001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.corba.security.config.tss;
017:
018: import javax.net.ssl.SSLPeerUnverifiedException;
019: import javax.net.ssl.SSLSession;
020: import javax.security.auth.Subject;
021: import javax.security.auth.x500.X500Principal;
022: import javax.security.cert.X509Certificate;
023:
024: import org.apache.commons.logging.Log;
025: import org.apache.commons.logging.LogFactory;
026: import org.omg.CORBA.Any;
027: import org.omg.CORBA.NO_PERMISSION;
028: import org.omg.CORBA.ORB;
029: import org.omg.CORBA.UserException;
030: import org.omg.CSIIOP.EstablishTrustInClient;
031: import org.omg.CSIIOP.TAG_NULL_TAG;
032: import org.omg.CSIIOP.TAG_TLS_SEC_TRANS;
033: import org.omg.CSIIOP.TLS_SEC_TRANS;
034: import org.omg.CSIIOP.TLS_SEC_TRANSHelper;
035: import org.omg.CSIIOP.TransportAddress;
036: import org.omg.IOP.Codec;
037: import org.omg.IOP.TaggedComponent;
038:
039: import org.apache.geronimo.corba.security.SASException;
040: import org.apache.geronimo.corba.security.config.ConfigUtil;
041:
042: /**
043: * At the moment, this config class can only handle a single address.
044: *
045: * @version $Rev: 504461 $ $Date: 2007-02-07 00:42:26 -0800 (Wed, 07 Feb 2007) $
046: */
047: public class TSSSSLTransportConfig extends TSSTransportMechConfig {
048:
049: private final static Log log = LogFactory
050: .getLog(TSSSSLTransportConfig.class);
051:
052: private short port;
053: private String hostname;
054: private short handshakeTimeout = -1;
055: private short supports;
056: private short requires;
057:
058: public TSSSSLTransportConfig() {
059: }
060:
061: public TSSSSLTransportConfig(TaggedComponent component, Codec codec)
062: throws UserException {
063: Any any = codec.decode_value(component.component_data,
064: TLS_SEC_TRANSHelper.type());
065: TLS_SEC_TRANS tst = TLS_SEC_TRANSHelper.extract(any);
066:
067: supports = tst.target_supports;
068: requires = tst.target_requires;
069: port = tst.addresses[0].port;
070: hostname = tst.addresses[0].host_name;
071: }
072:
073: public short getPort() {
074: return port;
075: }
076:
077: public void setPort(short port) {
078: this .port = port;
079: }
080:
081: public String getHostname() {
082: return hostname;
083: }
084:
085: public void setHostname(String hostname) {
086: this .hostname = hostname;
087: }
088:
089: public short getHandshakeTimeout() {
090: return handshakeTimeout;
091: }
092:
093: public void setHandshakeTimeout(short handshakeTimeout) {
094: this .handshakeTimeout = handshakeTimeout;
095: }
096:
097: public short getSupports() {
098: return supports;
099: }
100:
101: public void setSupports(short supports) {
102: this .supports = supports;
103: }
104:
105: public short getRequires() {
106: return requires;
107: }
108:
109: public void setRequires(short requires) {
110: this .requires = requires;
111: }
112:
113: public TaggedComponent encodeIOR(ORB orb, Codec codec) {
114: TaggedComponent result = new TaggedComponent();
115:
116: TLS_SEC_TRANS tst = new TLS_SEC_TRANS();
117:
118: tst.target_supports = supports;
119: tst.target_requires = requires;
120: tst.addresses = new TransportAddress[1];
121: tst.addresses[0] = new TransportAddress(hostname, port);
122:
123: try {
124: Any any = orb.create_any();
125: TLS_SEC_TRANSHelper.insert(any, tst);
126:
127: result.tag = TAG_TLS_SEC_TRANS.value;
128: result.component_data = codec.encode_value(any);
129: } catch (Exception ex) {
130: log
131: .error("Error enncoding transport tagged component, defaulting encoding to NULL");
132:
133: result.tag = TAG_NULL_TAG.value;
134: result.component_data = new byte[0];
135: }
136:
137: return result;
138: }
139:
140: public Subject check(SSLSession session) throws SASException {
141: if (session == null && requires != 0)
142: throw new NO_PERMISSION("Missing required SSL session");
143:
144: try {
145: if (log.isDebugEnabled())
146: log.debug("Scraping principal from SSL session");
147:
148: X509Certificate link = session.getPeerCertificateChain()[0];
149: Subject subject = new Subject();
150: String name = link.getSubjectDN().toString();
151:
152: if (log.isDebugEnabled())
153: log.debug("Obtained principal " + name);
154:
155: subject.getPrincipals().add(new X500Principal(name));
156:
157: return subject;
158: } catch (SSLPeerUnverifiedException e) {
159: if ((requires & EstablishTrustInClient.value) != 0) {
160: if (log.isDebugEnabled())
161: log.debug("Unverified peer, throwing exception");
162: throw new SASException(1, e);
163: }
164: if (log.isDebugEnabled())
165: log.debug("Unverified peer, returning null");
166: return null;
167: }
168: }
169:
170: void toString(String spaces, StringBuffer buf) {
171: String moreSpaces = spaces + " ";
172: buf.append(spaces).append("TSSSSLTransportConfig: [\n");
173: buf.append(moreSpaces).append("SUPPORTS: ").append(
174: ConfigUtil.flags(supports)).append("\n");
175: buf.append(moreSpaces).append("REQUIRES: ").append(
176: ConfigUtil.flags(requires)).append("\n");
177: buf.append(moreSpaces).append("port : ").append(port)
178: .append("\n");
179: buf.append(moreSpaces).append("hostName: ").append(hostname)
180: .append("\n");
181: buf.append(moreSpaces).append("handshakeTimeout: ").append(
182: handshakeTimeout).append("\n");
183: buf.append(spaces).append("]\n");
184: }
185:
186: }
|