relay.cc

MICO2.3.13 corba 环境平台

//
// Test for etherealize/incarnate
//

#include "hello.h"
#ifdef HAVE_ANSI_CPLUSPLUS_HEADERS
#include <fstream>
#else // HAVE_ANSI_CPLUSPLUS_HEADERS
#include <fstream.h>
#endif // HAVE_ANSI_CPLUSPLUS_HEADERS

#include <mico/security/sl3ac.h>
#include <mico/security/sl3utils.h>
#include <mico/util.h>

using namespace SL3PM;
using namespace SL3CM;
using namespace SecurityLevel3;

using namespace std;

CORBA::ORB_ptr orb = CORBA::ORB::_nil();
SecurityManager_var secman = SecurityManager::_nil();
SecurityLevel3::CredentialsCurator_var curator
= SecurityLevel3::CredentialsCurator::_nil();
TransportSecurity::OwnCredentials_var ts_creds
= TransportSecurity::OwnCredentials::_nil();

class PasswordProcessor_impl
    : virtual public UserPassword::PasswordProcessor,
      virtual public CORBA::LocalObject
{
public:
    virtual CORBA::Boolean
    client_authen_required();

    virtual SL3PM::PrincipalName*
    password_target();

    virtual UserPassword::ErrorCode
    verify_password
    (const CORBA::WChar* username,
     const CORBA::WChar* password,
     SL3PM::PrincipalName_out principal);
};

CORBA::Boolean
PasswordProcessor_impl::client_authen_required()
{
    return TRUE;
}

SL3PM::PrincipalName*
PasswordProcessor_impl::password_target()
{
    SL3PM::PrincipalName* result = new SL3PM::PrincipalName;
    result->the_type = (const char*)SL3PM::NT_StringName;
    result->the_name.length(1);
    result->the_name[0] = L"@objectsecurity.com";
    return result;
}

UserPassword::ErrorCode
PasswordProcessor_impl::verify_password
(const CORBA::WChar* username,
 const CORBA::WChar* password,
 SL3PM::PrincipalName_out principal)
{
    //cerr << "relay: PasswordProcessor_impl::verify_password" << endl;
    wstring name = username;
    wstring pw = password;
    //cerr << "name: " << wstr2str(name) << endl;
    principal = new SL3PM::PrincipalName;
    principal->the_type = (const char*)SL3PM::NT_StringName;
    principal->the_name.length(1);
    principal->the_name[0] = CORBA::wstring_dup(name.c_str());
    return UserPassword::EC_Success;
}

class PasswordGenerator_impl
    : virtual public UserPassword::PasswordGenerator,
      virtual public CORBA::LocalObject
{
public:
    PasswordGenerator_impl
    (const char* user,
     const char* passwd,
     const char* realm);

    virtual SL3PM::PrincipalName*
    client_authentication_principal();

    virtual UserPassword::ErrorCode
    generate_password
    (const SL3PM::PrincipalName& target,
     CORBA::WString_out username,
     CORBA::WString_out password);

private:
    wstring user_;
    wstring passwd_;
    wstring realm_;
};

PasswordGenerator_impl::PasswordGenerator_impl
(const char* user, const char* passwd, const char* realm)
    //    user_(user), passwd_(passwd), realm_(realm)
{
    string u = user;
    string p = passwd;
    string r = realm;
    user_ = str2wstr(u);
    passwd_ = str2wstr(p);
    realm_ = str2wstr(r);
}

SL3PM::PrincipalName*
PasswordGenerator_impl::client_authentication_principal()
{
    //cerr << "PasswordGenerator_impl::client_authentication_principal(): " << wstr2str(user_) << endl;
    SL3PM::PrincipalName* result = new SL3PM::PrincipalName;
    result->the_type = (const char*)SL3PM::NT_StringName;
    result->the_name.length(1);
    result->the_name[0] = CORBA::wstring_dup(user_.c_str());
    return result;
}

UserPassword::ErrorCode
PasswordGenerator_impl::generate_password
(const SL3PM::PrincipalName& target,
 CORBA::WString_out username,
 CORBA::WString_out password)
{
    //cerr << "PasswordGenerator_impl::generate_password" << endl;
    if (strcmp(SL3PM::NT_StringName, target.the_type) == 0) {
	if (realm_ == target.the_name[0].in()) {
	    username = CORBA::wstring_dup(user_.c_str());
	    password = CORBA::wstring_dup(passwd_.c_str());
	    //cerr << wstr2str(user_) << ":" << wstr2str(passwd_) << endl;
	    return UserPassword::EC_Success;
	}
    }
    return UserPassword::EC_BadTarget;
}

class DelegationTokenProcessor
    : virtual public MICOSL3_AC::AttributeCertChainTokenProcessor
{
public:
    DelegationTokenProcessor(const string& ca);

    virtual CORBA::Boolean
    supports_endorsement_by_client();

    virtual CORBA::Boolean
    requires_endorsement_by_client();
};

DelegationTokenProcessor::DelegationTokenProcessor(const string& ca)
    : AttributeCertChainTokenProcessor(ca)
{
}

CORBA::Boolean
DelegationTokenProcessor::supports_endorsement_by_client()
{
    return TRUE;
}

CORBA::Boolean
DelegationTokenProcessor::requires_endorsement_by_client()
{
    return FALSE;
}

class Relay_impl
    : virtual public POA_HelloWorld
{
public:
    Relay_impl(HelloWorld_ptr hello);
    void hello();
private:
    HelloWorld_var hello_;
};

Relay_impl::Relay_impl(HelloWorld_ptr hello)
    : hello_(HelloWorld::_duplicate(hello))
{
}

void
Relay_impl::hello()
{
    CORBA::Object_var obj = orb->resolve_initial_references
	("SecurityLevel3::SecurityCurrent");
    SecurityLevel3::SecurityCurrent_var current
	= SecurityLevel3::SecurityCurrent::_narrow(obj);
    assert(!CORBA::is_nil(current));
    SecurityLevel3::ClientCredentials_var creds
	= current->client_credentials();
//      cerr << "creds: " << creds << endl;
//      wcout << "server: ClientCredentials:" << endl;
//      MICOSL3Utils::PP::print_client_credentials(&wcout, creds);
//      wcout << endl;

    Principal_var princ = creds->client_principal();
    PrincipalName name = princ->the_name();
    if (princ->the_type() == PT_Proxy) {
	wcout << "relay: operation executed by: ``" << name.the_name[0].in() << "''" << endl;
    }
    // transport creds
    if (CORBA::is_nil(ts_creds)) {
	// create transport credentials which will be used
	// in all relayed SL3CSI credentials
	obj = orb->resolve_initial_references("SL3TCPIP::ArgBuilderFactory");
	SL3AQArgs::ArgBuilderFactory_var ts_fact
	    = SL3AQArgs::ArgBuilderFactory::_narrow(obj);
	assert(!CORBA::is_nil(ts_fact));
	SL3TCPIP::TCPIPArgBuilder_var ts_builder
	    = SL3TCPIP::TCPIPArgBuilder::_narrow
	    (ts_fact->create_arg_builder(SL3CM::CU_InitiateOnly));
	assert(!CORBA::is_nil(ts_builder));
	SL3AQArgs::Argument_var ts_args = ts_builder->reap_args();
	obj = orb->resolve_initial_references
	    ("TransportSecurity::SecurityManager");
	TransportSecurity::SecurityManager_var ts_secman
	    = TransportSecurity::SecurityManager::_narrow(obj);
	assert(!CORBA::is_nil(ts_secman));
	TransportSecurity::CredentialsCurator_var ts_curator
	    = ts_secman->credentials_curator();
	TransportSecurity::CredentialsAcquirer_var ts_acquirer
	    = ts_curator->acquire_credentials(ts_args);
	ts_creds = ts_acquirer->get_credentials(FALSE);
    }
    //cerr << "ts_creds: " << ts_creds->creds_id() << endl;
    // csi creds
    obj = orb->resolve_initial_references("SL3CSI::ArgBuilderFactory");
    SL3AQArgs::ArgBuilderFactory_var csi_fact
	= SL3AQArgs::ArgBuilderFactory::_narrow(obj);
    assert(!CORBA::is_nil(csi_fact));
    SL3AQArgs::ArgBuilder_var builder_obj = csi_fact->create_arg_builder
	(SL3CM::CU_InitiateOnly);
    SL3CSI::CSIArgBuilder_var csi_builder = SL3CSI::CSIArgBuilder::_narrow
	(builder_obj);
    assert(!CORBA::is_nil(csi_builder));
    // transport creds
    csi_builder->add_transport_credentials(ts_creds);
    // passwd generator
    UserPassword::PasswordGenerator_var generator = new PasswordGenerator_impl
	("relay", "relay_pw", "@objectsecurity.com");
    csi_builder->add_password_generator(generator);
    // quoted principal
    csi_builder->add_named_quoted_principal(name);

    SL3AQArgs::Argument_var args = csi_builder->reap_args();
    SecurityLevel3::CredentialsAcquirer_var acquirer
	= curator->acquire_credentials(args);
    SecurityLevel3::OwnCredentials_var own_creds = acquirer->get_credentials(FALSE);

    // policy
    SecurityLevel3::OwnCredentialsList creds_list;
    creds_list.length(1);
    creds_list[0] = own_creds;
    SecurityLevel3::ContextEstablishmentPolicy_var cep
	= secman->create_context_estab_policy
        (CD_Default, creds_list, FD_UseDefault, FD_UseDefault, FD_UseDefault,
	 FD_UseDefault);
    CORBA::PolicyList policies;
    policies.length(1);
    policies[0] = ContextEstablishmentPolicy::_duplicate(cep);
    CORBA::Object_var hello2_obj = hello_->_set_policy_overrides
	(policies, CORBA::ADD_OVERRIDE);
    HelloWorld_var hello2 = HelloWorld::_narrow(hello2_obj);

    wcout << "relay: server->hello()" << endl;
    hello2->hello();
    // cleanup credentials
    own_creds->release_credentials();
}

int
main (int argc, char *argv[])
{
    //wcout << "wcout init" << endl;
    try {
	orb = CORBA::ORB_init(argc, argv);
	CORBA::Object_var obj = orb->resolve_initial_references
	    ("SecurityLevel3::SecurityManager");
	secman = SecurityLevel3::SecurityManager::_narrow(obj);
	assert(!CORBA::is_nil(secman));
	curator = secman->credentials_curator();
	assert(!CORBA::is_nil(curator));

        ifstream in("atlas.ref");
        string atlas_ior = "";
        in >> atlas_ior;
        CORBA::Object_var aobj = orb->string_to_object(atlas_ior.c_str());
        ATLAS::AuthTokenDispenser_var atlas
            = ATLAS::AuthTokenDispenser::_narrow(aobj);
        assert(!CORBA::is_nil(atlas));

	// first we need to obtain transport credentials
	obj = orb->resolve_initial_references("SL3TCPIP::ArgBuilderFactory");
	SL3AQArgs::ArgBuilderFactory_var ts_fact
	    = SL3AQArgs::ArgBuilderFactory::_narrow(obj);
	assert(!CORBA::is_nil(ts_fact));
	SL3TCPIP::TCPIPArgBuilder_var ts_builder
	    = SL3TCPIP::TCPIPArgBuilder::_narrow
	    (ts_fact->create_arg_builder(SL3CM::CU_InitiateAndAccept));
	assert(!CORBA::is_nil(ts_builder));
	SL3AQArgs::Argument_var ts_args = ts_builder->reap_args();
	obj = orb->resolve_initial_references
	    ("TransportSecurity::SecurityManager");
	TransportSecurity::SecurityManager_var ts_secman
	    = TransportSecurity::SecurityManager::_narrow(obj);
	assert(!CORBA::is_nil(ts_secman));
	TransportSecurity::CredentialsCurator_var ts_curator
	    = ts_secman->credentials_curator();
	TransportSecurity::CredentialsAcquirer_ptr ts_acquirer
	    = ts_curator->acquire_credentials(ts_args);
	TransportSecurity::OwnCredentials_var ts_creds = ts_acquirer->get_credentials(TRUE);
	//MICOSL3Utils::PP::print_own_credentials(&wcout, ts_creds);

	obj = orb->resolve_initial_references("SL3CSI::ArgBuilderFactory");
	SL3AQArgs::ArgBuilderFactory_var csi_fact
	    = SL3AQArgs::ArgBuilderFactory::_narrow(obj);
	assert(!CORBA::is_nil(csi_fact));
	SL3CSI::CSIArgBuilder_var csi_builder
	    = SL3CSI::CSIArgBuilder::_narrow
	    (csi_fact->create_arg_builder(SL3CM::CU_InitiateAndAccept));
	assert(!CORBA::is_nil(csi_builder));

	csi_builder->add_transport_credentials(ts_creds);
	UserPassword::PasswordProcessor_var processor = new PasswordProcessor_impl;
	csi_builder->add_password_processor(processor);
	UserPassword::PasswordGenerator_var generator = new PasswordGenerator_impl
	    //    ("relay", "relay_pw", "@objectsecurity.com");
	    ("sapsan", "sapsan", "@objectsecurity.com"); // hack for the moment to not bother with LDAP
	    //("karel", "cobalt", "@objectsecurity.com");
	csi_builder->add_password_generator(generator);
        ATLAS::ATLASCacheId id;
        id.length(0);
        //MICOSL3_AC::ACTokenProcessor* tp = new MICOSL3_AC::ACTokenProcessor;
	SL3Authorization::TokenProcessor_var tp = new DelegationTokenProcessor("ca.pem");
        csi_builder->add_ATLAS_object(id, atlas, tp);

	SL3AQArgs::Argument_var args = csi_builder->reap_args();
	SecurityLevel3::CredentialsAcquirer_var acquirer
	    = curator->acquire_credentials(args);
	SecurityLevel3::OwnCredentials_var creds = acquirer->get_credentials(TRUE);
	//wcout << "server: OwnCredentials:" << endl;
	//MICOSL3Utils::PP::print_own_credentials(&wcout, creds);

	CORBA::Object_var poaobj = orb->resolve_initial_references("RootPOA");
	PortableServer::POA_var poa = PortableServer::POA::_narrow(poaobj);
	PortableServer::POAManager_var mgr = poa->the_POAManager();

	char pwd[256], uri[300];
	sprintf (uri, "file://%s/hello.ref", getcwd(pwd, 256));
	obj = orb->string_to_object (uri);
	HelloWorld_var hello = HelloWorld::_narrow (obj);

	Relay_impl* servant = new Relay_impl(hello);
	PortableServer::ObjectId_var oid = poa->activate_object(servant);
	CORBA::Object_var ref = poa->id_to_reference(oid.in());
	ofstream of ("relay.ref");
	CORBA::String_var str = orb->object_to_string(ref);
	of << str.in() << endl;
	of.close();

	wcout << "relay: Running." << endl;

	mgr->activate();
	orb->run();
    } catch (CORBA::UserException& ex) {
	wcout << "UserException caught: " << ex._repoid() << endl;
    } catch (CORBA::SystemException_catch& ex) {
	wcout << "SystemException caught: " << ex._repoid() << endl;
    } catch (...) {
	wcout << "... caught!" << endl;
    }
    return 0;
}