OpenDDS::Security::Permissions Class Reference

#include <Permissions.h>

Inheritance diagram for OpenDDS::Security::Permissions:
Inheritance graph
[legend]
Collaboration diagram for OpenDDS::Security::Permissions:
Collaboration graph
[legend]

List of all members.

Classes

struct  AcPerms
struct  PermissionGrantRule
struct  PermissionPartitionPs
struct  PermissionsPartition
struct  PermissionTopicPsRule
struct  PermissionTopicRule
struct  Validity_t

Public Types

enum  AllowDeny_t { ALLOW, DENY }
enum  PublishSubscribe_t { PUBLISH, SUBSCRIBE }
typedef DCPS::RcHandle
< Permissions		shared_ptr
typedef std::list
< PermissionTopicPsRule		TopicPsRules
typedef std::list
< PermissionPartitionPs		PartitionPsList
typedef std::list
< PermissionTopicRule		TopicRules
typedef std::list
< PermissionsPartition		Partitions
typedef std::vector
< PermissionGrantRule		PermissionGrantRules

Public Member Functions

 Permissions ()
int load (const SSL::SignedDocument &doc)
AcPermsdata ()
const std::string & subject_name ()

Private Member Functions

bool extract_subject_name (const SSL::SignedDocument &doc)

Private Attributes

AcPerms perm_data_
std::string subject_name_

Detailed Description

Definition at line 16 of file Permissions.h.

Member Typedef Documentation

typedef std::list<PermissionPartitionPs> OpenDDS::Security::Permissions::PartitionPsList

Definition at line 56 of file Permissions.h.

typedef std::list<PermissionsPartition> OpenDDS::Security::Permissions::Partitions

Definition at line 65 of file Permissions.h.

typedef std::vector<PermissionGrantRule> OpenDDS::Security::Permissions::PermissionGrantRules

Definition at line 76 of file Permissions.h.

typedef DCPS::RcHandle<Permissions> OpenDDS::Security::Permissions::shared_ptr

Definition at line 19 of file Permissions.h.

typedef std::list<PermissionTopicPsRule> OpenDDS::Security::Permissions::TopicPsRules

Definition at line 48 of file Permissions.h.

typedef std::list<PermissionTopicRule> OpenDDS::Security::Permissions::TopicRules

Definition at line 64 of file Permissions.h.

Member Enumeration Documentation

enum OpenDDS::Security::Permissions::AllowDeny_t
Enumerator:
ALLOW 
DENY 

Definition at line 21 of file Permissions.h.

00022   {
00023     ALLOW,
00024     DENY
00025   };

enum OpenDDS::Security::Permissions::PublishSubscribe_t
Enumerator:
PUBLISH 
SUBSCRIBE 

Definition at line 27 of file Permissions.h.

00028   {
00029     PUBLISH,
00030     SUBSCRIBE
00031   };

Constructor & Destructor Documentation

OpenDDS::Security::Permissions::Permissions (  ) 

Definition at line 21 of file Permissions.cpp.

00022   : perm_data_(), subject_name_()
00023 {
00024 
00025 }

Member Function Documentation

AcPerms& OpenDDS::Security::Permissions::data ( void   )  [inline]

Definition at line 89 of file Permissions.h.

References perm_data_.

00090   {
00091     return perm_data_;
00092   }

bool OpenDDS::Security::Permissions::extract_subject_name ( const SSL::SignedDocument doc  )  [private]

Definition at line 27 of file Permissions.cpp.

References OpenDDS::Security::SSL::SignedDocument::get_original_minus_smime(), and subject_name_.

Referenced by load().

00028 {
00029   doc.get_original_minus_smime(subject_name_);
00030 
00031   const std::string start_str("<subject_name>"), end_str("</subject_name>");
00032 
00033   size_t found_begin = subject_name_.find(start_str);
00034 
00035   if (found_begin != std::string::npos) {
00036     subject_name_.erase(0, found_begin + start_str.length());
00037     const char* t = " \t\n\r\f\v";
00038     subject_name_.erase(0, subject_name_.find_first_not_of(t));
00039 
00040   } else {
00041     return false;
00042   }
00043 
00044   size_t found_end = subject_name_.find(end_str);
00045 
00046   if (found_end != std::string::npos) {
00047     subject_name_.erase(found_end);
00048   } else {
00049     return false;
00050   }
00051 
00052   return true;
00053 }

Here is the call graph for this function:

Here is the caller graph for this function:

int OpenDDS::Security::Permissions::load ( const SSL::SignedDocument doc  ) 

Definition at line 72 of file Permissions.cpp.

References ACE_TEXT(), OpenDDS::Security::Permissions::PermissionsPartition::ad_type, OpenDDS::Security::Permissions::PermissionTopicRule::ad_type, ALLOW, OpenDDS::Security::Permissions::PermissionGrantRule::default_permission, DENY, OpenDDS::Security::Permissions::PermissionsPartition::domain_list, OpenDDS::Security::Permissions::PermissionTopicRule::domain_list, extract_subject_name(), OpenDDS::DCPS::unique_ptr< T, Deleter >::get(), OpenDDS::Security::SSL::SignedDocument::get_original_minus_smime(), OpenDDS::Security::Permissions::PermissionGrantRule::grant_name, LM_ERROR, OpenDDS::Security::Permissions::Validity_t::not_after, OpenDDS::Security::Permissions::Validity_t::not_before, parser, OpenDDS::Security::Permissions::PermissionPartitionPs::partition_list, OpenDDS::Security::Permissions::PermissionsPartition::partition_ps, perm_data_, OpenDDS::Security::Permissions::AcPerms::perm_rules, OpenDDS::Security::Permissions::PermissionGrantRule::PermissionPartitions, OpenDDS::Security::Permissions::PermissionGrantRule::PermissionTopicRules, OpenDDS::Security::Permissions::PermissionPartitionPs::ps_type, OpenDDS::Security::Permissions::PermissionTopicPsRule::ps_type, PUBLISH, OpenDDS::Security::Permissions::PermissionGrantRule::subject, SUBSCRIBE, OpenDDS::Security::Permissions::PermissionTopicPsRule::topic_list, OpenDDS::Security::Permissions::PermissionTopicRule::topic_ps_rules, OpenDDS::DCPS::toString(), and OpenDDS::Security::Permissions::PermissionGrantRule::validity.

00073 {
00074   using XML::XStr;
00075   static const char* gMemBufId = "gov buffer id";
00076 
00077   if (!extract_subject_name(doc))
00078   {
00079     ACE_ERROR((LM_ERROR, "Permissions::load: WARNING, Could not extract subject name from permissions file"));
00080     return -1;
00081   }
00082 
00083   DCPS::unique_ptr<xercesc::XercesDOMParser> parser(new xercesc::XercesDOMParser());
00084   parser->setValidationScheme(xercesc::XercesDOMParser::Val_Always);
00085   parser->setDoNamespaces(true);    // optional
00086   parser->setCreateCommentNodes(false);
00087 
00088   DCPS::unique_ptr<xercesc::ErrorHandler> errHandler((xercesc::ErrorHandler*) new xercesc::HandlerBase());
00089   parser->setErrorHandler(errHandler.get());
00090 
00091   std::string cleaned;
00092   doc.get_original_minus_smime(cleaned);
00093   xercesc::MemBufInputSource contentbuf((const XMLByte*) cleaned.c_str(),
00094                                         cleaned.size(),
00095                                         gMemBufId);
00096   try {
00097     parser->parse(contentbuf);
00098   }
00099   catch (const xercesc::XMLException& toCatch) {
00100     char* message = xercesc::XMLString::transcode(toCatch.getMessage());
00101     ACE_DEBUG((LM_ERROR, ACE_TEXT(
00102         "(%P|%t) AccessControlBuiltInImpl::load_permissions_file: Exception message is %C.\n"), message));
00103     xercesc::XMLString::release(&message);
00104     return -1;
00105   }
00106   catch (const xercesc::DOMException& toCatch) {
00107     char* message = xercesc::XMLString::transcode(toCatch.msg);
00108     ACE_DEBUG((LM_ERROR, ACE_TEXT(
00109         "(%P|%t) AccessControlBuiltInImpl::load_permissions_file: Exception message is: %C.\n"), message));
00110     xercesc::XMLString::release(&message);
00111     return -1;
00112   }
00113   catch (...) {
00114     ACE_DEBUG((LM_ERROR, ACE_TEXT(
00115         "(%P|%t) AccessControlBuiltInImpl::load_permissions_file: Unexpected Permissions XML Parser Exception.\n")));
00116     return -1;
00117   }
00118 
00119 
00120   // Successfully parsed the permissions file
00121 
00122   xercesc::DOMDocument* xmlDoc = parser->getDocument();
00123 
00124   xercesc::DOMElement* elementRoot = xmlDoc->getDocumentElement();
00125   if ( !elementRoot ) throw(std::runtime_error( "empty XML document" ));
00126 
00127 
00128   //TODO:  WARNING - this implementation only supports 1 permissions/grant set
00129  // Different from governance from here forward
00130   // Find the validity rules
00131   xercesc::DOMNodeList * grantRules = xmlDoc->getElementsByTagName(XStr("grant"));
00132 
00133   //PermissionGrantRules grant_rules_list_holder_;
00134 
00135   for (XMLSize_t r = 0; r < grantRules->getLength(); r++) {
00136     PermissionGrantRule rule_holder_;
00137 
00138     // Pull out the grant name for this grant
00139     xercesc::DOMNamedNodeMap * rattrs = grantRules->item(r)->getAttributes();
00140     rule_holder_.grant_name = toString(rattrs->item(0)->getTextContent());
00141 
00142     // Pull out subject name, validity, and default
00143     xercesc::DOMNodeList * grantNodes = grantRules->item(r)->getChildNodes();
00144 
00145     for ( XMLSize_t gn = 0; gn < grantNodes->getLength(); gn++) {
00146       const XStr g_tag = grantNodes->item(gn)->getNodeName();
00147 
00148       if (g_tag == "subject_name") {
00149         rule_holder_.subject = toString(grantNodes->item(gn)->getTextContent());
00150       } else if (g_tag == "validity") {
00151         //Validity_t gn_validity;
00152         xercesc::DOMNodeList *validityNodes = grantNodes->item(gn)->getChildNodes();
00153 
00154         for (XMLSize_t vn = 0; vn < validityNodes->getLength(); vn++) {
00155           const XStr v_tag = validityNodes->item(vn)->getNodeName();
00156 
00157           if (v_tag == "not_before") {
00158             rule_holder_.validity.not_before = toString(
00159                       (validityNodes->item(vn)->getTextContent()));
00160           } else if (v_tag == "not_after") {
00161             rule_holder_.validity.not_after = toString(
00162                       (validityNodes->item(vn)->getTextContent()));
00163           }
00164         }
00165       } else if (g_tag == "default") {
00166         rule_holder_.default_permission = toString(grantNodes->item(gn)->getTextContent());
00167       }
00168     }
00169     // Pull out allow/deny rules
00170     xercesc::DOMNodeList * adGrantNodes = grantRules->item(r)->getChildNodes();
00171 
00172     for (XMLSize_t gn = 0; gn < adGrantNodes->getLength(); gn++) {
00173       const XStr g_tag = adGrantNodes->item(gn)->getNodeName();
00174 
00175       if (g_tag == "allow_rule" || g_tag == "deny_rule") {
00176         PermissionTopicRule ptr_holder_;
00177         PermissionsPartition pp_holder_;
00178 
00179         ptr_holder_.ad_type = (g_tag == "allow_rule") ? ALLOW : DENY;
00180         pp_holder_.ad_type = (g_tag == "allow_rule") ? ALLOW : DENY;
00181 
00182         xercesc::DOMNodeList * adNodeChildren = adGrantNodes->item(gn)->getChildNodes();
00183 
00184         for (XMLSize_t anc = 0; anc < adNodeChildren->getLength(); anc++) {
00185           const XStr anc_tag = adNodeChildren->item(anc)->getNodeName();
00186 
00187           if (anc_tag == "domains") {   //domain list
00188             xercesc::DOMNodeList * domainIdNodes = adNodeChildren->item(anc)->getChildNodes();
00189 
00190             for (XMLSize_t did = 0; did < domainIdNodes->getLength(); did++) {
00191               if ("id" == XStr(domainIdNodes->item(did)->getNodeName())) {
00192                 ptr_holder_.domain_list.insert(toInt(domainIdNodes->item(did)->getTextContent()));
00193                 pp_holder_.domain_list.insert(toInt(domainIdNodes->item(did)->getTextContent()));
00194               }
00195               else if ("id_range" == XStr(domainIdNodes->item(did)->getNodeName())) {
00196                 int min_value = 0;
00197                 int max_value = 0;
00198                 xercesc::DOMNodeList * domRangeIdNodes = domainIdNodes->item(did)->getChildNodes();
00199 
00200                 for (XMLSize_t drid = 0; drid < domRangeIdNodes->getLength(); drid++) {
00201                   if ("min" == XStr(domRangeIdNodes->item(drid)->getNodeName())) {
00202                     min_value = toInt(domRangeIdNodes->item(drid)->getTextContent());
00203                   }
00204                   else if ("max" == XStr(domRangeIdNodes->item(drid)->getNodeName())) {
00205                     max_value = toInt(domRangeIdNodes->item(drid)->getTextContent());
00206 
00207                     if ((min_value == 0) || (min_value > max_value)) {
00208                       ACE_DEBUG((LM_ERROR, ACE_TEXT(
00209                           "(%P|%t) AccessControlBuiltInImpl::load_permissions_file: Permission XML Domain Range invalid.\n")));
00210                       return -1;
00211                     }
00212 
00213                     for (int i = min_value; i <= max_value; i++) {
00214                       ptr_holder_.domain_list.insert(i);
00215                       pp_holder_.domain_list.insert(i);
00216                     }
00217                   }
00218                 }
00219               }
00220             }
00221 
00222           } else if (anc_tag == "publish" || anc_tag == "subscribe") {   // pub sub nodes
00223             PermissionTopicPsRule anc_ps_rule_holder_;
00224             PermissionPartitionPs anc_ps_partition_holder_;
00225 
00226             anc_ps_rule_holder_.ps_type = (anc_tag == "publish") ? PUBLISH : SUBSCRIBE;
00227             anc_ps_partition_holder_.ps_type = anc_ps_rule_holder_.ps_type;
00228             xercesc::DOMNodeList * topicListNodes = adNodeChildren->item(anc)->getChildNodes();
00229 
00230             for (XMLSize_t tln = 0; tln < topicListNodes->getLength(); tln++) {
00231               if ("topics" == XStr(topicListNodes->item(tln)->getNodeName())) {
00232                 xercesc::DOMNodeList * topicNodes = topicListNodes->item(tln)->getChildNodes();
00233 
00234                 for (XMLSize_t tn = 0; tn < topicNodes->getLength(); tn++) {
00235                   if ("topic" == XStr(topicNodes->item(tn)->getNodeName())) {
00236                     anc_ps_rule_holder_.topic_list.push_back(toString(topicNodes->item(tn)->getTextContent()));
00237                   }
00238                 }
00239 
00240               }
00241               else if ("partitions" == XStr(topicListNodes->item(tln)->getNodeName())) {
00242                 xercesc::DOMNodeList * partitionNodes = topicListNodes->item(tln)->getChildNodes();
00243 
00244                 for (XMLSize_t pn = 0; pn < partitionNodes->getLength(); pn++) {
00245                   if ("partition" == XStr(partitionNodes->item(pn)->getNodeName())) {
00246                     anc_ps_partition_holder_.partition_list.push_back(toString(partitionNodes->item(pn)->getTextContent()));
00247                   }
00248                 }
00249               }
00250             }
00251 
00252             ptr_holder_.topic_ps_rules.push_back(anc_ps_rule_holder_);
00253             pp_holder_.partition_ps.push_back(anc_ps_partition_holder_);
00254           }
00255         }
00256 
00257         rule_holder_.PermissionTopicRules.push_back(ptr_holder_);
00258         rule_holder_.PermissionPartitions.push_back(pp_holder_);
00259       }
00260     }
00261 
00262     perm_data_.perm_rules.push_back(rule_holder_);
00263   } // grant_rules
00264 
00265   return 0;
00266 }

Here is the call graph for this function:

const std::string& OpenDDS::Security::Permissions::subject_name (  )  [inline]

Definition at line 94 of file Permissions.h.

References subject_name_.

00095   {
00096     return subject_name_;
00097   }

Member Data Documentation

AcPerms OpenDDS::Security::Permissions::perm_data_ [private]

Definition at line 103 of file Permissions.h.

Referenced by data(), and load().

std::string OpenDDS::Security::Permissions::subject_name_ [private]

Definition at line 104 of file Permissions.h.

Referenced by extract_subject_name(), and subject_name().

The documentation for this class was generated from the following files:
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines
Generated on 10 Aug 2018 for OpenDDS by  doxygen 1.6.1