00001
00026 package org.objectweb.jonas.security.iiop;
00027
00028 import org.omg.CORBA.Any;
00029 import org.omg.CORBA.BAD_PARAM;
00030 import org.omg.CORBA.NO_PERMISSION;
00031 import org.omg.CSI.CompleteEstablishContext;
00032 import org.omg.CSI.EstablishContext;
00033 import org.omg.CSI.GSS_NT_ExportedNameHelper;
00034 import org.omg.CSI.ITTPrincipalName;
00035 import org.omg.CSI.IdentityToken;
00036 import org.omg.CSI.MTEstablishContext;
00037 import org.omg.CSI.MTMessageInContext;
00038 import org.omg.CSI.SASContextBody;
00039 import org.omg.CSI.SASContextBodyHelper;
00040 import org.omg.GSSUP.InitialContextToken;
00041 import org.omg.GSSUP.InitialContextTokenHelper;
00042 import org.omg.IOP.Codec;
00043 import org.omg.IOP.SecurityAttributeService;
00044 import org.omg.IOP.ServiceContext;
00045 import org.omg.IOP.CodecPackage.FormatMismatch;
00046 import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
00047 import org.omg.IOP.CodecPackage.TypeMismatch;
00048 import org.omg.PortableInterceptor.ForwardRequest;
00049 import org.omg.PortableInterceptor.ServerRequestInfo;
00050 import org.omg.PortableInterceptor.ServerRequestInterceptor;
00051
00052 import org.objectweb.carol.util.csiv2.gss.GSSHelper;
00053
00054 import org.objectweb.util.monolog.api.BasicLevel;
00055 import org.objectweb.util.monolog.api.Logger;
00056
00063 public class Csiv2ServerInterceptor extends org.omg.CORBA.LocalObject implements ServerRequestInterceptor {
00064
00068 private static final String NAME = "Csiv2ServerInterceptor";
00069
00073 private Codec codec = null;
00074
00078 private Logger logger = null;
00079
00083 private Logger loggerDetails = null;
00084
00091 public Csiv2ServerInterceptor(Codec codec, Logger logger, Logger loggerDetails) {
00092 this.codec = codec;
00093 this.logger = logger;
00094 this.loggerDetails = loggerDetails;
00095 }
00096
00107 public void receive_request(ServerRequestInfo ri) throws ForwardRequest {
00108
00109
00110 ServiceContext receiveServiceContext = null;
00111 try {
00112
00113 receiveServiceContext = ri.get_request_service_context(SecurityAttributeService.value);
00114 if (logger.isLoggable(BasicLevel.DEBUG)) {
00115 logger.log(BasicLevel.DEBUG, "Got security service context = " + receiveServiceContext);
00116 }
00117 } catch (BAD_PARAM e) {
00118 if (loggerDetails.isLoggable(BasicLevel.DEBUG)) {
00119 loggerDetails.log(BasicLevel.DEBUG, "No security service context found");
00120 }
00121 }
00122
00123
00124 if (receiveServiceContext == null) {
00125 return;
00126 }
00127
00128
00129 SASContextBody receivedSASContextBody = null;
00130 Any receiveAny = null;
00131 try {
00132 receiveAny = codec.decode_value(receiveServiceContext.context_data, SASContextBodyHelper.type());
00133 } catch (FormatMismatch fm) {
00134 logger.log(BasicLevel.ERROR, "Format mismatch while decoding value :" + fm.getMessage());
00135 return;
00136 } catch (TypeMismatch tm) {
00137 logger.log(BasicLevel.ERROR, "Type mismatch while decoding value :" + tm.getMessage());
00138 return;
00139 }
00140 receivedSASContextBody = SASContextBodyHelper.extract(receiveAny);
00141 if (receivedSASContextBody == null) {
00142 logger.log(BasicLevel.ERROR, "Received Sascontext body is null");
00143 return;
00144 }
00145 short discriminator = receivedSASContextBody.discriminator();
00146
00147 if (discriminator == MTEstablishContext.value) {
00148
00149 EstablishContext receivedEstablishContext = receivedSASContextBody.establish_msg();
00150
00151
00152 byte[] clientAuthenticationToken = receivedEstablishContext.client_authentication_token;
00153
00154 IdentityToken identityToken = receivedEstablishContext.identity_token;
00155
00156
00157 if (clientAuthenticationToken != null && clientAuthenticationToken.length != 0) {
00158 Any pAny = null;
00159 try {
00160 pAny = codec.decode_value(GSSHelper.decodeToken(receivedEstablishContext.client_authentication_token), InitialContextTokenHelper.type());
00161 } catch (FormatMismatch fm) {
00162 logger.log(BasicLevel.ERROR, "Format mismatch while decoding value :" + fm.getMessage());
00163 return;
00164 } catch (TypeMismatch tm) {
00165 logger.log(BasicLevel.ERROR, "Type mismatch while decoding value :" + tm.getMessage());
00166 return;
00167 }
00168 InitialContextToken initialContextToken = InitialContextTokenHelper.extract(pAny);
00169 String userName = new String(initialContextToken.username);
00170 String password = new String(initialContextToken.password);
00171 logger.log(BasicLevel.DEBUG, "Received InitialContextToken, login = '" + userName + "' and password = '" + password + "'.");
00172 SecurityContextHelper.getInstance().loginAuthenticationToken(userName, password);
00173
00174 } else if (identityToken != null) {
00175 try {
00176
00177 if (identityToken.discriminator() == ITTPrincipalName.value) {
00178 Any a = codec.decode_value(receivedEstablishContext.identity_token.principal_name(), GSS_NT_ExportedNameHelper.type());
00179 byte[] encodedName = GSS_NT_ExportedNameHelper.extract(a);
00180
00181
00182 String principalName = GSSHelper.decodeExported(encodedName);
00183 logger.log(BasicLevel.DEBUG, "Received identityToken, principalName = " + principalName);
00184 SecurityContextHelper.getInstance().loginIdentiyToken(principalName);
00185 }
00186 } catch (Exception e) {
00187 logger.log(BasicLevel.ERROR, "Error = " + e.getMessage());
00188 return;
00189 }
00190 }
00191
00192 } else if (discriminator == MTMessageInContext.value) {
00193 throw new NO_PERMISSION();
00194 }
00195
00196
00227 CompleteEstablishContext completeEstablishContext = new CompleteEstablishContext(Csiv2Const.STATELESS_CONTEXT_ID, Csiv2Const.STATEFUL_MODE, Csiv2Const.EMPTY_BYTES);
00228
00229
00243 Any pAny = null;
00244 try {
00245 pAny = ORBHelper.getOrb().create_any();
00246 } catch (Csiv2InterceptorException csie) {
00247 logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
00248 return;
00249 }
00250
00251
00252 SASContextBody sasContextBody = new SASContextBody();
00253 sasContextBody.complete_msg(completeEstablishContext);
00254 SASContextBodyHelper.insert(pAny, sasContextBody);
00255 byte[] contextData = null;
00256
00257 try {
00258 contextData = codec.encode_value(pAny);
00259 } catch (InvalidTypeForEncoding itfe) {
00260 logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
00261 return;
00262 }
00263
00264
00265 ServiceContext serviceContext = new ServiceContext(SecurityAttributeService.value, contextData);
00266 ri.add_reply_service_context(serviceContext, Csiv2Const.REPLACE_SECURITY_ATTRIBUTE_SERVICE);
00267
00268
00269 }
00270
00278 public void receive_request_service_contexts(ServerRequestInfo ri) throws ForwardRequest {
00279
00280
00281 }
00282
00294 public void send_exception(ServerRequestInfo ri) throws ForwardRequest {
00295
00296
00297 }
00298
00308 public void send_other(ServerRequestInfo ri) throws ForwardRequest {
00309
00310
00311 }
00312
00320 public void send_reply(ServerRequestInfo ri) {
00321
00322 }
00323
00327 public void destroy() {
00328
00329 }
00330
00335 public String name() {
00336 return NAME;
00337 }
00338 }