geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject svn commit: r505432 [6/11] - in /geronimo/server/trunk: applications/magicGball/magicGball-ear/src/main/plan/ configs/client-corba-yoko/src/plan/ configs/j2ee-corba-yoko/src/plan/ configs/openejb-corba-deployer/src/plan/ modules/ modules/geronimo-corba...
Date Fri, 09 Feb 2007 19:24:39 GMT
Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSCompoundSecMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSCompoundSecMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSCompoundSecMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSCompoundSecMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,165 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.ORB;
+import org.omg.CSI.EstablishContext;
+import org.omg.CSIIOP.CompoundSecMech;
+import org.omg.IOP.Codec;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.corba.security.SASException;
+import org.apache.geronimo.corba.security.config.ConfigUtil;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSCompoundSecMechConfig implements Serializable {
+
+    private final static Log log = LogFactory.getLog(TSSCompoundSecMechConfig.class);
+    private TSSTransportMechConfig transport_mech;
+    private TSSASMechConfig as_mech;
+    private TSSSASMechConfig sas_mech;
+
+    public TSSTransportMechConfig getTransport_mech() {
+        return transport_mech;
+    }
+
+    public void setTransport_mech(TSSTransportMechConfig transport_mech) {
+        this.transport_mech = transport_mech;
+    }
+
+    public TSSASMechConfig getAs_mech() {
+        return as_mech;
+    }
+
+    public void setAs_mech(TSSASMechConfig as_mech) {
+        this.as_mech = as_mech;
+    }
+
+    public TSSSASMechConfig getSas_mech() {
+        return sas_mech;
+    }
+
+    public void setSas_mech(TSSSASMechConfig sas_mech) {
+        this.sas_mech = sas_mech;
+    }
+
+    public short getSupports() {
+        short result = 0;
+
+        if (transport_mech != null) result |= transport_mech.getSupports();
+        if (as_mech != null) result |= as_mech.getSupports();
+        if (sas_mech != null) result |= sas_mech.getSupports();
+
+        return result;
+    }
+
+    public short getRequires() {
+        short result = 0;
+
+        if (transport_mech != null) result |= transport_mech.getRequires();
+        if (as_mech != null) result |= as_mech.getRequires();
+        if (sas_mech != null) result |= sas_mech.getRequires();
+
+        return result;
+    }
+
+    public CompoundSecMech encodeIOR(ORB orb, Codec codec) throws Exception {
+        CompoundSecMech result = new CompoundSecMech();
+
+        result.target_requires = 0;
+
+        // transport mechanism
+        result.transport_mech = transport_mech.encodeIOR(orb, codec);
+        result.target_requires |= transport_mech.getRequires();
+        if (log.isDebugEnabled()) {
+            log.debug("transport adds supported: " + ConfigUtil.flags(transport_mech.getSupports()));
+            log.debug("transport adds required: " + ConfigUtil.flags(transport_mech.getRequires()));
+        }
+
+        // AS_ContextSec
+        result.as_context_mech = as_mech.encodeIOR(orb, codec);
+        result.target_requires |= as_mech.getRequires();
+        if (log.isDebugEnabled()) {
+            log.debug("AS adds supported: " + ConfigUtil.flags(as_mech.getSupports()));
+            log.debug("AS adds required: " + ConfigUtil.flags(as_mech.getRequires()));
+        }
+
+        // SAS_ContextSec
+        result.sas_context_mech = sas_mech.encodeIOR(orb, codec);
+        result.target_requires |= sas_mech.getRequires();
+        if (log.isDebugEnabled()) {
+            log.debug("SAS adds supported: " + ConfigUtil.flags(sas_mech.getSupports()));
+            log.debug("SAS adds required: " + ConfigUtil.flags(sas_mech.getRequires()));
+
+            log.debug("REQUIRES: " + ConfigUtil.flags(result.target_requires));
+        }
+
+
+        return result;
+    }
+
+    public static TSSCompoundSecMechConfig decodeIOR(Codec codec, CompoundSecMech compoundSecMech) throws Exception {
+        TSSCompoundSecMechConfig result = new TSSCompoundSecMechConfig();
+
+        result.setTransport_mech(TSSTransportMechConfig.decodeIOR(codec, compoundSecMech.transport_mech));
+        result.setAs_mech(TSSASMechConfig.decodeIOR(compoundSecMech.as_context_mech));
+        result.setSas_mech(new TSSSASMechConfig(compoundSecMech.sas_context_mech));
+
+        return result;
+    }
+
+    public Subject check(EstablishContext msg) throws SASException {
+        Subject asSubject = as_mech.check(msg);
+        Subject sasSubject = sas_mech.check(msg);
+
+        if (sasSubject != null) return sasSubject;
+
+        return asSubject;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSCompoundSecMechConfig: [\n");
+        buf.append(moreSpaces).append("SUPPORTS (aggregate): ").append(ConfigUtil.flags(getSupports())).append("\n");
+        buf.append(moreSpaces).append("REQUIRES (aggregate): ").append(ConfigUtil.flags(getRequires())).append("\n");
+        if (transport_mech != null) {
+            transport_mech.toString(moreSpaces, buf);
+        }
+        if (as_mech != null) {
+            as_mech.toString(moreSpaces, buf);
+        }
+        if (sas_mech != null) {
+            sas_mech.toString(moreSpaces, buf);
+        }
+        buf.append(spaces).append("]\n");
+    }
+
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSCompoundSecMechListConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSCompoundSecMechListConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSCompoundSecMechListConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSCompoundSecMechListConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.ORB;
+import org.omg.CSI.EstablishContext;
+import org.omg.CSIIOP.CompoundSecMech;
+import org.omg.CSIIOP.CompoundSecMechList;
+import org.omg.CSIIOP.CompoundSecMechListHelper;
+import org.omg.CSIIOP.TAG_CSI_SEC_MECH_LIST;
+import org.omg.IOP.Codec;
+import org.omg.IOP.TaggedComponent;
+
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSCompoundSecMechListConfig implements Serializable {
+
+    private boolean stateful;
+    private final ArrayList mechs = new ArrayList();
+
+    public boolean isStateful() {
+        return stateful;
+    }
+
+    public void setStateful(boolean stateful) {
+        this.stateful = stateful;
+    }
+
+    public void add(TSSCompoundSecMechConfig mech) {
+        mechs.add(mech);
+    }
+
+    public TSSCompoundSecMechConfig mechAt(int i) {
+        return (TSSCompoundSecMechConfig) mechs.get(i);
+    }
+
+    public int size() {
+        return mechs.size();
+    }
+
+    public TaggedComponent encodeIOR(ORB orb, Codec codec) throws Exception {
+        CompoundSecMechList csml = new CompoundSecMechList();
+
+        csml.stateful = stateful;
+        csml.mechanism_list = new CompoundSecMech[mechs.size()];
+
+        for (int i = 0; i < mechs.size(); i++) {
+            csml.mechanism_list[i] = ((TSSCompoundSecMechConfig) mechs.get(i)).encodeIOR(orb, codec);
+        }
+
+        Any any = orb.create_any();
+        CompoundSecMechListHelper.insert(any, csml);
+
+        return new TaggedComponent(TAG_CSI_SEC_MECH_LIST.value, codec.encode_value(any));
+    }
+
+    public static TSSCompoundSecMechListConfig decodeIOR(Codec codec, TaggedComponent taggedComponent) throws Exception {
+        TSSCompoundSecMechListConfig result = new TSSCompoundSecMechListConfig();
+
+        Any any = codec.decode_value(taggedComponent.component_data, CompoundSecMechListHelper.type());
+        CompoundSecMechList csml = CompoundSecMechListHelper.extract(any);
+
+        result.setStateful(csml.stateful);
+
+        for (int i = 0; i < csml.mechanism_list.length; i++) {
+            result.add(TSSCompoundSecMechConfig.decodeIOR(codec, csml.mechanism_list[i]));
+        }
+
+        return result;
+    }
+
+    public Subject check(EstablishContext msg) throws SASException {
+        Subject result = null;
+
+        for (int i = 0; i < mechs.size(); i++) {
+            result = ((TSSCompoundSecMechConfig) mechs.get(i)).check(msg);
+            if (result != null) break;
+        }
+
+        return result;
+    }
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("TSSCompoundSecMechListConfig: [\n");
+        for (Iterator availMechs = mechs.iterator(); availMechs.hasNext();) {
+            TSSCompoundSecMechConfig aConfig = (TSSCompoundSecMechConfig) availMechs.next();
+            aConfig.toString(spaces + "  ", buf);
+            buf.append("\n");
+        }
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.ORB;
+import org.omg.CSI.EstablishContext;
+import org.omg.IOP.Codec;
+import org.omg.IOP.TaggedComponent;
+
+import org.apache.geronimo.security.deploy.DefaultPrincipal;
+
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSConfig implements Serializable {
+
+    private boolean inherit;
+    private DefaultPrincipal defaultPrincipal;
+    private TSSTransportMechConfig transport_mech;
+    private final TSSCompoundSecMechListConfig mechListConfig = new TSSCompoundSecMechListConfig();
+
+    public boolean isInherit() {
+        return inherit;
+    }
+
+    public void setInherit(boolean inherit) {
+        this.inherit = inherit;
+    }
+
+    public DefaultPrincipal getDefaultPrincipal() {
+        return defaultPrincipal;
+    }
+
+    public void setDefaultPrincipal(DefaultPrincipal defaultPrincipal) {
+        this.defaultPrincipal = defaultPrincipal;
+    }
+
+    public TSSTransportMechConfig getTransport_mech() {
+        return transport_mech;
+    }
+
+    public void setTransport_mech(TSSTransportMechConfig transport_mech) {
+        this.transport_mech = transport_mech;
+    }
+
+    public TSSCompoundSecMechListConfig getMechListConfig() {
+        return mechListConfig;
+    }
+
+    public TaggedComponent generateIOR(ORB orb, Codec codec) throws Exception {
+        return mechListConfig.encodeIOR(orb, codec);
+    }
+
+    public Subject check(SSLSession session, EstablishContext msg) throws SASException {
+
+        Subject transportSubject = transport_mech.check(session);
+        
+        Subject mechSubject = mechListConfig.check(msg);
+        if (mechSubject != null) return mechSubject;
+
+        return transportSubject;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSConfig: [\n");
+        if (defaultPrincipal != null) {
+            buf.append(moreSpaces).append("defaultPrincipal: ").append(defaultPrincipal.toString()).append("\n");
+        } else {
+            buf.append(moreSpaces).append("defaultPrincipal null\n");
+        }
+        if (transport_mech != null) {
+            transport_mech.toString(moreSpaces, buf);
+        } else {
+            buf.append(moreSpaces).append("null transport_mech\n");
+        }
+        mechListConfig.toString(moreSpaces, buf);
+        buf.append(spaces).append("]\n");
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSEntity.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSEntity.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSEntity.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSEntity.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+import javax.security.auth.x500.X500Principal;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSEntity implements Serializable {
+    private String hostname;
+    private X500Principal distinguishedName;
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    public void setHostname(String hostname) {
+        this.hostname = hostname;
+    }
+
+    public X500Principal getDistinguishedName() {
+        return distinguishedName;
+    }
+
+    public void setDistinguishedName(X500Principal distinguishedName) {
+        this.distinguishedName = distinguishedName;
+    }
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSEntity: [\n");
+        buf.append(moreSpaces).append("hostname: ").append(hostname).append("\n");
+        buf.append(moreSpaces).append("distinguishedName: ").append(distinguishedName).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSExportedNameConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSExportedNameConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSExportedNameConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSExportedNameConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import org.omg.CSIIOP.SCS_GSSExportedName;
+import org.omg.CSIIOP.ServiceConfiguration;
+
+import org.apache.geronimo.corba.security.config.ConfigException;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * TODO: This is just wrong
+ *
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSGSSExportedNameConfig extends TSSServiceConfigurationConfig {
+
+    private String name;
+    private String oid;
+
+    public TSSGSSExportedNameConfig(byte[] name) throws Exception {
+        this.name = Util.decodeGSSExportName(name);
+    }
+
+    public TSSGSSExportedNameConfig(String name, String oid) {
+        this.name = name;
+        this.oid = oid;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getOid() {
+        return oid;
+    }
+
+    public void setOid(String oid) {
+        this.oid = oid;
+    }
+
+    public ServiceConfiguration generateServiceConfiguration() throws ConfigException {
+        ServiceConfiguration config = new ServiceConfiguration();
+
+        config.syntax = SCS_GSSExportedName.value;
+        config.name = Util.encodeGSSExportName(oid, name);
+
+        if (config.name == null) throw new ConfigException("Unable to encode GSSExportedName");
+
+        return config;
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSGSSExportedNameConfig: [\n");
+        buf.append(moreSpaces).append("oid : ").append(oid).append("\n");
+        buf.append(moreSpaces).append("name: ").append(name).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,138 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.UnsupportedEncodingException;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.omg.CORBA.ORB;
+import org.omg.CSI.EstablishContext;
+import org.omg.CSIIOP.AS_ContextSec;
+import org.omg.CSIIOP.EstablishTrustInClient;
+import org.omg.GSSUP.GSSUPMechOID;
+import org.omg.GSSUP.InitialContextToken;
+import org.omg.IOP.Codec;
+
+import org.apache.geronimo.security.jaas.UsernamePasswordCallback;
+import org.apache.geronimo.security.ContextManager;
+
+import org.apache.geronimo.corba.security.SASException;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Rev: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
+ */
+public class TSSGSSUPMechConfig extends TSSASMechConfig {
+
+    private String targetName;
+    private boolean required;
+
+    public TSSGSSUPMechConfig() {
+    }
+
+    public TSSGSSUPMechConfig(AS_ContextSec context) {
+        targetName = Util.decodeGSSExportName(context.target_name);
+        required = (context.target_requires == EstablishTrustInClient.value);
+    }
+
+    public String getTargetName() {
+        return targetName;
+    }
+
+    public void setTargetName(String targetName) {
+        this.targetName = targetName;
+    }
+
+    public boolean isRequired() {
+        return required;
+    }
+
+    public void setRequired(boolean required) {
+        this.required = required;
+    }
+
+    public short getSupports() {
+        return EstablishTrustInClient.value;
+    }
+
+    public short getRequires() {
+        return (required ? EstablishTrustInClient.value : 0);
+    }
+
+    public AS_ContextSec encodeIOR(ORB orb, Codec codec) throws Exception {
+        AS_ContextSec result = new AS_ContextSec();
+
+        result.target_supports = EstablishTrustInClient.value;
+        result.target_requires = (required ? EstablishTrustInClient.value : 0);
+        result.client_authentication_mech = Util.encodeOID(GSSUPMechOID.value);
+        result.target_name = Util.encodeGSSExportName(GSSUPMechOID.value, targetName);
+
+        return result;
+    }
+
+    public Subject check(EstablishContext msg) throws SASException {
+        Subject result = null;
+
+        try {
+            if (msg.client_authentication_token != null && msg.client_authentication_token.length > 0) {
+                InitialContextToken token = new InitialContextToken();
+
+                if (!Util.decodeGSSUPToken(Util.getCodec(), msg.client_authentication_token, token))
+                    throw new SASException(2);
+
+                if (token.target_name == null) return null;
+
+                String tokenTargetName = (token.target_name == null ? targetName : new String(token.target_name, "UTF8"));
+
+                if (!targetName.equals(tokenTargetName)) throw new SASException(2);
+                String userName = Util.extractUserNameFromScopedName(token.username);
+
+                LoginContext context = new LoginContext(tokenTargetName,
+                        new UsernamePasswordCallback(userName,
+                                new String(token.password, "UTF8").toCharArray()));
+                context.login();
+                result = ContextManager.getServerSideSubject(context.getSubject());
+            }
+        } catch (UnsupportedEncodingException e) {
+            throw new SASException(1, e);
+        } catch (LoginException e) {
+            throw new SASException(1, e);
+        }
+
+
+        return result;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSGSSUPMechConfig: [\n");
+        buf.append(moreSpaces).append("targetName:   ").append(targetName).append("\n");
+        buf.append(moreSpaces).append("required  :   ").append(required).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGeneralNameConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGeneralNameConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGeneralNameConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGeneralNameConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.IOException;
+
+import org.omg.CSIIOP.SCS_GeneralNames;
+import org.omg.CSIIOP.ServiceConfiguration;
+
+import org.apache.geronimo.corba.security.config.ConfigException;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSGeneralNameConfig extends TSSServiceConfigurationConfig {
+
+    private String name;
+
+    public TSSGeneralNameConfig(byte[] name) throws Exception {
+        this.name = Util.decodeGeneralName(name);
+    }
+
+    public TSSGeneralNameConfig(String name) {
+        this.name = name;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public ServiceConfiguration generateServiceConfiguration() throws ConfigException {
+        try {
+            ServiceConfiguration config = new ServiceConfiguration();
+
+            config.syntax = SCS_GeneralNames.value;
+            config.name = Util.encodeGeneralName(name);
+
+            return config;
+        } catch (IOException e) {
+            throw new ConfigException("Unable to encode GeneralName", e);
+        }
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSGeneralNameConfig: [\n");
+        buf.append(moreSpaces).append("name: ").append(name).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTAbsent.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTAbsent.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTAbsent.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTAbsent.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import javax.security.auth.Subject;
+
+import org.omg.CSI.ITTAbsent;
+import org.omg.CSI.IdentityToken;
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSITTAbsent extends TSSSASIdentityToken {
+
+    public static final String OID = "";
+
+    public short getType() {
+        return ITTAbsent.value;
+    }
+
+    public String getOID() {
+        return OID;
+    }
+
+    public Subject check(IdentityToken identityToken) throws SASException {
+        return null;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("TSSITTAbsent\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTAnonymous.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTAnonymous.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTAnonymous.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTAnonymous.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import javax.security.auth.Subject;
+
+import org.omg.CSI.ITTAnonymous;
+import org.omg.CSI.IdentityToken;
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSITTAnonymous extends TSSSASIdentityToken {
+
+    public static final String OID = "";
+
+    public TSSITTAnonymous() {
+    }
+
+    public short getType() {
+        return ITTAnonymous.value;
+    }
+
+    public String getOID() {
+        return OID;
+    }
+
+    public Subject check(IdentityToken identityToken) throws SASException {
+        //TODO this is wrong.  The anonymous identity token should force the default subject/principal since
+        //TODO the presence of an identity token is an identity assertion.
+        return null;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("TSSITTAnonymous\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTDistinguishedName.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTDistinguishedName.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTDistinguishedName.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTDistinguishedName.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+
+import org.omg.CORBA.Any;
+import org.omg.CSI.ITTDistinguishedName;
+import org.omg.CSI.IdentityToken;
+import org.omg.CSI.X501DistinguishedNameHelper;
+import org.omg.IOP.CodecPackage.FormatMismatch;
+import org.omg.IOP.CodecPackage.TypeMismatch;
+
+import org.apache.geronimo.security.DomainPrincipal;
+import org.apache.geronimo.security.PrimaryDomainPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+
+import org.apache.geronimo.corba.security.SASException;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSITTDistinguishedName extends TSSSASIdentityToken {
+
+    public static final String OID = "";
+    private final String realmName;
+    private final String domainName;
+
+    public TSSITTDistinguishedName(String realmName, String domainName) {
+        this.realmName = realmName;
+        this.domainName = domainName;
+    }
+
+    public short getType() {
+        return ITTDistinguishedName.value;
+    }
+
+    public String getOID() {
+        return OID;
+    }
+
+    public Subject check(IdentityToken identityToken) throws SASException {
+        byte[] distinguishedNameToken = identityToken.dn();
+        Any any = null;
+        try {
+            any = Util.getCodec().decode_value(distinguishedNameToken, X501DistinguishedNameHelper.type());
+        } catch (FormatMismatch formatMismatch) {
+            throw new SASException(1, formatMismatch);
+        } catch (TypeMismatch typeMismatch) {
+            throw new SASException(1, typeMismatch);
+        }
+
+        byte[] principalNameBytes = X501DistinguishedNameHelper.extract(any);
+        Subject subject = new Subject();
+        X500Principal x500Principal = new X500Principal(principalNameBytes);
+        subject.getPrincipals().add(x500Principal);
+
+        if (realmName != null && domainName != null) {
+            subject.getPrincipals().add(new RealmPrincipal(realmName, domainName, x500Principal));
+            subject.getPrincipals().add(new PrimaryRealmPrincipal(realmName, domainName, x500Principal));
+        }
+        if (domainName != null) {
+            subject.getPrincipals().add(new DomainPrincipal(domainName, x500Principal));
+            subject.getPrincipals().add(new PrimaryDomainPrincipal(domainName, x500Principal));
+        }
+
+        return subject;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSITTDistinguishedName: [\n");
+        buf.append(moreSpaces).append("domain: ").append(domainName).append("\n");
+        buf.append(moreSpaces).append("realm: ").append(realmName).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,122 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.security.Principal;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.security.DomainPrincipal;
+import org.apache.geronimo.security.PrimaryDomainPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.omg.CORBA.Any;
+import org.omg.CSI.GSS_NT_ExportedNameHelper;
+import org.omg.CSI.ITTPrincipalName;
+import org.omg.CSI.IdentityToken;
+import org.omg.GSSUP.GSSUPMechOID;
+import org.omg.IOP.CodecPackage.FormatMismatch;
+import org.omg.IOP.CodecPackage.TypeMismatch;
+import org.apache.geronimo.corba.security.SASException;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Rev: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
+ */
+public class TSSITTPrincipalNameGSSUP extends TSSSASIdentityToken {
+
+    public static final String OID = GSSUPMechOID.value.substring(4);
+    private final Class principalClass;
+    private transient Constructor constructor;
+    private final String realmName;
+    private final String domainName;
+
+    public TSSITTPrincipalNameGSSUP(Class principalClass, String realmName, String domainName) throws NoSuchMethodException {
+        this.principalClass = principalClass;
+        this.realmName = realmName;
+        this.domainName = domainName;
+        getConstructor();
+    }
+
+    private void getConstructor() throws NoSuchMethodException {
+        if (constructor == null && principalClass != null) {
+            constructor = principalClass.getConstructor(new Class[]{String.class});
+        }
+    }
+
+    public short getType() {
+        return ITTPrincipalName.value;
+    }
+
+    public String getOID() {
+        return OID;
+    }
+
+    public Subject check(IdentityToken identityToken) throws SASException {
+        assert principalClass != null;
+        byte[] principalNameToken = identityToken.principal_name();
+        Any any = null;
+        try {
+            any = Util.getCodec().decode_value(principalNameToken, GSS_NT_ExportedNameHelper.type());
+        } catch (FormatMismatch formatMismatch) {
+            throw new SASException(1, formatMismatch);
+        } catch (TypeMismatch typeMismatch) {
+            throw new SASException(1, typeMismatch);
+        }
+        byte[] principalNameBytes = GSS_NT_ExportedNameHelper.extract(any);
+        String principalName = Util.decodeGSSExportName(principalNameBytes);
+        principalName = Util.extractUserNameFromScopedName(principalName);
+        Principal basePrincipal = null;
+        try {
+            getConstructor();
+            basePrincipal = (Principal) constructor.newInstance(new Object[]{principalName});
+        } catch (InstantiationException e) {
+            throw new SASException(1, e);
+        } catch (IllegalAccessException e) {
+            throw new SASException(1, e);
+        } catch (InvocationTargetException e) {
+            throw new SASException(1, e);
+        } catch (NoSuchMethodException e) {
+            throw new SASException(1, e);
+        }
+
+        Subject subject = new Subject();
+        subject.getPrincipals().add(basePrincipal);
+        if (realmName != null && domainName != null) {
+            subject.getPrincipals().add(new RealmPrincipal(realmName, domainName, basePrincipal));
+            subject.getPrincipals().add(new PrimaryRealmPrincipal(realmName, domainName, basePrincipal));
+        }
+        if (domainName != null) {
+            subject.getPrincipals().add(new DomainPrincipal(domainName, basePrincipal));
+            subject.getPrincipals().add(new PrimaryDomainPrincipal(domainName, basePrincipal));
+        }
+
+        return subject;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSITTPrincipalNameGSSUP: [\n");
+        buf.append(moreSpaces).append("principalClass: ").append(principalClass).append("\n");
+        buf.append(moreSpaces).append("domain: ").append(domainName).append("\n");
+        buf.append(moreSpaces).append("realm: ").append(realmName).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTX509CertChain.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTX509CertChain.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTX509CertChain.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSITTX509CertChain.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import javax.security.auth.Subject;
+
+import org.omg.CSI.ITTX509CertChain;
+import org.omg.CSI.IdentityToken;
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSITTX509CertChain extends TSSSASIdentityToken {
+
+    public static final String OID = "";
+    private final String realmName;
+    private final String domainName;
+
+    public TSSITTX509CertChain(String realmName, String domainName) {
+        this.realmName = realmName;
+        this.domainName = domainName;
+    }
+
+    public short getType() {
+        return ITTX509CertChain.value;
+    }
+
+    public String getOID() {
+        return OID;
+    }
+
+    public Subject check(IdentityToken identityToken) throws SASException {
+        throw new SASException(1, new Exception("NYI -- cert chain identity token"));
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSITTX509CertChain (NYI): [\n");
+        buf.append(moreSpaces).append("domain: ").append(domainName).append("\n");
+        buf.append(moreSpaces).append("realm: ").append(realmName).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSNULLASMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSNULLASMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSNULLASMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSNULLASMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,72 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.ORB;
+import org.omg.CSI.EstablishContext;
+import org.omg.CSIIOP.AS_ContextSec;
+import org.omg.GSSUP.GSSUPMechOID;
+import org.omg.IOP.Codec;
+
+import org.apache.geronimo.corba.security.SASException;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSNULLASMechConfig extends TSSASMechConfig {
+
+    public short getSupports() {
+        return 0;
+    }
+
+    public short getRequires() {
+        return 0;
+    }
+
+    /**
+     * Encode a virtually null AS context.  Since supports is zero, everything
+     * else should be ignored.
+     *
+     * @param orb
+     * @param codec
+     * @return
+     * @throws Exception
+     */
+    public AS_ContextSec encodeIOR(ORB orb, Codec codec) throws Exception {
+        AS_ContextSec result = new AS_ContextSec();
+
+        result.target_supports = 0;
+        result.target_requires = 0;
+        result.client_authentication_mech = Util.encodeOID(GSSUPMechOID.value);
+        result.target_name = Util.encodeGSSExportName(GSSUPMechOID.value, "");
+
+        return result;
+    }
+
+    public Subject check(EstablishContext msg) throws SASException {
+        return null;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("TSSNULLASMechConfig\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSNULLTransportConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSNULLTransportConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSNULLTransportConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSNULLTransportConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.ORB;
+import org.omg.CSIIOP.TAG_NULL_TAG;
+import org.omg.IOP.Codec;
+import org.omg.IOP.TaggedComponent;
+
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * At the moment, this config class can only handle a single address.
+ *
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSNULLTransportConfig extends TSSTransportMechConfig {
+
+    public short getSupports() {
+        return 0;
+    }
+
+    public short getRequires() {
+        return 0;
+    }
+
+    public TaggedComponent encodeIOR(ORB orb, Codec codec) {
+        TaggedComponent result = new TaggedComponent();
+
+        result.tag = TAG_NULL_TAG.value;
+        result.component_data = new byte[0];
+
+        return result;
+    }
+
+    /**
+     * Returns null subject, since the transport layer can not establish the subject.
+     * @param session
+     * @return
+     * @throws SASException
+     */
+    public Subject check(SSLSession session) throws SASException {
+        return null;
+    }
+
+    public void toString(String spaces, StringBuffer buf) {
+        buf.append(spaces).append("TSSNULLTransportConfig\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSASIdentityToken.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSASIdentityToken.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSASIdentityToken.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSASIdentityToken.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+import javax.security.auth.Subject;
+
+import org.omg.CSI.IdentityToken;
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public abstract class TSSSASIdentityToken implements Serializable {
+
+    public abstract short getType();
+
+    public abstract String getOID();
+
+    public abstract Subject check(IdentityToken identityToken) throws SASException;
+
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof TSSSASIdentityToken)) return false;
+
+        final TSSSASIdentityToken token = (TSSSASIdentityToken) o;
+
+        if (getType() != token.getType()) return false;
+        if (!getOID().equals(token.getOID())) return false;
+
+        return true;
+    }
+
+    public int hashCode() {
+        int result = getOID().hashCode();
+        result = 29 * result + (int) getType();
+        return result;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    abstract void toString(String spaces, StringBuffer buf);
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSASMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSASMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSASMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSASMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,193 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.ORB;
+import org.omg.CSI.EstablishContext;
+import org.omg.CSI.ITTPrincipalName;
+import org.omg.CSI.IdentityToken;
+import org.omg.CSIIOP.DelegationByClient;
+import org.omg.CSIIOP.IdentityAssertion;
+import org.omg.CSIIOP.SAS_ContextSec;
+import org.omg.CSIIOP.ServiceConfiguration;
+import org.omg.IOP.Codec;
+import org.apache.geronimo.corba.security.SASException;
+import org.apache.geronimo.corba.security.config.ConfigUtil;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSSASMechConfig implements Serializable {
+
+    private short supports;
+    private short requires;
+    private boolean required;
+    private final ArrayList privilegeAuthorities = new ArrayList();
+    private final Map idTokens = new HashMap();
+
+    public TSSSASMechConfig() {
+    }
+
+    public TSSSASMechConfig(SAS_ContextSec context) throws Exception {
+        supports = context.target_supports;
+        requires = context.target_requires;
+
+        ServiceConfiguration[] c = context.privilege_authorities;
+        for (int i = 0; i < c.length; i++) {
+            privilegeAuthorities.add(TSSServiceConfigurationConfig.decodeIOR(c[i]));
+        }
+
+        byte[][] n = context.supported_naming_mechanisms;
+        for (int i = 0; i < n.length; i++) {
+            String oid = Util.decodeOID(n[i]);
+
+            //TODO is this needed?
+            if (TSSITTPrincipalNameGSSUP.OID.equals(oid)) {
+                //TODO this doesn't make sense if we plan to use this for identity check.
+                addIdentityToken(new TSSITTPrincipalNameGSSUP(null, null, null));
+            }
+        }
+
+        supports = context.target_supports;
+        requires = context.target_requires;
+    }
+
+    public void addServiceConfigurationConfig(TSSServiceConfigurationConfig config) {
+        privilegeAuthorities.add(config);
+
+        supports |= DelegationByClient.value;
+        if (required) requires = DelegationByClient.value;
+    }
+
+    public TSSServiceConfigurationConfig serviceConfigurationAt(int i) {
+        return (TSSServiceConfigurationConfig) privilegeAuthorities.get(i);
+    }
+
+    public int paSize() {
+        return privilegeAuthorities.size();
+    }
+
+    public void addIdentityToken(TSSSASIdentityToken token) {
+        idTokens.put(new Integer(token.getType()), token);
+
+        if (token.getType() > 0) supports |= IdentityAssertion.value;
+    }
+
+    public short getSupports() {
+        return supports;
+    }
+
+    public short getRequires() {
+        return requires;
+    }
+
+    public boolean isRequired() {
+        return required;
+    }
+
+    public void setRequired(boolean required) {
+        this.required = required;
+        if (required) requires |= (short) (supports & DelegationByClient.value);
+    }
+
+    public SAS_ContextSec encodeIOR(ORB orb, Codec codec) throws Exception {
+
+        SAS_ContextSec result = new SAS_ContextSec();
+
+        int i = 0;
+        result.privilege_authorities = new ServiceConfiguration[privilegeAuthorities.size()];
+        for (Iterator iter = privilegeAuthorities.iterator(); iter.hasNext();) {
+            result.privilege_authorities[i++] = ((TSSServiceConfigurationConfig) iter.next()).generateServiceConfiguration();
+        }
+
+        ArrayList list = new ArrayList();
+        for (Iterator iter = idTokens.values().iterator(); iter.hasNext();) {
+            TSSSASIdentityToken token = (TSSSASIdentityToken) iter.next();
+
+            if (token.getType() == ITTPrincipalName.value) {
+                list.add(token);
+            }
+            result.supported_identity_types |= token.getType();
+        }
+
+        i = 0;
+        result.supported_naming_mechanisms = new byte[list.size()][];
+        for (Iterator iter = list.iterator(); iter.hasNext();) {
+            TSSSASIdentityToken token = (TSSSASIdentityToken) iter.next();
+
+            result.supported_naming_mechanisms[i++] = Util.encodeOID(token.getOID());
+        }
+
+        result.target_supports = supports;
+        result.target_requires = requires;
+
+        return result;
+    }
+
+    public Subject check(EstablishContext msg) throws SASException {
+        if (msg.identity_token != null) {
+            IdentityToken identityToken = msg.identity_token;
+            int discriminator = identityToken.discriminator();
+            TSSSASIdentityToken tssIdentityToken = (TSSSASIdentityToken) idTokens.get(new Integer(discriminator));
+            if (tssIdentityToken == null) {
+                throw new SASException(1, new Exception("Unsupported IdentityTokenType: " + discriminator));
+            } else {
+                return tssIdentityToken.check(identityToken);
+            }
+        } else {
+            return null;
+        }
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append(getName()).append(": [\n");
+        buf.append(moreSpaces).append("required: ").append(required).append("\n");
+        buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n");
+        buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n");
+        for (Iterator iterator = privilegeAuthorities.iterator(); iterator.hasNext();) {
+            TSSServiceConfigurationConfig tssServiceConfigurationConfig = (TSSServiceConfigurationConfig) iterator.next();
+            tssServiceConfigurationConfig.toString(moreSpaces, buf);
+        }
+        buf.append("\n");
+        for (Iterator iterator = idTokens.values().iterator(); iterator.hasNext();) {
+            TSSSASIdentityToken identityToken = (TSSSASIdentityToken) iterator.next();
+            identityToken.toString(moreSpaces, buf);
+        }
+        buf.append(spaces).append("]\n");
+    }
+
+    protected String getName() {
+        return "TSSSASMechConfig";
+    }
+    
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSECIOPTransportConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSECIOPTransportConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSECIOPTransportConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSECIOPTransportConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,153 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.ORB;
+import org.omg.CSIIOP.SECIOP_SEC_TRANS;
+import org.omg.CSIIOP.SECIOP_SEC_TRANSHelper;
+import org.omg.CSIIOP.TAG_SECIOP_SEC_TRANS;
+import org.omg.CSIIOP.TLS_SEC_TRANSHelper;
+import org.omg.CSIIOP.TransportAddress;
+import org.omg.IOP.Codec;
+import org.omg.IOP.TaggedComponent;
+
+import org.apache.geronimo.corba.security.SASException;
+import org.apache.geronimo.corba.security.config.ConfigUtil;
+import org.apache.geronimo.corba.util.Util;
+
+
+/**
+ * TODO: this class needs to be revisited.
+ *
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSSECIOPTransportConfig extends TSSTransportMechConfig {
+
+    private short supports;
+    private short requires;
+    private String mechOID;
+    private String targetName;
+    private final List addresses = new ArrayList(1);
+
+    public TSSSECIOPTransportConfig() {
+    }
+
+    public TSSSECIOPTransportConfig(TaggedComponent component, Codec codec) throws Exception {
+        Any any = codec.decode_value(component.component_data, TLS_SEC_TRANSHelper.type());
+        SECIOP_SEC_TRANS tst = SECIOP_SEC_TRANSHelper.extract(any);
+
+        supports = tst.target_supports;
+        requires = tst.target_requires;
+        mechOID = Util.decodeOID(tst.mech_oid);
+        targetName = new String(tst.target_name);
+
+        for (int i = 0; i < tst.addresses.length; i++) {
+            addresses.add(new TSSTransportAddressConfig(tst.addresses[i].port, tst.addresses[i].host_name));
+        }
+    }
+
+    public short getSupports() {
+        return supports;
+    }
+
+    public void setSupports(short supports) {
+        this.supports = supports;
+    }
+
+    public short getRequires() {
+        return requires;
+    }
+
+    public void setRequires(short requires) {
+        this.requires = requires;
+    }
+
+    public String getMechOID() {
+        return mechOID;
+    }
+
+    public void setMechOID(String mechOID) {
+        this.mechOID = mechOID;
+    }
+
+    public String getTargetName() {
+        return targetName;
+    }
+
+    public void setTargetName(String targetName) {
+        this.targetName = targetName;
+    }
+
+    public List getAddresses() {
+        return addresses;
+    }
+
+    public TaggedComponent encodeIOR(ORB orb, Codec codec) throws Exception {
+        TaggedComponent result = new TaggedComponent();
+
+        SECIOP_SEC_TRANS sst = new SECIOP_SEC_TRANS();
+
+        sst.target_supports = supports;
+        sst.target_requires = requires;
+        sst.mech_oid = Util.encodeOID(mechOID);
+        sst.target_name = targetName.getBytes();
+
+        sst.addresses = new TransportAddress[addresses.size()];
+
+        int i = 0;
+        TSSTransportAddressConfig transportConfig;
+        for (Iterator iter = addresses.iterator(); iter.hasNext();) {
+            transportConfig = (TSSTransportAddressConfig) iter.next();
+            sst.addresses[i++] = new TransportAddress(transportConfig.getHostname(), transportConfig.getPort());
+        }
+
+        Any any = orb.create_any();
+        SECIOP_SEC_TRANSHelper.insert(any, sst);
+
+        result.tag = TAG_SECIOP_SEC_TRANS.value;
+        result.component_data = codec.encode_value(any);
+
+        return result;
+    }
+
+    public Subject check(SSLSession session) throws SASException {
+        return new Subject();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSSASMechConfig: [\n");
+        buf.append(moreSpaces).append("SUPPORTS  : ").append(ConfigUtil.flags(supports)).append("\n");
+        buf.append(moreSpaces).append("REQUIRES  : ").append(ConfigUtil.flags(requires)).append("\n");
+        buf.append(moreSpaces).append("mechOID   : ").append(mechOID).append("\n");
+        buf.append(moreSpaces).append("targetName: ").append(targetName).append("\n");
+        for (Iterator iterator = addresses.iterator(); iterator.hasNext();) {
+            TSSTransportAddressConfig tssTransportAddressConfig = (TSSTransportAddressConfig) iterator.next();
+            tssTransportAddressConfig.toString(moreSpaces, buf);
+        }
+       buf.append(spaces).append("]\n");
+    }
+    
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSSLTransportConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSSLTransportConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSSLTransportConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSSSLTransportConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+import javax.security.cert.X509Certificate;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.omg.CORBA.Any;
+import org.omg.CORBA.NO_PERMISSION;
+import org.omg.CORBA.ORB;
+import org.omg.CORBA.UserException;
+import org.omg.CSIIOP.EstablishTrustInClient;
+import org.omg.CSIIOP.TAG_NULL_TAG;
+import org.omg.CSIIOP.TAG_TLS_SEC_TRANS;
+import org.omg.CSIIOP.TLS_SEC_TRANS;
+import org.omg.CSIIOP.TLS_SEC_TRANSHelper;
+import org.omg.CSIIOP.TransportAddress;
+import org.omg.IOP.Codec;
+import org.omg.IOP.TaggedComponent;
+
+import org.apache.geronimo.corba.security.SASException;
+import org.apache.geronimo.corba.security.config.ConfigUtil;
+
+
+/**
+ * At the moment, this config class can only handle a single address.
+ *
+ * @version $Rev: 504461 $ $Date: 2007-02-07 00:42:26 -0800 (Wed, 07 Feb 2007) $
+ */
+public class TSSSSLTransportConfig extends TSSTransportMechConfig {
+
+    private final static Log log = LogFactory.getLog(TSSSSLTransportConfig.class);
+
+    private short port;
+    private String hostname;
+    private short handshakeTimeout = -1;
+    private short supports;
+    private short requires;
+
+    public TSSSSLTransportConfig() {
+    }
+
+    public TSSSSLTransportConfig(TaggedComponent component, Codec codec) throws UserException {
+        Any any = codec.decode_value(component.component_data, TLS_SEC_TRANSHelper.type());
+        TLS_SEC_TRANS tst = TLS_SEC_TRANSHelper.extract(any);
+
+        supports = tst.target_supports;
+        requires = tst.target_requires;
+        port = tst.addresses[0].port;
+        hostname = tst.addresses[0].host_name;
+    }
+
+    public short getPort() {
+        return port;
+    }
+
+    public void setPort(short port) {
+        this.port = port;
+    }
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    public void setHostname(String hostname) {
+        this.hostname = hostname;
+    }
+
+    public short getHandshakeTimeout() {
+        return handshakeTimeout;
+    }
+
+    public void setHandshakeTimeout(short handshakeTimeout) {
+        this.handshakeTimeout = handshakeTimeout;
+    }
+
+    public short getSupports() {
+        return supports;
+    }
+
+    public void setSupports(short supports) {
+        this.supports = supports;
+    }
+
+    public short getRequires() {
+        return requires;
+    }
+
+    public void setRequires(short requires) {
+        this.requires = requires;
+    }
+
+    public TaggedComponent encodeIOR(ORB orb, Codec codec) {
+        TaggedComponent result = new TaggedComponent();
+
+        TLS_SEC_TRANS tst = new TLS_SEC_TRANS();
+
+        tst.target_supports = supports;
+        tst.target_requires = requires;
+        tst.addresses = new TransportAddress[1];
+        tst.addresses[0] = new TransportAddress(hostname, port);
+
+        try {
+            Any any = orb.create_any();
+            TLS_SEC_TRANSHelper.insert(any, tst);
+
+            result.tag = TAG_TLS_SEC_TRANS.value;
+            result.component_data = codec.encode_value(any);
+        } catch (Exception ex) {
+            log.error("Error enncoding transport tagged component, defaulting encoding to NULL");
+
+            result.tag = TAG_NULL_TAG.value;
+            result.component_data = new byte[0];
+        }
+
+        return result;
+    }
+
+    public Subject check(SSLSession session) throws SASException {
+        if (session == null && requires != 0) throw new NO_PERMISSION("Missing required SSL session");
+
+        try {
+            if (log.isDebugEnabled()) log.debug("Scraping principal from SSL session");
+
+            X509Certificate link = session.getPeerCertificateChain()[0];
+            Subject subject = new Subject();
+            String name = link.getSubjectDN().toString();
+
+            if (log.isDebugEnabled()) log.debug("Obtained principal " + name);
+
+            subject.getPrincipals().add(new X500Principal(name));
+
+            return subject;
+        } catch (SSLPeerUnverifiedException e) {
+            if ((requires & EstablishTrustInClient.value) != 0) {
+                if (log.isDebugEnabled()) log.debug("Unverified peer, throwing exception");
+                throw new SASException(1);
+            }
+            if (log.isDebugEnabled()) log.debug("Unverified peer, returning null");
+            return null;
+        }
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSSSLTransportConfig: [\n");
+        buf.append(moreSpaces).append("SUPPORTS: ").append(ConfigUtil.flags(supports)).append("\n");
+        buf.append(moreSpaces).append("REQUIRES: ").append(ConfigUtil.flags(requires)).append("\n");
+        buf.append(moreSpaces).append("port    : ").append(port).append("\n");
+        buf.append(moreSpaces).append("hostName: ").append(hostname).append("\n");
+        buf.append(moreSpaces).append("handshakeTimeout: ").append(handshakeTimeout).append("\n");
+       buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSServiceConfigurationConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSServiceConfigurationConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSServiceConfigurationConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSServiceConfigurationConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+
+import org.omg.CSIIOP.SCS_GSSExportedName;
+import org.omg.CSIIOP.SCS_GeneralNames;
+import org.omg.CSIIOP.ServiceConfiguration;
+
+import org.apache.geronimo.corba.security.config.ConfigException;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public abstract class TSSServiceConfigurationConfig implements Serializable {
+    public abstract ServiceConfiguration generateServiceConfiguration() throws ConfigException;
+
+    public static TSSServiceConfigurationConfig decodeIOR(ServiceConfiguration sc) throws Exception {
+        TSSServiceConfigurationConfig result = null;
+
+        if (sc.syntax == SCS_GeneralNames.value) {
+            result = new TSSGeneralNameConfig(sc.name);
+        } else if (sc.syntax == SCS_GSSExportedName.value) {
+            result = new TSSGSSExportedNameConfig(sc.name);
+        }
+
+        return result;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    abstract void toString(String spaces, StringBuffer buf);
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSTransportAddressConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSTransportAddressConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSTransportAddressConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSTransportAddressConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+
+
+/**
+ * @version $Revision: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public class TSSTransportAddressConfig implements Serializable {
+    private short port;
+    private String hostname;
+
+    public TSSTransportAddressConfig() {
+    }
+
+    public TSSTransportAddressConfig(short port, String hostname) {
+        this.port = port;
+        this.hostname = hostname;
+    }
+
+    public short getPort() {
+        return port;
+    }
+
+    public void setPort(short port) {
+        this.port = port;
+    }
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    public void setHostname(String hostname) {
+        this.hostname = hostname;
+    }
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    void toString(String spaces, StringBuffer buf) {
+        String moreSpaces = spaces + "  ";
+        buf.append(spaces).append("TSSTransportAddressConfig: [\n");
+        buf.append(moreSpaces).append("port    : ").append(port).append("\n");
+        buf.append(moreSpaces).append("hostName: ").append(hostname).append("\n");
+        buf.append(spaces).append("]\n");
+    }
+
+}

Added: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSTransportMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSTransportMechConfig.java?view=auto&rev=505432
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSTransportMechConfig.java (added)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSTransportMechConfig.java Fri Feb  9 11:24:30 2007
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.security.config.tss;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+import javax.net.ssl.SSLSession;
+import javax.security.auth.Subject;
+
+import org.omg.CORBA.ORB;
+import org.omg.CSIIOP.TAG_NULL_TAG;
+import org.omg.CSIIOP.TAG_SECIOP_SEC_TRANS;
+import org.omg.CSIIOP.TAG_TLS_SEC_TRANS;
+import org.omg.IOP.Codec;
+import org.omg.IOP.TaggedComponent;
+
+import org.apache.geronimo.corba.security.SASException;
+
+
+/**
+ * @version $Rev: 503274 $ $Date: 2007-02-03 10:19:18 -0800 (Sat, 03 Feb 2007) $
+ */
+public abstract class TSSTransportMechConfig implements Serializable {
+
+    private boolean trustEveryone;
+    private boolean trustNoone = true;
+    private final List entities = new ArrayList();
+
+    public boolean isTrustEveryone() {
+        return trustEveryone;
+    }
+
+    public void setTrustEveryone(boolean trustEveryone) {
+        this.trustEveryone = trustEveryone;
+    }
+
+    public boolean isTrustNoone() {
+        return trustNoone;
+    }
+
+    public void setTrustNoone(boolean trustNoone) {
+        this.trustNoone = trustNoone;
+    }
+
+    public List getEntities() {
+        return entities;
+    }
+
+    public abstract short getSupports();
+
+    public abstract short getRequires();
+
+    public abstract TaggedComponent encodeIOR(ORB orb, Codec codec) throws Exception;
+
+    public static TSSTransportMechConfig decodeIOR(Codec codec, TaggedComponent tc) throws Exception {
+        TSSTransportMechConfig result = null;
+
+        if (tc.tag == TAG_NULL_TAG.value) {
+            result = new TSSNULLTransportConfig();
+        } else if (tc.tag == TAG_TLS_SEC_TRANS.value) {
+            result = new TSSSSLTransportConfig(tc, codec);
+        } else if (tc.tag == TAG_SECIOP_SEC_TRANS.value) {
+            result = new TSSSECIOPTransportConfig(tc, codec);
+        }
+
+        return result;
+    }
+
+    public abstract Subject check(SSLSession session) throws SASException;
+
+    public String toString() {
+        StringBuffer buf = new StringBuffer();
+        toString("", buf);
+        return buf.toString();
+    }
+
+    abstract void toString(String spaces, StringBuffer buf);
+
+}



Mime
View raw message