securitylevel2_impl.h

MICO2.3.13 corba 环境平台

// -*- c++ -*-
//
//  MICOsec --- a free CORBA Security implementation
//  Copyright (C) 2000, 2007 ObjectSecurity Ltd. 
//
//  This library is free software; you can redistribute it and/or
//  modify it under the terms of the GNU Library General Public
//  License as published by the Free Software Foundation; either
//  version 2 of the License, or (at your option) any later version.
//
//  This library is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
//  Library General Public License for more details.
//
//  You should have received a copy of the GNU Library General Public
//  License along with this library; if not, write to the Free
//  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

//  Send comments and/or bug reports to:
//                 micosec@objectsecurity.com
//

#ifndef __SECURITYLEVEL2_IMPL_H__
#define __SECURITYLEVEL2_IMPL_H__

#include <CORBA.h>
#include <mico/ssl.h>
#include <mico/security/securitylevel1_impl.h>
#include <mico/security/audit_impl.h>

namespace MICOSL2
{
    extern void _init ();

    extern MICOGetOpt::OptVec acad_options;

    class Current_impl;
    class Credentials_impl;
    class ReceivedCredentials_impl;
    class TargetCredentials_impl;
    class SecurityManager_impl;
  
    class SecurityFeatures
    {
	CORBA::Boolean* features_;
	int len_;
    public:
	SecurityFeatures();
	~SecurityFeatures();

	void
	set_from_options(Security::AssociationOptions);

	CORBA::Boolean
	get_security_feature(Security::SecurityFeature feature);

	int
	length()
	{ return len_; }
    };

    class Credentials_impl
	: virtual public SecurityLevel2::Credentials
    {
    protected:
	CORBA::Principal_ptr target_principal_;
	CORBA::Object_ptr target_;
    
	Security::CredentialsType cred_type_;
	Security::AuthenticationStatus auth_status_;
	Security::MechanismType mech_;
    
	Security::AssociationOptions accept_options_supported_;
	Security::AssociationOptions accept_options_required_;
	Security::AssociationOptions invoc_options_supported_;
	Security::AssociationOptions invoc_options_required_;
    
	SecurityFeatures features_;
	Security::AssociationOptions opt_supported_;
	std::string public_;

	void
	check_set_options(Security::AssociationOptions opts);

	virtual Security::SecAttribute
	get_SSL_attribute(const Security::AttributeType attrtype);
    public:
	Credentials_impl();
	~Credentials_impl();
    
	virtual Security::CredentialsType
	credentials_type();

	virtual void
	set_credentials_type(Security::CredentialsType type);

	virtual Security::AuthenticationStatus
	authentication_state();

	virtual void
	set_authentication_state(Security::AuthenticationStatus value);

	virtual char*
	mechanism();

	virtual void
	set_mechanism(const char *);
    
	virtual Security::AssociationOptions
	accepting_options_supported();

	virtual void
	accepting_options_supported(Security::AssociationOptions value);

	virtual Security::AssociationOptions
	accepting_options_required();

	virtual void
	accepting_options_required(Security::AssociationOptions value);

	virtual Security::AssociationOptions
	invocation_options_supported();

	virtual void
	invocation_options_supported(Security::AssociationOptions value);

	virtual Security::AssociationOptions
	invocation_options_required();

	virtual void
	invocation_options_required(Security::AssociationOptions value);

	void
	options_supported(Security::AssociationOptions value); //to load options from mechanism

	virtual SecurityLevel2::Credentials_ptr
	copy();

	virtual void
	destroy();

	virtual CORBA::Boolean
	get_security_feature
	(Security::CommunicationDirection direction,
	 Security::SecurityFeature feature);

	virtual Security::AttributeList*
	get_attributes(const Security::AttributeTypeList& attributes);

	virtual CORBA::Boolean
	set_attributes
	(const Security::AttributeList& requested_attributes,
	 Security::AttributeList_out actual_attributes);

	virtual CORBA::Boolean
	refresh(const Security::Opaque& refresh_data);

	virtual CORBA::Boolean
	is_valid(Security::UtcT& expiry_time);

	CORBA::Principal_ptr
	get_principal();

	void
	set_principal(CORBA::Principal_ptr);
    };


    class ReceivedCredentials_impl
	: public SecurityLevel2::ReceivedCredentials,
	  public virtual MICOSL2::Credentials_impl
    {
    public:
	ReceivedCredentials_impl(CORBA::ORB_ptr _orb);
	~ReceivedCredentials_impl();

	virtual Security::AssociationOptions
	association_options_used();

	virtual Security::DelegationState
	delegation_state();

	virtual Security::DelegationMode
	delegation_mode();

	virtual SecurityLevel2::CredentialsList*
	accepting_credentials();
    private:
	SecurityLevel2::CredentialsList accept_cred_list_;
	Security::AssociationOptions  assoc_options_used_;
	Security::DelegationState del_state_;
	Security::DelegationMode del_mode_;
    };

    class TargetCredentials_impl
	: public SecurityLevel2::TargetCredentials,
	  public virtual MICOSL2::Credentials_impl
    {
    public:
	TargetCredentials_impl(CORBA::ORB_ptr _orb,CORBA::Object_ptr target);
	~TargetCredentials_impl();

	virtual Security::AssociationOptions
	association_options_used();

	virtual SecurityLevel2::CredentialsList*
	initiating_credentials();
    private:
	SecurityLevel2::CredentialsList init_cred_list_;
	Security::AssociationOptions assoc_options_used_;
	Security::DelegationState del_state_;
	Security::DelegationMode del_mode_;
    };

    class PrincipalAuthenticator_impl
	: public SecurityLevel2::PrincipalAuthenticator
    {
    public:
	PrincipalAuthenticator_impl();
	PrincipalAuthenticator_impl(SecurityLevel2::SecurityManager* secman);
	virtual ~PrincipalAuthenticator_impl();

	void
	set_manager(SecurityLevel2::SecurityManager* secman);
    
	virtual Security::AuthenticationStatus
	authenticate
	(Security::AuthenticationMethod method,
	 const char* mechanism,
	 const char* security_name,
	 const CORBA::Any& auth_data,
	 const Security::AttributeList& privileges,
	 SecurityLevel2::Credentials_out creds,
	 CORBA::Any_out continuation_data,
	 CORBA::Any_out auth_specific_data);

	virtual Security::AuthenticationStatus
	continue_authentication
	(const CORBA::Any& response_data,
	 SecurityLevel2::Credentials_ptr creds,
	 CORBA::Any_out continuation_data,
	 CORBA::Any_out auth_specific_data);
    
	virtual Security::AuthenticationMethodList*
	get_supported_authen_methods(const char* mechanism);
    
    private:
	SecurityLevel2::SecurityManager_var secman_;
	Security::AuthenticationMethodList method_list_;
    };

    typedef SequenceTmpl<Security::AttributeTypeList*,MICO_TID_DEF> AttributeTypeListList;

    class AttributeManager
    {
    public:
	AttributeManager();
	virtual ~AttributeManager();
    
	virtual void
	init();

	virtual void
	add_attr_types(const Security::AttributeTypeList& attr_type_list);

	void
	add_attr_types(unsigned int family, int len, unsigned int* attributes);

	virtual Security::AttributeTypeList*
	get_family_attr_types(const Security::ExtensibleFamily& family);

	Security::AttributeTypeList*
	get_all_attr_types();

	Security::AttributeTypeList*
	filter(const Security::AttributeTypeList& attr_type_list);
    
    private:
	MICOSL2::AttributeTypeListList* p_main_list_;

	CORBA::Long
	find_attr_type(const Security::AttributeType& attr_type);

	CORBA::Long
	find_family_index(const Security::ExtensibleFamily& family);

	CORBA::Long add_empty_family(const Security::ExtensibleFamily& family);
    };

    class MechanismPolicy_impl
	: public ::SecurityLevel2::MechanismPolicy,
	  virtual public MICO::Policy_impl
    {
    public:
	MechanismPolicy_impl();
	MechanismPolicy_impl(Security::MechanismTypeList* );
	virtual ~MechanismPolicy_impl();

	virtual Security::MechanismTypeList*
	mechanisms();
    
	CORBA::PolicyType
	policy_type()
	{ return Security::SecMechanismPolicy; }

	CORBA::Policy_ptr
	copy ();

    private:
	Security::MechanismTypeList mechanisms_list_;
    };


    class InvocationCredentialsPolicy_impl
	: public ::SecurityLevel2::InvocationCredentialsPolicy,
	  virtual public MICO::Policy_impl
    {
    public:
	InvocationCredentialsPolicy_impl();
	InvocationCredentialsPolicy_impl(SecurityLevel2::CredentialsList*);

	SecurityLevel2::CredentialsList*
	creds();

	CORBA::PolicyType
	policy_type()
	{ return Security::SecInvocationCredentialsPolicy; }

	CORBA::Policy_ptr
	copy ();
    private:
	SecurityLevel2::CredentialsList cred_list_;
    };
  

    class QOPPolicy_impl