Main Page | Packages | Class Hierarchy | Class List | File List | Class Members | Related Pages | Search for 
src / org / objectweb / jonas / security / iiop

Csiv2ClientInterceptor.java

00001 
00025 package org.objectweb.jonas.security.iiop;
00026 
00027 import java.io.IOException;
00028 import java.io.UnsupportedEncodingException;
00029 
00030 import org.omg.CORBA.Any;
00031 import org.omg.CORBA.BAD_PARAM;
00032 import org.omg.CSI.AuthorizationElement;
00033 import org.omg.CSI.EstablishContext;
00034 import org.omg.CSI.GSS_NT_ExportedNameHelper;
00035 import org.omg.CSI.IdentityToken;
00036 import org.omg.CSI.SASContextBody;
00037 import org.omg.CSI.SASContextBodyHelper;
00038 import org.omg.CSIIOP.CompoundSecMech;
00039 import org.omg.CSIIOP.CompoundSecMechList;
00040 import org.omg.CSIIOP.CompoundSecMechListHelper;
00041 import org.omg.CSIIOP.EstablishTrustInClient;
00042 import org.omg.CSIIOP.IdentityAssertion;
00043 import org.omg.CSIIOP.TAG_CSI_SEC_MECH_LIST;
00044 import org.omg.GSSUP.InitialContextToken;
00045 import org.omg.GSSUP.InitialContextTokenHelper;
00046 import org.omg.IOP.Codec;
00047 import org.omg.IOP.SecurityAttributeService;
00048 import org.omg.IOP.ServiceContext;
00049 import org.omg.IOP.TaggedComponent;
00050 import org.omg.IOP.CodecPackage.FormatMismatch;
00051 import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
00052 import org.omg.IOP.CodecPackage.TypeMismatch;
00053 import org.omg.PortableInterceptor.ClientRequestInfo;
00054 import org.omg.PortableInterceptor.ClientRequestInterceptor;
00055 import org.omg.PortableInterceptor.ForwardRequest;
00056 
00057 import org.objectweb.carol.util.csiv2.gss.GSSHelper;
00058 
00059 import org.objectweb.util.monolog.api.BasicLevel;
00060 import org.objectweb.util.monolog.api.Logger;
00061 
00071 public class Csiv2ClientInterceptor extends org.omg.CORBA.LocalObject implements ClientRequestInterceptor {
00072 
00076     private static final String NAME = "Csiv2ClientInterceptor";
00077 
00081     private Codec codec = null;
00082 
00086     private Logger logger = null;
00087 
00091     private Logger loggerDetails = null;
00092 
00099     public Csiv2ClientInterceptor(Codec codec, Logger logger, Logger loggerDetails) {
00100         this.codec = codec;
00101         this.logger = logger;
00102         this.loggerDetails = loggerDetails;
00103     }
00104 
00114     public void receive_exception(ClientRequestInfo ri) throws ForwardRequest {
00115 
00116     }
00117 
00127     public void receive_other(ClientRequestInfo ri) throws ForwardRequest {
00128 
00129     }
00130 
00138     public void receive_reply(ClientRequestInfo ri) {
00139 
00140     }
00141 
00147     public void send_poll(ClientRequestInfo ri) {
00148 
00149     }
00150 
00156     public void send_request(ClientRequestInfo ri) throws ForwardRequest {
00157 
00158         // Is there a TAG_CSI_SEC_MECH tagged component in the request ?
00159         TaggedComponent taggedComponent = null;
00160         try {
00161             taggedComponent = ri.get_effective_component(TAG_CSI_SEC_MECH_LIST.value);
00162             if (logger.isLoggable(BasicLevel.DEBUG)) {
00163                 logger.log(BasicLevel.DEBUG, "There is a TAG_CSI_SEC_MECH_LIST tagged component");
00164             }
00165 
00166         } catch (BAD_PARAM e) {
00167             if (loggerDetails.isLoggable(BasicLevel.DEBUG)) {
00168                 loggerDetails.log(BasicLevel.DEBUG, "No tagged component with id " + TAG_CSI_SEC_MECH_LIST.value);
00169             }
00170             return;
00171 
00172         }
00173 
00174         // Nothing to do if the component is not here
00175         if (taggedComponent == null) {
00176             return;
00177         }
00178 
00179 
00180         // Extract infos from the received TaggedComponent
00181         Any pAny = null;
00182         try {
00183             pAny = codec.decode_value(taggedComponent.component_data, CompoundSecMechListHelper.type());
00184         } catch (FormatMismatch fm) {
00185             logger.log(BasicLevel.ERROR, "Format mismatch while decoding value :" + fm.getMessage());
00186             return;
00187         } catch (TypeMismatch tm) {
00188             logger.log(BasicLevel.ERROR, "Type mismatch while decoding value :" + tm.getMessage());
00189             return;
00190         }
00191 
00192         // TODO : there can have several compound sech mech
00193         // For now, take first
00194         CompoundSecMechList compoundSecMechList = CompoundSecMechListHelper.extract(pAny);
00195         CompoundSecMech compoundSecMech = null;
00196         if (compoundSecMechList.mechanism_list.length > 0) {
00197             compoundSecMech = compoundSecMechList.mechanism_list[0];
00198         } else  {
00199             // no compound sec mech received !
00200             if (logger.isLoggable(BasicLevel.DEBUG)) {
00201                 logger.log(BasicLevel.DEBUG, "No coumpound sec mech in the list.");
00202             }
00203             return;
00204         }
00205 
00206 
00259         long clientContextId = Csiv2Const.STATELESS_CONTEXT_ID;
00260         AuthorizationElement[] withoutAuthorizationToken = new AuthorizationElement[0];
00261 
00262         IdentityToken identityToken = null;
00263 
00264         // Anonymous
00265         IdentityToken anonymousIdentityToken = new IdentityToken();
00266         anonymousIdentityToken.anonymous(true);
00267 
00268         // Absent
00269         IdentityToken absentIdentityToken = new IdentityToken();
00270         absentIdentityToken.absent(true);
00271 
00272 
00273         byte[] clientAuthenticationToken = Csiv2Const.EMPTY_BYTES;
00274 
00275 
00276         // Test what we need to send (depending of the support)
00277         // see 16-5.2 section
00278 
00279         // Client authentication token
00280         if ((compoundSecMech.as_context_mech.target_requires & EstablishTrustInClient.value) == EstablishTrustInClient.value) {
00281             pAny = null;
00282             try {
00283                 pAny = ORBHelper.getOrb().create_any();
00284             } catch (Csiv2InterceptorException csie) {
00285                 logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
00286                 return;
00287             }
00288             InitialContextToken initialContextToken = null;
00289             try {
00290                 initialContextToken = SecurityContextHelper.getInstance().getInitialContextToken();
00291             } catch (UnsupportedEncodingException uee) {
00292                 logger.log(BasicLevel.ERROR, "Unsupported encoding for UTF8" + uee.getMessage());
00293                 return;
00294             }
00295             InitialContextTokenHelper.insert(pAny, initialContextToken);
00296             byte[] contextData = null;
00297 
00298             try {
00299                 contextData = codec.encode_value(pAny);
00300             } catch (InvalidTypeForEncoding itfe) {
00301                 logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
00302                 return;
00303             }
00304 
00305             try {
00306                 clientAuthenticationToken = GSSHelper.encodeToken(contextData);
00307             } catch (IOException ioe) {
00308                 logger.log(BasicLevel.ERROR, "Cannot encode client authentication token : " + ioe.getMessage());
00309                 return;
00310             }
00311         }
00312 
00313 
00314         // Identity token case
00315         if ((compoundSecMech.sas_context_mech.target_supports & IdentityAssertion.value) == IdentityAssertion.value) {
00316             pAny = null;
00317             try {
00318                 pAny = ORBHelper.getOrb().create_any();
00319             } catch (Csiv2InterceptorException csie) {
00320                 logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
00321                 return;
00322             }
00323 
00324 
00325             // Insert username
00326             String identity = SecurityContextHelper.getInstance().getIdentityToken();
00327             byte[] name = GSSHelper.encodeExported(identity);
00328             byte[] principalName = null;
00329             GSS_NT_ExportedNameHelper.insert(pAny, name);
00330             try {
00331                 principalName = codec.encode_value(pAny);
00332             } catch (InvalidTypeForEncoding itfe) {
00333                 logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
00334                 return;
00335             }
00336 
00337 
00338             // Put name in the token
00339             identityToken = new IdentityToken();
00340             identityToken.principal_name(principalName);
00341 
00342         }
00343 
00344         // No identity was set (principal name), so use absent identity
00345         if (identityToken == null) {
00346             identityToken = absentIdentityToken;
00347         }
00348 
00349         // if absent and no client auth token, don't do anything
00350         if (identityToken == absentIdentityToken && clientAuthenticationToken == Csiv2Const.EMPTY_BYTES) {
00351             return;
00352         }
00353 
00354 
00355         EstablishContext establishContext = new EstablishContext(clientContextId, withoutAuthorizationToken,
00356                 identityToken, clientAuthenticationToken);
00357 
00358 
00359 
00360 
00361 
00375         try {
00376             pAny = ORBHelper.getOrb().create_any();
00377         } catch (Csiv2InterceptorException csie) {
00378             logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
00379             return;
00380         }
00381 
00382         // Generate contextData of service context with EstablishContext
00383         SASContextBody sasContextBody = new SASContextBody();
00384         sasContextBody.establish_msg(establishContext);
00385         SASContextBodyHelper.insert(pAny, sasContextBody);
00386         byte[] contextData = null;
00387 
00388         try {
00389             contextData = codec.encode_value(pAny);
00390         } catch (InvalidTypeForEncoding itfe) {
00391             logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
00392             return;
00393         }
00394 
00395         // build service context and add it
00396         ServiceContext serviceContext = new ServiceContext(SecurityAttributeService.value, contextData);
00397         ri.add_request_service_context(serviceContext, Csiv2Const.REPLACE_SECURITY_ATTRIBUTE_SERVICE);
00398 
00399     }
00400 
00404     public void destroy() {
00405         // TODO Auto-generated method stub
00406 
00407     }
00408 
00413     public String name() {
00414         return NAME;
00415     }
00416 
00417 }
Generated on Tue Feb 15 15:05:21 2005 for JOnAS by  doxygen 1.3.9.1