KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jacorb > security > ssl > sun_jsse > ServerInvocationInterceptor


1 package org.jacorb.security.ssl.sun_jsse;
2
3 /*
4  * JacORB - a free Java ORB
5  *
6  * Copyright (C) 2000-2004 Nicolas Noffke, Gerald Brose.
7  *
8  * This library is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Library General Public
10  * License as published by the Free Software Foundation; either
11  * version 2 of the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16  * Library General Public License for more details.
17  *
18  * You should have received a copy of the GNU Library General Public
19  * License along with this library; if not, write to the Free
20  * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21  */

22
23 import java.io.*;
24 import java.util.*;
25 import java.security.cert.*;
26
27 import org.apache.avalon.framework.configuration.*;
28 import org.apache.avalon.framework.logger.Logger;
29
30 import org.omg.SecurityReplaceable.*;
31 import org.omg.Security.*;
32 import org.omg.SecurityLevel2.ReceivedCredentials;
33
34 import org.omg.PortableInterceptor.*;
35 import org.omg.CORBA.ORBPackage.*;
36 import org.omg.CORBA.Any JavaDoc;
37
38 import org.jacorb.orb.portableInterceptor.ServerRequestInfoImpl;
39 import org.jacorb.security.level2.*;
40 import org.jacorb.orb.dsi.ServerRequest;
41 import org.jacorb.orb.iiop.*;
42 import org.jacorb.orb.giop.*;
43
44
45 import javax.net.ssl.SSLSocket;
46
47 /**
48  *
49  *
50  * @author Nicolas Noffke
51  * $Id: ServerInvocationInterceptor.java,v 1.10 2004/05/06 12:40:01 nicolas Exp $
52  */

53
54 public class ServerInvocationInterceptor
55     extends org.omg.CORBA.LocalObject JavaDoc
56     implements ServerRequestInterceptor, Configurable
57 {
58     public static final String JavaDoc DEFAULT_NAME = "ServerInvocationInterceptor";
59
60     private String JavaDoc name = null;
61
62     private org.jacorb.security.level2.CurrentImpl current = null;
63     private SecAttributeManager attrib_mgr = null;
64     private AttributeType type = null;
65
66     private HashMap sessionCredentials = new HashMap();
67
68     private Logger logger;
69     private short serverSupportedOptions = 0;
70     private short serverRequiredOptions = 0;
71
72     public ServerInvocationInterceptor(org.omg.SecurityLevel2.Current current,
73                                        org.jacorb.orb.ORB orb)
74         throws ConfigurationException
75     {
76         this.current = (CurrentImpl) current;
77         this.name = DEFAULT_NAME;
78         attrib_mgr = SecAttributeManager.getInstance();
79
80         type =
81             new AttributeType( new ExtensibleFamily( (short)0, (short)1 ), AccessId.value );
82         configure(orb.getConfiguration());
83     }
84
85
86     public void configure(Configuration configuration)
87         throws ConfigurationException
88     {
89         logger =
90             ((org.jacorb.config.Configuration)configuration).getNamedLogger("jacorb.security.ssl.interceptor");
91
92         serverSupportedOptions =
93             Short.parseShort(
94                 configuration.getAttribute("jacorb.security.ssl.server.supported_options","20"),
95                 16); // 16 is the base as we take the string value as hex!
96

97         serverRequiredOptions =
98             Short.parseShort(
99                 configuration.getAttribute("jacorb.security.ssl.server.required_options","0"),
100                 16);
101     }
102
103
104     public String JavaDoc name()
105     {
106         return name;
107     }
108
109     public void destroy()
110     {
111     }
112
113     public void receive_request( ServerRequestInfo ri )
114         throws ForwardRequest
115     {
116     }
117
118
119     public void receive_request_service_contexts( ServerRequestInfo ri )
120         throws ForwardRequest
121     {
122         ServerRequest request = ((ServerRequestInfoImpl) ri).request;
123         GIOPConnection connection = request.getConnection();
124         
125         // lookup for context
126
if (connection == null)
127         {
128             if (logger.isErrorEnabled())
129                 logger.error("target has no connection!");
130             return;
131         }
132         
133         if( !connection.isSSL() )
134         {
135             return;
136         }
137             
138         ServerIIOPConnection transport =
139             (ServerIIOPConnection)connection.getTransport();
140         
141         SSLSocket sslSocket = (SSLSocket)transport.getSocket();
142
143         javax.net.ssl.SSLSession session = sslSocket.getSession();
144
145         if (sessionCredentials.containsKey(session))
146         {
147             ReceivedCredentialsImpl sessionRcvCredentials =
148                 (ReceivedCredentialsImpl)sessionCredentials.get(session);
149             current.set_received_credentials(sessionRcvCredentials);
150             if (logger.isDebugEnabled())
151                 logger.info("Reusing SSL session credentials." );
152             return;
153         }
154
155         CertificateFactory certificateFactory = null;
156         
157         try
158         {
159             certificateFactory = CertificateFactory.getInstance("X.509");
160         }
161         catch( Exception JavaDoc e )
162         {
163             if (logger.isWarnEnabled())
164             {
165                 logger.warn(e.getMessage());
166             }
167         }
168         
169         KeyAndCert kac = null;
170         
171         try
172         {
173             javax.security.cert.X509Certificate[] certs =
174                 sslSocket.getSession().getPeerCertificateChain();
175             
176             int size = certs.length;
177             java.security.cert.X509Certificate JavaDoc[] newCerts =
178                 new java.security.cert.X509Certificate JavaDoc[size];
179             
180             for( int i = size - 1; 0 <= i; i-- )
181             {
182                 newCerts[i] = (java.security.cert.X509Certificate JavaDoc)
183                     certificateFactory.generateCertificate( new ByteArrayInputStream( certs[i].getEncoded()));
184             }
185             
186             kac = new KeyAndCert( null, newCerts );
187         }
188         catch( Exception JavaDoc e )
189         {
190             if (logger.isWarnEnabled())
191                 logger.warn("Exception " + e.getMessage() +
192                             " in ServerInvocationInterceptor");
193             
194             if ( (serverRequiredOptions & 0x40) != 0)
195             {
196                 throw new org.omg.CORBA.NO_PERMISSION JavaDoc("Establish trust in client required, but failed");
197             }
198             return;
199         }
200
201         if( kac.chain == null )
202         {
203             if (logger.isInfoEnabled())
204                 logger.info("Client sent no certificate chain!" );
205             
206             return;
207         }
208                 
209         SecAttribute [] atts =
210             new SecAttribute[]{attrib_mgr.createAttribute(kac, type)} ;
211         
212         current.set_received_credentials( new ReceivedCredentialsImpl( atts ) );
213     }
214
215     public void send_reply( ServerRequestInfo ri )
216     {
217         removeAttribute();
218         current.remove_received_credentials();
219     }
220
221     public void send_exception( ServerRequestInfo ri )
222         throws ForwardRequest
223     {
224         removeAttribute();
225         current.remove_received_credentials();
226     }
227
228     public void send_other( ServerRequestInfo ri )
229         throws ForwardRequest
230     {
231         removeAttribute();
232         current.remove_received_credentials();
233     }
234
235     private void removeAttribute()
236     {
237         ReceivedCredentials creds = current.received_credentials();
238
239         if (creds == null)
240         {
241             return;
242         }
243
244         SecAttribute[] attributes = creds.get_attributes(
245             new AttributeType[]{ type } );
246
247         if (attributes.length != 0)
248         {
249             attrib_mgr.removeAttribute(attributes[0]);
250         }
251     }
252 }
253
Popular Tags