TAO/orbsvcs/DevGuideExamples/Security/PolicyControllingApp/MessengerClient.cpp

   1 /* -*- C++ -*-  */
   2
   3 #include "ace/Get_Opt.h"
   4
   5 #include "MessengerC.h"
   6 #include "orbsvcs/SecurityC.h"
   7
   8 // Policy Example 1
   9 // ================
  10 //
  11 // Example of a client that downgrades
  12 // from message protection to no message
  13 // protection and upgrades from no
  14 // peer authentication to authentication
  15 // of targets, i.e., authentication of
  16 // servers.
  17 //
  18 // The server's service configuration file
  19 // for this example is
  20 //
  21 // # server.conf
  22 // dynamic SSLIOP_Factory Service_Object *
  23 //   TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()
  24 //   "-SSLNoProtection
  25 //   -SSLAuthenticate SERVER_AND_CLIENT
  26 //   -SSLPrivateKey PEM:server_key.pem
  27 //   -SSLCertificate PEM:server_cert.pem"
  28 //
  29 // static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
  30 //
  31 // The clients service configuration file
  32 // for this example is:
  33 //
  34 // # client.conf
  35 // dynamic SSLIOP_Factory Service_Object *
  36 //   TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()
  37 //   "-SSLAuthenticate NONE
  38 //   -SSLPrivateKey PEM:client_key.pem
  39 //   -SSLCertificate PEM:client_cert.pem"
  40 //
  41 // static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
  42 //
  43 // Policy Example 2
  44 // ================
  45 //
  46 // Example of client upgrading from
  47 // no message protection and no
  48 // no authentication to message
  49 // protection and authentication
  50 // of targets, i.e., authentication
  51 // of servers.
  52 //
  53 // The server's service configuration file for this example is
  54 //
  55 // # server.conf
  56 // dynamic SSLIOP_Factory Service_Object *
  57 //   TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()
  58 //   "-SSLAuthenticate SERVER_AND_CLIENT
  59 //   -SSLPrivateKey PEM:serverkey.pem
  60 //   -SSLCertificate PEM:servercert.pem"
  61 //
  62 // static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
  63 //
  64 // The client's service configuration file
  65 // for this example is:
  66 //
  67 // # client.conf
  68 // dynamic SSLIOP_Factory Service_Object *
  69 //   TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()
  70 //   "-SSLNoProtection
  71 //   -SSLAuthenticate NONE
  72 //   -SSLPrivateKey PEM:clientkey.pem
  73 //   -SSLCertificate PEM:clientcert.pem"
  74 //
  75 // static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"
  76 //
  77
  78 const ACE_TCHAR *ior = ACE_TEXT("file://Messenger.ior");
  79
  80 int which = 0;
  81
  82 int
  83 parse_args (int argc, ACE_TCHAR *argv[])
  84 {
  85   ACE_Get_Opt get_opts (argc, argv, ACE_TEXT("e:k:"));
  86   int c;
  87
  88   while ((c = get_opts ()) != -1)
  89     switch (c)
  90       {
  91       case 'k':
  92         ior = get_opts.opt_arg ();
  93         break;
  94       case 'e':
  95         which = ACE_OS::atoi(get_opts.optarg);
  96     if(which < 1 || 2 < which)
  97             ACE_ERROR_RETURN ((LM_ERROR,
  98                                "Usage:  %s "
  99                                "-e [12] "
 100                                "-k <ior>"
 101                                "\n",
 102                                argv [0]),
 103                               -1);
 104         break;
 105       case '?':
 106       default:
 107         ACE_ERROR_RETURN ((LM_ERROR,
 108                            "Usage:  %s "
 109                            "-e [12] "
 110                            "-k <ior>"
 111                            "\n",
 112                            argv [0]),
 113                           -1);
 114       }
 115   // Indicates successful parsing of the command line
 116   return 0;
 117 }
 118
 119 int
 120 ACE_TMAIN (int argc, ACE_TCHAR *argv[])
 121 {
 122   try {
 123
 124     CORBA::ORB_var orb =
 125       CORBA::ORB_init( argc, argv );
 126
 127     if (parse_args (argc, argv) != 0)
 128       return 1;
 129     else if(which < 1 || 2 < which)
 130       return 1;
 131
 132     CORBA::Object_var obj =
 133       orb->string_to_object( ior );
 134
 135     Security::QOP            qop;
 136     CORBA::Any               protection;
 137     Security::EstablishTrust establish_trust;
 138     CORBA::Any               trust;
 139     CORBA::PolicyList        policy_list (2);
 140
 141     if (which == 1)
 142     {
 143       qop = Security::SecQOPNoProtection;
 144       //qop = Security::SecQOPIntegrity;
 145
 146       establish_trust.trust_in_client = 0;
 147       establish_trust.trust_in_target = 1;
 148     }
 149     else
 150     {
 151       qop = Security::SecQOPIntegrityAndConfidentiality;
 152
 153       establish_trust.trust_in_client = 0;
 154       establish_trust.trust_in_target = 1;
 155     }
 156
 157     protection <<= qop;
 158     trust      <<= establish_trust;
 159
 160     CORBA::Policy_var policy =
 161     orb->create_policy (Security::SecQOPPolicy, protection);
 162
 163     CORBA::Policy_var policy2 =
 164     orb->create_policy (Security::SecEstablishTrustPolicy, trust);
 165
 166     policy_list.length (1);
 167     policy_list[0] = CORBA::Policy::_duplicate (policy.in ());
 168     policy_list.length (2);
 169     policy_list[1] = CORBA::Policy::_duplicate (policy2.in ());
 170
 171     CORBA::Object_var object =
 172     obj->_set_policy_overrides (policy_list,
 173                                   CORBA::SET_OVERRIDE);
 174
 175     Messenger_var messenger =
 176       Messenger::_narrow( object.in() );
 177
 178     CORBA::String_var message =
 179       CORBA::string_dup( "Implementing security policy now!" );
 180
 181     messenger->send_message( "Chief of Security",
 182                              "New Directive",
 183                              message.inout() );
 184   }
 185   catch(const CORBA::Exception& ex) {
 186     ex._tao_print_exception("Client: main block");
 187     return 1;
 188   }
 189
 190   return 0;
 191 }