issrg.pba.rbac.x509
Class SimplePERMISACPolicyFinder

java.lang.Object
  extended byissrg.pba.rbac.PolicyFinder
      extended byissrg.pba.rbac.x509.SimplePERMISACPolicyFinder
Direct Known Subclasses:
RepositoryACPolicyFinder

public class SimplePERMISACPolicyFinder
extends PolicyFinder

This is a simple Policy Finder that can be instantiated from an instance of an X.509 Attribute Certificate. It is useful to extend from: collect the Attribute Certificates, then invoke initPolicyFromACArray to initialise the Policy Finder.

Author:
gansen

Field Summary
 
Fields inherited from class issrg.pba.rbac.PolicyFinder
accessPolicy, allocationPolicy, msodPolicySet, parsedPolicy, policyOID, Repository, sawsServer, sv
 
Constructor Summary
protected SimplePERMISACPolicyFinder()
           
  SimplePERMISACPolicyFinder(byte[] acBinary, java.lang.String PolicyId, java.security.Principal SOA, SignatureVerifier SV)
          This constructor builds a Policy Finder given an AC, the identifier of the policy and the identity of the policy issuer.
 
Method Summary
protected  void initPolicyFromACArray(byte[][] acBinary, java.lang.String policyID, java.security.Principal SOA, SignatureVerifier SV)
          This method looks for the right policy among an array of X.509 Attribute Certificates.
 
Methods inherited from class issrg.pba.rbac.PolicyFinder
getAccessPolicy, getAllocationPolicy, getMSoDPolicy, getParsedPolicy, getPolicyOID, getRepository, getSV, removeSystemTag
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SimplePERMISACPolicyFinder

protected SimplePERMISACPolicyFinder()

SimplePERMISACPolicyFinder

public SimplePERMISACPolicyFinder(byte[] acBinary,
                                  java.lang.String PolicyId,
                                  java.security.Principal SOA,
                                  SignatureVerifier SV)
                           throws PbaException
This constructor builds a Policy Finder given an AC, the identifier of the policy and the identity of the policy issuer. Only if the AC holds the required policy construction succeeds. This constructor invokes the initPolicyFromACArray directly, see that method description for additional details.

Parameters:
acBinary - - the array of byte arrays, each representing a BER-encoded or Base64 encoding of a BER-encoded X.509 AC
SOA - - the Principal naming the issuer of the policy (must be the Holder and Issuer of the self-signed Attribute Certificate)
SV - - the SignatureVerifier to use; if null, digital signatures on the ACs are not checked (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
Method Detail

initPolicyFromACArray

protected void initPolicyFromACArray(byte[][] acBinary,
                                     java.lang.String policyID,
                                     java.security.Principal SOA,
                                     SignatureVerifier SV)
                              throws PbaException
This method looks for the right policy among an array of X.509 Attribute Certificates. The policy is identified by its Policy ID (OID in PERMIS XML) and the name of the issuer of the policy. The signatures on the ACs are validated using the SignatureVerifier provided, if any.

Parameters:
acBinary - - the array of byte arrays, each representing a BER-encoded or Base64 encoding of a BER-encoded X.509 AC
policyID - - the identifier of the policy to use
SOA - - the Principal naming the issuer of the policy (must be the Holder and Issuer of the self-signed Attribute Certificate)
SV - - the SignatureVerifier to use; if null, digital signatures on the ACs are not checked (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
Throws:
PbaException