Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Public Member Functions | Static Protected Attributes | Private Types | Private Attributes
ArcSec::X509TokenSH Class Reference

Adds WS-Security X509 Token into SOAP Header. More...

#include <X509TokenSH.h>

Inheritance diagram for ArcSec::X509TokenSH:
Inheritance graph
[legend]
Collaboration diagram for ArcSec::X509TokenSH:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 X509TokenSH (Arc::Config *cfg, Arc::ChainContext *ctx)
virtual ~X509TokenSH (void)
virtual bool Handle (Arc::Message *msg) const

Static Public Member Functions

static Arc::Pluginget_sechandler (Arc::PluginArgument *arg)

Static Protected Attributes

static Arc::Logger logger

Private Types

enum  { process_none, process_extract, process_generate }
enum  { signature, encryption }

Private Attributes

enum ArcSec::X509TokenSH:: { ... }  process_type_
enum ArcSec::X509TokenSH:: { ... }  usage_type_
std::string cert_file_
std::string key_file_
std::string ca_file_
std::string ca_dir_

Detailed Description

Adds WS-Security X509 Token into SOAP Header.

Definition at line 14 of file X509TokenSH.h.


Member Enumeration Documentation

anonymous enum [private]
Enumerator:
process_none 
process_extract 
process_generate 

Definition at line 16 of file X509TokenSH.h.

anonymous enum [private]
Enumerator:
signature 
encryption 

Definition at line 21 of file X509TokenSH.h.


Constructor & Destructor Documentation

Definition at line 34 of file X509TokenSH.cpp.

                                                 :SecHandler(cfg){
  if(!init_xmlsec()) return;
  process_type_=process_none;
  std::string process_type = (std::string)((*cfg)["Process"]);
  if(process_type == "generate") { 
    cert_file_=(std::string)((*cfg)["CertificatePath"]);
    if(cert_file_.empty()) {
      logger.msg(ERROR,"Missing or empty CertificatePath element");
      return;
    };
    key_file_=(std::string)((*cfg)["KeyPath"]);
    if(key_file_.empty()) {
      logger.msg(ERROR,"Missing or empty KeyPath element");
      return;
    };
    process_type_=process_generate;
  } else if(process_type == "extract") {
    //If ca file does not exist, we can only verify the signature by
    //using the certificate in the incoming wssecurity; we can not authenticate
    //the the message because we can not check the certificate chain without 
    //trusted ca.
    ca_file_=(std::string)((*cfg)["CACertificatePath"]);
    ca_dir_=(std::string)((*cfg)["CACertificatesDir"]);
    if(ca_file_.empty() && ca_dir_.empty()) {
      logger.msg(INFO,"Missing or empty CertificatePath or CACertificatesDir element; will only check the signature, will not do message authentication");
    };
    process_type_=process_extract;
  } else {
    logger.msg(ERROR,"Processing type not supported: %s",process_type);
    return;
  };
}

Here is the call graph for this function:

Here is the caller graph for this function:

ArcSec::X509TokenSH::~X509TokenSH ( void  ) [virtual]

Definition at line 67 of file X509TokenSH.cpp.

                          {
  final_xmlsec();
}

Here is the call graph for this function:


Member Function Documentation

Definition at line 17 of file X509TokenSH.cpp.

                                                                   {
    ArcSec::SecHandlerPluginArgument* shcarg =
            arg?dynamic_cast<ArcSec::SecHandlerPluginArgument*>(arg):NULL;
    if(!shcarg) return NULL;
    return new ArcSec::X509TokenSH((Arc::Config*)(*shcarg),(Arc::ChainContext*)(*shcarg));
}

Here is the call graph for this function:

bool ArcSec::X509TokenSH::Handle ( Arc::Message msg) const [virtual]

Implements ArcSec::SecHandler.

Definition at line 71 of file X509TokenSH.cpp.

                                              {
  if(process_type_ == process_extract) {
    try {
      PayloadSOAP* soap = dynamic_cast<PayloadSOAP*>(msg->Payload());
      X509Token xt(*soap);
      if(!xt) {
        logger.msg(ERROR,"Failed to parse X509 Token from incoming SOAP");
        return false;
      };
      if(!xt.Authenticate()) {
        logger.msg(ERROR, "Failed to verify X509 Token inside the incoming SOAP");
        return false;
      };
      if((!ca_file_.empty() || !ca_dir_.empty()) && !xt.Authenticate(ca_file_, ca_dir_)) {
        logger.msg(ERROR, "Failed to authenticate X509 Token inside the incoming SOAP");
        return false;
      };
      logger.msg(INFO, "Succeeded to authenticate X509Token");
    } catch(std::exception) {
      logger.msg(ERROR,"Incoming Message is not SOAP");
      return false;
    }  
  } else if(process_type_ == process_generate) {
    try {
      PayloadSOAP* soap = dynamic_cast<PayloadSOAP*>(msg->Payload());
      X509Token xt(*soap, cert_file_, key_file_);
      if(!xt) {
        logger.msg(ERROR,"Failed to generate X509 Token for outgoing SOAP");
        return false;
      };
      //Reset the soap message
      (*soap) = xt;
    } catch(std::exception) {
      logger.msg(ERROR,"Outgoing Message is not SOAP");
      return false;
    }
  } else {
    logger.msg(ERROR,"X509 Token handler is not configured");
    return false;
  } 
  return true;
}

Here is the call graph for this function:


Member Data Documentation

std::string ArcSec::X509TokenSH::ca_dir_ [private]

Definition at line 28 of file X509TokenSH.h.

std::string ArcSec::X509TokenSH::ca_file_ [private]

Definition at line 27 of file X509TokenSH.h.

std::string ArcSec::X509TokenSH::cert_file_ [private]

Definition at line 25 of file X509TokenSH.h.

std::string ArcSec::X509TokenSH::key_file_ [private]

Definition at line 26 of file X509TokenSH.h.

Arc::Logger ArcSec::SecHandler::logger [static, protected, inherited]

Reimplemented in ArcSec::DelegationSH.

Definition at line 31 of file SecHandler.h.

enum { ... } ArcSec::X509TokenSH::process_type_ [private]
enum { ... } ArcSec::X509TokenSH::usage_type_ [private]

The documentation for this class was generated from the following files: