Context Navigation

source: fedd/abac-src/ttg/credential/RtmlFrontier.java @ df783c1

axis_examplecompt_changesinfo-opsversion-2.00version-3.01version-3.02

Last change on this file since df783c1 was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago
ABAC sources from Cobham
Property mode set to `100644`
File size: 11.1 KB

Line
1	package com.nailabs.abac.credential;
2
3	import java.util.*;
4
5	import com.nailabs.abac.process.FrontierManager;
6	import com.nailabs.abac.process.AckPolicy;
7	import com.nailabs.abac.process.AckFact;
8	import com.nailabs.abac.process.ACPolicy;
9	import com.nailabs.abac.process.ResourcePolicy;
10	import edu.stanford.peer.rbtm.credential.Entity;
11	import edu.stanford.peer.rbtm.credential.EntityExpression;
12	import edu.stanford.peer.rbtm.credential.RoleName;
13	import edu.stanford.peer.rbtm.credential.SimpleRoleName;
14	import edu.stanford.peer.rbtm.credential.StaticCredential;
15	import edu.stanford.peer.rbtm.engine.Simp;
16	import edu.stanford.peer.rbtm.engine.Sens;
17	import edu.stanford.peer.rbtm.engine.Oppo;
18	import edu.stanford.rt.credential.*;
19	import edu.stanford.rt.parser.RTParser;
20	import edu.stanford.rt.util.Constants;
21
22	/**
23	* A frontier manager class which uses the application specification
24	* domain for determining whether a rol is issuer traces all, issuer
25	* traces def, etc.
26	*/
27	public class RtmlFrontier extends FrontierManager implements Constants {
28	protected HashMap discoveryConfig;
29
30	protected ApplicationDomain domain;
31
32	protected CredentialStore store;
33
34	protected RTContext context;
35
36	protected HashID id = null;
37
38	//protected HashSet issuerTracesAll = new HashSet();
39
40	protected HashSet issuerTraces = new HashSet();
41
42	//protected HashSet issuerTracesDef = new HashSet();
43
44	protected ResourcePolicy resourcePolicy = null;
45
46	public RtmlFrontier(HashMap config) {
47	String domainName = getApplicationDomainName(config);
48	discoveryConfig = new HashMap(2); // needed for constructing a DDEngine
49	discoveryConfig.put("DDEParser", config.get("DDEParser"));
50	discoveryConfig.put("PrepInfo", config.get("PrepInfo"));
51	discoveryConfig.put("DDEContext", config.get("DDEContext"));
52	store = (CredentialStore)config.get("CredentialStore");
53	context = (RTContext)config.get("RTContext");
54	id = new HashID(HashID.APPLICATION_DOMAIN, domainName);
55	domain = context.getApplicationDomain(id);
56	init(config);
57	}
58
59	/** specialized init method for accessing the credential store backends */
60	public void init(HashMap config) {
61	// (0) get the configurations entity identifier
62	this.self =(Entity) config.get("EntityID");
63
64	// (1) load acknowledgement(ACK) policy
65	ackPolicy = (AckPolicy)config.get("AckPolicy");
66
67	// (2) load access control (AC) policy
68	acPolicy = (ACPolicy)config.get("AccessControl");
69	// (2 and 1/2) load the resource policy
70	resourcePolicy = (ResourcePolicy)config.get("ResourcePolicy");
71
72	// (3) load issuer traceable roles
73	// (4) load subject traceale roles
74	parseRoleDeclarations(config);
75
76	// (5) construct sensitive roles predicate from the ack policy
77	Sens sens = new Sens(ackPolicy.getSensitiveRoles());
78
79	// (6) construct opponent predicate from the issuer traceable roles
80	Oppo oppo = new Oppo(new Vector(issuerTracesDef));
81	oppo.addSubjects(new Vector(issuerTracesAll));
82
83	// TBD: Does this really need to be separated into two mutually
84	// exclusive credential sets? And in this case we have three
85	// credential stores (the primordial, issuer-traces, and
86	// subject-traces).
87
88	// (8) separate policy reachable credentials
89	// (9) separate self reachable credentials
90	CredentialStore store = (CredentialStore)config.get("CredentialStore");
91	CredentialStore subjectStore = null, issuerStore = null;
92	try {
93	RTParser parser = new RTParser();
94	subjectStore = new CredentialStore(parser);
95	issuerStore = new CredentialStore(parser);
96	Iterator domains =
97	store.getCredentialDomains().values().iterator();
98	while(domains.hasNext()) {
99	CredentialDomain domain = (CredentialDomain)domains.next();
100	RoleDefinition def =
101	(RoleDefinition)domain.roleDefinitionIterator().next();
102	RoleName roleName =
103	new SimpleRoleName(def.getHead().getName());
104	if(isIssuerTraceable(roleName)) {
105	issuerStore.addCredentialDomain(domain.getHashID(),domain);
106	} else {
107	//if(isSubjectTraceable(roleName)) {
108	subjectStore.addCredentialDomain(domain.getHashID(),domain);
109	}
110	// It is possible that credential may fall through to here. We
111	// propbably just remove the second if-statement...
112	}
113	} catch (Exception ex) {
114	ex.printStackTrace();
115	}
116
117	// (7) construct the frontier functions with their predicates
118	oppoLocal = new RtmlEngine(issuerStore);
119	System.out.println("------> Sensitive Graph");
120	sensFrontier = new RtmlEngine(subjectStore, sens);
121	System.out.println("------> Opponent Graph");
122	oppoFrontier = new RtmlEngine(issuerStore, oppo);
123	System.out.println("------> Simple Graph");
124	simpFrontier = new RtmlEngine(subjectStore, new Simp());
125
126	// perform credential discovery here
127	DDEngine selfTraceable = discoverSelfTraceable();
128	DDEngine policyTraceable = discoverPolicyTraceable();
129	// TBD: add backwards compatibility check in here if necessary
130	// which would avoid discovery
131	((RtmlEngine)oppoLocal).importDomains(policyTraceable);
132	((RtmlEngine)sensFrontier).importDomains(selfTraceable);
133	((RtmlEngine)oppoFrontier).importDomains(policyTraceable);
134	((RtmlEngine)simpFrontier).importDomains(selfTraceable);
135	}
136
137
138	protected String getApplicationDomainName(HashMap config) {
139	Properties props = (Properties)config.get("RTML");
140	return props.getProperty("ApplicationDomain");
141	}
142
143	protected OrderedMap getRoleDeclarations() {
144	try {
145	return domain.getRoleDeclarations();
146	} catch(Exception ex) {
147	ex.printStackTrace();
148	}
149	return null;
150	}
151
152
153	public DDEngine discoverPolicyTraceable() {
154	Iterator ackValues = ackPolicy.getRequiredRoles().iterator();
155	Iterator acValues = acPolicy.getRequiredRoles().iterator();
156	Iterator resourceValues = resourcePolicy.getRequiredRoles().iterator();
157	DDEngine discoveryEngine = new DDEngine(discoveryConfig);
158	HashSet policySet = new HashSet();
159
160	while(ackValues.hasNext()) {
161	AckFact ackVal = (AckFact)ackValues.next();
162	policySet.add(ackVal.getRequirement());
163	}
164	while(acValues.hasNext()) {
165	EntityExpression acVal = (EntityExpression)acValues.next();
166	policySet.add(acVal);
167	}
168	while(resourceValues.hasNext()) {
169	EntityExpression resourceVal =
170	(EntityExpression)resourceValues.next();
171	policySet.add(resourceVal);
172	}
173	Iterator randomRoles = policySet.iterator();
174	while(randomRoles.hasNext()) {
175	EntityExpression random = (EntityExpression)randomRoles.next();
176	discoveryEngine.backwardSearch(random);
177	}
178	return discoveryEngine;
179	}
180
181	public DDEngine discoverSelfTraceable() {
182	HashSet selfSet = new HashSet();
183	Iterator mySensRoles = ackPolicy.getSensitiveRoles().iterator();
184	DDEngine discoveryEngine = new DDEngine(discoveryConfig);
185	//RtmlEngine local = new RtmlEngine(store);
186
187	//find all the credentials which have roles that map directly to self
188	Iterator myRoles = oppoFrontier.findCredentialsBySubject(self);
189	while(myRoles.hasNext()) {
190	RtmlCredential cred = (RtmlCredential)myRoles.next();
191	EntityExpression me = cred.getDefinedRole();
192	selfSet.add(me);
193	}
194	myRoles = sensFrontier.findCredentialsBySubject(self);
195	while(myRoles.hasNext()) {
196	RtmlCredential cred = (RtmlCredential)myRoles.next();
197	EntityExpression me = cred.getDefinedRole();
198	selfSet.add(me);
199	}
200	//add the sensitive roles to the initial search set
201	while(mySensRoles.hasNext()) {
202	EntityExpression sense = (EntityExpression)mySensRoles.next();
203	selfSet.add(sense);
204	}
205	//perform forward searches on the pseudo-random set of roles
206	Iterator randomRoles = selfSet.iterator();
207	while(randomRoles.hasNext()) {
208	EntityExpression random = (EntityExpression)randomRoles.next();
209	discoveryEngine.forwardSearch(random);
210	}
211	return discoveryEngine;
212	}
213
214
215	protected void parseRoleDeclarations(HashMap config) {
216	// TBD: revisit to make this more robust in case an error occurs.
217	// it should not necessarily bail out of all role processing
218	try {
219	OrderedMap map = getRoleDeclarations();
220	Iterator keys = map.keyIterator();
221	System.out.println("Frontier parsing role declaratons");
222	while(keys.hasNext()) {
223	RoleDeclaration role = (RoleDeclaration)map.get(keys.next());
224	System.out.println("role = " + role.getName());
225	parseRoleDeclaration(role);
226	System.out.println();
227	}
228	} catch(Exception ex) {
229	ex.printStackTrace();
230	}
231	System.out.println("End declaration parsing!");
232	config.put("IssuerTracesAll", issuerTracesAll);
233	config.put("IssuerTracesDef", issuerTracesDef);
234	config.put("SubjectTraceable", subjectTraces);
235	}
236
237	protected void parseRoleDeclaration(RoleDeclaration declaration) {
238	int issuerValue = declaration.getIssuerTracesType();
239	int subjectValue = declaration.getSubjectTracesType();
240
241	if(issuerValue == ISSUER_TRACES_ALL) {
242	issuerTracesAll.add(declaration.getName());
243	System.out.print("issuer_traces_all");
244	}
245	if(issuerValue == ISSUER_TRACES_DEF) {
246	issuerTracesDef.add(declaration.getName());
247	System.out.print("issuer_traces_def");
248	}
249	if(subjectValue == SUBJECT_TRACES_ALL) {
250	subjectTraces.add(declaration.getName());
251	System.out.print("subject_traces_all");
252	}
253	}
254
255	private RoleDeclaration getRoleDeclaration(RoleName role) {
256	try {
257	System.out.println("id = " + id);
258	return domain.lookupRoleDeclaration(role.getName());
259	} catch(Exception ex) {
260	ex.printStackTrace();
261	}
262	return null;
263	}
264
265	/** Is the specified credential policy traceable? */
266	public boolean isPolicyTraceable(StaticCredential cred) {
267	return isIssuerTraceable(cred.getDefinedRole().getName());
268	}
269
270	/** Can the specified credential be traced back to this negotiator? */
271	public boolean isSelfReachable(StaticCredential cred) {
272	return isSubjectTraceable(cred.getDefinedRole().getName());
273	}
274
275	public boolean isIssuerTraceable(RoleName role) {
276	int value = getRoleDeclaration(role).getIssuerTracesType();
277	return (value == ISSUER_TRACES_ALL \|\| value == ISSUER_TRACES_DEF);
278	}
279
280	public boolean isIssuerTracesAll(RoleName role) {
281	int value = getRoleDeclaration(role).getIssuerTracesType();
282	return (value == ISSUER_TRACES_ALL);
283	}
284
285	public boolean isIssuerTracesDef(RoleName role) {
286	int value = getRoleDeclaration(role).getIssuerTracesType();
287	return (value == ISSUER_TRACES_DEF);
288	}
289
290	public boolean isSubjectTraceable(RoleName role) {
291	int value = getRoleDeclaration(role).getSubjectTracesType();
292	return (value == SUBJECT_TRACES_ALL);
293	}
294
295	public boolean subjectTracesAll(RoleName role) {
296	int value = getRoleDeclaration(role).getSubjectTracesType();
297	return (value == SUBJECT_TRACES_ALL);
298	}
299
300
301	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: