AuthenticationBuiltInImpl.h

Go to the documentation of this file.
00001 /*
00002  *
00003  *
00004  * Distributed under the OpenDDS License.
00005  * See: http://www.OpenDDS.org/license.html
00006  */
00007 
00008 
00009 
00010 #ifndef DDS_DCPS_AUTHENTICATION_BUILTIN_IMPL_H
00011 #define DDS_DCPS_AUTHENTICATION_BUILTIN_IMPL_H
00012 
00013 #include "dds/DCPS/security/DdsSecurity_Export.h"
00014 #include "dds/DdsSecurityCoreC.h"
00015 #include "dds/Versioned_Namespace.h"
00016 #include "dds/DCPS/dcps_export.h"
00017 #include "dds/DCPS/GuidUtils.h"
00018 #include "ace/Thread_Mutex.h"
00019 #include <map>
00020 #include <string>
00021 #include <memory>
00022 
00023 #include "Authentication/LocalCredentialData.h"
00024 #include "SSL/DiffieHellman.h"
00025 
00026 #if !defined (ACE_LACKS_PRAGMA_ONCE)
00027 #pragma once
00028 #endif /* ACE_LACKS_PRAGMA_ONCE */
00029 
00030 class DDS_TEST;
00031 
00032 OPENDDS_BEGIN_VERSIONED_NAMESPACE_DECL
00033 
00034 namespace OpenDDS {
00035 namespace Security {
00036 
00037 
00038 /**
00039 * @class AuthenticationBuiltInImpl
00040 *
00041 * @brief Implements the DDS built-in version of the Authentication
00042 * plugin for the DDS Security Specification
00043 *
00044 * See the DDS security specification, OMG formal/17-09-20, for a description of
00045 * the interface this class is implementing.
00046 *
00047 */
00048 class DdsSecurity_Export  AuthenticationBuiltInImpl
00049   : public virtual DDS::Security::Authentication
00050 {
00051 public:
00052   AuthenticationBuiltInImpl();
00053   virtual ~AuthenticationBuiltInImpl();
00054 
00055   virtual ::DDS::Security::ValidationResult_t validate_local_identity(
00056     ::DDS::Security::IdentityHandle & local_identity_handle,
00057     DCPS::GUID_t & adjusted_participant_guid,
00058     ::DDS::Security::DomainId_t domain_id,
00059     const ::DDS::DomainParticipantQos & participant_qos,
00060     const DCPS::GUID_t & candidate_participant_guid,
00061     ::DDS::Security::SecurityException & ex);
00062 
00063   virtual ::CORBA::Boolean get_identity_token(
00064     ::DDS::Security::IdentityToken & identity_token,
00065     ::DDS::Security::IdentityHandle handle,
00066     ::DDS::Security::SecurityException & ex);
00067 
00068   virtual ::CORBA::Boolean get_identity_status_token(
00069     ::DDS::Security::IdentityStatusToken & identity_status_token,
00070     ::DDS::Security::IdentityHandle handle,
00071     ::DDS::Security::SecurityException & ex);
00072 
00073   virtual ::CORBA::Boolean set_permissions_credential_and_token(
00074     ::DDS::Security::IdentityHandle handle,
00075     const ::DDS::Security::PermissionsCredentialToken & permissions_credential,
00076     const ::DDS::Security::PermissionsToken & permissions_token,
00077     ::DDS::Security::SecurityException & ex);
00078 
00079   virtual ::DDS::Security::ValidationResult_t validate_remote_identity(
00080     ::DDS::Security::IdentityHandle & remote_identity_handle,
00081     ::DDS::Security::AuthRequestMessageToken & local_auth_request_token,
00082     const ::DDS::Security::AuthRequestMessageToken & remote_auth_request_token,
00083     ::DDS::Security::IdentityHandle local_identity_handle,
00084     const ::DDS::Security::IdentityToken & remote_identity_token,
00085     const DCPS::GUID_t & remote_participant_guid,
00086     ::DDS::Security::SecurityException & ex);
00087 
00088   virtual ::DDS::Security::ValidationResult_t begin_handshake_request(
00089     ::DDS::Security::HandshakeHandle & handshake_handle,
00090     ::DDS::Security::HandshakeMessageToken & handshake_message,
00091     ::DDS::Security::IdentityHandle initiator_identity_handle,
00092     ::DDS::Security::IdentityHandle replier_identity_handle,
00093     const ::DDS::OctetSeq & serialized_local_participant_data,
00094     ::DDS::Security::SecurityException & ex);
00095 
00096   virtual ::DDS::Security::ValidationResult_t begin_handshake_reply(
00097     ::DDS::Security::HandshakeHandle & handshake_handle,
00098     ::DDS::Security::HandshakeMessageToken & handshake_message_out,
00099     ::DDS::Security::IdentityHandle initiator_identity_handle,
00100     ::DDS::Security::IdentityHandle replier_identity_handle,
00101     const ::DDS::OctetSeq & serialized_local_participant_data,
00102     ::DDS::Security::SecurityException & ex);
00103 
00104   virtual ::DDS::Security::ValidationResult_t process_handshake(
00105     ::DDS::Security::HandshakeMessageToken & handshake_message_out,
00106     const ::DDS::Security::HandshakeMessageToken & handshake_message_in,
00107     ::DDS::Security::HandshakeHandle handshake_handle,
00108     ::DDS::Security::SecurityException & ex);
00109 
00110   virtual ::DDS::Security::SharedSecretHandle* get_shared_secret(
00111     ::DDS::Security::HandshakeHandle handshake_handle,
00112     ::DDS::Security::SecurityException & ex);
00113 
00114   virtual ::CORBA::Boolean get_authenticated_peer_credential_token(
00115     ::DDS::Security::AuthenticatedPeerCredentialToken & peer_credential_token,
00116     ::DDS::Security::HandshakeHandle handshake_handle,
00117     ::DDS::Security::SecurityException & ex);
00118 
00119   virtual ::CORBA::Boolean set_listener(
00120     ::DDS::Security::AuthenticationListener_ptr listener,
00121     ::DDS::Security::SecurityException & ex);
00122 
00123   virtual ::CORBA::Boolean return_identity_token(
00124     const ::DDS::Security::IdentityToken & token,
00125     ::DDS::Security::SecurityException & ex);
00126 
00127   virtual ::CORBA::Boolean return_identity_status_token(
00128     const ::DDS::Security::IdentityStatusToken & token,
00129     ::DDS::Security::SecurityException & ex);
00130 
00131   virtual ::CORBA::Boolean return_authenticated_peer_credential_token(
00132     const ::DDS::Security::AuthenticatedPeerCredentialToken & peer_credential_token,
00133     ::DDS::Security::SecurityException & ex);
00134 
00135   virtual ::CORBA::Boolean return_handshake_handle(
00136     ::DDS::Security::HandshakeHandle handshake_handle,
00137     ::DDS::Security::SecurityException & ex);
00138 
00139   virtual ::CORBA::Boolean return_identity_handle(
00140     ::DDS::Security::IdentityHandle identity_handle,
00141     ::DDS::Security::SecurityException & ex);
00142 
00143   virtual ::CORBA::Boolean return_sharedsecret_handle(
00144     ::DDS::Security::SharedSecretHandle* sharedsecret_handle,
00145     ::DDS::Security::SecurityException & ex);
00146 
00147 private:
00148 
00149   struct RemoteParticipantData : public DCPS::RcObject {
00150     typedef DCPS::RcHandle<RemoteParticipantData> shared_ptr;
00151 
00152     // Identity data
00153 
00154     DCPS::GUID_t participant_guid;
00155     DDS::Security::IdentityHandle local_participant;
00156 
00157     // Handshake data
00158 
00159     DDS::Security::AuthRequestMessageToken local_auth_request;
00160     DDS::Security::AuthRequestMessageToken remote_auth_request;
00161     DDS::Security::IdentityHandle initiator_identity;
00162     DDS::Security::IdentityHandle replier_identity;
00163     DDS::Security::SharedSecretHandle_var shared_secret;
00164     DDS::Security::HandshakeMessageToken request;
00165     DDS::Security::HandshakeMessageToken reply;
00166     DDS::Security::ValidationResult_t state;
00167     SSL::DiffieHellman::unique_ptr diffie_hellman;
00168     SSL::Certificate::unique_ptr certificate;
00169     DDS::OctetSeq c_perm;
00170     DDS::OctetSeq hash_c1;
00171     DDS::OctetSeq hash_c2;
00172 
00173     RemoteParticipantData()
00174       : participant_guid(DCPS::GUID_UNKNOWN)
00175       , local_participant(DDS::HANDLE_NIL)
00176       , initiator_identity(DDS::HANDLE_NIL)
00177       , replier_identity(DDS::HANDLE_NIL)
00178       , state(DDS::Security::VALIDATION_FAILED)
00179     {
00180     }
00181   };
00182   typedef std::map<DDS::Security::IdentityHandle, RemoteParticipantData::shared_ptr> RemoteParticipantMap;
00183 
00184   struct LocalParticipantData : public DCPS::RcObject {
00185     typedef DCPS::RcHandle<LocalParticipantData> shared_ptr;
00186 
00187     DCPS::GUID_t participant_guid;
00188     LocalAuthCredentialData::shared_ptr credentials;
00189     RemoteParticipantMap validated_remotes;
00190 
00191     LocalParticipantData()
00192       : participant_guid(DCPS::GUID_UNKNOWN),
00193         credentials(),
00194         validated_remotes()
00195     {
00196 
00197     }
00198   };
00199   typedef std::map<DDS::Security::IdentityHandle, LocalParticipantData::shared_ptr> LocalParticipantMap;
00200   LocalParticipantMap local_participants_;
00201 
00202   LocalParticipantData::shared_ptr get_local_participant(DDS::Security::IdentityHandle handle);
00203 
00204   typedef std::pair<LocalParticipantData::shared_ptr, RemoteParticipantData::shared_ptr> HandshakeDataPair;
00205   typedef std::map<DDS::Security::HandshakeHandle, HandshakeDataPair> HandshakeDataMap;
00206   HandshakeDataMap handshake_data_;
00207 
00208   HandshakeDataPair get_handshake_data(DDS::Security::HandshakeHandle handle);
00209 
00210   /// @brief Finds the local and remote data objects associated with h1 and h2 and
00211   /// creates a new handshake pair with them. It does not matter which handle is local
00212   /// and which is remote.
00213   /// @param h1 Either a local or remote handle.
00214   /// @param h2 Either a local or remote handle.
00215   HandshakeDataPair make_handshake_pair(DDS::Security::IdentityHandle h1,
00216                                         DDS::Security::IdentityHandle h2);
00217 
00218   DDS::Security::ValidationResult_t process_handshake_reply(
00219     DDS::Security::HandshakeMessageToken & handshake_message_out,
00220     const DDS::Security::HandshakeMessageToken & handshake_message_in,
00221     DDS::Security::HandshakeHandle handshake_handle,
00222     DDS::Security::SecurityException & ex);
00223 
00224   DDS::Security::ValidationResult_t process_final_handshake(
00225     const DDS::Security::HandshakeMessageToken & handshake_message_in,
00226     DDS::Security::HandshakeHandle handshake_handle,
00227     DDS::Security::SecurityException & ex);
00228 
00229   bool is_handshake_initiator(const DCPS::GUID_t& local, const DCPS::GUID_t& remote);
00230 
00231   bool check_class_versions(const char* remote_class_id);
00232 
00233   std::string build_class_id(const std::string& message_ext);
00234 
00235   std::string get_extension(const char* class_id);
00236 
00237   CORBA::Long get_next_handle();
00238 
00239   struct was_guid_validated
00240   {
00241     was_guid_validated(const DCPS::GUID_t& expected) : expected_(expected) {}
00242 
00243     bool operator()(const RemoteParticipantMap::value_type& validated) const
00244     {
00245       return (expected_ == validated.second->participant_guid);
00246     }
00247   private:
00248     const DCPS::GUID_t& expected_;
00249   };
00250 
00251   struct local_has_remote_handle
00252   {
00253     local_has_remote_handle(DDS::Security::IdentityHandle h) : h_(h) {}
00254 
00255     bool operator()(const LocalParticipantMap::value_type& local) const
00256     {
00257       const RemoteParticipantMap& remotes = local.second->validated_remotes;
00258       return remotes.find(h_) != remotes.end();
00259     }
00260   private:
00261     DDS::Security::IdentityHandle h_;
00262   };
00263 
00264   DDS::Security::AuthenticationListener_ptr listener_ptr_;
00265 
00266   ACE_Thread_Mutex identity_mutex_;
00267   ACE_Thread_Mutex handshake_mutex_;
00268   ACE_Thread_Mutex handle_mutex_;
00269 
00270   CORBA::Long next_handle_;
00271 
00272 };
00273 } // namespace Security
00274 } // namespace OpenDDS
00275 
00276 OPENDDS_END_VERSIONED_NAMESPACE_DECL
00277 
00278 #endif
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines
Generated on 10 Aug 2018 for OpenDDS by  doxygen 1.6.1