djencks 2005/06/20 18:28:31
Modified: modules/core/src/java/org/openejb/corba/security/config/tss
TSSITTDistinguishedName.java
TSSITTX509CertChain.java
Log:
Partial implementation for SAS layer DN and cert chains
Revision Changes Path
1.3 +33 -2
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTDistinguishedName.java
Index: TSSITTDistinguishedName.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTDistinguishedName.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TSSITTDistinguishedName.java 17 Jun 2005 07:25:10 -0000 1.2
+++ TSSITTDistinguishedName.java 20 Jun 2005 22:28:31 -0000 1.3
@@ -47,11 +47,20 @@
*/
package org.openejb.corba.security.config.tss;
+import java.security.Principal;
import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.omg.CORBA.Any;
import org.omg.CSI.ITTDistinguishedName;
import org.omg.CSI.IdentityToken;
+import org.omg.CSI.X501DistinguishedNameHelper;
+import org.omg.IOP.CodecPackage.FormatMismatch;
+import org.omg.IOP.CodecPackage.TypeMismatch;
import org.openejb.corba.security.SASException;
+import org.openejb.corba.util.Util;
/**
@@ -60,6 +69,11 @@
public class TSSITTDistinguishedName extends TSSSASIdentityToken {
public static final String OID = "";
+ private final String realmName;
+
+ public TSSITTDistinguishedName(String realmName) {
+ this.realmName = realmName;
+ }
public short getType() {
return ITTDistinguishedName.value;
@@ -70,6 +84,23 @@
}
public Subject check(IdentityToken identityToken) throws SASException {
- throw new SASException(1, new Exception("NYI -- distinguished name
identity token"));
+ byte[] distinguishedNameToken = identityToken.dn();
+ Any any = null;
+ try {
+ any = Util.getCodec().decode_value(distinguishedNameToken,
X501DistinguishedNameHelper.type());
+ } catch (FormatMismatch formatMismatch) {
+ throw new SASException(1, formatMismatch);
+ } catch (TypeMismatch typeMismatch) {
+ throw new SASException(1, typeMismatch);
+ }
+ byte[] principalNameBytes = X501DistinguishedNameHelper.extract(any);
+ X500Principal x500Principal = new X500Principal(principalNameBytes);
+ Principal realmPrincipal = new RealmPrincipal(realmName,
x500Principal);
+ Principal primaryRealmPrincipal = new
PrimaryRealmPrincipal(realmName, x500Principal);
+ Subject subject = new Subject();
+ subject.getPrincipals().add(x500Principal);
+ subject.getPrincipals().add(realmPrincipal);
+ subject.getPrincipals().add(primaryRealmPrincipal);
+ return subject;
}
}
1.3 +6 -1
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTX509CertChain.java
Index: TSSITTX509CertChain.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTX509CertChain.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TSSITTX509CertChain.java 17 Jun 2005 07:25:10 -0000 1.2
+++ TSSITTX509CertChain.java 20 Jun 2005 22:28:31 -0000 1.3
@@ -60,6 +60,11 @@
public class TSSITTX509CertChain extends TSSSASIdentityToken {
public static final String OID = "";
+ private final String realmName;
+
+ public TSSITTX509CertChain(String realmName) {
+ this.realmName = realmName;
+ }
public short getType() {
return ITTX509CertChain.value;
