/**
* Create a transport mechanism {@code TaggedComponent} to be stuffed into a {@code
* CompoundSecMech}.
*
* <p>If no {@code TransportConfig} metadata is specified, or ssl port is negative, or the
* specified metadata indicates that transport config is not supported, then a {@code
* TAG_NULL_TAG} (empty) {@code TaggedComponent} will be returned.
*
* <p>Otherwise a {@code CSIIOP.TLS_SEC_TRANS}, tagged as {@code TAG_TLS_SEC_TRANS} will be
* returned, indicating support for TLS/SSL as a CSIv2 transport mechanism.
*
* <p>Multiple {@code TransportAddress} may be included in the SSL info (host/port pairs), but we
* only include one.
*
* @param tconfig the transport configuration metadata.
* @param codec the {@code Codec} used to encode the transport configuration.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code TaggedComponent}.
*/
public static TaggedComponent createTransportMech(
TransportConfig tconfig, Codec codec, int sslPort, ORB orb) {
TaggedComponent tc;
// what we support and require as a target.
int support = 0;
int require = 0;
if (tconfig != null) {
require = createTargetRequires(tconfig);
support = createTargetSupports(tconfig);
}
if (tconfig == null || support == 0 || sslPort < 0) {
// no support for transport security.
tc = new TaggedComponent(TAG_NULL_TAG.value, new byte[0]);
} else {
// my ip address.
String host;
try {
host = InetAddress.getLocalHost().getHostAddress();
} catch (java.net.UnknownHostException e) {
host = "127.0.0.1";
}
// this will create only one transport address.
TransportAddress[] taList = createTransportAddress(host, sslPort);
TLS_SEC_TRANS tst = new TLS_SEC_TRANS((short) support, (short) require, taList);
// The tricky part, we must encode TLS_SEC_TRANS into an octet sequence.
try {
Any any = orb.create_any();
TLS_SEC_TRANSHelper.insert(any, tst);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_TLS_SEC_TRANS.value, b);
} catch (InvalidTypeForEncoding e) {
log.warn("Caught unexcepted exception while encoding TLS_SEC_TRANS", e);
throw new RuntimeException(e);
}
}
return tc;
}
private static void printTlsSecTrans(byte[] tagData, PrintWriter out) {
CDRInputStream in = new CDRInputStream(tagData);
try {
in.openEncapsulatedArray();
TLS_SEC_TRANS tls = TLS_SEC_TRANSHelper.read(in);
out.println("\t\t\tTLS SEC TRANS target requires: " + tls.target_requires);
out.println("\t\t\tTLS SEC TRANS target supports: " + tls.target_supports);
for (int i = 0; i < tls.addresses.length; i++) {
int ssl_port = tls.addresses[i].port;
if (ssl_port < 0) {
ssl_port += 65536;
}
out.println("\t\t\tTLS SEC TRANS address: " + tls.addresses[i].host_name + ":" + ssl_port);
}
} catch (Exception ex) {
out.print("\t\t\tTLS SEC TRANS: ");
dumpHex(tagData, out);
out.println();
}
}
/**
* Create a transport mechanism {@code TaggedComponent} to be stuffed into a {@code
* CompoundSecMech}.
*
* <p>If no {@code TransportConfig} metadata is specified, or ssl port is negative, or the
* specified metadata indicates that transport config is not supported, then a {@code
* TAG_NULL_TAG} (empty) {@code TaggedComponent} will be returned.
*
* <p>Otherwise a {@code CSIIOP.TLS_SEC_TRANS}, tagged as {@code TAG_TLS_SEC_TRANS} will be
* returned, indicating support for TLS/SSL as a CSIv2 transport mechanism.
*
* <p>Multiple {@code TransportAddress} may be included in the SSL info (host/port pairs), but we
* only include one.
*
* @param tconfig the transport configuration metadata.
* @param codec the {@code Codec} used to encode the transport configuration.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code TaggedComponent}.
*/
public static TaggedComponent createTransportMech(
IORTransportConfigMetaData tconfig, Codec codec, int sslPort, ORB orb) {
TaggedComponent tc;
// what we support and require as a target.
int support = 0;
int require = 0;
if (tconfig != null) {
require = createTargetRequires(tconfig);
support = createTargetSupports(tconfig);
}
if (tconfig == null || support == 0 || sslPort < 0) {
// no support for transport security.
tc = new TaggedComponent(TAG_NULL_TAG.value, new byte[0]);
} else {
// my ip address.
String host = CorbaORBService.getORBProperty(JacORBSubsystemConstants.ORB_ADDRESS);
// this will create only one transport address.
TransportAddress[] taList = createTransportAddress(host, sslPort);
TLS_SEC_TRANS tst = new TLS_SEC_TRANS((short) support, (short) require, taList);
// The tricky part, we must encode TLS_SEC_TRANS into an octet sequence.
try {
Any any = orb.create_any();
TLS_SEC_TRANSHelper.insert(any, tst);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_TLS_SEC_TRANS.value, b);
} catch (InvalidTypeForEncoding e) {
throw JacORBLogger.ROOT_LOGGER.unexpectedException(e);
}
}
return tc;
}