KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > enterprise > iiop > CSIV2TaggedComponentInfo


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23 package com.sun.enterprise.iiop;
24
25 import java.util.*;
26 import java.io.*;
27
28 import org.omg.CORBA.ORB JavaDoc;
29 import org.omg.IOP.TaggedComponent JavaDoc;
30
31 import com.sun.enterprise.util.Utility;
32 import com.sun.enterprise.util.ORBManager;
33 import com.sun.enterprise.iiop.security.GSSUtils;
34 import com.sun.enterprise.deployment.*;
35 import java.util.logging.*;
36 import com.sun.logging.*;
37
38 // These are internal APIs in the RMI-IIOP-POA implementation
39 // used because there are no public APIs for interceptors yet
40 import com.sun.corba.ee.spi.ior.iiop.IIOPProfile;
41 import com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate;
42 import com.sun.corba.ee.spi.ior.IOR;
43 import com.sun.corba.ee.impl.encoding.CDRInputStream;
44 import com.sun.corba.ee.impl.encoding.CDROutputStream;
45 import com.sun.corba.ee.impl.encoding.EncapsInputStream;
46
47 import com.sun.corba.ee.org.omg.CSI.*;
48 import com.sun.corba.ee.org.omg.CSIIOP.*;
49
50 /**
51  * This is the class that manages the CSIV2 tagged component information
52  * in the IORs.
53  * @author Vivek Nagar
54  * @author Harpreet Singh
55  */
56
57 public final class CSIV2TaggedComponentInfo
58 {
59     private static Logger _logger=null;
60     static{
61        _logger=LogDomains.getLogger(LogDomains.CORBA_LOGGER);
62         }
63     // Realm name is first picked up from the application object.
64 // If the realm is unpopulated here, then we query it from
65 // the IORDescriptor(as in for a standalone ejb case).
66 // The fallback is "default"
67 private String JavaDoc _realm_name = null;
68     private byte[] _realm_name_bytes = null;
69     private final static String JavaDoc DEFAULT_REALM = "default";
70     
71     public static final int SUPPORTED_IDENTITY_TOKEN_TYPES = 15;
72
73     private ORB JavaDoc orb;
74     private int sslMutualAuthPort;
75
76
77     /**
78      * Constructor.
79      */
80     public CSIV2TaggedComponentInfo(ORB JavaDoc orb) {
81     this.orb = orb;
82     }
83
84     /**
85      * Create the security mechanism list tagged component based
86      * on the deployer specified configuration information.
87      * This method is on the server side for all ejbs.
88      */
89     public TaggedComponent JavaDoc createSecurityTaggedComponent(int sslPort,
90                              EjbDescriptor desc)
91     {
92         TaggedComponent JavaDoc tc = null;
93     try {
94             if(_logger.isLoggable(Level.FINE)){
95                 _logger.log(Level.FINE, "IIOP: Creating a Security Tagged Component");
96             }
97             // get the realm from the application object.
98 _realm_name = desc.getApplication().getRealm();
99             CompoundSecMech[] mechList = createCompoundSecMechs(sslPort, desc);
100             tc = createTaggedComponent(mechList);
101
102         } catch(Exception JavaDoc e) {
103             _logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
104         }
105         return tc;
106     }
107
108     /**
109      * This method is called on the server side for all non-EJB POAs.
110      */
111     public TaggedComponent JavaDoc createSecurityTaggedComponent(int sslPort)
112     {
113         TaggedComponent JavaDoc tc = null;
114     try {
115         boolean sslRequired = false;
116         String JavaDoc sslReq =
117         (String JavaDoc)(ORBManager.getCSIv2Props()).get(ORBManager.ORB_SSL_SERVER_REQUIRED);
118         if ( sslReq != null && sslReq.equals("true") ) {
119         sslRequired = true;
120         }
121
122         boolean clientAuthReqd = false;
123         String JavaDoc clientAuthReq =
124         (String JavaDoc)(ORBManager.getCSIv2Props()).get(ORBManager.ORB_CLIENT_AUTH_REQUIRED);
125         if ( clientAuthReq != null && clientAuthReq.equals("true") ) {
126         clientAuthReqd = true;
127         }
128
129         CompoundSecMech[] mechList = new CompoundSecMech[1];
130         TaggedComponent JavaDoc transportMech = createSSLInfo(sslPort, null,
131                               sslRequired);
132         // Create AS_Context
133 AS_ContextSec asContext = createASContextSec(null);
134
135         // Create SAS_Context
136 SAS_ContextSec sasContext = createSASContextSec(null);
137
138         short targetRequires =
139             (clientAuthReqd ? EstablishTrustInClient.value : 0);
140
141         // Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
142 mechList[0] = new CompoundSecMech(targetRequires,
143                     transportMech, asContext, sasContext);
144
145         tc = createTaggedComponent(mechList);
146         } catch(Exception JavaDoc e) {
147             _logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
148         }
149         return tc;
150     }
151     public TaggedComponent JavaDoc createSecurityTaggedComponent(java.util.List JavaDoc<com.sun.corba.ee.spi.folb.SocketInfo> scoketInfos)
152     {
153         TaggedComponent JavaDoc tc = null;
154     try {
155         boolean sslRequired = false;
156         String JavaDoc sslReq =
157         (String JavaDoc)(ORBManager.getCSIv2Props()).get(ORBManager.ORB_SSL_SERVER_REQUIRED);
158         if ( sslReq != null && sslReq.equals("true") ) {
159         sslRequired = true;
160         }
161
162         boolean clientAuthReqd = false;
163         String JavaDoc clientAuthReq =
164         (String JavaDoc)(ORBManager.getCSIv2Props()).get(ORBManager.ORB_CLIENT_AUTH_REQUIRED);
165         if ( clientAuthReq != null && clientAuthReq.equals("true") ) {
166         clientAuthReqd = true;
167         }
168
169         CompoundSecMech[] mechList = new CompoundSecMech[1];
170         TaggedComponent JavaDoc transportMech = createSSLInfo(scoketInfos, null,
171                               sslRequired);
172         // Create AS_Context
173 AS_ContextSec asContext = createASContextSec(null);
174
175         // Create SAS_Context
176 SAS_ContextSec sasContext = createSASContextSec(null);
177
178         short targetRequires =
179             (clientAuthReqd ? EstablishTrustInClient.value : 0);
180
181         // Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
182 mechList[0] = new CompoundSecMech(targetRequires,
183                     transportMech, asContext, sasContext);
184
185         tc = createTaggedComponent(mechList);
186         } catch(Exception JavaDoc e) {
187             _logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
188         }
189         return tc;
190     }
191 /* public TaggedComponent createSecurityTaggedComponent(java.util.List<Integer> sslPorts)
192     {
193         TaggedComponent tc = null;
194     try {
195         boolean sslRequired = false;
196         String sslReq =
197         (String)(ORBManager.getCSIv2Props()).get(ORBManager.ORB_SSL_SERVER_REQUIRED);
198         if ( sslReq != null && sslReq.equals("true") ) {
199         sslRequired = true;
200         }
201
202         boolean clientAuthReqd = false;
203         String clientAuthReq =
204         (String)(ORBManager.getCSIv2Props()).get(ORBManager.ORB_CLIENT_AUTH_REQUIRED);
205         if ( clientAuthReq != null && clientAuthReq.equals("true") ) {
206         clientAuthReqd = true;
207         }
208
209         CompoundSecMech[] mechList = new CompoundSecMech[sslPorts.size()];
210         
211         // Create AS_Context
212         AS_ContextSec asContext = createASContextSec(null);
213
214         // Create SAS_Context
215         SAS_ContextSec sasContext = createSASContextSec(null);
216
217         short targetRequires =
218             (clientAuthReqd ? EstablishTrustInClient.value : 0);
219
220             //for(int portNo : sslPorts){
221             for(int pIndex =0; pIndex < sslPorts.size(); pIndex++){
222                 TaggedComponent transportMech = createSSLInfo(sslPorts.get(pIndex), null,
223                                                               sslRequired);
224                 // Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
225                 mechList[pIndex] = new CompoundSecMech(targetRequires,
226                                             transportMech, asContext, sasContext);
227             }
228
229         tc = createTaggedComponent(mechList);
230         } catch(Exception e) {
231             _logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
232         }
233         return tc;
234     }*/
235
236     private TaggedComponent JavaDoc createTaggedComponent(CompoundSecMech[] mechList)
237     {
238     CDROutputStream out = (CDROutputStream) orb.create_output_stream();
239     out.putEndian();
240
241     boolean stateful = false;
242     CompoundSecMechList list = new CompoundSecMechList(stateful,
243                                 mechList);
244     CompoundSecMechListHelper.write(out, list);
245     byte[] buf = out.toByteArray();
246     TaggedComponent JavaDoc tc = new TaggedComponent JavaDoc(
247                 TAG_CSI_SEC_MECH_LIST.value, buf ) ;
248     return tc;
249     }
250
251     public void setSSLMutualAuthPort(int port) {
252     sslMutualAuthPort = port;
253     }
254
255     private int getSSLMutualAuthPort() {
256     return sslMutualAuthPort;
257     }
258
259     /**
260      * Create the security mechanisms. Only 1 such mechanism is created
261      * although the spec allows multiple mechanisms (in decreasing order
262      * of preference)
263      */
264     private CompoundSecMech[] createCompoundSecMechs(int sslPort,
265                                         EjbDescriptor desc)
266         throws IOException
267     {
268         if(_logger.isLoggable(Level.FINE)){
269             _logger.log(Level.FINE, "IIOP: Creating CompoundSecMech");
270         }
271
272     Set iorDescSet = desc.getIORConfigurationDescriptors();
273     int size = iorDescSet.size();
274     if(size == 0) {
275         // No IOR config descriptors:
276 // Either none were configured or 1.2.x app.
277
278         // Create an IOR config desc with SSL supported
279 EjbIORConfigurationDescriptor eDesc =
280                     new EjbIORConfigurationDescriptor();
281         eDesc.setIntegrity(EjbIORConfigurationDescriptor.SUPPORTED);
282         eDesc.setConfidentiality(EjbIORConfigurationDescriptor.SUPPORTED);
283         eDesc.setEstablishTrustInClient
284                     (EjbIORConfigurationDescriptor.SUPPORTED);
285         iorDescSet.add(eDesc);
286         size = 1;
287
288         // Check if method permissions are set on the descriptor.
289 // If they are then enable username_password mechanism in as_context
290 Set permissions = desc.getPermissionedRoles();
291         if(permissions.size() > 0) {
292                 if(_logger.isLoggable(Level.FINE)){
293                     _logger.log(Level.FINE,"IIOP:Application has protected methods");
294                 }
295             eDesc.setAuthMethodRequired(true);
296         }
297     }
298         CompoundSecMech[] mechList = new CompoundSecMech[size];
299     Iterator itr = iorDescSet.iterator();
300         if(_logger.isLoggable(Level.FINE)){
301             _logger.log(Level.FINE,"IORDescriptor SIZE:" + size);
302     }
303     for(int i = 0; i < size; i++) {
304         EjbIORConfigurationDescriptor iorDesc =
305         (EjbIORConfigurationDescriptor) itr.next();
306             int target_requires = getTargetRequires(iorDesc);
307         TaggedComponent JavaDoc comp = createSSLInfo(sslPort, iorDesc, false);
308         // Create AS_Context
309 AS_ContextSec asContext = createASContextSec(iorDesc);
310             // Create SAS_Context
311 SAS_ContextSec sasContext = createSASContextSec(iorDesc);
312         // update the target requires value
313 int targ_req = target_requires | asContext.target_requires
314         | sasContext.target_requires;
315             // Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
316 TaggedComponent JavaDoc transportMech = comp;
317             mechList[i] = new CompoundSecMech((short)targ_req,
318                             transportMech, asContext, sasContext);
319     }
320         return mechList;
321     }
322
323     /**
324      * This method determines if all the mechanisms defined in the
325      * CSIV2 CompoundSecMechList structure require protected
326      * invocations.
327      */
328     public boolean allMechanismsRequireSSL(Set iorDescSet) {
329     int size = iorDescSet.size();
330     if(size == 0) {
331         return false;
332     }
333     Iterator itr = iorDescSet.iterator();
334     for(int i = 0; i < size; i++) {
335         EjbIORConfigurationDescriptor iorDesc =
336         (EjbIORConfigurationDescriptor) itr.next();
337             int target_requires = getTargetRequires(iorDesc);
338         if(target_requires == 0) {
339         return false;
340         }
341     }
342     return true;
343     }
344
345     /**
346      * Create the AS layer context within a compound mechanism definition.
347      */
348     public AS_ContextSec createASContextSec(
349             EjbIORConfigurationDescriptor iorDesc)
350                 throws IOException
351     {
352         AS_ContextSec asContext = null;
353         int target_supports = 0;
354         int target_requires = 0;
355         byte[] client_authentication_mechanism = {};
356         byte[] target_name = {} ;
357         String JavaDoc authMethod = null;
358         boolean authMethodRequired = false;
359
360         if(_logger.isLoggable(Level.FINE)){
361             _logger.log(Level.FINE, "IIOP: Creating AS_Context");
362         }
363
364         // If AS_ContextSec is not required to be generated in an IOR,
365 // then optimize the code by not generating and filling in fields that are
366 // irrelevant.
367
368         if (iorDesc != null) {
369             authMethod = iorDesc.getAuthenticationMethod();
370             authMethodRequired = iorDesc.isAuthMethodRequired();
371     }
372
373         if ( (authMethod != null) && (authMethod.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE))) {
374
375             asContext = new AS_ContextSec((short)target_supports,
376                                           (short)target_requires,
377                                           client_authentication_mechanism,
378                                           target_name);
379             return asContext;
380     }
381             
382         /** Functionality for Realm Per App
383          * Try to get the realm from the descriptor, else fill in default
384          */
385         if(_realm_name == null){// realm name should be populated at this point
386 if(iorDesc != null){
387                 _realm_name = iorDesc.getRealmName();
388             }
389             if(_realm_name == null){
390                 _realm_name = DEFAULT_REALM;
391                 if(_logger.isLoggable(Level.FINE)){
392                     _logger.log(Level.FINE, "IIOP:AS_Context: Realm Name = null,"
393                                 + " setting default realm for logging in");
394                 }
395             }
396         }
397         if(_logger.isLoggable(Level.FINE)){
398             _logger.log(Level.FINE, "IIOP:AS_Context: Realm Name for login = "+
399                         _realm_name);
400         }
401         _realm_name_bytes = _realm_name.getBytes();
402         
403         target_name = GSSUtils.createExportedName(
404                                GSSUtils.GSSUP_MECH_OID,
405                        _realm_name_bytes);
406
407         target_supports = EstablishTrustInClient.value;
408
409         if (authMethodRequired){
410             target_requires = EstablishTrustInClient.value;
411         }
412
413         client_authentication_mechanism = getMechanism();
414
415         asContext = new AS_ContextSec((short)target_supports,
416                                         (short)target_requires,
417                                         client_authentication_mechanism,
418                                         target_name);
419
420         return asContext;
421     }
422
423     /**
424      * Create the SAS layer context within a compound mechanism definition.
425      */
426     public SAS_ContextSec createSASContextSec(
427             EjbIORConfigurationDescriptor iorDesc)
428                 throws IOException
429     {
430         SAS_ContextSec sasContext = null;
431     // target_supports = 0 means that target supports ITTAbsent
432 int target_supports = 0;
433         int target_requires = 0;
434         ServiceConfiguration[] priv = new ServiceConfiguration[0];
435         String JavaDoc callerPropagation = null;
436         byte[][] mechanisms = {};
437         
438         if(_logger.isLoggable(Level.FINE)){
439             _logger.log(Level.FINE, "IIOP: Creating SAS_Context");
440         }
441
442
443     // this shall be non-zero if target_supports is non-zero
444 int supported_identity_token_type = 0;
445
446         if (iorDesc != null) {
447             callerPropagation = iorDesc.getCallerPropagation();
448         }
449
450         if ((callerPropagation != null)
451         && (callerPropagation.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE))){
452             sasContext = new SAS_ContextSec((short)target_supports,
453                                             (short)target_requires,
454                                             priv, mechanisms,
455                         supported_identity_token_type);
456             return sasContext;
457     }
458
459     target_supports = IdentityAssertion.value;
460
461         byte[] upm = getMechanism(); // Only username_password mechanism
462 mechanisms = new byte[1][upm.length];
463         for(int i = 0; i < upm.length; i++) {
464             mechanisms[0][i] = upm[i];
465         }
466
467     // para 166 of CSIv2 spec says that the bit corresponding to the
468 // ITTPrincipalName is non-zero if supported_mechanism has atleast
469 // 1 element. Supported_mechanism has the value of GSSUP OID
470 if (target_supports != 0){
471         supported_identity_token_type = SUPPORTED_IDENTITY_TOKEN_TYPES;
472         }
473
474         sasContext = new SAS_ContextSec((short)target_supports,
475                                         (short)target_requires,
476                                         priv, mechanisms,
477                     supported_identity_token_type);
478
479         return sasContext;
480     }
481
482     /**
483      * Create the SSL tagged component within a compound mechanism
484      * definition.
485      */
486     private TaggedComponent JavaDoc createSSLInfo(int sslport,
487                       EjbIORConfigurationDescriptor iorDesc,
488                       boolean sslRequired )
489     {
490     int targetSupports = 0;
491     int targetRequires = 0;
492         int ssl_port = sslport; // reassigned in case of mutual auth
493 if(_logger.isLoggable(Level.FINE)){
494             _logger.log(Level.FINE, "IIOP: Creating Transport Mechanism");
495         }
496
497     if ( iorDesc == null ) {
498         // this happens only for nameservice
499 targetSupports = Integrity.value | Confidentiality.value
500                 | EstablishTrustInClient.value
501                 | EstablishTrustInTarget.value;
502         if ( sslRequired ) {
503          targetRequires = Integrity.value | Confidentiality.value
504                     | EstablishTrustInClient.value;
505         }
506     }
507     else {
508         targetSupports = getTargetSupports(iorDesc);
509         targetRequires = getTargetRequires(iorDesc);
510         if((targetRequires & EstablishTrustInClient.value)
511                 == EstablishTrustInClient.value) {
512                     // ssl port will only be changed in case of mutual auth
513 ssl_port = getSSLMutualAuthPort();
514                 if(_logger.isLoggable(Level.FINE)){
515                     _logger.log(Level.FINE,"MUTUAL AUTH PORT=" + sslport);
516                 }
517             }
518     }
519         /*
520          * if both targetSupports and targetRequires are zero, then the
521          * mechanism does not support a transport_mechanism and hence
522          * a TAG_NULL_TAG must be generated.
523          */
524
525         if ( (targetSupports | targetRequires) == 0 || ssl_port == -1) {
526          byte[] b = {} ;
527          TaggedComponent JavaDoc tc = new TaggedComponent JavaDoc(TAG_NULL_TAG.value, b);
528              return tc;
529     }
530     String JavaDoc host_name = "";
531     host_name = Utility.getLocalAddress();
532     TransportAddress[] listTa = generateTransportAddresses(host_name,
533                                    ssl_port);
534     TLS_SEC_TRANS tls_sec = new TLS_SEC_TRANS((short)targetSupports,
535                           (short)targetRequires,
536                           listTa);
537
538     CDROutputStream out = (CDROutputStream) orb.create_output_stream();
539     out.putEndian() ;
540     TLS_SEC_TRANSHelper.write((org.omg.CORBA.portable.OutputStream JavaDoc)out, tls_sec);
541
542     byte[] buf = out.toByteArray() ;
543     // create new Tagged Component for SSL
544 TaggedComponent JavaDoc tc = new TaggedComponent JavaDoc(
545             TAG_TLS_SEC_TRANS.value, buf ) ;
546     return tc;
547
548     }
549     private TransportAddress[] generateTransportAddresses(String JavaDoc host,
550                               int sslport){
551     short short_port = Utility.intToShort(sslport);
552     TransportAddress ta = new TransportAddress(host, short_port);
553     TransportAddress[] listTa = new TransportAddress[1];
554     listTa[0] = ta;
555     return listTa;
556    }
557     private TaggedComponent JavaDoc createSSLInfo(java.util.List JavaDoc<com.sun.corba.ee.spi.folb.SocketInfo> scoketInfos,
558                       EjbIORConfigurationDescriptor iorDesc,
559                       boolean sslRequired )
560     {
561     int targetSupports = 0;
562     int targetRequires = 0;
563         //int ssl_port = sslport; // reassigned in case of mutual auth
564 if(_logger.isLoggable(Level.FINE)){
565             _logger.log(Level.FINE, "IIOP: Creating Transport Mechanism");
566         }
567
568     if ( iorDesc == null ) {
569         // this happens only for nameservice
570 targetSupports = Integrity.value | Confidentiality.value
571                 | EstablishTrustInClient.value
572                 | EstablishTrustInTarget.value;
573         if ( sslRequired ) {
574          targetRequires = Integrity.value | Confidentiality.value
575                     | EstablishTrustInClient.value;
576         }
577     }
578     else {
579         targetSupports = getTargetSupports(iorDesc);
580         targetRequires = getTargetRequires(iorDesc);
581         if((targetRequires & EstablishTrustInClient.value)
582                 == EstablishTrustInClient.value) {
583                     // ssl port will only be changed in case of mutual auth
584 //ssl_port = getSSLMutualAuthPort();
585 if(_logger.isLoggable(Level.FINE)){
586                     //_logger.log(Level.FINE,"MUTUAL AUTH PORT=" + sslport);
587 }
588             }
589     }
590         /*
591          * if both targetSupports and targetRequires are zero, then the
592          * mechanism does not support a transport_mechanism and hence
593          * a TAG_NULL_TAG must be generated.
594          */
595
596         //if ( (targetSupports | targetRequires) == 0 || ssl_port == -1) {
597 if ( (targetSupports | targetRequires) == 0 ) {
598          byte[] b = {} ;
599          TaggedComponent JavaDoc tc = new TaggedComponent JavaDoc(TAG_NULL_TAG.value, b);
600              return tc;
601     }
602     TransportAddress[] listTa = generateTransportAddresses(scoketInfos);
603     TLS_SEC_TRANS tls_sec = new TLS_SEC_TRANS((short)targetSupports,
604                           (short)targetRequires,
605                           listTa);
606
607     CDROutputStream out = (CDROutputStream) orb.create_output_stream();
608     out.putEndian() ;
609     TLS_SEC_TRANSHelper.write((org.omg.CORBA.portable.OutputStream JavaDoc)out, tls_sec);
610
611     byte[] buf = out.toByteArray() ;
612     // create new Tagged Component for SSL
613 TaggedComponent JavaDoc tc = new TaggedComponent JavaDoc(
614             TAG_TLS_SEC_TRANS.value, buf ) ;
615     return tc;
616
617     }
618     private TransportAddress[] generateTransportAddresses(java.util.List JavaDoc<com.sun.corba.ee.spi.folb.SocketInfo> socketInfos){
619         TransportAddress[] listTa = new TransportAddress[socketInfos.size()];
620     for(int i=0; i< socketInfos.size(); i++){
621             com.sun.corba.ee.spi.folb.SocketInfo socketInfo = socketInfos.get(i);
622             int sslport = socketInfo.port;
623             String JavaDoc host = socketInfo.host;
624             short short_port = Utility.intToShort(sslport);
625             TransportAddress ta = new TransportAddress(host, short_port);
626             listTa[i] = ta;
627         }
628     return listTa;
629    }
630     /**
631      * Get the Compound security mechanism list from the given IOR.
632      * @param the IOR.
633      * @return the array of compound security mechanisms.
634      */
635     public CompoundSecMech[] getSecurityMechanisms(IOR ior) {
636     IIOPProfile prof = ior.getProfile();
637     IIOPProfileTemplate ptemp = (IIOPProfileTemplate)prof.
638                 getTaggedProfileTemplate();
639     Iterator itr = ptemp.iteratorById(TAG_CSI_SEC_MECH_LIST.value);
640     if(!itr.hasNext()) {
641             if(_logger.isLoggable(Level.FINE)){
642                 String JavaDoc msg = "IIOP:TAG_CSI_SEC_MECH_LIST tagged component not found";
643                 _logger.log(Level.FINE, msg);
644         }
645         return null;
646     }
647     Object JavaDoc o = itr.next();
648         if(_logger.isLoggable(Level.FINE)){
649             _logger.log(Level.FINE,"Component:" + o);
650             }
651     if(itr.hasNext()) {
652         String JavaDoc msg = "More than one TAG_CSI_SEC_MECH_LIST tagged " +
653              "component found ";
654             _logger.log(Level.SEVERE,"iiop.many_tagged_component");
655         throw new RuntimeException JavaDoc(msg);
656     }
657     com.sun.corba.ee.spi.ior.TaggedComponent tcomp =
658         (com.sun.corba.ee.spi.ior.TaggedComponent) o;
659     TaggedComponent JavaDoc comp = tcomp.getIOPComponent(orb);
660     byte[] b = comp.component_data;
661     CDRInputStream in = (CDRInputStream) new EncapsInputStream(orb, b, b.length);
662     in.consumeEndian();
663     CompoundSecMechList l = CompoundSecMechListHelper.read(in);
664     CompoundSecMech[] list = l.mechanism_list;
665
666     return list;
667     }
668
669     /**
670      * Retrieve the SSL tagged component from the compound security
671      * mechanism.
672      */
673     public TLS_SEC_TRANS getSSLInformation(CompoundSecMech mech){
674     TaggedComponent JavaDoc pcomp = mech.transport_mech;
675     TLS_SEC_TRANS ssl = getSSLComponent(pcomp);
676     return ssl;
677     
678     }
679     private TLS_SEC_TRANS getSSLComponent(TaggedComponent JavaDoc comp)
680     {
681     TLS_SEC_TRANS ssl = null;
682         // a TAG_NULL_TAG implies that SSL is not required
683 if (comp.tag == TAG_NULL_TAG.value){
684             ssl = null;
685         } else {
686             byte[] b = comp.component_data;
687             CDRInputStream in = (CDRInputStream) new EncapsInputStream(orb, b, b.length);
688             in.consumeEndian();
689             ssl = TLS_SEC_TRANSHelper.read(in);
690         }
691     return ssl;
692     }
693
694
695     /**
696      * Get the value of target_supports for the transport layer.
697      */
698     public int getTargetSupports(EjbIORConfigurationDescriptor iorDesc)
699     {
700     if ( iorDesc == null ) {
701             return 0;
702         }
703     int supports = 0;
704     String JavaDoc integrity = iorDesc.getIntegrity();
705     if(!integrity.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
706         supports = supports | Integrity.value;
707     }
708     String JavaDoc confidentiality = iorDesc.getConfidentiality();
709     if(!confidentiality.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
710         supports = supports | Confidentiality.value;
711     }
712     String JavaDoc establishTrustInTarget = iorDesc.getEstablishTrustInTarget();
713     if(!establishTrustInTarget.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
714         supports = supports | EstablishTrustInTarget.value;
715     }
716     String JavaDoc establishTrustInClient = iorDesc.getEstablishTrustInClient();
717     if(!establishTrustInClient.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
718         supports = supports | EstablishTrustInClient.value;
719     }
720     return supports;
721     }
722
723     /**
724      * Get the value of target_requires for the transport layer.
725      */
726     public int getTargetRequires(EjbIORConfigurationDescriptor iorDesc)
727     {
728     if ( iorDesc == null ) {
729             return 0;
730         }
731     int requires = 0;
732     String JavaDoc integrity = iorDesc.getIntegrity();
733     if(integrity.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
734         requires = requires | Integrity.value;
735     }
736     String JavaDoc confidentiality = iorDesc.getConfidentiality();
737     if(confidentiality.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
738         requires = requires | Confidentiality.value;
739     }
740     String JavaDoc establishTrustInTarget = iorDesc.getEstablishTrustInTarget();
741     if(establishTrustInTarget.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
742         requires = requires | EstablishTrustInTarget.value;
743     }
744     String JavaDoc establishTrustInClient = iorDesc.getEstablishTrustInClient();
745     if(establishTrustInClient.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
746         requires = requires | EstablishTrustInClient.value;
747     }
748     return requires;
749     }
750
751     /**
752      * Return the ASN.1 encoded representation of a GSS mechanism identifier.
753      * Currently only the GSSUP Mechanism is supported.
754      */
755     private byte[] getMechanism()
756     throws IOException{
757         return GSSUtils.getDER(GSSUtils.GSSUP_MECH_OID);
758     }
759 }
760
Popular Tags