issrg.dis
Class DISCore

java.lang.Object
  extended by issrg.dis.DISCore
Direct Known Subclasses:
DIS, TestDS

public abstract class DISCore
extends java.lang.Object

This class contains the core functionality of DIS. Extend it to tailor DIS to the execution environment.


Nested Class Summary
 class DISCore.DepthsCreds
          This class is used for storing credentials and delegation depths before and during the checking/constraining process
static class DISCore.DISConfig
           
static interface DISCore.Repository
           
 
Field Summary
protected static org.apache.log4j.Appender appender
           
protected  DISCore.DISConfig dcfg
           
protected static org.apache.log4j.Layout layout
           
protected static Logger log
           
protected  PolicyFinder policy
           
protected static Logger root
           
protected  SignatureVerifier sv
           
protected  AuthzTokenParser tokenParser
           
 
Constructor Summary
DISCore(DISCore.DISConfig dcfg)
           
 
Method Summary
protected  java.lang.String delegateForMe(java.lang.String issuerDN, java.lang.String holderDN, java.lang.String[] roleValues, java.lang.String roleType, java.lang.String from, java.lang.String to, java.lang.String assertion, int deep)
          This function will receive request of issuing AC from Apache Webserver
protected  java.lang.String revokeACForMe(byte[] ac, java.lang.String requestor)
          This function is used for revoking one AC.
protected  java.lang.String[] revokeForMe(java.lang.String requestorDN, java.lang.String holderDN, java.lang.String[] issuerDN, java.lang.String[] serials)
          This function is used for revoking one or more ACs.
protected  java.lang.String[] searchForMe(java.lang.String requestorDN, java.lang.String holderDN)
          This function searchs for ACs of an user and returns information about these ACs.
protected  java.lang.String storeACForMe(byte[] ac, java.lang.String requestor)
          This function will receive a request of storing an AC from a client (ACM tool).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

root

protected static Logger root

log

protected static Logger log

appender

protected static org.apache.log4j.Appender appender

layout

protected static org.apache.log4j.Layout layout

dcfg

protected DISCore.DISConfig dcfg

sv

protected SignatureVerifier sv

tokenParser

protected AuthzTokenParser tokenParser

policy

protected PolicyFinder policy
Constructor Detail

DISCore

public DISCore(DISCore.DISConfig dcfg)
        throws java.lang.Exception
Throws:
java.lang.Exception
Method Detail

storeACForMe

protected java.lang.String storeACForMe(byte[] ac,
                                        java.lang.String requestor)
This function will receive a request of storing an AC from a client (ACM tool). This AC is already signed by requestor but the DIS will check the content of the AC to make sure it is comply to the issuing policy. If the checking process is succesful, the AC will be stored by the DIS. If not, error message will be return to the requestor.

Parameters:
base64AC - is the AC in base64 format sent to the DIS
Returns:
a string that reports to issuer about the result of the checking and storing process.

delegateForMe

protected java.lang.String delegateForMe(java.lang.String issuerDN,
                                         java.lang.String holderDN,
                                         java.lang.String[] roleValues,
                                         java.lang.String roleType,
                                         java.lang.String from,
                                         java.lang.String to,
                                         java.lang.String assertion,
                                         int deep)
This function will receive request of issuing AC from Apache Webserver

Parameters:
issuerUID - is the UID of the issuer and it is used when checking privileges of issuer compare to privileges of the AC to-be-sign
holderDN - is the intended holder of the AC to-be-sign
roleValues - is the array of role values that the issuer wants to issue to the holder
roleType - is the type of role that the issuer wants to delegate to the holder
from - is the starting time of validity period of the AC
to - is the ending time of validity period of the AC
assertion - states whether or not the holder of the AC can assert privileges in this AC. If this parameter equals to "can" then the holder can assert privileges in this AC. Otherwise, the holder can not assert privileges in this AC.
deep - is capability of further delegation for the holder. The value "-1" means the holder can not delegate privileges in this AC to anyone. The value "1" means the holder can delegate privileges in this AC just downto one level. "2" means the holder can delegate privileges in this AC just downto two level. "0" means the holder can delegate privileges in this AC downto unlimited level.

Note that the above parameters mean the issuer intend to issue one AC with these properties. These properties could be changed by the DIS java object when checking the issuer's privileges and checking with delegation policy.

Returns:
a string that represents the result of the delegation

searchForMe

protected java.lang.String[] searchForMe(java.lang.String requestorDN,
                                         java.lang.String holderDN)
This function searchs for ACs of an user and returns information about these ACs. The ACs that violate the policy of either the issuer or issuedOnBehalfOf will be marked.

Parameters:
holderDN - is the DN of user that one wants to retrieve his/her ACs
requestorDN - is the DN of the requestor
Returns:
array of String. This array stores information about all user's ACs

revokeACForMe

protected java.lang.String revokeACForMe(byte[] ac,
                                         java.lang.String requestor)
This function is used for revoking one AC. The requested AC is encoded in Base64 format. The function takes the request from a client (the ACM) and will check whether the requestor can revoke the requested AC.

Parameters:
base64AC - is the encoded AC in Base64 format
Returns:
is a String that tells the client about the result of the request

revokeForMe

protected java.lang.String[] revokeForMe(java.lang.String requestorDN,
                                         java.lang.String holderDN,
                                         java.lang.String[] issuerDN,
                                         java.lang.String[] serials)
This function is used for revoking one or more ACs. It uses strings for representing the requested ACs. The client for this function is an Apache.

Parameters:
requestorDN - is the DN of the requestor
holderDN - is the DN of the ACs' holder
issuerDN - is an array of strings that represents the list of issuers of the requested ACs
serials - is an array of strings that represents the list of serialnumbers of the requested ACs
Returns:
an array of string. Each string reports the revoking result of each AC in the requested list.