Example 1 with IORASContextMetaData
use of org.jboss.metadata.ejb.jboss.IORASContextMetaData in project wildfly by wildfly.
the class IIOPSubsystemAdd method createIORSecurityConfigMetaData.
private IORSecurityConfigMetaData createIORSecurityConfigMetaData(final OperationContext context, final ModelNode resourceModel, final boolean sslConfigured, final boolean serverRequiresSsl) throws OperationFailedException {
final IORSecurityConfigMetaData securityConfigMetaData = new IORSecurityConfigMetaData();
final IORSASContextMetaData sasContextMetaData = new IORSASContextMetaData();
sasContextMetaData.setCallerPropagation(IIOPRootDefinition.CALLER_PROPAGATION.resolveModelAttribute(context, resourceModel).asString());
securityConfigMetaData.setSasContext(sasContextMetaData);
final IORASContextMetaData asContextMetaData = new IORASContextMetaData();
asContextMetaData.setAuthMethod(IIOPRootDefinition.AUTH_METHOD.resolveModelAttribute(context, resourceModel).asString());
if (resourceModel.hasDefined(IIOPRootDefinition.REALM.getName())) {
asContextMetaData.setRealm(IIOPRootDefinition.REALM.resolveModelAttribute(context, resourceModel).asString());
}
asContextMetaData.setRequired(IIOPRootDefinition.REQUIRED.resolveModelAttribute(context, resourceModel).asBoolean());
securityConfigMetaData.setAsContext(asContextMetaData);
final IORTransportConfigMetaData transportConfigMetaData = new IORTransportConfigMetaData();
final ModelNode integrityNode = IIOPRootDefinition.INTEGRITY.resolveModelAttribute(context, resourceModel);
if (integrityNode.isDefined()) {
transportConfigMetaData.setIntegrity(integrityNode.asString());
} else {
transportConfigMetaData.setIntegrity(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE);
}
final ModelNode confidentialityNode = IIOPRootDefinition.CONFIDENTIALITY.resolveModelAttribute(context, resourceModel);
if (confidentialityNode.isDefined()) {
transportConfigMetaData.setConfidentiality(confidentialityNode.asString());
} else {
transportConfigMetaData.setConfidentiality(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.IOR_NONE);
}
final ModelNode establishTrustInTargetNode = IIOPRootDefinition.TRUST_IN_TARGET.resolveModelAttribute(context, resourceModel);
if (establishTrustInTargetNode.isDefined()) {
transportConfigMetaData.setEstablishTrustInTarget(confidentialityNode.asString());
} else {
transportConfigMetaData.setEstablishTrustInTarget(sslConfigured ? Constants.IOR_SUPPORTED : Constants.NONE);
}
final ModelNode establishTrustInClientNode = IIOPRootDefinition.TRUST_IN_CLIENT.resolveModelAttribute(context, resourceModel);
if (establishTrustInClientNode.isDefined()) {
transportConfigMetaData.setEstablishTrustInClient(establishTrustInClientNode.asString());
} else {
transportConfigMetaData.setEstablishTrustInClient(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE);
}
transportConfigMetaData.setDetectMisordering(Constants.IOR_SUPPORTED);
transportConfigMetaData.setDetectReplay(Constants.IOR_SUPPORTED);
securityConfigMetaData.setTransportConfig(transportConfigMetaData);
return securityConfigMetaData;
}
Also used :
IORSecurityConfigMetaData(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData)
IORSASContextMetaData(org.jboss.metadata.ejb.jboss.IORSASContextMetaData)
IORASContextMetaData(org.jboss.metadata.ejb.jboss.IORASContextMetaData)
IORTransportConfigMetaData(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData)
ModelNode(org.jboss.dmr.ModelNode)
Example 2 with IORASContextMetaData
use of org.jboss.metadata.ejb.jboss.IORASContextMetaData in project wildfly by wildfly.
the class CSIv2Util method createAuthenticationServiceContext.
/**
* <p>
* Create the client Authentication Service (AS) context included in a {@code CompoundSecMech} definition.
* </p>
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @return the constructed {@code AS_ContextSec} instance.
*/
public static AS_ContextSec createAuthenticationServiceContext(IORSecurityConfigMetaData metadata) {
AS_ContextSec context;
// the content of the context.
int support = 0;
int require = 0;
byte[] clientAuthMech = {};
byte[] targetName = {};
IORASContextMetaData asMeta = metadata.getAsContext();
// if no AS context metatada exists, or authentication method "none" is specified, we can produce an empty AS context.
if (asMeta == null || asMeta.getAuthMethod().equals(IORASContextMetaData.AUTH_METHOD_NONE)) {
context = new AS_ContextSec((short) support, (short) require, clientAuthMech, targetName);
} else {
// we do support.
support = EstablishTrustInClient.value;
// required depends on the metadata.
if (asMeta.isRequired()) {
require = EstablishTrustInClient.value;
}
// we only support GSSUP authentication method.
clientAuthMech = createGSSUPMechOID();
// finally, encode the "realm" name as a CSI.GSS_NT_ExportedName.
// clientAuthMech should contain the DER encoded GSSUPMechOID at this point.
String realm = asMeta.getRealm();
targetName = createGSSExportedName(clientAuthMech, realm.getBytes(StandardCharsets.UTF_8));
context = new AS_ContextSec((short) support, (short) require, clientAuthMech, targetName);
}
return context;
}
Also used :
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
AS_ContextSec(org.omg.CSIIOP.AS_ContextSec)
IORASContextMetaData(org.jboss.metadata.ejb.jboss.IORASContextMetaData)
Example 3 with IORASContextMetaData
use of org.jboss.metadata.ejb.jboss.IORASContextMetaData in project wildfly by wildfly.
the class IORASContextDefinition method getIORASContextMetaData.
/**
* <p>
* Builds a {@code IORASContextMetaData} using the specified {@code OperationContext} and {@code ModelNode}.
* </p>
*
* @param context a reference to the {@code OperationContext}.
* @param model a {@code ModelNode} containing the configured authentication service (AS) metadata.
* @return the constructed {@code IORASContextMetaData} or {@code null} if the specified model is undefined.
* @throws OperationFailedException if an error occurs while creating the transport metadata,
*/
protected IORASContextMetaData getIORASContextMetaData(final OperationContext context, final ModelNode model) throws OperationFailedException {
if (!model.isDefined())
return null;
IORASContextMetaData metaData = new IORASContextMetaData();
metaData.setAuthMethod(AUTH_METHOD.resolveModelAttribute(context, model).asString());
if (model.hasDefined(REALM.getName())) {
metaData.setRealm(REALM.resolveModelAttribute(context, model).asString());
}
metaData.setRequired(REQUIRED.resolveModelAttribute(context, model).asBoolean());
return metaData;
}
Also used :
IORASContextMetaData(org.jboss.metadata.ejb.jboss.IORASContextMetaData)
Aggregations
IORASContextMetaData (org.jboss.metadata.ejb.jboss.IORASContextMetaData)3
ModelNode (org.jboss.dmr.ModelNode)1
IORSASContextMetaData (org.jboss.metadata.ejb.jboss.IORSASContextMetaData)1
IORSecurityConfigMetaData (org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData)1
IORTransportConfigMetaData (org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData)1
AS_ContextSec (org.omg.CSIIOP.AS_ContextSec)1
SAS_ContextSec (org.omg.CSIIOP.SAS_ContextSec)1
