in yoko-core/src/main/java/org/apache/yoko/orb/csi/GSSUPIORInterceptor.java [74:190]
private TaggedComponent constructMechList(IORInfo info) {
short as_target_requires = (short) 0;
short as_target_supports = (short) 0;
short sas_target_requires = (short) 0;
short sas_target_supports = (short) 0;
GSSUPPolicy gp = null;
String gssup_realm = null;
boolean has_security = false;
try {
gp = (GSSUPPolicy) info.get_effective_policy(SecGSSUPPolicy.value);
if (gp.mode() == RequiresSupports.SecRequires) {
as_target_requires |= EstablishTrustInClient.value;
}
as_target_supports |= EstablishTrustInClient.value;
gssup_realm = gp.domain();
has_security = true;
}
catch (org.omg.CORBA.INV_POLICY ex) {
// ignore
}
try {
DelegationDirectivePolicy delegatePolicy = (DelegationDirectivePolicy) info
.get_effective_policy(SecDelegationDirectivePolicy.value);
if (delegatePolicy != null
&& delegatePolicy.delegation_directive() == DelegationDirective.Delegate)
{
sas_target_supports |= DelegationByClient.value
| IdentityAssertion.value;
has_security = true;
}
}
catch (org.omg.CORBA.INV_POLICY ex) {
// ignore
}
if (!has_security) {
return null;
}
CompoundSecMech mech = new CompoundSecMech();
AS_ContextSec as = new AS_ContextSec();
as.target_supports = as_target_supports;
as.target_requires = as_target_requires;
if (as_target_supports != 0) {
as.client_authentication_mech = GSSUP_OID;
if (gssup_realm != null) {
as.target_name = encodeGSSExportedName(gssup_realm);
} else {
as.target_name = EMPTY_BARR;
}
} else {
as.target_name = EMPTY_BARR;
as.client_authentication_mech = EMPTY_BARR;
}
if (log.isLoggable(Level.FINE)) {
log.fine("AS.target_requires=" + as_target_requires);
log.fine("AS.target_supports=" + as_target_supports);
log.fine("SAS.target_requires=" + sas_target_requires);
log.fine("SAS.target_supports=" + sas_target_supports);
}
SAS_ContextSec sas = new SAS_ContextSec();
sas.target_supports = sas_target_supports;
sas.target_requires = sas_target_requires;
sas.privilege_authorities = new ServiceConfiguration[0];
sas.supported_naming_mechanisms = new byte[][]{GSSUP_OID};
sas.supported_identity_types = ITTAnonymous.value;
if (as_target_supports != 0) {
sas.supported_identity_types |= ITTAbsent.value;
}
if (sas_target_supports != 0) {
sas.supported_identity_types |= ITTPrincipalName.value
| ITTDistinguishedName.value | ITTX509CertChain.value;
}
// transport mech is null here, this field is modified by code
// inside SSL server-side logic, adding SSL-specific information.
mech.transport_mech = new TaggedComponent(TAG_NULL_TAG.value,
EMPTY_BARR);
mech.target_requires = (short) (as_target_requires | sas_target_requires);
mech.as_context_mech = as;
mech.sas_context_mech = sas;
CompoundSecMechList mech_list = new CompoundSecMechList(false,
new CompoundSecMech[]{mech});
Any a = getOrb().create_any();
CompoundSecMechListHelper.insert(a, mech_list);
byte[] mech_data;
try {
mech_data = codec.encode_value(a);
}
catch (InvalidTypeForEncoding e) {
MARSHAL me = new MARSHAL("cannot encode security descriptor", 0,
CompletionStatus.COMPLETED_NO);
me.initCause(e);
throw me;
}
return new TaggedComponent(TAG_CSI_SEC_MECH_LIST.value, mech_data);
}