org.wildfly.iiop.openjdk.csiv2

Class CSIv2Util

java.lang.Object

org.wildfly.iiop.openjdk.csiv2.CSIv2Util

public final class CSIv2Util
extends Object

This class defines utility methods for creating, comparing, encoding and decoding CSIv2 components.

Author:

Francisco Reverbel, Stefan Guilhen

Method Summary

Modifier and Type	Method and Description
static org.omg.CSIIOP.AS_ContextSec	createAuthenticationServiceContext(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata) Create the client Authentication Service (AS) context included in a CompoundSecMech definition.
static org.omg.CSIIOP.CompoundSecMech[]	createCompoundSecMechanisms(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) Create a org.omg.CSIIOP.CompoundSecMechanisms which is a sequence of CompoundSecMech.
static TaggedComponent	createCopy(TaggedComponent tc) Make a deep copy of an IOP:TaggedComponent.
static byte[]	createGSSExportedName(byte[] oid, byte[] name) Generate an exported name as specified in [RFC 2743], section 3.2 copied below: 3.2: Mechanism-Independent Exported Name Object Format This section specifies a mechanism-independent level of encapsulating representation for names exported via the GSS_Export_name() call, including an object identifier representing the exporting mechanism.
static byte[]	createGSSUPMechOID() Create an ASN.1, DER encoded representation for the GSSUP OID mechanism.
static org.omg.CSIIOP.SAS_ContextSec	createSecureAttributeServiceContext(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata) Create the Secure Attribute Service (SAS) context included in a CompoundSecMech definition.
static TaggedComponent	createSecurityTaggedComponent(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) Return a top-level IOP:TaggedComponent to be stuffed into an IOR, containing a org.omg.CSIIOP.
static TaggedComponent	createSSLTaggedComponent(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) Return a top-level IOP::TaggedComponent to be stuffed into an IOR, containing a structure SSLIOP::SSL, tagged as TAG_SSL_SEC_TRANS.
static int	createTargetRequires(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tc) Create the bitmask of what the target requires.
static int	createTargetSupports(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tc) Create the bitmask of what the target supports.
static org.omg.CSIIOP.TransportAddress[]	createTransportAddress(String host, int port) Create a TransportAddress[] with a single TransportAddress.
static TaggedComponent	createTransportMech(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tconfig, Codec codec, int sslPort, ORB orb) Create a transport mechanism TaggedComponent to be stuffed into a CompoundSecMech.
static byte[]	decodeGssExportedName(byte[] encodedName) Decodes a GSS exported name that has been encoded with the GSSUP mechanism OID.
static org.omg.GSSUP.InitialContextToken	decodeInitialContextToken(byte[] encodedToken, Codec codec) Decodes an ASN.1-encoded InitialContextToken.
static byte[]	encodeGssExportedName(byte[] name) ASN.1-encodes a GSS exported name with the GSSUP mechanism OID.
static byte[]	encodeInitialContextToken(org.omg.GSSUP.InitialContextToken authToken, Codec codec) ASN.1-encode an InitialContextToken as defined in RFC 2743, Section 3.1, "Mechanism-Independent Token Format", pp.
static org.omg.CSIIOP.CompoundSecMech	getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires) Helper method to be called from a client request interceptor.
static void	toString(org.omg.CSIIOP.CompoundSecMech securityMech, StringBuilder builder) Generate a string representation of the CompoundSecMech.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

createCopy

public static TaggedComponent createCopy(TaggedComponent tc)

Make a deep copy of an IOP:TaggedComponent.

Parameters:

tc - the TaggedComponent to be copied.

Returns:

a reference to the created copy.

createSSLTaggedComponent

public static TaggedComponent createSSLTaggedComponent(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata,
                                                       Codec codec,
                                                       int sslPort,
                                                       ORB orb)

Return a top-level IOP::TaggedComponent to be stuffed into an IOR, containing a structure SSLIOP::SSL, tagged as TAG_SSL_SEC_TRANS.

Should be called with non-null metadata, in which case we probably don't want to include security info in the IOR.

Parameters:

metadata - the metadata object that contains the SSL configuration info.

codec - the Codec used to encode the SSL component.

sslPort - an int representing the SSL port.

orb - a reference to the running ORB.

Returns:

a TaggedComponent representing the encoded SSL component.

createSecurityTaggedComponent

public static TaggedComponent createSecurityTaggedComponent(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata,
                                                            Codec codec,
                                                            int sslPort,
                                                            ORB orb)

Return a top-level IOP:TaggedComponent to be stuffed into an IOR, containing a org.omg.CSIIOP. CompoundSecMechList, tagged as TAG_CSI_SEC_MECH_LIST. Only one such component can exist inside an IOR.

Should be called with non-null metadata, in which case we probably don't want to include security info in the IOR.

Parameters:

metadata - the metadata object that contains the CSIv2 security configuration info.

codec - the Codec used to encode the CSIv2 security component.

sslPort - an int representing the SSL port.

orb - a reference to the running ORB.

Returns:

a TaggedComponent representing the encoded CSIv2 security component.

createCompoundSecMechanisms

public static org.omg.CSIIOP.CompoundSecMech[] createCompoundSecMechanisms(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata,
                                                                           Codec codec,
                                                                           int sslPort,
                                                                           ORB orb)

Create a org.omg.CSIIOP.CompoundSecMechanisms which is a sequence of CompoundSecMech. Here we only support one security mechanism.

Parameters:

metadata - the metadata object that contains the CSIv2 security configuration info.

codec - the Codec used to encode the CSIv2 security component.

sslPort - an int representing the SSL port.

orb - a reference to the running ORB.

Returns:

the constructed CompoundSecMech array.

createSecureAttributeServiceContext

public static org.omg.CSIIOP.SAS_ContextSec createSecureAttributeServiceContext(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata)

Create the Secure Attribute Service (SAS) context included in a CompoundSecMech definition.

Parameters:

metadata - the metadata object that contains the CSIv2 security configuration info.

Returns:

the constructed SAS_ContextSec instance.

createAuthenticationServiceContext

public static org.omg.CSIIOP.AS_ContextSec createAuthenticationServiceContext(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata)

Create the client Authentication Service (AS) context included in a CompoundSecMech definition.

Parameters:

metadata - the metadata object that contains the CSIv2 security configuration info.

Returns:

the constructed AS_ContextSec instance.

createTransportMech

public static TaggedComponent createTransportMech(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tconfig,
                                                  Codec codec,
                                                  int sslPort,
                                                  ORB orb)

Create a transport mechanism TaggedComponent to be stuffed into a CompoundSecMech.

If no TransportConfig metadata is specified, or ssl port is negative, or the specified metadata indicates that transport config is not supported, then a TAG_NULL_TAG (empty) TaggedComponent will be returned.

Otherwise a org.omg.CSIIOP.TLS_SEC_TRANS, tagged as TAG_TLS_SEC_TRANS will be returned, indicating support for TLS/SSL as a CSIv2 transport mechanism.

Multiple TransportAddress may be included in the SSL info (host/port pairs), but we only include one.

Parameters:

tconfig - the transport configuration metadata.

codec - the Codec used to encode the transport configuration.

sslPort - an int representing the SSL port.

orb - a reference to the running ORB.

Returns:

the constructed TaggedComponent.

createTransportAddress

public static org.omg.CSIIOP.TransportAddress[] createTransportAddress(String host,
                                                                       int port)

Create a TransportAddress[] with a single TransportAddress.

Parameters:

host - a String representing the address host.

port - an int representing the address port.

Returns:

the constructed TransportAddress array.

createTargetRequires

public static int createTargetRequires(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tc)

Create the bitmask of what the target requires.

Parameters:

tc - the transport configuration metadata.

Returns:

an int representing the transport mechanism required by the target.

createTargetSupports

public static int createTargetSupports(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tc)

Create the bitmask of what the target supports.

Parameters:

tc - the transport configuration metadata.

Returns:

an int representing the transport mechanisms supported by the target.

createGSSUPMechOID

public static byte[] createGSSUPMechOID()

Create an ASN.1, DER encoded representation for the GSSUP OID mechanism.

Returns:

the DER encoded representation of the GSSUP OID.

createGSSExportedName

public static byte[] createGSSExportedName(byte[] oid,
                                           byte[] name)

Generate an exported name as specified in [RFC 2743], section 3.2 copied below:

3.2: Mechanism-Independent Exported Name Object Format

This section specifies a mechanism-independent level of encapsulating representation for names exported via the GSS_Export_name() call, including an object identifier representing the exporting mechanism. The format of names encapsulated via this representation shall be defined within individual mechanism drafts. The Object Identifier value to indicate names of this type is defined in Section 4.7 of this document.

No name type OID is included in this mechanism-independent level of format definition, since (depending on individual mechanism specifications) the enclosed name may be implicitly typed or may be explicitly typed using a means other than OID encoding.

The bytes within MECH_OID_LEN and NAME_LEN elements are represented most significant byte first (equivalently, in IP network byte order).

Length Name Description

2 TOK_ID Token Identifier For exported name objects, this must be hex 04 01. 2 MECH_OID_LEN Length of the Mechanism OID MECH_OID_LEN MECH_OID Mechanism OID, in DER 4 NAME_LEN Length of name NAME_LEN NAME Exported name; format defined in applicable mechanism draft.

A concrete example of the contents of an exported name object, derived from the Kerberos Version 5 mechanism, is as follows:

04 01 00 0B 06 09 2A 86 48 86 F7 12 01 02 02 hx xx xx xl pp qq ... zz

...

Parameters:

oid - the DER encoded OID.

name - the name to be converted to GSSExportedName.

Returns:

a byte[] representing the exported name.

encodeInitialContextToken

public static byte[] encodeInitialContextToken(org.omg.GSSUP.InitialContextToken authToken,
                                               Codec codec)

ASN.1-encode an InitialContextToken as defined in RFC 2743, Section 3.1, "Mechanism-Independent Token Format", pp. 81-82. The encoded token contains the ASN.1 tag 0x60, followed by a token length (which is itself stored in a variable-length format and takes 1 to 5 bytes), the GSSUP mechanism identifier, and a mechanism-specific token, which in this case is a CDR encapsulation of the GSSUP InitialContextToken in the authToken parameter.

Parameters:

authToken - the InitialContextToken to be encoded.

codec - the Codec used to encode the token.

Returns:

a byte[] representing the encoded token.

decodeInitialContextToken

public static org.omg.GSSUP.InitialContextToken decodeInitialContextToken(byte[] encodedToken,
                                                                          Codec codec)

Decodes an ASN.1-encoded InitialContextToken. See encodeInitialContextToken for a description of the encoded token format.

Parameters:

encodedToken - the encoded token.

codec - the Codec used to decode the token.

Returns:

the decoded InitialContextToken instance.

See Also:

encodeInitialContextToken(org.omg.GSSUP.InitialContextToken, org.omg.IOP.Codec)

encodeGssExportedName

public static byte[] encodeGssExportedName(byte[] name)

ASN.1-encodes a GSS exported name with the GSSUP mechanism OID. See createGSSExportedName for a description of the encoding format.

Parameters:

name - the exported name to be encoded.

Returns:

a byte[] representing the encoded exported name.

See Also:

createGSSExportedName(byte[], byte[])

decodeGssExportedName

public static byte[] decodeGssExportedName(byte[] encodedName)

Decodes a GSS exported name that has been encoded with the GSSUP mechanism OID. See createGSSExportedName for a description of the encoding format.

Parameters:

encodedName - the encoded exported name.

Returns:

a byte[] representing the decoded exported name.

See Also:

createGSSExportedName(byte[], byte[])

getMatchingSecurityMech

public static org.omg.CSIIOP.CompoundSecMech getMatchingSecurityMech(ClientRequestInfo ri,
                                                                     Codec codec,
                                                                     short clientSupports,
                                                                     short clientRequires)

Helper method to be called from a client request interceptor. The ri parameter refers to the current request. This method returns the first CompoundSecMech found in the target IOR such that

• all CompoundSecMech requirements are satisfied by the options in the clientSupports parameter, and
• every requirement in the clientRequires parameter is satisfied by the CompoundSecMech.

The method returns null if the target IOR contains no CompoundSecMechs or if no matching CompoundSecMech is found.

Since this method is intended to be called from a client request interceptor, it converts unexpected exceptions into MARSHAL exceptions.

Parameters:

ri - a reference to the current ClientRequestInfo.

codec - the Codec used to decode the CSIv2 components.

clientSupports - the client supported transport options that must be satisfied by the CompoundSecMech.

clientRequires - the client required transport options that must be satisfied by the CompoundSecMech.

Returns:

the CompoundSecMech instance that satisfies all client options, or null if no such object can be found.

toString

public static void toString(org.omg.CSIIOP.CompoundSecMech securityMech,
                            StringBuilder builder)

Generate a string representation of the CompoundSecMech.

Parameters:

securityMech - the CompoundSecMech to create the string for.

builder - the buffer to write to.