📄 distestnew.java
字号:
} catch (Exception e) {
if (verbose) e.printStackTrace();
return issrg.dis.Comm.ACCREATION_ERROR;
}
}
private String prepareReturn(byte[] ac, String assertion, int depth) {
try {
//log.debug("start preparing the return message");
String done = issrg.dis.Comm.PUBLISH;
issrg.ac.AttributeCertificate acc = issrg.ac.AttributeCertificate.guessEncoding(ac);
String holder = issrg.ac.Util.generalNamesToString(acc.getACInfo().getHolder().getEntityName());
done = done + SEPARATOR + holder + SEPARATOR;
Vector attributes = acc.getACInfo().getAttributes();
for (int i = 0; i < attributes.size(); i++) {
issrg.ac.Attribute att = (issrg.ac.Attribute) attributes.get(i);
String typeOID = att.getType();
String roleType = roleHierarchyPolicy.getTypeByOID(typeOID);//(String) roleTypes.get(typeOID);
done = done + roleType + ":";
Vector roles = att.getValues();
for (int j = 0; j < roles.size(); j++) {
PermisRole r = (PermisRole) roles.get(j);
done = done + r.getRoleValue() + ",";
}
done = done.substring(0, done.length() -1);
done = done + "+";
}
done = done.substring(0, done.length() - 1);
done = done + SEPARATOR;
done = done + acc.getACInfo().getValidityPeriod().getNotBefore().getTime().getTime().toString() + SEPARATOR;
done = done + acc.getACInfo().getValidityPeriod().getNotAfter().getTime().getTime().toString() + SEPARATOR;
done = done + (assertion.equals("can")? issrg.dis.Comm.CAN_ASSERT: issrg.dis.Comm.CAN_NOT_ASSERT) + SEPARATOR;
depth++;
done = done + new Integer(depth).toString();
//log.debug(done);
return done;
}catch (iaik.asn1.CodingException ce) {
return Comm.CAN_NOT_DECODE_AC_TO_BE_SIGN;
}
}
private boolean checkAndConstrain(ParsedToken token, DepthsCreds depthsCreds) {
try {
Vector holders = new Vector();
holders.add(token.getHolder());
if (!(token instanceof DelegatableToken)) {
Credentials credsCon = allocationPolicy.validate(token.getHolder(), token.getIssuerTokenLocator(), token.getCredentials(), repository, holders);
//System.out.println("In checkAndConstrain core function, getCreds1 and credsCon are :" + depthsCreds.getCreds1() + " " + credsCon);
if (credsCon.equals(emptyCreds)) return false;
if (credsCon.contains(depthsCreds.getCreds1())) {
depthsCreds.setCreds2((Credentials)depthsCreds.getCreds1().clone());
depthsCreds.setDepth2(-2);
return true;
}
if (!downgradeable) return false;
depthsCreds.setCreds2(credsCon);
depthsCreds.setDepth2(-2);
return true;
} else {
DelegatableToken tokenD = (DelegatableToken) token;
AssignmentRule asRAR = new AssignmentRule(tokenD.getSubjectDomain(), tokenD.getDepth(), tokenD.getDelegateableCredentials());
Vector vRars = allocationPolicy.validate(tokenD.getHolder(), tokenD.getIssuerTokenLocator(), asRAR, repository, holders);
if (vRars.isEmpty()) {
if (!downgradeable) return false;
else {
Credentials vCreds = allocationPolicy.validate(token.getHolder(), token.getIssuerTokenLocator(), token.getCredentials(), repository, holders);
if (vCreds.equals(emptyCreds)) return false;
depthsCreds.setCreds2(vCreds);
depthsCreds.setDepth2(-2);
return true;
}
}
Vector tokens = new Vector();
for (int i = 0; i < vRars.size(); i++) {
AssignmentRule vRar = (AssignmentRule)vRars.get(i);
DelegatableToken t = new DefaultDelegatableToken(token.getHolder(),token.getIssuerTokenLocator(), emptyCreds, vRar.getCredentials(), vRar.getSubjectDomain(), vRar.getDelegationDepth());
tokens.add(t);
}
ParsedToken[] tokensSorted = comparator.predict(asRAR, tokens, token.getHolder());
DelegatableToken bestOne = (DelegatableToken) tokensSorted[0];
Credentials vCreds = bestOne.getDelegateableCredentials();
if (vCreds.equals(emptyCreds)) return false;
int vdepth = bestOne.getDepth();
if ((vCreds.contains(depthsCreds.getCreds1())) && (vdepth == depthsCreds.getDepth1())) {
depthsCreds.setCreds2((Credentials)depthsCreds.getCreds1().clone());
depthsCreds.setDepth2(vdepth);
return true;
} else {
if (!downgradeable) return false;
depthsCreds.setCreds2(vCreds);
depthsCreds.setDepth2(vdepth);
return true;
}
}
} catch (Exception e) {
return false;
}
}
private String checkAndConstrain(String issuerDN, String holderDN, String assertion, DepthsCreds depthsCreds) {
issrg.pba.ParsedToken token1 = createParsedToken(issuerDN, holderDN, depthsCreds.getCreds1(), assertion, depthsCreds.getDepth1());
if (checkAndConstrain(token1, depthsCreds)) {
//System.out.println("Before checking with the DIS (in checkAndConstrain function) : " + depthsCreds.getCreds2());
issrg.pba.ParsedToken token2 = createParsedToken(DIS, holderDN, depthsCreds.getCreds2(), assertion, depthsCreds.getDepth2());
if (checkAndConstrain(token2, depthsCreds)) {
//System.out.println("After checking with the DIS (in checkAndConstrain function) : " + depthsCreds.getCreds2());
return SATISFIED;
} else return Comm.DIS_DO_NOT_HAVE_ENOUGH_PRIVILEGE;
} else return Comm.ISSUER_DONOT_HAVE_ENOUGH_PRIVILEGES_OR_CAN_NOT_DOWNGRADE_PRIVILEGE_OR_WRONG_REQUEST;
}
private String getSerialNumber() {
String s = new Integer(virtualSerialNumber).toString();
virtualSerialNumber++;
return s;
}
private byte[] generateAC(String issuerDN, String holderDN,
SetOfSubsetsCredentials creds2, String assertion, int depth2) throws Exception {
//log.debug("Generating AC:...");
try {
BigInteger ACSerialNumber;
ACSerialNumber = new BigInteger(this.getSerialNumber(),16);
ACSerialNumber = ACSerialNumber.abs();
//System.out.println(creds2.toString());
ValidityPeriod vp = ((ExpirableCredentials)creds2.getValue().get(0)).getValidityPeriod();
GregorianCalendar nb = new GregorianCalendar();
nb.setTime(vp.getNotBefore());
GregorianCalendar na = new GregorianCalendar();
na.setTime(vp.getNotAfter());
issrg.ac.Generalized_Time notBf = new issrg.ac.Generalized_Time(nb);
issrg.ac.Generalized_Time notAf = new issrg.ac.Generalized_Time(na);
issrg.ac.AttCertValidityPeriod validity_period = new issrg.ac.AttCertValidityPeriod(notBf, notAf);
Vector r = creds2.getValue();
Hashtable roleTypesValues = new Hashtable();
for (int i = 0; i < r.size(); i++) {
ExpirableCredentials exp = (ExpirableCredentials) r.get(i);
PermisCredentials permisCredentials = (PermisCredentials) exp.getExpirable();
String type = permisCredentials.getRoleType();
String roleTypeID = (String) roleTypes.get(type);
Vector a = (Vector) roleTypesValues.get(roleTypeID);
if (a == null) roleTypesValues.put(roleTypeID, a = new Vector());
a.add(new issrg.ac.attributes.PermisRole(permisCredentials.getRoleValueAsString()));
}
Vector attributes = new Vector();
Enumeration e = roleTypesValues.keys();
while (e.hasMoreElements()) {
String ID = (String) e.nextElement();
Vector roles = (Vector) roleTypesValues.get(ID);
attributes.add(new issrg.ac.Attribute(ID, roles));
}
if (attributes.size() == 0) {
return new byte[0];
}
Vector extensionCollection = new Vector();
if (!assertion.equals("can")) extensionCollection.add(new issrg.ac.attributes.NoAssertion());
if (depth2 > -2) {
extensionCollection.add(new issrg.ac.attributes.BasicAttConstraint(false, depth2));
}
String DN = issrg.utils.RFC2253NameParser.toCanonicalDN(issrg.utils.RFC2253NameParser.distinguishedName(issuerDN));
GeneralName issuerGeneralName = new GeneralName(GeneralName.directoryName, new iaik.utils.RFC2253NameParser(DN).parse());
extensionCollection.add(new issrg.ac.attributes.IssuedOnBehalfOf(false, issuerGeneralName));
if (aai != null) extensionCollection.add(aai);
if (aaia != null) extensionCollection.add(aaia);
issrg.ac.Extensions extensions = new issrg.ac.Extensions(extensionCollection);
iaik.asn1.structures.GeneralNames hn = issrg.ac.Util.buildGeneralNames(holderDN);
issrg.ac.Holder holder = new issrg.ac.Holder(null, hn, null);
issrg.ac.AttCertIssuer issuer;
issrg.ac.V2Form signer = new issrg.ac.V2Form(DISGeneralNames, rootCASerial, null);
signer.setObjectDigestInfo(null);
issuer = new issrg.ac.AttCertIssuer(null, signer);
//log.debug("Generating attribute certificate info");
issrg.ac.AttributeCertificateInfo aci = new issrg.ac.AttributeCertificateInfo(
new issrg.ac.AttCertVersion(issrg.ac.AttCertVersion.V2),
holder,
issuer,
signatureAlg,
ACSerialNumber,
validity_period,
attributes,
null,
extensions
);
//log.debug("Generating AC right now");
byte[] b = aci.getEncoded();
byte[] ac = new issrg.ac.AttributeCertificate(
aci,
signatureAlg,
new BIT_STRING(signingUtility.sign(b))
).getEncoded();
return ac;
} catch (Exception e) {
//log.fatal(e.toString());
throw new Exception("Error when generating requested AC");
}
}
private void storeToLDAP(byte[] ac) throws Exception {
try {
synchronized(ldapUtility) {
//log.debug(issrg.ac.AttributeCertificate.guessEncoding(ac).toString());
ldapUtility.save(ac);
}
} catch (Exception e) {
//log.debug(e.toString());
throw new Exception("Error when writing to LDAP");
}
}
private issrg.pba.ParsedToken createParsedToken(AttributeCertificate ac, String issuerDN){
try {
ParsedToken token = tokenParser.decode(ac.getEncoded());
LDAPDNPrincipal issuerPrincipal = new LDAPDNPrincipal(token.getIssuerTokenLocator().getEntry().getEntryName().getName());
LDAPDNPrincipal issuerDNPricipal = new LDAPDNPrincipal(issuerDN);
if (issuerPrincipal.equals(issuerDNPricipal)) {
return token;
} else {
ParsedToken tok;
//new EntryLocator(new UserEntry(issuerDNPricipal), new DNWithURLPrincipal(issuerDN, LDAP), null));
EntryLocator entry = new EntryLocator(new UserEntry(issuerDNPricipal), issuerDNPricipal, r, null);
if (token instanceof DefaultDelegatableToken) {
DefaultDelegatableToken del = (DefaultDelegatableToken) token;
tok = new DefaultDelegatableToken(del.getHolder(), entry, del.getCredentials(), del.getDelegateableCredentials(), del.getSubjectDomain(), del.getDepth());
} else {
tok = new DefaultParsedToken(token.getHolder(), entry, token.getCredentials());
}
return tok;
}
} catch (Exception e) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -