Context Navigation

source: fedd/abac-src/ttg/credential/RtmlFrontier.java @ df783c1

axis_examplecompt_changesinfo-opsversion-2.00version-3.01version-3.02

Last change on this file since df783c1 was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago
ABAC sources from Cobham
Property mode set to `100644`
File size: 11.1 KB

Rev	Line
[8780cbec]	1	package com.nailabs.abac.credential;
	2
	3	import java.util.*;
	4
	5	import com.nailabs.abac.process.FrontierManager;
	6	import com.nailabs.abac.process.AckPolicy;
	7	import com.nailabs.abac.process.AckFact;
	8	import com.nailabs.abac.process.ACPolicy;
	9	import com.nailabs.abac.process.ResourcePolicy;
	10	import edu.stanford.peer.rbtm.credential.Entity;
	11	import edu.stanford.peer.rbtm.credential.EntityExpression;
	12	import edu.stanford.peer.rbtm.credential.RoleName;
	13	import edu.stanford.peer.rbtm.credential.SimpleRoleName;
	14	import edu.stanford.peer.rbtm.credential.StaticCredential;
	15	import edu.stanford.peer.rbtm.engine.Simp;
	16	import edu.stanford.peer.rbtm.engine.Sens;
	17	import edu.stanford.peer.rbtm.engine.Oppo;
	18	import edu.stanford.rt.credential.*;
	19	import edu.stanford.rt.parser.RTParser;
	20	import edu.stanford.rt.util.Constants;
	21
	22	/**
	23	* A frontier manager class which uses the application specification
	24	* domain for determining whether a rol is issuer traces all, issuer
	25	* traces def, etc.
	26	*/
	27	public class RtmlFrontier extends FrontierManager implements Constants {
	28	protected HashMap discoveryConfig;
	29
	30	protected ApplicationDomain domain;
	31
	32	protected CredentialStore store;
	33
	34	protected RTContext context;
	35
	36	protected HashID id = null;
	37
	38	//protected HashSet issuerTracesAll = new HashSet();
	39
	40	protected HashSet issuerTraces = new HashSet();
	41
	42	//protected HashSet issuerTracesDef = new HashSet();
	43
	44	protected ResourcePolicy resourcePolicy = null;
	45
	46	public RtmlFrontier(HashMap config) {
	47	String domainName = getApplicationDomainName(config);
	48	discoveryConfig = new HashMap(2); // needed for constructing a DDEngine
	49	discoveryConfig.put("DDEParser", config.get("DDEParser"));
	50	discoveryConfig.put("PrepInfo", config.get("PrepInfo"));
	51	discoveryConfig.put("DDEContext", config.get("DDEContext"));
	52	store = (CredentialStore)config.get("CredentialStore");
	53	context = (RTContext)config.get("RTContext");
	54	id = new HashID(HashID.APPLICATION_DOMAIN, domainName);
	55	domain = context.getApplicationDomain(id);
	56	init(config);
	57	}
	58
	59	/** specialized init method for accessing the credential store backends */
	60	public void init(HashMap config) {
	61	// (0) get the configurations entity identifier
	62	this.self =(Entity) config.get("EntityID");
	63
	64	// (1) load acknowledgement(ACK) policy
	65	ackPolicy = (AckPolicy)config.get("AckPolicy");
	66
	67	// (2) load access control (AC) policy
	68	acPolicy = (ACPolicy)config.get("AccessControl");
	69	// (2 and 1/2) load the resource policy
	70	resourcePolicy = (ResourcePolicy)config.get("ResourcePolicy");
	71
	72	// (3) load issuer traceable roles
	73	// (4) load subject traceale roles
	74	parseRoleDeclarations(config);
	75
	76	// (5) construct sensitive roles predicate from the ack policy
	77	Sens sens = new Sens(ackPolicy.getSensitiveRoles());
	78
	79	// (6) construct opponent predicate from the issuer traceable roles
	80	Oppo oppo = new Oppo(new Vector(issuerTracesDef));
	81	oppo.addSubjects(new Vector(issuerTracesAll));
	82
	83	// TBD: Does this really need to be separated into two mutually
	84	// exclusive credential sets? And in this case we have three
	85	// credential stores (the primordial, issuer-traces, and
	86	// subject-traces).
	87
	88	// (8) separate policy reachable credentials
	89	// (9) separate self reachable credentials
	90	CredentialStore store = (CredentialStore)config.get("CredentialStore");
	91	CredentialStore subjectStore = null, issuerStore = null;
	92	try {
	93	RTParser parser = new RTParser();
	94	subjectStore = new CredentialStore(parser);
	95	issuerStore = new CredentialStore(parser);
	96	Iterator domains =
	97	store.getCredentialDomains().values().iterator();
	98	while(domains.hasNext()) {
	99	CredentialDomain domain = (CredentialDomain)domains.next();
	100	RoleDefinition def =
	101	(RoleDefinition)domain.roleDefinitionIterator().next();
	102	RoleName roleName =
	103	new SimpleRoleName(def.getHead().getName());
	104	if(isIssuerTraceable(roleName)) {
	105	issuerStore.addCredentialDomain(domain.getHashID(),domain);
	106	} else {
	107	//if(isSubjectTraceable(roleName)) {
	108	subjectStore.addCredentialDomain(domain.getHashID(),domain);
	109	}
	110	// It is possible that credential may fall through to here. We
	111	// propbably just remove the second if-statement...
	112	}
	113	} catch (Exception ex) {
	114	ex.printStackTrace();
	115	}
	116
	117	// (7) construct the frontier functions with their predicates
	118	oppoLocal = new RtmlEngine(issuerStore);
	119	System.out.println("------> Sensitive Graph");
	120	sensFrontier = new RtmlEngine(subjectStore, sens);
	121	System.out.println("------> Opponent Graph");
	122	oppoFrontier = new RtmlEngine(issuerStore, oppo);
	123	System.out.println("------> Simple Graph");
	124	simpFrontier = new RtmlEngine(subjectStore, new Simp());
	125
	126	// perform credential discovery here
	127	DDEngine selfTraceable = discoverSelfTraceable();
	128	DDEngine policyTraceable = discoverPolicyTraceable();
	129	// TBD: add backwards compatibility check in here if necessary
	130	// which would avoid discovery
	131	((RtmlEngine)oppoLocal).importDomains(policyTraceable);
	132	((RtmlEngine)sensFrontier).importDomains(selfTraceable);
	133	((RtmlEngine)oppoFrontier).importDomains(policyTraceable);
	134	((RtmlEngine)simpFrontier).importDomains(selfTraceable);
	135	}
	136
	137
	138	protected String getApplicationDomainName(HashMap config) {
	139	Properties props = (Properties)config.get("RTML");
	140	return props.getProperty("ApplicationDomain");
	141	}
	142
	143	protected OrderedMap getRoleDeclarations() {
	144	try {
	145	return domain.getRoleDeclarations();
	146	} catch(Exception ex) {
	147	ex.printStackTrace();
	148	}
	149	return null;
	150	}
	151
	152
	153	public DDEngine discoverPolicyTraceable() {
	154	Iterator ackValues = ackPolicy.getRequiredRoles().iterator();
	155	Iterator acValues = acPolicy.getRequiredRoles().iterator();
	156	Iterator resourceValues = resourcePolicy.getRequiredRoles().iterator();
	157	DDEngine discoveryEngine = new DDEngine(discoveryConfig);
	158	HashSet policySet = new HashSet();
	159
	160	while(ackValues.hasNext()) {
	161	AckFact ackVal = (AckFact)ackValues.next();
	162	policySet.add(ackVal.getRequirement());
	163	}
	164	while(acValues.hasNext()) {
	165	EntityExpression acVal = (EntityExpression)acValues.next();
	166	policySet.add(acVal);
	167	}
	168	while(resourceValues.hasNext()) {
	169	EntityExpression resourceVal =
	170	(EntityExpression)resourceValues.next();
	171	policySet.add(resourceVal);
	172	}
	173	Iterator randomRoles = policySet.iterator();
	174	while(randomRoles.hasNext()) {
	175	EntityExpression random = (EntityExpression)randomRoles.next();
	176	discoveryEngine.backwardSearch(random);
	177	}
	178	return discoveryEngine;
	179	}
	180
	181	public DDEngine discoverSelfTraceable() {
	182	HashSet selfSet = new HashSet();
	183	Iterator mySensRoles = ackPolicy.getSensitiveRoles().iterator();
	184	DDEngine discoveryEngine = new DDEngine(discoveryConfig);
	185	//RtmlEngine local = new RtmlEngine(store);
	186
	187	//find all the credentials which have roles that map directly to self
	188	Iterator myRoles = oppoFrontier.findCredentialsBySubject(self);
	189	while(myRoles.hasNext()) {
	190	RtmlCredential cred = (RtmlCredential)myRoles.next();
	191	EntityExpression me = cred.getDefinedRole();
	192	selfSet.add(me);
	193	}
	194	myRoles = sensFrontier.findCredentialsBySubject(self);
	195	while(myRoles.hasNext()) {
	196	RtmlCredential cred = (RtmlCredential)myRoles.next();
	197	EntityExpression me = cred.getDefinedRole();
	198	selfSet.add(me);
	199	}
	200	//add the sensitive roles to the initial search set
	201	while(mySensRoles.hasNext()) {
	202	EntityExpression sense = (EntityExpression)mySensRoles.next();
	203	selfSet.add(sense);
	204	}
	205	//perform forward searches on the pseudo-random set of roles
	206	Iterator randomRoles = selfSet.iterator();
	207	while(randomRoles.hasNext()) {
	208	EntityExpression random = (EntityExpression)randomRoles.next();
	209	discoveryEngine.forwardSearch(random);
	210	}
	211	return discoveryEngine;
	212	}
	213
	214
	215	protected void parseRoleDeclarations(HashMap config) {
	216	// TBD: revisit to make this more robust in case an error occurs.
	217	// it should not necessarily bail out of all role processing
	218	try {
	219	OrderedMap map = getRoleDeclarations();
	220	Iterator keys = map.keyIterator();
	221	System.out.println("Frontier parsing role declaratons");
	222	while(keys.hasNext()) {
	223	RoleDeclaration role = (RoleDeclaration)map.get(keys.next());
	224	System.out.println("role = " + role.getName());
	225	parseRoleDeclaration(role);
	226	System.out.println();
	227	}
	228	} catch(Exception ex) {
	229	ex.printStackTrace();
	230	}
	231	System.out.println("End declaration parsing!");
	232	config.put("IssuerTracesAll", issuerTracesAll);
	233	config.put("IssuerTracesDef", issuerTracesDef);
	234	config.put("SubjectTraceable", subjectTraces);
	235	}
	236
	237	protected void parseRoleDeclaration(RoleDeclaration declaration) {
	238	int issuerValue = declaration.getIssuerTracesType();
	239	int subjectValue = declaration.getSubjectTracesType();
	240
	241	if(issuerValue == ISSUER_TRACES_ALL) {
	242	issuerTracesAll.add(declaration.getName());
	243	System.out.print("issuer_traces_all");
	244	}
	245	if(issuerValue == ISSUER_TRACES_DEF) {
	246	issuerTracesDef.add(declaration.getName());
	247	System.out.print("issuer_traces_def");
	248	}
	249	if(subjectValue == SUBJECT_TRACES_ALL) {
	250	subjectTraces.add(declaration.getName());
	251	System.out.print("subject_traces_all");
	252	}
	253	}
	254
	255	private RoleDeclaration getRoleDeclaration(RoleName role) {
	256	try {
	257	System.out.println("id = " + id);
	258	return domain.lookupRoleDeclaration(role.getName());
	259	} catch(Exception ex) {
	260	ex.printStackTrace();
	261	}
	262	return null;
	263	}
	264
	265	/** Is the specified credential policy traceable? */
	266	public boolean isPolicyTraceable(StaticCredential cred) {
	267	return isIssuerTraceable(cred.getDefinedRole().getName());
	268	}
	269
	270	/** Can the specified credential be traced back to this negotiator? */
	271	public boolean isSelfReachable(StaticCredential cred) {
	272	return isSubjectTraceable(cred.getDefinedRole().getName());
	273	}
	274
	275	public boolean isIssuerTraceable(RoleName role) {
	276	int value = getRoleDeclaration(role).getIssuerTracesType();
	277	return (value == ISSUER_TRACES_ALL \|\| value == ISSUER_TRACES_DEF);
	278	}
	279
	280	public boolean isIssuerTracesAll(RoleName role) {
	281	int value = getRoleDeclaration(role).getIssuerTracesType();
	282	return (value == ISSUER_TRACES_ALL);
	283	}
	284
	285	public boolean isIssuerTracesDef(RoleName role) {
	286	int value = getRoleDeclaration(role).getIssuerTracesType();
	287	return (value == ISSUER_TRACES_DEF);
	288	}
	289
	290	public boolean isSubjectTraceable(RoleName role) {
	291	int value = getRoleDeclaration(role).getSubjectTracesType();
	292	return (value == SUBJECT_TRACES_ALL);
	293	}
	294
	295	public boolean subjectTracesAll(RoleName role) {
	296	int value = getRoleDeclaration(role).getSubjectTracesType();
	297	return (value == SUBJECT_TRACES_ALL);
	298	}
	299
	300
	301	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: