Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions
Arc::MessageAuthContext Class Reference

Handler for content of message auth* context. More...

#include <Message.h>

Inheritance diagram for Arc::MessageAuthContext:
Inheritance graph
[legend]
Collaboration diagram for Arc::MessageAuthContext:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 MessageAuthContext (void)
 ~MessageAuthContext (void)
void set (const std::string &key, SecAttr *value)
 Adds/overwrites security attribute stored under specified key.
void remove (const std::string &key)
 Deletes security attribute stored under specified key.
SecAttrget (const std::string &key)
 Retrieves reference to security attribute stored under specified key.
SecAttroperator[] (const std::string &key)
 Same as MessageAuth::get.
bool Export (SecAttrFormat format, XMLNode &val) const
 Returns properly catenated attributes in specified format.
MessageAuthFilter (const std::list< std::string > &selected_keys, const std::list< std::string > &rejected_keys)
 Creates new instance of MessageAuth with attributes filtered.

Detailed Description

Handler for content of message auth* context.

This class is a container for authorization and authentication information. It gets associated with Message object usually by first MCC in a chain and is kept as long as connection persists.

Definition at line 48 of file Message.h.


Constructor & Destructor Documentation

Definition at line 50 of file Message.h.

{ };

Definition at line 51 of file Message.h.

{ };

Member Function Documentation

bool Arc::MessageAuth::Export ( SecAttrFormat  format,
XMLNode val 
) const [inherited]

Returns properly catenated attributes in specified format.

Content of XML node at is replaced with generated information if XML tree is empty. If tree at is not empty then Export() tries to merge generated information to already existing like everything would be generated inside same Export() method. If does not represent valid node then new XML tree is created.

Definition at line 65 of file MessageAuth.cpp.

                                                                {
  if(format == SecAttr::ARCAuth) {
    // Making XML document top level Request element
    NS ns;
    ns["ra"]="http://www.nordugrid.org/schemas/request-arc";
    if(!val) XMLNode(ns,"ra:Request").New(val);
    XMLNode newreq = val;
    newreq.Namespaces(ns);
    newreq.Name("ra:Request");
    XMLNodeContainer xmls;
    std::list<_XMLPair> subjects;
    std::list<_XMLPair> resources;
    std::list<_XMLPair> actions;
    // Collecting elements from previously generated request
    for(XMLNode item = newreq["RequestItem"];(bool)item;++item) {
      for(XMLNode subject = item["Subject"];(bool)subject;++subject) {
        subjects.push_back(_XMLPair(subject,item["Context"]));
      };
      for(XMLNode resource = item["Resource"];(bool)resource;++resource) {
        resources.push_back(_XMLPair(resource,item["Context"]));
      };
      for(XMLNode action = item["Action"];(bool)action;++action) {
        actions.push_back(_XMLPair(action,item["Context"]));
      };
    };
    int subjects_new = subjects.size();
    int resources_new = resources.size();
    int actions_new = actions.size();

    // Getting XMLs from all SecAttr
    std::map<std::string,SecAttr*>::const_iterator attr = attrs_.begin();
    for(;attr != attrs_.end();++attr) {
      xmls.AddNew(XMLNode(ns,""));
      XMLNode r = xmls[xmls.Size()-1];
      if(!(attr->second)) return false;
      if(!(attr->second->Export(format,r))) return false;

      //std::string str;
      //r.GetXML(str);
      //std::cout<<"SecAttr: ++++ Name: "<<attr->first<<"XML: "<<str<<std::endl;

      for(XMLNode item = r["RequestItem"];(bool)item;++item) {
        for(XMLNode subject = item["Subject"];(bool)subject;++subject) {
          subjects.push_back(_XMLPair(subject,item["Context"]));
        };
        for(XMLNode resource = item["Resource"];(bool)resource;++resource) {
          resources.push_back(_XMLPair(resource,item["Context"]));
        };
        for(XMLNode action = item["Action"];(bool)action;++action) {
          actions.push_back(_XMLPair(action,item["Context"]));
        };
      };
    };

    // Merge all collected elements into single request
    // Collecting new subject attributes into one element.
    XMLNode new_subject(ns,"ra:Subject");
    XMLNode new_context(ns,"ra:Context");
    {
      std::list<_XMLPair>::iterator subject = subjects.begin();
      for(int subject_n = 0;;++subject_n,++subject) {
        if(subject_n < subjects_new) continue;
        if(subject == subjects.end()) break;
        if(subject->element.Size() > 0) {
          copy_xml_elements(new_subject,subject->element["SubjectAttribute"]);
          copy_xml_elements(new_context,subject->context["ContextAttribute"]);
        };
      };
    };
    // Add new subject into existing ones - assuming all
    // already existing subjests are the same.
    {
      std::list<_XMLPair>::iterator subject = subjects.begin();
      for(int subject_n = 0;;++subject_n,++subject) {
        if(subject_n >= subjects_new) break;
        if(subject == subjects.end()) break;
        copy_xml_elements(subject->element,new_subject["SubjectAttribute"]);
        copy_xml_elements(subject->context,new_subject["ContextAttribute"]);
      };
    };
    // Use one of existing old subjects as template for new
    // elements (if present)
    if(subjects_new > 0) {
      new_subject=subjects.begin()->element;
      new_context=subjects.begin()->context;
    };
    // Create all permutations of Action and Resource elements
    std::list<_XMLPair>::iterator action = actions.begin();
    for(int action_n = 0;;++action_n) {
      std::list<_XMLPair>::iterator resource = resources.begin();
      for(int resource_n = 0;;++resource_n) {
        if((action_n < actions_new) &&
           (resource_n < resources_new)) {
          if(resources.size()) ++resource;
          if(resource == resources.end()) break;
          continue; // This combination is already in request
        };
        XMLNode newitem = newreq.NewChild("ra:RequestItem");
        XMLNode newctx = newitem.NewChild("ra:Context");
        if(new_subject.Size() > 0) {
          newitem.NewChild(new_subject);
          copy_xml_elements(newctx,new_context["ContextAttribute"]);
        };
        if(action != actions.end()) {
          newitem.NewChild(action->element);
          copy_xml_elements(newctx,action->context["ContextAttribute"]);
        };
        if(resource != resources.end()) {
          newitem.NewChild(resource->element);
          copy_xml_elements(newitem,resource->context["ContextAttribute"]);
        };
        if(resources.size()) ++resource;
        if(resource == resources.end()) break;
      };
      if(actions.size()) ++action;
      if(action == actions.end()) break;
    };
    return true;
  }
  else if(format == SecAttr::XACML) {
    // Making XML document top level Request element
    /* XACML request is like this:
     <Request>
       <Subject>
         <Attruibute/>
         ......
       </Subject>
       <Resource>
         <Attribute/>
         ......
       </Resource>
       <Action>
         <Attribute/>
         ......
       </Action>
       <Environment>
         <Attribute/>
         ......
       </Environment>
    </Request>
    */

    NS ns;
    ns["ra"]="urn:oasis:names:tc:xacml:2.0:context:schema:os";
    if(!val) XMLNode(ns,"ra:Request").New(val);
    XMLNode newreq = val;
    newreq.Namespaces(ns);
    newreq.Name("ra:Request");

    XMLNodeContainer xmls;
    // Getting XMLs from all SecAttr
    std::map<std::string,SecAttr*>::const_iterator attr = attrs_.begin();
    for(;attr != attrs_.end();++attr) {
      xmls.AddNew(XMLNode(ns,""));
      XMLNode r = xmls[xmls.Size()-1];
      if(!(attr->second)) return false;
      if(!(attr->second->Export(format,r))) return false;
    };

    // Merge all collected elements into single request
    XMLNode subject = newreq["Subject"];
    if(!subject) subject = newreq.NewChild("Subject");
    XMLNode resource = newreq["Resource"];
    if(!resource) resource = newreq.NewChild("Resource");
    XMLNode action = newreq["Action"];
    if(!action) action = newreq.NewChild("Action");
    XMLNode environment = newreq["Environment"];
    if(!environment) environment = newreq.NewChild("Environment");

    for(int i=0; i<xmls.Size(); i++) {
      XMLNode r = xmls[i];
      copy_xml_elements(subject, r["Subject"].Child());
      copy_xml_elements(resource, r["Resource"].Child());
      copy_xml_elements(action, r["Action"].Child());
      copy_xml_elements(environment, r["Environment"].Child());
    };
    return true;
  }
  return false;
}

Here is the call graph for this function:

Here is the caller graph for this function:

MessageAuth * Arc::MessageAuth::Filter ( const std::list< std::string > &  selected_keys,
const std::list< std::string > &  rejected_keys 
) [inherited]

Creates new instance of MessageAuth with attributes filtered.

In new instance all attributes with keys listed in are removed. If is not empty only corresponding attributes are transfered to new instance. Created instance does not own refered attributes. Hence parent instance must not be deleted as long as this one is in use.

Definition at line 340 of file MessageAuth.cpp.

                                                                                                                {
  MessageAuth* newauth = new MessageAuth;
  newauth->attrs_created_=false;
  if(selected_keys.empty()) {
    newauth->attrs_=attrs_;
  } else {
    for(std::list<std::string>::const_iterator key = selected_keys.begin();
                       key!=selected_keys.end();++key) {
      std::map<std::string,SecAttr*>::const_iterator attr = attrs_.find(*key);
      if((attr != attrs_.end()) && (attr->second != NULL)) newauth->attrs_[*key]=attr->second;
    };
  };
  if(!rejected_keys.empty()) {
    for(std::list<std::string>::const_iterator key = rejected_keys.begin();
                       key!=rejected_keys.end();++key) {
      newauth->remove(*key);
    };
  };
  return newauth;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SecAttr * Arc::MessageAuth::get ( const std::string &  key) [inherited]

Retrieves reference to security attribute stored under specified key.

Definition at line 38 of file MessageAuth.cpp.

                                              {
  std::map<std::string,SecAttr*>::iterator attr = attrs_.find(key);
  if(attr == attrs_.end()) return NULL;
  return attr->second;
}

Here is the caller graph for this function:

SecAttr* Arc::MessageAuth::operator[] ( const std::string &  key) [inline, inherited]

Same as MessageAuth::get.

Definition at line 28 of file MessageAuth.h.

{ return get(key); };
void Arc::MessageAuth::remove ( const std::string &  key) [inherited]

Deletes security attribute stored under specified key.

Definition at line 30 of file MessageAuth.cpp.

                                             {
  std::map<std::string,SecAttr*>::iterator attr = attrs_.find(key);
  if(attr != attrs_.end()) {
    if(attrs_created_) if(attr->second) delete attr->second;
    attrs_.erase(attr);
  };
}

Here is the caller graph for this function:

void Arc::MessageAuth::set ( const std::string &  key,
SecAttr value 
) [inherited]

Adds/overwrites security attribute stored under specified key.

Definition at line 19 of file MessageAuth.cpp.

                                                          {
  if(!attrs_created_) return;
  std::map<std::string,SecAttr*>::iterator attr = attrs_.find(key);
  if(attr == attrs_.end()) {
    attrs_[key]=value;
  } else {
    if(attr->second) delete attr->second;
    attr->second=value;
  };
}

Here is the caller graph for this function:


The documentation for this class was generated from the following file: