|
1 package org.jacorb.security.ssl.sun_jsse;
2
3
22
23 import java.io.*;
24 import java.util.*;
25 import java.security.cert.*;
26
27 import org.apache.avalon.framework.configuration.*;
28 import org.apache.avalon.framework.logger.Logger;
29
30 import org.omg.SecurityReplaceable.*;
31 import org.omg.Security.*;
32 import org.omg.SecurityLevel2.ReceivedCredentials;
33
34 import org.omg.PortableInterceptor.*;
35 import org.omg.CORBA.ORBPackage.*;
36 import org.omg.CORBA.Any  ;
37
38 import org.jacorb.orb.portableInterceptor.ServerRequestInfoImpl;
39 import org.jacorb.security.level2.*;
40 import org.jacorb.orb.dsi.ServerRequest;
41 import org.jacorb.orb.iiop.*;
42 import org.jacorb.orb.giop.*;
43
44
45 import javax.net.ssl.SSLSocket;
46
47
53
54 public class ServerInvocationInterceptor
55 extends org.omg.CORBA.LocalObject
56 implements ServerRequestInterceptor, Configurable
57 {
58 public static final String DEFAULT_NAME = "ServerInvocationInterceptor";
59
60 private String name = null;
61
62 private org.jacorb.security.level2.CurrentImpl current = null;
63 private SecAttributeManager attrib_mgr = null;
64 private AttributeType type = null;
65
66 private HashMap sessionCredentials = new HashMap();
67
68 private Logger logger;
69 private short serverSupportedOptions = 0;
70 private short serverRequiredOptions = 0;
71
72 public ServerInvocationInterceptor(org.omg.SecurityLevel2.Current current,
73 org.jacorb.orb.ORB orb)
74 throws ConfigurationException
75 {
76 this.current = (CurrentImpl) current;
77 this.name = DEFAULT_NAME;
78 attrib_mgr = SecAttributeManager.getInstance();
79
80 type =
81 new AttributeType( new ExtensibleFamily( (short)0, (short)1 ), AccessId.value );
82 configure(orb.getConfiguration());
83 }
84
85
86 public void configure(Configuration configuration)
87 throws ConfigurationException
88 {
89 logger =
90 ((org.jacorb.config.Configuration)configuration).getNamedLogger("jacorb.security.ssl.interceptor");
91
92 serverSupportedOptions =
93 Short.parseShort(
94 configuration.getAttribute("jacorb.security.ssl.server.supported_options","20"),
95 16);
97 serverRequiredOptions =
98 Short.parseShort(
99 configuration.getAttribute("jacorb.security.ssl.server.required_options","0"),
100 16);
101 }
102
103
104 public String name()
105 {
106 return name;
107 }
108
109 public void destroy()
110 {
111 }
112
113 public void receive_request( ServerRequestInfo ri )
114 throws ForwardRequest
115 {
116 }
117
118
119 public void receive_request_service_contexts( ServerRequestInfo ri )
120 throws ForwardRequest
121 {
122 ServerRequest request = ((ServerRequestInfoImpl) ri).request;
123 GIOPConnection connection = request.getConnection();
124
125 if (connection == null)
127 {
128 if (logger.isErrorEnabled())
129 logger.error("target has no connection!");
130 return;
131 }
132
133 if( !connection.isSSL() )
134 {
135 return;
136 }
137
138 ServerIIOPConnection transport =
139 (ServerIIOPConnection)connection.getTransport();
140
141 SSLSocket sslSocket = (SSLSocket)transport.getSocket();
142
143 javax.net.ssl.SSLSession session = sslSocket.getSession();
144
145 if (sessionCredentials.containsKey(session))
146 {
147 ReceivedCredentialsImpl sessionRcvCredentials =
148 (ReceivedCredentialsImpl)sessionCredentials.get(session);
149 current.set_received_credentials(sessionRcvCredentials);
150 if (logger.isDebugEnabled())
151 logger.info("Reusing SSL session credentials." );
152 return;
153 }
154
155 CertificateFactory certificateFactory = null;
156
157 try
158 {
159 certificateFactory = CertificateFactory.getInstance("X.509");
160 }
161 catch( Exception e )
162 {
163 if (logger.isWarnEnabled())
164 {
165 logger.warn(e.getMessage());
166 }
167 }
168
169 KeyAndCert kac = null;
170
171 try
172 {
173 javax.security.cert.X509Certificate[] certs =
174 sslSocket.getSession().getPeerCertificateChain();
175
176 int size = certs.length;
177 java.security.cert.X509Certificate [] newCerts =
178 new java.security.cert.X509Certificate [size];
179
180 for( int i = size - 1; 0 <= i; i-- )
181 {
182 newCerts[i] = (java.security.cert.X509Certificate )
183 certificateFactory.generateCertificate( new ByteArrayInputStream( certs[i].getEncoded()));
184 }
185
186 kac = new KeyAndCert( null, newCerts );
187 }
188 catch( Exception e )
189 {
190 if (logger.isWarnEnabled())
191 logger.warn("Exception " + e.getMessage() +
192 " in ServerInvocationInterceptor");
193
194 if ( (serverRequiredOptions & 0x40) != 0)
195 {
196 throw new org.omg.CORBA.NO_PERMISSION ("Establish trust in client required, but failed");
197 }
198 return;
199 }
200
201 if( kac.chain == null )
202 {
203 if (logger.isInfoEnabled())
204 logger.info("Client sent no certificate chain!" );
205
206 return;
207 }
208
209 SecAttribute [] atts =
210 new SecAttribute[]{attrib_mgr.createAttribute(kac, type)} ;
211
212 current.set_received_credentials( new ReceivedCredentialsImpl( atts ) );
213 }
214
215 public void send_reply( ServerRequestInfo ri )
216 {
217 removeAttribute();
218 current.remove_received_credentials();
219 }
220
221 public void send_exception( ServerRequestInfo ri )
222 throws ForwardRequest
223 {
224 removeAttribute();
225 current.remove_received_credentials();
226 }
227
228 public void send_other( ServerRequestInfo ri )
229 throws ForwardRequest
230 {
231 removeAttribute();
232 current.remove_received_credentials();
233 }
234
235 private void removeAttribute()
236 {
237 ReceivedCredentials creds = current.received_credentials();
238
239 if (creds == null)
240 {
241 return;
242 }
243
244 SecAttribute[] attributes = creds.get_attributes(
245 new AttributeType[]{ type } );
246
247 if (attributes.length != 0)
248 {
249 attrib_mgr.removeAttribute(attributes[0]);
250 }
251 }
252 }
253 |
Popular Tags |
Java API By Example, From Geeks To Geeks.