1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
/*
* Copyright (c) 2011-2012 ICM Uniwersytet Warszawski All rights reserved.
* See LICENCE file for licensing information.
*
* Derived from the code copyrighted and licensed as follows:
*
* Copyright (c) Members of the EGEE Collaboration. 2004.
* See http://www.eu-egee.org/partners/ for details on the copyright
* holders.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.emi.security.authn.x509.proxy;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import eu.emi.security.authn.x509.impl.CertificateUtils;
/**
* Proxy policy ASN1 class.
*
* <pre>
* ProxyPolicy ::= SEQUENCE { policyLanguage OBJECT IDENTIFIER,
* policy OCTET STRING OPTIONAL }
* </pre>
*
* @author Joni Hahkala
* @author K. Benedyczak
*/
public class ProxyPolicy extends ASN1Object implements Cloneable
{
static
{
CertificateUtils.configureSecProvider();
}
/**
* The normal, default policy, the proxy inherits the rights of the
* parent. Defined in RFC 3820.
*/
public final static String INHERITALL_POLICY_OID = "1.3.6.1.5.5.7.21.1";
/**
* The rarely used policy where the proxy is independent of the parent
* and does not inherit rights from it. Defined in the RFC 3820.
*/
public final static String INDEPENDENT_POLICY_OID = "1.3.6.1.5.5.7.21.2";
/**
* The limited proxy, which should prevent the proxy from being used for
* job submission. Defined by Globus outside of RFCs.
*/
public final static String LIMITED_PROXY_OID = "1.3.6.1.4.1.3536.1.1.1.9";
/**
* The oid of the policy, default is the inherit all.
*/
private String oid = INHERITALL_POLICY_OID;
/**
* The ASN.1 octet string encoding of the policy.
*/
private ASN1OctetString policy;
/**
* Generate basic proxy policy.
*
* @param oid the policy language or policy to set.
*/
public ProxyPolicy(String oid)
{
this.oid = oid;
}
/**
* Generate new policy object using language defined by oid and the
* policy.
*
* @param oid
* the OID for the language. Null retains the default of
* inherit all.
* @param policy
* the policy. Null means no policy.
*/
public ProxyPolicy(String oid, ASN1OctetString policy)
{
if (oid != null)
this.oid = oid;
this.policy = policy;
}
/**
* Read a new proxy policy object from the ASN1 sequence.
*
* @param seq
* The proxy policy ASN1 sequence.
*/
public ProxyPolicy(ASN1Sequence seq)
{
if (seq != null && seq.size() > 0)
{
if (seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
oid = seq.getObjectAt(0).toString();
} else
{
throw new IllegalArgumentException("ProxyPolicy parser error, expected object identifier, but got:"
+ seq.getObjectAt(0).getClass());
}
} else
{
throw new IllegalArgumentException("ProxyPolicy parser error, expected nonempty sequence, but not no sequence or an empty sequence");
}
if (seq.size() > 1)
{
if (seq.getObjectAt(1) instanceof DEROctetString)
{
this.policy = (ASN1OctetString) seq.getObjectAt(1);
} else
{
throw new IllegalArgumentException("ProxyPolicy parser error, expected octetstring but got: "
+ seq.getObjectAt(1).getClass());
}
}
if (seq.size() > 2)
{
throw new IllegalArgumentException("ProxyPolicy parser error, proxy policy can only have two items, got: "
+ seq.size() + "items.");
}
}
/**
* Use to get the policy OID as a String.
*
* @return The policy OID as a string. It is most likely one of the
* constants defined in this class, namely:
* <ul>
* <li>INHERITALL_POLICY_OID</li>
* <li>INDEPENDENT_POLICY_OID</li>
* <li>LIMITED_PROXY_OID</li>
* <li>something else</li>
* </ul>
*/
public String getPolicyOID()
{
return oid;
}
/**
* The optional policy information in this structure
*
* @return The policy in ASN1 structure. Null if not present.
*/
public ASN1OctetString getPolicyASN1()
{
return policy;
}
/**
* output the ASN1 object of the proxy policy.
*
* @see org.bouncycastle.asn1.ASN1Object#toASN1Object()
*/
@Override
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1ObjectIdentifier(oid));
if (policy != null)
v.add(DEROctetString.getInstance(policy));
return new DERSequence(v);
}
public ProxyPolicy clone()
{
return new ProxyPolicy(oid, policy);
}
}
|
