http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionRegexpMatch.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionRegexpMatch.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionRegexpMatch.java new file mode 100755 index 0000000..ad442ae --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionRegexpMatch.java @@ -0,0 +1,117 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + + +import java.util.List; + +import com.att.research.xacml.api.DataType; +import com.att.research.xacml.api.DataTypeException; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + +/** + * FunctionDefinitionRegexMatch implements {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} to + * implement the XACML 'type'-regex-match predicates as functions taking two arguments, the first of <code>String</code>, + * representing a regular expression, and the second of the type for that specific predicate, + * and returning a <code>Boolean</code> for whether the regular expression matches the string representation of the second argument. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * string-regexp-match + * anyURI-regexp-match + * x500Name-regexp-match + * rfc822Name-regexp-match (in sub-class {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition.FunctionDefinitionRegexpMatchRFC822} ) + * ipAddress-regexp-match + * dnsName-regexp-match + * + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + * @param <I> the java class for the data type of the function Input arguments + */ +public class FunctionDefinitionRegexpMatch<I> extends FunctionDefinitionBase<Boolean, I> { + + + /** + * Constructor - need dataTypeArgs input because of java Generic type-erasure during compilation. + * + * @param idIn + * @param dataTypeArgsIn + */ + public FunctionDefinitionRegexpMatch(Identifier idIn, DataType<I> dataTypeArgsIn) { + super(idIn, DataTypes.DT_BOOLEAN, dataTypeArgsIn, false); + } + + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + + if (arguments == null || arguments.size() != 2) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Expected 2 arguments, got " + + ((arguments == null) ? "null" : arguments.size()) )); + } + + // get the regular expression + FunctionArgument regexpArgument = arguments.get(0); + + ConvertedArgument<String> convertedArgument = new ConvertedArgument<String>(regexpArgument, DataTypes.DT_STRING, false); + if ( ! convertedArgument.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedArgument.getStatus())); + } + + // String regexpValue = (String)regexpArgument.getValue().getValue(); + String regexpValue = convertedArgument.getValue(); + + + // now get the element to match + FunctionArgument elementArgument = arguments.get(1); + + ConvertedArgument<I> convertedElement = new ConvertedArgument<I>(elementArgument, this.getDataTypeArgs(), false); + if ( ! convertedElement.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedElement.getStatus())); + } + + I elementValueObject = convertedElement.getValue(); + + String elementValueString; + try { + elementValueString = this.getDataTypeArgs().toStringValue(elementValueObject); + } catch (DataTypeException e) { + String message = e.getMessage(); + if (e.getCause() != null) { + message = e.getCause().getMessage(); + } + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message)); + } + + // ConvertedArgument checks for null value, so do not need to do again here + + if (elementValueString.matches(regexpValue)) { + return ER_TRUE; + } else { + return ER_FALSE; + } + + } + + + + + +}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionSet.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionSet.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionSet.java new file mode 100755 index 0000000..1595a47 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionSet.java @@ -0,0 +1,230 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + +import java.util.ArrayList; +import java.util.List; + +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.DataType; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.Bag; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + +/** + * FunctionDefinitionSet implements {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} to + * implement the XACML Set predicates as functions taking two arguments of <code>Bag</code> the same primitive type + * and returning either a <code>Boolean</code> or a <code>Bag</code> of the same primitive type. + * <P> + * The ipAddress, dnsName and xPathExpression do not have set functions defined for them in section 10.2.8 of the Release 3 XACML spec. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * string-bag + * boolean-bag + * integer-bag + * double-bag + * time-bag + * date-bag + * dateTime-bag + * anyURI-bag + * hexBinary-bag + * base64Binary-bag + * dayTimeDuration-bag (version 1 and3) + * yearMonthDuration-bag (version 1 and 3) + * x500Name-bag + * rfc822Name-bag + * + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + * @param <I> the java class for the data type of the function Input arguments + * @param <O> the java class for the data type of the function Output + */ +public class FunctionDefinitionSet<O,I> extends FunctionDefinitionBase<O, I> { + + /** + * List of comparison operations. + * + * @author glenngriffin + * + */ + public enum OPERATION {INTERSECTION, AT_LEAST_ONE_MEMBER_OF, UNION, SUBSET, SET_EQUALS }; + + // the operation for this instance of the class + private OPERATION operation; + + + /** + * Constructor - need dataType input because of java Generic type-erasure during compilation. + * + * @param idIn + * @param dataTypeArgsIn + */ + public FunctionDefinitionSet(Identifier idIn, DataType<O> dataTypeIn, DataType<I> dataTypeArgsIn, OPERATION opIn) { + super(idIn, dataTypeIn, dataTypeArgsIn, ((opIn == OPERATION.INTERSECTION || opIn == OPERATION.UNION) ? true : false) ); + operation = opIn; + } + + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + + if (arguments == null || arguments.size() != 2) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Expected 2 arguments, got " + + ((arguments == null) ? "null" : arguments.size()) )); + } + + // get first bag + FunctionArgument bagArgument = arguments.get(0); + ConvertedArgument<Bag> convertedBagArgument = new ConvertedArgument<Bag>(bagArgument, null, true); + + if ( ! convertedBagArgument.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedBagArgument.getStatus())); + } + + Bag bag1 = convertedBagArgument.getBag(); + List<AttributeValue<?>> list1 = (List<AttributeValue<?>>) bag1.getAttributeValueList(); + + // get second bag + bagArgument = arguments.get(1); + convertedBagArgument = new ConvertedArgument<Bag>(bagArgument, null, true); + + if ( ! convertedBagArgument.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedBagArgument.getStatus())); + } + + Bag bag2 = convertedBagArgument.getBag(); + List<AttributeValue<?>> list2 = (List<AttributeValue<?>>) bag2.getAttributeValueList(); + + // arguments are ready BUT they have NOT had duplicates removed + + ExpressionResult expressionResult = null; + + // some functions return a bag rather than boolean + Bag outBag; + List<AttributeValue<?>> outList; + + + switch (operation) { + case INTERSECTION: + outList = new ArrayList<AttributeValue<?>>(); + + for (AttributeValue<?> element : list1) { + if (outList.contains(element)) { + continue; + } + if (list2.contains(element)) { + outList.add(element); + } + } + + // now have the intersection; put it in a bag + + outBag = new Bag(); + + for (AttributeValue<?> element : outList) { + outBag.add(element); + } + + expressionResult = ExpressionResult.newBag(outBag); + return expressionResult; + + + case AT_LEAST_ONE_MEMBER_OF: + // look for elements from the first list in the second. + // duplicates do not matter because if the element is not there it does not matter that we look for it again, + // and if it is there we stop the first time we see it. + // If the first bag is empty, this should fail because no element from the first set can be found in the second set + // (because there IS no element in first set). + for (AttributeValue<?> element : list1) { + if (list2.contains(element)) { + return ER_TRUE; + } + } + // did not find any element from list 1 in list 2 + return ER_FALSE; + + case UNION: + outList = new ArrayList<AttributeValue<?>>(); + + for (AttributeValue<?> element : list1) { + if (outList.contains(element)) { + continue; + } + outList.add((AttributeValue<?>) element); + } + for (AttributeValue<?> element : list2) { + if (outList.contains(element)) { + continue; + } + outList.add((AttributeValue<?>) element); + } + + // now have the intersection; put it in a bag + + outBag = new Bag(); + + for (AttributeValue<?> element : outList) { + outBag.add(element); + } + + expressionResult = ExpressionResult.newBag(outBag); + return expressionResult; + + + case SUBSET: + // all elements from list 1 must exist in list 2. + // duplicates do not matter because if an element is not found the first time we stop immediately, + // and if it is found the first time it will also be found for the duplicate. + // If the first set is empty we return TRUE because all elements (i.e. none) in the first set are in the second. + for (AttributeValue<?> element : list1) { + if ( ! list2.contains(element)) { + return ER_FALSE; + } + } + // all elements in list1 were found + return ER_TRUE; + + + case SET_EQUALS: + // we cannot do a direct one-to-one compare because the lists may contain duplicates. Also they may not be ordered the same. + // So we ask: + // are all elements in list 1 in list 2 (ignoring duplicates) + // are all elements in list 2 in list 1 (ignoring duplicates) + for (AttributeValue<?> element : list1) { + if ( ! list2.contains(element)) { + return ER_FALSE; + } + } + for (AttributeValue<?> element : list2) { + if ( ! list1.contains(element)) { + return ER_FALSE; + } + } + // all elements in each are part of the other + return ER_TRUE; + } + + // all cases should have been covered by above - should never get here + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Could not evaluate Set function " + operation)); + + } + + + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringConversion.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringConversion.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringConversion.java new file mode 100755 index 0000000..bde0bbe --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringConversion.java @@ -0,0 +1,117 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + +import java.util.ArrayList; +import java.util.List; + +import com.att.research.xacml.api.DataType; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.std.StdAttributeValue; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + +/** + * FunctionDefinitionNumberTypeConversion extends {@link com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to + * implement the XACML predicates for converting <code>String</code> to <code>DataType<?></code> and vice versa. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * boolean-from-string + * string-from-boolean + * integer-from-string + * string-from-integer + * double-from-string + * string-from-double + * time-from-string + * string-from-time + * date-from-string + * string-from-date + * dateTime-from-string + * string-from-dateTime + * anyURI-from-string + * string-from-anyURI + * dayTimeDuration-from-string + * string-from-dayTimeDuration + * yearMonthDuration-from-string + * string-from-yearMonthDuration + * x500Name-from-string + * string-from-x500Name + * rfc822Name-from-string + * string-from-rfc822Name + * ipAddress-from-string + * string-from-ipAddress + * dnsName-from-string + * string-from-dnsName + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + * @param <O> the java class for the data type of the function Output + * @param <I> the java class for the data type of the function Input argument + */ +public class FunctionDefinitionStringConversion<O,I> extends FunctionDefinitionHomogeneousSimple<O, I> { + + public FunctionDefinitionStringConversion(Identifier idIn, DataType<O> outputType, DataType<I> argType) { + super(idIn, outputType, argType, 1); + } + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + List<I> convertedArguments = new ArrayList<I>(); + Status status = this.validateArguments(arguments, convertedArguments); + + /* + * If the function arguments are not correct, just return an error status immediately + */ + if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) { + return ExpressionResult.newError(getFunctionStatus(status)); + } + + /* + * Do different conversion depending on which way we are going (to/from String) + */ + if (this.getDataTypeId().equals(DataTypes.DT_STRING.getId())) { + // converting TO String + try { + String output = this.getDataTypeArgs().toStringValue(convertedArguments.get(0)); + return ExpressionResult.newSingle(new StdAttributeValue<String>(this.getDataTypeId(), output)); + } catch (Exception e) { + String message = e.getMessage(); + if (e.getCause() != null) { + message = e.getCause().getMessage(); + } + // untested - not clear how this could happen + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message)); + } + } else { + // converting FROM String to object of DataType + try { + O output = this.getDataType().convert(convertedArguments.get(0)); + return ExpressionResult.newSingle(new StdAttributeValue<O>(this.getDataTypeId(), output)); + } catch (Exception e) { + String message = e.getMessage(); + if (e.getCause() != null) { + message = e.getCause().getMessage(); + } + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() + " " + message )); + } + } + + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringEqualIgnoreCase.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringEqualIgnoreCase.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringEqualIgnoreCase.java new file mode 100755 index 0000000..b8aae7d --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringEqualIgnoreCase.java @@ -0,0 +1,55 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.std.datatypes.DataTypes; + +/** + * FunctionDefinitionStringEqualIgnoreCase extends {@link FunctionDefinitionEquality} for + * <code>String</code> arguments by testing for equality without regard to case. + * + * The specification actually says that the strings are first converted to lower case using the string-normalize-to-lower-case function. + * This code ASSUMES that + * <UL> + * <LI> the normalize function just calls the Java toLowerCase() function, and + * <LI> the Java VM is consistent in that equalsIgnoreCase provides the same result as calling toLowerCase on each string and doing a compare. + * </UL> + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * string-equal-ignore-case + * + * + * @author car + * @version $Revision: 1.2 $ + */ +public class FunctionDefinitionStringEqualIgnoreCase extends FunctionDefinitionEquality<String> { + + /** + * ASSUMES that equalsIgnoreCase provides the same result as calling string-normalize-to-lower-case on both strings and then comparing. + */ + @Override + protected boolean isEqual(String s1, String s2) { + return s1.equalsIgnoreCase(s2); + } + + /** + * Creates a new <code>FunctionDefinitionStringEqualIgnoreCase</code> with the given <code>Identifier</code>. + * + * @param idIn the <code>Identifier</code> for the new <code>FunctionDefinitionStringEqualIgnoreCase</code> + */ + public FunctionDefinitionStringEqualIgnoreCase(Identifier idIn) { + super(idIn, DataTypes.DT_STRING); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringFunctions.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringFunctions.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringFunctions.java new file mode 100755 index 0000000..bc5515d --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringFunctions.java @@ -0,0 +1,256 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + + +import java.math.BigInteger; +import java.util.List; + +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.DataType; +import com.att.research.xacml.api.DataTypeException; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML; +import com.att.research.xacml.std.StdAttributeValue; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + +/** + * FunctionDefinitionStringFunctions implements {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} to + * implement the XACML String Functions predicates except for the conversions between <code>String</code> and <code>DataType</code> + * which are contained in <code>FunctionDefinitionStringConversion</code>. + * The functions in this file do not have a lot in common except that the return data type is known and the input argument types are + * either known or of the generic type. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * string-concatenate + * string-starts-with + * anyURI-starts-with + * string-ends-with + * anyURI-ends-with + * string-contains + * anyURI-contains + * string-substring + * anyURI-substring + * + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + * @param <I> the java class for the data type of the function Input arguments + * @param <O> the java class for the data type of the function Output - + * needed because different functions within this class have different output types + */ +public class FunctionDefinitionStringFunctions<O, I> extends FunctionDefinitionBase<O, I> { + + /** + * List of String operations. + * + * @author glenngriffin + * + */ + public enum OPERATION {CONCATENATE, STARTS_WITH, ENDS_WITH, CONTAINS, SUBSTRING }; + + // operation to be used in this instance of the StringFunctions class + private final OPERATION operation; + + + /** + * Constructor - need dataTypeArgs input because of java Generic type-erasure during compilation. + * + * @param idIn + * @param dataTypeArgsIn + */ + public FunctionDefinitionStringFunctions(Identifier idIn, DataType<O> dataTypeIn, DataType<I> dataTypeArgsIn, OPERATION op) { + super(idIn, dataTypeIn, dataTypeArgsIn, false); + this.operation = op; + } + + + @SuppressWarnings("incomplete-switch") + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + + if (arguments == null || + (operation == OPERATION.CONCATENATE && arguments.size() < 2) || + (operation == OPERATION.SUBSTRING && arguments.size() != 3) || + (operation != OPERATION.SUBSTRING && operation != OPERATION.CONCATENATE && arguments.size() != 2) ) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Expected " + + ((operation == OPERATION.SUBSTRING) ? 3 : (operation == OPERATION.CONCATENATE ? "2 or more " : 2)) + " arguments, got " + + ((arguments == null) ? "null" : arguments.size()) )); + } + + + + ExpressionResult expressionResult = null; + + String firstArgumentAsString = null; + String secondArgumentAsString = null; + + Integer secondArgumentAsInteger = null; + Integer thirdArgumentAsInteger = null; + + // most of the functions take 2 args, but SUBSTRING takes 3 AND concatenate takes 2 or more + if (operation == OPERATION.CONCATENATE) { + StringBuilder builder = new StringBuilder(); + for (int i = 0; i < arguments.size(); i++) { + FunctionArgument functionArgument = arguments.get(i); + ConvertedArgument<I> convertedArgument = new ConvertedArgument<I>(functionArgument, this.getDataTypeArgs(), false); + if ( ! convertedArgument.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedArgument.getStatus())); + } + try { + String argumentAsString = this.getDataTypeArgs().toStringValue( convertedArgument.getValue()); + builder.append(argumentAsString); + } catch (DataTypeException e) { + String message = e.getMessage(); + if (e.getCause() != null) { + message = e.getCause().getMessage(); + } + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message )); + } + } + AttributeValue<String> stringResult = new StdAttributeValue<String>(XACML.ID_DATATYPE_STRING, + builder.toString() ); + expressionResult = ExpressionResult.newSingle(stringResult); + return expressionResult; + + } else if (operation == OPERATION.SUBSTRING) { + // first arg is of generic type + FunctionArgument functionArgument = arguments.get(0); + ConvertedArgument<I> convertedArgument0 = new ConvertedArgument<I>(functionArgument, this.getDataTypeArgs(), false); + if ( ! convertedArgument0.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedArgument0.getStatus())); + } + try { + firstArgumentAsString = this.getDataTypeArgs().toStringValue( convertedArgument0.getValue()); + } catch (DataTypeException e) { + String message = e.getMessage(); + if (e.getCause() != null) { + message = e.getCause().getMessage(); + } + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message )); + } + + functionArgument = arguments.get(1); + ConvertedArgument<BigInteger> convertedArgumentInt = new ConvertedArgument<BigInteger>(functionArgument, DataTypes.DT_INTEGER, false); + if ( ! convertedArgumentInt.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedArgumentInt.getStatus())); + } + secondArgumentAsInteger = convertedArgumentInt.getValue().intValue(); + if (secondArgumentAsInteger < 0 || secondArgumentAsInteger > firstArgumentAsString.length()) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + + "Start point '" + secondArgumentAsInteger + "' out of range 0-" + firstArgumentAsString.length() + + " for string='" + firstArgumentAsString + "'")); + } + + + functionArgument = arguments.get(2); + convertedArgumentInt = new ConvertedArgument<BigInteger>(functionArgument, DataTypes.DT_INTEGER, false); + if ( ! convertedArgumentInt.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedArgumentInt.getStatus())); + } + thirdArgumentAsInteger = convertedArgumentInt.getValue().intValue(); + // special case: -1 means "to end of string" + if (thirdArgumentAsInteger < -1 || thirdArgumentAsInteger > firstArgumentAsString.length()) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + + "End point '" + thirdArgumentAsInteger + "' out of range 0-" + firstArgumentAsString.length() + + " for string='" + firstArgumentAsString + "'")); + } + if (thirdArgumentAsInteger != -1 && thirdArgumentAsInteger < secondArgumentAsInteger) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + + "End point '" + thirdArgumentAsInteger + "' less than start point '" + secondArgumentAsString + "'" + + " for string='" + firstArgumentAsString + "'")); + } + + } else { + // expect 2 args, one String and one of Generic type + FunctionArgument functionArgument = arguments.get(0); + ConvertedArgument<String> convertedArgument0 = new ConvertedArgument<String>(functionArgument, DataTypes.DT_STRING, false); + if ( ! convertedArgument0.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedArgument0.getStatus())); + } + firstArgumentAsString = convertedArgument0.getValue(); + + + functionArgument = arguments.get(1); + ConvertedArgument<I> convertedArgument1 = new ConvertedArgument<I>(functionArgument, this.getDataTypeArgs(), false); + if ( ! convertedArgument1.isOk()) { + return ExpressionResult.newError(getFunctionStatus(convertedArgument1.getStatus())); + } + try { + secondArgumentAsString = this.getDataTypeArgs().toStringValue( convertedArgument1.getValue()); + } catch (DataTypeException e) { + String message = e.getMessage(); + if (e.getCause() != null) { + message = e.getCause().getMessage(); + } + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message + + " " + message )); + } + + + } + + // arguments are ready - do the operation + + switch (operation) { + case STARTS_WITH: + if (secondArgumentAsString.startsWith(firstArgumentAsString)) { + return ER_TRUE; + } else { + return ER_FALSE; + } + + + case ENDS_WITH: + if (secondArgumentAsString.endsWith(firstArgumentAsString)) { + return ER_TRUE; + } else { + return ER_FALSE; + } + + case CONTAINS: + if (secondArgumentAsString.contains(firstArgumentAsString)) { + return ER_TRUE; + } else { + return ER_FALSE; + } + + case SUBSTRING: + String substring = null; + if (thirdArgumentAsInteger == -1) { + // from start point to end of string + substring = firstArgumentAsString.substring(secondArgumentAsInteger); + } else { + substring = firstArgumentAsString.substring(secondArgumentAsInteger, thirdArgumentAsInteger); + } + AttributeValue<String> stringResult = new StdAttributeValue<String>(XACML.ID_DATATYPE_STRING, substring); + expressionResult = ExpressionResult.newSingle(stringResult); + break; + } + + + return expressionResult; + + } + + + + + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringNormalize.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringNormalize.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringNormalize.java new file mode 100755 index 0000000..11d6359 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringNormalize.java @@ -0,0 +1,108 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + +import java.util.ArrayList; +import java.util.List; + +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.api.XACML; +import com.att.research.xacml.std.StdAttributeValue; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypeString; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + +/** + * FunctionDefinitionStringNormalize extends {@link com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to + * implement the XACML String normalization predicates as functions taking one <code>String</code> arg and returning a single value of the same type. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * string-normalize-space + * string-normalize-to-lower-case + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + */ +public class FunctionDefinitionStringNormalize extends FunctionDefinitionHomogeneousSimple<String, String> { + + /** + * List of string normalization operations. + * + * @author glenngriffin + * + */ + public enum OPERATION {SPACE, LOWER_CASE }; + + // operation to be used in this instance of the Arightmetic class + private final OPERATION operation; + + + // result variables used by all functions + AttributeValue<String> result; + + + /** + * Constructor + * + * @param idIn + * @param dataTypeArgsIn + * @param op + */ + public FunctionDefinitionStringNormalize(Identifier idIn, OPERATION op) { + // for Arithmetic functions, the output type is the same as the input type (no mixing of Ints and Doubles!) + super(idIn, DataTypes.DT_STRING, DataTypeString.newInstance(), 1); + + // save the operation and data type to be used in this instance + operation = op; + + } + + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + List<String> convertedArguments = new ArrayList<String>(); + Status status = this.validateArguments(arguments, convertedArguments); + + /* + * If the function arguments are not correct, just return an error status immediately + */ + if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) { + return ExpressionResult.newError(getFunctionStatus(status)); + } + + /* + * Now perform the requested operation. + */ + ExpressionResult expressionResult = null; + + switch (operation) { + case SPACE: + result = new StdAttributeValue<String>(XACML.ID_DATATYPE_STRING, convertedArguments.get(0).trim() ); + break; + case LOWER_CASE: + result = new StdAttributeValue<String>(XACML.ID_DATATYPE_STRING, convertedArguments.get(0).toLowerCase() ); + break; + } + + expressionResult = ExpressionResult.newSingle(result); + + return expressionResult; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionTimeInRange.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionTimeInRange.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionTimeInRange.java new file mode 100755 index 0000000..bf7ba8b --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionTimeInRange.java @@ -0,0 +1,96 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + +import java.util.ArrayList; +import java.util.List; + +import com.att.research.xacml.api.DataType; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacml.std.datatypes.ISO8601Time; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + +/** + * FunctionDefinitionTimeInRange implements {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} to + * implement the XACML time-in-range predicates as a function taking three arguments of type <code>Time</code> + * and returning a <code>Boolean</code>. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * time-in-range + * + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + * @param <I> the java class for the data type of the function Input arguments. + */ +public class FunctionDefinitionTimeInRange<I> extends FunctionDefinitionHomogeneousSimple<Boolean, I> { + + + + + /** + * Constructor - need dataType input because of java Generic type-erasure during compilation. + * + * @param idIn + * @param dataTypeArgsIn + */ + public FunctionDefinitionTimeInRange(Identifier idIn, DataType<I> dataTypeArgsIn) { + super(idIn, DataTypes.DT_BOOLEAN, dataTypeArgsIn, 3); + } + + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + + List<I> convertedArguments = new ArrayList<I>(); + Status status = this.validateArguments(arguments, convertedArguments); + + /* + * If the function arguments are not correct, just return an error status immediately + */ + if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) { + return ExpressionResult.newError(getFunctionStatus(status)); + } + + int compareResultLow; + int compareResultHigh; + try { + + compareResultLow = ((ISO8601Time) convertedArguments.get(1)).compareTo((ISO8601Time)convertedArguments.get(0)); + compareResultHigh = ((ISO8601Time)convertedArguments.get(2)).compareTo((ISO8601Time)convertedArguments.get(0)); + } catch (Exception e) { + String message = e.getMessage(); + if (e.getCause() != null) { + message = e.getCause().getMessage(); + } + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message)); + } + + // is arg 0 within the inclusive range of the other two? + if (compareResultLow <=0 && compareResultHigh >= 0) { + return ER_TRUE; + } else { + return ER_FALSE; + } + } + + + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionURIStringConcatenate.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionURIStringConcatenate.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionURIStringConcatenate.java new file mode 100755 index 0000000..cf9a375 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionURIStringConcatenate.java @@ -0,0 +1,114 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + +import java.net.URI; +import java.util.List; + +import com.att.research.xacml.api.DataTypeException; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.api.XACML; +import com.att.research.xacml.std.StdAttributeValue; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + +/** + * FunctionDefinitionURIStringConcatenate extends {@link FunctionDefinitionHomogeneousSimple} to + * implement the XACML uri-string-concatenate predicate as a function taking one <code>URI</code> and one or more <code>String</code> arguments + * and returning a single <code>URI</code> value. + * + * THIS FUNCTION IS DEPRECATED IN 3.0 BUT NOT REMOVED. + * To provide backward compatibility for previously built XACML policies we include it in our R3 version. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * uri-string-concatenate + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + */ +@Deprecated +public class FunctionDefinitionURIStringConcatenate extends FunctionDefinitionBase<URI, URI> { + + + /** + * Constructor + * + * @param idIn + * @param dataTypeArgsIn + * @param op + */ + public FunctionDefinitionURIStringConcatenate(Identifier idIn) { + super(idIn, DataTypes.DT_ANYURI, DataTypes.DT_ANYURI, false); + } + + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + + if (arguments == null || arguments.size() < 2) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, getShortFunctionId() + " Expected 2 or more arguments, got " + + ((arguments == null) ? "null" : arguments.size()) )); + } + + // get the string to search for + ConvertedArgument<URI> uriArgument = new ConvertedArgument<URI>(arguments.get(0), DataTypes.DT_ANYURI, false); + if ( ! uriArgument.isOk()) { + Status decoratedStatus = new StdStatus(uriArgument.getStatus().getStatusCode(), uriArgument.getStatus().getStatusMessage() + " at arg index 0" ); + return ExpressionResult.newError(getFunctionStatus(decoratedStatus)); + } + String uriString = uriArgument.getValue().toString(); + + // remaining arguments are strings + String[] stringValues = new String[arguments.size() - 1]; + + for (int i = 1; i < arguments.size(); i++) { + + ConvertedArgument<String> stringArgument = new ConvertedArgument<String>(arguments.get(i), DataTypes.DT_STRING, false); + if ( ! stringArgument.isOk()) { + Status decoratedStatus = new StdStatus(stringArgument.getStatus().getStatusCode(), stringArgument.getStatus().getStatusMessage() + " at arg index " + i ); + return ExpressionResult.newError(getFunctionStatus(decoratedStatus)); + } + + stringValues[i-1] = stringArgument.getValue(); + + } + + + // add each of the strings onto the URI + for (int i = 0; i < stringValues.length; i++) { + uriString += stringValues[i]; + } + + URI resultURI = null; + try { + resultURI = DataTypes.DT_ANYURI.convert(uriString); + } catch (DataTypeException e) { + String message = e.getMessage(); + if (e.getCause() != null) { + message = e.getCause().getMessage(); + } + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, getShortFunctionId() + + " Final string '" + uriString + "' not URI, " + message)); + } + + return ExpressionResult.newSingle(new StdAttributeValue<URI>(XACML.ID_DATATYPE_ANYURI, resultURI)); + + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionX500NameMatch.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionX500NameMatch.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionX500NameMatch.java new file mode 100755 index 0000000..7f5069c --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionX500NameMatch.java @@ -0,0 +1,98 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + +import java.util.ArrayList; +import java.util.List; + +import javax.security.auth.x500.X500Principal; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + +/** + * FunctionDefinitionX500NameMatch extends {@link com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to + * implement the XACML X500Name match predicate as functions taking two <code>X500Name</code> arguments and returning a single <code>Boolean</code> value. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * x500Name-match + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + */ +public class FunctionDefinitionX500NameMatch extends FunctionDefinitionHomogeneousSimple<Boolean, X500Principal> { + + + /** + * Constructor + * + * @param idIn + * @param dataTypeArgsIn + * @param op + */ + public FunctionDefinitionX500NameMatch(Identifier idIn) { + super(idIn, DataTypes.DT_BOOLEAN, DataTypes.DT_X500NAME, 2); + } + + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + List<X500Principal> convertedArguments = new ArrayList<X500Principal>(); + Status status = this.validateArguments(arguments, convertedArguments); + + /* + * If the function arguments are not correct, just return an error status immediately + */ + if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) { + return ExpressionResult.newError(getFunctionStatus(status)); + } + + /* + * Now perform the match. + */ + + /* + * The spec writer's comments at: + * https://lists.oasis-open.org/archives/xacml/200906/msg00019.html + * say that the first sequence must exactly match the END of the second sequence. + */ + + String[] searchFor = convertedArguments.get(0).getName().split(","); + String[] searchIn = convertedArguments.get(1).getName().split(","); + + // if first is bigger than 2nd there is no way we can match + if (searchFor.length > searchIn.length) { + return ER_FALSE; + } + + // start from back-end of both lists - everything should match up to the length of the input + for (int i = 0; i < searchFor.length; i++) { + String searchForTerm = searchFor[searchFor.length - i - 1]; + String searchInTerm = searchIn[searchIn.length - i - 1]; + if (searchForTerm == null || searchInTerm == null || + ! searchForTerm.trim().equals(searchInTerm.trim())) { + return ER_FALSE; + } + } + + + return ER_TRUE; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionXPath.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionXPath.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionXPath.java new file mode 100755 index 0000000..22ed22c --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionXPath.java @@ -0,0 +1,249 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std.functions; + +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import javax.xml.xpath.XPathExpression; + +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.DataType; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.RequestAttributes; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.api.XACML; +import com.att.research.xacml.std.StdAttributeValue; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacml.std.datatypes.XPathExpressionWrapper; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; + + +/** + * FunctionDefinitionXPath extends {@link com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to + * implement the XACML XPath predicates as functions taking one or two <code>XPathExpression</code> arguments and returning + * either an <code>Integer</code> or a <code>Boolean</code>. + * + * XACML version 1.0 and 2.0 used <code>String</code> data type as input. + * We do NOT support those functions because of ambiguity in the meaning of those Strings. + * The root of the XPath changed from the Request level in 2.0 to the Content level in 3.0. + * Also the 2.0 Requests contain only one Content, located in the resources category, while 3.0 allows Requests to contain Content in multiple categories. + * + * In the first implementation of XACML we had separate files for each XACML Function. + * This release combines multiple Functions in fewer files to minimize code duplication. + * This file supports the following XACML codes: + * xpath-node-count + * xpath-node-equals + * xpath-node-match + * + * @author glenngriffin + * @version $Revision: 1.1 $ + * + * @param <O> the java class for the data type of the function Output + + * + */ +public class FunctionDefinitionXPath<O> extends FunctionDefinitionHomogeneousSimple<O, XPathExpressionWrapper> { + + /** + * List of string normalization operations. + * + * @author glenngriffin + * + */ + public enum OPERATION {COUNT, EQUAL, MATCH }; + + // operation to be used in this instance of the Arightmetic class + private final OPERATION operation; + + + // result variables used by all functions + AttributeValue<String> result; + + + /** + * Constructor + * + * @param idIn + * @param dataTypeArgsIn + * @param op + */ + public FunctionDefinitionXPath(Identifier idIn, DataType<O> dataTypeIn, OPERATION op) { + super(idIn, dataTypeIn, DataTypes.DT_XPATHEXPRESSION, ( (op == OPERATION.COUNT) ? 1 : 2 ) ); + // save the operation and data type to be used in this instance + operation = op; + + } + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) { + + List<NodeList> nodeListList = new ArrayList<NodeList>(); + + List<XPathExpressionWrapper> convertedArguments = new ArrayList<XPathExpressionWrapper>(); + Status status = this.validateArguments(arguments, convertedArguments); + + /* + * If the function arguments are not correct, just return an error status immediately + */ + if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) { + return ExpressionResult.newError(getFunctionStatus(status)); + } + + // check the evaluationContext and Request for null + if (evaluationContext == null) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + + " Got null EvaluationContext")); + } + if (evaluationContext.getRequest() == null) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + + " Got null Request in EvaluationContext")); + } + + + // each argument is an XPath that needs to be evaluated against the Content part of some Category (specified in the argument) + for (int i = 0; i < arguments.size(); i++) { + FunctionArgument functionArgument = arguments.get(i); + if (functionArgument.isBag()) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Got bag at index " + i)); + } + AttributeValue<?> attributeValueFunctionArgument = functionArgument.getValue(); + if (attributeValueFunctionArgument == null) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Got null value at index " + i)); + } + Identifier xpathCategory = attributeValueFunctionArgument.getXPathCategory(); + if (xpathCategory == null) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() + + " Got null Category at index " + i)); + } + + Iterator<RequestAttributes> it = evaluationContext.getRequest().getRequestAttributes(xpathCategory); + if (it == null) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() + + " Got null Iterator at index " + i)); + } + + NodeList nodeList = null; + + while (it.hasNext()) { + if (nodeList != null) { + // the request has more than one Content entry for the same Category - error + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() + + " More than one Content section for id '" + xpathCategory + "'" )); + } + RequestAttributes requestAttributes = it.next(); + + // if there is no Content section then we return either 0 or FALSE + if (requestAttributes.getContentRoot() == null) { + if (operation == OPERATION.COUNT){ + return ExpressionResult.newSingle(new StdAttributeValue<BigInteger>(XACML.ID_DATATYPE_INTEGER, new BigInteger("0") )); + } else { + return ER_FALSE; + } + } + + try { + XPathExpression xPathExpression = convertedArguments.get(i).getXpathExpressionWrapped(); + nodeList = requestAttributes.getContentNodeListByXpathExpression(xPathExpression); + } catch (Exception e) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() + + " XPath produces null result at '" + convertedArguments.get(i).getPath() + "' at index " + i )); + } + + + } + + if (nodeList == null) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + + " XPathExpression returned null at index " + i)); + } + + // add this nodeList to the list of lists + nodeListList.add(nodeList); + } + + + /* + * Now perform the requested operation. + */ + ExpressionResult expressionResult = null; + + switch (operation) { + case COUNT: + Integer listLength = new Integer(nodeListList.get(0).getLength()); + expressionResult = ExpressionResult.newSingle(new StdAttributeValue<BigInteger>(XACML.ID_DATATYPE_INTEGER, + new BigInteger(listLength.toString()) )); + return expressionResult; + + + case EQUAL: + // true if any node in first list equals any node in second set. + // The spec says: "Two nodes are considered equal if they have the same identity." + // we use the isSameNode method in Node to determine that. + for (int index0 = 0; index0 < nodeListList.get(0).getLength(); index0++) { + for (int index1 = 0; index1 < nodeListList.get(1).getLength(); index1++) { + if (nodeListList.get(0).item(index0).isSameNode(nodeListList.get(1).item(index1))) { + return ER_TRUE; + } + } + } + // none from the first list found in the second + return ER_FALSE; + + + case MATCH: + // this is looking to see if any of the nodes in the second set are children of (or equal to) the nodes in the first set + // Call recursive check for that. + expressionResult = nodeListMatch(nodeListList.get(0), nodeListList.get(1)); + return expressionResult; + } + + expressionResult = ExpressionResult.newSingle(result); + + return expressionResult; + } + + /** + * Recursive method checking to see if anything in list 2 equals anything in list 1 OR list 1's child nodes + * @param list1 + * @param list2 + * @return + */ + private ExpressionResult nodeListMatch(NodeList list1, NodeList list2) { + // look for match with current contents of list 1 + for (int index1 = 0; index1 < list1.getLength(); index1++) { + for (int index2 = 0; index2 < list2.getLength(); index2++) { + if (list1.item(index1).isSameNode(list2.item(index2))) { + return ER_TRUE; + } + } + } + // look for match with children of list 1 + for (int index1 = 0; index1 < list1.getLength(); index1++) { + if (nodeListMatch(list1.item(index1).getChildNodes(), list2) == ER_TRUE) { + return ER_TRUE; + } + // this one had no children that matched, so check the next element in list1 + } + + // no match anywhere + return ER_FALSE; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/package-info.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/package-info.java new file mode 100755 index 0000000..2122dd9 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/package-info.java @@ -0,0 +1,20 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.std.functions; + +/** + * com.att.research.xacmlatt.pdp.policy.expressions contains class definitions that represent specific XACML function + * implementations for target and condition evaluation and variable definitions. + * + * @author car + * @version $Revision: 1.1 $ + */ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/package-info.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/package-info.java new file mode 100755 index 0000000..fe69353 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/package-info.java @@ -0,0 +1,20 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.std; + +/** + * com.att.research.xacmlatt.pdp.std contains classes that provide reference implementations of various extensible components + * in the PDP implementation. + * + * @author car + * @version $Revision: 1.1 $ + */ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/util/ATTPDPProperties.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/util/ATTPDPProperties.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/util/ATTPDPProperties.java new file mode 100755 index 0000000..2b932ba --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/util/ATTPDPProperties.java @@ -0,0 +1,29 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.util; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.std.IdentifierImpl; +import com.att.research.xacml.util.XACMLProperties; + +public class ATTPDPProperties extends XACMLProperties { + public static final String PROP_EVALUATIONCONTEXTFACTORY = "xacml.att.evaluationContextFactory"; + public static final String PROP_COMBININGALGORITHMFACTORY = "xacml.att.combiningAlgorithmFactory"; + public static final String PROP_FUNCTIONDEFINITIONFACTORY = "xacml.att.functionDefinitionFactory"; + public static final String PROP_POLICYFINDERFACTORY = "xacml.att.policyFinderFactory"; + public static final String PROP_POLICYFINDERFACTORY_COMBINEROOTPOLICIES = "xacml.att.policyFinderFactory.combineRootPolicies"; + + public static final Identifier ID_POLICY_COMBINEDPERMITOVERRIDES = new IdentifierImpl("urn:com:att:xacml:3.0:policy-combining-algorithm:combined-permit-overrides"); + + protected ATTPDPProperties() { + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine$1.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine$1.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine$1.class new file mode 100644 index 0000000..61fbdd6 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine$1.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine.class new file mode 100644 index 0000000..56e339d Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.class new file mode 100644 index 0000000..647988e Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Evaluatable.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Evaluatable.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Evaluatable.class new file mode 100644 index 0000000..435ab9c Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Evaluatable.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContext.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContext.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContext.class new file mode 100644 index 0000000..25802a3 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContext.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.class new file mode 100644 index 0000000..ab03f3e Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.class new file mode 100644 index 0000000..8e508d2 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationException.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationException.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationException.class new file mode 100644 index 0000000..2f424aa Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationException.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationResult.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationResult.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationResult.class new file mode 100644 index 0000000..c73f36d Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationResult.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult$MatchCode.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult$MatchCode.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult$MatchCode.class new file mode 100644 index 0000000..8306ba6 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult$MatchCode.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult.class new file mode 100644 index 0000000..9ec087c Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Matchable.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Matchable.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Matchable.class new file mode 100644 index 0000000..d24eb17 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Matchable.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AdviceExpression.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AdviceExpression.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AdviceExpression.class new file mode 100644 index 0000000..ccb1e74 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AdviceExpression.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf$1.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf$1.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf$1.class new file mode 100644 index 0000000..cdf3dc3 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf$1.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf.class new file mode 100644 index 0000000..58d2ced Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf$1.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf$1.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf$1.class new file mode 100644 index 0000000..101274e Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf$1.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf.class new file mode 100644 index 0000000..4942daf Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.class new file mode 100644 index 0000000..ef8fe7e Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.class new file mode 100644 index 0000000..3fb1237 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Bag.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Bag.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Bag.class new file mode 100644 index 0000000..2bc997b Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Bag.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombinerParameter.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombinerParameter.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombinerParameter.class new file mode 100644 index 0000000..ee80fd2 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombinerParameter.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.class new file mode 100644 index 0000000..5157663 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.class new file mode 100644 index 0000000..ad60823 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningElement.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningElement.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningElement.class new file mode 100644 index 0000000..225cf1d Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningElement.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Condition.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Condition.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Condition.class new file mode 100644 index 0000000..2a74ea6 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Condition.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Expression.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Expression.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Expression.class new file mode 100644 index 0000000..0e0aea0 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Expression.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultBag.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultBag.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultBag.class new file mode 100644 index 0000000..051dbef Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultBag.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultEmptyBag.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultEmptyBag.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultEmptyBag.class new file mode 100644 index 0000000..30c0841 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultEmptyBag.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultError.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultError.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultError.class new file mode 100644 index 0000000..9c507c0 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultError.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultSingle.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultSingle.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultSingle.class new file mode 100644 index 0000000..dddaa10 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultSingle.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult.class new file mode 100644 index 0000000..1c431ba Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResultBoolean.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResultBoolean.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResultBoolean.class new file mode 100644 index 0000000..c337941 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResultBoolean.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgument.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgument.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgument.class new file mode 100644 index 0000000..d5cb5ed Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgument.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentAttributeValue.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentAttributeValue.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentAttributeValue.class new file mode 100644 index 0000000..12ef034 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentAttributeValue.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentBag.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentBag.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentBag.class new file mode 100644 index 0000000..1abf718 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentBag.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentExpression.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentExpression.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentExpression.class new file mode 100644 index 0000000..8ba8dd4 Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentExpression.class differ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionDefinition.class ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionDefinition.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionDefinition.class new file mode 100644 index 0000000..6367b3f Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionDefinition.class differ
