public final class CSIv2Util extends Object
This class defines utility methods for creating, comparing, encoding and decoding CSIv2 components.
Modifier and Type | Method and Description |
---|---|
static org.omg.CSIIOP.AS_ContextSec |
createAuthenticationServiceContext(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata)
Create the client Authentication Service (AS) context included in a
CompoundSecMech definition. |
static org.omg.CSIIOP.CompoundSecMech[] |
createCompoundSecMechanisms(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata,
Codec codec,
int sslPort,
ORB orb)
Create a
CSIIOP.CompoundSecMechanisms which is a sequence of CompoundSecMech . |
static TaggedComponent |
createCopy(TaggedComponent tc)
Make a deep copy of an
IOP:TaggedComponent . |
static byte[] |
createGSSExportedName(byte[] oid,
byte[] name)
Generate an exported name as specified in [RFC 2743], section 3.2 copied below:
3.2: Mechanism-Independent Exported Name Object Format
This section specifies a mechanism-independent level of encapsulating representation for names exported via the
GSS_Export_name() call, including an object identifier representing the exporting mechanism.
|
static byte[] |
createGSSUPMechOID()
Create an ASN.1, DER encoded representation for the GSSUP OID mechanism.
|
static org.omg.CSIIOP.SAS_ContextSec |
createSecureAttributeServiceContext(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata)
Create the Secure Attribute Service (SAS) context included in a
CompoundSecMech definition. |
static TaggedComponent |
createSecurityTaggedComponent(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata,
Codec codec,
int sslPort,
ORB orb)
Return a top-level
IOP:TaggedComponent to be stuffed into an IOR, containing a CSIIOP . |
static TaggedComponent |
createSSLTaggedComponent(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata,
Codec codec,
int sslPort,
ORB orb)
Return a top-level
IOP::TaggedComponent to be stuffed into an IOR, containing an structure
SSLIOP::SSL , tagged as TAG_SSL_SEC_TRANS . |
static int |
createTargetRequires(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tc)
Create the bitmask of what the target requires.
|
static int |
createTargetSupports(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tc)
Create the bitmask of what the target supports.
|
static org.omg.CSIIOP.TransportAddress[] |
createTransportAddress(String host,
int port)
Create a
TransportAddress[] with a single TransportAddress . |
static TaggedComponent |
createTransportMech(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tconfig,
Codec codec,
int sslPort,
ORB orb)
Create a transport mechanism
TaggedComponent to be stuffed into a CompoundSecMech . |
static byte[] |
decodeGssExportedName(byte[] encodedName)
Decodes a GSS exported name that has been encoded with the GSSUP mechanism OID.
|
static org.omg.GSSUP.InitialContextToken |
decodeInitialContextToken(byte[] encodedToken,
Codec codec)
Decodes an ASN.1-encoded
InitialContextToken . |
static byte[] |
encodeGssExportedName(byte[] name)
ASN.1-encodes a GSS exported name with the GSSUP mechanism OID.
|
static byte[] |
encodeInitialContextToken(org.omg.GSSUP.InitialContextToken authToken,
Codec codec)
ASN.1-encode an
InitialContextToken as defined in RFC 2743, Section 3.1, "Mechanism-Independent Token
Format", pp. |
static org.omg.CSIIOP.CompoundSecMech |
getMatchingSecurityMech(ClientRequestInfo ri,
Codec codec,
short clientSupports,
short clientRequires)
Helper method to be called from a client request interceptor.
|
static void |
toString(org.omg.CSIIOP.CompoundSecMech securityMech,
StringBuilder builder)
Generate a string representation of the
CompoundSecMech . |
public static TaggedComponent createCopy(TaggedComponent tc)
Make a deep copy of an IOP:TaggedComponent
.
tc
- the TaggedComponent
to be copied.public static TaggedComponent createSSLTaggedComponent(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb)
Return a top-level IOP::TaggedComponent
to be stuffed into an IOR, containing an structure
SSLIOP::SSL
, tagged as TAG_SSL_SEC_TRANS
.
Should be called with non-null metadata, in which case we probably don't want to include security info in the IOR.
metadata
- the metadata object that contains the SSL configuration info.codec
- the Codec
used to encode the SSL component.sslPort
- an int
representing the SSL port.orb
- a reference to the running ORB
.TaggedComponent
representing the encoded SSL component.public static TaggedComponent createSecurityTaggedComponent(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb)
Return a top-level IOP:TaggedComponent
to be stuffed into an IOR, containing a CSIIOP
.
CompoundSecMechList
, tagged as TAG_CSI_SEC_MECH_LIST
. Only one such component can exist inside
an IOR.
Should be called with non-null metadata, in which case we probably don't want to include security info in the IOR.
metadata
- the metadata object that contains the CSIv2 security configuration info.codec
- the Codec
used to encode the CSIv2 security component.sslPort
- an int
representing the SSL port.orb
- a reference to the running ORB
.TaggedComponent
representing the encoded CSIv2 security component.public static org.omg.CSIIOP.CompoundSecMech[] createCompoundSecMechanisms(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb)
Create a CSIIOP.CompoundSecMechanisms
which is a sequence of CompoundSecMech
. Here we only
support one security mechanism.
metadata
- the metadata object that contains the CSIv2 security configuration info.codec
- the Codec
used to encode the CSIv2 security component.sslPort
- an int
representing the SSL port.orb
- a reference to the running ORB
.CompoundSecMech
array.public static org.omg.CSIIOP.SAS_ContextSec createSecureAttributeServiceContext(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata)
Create the Secure Attribute Service (SAS) context included in a CompoundSecMech
definition.
metadata
- the metadata object that contains the CSIv2 security configuration info.SAS_ContextSec
instance.public static org.omg.CSIIOP.AS_ContextSec createAuthenticationServiceContext(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData metadata)
Create the client Authentication Service (AS) context included in a CompoundSecMech
definition.
metadata
- the metadata object that contains the CSIv2 security configuration info.AS_ContextSec
instance.public static TaggedComponent createTransportMech(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tconfig, Codec codec, int sslPort, ORB orb)
Create a transport mechanism TaggedComponent
to be stuffed into a CompoundSecMech
.
If no TransportConfig
metadata is specified, or ssl port is negative, or the specified metadata indicates
that transport config is not supported, then a TAG_NULL_TAG
(empty) TaggedComponent
will be returned.
Otherwise a CSIIOP.TLS_SEC_TRANS
, tagged as TAG_TLS_SEC_TRANS
will be returned, indicating support
for TLS/SSL as a CSIv2 transport mechanism.
Multiple TransportAddress
may be included in the SSL info (host/port pairs), but we only include one.
tconfig
- the transport configuration metadata.codec
- the Codec
used to encode the transport configuration.sslPort
- an int
representing the SSL port.orb
- a reference to the running ORB
.TaggedComponent
.public static org.omg.CSIIOP.TransportAddress[] createTransportAddress(String host, int port)
Create a TransportAddress[]
with a single TransportAddress
.
host
- a String
representing the address host.port
- an int
representing the address port.TransportAddress
array.public static int createTargetRequires(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tc)
Create the bitmask of what the target requires.
tc
- the transport configuration metadata.int
representing the transport mechanism required by the target.public static int createTargetSupports(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData tc)
Create the bitmask of what the target supports.
tc
- the transport configuration metadata.int
representing the transport mechanisms supported by the target.public static byte[] createGSSUPMechOID()
Create an ASN.1, DER encoded representation for the GSSUP OID mechanism.
public static byte[] createGSSExportedName(byte[] oid, byte[] name)
oid
- the DER encoded OID.name
- the name to be converted to GSSExportedName
.byte[]
representing the exported name.public static byte[] encodeInitialContextToken(org.omg.GSSUP.InitialContextToken authToken, Codec codec)
ASN.1-encode an InitialContextToken
as defined in RFC 2743, Section 3.1, "Mechanism-Independent Token
Format", pp. 81-82. The encoded token contains the ASN.1 tag 0x60, followed by a token length (which is itself
stored in a variable-lenght format and takes 1 to 5 bytes), the GSSUP mechanism identifier, and a mechanism-specific
token, which in this case is a CDR encapsulation of the GSSUP InitialContextToken
in the authToken
parameter.
authToken
- the InitialContextToken
to be encoded.codec
- the Codec
used to encode the token.byte[]
representing the encoded token.public static org.omg.GSSUP.InitialContextToken decodeInitialContextToken(byte[] encodedToken, Codec codec)
Decodes an ASN.1-encoded InitialContextToken
. See encodeInitialContextToken
for a description of
the encoded token format.
encodedToken
- the encoded token.codec
- the Codec
used to decode the token.InitialContextToken
instance.encodeInitialContextToken(org.omg.GSSUP.InitialContextToken, org.omg.IOP.Codec)
public static byte[] encodeGssExportedName(byte[] name)
ASN.1-encodes a GSS exported name with the GSSUP mechanism OID. See createGSSExportedName
for a
description of the encoding format.
name
- the exported name to be encoded.byte[]
representing the encoded exported name.createGSSExportedName(byte[], byte[])
public static byte[] decodeGssExportedName(byte[] encodedName)
Decodes a GSS exported name that has been encoded with the GSSUP mechanism OID. See createGSSExportedName
for a description of the encoding format.
encodedName
- the encoded exported name.byte[]
representing the decoded exported name.createGSSExportedName(byte[], byte[])
public static org.omg.CSIIOP.CompoundSecMech getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires)
Helper method to be called from a client request interceptor. The ri
parameter refers to the current
request. This method returns the first CompoundSecMech
found in the target IOR such that
CompoundSecMech
requirements are satisfied by the options in the clientSupports
parameter, andclientRequires
parameter is satisfied by the CompoundSecMech
.
CompoundSecMech
s or if no matching
CompoundSecMech
is found.
Since this method is intended to be called from a client request interceptor, it converts unexpected exceptions
into MARSHAL
exceptions.
ri
- a reference to the current ClientRequestInfo
.codec
- the Codec
used to decode the CSIv2 components.clientSupports
- the client supported transport options that must be satisfied by the CompoundSecMech
.clientRequires
- the client required transport options that must be satisfied by the CompoundSecMech
.CompoundSecMech
instance that satisfies all client options, or null
if no such object
can be found.public static void toString(org.omg.CSIIOP.CompoundSecMech securityMech, StringBuilder builder)
Generate a string representation of the CompoundSecMech
.
securityMech
- the CompoundSecMech
to create the string for.builder
- the buffer to write to.Copyright © 2012 JBoss, a division of Red Hat, Inc.. All Rights Reserved.