Initail Version
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / ArpCore.java
1 package aa;
2
3 import java.util.Enumeration;
4 import java.security.Principal;
5 import java.security.acl.*;
6 import java.io.Serializable;
7
8 public class ArpCore implements Serializable{
9
10     // Attributes
11     protected String userEnv = "user.name";
12     protected Acl acl;
13
14     // Associations
15
16     // Constructors
17
18
19     // Operations
20     public Principal getCaller(){
21         // return new KerberosPrincipal(System.getProperty(userEnv));
22         return new AA_Identity(System.getProperty(userEnv));
23     }
24
25     public void makeAcl(String name)throws NotOwnerException{
26         Principal owner = getCaller();
27         acl = new AA_Acl(name, owner);
28         AclEntry entry = new AA_AclEntry(owner);
29         entry.addPermission(new AA_Permission(AA_Permission.ALL));
30         acl.addEntry(owner, entry);
31     }
32
33
34     public Acl getAcl(){
35         return acl;
36     }
37
38     public void setAcl(String user, String permit)
39         throws AAPermissionException, NotOwnerException{
40
41         Principal prince = new AA_Identity(user);
42         if(permit.equalsIgnoreCase("NONE")){
43             setAcl(prince, null);
44             return;
45         }
46         String[] permitNames = AA_Permission.names;
47         for(int i=0; i < permitNames.length; i++){
48             if(permitNames[i].equalsIgnoreCase(permit)){
49                 setAcl(prince, new AA_Permission(i));
50                 return;
51             }
52         }
53         throw new AAPermissionException("No such ACL: "+permit);
54     }
55
56     public void setAcl(Principal user, Permission permit)
57         throws NotOwnerException, AAPermissionException{
58
59         if(!setAclPermitted())
60             throw new AAPermissionException("ALL access is needed to set ACL.");
61         if(permit == null){
62             AclEntry entry = getAclEntry(user);
63             if(entry == null)
64                 throw new AAPermissionException("No ACL entry found for user: "+user);
65             if(!acl.removeEntry(getCaller(), entry))
66                 throw new AAPermissionException("No ACL entry found. System Eror");
67             return;
68         }
69
70         if(acl.checkPermission(user, permit))
71             return; // already has it
72         AclEntry entry = getAclEntry(user);
73         if(entry == null){
74             entry = new AA_AclEntry(user);
75             entry.addPermission(permit);
76             acl.addEntry(getCaller(), entry);
77         }else{
78             entry.addPermission(permit);
79         }
80         return;
81     }
82
83     private AclEntry getAclEntry(Principal user){
84         AclEntry entry = null;
85
86         Enumeration en = acl.entries();
87         while(en.hasMoreElements()){
88             entry = (AclEntry)en.nextElement();
89             if(entry.getPrincipal().equals(user))
90                 return entry;
91         }
92         return null;
93     }
94
95         
96     /**
97      * Check to see if caller has permission to remove and insert (i.e replace) for this object.
98      * Returns true if permitted.
99      */
100     
101     public boolean replacePermitted(){
102         Permission rm = new AA_Permission(AA_Permission.DELETE);
103         Permission add = new AA_Permission(AA_Permission.INSERT);
104         Principal user = getCaller();
105         if(acl.checkPermission(user, rm) && acl.checkPermission(user, add))
106             return true;
107         return false;
108     }
109
110     public boolean insertPermitted(){
111         Permission add = new AA_Permission(AA_Permission.INSERT);
112         if(acl.checkPermission(getCaller(), add))
113             return true;
114         return false;
115     }
116
117     public boolean removePermitted(){
118         Permission rm = new AA_Permission(AA_Permission.DELETE);
119         if(acl.checkPermission(getCaller(), rm))
120             return true;
121         return false;
122     }
123
124     public boolean setAclPermitted(){
125         Permission all = new AA_Permission(AA_Permission.ALL);
126         if(acl.checkPermission(getCaller(), all))
127             return true;
128         return false;
129     }
130
131
132             
133
134
135 } /* end class ArpCore */