| LDAPURLHandler | Line # 46 | 15 | 3 | 54.2% |
0.5416667
|
| No Tests | |||
| 1 | /* | |
| 2 | * Copyright (c) 2000-2005, University of Salford | |
| 3 | * All rights reserved. | |
| 4 | * | |
| 5 | * Redistribution and use in source and binary forms, with or without | |
| 6 | * modification, are permitted provided that the following conditions are met: | |
| 7 | * | |
| 8 | * Redistributions of source code must retain the above copyright notice, this | |
| 9 | * list of conditions and the following disclaimer. | |
| 10 | * | |
| 11 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 12 | * this list of conditions and the following disclaimer in the documentation | |
| 13 | * and/or other materials provided with the distribution. | |
| 14 | * | |
| 15 | * Neither the name of the University of Salford nor the names of its | |
| 16 | * contributors may be used to endorse or promote products derived from this | |
| 17 | * software without specific prior written permission. | |
| 18 | * | |
| 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| 20 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
| 22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | |
| 23 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| 29 | * POSSIBILITY OF SUCH DAMAGE. | |
| 30 | */ | |
| 31 | ||
| 32 | package issrg.pba.rbac; | |
| 33 | ||
| 34 | import java.security.Principal; | |
| 35 | import issrg.utils.repository.Entry; | |
| 36 | import issrg.pba.rbac.policies.Subtree; | |
| 37 | import issrg.pba.repository.UserEntry; | |
| 38 | import issrg.pba.rbac.policies.DITSubtree; | |
| 39 | import javax.naming.Context; | |
| 40 | import javax.naming.directory.InitialDirContext; | |
| 41 | ||
| 42 | /** | |
| 43 | * This class handles LDAP URLs. It can create LDAPDNPrincipals, LDAPEntries | |
| 44 | * DITSubtrees and LDAPRepositories given a URL. | |
| 45 | */ | |
| 46 | public class LDAPURLHandler extends URLHandler { | |
| 47 | public static final String LDAP_PROTOCOL = "ldap"; | |
| 48 | public static final int LDAP_PORT = 389; | |
| 49 | ||
| 50 | 11 |
 public LDAPURLHandler(){} |
| 51 | ||
| 52 | 11 |
public String getProtocol(){ |
| 53 | 11 | return LDAP_PROTOCOL; |
| 54 | } | |
| 55 | ||
| 56 | 0 |
public int getDefaultPort(){ |
| 57 | 0 | return LDAP_PORT; |
| 58 | } | |
| 59 | ||
| 60 | /** | |
| 61 | * Not implemented yet. Always throws a BadURLException. | |
| 62 | */ | |
| 63 | 0 |
public Principal getPrincipal(String url) throws BadURLException { |
| 64 | 0 | throw new BadURLException("A Principal cannot be instantiated from "+url+": method not implemented"); |
| 65 | } | |
| 66 | ||
| 67 | /** | |
| 68 | * This method builds an Entry object given a LDAP URL. The entry identifies | |
| 69 | * the LDAP entry by its name. | |
| 70 | * | |
| 71 | * @param url - the LDAP URL pointing to an entry in LDAP | |
| 72 | * @throws BadURLException, if it is a malformed LDAP URL. | |
| 73 | */ | |
| 74 | 0 |
public Entry getEntry(String url) throws BadURLException { |
| 75 | 0 | return new UserEntry(getPrincipal(url)); |
| 76 | } | |
| 77 | ||
| 78 | /** | |
| 79 | * This method builds a LDAP subtree (DITSubtree) starting at the node | |
| 80 | * specified | |
| 81 | * by an LDAP URL, min and max, and an array of excluded subtrees. Note that | |
| 82 | * the host part of the URL is ignored. | |
| 83 | * | |
| 84 | * <p>The LDAP URL points to the root entry of the subtree. The min and max | |
| 85 | * identify where the tree starts and ends, as defined in the subtree | |
| 86 | * specification in X.500 standard: if the tree is represented as a collection | |
| 87 | * of paths from the root entry to the leaf nodes, then min tells how many | |
| 88 | * hops down the path the tree starts, and the max tells how many hops | |
| 89 | * down the path the tree ends. The excluded subtrees are the subtrees | |
| 90 | * excluded from the root. The method does not check if the excluded subtrees | |
| 91 | * are actually contained in the subtree. | |
| 92 | * | |
| 93 | * <p>Example: | |
| 94 | * <br><pre>root="o=permis,c=gb", min=0, max=-1</pre> | |
| 95 | * <br>- any entry in the subtree starting at the entry "o=permis,c=gb" is | |
| 96 | * included, including the "o=permis,c=gb" entry itself. | |
| 97 | * <p><pre>root="o=permis,c=gb", min=1, max=2, excludes={root="ou=test,o=permis,c=gb", min=0, max=-1}</pre> | |
| 98 | * <br>- any entry in the subtree starting at the entry "o=permis,c=gb" (excluding | |
| 99 | * the entry itself, because min=1), and no deeper than 2 levels down from the | |
| 100 | * root entry (max=2) is included, except for any entries in | |
| 101 | * "ou=test,o=permis,c=gb". So | |
| 102 | * <br>"o=permis,c=gb" <b>is not</b> included (min=1), | |
| 103 | * <br>"cn=David Chadwick,ou=test,o=permis,c=gb" <b>is not</b> included (it is in the | |
| 104 | * excluded subtree), | |
| 105 | * <br>"cn=Linying,ou=demo,ou=trustcom,o=permis,c=gb" <b>is not</b> | |
| 106 | * included (max=2), | |
| 107 | * <br>"cn=Romain,ou=trustcom,o=permis,c=gb" and | |
| 108 | * "cn=Sassa,o=permis,c=gb" <b>are</b>included | |
| 109 | * (between 1 and 2 hops from the root and not in the excluded subtree). | |
| 110 | * | |
| 111 | * @param url - the URL identifying the entry of the root of the subtree | |
| 112 | * @param min - the integer specifying how many hops down the tree from the | |
| 113 | * root entry the subtree starts; must be non-negative | |
| 114 | * @param max - the integer specifying how many hops down the tree from the | |
| 115 | * root entry the subtree ends; if less than zero, then no constraint on | |
| 116 | * the maximum height of the tree is specified | |
| 117 | * @param exclude - an array of excluded Subtrees | |
| 118 | */ | |
| 119 | 0 |
public Subtree getSubtree(String url, int min, int max, Subtree [] exclude) throws BadURLException { |
| 120 | 0 | return new DITSubtree((LDAPDNPrincipal)getPrincipal(url), min, max, null, exclude); |
| 121 | } | |
| 122 | ||
| 123 | /** | |
| 124 | * This method builds a LDAPRepository from the given URL, if it is a | |
| 125 | * LDAP URL. It specifies that the attributes for AttributeCertificateAttribute | |
| 126 | * and UserCertificate use binary transfer. The names of these attributes are | |
| 127 | * obtained from CustomisePERMIS. | |
| 128 | */ | |
| 129 | 1 |
public issrg.utils.repository.AttributeRepository getRepository(String url) throws BadURLException { |
| 130 | 1 | if (getProtocolName(url).compareToIgnoreCase(LDAP_PROTOCOL)!=0){ |
| 131 | 0 | throw new BadURLException("Wrong URL Handler: "+url+" is not an LDAP URL"); |
| 132 | } | |
| 133 | ||
| 134 | 1 | try{ |
| 135 | 1 | java.util.Hashtable env = new java.util.Hashtable(); |
| 136 | 1 | env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); |
| 137 | 1 | env.put(Context.PROVIDER_URL, url); |
| 138 | 1 | env.put("java.naming.ldap.version", "3"); |
| 139 | 1 | env.put("java.naming.ldap.attributes.binary", CustomisePERMIS.getAttributeCertificateAttribute()+" "+issrg.security.PKCRepository.USER_PKC_ATTRIBUTE); |
| 140 | //env.put("java.naming.ldap.attributes.binary", issrg.pba.repository.ACRepository.ATTRIBUTE_CERTIFICATE_ID+" "+issrg.security.PKCRepository.USER_PKC_ATTRIBUTE); | |
| 141 | ||
| 142 | 1 | return new issrg.utils.repository.LDAPRepository(new InitialDirContext(env)); |
| 143 | }catch (javax.naming.NamingException ne){ | |
| 144 | 0 | throw new BadURLException("Couldn't connect to the specified repository: "+url, ne); |
| 145 | } | |
| 146 | } | |
| 147 | } | |
|
||||||||||
