# This patch resets the port of the primary address to zero when an IORInterceptor adds
# a TAG_CSI_SEC_MECH_LIST component with transport protection requirements (SSL), as it
# should be per the CSI v2 specification.

--- src/org/jacorb/orb/ORB.java	2009-05-03 18:35:55.000000000 -0300
+++ src/org/jacorb/orb/ORB.java	2009-07-28 13:53:08.390160147 -0300
@@ -61,6 +61,7 @@
 import org.omg.CORBA.portable.BoxedValueHelper;
 import org.omg.CORBA.portable.StreamableValue;
 import org.omg.CORBA.portable.ValueFactory;
+import org.omg.CSIIOP.*;
 import org.omg.ETF.Profile;
 import org.omg.IOP.IOR;
 import org.omg.IOP.MultipleComponentProfileHelper;
@@ -812,9 +813,19 @@
             }
         }
 
-        // add GIOP 1.0 profile if necessary
-
+        // patch the primary address if SSL (or TLS) is required by the target. 
         IIOPProfile iiopProfile = findIIOPProfile(profiles);
+        if (iiopProfile != null)
+        {
+            TaggedComponentList components = 
+                (TaggedComponentList)componentMap.get(ObjectUtil.newInteger(TAG_INTERNET_IOP.value));
+            if(this.isSSLRequiredInComponentList(components))
+            {
+                iiopProfile.patchPrimaryAddress(new IIOPAddress(null, 0));
+            }
+        }
+
+        // add GIOP 1.0 profile if necessary
         if ( (iiopProfile != null)
              && ( this.giopMinorVersion == 0 || this.giopAdd_1_0_Profiles ))
         {
@@ -863,6 +874,43 @@
         return new IOR(repId, tps);
     }
 
+    public boolean isSSLRequiredInComponentList(TaggedComponentList components)
+    {
+        int minimum_options = Integrity.value | Confidentiality.value | 
+                              DetectReplay.value | DetectMisordering.value;
+
+        if(components == null)
+        {
+            return false;
+        }
+
+        CompoundSecMechList csmList =
+            (CompoundSecMechList)components.getComponent(
+                                            TAG_CSI_SEC_MECH_LIST.value,
+                                            CompoundSecMechListHelper.class);
+
+        if (csmList != null && csmList.mechanism_list.length > 0 &&
+                csmList.mechanism_list[0].transport_mech.tag ==
+                                                    TAG_TLS_SEC_TRANS.value)
+        {
+            byte[] tlsSecTransData =
+                csmList.mechanism_list[0].transport_mech.component_data;
+            CDRInputStream in =
+                new CDRInputStream((org.omg.CORBA.ORB)null, tlsSecTransData);
+            try
+            {
+                in.openEncapsulatedArray();
+                TLS_SEC_TRANS tls = TLS_SEC_TRANSHelper.read(in);
+                return (tls.target_requires & minimum_options) != 0;
+            }
+            catch ( Exception ex )
+            {
+                throw new INTERNAL(ex.toString());
+            }
+        }
+        return false;
+    }
+
     private TaggedProfile createMultipleComponentsProfile
                                   (TaggedComponentList components)
     {