001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.metadata;
023:
024: import java.io.Serializable;
025:
026: import org.jboss.deployment.DeploymentException;
027: import org.w3c.dom.Element;
028:
029: /**
030: * Describes the security configuration information for the IOR.
031: *
032: * @author <a href="mailto:alex@jboss.org">Alexey Loubyansky</a>
033: * @author <a href="mailto:dimitris@jboss.org">Dimitris Andreadis</a>
034: * @version <tt>$Revision: 57209 $</tt>
035: */
036: public class IorSecurityConfigMetaData implements Serializable {
037: /** @since 1.7 */
038: private static final long serialVersionUID = -3341898910508715334L;
039:
040: /**
041: * The root element for security between the end points.
042: * Optional element.
043: */
044: private TransportConfig transportConfig;
045:
046: /**
047: * as-context (CSIv2 authentication service) is the element describing the authentication
048: * mechanism that will be used to authenticate the client. If specified it will be the
049: * username-password mechanism.
050: * Optional element.
051: */
052: private AsContext asContext;
053:
054: /**
055: * sas-context (related to CSIv2 security attribute service) element describes the sas-context fields.
056: */
057: private SasContext sasContext;
058:
059: /** Create a default security configuration.
060: * TransportConfig[integrity=supported, confidentiality=supported,
061: * establish-trust-in-target=supported,establish-trust-in-client=supported,
062: * detect-misordering=supported, detect-replay=supported]
063: * AsContext[auth-method=USERNAME_PASSWORD, realm=default, required=false]
064: * SasContext[caller-propagation=NONE]
065: */
066: public IorSecurityConfigMetaData() {
067: transportConfig = new TransportConfig();
068: asContext = new AsContext();
069: sasContext = new SasContext();
070: }
071:
072: /**
073: * @param element ior-security-config element.
074: */
075: public IorSecurityConfigMetaData(Element element)
076: throws DeploymentException {
077: Element child = MetaData.getOptionalChild(element,
078: "transport-config");
079: if (child != null) {
080: transportConfig = new TransportConfig(child);
081: }
082:
083: child = MetaData.getOptionalChild(element, "as-context");
084: if (child != null) {
085: asContext = new AsContext(child);
086: }
087:
088: child = MetaData.getOptionalChild(element, "sas-context");
089: if (child != null) {
090: sasContext = new SasContext(child);
091: }
092: }
093:
094: public TransportConfig getTransportConfig() {
095: return transportConfig;
096: }
097:
098: public void setTransportConfig(TransportConfig config) {
099: this .transportConfig = config;
100: }
101:
102: public AsContext getAsContext() {
103: return asContext;
104: }
105:
106: public void setAsContext(AsContext context) {
107: this .asContext = context;
108: }
109:
110: public SasContext getSasContext() {
111: return sasContext;
112: }
113:
114: public void setSasContext(SasContext context) {
115: this .sasContext = context;
116: }
117:
118: public String toString() {
119: return "[transport-config=" + transportConfig + ", as-context="
120: + asContext + ", sas-context=" + sasContext + "]";
121: }
122:
123: // Inner
124:
125: /**
126: * The root element for security between the end points
127: */
128: public class TransportConfig {
129: public static final String INTEGRITY_NONE = "NONE";
130: public static final String INTEGRITY_SUPPORTED = "SUPPORTED";
131: public static final String INTEGRITY_REQUIRED = "REQUIRED";
132:
133: public static final String CONFIDENTIALITY_NONE = "NONE";
134: public static final String CONFIDENTIALITY_SUPPORTED = "SUPPORTED";
135: public static final String CONFIDENTIALITY_REQUIRED = "REQUIRED";
136:
137: public static final String DETECT_MISORDERING_NONE = "NONE";
138: public static final String DETECT_MISORDERING_SUPPORTED = "SUPPORTED";
139: public static final String DETECT_MISORDERING_REQUIRED = "REQUIRED";
140:
141: public static final String DETECT_REPLAY_NONE = "NONE";
142: public static final String DETECT_REPLAY_SUPPORTED = "SUPPORTED";
143: public static final String DETECT_REPLAY_REQUIRED = "REQUIRED";
144:
145: public static final String ESTABLISH_TRUST_IN_TARGET_NONE = "NONE";
146: public static final String ESTABLISH_TRUST_IN_TARGET_SUPPORTED = "SUPPORTED";
147:
148: public static final String ESTABLISH_TRUST_IN_CLIENT_NONE = "NONE";
149: public static final String ESTABLISH_TRUST_IN_CLIENT_SUPPORTED = "SUPPORTED";
150: public static final String ESTABLISH_TRUST_IN_CLIENT_REQUIRED = "REQUIRED";
151:
152: /**
153: * integrity element indicates if the server (target) supports integrity protected messages.
154: * The valid values are NONE, SUPPORTED or REQUIRED.
155: * Required element.
156: */
157: private final String integrity;
158:
159: /**
160: * confidentiality element indicates if the server (target) supports privacy protected
161: * messages. The values are NONE, SUPPORTED or REQUIRED.
162: * Required element.
163: */
164: private final String confidentiality;
165:
166: /**
167: * detect-misordering indicates if the server (target) supports detection
168: * of message sequence errors. The values are NONE, SUPPORTED or REQUIRED.
169: * Optional element.
170: */
171: private final String detectMisordering;
172:
173: /**
174: * detect-replay indicates if the server (target) supports detection
175: * of message replay attempts. The values are NONE, SUPPORTED or REQUIRED.
176: * Optional element.
177: */
178: private final String detectReplay;
179:
180: /**
181: * establish-trust-in-target element indicates if the target is capable of authenticating to a client.
182: * The values are NONE or SUPPORTED.
183: * Required element.
184: */
185: private final String establishTrustInTarget;
186:
187: /**
188: * establish-trust-in-client element indicates if the target is capable of authenticating a client. The
189: * values are NONE, SUPPORTED or REQUIRED.
190: * Required element.
191: */
192: private final String establishTrustInClient;
193:
194: private TransportConfig() {
195: integrity = INTEGRITY_SUPPORTED;
196: confidentiality = CONFIDENTIALITY_SUPPORTED;
197: establishTrustInTarget = ESTABLISH_TRUST_IN_TARGET_SUPPORTED;
198: establishTrustInClient = ESTABLISH_TRUST_IN_CLIENT_SUPPORTED;
199: this .detectMisordering = DETECT_MISORDERING_SUPPORTED;
200: this .detectReplay = DETECT_REPLAY_SUPPORTED;
201: }
202:
203: /**
204: * @param element transport-config element.
205: */
206: private TransportConfig(Element element)
207: throws DeploymentException {
208: String value = MetaData.getUniqueChildContent(element,
209: "integrity");
210: if (INTEGRITY_NONE.equalsIgnoreCase(value)) {
211: integrity = INTEGRITY_NONE;
212: } else if (INTEGRITY_SUPPORTED.equalsIgnoreCase(value)) {
213: integrity = INTEGRITY_SUPPORTED;
214: } else if (INTEGRITY_REQUIRED.equalsIgnoreCase(value)) {
215: integrity = INTEGRITY_REQUIRED;
216: } else {
217: throw new DeploymentException(
218: "Allowed values for integrity element are "
219: + INTEGRITY_NONE + ", "
220: + INTEGRITY_REQUIRED + " and "
221: + INTEGRITY_SUPPORTED + " but got "
222: + value);
223: }
224:
225: value = MetaData.getUniqueChildContent(element,
226: "confidentiality");
227: if (CONFIDENTIALITY_NONE.equalsIgnoreCase(value)) {
228: confidentiality = CONFIDENTIALITY_NONE;
229: } else if (CONFIDENTIALITY_SUPPORTED
230: .equalsIgnoreCase(value)) {
231: confidentiality = CONFIDENTIALITY_SUPPORTED;
232: } else if (CONFIDENTIALITY_REQUIRED.equalsIgnoreCase(value)) {
233: confidentiality = CONFIDENTIALITY_REQUIRED;
234: } else {
235: throw new DeploymentException(
236: "Allowed values for confidentiality are "
237: + CONFIDENTIALITY_NONE + ", "
238: + CONFIDENTIALITY_SUPPORTED + " and "
239: + CONFIDENTIALITY_REQUIRED
240: + " but got " + value);
241: }
242:
243: value = MetaData.getUniqueChildContent(element,
244: "establish-trust-in-target");
245: if (ESTABLISH_TRUST_IN_TARGET_NONE.equalsIgnoreCase(value)) {
246: establishTrustInTarget = ESTABLISH_TRUST_IN_TARGET_NONE;
247: } else if (ESTABLISH_TRUST_IN_TARGET_SUPPORTED
248: .equalsIgnoreCase(value)) {
249: establishTrustInTarget = ESTABLISH_TRUST_IN_TARGET_SUPPORTED;
250: } else {
251: throw new DeploymentException(
252: "Allowed values for establish-trust-in-target are "
253: + ESTABLISH_TRUST_IN_TARGET_NONE
254: + " and "
255: + ESTABLISH_TRUST_IN_TARGET_SUPPORTED
256: + " but got " + value);
257: }
258:
259: value = MetaData.getUniqueChildContent(element,
260: "establish-trust-in-client");
261: if (ESTABLISH_TRUST_IN_CLIENT_NONE.equalsIgnoreCase(value)) {
262: establishTrustInClient = ESTABLISH_TRUST_IN_CLIENT_NONE;
263: } else if (ESTABLISH_TRUST_IN_CLIENT_SUPPORTED
264: .equalsIgnoreCase(value)) {
265: establishTrustInClient = ESTABLISH_TRUST_IN_CLIENT_SUPPORTED;
266: } else if (ESTABLISH_TRUST_IN_CLIENT_REQUIRED
267: .equalsIgnoreCase(value)) {
268: establishTrustInClient = ESTABLISH_TRUST_IN_CLIENT_REQUIRED;
269: } else {
270: throw new DeploymentException(
271: "Allowed values for establish-trust-in-client are "
272: + ESTABLISH_TRUST_IN_CLIENT_NONE + ", "
273: + ESTABLISH_TRUST_IN_CLIENT_SUPPORTED
274: + " and "
275: + ESTABLISH_TRUST_IN_CLIENT_REQUIRED
276: + " but got " + value);
277: }
278:
279: value = MetaData.getOptionalChildContent(element,
280: "detect-misordering");
281: if (DETECT_MISORDERING_NONE.equalsIgnoreCase(value)) {
282: this .detectMisordering = DETECT_MISORDERING_NONE;
283: } else if (DETECT_MISORDERING_REQUIRED
284: .equalsIgnoreCase(value)) {
285: this .detectMisordering = DETECT_MISORDERING_REQUIRED;
286: } else if (DETECT_MISORDERING_SUPPORTED
287: .equalsIgnoreCase(value)) {
288: this .detectMisordering = DETECT_MISORDERING_SUPPORTED;
289: } else {
290: this .detectMisordering = DETECT_MISORDERING_NONE;
291: }
292:
293: value = MetaData.getOptionalChildContent(element,
294: "detect-replay");
295: if (DETECT_REPLAY_NONE.equalsIgnoreCase(value)) {
296: this .detectReplay = DETECT_REPLAY_NONE;
297: } else if (DETECT_REPLAY_REQUIRED.equalsIgnoreCase(value)) {
298: this .detectReplay = DETECT_REPLAY_REQUIRED;
299: } else if (DETECT_REPLAY_SUPPORTED.equalsIgnoreCase(value)) {
300: this .detectReplay = DETECT_REPLAY_SUPPORTED;
301: } else {
302: this .detectReplay = DETECT_REPLAY_NONE;
303: }
304: }
305:
306: public String getIntegrity() {
307: return integrity;
308: }
309:
310: public String getConfidentiality() {
311: return confidentiality;
312: }
313:
314: public String getDetectMisordering() {
315: return detectMisordering;
316: }
317:
318: public String getDetectReplay() {
319: return detectReplay;
320: }
321:
322: public String getEstablishTrustInTarget() {
323: return establishTrustInTarget;
324: }
325:
326: public boolean isEstablishTrustInTargetSupported() {
327: return ESTABLISH_TRUST_IN_TARGET_SUPPORTED
328: .equalsIgnoreCase(establishTrustInTarget);
329: }
330:
331: public String getEstablishTrustInClient() {
332: return establishTrustInClient;
333: }
334:
335: public String toString() {
336: return "[integrity=" + integrity + ", confidentiality="
337: + confidentiality + ", establish-trust-in-target="
338: + establishTrustInTarget
339: + ", establish-trust-in-client="
340: + establishTrustInClient + ", detect-misordering="
341: + detectMisordering + ", detect-replay="
342: + detectReplay + "]";
343: }
344: }
345:
346: /**
347: * as-context (CSIv2 authentication service) is the element describing the authentication
348: * mechanism that will be used to authenticate the client. It can be either
349: * the username-password mechanism, or none (default).
350: */
351: public class AsContext {
352: public static final String AUTH_METHOD_USERNAME_PASSWORD = "USERNAME_PASSWORD";
353: public static final String AUTH_METHOD_NONE = "NONE";
354:
355: /**
356: * auth-method element describes the authentication method. The only supported values
357: * are USERNAME_PASSWORD and NONE.
358: * Required element.
359: */
360: private final String authMethod;
361:
362: /**
363: * realm element describes the realm in which the user is authenticated. Must be
364: * a valid realm that is registered in server configuration.
365: * Required element.
366: */
367: private final String realm;
368:
369: /**
370: * required element specifies if the authentication method specified is required
371: * to be used for client authentication. If so the EstablishTrustInClient bit
372: * will be set in the target_requires field of the AS_Context. The element value
373: * is either true or false.
374: * Required element.
375: */
376: private final boolean required;
377:
378: private AsContext() {
379: authMethod = AUTH_METHOD_USERNAME_PASSWORD;
380: realm = "default";
381: required = false;
382: }
383:
384: private AsContext(Element element) throws DeploymentException {
385: String value = MetaData.getUniqueChildContent(element,
386: "auth-method");
387: if (AUTH_METHOD_USERNAME_PASSWORD.equalsIgnoreCase(value)) {
388: authMethod = AUTH_METHOD_USERNAME_PASSWORD;
389: } else if (AUTH_METHOD_NONE.equalsIgnoreCase(value)) {
390: authMethod = AUTH_METHOD_NONE;
391: } else {
392: throw new DeploymentException(
393: "The only allowed values for auth-method are "
394: + AUTH_METHOD_USERNAME_PASSWORD + ", "
395: + AUTH_METHOD_NONE + " but got "
396: + value);
397: }
398:
399: realm = MetaData.getUniqueChildContent(element, "realm");
400: if (realm == null || realm.trim().length() == 0) {
401: throw new DeploymentException(
402: "realm is not set for ior-security-config/as-context.");
403: }
404:
405: value = MetaData.getUniqueChildContent(element, "required");
406: if ("true".equalsIgnoreCase(value)) {
407: required = true;
408: } else if ("false".equalsIgnoreCase(value)) {
409: required = false;
410: } else {
411: throw new DeploymentException(
412: "Allowed values for required in ior-security-config/as-context are "
413: + "true and false but got " + value);
414: }
415: }
416:
417: public String getAuthMethod() {
418: return authMethod;
419: }
420:
421: public String getRealm() {
422: return realm;
423: }
424:
425: public boolean isRequired() {
426: return required;
427: }
428:
429: public String toString() {
430: return "[auth-method=" + authMethod + ", realm=" + realm
431: + ", required=" + required + "]";
432: }
433: }
434:
435: /**
436: * sas-context (related to CSIv2 security attribute service) element describes
437: * the sas-context fields.
438: */
439: public class SasContext {
440: public static final String CALLER_PROPAGATION_NONE = "NONE";
441: public static final String CALLER_PROPAGATION_SUPPORTED = "SUPPORTED";
442:
443: /**
444: * caller-propagation element indicates if the target will accept propagated caller identities
445: * The values are NONE or SUPPORTED.
446: * Required element.
447: */
448: private final String callerPropagation;
449:
450: private SasContext() {
451: callerPropagation = CALLER_PROPAGATION_NONE;
452: }
453:
454: private SasContext(Element element) throws DeploymentException {
455: String value = MetaData.getUniqueChildContent(element,
456: "caller-propagation");
457: if (CALLER_PROPAGATION_NONE.equalsIgnoreCase(value)) {
458: callerPropagation = CALLER_PROPAGATION_NONE;
459: } else if (CALLER_PROPAGATION_SUPPORTED
460: .equalsIgnoreCase(value)) {
461: callerPropagation = CALLER_PROPAGATION_SUPPORTED;
462: } else {
463: throw new DeploymentException(
464: "Allowed values for caller-propagation are "
465: + CALLER_PROPAGATION_NONE + " and "
466: + CALLER_PROPAGATION_SUPPORTED
467: + " but got " + value);
468: }
469: }
470:
471: public String getCallerPropagation() {
472: return callerPropagation;
473: }
474:
475: public boolean isCallerPropagationSupported() {
476: return CALLER_PROPAGATION_SUPPORTED
477: .equalsIgnoreCase(callerPropagation);
478: }
479:
480: public String toString() {
481: return "[caller-propagation=" + callerPropagation + "]";
482: }
483: }
484: }
|