Exemple #1
0
  /**
   * Create a {@code CSIIOP.CompoundSecMechanisms} which is a sequence of {@code CompoundSecMech}.
   * Here we only support one security mechanism.
   *
   * @param metadata the metadata object that contains the CSIv2 security configuration info.
   * @param codec the {@code Codec} used to encode the CSIv2 security component.
   * @param sslPort an {@code int} representing the SSL port.
   * @param orb a reference to the running {@code ORB}.
   * @return the constructed {@code CompoundSecMech} array.
   */
  public static CompoundSecMech[] createCompoundSecMechanisms(
      IORSecurityConfigMetadata metadata, Codec codec, int sslPort, ORB orb) {
    // support just 1 security mechanism for now (and ever).
    CompoundSecMech[] csmList = new CompoundSecMech[1];

    // a CompoundSecMech contains: target_requires, transport_mech, as_context_mech,
    // sas_context_mech.
    TaggedComponent transport_mech =
        createTransportMech(metadata.getTransportConfig(), codec, sslPort, orb);

    // create AS Context.
    AS_ContextSec asContext = createAuthenticationServiceContext(metadata);

    // create SAS Context.
    SAS_ContextSec sasContext = createSecureAttributeServiceContext(metadata);

    // create target_requires bit field (AssociationOption) can't read directly the transport_mech
    // TaggedComponent.
    int target_requires =
        createTargetRequires(metadata.getTransportConfig())
            | asContext.target_requires
            | sasContext.target_requires;

    CompoundSecMech csm =
        new CompoundSecMech((short) target_requires, transport_mech, asContext, sasContext);
    csmList[0] = csm;

    return csmList;
  }
Exemple #2
0
  /**
   * Return a top-level {@code IOP::TaggedComponent} to be stuffed into an IOR, containing an
   * structure {@code SSLIOP::SSL}, tagged as {@code TAG_SSL_SEC_TRANS}.
   *
   * <p>Should be called with non-null metadata, in which case we probably don't want to include
   * security info in the IOR.
   *
   * @param metadata the metadata object that contains the SSL configuration info.
   * @param codec the {@code Codec} used to encode the SSL component.
   * @param sslPort an {@code int} representing the SSL port.
   * @param orb a reference to the running {@code ORB}.
   * @return a {@code TaggedComponent} representing the encoded SSL component.
   */
  public static TaggedComponent createSSLTaggedComponent(
      IORSecurityConfigMetadata metadata, Codec codec, int sslPort, ORB orb) {
    if (metadata == null) {
      log.debugf("createSSLTaggedComponent() called with null metadata");
      return null;
    }

    TaggedComponent tc;
    try {
      int supports = createTargetSupports(metadata.getTransportConfig());
      int requires = createTargetRequires(metadata.getTransportConfig());
      SSL ssl = new SSL((short) supports, (short) requires, (short) sslPort);
      Any any = orb.create_any();
      SSLHelper.insert(any, ssl);
      byte[] componentData = codec.encode_value(any);
      tc = new TaggedComponent(TAG_SSL_SEC_TRANS.value, componentData);
    } catch (InvalidTypeForEncoding e) {
      log.warn("Caught unexcepted exception while encoding SSL component", e);
      throw new RuntimeException(e);
    }
    return tc;
  }