issrg.gt4
Class PermisPDP

java.lang.Object
  extended by issrg.gt4.PermisPDP
All Implemented Interfaces:
SignatureVerifier
Direct Known Subclasses:
PermisAuthorizationService

public class PermisPDP
extends java.lang.Object
implements SignatureVerifier

Author:
Linying Su

Field Summary
static java.lang.String GSP_LDAP_AC_KEY
           
static java.lang.String GSP_USE_GRID_SHIB
           
static java.lang.String IDP_PROVIDER_ID_KEY
           
 
Constructor Summary
PermisPDP()
          Creates a new instance of PermisPDP
 
Method Summary
 boolean checkSignature(byte[] Value, byte[] Signature, java.lang.String algorithmID, TokenLocator Signer)
          This is a simple signature verification - always returns true.
 void close()
          The standard PDP method; deinitialises the PDP.
protected  PBAAPI getADF(java.lang.String soa, java.lang.String oid, java.lang.String ldapURL, java.lang.String uRL, java.lang.String ldapAC_attribute, java.lang.String ldapPKC_attribute, java.lang.String rootCA)
          This method retrieves an instance of PBAAPI for a given configuration.
 org.w3c.dom.Element getAttributes()
           
 org.w3c.dom.Node getPolicy(org.w3c.dom.Node query)
          The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.
 java.lang.String[] getPolicyNames()
          The standard PDP method; returns an empty array, since the behaviour was not defined by GT4 at the time of writing.
 org.w3c.dom.Element getResponse()
           
 void initialize(PDPConfig config, java.lang.String name, java.lang.String id)
           
 boolean isPermitted(javax.security.auth.Subject peerSubject, MessageContext context, javax.xml.namespace.QName operation)
           
 org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
          The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GSP_LDAP_AC_KEY

public static final java.lang.String GSP_LDAP_AC_KEY
See Also:
Constant Field Values

GSP_USE_GRID_SHIB

public static final java.lang.String GSP_USE_GRID_SHIB
See Also:
Constant Field Values

IDP_PROVIDER_ID_KEY

public static final java.lang.String IDP_PROVIDER_ID_KEY
See Also:
Constant Field Values
Constructor Detail

PermisPDP

public PermisPDP()
Creates a new instance of PermisPDP

Method Detail

getPolicyNames

public java.lang.String[] getPolicyNames()
The standard PDP method; returns an empty array, since the behaviour was not defined by GT4 at the time of writing.


getPolicy

public org.w3c.dom.Node getPolicy(org.w3c.dom.Node query)
                           throws InvalidPolicyException
The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.

Throws:
InvalidPolicyException

setPolicy

public org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
                           throws InvalidPolicyException
The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.

Throws:
InvalidPolicyException

close

public void close()
The standard PDP method; deinitialises the PDP.


checkSignature

public boolean checkSignature(byte[] Value,
                              byte[] Signature,
                              java.lang.String algorithmID,
                              TokenLocator Signer)
This is a simple signature verification - always returns true.

Specified by:
checkSignature in interface SignatureVerifier
Parameters:
Value - is the byte array that had been signed
Signature - is the byte array of the resulting signature
algorithmID - is the String representation (dotted form) of the object identifier of the algorithm used for signing
Signer - is the TokenLocator of the signer
Returns:
true, if there is a valid non-revoked PKI token, which proves the signature is valid; false otherwise

getADF

protected PBAAPI getADF(java.lang.String soa,
                        java.lang.String oid,
                        java.lang.String ldapURL,
                        java.lang.String uRL,
                        java.lang.String ldapAC_attribute,
                        java.lang.String ldapPKC_attribute,
                        java.lang.String rootCA)
                 throws InitializeException
This method retrieves an instance of PBAAPI for a given configuration. First, it looks for a PBAAPI for the given Policy OID in the cache, and if one is found, that one is used; otherwise a new one is created and cached.

Parameters:
soa - - the SOA name (LDAP DN)
oid - - the OID of the policy
ldapURL - - the URL of the LDAP repository to use to retrieve the policy and user ACs
uRL - - the URL of another repository where the user ACs are stored (this may be different from the policy LDAP)
ldapAC_attribute - - the attribute name of the ACs in the repositories
ldapPKC_attribute - - the attribute name of the PKCs in the repositories
rootCA - - the filename of the Root CA PKC; can be null, if no signature verification is required (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
Throws:
InitializeException

initialize

public void initialize(PDPConfig config,
                       java.lang.String name,
                       java.lang.String id)
                throws InitializeException
Throws:
InitializeException

isPermitted

public boolean isPermitted(javax.security.auth.Subject peerSubject,
                           MessageContext context,
                           javax.xml.namespace.QName operation)
                    throws AuthorizationException
Throws:
AuthorizationException

getResponse

public org.w3c.dom.Element getResponse()

getAttributes

public org.w3c.dom.Element getAttributes()
                                  throws InitializeException
Throws:
InitializeException