maguro 2005/03/12 12:04:54
Modified: modules/core/src/java/org/openejb/corba/security/config/tss
TSSConfig.java TSSNULLTransportConfig.java
TSSSECIOPTransportConfig.java
TSSSSLTransportConfig.java
TSSTransportMechConfig.java
Log:
Some fixes to POA policies and added default principal to the CORBA ORB.
Revision Changes Path
1.2 +24 -1
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSConfig.java
Index: TSSConfig.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSConfig.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- TSSConfig.java 8 Mar 2005 04:08:34 -0000 1.1
+++ TSSConfig.java 12 Mar 2005 17:04:54 -0000 1.2
@@ -48,11 +48,18 @@
package org.openejb.corba.security.config.tss;
import java.io.Serializable;
+import java.security.Principal;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.ORB;
+import org.omg.CSI.EstablishContext;
import org.omg.IOP.Codec;
import org.omg.IOP.TaggedComponent;
+import org.apache.geronimo.security.deploy.DefaultPrincipal;
+
/**
* @version $Rev: $ $Date$
@@ -60,6 +67,7 @@
public class TSSConfig implements Serializable {
private boolean inherit;
+ private DefaultPrincipal defaultPrincipal;
private TSSTransportMechConfig transport_mech;
private final TSSCompoundSecMechListConfig mechListConfig = new
TSSCompoundSecMechListConfig();
@@ -71,6 +79,14 @@
this.inherit = inherit;
}
+ public DefaultPrincipal getDefaultPrincipal() {
+ return defaultPrincipal;
+ }
+
+ public void setDefaultPrincipal(DefaultPrincipal defaultPrincipal) {
+ this.defaultPrincipal = defaultPrincipal;
+ }
+
public TSSTransportMechConfig getTransport_mech() {
return transport_mech;
}
@@ -85,5 +101,12 @@
public TaggedComponent generateIOR(ORB orb, Codec codec) throws
Exception {
return mechListConfig.encodeIOR(orb, codec);
+ }
+
+ public Subject check(SSLSession session, EstablishContext msg) throws
NO_PERMISSION {
+
+ Subject result = transport_mech.check(session);
+
+ return result;
}
}
1.2 +9 -1
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSNULLTransportConfig.java
Index: TSSNULLTransportConfig.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSNULLTransportConfig.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- TSSNULLTransportConfig.java 8 Mar 2005 04:08:34 -0000 1.1
+++ TSSNULLTransportConfig.java 12 Mar 2005 17:04:54 -0000 1.2
@@ -47,6 +47,10 @@
*/
package org.openejb.corba.security.config.tss;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.ORB;
import org.omg.CSIIOP.TAG_NULL_TAG;
import org.omg.IOP.Codec;
@@ -75,5 +79,9 @@
result.component_data = new byte[0];
return result;
+ }
+
+ public Subject check(SSLSession session) throws NO_PERMISSION {
+ return new Subject();
}
}
1.2 +8 -1
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSSECIOPTransportConfig.java
Index: TSSSECIOPTransportConfig.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSSECIOPTransportConfig.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- TSSSECIOPTransportConfig.java 8 Mar 2005 04:08:34 -0000 1.1
+++ TSSSECIOPTransportConfig.java 12 Mar 2005 17:04:54 -0000 1.2
@@ -50,8 +50,11 @@
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
import org.omg.CORBA.Any;
+import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.ORB;
import org.omg.CSIIOP.SECIOP_SEC_TRANS;
import org.omg.CSIIOP.SECIOP_SEC_TRANSHelper;
@@ -157,6 +160,10 @@
result.component_data = codec.encode_value(any);
return result;
+ }
+
+ public Subject check(SSLSession session) throws NO_PERMISSION {
+ return new Subject();
}
}
1.2 +27 -1
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSSSLTransportConfig.java
Index: TSSSSLTransportConfig.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSSSLTransportConfig.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- TSSSSLTransportConfig.java 8 Mar 2005 04:08:34 -0000 1.1
+++ TSSSSLTransportConfig.java 12 Mar 2005 17:04:54 -0000 1.2
@@ -47,9 +47,16 @@
*/
package org.openejb.corba.security.config.tss;
+import java.security.Principal;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+import javax.security.cert.X509Certificate;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.omg.CORBA.Any;
+import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.ORB;
import org.omg.CORBA.UserException;
import org.omg.CSIIOP.TAG_NULL_TAG;
@@ -60,6 +67,8 @@
import org.omg.IOP.Codec;
import org.omg.IOP.TaggedComponent;
+import org.apache.geronimo.security.RealmPrincipal;
+
/**
* At the moment, this config class can only handle a single address.
@@ -153,6 +162,23 @@
}
return result;
+ }
+
+ public Subject check(SSLSession session) throws NO_PERMISSION {
+ if (session == null && requires != 0) throw new
NO_PERMISSION("Missing required SSL session");
+
+ try {
+ X509Certificate link = session.getPeerCertificateChain()[0];
+ Subject subject = new Subject();
+ Principal p = link.getSubjectDN();
+
+ subject.getPrincipals().add(p);
+ subject.getPrincipals().add(new
RealmPrincipal(link.getIssuerDN().toString(), p));
+
+ return subject;
+ } catch (SSLPeerUnverifiedException e) {
+ return new Subject();
+ }
}
}
1.2 +7 -1
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSTransportMechConfig.java
Index: TSSTransportMechConfig.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSTransportMechConfig.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- TSSTransportMechConfig.java 8 Mar 2005 04:08:34 -0000 1.1
+++ TSSTransportMechConfig.java 12 Mar 2005 17:04:54 -0000 1.2
@@ -50,7 +50,10 @@
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.ORB;
import org.omg.CSIIOP.TAG_NULL_TAG;
import org.omg.CSIIOP.TAG_SECIOP_SEC_TRANS;
@@ -107,4 +110,7 @@
return result;
}
+
+ public abstract Subject check(SSLSession session) throws NO_PERMISSION;
+
}
