TAO/orbsvcs/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp

   1 /* -*- C++ -*-  */
   2
   3 #include "ace/Get_Opt.h"
   4
   5 #include "MessengerC.h"
   6 #include "orbsvcs/SecurityC.h"
   7
   8 // Policy Example 1
   9 // ================
  10 //
  11 // Example of a client that downgrades
  12 // from message protection to no message
  13 // protection and upgrades from no
  14 // peer authentication to authentication
  15 // of targets, i.e., authentication of
  16 // servers.
  17 //
  18 // The server's service configuration file
  19 // for this example is
  20 //
  21 // # server.conf
  22 // dynamic SSLIOP_Factory Service_Object *
  23 //   TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()
  24 //   "-SSLNoProtection
  25 //   -SSLAuthenticate SERVER_AND_CLIENT
  26 //   -SSLPrivateKey PEM:server_key.pem
  27 //   -SSLCertificate PEM:server_cert.pem"
  28 //
  29 // static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
  30 //
  31 // The clients service configuration file
  32 // for this example is:
  33 //
  34 // # client.conf
  35 // dynamic SSLIOP_Factory Service_Object *
  36 //   TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()
  37 //   "-SSLAuthenticate NONE
  38 //   -SSLPrivateKey PEM:client_key.pem
  39 //   -SSLCertificate PEM:client_cert.pem"
  40 //
  41 // static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
  42 //
  43 // Policy Example 2
  44 // ================
  45 //
  46 // Example of client upgrading from
  47 // no message protection and no
  48 // no authentication to message
  49 // protection and authentication
  50 // of targets, i.e., authentication
  51 // of servers.
  52 //
  53 // The server's service configuration file for this example is
  54 //
  55 // # server.conf
  56 // dynamic SSLIOP_Factory Service_Object *
  57 //   TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()
  58 //   "-SSLAuthenticate SERVER_AND_CLIENT
  59 //   -SSLPrivateKey PEM:serverkey.pem
  60 //   -SSLCertificate PEM:servercert.pem"
  61 //
  62 // static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
  63 //
  64 // The client's service configuration file
  65 // for this example is:
  66 //
  67 // # client.conf
  68 // dynamic SSLIOP_Factory Service_Object *
  69 //   TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()
  70 //   "-SSLNoProtection
  71 //   -SSLAuthenticate NONE
  72 //   -SSLPrivateKey PEM:clientkey.pem
  73 //   -SSLCertificate PEM:clientcert.pem"
  74 //
  75 // static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
  76 //
  77
  78 const ACE_TCHAR *ior = ACE_TEXT("file://Messenger.ior");
  79
  80 int which = 0;
  81
  82 int
  83 parse_args (int argc, ACE_TCHAR *argv[])
  84 {
  85   ACE_Get_Opt get_opts (argc, argv, ACE_TEXT("e:k:"));
  86   int c;
  87
  88   while ((c = get_opts ()) != -1)
  89     switch (c)
  90       {
  91       case 'k':
  92         ior = get_opts.opt_arg ();
  93         break;
  94       case 'e':
  95         which = ACE_OS::atoi(get_opts.optarg);
  96     if(which < 1 || 2 < which)
  97             ACE_ERROR_RETURN ((LM_ERROR,
  98                                "Usage:  %s "
  99                                "-e [12] "
 100                                "-k <ior>"
 101                                "\n",
 102                                argv [0]),
 103                               -1);
 104         break;
 105       case '?':
 106       default:
 107         ACE_ERROR_RETURN ((LM_ERROR,
 108                            "Usage:  %s "
 109                            "-e [12] "
 110                            "-k <ior>"
 111                            "\n",
 112                            argv [0]),
 113                           -1);
 114       }
 115   // Indicates successful parsing of the command line
 116   return 0;
 117 }
 118
 119 int
 120 ACE_TMAIN (int argc, ACE_TCHAR *argv[])
 121 {
 122   try {
 123     CORBA::ORB_var orb =
 124       CORBA::ORB_init( argc, argv );
 125
 126     if (parse_args (argc, argv) != 0)
 127       return 1;
 128     else if(which < 1 || 2 < which)
 129       return 1;
 130
 131     CORBA::Object_var obj =
 132       orb->string_to_object( ior );
 133
 134     Security::QOP            qop;
 135     CORBA::Any               protection;
 136     Security::EstablishTrust establish_trust;
 137     CORBA::Any               trust;
 138     CORBA::PolicyList        policy_list (2);
 139
 140     if (which == 1)
 141     {
 142       qop = Security::SecQOPNoProtection;
 143       //qop = Security::SecQOPIntegrity;
 144
 145       establish_trust.trust_in_client = 0;
 146       establish_trust.trust_in_target = 1;
 147     }
 148     else
 149     {
 150       qop = Security::SecQOPIntegrityAndConfidentiality;
 151
 152       establish_trust.trust_in_client = 0;
 153       establish_trust.trust_in_target = 1;
 154     }
 155
 156     protection <<= qop;
 157     trust      <<= establish_trust;
 158
 159     CORBA::Policy_var policy =
 160     orb->create_policy (Security::SecQOPPolicy, protection);
 161
 162     CORBA::Policy_var policy2 =
 163     orb->create_policy (Security::SecEstablishTrustPolicy, trust);
 164
 165     policy_list.length (1);
 166     policy_list[0] = CORBA::Policy::_duplicate (policy.in ());
 167     policy_list.length (2);
 168     policy_list[1] = CORBA::Policy::_duplicate (policy2.in ());
 169
 170     CORBA::Object_var object =
 171     obj->_set_policy_overrides (policy_list,
 172                                   CORBA::SET_OVERRIDE);
 173
 174     Messenger_var messenger =
 175       Messenger::_narrow( object.in() );
 176
 177     CORBA::String_var message =
 178       CORBA::string_dup( "Implementing security policy now!" );
 179
 180     messenger->send_message( "Chief of Security",
 181                              "New Directive",
 182                              message.inout() );
 183   }
 184   catch(const CORBA::Exception& ex) {
 185     ex._tao_print_exception("Client: main block");
 186     return 1;
 187   }
 188
 189   return 0;
 190 }