TAO::SSLIOP_Credentials Class Reference

SSLIOP-specific implementation of the SecurityLevel3::Credentials interface. More...

#include <SSLIOP_Credentials.h>

Inheritance diagram for TAO::SSLIOP_Credentials:

[legend]Collaboration diagram for TAO::SSLIOP_Credentials:

[legend]List of all members.

Public Types
typedef SSLIOP::Credentials_ptr	_ptr_type
typedef SSLIOP::Credentials_var	_var_type
typedef SSLIOP::Credentials_out	_out_type
Public Member Functions
	SSLIOP_Credentials (::X509 *cert,::EVP_PKEY *evp)
	Constructor.
::EVP_PKEY *	evp (void)
	Return a pointer to the underlying private key.
bool	operator== (const SSLIOP_Credentials &rhs)
CORBA::ULong	hash (void) const
SecurityLevel3::Credentials Methods
Methods required by the SecurityLevel3::Credentials interface.
virtual char *	creds_id (void)
virtual SecurityLevel3::CredentialsType	creds_type (void)=0
virtual SecurityLevel3::CredentialsUsage	creds_usage ()
virtual TimeBase::UtcT	expiry_time (void)
virtual SecurityLevel3::CredentialsState	creds_state ()
virtual char *	add_relinquished_listener (SecurityLevel3::RelinquishedCredentialsListener_ptr listener)
virtual void	remove_relinquished_listener (const char *id)
SecurityLevel3::Credentials Methods
::X509 *	x509 (void)
	Return a pointer to the underlying X.509 certificate.
Static Public Member Functions
static SSLIOP::Credentials_ptr	_duplicate (SSLIOP::Credentials_ptr obj)
static SSLIOP::Credentials_ptr	_narrow (CORBA::Object_ptr obj)
static SSLIOP::Credentials_ptr	_nil (void)
Protected Member Functions
	~SSLIOP_Credentials (void)
	Destructor.
Protected Attributes
SSLIOP::X509_var	x509_
SSLIOP::EVP_PKEY_var	evp_
CORBA::String_var	id_
	Credentials Identifier.
SecurityLevel3::CredentialsUsage	creds_usage_
	The intended usage of the Credentials.
TimeBase::UtcT	expiry_time_
	The time these Credentials expire.
SecurityLevel3::CredentialsState	creds_state_
	The validity of the Credentials.

---

Detailed Description

SSLIOP-specific implementation of the SecurityLevel3::Credentials interface.

This class encapsulates the X.509 certificate associated with a given a principal.

Note:

Why is this class not the TAO::SSLIOP namespace? Because brain damaged MSVC++ 6 cannot call a base class constructor of class declared in a namespace that is more than one level deep in a sub-class base member initializer list.

Definition at line 58 of file SSLIOP_Credentials.h.

---

Member Typedef Documentation

typedef SSLIOP::Credentials_out TAO::SSLIOP_Credentials::_out_type

Reimplemented from CORBA::LocalObject.

Definition at line 65 of file SSLIOP_Credentials.h.

typedef SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_ptr_type

Reimplemented from CORBA::LocalObject.

Definition at line 63 of file SSLIOP_Credentials.h.

typedef SSLIOP::Credentials_var TAO::SSLIOP_Credentials::_var_type

Reimplemented from CORBA::LocalObject.

Definition at line 64 of file SSLIOP_Credentials.h.

---

Constructor & Destructor Documentation

TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP_Credentials::SSLIOP_Credentials	(	::X509 *	cert,
		::EVP_PKEY *	evp
	)

Constructor.

Definition at line 19 of file SSLIOP_Credentials.cpp.

References ACE_SIZEOF_LONG_LONG, ACE_UINT64_LITERAL, ACE_String_Base< CHAR >::c_str(), expiry_time_, id_, SSLIOP_Credentials(), and CORBA::string_dup().

Referenced by SSLIOP_Credentials().

  : x509_ (TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (cert)),
    evp_ (TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (evp)),
    id_ (),
    creds_usage_ (SecurityLevel3::CU_Indefinite),
    expiry_time_ (),
    creds_state_ (SecurityLevel3::CS_Invalid)
{
  ::X509 *x = cert;

  if (x != 0)
    {
      // We use the X.509 certificate's serial number as the
      // credentials Id.
      BIGNUM * bn = ASN1_INTEGER_to_BN (::X509_get_serialNumber (x), 0);
      if (BN_is_zero (bn))
        this->id_ = CORBA::string_dup ("X509: 00");
      else
        {
          char * id = BN_bn2hex (bn);

          ACE_CString s =
            ACE_CString ("X509: ")
            + ACE_CString (const_cast<const char *> (id));

          this->id_ = CORBA::string_dup (s.c_str ());

#ifdef OPENSSL_free
          OPENSSL_free (id);
#else
          // Older versions of OpenSSL didn't define the OpenSSL
          // macro.
          CRYPTO_free (id);
#endif  /* OPENSSL_free */
        }
      BN_free (bn);

      // -------------------------------------------

      TimeBase::UtcT & t = this->expiry_time_;

      const ASN1_TIME * exp = X509_get_notAfter (x);

      if (exp->length > ACE_SIZEOF_LONG_LONG)
        {
          // @@ Will this ever happen?

          // Overflow!
          t.time = ACE_UINT64_LITERAL (0xffffffffffffffff);
        }
      else
        {
          t.time = 0;
          for (int i = 0; i < exp->length; ++i)
            {
              t.time <<= 8;
              t.time |= (unsigned char) exp->data[i];
            }
        }
    }
}

TAO::SSLIOP_Credentials::~SSLIOP_Credentials

(

void

)

[protected]

Destructor.

Protected destructor to enforce proper memory management through the reference counting mechanism.

Definition at line 81 of file SSLIOP_Credentials.cpp.

References ~SSLIOP_Credentials().

Referenced by ~SSLIOP_Credentials().

{
}

---

Member Function Documentation

static SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_duplicate

(

SSLIOP::Credentials_ptr

obj

)

[static]

TAO::SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_narrow

(

CORBA::Object_ptr

obj

)

[static]

Reimplemented from CORBA::LocalObject.

Definition at line 200 of file SSLIOP_Credentials.cpp.

References TAO::SSLIOP::_duplicate(), and _narrow().

Referenced by _narrow().

{
  return  TAO::SSLIOP_Credentials::_duplicate (
              dynamic_cast<TAO::SSLIOP_Credentials *> (obj));
}

static SSLIOP::Credentials_ptr TAO::SSLIOP_Credentials::_nil

(

void

)

[inline, static]

Reimplemented from CORBA::LocalObject.

Definition at line 122 of file SSLIOP_Credentials.h.

      {
        return (SSLIOP::Credentials_ptr) 0;
      }

char * TAO::SSLIOP_Credentials::add_relinquished_listener

(

SecurityLevel3::RelinquishedCredentialsListener_ptr

listener

)

[virtual]

Definition at line 148 of file SSLIOP_Credentials.cpp.

References add_relinquished_listener().

Referenced by add_relinquished_listener().

{
  throw CORBA::NO_IMPLEMENT ();
}

char * TAO::SSLIOP_Credentials::creds_id

(

void

)

[virtual]

Definition at line 86 of file SSLIOP_Credentials.cpp.

References creds_id(), and CORBA::string_dup().

Referenced by creds_id().

{
  return CORBA::string_dup (this->id_.in ());
}

SecurityLevel3::CredentialsState TAO::SSLIOP_Credentials::creds_state

(

)

[virtual]

Definition at line 104 of file SSLIOP_Credentials.cpp.

References creds_state(), creds_state_, and x509_.

Referenced by creds_state().

{
  const ::X509 *x = this->x509_.in ();

  // The pointer to the underlying X509 structure should only be zero
  // if destroy() was called on this Credentials object.
  if (x == 0)
    throw CORBA::BAD_OPERATION ();

  if (this->creds_state_ == SecurityLevel3::CS_Valid)
    {
      // Make sure the X.509 certificate is still valid.

      const int after_status =
        ::X509_cmp_current_time (X509_get_notAfter (x));

      if (after_status == 0)
        {
          // Error in certificate's "not after" field.
          throw CORBA::BAD_PARAM ();
        }
      else if (after_status > 0)     // Certificate has expired.
        this->creds_state_ = SecurityLevel3::CS_Expired;
    }
  else if (this->creds_state_ == SecurityLevel3::CS_Invalid)
    {
      // Check if the X.509 certificate has become valid.

      const int before_status =
        ::X509_cmp_current_time (X509_get_notBefore (x));

      if (before_status == 0)
        {
          // Error in certificate's "not before" field.
          throw CORBA::BAD_PARAM ();
        }
      else if (before_status < 0)     // Certificate is now valid.
        this->creds_state_ = SecurityLevel3::CS_Valid;
    }

  return this->creds_state_;
}

virtual SecurityLevel3::CredentialsType TAO::SSLIOP_Credentials::creds_type

(

void

)

[pure virtual]

Referenced by operator==().

SecurityLevel3::CredentialsUsage TAO::SSLIOP_Credentials::creds_usage

(

)

[virtual]

Definition at line 92 of file SSLIOP_Credentials.cpp.

References creds_usage().

Referenced by creds_usage().

{
  return SecurityLevel3::CU_Indefinite;
}

ACE_INLINE::EVP_PKEY * TAO::SSLIOP_Credentials::evp

(

void

)

Return a pointer to the underlying private key.

Returns:

Non-zero value if private key is used.

Note:

Caller owns the returned object. Use a TAO::SSLIOP::EVP_PKEY_var.

Definition at line 15 of file SSLIOP_Credentials.inl.

References TAO::SSLIOP::_duplicate(), and evp().

Referenced by evp().

{
  return
    TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::_duplicate (this->evp_.in ());
}

TimeBase::UtcT TAO::SSLIOP_Credentials::expiry_time

(

void

)

[virtual]

Definition at line 98 of file SSLIOP_Credentials.cpp.

References expiry_time(), and expiry_time_.

Referenced by expiry_time().

{
  return this->expiry_time_;
}

CORBA::ULong TAO::SSLIOP_Credentials::hash

(

void

)

const

Definition at line 192 of file SSLIOP_Credentials.cpp.

References hash(), x509(), and x509_.

Referenced by hash().

{
  ::X509 * x509 = this->x509_.in ();

  return (x509 == 0 ? 0 : ::X509_issuer_name_hash (x509));
}

bool TAO::SSLIOP_Credentials::operator==

(

const SSLIOP_Credentials &

rhs

)

Definition at line 161 of file SSLIOP_Credentials.cpp.

References creds_type(), creds_usage_, and x509_.

{
  ::X509 * xa = this->x509_.in ();
  ::X509 * xb = rhs.x509_.in ();
  // EVP_PKEY *ea = this->evp_.in ();
  // EVP_PKEY *eb = rhs.evp_.in ();

  // No need for a full blown ACE_TRY/CATCH block.

  const SecurityLevel3::CredentialsType lct =
    this->creds_type ();

  const SecurityLevel3::CredentialsType rct =
    const_cast<TAO::SSLIOP_Credentials &> (rhs).creds_type ();

  // Don't bother check the creds_id and expiry_time attributes.  They
  // are checked implicitly by the below X509_cmp() call.
  //
  // Additionally, the creds_state attribute is not included in the
  // check since it is not considered important when distinguishing
  // between two Credentials.

  return
    lct == rct
    && this->creds_usage_ == rhs.creds_usage_
    && ((xa == xb) || (xa != 0 && xb != 0 && ::X509_cmp (xa, xb) == 0))
//     && ((ea == eb) || (ea != 0 && eb != 0 && ::EVP_PKEY_cmp (ea, eb) == 0))
    ;
}

void TAO::SSLIOP_Credentials::remove_relinquished_listener

(

const char *

id

)

[virtual]

Definition at line 155 of file SSLIOP_Credentials.cpp.

References remove_relinquished_listener().

Referenced by remove_relinquished_listener().

{
  throw CORBA::NO_IMPLEMENT ();
}

TAO_BEGIN_VERSIONED_NAMESPACE_DECL ACE_INLINE::X509 * TAO::SSLIOP_Credentials::x509

(

void

)

Return a pointer to the underlying X.509 certificate.

Note:

Caller owns the returned object. Use a TAO::SSLIOP::X509_var.

Definition at line 8 of file SSLIOP_Credentials.inl.

References TAO::SSLIOP::_duplicate(), and x509().

Referenced by hash(), and x509().

{
  return
    TAO::SSLIOP::OpenSSL_traits< ::X509 >::_duplicate (this->x509_.in ());
}

---

Member Data Documentation

SecurityLevel3::CredentialsState TAO::SSLIOP_Credentials::creds_state_ [protected]

The validity of the Credentials.

Definition at line 158 of file SSLIOP_Credentials.h.

Referenced by creds_state().

SecurityLevel3::CredentialsUsage TAO::SSLIOP_Credentials::creds_usage_ [protected]

The intended usage of the Credentials.

Definition at line 152 of file SSLIOP_Credentials.h.

Referenced by operator==().

SSLIOP::EVP_PKEY_var TAO::SSLIOP_Credentials::evp_ [protected]

Reference to the private key associated with the X.509 certificate.

Definition at line 146 of file SSLIOP_Credentials.h.

TimeBase::UtcT TAO::SSLIOP_Credentials::expiry_time_ [protected]

The time these Credentials expire.

Definition at line 155 of file SSLIOP_Credentials.h.

Referenced by expiry_time(), and SSLIOP_Credentials().

CORBA::String_var TAO::SSLIOP_Credentials::id_ [protected]

Credentials Identifier.

Definition at line 149 of file SSLIOP_Credentials.h.

Referenced by SSLIOP_Credentials().

SSLIOP::X509_var TAO::SSLIOP_Credentials::x509_ [protected]

Reference to the X.509 certificate associated with this SSLIOP Credentials object.

Definition at line 142 of file SSLIOP_Credentials.h.

Referenced by creds_state(), hash(), and operator==().

---

The documentation for this class was generated from the following files:

• SSLIOP_Credentials.h
• SSLIOP_Credentials.cpp
• SSLIOP_Credentials.inl

---