use of org.omg.CSIIOP.TLS_SEC_TRANS in project wildfly by wildfly.
the class CSIV2IORToSocketInfo method selectSSLTransportAddress.
private TransportAddress selectSSLTransportAddress(IOR ior) {
CompoundSecMechList compoundSecMechList = readCompoundSecMechList(ior);
if (compoundSecMechList != null) {
for (CompoundSecMech mech : compoundSecMechList.mechanism_list) {
TLS_SEC_TRANS sslMech = extractTlsSecTrans(ior, mech);
if (sslMech == null) {
continue;
}
boolean targetSupportsSsl = checkSSL(sslMech.target_supports);
boolean targetRequiresSsl = checkSSL(sslMech.target_requires);
if (!targetSupportsSsl && clientRequiresSsl) {
throw IIOPLogger.ROOT_LOGGER.serverDoesNotSupportSsl();
}
if (targetSupportsSsl && (targetRequiresSsl || clientRequiresSsl)) {
return extractAddress(sslMech);
}
}
}
return null;
}
use of org.omg.CSIIOP.TLS_SEC_TRANS in project wildfly by wildfly.
the class CSIv2Util method createTransportMech.
/**
* <p>
* Create a transport mechanism {@code TaggedComponent} to be stuffed into a {@code CompoundSecMech}.
* </p>
* <p>
* If no {@code TransportConfig} metadata is specified, or ssl port is negative, or the specified metadata indicates
* that transport config is not supported, then a {@code TAG_NULL_TAG} (empty) {@code TaggedComponent} will be returned.
* </p>
* <p>
* Otherwise a {@code org.omg.CSIIOP.TLS_SEC_TRANS}, tagged as {@code TAG_TLS_SEC_TRANS} will be returned, indicating support
* for TLS/SSL as a CSIv2 transport mechanism.
* </p>
* <p>
* Multiple {@code TransportAddress} may be included in the SSL info (host/port pairs), but we only include one.
* </p>
*
* @param tconfig the transport configuration metadata.
* @param codec the {@code Codec} used to encode the transport configuration.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code TaggedComponent}.
*/
public static TaggedComponent createTransportMech(IORTransportConfigMetaData tconfig, Codec codec, int sslPort, ORB orb) {
TaggedComponent tc;
// what we support and require as a target.
int support = 0;
int require = 0;
if (tconfig != null) {
require = createTargetRequires(tconfig);
support = createTargetSupports(tconfig);
}
if (tconfig == null || support == 0 || sslPort == 0) {
// no support for transport security.
tc = new TaggedComponent(TAG_NULL_TAG.value, new byte[0]);
} else {
// my ip address.
String host = CorbaORBService.getORBProperty(Constants.ORB_ADDRESS);
// this will create only one transport address.
TransportAddress[] taList = createTransportAddress(host, sslPort);
TLS_SEC_TRANS tst = new TLS_SEC_TRANS((short) support, (short) require, taList);
// The tricky part, we must encode TLS_SEC_TRANS into an octet sequence.
try {
Any any = orb.create_any();
TLS_SEC_TRANSHelper.insert(any, tst);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_TLS_SEC_TRANS.value, b);
} catch (InvalidTypeForEncoding e) {
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
}
return tc;
}
Aggregations