IIOP_SSL_Transport.h

Go to the documentation of this file.
00001 // -*- C++ -*-
00002 
00003 //=============================================================================
00004 /**
00005  *  @file   IIOP_SSL_Transport.h
00006  *
00007  *  $Id: IIOP_SSL_Transport.h 79151 2007-08-01 09:04:36Z johnnyw $
00008  *
00009  *  @author Ossama Othman <ossama@uci.edu>
00010  */
00011 //=============================================================================
00012 
00013 
00014 #ifndef TAO_IIOP_SSL_TRANSPORT_H
00015 #define TAO_IIOP_SSL_TRANSPORT_H
00016 
00017 #include /**/ "ace/pre.h"
00018 
00019 #include "orbsvcs/SSLIOP/SSLIOP_Current.h"
00020 
00021 #if !defined (ACE_LACKS_PRAGMA_ONCE)
00022 #pragma once
00023 #endif /* ACE_LACKS_PRAGMA_ONCE */
00024 
00025 #include "tao/IIOP_Transport.h"
00026 
00027 TAO_BEGIN_VERSIONED_NAMESPACE_DECL
00028 
00029 class TAO_ORB_Core;
00030 class TAO_Resume_Handle;
00031 
00032 namespace TAO
00033 {
00034   class IIOP_SSL_Connection_Handler;
00035 
00036   /**
00037    * @class IIOP_SSL_Transport
00038    *
00039    * @brief
00040    * IIOP Transport designed to be "SSL aware," i.e. it is
00041    * aware of the existence of the SSLIOP Transport.   It makes
00042    * sure that SSL session state from a previous connection is not
00043    * associated with the non-SSL connection handled by this handler.
00044    *
00045    * However, this class overrides the handle_input() method to
00046    * invalidate the current TSS SSL state during a standard IIOP
00047    * (insecure) upcall.  This prevents SSL session state from a
00048    * previous SSL connection from being associated with non-SSL
00049    * connections processed by this connection handler.  In particular,
00050    * this is very important for closing a security hole in nested
00051    * upcalls.  For example, an SSLIOP request is made.  During that
00052    * secure upcall, an insecure nested upcall is made.  A naive
00053    * implementation would associate the TSS SSL state from the secure
00054    * upcall with the insecure upcall.  This implementation closes that
00055    * security hole.
00056    */
00057   class IIOP_SSL_Transport : public TAO_IIOP_Transport
00058   {
00059   public:
00060     /// Constructor.
00061     IIOP_SSL_Transport (IIOP_SSL_Connection_Handler *handler,
00062                         TAO_ORB_Core *orb_core);
00063 
00064     /// Default destructor.
00065     ~IIOP_SSL_Transport (void);
00066 
00067     /** @name Overridden Template Methods
00068      *
00069      * Please check the documentation in "tao/Transport.h" for more
00070      * details.
00071      */
00072     virtual int handle_input (TAO_Resume_Handle &rh,
00073                               ACE_Time_Value *max_wait_time = 0);
00074 
00075   protected:
00076 
00077     /// Reference to the TAO::SSLIOP::Current object.
00078     TAO::SSLIOP::Current_var current_;
00079 
00080   };
00081 
00082 }  // End TAO namespace.
00083 
00084 TAO_END_VERSIONED_NAMESPACE_DECL
00085 
00086 #include /**/ "ace/post.h"
00087 
00088 #endif /* TAO_IIOP_SSL_TRANSPORT_H */
Generated on Tue Feb 2 17:48:44 2010 for TAO_SSLIOP by  doxygen 1.4.7