http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyDef.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyDef.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyDef.java new file mode 100755 index 0000000..1c785c5 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyDef.java @@ -0,0 +1,476 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.Advice; +import com.att.research.xacml.api.IdReference; +import com.att.research.xacml.api.IdReferenceMatch; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Obligation; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.api.Version; +import com.att.research.xacml.api.VersionMatch; +import com.att.research.xacml.std.StdIdReference; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.EvaluationResult; +import com.att.research.xacmlatt.pdp.eval.MatchResult; + +/** + * PolicyDef extends {@link com.att.research.xacmlatt.pdp.policy.PolicySetChild} with members and methods common + * to XACML 3.0 Policies and PolicySets. + * + * @author car + * @version $Revision: 1.2 $ + */ +public abstract class PolicyDef extends PolicySetChild { + private String description; + private PolicyIssuer policyIssuer; + private Target target; + private List<CombinerParameter> combinerParameters; + private List<ObligationExpression> obligationExpressions; + private List<AdviceExpression> adviceExpressions; + private Version version; + private Integer maxDelegationDepth; + + private IdReference idReference; + + private void ensureCombinerParameters() { + if (this.combinerParameters == null) { + this.combinerParameters = new ArrayList<CombinerParameter>(); + } + } + + private void ensureObligationExpressions() { + if (this.obligationExpressions == null) { + this.obligationExpressions = new ArrayList<ObligationExpression>(); + } + } + + private void ensureAdviceExpressions() { + if (this.adviceExpressions == null) { + this.adviceExpressions = new ArrayList<AdviceExpression>(); + } + } + + protected List<CombinerParameter> getCombinerParameterList() { + return this.combinerParameters; + } + + protected List<ObligationExpression> getObligationExpressionList() { + return this.obligationExpressions; + } + + protected List<AdviceExpression> getAdviceExpressionList() { + return this.adviceExpressions; + } + + protected void updateResult(EvaluationResult evaluationResult, EvaluationContext evaluationContext) throws EvaluationException { + List<ObligationExpression> thisObligationExpressions = this.getObligationExpressionList(); + if (thisObligationExpressions != null && thisObligationExpressions.size() > 0) { + List<Obligation> listObligations = ObligationExpression.evaluate(evaluationContext, this.getPolicyDefaults(), evaluationResult.getDecision(), thisObligationExpressions); + if (listObligations != null && listObligations.size() > 0) { + evaluationResult.addObligations(listObligations); + } + } + + List<AdviceExpression> thisAdviceExpressions = this.getAdviceExpressionList(); + if (thisAdviceExpressions != null && thisAdviceExpressions.size() > 0) { + List<Advice> listAdvices = AdviceExpression.evaluate(evaluationContext, this.getPolicyDefaults(), evaluationResult.getDecision(), thisAdviceExpressions); + if (listAdvices != null && listAdvices.size() > 0) { + evaluationResult.addAdvice(listAdvices); + } + } + } + + @Override + protected boolean validateComponent() { + if (super.validateComponent()) { + if (this.getVersion() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing version string"); + return false; + } else if (this.getTarget() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Target in policy " + this.getIdReference().getId().stringValue()); + return false; + } else { + return true; + } + } else { + return false; + } + } + + public PolicyDef(PolicySet policySetParent, StatusCode statusCodeIn, String statusMessageIn) { + super(policySetParent, statusCodeIn, statusMessageIn); + } + + public PolicyDef(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public PolicyDef(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public PolicyDef(PolicySet policySetParent) { + super(policySetParent); + } + + public PolicyDef() { + super(); + } + + @Override + public void setIdentifier(Identifier identifierIn) { + super.setIdentifier(identifierIn); + this.idReference = null; + } + + /** + * Gets the <code>String</code> description of this <code>PolicyDef</code>. + * + * @return the <code>String</code> description of this <code>PolicyDef</code>. + */ + public String getDescription() { + return this.description; + } + + /** + * Sets the <code>String</code> description of this <code>PolicyDef</code>. + * + * @param s the <code>String</code> description of this <code>PolicyDef</code> + */ + public void setDescription(String s) { + this.description = s; + } + + /** + * Gets the {@link com.att.research.xacmlatt.pdp.policy.PolicyIssuer} for this <code>PolicyDef</code>. + * + * @return the <code>PolicyIssuer</code> for this <code>PolicyDef</code> + */ + public PolicyIssuer getPolicyIssuer() { + return this.policyIssuer; + } + + /** + * Sets the <code>PolicyIssuer</code> for this <code>PolicyDef</code>. + * + * @param policyIssuerIn the <code>PolicyIssuer</code> for this <code>PolicyDef</code>. + */ + public void setPolicyIssuer(PolicyIssuer policyIssuerIn) { + this.policyIssuer = policyIssuerIn; + } + + /** + * Gets the <code>Target</code> for this <code>PolicyDef</code>. + * + * @return the <code>Target</code> for this <code>PolicyDef</code> + */ + public Target getTarget() { + return this.target; + } + + /** + * Sets the <code>Target</code> for this <code>PolicyDef</code>. + * + * @param targetIn the <code>Target</code> for this <code>PolicyDef</code> + */ + public void setTarget(Target targetIn) { + this.target = targetIn; + } + + /** + * Gets an <code>Iterator</code> over the <code>CombinerParameter</code>s for this <code>Policy</code>. + * + * @return an <code>Iterator</code> over the <code>CombinerParameter</code>s for this <code>Policy</code> or null if there are none + */ + public Iterator<CombinerParameter> getCombinerParameters() { + return (this.combinerParameters == null ? null : this.combinerParameters.iterator()); + } + + /** + * Sets the <code>CombinerParameter</code>s for this<code>Policy</code> to the contents of the + * given <code>Collection</code>. If the <code>Collection</code> is null, the set of <code>CombinerParameter</code>s + * for this <code>Policy</code> is set to null. + * + * @param combinerParametersIn the <code>Collection</code> of <code>CombinerParameter</code>s for this <code>PolicyDef</code> + */ + public void setCombinerParameters(Collection<CombinerParameter> combinerParametersIn) { + this.combinerParameters = null; + if (combinerParametersIn != null) { + this.addCombinerParameters(combinerParametersIn); + } + } + + /** + * Adds the given <code>CombinerParameter</code> to the set of <code>CombinerParameter</code>s for this + * <code>PolicyDef</code>> + * + * @param combinerParameter the <code>CombinerParameter</code> to add + */ + public void add(CombinerParameter combinerParameter) { + this.ensureCombinerParameters(); + this.combinerParameters.add(combinerParameter); + } + + /** + * Adds the given <code>Collection</code> of <code>CombinerParameter</code>s to this <code>PolicyDef</code>> + * + * @param combinerParametersIn the <code>Collection</code> of <code>CombinerParameter</code>s to add + */ + public void addCombinerParameters(Collection<CombinerParameter> combinerParametersIn) { + this.ensureCombinerParameters(); + this.combinerParameters.addAll(combinerParametersIn); + } + + /** + * Gets an <code>Iterator</code> over the <code>ObligationExpression</code>s for this <code>PolicyDef</code>. + * + * @return an <code>Iterator</code> over the <code>ObligationExpression</code>s for this <code>PolicyDef</code> or null if there are none. + */ + public Iterator<ObligationExpression> getObligationExpressions() { + return (this.obligationExpressions == null ? null : this.obligationExpressions.iterator()); + } + + /** + * Sets the <code>ObligationExpression</code>s for this <code>PolicyDef</code> to the contents of the given <code>Collection</code>. + * If the <code>Collection</code> is null, the <code>ObligationExpression</code>s for this <code>PolicyDef</code> are set to null. + * + * @param obligationExpressionsIn the <code>Collection</code> of <code>ObligationExpression</code>s for this <code>PolicyDef</code>. + */ + public void setObligationExpressions(Collection<ObligationExpression> obligationExpressionsIn) { + this.obligationExpressions = null; + if (obligationExpressionsIn != null) { + this.addObligationExpressions(obligationExpressionsIn); + } + } + + /** + * Adds the given <code>ObligationExpression</code> to the set of <code>ObligationExpression</code>s for this <code>PolicyDef</code>. + * + * @param obligationExpression the <code>ObligationExpression</code> to add + */ + public void add(ObligationExpression obligationExpression) { + this.ensureObligationExpressions(); + this.obligationExpressions.add(obligationExpression); + } + + /** + * Adds the contents of the given <code>Collection</code> of <code>ObligationExpression</code>s to the set of <code>ObligationExpression</code>s for + * this <code>PolicyDef</code>. + * + * @param obligationExpressionsIn the <code>Collection</code> of <code>ObligationExpression</code>s to add + */ + public void addObligationExpressions(Collection<ObligationExpression> obligationExpressionsIn) { + this.ensureObligationExpressions(); + this.obligationExpressions.addAll(obligationExpressionsIn); + } + + /** + * Gets an <code>Iterator</code> over the set of <code>AdviceExpression</code>s for this <code>PolicyDef</code>. + * + * @return an <code>Iterator</code> over the set of <code>AdviceExpression</code>s for this <code>PolicyDef</code> or null if there are none. + */ + public Iterator<AdviceExpression> getAdviceExpressions() { + return (this.adviceExpressions == null ? null : this.adviceExpressions.iterator()); + } + + /** + * Sets the set of <code>AdviceExpression</code>s for this <code>PolicyDef</code> to the contents of the given <code>Collection</code>. + * + * @param adviceExpressionsIn the <code>Collection</code> of <code>AdviceExpression</code> to add + */ + public void setAdviceExpressions(Collection<AdviceExpression> adviceExpressionsIn) { + this.adviceExpressions = null; + if (adviceExpressionsIn != null) { + this.addAdviceExpressions(adviceExpressionsIn); + } + } + + /** + * Adds the given <code>AdviceExpression</code> to the set of <code>AdviceExpression</code>s for this <code>PolicyDef</code>. + * + * @param adviceExpression the <code>AdviceExpression</code> to add. + */ + public void add(AdviceExpression adviceExpression) { + this.ensureAdviceExpressions(); + this.adviceExpressions.add(adviceExpression); + } + + /** + * Adds the contents of the given <code>Collection</code> of <code>AdviceExpression</code>s to the set of + * <code>AdviceExpression</code>s for this <code>PolicyDef</code>. + * + * @param adviceExpressionsIn the <code>Collection</code> of <code>AdviceExpression</code>s to add. + */ + public void addAdviceExpressions(Collection<AdviceExpression> adviceExpressionsIn) { + this.ensureAdviceExpressions(); + this.adviceExpressions.addAll(adviceExpressionsIn); + } + + /** + * Gets the <code>String</code> version for this <code>PolicyDef</code>. + * + * @return the <code>String</code> version for this <code>PolicyDef</code>. + */ + public Version getVersion() { + return this.version; + } + + /** + * Sets the version <code>String</code> for this <code>PolicyDef</code>> + * + * @param versionIn the <code>String</code> version for this <code>PolicyDef</code> + */ + public void setVersion(Version versionIn) { + this.version = versionIn; + this.idReference = null; + } + + /** + * Creates the <code>IdReference</code> for this <code>PolicyDef</code> if needed and returns it. + * + * @return the <code>IdReference</code> for this <code>PolicyDef</code> + */ + public IdReference getIdReference() { + if (this.idReference == null) { + this.idReference = new StdIdReference(this.getIdentifier(), this.getVersion()); + } + return this.idReference; + } + + public boolean matches(IdReferenceMatch idReferenceRequest) { + IdReference thisIdReference = this.getIdReference(); + if (thisIdReference == null || thisIdReference.getId() == null || idReferenceRequest == null || idReferenceRequest.getId() == null) { + return false; + } else if (!thisIdReference.getId().equals(idReferenceRequest.getId())) { + return false; + } + + /* + * Now do version number matching + */ + VersionMatch idReferenceRequestVersion = idReferenceRequest.getVersion(); + if (idReferenceRequestVersion != null) { + /* + * Do exact version matching + */ + Version thisVersion = thisIdReference.getVersion(); + if (thisVersion == null) { + return false; + } else { + return idReferenceRequestVersion.match(thisVersion, 0); + } + } else { + VersionMatch idReferenceRequestEarliestVersion = idReferenceRequest.getEarliestVersion(); + Version thisVersion = thisIdReference.getVersion(); + + if (idReferenceRequestEarliestVersion != null) { + if (thisVersion == null) { + return false; + } else if (!idReferenceRequestEarliestVersion.match(thisVersion, 1)) { + return false; + } + } + + VersionMatch idReferenceRequestLatestVersion = idReferenceRequest.getLatestVersion(); + if (idReferenceRequestLatestVersion != null) { + if (thisVersion == null) { + return false; + } else if (!idReferenceRequestLatestVersion.match(thisVersion, -1)) { + return false; + } + } + + return true; + } + } + + /** + * Gets the <code>Integer</code> maximum delegation depth for this <code>PolicyDef</code>. + * + * @return the <code>Integer</code> maximum delegation depth for this <code>PolicyDef</code> + */ + public Integer getMaxDelegationDepth() { + return this.maxDelegationDepth; + } + + /** + * Sets the <code>Integer</code> maximum delegation depth for this <code>PolicyDef</code> + * @param i the <code>Integer</code> maximum delegation depth for this <code>PolicyDef</code> + */ + public void setMaxDelegationDepth(Integer i) { + this.maxDelegationDepth = i; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getDescription()) != null) { + stringBuilder.append(",description="); + stringBuilder.append((String)objectToDump); + } + if ((objectToDump = this.getPolicyIssuer()) != null) { + stringBuilder.append(",policyIssuer="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getTarget()) != null) { + stringBuilder.append(",target="); + stringBuilder.append(objectToDump.toString()); + } + String iteratorToString; + if ((iteratorToString = StringUtils.toString(this.getCombinerParameters())) != null) { + stringBuilder.append(",combinerParameters="); + stringBuilder.append(iteratorToString); + } + if ((iteratorToString = StringUtils.toString(this.getObligationExpressions())) != null) { + stringBuilder.append(",obligationExpressions="); + stringBuilder.append(iteratorToString); + } + if ((iteratorToString = StringUtils.toString(this.getAdviceExpressions())) != null) { + stringBuilder.append(",adviceExpressions="); + stringBuilder.append(iteratorToString); + } + if ((objectToDump = this.getVersion()) != null) { + stringBuilder.append(",version="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getMaxDelegationDepth()) != null) { + stringBuilder.append(",maxDelegationDepth="); + stringBuilder.append(objectToDump.toString()); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + + @Override + public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException { + if (!this.validate()) { + return new MatchResult(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + return this.getTarget().match(evaluationContext); + } + +}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyDefaults.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyDefaults.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyDefaults.java new file mode 100755 index 0000000..a2c0c3c --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyDefaults.java @@ -0,0 +1,111 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.net.URI; + +import com.att.research.xacml.api.XACML; + +/** + * PolicyDefaults represents the default values associated with a XACML 3.0 Policy or PolicySet that may + * be overridden or inherited by child Policies or PolicySets. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class PolicyDefaults { + private static URI xpathVersionDefault; + + static { + try { + xpathVersionDefault = new URI(XACML.XPATHVERSION_2_0); + } catch (Exception ex) { + + } + } + + private URI xpathVersion; + private PolicyDefaults policyDefaultsParent; + + /** + * Creates a new <code>PolicyDefaults</code> with the given <code>URI</code> for the XPath version and + * the given <code>PolicyDefaults</code> pointing to the parent. + * + * @param xpathVersionIn the <code>URI</code> representing the XPath version for the new <code>PolicyDefaults</code> + * @param policyDefaultsParentIn the <code>PolicyDefaults</code> object that is the parent of the new <code>PolicyDefaults</code> + */ + public PolicyDefaults(URI xpathVersionIn, PolicyDefaults policyDefaultsParentIn) { + this.xpathVersion = xpathVersionIn; + this.policyDefaultsParent = policyDefaultsParentIn; + } + + /** + * Gets the parent <code>PolicyDefaults</code> for this <code>PolicyDefaults</code>. + * + * @return the parent <code>PolicyDefaults</code> for this <code>PolicyDefaults</code> or null if none + */ + public PolicyDefaults getPolicyDefaultsParent() { + return this.policyDefaultsParent; + } + + /** + * Gets the XPath version <code>URI</code> for this <code>PolicyDefaults</code>. If there is no explicit + * version in this <code>PolicyDefaults</code>, walk up the parent <code>PolicyDefaults</code> hierarchy until + * one is found, or return the default value. + * + * @return the <code>URI</code> for the XPath version + */ + public URI getXPathVersion() { + /* + * See if the XPath version was explicitly set here + */ + if (this.xpathVersion != null) { + return this.xpathVersion; + } + + /* + * Try the parent hierarchy if there is one + */ + PolicyDefaults policyDefaultsParentThis = this.getPolicyDefaultsParent(); + if (policyDefaultsParentThis != null) { + return policyDefaultsParentThis.getXPathVersion(); + } + + /* + * Use the default + */ + return xpathVersionDefault; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + boolean needsComma = false; + Object objectToDump; + if ((objectToDump = this.xpathVersion) != null) { + stringBuilder.append("xpathVersion="); + stringBuilder.append(objectToDump.toString()); + needsComma = true; + } + if ((objectToDump = this.getPolicyDefaultsParent()) != null) { + if (needsComma) { + stringBuilder.append(','); + } + stringBuilder.append("policyDefaultsParent="); + stringBuilder.append(objectToDump.toString()); + needsComma = true; + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinder.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinder.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinder.java new file mode 100755 index 0000000..8a3b391 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinder.java @@ -0,0 +1,50 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.IdReferenceMatch; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; + +/** + * PolicyFinder is the interface for objects that can locate XACML Policies and PolicySets by identifier and contains the root + * Policy or Policy set. The interface is designed to allow for finders that can retrieve a root policy from a repository based on + * matching a {@link com.att.research.xacml.api.Request}. + * + * @author car + * @version $Revision: 1.1 $ + */ +public interface PolicyFinder { + /** + * Gets the root {@link PolicyDef} from the policy store + * configured by the particular implementation of the <code>PolicyFinderFactory</code> class that + * is applicable to the {@link com.att.research.xacml.api.Request} in the given {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext}. + * + * @return a <code>PolicyFinderResult</code> with the root <code>PolicyDef</code> + */ + public PolicyFinderResult<PolicyDef> getRootPolicyDef(EvaluationContext evaluationContext); + + /** + * Gets the {@link Policy} that matches the given {@link com.att.research.xacml.api.IdReferenceMatch}. + * + * @param idReferenceMatch the <code>IdReferenceMatch</code> to search for + * @return a <code>PolicyFinderResult</code> with the <code>Policy</code> matching the given <code>IdReferenceMatch</code> + */ + public PolicyFinderResult<Policy> getPolicy(IdReferenceMatch idReferenceMatch); + + /** + * Gets the {@link PolicySet} that matches the given {@link com.att.research.xacml.api.IdReferenceMatch}. + * + * @param idReferenceMatch the <code>IdReferenceMatch</code> to search for + * @return a <code>PolicyFinderResult</code> with the <code>PolicySet</code> matching the given <code>IdReferenceMatch</code>. + */ + public PolicyFinderResult<PolicySet> getPolicySet(IdReferenceMatch idReferenceMatch); + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinderFactory.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinderFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinderFactory.java new file mode 100755 index 0000000..f700046 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinderFactory.java @@ -0,0 +1,65 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.Properties; + +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacml.util.FactoryFinder; +import com.att.research.xacmlatt.pdp.util.ATTPDPProperties; + +/** + * PolicyFinderFactory provides methods for loading XACML 3.0 policies and policy sets that are used + * by the {@link com.att.research.xacmlatt.pdp.PDPEngine} to evaluate requests. + * + * @author car + * @version $Revision: 1.3 $ + */ +public abstract class PolicyFinderFactory { + private static final String FACTORYID = ATTPDPProperties.PROP_POLICYFINDERFACTORY; + private static final String DEFAULT_FACTORY_CLASSNAME = "com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory"; + + protected PolicyFinderFactory() { + } + + protected PolicyFinderFactory(Properties properties) { + } + + public static PolicyFinderFactory newInstance() throws FactoryException { + return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, PolicyFinderFactory.class); + } + + public static PolicyFinderFactory newInstance(Properties properties) throws FactoryException { + return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, PolicyFinderFactory.class, properties); + } + + public static PolicyFinderFactory newInstance(String className, ClassLoader classLoader) throws FactoryException { + return FactoryFinder.newInstance(className, PolicyFinderFactory.class, classLoader, false); + } + + public static PolicyFinderFactory newInstance(String className) throws FactoryException { + return FactoryFinder.newInstance(className, PolicyFinderFactory.class, null, true); + } + + /** + * Gets the configured {@link PolicyFinder}. + * + * @return the configured <code>PolicyFinder</code> + */ + abstract public PolicyFinder getPolicyFinder() throws FactoryException; + + /** + * Gets the configured {@link PolicyFinder}. + * + * @return the configured <code>PolicyFinder</code> + */ + abstract public PolicyFinder getPolicyFinder(Properties properties) throws FactoryException; +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinderResult.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinderResult.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinderResult.java new file mode 100755 index 0000000..fe1d8ab --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyFinderResult.java @@ -0,0 +1,36 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.Status; + +/** + * PolicyFinderResult is the interface for return values of the methods in the {@link com.att.research.xacmlatt.pdp.policy.PolicyFinderFactory} interface. + * + * @author car + * @version $Revision: 1.1 $ + * @param <T> the class extending {@link PolicyDef} contained as a result in this <code>PolicyFinderResult</code> + */ +public interface PolicyFinderResult<T extends PolicyDef> { + /** + * Gets the {@link com.att.research.xacml.api.Status} of the method call. + * + * @return the <code>Status</code> of the method call + */ + public Status getStatus(); + + /** + * Gets the {@link PolicyDef} returned by the method if the status is OK. + * + * @return the <code>T</code> returned by the method if the status is OK. + */ + public T getPolicyDef(); +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIdReference.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIdReference.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIdReference.java new file mode 100755 index 0000000..ea75497 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIdReference.java @@ -0,0 +1,57 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; + +/** + * PolicyIdReference extends {@link com.att.research.xacmlatt.pdp.policy.PolicyIdReferenceBase} for + * {@link Policy} objects with an implementation of the <code>ensureReferencee</code> + * method to find a <code>Policy</code>. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class PolicyIdReference extends PolicyIdReferenceBase<Policy> { + + public PolicyIdReference(PolicySet policySetParent, StatusCode statusCodeIn, String statusMessageIn) { + super(policySetParent, statusCodeIn, statusMessageIn); + } + + public PolicyIdReference(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public PolicyIdReference(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public PolicyIdReference(PolicySet policySetParent) { + super(policySetParent); + } + + public PolicyIdReference() { + } + + @Override + protected Policy ensureReferencee(EvaluationContext evaluationContext) throws EvaluationException { + if (this.getReferencee() == null) { + PolicyFinderResult<Policy> policyFactoryResult = evaluationContext.getPolicy(this.getIdReferenceMatch()); + if (policyFactoryResult.getStatus() == null || policyFactoryResult.getStatus().isOk()) { + this.setReferencee(policyFactoryResult.getPolicyDef()); + } + } + return this.getReferencee(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIdReferenceBase.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIdReferenceBase.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIdReferenceBase.java new file mode 100755 index 0000000..10961fc --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIdReferenceBase.java @@ -0,0 +1,122 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.Decision; +import com.att.research.xacml.api.IdReferenceMatch; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.EvaluationResult; +import com.att.research.xacmlatt.pdp.eval.MatchResult; + +/** + * PolicyIdReferenceBase extends {@link PolicySetChild} to implement a XACML PolicyIdReference element. + * + * @author car + * @version $Revision: 1.1 $ + */ +public abstract class PolicyIdReferenceBase<T extends PolicyDef> extends PolicySetChild { + private IdReferenceMatch idReferenceMatch; + private T referencee; + + @Override + protected boolean validateComponent() { + if (super.validateComponent()) { + if (this.getIdReferenceMatch() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing reference id"); + return false; + } else { + return true; + } + } else { + return false; + } + } + + /** + * If the <code>T</code> referencee has not been set, this method will try and find it + * in the given <code>EvaluationContext</code> and return it. + * + * @param evaluationContext the <code>EvaluationContext</code> to search for the referencee + * @return the <code>T</code> referencee if found, else null + * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException if there is an error attempting to locate the referenced <code>T</code>. + */ + protected abstract T ensureReferencee(EvaluationContext evaluationContext) throws EvaluationException; + + public PolicyIdReferenceBase(PolicySet policySetParent, StatusCode statusCodeIn, String statusMessageIn) { + super(policySetParent, statusCodeIn, statusMessageIn); + } + + public PolicyIdReferenceBase(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public PolicyIdReferenceBase(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public PolicyIdReferenceBase(PolicySet policySetParent) { + super(policySetParent); + } + + public PolicyIdReferenceBase() { + } + + /** + * Gets the {@link com.att.research.xacml.api.IdReferenceMatch} for this <code>PolicyIdReferenceBase</code>. + * + * @return the <code>IdReferenceMatch</code> for this <code>PolicyIdReference</code>. + */ + public IdReferenceMatch getIdReferenceMatch() { + return this.idReferenceMatch; + } + + public void setIdReferenceMatch(IdReferenceMatch idReferenceMatchIn) { + this.idReferenceMatch = idReferenceMatchIn; + } + + /** + * Sets the <code>PolicyDef</code> object referred to by this <code>PolicyIdReferenceBase</code>. + * + * @return the <code>PolicyDef</code> object referred to by this <code>PolicyIdReferenceBase</code> + */ + public T getReferencee() { + return this.referencee; + } + + public void setReferencee(T referenceeIn) { + this.referencee = referenceeIn; + } + + @Override + public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException { + T thisReferencee = this.ensureReferencee(evaluationContext); + if (thisReferencee == null) { + return new EvaluationResult(Decision.INDETERMINATE, new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Could not find referencee for " + this.getIdReferenceMatch().toString())); + } else { + return thisReferencee.evaluate(evaluationContext); + } + } + + @Override + public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException { + T thisReferencee = this.ensureReferencee(evaluationContext); + if (thisReferencee == null) { + return new MatchResult(MatchResult.MatchCode.INDETERMINATE, new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Could not find referencee for " + this.getIdReferenceMatch().toString())); + } else { + return thisReferencee.match(evaluationContext); + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIssuer.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIssuer.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIssuer.java new file mode 100755 index 0000000..792d864 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicyIssuer.java @@ -0,0 +1,111 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import org.w3c.dom.Node; + +import com.att.research.xacml.api.Attribute; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatusCode; + +/** + * PolicyIssuer extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} to represent the XACML 3.0 + * PolicyIssuer element in Policies and PolicySets. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class PolicyIssuer extends PolicyComponent { + private Node content; + private List<Attribute> attributes; + + public PolicyIssuer(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public PolicyIssuer(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public PolicyIssuer() { + } + + public Node getContent() { + return this.content; + } + + public void setContent(Node nodeContent) { + this.content = nodeContent; + } + + public Iterator<Attribute> getAttributes() { + return (this.attributes == null ? null : this.attributes.iterator()); + } + + public void setAttributes(Collection<Attribute> listAttributes) { + this.attributes = null; + if (listAttributes != null) { + this.add(listAttributes); + } + } + + public void add(Attribute attribute) { + if (this.attributes == null) { + this.attributes = new ArrayList<Attribute>(); + } + this.attributes.add(attribute); + } + + public void add(Collection<Attribute> listAttributes) { + if (this.attributes == null) { + this.attributes = new ArrayList<Attribute>(); + } + this.attributes.addAll(listAttributes); + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getContent()) != null) { + stringBuilder.append(",content="); + stringBuilder.append(objectToDump.toString()); + } + Iterator<Attribute> iterAttributes = this.getAttributes(); + if (iterAttributes != null && iterAttributes.hasNext()) { + stringBuilder.append(",attributes=["); + stringBuilder.append(iterAttributes.next().toString()); + while (iterAttributes.hasNext()) { + stringBuilder.append(','); + stringBuilder.append(iterAttributes.next().toString()); + } + stringBuilder.append(']'); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + + @Override + protected boolean validateComponent() { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySet.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySet.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySet.java new file mode 100755 index 0000000..a4333be --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySet.java @@ -0,0 +1,259 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.Decision; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Result; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.api.trace.Traceable; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.trace.StdTraceEvent; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.EvaluationResult; +import com.att.research.xacmlatt.pdp.eval.MatchResult; + +/** + * PolicySet extends {@link PolicyDef} to represent a XACML PolicySet element. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class PolicySet extends PolicyDef { + private TargetedCombinerParameterMap<Identifier,PolicySetChild> policyCombinerParameters = new TargetedCombinerParameterMap<Identifier,PolicySetChild>(); + private List<PolicySetChild> children; + private List<CombiningElement<PolicySetChild>> combiningPolicies; + private CombiningAlgorithm<PolicySetChild> combiningAlgorithm; + + private void ensureChildren() { + if (this.children == null) { + this.children = new ArrayList<PolicySetChild>(); + } + } + + /** + * Performs lazy evaluation of the combining parameters from this <code>Policy</code>. + * + * @return the <code>List</code> of <code>CombiningElement</code>s for all of the <code>Rule</code>s + */ + protected List<CombiningElement<PolicySetChild>> getCombiningPolicies() { + if (this.combiningPolicies == null) { + this.combiningPolicies = new ArrayList<CombiningElement<PolicySetChild>>(); + Iterator<PolicySetChild> iterPolicies = this.getChildren(); + if (iterPolicies != null) { + while (iterPolicies.hasNext()) { + PolicySetChild policySetChild = iterPolicies.next(); + this.combiningPolicies.add(new CombiningElement<PolicySetChild>(policySetChild, this.policyCombinerParameters.getCombinerParameters(policySetChild))); + } + } + } + return this.combiningPolicies; + } + + @Override + protected boolean validateComponent() { + if (super.validateComponent()) { + if (this.getPolicyCombiningAlgorithm() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing policy combining algorithm"); + return false; + } else { + return true; + } + } else { + return false; + } + } + + public PolicySet(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public PolicySet(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public PolicySet(PolicySet policySetParent) { + super(policySetParent); + } + + public PolicySet() { + } + + /** + * Gets an <code>Iterator</code> over the {@link com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter}s + * for {@link Policy} elements in this + * <code>PolicySet</code>. + * + * @return an <code>Iterator</code> over the <code>TargetedCombinerParameter</code>s for <code>Policy</code> elements in this + * <code>PolicySet</code>. + */ + public Iterator<TargetedCombinerParameter<Identifier,PolicySetChild>> getPolicyCombinerParameters() { + return this.policyCombinerParameters.getTargetedCombinerParameters(); + } + + /** + * Sets the Policy combiner parameters for this <code>PolicySet</code> from the contents of the given <code>Collection</code> + * of <code>TargetedCombinerParameter</code>s. + * + * @param policyCombinerParametersIn the <code>Collection</code> of <code>TargetedCombinerParameter</code>s. + */ + public void setPolicyCombinerParameters(Collection<TargetedCombinerParameter<Identifier,PolicySetChild>> policyCombinerParametersIn) { + this.policyCombinerParameters.setCombinerParameters(policyCombinerParametersIn); + } + + public void addPolicyCombinerParameter(TargetedCombinerParameter<Identifier,PolicySetChild> policyCombinerParameter) { + this.policyCombinerParameters.addCombinerParameter(policyCombinerParameter); + } + + public void addPolicyCombinerParameters(Collection<TargetedCombinerParameter<Identifier,PolicySetChild>> policyCombinerParametersIn) { + this.policyCombinerParameters.addCombinerParameters(policyCombinerParametersIn); + } + + /** + * Gets an <code>Iterator</code> over the <code>PolicySetChild</code> children of this <code>PolicySet</code>. + * + * @return an <code>Iterator</code> over the <code>PolicySetChild</code> children of this <code>PolicySet</code> or null if there are none. + */ + public Iterator<PolicySetChild> getChildren() { + return (this.children == null ? null : this.children.iterator()); + } + + public void setChildren(Collection<PolicySetChild> policySetChildren) { + this.children = null; + if (policySetChildren != null) { + this.addChildren(policySetChildren); + } + } + + public void addChild(PolicySetChild policySetChild) { + this.ensureChildren(); + this.children.add(policySetChild); + } + + public void addChildren(Collection<PolicySetChild> policySetChildren) { + this.ensureChildren(); + this.children.addAll(policySetChildren); + } + + /** + * Gets the {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm} for <code>PolicySetChild</code> children for this <code>PolicySet</code>. + * + * @return the <code>CombiningAlgorithm</code> for <code>PolicySetChild</code> children for this <code>PolicySet</code>. + */ + public CombiningAlgorithm<PolicySetChild> getPolicyCombiningAlgorithm() { + return this.combiningAlgorithm; + } + + public void setPolicyCombiningAlgorithm(CombiningAlgorithm<PolicySetChild> combiningAlgorithmIn) { + this.combiningAlgorithm = combiningAlgorithmIn; + } + + @Override + public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException { + /* + * First check to see if we are valid. If not, return an error status immediately + */ + if (evaluationContext.isTracing()) { + evaluationContext.trace(new StdTraceEvent<Object>("PolicySet", this, null)); + } + if (!this.validate()) { + return new EvaluationResult(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + + /* + * See if we match + */ + MatchResult thisMatchResult = this.match(evaluationContext); + assert(thisMatchResult != null); + if (evaluationContext.isTracing()) { + evaluationContext.trace(new StdTraceEvent<MatchResult>("Match", this, thisMatchResult)); + } + switch(thisMatchResult.getMatchCode()) { + case INDETERMINATE: + return new EvaluationResult(Decision.INDETERMINATE, thisMatchResult.getStatus()); + case MATCH: + break; + case NOMATCH: + return new EvaluationResult(Decision.NOTAPPLICABLE); + } + + /* + * Get the combining elements + */ + List<CombiningElement<PolicySetChild>> listCombiningElements = this.getCombiningPolicies(); + assert(listCombiningElements != null); + + /* + * Run the PolicyCombiningAlgorithm + */ + assert(this.getPolicyCombiningAlgorithm() != null); + EvaluationResult evaluationResultCombined = this.getPolicyCombiningAlgorithm().combine(evaluationContext, listCombiningElements, getCombinerParameterList()); + assert(evaluationResultCombined != null); + + if (evaluationResultCombined.getDecision() == Decision.DENY || evaluationResultCombined.getDecision() == Decision.PERMIT) { + this.updateResult(evaluationResultCombined, evaluationContext); + + /* + * Add my id to the policy set identifiers + */ + if (evaluationContext.getRequest().getReturnPolicyIdList()) { + evaluationResultCombined.addPolicySetIdentifier(this.getIdReference()); + } + } + if (evaluationContext.isTracing()) { + evaluationContext.trace(new StdTraceEvent<Result>("Result", this, evaluationResultCombined)); + } + return evaluationResultCombined; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + String iteratorToDump; + if ((iteratorToDump = StringUtils.toString(this.getPolicyCombinerParameters())) != null) { + stringBuilder.append(",policyCombinerParameters="); + stringBuilder.append(iteratorToDump); + } + if ((iteratorToDump = StringUtils.toString(this.getChildren())) != null) { + stringBuilder.append(",children="); + stringBuilder.append(iteratorToDump); + } + Object objectToDump; + if ((objectToDump = this.getPolicyCombiningAlgorithm()) != null) { + stringBuilder.append(",policyCombiningAlgorithm="); + stringBuilder.append(objectToDump.toString()); + } + + stringBuilder.append('}'); + return stringBuilder.toString(); + } + + @Override + public String getTraceId() { + return this.getIdentifier().stringValue(); + } + + @Override + public Traceable getCause() { + return null; + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySetChild.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySetChild.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySetChild.java new file mode 100755 index 0000000..eeae452 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySetChild.java @@ -0,0 +1,149 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.api.trace.Traceable; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacmlatt.pdp.eval.Evaluatable; +import com.att.research.xacmlatt.pdp.eval.Matchable; + +/** + * PolicySetChild extends {@link com.att.research.xacmlatt.pdp.PolicyComponent} to represent XACML 3.0 Policies, PolicySets, PolicyReferences, + * and PolicySetReferences. + * + * @author car + * @version $Revision: 1.1 $ + */ +public abstract class PolicySetChild extends PolicyComponent implements Evaluatable, Matchable, Traceable { + private Identifier identifier; + private PolicyDefaults policyDefaults; + private PolicySet parent; + + /** + * Creates a new <code>PolicySetChild</code> with the given given {@link com.att.research.xacml.api.StatusCode} + * and <code>String</code> status message. + * + * @param statusCodeIn the <code>StatusCode</code> for the new <code>PolicySetChild</code> + * @param statusMessageIn the <code>String</code> status message for the new <code>PolicySetChild</code> + */ + protected PolicySetChild(PolicySet parentIn, StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + this.parent = parentIn; + } + + protected PolicySetChild(StatusCode statusCodeIn, String statusMessageIn) { + this(null, statusCodeIn, statusMessageIn); + } + + /** + * Creates a new <code>PolicySetChild</code> with the default OK <code>StatusCode</code>. + * + * @param statusCodeIn the <code>StatusCode</code> for this <code>PolicySetChild</code> + */ + protected PolicySetChild(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + protected PolicySetChild(PolicySet parentIn) { + this.parent = parentIn; + } + + /** + * Creates a new <code>PolicySetChild</code> with the default OK status. + */ + protected PolicySetChild() { + super(); + } + + /** + * Gets the <code>Identifier</code> for this <code>PolicySetChild</code>. + * + * @return the <code>Identifier</code> for this <code>PolicySetChild</code> + */ + public Identifier getIdentifier() { + return this.identifier; + } + + public void setIdentifier(Identifier identifierIn) { + this.identifier = identifierIn; + } + + /** + * Gets the <code>PolicyDefaults</code> for this <code>PolicySetChild</code>. + * + * @return the <code>PolicyDefaults</code> for this <code>PolicySetChild</code> + */ + public PolicyDefaults getPolicyDefaults() { + return this.policyDefaults; + } + + /** + * Sets the <code>PolicyDefaults</code> for this <code>PolicySetChild</code>. + * + * @param policyDefaultsIn the <code>PolicyDefaults</code> for this <code>PolicySetChild</code> + */ + public void setPolicyDefaults(PolicyDefaults policyDefaultsIn) { + this.policyDefaults = policyDefaultsIn; + } + + /** + * Gets the parent {@link PolicySet} containing this <code>PolicySetChild</code> + * or null if this is the root. + * + * @return the parent <code>PolicySet</code> of this <code>PolicySetChild</code> + */ + public PolicySet getParent() { + return this.parent; + } + + @Override + protected boolean validateComponent() { + if (this.getIdentifier() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing identifier"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + @Override + public String getTraceId() { + return this.getIdentifier().stringValue(); + } + + @Override + public Traceable getCause() { + return this.parent; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getIdentifier()) != null) { + stringBuilder.append(",identifier="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getPolicyDefaults()) != null) { + stringBuilder.append(",policyDefaults="); + stringBuilder.append(objectToDump.toString()); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySetIdReference.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySetIdReference.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySetIdReference.java new file mode 100755 index 0000000..adb96a9 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/PolicySetIdReference.java @@ -0,0 +1,57 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; + +/** + * PolicySetIdReference extends {@link com.att.research.xacmlatt.pdp.policy.PolicyIdReferenceBase} for + * {@link com.att.research.xacmlatt.pdp.PolicySet} objects to implement the <code>ensureReferencee</code> + * method to find <code>PolicySet</code>s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class PolicySetIdReference extends PolicyIdReferenceBase<PolicySet> { + + public PolicySetIdReference(PolicySet policySetParent, StatusCode statusCodeIn, String statusMessageIn) { + super(policySetParent, statusCodeIn, statusMessageIn); + } + + public PolicySetIdReference(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public PolicySetIdReference(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public PolicySetIdReference(PolicySet policySetParent) { + super(policySetParent); + } + + public PolicySetIdReference() { + } + + @Override + protected PolicySet ensureReferencee(EvaluationContext evaluationContext) throws EvaluationException { + if (this.getReferencee() == null) { + PolicyFinderResult<PolicySet> policyFactoryResult = evaluationContext.getPolicySet(this.getIdReferenceMatch()); + if (policyFactoryResult.getStatus() == null || policyFactoryResult.getStatus().isOk()) { + this.setReferencee(policyFactoryResult.getPolicyDef()); + } + } + return this.getReferencee(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Rule.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Rule.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Rule.java new file mode 100755 index 0000000..467255b --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Rule.java @@ -0,0 +1,299 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.Advice; +import com.att.research.xacml.api.Decision; +import com.att.research.xacml.api.Obligation; +import com.att.research.xacml.api.Result; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.api.trace.Traceable; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.trace.StdTraceEvent; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.eval.Evaluatable; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.EvaluationResult; +import com.att.research.xacmlatt.pdp.eval.MatchResult; +import com.att.research.xacmlatt.pdp.eval.Matchable; + +/** + * Rule extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} to represent a XACML Rule within a Policy. It implements + * {@link com.att.research.xacmlatt.pdp.eval.Matchable} and {@link com.att.research.xacmlatt.pdp.eval.Evaluatable} for matching and evaluation + * a request. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class Rule extends PolicyComponent implements Matchable, Evaluatable, Traceable { + private Policy policy; + private String ruleId; + private RuleEffect ruleEffect; + private String description; + private Target target; + private Condition condition; + private List<ObligationExpression> obligationExpressions = new ArrayList<ObligationExpression>(); + private List<AdviceExpression> adviceExpressions = new ArrayList<AdviceExpression>(); + + protected List<ObligationExpression> getObligationExpressionList() { + return this.obligationExpressions; + } + + protected void clearObligationExpressions() { + this.getObligationExpressionList().clear(); + } + + protected List<AdviceExpression> getAdviceExpressionList() { + return this.adviceExpressions; + } + + protected void clearAdviceExpressions() { + this.getAdviceExpressionList().clear(); + } + + public Rule(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public Rule(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public Rule() { + } + + public Policy getPolicy() { + return this.policy; + } + + public void setPolicy(Policy policyIn) { + this.policy = policyIn; + } + + public String getRuleId() { + return this.ruleId; + } + + public void setRuleId(String ruleIdIn) { + this.ruleId = ruleIdIn; + } + + public RuleEffect getRuleEffect() { + return this.ruleEffect; + } + + public void setRuleEffect(RuleEffect ruleEffectIn) { + this.ruleEffect = ruleEffectIn; + } + + public String getDescription() { + return this.description; + } + + public void setDescription(String descriptionIn) { + this.description = descriptionIn; + } + + public Target getTarget() { + return this.target; + } + + public void setTarget(Target targetIn) { + this.target = targetIn; + } + + public Condition getCondition() { + return this.condition; + } + + public void setCondition(Condition conditionIn) { + this.condition = conditionIn; + } + + public Iterator<ObligationExpression> getObligationExpressions() { + return (this.obligationExpressions == null ? null : this.obligationExpressions.iterator()); + } + + public void setObligationExpressions(Collection<ObligationExpression> obligationExpressionsIn) { + this.clearObligationExpressions(); + if (obligationExpressionsIn != null) { + this.addObligationExpressions(obligationExpressionsIn); + } + } + + public void addObligationExpression(ObligationExpression obligationExpression) { + this.getObligationExpressionList().add(obligationExpression); + } + + public void addObligationExpressions(Collection<ObligationExpression> obligationExpressionsIn) { + this.getObligationExpressionList().addAll(obligationExpressionsIn); + } + + public Iterator<AdviceExpression> getAdviceExpressions() { + return (this.adviceExpressions == null ? null : this.adviceExpressions.iterator()); + } + + public void setAdviceExpressions(Collection<AdviceExpression> adviceExpressionsIn) { + this.clearAdviceExpressions(); + if (adviceExpressionsIn != null) { + this.addAdviceExpressions(adviceExpressionsIn); + } + } + + public void addAdviceExpression(AdviceExpression adviceExpression) { + this.getAdviceExpressionList().add(adviceExpression); + } + + public void addAdviceExpressions(Collection<AdviceExpression> adviceExpressionsIn) { + this.getAdviceExpressionList().addAll(adviceExpressionsIn); + } + + @Override + public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException { + if (!this.validate()) { + return new EvaluationResult(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + + /* + * See if our target matches + */ + MatchResult matchResult = this.match(evaluationContext); + if (evaluationContext.isTracing()) { + evaluationContext.trace(new StdTraceEvent<MatchResult>("Match", this, matchResult)); + } + switch(matchResult.getMatchCode()) { + case INDETERMINATE: + return new EvaluationResult(Decision.INDETERMINATE, matchResult.getStatus()); + case MATCH: + break; + case NOMATCH: + return new EvaluationResult(Decision.NOTAPPLICABLE); + } + + /* + * See if our condition matches + */ + Condition thisCondition = this.getCondition(); + if (thisCondition != null) { + ExpressionResultBoolean expressionResultCondition = thisCondition.evaluate(evaluationContext, this.getPolicy().getPolicyDefaults()); + assert(expressionResultCondition != null); + + if (evaluationContext.isTracing()) { + evaluationContext.trace(new StdTraceEvent<ExpressionResultBoolean>("Condition", this, expressionResultCondition)); + } + + if (!expressionResultCondition.isOk()) { + return new EvaluationResult(Decision.INDETERMINATE, expressionResultCondition.getStatus()); + } else if (!expressionResultCondition.isTrue()) { + return new EvaluationResult(Decision.NOTAPPLICABLE); + } + } + + /* + * The target and condition match, so we can start creating the EvaluationResult + */ + List<Obligation> listObligations = ObligationExpression.evaluate(evaluationContext, this.getPolicy().getPolicyDefaults(), this.getRuleEffect().getDecision(), this.getObligationExpressionList()); + List<Advice> listAdvices = AdviceExpression.evaluate(evaluationContext, this.getPolicy().getPolicyDefaults(), this.getRuleEffect().getDecision(), this.getAdviceExpressionList()); + + EvaluationResult evaluationResult = new EvaluationResult(this.getRuleEffect().getDecision(), listObligations, listAdvices); + if (evaluationContext.isTracing()) { + evaluationContext.trace(new StdTraceEvent<Result>("Result", this, evaluationResult)); + } + return evaluationResult; + } + + @Override + public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException { + if (!this.validate()) { + return new MatchResult(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + Target thisTarget = this.getTarget(); + if (thisTarget != null) { + return thisTarget.match(evaluationContext); + } else { + return MatchResult.MM_MATCH; + } + } + + @Override + protected boolean validateComponent() { + if (this.getRuleId() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing rule id"); + return false; + } else if (this.getPolicy() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Rule not in a Policy"); + return false; + } else if (this.getRuleEffect() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing effect"); + return false; + } + return true; + } + + @Override + public String toString() { + StringBuffer stringBuffer = new StringBuffer("{"); + stringBuffer.append("super="); + stringBuffer.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getRuleId()) != null) { + stringBuffer.append(",ruleId="); + stringBuffer.append((String)objectToDump); + } + if ((objectToDump = this.getRuleEffect()) != null) { + stringBuffer.append(",ruleEffect="); + stringBuffer.append(objectToDump.toString()); + } + if ((objectToDump = this.getDescription()) != null) { + stringBuffer.append(",description="); + stringBuffer.append((String)objectToDump); + } + if ((objectToDump = this.getTarget()) != null) { + stringBuffer.append(",target="); + stringBuffer.append(objectToDump.toString()); + } + if ((objectToDump = this.getCondition()) != null) { + stringBuffer.append(",condition="); + stringBuffer.append(objectToDump.toString()); + } + + String iterToDump; + if ((iterToDump = StringUtils.toString(this.getObligationExpressions())) != null) { + stringBuffer.append(",obligationExpressions="); + stringBuffer.append(iterToDump); + } + if ((iterToDump = StringUtils.toString(this.getAdviceExpressions())) != null) { + stringBuffer.append(",adviceExpressions="); + stringBuffer.append(iterToDump); + } + stringBuffer.append('}'); + return stringBuffer.toString(); + } + + @Override + public String getTraceId() { + return this.getRuleId(); + } + + @Override + public Traceable getCause() { + return this.policy; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/RuleEffect.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/RuleEffect.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/RuleEffect.java new file mode 100755 index 0000000..bdf95e3 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/RuleEffect.java @@ -0,0 +1,61 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.Decision; + +/** + * RuleEffect is an enumeration of the XACML decision effects that a {@link Rule} may apply + * to. + * + * @author car + * @version $Revision: 1.1 $ + */ +public enum RuleEffect { + DENY("Deny", Decision.DENY), + PERMIT("Permit", Decision.PERMIT) + ; + + private String name; + private Decision decision; + private RuleEffect(String nameIn, Decision decisionIn) { + this.name = nameIn; + this.decision = decisionIn; + } + + public String getName() { + return this.name; + } + + public Decision getDecision() { + return this.decision; + } + + @Override + public String toString() { + return this.getName(); + } + + /** + * Maps a XACML rule effect <code>String</code> name to the matching <code>RuleEffect</code>. + * + * @param effectName the <code>String</code> effect name to match + * @return the matching <code>RuleEffect</code> or null if there is no match + */ + public static RuleEffect getRuleEffect(String effectName) { + for (RuleEffect ruleEffect: RuleEffect.values()) { + if (ruleEffect.getName().equalsIgnoreCase(effectName)) { + return ruleEffect; + } + } + return null; + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Target.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Target.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Target.java new file mode 100755 index 0000000..b4eac6c --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Target.java @@ -0,0 +1,138 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.util.StringUtils; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.MatchResult; +import com.att.research.xacmlatt.pdp.eval.Matchable; + +/** + * Target extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} to implement XACML 3.0 Target elements for + * Policies, PolicySets, and Rules. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class Target extends PolicyComponent implements Matchable { + private List<AnyOf> anyOfs; + + protected List<AnyOf> getAnyOfList(boolean bNoNull) { + if (this.anyOfs == null && bNoNull) { + this.anyOfs = new ArrayList<AnyOf>(); + } + return this.anyOfs; + } + + protected void clearAnyOfList() { + if (this.anyOfs != null) { + this.anyOfs.clear(); + } + } + + public Target(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public Target(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public Target() { + } + + public Target(Collection<AnyOf> anyOfsIn) { + if (anyOfsIn != null) { + this.addAnyOfs(anyOfsIn); + } + } + + public Target(AnyOf anyOfIn) { + if (anyOfIn != null) { + this.addAnyOf(anyOfIn); + } + } + + /** + * Gets an <code>Iterator</code> over all of the {@link AnyOf}s in this <code>Target</code>. + * + * @return an <code>Iterator</code> over all of the <code>AnyOf</code>s in this <code>Target</code> or null if there are none + */ + public Iterator<AnyOf> getAnyOfs() { + return (this.anyOfs == null ? null : this.anyOfs.iterator()); + } + + public void setAnyOfs(Collection<AnyOf> anyOfsIn) { + this.clearAnyOfList(); + if (anyOfsIn != null) { + this.addAnyOfs(anyOfsIn); + } + } + + public void addAnyOf(AnyOf anyOfIn) { + List<AnyOf> listAnyOfs = this.getAnyOfList(true); + listAnyOfs.add(anyOfIn); + } + + public void addAnyOfs(Collection<AnyOf> anyOfsIn) { + List<AnyOf> listAnyOfs = this.getAnyOfList(true); + listAnyOfs.addAll(anyOfsIn); + } + + @Override + public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException { + if (!this.validate()) { + return new MatchResult(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + Iterator<AnyOf> iterAnyOfs = this.getAnyOfs(); + if (iterAnyOfs == null || !iterAnyOfs.hasNext()) { + return MatchResult.MM_MATCH; + } else { + MatchResult matchResult = MatchResult.MM_MATCH; + while (iterAnyOfs.hasNext()) { + matchResult = iterAnyOfs.next().match(evaluationContext); + if (matchResult.getMatchCode() != MatchResult.MatchCode.MATCH) { + return matchResult; + } + } + return matchResult; + } + } + + @Override + protected boolean validateComponent() { + return true; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + String iterToDump = StringUtils.toString(this.getAnyOfs()); + if (iterToDump != null) { + stringBuilder.append(",anyOfs="); + stringBuilder.append(iterToDump); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/TargetedCombinerParameter.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/TargetedCombinerParameter.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/TargetedCombinerParameter.java new file mode 100755 index 0000000..f93b520 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/TargetedCombinerParameter.java @@ -0,0 +1,107 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.StatusCode; + +/** + * TargetedCombinerParameter extends {@link CombinerParameter} to include a lazy + * reference to a particular sub-element within the evaluatable children that should be used when combining evaluation + * results from that sub-element. + * + * @author car + * + * @param <T> the type of the identifier used to reference the targeted object + * @param <U> the type of the targeted object + */ +public class TargetedCombinerParameter<T, U> extends CombinerParameter { + private T targetId; + private U target; + + public TargetedCombinerParameter(T targetIdIn, String nameIn, AttributeValue<?> attributeValueIn, StatusCode statusCodeIn, String statusMessageIn) { + super(nameIn, attributeValueIn, statusCodeIn, statusMessageIn); + this.targetId = targetIdIn; + } + + public TargetedCombinerParameter(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public TargetedCombinerParameter(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public TargetedCombinerParameter(T targetIdIn, String nameIn, AttributeValue<?> attributeValueIn) { + super(nameIn, attributeValueIn); + this.targetId = targetIdIn; + } + + public TargetedCombinerParameter() { + + } + + /** + * Gets the target id of this <code>TargetedCombinerParameter</code>. + * + * @return the <code>T</code> id of this <code>TargetedCombinerParameter</code> + */ + public T getTargetId() { + return this.targetId; + } + + /** + * Sets the target id to the given <code>T</code> value. + * + * @param targetIdIn the <code>T</code> to set as the target id + */ + public void setTargetId(T targetIdIn) { + this.targetId = targetIdIn; + } + + /** + * Gets the target for this <code>TargetedCombinerParameter</code>. + * + * @return the <code>U</code> target for this <code>TargetedCombinerParameter</code> + */ + public U getTarget() { + return this.target; + } + + /** + * Sets the target for this <code>TargetedCombinerParameter</code> to the given <code>U</code>. + * + * @param targetIn the <code>U</code> target for this <code>TargetedCombinerParameter</code> + */ + public void setTarget(U targetIn) { + this.target = targetIn; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getTargetId()) != null) { + stringBuilder.append("targetId="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getTarget()) != null) { + stringBuilder.append("target="); + stringBuilder.append(objectToDump.toString()); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/TargetedCombinerParameterMap.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/TargetedCombinerParameterMap.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/TargetedCombinerParameterMap.java new file mode 100755 index 0000000..1ffa5c0 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/TargetedCombinerParameterMap.java @@ -0,0 +1,155 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * TargetedCombinerParameterMap is a utility for maintaining a collection of {@link com.att.research.xacmlatt.policy.TargetedCombinerParameter} + * objects with the mappings to their targets. + * + * @author car + * @version $Revision: 1.1 $ + * + * @param <T> the type of the identifier for the <code>TargetedCombinerParameter</code>s in the map + * @param <U> the type of the object referenced by the identifier + */ +public class TargetedCombinerParameterMap<T, U> { + List<TargetedCombinerParameter<T,U>> targetedCombinerParameters = null; + Map<T,U> mapTargetIdToTarget = new HashMap<T,U>(); + Map<U,List<CombinerParameter>> mapTargetToCombinerParameters = null; + + private void ensureTargetedCombinerParameters() { + if (this.targetedCombinerParameters == null) { + this.targetedCombinerParameters = new ArrayList<TargetedCombinerParameter<T,U>>(); + } + } + + /** + * Gets the target from the given <code>TargetedCombinerParameter</code> if present. If not, find the + * target in the target id to target mapping, update the <code>TargetedCombinerParameter</code> and then + * return the target. + * + * @param targetedCombinerParameter the <code>TargetedCombinerParameter</code> to resolve + * @return the target for the given <code>TargetedCombinerParameter</code> + */ + protected U resolve(TargetedCombinerParameter<T,U> targetedCombinerParameter) { + U result; + if ((result = targetedCombinerParameter.getTarget()) != null) { + return result; + } else if ((result = this.mapTargetIdToTarget.get(targetedCombinerParameter.getTargetId())) != null) { + targetedCombinerParameter.setTarget(result); + return result; + } else { + return null; + } + } + + /** + * Ensures the <code>Map</code> from targets to <code>List</code> of <code>CombinerParameter</code>s has been + * created if needed. + * + * @throws IllegalStateException if there are <code>TargetedCombinerParameter</code>s that cannot be resolved + */ + protected void ensureMap() throws IllegalStateException { + if (this.mapTargetToCombinerParameters == null) { + if (this.targetedCombinerParameters != null && this.targetedCombinerParameters.size() > 0) { + this.mapTargetToCombinerParameters = new HashMap<U,List<CombinerParameter>>(); + for (TargetedCombinerParameter<T,U> targetedCombinerParameter: this.targetedCombinerParameters) { + U target = this.resolve(targetedCombinerParameter); + if (target == null) { + throw new IllegalStateException("Unresolved TargetCombinerParameter \"" + targetedCombinerParameter.toString() + "\""); + } + List<CombinerParameter> listCombinerParameters = this.mapTargetToCombinerParameters.get(target); + if (listCombinerParameters == null) { + listCombinerParameters = new ArrayList<CombinerParameter>(); + this.mapTargetToCombinerParameters.put(target, listCombinerParameters); + } + listCombinerParameters.add(targetedCombinerParameter); + } + } + } + } + + /** + * Creates a new <code>TargetedCombinerParameterMap</code>. + */ + public TargetedCombinerParameterMap() { + } + + /** + * Adds a new target object to the identifier map. + * + * @param targetId the id for the target + * @param target the target + */ + public void addTarget(T targetId, U target) { + this.mapTargetIdToTarget.put(targetId, target); + } + + /** + * Adds a new <code>TargetedCombinerParameter</code> to this <code>TargetedCombinerParameterMap</code>. + * + * @param targetdCombinerParameter the <code>TargetedCombinerParameter</code> to add + */ + public void addCombinerParameter(TargetedCombinerParameter<T,U> targetdCombinerParameter) { + this.ensureTargetedCombinerParameters(); + this.targetedCombinerParameters.add(targetdCombinerParameter); + this.mapTargetToCombinerParameters = null; + } + + /** + * Adds the contents of the given <code>Collection</code> of <code>TargetedCombinerParameter</code>s to this <code>TargetedCombinerParameterMap</code>. + * + * @param listTargetedCombinerParameters the <code>Collection</code> of <code>TargetedCombinerParameter</code>s to add + */ + public void addCombinerParameters(Collection<TargetedCombinerParameter<T,U>> listTargetedCombinerParameters) { + this.ensureTargetedCombinerParameters(); + this.targetedCombinerParameters.addAll(listTargetedCombinerParameters); + this.mapTargetToCombinerParameters = null; + } + + /** + * Sets the set of <code>TargetedCombinerParameter</code>s for this <code>TargetedCombinerParameterMap</code> to the contents of the + * given <code>Collection</code>> + * + * @param listTargetedCombinerParameters the <code>Collection</code> of <code>TargetedCombinerParameter</code>s to set + */ + public void setCombinerParameters(Collection<TargetedCombinerParameter<T,U>> listTargetedCombinerParameters) { + this.targetedCombinerParameters = null; + if (listTargetedCombinerParameters != null) { + this.addCombinerParameters(targetedCombinerParameters); + } + } + + /** + * Looks up the given target in the map for any {@link CombinerParameter}s for the + * given target. + * + * @param target the target + * @return a <code>List</code> of <code>CombinerParameter</code>s for the target or null if none + * @throws IllegalStateException if there are <code>TargetedCombinerParameter</code>s that cannot be resolved + */ + public List<CombinerParameter> getCombinerParameters(U target) throws IllegalStateException { + this.ensureMap(); + return (this.mapTargetToCombinerParameters == null ? null : this.mapTargetToCombinerParameters.get(target)); + } + + public Iterator<TargetedCombinerParameter<T,U>> getTargetedCombinerParameters() { + return (this.targetedCombinerParameters == null ? null : this.targetedCombinerParameters.iterator()); + } + +}
