| Richard S. Hall | 930fecc | 2005-08-16 18:33:34 +0000 | [diff] [blame] | 1 | /* |
| 2 | * $Header: /cvshome/build/org.osgi.service.condpermadmin/src/org/osgi/service/condpermadmin/BundleSignerCondition.java,v 1.4 2005/05/25 16:22:46 twatson Exp $ |
| 3 | * |
| 4 | * Copyright (c) OSGi Alliance (2005). All Rights Reserved. |
| 5 | * |
| 6 | * This program and the accompanying materials are made available under the |
| 7 | * terms of the Eclipse Public License v1.0 which accompanies this |
| 8 | * distribution, and is available at http://www.eclipse.org/legal/epl-v10.html. |
| 9 | */ |
| 10 | |
| 11 | package org.osgi.service.condpermadmin; |
| 12 | |
| 13 | import org.osgi.framework.Bundle; |
| 14 | |
| 15 | /** |
| 16 | * This condition checks the signer of a bundle. Since the bundle's signer can only change |
| 17 | * when the bundle is updated, this condition is immutable. |
| 18 | * <p> |
| 19 | * The condition expressed using a single String that specifies a Distinguished Name (DN) |
| 20 | * chain to match bundle signers against. DN's are encoded using IETF RFC 2253. Usually |
| 21 | * signers use certificates that are issued by certificate authorities, which also have a |
| 22 | * corresponding DN and certificate. The certificate authorities can form a chain of trust |
| 23 | * where the last DN and certificate is known by the framework. The signer of a bundle is |
| 24 | * expressed as signers DN followed by the DN of its issuer followed by the DN of the next |
| 25 | * issuer until the DN of the root certificate authority. Each DN is separated by a semicolon. |
| 26 | * <p> |
| 27 | * A bundle can satisfy this condition if one of its signers has a DN chain that matches the |
| 28 | * DN chain used to construct this condition. |
| 29 | * Wildcards (`*') can be used to allow greater flexibility in specifying the DN chains. |
| 30 | * Wildcards can be used in place of DNs, RDNs, or the value in an RDN. If a wildcard is |
| 31 | * used for a value of an RDN, the value must be exactly "*" and will match any value for |
| 32 | * the corresponding type in that RDN. If a wildcard is used for a RDN, it must be the |
| 33 | * first RDN and will match any number of RDNs (including zero RDNs). |
| 34 | * |
| 35 | * @version $Revision: 1.4 $ |
| 36 | */ |
| 37 | public class BundleSignerCondition { |
| 38 | private static final String CONDITION_TYPE = "org.osgi.service.condpermadmin.BundleSignerCondition"; |
| 39 | /** |
| 40 | * Constructs a condition that tries to match the passed Bundle's location |
| 41 | * to the location pattern. |
| 42 | * |
| 43 | * @param bundle the Bundle being evaluated. |
| 44 | * @param info the ConditionInfo to construct the condition for. The args of the |
| 45 | * ConditionInfo specify the chain of distinguished names pattern to match |
| 46 | * against the signer of the Bundle |
| 47 | */ |
| 48 | static public Condition getCondition(Bundle bundle, ConditionInfo info) { |
| 49 | /* |
| 50 | if (!CONDITION_TYPE.equals(info.getType())) |
| 51 | throw new IllegalArgumentException("ConditionInfo must be of type \"" + CONDITION_TYPE + "\""); |
| 52 | String[] args = info.getArgs(); |
| 53 | if (args.length != 1) |
| 54 | throw new IllegalArgumentException("Illegal number of args: " + args.length); |
| 55 | // implementation specific code used here |
| 56 | AbstractBundle ab = (AbstractBundle) bundle; |
| 57 | return ab.getBundleData().matchDNChain(args[0]) ? Condition.TRUE : Condition.FALSE; |
| 58 | */ |
| 59 | // TODO: Fix BundleSignerCondition.getCondition() |
| 60 | return null; |
| 61 | } |
| 62 | |
| 63 | private BundleSignerCondition() { |
| 64 | // private constructor to prevent objects of this type |
| 65 | } |
| 66 | } |