001: /*
002: * JFolder, Copyright 2001-2006 Gary Steinmetz
003: *
004: * Distributable under LGPL license.
005: * See terms of license at gnu.org.
006: */
007:
008: package org.jfolder.security.audit;
009:
010: //base classes
011: import java.math.BigDecimal;
012: import java.util.ArrayList;
013: import java.util.Collections;
014: import java.util.HashMap;
015:
016: //project specific classes
017: import org.jfolder.common.UnexpectedSystemException;
018: import org.jfolder.common.utils.misc.MiscHelper;
019: import org.jfolder.security.model.UserIdentity;
020:
021: //other classes
022:
023: public class SecurityAuditHelper {
024:
025: //
026: public final static String SECURITY_AUDIT_SEPARATOR = "|";
027: public final static String SECURITY_AUDIT_TYPE_START = "[";
028: public final static String SECURITY_AUDIT_TYPE_END = "]";
029: public final static String SECURITY_AUDIT_TYPE_NAME_VALUE_JUNCTION = "=";
030:
031: //
032: public final static BigDecimal INITIAL_ID = new BigDecimal(1);
033: //
034: public final static BigDecimal STADARD_CUSTOM_CODE = new BigDecimal(
035: 0);
036:
037: //
038: public final static String SYSTEM__WORKFLOW_ENGINE = "WORKFLOW_ENGINE";
039: public final static String SYSTEM__WEB_APPLICATION = "WEB_APPLICATION";
040: public final static String SYSTEM__COMMAND_LINE = "COMMAND_LINE";
041:
042: //
043: public final static String CATEGORY__DEPLOYMENT = "DEPLOYMENT";
044: public final static String CATEGORY__TRANSPORT = "TRANSPORT";
045: public final static String CATEGORY__GENERAL = "GENERAL";
046: public final static String CATEGORY__EXECUTION = "EXECUTION";
047: public final static String CATEGORY__DATABASE_ACCESS = "DATABASE_ACCESS";
048:
049: //
050: public final static String SUB_CATEGORY__APPLICATION = "APPLICATION";
051:
052: //
053: private SecurityAuditHelper() {
054: }
055:
056: //
057: public final static String SEVERITY_LEVEL__INFORMATION = "INFORMATION";
058: public final static String SEVERITY_LEVEL__WARNING = "WARNING";
059: public final static String SEVERITY_LEVEL__ERROR = "ERROR";
060: //
061: public final static BigDecimal SEVERITY_CODE__INFORMATION = new BigDecimal(
062: 1);
063: public final static BigDecimal SEVERITY_CODE__WARNING = new BigDecimal(
064: 2);
065: public final static BigDecimal SEVERITY_CODE__ERROR = new BigDecimal(
066: 3);
067:
068: //
069: public final static ArrayList getCommonCategoryTypes() {
070:
071: ArrayList outValue = new ArrayList();
072:
073: return outValue;
074: }
075:
076: public final static ArrayList getCommonSourceTypes() {
077:
078: ArrayList outValue = new ArrayList();
079:
080: return outValue;
081: }
082:
083: //
084: public final static ArrayList getSeverityLevels() {
085:
086: ArrayList outValue = new ArrayList();
087:
088: outValue.add(SEVERITY_LEVEL__INFORMATION);
089: outValue.add(SEVERITY_LEVEL__WARNING);
090: outValue.add(SEVERITY_LEVEL__ERROR);
091:
092: return outValue;
093: }
094:
095: public final static ArrayList getSeverityCodesAsStrings() {
096:
097: ArrayList outValue = new ArrayList();
098:
099: outValue.add(SEVERITY_CODE__INFORMATION.toString());
100: outValue.add(SEVERITY_CODE__WARNING.toString());
101: outValue.add(SEVERITY_CODE__ERROR.toString());
102:
103: return outValue;
104: }
105:
106: //
107: public final static BigDecimal convertSeverityLevelToNumber(
108: String inSl) {
109:
110: BigDecimal outValue = null;
111:
112: if (inSl.equals(SEVERITY_LEVEL__INFORMATION)) {
113: outValue = SEVERITY_CODE__INFORMATION;
114: } else if (inSl.equals(SEVERITY_LEVEL__WARNING)) {
115: outValue = SEVERITY_CODE__WARNING;
116: } else if (inSl.equals(SEVERITY_LEVEL__ERROR)) {
117: outValue = SEVERITY_CODE__ERROR;
118: } else {
119: throw new UnexpectedSystemException("Severity Level '"
120: + inSl + "' Is Unknown");
121: }
122:
123: return outValue;
124: }
125:
126: public final static String convertNumberToSeverityLevel(
127: BigDecimal inSl) {
128:
129: String outValue = null;
130:
131: if (inSl.compareTo(SEVERITY_CODE__INFORMATION) == 0) {
132: outValue = SEVERITY_LEVEL__INFORMATION;
133: } else if (inSl.compareTo(SEVERITY_CODE__WARNING) == 0) {
134: outValue = SEVERITY_LEVEL__WARNING;
135: } else if (inSl.compareTo(SEVERITY_CODE__ERROR) == 0) {
136: outValue = SEVERITY_LEVEL__ERROR;
137: } else {
138: throw new UnexpectedSystemException("Severity Level '"
139: + inSl + "' Is Unknown");
140: }
141:
142: return outValue;
143: }
144:
145: //
146: //
147: //
148: //
149: //
150: //
151: //
152: //
153: //
154: //
155: public final static HashMap convertStringToAuditType(String inValue) {
156:
157: HashMap outValue = new HashMap();
158:
159: String origValue = inValue;
160:
161: while (inValue.length() > 0) {
162: if (inValue.startsWith(SECURITY_AUDIT_TYPE_START)
163: && inValue.endsWith(SECURITY_AUDIT_TYPE_END)) {
164: //
165: int endIndex = inValue.indexOf(SECURITY_AUDIT_TYPE_END);
166: //
167: String nextPart = inValue.substring(
168: SECURITY_AUDIT_TYPE_END.length(), endIndex);
169: inValue = inValue.substring(endIndex
170: + SECURITY_AUDIT_TYPE_END.length());
171: //
172: int junctionIndex = nextPart
173: .indexOf(SECURITY_AUDIT_TYPE_NAME_VALUE_JUNCTION);
174: if (junctionIndex != -1) {
175: //
176: String nextName = nextPart.substring(0,
177: junctionIndex);
178: String nextValue = nextPart.substring(junctionIndex
179: + SECURITY_AUDIT_TYPE_NAME_VALUE_JUNCTION
180: .length());
181: //
182: nextName = nextName.toUpperCase();
183: //
184: if (!outValue.containsKey(nextName)) {
185: validateType(nextName, nextValue);
186: outValue.put(nextName, nextValue);
187: } else {
188: throw new UnexpectedSystemException("Name '"
189: + nextName + "' in value '" + origValue
190: + "' appears more than once");
191: }
192: } else {
193: throw new UnexpectedSystemException("Element '"
194: + nextPart + "' in value '" + origValue
195: + "' does not contain junction '"
196: + SECURITY_AUDIT_TYPE_NAME_VALUE_JUNCTION
197: + "'");
198: }
199: } else {
200: throw new UnexpectedSystemException("Value + '"
201: + inValue + "' must start with '"
202: + SECURITY_AUDIT_TYPE_START
203: + "' and end with '" + SECURITY_AUDIT_TYPE_END
204: + "'");
205: }
206: }
207:
208: return outValue;
209: }
210:
211: //
212: public final static String convertAuditTypeToString(HashMap inValue) {
213:
214: StringBuffer outValue = new StringBuffer();
215:
216: ArrayList names = new ArrayList(inValue.keySet());
217: Collections.sort(names);
218: //
219: for (int i = 0; i < names.size(); i++) {
220: String nextName = names.get(i).toString();
221: nextName = nextName.toUpperCase();
222: names.remove(i);
223: names.add(i, nextName);
224: }
225: //
226: for (int i = 0; i < names.size(); i++) {
227: String nextName = names.get(i).toString();
228: String nextValue = inValue.get(nextName).toString();
229: //
230: validateType(nextName, nextValue);
231: //
232: outValue.append(SECURITY_AUDIT_TYPE_START);
233: outValue.append(nextName);
234: outValue.append(SECURITY_AUDIT_TYPE_NAME_VALUE_JUNCTION);
235: outValue.append(nextValue);
236: outValue.append(SECURITY_AUDIT_TYPE_END);
237: }
238:
239: return outValue.toString();
240: }
241:
242: //
243: public final static void validateType(String inName,
244: String inValue, ArrayList inErrors, String inSection) {
245:
246: String parts[] = new String[] { inName, inValue };
247: for (int i = 0; i < parts.length; i++) {
248: String nextPart = parts[i];
249: //
250: if (nextPart
251: .indexOf(SECURITY_AUDIT_TYPE_NAME_VALUE_JUNCTION) != -1) {
252: //
253: inErrors
254: .add(inSection
255: + "Name '"
256: + inName
257: + "' and Value '"
258: + inValue
259: + "' contains forbidden character '"
260: + SECURITY_AUDIT_TYPE_NAME_VALUE_JUNCTION
261: + "'");
262: } else if (nextPart.indexOf(SECURITY_AUDIT_TYPE_START) != -1) {
263: //
264: inErrors.add(inSection + "Name '" + inName
265: + "' and Value '" + inValue
266: + "' contains forbidden character '"
267: + SECURITY_AUDIT_TYPE_START + "'");
268: } else if (nextPart.indexOf(SECURITY_AUDIT_TYPE_END) != -1) {
269: //
270: inErrors.add(inSection + "Name '" + inName
271: + "' and Value '" + inValue
272: + "' contains forbidden character '"
273: + SECURITY_AUDIT_TYPE_END + "'");
274: } else {
275: //
276: }
277: }
278: }
279:
280: private final static void validateType(String inName, String inValue) {
281: ArrayList errors = new ArrayList();
282: validateType(inName, inValue, errors, "");
283: if (errors.size() > 0) {
284: throw new UnexpectedSystemException(errors.get(0)
285: .toString());
286: }
287: }
288: }
|