Clover Coverage Report
Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT
Overview   Package   File
    FRAMES   NO FRAMES     
59   401   16   2.57
10   156   0.64   23
23     1.65  
1    
 
 
  CustomisePERMIS       Line # 65 59 16 58.7% 0.5869565
 
  (1)
 
1    /*
2    * Copyright (c) 2000-2005, University of Salford
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are met:
7    *
8    * Redistributions of source code must retain the above copyright notice, this
9    * list of conditions and the following disclaimer.
10    *
11    * Redistributions in binary form must reproduce the above copyright notice,
12    * this list of conditions and the following disclaimer in the documentation
13    * and/or other materials provided with the distribution.
14    *
15    * Neither the name of the University of Salford nor the names of its
16    * contributors may be used to endorse or promote products derived from this
17    * software without specific prior written permission.
18    *
19    * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20    * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21    * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22    * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23    * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24    * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25    * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26    * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27    * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28    * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29    * POSSIBILITY OF SUCH DAMAGE.
30    */
31   
32   
33    package issrg.pba.rbac;
34   
35    import issrg.pba.AuthzTokenParser;
36    import java.lang.reflect.Method;
37    import issrg.pba.PbaException;
38    import issrg.pba.repository.UserEntry;
39    import issrg.pba.repository.AuthzTokenRepository;
40   
41    import org.apache.log4j.*;
42    /**
43    * This class should be used to customise the components PERMIS RBAC uses.
44    *
45    * <p>These include:
46    * <ul>
47    * <!-- p>Registration of interpreters for IF-statement -->
48    * <li></li>Setting the system clock
49    * <li></li>Setting the Auth Token Parser
50    * <li></li>Registration of URL Handlers
51    * <li></li>Setting the Auth Token attribute name used by repositories
52    * <li></li>Setting the User Certificate attribute name used by repositories
53    * <li></li>Registration of X.509 AC extensions
54    * <li></li>Setting the Rule Comparator to select the highly relevant Role
55    * Assignment Rules first to optimize delegation chain validation
56    * </ul>
57    *
58    * <p>CustomisePERMIS and the creation of PermisRBAC should be in a
59    * synchronized block, so the other threads do not modify your settings.
60    *
61    * @author A.Otenko
62    * @version 1.0
63    */
64   
 
65    public class CustomisePERMIS {
66   
67    private static Logger logger = Logger.getLogger("issrg.pba.rbac.CustomisePERMIS");
68    private static boolean multipleParser = false;
69   
70    /**
71    * This is the class name of the AuthTokenParser used in X.509 flavour of
72    * PERMIS.
73    * @see issrg.pba.rbac.x509.RoleBasedACParser
74    */
75    private static String ACPermisParserClass = "issrg.pba.rbac.x509.RoleBasedACParser";
76   
77    /**
78    * This is the secure source of time used by PERMIS.
79    */
80    public static Clock systemClock = new SystemClock();
81   
82   
83    protected static Class revocationChecker = issrg.pba.rbac.WebDAVRevocationChecker.class;
84   
85    protected static boolean certFirst=true;
86   
87    protected static int rev_time = 4; //Seconds for timeout
88   
89    protected static boolean shouldRevoke = true;
90   
91   
92   
93    /**
94    * The class of the default AuthTokenParser
95    * (issrg.simplePERMIS.SimplePERMISTokenParser).
96    */
97    protected static Class authTokenParser = issrg.simplePERMIS.SimplePERMISTokenParser.class;
98   
99    /**
100    * This is how the LDAP X509 Attribute Certificate objects are called. The
101    * name
102    * is "attributeCertificateAttribute;binary", but can be changed by any
103    * configuration class to represent the LDAP attribute name as it is in your
104    * directory (for example, i500 used to call it "attributeCertificate;binary",
105    * which
106    * does not correspond to the X.509 v3 standard; other implementations do
107    * not require ";binary" at the end).
108    */
109    private static String ATTRIBUTE_CERTIFICATE_ID = "attributeCertificateAttribute;binary";
110   
111    /**
112    * This method returns the clock that will be used for calculating relative
113    * validity periods and a time reference for decision-making. Replace it
114    * using setSystemClock with your implementation,
115    * if you find SystemClock is not secure enough.
116    *
117    * <p>Replacing the value does not affect any of the objects already created.
118    */
 
119  112 toggle public static Clock getSystemClock(){
120  112 return systemClock;
121    }
122   
123    /**
124    * This method returns an instance of a AuthTokenParser configured into
125    * PERMIS.
126    */
 
127  39 toggle public static AuthzTokenParser getAuthTokenParser(){
128  39 try{
129  39 AuthzTokenParser parser = (AuthzTokenParser)authTokenParser.newInstance();
130  39 logger.debug("Auth Token Parser : "+parser.getClass().getName()+" is used");
131  39 return parser;
132    }catch (IllegalAccessException ile){
133  0 throw new IllegalArgumentException("Default constructor is unavailable for class "+authTokenParser.getName()+": "+ile.getMessage());
134    }catch (InstantiationException e){
135  0 throw new IllegalArgumentException("Can't instantiate abstract class "+authTokenParser.getName()+": "+e.getMessage());
136    }
137    }
138    /**
139    * This is the method which administrators should change if they want to reverse the order of revocation checking
140    * The values are: certFirst and crlFirst
141    *
142    * The default setting is to get the certificate first for performance.
143    * The administrator can change the order dynamically by calling the method
144    * setCheckCRLRevocationFirst(true);
145    *
146    * @return if the certificate
147    */
 
148  0 toggle public static boolean checkCertificateFirst(){
149  0 return certFirst;
150    }
151   
 
152  0 toggle public static void setCheckCRLRevocationFirst(boolean shouldCRLbeCheckedFirst){
153  0 certFirst = !shouldCRLbeCheckedFirst;
154    }
155   
156    /**
157    *
158    * @return
159    */
 
160  0 toggle public static int getRevocationTimeOut(){
161  0 return rev_time;
162    }
 
163  0 toggle public static int getRevocationCount(){
164  0 return 3;
165    }
166   
167    /**
168    * The revocation checker is used to check if certificates are revoked
169    *
170    * @return a revocation checker
171    */
 
172  0 toggle public static RevocationChecker getRevocationChecker(){
173  0 return new WebDAVRevocationChecker(shouldRevoke);
174    }
 
175  0 toggle public static void setRevocationCheckerRevoking(boolean revoke){
176  0 shouldRevoke=revoke;
177    }
178   
179    /**
180    * Sets the default Auth Token Parser to be used by PERMIS. The default
181    * is issrg.simplePERMIS.SimplePERMISTokenParser, but other implementations
182    * may need a parser for a different token format.
183    *
184    * @param className - the name of the class to use as the authorisation
185    * token parser
186    * @see issrg.simplePERMIS.SimplePERMISTokenParser
187    */
 
188  22 toggle public static void setAuthTokenParser(String className) throws ClassNotFoundException {
189  22 logger.debug("Auth Token Parser is set to "+className);
190  22 authTokenParser = Class.forName(className);
191  22 if (!AuthzTokenParser.class.isAssignableFrom(authTokenParser)){
192  0 throw new ClassCastException(className+" does not implement "+AuthzTokenParser.class.getName());
193    }
194    }
195   
196    /**
197    * Sets the default Revocation checker to be used by PERMIS. The default
198    * is issrg.pba.rbac.DefaultRevocationChecker.
199    *
200    * @param className - the name of the class to use as the revocation checker
201    * @see issrg.pba.rbac.RevocationChecker
202    */
 
203  0 toggle public static void setRevocationChecker(String className) throws ClassNotFoundException {
204  0 revocationChecker = Class.forName(className);
205  0 if (!AuthzTokenParser.class.isAssignableFrom(revocationChecker)){
206  0 throw new ClassCastException(className+" does not implement "+RevocationChecker.class.getName());
207    }
208    }
209   
210   
211    /**
212    * Sets the default System Clock to be used by PERMIS. The default is
213    * issrg.pba.rbac.SystemClock, but other implementations may need
214    * a secure timestamping clock.
215    *
216    * @param className - the name of the class to use as the system clock
217    *
218    * @see issrg.pba.rbac.SystemClock
219    */
 
220  9 toggle public static void setSystemClock(String className) throws ClassNotFoundException {
221  9 Class clazz = Class.forName(className);
222  9 if (!Clock.class.isAssignableFrom(clazz)){
223  0 throw new ClassCastException(className+" does not extend "+Clock.class.getName());
224    }
225   
226  9 try{
227  9 systemClock = (Clock)clazz.newInstance();
228    }catch (IllegalAccessException ile){
229  0 throw new IllegalArgumentException("Default constructor is unavailable for class "+className+": "+ile.getMessage());
230    }catch (InstantiationException e){
231  0 throw new IllegalArgumentException("Can't instantiate abstract class "+className+": "+e.getMessage());
232    }
233    }
234   
235   
236   
237    /**
238    * This method adds a URL Handler. This helps XMLParser to construct
239    * the policy representation.
240    *
241    * @param className - the name of the class to be added as a URLHandler.
242    *
243    * @see URLHandler
244    */
 
245  1 toggle public static void addURLHandler(String className) throws ClassNotFoundException {
246  1 Class uh = Class.forName(className);
247  1 try{
248  1 URLHandler.addProtocol((URLHandler)uh.newInstance());
249    }catch (IllegalAccessException ile){
250  0 throw new IllegalArgumentException("Default constructor is unavailable for class "+className+": "+ile.getMessage());
251    }catch (InstantiationException ie){
252  0 throw new IllegalArgumentException("Can't instantiate abstract class "+className+": "+ie.getMessage());
253    }
254    }
255   
256    /**
257    * This is the method to configure X.509 flavour into PERMIS: after this
258    * PERMIS will accept X.509 ACs by default.
259    *
260    * <p>The method registers the default AuthTokenParser that supports X.509
261    * Attribute Certificates and registers all the AC Extensions.
262    */
 
263  16 toggle public static void configureX509Flavour() throws PbaException {
264  16 try{
265  16 setAuthTokenParser(ACPermisParserClass);
266  16 registerACExtensions();
267    }catch(Throwable th){
268  0 throw new PbaException("Could not set up X.509 flavour of PERMIS: "+th.getMessage(), th);
269    }
270    }
271   
272    /**
273    * This method returns the LDAP attribute name used to retrieve the
274    * Attribute Certificates.
275    */
 
276  1423 toggle public static String getAttributeCertificateAttribute(){
277  1423 return ATTRIBUTE_CERTIFICATE_ID;
278    }
279   
280    /**
281    * This method sets the LDAP attribute name used to retrieve the
282    * Attribute Certificates.
283    */
 
284  9 toggle public static void setAttributeCertificateAttribute(String id){
285  9 ATTRIBUTE_CERTIFICATE_ID=id;
286    }
287   
288    /**
289    * This method returns the LDAP attribute name used to retrieve the
290    * Public Key Certificates.
291    */
 
292  9 toggle public static String getUserCertificateAttribute(){
293  9 return issrg.security.PKCRepository.USER_PKC_ATTRIBUTE;
294    }
295   
296    /**
297    * This method sets the LDAP attribute name used to retrieve the
298    * Public Key Certificates.
299    */
 
300  4 toggle public static void setUserCertificateAttribute(String id){
301  4 issrg.security.PKCRepository.USER_PKC_ATTRIBUTE=id;
302    }
303   
304    /**
305    * This is a collection of extension class names to be registered by
306    * default, when X.509 support is needed. It lists all the extensions
307    * from issrg.ac.attributes package.
308    *
309    * @see issrg.ac.attributes
310    */
311    private final static String[] extensions = {
312    "issrg.ac.attributes.BasicAttConstraint",
313    "issrg.ac.attributes.NoAssertion",
314    "issrg.ac.attributes.IndirectIssuer",
315    "issrg.ac.attributes.IssuedOnBehalfOf",
316    "issrg.ac.attributes.AuthorityAttributeIdentifier",
317    "issrg.ac.extensions.AttributeAuthorityInformationAccess",
318    "issrg.ac.extensions.AuthorityInformationAccess",
319    "issrg.ac.extensions.WebdavCertificate",
320    "issrg.ac.extensions.WebdavRevocation"};
321   
322   
323    /**
324    * This method registers the default X.509 AC extension parsing classes.
325    */
 
326  19 toggle public static void registerACExtensions() throws issrg.pba.PbaException {
327  19 registerACExtensions(extensions);
328    }
329   
330    /**
331    * This method registers the X.509 AC extension parsing classes provided
332    * in addition to already registered exntensions.
333    */
 
334  19 toggle public static void registerACExtensions(String [] exts) throws issrg.pba.PbaException {
335  19 int len = exts.length;
336  19 String line;
337  19 try {
338  190 for (int i = 0; i < len; i++) {
339  171 line = exts[i];
340  171 Class extensionClass = Class.forName(line);
341  171 Method method = extensionClass.getMethod("registerMe",null);
342  171 method.invoke(null, null);
343    }
344    } catch (Exception e) {
345  0 throw new issrg.pba.PbaException("Failed to register AC Extensions: "+e.getMessage(), e);
346    }
347    }
348   
349    /**
350    * This is the default Role Assignment Rule Comparator, used to optimise the
351    * delegation chain validation by applying the most relevant Role Assignment
352    * Rules first.
353    *
354    * @see RuleComparator
355    */
356    public static Class comparator = issrg.pba.rbac.xmlpolicy.DefaultRuleComparator.class;
357   
358    /**
359    * This method returns an instance of the default Role Assignment Rule
360    * Comparator.
361    *
362    * @see RuleComparator
363    */
 
364  26 toggle public static RuleComparator getComparator() {
365  26 try {
366  26 return (RuleComparator) comparator.newInstance();
367    } catch (InstantiationException ie) {
368  0 throw new IllegalArgumentException("Can't instantiate abstract class " + comparator.getName()+": " + ie.getMessage());
369    } catch (IllegalAccessException ile){
370  0 throw new IllegalArgumentException("Default constructor is unavailable for class " + comparator.getName()+": "+ile.getMessage());
371    }
372    }
373   
374    /**
375    * This method sets the name of the class of the default Role Assignment
376    * Rule Comparator. It checks that it implements the RuleComparator
377    * interface.
378    *
379    * @see RuleComparator
380    */
 
381  0 toggle public static void setComparator(String className) throws ClassNotFoundException {
382  0 comparator = Class.forName(className);
383  0 if (!RuleComparator.class.isAssignableFrom(comparator)) {
384  0 throw new ClassCastException(className + "does not implement " + RuleComparator.class.getName());
385    }
386    }
387   
388    /**
389    * this method is used to flag whether multiple parsers are used.
390    */
 
391  2 toggle public static void setMultiParser(boolean mp) {
392  2 multipleParser = mp;
393    }
394   
395    /**
396    * it returns true if multiple parsers are used.
397    */
 
398  3931 toggle public static boolean isMultiParserUsed() {
399  3931 return multipleParser;
400    }
401    }
 
CloverReport generated by Clover Code Coverage v2.0.3
Sun Mar 23 2008 08:29:30 GMT.		   Clover: Open Source License registered to OpenPERMIS.