Coverage Report - org.openpermis.examples.ldap.HelloWorld
 
Classes in this File Line Coverage Branch Coverage Complexity
HelloWorld
0%
0/35
0%
0/2
2.8
 
 1  
 /*
 2  
  * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport
 3  
  *                     (http://www.vbs.admin.ch)
 4  
  * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch)
 5  
  * All rights reserved.
 6  
  *
 7  
  * Licensed under the Open Permis License which accompanies this distribution,
 8  
  * and is available at http://www.openpermis.org/BSDlicenceKent.txt
 9  
  */
 10  
 package org.openpermis.examples.ldap;
 11  
 
 12  
 import static org.openpermis.examples.ldap.HelloWorldUtilities.fatalError;
 13  
 import static org.openpermis.examples.ldap.HelloWorldUtilities.validateInput;
 14  
 
 15  
 import java.io.IOException;
 16  
 import java.net.URL;
 17  
 import java.security.cert.CertificateException;
 18  
 import java.security.cert.CertificateFactory;
 19  
 import java.security.cert.X509Certificate;
 20  
 
 21  
 import javax.naming.directory.SearchControls;
 22  
 
 23  
 import org.openpermis.AuthorizationService;
 24  
 import org.openpermis.PolicyDecisionPoint;
 25  
 import org.openpermis.builder.AuthorizationServiceBuilder;
 26  
 import org.openpermis.cert.AttributeCertificateExtractorUtility;
 27  
 import org.openpermis.cert.BasicCertificateVerifier;
 28  
 import org.openpermis.cert.CertificateVerifier;
 29  
 import org.openpermis.repository.SubjectRepository;
 30  
 import org.openpermis.repository.basic.LdapSubjectRepository;
 31  
 
 32  
 
 33  
 /**
 34  
  * A sample HelloWorld application that can be invoked from the command line.
 35  
  * <p>For the sake of simplicity error handling is very simple 
 36  
  * @since 0.1.0
 37  
  */
 38  
 public final class HelloWorld {
 39  
 
 40  
         //---- Static
 41  
         
 42  
         /**
 43  
          * Reads the SoA certificate from a classpath URL.
 44  
          * @return the SoA certificate requested.
 45  
          * @since 0.3.0
 46  
          */
 47  
         private static final X509Certificate readSoaCertificate () {
 48  
                 try {
 49  0
                         final URL soaCertificateUrl = HelloWorld.class.getResource("soa.cer");
 50  0
                         final CertificateFactory cf = CertificateFactory.getInstance("X.509");
 51  0
                         return (X509Certificate) cf.generateCertificate(soaCertificateUrl.openStream());
 52  0
                 } catch (CertificateException e) {
 53  0
                         fatalError("Failed to parse SoA certificate.", e);
 54  0
                 } catch (IOException e) {
 55  0
                         fatalError("Failed to load SoA certificate.", e);
 56  0
                 }
 57  0
                 return null;
 58  
         }
 59  
         
 60  
         /**
 61  
          * Creates a {@link PolicyDecisionPoint} from an attribute certificate located on the classpath.
 62  
          * @param certificateVerifier the certificate verifier used to verify the attribute 
 63  
          * certificate containing the policy.
 64  
          * @return the {@link PolicyDecisionPoint} requested or {@code null} if it could not be read.
 65  
          * @since 0.3.0
 66  
          */
 67  
         private static final PolicyDecisionPoint createPolicyDecisionPoint (
 68  
                 CertificateVerifier certificateVerifier
 69  
         ) {
 70  
                 try {
 71  0
                         final URL policyCertificateUrl = HelloWorld.class.getResource("policy.ace");
 72  0
                         return AttributeCertificateExtractorUtility.
 73  
                                 createPolicyDecisionPoint(policyCertificateUrl, certificateVerifier);
 74  0
                 } catch (Exception e) {
 75  0
                         fatalError("Failed to create policy decision point.", e);
 76  
                 }
 77  0
                 return null;
 78  
         }
 79  
         
 80  
         /**
 81  
          * Creates a subject repository with the specified certificate verifier.
 82  
          * @param certificateVerifier the certificate verifier used to verify the attribute 
 83  
          * certificate of the subjects.
 84  
          * @return the subject repository requested, {@code null} in case of a failure.
 85  
          * @since 0.3.0
 86  
          */
 87  
         private static final SubjectRepository readSubjectRepository (
 88  
                 CertificateVerifier certificateVerifier
 89  
         ) {
 90  
                 try {
 91  0
                         return new LdapSubjectRepository(
 92  
                                 certificateVerifier,
 93  
                                 "ldap://localhost:1389", 
 94  
                                 null, null, 
 95  
                                 "c=ch", 
 96  
                                 SearchControls.SUBTREE_SCOPE
 97  
                         );
 98  0
                 } catch (Exception e) {
 99  0
                         fatalError("Failed to load role certificates.", e);
 100  
                 }
 101  0
                 return null;
 102  
         }
 103  
         
 104  
         /**
 105  
          * This main method creates an authorized HelloWorld service and tries to
 106  
          * get greeting messages for all user names that it finds in its argument list.
 107  
          * @param args a set of user names for whom the service will be invoked. 
 108  
          * E.g. <code>"cn=john,o=post,c=ch"</code> or 
 109  
          * <code>"cn=sara,o=post,c=ch"</code>.
 110  
          * @since 0.1.0
 111  
          */
 112  
         public static void main (String[] args) {
 113  0
                 final String[] input = validateInput(args);
 114  
                 
 115  
                 // An authorization service needs a trusted public key of the source of authority (SoA) to 
 116  
                 // validate the attribute certificates (AC), including policies and roles.
 117  
                 // Future implementations will allow a advanced public key infrastructure (PKI)
 118  0
                 final X509Certificate soaCertificate = readSoaCertificate();
 119  
                 
 120  
                 // The certificate verifier is used to verify attribute certificates.
 121  
                 // In this example, a simple certificate verifier is used: It only knows one trusted SoA
 122  
                 // certificate and does not allow chains. Both the attribute certificates with the roles
 123  
                 // and the certificate with the policy use the same verifier. You can also use different
 124  
                 // certificate verifiers.
 125  0
                 final CertificateVerifier certificateVerifier = 
 126  
                         new BasicCertificateVerifier(soaCertificate);
 127  
                 
 128  
                 // Every authorization service needs a policy decision point. For this example we load the 
 129  
                 // attribute certificate, containing the policy from a classpath URL.
 130  0
                 final PolicyDecisionPoint pdp = createPolicyDecisionPoint(certificateVerifier);
 131  
                 
 132  
                 // Our application needs a subject repository from which subjects
 133  
                 // (i.e. authenticated persons with their roles) can be retrieved.
 134  
                 // For this example we load the attribute certificates from a fixed list of URLs
 135  
                 // retrieved from the classpath.
 136  0
                 final SubjectRepository repository = readSubjectRepository(certificateVerifier);
 137  
                 
 138  
                 // The main service every PERMIS application needs is an authorization service.
 139  
                 // An authorization service allows an application to retrieve subjects for authenticated 
 140  
                 // users and to decide whether users should be given access to protected resources.
 141  
                 // The easiest way to create an authorization service is to use an 
 142  
                 // AuthorizationServiceBuilder
 143  
                 // and configure the builder with the objects we want to use. The builder
 144  
                 // will choose sensible conventions for anything not explicitly configured.
 145  0
                 final AuthorizationService authorizationService = new AuthorizationServiceBuilder().
 146  
                         withSubjectsFrom(repository).forPolicyDecisionPoint(pdp).build();
 147  
                 
 148  
                 // Our example uses an authorizing service wrapper. The wrapper implements the same
 149  
                 // interface as the actual service implementation. We expect that we might even
 150  
                 // provide a generic authorizing service proxy for arbitrary service interfaces
 151  
                 // in the future.
 152  0
                 final HelloWorldService service = 
 153  
                         new AuthorizedHelloWorldService(authorizationService, new BasicHelloWorldService());
 154  
 
 155  
                 // The actual example: try to get the service's greeting message for each
 156  
                 // user name that was given on the command line.
 157  0
                 System.out.println("Getting greetings.");
 158  0
                 for (String name : input) {
 159  0
                         System.out.print("  " + name + ": ");
 160  
                         try {
 161  0
                                 System.out.println(service.getHelloMessage(name));
 162  0
                         } catch (HelloWorldException e) {
 163  0
                                 System.out.println("<" + e.getMessage() + ">");
 164  0
                         }
 165  
                 }
 166  0
         }
 167  
 
 168  
         //---- Constructors
 169  
         
 170  
         /**
 171  
          * Objects of this class cannot be instantiated.
 172  
          * @since 0.1.0
 173  
          */
 174  
         private HelloWorld () {
 175  0
                 super();
 176  0
         }
 177  
 
 178  
 }