contextnameprincipal.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2006, University of Kent
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* 1. Neither the name of the University of Kent nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS  
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
* PURPOSE ARE DISCLAIMED. 
*
* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*
* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
* IN THE CIRCUMSTANCES.  IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
* SERIOUS FAULTS, IN THIS SOFTWARE.
*
* 5. This license is governed, except to the extent that local laws
* necessarily apply, by the laws of England and Wales.
*/

package issrg.pba.rbac;

import java.security.Principal;

/**
 * This class represents a context name, which is corresponding to the context 
 * name in a MSoD policy. It is based on RFC2253. 
 * Like DN -- distinguished name, it contains a group of variable-value pairs, 
 * and the value can be * or $: 
 * * means any specific value for this variable, for example, given c=*, then 
 * c=21 and c=34 belong to two different context instances; 
 * $ means any value regardless of its specific value, for example, given 
 * c=$, then c=21 and c=34 belong to the same context instance if 
 * other variable/value pairs also match. 
 *
 * @author W.Xu
 * @version 0.1
 */

public class ContextNamePrincipal implements java.security.Principal {
  public static final ContextNamePrincipal WHOLE_WORLD_DN = new ContextNamePrincipal(); // the static initializer below will set the right values
  static{
    try{
      WHOLE_WORLD_DN.name="";
      WHOLE_WORLD_DN.parsedDN=new ContextNamePrincipal("").parsedDN;
    }catch(issrg.utils.RFC2253ParsingException rpe){
      // this shouldn't happen
    }
  }

  private String name, contextName;
  private String [][][] parsedDN;
  private String [][][] instantiatedDN;

  protected ContextNamePrincipal() {}

  /**
   * This constructor builds the object out of the String representation of the DN. It
   * uses <code>issrg.utils.RFC2253NameParser</code> to check if the name can be successfully parsed.
   * If not, an <code>issrg.utils.RFC2253ParsingException</code> is thrown.
   *
   * @params contextDN is the DN of the Principal
   *
   * @throws RFC2253ParsingException
   *
   * @see issrg.utils.RFC2253NameParser
   * @see issrg.utils.RFC2253ParsingException
   */
  public ContextNamePrincipal(String contextDN) throws issrg.utils.RFC2253ParsingException {
    name = issrg.utils.RFC2253NameParser.toCanonicalDN(
                parsedDN=issrg.utils.RFC2253NameParser.distinguishedName(contextDN)
                );
    this.contextName = contextDN;
  }


  public String getName(){
    return name;
  }

  /**
   * Returns the DN as an array, specified by issrg.utils.RFC2253Parser
   *
   * @return an array of values representing the DN
   */
  public String [][][] getParsedDN(){
    return parsedDN;
  }

  /**
   * This method is to compare two ContextNamePrincipal objects. If two 
   * ContextNamePrincipal equals, then it returns true; 
   * otherwise, it returns false. 
   *
   * @param con is the input ContextNamePrincipal. 
   *
   * @return true if this ContextNamePrincipal equals the input con according 
   *   to context name hierarchy; 
   * otherwise return false. 
   */
  public boolean equals(ContextNamePrincipal con) {
        return (name.compareToIgnoreCase(con.getName())==0) ; 
  }


  /**
   * This method is for MSoD rule matching. If this ContextNamePrincipal 
   * contains con according to context match rules, then
   * it returns true; otherwise, false. added for MSoD. 
   *
   * @param con is the input ContextNamePrincipal. 
   *
   * @return true if this ContextNamePrincipal contains the input con according 
   *   to context name hierarchy; 
   * otherwise return false.
   */
  public boolean contains(ContextNamePrincipal con) {
    if (con == null) return false;

    String [][][] instanceDN = con.getParsedDN();

    if (parsedDN.length > instanceDN.length )  {
        return false; //doesn't contain it
    }

    // here we have:  instanceDN.length >= parsedDN.length
    for (int i=0; i<parsedDN.length ; i++){
        //j loop is useless, because only j=0 is actually used 
        //only k =0 and 1 are used. 
        if (parsedDN[i][0][0].compareToIgnoreCase( instanceDN[i][0][0] ) != 0 ) { 
            return false; 
        }

        if ( (parsedDN[i][0][1].compareTo( "*" ) != 0) && (parsedDN[i][0][1].compareTo( "$" ) != 0) ) { // wildcard 
          if (parsedDN[i][0][1].compareTo( instanceDN[i][0][1] ) != 0 ){
              return false; 
          }
        }
    } // i loop 
    return true; 
   }

  /**
   * This method is for MSoD rule to instantiate a ContextNamePrincipal, 
   * i.e.&nbsp;* is instantiated with a value. added for MSoD.
   *
   * @param inputCNP is the input ContextNamePrincipal. 
   *
   * @return the instantiated contextNamePrincipal, ie * is instantiated with 
   *   real value. 
   */
  public ContextNamePrincipal instantiate(ContextNamePrincipal inputCNP) {
    if ( !contains(inputCNP)){
        return null;
    }

    String [][][] inputDN = inputCNP.getParsedDN();
    try{
        instantiatedDN = issrg.utils.RFC2253NameParser.distinguishedName(contextName); 
    } catch(issrg.utils.RFC2253ParsingException e){ //will never happen here; be handled in constructor
    }

    for (int i=0; i<instantiatedDN.length ; i++){
        //j loop is useless, because only j=0 is actually used 
        //only k =0 and 1 are used. 
        if (instantiatedDN[i][0][0].compareTo( inputDN[i][0][0] ) != 0 ) { 
            return null; 
        }

        if (instantiatedDN[i][0][1].compareTo( "*" ) == 0 ) { // wildcard 
          instantiatedDN[i][0][1] = new String(inputDN[i][0][1]);
        } else if (instantiatedDN[i][0][1].compareTo( "$" ) == 0 ) { // wildcard 
          instantiatedDN[i][0][1] = new String("$");
        } else {
          if (instantiatedDN[i][0][1].compareTo( inputDN[i][0][1] ) != 0 )
              return null; 
        }
    } // i loop 

    ContextNamePrincipal c = null;
    try{
        c= new ContextNamePrincipal(issrg.utils.RFC2253NameParser.toCanonicalDN(instantiatedDN));
    } catch (Exception e){}
    return c; 
   }

}