/*
* Copyright (c) 2011-2012 ICM Uniwersytet Warszawski All rights reserved.
* See LICENCE file for licensing information.
*
* Derived from the code copyrighted and licensed as follows:
*
* Copyright (c) Members of the EGEE Collaboration. 2004.
* See http://www.eu-egee.org/partners/ for details on the copyright
* holders.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.emi.security.authn.x509.proxy;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import eu.emi.security.authn.x509.impl.CertificateUtils;
/**
* Proxy policy ASN1 class.
*
* <pre>
* ProxyPolicy ::= SEQUENCE { policyLanguage OBJECT IDENTIFIER,
* policy OCTET STRING OPTIONAL }
* </pre>
*
* @author Joni Hahkala
* @author K. Benedyczak
*/
public class ProxyPolicy extends ASN1Object implements Cloneable
{
static
{
CertificateUtils.configureSecProvider();
}
/**
* The normal, default policy, the proxy inherits the rights of the
* parent. Defined in RFC 3820.
*/
public final static String INHERITALL_POLICY_OID = "1.3.6.1.5.5.7.21.1";
/**
* The rarely used policy where the proxy is independent of the parent
* and does not inherit rights from it. Defined in the RFC 3820.
*/
public final static String INDEPENDENT_POLICY_OID = "1.3.6.1.5.5.7.21.2";
/**
* The limited proxy, which should prevent the proxy from being used for
* job submission. Defined by Globus outside of RFCs.
*/
public final static String LIMITED_PROXY_OID = "1.3.6.1.4.1.3536.1.1.1.9";
/**
* The oid of the policy, default is the inherit all.
*/
private String oid = INHERITALL_POLICY_OID;
/**
* The ASN.1 octet string encoding of the policy.
*/
private ASN1OctetString policy;
/**
* Generate basic proxy policy.
*
* @param oid the policy language or policy to set.
*/
public ProxyPolicy(String oid)
{
this.oid = oid;
}
/**
* Generate new policy object using language defined by oid and the
* policy.
*
* @param oid
* the OID for the language. Null retains the default of
* inherit all.
* @param policy
* the policy. Null means no policy.
*/
public ProxyPolicy(String oid, ASN1OctetString policy)
{
if (oid != null)
this.oid = oid;
this.policy = policy;
}
/**
* Read a new proxy policy object from the ASN1 sequence.
*
* @param seq
* The proxy policy ASN1 sequence.
*/
public ProxyPolicy(ASN1Sequence seq)
{
if (seq != null && seq.size() > 0)
{
if (seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
oid = seq.getObjectAt(0).toString();
} else
{
throw new IllegalArgumentException("ProxyPolicy parser error, expected object identifier, but got:"
+ seq.getObjectAt(0).getClass());
}
} else
{
throw new IllegalArgumentException("ProxyPolicy parser error, expected nonempty sequence, but not no sequence or an empty sequence");
}
if (seq.size() > 1)
{
if (seq.getObjectAt(1) instanceof DEROctetString)
{
this.policy = (ASN1OctetString) seq.getObjectAt(1);
} else
{
throw new IllegalArgumentException("ProxyPolicy parser error, expected octetstring but got: "
+ seq.getObjectAt(1).getClass());
}
}
if (seq.size() > 2)
{
throw new IllegalArgumentException("ProxyPolicy parser error, proxy policy can only have two items, got: "
+ seq.size() + "items.");
}
}
/**
* Use to get the policy OID as a String.
*
* @return The policy OID as a string. It is most likely one of the
* constants defined in this class, namely:
* <ul>
* <li>INHERITALL_POLICY_OID</li>
* <li>INDEPENDENT_POLICY_OID</li>
* <li>LIMITED_PROXY_OID</li>
* <li>something else</li>
* </ul>
*/
public String getPolicyOID()
{
return oid;
}
/**
* The optional policy information in this structure
*
* @return The policy in ASN1 structure. Null if not present.
*/
public ASN1OctetString getPolicyASN1()
{
return policy;
}
/**
* output the ASN1 object of the proxy policy.
*
* @see org.bouncycastle.asn1.ASN1Object#toASN1Object()
*/
@Override
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(oid));
if (policy != null)
v.add(DEROctetString.getInstance(policy));
return new DERSequence(v);
}
public ProxyPolicy clone()
{
return new ProxyPolicy(oid, policy);
}
}