001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *     http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.geronimo.corba.security.config.tss;
018    
019    import java.io.UnsupportedEncodingException;
020    
021    import javax.security.auth.Subject;
022    import javax.security.auth.login.LoginContext;
023    import javax.security.auth.login.LoginException;
024    
025    import org.omg.CORBA.ORB;
026    import org.omg.CSI.EstablishContext;
027    import org.omg.CSIIOP.AS_ContextSec;
028    import org.omg.CSIIOP.EstablishTrustInClient;
029    import org.omg.GSSUP.GSSUPMechOID;
030    import org.omg.GSSUP.InitialContextToken;
031    import org.omg.IOP.Codec;
032    
033    import org.apache.geronimo.security.jaas.UsernamePasswordCallback;
034    import org.apache.geronimo.security.ContextManager;
035    
036    import org.apache.geronimo.corba.security.SASException;
037    import org.apache.geronimo.corba.util.Util;
038    
039    
040    /**
041     * @version $Rev: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
042     */
043    public class TSSGSSUPMechConfig extends TSSASMechConfig {
044    
045        private String targetName;
046        private boolean required;
047    
048        public TSSGSSUPMechConfig() {
049        }
050    
051        public TSSGSSUPMechConfig(AS_ContextSec context) {
052            targetName = Util.decodeGSSExportName(context.target_name);
053            required = (context.target_requires == EstablishTrustInClient.value);
054        }
055    
056        public String getTargetName() {
057            return targetName;
058        }
059    
060        public void setTargetName(String targetName) {
061            this.targetName = targetName;
062        }
063    
064        public boolean isRequired() {
065            return required;
066        }
067    
068        public void setRequired(boolean required) {
069            this.required = required;
070        }
071    
072        public short getSupports() {
073            return EstablishTrustInClient.value;
074        }
075    
076        public short getRequires() {
077            return (required ? EstablishTrustInClient.value : 0);
078        }
079    
080        public AS_ContextSec encodeIOR(ORB orb, Codec codec) throws Exception {
081            AS_ContextSec result = new AS_ContextSec();
082    
083            result.target_supports = EstablishTrustInClient.value;
084            result.target_requires = (required ? EstablishTrustInClient.value : 0);
085            result.client_authentication_mech = Util.encodeOID(GSSUPMechOID.value);
086            result.target_name = Util.encodeGSSExportName(GSSUPMechOID.value, targetName);
087    
088            return result;
089        }
090    
091        public Subject check(EstablishContext msg) throws SASException {
092            Subject result = null;
093    
094            try {
095                if (msg.client_authentication_token != null && msg.client_authentication_token.length > 0) {
096                    InitialContextToken token = new InitialContextToken();
097    
098                    if (!Util.decodeGSSUPToken(Util.getCodec(), msg.client_authentication_token, token))
099                        throw new SASException(2);
100    
101                    if (token.target_name == null) return null;
102    
103                    String tokenTargetName = (token.target_name == null ? targetName : new String(token.target_name, "UTF8"));
104    
105                    if (!targetName.equals(tokenTargetName)) throw new SASException(2);
106                    String userName = Util.extractUserNameFromScopedName(token.username);
107    
108                    LoginContext context = ContextManager.login(tokenTargetName,
109                            new UsernamePasswordCallback(userName,
110                                    new String(token.password, "UTF8").toCharArray()));
111                    result = context.getSubject();
112                }
113            } catch (UnsupportedEncodingException e) {
114                throw new SASException(1, e);
115            } catch (LoginException e) {
116                throw new SASException(1, e);
117            }
118    
119    
120            return result;
121        }
122    
123        public String toString() {
124            StringBuffer buf = new StringBuffer();
125            toString("", buf);
126            return buf.toString();
127        }
128    
129        public void toString(String spaces, StringBuffer buf) {
130            String moreSpaces = spaces + "  ";
131            buf.append(spaces).append("TSSGSSUPMechConfig: [\n");
132            buf.append(moreSpaces).append("targetName:   ").append(targetName).append("\n");
133            buf.append(moreSpaces).append("required  :   ").append(required).append("\n");
134            buf.append(spaces).append("]\n");
135        }
136    
137    }