#include <SSLIOP_CredentialsAcquirer.h>
Inheritance diagram for TAO::SSLIOP::CredentialsAcquirer:
Public Member Functions | |
| CredentialsAcquirer (TAO::SL3::CredentialsCurator_ptr curator, const CORBA::Any &acquisition_arguments) | |
| Constructor. | |
SecurityLevel3::CredentialsAcquirer Methods | |
Methods required by the SecurityLevel3::CredentialsAcquirer interface. | |
| virtual char * | acquisition_method (void) |
| virtual SecurityLevel3::AcquisitionStatus | current_status () |
| virtual CORBA::ULong | nth_iteration (void) |
| virtual CORBA::Any * | get_continuation_data (void) |
| virtual SecurityLevel3::AcquisitionStatus | continue_acquisition (const CORBA::Any &acquisition_arguments) |
| virtual SecurityLevel3::OwnCredentials_ptr | get_credentials (CORBA::Boolean on_list) |
| virtual void | destroy (void) |
Protected Member Functions | |
| ~CredentialsAcquirer (void) | |
| Destructor. | |
Private Member Functions | |
| void | check_validity (void) |
Static Private Member Functions | |
| ::X509 * | make_X509 (const ::SSLIOP::File &certificate) |
| Create an OpenSSL X.509 certificate data structure. | |
| ::EVP_PKEY * | make_EVP_PKEY (const ::SSLIOP::File &key) |
| Create an OpenSSL EVP_PKEY key data structure. | |
Private Attributes | |
| TAO_SYNCH_MUTEX | lock_ |
| Lock used for synchronization. | |
| TAO::SL3::CredentialsCurator_var | curator_ |
| Reference to the TAO CredentialsCurator implementation. | |
| const CORBA::Any & | acquisition_arguments_ |
| SSLIOP-specific credentials acquisition arguments. | |
| bool | destroyed_ |
This class generates SSLIOP-specific credentials.
Definition at line 61 of file SSLIOP_CredentialsAcquirer.h.
| TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP::CredentialsAcquirer::CredentialsAcquirer | ( | TAO::SL3::CredentialsCurator_ptr | curator, | |
| const CORBA::Any & | acquisition_arguments | |||
| ) |
Constructor.
Definition at line 78 of file SSLIOP_CredentialsAcquirer.cpp.
00081 : lock_ (), 00082 curator_ (TAO::SL3::CredentialsCurator::_duplicate (curator)), 00083 acquisition_arguments_ (acquisition_arguments), 00084 destroyed_ (false) 00085 { 00086 }
| TAO::SSLIOP::CredentialsAcquirer::~CredentialsAcquirer | ( | void | ) | [protected] |
Destructor.
Protected destructor to enforce proper memory management through the reference counting mechanism.
Definition at line 88 of file SSLIOP_CredentialsAcquirer.cpp.
| char * TAO::SSLIOP::CredentialsAcquirer::acquisition_method | ( | void | ) | [virtual] |
Definition at line 93 of file SSLIOP_CredentialsAcquirer.cpp.
References check_validity(), and CORBA::string_dup().
00094 { 00095 this->check_validity (); 00096 00097 return CORBA::string_dup ("SL3TLS"); 00098 }
| void TAO::SSLIOP::CredentialsAcquirer::check_validity | ( | void | ) | [private] |
Verify that this CredentialsAcquirer object is still valid, i.e. hasn't been destroyed.
Definition at line 200 of file SSLIOP_CredentialsAcquirer.cpp.
References ACE_GUARD, and TAO_SYNCH_MUTEX.
Referenced by acquisition_method(), current_status(), destroy(), get_credentials(), and nth_iteration().
00201 { 00202 ACE_GUARD (TAO_SYNCH_MUTEX, 00203 guard, 00204 this->lock_); 00205 00206 if (this->destroyed_) 00207 throw CORBA::BAD_INV_ORDER (); 00208 }
| SecurityLevel3::AcquisitionStatus TAO::SSLIOP::CredentialsAcquirer::continue_acquisition | ( | const CORBA::Any & | acquisition_arguments | ) | [virtual] |
Definition at line 126 of file SSLIOP_CredentialsAcquirer.cpp.
00128 { 00129 // SSL/TLS credentials acquisition does generate continuation data. 00130 throw CORBA::BAD_INV_ORDER (); 00131 }
| SecurityLevel3::AcquisitionStatus TAO::SSLIOP::CredentialsAcquirer::current_status | ( | ) | [virtual] |
Definition at line 101 of file SSLIOP_CredentialsAcquirer.cpp.
References check_validity().
00102 { 00103 this->check_validity (); 00104 00105 return SecurityLevel3::AQST_Succeeded; // @@ Really? 00106 }
| void TAO::SSLIOP::CredentialsAcquirer::destroy | ( | void | ) | [virtual] |
Definition at line 182 of file SSLIOP_CredentialsAcquirer.cpp.
References ACE_GUARD, check_validity(), destroyed_, and TAO_SYNCH_MUTEX.
Referenced by get_credentials().
00183 { 00184 this->check_validity (); 00185 00186 ACE_GUARD (TAO_SYNCH_MUTEX, 00187 guard, 00188 this->lock_); 00189 00190 if (!this->destroyed_) 00191 { 00192 this->destroyed_ = true; 00193 00194 // Release our reference to the CredentialsCurator. 00195 (void) this->curator_.out (); 00196 } 00197 }
| CORBA::Any * TAO::SSLIOP::CredentialsAcquirer::get_continuation_data | ( | void | ) | [virtual] |
Definition at line 119 of file SSLIOP_CredentialsAcquirer.cpp.
00120 { 00121 // SSL/TLS credentials acquisition does generate continuation data. 00122 throw CORBA::BAD_INV_ORDER (); 00123 }
| SecurityLevel3::OwnCredentials_ptr TAO::SSLIOP::CredentialsAcquirer::get_credentials | ( | CORBA::Boolean | on_list | ) | [virtual] |
Definition at line 134 of file SSLIOP_CredentialsAcquirer.cpp.
References ACE_DEBUG, ACE_NEW_THROW_EX, ACE_TEXT(), check_validity(), curator_, destroy(), TAO::SSLIOP::OpenSSL_st_var< T >::in(), LM_ERROR, make_EVP_PKEY(), make_X509(), and TAO_debug_level.
00135 { 00136 this->check_validity (); 00137 00138 ::SSLIOP::AuthData *data = 0; 00139 00140 if (!(this->acquisition_arguments_ >>= data)) 00141 throw CORBA::BAD_PARAM (); 00142 00143 TAO::SSLIOP::X509_var x509 = this->make_X509 (data->certificate); 00144 00145 if (x509.in () == 0) 00146 throw CORBA::BAD_PARAM (); 00147 00148 TAO::SSLIOP::EVP_PKEY_var evp = this->make_EVP_PKEY (data->key); 00149 00150 if (evp.in () == 0) 00151 throw CORBA::BAD_PARAM (); 00152 00153 // Verify that the private key is consistent with the certificate. 00154 if (::X509_check_private_key (x509.in (), evp.in ()) != 1) 00155 { 00156 if (TAO_debug_level > 0) 00157 ACE_DEBUG ((LM_ERROR, 00158 ACE_TEXT ("(%P|%t) ERROR: Private key is not ") 00159 ACE_TEXT ("consistent with X.509 certificate"))); 00160 00161 throw CORBA::BAD_PARAM (); 00162 } 00163 00164 TAO::SSLIOP::OwnCredentials * creds = 0; 00165 ACE_NEW_THROW_EX (creds, 00166 TAO::SSLIOP::OwnCredentials (x509.in (), evp.in ()), 00167 CORBA::NO_MEMORY ()); 00168 00169 SecurityLevel3::OwnCredentials_var credentials = creds; 00170 00171 if (on_list) 00172 { 00173 this->curator_->_tao_add_own_credentials (creds); 00174 } 00175 00176 this->destroy (); 00177 00178 return credentials._retn (); 00179 }
| EVP_PKEY * TAO::SSLIOP::CredentialsAcquirer::make_EVP_PKEY | ( | const ::SSLIOP::File & | key | ) | [static, private] |
Create an OpenSSL EVP_PKEY key data structure.
Definition at line 287 of file SSLIOP_CredentialsAcquirer.cpp.
References ACE_ERROR, ACE_TEXT(), SSLIOP::ASN1, ACE_OS::fclose(), ACE_OS::fopen(), LM_ERROR, TAO_debug_level, and TAO_SSLIOP_PASSWORD_CALLBACK_NAME.
Referenced by get_credentials().
00288 { 00289 // No password is used or needed when reading ASN.1 encoded 00290 // private keys. 00291 00292 const char *filename = key.filename.in (); 00293 00294 if (filename == 0) 00295 return 0; 00296 00297 FILE *fp = 0; 00298 ::EVP_PKEY *evp = 0; 00299 00300 if (key.type == ::SSLIOP::ASN1) 00301 { 00302 // ASN.1/DER encoded private key 00303 00304 // No password is used or needed when reading ASN.1 encoded 00305 // private keys. 00306 00307 const char *filename = key.filename.in (); 00308 00309 if (filename == 0) 00310 return 0; 00311 00312 fp = ACE_OS::fopen (filename, "rb"); 00313 00314 if (fp == 0) 00315 { 00316 if (TAO_debug_level > 0) 00317 ACE_ERROR ((LM_ERROR, 00318 ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ") 00319 ACE_TEXT ("- %p\n"), 00320 ACE_TEXT ("fopen"))); 00321 00322 return 0; 00323 } 00324 00325 // Read ASN.1 / DER encoded private key from a file, and convert 00326 // it to OpenSSL's internal private key format. 00327 evp = ::d2i_PrivateKey_fp (fp, 0); 00328 } 00329 else 00330 { 00331 // PEM encoded private key 00332 00333 fp = ACE_OS::fopen (filename, "r"); 00334 00335 if (fp == 0) 00336 { 00337 if (TAO_debug_level > 0) 00338 ACE_ERROR ((LM_ERROR, 00339 ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_EVP_PKEY ") 00340 ACE_TEXT ("- %p\n"), 00341 ACE_TEXT ("fopen"))); 00342 00343 return 0; 00344 } 00345 00346 const char *password = key.password.in (); 00347 00348 // Read PEM encoded private key from a file, and convert it to 00349 // OpenSSL's internal private key format. 00350 evp = PEM_read_PrivateKey (fp, 00351 0, 00352 TAO_SSLIOP_PASSWORD_CALLBACK_NAME, 00353 const_cast<char *> (password)); 00354 } 00355 00356 (void) ACE_OS::fclose (fp); 00357 00358 if (evp == 0 && TAO_debug_level > 0) 00359 ACE_SSL_Context::report_error (); 00360 00361 return evp; 00362 }
| X509 * TAO::SSLIOP::CredentialsAcquirer::make_X509 | ( | const ::SSLIOP::File & | certificate | ) | [static, private] |
Create an OpenSSL X.509 certificate data structure.
Definition at line 211 of file SSLIOP_CredentialsAcquirer.cpp.
References ACE_ERROR, ACE_TEXT(), SSLIOP::ASN1, ACE_OS::fclose(), ACE_OS::fopen(), LM_ERROR, TAO_debug_level, and TAO_SSLIOP_PASSWORD_CALLBACK_NAME.
Referenced by get_credentials().
00212 { 00213 // No password is used or needed when reading ASN.1 encoded 00214 // certificates. 00215 00216 const char *filename = certificate.filename.in (); 00217 00218 if (filename == 0) 00219 return 0; 00220 00221 FILE *fp = 0; 00222 ::X509 *x = 0; 00223 00224 if (certificate.type == ::SSLIOP::ASN1) 00225 { 00226 // ASN.1/DER encoded certificate 00227 00228 // No password is used or needed when reading ASN.1 encoded 00229 // certificates. 00230 00231 const char *filename = certificate.filename.in (); 00232 00233 if (filename == 0) 00234 return 0; 00235 00236 fp = ACE_OS::fopen (filename, "rb"); 00237 00238 if (fp == 0) 00239 { 00240 if (TAO_debug_level > 0) 00241 ACE_ERROR ((LM_ERROR, 00242 ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"), 00243 ACE_TEXT ("fopen"))); 00244 00245 return 0; 00246 } 00247 00248 // Read ASN.1 / DER encoded X.509 certificate from a file, and 00249 // convert it to OpenSSL's internal X.509 format. 00250 x = ::d2i_X509_fp (fp, 0); 00251 } 00252 else 00253 { 00254 // PEM encoded certificate 00255 00256 fp = ACE_OS::fopen (filename, "r"); 00257 00258 if (fp == 0) 00259 { 00260 if (TAO_debug_level > 0) 00261 ACE_ERROR ((LM_ERROR, 00262 ACE_TEXT ("(%P|%t) SSLIOP::CredentialsAcquirer::make_X509 - %p\n"), 00263 ACE_TEXT ("fopen"))); 00264 00265 return 0; 00266 } 00267 00268 const char *password = certificate.password.in (); 00269 00270 // Read PEM encoded X.509 certificate from a file, and convert 00271 // it to OpenSSL's internal X.509 format. 00272 x = PEM_read_X509 (fp, 00273 0, 00274 TAO_SSLIOP_PASSWORD_CALLBACK_NAME, 00275 const_cast<char *> (password)); 00276 } 00277 00278 (void) ACE_OS::fclose (fp); 00279 00280 if (x == 0 && TAO_debug_level > 0) 00281 ACE_SSL_Context::report_error (); 00282 00283 return x; 00284 }
| CORBA::ULong TAO::SSLIOP::CredentialsAcquirer::nth_iteration | ( | void | ) | [virtual] |
Definition at line 109 of file SSLIOP_CredentialsAcquirer.cpp.
References check_validity().
00110 { 00111 this->check_validity (); 00112 00113 // SSL/TLS credentials is single-step process from the point-of-view 00114 // of the caller. 00115 return 1; 00116 }
const CORBA::Any& TAO::SSLIOP::CredentialsAcquirer::acquisition_arguments_ [private] |
SSLIOP-specific credentials acquisition arguments.
Definition at line 125 of file SSLIOP_CredentialsAcquirer.h.
Reference to the TAO CredentialsCurator implementation.
Definition at line 122 of file SSLIOP_CredentialsAcquirer.h.
Referenced by get_credentials().
bool TAO::SSLIOP::CredentialsAcquirer::destroyed_ [private] |
Has this CredentialsAcquirer object completed credentials acquisition or been explicitly destroyed?
Definition at line 129 of file SSLIOP_CredentialsAcquirer.h.
Referenced by destroy().
1.4.7