GLiteAuthorizationProfilePIPIniConfigurationParser.java example

Explorer

argus-pep-server-master
- src
  - main
    - java
      - org
        glite
        authz
        common
        model
        util
        XACMLConverter.java
        pep
        obligation
        AbstractObligationHandler.java
        IniOHConfigurationParserHelper.java
        ObligationService.java
        dfpmap
        AccountIndicatorMappingStrategy.java
        AccountMapper.java
        DFPM.java
        DFPMFileParser.java
        DFPMMatchStrategy.java
        DFPMObligationHandler.java
        DFPMObligationHandlerConfigurationParser.java
        DNFQANGroupNameMappingStrategy.java
        DNPrimaryFQANAccountIndicatorMappingStrategy.java
        FQANGroupNameMappingStrategy.java
        FQANMatchStrategy.java
        GridMapDirPoolAccountManager.java
        GroupNameMappingStrategy.java
        MemoryBackedPoolAcountManager.java
        OrderedDFPM.java
        PoolAccountManager.java
        PosixAccount.java
        PosixUtil.java
        UpdatingDFPM.java
        X509MatchStrategy.java
        package-info.java
        package-info.java
        pip
        IniPIPConfigurationParserHelper.java
        package-info.java
        provider
        AbstractPolicyInformationPoint.java
        AbstractX509PIP.java
        AbstractX509PIPIniConfigurationParser.java
        AttributeWhitelistPIP.java
        AttributeWhitelistPIPIniConfigurationParser.java
        AuthorizationProfilePIPIniConfigurationParser.java
        CommonXACMLAuthorizationProfilePIP.java
        CommonXACMLAuthorizationProfilePIPIniConfigurationParser.java
        EnvironmentTimePIP.java
        EnvironmentTimePIPIniConfigurationParser.java
        GLiteAuthorizationProfilePIP.java
        GLiteAuthorizationProfilePIPIniConfigurationParser.java
        OpenSSLSubjectPIP.java
        OpenSSLSubjectPIPIniConfigurationParser.java
        RequestValidatorPIP.java
        RequestValidatorPIPIniConfigurationParser.java
        SCASLegacyPIP.java
        SCASSLegacyPIPIniConfigurationParser.java
        StaticPIP.java
        StaticPIPIniConfigurationParser.java
        WorkerNodeProfileV1.java
        WorkerNodeProfileV1IniConfigurationParser.java
        package-info.java
        server
        AuditLogEntry.java
        ClearResponseCacheCommand.java
        PEPDaemon.java
        PEPDaemonRequestHandler.java
        PEPDaemonServlet.java
        Version.java
        config
        PEPDaemonConfiguration.java
        PEPDaemonConfigurationBuilder.java
        PEPDaemonIniConfigurationParser.java
        package-info.java
        package-info.java
  - test
    - java
      - org
        glite
        authz
        pep
        obligation
        dfpmap
        AccountMapperTest.java
        GridMapDirPoolAccountManagerTest.java
        pip
        provider
        AbstractX509PIPTest.java
        DNHandlerTest.java
        OpenSSLSubjectPIPTest.java
        RequestValidatorPIPTest.java

/*
 * Copyright (c) Members of the EGEE Collaboration. 2006-2010.
 * See http://www.eu-egee.org/partners/ for details on the copyright holders.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.glite.authz.pep.pip.provider;

import java.util.ArrayList;
import java.util.Arrays;

import org.glite.authz.common.config.ConfigurationException;
import org.glite.authz.common.profile.GLiteAuthorizationProfileConstants;
import org.glite.authz.common.util.Strings;
import org.glite.authz.pep.pip.PolicyInformationPoint;
import org.glite.voms.PKIStore;

import org.ini4j.Ini;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * The PIP applies to request which have a profile identifier
 * {@value GLiteAuthorizationProfileConstants#ID_ATTRIBUTE_PROFILE_ID} defined in the request environment. By default accept
 * all profile identifier values, but a list (space separated) of accepted profile identifier values can be specified in the ini config
 * file with the {@value #ACCEPTED_PROFILE_IDS_PROP} property.
 * <p>
 * A policy information point that extracts information from a X.509, version 3, certificate. The certificate may
 * include VOMS attribute certificates. All extract information is added to the subject(s) containing a valid
 * certificate chain.
 * <p>
 * 
 * The PEM encoded end entity certificate, and its certificate chain, are expected to be bound to the subject attribute
 * {@value org.glite.authz.common.model.Attribute#ID_SUB_KEY_INFO}. Only one end-entity certificate may be present in
 * the chain. If the end entity certificate contains a VOMS attribute certificate, and VOMS certificate validation is
 * enabled, information from that attribute certificate will also be added to the subject. Only one VOMS attribute
 * certificate may be present in the end-entity certificate.
 * 
 * @see <a href="https://twiki.cnaf.infn.it/cgi-bin/twiki/view/VOMS">VOMS website</a>
 */
public class GLiteAuthorizationProfilePIPIniConfigurationParser extends AbstractX509PIPIniConfigurationParser {

    /** Class logger. */
    private Logger log = LoggerFactory.getLogger(GLiteAuthorizationProfilePIPIniConfigurationParser.class);

    /**
     * The name of the {@value} property to define the accepted Grid Authorization Profile ID to process.
     */
    protected static String ACCEPTED_PROFILE_IDS_PROP = "acceptedProfileIDs";

    /** {@inheritDoc} */
    protected PolicyInformationPoint buildInformationPoint(Ini.Section iniConfig, boolean requireProxy,
            PKIStore trustMaterial, PKIStore acTrustMaterial, boolean performPKIXValidation)
            throws ConfigurationException {
        String pipId = iniConfig.getName();

        // read accepted profile IDs from config
        String[] acceptedProfileIds = parseValuesList(iniConfig.get(ACCEPTED_PROFILE_IDS_PROP));
        if (acceptedProfileIds != null && acceptedProfileIds.length > 0) {
            log.info("{}: accepted profile IDs: {}", pipId, Arrays.toString(acceptedProfileIds));
        } else {
            log.info("{}: accepted profile IDs: all", pipId);
        }

        GLiteAuthorizationProfilePIP pip = new GLiteAuthorizationProfilePIP(pipId, requireProxy, trustMaterial, acTrustMaterial,
                performPKIXValidation, acceptedProfileIds);
        return pip;

    }

    /**
     * Parses a space delimited list of values.
     * 
     * @param valuesList space delimited list of values, may be <code>null</code>.
     * 
     * @return array of values or <code>null</code> if valuesList is <code>null</code>
     */
    protected String[] parseValuesList(String valuesList) {
        if (valuesList == null) {
            return null;
        }

        ArrayList<String> values = new ArrayList<String>();
        for (String value : valuesList.split(" ")) {
            String trimmedValue = Strings.safeTrimOrNullString(value);
            if (trimmedValue != null) {
                values.add(trimmedValue);
            }
        }

        return values.toArray(new String[values.size()]);
    }
}