use of org.jboss.metadata.ejb.jboss.IORSASContextMetaData in project wildfly by wildfly.
the class CSIv2Util method createSecureAttributeServiceContext.
/**
* <p>
* Create the Secure Attribute Service (SAS) context included in a {@code CompoundSecMech} definition.
* </p>
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @return the constructed {@code SAS_ContextSec} instance.
*/
public static SAS_ContextSec createSecureAttributeServiceContext(IORSecurityConfigMetaData metadata) {
SAS_ContextSec context;
// context contains target_supports, target_requires, privilige_authorities, supported_naming_mechanisms, supported_identity_types.
int support = 0;
int require = 0;
ServiceConfiguration[] privilAuth = new ServiceConfiguration[0];
byte[][] supNamMechs = {};
// 0 means ITTAbsent
int supIdenTypes = 0;
// the the SasContext metadata.
IORSASContextMetaData sasMeta = metadata.getSasContext();
// if no SAS context metadata, or caller propagation is not supported, we return with a more or less empty sas context.
if (sasMeta == null || sasMeta.getCallerPropagation().equals(IORSASContextMetaData.CALLER_PROPAGATION_NONE)) {
context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes);
} else {
support = IdentityAssertion.value;
// supporting GSSUP (username/password) naming mechanism.
byte[] upMech = createGSSUPMechOID();
supNamMechs = new byte[1][upMech.length];
System.arraycopy(upMech, 0, supNamMechs[0], 0, upMech.length);
// since we support IdentityAssertion we need to specify supported identity types. CTS says we need them all
supIdenTypes = ITTAnonymous.value | ITTPrincipalName.value | ITTX509CertChain.value | ITTDistinguishedName.value;
context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes);
}
return context;
}
use of org.jboss.metadata.ejb.jboss.IORSASContextMetaData in project wildfly by wildfly.
the class IIOPSubsystemAdd method createIORSecurityConfigMetaData.
private IORSecurityConfigMetaData createIORSecurityConfigMetaData(final OperationContext context, final ModelNode resourceModel, final boolean sslConfigured) throws OperationFailedException {
final IORSecurityConfigMetaData securityConfigMetaData = new IORSecurityConfigMetaData();
final IORSASContextMetaData sasContextMetaData = new IORSASContextMetaData();
sasContextMetaData.setCallerPropagation(IIOPRootDefinition.CALLER_PROPAGATION.resolveModelAttribute(context, resourceModel).asString());
securityConfigMetaData.setSasContext(sasContextMetaData);
final IORASContextMetaData asContextMetaData = new IORASContextMetaData();
asContextMetaData.setAuthMethod(IIOPRootDefinition.AUTH_METHOD.resolveModelAttribute(context, resourceModel).asString());
if (resourceModel.hasDefined(IIOPRootDefinition.REALM.getName())) {
asContextMetaData.setRealm(IIOPRootDefinition.REALM.resolveModelAttribute(context, resourceModel).asString());
}
asContextMetaData.setRequired(IIOPRootDefinition.REQUIRED.resolveModelAttribute(context, resourceModel).asBoolean());
securityConfigMetaData.setAsContext(asContextMetaData);
final boolean serverRequiresSsl = IIOPRootDefinition.SERVER_REQUIRES_SSL.resolveModelAttribute(context, resourceModel).asBoolean();
final IORTransportConfigMetaData transportConfigMetaData = new IORTransportConfigMetaData();
final ModelNode integrityNode = IIOPRootDefinition.INTEGRITY.resolveModelAttribute(context, resourceModel);
if (integrityNode.isDefined()) {
transportConfigMetaData.setIntegrity(integrityNode.asString());
} else {
transportConfigMetaData.setIntegrity(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE);
}
final ModelNode confidentialityNode = IIOPRootDefinition.CONFIDENTIALITY.resolveModelAttribute(context, resourceModel);
if (confidentialityNode.isDefined()) {
transportConfigMetaData.setConfidentiality(confidentialityNode.asString());
} else {
transportConfigMetaData.setConfidentiality(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.IOR_NONE);
}
final ModelNode establishTrustInTargetNode = IIOPRootDefinition.TRUST_IN_TARGET.resolveModelAttribute(context, resourceModel);
if (establishTrustInTargetNode.isDefined()) {
transportConfigMetaData.setEstablishTrustInTarget(confidentialityNode.asString());
} else {
transportConfigMetaData.setEstablishTrustInTarget(sslConfigured ? Constants.IOR_SUPPORTED : Constants.NONE);
}
final ModelNode establishTrustInClientNode = IIOPRootDefinition.TRUST_IN_CLIENT.resolveModelAttribute(context, resourceModel);
if (establishTrustInClientNode.isDefined()) {
transportConfigMetaData.setEstablishTrustInClient(establishTrustInClientNode.asString());
} else {
transportConfigMetaData.setEstablishTrustInClient(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE);
}
transportConfigMetaData.setDetectMisordering(Constants.IOR_SUPPORTED);
transportConfigMetaData.setDetectReplay(Constants.IOR_SUPPORTED);
securityConfigMetaData.setTransportConfig(transportConfigMetaData);
return securityConfigMetaData;
}
use of org.jboss.metadata.ejb.jboss.IORSASContextMetaData in project wildfly by wildfly.
the class IORSASContextDefinition method getIORSASContextMetaData.
/**
* <p>
* Builds a {@code IORSASContextMetaData} using the specified {@code OperationContext} and {@code ModelNode}.
* </p>
*
* @param context a reference to the {@code OperationContext}.
* @param model a {@code ModelNode} containing the configured secure attribute service (SAS) metadata.
* @return the constructed {@code IORSASContextMetaData} or {@code null} if the specified model is undefined.
* @throws OperationFailedException if an error occurs while creating the transport metadata,
*/
protected IORSASContextMetaData getIORSASContextMetaData(final OperationContext context, final ModelNode model) throws OperationFailedException {
if (!model.isDefined())
return null;
IORSASContextMetaData metaData = new IORSASContextMetaData();
metaData.setCallerPropagation(CALLER_PROPAGATION.resolveModelAttribute(context, model).asString());
return metaData;
}
Aggregations