issrg.pba.rbac.x509
Class SimplePERMISACPolicyFinder

java.lang.Object
  extended by issrg.pba.rbac.PolicyFinder
      extended by issrg.pba.rbac.x509.SimplePERMISACPolicyFinder
Direct Known Subclasses:
RepositoryACPolicyFinder

public class SimplePERMISACPolicyFinder
extends PolicyFinder

This is a simple Policy Finder that can be instantiated from an instance of an X.509 Attribute Certificate. It is useful to extend from: collect the Attribute Certificates, then invoke initPolicyFromACArray to initialise the Policy Finder.

Author:
gansen

Field Summary
 
Fields inherited from class issrg.pba.rbac.PolicyFinder
accessPolicy, allocationPolicy, authzTokenRepository, filepath, msodPolicySet, parsedPolicy, policyOID, satLevel, sawsServer, soa, sv, tokenParser
 
Constructor Summary
protected SimplePERMISACPolicyFinder()
           
  SimplePERMISACPolicyFinder(byte[] acBinary, java.lang.String policyID, java.security.Principal soa, SignatureVerifier signatureVerifier)
          This constructor builds a Policy Finder given an AC, the identifier of the policy and the identity of the policy issuer.
  SimplePERMISACPolicyFinder(byte[] acBinary, java.lang.String policyID, java.security.Principal soa, SignatureVerifier signatureVerifier, int satLevel)
           
 
Method Summary
protected  void initPolicyFromACArray(byte[][] acBinary, java.lang.String policyID, java.security.Principal soa, SignatureVerifier signatureVerifier)
          This method looks for the right policy among an array of X.509 Attribute Certificates.
 
Methods inherited from class issrg.pba.rbac.PolicyFinder
getAccessPolicy, getAllocationPolicy, getfilepath, getMSoDPolicy, getParsedPolicy, getPolicyOID, getRepository, getSATLevel, getSAWSServer, getSOA, getSV, removeSystemTag, SAWSCloseLog, setSV
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SimplePERMISACPolicyFinder

protected SimplePERMISACPolicyFinder()

SimplePERMISACPolicyFinder

public SimplePERMISACPolicyFinder(byte[] acBinary,
                                  java.lang.String policyID,
                                  java.security.Principal soa,
                                  SignatureVerifier signatureVerifier)
                           throws PbaException
This constructor builds a Policy Finder given an AC, the identifier of the policy and the identity of the policy issuer. Only if the AC holds the required policy construction succeeds. This constructor invokes the initPolicyFromACArray directly, see that method description for additional details.

Parameters:
acBinary - - the array of byte arrays, each representing a BER-encoded or Base64 encoding of a BER-encoded X.509 AC
policyID - - the identifier of the policy to use
soa - - the Principal naming the issuer of the policy (must be the Holder and Issuer of the self-signed Attribute Certificate)
signatureVerifier - - the SignatureVerifier to use; if null, digital signatures on the ACs are not checked (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
Throws:
PbaException

SimplePERMISACPolicyFinder

public SimplePERMISACPolicyFinder(byte[] acBinary,
                                  java.lang.String policyID,
                                  java.security.Principal soa,
                                  SignatureVerifier signatureVerifier,
                                  int satLevel)
                           throws PbaException
Throws:
PbaException
Method Detail

initPolicyFromACArray

protected void initPolicyFromACArray(byte[][] acBinary,
                                     java.lang.String policyID,
                                     java.security.Principal soa,
                                     SignatureVerifier signatureVerifier)
                              throws PbaException
This method looks for the right policy among an array of X.509 Attribute Certificates. The policy is identified by its Policy ID (OID in PERMIS XML) and the name of the issuer of the policy. The signatures on the ACs are validated using the SignatureVerifier provided, if any.

Parameters:
acBinary - - the array of byte arrays, each representing a BER-encoded or Base64 encoding of a BER-encoded X.509 AC
policyID - - the identifier of the policy to use
soa - - the Principal naming the issuer of the policy (must be the Holder and Issuer of the self-signed Attribute Certificate)
signatureVerifier - - the SignatureVerifier to use; if null, digital signatures on the ACs are not checked (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
Throws:
PbaException