Examples with SASContextBody com.sun.corba.ee.org.omg.CSI.SASContextBody used on opensource projects

Example 1 with SASContextBody

use of com.sun.corba.ee.org.omg.CSI.SASContextBody in project Payara by payara.

the class SecClientRequestInterceptor method send_request.

/**
 * send_request() interception point adds the security context to the service context field.
 */
@Override
public void send_request(ClientRequestInfo ri) throws ForwardRequest {
    /**
     * CSIV2 level 0 implementation only requires stateless clients. Client context id is therefore
     * always set to 0.
     */
    // CSIV2 requires type to be long
    long cContextId = 0;
    // XXX: Workaround for non-null connection object ri for local invocation.
    ConnectionExecutionContext.removeClientThreadID();
    /**
     * CSIV2 level 0 implementation does not require any authorization tokens to be sent over the wire.
     * So set cAuthzElem to empty.
     */
    AuthorizationElement[] cAuthzElem = {};
    /* Client identity token to be added to the service context field */
    IdentityToken cIdentityToken = null;
    /* Client authentication token to be added to the service context field */
    byte[] cAuthenticationToken = {};
    /* CDR encoded Security Attribute Service element */
    byte[] cdr_encoded_saselm = null;
    // A single JAAS credential
    java.lang.Object cred = null;
    if (_logger.isLoggable(Level.FINE))
        _logger.log(Level.FINE, "++++ Entered " + prname + "send_request" + "()");
    // SecurityContext to be sent
    SecurityContext secctxt = null;
    ORB orb = orbHelper.getORB();
    org.omg.CORBA.Object effective_target = ri.effective_target();
    try {
        secctxt = secContextUtil.getSecurityContext(effective_target);
    } catch (InvalidMechanismException ime) {
        _logger.log(Level.SEVERE, "iiop.sec_context_exception", ime);
        throw new RuntimeException(ime.getMessage());
    } catch (InvalidIdentityTokenException iite) {
        _logger.log(Level.SEVERE, "iiop.runtime_exception", iite);
        throw new RuntimeException(iite.getMessage());
    }
    /**
     * In an unprotected invocation, there is nothing to be sent to the service context field. Check for
     * this case.
     */
    if (secctxt == null) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Security context is null (nothing to add to service context)");
        }
        return;
    }
    final SecurityContext sCtx = secctxt;
    /* Construct an authentication token */
    if (secctxt.authcls != null) {
        cred = AccessController.doPrivileged(new PrivilegedAction() {

            @Override
            public java.lang.Object run() {
                return getCred(sCtx.subject.getPrivateCredentials(sCtx.authcls), sCtx.authcls);
            }
        });
        try {
            SecurityMechanismSelector sms = Lookups.getSecurityMechanismSelector();
            ConnectionContext cc = sms.getClientConnectionContext();
            CompoundSecMech mech = cc.getMechanism();
            cAuthenticationToken = createAuthToken(cred, secctxt.authcls, orb, mech);
        } catch (Exception e) {
            _logger.log(Level.SEVERE, "iiop.createauthtoken_exception", e);
            throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_authtok_create", "Error while constructing an authentication token."));
        }
    }
    /* Construct an identity token */
    if (secctxt.identcls != null) {
        cred = getCred(secctxt.subject.getPublicCredentials(secctxt.identcls), secctxt.identcls);
        try {
            cIdentityToken = createIdToken(cred, secctxt.identcls, orb);
        } catch (Exception e) {
            _logger.log(Level.SEVERE, "iiop.createidtoken_exception", e);
            throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_idtok_create", "Error while constructing an identity token."));
        }
    } else {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Constructing an Absent Identity Token");
        }
        cIdentityToken = new IdentityToken();
        cIdentityToken.absent(true);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Creating an EstablishContext message");
    }
    EstablishContext ec = new EstablishContext(cContextId, cAuthzElem, cIdentityToken, cAuthenticationToken);
    SASContextBody sasctxbody = new SASContextBody();
    sasctxbody.establish_msg(ec);
    /* CDR encode the SASContextBody */
    Any SasAny = orb.create_any();
    SASContextBodyHelper.insert(SasAny, sasctxbody);
    try {
        cdr_encoded_saselm = codec.encode_value(SasAny);
    } catch (Exception e) {
        _logger.log(Level.SEVERE, "iiop.encode_exception", e);
        throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_cdr_encode", "CDR Encoding error for a SAS context element."));
    }
    /* add SAS element to service context list */
    ServiceContext sc = new ServiceContext();
    sc.context_id = SECURITY_ATTRIBUTE_SERVICE_ID;
    sc.context_data = cdr_encoded_saselm;
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Adding EstablishContext message to service context list");
    }
    boolean no_replace = false;
    ri.add_request_service_context(sc, no_replace);
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Added EstablishContext message to service context list");
    }
}

Example 2 with SASContextBody

use of com.sun.corba.ee.org.omg.CSI.SASContextBody in project Payara by payara.

the class Counter method receive_request.

@Override
public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    // SecurityContext to be sent
    SecurityContext securityContext = null;
    // service context
    ServiceContext serviceContext = null;
    int status = 0;
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "++++ Entered " + prname + "receive_request");
    }
    ORB orb = orbHelper.getORB();
    try {
        serviceContext = serverRequestInfo.get_request_service_context(SECURITY_ATTRIBUTE_SERVICE_ID);
        if (serviceContext == null) {
            handle_null_service_context(serverRequestInfo, orb);
            return;
        }
    } catch (BAD_PARAM e) {
        handle_null_service_context(serverRequestInfo, orb);
        return;
    }
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "Received a non null SAS context element");
    }
    // Decode the service context field
    Any SasAny;
    try {
        SasAny = codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type());
    } catch (Exception e) {
        logger.log(SEVERE, "iiop.decode_exception", e);
        throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_cdr_decode", "CDR Decoding error for SAS context element."));
    }
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "Successfully decoded CDR encoded SAS context element.");
    }
    SASContextBody sasctxbody = SASContextBodyHelper.extract(SasAny);
    short sasdiscr = sasctxbody.discriminator();
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "SAS context element is a/an " + SvcContextUtils.getMsgname(sasdiscr) + " message");
    }
    if (sasdiscr == MTMessageInContext.value) {
        sasctxbody = createContextError(SvcContextUtils.MessageInContextMinor);
        serviceContext = createSvcContext(sasctxbody, orb);
        if (logger.isLoggable(FINE)) {
            logger.log(FINE, "Adding ContextError message to service context list");
            logger.log(FINE, "SecurityContext set to null");
        }
        serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
        throw new NO_PERMISSION();
    }
    if (sasdiscr != MTEstablishContext.value) {
        logger.log(SEVERE, "iiop.not_establishcontext_msg");
        throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_not_ec_msg", "Received message not an EstablishContext message."));
    }
    EstablishContext establishContext = sasctxbody.establish_msg();
    securityContext = new SecurityContext();
    securityContext.subject = new Subject();
    try {
        if (establishContext.client_authentication_token.length != 0) {
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Message contains Client Authentication Token");
            }
            createAuthCredential(securityContext, establishContext.client_authentication_token, orb);
        }
    } catch (Exception e) {
        logger.log(SEVERE, "iiop.authentication_exception", e);
        throw new SecurityException(localStrings.getLocalString("secsercverreqinterceptor.err_cred_create", "Error while creating a JAAS subject credential."));
    }
    try {
        if (establishContext.identity_token != null) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Message contains an Identity Token");
            }
            createIdCred(securityContext, establishContext.identity_token);
        }
    } catch (SecurityException secex) {
        logger.log(SEVERE, "iiop.security_exception", secex);
        sasctxbody = createContextError(INVALID_MECHANISM_MAJOR, INVALID_MECHANISM_MINOR);
        serviceContext = createSvcContext(sasctxbody, orb);
        serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
        throw new NO_PERMISSION();
    } catch (Exception e) {
        logger.log(SEVERE, "iiop.generic_exception", e);
        throw new SecurityException(localStrings.getLocalString("secsercverreqinterceptor.err_cred_create", "Error while creating a JAAS subject credential."));
    }
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "Invoking setSecurityContext() to set security context");
    }
    status = secContextUtil.setSecurityContext(securityContext, serverRequestInfo.object_id(), serverRequestInfo.operation(), getServerSocket());
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "setSecurityContext() returned status code " + status);
    }
    /**
     * CSIV2 SPEC NOTE:
     *
     * If ec.client_context_id is non zero, then this is a stateful request. As specified in section
     * 4.2.1, a stateless server must attempt to validate the security tokens in the security context
     * field. If validation succeeds then CompleteEstablishContext message is sent back. If validation
     * fails, a ContextError must be sent back.
     */
    if (status == STATUS_FAILED) {
        if (logger.isLoggable(FINE)) {
            logger.log(FINE, "setSecurityContext() returned STATUS_FAILED");
        }
        sasctxbody = createContextError(status);
        serviceContext = createSvcContext(sasctxbody, orb);
        if (logger.isLoggable(FINE)) {
            logger.log(FINE, "Adding ContextError message to service context list");
        }
        serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
        throw new NO_PERMISSION();
    }
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "setSecurityContext() returned SUCCESS");
    }
    sasctxbody = createCompleteEstablishContext(status);
    serviceContext = createSvcContext(sasctxbody, orb);
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "Adding CompleteEstablisContext message to service context list");
    }
    serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
}

Example 3 with SASContextBody

use of com.sun.corba.ee.org.omg.CSI.SASContextBody in project Payara by payara.

the class Counter method handle_null_service_context.

private void handle_null_service_context(ServerRequestInfo serverRequestInfo, ORB orb) {
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "No SAS context element found in service context list for operation: " + serverRequestInfo.operation());
    }
    ServiceContext serviceContext = null;
    int secStatus = secContextUtil.setSecurityContext(null, serverRequestInfo.object_id(), serverRequestInfo.operation(), getServerSocket());
    if (secStatus == STATUS_FAILED) {
        SASContextBody sasctxbody = createContextError(INVALID_MECHANISM_MAJOR, INVALID_MECHANISM_MINOR);
        serviceContext = createSvcContext(sasctxbody, orb);
        serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "SecServerRequestInterceptor.receive_request: NO_PERMISSION");
        }
        throw new NO_PERMISSION();
    }
}

Example 4 with SASContextBody

use of com.sun.corba.ee.org.omg.CSI.SASContextBody in project Payara by payara.

the class Counter method createCompleteEstablishContext.

/**
 * Create a CompleteEstablishContext Message. This currently works only for the GSSUP mechanism.
 */
private SASContextBody createCompleteEstablishContext(int status) {
    /**
     * CSIV2 SPEC NOTE:
     *
     * Check CSIV2 spec to make sure that there is no final_context_token for GSSUP mechanism
     */
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "Creating CompleteEstablishContext message");
    }
    byte[] final_context_token = {};
    CompleteEstablishContext completeEstablishContext = new // stateless client id
    CompleteEstablishContext(// stateless client id
    0, // for stateless
    false, final_context_token);
    SASContextBody sasctxtbody = new SASContextBody();
    sasctxtbody.complete_msg(completeEstablishContext);
    return sasctxtbody;
}

Example 5 with SASContextBody

use of com.sun.corba.ee.org.omg.CSI.SASContextBody in project Payara by payara.

the class SecClientRequestInterceptor method receive_reply.

@Override
public void receive_reply(ClientRequestInfo ri) {
    ServiceContext sc = null;
    int status = -1;
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "++++ Entered " + prname + "receive_reply");
    }
    /**
     * get the service context element from the reply and decode the mesage.
     */
    try {
        sc = ri.get_reply_service_context(SECURITY_ATTRIBUTE_SERVICE_ID);
        if (sc == null) {
            handle_null_service_context(ri);
            return;
        }
    } catch (org.omg.CORBA.BAD_PARAM e) {
        handle_null_service_context(ri);
        return;
    } catch (Exception ex) {
        _logger.log(Level.SEVERE, "iiop.service_context_exception", ex);
        return;
    }
    Any a;
    try {
        // decode the CDR encoding
        a = codec.decode_value(sc.context_data, SASContextBodyHelper.type());
    } catch (Exception e) {
        _logger.log(Level.SEVERE, "iiop.decode_exception", e);
        throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_cdr_decode", "CDR Decoding error for SAS context element."));
    }
    SASContextBody sasctxbody = SASContextBodyHelper.extract(a);
    short sasdiscr = sasctxbody.discriminator();
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Received " + SvcContextUtils.getMsgname(sasdiscr) + " message");
    }
    /**
     * Verify that either a CompleteEstablishContext msg or an ContextError message was received.
     */
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Verifying the SAS protocol reply message");
    }
    if ((sasdiscr != MTCompleteEstablishContext.value) && (sasdiscr != MTContextError.value)) {
        _logger.log(Level.SEVERE, "iiop.invalid_reply_message");
        throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_not_cecec_msg", "Reply message not one of CompleteEstablishContext or ContextError."));
    }
    /* Map the error code */
    int st = mapreplyStatus(ri.reply_status());
    setreplyStatus(st, ri.effective_target());
}