Example 1 with AclCheckResult
use of edu.umass.cs.gnsserver.gnsapp.clientSupport.AclCheckResult in project GNS by MobilityFirst.
the class FieldAccess method signatureAndACLCheckForRead.
/**
*
* @param header
* @param commandPacket
* @param guid
* @param field
* @param fields
* @param reader
* @param signature
* @param message
* @param timestamp
* @param app
* @param skipSigCheck
* @return the ResponseCode
*/
public static ResponseCode signatureAndACLCheckForRead(InternalRequestHeader header, CommandPacket commandPacket, String guid, String field, List<String> fields, String reader, String signature, String message, Date timestamp, GNSApplicationInterface<String> app, boolean skipSigCheck) {
ResponseCode errorCode = ResponseCode.NO_ERROR;
LOGGER.log(Level.FINE, "signatureAndACLCheckForRead guid: {0} field: {1} reader: {2}", new Object[] { guid, field, reader });
try {
assert (header != null);
// note: reader can also be null here
if (!header.verifyInternal() && !commandPacket.getCommandType().isMutualAuth() && (field != null || fields != null)) {
errorCode = NSAuthentication.signatureAndACLCheck(header, guid, field, fields, reader, signature, message, MetaDataTypeName.READ_WHITELIST, app, skipSigCheck);
} else {
LOGGER.log(Level.FINEST, "reader={0}; internal={1} field={2}; fields={3};", new Object[] { reader, header.verifyInternal(), field, fields });
// internal and mutual auth commands don't need ACL checks
if ((header.verifyInternal() && (GNSProtocol.INTERNAL_QUERIER.toString().equals(reader))) || commandPacket.getCommandType().isMutualAuth()) {
return ResponseCode.NO_ERROR;
}
//Fixme: I'm guessing this case is for active code only.
if (field != null) {
errorCode = NSAuthentication.aclCheck(header, guid, field, header.getQueryingGUID(), MetaDataTypeName.READ_WHITELIST, app).getResponseCode();
} else if (fields != null) {
for (String aField : fields) {
AclCheckResult aclResult = NSAuthentication.aclCheck(header, guid, aField, header.getQueryingGUID(), MetaDataTypeName.READ_WHITELIST, app);
if (aclResult.getResponseCode().isExceptionOrError()) {
errorCode = aclResult.getResponseCode();
}
}
}
}
// Check for stale commands.
if (timestamp != null) {
if (timestamp.before(DateUtils.addMinutes(new Date(), -Config.getGlobalInt(GNSConfig.GNSC.STALE_COMMAND_INTERVAL_IN_MINUTES)))) {
errorCode = ResponseCode.STALE_COMMAND_VALUE;
}
}
} catch (InvalidKeyException | InvalidKeySpecException | SignatureException | NoSuchAlgorithmException | FailedDBOperationException | UnsupportedEncodingException e) {
errorCode = ResponseCode.SIGNATURE_ERROR;
}
return errorCode;
}
Also used :
ResponseCode(edu.umass.cs.gnscommon.ResponseCode)
AclCheckResult(edu.umass.cs.gnsserver.gnsapp.clientSupport.AclCheckResult)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
Date(java.util.Date)
FailedDBOperationException(edu.umass.cs.gnscommon.exceptions.server.FailedDBOperationException)
Aggregations
ResponseCode (edu.umass.cs.gnscommon.ResponseCode)1
FailedDBOperationException (edu.umass.cs.gnscommon.exceptions.server.FailedDBOperationException)1
AclCheckResult (edu.umass.cs.gnsserver.gnsapp.clientSupport.AclCheckResult)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
SignatureException (java.security.SignatureException)1
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1
Date (java.util.Date)1
