eu.xtreemos.xosd.vops.xacml.utils
Class PolicyFactory

java.lang.Object
  extended by eu.xtreemos.xosd.vops.xacml.utils.PolicyFactory

public class PolicyFactory
extends java.lang.Object

Policy factory.

Version:
0.1 Function createPermitPolicy has been added.
Author:
ales.cernivec@xlab.si

Field Summary
private static java.lang.Object accessMutex
          Mutex object
private static java.lang.Object changingStorage
          Lock when changing policy storage!
(package private) static java.lang.String delim
          System dependent delimiter.
private static boolean isChanged
          If policies in policyStorage are changed, this field is set to true;
(package private) static java.util.ArrayList<IResource> listOfResources
          Experiamental
private static java.lang.Object lock1
           
(package private) static org.apache.log4j.Logger logger
           
private static java.util.ArrayList<Policy> policyStorage
          This storage holds all policies in memory.
(package private) static java.io.File storeDir
          Policy storage
private static VopsPDP vopspdp
          This is PDP for policies stored in policy storage.
 
Constructor Summary
PolicyFactory()
           
 
Method Summary
private static void addRuleForResource(java.util.ArrayList<java.lang.String> policyFileNames, com.sun.xacml.Rule ruleToAdd, java.lang.String resource, java.lang.String groupName)
          Deprecated.  
private static void addRuleToPolicy(java.util.ArrayList<java.lang.String> policyFileNames, java.lang.String policyId, com.sun.xacml.Rule ruleToAdd)
          Deprecated.  
static void addRuleToPolicy(PolicyRule pr, java.lang.String policyId)
          Adds rule from XML form as XACML rule into policy
static java.lang.String addRuleToPolicy(com.sun.xacml.Rule rule, java.lang.String policyId)
          Deprecated.  
static void addRuleToPolicy(java.lang.String pathToForm, Policy policy)
          Deprecated.  
static java.lang.String addRuleToPolicy(java.lang.String ruleId, java.lang.String policyId, java.lang.String action, java.lang.String attr, java.lang.String groupName)
          Deprecated.  
static Policy createEmptyPolicy(java.net.URI policyId, java.lang.String policyDescription)
          Creates empty policy with policy id and policy description.
static com.sun.xacml.Policy createPermitPolicy(java.lang.String policyID, java.lang.String description, java.lang.String targetId, java.lang.String targetResource)
          Deprecated.  
static java.lang.String createPolicy(java.lang.String policyID, java.lang.String description, java.lang.String targetResource)
          Deprecated.  
static com.sun.xacml.Target createPolicyTarget(java.lang.String sSubject, java.lang.String sResource)
          Deprecated.  
static com.sun.xacml.Rule createRule(java.lang.String ruleId, java.lang.String targetAction, java.lang.String conditionAttribute, java.lang.String conditionAttributesValue)
          Deprecated.  
static com.sun.xacml.cond.Apply createRuleCondition(java.lang.String attribute, java.lang.String value)
          Deprecated.  
static com.sun.xacml.Target createRuleTarget(java.lang.String sAction)
          Deprecated.  
static com.sun.xacml.TargetMatch createTargetMatch(int type, java.lang.String functionId, com.sun.xacml.attr.AttributeDesignator designator, com.sun.xacml.attr.AttributeValue value)
          Simple helper routine that creates a TargetMatch instance.
static com.sun.xacml.ctx.ResponseCtx evaluateRequest(com.sun.xacml.ctx.RequestCtx request)
          Evaluates request.
static Policy getFilteredPolicy(com.sun.xacml.ctx.RequestCtx request, boolean matchResources)
          Filters policies based on the provided request.
static Policy getFilteredPolicy(java.security.cert.X509Certificate cert)
          Deprecated.  
static Policy getPolicy(java.lang.String policyId)
          Returns policy from policy storage with specified policyId.
private static java.lang.String getPolicyFile(java.lang.String policyId, java.util.ArrayList<java.lang.String> policyFiles)
          Deprecated.  
private static java.util.ArrayList<java.lang.String> getPolicyFiles(java.io.File policyStorageDirectory)
          Returns list of all files (filenames) of XACML policies.
static void initializePDP()
          Initializes PDP: parses policies from local storage directory and adds them into arraylist of policies for easier access.
static java.util.ArrayList<Policy> listPolicies()
          Lists all policies in policy storage.
static Policy listPolicy(java.lang.String policyId)
          Returns policy as String
static void main(java.lang.String[] args)
          Command-line routine that bundles together all the information needed to create a Policy and then encodes the Policy, printing to standard out.
private static org.w3c.dom.Document parsePolicy(java.lang.String filename)
          Parses file into DOM structure
private static java.lang.String readFileAsString(java.lang.String filePath)
           
private static void refreshVopsPDP()
          Refreshes VopsPDP
static void registerResource(IResource res)
          EXPERIMENTAL! This method registers resource into local PDP.
static java.lang.Object reloadVOPS()
          Reloads VOPS policy storage.
static void removePolicy(java.lang.String policyId)
          Deletes policy with PolicyId from policy storage (in our case deletes file containing policy with PolicyId from directory with policies stored).
static void removePolicyRule(java.lang.String policyId, java.lang.String ruleId)
          Deprecated.  
static boolean removeRuleFromPolicy(java.lang.String ruleId, java.lang.String policyId)
          Removes rule from policy with specified policyId.
static void setPolicyDirStorage(java.lang.String storeDirPath)
          Sets storage directory for policy storage.
static void updatePolicyStorage()
          Writes back all policies from policyStorage arrayList.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

vopspdp

private static VopsPDP vopspdp
This is PDP for policies stored in policy storage.


lock1

private static java.lang.Object lock1

changingStorage

private static java.lang.Object changingStorage
Lock when changing policy storage!


logger

static final org.apache.log4j.Logger logger

delim

static java.lang.String delim
System dependent delimiter.


listOfResources

static java.util.ArrayList<IResource> listOfResources
Experiamental


policyStorage

private static java.util.ArrayList<Policy> policyStorage
This storage holds all policies in memory.


isChanged

private static boolean isChanged
If policies in policyStorage are changed, this field is set to true;


accessMutex

private static java.lang.Object accessMutex
Mutex object


storeDir

static java.io.File storeDir
Policy storage

Constructor Detail

PolicyFactory

public PolicyFactory()
Method Detail

createPermitPolicy

public static com.sun.xacml.Policy createPermitPolicy(java.lang.String policyID,
                                                      java.lang.String description,
                                                      java.lang.String targetId,
                                                      java.lang.String targetResource)
                                               throws java.lang.Exception
Deprecated. 

Creates permit policy for following attributes

Parameters:
policyID - Policy ID
description - Descrition of policy
targetId - Not used for now
targetResource - For which resource this policy accounts to?
ruleTargetAction - *deprecated Which action are we permitting?
ruleConditionAttribute - *deprecated Which attribute must have value of ruleConditionValueOfAttribute to permit request
ruleConditionValueOfAttribute - *deprecated The value of ruleConditionAttribute
Returns:
The policy created
Throws:
java.lang.Exception

createTargetMatch

public static com.sun.xacml.TargetMatch createTargetMatch(int type,
                                                          java.lang.String functionId,
                                                          com.sun.xacml.attr.AttributeDesignator designator,
                                                          com.sun.xacml.attr.AttributeValue value)
Simple helper routine that creates a TargetMatch instance.

Parameters:
type - the type of match
functionId - the matching function identifier
designator - the AttributeDesignator used in this match
value - the AttributeValue used in this match
Returns:
the matching element

createPolicyTarget

public static com.sun.xacml.Target createPolicyTarget(java.lang.String sSubject,
                                                      java.lang.String sResource)
                                               throws java.net.URISyntaxException
Deprecated. 

Creates the Target used in the Policy. This Target specifies that the Policy applies to any example.com users who are requesting some form of access to server.example.com.

Returns:
the target
Throws:
java.net.URISyntaxException - if there is a problem with any of the URIs

createRuleTarget

public static com.sun.xacml.Target createRuleTarget(java.lang.String sAction)
                                             throws java.net.URISyntaxException
Deprecated. 

Creates the Target used in the Condition. This Target specifies that the Condition applies to anyone taking the action commit.

Returns:
the target
Throws:
java.net.URISyntaxException - if there is a problem with any of the URIs

createRuleCondition

public static com.sun.xacml.cond.Apply createRuleCondition(java.lang.String attribute,
                                                           java.lang.String value)
                                                    throws java.net.URISyntaxException
Deprecated. 

Creates the Condition used in the Rule. Note that a Condition is just a special kind of Apply.

Returns:
the condition
Throws:
java.net.URISyntaxException - if there is a problem with any of the URIs

createRule

public static com.sun.xacml.Rule createRule(java.lang.String ruleId,
                                            java.lang.String targetAction,
                                            java.lang.String conditionAttribute,
                                            java.lang.String conditionAttributesValue)
                                     throws java.net.URISyntaxException
Deprecated. 

Creates the Rule used in the Policy.

Returns:
the rule
Throws:
java.net.URISyntaxException - if there is a problem with any of the URIs

readFileAsString

private static java.lang.String readFileAsString(java.lang.String filePath)
                                          throws java.io.IOException
Parameters:
filePath - the name of the file to open. Not sure if it can accept URLs or just filenames. Path handling could be better, and buffer sizes are hardcoded
Throws:
java.io.IOException

parsePolicy

private static org.w3c.dom.Document parsePolicy(java.lang.String filename)
Parses file into DOM structure

Parameters:
filename -
Returns:

addRuleForResource

private static void addRuleForResource(java.util.ArrayList<java.lang.String> policyFileNames,
                                       com.sun.xacml.Rule ruleToAdd,
                                       java.lang.String resource,
                                       java.lang.String groupName)
                                throws java.lang.Exception
Deprecated. 

Adds rule to existing policy in policy store (policyFileNames). This rule is new rule for provided resource. If policy file for this resource does not exist, exception is thrown. In this case, user must create policy for this resource. If ruleId in this policy already exists, exception in thrown. User must provide other ruleId.

Parameters:
policyFileNames - files where policies are stored
ruleToAdd - newly created policy
resource - which resource does this policy account to
groupName - which group name are we permitting usage of this resource
Throws:
java.lang.Exception

getPolicyFile

private static java.lang.String getPolicyFile(java.lang.String policyId,
                                              java.util.ArrayList<java.lang.String> policyFiles)
                                       throws java.lang.Exception
Deprecated. 

Finds policy file from list of files (policyFiles) with policyId.

Parameters:
policyId -
policyFiles -
Returns:
filename or null if policy is not found
Throws:
java.lang.Exception

setPolicyDirStorage

public static void setPolicyDirStorage(java.lang.String storeDirPath)
                                throws java.lang.Exception
Sets storage directory for policy storage.

Parameters:
storeDirPath -
Throws:
java.lang.Exception

getPolicyFiles

private static java.util.ArrayList<java.lang.String> getPolicyFiles(java.io.File policyStorageDirectory)
Returns list of all files (filenames) of XACML policies.

Parameters:
policyStorageDirectory -
Returns:

addRuleToPolicy

private static void addRuleToPolicy(java.util.ArrayList<java.lang.String> policyFileNames,
                                    java.lang.String policyId,
                                    com.sun.xacml.Rule ruleToAdd)
                             throws java.lang.Exception
Deprecated. 

DEPRECATED Adds rule which is obtained from list of file to policy which provided policyId.

Parameters:
files - list of policy files
policyId - id of policy
ruleId -
action - of new rule
attr - of rule
attrVal - value for provided attribute
Throws:
java.lang.Exception

addRuleToPolicy

public static java.lang.String addRuleToPolicy(java.lang.String ruleId,
                                               java.lang.String policyId,
                                               java.lang.String action,
                                               java.lang.String attr,
                                               java.lang.String groupName)
                                        throws java.lang.Exception
Deprecated. 

Adds rule to policy (if exists).

Parameters:
ruleId - of new rule
policyId - to which new rule will be added
action - for which action are we applying this rule
attr - attribute for this rule (e.g. group, username)
groupName - This is actually attribute value
Throws:
java.lang.Exception

addRuleToPolicy

public static java.lang.String addRuleToPolicy(com.sun.xacml.Rule rule,
                                               java.lang.String policyId)
                                        throws java.lang.Exception
Deprecated. 

DEPRECATED Adds rule to policy with provided policyId.

Parameters:
rule - newly generated policy
policyId - Id of destination policy
Returns:
Throws:
java.lang.Exception

addRuleToPolicy

public static void addRuleToPolicy(java.lang.String pathToForm,
                                   Policy policy)
                            throws java.lang.Exception
Deprecated. 

Adds rule from XML form as XACML rule into policy

Parameters:
pathToForm - - Path to local file where XML of the request resides.
policy - into which rule will be added
Throws:
java.lang.Exception

addRuleToPolicy

public static void addRuleToPolicy(PolicyRule pr,
                                   java.lang.String policyId)
                            throws java.lang.Exception
Adds rule from XML form as XACML rule into policy

Parameters:
pathToForm - - Path to local file where XML of the request resides.
policy - into which rule will be added
Throws:
java.lang.Exception

removeRuleFromPolicy

public static boolean removeRuleFromPolicy(java.lang.String ruleId,
                                           java.lang.String policyId)
                                    throws java.lang.Exception
Removes rule from policy with specified policyId.

Parameters:
ruleId - Rule which will be removed from policy.
policyId - policy from which this rule is removed.
Returns:
true on success.
Throws:
java.lang.Exception

reloadVOPS

public static java.lang.Object reloadVOPS()
                                   throws java.lang.Exception
Reloads VOPS policy storage.

Returns:
Throws:
java.lang.Exception

removePolicyRule

public static void removePolicyRule(java.lang.String policyId,
                                    java.lang.String ruleId)
                             throws java.lang.Exception
Deprecated. 

Removes policy rule from Policy with PolicyId. Policy rule is described with action, attrType, attrVal.

Parameters:
PolicyId -
action -
attrType -
attrVal -
Throws:
java.lang.Exception

getPolicy

public static Policy getPolicy(java.lang.String policyId)
Returns policy from policy storage with specified policyId.

Parameters:
policyId -
Returns:
policy with policyId

removePolicy

public static void removePolicy(java.lang.String policyId)
                         throws java.lang.Exception
Deletes policy with PolicyId from policy storage (in our case deletes file containing policy with PolicyId from directory with policies stored). Also removes policy with policyId from arrayList of policies

Parameters:
policyId -
Throws:
java.lang.Exception

createPolicy

public static java.lang.String createPolicy(java.lang.String policyID,
                                            java.lang.String description,
                                            java.lang.String targetResource)
                                     throws java.lang.Exception
Deprecated. 

Creates policy file in storage with

Parameters:
policyID -
description - of policy
resource - The resource to which this policy accounts to
Throws:
java.lang.Exception

listPolicies

public static java.util.ArrayList<Policy> listPolicies()
Lists all policies in policy storage.

Returns:
ArrayList of Strings, containing info about PolicyId, Resource of policy

listPolicy

public static Policy listPolicy(java.lang.String policyId)
Returns policy as String

Parameters:
policyId -
Returns:
Instance of policy

initializePDP

public static void initializePDP()
                          throws java.lang.Exception
Initializes PDP: parses policies from local storage directory and adds them into arraylist of policies for easier access.

Throws:
java.lang.Exception

refreshVopsPDP

private static void refreshVopsPDP()
                            throws java.lang.Exception
Refreshes VopsPDP

Throws:
java.lang.Exception

updatePolicyStorage

public static void updatePolicyStorage()
                                throws java.lang.Exception
Writes back all policies from policyStorage arrayList. Policy filenames with name identical to .xacml will be overwritten!

Throws:
java.lang.Exception

evaluateRequest

public static com.sun.xacml.ctx.ResponseCtx evaluateRequest(com.sun.xacml.ctx.RequestCtx request)
Evaluates request.

Parameters:
request -
Returns:

getFilteredPolicy

public static Policy getFilteredPolicy(com.sun.xacml.ctx.RequestCtx request,
                                       boolean matchResources)
                                throws java.lang.Exception
Filters policies based on the provided request. Rules in newly constructed policy apply to subject which is stated in the request. First all policy files are found on local storage of this service. Second, these policies are parsed into Policy structure (mixture of PolicyXtreem and suns XACML policy) Finally, from these policy rules which comply to subject part of the request are extracted from policies and new PolicyXtreem is created comprising these.

Parameters:
request - XACML request which is tested against rules
matchRequest - set to true if we want to match also resource data (besides user data)
Returns:
new policy comprising rules which apply to subject part of request
Throws:
java.lang.Exception

getFilteredPolicy

public static Policy getFilteredPolicy(java.security.cert.X509Certificate cert)
Deprecated. 

Returns Policy comprising PolicyRules that correspond to provided certificate. Certificate is used to create request context (subject part is filled in with certificate data).

Parameters:
cert - Certificate used to construct request.
Returns:
filtered policy

registerResource

public static void registerResource(IResource res)
EXPERIMENTAL! This method registers resource into local PDP. First extract attributes from resource, use those attributes for TARGET of the resource's POLICY.

Parameters:
res - resource to register

createEmptyPolicy

public static Policy createEmptyPolicy(java.net.URI policyId,
                                       java.lang.String policyDescription)
                                throws java.lang.Exception
Creates empty policy with policy id and policy description.

Parameters:
policyId -
policyDescription -
Returns:
Throws:
java.lang.Exception

main

public static void main(java.lang.String[] args)
                 throws java.lang.Exception
Command-line routine that bundles together all the information needed to create a Policy and then encodes the Policy, printing to standard out.

Throws:
java.lang.Exception