KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > model > authorization > AdminEntity


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.core.model.authorization;
15
16 import java.io.Serializable JavaDoc;
17 import java.security.cert.X509Certificate JavaDoc;
18 import java.util.regex.Pattern JavaDoc;
19
20 import org.ejbca.util.CertTools;
21 import org.ejbca.util.StringTools;
22 import org.ejbca.util.dn.DNFieldExtractor;
23
24
25 /**
26  * A class representing a admin entity. It can be set to match one admins dn or an entire organization by matching against o.
27  * The class main method is match() which takes a X509Certificate and tries to see if it fullfills set matching requirements.
28  *
29  * Matchwith constants points to which part of the certificate to match with.
30  * Matchtype constants tells under which contitions the match shall be performed.
31  *
32  * @author Philip Vendil
33  * @version $Id: AdminEntity.java,v 1.3 2007/01/03 14:34:10 anatom Exp $
34  */

35 public class AdminEntity implements Serializable JavaDoc, Comparable JavaDoc {
36     // Special Users. (Constants cannot have 0 value).
37
public static final int SPECIALADMIN_PUBLICWEBUSER = 2000;
38     public static final int SPECIALADMIN_CACOMMANDLINEADMIN = 2001;
39     public static final int SPECIALADMIN_RAADMIN = 2002;
40     public static final int SPECIALADMIN_BATCHCOMMANDLINEADMIN = 2003;
41     public static final int SPECIALADMIN_INTERNALUSER = 2004;
42     public static final int SPECIALADMIN_NOUSER = 2005;
43
44     // Match type constants.
45
public static final int TYPE_EQUALCASE = 1000;
46     public static final int TYPE_EQUALCASEINS = 1001;
47     public static final int TYPE_NOT_EQUALCASE = 1002;
48     public static final int TYPE_NOT_EQUALCASEINS = 1003;
49
50
51     // Match with constants.
52
// OBSERVE These constants is also used as a priority indicator for access rules.
53
// The higher values the higher priority.
54
public static final int WITH_COUNTRY = 1;
55     public static final int WITH_DOMAINCOMPONENT = 2;
56     public static final int WITH_STATE = 3;
57     public static final int WITH_LOCALE = 4;
58     public static final int WITH_ORGANIZATION = 5;
59     public static final int WITH_ORGANIZATIONUNIT = 6;
60     public static final int WITH_TITLE = 7;
61     public static final int WITH_COMMONNAME = 8;
62     public static final int WITH_UID = 9;
63     public static final int WITH_DNSERIALNUMBER = 10;
64     public static final int WITH_SERIALNUMBER = 11;
65
66     private static final Pattern JavaDoc serialPattern =
67       Pattern.compile("\\bSERIALNUMBER=", Pattern.CASE_INSENSITIVE);
68
69     /** Creates a new instance of AdminEntity */
70     public AdminEntity(int matchwith, int matchtype, String JavaDoc matchvalue, int caid) {
71         setMatchWith(matchwith);
72         setMatchType(matchtype);
73         setMatchValue(matchvalue);
74         this.caid=caid;
75     }
76
77     public AdminEntity(int specialadmin) {
78         // FIXME this is a hack for now, to initialize explicitely attributes to some fixed values.
79
// I'm setting matchvalue to some arbitrary value as the schema does not support null
80
this(WITH_SERIALNUMBER, specialadmin, "UNUSED", 0);
81     }
82
83     // Public methods.
84
/** Matches the given client X509Certificate to see if it matches it's requirements. */
85     public boolean match(AdminInformation admininformation) {
86       boolean returnvalue=false;
87
88       if(admininformation.isSpecialUser()){
89         if(this.matchtype == admininformation.getSpecialUser()){
90           // There is a match of special admin return true;
91
returnvalue = true;
92         }
93       }
94       else{
95         X509Certificate JavaDoc certificate = admininformation.getX509Certificate();
96         String JavaDoc certstring = certificate.getSubjectDN().toString();
97         int admincaid = CertTools.getIssuerDN(certificate).hashCode(); // certificate.getIssuerDN().toString().hashCode();
98

99         //String serialnumber = certificate.getSerialNumber().toString(16);
100
certstring = serialPattern.matcher(certstring).replaceAll("SN=");
101
102         int parameter;
103         int size=0;
104         String JavaDoc[] clientstrings=null;
105        
106
107         // First check that issuers match.
108
if(this.caid == admincaid){
109           // Determine part of certificate to match with.
110
DNFieldExtractor dn = new DNFieldExtractor(certstring,DNFieldExtractor.TYPE_SUBJECTDN);
111           if(matchwith == WITH_SERIALNUMBER){
112             if(certificate!=null){
113               switch(matchtype){
114                 case TYPE_EQUALCASE:
115                 case TYPE_EQUALCASEINS:
116                     try{
117                       returnvalue = (new java.math.BigInteger JavaDoc(matchvalue,16)).equals(certificate.getSerialNumber());
118                     }catch(java.lang.NumberFormatException JavaDoc nfe){}
119                     break;
120                 case TYPE_NOT_EQUALCASE:
121                 case TYPE_NOT_EQUALCASEINS:
122                     try{
123                       returnvalue = !(new java.math.BigInteger JavaDoc(matchvalue,16)).equals(certificate.getSerialNumber());
124                     }catch(java.lang.NumberFormatException JavaDoc nfe){}
125                     break;
126                 default:
127               }
128             }
129           }
130           else{
131             parameter = DNFieldExtractor.CN;
132             switch(matchwith){
133               case WITH_COUNTRY:
134                 parameter = DNFieldExtractor.C;
135                 break;
136               case WITH_DOMAINCOMPONENT:
137                 parameter = DNFieldExtractor.DC;
138                 break;
139               case WITH_STATE:
140                 parameter = DNFieldExtractor.L;
141                 break;
142               case WITH_LOCALE:
143                 parameter = DNFieldExtractor.ST;
144                 break;
145               case WITH_ORGANIZATION:
146                 parameter = DNFieldExtractor.O;
147                 break;
148               case WITH_ORGANIZATIONUNIT:
149                 parameter = DNFieldExtractor.OU;
150                 break;
151               case WITH_TITLE:
152                 parameter = DNFieldExtractor.T;
153                 break;
154               case WITH_DNSERIALNUMBER:
155                 parameter = DNFieldExtractor.SN;
156                 break;
157               case WITH_COMMONNAME:
158                 parameter = DNFieldExtractor.CN;
159                 break;
160               case WITH_UID:
161                 parameter = DNFieldExtractor.UID;
162                 break;
163               default:
164             }
165             size = dn.getNumberOfFields(parameter);
166             clientstrings = new String JavaDoc[size];
167             for(int i=0; i < size; i++){
168               clientstrings[i] = dn.getField(parameter,i);
169             }
170
171             // Determine how to match.
172
if(clientstrings!=null){
173               switch(matchtype){
174                 case TYPE_EQUALCASE:
175                   for(int i=0; i < size ; i++){
176                     returnvalue = clientstrings[i].equals(matchvalue);
177                     if(returnvalue)
178                       break;
179                   }
180                   break;
181                 case TYPE_EQUALCASEINS:
182                   for(int i=0; i < size ; i++){
183                     returnvalue = clientstrings[i].equalsIgnoreCase(matchvalue);
184                     if(returnvalue)
185                       break;
186                   }
187                   break;
188                 case TYPE_NOT_EQUALCASE:
189                   for(int i=0; i < size ; i++){
190                     returnvalue = !clientstrings[i].equals(matchvalue);
191                     if(returnvalue)
192                       break;
193                   }
194                   break;
195                 case TYPE_NOT_EQUALCASEINS:
196                   for(int i=0; i < size ; i++){
197                     returnvalue = !clientstrings[i].equalsIgnoreCase(matchvalue);
198                     if(returnvalue)
199                       break;
200                   }
201                   break;
202                 default:
203               }
204             }
205           }
206         }
207       }
208
209       return returnvalue;
210     }
211
212     // Methods to get and set the individual variables.
213
public int getMatchWith(){
214       return matchwith;
215     }
216
217     public void setMatchWith(int matchwith){
218       if(matchwith == AdminEntity.WITH_SERIALNUMBER){
219          this.matchvalue = StringTools.stripWhitespace(this.matchvalue);
220       }
221       this.matchwith=matchwith;
222     }
223
224     public int getMatchType(){
225       return matchtype;
226     }
227
228     public void setMatchType(int matchtype){
229       this.matchtype=matchtype;
230     }
231
232     public String JavaDoc getMatchValue(){
233       return matchvalue;
234     }
235
236     public void setMatchValue(String JavaDoc matchvalue){
237       if(this.matchwith == AdminEntity.WITH_SERIALNUMBER){
238          this.matchvalue = StringTools.stripWhitespace(matchvalue);
239       }else
240          this.matchvalue=matchvalue;
241     }
242
243     public int getSpecialUser(){
244       return this.matchtype;
245     }
246
247     public void setSpecialUser(int specialadmin){
248        this.matchtype=specialadmin;
249     }
250
251     public boolean isSpecialUser(){
252       return this.matchtype >= 2000 && this.matchtype <= 2999;
253     }
254
255     /** Method used by the access tree to determine the priority. The priority is the same as match with value. */
256     public int getPriority(){
257       return matchwith;
258     }
259
260      public int compareTo(Object JavaDoc obj) {
261       return matchvalue.compareTo(((AdminEntity)obj).getMatchValue());
262     }
263
264     // Private methods.
265

266
267     // Private fields.
268
private int matchwith;
269     private int matchtype;
270     private String JavaDoc matchvalue;
271     private int caid;
272
273 }
274
Popular Tags