001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.corba.security.config.tss; 018 019 import javax.net.ssl.SSLPeerUnverifiedException; 020 import javax.net.ssl.SSLSession; 021 import javax.security.auth.Subject; 022 import javax.security.auth.x500.X500Principal; 023 import javax.security.cert.X509Certificate; 024 025 import org.apache.commons.logging.Log; 026 import org.apache.commons.logging.LogFactory; 027 import org.omg.CORBA.Any; 028 import org.omg.CORBA.NO_PERMISSION; 029 import org.omg.CORBA.ORB; 030 import org.omg.CORBA.UserException; 031 import org.omg.CSIIOP.EstablishTrustInClient; 032 import org.omg.CSIIOP.TAG_NULL_TAG; 033 import org.omg.CSIIOP.TAG_TLS_SEC_TRANS; 034 import org.omg.CSIIOP.TLS_SEC_TRANS; 035 import org.omg.CSIIOP.TLS_SEC_TRANSHelper; 036 import org.omg.CSIIOP.TransportAddress; 037 import org.omg.IOP.Codec; 038 import org.omg.IOP.TaggedComponent; 039 040 import org.apache.geronimo.corba.security.SASException; 041 import org.apache.geronimo.corba.security.config.ConfigUtil; 042 043 044 /** 045 * At the moment, this config class can only handle a single address. 046 * 047 * @version $Rev: 504461 $ $Date: 2007-02-07 00:42:26 -0800 (Wed, 07 Feb 2007) $ 048 */ 049 public class TSSSSLTransportConfig extends TSSTransportMechConfig { 050 051 private final static Log log = LogFactory.getLog(TSSSSLTransportConfig.class); 052 053 private short port; 054 private String hostname; 055 private short handshakeTimeout = -1; 056 private short supports; 057 private short requires; 058 059 public TSSSSLTransportConfig() { 060 } 061 062 public TSSSSLTransportConfig(TaggedComponent component, Codec codec) throws UserException { 063 Any any = codec.decode_value(component.component_data, TLS_SEC_TRANSHelper.type()); 064 TLS_SEC_TRANS tst = TLS_SEC_TRANSHelper.extract(any); 065 066 supports = tst.target_supports; 067 requires = tst.target_requires; 068 port = tst.addresses[0].port; 069 hostname = tst.addresses[0].host_name; 070 } 071 072 public short getPort() { 073 return port; 074 } 075 076 public void setPort(short port) { 077 this.port = port; 078 } 079 080 public String getHostname() { 081 return hostname; 082 } 083 084 public void setHostname(String hostname) { 085 this.hostname = hostname; 086 } 087 088 public short getHandshakeTimeout() { 089 return handshakeTimeout; 090 } 091 092 public void setHandshakeTimeout(short handshakeTimeout) { 093 this.handshakeTimeout = handshakeTimeout; 094 } 095 096 public short getSupports() { 097 return supports; 098 } 099 100 public void setSupports(short supports) { 101 this.supports = supports; 102 } 103 104 public short getRequires() { 105 return requires; 106 } 107 108 public void setRequires(short requires) { 109 this.requires = requires; 110 } 111 112 public TaggedComponent encodeIOR(ORB orb, Codec codec) { 113 TaggedComponent result = new TaggedComponent(); 114 115 TLS_SEC_TRANS tst = new TLS_SEC_TRANS(); 116 117 tst.target_supports = supports; 118 tst.target_requires = requires; 119 tst.addresses = new TransportAddress[1]; 120 tst.addresses[0] = new TransportAddress(hostname, port); 121 122 try { 123 Any any = orb.create_any(); 124 TLS_SEC_TRANSHelper.insert(any, tst); 125 126 result.tag = TAG_TLS_SEC_TRANS.value; 127 result.component_data = codec.encode_value(any); 128 } catch (Exception ex) { 129 log.error("Error enncoding transport tagged component, defaulting encoding to NULL"); 130 131 result.tag = TAG_NULL_TAG.value; 132 result.component_data = new byte[0]; 133 } 134 135 return result; 136 } 137 138 public Subject check(SSLSession session) throws SASException { 139 if (session == null && requires != 0) throw new NO_PERMISSION("Missing required SSL session"); 140 141 try { 142 if (log.isDebugEnabled()) log.debug("Scraping principal from SSL session"); 143 144 X509Certificate link = session.getPeerCertificateChain()[0]; 145 Subject subject = new Subject(); 146 String name = link.getSubjectDN().toString(); 147 148 if (log.isDebugEnabled()) log.debug("Obtained principal " + name); 149 150 subject.getPrincipals().add(new X500Principal(name)); 151 152 return subject; 153 } catch (SSLPeerUnverifiedException e) { 154 if ((requires & EstablishTrustInClient.value) != 0) { 155 if (log.isDebugEnabled()) log.debug("Unverified peer, throwing exception"); 156 throw new SASException(1, e); 157 } 158 if (log.isDebugEnabled()) log.debug("Unverified peer, returning null"); 159 return null; 160 } 161 } 162 163 void toString(String spaces, StringBuffer buf) { 164 String moreSpaces = spaces + " "; 165 buf.append(spaces).append("TSSSSLTransportConfig: [\n"); 166 buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n"); 167 buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n"); 168 buf.append(moreSpaces).append("port : ").append(port).append("\n"); 169 buf.append(moreSpaces).append("hostName: ").append(hostname).append("\n"); 170 buf.append(moreSpaces).append("handshakeTimeout: ").append(handshakeTimeout).append("\n"); 171 buf.append(spaces).append("]\n"); 172 } 173 174 }