org.jboss.iiop.csiv2
Class CSIv2Util

java.lang.Object
  org.jboss.iiop.csiv2.CSIv2Util

public final class CSIv2Util

extends java.lang.Object

Helper class

createCopy

public static org.omg.IOP.TaggedComponent createCopy(org.omg.IOP.TaggedComponent tc)

Make a deep copy of an IOP:TaggedComponent

createSSLTaggedComponent

public static org.omg.IOP.TaggedComponent createSSLTaggedComponent(IorSecurityConfigMetaData (src)  metadata,
                                                                   org.omg.IOP.Codec codec,
                                                                   int sslPort,
                                                                   org.omg.CORBA.ORB orb)

Return a top-level IOP::TaggedComponent to be stuffed into an IOR, containing an structure SSLIOP::SSL, tagged as TAG_SSL_SEC_TRANS. Should be called with non-null metadata, in which case we probably don't want to include security info in the IOR.

createSecurityTaggedComponent

public static org.omg.IOP.TaggedComponent createSecurityTaggedComponent(IorSecurityConfigMetaData (src)  metadata,
                                                                        org.omg.IOP.Codec codec,
                                                                        int sslPort,
                                                                        org.omg.CORBA.ORB orb)

Return a top-level IOP:TaggedComponent to be stuffed into an IOR, containing a CSIIOP.CompoundSecMechList, tagged as TAG_CSI_SEC_MECH_LIST. Only one such component can exist inside an IOR. Should be called with non-null metadata, in which case we probably don't want to include security info in the IOR.

createCompoundSecMechanisms

public static CompoundSecMech[] createCompoundSecMechanisms(IorSecurityConfigMetaData (src)  metadata,
                                                            org.omg.IOP.Codec codec,
                                                            int sslPort,
                                                            org.omg.CORBA.ORB orb)

Create a CSIIOP.CompoundSecMechanisms which is a sequence of CompoundSecMech. Here we only support one security mechanism.

createSecureAttributeServiceContext

public static SAS_ContextSec createSecureAttributeServiceContext(IorSecurityConfigMetaData (src)  metadata)

Create the Secure Attribute Service (SAS) context included in a CompoundSecMech definition

createAuthenticationServiceContext

public static AS_ContextSec createAuthenticationServiceContext(IorSecurityConfigMetaData (src)  metadata)

Create the client Authentication Service (AS) context included in a CompoundSecMech definition.

createTransportMech

public static org.omg.IOP.TaggedComponent createTransportMech(IorSecurityConfigMetaData.TransportConfig (src)  tconfig,
                                                              org.omg.IOP.Codec codec,
                                                              int sslPort,
                                                              org.omg.CORBA.ORB orb)

Create a transport mechanism TaggedComponent to be stuffed into a CompoundSecMech. If no TransportConfig metadata is specified, or ssl port is negative, or the specified metadata indicates that transport config is not supported, then a TAG_NULL_TAG (empty) TaggedComponent will be returned. Otherwise a CSIIOP.TLS_SEC_TRANS, tagged as TAG_TLS_SEC_TRANS will be returned, indicating support for TLS/SSL as a CSIv2 transport mechanism. Multiple TransportAddress may be included in the SSL info (host/port pairs), but we only include one.

createTransportAddress

public static TransportAddress[] createTransportAddress(java.lang.String host,
                                                        int port)

Create a TransportAddress[] with a single TransportAddress

createTargetRequires

public static int createTargetRequires(IorSecurityConfigMetaData.TransportConfig (src)  tc)

Create the AssociationOption for CompoundSecMech - target_requires

createTargetSupports

public static int createTargetSupports(IorSecurityConfigMetaData.TransportConfig (src)  tc)

Create bitmask of what the target supports

createGSSUPMechOID

public static byte[] createGSSUPMechOID()

Create an ASN.1, DER encoded representation for the GSSUP OID mechanism

gssUpMechOid

public static byte[] gssUpMechOid()

Return an ASN.1, DER encoded representation for the GSSUP OID mechanism.

createGSSExportedName

public static byte[] createGSSExportedName(byte[] oid,
                                           byte[] name)

Generate an exported name as specified in [RFC 2743], section 3.2 copied below: 3.2: Mechanism-Independent Exported Name Object Format This section specifies a mechanism-independent level of encapsulating representation for names exported via the GSS_Export_name() call, including an object identifier representing the exporting mechanism. The format of names encapsulated via this representation shall be defined within individual mechanism drafts. The Object Identifier value to indicate names of this type is defined in Section 4.7 of this document. No name type OID is included in this mechanism-independent level of format definition, since (depending on individual mechanism specifications) the enclosed name may be implicitly typed or may be explicitly typed using a means other than OID encoding. The bytes within MECH_OID_LEN and NAME_LEN elements are represented most significant byte first (equivalently, in IP network byte order). Length Name Description 2 TOK_ID Token Identifier For exported name objects, this must be hex 04 01. 2 MECH_OID_LEN Length of the Mechanism OID MECH_OID_LEN MECH_OID Mechanism OID, in DER 4 NAME_LEN Length of name NAME_LEN NAME Exported name; format defined in applicable mechanism draft. A concrete example of the contents of an exported name object, derived from the Kerberos Version 5 mechanism, is as follows: 04 01 00 0B 06 09 2A 86 48 86 F7 12 01 02 02 hx xx xx xl pp qq ... zz ...

Parameters:

oid - the DER encoded OID

name - the name to be converted to GSSExportedName

encodeInitialContextToken

public static byte[] encodeInitialContextToken(InitialContextToken authToken,
                                               org.omg.IOP.Codec codec)

ASN.1-encode an InitialContextToken as defined in RFC 2743, Section 3.1, "Mechanism-Independent Token Format", pp. 81-82. The encoded token contains the ASN.1 tag 0x60, followed by a token length (which is itself stored in a variable-lenght format and takes 1 to 5 bytes), the GSSUP mechanism identifier, and a mechanism-specific token, which in this case is a CDR encapsulation of the GSSUP InitialContextToken in the authToken parameter.

decodeInitialContextToken

public static InitialContextToken decodeInitialContextToken(byte[] encodedToken,
                                                            org.omg.IOP.Codec codec)

Decodes an ASN.1-encoded InitialContextToken. See encodeInitialContextToken for a description of the encoded token format.

encodeGssExportedName

public static byte[] encodeGssExportedName(byte[] name)

ASN.1-encodes a GSS exported name with the GSSUP mechanism OID. See createGSSExportedName for a description of the encoding format.

decodeGssExportedName

public static byte[] decodeGssExportedName(byte[] encodedName)

Decodes a GSS exported name that has been encoded with the GSSUP mechanism OID. See createGSSExportedName for a description of the encoding format.

getMatchingSecurityMech

public static CompoundSecMech getMatchingSecurityMech(org.omg.PortableInterceptor.ClientRequestInfo ri,
                                                      org.omg.IOP.Codec codec,
                                                      short clientSupports,
                                                      short clientRequires)

Helper method to be called from a client request interceptor. The ri parameter refers to the current request. This method returns the first CompoundSecMech found in the target IOR such that

• all CompoundSecMech requirements are satisfied by the options in the clientSupports parameter, and
• every requirement in the clientRequires parameter is satisfied by the CompoundSecMech.

The method returns null if the target IOR contains no CompoundSecMechs or if no matching CompoundSecMech is found. Since this method is intended to be called from a client request interceptor, it converts unexpected exceptions into MARSHAL exceptions.

toString

public static void toString(CompoundSecMech securityMech,
                            java.lang.StringBuffer buffer)

Generate a string representation of the CompoundSecMech

Parameters:

securityMech - - the CompoundSecMech to create the string for

buffer - - the buffer to write to