TAO::IIOP_SSL_Transport

TAO::IIOP_SSL_Transport Class Reference

IIOP Transport designed to be "SSL aware," i.e. it is aware of the existence of the SSLIOP Transport. It makes sure that SSL session state from a previous connection is not associated with the non-SSL connection handled by this handler. More...

#include <IIOP_SSL_Transport.h>

Inheritance diagram for TAO::IIOP_SSL_Transport:

Inheritance graph
[legend]
Collaboration diagram for TAO::IIOP_SSL_Transport:

Collaboration graph
[legend]
List of all members.

Overridden Template Methods

Please check the documentation in "tao/Transport.h" for more details.

virtual int handle_input (TAO_Resume_Handle &rh, ACE_Time_Value *max_wait_time=0)
TAO::SSLIOP::Current_var current_
 Reference to the TAO::SSLIOP::Current object.

Public Member Functions

 IIOP_SSL_Transport (IIOP_SSL_Connection_Handler *handler, TAO_ORB_Core *orb_core)
 Constructor.
 ~IIOP_SSL_Transport (void)
 Default destructor.

Detailed Description

IIOP Transport designed to be "SSL aware," i.e. it is aware of the existence of the SSLIOP Transport. It makes sure that SSL session state from a previous connection is not associated with the non-SSL connection handled by this handler.

However, this class overrides the handle_input() method to invalidate the current TSS SSL state during a standard IIOP (insecure) upcall. This prevents SSL session state from a previous SSL connection from being associated with non-SSL connections processed by this connection handler. In particular, this is very important for closing a security hole in nested upcalls. For example, an SSLIOP request is made. During that secure upcall, an insecure nested upcall is made. A naive implementation would associate the TSS SSL state from the secure upcall with the insecure upcall. This implementation closes that security hole.

Definition at line 57 of file IIOP_SSL_Transport.h.

Constructor & Destructor Documentation

TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::IIOP_SSL_Transport::IIOP_SSL_Transport ( IIOP_SSL_Connection_Handler handler,
TAO_ORB_Core orb_core 
)

Constructor.

Definition at line 17 of file IIOP_SSL_Transport.cpp.

References TAO::SSLIOP::Util::current().

00020   : TAO_IIOP_Transport (handler, orb_core)
00021 {
00022   this->current_ =
00023     TAO::SSLIOP::Util::current (orb_core);
00024 }

TAO::IIOP_SSL_Transport::~IIOP_SSL_Transport ( void   ) 

Default destructor.

Definition at line 26 of file IIOP_SSL_Transport.cpp.

References ~IIOP_SSL_Transport().

Referenced by ~IIOP_SSL_Transport().

00027 {
00028 }

Member Function Documentation

int TAO::IIOP_SSL_Transport::handle_input ( TAO_Resume_Handle rh,
ACE_Time_Value max_wait_time = 0 
) [virtual]

Reimplemented from TAO_Transport.

Definition at line 31 of file IIOP_SSL_Transport.cpp.

References TAO_Transport::handle_input(), and handle_input().

Referenced by handle_input().

00033 {
00034   int result = 0;
00035 
00036   // Invalidate the TSS SSL session state to make sure that SSL state
00037   // from a previous SSL connection is not confused with this non-SSL
00038   // connection.
00039   TAO::Null_SSL_State_Guard guard (this->current_.in (), result);
00040 
00041   if (result != 0)
00042     return -1;
00043 
00044   return this->TAO_IIOP_Transport::handle_input (rh, max_wait_time);
00045 }

Member Data Documentation

TAO::SSLIOP::Current_var TAO::IIOP_SSL_Transport::current_ [protected]

Reference to the TAO::SSLIOP::Current object.

Definition at line 78 of file IIOP_SSL_Transport.h.

The documentation for this class was generated from the following files:
Generated on Tue Feb 2 17:48:54 2010 for TAO_SSLIOP by  doxygen 1.4.7