org.globus.gsi
Class SigningPolicyParser

java.lang.Object
  extended by org.globus.gsi.SigningPolicyParser

public class SigningPolicyParser
extends java.lang.Object

Signing policy BCNF grammar as implemented here: (based on C implementation)

eacl ::= {eacl_entry} eacl_entry ::= {access_identity} pos_rights {restriction} {pos_rights {restriction}} | {access_identity} neg_rights access_identity ::= access_identity_type def_authority value \n access_identity_type ::= "access_id_HOST" | "access_id_USER" | "access_id_GROUP" | "access_id_CA" | "access_id_APPLICATION" | "access_id_ANYBODY" pos_rights ::= "pos_rights" def_authority value {"pos_rights" def_authority value} neg_rights ::= "neg_rights" def_authority value {"neg_rights" def_authority value} restriction ::= condition_type def_authority value \n condition_type ::= alphanumeric_string def_authority ::= alphanumeric_string value ::= alphanumeric_string

This class take a signing policy file as input and parses it to extract the policy that is enforced. Only the following policy is enforced: access_id_CA with defining authority as X509 with CA DN as value. Any positive rights following it with globus as defining authority and value CA:sign. Lastly, restriction "cond_subjects" with globus as defining authority and the DNs the CA is authorized to sign. restrictions are assumed to start with cond_. Order of rights matter, so the first occurance of CA:Sign with allowedDNs is used and rest of the policy is ignored.

For a given signing policy file, only policy with the particular CA's DN is parsed.

subject names may include the following wildcard characters: * Matches zero or any number of characters. ? Matches any single character.

All subject names should be in Globus format, with slashes and should NOT be revered.

The allowed DN patterns are returned as a vector of java.util.regexp.Pattern. The BCNF grammar that uses wildcard (*) and single character (?) are replaced with the regexp grammar needed by the Pattern class.


Field Summary
static java.lang.String ACCESS_ID_CA
           
static java.lang.String ACCESS_ID_PREFIX
           
static java.lang.String CONDITION_PREFIX
           
static java.lang.String CONDITION_SUBJECT
           
static java.lang.String DEF_AUTH_GLOBUS
           
static java.lang.String DEF_AUTH_X509
           
static java.lang.String NEG_RIGHTS
           
static java.lang.String POS_RIGHTS
           
static java.lang.String SINGLE_CHAR
           
static java.lang.String SINGLE_PATTERN
           
static java.lang.String VALUE_CA_SIGN
           
static java.lang.String WILDCARD
           
static java.lang.String WILDCARD_PATTERN
           
 
Constructor Summary
SigningPolicyParser()
           
 
Method Summary
static java.util.regex.Pattern getPattern(java.lang.String patternStr)
          Method that takes a pattern string as described in the signing policy file with * for zero or many characters and ? for single character, and converts it into java.util.regexp.Pattern object.
 java.util.Map<javax.security.auth.x500.X500Principal,SigningPolicy> parse(java.io.Reader reader)
          Parses input stream to extract signing policy defined for CA with the specified DN.
 java.util.Map<javax.security.auth.x500.X500Principal,SigningPolicy> parse(java.lang.String fileName)
          Parses the file to extract signing policy defined for CA with the specified DN.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACCESS_ID_PREFIX

public static final java.lang.String ACCESS_ID_PREFIX
See Also:
Constant Field Values

ACCESS_ID_CA

public static final java.lang.String ACCESS_ID_CA
See Also:
Constant Field Values

DEF_AUTH_X509

public static final java.lang.String DEF_AUTH_X509
See Also:
Constant Field Values

DEF_AUTH_GLOBUS

public static final java.lang.String DEF_AUTH_GLOBUS
See Also:
Constant Field Values

POS_RIGHTS

public static final java.lang.String POS_RIGHTS
See Also:
Constant Field Values

NEG_RIGHTS

public static final java.lang.String NEG_RIGHTS
See Also:
Constant Field Values

CONDITION_PREFIX

public static final java.lang.String CONDITION_PREFIX
See Also:
Constant Field Values

CONDITION_SUBJECT

public static final java.lang.String CONDITION_SUBJECT
See Also:
Constant Field Values

VALUE_CA_SIGN

public static final java.lang.String VALUE_CA_SIGN
See Also:
Constant Field Values

SINGLE_CHAR

public static final java.lang.String SINGLE_CHAR
See Also:
Constant Field Values

WILDCARD

public static final java.lang.String WILDCARD
See Also:
Constant Field Values

SINGLE_PATTERN

public static final java.lang.String SINGLE_PATTERN
See Also:
Constant Field Values

WILDCARD_PATTERN

public static final java.lang.String WILDCARD_PATTERN
See Also:
Constant Field Values
Constructor Detail

SigningPolicyParser

public SigningPolicyParser()
Method Detail

parse

public java.util.Map<javax.security.auth.x500.X500Principal,SigningPolicy> parse(java.lang.String fileName)
                                                                          throws java.io.FileNotFoundException,
                                                                                 SigningPolicyException
Parses the file to extract signing policy defined for CA with the specified DN. If the policy file does not exist, a SigningPolicy object with only CA DN is created. If policy path exists, but no relevant policy exisit, SigningPolicy object with CA DN and file path is created.

Parameters:
fileName - Name of the signing policy file
Returns:
SigningPolicy object that contains the information. If no policy is found, SigningPolicy object with only the CA DN is returned.
Throws:
SigningPolicyException - Any errors with parsing the signing policy file.
java.io.FileNotFoundException - If the signing policy file does not exist.

parse

public java.util.Map<javax.security.auth.x500.X500Principal,SigningPolicy> parse(java.io.Reader reader)
                                                                          throws SigningPolicyException
Parses input stream to extract signing policy defined for CA with the specified DN.

Parameters:
reader - Reader to any input stream to get the signing policy information.
Returns:
signing policy map defined by the signing policy file
Throws:
SigningPolicyException - Any errors with parsing the signing policy.

getPattern

public static java.util.regex.Pattern getPattern(java.lang.String patternStr)
Method that takes a pattern string as described in the signing policy file with * for zero or many characters and ? for single character, and converts it into java.util.regexp.Pattern object. This requires replacing the wildcard characters with equivalent expression in regexp grammar.

Parameters:
patternStr - Pattern string as described in the signing policy file with for zero or many characters and ? for single character
Returns:
Pattern object with the expression equivalent to patternStr.