📄 distestnew.java
字号:
if (verbose) e.printStackTrace();
return null;
}
}
private issrg.pba.ParsedToken createParsedToken(String issuerDN, String holderDN, Credentials creds, String assertion, int deep) {
try {
issrg.utils.repository.TokenLocator issuerLocator;
LDAPDNPrincipal issuerPrincipal = new LDAPDNPrincipal(issrg.utils.RFC2253NameParser.toCanonicalDN(issuerDN));
issuerLocator = new EntryLocator(new UserEntry(issuerPrincipal), issuerPrincipal, r, null);
Credentials assertableCredentials = creds;
Credentials delegateableCredentials = creds;
if (!assertion.equals("can")) assertableCredentials = new SetOfSubsetsCredentials();
if (deep < -1) return new issrg.pba.DefaultParsedToken(new UserEntry(new LDAPDNPrincipal(holderDN)), issuerLocator, assertableCredentials);
return new issrg.pba.DefaultDelegatableToken(new UserEntry(new LDAPDNPrincipal(holderDN)), issuerLocator, assertableCredentials, delegateableCredentials, new issrg.pba.rbac.policies.DITSubtree(LDAPDNPrincipal.WHOLE_WORLD_DN, 0, -1, null, null), deep);
}catch (Exception pe) { return null;}
}
private SetOfSubsetsCredentials createSet(String roleTypesValues, String from, String to) {
//log.debug("RoleTypesValues, from and to parameters are : " + roleTypesValues + " " + from + " " + to);
Date nb, na;
java.text.DateFormat dateformat = new java.text.SimpleDateFormat("EEE MMM dd HH:mm:ss Z yyyy");
try {
nb = dateformat.parse(from);
na = dateformat.parse(to);
} catch (java.text.ParseException pe) {
try {
nb = issrg.acm.Util.buildGeneralizedTime(from).getTime().getTime();
na = issrg.acm.Util.buildGeneralizedTime(to).getTime().getTime();
} catch (Exception e) {
return null;
}
}
ValidityPeriod vp = new AbsoluteValidityPeriod(nb, na);
Vector rTypesValues = new Vector();
Enumeration tok1 = new java.util.StringTokenizer(roleTypesValues,SEPARATOR_APACHE); // NOTE: SEPARATOR_APACHE = ","
Vector vector1 = new Vector();
while (tok1.hasMoreElements()) vector1.add(tok1.nextElement());
for (int i = 0; i < vector1.size(); i++) {
String typeValues = (String) vector1.get(i);
int j = typeValues.indexOf(":");
if (j > 0) {
String type = typeValues.substring(0, j);
Enumeration enumeration = ((Hashtable)roleTypes).keys();
boolean found = false;
while (enumeration.hasMoreElements()) {
String o = (String) enumeration.nextElement();
if (type.equals(o)) {
found = true;
break;
}
}
if (!found) continue;
String values = typeValues.substring(j + 1, typeValues.length()).trim();
Enumeration tok2 = new java.util.StringTokenizer(values, SPACE);
while (tok2.hasMoreElements()) {
issrg.pba.rbac.RoleHierarchyNode rhn = roleHierarchyPolicy.getRole(type, (String)tok2.nextElement());
if (rhn == null) continue; //ignore???
rTypesValues.add(new ExpirableCredentials(new PermisCredentials(rhn),vp));
}
}
}
SetOfSubsetsCredentials credentials = new SetOfSubsetsCredentials(rTypesValues);
//log.debug("Created credentials is: " + credentials.toString());
return credentials;
}
// private boolean canBeIssued(Hashtable acParams) {
// try {
// String clientDN = issrg.utils.RFC2253NameParser.toCanonicalDN((String)acParams.get(CLIENTDN)).toUpperCase();
// String issuerDN = issrg.utils.RFC2253NameParser.toCanonicalDN((String)acParams.get(ISSUERDN)).toUpperCase();
// String holderDN = issrg.utils.RFC2253NameParser.toCanonicalDN((String)acParams.get(HOLDERDN)).toUpperCase();
// String issuedOnBehalfOf = issrg.utils.RFC2253NameParser.toCanonicalDN((String)acParams.get(IOBO));
// if (issuedOnBehalfOf == null) issuedOnBehalfOf = ""; else issuedOnBehalfOf = issuedOnBehalfOf.toUpperCase();
// if (clientDN.equals(issuerDN) || clientDN.equals(holderDN) || clientDN.equals(issuedOnBehalfOf) || clientDN.equals(SOA)) return true;
//
// String roleTypesValues = (String) acParams.get(ROLETYPESVALUES);
// String depthS = (String) acParams.get(DELEGATION_DEPTH);
// int depth = new Integer(depthS).intValue() - 1;
// String notBefore = (String) acParams.get(NOT_BEFORE);
// String notAfter = (String) acParams.get(NOT_AFTER);
// SetOfSubsetsCredentials set = createSet(roleTypesValues, notBefore, notAfter);
// //whether holder can assert credentials is not important here
// ParsedToken token1 = createParsedToken(issuerDN, holderDN, set, "can", depth, null);
// ParsedToken token2 = createParsedToken(clientDN, holderDN, set, "can", depth, null);
// return checkCanBeIssued(token1, token2);
//
// } catch (Exception e) {
// //log.fatal(e.toString());
// return false;
// }
// }
private boolean checkCanBeIssued(ParsedToken token1, ParsedToken token2) {
try{
// issrg.pba.repository.AuthTokenRepository authRepository = createAuthRepository(token2);
Vector holders2 = new Vector();
holders2.add(token2.getHolder());
Credentials vCreds2 = allocationPolicy.validate(token2.getHolder(), token2.getIssuerTokenLocator(), token2.getCredentials(), repository, holders2);
Vector vRules2 = new Vector();
if (token2 instanceof DelegatableToken) {
DelegatableToken tokenD = (DelegatableToken) token2;
AssignmentRule assRule = new AssignmentRule(tokenD.getSubjectDomain(), tokenD.getDepth(), tokenD.getDelegateableCredentials());
vRules2 = allocationPolicy.validate(tokenD.getHolder(), tokenD.getIssuerTokenLocator(), assRule, repository, holders2);
}
Credentials vCreds1;
Vector vRules1 = new Vector();
if (token1 instanceof DelegatableToken) {
DelegatableToken tokenD = (DelegatableToken) token1;
vCreds1 = tokenD.getDelegateableCredentials();
vRules1.add(new AssignmentRule(tokenD.getSubjectDomain(), tokenD.getDepth(), tokenD.getDelegateableCredentials()));
} else {
vCreds1 = token1.getCredentials();
}
if ((vCreds2.contains(vCreds1)) && contains(vRules2, vRules1)) {
return true;
} else {
return false;
}
} catch (Exception e) {
//Some errors happen, revocation fails
return false;
}
}
private boolean contains(Vector vRules2, Vector vRules1) {
for (java.util.Iterator ite = vRules1.iterator(); ite.hasNext();) {
AssignmentRule vRule1 = (AssignmentRule) ite.next();
for (int i = 0; i < vRules2.size(); i++) {
AssignmentRule vRule2 = (AssignmentRule) vRules2.get(i);
if ((vRule2.getCredentials().contains(vRule1.getCredentials())) && (vRule2.getDelegationDepth() >= vRule1.getDelegationDepth())) {
ite.remove();
break;
}
}
}
if (vRules1.isEmpty()) return true; else return false;
}
public String[] searchForMe(String holderDN) {
try {
javax.naming.directory.Attribute attrs = ldapUtility.loadACs(holderDN);
if (attrs == null) return null;
int num = attrs.size();
if (num == 0) return null;
String[] ret = new String[num];
for (int i = 0; i < num; i++) {
byte[] acObject = (byte[]) attrs.get(i);
issrg.ac.AttributeCertificate ac = issrg.ac.AttributeCertificate.guessEncoding(acObject);
ret[i] = createACMessage(ac);
}
return ret;
} catch (Exception e) {
if(verbose) e.printStackTrace();
return null;
}
}
private String createACMessage(issrg.ac.AttributeCertificate ac) {
//log.debug("Start creating message...");
StringBuffer ret = new StringBuffer();
String issuerDN = issrg.ac.Util.generalNamesToString(ac.getACInfo().getIssuer().getV1Form()==null?ac.getACInfo().getIssuer().getV2Form().getIssuerName():ac.getACInfo().getIssuer().getV1Form()).toUpperCase();
ret.append(issuerDN).append(SEPARATOR);
ret.append(issrg.ac.Util.generalNamesToString(ac.getACInfo().getHolder().getEntityName()).toUpperCase()).append(SEPARATOR);
ret.append(ac.getACInfo().getSerialNumber().toString()).append(SEPARATOR);
boolean policy_found = false;
String roleTypesValues = "";
Vector attrs = ac.getACInfo().getAttributes();
for (int i = 0; i < attrs.size(); i++) {
issrg.ac.Attribute attr = (issrg.ac.Attribute) attrs.get(i);
String oid = attr.getType();
String type = "";
if (oid.equals(issrg.ac.attributes.PMIXMLPolicy.PMI_XML_POLICY_ATTRIBUTE_OID)) {
roleTypesValues = roleTypesValues + Comm.PMI_XML_POLICY + SEPARATOR_APACHE;
policy_found = true;
break;
}
Enumeration enumeration = ((Hashtable)roleTypes).keys();
while (enumeration.hasMoreElements()) {
Object o = enumeration.nextElement();
String OID = (String) roleTypes.get(o);
if (OID.equals(oid)) {
type = (String) o;
break;
}
}
roleTypesValues = roleTypesValues + type + ":";
Vector values = attr.getValues();
for (int j = 0; j < values.size() -1 ; j++) {
PermisRole value = (PermisRole) values.get(j);
roleTypesValues = roleTypesValues + value.getRoleValue() + SPACE;
}
PermisRole value = (PermisRole) values.get(values.size() -1);
roleTypesValues = roleTypesValues + value.getRoleValue();
roleTypesValues = roleTypesValues + SEPARATOR_APACHE;
}
roleTypesValues = roleTypesValues.substring(0, roleTypesValues.length() -1);
ret.append(roleTypesValues).append(SEPARATOR);
ret.append(ac.getACInfo().getValidityPeriod().getNotBefore().getTime().getTime().toString()).append(SEPARATOR);
ret.append(ac.getACInfo().getValidityPeriod().getNotAfter().getTime().getTime().toString()).append(SEPARATOR);
if (!policy_found) {
Extensions exts = ac.getACInfo().getExtensions();
int depth = -1;
String assertion = Comm.CAN_ASSERT;
String iobo = Comm.ISSUED_ON_BEHALF_OF_NOT_PRESENT.intern();
if (exts != null) {
Vector extensions = exts.getValues();
for (int i = 0; i < extensions.size(); i++) {
Extension e = (Extension) extensions.get(i);
if (e instanceof BasicAttConstraint) { depth = ((BasicAttConstraint)e).getDepth() + 1; continue;}
if (e instanceof NoAssertion) {assertion = Comm.CAN_NOT_ASSERT; continue;}
if (e instanceof IssuedOnBehalfOf) { iobo = ((IssuedOnBehalfOf)e).getIssuerDN().intern(); continue;}
}
}
ret.append(new Integer(depth).toString()).append(SEPARATOR);
ret.append(assertion).append(SEPARATOR);
ret.append(iobo).append(DOUBLE_SEPARATOR);
//log.debug("Before validating we have a message: "+ ret.toString());
boolean valid1, valid2;
valid2 = true;
valid1 = issueable(ac, issuerDN);
if (iobo != Comm.ISSUED_ON_BEHALF_OF_NOT_PRESENT) valid2 = issueable(ac, iobo);
if (valid1 && valid2) ret.append("1"); else ret.append("0");
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -