Oracle8i CORBA Developer's Guide and Reference Release 3 (8.1.7) Part Number A83722-01 |
|
This example includes setting a trustpoint. If you do not want to involve trustpoints, just remove the section of the code that sets the trustpoint.
Overview ======== This is a very simple CORBA example using server side ssl for login. The helloWorld server object merely returns a greeting plus the Java VM version number to the client. The purpose of the example is to show how to use ssl server side authentication for logins. Setup required ------------- You need to open the encrypted wallet(ewallet.der) provided in this directory using the wallet manager tool provided by Oracle. The password is welcome12. Copy the cleartext into TNS_ADMIN directory and restart the database and listeners. The encrypted wallet(ewallet.der) is only valid for Solaris platforms. For other platforms, you should generate the wallet using Oracle's owm tool. And if you generate the wallet, be sure to change the trust point provided in the client file Client.java too. The parameter SSL_CLIENT_AUTHENTICATION in $TNSADMIN/sqlnet.ora should be set to false before restarting the database and listeners. You may also generate a wallet using Oracle tool owmgui. The cleartext wallet that you will be using should be binary compatible with the machine you are using to run this sample. There is also a hard coded trustpoint within Client.java. This trust point matches with the one in the server's wallet. You may replace with your trust point if needed. But this trust point should be matching with the one in the server's wallet. This example runs with JDK1.1 libraries. If you are using JDK 1.2 libraries, then you should comment out JDK1.1 code and uncomment JDK1.2 code. Source files ============ hello.idl ------------ The CORBA IDL for the example. Defines a single interface Hello with a single method helloWorld(). The interface is defined in the Module named 'hello', which determines the name of the directory in which the idl2java compiler places the generated files. The helloWorld() method returns a CORBA wstring, which maps to a Java String type: module hello interface Hello wstring helloWorld() Client.java ----------- You invoke the client program from a command prompt, and pass it four arguments, the - service URL (service ID, hostname, port, and SID if port is a listener) - name of the published bean to lookup and instantiate - username - password For example: % java -classpath LIBs Client sess_iiop://localhost:2222 /test/sslHelloServerAuthWithTP where LIBs is the classpath that must include $ORACLE_HOME/lib/aurora_client.jar #If using Java 2, use classes12.zip instead of classes111.zip $ORACLE_HOME/jdbc/lib/classes111.zip $ORACLE_HOME/lib/vbjorb.jar $ORACLE_HOME/lib/vbjapp.jar $JAVA_HOME/lib/classes.zip (Note: for NT users, the environment variables would be %ORACLE_HOME% and %JAVA_HOME%.) The client code performs the following steps: - gets the arguments passed on the command line - puts the authentication type and values into env context - creates a new JNDI Context (InitialContext()) - looks up the published CORBA server object to find and activate it - invokes the helloWorld() method on the hello object and prints the results The printed output is: Hello client, your javavm version is 8.1.5. helloServer/HelloImpl.java -------------------------- Implements the IDL-specified Hello interface. The interface has one method, helloWorld(), that returns a String to the caller. helloWorld() invokes System.getProperty("oracle.server.version") to get the version number of the Java VM. This object performs no database access. Compiling and Running the Example ================================= UNIX ---- Enter the command 'make all' or simply 'make' in the shell to compile, load, and deploy the objects, and run the client program. Other targets are 'run' and 'clean'. Make sure that a shell environment variable ORACLE_HOME is set to point to the home location of the Oracle installation. This is operating system dependent, so see the Installation documentation that came with your system for the location. Also, review the README file for the Oracle database, and the README file for the CORBA/EJB server (the Oracle8i ORB), for additional up-to-date information. Windows NT ---------- On Windows NT, run the batch file makeit.bat from a DOS command prompt to compile, load, and deploy the objects. Run the batch file runit.bat to run the client program, and see the results. Make sure that the environment variables %ORACLE_HOME%, %CLASSPATH%, and %SERVICE% are set appropriately for the DOS command window. You can set these as either user or system environment variables from the Control Panel. Double click on System in the Control Panel then on the Environment tab to set these variables. Start a new DOS window after setting environment variable values. See the Installation documentation that came with your Oracle8i system for the values of these variables. Also, review the README file for the Oracle database, and the README file for the CORBA/EJB server (the Oracle8i ORB), for additional up-to-date information. You can also set an environment variable %JAVA_HOME% to point to the root of your Java JDK. For example, SET JAVA_HOME=C:\JDK1.1.6.
module hello { interface Hello { wstring helloWorld (); }; };
import hello.Hello; import javax.naming.Context; import javax.naming.InitialContext; import java.util.Hashtable; import oracle.aurora.ssl.*; import oracle.aurora.jndi.sess_iiop.ServiceCtx; import oracle.aurora.jndi.sess_iiop.SessionCtx; import oracle.aurora.AuroraServices.LoginServer; //import java.security.cert.*; // Needs JDK 1.2; won't compile in JDK 1.1 import javax.security.cert.*; // for JDK 1.1 import java.io.*; public class Client { private static String trustedCert = "MIIBNjCB4aADAgECAhEAv/poeUAh5DxtXZSkZAIunDANBgkqhkiG9w0BAQQFADAcMQswCQYDVQQG"+ "EwJVUzENMAsGA1UEAxQEUk9PVDAeFw05OTExMTcxODQ1NDNaFw0wMjAyMDIxODQ1NDNaMBwxCzAJ"+ "BgNVBAYTAlVTMQ0wCwYDVQQDFARST09UMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANEzeu17saeh"+ "q60fGp4Ya0IZ4C2GkUFFmvxBIqqfvgXUyqifrZ7ZsrmxoEEYmng+OWxhwToykIlGUYR4ngMgF78C"+ "AwEAATANBgkqhkiG9w0BAQQFAANBAMzDmFK2/QAxgn085SLQ+bmYBatuji2YPVDgmMYa3ebhFgUe"+ "I7CKLQTxFg1Y2bw71LFww0Mi9cxwrR+Lt9jhnes="; static boolean verifyPeerCert(org.omg.CORBA.Object obj) throws Exception { org.omg.CORBA.ORB orb = oracle.aurora.jndi.orb_dep.Orb.init(); // Get the SSL current AuroraCurrent current = AuroraCurrentHelper.narrow (orb.resolve_initial_references("AuroraSSLCurrent")); // Check the cipher System.out.println("Negotiated Cipher: " + current.getNegotiatedCipherSuite(obj)); // Check the protocol version System.out.println("Protocol Version: " + current.getNegotiatedProtocolVersion(obj)); // Check the peer's certificate System.out.println("The account obj's certificate chain : "); byte [] [] certChain = current.getPeerDERCertChain(obj); System.out.println("length : " + certChain.length); System.out.println("Certificates: "); /* // JDB 1.2 way CertificateFactory cf = CertificateFactory.getInstance("X.509"); for(int i = 0; i < certChain.length; i++) { ByteArrayInputStream bais = new ByteArrayInputStream(certChain[i]); Certificate xcert = cf.generateCertificate(bais); System.out.println(xcert); if(xcert instanceof X509Certificate) { X509Certificate x509Cert = (X509Certificate)xcert; String globalUser = x509Cert.getSubjectDN().getName(); System.out.println("DN out of the cert : " + globalUser); } } */ // JDK 1.1 way java.security.Security.setProperty("cert.provider.x509v1", "oracle.security.cert.X509CertificateImpl"); for(int i = 0; i < certChain.length; i++) { javax.security.cert.X509Certificate cert = javax.security.cert.X509Certificate.getInstance(certChain[i]); String globalUser = cert.getSubjectDN().getName(); System.out.println("DN out of the cert : " + globalUser); } return true; } public static void main (String[] args) throws Exception { if (args.length != 2) { System.out.println("usage: Client serviceURL objectName"); System.exit(1); } String serviceURL = args [0]; String objectName = args [1]; Hashtable env = new Hashtable(); env.put(Context.URL_PKG_PREFIXES, "oracle.aurora.jndi"); env.put(Context.SECURITY_AUTHENTICATION, ServiceCtx.SSL_LOGIN); env.put(Context.SECURITY_PRINCIPAL, "scott"); env.put(Context.SECURITY_CREDENTIALS, "tiger"); // setup the trust point env.put(ServiceCtx.SECURITY_TRUSTED_CERT, trustedCert); Context ic = new InitialContext(env); // Make an SSL connection to the server first. If the connection // succeeds, then inspect the server's certificate, since we haven't // specified a trust point. // Get a SessionCtx that represents a database instance ServiceCtx service = (ServiceCtx)ic.lookup (serviceURL); SessionCtx session1 = (SessionCtx)service.createSubcontext (":session1"); // Lookup login object for the purpose of getting hold of some corba // object needed for verifyPeerCert(). We should provide an extension // to just getting the NS object, for this purpose. LoginServer obj = (LoginServer) session1.activate("/etc/login"); if(!verifyPeerCert(obj)) throw new org.omg.CORBA.COMM_FAILURE("Verification of Peer cert failed"); // Now that we trust the server, let's go ahead and do our business. session1.login(); Hello hello = (Hello) session1.activate(objectName); System.out.println(hello.helloWorld()); } }
package helloServer; import hello.*; public class HelloImpl extends _HelloImplBase { public String helloWorld() { String v = System.getProperty("oracle.server.version"); return "Hello client, your javavm version is " + v + "."; } }
|
Copyright © 1996-2000, Oracle Corporation. All Rights Reserved. |
|