001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.corba.security.config.tss; 018 019 import java.io.Serializable; 020 import java.util.ArrayList; 021 import java.util.HashMap; 022 import java.util.Iterator; 023 import java.util.Map; 024 import javax.security.auth.Subject; 025 026 import org.omg.CORBA.ORB; 027 import org.omg.CSI.EstablishContext; 028 import org.omg.CSI.ITTPrincipalName; 029 import org.omg.CSI.IdentityToken; 030 import org.omg.CSIIOP.DelegationByClient; 031 import org.omg.CSIIOP.IdentityAssertion; 032 import org.omg.CSIIOP.SAS_ContextSec; 033 import org.omg.CSIIOP.ServiceConfiguration; 034 import org.omg.IOP.Codec; 035 import org.apache.geronimo.corba.security.SASException; 036 import org.apache.geronimo.corba.security.config.ConfigUtil; 037 import org.apache.geronimo.corba.util.Util; 038 039 040 /** 041 * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $ 042 */ 043 public class TSSSASMechConfig implements Serializable { 044 045 private short supports; 046 private short requires; 047 private boolean required; 048 private final ArrayList privilegeAuthorities = new ArrayList(); 049 private final Map idTokens = new HashMap(); 050 051 public TSSSASMechConfig() { 052 } 053 054 public TSSSASMechConfig(SAS_ContextSec context) throws Exception { 055 supports = context.target_supports; 056 requires = context.target_requires; 057 058 ServiceConfiguration[] c = context.privilege_authorities; 059 for (int i = 0; i < c.length; i++) { 060 privilegeAuthorities.add(TSSServiceConfigurationConfig.decodeIOR(c[i])); 061 } 062 063 byte[][] n = context.supported_naming_mechanisms; 064 for (int i = 0; i < n.length; i++) { 065 String oid = Util.decodeOID(n[i]); 066 067 //TODO is this needed? 068 if (TSSITTPrincipalNameGSSUP.OID.equals(oid)) { 069 //TODO this doesn't make sense if we plan to use this for identity check. 070 addIdentityToken(new TSSITTPrincipalNameGSSUP(null, null, null)); 071 } 072 } 073 074 supports = context.target_supports; 075 requires = context.target_requires; 076 } 077 078 public void addServiceConfigurationConfig(TSSServiceConfigurationConfig config) { 079 privilegeAuthorities.add(config); 080 081 supports |= DelegationByClient.value; 082 if (required) requires = DelegationByClient.value; 083 } 084 085 public TSSServiceConfigurationConfig serviceConfigurationAt(int i) { 086 return (TSSServiceConfigurationConfig) privilegeAuthorities.get(i); 087 } 088 089 public int paSize() { 090 return privilegeAuthorities.size(); 091 } 092 093 public void addIdentityToken(TSSSASIdentityToken token) { 094 idTokens.put(new Integer(token.getType()), token); 095 096 if (token.getType() > 0) supports |= IdentityAssertion.value; 097 } 098 099 public short getSupports() { 100 return supports; 101 } 102 103 public short getRequires() { 104 return requires; 105 } 106 107 public boolean isRequired() { 108 return required; 109 } 110 111 public void setRequired(boolean required) { 112 this.required = required; 113 if (required) requires |= (short) (supports & DelegationByClient.value); 114 } 115 116 public SAS_ContextSec encodeIOR(ORB orb, Codec codec) throws Exception { 117 118 SAS_ContextSec result = new SAS_ContextSec(); 119 120 int i = 0; 121 result.privilege_authorities = new ServiceConfiguration[privilegeAuthorities.size()]; 122 for (Iterator iter = privilegeAuthorities.iterator(); iter.hasNext();) { 123 result.privilege_authorities[i++] = ((TSSServiceConfigurationConfig) iter.next()).generateServiceConfiguration(); 124 } 125 126 ArrayList list = new ArrayList(); 127 for (Iterator iter = idTokens.values().iterator(); iter.hasNext();) { 128 TSSSASIdentityToken token = (TSSSASIdentityToken) iter.next(); 129 130 if (token.getType() == ITTPrincipalName.value) { 131 list.add(token); 132 } 133 result.supported_identity_types |= token.getType(); 134 } 135 136 i = 0; 137 result.supported_naming_mechanisms = new byte[list.size()][]; 138 for (Iterator iter = list.iterator(); iter.hasNext();) { 139 TSSSASIdentityToken token = (TSSSASIdentityToken) iter.next(); 140 141 result.supported_naming_mechanisms[i++] = Util.encodeOID(token.getOID()); 142 } 143 144 result.target_supports = supports; 145 result.target_requires = requires; 146 147 return result; 148 } 149 150 public Subject check(EstablishContext msg) throws SASException { 151 if (msg.identity_token != null) { 152 IdentityToken identityToken = msg.identity_token; 153 int discriminator = identityToken.discriminator(); 154 TSSSASIdentityToken tssIdentityToken = (TSSSASIdentityToken) idTokens.get(new Integer(discriminator)); 155 if (tssIdentityToken == null) { 156 throw new SASException(1, new Exception("Unsupported IdentityTokenType: " + discriminator)); 157 } else { 158 return tssIdentityToken.check(identityToken); 159 } 160 } else { 161 return null; 162 } 163 } 164 165 public String toString() { 166 StringBuffer buf = new StringBuffer(); 167 toString("", buf); 168 return buf.toString(); 169 } 170 171 void toString(String spaces, StringBuffer buf) { 172 String moreSpaces = spaces + " "; 173 buf.append(spaces).append(getName()).append(": [\n"); 174 buf.append(moreSpaces).append("required: ").append(required).append("\n"); 175 buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n"); 176 buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n"); 177 for (Iterator iterator = privilegeAuthorities.iterator(); iterator.hasNext();) { 178 TSSServiceConfigurationConfig tssServiceConfigurationConfig = (TSSServiceConfigurationConfig) iterator.next(); 179 tssServiceConfigurationConfig.toString(moreSpaces, buf); 180 } 181 buf.append("\n"); 182 for (Iterator iterator = idTokens.values().iterator(); iterator.hasNext();) { 183 TSSSASIdentityToken identityToken = (TSSSASIdentityToken) iterator.next(); 184 identityToken.toString(moreSpaces, buf); 185 } 186 buf.append(spaces).append("]\n"); 187 } 188 189 protected String getName() { 190 return "TSSSASMechConfig"; 191 } 192 193 }