/**
* Create a {@code CSIIOP.CompoundSecMechanisms} which is a sequence of {@code CompoundSecMech}.
* Here we only support one security mechanism.
*
* @param metadata the metadata object that contains the CSIv2 security configuration info.
* @param codec the {@code Codec} used to encode the CSIv2 security component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code CompoundSecMech} array.
*/
public static CompoundSecMech[] createCompoundSecMechanisms(
IORSecurityConfigMetadata metadata, Codec codec, int sslPort, ORB orb) {
// support just 1 security mechanism for now (and ever).
CompoundSecMech[] csmList = new CompoundSecMech[1];
// a CompoundSecMech contains: target_requires, transport_mech, as_context_mech,
// sas_context_mech.
TaggedComponent transport_mech =
createTransportMech(metadata.getTransportConfig(), codec, sslPort, orb);
// create AS Context.
AS_ContextSec asContext = createAuthenticationServiceContext(metadata);
// create SAS Context.
SAS_ContextSec sasContext = createSecureAttributeServiceContext(metadata);
// create target_requires bit field (AssociationOption) can't read directly the transport_mech
// TaggedComponent.
int target_requires =
createTargetRequires(metadata.getTransportConfig())
| asContext.target_requires
| sasContext.target_requires;
CompoundSecMech csm =
new CompoundSecMech((short) target_requires, transport_mech, asContext, sasContext);
csmList[0] = csm;
return csmList;
}
/**
* Return a top-level {@code IOP::TaggedComponent} to be stuffed into an IOR, containing an
* structure {@code SSLIOP::SSL}, tagged as {@code TAG_SSL_SEC_TRANS}.
*
* <p>Should be called with non-null metadata, in which case we probably don't want to include
* security info in the IOR.
*
* @param metadata the metadata object that contains the SSL configuration info.
* @param codec the {@code Codec} used to encode the SSL component.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return a {@code TaggedComponent} representing the encoded SSL component.
*/
public static TaggedComponent createSSLTaggedComponent(
IORSecurityConfigMetadata metadata, Codec codec, int sslPort, ORB orb) {
if (metadata == null) {
log.debugf("createSSLTaggedComponent() called with null metadata");
return null;
}
TaggedComponent tc;
try {
int supports = createTargetSupports(metadata.getTransportConfig());
int requires = createTargetRequires(metadata.getTransportConfig());
SSL ssl = new SSL((short) supports, (short) requires, (short) sslPort);
Any any = orb.create_any();
SSLHelper.insert(any, ssl);
byte[] componentData = codec.encode_value(any);
tc = new TaggedComponent(TAG_SSL_SEC_TRANS.value, componentData);
} catch (InvalidTypeForEncoding e) {
log.warn("Caught unexcepted exception while encoding SSL component", e);
throw new RuntimeException(e);
}
return tc;
}