#include <SignedDocument.h>
Public Types | |
| typedef DCPS::unique_ptr < SignedDocument > | unique_ptr |
Public Member Functions | |
| SignedDocument (const std::string &uri) | |
| SignedDocument (const DDS::OctetSeq &src) | |
| SignedDocument (const SignedDocument &rhs) | |
| SignedDocument () | |
| virtual | ~SignedDocument () |
| SignedDocument & | operator= (const SignedDocument &rhs) |
| bool | load (const std::string &uri, DDS::Security::SecurityException &ex) |
| void | get_original (std::string &dst) const |
| const DDS::OctetSeq & | get_original () const |
| const std::string & | get_verifiable () const |
| bool | get_original_minus_smime (std::string &dst) const |
| int | verify_signature (const Certificate &ca) const |
| int | serialize (DDS::OctetSeq &dst) const |
| int | deserialize (const DDS::OctetSeq &src) |
| int | deserialize (const std::string &src) |
Private Member Functions | |
| bool | loaded () |
| int | cache_verifiable (BIO *from) |
| PKCS7 * | PKCS7_from_SMIME_file (const std::string &path) |
| PKCS7 * | PKCS7_from_data (const DDS::OctetSeq &s_mime_data) |
Private Attributes | |
| PKCS7 * | doc_ |
| DDS::OctetSeq | original_ |
| std::string | verifiable_ |
Friends | |
| DdsSecurity_Export bool | operator== (const SignedDocument &lhs, const SignedDocument &rhs) |
Definition at line 20 of file SignedDocument.h.
Definition at line 23 of file SignedDocument.h.
| OpenDDS::Security::SSL::SignedDocument::SignedDocument | ( | const std::string & | uri | ) |
Definition at line 21 of file SignedDocument.cpp.
References LM_WARNING, load(), and DDS::Security::SecurityException::message.
00022 : doc_(NULL), original_(), verifiable_("") 00023 { 00024 DDS::Security::SecurityException ex; 00025 if (! load(uri, ex)) { 00026 ACE_ERROR((LM_WARNING, "(%P|%t) %C\n", ex.message.in())); 00027 } 00028 }
| OpenDDS::Security::SSL::SignedDocument::SignedDocument | ( | const DDS::OctetSeq & | src | ) |
Definition at line 35 of file SignedDocument.cpp.
References deserialize().
00036 : doc_(NULL), original_(), verifiable_("") 00037 { 00038 deserialize(src); 00039 }
| OpenDDS::Security::SSL::SignedDocument::SignedDocument | ( | const SignedDocument & | rhs | ) |
Definition at line 41 of file SignedDocument.cpp.
References deserialize(), and original_.
00042 : doc_(NULL), original_(), verifiable_("") 00043 { 00044 if (0 < rhs.original_.length()) { 00045 deserialize(rhs.original_); 00046 } 00047 }
| OpenDDS::Security::SSL::SignedDocument::SignedDocument | ( | ) |
Definition at line 30 of file SignedDocument.cpp.
00031 : doc_(NULL), original_(), verifiable_("") 00032 { 00033 }
| OpenDDS::Security::SSL::SignedDocument::~SignedDocument | ( | ) | [virtual] |
Definition at line 49 of file SignedDocument.cpp.
References doc_.
| int OpenDDS::Security::SSL::SignedDocument::cache_verifiable | ( | BIO * | from | ) | [private] |
| from | BIO containing data populated by a call to SMIME_read_PKCS7. |
Definition at line 265 of file SignedDocument.cpp.
References doc_, len, and verifiable_.
Referenced by PKCS7_from_data().
00266 { 00267 if (!doc_ || !from) { 00268 return 1; 00269 } 00270 00271 unsigned char tmp[32] = { 0 }; 00272 int len = 0; 00273 while ((len = BIO_read(from, tmp, sizeof(tmp))) > 0) { 00274 verifiable_.insert(verifiable_.end(), tmp, tmp + len); 00275 } 00276 00277 if (0 < verifiable_.length()) { 00278 return 0; 00279 } 00280 00281 return 1; 00282 }
| int OpenDDS::Security::SSL::SignedDocument::deserialize | ( | const std::string & | src | ) |
Definition at line 243 of file SignedDocument.cpp.
References OpenDDS::DCPS::back_inserter(), doc_, LM_WARNING, original_, and PKCS7_from_data().
00244 { 00245 if (doc_) { 00246 ACE_ERROR((LM_WARNING, "(%P|%t) SSL::Certificate::deserialize: WARNING, an X509 certificate has already been loaded\n")); 00247 return 1; 00248 } 00249 00250 DCPS::SequenceBackInsertIterator<DDS::OctetSeq> back_inserter(original_); 00251 std::copy(src.begin(), src.end(), back_inserter); 00252 00253 // To appease the other DDS security implementations 00254 *back_inserter = 0u; 00255 00256 if (0 < original_.length()) { 00257 PKCS7_from_data(original_); 00258 if (! doc_) { 00259 return 1; 00260 } 00261 } 00262 return 0; 00263 }
| int OpenDDS::Security::SSL::SignedDocument::deserialize | ( | const DDS::OctetSeq & | src | ) |
Definition at line 223 of file SignedDocument.cpp.
References OpenDDS::DCPS::back_inserter(), OpenDDS::DCPS::const_sequence_begin(), OpenDDS::DCPS::const_sequence_end(), doc_, LM_WARNING, original_, and PKCS7_from_data().
Referenced by load(), operator=(), SignedDocument(), and OpenDDS::Security::AccessControlBuiltInImpl::validate_remote_permissions().
00224 { 00225 if (doc_) { 00226 ACE_ERROR((LM_WARNING, "(%P|%t) SSL::Certificate::deserialize: WARNING, an X509 certificate has already been loaded\n")); 00227 return 1; 00228 } 00229 00230 // Assume the trailing null is already set 00231 00232 std::copy(DCPS::const_sequence_begin(src), 00233 DCPS::const_sequence_end(src), 00234 DCPS::back_inserter(original_)); 00235 00236 if (0 < original_.length()) { 00237 PKCS7_from_data(original_); 00238 } 00239 00240 return 0; 00241 }
| const DDS::OctetSeq& OpenDDS::Security::SSL::SignedDocument::get_original | ( | ) | const [inline] |
Definition at line 44 of file SignedDocument.h.
Referenced by get_original_minus_smime().
00045 { 00046 return original_; 00047 }
| void OpenDDS::Security::SSL::SignedDocument::get_original | ( | std::string & | dst | ) | const |
Definition at line 103 of file SignedDocument.cpp.
References OpenDDS::DCPS::back_inserter(), OpenDDS::DCPS::const_sequence_begin(), OpenDDS::DCPS::const_sequence_end(), and original_.
Referenced by OpenDDS::Security::AccessControlBuiltInImpl::validate_local_permissions().
00104 { 00105 dst = ""; 00106 00107 std::copy(DCPS::const_sequence_begin(original_), 00108 DCPS::const_sequence_end(original_), 00109 std::back_inserter(dst)); 00110 }
| bool OpenDDS::Security::SSL::SignedDocument::get_original_minus_smime | ( | std::string & | dst | ) | const |
Definition at line 112 of file SignedDocument.cpp.
References get_original().
Referenced by OpenDDS::Security::Permissions::extract_subject_name(), OpenDDS::Security::Permissions::load(), and OpenDDS::Security::Governance::load().
00113 { 00114 const std::string start_str("Content-Type: text/plain"), 00115 end_str("dds>"); 00116 00117 get_original(dst); 00118 00119 size_t found_begin = dst.find(start_str); 00120 00121 if (found_begin != std::string::npos) { 00122 dst.erase(0, found_begin + start_str.length()); 00123 00124 const char* t = " \t\n\r\f\v"; 00125 00126 dst.erase(0, dst.find_first_not_of(t)); 00127 } 00128 else { 00129 return false; 00130 } 00131 00132 size_t found_end = dst.find(end_str); 00133 00134 if (found_end != std::string::npos) { 00135 dst.erase(found_end + end_str.length()); 00136 } 00137 else { 00138 return false; 00139 } 00140 00141 return true; 00142 }
| const std::string& OpenDDS::Security::SSL::SignedDocument::get_verifiable | ( | ) | const [inline] |
Definition at line 49 of file SignedDocument.h.
00050 { 00051 return verifiable_; 00052 }
| bool OpenDDS::Security::SSL::SignedDocument::load | ( | const std::string & | uri, | |
| DDS::Security::SecurityException & | ex | |||
| ) |
Definition at line 64 of file SignedDocument.cpp.
References deserialize(), doc_, OpenDDS::Security::CommonUtilities::URI::everything_else, LM_WARNING, loaded(), PKCS7_from_SMIME_file(), OpenDDS::Security::CommonUtilities::URI::scheme, OpenDDS::Security::CommonUtilities::set_security_error(), OpenDDS::Security::CommonUtilities::URI::URI_DATA, OpenDDS::Security::CommonUtilities::URI::URI_FILE, OpenDDS::Security::CommonUtilities::URI::URI_PKCS11, and OpenDDS::Security::CommonUtilities::URI::URI_UNKNOWN.
Referenced by SignedDocument().
00065 { 00066 using namespace CommonUtilities; 00067 00068 if (doc_) { 00069 set_security_error(ex, -1, 0, "SSL::SignedDocument::load: WARNING: document already loaded"); 00070 return false; 00071 } 00072 00073 URI uri_info(uri); 00074 00075 switch (uri_info.scheme) { 00076 case URI::URI_FILE: 00077 PKCS7_from_SMIME_file(uri_info.everything_else); 00078 break; 00079 00080 case URI::URI_DATA: 00081 deserialize(uri_info.everything_else); 00082 break; 00083 00084 case URI::URI_PKCS11: 00085 case URI::URI_UNKNOWN: 00086 default: 00087 ACE_ERROR((LM_WARNING, 00088 "(%P|%t) SSL::SignedDocument::load: WARNING: Unsupported URI scheme\n")); 00089 break; 00090 } 00091 00092 if (! loaded()) { 00093 std::stringstream msg; 00094 msg << "SSL::SignedDocument::load: WARNING: Failed to load document supplied " 00095 "with URI '" << uri << "'"; 00096 set_security_error(ex, -1, 0, msg.str().c_str()); 00097 return false; 00098 } 00099 00100 return true; 00101 }
| bool OpenDDS::Security::SSL::SignedDocument::loaded | ( | ) | [inline, private] |
Definition at line 78 of file SignedDocument.h.
Referenced by load().
00078 { 00079 return (doc_ != NULL) && 00080 (0 < original_.length()) && 00081 (0 < verifiable_.length()); 00082 }
| SignedDocument & OpenDDS::Security::SSL::SignedDocument::operator= | ( | const SignedDocument & | rhs | ) |
Definition at line 54 of file SignedDocument.cpp.
References deserialize(), and original_.
00055 { 00056 if (this != &rhs) { 00057 if (0 < rhs.original_.length()) { 00058 deserialize(rhs.original_); 00059 } 00060 } 00061 return *this; 00062 }
| PKCS7 * OpenDDS::Security::SSL::SignedDocument::PKCS7_from_data | ( | const DDS::OctetSeq & | s_mime_data | ) | [private] |
Definition at line 312 of file SignedDocument.cpp.
References cache_verifiable(), doc_, LM_ERROR, and OPENDDS_SSL_LOG_ERR.
Referenced by deserialize(), and PKCS7_from_SMIME_file().
00313 { 00314 if (doc_) { 00315 ACE_ERROR((LM_ERROR, 00316 "(%P|%t) SignedDocument::PKCS7_from_data: " 00317 "WARNING: document has already been constructed\n")); 00318 return NULL; 00319 } 00320 00321 BIO* filebuf = BIO_new(BIO_s_mem()); 00322 00323 if (filebuf) { 00324 if (0 >= BIO_write(filebuf, s_mime_data.get_buffer(), 00325 s_mime_data.length())) { 00326 OPENDDS_SSL_LOG_ERR("BIO_write failed"); 00327 } 00328 00329 BIO* cache_this = NULL; 00330 00331 doc_ = SMIME_read_PKCS7(filebuf, &cache_this); 00332 00333 if (!doc_) { 00334 OPENDDS_SSL_LOG_ERR("SMIME_read_PKCS7 failed"); 00335 } 00336 00337 if (0 != cache_verifiable(cache_this)) { 00338 ACE_ERROR((LM_ERROR, 00339 "(%P|%t) SignedDocument::PKCS7_from_data: " 00340 "WARNING: failed to cache verifiable part of S/MIME data\n")); 00341 } 00342 00343 BIO_free(filebuf); 00344 BIO_free(cache_this); 00345 00346 } else { 00347 std::stringstream errmsg; 00348 errmsg << "failed to create data '" << s_mime_data << "' using BIO_new"; 00349 OPENDDS_SSL_LOG_ERR(errmsg.str().c_str()); 00350 } 00351 00352 return doc_; 00353 }
| PKCS7 * OpenDDS::Security::SSL::SignedDocument::PKCS7_from_SMIME_file | ( | const std::string & | path | ) | [private] |
Definition at line 284 of file SignedDocument.cpp.
References OpenDDS::DCPS::back_inserter(), LM_ERROR, original_, PKCS7_from_data(), and strerror().
Referenced by load().
00285 { 00286 std::ifstream in(path.c_str(), std::ios::binary); 00287 00288 DCPS::SequenceBackInsertIterator<DDS::OctetSeq> back_inserter(original_); 00289 00290 std::copy((std::istreambuf_iterator<char>(in)), 00291 std::istreambuf_iterator<char>(), 00292 back_inserter); 00293 00294 if (in.fail()) { 00295 ACE_ERROR((LM_ERROR, 00296 "(%P|%t) SignedDocument::PKCS7_from_SMIME_file:" 00297 "WARNING: Failed to load file '%C'; errno: '%C'\n", 00298 path.c_str(), strerror(errno))); 00299 return NULL; 00300 } 00301 00302 // To appease the other DDS security implementations 00303 *back_inserter = 0u; 00304 00305 if (0 < original_.length()) { 00306 return PKCS7_from_data(original_); 00307 } 00308 00309 return NULL; 00310 }
| int OpenDDS::Security::SSL::SignedDocument::serialize | ( | DDS::OctetSeq & | dst | ) | const |
Definition at line 210 of file SignedDocument.cpp.
References OpenDDS::DCPS::back_inserter(), OpenDDS::DCPS::const_sequence_begin(), OpenDDS::DCPS::const_sequence_end(), and original_.
00211 { 00212 std::copy(DCPS::const_sequence_begin(original_), 00213 DCPS::const_sequence_end(original_), 00214 DCPS::back_inserter(dst)); 00215 00216 if (dst.length() == original_.length()) { 00217 return 0; 00218 } 00219 00220 return 1; 00221 }
| int OpenDDS::Security::SSL::SignedDocument::verify_signature | ( | const Certificate & | ca | ) | const |
Definition at line 204 of file SignedDocument.cpp.
References doc_, and verifiable_.
Referenced by OpenDDS::Security::AccessControlBuiltInImpl::validate_local_permissions(), and OpenDDS::Security::AccessControlBuiltInImpl::validate_remote_permissions().
00205 { 00206 verify_signature_impl verify(doc_, verifiable_); 00207 return verify(ca); 00208 }
| DdsSecurity_Export bool operator== | ( | const SignedDocument & | lhs, | |
| const SignedDocument & | rhs | |||
| ) | [friend] |
PKCS7* OpenDDS::Security::SSL::SignedDocument::doc_ [private] |
Definition at line 95 of file SignedDocument.h.
Referenced by cache_verifiable(), deserialize(), load(), PKCS7_from_data(), verify_signature(), and ~SignedDocument().
Definition at line 96 of file SignedDocument.h.
Referenced by deserialize(), get_original(), operator=(), PKCS7_from_SMIME_file(), serialize(), and SignedDocument().
std::string OpenDDS::Security::SSL::SignedDocument::verifiable_ [private] |
Definition at line 97 of file SignedDocument.h.
Referenced by cache_verifiable(), and verify_signature().
1.6.1
