entrustsigningutility.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pa.extensions;

import java.awt.Frame;
import java.util.Map;
import com.entrust.toolkit.User;
import com.entrust.toolkit.exceptions.*;

import javax.swing.*;

import issrg.pa.ACCreationException;
import issrg.security.EntrustSecurityException;

/**
 * This class provides signing by employing Entrust Java toolkit.
 *
 * <p>The user is asked to pick the Entrust profile file, and then authenticate
 * himself by entering the password. Signer's identity is picked from the
 * PKC.
 *
 * @author Sassa
 * @version 1.0
 */
public class EntrustSigningUtility extends issrg.pa.SigningUtility {
  /**
   * This is what this class wraps: all calls are passed to it.
   */
  private final issrg.security.EntrustSecurity es = new issrg.security.EntrustSecurity();

  /**
   * This variable names the configuration variable in the pa.cfg file that
   * points to the default profile file. This file will be selected as the
   * initial signer's choice, but can be changed at run-time.
   *
   * <p>At the moment its value is "EntrustSigningUtility.DefaultProfile".
   */
  public static final String DEFAULT_PROFILE_STRING = "EntrustSigningUtility.DefaultProfile";

  /**
   * This is the filename of the EPF file that will be used by default in case
   * the <code>DEFAULT_PROFILE_STING</code> variable is missing from the
   * Environment.
   */
  public static final String DEFAULT_PROFILE = "";

  /**
   * This was used before; left for compliancy.
   */
  //private static final String DEFAULT_PROFILE = "";

  public EntrustSigningUtility() {
  }

  public byte[] sign(byte[] aci) throws EntrustSecurityException {
    return es.sign(aci);
  }

  public boolean isLoggedIn(){
    return es.isLoggedIn();
  }

  public void login(java.awt.Frame frame, java.util.Map Environment) throws EntrustSecurityException {
    try{
      java.util.Map env = new java.util.Hashtable();

      String s = (String)Environment.get(this.DEFAULT_PROFILE_STRING);
      env.put(es.DEFAULT_PROFILE_STRING, s==null?this.DEFAULT_PROFILE:s);
      env.put(es.SHOW_SPLASH_FLAG, new Boolean(true));

      es.login(frame, env);

      java.security.cert.X509Certificate x509=es.getUser().getVerificationCertificate();
    }catch (EntrustSecurityException es){
      throw es;
    }catch(Exception ese){
      throw new EntrustSecurityException("Logging in failed: "+ese.getMessage(), ese);
    }
  }

  public void logout(Frame frame, Map Environment) throws EntrustSecurityException{
    es.logout(frame, null);
  }

  /**
   * The user must be logged in at this point.
   */
  public String getSigningAlgorithmID() throws ACCreationException{
    try{
      return es.getSigningAlgorithmID();
    }catch(EntrustSecurityException ese){
      throw new ACCreationException(ese.getMessage(), ese);
    }
  }

  public java.security.cert.X509Certificate getVerificationCertificate() throws EntrustSecurityException{
    return es.getVerificationCertificate();
  }
}