001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.corba.security.config.tss;
018
019 import javax.net.ssl.SSLPeerUnverifiedException;
020 import javax.net.ssl.SSLSession;
021 import javax.security.auth.Subject;
022 import javax.security.auth.x500.X500Principal;
023 import javax.security.cert.X509Certificate;
024
025 import org.apache.commons.logging.Log;
026 import org.apache.commons.logging.LogFactory;
027 import org.omg.CORBA.Any;
028 import org.omg.CORBA.NO_PERMISSION;
029 import org.omg.CORBA.ORB;
030 import org.omg.CORBA.UserException;
031 import org.omg.CSIIOP.EstablishTrustInClient;
032 import org.omg.CSIIOP.TAG_NULL_TAG;
033 import org.omg.CSIIOP.TAG_TLS_SEC_TRANS;
034 import org.omg.CSIIOP.TLS_SEC_TRANS;
035 import org.omg.CSIIOP.TLS_SEC_TRANSHelper;
036 import org.omg.CSIIOP.TransportAddress;
037 import org.omg.IOP.Codec;
038 import org.omg.IOP.TaggedComponent;
039
040 import org.apache.geronimo.corba.security.SASException;
041 import org.apache.geronimo.corba.security.config.ConfigUtil;
042
043
044 /**
045 * At the moment, this config class can only handle a single address.
046 *
047 * @version $Rev: 504461 $ $Date: 2007-02-07 00:42:26 -0800 (Wed, 07 Feb 2007) $
048 */
049 public class TSSSSLTransportConfig extends TSSTransportMechConfig {
050
051 private final static Log log = LogFactory.getLog(TSSSSLTransportConfig.class);
052
053 private short port;
054 private String hostname;
055 private short handshakeTimeout = -1;
056 private short supports;
057 private short requires;
058
059 public TSSSSLTransportConfig() {
060 }
061
062 public TSSSSLTransportConfig(TaggedComponent component, Codec codec) throws UserException {
063 Any any = codec.decode_value(component.component_data, TLS_SEC_TRANSHelper.type());
064 TLS_SEC_TRANS tst = TLS_SEC_TRANSHelper.extract(any);
065
066 supports = tst.target_supports;
067 requires = tst.target_requires;
068 port = tst.addresses[0].port;
069 hostname = tst.addresses[0].host_name;
070 }
071
072 public short getPort() {
073 return port;
074 }
075
076 public void setPort(short port) {
077 this.port = port;
078 }
079
080 public String getHostname() {
081 return hostname;
082 }
083
084 public void setHostname(String hostname) {
085 this.hostname = hostname;
086 }
087
088 public short getHandshakeTimeout() {
089 return handshakeTimeout;
090 }
091
092 public void setHandshakeTimeout(short handshakeTimeout) {
093 this.handshakeTimeout = handshakeTimeout;
094 }
095
096 public short getSupports() {
097 return supports;
098 }
099
100 public void setSupports(short supports) {
101 this.supports = supports;
102 }
103
104 public short getRequires() {
105 return requires;
106 }
107
108 public void setRequires(short requires) {
109 this.requires = requires;
110 }
111
112 public TaggedComponent encodeIOR(ORB orb, Codec codec) {
113 TaggedComponent result = new TaggedComponent();
114
115 TLS_SEC_TRANS tst = new TLS_SEC_TRANS();
116
117 tst.target_supports = supports;
118 tst.target_requires = requires;
119 tst.addresses = new TransportAddress[1];
120 tst.addresses[0] = new TransportAddress(hostname, port);
121
122 try {
123 Any any = orb.create_any();
124 TLS_SEC_TRANSHelper.insert(any, tst);
125
126 result.tag = TAG_TLS_SEC_TRANS.value;
127 result.component_data = codec.encode_value(any);
128 } catch (Exception ex) {
129 log.error("Error enncoding transport tagged component, defaulting encoding to NULL");
130
131 result.tag = TAG_NULL_TAG.value;
132 result.component_data = new byte[0];
133 }
134
135 return result;
136 }
137
138 public Subject check(SSLSession session) throws SASException {
139 if (session == null && requires != 0) throw new NO_PERMISSION("Missing required SSL session");
140
141 try {
142 if (log.isDebugEnabled()) log.debug("Scraping principal from SSL session");
143
144 X509Certificate link = session.getPeerCertificateChain()[0];
145 Subject subject = new Subject();
146 String name = link.getSubjectDN().toString();
147
148 if (log.isDebugEnabled()) log.debug("Obtained principal " + name);
149
150 subject.getPrincipals().add(new X500Principal(name));
151
152 return subject;
153 } catch (SSLPeerUnverifiedException e) {
154 if ((requires & EstablishTrustInClient.value) != 0) {
155 if (log.isDebugEnabled()) log.debug("Unverified peer, throwing exception");
156 throw new SASException(1, e);
157 }
158 if (log.isDebugEnabled()) log.debug("Unverified peer, returning null");
159 return null;
160 }
161 }
162
163 void toString(String spaces, StringBuffer buf) {
164 String moreSpaces = spaces + " ";
165 buf.append(spaces).append("TSSSSLTransportConfig: [\n");
166 buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n");
167 buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n");
168 buf.append(moreSpaces).append("port : ").append(port).append("\n");
169 buf.append(moreSpaces).append("hostName: ").append(hostname).append("\n");
170 buf.append(moreSpaces).append("handshakeTimeout: ").append(handshakeTimeout).append("\n");
171 buf.append(spaces).append("]\n");
172 }
173
174 }