📄 ldapdnprincipal.java
字号:
/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the University of Salford nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
package issrg.pba.rbac;
import java.security.Principal;
/**
* This class represents a Principal whose name is an LDAP DN corresponding to
* RFC2253.
*
* @author A Otenko
* @version 1.0
*/
public class LDAPDNPrincipal implements java.security.Principal {
public static final LDAPDNPrincipal WHOLE_WORLD_DN = new LDAPDNPrincipal(); // the static initializer below will set the right values
static{
try{
WHOLE_WORLD_DN.name="";
WHOLE_WORLD_DN.parsedDN=new LDAPDNPrincipal("").parsedDN;
}catch(issrg.utils.RFC2253ParsingException rpe){
// this shouldn't happen
}
}
private String name;
private String [][][] parsedDN;
protected LDAPDNPrincipal() {}
/**
* This constructor builds the object out of the String representation of the
* DN. It
* uses <code>issrg.utils.RFC2253NameParser</code> to check if the name can be
* successfully parsed.
* If not, an <code>issrg.utils.RFC2253ParsingException</code> is thrown.
*
* @params ldapDN is the DN of the Principal
*
* @throws RFC2253ParsingException
*
* @see issrg.utils.RFC2253NameParser
* @see issrg.utils.RFC2253ParsingException
*/
public LDAPDNPrincipal(String ldapDN) throws issrg.utils.RFC2253ParsingException {
//System.out.println("Building LDAP DN: "+ldapDN); //***********
name = issrg.utils.RFC2253NameParser.toCanonicalDN(
parsedDN=issrg.utils.RFC2253NameParser.distinguishedName(ldapDN)
);
//System.out.println("Built OK"); //***********
}
/**
* This method returns the canonical representation of the Principal's DN,
* which may differ from the value you input to the constructor, but with
* equivalent meaning in terms of RFC2253.
*
* <p>Note that the <code>issrg.utils.RFC2253NameParser</code> does not have a
* registry of attribute names or OIDs, so it is not aware of what attribute
* values should be encoded as hexstrings (starting with '#'). After conversion
* of such values to the canonical representation there may be loss of comparison
* precision, if
* the values happen to contain US-ASCII characters, which will be compared
* as case-insensitive values, not as binary values.
*
* @return the canonical representation of the DN.
*/
public String getName(){
return name;
}
/**
* Returns the DN as an array, specified by issrg.utils.RFC2253Parser
*
* @return an array of values representing the DN
*/
public String [][][] getParsedDN(){
return parsedDN;
}
/**
* This method defines the equality comparison of the DNs.
*
* @param o is the object to compare
*
* @return true, if o is a Principal containing the DN equal to the one
* this object contains
*/
public boolean equals(Object o){
if (!(o instanceof Principal)){
return false;
}
LDAPDNPrincipal l;
if (o instanceof LDAPDNPrincipal){
l=(LDAPDNPrincipal)o;
}else{
try{
l=new LDAPDNPrincipal(((Principal)o).getName());
}catch (Exception e){
return false; // an invalid DN there
}
}
String [][][] dn = l.getParsedDN();
boolean result = (dn.length == parsedDN.length); // to start with, they must be of the same length
next_RDN:
for (int i=0; i<dn.length && result; i++){
if (result=(dn[i].length==parsedDN[i].length)){ // otherwise, the loop will be continued to the condition where "result" is checked
boolean [] b = new boolean[dn[i].length];
next_AVA:
for (int j=0; j<parsedDN[i].length; j++){
for (int k=0; k<dn[i].length; k++){
if (b[k]) continue;
if (dn[i][k][0].compareToIgnoreCase(parsedDN[i][j][0])==0){
String v1=dn[i][k].length<3?dn[i][k][1]:dn[i][k][2];
String v2=parsedDN[i][j].length<3?parsedDN[i][j][1]:parsedDN[i][j][2];
int c;
if (parsedDN[i][j].length>=3 && dn[i][k].length>=3){ // both of the arrays are of length 3 then
// case-sensitive comparison should be done (the values are exact values input by the user for '#blablabla' binary strings)
c=v1.compareTo(v2);
}else{
c=v1.compareToIgnoreCase(v2); // so the strings can be case-insensitive
}
if (c==0){// exact match
b[k]=true; // actually, such position of this assignment means that the comparison lets the RDN contain several AVAs with the same attributename (not allowed by RFCs though)
// this syntax is wider, so it works fine with the RFC requirements
continue next_AVA;
}
}
// we are here only if no attribute with such name and value has been found
result=false;
break next_RDN;
}
}
}
}
return result;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -