org.globus.gsi
Class SigningPolicyParser
java.lang.Object
org.globus.gsi.SigningPolicyParser
public class SigningPolicyParser
- extends Object
Signing policy BCNF grammar as implemented here: (based on C implementation)
eacl ::= {eacl_entry}
eacl_entry ::= {access_identity} pos_rights {restriction}
{pos_rights {restriction}} | {access_identity} neg_rights
access_identity ::= access_identity_type def_authority value \n
access_identity_type ::= "access_id_HOST" |
"access_id_USER" |
"access_id_GROUP" |
"access_id_CA" |
"access_id_APPLICATION" |
"access_id_ANYBODY"
pos_rights ::= "pos_rights" def_authority value
{"pos_rights" def_authority value}
neg_rights ::= "neg_rights" def_authority value
{"neg_rights" def_authority value}
restriction ::= condition_type def_authority value \n
condition_type ::= alphanumeric_string
def_authority ::= alphanumeric_string
value ::= alphanumeric_string
This class take a signing policy file as input and parses it to
extract the policy that is enforced. Only the following policy is
enforced:
access_id_CA with defining authority as X509 with CA DN as
value. Any positive rights following it with globus as defining
authority and value CA:sign. Lastly, restriction "cond_subjects"
with globus as defining authority and the DNs the CA is authorized
to sign. restrictions are assumed to start with cond_. Order of
rights matter, so the first occurance of CA:Sign with allowedDNs is
used and rest of the policy is ignored.
For a given signing policy file, only policy with the particular
CA's DN is parsed.
subject names may include the following wildcard characters:
* Matches zero or any number of characters.
? Matches any single character.
All subject names should be in Globus format, with slashes and
should NOT be revered.
The allowed DN patterns are returned as a vector of
java.util.regexp.Pattern. The BCNF grammar that uses wildcard (*)
and single character (?) are replaced with the regexp grammar
needed by the Pattern class.
Method Summary |
static Pattern |
getPattern(String patternStr)
Method that takes a pattern string as described in the signing
policy file with * for zero or many characters and ? for single
character, and converts it into java.util.regexp.Pattern
object. |
static SigningPolicy |
getPolicy(Reader reader,
String requiredCaDN)
Parses input stream to extract signing policy defined for CA with
the specified DN. |
static SigningPolicy |
getPolicy(String fileName,
String requiredCaDN)
Parses the file to extract signing policy defined for CA with
the specified DN. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ACCESS_ID_PREFIX
public static String ACCESS_ID_PREFIX
ACCESS_ID_CA
public static String ACCESS_ID_CA
DEF_AUTH_X509
public static String DEF_AUTH_X509
DEF_AUTH_GLOBUS
public static String DEF_AUTH_GLOBUS
POS_RIGHTS
public static String POS_RIGHTS
NEG_RIGHTS
public static String NEG_RIGHTS
CONDITION_PREFIX
public static String CONDITION_PREFIX
CONDITION_SUBJECT
public static String CONDITION_SUBJECT
VALUE_CA_SIGN
public static String VALUE_CA_SIGN
SINGLE_CHAR
public static String SINGLE_CHAR
WILDCARD
public static String WILDCARD
SINGLE_PATTERN
public static String SINGLE_PATTERN
WILDCARD_PATTERN
public static String WILDCARD_PATTERN
SigningPolicyParser
public SigningPolicyParser()
getPolicy
public static SigningPolicy getPolicy(String fileName,
String requiredCaDN)
throws SigningPolicyParserException
- Parses the file to extract signing policy defined for CA with
the specified DN. If the policy file does not exist, a
SigningPolicy object with only CA DN is created. If policy path
exists, but no relevant policy exisit, SigningPolicy object with
CA DN and file path is created.
- Parameters:
fileName
- Name of the signing policy filerequiredCaDN
- The CA subject name for which policy is extracted
- Returns:
- SigningPolicy object that contains the information. If
no policy is found, SigningPolicy object with only the
CA DN is returned.
- Throws:
SigningPolicyParserException
- Any errors with parsing the signing policy file.
getPolicy
public static SigningPolicy getPolicy(Reader reader,
String requiredCaDN)
throws SigningPolicyParserException
- Parses input stream to extract signing policy defined for CA with
the specified DN.
- Parameters:
reader
- Reader to any input stream to get the signing policy information.requiredCaDN
- The CA subject name for which policy is extracted
- Returns:
- SigningPolicy object that contains the information. If
no policy is found, SigningPolicy object with only the
CA DN is returned.
- Throws:
SigningPolicyParserException
- Any errors with parsing the signing policy.
getPattern
public static Pattern getPattern(String patternStr)
- Method that takes a pattern string as described in the signing
policy file with * for zero or many characters and ? for single
character, and converts it into java.util.regexp.Pattern
object. This requires replacing the wildcard characters with
equivalent expression in regexp grammar.
- Parameters:
patternStr
- Pattern string as described in the signing policy file
with for zero or many characters and ? for single
character
- Returns:
- Pattern object with the expression equivalent to patternStr.