KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jacorb > security > level2 > CredentialsImpl


1 package org.jacorb.security.level2;
2
3 /*
4  * JacORB - a free Java ORB
5  *
6  * Copyright (C) 1997-2004 Gerald Brose.
7  *
8  * This library is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Library General Public
10  * License as published by the Free Software Foundation; either
11  * version 2 of the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16  * Library General Public License for more details.
17  *
18  * You should have received a copy of the GNU Library General Public
19  * License along with this library; if not, write to the Free
20  * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21  */
22
23
24 import org.omg.Security.*;
25 import org.omg.SecurityLevel2.*;
26
27 import java.io.*;
28 import java.util.*;
29 import java.math.BigInteger JavaDoc;
30
31
32 /**
33  * JacORB implementation of security Credentials
34  *
35  * $Id: CredentialsImpl.java,v 1.12 2004/05/06 12:40:01 nicolas Exp $
36  *
37  */
38
39 public class CredentialsImpl
40     extends org.omg.CORBA.LocalObject JavaDoc
41     implements org.omg.SecurityLevel2.Credentials,
42                Serializable //for making a deep copy
43 {
44     private SecAttribute[] my_attributes;
45
46     private short accepting_options_supported;
47     private short accepting_options_required;
48     private short invocation_options_supported;
49     private short invocation_options_required;
50
51     private AuthenticationStatus authStatus = null;
52     private InvocationCredentialsType type = null;
53
54     /** SecurityFeature is an enum, its integer value is the index */
55     private boolean [] securityFeaturesForRequests;
56     private boolean [] securityFeaturesForReplies;
57
58
59     //private BigInteger hash = null;
60
61     private SecAttributeManager attrib_mgr = null;
62
63     private boolean dirty = true;
64
65     public CredentialsImpl( SecAttribute[] attributes,
66                             AuthenticationStatus status,
67                             InvocationCredentialsType type )
68     {
69         this.authStatus = status;
70         this.my_attributes = attributes;
71         this.type = type;
72
73         attrib_mgr = SecAttributeManager.getInstance();
74     }
75
76 // public int hashCode()
77 // {
78 // return hash.hashCode();
79 // }
80
81 // private void rehash()
82 // {
83 // MessageDigest md = MessageDigest.getInstance("MD5");
84
85 // for( int i = 0; i < my_attributes.length; i++ )
86 // {
87 // KeyAndCert certs =
88 // attrib_mgr.getAttribValue( my_attributes[i] );
89
90 // md.update( certs.chain[1].getFingerprint() );
91 // }
92
93 // hash = new BigInteger( md.digest() );
94 // }
95
96     public Credentials copy()
97     {
98         try
99         {
100             PipedOutputStream pipe_out = new PipedOutputStream();
101             PipedInputStream pipe_in = new PipedInputStream(pipe_out);
102
103             ObjectOutputStream out = new ObjectOutputStream(pipe_out);
104             out.writeObject(this);
105             out.flush();
106             out.close();
107
108             ObjectInputStream in = new ObjectInputStream(pipe_in);
109             CredentialsImpl creds = (CredentialsImpl) in.readObject();
110             in.close();
111
112             pipe_in.close();
113             pipe_out.close();
114
115             //creds.authenticator = authenticator;
116 return creds;
117         }
118         catch (Exception JavaDoc e)
119         {
120         }
121         return null;
122     }
123
124     public InvocationCredentialsType credentials_type()
125     {
126         return type;
127     }
128
129     public AuthenticationStatus authentication_state()
130     {
131         return authStatus;
132     }
133
134     public String JavaDoc mechanism()
135     {
136         return null;
137     }
138
139     public short accepting_options_supported()
140     {
141         return accepting_options_supported;
142     }
143
144     public void accepting_options_supported(short arg)
145     {
146         accepting_options_supported = arg;
147     }
148
149     public short accepting_options_required()
150     {
151         return accepting_options_required;
152     }
153
154     public void accepting_options_required(short arg)
155     {
156         accepting_options_required = arg;
157     }
158
159     public short invocation_options_supported()
160     {
161         return invocation_options_supported;
162     }
163
164     public void invocation_options_supported(short arg)
165     {
166         invocation_options_supported = arg;
167     }
168
169     public short invocation_options_required()
170     {
171         return invocation_options_required;
172     }
173
174     public void invocation_options_required(short arg)
175     {
176         invocation_options_required = arg;
177     }
178
179     /**
180      * can be used in access control decisions or auditing
181      *
182      * @param attributes - the set of attributes whose values are desired.
183      * If this list is empty, all attributes are returned
184      *
185      * @return The requested set of attributes reflecting the state
186      * of the credentials
187      */
188     public SecAttribute[] get_attributes(AttributeType[] types)
189     {
190         if( types == null || types.length == 0 )
191             return my_attributes;
192
193         /* sort out the requested attributes */
194         Vector v = new Vector();
195         for( int i = 0; i < types.length; i++ )
196         {
197             for( int j = 0; j < my_attributes.length; j++ )
198             {
199
200                 if(( my_attributes[j].attribute_type.attribute_family.family ==
201                     types[i].attribute_family.family) &&
202                    ( my_attributes[j].attribute_type.attribute_type ==
203                      types[i].attribute_type ))
204                 {
205                     v.addElement(my_attributes[j]);
206                 }
207             }
208         }
209
210         SecAttribute[] result = new SecAttribute[ v.size() ];
211         v.copyInto( result );
212
213         return result;
214     }
215
216     public void destroy()
217     {
218     }
219
220     public void set_security_feature(CommunicationDirection direction,
221                                      SecurityFeature[] security_features)
222     {
223         switch( direction.value() )
224         {
225         case CommunicationDirection._SecDirectionRequest:
226             setFeatures( securityFeaturesForRequests, security_features);
227
228         case CommunicationDirection._SecDirectionReply:
229             setFeatures( securityFeaturesForReplies, security_features);
230
231         case CommunicationDirection._SecDirectionBoth:
232             setFeatures( securityFeaturesForRequests, security_features);
233             setFeatures( securityFeaturesForReplies, security_features);
234         }
235     }
236
237     private void setFeatures( boolean[] target, SecurityFeature[] features )
238     {
239         if( features.length > target.length )
240             throw new IllegalArgumentException JavaDoc("Too many features");
241
242         for( int i = 0; i < features.length; i++ )
243         {
244             int value = features[i].value();
245             if( value > target.length || value < 0)
246             {
247                 throw new IllegalArgumentException JavaDoc("SecurityFeatureValue out of range");
248             }
249             target[ value ] = true;
250         }
251     }
252
253
254     public boolean get_security_feature(CommunicationDirection direction,
255                                         org.omg.Security.SecurityFeature feature)
256     {
257         switch( direction.value() )
258         {
259         case CommunicationDirection._SecDirectionRequest:
260             return securityFeaturesForRequests[feature.value()];
261
262         case CommunicationDirection._SecDirectionReply:
263             return securityFeaturesForReplies[feature.value()];
264
265         default: // CommunicationDirection._SecDirectionBoth:
266 return securityFeaturesForRequests[feature.value()] &&
267                 securityFeaturesForReplies[feature.value()];
268
269         }
270     }
271
272     /**
273      * force_commit is ignored. Attributes are always set at once.
274      * Currently only such SecAttributes are accepted, that have
275      * been generated by the SecAttributeManager.
276      */
277     public boolean set_privileges(boolean force_commit,
278                                    SecAttribute[] requested_privileges,
279                                    AttributeListHolder/*out*/ actual_privileges)
280     {
281         //check if attribs have been created by SecAttributeManager
282 for( int i = 0; i < requested_privileges.length; i++ )
283         {
284             if( attrib_mgr.getAttributeValue( requested_privileges[i] )
285                 == null )
286             {
287                 throw new RuntimeException JavaDoc( "SecAttribute not created by Manager" );
288             }
289         }
290
291         //filter out requested privileges that are allowed
292 Vector additional_privileges = new Vector();
293
294         for (int i = 0; i < requested_privileges.length; i++)
295             if ( requested_privileges[i].attribute_type.attribute_family.family ==
296                 (short) 1 ) //privilege attributes
297 {
298                 additional_privileges.addElement( requested_privileges[i] );
299             }
300
301         if (additional_privileges.size() > 0)
302         {
303             SecAttribute[] tmp = new SecAttribute[my_attributes.length +
304                                                  additional_privileges.size()];
305
306             //copy existing privileges into new array
307 System.arraycopy( my_attributes, 0,
308                               tmp, 0,
309                               my_attributes.length );
310
311             //copy additional privileges into new array
312 for ( int i = 0; i < additional_privileges.size(); i++ )
313             {
314                 SecAttribute attrib = (SecAttribute)
315                     additional_privileges.elementAt( i );
316
317                 tmp[my_attributes.length + i] = attrib;
318             }
319
320             my_attributes = tmp;
321             actual_privileges.value = tmp;
322
323             dirty = true;
324
325             return true;
326         }
327         else
328             return false;
329     }
330
331     public boolean is_valid(org.omg.TimeBase.UtcTHolder/*out*/ expiry_time)
332     {
333         return false;
334     }
335
336     public boolean refresh(byte[] refresh_data)
337     {
338         return false;
339     }
340
341     /*
342      * Own methods
343      */
344
345     public boolean isDirty()
346     {
347         return dirty;
348     }
349
350     public void clearDirtyFlag()
351     {
352         dirty = false;
353     }
354 }
355
Popular Tags