maguro 2005/03/26 21:04:43
Added: modules/core/src/java/org/openejb/corba/sunorb
IORSSLInterceptor.java OpenEJBSocketFactory.java
SSLCipherSuiteDatabase.java
ServiceContextInterceptor.java
SunORBConfigAdapter.java SunORBInitializer.java
Log:
Updated to use the default Sun ORB.
Revision Changes Path
1.1
openejb/modules/core/src/java/org/openejb/corba/sunorb/IORSSLInterceptor.java
Index: IORSSLInterceptor.java
===================================================================
/**
* Redistribution and use of this software and associated documentation
* ("Software"), with or without modification, are permitted provided
* that the following conditions are met:
*
* 1. Redistributions of source code must retain copyright
* statements and notices. Redistributions must also contain a
* copy of this document.
*
* 2. Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and the
* following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. The name "OpenEJB" must not be used to endorse or promote
* products derived from this Software without prior written
* permission of The OpenEJB Group. For written permission,
* please contact [EMAIL PROTECTED]
*
* 4. Products derived from this Software may not be called "OpenEJB"
* nor may "OpenEJB" appear in their names without prior written
* permission of The OpenEJB Group. OpenEJB is a registered
* trademark of The OpenEJB Group.
*
* 5. Due credit should be given to the OpenEJB Project
* (http://openejb.sf.net/).
*
* THIS SOFTWARE IS PROVIDED BY THE OPENEJB GROUP AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE OPENEJB GROUP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Copyright 2001 (C) The OpenEJB Group. All Rights Reserved.
*
* $Id: IORSSLInterceptor.java,v 1.1 2005/03/27 02:04:42 maguro Exp $
*/
package org.openejb.corba.sunorb;
import com.sun.corba.se.interceptor.IORInfoExt;
import com.sun.corba.se.interceptor.UnknownType;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.omg.CORBA.LocalObject;
import org.omg.PortableInterceptor.IORInfo;
import org.omg.PortableInterceptor.IORInterceptor;
/**
* @version $Revision: 1.1 $ $Date: 2005/03/27 02:04:42 $
*/
final class IORSSLInterceptor extends LocalObject implements IORInterceptor {
private final Log log = LogFactory.getLog(IORSSLInterceptor.class);
public void establish_components(IORInfo info) {
try {
IORInfoExt ext = (IORInfoExt) info;
int port = ext.getServerPort(OpenEJBSocketFactory.IIOP_SSL);
//
info.add_ior_component(policy.getConfig().generateIOR(Util.getORB(),
Util.getCodec()), TAG_INTERNET_IOP.value);
} catch (UnknownType unknownType) {
log.error("Unknown type", unknownType);
}
}
public void destroy() {
}
public String name() {
return "org.openejb.corba.ssl.IORSSLInterceptor";
}
}
1.1
openejb/modules/core/src/java/org/openejb/corba/sunorb/OpenEJBSocketFactory.java
Index: OpenEJBSocketFactory.java
===================================================================
/**
* Redistribution and use of this software and associated documentation
* ("Software"), with or without modification, are permitted provided
* that the following conditions are met:
*
* 1. Redistributions of source code must retain copyright
* statements and notices. Redistributions must also contain a
* copy of this document.
*
* 2. Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and the
* following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. The name "OpenEJB" must not be used to endorse or promote
* products derived from this Software without prior written
* permission of The OpenEJB Group. For written permission,
* please contact [EMAIL PROTECTED]
*
* 4. Products derived from this Software may not be called "OpenEJB"
* nor may "OpenEJB" appear in their names without prior written
* permission of The OpenEJB Group. OpenEJB is a registered
* trademark of The OpenEJB Group.
*
* 5. Due credit should be given to the OpenEJB Project
* (http://openejb.sf.net/).
*
* THIS SOFTWARE IS PROVIDED BY THE OPENEJB GROUP AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE OPENEJB GROUP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Copyright 2005 (C) The OpenEJB Group. All Rights Reserved.
*
* $Id: OpenEJBSocketFactory.java,v 1.1 2005/03/27 02:04:42 maguro Exp $
*/
package org.openejb.corba.sunorb;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Properties;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import com.sun.corba.se.connection.EndPointInfo;
import com.sun.corba.se.connection.GetEndPointInfoAgainException;
import com.sun.corba.se.connection.ORBSocketFactory;
import com.sun.corba.se.internal.core.IOR;
import com.sun.corba.se.internal.iiop.EndPointImpl;
import com.sun.corba.se.internal.ior.IIOPAddress;
import com.sun.corba.se.internal.ior.IIOPProfileTemplate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.omg.CORBA.COMM_FAILURE;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.ORB;
import org.omg.IOP.TaggedComponent;
import org.apache.geronimo.interop.CSIIOP.Confidentiality;
import org.apache.geronimo.interop.CSIIOP.EstablishTrustInTarget;
import org.apache.geronimo.interop.CSIIOP.NoProtection;
import org.apache.geronimo.interop.CSIIOP.TAG_CSI_SEC_MECH_LIST;
import org.openejb.corba.MinorCodes;
import org.openejb.corba.security.config.tss.TSSCompoundSecMechListConfig;
import org.openejb.corba.security.config.tss.TSSSSLTransportConfig;
import org.openejb.corba.security.config.tss.TSSTransportMechConfig;
import org.openejb.corba.util.Util;
/**
* @version $Revision: 1.1 $ $Date: 2005/03/27 02:04:42 $
*/
public class OpenEJBSocketFactory implements ORBSocketFactory {
private final Log log = LogFactory.getLog(OpenEJBSocketFactory.class);
public final static String IIOP_SSL = "IIOP_SSL";
public final static String SOCKET_SUPPORTS =
"org.openejb.corba.ssl.SocketProperties.supports";
public final static String SOCKET_REQUIRES =
"org.openejb.corba.ssl.SocketProperties.requires";
private final SSLSocketFactory socketFactory;
private final SSLServerSocketFactory serverSocketFactory;
private final String[] cipherSuites;
private final boolean clientAuthSupported;
private final boolean clientAuthRequired;
private final static ThreadLocal properties = new ThreadLocal() {
protected Object initialValue() {
return new Properties();
}
};
public OpenEJBSocketFactory() {
if (log.isDebugEnabled()) log.debug("<init>");
socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
serverSocketFactory = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
String[] props = getProperty(SOCKET_SUPPORTS, "").split(",");
int supports = 0;
boolean caSupported = false;
for (int i = 0; i < props.length; i++) {
if ("EstablishTrustInTarget".equals(props[i])) {
supports |= EstablishTrustInTarget.value;
caSupported = true;
} else if ("EstablishTrustInClient".equals(props[i])) {
supports |= EstablishTrustInTarget.value;
caSupported = true;
} else if ("Confidentiality".equals(props[i])) {
supports |= Confidentiality.value;
} else if ("Integrity".equals(props[i])) {
} else if ("NoProtection".equals(props[i])) {
supports |= NoProtection.value;
} else {
log.error("Unsupported socket property: " + props[i]);
}
}
props = getProperty(SOCKET_REQUIRES, "").split(",");
int requires = 0;
boolean caRequired = false;
for (int i = 0; i < props.length; i++) {
if ("EstablishTrustInTarget".equals(props[i])) {
requires |= EstablishTrustInTarget.value;
caRequired = true;
} else if ("EstablishTrustInClient".equals(props[i])) {
requires |= EstablishTrustInTarget.value;
caRequired = true;
} else if ("Confidentiality".equals(props[i])) {
requires |= Confidentiality.value;
} else if ("Integrity".equals(props[i])) {
} else if ("NoProtection".equals(props[i])) {
requires |= NoProtection.value;
} else {
log.error("Unsupported socket property: " + props[i]);
}
}
if (requires == 0) requires = NoProtection.value;
clientAuthSupported = caSupported;
clientAuthRequired = caRequired;
cipherSuites = SSLCipherSuiteDatabase.getCipherSuites(requires,
supports, socketFactory.getSupportedCipherSuites());
}
public ServerSocket createServerSocket(String type, int port) throws
IOException {
if (type.equals(ORBSocketFactory.IIOP_CLEAR_TEXT)) {
if (log.isDebugEnabled()) log.debug("Created plain server socket
on port " + port);
return new ServerSocket(port);
} else if (type.equals(IIOP_SSL)) {
SSLServerSocket serverSocket = (SSLServerSocket)
serverSocketFactory.createServerSocket(port);
serverSocket.setEnabledCipherSuites(cipherSuites);
serverSocket.setWantClientAuth(clientAuthSupported);
serverSocket.setNeedClientAuth(clientAuthRequired);
serverSocket.setSoTimeout(10 * 1000);
if (log.isDebugEnabled()) {
log.debug("Created SSL server socket on port " + port);
log.debug(" client authentication " + (clientAuthSupported
? "SUPPORTED" : "UNSUPPORTED"));
log.debug(" client authentication " + (clientAuthRequired
? "REQUIRED" : "OPTIONAL"));
log.debug(" cipher suites:");
for (int i = 0; i < cipherSuites.length; i++) {
log.debug(" " + cipherSuites[i]);
}
}
return serverSocket;
}
throw new COMM_FAILURE("SocketFactory cannot handle: " + type,
MinorCodes.UNSUPPORTED_ENDPOINT_TYPE, CompletionStatus.COMPLETED_NO);
}
public Socket createSocket(EndPointInfo endPointInfo) throws IOException,
GetEndPointInfoAgainException {
String type = endPointInfo.getType();
if (type.equals(ORBSocketFactory.IIOP_CLEAR_TEXT)) {
if (log.isDebugEnabled()) log.debug("Created plain socket to " +
endPointInfo.getHost() + ":" + endPointInfo.getPort());
return new Socket(endPointInfo.getHost(), endPointInfo.getPort());
} else if (type.equals(IIOP_SSL)) {
SSLSocket socket = (SSLSocket)
socketFactory.createSocket(endPointInfo.getHost(), endPointInfo.getPort());
socket.setEnabledCipherSuites(cipherSuites);
socket.setWantClientAuth(clientAuthSupported);
socket.setNeedClientAuth(clientAuthRequired);
socket.setSoTimeout(10 * 1000);
// socket.setSoLinger(true, 10*1000);
if (log.isDebugEnabled()) {
log.debug("Created SSL socket to " + endPointInfo.getHost() +
":" + endPointInfo.getPort());
log.debug(" client authentication " + (clientAuthSupported
? "SUPPORTED" : "UNSUPPORTED"));
log.debug(" client authentication " + (clientAuthRequired
? "REQUIRED" : "OPTIONAL"));
log.debug(" cipher suites:");
for (int i = 0; i < cipherSuites.length; i++) {
log.debug(" " + cipherSuites[i]);
}
}
return socket;
}
throw new COMM_FAILURE("SocketFactory cannot handle: " + type,
MinorCodes.UNSUPPORTED_ENDPOINT_TYPE, CompletionStatus.COMPLETED_NO);
}
public EndPointInfo getEndPointInfo(ORB orb, IOR ior, EndPointInfo
endPointInfo) {
IIOPProfileTemplate temp = ior.getProfile().getTemplate();
IIOPAddress primary = temp.getPrimaryAddress();
TaggedComponent[] iopComponents =
ior.getProfile().getIOPComponents(orb, TAG_CSI_SEC_MECH_LIST.value);
for (int i = 0; i < iopComponents.length; i++) {
try {
TSSCompoundSecMechListConfig config =
TSSCompoundSecMechListConfig.decodeIOR(Util.getCodec(), iopComponents[i]);
for (int j = 0; j < config.size(); j++) {
TSSTransportMechConfig transport_mech =
config.mechAt(j).getTransport_mech();
if (transport_mech instanceof TSSSSLTransportConfig) {
TSSSSLTransportConfig sslConig =
(TSSSSLTransportConfig) transport_mech;
return new EndPointImpl(IIOP_SSL,
sslConig.getPort(),
sslConig.getHostname().toLowerCase());
}
}
} catch (Exception e) {
// do nothing
}
}
return new EndPointImpl(ORBSocketFactory.IIOP_CLEAR_TEXT,
primary.getPort(),
primary.getHost().toLowerCase());
}
private String getProperty(final String key, final String def) {
return (String) AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
return System.getProperty(key, def);
}
});
}
}
1.1
openejb/modules/core/src/java/org/openejb/corba/sunorb/SSLCipherSuiteDatabase.java
Index: SSLCipherSuiteDatabase.java
===================================================================
/**
* Redistribution and use of this software and associated documentation
* ("Software"), with or without modification, are permitted provided
* that the following conditions are met:
*
* 1. Redistributions of source code must retain copyright
* statements and notices. Redistributions must also contain a
* copy of this document.
*
* 2. Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and the
* following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. The name "OpenEJB" must not be used to endorse or promote
* products derived from this Software without prior written
* permission of The OpenEJB Group. For written permission,
* please contact [EMAIL PROTECTED]
*
* 4. Products derived from this Software may not be called "OpenEJB"
* nor may "OpenEJB" appear in their names without prior written
* permission of The OpenEJB Group. OpenEJB is a registered
* trademark of The OpenEJB Group.
*
* 5. Due credit should be given to the OpenEJB Project
* (http://openejb.sf.net/).
*
* THIS SOFTWARE IS PROVIDED BY THE OPENEJB GROUP AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE OPENEJB GROUP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Copyright 2005 (C) The OpenEJB Group. All Rights Reserved.
*
* $Id: SSLCipherSuiteDatabase.java,v 1.1 2005/03/27 02:04:42 maguro Exp $
*/
/*
* Copyright (C) The Community OpenORB Project. All rights reserved.
*
* This software is published under the terms of The OpenORB Community Software
* License version 1.0, a copy of which has been included with this
distribution
* in the LICENSE.txt file.
*/
package org.openejb.corba.sunorb;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.apache.geronimo.interop.CSIIOP.Confidentiality;
import org.apache.geronimo.interop.CSIIOP.EstablishTrustInTarget;
import org.apache.geronimo.interop.CSIIOP.NoProtection;
/**
* @version $Revision: 1.1 $ $Date: 2005/03/27 02:04:42 $
*/
public final class SSLCipherSuiteDatabase {
/**
* A map for stroing all the cipher suites.
*/
private static final Map SUITES = new HashMap();
static {
// No protection
Integer noProt = new Integer(NoProtection.value);
SUITES.put("SSL_NULL_WITH_NULL_NULL", noProt);
SUITES.put("TLS_NULL_WITH_NULL_NULL", noProt);
// No authentication
Integer noAuth = new Integer(Confidentiality.value);
SUITES.put("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth);
SUITES.put("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth);
SUITES.put("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth);
SUITES.put("SSL_DH_anon_WITH_RC4_128_MD5", noAuth);
SUITES.put("SSL_DH_anon_WITH_DES_CBC_SHA", noAuth);
SUITES.put("TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth);
SUITES.put("TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth);
SUITES.put("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth);
SUITES.put("TLS_DH_anon_WITH_RC4_128_MD5", noAuth);
SUITES.put("TLS_DH_anon_WITH_DES_CBC_SHA", noAuth);
// No encryption
Integer noEnc = new Integer(EstablishTrustInTarget.value);
SUITES.put("SSL_RSA_WITH_NULL_MD5", noEnc);
SUITES.put("SSL_RSA_WITH_NULL_SHA", noEnc);
SUITES.put("TLS_RSA_WITH_NULL_MD5", noEnc);
SUITES.put("TLS_RSA_WITH_NULL_SHA", noEnc);
// Auth and encrypt
Integer authEnc = new Integer(EstablishTrustInTarget.value |
Confidentiality.value);
SUITES.put("SSL_DHE_DSS_WITH_DES_CBC_SHA", authEnc);
SUITES.put("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
SUITES.put("SSL_RSA_WITH_RC4_128_MD5", authEnc);
SUITES.put("SSL_RSA_WITH_RC4_128_SHA", authEnc);
SUITES.put("SSL_RSA_WITH_DES_CBC_SHA", authEnc);
SUITES.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("SSL_RSA_WITH_IDEA_CBC_SHA", authEnc);
SUITES.put("SSL_RSA_EXPORT_WITH_RC4_40_MD5", authEnc);
SUITES.put("TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
SUITES.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("TLS_DHE_DSS_WITH_DES_CBC_SHA", authEnc);
SUITES.put("TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
SUITES.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("TLS_DHE_RSA_WITH_DES_CBC_SHA", authEnc);
SUITES.put("TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
SUITES.put("TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("TLS_DH_DSS_WITH_DES_CBC_SHA", authEnc);
SUITES.put("TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
SUITES.put("TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("TLS_DH_RSA_WITH_DES_CBC_SHA", authEnc);
SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", authEnc);
SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", authEnc);
SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", authEnc);
SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", authEnc);
SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", authEnc);
SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", authEnc);
SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", authEnc);
SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("TLS_KRB5_WITH_DES_CBC_MD5", authEnc);
SUITES.put("TLS_KRB5_WITH_DES_CBC_SHA", authEnc);
SUITES.put("TLS_KRB5_WITH_IDEA_CBC_MD5", authEnc);
SUITES.put("TLS_KRB5_WITH_IDEA_CBC_SHA", authEnc);
SUITES.put("TLS_KRB5_WITH_RC4_128_MD5", authEnc);
SUITES.put("TLS_KRB5_WITH_RC4_128_SHA", authEnc);
SUITES.put("TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
SUITES.put("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", authEnc);
SUITES.put("TLS_RSA_EXPORT_WITH_RC4_40_MD5", authEnc);
SUITES.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("TLS_RSA_WITH_DES_CBC_SHA", authEnc);
SUITES.put("TLS_RSA_WITH_IDEA_CBC_SHA", authEnc);
SUITES.put("TLS_RSA_WITH_RC4_128_MD5", authEnc);
SUITES.put("TLS_RSA_WITH_RC4_128_SHA", authEnc);
// RSA supported cipher suite names differ from Sun's
SUITES.put("RSA_Export_With_RC2_40_CBC_MD5", authEnc);
SUITES.put("RSA_With_DES_CBC_SHA", authEnc);
SUITES.put("RSA_Export_With_RC4_40_MD5", authEnc);
SUITES.put("RSA_With_RC4_SHA", authEnc);
SUITES.put("RSA_With_3DES_EDE_CBC_SHA", authEnc);
SUITES.put("RSA_Export_With_DES_40_CBC_SHA", authEnc);
SUITES.put("RSA_With_RC4_MD5", authEnc);
}
/**
* Do not allow instances of this class.
*/
private SSLCipherSuiteDatabase() {
}
/**
* Return an array of cipher suites that match the assocRequires and
* assocSupports options.
*
* @param assocRequires The required associations.
* @param assocSupports The supported associations.
* @param supportedCipherSuites The overall supported cipher suites.
* @return The cipher suites that matches the two options.
*/
public static String[] getCipherSuites(int assocRequires, int
assocSupports, String[] supportedCipherSuites) {
assocRequires = assocRequires & (EstablishTrustInTarget.value |
Confidentiality.value | NoProtection.value);
assocSupports = assocSupports & (EstablishTrustInTarget.value |
Confidentiality.value | NoProtection.value);
ArrayList col = new ArrayList();
for (int i = 0; i < supportedCipherSuites.length; ++i) {
Integer val = (Integer) SUITES.get(supportedCipherSuites[i]);
if (val != null && ((assocRequires & ~val.intValue()) == 0 &&
(val.intValue() & ~assocSupports) == 0)) {
col.add(supportedCipherSuites[i]);
}
}
String[] ret = new String[col.size()];
col.toArray(ret);
return ret;
}
/**
* Return the options values for a cipher suite.
*
* @param cypherSuite The cipher suite to get the options value for.
* @return The int value for the cipher suite.
*/
public static int getAssociaionOptions(String cypherSuite) {
return ((Integer) SUITES.get(cypherSuite)).intValue();
}
}
1.1
openejb/modules/core/src/java/org/openejb/corba/sunorb/ServiceContextInterceptor.java
Index: ServiceContextInterceptor.java
===================================================================
/**
* Redistribution and use of this software and associated documentation
* ("Software"), with or without modification, are permitted provided
* that the following conditions are met:
*
* 1. Redistributions of source code must retain copyright
* statements and notices. Redistributions must also contain a
* copy of this document.
*
* 2. Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and the
* following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. The name "OpenEJB" must not be used to endorse or promote
* products derived from this Software without prior written
* permission of The OpenEJB Group. For written permission,
* please contact [EMAIL PROTECTED]
*
* 4. Products derived from this Software may not be called "OpenEJB"
* nor may "OpenEJB" appear in their names without prior written
* permission of The OpenEJB Group. OpenEJB is a registered
* trademark of The OpenEJB Group.
*
* 5. Due credit should be given to the OpenEJB Project
* (http://openejb.sf.net/).
*
* THIS SOFTWARE IS PROVIDED BY THE OPENEJB GROUP AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE OPENEJB GROUP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Copyright 2001 (C) The OpenEJB Group. All Rights Reserved.
*
* $Id: ServiceContextInterceptor.java,v 1.1 2005/03/27 02:04:42 maguro Exp $
*/
package org.openejb.corba.sunorb;
import java.net.Socket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import com.sun.corba.se.interceptor.RequestInfoExt;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.omg.CORBA.LocalObject;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;
import org.openejb.corba.security.SSLSessionManager;
/**
* @version $Revision: 1.1 $ $Date: 2005/03/27 02:04:42 $
*/
final class ServiceContextInterceptor extends LocalObject implements
ServerRequestInterceptor {
private final Log log =
LogFactory.getLog(ServiceContextInterceptor.class);
public ServiceContextInterceptor() {
if (log.isDebugEnabled()) log.debug("<init>");
}
public void receive_request(ServerRequestInfo ri) {
}
public void receive_request_service_contexts(ServerRequestInfo ri) {
if (log.isDebugEnabled()) log.debug("Looking for SSL Session");
RequestInfoExt riExt = (RequestInfoExt) ri;
Socket socket = riExt.connection().getSocket();
if (socket instanceof SSLSocket) {
if (log.isDebugEnabled()) log.debug("Found SSL Session");
SSLSocket sslSocket = (SSLSocket) socket;
SSLSessionManager.setSSLSession(ri.request_id(),
sslSocket.getSession());
}
}
public void send_exception(ServerRequestInfo ri) {
SSLSession old = SSLSessionManager.clearSSLSession(ri.request_id());
if (log.isDebugEnabled() && old != null) log.debug("Removing SSL
Session for send_exception");
}
public void send_other(ServerRequestInfo ri) {
SSLSession old = SSLSessionManager.clearSSLSession(ri.request_id());
if (log.isDebugEnabled() && old != null) log.debug("Removing SSL
Session for send_reply");
}
public void send_reply(ServerRequestInfo ri) {
SSLSession old = SSLSessionManager.clearSSLSession(ri.request_id());
if (log.isDebugEnabled() && old != null) log.debug("Removing SSL
Session for send_reply");
}
public void destroy() {
if (log.isDebugEnabled()) log.debug("Destroy");
}
public String name() {
return "org.openejb.corba.sunorb.ServiceContextInterceptor";
}
}
1.1
openejb/modules/core/src/java/org/openejb/corba/sunorb/SunORBConfigAdapter.java
Index: SunORBConfigAdapter.java
===================================================================
/**
* Redistribution and use of this software and associated documentation
* ("Software"), with or without modification, are permitted provided
* that the following conditions are met:
*
* 1. Redistributions of source code must retain copyright
* statements and notices. Redistributions must also contain a
* copy of this document.
*
* 2. Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and the
* following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. The name "OpenEJB" must not be used to endorse or promote
* products derived from this Software without prior written
* permission of The OpenEJB Group. For written permission,
* please contact [EMAIL PROTECTED]
*
* 4. Products derived from this Software may not be called "OpenEJB"
* nor may "OpenEJB" appear in their names without prior written
* permission of The OpenEJB Group. OpenEJB is a registered
* trademark of The OpenEJB Group.
*
* 5. Due credit should be given to the OpenEJB Project
* (http://openejb.sf.net/).
*
* THIS SOFTWARE IS PROVIDED BY THE OPENEJB GROUP AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE OPENEJB GROUP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Copyright 2005 (C) The OpenEJB Group. All Rights Reserved.
*
* $Id: SunORBConfigAdapter.java,v 1.1 2005/03/27 02:04:42 maguro Exp $
*/
package org.openejb.corba.sunorb;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import org.omg.Security.Confidentiality;
import org.omg.Security.EstablishTrustInTarget;
import org.omg.Security.NoProtection;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.interop.CSIIOP.EstablishTrustInClient;
import org.openejb.corba.security.config.ConfigAdapter;
import org.openejb.corba.security.config.ConfigException;
import org.openejb.corba.security.config.css.CSSCompoundSecMechConfig;
import org.openejb.corba.security.config.css.CSSCompoundSecMechListConfig;
import org.openejb.corba.security.config.css.CSSConfig;
import org.openejb.corba.security.config.tss.TSSConfig;
import org.openejb.corba.security.config.tss.TSSSSLTransportConfig;
import org.openejb.corba.security.config.tss.TSSTransportMechConfig;
/**
* @version $Revision: 1.1 $ $Date: 2005/03/27 02:04:42 $
*/
public class SunORBConfigAdapter implements ConfigAdapter {
public String[] translateToArgs(TSSConfig config, List args) throws
ConfigException {
ArrayList list = new ArrayList();
list.addAll(args);
DefaultPrincipal principal = config.getDefaultPrincipal();
if (principal != null) {
list.add("default-principal::" + principal.getRealmName() + ":" +
principal.getPrincipal().getClassName() + ":" +
principal.getPrincipal().getPrincipalName());
}
return (String[]) list.toArray(new String[list.size()]);
}
public Properties translateToProps(TSSConfig config) throws
ConfigException {
Properties props = new Properties();
String supProp = "";
String reqProp = "";
if (config != null) {
TSSTransportMechConfig transportMech = config.getTransport_mech();
if (transportMech != null) {
if (transportMech instanceof TSSSSLTransportConfig) {
TSSSSLTransportConfig sslConfig = (TSSSSLTransportConfig)
transportMech;
short supports = sslConfig.getSupports();
short requires = sslConfig.getRequires();
supProp = "Integrity";
reqProp = "Integrity";
props.put("com.sun.CORBA.connection.ORBListenSocket",
"IIOP_SSL:" + Short.toString(sslConfig.getPort()));
if ((supports & NoProtection.value) != 0) {
supProp += ",NoProtection";
}
if ((supports & Confidentiality.value) != 0) {
supProp += ",Confidentiality";
if ((requires & Confidentiality.value) != 0) {
reqProp += ",Confidentiality";
}
}
if ((supports & EstablishTrustInClient.value) != 0) {
supProp += ",EstablishTrustInClient";
if ((requires & EstablishTrustInClient.value) != 0) {
reqProp += ",EstablishTrustInClient";
}
}
}
}
} else {
supProp = "NoProtection";
reqProp = "NoProtection";
}
System.setProperty("org.openejb.corba.ssl.SocketProperties.supports",
supProp);
System.setProperty("org.openejb.corba.ssl.SocketProperties.requires",
reqProp);
props.put("com.sun.CORBA.connection.ORBSocketFactoryClass",
"org.openejb.corba.sunorb.OpenEJBSocketFactory");
props.put("org.omg.PortableInterceptor.ORBInitializerClass.org.openejb.corba.transaction.TransactionInitializer",
"");
props.put("org.omg.PortableInterceptor.ORBInitializerClass.org.openejb.corba.security.SecurityInitializer",
"");
props.put("org.omg.PortableInterceptor.ORBInitializerClass.org.openejb.corba.sunorb.SunORBInitializer",
"");
return props;
}
public String[] translateToArgs(CSSConfig config, List args) throws
ConfigException {
return (String[]) args.toArray(new String[args.size()]);
}
public Properties translateToProps(CSSConfig config) throws
ConfigException {
Properties props = new Properties();
String supProp = "";
String reqProp = "";
if (config != null) {
short supports = 0;
short requires = 0;
CSSCompoundSecMechListConfig mechList = config.getMechList();
for (int i = 0; i < mechList.size(); i++) {
CSSCompoundSecMechConfig mech = mechList.mechAt(i);
supports |= mech.getTransport_mech().getSupports();
requires |= mech.getTransport_mech().getRequires();
}
supProp = "Integrity";
reqProp = "Integrity";
if ((supports & NoProtection.value) != 0) {
supProp += ",NoProtection";
}
if ((supports & Confidentiality.value) != 0) {
supProp += ",Confidentiality";
if ((requires & Confidentiality.value) != 0) {
reqProp += ",Confidentiality";
}
}
if ((supports & EstablishTrustInTarget.value) != 0) {
supProp += ",EstablishTrustInTarget";
if ((requires & EstablishTrustInTarget.value) != 0) {
reqProp += ",EstablishTrustInTarget";
}
}
} else {
supProp = "NoProtection";
reqProp = "NoProtection";
}
System.setProperty("org.openejb.corba.ssl.SocketProperties.supports",
supProp);
System.setProperty("org.openejb.corba.ssl.SocketProperties.requires",
reqProp);
props.put("com.sun.CORBA.connection.ORBSocketFactoryClass",
"org.openejb.corba.sunorb.OpenEJBSocketFactory");
props.put("org.omg.PortableInterceptor.ORBInitializerClass.org.openejb.corba.transaction.TransactionInitializer",
"");
props.put("org.omg.PortableInterceptor.ORBInitializerClass.org.openejb.corba.security.SecurityInitializer",
"");
props.put("org.omg.PortableInterceptor.ORBInitializerClass.org.openejb.corba.sunorb.SunORBInitializer",
"");
return props;
}
}
1.1
openejb/modules/core/src/java/org/openejb/corba/sunorb/SunORBInitializer.java
Index: SunORBInitializer.java
===================================================================
/**
* Redistribution and use of this software and associated documentation
* ("Software"), with or without modification, are permitted provided
* that the following conditions are met:
*
* 1. Redistributions of source code must retain copyright
* statements and notices. Redistributions must also contain a
* copy of this document.
*
* 2. Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and the
* following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. The name "OpenEJB" must not be used to endorse or promote
* products derived from this Software without prior written
* permission of The OpenEJB Group. For written permission,
* please contact [EMAIL PROTECTED]
*
* 4. Products derived from this Software may not be called "OpenEJB"
* nor may "OpenEJB" appear in their names without prior written
* permission of The OpenEJB Group. OpenEJB is a registered
* trademark of The OpenEJB Group.
*
* 5. Due credit should be given to the OpenEJB Project
* (http://openejb.sf.net/).
*
* THIS SOFTWARE IS PROVIDED BY THE OPENEJB GROUP AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE OPENEJB GROUP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Copyright 2001 (C) The OpenEJB Group. All Rights Reserved.
*
* $Id: SunORBInitializer.java,v 1.1 2005/03/27 02:04:42 maguro Exp $
*/
package org.openejb.corba.sunorb;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.omg.CORBA.LocalObject;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.PortableInterceptor.ORBInitInfoPackage.DuplicateName;
import org.omg.PortableInterceptor.ORBInitializer;
/**
* @version $Revision: 1.1 $ $Date: 2005/03/27 02:04:42 $
*/
public class SunORBInitializer extends LocalObject implements ORBInitializer {
private final Log log = LogFactory.getLog(SunORBInitializer.class);
public SunORBInitializer() {
if (log.isDebugEnabled()) log.debug("SSLInitializer.<init>");
}
/**
* Called during ORB initialization. If it is expected that initial
* services registered by an interceptor will be used by other
* interceptors, then those initial services shall be registered at
* this point via calls to
* <code>ORBInitInfo.register_initial_reference</code>.
*
* @param info provides initialization attributes and operations by
* which Interceptors can be registered.
*/
public void pre_init(ORBInitInfo info) {
}
/**
* Called during ORB initialization. If a service must resolve initial
* references as part of its initialization, it can assume that all
* initial references will be available at this point.
* <p/>
* Calling the <code>post_init</code> operations is not the final
* task of ORB initialization. The final task, following the
* <code>post_init</code> calls, is attaching the lists of registered
* interceptors to the ORB. Therefore, the ORB does not contain the
* interceptors during calls to <code>post_init</code>. If an
* ORB-mediated call is made from within <code>post_init</code>, no
* request interceptors will be invoked on that call.
* Likewise, if an operation is performed which causes an IOR to be
* created, no IOR interceptors will be invoked.
*
* @param info provides initialization attributes and
* operations by which Interceptors can be registered.
*/
public void post_init(ORBInitInfo info) {
try {
if (log.isDebugEnabled()) log.debug("Registering IOR
interceptor");
try {
info.add_ior_interceptor(new IORSSLInterceptor());
info.add_server_request_interceptor(new
ServiceContextInterceptor());
} catch (DuplicateName dn) {
log.error("Error registering interceptor", dn);
}
} catch (RuntimeException re) {
log.error("Error registering interceptor", re);
throw re;
}
}
}
