Class SigningPolicyParser
- java.lang.Object
-
- org.globus.gsi.SigningPolicyParser
-
public class SigningPolicyParser extends Object
Signing policy BCNF grammar as implemented here: (based on C implementation)eacl ::= {eacl_entry}
eacl_entry ::= {access_identity} pos_rights {restriction} {pos_rights {restriction}} | {access_identity} neg_rights
access_identity ::= access_identity_type def_authority value
access_identity_type ::= "access_id_HOST" | "access_id_USER" | "access_id_GROUP" | "access_id_CA" | "access_id_APPLICATION" | "access_id_ANYBODY"
pos_rights ::= "pos_rights" def_authority value {"pos_rights" def_authority value}
neg_rights ::= "neg_rights" def_authority value {"neg_rights" def_authority value}
restriction ::= condition_type def_authority value
condition_type ::= alphanumeric_string
def_authority ::= alphanumeric_string
value ::= alphanumeric_stringThis class take a signing policy file as input and parses it to extract the policy that is enforced. Only the following policy is enforced: access_id_CA with defining authority as X509 with CA DN as value. Any positive rights following it with globus as defining authority and value CA:sign. Lastly, restriction "cond_subjects" with globus as defining authority and the DNs the CA is authorized to sign. restrictions are assumed to start with cond_. Order of rights matter, so the first occurance of CA:Sign with allowedDNs is used and rest of the policy is ignored.
For a given signing policy file, only policy with the particular CA's DN is parsed.
subject names may include the following wildcard characters: * Matches zero or any number of characters. ? Matches any single character.
All subject names should be in Globus format, with slashes and should NOT be revered.
The allowed DN patterns are returned as a vector of java.util.regexp.Pattern. The BCNF grammar that uses wildcard (*) and single character (?) are replaced with the regexp grammar needed by the Pattern class.
-
-
Field Summary
Fields Modifier and Type Field Description static String
ACCESS_ID_CA
static String
ACCESS_ID_PREFIX
static String
CONDITION_PREFIX
static String
CONDITION_SUBJECT
static String
DEF_AUTH_GLOBUS
static String
DEF_AUTH_X509
static String
NEG_RIGHTS
static String
POS_RIGHTS
static String
SINGLE_CHAR
static String
SINGLE_PATTERN
static String
VALUE_CA_SIGN
static String
WILDCARD
static String
WILDCARD_PATTERN
-
Constructor Summary
Constructors Constructor Description SigningPolicyParser()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static Pattern
getPattern(String patternStr)
Method that takes a pattern string as described in the signing policy file with * for zero or many characters and ? for single character, and converts it into java.util.regexp.Pattern object.Map<X500Principal,SigningPolicy>
parse(Reader reader)
Parses input stream to extract signing policy defined for CA with the specified DN.Map<X500Principal,SigningPolicy>
parse(String fileName)
Parses the file to extract signing policy defined for CA with the specified DN.
-
-
-
Field Detail
-
ACCESS_ID_PREFIX
public static final String ACCESS_ID_PREFIX
- See Also:
- Constant Field Values
-
ACCESS_ID_CA
public static final String ACCESS_ID_CA
- See Also:
- Constant Field Values
-
DEF_AUTH_X509
public static final String DEF_AUTH_X509
- See Also:
- Constant Field Values
-
DEF_AUTH_GLOBUS
public static final String DEF_AUTH_GLOBUS
- See Also:
- Constant Field Values
-
POS_RIGHTS
public static final String POS_RIGHTS
- See Also:
- Constant Field Values
-
NEG_RIGHTS
public static final String NEG_RIGHTS
- See Also:
- Constant Field Values
-
CONDITION_PREFIX
public static final String CONDITION_PREFIX
- See Also:
- Constant Field Values
-
CONDITION_SUBJECT
public static final String CONDITION_SUBJECT
- See Also:
- Constant Field Values
-
VALUE_CA_SIGN
public static final String VALUE_CA_SIGN
- See Also:
- Constant Field Values
-
SINGLE_CHAR
public static final String SINGLE_CHAR
- See Also:
- Constant Field Values
-
WILDCARD
public static final String WILDCARD
- See Also:
- Constant Field Values
-
SINGLE_PATTERN
public static final String SINGLE_PATTERN
- See Also:
- Constant Field Values
-
WILDCARD_PATTERN
public static final String WILDCARD_PATTERN
- See Also:
- Constant Field Values
-
-
Method Detail
-
parse
public Map<X500Principal,SigningPolicy> parse(String fileName) throws FileNotFoundException, SigningPolicyException
Parses the file to extract signing policy defined for CA with the specified DN. If the policy file does not exist, a SigningPolicy object with only CA DN is created. If policy path exists, but no relevant policy exisit, SigningPolicy object with CA DN and file path is created.- Parameters:
fileName
- Name of the signing policy file- Returns:
- SigningPolicy object that contains the information. If no policy is found, SigningPolicy object with only the CA DN is returned.
- Throws:
SigningPolicyException
- Any errors with parsing the signing policy file.FileNotFoundException
- If the signing policy file does not exist.
-
parse
public Map<X500Principal,SigningPolicy> parse(Reader reader) throws SigningPolicyException
Parses input stream to extract signing policy defined for CA with the specified DN.- Parameters:
reader
- Reader to any input stream to get the signing policy information.- Returns:
- signing policy map defined by the signing policy file
- Throws:
SigningPolicyException
- Any errors with parsing the signing policy.
-
getPattern
public static Pattern getPattern(String patternStr)
Method that takes a pattern string as described in the signing policy file with * for zero or many characters and ? for single character, and converts it into java.util.regexp.Pattern object. This requires replacing the wildcard characters with equivalent expression in regexp grammar.- Parameters:
patternStr
- Pattern string as described in the signing policy file with for zero or many characters and ? for single character- Returns:
- Pattern object with the expression equivalent to patternStr.
-
-