TAO::SSLIOP_Credentials Class Reference

SSLIOP-specific implementation of the SecurityLevel3::Credentials interface. More...

#include <SSLIOP_Credentials.h>

Inheritance diagram for TAO::SSLIOP_Credentials:

[legend]Collaboration diagram for TAO::SSLIOP_Credentials:

[legend]List of all members.

Public Types
typedef SSLIOP::Credentials_ptr	_ptr_type
typedef SSLIOP::Credentials_var	_var_type
typedef SSLIOP::Credentials_out	_out_type
Public Member Functions
	SSLIOP_Credentials (::X509 *cert,::EVP_PKEY *evp)
	Constructor.
::EVP_PKEY *	evp (void)
	Return a pointer to the underlying private key.
bool	operator== (const SSLIOP_Credentials &rhs)
CORBA::ULong	hash (void) const
SecurityLevel3::Credentials Methods
Methods required by the SecurityLevel3::Credentials interface.
virtual char *	creds_id (void)
virtual SecurityLevel3::CredentialsType	creds_type (void)=0
virtual SecurityLevel3::CredentialsUsage	creds_usage ()
virtual TimeBase::UtcT	expiry_time (void)
virtual SecurityLevel3::CredentialsState	creds_state ()
virtual char *	add_relinquished_listener (SecurityLevel3::RelinquishedCredentialsListener_ptr listener)
virtual void	remove_relinquished_listener (const char *id)
::X509 *	x509 (void)
	Return a pointer to the underlying X.509 certificate.
Static Public Member Functions
SSLIOP::Credentials_ptr	_duplicate (SSLIOP::Credentials_ptr obj)
SSLIOP::Credentials_ptr	_narrow (CORBA::Object_ptr obj)
SSLIOP::Credentials_ptr	_nil (void)
Protected Member Functions
	~SSLIOP_Credentials (void)
	Destructor.
Protected Attributes
SSLIOP::X509_var	x509_
SSLIOP::EVP_PKEY_var	evp_
CORBA::String_var	id_
	Credentials Identifier.
SecurityLevel3::CredentialsUsage	creds_usage_
	The intended usage of the Credentials.
TimeBase::UtcT	expiry_time_
	The time these Credentials expire.
SecurityLevel3::CredentialsState	creds_state_
	The validity of the Credentials.

---

Detailed Description

SSLIOP-specific implementation of the SecurityLevel3::Credentials interface.

This class encapsulates the X.509 certificate associated with a given a principal.

Note:

Why is this class not the TAO::SSLIOP namespace? Because brain damaged MSVC++ 6 cannot call a base class constructor of class declared in a namespace that is more than one level deep in a sub-class base member initializer list.

Definition at line 58 of file SSLIOP_Credentials.h.

---

Member Typedef Documentation

typedef SSLIOP::Credentials_out TAO::SSLIOP_Credentials::_out_type

Reimplemented from CORBA::LocalObject. Reimplemented in TAO::SSLIOP::OwnCredentials. Definition at line 65 of file SSLIOP_Credentials.h.

typedef SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_ptr_type

Reimplemented from CORBA::LocalObject. Reimplemented in TAO::SSLIOP::OwnCredentials. Definition at line 63 of file SSLIOP_Credentials.h.

typedef SSLIOP::Credentials_var TAO::SSLIOP_Credentials::_var_type

Reimplemented from CORBA::LocalObject. Reimplemented in TAO::SSLIOP::OwnCredentials. Definition at line 64 of file SSLIOP_Credentials.h.

---

Constructor & Destructor Documentation

TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP_Credentials::SSLIOP_Credentials (  ::X509 *  cert, ::EVP_PKEY *  evp )

Constructor. Definition at line 19 of file SSLIOP_Credentials.cpp. References ACE_CString, ACE_SIZEOF_LONG_LONG, ACE_UINT64_LITERAL, EVP_PKEY, expiry_time_, CORBA::string_dup(), TimeBase::UtcT::time, and X509. : x509_ (TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (cert)), evp_ (TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (evp)), id_ (), creds_usage_ (SecurityLevel3::CU_Indefinite), expiry_time_ (), creds_state_ (SecurityLevel3::CS_Invalid) { ::X509 *x = cert; if (x != 0) { // We use the X.509 certificate's serial number as the // credentials Id. BIGNUM * bn = ASN1_INTEGER_to_BN (::X509_get_serialNumber (x), 0); if (BN_is_zero (bn)) this->id_ = CORBA::string_dup ("X509: 00"); else { char * id = BN_bn2hex (bn); ACE_CString s = ACE_CString ("X509: ") + ACE_CString (const_cast<const char *> (id)); this->id_ = CORBA::string_dup (s.c_str ()); #ifdef OPENSSL_free OPENSSL_free (id); #else // Older versions of OpenSSL didn't define the OpenSSL // macro. CRYPTO_free (id); #endif /* OPENSSL_free */ } // ------------------------------------------- TimeBase::UtcT & t = this->expiry_time_; const ASN1_TIME * exp = X509_get_notAfter (x); if (exp->length > ACE_SIZEOF_LONG_LONG) { // @@ Will this ever happen? // Overflow! t.time = ACE_UINT64_LITERAL (0xffffffffffffffff); } else { t.time = 0; for (int i = 0; i < exp->length; ++i) { t.time <<= 8; t.time |= (unsigned char) exp->data[i]; } } } }

TAO::SSLIOP_Credentials::~SSLIOP_Credentials (  void   )  [protected]

Destructor. Protected destructor to enforce proper memory management through the reference counting mechanism. Definition at line 80 of file SSLIOP_Credentials.cpp. { }

---

Member Function Documentation

TAO::SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_duplicate (  SSLIOP::Credentials_ptr  obj  )  [static]

Definition at line 206 of file SSLIOP_Credentials.cpp. References TAO_Local_RefCounted_Object::_add_ref(), TAO::SSLIOP::Credentials_ptr, and CORBA::is_nil(). Referenced by _narrow(), and tao_TAO_SSLIOP_Credentials_duplicate(). { if (!CORBA::is_nil (obj)) obj->_add_ref (); return obj; }

TAO::SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_narrow (  CORBA::Object_ptr  obj  )  [static]

Reimplemented from CORBA::LocalObject. Reimplemented in TAO::SSLIOP::OwnCredentials. Definition at line 199 of file SSLIOP_Credentials.cpp. References _duplicate(). Referenced by tao_TAO_SSLIOP_Credentials_narrow(). { return TAO::SSLIOP_Credentials::_duplicate ( dynamic_cast<TAO::SSLIOP_Credentials *> (obj)); }

SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_nil (  void   )  [inline, static]

Reimplemented from CORBA::LocalObject. Reimplemented in TAO::SSLIOP::OwnCredentials. Definition at line 124 of file SSLIOP_Credentials.h. References TAO::SSLIOP::Credentials_ptr. Referenced by tao_TAO_SSLIOP_Credentials_nil(). { return (SSLIOP::Credentials_ptr) 0; }

char * TAO::SSLIOP_Credentials::add_relinquished_listener (  SecurityLevel3::RelinquishedCredentialsListener_ptr  listener  )  [virtual]

Definition at line 147 of file SSLIOP_Credentials.cpp. { throw CORBA::NO_IMPLEMENT (); }

char * TAO::SSLIOP_Credentials::creds_id (  void   )  [virtual]

Definition at line 85 of file SSLIOP_Credentials.cpp. References CORBA::string_dup(). { return CORBA::string_dup (this->id_.in ()); }

SecurityLevel3::CredentialsState TAO::SSLIOP_Credentials::creds_state (   )  [virtual]

Definition at line 103 of file SSLIOP_Credentials.cpp. References creds_state_, TAO::SSLIOP::OpenSSL_st_var< T >::in(), and x509_. { const ::X509 *x = this->x509_.in (); // The pointer to the underlying X509 structure should only be zero // if destroy() was called on this Credentials object. if (x == 0) throw CORBA::BAD_OPERATION (); if (this->creds_state_ == SecurityLevel3::CS_Valid) { // Make sure the X.509 certificate is still valid. const int after_status = ::X509_cmp_current_time (X509_get_notAfter (x)); if (after_status == 0) { // Error in certificate's "not after" field. throw CORBA::BAD_PARAM (); } else if (after_status > 0) // Certificate has expired. this->creds_state_ = SecurityLevel3::CS_Expired; } else if (this->creds_state_ == SecurityLevel3::CS_Invalid) { // Check if the X.509 certificate has become valid. const int before_status = ::X509_cmp_current_time (X509_get_notBefore (x)); if (before_status == 0) { // Error in certificate's "not before" field. throw CORBA::BAD_PARAM (); } else if (before_status < 0) // Certificate is now valid. this->creds_state_ = SecurityLevel3::CS_Valid; } return this->creds_state_; }

virtual SecurityLevel3::CredentialsType TAO::SSLIOP_Credentials::creds_type (  void   )  [pure virtual]

Implemented in TAO::SSLIOP::ClientCredentials, TAO::SSLIOP::OwnCredentials, and TAO::SSLIOP::TargetCredentials. Referenced by operator==().

SecurityLevel3::CredentialsUsage TAO::SSLIOP_Credentials::creds_usage (   )  [virtual]

Definition at line 91 of file SSLIOP_Credentials.cpp. { return SecurityLevel3::CU_Indefinite; }

ACE_INLINE::EVP_PKEY * TAO::SSLIOP_Credentials::evp (  void   )

Return a pointer to the underlying private key. Returns: Non-zero value if private key is used. Note: Caller owns the returned object. Use a TAO::SSLIOP::EVP_PKEY_var. Definition at line 15 of file SSLIOP_Credentials.inl. References TAO::SSLIOP::_duplicate(). { return TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (this->evp_.in ()); }

TimeBase::UtcT TAO::SSLIOP_Credentials::expiry_time (  void   )  [virtual]

Definition at line 97 of file SSLIOP_Credentials.cpp. References expiry_time_. { return this->expiry_time_; }

CORBA::ULong TAO::SSLIOP_Credentials::hash (  void   )  const

Definition at line 191 of file SSLIOP_Credentials.cpp. References TAO::SSLIOP::OpenSSL_st_var< T >::in(), x509(), and x509_. { ::X509 * x509 = this->x509_.in (); return (x509 == 0 ? 0 : ::X509_issuer_name_hash (x509)); }

bool TAO::SSLIOP_Credentials::operator== (  const SSLIOP_Credentials &  rhs  )

Definition at line 160 of file SSLIOP_Credentials.cpp. References creds_type(), creds_usage_, TAO::SSLIOP::OpenSSL_st_var< T >::in(), and x509_. { ::X509 * xa = this->x509_.in (); ::X509 * xb = rhs.x509_.in (); // EVP_PKEY *ea = this->evp_.in (); // EVP_PKEY *eb = rhs.evp_.in (); // No need for a full blown ACE_TRY/CATCH block. const SecurityLevel3::CredentialsType lct = this->creds_type (); const SecurityLevel3::CredentialsType rct = const_cast<TAO::SSLIOP_Credentials &> (rhs).creds_type (); // Don't bother check the creds_id and expiry_time attributes. They // are checked implicitly by the below X509_cmp() call. // // Additionally, the creds_state attribute is not included in the // check since it is not considered important when distinguishing // between two Credentials. return lct == rct && this->creds_usage_ == rhs.creds_usage_ && ((xa == xb) || (xa != 0 && xb != 0 && ::X509_cmp (xa, xb) == 0)) // && ((ea == eb) || (ea != 0 && eb != 0 && ::EVP_PKEY_cmp (ea, eb) == 0)) ; }

void TAO::SSLIOP_Credentials::remove_relinquished_listener (  const char *  id  )  [virtual]

Definition at line 154 of file SSLIOP_Credentials.cpp. { throw CORBA::NO_IMPLEMENT (); }

TAO_BEGIN_VERSIONED_NAMESPACE_DECL ACE_INLINE::X509 * TAO::SSLIOP_Credentials::x509 (  void   )

Return a pointer to the underlying X.509 certificate. Note: Caller owns the returned object. Use a TAO::SSLIOP::X509_var. Definition at line 8 of file SSLIOP_Credentials.inl. References TAO::SSLIOP::_duplicate(). Referenced by hash(). { return TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (this->x509_.in ()); }

---

Member Data Documentation

SecurityLevel3::CredentialsState TAO::SSLIOP_Credentials::creds_state_ [protected]

The validity of the Credentials. Definition at line 160 of file SSLIOP_Credentials.h. Referenced by creds_state().

SecurityLevel3::CredentialsUsage TAO::SSLIOP_Credentials::creds_usage_ [protected]

The intended usage of the Credentials. Definition at line 154 of file SSLIOP_Credentials.h. Referenced by operator==().

SSLIOP::EVP_PKEY_var TAO::SSLIOP_Credentials::evp_ [protected]

Reference to the private key associated with the X.509 certificate. Definition at line 148 of file SSLIOP_Credentials.h.

TimeBase::UtcT TAO::SSLIOP_Credentials::expiry_time_ [protected]

The time these Credentials expire. Definition at line 157 of file SSLIOP_Credentials.h. Referenced by expiry_time(), and SSLIOP_Credentials().

CORBA::String_var TAO::SSLIOP_Credentials::id_ [protected]

Credentials Identifier. Definition at line 151 of file SSLIOP_Credentials.h.

SSLIOP::X509_var TAO::SSLIOP_Credentials::x509_ [protected]

Reference to the X.509 certificate associated with this SSLIOP Credentials object. Definition at line 144 of file SSLIOP_Credentials.h. Referenced by creds_state(), hash(), and operator==().

---

The documentation for this class was generated from the following files:

• SSLIOP_Credentials.h
• SSLIOP_Credentials.cpp
• SSLIOP_Credentials.inl

---