Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Protected Member Functions | Protected Attributes
Arc::DelegationConsumerSOAP Class Reference

This class extends DelegationConsumer to support SOAP message exchange. More...

#include <DelegationInterface.h>

Inheritance diagram for Arc::DelegationConsumerSOAP:
Inheritance graph
[legend]
Collaboration diagram for Arc::DelegationConsumerSOAP:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 DelegationConsumerSOAP (void)
 Creates object with new private key.
 DelegationConsumerSOAP (const std::string &content)
 Creates object with specified private key.
 ~DelegationConsumerSOAP (void)
bool DelegateCredentialsInit (const std::string &id, const SOAPEnvelope &in, SOAPEnvelope &out)
 Process SOAP message which starts delagation.
bool UpdateCredentials (std::string &credentials, const SOAPEnvelope &in, SOAPEnvelope &out)
 Accepts delegated credentials.
bool UpdateCredentials (std::string &credentials, std::string &identity, const SOAPEnvelope &in, SOAPEnvelope &out)
 Includes the functionality in above UpdateCredentials method; plus extracting the credential identity.
bool DelegatedToken (std::string &credentials, XMLNode token)
 Similar to UpdateCredentials but takes only DelegatedToken XML element.
bool DelegatedToken (std::string &credentials, std::string &identity, XMLNode token)
 operator bool (void)
bool operator! (void)
const std::string & ID (void)
 Return identifier of this object - not implemented.
bool Backup (std::string &content)
 Stores content of this object into a string.
bool Restore (const std::string &content)
 Restores content of object from string.
bool Request (std::string &content)
 Make X509 certificate request from internal private key.
bool Acquire (std::string &content)
 Ads private key into certificates chain in 'content' On exit content contains complete delegated credentials.
bool Acquire (std::string &content, std::string &identity)
 Includes the functionality in Acquire(content); pluse extracting the *credential identity.

Protected Member Functions

bool Generate (void)
 Private key.
void LogError (void)
 Creates private key.

Protected Attributes

void * key_

Detailed Description

This class extends DelegationConsumer to support SOAP message exchange.

Implements WS interface http://www.nordugrid.org/schemas/delegation described in delegation.wsdl.

Definition at line 86 of file DelegationInterface.h.


Constructor & Destructor Documentation

Creates object with new private key.

Definition at line 767 of file DelegationInterface.cpp.

Arc::DelegationConsumerSOAP::DelegationConsumerSOAP ( const std::string &  content)

Creates object with specified private key.

Definition at line 770 of file DelegationInterface.cpp.

                                                                      :DelegationConsumer(content) {
}

Definition at line 773 of file DelegationInterface.cpp.

                                                    {
}

Member Function Documentation

bool Arc::DelegationConsumer::Acquire ( std::string &  content) [inherited]

Ads private key into certificates chain in 'content' On exit content contains complete delegated credentials.

Definition at line 390 of file DelegationInterface.cpp.

                                                   {
  std::string identity;
  return Acquire(content,identity);
}

Here is the caller graph for this function:

bool Arc::DelegationConsumer::Acquire ( std::string &  content,
std::string &  identity 
) [inherited]

Includes the functionality in Acquire(content); pluse extracting the *credential identity.

Definition at line 395 of file DelegationInterface.cpp.

                                                                        {
  X509 *cert = NULL;
  STACK_OF(X509) *cert_sk = NULL;
  bool res = false;
  char buf[100];
  std::string subject;

  if(!key_) return false;

  if(!string_to_x509(content,cert,cert_sk)) goto err;

  content.resize(0);
  if(!x509_to_string(cert,content)) goto err;

  X509_NAME_oneline(X509_get_subject_name(cert),buf,sizeof(buf));
  subject=buf;
#ifdef HAVE_OPENSSL_PROXY
  if(X509_get_ext_by_NID(cert,NID_proxyCertInfo,-1) < 0) {
    identity=subject;
  };
#endif

  if(!x509_to_string((RSA*)key_,content)) goto err;
  if(cert_sk) {
    for(int n=0;n<sk_X509_num((STACK_OF(X509) *)cert_sk);++n) {
      X509* v = sk_X509_value((STACK_OF(X509) *)cert_sk,n);
      if(!v) goto err;
      if(!x509_to_string(v,content)) goto err;
      if(identity.empty()) {
        memset(buf,0,100);
        X509_NAME_oneline(X509_get_subject_name(v),buf,sizeof(buf));
#ifdef HAVE_OPENSSL_PROXY
        if(X509_get_ext_by_NID(v,NID_proxyCertInfo,-1) < 0) {
          identity=buf;
        };
#endif
      };
    };
  };
  if(identity.empty()) identity = subject;

  res=true;
err:
  if(!res) LogError();
  if(cert) X509_free(cert);
  if(cert_sk) {
    for(int i = 0;i<sk_X509_num(cert_sk);++i) {
      X509* v = sk_X509_value(cert_sk,i);
      if(v) X509_free(v);
    };
    sk_X509_free(cert_sk);
  };
  return res;
}

Here is the call graph for this function:

bool Arc::DelegationConsumer::Backup ( std::string &  content) [inherited]

Stores content of this object into a string.

Definition at line 262 of file DelegationInterface.cpp.

                                                  {
  bool res = false;
  content.resize(0);
  RSA *rsa = (RSA*)key_;
  if(rsa) {
    BIO *out = BIO_new(BIO_s_mem());
    if(out) {
      EVP_CIPHER *enc = NULL;
      if(PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL)) {
        res=true;
        for(;;) {
          char s[256];
          int l = BIO_read(out,s,sizeof(s));
          if(l <= 0) break;
          content.append(s,l);;
        };
      } else {
        LogError();
        std::cerr<<"PEM_write_bio_RSAPrivateKey failed"<<std::endl;
      };
      BIO_free_all(out);
    };
  };
  return res;
}

Here is the call graph for this function:

bool Arc::DelegationConsumerSOAP::DelegateCredentialsInit ( const std::string &  id,
const SOAPEnvelope &  in,
SOAPEnvelope &  out 
)

Process SOAP message which starts delagation.

Generated message in 'out' is meant to be sent back to DelagationProviderSOAP. Argument 'id' contains identifier of procedure and is used only to produce SOAP message.

Definition at line 776 of file DelegationInterface.cpp.

                                                                                                                 {
/*
  DelegateCredentialsInit

  DelegateCredentialsInitResponse
    TokenRequest - Format (=x509)
      Id (string)
      Value (string)
*/
  if(!in["DelegateCredentialsInit"]) return false;
  std::string x509_request;
  Request(x509_request);
  NS ns; ns["deleg"]=DELEGATION_NAMESPACE;
  out.Namespaces(ns);
  XMLNode resp = out.NewChild("deleg:DelegateCredentialsInitResponse");
  XMLNode token = resp.NewChild("deleg:TokenRequest");
  token.NewAttribute("deleg:Format")="x509";
  token.NewChild("deleg:Id")=id;
  token.NewChild("deleg:Value")=x509_request;
  return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:

bool Arc::DelegationConsumerSOAP::DelegatedToken ( std::string &  credentials,
XMLNode  token 
)

Similar to UpdateCredentials but takes only DelegatedToken XML element.

Definition at line 831 of file DelegationInterface.cpp.

                                                                                {
  std::string identity;
  return DelegatedToken(credentials,identity,token);
}
bool Arc::DelegationConsumerSOAP::DelegatedToken ( std::string &  credentials,
std::string &  identity,
XMLNode  token 
)

Definition at line 836 of file DelegationInterface.cpp.

                                                                                                    {
  credentials = (std::string)(token["Value"]);
  if(credentials.empty()) return false;
  if(((std::string)(token.Attribute("Format"))) != "x509") return false;
  if(!Acquire(credentials,identity)) return false;
  return true;
}

Here is the call graph for this function:

bool Arc::DelegationConsumer::Generate ( void  ) [protected, inherited]

Private key.

Definition at line 304 of file DelegationInterface.cpp.

                                      {
  bool res = false;
  int num = 1024;
#ifdef HAVE_OPENSSL_OLDRSA
  unsigned long bn = RSA_F4;
  RSA *rsa=RSA_generate_key(num,bn,&progress_cb,NULL);
  if(rsa) {
    if(key_) RSA_free((RSA*)key_);
    key_=rsa; rsa=NULL; res=true;
  } else {
    LogError();
    std::cerr<<"RSA_generate_key failed"<<std::endl;
  };
  if(rsa) RSA_free(rsa);
#else
  BN_GENCB cb;
  BIGNUM *bn = BN_new();
  RSA *rsa = RSA_new();

  BN_GENCB_set(&cb,&progress_cb,NULL);
  if(bn && rsa) {
    if(BN_set_word(bn,RSA_F4)) {
      if(RSA_generate_key_ex(rsa,num,bn,&cb)) {
        if(key_) RSA_free((RSA*)key_);
        key_=rsa; rsa=NULL; res=true;
      } else {
        LogError();
        std::cerr<<"RSA_generate_key_ex failed"<<std::endl;
      };
    } else {
      LogError();
      std::cerr<<"BN_set_word failed"<<std::endl;
    };
  } else {
    LogError();
    std::cerr<<"BN_new || RSA_new failed"<<std::endl;
  };
  if(bn) BN_free(bn);
  if(rsa) RSA_free(rsa);
#endif
  return res;
}

Here is the call graph for this function:

Here is the caller graph for this function:

const std::string & Arc::DelegationConsumer::ID ( void  ) [inherited]

Return identifier of this object - not implemented.

Definition at line 225 of file DelegationInterface.cpp.

                                            {
  static std::string s;
  return s;
}
void Arc::DelegationConsumer::LogError ( void  ) [protected, inherited]

Creates private key.

Definition at line 257 of file DelegationInterface.cpp.

                                      {
  std::string ssl_err;
  ERR_print_errors_cb(&ssl_err_cb,&ssl_err);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Arc::DelegationConsumer::operator bool ( void  ) [inline, inherited]

Definition at line 35 of file DelegationInterface.h.

{ return key_ != NULL; };
bool Arc::DelegationConsumer::operator! ( void  ) [inline, inherited]

Definition at line 36 of file DelegationInterface.h.

{ return key_ == NULL; };
bool Arc::DelegationConsumer::Request ( std::string &  content) [inherited]

Make X509 certificate request from internal private key.

Definition at line 347 of file DelegationInterface.cpp.

                                                   {
  bool res = false;
  content.resize(0);
  EVP_PKEY *pkey = EVP_PKEY_new();
  const EVP_MD *digest = EVP_sha1();
  if(pkey) {
    RSA *rsa = (RSA*)key_;
    if(rsa) {
      if(EVP_PKEY_set1_RSA(pkey, rsa)) {
        X509_REQ *req = X509_REQ_new();
        if(req) {
          //if(X509_REQ_set_version(req,0L)) {
          if(X509_REQ_set_version(req,2L)) {
            if(X509_REQ_set_pubkey(req,pkey)) {
              if(X509_REQ_sign(req,pkey,digest)) {
                BIO *out = BIO_new(BIO_s_mem());
                if(out) {
                  if(PEM_write_bio_X509_REQ(out,req)) {
                    res=true;
                    for(;;) {
                      char s[256];
                      int l = BIO_read(out,s,sizeof(s));
                      if(l <= 0) break;
                      content.append(s,l);;
                    };
                  } else {
                    LogError();
                    std::cerr<<"PEM_write_bio_X509_REQ failed"<<std::endl;
                  };
                  BIO_free_all(out);
                };
              };
            };
          };
          X509_REQ_free(req);
        };
      };
    };
    EVP_PKEY_free(pkey);
  };
  return res;
}

Here is the call graph for this function:

Here is the caller graph for this function:

bool Arc::DelegationConsumer::Restore ( const std::string &  content) [inherited]

Restores content of object from string.

Definition at line 288 of file DelegationInterface.cpp.

                                                         {
  bool res = false;
  RSA *rsa = NULL;
  BIO *in = BIO_new_mem_buf((void*)(content.c_str()),content.length());
  if(in) {
    if(PEM_read_bio_RSAPrivateKey(in,&rsa,NULL,NULL)) {
      if(rsa) {
        if(key_) RSA_free((RSA*)key_);
        key_=rsa; res=true;
      };
    };
    BIO_free_all(in);
  };
  return rsa;
}

Here is the caller graph for this function:

bool Arc::DelegationConsumerSOAP::UpdateCredentials ( std::string &  credentials,
const SOAPEnvelope &  in,
SOAPEnvelope &  out 
)

Accepts delegated credentials.

Process 'in' SOAP message and stores full proxy credentials in 'credentials'. 'out' message is generated for sending to DelagationProviderSOAP.

Definition at line 798 of file DelegationInterface.cpp.

                                                                                                              {
  std::string identity;
  return UpdateCredentials(credentials,identity,in,out);
}
bool Arc::DelegationConsumerSOAP::UpdateCredentials ( std::string &  credentials,
std::string &  identity,
const SOAPEnvelope &  in,
SOAPEnvelope &  out 
)

Includes the functionality in above UpdateCredentials method; plus extracting the credential identity.

Definition at line 803 of file DelegationInterface.cpp.

                                                                                                                                  {
/*
  UpdateCredentials
    DelegatedToken - Format (=x509)
      Id (string)
      Value (string)
      Reference (any, optional)

  UpdateCredentialsResponse
*/
  XMLNode req = in["UpdateCredentials"];
  if(!req) return false;
  credentials = (std::string)(req["DelegatedToken"]["Value"]);
  if(credentials.empty()) {
    // TODO: Fault
    return false;
  };
  if(((std::string)(req["DelegatedToken"].Attribute("Format"))) != "x509") {
    // TODO: Fault
    return false;
  };
  if(!Acquire(credentials,identity)) return false;
  NS ns; ns["deleg"]=DELEGATION_NAMESPACE;
  out.Namespaces(ns);
  out.NewChild("deleg:UpdateCredentialsResponse");
  return true;
}

Here is the call graph for this function:


Member Data Documentation

void* Arc::DelegationConsumer::key_ [protected, inherited]

Definition at line 26 of file DelegationInterface.h.


The documentation for this class was generated from the following files: