KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > model > authorization > BasicAccessRuleSetEncoder


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13  
14 package org.ejbca.core.model.authorization;
15
16 import java.util.ArrayList JavaDoc;
17 import java.util.Collection JavaDoc;
18 import java.util.HashMap JavaDoc;
19 import java.util.HashSet JavaDoc;
20 import java.util.Iterator JavaDoc;
21
22 /**
23  * A class used as a help class for displaying and configuring basic access rules
24  *
25  * @author herrvendil
26  * @version $Id: BasicAccessRuleSetEncoder.java,v 1.3 2006/08/09 07:29:49 herrvendil Exp $
27  */
28 public class BasicAccessRuleSetEncoder implements java.io.Serializable JavaDoc {
29
30     private boolean forceadvanced = false;
31         
32     private int currentrole = BasicAccessRuleSet.ROLE_NONE;
33     private Collection JavaDoc availableroles = new ArrayList JavaDoc();
34     private HashSet JavaDoc currentcas = new HashSet JavaDoc();
35     private HashSet JavaDoc availablecas = new HashSet JavaDoc();
36     private HashSet JavaDoc currentendentityrules = new HashSet JavaDoc();
37     private ArrayList JavaDoc availableendentityrules = new ArrayList JavaDoc();
38     private HashSet JavaDoc currentendentityprofiles = new HashSet JavaDoc();
39     private HashSet JavaDoc availableendentityprofiles = new HashSet JavaDoc();
40     private HashSet JavaDoc currentotherrules = new HashSet JavaDoc();
41     private ArrayList JavaDoc availableotherrules = new ArrayList JavaDoc();
42     
43     /**
44      * Tries to encode a advanced ruleset into basic ones.
45      * Sets the forceadvanced flag if encoding isn't possible.
46      */
47     public BasicAccessRuleSetEncoder(Collection JavaDoc currentaccessrules, Collection JavaDoc availableaccessrules, boolean usehardtokens, boolean usekeyrecovery){
48          HashSet JavaDoc aar = new HashSet JavaDoc();
49          aar.addAll(availableaccessrules);
50          Iterator JavaDoc iter = currentaccessrules.iterator();
51          while(iter.hasNext()) aar.add(((AccessRule) iter.next()).getAccessRule());
52          initAvailableRoles(aar);
53          initAvailableRules(usehardtokens, usekeyrecovery, aar);
54          
55          initCurrentRole(currentaccessrules);
56          initCurrentRules(currentaccessrules);
57
58     }
59     
60         
61     /**
62      * Returns true if basic configuration of access rules isn't possible.
63      */
64     public boolean getForceAdvanced(){
65         return forceadvanced;
66     }
67
68     /**
69      * Returns the current role of the administrator group.
70      * One of the BasicRuleSet ROLE_constants
71      *
72      */
73     
74     public int getCurrentRole(){
75         return currentrole;
76     }
77
78     /**
79      * Returns a Collection of basic roles the administrator is authorized to configure.
80      * @return a Collection of BasicRuleSet.ROLE_constants (Integer)
81      *
82      */
83     public Collection JavaDoc getAvailableRoles(){
84         return availableroles;
85     }
86
87     /**
88      * @return a Collection of CAids the administratorgroup is authorized to or BasicAccessRuleSet.CA_ALL for all cas.
89      */
90     public HashSet JavaDoc getCurrentCAs(){
91         return currentcas;
92     }
93
94     /**
95      * @return a Collection of available CAids or BasicAccessRuleSet.CA_ALL for all cas.
96      */
97     public Collection JavaDoc getAvailableCAs(){
98         return availablecas;
99     }
100
101     /**
102      * @return a Collection of EndEntityRules the administratorgroup is authorized to, BasicAccessRuleSet.ENDENTITY_ constants (Integer).
103      */
104     public HashSet JavaDoc getCurrentEndEntityRules(){
105         return currentendentityrules;
106     }
107     
108     /**
109      * @return a Collection of available EndEntityRules, BasicAccessRuleSet.ENDENTITY_ constants (Integer)
110      */
111     public Collection JavaDoc getAvailableEndEntityRules(){
112         return availableendentityrules;
113     }
114     
115     /**
116      * @return a Collection of authorized EndEntityProfileIds or BasicAccessRuleSet.ENDENTITYPROFILE_ALL for all
117      */
118     public HashSet JavaDoc getCurrentEndEntityProfiles(){
119         return currentendentityprofiles;
120     }
121
122     /**
123      * @return a Collection of av ailable EndEntityProfileIds or BasicAccessRuleSet.ENDENTITYPROFILE_ALL for all and entity profiles.
124      */
125     public Collection JavaDoc getAvailableEndEntityProfiles(){
126        return availableendentityprofiles;
127     }
128     
129     /**
130      * @return a Collection of auhtorized other rules. (Integer).
131      */
132     public HashSet JavaDoc getCurrentOtherRules(){
133         return currentotherrules;
134     }
135     
136     /**
137      * @return a Collection of available other rules (Integer).
138      */
139     public Collection JavaDoc getAvailableOtherRules(){
140        return availableotherrules;
141     }
142     
143     private void initAvailableRoles(HashSet JavaDoc availableruleset){
144         availableroles.add(new Integer JavaDoc(BasicAccessRuleSet.ROLE_NONE));
145         availableroles.add(new Integer JavaDoc(BasicAccessRuleSet.ROLE_CAADMINISTRATOR));
146         
147         availableroles.add(new Integer JavaDoc(BasicAccessRuleSet.ROLE_RAADMINISTRATOR));
148         availableroles.add(new Integer JavaDoc(BasicAccessRuleSet.ROLE_SUPERVISOR));
149         // Check if administrator can create superadministrators
150 if(availableruleset.contains(AvailableAccessRules.ROLE_SUPERADMINISTRATOR)){
151             availableroles.add(new Integer JavaDoc(BasicAccessRuleSet.ROLE_SUPERADMINISTRATOR));
152         }
153
154     }
155     
156     private void initCurrentRole(Collection JavaDoc currentaccessrules){
157         // Check if administrator is superadministrator
158
159         if(currentaccessrules.size() >0){
160           if(isSuperAdministrator(currentaccessrules)){
161         
162               this.currentrole = BasicAccessRuleSet.ROLE_SUPERADMINISTRATOR;
163           }else
164             // Check if administrator is caadministrator
165 if(isCAAdministrator(currentaccessrules)){
166                 this.currentrole = BasicAccessRuleSet.ROLE_CAADMINISTRATOR;
167             }else
168             // Check if administrator is raadministrator
169 if(isRAAdministrator(currentaccessrules)){
170               this.currentrole = BasicAccessRuleSet.ROLE_RAADMINISTRATOR;
171             }else
172             // Check if administrator is supervisor
173 if(isSupervisor(currentaccessrules)){
174                 this.currentrole = BasicAccessRuleSet.ROLE_SUPERVISOR;
175             }else
176                 this.forceadvanced = true;
177         }else{
178             this.currentrole = BasicAccessRuleSet.ROLE_NONE;
179         }
180     }
181         
182     private boolean isSuperAdministrator(Collection JavaDoc currentaccessrules){
183         
184         boolean returnval = false;
185         if(currentaccessrules.size() ==1){
186             AccessRule ar = (AccessRule) currentaccessrules.iterator().next();
187             if(ar.getAccessRule().equals(AvailableAccessRules.ROLE_SUPERADMINISTRATOR) &&
188                                                        ar.getRule() == AccessRule.RULE_ACCEPT &&
189                                                        !ar.isRecursive())
190                 returnval = true;
191         }
192         
193         return returnval;
194     }
195     
196     private boolean isCAAdministrator(Collection JavaDoc currentaccessrules){
197        boolean returnval = false;
198                    
199        if(currentaccessrules.size() >= 7){
200          HashSet JavaDoc requiredacceptrecrules = new HashSet JavaDoc();
201          requiredacceptrecrules.add(AvailableAccessRules.REGULAR_CAFUNCTIONALTY);
202          requiredacceptrecrules.add(AvailableAccessRules.REGULAR_LOGFUNCTIONALITY);
203          requiredacceptrecrules.add(AvailableAccessRules.REGULAR_RAFUNCTIONALITY);
204          requiredacceptrecrules.add(AvailableAccessRules.REGULAR_SYSTEMFUNCTIONALITY);
205          requiredacceptrecrules.add(AvailableAccessRules.ENDENTITYPROFILEBASE);
206          HashSet JavaDoc requiredacceptnonrecrules = new HashSet JavaDoc();
207          requiredacceptnonrecrules.add(AvailableAccessRules.ROLE_ADMINISTRATOR);
208          requiredacceptnonrecrules.add(AvailableAccessRules.HARDTOKEN_EDITHARDTOKENISSUERS);
209          requiredacceptnonrecrules.add(AvailableAccessRules.HARDTOKEN_EDITHARDTOKENPROFILES);
210          
211          Iterator JavaDoc iter = currentaccessrules.iterator();
212          boolean illegal = false;
213          while(iter.hasNext()){
214             AccessRule ar = (AccessRule) iter.next();
215             if(!isAllowedCAAdministratorRule(ar))
216               if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive() && requiredacceptrecrules.contains(ar.getAccessRule()))
217                     requiredacceptrecrules.remove(ar.getAccessRule());
218               else
219                 if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive() && requiredacceptnonrecrules.contains(ar.getAccessRule()))
220                     requiredacceptnonrecrules.remove(ar.getAccessRule());
221                 else{
222                     illegal = true;
223                     break;
224                 }
225          }
226          if(!illegal && requiredacceptrecrules.size()==0 && requiredacceptnonrecrules.size() == 0)
227             returnval = true;
228          
229        }
230        
231
232        
233        return returnval;
234     }
235         
236     private boolean isAllowedCAAdministratorRule(AccessRule ar){
237         boolean returnval = false;
238         
239         if(ar.getAccessRule().equals(AvailableAccessRules.CABASE) && ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive())
240             returnval = true;
241
242         if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX) && ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive())
243             returnval = true;
244     
245         if(ar.getAccessRule().startsWith(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS) && ar.getRule() == AccessRule.RULE_ACCEPT)
246             returnval = true;
247         
248         return returnval;
249     }
250     
251     private boolean isRAAdministrator(Collection JavaDoc currentaccessrules){
252         boolean returnval = false;
253         
254         if(currentaccessrules.size() >= 4){
255             HashSet JavaDoc requiredaccepnonrecrules = new HashSet JavaDoc();
256             requiredaccepnonrecrules.add(AvailableAccessRules.ROLE_ADMINISTRATOR);
257             requiredaccepnonrecrules.add(AvailableAccessRules.REGULAR_CREATECERTIFICATE);
258             requiredaccepnonrecrules.add(AvailableAccessRules.REGULAR_STORECERTIFICATE);
259             requiredaccepnonrecrules.add(AvailableAccessRules.REGULAR_VIEWCERTIFICATE);
260                         
261             Iterator JavaDoc iter = currentaccessrules.iterator();
262             boolean illegal = false;
263             while(iter.hasNext()){
264                 AccessRule ar = (AccessRule) iter.next();
265                 if(!isAllowedRAAdministratorRule(ar))
266                         if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive() && requiredaccepnonrecrules.contains(ar.getAccessRule()))
267                             requiredaccepnonrecrules.remove(ar.getAccessRule());
268                         else{
269                             illegal = true;
270                             break;
271                         }
272             }
273             if(!illegal && requiredaccepnonrecrules.size() == 0)
274                 returnval = true;
275         }
276         
277         return returnval;
278     }
279     
280     
281     private boolean isAllowedRAAdministratorRule(AccessRule ar){
282         boolean returnval = false;
283                                 
284         if(ar.getRule() == AccessRule.RULE_ACCEPT){
285           if(ar.getAccessRule().equals(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS))
286               returnval = true;
287           if(ar.isRecursive()){
288               if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWLOG))
289                  returnval = true;
290               if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE) ||
291                  ar.getAccessRule().equals(AvailableAccessRules.CABASE))
292                    returnval = true;
293           }else{
294               if(ar.getAccessRule().startsWith(AvailableAccessRules.REGULAR_RAFUNCTIONALITY + "/")
295                   && !ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITYPROFILES))
296                   returnval = true;
297               if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX))
298                 returnval = true;
299               if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX))
300                 returnval = true;
301           }
302         }
303         return returnval;
304     }
305     
306     private boolean isSupervisor(Collection JavaDoc currentaccessrules){
307         boolean returnval = false;
308         
309         if(currentaccessrules.size() >= 2){
310             HashSet JavaDoc requiredacceptrecrules = new HashSet JavaDoc();
311             requiredacceptrecrules.add(AvailableAccessRules.REGULAR_VIEWLOG);
312             HashSet JavaDoc requiredacceptnonrecrules = new HashSet JavaDoc();
313             requiredacceptnonrecrules.add(AvailableAccessRules.ROLE_ADMINISTRATOR);
314             requiredacceptnonrecrules.add(AvailableAccessRules.REGULAR_VIEWCERTIFICATE);
315             Iterator JavaDoc iter = currentaccessrules.iterator();
316             boolean illegal = false;
317             while(iter.hasNext()){
318                 AccessRule ar = (AccessRule) iter.next();
319                 if(!isAllowedSupervisorRule(ar))
320                     if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive() && requiredacceptrecrules.contains(ar.getAccessRule()))
321                         requiredacceptrecrules.remove(ar.getAccessRule());
322                     else
323                         if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive() && requiredacceptnonrecrules.contains(ar.getAccessRule()))
324                             requiredacceptnonrecrules.remove(ar.getAccessRule());
325                         else{
326                             illegal = true;
327                             break;
328                         }
329             }
330             if(!illegal && requiredacceptrecrules.size() ==0 && requiredacceptnonrecrules.size() == 0)
331                 returnval = true;
332             
333
334         }
335                 
336         return returnval;
337     }
338     
339     
340     private boolean isAllowedSupervisorRule(AccessRule ar){
341         boolean returnval = false;
342
343         if(ar.getRule() == AccessRule.RULE_ACCEPT){
344             if(ar.isRecursive()){
345                     if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE) ||
346                             ar.getAccessRule().equals(AvailableAccessRules.CABASE))
347                         returnval = true;
348             }else{
349                 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITY) ||
350                    ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY) ||
351                    ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWHARDTOKENS) )
352                     returnval = true;
353                 if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX))
354                     returnval = true;
355                 if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX))
356                     returnval = true;
357             }
358         }
359         return returnval;
360     }
361             
362     private void initAvailableRules(boolean usehardtokens, boolean usekeyrecovery, Collection JavaDoc availableaccessrules){
363         availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_VIEW));
364         availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_VIEWHISTORY));
365         if(usehardtokens)
366           availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS));
367         availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_CREATE));
368         availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_EDIT));
369         availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_DELETE));
370         availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_REVOKE));
371         availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_APPROVE));
372         if(usekeyrecovery)
373           availableendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_KEYRECOVER));
374         
375         Iterator JavaDoc iter = availableaccessrules.iterator();
376         while(iter.hasNext()){
377             String JavaDoc nextrule = (String JavaDoc) iter.next();
378             if(nextrule.equals(AvailableAccessRules.CABASE)){
379                 this.availablecas.add(new Integer JavaDoc(BasicAccessRuleSet.CA_ALL));
380             }else
381             if(nextrule.startsWith(AvailableAccessRules.CAPREFIX)){
382                 this.availablecas.add(new Integer JavaDoc(nextrule.substring(AvailableAccessRules.CAPREFIX.length())));
383             }else
384             if(nextrule.equals(AvailableAccessRules.ENDENTITYPROFILEBASE)){
385                 this.availableendentityprofiles.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITYPROFILE_ALL));
386             }else
387             if(nextrule.startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX)){
388                 if(nextrule.lastIndexOf('/') <= AvailableAccessRules.ENDENTITYPROFILEPREFIX.length())
389                   this.availableendentityprofiles.add(new Integer JavaDoc(nextrule.substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length())));
390                 else
391                   this.availableendentityprofiles.add(new Integer JavaDoc(nextrule.substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length(), nextrule.lastIndexOf('/'))));
392             }
393         }
394         
395         
396         this.availableotherrules.add(new Integer JavaDoc(BasicAccessRuleSet.OTHER_VIEWLOG));
397         if(usehardtokens)
398             this.availableotherrules.add(new Integer JavaDoc(BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS));
399         
400     }
401     
402     private void initCurrentRules(Collection JavaDoc currentaccessrules){
403         Iterator JavaDoc iter = currentaccessrules.iterator();
404         HashMap JavaDoc endentityrules = new HashMap JavaDoc();
405         
406         Integer JavaDoc general = new Integer JavaDoc(0);
407         endentityrules.put(general, new Integer JavaDoc(0));
408         
409         
410         while(iter.hasNext()){
411             AccessRule ar = (AccessRule) iter.next();
412                                     
413             if(ar.getAccessRule().startsWith(AvailableAccessRules.REGULAR_RAFUNCTIONALITY) &&
414                 ar.getAccessRule().length() > AvailableAccessRules.REGULAR_RAFUNCTIONALITY.length() &&
415                !ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITYPROFILES)){
416                 if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){
417                     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITY)){
418                         
419                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_VIEW));
420                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEW));
421                     }else
422                     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY)){
423                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_VIEWHISTORY));
424                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEWHISTORY));
425                     }else
426                     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_CREATEENDENTITY)){
427                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_CREATE));
428                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_CREATE));
429                     }else
430                     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_DELETEENDENTITY)){
431                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_DELETE));
432                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_DELETE));
433                     }else
434                     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITY)){
435                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_EDIT));
436                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_EDIT));
437                     }else
438                      if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_REVOKEENDENTITY)){
439                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_REVOKE));
440                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_REVOKE));
441                     }else
442                     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWHARDTOKENS)){
443                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS));
444                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS));
445                     }else
446                     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_KEYRECOVERY)){
447                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_KEYRECOVER));
448                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_KEYRECOVER));
449                     }
450                     if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_APPROVEENDENTITY)){
451                         currentendentityrules.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITY_APPROVE));
452                         endentityrules.put(general, new Integer JavaDoc(((Integer JavaDoc) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_APPROVE));
453                     }
454                 }else{
455                    this.forceadvanced = true;
456                    break;
457                 }
458             }else{
459                 if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE)){
460                   if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){
461                        this.currentendentityprofiles.add(new Integer JavaDoc(BasicAccessRuleSet.ENDENTITYPROFILE_ALL));
462                   }else{
463                     this.forceadvanced = true;
464                     break;
465                   }
466                 }else
467                 if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX)){
468                   if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){
469                     Integer JavaDoc profileid = null;
470                     if(ar.getAccessRule().lastIndexOf('/') > AvailableAccessRules.ENDENTITYPROFILEPREFIX.length()){
471                       profileid = new Integer JavaDoc(ar.getAccessRule().substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length(), ar.getAccessRule().lastIndexOf('/')));
472                     }else{
473                         this.forceadvanced = true;
474                         break;
475                     }
476                     int currentval = 0;
477                     if(endentityrules.get(profileid) != null)
478                         currentval = ((Integer JavaDoc) endentityrules.get(profileid)).intValue();
479                     
480                     if(ar.getAccessRule().endsWith(AvailableAccessRules.VIEW_RIGHTS)){
481                         currentval += BasicAccessRuleSet.ENDENTITY_VIEW;
482                     }else
483                     if(ar.getAccessRule().endsWith(AvailableAccessRules.HISTORY_RIGHTS)){
484                         currentval += BasicAccessRuleSet.ENDENTITY_VIEWHISTORY;
485                     }else
486                     if(ar.getAccessRule().endsWith(AvailableAccessRules.HARDTOKEN_RIGHTS)){
487                         currentval += BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS;
488                     }else
489                     if(ar.getAccessRule().endsWith(AvailableAccessRules.CREATE_RIGHTS)){
490                         currentval += BasicAccessRuleSet.ENDENTITY_CREATE;
491                     }else
492                     if(ar.getAccessRule().endsWith(AvailableAccessRules.DELETE_RIGHTS)){
493                         currentval += BasicAccessRuleSet.ENDENTITY_DELETE;
494                     }else
495                     if(ar.getAccessRule().endsWith(AvailableAccessRules.EDIT_RIGHTS)){
496                         currentval += BasicAccessRuleSet.ENDENTITY_EDIT;
497                     }else
498                     if(ar.getAccessRule().endsWith(AvailableAccessRules.REVOKE_RIGHTS)){
499                         currentval += BasicAccessRuleSet.ENDENTITY_REVOKE;
500                     }else
501                     if(ar.getAccessRule().endsWith(AvailableAccessRules.KEYRECOVERY_RIGHTS)){
502                         currentval += BasicAccessRuleSet.ENDENTITY_KEYRECOVER;
503                     }
504                     if(ar.getAccessRule().endsWith(AvailableAccessRules.APPROVAL_RIGHTS)){
505                         currentval += BasicAccessRuleSet.ENDENTITY_APPROVE;
506                     }
507                     endentityrules.put(profileid, new Integer JavaDoc(currentval));
508                   }else{
509                     this.forceadvanced = true;
510                     break;
511                   }
512                 }else{
513                   if(ar.getAccessRule().equals(AvailableAccessRules.CABASE)){
514                     if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){
515                       this.currentcas.add(new Integer JavaDoc(BasicAccessRuleSet.CA_ALL));
516                     }else{
517                       this.forceadvanced = true;
518                       break;
519                     }
520                   }else{
521                      if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX)){
522                         if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){
523                            Integer JavaDoc caid = new Integer JavaDoc(ar.getAccessRule().substring(AvailableAccessRules.CAPREFIX.length()));
524                            this.currentcas.add(caid);
525                         }else{
526                             this.forceadvanced = true;
527                             break;
528                         }
529                      }else{
530                           if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWLOG)){
531                               if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){
532                                 this.currentotherrules.add( new Integer JavaDoc(BasicAccessRuleSet.OTHER_VIEWLOG));
533                               }else{
534                                 this.forceadvanced = true;
535                                 break;
536                               }
537                           }else
538                           if(ar.getAccessRule().equals(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS)){
539                                 if(ar.getRule() == AccessRule.RULE_ACCEPT){
540                                     this.currentotherrules.add( new Integer JavaDoc(BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS));
541                                 }else{
542                                     this.forceadvanced = true;
543                                     break;
544                                 }
545                           }
546                      }
547                   }
548                 }
549             }
550         }
551         
552                         
553         
554         int endentityruleval = ((Integer JavaDoc) endentityrules.get(general)).intValue();
555         
556         iter = endentityrules.keySet().iterator();
557         while(iter.hasNext()){
558             Integer JavaDoc next = (Integer JavaDoc) iter.next();
559             if(!next.equals(general)){
560                 if(((Integer JavaDoc) endentityrules.get(next)).intValue() == endentityruleval ){
561                     this.currentendentityprofiles.add(next);
562                 }else
563                     this.forceadvanced = true;
564             }
565         }
566
567     }
568         
569 }
570
Popular Tags