Search in sources :

Example 11 with AccessRuleType

use of iso.std.iso_iec._24727.tech.schema.AccessRuleType in project open-ecard by ecsec.

the class ACLResolver method getMissingDids.

private List<DIDStructureType> getMissingDids(List<AccessRuleType> acls, TargetNameType target) throws WSException, SecurityConditionUnsatisfiable {
    // find the sign acl
    ArrayList<AccessRuleType> tmpAcls = new ArrayList<>();
    for (AccessRuleType next : acls) {
        if (target.getDIDName() != null) {
            CryptographicServiceActionName action = next.getAction().getCryptographicServiceAction();
            if (CryptographicServiceActionName.SIGN.equals(action)) {
                tmpAcls.add(next);
                // there can be only one
                break;
            }
        }
        if (target.getDataSetName() != null) {
            NamedDataServiceActionName action = next.getAction().getNamedDataServiceAction();
            if (NamedDataServiceActionName.DATA_SET_SELECT.equals(action)) {
                tmpAcls.add(next);
                continue;
            }
            if (NamedDataServiceActionName.DSI_READ.equals(action)) {
                tmpAcls.add(next);
                continue;
            }
        }
    }
    ArrayList<DIDStructureType> result = new ArrayList<>();
    for (AccessRuleType acl : tmpAcls) {
        // get the most suitable DID in the tree
        SecurityConditionType cond = normalize(acl.getSecurityCondition());
        cond = getBestSecurityCondition(cond);
        // flatten condition to list of unsatisfied dids
        List<DIDAuthenticationStateType> authStates = flattenCondition(cond);
        List<DIDStructureType> missingDIDs = filterSatisfiedDIDs(authStates);
        result.addAll(missingDIDs);
    }
    // remove duplicates
    TreeSet<String> newDids = new TreeSet<>();
    Iterator<DIDStructureType> it = result.iterator();
    while (it.hasNext()) {
        // this code bluntly assumes, that did names are unique per cardinfo file
        DIDStructureType next = it.next();
        if (newDids.contains(next.getDIDName())) {
            it.remove();
        } else {
            newDids.add(next.getDIDName());
        }
    }
    return result;
}
Also used : NamedDataServiceActionName(iso.std.iso_iec._24727.tech.schema.NamedDataServiceActionName) ArrayList(java.util.ArrayList) DIDAuthenticationStateType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationStateType) TreeSet(java.util.TreeSet) CryptographicServiceActionName(iso.std.iso_iec._24727.tech.schema.CryptographicServiceActionName) AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) SecurityConditionType(iso.std.iso_iec._24727.tech.schema.SecurityConditionType)

Aggregations

AccessRuleType (iso.std.iso_iec._24727.tech.schema.AccessRuleType)11 AccessControlListType (iso.std.iso_iec._24727.tech.schema.AccessControlListType)3 DIDInfoType (iso.std.iso_iec._24727.tech.schema.DIDInfoType)2 DIDMarkerType (iso.std.iso_iec._24727.tech.schema.DIDMarkerType)2 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)2 DifferentialIdentityType (iso.std.iso_iec._24727.tech.schema.DifferentialIdentityType)2 SecurityConditionType (iso.std.iso_iec._24727.tech.schema.SecurityConditionType)2 ArrayList (java.util.ArrayList)2 CryptokiException (org.openecard.mdlw.sal.exceptions.CryptokiException)2 ACLList (iso.std.iso_iec._24727.tech.schema.ACLList)1 ACLListResponse (iso.std.iso_iec._24727.tech.schema.ACLListResponse)1 AlgorithmIdentifierType (iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType)1 AlgorithmInfoType (iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType)1 CertificateRefType (iso.std.iso_iec._24727.tech.schema.CertificateRefType)1 CryptoMarkerType (iso.std.iso_iec._24727.tech.schema.CryptoMarkerType)1 CryptographicServiceActionName (iso.std.iso_iec._24727.tech.schema.CryptographicServiceActionName)1 DIDAuthenticationStateType (iso.std.iso_iec._24727.tech.schema.DIDAuthenticationStateType)1 DataSetInfoType (iso.std.iso_iec._24727.tech.schema.DataSetInfoType)1 KeyRefType (iso.std.iso_iec._24727.tech.schema.KeyRefType)1 NamedDataServiceActionName (iso.std.iso_iec._24727.tech.schema.NamedDataServiceActionName)1