📄 pseaccessservice.java
字号:
} if (elem.getName().equals("Operation")) { op = (PSECredential) source.pseMembership.makeCredential(elem); return true; } // element was not handled return false; } /** * Intialize from a portion of a structured document. */ protected void initialize(Element root) { if (!TextElement.class.isInstance(root)) { throw new IllegalArgumentException(getClass().getName() + " only supports TextElement"); } TextElement doc = (TextElement) root; String typedoctype = ""; if (root instanceof Attributable) { Attribute itsType = ((Attributable) root).getAttribute("type"); if (null != itsType) { typedoctype = itsType.getValue(); } } String doctype = doc.getName(); if (!doctype.equals("jxta:PSEOp") && !typedoctype.equals("jxta:PSEOp")) { throw new IllegalArgumentException( "Could not construct : " + getClass().getName() + "from doc containing a " + doc.getName()); } Enumeration elements = doc.getChildren(); while (elements.hasMoreElements()) { TextElement elem = (TextElement) elements.nextElement(); if (!handleElement(elem)) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.warning("Unhandled element \'" + elem.getName() + "\' in " + doc.getName()); } } } // sanity check time! if (null == op) { throw new IllegalArgumentException("operation was never initialized."); } } } /** * The Peer Group we are working for. */ PeerGroup group; /** * Implementation advertisement for this instance. */ ModuleImplAdvertisement implAdvertisement; /** * The PSE Membership service we are paired with. */ PSEMembershipService pseMembership; /** * If {@code true} then a null credential will be allowed for the null op. */ final boolean allowNullCredentialForNullOperation = false; /** * The default constructor */ public PSEAccessService() {} /** * {@inheritDoc} */ public void init(PeerGroup group, ID assignedID, Advertisement implAdv) throws PeerGroupException { this.group = group; implAdvertisement = (ModuleImplAdvertisement) implAdv; if (Logging.SHOW_CONFIG && LOG.isLoggable(Level.CONFIG)) { StringBuilder configInfo = new StringBuilder("Configuring PSE Access Service : " + assignedID); configInfo.append("\n\tImplementation :"); configInfo.append("\n\t\tModule Spec ID: " + implAdvertisement.getModuleSpecID()); configInfo.append("\n\t\tImpl Description : " + implAdvertisement.getDescription()); configInfo.append("\n\t\tImpl URI : " + implAdvertisement.getUri()); configInfo.append("\n\t\tImpl Code : " + implAdvertisement.getCode()); configInfo.append("\n\tGroup Params :"); configInfo.append("\n\t\tGroup : " + group.getPeerGroupName()); configInfo.append("\n\t\tGroup ID : " + group.getPeerGroupID()); configInfo.append("\n\t\tPeer ID : " + group.getPeerID()); LOG.config(configInfo.toString()); } } /** * {@inheritDoc} */ public int startApp(String[] args) { MembershipService membership = group.getMembershipService(); if (null == membership) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.warning("Stalled until there is a membership service"); } return Module.START_AGAIN_STALLED; } ModuleImplAdvertisement membershipImplAdv = (ModuleImplAdvertisement) membership.getImplAdvertisement(); if ((null != membershipImplAdv) && PSEMembershipService.pseMembershipSpecID.equals(membershipImplAdv.getModuleSpecID()) && (membership instanceof PSEMembershipService)) { pseMembership = (PSEMembershipService) membership; } else { if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) { LOG.severe("PSE Access Service requires a PSE Membership Service."); } return -1; } return 0; } /** * {@inheritDoc} */ public void stopApp() { pseMembership = null; } /** * {@inheritDoc} */ public ModuleImplAdvertisement getImplAdvertisement() { return implAdvertisement; } /** * {@inheritDoc} */ public Service getInterface() { return this; } /** * {@inheritDoc} */ public AccessResult doAccessCheck(PrivilegedOperation op, Credential cred) { if ((null == op) && (null == cred)) { return allowNullCredentialForNullOperation ? AccessResult.PERMITTED : AccessResult.DISALLOWED; } if ((null == cred) || !(cred instanceof PSECredential)) { return AccessResult.DISALLOWED; } if (!cred.isValid()) { return AccessResult.DISALLOWED; } if (null == op) { return AccessResult.PERMITTED; } if (!(op instanceof PSEOperation)) { return AccessResult.DISALLOWED; } if (op.getSourceService() != this) { return AccessResult.DISALLOWED; } if (!op.isValid()) { return AccessResult.DISALLOWED; } PSECredential offerer = ((PSEOperation) op).getOfferer(); X509Certificate opCerts[] = offerer.getCertificateChain(); X509Certificate credCerts[] = ((PSECredential) cred).getCertificateChain(); // FIXME 20060409 bondolo THIS IS NOT A VALID TEST. It is a shortcut for // PKIX validation and assumes that all presented certificates chains // are valid and trustworthy. IT IS NOT SECURE. (It does not ensure that // certficiates are really signed by their claimed issuer.) for (X509Certificate credCert : Arrays.asList(credCerts)) { for (X509Certificate opCert : Arrays.asList(opCerts)) { if (credCert.getPublicKey().equals(opCert.getPublicKey())) { return AccessResult.PERMITTED; } } } return AccessResult.DISALLOWED; } /** * {@inheritDoc} */ public PrivilegedOperation newPrivilegedOperation(Object subject, Credential offerer) { if (!(subject instanceof PSECredential)) { throw new IllegalArgumentException(getClass().getName() + " only supports PSECredential subjects."); } if (subject != offerer) { throw new IllegalArgumentException("PSE Access Service requires operation and offerer to be the same object."); } if (!offerer.isValid()) { throw new IllegalArgumentException("offerer is not a valid credential"); } return new PSEOperation((PSEAccessService) getInterface(), (PSECredential) offerer); } /** * {@inheritDoc} */ public PrivilegedOperation newPrivilegedOperation(Element source) { return new PSEOperation((PSEAccessService) getInterface(), source); } /** * {@inheritDoc} */ PeerGroup getPeerGroup() { return group; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -