http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngine.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngine.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngine.java new file mode 100755 index 0000000..c3c0bfb --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngine.java @@ -0,0 +1,255 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp; + +import java.net.URI; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Properties; +import java.util.Set; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import com.att.research.xacml.api.AttributeCategory; +import com.att.research.xacml.api.Decision; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.Result; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPException; +import com.att.research.xacml.api.pdp.ScopeResolver; +import com.att.research.xacml.api.trace.TraceEngine; +import com.att.research.xacml.api.trace.TraceEngineFactory; +import com.att.research.xacml.api.trace.Traceable; +import com.att.research.xacml.std.StdIndividualDecisionRequestGenerator; +import com.att.research.xacml.std.StdMutableResponse; +import com.att.research.xacml.std.StdMutableResult; +import com.att.research.xacml.std.StdResult; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.trace.StdTraceEvent; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationContextFactory; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.policy.PolicyDef; +import com.att.research.xacmlatt.pdp.policy.PolicyFinderResult; + +/** + * ATTPDPEngine implements the {@link com.att.research.xacml.api.pdp.PDPEngine} interface using the XACML 3.0 specification. + * + * @author car + * @version $Revision: 1.3 $ + */ +public class ATTPDPEngine implements PDPEngine, Traceable { + private static final Status STATUS_ADVICE_NA = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Advice not allowed in combined decision"); + private static final Status STATUS_OBLIGATIONS_NA = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Obligations not allowed in combined decision"); + private static final Status STATUS_COMBINE_FAILED = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Individual decisions do not match"); + private static final Result RESULT_ECTX_NULL = new StdMutableResult(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Null EvaluationContext")); + + /* + * These are the profiles that this reference implementation of the PDP engine supports + */ + private static final Set<URI> PROFILES = new HashSet<URI>(); + static { + PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_COMBINED_DECISION.getUri()); + PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_REFERENCE.getUri()); + PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_REPEATED_ATTRIBUTE_CATEGORIES.getUri()); + PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_SCOPE.getUri()); + PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_XPATH_EXPRESSION.getUri()); + } + + private EvaluationContextFactory evaluationContextFactory; + private Decision defaultDecision = Decision.INDETERMINATE; + private ScopeResolver scopeResolver; + private TraceEngine traceEngine; + private Log logger = LogFactory.getLog(this.getClass()); + + protected TraceEngine getTraceEngine() { + if (this.traceEngine == null) { + synchronized(this) { + if (this.traceEngine == null) { + try { + this.traceEngine = TraceEngineFactory.newInstance().getTraceEngine(); + } catch (FactoryException ex) { + this.logger.error("FactoryException creating TraceEngine instance: " + ex.toString(), ex); + throw new IllegalStateException("FactoryException creating TraceEngine instance", ex); + } + } + } + } + return this.traceEngine; + } + + public ATTPDPEngine(EvaluationContextFactory evaluationContextFactoryIn, ScopeResolver scopeResolverIn) { + this.evaluationContextFactory = evaluationContextFactoryIn; + this.scopeResolver = scopeResolverIn; + } + + public ATTPDPEngine(EvaluationContextFactory evaluationContextFactoryIn, Decision defaultDecisionIn, ScopeResolver scopeResolverIn) { + this(evaluationContextFactoryIn, scopeResolverIn); + this.defaultDecision = defaultDecisionIn; + } + + public ATTPDPEngine(EvaluationContextFactory evaluationContextFactoryIn, Decision defaultDecisionIn, ScopeResolver scopeResolverIn, Properties properties) { + this(evaluationContextFactoryIn, defaultDecisionIn, scopeResolverIn); + } + + protected Result processRequest(EvaluationContext evaluationContext) { + try { + PolicyFinderResult<PolicyDef> policyFinderResult = evaluationContext.getRootPolicyDef(); + if (policyFinderResult.getStatus() != null && !policyFinderResult.getStatus().isOk()) { + return new StdMutableResult(policyFinderResult.getStatus()); + } + PolicyDef policyDefRoot = policyFinderResult.getPolicyDef(); + if (policyDefRoot == null) { + switch(this.defaultDecision) { + case DENY: + case NOTAPPLICABLE: + case PERMIT: + return new StdMutableResult(this.defaultDecision, new StdStatus(StdStatusCode.STATUS_CODE_OK, "No applicable policy")); + case INDETERMINATE: + case INDETERMINATE_DENY: + case INDETERMINATE_DENYPERMIT: + case INDETERMINATE_PERMIT: + return new StdMutableResult(this.defaultDecision, new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No applicable policy")); + } + } + Result result = policyDefRoot.evaluate(evaluationContext); + if (result.getStatus().isOk()) { + Collection<AttributeCategory> listRequestAttributesIncludeInResult = evaluationContext.getRequest().getRequestAttributesIncludedInResult(); + if (listRequestAttributesIncludeInResult != null && listRequestAttributesIncludeInResult.size() > 0) { + StdMutableResult stdMutableResult = new StdMutableResult(result); + stdMutableResult.addAttributeCategories(listRequestAttributesIncludeInResult); + result = new StdResult(stdMutableResult); + } + } + return result; + } catch (EvaluationException ex) { + return new StdMutableResult(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, ex.getMessage())); + } + } + + @Override + public Response decide(Request pepRequest) throws PDPException { + /* + * Validate the request + */ + TraceEngine traceEngineThis = this.getTraceEngine(); + if (traceEngineThis.isTracing()) { + traceEngineThis.trace(new StdTraceEvent<Request>("Input Request", this, pepRequest)); + } + Status statusRequest = pepRequest.getStatus(); + if (statusRequest != null && !statusRequest.isOk()) { + return new StdMutableResponse(statusRequest); + } + + /* + * Split the original request up into individual decision requests + */ + StdIndividualDecisionRequestGenerator stdIndividualDecisionRequestGenerator = new StdIndividualDecisionRequestGenerator(this.scopeResolver, pepRequest); + /* + * Determine if we are combining multiple results into a single result + */ + boolean bCombineResults = pepRequest.getCombinedDecision(); + StdMutableResult stdResultCombined = null; + + /* + * Iterate over all of the individual decision requests and process them, combining them into the final response + */ + StdMutableResponse stdResponse = new StdMutableResponse(); + Iterator<Request> iterRequestsIndividualDecision = stdIndividualDecisionRequestGenerator.getIndividualDecisionRequests(); + if (iterRequestsIndividualDecision == null || !iterRequestsIndividualDecision.hasNext()) { + return new StdMutableResponse(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No individual decision requests")); + } + + while (iterRequestsIndividualDecision.hasNext()) { + Request requestIndividualDecision = iterRequestsIndividualDecision.next(); + if (traceEngineThis.isTracing()) { + traceEngineThis.trace(new StdTraceEvent<Request>("Individual Request", this, requestIndividualDecision)); + } + Result resultIndividualDecision = null; + if (requestIndividualDecision.getStatus() != null && !requestIndividualDecision.getStatus().isOk()) { + resultIndividualDecision = new StdMutableResult(requestIndividualDecision.getStatus()); + } else { + EvaluationContext evaluationContext = this.evaluationContextFactory.getEvaluationContext(requestIndividualDecision); + if (evaluationContext == null) { + resultIndividualDecision = RESULT_ECTX_NULL; + } else { + resultIndividualDecision = this.processRequest(evaluationContext); + } + } + + assert(resultIndividualDecision != null); + if (traceEngineThis.isTracing()) { + traceEngineThis.trace(new StdTraceEvent<Result>("Individual Result", this, resultIndividualDecision)); + } + if (bCombineResults) { + Decision decision = resultIndividualDecision.getDecision(); + Status status = resultIndividualDecision.getStatus(); + if (resultIndividualDecision.getAssociatedAdvice().size() > 0) { + decision = Decision.INDETERMINATE; + status = STATUS_ADVICE_NA; + } else if (resultIndividualDecision.getObligations().size() > 0) { + decision = Decision.INDETERMINATE; + status = STATUS_OBLIGATIONS_NA; + } + + if (stdResultCombined == null) { + stdResultCombined = new StdMutableResult(decision, status); + } else { + if (stdResultCombined.getDecision() != resultIndividualDecision.getDecision()) { + stdResultCombined.setDecision(Decision.INDETERMINATE); + stdResultCombined.setStatus(STATUS_COMBINE_FAILED); + } + } + stdResultCombined.addPolicyIdentifiers(resultIndividualDecision.getPolicyIdentifiers()); + stdResultCombined.addPolicySetIdentifiers(resultIndividualDecision.getPolicySetIdentifiers()); + stdResultCombined.addAttributeCategories(resultIndividualDecision.getAttributes()); + if (traceEngineThis.isTracing()) { + traceEngineThis.trace(new StdTraceEvent<Result>("Combined result", this, stdResultCombined)); + } + } else { + stdResponse.add(resultIndividualDecision); + } + } + + if (bCombineResults) { + stdResponse.add(stdResultCombined); + } + return stdResponse; + } + + @Override + public Collection<URI> getProfiles() { + return Collections.unmodifiableCollection(PROFILES); + } + + @Override + public boolean hasProfile(URI uriProfile) { + return PROFILES.contains(uriProfile); + } + + @Override + public String getTraceId() { + return this.getClass().getCanonicalName(); + } + + @Override + public Traceable getCause() { + return null; + } +}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.java new file mode 100755 index 0000000..7bd165a --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.java @@ -0,0 +1,56 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp; + +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPEngineFactory; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacmlatt.pdp.eval.EvaluationContextFactory; + +/** + * ATTPDPEngineFactory extends {@link com.att.research.xacml.api.pdp.PDPEngineFactory} by implementing the abstract + * <code>newEngine</code> method to create a {@link ATTPDPEngine} instance and initialize it + * with policies and PIP instances based on configuration information provided to the factory. + * + * @author car + * @version $Revision: 1.4 $ + */ +public class ATTPDPEngineFactory extends PDPEngineFactory { + private Log logger = LogFactory.getLog(this.getClass()); + + public ATTPDPEngineFactory() { + } + + @Override + public PDPEngine newEngine() throws FactoryException { + EvaluationContextFactory evaluationContextFactory = EvaluationContextFactory.newInstance(); + if (evaluationContextFactory == null) { + this.logger.error("Null EvaluationContextFactory"); + throw new FactoryException("Null EvaluationContextFactory"); + } + return new ATTPDPEngine(evaluationContextFactory, this.getDefaultBehavior(), this.getScopeResolver()); + } + + @Override + public PDPEngine newEngine(Properties properties) throws FactoryException { + EvaluationContextFactory evaluationContextFactory = EvaluationContextFactory.newInstance(properties); + if (evaluationContextFactory == null) { + this.logger.error("Null EvaluationContextFactory"); + throw new FactoryException("Null EvaluationContextFactory"); + } + return new ATTPDPEngine(evaluationContextFactory, this.getDefaultBehavior(), this.getScopeResolver(), properties); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Evaluatable.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Evaluatable.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Evaluatable.java new file mode 100755 index 0000000..24adb1d --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Evaluatable.java @@ -0,0 +1,23 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.eval; + +/** + * Evaluatable is the interface objects implement to indicate they can be evaluated with an {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext} + * and return an {@link com.att.research.xacmlatt.pdp.eval.EvaluationResult}. + * + * @author car + * @version $Revision: 1.1 $ + */ +public interface Evaluatable { + public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException; +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContext.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContext.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContext.java new file mode 100755 index 0000000..321fff1 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContext.java @@ -0,0 +1,73 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.eval; + +import com.att.research.xacml.api.IdReferenceMatch; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.api.trace.TraceEngine; +import com.att.research.xacmlatt.pdp.policy.Policy; +import com.att.research.xacmlatt.pdp.policy.PolicyDef; +import com.att.research.xacmlatt.pdp.policy.PolicyFinderResult; +import com.att.research.xacmlatt.pdp.policy.PolicySet; + +/** + * EvaluationContext provides the interface that the PDP uses to evaluate its set of Policies and PolicySets against + * a {@link com.att.research.xacml.api.Request}. + * + * @author car + * @version $Revision: 1.2 $ + */ +public interface EvaluationContext extends PIPFinder, TraceEngine { + /** + * Gets the original <code>Request</code> provided to the <code>ATTPDPEngine</code>'s <code>decide</code> method. + * + * @return the <code>Request</code> provided to the <code>ATTPDPEngine</code>'s <code>decide</code> method. + */ + public Request getRequest(); + + /** + * Gets the root {@link com.att.research.xacmlatt.pdp.policy.PolicyDef} from the policy store + * configured by the particular implementation of the <code>PolicyFinderFactory</code> class. + * + * @return a <code>PolicyFinderResult</code> with the root <code>PolicyDef</code> + */ + public abstract PolicyFinderResult<PolicyDef> getRootPolicyDef(); + + /** + * Gets the {@link com.att.research.xacmlatt.pdp.policy.Policy} that matches the given {@link com.att.research.xacml.api.IdReferenceMatch}. + * + * @param idReferenceMatch the <code>IdReferenceMatch</code> to search for + * @return a <code>PolicyFinderResult</code> with the <code>Policy</code> matching the given <code>IdReferenceMatch</code> + */ + public abstract PolicyFinderResult<Policy> getPolicy(IdReferenceMatch idReferenceMatch); + + /** + * Gets the {@link com.att.research.xacmlatt.pdp.policy.PolicySet} that matches the given {@link com.att.research.xacml.api.IdReferenceMatch}. + * + * @param idReferenceMatch the <code>IdReferenceMatch</code> to search for + * @return a <code>PolicyFinderResult</code> with the <code>PolicySet</code> matching the given <code>IdReferenceMatch</code>. + */ + public abstract PolicyFinderResult<PolicySet> getPolicySet(IdReferenceMatch idReferenceMatch); + + /** + * Gets the {@link com.att.research.xacml.api.pip.PIPResponse} containing {@link com.att.research.xacml.api.Attribute}s that + * match the given {@link com.att.research.xacml.api.pip.PIPRequest} from this <code>EvaluationContext</code>. + * + * @param pipRequest the <code>PIPRequest</code> specifying which <code>Attribute</code>s to retrieve + * @return the <code>PIPResponse</code> containing the {@link com.att.research.xacml.api.Status} and <code>Attribute</code>s + * @throws EvaluationException if there is an error retrieving the <code>Attribute</code>s + */ + public PIPResponse getAttributes(PIPRequest pipRequest) throws PIPException; +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.java new file mode 100755 index 0000000..d814961 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.java @@ -0,0 +1,42 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.eval; + +/** + * EvaluationContextException extends <code>Exception</code> to represent errors thrown by + * methods in the {@link EvaluationContext} and {@link EvaluationContextFactory}. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class EvaluationContextException extends Exception { + private static final long serialVersionUID = -8270506903118536839L; + + public EvaluationContextException() { + } + + public EvaluationContextException(String message) { + super(message); + } + + public EvaluationContextException(Throwable cause) { + super(cause); + } + + public EvaluationContextException(String message, Throwable cause) { + super(message, cause); + } + + public EvaluationContextException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.java new file mode 100755 index 0000000..4f54deb --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.java @@ -0,0 +1,79 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.eval; + +import java.util.Properties; + +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacml.util.FactoryFinder; +import com.att.research.xacmlatt.pdp.policy.PolicyFinder; +import com.att.research.xacmlatt.pdp.util.ATTPDPProperties; + +/** + * EvaluationContextFactory provides methods for creating {@link EvaluationContext} objects + * based on configuration information found in standard places. (TODO: Detail what these are) + * + * @author car + * @version $Revision: 1.3 $ + */ +public abstract class EvaluationContextFactory { + private static final String FACTORYID = ATTPDPProperties.PROP_EVALUATIONCONTEXTFACTORY; + private static final String DEFAULT_FACTORY_CLASSNAME = "com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory"; + + protected EvaluationContextFactory() { + } + + protected EvaluationContextFactory(Properties properties) { + } + + public static EvaluationContextFactory newInstance() throws FactoryException { + return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, EvaluationContextFactory.class); + } + + public static EvaluationContextFactory newInstance(Properties properties) throws FactoryException { + return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, EvaluationContextFactory.class, properties); + } + + public static EvaluationContextFactory newInstance(String className, ClassLoader classLoader) throws FactoryException { + return FactoryFinder.newInstance(className, EvaluationContextFactory.class, classLoader, false); + } + + public static EvaluationContextFactory newInstance(String className) throws FactoryException { + return FactoryFinder.newInstance(className, EvaluationContextFactory.class, null, true); + } + + /** + * Gets a new {@link com.att.research.xacml.pdp.eval.EvaluationContext} for the given {@link com.att.research.xacml.api.Request}. + * + * @param request the <code>Request</code> for the new <code>EvaluationContext</code> + * @return a new <code>EvaluationContext</code> for the given <code>Request</code> + */ + public abstract EvaluationContext getEvaluationContext(Request request); + + /** + * Sets the {@link com.att.research.xacmlatt.pdp.policy.PolicyFinder} for this <code>EvaluationContextFactory</code> to an + * explicit instance instead of the default or configured value. + * + * @param policyFinder the <code>PolicyFinder</code> to use in creating new <code>EvaluationContext</code>s. + */ + public abstract void setPolicyFinder(PolicyFinder policyFinder); + + /** + * Sets the {@link com.att.research.xacml.api.pip.PIPFinder} for this <code>EvaluationContextFactory</code> to an + * explicit instance instaed of the default or configured value. + * + * @param pipFinder the <code>PIPFinder</code> to use in creating new <code>EvaluationContext</code>s. + */ + public abstract void setPIPFinder(PIPFinder pipFinder); + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationException.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationException.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationException.java new file mode 100755 index 0000000..0a0b49a --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationException.java @@ -0,0 +1,43 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.eval; + +/** + * EvaluationException extends <code>Exception</code> to represent errors returned by methods of the + * {@link Evaluatable} interface and the {@link Matchable} interface. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class EvaluationException extends Exception { + private static final long serialVersionUID = 302250127793947492L; + + public EvaluationException() { + } + + public EvaluationException(String message) { + super(message); + } + + public EvaluationException(Throwable cause) { + super(cause); + } + + public EvaluationException(String message, Throwable cause) { + super(message, cause); + } + + public EvaluationException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationResult.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationResult.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationResult.java new file mode 100755 index 0000000..78828e5 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationResult.java @@ -0,0 +1,80 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.eval; + +import java.util.Collection; + +import com.att.research.xacml.api.Advice; +import com.att.research.xacml.api.AttributeCategory; +import com.att.research.xacml.api.Decision; +import com.att.research.xacml.api.IdReference; +import com.att.research.xacml.api.Obligation; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.std.StdMutableResult; + +/** + * EvaluationResult extends {@link com.att.research.xacml.std.StdMutableResult} with methods useful within a PDP implementation + * + * @author car + * @version $Revision: 1.1 $ + */ +public class EvaluationResult extends StdMutableResult { + public EvaluationResult() { + super(); + } + + public EvaluationResult(Decision decisionIn, Status statusIn) { + super(decisionIn, statusIn); + } + + public EvaluationResult(Status statusIn) { + super(statusIn); + } + + public EvaluationResult(Decision decisionIn) { + super(decisionIn); + } + + public EvaluationResult(Decision decisionIn, + Collection<Obligation> obligationsIn, + Collection<Advice> adviceIn, + Collection<AttributeCategory> attributesIn, + Collection<IdReference> policyIdentifiersIn, + Collection<IdReference> policySetIdentifiersIn) { + super(decisionIn, obligationsIn, adviceIn, attributesIn, policyIdentifiersIn, policySetIdentifiersIn); + } + + /** + * Creates an <code>EvaluationResult</code> generally from a {@link com.att.research.xacmlatt.pdp.policy.Rule} <code>evaluation</code> + * call. + * + * @param decisionIn the <code>Decision</code> + * @param obligationsIn the <code>Collection</code> of <code>Obligation</code>s + * @param adviceIn the <code>Collection</code> of <code>Advice</code> objects + */ + public EvaluationResult(Decision decisionIn, Collection<Obligation> obligationsIn, Collection<Advice> adviceIn) { + super(decisionIn, obligationsIn, adviceIn, null, null, null); + } + + public void merge(EvaluationResult evaluationResult) { + if (this.getStatus() == null) { + this.setStatus(evaluationResult.getStatus()); + } else { + this.getStatus().merge(evaluationResult.getStatus()); + } + this.addObligations(evaluationResult.getObligations()); + this.addAdvice(evaluationResult.getAssociatedAdvice()); + this.addAttributeCategories(evaluationResult.getAttributes()); + this.addPolicyIdentifiers(evaluationResult.getPolicyIdentifiers()); + this.addPolicySetIdentifiers(evaluationResult.getPolicySetIdentifiers()); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/MatchResult.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/MatchResult.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/MatchResult.java new file mode 100755 index 0000000..4398b79 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/MatchResult.java @@ -0,0 +1,71 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.eval; + +import com.att.research.xacml.api.Status; +import com.att.research.xacml.std.StdStatus; + +/** + * MatchResult is the value returned by the {@link Matchable} interface. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class MatchResult { + public static enum MatchCode { + INDETERMINATE, + MATCH, + NOMATCH + } + + public static MatchResult MM_MATCH = new MatchResult(MatchCode.MATCH); + public static MatchResult MM_NOMATCH = new MatchResult(MatchCode.NOMATCH); + + private MatchCode matchCode; + private Status status; + + public MatchResult(MatchCode matchCodeIn, Status statusIn) { + this.matchCode = matchCodeIn; + this.status = statusIn; + } + + public MatchResult(MatchCode matchCodeIn) { + this(matchCodeIn, StdStatus.STATUS_OK); + } + + public MatchResult(Status statusIn) { + this(MatchCode.INDETERMINATE, statusIn); + } + + public MatchCode getMatchCode() { + return this.matchCode; + } + + public Status getStatus() { + return this.status; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("matchCode="); + stringBuilder.append(this.getMatchCode()); + Status thisStatus = this.getStatus(); + if (thisStatus != null) { + stringBuilder.append(", status="); + stringBuilder.append(thisStatus.toString()); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Matchable.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Matchable.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Matchable.java new file mode 100755 index 0000000..0550b07 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Matchable.java @@ -0,0 +1,30 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.eval; + +/** + * Matchable is the interface objects implement to indicate they are part of a XACML Target matching tree. + * + * @author car + * @version $Revision: 1.1 $ + */ +public interface Matchable { + /** + * Matches this <code>Matchable</code> in the given {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext} and + * returns a {@link com.att.research.xacmlatt.pdp.eval.MatchResult}. + * + * @param evaluationContext the <code>EvaluationContext</code> to use in matching + * @return a <code>MatchResult</code> indicating whether this <code>Matchable</code> matches against the given <code>EvaluationContext</code>. + * @throws EvaluationException if there is an error testing the match. + */ + public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException; +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/package-info.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/package-info.java new file mode 100755 index 0000000..eb01ff5 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/package-info.java @@ -0,0 +1,19 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.eval; + +/** + * com.att.research.xacmlatt.pdp.eval contains interfaces and classes used in evaluating and matching XACML policy components. + * + * @author car + * @version $Revision: 1.1 $ + */ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/package-info.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/package-info.java new file mode 100755 index 0000000..b6c251b --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/package-info.java @@ -0,0 +1,20 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp; + +/** + * com.att.research.xacmlatt.pdp contains a reference implementation of the {@link com.att.research.xacml.pdp.PDPEngine} interface + * developed at AT&T Laboratories. + * + * @author car + * @version $Revision: 1.1 $ + */ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AdviceExpression.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AdviceExpression.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AdviceExpression.java new file mode 100755 index 0000000..9ef9adc --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AdviceExpression.java @@ -0,0 +1,201 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.Advice; +import com.att.research.xacml.api.AttributeAssignment; +import com.att.research.xacml.api.Decision; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdMutableAdvice; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; + +/** + * AdviceExpression extends {@link PolicyComponent} to implement the XACML AdviceExpression element. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class AdviceExpression extends PolicyComponent { + private List<AttributeAssignmentExpression> listAttributeAssignmentExpressions = new ArrayList<AttributeAssignmentExpression>(); + private Identifier adviceId; + private RuleEffect appliesTo; + + protected List<AttributeAssignmentExpression> getAttributeAssignmentExpressionList() { + return this.listAttributeAssignmentExpressions; + } + + protected void clearAttributeAssignmentExpressionList() { + this.getAttributeAssignmentExpressionList().clear(); + } + + public AdviceExpression(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public AdviceExpression(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public AdviceExpression() { + } + + public AdviceExpression(Identifier adviceIdIn, RuleEffect ruleEffectIn, Collection<AttributeAssignmentExpression> attributeAssignmentExpressions) { + this.adviceId = adviceIdIn; + this.appliesTo = ruleEffectIn; + if (attributeAssignmentExpressions != null) { + this.listAttributeAssignmentExpressions.addAll(attributeAssignmentExpressions); + } + } + + public Identifier getAdviceId() { + return this.adviceId; + } + + public void setAdviceId(Identifier identifier) { + this.adviceId = identifier; + } + + public RuleEffect getAppliesTo() { + return this.appliesTo; + } + + public void setAppliesTo(RuleEffect ruleEffect) { + this.appliesTo = ruleEffect; + } + + public Iterator<AttributeAssignmentExpression> getAttributeAssignmentExpressions() { + return this.getAttributeAssignmentExpressionList().iterator(); + } + + public void setAttributeAssignmentExpressions(Collection<AttributeAssignmentExpression> attributeAssignmentExpressions) { + this.clearAttributeAssignmentExpressionList(); + if (attributeAssignmentExpressions != null) { + + } + } + + public void addAttributeAssignmentExpression(AttributeAssignmentExpression attributeAssignmentExpression) { + this.getAttributeAssignmentExpressionList().add(attributeAssignmentExpression); + } + + public void addAttributeAssignmentExpressions(Collection<AttributeAssignmentExpression> attributeAssignmentExpressions) { + this.getAttributeAssignmentExpressionList().addAll(attributeAssignmentExpressions); + } + + /** + * Evaluates the <code>AttributeAssignmentExpression</code>s in this <code>AdviceExpression</code> to generate an + * {@link com.att.research.xacml.api.Advice} object. + * + * @param evaluationContext the {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext} in which to evaluate the <code>AttributeAssignmentExpression</code>s + * @param policyDefaults the {@link PolicyDefaults} for the evaluation + * @return a new <code>Advice</code> evaluated from this <code>AdviceExpression</code> + * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException if there is an error in the evaluation + */ + public Advice evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException { + if (!this.validate()) { + return null; + } + + List<AttributeAssignment> attributeAssignments = new ArrayList<AttributeAssignment>(); + Iterator<AttributeAssignmentExpression> iterAttributeAssignmentExpressions = this.getAttributeAssignmentExpressions(); + if (iterAttributeAssignmentExpressions != null) { + while (iterAttributeAssignmentExpressions.hasNext()) { + AttributeAssignmentResult attributeAssignmentResult = iterAttributeAssignmentExpressions.next().evaluate(evaluationContext, policyDefaults); + if (attributeAssignmentResult.isOk() && attributeAssignmentResult.getNumAttributeAssignments() > 0) { + Iterator<AttributeAssignment> iterAttributeAssignments = attributeAssignmentResult.getAttributeAssignments(); + while (iterAttributeAssignments.hasNext()) { + attributeAssignments.add(iterAttributeAssignments.next()); + } + } + } + } + + return new StdMutableAdvice(this.getAdviceId(), attributeAssignments); + } + + /** + * Evaluates a <code>Collection</code> of <code>AdviceExpression</code>s in the given <code>EvaluationContext</code> and returns + * a <code>List</code> of <code>Advice</code>s. + * + * @param evaluationContext + * @param policyDefaults + * @param listAdviceExpressions + * @return + * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException + */ + public static List<Advice> evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults, Decision decision, Collection<AdviceExpression> listAdviceExpressions) throws EvaluationException { + List<Advice> listAdvices = new ArrayList<Advice>(); + Iterator<AdviceExpression> iterAdviceExpressions = listAdviceExpressions.iterator(); + while (iterAdviceExpressions.hasNext()) { + AdviceExpression adviceExpression = iterAdviceExpressions.next(); + adviceExpression.validateComponent(); + if ( ! adviceExpression.isOk()) { + throw new EvaluationException(adviceExpression.getStatusMessage()); + } + if (decision == null || adviceExpression.getAppliesTo().getDecision().equals(decision)) { + Advice advice = adviceExpression.evaluate(evaluationContext, policyDefaults); + if (advice != null) { + listAdvices.add(advice); + } + } + } + return listAdvices; + } + + @Override + protected boolean validateComponent() { + if (this.getAdviceId() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AdviceId"); + return false; + } else if (this.getAppliesTo() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AppliesTo"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getAdviceId()) != null) { + stringBuilder.append(",adviceId="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getAppliesTo()) != null) { + stringBuilder.append(",appliesTo="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = StringUtils.toString(this.getAttributeAssignmentExpressions())) != null) { + stringBuilder.append(",attributeAssignmentExpressions="); + stringBuilder.append((String)objectToDump); + } + + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AllOf.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AllOf.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AllOf.java new file mode 100755 index 0000000..721750a --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AllOf.java @@ -0,0 +1,136 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.MatchResult; +import com.att.research.xacmlatt.pdp.eval.Matchable; + +/** + * AnyOf extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} and implements the {@link com.att.research.xacmlatt.pdp.policy.Matchable} + * interface to represent XACML AllOf elements in a XACML Target. + * + * @author car + * @version $Revision + */ +public class AllOf extends PolicyComponent implements Matchable { + private List<Match> matches; + + protected List<Match> getMatchList(boolean bNoNulls) { + if (this.matches == null && bNoNulls) { + this.matches = new ArrayList<Match>(); + } + return this.matches; + } + + protected void clearMatchList() { + if (this.matches != null) { + this.matches.clear(); + } + } + + public AllOf(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public AllOf(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public AllOf() { + } + + public Iterator<Match> getMatches() { + return (this.matches == null ? null : this.matches.iterator()); + } + + public void setMatches(Collection<Match> matchesIn) { + this.clearMatchList(); + if (matchesIn != null) { + this.addMatches(matchesIn); + } + } + + public void addMatch(Match match) { + List<Match> matchList = this.getMatchList(true); + matchList.add(match); + } + + public void addMatches(Collection<Match> matchesIn) { + List<Match> matchList = this.getMatchList(true); + matchList.addAll(matchesIn); + } + + @Override + public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException { + if (!this.validate()) { + return new MatchResult(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + Iterator<Match> iterMatches = this.getMatches(); + assert(iterMatches != null && iterMatches.hasNext()); + + MatchResult matchResultFallThrough = MatchResult.MM_MATCH; + while (iterMatches.hasNext()) { + MatchResult matchResultMatch = iterMatches.next().match(evaluationContext); + assert(matchResultMatch != null); + switch(matchResultMatch.getMatchCode()) { + case INDETERMINATE: + if (matchResultFallThrough.getMatchCode() != MatchResult.MatchCode.INDETERMINATE) { + matchResultFallThrough = matchResultMatch; + } + break; + case MATCH: + break; + case NOMATCH: + return matchResultMatch; + } + } + return matchResultFallThrough; + } + + @Override + protected boolean validateComponent() { + Iterator<Match> iterMatches = this.getMatches(); + if (iterMatches == null || !iterMatches.hasNext()) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing matches"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + String stringMatches = StringUtils.toString(this.getMatches()); + if (stringMatches != null) { + stringBuilder.append(",matches="); + stringBuilder.append(stringMatches); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AnyOf.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AnyOf.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AnyOf.java new file mode 100755 index 0000000..749904f --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AnyOf.java @@ -0,0 +1,150 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.MatchResult; +import com.att.research.xacmlatt.pdp.eval.Matchable; + +/** + * AnyOf extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} and implements the {@link com.att.research.xacmlatt.pdp.policy.Matchable} + * interface to represent XACML AnyOf elements in a XACML Target. + * + * @author car + * @version $Revision + */ +public class AnyOf extends PolicyComponent implements Matchable { + private List<AllOf> allOfs; + + protected List<AllOf> getAllOfList(boolean bNoNull) { + if (this.allOfs == null && bNoNull) { + this.allOfs = new ArrayList<AllOf>(); + } + return this.allOfs; + } + + protected void clearAllOfList() { + if (this.allOfs != null) { + this.allOfs.clear(); + } + } + + public AnyOf(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public AnyOf(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public AnyOf() { + } + + public AnyOf(Collection<AllOf> allOfsIn) { + if (allOfsIn != null) { + this.addAllOfs(allOfsIn); + } + } + + public Iterator<AllOf> getAllOfs() { + return (this.allOfs == null ? null : this.allOfs.iterator()); + } + + public void setAllOfs(Collection<AllOf> allOfsIn) { + this.clearAllOfList(); + if (allOfsIn != null) { + this.addAllOfs(allOfsIn); + } + } + + public void addAllOf(AllOf allOf) { + List<AllOf> listAllOfs = this.getAllOfList(true); + listAllOfs.add(allOf); + } + + public void addAllOfs(Collection<AllOf> allOfs) { + List<AllOf> listAllOfs = this.getAllOfList(true); + listAllOfs.addAll(allOfs); + } + + @Override + public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException { + if (!this.validate()) { + return new MatchResult(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + Iterator<AllOf> iterAllOfs = this.getAllOfs(); + if (iterAllOfs == null || !iterAllOfs.hasNext()) { + return MatchResult.MM_NOMATCH; + } + + /* + * Assume "No Match" until we find a match or an indeterminate result + */ + MatchResult matchResultFallThrough = MatchResult.MM_NOMATCH; + while (iterAllOfs.hasNext()) { + MatchResult matchResultAllOf = iterAllOfs.next().match(evaluationContext); + assert(matchResultAllOf != null); + switch(matchResultAllOf.getMatchCode()) { + case INDETERMINATE: + /* + * Keep the first indeterminate value to return if no other match is found + */ + if (matchResultFallThrough.getMatchCode() != MatchResult.MatchCode.INDETERMINATE) { + matchResultFallThrough = matchResultAllOf; + } + break; + case MATCH: + return matchResultAllOf; + case NOMATCH: + break; + } + } + return matchResultFallThrough; + } + + @Override + protected boolean validateComponent() { + Iterator<AllOf> iterAllOfs = this.getAllOfs(); + if (iterAllOfs == null || !iterAllOfs.hasNext()) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AllOf elements in AnyOf"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + String iterToDump = StringUtils.toString(this.getAllOfs()); + if (iterToDump != null) { + stringBuilder.append(",allOfs="); + stringBuilder.append(iterToDump); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.java new file mode 100755 index 0000000..047fff8 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.java @@ -0,0 +1,166 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.AttributeAssignment; +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdMutableAttributeAssignment; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; + +/** + * AttributeAssignmentExpression extends {@link PolicyComponent} to represent a + * XACML AttributeAssignmentExpression element. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class AttributeAssignmentExpression extends PolicyComponent { + private static final AttributeAssignmentResult AAR_NULL_EXPRESSION = new AttributeAssignmentResult(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Null expression")); + private static final AttributeAssignmentResult AAR_NULL_EXPRESSION_RESULT = new AttributeAssignmentResult(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Null expression result")); + + private Expression expression; + private Identifier attributeId; + private Identifier category; + private String issuer; + + public AttributeAssignmentExpression(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public AttributeAssignmentExpression(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public AttributeAssignmentExpression() { + } + + public AttributeAssignmentExpression(Identifier categoryIn, Identifier attributeIdIn, String issuerIn, Expression expressionIn) { + this.category = categoryIn; + this.attributeId = attributeIdIn; + this.issuer = issuerIn; + this.expression = expressionIn; + } + + public Identifier getCategory() { + return this.category; + } + + public void setCategory(Identifier identifier) { + this.category = identifier; + } + + public Identifier getAttributeId() { + return this.attributeId; + } + + public void setAttributeId(Identifier identifier) { + this.attributeId = identifier; + } + + public String getIssuer() { + return this.issuer; + } + + public void setIssuer(String string) { + this.issuer = string; + } + + public Expression getExpression() { + return this.expression; + } + + public void setExpression(Expression expressionIn) { + this.expression = expressionIn; + } + + public AttributeAssignmentResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException { + if (!this.validate()) { + return new AttributeAssignmentResult(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + + Expression thisExpression = this.getExpression(); + if (thisExpression == null) { + return AAR_NULL_EXPRESSION; + } + + ExpressionResult thisExpressionResult = thisExpression.evaluate(evaluationContext, policyDefaults); + if (thisExpressionResult == null) { + return AAR_NULL_EXPRESSION_RESULT; + } else if (!thisExpressionResult.isOk()) { + return new AttributeAssignmentResult(thisExpressionResult.getStatus()); + } else { + List<AttributeAssignment> listAttributeAssignments = new ArrayList<AttributeAssignment>(); + if (thisExpressionResult.isBag()) { + Bag bagValues = thisExpressionResult.getBag(); + if (bagValues == null || bagValues.size() == 0) { + listAttributeAssignments.add(new StdMutableAttributeAssignment(this.getCategory(), this.getAttributeId(), this.getIssuer(), null)); + } else { + Iterator<AttributeValue<?>> iterBagValues = bagValues.getAttributeValues(); + while (iterBagValues.hasNext()) { + AttributeValue<?> attributeValue = iterBagValues.next(); + listAttributeAssignments.add(new StdMutableAttributeAssignment(this.getCategory(), this.getAttributeId(), this.getIssuer(), attributeValue)); + } + } + } else { + listAttributeAssignments.add(new StdMutableAttributeAssignment(this.getCategory(), this.getAttributeId(), this.getIssuer(), thisExpressionResult.getValue())); + } + return new AttributeAssignmentResult(listAttributeAssignments); + } + } + + @Override + protected boolean validateComponent() { + if (this.getAttributeId() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AttributeId"); + return false; + } else if (this.getExpression() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Expression"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getCategory()) != null) { + stringBuilder.append(",category="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getAttributeId()) != null) { + stringBuilder.append(",attributeId="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getExpression()) != null) { + stringBuilder.append(",expression="); + stringBuilder.append(objectToDump.toString()); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.java new file mode 100755 index 0000000..cc6c549 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.java @@ -0,0 +1,95 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.AttributeAssignment; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.util.StringUtils; + +/** + * AttributeAssignmentResult is the object returned by the <code>evaluate</code> method of an {@link com.att.research.xacmlatt.pdp.policy.AttributeAssignmentExpression}. + * It contains a {@link com.att.research.xacml.api.Status} and an optional collection of {@link com.att.research.xacml.api.AttributeAssignment} + * elements. + * + * @author car + * @version $Revision$ + */ +public class AttributeAssignmentResult { + private Status status; + private List<AttributeAssignment> listAttributeAssignments; + + protected List<AttributeAssignment> getListAttributeAssignments() { + return this.listAttributeAssignments; + } + + public AttributeAssignmentResult(Status statusIn, Collection<AttributeAssignment> listAttributeAssignmentsIn) { + this.status = statusIn; + if (listAttributeAssignmentsIn != null && listAttributeAssignmentsIn.size() > 0) { + this.listAttributeAssignments = new ArrayList<AttributeAssignment>(); + this.listAttributeAssignments.addAll(listAttributeAssignmentsIn); + } + } + + public AttributeAssignmentResult(Status statusIn) { + this(statusIn, null); + } + + public AttributeAssignmentResult(Collection<AttributeAssignment> listAttributeAssignmentsIn) { + this(StdStatus.STATUS_OK, listAttributeAssignmentsIn); + } + + public Status getStatus() { + return this.status; + } + + public boolean isOk() { + return (this.getStatus() == null || this.getStatus().isOk()); + } + + public Iterator<AttributeAssignment> getAttributeAssignments() { + List<AttributeAssignment> thisListAttributeAssignments = this.getListAttributeAssignments(); + return (thisListAttributeAssignments == null ? null : thisListAttributeAssignments.iterator()); + } + + public int getNumAttributeAssignments() { + List<AttributeAssignment> thisListAttributeAssignments = this.getListAttributeAssignments(); + return (thisListAttributeAssignments == null ? 0 : thisListAttributeAssignments.size()); + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + boolean needsComma = false; + + Object objectToDump; + if ((objectToDump = this.getStatus()) != null) { + stringBuilder.append("status="); + stringBuilder.append(objectToDump.toString()); + needsComma = true; + } + + Iterator<?> iterToDump; + if ((iterToDump = this.getAttributeAssignments()) != null) { + if (needsComma) { + stringBuilder.append(','); + } + stringBuilder.append(StringUtils.toString(iterToDump)); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Bag.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Bag.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Bag.java new file mode 100755 index 0000000..47b7773 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Bag.java @@ -0,0 +1,93 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.AttributeValue; + +/** + * Bag represents a collection of XACML attribute values for the same attribute. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class Bag { + public static final Bag EMPTY = new Bag(); + + private List<AttributeValue<?>> attributeValues = new ArrayList<AttributeValue<?>>(); + + /** + * Gets the <code>List</code> of <code>AttributeValue</code>s for this <code>Bag</code>. + * + * @return the <code>List</code> of <code>AttributeValue</code>s for this <code>Bag</code> + */ + public List<AttributeValue<?>> getAttributeValueList() { + return this.attributeValues; + } + + /** + * Creates a new, empty <code>Bag</code>. + */ + public Bag() { + } + + /** + * Creates a new <code>Bag</code> by copying the {@link com.att.research.xacml.api.AttributeValue}s from the + * given <code>Collection</code>. + * + * @param attributeValuesIn the <code>Collection</code> of <code>AttributeValue</code>s for this <code>Bag</code>. + * + public Bag(Collection<AttributeValue<?>> attributeValuesIn) { + if (attributeValuesIn != null) { + this.attributeValues.addAll(attributeValuesIn); + } + } + + public Bag(Iterator<AttributeValue<?>> iterAttributeValuesIn) { + if (iterAttributeValuesIn != null) { + while (iterAttributeValuesIn.hasNext()) { + this.attributeValues.add(iterAttributeValuesIn.next()); + } + } + } + */ + + /** + * Adds an <code>AttributeValue</code> to this <code>Bag</code>> + * + * @param attributeValue the <code>AttributeValue</code> to add + */ + public void add(AttributeValue<?> attributeValue) { + this.attributeValues.add(attributeValue); + } + + /** + * Gets the number of <code>AttributeValue</code>s in this <code>Bag</code>. + * + * @return the number of <code>AttributeValue</code>s in this <code>Bag</code>. + */ + public int size() { + return this.getAttributeValueList().size(); + } + + /** + * Gets an <code>Iterator</code> over all of the <code>AttributeValue</code>s in this <code>Bag</code>. + * + * @return an <code>Iterator</code> over all of the <code>AttributeValue</code>s in this <code>Bag</code>. + */ + public Iterator<AttributeValue<?>> getAttributeValues() { + return this.getAttributeValueList().iterator(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombinerParameter.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombinerParameter.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombinerParameter.java new file mode 100755 index 0000000..8277428 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombinerParameter.java @@ -0,0 +1,149 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatusCode; + +/** + * CombinerParameter extends {@link PolicyComponent} to represent a XACML CombinerParameter element. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class CombinerParameter extends PolicyComponent { + private String name; + private AttributeValue<?> attributeValue; + + @Override + protected boolean validateComponent() { + if (this.getName() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing parameter name"); + return false; + } else if (this.getAttributeValue() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing attribute value"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + /** + * Creates a new <code>CombinerParameter</code> with the given <code>String</code> name, <code>AttributeValue</code>, + * {@link com.att.research.xacml.api.StatusCode} and <code>String</code> status message. + * + * @param nameIn the <code>String</code> name of the <code>CombinerParameter</code> + * @param attributeValueIn the <code>AttributeValue</code> of the <code>CombinerParameter</code> + * @param statusCodeIn the <code>StatusCode</code> of the <code>CombinerParameter</code> + * @param statusMessageIn the <code>String</code> status message of the <code>CombinerParameter</code> + */ + public CombinerParameter(String nameIn, AttributeValue<?> attributeValueIn, StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + this.name = nameIn; + this.attributeValue = attributeValueIn; + } + + /** + * Creates a new <code>CombinerParameter</code> for an error condition with the given <code>StatusCode</code> and + * <code>String</code> status message. + * + * @param statusCodeIn the <code>StatusCode</code> of the <code>CombinerParameter</code> + * @param statusMessageIn the <code>String</code> status message of the <code>CombinerParameter</code> + */ + public CombinerParameter(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + /** + * Creates a new <code>CombinerParameter</code> for an error condition with the given <code>StatusCode</code> and + * null status message. + * + * @param statusCodeIn the <code>StatusCode</code> of the <code>CombinerParameter</code> + */ + public CombinerParameter(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + /** + * Creates a new <code>CombinerParameter</code> with a default <code>StatusCode</code>, null status message, and the given + * <code>String</code> name and <code>AttributeValue</code>> + * + * @param nameIn the <code>String</code> name of the <code>CombinerParameter</code> + * @param attributeValueIn the <code>AttributeValue</code> of the <code>CombinerParameter</code> + */ + public CombinerParameter(String nameIn, AttributeValue<?> attributeValueIn) { + super(); + this.name = nameIn; + this.attributeValue = attributeValueIn; + } + + public CombinerParameter() { + + } + + /** + * Gets the <code>String</code> name of this <code>CombinerParameter</code>. + * + * @return the <code>String</code> name of this <code>CombinerParameter</code> + */ + public String getName() { + return this.name; + } + + /** + * Sets the name of this <code>CombinerParameter</code> to the given <code>String</code>. + * + * @param nameIn the <code>String</code> name for this <code>CombinerParameter</code>. + */ + public void setName(String nameIn) { + this.name = nameIn; + } + + /** + * Gets the <code>AttributeValue</code> of this <code>CombinerParameter</code>. + * + * @return the <code>AttributeValue</code> of this <code>CombinerParameter</code> + */ + public AttributeValue<?> getAttributeValue() { + return this.attributeValue; + } + + /** + * Sets the <code>AttributeValue</code> for this <code>CombinerParameter</code>> + * + * @param attributeValueIn the <code>AttributeValue</code> for this <code>CombinerParameter</code>> + */ + public void setAttributeValue(AttributeValue<?> attributeValueIn) { + this.attributeValue = attributeValueIn; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getName()) != null) { + stringBuilder.append(",name="); + stringBuilder.append((String)objectToDump); + } + if ((objectToDump = this.getAttributeValue()) != null) { + stringBuilder.append(",attributeValue="); + stringBuilder.append(objectToDump.toString()); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.java new file mode 100755 index 0000000..d161efa --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.java @@ -0,0 +1,49 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.List; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacmlatt.pdp.eval.Evaluatable; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.EvaluationResult; + +/** + * CombiningAlgorithm is the interface for objects that implement XACML combining algorithms for rules, policies, and policy sets. + * + * @author car + * @version $Revision: 1.1 $ + * + * @param <T> the type of object to be combined + * @param <U> the type of the identifier for <code>T</code> + */ +public interface CombiningAlgorithm<T extends Evaluatable> { + /** + * Gets the {@link com.att.research.xacml.api.Identifier} for this <code>CombiningAlgorithm</code>. + * + * @return the <code>Identifier</code> for this <code>CombiningAlgorithm</code> + */ + public Identifier getId(); + + /** + * Evaluates as many of the <code>CombiningElement</code>s supplied with the given <code>CombinerParameter</code>s based on + * the particular combining algorithm and combines their <code>EvaluationResult</code>s into a single <code>EvaluationResult</code>. + * + * @param evaluationContext the <code>EvaluationContext</code> in which to evaluate each of the <code>CombiningElement</code>s + * @param elements the <code>List</code> of <code>CombiningElement</code>s to evaluate + * @param combinerParameters the <code>List</code> of <code>CombinerParameter</code>s to apply to the combining algorithm + * @return the combined <code>EvaluationResult</code> + * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException if there is an error in the <code>evaluate</code> method of any of the <code>CombiningElement</code>s + */ + public EvaluationResult combine(EvaluationContext evaluationContext, List<CombiningElement<T>> elements, List<CombinerParameter> combinerParameters) throws EvaluationException; +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.java new file mode 100755 index 0000000..b6b278e --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.java @@ -0,0 +1,91 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.Properties; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacml.util.FactoryFinder; +import com.att.research.xacmlatt.pdp.util.ATTPDPProperties; + +/** + * CombiningAlgorithmFactory is an abstract class for mapping function {@link com.att.research.xacml.api.Identifier} ids to + * {@link CombiningAlgorithm} objects. + * + * @author car + * @version $Revision: 1.3 $ + */ +public abstract class CombiningAlgorithmFactory { + private static final String FACTORYID = ATTPDPProperties.PROP_COMBININGALGORITHMFACTORY; + private static final String DEFAULT_FACTORY_CLASSNAME = "com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory"; + + protected CombiningAlgorithmFactory() { + } + + protected CombiningAlgorithmFactory(Properties properties) { + } + + /** + * Maps the given <code>Identifier</code> representing a XACML rule combining algorithm to a <code>CombiningAlgorithm</code> object. + * + * @param combiningAlgorithmId the <code>Identifier</code> of the <code>CombiningAlgorithm</code> to retrieve + * @return the <code>CombiningAlgorithm</code> for the given <code>Identifier</code> or null if not found + */ + public abstract CombiningAlgorithm<Rule> getRuleCombiningAlgorithm(Identifier combiningAlgorithmId); + + /** + * Maps the given <code>Identifier</code> representing a XACML policy combinign algorithm to a <code>CombiningAlgorithm</code> object. + * + * @param combiningAlgorithmId the <code.Identifier</code> of the <code>CombiningAlgorithm</code> to retrieve + * @return the <code>CombiningAlgorithm</code> for the given <code>Identifier</code> or null if not found + */ + public abstract CombiningAlgorithm<PolicySetChild> getPolicyCombiningAlgorithm(Identifier combiningAlgorithmId); + + /** + * Creates an instance of the <code>CombiningAlgorithmFactory</code> using default configuration information. + * + * @return the default <code>CombiningAlgorithmFactory</code> + */ + public static CombiningAlgorithmFactory newInstance() throws FactoryException { + return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, CombiningAlgorithmFactory.class); + } + + /** + * Creates an instance of the <code>CombiningAlgorithmFactory</code> using default configuration information. + * + * @return the default <code>CombiningAlgorithmFactory</code> + */ + public static CombiningAlgorithmFactory newInstance(Properties properties) throws FactoryException { + return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, CombiningAlgorithmFactory.class, properties); + } + + /** + * Creates an instance of the <code>CombiningAlgorithmFactory</code> using the given class name. + * + * @param className the <code>String</code> class name of the <code>CombiningAlgorithmFactory</code> to create + * @return the <code>CombiningAlgorithmFactory</code> for the given class name. + */ + public static CombiningAlgorithmFactory newInstance(String className) throws FactoryException { + return FactoryFinder.newInstance(className, CombiningAlgorithmFactory.class, null, true); + } + + /** + * Creates an instance of the <code>CombiningAlgorithmFactory</code> using the given class name using the given <code>ClassLoader</code>. + * + * @param className the <code>String</code> class name of the <code>CombiningAlgorithmFactory</code> to create + * @param classLoader the <code>ClassLoader</code> to use to load the class with the given class name + * @return the <code>CombiningAlgorithmFactory</code> for the given class name + */ + public static CombiningAlgorithmFactory newInstance(String className, ClassLoader classLoader) throws FactoryException { + return FactoryFinder.newInstance(className, CombiningAlgorithmFactory.class, classLoader, false); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningElement.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningElement.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningElement.java new file mode 100755 index 0000000..8890b1a --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningElement.java @@ -0,0 +1,82 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacmlatt.pdp.eval.Evaluatable; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.EvaluationResult; + +/** + * CombiningElement wraps an {@link com.att.research.xacmlatt.pdp.evl.Evaluatable} with a set of + * {@link com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter}s for use with a + * {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm} to get a combined {@link com.att.research.xacmlatt.pdp.eval.EvaluationResult} + * + * @author car + * @version $Revision: 1.1 $ + * + * @param <T> the java class extending <code>Evaluatable</code> of the objects to be combined + */ +public class CombiningElement<T extends Evaluatable> { + private T evaluatable; + private List<CombinerParameter> targetedCombinerParameters; + + /** + * Creates a new <code>CombiningElement</code> with the given <code>Evaluatable</code> and <code>List</code> of + * <code>TargetedCombinerParameter</code>. + * + * @param evaluatableIn the <code>Evaluatable</code> + * @param targetedCombinerParametersIn the <code>List</code> of <code>TargetedCombinerParameter</code>s. + */ + public CombiningElement(T evaluatableIn, Collection<CombinerParameter> targetedCombinerParametersIn) { + this.evaluatable = evaluatableIn; + if (targetedCombinerParametersIn != null) { + this.targetedCombinerParameters = new ArrayList<CombinerParameter>(); + this.targetedCombinerParameters.addAll(targetedCombinerParametersIn); + } + } + + /** + * Gets the <code>Evaluatable</code> for this <code>CombiningElement</code>. + * + * @return the <code>Evaluatable</code> for this <code>CombiningElement</code> + */ + public T getEvaluatable() { + return this.evaluatable; + } + + /** + * Gets an <code>Iterator</code> over the <code>TargetedCombinerParameters</code> for this + * <code>CombiningElement</code>. + * + * @return an <code>Iterator</code> over the <code>TargetedCombinerParameters</code> for this <code>CombiningElement</code> + */ + public Iterator<CombinerParameter> getTargetedCombinerParameters() { + return (this.targetedCombinerParameters == null ? null : this.targetedCombinerParameters.iterator()); + } + + /** + * Evaluates this <code>CombiningElement</code> in the given {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext}. + * + * @param evaluationContext the <code>EvaluationContext</code> + * @return the {@link com.att.research.xacmlatt.pdp.eval.EvaluationResult} from the <code>Evaluatable</code> + * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException if there is an error in the <code>evaluate</code> method of the <code>Evaluatable</code> + */ + public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException { + return this.getEvaluatable().evaluate(evaluationContext); + } + +}
