issrg.gt4Plus.pdp
Class PermisPDP

java.lang.Object
  extended by issrg.gt4Plus.pdp.PermisPDP
All Implemented Interfaces:
SignatureVerifier

public class PermisPDP
extends java.lang.Object
implements SignatureVerifier

Author:
Linying Su

Field Summary
static java.lang.String GSP_LDAP_AC_KEY
           
static java.lang.String GSP_USE_GRID_SHIB
           
static java.lang.String IDP_PROVIDER_ID_KEY
           
 
Constructor Summary
PermisPDP()
          Creates a new instance of PermisPDP
 
Method Summary
 Decision canAccess(RequestEntities requestEntities, NonRequestEntities nonReqEntities)
          this method is used to decide whether the requestor can access the resource.
 Decision canAdminister(RequestEntities requestEntities, NonRequestEntities nonReqEntities)
          this method is used to decide whether the requestor can administer the resource.
 boolean checkSignature(byte[] Value, byte[] Signature, java.lang.String algorithmID, TokenLocator Signer)
          This is a simple signature verification - always returns true.
 void close()
          this method is not used.
protected  PBAAPI getADF(java.lang.String soa, java.lang.String oid, java.lang.String ldapURL, java.lang.String uRL, java.lang.String ldapAC_attribute, java.lang.String ldapPKC_attribute, java.lang.String rootCA)
          This method retrieves an instance of PBAAPI for a given configuration.
 org.w3c.dom.Element getAttributes()
          Return the environment attributes of the policy
 org.w3c.dom.Element getResponse()
          Return the response from the decision making
 void initialize(java.lang.String chainName, java.lang.String prefix, ChainConfig config)
          this method is used to initialise the Permis PDP.
 boolean signingPKCValidation(java.security.cert.X509Certificate cert)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GSP_LDAP_AC_KEY

public static final java.lang.String GSP_LDAP_AC_KEY
See Also:
Constant Field Values

GSP_USE_GRID_SHIB

public static final java.lang.String GSP_USE_GRID_SHIB
See Also:
Constant Field Values

IDP_PROVIDER_ID_KEY

public static final java.lang.String IDP_PROVIDER_ID_KEY
See Also:
Constant Field Values
Constructor Detail

PermisPDP

public PermisPDP()
Creates a new instance of PermisPDP

Method Detail

checkSignature

public boolean checkSignature(byte[] Value,
                              byte[] Signature,
                              java.lang.String algorithmID,
                              TokenLocator Signer)
This is a simple signature verification - always returns true.

Specified by:
checkSignature in interface SignatureVerifier
Parameters:
Value - is the byte array that had been signed
Signature - is the byte array of the resulting signature
algorithmID - is the String representation (dotted form) of the object identifier of the algorithm used for signing
Signer - is the TokenLocator of the signer
Returns:
true, if there is a valid non-revoked PKI token, which proves the signature is valid; false otherwise

getADF

protected PBAAPI getADF(java.lang.String soa,
                        java.lang.String oid,
                        java.lang.String ldapURL,
                        java.lang.String uRL,
                        java.lang.String ldapAC_attribute,
                        java.lang.String ldapPKC_attribute,
                        java.lang.String rootCA)
                 throws InitializeException
This method retrieves an instance of PBAAPI for a given configuration. First, it looks for a PBAAPI for the given Policy OID in the cache, and if one is found, that one is used; otherwise a new one is created and cached.

Parameters:
soa - - the SOA name (LDAP DN)
oid - - the OID of the policy
ldapURL - - the URL of the LDAP repository to use to retrieve the policy and user ACs
uRL - - the URL of another repository where the user ACs are stored (this may be different from the policy LDAP)
ldapAC_attribute - - the attribute name of the ACs in the repositories
ldapPKC_attribute - - the attribute name of the PKCs in the repositories
rootCA - - the filename of the Root CA PKC; can be null, if no signature verification is required (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
Throws:
InitializeException

canAccess

public Decision canAccess(RequestEntities requestEntities,
                          NonRequestEntities nonReqEntities)
                   throws AuthorizationException
this method is used to decide whether the requestor can access the resource.

Parameters:
requestEntities - represents the request attributes.
nonReqEntities - represents none request attributes.
Returns:
a Decision object
Throws:
AuthorizationException

canAdminister

public Decision canAdminister(RequestEntities requestEntities,
                              NonRequestEntities nonReqEntities)
                       throws AuthorizationException
this method is used to decide whether the requestor can administer the resource. In this implementation, it always return the same decision as canAccess().

Parameters:
requestEntities - represents the request attributes.
nonReqEntities - represents none request attributes.
Returns:
a Decision object
Throws:
AuthorizationException

initialize

public void initialize(java.lang.String chainName,
                       java.lang.String prefix,
                       ChainConfig config)
                throws InitializeException
this method is used to initialise the Permis PDP.

Parameters:
chainName - denotes the service name, which is protected by the PDP.
prefix - denotes the scope of the Permis PDP.
config - passes the properties which are configured in the security descriptor
Throws:
InitializeException

close

public void close()
           throws CloseException
this method is not used.

Throws:
CloseException

getResponse

public org.w3c.dom.Element getResponse()
Return the response from the decision making


getAttributes

public org.w3c.dom.Element getAttributes()
                                  throws InitializeException
Return the environment attributes of the policy

Throws:
InitializeException

signingPKCValidation

public boolean signingPKCValidation(java.security.cert.X509Certificate cert)