001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.corba.security.config.tss; 018 019 import java.util.Iterator; 020 import java.util.List; 021 022 import org.apache.xmlbeans.XmlException; 023 import org.apache.xmlbeans.XmlObject; 024 import org.apache.geronimo.common.DeploymentException; 025 import org.apache.geronimo.common.propertyeditor.PropertyEditorException; 026 import org.apache.geronimo.deployment.service.XmlAttributeBuilder; 027 import org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil; 028 import org.apache.geronimo.gbean.GBeanInfoBuilder; 029 import org.apache.geronimo.gbean.GBeanInfo; 030 import org.apache.geronimo.kernel.ClassLoading; 031 import org.omg.CSIIOP.CompositeDelegation; 032 import org.omg.CSIIOP.Confidentiality; 033 import org.omg.CSIIOP.DetectMisordering; 034 import org.omg.CSIIOP.DetectReplay; 035 import org.omg.CSIIOP.EstablishTrustInClient; 036 import org.omg.CSIIOP.EstablishTrustInTarget; 037 import org.omg.CSIIOP.Integrity; 038 import org.omg.CSIIOP.NoDelegation; 039 import org.omg.CSIIOP.NoProtection; 040 import org.omg.CSIIOP.SimpleDelegation; 041 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSAssociationOption; 042 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSCompoundSecMechType; 043 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSGSSUPType; 044 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSGeneralNameType; 045 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSGssExportedNameType; 046 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSIdentityTokenTypeList; 047 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSSSLType; 048 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSSasMechType; 049 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSTssDocument; 050 import org.apache.geronimo.corba.xbeans.csiv2.tss.TSSTssType; 051 052 053 /** 054 * A property editor for {@link org.apache.geronimo.corba.security.config.tss.TSSConfig}. 055 * 056 * @version $Revision: 451417 $ $Date: 2006-09-29 13:13:22 -0700 (Fri, 29 Sep 2006) $ 057 */ 058 public class TSSConfigEditor implements XmlAttributeBuilder { 059 060 private static final String NAMESPACE = TSSTssDocument.type.getDocumentElementName().getNamespaceURI(); 061 062 public String getNamespace() { 063 return NAMESPACE; 064 } 065 066 /** 067 * Returns a TSSConfig object initialized with the input object 068 * as an XML string. 069 * 070 * @return a TSSConfig object 071 * @throws org.apache.geronimo.common.propertyeditor.PropertyEditorException 072 * An IOException occured. 073 */ 074 public Object getValue(XmlObject xmlObject, String type, ClassLoader cl) throws DeploymentException { 075 TSSTssType tss; 076 if (xmlObject instanceof TSSTssType) { 077 tss = (TSSTssType) xmlObject; 078 } else { 079 tss = (TSSTssType) xmlObject.copy().changeType(TSSTssType.type); 080 } 081 082 try { 083 XmlBeansUtil.validateDD(tss); 084 } catch (XmlException e) { 085 throw new DeploymentException("Error parsing TSS configuration", e); 086 } 087 088 TSSConfig tssConfig = new TSSConfig(); 089 090 tssConfig.setInherit(tss.getInherit()); 091 092 if (tss.isSetSSL()) { 093 tssConfig.setTransport_mech(extractSSL(tss.getSSL())); 094 } else if (tss.isSetSECIOP()) { 095 throw new PropertyEditorException("SECIOP processing not implemented"); 096 } else { 097 tssConfig.setTransport_mech(new TSSNULLTransportConfig()); 098 } 099 100 if (tss.isSetCompoundSecMechTypeList()) { 101 TSSCompoundSecMechListConfig mechListConfig = tssConfig.getMechListConfig(); 102 mechListConfig.setStateful(tss.getCompoundSecMechTypeList().getStateful()); 103 104 TSSCompoundSecMechType[] mechList = tss.getCompoundSecMechTypeList().getCompoundSecMechArray(); 105 for (int i = 0; i < mechList.length; i++) { 106 TSSCompoundSecMechConfig cMech = extractCompoundSecMech(mechList[i], cl); 107 cMech.setTransport_mech(tssConfig.getTransport_mech()); 108 mechListConfig.add(cMech); 109 } 110 } 111 112 return tssConfig; 113 } 114 115 protected static TSSTransportMechConfig extractSSL(TSSSSLType sslMech) { 116 TSSSSLTransportConfig sslConfig = new TSSSSLTransportConfig(); 117 118 sslConfig.setHostname(sslMech.getHostname()); 119 sslConfig.setPort(sslMech.getPort()); 120 sslConfig.setHandshakeTimeout(sslMech.getHandshakeTimeout()); 121 sslConfig.setSupports(extractAssociationOptions(sslMech.getSupports())); 122 sslConfig.setRequires(extractAssociationOptions(sslMech.getRequires())); 123 124 return sslConfig; 125 } 126 127 protected static TSSCompoundSecMechConfig extractCompoundSecMech(TSSCompoundSecMechType mech, ClassLoader cl) throws DeploymentException { 128 129 TSSCompoundSecMechConfig result = new TSSCompoundSecMechConfig(); 130 131 if (mech.isSetGSSUP()) { 132 result.setAs_mech(extractASMech(mech.getGSSUP())); 133 } else { 134 result.setAs_mech(new TSSNULLASMechConfig()); 135 } 136 137 if (mech.isSetSasMech()) { 138 result.setSas_mech(extractSASMech(mech.getSasMech(), cl)); 139 } 140 141 return result; 142 } 143 144 protected static TSSASMechConfig extractASMech(TSSGSSUPType gssupMech) { 145 146 TSSGSSUPMechConfig gssupConfig = new TSSGSSUPMechConfig(); 147 148 gssupConfig.setTargetName(gssupMech.getTargetName()); 149 gssupConfig.setRequired(gssupMech.getRequired()); 150 151 return gssupConfig; 152 } 153 154 protected static TSSSASMechConfig extractSASMech(TSSSasMechType sasMech, ClassLoader cl) throws DeploymentException { 155 156 TSSSASMechConfig sasMechConfig = new TSSSASMechConfig(); 157 158 if (sasMech.isSetServiceConfigurationList()) { 159 sasMechConfig.setRequired(sasMech.getServiceConfigurationList().getRequired()); 160 161 TSSGeneralNameType[] generalNames = sasMech.getServiceConfigurationList().getGeneralNameArray(); 162 for (int i = 0; i < generalNames.length; i++) { 163 sasMechConfig.addServiceConfigurationConfig(new TSSGeneralNameConfig(generalNames[i].getPrivilegeAuthority())); 164 } 165 166 TSSGssExportedNameType[] exportedNames = sasMech.getServiceConfigurationList().getGssExportedNameArray(); 167 for (int i = 0; i < exportedNames.length; i++) { 168 sasMechConfig.addServiceConfigurationConfig(new TSSGSSExportedNameConfig(exportedNames[i].getPrivilegeAuthority(), exportedNames[i].getOID())); 169 } 170 } 171 172 TSSIdentityTokenTypeList identityTokenTypes = sasMech.getIdentityTokenTypes(); 173 174 if (identityTokenTypes.isSetITTAbsent()) { 175 sasMechConfig.addIdentityToken(new TSSITTAbsent()); 176 } else { 177 if (identityTokenTypes.isSetITTAnonymous()) { 178 sasMechConfig.addIdentityToken(new TSSITTAnonymous()); 179 } 180 if (identityTokenTypes.isSetITTPrincipalNameGSSUP()) { 181 org.apache.geronimo.corba.xbeans.csiv2.tss.TSSITTPrincipalNameGSSUPType ittPrincipalNameGSSUP = identityTokenTypes.getITTPrincipalNameGSSUP(); 182 String principalClassName = ittPrincipalNameGSSUP.getPrincipalClass(); 183 Class principalClass; 184 try { 185 principalClass = ClassLoading.loadClass(principalClassName, cl); 186 } catch (ClassNotFoundException e) { 187 throw new DeploymentException("Could not load principal class", e); 188 } 189 String domainName = ittPrincipalNameGSSUP.isSetDomain() ? ittPrincipalNameGSSUP.getDomain().trim() : null; 190 String realmName = null; 191 if (domainName != null && ittPrincipalNameGSSUP.isSetRealm()) { 192 realmName = ittPrincipalNameGSSUP.getRealm().trim(); 193 } 194 195 196 try { 197 sasMechConfig.addIdentityToken(new TSSITTPrincipalNameGSSUP(principalClass, realmName, domainName)); 198 } catch (NoSuchMethodException e) { 199 throw new DeploymentException("Could not find principal class constructor", e); 200 } 201 } 202 if (identityTokenTypes.isSetITTDistinguishedName()) { 203 String realmName = identityTokenTypes.getITTDistinguishedName().getRealm(); 204 String domainName = identityTokenTypes.getITTDistinguishedName().getDomain(); 205 206 realmName = (realmName == null ? null : realmName.trim()); 207 domainName = (domainName == null ? null : domainName.trim()); 208 sasMechConfig.addIdentityToken(new TSSITTDistinguishedName(realmName, domainName)); 209 } 210 if (identityTokenTypes.isSetITTX509CertChain()) { 211 String realmName = identityTokenTypes.getITTX509CertChain().getRealm(); 212 String domainName = identityTokenTypes.getITTX509CertChain().getDomain(); 213 214 realmName = (realmName == null ? null : realmName.trim()); 215 domainName = (domainName == null ? null : domainName.trim()); 216 sasMechConfig.addIdentityToken(new TSSITTX509CertChain(realmName, domainName)); 217 } 218 } 219 220 return sasMechConfig; 221 } 222 223 protected static short extractAssociationOptions(List list) { 224 short result = 0; 225 226 for (Iterator iter = list.iterator(); iter.hasNext();) { 227 TSSAssociationOption.Enum obj = TSSAssociationOption.Enum.forString((String) iter.next()); 228 229 if (TSSAssociationOption.NO_PROTECTION.equals(obj)) { 230 result |= NoProtection.value; 231 } else if (TSSAssociationOption.INTEGRITY.equals(obj)) { 232 result |= Integrity.value; 233 } else if (TSSAssociationOption.CONFIDENTIALITY.equals(obj)) { 234 result |= Confidentiality.value; 235 } else if (TSSAssociationOption.DETECT_REPLAY.equals(obj)) { 236 result |= DetectReplay.value; 237 } else if (TSSAssociationOption.DETECT_MISORDERING.equals(obj)) { 238 result |= DetectMisordering.value; 239 } else if (TSSAssociationOption.ESTABLISH_TRUST_IN_TARGET.equals(obj)) { 240 result |= EstablishTrustInTarget.value; 241 } else if (TSSAssociationOption.ESTABLISH_TRUST_IN_CLIENT.equals(obj)) { 242 result |= EstablishTrustInClient.value; 243 } else if (TSSAssociationOption.NO_DELEGATION.equals(obj)) { 244 result |= NoDelegation.value; 245 } else if (TSSAssociationOption.SIMPLE_DELEGATION.equals(obj)) { 246 result |= SimpleDelegation.value; 247 } else if (TSSAssociationOption.COMPOSITE_DELEGATION.equals(obj)) { 248 result |= CompositeDelegation.value; 249 } 250 } 251 return result; 252 } 253 254 public static final GBeanInfo GBEAN_INFO; 255 256 static { 257 GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(TSSConfigEditor.class, "XmlAttributeBuilder"); 258 infoBuilder.addInterface(XmlAttributeBuilder.class); 259 GBEAN_INFO = infoBuilder.getBeanInfo(); 260 } 261 262 public static GBeanInfo getGBeanInfo() { 263 return GBEAN_INFO; 264 } 265 266 }