issrg.pba.rbac.x509
Class SimplePERMISACPolicyFinder
java.lang.Object
issrg.pba.rbac.PolicyFinder
issrg.pba.rbac.x509.SimplePERMISACPolicyFinder
- Direct Known Subclasses:
- RepositoryACPolicyFinder
public class SimplePERMISACPolicyFinder
- extends PolicyFinder
This is a simple Policy Finder that can be instantiated from an instance of
an X.509 Attribute Certificate. It is useful to extend from: collect the
Attribute Certificates, then invoke initPolicyFromACArray to initialise the
Policy Finder.
- Author:
- gansen
Fields inherited from class issrg.pba.rbac.PolicyFinder |
accessPolicy, allocationPolicy, authzTokenRepository, filepath, msodPolicySet, parsedPolicy, policyOID, satLevel, sawsServer, soa, sv, tokenParser |
Method Summary |
protected void |
initPolicyFromACArray(byte[][] acBinary,
java.lang.String policyID,
java.security.Principal soa,
SignatureVerifier signatureVerifier)
This method looks for the right policy among an array of X.509 Attribute
Certificates. |
Methods inherited from class issrg.pba.rbac.PolicyFinder |
getAccessPolicy, getAllocationPolicy, getfilepath, getMSoDPolicy, getParsedPolicy, getPolicyOID, getRepository, getSATLevel, getSAWSServer, getSOA, getSV, removeSystemTag, SAWSCloseLog, setSV |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SimplePERMISACPolicyFinder
protected SimplePERMISACPolicyFinder()
SimplePERMISACPolicyFinder
public SimplePERMISACPolicyFinder(byte[] acBinary,
java.lang.String policyID,
java.security.Principal soa,
SignatureVerifier signatureVerifier)
throws PbaException
- This constructor builds a Policy Finder given an AC, the identifier of
the policy and the identity of the policy issuer. Only if the AC holds
the required policy construction succeeds. This constructor invokes the
initPolicyFromACArray directly, see that method description for
additional details.
- Parameters:
acBinary
- - the array of byte arrays, each representing a
BER-encoded or Base64 encoding of a BER-encoded X.509 ACpolicyID
- - the identifier of the policy to usesoa
- - the Principal naming the issuer of the policy (must be the
Holder and Issuer of the self-signed Attribute Certificate)signatureVerifier
- - the SignatureVerifier to use; if null, digital signatures on
the ACs are not checked (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
- Throws:
PbaException
SimplePERMISACPolicyFinder
public SimplePERMISACPolicyFinder(byte[] acBinary,
java.lang.String policyID,
java.security.Principal soa,
SignatureVerifier signatureVerifier,
int satLevel)
throws PbaException
- Throws:
PbaException
initPolicyFromACArray
protected void initPolicyFromACArray(byte[][] acBinary,
java.lang.String policyID,
java.security.Principal soa,
SignatureVerifier signatureVerifier)
throws PbaException
- This method looks for the right policy among an array of X.509 Attribute
Certificates. The policy is identified by its Policy ID (OID in PERMIS
XML) and the name of the issuer of the policy. The signatures on the
ACs are validated using the SignatureVerifier provided, if any.
- Parameters:
acBinary
- - the array of byte arrays, each representing a
BER-encoded or Base64 encoding of a BER-encoded X.509 ACpolicyID
- - the identifier of the policy to usesoa
- - the Principal naming the issuer of the policy (must be the
Holder and Issuer of the self-signed Attribute Certificate)signatureVerifier
- - the SignatureVerifier to use; if null, digital signatures on
the ACs are not checked (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
- Throws:
PbaException