|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objecteu.xtreemos.system.eventmachine.stage.AbstractStage
eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage
eu.xtreemos.system.eventmachine.stage.Abstract2wayStage
eu.xtreemos.xosd.security.vops.VOPS
public class VOPS
VO Policy Service: this class provides basic functions which provide capabilities to manipulate with policy rules, obtain information about policies and execution of queries over policies. Policies are stored as collection in memory using class @see eu.xtreemos.xosd.security.vops.xacml.utils.PolicyFactory but can also be stored onto physical storage using method @see #writeback(). When loading policies from physical storage into memory use @see #reloadVOPS().
Nested Class Summary | |
---|---|
class |
VOPS.PasswordGiver
|
Field Summary | |
---|---|
private java.lang.String |
delim
|
private boolean |
isGlobalVOPS
|
private boolean |
isUpToDate
|
private java.util.HashMap<CommunicationAddress,java.security.cert.X509Certificate> |
listOfRegisteredVOPS
|
private java.util.ArrayList<java.security.cert.X509Certificate> |
listOfVoAdminCerts
|
(package private) static org.apache.log4j.Logger |
logger
|
private SimplePDP |
pdp
Policy Decision Point |
private ServiceTrustStore |
serviceTrustStore
This stores certificates in which we trust. |
private CVOPSConfig |
vopsConfig
|
Fields inherited from class eu.xtreemos.system.eventmachine.stage.Abstract2wayStage |
---|
context, counter, curContext, sink |
Fields inherited from class eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage |
---|
queue |
Fields inherited from class eu.xtreemos.system.eventmachine.stage.AbstractStage |
---|
handlerChain, handlerGroup, handlerThreads, name, running, serviceListeners |
Constructor Summary | |
---|---|
VOPS()
|
Method Summary | |
---|---|
java.lang.Boolean |
addPolicy(java.lang.String xacmlPolicy,
java.security.cert.X509Certificate userCtx)
Adds XACML policy into policy storage. |
java.lang.String |
addRule(java.lang.String ruleXML,
java.lang.String policyId)
Adds rule which is passed as XML string to the policy identified by policyId. |
java.lang.String |
addXACMLRule(java.lang.String ruleXACML,
java.lang.String policyId,
java.security.cert.X509Certificate userCtx)
Adds rule which is passed as XML string in XACML format to the policy identified by policyId.Returns rule created as String object. |
java.lang.String |
createPolicy(java.lang.String policyID,
java.lang.String description)
Deprecated. |
java.lang.String |
createPolicyWithTarget(java.lang.String policyID,
java.lang.String description,
java.lang.String target)
Creates an empty policy containing target as provided. |
java.lang.String |
evaluateRequest(java.lang.String xacmlRequest)
Method constructs XACML request from XML passed as request and applies xacml request against policies stored in policy storage @see PolicyFactory. |
java.lang.String |
generateRequest(java.security.cert.X509Certificate targetSubjectCertificate)
|
java.util.ArrayList<java.lang.String> |
getActionAttributes()
These attributes can be used in XACML policies, requests and rules. |
java.util.ArrayList<CommunicationAddress> |
getFilteredResources()
Deprecated. |
java.lang.String |
getHandledEventType()
|
java.util.ArrayList<java.lang.String> |
getResourceAttributes()
These attributes can be used in XACML policies, requests and rules. |
java.lang.Boolean |
getResultFromResMngProcess(ReturnMessage retMsg)
Deprecated. |
java.lang.Object |
getResultsFromResMng(java.util.ArrayList<CommunicationAddress> list)
Deprecated. |
java.util.ArrayList<java.lang.String> |
getSubjectAttributes()
These attributes can be used in XACML policies, requests and rules. |
void |
handleEvent(java.lang.Object event)
|
void |
init()
Initialization of Policy Decision Point |
java.lang.String |
listFilteredPolicy(java.lang.String xacmlRequest)
Returns a policy comprising rules which comply with the request passed as an argument. |
java.lang.String |
listFilteredPolicyCert(java.security.cert.X509Certificate targetSubjectCertificate)
Lists policies which apply to certificate provided. |
java.util.ArrayList<java.lang.String> |
listPolicies(java.security.cert.X509Certificate userCtx)
Note that list of all policies can be very large. |
java.lang.Object |
listPoliciesHandler(java.util.ArrayList<java.lang.String> alPolicies)
Executed as a consequence of the VOPS#listPolicies() method. |
java.lang.String |
listPolicy(java.lang.String policyId,
java.security.cert.X509Certificate userCtx)
Lists specific policy with policyId. |
java.lang.String |
listVoAdmins()
Lists registered VO administrators. |
protected ResourceMatching |
makePolicyDecision(java.util.HashMap<CommunicationAddress,java.security.cert.X509Certificate> resourceCerts,
VOPSStorage storage)
|
java.lang.String |
obtainFilterPolicyAEM(java.lang.Object xosUserCert,
java.lang.String jsdlContent,
java.lang.String action)
Obtains policy which will be used in resource discovery system as a filter (it will help to narrow down possible resource nodes). |
ResourceMatching |
policyEnforceRequestCertificateCatcher(RCASignedResponse response)
Refers to verifyPolicyAEM(Object, ResourceMatching, String) . |
ResourceMatching |
policyEnforceRequestCertificateCatcherFailure(java.lang.Exception err)
Catches failures of CDAMng.getResourceCertificate call. |
java.lang.Boolean |
registerVoAdmin(java.security.cert.X509Certificate voAdminsCert)
Adds certificate passed as an argument into a list of trusted certificates (VO admins list). |
java.lang.Boolean |
registerVOPSToGlobalVOPS(CommunicationAddress address,
java.security.cert.X509Certificate certificate)
This registers VOPS to global VOPS service where decisions are made. |
java.lang.Boolean |
reloadVOPS(java.security.cert.X509Certificate userCtx)
Reloads all policies stored in policy storage. |
java.lang.Boolean |
removePolicy(java.lang.String policyId,
java.security.cert.X509Certificate userCtx)
Policy with policyId will be removed from policy storage. |
java.lang.Boolean |
removeRuleFromPolicy(java.lang.String ruleId,
java.lang.String policyId,
java.security.cert.X509Certificate userCtx)
Removes rule from policy with specified policyId. |
java.lang.Boolean |
unregisterVoAdmin(java.lang.Integer index)
Removes certificate with specified index from a list of trusted certificates. |
ResourceMatching |
verifyPolicyAEM(java.lang.Object xos_cert,
ResourceMatching resources,
java.lang.String action)
Used by AEM framework to check if resources listed in comply with policies stored in VO policy storage PolicyFactory.listPolicies() . |
com.sun.xacml.Policy |
verifyPolicyAemJsdl(java.lang.Object xosUserCert,
ResourceMatching resources,
java.lang.String jsdlContent,
java.lang.String action)
Verifies if request is permitted. |
ResourceMatching |
verifyPolicyCertRes(java.security.cert.X509Certificate xos_cert,
ResourceMatching resources)
This method is called by consequence of the verifyPolicyAEM(Object, ResourceMatching, String) method. |
java.lang.Object |
verifyPolicyCertResHandle(ResourceMatching returnedResMatching)
This callback gets filtered resources based on query which was submitted by verifyPolicyCertRes. |
java.lang.Boolean |
writeBack(java.security.cert.X509Certificate userCtx)
Writes back policies from policy storage in PolicyFactory on to local disk. |
Methods inherited from class eu.xtreemos.system.eventmachine.stage.Abstract2wayStage |
---|
getContext, removeContext, SendException, SendException, SendException, SendReply, SendReply, SendReply, setSink |
Methods inherited from class eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage |
---|
dequeue, getSource |
Methods inherited from class eu.xtreemos.system.eventmachine.stage.AbstractStage |
---|
addHandler, addHandler, addServiceListener, getName, getShortName, getThreadCount, notifyServiceInitialised, notifyServiceStarted, notifyServiceStopped, processEvent, removeHandler, removeServiceListener, setThreadCount, start, stop |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private ServiceTrustStore serviceTrustStore
private java.lang.String delim
static final org.apache.log4j.Logger logger
private java.util.ArrayList<java.security.cert.X509Certificate> listOfVoAdminCerts
private boolean isGlobalVOPS
private java.util.HashMap<CommunicationAddress,java.security.cert.X509Certificate> listOfRegisteredVOPS
private CVOPSConfig vopsConfig
private boolean isUpToDate
private SimplePDP pdp
Constructor Detail |
---|
public VOPS()
Method Detail |
---|
public java.lang.Boolean registerVoAdmin(java.security.cert.X509Certificate voAdminsCert)
voAdminsCert
- certificate to add into a list of trusted certificates.
See also X509Certificate
.
public java.lang.Boolean unregisterVoAdmin(java.lang.Integer index)
voAdminsCert
-
public java.lang.String listVoAdmins()
public java.lang.String obtainFilterPolicyAEM(java.lang.Object xosUserCert, java.lang.String jsdlContent, java.lang.String action) throws java.lang.Exception
xosUserCert
- user certificate (instance of X509Certificate).jsdlContent
- content of the JSDL document.action
- If action is null, action attribute is by default submit
job.
java.lang.Exception
public com.sun.xacml.Policy verifyPolicyAemJsdl(java.lang.Object xosUserCert, ResourceMatching resources, java.lang.String jsdlContent, java.lang.String action)
xosUserCert
- user certificate (instance of X509Certificate).resources
- list of potential compliant resource, see also
ResourceMathching class.jsdlContent
- content of the JSDL document.action
- If action is null, action attribute is by default submit
job.
public ResourceMatching verifyPolicyAEM(java.lang.Object xos_cert, ResourceMatching resources, java.lang.String action) throws java.lang.Exception
PolicyFactory.listPolicies()
.
xos_cert
- instance of X509Certificate
.resources
- list of potential compliant resource, see also
ResourceMathching class.action
- String used to denote the action taken by the user over
resources. Use constants declared inside XACMLConstants.Action
.
ResourceMatching.setSignature(byte[])
and
ResourceMatching.getSignature()
.
java.lang.Exception
public ResourceMatching policyEnforceRequestCertificateCatcherFailure(java.lang.Exception err) throws java.lang.Exception
err
-
java.lang.Exception
public ResourceMatching policyEnforceRequestCertificateCatcher(RCASignedResponse response) throws java.lang.Exception
verifyPolicyAEM(Object, ResourceMatching, String)
.
It catches all resource attribute certificates and adds them into list
VOPSStorage.alResources
. When all certificates are obtained,
call to
verifyPolicyCertRes(X509Certificate, ResourceMatching)
is made.
cert
- is a returned certificate from RCA Client
java.lang.Exception
protected ResourceMatching makePolicyDecision(java.util.HashMap<CommunicationAddress,java.security.cert.X509Certificate> resourceCerts, VOPSStorage storage) throws java.lang.Exception
java.lang.Exception
public ResourceMatching verifyPolicyCertRes(java.security.cert.X509Certificate xos_cert, ResourceMatching resources) throws java.lang.Exception
verifyPolicyAEM(Object, ResourceMatching, String)
method.
Enforces policies - generates XACML request for each of the resource
and checks it against policies residing in policy storage, see
PolicyFactory.listPolicies()
.
xos_cert
- User certificate which has been stored in VOPSStorageresources
- are collection from process of resource mathcing, see
ResourceMatching
.
java.lang.Exception
public java.lang.Object verifyPolicyCertResHandle(ResourceMatching returnedResMatching)
verifyPolicyAEM(Object, ResourceMatching, String)
.
returnedResMatching
-
public java.lang.String createPolicy(java.lang.String policyID, java.lang.String description) throws java.lang.Exception
policyID
- Id of new policy createddescription
- of new policy
java.lang.Exception
public java.lang.String createPolicyWithTarget(java.lang.String policyID, java.lang.String description, java.lang.String target) throws java.lang.Exception
policyID
- policy's iddescription
- description of the policytarget
- target upon whom this policy apply
java.lang.Exception
public java.lang.Boolean removePolicy(java.lang.String policyId, java.security.cert.X509Certificate userCtx) throws java.lang.Exception
policyId
- userCtx
- certificate of the subject executing this call.
instance
- of Exception, error from PolicyFactory.removePolicy(String)
.
java.lang.Exception
public java.util.ArrayList<java.lang.String> listPolicies(java.security.cert.X509Certificate userCtx) throws java.lang.Exception
listFilteredPolicy(String)
and VOPS#listPolicy(String)
.
userCtx
- certificate of the subject executing this call.
java.lang.Exception
public java.lang.Object listPoliciesHandler(java.util.ArrayList<java.lang.String> alPolicies)
VOPS#listPolicies()
method.
Catches global VOPS' reply of the policies and returns it to the client
or server side.
alPolicies
- list of XACML policies
public java.lang.String listPolicy(java.lang.String policyId, java.security.cert.X509Certificate userCtx) throws java.lang.Exception
policy
- id.userCtx
- certificate of the subject executing this call.
java.lang.Exception
public java.lang.Boolean addPolicy(java.lang.String xacmlPolicy, java.security.cert.X509Certificate userCtx) throws java.lang.Exception
Policy
- in XML passed as string (XACML format).userCtx
- certificate of the subject executing this call.
java.lang.Exception
public java.lang.String addRule(java.lang.String ruleXML, java.lang.String policyId) throws java.lang.Exception
VOPS#addXACMLRule(String, String)
, where rule is passed in a
XACML format.
ruleXML
- description of the rule.policyId
- defines destination policy.
java.lang.Exception
public java.lang.String addXACMLRule(java.lang.String ruleXACML, java.lang.String policyId, java.security.cert.X509Certificate userCtx) throws java.lang.Exception
ruleXACML
- XACML string presenting rule to be added to policypolicyId
- identifies to which type of policies are we this rule.userCtx
- certificate of the subject executing this call.
java.lang.Exception
public java.lang.String listFilteredPolicy(java.lang.String xacmlRequest)
xacmlRequest
- XACML request which is applied to policies residing in
PolicyFactory.
public java.lang.String listFilteredPolicyCert(java.security.cert.X509Certificate targetSubjectCertificate)
targetSubject
-
public java.lang.String generateRequest(java.security.cert.X509Certificate targetSubjectCertificate)
public java.lang.String evaluateRequest(java.lang.String xacmlRequest) throws java.lang.Exception
request
- String presenting XACMl request
java.lang.Exception
public java.lang.Boolean removeRuleFromPolicy(java.lang.String ruleId, java.lang.String policyId, java.security.cert.X509Certificate userCtx) throws java.lang.Exception
ruleId
- Rule which will be removed from policy.policyId
- policy from which this rule is removed.userCtx
- certificate of the subject executing this call.
java.lang.Exception
public java.lang.Boolean writeBack(java.security.cert.X509Certificate userCtx) throws java.lang.Exception
userCtx
- certificate of the subject executing this call.
java.lang.Exception
public java.lang.Boolean reloadVOPS(java.security.cert.X509Certificate userCtx) throws java.lang.Exception
userCtx
- certificate of the subject executing this call.
java.lang.Exception
public java.lang.Object getResultsFromResMng(java.util.ArrayList<CommunicationAddress> list)
list
-
public java.lang.Boolean getResultFromResMngProcess(ReturnMessage retMsg)
retMsg
-
public java.util.ArrayList<CommunicationAddress> getFilteredResources()
public java.lang.Boolean registerVOPSToGlobalVOPS(CommunicationAddress address, java.security.cert.X509Certificate certificate)
address
- VOPS address to registercertificate
- of the VOPS
public java.util.ArrayList<java.lang.String> getSubjectAttributes()
public java.util.ArrayList<java.lang.String> getResourceAttributes()
public java.util.ArrayList<java.lang.String> getActionAttributes()
public void init()
init
in interface eu.xtreemos.system.eventmachine.stage.IStage
init
in class eu.xtreemos.system.eventmachine.stage.AbstractStage
public java.lang.String getHandledEventType()
getHandledEventType
in class eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage
public void handleEvent(java.lang.Object event) throws java.lang.Exception
handleEvent
in interface eu.xtreemos.system.eventmachine.queue.IEventHandler
handleEvent
in class eu.xtreemos.system.eventmachine.stage.AbstractReceivingStage
java.lang.Exception
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |