transportsecurity_impl.h

MICO2.3.13 corba 环境平台

// -*- c++ -*-
//
//  MICO SL3 --- an Open Source SL3 implementation
//  Copyright (C) 2002, 2003, 2004, 2005, 2006, 2008 ObjectSecurity Ltd.
//
//  This library is free software; you can redistribute it and/or
//  modify it under the terms of the GNU Library General Public
//  License as published by the Free Software Foundation; either
//  version 2 of the License, or (at your option) any later version.
//
//  This library is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
//  Library General Public License for more details.
//
//  You should have received a copy of the GNU Library General Public
//  License along with this library; if not, write to the Free
//  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

//  Send comments and/or bug reports to:
//                 micosec@objectsecurity.com
//

//  Written by Karel Gardas, <kgardas@objectsecurity.com>


#ifndef __TRANSPORTSECURITY_IMPL_H__
#define __TRANSPORTSECURITY_IMPL_H__

#include <mico/security/transportsecurity.h>
#include <mico/security/securitylevel3_impl.h>
#include <mico/security/transportsecurity_p.h>


namespace MICOSL3_TransportSecurity
{
    // initialization function
    void
    _init();


    class CredentialsInitiator_impl
	: virtual public TransportSecurity::CredentialsInitiator,
	  virtual public CORBA::LocalObject
    {
    public:
	virtual SL3PM::Principal*
	the_principal();

	virtual SL3PM::StatementList*
	supporting_statements();

	virtual SL3PM::ResourceNameList*
	restricted_resources();

	virtual SL3PM::PrinAttributeList*
	environmental_attributes();

	virtual CORBA::Boolean
	supports_embodiment();

	virtual CORBA::Boolean
	supports_endorsement();

	virtual CORBA::Boolean
	supports_quoting();

	virtual CORBA::Boolean
	supports_client_authentication();

	virtual CORBA::Boolean
	supports_target_authentication();

	virtual CORBA::Boolean
	supports_confidentiality();

	virtual CORBA::Boolean
	supports_integrity();

	virtual TimeBase::UtcT
	expiry_time();
    protected:
	SL3PM::Principal* principal_;
	SL3PM::StatementList statement_list_;
	SL3PM::ResourceNameList rsname_list_;
	SL3PM::PrinAttributeList environmental_attributes_;
	CORBA::Boolean supports_embodiment_;
	CORBA::Boolean supports_endorsement_;
	CORBA::Boolean supports_quoting_;
	CORBA::Boolean supports_client_authentication_;
	CORBA::Boolean supports_target_authentication_;
	CORBA::Boolean supports_confidentiality_;
	CORBA::Boolean supports_integrity_;
	TimeBase::UtcT expiry_time_;
    };


    class CredentialsAcceptor_impl
	: virtual public TransportSecurity::CredentialsAcceptor,
	  virtual public CORBA::LocalObject
    {
    public:
	virtual SL3PM::Principal*
	the_principal();

	virtual SL3PM::StatementList*
	supporting_statements();

	virtual SL3PM::ResourceNameList*
	restricted_resources();

	virtual SL3PM::PrinAttributeList*
	environmental_attributes();

	virtual CORBA::Boolean
	supports_endorsement();

	virtual CORBA::Boolean
	supports_quoting();

	virtual CORBA::Boolean
	supports_client_authentication();

	virtual CORBA::Boolean
	supports_target_authentication();

	virtual CORBA::Boolean
	supports_confidentiality();

	virtual CORBA::Boolean
	supports_integrity();

	virtual TimeBase::UtcT
	expiry_time();
    protected:
	SL3PM::Principal* principal_;
	SL3PM::StatementList statement_list_;
	SL3PM::ResourceNameList rsname_list_;
	SL3PM::PrinAttributeList environmental_attributes_;
	CORBA::Boolean supports_endorsement_;
	CORBA::Boolean supports_quoting_;
	CORBA::Boolean supports_client_authentication_;
	CORBA::Boolean supports_target_authentication_;
	CORBA::Boolean supports_confidentiality_;
	CORBA::Boolean supports_integrity_;
	TimeBase::UtcT expiry_time_;
    };


    class TransportCredentials_impl
	: virtual public TransportSecurity::TransportCredentials,
	  virtual public CORBA::LocalObject
    {
    public:
	TransportCredentials_impl();

	TransportCredentials_impl
	(const char* id,
	 SL3CM::CredentialsState state,
	 SL3CM::CredentialsType type,
	 SL3CM::CredentialsUsage usage,
	 TimeBase::UtcT time);

	virtual char*
	creds_id();

	virtual SL3CM::CredentialsState
	creds_state();

	virtual SL3CM::CredentialsType
	creds_type();

	virtual SL3CM::CredentialsUsage
	creds_usage();

	virtual TimeBase::UtcT
	expiry_time();

	// extension
	void
	creds_state(SL3CM::CredentialsState state);
    protected:
	CORBA::String_var creds_id_;
	SL3CM::CredentialsState creds_state_;
	SL3CM::CredentialsType creds_type_;
	SL3CM::CredentialsUsage creds_usage_;
	TimeBase::UtcT expiry_time_;
    };


    class OwnCredentials_impl
	: virtual public TransportCredentials_impl,
	  virtual public TransportSecurity::OwnCredentials,
	  virtual public CORBA::LocalObject
    {
    public:
	OwnCredentials_impl
	(const char* id,
	 SL3CM::CredentialsState state,
	 SL3CM::CredentialsType type,
	 SL3CM::CredentialsUsage usage,
	 TimeBase::UtcT time,
	 TransportSecurity::CredentialsInitiator_ptr initiator,
	 TransportSecurity::CredentialsAcceptor_ptr acceptor,
	 CORBA::Boolean csiv1_support,
	 CORBA::Boolean csiv2_support,
	 const SL3OM::ObserverSeq& observers);

	virtual ~OwnCredentials_impl();

	virtual TransportSecurity::CredentialsInitiator_ptr
	the_initiator();

	virtual TransportSecurity::CredentialsAcceptor_ptr
	the_acceptor();

	virtual CORBA::Boolean
	supports_csi_version(TransportSecurity::CSIVersion version);

	virtual void
	release_credentials();

	virtual void
	externalize_credentials
	(const char* externalization_type,
	 const char* dest_url);

	// extension

	SL3OM::ObserverSeq*
	observers();

	void
	notify_creation();

	void
	notify_remove();

	void
	notify_destroy();
    private:
	TransportSecurity::CredentialsInitiator_var initiator_;
	TransportSecurity::CredentialsAcceptor_var acceptor_;
	CORBA::Boolean csiv1_support_;
	CORBA::Boolean csiv2_support_;
	SL3OM::ObserverSeq observers_;
	std::vector<SL3OM::CredentialsObserver_var> credentials_observers_;
	std::vector<SL3OMExt::CredentialsDestroyObserver_var> destroy_observers_;
    };


    class ClientCredentials_impl
	: virtual public TransportCredentials_impl,
	  virtual public TransportSecurity::ClientCredentials,
	  virtual public CORBA::LocalObject
    {
    public:
	ClientCredentials_impl
	(TransportSecurity::OwnCredentials_ptr parent_credentials);

	virtual char*
	context_id();

	virtual SL3PM::Principal*
	client_principal();

	virtual SL3PM::StatementList*
	client_supporting_statements();

	virtual SL3PM::ResourceNameList*
	client_restricted_resources();

	virtual SL3PM::Principal*
	target_principal();

	virtual SL3PM::StatementList*
	target_supporting_statements();

	virtual SL3PM::ResourceNameList*
	target_restricted_resources();

	virtual SL3PM::PrinAttributeList*
	environmental_attributes();

	virtual TransportSecurity::OwnCredentials_ptr
	parent_credentials();

	virtual CORBA::Boolean
	client_authentication();

	virtual CORBA::Boolean
	target_authentication();

	virtual CORBA::Boolean
	confidentiality();

	virtual CORBA::Boolean
	integrity();

	virtual CORBA::Boolean
	impersonable();

	virtual CORBA::Boolean
	endorseable();

	virtual CORBA::Boolean
	quotable();
    protected:
	CORBA::String_var context_id_;
	SL3PM::Principal* client_principal_;
	SL3PM::StatementList client_supporting_statements_;
	SL3PM::ResourceNameList client_restricted_resources_;
	SL3PM::Principal* target_principal_;
	SL3PM::StatementList target_supporting_statements_;
	SL3PM::ResourceNameList target_restricted_resources_;
	SL3PM::PrinAttributeList environmental_attributes_;
	TransportSecurity::OwnCredentials_var parent_credentials_;
	CORBA::Boolean client_authentication_;
	CORBA::Boolean target_authentication_;
	CORBA::Boolean confidentiality_;
	CORBA::Boolean integrity_;
	CORBA::Boolean impersonable_;
	CORBA::Boolean endorseable_;
	CORBA::Boolean quotable_;
    };


    class TargetCredentials_impl
	: virtual public TransportCredentials_impl,
	  virtual public TransportSecurity::TargetCredentials,
	  virtual public CORBA::LocalObject
    {
    public:
	TargetCredentials_impl
	(TransportSecurity::OwnCredentials_ptr parent_credentials);

	virtual char*
	context_id();

	virtual SL3PM::Principal*
	client_principal();

	virtual SL3PM::StatementList*
	client_supporting_statements();

	virtual SL3PM::ResourceNameList*
	client_restricted_resources();

	virtual SL3PM::Principal*
	target_principal();

	virtual SL3PM::StatementList*
	target_supporting_statements();

	virtual SL3PM::ResourceNameList*
	target_restricted_resources();

	virtual SL3PM::PrinAttributeList*
	environmental_attributes();

	virtual TransportSecurity::OwnCredentials_ptr
	parent_credentials();

	virtual CORBA::Boolean
	client_authentication();

	virtual CORBA::Boolean
	target_authentication();

	virtual CORBA::Boolean
	confidentiality();

	virtual CORBA::Boolean
	integrity();

	virtual CORBA::Boolean
	target_embodied();

	virtual CORBA::Boolean
	target_endorsed();
    protected:
	CORBA::String_var context_id_;
	SL3PM::Principal_var client_principal_;
	SL3PM::StatementList client_supporting_statements_;
	SL3PM::ResourceNameList client_restricted_resources_;
	SL3PM::Principal_var target_principal_;
	SL3PM::StatementList target_supporting_statements_;
	SL3PM::ResourceNameList target_restricted_resources_;
	SL3PM::PrinAttributeList environmental_attributes_;
	TransportSecurity::OwnCredentials_var parent_credentials_;
	CORBA::Boolean client_authentication_;
	CORBA::Boolean target_authentication_;
	CORBA::Boolean confidentiality_;
	CORBA::Boolean integrity_;
	CORBA::Boolean target_embodied_;
	CORBA::Boolean target_endorsed_;
    };


    class CredentialsCurator_impl
	: virtual public TransportSecurity::CredentialsCurator,
	  virtual public CORBA::LocalObject
    {
    public:
	virtual TransportSecurity::OwnCredentialsList*
	default_creds_list();

	virtual TransportSecurity::CredentialsAcquirer_ptr
	acquire_credentials
	(SL3AQArgs::Argument_ptr acquisition_arguments);

	virtual TransportSecurity::OwnCredentials_ptr
	get_own_credentials(const char* creds_id);

	virtual void
	remove_credentials(const char* creds_id);

	virtual void
	release_credentials(const char* creds_id);

	// extension

	void
	register_acquirer_factory
	(TransportSecurity::CredentialsAcquirerFactory_ptr factory);

	void
	add_own_credentials
	(TransportSecurity::OwnCredentials_ptr creds,
	 CORBA::Boolean on_list);

	void
	add_init_context(TransportSecurity::InitiatingContext_ptr ctx);

	TransportSecurity::TargetCredentials_ptr
	get_target_credentials
	(CORBA::Object_ptr obj,
	 CORBA::Boolean include_ipc_creds);

        TransportSecurity::OwnCredentials_ptr
        find_own_credentials_for(const CORBA::Address* addr);
    private:
	void