Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Types | Public Member Functions | Protected Attributes | Static Private Member Functions | Private Attributes
Arc::UsernameToken Class Reference

Interface for manipulation of WS-Security according to Username Token Profile. More...

#include <UsernameToken.h>

Collaboration diagram for Arc::UsernameToken:
Collaboration graph
[legend]

List of all members.

Public Types

enum  PasswordType { PasswordText, PasswordDigest }
 SOAP header element. More...

Public Member Functions

 UsernameToken (SOAPEnvelope &soap)
 Link to existing SOAP header and parse Username Token information.
 UsernameToken (SOAPEnvelope &soap, const std::string &username, const std::string &password, const std::string &uid, PasswordType pwdtype)
 Add Username Token information into the SOAP header.
 UsernameToken (SOAPEnvelope &soap, const std::string &username, const std::string &id, bool mac, int iteration)
 Add Username Token information into the SOAP header.
 operator bool (void)
 Returns true of constructor succeeded.
std::string Username (void)
 Returns username associated with this instance.
bool Authenticate (const std::string &password, std::string &derived_key)
 Checks parsed/generated token against specified password.
bool Authenticate (std::istream &password, std::string &derived_key)
 Checks parsed token against password stored in specified stream.

Protected Attributes

XMLNode header_

Static Private Member Functions

static bool Check (SOAPEnvelope &soap)
 Tells if specified SOAP header has WSSE element and UsernameToken inside the WSSE element.

Private Attributes

std::string username_
std::string uid_
std::string password_
std::string passwdtype_
std::string nonce_
std::string created_
std::string salt_
int iteration_

Detailed Description

Interface for manipulation of WS-Security according to Username Token Profile.

Definition at line 13 of file UsernameToken.h.


Member Enumeration Documentation

SOAP header element.

Enumerator:
PasswordText 
PasswordDigest 

Definition at line 17 of file UsernameToken.h.


Constructor & Destructor Documentation

Arc::UsernameToken::UsernameToken ( SOAPEnvelope &  soap)

Link to existing SOAP header and parse Username Token information.

Username Token related information is extracted from SOAP header and stored in class variables.

Definition at line 250 of file UsernameToken.cpp.

                                               {
  if(!Check(soap)){
    return;    
  }

  header_=soap.Header();

  // Apply predefined namespace prefix
  NS ns;
  ns["wsse"]=WSSE_NAMESPACE;
  ns["wsse11"]=WSSE11_NAMESPACE;
  ns["wsu"]=WSU_NAMESPACE;
  header_.Namespaces(ns);

  XMLNode ut = header_["wsse:Security"]["wsse:UsernameToken"];   
  bool has_password = (bool)ut["wsse:Password"];
  username_ = (std::string)(ut["wsse:Username"]);
  password_ = (std::string)(ut["wsse:Password"]);
  nonce_    = (std::string)(ut["wsse:Nonce"]);
  created_  = (std::string)(ut["wsu:Created"]);
  salt_     = (std::string)(ut["wsse11:Salt"]);
  if(!ut["wsse11:Iteration"]) {
    iteration_=1000; // Default iteration value
  } else {
    if(!stringto(ut["wsse11:Iteration"],iteration_)) {
      std::cerr<<"Wrong number of iterations"<<std::endl;
      header_=XMLNode();
      return;
    }
  }

  //std::cout<<"Username: "<<username_<<" Password: "<<password_<<" Nonce: "<<nonce_<<" Created: "<<created_<<std::endl;

  if(username_.empty()) {
    std::cerr<<"Element wsse:Username is missing or empty"<<std::endl;
    header_=XMLNode();
    return;
  }
  if(has_password) {  //PasswordText or PasswordDigest
    if(!salt_.empty()) {
      std::cerr<<"Can not have wsse11:Salt and wsse:Password at the same time"<<std::endl;
      header_=XMLNode();
      return;
    }
    passwdtype_ = (std::string)((ut["wsse:Password"]).Attribute("Type"));
    if(passwdtype_.empty() || (passwdtype_ == PASSWORD_TEXT)) {
    }
    else if(passwdtype_ == PASSWORD_DIGEST) {
      if(nonce_.empty() || created_.empty()) {
        std::cerr<<"Digest password type requires wsse::Nonce and wsu::Created"<<std::endl;
        return;
      }
    }
    else {
      std::cerr<<"Unsupported password type found: "<<passwdtype_<<std::endl;
      header_=XMLNode();
      return;
    }
  }
  else {  //Key Derivation
    if(salt_.empty()) {
      std::cerr<<"Key Derivation feature requires wsse11::Salt "<<std::endl;
      header_=XMLNode();
      return;
    }
  }
} 

Here is the call graph for this function:

Arc::UsernameToken::UsernameToken ( SOAPEnvelope &  soap,
const std::string &  username,
const std::string &  password,
const std::string &  uid,
PasswordType  pwdtype 
)

Add Username Token information into the SOAP header.

Generated token contains elements Username and Password and is meant to be used for authentication.

Parameters:
soapthe SOAP message
username<wsse:Username>...</wsse:Username> - if empty it is entered interactively from stdin
password<wsse:Password Type="...">...</wsse:Password> - if empty it is entered interactively from stdin
uid<wsse:UsernameToken wsu:ID="...">
pwdtype<wsse:Password Type="...">...</wsse:Password>

Definition at line 351 of file UsernameToken.cpp.

                                                                                                                                                {
  header_=soap.Header();
  uid_ = uid;
  iteration_ = 0;
  
  //Get the username
  username_=username;
  if(username_.empty()) get_username(username_);

  //Get the password  
  password_=password;
  if(password_.empty()) get_password(password_,false);

  // Apply predefined namespace prefix
  NS ns;
  ns["wsse"]=WSSE_NAMESPACE;
  ns["wsse11"]=WSSE11_NAMESPACE;
  ns["wsu"]=WSU_NAMESPACE;
  header_.Namespaces(ns);

  //Check the arguments
  if(username_.empty() || password_.empty()) {
    std::cerr<<"Username and Password should not be empty"<<std::endl;
    header_=XMLNode();
    return;
  }

  // Insert the related elements
  XMLNode wsse = get_node(header_,"wsse:Security");
  XMLNode ut = get_node(wsse, "wsse:UsernameToken");
  if(!uid_.empty()) {
    ut.NewAttribute("wsu:Id") = uid_;
  }
  get_node(ut, "wsse:Username") = username_;
  XMLNode passwd_node = get_node(ut, "wsse:Password");

  if(pwdtype == PasswordText) {
    passwd_node.NewAttribute("Type") = passwdtype_ = PASSWORD_TEXT;
    passwd_node = password_;
  }
  else if(pwdtype == PasswordDigest) {
    passwd_node.NewAttribute("Type") = passwdtype_ = PASSWORD_DIGEST; 
    nonce_ = get_nonce();
    get_node(ut, "wsse:Nonce") = nonce_;
    created_ = Time().str(UTCTime);
    get_node(ut, "wsu:Created") = created_;

    //std::cout<<"nonce: "<<nonce_<<"createdtime: "<<created_<<"password: "<<password_<<std::endl;

    std::string password_digest = digest_password(nonce_, created_, password_);
    passwd_node = password_digest;
  }
  else {
    std::cerr<<"Unsupported password type requested"<<std::endl;
    header_=XMLNode();
    return;
  }
}

Here is the call graph for this function:

Arc::UsernameToken::UsernameToken ( SOAPEnvelope &  soap,
const std::string &  username,
const std::string &  id,
bool  mac,
int  iteration 
)

Add Username Token information into the SOAP header.

Generated token contains elements Username and Salt and is meant to be used for deriving Key Derivation.

Parameters:
soapthe SOAP message
username<wsse:Username>...</wsse:Username>
macif derived key is meant to be used for Message Authentication Code
iteration<wsse11:Iteration>...</wsse11:Iteration>

Definition at line 410 of file UsernameToken.cpp.

                                                                                                                         {
  header_=soap.Header();
  uid_ = uid;
  iteration_ = iteration;

  //Get the username
  username_=username;
  if(username_.empty()) get_username(username_);

  salt_ = get_salt(mac);

  // Apply predefined namespace prefix
  NS ns;
  ns["wsse"]=WSSE_NAMESPACE;
  ns["wsse11"]=WSSE11_NAMESPACE;
  ns["wsu"]=WSU_NAMESPACE;
  header_.Namespaces(ns);

  //Check the arguments
  if(username_.empty() || salt_.empty()) {
    std::cerr<<"Username and Salt should not be empty"<<std::endl;
    header_=XMLNode();
    return;
  }

  // Insert the related elements
  XMLNode wsse = get_node(header_,"wsse:Security");
  XMLNode ut = get_node(wsse, "wsse:UsernameToken");
  if(!uid_.empty()) {
    ut.NewAttribute("wsse:Id") = uid_;
  }
  get_node(ut, "wsse:Username") = username_;
  get_node(ut, "wsse11:Salt") = salt_;
  get_node(ut, "wsse11:Iteration") = tostring(iteration);
}

Here is the call graph for this function:


Member Function Documentation

bool Arc::UsernameToken::Authenticate ( const std::string &  password,
std::string &  derived_key 
)

Checks parsed/generated token against specified password.

If token is meant to be used for deriving a key then key is returned in derived_key. In that case authentication is performed outside of UsernameToken class using obtained derived_key.

Definition at line 326 of file UsernameToken.cpp.

                                                                                 {
  if(salt_.empty()) { // Password
    if(!nonce_.empty()) { // PasswordDigest
      std::string passwd_digest = digest_password(nonce_, created_ , password);
      if(passwd_digest != password_) {
        std::cerr<<"Generated Password Digest does not match that in wsse:Password: "<<passwd_digest<<" != "<<password_<<std::endl;
        return false;
      }
    }
    else {
      if(password != password_) {
        std::cerr<<"provide Password does not match that in wsse:Password: "<<password<<" != "<<password_<<std::endl;
        return false;
      }
    }
  }
  else { //Derive the key
    derived_key = generate_derivedkey(password, salt_, iteration_);
    if(derived_key.empty()) return false;
    //std::cout<<"Derived Key: "<<derived_key<<std::endl;
  } 
  return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:

bool Arc::UsernameToken::Authenticate ( std::istream &  password,
std::string &  derived_key 
)

Checks parsed token against password stored in specified stream.

If token is meant to be used for deriving a key then key is returned in derived_key

Definition at line 319 of file UsernameToken.cpp.

                                                                            {
  //Get the original password for this user
  std::string passwd_text = get_password_from_file(password, username_);
  //std::cout<<"Password get from local file -----"<<passwd_text<<std::endl;
  return Authenticate(passwd_text,derived_key);
}

Here is the call graph for this function:

bool Arc::UsernameToken::Check ( SOAPEnvelope &  soap) [static, private]

Tells if specified SOAP header has WSSE element and UsernameToken inside the WSSE element.

Definition at line 224 of file UsernameToken.cpp.

                                            {
  XMLNode header = soap.Header();
  if(header.NamespacePrefix(WSSE_NAMESPACE).empty()){ 
    std::cerr<<"No wsse namespace in SOAP Header"<<std::endl;
    return false;
  }
  XMLNode wsse;
  if(!(wsse=header["wsse:Security"])) {
    std::cerr<<"No Security element in SOAP Header"<<std::endl;
    return false;
  };
  if(!wsse["wsse:UsernameToken"]) {
    std::cerr<<"No UsernameToken element in SOAP Header"<<std::endl;
    return false;
  };
  return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Arc::UsernameToken::operator bool ( void  )

Returns true of constructor succeeded.

Definition at line 242 of file UsernameToken.cpp.

                                 {
  return (bool)header_;
}
std::string Arc::UsernameToken::Username ( void  )

Returns username associated with this instance.

Definition at line 246 of file UsernameToken.cpp.

                                      {
  return username_;
}

Member Data Documentation

std::string Arc::UsernameToken::created_ [private]

Definition at line 72 of file UsernameToken.h.

Definition at line 15 of file UsernameToken.h.

Definition at line 74 of file UsernameToken.h.

std::string Arc::UsernameToken::nonce_ [private]

Definition at line 71 of file UsernameToken.h.

std::string Arc::UsernameToken::passwdtype_ [private]

Definition at line 70 of file UsernameToken.h.

std::string Arc::UsernameToken::password_ [private]

Definition at line 69 of file UsernameToken.h.

std::string Arc::UsernameToken::salt_ [private]

Definition at line 73 of file UsernameToken.h.

std::string Arc::UsernameToken::uid_ [private]

Definition at line 68 of file UsernameToken.h.

std::string Arc::UsernameToken::username_ [private]

Definition at line 67 of file UsernameToken.h.


The documentation for this class was generated from the following files: