issrg.dis
Class DIS
java.lang.Object
issrg.dis.DISCore
issrg.dis.DIS
public class DIS
- extends DISCore
This is the DIS java object. This object is used
to check and issue ACs on behalf of other
managers.
DIS java object will use PERMIS PDP to
make sure that the issuer (manager) have enough
privileges to issue an AC and the issuance of that AC
must conform to delegation policy
Constructor Summary |
DIS()
This is the constructor of the DIS java object. |
Method Summary |
java.lang.String |
delegateForMe(java.lang.String issuerDN,
java.lang.String holderDN,
java.lang.String[] roleValues,
java.lang.String roleType,
java.lang.String from,
java.lang.String to,
java.lang.String assertion,
int deep)
This function will receive request of issuing AC from Apache Webserver |
java.lang.String |
revokeACForMe(java.lang.String base64AC)
|
java.lang.String[] |
revokeForMe(java.lang.String requestorDN,
java.lang.String holderDN,
java.lang.String[] issuerDN,
java.lang.String[] serials)
This function is used for revoking one or more ACs. |
java.lang.String[] |
searchForMe(java.lang.String requestorDN,
java.lang.String holderDN)
This function searchs for ACs of an user and returns information about these ACs. |
java.lang.String |
storeACForMe(java.lang.String base64AC)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DIS
public DIS()
throws java.lang.Exception
- This is the constructor of the DIS java object. It
read necessary parameters from config file, initialize
all the necessary objects.
- Throws:
java.lang.Exception
storeACForMe
public java.lang.String storeACForMe(java.lang.String base64AC)
delegateForMe
public java.lang.String delegateForMe(java.lang.String issuerDN,
java.lang.String holderDN,
java.lang.String[] roleValues,
java.lang.String roleType,
java.lang.String from,
java.lang.String to,
java.lang.String assertion,
int deep)
- Description copied from class:
DISCore
- This function will receive request of issuing AC from Apache Webserver
- Overrides:
delegateForMe
in class DISCore
holderDN
- is the intended holder of the AC to-be-signroleValues
- is the array of role values that the issuer
wants to issue to the holderroleType
- is the type of role that the issuer wants to delegate to
the holderfrom
- is the starting time of validity period of the ACto
- is the ending time of validity period of the ACassertion
- states whether or not the holder of the AC can assert
privileges in this AC. If this parameter equals to "can" then the holder
can assert privileges in this AC. Otherwise, the holder can not assert
privileges in this AC.deep
- is capability of further delegation for the holder. The value "-1"
means the holder can not delegate privileges in this AC to anyone. The value
"1" means the holder can delegate privileges in this AC just downto one level.
"2" means the holder can delegate privileges in this AC just downto two level.
"0" means the holder can delegate privileges in this AC downto unlimited level.
Note that the above parameters mean the issuer intend to issue one AC
with these properties. These properties could be changed by the DIS java object
when checking the issuer's privileges and checking with delegation policy.
- Returns:
- a string that represents the result of the delegation
searchForMe
public java.lang.String[] searchForMe(java.lang.String requestorDN,
java.lang.String holderDN)
- Description copied from class:
DISCore
- This function searchs for ACs of an user and returns information about these ACs. The ACs that violate
the policy of either the issuer or issuedOnBehalfOf will be marked.
- Overrides:
searchForMe
in class DISCore
- Parameters:
requestorDN
- is the DN of the requestorholderDN
- is the DN of user that one wants to retrieve his/her ACs
- Returns:
- array of String. This array stores information about all user's ACs
revokeACForMe
public java.lang.String revokeACForMe(java.lang.String base64AC)
revokeForMe
public java.lang.String[] revokeForMe(java.lang.String requestorDN,
java.lang.String holderDN,
java.lang.String[] issuerDN,
java.lang.String[] serials)
- Description copied from class:
DISCore
- This function is used for revoking one or more ACs. It uses strings for representing the requested ACs.
The client for this function is an Apache.
- Overrides:
revokeForMe
in class DISCore
- Parameters:
requestorDN
- is the DN of the requestorholderDN
- is the DN of the ACs' holderissuerDN
- is an array of strings that represents the list of issuers of the requested ACsserials
- is an array of strings that represents the list of serialnumbers of the requested ACs
- Returns:
- an array of string. Each string reports the revoking result of each AC in the requested list.