Csiv2ServerInterceptor.java

package org.objectweb.jonas.security.iiop;

import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.ITTPrincipalName;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.MTEstablishContext;
import org.omg.CSI.MTMessageInContext;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.GSSUP.InitialContextToken;
import org.omg.GSSUP.InitialContextTokenHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.SecurityAttributeService;
import org.omg.IOP.ServiceContext;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
import org.omg.IOP.CodecPackage.TypeMismatch;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;

import org.objectweb.carol.util.csiv2.gss.GSSHelper;

import org.objectweb.util.monolog.api.BasicLevel;
import org.objectweb.util.monolog.api.Logger;

public class Csiv2ServerInterceptor extends org.omg.CORBA.LocalObject implements ServerRequestInterceptor {

    private static final String NAME = "Csiv2ServerInterceptor";

    private Codec codec = null;

    private Logger logger = null;

    private Logger loggerDetails = null;

    public Csiv2ServerInterceptor(Codec codec, Logger logger, Logger loggerDetails) {
        this.codec = codec;
        this.logger = logger;
        this.loggerDetails = loggerDetails;
    }

    public void receive_request(ServerRequestInfo ri) throws ForwardRequest {

        // Is there a security attribute service context (Csiv2 16.2 protocol message definition)
        ServiceContext receiveServiceContext  = null;
        try {
            // Csiv2 16.9.1 / Type defined for security attribute service
            receiveServiceContext = ri.get_request_service_context(SecurityAttributeService.value);
            if (logger.isLoggable(BasicLevel.DEBUG)) {
                logger.log(BasicLevel.DEBUG, "Got security service context = " + receiveServiceContext);
            }
        } catch (BAD_PARAM e) {
            if (loggerDetails.isLoggable(BasicLevel.DEBUG)) {
                loggerDetails.log(BasicLevel.DEBUG, "No security service context found");
            }
        }

        // No serviceContext, just return
        if (receiveServiceContext == null) {
            return;
        }

        // Analyze service context
        SASContextBody receivedSASContextBody = null;
        Any receiveAny = null;
        try {
            receiveAny = codec.decode_value(receiveServiceContext.context_data, SASContextBodyHelper.type());
        } catch (FormatMismatch fm) {
            logger.log(BasicLevel.ERROR, "Format mismatch while decoding value :" + fm.getMessage());
            return;
        } catch (TypeMismatch tm) {
            logger.log(BasicLevel.ERROR, "Type mismatch while decoding value :" + tm.getMessage());
            return;
        }
        receivedSASContextBody = SASContextBodyHelper.extract(receiveAny);
        if (receivedSASContextBody == null) {
            logger.log(BasicLevel.ERROR, "Received Sascontext body is null");
            return;
        }
        short discriminator = receivedSASContextBody.discriminator();

        if (discriminator == MTEstablishContext.value) {
            // Analyze the establish context message
            EstablishContext receivedEstablishContext = receivedSASContextBody.establish_msg();

            // client authentication token
            byte[] clientAuthenticationToken = receivedEstablishContext.client_authentication_token;
            // identity token
            IdentityToken identityToken = receivedEstablishContext.identity_token;

            // client authentication token case
            if (clientAuthenticationToken != null && clientAuthenticationToken.length != 0) {
                Any pAny = null;
                try {
                    pAny = codec.decode_value(GSSHelper.decodeToken(receivedEstablishContext.client_authentication_token), InitialContextTokenHelper.type());
                } catch (FormatMismatch fm) {
                    logger.log(BasicLevel.ERROR, "Format mismatch while decoding value :" + fm.getMessage());
                    return;
                } catch (TypeMismatch tm) {
                    logger.log(BasicLevel.ERROR, "Type mismatch while decoding value :" + tm.getMessage());
                    return;
                }
                InitialContextToken initialContextToken = InitialContextTokenHelper.extract(pAny);
                String userName = new String(initialContextToken.username);
                String password = new String(initialContextToken.password);
                logger.log(BasicLevel.DEBUG, "Received InitialContextToken, login = '" + userName + "' and password = '" + password + "'.");
                SecurityContextHelper.getInstance().loginAuthenticationToken(userName, password);

            } else if (identityToken != null) { // identity token case
                try {
                    // Principal name case
                    if (identityToken.discriminator() == ITTPrincipalName.value) {
                        Any a = codec.decode_value(receivedEstablishContext.identity_token.principal_name(), GSS_NT_ExportedNameHelper.type());
                        byte[] encodedName = GSS_NT_ExportedNameHelper.extract(a);

                        // Decode the principal name
                        String principalName = GSSHelper.decodeExported(encodedName);
                        logger.log(BasicLevel.DEBUG, "Received identityToken, principalName = " + principalName);
                        SecurityContextHelper.getInstance().loginIdentiyToken(principalName);
                    }
                } catch (Exception e) {
                    logger.log(BasicLevel.ERROR, "Error = " + e.getMessage());
                    return;
                }
            }

        } else if (discriminator == MTMessageInContext.value) { // not handle
            throw new NO_PERMISSION();
        }

        // Make CompleteEstablish context message
        CompleteEstablishContext completeEstablishContext = new CompleteEstablishContext(Csiv2Const.STATELESS_CONTEXT_ID, Csiv2Const.STATEFUL_MODE, Csiv2Const.EMPTY_BYTES);


        Any pAny = null;
        try {
            pAny = ORBHelper.getOrb().create_any();
        } catch (Csiv2InterceptorException csie) {
            logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
            return;
        }

        // Generate contextData of service context with EstablishContext
        SASContextBody sasContextBody = new SASContextBody();
        sasContextBody.complete_msg(completeEstablishContext);
        SASContextBodyHelper.insert(pAny, sasContextBody);
        byte[] contextData = null;

        try {
            contextData = codec.encode_value(pAny);
        } catch (InvalidTypeForEncoding itfe) {
            logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
            return;
        }

        // build service context and add it
        ServiceContext serviceContext = new ServiceContext(SecurityAttributeService.value, contextData);
        ri.add_reply_service_context(serviceContext, Csiv2Const.REPLACE_SECURITY_ATTRIBUTE_SERVICE);


    }

    public void receive_request_service_contexts(ServerRequestInfo ri) throws ForwardRequest {
        // TODO Auto-generated method stub

    }

    public void send_exception(ServerRequestInfo ri) throws ForwardRequest {
        // TODO Auto-generated method stub

    }

    public void send_other(ServerRequestInfo ri) throws ForwardRequest {
        // TODO Auto-generated method stub

    }

    public void send_reply(ServerRequestInfo ri) {

    }

    public void destroy() {

    }

    public String name() {
        return NAME;
    }
}

---