Example 6 with InvalidTypeForEncoding
use of org.omg.IOP.CodecPackage.InvalidTypeForEncoding in project wildfly by wildfly.
the class TxIORInterceptor method establish_components.
public void establish_components(IORInfo info) {
try {
// Invocation Policy = EITHER
Any any = ORB.init().create_any();
any.insert_short(EITHER);
byte[] taggedComponentData = codec.encode_value(any);
info.add_ior_component(new TaggedComponent(TAG_INV_POLICY, taggedComponentData));
// OTS Policy = ADAPTS
any = ORB.init().create_any();
any.insert_short(ADAPTS);
taggedComponentData = codec.encode_value(any);
info.add_ior_component(new TaggedComponent(TAG_OTS_POLICY, taggedComponentData));
} catch (InvalidTypeForEncoding e) {
throw IIOPLogger.ROOT_LOGGER.errorEncodingContext(e);
}
}
Also used :
TaggedComponent(org.omg.IOP.TaggedComponent)
Any(org.omg.CORBA.Any)
InvalidTypeForEncoding(org.omg.IOP.CodecPackage.InvalidTypeForEncoding)
Example 7 with InvalidTypeForEncoding
use of org.omg.IOP.CodecPackage.InvalidTypeForEncoding in project wildfly by wildfly.
the class CSIv2Util method createTransportMech.
/**
* <p>
* Create a transport mechanism {@code TaggedComponent} to be stuffed into a {@code CompoundSecMech}.
* </p>
* <p>
* If no {@code TransportConfig} metadata is specified, or ssl port is negative, or the specified metadata indicates
* that transport config is not supported, then a {@code TAG_NULL_TAG} (empty) {@code TaggedComponent} will be returned.
* </p>
* <p>
* Otherwise a {@code org.omg.CSIIOP.TLS_SEC_TRANS}, tagged as {@code TAG_TLS_SEC_TRANS} will be returned, indicating support
* for TLS/SSL as a CSIv2 transport mechanism.
* </p>
* <p>
* Multiple {@code TransportAddress} may be included in the SSL info (host/port pairs), but we only include one.
* </p>
*
* @param tconfig the transport configuration metadata.
* @param codec the {@code Codec} used to encode the transport configuration.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code TaggedComponent}.
*/
public static TaggedComponent createTransportMech(IORTransportConfigMetaData tconfig, Codec codec, int sslPort, ORB orb) {
TaggedComponent tc;
// what we support and require as a target.
int support = 0;
int require = 0;
if (tconfig != null) {
require = createTargetRequires(tconfig);
support = createTargetSupports(tconfig);
}
if (tconfig == null || support == 0 || sslPort == 0) {
// no support for transport security.
tc = new TaggedComponent(TAG_NULL_TAG.value, new byte[0]);
} else {
// my ip address.
String host = CorbaORBService.getORBProperty(Constants.ORB_ADDRESS);
// this will create only one transport address.
TransportAddress[] taList = createTransportAddress(host, sslPort);
TLS_SEC_TRANS tst = new TLS_SEC_TRANS((short) support, (short) require, taList);
// The tricky part, we must encode TLS_SEC_TRANS into an octet sequence.
try {
Any any = orb.create_any();
TLS_SEC_TRANSHelper.insert(any, tst);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_TLS_SEC_TRANS.value, b);
} catch (InvalidTypeForEncoding e) {
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
}
return tc;
}
Also used :
TAG_TLS_SEC_TRANS(org.omg.CSIIOP.TAG_TLS_SEC_TRANS)
TLS_SEC_TRANS(org.omg.CSIIOP.TLS_SEC_TRANS)
TaggedComponent(org.omg.IOP.TaggedComponent)
TransportAddress(org.omg.CSIIOP.TransportAddress)
Any(org.omg.CORBA.Any)
InvalidTypeForEncoding(org.omg.IOP.CodecPackage.InvalidTypeForEncoding)
Example 8 with InvalidTypeForEncoding
use of org.omg.IOP.CodecPackage.InvalidTypeForEncoding in project wildfly by wildfly.
the class SASClientIdentityInterceptor method send_request.
@Override
public void send_request(ClientRequestInfo ri) {
try {
CompoundSecMech secMech = CSIv2Util.getMatchingSecurityMech(ri, codec, (short) (EstablishTrustInClient.value + IdentityAssertion.value), /* client supports */
(short) 0);
if (secMech == null) {
return;
}
if (IIOPLogger.ROOT_LOGGER.isTraceEnabled()) {
StringBuilder tmp = new StringBuilder();
CSIv2Util.toString(secMech, tmp);
IIOPLogger.ROOT_LOGGER.trace(tmp);
}
// these "null tokens" will be changed if needed.
IdentityToken identityToken = absentIdentityToken;
byte[] encodedAuthenticationToken = noAuthenticationToken;
if ((secMech.sas_context_mech.target_supports & IdentityAssertion.value) != 0) {
// will create identity token.
RunAs runAs = SecurityActions.peekRunAsIdentity();
Principal p = (runAs != null) ? runAs : SecurityActions.getPrincipal();
if (p != null) {
// The name scope needs to be externalized.
String name = p.getName();
if (name.indexOf('@') < 0) {
// hardcoded (REVISIT!)
name += "@default";
}
byte[] principalName = name.getBytes(StandardCharsets.UTF_8);
// encode the principal name as mandated by RFC2743.
byte[] encodedName = CSIv2Util.encodeGssExportedName(principalName);
// encapsulate the encoded name.
Any any = ORB.init().create_any();
byte[] encapsulatedEncodedName;
GSS_NT_ExportedNameHelper.insert(any, encodedName);
try {
encapsulatedEncodedName = codec.encode_value(any);
} catch (InvalidTypeForEncoding e) {
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
// create identity token.
identityToken = new IdentityToken();
identityToken.principal_name(encapsulatedEncodedName);
} else if ((secMech.sas_context_mech.supported_identity_types & ITTAnonymous.value) != 0) {
// no run-as or caller identity and the target supports ITTAnonymous: use the anonymous identity.
identityToken = new IdentityToken();
identityToken.anonymous(true);
}
}
if ((secMech.as_context_mech.target_requires & EstablishTrustInClient.value) != 0) {
// will create authentication token with the configured pair serverUsername/serverPassword.
byte[] encodedTargetName = secMech.as_context_mech.target_name;
String name = serverUsername;
if (name.indexOf('@') < 0) {
byte[] decodedTargetName = CSIv2Util.decodeGssExportedName(encodedTargetName);
String targetName = new String(decodedTargetName, StandardCharsets.UTF_8);
// "@default"
name += "@" + targetName;
}
byte[] username = name.getBytes(StandardCharsets.UTF_8);
// I don't know why there is not a better way to go from char[] -> byte[].
byte[] password = serverPassword.getBytes(StandardCharsets.UTF_8);
// create authentication token
InitialContextToken authenticationToken = new InitialContextToken(username, password, encodedTargetName);
// ASN.1-encode it, as defined in RFC 2743.
encodedAuthenticationToken = CSIv2Util.encodeInitialContextToken(authenticationToken, codec);
}
if (identityToken != absentIdentityToken || encodedAuthenticationToken != noAuthenticationToken) {
// at least one non-null token was created, create EstablishContext message with it.
EstablishContext message = new // stateless ctx id
EstablishContext(// stateless ctx id
0, noAuthorizationToken, identityToken, encodedAuthenticationToken);
// create SAS context with the EstablishContext message.
SASContextBody contextBody = new SASContextBody();
contextBody.establish_msg(message);
// stuff the SAS context into the outgoing request.
Any any = ORB.init().create_any();
SASContextBodyHelper.insert(any, contextBody);
ServiceContext sc = new ServiceContext(sasContextId, codec.encode_value(any));
ri.add_request_service_context(sc, true);
}
} catch (InvalidTypeForEncoding e) {
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
}
Also used :
CompoundSecMech(org.omg.CSIIOP.CompoundSecMech)
ServiceContext(org.omg.IOP.ServiceContext)
RunAs(org.jboss.security.RunAs)
SASContextBody(org.omg.CSI.SASContextBody)
Any(org.omg.CORBA.Any)
InvalidTypeForEncoding(org.omg.IOP.CodecPackage.InvalidTypeForEncoding)
IdentityToken(org.omg.CSI.IdentityToken)
InitialContextToken(org.omg.GSSUP.InitialContextToken)
EstablishContext(org.omg.CSI.EstablishContext)
Principal(java.security.Principal)
Aggregations
InvalidTypeForEncoding (org.omg.IOP.CodecPackage.InvalidTypeForEncoding)8
Any (org.omg.CORBA.Any)6
ServiceContext (org.omg.IOP.ServiceContext)4
TaggedComponent (org.omg.IOP.TaggedComponent)4
CompoundSecMech (org.omg.CSIIOP.CompoundSecMech)3
Principal (java.security.Principal)2
EstablishContext (org.omg.CSI.EstablishContext)2
IdentityToken (org.omg.CSI.IdentityToken)2
SASContextBody (org.omg.CSI.SASContextBody)2
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
RunAs (org.jboss.security.RunAs)1
CompoundSecMechList (org.omg.CSIIOP.CompoundSecMechList)1
TAG_TLS_SEC_TRANS (org.omg.CSIIOP.TAG_TLS_SEC_TRANS)1
TLS_SEC_TRANS (org.omg.CSIIOP.TLS_SEC_TRANS)1
TransportAddress (org.omg.CSIIOP.TransportAddress)1
InitialContextToken (org.omg.GSSUP.InitialContextToken)1
SSL (org.omg.SSLIOP.SSL)1
AuthenticationConfiguration (org.wildfly.security.auth.client.AuthenticationConfiguration)1
