AdminEntity


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13   
14  package org.ejbca.core.model.authorization;
15  
16  import java.io.Serializable  ;
17  import java.security.cert.X509Certificate  ;
18  import java.util.regex.Pattern  ;
19  
20  import org.ejbca.util.CertTools;
21  import org.ejbca.util.StringTools;
22  import org.ejbca.util.dn.DNFieldExtractor;
23  
24  
25  /**
26   * A class representing a admin entity. It can be set to match one admins dn or an entire organization by matching against o.
27   * The class main method is match() which takes a X509Certificate and tries to see if it fullfills set matching requirements.
28   *
29   * Matchwith constants points to which part of the certificate to match with.
30   * Matchtype constants tells under which contitions the match shall be performed.
31   *
32   * @author  Philip Vendil
33   * @version $Id: AdminEntity.java,v 1.3 2007/01/03 14:34:10 anatom Exp $
34   */
35  public class AdminEntity implements Serializable  , Comparable   {
36      // Special Users. (Constants cannot have 0 value).
37      public static final int SPECIALADMIN_PUBLICWEBUSER             = 2000;
38      public static final int SPECIALADMIN_CACOMMANDLINEADMIN        = 2001;
39      public static final int SPECIALADMIN_RAADMIN                   = 2002;
40      public static final int SPECIALADMIN_BATCHCOMMANDLINEADMIN     = 2003;
41      public static final int SPECIALADMIN_INTERNALUSER              = 2004;
42      public static final int SPECIALADMIN_NOUSER                    = 2005;
43  
44      // Match type constants.
45      public static final int TYPE_EQUALCASE        = 1000;
46      public static final int TYPE_EQUALCASEINS     = 1001;
47      public static final int TYPE_NOT_EQUALCASE    = 1002;
48      public static final int TYPE_NOT_EQUALCASEINS = 1003;
49  
50  
51      // Match with constants.
52      // OBSERVE These constants is also used as a priority indicator for access rules.
53      // The higher values the higher priority.
54      public static final int WITH_COUNTRY           = 1;
55      public static final int WITH_DOMAINCOMPONENT   = 2;
56      public static final int WITH_STATE             = 3;
57      public static final int WITH_LOCALE            = 4;
58      public static final int WITH_ORGANIZATION      = 5;
59      public static final int WITH_ORGANIZATIONUNIT  = 6;
60      public static final int WITH_TITLE             = 7;
61      public static final int WITH_COMMONNAME        = 8;
62      public static final int WITH_UID               = 9;
63      public static final int WITH_DNSERIALNUMBER    = 10;
64      public static final int WITH_SERIALNUMBER      = 11;
65  
66      private static final Pattern   serialPattern =
67        Pattern.compile("\\bSERIALNUMBER=", Pattern.CASE_INSENSITIVE);
68  
69      /** Creates a new instance of AdminEntity */
70      public AdminEntity(int matchwith, int matchtype, String   matchvalue, int caid) {
71          setMatchWith(matchwith);
72          setMatchType(matchtype);
73          setMatchValue(matchvalue);
74          this.caid=caid;
75      }
76  
77      public AdminEntity(int specialadmin) {
78          // FIXME this is a hack for now, to initialize explicitely attributes to some fixed values.
79          // I'm setting matchvalue to some arbitrary value as the schema does not support null
80          this(WITH_SERIALNUMBER, specialadmin, "UNUSED", 0);
81      }
82  
83      // Public methods.
84      /** Matches the given client X509Certificate to see if it matches it's requirements. */
85      public boolean match(AdminInformation admininformation) {
86        boolean returnvalue=false;
87  
88        if(admininformation.isSpecialUser()){         
89          if(this.matchtype ==  admininformation.getSpecialUser()){
90            // There is a match of special admin return true;
91            returnvalue = true;
92          }
93        }
94        else{
95          X509Certificate   certificate = admininformation.getX509Certificate();
96          String   certstring = certificate.getSubjectDN().toString();
97          int admincaid =  CertTools.getIssuerDN(certificate).hashCode();  //  certificate.getIssuerDN().toString().hashCode();
98          
99          //String serialnumber = certificate.getSerialNumber().toString(16);
100         certstring = serialPattern.matcher(certstring).replaceAll("SN=");
101 
102         int parameter;
103         int size=0;
104         String  [] clientstrings=null;
105        
106 
107         // First check that issuers match.
108         if(this.caid == admincaid){
109           // Determine part of certificate to match with.
110           DNFieldExtractor dn = new DNFieldExtractor(certstring,DNFieldExtractor.TYPE_SUBJECTDN);
111           if(matchwith == WITH_SERIALNUMBER){
112             if(certificate!=null){
113               switch(matchtype){
114                 case TYPE_EQUALCASE:
115                 case TYPE_EQUALCASEINS:
116                     try{
117                       returnvalue = (new java.math.BigInteger  (matchvalue,16)).equals(certificate.getSerialNumber());
118                     }catch(java.lang.NumberFormatException   nfe){}
119                     break;
120                 case TYPE_NOT_EQUALCASE:
121                 case TYPE_NOT_EQUALCASEINS:
122                     try{
123                       returnvalue = !(new java.math.BigInteger  (matchvalue,16)).equals(certificate.getSerialNumber());
124                     }catch(java.lang.NumberFormatException   nfe){}
125                     break;
126                 default:
127               }
128             }
129           }
130           else{
131             parameter = DNFieldExtractor.CN;
132             switch(matchwith){
133               case WITH_COUNTRY:
134                 parameter = DNFieldExtractor.C;
135                 break;
136               case WITH_DOMAINCOMPONENT:
137                 parameter = DNFieldExtractor.DC;
138                 break;
139               case WITH_STATE:
140                 parameter = DNFieldExtractor.L;
141                 break;
142               case WITH_LOCALE:
143                 parameter = DNFieldExtractor.ST;
144                 break;
145               case WITH_ORGANIZATION:
146                 parameter = DNFieldExtractor.O;
147                 break;
148               case WITH_ORGANIZATIONUNIT:
149                 parameter = DNFieldExtractor.OU;
150                 break;
151               case WITH_TITLE:
152                 parameter = DNFieldExtractor.T;
153                 break;
154               case WITH_DNSERIALNUMBER:
155                 parameter = DNFieldExtractor.SN;
156                 break;
157               case WITH_COMMONNAME:
158                 parameter = DNFieldExtractor.CN;
159                 break;
160               case WITH_UID:
161                 parameter = DNFieldExtractor.UID;
162                 break;
163               default:
164             }
165             size = dn.getNumberOfFields(parameter);
166             clientstrings = new String  [size];
167             for(int i=0; i < size; i++){
168               clientstrings[i] = dn.getField(parameter,i);
169             }
170 
171             // Determine how to match.
172             if(clientstrings!=null){
173               switch(matchtype){
174                 case TYPE_EQUALCASE:
175                   for(int i=0; i < size ; i++){
176                     returnvalue = clientstrings[i].equals(matchvalue);
177                     if(returnvalue)
178                       break;
179                   }
180                   break;
181                 case TYPE_EQUALCASEINS:
182                   for(int i=0; i < size ; i++){
183                     returnvalue = clientstrings[i].equalsIgnoreCase(matchvalue);
184                     if(returnvalue)
185                       break;
186                   }
187                   break;
188                 case TYPE_NOT_EQUALCASE:
189                   for(int i=0; i < size ; i++){
190                     returnvalue = !clientstrings[i].equals(matchvalue);
191                     if(returnvalue)
192                       break;
193                   }
194                   break;
195                 case TYPE_NOT_EQUALCASEINS:
196                   for(int i=0; i < size ; i++){
197                     returnvalue = !clientstrings[i].equalsIgnoreCase(matchvalue);
198                     if(returnvalue)
199                       break;
200                   }
201                   break;
202                 default:
203               }
204             }
205           }
206         }
207       }
208 
209       return returnvalue;
210     }
211 
212     // Methods to get and set the individual variables.
213     public int getMatchWith(){
214       return matchwith;
215     }
216 
217     public void setMatchWith(int matchwith){
218       if(matchwith == AdminEntity.WITH_SERIALNUMBER){
219          this.matchvalue = StringTools.stripWhitespace(this.matchvalue);
220       }
221       this.matchwith=matchwith;
222     }
223 
224     public int getMatchType(){
225       return matchtype;
226     }
227 
228     public void setMatchType(int matchtype){
229       this.matchtype=matchtype;
230     }
231 
232     public String   getMatchValue(){
233       return matchvalue;
234     }
235 
236     public void setMatchValue(String   matchvalue){
237       if(this.matchwith == AdminEntity.WITH_SERIALNUMBER){
238          this.matchvalue = StringTools.stripWhitespace(matchvalue);
239       }else  
240          this.matchvalue=matchvalue;
241     }
242 
243     public int getSpecialUser(){
244       return this.matchtype;
245     }
246 
247     public void setSpecialUser(int specialadmin){
248        this.matchtype=specialadmin;
249     }
250 
251     public boolean isSpecialUser(){
252       return this.matchtype >= 2000 && this.matchtype <= 2999;
253     }
254 
255     /** Method used by the access tree to determine the priority. The priority is the same as match with value. */
256     public int getPriority(){
257       return matchwith;
258     }
259 
260      public int compareTo(Object   obj) {
261       return matchvalue.compareTo(((AdminEntity)obj).getMatchValue());
262     }
263 
264     // Private methods.
265 
266 
267     // Private fields.
268     private int    matchwith;
269     private int    matchtype;
270     private String   matchvalue;
271     private int    caid;
272 
273 }
274
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags