Authentication/LocalCredentialData.cpp

Go to the documentation of this file.
00001 /*
00002  * Distributed under the OpenDDS License.
00003  * See: http://www.OpenDDS.org/license.html
00004  */
00005 
00006 #include "LocalCredentialData.h"
00007 #include "dds/DCPS/security/CommonUtilities.h"
00008 #include "dds/DCPS/security/TokenReader.h"
00009 #include "dds/DCPS/debug.h"
00010 #include "dds/DCPS/SequenceIterator.h"
00011 #include <algorithm>
00012 #include <cstring>
00013 #include <cerrno>
00014 
00015 namespace OpenDDS {
00016 namespace Security {
00017 
00018 using namespace CommonUtilities;
00019 
00020 int CredentialHash::operator()(DDS::OctetSeq& dst) const
00021 {
00022   const DDS::OctetSeq& perm_data = permissions_data_;
00023   const DDS::OctetSeq& topic_data = participant_topic_data_;
00024 
00025   DDS::BinaryPropertySeq hash_data;
00026   DCPS::SequenceBackInsertIterator<DDS::BinaryPropertySeq> inserter(hash_data);
00027 
00028   DDS::BinaryProperty_t cid, cperm, cpdata, cdsign_algo, ckagree_algo;
00029 
00030   cid.name = "c.id";
00031   cid.value = pubcert_.original_bytes();
00032   cid.propagate = true;
00033 
00034   cperm.name = "c.perm";
00035   cperm.value = perm_data;
00036   cperm.propagate = true;
00037 
00038   cpdata.name = "c.pdata";
00039   cpdata.value = topic_data;
00040   cpdata.propagate = true;
00041 
00042   cdsign_algo.name = "c.dsign_algo";
00043   const char* cdsign_algo_str = pubcert_.dsign_algo();
00044   cdsign_algo.value.length(std::strlen(cdsign_algo_str) + 1);
00045   std::memcpy(cdsign_algo.value.get_buffer(), cdsign_algo_str, cdsign_algo.value.length());
00046   cdsign_algo.propagate = true;
00047 
00048   ckagree_algo.name = "c.kagree_algo";
00049   const char* ckagree_algo_str = dh_.kagree_algo();
00050   ckagree_algo.value.length(std::strlen(ckagree_algo_str) + 1);
00051   std::memcpy(ckagree_algo.value.get_buffer(), ckagree_algo_str, ckagree_algo.value.length());
00052   ckagree_algo.propagate = true;
00053 
00054   *inserter = cid;
00055   *inserter = cperm;
00056   *inserter = cpdata;
00057   *inserter = cdsign_algo;
00058   *inserter = ckagree_algo;
00059 
00060   return SSL::hash_serialized(hash_data, dst);
00061 }
00062 
00063 LocalAuthCredentialData::LocalAuthCredentialData()
00064 {
00065 
00066 }
00067 
00068 LocalAuthCredentialData::~LocalAuthCredentialData()
00069 {
00070 
00071 }
00072 
00073 bool LocalAuthCredentialData::load_access_permissions(const DDS::Security::PermissionsCredentialToken& src,
00074                                                       DDS::Security::SecurityException& ex)
00075 {
00076   const char* cperm = TokenReader(src).get_property_value("dds.perm.cert");
00077   if (! cperm) {
00078     set_security_error(ex, -1, 0,
00079                        "LocalAuthCredentialData::load_access_permissions: "
00080                        "no 'dds.perm.cert' property provided");
00081     return false;
00082   }
00083   DCPS::SequenceBackInsertIterator<DDS::OctetSeq> back_inserter(access_permissions_);
00084   std::copy(cperm, cperm + std::strlen(cperm), back_inserter);
00085 
00086   // Set trailing null bit
00087   *back_inserter = 0u;
00088 
00089   return true;
00090 }
00091 
00092 bool LocalAuthCredentialData::load_credentials(const DDS::PropertySeq& props, DDS::Security::SecurityException& ex)
00093 {
00094   std::string name, value, pkey_uri, password;
00095   if (OpenDDS::DCPS::DCPS_debug_level > 0) {
00096     ACE_DEBUG((LM_DEBUG, "(%P|%t) LocalAuthCredentialData::load: Number of Properties: %i\n", props.length()));
00097   }
00098   for (size_t i = 0; i < props.length(); ++i) {
00099     name = props[i].name;
00100     value = props[i].value;
00101 
00102     if (OpenDDS::DCPS::DCPS_debug_level > 0) {
00103       ACE_DEBUG((LM_DEBUG, "(%P|%t) LocalAuthCredentialData::load: property %i: %C: %C\n",
00104                 i, name.c_str(), value.c_str()));
00105     }
00106 
00107     if (name == "dds.sec.auth.identity_ca") {
00108         ca_cert_.reset(new SSL::Certificate(value));
00109 
00110     } else if (name == "dds.sec.auth.private_key") {
00111         pkey_uri = value;
00112 
00113     } else if (name == "dds.sec.auth.identity_certificate") {
00114         participant_cert_.reset(new SSL::Certificate(value));
00115 
00116     } else if (name == "dds.sec.auth.password") {
00117         password = value;
00118 
00119     }
00120   }
00121 
00122   if (pkey_uri != "") {
00123     participant_pkey_.reset(new SSL::PrivateKey(pkey_uri, password));
00124   }
00125 
00126   if (! ca_cert_) {
00127     set_security_error(ex, -1, 0, "LocalAuthCredentialData::load: failed to load CA certificate");
00128     return false;
00129 
00130   } else if (! participant_cert_) {
00131     set_security_error(ex, -1, 0, "LocalAuthCredentialData::load: failed to load participant certificate");
00132     return false;
00133 
00134   } else if (! participant_pkey_) {
00135     set_security_error(ex, -1, 0, "LocalAuthCredentialData::load: failed to load participant private-key");
00136     return false;
00137 
00138   }
00139 
00140   return true;
00141 }
00142 
00143 }
00144 }
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines
Generated on 10 Aug 2018 for OpenDDS by  doxygen 1.6.1