AccessControlBuiltInImpl.h

Go to the documentation of this file.
00001 /*
00002  *
00003  *
00004  * Distributed under the OpenDDS License.
00005  * See: http://www.OpenDDS.org/license.html
00006  */
00007 
00008 
00009 
00010 #ifndef DDS_ACCESS_CONTROL_BUILTIN_IMPL_H
00011 #define DDS_ACCESS_CONTROL_BUILTIN_IMPL_H
00012 
00013 #include "dds/DCPS/security/DdsSecurity_Export.h"
00014 #include "dds/DdsSecurityCoreC.h"
00015 #include "dds/Versioned_Namespace.h"
00016 #include "dds/DCPS/Service_Participant.h"
00017 
00018 #include "ace/Thread_Mutex.h"
00019 #include "ace/Reactor.h"
00020 #include <map>
00021 #include <set>
00022 #include <list>
00023 #include <vector>
00024 #include <string>
00025 #include <memory>
00026 
00027 #include "AccessControl/LocalCredentialData.h"
00028 #include "AccessControl/Governance.h"
00029 #include "AccessControl/Permissions.h"
00030 
00031 #if !defined (ACE_LACKS_PRAGMA_ONCE)
00032 #pragma once
00033 #endif /* ACE_LACKS_PRAGMA_ONCE */
00034 
00035 class DDS_TEST;
00036 
00037 OPENDDS_BEGIN_VERSIONED_NAMESPACE_DECL
00038 
00039 namespace OpenDDS {
00040 namespace Security {
00041 
00042 
00043 /**
00044 * @class AccessControlBuiltInImpl
00045 *
00046 * @brief Implements the DDS built-in version of the Access Control
00047 * plugin for the DDS Security Specification
00048 *
00049 * See the DDS security specification, OMG formal/17-09-20, for a description of
00050 * the interface this class is implementing.
00051 *
00052 */
00053 class DdsSecurity_Export  AccessControlBuiltInImpl
00054         : public virtual DDS::Security::AccessControl
00055 {
00056 public:
00057   AccessControlBuiltInImpl();
00058   virtual ~AccessControlBuiltInImpl();
00059 
00060   virtual ::DDS::Security::PermissionsHandle validate_local_permissions (
00061     ::DDS::Security::Authentication_ptr auth_plugin,
00062     ::DDS::Security::IdentityHandle identity,
00063     ::DDS::Security::DomainId_t domain_id,
00064     const ::DDS::DomainParticipantQos & participant_qos,
00065     ::DDS::Security::SecurityException & ex);
00066 
00067   virtual ::DDS::Security::PermissionsHandle validate_remote_permissions (
00068     ::DDS::Security::Authentication_ptr auth_plugin,
00069     ::DDS::Security::IdentityHandle local_identity_handle,
00070     ::DDS::Security::IdentityHandle remote_identity_handle,
00071     const ::DDS::Security::PermissionsToken & remote_permissions_token,
00072     const ::DDS::Security::AuthenticatedPeerCredentialToken & remote_credential_token,
00073     ::DDS::Security::SecurityException & ex);
00074 
00075   virtual ::CORBA::Boolean check_create_participant (
00076     ::DDS::Security::PermissionsHandle permissions_handle,
00077     ::DDS::Security::DomainId_t domain_id,
00078     const ::DDS::DomainParticipantQos & qos,
00079     ::DDS::Security::SecurityException & ex);
00080 
00081   virtual ::CORBA::Boolean check_create_datawriter (
00082     ::DDS::Security::PermissionsHandle permissions_handle,
00083     ::DDS::Security::DomainId_t domain_id,
00084     const char * topic_name,
00085     const ::DDS::DataWriterQos & qos,
00086     const ::DDS::PartitionQosPolicy & partition,
00087     const ::DDS::Security::DataTags & data_tag,
00088     ::DDS::Security::SecurityException & ex);
00089 
00090   virtual ::CORBA::Boolean check_create_datareader (
00091     ::DDS::Security::PermissionsHandle permissions_handle,
00092     ::DDS::Security::DomainId_t domain_id,
00093     const char * topic_name,
00094     const ::DDS::DataReaderQos & qos,
00095     const ::DDS::PartitionQosPolicy & partition,
00096     const ::DDS::Security::DataTags & data_tag,
00097     ::DDS::Security::SecurityException & ex);
00098 
00099   virtual ::CORBA::Boolean check_create_topic (
00100     ::DDS::Security::PermissionsHandle permissions_handle,
00101     ::DDS::Security::DomainId_t domain_id,
00102     const char * topic_name,
00103     const ::DDS::TopicQos & qos,
00104     ::DDS::Security::SecurityException & ex);
00105 
00106   virtual ::CORBA::Boolean check_local_datawriter_register_instance (
00107     ::DDS::Security::PermissionsHandle permissions_handle,
00108     ::DDS::DataWriter_ptr writer,
00109     ::DDS::Security::DynamicData_ptr key,
00110     ::DDS::Security::SecurityException & ex);
00111 
00112   virtual ::CORBA::Boolean check_local_datawriter_dispose_instance (
00113     ::DDS::Security::PermissionsHandle permissions_handle,
00114     ::DDS::DataWriter_ptr writer,
00115     ::DDS::Security::DynamicData_ptr key,
00116     ::DDS::Security::SecurityException & ex);
00117 
00118   virtual ::CORBA::Boolean check_remote_participant (
00119     ::DDS::Security::PermissionsHandle permissions_handle,
00120     ::DDS::Security::DomainId_t domain_id,
00121     const ::DDS::Security::ParticipantBuiltinTopicDataSecure & participant_data,
00122     ::DDS::Security::SecurityException & ex);
00123 
00124   virtual ::CORBA::Boolean check_remote_datawriter (
00125     ::DDS::Security::PermissionsHandle permissions_handle,
00126     ::DDS::Security::DomainId_t domain_id,
00127     const ::DDS::Security::PublicationBuiltinTopicDataSecure & publication_data,
00128     ::DDS::Security::SecurityException & ex);
00129 
00130   virtual ::CORBA::Boolean check_remote_datareader (
00131     ::DDS::Security::PermissionsHandle permissions_handle,
00132     ::DDS::Security::DomainId_t domain_id,
00133     const ::DDS::Security::SubscriptionBuiltinTopicDataSecure & subscription_data,
00134     ::CORBA::Boolean & relay_only,
00135     ::DDS::Security::SecurityException & ex);
00136 
00137   virtual ::CORBA::Boolean check_remote_topic (
00138     ::DDS::Security::PermissionsHandle permissions_handle,
00139     ::DDS::Security::DomainId_t domain_id,
00140     const ::DDS::TopicBuiltinTopicData & topic_data,
00141     ::DDS::Security::SecurityException & ex);
00142 
00143   virtual ::CORBA::Boolean check_local_datawriter_match (
00144     ::DDS::Security::PermissionsHandle writer_permissions_handle,
00145     ::DDS::Security::PermissionsHandle reader_permissions_handle,
00146     const ::DDS::Security::PublicationBuiltinTopicDataSecure & publication_data,
00147     const ::DDS::Security::SubscriptionBuiltinTopicDataSecure & subscription_data,
00148     ::DDS::Security::SecurityException & ex);
00149 
00150   virtual ::CORBA::Boolean check_local_datareader_match (
00151     ::DDS::Security::PermissionsHandle reader_permissions_handle,
00152     ::DDS::Security::PermissionsHandle writer_permissions_handle,
00153     const ::DDS::Security::SubscriptionBuiltinTopicDataSecure & subscription_data,
00154     const ::DDS::Security::PublicationBuiltinTopicDataSecure & publication_data,
00155     ::DDS::Security::SecurityException & ex);
00156 
00157   virtual ::CORBA::Boolean check_remote_datawriter_register_instance (
00158     ::DDS::Security::PermissionsHandle permissions_handle,
00159     ::DDS::DataReader_ptr reader,
00160     ::DDS::InstanceHandle_t publication_handle,
00161     ::DDS::Security::DynamicData_ptr key,
00162     ::DDS::InstanceHandle_t instance_handle,
00163     ::DDS::Security::SecurityException & ex);
00164 
00165   virtual ::CORBA::Boolean check_remote_datawriter_dispose_instance (
00166     ::DDS::Security::PermissionsHandle permissions_handle,
00167     ::DDS::DataReader_ptr reader,
00168     ::DDS::InstanceHandle_t publication_handle,
00169     ::DDS::Security::DynamicData_ptr key,
00170     ::DDS::Security::SecurityException & ex);
00171 
00172   virtual ::CORBA::Boolean get_permissions_token (
00173     ::DDS::Security::PermissionsToken & permissions_token,
00174     ::DDS::Security::PermissionsHandle handle,
00175     ::DDS::Security::SecurityException & ex);
00176 
00177   virtual ::CORBA::Boolean get_permissions_credential_token (
00178     ::DDS::Security::PermissionsCredentialToken & permissions_credential_token,
00179     ::DDS::Security::PermissionsHandle handle,
00180     ::DDS::Security::SecurityException & ex);
00181 
00182   virtual ::CORBA::Boolean set_listener (
00183     ::DDS::Security::AccessControlListener_ptr listener,
00184     ::DDS::Security::SecurityException & ex);
00185 
00186   virtual ::CORBA::Boolean return_permissions_token (
00187     const ::DDS::Security::PermissionsToken & token,
00188     ::DDS::Security::SecurityException & ex);
00189 
00190   virtual ::CORBA::Boolean return_permissions_credential_token (
00191     const ::DDS::Security::PermissionsCredentialToken & permissions_credential_token,
00192     ::DDS::Security::SecurityException & ex);
00193 
00194   virtual ::CORBA::Boolean get_participant_sec_attributes (
00195     ::DDS::Security::PermissionsHandle permissions_handle,
00196     ::DDS::Security::ParticipantSecurityAttributes & attributes,
00197     ::DDS::Security::SecurityException & ex);
00198 
00199   virtual ::CORBA::Boolean get_topic_sec_attributes (
00200     ::DDS::Security::PermissionsHandle permissions_handle,
00201     const char * topic_name,
00202     ::DDS::Security::TopicSecurityAttributes & attributes,
00203     ::DDS::Security::SecurityException & ex);
00204 
00205   virtual ::CORBA::Boolean get_datawriter_sec_attributes (
00206     ::DDS::Security::PermissionsHandle permissions_handle,
00207     const char * topic_name,
00208     const ::DDS::PartitionQosPolicy & partition,
00209     const ::DDS::Security::DataTagQosPolicy & data_tag,
00210     ::DDS::Security::EndpointSecurityAttributes & attributes,
00211     ::DDS::Security::SecurityException & ex);
00212 
00213   virtual ::CORBA::Boolean get_datareader_sec_attributes (
00214     ::DDS::Security::PermissionsHandle permissions_handle,
00215     const char * topic_name,
00216     const ::DDS::PartitionQosPolicy & partition,
00217     const ::DDS::Security::DataTagQosPolicy & data_tag,
00218     ::DDS::Security::EndpointSecurityAttributes & attributes,
00219     ::DDS::Security::SecurityException & ex);
00220 
00221   virtual ::CORBA::Boolean return_participant_sec_attributes (
00222     const ::DDS::Security::ParticipantSecurityAttributes & attributes,
00223     ::DDS::Security::SecurityException & ex);
00224 
00225   virtual ::CORBA::Boolean return_datawriter_sec_attributes (
00226     const ::DDS::Security::EndpointSecurityAttributes & attributes,
00227     ::DDS::Security::SecurityException & ex);
00228 
00229   virtual ::CORBA::Boolean return_datareader_sec_attributes (
00230     const ::DDS::Security::EndpointSecurityAttributes & attributes,
00231     ::DDS::Security::SecurityException & ex);
00232 
00233 
00234 private:
00235 
00236   AccessControlBuiltInImpl(const AccessControlBuiltInImpl& right);
00237   AccessControlBuiltInImpl& operator=(const AccessControlBuiltInImpl& right);
00238 
00239   struct AccessData
00240   {
00241     Permissions::shared_ptr perm;
00242     Governance::shared_ptr gov;
00243     LocalAccessCredentialData::shared_ptr local_access_credential_data;
00244   };
00245 
00246   typedef std::map<DDS::Security::PermissionsHandle, AccessData> ACPermsMap;
00247   ACPermsMap local_ac_perms_;
00248 
00249   typedef std::map<DDS::Security::IdentityHandle, DDS::Security::PermissionsHandle> ACIdentityMap;
00250   ACIdentityMap local_identity_map_;
00251 
00252   class RevokePermissionsTimer : public ACE_Event_Handler {
00253   public:
00254     RevokePermissionsTimer(AccessControlBuiltInImpl& impl);
00255     virtual ~RevokePermissionsTimer();
00256     bool start_timer(const ACE_Time_Value length, ::DDS::Security::PermissionsHandle pm_handle);
00257     virtual int handle_timeout(const ACE_Time_Value &tv, const void * arg);
00258     bool is_scheduled() { return scheduled_; }
00259 
00260   protected:
00261     AccessControlBuiltInImpl & impl_;
00262 
00263     ACE_Time_Value interval() const { return interval_; }
00264 
00265   private:
00266     ACE_Time_Value interval_;
00267     bool scheduled_;
00268     long timer_id_;
00269     ACE_Thread_Mutex lock_;
00270     ACE_Reactor_Timer_Interface* reactor_;
00271 
00272   };
00273   RevokePermissionsTimer local_rp_timer_;
00274   RevokePermissionsTimer remote_rp_timer_;
00275 
00276   ::CORBA::Long generate_handle();
00277 
00278   ACE_Thread_Mutex handle_mutex_;
00279   ACE_Thread_Mutex gen_handle_mutex_;
00280 
00281   ::CORBA::Long next_handle_;
00282 
00283   ::DDS::Security::AccessControlListener_ptr listener_ptr_;
00284 
00285   time_t convert_permissions_time(std::string timeString);
00286 
00287   ::CORBA::Boolean validate_date_time(const ACPermsMap::iterator ac_iter,
00288                                       time_t& delta_time,
00289                                       ::DDS::Security::SecurityException & ex);
00290 
00291   CORBA::Boolean get_sec_attributes(::DDS::Security::PermissionsHandle permissions_handle,
00292                                     const char * topic_name,
00293                                     const ::DDS::PartitionQosPolicy & partition,
00294                                     const ::DDS::Security::DataTagQosPolicy & data_tag,
00295                                     ::DDS::Security::EndpointSecurityAttributes & attributes,
00296                                     ::DDS::Security::SecurityException & ex);
00297 
00298   CORBA::Boolean search_local_permissions(const char * topic_name,
00299                                           const ::DDS::Security::DomainId_t domain_id,
00300                                           const ::DDS::PartitionQosPolicy & partition,
00301                                           const Permissions::PublishSubscribe_t pub_or_sub,
00302                                           const ACPermsMap::iterator ac_iter,
00303                                           ::DDS::Security::SecurityException & ex);
00304 
00305   /// @return 0 if the search is successful.
00306   CORBA::Boolean search_remote_permissions(const char * topic_name,
00307                                            const ::DDS::Security::DomainId_t domain_id,
00308                                            const ACPermsMap::iterator ac_iter,
00309                                            const Permissions::PublishSubscribe_t pub_or_sub,
00310                                            ::DDS::Security::SecurityException & ex);
00311 
00312   void parse_class_id(const std::string class_id,
00313                       std::string& plugin_class_name,
00314                       int& major_version,
00315                       int& minor_version);
00316 
00317 };
00318 
00319 } // namespace Security
00320 } // namespace OpenDDS
00321 
00322 OPENDDS_END_VERSIONED_NAMESPACE_DECL
00323 
00324 #endif
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines
Generated on 10 Aug 2018 for OpenDDS by  doxygen 1.6.1