if ( stanzaMatcher.matches() ) {
String stanzaName = stanzaMatcher.group();
if ( !sectionNames.values().contains( stanzaName ) )
throw new PAPAuthzConfigurationException( "Stanza '"
+ stanzaName + "' is not supported!" );
if ( "[dn]".equals( stanzaName ) ) {
state = ParserStates.DNs;
} else if ( "[fqan]".equals( stanzaName ) ) {
state = ParserStates.FQANs;
}
return;
}
if ( permissionMatcher.matches() ) {
String principalName = permissionMatcher.group( 1 );
String permissions = permissionMatcher.group( 2 );
PAPPermission perm = PAPPermission.fromString( permissions );
Matcher dnMatcher = null;
if (principalName.startsWith("\"/"))
dnMatcher = dnPattern.matcher( principalName );
else
dnMatcher = rfc2253DnPattern.matcher(principalName);
Matcher anyUserMatcher = anyUserPattern.matcher( principalName );
if ( anyUserMatcher.matches() ) {
if ( !state.equals( ParserStates.DNs ) )
throw new PAPAuthzConfigurationException(
"Found an X509 ANYONE declaration outside of the [dn] stanza!" );
PAPAdmin admin = PAPAdminFactory.getAnyAuthenticatedUserAdmin();
globalContextACL.setPermissions( admin, perm );
} else if ( dnMatcher.matches() ) {
if ( !state.equals( ParserStates.DNs ) )
throw new PAPAuthzConfigurationException(
"Found an X509 DN outside of the [dn] stanza!" );
String dn = dnMatcher.group( 1 );
PAPAdmin admin = PAPAdminFactory.getDn( dn );
globalContextACL.setPermissions( admin, perm );
} else {
// Check if the Principal is a VOMS FQAN
try {
principalName = principalName.trim();
PathNamingScheme.checkSyntax( principalName );
if ( !state.equals( ParserStates.FQANs ) )
throw new PAPAuthzConfigurationException(
"Found a VOMS FQAN outside the [fqan] stanza!" );
PAPAdmin admin = PAPAdminFactory.getFQAN( principalName );
globalContextACL.setPermissions( admin, perm );
} catch ( VOMSSyntaxException e ) {
throw new PAPAuthzConfigurationException(
"Unsupported principal name: '" + principalName
+ "'. Very probably there is a syntax error in the dn or fqan that was being parsed, check the syntax" +
" of your configuration file." );
}
}
} else
throw new PAPAuthzConfigurationException( "Syntax error at line "
+ lineCounter + ": '" + line
+ "' does not match the PRINCIPAL : PERMISSION format!" );
}