LCOV - code coverage report
Current view: top level - DCPS/security/Authentication - LocalAuthCredentialData.cpp (source / functions) Hit Total Coverage
Test: coverage.info Lines: 58 75 77.3 %
Date: 2023-04-30 01:32:43 Functions: 5 6 83.3 % 

          Line data    Source code
       1             : /*
       2             :  * Distributed under the OpenDDS License.
       3             :  * See: http://www.OpenDDS.org/license.html
       4             :  */
       5             : 
       6             : #include "LocalAuthCredentialData.h"
       7             : 
       8             : #include "dds/DCPS/SequenceIterator.h"
       9             : #include "dds/DCPS/debug.h"
      10             : #include "dds/DCPS/security/CommonUtilities.h"
      11             : #include "dds/DCPS/security/TokenReader.h"
      12             : #include "dds/DCPS/security/framework/Properties.h"
      13             : 
      14             : #include <algorithm>
      15             : #include <cstring>
      16             : #include <cerrno>
      17             : 
      18             : OPENDDS_BEGIN_VERSIONED_NAMESPACE_DECL
      19             : 
      20             : namespace OpenDDS {
      21             : namespace Security {
      22             : 
      23             : using namespace CommonUtilities;
      24             : 
      25          26 : int CredentialHash::operator()(DDS::OctetSeq& dst) const
      26             : {
      27          26 :   const DDS::OctetSeq& perm_data = permissions_data_;
      28          26 :   const DDS::OctetSeq& topic_data = participant_topic_data_;
      29             : 
      30          26 :   DDS::BinaryPropertySeq hash_data;
      31          26 :   DCPS::SequenceBackInsertIterator<DDS::BinaryPropertySeq> inserter(hash_data);
      32             : 
      33          26 :   DDS::BinaryProperty_t cid, cperm, cpdata, cdsign_algo, ckagree_algo;
      34             : 
      35          26 :   cid.name = "c.id";
      36          26 :   cid.value = pubcert_.original_bytes();
      37          26 :   cid.propagate = true;
      38             : 
      39          26 :   cperm.name = "c.perm";
      40          26 :   cperm.value = perm_data;
      41          26 :   cperm.propagate = true;
      42             : 
      43          26 :   cpdata.name = "c.pdata";
      44          26 :   cpdata.value = topic_data;
      45          26 :   cpdata.propagate = true;
      46             : 
      47          26 :   cdsign_algo.name = "c.dsign_algo";
      48          26 :   const char* cdsign_algo_str = pubcert_.dsign_algo();
      49          26 :   cdsign_algo.value.length(static_cast<unsigned int>(std::strlen(cdsign_algo_str)) + 1);
      50          26 :   std::memcpy(cdsign_algo.value.get_buffer(), cdsign_algo_str, cdsign_algo.value.length());
      51          26 :   cdsign_algo.propagate = true;
      52             : 
      53          26 :   ckagree_algo.name = "c.kagree_algo";
      54          26 :   const char* ckagree_algo_str = dh_.kagree_algo();
      55          26 :   ckagree_algo.value.length(static_cast<unsigned int>(std::strlen(ckagree_algo_str)) + 1);
      56          26 :   std::memcpy(ckagree_algo.value.get_buffer(), ckagree_algo_str, ckagree_algo.value.length());
      57          26 :   ckagree_algo.propagate = true;
      58             : 
      59          26 :   *inserter = cid;
      60          26 :   *inserter = cperm;
      61          26 :   *inserter = cpdata;
      62          26 :   *inserter = cdsign_algo;
      63          26 :   *inserter = ckagree_algo;
      64             : 
      65          52 :   return SSL::hash_serialized(hash_data, dst);
      66          26 : }
      67             : 
      68          22 : LocalAuthCredentialData::LocalAuthCredentialData()
      69             : {
      70          22 : }
      71             : 
      72          44 : LocalAuthCredentialData::~LocalAuthCredentialData()
      73             : {
      74          44 : }
      75             : 
      76           0 : bool LocalAuthCredentialData::load_access_permissions(const DDS::Security::PermissionsCredentialToken& src,
      77             :                                                       DDS::Security::SecurityException& ex)
      78             : {
      79           0 :   const char* cperm = TokenReader(src).get_property_value("dds.perm.cert");
      80           0 :   if (!cperm) {
      81           0 :     set_security_error(ex, -1, 0,
      82             :                        "LocalAuthCredentialData::load_access_permissions: "
      83             :                        "no 'dds.perm.cert' property provided");
      84           0 :     return false;
      85             :   }
      86             : 
      87           0 :   const size_t len = std::strlen(cperm);
      88           0 :   access_permissions_.length(static_cast<CORBA::ULong>(len + 1));
      89           0 :   std::memcpy(&access_permissions_[0], cperm, len + 1); // copies the NULL
      90             : 
      91           0 :   return true;
      92             : }
      93             : 
      94          22 : bool LocalAuthCredentialData::load_credentials(const DDS::PropertySeq& props, DDS::Security::SecurityException& ex)
      95             : {
      96          22 :   if (DCPS::DCPS_debug_level) {
      97           0 :     ACE_DEBUG((LM_DEBUG, "(%P|%t) LocalAuthCredentialData::load: Number of Properties: %i\n", props.length()));
      98             :   }
      99             : 
     100          22 :   std::string pkey_uri, password;
     101         132 :   for (unsigned int i = 0; i < props.length(); ++i) {
     102         220 :     const std::string name = props[i].name.in(), value = props[i].value.in();
     103             : 
     104         110 :     if (DCPS::DCPS_debug_level) {
     105           0 :       ACE_DEBUG((LM_DEBUG, "(%P|%t) LocalAuthCredentialData::load: property %i: %C: %C\n",
     106             :                  i, name.c_str(), value.c_str()));
     107             :     }
     108             : 
     109         110 :     if (name == DDS::Security::Properties::AuthIdentityCA) {
     110          22 :       ca_cert_.reset(new SSL::Certificate(value));
     111             : 
     112          88 :     } else if (name == DDS::Security::Properties::AuthPrivateKey) {
     113          22 :       pkey_uri = value;
     114             : 
     115          66 :     } else if (name == DDS::Security::Properties::AuthIdentityCertificate) {
     116          22 :       participant_cert_.reset(new SSL::Certificate(value));
     117             : 
     118          44 :     } else if (name == DDS::Security::Properties::AuthPassword) {
     119          22 :       password = value;
     120             : 
     121             :     }
     122         110 :   }
     123             : 
     124          22 :   if (!pkey_uri.empty()) {
     125          22 :     participant_pkey_.reset(new SSL::PrivateKey(pkey_uri, password));
     126             :   }
     127             : 
     128          22 :   if (!ca_cert_) {
     129           0 :     set_security_error(ex, -1, 0, "LocalAuthCredentialData::load: failed to load CA certificate");
     130           0 :     return false;
     131             : 
     132          22 :   } else if (!participant_cert_) {
     133           0 :     set_security_error(ex, -1, 0, "LocalAuthCredentialData::load: failed to load participant certificate");
     134           0 :     return false;
     135             : 
     136          22 :   } else if (!participant_pkey_) {
     137           0 :     set_security_error(ex, -1, 0, "LocalAuthCredentialData::load: failed to load participant private key");
     138           0 :     return false;
     139             :   }
     140             : 
     141          22 :   return true;
     142          22 : }
     143             : 
     144             : }
     145             : }
     146             : 
     147             : OPENDDS_END_VERSIONED_NAMESPACE_DECL

Generated by: LCOV version 1.16