CHANGES ORBAsec 3.5.0 Changes since 3.4.1 --------------------------------- SL3: o Issue 5766: Unfortunate CDR Encapsulation of ASN.1 Encodings Sun Micro putshed out implemenations where the octet sequences that are CSI Identity Tokens and GSSUP tokens are CDR encapsulated. We proposed a resolution where we would accept them, but not produce them. Sun will have to fix their JDK. o Fixed a problem where previous TLS sessions from the server were resumed inappropriately. o Fixed a bug where TLS_SEC_TRANS.transport_requires kept the EstablishTrustInClient flag on in even when the ChainVerifier allowed anonymous connections. Added a test in csiv2-interop to test the enforcement of not allowing anonymous connections when the EstablishTrustInClient is set in transport_requires. o Added operations to IDL interfaces: creds_state() to TransportSecurity::OwnCredentials expiry_time() to SecurityLevel3::Credentials o Added checking the validity of TransportSecurity and SecurityLevel3 OwnCredentials before initiating or accepting requests, or before creating initiating or accepting contexts. o Fixed the bug that causes a NullPointerException when an SecurityLevel3 OwnCredentials is used after it has been relinquished. A checking is enforced for all public and package-private methods and a BAD_INV_ORDER exception is thrown. o Added automatic garbage collection for TransportSecurity and SecurityLevel3 OwnCredentials. When they are not used (through policy) any more and are not in the default credentials lists, they will be GC'ed. o Added tests of the automatic GC of credentials. ClientGC.java is added into tcp, tls, and quote tests. o Added a BAD_PARAM minor code 7:InvalidCredentials when a null credentials object reference is passed to an operation. o Fixed a documentation error about FD_DoNotUseIfPossible. o Changed CertUtilMain such that it does not require JCSI for creating demo.keystore and interop.keystore. o Added printing for the IOP::MultipleComponentProfile to IOPUtil when decoding an IOR. o Added the "transmech" package that contains the interfaces that are implemented by all of the mechanism-specific transport security packages, namely tcpip, tlsiaik, and seciop. o Eliminated the use of the OCITransportSecurity module, which was the bridge between transports using OCI and the security layer. We now use the abstract classes defined in the sl3 and transport packages to provide the necessary interface. o Added the "transmech.baseimpl" package that contains the base implementations of some TransportSecurity interfaces such as InitiatingContext and AcceptingContext. These implementations extend the abstract classes defined in the sl3 and transport packages and eliminate the need for the OCITransportSecurity module. o Added printing out the current system configuration if the ORB initializer's pre_init operation fails. o Added installing the IAIK provider if it is available but is not staticly installed (not in the "java.security" file). o Added getting expiry time of SSL/Kerberos credentials and checking expiration of credentials before estblishing contexts with a server. o Added checking for compatible credentials usage in argument builders. o Changed the default random number generator to use java.security.SecureRandom instead of java.util.Random. This change might cause a long delay in generating random numbers on some old Linux systems. (See RELEASE.txt for details.) o Fixed the bug where SecurityLevel3::ClientCredentials.client_authentication was false when CSIv2 Client Authentication is used. o Added calling _non_existent in SecurityLevel3::SecurityManager's get_target_credentials. It is needed to make CSIv2 Client Authentication done in get_target_credentials. o Fixed the wrong credentials usage of SecurityLevel3 ClientCredentials. o Set the default GIOP version in the IIOP profile to 1.2. o Fixed a race condition in tcpip/tlsiaik/seciop TransportAcceptor_impl where enable() may be called after shutdown(). SL3 Building/Testing: o Added a check in building SL3. Now you must remove SL3.jar (and PI.jar) from your J2SDK in order to build SL3. This checking is to avoid possible interference from old SL3 classes during building. o Established a client/server testing framework that uses CORBA and JUnit to conduct in-process, in-box, and out-of-box testing. o Added the "thread-tls" in testing the behaviors of a client when a relay, in serving a request of a client, makes a connection to a server. ORBAsec 3.4.1 Changes since 3.4.0 (Alpha) ----------------------------------------- SL3: o Moved to using ORBacus 4.1.0. ORBacus 4.0.5 is not supported anymore. o Support IDL local interfaces. o Changed to using the ORBacus 4.1.0 OCI plugin mechanism. The SL3 initialization now has two parts: OCI plugin init and Portable Interceptor (PI) init. The OCI plugin init only installs un-initialized Connector and Acceptor Factories. The PI init (pre_init) creates local security objects and uses them to initialize the Connector and Acceptor Factories. The PI post_init installs the IOR, Client Request, and Server Request Interceptors. o Replaced using piped Input/OutputStream with a blocking queue in the implementation of DispatchInputStream. This approach avoids two problems: 1. Java's PipedInputStream has a small (1KB) buffer size. If the write end and read end are in the same thread, the buffer may be filled up and lock the thread. 2. An "IOException: Read end dead" may occur when a SECP socket connection that is established in a thread that has terminated is used. This problem might due to the implementation of JDK's PipedInputStream, which has internal conditions on thread life. o Added tests "krb-local" and "thread-krb" in testing the behaviors of a client when both client and server are using the same ORB, and when a relay, in serving a request of a client, makes a connection to a server. o Fixed a bug in security mechanisms matching for invocations in which both client and server are using the same ORB. As a result of this fix, a client and server can no longer get each other's target/client credentials in the case of local invocations. Therefore, the correct behavior of the ServerClient test in "tcp" and "tls" were also changed. o Added handling IIOP ALTERNATE_ADDRESS tag. o Fixed a bug in CSIv2 Client Authentication: missing the [APPLICATION 0] IMPLICIT SEQUENCE tag and length in the encoding/ decoding of an GSS Initial Context Token. o Added a simple CA implementation (partly from SL2) for generating CA-signed certificates in PKCS12 format. o Updated outdated "homerRSA" certificate in the demo.keystore using a testing CA -- Adiron Testing CA. o Added the "importPKCS7" command to CertUtil. Added a keystore that contains a list of root certificates from IE6 for CSIv2 Interoperability Testbed. o Added a patch for JOB 4.1.0 in fixing its memory leaks where Server Workers and their Receiver Threads are not reaped and GC'ed properly. o Fixed a memory leak where Security Level 3 Target Credentials are not removed from Credentials Curators when Target Credentials are released. o Fixed a possible Null Pointer Exception in shutting down a Transport Acceptor on Solaris because OCI Transport.close() was called twice. o Tested on iSaSiLk3.04 and JOB 4.1.1 maintenance release. Tested on the new IAIK JCE 3.0 and JCSI 2.2 Beta releases. JCSI 2.2 does not work due to a bug in multimechanism GSS implementation. o Ported to J2SE 1.4. We use the new "endorsed standard" mechanism or -Xbootclasspath to resolve the incompatibility between J2SE 1.4 and JOB 4.1.0. For using IAIK keystore, jre/lib/security/local_policy.jar is replaced. o Fixed a bug where client credentials got popped out when a servant makes calls on collocated objects. o Moved JCSI before IAIK in the order of security providers to get around a problem of bad checksum found in JCSI Kerberos 2.2.1. ORBAsec 3.4.0 (Alpha) Changes since 3.3.0 (Alpha) ------------------------------------------------- SL3: o Added support for Triple DES encryption in Kerberos/SECP. Two encryption types are supported: DES_CBC_MD5 and DES3_CBC_HMAC_SHA1. We now requires JCSI 2.2 (beta) or higher. o Added support for "externalization" of TransportSecurity Credentials. This allows some technologies, such as Kerberos, to dump their Credentials into a file, which can be used by other programs. Externalization only works for Kerberos and only dumps the TGT into an MIT Credentials Cache file. Check demo/krb-del for the details. o Added a new Module SecurityLevel3Transport that extends the Credentials interfaces of SecurityLevel3 that adds an attribute to access the credentials underlying Transport Security Credentials. o Kerberos: Added support for the User 2 User GSS protocol. o Added a demo/sl3-krb-u2u to illustrate the use of User 2 User. o Kerberos: Added support for reading the default realm and default KDC specs from the standard MIT krb5.conf file. o Fixed our demo.keystore, which had ending null characters in some aliases. o Added PKCS12 files for each demo.keystore entry for reconstruction of the demo.keystore if wanted. o Also fixed "importPKCS" command of "CertUtil" to catch and eliminate a terminating null from PKCS12 file "friendly names". o We now supply the evaluation versions of all required JAR files. Remember, third party licensing of non-evaluation licenses for this software is the licensee's responsibility, unless explicitly noted. o Offically added SECIOP-Kerberos. We use DSTC's JCSI security suite 2.1. However, for Kerberos we rely on a specially modified jcsi_krb.jar, which we supply. o Fixed ORB compilation errors with the J2SE 1.4 (beta) Had to use java reflection to keep compatibility between 1.3.1 and 1.4 (with respect to the Portable Interceptors ORBInitInfo interface). o Updated the Introduction and API HTML Documentation. o Added atlas-hello demo. o Tested on iSaSiLk3.03 maintenance release. o Fixed bug for that didn't allow interaction with local objects that didn't have any credentials associated with them, as they don't need any. o Fixed bug that didn't allow an object that was servicing a request to make a request on a different local object that was not associated the same credentials (i.e. POA). o Cleaned up CSICredentials (internal) and its implementation. o Changed UserPassword interfaces to return error codes instead of booleans to comply with the CSIv2 FTF. o Principals with valid CSIv2 Client Authenticators are now modeled with Proxy Principals. They were modeled with QuotingPrincipals. o Added Support for ATLAS. o Added 2 URL handlers. The URL handlers handle resource://classname/resourceName uses Class.forName(classname).getResource(resourceName) resource:resourcename uses ClassLoader.getSystemResource(resourceName) These urls loads from the classpath, so you can store KeyStore in a jar file, and refer to it as "resource:demo.keystore". Note: You may experience breakage if you have a java SecurityManager that does let you change system properties. o Deprecating "SL3:ArgumentFactory" object for use with SL3TLS, SL3TCPIP, SL3CSI. All the demos and tests now narrow the specific builders from specific named argument factories "SL3TCPIP:ArgumentFactory" and "SL3CSI:ArgumentFactory". The "SL3TLS:ArgumentFactory" and "SL3KRB5:ArgumentFactory" exist as separate objects, but inherit the SL3TCPIP::ArgumentFactory interfaces. Their respective ArgBuilders inherit the SL3TCPIP:TCPIPArgBuilder interface as well. ORBAsec 3.3.0 (Alpha) Changes since 3.2.2 (Alpha) ----------------------------------------------------- SL3: o Added to the sl3/demo/quote-hello demo to illustrate the use of creating TransportSecurity Credentials first in order to share open transports over different SecurityLevel3 Credentials. o Changed some IDL interfaces (hence the rev to minor version 3.3). Deprecated some unused operations and added some operations. o Changed addUseTransportCredentials on the CSI argument builder to take the Credentials object instead of its identifier for better type checking. o Added support for dynamically loading Transport security modules, such as TLS and SECIOP-Kerberos. o Changed some of the TransportSecurity interfaces so to better perform internal credentials management. o Added a "relinquished" listener for SecurityLevel3 Credentials. o Fixed a bug in which SecurityLevel3 Credentials were not reusing established secure transports when they were available. ORBAsec 3.2.2 (Alpha) Changes since 3.2.1 (Alpha) ----------------------------------------------------- SL3: o Updated outdated "homerRSA" certificate in the demo.keystore. o Added addTLSEncodedKeyStore* operations to the SL3TLS::ArgumentFactory and ArgBuilder. This allows the introduction of a keystore in an encoded format. o Internally reorganized in preparation to make SL3 somewhat orb dependent, i.e. not dependent on IONA's (OOC)'s ORBacus :(. o Reorganized the notification framework for establishment and closing of transport security contexts. It no longer relies on ORBacus OCI Callbacks interfaces. ORBAsec 3.2.1 (Alpha) Changes since 3.2.0 (Alpha) ----------------------------------------------------- SL3: o Added the CSIv2 Interoperability Testbed code to the sl3/test directory. o Added operations for releasing Transport Credentials and call back functions for when they are finally relinquished. o Changed SecurityLeve3.SecurityManager to return null from client_credentials, instead of raising a system exception. This situation happens when CSIv1 is in use. o Fixed a bug where multiple client credentials were effectively ignored. o Fixed a bug where user defined Password Generator would cause an exception. o Brought the entire product in line with the CSIv2 FTF as of June 14, 2001. o Changed some constant values for SecurityLevel3 NameTypes. If you were using the mnemonics, you'll be okay. o Added "test/relay" to test quoting with a CSIv2 Certificate Chain from a TLS connection. o Removed cryptix code. DER encode/decode is totally dependent on IAIK-JCE. o Added "demo/naming-demo" to illustrate the use of TCPIP TransportSecurity Credentials that are needed to contact straight IIOP based (i.e. without security) services, such as the NameService. o Modified Transports to handle the new CSIv2 FTF structure for multiple SSL addresses. o Modified Transports to create as many ContextEstablishers and connectors for *all* IP addresses a DNS associates with a Host name contained in an IOR. Previously, it only created connectors for the first IP address. (connectivity actually depends on the Socket implementation, however, we made it explicit here). ORBAsec 3.2.0 (Alpha) Changes since 3.1.0 (Alpha) ----------------------------------------------------- SL3: o Added configuration access (through -ORBconfig) to debugging information. Implementers using the "orbasec.debug.SSL_VERIFY=true" property see how the default SSL certificate chain verifier is working. See "ORBAsec SL3 Debugging Information" in INTRO.txt. o Changed decoding of certificates to make it as independent as possible from the JCE provider tools which seem to be abnormally inconsistent. (Sun's and IAIK CertificateFactory implementations are the culprits). This change fixed a bug in which IAIK decoded a stream of certificates in the wrong order, thereby giving the a principal name with the name components in the wrong order. o Made the "jks" keystore use the SUN-JCE provider to control the verification procedure to use the SUN-JCE provider implementation, as the IAIK implementation will not verify SUN generated certificates, because they have bad PKCS#1 padding. However, some wanted it to work Sun generated certificates regardless. This means we must force the Sun-JCE provider. Q: What does this say about assurance? o Changed the Statement valuetype hierarchy considerably. Due to ongoing research in this area, we thought it better for systems that examined statements to examine their encodings. Statements now always contain an encoding, and if they are generated by the Security Service that encoding is empty. We removed "the_issuer" from the statement base type. We added a PrincipalIdentityStatement, of which a full principal valuetype is the result of the statement, such as an X509IdentityStatement. We currently only support a X509v1 interpretation of this certificate, i.e. we do not convert any of the certificate's attributes to privileges or environmental attributes. o Removed "create_own_credentials" from the TransportSecurity ClientCredentials object. This call was originally placed to create Own Credentials from the client's credentials in the advent that those credentials are to be used for impersonation, endorsement, or quoting, should the transport mechanism have that capability. It is now better thought that when this capability becomes available, such as with SECIOP-Kerberos, it would be better done by a new Credentials Acquisition method. As a result of this decision, the ProxyDirective and its constants were removed from the SecurityLevel3 and TransportSecurity Modules. o Incorporated the Changes from the 3.1.1 patch. ORBAsec 3.1.1 Changes since 3.1.0 (Internal Release) -------------------------------------------------------- SL3: o Fixed bugs with port numbers over 2^15. o Fixed a problem with selection of invocation credentials with mixed SL3 and TransportSecurity credentials. o Fixed a bug that left a thread running waiting for input on a transport after an orb shutdown.