issrg.dis
Class DIS

java.lang.Object
  extended by issrg.dis.DISCore
      extended by issrg.dis.DIS

public class DIS
extends DISCore

This is the DIS java object. This object is used to check and issue ACs on behalf of other managers.

DIS java object will use PERMIS PDP to make sure that the issuer (manager) have enough privileges to issue an AC and the issuance of that AC must conform to delegation policy


Nested Class Summary
 
Nested classes/interfaces inherited from class issrg.dis.DISCore
DISCore.DepthsCreds, DISCore.DISConfig, DISCore.Repository
 
Field Summary
 
Fields inherited from class issrg.dis.DISCore
appender, dcfg, layout, log, policy, root, sv, tokenParser
 
Constructor Summary
DIS()
          This is the constructor of the DIS java object.
 
Method Summary
 java.lang.String delegateForMe(java.lang.String issuerDN, java.lang.String holderDN, java.lang.String[] roleValues, java.lang.String roleType, java.lang.String from, java.lang.String to, java.lang.String assertion, int deep)
          This function will receive request of issuing AC from Apache Webserver
 java.lang.String revokeACForMe(java.lang.String base64AC)
           
 java.lang.String[] revokeForMe(java.lang.String requestorDN, java.lang.String holderDN, java.lang.String[] issuerDN, java.lang.String[] serials)
          This function is used for revoking one or more ACs.
 java.lang.String[] searchForMe(java.lang.String requestorDN, java.lang.String holderDN)
          This function searchs for ACs of an user and returns information about these ACs.
 java.lang.String storeACForMe(java.lang.String base64AC)
           
 
Methods inherited from class issrg.dis.DISCore
revokeACForMe, storeACForMe
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DIS

public DIS()
    throws java.lang.Exception
This is the constructor of the DIS java object. It read necessary parameters from config file, initialize all the necessary objects.

Throws:
java.lang.Exception
Method Detail

storeACForMe

public java.lang.String storeACForMe(java.lang.String base64AC)

delegateForMe

public java.lang.String delegateForMe(java.lang.String issuerDN,
                                      java.lang.String holderDN,
                                      java.lang.String[] roleValues,
                                      java.lang.String roleType,
                                      java.lang.String from,
                                      java.lang.String to,
                                      java.lang.String assertion,
                                      int deep)
Description copied from class: DISCore
This function will receive request of issuing AC from Apache Webserver

Overrides:
delegateForMe in class DISCore
holderDN - is the intended holder of the AC to-be-sign
roleValues - is the array of role values that the issuer wants to issue to the holder
roleType - is the type of role that the issuer wants to delegate to the holder
from - is the starting time of validity period of the AC
to - is the ending time of validity period of the AC
assertion - states whether or not the holder of the AC can assert privileges in this AC. If this parameter equals to "can" then the holder can assert privileges in this AC. Otherwise, the holder can not assert privileges in this AC.
deep - is capability of further delegation for the holder. The value "-1" means the holder can not delegate privileges in this AC to anyone. The value "1" means the holder can delegate privileges in this AC just downto one level. "2" means the holder can delegate privileges in this AC just downto two level. "0" means the holder can delegate privileges in this AC downto unlimited level.

Note that the above parameters mean the issuer intend to issue one AC with these properties. These properties could be changed by the DIS java object when checking the issuer's privileges and checking with delegation policy.

Returns:
a string that represents the result of the delegation

searchForMe

public java.lang.String[] searchForMe(java.lang.String requestorDN,
                                      java.lang.String holderDN)
Description copied from class: DISCore
This function searchs for ACs of an user and returns information about these ACs. The ACs that violate the policy of either the issuer or issuedOnBehalfOf will be marked.

Overrides:
searchForMe in class DISCore
Parameters:
requestorDN - is the DN of the requestor
holderDN - is the DN of user that one wants to retrieve his/her ACs
Returns:
array of String. This array stores information about all user's ACs

revokeACForMe

public java.lang.String revokeACForMe(java.lang.String base64AC)

revokeForMe

public java.lang.String[] revokeForMe(java.lang.String requestorDN,
                                      java.lang.String holderDN,
                                      java.lang.String[] issuerDN,
                                      java.lang.String[] serials)
Description copied from class: DISCore
This function is used for revoking one or more ACs. It uses strings for representing the requested ACs. The client for this function is an Apache.

Overrides:
revokeForMe in class DISCore
Parameters:
requestorDN - is the DN of the requestor
holderDN - is the DN of the ACs' holder
issuerDN - is an array of strings that represents the list of issuers of the requested ACs
serials - is an array of strings that represents the list of serialnumbers of the requested ACs
Returns:
an array of string. Each string reports the revoking result of each AC in the requested list.