1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
package org.openpermis.repository.basic; |
11 | |
|
12 | |
|
13 | |
import static org.openpermis.cert.AttributeCertificateExtractorUtility.toUri; |
14 | |
|
15 | |
import java.net.URI; |
16 | |
import java.security.InvalidKeyException; |
17 | |
import java.security.NoSuchAlgorithmException; |
18 | |
import java.security.NoSuchProviderException; |
19 | |
import java.security.SignatureException; |
20 | |
import java.security.cert.Certificate; |
21 | |
import java.security.cert.CertificateException; |
22 | |
import java.util.List; |
23 | |
import java.util.Map; |
24 | |
|
25 | |
import org.openpermis.basic.InternalSubject; |
26 | |
import org.openpermis.basic.TimePeriod; |
27 | |
import org.openpermis.cert.AttributeCertificate; |
28 | |
import org.openpermis.cert.AttributeCertificateException; |
29 | |
import org.openpermis.cert.AttributeCertificateExtractorUtility; |
30 | |
import org.openpermis.cert.CertificateVerifier; |
31 | |
import org.openpermis.cert.RoleAttribute.RoleDefinition; |
32 | |
import org.openpermis.repository.SubjectRepository; |
33 | |
|
34 | |
|
35 | |
|
36 | |
|
37 | |
|
38 | |
|
39 | |
public abstract class AbstractSubjectRepository |
40 | |
implements SubjectRepository |
41 | |
{ |
42 | |
|
43 | |
|
44 | |
|
45 | |
|
46 | |
|
47 | |
|
48 | |
|
49 | |
private final CertificateVerifier certificateVerifier; |
50 | |
|
51 | |
|
52 | |
|
53 | |
|
54 | |
|
55 | |
|
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | |
|
61 | 6 | protected AbstractSubjectRepository (CertificateVerifier certificateVerifier) { |
62 | 6 | if (certificateVerifier == null) { |
63 | 0 | throw new IllegalArgumentException("certificate verifier is null"); |
64 | |
} |
65 | 6 | this.certificateVerifier = certificateVerifier; |
66 | 6 | } |
67 | |
|
68 | |
|
69 | |
|
70 | |
|
71 | |
|
72 | |
|
73 | |
|
74 | |
|
75 | |
|
76 | |
|
77 | |
|
78 | |
|
79 | |
|
80 | |
|
81 | |
|
82 | |
|
83 | |
protected void updateSubjectMap ( |
84 | |
Map<URI, InternalSubject> subjectsByIdentity, |
85 | |
AttributeCertificate certificate |
86 | |
) |
87 | |
throws NoSuchAlgorithmException, NoSuchProviderException |
88 | |
{ |
89 | 12 | if (subjectsByIdentity == null) { |
90 | 0 | throw new IllegalArgumentException("subject map is null"); |
91 | |
} |
92 | 12 | if (certificate == null) { |
93 | 0 | return; |
94 | |
} |
95 | 12 | if (!isCertificateCorrect(certificate)) { |
96 | 4 | return; |
97 | |
} |
98 | |
|
99 | |
try { |
100 | 8 | final URI issuer = toUri(AttributeCertificateExtractorUtility.readIssuer(certificate)); |
101 | 8 | final URI holder = toUri(AttributeCertificateExtractorUtility.readHolder(certificate)); |
102 | 8 | final InternalSubject holderSubject = getOrCreateSubject(subjectsByIdentity, holder); |
103 | 8 | final TimePeriod validity = |
104 | |
AttributeCertificateExtractorUtility.readValidityPeriod(certificate); |
105 | 8 | final List<RoleDefinition> roles = |
106 | |
AttributeCertificateExtractorUtility.readRoleAttribute(certificate); |
107 | |
|
108 | |
|
109 | 8 | for (RoleDefinition role : roles) { |
110 | 8 | holderSubject.assignRole( |
111 | |
getOrCreateSubject(subjectsByIdentity, issuer), |
112 | |
role.getName(), |
113 | |
URI.create(role.getHierarchy()), |
114 | |
validity |
115 | |
); |
116 | |
} |
117 | |
|
118 | 0 | } catch (AttributeCertificateException e) { |
119 | |
|
120 | 0 | return; |
121 | 8 | } |
122 | 8 | } |
123 | |
|
124 | |
|
125 | |
|
126 | |
|
127 | |
|
128 | |
|
129 | |
|
130 | |
|
131 | |
|
132 | |
|
133 | |
|
134 | |
|
135 | |
private boolean isCertificateCorrect (Certificate certificate) |
136 | |
throws NoSuchAlgorithmException, NoSuchProviderException |
137 | |
{ |
138 | |
try { |
139 | 12 | this.certificateVerifier.verifyCertificate(certificate); |
140 | 4 | } catch (InvalidKeyException e) { |
141 | 4 | return false; |
142 | 0 | } catch (CertificateException e) { |
143 | 0 | return false; |
144 | 0 | } catch (SignatureException e) { |
145 | 0 | return false; |
146 | 8 | } |
147 | 8 | return true; |
148 | |
} |
149 | |
|
150 | |
|
151 | |
|
152 | |
|
153 | |
private InternalSubject getOrCreateSubject ( |
154 | |
Map<URI, InternalSubject> subjectsByIdentity, |
155 | |
URI identity |
156 | |
) { |
157 | |
final InternalSubject result; |
158 | 16 | if (subjectsByIdentity.containsKey(identity)) { |
159 | 4 | result = subjectsByIdentity.get(identity); |
160 | |
} else { |
161 | 12 | result = new InternalSubject(identity); |
162 | 12 | subjectsByIdentity.put(identity, result); |
163 | |
} |
164 | 16 | return result; |
165 | |
} |
166 | |
|
167 | |
} |