00001
00025 package org.objectweb.jonas.security.iiop;
00026
00027 import java.io.IOException;
00028 import java.io.UnsupportedEncodingException;
00029
00030 import org.omg.CORBA.Any;
00031 import org.omg.CORBA.BAD_PARAM;
00032 import org.omg.CSI.AuthorizationElement;
00033 import org.omg.CSI.EstablishContext;
00034 import org.omg.CSI.GSS_NT_ExportedNameHelper;
00035 import org.omg.CSI.IdentityToken;
00036 import org.omg.CSI.SASContextBody;
00037 import org.omg.CSI.SASContextBodyHelper;
00038 import org.omg.CSIIOP.CompoundSecMech;
00039 import org.omg.CSIIOP.CompoundSecMechList;
00040 import org.omg.CSIIOP.CompoundSecMechListHelper;
00041 import org.omg.CSIIOP.EstablishTrustInClient;
00042 import org.omg.CSIIOP.IdentityAssertion;
00043 import org.omg.CSIIOP.TAG_CSI_SEC_MECH_LIST;
00044 import org.omg.GSSUP.InitialContextToken;
00045 import org.omg.GSSUP.InitialContextTokenHelper;
00046 import org.omg.IOP.Codec;
00047 import org.omg.IOP.SecurityAttributeService;
00048 import org.omg.IOP.ServiceContext;
00049 import org.omg.IOP.TaggedComponent;
00050 import org.omg.IOP.CodecPackage.FormatMismatch;
00051 import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
00052 import org.omg.IOP.CodecPackage.TypeMismatch;
00053 import org.omg.PortableInterceptor.ClientRequestInfo;
00054 import org.omg.PortableInterceptor.ClientRequestInterceptor;
00055 import org.omg.PortableInterceptor.ForwardRequest;
00056
00057 import org.objectweb.carol.util.csiv2.gss.GSSHelper;
00058
00059 import org.objectweb.util.monolog.api.BasicLevel;
00060 import org.objectweb.util.monolog.api.Logger;
00061
00071 public class Csiv2ClientInterceptor extends org.omg.CORBA.LocalObject implements ClientRequestInterceptor {
00072
00076 private static final String NAME = "Csiv2ClientInterceptor";
00077
00081 private Codec codec = null;
00082
00086 private Logger logger = null;
00087
00091 private Logger loggerDetails = null;
00092
00099 public Csiv2ClientInterceptor(Codec codec, Logger logger, Logger loggerDetails) {
00100 this.codec = codec;
00101 this.logger = logger;
00102 this.loggerDetails = loggerDetails;
00103 }
00104
00114 public void receive_exception(ClientRequestInfo ri) throws ForwardRequest {
00115
00116 }
00117
00127 public void receive_other(ClientRequestInfo ri) throws ForwardRequest {
00128
00129 }
00130
00138 public void receive_reply(ClientRequestInfo ri) {
00139
00140 }
00141
00147 public void send_poll(ClientRequestInfo ri) {
00148
00149 }
00150
00156 public void send_request(ClientRequestInfo ri) throws ForwardRequest {
00157
00158
00159 TaggedComponent taggedComponent = null;
00160 try {
00161 taggedComponent = ri.get_effective_component(TAG_CSI_SEC_MECH_LIST.value);
00162 if (logger.isLoggable(BasicLevel.DEBUG)) {
00163 logger.log(BasicLevel.DEBUG, "There is a TAG_CSI_SEC_MECH_LIST tagged component");
00164 }
00165
00166 } catch (BAD_PARAM e) {
00167 if (loggerDetails.isLoggable(BasicLevel.DEBUG)) {
00168 loggerDetails.log(BasicLevel.DEBUG, "No tagged component with id " + TAG_CSI_SEC_MECH_LIST.value);
00169 }
00170 return;
00171
00172 }
00173
00174
00175 if (taggedComponent == null) {
00176 return;
00177 }
00178
00179
00180
00181 Any pAny = null;
00182 try {
00183 pAny = codec.decode_value(taggedComponent.component_data, CompoundSecMechListHelper.type());
00184 } catch (FormatMismatch fm) {
00185 logger.log(BasicLevel.ERROR, "Format mismatch while decoding value :" + fm.getMessage());
00186 return;
00187 } catch (TypeMismatch tm) {
00188 logger.log(BasicLevel.ERROR, "Type mismatch while decoding value :" + tm.getMessage());
00189 return;
00190 }
00191
00192
00193
00194 CompoundSecMechList compoundSecMechList = CompoundSecMechListHelper.extract(pAny);
00195 CompoundSecMech compoundSecMech = null;
00196 if (compoundSecMechList.mechanism_list.length > 0) {
00197 compoundSecMech = compoundSecMechList.mechanism_list[0];
00198 } else {
00199
00200 if (logger.isLoggable(BasicLevel.DEBUG)) {
00201 logger.log(BasicLevel.DEBUG, "No coumpound sec mech in the list.");
00202 }
00203 return;
00204 }
00205
00206
00259 long clientContextId = Csiv2Const.STATELESS_CONTEXT_ID;
00260 AuthorizationElement[] withoutAuthorizationToken = new AuthorizationElement[0];
00261
00262 IdentityToken identityToken = null;
00263
00264
00265 IdentityToken anonymousIdentityToken = new IdentityToken();
00266 anonymousIdentityToken.anonymous(true);
00267
00268
00269 IdentityToken absentIdentityToken = new IdentityToken();
00270 absentIdentityToken.absent(true);
00271
00272
00273 byte[] clientAuthenticationToken = Csiv2Const.EMPTY_BYTES;
00274
00275
00276
00277
00278
00279
00280 if ((compoundSecMech.as_context_mech.target_requires & EstablishTrustInClient.value) == EstablishTrustInClient.value) {
00281 pAny = null;
00282 try {
00283 pAny = ORBHelper.getOrb().create_any();
00284 } catch (Csiv2InterceptorException csie) {
00285 logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
00286 return;
00287 }
00288 InitialContextToken initialContextToken = null;
00289 try {
00290 initialContextToken = SecurityContextHelper.getInstance().getInitialContextToken();
00291 } catch (UnsupportedEncodingException uee) {
00292 logger.log(BasicLevel.ERROR, "Unsupported encoding for UTF8" + uee.getMessage());
00293 return;
00294 }
00295 InitialContextTokenHelper.insert(pAny, initialContextToken);
00296 byte[] contextData = null;
00297
00298 try {
00299 contextData = codec.encode_value(pAny);
00300 } catch (InvalidTypeForEncoding itfe) {
00301 logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
00302 return;
00303 }
00304
00305 try {
00306 clientAuthenticationToken = GSSHelper.encodeToken(contextData);
00307 } catch (IOException ioe) {
00308 logger.log(BasicLevel.ERROR, "Cannot encode client authentication token : " + ioe.getMessage());
00309 return;
00310 }
00311 }
00312
00313
00314
00315 if ((compoundSecMech.sas_context_mech.target_supports & IdentityAssertion.value) == IdentityAssertion.value) {
00316 pAny = null;
00317 try {
00318 pAny = ORBHelper.getOrb().create_any();
00319 } catch (Csiv2InterceptorException csie) {
00320 logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
00321 return;
00322 }
00323
00324
00325
00326 String identity = SecurityContextHelper.getInstance().getIdentityToken();
00327 byte[] name = GSSHelper.encodeExported(identity);
00328 byte[] principalName = null;
00329 GSS_NT_ExportedNameHelper.insert(pAny, name);
00330 try {
00331 principalName = codec.encode_value(pAny);
00332 } catch (InvalidTypeForEncoding itfe) {
00333 logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
00334 return;
00335 }
00336
00337
00338
00339 identityToken = new IdentityToken();
00340 identityToken.principal_name(principalName);
00341
00342 }
00343
00344
00345 if (identityToken == null) {
00346 identityToken = absentIdentityToken;
00347 }
00348
00349
00350 if (identityToken == absentIdentityToken && clientAuthenticationToken == Csiv2Const.EMPTY_BYTES) {
00351 return;
00352 }
00353
00354
00355 EstablishContext establishContext = new EstablishContext(clientContextId, withoutAuthorizationToken,
00356 identityToken, clientAuthenticationToken);
00357
00358
00359
00360
00361
00375 try {
00376 pAny = ORBHelper.getOrb().create_any();
00377 } catch (Csiv2InterceptorException csie) {
00378 logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
00379 return;
00380 }
00381
00382
00383 SASContextBody sasContextBody = new SASContextBody();
00384 sasContextBody.establish_msg(establishContext);
00385 SASContextBodyHelper.insert(pAny, sasContextBody);
00386 byte[] contextData = null;
00387
00388 try {
00389 contextData = codec.encode_value(pAny);
00390 } catch (InvalidTypeForEncoding itfe) {
00391 logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
00392 return;
00393 }
00394
00395
00396 ServiceContext serviceContext = new ServiceContext(SecurityAttributeService.value, contextData);
00397 ri.add_request_service_context(serviceContext, Csiv2Const.REPLACE_SECURITY_ATTRIBUTE_SERVICE);
00398
00399 }
00400
00404 public void destroy() {
00405
00406
00407 }
00408
00413 public String name() {
00414 return NAME;
00415 }
00416
00417 }