source: java/net/deterlab/abac/CredentialFactory.java @ 1a1acd9

package net.deterlab.abac;

import java.io.*;
import java.util.*;
import java.lang.reflect.*;


/**
 * The system demultiplex point for parsing Credentials.  Static class that
 * keeps an ordered list of CredentialParsers to try and a couple helper
 * functions to open files, etc in calling the CredentialParsers.  All
 * credential parsing should use a credential factory.
 * @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
 * @version 1.4
 */
public class CredentialFactory implements Cloneable {
    protected List<CredentialFactorySpecialization> spec;
    static public String[] defNames = new String[] {
        "net.deterlab.abac.GENICredential",
        "net.deterlab.abac.X509Credential"
    };
    public static final int maxSize = 50 * 1024;

    /**
     * Create a Credential Factory that parses the default type(s)
     * @throws ABACException if the object cannot be created
     */
    public CredentialFactory() throws ABACException {
        spec = new ArrayList<CredentialFactorySpecialization>();
        for ( String name: defNames) 
            registerClass(name);
    }

    /**
     * Create a Credential Factory that parses the given type(s).  Each String
     * should be the binary name for a class that exports a static
     * getCredentialParser method that returns a CredentialParser for the
     * class.
     * @param names a Collection of Strings naming the classes to parse
     * @throws ABACException if the object cannot be created
     */
    public CredentialFactory(Collection<String> names) throws ABACException {
        spec = new ArrayList<CredentialFactorySpecialization>();
        for (String n : names ) 
            registerClass(n);
    }

    /**
     * Create a Credential Factory that parses the given type(s).  Each String
     * should be the binary name for a class that exports a static
     * getCredentialParser method that returns a CredentialParser for the
     * class.
     * @param names an Array of Strings naming the classes to parse
     * @throws ABACException if the object cannot be created
     */
    public CredentialFactory(String[] names) throws ABACException {
        spec = new ArrayList<CredentialFactorySpecialization>();
        for (String n : names ) 
            registerClass(n);
    }

    /**
     * Create a Credential Factory that is a clone of the given
     * CredentialFactory.
     * @param cf the CredentialFactory to copy
     * @throws ABACException if the object cannot be created
     */
    public CredentialFactory(CredentialFactory cf) throws ABACException {
        this();

        spec = new ArrayList<CredentialFactorySpecialization>();

        for ( int i = 0; i < spec.size(); i++) 
            spec.add(cf.spec.get(i));
    }

    /**
     * Make a copy of this CredentialFactory
     * @returns a CredentialFactory, a copy of this one
     */
    public Object clone() throws CloneNotSupportedException {
        CredentialFactory cf = null;
        try {
            cf = new CredentialFactory(this);
        }
        catch (ABACException ae) {
            return null;
        }
        return cf;
    }


    /**
     * Parse an input stream using each possible credential format and the
     * available identities for validation.  Return the credentials found or
     * throw an ABACException with the problem.  It wraps the input stream in a
     * BufferedInputStream in order to retry is a parser fails.  Credentials
     * larger than maxSize will nor be able to be reparsed.
     * @param is an InputStream to parse
     * @param ids a Collection of Identities for validation
     * @return an Array of Credentials parsed
     * @throws CertInvalidException if the stream is unparsable
     * @throws MissingIssuerException if none of the Identities can validate the
     * @throws BadSignatureException if the signature check fails
     */
    public Credential[] parseCredential(InputStream is, 
            Collection<Identity> ids) throws ABACException {
        Credential[] rv = null;
        ABACException err = null;

        if (!is.markSupported() && spec.size() > 1) 
            is = new BufferedInputStream(is, maxSize);
        if (spec.size() > 1)
            is.mark(maxSize);

        for (CredentialFactorySpecialization c : spec ) {
            try {
                rv = c.parseCredential(is, ids);
                break;
            }
            catch (ABACException e ) {
                err = e;
                rv = null;
            }
            try {
                if (spec.size() > 1) is.reset(); 
            }
            catch (IOException ie) { 
                break;
            }
        }

        if ( rv != null ) 
            return rv;
        else 
            throw (err != null) ? err :
                new ABACException("null exception and failed construction??");
    }


    /**
     * Parse a File using each possible credential format and the
     * available identities for validation.  Return the credentials found or
     * throw an ABACException with the problem.  Calls the InputStream version
     * internally.
     * @param f a File to parse
     * @param ids a Collection of Identities for validation
     * @return an Array of Credentials parsed
     * @throws CertInvalidException if the stream is unparsable
     * @throws MissingIssuerException if none of the Identities can validate the
     * @throws BadSignatureException if the signature check fails
     */
    public Credential[] parseCredential(File f, 
            Collection<Identity> ids) throws ABACException {
        try {
            return parseCredential(new FileInputStream(f), ids);
        }
        catch (FileNotFoundException e) {
            throw new CertInvalidException(e.getMessage(), e);
        }
    }
    /**
     * Parse a file named fn using each possible credential format and the
     * available identities for validation.  Return the credentials found or
     * throw an ABACException with the problem.  Calls the InputStream version
     * internally.
     * @param fn a String holding the filename to parse
     * @param ids a Collection of Identities for validation
     * @return an Array of Credentials parsed
     * @throws CertInvalidException if the stream is unparsable
     * @throws MissingIssuerException if none of the Identities can validate the
     * @throws BadSignatureException if the signature check fails
     */
    public Credential[] parseCredential(String fn, 
            Collection<Identity> ids) throws ABACException {
        return parseCredential(new File(fn), ids);
    }

    /**
     * Return a credential of the from the first
     * CredentialFactorySpecialization in the factory.
     * @param head a Role, the head of the encoded ABAC statement
     * @param tail a Role, the tail of the decoded ABAC statement
     * @return a Credential encoding that ABAC statement
     */
    public Credential generateCredential(Role head, Role tail) {
        if (spec.isEmpty()) return null;
        return spec.get(0).generateCredential(head, tail);
    }

    /**
     * Add the named class to the list of usable specializations.  The class
     * passed in must have a static getCredentialFactorySpecialization() method
     * that returns a CredentialFactorySpecialization to use.
     * @param name a String containing the binary name of the class to register
     * @throws ABACException if there is a problem.  The cause field of this
     * exception is set to the classloading exception, if any.
     */
    public void registerClass(String name)
        throws ABACException {
        CredentialFactorySpecialization cs = null;

        try {
            /* <?> doesn't guarantee much, but shuts the compiler up */
            Class<?> c =  Class.forName(name);
            Method m = c.getMethod("getCredentialFactorySpecialization");

            cs = (CredentialFactorySpecialization) m.invoke(null);
        }
        catch (Exception e) {
            throw new ABACException("Could not register credential type" + 
                    e.getMessage(), e);
        }

        spec.add(cs);
    }
}