geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject svn commit: r505432 [5/11] - in /geronimo/server/trunk: applications/magicGball/magicGball-ear/src/main/plan/ configs/client-corba-yoko/src/plan/ configs/j2ee-corba-yoko/src/plan/ configs/openejb-corba-deployer/src/plan/ modules/ modules/geronimo-corba...
Date Fri, 09 Feb 2007 19:24:39 GMT
Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigAdapter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigAdapter.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigAdapter.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigAdapter.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config;
+
+import org.omg.CORBA.ORB;
+
+import org.apache.geronimo.corba.CORBABean;
+import org.apache.geronimo.corba.CSSBean;
+
+
+/**
+ * Translates TSS and CSS configurations into CORBA startup args and properties.
+ *
+ * @version $Revision: 477622 $ $Date: 2006-11-21 03:03:24 -0800 (Tue, 21 Nov 2006) $
+ */
+public interface ConfigAdapter {
+
+    /**
+     * Create an ORB for a CORBABean server context.
+     *
+     * @param server The CORBABean that owns this ORB's configuration.
+     *
+     * @return An ORB instance configured for the CORBABean.
+     * @exception ConfigException
+     */
+    public ORB createServerORB(CORBABean server)  throws ConfigException;
+    /**
+     * Create an ORB for a CSSBean nameservice client context.
+     *
+     * @param client The configured CSSBean used for access.
+     *
+     * @return An ORB instance configured for this client access.
+     * @exception ConfigException
+     */
+
+    public ORB createNameServiceClientORB(CSSBean client)  throws ConfigException;
+    /**
+     * Create an ORB for a CSSBean client context.
+     *
+     * @param client The configured CSSBean used for access.
+     *
+     * @return An ORB instance configured for this client access.
+     * @exception ConfigException
+     */
+    public ORB createClientORB(CSSBean client)  throws ConfigException;
+
+    /**
+     * Create a transient name service instance using the
+     * specified host name and port.
+     *
+     * @param host   The String host name.
+     * @param port   The port number of the listener.
+     *
+     * @return An opaque object that represents the name service.
+     * @exception ConfigException
+     */
+    public Object createNameService(String host, int port) throws ConfigException;
+    /**
+     * Destroy a name service instance created by a
+     * prior call to createNameService().
+     *
+     * @param ns     The opaque name service object returned from a
+     *               prior call to createNameService().
+     */
+    public void destroyNameService(Object ns);
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigAdapterGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigAdapterGBean.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigAdapterGBean.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigAdapterGBean.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,48 @@
+/**
+  * Licensed to the Apache Software Foundation (ASF) under one or more
+  * contributor license agreements.  See the NOTICE file distributed with
+  * this work for additional information regarding copyright ownership.
+  * The ASF licenses this file to You under the Apache License, Version 2.0
+  * (the "License"); you may not use this file except in compliance with
+  * the License.  You may obtain a copy of the License at
+  *
+  *     http://www.apache.org/licenses/LICENSE-2.0
+  *
+  * Unless required by applicable law or agreed to in writing, software
+  * distributed under the License is distributed on an "AS IS" BASIS,
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
+  */
+package org.apache.geronimo.corba.security.config;
+
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+
+/**
+ * A generic GBean that provides for the configuration of an ORB config adaptor.
+ * @version $Rev: 452600 $ $Date: 2006-10-03 12:29:42 -0700 (Tue, 03 Oct 2006) $
+ */
+public class ConfigAdapterGBean {
+
+    /**
+     * Construct an instance of ConfigAdaptorGBean
+     */
+    public ConfigAdapterGBean() {
+    }
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(ConfigAdapterGBean.class, ConfigAdapterGBean.class);
+        infoFactory.setConstructor(new String[]{});
+        infoFactory.addInterface(org.apache.geronimo.corba.security.config.ConfigAdapter.class);
+
+        GBEAN_INFO = infoFactory.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}
+

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigException.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigException.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigException.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigException.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config;
+
+
+/**
+ * @version $Revision: 451417 $ $Date: 2006-09-29 13:13:22 -0700 (Fri, 29 Sep 2006) $
+ */
+public class ConfigException extends Exception {
+    public ConfigException() {
+        super();
+    }
+
+    public ConfigException(String message) {
+        super(message);
+    }
+
+    public ConfigException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public ConfigException(Throwable cause) {
+        super(cause);
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigUtil.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigUtil.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigUtil.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ConfigUtil.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config;
+
+import org.omg.CSIIOP.CompositeDelegation;
+import org.omg.CSIIOP.Confidentiality;
+import org.omg.CSIIOP.DelegationByClient;
+import org.omg.CSIIOP.DetectMisordering;
+import org.omg.CSIIOP.DetectReplay;
+import org.omg.CSIIOP.EstablishTrustInClient;
+import org.omg.CSIIOP.EstablishTrustInTarget;
+import org.omg.CSIIOP.IdentityAssertion;
+import org.omg.CSIIOP.Integrity;
+import org.omg.CSIIOP.NoDelegation;
+import org.omg.CSIIOP.NoProtection;
+import org.omg.CSIIOP.SimpleDelegation;
+
+
+/**
+ * @version $Revision: 451417 $ $Date: 2006-09-29 13:13:22 -0700 (Fri, 29 Sep 2006) $
+ */
+public final class ConfigUtil {
+
+    public static String flags(int flag) {
+        String result = "";
+
+        if ((NoProtection.value & flag) != 0) {
+            result += "NoProtection ";
+        }
+        if ((Integrity.value & flag) != 0) {
+            result += "Integrity ";
+        }
+        if ((Confidentiality.value & flag) != 0) {
+            result += "Confidentiality ";
+        }
+        if ((DetectReplay.value & flag) != 0) {
+            result += "DetectReplay ";
+        }
+        if ((DetectMisordering.value & flag) != 0) {
+            result += "DetectMisordering ";
+        }
+        if ((EstablishTrustInTarget.value & flag) != 0) {
+            result += "EstablishTrustInTarget ";
+        }
+        if ((EstablishTrustInClient.value & flag) != 0) {
+            result += "EstablishTrustInClient ";
+        }
+        if ((NoDelegation.value & flag) != 0) {
+            result += "NoDelegation ";
+        }
+        if ((SimpleDelegation.value & flag) != 0) {
+            result += "SimpleDelegation ";
+        }
+        if ((CompositeDelegation.value & flag) != 0) {
+            result += "CompositeDelegation ";
+        }
+        if ((IdentityAssertion.value & flag) != 0) {
+            result += "IdentityAssertion ";
+        }
+        if ((DelegationByClient.value & flag) != 0) {
+            result += "DelegationByClient ";
+        }
+
+        return result;
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSASMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSASMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSASMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSASMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.io.Serializable;
+
+import org.apache.geronimo.corba.security.config.tss.TSSASMechConfig;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public interface CSSASMechConfig extends Serializable {
+
+    short getSupports();
+
+    short getRequires();
+
+    boolean canHandle(TSSASMechConfig asMech);
+
+    /**
+     * Encode the client authentication token
+     * @return the encoded client authentication token
+     */
+    byte[] encode();
+
+    void toString(String spaces, StringBuffer buf);
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSCompoundSecMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSCompoundSecMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSCompoundSecMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSCompoundSecMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,140 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.io.Serializable;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.omg.CORBA.Any;
+import org.omg.CORBA.UserException;
+import org.omg.CSI.EstablishContext;
+import org.omg.CSI.SASContextBody;
+import org.omg.CSI.SASContextBodyHelper;
+import org.omg.IOP.SecurityAttributeService;
+import org.omg.IOP.ServiceContext;
+
+import org.apache.geronimo.corba.security.config.ConfigUtil;
+import org.apache.geronimo.corba.security.config.tss.TSSCompoundSecMechConfig;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class CSSCompoundSecMechConfig implements Serializable {
+
+    private final static Log log = LogFactory.getLog(CSSCompoundSecMechConfig.class);
+
+    private short supports;
+    private short requires;
+    private CSSTransportMechConfig transport_mech;
+    private CSSASMechConfig as_mech;
+    private CSSSASMechConfig sas_mech;
+
+    public CSSTransportMechConfig getTransport_mech() {
+        return transport_mech;
+    }
+
+    public void setTransport_mech(CSSTransportMechConfig transport_mech) {
+        this.transport_mech = transport_mech;
+        this.supports |= transport_mech.getSupports();
+        this.requires |= transport_mech.getRequires();
+    }
+
+    public CSSASMechConfig getAs_mech() {
+        return as_mech;
+    }
+
+    public void setAs_mech(CSSASMechConfig as_mech) {
+        this.as_mech = as_mech;
+        this.supports |= as_mech.getSupports();
+        this.requires |= as_mech.getRequires();
+    }
+
+    public CSSSASMechConfig getSas_mech() {
+        return sas_mech;
+    }
+
+    public void setSas_mech(CSSSASMechConfig sas_mech) {
+        this.sas_mech = sas_mech;
+        this.supports |= sas_mech.getSupports();
+        this.requires |= sas_mech.getRequires();
+    }
+
+    public boolean canHandle(TSSCompoundSecMechConfig requirement) {
+
+        if (log.isDebugEnabled()) {
+            log.debug("canHandle()");
+            log.debug("    CSS SUPPORTS: " + ConfigUtil.flags(supports));
+            log.debug("    CSS REQUIRES: " + ConfigUtil.flags(requires));
+            log.debug("    TSS SUPPORTS: " + ConfigUtil.flags(requirement.getSupports()));
+            log.debug("    TSS REQUIRES: " + ConfigUtil.flags(requirement.getRequires()));
+        }
+
+        if ((supports & requirement.getRequires()) != requirement.getRequires()) return false;
+        if ((requires & requirement.getSupports()) != requires) return false;
+
+        if (!transport_mech.canHandle(requirement.getTransport_mech())) return false;
+        if (!as_mech.canHandle(requirement.getAs_mech())) return false;
+        if (!sas_mech.canHandle(requirement.getSas_mech())) return false;
+
+        return true;
+    }
+
+    public ServiceContext generateServiceContext() throws UserException {
+
+        if (as_mech instanceof CSSNULLASMechConfig && sas_mech.getIdentityToken() instanceof CSSSASITTAbsent) return null;
+
+        EstablishContext msg = new EstablishContext();
+
+        msg.client_context_id = 0;
+        msg.client_authentication_token = as_mech.encode();
+        msg.authorization_token = sas_mech.encodeAuthorizationElement();
+        msg.identity_token = sas_mech.encodeIdentityToken();
+
+        ServiceContext context = new ServiceContext();
+
+        SASContextBody sas = new SASContextBody();
+        sas.establish_msg(msg);
+        Any sas_any = Util.getORB().create_any();
+        SASContextBodyHelper.insert(sas_any, sas);
+        context.context_data = Util.getCodec().encode_value(sas_any);
+
+        context.context_id = SecurityAttributeService.value;
+
+        return context;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("CSSCompoundSecMechConfig: [\n");
+        buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n");
+        buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n");
+        transport_mech.toString(moreSpaces, buf);
+        as_mech.toString(moreSpaces, buf);
+        sas_mech.toString(moreSpaces, buf);
+        buf.append(spaces).append("]\n");
+    }
+    
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSCompoundSecMechListConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSCompoundSecMechListConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSCompoundSecMechListConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSCompoundSecMechListConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.geronimo.corba.security.config.tss.TSSCompoundSecMechConfig;
+import org.apache.geronimo.corba.security.config.tss.TSSCompoundSecMechListConfig;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class CSSCompoundSecMechListConfig implements Serializable {
+
+    private boolean stateful;
+    private final ArrayList mechs = new ArrayList();
+
+    public boolean isStateful() {
+        return stateful;
+    }
+
+    public void setStateful(boolean stateful) {
+        this.stateful = stateful;
+    }
+
+    public void add(CSSCompoundSecMechConfig mech) {
+        mechs.add(mech);
+    }
+
+    public CSSCompoundSecMechConfig mechAt(int i) {
+        return (CSSCompoundSecMechConfig) mechs.get(i);
+    }
+
+    public int size() {
+        return mechs.size();
+    }
+
+    public List findCompatibleSet(TSSCompoundSecMechListConfig mechList) {
+        List result = new ArrayList();
+
+        for (Iterator availMechs = mechs.iterator(); availMechs.hasNext();) {
+            CSSCompoundSecMechConfig aConfig = (CSSCompoundSecMechConfig) availMechs.next();
+
+            int size = mechList.size();
+            for (int i = 0; i < size; i++) {
+                TSSCompoundSecMechConfig requirement = mechList.mechAt(i);
+
+                if (aConfig.canHandle(requirement)) {
+                    result.add(aConfig);
+                }
+            }
+
+        }
+
+        return result;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("CSSCompoundSecMechListConfig: [\n");
+        for (Iterator availMechs = mechs.iterator(); availMechs.hasNext();) {
+            CSSCompoundSecMechConfig aConfig = (CSSCompoundSecMechConfig) availMechs.next();
+            aConfig.toString(spaces + "  ", buf);
+            buf.append("\n");
+        }
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.io.Serializable;
+import java.util.List;
+
+import org.apache.geronimo.corba.security.config.tss.TSSCompoundSecMechListConfig;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public final class CSSConfig implements Serializable {
+    private final CSSCompoundSecMechListConfig mechList = new CSSCompoundSecMechListConfig();
+
+    public CSSCompoundSecMechListConfig getMechList() {
+        return mechList;
+    }
+
+    public List findCompatibleSet(TSSCompoundSecMechListConfig mechListConfig) {
+        return mechList.findCompatibleSet(mechListConfig);
+    }
+
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("CSSConfig: [\n");
+        mechList.toString(spaces + "  ", buf);
+        buf.append(spaces).append("]\n");
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSGSSUPMechConfigDynamic.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSGSSUPMechConfigDynamic.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSGSSUPMechConfigDynamic.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSGSSUPMechConfigDynamic.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.util.Iterator;
+import java.util.Set;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
+import org.apache.geronimo.security.ContextManager;
+
+import org.apache.geronimo.corba.security.config.tss.TSSASMechConfig;
+import org.apache.geronimo.corba.security.config.tss.TSSGSSUPMechConfig;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * This GSSUP mechanism obtains its username and password from a named username
+ * password credential that is stored in the subject associated w/ the call
+ * stack.
+ *
+ * @version $Revision: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
+ */
+public class CSSGSSUPMechConfigDynamic implements CSSASMechConfig {
+
+    private final String domain;
+    private transient byte[] encoding;
+
+    public CSSGSSUPMechConfigDynamic(String domain) {
+        this.domain = domain;
+    }
+
+    public short getSupports() {
+        return 0;
+    }
+
+    public short getRequires() {
+        return 0;
+    }
+
+    public boolean canHandle(TSSASMechConfig asMech) {
+        if (asMech instanceof TSSGSSUPMechConfig) return true;
+        if (asMech.getRequires() == 0) return true;
+
+        return false;
+    }
+
+    public byte[] encode() {
+        if (encoding == null) {
+            NamedUsernamePasswordCredential credential = null;
+            Subject subject = ContextManager.getNextCaller();
+
+            Set creds = subject.getPrivateCredentials(NamedUsernamePasswordCredential.class);
+
+            if (creds.size() != 0) {
+                for (Iterator iter = creds.iterator(); iter.hasNext();) {
+                    NamedUsernamePasswordCredential temp = (NamedUsernamePasswordCredential) iter.next();
+                    if (temp.getName().equals(domain)) {
+                        credential = temp;
+                        break;
+                    }
+                }
+                if(credential != null) {
+                    String extendedUserName = Util.buildScopedUserName(credential.getUsername(), domain);
+                    encoding = Util.encodeGSSUPToken(Util.getORB(), Util.getCodec(), extendedUserName, new String(credential.getPassword()), domain);
+                }
+            }
+
+            if (encoding == null) encoding = new byte[0];
+        }
+        return encoding;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("CSSGSSUPMechConfigDynamic: [\n");
+        buf.append(moreSpaces).append("domain:   ").append(domain).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSGSSUPMechConfigStatic.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSGSSUPMechConfigStatic.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSGSSUPMechConfigStatic.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSGSSUPMechConfigStatic.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import org.apache.geronimo.corba.security.config.tss.TSSASMechConfig;
+import org.apache.geronimo.corba.security.config.tss.TSSGSSUPMechConfig;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Revision: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
+ */
+public class CSSGSSUPMechConfigStatic implements CSSASMechConfig {
+
+    private final String username;
+    private final String password;
+    private final String domain;
+    private transient byte[] encoding;
+
+    public CSSGSSUPMechConfigStatic(String username, String password, String domain) {
+        this.username = username;
+        this.password = password;
+        this.domain = domain;
+    }
+
+    public short getSupports() {
+        return 0;
+    }
+
+    public short getRequires() {
+        return 0;
+    }
+
+    public boolean canHandle(TSSASMechConfig asMech) {
+        if (asMech instanceof TSSGSSUPMechConfig) return true;
+        if (asMech.getRequires() == 0) return true;
+
+        return false;
+    }
+
+    public byte[] encode() {
+        if (encoding == null) {
+            String scopedUserName = Util.buildScopedUserName(username, domain);
+            encoding = Util.encodeGSSUPToken(Util.getORB(), Util.getCodec(), scopedUserName, password, domain);
+
+            if (encoding == null) encoding = new byte[0];
+        }
+        return encoding;
+    }
+    
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("CSSGSSUPMechConfigStatic: [\n");
+        buf.append(moreSpaces).append("username: ").append(username).append("\n");
+        buf.append(moreSpaces).append("password: ").append(password).append("\n");
+        buf.append(moreSpaces).append("domain:   ").append(domain).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSNULLASMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSNULLASMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSNULLASMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSNULLASMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import org.apache.geronimo.corba.security.config.tss.TSSASMechConfig;
+import org.apache.geronimo.corba.security.config.tss.TSSNULLASMechConfig;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class CSSNULLASMechConfig implements CSSASMechConfig {
+
+    public short getSupports() {
+        return 0;
+    }
+
+    public short getRequires() {
+        return 0;
+    }
+
+    public boolean canHandle(TSSASMechConfig asMech) {
+        if (asMech instanceof TSSNULLASMechConfig) return true;
+        if (asMech.getRequires() == 0) return true;
+
+        return false;
+    }
+
+    public byte[] encode() {
+        return new byte[0];
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("CSSNULLASMechConfig\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSNULLTransportConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSNULLTransportConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSNULLTransportConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSNULLTransportConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import org.apache.geronimo.corba.security.config.tss.TSSTransportMechConfig;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class CSSNULLTransportConfig implements CSSTransportMechConfig {
+
+    private short supports;
+    private short requires;
+
+    public short getSupports() {
+        return supports;
+    }
+
+    public short getRequires() {
+        return requires;
+    }
+
+    public boolean canHandle(TSSTransportMechConfig transMech) {
+        if ((supports & transMech.getRequires()) != transMech.getRequires()) return false;
+        if ((requires & transMech.getSupports()) != requires) return false;
+
+        return true;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("CSSNULLTransportConfig\n");
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTAbsent.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTAbsent.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTAbsent.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTAbsent.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import org.omg.CSI.IdentityToken;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class CSSSASITTAbsent implements CSSSASIdentityToken {
+
+    public IdentityToken encodeIdentityToken() {
+
+        IdentityToken token = new IdentityToken();
+        token.absent(true);
+        return token;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("CSSSASITTAbsent\n");
+    }
+
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTAnonymous.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTAnonymous.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTAnonymous.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTAnonymous.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import org.omg.CSI.IdentityToken;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class CSSSASITTAnonymous implements CSSSASIdentityToken {
+
+    public IdentityToken encodeIdentityToken() {
+
+        IdentityToken token = new IdentityToken();
+        token.anonymous(true);
+        return token;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("CSSSASITTAnonymous\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,136 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.security.Principal;
+import java.util.Iterator;
+import java.util.Set;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.DomainPrincipal;
+import org.apache.geronimo.security.PrimaryDomainPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.omg.CORBA.Any;
+import org.omg.CSI.GSS_NT_ExportedNameHelper;
+import org.omg.CSI.IdentityToken;
+import org.omg.GSSUP.GSSUPMechOID;
+import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Revision: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
+ */
+public class CSSSASITTPrincipalNameDynamic implements CSSSASIdentityToken {
+
+    private final String oid;
+    private final Class principalClass;
+    private final String domain;
+    private final String realm;
+
+//    public CSSSASITTPrincipalNameDynamic(String domain) {
+//        this(GSSUPMechOID.value.substring(4), domain);
+//    }
+
+    public CSSSASITTPrincipalNameDynamic(String oid, Class principalClass, String domain, String realm) {
+        this.oid = (oid == null ? GSSUPMechOID.value.substring(4) : oid);
+        this.principalClass = principalClass;
+        this.domain = domain;
+        this.realm = realm;
+    }
+
+    /**
+     * TODO should also use login domains?
+     * @return IdentityToken
+     */
+    public IdentityToken encodeIdentityToken() {
+
+        IdentityToken token = null;
+        Subject subject = ContextManager.getNextCaller();
+        String principalName = null;
+        if (subject == null) {
+//            Set principals = Collections.EMPTY_SET;
+        } else if (realm != null) {
+            Set principals = subject.getPrincipals(RealmPrincipal.class);
+            for (Iterator iter = principals.iterator(); iter.hasNext();) {
+                RealmPrincipal p = (RealmPrincipal) iter.next();
+                if (p.getRealm().equals(realm) && p.getLoginDomain().equals(domain) && p.getPrincipal().getClass().equals(principalClass)) {
+                    principalName = p.getPrincipal().getName();
+                    if (p instanceof PrimaryRealmPrincipal) break;
+                }
+            }
+        } else if (domain != null) {
+            Set principals = subject.getPrincipals(DomainPrincipal.class);
+            for (Iterator iter = principals.iterator(); iter.hasNext();) {
+                DomainPrincipal p = (DomainPrincipal) iter.next();
+                if (p.getDomain().equals(domain) && p.getPrincipal().getClass().equals(principalClass)) {
+                    principalName = p.getPrincipal().getName();
+                    if (p instanceof PrimaryDomainPrincipal) break;
+                }
+            }
+        } else {
+            Set principals = subject.getPrincipals(principalClass);
+            if (!principals.isEmpty()) {
+                Principal principal = (Principal) principals.iterator().next();
+                principalName = principal.getName();
+
+            }
+        }
+
+        if (principalName != null) {
+
+            Any any = Util.getORB().create_any();
+
+            //TODO consider including a domain in this scoped-username
+            GSS_NT_ExportedNameHelper.insert(any, Util.encodeGSSExportName(oid, principalName));
+
+            byte[] encoding = null;
+            try {
+                encoding = Util.getCodec().encode_value(any);
+            } catch (InvalidTypeForEncoding itfe) {
+                throw new IllegalStateException("Unable to encode principal name '" + principalName + "' " + itfe);
+            }
+
+            token = new IdentityToken();
+            token.principal_name(encoding);
+        } else {
+            token = new IdentityToken();
+            token.anonymous(true);
+        }
+
+        return token;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("CSSSASITTPrincipalNameDynamic: [\n");
+        buf.append(moreSpaces).append("oid: ").append(oid).append("\n");
+        buf.append(moreSpaces).append("principalClass: ").append(principalClass).append("\n");
+        buf.append(moreSpaces).append("domain: ").append(domain).append("\n");
+        buf.append(moreSpaces).append("realm: ").append(realm).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+    
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTPrincipalNameStatic.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTPrincipalNameStatic.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTPrincipalNameStatic.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASITTPrincipalNameStatic.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import org.omg.CORBA.Any;
+import org.omg.CSI.GSS_NT_ExportedNameHelper;
+import org.omg.CSI.IdentityToken;
+import org.omg.GSSUP.GSSUPMechOID;
+import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
+
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Revision: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
+ */
+public class CSSSASITTPrincipalNameStatic implements CSSSASIdentityToken {
+
+    private final String oid;
+    private final String name;
+    private transient IdentityToken token;
+
+    public CSSSASITTPrincipalNameStatic(String name) {
+
+        this(GSSUPMechOID.value.substring(4), name);
+    }
+
+    public CSSSASITTPrincipalNameStatic(String oid, String name) {
+        this.oid = (oid == null ? GSSUPMechOID.value.substring(4) : oid);
+        this.name = name;
+    }
+
+    public IdentityToken encodeIdentityToken() {
+
+        if (token == null) {
+            Any any = Util.getORB().create_any();
+            //TODO consider including a domain in this scoped-username
+            GSS_NT_ExportedNameHelper.insert(any, Util.encodeGSSExportName(oid, name));
+
+            byte[] encoding = null;
+            try {
+                encoding = Util.getCodec().encode_value(any);
+            } catch (InvalidTypeForEncoding itfe) {
+                throw new IllegalStateException("Unable to encode principal name '" + name + "' " + itfe);
+            }
+
+            token = new IdentityToken();
+            token.principal_name(encoding);
+        }
+        return token;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("CSSSASITTPrincipalNameStatic: [\n");
+        buf.append(moreSpaces).append("oid: ").append(oid).append("\n");
+        buf.append(moreSpaces).append("name: ").append(name).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASIdentityToken.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASIdentityToken.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASIdentityToken.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASIdentityToken.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.io.Serializable;
+
+import org.omg.CSI.IdentityToken;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public interface CSSSASIdentityToken extends Serializable {
+
+    IdentityToken encodeIdentityToken();
+
+    void toString(String spaces, StringBuffer buf);
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSASMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,97 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.io.Serializable;
+
+import org.omg.CSI.AuthorizationElement;
+import org.omg.CSI.IdentityToken;
+
+import org.apache.geronimo.corba.security.config.tss.TSSSASMechConfig;
+import org.apache.geronimo.corba.security.config.ConfigUtil;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class CSSSASMechConfig implements Serializable {
+
+    private short supports;
+    private short requires;
+    private boolean required;
+    private CSSSASIdentityToken identityToken;
+
+
+    public short getSupports() {
+        return supports;
+    }
+
+    public short getRequires() {
+        return requires;
+    }
+
+    public boolean isRequired() {
+        return required;
+    }
+
+    public void setRequired(boolean required) {
+        this.required = required;
+    }
+
+    public CSSSASIdentityToken getIdentityToken() {
+        return identityToken;
+    }
+
+    public void setIdentityToken(CSSSASIdentityToken identityToken) {
+        this.identityToken = identityToken;
+    }
+
+    public boolean canHandle(TSSSASMechConfig sasMech) {
+        if ((supports & sasMech.getRequires()) != sasMech.getRequires()) return false;
+        if ((requires & sasMech.getSupports()) != requires) return false;
+
+        // TODO: FILL THIS IN
+
+        return true;
+    }
+
+    public AuthorizationElement[] encodeAuthorizationElement() {
+        return new AuthorizationElement[0];
+    }
+
+    public IdentityToken encodeIdentityToken() {
+        return identityToken.encodeIdentityToken();
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("CSSSASMechConfig: [\n");
+        buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n");
+        buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n");
+        if (identityToken != null) {
+            identityToken.toString(moreSpaces, buf);
+        }
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSSLTransportConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSSLTransportConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSSLTransportConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSSSLTransportConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import org.apache.geronimo.corba.security.config.tss.TSSTransportMechConfig;
+import org.apache.geronimo.corba.security.config.ConfigUtil;
+
+
+/**
+ * At the moment, this config class can only handle a single address.
+ *
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class CSSSSLTransportConfig implements CSSTransportMechConfig {
+
+    private short supports;
+    private short requires;
+
+    public short getSupports() {
+        return supports;
+    }
+
+    public void setSupports(short supports) {
+        this.supports = supports;
+    }
+
+    public short getRequires() {
+        return requires;
+    }
+
+    public void setRequires(short requires) {
+        this.requires = requires;
+    }
+
+    public boolean canHandle(TSSTransportMechConfig transMech) {
+        if ((supports & transMech.getRequires()) != transMech.getRequires()) return false;
+        if ((requires & transMech.getSupports()) != requires) return false;
+
+        return true;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("CSSSSLTransportConfig: [\n");
+        buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n");
+        buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSTransportMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSTransportMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSTransportMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/css/CSSTransportMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.css;
+
+import java.io.Serializable;
+
+import org.apache.geronimo.corba.security.config.tss.TSSTransportMechConfig;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public interface CSSTransportMechConfig extends Serializable {
+
+    short getSupports();
+
+    short getRequires();
+
+    boolean canHandle(TSSTransportMechConfig transMech);
+
+    void toString(String spaces, StringBuffer buf);
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLCipherSuiteDatabase.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLCipherSuiteDatabase.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLCipherSuiteDatabase.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLCipherSuiteDatabase.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,164 @@
+/**
+  * Licensed to the Apache Software Foundation (ASF) under one or more
+  * contributor license agreements.  See the NOTICE file distributed with
+  * this work for additional information regarding copyright ownership.
+  * The ASF licenses this file to You under the Apache License, Version 2.0
+  * (the "License"); you may not use this file except in compliance with
+  * the License.  You may obtain a copy of the License at
+  *
+  *     http://www.apache.org/licenses/LICENSE-2.0
+  *
+  * Unless required by applicable law or agreed to in writing, software
+  * distributed under the License is distributed on an "AS IS" BASIS,
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
+  */
+package org.apache.geronimo.corba.security.config.ssl;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.omg.CSIIOP.Confidentiality;
+import org.omg.CSIIOP.EstablishTrustInTarget;
+import org.omg.CSIIOP.NoProtection;
+
+
+/**
+ * @version $Revision: 452600 $ $Date: 2006-10-03 12:29:42 -0700 (Tue, 03 Oct 2006) $
+ */
+public final class SSLCipherSuiteDatabase {
+
+    /**
+     * A map for stroing all the cipher suites.
+     */
+    private static final Map SUITES = new HashMap();
+
+    static {
+        // No protection
+        Integer noProt = new Integer(NoProtection.value);
+        SUITES.put("SSL_NULL_WITH_NULL_NULL", noProt);
+        SUITES.put("TLS_NULL_WITH_NULL_NULL", noProt);
+
+        // No authentication
+        Integer noAuth = new Integer(Confidentiality.value);
+        SUITES.put("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth);
+        SUITES.put("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth);
+        SUITES.put("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth);
+        SUITES.put("SSL_DH_anon_WITH_RC4_128_MD5", noAuth);
+        SUITES.put("SSL_DH_anon_WITH_DES_CBC_SHA", noAuth);
+
+        SUITES.put("TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth);
+        SUITES.put("TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth);
+        SUITES.put("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth);
+        SUITES.put("TLS_DH_anon_WITH_RC4_128_MD5", noAuth);
+        SUITES.put("TLS_DH_anon_WITH_DES_CBC_SHA", noAuth);
+
+        // No encryption
+        Integer noEnc = new Integer(EstablishTrustInTarget.value);
+        SUITES.put("SSL_RSA_WITH_NULL_MD5", noEnc);
+        SUITES.put("SSL_RSA_WITH_NULL_SHA", noEnc);
+
+        SUITES.put("TLS_RSA_WITH_NULL_MD5", noEnc);
+        SUITES.put("TLS_RSA_WITH_NULL_SHA", noEnc);
+
+        // Auth and encrypt
+        Integer authEnc = new Integer(EstablishTrustInTarget.value | Confidentiality.value);
+        SUITES.put("SSL_DHE_DSS_WITH_DES_CBC_SHA", authEnc);
+        SUITES.put("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
+        SUITES.put("SSL_RSA_WITH_RC4_128_MD5", authEnc);
+        SUITES.put("SSL_RSA_WITH_RC4_128_SHA", authEnc);
+        SUITES.put("SSL_RSA_WITH_DES_CBC_SHA", authEnc);
+        SUITES.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("SSL_RSA_EXPORT_WITH_RC4_40_MD5", authEnc);
+
+        SUITES.put("TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
+        SUITES.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("TLS_DHE_DSS_WITH_DES_CBC_SHA", authEnc);
+        SUITES.put("TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
+        SUITES.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("TLS_DHE_RSA_WITH_DES_CBC_SHA", authEnc);
+        SUITES.put("TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
+        SUITES.put("TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("TLS_DH_DSS_WITH_DES_CBC_SHA", authEnc);
+        SUITES.put("TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
+        SUITES.put("TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("TLS_DH_RSA_WITH_DES_CBC_SHA", authEnc);
+        SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", authEnc);
+        SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", authEnc);
+        SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", authEnc);
+        SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", authEnc);
+        SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", authEnc);
+        SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", authEnc);
+        SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", authEnc);
+        SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("TLS_KRB5_WITH_DES_CBC_MD5", authEnc);
+        SUITES.put("TLS_KRB5_WITH_DES_CBC_SHA", authEnc);
+        SUITES.put("TLS_KRB5_WITH_RC4_128_MD5", authEnc);
+        SUITES.put("TLS_KRB5_WITH_RC4_128_SHA", authEnc);
+        SUITES.put("TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
+        SUITES.put("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", authEnc);
+        SUITES.put("TLS_RSA_EXPORT_WITH_RC4_40_MD5", authEnc);
+        SUITES.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("TLS_RSA_WITH_DES_CBC_SHA", authEnc);
+        SUITES.put("TLS_RSA_WITH_RC4_128_MD5", authEnc);
+        SUITES.put("TLS_RSA_WITH_RC4_128_SHA", authEnc);
+
+        // RSA supported cipher suite names differ from Sun's
+        SUITES.put("RSA_Export_With_RC2_40_CBC_MD5", authEnc);
+        SUITES.put("RSA_With_DES_CBC_SHA", authEnc);
+        SUITES.put("RSA_Export_With_RC4_40_MD5", authEnc);
+        SUITES.put("RSA_With_RC4_SHA", authEnc);
+        SUITES.put("RSA_With_3DES_EDE_CBC_SHA", authEnc);
+        SUITES.put("RSA_Export_With_DES_40_CBC_SHA", authEnc);
+        SUITES.put("RSA_With_RC4_MD5", authEnc);
+    }
+
+    /**
+     * Do not allow instances of this class.
+     */
+    private SSLCipherSuiteDatabase() {
+    }
+
+    /**
+     * Return an array of cipher suites that match the assocRequires and
+     * assocSupports options.
+     *
+     * @param assocRequires         The required associations.
+     * @param assocSupports         The supported associations.
+     * @param supportedCipherSuites The overall supported cipher suites.
+     * @return The cipher suites that matches the two options.
+     */
+    public static String[] getCipherSuites(int assocRequires, int assocSupports, String[] supportedCipherSuites) {
+
+        assocRequires = assocRequires & (EstablishTrustInTarget.value | Confidentiality.value | NoProtection.value);
+        assocSupports = assocSupports & (EstablishTrustInTarget.value | Confidentiality.value | NoProtection.value);
+
+        ArrayList col = new ArrayList();
+        for (int i = 0; i < supportedCipherSuites.length; ++i) {
+            Integer val = (Integer) SUITES.get(supportedCipherSuites[i]);
+
+            if (val != null && ((assocRequires & ~val.intValue()) == 0 && (val.intValue() & ~assocSupports) == 0)) {
+                col.add(supportedCipherSuites[i]);
+            }
+        }
+
+        String[] ret = new String[col.size()];
+        col.toArray(ret);
+
+        return ret;
+    }
+
+    /**
+     * Return the options values for a cipher suite.
+     *
+     * @param cypherSuite The cipher suite to get the options value for.
+     * @return The int value for the cipher suite.
+     */
+    public static int getAssociaionOptions(String cypherSuite) {
+        return ((Integer) SUITES.get(cypherSuite)).intValue();
+    }
+}
+

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,236 @@
+/**
+  * Licensed to the Apache Software Foundation (ASF) under one or more
+  * contributor license agreements.  See the NOTICE file distributed with
+  * this work for additional information regarding copyright ownership.
+  * The ASF licenses this file to You under the Apache License, Version 2.0
+  * (the "License"); you may not use this file except in compliance with
+  * the License.  You may obtain a copy of the License at
+  *
+  *     http://www.apache.org/licenses/LICENSE-2.0
+  *
+  * Unless required by applicable law or agreed to in writing, software
+  * distributed under the License is distributed on an "AS IS" BASIS,
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
+  */
+package org.apache.geronimo.corba.security.config.ssl;
+
+import org.apache.geronimo.management.geronimo.KeystoreManager;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.geronimo.management.geronimo.KeystoreException;
+
+/**
+ * An active SSL configuration.  The SSL configuration
+ * identifies the KeystoreManager instance to be used
+ * for SSL connections, as well as the specifics
+ * of the certificates to be used for the connections.
+ *
+ * The socket factories attached to the CORBA ORBs
+ * used the SSLConfig to retrieve SocketFactory instances
+ * for creating the secure sockets.
+ * @version $Rev: 484846 $ $Date: 2006-12-08 15:34:10 -0800 (Fri, 08 Dec 2006) $
+ */
+public class SSLConfig {
+    private KeystoreManager manager;
+    private String provider;
+    private String keyStore;
+    private String trustStore;
+    private String keyAlias;
+    private String algorithm = "default";
+    private String protocol = "SSL";
+
+    /**
+     * Default GBean constructor.
+     */
+    public SSLConfig() {
+        manager = null;
+    }
+
+    /**
+     * "Normal" constructor for config items.
+     *
+     * @param keystoreManager
+     *               The keystoreManager instance used to create SSL sockets
+     *               for this configuration.
+     */
+    public SSLConfig(KeystoreManager keystoreManager) {
+        manager = keystoreManager;
+    }
+
+
+    /**
+     * Create an SSLServerSocketFactory instance for creating
+     * server-side SSL connections.
+     *
+     * @param loader The class loader used to resolve classes required
+     *               by the KeystoreManager.
+     *
+     * @return An SSLServerSocketFactory instance created with the
+     *         SSLConfig specifices.
+     *
+     * @throws KeystoreException
+     *                When a problem occurs while creating the factory.
+     */
+    public SSLSocketFactory createSSLFactory(ClassLoader loader) throws KeystoreException {
+        if (manager != null) {
+            // fix up the default algorithm now.
+            if ("default".equalsIgnoreCase(algorithm)) {
+                this.algorithm = KeyManagerFactory.getDefaultAlgorithm();
+            }
+            // the keystore manager does all of the heavy lifting
+            return manager.createSSLFactory(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader);
+        }
+        else {
+            return (SSLSocketFactory) SSLSocketFactory.getDefault();
+        }
+    }
+
+    /**
+     * Create an SSLSocketFactory instance for creating
+     * client-side SSL connections.
+     *
+     * @param loader The class loader used to resolve classes required
+     *               by the KeystoreManager.
+     *
+     * @return An SSLSocketFactory instance created with the
+     *         SSLConfig specifices.
+     *
+     * @throws KeystoreException
+     *                When a problem occurs while creating the factory.
+     */
+    public SSLServerSocketFactory createSSLServerFactory(ClassLoader loader) throws KeystoreException {
+        if (manager != null) {
+            // fix up the default algorithm now.
+            if ("default".equalsIgnoreCase(algorithm)) {
+                this.algorithm = KeyManagerFactory.getDefaultAlgorithm();
+            }
+            // the keystore manager does all of the heavy lifting
+            return manager.createSSLServerFactory(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader);
+        }
+        else {
+            return (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
+        }
+    }
+
+    /**
+     * Get the protocol to be used by this SSL configuration.
+     * Normally, this is just "SSL".
+     *
+     * @return The String name of the configuration protocol.
+     */
+    public String getProtocol() {
+        return protocol;
+    }
+
+    /**
+     * Set the protocol to be used by this configuration.
+     *
+     * @param protocol The new protocol name.
+     */
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+
+    /**
+     * Retrieve the encryption provider to be used for
+     * these connnections.
+     *
+     * @return The current provider name.
+     */
+    public String getProvider() {
+        return provider;
+    }
+
+    /**
+     * Set a new encryption provider for the SSL access.
+     *
+     * @param provider The new provider name.
+     */
+    public void setProvider(String provider) {
+        this.provider = provider;
+    }
+
+    /**
+     * The encryption algorithm to use.
+     *
+     * @return The current encryption algorithm.
+     */
+    public String getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * Algorithm to use.
+     * As different JVMs have different implementations available, the default algorithm can be used by supplying the value "Default".
+     *
+     * @param algorithm the algorithm to use, or "Default" to use the default from {@link javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm()}
+     */
+    public void setAlgorithm(String algorithm) {
+        // cache the value so the null
+        this.algorithm = algorithm;
+    }
+
+    /**
+     * Set the name of the keystore to be used for this
+     * connection.  This must be the name of a keystore
+     * stored within the KeystoreManager instance.
+     *
+     * @param keyStore The key store String name.
+     */
+    public void setKeyStore(String keyStore) {
+        this.keyStore = keyStore;
+    }
+
+    /**
+     * Retrieve the name of the keystore.
+     *
+     * @return The String key store name.
+     */
+    public String getKeyStore() {
+        return keyStore;
+    }
+
+    /**
+     * Set the name of the truststore to be used for
+     * connections.  The truststore must map to one
+     * managed by the KeystoreManager instance.
+     *
+     * @param trustStore The new trustStore name.
+     */
+    public void setTrustStore(String trustStore) {
+        this.trustStore = trustStore;
+    }
+
+    /**
+     * Retrieve the in-use truststore name.
+     *
+     * @return The String name of the trust store.
+     */
+    public String getTrustStore() {
+        return trustStore;
+    }
+
+    /**
+     * Set the key alias to be used for the connection.
+     *
+     * @param keyAlias The String name of the key alias.
+     */
+    public void setKeyAlias(String keyAlias) {
+        this.keyAlias = keyAlias;
+    }
+
+    /**
+     * Retrieve the key alias name to use.
+     *
+     * @return The String name of the key alias.
+     */
+    public String getKeyAlias() {
+        return keyAlias;
+    }
+}
+

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLConfigGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLConfigGBean.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLConfigGBean.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/ssl/SSLConfigGBean.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,51 @@
+/**
+  * Licensed to the Apache Software Foundation (ASF) under one or more
+  * contributor license agreements.  See the NOTICE file distributed with
+  * this work for additional information regarding copyright ownership.
+  * The ASF licenses this file to You under the Apache License, Version 2.0
+  * (the "License"); you may not use this file except in compliance with
+  * the License.  You may obtain a copy of the License at
+  *
+  *     http://www.apache.org/licenses/LICENSE-2.0
+  *
+  * Unless required by applicable law or agreed to in writing, software
+  * distributed under the License is distributed on an "AS IS" BASIS,
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
+  */
+package org.apache.geronimo.corba.security.config.ssl;
+
+import org.apache.geronimo.gbean.GBeanInfo;
+import org.apache.geronimo.gbean.GBeanInfoBuilder;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+
+import org.apache.geronimo.management.geronimo.KeystoreManager;
+
+/**
+ * Implementation of an SSLConfigGBean
+ *
+ * @version $Rev: 452600 $ $Date: 2006-10-03 12:29:42 -0700 (Tue, 03 Oct 2006) $
+ */
+public class SSLConfigGBean {
+
+    public static final GBeanInfo GBEAN_INFO;
+
+    static {
+        GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(SSLConfigGBean.class, "SSL Configuration Adapater", SSLConfig.class, NameFactory.CORBA_SSL);
+        infoBuilder.addAttribute("provider", String.class, true, true);
+        infoBuilder.addAttribute("protocol", String.class, true, true);
+        infoBuilder.addAttribute("algorithm", String.class, true, true);
+        infoBuilder.addAttribute("keyStore", String.class, true, true);
+        infoBuilder.addAttribute("keyAlias", String.class, true, true);
+        infoBuilder.addAttribute("trustStore", String.class, true, true);
+        infoBuilder.addReference("KeystoreManager", KeystoreManager.class, NameFactory.GERONIMO_SERVICE);
+        infoBuilder.setConstructor(new String[]{"KeystoreManager"});
+        GBEAN_INFO = infoBuilder.getBeanInfo();
+    }
+
+    public static GBeanInfo getGBeanInfo() {
+        return GBEAN_INFO;
+    }
+}
+

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSASMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSASMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSASMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSASMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import javax.security.auth.Subject;
+import java.io.Serializable;
+
+import org.omg.CORBA.ORB;
+import org.omg.CSI.EstablishContext;
+import org.omg.CSIIOP.AS_ContextSec;
+import org.omg.IOP.Codec;
+
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public abstract class TSSASMechConfig implements Serializable {
+
+    public abstract short getSupports();
+
+    public abstract short getRequires();
+
+    public abstract AS_ContextSec encodeIOR(ORB orb, Codec codec) throws Exception;
+
+    public static TSSASMechConfig decodeIOR(AS_ContextSec context) {
+        TSSASMechConfig result = null;
+
+        if (context.target_supports == 0) {
+            result = new TSSNULLASMechConfig();
+        } else {
+            result = new TSSGSSUPMechConfig(context);
+        }
+
+        return result;
+    }
+
+    public abstract Subject check(EstablishContext msg) throws SASException;
+
+    public abstract void toString(String spaces, StringBuffer buf);
+
+}



Mime
View raw message