shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-08 21:17:43 +03:00
Code Releases Wiki Activity

feature #513: Moved SSL utils to a common Helper Class

Browse Source
This commit is contained in:
Ruben S. Montero 2011-05-12 17:20:52 +02:00
parent 3ba628af76
commit 5bfec3ab96
12 changed files with 166 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/AuthManager.h
View File

@ -457,13 +457,6 @@ private:
*/ */
void do_action(const string &name, void *args){}; void do_action(const string &name, void *args){};
/**
* Base 64 encoding
* @param in the string to encoded
* @return a pointer to the encoded string (must be freed) or 0 in case of
* error
*/
static string * base64_encode(const string& in);
}; };

51
include/SSLTools.h Normal file
View File

@ -0,0 +1,51 @@
/* ------------------------------------------------------------------------ */
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------*/
#ifndef SSL_TOOLS_H_
#define SSL_TOOLS_H_
#include <string>
using namespace std;
/**
* The SSLTools class provides a simple interface to common SSL utils used
* in OpenNebula
*/
class SSLTools
{
public:
/**
* sha1 digest
* @param in the string to be hashed
* @return sha1 hash of str
*/
static string sha1_digest(const string& in);
/**
* Base 64 encoding
* @param in the string to encoded
* @return a pointer to the encoded string (must be freed) or 0 in case of
* error
*/
static string * base64_encode(const string& in);
private:
SSLTools(){};
~SSLTools(){};
};
#endif /*SSL_TOOLS_H_*/

7
include/User.h
View File

@ -94,13 +94,6 @@ public:
**/ **/
static int split_secret(const string secret, string& user, string& pass); static int split_secret(const string secret, string& user, string& pass);
/**
* "Encrypts" the password with SHA1 digest
* @param password
* @return sha1 encrypted password
*/
static string sha1_digest(const string& pass);
private: private:
// ------------------------------------------------------------------------- // -------------------------------------------------------------------------
// Friends // Friends

43
src/authm/AuthManager.cc
View File

@ -16,15 +16,10 @@
#include "AuthManager.h" #include "AuthManager.h"
#include "NebulaLog.h" #include "NebulaLog.h"
#include "SSLTools.h"
#include "Nebula.h" #include "Nebula.h"
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/buffer.h>
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
@ -35,40 +30,6 @@ const char * AuthManager::auth_driver_name = "auth_exe";
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
string * AuthRequest::base64_encode(const string& in)
{
BIO * bio_mem;
BIO * bio_64;
char * encoded_c;
long int size;
bio_64 = BIO_new(BIO_f_base64());
bio_mem = BIO_new(BIO_s_mem());
BIO_push(bio_64, bio_mem);
BIO_set_flags(bio_64,BIO_FLAGS_BASE64_NO_NL);
BIO_write(bio_64, in.c_str(), in.length());
if (BIO_flush(bio_64) != 1)
{
return 0;
}
size = BIO_get_mem_data(bio_mem,&encoded_c);
string * encoded = new string(encoded_c,size);
BIO_free_all(bio_64);
return encoded;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void AuthRequest::add_auth(Object ob, void AuthRequest::add_auth(Object ob,
const string& ob_id, const string& ob_id,
Operation op, Operation op,
@ -91,7 +52,7 @@ void AuthRequest::add_auth(Object ob,
if (op == CREATE || op == INSTANTIATE) //encode the ob_id, it is a template if (op == CREATE || op == INSTANTIATE) //encode the ob_id, it is a template
{ {
string * encoded_id = base64_encode(ob_id); string * encoded_id = SSLTools::base64_encode(ob_id);
if (encoded_id != 0) if (encoded_id != 0)
{ {

2
src/authm/test/SConstruct
View File

@ -17,10 +17,10 @@ Import('env')
env.Prepend(LIBS=[ env.Prepend(LIBS=[
'nebula_template', 'nebula_template',
'nebula_authm',
'nebula_common', 'nebula_common',
'nebula_core', 'nebula_core',
'nebula_mad', 'nebula_mad',
'nebula_authm',
'nebula_sql', 'nebula_sql',
'nebula_log', 'nebula_log',
'crypto' 'crypto'

3
src/common/SConstruct
View File

@ -24,7 +24,8 @@ lib_name='nebula_common'
source_files=[ source_files=[
'ActionManager.cc', 'ActionManager.cc',
'Attribute.cc', 'Attribute.cc',
'mem_collector.c' 'mem_collector.c',
'SSLTools.cc'
] ]
# Build library # Build library

98
src/common/SSLTools.cc Normal file
View File

@ -0,0 +1,98 @@
/* -------------------------------------------------------------------------- */
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/buffer.h>
#include "SSLTools.h"
#include <string>
#include <sstream>
#include <iomanip>
//#include <iostream>
//#include <sys/types.h>
//#include <pwd.h>
//#include <stdlib.h>
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
string * SSLTools::base64_encode(const string& in)
{
BIO * bio_mem;
BIO * bio_64;
char * encoded_c;
long int size;
bio_64 = BIO_new(BIO_f_base64());
bio_mem = BIO_new(BIO_s_mem());
BIO_push(bio_64, bio_mem);
BIO_set_flags(bio_64,BIO_FLAGS_BASE64_NO_NL);
BIO_write(bio_64, in.c_str(), in.length());
if (BIO_flush(bio_64) != 1)
{
return 0;
}
size = BIO_get_mem_data(bio_mem,&encoded_c);
string * encoded = new string(encoded_c,size);
BIO_free_all(bio_64);
return encoded;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
string SSLTools::sha1_digest(const string& in)
{
EVP_MD_CTX mdctx;
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
ostringstream oss;
EVP_MD_CTX_init(&mdctx);
EVP_DigestInit_ex(&mdctx, EVP_sha1(), NULL);
EVP_DigestUpdate(&mdctx, in.c_str(), in.length());
EVP_DigestFinal_ex(&mdctx,md_value,&md_len);
EVP_MD_CTX_cleanup(&mdctx);
for(unsigned int i = 0; i<md_len; i++)
{
oss << setfill('0') << setw(2) << hex << nouppercase
<< (unsigned short) md_value[i];
}
return oss.str();
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */

12
src/scheduler/include/Client.h
View File

@ -82,6 +82,11 @@ public:
private: private:
/**
* Default message size for XML data off the network
*/
static const int MESSAGE_SIZE;
string one_auth; string one_auth;
string one_endpoint; string one_endpoint;
@ -92,13 +97,6 @@ private:
int read_oneauth(string &secret); int read_oneauth(string &secret);
int split_secret(const string secret, string& user, string& pass); int split_secret(const string secret, string& user, string& pass);
string sha1_digest(const string& pass);
/**
* Default message size for XML data off the network
*/
static const int MESSAGE_SIZE;
}; };
#endif /*ONECLIENT_H_*/ #endif /*ONECLIENT_H_*/

34
src/scheduler/src/client/Client.cc
View File

@ -15,6 +15,7 @@
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
#include "Client.h" #include "Client.h"
#include "SSLTools.h"
#include <fstream> #include <fstream>
#include <pwd.h> #include <pwd.h>
@ -25,12 +26,8 @@
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <iostream>
#include <sstream> #include <sstream>
#include <openssl/evp.h>
#include <iomanip>
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
@ -57,7 +54,7 @@ void Client::set_one_auth(string secret)
if( rc == 0 ) if( rc == 0 )
{ {
string sha1_pass = sha1_digest(pass); string sha1_pass = SSLTools::sha1_digest(pass);
one_auth = user + ":" + sha1_pass; one_auth = user + ":" + sha1_pass;
} }
@ -157,33 +154,6 @@ int Client::split_secret(const string secret, string& user, string& pass)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
string Client::sha1_digest(const string& pass)
{
EVP_MD_CTX mdctx;
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
ostringstream oss;
EVP_MD_CTX_init(&mdctx);
EVP_DigestInit_ex(&mdctx, EVP_sha1(), NULL);
EVP_DigestUpdate(&mdctx, pass.c_str(), pass.length());
EVP_DigestFinal_ex(&mdctx,md_value,&md_len);
EVP_MD_CTX_cleanup(&mdctx);
for(unsigned int i = 0; i<md_len; i++)
{
oss << setfill('0') << setw(2) << hex << nouppercase
<< (unsigned short) md_value[i];
}
return oss.str();
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void Client::set_one_endpoint(string endpoint) void Client::set_one_endpoint(string endpoint)
{ {
one_endpoint = "http://localhost:2633/RPC2"; one_endpoint = "http://localhost:2633/RPC2";

28
src/um/User.cc
View File

@ -20,8 +20,6 @@
#include <iostream> #include <iostream>
#include <sstream> #include <sstream>
#include <openssl/evp.h>
#include <iomanip> #include <iomanip>
#include "User.h" #include "User.h"
@ -206,29 +204,3 @@ int User::split_secret(const string secret, string& user, string& pass)
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
string User::sha1_digest(const string& pass)
{
EVP_MD_CTX mdctx;
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
ostringstream oss;
EVP_MD_CTX_init(&mdctx);
EVP_DigestInit_ex(&mdctx, EVP_sha1(), NULL);
EVP_DigestUpdate(&mdctx, pass.c_str(), pass.length());
EVP_DigestFinal_ex(&mdctx,md_value,&md_len);
EVP_MD_CTX_cleanup(&mdctx);
for(unsigned int i = 0; i<md_len; i++)
{
oss << setfill('0') << setw(2) << hex << nouppercase
<< (unsigned short) md_value[i];
}
return oss.str();
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */

3
src/um/UserPool.cc
View File

@ -22,6 +22,7 @@
#include "NebulaLog.h" #include "NebulaLog.h"
#include "Nebula.h" #include "Nebula.h"
#include "AuthManager.h" #include "AuthManager.h"
#include "SSLTools.h"
#include <fstream> #include <fstream>
#include <sys/types.h> #include <sys/types.h>
@ -85,7 +86,7 @@ UserPool::UserPool(SqlDB * db):PoolSQL(db,User::table)
if (User::split_secret(one_token,one_name,one_pass) == 0) if (User::split_secret(one_token,one_name,one_pass) == 0)
{ {
string error_str; string error_str;
string sha1_pass = User::sha1_digest(one_pass); string sha1_pass = SSLTools::sha1_digest(one_pass);
allocate(&one_uid, one_name, sha1_pass, true, error_str); allocate(&one_uid, one_name, sha1_pass, true, error_str);
} }

5
src/um/test/UserPoolTest.cc
View File

@ -20,6 +20,7 @@
#include "UserPool.h" #include "UserPool.h"
#include "PoolTest.h" #include "PoolTest.h"
#include "SSLTools.h"
using namespace std; using namespace std;
@ -119,7 +120,7 @@ public:
string st = "top_secret_string"; string st = "top_secret_string";
string sha1 = "773260f433f7fd6f89c1f1bfc32e080fc0748478"; string sha1 = "773260f433f7fd6f89c1f1bfc32e080fc0748478";
CPPUNIT_ASSERT( sha1 == User::sha1_digest(st) ); CPPUNIT_ASSERT( sha1 == SSLTools::sha1_digest(st) );
} }
void split_secret() void split_secret()
@ -151,7 +152,7 @@ public:
CPPUNIT_ASSERT( user->get_oid() == 0 ); CPPUNIT_ASSERT( user->get_oid() == 0 );
CPPUNIT_ASSERT( user->get_name() == "one_user_test" ); CPPUNIT_ASSERT( user->get_name() == "one_user_test" );
CPPUNIT_ASSERT( user->get_password() == User::sha1_digest("password") ); CPPUNIT_ASSERT( user->get_password() == SSLTools::sha1_digest("password") );
} }
void authenticate() void authenticate()