001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.iiop.csiv2;
023:
024: import org.omg.CORBA.Any;
025: import org.omg.CORBA.ORB;
026: import org.omg.CORBA.LocalObject;
027: import org.omg.CORBA.BAD_PARAM;
028: import org.omg.CSIIOP.Integrity;
029: import org.omg.CSIIOP.DetectReplay;
030: import org.omg.CSIIOP.DetectMisordering;
031: import org.omg.PortableInterceptor.IORInfo;
032: import org.omg.PortableInterceptor.IORInterceptor;
033:
034: import org.omg.IOP.Codec;
035: import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
036: import org.omg.IOP.TAG_INTERNET_IOP;
037: import org.omg.IOP.TaggedComponent;
038:
039: import org.omg.SSLIOP.SSL;
040: import org.omg.SSLIOP.SSLHelper;
041: import org.omg.SSLIOP.TAG_SSL_SEC_TRANS;
042:
043: import org.jboss.iiop.CorbaORBService;
044: import org.jboss.logging.Logger;
045: import org.jboss.metadata.IorSecurityConfigMetaData;
046:
047: /**
048: * Implements an <code>org.omg.PortableInterceptor.IORInterceptor</code>
049: * that CSIv2 info to an IOR.
050: *
051: * @author Dimitris.Andreadis@jboss.org
052: * @version $Revision: 57194 $
053: */
054: public class CSIv2IORInterceptor extends LocalObject implements
055: IORInterceptor {
056: /** @since 4.0.1 */
057: static final long serialVersionUID = 7726088578382542812L;
058: private static final Logger log = Logger
059: .getLogger(CSIv2IORInterceptor.class);
060: /**
061: * The minimum set of security options supported by the SSL mechanism
062: * (These options cannot be turned off, so they are always supported.)
063: */
064: private static final int MIN_SSL_OPTIONS = Integrity.value
065: | DetectReplay.value | DetectMisordering.value;
066:
067: private TaggedComponent defaultSSLComponent;
068: private TaggedComponent defaultCSIComponent;
069:
070: public CSIv2IORInterceptor(Codec codec) {
071: int sslPort = CorbaORBService.getTheActualSSLPort();
072: try {
073: // Build default SSL component with minimum SSL options
074: SSL ssl = new SSL((short) MIN_SSL_OPTIONS, /* supported options */
075: (short) 0, /* required options */
076: (short) sslPort);
077: ORB orb = ORB.init();
078: Any any = orb.create_any();
079: SSLHelper.insert(any, ssl);
080: byte[] componentData = codec.encode_value(any);
081: defaultSSLComponent = new TaggedComponent(
082: TAG_SSL_SEC_TRANS.value, componentData);
083:
084: IorSecurityConfigMetaData metadata = new IorSecurityConfigMetaData();
085: defaultCSIComponent = CSIv2Util
086: .createSecurityTaggedComponent(metadata, codec,
087: sslPort, orb);
088: } catch (InvalidTypeForEncoding e) {
089: log
090: .warn(
091: "Caught unexcepted exception while encoding SSL component",
092: e);
093: throw new RuntimeException(e);
094: }
095: }
096:
097: // org.omg.PortableInterceptor.IORInterceptor operations -------------------
098:
099: public String name() {
100: return CSIv2IORInterceptor.class.getName();
101: }
102:
103: public void destroy() {
104: }
105:
106: // called for all IORs created from this ORB
107: public void establish_components(IORInfo info) {
108: // check if CSIv2 policy is in effect for this IOR
109: CSIv2Policy csiv2Policy = null;
110:
111: try {
112: csiv2Policy = (CSIv2Policy) info
113: .get_effective_policy(CSIv2Policy.TYPE);
114: } catch (BAD_PARAM e) {
115: if (log.isDebugEnabled())
116: log.debug("No CSIv2Policy");
117: } catch (Exception e) {
118: if (log.isDebugEnabled())
119: log.debug("Error fetching CSIv2Policy", e);
120: }
121:
122: if (csiv2Policy != null) {
123: // if csiv2Policy effective, stuff a copy of the TaggedComponents
124: // already created by the CSIv2Policy into the IOR's IIOP profile
125: TaggedComponent sslComponent = csiv2Policy
126: .getSSLTaggedComponent();
127: if (sslComponent != null
128: && CorbaORBService.getSSLComponentsEnabledFlag() == true) {
129: info.add_ior_component_to_profile(sslComponent,
130: TAG_INTERNET_IOP.value);
131: }
132: TaggedComponent csiv2Component = csiv2Policy
133: .getSecurityTaggedComponent();
134: if (csiv2Component != null) {
135: info.add_ior_component_to_profile(csiv2Component,
136: TAG_INTERNET_IOP.value);
137: }
138: } else {
139: if (defaultSSLComponent != null
140: && CorbaORBService.getSSLComponentsEnabledFlag() == true) {
141: // otherwise stuff the default SSL component (with the minimum
142: // set of SSL options) into the IOR's IIOP profile
143: info.add_ior_component_to_profile(defaultSSLComponent,
144: TAG_INTERNET_IOP.value);
145: }
146: if (defaultCSIComponent != null) {
147: // and stuff the default CSI component (with the minimum
148: // set of CSI options) into the IOR's IIOP profile
149: info.add_ior_component_to_profile(defaultCSIComponent,
150: TAG_INTERNET_IOP.value);
151: }
152: }
153:
154: return;
155: }
156: }
|