use of org.omg.SSLIOP.SSL in project wildfly by wildfly.
the class CSIv2Util method createSSLTaggedComponent.
/**
* <p>
* Return a top-level {@code IOP::TaggedComponent} to be stuffed into an IOR, containing a structure
* {@code SSLIOP::SSL}, tagged as {@code TAG_SSL_SEC_TRANS}.
* </p>
* <p>
* Should be called with non-null metadata, in which case we probably don't want to include security info in the IOR.
* </p>
*
* @param metadata the metadata object that contains the SSL configuration info.
* @param codec the {@code Codec} used to encode the SSL component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return a {@code TaggedComponent} representing the encoded SSL component.
*/
public static TaggedComponent createSSLTaggedComponent(IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) {
if (metadata == null) {
IIOPLogger.ROOT_LOGGER.debug("Method createSSLTaggedComponent() called with null metadata");
return null;
}
if (sslPort == 0) {
// no support for transport security.
return null;
}
TaggedComponent tc;
try {
int supports = createTargetSupports(metadata.getTransportConfig());
int requires = createTargetRequires(metadata.getTransportConfig());
SSL ssl = new SSL((short) supports, (short) requires, (short) sslPort);
Any any = orb.create_any();
SSLHelper.insert(any, ssl);
byte[] componentData = codec.encode_value(any);
tc = new TaggedComponent(TAG_SSL_SEC_TRANS.value, componentData);
} catch (InvalidTypeForEncoding e) {
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
return tc;
}
use of org.omg.SSLIOP.SSL in project wildfly by wildfly.
the class CSIV2IORToSocketInfo method getSSL.
private SSL getSSL(IOR ior) {
Iterator iter = ior.getProfile().getTaggedProfileTemplate().iteratorById(TAG_SSL_SEC_TRANS.value);
if (!iter.hasNext()) {
return null;
}
ORB orb = ior.getORB();
TaggedComponent compList = ((com.sun.corba.se.spi.ior.TaggedComponent) iter.next()).getIOPComponent(orb);
CDRInputStream in = doPrivileged(new PrivilegedAction<CDRInputStream>() {
@Override
public CDRInputStream run() {
return new EncapsInputStream(orb, compList.component_data, compList.component_data.length);
}
});
in.consumeEndian();
SSL ssl = SSLHelper.read(in);
boolean targetRequiresSsl = ssl.target_requires > 0;
boolean targetSupportsSsl = ssl.target_supports > 0;
if (!targetSupportsSsl && clientRequiresSsl) {
throw IIOPLogger.ROOT_LOGGER.serverDoesNotSupportSsl();
}
return targetSupportsSsl && (targetRequiresSsl || clientRequiresSsl) ? ssl : null;
}
use of org.omg.SSLIOP.SSL in project wildfly by wildfly.
the class CSIV2IORToSocketInfo method getSocketInfo.
public List getSocketInfo(IOR ior) {
List result = new ArrayList();
IIOPProfileTemplate iiopProfileTemplate = (IIOPProfileTemplate) ior.getProfile().getTaggedProfileTemplate();
IIOPAddress primary = iiopProfileTemplate.getPrimaryAddress();
String hostname = primary.getHost().toLowerCase(Locale.ENGLISH);
int primaryPort = primary.getPort();
// NOTE: we could check for 0 (i.e., CSIv2) but, for a
// non-CSIv2-configured client ORB talking to a CSIv2 configured
// server ORB you might end up with an empty contact info list
// which would then report a failure which would not be as
// instructive as leaving a ContactInfo with a 0 port in the list.
SocketInfo socketInfo;
TransportAddress sslAddress = selectSSLTransportAddress(ior);
SSL ssl = getSSL(ior);
if (sslAddress != null) {
socketInfo = createSSLSocketInfo(hostname, sslAddress.port);
} else if (ssl != null) {
socketInfo = createSSLSocketInfo(hostname, ssl.port);
} else {
// FIXME not all corba object export ssl port
// if (clientRequiresSsl) {
// throw new RuntimeException("Client requires SSL but target does not support it");
// }
socketInfo = createSocketInfo(hostname, primaryPort);
}
result.add(socketInfo);
addAlternateSocketInfos(iiopProfileTemplate, result);
return result;
}
Aggregations