_Profile::add_endpoint(), TAO_SSLIOP_Profile::decode(), TAO_SSLIOP_Profile::decode_tagged_endpoints(), TAO_SSLIOP_Profile::do_is_equivalent(), and TAO_SSLIOP_Profile::encode_endpoints(). |
|
|
Cached instance of ACE_INET_Addr for use in making invocations, etc. Definition at line 166 of file SSLIOP_Endpoint.h. |
|
|
Quailty-of-Protection settings for this endpoint object.
Definition at line 185 of file SSLIOP_Endpoint.h. |
|
|
Cache the SSL tagged component in a decoded format. Notice that we do not need to marshal this object! Definition at line 160 of file SSLIOP_Endpoint.h. Referenced by TAO_SSLIOP_Profile::decode(), TAO_SSLIOP_Profile::decode_tagged_endpoints(), is_equivalent(), and TAO_SSLIOP_Profile::parse_string(). |
|
|
Establishment of trust settings for this endpoint object.
Definition at line 188 of file SSLIOP_Endpoint.h. |
1.3.6