Search in sources :

Example 1 with IIOPProfileTemplate

use of com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate in project Payara by payara.

the class IORToSocketInfoImpl method getSocketInfo.

@Override
public List getSocketInfo(IOR ior, List previous) {
    try {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, baseMsg + ".getSocketInfo->:");
        }
        List result = new ArrayList();
        IIOPProfileTemplate iiopProfileTemplate = (IIOPProfileTemplate) ior.getProfile().getTaggedProfileTemplate();
        IIOPAddress primary = iiopProfileTemplate.getPrimaryAddress();
        Locale loc = Locale.getDefault();
        String host = primary.getHost().toLowerCase(loc);
        String type = null;
        int port = 0;
        ConnectionContext ctx = new ConnectionContext();
        SocketInfo socketInfo = selector.getSSLPort(ior, ctx);
        selector.setClientConnectionContext(ctx);
        if (socketInfo == null) {
            type = SocketInfo.IIOP_CLEAR_TEXT;
            port = primary.getPort();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, baseMsg + ".getSocketInfo: did not find SSL SocketInfo");
            }
        } else {
            type = socketInfo.getType();
            port = socketInfo.getPort();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, baseMsg + ".getSocketInfo: found SSL socketInfo");
            }
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, baseMsg + ".getSocketInfo: Connection Context:" + ctx);
            _logger.log(Level.FINE, baseMsg + ".getSocketInfo: ENDPOINT INFO:type=" + type + ",host=" + host + ", port=" + port);
        }
        // for SSL
        if (socketInfo != null) {
            result.add(socketInfo);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, baseMsg + ".getSocketInfo: returning SSL socketInfo:" + " " + socketInfo.getType() + " " + socketInfo.getHost() + " " + socketInfo.getPort());
            }
            // However, SSL and IIOP-FO is not a supported feature.
            return result;
        }
        // for non-SSL
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, baseMsg + ".getSocketInfo: returning non SSL socketInfo");
        }
        if (!previous.isEmpty()) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, baseMsg + ".getSocketInfo: returning previous socketInfo: " + previous);
            }
            return previous;
        }
        // 
        // Save and add primary address
        // 
        SocketInfo primarySocketInfo = createSocketInfo("primary", type, host, port);
        result.add(primarySocketInfo);
        // 
        // List alternate addresses.
        // 
        Iterator iterator = iiopProfileTemplate.iteratorById(org.omg.IOP.TAG_ALTERNATE_IIOP_ADDRESS.value);
        while (iterator.hasNext()) {
            AlternateIIOPAddressComponent alternate = (AlternateIIOPAddressComponent) iterator.next();
            host = alternate.getAddress().getHost().toLowerCase(loc);
            port = alternate.getAddress().getPort();
            result.add(createSocketInfo("AlternateIIOPAddressComponent", SocketInfo.IIOP_CLEAR_TEXT, host, port));
        }
        synchronized (this) {
            List existing = (List) primaryToAddresses.get(primarySocketInfo);
            if (existing == null) {
                // First time we've seen this primary.
                // Save unrandomized list with primary at head.
                primaryToAddresses.put(primarySocketInfo, result);
                // do not randomize primary
                result.remove(0);
                // Randomized the alternates.
                java.util.Collections.shuffle(result);
                // put primary at head
                result.add(0, primarySocketInfo);
                // Save for subsequent use.
                primaryToRandomizedAddresses.put(primarySocketInfo, result);
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, baseMsg + ".getSocketInfo: initial randomized result: " + result);
                }
                return result;
            } else {
                if (result.equals(existing)) {
                    // The are the same so return the randomized version.
                    result = (List) primaryToRandomizedAddresses.get(primarySocketInfo);
                    if (_logger.isLoggable(Level.FINE)) {
                        _logger.log(Level.FINE, baseMsg + ".getSocketInfo: existing randomized result: " + result);
                    }
                    return result;
                } else {
                    // The lists should be the same.
                    // If not log a warning and return the
                    // non-randomized current list since it is different.
                    _logger.log(Level.FINE, baseMsg + ".getSocketInfo:" + " Address lists do not match: primary: " + primarySocketInfo + "; returning current: " + result + "; existing is: " + existing);
                    return result;
                }
            }
        }
    } catch (Exception ex) {
        _logger.log(Level.WARNING, "Exception getting SocketInfo", ex);
        RuntimeException rte = new RuntimeException(ex);
        rte.initCause(ex);
        throw rte;
    } finally {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, baseMsg + ".getSocketInfo<-:");
        }
    }
}
Also used : Locale(java.util.Locale) IIOPAddress(com.sun.corba.ee.spi.ior.iiop.IIOPAddress) ArrayList(java.util.ArrayList) SocketInfo(com.sun.corba.ee.spi.transport.SocketInfo) IORToSocketInfo(com.sun.corba.ee.spi.transport.IORToSocketInfo) IIOPProfileTemplate(com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate) Iterator(java.util.Iterator) AlternateIIOPAddressComponent(com.sun.corba.ee.spi.ior.iiop.AlternateIIOPAddressComponent) ArrayList(java.util.ArrayList) List(java.util.List)

Example 2 with IIOPProfileTemplate

use of com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate in project Payara by payara.

the class CSIV2TaggedComponentInfo method getSecurityMechanisms.

/**
 * Get the Compound security mechanism list from the given IOR.
 *
 * @param the IOR.
 * @return the array of compound security mechanisms.
 */
public CompoundSecMech[] getSecurityMechanisms(IOR ior) {
    IIOPProfile prof = ior.getProfile();
    IIOPProfileTemplate ptemp = (IIOPProfileTemplate) prof.getTaggedProfileTemplate();
    Iterator<TaggedComponent> itr = ptemp.iteratorById(TAG_CSI_SEC_MECH_LIST.value);
    if (!itr.hasNext()) {
        if (logger.isLoggable(FINE)) {
            logger.log(FINE, "IIOP:TAG_CSI_SEC_MECH_LIST tagged component not found");
        }
        return null;
    }
    TaggedComponent tcomp = itr.next();
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "Component:" + tcomp);
    }
    if (itr.hasNext()) {
        String msg = "More than one TAG_CSI_SEC_MECH_LIST tagged " + "component found ";
        logger.log(Level.SEVERE, "iiop.many_tagged_component");
        throw new RuntimeException(msg);
    }
    org.omg.IOP.TaggedComponent comp = tcomp.getIOPComponent(orb);
    byte[] b = comp.component_data;
    CDRInputObject in = new EncapsInputStream(orb, b, b.length);
    in.consumeEndian();
    CompoundSecMechList l = CompoundSecMechListHelper.read(in);
    CompoundSecMech[] list = l.mechanism_list;
    return list;
}
Also used : CDRInputObject(com.sun.corba.ee.impl.encoding.CDRInputObject) IIOPProfile(com.sun.corba.ee.spi.ior.iiop.IIOPProfile) CompoundSecMechList(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechList) CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech) EncapsInputStream(com.sun.corba.ee.impl.encoding.EncapsInputStream) TaggedComponent(com.sun.corba.ee.spi.ior.TaggedComponent) IIOPProfileTemplate(com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate)

Example 3 with IIOPProfileTemplate

use of com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate in project Payara by payara.

the class SecurityMechanismSelector method getSSLPorts.

public java.util.List<SocketInfo> getSSLPorts(IOR ior, ConnectionContext ctx) {
    CompoundSecMech mechanism = null;
    try {
        mechanism = selectSecurityMechanism(ior);
    } catch (SecurityMechanismException sme) {
        throw new RuntimeException(sme.getMessage());
    }
    ctx.setIOR(ior);
    ctx.setMechanism(mechanism);
    TLS_SEC_TRANS ssl = null;
    if (mechanism != null) {
        ssl = getCtc().getSSLInformation(mechanism);
    }
    if (ssl == null) {
        if (isSslRequired()) {
            // Attempt to create SSL connection to host, ORBInitialPort
            IIOPProfileTemplate templ = (IIOPProfileTemplate) ior.getProfile().getTaggedProfileTemplate();
            IIOPAddress addr = templ.getPrimaryAddress();
            SocketInfo info = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector1", "SSL", addr.getHost(), orbHelper.getORBPort(orbHelper.getORB()));
            // SocketInfo[] sInfos = new SocketInfo[]{info};
            List<SocketInfo> sInfos = new ArrayList<SocketInfo>();
            sInfos.add(info);
            return sInfos;
        } else {
            return null;
        }
    }
    int targetRequires = ssl.target_requires;
    int targetSupports = ssl.target_supports;
    /*
         * If target requires any of Integrity, Confidentiality or EstablishTrustInClient, then SSL is used.
         */
    if (isSet(targetRequires, Integrity.value) || isSet(targetRequires, Confidentiality.value) || isSet(targetRequires, EstablishTrustInClient.value)) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Target requires SSL");
        }
        ctx.setSSLUsed(true);
        String type = "SSL";
        if (isSet(targetRequires, EstablishTrustInClient.value)) {
            type = "SSL_MUTUALAUTH";
            ctx.setSSLClientAuthenticationOccurred(true);
        }
        // SocketInfo[] socketInfos = new SocketInfo[ssl.addresses.size];
        List<SocketInfo> socketInfos = new ArrayList<SocketInfo>();
        for (int addressIndex = 0; addressIndex < ssl.addresses.length; addressIndex++) {
            short sslport = ssl.addresses[addressIndex].port;
            int ssl_port = Utility.shortToInt(sslport);
            String host_name = ssl.addresses[addressIndex].host_name;
            SocketInfo sInfo = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector2", type, host_name, ssl_port);
            socketInfos.add(sInfo);
        }
        return socketInfos;
    } else if (isSet(targetSupports, Integrity.value) || isSet(targetSupports, Confidentiality.value) || isSet(targetSupports, EstablishTrustInClient.value)) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Target supports SSL");
        }
        if (isSslRequired()) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Client is configured to require SSL for the target");
            }
            ctx.setSSLUsed(true);
            // SocketInfo[] socketInfos = new SocketInfo[ssl.addresses.size];
            List<SocketInfo> socketInfos = new ArrayList<SocketInfo>();
            for (int addressIndex = 0; addressIndex < ssl.addresses.length; addressIndex++) {
                short sslport = ssl.addresses[addressIndex].port;
                int ssl_port = Utility.shortToInt(sslport);
                String host_name = ssl.addresses[addressIndex].host_name;
                SocketInfo sInfo = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector3", "SSL", host_name, ssl_port);
                socketInfos.add(sInfo);
            }
            return socketInfos;
        } else {
            return null;
        }
    } else if (isSslRequired()) {
        throw new RuntimeException("SSL required by client but not supported by server.");
    } else {
        return null;
    }
}
Also used : IIOPAddress(com.sun.corba.ee.spi.ior.iiop.IIOPAddress) SocketInfo(com.sun.corba.ee.spi.transport.SocketInfo) ArrayList(java.util.ArrayList) IIOPProfileTemplate(com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate) List(java.util.List) ArrayList(java.util.ArrayList)

Example 4 with IIOPProfileTemplate

use of com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate in project Payara by payara.

the class SecurityMechanismSelector method getSSLPort.

/**
 * This method determines if SSL should be used to connect to the target based on client and target
 * policies. It will return null if SSL should not be used or an SocketInfo containing the SSL port
 * if SSL should be used.
 */
public SocketInfo getSSLPort(IOR ior, ConnectionContext ctx) {
    SocketInfo info = null;
    CompoundSecMech mechanism = null;
    try {
        mechanism = selectSecurityMechanism(ior);
    } catch (SecurityMechanismException sme) {
        throw new RuntimeException(sme.getMessage());
    }
    ctx.setIOR(ior);
    ctx.setMechanism(mechanism);
    TLS_SEC_TRANS ssl = null;
    if (mechanism != null) {
        ssl = getCtc().getSSLInformation(mechanism);
    }
    if (ssl == null) {
        if (isSslRequired()) {
            // Attempt to create SSL connection to host, ORBInitialPort
            IIOPProfileTemplate templ = (IIOPProfileTemplate) ior.getProfile().getTaggedProfileTemplate();
            IIOPAddress addr = templ.getPrimaryAddress();
            info = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector1", "SSL", addr.getHost(), orbHelper.getORBPort(orbHelper.getORB()));
            return info;
        } else {
            return null;
        }
    }
    int targetRequires = ssl.target_requires;
    int targetSupports = ssl.target_supports;
    /*
         * If target requires any of Integrity, Confidentiality or EstablishTrustInClient, then SSL is used.
         */
    if (isSet(targetRequires, Integrity.value) || isSet(targetRequires, Confidentiality.value) || isSet(targetRequires, EstablishTrustInClient.value)) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Target requires SSL");
        }
        ctx.setSSLUsed(true);
        String type = "SSL";
        if (isSet(targetRequires, EstablishTrustInClient.value)) {
            type = "SSL_MUTUALAUTH";
            ctx.setSSLClientAuthenticationOccurred(true);
        }
        short sslport = ssl.addresses[0].port;
        int ssl_port = Utility.shortToInt(sslport);
        String host_name = ssl.addresses[0].host_name;
        info = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector2", type, host_name, ssl_port);
        return info;
    } else if (isSet(targetSupports, Integrity.value) || isSet(targetSupports, Confidentiality.value) || isSet(targetSupports, EstablishTrustInClient.value)) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Target supports SSL");
        }
        if (isSslRequired()) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Client is configured to require SSL for the target");
            }
            ctx.setSSLUsed(true);
            short sslport = ssl.addresses[0].port;
            String host_name = ssl.addresses[0].host_name;
            int ssl_port = Utility.shortToInt(sslport);
            info = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector3", "SSL", host_name, ssl_port);
            return info;
        } else {
            return null;
        }
    } else if (isSslRequired()) {
        throw new RuntimeException("SSL required by client but not supported by server.");
    } else {
        return null;
    }
}
Also used : IIOPAddress(com.sun.corba.ee.spi.ior.iiop.IIOPAddress) SocketInfo(com.sun.corba.ee.spi.transport.SocketInfo) IIOPProfileTemplate(com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate)

Aggregations

IIOPProfileTemplate (com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate)4 IIOPAddress (com.sun.corba.ee.spi.ior.iiop.IIOPAddress)3 SocketInfo (com.sun.corba.ee.spi.transport.SocketInfo)3 ArrayList (java.util.ArrayList)2 List (java.util.List)2 CDRInputObject (com.sun.corba.ee.impl.encoding.CDRInputObject)1 EncapsInputStream (com.sun.corba.ee.impl.encoding.EncapsInputStream)1 CompoundSecMech (com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)1 CompoundSecMechList (com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechList)1 TaggedComponent (com.sun.corba.ee.spi.ior.TaggedComponent)1 AlternateIIOPAddressComponent (com.sun.corba.ee.spi.ior.iiop.AlternateIIOPAddressComponent)1 IIOPProfile (com.sun.corba.ee.spi.ior.iiop.IIOPProfile)1 IORToSocketInfo (com.sun.corba.ee.spi.transport.IORToSocketInfo)1 Iterator (java.util.Iterator)1 Locale (java.util.Locale)1