issrg.gt4
Class PermisPDP

java.lang.Object
  issrg.gt4.PermisPDP

All Implemented Interfaces:

SignatureVerifier

Direct Known Subclasses:

PermisAuthorizationService

public class PermisPDP
extends java.lang.Object
implements SignatureVerifier

Author:

Linying Su

Field Summary

static java.lang.String	GSP_LDAP_AC_KEY
static java.lang.String	GSP_USE_GRID_SHIB
static java.lang.String	IDP_PROVIDER_ID_KEY

Constructor Summary

PermisPDP()
Creates a new instance of PermisPDP

Method Summary

boolean	checkSignature(byte[] Value, byte[] Signature, java.lang.String algorithmID, TokenLocator Signer) This is a simple signature verification - always returns true.
void	close() The standard PDP method; deinitialises the PDP.
protected PBAAPI	getADF(java.lang.String soa, java.lang.String oid, java.lang.String ldapURL, java.lang.String uRL, java.lang.String ldapAC_attribute, java.lang.String ldapPKC_attribute, java.lang.String rootCA) This method retrieves an instance of PBAAPI for a given configuration.
org.w3c.dom.Element	getAttributes()
org.w3c.dom.Node	getPolicy(org.w3c.dom.Node query) The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.
java.lang.String[]	getPolicyNames() The standard PDP method; returns an empty array, since the behaviour was not defined by GT4 at the time of writing.
org.w3c.dom.Element	getResponse()
void	initialize(PDPConfig config, java.lang.String name, java.lang.String id)
boolean	isPermitted(javax.security.auth.Subject peerSubject, MessageContext context, javax.xml.namespace.QName operation)
org.w3c.dom.Node	setPolicy(org.w3c.dom.Node policy) The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

GSP_LDAP_AC_KEY

public static final java.lang.String GSP_LDAP_AC_KEY

See Also:

Constant Field Values

GSP_USE_GRID_SHIB

public static final java.lang.String GSP_USE_GRID_SHIB

See Also:

Constant Field Values

IDP_PROVIDER_ID_KEY

public static final java.lang.String IDP_PROVIDER_ID_KEY

See Also:

Constant Field Values

Constructor Detail

PermisPDP

public PermisPDP()

Creates a new instance of PermisPDP

Method Detail

getPolicyNames

public java.lang.String[] getPolicyNames()

The standard PDP method; returns an empty array, since the behaviour was not defined by GT4 at the time of writing.

getPolicy

public org.w3c.dom.Node getPolicy(org.w3c.dom.Node query)
                           throws InvalidPolicyException

The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.

Throws:

InvalidPolicyException

setPolicy

public org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
                           throws InvalidPolicyException

The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.

Throws:

InvalidPolicyException

close

public void close()

The standard PDP method; deinitialises the PDP.

checkSignature

public boolean checkSignature(byte[] Value,
                              byte[] Signature,
                              java.lang.String algorithmID,
                              TokenLocator Signer)

This is a simple signature verification - always returns true.

Specified by:

checkSignature in interface SignatureVerifier

Parameters:

Value - is the byte array that had been signed

Signature - is the byte array of the resulting signature

algorithmID - is the String representation (dotted form) of the object identifier of the algorithm used for signing

Signer - is the TokenLocator of the signer

Returns:

true, if there is a valid non-revoked PKI token, which proves the signature is valid; false otherwise

getADF

protected PBAAPI getADF(java.lang.String soa,
                        java.lang.String oid,
                        java.lang.String ldapURL,
                        java.lang.String uRL,
                        java.lang.String ldapAC_attribute,
                        java.lang.String ldapPKC_attribute,
                        java.lang.String rootCA)
                 throws InitializeException

This method retrieves an instance of PBAAPI for a given configuration. First, it looks for a PBAAPI for the given Policy OID in the cache, and if one is found, that one is used; otherwise a new one is created and cached.

Parameters:

soa - - the SOA name (LDAP DN)

oid - - the OID of the policy

ldapURL - - the URL of the LDAP repository to use to retrieve the policy and user ACs

uRL - - the URL of another repository where the user ACs are stored (this may be different from the policy LDAP)

ldapAC_attribute - - the attribute name of the ACs in the repositories

ldapPKC_attribute - - the attribute name of the PKCs in the repositories

rootCA - - the filename of the Root CA PKC; can be null, if no signature verification is required (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)

Throws:

InitializeException

initialize

public void initialize(PDPConfig config,
                       java.lang.String name,
                       java.lang.String id)
                throws InitializeException

Throws:

InitializeException

isPermitted

public boolean isPermitted(javax.security.auth.Subject peerSubject,
                           MessageContext context,
                           javax.xml.namespace.QName operation)
                    throws AuthorizationException

Throws:

AuthorizationException

getResponse

public org.w3c.dom.Element getResponse()

getAttributes

public org.w3c.dom.Element getAttributes()
                                  throws InitializeException

Throws:

InitializeException