org.globus.gsi
Class SigningPolicyParser
java.lang.Object
org.globus.gsi.SigningPolicyParser
public class SigningPolicyParser
- extends java.lang.Object
Signing policy BCNF grammar as implemented here: (based on C implementation)
eacl ::= {eacl_entry} eacl_entry ::= {access_identity} pos_rights
{restriction} {pos_rights {restriction}} | {access_identity} neg_rights
access_identity ::= access_identity_type def_authority value \n
access_identity_type ::= "access_id_HOST" | "access_id_USER" |
"access_id_GROUP" | "access_id_CA" | "access_id_APPLICATION" |
"access_id_ANYBODY" pos_rights ::= "pos_rights" def_authority value
{"pos_rights" def_authority value} neg_rights ::= "neg_rights" def_authority
value {"neg_rights" def_authority value} restriction ::= condition_type
def_authority value \n condition_type ::= alphanumeric_string def_authority
::= alphanumeric_string value ::= alphanumeric_string
This class take a signing policy file as input and parses it to extract the
policy that is enforced. Only the following policy is enforced: access_id_CA
with defining authority as X509 with CA DN as value. Any positive rights
following it with globus as defining authority and value CA:sign. Lastly,
restriction "cond_subjects" with globus as defining authority and the DNs the
CA is authorized to sign. restrictions are assumed to start with cond_. Order
of rights matter, so the first occurance of CA:Sign with allowedDNs is used
and rest of the policy is ignored.
For a given signing policy file, only policy with the particular CA's DN is
parsed.
subject names may include the following wildcard characters: * Matches
zero or any number of characters. ? Matches any single character.
All subject names should be in Globus format, with slashes and should NOT be
revered.
The allowed DN patterns are returned as a vector of java.util.regexp.Pattern.
The BCNF grammar that uses wildcard (*) and single character (?) are replaced
with the regexp grammar needed by the Pattern class.
Method Summary |
static java.util.regex.Pattern |
getPattern(java.lang.String patternStr)
Method that takes a pattern string as described in the signing policy
file with * for zero or many characters and ? for single character, and
converts it into java.util.regexp.Pattern object. |
java.util.Map<javax.security.auth.x500.X500Principal,SigningPolicy> |
parse(java.io.Reader reader)
Parses input stream to extract signing policy defined for CA with the
specified DN. |
java.util.Map<javax.security.auth.x500.X500Principal,SigningPolicy> |
parse(java.lang.String fileName)
Parses the file to extract signing policy defined for CA with the
specified DN. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ACCESS_ID_PREFIX
public static final java.lang.String ACCESS_ID_PREFIX
- See Also:
- Constant Field Values
ACCESS_ID_CA
public static final java.lang.String ACCESS_ID_CA
- See Also:
- Constant Field Values
DEF_AUTH_X509
public static final java.lang.String DEF_AUTH_X509
- See Also:
- Constant Field Values
DEF_AUTH_GLOBUS
public static final java.lang.String DEF_AUTH_GLOBUS
- See Also:
- Constant Field Values
POS_RIGHTS
public static final java.lang.String POS_RIGHTS
- See Also:
- Constant Field Values
NEG_RIGHTS
public static final java.lang.String NEG_RIGHTS
- See Also:
- Constant Field Values
CONDITION_PREFIX
public static final java.lang.String CONDITION_PREFIX
- See Also:
- Constant Field Values
CONDITION_SUBJECT
public static final java.lang.String CONDITION_SUBJECT
- See Also:
- Constant Field Values
VALUE_CA_SIGN
public static final java.lang.String VALUE_CA_SIGN
- See Also:
- Constant Field Values
SINGLE_CHAR
public static final java.lang.String SINGLE_CHAR
- See Also:
- Constant Field Values
WILDCARD
public static final java.lang.String WILDCARD
- See Also:
- Constant Field Values
SINGLE_PATTERN
public static final java.lang.String SINGLE_PATTERN
- See Also:
- Constant Field Values
WILDCARD_PATTERN
public static final java.lang.String WILDCARD_PATTERN
- See Also:
- Constant Field Values
SigningPolicyParser
public SigningPolicyParser()
parse
public java.util.Map<javax.security.auth.x500.X500Principal,SigningPolicy> parse(java.lang.String fileName)
throws java.io.FileNotFoundException,
SigningPolicyException
- Parses the file to extract signing policy defined for CA with the
specified DN. If the policy file does not exist, a SigningPolicy object
with only CA DN is created. If policy path exists, but no relevant policy
exisit, SigningPolicy object with CA DN and file path is created.
- Parameters:
fileName
- Name of the signing policy file
- Returns:
- SigningPolicy object that contains the information. If no policy
is found, SigningPolicy object with only the CA DN is returned.
- Throws:
SigningPolicyException
- Any errors with parsing the signing policy file.
java.io.FileNotFoundException
- If the signing policy file does not exist.
parse
public java.util.Map<javax.security.auth.x500.X500Principal,SigningPolicy> parse(java.io.Reader reader)
throws SigningPolicyException
- Parses input stream to extract signing policy defined for CA with the
specified DN.
- Parameters:
reader
- Reader to any input stream to get the signing policy
information.
- Returns:
- signing policy map defined by the signing policy file
- Throws:
SigningPolicyException
- Any errors with parsing the signing policy.
getPattern
public static java.util.regex.Pattern getPattern(java.lang.String patternStr)
- Method that takes a pattern string as described in the signing policy
file with * for zero or many characters and ? for single character, and
converts it into java.util.regexp.Pattern object. This requires replacing
the wildcard characters with equivalent expression in regexp grammar.
- Parameters:
patternStr
- Pattern string as described in the signing policy file
with for zero or many characters and ? for single
character
- Returns:
- Pattern object with the expression equivalent to patternStr.