basicaccessrulesetencoder.java

一套JAVA的CA证书签发系统.

		boolean returnval = false;
								
		if(ar.getRule() == AccessRule.RULE_ACCEPT){
		  if(ar.getAccessRule().equals(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS))
			  returnval = true;
		  if(ar.isRecursive()){
		  	  if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWLOG)) 
		  	  	 returnval = true; 
		      if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE) ||
		         ar.getAccessRule().equals(AvailableAccessRules.CABASE))   	
		      	   returnval = true;
		  }else{
		  	  if(ar.getAccessRule().startsWith(AvailableAccessRules.REGULAR_RAFUNCTIONALITY + "/")
		  	  	  && !ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITYPROFILES))
		  	  	  returnval = true;
		  	  if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX))
		  	  	returnval = true;
		  	  if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX))
		  	  	returnval = true;		  	  
		  } 	
		}
		return returnval;
	}	
	
	private boolean isSupervisor(Collection currentaccessrules){
		boolean returnval = false;
		
		if(currentaccessrules.size() >= 2){
			HashSet requiredacceptrecrules = new HashSet();
			requiredacceptrecrules.add(AvailableAccessRules.REGULAR_VIEWLOG);
			HashSet requiredacceptnonrecrules = new HashSet();
			requiredacceptnonrecrules.add(AvailableAccessRules.ROLE_ADMINISTRATOR);
			requiredacceptnonrecrules.add(AvailableAccessRules.REGULAR_VIEWCERTIFICATE);			
			Iterator iter = currentaccessrules.iterator();
			boolean illegal = false;
			while(iter.hasNext()){
				AccessRule ar = (AccessRule) iter.next();	     	
				if(!isAllowedSupervisorRule(ar))
					if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive() && requiredacceptrecrules.contains(ar.getAccessRule()))
						requiredacceptrecrules.remove(ar.getAccessRule());
					else		
						if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive() && requiredacceptnonrecrules.contains(ar.getAccessRule()))
							requiredacceptnonrecrules.remove(ar.getAccessRule());
						else{
							illegal = true;
							break;
						}	
			}
			if(!illegal && requiredacceptrecrules.size() ==0 && requiredacceptnonrecrules.size() == 0)
				returnval = true;
			

		}
				
		return returnval;
	}
	
	
	private boolean isAllowedSupervisorRule(AccessRule ar){
		boolean returnval = false;

		if(ar.getRule() == AccessRule.RULE_ACCEPT){
			if(ar.isRecursive()){
					if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE) ||
							ar.getAccessRule().equals(AvailableAccessRules.CABASE))   	
						returnval = true;
			}else{
				if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITY) ||
				   ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY) ||
				   ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWHARDTOKENS) )
					returnval = true;
				if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX))
					returnval = true;
				if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX))
					returnval = true;		  	  
			}
		}
		return returnval;				
	}
			
	private void initAvailableRules(boolean usehardtokens, boolean usekeyrecovery, Collection availableaccessrules){
		availableendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_VIEW));
		availableendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_VIEWHISTORY));
		if(usehardtokens)
		  availableendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS));
		availableendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_CREATE));
		availableendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_EDIT));
		availableendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_DELETE));
		availableendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_REVOKE));
		if(usekeyrecovery)
		  availableendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_KEYRECOVER));
		
		Iterator iter = availableaccessrules.iterator();
		while(iter.hasNext()){
			String nextrule = (String) iter.next();
			if(nextrule.equals(AvailableAccessRules.CABASE)){
				this.availablecas.add(new Integer(BasicAccessRuleSet.CA_ALL));
			}else
		    if(nextrule.startsWith(AvailableAccessRules.CAPREFIX)){
		    	this.availablecas.add(new Integer(nextrule.substring(AvailableAccessRules.CAPREFIX.length())));
		    }else
		    if(nextrule.equals(AvailableAccessRules.ENDENTITYPROFILEBASE)){
		    	this.availableendentityprofiles.add(new Integer(BasicAccessRuleSet.ENDENTITYPROFILE_ALL));	
		    }else
		    if(nextrule.startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX)){			    	
		    	if(nextrule.lastIndexOf('/') <= AvailableAccessRules.ENDENTITYPROFILEPREFIX.length())
		    	  this.availableendentityprofiles.add(new Integer(nextrule.substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length())));
		    	else	
		    	  this.availableendentityprofiles.add(new Integer(nextrule.substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length(), nextrule.lastIndexOf('/'))));		
		    }		    		    		    						
		}
		
		
		this.availableotherrules.add(new Integer(BasicAccessRuleSet.OTHER_VIEWLOG));
		if(usehardtokens)
			this.availableotherrules.add(new Integer(BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS));
		
	}
	
	private void initCurrentRules(Collection currentaccessrules){		
		Iterator iter = currentaccessrules.iterator();
		HashMap endentityrules = new HashMap();
		
		Integer general = new Integer(0);
		endentityrules.put(general, new Integer(0));
		
		
		while(iter.hasNext()){
			AccessRule ar = (AccessRule) iter.next();			
									
			if(ar.getAccessRule().startsWith(AvailableAccessRules.REGULAR_RAFUNCTIONALITY) &&
				ar.getAccessRule().length() > AvailableAccessRules.REGULAR_RAFUNCTIONALITY.length() &&
			   !ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITYPROFILES)){
				if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){
					if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITY)){
						
						currentendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_VIEW));
						endentityrules.put(general,  new Integer(((Integer) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEW));	
					}else
				    if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY)){				    	
				    	currentendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_VIEWHISTORY));							
				    	endentityrules.put(general,  new Integer(((Integer) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEWHISTORY));
				    }else
				    if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_CREATEENDENTITY)){				    	
				    	currentendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_CREATE));							
				    	endentityrules.put(general,  new Integer(((Integer) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_CREATE));				    	
				    }else
				    if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_DELETEENDENTITY)){				    	
				    	currentendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_DELETE));							
				    	endentityrules.put(general,  new Integer(((Integer) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_DELETE));				    	
				    }else
				    if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITY)){				    	
				    	currentendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_EDIT));							
				    	endentityrules.put(general,  new Integer(((Integer) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_EDIT));				    	
				    }else
				     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_REVOKEENDENTITY)){				     	
				     	currentendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_REVOKE));							
				     	endentityrules.put(general,  new Integer(((Integer) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_REVOKE));				     	
				    }else				    	
				    if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWHARDTOKENS)){				    	
				    	currentendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS));							
				    	endentityrules.put(general,  new Integer(((Integer) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS));				    	
				    }else
				    if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_KEYRECOVERY)){				    	
				    	currentendentityrules.add(new Integer(BasicAccessRuleSet.ENDENTITY_KEYRECOVER));							
				    	endentityrules.put(general,  new Integer(((Integer) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_KEYRECOVER));				    	
				    }				    						
				}else{
				   this.forceadvanced = true;
				   break;
				}				
			}else{
				if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE)){
				  if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){				  	
				       this.currentendentityprofiles.add(new Integer(BasicAccessRuleSet.ENDENTITYPROFILE_ALL));
				  }else{
				  	this.forceadvanced = true;
				  	break;				  	
				  }
				}else
				if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX)){
				  if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){
                    Integer profileid = null; 
				  	if(ar.getAccessRule().lastIndexOf('/') > AvailableAccessRules.ENDENTITYPROFILEPREFIX.length()){
					  profileid = new Integer(ar.getAccessRule().substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length(), ar.getAccessRule().lastIndexOf('/')));
				  	}else{
				  		this.forceadvanced = true;
				  		break;
				  	}
					int currentval = 0;
					if(endentityrules.get(profileid) != null)
						currentval = ((Integer) endentityrules.get(profileid)).intValue();
					
					if(ar.getAccessRule().endsWith(AvailableAccessRules.VIEW_RIGHTS)){
						currentval += BasicAccessRuleSet.ENDENTITY_VIEW;
					}else
					if(ar.getAccessRule().endsWith(AvailableAccessRules.HISTORY_RIGHTS)){
						currentval += BasicAccessRuleSet.ENDENTITY_VIEWHISTORY;	
					}else
					if(ar.getAccessRule().endsWith(AvailableAccessRules.HARDTOKEN_RIGHTS)){
						currentval += BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS;								
					}else
					if(ar.getAccessRule().endsWith(AvailableAccessRules.CREATE_RIGHTS)){
						currentval += BasicAccessRuleSet.ENDENTITY_CREATE;				
					}else
					if(ar.getAccessRule().endsWith(AvailableAccessRules.DELETE_RIGHTS)){
						currentval += BasicAccessRuleSet.ENDENTITY_DELETE;				
					}else
					if(ar.getAccessRule().endsWith(AvailableAccessRules.EDIT_RIGHTS)){
						currentval += BasicAccessRuleSet.ENDENTITY_EDIT;
					}else
					if(ar.getAccessRule().endsWith(AvailableAccessRules.REVOKE_RIGHTS)){
						currentval += BasicAccessRuleSet.ENDENTITY_REVOKE;
					}else						
					if(ar.getAccessRule().endsWith(AvailableAccessRules.KEYRECOVERY_RIGHTS)){
						currentval += BasicAccessRuleSet.ENDENTITY_KEYRECOVER;
					}
					endentityrules.put(profileid, new Integer(currentval));					
				  }else{
				  	this.forceadvanced = true;
				  	break;
				  }
				}else{
                  if(ar.getAccessRule().equals(AvailableAccessRules.CABASE)){
                  	if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){                  	
                  	  this.currentcas.add(new Integer(BasicAccessRuleSet.CA_ALL));
                    }else{
                  	  this.forceadvanced = true;
                  	  break;
                    }                  
                  }else{
                   	 if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX)){
                   	 	if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){                  	
                           Integer caid = new Integer(ar.getAccessRule().substring(AvailableAccessRules.CAPREFIX.length()));
                           this.currentcas.add(caid);
                   	 	}else{
                   	 		this.forceadvanced = true;
                   	 		break;
                   	 	}                                     	 	
                  	 }else{
                  	 	  if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWLOG)){
                  	 	      if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){
                  	 	  	    this.currentotherrules.add( new Integer(BasicAccessRuleSet.OTHER_VIEWLOG));
                  	 	      }else{
                  	 	      	this.forceadvanced = true;
                  	 	      	break;                  	 	      	
                  	 	      }
                  	 	  }else
                  	 	  if(ar.getAccessRule().equals(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS)){
                  	 	  		if(ar.getRule() == AccessRule.RULE_ACCEPT){
                  	 	  			this.currentotherrules.add( new Integer(BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS));
                  	 	  		}else{
                  	 	  			this.forceadvanced = true;
                  	 	  			break;                  	 	      	                  	 	  			
                  	 	  		}
                  	 	  }
                  	 }
                  }
				}
			}			
		}
		
						
		
		int endentityruleval = ((Integer) endentityrules.get(general)).intValue();	
		
		iter = endentityrules.keySet().iterator();
		while(iter.hasNext()){
			Integer next = (Integer) iter.next();
			if(!next.equals(general)){
				if(((Integer) endentityrules.get(next)).intValue() == endentityruleval ){
					this.currentendentityprofiles.add(next);
				}else
					this.forceadvanced = true;
			}			
		}

	}
	 	
}