availableaccessrules.java

一套JAVA的CA证书签发系统.

      
      // Get CA:s
      authorizedcaids = new HashSet();
      authorizedcaids.addAll(authorizer.getAuthorizedCAIds(admin));
      
      this.customaccessrules= customaccessrules;
    }
    
    // Public methods 
    /** Returns all the accessrules and subaccessrules from the given subresource */
    public Collection getAvailableAccessRules(Admin admin){
      ArrayList accessrules = new ArrayList();
      
      
      insertAvailableRoleAccessRules(accessrules);
      
      insertAvailableRegularAccessRules(admin, accessrules);
      
      if(enableendentityprofilelimitations) 
        insertAvailableEndEntityProfileAccessRules(admin, accessrules);

      insertAvailableCAAccessRules(accessrules);
      
      insertCustomAccessRules(admin, accessrules);
      
      
      return accessrules;
    }
   
    // Private methods
    /**
     * Method that adds all authorized role based access rules.
     */    
    private void insertAvailableRoleAccessRules(ArrayList accessrules){
        
      accessrules.add(ROLEACCESSRULES[0]);
      accessrules.add(ROLEACCESSRULES[1]); 
        
      if(issuperadministrator)  
        accessrules.add(ROLEACCESSRULES[2]);
      
    }

    /**
     * Method that adds all regular access rules.
     */    
    
    private void insertAvailableRegularAccessRules(Admin admin, ArrayList accessrules) {
       
      // Insert Standard Access Rules.
      for(int i=0; i < STANDARDREGULARACCESSRULES.length; i++){
         addAuthorizedAccessRule(admin, STANDARDREGULARACCESSRULES[i], accessrules);
      }
      for(int i=0; i < VIEWLOGACCESSRULES.length; i++){
         addAuthorizedAccessRule(admin, VIEWLOGACCESSRULES[i], accessrules);
      }      
      
        
      if(usehardtokenissuing){
        for(int i=0; i < HARDTOKENACCESSRULES.length;i++){
           accessrules.add(HARDTOKENACCESSRULES[i]);           
        }
        addAuthorizedAccessRule(admin, REGULAR_VIEWHARDTOKENS, accessrules);        
      }
        
      if(usekeyrecovery)
         addAuthorizedAccessRule(admin, REGULAR_KEYRECOVERY, accessrules);         
      
    }
    
    
    /**
     * Method that adds all authorized access rules conserning end entity profiles.
     */
    private void insertAvailableEndEntityProfileAccessRules(Admin admin, ArrayList accessrules){
        
        // Add most basic rule if authorized to it.
		try{
		  authorizer.isAuthorizedNoLog(admin, ENDENTITYPROFILEBASE);  
		  accessrules.add(ENDENTITYPROFILEBASE);
		}catch(AuthorizationDeniedException e){
          //  Add it to superadministrator anyway
				 if(issuperadministrator)
				   accessrules.add(ENDENTITYPROFILEBASE);
		}
		
        
        // Add all authorized End Entity Profiles                    
        Iterator iter = raadminsession.getAuthorizedEndEntityProfileIds(admin).iterator();
        while(iter.hasNext()){
            // Check if profiles available CAs is a subset of administrators authorized CAs
            int profileid = ((Integer) iter.next()).intValue();
            
              // Administrator is authorized to this End Entity Profile, add it.
                try{
                  authorizer.isAuthorizedNoLog(admin, ENDENTITYPROFILEPREFIX + profileid);  
                  addEndEntityProfile( profileid, accessrules);
                }catch(AuthorizationDeniedException e){}
            
        }
    }
    
    /** 
     * Help Method for insertAvailableEndEntityProfileAccessRules.
     */
    private void addEndEntityProfile(int profileid, ArrayList accessrules){
      accessrules.add(ENDENTITYPROFILEPREFIX + profileid);      
      for(int j=0;j < ENDENTITYPROFILE_ENDINGS.length; j++){     
        accessrules.add(ENDENTITYPROFILEPREFIX + profileid +ENDENTITYPROFILE_ENDINGS[j]);  
      }         
      if(usehardtokenissuing) 
        accessrules.add(ENDENTITYPROFILEPREFIX + profileid + HARDTOKEN_RIGHTS);     
      if(usekeyrecovery) 
        accessrules.add(ENDENTITYPROFILEPREFIX + profileid + KEYRECOVERY_RIGHTS);           
    }
      
    /**
     * Method that adds all authorized CA access rules.
     */
    private void insertAvailableCAAccessRules(ArrayList accessrules){
      // Add All Authorized CAs
      if(issuperadministrator)	
        accessrules.add(CABASE);
      Iterator iter = authorizedcaids.iterator();
      while(iter.hasNext()){
        accessrules.add(CAPREFIX + ((Integer) iter.next()).intValue());  
      }
    }
    
    /**
     * Method that adds the custom available access rules.
     */
    private void insertCustomAccessRules(Admin admin, ArrayList accessrules){
      for(int i=0; i < customaccessrules.length; i++){
        if(!customaccessrules[i].trim().equals(""))  
          addAuthorizedAccessRule(admin, customaccessrules[i].trim(), accessrules);    
      } 
    }
    
    /**
     * Method that checks if administrator himself is authorized to access rule, and if so adds it to list.
     */    
    private void addAuthorizedAccessRule(Admin admin, String accessrule, ArrayList accessrules){
      try{
        authorizer.isAuthorizedNoLog(admin, accessrule);
        accessrules.add(accessrule);
      }catch(AuthorizationDeniedException e){
      }
    }
    
   
    // Private fields
    private Authorizer authorizer;
    private IRaAdminSessionLocal raadminsession;
    private boolean issuperadministrator;
    private boolean enableendentityprofilelimitations;
    private boolean usehardtokenissuing;
    private boolean usekeyrecovery;
    private HashMap endentityprofiles;
    private HashSet authorizedcaids;
    private String[] customaccessrules;
    
   
}