Search in sources :

Example 1 with IORSASContextMetaData

use of org.jboss.metadata.ejb.jboss.IORSASContextMetaData in project wildfly by wildfly.

the class CSIv2Util method createSecureAttributeServiceContext.

/**
     * <p>
     * Create the Secure Attribute Service (SAS) context included in a {@code CompoundSecMech} definition.
     * </p>
     *
     * @param metadata the metadata object that contains the CSIv2 security configuration info.
     * @return the constructed {@code SAS_ContextSec} instance.
     */
public static SAS_ContextSec createSecureAttributeServiceContext(IORSecurityConfigMetaData metadata) {
    SAS_ContextSec context;
    // context contains target_supports, target_requires, privilige_authorities, supported_naming_mechanisms, supported_identity_types.
    int support = 0;
    int require = 0;
    ServiceConfiguration[] privilAuth = new ServiceConfiguration[0];
    byte[][] supNamMechs = {};
    // 0 means ITTAbsent
    int supIdenTypes = 0;
    // the the SasContext metadata.
    IORSASContextMetaData sasMeta = metadata.getSasContext();
    // if no SAS context metadata, or caller propagation is not supported, we return with a more or less empty sas context.
    if (sasMeta == null || sasMeta.getCallerPropagation().equals(IORSASContextMetaData.CALLER_PROPAGATION_NONE)) {
        context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes);
    } else {
        support = IdentityAssertion.value;
        // supporting GSSUP (username/password) naming mechanism.
        byte[] upMech = createGSSUPMechOID();
        supNamMechs = new byte[1][upMech.length];
        System.arraycopy(upMech, 0, supNamMechs[0], 0, upMech.length);
        // since we support IdentityAssertion we need to specify supported identity types. CTS says we need them all
        supIdenTypes = ITTAnonymous.value | ITTPrincipalName.value | ITTX509CertChain.value | ITTDistinguishedName.value;
        context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes);
    }
    return context;
}
Also used : ServiceConfiguration(org.omg.CSIIOP.ServiceConfiguration) IORSASContextMetaData(org.jboss.metadata.ejb.jboss.IORSASContextMetaData) SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)

Example 2 with IORSASContextMetaData

use of org.jboss.metadata.ejb.jboss.IORSASContextMetaData in project wildfly by wildfly.

the class IIOPSubsystemAdd method createIORSecurityConfigMetaData.

private IORSecurityConfigMetaData createIORSecurityConfigMetaData(final OperationContext context, final ModelNode resourceModel, final boolean sslConfigured) throws OperationFailedException {
    final IORSecurityConfigMetaData securityConfigMetaData = new IORSecurityConfigMetaData();
    final IORSASContextMetaData sasContextMetaData = new IORSASContextMetaData();
    sasContextMetaData.setCallerPropagation(IIOPRootDefinition.CALLER_PROPAGATION.resolveModelAttribute(context, resourceModel).asString());
    securityConfigMetaData.setSasContext(sasContextMetaData);
    final IORASContextMetaData asContextMetaData = new IORASContextMetaData();
    asContextMetaData.setAuthMethod(IIOPRootDefinition.AUTH_METHOD.resolveModelAttribute(context, resourceModel).asString());
    if (resourceModel.hasDefined(IIOPRootDefinition.REALM.getName())) {
        asContextMetaData.setRealm(IIOPRootDefinition.REALM.resolveModelAttribute(context, resourceModel).asString());
    }
    asContextMetaData.setRequired(IIOPRootDefinition.REQUIRED.resolveModelAttribute(context, resourceModel).asBoolean());
    securityConfigMetaData.setAsContext(asContextMetaData);
    final boolean serverRequiresSsl = IIOPRootDefinition.SERVER_REQUIRES_SSL.resolveModelAttribute(context, resourceModel).asBoolean();
    final IORTransportConfigMetaData transportConfigMetaData = new IORTransportConfigMetaData();
    final ModelNode integrityNode = IIOPRootDefinition.INTEGRITY.resolveModelAttribute(context, resourceModel);
    if (integrityNode.isDefined()) {
        transportConfigMetaData.setIntegrity(integrityNode.asString());
    } else {
        transportConfigMetaData.setIntegrity(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE);
    }
    final ModelNode confidentialityNode = IIOPRootDefinition.CONFIDENTIALITY.resolveModelAttribute(context, resourceModel);
    if (confidentialityNode.isDefined()) {
        transportConfigMetaData.setConfidentiality(confidentialityNode.asString());
    } else {
        transportConfigMetaData.setConfidentiality(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.IOR_NONE);
    }
    final ModelNode establishTrustInTargetNode = IIOPRootDefinition.TRUST_IN_TARGET.resolveModelAttribute(context, resourceModel);
    if (establishTrustInTargetNode.isDefined()) {
        transportConfigMetaData.setEstablishTrustInTarget(confidentialityNode.asString());
    } else {
        transportConfigMetaData.setEstablishTrustInTarget(sslConfigured ? Constants.IOR_SUPPORTED : Constants.NONE);
    }
    final ModelNode establishTrustInClientNode = IIOPRootDefinition.TRUST_IN_CLIENT.resolveModelAttribute(context, resourceModel);
    if (establishTrustInClientNode.isDefined()) {
        transportConfigMetaData.setEstablishTrustInClient(establishTrustInClientNode.asString());
    } else {
        transportConfigMetaData.setEstablishTrustInClient(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE);
    }
    transportConfigMetaData.setDetectMisordering(Constants.IOR_SUPPORTED);
    transportConfigMetaData.setDetectReplay(Constants.IOR_SUPPORTED);
    securityConfigMetaData.setTransportConfig(transportConfigMetaData);
    return securityConfigMetaData;
}
Also used : IORSecurityConfigMetaData(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData) IORSASContextMetaData(org.jboss.metadata.ejb.jboss.IORSASContextMetaData) IORASContextMetaData(org.jboss.metadata.ejb.jboss.IORASContextMetaData) IORTransportConfigMetaData(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData) ModelNode(org.jboss.dmr.ModelNode)

Example 3 with IORSASContextMetaData

use of org.jboss.metadata.ejb.jboss.IORSASContextMetaData in project wildfly by wildfly.

the class IORSASContextDefinition method getIORSASContextMetaData.

/**
     * <p>
     * Builds a {@code IORSASContextMetaData} using the specified {@code OperationContext} and {@code ModelNode}.
     * </p>
     *
     * @param context a reference to the {@code OperationContext}.
     * @param model a {@code ModelNode} containing the configured secure attribute service (SAS) metadata.
     * @return the constructed {@code IORSASContextMetaData} or {@code null} if the specified model is undefined.
     * @throws OperationFailedException if an error occurs while creating the transport metadata,
     */
protected IORSASContextMetaData getIORSASContextMetaData(final OperationContext context, final ModelNode model) throws OperationFailedException {
    if (!model.isDefined())
        return null;
    IORSASContextMetaData metaData = new IORSASContextMetaData();
    metaData.setCallerPropagation(CALLER_PROPAGATION.resolveModelAttribute(context, model).asString());
    return metaData;
}
Also used : IORSASContextMetaData(org.jboss.metadata.ejb.jboss.IORSASContextMetaData)

Aggregations

IORSASContextMetaData (org.jboss.metadata.ejb.jboss.IORSASContextMetaData)3 ModelNode (org.jboss.dmr.ModelNode)1 IORASContextMetaData (org.jboss.metadata.ejb.jboss.IORASContextMetaData)1 IORSecurityConfigMetaData (org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData)1 IORTransportConfigMetaData (org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData)1 SAS_ContextSec (org.omg.CSIIOP.SAS_ContextSec)1 ServiceConfiguration (org.omg.CSIIOP.ServiceConfiguration)1