00001 // -*- C++ -*- 00002 00003 //============================================================================= 00004 /** 00005 * @file SSLIOP_Endpoint.h 00006 * 00007 * $Id: SSLIOP_Endpoint.h 77784 2007-03-23 13:08:15Z mesnier_p $ 00008 * 00009 * SSLIOP implementation of PP Framework Endpoint interface. 00010 * 00011 * @author Marina Spivak <marina@cs.wustl.edu> 00012 * @author Ossama Othman <ossama@uci.edu> 00013 */ 00014 //============================================================================= 00015 00016 #ifndef TAO_SSLIOP_ENDPOINT_H 00017 #define TAO_SSLIOP_ENDPOINT_H 00018 00019 #include /**/ "ace/pre.h" 00020 00021 #include "orbsvcs/SSLIOP/SSLIOP_Export.h" 00022 00023 #if !defined (ACE_LACKS_PRAGMA_ONCE) 00024 # pragma once 00025 #endif /* ACE_LACKS_PRAGMA_ONCE */ 00026 00027 #include "orbsvcs/SSLIOP/SSLIOP_OwnCredentials.h" 00028 00029 #include "orbsvcs/SSLIOPC.h" 00030 #include "orbsvcs/SecurityC.h" 00031 00032 #include "tao/IIOP_Endpoint.h" 00033 #include "ace/INET_Addr.h" 00034 00035 TAO_BEGIN_VERSIONED_NAMESPACE_DECL 00036 00037 namespace TAO 00038 { 00039 /// Tag for storing multiple ssl endpoints within a single profile. 00040 const ACE_UINT32 TAG_SSL_ENDPOINTS = 0x54414f01U; 00041 } 00042 00043 // namespace TAO 00044 // { 00045 // namespace SSLIOP 00046 // { 00047 /** 00048 * @class Endpoint 00049 * 00050 * @brief SSLIOP-specific implementation of PP Framework Endpoint 00051 * interface. 00052 * 00053 * 00054 */ 00055 class TAO_SSLIOP_Export TAO_SSLIOP_Endpoint : public TAO_Endpoint 00056 { 00057 public: 00058 00059 friend class TAO_SSLIOP_Profile; 00060 00061 /// Constructor 00062 TAO_SSLIOP_Endpoint (const ::SSLIOP::SSL *ssl_component, 00063 TAO_IIOP_Endpoint *iiop_endp); 00064 00065 /// Destructor. 00066 virtual ~TAO_SSLIOP_Endpoint (void); 00067 00068 00069 /// Need to have an assignment operator since the SSLIOP_Profile class 00070 /// may have to reorder its list of endpoints based on filtering by 00071 /// the EndpointPolicy. 00072 TAO_SSLIOP_Endpoint & operator= (const TAO_SSLIOP_Endpoint& other); 00073 00074 /** 00075 * @name TAO_Endpoint Methods 00076 * 00077 * See Endpoint.h for their documentation. 00078 */ 00079 //@{ 00080 virtual TAO_Endpoint *next (void); 00081 virtual int addr_to_string (char *buffer, size_t length); 00082 00083 /// Return true if this endpoint is equivalent to @a 00084 /// other_endpoint The relationship is defined as equivalency of 00085 /// their qop, hostname and ssl ports (if non-zero). 00086 /// Two endpoints may be equivalent even if their iiop counterparts are 00087 /// not. In fact, there are cases (as with the LPL processing) 00088 /// when those counterparts are not known at all. 00089 CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); 00090 00091 /// Return a copy of the corresponding endpoints by allocating 00092 /// memory. 00093 virtual TAO_Endpoint *duplicate (void); 00094 00095 /// Return a hash value for this object. Note that only the IP 00096 /// address and port are used to generate the hash value. This may 00097 /// cause a few more hash table collisions in the transport cache, 00098 /// because a synthesized SSLIOP endpoints for an address will 00099 /// have the same hash value as a fully qualified one. The 00100 /// redeeming feature is that it makes / bi-directional SSLIOP work 00101 /// by allowing descendent class (Synthetic_Endpoint) instances to 00102 /// be used as keys in the cache manager and match other fully 00103 /// qualified endpoint. (which were used earlier to cache a 00104 /// particular transport) 00105 virtual CORBA::ULong hash (void); 00106 //@} 00107 00108 /** 00109 * @name SSLIOP_Endpoint-specific Methods 00110 */ 00111 //@{ 00112 /// Return SSL component corresponding to this endpoint. 00113 const ::SSLIOP::SSL &ssl_component (void) const; 00114 00115 /// Accessor to our IIOP counterpart. 00116 TAO_IIOP_Endpoint *iiop_endpoint (void) const; 00117 00118 /// Mutator to our IIOP counterpart. 00119 /** 00120 * @param endpoint The new endpoint 00121 * @param destroy If set to @c true, the TAO::SSLIOP::Endpoint 00122 * object retains ownership of the given 00123 * TAO_IIOP_Endpoint. 00124 */ 00125 void iiop_endpoint (TAO_IIOP_Endpoint *endpoint, bool destroy); 00126 00127 /// Return the SSLIOP-specific ACE_INET_Addr. 00128 const ACE_INET_Addr &object_addr (void) const; 00129 00130 /// Set the Quality-of-Protection, establishment of trust, and 00131 /// credentials for this endpoint. This is all done in one function 00132 /// so that the guard may be used uniformly. 00133 void set_sec_attrs (::Security::QOP qop, 00134 const ::Security::EstablishTrust &trust, 00135 const TAO::SSLIOP::OwnCredentials_ptr creds); 00136 00137 /// Get the Quality-of-Protection settings for this endpoint. 00138 ::Security::QOP qop (void) const; 00139 00140 /// Get the establishment of trust settings for this endpoint. 00141 ::Security::EstablishTrust trust (void) const; 00142 00143 /// Get the credentials for this endpoint. 00144 /** 00145 * @note This method does not follow C++ mapping memory 00146 * management rules. Specifically, no duplication or 00147 * reference counting occurs in this method. This is so 00148 * that no additional locks occur when checking the 00149 * transport cache. 00150 */ 00151 TAO::SSLIOP::OwnCredentials * credentials (void) const; 00152 //@} 00153 00154 00155 /// Credentials are not supplied by the constructor, and it is 00156 /// valid to have a nil credential, for instance if the 00157 /// SSL_use_certificate() method returns 0. Therefore it is 00158 /// necessary to have a new method to distinguish between a 00159 /// credential that is nil because it has not been set, vs one 00160 /// that was set to nil explicitly. 00161 int credentials_set (void) const; 00162 00163 protected: 00164 00165 /// Cache the SSL tagged component in a decoded format. Notice 00166 /// that we do not need to marshal this object! 00167 ::SSLIOP::SSL ssl_component_; 00168 00169 private: 00170 00171 /// Cached instance of ACE_INET_Addr for use in making invocations, 00172 /// etc. 00173 mutable ACE_INET_Addr object_addr_; 00174 00175 /// IIOP Endpoints can be stringed into a list. Return the next 00176 /// endpoint in the list, if any. 00177 TAO_SSLIOP_Endpoint *next_; 00178 00179 /// IIOP counterpart. 00180 /** 00181 * Since SSLIOP is an 'extension' of IIOP, each SSLIOP_Endpoint 00182 * contains SSL-specific information plus a pointer to the 00183 * IIOP_Endpoint containing the IIOP portion of our address. 00184 */ 00185 TAO_IIOP_Endpoint *iiop_endpoint_; 00186 00187 /// Flag that determines whether or not the iiop_endpoint_ member is 00188 /// deallocated with delete(). 00189 bool destroy_iiop_endpoint_; 00190 00191 /// Quailty-of-Protection settings for this endpoint object. 00192 ::Security::QOP qop_; 00193 00194 /// Establishment of trust settings for this endpoint object. 00195 ::Security::EstablishTrust trust_; 00196 00197 /// SSLIOP-specific credentials for this endpoint object. 00198 TAO::SSLIOP::OwnCredentials_var credentials_; 00199 00200 /// A flag indicating that credentials_ was explicitly initialized 00201 int credentials_set_; 00202 }; 00203 00204 /** 00205 * @class SSLIOP_Synthetic_Endpoint 00206 * 00207 * @brief SSLIOP-specific implementation of PP Framework Endpoint 00208 * interface, representing synthetic endpoints. An endpoints 00209 * is synthetic whenever there is insuficient data to fully 00210 * initialize an SSLIOP endpoint: qop, trust, credentials, 00211 * etc. Such as when creating an SSLIOP endpoint in response 00212 * of a Listen Point List or accepting a connection. 00213 * 00214 * LPL and IOR-originated endpoints can now compare as 00215 * equivalent, if they denote the same host, port and 00216 * protection. That would have given some false 00217 * positives in some very obscure cases (same SSL port, but 00218 * different protection or undelying IIOP port, or vice versa) 00219 * The "synthetic eVndpoint" has its very own is_equivalent() 00220 * to help eliminate any false positives and make the process 00221 * more clear. 00222 * 00223 */ 00224 class TAO_SSLIOP_Export TAO_SSLIOP_Synthetic_Endpoint : public TAO_SSLIOP_Endpoint 00225 { 00226 public: 00227 00228 /// Constructor 00229 TAO_SSLIOP_Synthetic_Endpoint (TAO_IIOP_Endpoint *iiop_endp); 00230 00231 /// Destructor. 00232 virtual ~TAO_SSLIOP_Synthetic_Endpoint (void); 00233 00234 /** 00235 * Return true if this endpoint is equivalent to @param 00236 * other_endpoint. 00237 * Two synthetic endpoints are equivalent iff their iiop counterparts are 00238 * equivalent, and, if both have non-zero ssl ports, their ssl 00239 * ports are the same. 00240 */ 00241 CORBA::Boolean is_equivalent (const TAO_Endpoint *other_endpoint); 00242 00243 /// Return a copy of the corresponding endpoints by allocating 00244 /// memory. 00245 virtual TAO_Endpoint *duplicate (void); 00246 00247 private: 00248 TAO_SSLIOP_Synthetic_Endpoint (const ::SSLIOP::SSL *ssl); 00249 00250 }; 00251 00252 // } // End SSLIOP namespace. 00253 // } // End TAO namespace. 00254 00255 TAO_END_VERSIONED_NAMESPACE_DECL 00256 00257 #if defined (__ACE_INLINE__) 00258 #include "orbsvcs/SSLIOP/SSLIOP_Endpoint.inl" 00259 #endif /* __ACE_INLINE__ */ 00260 00261 #include /**/ "ace/post.h" 00262 00263 #endif /* TAO_SSLIOP_ENDPOINT_H */
1.4.7