issrg.gt4Plus.pdp
Class PermisPDP

java.lang.Object
  issrg.gt4Plus.pdp.PermisPDP

All Implemented Interfaces:

SignatureVerifier

public class PermisPDP
extends java.lang.Object
implements SignatureVerifier

Author:

Linying Su

Field Summary

static java.lang.String	GSP_LDAP_AC_KEY
static java.lang.String	GSP_USE_GRID_SHIB
static java.lang.String	IDP_PROVIDER_ID_KEY

Constructor Summary

PermisPDP()
Creates a new instance of PermisPDP

Method Summary

Decision	canAccess(RequestEntities requestEntities, NonRequestEntities nonReqEntities) this method is used to decide whether the requestor can access the resource.
Decision	canAdminister(RequestEntities requestEntities, NonRequestEntities nonReqEntities) this method is used to decide whether the requestor can administer the resource.
boolean	checkSignature(byte[] Value, byte[] Signature, java.lang.String algorithmID, TokenLocator Signer) This is a simple signature verification - always returns true.
void	close() this method is not used.
protected PBAAPI	getADF(java.lang.String soa, java.lang.String oid, java.lang.String ldapURL, java.lang.String uRL, java.lang.String ldapAC_attribute, java.lang.String ldapPKC_attribute, java.lang.String rootCA) This method retrieves an instance of PBAAPI for a given configuration.
org.w3c.dom.Element	getAttributes() Return the environment attributes of the policy
org.w3c.dom.Element	getResponse() Return the response from the decision making
void	initialize(java.lang.String chainName, java.lang.String prefix, ChainConfig config) this method is used to initialise the Permis PDP.
boolean	signingPKCValidation(java.security.cert.X509Certificate cert)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

GSP_LDAP_AC_KEY

public static final java.lang.String GSP_LDAP_AC_KEY

See Also:

Constant Field Values

GSP_USE_GRID_SHIB

public static final java.lang.String GSP_USE_GRID_SHIB

See Also:

Constant Field Values

IDP_PROVIDER_ID_KEY

public static final java.lang.String IDP_PROVIDER_ID_KEY

See Also:

Constant Field Values

Constructor Detail

PermisPDP

public PermisPDP()

Creates a new instance of PermisPDP

Method Detail

checkSignature

public boolean checkSignature(byte[] Value,
                              byte[] Signature,
                              java.lang.String algorithmID,
                              TokenLocator Signer)

This is a simple signature verification - always returns true.

Specified by:

checkSignature in interface SignatureVerifier

Parameters:

Value - is the byte array that had been signed

Signature - is the byte array of the resulting signature

algorithmID - is the String representation (dotted form) of the object identifier of the algorithm used for signing

Signer - is the TokenLocator of the signer

Returns:

true, if there is a valid non-revoked PKI token, which proves the signature is valid; false otherwise

getADF

protected PBAAPI getADF(java.lang.String soa,
                        java.lang.String oid,
                        java.lang.String ldapURL,
                        java.lang.String uRL,
                        java.lang.String ldapAC_attribute,
                        java.lang.String ldapPKC_attribute,
                        java.lang.String rootCA)
                 throws InitializeException

This method retrieves an instance of PBAAPI for a given configuration. First, it looks for a PBAAPI for the given Policy OID in the cache, and if one is found, that one is used; otherwise a new one is created and cached.

Parameters:

soa - - the SOA name (LDAP DN)

oid - - the OID of the policy

ldapURL - - the URL of the LDAP repository to use to retrieve the policy and user ACs

uRL - - the URL of another repository where the user ACs are stored (this may be different from the policy LDAP)

ldapAC_attribute - - the attribute name of the ACs in the repositories

ldapPKC_attribute - - the attribute name of the PKCs in the repositories

rootCA - - the filename of the Root CA PKC; can be null, if no signature verification is required (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)

Throws:

InitializeException

canAccess

public Decision canAccess(RequestEntities requestEntities,
                          NonRequestEntities nonReqEntities)
                   throws AuthorizationException

this method is used to decide whether the requestor can access the resource.

Parameters:

requestEntities - represents the request attributes.

nonReqEntities - represents none request attributes.

Returns:

a Decision object

Throws:

AuthorizationException

canAdminister

public Decision canAdminister(RequestEntities requestEntities,
                              NonRequestEntities nonReqEntities)
                       throws AuthorizationException

this method is used to decide whether the requestor can administer the resource. In this implementation, it always return the same decision as canAccess().

Parameters:

requestEntities - represents the request attributes.

nonReqEntities - represents none request attributes.

Returns:

a Decision object

Throws:

AuthorizationException

initialize

public void initialize(java.lang.String chainName,
                       java.lang.String prefix,
                       ChainConfig config)
                throws InitializeException

this method is used to initialise the Permis PDP.

Parameters:

chainName - denotes the service name, which is protected by the PDP.

prefix - denotes the scope of the Permis PDP.

config - passes the properties which are configured in the security descriptor

Throws:

InitializeException

close

public void close()
           throws CloseException

this method is not used.

Throws:

CloseException

getResponse

public org.w3c.dom.Element getResponse()

Return the response from the decision making

getAttributes

public org.w3c.dom.Element getAttributes()
                                  throws InitializeException

Return the environment attributes of the policy

Throws:

InitializeException

signingPKCValidation

public boolean signingPKCValidation(java.security.cert.X509Certificate cert)