Example 11 with AccessRuleType
use of iso.std.iso_iec._24727.tech.schema.AccessRuleType in project open-ecard by ecsec.
the class ACLResolver method getMissingDids.
private List<DIDStructureType> getMissingDids(List<AccessRuleType> acls, TargetNameType target) throws WSException, SecurityConditionUnsatisfiable {
// find the sign acl
ArrayList<AccessRuleType> tmpAcls = new ArrayList<>();
for (AccessRuleType next : acls) {
if (target.getDIDName() != null) {
CryptographicServiceActionName action = next.getAction().getCryptographicServiceAction();
if (CryptographicServiceActionName.SIGN.equals(action)) {
tmpAcls.add(next);
// there can be only one
break;
}
}
if (target.getDataSetName() != null) {
NamedDataServiceActionName action = next.getAction().getNamedDataServiceAction();
if (NamedDataServiceActionName.DATA_SET_SELECT.equals(action)) {
tmpAcls.add(next);
continue;
}
if (NamedDataServiceActionName.DSI_READ.equals(action)) {
tmpAcls.add(next);
continue;
}
}
}
ArrayList<DIDStructureType> result = new ArrayList<>();
for (AccessRuleType acl : tmpAcls) {
// get the most suitable DID in the tree
SecurityConditionType cond = normalize(acl.getSecurityCondition());
cond = getBestSecurityCondition(cond);
// flatten condition to list of unsatisfied dids
List<DIDAuthenticationStateType> authStates = flattenCondition(cond);
List<DIDStructureType> missingDIDs = filterSatisfiedDIDs(authStates);
result.addAll(missingDIDs);
}
// remove duplicates
TreeSet<String> newDids = new TreeSet<>();
Iterator<DIDStructureType> it = result.iterator();
while (it.hasNext()) {
// this code bluntly assumes, that did names are unique per cardinfo file
DIDStructureType next = it.next();
if (newDids.contains(next.getDIDName())) {
it.remove();
} else {
newDids.add(next.getDIDName());
}
}
return result;
}
Also used :
NamedDataServiceActionName(iso.std.iso_iec._24727.tech.schema.NamedDataServiceActionName)
ArrayList(java.util.ArrayList)
DIDAuthenticationStateType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationStateType)
TreeSet(java.util.TreeSet)
CryptographicServiceActionName(iso.std.iso_iec._24727.tech.schema.CryptographicServiceActionName)
AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType)
DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType)
SecurityConditionType(iso.std.iso_iec._24727.tech.schema.SecurityConditionType)
Aggregations
AccessRuleType (iso.std.iso_iec._24727.tech.schema.AccessRuleType)11
AccessControlListType (iso.std.iso_iec._24727.tech.schema.AccessControlListType)3
DIDInfoType (iso.std.iso_iec._24727.tech.schema.DIDInfoType)2
DIDMarkerType (iso.std.iso_iec._24727.tech.schema.DIDMarkerType)2
DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)2
DifferentialIdentityType (iso.std.iso_iec._24727.tech.schema.DifferentialIdentityType)2
SecurityConditionType (iso.std.iso_iec._24727.tech.schema.SecurityConditionType)2
ArrayList (java.util.ArrayList)2
CryptokiException (org.openecard.mdlw.sal.exceptions.CryptokiException)2
ACLList (iso.std.iso_iec._24727.tech.schema.ACLList)1
ACLListResponse (iso.std.iso_iec._24727.tech.schema.ACLListResponse)1
AlgorithmIdentifierType (iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType)1
AlgorithmInfoType (iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType)1
CertificateRefType (iso.std.iso_iec._24727.tech.schema.CertificateRefType)1
CryptoMarkerType (iso.std.iso_iec._24727.tech.schema.CryptoMarkerType)1
CryptographicServiceActionName (iso.std.iso_iec._24727.tech.schema.CryptographicServiceActionName)1
DIDAuthenticationStateType (iso.std.iso_iec._24727.tech.schema.DIDAuthenticationStateType)1
DataSetInfoType (iso.std.iso_iec._24727.tech.schema.DataSetInfoType)1
KeyRefType (iso.std.iso_iec._24727.tech.schema.KeyRefType)1
NamedDataServiceActionName (iso.std.iso_iec._24727.tech.schema.NamedDataServiceActionName)1
