Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Private Member Functions | Private Attributes
Arc::MessageAuth Class Reference

Contains authencity information, authorization tokens and decisions. More...

#include <MessageAuth.h>

Inheritance diagram for Arc::MessageAuth:
Inheritance graph
[legend]
Collaboration diagram for Arc::MessageAuth:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 MessageAuth (void)
 ~MessageAuth (void)
void set (const std::string &key, SecAttr *value)
 Adds/overwrites security attribute stored under specified key.
void remove (const std::string &key)
 Deletes security attribute stored under specified key.
SecAttrget (const std::string &key)
 Retrieves reference to security attribute stored under specified key.
SecAttroperator[] (const std::string &key)
 Same as MessageAuth::get.
bool Export (SecAttrFormat format, XMLNode &val) const
 Returns properly catenated attributes in specified format.
MessageAuthFilter (const std::list< std::string > &selected_keys, const std::list< std::string > &rejected_keys)
 Creates new instance of MessageAuth with attributes filtered.

Private Member Functions

 MessageAuth (const MessageAuth &)

Private Attributes

std::map< std::string, SecAttr * > attrs_
bool attrs_created_

Detailed Description

Contains authencity information, authorization tokens and decisions.

This class only supports string keys and SecAttr values.

Definition at line 13 of file MessageAuth.h.


Constructor & Destructor Documentation

Arc::MessageAuth::MessageAuth ( const MessageAuth ) [inline, private]

Definition at line 17 of file MessageAuth.h.

{ };

Definition at line 9 of file MessageAuth.cpp.

:attrs_created_(true) { }

Here is the caller graph for this function:

Definition at line 11 of file MessageAuth.cpp.

                              {
  if(!attrs_created_) return;
  std::map<std::string,SecAttr*>::iterator attr = attrs_.begin();
  for(;attr != attrs_.end();++attr) {
    if(attr->second) delete attr->second;
  };
}

Member Function Documentation

bool Arc::MessageAuth::Export ( SecAttrFormat  format,
XMLNode val 
) const

Returns properly catenated attributes in specified format.

Content of XML node at is replaced with generated information if XML tree is empty. If tree at is not empty then Export() tries to merge generated information to already existing like everything would be generated inside same Export() method. If does not represent valid node then new XML tree is created.

Definition at line 65 of file MessageAuth.cpp.

                                                                {
  if(format == SecAttr::ARCAuth) {
    // Making XML document top level Request element
    NS ns;
    ns["ra"]="http://www.nordugrid.org/schemas/request-arc";
    if(!val) XMLNode(ns,"ra:Request").New(val);
    XMLNode newreq = val;
    newreq.Namespaces(ns);
    newreq.Name("ra:Request");
    XMLNodeContainer xmls;
    std::list<_XMLPair> subjects;
    std::list<_XMLPair> resources;
    std::list<_XMLPair> actions;
    // Collecting elements from previously generated request
    for(XMLNode item = newreq["RequestItem"];(bool)item;++item) {
      for(XMLNode subject = item["Subject"];(bool)subject;++subject) {
        subjects.push_back(_XMLPair(subject,item["Context"]));
      };
      for(XMLNode resource = item["Resource"];(bool)resource;++resource) {
        resources.push_back(_XMLPair(resource,item["Context"]));
      };
      for(XMLNode action = item["Action"];(bool)action;++action) {
        actions.push_back(_XMLPair(action,item["Context"]));
      };
    };
    int subjects_new = subjects.size();
    int resources_new = resources.size();
    int actions_new = actions.size();

    // Getting XMLs from all SecAttr
    std::map<std::string,SecAttr*>::const_iterator attr = attrs_.begin();
    for(;attr != attrs_.end();++attr) {
      xmls.AddNew(XMLNode(ns,""));
      XMLNode r = xmls[xmls.Size()-1];
      if(!(attr->second)) return false;
      if(!(attr->second->Export(format,r))) return false;

      //std::string str;
      //r.GetXML(str);
      //std::cout<<"SecAttr: ++++ Name: "<<attr->first<<"XML: "<<str<<std::endl;

      for(XMLNode item = r["RequestItem"];(bool)item;++item) {
        for(XMLNode subject = item["Subject"];(bool)subject;++subject) {
          subjects.push_back(_XMLPair(subject,item["Context"]));
        };
        for(XMLNode resource = item["Resource"];(bool)resource;++resource) {
          resources.push_back(_XMLPair(resource,item["Context"]));
        };
        for(XMLNode action = item["Action"];(bool)action;++action) {
          actions.push_back(_XMLPair(action,item["Context"]));
        };
      };
    };

    // Merge all collected elements into single request
    // Collecting new subject attributes into one element.
    XMLNode new_subject(ns,"ra:Subject");
    XMLNode new_context(ns,"ra:Context");
    {
      std::list<_XMLPair>::iterator subject = subjects.begin();
      for(int subject_n = 0;;++subject_n,++subject) {
        if(subject_n < subjects_new) continue;
        if(subject == subjects.end()) break;
        if(subject->element.Size() > 0) {
          copy_xml_elements(new_subject,subject->element["SubjectAttribute"]);
          copy_xml_elements(new_context,subject->context["ContextAttribute"]);
        };
      };
    };
    // Add new subject into existing ones - assuming all
    // already existing subjests are the same.
    {
      std::list<_XMLPair>::iterator subject = subjects.begin();
      for(int subject_n = 0;;++subject_n,++subject) {
        if(subject_n >= subjects_new) break;
        if(subject == subjects.end()) break;
        copy_xml_elements(subject->element,new_subject["SubjectAttribute"]);
        copy_xml_elements(subject->context,new_subject["ContextAttribute"]);
      };
    };
    // Use one of existing old subjects as template for new
    // elements (if present)
    if(subjects_new > 0) {
      new_subject=subjects.begin()->element;
      new_context=subjects.begin()->context;
    };
    // Create all permutations of Action and Resource elements
    std::list<_XMLPair>::iterator action = actions.begin();
    for(int action_n = 0;;++action_n) {
      std::list<_XMLPair>::iterator resource = resources.begin();
      for(int resource_n = 0;;++resource_n) {
        if((action_n < actions_new) &&
           (resource_n < resources_new)) {
          if(resources.size()) ++resource;
          if(resource == resources.end()) break;
          continue; // This combination is already in request
        };
        XMLNode newitem = newreq.NewChild("ra:RequestItem");
        XMLNode newctx = newitem.NewChild("ra:Context");
        if(new_subject.Size() > 0) {
          newitem.NewChild(new_subject);
          copy_xml_elements(newctx,new_context["ContextAttribute"]);
        };
        if(action != actions.end()) {
          newitem.NewChild(action->element);
          copy_xml_elements(newctx,action->context["ContextAttribute"]);
        };
        if(resource != resources.end()) {
          newitem.NewChild(resource->element);
          copy_xml_elements(newitem,resource->context["ContextAttribute"]);
        };
        if(resources.size()) ++resource;
        if(resource == resources.end()) break;
      };
      if(actions.size()) ++action;
      if(action == actions.end()) break;
    };
    return true;
  }
  else if(format == SecAttr::XACML) {
    // Making XML document top level Request element
    /* XACML request is like this:
     <Request>
       <Subject>
         <Attruibute/>
         ......
       </Subject>
       <Resource>
         <Attribute/>
         ......
       </Resource>
       <Action>
         <Attribute/>
         ......
       </Action>
       <Environment>
         <Attribute/>
         ......
       </Environment>
    </Request>
    */

    NS ns;
    ns["ra"]="urn:oasis:names:tc:xacml:2.0:context:schema:os";
    if(!val) XMLNode(ns,"ra:Request").New(val);
    XMLNode newreq = val;
    newreq.Namespaces(ns);
    newreq.Name("ra:Request");

    XMLNodeContainer xmls;
    // Getting XMLs from all SecAttr
    std::map<std::string,SecAttr*>::const_iterator attr = attrs_.begin();
    for(;attr != attrs_.end();++attr) {
      xmls.AddNew(XMLNode(ns,""));
      XMLNode r = xmls[xmls.Size()-1];
      if(!(attr->second)) return false;
      if(!(attr->second->Export(format,r))) return false;
    };

    // Merge all collected elements into single request
    XMLNode subject = newreq["Subject"];
    if(!subject) subject = newreq.NewChild("Subject");
    XMLNode resource = newreq["Resource"];
    if(!resource) resource = newreq.NewChild("Resource");
    XMLNode action = newreq["Action"];
    if(!action) action = newreq.NewChild("Action");
    XMLNode environment = newreq["Environment"];
    if(!environment) environment = newreq.NewChild("Environment");

    for(int i=0; i<xmls.Size(); i++) {
      XMLNode r = xmls[i];
      copy_xml_elements(subject, r["Subject"].Child());
      copy_xml_elements(resource, r["Resource"].Child());
      copy_xml_elements(action, r["Action"].Child());
      copy_xml_elements(environment, r["Environment"].Child());
    };
    return true;
  }
  return false;
}

Here is the call graph for this function:

Here is the caller graph for this function:

MessageAuth * Arc::MessageAuth::Filter ( const std::list< std::string > &  selected_keys,
const std::list< std::string > &  rejected_keys 
)

Creates new instance of MessageAuth with attributes filtered.

In new instance all attributes with keys listed in are removed. If is not empty only corresponding attributes are transfered to new instance. Created instance does not own refered attributes. Hence parent instance must not be deleted as long as this one is in use.

Definition at line 340 of file MessageAuth.cpp.

                                                                                                                {
  MessageAuth* newauth = new MessageAuth;
  newauth->attrs_created_=false;
  if(selected_keys.empty()) {
    newauth->attrs_=attrs_;
  } else {
    for(std::list<std::string>::const_iterator key = selected_keys.begin();
                       key!=selected_keys.end();++key) {
      std::map<std::string,SecAttr*>::const_iterator attr = attrs_.find(*key);
      if((attr != attrs_.end()) && (attr->second != NULL)) newauth->attrs_[*key]=attr->second;
    };
  };
  if(!rejected_keys.empty()) {
    for(std::list<std::string>::const_iterator key = rejected_keys.begin();
                       key!=rejected_keys.end();++key) {
      newauth->remove(*key);
    };
  };
  return newauth;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SecAttr * Arc::MessageAuth::get ( const std::string &  key)

Retrieves reference to security attribute stored under specified key.

Definition at line 38 of file MessageAuth.cpp.

                                              {
  std::map<std::string,SecAttr*>::iterator attr = attrs_.find(key);
  if(attr == attrs_.end()) return NULL;
  return attr->second;
}

Here is the caller graph for this function:

SecAttr* Arc::MessageAuth::operator[] ( const std::string &  key) [inline]

Same as MessageAuth::get.

Definition at line 28 of file MessageAuth.h.

{ return get(key); };
void Arc::MessageAuth::remove ( const std::string &  key)

Deletes security attribute stored under specified key.

Definition at line 30 of file MessageAuth.cpp.

                                             {
  std::map<std::string,SecAttr*>::iterator attr = attrs_.find(key);
  if(attr != attrs_.end()) {
    if(attrs_created_) if(attr->second) delete attr->second;
    attrs_.erase(attr);
  };
}

Here is the caller graph for this function:

void Arc::MessageAuth::set ( const std::string &  key,
SecAttr value 
)

Adds/overwrites security attribute stored under specified key.

Definition at line 19 of file MessageAuth.cpp.

                                                          {
  if(!attrs_created_) return;
  std::map<std::string,SecAttr*>::iterator attr = attrs_.find(key);
  if(attr == attrs_.end()) {
    attrs_[key]=value;
  } else {
    if(attr->second) delete attr->second;
    attr->second=value;
  };
}

Here is the caller graph for this function:


Member Data Documentation

std::map<std::string,SecAttr*> Arc::MessageAuth::attrs_ [private]

Definition at line 15 of file MessageAuth.h.

Definition at line 16 of file MessageAuth.h.


The documentation for this class was generated from the following files: