#include <SignedDocument.h>

Collaboration diagram for OpenDDS::Security::SSL::SignedDocument:

Public Member Functions
	SignedDocument (const DDS::OctetSeq &src)

	SignedDocument ()

virtual	~SignedDocument ()

bool	load (const std::string &uri, DDS::Security::SecurityException &ex)

bool	verify (const Certificate &ca)

const DDS::OctetSeq &	original () const

const std::string &	content () const

bool	verified () const

const std::string &	filename () const

bool	operator== (const SignedDocument &other) const

Private Member Functions
void	load_file (const std::string &path)

Private Attributes
DDS::OctetSeq	original_

std::string	content_

bool	verified_

std::string	filename_

Detailed Description

Definition at line 25 of file SignedDocument.h.

Constructor & Destructor Documentation

◆ SignedDocument() [1/2]

OpenDDS::Security::SSL::SignedDocument::SignedDocument ( const DDS::OctetSeq & src )

explicit

Definition at line 42 of file SignedDocument.cpp.

   : original_(src)
   , content_()
   , verified_(false)
   , filename_(data_filename)
 {
 }

◆ SignedDocument() [2/2]

OpenDDS::Security::SSL::SignedDocument::SignedDocument ( )

Definition at line 34 of file SignedDocument.cpp.

   : original_()
   , content_()
   , verified_(false)
   , filename_(default_filename)
 {
 }

◆ ~SignedDocument()

OpenDDS::Security::SSL::SignedDocument::~SignedDocument ( )

virtual

Definition at line 50 of file SignedDocument.cpp.

51 {

52 }

Member Function Documentation

◆ content()

const std::string& OpenDDS::Security::SSL::SignedDocument::content ( ) const

inline

Definition at line 36 of file SignedDocument.h.

Referenced by OpenDDS::Security::Governance::load(), OpenDDS::Security::Permissions::load(), and verify().

36 {return content_;}

OpenDDS::Security::SSL::SignedDocument::content_

std::string content_

Definition: SignedDocument.h:46

◆ filename()

const std::string& OpenDDS::Security::SSL::SignedDocument::filename ( void ) const

inline

Definition at line 38 of file SignedDocument.h.

References OpenDDS::Security::SSL::operator==().

Referenced by OpenDDS::Security::Governance::Governance(), OpenDDS::Security::Governance::load(), and OpenDDS::Security::Permissions::load().

38 {return filename_;}

OpenDDS::Security::SSL::SignedDocument::filename_

std::string filename_

Definition: SignedDocument.h:48

◆ load()

bool OpenDDS::Security::SSL::SignedDocument::load	(	const std::string &	uri,
		DDS::Security::SecurityException &	ex
	)

Definition at line 54 of file SignedDocument.cpp.

References ACE_ERROR, content_, OpenDDS::Security::CommonUtilities::URI::everything_else, filename_, LM_WARNING, load_file(), original_, OpenDDS::Security::CommonUtilities::URI::scheme, OpenDDS::Security::CommonUtilities::set_security_error(), OpenDDS::Security::CommonUtilities::URI::URI_DATA, OpenDDS::Security::CommonUtilities::URI::URI_FILE, OpenDDS::Security::CommonUtilities::URI::URI_PKCS11, OpenDDS::Security::CommonUtilities::URI::URI_UNKNOWN, and verified_.

Referenced by OpenDDS::Security::LocalAccessCredentialData::load().

 {
   using namespace CommonUtilities;
 
   original_.length(0);
   content_.clear();
   verified_ = false;
   filename_ = default_filename;
 
   URI uri_info(uri);
 
   switch (uri_info.scheme) {
   case URI::URI_FILE: {
     load_file(uri_info.everything_else);
     break;
   }
   case URI::URI_DATA:
     original_.length(static_cast<unsigned int>(uri_info.everything_else.length() + 1));
     std::memcpy(original_.get_buffer(), uri_info.everything_else.c_str(), uri_info.everything_else.length() + 1);
     filename_ = data_filename;
     break;
 
   case URI::URI_PKCS11:
   case URI::URI_UNKNOWN:
   default:
     ACE_ERROR((LM_WARNING,
                "(%P|%t) SSL::SignedDocument::load: WARNING: Unsupported URI scheme\n"));
     break;
   }
 
   if (original_.length() == 0) {
     std::stringstream msg;
     msg << "SSL::SignedDocument::load: WARNING: Failed to load document supplied "
       "with URI '"  << uri << "'";
     set_security_error(ex, -1, 0, msg.str().c_str());
     return false;
   }
 
   return true;
 }

◆ load_file()

void OpenDDS::Security::SSL::SignedDocument::load_file ( const std::string & path )

private

Definition at line 305 of file SignedDocument.cpp.

References ACE_ERROR, ACE_OS::fclose(), filename_, ACE_OS::fopen(), ACE_OS::fread(), LM_WARNING, ACE_OS::memcpy(), and original_.

Referenced by load().

 {
   filename_ = path;
 
 #ifdef ACE_ANDROID
   CORBA::Octet *buffer;
 
   char b[1024];
   FILE* fp = ACE_OS::fopen(path.c_str(), "rb");
 
   int n;
   int i = 0;
   while (!feof(fp)) {
     n = ACE_OS::fread(&b, 1, 1024, fp);
     i += n;
 
     original_.length(i + 1); // +1 for null byte at end of cert
     buffer = original_.get_buffer();
     ACE_OS::memcpy(buffer + i - n, b, n);
   }
 
   ACE_OS::fclose(fp);
 
   // To appease the other DDS security implementations which
   // append a null byte at the end of the cert.
   buffer[i + 1] = 0u;
 
 #else
   std::ifstream in(path.c_str(), std::ios::binary);
 
   if (!in) {
     ACE_ERROR((LM_WARNING,
                "(%P|%t) SignedDocument::PKCS7_from_SMIME_file:"
                "WARNING: Failed to load file '%C'; '%m'\n",
                path.c_str()));
     return;
   }
 
   const std::ifstream::pos_type begin = in.tellg();
   in.seekg(0, std::ios::end);
   const std::ifstream::pos_type end = in.tellg();
   in.seekg(0, std::ios::beg);
 
   original_.length(static_cast<CORBA::ULong>(end - begin + 1));
   in.read(reinterpret_cast<char*>(original_.get_buffer()), end - begin);
 
   if (!in) {
     ACE_ERROR((LM_WARNING,
                "(%P|%t) SignedDocument::PKCS7_from_SMIME_file:"
                "WARNING: Failed to load file '%C'; '%m'\n",
                path.c_str()));
     return;
   }
 
   // To appease the other DDS security implementations
   original_[original_.length() - 1] = 0u;
 #endif
 }

◆ operator==()

bool OpenDDS::Security::SSL::SignedDocument::operator== ( const SignedDocument & other ) const

Definition at line 364 of file SignedDocument.cpp.

References content_, OPENDDS_END_VERSIONED_NAMESPACE_DECL, original_, and verified_.

 {
   return original_ == other.original_ && content_ == other.content_ && verified_ == other.verified_;
 }

◆ original()

const DDS::OctetSeq& OpenDDS::Security::SSL::SignedDocument::original ( ) const

inline

Definition at line 35 of file SignedDocument.h.

Referenced by OpenDDS::Security::LocalAccessCredentialData::load(), and OpenDDS::Security::AccessControlBuiltInImpl::validate_local_permissions().

35 {return original_;}

OpenDDS::Security::SSL::SignedDocument::original_

DDS::OctetSeq original_

Definition: SignedDocument.h:45

◆ verified()

bool OpenDDS::Security::SSL::SignedDocument::verified ( ) const

inline

Definition at line 37 of file SignedDocument.h.

37 { return verified_; }

OpenDDS::Security::SSL::SignedDocument::verified_

bool verified_

Definition: SignedDocument.h:47

◆ verify()

bool OpenDDS::Security::SSL::SignedDocument::verify ( const Certificate & ca )

Definition at line 254 of file SignedDocument.cpp.

References OpenDDS::Security::SSL::Bio::bio(), content(), content_, OpenDDS::Security::SSL::Bio::get_mem_data(), OpenDDS::Security::SSL::Bio::new_mem(), OPENDDS_SSL_LOG_ERR, original_, OpenDDS::Security::SSL::StackOfX509::push(), verified_, OpenDDS::Security::SSL::PKCS7Doc::verify(), and OpenDDS::Security::SSL::Bio::write().

Referenced by OpenDDS::Security::LocalAccessCredentialData::verify().

 {
   content_.clear();
   verified_ = false;
 
   StackOfX509 certs;
   if (!certs) {
     return false;
   }
 
   if (!certs.push(ca)) {
     return false;
   }
 
   Bio filebuf;
   if (!filebuf.new_mem()) {
     return false;
   }
 
   if (!filebuf.write(original_.get_buffer(), original_.length())) {
     return false;
   }
 
   Bio bcont;
   PKCS7Doc doc(SMIME_read_PKCS7(filebuf.bio(), &bcont.bio()));
   if (!doc) {
     OPENDDS_SSL_LOG_ERR("SMIME_read_PKCS7 failed");
     return false;
   }
 
   Bio content;
   if (!content.new_mem()) {
     return false;
   }
 
   if (!doc.verify(&certs, 0, bcont, content, PKCS7_TEXT | PKCS7_NOVERIFY | PKCS7_NOINTERN)) {
     return false;
   }
 
   char* p = 0;
   long size = content.get_mem_data(&p);
   if (size < 0) {
     return false;
   }
 
   content_ = std::string(p, size);
   verified_ = true;
 
   return verified_;
 }

Member Data Documentation

◆ content_

std::string OpenDDS::Security::SSL::SignedDocument::content_

private

Definition at line 46 of file SignedDocument.h.

Referenced by load(), operator==(), and verify().

◆ filename_

std::string OpenDDS::Security::SSL::SignedDocument::filename_

private

Definition at line 48 of file SignedDocument.h.

Referenced by load(), and load_file().

◆ original_

DDS::OctetSeq OpenDDS::Security::SSL::SignedDocument::original_

private

Definition at line 45 of file SignedDocument.h.

Referenced by load(), load_file(), operator==(), and verify().

◆ verified_

bool OpenDDS::Security::SSL::SignedDocument::verified_

private

Definition at line 47 of file SignedDocument.h.

Referenced by load(), operator==(), and verify().

The documentation for this class was generated from the following files:

Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ SignedDocument() [1/2]

◆ SignedDocument() [2/2]

◆ ~SignedDocument()

Member Function Documentation

◆ content()

◆ filename()

◆ load()

◆ load_file()

◆ operator==()

◆ original()

◆ verified()

◆ verify()

Member Data Documentation

◆ content_

◆ filename_

◆ original_

◆ verified_