Search in sources :

Example 1 with SAS_ContextSec

use of org.omg.CSIIOP.SAS_ContextSec in project wildfly by wildfly.

the class CSIv2Util method createSecureAttributeServiceContext.

/**
     * <p>
     * Create the Secure Attribute Service (SAS) context included in a {@code CompoundSecMech} definition.
     * </p>
     *
     * @param metadata the metadata object that contains the CSIv2 security configuration info.
     * @return the constructed {@code SAS_ContextSec} instance.
     */
public static SAS_ContextSec createSecureAttributeServiceContext(IORSecurityConfigMetaData metadata) {
    SAS_ContextSec context;
    // context contains target_supports, target_requires, privilige_authorities, supported_naming_mechanisms, supported_identity_types.
    int support = 0;
    int require = 0;
    ServiceConfiguration[] privilAuth = new ServiceConfiguration[0];
    byte[][] supNamMechs = {};
    // 0 means ITTAbsent
    int supIdenTypes = 0;
    // the the SasContext metadata.
    IORSASContextMetaData sasMeta = metadata.getSasContext();
    // if no SAS context metadata, or caller propagation is not supported, we return with a more or less empty sas context.
    if (sasMeta == null || sasMeta.getCallerPropagation().equals(IORSASContextMetaData.CALLER_PROPAGATION_NONE)) {
        context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes);
    } else {
        support = IdentityAssertion.value;
        // supporting GSSUP (username/password) naming mechanism.
        byte[] upMech = createGSSUPMechOID();
        supNamMechs = new byte[1][upMech.length];
        System.arraycopy(upMech, 0, supNamMechs[0], 0, upMech.length);
        // since we support IdentityAssertion we need to specify supported identity types. CTS says we need them all
        supIdenTypes = ITTAnonymous.value | ITTPrincipalName.value | ITTX509CertChain.value | ITTDistinguishedName.value;
        context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes);
    }
    return context;
}
Also used : ServiceConfiguration(org.omg.CSIIOP.ServiceConfiguration) IORSASContextMetaData(org.jboss.metadata.ejb.jboss.IORSASContextMetaData) SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)

Example 2 with SAS_ContextSec

use of org.omg.CSIIOP.SAS_ContextSec in project wildfly by wildfly.

the class CSIv2Util method toString.

/**
     * <p>
     * Generate a string representation of the {@code CompoundSecMech}.
     * </p>
     *
     * @param securityMech the {@code CompoundSecMech} to create the string for.
     * @param builder      the buffer to write to.
     */
public static void toString(CompoundSecMech securityMech, StringBuilder builder) {
    AS_ContextSec asMech = securityMech != null ? securityMech.as_context_mech : null;
    SAS_ContextSec sasMech = securityMech != null ? securityMech.sas_context_mech : null;
    if (securityMech != null) {
        builder.append("CompoundSecMech[");
        builder.append("target_requires: ");
        builder.append(securityMech.target_requires);
        if (asMech != null) {
            builder.append("AS_ContextSec[");
            builder.append("client_authentication_mech: ");
            builder.append(new String(asMech.client_authentication_mech, StandardCharsets.UTF_8));
            builder.append(", target_name: ");
            builder.append(new String(asMech.target_name, StandardCharsets.UTF_8));
            builder.append(", target_requires: ");
            builder.append(asMech.target_requires);
            builder.append(", target_supports: ");
            builder.append(asMech.target_supports);
            builder.append("]");
        }
        if (sasMech != null) {
            builder.append("SAS_ContextSec[");
            builder.append("supported_identity_types: ");
            builder.append(sasMech.supported_identity_types);
            builder.append(", target_requires: ");
            builder.append(sasMech.target_requires);
            builder.append(", target_supports: ");
            builder.append(sasMech.target_supports);
            builder.append("]");
        }
        builder.append("]");
    }
}
Also used : SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) AS_ContextSec(org.omg.CSIIOP.AS_ContextSec) SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)

Example 3 with SAS_ContextSec

use of org.omg.CSIIOP.SAS_ContextSec in project wildfly by wildfly.

the class CSIv2Util method getMatchingSecurityMech.

/**
     * <p>
     * Helper method to be called from a client request interceptor. The {@code ri} parameter refers to the current
     * request. This method returns the first {@code CompoundSecMech} found in the target IOR such that
     * <ul>
     * <li>all {@code CompoundSecMech} requirements are satisfied by the options in the {@code clientSupports}
     * parameter, and</li>
     * <li>every requirement in the {@code clientRequires} parameter is satisfied by the {@code CompoundSecMech}.
     * </li>
     * </ul>
     * The method returns null if the target IOR contains no {@code CompoundSecMech}s or if no matching
     * {@code CompoundSecMech} is found.
     * </p>
     * <p>
     * Since this method is intended to be called from a client request interceptor, it converts unexpected exceptions
     * into {@code MARSHAL} exceptions.
     * </p>
     *
     * @param ri             a reference to the current {@code ClientRequestInfo}.
     * @param codec          the {@code Codec} used to decode the CSIv2 components.
     * @param clientSupports the client supported transport options that must be satisfied by the {@code CompoundSecMech}.
     * @param clientRequires the client required transport options that must be satisfied by the {@code CompoundSecMech}.
     * @return the {@code CompoundSecMech} instance that satisfies all client options, or {@code null} if no such object
     *         can be found.
     */
public static CompoundSecMech getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires) {
    CompoundSecMechList csmList;
    try {
        TaggedComponent tc = ri.get_effective_component(org.omg.IOP.TAG_CSI_SEC_MECH_LIST.value);
        Any any = codec.decode_value(tc.component_data, CompoundSecMechListHelper.type());
        csmList = CompoundSecMechListHelper.extract(any);
        // look for the first matching security mech.
        for (int i = 0; i < csmList.mechanism_list.length; i++) {
            CompoundSecMech securityMech = csmList.mechanism_list[i];
            AS_ContextSec authConfig = securityMech.as_context_mech;
            if ((EstablishTrustInTarget.value & (clientRequires ^ authConfig.target_supports) & ~authConfig.target_supports) != 0) {
                // client requires EstablishTrustInTarget, but target does not support it: skip this securityMech.
                continue;
            }
            if ((EstablishTrustInClient.value & (authConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
                // target requires EstablishTrustInClient, but client does not support it: skip this securityMech.
                continue;
            }
            SAS_ContextSec identityConfig = securityMech.sas_context_mech;
            if ((IdentityAssertion.value & (identityConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
                // target requires IdentityAssertion, but client does not support it: skip this securityMech
                continue;
            }
            // found matching securityMech.
            return securityMech;
        }
        // no matching securityMech was found.
        return null;
    } catch (BAD_PARAM e) {
        // no component with TAG_CSI_SEC_MECH_LIST was found.
        return null;
    } catch (org.omg.IOP.CodecPackage.TypeMismatch e) {
        // unexpected exception in codec
        throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
    } catch (org.omg.IOP.CodecPackage.FormatMismatch e) {
        // unexpected exception in codec
        throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
    }
}
Also used : SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) AS_ContextSec(org.omg.CSIIOP.AS_ContextSec) CompoundSecMechList(org.omg.CSIIOP.CompoundSecMechList) TaggedComponent(org.omg.IOP.TaggedComponent) CompoundSecMech(org.omg.CSIIOP.CompoundSecMech) BAD_PARAM(org.omg.CORBA.BAD_PARAM) SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) Any(org.omg.CORBA.Any)

Example 4 with SAS_ContextSec

use of org.omg.CSIIOP.SAS_ContextSec in project wildfly by wildfly.

the class CSIv2Util method createCompoundSecMechanisms.

/**
     * <p>
     * Create a {@code org.omg.CSIIOP.CompoundSecMechanisms} which is a sequence of {@code CompoundSecMech}. Here we only
     * support one security mechanism.
     * </p>
     *
     * @param metadata the metadata object that contains the CSIv2 security configuration info.
     * @param codec    the {@code Codec} used to encode the CSIv2 security component.
     * @param sslPort  an {@code int} representing the SSL port.
     * @param orb      a reference to the running {@code ORB}.
     * @return the constructed {@code CompoundSecMech} array.
     */
public static CompoundSecMech[] createCompoundSecMechanisms(IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) {
    // support just 1 security mechanism for now (and ever).
    CompoundSecMech[] csmList = new CompoundSecMech[1];
    // a CompoundSecMech contains: target_requires, transport_mech, as_context_mech, sas_context_mech.
    TaggedComponent transport_mech = createTransportMech(metadata.getTransportConfig(), codec, sslPort, orb);
    // create AS Context.
    AS_ContextSec asContext = createAuthenticationServiceContext(metadata);
    // create SAS Context.
    SAS_ContextSec sasContext = createSecureAttributeServiceContext(metadata);
    // create target_requires bit field (AssociationOption) can't read directly the transport_mech TaggedComponent.
    int target_requires = createTargetRequires(metadata.getTransportConfig()) | asContext.target_requires | sasContext.target_requires;
    CompoundSecMech csm = new CompoundSecMech((short) target_requires, transport_mech, asContext, sasContext);
    csmList[0] = csm;
    return csmList;
}
Also used : SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec) AS_ContextSec(org.omg.CSIIOP.AS_ContextSec) CompoundSecMech(org.omg.CSIIOP.CompoundSecMech) TaggedComponent(org.omg.IOP.TaggedComponent) SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)

Aggregations

SAS_ContextSec (org.omg.CSIIOP.SAS_ContextSec)4 AS_ContextSec (org.omg.CSIIOP.AS_ContextSec)3 CompoundSecMech (org.omg.CSIIOP.CompoundSecMech)2 TaggedComponent (org.omg.IOP.TaggedComponent)2 IORSASContextMetaData (org.jboss.metadata.ejb.jboss.IORSASContextMetaData)1 Any (org.omg.CORBA.Any)1 BAD_PARAM (org.omg.CORBA.BAD_PARAM)1 CompoundSecMechList (org.omg.CSIIOP.CompoundSecMechList)1 ServiceConfiguration (org.omg.CSIIOP.ServiceConfiguration)1