Coverage Report - org.openpermis.examples.simple.HelloWorld
 
Classes in this File Line Coverage Branch Coverage Complexity
HelloWorld
0%
0/47
0%
0/8
3.167
 
 1  
 /*
 2  
  * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport
 3  
  *                     (http://www.vbs.admin.ch)
 4  
  * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch)
 5  
  * All rights reserved.
 6  
  *
 7  
  * Licensed under the Open Permis License which accompanies this distribution,
 8  
  * and is available at http://www.openpermis.org/BSDlicenceKent.txt
 9  
  */
 10  
 package org.openpermis.examples.simple;
 11  
 
 12  
 import static org.openpermis.examples.simple.HelloWorldUtilities.fatalError;
 13  
 import static org.openpermis.examples.simple.HelloWorldUtilities.validateInput;
 14  
 
 15  
 import java.io.IOException;
 16  
 import java.net.URL;
 17  
 import java.security.cert.CertificateException;
 18  
 import java.security.cert.CertificateFactory;
 19  
 import java.security.cert.X509Certificate;
 20  
 import java.util.List;
 21  
 
 22  
 import org.openpermis.AuthorizationService;
 23  
 import org.openpermis.PolicyDecisionPoint;
 24  
 import org.openpermis.builder.AuthorizationServiceBuilder;
 25  
 import org.openpermis.cert.AttributeCertificateExtractorUtility;
 26  
 import org.openpermis.cert.BasicCertificateVerifier;
 27  
 import org.openpermis.cert.CertificateVerifier;
 28  
 import org.openpermis.repository.SubjectRepository;
 29  
 import org.openpermis.repository.basic.UrlSubjectRepository;
 30  
 
 31  
 
 32  
 /**
 33  
  * A sample HelloWorld application that can be invoked from the command line.
 34  
  * <p>For the sake of simplicity error handling is very simple 
 35  
  * @since 0.1.0
 36  
  */
 37  
 public final class HelloWorld {
 38  
 
 39  
         //---- Static
 40  
         
 41  
         /**
 42  
          * Reads the SoA certificate from a classpath URL.
 43  
          * @return the SoA certificate requested.
 44  
          * @since 0.3.0
 45  
          */
 46  
         private static final X509Certificate readSoaCertificate () {
 47  
                 try {
 48  0
                         final URL soaCertificateUrl = HelloWorld.class.getResource("soa.cer");
 49  0
                         final CertificateFactory cf = CertificateFactory.getInstance("X.509");
 50  0
                         return (X509Certificate) cf.generateCertificate(soaCertificateUrl.openStream());
 51  0
                 } catch (CertificateException e) {
 52  0
                         fatalError("Failed to parse SoA certificate.", e);
 53  0
                 } catch (IOException e) {
 54  0
                         fatalError("Failed to load SoA certificate.", e);
 55  0
                 }
 56  0
                 return null;
 57  
         }
 58  
         
 59  
         /**
 60  
          * Creates a {@link PolicyDecisionPoint} from an attribute certificate located on the classpath.
 61  
          * @param certificateVerifier the certificate verifier used to verify the attribute 
 62  
          * certificate containing the policy.
 63  
          * @return the {@link PolicyDecisionPoint} requested or {@code null} if it could not be read.
 64  
          * @since 0.3.0
 65  
          */
 66  
         private static final PolicyDecisionPoint createPolicyDecisionPoint (
 67  
                 CertificateVerifier certificateVerifier
 68  
         ) {
 69  
                 try {
 70  0
                         final URL policyCertificateUrl = HelloWorld.class.getResource("policy.ace");
 71  0
                         return AttributeCertificateExtractorUtility.
 72  
                                 createPolicyDecisionPoint(policyCertificateUrl, certificateVerifier);
 73  0
                 } catch (Exception e) {
 74  0
                         fatalError("Failed to create policy decision point.", e);
 75  
                 }
 76  0
                 return null;
 77  
         }
 78  
         
 79  
         /**
 80  
          * Creates a subject repository with the specified certificate verifier.
 81  
          * @param certificateVerifier the certificate verifier used to verify the attribute 
 82  
          * certificate of the subjects.
 83  
          * @return the subject repository requested, {@code null} in case of a failure.
 84  
          * @since 0.3.0
 85  
          */
 86  
         private static final SubjectRepository readSubjectRepository (
 87  
                 CertificateVerifier certificateVerifier
 88  
         ) {
 89  
                 try {
 90  0
                         final URL[] subjectUrls = new URL[] {
 91  
                                 HelloWorld.class.getResource("john.ace"),
 92  
                                 HelloWorld.class.getResource("sara.ace")
 93  
                         };
 94  0
                         return new UrlSubjectRepository(certificateVerifier, subjectUrls);
 95  0
                 } catch (Exception e) {
 96  0
                         fatalError("Failed to load role certificates.", e);
 97  
                 }
 98  0
                 return null;
 99  
         }
 100  
         
 101  
         /**
 102  
          * This main method creates an authorized letterbox service and tries to execute requested 
 103  
          * actions for user names.
 104  
          * @param args a user name and an action. 
 105  
          * E.g. <code>"cn=john,o=post,c=ch" "collectLetters"</code> or 
 106  
          * <code>"cn=sara,o=post,c=ch" "insertLetter"</code>.
 107  
          * @since 0.1.0
 108  
          */
 109  
         public static void main (String[] args) {
 110  0
                 final List<String[]> input = validateInput(args);
 111  
                 
 112  0
                 final LetterboxService service = createService();
 113  
 
 114  
                 // The actual example: try to execute the given action for the given user name 
 115  
                 // that was given on the command line.
 116  0
                 for (String[] line : input) {
 117  0
                         System.out.println("--- Authorization -----------------------");
 118  0
                         System.out.print("Arguments: ");
 119  0
                         for (String argument : line) {
 120  0
                                 System.out.print("'" + argument + "' ");
 121  
                         }
 122  0
                         System.out.println();
 123  
                         
 124  0
                         System.out.print("Result: ");
 125  
                         try {
 126  0
                                 if ("insertLetter".equals(line[1])) {
 127  0
                                         service.insertLetter(line[0], "Hi I'm a letter.");
 128  0
                                         System.out.println("Inserted Letter");
 129  0
                                 } else if ("collectLetters".equals(line[1])) {
 130  0
                                         service.collectLetters(line[0]);
 131  0
                                         System.out.println("Collected Letters");
 132  
                                 } else {
 133  0
                                         throw new IllegalStateException("Internal argument validation failure.");
 134  
                                 }
 135  
                                 
 136  0
                         } catch (LetterboxException e) {
 137  0
                                 System.out.println("<" + e.getMessage() + ">");
 138  0
                         }
 139  
                 }
 140  0
         }
 141  
 
 142  
         /**
 143  
          * Creates the {@link LetterboxService}.
 144  
          * @return the HelloWorld service.
 145  
          * @since 0.4.0
 146  
          */
 147  
         public static LetterboxService createService () {
 148  
                 // An authorization service needs a trusted public key of the source of authority (SoA) to 
 149  
                 // validate the attribute certificates (AC), including policies and roles.
 150  
                 // Future implementations will allow a advanced public key infrastructure (PKI)
 151  0
                 final X509Certificate soaCertificate = readSoaCertificate();
 152  
                 
 153  
                 // The certificate verifier is used to verify attribute certificates.
 154  
                 // In this example, a simple certificate verifier is used: It only knows one trusted SoA
 155  
                 // certificate and does not allow chains. Both the attribute certificates with the roles
 156  
                 // and the certificate with the policy use the same verifier. You can also use different
 157  
                 // certificate verifiers.
 158  0
                 final CertificateVerifier certificateVerifier = 
 159  
                         new BasicCertificateVerifier(soaCertificate);
 160  
                 
 161  
                 // Every authorization service needs a policy decision point. For this example we load the 
 162  
                 // attribute certificate, containing the policy from a classpath URL.
 163  0
                 final PolicyDecisionPoint pdp = createPolicyDecisionPoint(certificateVerifier);
 164  
                 
 165  
                 // Our application needs a subject repository from which subjects
 166  
                 // (i.e. authenticated persons with their roles) can be retrieved.
 167  
                 // For this example we load the attribute certificates from a fixed list of URLs
 168  
                 // retrieved from the classpath.
 169  0
                 final SubjectRepository repository = readSubjectRepository(certificateVerifier);
 170  
                 
 171  
                 // The main service every PERMIS application needs is an authorization service.
 172  
                 // An authorization service allows an application to retrieve subjects for authenticated 
 173  
                 // users and to decide whether users should be given access to protected resources.
 174  
                 // The easiest way to create an authorization service is to use an 
 175  
                 // AuthorizationServiceBuilder
 176  
                 // and configure the builder with the objects we want to use. The builder
 177  
                 // will choose sensible conventions for anything not explicitly configured.
 178  0
                 final AuthorizationService authorizationService = new AuthorizationServiceBuilder().
 179  
                         withSubjectsFrom(repository).forPolicyDecisionPoint(pdp).build();
 180  
                 
 181  
                 // Our example uses an authorizing service wrapper. The wrapper implements the same
 182  
                 // interface as the actual service implementation. We expect that we might even
 183  
                 // provide a generic authorizing service proxy for arbitrary service interfaces
 184  
                 // in the future.
 185  0
                 return new AuthorizedLetterboxService(authorizationService, new BasicLetterboxService());
 186  
         }
 187  
 
 188  
         //---- Constructors
 189  
         
 190  
         /**
 191  
          * Objects of this class cannot be instantiated.
 192  
          * @since 0.1.0
 193  
          */
 194  
         private HelloWorld () {
 195  0
                 super();
 196  0
         }
 197  
 
 198  
 }