/**
* Return a top-level {@code IOP:TaggedComponent} to be stuffed into an IOR, containing a {@code
* CSIIOP}. {@code CompoundSecMechList}, tagged as {@code TAG_CSI_SEC_MECH_LIST}. Only one such
* component can exist inside an IOR.
*
* <p>Should be called with non-null metadata, in which case we probably don't want to include
* security info in the IOR.
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @param codec the {@code Codec} used to encode the CSIv2 security component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return a {@code TaggedComponent} representing the encoded CSIv2 security component.
*/
public static TaggedComponent createSecurityTaggedComponent(
IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) {
if (metadata == null) {
JacORBLogger.ROOT_LOGGER.createSecurityTaggedComponentWithNullMetaData();
return null;
}
TaggedComponent tc;
// get the the supported security mechanisms.
CompoundSecMech[] mechList = createCompoundSecMechanisms(metadata, codec, sslPort, orb);
// the above is wrapped into a CSIIOP.CompoundSecMechList structure, which is NOT a
// CompoundSecMech[].
// we don't support stateful/reusable security contexts (false).
CompoundSecMechList csmList = new CompoundSecMechList(false, mechList);
// finally, the CompoundSecMechList must be encoded as a TaggedComponent
try {
Any any = orb.create_any();
CompoundSecMechListHelper.insert(any, csmList);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_CSI_SEC_MECH_LIST.value, b);
} catch (InvalidTypeForEncoding e) {
throw JacORBLogger.ROOT_LOGGER.unexpectedException(e);
}
return tc;
}
/**
* Return a top-level {@code IOP:TaggedComponent} to be stuffed into an IOR, containing a {@code
* CSIIOP}. {@code CompoundSecMechList}, tagged as {@code TAG_CSI_SEC_MECH_LIST}. Only one such
* component can exist inside an IOR.
*
* <p>Should be called with non-null metadata, in which case we probably don't want to include
* security info in the IOR.
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @param codec the {@code Codec} used to encode the CSIv2 security component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return a {@code TaggedComponent} representing the encoded CSIv2 security component.
*/
public static TaggedComponent createSecurityTaggedComponent(
IORSecurityConfigMetadata metadata, Codec codec, int sslPort, ORB orb) {
if (metadata == null) {
log.debugf("createSecurityTaggedComponent() called with null metadata");
return null;
}
TaggedComponent tc;
// get the the supported security mechanisms.
CompoundSecMech[] mechList = createCompoundSecMechanisms(metadata, codec, sslPort, orb);
// the above is wrapped into a CSIIOP.CompoundSecMechList structure, which is NOT a
// CompoundSecMech[].
// we don't support stateful/reusable security contexts (false).
CompoundSecMechList csmList = new CompoundSecMechList(false, mechList);
// finally, the CompoundSecMechList must be encoded as a TaggedComponent
try {
Any any = orb.create_any();
CompoundSecMechListHelper.insert(any, csmList);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_CSI_SEC_MECH_LIST.value, b);
} catch (InvalidTypeForEncoding e) {
log.warn("Caught unexcepted exception while encoding CompoundSecMechList", e);
throw new RuntimeException(e);
}
return tc;
}
/**
* ASN.1-encode an {@code InitialContextToken} as defined in RFC 2743, Section 3.1,
* "Mechanism-Independent Token Format", pp. 81-82. The encoded token contains the ASN.1 tag 0x60,
* followed by a token length (which is itself stored in a variable-length format and takes 1 to 5
* bytes), the GSSUP mechanism identifier, and a mechanism-specific token, which in this case is a
* CDR encapsulation of the GSSUP {@code InitialContextToken} in the {@code authToken} parameter.
*
* @param authToken the {@code InitialContextToken} to be encoded.
* @param codec the {@code Codec} used to encode the token.
* @return a {@code byte[]} representing the encoded token.
*/
public static byte[] encodeInitialContextToken(InitialContextToken authToken, Codec codec) {
byte[] out;
Any any = ORB.init().create_any();
InitialContextTokenHelper.insert(any, authToken);
try {
out = codec.encode_value(any);
} catch (Exception e) {
return new byte[0];
}
int length = out.length + gssUpMechOidArray.length;
int n;
if (length < (1 << 7)) {
n = 0;
} else if (length < (1 << 8)) {
n = 1;
} else if (length < (1 << 16)) {
n = 2;
} else if (length < (1 << 24)) {
n = 3;
} else { // if (length < (1 << 32))
n = 4;
}
byte[] encodedToken = new byte[2 + n + length];
encodedToken[0] = 0x60;
if (n == 0) {
encodedToken[1] = (byte) length;
} else {
encodedToken[1] = (byte) (n | 0x80);
switch (n) {
case 1:
encodedToken[2] = (byte) length;
break;
case 2:
encodedToken[2] = (byte) (length >> 8);
encodedToken[3] = (byte) length;
break;
case 3:
encodedToken[2] = (byte) (length >> 16);
encodedToken[3] = (byte) (length >> 8);
encodedToken[4] = (byte) length;
break;
default: // case 4:
encodedToken[2] = (byte) (length >> 24);
encodedToken[3] = (byte) (length >> 16);
encodedToken[4] = (byte) (length >> 8);
encodedToken[5] = (byte) length;
}
}
System.arraycopy(gssUpMechOidArray, 0, encodedToken, 2 + n, gssUpMechOidArray.length);
System.arraycopy(out, 0, encodedToken, 2 + n + gssUpMechOidArray.length, out.length);
return encodedToken;
}
/**
* Create a transport mechanism {@code TaggedComponent} to be stuffed into a {@code
* CompoundSecMech}.
*
* <p>If no {@code TransportConfig} metadata is specified, or ssl port is negative, or the
* specified metadata indicates that transport config is not supported, then a {@code
* TAG_NULL_TAG} (empty) {@code TaggedComponent} will be returned.
*
* <p>Otherwise a {@code CSIIOP.TLS_SEC_TRANS}, tagged as {@code TAG_TLS_SEC_TRANS} will be
* returned, indicating support for TLS/SSL as a CSIv2 transport mechanism.
*
* <p>Multiple {@code TransportAddress} may be included in the SSL info (host/port pairs), but we
* only include one.
*
* @param tconfig the transport configuration metadata.
* @param codec the {@code Codec} used to encode the transport configuration.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code TaggedComponent}.
*/
public static TaggedComponent createTransportMech(
TransportConfig tconfig, Codec codec, int sslPort, ORB orb) {
TaggedComponent tc;
// what we support and require as a target.
int support = 0;
int require = 0;
if (tconfig != null) {
require = createTargetRequires(tconfig);
support = createTargetSupports(tconfig);
}
if (tconfig == null || support == 0 || sslPort < 0) {
// no support for transport security.
tc = new TaggedComponent(TAG_NULL_TAG.value, new byte[0]);
} else {
// my ip address.
String host;
try {
host = InetAddress.getLocalHost().getHostAddress();
} catch (java.net.UnknownHostException e) {
host = "127.0.0.1";
}
// this will create only one transport address.
TransportAddress[] taList = createTransportAddress(host, sslPort);
TLS_SEC_TRANS tst = new TLS_SEC_TRANS((short) support, (short) require, taList);
// The tricky part, we must encode TLS_SEC_TRANS into an octet sequence.
try {
Any any = orb.create_any();
TLS_SEC_TRANSHelper.insert(any, tst);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_TLS_SEC_TRANS.value, b);
} catch (InvalidTypeForEncoding e) {
log.warn("Caught unexcepted exception while encoding TLS_SEC_TRANS", e);
throw new RuntimeException(e);
}
}
return tc;
}
/**
* Return a top-level {@code IOP::TaggedComponent} to be stuffed into an IOR, containing a
* structure {@code SSLIOP::SSL}, tagged as {@code TAG_SSL_SEC_TRANS}.
*
* <p>Should be called with non-null metadata, in which case we probably don't want to include
* security info in the IOR.
*
* @param metadata the metadata object that contains the SSL configuration info.
* @param codec the {@code Codec} used to encode the SSL component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return a {@code TaggedComponent} representing the encoded SSL component.
*/
public static TaggedComponent createSSLTaggedComponent(
IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) {
if (metadata == null) {
JacORBLogger.ROOT_LOGGER.createSSLTaggedComponentWithNullMetaData();
return null;
}
TaggedComponent tc;
try {
int supports = createTargetSupports(metadata.getTransportConfig());
int requires = createTargetRequires(metadata.getTransportConfig());
SSL ssl = new SSL((short) supports, (short) requires, (short) sslPort);
Any any = orb.create_any();
SSLHelper.insert(any, ssl);
byte[] componentData = codec.encode_value(any);
tc = new TaggedComponent(TAG_SSL_SEC_TRANS.value, componentData);
} catch (InvalidTypeForEncoding e) {
throw JacORBLogger.ROOT_LOGGER.unexpectedException(e);
}
return tc;
}
/**
* Return a top-level {@code IOP::TaggedComponent} to be stuffed into an IOR, containing an
* structure {@code SSLIOP::SSL}, tagged as {@code TAG_SSL_SEC_TRANS}.
*
* <p>Should be called with non-null metadata, in which case we probably don't want to include
* security info in the IOR.
*
* @param metadata the metadata object that contains the SSL configuration info.
* @param codec the {@code Codec} used to encode the SSL component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return a {@code TaggedComponent} representing the encoded SSL component.
*/
public static TaggedComponent createSSLTaggedComponent(
IORSecurityConfigMetadata metadata, Codec codec, int sslPort, ORB orb) {
if (metadata == null) {
log.debugf("createSSLTaggedComponent() called with null metadata");
return null;
}
TaggedComponent tc;
try {
int supports = createTargetSupports(metadata.getTransportConfig());
int requires = createTargetRequires(metadata.getTransportConfig());
SSL ssl = new SSL((short) supports, (short) requires, (short) sslPort);
Any any = orb.create_any();
SSLHelper.insert(any, ssl);
byte[] componentData = codec.encode_value(any);
tc = new TaggedComponent(TAG_SSL_SEC_TRANS.value, componentData);
} catch (InvalidTypeForEncoding e) {
log.warn("Caught unexcepted exception while encoding SSL component", e);
throw new RuntimeException(e);
}
return tc;
}
/**
* Create a transport mechanism {@code TaggedComponent} to be stuffed into a {@code
* CompoundSecMech}.
*
* <p>If no {@code TransportConfig} metadata is specified, or ssl port is negative, or the
* specified metadata indicates that transport config is not supported, then a {@code
* TAG_NULL_TAG} (empty) {@code TaggedComponent} will be returned.
*
* <p>Otherwise a {@code CSIIOP.TLS_SEC_TRANS}, tagged as {@code TAG_TLS_SEC_TRANS} will be
* returned, indicating support for TLS/SSL as a CSIv2 transport mechanism.
*
* <p>Multiple {@code TransportAddress} may be included in the SSL info (host/port pairs), but we
* only include one.
*
* @param tconfig the transport configuration metadata.
* @param codec the {@code Codec} used to encode the transport configuration.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code TaggedComponent}.
*/
public static TaggedComponent createTransportMech(
IORTransportConfigMetaData tconfig, Codec codec, int sslPort, ORB orb) {
TaggedComponent tc;
// what we support and require as a target.
int support = 0;
int require = 0;
if (tconfig != null) {
require = createTargetRequires(tconfig);
support = createTargetSupports(tconfig);
}
if (tconfig == null || support == 0 || sslPort < 0) {
// no support for transport security.
tc = new TaggedComponent(TAG_NULL_TAG.value, new byte[0]);
} else {
// my ip address.
String host = CorbaORBService.getORBProperty(JacORBSubsystemConstants.ORB_ADDRESS);
// this will create only one transport address.
TransportAddress[] taList = createTransportAddress(host, sslPort);
TLS_SEC_TRANS tst = new TLS_SEC_TRANS((short) support, (short) require, taList);
// The tricky part, we must encode TLS_SEC_TRANS into an octet sequence.
try {
Any any = orb.create_any();
TLS_SEC_TRANSHelper.insert(any, tst);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_TLS_SEC_TRANS.value, b);
} catch (InvalidTypeForEncoding e) {
throw JacORBLogger.ROOT_LOGGER.unexpectedException(e);
}
}
return tc;
}
