001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.corba.security.config.tss;
018
019 import java.io.Serializable;
020 import java.util.ArrayList;
021 import java.util.HashMap;
022 import java.util.Iterator;
023 import java.util.Map;
024 import javax.security.auth.Subject;
025
026 import org.omg.CORBA.ORB;
027 import org.omg.CSI.EstablishContext;
028 import org.omg.CSI.ITTPrincipalName;
029 import org.omg.CSI.IdentityToken;
030 import org.omg.CSIIOP.DelegationByClient;
031 import org.omg.CSIIOP.IdentityAssertion;
032 import org.omg.CSIIOP.SAS_ContextSec;
033 import org.omg.CSIIOP.ServiceConfiguration;
034 import org.omg.IOP.Codec;
035 import org.apache.geronimo.corba.security.SASException;
036 import org.apache.geronimo.corba.security.config.ConfigUtil;
037 import org.apache.geronimo.corba.util.Util;
038
039
040 /**
041 * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
042 */
043 public class TSSSASMechConfig implements Serializable {
044
045 private short supports;
046 private short requires;
047 private boolean required;
048 private final ArrayList privilegeAuthorities = new ArrayList();
049 private final Map idTokens = new HashMap();
050
051 public TSSSASMechConfig() {
052 }
053
054 public TSSSASMechConfig(SAS_ContextSec context) throws Exception {
055 supports = context.target_supports;
056 requires = context.target_requires;
057
058 ServiceConfiguration[] c = context.privilege_authorities;
059 for (int i = 0; i < c.length; i++) {
060 privilegeAuthorities.add(TSSServiceConfigurationConfig.decodeIOR(c[i]));
061 }
062
063 byte[][] n = context.supported_naming_mechanisms;
064 for (int i = 0; i < n.length; i++) {
065 String oid = Util.decodeOID(n[i]);
066
067 //TODO is this needed?
068 if (TSSITTPrincipalNameGSSUP.OID.equals(oid)) {
069 //TODO this doesn't make sense if we plan to use this for identity check.
070 addIdentityToken(new TSSITTPrincipalNameGSSUP(null, null, null));
071 }
072 }
073
074 supports = context.target_supports;
075 requires = context.target_requires;
076 }
077
078 public void addServiceConfigurationConfig(TSSServiceConfigurationConfig config) {
079 privilegeAuthorities.add(config);
080
081 supports |= DelegationByClient.value;
082 if (required) requires = DelegationByClient.value;
083 }
084
085 public TSSServiceConfigurationConfig serviceConfigurationAt(int i) {
086 return (TSSServiceConfigurationConfig) privilegeAuthorities.get(i);
087 }
088
089 public int paSize() {
090 return privilegeAuthorities.size();
091 }
092
093 public void addIdentityToken(TSSSASIdentityToken token) {
094 idTokens.put(new Integer(token.getType()), token);
095
096 if (token.getType() > 0) supports |= IdentityAssertion.value;
097 }
098
099 public short getSupports() {
100 return supports;
101 }
102
103 public short getRequires() {
104 return requires;
105 }
106
107 public boolean isRequired() {
108 return required;
109 }
110
111 public void setRequired(boolean required) {
112 this.required = required;
113 if (required) requires |= (short) (supports & DelegationByClient.value);
114 }
115
116 public SAS_ContextSec encodeIOR(ORB orb, Codec codec) throws Exception {
117
118 SAS_ContextSec result = new SAS_ContextSec();
119
120 int i = 0;
121 result.privilege_authorities = new ServiceConfiguration[privilegeAuthorities.size()];
122 for (Iterator iter = privilegeAuthorities.iterator(); iter.hasNext();) {
123 result.privilege_authorities[i++] = ((TSSServiceConfigurationConfig) iter.next()).generateServiceConfiguration();
124 }
125
126 ArrayList list = new ArrayList();
127 for (Iterator iter = idTokens.values().iterator(); iter.hasNext();) {
128 TSSSASIdentityToken token = (TSSSASIdentityToken) iter.next();
129
130 if (token.getType() == ITTPrincipalName.value) {
131 list.add(token);
132 }
133 result.supported_identity_types |= token.getType();
134 }
135
136 i = 0;
137 result.supported_naming_mechanisms = new byte[list.size()][];
138 for (Iterator iter = list.iterator(); iter.hasNext();) {
139 TSSSASIdentityToken token = (TSSSASIdentityToken) iter.next();
140
141 result.supported_naming_mechanisms[i++] = Util.encodeOID(token.getOID());
142 }
143
144 result.target_supports = supports;
145 result.target_requires = requires;
146
147 return result;
148 }
149
150 public Subject check(EstablishContext msg) throws SASException {
151 if (msg.identity_token != null) {
152 IdentityToken identityToken = msg.identity_token;
153 int discriminator = identityToken.discriminator();
154 TSSSASIdentityToken tssIdentityToken = (TSSSASIdentityToken) idTokens.get(new Integer(discriminator));
155 if (tssIdentityToken == null) {
156 throw new SASException(1, new Exception("Unsupported IdentityTokenType: " + discriminator));
157 } else {
158 return tssIdentityToken.check(identityToken);
159 }
160 } else {
161 return null;
162 }
163 }
164
165 public String toString() {
166 StringBuffer buf = new StringBuffer();
167 toString("", buf);
168 return buf.toString();
169 }
170
171 void toString(String spaces, StringBuffer buf) {
172 String moreSpaces = spaces + " ";
173 buf.append(spaces).append(getName()).append(": [\n");
174 buf.append(moreSpaces).append("required: ").append(required).append("\n");
175 buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n");
176 buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n");
177 for (Iterator iterator = privilegeAuthorities.iterator(); iterator.hasNext();) {
178 TSSServiceConfigurationConfig tssServiceConfigurationConfig = (TSSServiceConfigurationConfig) iterator.next();
179 tssServiceConfigurationConfig.toString(moreSpaces, buf);
180 }
181 buf.append("\n");
182 for (Iterator iterator = idTokens.values().iterator(); iterator.hasNext();) {
183 TSSSASIdentityToken identityToken = (TSSSASIdentityToken) iterator.next();
184 identityToken.toString(moreSpaces, buf);
185 }
186 buf.append(spaces).append("]\n");
187 }
188
189 protected String getName() {
190 return "TSSSASMechConfig";
191 }
192
193 }