Class SigningPolicyParser
eacl ::= {eacl_entry}
eacl_entry ::= {access_identity} pos_rights {restriction}
{pos_rights {restriction}} | {access_identity} neg_rights
access_identity ::= access_identity_type def_authority value
access_identity_type ::= "access_id_HOST" | "access_id_USER" |
"access_id_GROUP" | "access_id_CA" | "access_id_APPLICATION" |
"access_id_ANYBODY"
pos_rights ::= "pos_rights" def_authority value
{"pos_rights" def_authority value}
neg_rights ::= "neg_rights" def_authority value
{"neg_rights" def_authority value}
restriction ::= condition_type def_authority value
condition_type ::= alphanumeric_string
def_authority ::= alphanumeric_string
value ::= alphanumeric_string
This class take a signing policy file as input and parses it to extract the policy that is enforced. Only the following policy is enforced: access_id_CA with defining authority as X509 with CA DN as value. Any positive rights following it with globus as defining authority and value CA:sign. Lastly, restriction "cond_subjects" with globus as defining authority and the DNs the CA is authorized to sign. restrictions are assumed to start with cond_. Order of rights matter, so the first occurance of CA:Sign with allowedDNs is used and rest of the policy is ignored.
For a given signing policy file, only policy with the particular CA's DN is parsed.
subject names may include the following wildcard characters: * Matches zero or any number of characters. ? Matches any single character.
All subject names should be in Globus format, with slashes and should NOT be revered.
The allowed DN patterns are returned as a vector of java.util.regexp.Pattern. The BCNF grammar that uses wildcard (*) and single character (?) are replaced with the regexp grammar needed by the Pattern class.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic Pattern
getPattern
(String patternStr) Method that takes a pattern string as described in the signing policy file with * for zero or many characters and ? for single character, and converts it into java.util.regexp.Pattern object.Parses input stream to extract signing policy defined for CA with the specified DN.Parses the file to extract signing policy defined for CA with the specified DN.
-
Field Details
-
ACCESS_ID_PREFIX
- See Also:
-
ACCESS_ID_CA
- See Also:
-
DEF_AUTH_X509
- See Also:
-
DEF_AUTH_GLOBUS
- See Also:
-
POS_RIGHTS
- See Also:
-
NEG_RIGHTS
- See Also:
-
CONDITION_PREFIX
- See Also:
-
CONDITION_SUBJECT
- See Also:
-
VALUE_CA_SIGN
- See Also:
-
SINGLE_CHAR
- See Also:
-
WILDCARD
- See Also:
-
SINGLE_PATTERN
- See Also:
-
WILDCARD_PATTERN
- See Also:
-
-
Constructor Details
-
SigningPolicyParser
public SigningPolicyParser()
-
-
Method Details
-
parse
public Map<X500Principal,SigningPolicy> parse(String fileName) throws FileNotFoundException, SigningPolicyException Parses the file to extract signing policy defined for CA with the specified DN. If the policy file does not exist, a SigningPolicy object with only CA DN is created. If policy path exists, but no relevant policy exisit, SigningPolicy object with CA DN and file path is created.- Parameters:
fileName
- Name of the signing policy file- Returns:
- SigningPolicy object that contains the information. If no policy is found, SigningPolicy object with only the CA DN is returned.
- Throws:
SigningPolicyException
- Any errors with parsing the signing policy file.FileNotFoundException
- If the signing policy file does not exist.
-
parse
Parses input stream to extract signing policy defined for CA with the specified DN.- Parameters:
reader
- Reader to any input stream to get the signing policy information.- Returns:
- signing policy map defined by the signing policy file
- Throws:
SigningPolicyException
- Any errors with parsing the signing policy.
-
getPattern
Method that takes a pattern string as described in the signing policy file with * for zero or many characters and ? for single character, and converts it into java.util.regexp.Pattern object. This requires replacing the wildcard characters with equivalent expression in regexp grammar.- Parameters:
patternStr
- Pattern string as described in the signing policy file with for zero or many characters and ? for single character- Returns:
- Pattern object with the expression equivalent to patternStr.
-