use of com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate in project Payara by payara.
the class IORToSocketInfoImpl method getSocketInfo.
@Override
public List getSocketInfo(IOR ior, List previous) {
try {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo->:");
}
List result = new ArrayList();
IIOPProfileTemplate iiopProfileTemplate = (IIOPProfileTemplate) ior.getProfile().getTaggedProfileTemplate();
IIOPAddress primary = iiopProfileTemplate.getPrimaryAddress();
Locale loc = Locale.getDefault();
String host = primary.getHost().toLowerCase(loc);
String type = null;
int port = 0;
ConnectionContext ctx = new ConnectionContext();
SocketInfo socketInfo = selector.getSSLPort(ior, ctx);
selector.setClientConnectionContext(ctx);
if (socketInfo == null) {
type = SocketInfo.IIOP_CLEAR_TEXT;
port = primary.getPort();
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: did not find SSL SocketInfo");
}
} else {
type = socketInfo.getType();
port = socketInfo.getPort();
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: found SSL socketInfo");
}
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: Connection Context:" + ctx);
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: ENDPOINT INFO:type=" + type + ",host=" + host + ", port=" + port);
}
// for SSL
if (socketInfo != null) {
result.add(socketInfo);
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: returning SSL socketInfo:" + " " + socketInfo.getType() + " " + socketInfo.getHost() + " " + socketInfo.getPort());
}
// However, SSL and IIOP-FO is not a supported feature.
return result;
}
// for non-SSL
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: returning non SSL socketInfo");
}
if (!previous.isEmpty()) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: returning previous socketInfo: " + previous);
}
return previous;
}
//
// Save and add primary address
//
SocketInfo primarySocketInfo = createSocketInfo("primary", type, host, port);
result.add(primarySocketInfo);
//
// List alternate addresses.
//
Iterator iterator = iiopProfileTemplate.iteratorById(org.omg.IOP.TAG_ALTERNATE_IIOP_ADDRESS.value);
while (iterator.hasNext()) {
AlternateIIOPAddressComponent alternate = (AlternateIIOPAddressComponent) iterator.next();
host = alternate.getAddress().getHost().toLowerCase(loc);
port = alternate.getAddress().getPort();
result.add(createSocketInfo("AlternateIIOPAddressComponent", SocketInfo.IIOP_CLEAR_TEXT, host, port));
}
synchronized (this) {
List existing = (List) primaryToAddresses.get(primarySocketInfo);
if (existing == null) {
// First time we've seen this primary.
// Save unrandomized list with primary at head.
primaryToAddresses.put(primarySocketInfo, result);
// do not randomize primary
result.remove(0);
// Randomized the alternates.
java.util.Collections.shuffle(result);
// put primary at head
result.add(0, primarySocketInfo);
// Save for subsequent use.
primaryToRandomizedAddresses.put(primarySocketInfo, result);
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: initial randomized result: " + result);
}
return result;
} else {
if (result.equals(existing)) {
// The are the same so return the randomized version.
result = (List) primaryToRandomizedAddresses.get(primarySocketInfo);
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo: existing randomized result: " + result);
}
return result;
} else {
// The lists should be the same.
// If not log a warning and return the
// non-randomized current list since it is different.
_logger.log(Level.FINE, baseMsg + ".getSocketInfo:" + " Address lists do not match: primary: " + primarySocketInfo + "; returning current: " + result + "; existing is: " + existing);
return result;
}
}
}
} catch (Exception ex) {
_logger.log(Level.WARNING, "Exception getting SocketInfo", ex);
RuntimeException rte = new RuntimeException(ex);
rte.initCause(ex);
throw rte;
} finally {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, baseMsg + ".getSocketInfo<-:");
}
}
}
use of com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate in project Payara by payara.
the class CSIV2TaggedComponentInfo method getSecurityMechanisms.
/**
* Get the Compound security mechanism list from the given IOR.
*
* @param the IOR.
* @return the array of compound security mechanisms.
*/
public CompoundSecMech[] getSecurityMechanisms(IOR ior) {
IIOPProfile prof = ior.getProfile();
IIOPProfileTemplate ptemp = (IIOPProfileTemplate) prof.getTaggedProfileTemplate();
Iterator<TaggedComponent> itr = ptemp.iteratorById(TAG_CSI_SEC_MECH_LIST.value);
if (!itr.hasNext()) {
if (logger.isLoggable(FINE)) {
logger.log(FINE, "IIOP:TAG_CSI_SEC_MECH_LIST tagged component not found");
}
return null;
}
TaggedComponent tcomp = itr.next();
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Component:" + tcomp);
}
if (itr.hasNext()) {
String msg = "More than one TAG_CSI_SEC_MECH_LIST tagged " + "component found ";
logger.log(Level.SEVERE, "iiop.many_tagged_component");
throw new RuntimeException(msg);
}
org.omg.IOP.TaggedComponent comp = tcomp.getIOPComponent(orb);
byte[] b = comp.component_data;
CDRInputObject in = new EncapsInputStream(orb, b, b.length);
in.consumeEndian();
CompoundSecMechList l = CompoundSecMechListHelper.read(in);
CompoundSecMech[] list = l.mechanism_list;
return list;
}
use of com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate in project Payara by payara.
the class SecurityMechanismSelector method getSSLPorts.
public java.util.List<SocketInfo> getSSLPorts(IOR ior, ConnectionContext ctx) {
CompoundSecMech mechanism = null;
try {
mechanism = selectSecurityMechanism(ior);
} catch (SecurityMechanismException sme) {
throw new RuntimeException(sme.getMessage());
}
ctx.setIOR(ior);
ctx.setMechanism(mechanism);
TLS_SEC_TRANS ssl = null;
if (mechanism != null) {
ssl = getCtc().getSSLInformation(mechanism);
}
if (ssl == null) {
if (isSslRequired()) {
// Attempt to create SSL connection to host, ORBInitialPort
IIOPProfileTemplate templ = (IIOPProfileTemplate) ior.getProfile().getTaggedProfileTemplate();
IIOPAddress addr = templ.getPrimaryAddress();
SocketInfo info = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector1", "SSL", addr.getHost(), orbHelper.getORBPort(orbHelper.getORB()));
// SocketInfo[] sInfos = new SocketInfo[]{info};
List<SocketInfo> sInfos = new ArrayList<SocketInfo>();
sInfos.add(info);
return sInfos;
} else {
return null;
}
}
int targetRequires = ssl.target_requires;
int targetSupports = ssl.target_supports;
/*
* If target requires any of Integrity, Confidentiality or EstablishTrustInClient, then SSL is used.
*/
if (isSet(targetRequires, Integrity.value) || isSet(targetRequires, Confidentiality.value) || isSet(targetRequires, EstablishTrustInClient.value)) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Target requires SSL");
}
ctx.setSSLUsed(true);
String type = "SSL";
if (isSet(targetRequires, EstablishTrustInClient.value)) {
type = "SSL_MUTUALAUTH";
ctx.setSSLClientAuthenticationOccurred(true);
}
// SocketInfo[] socketInfos = new SocketInfo[ssl.addresses.size];
List<SocketInfo> socketInfos = new ArrayList<SocketInfo>();
for (int addressIndex = 0; addressIndex < ssl.addresses.length; addressIndex++) {
short sslport = ssl.addresses[addressIndex].port;
int ssl_port = Utility.shortToInt(sslport);
String host_name = ssl.addresses[addressIndex].host_name;
SocketInfo sInfo = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector2", type, host_name, ssl_port);
socketInfos.add(sInfo);
}
return socketInfos;
} else if (isSet(targetSupports, Integrity.value) || isSet(targetSupports, Confidentiality.value) || isSet(targetSupports, EstablishTrustInClient.value)) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Target supports SSL");
}
if (isSslRequired()) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Client is configured to require SSL for the target");
}
ctx.setSSLUsed(true);
// SocketInfo[] socketInfos = new SocketInfo[ssl.addresses.size];
List<SocketInfo> socketInfos = new ArrayList<SocketInfo>();
for (int addressIndex = 0; addressIndex < ssl.addresses.length; addressIndex++) {
short sslport = ssl.addresses[addressIndex].port;
int ssl_port = Utility.shortToInt(sslport);
String host_name = ssl.addresses[addressIndex].host_name;
SocketInfo sInfo = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector3", "SSL", host_name, ssl_port);
socketInfos.add(sInfo);
}
return socketInfos;
} else {
return null;
}
} else if (isSslRequired()) {
throw new RuntimeException("SSL required by client but not supported by server.");
} else {
return null;
}
}
use of com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate in project Payara by payara.
the class SecurityMechanismSelector method getSSLPort.
/**
* This method determines if SSL should be used to connect to the target based on client and target
* policies. It will return null if SSL should not be used or an SocketInfo containing the SSL port
* if SSL should be used.
*/
public SocketInfo getSSLPort(IOR ior, ConnectionContext ctx) {
SocketInfo info = null;
CompoundSecMech mechanism = null;
try {
mechanism = selectSecurityMechanism(ior);
} catch (SecurityMechanismException sme) {
throw new RuntimeException(sme.getMessage());
}
ctx.setIOR(ior);
ctx.setMechanism(mechanism);
TLS_SEC_TRANS ssl = null;
if (mechanism != null) {
ssl = getCtc().getSSLInformation(mechanism);
}
if (ssl == null) {
if (isSslRequired()) {
// Attempt to create SSL connection to host, ORBInitialPort
IIOPProfileTemplate templ = (IIOPProfileTemplate) ior.getProfile().getTaggedProfileTemplate();
IIOPAddress addr = templ.getPrimaryAddress();
info = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector1", "SSL", addr.getHost(), orbHelper.getORBPort(orbHelper.getORB()));
return info;
} else {
return null;
}
}
int targetRequires = ssl.target_requires;
int targetSupports = ssl.target_supports;
/*
* If target requires any of Integrity, Confidentiality or EstablishTrustInClient, then SSL is used.
*/
if (isSet(targetRequires, Integrity.value) || isSet(targetRequires, Confidentiality.value) || isSet(targetRequires, EstablishTrustInClient.value)) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Target requires SSL");
}
ctx.setSSLUsed(true);
String type = "SSL";
if (isSet(targetRequires, EstablishTrustInClient.value)) {
type = "SSL_MUTUALAUTH";
ctx.setSSLClientAuthenticationOccurred(true);
}
short sslport = ssl.addresses[0].port;
int ssl_port = Utility.shortToInt(sslport);
String host_name = ssl.addresses[0].host_name;
info = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector2", type, host_name, ssl_port);
return info;
} else if (isSet(targetSupports, Integrity.value) || isSet(targetSupports, Confidentiality.value) || isSet(targetSupports, EstablishTrustInClient.value)) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Target supports SSL");
}
if (isSslRequired()) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Client is configured to require SSL for the target");
}
ctx.setSSLUsed(true);
short sslport = ssl.addresses[0].port;
String host_name = ssl.addresses[0].host_name;
int ssl_port = Utility.shortToInt(sslport);
info = IORToSocketInfoImpl.createSocketInfo("SecurityMechanismSelector3", "SSL", host_name, ssl_port);
return info;
} else {
return null;
}
} else if (isSslRequired()) {
throw new RuntimeException("SSL required by client but not supported by server.");
} else {
return null;
}
}
Aggregations