/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
* add the following below this CDDL HEADER, with the fields enclosed
|
* by brackets "[]" replaced with your own identifying information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2010 Sun Microsystems, Inc.
|
*/
|
package org.opends.arisid;
|
|
|
|
import static org.opends.server.protocols.asn1.ASN1Constants.*;
|
|
import java.io.FileNotFoundException;
|
import java.io.IOException;
|
import java.net.URI;
|
import java.net.URISyntaxException;
|
import java.util.HashMap;
|
import java.util.Map;
|
|
import org.opends.messages.Message;
|
import org.opends.server.controls.ControlDecoder;
|
import org.opends.server.protocols.asn1.ASN1;
|
import org.opends.server.protocols.asn1.ASN1Reader;
|
import org.opends.server.protocols.asn1.ASN1Writer;
|
import org.opends.server.types.*;
|
import org.openliberty.arisid.*;
|
import org.openliberty.arisid.log.ILogger;
|
import org.openliberty.arisid.log.LogHandler;
|
import org.openliberty.arisid.policy.IPolicy;
|
import org.openliberty.arisid.policy.PolicyHandler;
|
import org.openliberty.arisid.protocol.ldap.IPrivacyControl;
|
import org.w3c.dom.Element;
|
|
|
|
/**
|
* IGF ArisID Privacy Control implementation.
|
*/
|
public class ArisIDPrivacyControl extends Control implements
|
IPrivacyControl
|
{
|
|
/**
|
* ControlDecoder implentation to decode this control from a
|
* ByteString.
|
*/
|
private final static class Decoder implements
|
ControlDecoder<ArisIDPrivacyControl>
|
{
|
/**
|
* Decodes and constructs a Java object representing the
|
* encodedValue.
|
* <p>
|
* ASN.1 encoded value as per Privacy Control Specifiction:
|
* http://www.openliberty.org/wiki/index.php/Profile_LDAP#
|
* Extended_PolicySequence_Variation
|
*/
|
public ArisIDPrivacyControl decode(boolean isCritical,
|
ByteString value) throws DirectoryException
|
{
|
if (value == null)
|
{
|
final Message message = Message
|
.raw("Control contains no value");
|
throw new DirectoryException(ResultCode.PROTOCOL_ERROR, message);
|
}
|
|
String ixnName = "";
|
String appName = "";
|
String appUri = "";
|
final HashMap<String, IPolicy> polMap = new HashMap<String, IPolicy>();
|
final ASN1Reader reader = ASN1.getReader(value);
|
|
try
|
{
|
reader.readStartSequence();
|
{
|
appName = reader.readOctetStringAsString();
|
appUri = reader.readOctetStringAsString();
|
ixnName = reader.readOctetStringAsString();
|
|
reader.readStartSequence();
|
{
|
// Get the count of policies coming
|
final long policyCount = reader.readInteger();
|
if (policyCount > 1)
|
{
|
for (int i = 0; i < policyCount; i++)
|
{
|
reader.readStartSequence();
|
{
|
final String pname = reader.readOctetStringAsString();
|
final String pStr = reader.readOctetStringAsString();
|
final Element node = phandler
|
.parseStringToElement(pStr);
|
IPolicy pol = null;
|
try
|
{
|
pol = phandler.parseDomPolicy(node);
|
}
|
catch (final Exception e)
|
{
|
logger.error("Error parsing policy: "
|
+ e.getMessage(), e);
|
}
|
polMap.put(pname, pol);
|
}
|
reader.readEndSequence();
|
}
|
}
|
}
|
reader.readEndSequence();
|
}
|
reader.readEndSequence();
|
}
|
catch (final Exception e1)
|
{
|
throw new DirectoryException(ResultCode.PROTOCOL_ERROR,
|
Message.raw("Unable to decode privacy control: "
|
+ e1.getMessage()), e1);
|
}
|
|
return new ArisIDPrivacyControl(isCritical, ixnName, appName,
|
appUri, polMap);
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public String getOID()
|
{
|
return IPrivacyControl.OID_IGF_CONTROL;
|
}
|
}
|
|
|
|
private static final long serialVersionUID = -2668010326604049964L;
|
|
private static final ILogger logger = LogHandler
|
.getLogger(ArisIDPrivacyControl.class);
|
|
private static PolicyHandler phandler = PolicyHandler.getInstance();
|
|
private String _ixnName = "";
|
|
private String _appName = "";
|
|
private String _appUri = "";
|
|
private ArisIdService _asvc = null;
|
|
private CarmlDoc _doc = null;
|
|
private HashMap<String, IPolicy> _polMap = new HashMap<String, IPolicy>();
|
|
/**
|
* The Control Decoder that can be used to decode this control.
|
*/
|
public static final ControlDecoder<ArisIDPrivacyControl> DECODER = new Decoder();
|
|
|
|
/**
|
* Creates a new non-critical IGF Privacy Control using the provided
|
* Interaction.
|
*
|
* @param ixn
|
* The interaction.
|
* @throws IGFException
|
* If an error occurred processing the Interaction.
|
*/
|
public ArisIDPrivacyControl(IInteraction ixn) throws IGFException
|
{
|
super(IPrivacyControl.OID_IGF_CONTROL, false);
|
_processCarmlDoc(ixn);
|
}
|
|
|
|
/**
|
* Creates a new IGF Privacy Control using the provided Interaction
|
* and criticality.
|
*
|
* @param ixn
|
* The interaction.
|
* @param critical
|
* The criticality.
|
* @throws IGFException
|
* If an error occurred processing the Interaction.
|
*/
|
public ArisIDPrivacyControl(IInteraction ixn, boolean critical)
|
throws IGFException
|
{
|
super(IPrivacyControl.OID_IGF_CONTROL, critical);
|
_processCarmlDoc(ixn);
|
}
|
|
|
|
private ArisIDPrivacyControl(boolean isCritical, String _ixnName,
|
String _appName, String _appUri, HashMap<String, IPolicy> _polMap)
|
{
|
super(IPrivacyControl.OID_IGF_CONTROL, isCritical);
|
this._ixnName = _ixnName;
|
this._appName = _appName;
|
this._appUri = _appUri;
|
this._polMap = _polMap;
|
}
|
|
|
|
public String getAppName()
|
{
|
return this._appName;
|
}
|
|
|
|
/**
|
* @deprecated Use {@link #getCarmlURI()} instead
|
*/
|
@Deprecated
|
public URI getAppURI()
|
{
|
return getCarmlURI();
|
}
|
|
|
|
/**
|
* A convenience method to obtain the CarmlDoc object referenced by
|
* this control. For performance reasons, the CarmlDoc object is not
|
* instantiated unless {@link #loadCarmlDoc(URI)} is called first.
|
*
|
* @return A CarmlDoc object containing the Controls referenced
|
* CarmlDoc or null if the document hasn't been loaded.
|
*/
|
public CarmlDoc getCarmlDoc()
|
{
|
|
return this._doc;
|
}
|
|
|
|
public URI getCarmlURI()
|
{
|
try
|
{
|
return new URI(this._appUri);
|
}
|
catch (final URISyntaxException e)
|
{
|
logger
|
.warn("Invalid CARML URI syntax exception occurred for value: "
|
+ this._appUri);
|
return null;
|
}
|
}
|
|
|
|
/*
|
* (non-Javadoc)
|
* @see
|
* org.openliberty.arisid.protocol.ldap.IPrivacyControl#getConstraintMap
|
* ()
|
*/
|
public Map<String, IPolicy> getConstraintMap()
|
{
|
return this._polMap;
|
}
|
|
|
|
/*
|
* (non-Javadoc)
|
* @seeorg.openliberty.arisid.protocol.ldap.IPrivacyControl#
|
* getDynamicConstraints (java.lang.String)
|
*/
|
public IPolicy getDynamicConstraints(String nameId)
|
{
|
return this._polMap.get(nameId);
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public byte[] getEncodedValue()
|
{
|
try
|
{
|
final ByteStringBuilder builder = new ByteStringBuilder();
|
final ASN1Writer writer = ASN1.getWriter(builder);
|
writeValue(writer);
|
writer.close();
|
return builder.toByteArray();
|
}
|
catch (final IOException e)
|
{
|
// Should never occur.
|
throw new RuntimeException(e);
|
}
|
}
|
|
|
|
/*
|
* (non-Javadoc)
|
* @see org.openliberty.arisid.protocol.ldap.IPrivacyControl#getID()
|
*/
|
public String getID()
|
{
|
return OID_IGF_CONTROL;
|
}
|
|
|
|
/*
|
* (non-Javadoc)
|
* @see
|
* org.openliberty.arisid.protocol.ldap.IPrivacyControl#getInteractionName
|
* ()
|
*/
|
public String getInteractionName()
|
{
|
return this._ixnName;
|
}
|
|
|
|
/**
|
* Returns the named transaction constraint.
|
*
|
* @param nameId
|
* The transaction constraint name.
|
* @return The named transaction constraint.
|
*/
|
public IPolicy getTransactionConstraints(String nameId)
|
{
|
return this._polMap.get(nameId);
|
}
|
|
|
|
/**
|
* This is a convenience method intended for servers/proxies that need
|
* to instantiate a CarmlDoc object. The localUri is the URI of a
|
* local copy of the controls referenced Carml Document.
|
*
|
* @param localUri
|
* A URI to a copy of the CARML document matching the
|
* {@link #getAppName()} of this control. If localUri is
|
* null, the method will use the stored URI to load the
|
* document.
|
* @throws URISyntaxException
|
* @throws IllegalAccessException
|
* @throws IGFException
|
* @throws InstantiationException
|
* @throws AttrSvcInitializedException
|
* @throws FileNotFoundException
|
*/
|
public void loadCarmlDoc(URI localUri) throws URISyntaxException,
|
FileNotFoundException, AttrSvcInitializedException,
|
InstantiationException, IGFException, IllegalAccessException
|
{
|
URI loadUri = localUri;
|
if (loadUri == null)
|
{
|
loadUri = new URI(this._appUri);
|
}
|
|
// TODO I wonder if this should come from a static hash to avoid
|
// re-parsing?
|
this._asvc = ArisIdServiceFactory.parseCarmlOnly(loadUri);
|
if (this._asvc != null)
|
{
|
this._doc = this._asvc.getCarmlDoc();
|
}
|
}
|
|
|
|
/*
|
* (non-Javadoc)
|
* @seeorg.openliberty.arisid.protocol.ldap.IPrivacyControl#
|
* setDynamicConstraints (java.util.Map)
|
*/
|
public void setDynamicConstraints(
|
Map<String, IPolicy> dynamicConstraints)
|
{
|
if (dynamicConstraints != null)
|
{
|
this._polMap.putAll(dynamicConstraints);
|
}
|
}
|
|
|
|
/*
|
* (non-Javadoc)
|
* @seeorg.openliberty.arisid.protocol.ldap.IPrivacyControl#
|
* setTranasactionConstraints(java.lang.String,
|
* org.openliberty.arisid.schema.IPolicy)
|
*/
|
public void setDynamicConstraints(String nameId,
|
IPolicy txnConstraints)
|
{
|
this._polMap.put(nameId, txnConstraints);
|
}
|
|
|
|
private void _processCarmlDoc(IInteraction ixn) throws IGFException
|
{
|
// set defaults of empty string
|
this._appName = "";
|
this._ixnName = "";
|
this._appUri = "";
|
|
if (ixn == null)
|
{
|
return;
|
}
|
|
final ArisIdService asvc = ixn.getAttributeService();
|
if (asvc == null)
|
{
|
return;
|
}
|
|
final CarmlDoc doc = asvc.getCarmlDoc();
|
this._appName = doc.getApplicationNameId();
|
if (this._appName == null)
|
{
|
this._appName = "";
|
}
|
this._appUri = doc.getCarmlURI().toString();
|
if (this._appUri == null)
|
{
|
this._appUri = "";
|
}
|
this._ixnName = ixn.getNameId();
|
if (this._ixnName == null)
|
{
|
this._ixnName = "";
|
}
|
|
}
|
|
|
|
/**
|
* Encode ASN.1 value. Encoding is as per spec:
|
* http://www.openliberty.org/wiki
|
* /index.php/Profile_LDAP#Extended_PolicySequence_Variation
|
*/
|
protected void writeValue(ASN1Writer writer) throws IOException
|
{
|
writer.writeStartSequence(UNIVERSAL_OCTET_STRING_TYPE);
|
{
|
writer.writeOctetString(_appName);
|
writer.writeOctetString(_appUri);
|
writer.writeOctetString(_ixnName);
|
writer.writeStartSequence();
|
{
|
writer.writeInteger(_polMap.size());
|
for (final Map.Entry<String, IPolicy> entry : _polMap
|
.entrySet())
|
{
|
writer.writeStartSequence();
|
{
|
final String nameId = entry.getKey();
|
final IPolicy pol = this.getTransactionConstraints(nameId);
|
final String strPol = phandler.policyToString(pol);
|
|
writer.writeOctetString(entry.getKey());
|
writer.writeOctetString(strPol);
|
}
|
writer.writeEndSequence();
|
}
|
}
|
writer.writeEndSequence();
|
}
|
writer.writeEndSequence();
|
}
|
|
}
|
