| java.lang.Object org.jboss.iiop.csiv2.CSIv2Util
CSIv2Util | final public class CSIv2Util (Code) | | Helper class
author: Dimitris.Andreadis@jboss.org author: Francisco Reverbel author: Stefan Neusatz Guilhen version: $Revision: 57323 $ |
Method Summary | |
public static AS_ContextSec | createAuthenticationServiceContext(IorSecurityConfigMetaData metadata) Create the client Authentication Service (AS) context
included in a CompoundSecMech definition. | public static CompoundSecMech[] | createCompoundSecMechanisms(IorSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) Create a CSIIOP.CompoundSecMechanisms which is a sequence of
CompoundSecMech. | public static TaggedComponent | createCopy(TaggedComponent tc) | public static byte[] | createGSSExportedName(byte[] oid, byte[] name) Generate an exported name as specified in [RFC 2743], section 3.2
copied below:
3.2: Mechanism-Independent Exported Name Object Format
This section specifies a mechanism-independent level of encapsulating
representation for names exported via the GSS_Export_name() call,
including an object identifier representing the exporting mechanism.
The format of names encapsulated via this representation shall be
defined within individual mechanism drafts. | public static byte[] | createGSSUPMechOID() | public static TaggedComponent | createSSLTaggedComponent(IorSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) Return a top-level IOP::TaggedComponent to be stuffed into an IOR,
containing an structure SSLIOP::SSL, tagged as TAG_SSL_SEC_TRANS. | public static SAS_ContextSec | createSecureAttributeServiceContext(IorSecurityConfigMetaData metadata) | public static TaggedComponent | createSecurityTaggedComponent(IorSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) Return a top-level IOP:TaggedComponent to be stuffed into an IOR,
containing a CSIIOP.CompoundSecMechList, tagged as TAG_CSI_SEC_MECH_LIST. | public static int | createTargetRequires(TransportConfig tc) | public static int | createTargetSupports(TransportConfig tc) | public static TransportAddress[] | createTransportAddress(String host, int port) | public static TaggedComponent | createTransportMech(TransportConfig tconfig, Codec codec, int sslPort, ORB orb) Create a transport mechanism TaggedComponent to be stuffed into a
CompoundSecMech. | public static byte[] | decodeGssExportedName(byte[] encodedName) Decodes a GSS exported name that has been encoded with the GSSUP
mechanism OID. | public static InitialContextToken | decodeInitialContextToken(byte[] encodedToken, Codec codec) Decodes an ASN.1-encoded InitialContextToken. | public static byte[] | encodeGssExportedName(byte[] name) ASN.1-encodes a GSS exported name with the GSSUP mechanism OID. | public static byte[] | encodeInitialContextToken(InitialContextToken authToken, Codec codec) ASN.1-encode an InitialContextToken as defined in RFC 2743, Section 3.1,
"Mechanism-Independent Token Format", pp. | public static CompoundSecMech | getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires) Helper method to be called from a client request interceptor.
The ri parameter refers to the current request.
This method returns the first CompoundSecMech
found in the target IOR such that
- all
CompoundSecMech requirements are satisfied
by the options in the clientSupports parameter,
and
- every requirement in the
clientRequires parameter
is satisfied by the CompoundSecMech .
The method returns null if the target IOR contains no
CompoundSecMech s or if no
matching CompoundSecMech is found. | public static byte[] | gssUpMechOid() Return an ASN.1, DER encoded representation for the GSSUP OID mechanism. | public static void | toString(CompoundSecMech securityMech, StringBuffer buffer) |
createAuthenticationServiceContext | public static AS_ContextSec createAuthenticationServiceContext(IorSecurityConfigMetaData metadata)(Code) | | Create the client Authentication Service (AS) context
included in a CompoundSecMech definition.
|
createCompoundSecMechanisms | public static CompoundSecMech[] createCompoundSecMechanisms(IorSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb)(Code) | | Create a CSIIOP.CompoundSecMechanisms which is a sequence of
CompoundSecMech. Here we only support one security mechanism.
|
createCopy | public static TaggedComponent createCopy(TaggedComponent tc)(Code) | | Make a deep copy of an IOP:TaggedComponent
|
createGSSExportedName | public static byte[] createGSSExportedName(byte[] oid, byte[] name)(Code) | | Generate an exported name as specified in [RFC 2743], section 3.2
copied below:
3.2: Mechanism-Independent Exported Name Object Format
This section specifies a mechanism-independent level of encapsulating
representation for names exported via the GSS_Export_name() call,
including an object identifier representing the exporting mechanism.
The format of names encapsulated via this representation shall be
defined within individual mechanism drafts. The Object Identifier
value to indicate names of this type is defined in Section 4.7 of
this document.
No name type OID is included in this mechanism-independent level of
format definition, since (depending on individual mechanism
specifications) the enclosed name may be implicitly typed or may be
explicitly typed using a means other than OID encoding.
The bytes within MECH_OID_LEN and NAME_LEN elements are represented
most significant byte first (equivalently, in IP network byte order).
Length Name Description
2 TOK_ID Token Identifier
For exported name objects, this
must be hex 04 01.
2 MECH_OID_LEN Length of the Mechanism OID
MECH_OID_LEN MECH_OID Mechanism OID, in DER
4 NAME_LEN Length of name
NAME_LEN NAME Exported name; format defined in
applicable mechanism draft.
A concrete example of the contents of an exported name object,
derived from the Kerberos Version 5 mechanism, is as follows:
04 01 00 0B 06 09 2A 86 48 86 F7 12 01 02 02 hx xx xx xl pp qq ... zz
...
Parameters: oid - the DER encoded OID Parameters: name - the name to be converted to GSSExportedName |
createGSSUPMechOID | public static byte[] createGSSUPMechOID()(Code) | | Create an ASN.1, DER encoded representation for
the GSSUP OID mechanism
|
createSSLTaggedComponent | public static TaggedComponent createSSLTaggedComponent(IorSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb)(Code) | | Return a top-level IOP::TaggedComponent to be stuffed into an IOR,
containing an structure SSLIOP::SSL, tagged as TAG_SSL_SEC_TRANS.
Should be called with non-null metadata, in which case we probably
don't want to include security info in the IOR.
|
createSecureAttributeServiceContext | public static SAS_ContextSec createSecureAttributeServiceContext(IorSecurityConfigMetaData metadata)(Code) | | Create the Secure Attribute Service (SAS) context
included in a CompoundSecMech definition
|
createSecurityTaggedComponent | public static TaggedComponent createSecurityTaggedComponent(IorSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb)(Code) | | Return a top-level IOP:TaggedComponent to be stuffed into an IOR,
containing a CSIIOP.CompoundSecMechList, tagged as TAG_CSI_SEC_MECH_LIST.
Only one such component can exist inside an IOR.
Should be called with non-null metadata, in which case we probably
don't want to include security info in the IOR.
|
createTargetRequires | public static int createTargetRequires(TransportConfig tc)(Code) | | Create the AssociationOption for CompoundSecMech - target_requires
|
createTargetSupports | public static int createTargetSupports(TransportConfig tc)(Code) | | Create bitmask of what the target supports
|
createTransportAddress | public static TransportAddress[] createTransportAddress(String host, int port)(Code) | | Create a TransportAddress[] with a single TransportAddress
|
createTransportMech | public static TaggedComponent createTransportMech(TransportConfig tconfig, Codec codec, int sslPort, ORB orb)(Code) | | Create a transport mechanism TaggedComponent to be stuffed into a
CompoundSecMech.
If no TransportConfig metadata is specified, or ssl port is negative,
or the specified metadata indicates that transport config is not supported,
then a TAG_NULL_TAG (empty) TaggedComponent will be returned.
Otherwise a CSIIOP.TLS_SEC_TRANS, tagged as TAG_TLS_SEC_TRANS will
be returned, indicating support for TLS/SSL as a CSIv2 transport
mechanism.
Multiple TransportAddress may be included in the SSL info
(host/port pairs), but we only include one.
|
decodeGssExportedName | public static byte[] decodeGssExportedName(byte[] encodedName)(Code) | | Decodes a GSS exported name that has been encoded with the GSSUP
mechanism OID. See createGSSExportedName for a description of the
encoding format.
|
decodeInitialContextToken | public static InitialContextToken decodeInitialContextToken(byte[] encodedToken, Codec codec)(Code) | | Decodes an ASN.1-encoded InitialContextToken.
See encodeInitialContextToken for a description of the encoded token
format.
|
encodeGssExportedName | public static byte[] encodeGssExportedName(byte[] name)(Code) | | ASN.1-encodes a GSS exported name with the GSSUP mechanism OID.
See createGSSExportedName for a description of the encoding format.
|
encodeInitialContextToken | public static byte[] encodeInitialContextToken(InitialContextToken authToken, Codec codec)(Code) | | ASN.1-encode an InitialContextToken as defined in RFC 2743, Section 3.1,
"Mechanism-Independent Token Format", pp. 81-82. The encoded token
contains the ASN.1 tag 0x60, followed by a token length (which is itself
stored in a variable-lenght format and takes 1 to 5 bytes), the GSSUP
mechanism identifier, and a mechanism-specific token, which in this
case is a CDR encapsulation of the GSSUP InitialContextToken in the
authToken parameter.
|
getMatchingSecurityMech | public static CompoundSecMech getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires)(Code) | | Helper method to be called from a client request interceptor.
The ri parameter refers to the current request.
This method returns the first CompoundSecMech
found in the target IOR such that
- all
CompoundSecMech requirements are satisfied
by the options in the clientSupports parameter,
and
- every requirement in the
clientRequires parameter
is satisfied by the CompoundSecMech .
The method returns null if the target IOR contains no
CompoundSecMech s or if no
matching CompoundSecMech is found.
Since this method is intended to be called from a client request
interceptor, it converts unexpected exceptions into MARSHAL
exceptions.
|
gssUpMechOid | public static byte[] gssUpMechOid()(Code) | | Return an ASN.1, DER encoded representation for the GSSUP OID mechanism.
|
toString | public static void toString(CompoundSecMech securityMech, StringBuffer buffer)(Code) | | Generate a string representation of the CompoundSecMech
Parameters: securityMech - - the CompoundSecMech to create the string for Parameters: buffer - - the buffer to write to |
|
|