001: package org.jacorb.security.sas;
002:
003: /*
004: * JacORB - a free Java ORB
005: *
006: * Copyright (C) 2002-2004 Gerald Brose
007: *
008: * This library is free software; you can redistribute it and/or
009: * modify it under the terms of the GNU Library General Public
010: * License as published by the Free Software Foundation; either
011: * version 2 of the License, or (at your option) any later version.
012: *
013: * This library is distributed in the hope that it will be useful,
014: * but WITHOUT ANY WARRANTY; without even the implied warranty of
015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
016: * Library General Public License for more details.
017: *
018: * You should have received a copy of the GNU Library General Public
019: * License along with this library; if not, write to the Free
020: * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
021: */
022:
023: import java.security.cert.X509Certificate;
024:
025: import javax.net.ssl.SSLSocket;
026:
027: import org.apache.avalon.framework.configuration.Configuration;
028: import org.apache.avalon.framework.configuration.ConfigurationException;
029: import org.apache.avalon.framework.logger.Logger;
030: import org.jacorb.orb.dsi.ServerRequest;
031: import org.jacorb.orb.giop.GIOPConnection;
032: import org.jacorb.orb.iiop.ServerIIOPConnection;
033: import org.jacorb.orb.portableInterceptor.ServerRequestInfoImpl;
034: import org.omg.CORBA.ORB;
035: import org.omg.CSI.IdentityToken;
036: import org.omg.CSIIOP.CompoundSecMechList;
037: import org.omg.IOP.Codec;
038: import org.omg.PortableInterceptor.ServerRequestInfo;
039:
040: public class JsseContext implements ISASContext {
041: /** the logger used by the naming service implementation */
042: private Logger logger = null;
043:
044: private X509Certificate client_cert = null;
045:
046: public void configure(Configuration configuration)
047: throws ConfigurationException {
048: }
049:
050: public JsseContext(Logger logger) {
051: this .logger = logger;
052: }
053:
054: public boolean validate(ServerRequestInfo ri, byte[] contextToken) {
055: client_cert = getClientCert(ri);
056: if (client_cert == null)
057: return false;
058: return true;
059: }
060:
061: public String getPrincipalName() {
062: if (client_cert == null)
063: return null;
064: return client_cert.getSubjectDN().getName();
065: }
066:
067: /**
068: * This method retrievs the received client certificate
069: * from the Credentials.
070: */
071: private X509Certificate getClientCert(ServerRequestInfo ri) {
072: ServerRequest request = ((ServerRequestInfoImpl) ri).request;
073:
074: GIOPConnection connection = request.getConnection();
075:
076: // lookup for context
077: if (connection == null) {
078: if (logger.isWarnEnabled())
079: logger.warn("target has no connection!");
080: return null;
081: }
082:
083: if (!connection.isSSL()) {
084: return null;
085: }
086:
087: ServerIIOPConnection transport = (ServerIIOPConnection) connection
088: .getTransport();
089:
090: SSLSocket sslSocket = (SSLSocket) transport.getSocket();
091: try {
092: return (X509Certificate) sslSocket.getSession()
093: .getPeerCertificates()[0];
094: } catch (javax.net.ssl.SSLPeerUnverifiedException pue) {
095: if (logger.isDebugEnabled())
096: logger.debug("SSLPeerUnverifiedException", pue);
097: return null;
098: }
099:
100: /*
101:
102: KeyAndCert kac = null;
103:
104: try
105: {
106: kac =
107: new KeyAndCert( null, sslSocket.getSession().getPeerCertificates() );
108: }
109: catch( javax.net.ssl.SSLPeerUnverifiedException pue )
110: {
111: Debug.output( 2, pue );
112: return;
113: }
114:
115: if( kac.chain == null )
116: {
117: Debug.output( 2, "Client sent no certificate chain!" );
118:
119: return;
120: }
121:
122: SecAttribute [] atts = new SecAttribute[] {
123: attrib_mgr.createAttribute( kac, type ) } ;
124:
125: current.set_received_credentials( new ReceivedCredentialsImpl( atts ) );
126:
127:
128:
129:
130: SecAttributeManager attrib_mgr = SecAttributeManager.getInstance();
131:
132: AttributeType attribute_type =
133: new AttributeType(new ExtensibleFamily((short) 0,
134: (short) 1),
135: AccessId.value);
136:
137: AttributeType[] access_id = new AttributeType[] {attribute_type};
138:
139: org.omg.SecurityLevel2.Current current = null;
140: try {
141: current = (org.omg.SecurityLevel2.Current)orb.resolve_initial_references( "SecurityCurrent" );
142: } catch (Exception e) {
143: Debug.output(1, "Error getting current: " + e);
144: return null;
145: }
146:
147: //get the ReceivedCredentials
148: ReceivedCredentials creds = current.received_credentials();
149:
150: if (creds == null)
151: {
152: System.out.println("No received credentials in Current");
153: return null;
154: }
155:
156: //get the SecAttributes we're interested in
157: SecAttribute[] attribs = creds.get_attributes( access_id );
158:
159: if( attribs.length == 0 )
160: {
161: System.out.println("No attributes in Current credentials");
162: return null;
163: }
164:
165: //get the actual contents of the SecAttributes via
166: //the SecAttributeManager
167: KeyAndCert kac = attrib_mgr.getAttributeCertValue( attribs[0] );
168:
169: if( kac == null )
170: {
171: System.out.println("Could not get Cert Attribute Value for "+attribs[0]);
172: return null;
173: }
174:
175: //return the first (self-signed) certificate of the chain
176: return (X509Certificate) kac.chain[0];
177: */
178: }
179:
180: /* (non-Javadoc)
181: * @see org.jacorb.security.sas.ISASContext#createContext(org.omg.PortableInterceptor.ClientRequestInfo)
182: */
183: public byte[] createClientContext(ORB orb, Codec codec,
184: CompoundSecMechList csmList) {
185: // TODO Auto-generated method stub
186: return null;
187: }
188:
189: /* (non-Javadoc)
190: * @see org.jacorb.security.sas.ISASContext#getCreatedPrincipal()
191: */
192: public String getClientPrincipal() {
193: // TODO Auto-generated method stub
194: return null;
195: }
196:
197: /* (non-Javadoc)
198: * @see org.jacorb.security.sas.ISASContext#validateContext(org.omg.PortableInterceptor.ServerRequestInfo, byte[])
199: */
200: public boolean validateContext(ORB orb, Codec codec,
201: byte[] contextToken) {
202: // TODO Auto-generated method stub
203: return false;
204: }
205:
206: /* (non-Javadoc)
207: * @see org.jacorb.security.sas.ISASContext#getValidatedPrincipal()
208: */
209: public String getValidatedPrincipal() {
210: // TODO Auto-generated method stub
211: return null;
212: }
213:
214: /* (non-Javadoc)
215: * @see org.jacorb.security.sas.ISASContext#initClient()
216: */
217: public void initClient() {
218: // TODO Auto-generated method stub
219:
220: }
221:
222: /* (non-Javadoc)
223: * @see org.jacorb.security.sas.ISASContext#initTarget()
224: */
225: public void initTarget() {
226: // TODO Auto-generated method stub
227:
228: }
229:
230: public String getMechOID() {
231: return "";
232: }
233:
234: /* (non-Javadoc)
235: * @see org.jacorb.security.sas.ISASContext#createIdentityToken(org.omg.PortableInterceptor.ClientRequestInfo, org.omg.CSIIOP.CompoundSecMechList)
236: */
237: public IdentityToken createIdentityToken(ORB orb, Codec codec,
238: CompoundSecMechList csmList) {
239: // TODO Auto-generated method stub
240: return null;
241: }
242: }
|