org.globus.gsi
Class SigningPolicyParser

java.lang.Object
  extended byorg.globus.gsi.SigningPolicyParser

public class SigningPolicyParser
extends Object

Signing policy BCNF grammar as implemented here: (based on C implementation) eacl ::= {eacl_entry} eacl_entry ::= {access_identity} pos_rights {restriction} {pos_rights {restriction}} | {access_identity} neg_rights access_identity ::= access_identity_type def_authority value \n access_identity_type ::= "access_id_HOST" | "access_id_USER" | "access_id_GROUP" | "access_id_CA" | "access_id_APPLICATION" | "access_id_ANYBODY" pos_rights ::= "pos_rights" def_authority value {"pos_rights" def_authority value} neg_rights ::= "neg_rights" def_authority value {"neg_rights" def_authority value} restriction ::= condition_type def_authority value \n condition_type ::= alphanumeric_string def_authority ::= alphanumeric_string value ::= alphanumeric_string This class take a signing policy file as input and parses it to extract the policy that is enforced. Only the following policy is enforced: access_id_CA with defining authority as X509 with CA DN as value. Any positive rights following it with globus as defining authority and value CA:sign. Lastly, restriction "cond_subjects" with globus as defining authority and the DNs the CA is authorized to sign. restrictions are assumed to start with cond_. Order of rights matter, so the first occurance of CA:Sign with allowedDNs is used and rest of the policy is ignored. For a given signing policy file, only policy with the particular CA's DN is parsed. subject names may include the following wildcard characters: * Matches zero or any number of characters. ? Matches any single character. All subject names should be in Globus format, with slashes and should NOT be revered. The allowed DN patterns are returned as a vector of java.util.regexp.Pattern. The BCNF grammar that uses wildcard (*) and single character (?) are replaced with the regexp grammar needed by the Pattern class.


Field Summary
static String ACCESS_ID_CA
           
static String ACCESS_ID_PREFIX
           
static String CONDITION_PREFIX
           
static String CONDITION_SUBJECT
           
static String DEF_AUTH_GLOBUS
           
static String DEF_AUTH_X509
           
static String NEG_RIGHTS
           
static String POS_RIGHTS
           
static String SINGLE_CHAR
           
static String SINGLE_PATTERN
           
static String VALUE_CA_SIGN
           
static String WILDCARD
           
static String WILDCARD_PATTERN
           
 
Constructor Summary
SigningPolicyParser()
           
 
Method Summary
static Pattern getPattern(String patternStr)
          Method that takes a pattern string as described in the signing policy file with * for zero or many characters and ? for single character, and converts it into java.util.regexp.Pattern object.
static SigningPolicy getPolicy(Reader reader, String requiredCaDN)
          Parses input stream to extract signing policy defined for CA with the specified DN.
static SigningPolicy getPolicy(String fileName, String requiredCaDN)
          Parses the file to extract signing policy defined for CA with the specified DN.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACCESS_ID_PREFIX

public static String ACCESS_ID_PREFIX

ACCESS_ID_CA

public static String ACCESS_ID_CA

DEF_AUTH_X509

public static String DEF_AUTH_X509

DEF_AUTH_GLOBUS

public static String DEF_AUTH_GLOBUS

POS_RIGHTS

public static String POS_RIGHTS

NEG_RIGHTS

public static String NEG_RIGHTS

CONDITION_PREFIX

public static String CONDITION_PREFIX

CONDITION_SUBJECT

public static String CONDITION_SUBJECT

VALUE_CA_SIGN

public static String VALUE_CA_SIGN

SINGLE_CHAR

public static String SINGLE_CHAR

WILDCARD

public static String WILDCARD

SINGLE_PATTERN

public static String SINGLE_PATTERN

WILDCARD_PATTERN

public static String WILDCARD_PATTERN
Constructor Detail

SigningPolicyParser

public SigningPolicyParser()
Method Detail

getPolicy

public static SigningPolicy getPolicy(String fileName,
                                      String requiredCaDN)
                               throws SigningPolicyParserException
Parses the file to extract signing policy defined for CA with the specified DN. If the policy file does not exist, a SigningPolicy object with only CA DN is created. If policy path exists, but no relevant policy exisit, SigningPolicy object with CA DN and file path is created.

Parameters:
fileName - Name of the signing policy file
requiredCaDN - The CA subject name for which policy is extracted
Returns:
SigningPolicy object that contains the information. If no policy is found, SigningPolicy object with only the CA DN is returned.
Throws:
SigningPolicyParserException - Any errors with parsing the signing policy file.

getPolicy

public static SigningPolicy getPolicy(Reader reader,
                                      String requiredCaDN)
                               throws SigningPolicyParserException
Parses input stream to extract signing policy defined for CA with the specified DN.

Parameters:
reader - Reader to any input stream to get the signing policy information.
requiredCaDN - The CA subject name for which policy is extracted
Returns:
SigningPolicy object that contains the information. If no policy is found, SigningPolicy object with only the CA DN is returned.
Throws:
SigningPolicyParserException - Any errors with parsing the signing policy.

getPattern

public static Pattern getPattern(String patternStr)
Method that takes a pattern string as described in the signing policy file with * for zero or many characters and ? for single character, and converts it into java.util.regexp.Pattern object. This requires replacing the wildcard characters with equivalent expression in regexp grammar.

Parameters:
patternStr - Pattern string as described in the signing policy file with for zero or many characters and ? for single character
Returns:
Pattern object with the expression equivalent to patternStr.