issuerentry.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pba.rbac.x509;

import issrg.pba.repository.*;

import issrg.pba.rbac.LDAPDNPrincipal;
/**
 * This class represents the entry of the issuer of the authorisation token. It
 * is used in the delegation policy when deciding what credentials the issuer 
 * has got.
 *
 * <p>It is aware of the authorisation token format, so it knows where to find
 * the issuer information.
 *
 * @author A Otenko
 * @version 1.0
 */

public class IssuerEntry extends UserEntry {

  protected IssuerEntry(){}

  /**
   * This constructor builds an object using the retrieved Authorisation Token.
   * It should be the byte array of a BER-encoded X.509 Attribute Certificate.
   *
   * @param ac is the byte array representing the X.509 AC, of which the Issuer
   *    will be represented by this object
   *
   * @throws IllegalArgumentException if it is not a byte array, or is not a
   *    proper X.509 AC
   */
  public IssuerEntry(Object ac) {
    if (!(ac instanceof byte [])){
      throw new IllegalArgumentException("ac object should be a byte array: byte []");
    }

    try{
      _init_(issrg.ac.AttributeCertificate.guessEncoding((byte[])ac));
    }catch(iaik.asn1.CodingException ce){
      throw new IllegalArgumentException("ac object should be a correct BER encoded X.509 AC: "+ce.getMessage());
    }
  }

  /**
   * This constructor can build an object out of the AttributeCertificate object
   * - a ready to use object. Note that usually the caller will need the
   * constructor with the Object passed to it.
   *
   * @param ac is the AttributeCertificate of which the Issuer will be
   *    represented by this object
   *
   * @see IssuerEntry(Object)
   */
  public IssuerEntry(issrg.ac.AttributeCertificate ac) {
    _init_(ac);
  }

  /**
   * This method is used for proper initialising the object by all the
   * constructors. It actually does the work described for the <code>
   * IssuerEntry(AttributeCertificate ac)</code> constructor.
   *
   * @param ac is the AttributeCertificate object with which the IssuerEntry is
   *    initialised
   *
   * @see IssuerEntry(issrg.ac.AttributeCertificate)
   */
  protected void _init_(issrg.ac.AttributeCertificate ac){
    String subj = issrg.ac.Util.generalNamesToString(ac.getACInfo().getIssuer().getV1Form());
    if (subj==null || subj.intern()==""){
      subj = issrg.ac.Util.generalNamesToString(ac.getACInfo().getIssuer().getV2Form().getIssuerName());
    }

    String issuer = null;
    java.math.BigInteger serial = null;

    if (ac.getACInfo().getIssuer().getV2Form()!=null && ac.getACInfo().getIssuer().getV2Form().getBaseCertificateID()!=null){
      serial = ac.getACInfo().getIssuer().getV2Form().getBaseCertificateID().getSerial();
      issuer = issrg.ac.Util.generalNamesToString(ac.getACInfo().getIssuer().getV2Form().getBaseCertificateID().getIssuer());
    }

    try{
      _init_(subj==null?null:new LDAPDNPrincipal(subj),
           issuer==null?null:new LDAPDNPrincipal(issuer),
           serial);
    }catch (issrg.utils.RFC2253ParsingException rpe){
      throw new IllegalArgumentException(rpe.getMessage());
    }
  }
}