Client Authentication using IIOP/SSL

In this example, we will change the sslHello example in the following ways:

1 Hello World SSL Server

 The server creates a persistent POA, sslPOA, with SecurityPolicy specifying CONFIDENTIALITY quality of protection and requires client authentication. Note that client authentication using SSL is mandated by specifying PUBLIC_KEY_REALM as the realm. 
package sslHello2;
                                                                           
import util.Util;
                                                                           
import sslHello.SSLUtil;
import sslHello.HelloImpl;
                                                                           
import java.io.File;
import java.io.FileInputStream;
                                                                           
import org.omg.CORBA.Any;
import org.omg.CORBA.ORB;
import org.omg.CORBA.Policy;
                                                                           
import org.omg.PortableServer.POA;
import org.omg.PortableServer.Servant;
import org.omg.PortableServer.LifespanPolicyValue;
import org.omg.PortableServer.IdAssignmentPolicyValue;
                                                                           
import com.sssw.jbroker.api.security.QualityOfProtection;
import com.sssw.jbroker.api.security.CSIv2.ClientAuthInfo;
import com.sssw.jbroker.api.security.CSIv2.SecurityPolicy;
import com.sssw.jbroker.api.security.CSIv2.SecureTransportInfo;
import com.sssw.jbroker.api.security.CSIv2.SecurityPolicyValue;
                                                                           
public class Server
{
    public static void main(String[] args)
    {
    |   try {
    |   |                                                                  
    |   |   // create the jBroker ORB
    |   |   ORB orb = ORB.init(args, null);
    |   |                                                                  
    |   |   // initialize support for SSL
    |   |   SSLUtil.initializeSSL(orb, args[0], null, true);
    |   |                                                                  
    |   |   // get the root POA
    |   |   POA rootPOA = (POA) orb.resolve_initial_references("RootPOA");
    |   |                                                                  
    |   |   // create the security policy
    |   |   SecureTransportInfo transport = new SecureTransportInfo(
    |   |       QualityOfProtection.CONFIDENTIALITY, null, 0, false, 
    |   |           false, true);
    |   |   Any secPolicy = orb.create_any();
    |   |   secPolicy.insert_Value(new SecurityPolicyValue(transport, null,
    |   |       false));
    |   |                                                                  
    |   |   // create an SSL POA
    |   |   POA sslPOA = rootPOA.create_POA("sslPOA", rootPOA.
    |   |       the_POAManager(),
    |   |       new Policy[] {
    |   |       |   rootPOA.create_lifespan_policy(
    |   |       |       LifespanPolicyValue.PERSISTENT),
    |   |       |   rootPOA.create_id_assignment_policy(
    |   |       |       IdAssignmentPolicyValue.USER_ID),
    |   |       |   orb.create_policy(SecurityPolicy.POLICY_TYPE, secPolicy)
    |   |       });
    |   |                                                                  
    |   |   // create a servant and activate it
    |   |   Servant hello = new HelloImpl(orb);
    |   |   sslPOA.activate_object_with_id("sslHello".getBytes(), hello);
    |   |                                                                  
    |   |   // write out the IOR the first time server starts
    |   |   if (!new File("ior").exists()) {
    |   |   |   // create a stringified object reference
    |   |   |   String helloIOR = orb.object_to_string(
    |   |   |       sslPOA.servant_to_reference(hello));
    |   |   |                                                              
    |   |   |   // write the stringified object reference
    |   |   |   Util.writeIOR(helloIOR, "ior", true); 
    |   |   }
    |   |                                                                  
    |   |   // activate the SSL POA
    |   |   sslPOA.the_POAManager().activate();
    |   |                                                                  
    |   |   // wait for invocations
    |   |   System.out.println("waiting for invocations ...");
    |   |   orb.run();
    |   |                                                                  
    |   } catch (Exception ex) {
    |   |   ex.printStackTrace();
    |   }
    }
}
The The IOR for the secure Hello object contains an SSL component specifying integrity, confidentiality, establish trust in client, and establish trust in target options. The output from parseIOR: 
Type Id  = IDL:helloWorld/Hello:1.0
Profiles = 1
    
    Internet Inter-ORB Protocol (IIOP) Profile:

        version    = 1.1
        host       = godel
        port       = 2506
        obj key    = 
            4A424B52 00030002 00000107 5B545203  JBKR........[TR.
            73736C48 656C6C6F                    sslHello
        
        components = 1
            
            TAG_SSL_SEC_TRANS :
                requires: integrity, confidentiality, authenticate target, authenticate client
                SSL port: 46039

2 Hello World SSL Client

 The client is the same as before except that when it initializes SSL, it sets the CipherSuites to null. This defaults to the use of the available confidentiality suites when using SSL. 
package sslHello2;
                                                                           
import util.Util;
import org.omg.CORBA.ORB;
import org.omg.CORBA.portable.ObjectImpl;
                                                                           
import java.io.ByteArrayInputStream;
                                                                           
import helloWorld.Hello;
import helloWorld.HelloHelper;
                                                                           
import com.sssw.jbroker.api.security.SecurityCurrent;
                                                                           
import sslHello.SSLUtil;
                                                                           
public class Client
{
    public static void main(String[] args)
    {
    |   try {
    |   |                                                                  
    |   |   // create the jBroker ORB
    |   |   ORB orb = ORB.init(args, null);
    |   |                                                                  
    |   |   // initialize SSL
    |   |   SSLUtil.initializeSSL(orb, args[0], null, false);
    |   |                                                                  
    |   |   // read the stringified object reference
    |   |   String helloIOR = Util.readIOR("ior");
    |   |                                                                  
    |   |   // narrow the stringified object
    |   |   Hello hello = HelloHelper.narrow(orb.string_to_object(helloIOR));
    |   |                                                                  
    |   |   // get the SecurityCurrent
    |   |   SecurityCurrent secCurrent = (SecurityCurrent) orb.
    |   |       resolve_initial_references("SecurityCurrent");
    |   |                                                                  
    |   |   // print the negotiated ciphers
    |   |   System.out.println("Negotiated Cipher: " + 
    |   |       secCurrent.getNegotiatedCipherSuite((ObjectImpl) hello));
    |   |                                                                  
    |   |   // print out the peer certificates (Java 2 only)
    |   |   SSLUtil.printCertChain(secCurrent.getCertificateChain(
    |   |       (ObjectImpl) hello));
    |   |                                                                  
    |   |   // invoke method on the object
    |   |   System.out.println(hello.sayHello());
    |   |                                                                  
    |   } catch (Exception ex) {
    |   |   ex.printStackTrace();
    |   }
    }
}
Copyright © 2000-2003, Novell, Inc. All rights reserved.