http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicy.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicy.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicy.java new file mode 100755 index 0000000..b248325 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicy.java @@ -0,0 +1,315 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import java.io.File; +import java.util.Iterator; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm; +import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithmFactory; +import com.att.research.xacmlatt.pdp.policy.Policy; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; +import com.att.research.xacmlatt.pdp.policy.PolicySet; +import com.att.research.xacmlatt.pdp.policy.Rule; + +/** + * DOMPolicy extends {@link com.att.research.xacmlatt.pdp.policy.Policy} with methods for creation from a + * DOM {@link org.w3c.dom.Node}. + * + * @author car + * @version $Revision: 1.4 $ + */ +public class DOMPolicy { + private static final Log logger = LogFactory.getLog(DOMPolicy.class); + + /** + * Creates a new <code>DOMPolicy</code> to be configured from a DOM <code>Node</code>. + */ + protected DOMPolicy() { + } + + /** + * Creates a new <code>DOMPolicy</code> by parsing the given <code>Node</code> representing a XACML Policy element. + * + * @param nodePolicy the <code>Node</code> representing the Policy element + * @param policyDefaultsParent the <code>PolicyDefaults</code> of the parent element of the Policy element or null if this is the root + * @return a new <code>DOMPolicy</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static Policy newInstance(Node nodePolicy, PolicySet policySetParent, PolicyDefaults policyDefaultsParent) throws DOMStructureException { + Element elementPolicy = DOMUtil.getElement(nodePolicy); + boolean bLenient = DOMProperties.isLenient(); + + Policy domPolicy = new Policy(policySetParent); + + Identifier identifier; + Integer integer; + Iterator<?> iterator; + + try { + NodeList children = elementPolicy.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + /* + * Run through once, quickly, to set the PolicyDefaults for the new DOMPolicySet + */ + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isNamespaceElement(child, XACML3.XMLNS) && XACML3.ELEMENT_POLICYDEFAULTS.equals(child.getLocalName())) { + if (domPolicy.getPolicyDefaults() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicy); + } + domPolicy.setPolicyDefaults(DOMPolicyDefaults.newInstance(child, policyDefaultsParent)); + } + } + if (domPolicy.getPolicyDefaults() == null) { + domPolicy.setPolicyDefaults(policyDefaultsParent); + } + + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { + String childName = child.getLocalName(); + if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) { + if (domPolicy.getDescription() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicy); + } + domPolicy.setDescription(child.getTextContent()); + } else if (XACML3.ELEMENT_POLICYISSUER.equals(childName)) { + if (domPolicy.getPolicyIssuer() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicy); + } + domPolicy.setPolicyIssuer(DOMPolicyIssuer.newInstance(child)); + } else if (XACML3.ELEMENT_POLICYDEFAULTS.equals(childName)) { + } else if (XACML3.ELEMENT_TARGET.equals(childName)) { + if (domPolicy.getTarget() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicy); + } + domPolicy.setTarget(DOMTarget.newInstance(child)); + } else if (XACML3.ELEMENT_COMBINERPARAMETERS.equals(childName)) { + domPolicy.addCombinerParameters(DOMCombinerParameter.newList(child)); + } else if (XACML3.ELEMENT_RULECOMBINERPARAMETERS.equals(childName)) { + domPolicy.addRuleCombinerParameter(DOMRuleCombinerParameters.newInstance(child)); + } else if (XACML3.ELEMENT_VARIABLEDEFINITION.equals(childName)) { + domPolicy.addVariableDefinition(DOMVariableDefinition.newInstance(child, domPolicy)); + } else if (XACML3.ELEMENT_RULE.equals(childName)) { + domPolicy.addRule(DOMRule.newInstance(child, domPolicy)); + } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) { + if ((iterator = domPolicy.getObligationExpressions()) != null && iterator.hasNext() && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicy); + } + domPolicy.setObligationExpressions(DOMObligationExpression.newList(child, domPolicy)); + } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) { + if ((iterator = domPolicy.getAdviceExpressions())!= null && iterator.hasNext() && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicy); + } + domPolicy.setAdviceExpressions(DOMAdviceExpression.newList(child, domPolicy)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicy); + } + } + } + } + } + domPolicy.setIdentifier(DOMUtil.getIdentifierAttribute(elementPolicy, XACML3.ATTRIBUTE_POLICYID, !bLenient)); + domPolicy.setVersion(DOMUtil.getVersionAttribute(elementPolicy, XACML3.ATTRIBUTE_VERSION, !bLenient)); + + identifier = DOMUtil.getIdentifierAttribute(elementPolicy, XACML3.ATTRIBUTE_RULECOMBININGALGID, !bLenient); + CombiningAlgorithm<Rule> combiningAlgorithmRule = null; + try { + combiningAlgorithmRule = CombiningAlgorithmFactory.newInstance().getRuleCombiningAlgorithm(identifier); + } catch (FactoryException ex) { + if (!bLenient) { + throw new DOMStructureException("Failed to get CombiningAlgorithm", ex); + } + } + if (combiningAlgorithmRule == null && !bLenient) { + throw new DOMStructureException(elementPolicy, "Unknown rule combining algorithm \"" + identifier.toString() + "\" in \"" + DOMUtil.getNodeLabel(nodePolicy)); + } else { + domPolicy.setRuleCombiningAlgorithm(combiningAlgorithmRule); + } + + + if ((integer = DOMUtil.getIntegerAttribute(elementPolicy, XACML3.ATTRIBUTE_MAXDELEGATIONDEPTH)) != null) { + domPolicy.setMaxDelegationDepth(integer); + } + } catch (DOMStructureException ex) { + domPolicy.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + + return domPolicy; + } + + public static boolean repair(Node nodePolicy) throws DOMStructureException { + Element elementPolicy = DOMUtil.getElement(nodePolicy); + boolean result = false; + + NodeList children = elementPolicy.getChildNodes(); + int numChildren; + boolean sawDescription = false; + boolean sawIssuer = false; + boolean sawTarget = false; + boolean sawPolicyDefaults = false; + boolean sawObligationExprs = false; + boolean sawAdviceExprs = false; + + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { + String childName = child.getLocalName(); + if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) { + if (sawDescription) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicy.removeChild(child); + result = true; + } else { + sawDescription = true; + } + } else if (XACML3.ELEMENT_POLICYISSUER.equals(childName)) { + if (sawIssuer) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicy.removeChild(child); + result = true; + } else { + sawDescription = true; + result = DOMPolicyIssuer.repair(child) || result; + } + } else if (XACML3.ELEMENT_POLICYDEFAULTS.equals(childName)) { + if (sawPolicyDefaults) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicy.removeChild(child); + result = true; + } else { + sawPolicyDefaults = true; + result = DOMPolicyDefaults.repair(child) || result; + } + } else if (XACML3.ELEMENT_TARGET.equals(childName)) { + if (sawTarget) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicy.removeChild(child); + result = true; + } else { + sawTarget = true; + result = DOMTarget.repair(child) || result; + } + } else if (XACML3.ELEMENT_COMBINERPARAMETERS.equals(childName)) { + result = DOMCombinerParameter.repair(child) || result; + } else if (XACML3.ELEMENT_RULECOMBINERPARAMETERS.equals(childName)) { + result = DOMRuleCombinerParameters.repair(child) || result; + } else if (XACML3.ELEMENT_VARIABLEDEFINITION.equals(childName)) { + result = DOMVariableDefinition.repair(child) || result; + } else if (XACML3.ELEMENT_RULE.equals(childName)) { + result = DOMRule.repair(child) || result; + } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) { + if (sawObligationExprs) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicy.removeChild(child); + result = true; + } else { + sawObligationExprs = true; + result = DOMObligationExpression.repairList(child) || result; + } + } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) { + if (sawAdviceExprs) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicy.removeChild(child); + result = true; + } else { + sawAdviceExprs = true; + result = DOMAdviceExpression.repairList(child) || result; + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicy.removeChild(child); + result = true; + } + } + } + } + } + result = DOMUtil.repairIdentifierAttribute(elementPolicy, XACML3.ATTRIBUTE_POLICYID, logger) || result; + result = DOMUtil.repairVersionAttribute(elementPolicy, XACML3.ATTRIBUTE_VERSION, logger) || result; + result = DOMUtil.repairIdentifierAttribute(elementPolicy, XACML3.ATTRIBUTE_RULECOMBININGALGID, XACML3.ID_RULE_DENY_OVERRIDES, logger) || result; + + Identifier identifier = DOMUtil.getIdentifierAttribute(elementPolicy, XACML3.ATTRIBUTE_RULECOMBININGALGID); + CombiningAlgorithm<Rule> combiningAlgorithmRule = null; + try { + combiningAlgorithmRule = CombiningAlgorithmFactory.newInstance().getRuleCombiningAlgorithm(identifier); + } catch (FactoryException ex) { + combiningAlgorithmRule = null; + } + if(combiningAlgorithmRule == null) { + logger.warn("Setting invalid " + XACML3.ATTRIBUTE_RULECOMBININGALGID + " attribute " + identifier.stringValue() + " to " + XACML3.ID_RULE_DENY_OVERRIDES.stringValue()); + elementPolicy.setAttribute(XACML3.ATTRIBUTE_RULECOMBININGALGID, XACML3.ID_RULE_DENY_OVERRIDES.stringValue()); + result = true; + } + return result; + } + + public static void main(String args[]) { + try { + DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + documentBuilderFactory.setNamespaceAware(true); + DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); + + for (String fileName: args) { + File filePolicy = new File(fileName); + if (filePolicy.exists() && filePolicy.canRead()) { + try { + Document documentPolicy = documentBuilder.parse(filePolicy); + if (documentPolicy.getFirstChild() == null) { + System.err.println(fileName + ": Error: No Policy found"); + } else if (!XACML3.ELEMENT_POLICY.equals(documentPolicy.getFirstChild().getLocalName())) { + System.err.println(fileName + ": Error: Not a Policy documnt"); + } else { + Policy policy = DOMPolicy.newInstance(documentPolicy.getFirstChild(), null, null); + System.out.println(fileName + ": validate()=" + policy.validate()); + System.out.println(StringUtils.prettyPrint(policy.toString())); + } + } catch (Exception ex) { + System.err.println("Exception processing policy file \"" + fileName + "\""); + ex.printStackTrace(System.err); + } + } else { + System.err.println("Cannot read policy file \"" + fileName + "\""); + } + } + } catch (Exception ex) { + ex.printStackTrace(System.err); + System.exit(1); + } + System.exit(0); + } +}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyCombinerParameter.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyCombinerParameter.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyCombinerParameter.java new file mode 100755 index 0000000..041769f --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyCombinerParameter.java @@ -0,0 +1,124 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMAttributeValue; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.PolicySetChild; +import com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter; + +/** + * DOMPolicyCombinerParameter extends {@link com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter} for + * {@link com.att.research.xacmlatt.pdp.policy.Policy}s with methods for creation from DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class DOMPolicyCombinerParameter extends TargetedCombinerParameter<Identifier, PolicySetChild> { + private static final Log logger = LogFactory.getLog(DOMPolicyCombinerParameter.class); + + protected DOMPolicyCombinerParameter() { + + } + + /** + * Creates a new <code>TargetedCombinerParameter</code> for <code>Policy</code>s by parsing the given <code>Node</code> + * representing a XACML PolicyCombinerParameter element. + * + * @param nodeCombinerParameter the <code>Node</code> representing the XACML PolicyCombinerParameter element + * @return a new <code>TargetedCombinerParameter</code> for <code>Policy</code>s parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static TargetedCombinerParameter<Identifier,PolicySetChild> newInstance(Node nodeCombinerParameter) throws DOMStructureException { + Element elementPolicyCombinerParameter = DOMUtil.getElement(nodeCombinerParameter); + boolean bLenient = DOMProperties.isLenient(); + + DOMPolicyCombinerParameter domPolicyCombinerParameter = new DOMPolicyCombinerParameter(); + + try { + NodeList children = elementPolicyCombinerParameter.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_ATTRIBUTEVALUE.equals(child.getLocalName())) { + domPolicyCombinerParameter.setAttributeValue(DOMAttributeValue.newInstance(child, null)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeCombinerParameter); + } + } + } + } + if (domPolicyCombinerParameter.getAttributeValue() == null && !bLenient) { + throw DOMUtil.newMissingElementException(nodeCombinerParameter, XACML3.XMLNS, XACML3.ELEMENT_ATTRIBUTEVALUE); + } + domPolicyCombinerParameter.setName(DOMUtil.getStringAttribute(elementPolicyCombinerParameter, XACML3.ATTRIBUTE_PARAMETERNAME, !bLenient)); + domPolicyCombinerParameter.setTargetId(DOMUtil.getIdentifierAttribute(elementPolicyCombinerParameter, XACML3.ATTRIBUTE_POLICYIDREF, !bLenient)); + + } catch (DOMStructureException ex) { + domPolicyCombinerParameter.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + + return domPolicyCombinerParameter; + + } + public static boolean repair(Node nodePolicyCombinerParameter) throws DOMStructureException { + Element elementPolicyCombinerParameter = DOMUtil.getElement(nodePolicyCombinerParameter); + boolean result = false; + + NodeList children = elementPolicyCombinerParameter.getChildNodes(); + int numChildren; + boolean sawAttributeValue = false; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_ATTRIBUTEVALUE.equals(child.getLocalName())) { + if (sawAttributeValue) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicyCombinerParameter.removeChild(child); + result = true; + } else { + sawAttributeValue = true; + result = DOMAttributeValue.repair(child) || result; + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicyCombinerParameter.removeChild(child); + result = true; + } + } + } + } + if (!sawAttributeValue) { + throw DOMUtil.newMissingElementException(nodePolicyCombinerParameter, XACML3.XMLNS, XACML3.ELEMENT_ATTRIBUTEVALUE); + } + result = DOMUtil.repairStringAttribute(elementPolicyCombinerParameter, XACML3.ATTRIBUTE_PARAMETERNAME, "parameter", logger) || result; + result = DOMUtil.repairIdentifierAttribute(elementPolicyCombinerParameter, XACML3.ATTRIBUTE_POLICYIDREF, logger) || result; + + return result; + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyDef.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyDef.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyDef.java new file mode 100755 index 0000000..45fbc17 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyDef.java @@ -0,0 +1,129 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import java.io.File; +import java.io.InputStream; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Node; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.PolicyDef; +import com.att.research.xacmlatt.pdp.policy.PolicySet; + +/** + * DOMPolicyDef extends {@link com.att.research.xacmlatt.pdp.policy.PolicyDef} with methods for loading them from a <code>File</code>. + * + * @author car + * @version $Revision: 1.2 $ + */ +public abstract class DOMPolicyDef { + protected DOMPolicyDef() { + } + + protected static PolicyDef newInstance(Document document, PolicySet policySetParent) throws DOMStructureException { + PolicyDef policyDef = null; + try { + Node rootNode = document.getFirstChild(); + if (rootNode == null) { + throw new Exception("No child in document"); + } + + if (DOMUtil.isInNamespace(rootNode, XACML3.XMLNS)) { + if (XACML3.ELEMENT_POLICY.equals(rootNode.getLocalName())) { + policyDef = DOMPolicy.newInstance(rootNode, policySetParent, null); + if (policyDef == null) { + throw new DOMStructureException("Failed to parse Policy"); + } + } else if (XACML3.ELEMENT_POLICYSET.equals(rootNode.getLocalName())) { + policyDef = DOMPolicySet.newInstance(rootNode, policySetParent, null); + if (policyDef == null) { + throw new DOMStructureException("Failed to parse PolicySet"); + } + } else { + throw DOMUtil.newUnexpectedElementException(rootNode); + } + } else { + throw DOMUtil.newUnexpectedElementException(rootNode); + } + } catch (Exception ex) { + throw new DOMStructureException("Exception parsing Policy: " + ex.getMessage(), ex); + } + return policyDef; + } + + public static PolicyDef load(InputStream inputStream) throws DOMStructureException { + /* + * Get the DocumentBuilderFactory + */ + DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + if (documentBuilderFactory == null) { + throw new DOMStructureException("No XML DocumentBuilderFactory configured"); + } + documentBuilderFactory.setNamespaceAware(true); + + /* + * Get the DocumentBuilder + */ + DocumentBuilder documentBuilder = null; + try { + documentBuilder = documentBuilderFactory.newDocumentBuilder(); + } catch (Exception ex) { + throw new DOMStructureException("Exception creating DocumentBuilder: " + ex.getMessage(), ex); + } + + /* + * Parse the XML file + */ + PolicyDef policyDef = null; + try { + Document document = documentBuilder.parse(inputStream); + if (document == null) { + throw new Exception("Null document returned"); + } + policyDef = newInstance(document, null); + } catch (Exception ex) { + throw new DOMStructureException("Exception loading Policy from input stream: " + ex.getMessage(), ex); + } + return policyDef; + } + + /** + * Creates a new <code>PolicyDef</code> derived object by loading the given <code>File</code> containing a XACML 3.0 + * Policy or PolicySet. + * + * @param filePolicy the <code>File</code> containing the XACML Policy or PolicySet + * @return the newly created <code>PolicyDef</code> + * @throws DOMStructureException if there is an error loading the <code>PolicyDef</code> + */ + public static PolicyDef load(File filePolicy) throws DOMStructureException { + /* + * Parse the XML file + */ + PolicyDef policyDef = null; + try { + Document document = DOMUtil.loadDocument(filePolicy); + if (document == null) { + throw new Exception("Null document returned"); + } + policyDef = newInstance(document, null); + } catch (Exception ex) { + throw new DOMStructureException("Exception loading Policy file \"" + filePolicy.getAbsolutePath() + "\": " + ex.getMessage(), ex); + } + return policyDef; + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyDefaults.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyDefaults.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyDefaults.java new file mode 100755 index 0000000..65a78b1 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyDefaults.java @@ -0,0 +1,103 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.policy.dom; + +import java.net.URI; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.XACML; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; + +/** + * DOMPolicyDefaults extends {@link com.att.research.xacmlatt.pdp.policy.PolicyDefaults} with methods for creation from + * DOM {@org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class DOMPolicyDefaults extends PolicyDefaults { + private static final Log logger = LogFactory.getLog(DOMPolicyDefaults.class); + + protected DOMPolicyDefaults(URI xpathVersionIn, PolicyDefaults policyDefaultsParentIn) { + super(xpathVersionIn, policyDefaultsParentIn); + } + + /** + * Creates a new <code>DOMPolicyDefaults</code> by parsing the given <code>Node</code> representing a XACML PolicyDefaults element. + * + * @param nodePolicyDefaults the <code>Node</code> representing the PolicyDefaults element. + * @param policyDefaultsParent the <code>PolicyDefaults</code> parent for the new <code>DOMPolicyDefaults</code> + * @return a new <code>DOMPolicyDefaults</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if the conversion is not possible + */ + public static PolicyDefaults newInstance(Node nodePolicyDefaults, PolicyDefaults policyDefaultsParent) throws DOMStructureException { + Element elementPolicyDefaults = DOMUtil.getElement(nodePolicyDefaults); + boolean bLenient = DOMProperties.isLenient(); + + URI uriXPathVersion = null; + + NodeList children = elementPolicyDefaults.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_XPATHVERSION.equals(child.getLocalName())) { + uriXPathVersion = DOMUtil.getURIContent(child); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicyDefaults); + } + } + } + } + return new DOMPolicyDefaults(uriXPathVersion, policyDefaultsParent); + } + + public static boolean repair(Node nodePolicyDefaults) throws DOMStructureException { + Element elementPolicyDefaults = DOMUtil.getElement(nodePolicyDefaults); + boolean result = false; + + NodeList children = elementPolicyDefaults.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_XPATHVERSION.equals(child.getLocalName())) { + try { + DOMUtil.getURIContent(child); + } catch (DOMStructureException ex) { + logger.warn("Setting invalid " + XACML3.ELEMENT_XPATHVERSION + " attribute " + child.getTextContent() + " to " + XACML.XPATHVERSION_2_0); + child.setTextContent(XACML.XPATHVERSION_2_0); + result = true; + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicyDefaults.removeChild(child); + result = true; + } + } + } + } + + return result; + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyIdReference.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyIdReference.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyIdReference.java new file mode 100755 index 0000000..3aa9870 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyIdReference.java @@ -0,0 +1,59 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import org.w3c.dom.Node; + +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMIdReferenceMatch; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacmlatt.pdp.policy.PolicyIdReference; +import com.att.research.xacmlatt.pdp.policy.PolicySet; + +/** + * DOMPolicyIdReference extends {@link com.att.research.xacmlatt.pdp.policy.PolicyIdReference} with methods for creation + * from DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class DOMPolicyIdReference { + + protected DOMPolicyIdReference() { + } + + /** + * Creates a new <code>PolicyIdReference</code> parsed from the given <code>Node</code> representing a XACML PolicyIdReference element. + * + * @param nodePolicyIdReference the <code>Node</code> representing the XACML PolicyIdReference element + * @return a new <code>PolicyIdReference</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static PolicyIdReference newInstance(Node nodePolicyIdReference, PolicySet policySetParent) throws DOMStructureException { + PolicyIdReference domPolicyIdReference = new PolicyIdReference(policySetParent); + + try { + domPolicyIdReference.setIdReferenceMatch(DOMIdReferenceMatch.newInstance(nodePolicyIdReference)); + } catch (DOMStructureException ex) { + domPolicyIdReference.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + + return domPolicyIdReference; + } + + public static boolean repair(Node nodePolicyIdReference) throws DOMStructureException { + return DOMIdReferenceMatch.repair(nodePolicyIdReference); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyIssuer.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyIssuer.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyIssuer.java new file mode 100755 index 0000000..d1e4089 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyIssuer.java @@ -0,0 +1,126 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.IdentifierImpl; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMAttribute; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.PolicyIssuer; + +/** + * DOMPolicyIssuer extends {@link com.att.research.xacmlatt.pdp.policy.PolicyIsser} with methods for creation from + * DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class DOMPolicyIssuer extends PolicyIssuer { + private static Log logger = LogFactory.getLog(DOMPolicyIssuer.class); + private static Identifier identifierCategoryPolicyIssuer = new IdentifierImpl("urn:att:names:tc:xacml:3.0:policy-issuer"); + + protected DOMPolicyIssuer() { + super(); + } + + /** + * Creates a new <code>DOMPolicyIssuer</code> by parsing the given <code>Node</code> representing a XACML PolicyIssuer element. + * + * @param nodePolicyIssuer the <code>Node</code> representing the PolicyIssuer element + * @return the new <code>DOMPolicyIssuer</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if the conversion is not possible + */ + public static PolicyIssuer newInstance(Node nodePolicyIssuer) throws DOMStructureException { + Element elementPolicyIssuer = DOMUtil.getElement(nodePolicyIssuer); + boolean bLenient = DOMProperties.isLenient(); + + DOMPolicyIssuer domPolicyIssuer = new DOMPolicyIssuer(); + + try { + NodeList children = elementPolicyIssuer.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { + String childName = child.getLocalName(); + if (XACML3.ELEMENT_CONTENT.equals(childName)) { + if (domPolicyIssuer.getContent() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicyIssuer); + } + domPolicyIssuer.setContent(child); + } else if (XACML3.ELEMENT_ATTRIBUTE.equals(childName)) { + domPolicyIssuer.add(DOMAttribute.newInstance(identifierCategoryPolicyIssuer, child)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicyIssuer); + } + } + } + } + } + } catch (DOMStructureException ex) { + domPolicyIssuer.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + + return domPolicyIssuer; + } + + public static boolean repair(Node nodePolicyIssuer) throws DOMStructureException { + Element elementPolicyIssuer = DOMUtil.getElement(nodePolicyIssuer); + boolean result = false; + + boolean sawContent = false; + NodeList children = elementPolicyIssuer.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { + String childName = child.getLocalName(); + if (XACML3.ELEMENT_CONTENT.equals(childName)) { + if (sawContent) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicyIssuer.removeChild(child); + result = true; + } else { + sawContent = true; + } + } else if (XACML3.ELEMENT_ATTRIBUTE.equals(childName)) { + result = DOMAttribute.repair(child) || result; + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicyIssuer.removeChild(child); + result = true; + } + } + } + } + } + + return result; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyRepair.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyRepair.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyRepair.java new file mode 100755 index 0000000..20cff15 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicyRepair.java @@ -0,0 +1,113 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.dom.DOMUtil; + +/** + * DOMPolicyRepair is an application for reading a XACML Policy or PolicySet document and ensuring it has the required attributes and then writing + * the repaired Policy or PolicySet to an output file. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class DOMPolicyRepair { + private static final String DEFAULT_VERSION = "1.0"; + + public static void main(String[] args) { + InputStream inputStream = System.in; + OutputStream outputStream = System.out; + + for (int i = 0 ; i < args.length ; ) { + if (args[i].equals("-i")) { + if (i+1 < args.length) { + try { + inputStream = new FileInputStream(args[i+1]); + } catch (IOException ex) { + System.err.println("IOException opening \"" + args[i+1] + "\" for reading."); + System.exit(1); + } + i += 2; + } else { + i++; + } + } else if (args[i].equals("-o")) { + if (i+1 < args.length){ + try { + outputStream = new FileOutputStream(args[i+1]); + } catch (IOException ex) { + System.err.println("IOException opening \"" + args[i+1] + "\" for writing."); + ex.printStackTrace(System.err); + System.exit(1);; + } + i += 2; + } else { + i++; + } + } else { + System.err.println("Unrecognized command line option \"" + args[i] + "\""); + System.exit(1); + } + } + + /* + * Get the XML Parser for the input file + */ + DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + documentBuilderFactory.setNamespaceAware(true); + try { + DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); + Document documentInput = documentBuilder.parse(inputStream); + Element elementRoot = DOMUtil.getFirstChildElement(documentInput); + if (elementRoot == null) { + System.err.println("No root element"); + System.exit(1); + } else if (!XACML3.ELEMENT_POLICY.equals(elementRoot.getLocalName()) && !XACML3.ELEMENT_POLICYSET.equals(elementRoot.getLocalName())) { + System.err.println("Root element is not a Policy or PolicySet"); + System.exit(1); + } + + /* + * Make sure there is a Version attribute + */ + Node nodeVersion = DOMUtil.getAttribute(elementRoot, XACML3.ATTRIBUTE_VERSION); + if (nodeVersion == null) { + System.out.println("Adding Version attribute with value \"" + DEFAULT_VERSION + "\""); + elementRoot.setAttribute(XACML3.ATTRIBUTE_VERSION, DEFAULT_VERSION); + } + + /* + * Write out the updated document + */ + String newDocument = DOMUtil.toString(documentInput); + outputStream.write(newDocument.getBytes()); + } catch (Exception ex) { + ex.printStackTrace(System.err); + System.exit(1); + } + System.exit(0); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySet.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySet.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySet.java new file mode 100755 index 0000000..c69a921 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySet.java @@ -0,0 +1,349 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import java.io.File; +import java.util.Iterator; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm; +import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithmFactory; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; +import com.att.research.xacmlatt.pdp.policy.PolicySet; +import com.att.research.xacmlatt.pdp.policy.PolicySetChild; + +/** + * DOMPolicySet extends {@link com.att.research.xacmlatt.pdp.policy.PolicySet} with methods for creation + * from DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.4 $ + */ +public class DOMPolicySet { + private static final Log logger = LogFactory.getLog(DOMPolicySet.class); + + protected DOMPolicySet() { + } + + /** + * Creates a new <code>PolicySet</code> by parsing the given <code>Node</code> representing a XACML PolicySet element. + * + * @param nodePolicySet the <code>Node</code> representing the XACML PolicySetelement + * @param policyDefaultsParent the {@link com.att.research.xacmlatt.pdp.policy.PolicyDefaults} from the parent element + * @return a new <code>PolicySet</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static PolicySet newInstance(Node nodePolicySet, PolicySet policySetParent, PolicyDefaults policyDefaultsParent) throws DOMStructureException { + Element elementPolicySet = DOMUtil.getElement(nodePolicySet); + boolean bLenient = DOMProperties.isLenient(); + + PolicySet domPolicySet = new PolicySet(policySetParent); + + Iterator<?> iterator; + Identifier identifier; + Integer integer; + + try { + NodeList children = elementPolicySet.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + /* + * Run through once, quickly, to set the PolicyDefaults for the new DOMPolicySet + */ + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isNamespaceElement(child, XACML3.XMLNS) && XACML3.ELEMENT_POLICYDEFAULTS.equals(child.getLocalName())) { + if (domPolicySet.getPolicyDefaults() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicySet); + } + domPolicySet.setPolicyDefaults(DOMPolicyDefaults.newInstance(child, policyDefaultsParent)); + } + } + if (domPolicySet.getPolicyDefaults() == null) { + domPolicySet.setPolicyDefaults(policyDefaultsParent); + } + + /* + * Now process the other elements so we can pull up the parent policy defaults + */ + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { + String childName = child.getLocalName(); + if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) { + if (domPolicySet.getDescription() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicySet); + } + domPolicySet.setDescription(child.getTextContent()); + } else if (XACML3.ELEMENT_POLICYISSUER.equals(childName)) { + if (domPolicySet.getPolicyIssuer() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicySet); + } + domPolicySet.setPolicyIssuer(DOMPolicyIssuer.newInstance(child)); + } else if (XACML3.ELEMENT_POLICYSETDEFAULTS.equals(childName)) { + } else if (XACML3.ELEMENT_TARGET.equals(childName)) { + if (domPolicySet.getTarget() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicySet); + } + domPolicySet.setTarget(DOMTarget.newInstance(child)); + } else if (XACML3.ELEMENT_POLICYSET.equals(childName)) { + domPolicySet.addChild(DOMPolicySet.newInstance(child, domPolicySet, domPolicySet.getPolicyDefaults())); + } else if (XACML3.ELEMENT_POLICY.equals(childName)) { + domPolicySet.addChild(DOMPolicy.newInstance(child, domPolicySet, domPolicySet.getPolicyDefaults())); + } else if (XACML3.ELEMENT_POLICYIDREFERENCE.equals(childName)) { + domPolicySet.addChild(DOMPolicyIdReference.newInstance(child, domPolicySet)); + } else if (XACML3.ELEMENT_POLICYSETIDREFERENCE.equals(childName)) { + domPolicySet.addChild(DOMPolicySetIdReference.newInstance(child, domPolicySet)); + } else if (XACML3.ELEMENT_COMBINERPARAMETERS.equals(childName)) { + domPolicySet.addCombinerParameters(DOMCombinerParameter.newList(child)); + } else if (XACML3.ELEMENT_POLICYCOMBINERPARAMETERS.equals(childName)) { + domPolicySet.addPolicyCombinerParameter(DOMPolicyCombinerParameter.newInstance(child)); + } else if (XACML3.ELEMENT_POLICYSETCOMBINERPARAMETERS.equals(childName)) { + domPolicySet.addPolicyCombinerParameter(DOMPolicySetCombinerParameter.newInstance(child)); + } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) { + if ((iterator = domPolicySet.getObligationExpressions()) != null && iterator.hasNext() && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicySet); + } + domPolicySet.setObligationExpressions(DOMObligationExpression.newList(child, null)); + } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) { + if ((iterator = domPolicySet.getAdviceExpressions()) != null && iterator.hasNext() && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicySet); + } + domPolicySet.setAdviceExpressions(DOMAdviceExpression.newList(child, null)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicySet); + } + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodePolicySet); + } + } + } + } + if (domPolicySet.getTarget() == null && !bLenient) { + throw DOMUtil.newMissingElementException(nodePolicySet, XACML3.XMLNS, XACML3.ELEMENT_TARGET); + } + + /* + * Get the attributes + */ + domPolicySet.setIdentifier(DOMUtil.getIdentifierAttribute(elementPolicySet, XACML3.ATTRIBUTE_POLICYSETID, !bLenient)); + domPolicySet.setVersion(DOMUtil.getVersionAttribute(elementPolicySet, XACML3.ATTRIBUTE_VERSION, !bLenient)); + + identifier = DOMUtil.getIdentifierAttribute(elementPolicySet, XACML3.ATTRIBUTE_POLICYCOMBININGALGID, !bLenient); + CombiningAlgorithm<PolicySetChild> combiningAlgorithm = null; + try { + combiningAlgorithm = CombiningAlgorithmFactory.newInstance().getPolicyCombiningAlgorithm(identifier); + } catch (FactoryException ex) { + if (!bLenient) { + throw new DOMStructureException("Failed to get CombinginAlgorithm", ex); + } + } + if (combiningAlgorithm == null && !bLenient) { + throw new DOMStructureException(elementPolicySet, "Unknown policy combining algorithm \"" + identifier.toString() + "\" in \"" + DOMUtil.getNodeLabel(nodePolicySet)); + } else { + domPolicySet.setPolicyCombiningAlgorithm(combiningAlgorithm); + } + + if ((integer = DOMUtil.getIntegerAttribute(elementPolicySet, XACML3.ATTRIBUTE_MAXDELEGATIONDEPTH)) != null) { + domPolicySet.setMaxDelegationDepth(integer); + } + } catch (DOMStructureException ex) { + domPolicySet.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + + return domPolicySet; + } + + public static boolean repair(Node nodePolicySet) throws DOMStructureException { + Element elementPolicySet = DOMUtil.getElement(nodePolicySet); + boolean result = false; + + NodeList children = elementPolicySet.getChildNodes(); + int numChildren; + boolean sawDescription = false; + boolean sawPolicyIssuer = false; + boolean sawPolicyDefaults = false; + boolean sawTarget = false; + boolean sawObligationExprs = false; + boolean sawAdviceExprs = false; + + if (children != null && (numChildren = children.getLength()) > 0) { + /* + * Now process the other elements so we can pull up the parent policy defaults + */ + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { + String childName = child.getLocalName(); + if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) { + if (sawDescription) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySet.removeChild(child); + result = true; + } else { + sawDescription = true; + } + } else if (XACML3.ELEMENT_POLICYISSUER.equals(childName)) { + if (sawPolicyIssuer) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySet.removeChild(child); + result = true; + } else { + sawPolicyIssuer = true; + result = DOMPolicyIssuer.repair(child) || result; + } + } else if (XACML3.ELEMENT_POLICYSETDEFAULTS.equals(childName)) { + if (sawPolicyDefaults) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySet.removeChild(child); + result = true; + } else { + sawPolicyDefaults = true; + result = DOMPolicyDefaults.repair(child) || result; + } + } else if (XACML3.ELEMENT_TARGET.equals(childName)) { + if (sawTarget) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySet.removeChild(child); + result = true; + } else { + sawTarget = true; + result = DOMTarget.repair(child) || result; + } + } else if (XACML3.ELEMENT_POLICYSET.equals(childName)) { + result = DOMPolicySet.repair(child) || result; + } else if (XACML3.ELEMENT_POLICY.equals(childName)) { + result = DOMPolicy.repair(child) || result; + } else if (XACML3.ELEMENT_POLICYIDREFERENCE.equals(childName)) { + result = DOMPolicyIdReference.repair(child) || result; + } else if (XACML3.ELEMENT_POLICYSETIDREFERENCE.equals(childName)) { + result = DOMPolicySetIdReference.repair(child) || result; + } else if (XACML3.ELEMENT_COMBINERPARAMETERS.equals(childName)) { + result = DOMCombinerParameter.repair(child) || result; + } else if (XACML3.ELEMENT_POLICYCOMBINERPARAMETERS.equals(childName)) { + result = DOMPolicyCombinerParameter.repair(child) || result; + } else if (XACML3.ELEMENT_POLICYSETCOMBINERPARAMETERS.equals(childName)) { + result = DOMPolicySetCombinerParameter.repair(child) || result; + } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) { + if (sawObligationExprs) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySet.removeChild(child); + result = true; + } else { + sawObligationExprs = true; + result = DOMObligationExpression.repairList(child) || result; + } + } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) { + if (sawAdviceExprs) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySet.removeChild(child); + result = true; + } else { + sawAdviceExprs = true; + result = DOMAdviceExpression.repairList(child) || result; + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySet.removeChild(child); + result = true; + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySet.removeChild(child); + result = true; + } + } + } + } + if (!sawTarget) { + throw DOMUtil.newMissingElementException(nodePolicySet, XACML3.XMLNS, XACML3.ELEMENT_TARGET); + } + + /* + * Get the attributes + */ + result = DOMUtil.repairIdentifierAttribute(elementPolicySet, XACML3.ATTRIBUTE_POLICYSETID, logger) || result; + result = DOMUtil.repairVersionAttribute(elementPolicySet, XACML3.ATTRIBUTE_VERSION, logger) || result; + result = DOMUtil.repairIdentifierAttribute(elementPolicySet, XACML3.ATTRIBUTE_POLICYCOMBININGALGID, XACML3.ID_POLICY_DENY_OVERRIDES, logger) || result; + + Identifier identifier = DOMUtil.getIdentifierAttribute(elementPolicySet, XACML3.ATTRIBUTE_POLICYCOMBININGALGID); + CombiningAlgorithm<PolicySetChild> combiningAlgorithm = null; + try { + combiningAlgorithm = CombiningAlgorithmFactory.newInstance().getPolicyCombiningAlgorithm(identifier); + } catch (FactoryException ex) { + combiningAlgorithm = null; + } + if (combiningAlgorithm == null) { + logger.warn("Setting invalid " + XACML3.ATTRIBUTE_POLICYCOMBININGALGID + " attribute " + identifier.stringValue() + " to " + XACML3.ID_POLICY_DENY_OVERRIDES.stringValue()); + elementPolicySet.setAttribute(XACML3.ATTRIBUTE_POLICYCOMBININGALGID, XACML3.ID_POLICY_DENY_OVERRIDES.stringValue()); + result = true; + } + + return result; + } + + public static void main(String args[]) { + try { + DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + documentBuilderFactory.setNamespaceAware(true); + DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); + + for (String fileName: args) { + File filePolicy = new File(fileName); + if (filePolicy.exists() && filePolicy.canRead()) { + try { + Document documentPolicy = documentBuilder.parse(filePolicy); + if (documentPolicy.getFirstChild() == null) { + System.err.println(fileName + ": Error: No PolicySet found"); + } else if (!XACML3.ELEMENT_POLICYSET.equals(documentPolicy.getFirstChild().getLocalName())) { + System.err.println(fileName + ": Error: Not a PolicySet document"); + } else { + PolicySet policySet = DOMPolicySet.newInstance(documentPolicy.getFirstChild(), null, null); + System.out.println(fileName + ": validate()=" + policySet.validate()); + System.out.println(StringUtils.prettyPrint(policySet.toString())); + } + } catch (Exception ex) { + System.err.println("Exception processing policy set file \"" + fileName + "\""); + ex.printStackTrace(System.err); + } + } else { + System.err.println("Cannot read policy set file \"" + fileName + "\""); + } + } + } catch (Exception ex) { + ex.printStackTrace(System.err); + System.exit(1); + } + System.exit(0); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySetCombinerParameter.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySetCombinerParameter.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySetCombinerParameter.java new file mode 100755 index 0000000..42d856c --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySetCombinerParameter.java @@ -0,0 +1,126 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMAttributeValue; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.PolicySetChild; +import com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter; + +/** + * DOMPolicySetCombinerParameter extends {@link com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter} for + * {@link com.att.research.xacmlatt.pdp.policy.PolicySet}s with methods for creation from DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class DOMPolicySetCombinerParameter extends TargetedCombinerParameter<Identifier, PolicySetChild> { + public static final Log logger = LogFactory.getLog(DOMPolicySetCombinerParameter.class); + + protected DOMPolicySetCombinerParameter() { + + } + + /** + * Creates a new <code>TargetedCombinerParameter</code> for <code>PolicySet</code>s by parsing the given <code>Node</code> + * representing a XACML PolicySetCombinerParameter element. + * + * @param nodeCombinerParameter the <code>Node</code> representing the XACML PolicySetCombinerParameter element + * @return a new <code>TargetedCombinerParameter</code> for <code>PolicySet</code>s parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static TargetedCombinerParameter<Identifier,PolicySetChild> newInstance(Node nodeCombinerParameter) throws DOMStructureException { + Element elementPolicySetCombinerParameter = DOMUtil.getElement(nodeCombinerParameter); + boolean bLenient = DOMProperties.isLenient(); + + DOMPolicySetCombinerParameter domPolicySetCombinerParameter = new DOMPolicySetCombinerParameter(); + + try { + NodeList children = elementPolicySetCombinerParameter.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_ATTRIBUTEVALUE.equals(child.getLocalName())) { + if (domPolicySetCombinerParameter.getAttributeValue() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeCombinerParameter); + } + domPolicySetCombinerParameter.setAttributeValue(DOMAttributeValue.newInstance(child, null)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeCombinerParameter); + } + } + } + } + if (domPolicySetCombinerParameter.getAttributeValue() == null && !bLenient) { + throw DOMUtil.newMissingElementException(elementPolicySetCombinerParameter, XACML3.XMLNS, XACML3.ELEMENT_ATTRIBUTEVALUE); + } + domPolicySetCombinerParameter.setName(DOMUtil.getStringAttribute(elementPolicySetCombinerParameter, XACML3.ATTRIBUTE_PARAMETERNAME, !bLenient)); + domPolicySetCombinerParameter.setTargetId(DOMUtil.getIdentifierAttribute(elementPolicySetCombinerParameter, XACML3.ATTRIBUTE_POLICYSETIDREF, !bLenient)); + } catch (DOMStructureException ex) { + domPolicySetCombinerParameter.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + + return domPolicySetCombinerParameter; + + } + + public static boolean repair(Node nodeCombinerParameter) throws DOMStructureException { + Element elementPolicySetCombinerParameter = DOMUtil.getElement(nodeCombinerParameter); + boolean result = false; + + NodeList children = elementPolicySetCombinerParameter.getChildNodes(); + int numChildren; + boolean sawAttributeValue = false; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_ATTRIBUTEVALUE.equals(child.getLocalName())) { + if (sawAttributeValue) { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySetCombinerParameter.removeChild(child); + result = true; + } else { + sawAttributeValue = true; + result = DOMAttributeValue.repair(child) || result; + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementPolicySetCombinerParameter.removeChild(child); + result = true; + } + } + } + } + if (!sawAttributeValue) { + throw DOMUtil.newMissingElementException(elementPolicySetCombinerParameter, XACML3.XMLNS, XACML3.ELEMENT_ATTRIBUTEVALUE); + } + result = DOMUtil.repairStringAttribute(elementPolicySetCombinerParameter, XACML3.ATTRIBUTE_PARAMETERNAME, "parameter", logger) || result; + result = DOMUtil.repairIdentifierAttribute(elementPolicySetCombinerParameter, XACML3.ATTRIBUTE_POLICYSETIDREF, logger) || result; + return result; + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySetIdReference.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySetIdReference.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySetIdReference.java new file mode 100755 index 0000000..0f45c43 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMPolicySetIdReference.java @@ -0,0 +1,58 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import org.w3c.dom.Node; + +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMIdReferenceMatch; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacmlatt.pdp.policy.PolicySet; +import com.att.research.xacmlatt.pdp.policy.PolicySetIdReference; + +/** + * DOMPolicySetIdReference extends {@link com.att.research.xacmlatt.pdp.policy.PolicySetIdReference} with methods for creation + * from DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class DOMPolicySetIdReference { + protected DOMPolicySetIdReference() { + } + + /** + * Creates a new <code>PolicySetIdReference</code> parsed from the given <code>Node</code> representing a XACML PolicySetIdReference element. + * + * @param nodePolicySetIdReference the <code>Node</code> representing the XACML PolicySetIdReference element + * @return a new <code>PolicySetIdReference</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static PolicySetIdReference newInstance(Node nodePolicySetIdReference, PolicySet policySetParent) throws DOMStructureException { + PolicySetIdReference domPolicySetIdReference = new PolicySetIdReference(policySetParent); + + try { + domPolicySetIdReference.setIdReferenceMatch(DOMIdReferenceMatch.newInstance(nodePolicySetIdReference)); + } catch (DOMStructureException ex) { + domPolicySetIdReference.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + + return domPolicySetIdReference; + } + + public static boolean repair(Node nodePolicySetIdReference) throws DOMStructureException { + return DOMIdReferenceMatch.repair(nodePolicySetIdReference); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMRule.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMRule.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMRule.java new file mode 100755 index 0000000..102f546 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMRule.java @@ -0,0 +1,221 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import java.util.Iterator; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.IdentifierImpl; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.Condition; +import com.att.research.xacmlatt.pdp.policy.Policy; +import com.att.research.xacmlatt.pdp.policy.Rule; +import com.att.research.xacmlatt.pdp.policy.RuleEffect; + +/** + * DOMRule extends {@link com.att.research.xacmlatt.pdp.policy.Rule} with methods for creation from + * DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.3 $ + */ +public class DOMRule extends Rule { + private static final Log logger = LogFactory.getLog(DOMRule.class); + + protected DOMRule() { + } + + /** + * Creates a new <code>Rule</code> by parsing the given <code>Node</code> representing a XACML Rule element. + * + * @param nodeRule the <code>Node</code> representing the XACML Rule element + * @param policy the {@link com.att.research.xacmlatt.pdp.policy.Policy} encompassing the Rule element + * @return a new <code>Rule</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static Rule newInstance(Node nodeRule, Policy policy) throws DOMStructureException { + Element elementRule = DOMUtil.getElement(nodeRule); + boolean bLenient = DOMProperties.isLenient(); + + DOMRule domRule = new DOMRule(); + + domRule.setPolicy(policy); + + Iterator<?> iterator; + + try { + NodeList children = elementRule.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { + String childName = child.getLocalName(); + if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) { + if (domRule.getDescription() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeRule); + } + domRule.setDescription(child.getTextContent()); + } else if (XACML3.ELEMENT_TARGET.equals(childName)) { + if (domRule.getTarget() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeRule); + } + domRule.setTarget(DOMTarget.newInstance(child)); + } else if (XACML3.ELEMENT_CONDITION.equals(childName)) { + if (domRule.getCondition() != null && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeRule); + } + Node nodeExpression = DOMUtil.getFirstChildElement(child); + if (nodeExpression == null && !bLenient) { + throw DOMUtil.newMissingElementException(child, XACML3.XMLNS, XACML3.ELEMENT_EXPRESSION); + } + domRule.setCondition(new Condition(DOMExpression.newInstance(nodeExpression, policy))); + } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) { + if ((iterator = domRule.getObligationExpressions()) != null && iterator.hasNext() && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeRule); + } + domRule.setObligationExpressions(DOMObligationExpression.newList(child, policy)); + } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) { + if ((iterator = domRule.getAdviceExpressions()) != null && iterator.hasNext() && !bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeRule); + } + domRule.setAdviceExpressions(DOMAdviceExpression.newList(child, policy)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeRule); + } + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeRule); + } + } + } + } + + domRule.setRuleId(DOMUtil.getStringAttribute(elementRule, XACML3.ATTRIBUTE_RULEID, !bLenient)); + String string = DOMUtil.getStringAttribute(elementRule, XACML3.ATTRIBUTE_EFFECT, !bLenient); + RuleEffect ruleEffect = RuleEffect.getRuleEffect(string); + if (ruleEffect == null && !bLenient) { + throw new DOMStructureException(elementRule, "Unknown RuleEffect \"" + string + "\" in \"" + DOMUtil.getNodeLabel(nodeRule) + "\""); + } + domRule.setRuleEffect(ruleEffect); + + } catch (DOMStructureException ex) { + domRule.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + return domRule; + } + + public static boolean repair(Node nodeRule) throws DOMStructureException { + Element elementRule = DOMUtil.getElement(nodeRule); + boolean result = false; + + NodeList children = elementRule.getChildNodes(); + int numChildren; + boolean sawDescription = false; + boolean sawTarget = false; + boolean sawCondition = false; + boolean sawObligationExpressions = false; + boolean sawAdviceExpressions = false; + + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { + String childName = child.getLocalName(); + if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) { + if (sawDescription) { + logger.warn("Unexpected element " + child.getNodeName()); + elementRule.removeChild(child); + result = true; + } else { + sawDescription = true; + } + } else if (XACML3.ELEMENT_TARGET.equals(childName)) { + if (sawTarget) { + logger.warn("Unexpected element " + child.getNodeName()); + elementRule.removeChild(child); + result = true; + } else { + sawTarget = true; + result = DOMTarget.repair(child) || result; + } + } else if (XACML3.ELEMENT_CONDITION.equals(childName)) { + if (sawCondition) { + logger.warn("Unexpected element " + child.getNodeName()); + elementRule.removeChild(child); + result = true; + } else { + sawCondition = true; + Node nodeExpression = DOMUtil.getFirstChildElement(child); + if (nodeExpression == null) { + throw DOMUtil.newMissingElementException(child, XACML3.XMLNS, XACML3.ELEMENT_EXPRESSION); + } + result = DOMExpression.repair(nodeExpression) || result; + } + } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) { + if (sawObligationExpressions) { + logger.warn("Unexpected element " + child.getNodeName()); + elementRule.removeChild(child); + result = true; + } else { + sawObligationExpressions = true; + result = DOMObligationExpression.repairList(child) || result; + } + } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) { + if (sawAdviceExpressions) { + logger.warn("Unexpected element " + child.getNodeName()); + elementRule.removeChild(child); + result = true; + } else { + sawAdviceExpressions = true; + result = DOMAdviceExpression.repairList(child) || result; + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementRule.removeChild(child); + result = true; + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementRule.removeChild(child); + result = true; + } + } + } + } + + result = DOMUtil.repairStringAttribute(elementRule, XACML3.ATTRIBUTE_RULEID, IdentifierImpl.gensym().stringValue(), logger) || result; + result = DOMUtil.repairStringAttribute(elementRule, XACML3.ATTRIBUTE_EFFECT, RuleEffect.DENY.getName(), logger) || result; + + String string = DOMUtil.getStringAttribute(elementRule, XACML3.ATTRIBUTE_EFFECT); + RuleEffect ruleEffect = RuleEffect.getRuleEffect(string); + if (ruleEffect == null) { + logger.warn("Setting invalid " + XACML3.ATTRIBUTE_EFFECT + " attribute " + string + " to " + RuleEffect.DENY.getName()); + elementRule.setAttribute(XACML3.ATTRIBUTE_EFFECT, RuleEffect.DENY.getName()); + result = true; + } + + return result; + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMRuleCombinerParameters.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMRuleCombinerParameters.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMRuleCombinerParameters.java new file mode 100755 index 0000000..732c8b5 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMRuleCombinerParameters.java @@ -0,0 +1,123 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMAttributeValue; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.Rule; +import com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter; + +/** + * DOMRuleCombinerParameters extends {@link com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter} with methods + * for creation from DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class DOMRuleCombinerParameters extends TargetedCombinerParameter<String,Rule> { + private static final Log logger = LogFactory.getLog(DOMRuleCombinerParameters.class); + + protected DOMRuleCombinerParameters() { + } + + /** + * Creates a new <code>TargetedCombinerParameter</code> for {@link com.att.research.xacmlatt.pdp.policy.Rule}s by parsing the + * given <code>Node</code> representing a XACML RuleCombinerParameters element. + * + * @param nodeRuleCombinerParameters the <code>Node</code> representing the XACML RuleCombinerParameters element. + * @return a new <code>TargetedCombinerParameter</code> for <code>Rule</code>s parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code>. + */ + public static TargetedCombinerParameter<String,Rule> newInstance(Node nodeRuleCombinerParameters) throws DOMStructureException { + Element elementRuleCombinerParameters = DOMUtil.getElement(nodeRuleCombinerParameters); + boolean bLenient = DOMProperties.isLenient(); + + DOMRuleCombinerParameters domRuleCombinerParameters = new DOMRuleCombinerParameters(); + + try { + NodeList children = elementRuleCombinerParameters.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_ATTRIBUTEVALUE.equals(child.getLocalName())) { + if (domRuleCombinerParameters.getAttributeValue() != null) { + throw DOMUtil.newUnexpectedElementException(child, nodeRuleCombinerParameters); + } + domRuleCombinerParameters.setAttributeValue(DOMAttributeValue.newInstance(child, null)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeRuleCombinerParameters); + } + } + } + } + if (domRuleCombinerParameters.getAttributeValue() == null && !bLenient) { + throw DOMUtil.newMissingElementException(nodeRuleCombinerParameters, XACML3.XMLNS, XACML3.ELEMENT_ATTRIBUTEVALUE); + } + domRuleCombinerParameters.setName(DOMUtil.getStringAttribute(elementRuleCombinerParameters, XACML3.ATTRIBUTE_PARAMETERNAME, !bLenient)); + domRuleCombinerParameters.setTargetId(DOMUtil.getStringAttribute(elementRuleCombinerParameters, XACML3.ATTRIBUTE_RULEIDREF, !bLenient)); + } catch (DOMStructureException ex) { + domRuleCombinerParameters.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + return domRuleCombinerParameters; + } + + public static boolean repair(Node nodeRuleCombinerParameters) throws DOMStructureException { + Element elementRuleCombinerParameters = DOMUtil.getElement(nodeRuleCombinerParameters); + boolean result = false; + + NodeList children = elementRuleCombinerParameters.getChildNodes(); + int numChildren; + boolean sawAttributeValue = false; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_ATTRIBUTEVALUE.equals(child.getLocalName())) { + if (sawAttributeValue) { + logger.warn("Unexpected element " + child.getNodeName()); + elementRuleCombinerParameters.removeChild(child); + result = true; + } else { + sawAttributeValue = true; + result = result || DOMAttributeValue.repair(child); + } + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementRuleCombinerParameters.removeChild(child); + result = true; + } + } + } + } + if (!sawAttributeValue) { + throw DOMUtil.newMissingElementException(nodeRuleCombinerParameters, XACML3.XMLNS, XACML3.ELEMENT_ATTRIBUTEVALUE); + } + result = result || DOMUtil.repairStringAttribute(elementRuleCombinerParameters, XACML3.ATTRIBUTE_PARAMETERNAME, "parameter", logger); + result = result || DOMUtil.repairIdentifierAttribute(elementRuleCombinerParameters, XACML3.ATTRIBUTE_RULEIDREF, logger); + + return result; + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMTarget.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMTarget.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMTarget.java new file mode 100755 index 0000000..599dfa5 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMTarget.java @@ -0,0 +1,102 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.Target; + +/** + * DOMTarget extends {@link com.att.research.xacmlatt.pdp.policy.Target} with methods for creation from + * DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.3 $ + */ +public class DOMTarget extends Target { + private static final Log logger = LogFactory.getLog(DOMTarget.class); + + /** + * Creates an empty <code>DOMTarget</code>. + */ + protected DOMTarget() { + } + + /** + * Creates a new <code>DOMTarget</code> by parsing the given <code>Node</code> representing a XACML Target element. + * + * @param nodeTarget the <code>Node</code> representing the XACML Target element + * @return a new <code>DOMTarget</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static Target newInstance(Node nodeTarget) throws DOMStructureException { + Element elementTarget = DOMUtil.getElement(nodeTarget); + boolean bLenient = DOMProperties.isLenient(); + + DOMTarget domTarget = new DOMTarget(); + try { + NodeList children = elementTarget.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_ANYOF.equals(child.getLocalName())) { + domTarget.addAnyOf(DOMAnyOf.newInstance(child)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(child, nodeTarget); + } + } + } + } + } catch (DOMStructureException ex) { + domTarget.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + + return domTarget; + } + + public static boolean repair(Node nodeTarget) throws DOMStructureException { + Element elementTarget = DOMUtil.getElement(nodeTarget); + boolean result = false; + + NodeList children = elementTarget.getChildNodes(); + int numChildren; + if (children != null && (numChildren = children.getLength()) > 0) { + for (int i = 0 ; i < numChildren ; i++) { + Node child = children.item(i); + if (DOMUtil.isElement(child)) { + if (DOMUtil.isInNamespace(child, XACML3.XMLNS) && XACML3.ELEMENT_ANYOF.equals(child.getLocalName())) { + result = DOMAnyOf.repair(child) || result; + } else { + logger.warn("Unexpected element " + child.getNodeName()); + elementTarget.removeChild(child); + result = true; + } + } + } + } + + return result; + } +}
