use of org.omg.CSIIOP.AS_ContextSec in project wildfly by wildfly.
the class CSIv2Util method toString.
/**
* <p>
* Generate a string representation of the {@code CompoundSecMech}.
* </p>
*
* @param securityMech the {@code CompoundSecMech} to create the string for.
* @param builder the buffer to write to.
*/
public static void toString(CompoundSecMech securityMech, StringBuilder builder) {
AS_ContextSec asMech = securityMech != null ? securityMech.as_context_mech : null;
SAS_ContextSec sasMech = securityMech != null ? securityMech.sas_context_mech : null;
if (securityMech != null) {
builder.append("CompoundSecMech[");
builder.append("target_requires: ");
builder.append(securityMech.target_requires);
if (asMech != null) {
builder.append("AS_ContextSec[");
builder.append("client_authentication_mech: ");
builder.append(new String(asMech.client_authentication_mech, StandardCharsets.UTF_8));
builder.append(", target_name: ");
builder.append(new String(asMech.target_name, StandardCharsets.UTF_8));
builder.append(", target_requires: ");
builder.append(asMech.target_requires);
builder.append(", target_supports: ");
builder.append(asMech.target_supports);
builder.append("]");
}
if (sasMech != null) {
builder.append("SAS_ContextSec[");
builder.append("supported_identity_types: ");
builder.append(sasMech.supported_identity_types);
builder.append(", target_requires: ");
builder.append(sasMech.target_requires);
builder.append(", target_supports: ");
builder.append(sasMech.target_supports);
builder.append("]");
}
builder.append("]");
}
}
use of org.omg.CSIIOP.AS_ContextSec in project wildfly by wildfly.
the class CSIv2Util method createAuthenticationServiceContext.
/**
* <p>
* Create the client Authentication Service (AS) context included in a {@code CompoundSecMech} definition.
* </p>
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @return the constructed {@code AS_ContextSec} instance.
*/
public static AS_ContextSec createAuthenticationServiceContext(IORSecurityConfigMetaData metadata) {
AS_ContextSec context;
// the content of the context.
int support = 0;
int require = 0;
byte[] clientAuthMech = {};
byte[] targetName = {};
IORASContextMetaData asMeta = metadata.getAsContext();
// if no AS context metatada exists, or authentication method "none" is specified, we can produce an empty AS context.
if (asMeta == null || asMeta.getAuthMethod().equals(IORASContextMetaData.AUTH_METHOD_NONE)) {
context = new AS_ContextSec((short) support, (short) require, clientAuthMech, targetName);
} else {
// we do support.
support = EstablishTrustInClient.value;
// required depends on the metadata.
if (asMeta.isRequired()) {
require = EstablishTrustInClient.value;
}
// we only support GSSUP authentication method.
clientAuthMech = createGSSUPMechOID();
// finally, encode the "realm" name as a CSI.GSS_NT_ExportedName.
// clientAuthMech should contain the DER encoded GSSUPMechOID at this point.
String realm = asMeta.getRealm();
targetName = createGSSExportedName(clientAuthMech, realm.getBytes(StandardCharsets.UTF_8));
context = new AS_ContextSec((short) support, (short) require, clientAuthMech, targetName);
}
return context;
}
use of org.omg.CSIIOP.AS_ContextSec in project wildfly by wildfly.
the class CSIv2Util method createCompoundSecMechanisms.
/**
* <p>
* Create a {@code org.omg.CSIIOP.CompoundSecMechanisms} which is a sequence of {@code CompoundSecMech}. Here we only
* support one security mechanism.
* </p>
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @param codec the {@code Codec} used to encode the CSIv2 security component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code CompoundSecMech} array.
*/
public static CompoundSecMech[] createCompoundSecMechanisms(IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) {
// support just 1 security mechanism for now (and ever).
CompoundSecMech[] csmList = new CompoundSecMech[1];
// a CompoundSecMech contains: target_requires, transport_mech, as_context_mech, sas_context_mech.
TaggedComponent transport_mech = createTransportMech(metadata.getTransportConfig(), codec, sslPort, orb);
// create AS Context.
AS_ContextSec asContext = createAuthenticationServiceContext(metadata);
// create SAS Context.
SAS_ContextSec sasContext = createSecureAttributeServiceContext(metadata);
// create target_requires bit field (AssociationOption) can't read directly the transport_mech TaggedComponent.
int target_requires = createTargetRequires(metadata.getTransportConfig()) | asContext.target_requires | sasContext.target_requires;
CompoundSecMech csm = new CompoundSecMech((short) target_requires, transport_mech, asContext, sasContext);
csmList[0] = csm;
return csmList;
}
use of org.omg.CSIIOP.AS_ContextSec in project wildfly by wildfly.
the class CSIv2Util method getMatchingSecurityMech.
/**
* <p>
* Helper method to be called from a client request interceptor. The {@code ri} parameter refers to the current
* request. This method returns the first {@code CompoundSecMech} found in the target IOR such that
* <ul>
* <li>all {@code CompoundSecMech} requirements are satisfied by the options in the {@code clientSupports}
* parameter, and</li>
* <li>every requirement in the {@code clientRequires} parameter is satisfied by the {@code CompoundSecMech}.
* </li>
* </ul>
* The method returns null if the target IOR contains no {@code CompoundSecMech}s or if no matching
* {@code CompoundSecMech} is found.
* </p>
* <p>
* Since this method is intended to be called from a client request interceptor, it converts unexpected exceptions
* into {@code MARSHAL} exceptions.
* </p>
*
* @param ri a reference to the current {@code ClientRequestInfo}.
* @param codec the {@code Codec} used to decode the CSIv2 components.
* @param clientSupports the client supported transport options that must be satisfied by the {@code CompoundSecMech}.
* @param clientRequires the client required transport options that must be satisfied by the {@code CompoundSecMech}.
* @return the {@code CompoundSecMech} instance that satisfies all client options, or {@code null} if no such object
* can be found.
*/
public static CompoundSecMech getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires) {
CompoundSecMechList csmList;
try {
TaggedComponent tc = ri.get_effective_component(org.omg.IOP.TAG_CSI_SEC_MECH_LIST.value);
Any any = codec.decode_value(tc.component_data, CompoundSecMechListHelper.type());
csmList = CompoundSecMechListHelper.extract(any);
// look for the first matching security mech.
for (int i = 0; i < csmList.mechanism_list.length; i++) {
CompoundSecMech securityMech = csmList.mechanism_list[i];
AS_ContextSec authConfig = securityMech.as_context_mech;
if ((EstablishTrustInTarget.value & (clientRequires ^ authConfig.target_supports) & ~authConfig.target_supports) != 0) {
// client requires EstablishTrustInTarget, but target does not support it: skip this securityMech.
continue;
}
if ((EstablishTrustInClient.value & (authConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
// target requires EstablishTrustInClient, but client does not support it: skip this securityMech.
continue;
}
SAS_ContextSec identityConfig = securityMech.sas_context_mech;
if ((IdentityAssertion.value & (identityConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
// target requires IdentityAssertion, but client does not support it: skip this securityMech
continue;
}
// found matching securityMech.
return securityMech;
}
// no matching securityMech was found.
return null;
} catch (BAD_PARAM e) {
// no component with TAG_CSI_SEC_MECH_LIST was found.
return null;
} catch (org.omg.IOP.CodecPackage.TypeMismatch e) {
// unexpected exception in codec
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
} catch (org.omg.IOP.CodecPackage.FormatMismatch e) {
// unexpected exception in codec
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
}
Aggregations