Main Page | Packages | Class Hierarchy | Class List | File List | Class Members | Related Pages | Search for 
src / org / objectweb / jonas / security / iiop

Csiv2IorInterceptor.java

00001 
00025 package org.objectweb.jonas.security.iiop;
00026 
00027 import java.rmi.Remote;
00028 
00029 import javax.rmi.CORBA.Tie;
00030 
00031 import org.jacorb.orb.iiop.IIOPProfile;
00032 import org.jacorb.poa.RequestProcessor;
00033 import org.omg.CORBA.Any;
00034 import org.omg.CORBA.INV_POLICY;
00035 import org.omg.CSIIOP.AS_ContextSec;
00036 import org.omg.CSIIOP.CompoundSecMech;
00037 import org.omg.CSIIOP.CompoundSecMechList;
00038 import org.omg.CSIIOP.CompoundSecMechListHelper;
00039 import org.omg.CSIIOP.DetectMisordering;
00040 import org.omg.CSIIOP.DetectReplay;
00041 import org.omg.CSIIOP.Integrity;
00042 import org.omg.CSIIOP.SAS_ContextSec;
00043 import org.omg.CSIIOP.ServiceConfiguration;
00044 import org.omg.CSIIOP.TAG_CSI_SEC_MECH_LIST;
00045 import org.omg.CSIIOP.TAG_NULL_TAG;
00046 import org.omg.CSIIOP.TAG_TLS_SEC_TRANS;
00047 import org.omg.CSIIOP.TLS_SEC_TRANS;
00048 import org.omg.CSIIOP.TLS_SEC_TRANSHelper;
00049 import org.omg.IOP.Codec;
00050 import org.omg.IOP.TAG_INTERNET_IOP;
00051 import org.omg.IOP.TaggedComponent;
00052 import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
00053 import org.omg.PortableInterceptor.IORInfo;
00054 import org.omg.PortableServer.Servant;
00055 import org.omg.SSLIOP.SSL;
00056 import org.omg.SSLIOP.SSLHelper;
00057 import org.omg.SSLIOP.TAG_SSL_SEC_TRANS;
00058 
00059 import org.objectweb.carol.util.csiv2.SasComponent;
00060 import org.objectweb.carol.util.csiv2.SasPolicy;
00061 import org.objectweb.carol.util.csiv2.struct.AsStruct;
00062 import org.objectweb.carol.util.csiv2.struct.SasStruct;
00063 import org.objectweb.carol.util.csiv2.struct.TransportStruct;
00064 
00065 import org.objectweb.jonas_ejb.container.JHome;
00066 import org.objectweb.jonas_ejb.container.JRemote;
00067 import org.objectweb.jonas_ejb.deployment.api.BeanDesc;
00068 
00069 import org.objectweb.util.monolog.api.BasicLevel;
00070 import org.objectweb.util.monolog.api.Logger;
00071 
00078 public class Csiv2IorInterceptor extends org.omg.CORBA.LocalObject implements
00079         org.omg.PortableInterceptor.IORInterceptor {
00080 
00084     private static final String NAME = "Csiv2IorInterceptor";
00085 
00089     private Codec codec = null;
00090 
00094     private Logger logger = null;
00095 
00099     private Logger loggerDetails = null;
00100 
00107     public Csiv2IorInterceptor(Codec codec, Logger logger, Logger loggerDetails) {
00108         this.codec = codec;
00109         this.logger = logger;
00110         this.loggerDetails = loggerDetails;
00111     }
00112 
00119     public void establish_components(IORInfo info) {
00120         SasPolicy sasPolicy = null;
00121         SasComponent sasComponent = null;
00122 
00123         try {
00124             sasPolicy = (SasPolicy) info.get_effective_policy(SasPolicy.POLICY_TYPE);
00125 
00126             // build CSiv2 tagged component as required by spec
00127             // 16.3.1 compound mechnaisms [62] and 16.5.1 [132]
00128             TaggedComponent taggedComponent = null;
00129 
00130             if (sasPolicy != null) {
00131                 sasComponent = sasPolicy.getSasComponent();
00132             } else {
00133                 // It may be a remote interface
00134                 Thread currentThread = Thread.currentThread();
00135                 if (!(currentThread instanceof RequestProcessor)) {
00136                     return;
00137                 }
00138                 RequestProcessor rp = (RequestProcessor) currentThread;
00139                 Servant servant = rp.getServant();
00140                 if (servant == null) {
00141                     return;
00142                 }
00143                 Tie tie = null;
00144                 if (!(servant instanceof Tie)) {
00145                     return;
00146                 }
00147                 tie = (Tie) servant;
00148                 Remote target = tie.getTarget();
00149                 if (target == null) {
00150                     return;
00151                 }
00152 
00153                 if (!(target instanceof JHome) && !(target instanceof JRemote)) {
00154                     return;
00155                 }
00156                 BeanDesc bd = null;
00157                 if (target instanceof JHome) {
00158                     bd = ((JHome) target).getDd();
00159                 } else if (target instanceof JRemote) {
00160                     bd =  ((JRemote) target).getBf().getDeploymentDescriptor();
00161                 }
00162                 sasComponent = bd.getSasComponent();
00163             }
00164 
00165             if (sasComponent == null) {
00166                 loggerDetails.log(BasicLevel.DEBUG, "No Sas component was found, will not write any infos into IOR.");
00167                 return;
00168             }
00169 
00170             try {
00171 
00172                 taggedComponent = buildCSIv2Component(sasComponent);
00173 
00174                 // And add it into the ior
00175                 info.add_ior_component_to_profile(taggedComponent, TAG_INTERNET_IOP.value);
00176 
00177             } catch (Csiv2InterceptorException cie) {
00178                 logger.log(BasicLevel.ERROR, "Cannot build Csiv2 component, cannot add it. Component = "
00179                         + taggedComponent);
00180             }
00181 
00182         } catch (INV_POLICY e) {
00183             if (logger.isLoggable(BasicLevel.DEBUG)) {
00184                 logger.log(BasicLevel.DEBUG, "No policy found");
00185             }
00186 
00187         } finally {
00188 
00189             // Add SSL
00190             if (sasComponent != null) {
00191                 // Need to patch profile port if SSL (port should be 0)
00192                 TransportStruct transportStruct = sasComponent.getTransport();
00193                 if (transportStruct.getTargetRequires() > 0) {
00194                     org.omg.ETF.Profile profile = ((org.jacorb.orb.portableInterceptor.IORInfoImpl) info).get_profile(0);
00195                     if (profile instanceof IIOPProfile) {
00196                         logger.log(BasicLevel.DEBUG, "Set port to 0");
00197                         ((IIOPProfile) profile).patchPrimaryAddress(null, 0);
00198                     }
00199                 }
00200             }
00201 
00202             try {
00203                 info.add_ior_component_to_profile(buildSslTaggedComponent(sasComponent), TAG_INTERNET_IOP.value);
00204             } catch (Csiv2InterceptorException cie) {
00205                 logger.log(BasicLevel.ERROR, "Cannot add SSL tagged component" + cie.getMessage(), cie);
00206             }
00207 
00208 
00209         }
00210 
00211 
00212     }
00213 
00217     public void destroy() {
00218     }
00219 
00224     public String name() {
00225         return NAME;
00226     }
00227 
00254     private TaggedComponent buildCSIv2Component(SasComponent sasComponent) throws Csiv2InterceptorException {
00255         if (logger.isLoggable(BasicLevel.DEBUG)) {
00256             logger.log(BasicLevel.DEBUG, "");
00257         }
00258 
00259         // @see 16.5.1 [132] SecMechList
00260         // build list of compound_sec_mech
00261         CompoundSecMech[] mechanismList = buildCompoundSecMechs(sasComponent);
00262         CompoundSecMechList compoundSecMechList = new CompoundSecMechList(Csiv2Const.STATEFUL_MODE, mechanismList);
00263 
00264 
00265         // use Any object
00266         Any pAny = ORBHelper.getOrb().create_any();
00267         CompoundSecMechListHelper.insert(pAny, compoundSecMechList);
00268         byte[] componentData = null;
00269         try {
00270             componentData = codec.encode_value(pAny);
00271         } catch (InvalidTypeForEncoding itfe) {
00272             throw new Csiv2InterceptorException("Cannot encode a given any corba object", itfe);
00273         }
00274 
00275         // Create tagged component TAG_CSI_SEC_MECH_LIST
00276         TaggedComponent taggedComponent = new TaggedComponent(TAG_CSI_SEC_MECH_LIST.value, componentData);
00277 
00278         return taggedComponent;
00279     }
00280 
00294     private CompoundSecMech[] buildCompoundSecMechs(SasComponent sasComponent) throws Csiv2InterceptorException {
00295         if (logger.isLoggable(BasicLevel.DEBUG)) {
00296             logger.log(BasicLevel.DEBUG, "");
00297         }
00298 
00299         // build transport_mech
00300         TaggedComponent transportMech = buildTransportMech(sasComponent);
00301 
00302         // build as_context_mech
00303         AS_ContextSec asContextMech = buildAsContextMech(sasComponent);
00304 
00305         // build sas_context_mech
00306         SAS_ContextSec sasContextMech = buildSasContextMech(sasComponent);
00307 
00308         // See [135]
00309         // The target_requires field of the CompoundSecMech structure is used to
00310         // designate a required outcome that shall be satisfied by one or more
00311         // supporting (but not requiring) layers. The target_requires field also
00312         // represents all the options required independently by the various
00313         // layers as defined within the mechanism.
00314         short targetRequires = (short) (sasComponent.getTransport().getTargetRequires() | asContextMech.target_requires | sasContextMech.target_requires);
00315 
00316         // Only one compound sec mech
00317         CompoundSecMech[] compoundSecMechs = new CompoundSecMech[1];
00318         compoundSecMechs[0] = new CompoundSecMech(targetRequires, transportMech, asContextMech, sasContextMech);
00319 
00320         // return objects
00321         return compoundSecMechs;
00322     }
00323 
00330     private TaggedComponent buildTransportMech(SasComponent sasComponent) throws Csiv2InterceptorException {
00331 
00332         TaggedComponent taggedComponent = null;
00333 
00334         TransportStruct transportStruct = sasComponent.getTransport();
00335 
00336         if (transportStruct.getTargetSupports() == 0 && transportStruct.getTargetRequires() == 0) {
00337             // TAG_NULL_TAG [150] This new tagged component is used in the
00338             // transport_mech field of a CompoundSecMech structure to indicate that
00339             // the compound mechanism does not implement security functionality at
00340             // the transport layer.
00341 
00342             return new TaggedComponent(TAG_NULL_TAG.value, Csiv2Const.EMPTY_BYTES);
00343         }
00344 
00349         TLS_SEC_TRANS tlsSecTrans = new TLS_SEC_TRANS(transportStruct.getTargetSupports(), transportStruct.getTargetRequires(), transportStruct.getTransportAddress());
00350 
00351         // use Any object
00352         Any pAny = ORBHelper.getOrb().create_any();
00353         TLS_SEC_TRANSHelper.insert(pAny, tlsSecTrans);
00354         byte[] componentData = null;
00355         try {
00356             componentData = codec.encode_value(pAny);
00357         } catch (InvalidTypeForEncoding itfe) {
00358             throw new Csiv2InterceptorException("Cannot encode a given any corba object", itfe);
00359         }
00360 
00361         // Create tagged component TAG_CSI_SEC_MECH_LIST
00362         taggedComponent = new TaggedComponent(TAG_TLS_SEC_TRANS.value, componentData);
00363 
00364         return taggedComponent;
00365     }
00366 
00373     private TaggedComponent buildSslTaggedComponent(SasComponent sasComponent) throws Csiv2InterceptorException {
00374 
00375         SSL ssl = null;
00376         int minSSlOptions = Integrity.value | DetectReplay.value | DetectMisordering.value;
00377         if (sasComponent != null) {
00378             TransportStruct transportStruct = sasComponent.getTransport();
00379 
00380             ssl = new SSL(transportStruct.getTargetSupports(), transportStruct.getTargetRequires(), (short) transportStruct.getSslPort());
00381         } else {
00382             ssl = new SSL((short) minSSlOptions, (short) 0, (short) TransportStruct.DEFAULT_SSL_PORT);
00383         }
00384 
00385         // use Any object
00386         Any pAny = ORBHelper.getOrb().create_any();
00387         SSLHelper.insert(pAny, ssl);
00388         byte[] componentData = null;
00389         try {
00390             componentData = codec.encode_value(pAny);
00391         } catch (InvalidTypeForEncoding itfe) {
00392             throw new Csiv2InterceptorException("Cannot encode a given any corba object", itfe);
00393         }
00394         return new TaggedComponent(TAG_SSL_SEC_TRANS.value, componentData);
00395 
00396     }
00397 
00398 
00399 
00400 
00406     private AS_ContextSec buildAsContextMech(SasComponent sasComponent) {
00407 
00408         AsStruct asStruct = sasComponent.getAs();
00409 
00410         // The asStruct object could be for authenticated or no authenticated
00411         AS_ContextSec asContextMech = new AS_ContextSec(asStruct.getTargetSupports(), asStruct
00412                 .getTargetRequires(), asStruct.getClientAuthenticationMech(), asStruct.getTargetName());
00413 
00414         return asContextMech;
00415 
00416     }
00417 
00423     private SAS_ContextSec buildSasContextMech(SasComponent sasComponent) {
00424 
00425         SasStruct sasStruct = sasComponent.getSas();
00426 
00434         ServiceConfiguration[] privilegeAuthorities = new ServiceConfiguration[0];
00435 
00436         byte[][] supportedNamingMechanisms = sasStruct.getSupportedNamingMechanisms();
00437         if (logger.isLoggable(BasicLevel.DEBUG)) {
00438             logger.log(BasicLevel.DEBUG, "supported mechanisms = " + supportedNamingMechanisms + " and identity = "
00439                     + sasStruct.getSupportedIdentityTypes());
00440             logger.log(BasicLevel.DEBUG, "supported mechanisms size= " + supportedNamingMechanisms.length);
00441             logger.log(BasicLevel.DEBUG, "target supports= " + sasStruct.getTargetSupports());
00442         }
00453         // should be ITTPrincipalName if supported
00454         int supportedIdentityTypes = sasStruct.getSupportedIdentityTypes();
00455 
00456         // build sas context with info of the given object.
00457         SAS_ContextSec sasContextMech = new SAS_ContextSec(sasStruct.getTargetSupports(),
00458                 sasStruct.getTargetRequires(), privilegeAuthorities, supportedNamingMechanisms, supportedIdentityTypes);
00459 
00460         return sasContextMech;
00461     }
00462 
00463 
00464 
00465 }
Generated on Tue Feb 15 15:05:21 2005 for JOnAS by  doxygen 1.3.9.1