📄 distestnew.java
字号:
//log.debug("After validating, we have: "+ ret.toString());
return ret.toString();
} else {
return ret.substring(0, ret.length() - 1);
}
}
private boolean issueable(AttributeCertificate ac, String issuerDN) {
try{
ParsedToken tok = tokenParser.decode(ac.getEncoded());
ParsedToken token;
EntryLocator entry = new EntryLocator(new UserEntry(new LDAPDNPrincipal(issuerDN)), new LDAPDNPrincipal(issuerDN), r, null);
if (tok instanceof DelegatableToken) {
DelegatableToken tokD = (DelegatableToken) tok;
token = new DefaultDelegatableToken(tokD.getHolder(), entry, tokD.getCredentials(), tokD.getDelegateableCredentials(), tokD.getSubjectDomain(), tokD.getDepth());
} else {
token = new DefaultParsedToken(tok.getHolder(), entry, tok.getCredentials());
}
//ldapUtility.populate(token.getHolder().getEntryName().getName(), AC_attribute, token);
// issrg.pba.repository.AuthTokenRepository rep = createAuthRepository(token);
Vector holders = new Vector();
holders.add(token.getHolder());
if (token instanceof DelegatableToken) {
DelegatableToken tokenD = (DelegatableToken) token;
AssignmentRule assRule = new AssignmentRule(tokenD.getSubjectDomain(), tokenD.getDepth(), tokenD.getDelegateableCredentials());
Vector vRules = new Vector();
vRules = allocationPolicy.validate(tokenD.getHolder(), tokenD.getIssuerTokenLocator(), assRule, repository, holders);
if (vRules.isEmpty()) return false;
Vector tokens = new Vector();
for (int i = 0; i < vRules.size(); i++) {
AssignmentRule vRule = (AssignmentRule)vRules.get(i);
DelegatableToken t = new DefaultDelegatableToken(token.getHolder(),token.getIssuerTokenLocator(), emptyCreds, vRule.getCredentials(), new DITSubtree((LDAPDNPrincipal)token.getHolder().getEntryName(), 0, -1, null, null), vRule.getDelegationDepth());
tokens.add(t);
}
ParsedToken[] tokensSorted = comparator.predict(assRule, tokens, token.getHolder());
DelegatableToken bestOne = (DelegatableToken) tokensSorted[0];
if (bestOne.getDelegateableCredentials().contains(tokenD.getDelegateableCredentials()) && (bestOne.getDepth()==tokenD.getDepth())) return true; else return false;
} else {
Credentials vCreds = allocationPolicy.validate(token.getHolder(), token.getIssuerTokenLocator(), token.getCredentials(), repository, holders);
if (vCreds.contains(token.getCredentials())) return true; else return false;
}
} catch (Exception e) {
return false;
}
}
// private issrg.pba.repository.AuthTokenRepository createAuthRepository(ParsedToken o) throws Exception {
// issrg.utils.repository.VirtualRepository vRepository;
// issrg.simplePERMIS.SimplePERMISAuthTokenRepository repository = new issrg.simplePERMIS.SimplePERMISAuthTokenRepository(vRepository = new issrg.utils.repository.VirtualRepository(), tokenParser);
// vRepository.populate(o.getHolder().getEntryName().getName(), CustomisePERMIS.getAttributeCertificateAttribute(), o);
// return repository;
// }
public String[] revokeForMe(String requestorDN, String holderDN, String[] issuerDN, String[] serials) {
String[] ret = new String[issuerDN.length];
int count = 0; //this variable is used to remember the number of AC. If you want to revoke a broken AC, you would need it.
for (int i = 0; i < issuerDN.length; i++) {
try {
Vector indexes = new Vector();
if (issuerDN[i].equals(Comm.BROKEN_AC)) {
String idx = serials[i];
Integer itg = new Integer(new Integer(idx).intValue() - count);
count++;
indexes.add(itg);
revoke(holderDN, indexes);
ret[i] = Comm.REVOKE_SUCCESS;
continue;
}
LDAPDNPrincipal iss = new LDAPDNPrincipal(issuerDN[i]);
LDAPDNPrincipal hol = new LDAPDNPrincipal(holderDN);
boolean foundSOAAsIssuer = false;
for (int j = 0; j < soas.size(); j++)
if (((LDAPDNPrincipal) soas.get(j)).equals(iss)) {
foundSOAAsIssuer = true;
break;
}
LDAPDNPrincipal dis = new LDAPDNPrincipal(DIS);
if (hol.equals(dis) && foundSOAAsIssuer) {
ret[i] = Comm.USE_ACM_TOOL_TO_REVOKE;
continue;
}
synchronized (ldapUtility) {
AttributeCertificate ac = checkRevoke(holderDN, issuerDN[i], new BigInteger(serials[i]), indexes);
if (canBeIssued(ac, requestorDN) && revoke(holderDN, indexes)) {
ret[i] = Comm.REVOKE_SUCCESS;
count++;
} else {
ret[i] = Comm.REVOCATION_REJECT;
}
}
} catch (Exception e) {
ret[i] = Comm.REVOCATION_REJECT;
}
}
return ret;
}
private boolean canBeIssued(AttributeCertificate ac, String clientDN) {
if (ac == null) return false;
try {
String issuerDN = issrg.ac.Util.generalNamesToString(ac.getACInfo().getIssuer().getV1Form()==null?ac.getACInfo().getIssuer().getV2Form().getIssuerName():ac.getACInfo().getIssuer().getV1Form()).toUpperCase();
String holderDN = issrg.ac.Util.generalNamesToString(ac.getACInfo().getHolder().getEntityName()).toUpperCase();
String issuedOnBehalfOf = "";
Extensions exts = ac.getACInfo().getExtensions();
if (exts != null) {
Vector extensions = exts.getValues();
for (int i = 0; i < extensions.size(); i++) {
issrg.ac.Extension e = (issrg.ac.Extension) extensions.get(i);
if (e instanceof issrg.ac.attributes.IssuedOnBehalfOf) {
issuedOnBehalfOf = ((issrg.ac.attributes.IssuedOnBehalfOf) e).getIssuerDN().toUpperCase();
break;
}
}
}
LDAPDNPrincipal clientPrincipal = new LDAPDNPrincipal(clientDN);
LDAPDNPrincipal holderPrincipal = new LDAPDNPrincipal(holderDN);
LDAPDNPrincipal issuerPrincipal = new LDAPDNPrincipal(issuerDN);
LDAPDNPrincipal ioboPrincipal = new LDAPDNPrincipal(issuedOnBehalfOf);
if (clientPrincipal.equals(issuerPrincipal) || clientPrincipal.equals(holderPrincipal) || clientPrincipal.equals(ioboPrincipal)) return true;
ParsedToken token1 = tokenParser.decode(ac.getEncoded());
ParsedToken token2 = createParsedToken(ac, clientDN);
boolean ret = checkCanBeIssued(token1, token2);
String s;
if (ret) s = "Client can issue the AC"; else s = "Client can not issue the AC";
return ret;
}catch (Exception e) {
return false;
}
}
private AttributeCertificate checkRevoke(String holderDN, String issuerDN, BigInteger serial, Vector indexes) {
return checkRepository(holderDN, issuerDN, serial, indexes);
}
private AttributeCertificate checkRepository(String holderDN, String issuerDN, BigInteger serialRequested, Vector indexes) {
try {
javax.naming.directory.Attribute attrs = ldapUtility.loadACs(holderDN);
int num = attrs.size();
if (num == 0) return null;
for (int i = 0; i < num; i++) {
try {
byte[] acObject = (byte[]) attrs.get(i);
issrg.ac.AttributeCertificate ac = issrg.ac.AttributeCertificate.guessEncoding(acObject);
AttributeCertificateInfo info = ac.getACInfo();
String issuer = issrg.ac.Util.generalNamesToString(info.getIssuer().getV1Form()==null?ac.getACInfo().getIssuer().getV2Form().getIssuerName():ac.getACInfo().getIssuer().getV1Form()).toUpperCase();
BigInteger serial = info.getSerialNumber();
if ((issuer.toUpperCase().equals(issuerDN.toUpperCase())) && (serial.compareTo(serialRequested) == 0)) {
indexes.add(new Integer(i));
return ac;
} else {
continue;
}
} catch (Exception e) {
continue;
}
}
return null;
} catch (Exception e) {
return null;
}
}
private boolean revoke(String holderDN, Vector indexes) {
try{
if (indexes.size() > 0) {
for (int i = 0; i < indexes.size(); i++) {
Integer index = (Integer) indexes.get(i);
//log.debug("going to delete AC from repository");
ldapUtility.deleteAC(holderDN, index.intValue());
//log.debug("The AC is revoked");
}
return true;
} else return true; //nothing needs to revoke
} catch (Exception e) {
//log.fatal(e.toString());
return false;
}
}
public class DepthsCreds {
/** Creates a new instance of Parameters */
public DepthsCreds() {
}
private int depth1, depth2;
private issrg.pba.Credentials creds1, creds2;
public void setDepth1(int i) {
depth1 = i;
}
public void setDepth2 (int i) {
depth2 = i;
}
public void setCreds1 (issrg.pba.Credentials creds) {
creds1 = creds;
}
public void setCreds2 (issrg.pba.Credentials creds) {
creds2 = creds;
}
public int getDepth1() {
return depth1;
}
public int getDepth2() {
return depth2;
}
public issrg.pba.Credentials getCreds1() {
return creds1;
}
public issrg.pba.Credentials getCreds2() {
return creds2;
}
public String toString() {
StringBuffer ret = new StringBuffer();
ret.append("Creds1 is: ");
if (creds1 == null) ret.append("null "); else ret.append(creds1.toString());
ret.append(" delegation depth1 is: "); ret.append(depth1);
ret.append(" Creds2 is: ");
if (creds2 == null) ret.append("null"); else ret.append(creds2.toString());
ret.append(" delegation depth2 is: "); ret.append(depth2);
return ret.toString();
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -