📄 permiswebservice.java
字号:
logger.debug("# resume processing of "+inputFilename);
}else if (instruction=="ini:"){ // setting initialisation parameters for PERMIS RBAC
if (newInstr){ // a new "ini:" instruction group encountered, or end of file
// now is the time to go through all the combinations
// ignore
if (breakNow) break; // end of file reached
}
if (rhs=="init"){
logger.debug("initialising PERMIS RBAC...");
//CustomisePERMIS.setSystemClock("issrg.web.service.PermisWebService");
//theClock = (PermisWebService)CustomisePERMIS.getSystemClock();
try{
soa = (String)setup.get("soa");
oid = (String)setup.get("oid");
String rootca = (String)setup.get("rootca");
byte [] rootcaPKC = null;
Vector url = (Vector)setup.get("url");
Vector pkc = (Vector)setup.get("pkc");
Vector ac = (Vector)setup.get("ac");
String acattribute = (String)setup.get("acattribute");
String pkcattribute = (String)setup.get("pkcattribute");
if (acattribute==null) acattribute=CustomisePERMIS.getAttributeCertificateAttribute();
else CustomisePERMIS.setAttributeCertificateAttribute(acattribute);
if (pkcattribute==null) pkcattribute=CustomisePERMIS.getUserCertificateAttribute();
else CustomisePERMIS.setUserCertificateAttribute(pkcattribute);
if (soa==null || oid==null) throw new Exception("Mandatory parameters missing: SOA DN and OID of the Policy must be specified");
if (rootca!=null && pkc==null) pkc=new Vector();
if (rootca!=null) pkc.add(0, rootca);
ar = new AttributeRepository[(url==null?0:url.size())+(ac==null?0:1)];
AttributeRepository [] pr = new AttributeRepository[(url==null?0:url.size())+(pkc==null?0:1)];
if (url!=null){
logger.debug("# connecting to repositories...");
for (int i=url.size(); i-->0; ){
logger.debug("# "+url.get(i)+"...");
ar[i]=URLHandler.getRepositoryByURL((String)url.get(i));
pr[i]=ar[i];
logger.debug("ok");
}
logger.debug("# done");
}
if (ac!=null){
logger.debug("# loading ACs from files...");
vr=new issrg.utils.repository.VirtualRepository();
ar[ar.length-1]=vr;
for(int i=ac.size(); i-->0; ){
logger.debug("# "+ac.get(i)+"...");
issrg.web.service.Config name = new issrg.web.service.Config();
String fName = name.getURL((String)ac.get(i));
File f=new File(fName);
byte [] b=new byte[(int)f.length()];
new FileInputStream(f).read(b);
String holderDN = issrg.ac.AttributeCertificate.getHolderDN(b);
vr.populate(holderDN, acattribute, b);
logger.debug("ok");
}
logger.debug("# done");
}
if (pkc!=null){ // now rootca is always the first in the list
logger.debug("# loading PKCs from files...");
vr=new issrg.utils.repository.VirtualRepository();
pr[pr.length-1]=vr;
for(int i=pkc.size(); i-->0; ){ // rootca PKC will always be loaded last
System.out.print("# "+pkc.get(i)+"...");
issrg.web.service.Config name = new issrg.web.service.Config();
String fName = name.getURL((String)pkc.get(i));
File f=new File(fName);
rootcaPKC=new byte[(int)f.length()];
new FileInputStream(f).read(rootcaPKC);
vr.populate(new iaik.x509.X509Certificate(rootcaPKC).getSubjectDN().getName(), pkcattribute, rootcaPKC);
logger.debug("ok");
}
logger.debug("# done");
// now rootcaPKC is the byte array pointing to the last PKC read - the root CA PKC
}
if (rootcaPKC!=null){
logger.debug("# setting signature verification...");
DefaultVerifier dv = new DefaultVerifier();
dv.setRootCA(rootcaPKC);
dv.setPKCRepository(new PKCRepository(new MultiRepository(pr)));
sv=new SimpleSignatureVerifier(dv);
logger.debug("# done");
} else{
logger.debug("# signature verification is disabled");
}
logger.info("# creating PERMIS RBAC object...");
issrg.pba.rbac.CustomisePERMIS.configureX509Flavour();
MultiRepository mr = new MultiRepository(ar);
//if (mode==this.PDP) CustomisePERMIS.setAuthTokenParser("issrg.simplePERMIS.SimplePERMISTokenParser");
this.pba = new issrg.pba.rbac.PermisRBAC(new RepositoryACPolicyFinder(mr, oid, new LDAPDNPrincipal(soa), sv), mr, null);
logger.debug("# done");
} catch (Exception pe){
logger.debug("# failed");
pe.printStackTrace();
}
} else if (rhs=="clear"){
logger.debug("reset initialisation parameters for PERMIS RBAC");
setup = new Hashtable();
} else{
logger.debug("setting initialisation parameters for PERMIS RBAC");
//soa | oid | rootca | url | pkc | ac
if (var=="soa" || var=="oid" || var=="rootca" || var=="acattribute" || var=="pkcattribute"){
if (setup.get(var)!=null) System.out.println("# "+var+" is already set to "+setup.get(var)+" - ignored");
else setup.put(var, val);
} else if (var=="url" || var=="pkc" || var=="ac"){
Vector v=(Vector)setup.get(var);
if (v==null){
logger.debug("# set "+var+" to "+val);
v=new Vector();
setup.put(var, v);
} else{
logger.debug("# add "+val+" to collection of "+var);
}
if (var=="url") {
issrg.utils.ParsedURL pu=issrg.utils.ParsedURL.parseURL(val);
if (pu!=null) v.add(val);
} else v.add(val);
} else{
throw new Exception("unknown setting: "+var);
}
}
} else{
throw new Exception("Invalid instruction line");
}
}
}catch(PbaException pe){
logger.debug("Error occured while processing line "+line+": "+pe.getMessage());
// don't print the stack trace and don't break the loop - PbaExceptions are part of testing
}
}
}catch(Exception e){
logger.debug("Stopped @ "+line+": "+s);
e.printStackTrace();
}
files.remove(inputFilename);
}
/**
* This method returns the constructed PermisRBAC
* @return issrg.pba.rbac.PermisRBAC
*/
public issrg.pba.rbac.PermisRBAC getPDP() {
return this.pba;
}
private Element createRequestContext(String DNIn) throws PermisWebServiceException {
Element token = this.doc.createElement("wst:RequestSecurityToken");
token.setAttribute("xmlns:wst","http://schemas.xmlsoap.org/ws/2005/02/trust");
Element tokenType = this.doc.createElement("wst:TokenType");
Text text1 = this.doc.createTextNode("urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML");
tokenType.appendChild(text1);
Element requestType = this.doc.createElement("wst:RequestType");
Text text2 = this.doc.createTextNode("http://schemas.xmlsoap.org/ws/2005/02/trust/validate");
requestType.appendChild(text2);
Element claim = this.doc.createElement("wst:Claims");
claim.setAttribute("Dialect","urn:oasis:names:tc:SAML:2.0:assertion:AuthnStatementType");
Element assertion = this.doc.createElement("saml:Assertion");
assertion.setAttribute("ID", "Permis-Credential-Validation-Service-V1.0");
assertion.setAttribute("IssueInstant", this.getTime().toString());
assertion.setAttribute("Version","2.0");
assertion.setAttribute("xmlns:saml","urn:oasis:names:tc:SAML:2.0:assertion");
Element issuer = this.doc.createElement("saml:Issuer");
Text text3 = this.doc.createTextNode("http://issrg.cs.kent.ac.uk/axis/services/PermisWebService");
issuer.appendChild(text3);
Element subject = this.doc.createElement("saml:Subject");
Element name = this.doc.createElement("saml:NameID");
name.setAttribute("Format","urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName");
Text text4 = this.doc.createTextNode(DNIn);
name.appendChild(text4);
subject.appendChild(name);
Element condition = this.doc.createElement("saml:Condition");
condition.setAttribute("NotBefore",this.getTime().toString());
condition.setAttribute("NotOnOrAfter",this.getTime().toString());
assertion.appendChild(issuer);
assertion.appendChild(subject);
assertion.appendChild(condition);
claim.appendChild(assertion);
token.appendChild(tokenType);
token.appendChild(requestType);
token.appendChild(claim);
return token;
}
private Element extractAttributeStatement(Element xmlIn) throws Exception {
NodeList list0 = xmlIn.getChildNodes();
for (int i=0; i<list0.getLength(); i++) {
Node node0 = list0.item(i);
if (Text.class.isAssignableFrom(node0.getClass())) continue;
if (node0.getNodeName().equals("wst:RequestedSecurityToken")) {
NodeList list1 = node0.getChildNodes();
for (int j=0; j<list1.getLength(); j++) {
Node node1 = list1.item(j);
if (Text.class.isAssignableFrom(node1.getClass())) continue;
if (node1.getNodeName().equals("saml:Assertion")) {
NodeList list2 = node1.getChildNodes();
for (int k=0; k<list2.getLength(); k++) {
Node node2 = list2.item(k);
if (Text.class.isAssignableFrom(node2.getClass())) continue;
if (node2.getNodeName().equals("saml:AttributeStatement")) {
return (Element)node2;
}
}
}
}
}
}
return null;
}
/**
* This method returns an XACML request context for a subject or resource in the form of XML Element
* @param DNIn represents the object DN; type can be "Subject" or "Resource"
* @return the XACML request context
*/
public Element getCreds(String DNIn, String type) throws Exception {
Element request = this.doc.createElement("Request");
request.setAttribute("xmlns","urn:oasis:names:tc:xacml:1.0:context");
request.setAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance");
request.setAttribute("xmlns:permis","http://issrg.cs.kent.ac.uk");
Element typeTag = this.doc.createElement(type);
if (type.equals("Resource")) {
Element attribute = this.doc.createElement("Attribute");
String id = new String("urn:oasis:names:tc:xacml:1.0:resource:resource-id");
attribute.setAttribute("AttributeId",id);
attribute.setAttribute("DataType","http://www.w3.org/2001/XMLSchema#string");
Element value = this.doc.createElement("AttributeValue");
Text text = this.doc.createTextNode(DNIn);
value.appendChild(text);
attribute.appendChild(value);
typeTag.appendChild(attribute);
} else if (type.equals("Subject")) {
Element attribute = this.doc.createElement("Attribute");
String id = new String("urn:oasis:names:tc:xacml:1.0:subject:subject-id");
attribute.setAttribute("AttributeId",id);
attribute.setAttribute("DataType","http://www.w3.org/2001/XMLSchema#string");
Element value = this.doc.createElement("AttributeValue");
Text text = this.doc.createTextNode(DNIn);
value.appendChild(text);
attribute.appendChild(value);
typeTag.appendChild(attribute);
}
Element context = this.createRequestContext(DNIn);
String response = this.getCreds(context);
XMLParser parser = new XMLParser(response);
Element msg = parser.getXmlElement();
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -