CertificateCache

namespace Akenti class CertificateCache

A PolicyCollector verifies the Policy and proceeds to collect the UseCondition certificates

Policy(bool isLeaf, const AkentiCertificate& policyCert): Constructs this object
~Policy(): Destroys this object
bool isLeaf() const: Returns true if this Policy applies to a leaf resource
const string& getResource() const: Returns the name of the resource that this policy applies to
string hashCode() const: Returns the hashCode of the policy certificate contained in this Policy
long getCacheTime() const: Returns the cacheTime in seconds
const AkentiPrincipal& getGuarantor() const: Returns the AkentiPrincipal that issued the policy certificate contained in this Policy
const AkentiCertificate& getPolicyCertificate() const: Returns the policy certificate contained in this Policy
bool isRootPolicy() const: Returns true if the policy certificate contained in this Policy aplies to a root resource
const vector <CertificateAuthorityInfo> & getCertificateAuthorityInfos() const: Returns the CertificateAuthorityInfos trusted by this root Policy
vector <Certificate> getCACerts() const: Returns the CA Certificates trusted by this root Policy
const vector & getIdentityDirectories() const: Returns the directories used to fetch x509 identity certficates
const vector & getAttributeDirectories() const: Returns the directories used to fetch attribute certficates
int numOfUseCondIssuerGroups() const: Returns the number of the UseCondIssuerGroups that are allowed to issue UseCondition certifcates for this resource
const UseCondIssuerGroup& getUseCondIssuerGroup(int groupIndex) const: Returns the UseCondIssuerGroup at index groupIndex
void addUCCertificate(const AkentiCertificate& ucCert): Adds a UseCondition certificate specified by ucCert to this Policy
const vector & getUCCerts() const: Returns the UseCondition certificates that apply to this Policy
string paramString() const: Returns a string for debugging purposes
PolicyAuthorizer(CertificateCache& cache, Verifier& verifier, const PolicyContext& context): Constructs this object
bool authorize(set& actions): Determines the allowable actions
~PolicyAuthorizer()
bool authorize(const Policy& policy, set& actions): Helper function

Documentation

A PolicyCollector verifies the Policy and proceeds to collect the UseCondition certificates.

Policy(bool isLeaf, const AkentiCertificate& policyCert)

Constructs this object. The policy certificate specified by policyCert must be of type RootPolicy or Policy.

Throws:: Error if policyCert is not intialized or of the wrong type
Parameters:: isLeaf - bool true if this policy applies to a leaf resource
policyCert - AkentiCertificate policy certificate
See Also:: AkentiCertificate
getType()

~Policy()

Destroys this object

bool isLeaf() const

Returns true if this Policy applies to a leaf resource.

Returns:: true if the resource is a leaf, false otherwise

const string& getResource() const

Returns the name of the resource that this policy applies to. This call is redirected to the policy certificate contained in this Policy.

Returns:: the name of the resource
See Also:

string hashCode() const

Returns the hashCode of the policy certificate contained in this Policy.

Returns:: the hashCode of the policy certificate
See Also:

long getCacheTime() const

Returns the cacheTime in seconds. This call is redirected to the policy certificate contained in this policy.

Returns:: the cache time in seconds
See Also:

const AkentiPrincipal& getGuarantor() const

Returns the AkentiPrincipal that issued the policy certificate contained in this Policy.

Returns:: the issuer of the policy certificate
See Also:: getGuarantor()
AkentiPrincipal

const AkentiCertificate& getPolicyCertificate() const

Returns the policy certificate contained in this Policy.

Returns:: the policy certificate
See Also:: AkentiCertificate

bool isRootPolicy() const

Returns true if the policy certificate contained in this Policy aplies to a root resource.

Returns:: true if the resource is root, false otherwise

const vector <CertificateAuthorityInfo> & getCertificateAuthorityInfos() const

Returns the CertificateAuthorityInfos trusted by this root Policy.

Throws:: Error if this is not a root resource.
Returns:: the CertificateAuthorityInfos trusted by this root resource
See Also:: getCertificateAuthorityInfos()
CertificateAuthorityInfo

vector <Certificate> getCACerts() const

Returns the CA Certificates trusted by this root Policy.

Throws:: Error if this is not a root resource.
Returns:: the certificates of the CAs trusted by this root resource.
See Also:: getCertificateAuthorityInfos()
getCertificate()
Certificate

const vector & getIdentityDirectories() const

Returns the directories used to fetch x509 identity certficates.

Returns:: the x509 certificate directories
See Also:

const vector & getAttributeDirectories() const

Returns the directories used to fetch attribute certficates.

Returns:: the attribute certificate directories
See Also:

int numOfUseCondIssuerGroups() const

Returns the number of the UseCondIssuerGroups that are allowed to issue UseCondition certifcates for this resource.

Returns:: the number of UseCondIssuerGroups
See Also:

const UseCondIssuerGroup& getUseCondIssuerGroup(int groupIndex) const

Returns the UseCondIssuerGroup at index groupIndex.

Throws:: Error if groupIndex is out of range
Parameters:: groupIndex - int the index of the UC group
See Also:: getUseCondIssuerGroups()

void addUCCertificate(const AkentiCertificate& ucCert)

Adds a UseCondition certificate specified by ucCert to this Policy.

Throws:: Error if ucCert is not of type UseCondition
See Also:: UseConditionCertificateImpl
getType()

const vector & getUCCerts() const

Returns the UseCondition certificates that apply to this Policy.

Returns:: the UseCondition certificates
See Also:: UseConditionCertificateImpl
AkentiCertificate

string paramString() const

Returns a string for debugging purposes

PolicyAuthorizer(CertificateCache& cache, Verifier& verifier, const PolicyContext& context)

Constructs this object. The CertificateVerifier is used to verify the Attribute Certificates that are used in the decision loop. The CertificateCache is queried for Attribute certificates. If these certificates are not found in the cache, this PolicyAuthorizer collects them and puts them in the cache. The PolicyContext contains the name of the resource, the AkentiPrincipal that is accessing the resource, and all the policy certificates that apply to that resource. The PolicyAuthorizer assumes that all the certificates policy and UseCondition have been found to be trusted.

bool authorize(set& actions)

Determines the allowable actions. Algorithm to determine these actions: For each policy: Evaluate the UseCondition certificates. For each UseCondition: If a UseCondition certificate evaluates to false and enable is true access is denied. If a UseCondition certificate evaluates to true we just add the actions specified by that UseCondition. Otherwise we do nothing. Algorithm to evaluate a UseCondition: The boolean expression specified in the UseCondition is evaluated using short-circuit evaluation. Therefore not all attribute/value pairs are considered. For each attribute/value pair, we have two cases: a) X509 First we check if the CA of the AkentiPrincipal is one of the CAs that can attest to this attribute value pair. Second we check if the DistinguishedName contains the attribute/value pair. b) GENERIC: This involves using attribute certificates. The collection of attribute certificates is essenatially the same as the collection of X509 identity certificates. See CertificateVerifier. The verification has an additional test which makes sure that the issuer of the attribute certificate is one of the issuers for this attribute/value pair.

~PolicyAuthorizer()

Author:: Abdelilah Essiari Srilekha Mudumbai
Version:: 1.1 00/05/01
See Also:

alphabetic index hierarchy of classes

this page has been generated automatically by doc++

(c)opyright by Malte Zöckler, Roland Wunderling
contact: doc++@zib.de