DISCore

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

issrg.dis
Class DISCore

java.lang.Object
  issrg.dis.DISCore

Direct Known Subclasses:: DIS, TestDS

public abstract class DISCore
extends java.lang.Object
extends java.lang.Object

This class contains the core functionality of DIS. Extend it to tailor DIS to the execution environment.

Nested Class Summary
`class`	`DISCore.DepthsCreds` This class is used for storing credentials and delegation depths before and during the checking/constraining process
`static class`	`DISCore.DISConfig`
`static interface`	`DISCore.Repository`

Field Summary
`protected static org.apache.log4j.Appender`	`appender`
`protected DISCore.DISConfig`	`dcfg`
`protected static org.apache.log4j.Layout`	`layout`
`protected static Logger`	`log`
`protected PolicyFinder`	`policy`
`protected static Logger`	`root`
`protected SignatureVerifier`	`sv`
`protected AuthzTokenParser`	`tokenParser`

Constructor Summary
`DISCore(DISCore.DISConfig dcfg)`

Method Summary
`protected java.lang.String`	`delegateForMe(java.lang.String issuerDN, java.lang.String holderDN, java.lang.String[] roleValues, java.lang.String roleType, java.lang.String from, java.lang.String to, java.lang.String assertion, int deep)` This function will receive request of issuing AC from Apache Webserver
`protected java.lang.String`	`revokeACForMe(byte[] ac, java.lang.String requestor)` This function is used for revoking one AC.
`protected java.lang.String[]`	`revokeForMe(java.lang.String requestorDN, java.lang.String holderDN, java.lang.String[] issuerDN, java.lang.String[] serials)` This function is used for revoking one or more ACs.
`protected java.lang.String[]`	`searchForMe(java.lang.String requestorDN, java.lang.String holderDN)` This function searchs for ACs of an user and returns information about these ACs.
`protected java.lang.String`	`storeACForMe(byte[] ac, java.lang.String requestor)` This function will receive a request of storing an AC from a client (ACM tool).

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

root

protected static Logger root

log

protected static Logger log

appender

protected static org.apache.log4j.Appender appender

layout

protected static org.apache.log4j.Layout layout

dcfg

protected DISCore.DISConfig dcfg

sv

protected SignatureVerifier sv

tokenParser

protected AuthzTokenParser tokenParser

policy

protected PolicyFinder policy

Constructor Detail

DISCore

public DISCore(DISCore.DISConfig dcfg)
        throws java.lang.Exception

Throws:: java.lang.Exception

Method Detail

storeACForMe

protected java.lang.String storeACForMe(byte[] ac,
                                        java.lang.String requestor)

This function will receive a request of storing an AC from a client (ACM tool). This AC is already signed by requestor but the DIS will check the content of the AC to make sure it is comply to the issuing policy. If the checking process is succesful, the AC will be stored by the DIS. If not, error message will be return to the requestor.

Parameters:: base64AC - is the AC in base64 format sent to the DIS
Returns:: a string that reports to issuer about the result of the checking and storing process.

delegateForMe

protected java.lang.String delegateForMe(java.lang.String issuerDN,
                                         java.lang.String holderDN,
                                         java.lang.String[] roleValues,
                                         java.lang.String roleType,
                                         java.lang.String from,
                                         java.lang.String to,
                                         java.lang.String assertion,
                                         int deep)

This function will receive request of issuing AC from Apache Webserver

Parameters:: issuerUID - is the UID of the issuer and it is used when checking privileges of issuer compare to privileges of the AC to-be-sign; holderDN - is the intended holder of the AC to-be-sign; roleValues - is the array of role values that the issuer wants to issue to the holder; roleType - is the type of role that the issuer wants to delegate to the holder; from - is the starting time of validity period of the AC; to - is the ending time of validity period of the AC; assertion - states whether or not the holder of the AC can assert privileges in this AC. If this parameter equals to "can" then the holder can assert privileges in this AC. Otherwise, the holder can not assert privileges in this AC.; deep - is capability of further delegation for the holder. The value "-1" means the holder can not delegate privileges in this AC to anyone. The value "1" means the holder can delegate privileges in this AC just downto one level. "2" means the holder can delegate privileges in this AC just downto two level. "0" means the holder can delegate privileges in this AC downto unlimited level.
Note that the above parameters mean the issuer intend to issue one AC with these properties. These properties could be changed by the DIS java object when checking the issuer's privileges and checking with delegation policy.
Returns:: a string that represents the result of the delegation

searchForMe

protected java.lang.String[] searchForMe(java.lang.String requestorDN,
                                         java.lang.String holderDN)

This function searchs for ACs of an user and returns information about these ACs. The ACs that violate the policy of either the issuer or issuedOnBehalfOf will be marked.

Parameters:: holderDN - is the DN of user that one wants to retrieve his/her ACs; requestorDN - is the DN of the requestor
Returns:: array of String. This array stores information about all user's ACs

revokeACForMe

protected java.lang.String revokeACForMe(byte[] ac,
                                         java.lang.String requestor)

This function is used for revoking one AC. The requested AC is encoded in Base64 format. The function takes the request from a client (the ACM) and will check whether the requestor can revoke the requested AC.

Parameters:: base64AC - is the encoded AC in Base64 format
Returns:: is a String that tells the client about the result of the request

revokeForMe

protected java.lang.String[] revokeForMe(java.lang.String requestorDN,
                                         java.lang.String holderDN,
                                         java.lang.String[] issuerDN,
                                         java.lang.String[] serials)

This function is used for revoking one or more ACs. It uses strings for representing the requested ACs. The client for this function is an Apache.

Parameters:: requestorDN - is the DN of the requestor; holderDN - is the DN of the ACs' holder; issuerDN - is an array of strings that represents the list of issuers of the requested ACs; serials - is an array of strings that represents the list of serialnumbers of the requested ACs
Returns:: an array of string. Each string reports the revoking result of each AC in the requested list.

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

issrg.dis Class DISCore

root

log

appender

layout

dcfg

sv

tokenParser

policy

DISCore

storeACForMe

delegateForMe

searchForMe

revokeACForMe

revokeForMe

issrg.dis
Class DISCore