Example 1 with SAS_ContextSec
use of org.omg.CSIIOP.SAS_ContextSec in project wildfly by wildfly.
the class CSIv2Util method createSecureAttributeServiceContext.
/**
* <p>
* Create the Secure Attribute Service (SAS) context included in a {@code CompoundSecMech} definition.
* </p>
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @return the constructed {@code SAS_ContextSec} instance.
*/
public static SAS_ContextSec createSecureAttributeServiceContext(IORSecurityConfigMetaData metadata) {
SAS_ContextSec context;
// context contains target_supports, target_requires, privilige_authorities, supported_naming_mechanisms, supported_identity_types.
int support = 0;
int require = 0;
ServiceConfiguration[] privilAuth = new ServiceConfiguration[0];
byte[][] supNamMechs = {};
// 0 means ITTAbsent
int supIdenTypes = 0;
// the the SasContext metadata.
IORSASContextMetaData sasMeta = metadata.getSasContext();
// if no SAS context metadata, or caller propagation is not supported, we return with a more or less empty sas context.
if (sasMeta == null || sasMeta.getCallerPropagation().equals(IORSASContextMetaData.CALLER_PROPAGATION_NONE)) {
context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes);
} else {
support = IdentityAssertion.value;
// supporting GSSUP (username/password) naming mechanism.
byte[] upMech = createGSSUPMechOID();
supNamMechs = new byte[1][upMech.length];
System.arraycopy(upMech, 0, supNamMechs[0], 0, upMech.length);
// since we support IdentityAssertion we need to specify supported identity types. CTS says we need them all
supIdenTypes = ITTAnonymous.value | ITTPrincipalName.value | ITTX509CertChain.value | ITTDistinguishedName.value;
context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes);
}
return context;
}
Also used :
ServiceConfiguration(org.omg.CSIIOP.ServiceConfiguration)
IORSASContextMetaData(org.jboss.metadata.ejb.jboss.IORSASContextMetaData)
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
Example 2 with SAS_ContextSec
use of org.omg.CSIIOP.SAS_ContextSec in project wildfly by wildfly.
the class CSIv2Util method toString.
/**
* <p>
* Generate a string representation of the {@code CompoundSecMech}.
* </p>
*
* @param securityMech the {@code CompoundSecMech} to create the string for.
* @param builder the buffer to write to.
*/
public static void toString(CompoundSecMech securityMech, StringBuilder builder) {
AS_ContextSec asMech = securityMech != null ? securityMech.as_context_mech : null;
SAS_ContextSec sasMech = securityMech != null ? securityMech.sas_context_mech : null;
if (securityMech != null) {
builder.append("CompoundSecMech[");
builder.append("target_requires: ");
builder.append(securityMech.target_requires);
if (asMech != null) {
builder.append("AS_ContextSec[");
builder.append("client_authentication_mech: ");
builder.append(new String(asMech.client_authentication_mech, StandardCharsets.UTF_8));
builder.append(", target_name: ");
builder.append(new String(asMech.target_name, StandardCharsets.UTF_8));
builder.append(", target_requires: ");
builder.append(asMech.target_requires);
builder.append(", target_supports: ");
builder.append(asMech.target_supports);
builder.append("]");
}
if (sasMech != null) {
builder.append("SAS_ContextSec[");
builder.append("supported_identity_types: ");
builder.append(sasMech.supported_identity_types);
builder.append(", target_requires: ");
builder.append(sasMech.target_requires);
builder.append(", target_supports: ");
builder.append(sasMech.target_supports);
builder.append("]");
}
builder.append("]");
}
}
Also used :
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
AS_ContextSec(org.omg.CSIIOP.AS_ContextSec)
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
Example 3 with SAS_ContextSec
use of org.omg.CSIIOP.SAS_ContextSec in project wildfly by wildfly.
the class CSIv2Util method getMatchingSecurityMech.
/**
* <p>
* Helper method to be called from a client request interceptor. The {@code ri} parameter refers to the current
* request. This method returns the first {@code CompoundSecMech} found in the target IOR such that
* <ul>
* <li>all {@code CompoundSecMech} requirements are satisfied by the options in the {@code clientSupports}
* parameter, and</li>
* <li>every requirement in the {@code clientRequires} parameter is satisfied by the {@code CompoundSecMech}.
* </li>
* </ul>
* The method returns null if the target IOR contains no {@code CompoundSecMech}s or if no matching
* {@code CompoundSecMech} is found.
* </p>
* <p>
* Since this method is intended to be called from a client request interceptor, it converts unexpected exceptions
* into {@code MARSHAL} exceptions.
* </p>
*
* @param ri a reference to the current {@code ClientRequestInfo}.
* @param codec the {@code Codec} used to decode the CSIv2 components.
* @param clientSupports the client supported transport options that must be satisfied by the {@code CompoundSecMech}.
* @param clientRequires the client required transport options that must be satisfied by the {@code CompoundSecMech}.
* @return the {@code CompoundSecMech} instance that satisfies all client options, or {@code null} if no such object
* can be found.
*/
public static CompoundSecMech getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires) {
CompoundSecMechList csmList;
try {
TaggedComponent tc = ri.get_effective_component(org.omg.IOP.TAG_CSI_SEC_MECH_LIST.value);
Any any = codec.decode_value(tc.component_data, CompoundSecMechListHelper.type());
csmList = CompoundSecMechListHelper.extract(any);
// look for the first matching security mech.
for (int i = 0; i < csmList.mechanism_list.length; i++) {
CompoundSecMech securityMech = csmList.mechanism_list[i];
AS_ContextSec authConfig = securityMech.as_context_mech;
if ((EstablishTrustInTarget.value & (clientRequires ^ authConfig.target_supports) & ~authConfig.target_supports) != 0) {
// client requires EstablishTrustInTarget, but target does not support it: skip this securityMech.
continue;
}
if ((EstablishTrustInClient.value & (authConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
// target requires EstablishTrustInClient, but client does not support it: skip this securityMech.
continue;
}
SAS_ContextSec identityConfig = securityMech.sas_context_mech;
if ((IdentityAssertion.value & (identityConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
// target requires IdentityAssertion, but client does not support it: skip this securityMech
continue;
}
// found matching securityMech.
return securityMech;
}
// no matching securityMech was found.
return null;
} catch (BAD_PARAM e) {
// no component with TAG_CSI_SEC_MECH_LIST was found.
return null;
} catch (org.omg.IOP.CodecPackage.TypeMismatch e) {
// unexpected exception in codec
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
} catch (org.omg.IOP.CodecPackage.FormatMismatch e) {
// unexpected exception in codec
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
}
Also used :
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
AS_ContextSec(org.omg.CSIIOP.AS_ContextSec)
CompoundSecMechList(org.omg.CSIIOP.CompoundSecMechList)
TaggedComponent(org.omg.IOP.TaggedComponent)
CompoundSecMech(org.omg.CSIIOP.CompoundSecMech)
BAD_PARAM(org.omg.CORBA.BAD_PARAM)
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
Any(org.omg.CORBA.Any)
Example 4 with SAS_ContextSec
use of org.omg.CSIIOP.SAS_ContextSec in project wildfly by wildfly.
the class CSIv2Util method createCompoundSecMechanisms.
/**
* <p>
* Create a {@code org.omg.CSIIOP.CompoundSecMechanisms} which is a sequence of {@code CompoundSecMech}. Here we only
* support one security mechanism.
* </p>
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @param codec the {@code Codec} used to encode the CSIv2 security component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code CompoundSecMech} array.
*/
public static CompoundSecMech[] createCompoundSecMechanisms(IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) {
// support just 1 security mechanism for now (and ever).
CompoundSecMech[] csmList = new CompoundSecMech[1];
// a CompoundSecMech contains: target_requires, transport_mech, as_context_mech, sas_context_mech.
TaggedComponent transport_mech = createTransportMech(metadata.getTransportConfig(), codec, sslPort, orb);
// create AS Context.
AS_ContextSec asContext = createAuthenticationServiceContext(metadata);
// create SAS Context.
SAS_ContextSec sasContext = createSecureAttributeServiceContext(metadata);
// create target_requires bit field (AssociationOption) can't read directly the transport_mech TaggedComponent.
int target_requires = createTargetRequires(metadata.getTransportConfig()) | asContext.target_requires | sasContext.target_requires;
CompoundSecMech csm = new CompoundSecMech((short) target_requires, transport_mech, asContext, sasContext);
csmList[0] = csm;
return csmList;
}
Also used :
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
AS_ContextSec(org.omg.CSIIOP.AS_ContextSec)
CompoundSecMech(org.omg.CSIIOP.CompoundSecMech)
TaggedComponent(org.omg.IOP.TaggedComponent)
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
Aggregations
SAS_ContextSec (org.omg.CSIIOP.SAS_ContextSec)4
AS_ContextSec (org.omg.CSIIOP.AS_ContextSec)3
CompoundSecMech (org.omg.CSIIOP.CompoundSecMech)2
TaggedComponent (org.omg.IOP.TaggedComponent)2
IORSASContextMetaData (org.jboss.metadata.ejb.jboss.IORSASContextMetaData)1
Any (org.omg.CORBA.Any)1
BAD_PARAM (org.omg.CORBA.BAD_PARAM)1
CompoundSecMechList (org.omg.CSIIOP.CompoundSecMechList)1
ServiceConfiguration (org.omg.CSIIOP.ServiceConfiguration)1
