📄 distestnew.java
字号:
keyPath = path.substring(0, path.length());
keyPath = keyPath.concat(separator);
PKC = keyPath.concat(PKC);
x509 = new iaik.x509.X509Certificate(new java.io.FileInputStream(PKC));
ds = new issrg.security.PKCS12Security();
ds.setRootCA(x509);
ds.setPKCRepository(new issrg.security.PKCRepository(r));
sv = new issrg.pba.rbac.SimpleSignatureVerifier(ds);
CustomisePERMIS.setAttributeCertificateAttribute(AC_attribute);
CustomisePERMIS.setUserCertificateAttribute(User_certificate);
CustomisePERMIS.configureX509Flavour();
// CustomisePERMIS.registerACExtensions();
policyFinder = new issrg.dis.DISRAPandParser(r, OID, new LDAPDNPrincipal(SOA), sv, org.apache.log4j.Level.toLevel("OFF"));
pp = policyFinder.getPolicyPaser();
tokenParser = policyFinder.getAuthTokenParser();
allocationPolicy = policyFinder.getAllocationPolicy();
comparator = policyFinder.getComparator();
roleHierarchyPolicy = (issrg.pba.rbac.xmlpolicy.XMLPolicyParser.RoleHierarchyPolicyNode) ((issrg.pba.rbac.xmlpolicy.XMLPolicyParser) pp).getAuthTokenParsingRules().get(issrg.pba.rbac.RoleHierarchyPolicy.class);
java.util.Map mapSOAs = ((issrg.pba.rbac.xmlpolicy.XMLPolicyParser)pp).getSOAs();
boolean foundDISAsSOA = false;
java.util.Collection collectionSOAs = mapSOAs.values();
for (java.util.Iterator ite = collectionSOAs.iterator(); ite.hasNext();) {
soas.add(ite.next());
}
LDAPDNPrincipal disPrincipal = new LDAPDNPrincipal(DIS);
for (int i = 0; i < soas.size(); i++) {
LDAPDNPrincipal soaPrincipal = (LDAPDNPrincipal) soas.get(i);
if (soaPrincipal.equals(disPrincipal)) {
foundDISAsSOA = true;
break;
}
}
if (!foundDISAsSOA) {
getDISSerials();
if (aai == null) {
throw new Exception("The DIS does not have any AC that can be used for delegation");
}
// String DIS_AC_LOCATION = new String(LDAP).concat("/").concat(DIS);
// aaia = new issrg.ac.attributes.AttributeAuthorityInformationAccess(new String[] {DIS_AC_LOCATION});
}
readRoleTypes();
DISGeneralNames = issrg.ac.Util.buildGeneralNames(DIS);
rootCASerial = new issrg.ac.IssuerSerial(issrg.ac.Util.buildGeneralNames(rootcaDN), signerPKC.getSerialNumber(), null);
byte[] bt = signerPKC.getSigAlgParams();
ASN1Object algParams = bt == null ? null : iaik.asn1.DerCoder.decode(bt);
signatureAlg = new iaik.asn1.structures.AlgorithmID(new iaik.asn1.ObjectID(signingUtility.getSigningAlgorithmID()));
repository = new issrg.simplePERMIS.SimplePERMISAuthTokenRepository(AC_attribute, ldapUtility, tokenParser);
} catch (Throwable th) {
throw new Exception("Error when initializing the Delegation Service");
//if (verbose) th.printStackTrace();
}
}
protected void initialize(issrg.utils.repository.AttributeRepository r, String path) {
//this method is used for testing purposes
}
private void getDISSerials() throws Exception {
javax.naming.directory.Attribute attr;
try {
attr = ldapUtility.loadACs(DIS);
if (attr == null) return;
int num = attr.size();
Vector disIssuerSerials = new Vector();
for (int i = 0; i < num; i++) {
byte[] acObject = (byte[]) attr.get(i);
issrg.ac.AttributeCertificate ac = issrg.ac.AttributeCertificate.guessEncoding(acObject);
LDAPDNPrincipal holder = new LDAPDNPrincipal(issrg.ac.Util.generalNamesToString(ac.getACInfo().getHolder().getEntityName()));
if (!holder.equals(new LDAPDNPrincipal(DIS))) continue;
String issuer = issrg.ac.Util.generalNamesToString(ac.getACInfo().getIssuer().getV1Form()==null?ac.getACInfo().getIssuer().getV2Form().getIssuerName():ac.getACInfo().getIssuer().getV1Form()).toLowerCase();
LDAPDNPrincipal issuerPrincipal = new LDAPDNPrincipal(issuer);
boolean foundSOAAsIssuer = false;
for (int j = 0; j < soas.size(); j++) {
LDAPDNPrincipal soaPrincipal = (LDAPDNPrincipal) soas.get(j);
if (soaPrincipal.equals(issuerPrincipal)) {
foundSOAAsIssuer = true;
break;
}
}
if (!foundSOAAsIssuer) continue;
ParsedToken token = tokenParser.decode(acObject);
if (!(token instanceof DelegatableToken)) continue;
DelegatableToken tokenD = (DelegatableToken) token;
AssignmentRule assertRule = new AssignmentRule(tokenD.getSubjectDomain(), tokenD.getDepth(), tokenD.getDelegateableCredentials());
Vector holders = new Vector();
holders.add(tokenD.getHolder());
Vector rules = allocationPolicy.validate(token.getHolder(), token.getIssuerTokenLocator(), assertRule, repository, holders);
if (rules.size() == 0) {
continue;
}
GeneralName SOAGeneralName = new GeneralName(GeneralName.directoryName, new iaik.utils.RFC2253NameParser(issuer.toUpperCase()).parse());
GeneralNames SOAGeneralNames = new GeneralNames(SOAGeneralName);
disIssuerSerials.add(new IssuerSerial(SOAGeneralNames, ac.getACInfo().getSerialNumber(), null));
}
int numberOfIssuerSerials = disIssuerSerials.size();
if (numberOfIssuerSerials > 0) {
IssuerSerial[] a = new IssuerSerial[0];
a = (IssuerSerial[]) disIssuerSerials.toArray(a);
aai = new issrg.ac.attributes.AuthorityAttributeIdentifier((IssuerSerial[]) a);
}
} catch (Exception e) {
throw new Exception("Error when reading the DIS's ACs");
}
}
private void readConfigFile(String path) throws Exception {
//log.debug("Start reading the config file");
String separator = System.getProperties().getProperty("file.separator");
String configPath = path.concat(separator);
configPath = configPath.concat(config_file);
//log.debug("config file path: " + configPath);
BufferedReader in = null;
try {
try {
in = new BufferedReader(new InputStreamReader(new FileInputStream(configPath)));
} catch(IOException ioe) {
//log.fatal("Error when reading the config file");
throw ioe;
}
String line;
String left, right;
int i;
while ((line = in.readLine()) != null) {
line = line.intern();
if (line == "") continue;
line = line.trim();
i = line.indexOf(" ");
if (i < 0) {
if (verbose) System.err.println("Unrecognised line ignored: " + line);
continue;
}
left = line.substring(0, i).toLowerCase().trim().intern();
right = line.substring(i + 1).trim().intern();
if (left.charAt(0) == '#') {
continue;
} else if (left=="soa") {
SOA = right.toUpperCase();
//log.debug("got the SOA's DN");
} else if (left=="policyoid") {
OID = right;
//log.debug("got the policy OID");
} else if (left=="pkc") {
PKC= right;
//log.debug("got the PKC");
} else if (left=="ldap") {
LDAP = right;
//log.debug("got the ");
} else if (left=="downgradeable") {
downgradeable = right=="1";
} else if (left=="rootldap") {
rootDN = right;
//log.debug("got the ldap's writeable account");
} else if (left=="passwordldap") {
rootPass = right;
//log.debug("got the ldap's writeable account's password");
} else if (left=="signkeypath") {
SIGN_KEY_PATH = right;
//log.debug("got the signing key path");
} else if (left=="signkeypassword") {
SIGN_KEY_PASSWORD = right;
//log.debug("got the signing key password");
} else if (left=="ldapattributecertificateattribute") {
AC_attribute = right;
//log.debug("got the ACType: "+ AC_attribute);
} else if (left =="usercertificate") {
User_certificate = right;
//log.debug("got the PKC type: "+ User_certificate);
} else if (left=="attributelocation") {
DIS_AC_LOCATION = right;
//log.debug("got the location of the DIS's ACs: " + DIS_AC_LOCATION);
} else if (left == "trusted") {
trustedProxy.add(issrg.utils.RFC2253NameParser.toCanonicalDN(right));
//log.debug("got the DN of the trusted proxy: "+ issrg.utils.RFC2253NameParser.toCanonicalDN(right));
} else {
System.err.println("Unrecognised line ignored: " + line);
}
}
} catch (FileNotFoundException fnfe) {
throw new FileNotFoundException("Config file not found" + config_file);
} catch (IOException ioe) { // propagate the exceptions to the caller
throw new IOException("Error reading configuration file");
}
}
private void readRoleTypes() {
roleTypes = new Hashtable(roleHierarchyPolicy.getTypeOid());
// get all the OIDs in the policy, and register PermisRole attribute value
String [] oids = (String[])roleTypes.values().toArray(new String[0]);
for (int i=0; i<oids.length; i++){
issrg.ac.attributes.PermisRole.registerMe(oids[i]); // now whenever an Attribute Certificate with the attribute with this OID is encountered, the attribute PermisRole will be created.
}
}
public String signForMe(String issuerDN, String holderDN, String[] roleValues, String roleType, String from, String to, String assertion, String deep) {
String roleTypeValues = roleType + ":";
for (int i = 0; i < roleValues.length; i++) roleTypeValues = roleTypeValues + roleValues[i] + " ";
roleTypeValues = roleTypeValues.substring(0, roleTypeValues.length() - 1);
SetOfSubsetsCredentials creds1 = createSet(roleTypeValues, from, to);
if (creds1.getValue().isEmpty()) return issrg.dis.Comm.ROLETYPE_OR_ROLE_VALUE_IS_NOT_SUPPORTED_IN_POLICY;
int depth1;
Integer depthInt = new Integer(deep);
if (depthInt.intValue() < 0) depth1 = -2; else if (depthInt.intValue() == 0) depth1 = -1; else depth1 = depthInt.intValue() -1;
DepthsCreds depthsCreds = new DepthsCreds();
depthsCreds.setDepth1(depth1);
depthsCreds.setCreds1(creds1);
String resultAfterCheckAndConstrain = checkAndConstrain(issuerDN, holderDN, assertion, depthsCreds);
if (!resultAfterCheckAndConstrain.equals(SATISFIED)) return resultAfterCheckAndConstrain;
try {
//System.out.println("In signForMe function, before going to generateAC: "+ depthsCreds.getCreds2());
byte[] ac = generateAC(issuerDN, holderDN, (SetOfSubsetsCredentials)depthsCreds.getCreds2(), assertion, depthsCreds.getDepth2());
if (ac.length == 0) {
//System.out.println("Created AC is in wrong format, length = 0");
return issrg.dis.Comm.ACCREATION_ERROR;
}
try {
storeToLDAP(ac);
} catch (Exception ee) {
return Comm.ERROR_WRITING_LDAP;
}
return prepareReturn(ac, assertion, depthsCreds.getDepth2());
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -