001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.corba.security.config.tss;
018
019 import java.util.Iterator;
020 import java.util.List;
021
022 import org.apache.xmlbeans.XmlException;
023 import org.apache.xmlbeans.XmlObject;
024 import org.apache.geronimo.common.DeploymentException;
025 import org.apache.geronimo.common.propertyeditor.PropertyEditorException;
026 import org.apache.geronimo.deployment.service.XmlAttributeBuilder;
027 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil;
028 import org.apache.geronimo.gbean.GBeanInfoBuilder;
029 import org.apache.geronimo.gbean.GBeanInfo;
030 import org.apache.geronimo.kernel.ClassLoading;
031 import org.omg.CSIIOP.CompositeDelegation;
032 import org.omg.CSIIOP.Confidentiality;
033 import org.omg.CSIIOP.DetectMisordering;
034 import org.omg.CSIIOP.DetectReplay;
035 import org.omg.CSIIOP.EstablishTrustInClient;
036 import org.omg.CSIIOP.EstablishTrustInTarget;
037 import org.omg.CSIIOP.Integrity;
038 import org.omg.CSIIOP.NoDelegation;
039 import org.omg.CSIIOP.NoProtection;
040 import org.omg.CSIIOP.SimpleDelegation;
041 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSAssociationOption;
042 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSCompoundSecMechType;
043 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSGSSUPType;
044 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSGeneralNameType;
045 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSGssExportedNameType;
046 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSIdentityTokenTypeList;
047 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSSSLType;
048 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSSasMechType;
049 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSTssDocument;
050 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSTssType;
051
052
053 /**
054 * A property editor for {@link org.apache.geronimo.corba.security.config.tss.TSSConfig}.
055 *
056 * @version $Revision: 451417 $ $Date: 2006-09-29 13:13:22 -0700 (Fri, 29 Sep 2006) $
057 */
058 public class TSSConfigEditor implements XmlAttributeBuilder {
059
060 private static final String NAMESPACE = TSSTssDocument.type.getDocumentElementName().getNamespaceURI();
061
062 public String getNamespace() {
063 return NAMESPACE;
064 }
065
066 /**
067 * Returns a TSSConfig object initialized with the input object
068 * as an XML string.
069 *
070 * @return a TSSConfig object
071 * @throws org.apache.geronimo.common.propertyeditor.PropertyEditorException
072 * An IOException occured.
073 */
074 public Object getValue(XmlObject xmlObject, String type, ClassLoader cl) throws DeploymentException {
075 TSSTssType tss;
076 if (xmlObject instanceof TSSTssType) {
077 tss = (TSSTssType) xmlObject;
078 } else {
079 tss = (TSSTssType) xmlObject.copy().changeType(TSSTssType.type);
080 }
081
082 try {
083 XmlBeansUtil.validateDD(tss);
084 } catch (XmlException e) {
085 throw new DeploymentException("Error parsing TSS configuration", e);
086 }
087
088 TSSConfig tssConfig = new TSSConfig();
089
090 tssConfig.setInherit(tss.getInherit());
091
092 if (tss.isSetSSL()) {
093 tssConfig.setTransport_mech(extractSSL(tss.getSSL()));
094 } else if (tss.isSetSECIOP()) {
095 throw new PropertyEditorException("SECIOP processing not implemented");
096 } else {
097 tssConfig.setTransport_mech(new TSSNULLTransportConfig());
098 }
099
100 if (tss.isSetCompoundSecMechTypeList()) {
101 TSSCompoundSecMechListConfig mechListConfig = tssConfig.getMechListConfig();
102 mechListConfig.setStateful(tss.getCompoundSecMechTypeList().getStateful());
103
104 TSSCompoundSecMechType[] mechList = tss.getCompoundSecMechTypeList().getCompoundSecMechArray();
105 for (int i = 0; i < mechList.length; i++) {
106 TSSCompoundSecMechConfig cMech = extractCompoundSecMech(mechList[i], cl);
107 cMech.setTransport_mech(tssConfig.getTransport_mech());
108 mechListConfig.add(cMech);
109 }
110 }
111
112 return tssConfig;
113 }
114
115 protected static TSSTransportMechConfig extractSSL(TSSSSLType sslMech) {
116 TSSSSLTransportConfig sslConfig = new TSSSSLTransportConfig();
117
118 sslConfig.setHostname(sslMech.getHostname());
119 sslConfig.setPort(sslMech.getPort());
120 sslConfig.setHandshakeTimeout(sslMech.getHandshakeTimeout());
121 sslConfig.setSupports(extractAssociationOptions(sslMech.getSupports()));
122 sslConfig.setRequires(extractAssociationOptions(sslMech.getRequires()));
123
124 return sslConfig;
125 }
126
127 protected static TSSCompoundSecMechConfig extractCompoundSecMech(TSSCompoundSecMechType mech, ClassLoader cl) throws DeploymentException {
128
129 TSSCompoundSecMechConfig result = new TSSCompoundSecMechConfig();
130
131 if (mech.isSetGSSUP()) {
132 result.setAs_mech(extractASMech(mech.getGSSUP()));
133 } else {
134 result.setAs_mech(new TSSNULLASMechConfig());
135 }
136
137 if (mech.isSetSasMech()) {
138 result.setSas_mech(extractSASMech(mech.getSasMech(), cl));
139 }
140
141 return result;
142 }
143
144 protected static TSSASMechConfig extractASMech(TSSGSSUPType gssupMech) {
145
146 TSSGSSUPMechConfig gssupConfig = new TSSGSSUPMechConfig();
147
148 gssupConfig.setTargetName(gssupMech.getTargetName());
149 gssupConfig.setRequired(gssupMech.getRequired());
150
151 return gssupConfig;
152 }
153
154 protected static TSSSASMechConfig extractSASMech(TSSSasMechType sasMech, ClassLoader cl) throws DeploymentException {
155
156 TSSSASMechConfig sasMechConfig = new TSSSASMechConfig();
157
158 if (sasMech.isSetServiceConfigurationList()) {
159 sasMechConfig.setRequired(sasMech.getServiceConfigurationList().getRequired());
160
161 TSSGeneralNameType[] generalNames = sasMech.getServiceConfigurationList().getGeneralNameArray();
162 for (int i = 0; i < generalNames.length; i++) {
163 sasMechConfig.addServiceConfigurationConfig(new TSSGeneralNameConfig(generalNames[i].getPrivilegeAuthority()));
164 }
165
166 TSSGssExportedNameType[] exportedNames = sasMech.getServiceConfigurationList().getGssExportedNameArray();
167 for (int i = 0; i < exportedNames.length; i++) {
168 sasMechConfig.addServiceConfigurationConfig(new TSSGSSExportedNameConfig(exportedNames[i].getPrivilegeAuthority(), exportedNames[i].getOID()));
169 }
170 }
171
172 TSSIdentityTokenTypeList identityTokenTypes = sasMech.getIdentityTokenTypes();
173
174 if (identityTokenTypes.isSetITTAbsent()) {
175 sasMechConfig.addIdentityToken(new TSSITTAbsent());
176 } else {
177 if (identityTokenTypes.isSetITTAnonymous()) {
178 sasMechConfig.addIdentityToken(new TSSITTAnonymous());
179 }
180 if (identityTokenTypes.isSetITTPrincipalNameGSSUP()) {
181 org.apache.geronimo.corba.xbeans.csiv2.tss.TSSITTPrincipalNameGSSUPType ittPrincipalNameGSSUP = identityTokenTypes.getITTPrincipalNameGSSUP();
182 String principalClassName = ittPrincipalNameGSSUP.getPrincipalClass();
183 Class principalClass;
184 try {
185 principalClass = ClassLoading.loadClass(principalClassName, cl);
186 } catch (ClassNotFoundException e) {
187 throw new DeploymentException("Could not load principal class", e);
188 }
189 String domainName = ittPrincipalNameGSSUP.isSetDomain() ? ittPrincipalNameGSSUP.getDomain().trim() : null;
190 String realmName = null;
191 if (domainName != null && ittPrincipalNameGSSUP.isSetRealm()) {
192 realmName = ittPrincipalNameGSSUP.getRealm().trim();
193 }
194
195
196 try {
197 sasMechConfig.addIdentityToken(new TSSITTPrincipalNameGSSUP(principalClass, realmName, domainName));
198 } catch (NoSuchMethodException e) {
199 throw new DeploymentException("Could not find principal class constructor", e);
200 }
201 }
202 if (identityTokenTypes.isSetITTDistinguishedName()) {
203 String realmName = identityTokenTypes.getITTDistinguishedName().getRealm();
204 String domainName = identityTokenTypes.getITTDistinguishedName().getDomain();
205
206 realmName = (realmName == null ? null : realmName.trim());
207 domainName = (domainName == null ? null : domainName.trim());
208 sasMechConfig.addIdentityToken(new TSSITTDistinguishedName(realmName, domainName));
209 }
210 if (identityTokenTypes.isSetITTX509CertChain()) {
211 String realmName = identityTokenTypes.getITTX509CertChain().getRealm();
212 String domainName = identityTokenTypes.getITTX509CertChain().getDomain();
213
214 realmName = (realmName == null ? null : realmName.trim());
215 domainName = (domainName == null ? null : domainName.trim());
216 sasMechConfig.addIdentityToken(new TSSITTX509CertChain(realmName, domainName));
217 }
218 }
219
220 return sasMechConfig;
221 }
222
223 protected static short extractAssociationOptions(List list) {
224 short result = 0;
225
226 for (Iterator iter = list.iterator(); iter.hasNext();) {
227 TSSAssociationOption.Enum obj = TSSAssociationOption.Enum.forString((String) iter.next());
228
229 if (TSSAssociationOption.NO_PROTECTION.equals(obj)) {
230 result |= NoProtection.value;
231 } else if (TSSAssociationOption.INTEGRITY.equals(obj)) {
232 result |= Integrity.value;
233 } else if (TSSAssociationOption.CONFIDENTIALITY.equals(obj)) {
234 result |= Confidentiality.value;
235 } else if (TSSAssociationOption.DETECT_REPLAY.equals(obj)) {
236 result |= DetectReplay.value;
237 } else if (TSSAssociationOption.DETECT_MISORDERING.equals(obj)) {
238 result |= DetectMisordering.value;
239 } else if (TSSAssociationOption.ESTABLISH_TRUST_IN_TARGET.equals(obj)) {
240 result |= EstablishTrustInTarget.value;
241 } else if (TSSAssociationOption.ESTABLISH_TRUST_IN_CLIENT.equals(obj)) {
242 result |= EstablishTrustInClient.value;
243 } else if (TSSAssociationOption.NO_DELEGATION.equals(obj)) {
244 result |= NoDelegation.value;
245 } else if (TSSAssociationOption.SIMPLE_DELEGATION.equals(obj)) {
246 result |= SimpleDelegation.value;
247 } else if (TSSAssociationOption.COMPOSITE_DELEGATION.equals(obj)) {
248 result |= CompositeDelegation.value;
249 }
250 }
251 return result;
252 }
253
254 public static final GBeanInfo GBEAN_INFO;
255
256 static {
257 GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(TSSConfigEditor.class, "XmlAttributeBuilder");
258 infoBuilder.addInterface(XmlAttributeBuilder.class);
259 GBEAN_INFO = infoBuilder.getBeanInfo();
260 }
261
262 public static GBeanInfo getGBeanInfo() {
263 return GBEAN_INFO;
264 }
265
266 }