Search in sources :

Example 1 with AS_ContextSec

use of org.omg.CSIIOP.AS_ContextSec in project wildfly by wildfly.

the class CSIv2Util method toString.

/**
 * <p>
 * Generate a string representation of the {@code CompoundSecMech}.
 * </p>
 *
 * @param securityMech the {@code CompoundSecMech} to create the string for.
 * @param builder      the buffer to write to.
 */
public static void toString(CompoundSecMech securityMech, StringBuilder builder) {
    AS_ContextSec asMech = securityMech != null ? securityMech.as_context_mech : null;
    SAS_ContextSec sasMech = securityMech != null ? securityMech.sas_context_mech : null;
    if (securityMech != null) {
        builder.append("CompoundSecMech[");
        builder.append("target_requires: ");
        builder.append(securityMech.target_requires);
        if (asMech != null) {
            builder.append("AS_ContextSec[");
            builder.append("client_authentication_mech: ");
            builder.append(new String(asMech.client_authentication_mech, StandardCharsets.UTF_8));
            builder.append(", target_name: ");
            builder.append(new String(asMech.target_name, StandardCharsets.UTF_8));
            builder.append(", target_requires: ");
            builder.append(asMech.target_requires);
            builder.append(", target_supports: ");
            builder.append(asMech.target_supports);
            builder.append("]");
        }
        if (sasMech != null) {
            builder.append("SAS_ContextSec[");
            builder.append("supported_identity_types: ");
            builder.append(sasMech.supported_identity_types);
            builder.append(", target_requires: ");
            builder.append(sasMech.target_requires);
            builder.append(", target_supports: ");
            builder.append(sasMech.target_supports);
            builder.append("]");
        }
        builder.append("]");
    }
}
Also used : SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) AS_ContextSec(org.omg.CSIIOP.AS_ContextSec) SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)

Example 2 with AS_ContextSec

use of org.omg.CSIIOP.AS_ContextSec in project wildfly by wildfly.

the class CSIv2Util method createAuthenticationServiceContext.

/**
 * <p>
 * Create the client Authentication Service (AS) context included in a {@code CompoundSecMech} definition.
 * </p>
 *
 * @param metadata the metadata object that contains the CSIv2 security configuration info.
 * @return the constructed {@code AS_ContextSec} instance.
 */
public static AS_ContextSec createAuthenticationServiceContext(IORSecurityConfigMetaData metadata) {
    AS_ContextSec context;
    // the content of the context.
    int support = 0;
    int require = 0;
    byte[] clientAuthMech = {};
    byte[] targetName = {};
    IORASContextMetaData asMeta = metadata.getAsContext();
    // if no AS context metatada exists, or authentication method "none" is specified, we can produce an empty AS context.
    if (asMeta == null || asMeta.getAuthMethod().equals(IORASContextMetaData.AUTH_METHOD_NONE)) {
        context = new AS_ContextSec((short) support, (short) require, clientAuthMech, targetName);
    } else {
        // we do support.
        support = EstablishTrustInClient.value;
        // required depends on the metadata.
        if (asMeta.isRequired()) {
            require = EstablishTrustInClient.value;
        }
        // we only support GSSUP authentication method.
        clientAuthMech = createGSSUPMechOID();
        // finally, encode the "realm" name as a CSI.GSS_NT_ExportedName.
        // clientAuthMech should contain the DER encoded GSSUPMechOID at this point.
        String realm = asMeta.getRealm();
        targetName = createGSSExportedName(clientAuthMech, realm.getBytes(StandardCharsets.UTF_8));
        context = new AS_ContextSec((short) support, (short) require, clientAuthMech, targetName);
    }
    return context;
}
Also used : SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) AS_ContextSec(org.omg.CSIIOP.AS_ContextSec) IORASContextMetaData(org.jboss.metadata.ejb.jboss.IORASContextMetaData)

Example 3 with AS_ContextSec

use of org.omg.CSIIOP.AS_ContextSec in project wildfly by wildfly.

the class CSIv2Util method createCompoundSecMechanisms.

/**
 * <p>
 * Create a {@code org.omg.CSIIOP.CompoundSecMechanisms} which is a sequence of {@code CompoundSecMech}. Here we only
 * support one security mechanism.
 * </p>
 *
 * @param metadata the metadata object that contains the CSIv2 security configuration info.
 * @param codec    the {@code Codec} used to encode the CSIv2 security component.
 * @param sslPort  an {@code int} representing the SSL port.
 * @param orb      a reference to the running {@code ORB}.
 * @return the constructed {@code CompoundSecMech} array.
 */
public static CompoundSecMech[] createCompoundSecMechanisms(IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) {
    // support just 1 security mechanism for now (and ever).
    CompoundSecMech[] csmList = new CompoundSecMech[1];
    // a CompoundSecMech contains: target_requires, transport_mech, as_context_mech, sas_context_mech.
    TaggedComponent transport_mech = createTransportMech(metadata.getTransportConfig(), codec, sslPort, orb);
    // create AS Context.
    AS_ContextSec asContext = createAuthenticationServiceContext(metadata);
    // create SAS Context.
    SAS_ContextSec sasContext = createSecureAttributeServiceContext(metadata);
    // create target_requires bit field (AssociationOption) can't read directly the transport_mech TaggedComponent.
    int target_requires = createTargetRequires(metadata.getTransportConfig()) | asContext.target_requires | sasContext.target_requires;
    CompoundSecMech csm = new CompoundSecMech((short) target_requires, transport_mech, asContext, sasContext);
    csmList[0] = csm;
    return csmList;
}
Also used : SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) AS_ContextSec(org.omg.CSIIOP.AS_ContextSec) CompoundSecMech(org.omg.CSIIOP.CompoundSecMech) TaggedComponent(org.omg.IOP.TaggedComponent) SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)

Example 4 with AS_ContextSec

use of org.omg.CSIIOP.AS_ContextSec in project wildfly by wildfly.

the class CSIv2Util method getMatchingSecurityMech.

/**
 * <p>
 * Helper method to be called from a client request interceptor. The {@code ri} parameter refers to the current
 * request. This method returns the first {@code CompoundSecMech} found in the target IOR such that
 * <ul>
 * <li>all {@code CompoundSecMech} requirements are satisfied by the options in the {@code clientSupports}
 * parameter, and</li>
 * <li>every requirement in the {@code clientRequires} parameter is satisfied by the {@code CompoundSecMech}.
 * </li>
 * </ul>
 * The method returns null if the target IOR contains no {@code CompoundSecMech}s or if no matching
 * {@code CompoundSecMech} is found.
 * </p>
 * <p>
 * Since this method is intended to be called from a client request interceptor, it converts unexpected exceptions
 * into {@code MARSHAL} exceptions.
 * </p>
 *
 * @param ri             a reference to the current {@code ClientRequestInfo}.
 * @param codec          the {@code Codec} used to decode the CSIv2 components.
 * @param clientSupports the client supported transport options that must be satisfied by the {@code CompoundSecMech}.
 * @param clientRequires the client required transport options that must be satisfied by the {@code CompoundSecMech}.
 * @return the {@code CompoundSecMech} instance that satisfies all client options, or {@code null} if no such object
 *         can be found.
 */
public static CompoundSecMech getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires) {
    CompoundSecMechList csmList;
    try {
        TaggedComponent tc = ri.get_effective_component(org.omg.IOP.TAG_CSI_SEC_MECH_LIST.value);
        Any any = codec.decode_value(tc.component_data, CompoundSecMechListHelper.type());
        csmList = CompoundSecMechListHelper.extract(any);
        // look for the first matching security mech.
        for (int i = 0; i < csmList.mechanism_list.length; i++) {
            CompoundSecMech securityMech = csmList.mechanism_list[i];
            AS_ContextSec authConfig = securityMech.as_context_mech;
            if ((EstablishTrustInTarget.value & (clientRequires ^ authConfig.target_supports) & ~authConfig.target_supports) != 0) {
                // client requires EstablishTrustInTarget, but target does not support it: skip this securityMech.
                continue;
            }
            if ((EstablishTrustInClient.value & (authConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
                // target requires EstablishTrustInClient, but client does not support it: skip this securityMech.
                continue;
            }
            SAS_ContextSec identityConfig = securityMech.sas_context_mech;
            if ((IdentityAssertion.value & (identityConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
                // target requires IdentityAssertion, but client does not support it: skip this securityMech
                continue;
            }
            // found matching securityMech.
            return securityMech;
        }
        // no matching securityMech was found.
        return null;
    } catch (BAD_PARAM e) {
        // no component with TAG_CSI_SEC_MECH_LIST was found.
        return null;
    } catch (org.omg.IOP.CodecPackage.TypeMismatch e) {
        // unexpected exception in codec
        throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
    } catch (org.omg.IOP.CodecPackage.FormatMismatch e) {
        // unexpected exception in codec
        throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
    }
}
Also used : SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) AS_ContextSec(org.omg.CSIIOP.AS_ContextSec) CompoundSecMechList(org.omg.CSIIOP.CompoundSecMechList) TaggedComponent(org.omg.IOP.TaggedComponent) CompoundSecMech(org.omg.CSIIOP.CompoundSecMech) BAD_PARAM(org.omg.CORBA.BAD_PARAM) SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) Any(org.omg.CORBA.Any)

Aggregations

AS_ContextSec (org.omg.CSIIOP.AS_ContextSec)4 SAS_ContextSec (org.omg.CSIIOP.SAS_ContextSec)4 CompoundSecMech (org.omg.CSIIOP.CompoundSecMech)2 TaggedComponent (org.omg.IOP.TaggedComponent)2 IORASContextMetaData (org.jboss.metadata.ejb.jboss.IORASContextMetaData)1 Any (org.omg.CORBA.Any)1 BAD_PARAM (org.omg.CORBA.BAD_PARAM)1 CompoundSecMechList (org.omg.CSIIOP.CompoundSecMechList)1