Back to index

nordugrid-arc-nox  1.1.0~rc6
UsernameTokenSH.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include <iostream>
00006 #include <fstream>
00007 
00008 #include <arc/loader/Loader.h>
00009 #include <arc/message/PayloadSOAP.h>
00010 #include <arc/XMLNode.h>
00011 #include <arc/ws-security/UsernameToken.h>
00012 
00013 #include "UsernameTokenSH.h"
00014 
00015 static Arc::Logger logger(Arc::Logger::rootLogger, "UsernameTokenSH");
00016 
00017 Arc::Plugin* ArcSec::UsernameTokenSH::get_sechandler(Arc::PluginArgument* arg) {
00018     ArcSec::SecHandlerPluginArgument* shcarg =
00019             arg?dynamic_cast<ArcSec::SecHandlerPluginArgument*>(arg):NULL;
00020     if(!shcarg) return NULL;
00021     return new ArcSec::UsernameTokenSH((Arc::Config*)(*shcarg),(Arc::ChainContext*)(*shcarg));
00022 }
00023 
00024 /*
00025 sechandler_descriptors ARC_SECHANDLER_LOADER = {
00026     { "usernametoken.creator", 0, &get_sechandler},
00027     { NULL, 0, NULL }
00028 };
00029 */
00030 
00031 namespace ArcSec {
00032 using namespace Arc;
00033 
00034 UsernameTokenSH::UsernameTokenSH(Config *cfg,ChainContext*):SecHandler(cfg){
00035   process_type_=process_none;
00036   std::string process_type = (std::string)((*cfg)["Process"]);
00037   if(process_type == "extract") { 
00038     password_source_=(std::string)((*cfg)["PasswordSource"]);
00039     if(password_source_.empty()) {
00040       logger.msg(ERROR,"Missing or empty PasswordSource element");
00041       return;
00042     };
00043     process_type_=process_extract;
00044   } else if(process_type == "generate") {
00045     std::string pwd_encoding = (std::string)((*cfg)["PasswordEncoding"]);
00046     if(pwd_encoding == "digest") {
00047       password_type_=password_digest;
00048     } else if((pwd_encoding == "text") || pwd_encoding.empty()) {
00049       password_type_=password_text;
00050     } else {
00051       logger.msg(ERROR,"Password encoding type not supported: %s",pwd_encoding);
00052       return;
00053     };
00054     username_=(std::string)((*cfg)["Username"]);
00055     if(username_.empty()) {
00056       logger.msg(ERROR,"Missing or empty Username element");
00057       return;
00058     };
00059     password_=(std::string)((*cfg)["Password"]);
00060     process_type_=process_generate;
00061   } else {
00062     logger.msg(ERROR,"Processing type not supported: %s",process_type);
00063     return;
00064   };
00065 }
00066 
00067 UsernameTokenSH::~UsernameTokenSH() {
00068 }
00069 
00070 bool UsernameTokenSH::Handle(Arc::Message* msg) const {
00071   if(process_type_ == process_extract) {
00072     try {
00073       PayloadSOAP* soap = dynamic_cast<PayloadSOAP*>(msg->Payload());
00074       UsernameToken ut(*soap);
00075       if(!ut) {
00076         logger.msg(ERROR,"Failed to parse Username Token from incoming SOAP");
00077         return false;
00078       };
00079       std::string derived_key;
00080       std::ifstream stream(password_source_.c_str());  
00081       if(!ut.Authenticate(stream, derived_key)) {
00082         logger.msg(ERROR, "Failed to authenticate Username Token inside the incoming SOAP");
00083         stream.close(); return false;
00084       };
00085       logger.msg(INFO, "Succeeded to authenticate UsernameToken");
00086       stream.close();
00087     } catch(std::exception) {
00088       logger.msg(ERROR,"Incoming Message is not SOAP");
00089       return false;
00090     }  
00091   } else if(process_type_ == process_generate) {
00092     try {
00093       PayloadSOAP* soap = dynamic_cast<PayloadSOAP*>(msg->Payload());
00094       UsernameToken ut(*soap,username_,password_,std::string(""),
00095          (password_type_==password_digest)?(UsernameToken::PasswordDigest):(UsernameToken::PasswordText));
00096       if(!ut) {
00097         logger.msg(ERROR,"Failed to generate Username Token for outgoing SOAP");
00098         return false;
00099       };
00100     } catch(std::exception) {
00101       logger.msg(ERROR,"Outgoing Message is not SOAP");
00102       return false;
00103     }
00104   } else {
00105     logger.msg(ERROR,"Username Token handler is not configured");
00106     return false;
00107   } 
00108   return true;
00109 }
00110 
00111 }
00112 
00113