Search in sources :

Example 1 with TLS_SEC_TRANS

use of org.omg.CSIIOP.TLS_SEC_TRANS in project wildfly by wildfly.

the class CSIV2IORToSocketInfo method selectSSLTransportAddress.

private TransportAddress selectSSLTransportAddress(IOR ior) {
    CompoundSecMechList compoundSecMechList = readCompoundSecMechList(ior);
    if (compoundSecMechList != null) {
        for (CompoundSecMech mech : compoundSecMechList.mechanism_list) {
            TLS_SEC_TRANS sslMech = extractTlsSecTrans(ior, mech);
            if (sslMech == null) {
                continue;
            }
            boolean targetSupportsSsl = checkSSL(sslMech.target_supports);
            boolean targetRequiresSsl = checkSSL(sslMech.target_requires);
            if (!targetSupportsSsl && clientRequiresSsl) {
                throw IIOPLogger.ROOT_LOGGER.serverDoesNotSupportSsl();
            }
            if (targetSupportsSsl && (targetRequiresSsl || clientRequiresSsl)) {
                return extractAddress(sslMech);
            }
        }
    }
    return null;
}
Also used : TAG_TLS_SEC_TRANS(org.omg.CSIIOP.TAG_TLS_SEC_TRANS) TLS_SEC_TRANS(org.omg.CSIIOP.TLS_SEC_TRANS) CompoundSecMechList(org.omg.CSIIOP.CompoundSecMechList) CompoundSecMech(org.omg.CSIIOP.CompoundSecMech)

Example 2 with TLS_SEC_TRANS

use of org.omg.CSIIOP.TLS_SEC_TRANS in project wildfly by wildfly.

the class CSIv2Util method createTransportMech.

/**
 * <p>
 * Create a transport mechanism {@code TaggedComponent} to be stuffed into a {@code CompoundSecMech}.
 * </p>
 * <p>
 * If no {@code TransportConfig} metadata is specified, or ssl port is negative, or the specified metadata indicates
 * that transport config is not supported, then a {@code TAG_NULL_TAG} (empty) {@code TaggedComponent} will be returned.
 * </p>
 * <p>
 * Otherwise a {@code org.omg.CSIIOP.TLS_SEC_TRANS}, tagged as {@code TAG_TLS_SEC_TRANS} will be returned, indicating support
 * for TLS/SSL as a CSIv2 transport mechanism.
 * </p>
 * <p>
 * Multiple {@code TransportAddress} may be included in the SSL info (host/port pairs), but we only include one.
 * </p>
 *
 * @param tconfig the transport configuration metadata.
 * @param codec   the {@code Codec} used to encode the transport configuration.
 * @param sslPort an {@code int} representing the SSL port.
 * @param orb     a reference to the running {@code ORB}.
 * @return the constructed {@code TaggedComponent}.
 */
public static TaggedComponent createTransportMech(IORTransportConfigMetaData tconfig, Codec codec, int sslPort, ORB orb) {
    TaggedComponent tc;
    // what we support and require as a target.
    int support = 0;
    int require = 0;
    if (tconfig != null) {
        require = createTargetRequires(tconfig);
        support = createTargetSupports(tconfig);
    }
    if (tconfig == null || support == 0 || sslPort == 0) {
        // no support for transport security.
        tc = new TaggedComponent(TAG_NULL_TAG.value, new byte[0]);
    } else {
        // my ip address.
        String host = CorbaORBService.getORBProperty(Constants.ORB_ADDRESS);
        // this will create only one transport address.
        TransportAddress[] taList = createTransportAddress(host, sslPort);
        TLS_SEC_TRANS tst = new TLS_SEC_TRANS((short) support, (short) require, taList);
        // The tricky part, we must encode TLS_SEC_TRANS into an octet sequence.
        try {
            Any any = orb.create_any();
            TLS_SEC_TRANSHelper.insert(any, tst);
            byte[] b = codec.encode_value(any);
            tc = new TaggedComponent(TAG_TLS_SEC_TRANS.value, b);
        } catch (InvalidTypeForEncoding e) {
            throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
        }
    }
    return tc;
}
Also used : TAG_TLS_SEC_TRANS(org.omg.CSIIOP.TAG_TLS_SEC_TRANS) TLS_SEC_TRANS(org.omg.CSIIOP.TLS_SEC_TRANS) TaggedComponent(org.omg.IOP.TaggedComponent) TransportAddress(org.omg.CSIIOP.TransportAddress) Any(org.omg.CORBA.Any) InvalidTypeForEncoding(org.omg.IOP.CodecPackage.InvalidTypeForEncoding)

Aggregations

TAG_TLS_SEC_TRANS (org.omg.CSIIOP.TAG_TLS_SEC_TRANS)2 TLS_SEC_TRANS (org.omg.CSIIOP.TLS_SEC_TRANS)2 Any (org.omg.CORBA.Any)1 CompoundSecMech (org.omg.CSIIOP.CompoundSecMech)1 CompoundSecMechList (org.omg.CSIIOP.CompoundSecMechList)1 TransportAddress (org.omg.CSIIOP.TransportAddress)1 InvalidTypeForEncoding (org.omg.IOP.CodecPackage.InvalidTypeForEncoding)1 TaggedComponent (org.omg.IOP.TaggedComponent)1