Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members | Related Pages | Search for 

TAO::SSLIOP::CredentialsAcquirer Class Reference

SSLIOP-specific SecurityLevel3::CredentialsAcquirer implementation. More...

#include <SSLIOP_CredentialsAcquirer.h>

Inheritance diagram for TAO::SSLIOP::CredentialsAcquirer:

Inheritance graph
[legend]
Collaboration diagram for TAO::SSLIOP::CredentialsAcquirer:

Collaboration graph
[legend]
List of all members.

Public Member Functions

 CredentialsAcquirer (TAO::SL3::CredentialsCurator_ptr curator, const CORBA::Any &acquisition_arguments)
 Constructor.

SecurityLevel3::CredentialsAcquirer Methods
Methods required by the SecurityLevel3::CredentialsAcquirer interface.

virtual char * acquisition_method (void)
virtual SecurityLevel3::AcquisitionStatus current_status ()
virtual CORBA::ULong nth_iteration (void)
virtual CORBA::Any * get_continuation_data (void)
virtual SecurityLevel3::AcquisitionStatus continue_acquisition (const CORBA::Any &acquisition_arguments)
virtual SecurityLevel3::OwnCredentials_ptr get_credentials (CORBA::Boolean on_list)
virtual void destroy (void)

Protected Member Functions

 ~CredentialsAcquirer (void)
 Destructor.


Private Member Functions

void check_validity (void)

Static Private Member Functions

::X509make_X509 (const::SSLIOP::File &certificate)
 Create an OpenSSL X.509 certificate data structure.

::EVP_PKEYmake_EVP_PKEY (const::SSLIOP::File &key)
 Create an OpenSSL EVP_PKEY key data structure.


Private Attributes

TAO_SYNCH_MUTEX lock_
 Lock used for synchronization.

TAO::SL3::CredentialsCurator_var curator_
 Reference to the TAO CredentialsCurator implementation.

const CORBA::Any & acquisition_arguments_
 SSLIOP-specific credentials acquisition arguments.

bool destroyed_

Detailed Description

SSLIOP-specific SecurityLevel3::CredentialsAcquirer implementation.

This class generates SSLIOP-specific credentials.

Definition at line 61 of file SSLIOP_CredentialsAcquirer.h.

Constructor & Destructor Documentation

TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP::CredentialsAcquirer::CredentialsAcquirer TAO::SL3::CredentialsCurator_ptr  curator,
const CORBA::Any &  acquisition_arguments
 

Constructor.

Definition at line 78 of file SSLIOP_CredentialsAcquirer.cpp. 

00081   : lock_ (),
00082     curator_ (TAO::SL3::CredentialsCurator::_duplicate (curator)),
00083     acquisition_arguments_ (acquisition_arguments),
00084     destroyed_ (false)
00085 {
00086 }

TAO::SSLIOP::CredentialsAcquirer::~CredentialsAcquirer void   )  [protected]
 

Destructor.

Protected destructor to enforce proper memory management through the reference counting mechanism.

Definition at line 88 of file SSLIOP_CredentialsAcquirer.cpp. 

00089 {
00090 }

Member Function Documentation

char * TAO::SSLIOP::CredentialsAcquirer::acquisition_method void   )  [virtual]
 

Definition at line 93 of file SSLIOP_CredentialsAcquirer.cpp.

References check_validity(), and CORBA::string_dup(). 

00094 {
00095   this->check_validity ();
00096 
00097   return CORBA::string_dup ("SL3TLS");
00098 }

void TAO::SSLIOP::CredentialsAcquirer::check_validity void   )  [private]
 

Verify that this CredentialsAcquirer object is still valid, i.e. hasn't been destroyed.

Definition at line 200 of file SSLIOP_CredentialsAcquirer.cpp.

References ACE_GUARD, destroyed_, and TAO_SYNCH_MUTEX.

Referenced by acquisition_method(), current_status(), destroy(), get_credentials(), and nth_iteration(). 

00201 {
00202   ACE_GUARD (TAO_SYNCH_MUTEX,
00203              guard,
00204              this->lock_);
00205 
00206   if (this->destroyed_)
00207     throw CORBA::BAD_INV_ORDER ();
00208 }

SecurityLevel3::AcquisitionStatus TAO::SSLIOP::CredentialsAcquirer::continue_acquisition const CORBA::Any &  acquisition_arguments  )  [virtual]
 

Definition at line 126 of file SSLIOP_CredentialsAcquirer.cpp. 

00128 {
00129   // SSL/TLS credentials acquisition does generate continuation data.
00130   throw CORBA::BAD_INV_ORDER ();
00131 }

SecurityLevel3::AcquisitionStatus TAO::SSLIOP::CredentialsAcquirer::current_status  )  [virtual]
 

Definition at line 101 of file SSLIOP_CredentialsAcquirer.cpp.

References check_validity(). 

00102 {
00103   this->check_validity ();
00104 
00105   return SecurityLevel3::AQST_Succeeded;  // @@ Really?
00106 }

void TAO::SSLIOP::CredentialsAcquirer::destroy void   )  [virtual]
 

Definition at line 182 of file SSLIOP_CredentialsAcquirer.cpp.

References ACE_GUARD, check_validity(), curator_, destroyed_, and TAO_SYNCH_MUTEX.

Referenced by get_credentials(). 

00183 {
00184   this->check_validity ();
00185 
00186   ACE_GUARD (TAO_SYNCH_MUTEX,
00187              guard,
00188              this->lock_);
00189 
00190   if (!this->destroyed_)
00191     {
00192       this->destroyed_ = true;
00193 
00194       // Release our reference to the CredentialsCurator.
00195       (void) this->curator_.out ();
00196     }
00197 }

CORBA::Any * TAO::SSLIOP::CredentialsAcquirer::get_continuation_data void   )  [virtual]
 

Definition at line 119 of file SSLIOP_CredentialsAcquirer.cpp. 

00120 {
00121   // SSL/TLS credentials acquisition does generate continuation data.
00122   throw CORBA::BAD_INV_ORDER ();
00123 }

SecurityLevel3::OwnCredentials_ptr TAO::SSLIOP::CredentialsAcquirer::get_credentials CORBA::Boolean  on_list  )  [virtual]
 

Definition at line 134 of file SSLIOP_CredentialsAcquirer.cpp.

References ACE_DEBUG, ACE_NEW_THROW_EX, ACE_TEXT(), acquisition_arguments_, check_validity(), curator_, destroy(), TAO::SSLIOP::EVP_PKEY_var, TAO::SSLIOP::OpenSSL_st_var< T >::in(), LM_ERROR, make_EVP_PKEY(), make_X509(), TAO_debug_level, and TAO::SSLIOP::X509_var. 

00135 {
00136   this->check_validity ();
00137 
00138   ::SSLIOP::AuthData *data;
00139 
00140   if (!(this->acquisition_arguments_ >>= data))
00141     throw CORBA::BAD_PARAM ();
00142 
00143   TAO::SSLIOP::X509_var x509 = this->make_X509 (data->certificate);
00144 
00145   if (x509.in () == 0)
00146     throw CORBA::BAD_PARAM ();
00147 
00148   TAO::SSLIOP::EVP_PKEY_var evp = this->make_EVP_PKEY (data->key);
00149 
00150   if (evp.in () == 0)
00151     throw CORBA::BAD_PARAM ();
00152 
00153   // Verify that the private key is consistent with the certificate.
00154   if (::X509_check_private_key (x509.in (), evp.in ()) != 1)
00155     {
00156       if (TAO_debug_level > 0)
00157         ACE_DEBUG ((LM_ERROR,
00158                     ACE_TEXT ("(%P|%t) ERROR: Private key is not ")
00159                     ACE_TEXT ("consistent with X.509 certificate")));
00160 
00161       throw CORBA::BAD_PARAM ();
00162     }
00163 
00164   TAO::SSLIOP::OwnCredentials * creds;
00165   ACE_NEW_THROW_EX (creds,
00166                     TAO::SSLIOP::OwnCredentials (x509.in (), evp.in ()),
00167                     CORBA::NO_MEMORY ());
00168 
00169   SecurityLevel3::OwnCredentials_var credentials = creds;
00170 
00171   if (on_list)
00172     {
00173       this->curator_->_tao_add_own_credentials (creds);
00174     }
00175 
00176   this->destroy ();
00177 
00178   return credentials._retn ();
00179 }

EVP_PKEY * TAO::SSLIOP::CredentialsAcquirer::make_EVP_PKEY const::SSLIOP::File &  key  )  [static, private]
 

Create an OpenSSL EVP_PKEY key data structure.

Definition at line 287 of file SSLIOP_CredentialsAcquirer.cpp.

References ACE_ERROR, ACE_TEXT(), ACE_OS::fclose(), SSLIOP::File::filename, ACE_OS::fopen(), LM_ERROR, SSLIOP::File::password, TAO_debug_level, TAO_SSLIOP_PASSWORD_CALLBACK_NAME, and SSLIOP::File::type.

Referenced by get_credentials(). 

00288 {
00289   // No password is used or needed when reading ASN.1 encoded
00290   // private keys.
00291 
00292   const char *filename = key.filename.in ();
00293 
00294   if (filename == 0)
00295     return 0;
00296 
00297   FILE *fp = 0;
00298   ::EVP_PKEY *evp = 0;
00299 
00300   if (key.type == ::SSLIOP::ASN1)
00301     {
00302       // ASN.1/DER encoded private key
00303 
00304       // No password is used or needed when reading ASN.1 encoded
00305       // private keys.
00306 
00307       const char *filename = key.filename.in ();
00308 
00309       if (filename == 0)
00310         return 0;
00311 
00312       fp = ACE_OS::fopen (filename, "rb");
00313 
00314       if (fp == 0)
00315         {
00316           if (TAO_debug_level > 0)
00317             ACE_ERROR ((LM_ERROR,
00318                         ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ")
00319                         ACE_TEXT ("- %p\n"),
00320                         ACE_TEXT ("fopen")));
00321 
00322           return 0;
00323         }
00324 
00325       // Read ASN.1 / DER encoded private key from a file, and convert
00326       // it to OpenSSL's internal private key format.
00327       evp = ::d2i_PrivateKey_fp (fp, 0);
00328     }
00329   else
00330     {
00331       // PEM encoded private key
00332 
00333       fp = ACE_OS::fopen (filename, "r");
00334 
00335       if (fp == 0)
00336         {
00337           if (TAO_debug_level > 0)
00338             ACE_ERROR ((LM_ERROR,
00339                         ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ")
00340                         ACE_TEXT ("- %p\n"),
00341                         ACE_TEXT ("fopen")));
00342 
00343           return 0;
00344         }
00345 
00346       const char *password = key.password.in ();
00347 
00348       // Read PEM encoded private key from a file, and convert it to
00349       // OpenSSL's internal private key format.
00350       evp = PEM_read_PrivateKey (fp,
00351                                  0,
00352                                  TAO_SSLIOP_PASSWORD_CALLBACK_NAME,
00353                                  const_cast<char *> (password));
00354     }
00355 
00356   (void) ACE_OS::fclose (fp);
00357 
00358   if (evp == 0 && TAO_debug_level > 0)
00359     ACE_SSL_Context::report_error ();
00360 
00361   return evp;
00362 }

X509 * TAO::SSLIOP::CredentialsAcquirer::make_X509 const::SSLIOP::File &  certificate  )  [static, private]
 

Create an OpenSSL X.509 certificate data structure.

Definition at line 211 of file SSLIOP_CredentialsAcquirer.cpp.

References ACE_ERROR, ACE_TEXT(), ACE_OS::fclose(), SSLIOP::File::filename, ACE_OS::fopen(), LM_ERROR, SSLIOP::File::password, TAO_debug_level, TAO_SSLIOP_PASSWORD_CALLBACK_NAME, and SSLIOP::File::type.

Referenced by get_credentials(). 

00212 {
00213   // No password is used or needed when reading ASN.1 encoded
00214   // certificates.
00215 
00216   const char *filename = certificate.filename.in ();
00217 
00218   if (filename == 0)
00219     return 0;
00220 
00221   FILE *fp = 0;
00222   ::X509 *x = 0;
00223 
00224   if (certificate.type == ::SSLIOP::ASN1)
00225     {
00226       // ASN.1/DER encoded certificate
00227 
00228       // No password is used or needed when reading ASN.1 encoded
00229       // certificates.
00230 
00231       const char *filename = certificate.filename.in ();
00232 
00233       if (filename == 0)
00234         return 0;
00235 
00236       fp = ACE_OS::fopen (filename, "rb");
00237 
00238       if (fp == 0)
00239         {
00240           if (TAO_debug_level > 0)
00241             ACE_ERROR ((LM_ERROR,
00242                         ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"),
00243                         ACE_TEXT ("fopen")));
00244 
00245           return 0;
00246         }
00247 
00248       // Read ASN.1 / DER encoded X.509 certificate from a file, and
00249       // convert it to OpenSSL's internal X.509 format.
00250       x = ::d2i_X509_fp (fp, 0);
00251     }
00252   else
00253     {
00254       // PEM encoded certificate
00255 
00256       fp = ACE_OS::fopen (filename, "r");
00257 
00258       if (fp == 0)
00259         {
00260           if (TAO_debug_level > 0)
00261             ACE_ERROR ((LM_ERROR,
00262                         ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"),
00263                         ACE_TEXT ("fopen")));
00264 
00265           return 0;
00266         }
00267 
00268       const char *password = certificate.password.in ();
00269 
00270       // Read PEM encoded X.509 certificate from a file, and convert
00271       // it to OpenSSL's internal X.509 format.
00272       x = PEM_read_X509 (fp,
00273                          0,
00274                          TAO_SSLIOP_PASSWORD_CALLBACK_NAME,
00275                          const_cast<char *> (password));
00276     }
00277 
00278   (void) ACE_OS::fclose (fp);
00279 
00280   if (x == 0 && TAO_debug_level > 0)
00281     ACE_SSL_Context::report_error ();
00282 
00283   return x;
00284 }

CORBA::ULong TAO::SSLIOP::CredentialsAcquirer::nth_iteration void   )  [virtual]
 

Definition at line 109 of file SSLIOP_CredentialsAcquirer.cpp.

References check_validity(). 

00110 {
00111   this->check_validity ();
00112 
00113   // SSL/TLS credentials is single-step process from the point-of-view
00114   // of the caller.
00115   return 1;
00116 }

Member Data Documentation

const CORBA::Any& TAO::SSLIOP::CredentialsAcquirer::acquisition_arguments_ [private]
 

SSLIOP-specific credentials acquisition arguments.

Definition at line 125 of file SSLIOP_CredentialsAcquirer.h.

Referenced by get_credentials().

TAO::SL3::CredentialsCurator_var TAO::SSLIOP::CredentialsAcquirer::curator_ [private]
 

Reference to the TAO CredentialsCurator implementation.

Definition at line 122 of file SSLIOP_CredentialsAcquirer.h.

Referenced by destroy(), and get_credentials().

bool TAO::SSLIOP::CredentialsAcquirer::destroyed_ [private]
 

Has this CredentialsAcquirer object completed credentials acquisition or been explicitly destroyed?

Definition at line 129 of file SSLIOP_CredentialsAcquirer.h.

Referenced by check_validity(), and destroy().

TAO_SYNCH_MUTEX TAO::SSLIOP::CredentialsAcquirer::lock_ [private]
 

Lock used for synchronization.

Definition at line 119 of file SSLIOP_CredentialsAcquirer.h.

The documentation for this class was generated from the following files:
Generated on Sun Jan 27 16:14:19 2008 for TAO_SSLIOP by doxygen 1.3.6