repositoryacpolicyfinder.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2006, University of Kent
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* 1. Neither the name of the University of Kent nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS  
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
* PURPOSE ARE DISCLAIMED. 
*
* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*
* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
* IN THE CIRCUMSTANCES.  IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
* SERIOUS FAULTS, IN THIS SOFTWARE.
*
* 5. This license is governed, except to the extent that local laws
* necessarily apply, by the laws of England and Wales.
*/
package issrg.pba.rbac.x509;

import issrg.pba.PbaException;
import issrg.pba.rbac.CustomisePERMIS;
import issrg.pba.rbac.URLHandler;
import issrg.pba.rbac.SignatureVerifier;
import issrg.utils.repository.AttributeRepository;
import java.security.Principal;

/**
 * This PolicyFinder can locate a PERMIS policy in one of the ACs retrieved from
 * the SOA's repository entry. To do that, it needs to know the SOA's 
 * entry name, the identifier of the policy (policy OID in PERMIS XML), the
 * AttributeRepository and the SignatureVerifier.
 *
 * @author Sassa
 */
public class RepositoryACPolicyFinder extends SimplePERMISACPolicyFinder{
    
    /** 
     * Given the inputs, it finds all the X.509 Attribute Certificates that
     * are in the entry of the SOA and initialises the Policy Finder with that.
     *
     * @param attRep - the AttributeRepository with the SOA's entry in it 
     *   containing the X.509 Attribute Certificates, one of which must have the
     *   PERMIS Policy
     * @param PolicyId - the identifier of the Policy that must be loaded 
     *   (Policy OID in PERMIS XML)
     * @param SOA - the Principal naming the SOA's entry in the 
     *   AttributeRepository
     * @param SV - the SignatureVerifier to be used to validate the signatures
     *   on the X.509 Attribute Certificates; if null, no signature verification
     *   is performed
     *
     * @throws PbaException, if there was a problem loading the ACs, or if there
     *   was a problem to initialise the Policy Finder with the ACs that were 
     *   found.
     */
    public RepositoryACPolicyFinder(AttributeRepository attRep, String PolicyId, Principal SOA,
            SignatureVerifier SV) throws PbaException {
      super();
      javax.naming.directory.Attribute policyACs=null;

      try{
        policyACs = attRep.getAttribute(SOA, CustomisePERMIS.getAttributeCertificateAttribute());
      }catch (issrg.utils.repository.RepositoryException re){
        throw new PbaException("Could not retrieve the policies from repository", re);
      }
      byte [][] acArray=null;
        
      if (policyACs!=null && policyACs.size()>0){
        acArray = new byte[policyACs.size()][];
        for (int i=0; i<acArray.length; i++) {
          try{
            acArray[i]=(byte [])policyACs.get(i);
          }catch(Exception e){
            // ignore problems with the attributes
          }
        }
      }
      // acArray is null or is an array of byte arrays, each being an AC
      // initPolicyFromACArray can deal with null arrays and with non-ACs

      initPolicyFromACArray(acArray, PolicyId, SOA, SV);
    }
}