001: /*
002: *
003: *
004: * Copyright 1990-2007 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: */
026:
027: package com.sun.satsa.acl;
028:
029: import com.sun.satsa.util.Utils;
030:
031: import java.util.Vector;
032: import java.io.IOException;
033:
034: /**
035: * This class represents Access Control Entry.
036: */
037: public class ACEntry {
038:
039: /**
040: * The list of CA names that correspond to rootId element of ACE.
041: */
042: private String[] roots;
043:
044: /**
045: * APDU permissions (command - mask pairs).
046: */
047: private int[] APDUPermissions;
048:
049: /**
050: * JCRMI permissions.
051: */
052: private JCRMIPermission[] JCRMIPermissions;
053:
054: /**
055: * Constructs ACE.
056: * @param r reader for permissions file.
057: * @param pin_info vector for PIN information.
058: * @throws IOException if I/O error occurs.
059: */
060: ACEntry(ACLFileReader r, Vector pin_info) throws IOException {
061:
062: Vector t_roots = new Vector();
063: Vector t_apdu = new Vector();
064: Vector t_jcrmi = new Vector();
065:
066: r.checkWord("{");
067:
068: while (true) {
069:
070: String s = r.readWord();
071:
072: if (s.equals("}")) {
073: break;
074: }
075:
076: if (s.equals("root")) {
077: t_roots.addElement(r.readLine());
078: continue;
079: }
080:
081: if (s.equals("apdu")) {
082: readAPDUPermission(r, t_apdu);
083: continue;
084: }
085:
086: if (s.equals("jcrmi")) {
087: readJCRMIPermission(r, t_jcrmi);
088: continue;
089: }
090:
091: if (s.equals("pin_apdu")) {
092: readAPDUPIN(r, pin_info);
093: continue;
094: }
095:
096: if (s.equals("pin_jcrmi")) {
097: readJCRMIPIN(r, pin_info);
098: continue;
099: }
100:
101: throw new IOException();
102: }
103:
104: if (!t_roots.isEmpty()) {
105: roots = new String[t_roots.size()];
106: for (int i = 0; i < t_roots.size(); i++) {
107: roots[i] = (String) t_roots.elementAt(i);
108: }
109: }
110:
111: if (!t_apdu.isEmpty()) {
112: APDUPermissions = new int[t_apdu.size() * 2];
113: for (int i = 0; i < t_apdu.size(); i++) {
114: byte[] data = (byte[]) t_apdu.elementAt(i);
115: APDUPermissions[i * 2] = Utils.getInt(data, 0);
116: APDUPermissions[i * 2 + 1] = Utils.getInt(data, 4);
117: }
118: }
119:
120: if (!t_jcrmi.isEmpty()) {
121: JCRMIPermissions = new JCRMIPermission[t_jcrmi.size()];
122: t_jcrmi.copyInto(JCRMIPermissions);
123: }
124: }
125:
126: /**
127: * Reads APDU permission from file and places it into the vector.
128: * @param r reader for permissions file.
129: * @param t_apdu vector for APDU permissions.
130: * @throws IOException if I/O error occurs.
131: */
132: private static void readAPDUPermission(ACLFileReader r,
133: Vector t_apdu) throws IOException {
134:
135: r.checkWord("{");
136:
137: String s = r.readWord();
138:
139: while (true) {
140:
141: if (s.equals("}")) {
142: break;
143: }
144:
145: byte[] data = new byte[8];
146:
147: for (int i = 0; i < 8; i++) {
148: data[i] = (byte) Short.parseShort(s, 16);
149: s = r.readWord();
150: }
151: t_apdu.addElement(data);
152: }
153: }
154:
155: /**
156: * Reads JCRMI permission from file and places it into the vector.
157: * @param r reader for permissions file.
158: * @param t_jcrmi vector for JCRMI permissions.
159: * @throws IOException if I/O error occurs.
160: */
161: private static void readJCRMIPermission(ACLFileReader r,
162: Vector t_jcrmi) throws IOException {
163:
164: Vector classes = new Vector();
165: Vector methods = new Vector();
166: String hashModifier = null;
167:
168: r.checkWord("{");
169:
170: while (true) {
171:
172: String s = r.readWord();
173:
174: if (s.equals("}")) {
175: break;
176: }
177:
178: if (s.equals("classes")) {
179: r.checkWord("{");
180: s = r.readWord();
181: while (!s.equals("}")) {
182: classes.addElement(s);
183: s = r.readWord();
184: }
185: } else if (s.equals("hashModifier")) {
186: hashModifier = r.readWord();
187: } else if (s.equals("methods")) {
188: r.checkWord("{");
189: s = r.readWord();
190: while (!s.equals("}")) {
191: methods.addElement(s);
192: s = r.readWord();
193: }
194: } else {
195: throw new IOException();
196: }
197: }
198:
199: t_jcrmi.addElement(new JCRMIPermission(hashModifier, classes,
200: methods));
201: }
202:
203: /**
204: * Reads PIN information from file and adds a new object into vector.
205: * @param r reader for permissions file.
206: * @param dest destination vector.
207: * @throws IOException if I/O error occurs.
208: */
209: private static void readAPDUPIN(ACLFileReader r, Vector dest)
210: throws IOException {
211:
212: r.checkWord("{");
213: r.checkWord("id");
214: int id = r.readByte();
215: Integer[] commands = new Integer[ACLPermissions.CMD_COUNT];
216:
217: while (true) {
218:
219: String s = r.readWord();
220:
221: if (s.equals("}")) {
222: break;
223: }
224:
225: int index = getPINCommandIndex(s);
226:
227: int command = 0;
228: for (int i = 0; i < 4; i++) {
229: command = (command << 8) | r.readByte();
230: }
231: commands[index] = new Integer(command);
232: }
233: dest.addElement(new PINData(id, commands));
234: }
235:
236: /**
237: * Reads PIN information from file and adds a new object into vector.
238: * @param r reader for permissions file.
239: * @param dest destination vector.
240: * @throws IOException if I/O error occurs.
241: */
242: private static void readJCRMIPIN(ACLFileReader r, Vector dest)
243: throws IOException {
244:
245: r.checkWord("{");
246: r.checkWord("id");
247: int id = r.readByte();
248: String[] commands = new String[ACLPermissions.CMD_COUNT];
249:
250: while (true) {
251:
252: String s = r.readWord();
253: if (s.equals("}")) {
254: break;
255: }
256: commands[getPINCommandIndex(s)] = r.readWord();
257: }
258: dest.addElement(new PINData(id, commands));
259: }
260:
261: /**
262: * Returns PIN operation identifier for given string.
263: * @param s operation name.
264: * @return PIN operation identifier.
265: * @throws IOException if I/O error occurs.
266: */
267: private static int getPINCommandIndex(String s) throws IOException {
268:
269: if (s.equals("verify")) {
270: return ACLPermissions.CMD_VERIFY;
271: }
272: if (s.equals("change")) {
273: return ACLPermissions.CMD_CHANGE;
274: }
275: if (s.equals("disable")) {
276: return ACLPermissions.CMD_DISABLE;
277: }
278: if (s.equals("enable")) {
279: return ACLPermissions.CMD_ENABLE;
280: }
281: if (s.equals("unblock")) {
282: return ACLPermissions.CMD_UNBLOCK;
283: }
284: throw new IOException("Invalid command: " + s);
285: }
286:
287: /**
288: * Verifies if this ACE describes permissions for this CA.
289: * @param root name of CA that authorized the suite.
290: * @return true if this ACE describes permissions for this CA.
291: */
292: boolean verifyPrincipal(String root) {
293:
294: if (roots == null) {
295: return true;
296: }
297:
298: for (int i = 0; i < roots.length; i++) {
299: if (roots[i].equals(root)) {
300: return true;
301: }
302: }
303:
304: return false;
305: }
306:
307: /**
308: * Verifies if the ACE contains permissions.
309: * @return true if the ACE contains permissions.
310: */
311: boolean hasPermissions() {
312: return (APDUPermissions != null || JCRMIPermissions != null);
313: }
314:
315: /**
316: * Places permissions from this ACE to the vector.
317: * @param isAPDU if true, place APDU permissions, otherwise - JCRMI
318: * permissions
319: * @param permissions the vector for results
320: */
321: void getPermissions(boolean isAPDU, Vector permissions) {
322:
323: if (isAPDU) {
324: if (APDUPermissions != null) {
325: permissions.addElement(APDUPermissions);
326: }
327: } else {
328: if (JCRMIPermissions != null) {
329: for (int k = 0; k < JCRMIPermissions.length; k++) {
330: permissions.addElement(JCRMIPermissions[k]);
331: }
332: }
333: }
334: }
335: }
|