001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.core.model.authorization;
013:
014: import java.util.ArrayList;
015: import java.util.Collection;
016: import java.util.Iterator;
017:
018: /**
019: * A class used as a help class for displaying and configuring basic access rules
020: *
021: * @author herrvendil
022: * @version $Id: BasicAccessRuleSetDecoder.java,v 1.4 2007/04/13 06:06:49 herrvendil Exp $
023: */
024: public class BasicAccessRuleSetDecoder implements java.io.Serializable {
025:
026: private ArrayList currentruleset = new ArrayList();
027:
028: /**
029: * Tries to encode a advanced ruleset into basic ones.
030: * Sets the forceadvanced flag if encoding isn't possible.
031: */
032: public BasicAccessRuleSetDecoder(int currentrole,
033: Collection currentcas, Collection currentendentityrules,
034: Collection currentendentityprofiles,
035: Collection currentotherrules) {
036: if (currentrole != BasicAccessRuleSet.ROLE_NONE) {
037: if (currentrole == BasicAccessRuleSet.ROLE_SUPERADMINISTRATOR) {
038: currentruleset.add(new AccessRule(
039: AvailableAccessRules.ROLE_SUPERADMINISTRATOR,
040: AccessRule.RULE_ACCEPT, false));
041: } else {
042: addCARules(currentcas);
043: addOtherRules(currentotherrules);
044: if (currentrole == BasicAccessRuleSet.ROLE_CAADMINISTRATOR) {
045: currentruleset.add(new AccessRule(
046: AvailableAccessRules.ROLE_ADMINISTRATOR,
047: AccessRule.RULE_ACCEPT, false));
048:
049: currentruleset
050: .add(new AccessRule(
051: AvailableAccessRules.REGULAR_CAFUNCTIONALTY,
052: AccessRule.RULE_ACCEPT, true));
053: currentruleset
054: .add(new AccessRule(
055: AvailableAccessRules.REGULAR_LOGFUNCTIONALITY,
056: AccessRule.RULE_ACCEPT, true));
057: currentruleset
058: .add(new AccessRule(
059: AvailableAccessRules.REGULAR_RAFUNCTIONALITY,
060: AccessRule.RULE_ACCEPT, true));
061: currentruleset
062: .add(new AccessRule(
063: AvailableAccessRules.REGULAR_SYSTEMFUNCTIONALITY,
064: AccessRule.RULE_ACCEPT, true));
065: currentruleset.add(new AccessRule(
066: AvailableAccessRules.ENDENTITYPROFILEBASE,
067: AccessRule.RULE_ACCEPT, true));
068:
069: currentruleset
070: .add(new AccessRule(
071: AvailableAccessRules.HARDTOKEN_EDITHARDTOKENISSUERS,
072: AccessRule.RULE_ACCEPT, false));
073: currentruleset
074: .add(new AccessRule(
075: AvailableAccessRules.HARDTOKEN_EDITHARDTOKENPROFILES,
076: AccessRule.RULE_ACCEPT, false));
077:
078: } else {
079: addEndEntityRules(currentendentityprofiles,
080: currentendentityrules);
081: if (currentrole == BasicAccessRuleSet.ROLE_RAADMINISTRATOR) {
082: currentruleset
083: .add(new AccessRule(
084: AvailableAccessRules.ROLE_ADMINISTRATOR,
085: AccessRule.RULE_ACCEPT, false));
086: currentruleset
087: .add(new AccessRule(
088: AvailableAccessRules.REGULAR_CREATECERTIFICATE,
089: AccessRule.RULE_ACCEPT, false));
090: currentruleset
091: .add(new AccessRule(
092: AvailableAccessRules.REGULAR_STORECERTIFICATE,
093: AccessRule.RULE_ACCEPT, false));
094: currentruleset
095: .add(new AccessRule(
096: AvailableAccessRules.REGULAR_VIEWCERTIFICATE,
097: AccessRule.RULE_ACCEPT, false));
098: }
099: if (currentrole == BasicAccessRuleSet.ROLE_SUPERVISOR) {
100: currentruleset
101: .add(new AccessRule(
102: AvailableAccessRules.ROLE_ADMINISTRATOR,
103: AccessRule.RULE_ACCEPT, false));
104: currentruleset.add(new AccessRule(
105: AvailableAccessRules.REGULAR_VIEWLOG,
106: AccessRule.RULE_ACCEPT, true));
107: currentruleset
108: .add(new AccessRule(
109: AvailableAccessRules.REGULAR_VIEWCERTIFICATE,
110: AccessRule.RULE_ACCEPT, false));
111: }
112: }
113: }
114: }
115: }
116:
117: /**
118: * Returns the current advanced rule set.
119: *
120: * @return a Collection of AccessRule
121: */
122: public Collection getCurrentAdvancedRuleSet() {
123: return currentruleset;
124: }
125:
126: private void addCARules(Collection currentcas) {
127: boolean allcafound = false;
128:
129: Iterator iter = currentcas.iterator();
130: ArrayList carules = new ArrayList();
131: while (iter.hasNext()) {
132: Integer next = (Integer) iter.next();
133:
134: if (next.equals(new Integer(BasicAccessRuleSet.CA_ALL))) {
135: allcafound = true;
136: break;
137: }
138: carules.add(new AccessRule(AvailableAccessRules.CAPREFIX
139: + next.toString(), AccessRule.RULE_ACCEPT, false));
140: }
141:
142: if (allcafound) {
143: carules.clear();
144: carules.add(new AccessRule(AvailableAccessRules.CABASE,
145: AccessRule.RULE_ACCEPT, true));
146: }
147:
148: this .currentruleset.addAll(carules);
149:
150: }
151:
152: private void addOtherRules(Collection currentotherrules) {
153: Iterator iter = currentotherrules.iterator();
154: while (iter.hasNext()) {
155: Integer next = (Integer) iter.next();
156:
157: if (next.equals(new Integer(
158: BasicAccessRuleSet.OTHER_VIEWLOG))) {
159: currentruleset.add(new AccessRule(
160: AvailableAccessRules.REGULAR_VIEWLOG,
161: AccessRule.RULE_ACCEPT, true));
162: } else if (next.equals(new Integer(
163: BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS))) {
164: currentruleset.add(new AccessRule(
165: AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS,
166: AccessRule.RULE_ACCEPT, false));
167: }
168: }
169: }
170:
171: private void addEndEntityRules(Collection currentendentityprofiles,
172: Collection currentendentityrules) {
173: ArrayList endentityrules = new ArrayList();
174:
175: Iterator iter = currentendentityrules.iterator();
176: while (iter.hasNext()) {
177: int next = ((Integer) iter.next()).intValue();
178:
179: if (next == BasicAccessRuleSet.ENDENTITY_VIEW) {
180: currentruleset.add(new AccessRule(
181: AvailableAccessRules.REGULAR_VIEWENDENTITY,
182: AccessRule.RULE_ACCEPT, false));
183: endentityrules.add(AvailableAccessRules.VIEW_RIGHTS);
184: } else if (next == BasicAccessRuleSet.ENDENTITY_VIEWHISTORY) {
185: currentruleset
186: .add(new AccessRule(
187: AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY,
188: AccessRule.RULE_ACCEPT, false));
189: endentityrules.add(AvailableAccessRules.HISTORY_RIGHTS);
190: } else if (next == BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS) {
191: currentruleset.add(new AccessRule(
192: AvailableAccessRules.REGULAR_VIEWHARDTOKENS,
193: AccessRule.RULE_ACCEPT, false));
194: endentityrules
195: .add(AvailableAccessRules.HARDTOKEN_RIGHTS);
196: } else if (next == BasicAccessRuleSet.ENDENTITY_CREATE) {
197: currentruleset.add(new AccessRule(
198: AvailableAccessRules.REGULAR_CREATEENDENTITY,
199: AccessRule.RULE_ACCEPT, false));
200: endentityrules.add(AvailableAccessRules.CREATE_RIGHTS);
201: } else if (next == BasicAccessRuleSet.ENDENTITY_DELETE) {
202: currentruleset.add(new AccessRule(
203: AvailableAccessRules.REGULAR_DELETEENDENTITY,
204: AccessRule.RULE_ACCEPT, false));
205: endentityrules.add(AvailableAccessRules.DELETE_RIGHTS);
206: } else if (next == BasicAccessRuleSet.ENDENTITY_EDIT) {
207: currentruleset.add(new AccessRule(
208: AvailableAccessRules.REGULAR_EDITENDENTITY,
209: AccessRule.RULE_ACCEPT, false));
210: endentityrules.add(AvailableAccessRules.EDIT_RIGHTS);
211: } else if (next == BasicAccessRuleSet.ENDENTITY_REVOKE) {
212: currentruleset.add(new AccessRule(
213: AvailableAccessRules.REGULAR_REVOKEENDENTITY,
214: AccessRule.RULE_ACCEPT, false));
215: endentityrules.add(AvailableAccessRules.REVOKE_RIGHTS);
216: } else if (next == BasicAccessRuleSet.ENDENTITY_KEYRECOVER) {
217: currentruleset.add(new AccessRule(
218: AvailableAccessRules.REGULAR_KEYRECOVERY,
219: AccessRule.RULE_ACCEPT, false));
220: endentityrules
221: .add(AvailableAccessRules.KEYRECOVERY_RIGHTS);
222: } else if (next == BasicAccessRuleSet.ENDENTITY_APPROVE) {
223: currentruleset.add(new AccessRule(
224: AvailableAccessRules.REGULAR_APPROVEENDENTITY,
225: AccessRule.RULE_ACCEPT, false));
226: endentityrules
227: .add(AvailableAccessRules.APPROVAL_RIGHTS);
228: } else if (next == BasicAccessRuleSet.ENDENTITY_VIEWPUK) {
229: currentruleset.add(new AccessRule(
230: AvailableAccessRules.REGULAR_VIEWPUKS,
231: AccessRule.RULE_ACCEPT, false));
232: endentityrules
233: .add(AvailableAccessRules.HARDTOKEN_PUKDATA_RIGHTS);
234: }
235: }
236:
237: addEndEntityProfiles(currentendentityprofiles, endentityrules);
238: }
239:
240: private void addEndEntityProfiles(
241: Collection currentendentityprofiles,
242: Collection endentityrules) {
243: boolean allexists = false;
244: Iterator iter = currentendentityprofiles.iterator();
245:
246: ArrayList profilerules = new ArrayList();
247: while (iter.hasNext() && !allexists) {
248: Integer next = (Integer) iter.next();
249: if (next.intValue() == BasicAccessRuleSet.ENDENTITYPROFILE_ALL) {
250: allexists = true;
251: break;
252: }
253: Iterator iter2 = endentityrules.iterator();
254: String profilerule = AvailableAccessRules.ENDENTITYPROFILEPREFIX
255: + next.toString();
256: while (iter2.hasNext()) {
257: String nextrule = (String) iter2.next();
258: profilerules.add(new AccessRule(profilerule + nextrule,
259: AccessRule.RULE_ACCEPT, false));
260: }
261: }
262:
263: if (allexists) {
264: profilerules.clear();
265: profilerules.add(new AccessRule(
266: AvailableAccessRules.ENDENTITYPROFILEBASE,
267: AccessRule.RULE_ACCEPT, true));
268: }
269: currentruleset.addAll(profilerules);
270: }
271:
272: }
|