00001
00025 package org.objectweb.jonas.security.iiop;
00026
00027 import java.rmi.Remote;
00028
00029 import javax.rmi.CORBA.Tie;
00030
00031 import org.jacorb.orb.iiop.IIOPProfile;
00032 import org.jacorb.poa.RequestProcessor;
00033 import org.omg.CORBA.Any;
00034 import org.omg.CORBA.INV_POLICY;
00035 import org.omg.CSIIOP.AS_ContextSec;
00036 import org.omg.CSIIOP.CompoundSecMech;
00037 import org.omg.CSIIOP.CompoundSecMechList;
00038 import org.omg.CSIIOP.CompoundSecMechListHelper;
00039 import org.omg.CSIIOP.DetectMisordering;
00040 import org.omg.CSIIOP.DetectReplay;
00041 import org.omg.CSIIOP.Integrity;
00042 import org.omg.CSIIOP.SAS_ContextSec;
00043 import org.omg.CSIIOP.ServiceConfiguration;
00044 import org.omg.CSIIOP.TAG_CSI_SEC_MECH_LIST;
00045 import org.omg.CSIIOP.TAG_NULL_TAG;
00046 import org.omg.CSIIOP.TAG_TLS_SEC_TRANS;
00047 import org.omg.CSIIOP.TLS_SEC_TRANS;
00048 import org.omg.CSIIOP.TLS_SEC_TRANSHelper;
00049 import org.omg.IOP.Codec;
00050 import org.omg.IOP.TAG_INTERNET_IOP;
00051 import org.omg.IOP.TaggedComponent;
00052 import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
00053 import org.omg.PortableInterceptor.IORInfo;
00054 import org.omg.PortableServer.Servant;
00055 import org.omg.SSLIOP.SSL;
00056 import org.omg.SSLIOP.SSLHelper;
00057 import org.omg.SSLIOP.TAG_SSL_SEC_TRANS;
00058
00059 import org.objectweb.carol.util.csiv2.SasComponent;
00060 import org.objectweb.carol.util.csiv2.SasPolicy;
00061 import org.objectweb.carol.util.csiv2.struct.AsStruct;
00062 import org.objectweb.carol.util.csiv2.struct.SasStruct;
00063 import org.objectweb.carol.util.csiv2.struct.TransportStruct;
00064
00065 import org.objectweb.jonas_ejb.container.JHome;
00066 import org.objectweb.jonas_ejb.container.JRemote;
00067 import org.objectweb.jonas_ejb.deployment.api.BeanDesc;
00068
00069 import org.objectweb.util.monolog.api.BasicLevel;
00070 import org.objectweb.util.monolog.api.Logger;
00071
00078 public class Csiv2IorInterceptor extends org.omg.CORBA.LocalObject implements
00079 org.omg.PortableInterceptor.IORInterceptor {
00080
00084 private static final String NAME = "Csiv2IorInterceptor";
00085
00089 private Codec codec = null;
00090
00094 private Logger logger = null;
00095
00099 private Logger loggerDetails = null;
00100
00107 public Csiv2IorInterceptor(Codec codec, Logger logger, Logger loggerDetails) {
00108 this.codec = codec;
00109 this.logger = logger;
00110 this.loggerDetails = loggerDetails;
00111 }
00112
00119 public void establish_components(IORInfo info) {
00120 SasPolicy sasPolicy = null;
00121 SasComponent sasComponent = null;
00122
00123 try {
00124 sasPolicy = (SasPolicy) info.get_effective_policy(SasPolicy.POLICY_TYPE);
00125
00126
00127
00128 TaggedComponent taggedComponent = null;
00129
00130 if (sasPolicy != null) {
00131 sasComponent = sasPolicy.getSasComponent();
00132 } else {
00133
00134 Thread currentThread = Thread.currentThread();
00135 if (!(currentThread instanceof RequestProcessor)) {
00136 return;
00137 }
00138 RequestProcessor rp = (RequestProcessor) currentThread;
00139 Servant servant = rp.getServant();
00140 if (servant == null) {
00141 return;
00142 }
00143 Tie tie = null;
00144 if (!(servant instanceof Tie)) {
00145 return;
00146 }
00147 tie = (Tie) servant;
00148 Remote target = tie.getTarget();
00149 if (target == null) {
00150 return;
00151 }
00152
00153 if (!(target instanceof JHome) && !(target instanceof JRemote)) {
00154 return;
00155 }
00156 BeanDesc bd = null;
00157 if (target instanceof JHome) {
00158 bd = ((JHome) target).getDd();
00159 } else if (target instanceof JRemote) {
00160 bd = ((JRemote) target).getBf().getDeploymentDescriptor();
00161 }
00162 sasComponent = bd.getSasComponent();
00163 }
00164
00165 if (sasComponent == null) {
00166 loggerDetails.log(BasicLevel.DEBUG, "No Sas component was found, will not write any infos into IOR.");
00167 return;
00168 }
00169
00170 try {
00171
00172 taggedComponent = buildCSIv2Component(sasComponent);
00173
00174
00175 info.add_ior_component_to_profile(taggedComponent, TAG_INTERNET_IOP.value);
00176
00177 } catch (Csiv2InterceptorException cie) {
00178 logger.log(BasicLevel.ERROR, "Cannot build Csiv2 component, cannot add it. Component = "
00179 + taggedComponent);
00180 }
00181
00182 } catch (INV_POLICY e) {
00183 if (logger.isLoggable(BasicLevel.DEBUG)) {
00184 logger.log(BasicLevel.DEBUG, "No policy found");
00185 }
00186
00187 } finally {
00188
00189
00190 if (sasComponent != null) {
00191
00192 TransportStruct transportStruct = sasComponent.getTransport();
00193 if (transportStruct.getTargetRequires() > 0) {
00194 org.omg.ETF.Profile profile = ((org.jacorb.orb.portableInterceptor.IORInfoImpl) info).get_profile(0);
00195 if (profile instanceof IIOPProfile) {
00196 logger.log(BasicLevel.DEBUG, "Set port to 0");
00197 ((IIOPProfile) profile).patchPrimaryAddress(null, 0);
00198 }
00199 }
00200 }
00201
00202 try {
00203 info.add_ior_component_to_profile(buildSslTaggedComponent(sasComponent), TAG_INTERNET_IOP.value);
00204 } catch (Csiv2InterceptorException cie) {
00205 logger.log(BasicLevel.ERROR, "Cannot add SSL tagged component" + cie.getMessage(), cie);
00206 }
00207
00208
00209 }
00210
00211
00212 }
00213
00217 public void destroy() {
00218 }
00219
00224 public String name() {
00225 return NAME;
00226 }
00227
00254 private TaggedComponent buildCSIv2Component(SasComponent sasComponent) throws Csiv2InterceptorException {
00255 if (logger.isLoggable(BasicLevel.DEBUG)) {
00256 logger.log(BasicLevel.DEBUG, "");
00257 }
00258
00259
00260
00261 CompoundSecMech[] mechanismList = buildCompoundSecMechs(sasComponent);
00262 CompoundSecMechList compoundSecMechList = new CompoundSecMechList(Csiv2Const.STATEFUL_MODE, mechanismList);
00263
00264
00265
00266 Any pAny = ORBHelper.getOrb().create_any();
00267 CompoundSecMechListHelper.insert(pAny, compoundSecMechList);
00268 byte[] componentData = null;
00269 try {
00270 componentData = codec.encode_value(pAny);
00271 } catch (InvalidTypeForEncoding itfe) {
00272 throw new Csiv2InterceptorException("Cannot encode a given any corba object", itfe);
00273 }
00274
00275
00276 TaggedComponent taggedComponent = new TaggedComponent(TAG_CSI_SEC_MECH_LIST.value, componentData);
00277
00278 return taggedComponent;
00279 }
00280
00294 private CompoundSecMech[] buildCompoundSecMechs(SasComponent sasComponent) throws Csiv2InterceptorException {
00295 if (logger.isLoggable(BasicLevel.DEBUG)) {
00296 logger.log(BasicLevel.DEBUG, "");
00297 }
00298
00299
00300 TaggedComponent transportMech = buildTransportMech(sasComponent);
00301
00302
00303 AS_ContextSec asContextMech = buildAsContextMech(sasComponent);
00304
00305
00306 SAS_ContextSec sasContextMech = buildSasContextMech(sasComponent);
00307
00308
00309
00310
00311
00312
00313
00314 short targetRequires = (short) (sasComponent.getTransport().getTargetRequires() | asContextMech.target_requires | sasContextMech.target_requires);
00315
00316
00317 CompoundSecMech[] compoundSecMechs = new CompoundSecMech[1];
00318 compoundSecMechs[0] = new CompoundSecMech(targetRequires, transportMech, asContextMech, sasContextMech);
00319
00320
00321 return compoundSecMechs;
00322 }
00323
00330 private TaggedComponent buildTransportMech(SasComponent sasComponent) throws Csiv2InterceptorException {
00331
00332 TaggedComponent taggedComponent = null;
00333
00334 TransportStruct transportStruct = sasComponent.getTransport();
00335
00336 if (transportStruct.getTargetSupports() == 0 && transportStruct.getTargetRequires() == 0) {
00337
00338
00339
00340
00341
00342 return new TaggedComponent(TAG_NULL_TAG.value, Csiv2Const.EMPTY_BYTES);
00343 }
00344
00349 TLS_SEC_TRANS tlsSecTrans = new TLS_SEC_TRANS(transportStruct.getTargetSupports(), transportStruct.getTargetRequires(), transportStruct.getTransportAddress());
00350
00351
00352 Any pAny = ORBHelper.getOrb().create_any();
00353 TLS_SEC_TRANSHelper.insert(pAny, tlsSecTrans);
00354 byte[] componentData = null;
00355 try {
00356 componentData = codec.encode_value(pAny);
00357 } catch (InvalidTypeForEncoding itfe) {
00358 throw new Csiv2InterceptorException("Cannot encode a given any corba object", itfe);
00359 }
00360
00361
00362 taggedComponent = new TaggedComponent(TAG_TLS_SEC_TRANS.value, componentData);
00363
00364 return taggedComponent;
00365 }
00366
00373 private TaggedComponent buildSslTaggedComponent(SasComponent sasComponent) throws Csiv2InterceptorException {
00374
00375 SSL ssl = null;
00376 int minSSlOptions = Integrity.value | DetectReplay.value | DetectMisordering.value;
00377 if (sasComponent != null) {
00378 TransportStruct transportStruct = sasComponent.getTransport();
00379
00380 ssl = new SSL(transportStruct.getTargetSupports(), transportStruct.getTargetRequires(), (short) transportStruct.getSslPort());
00381 } else {
00382 ssl = new SSL((short) minSSlOptions, (short) 0, (short) TransportStruct.DEFAULT_SSL_PORT);
00383 }
00384
00385
00386 Any pAny = ORBHelper.getOrb().create_any();
00387 SSLHelper.insert(pAny, ssl);
00388 byte[] componentData = null;
00389 try {
00390 componentData = codec.encode_value(pAny);
00391 } catch (InvalidTypeForEncoding itfe) {
00392 throw new Csiv2InterceptorException("Cannot encode a given any corba object", itfe);
00393 }
00394 return new TaggedComponent(TAG_SSL_SEC_TRANS.value, componentData);
00395
00396 }
00397
00398
00399
00400
00406 private AS_ContextSec buildAsContextMech(SasComponent sasComponent) {
00407
00408 AsStruct asStruct = sasComponent.getAs();
00409
00410
00411 AS_ContextSec asContextMech = new AS_ContextSec(asStruct.getTargetSupports(), asStruct
00412 .getTargetRequires(), asStruct.getClientAuthenticationMech(), asStruct.getTargetName());
00413
00414 return asContextMech;
00415
00416 }
00417
00423 private SAS_ContextSec buildSasContextMech(SasComponent sasComponent) {
00424
00425 SasStruct sasStruct = sasComponent.getSas();
00426
00434 ServiceConfiguration[] privilegeAuthorities = new ServiceConfiguration[0];
00435
00436 byte[][] supportedNamingMechanisms = sasStruct.getSupportedNamingMechanisms();
00437 if (logger.isLoggable(BasicLevel.DEBUG)) {
00438 logger.log(BasicLevel.DEBUG, "supported mechanisms = " + supportedNamingMechanisms + " and identity = "
00439 + sasStruct.getSupportedIdentityTypes());
00440 logger.log(BasicLevel.DEBUG, "supported mechanisms size= " + supportedNamingMechanisms.length);
00441 logger.log(BasicLevel.DEBUG, "target supports= " + sasStruct.getTargetSupports());
00442 }
00453
00454 int supportedIdentityTypes = sasStruct.getSupportedIdentityTypes();
00455
00456
00457 SAS_ContextSec sasContextMech = new SAS_ContextSec(sasStruct.getTargetSupports(),
00458 sasStruct.getTargetRequires(), privilegeAuthorities, supportedNamingMechanisms, supportedIdentityTypes);
00459
00460 return sasContextMech;
00461 }
00462
00463
00464
00465 }