source: fedd/abac-src/ttg/process/FrontierManager.java @ db6b092

axis_examplecompt_changesinfo-opsversion-2.00version-3.01version-3.02
Last change on this file since db6b092 was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago

ABAC sources from Cobham

  • Property mode set to 100644
File size: 13.4 KB
Line 
1package com.nailabs.abac.process;
2
3import com.nailabs.abac.test.Debug;
4import com.nailabs.abac.credential.RtmlFrontier;
5import edu.stanford.peer.rbtm.credential.*;
6import edu.stanford.peer.rbtm.engine.*;
7import edu.stanford.peer.rbtm.test.*;
8import edu.stanford.peer.rbtm.util.*;
9
10import java.util.*;
11
12/**
13 * A manager class for frontier functions. Each set of functions should
14 * be unique to a principal. The manager is a singleton object with a method
15 * for obtaining a set of specific frontiers.
16 */
17public class FrontierManager  extends com.nailabs.abac.test.TestEngine 
18    implements java.io.Serializable {
19
20    /** Singleton reference table for sharing frontiers. */
21    static Hashtable frontiers = new Hashtable(5);
22   
23    /** The principal identifier, which is an Entity name */
24    protected Entity self;
25
26    /**
27     * The configuration hashmap. Section name is key and stringified
28     * line vectors are the values
29     */
30    protected HashMap conf;
31
32    /** The set of issuer traceable credentials */
33    protected HashSet cSuperI = new HashSet();
34
35    /** The set of subject traceable credentials */
36    protected HashSet cSuperS = new HashSet();
37
38    /** The set of subject traceable <emp>roles</emp> */
39    protected HashSet subjectTraces = new HashSet();
40
41    protected HashSet issuerTracesDef = new HashSet();
42
43    protected HashSet issuerTracesAll = new HashSet();
44
45    /** a search engine which uses the <code>oppo()</code> predicate */
46    protected GraphEngine oppoLocal;
47
48    /** a search engine which uses the <code>oppo()</code> predicate */
49    protected GraphEngine oppoFrontier;
50   
51    /** a search engine which uses the <code>sens()</code> predicate */
52    protected GraphEngine sensFrontier;
53   
54    /** a search engine which uses the <code>simp()</code> predicate */
55    protected GraphEngine simpFrontier;
56   
57    /** the acknowledgement policy for this principal entity */
58    protected AckPolicy ackPolicy;
59
60    /** the access control policy for this principal entity */
61    protected ACPolicy acPolicy;
62
63    /** constructor for subclasses */
64    protected FrontierManager() { }
65   
66    /** default constructor, only used internally */
67    protected FrontierManager(HashMap config) {
68        init(config);
69    }
70   
71    /**
72     * initialization is no longer in constructor, so subclasses can
73     * manipulate the configuration hash map.
74     */
75    protected void init(HashMap config) {
76        //int track = TRACK_ALL;
77
78        // (0) get the configurations entity identifier
79        this.self =(Entity) config.get("EntityID");
80
81        // (1) load acknowledgement(ACK) policy
82        ackPolicy = (AckPolicy)config.get("AckPolicy");
83
84        // (2) load access control (AC) policy
85        acPolicy = (ACPolicy)config.get("AccessControl");
86
87        // (3) load issuer traceable roles
88        issuerTracesAll = (HashSet)config.get("IssuerTracesAll");
89        issuerTracesDef = (HashSet)config.get("IssuerTracesDef");
90
91        // (4) load subject traceale roles
92        subjectTraces = (HashSet)config.get("SubjectTraceable");
93
94        // (5) construct sensitive roles predicate from the ack policy
95        Sens sens = new Sens(ackPolicy.getSensitiveRoles());
96
97        // (6) construct opponent predicate from the issuer traceable roles
98        Oppo oppo = new Oppo(new Vector(issuerTracesDef));
99        oppo.addSubjects(new Vector(issuerTracesAll));
100
101        // (7) construct the frontier functions with their predicates
102        oppoLocal = new GraphEngine();
103        //System.out.println("------> Sensitive Graph");
104        sensFrontier = new GraphEngine(sens);
105        //System.out.println("------> Opponent Graph");
106        oppoFrontier = new GraphEngine(oppo);
107        //System.out.println("------> Simple Graph");
108        simpFrontier = new GraphEngine(new Simp());
109
110        // TBD: Does this really need to be separated into two mutually exclusive
111        //      credential sets?
112        // (8) add policy reachable credentials
113        System.out.println("------> Policy Reachable");
114        HashSet policyReachable = (HashSet)config.get("PolicyReachable");
115        Iterator ci = policyReachable.iterator();
116        while(ci.hasNext()) {
117            addPolicyReachable((StaticCredential)ci.next());
118        }
119         
120        // (9) add self reachable credentials
121        System.out.println("------> Self Traceable");
122        HashSet selfReachable = (HashSet)config.get("SelfReachable");
123        Iterator cs = selfReachable.iterator();
124        while(cs.hasNext()) {
125            addSelfReachable((StaticCredential)cs.next());
126        }
127
128    }
129    public static void addFrontier(HashMap config) {
130        Entity key = (Entity)config.get("EntityID");
131        boolean hasRTML = config.containsKey("RTML");
132        System.out.println("Begin Configuration for " + key);
133         if(frontiers.contains(key.toString()))
134             System.out.println("WARNING overwriting frontier manager for " +
135                               key);   
136         FrontierManager frontier = hasRTML? new RtmlFrontier(config): 
137            new FrontierManager(config);
138         frontiers.put(key.toString(), frontier);
139         System.out.println("End Configuration for " + key);
140    } 
141
142    /** public instance accessor method for a specific frontier set */
143    public static FrontierManager getFrontier(Entity self) {
144        System.out.println("self = " + self);
145        FrontierManager instance = 
146            (FrontierManager)frontiers.get(self.toString());
147        return instance;
148    }
149
150    /** public accessor for a list of instance keys */
151    public static Set getFrontiers() { return frontiers.keySet(); }
152
153    /** the unique identifier for this set of frontier functions */
154    public Entity getSelf() { return self; }
155
156    /** Extract the role name from a role expression (e.g. r from <A.r<--S>) */
157    protected RoleName getRoleName(StaticCredential cred) {
158        return getRoleName(cred.getDefinedRole());
159    }
160
161    /** Extract the role name from a role expression (e.g. r from A.r) */
162    protected RoleName getRoleName(EntityExpression expr) {
163        if(expr != null && (expr instanceof Role)) {
164            return ((Role)expr).getName();
165        }
166        return null;
167    }
168
169    /** adds an issuer traceable credential to the frontier set */
170    public void addSelfReachable(StaticCredential cred) {
171        if(isSubjectTraceable(getRoleName(cred))) {
172            sensFrontier.addCredential(cred);
173            simpFrontier.addCredential(cred);
174            cSuperS.add(cred);
175        }
176    }
177   
178    /** extracts issuer traceable roles from the credntial */
179    public void addPolicyReachable(StaticCredential cred) {
180        if(isIssuerTraceable(getRoleName(cred))) {
181            oppoFrontier.addCredential(cred);
182            oppoLocal.addCredential(cred);
183            cSuperI.add(cred);
184        }
185    }
186
187
188    /** adds an issuer-traces-all role to this frontier set */
189    public void addIssuerTracesAll(RoleName role) {
190        issuerTracesAll.add(role);
191    }
192
193    /** adds an issuer-traces-def role to this frontier set */
194    public void addIssuerTracesDef(RoleName role) {
195        issuerTracesDef.add(role);
196    }
197
198    /** adds an subject traceable credential to the frontier set */
199    public void addSubjectTraceable(RoleName role) {
200        subjectTraces.add(role);
201    }
202
203    public ResultEvidenceMap getOppoLocal(EntityExpression expr) {
204        //a specialized backward search for the LinkTTNode
205        Debug.rbtmStart();
206        System.out.println("-------BEGIN-LOCAL-SEARCH------------");
207        ResultEvidenceMap map =  oppoLocal.backwardSearch(expr);
208        System.out.println("-------END-LOCAL-SEARCH--------------");
209        Debug.rbtmStop();
210        return map;
211    }
212
213    /** gets the frontier of policy traceable roles */
214    public ResultEvidenceMap getOppoFrontier(EntityExpression expr) {
215        // retrieve solutions AND evidence here
216        Debug.rbtmStart();
217        System.out.println("-------BEGIN-OPPO-SEARCH------------");
218        ResultEvidenceMap map =  oppoFrontier.backwardSearch(expr);
219        System.out.println("-------END-OPPO-SEARCH--------------");
220        Debug.rbtmStop();
221        return map;
222    }
223   
224    /** gets the frontier of sensitive roles */
225    public ResultEvidenceMap getSensFrontier(EntityExpression expr) {
226        Debug.rbtmStart();
227        System.out.println("-------BEGIN-SENS-SEARCH------------");
228        System.out.println("searching for " + expr);
229        ResultEvidenceMap map = sensFrontier.backwardSearch(expr);
230        System.out.println("map = " + map);
231        System.out.println("--------END-SENS-SEARCH-------------");
232        System.out.flush();
233        Debug.rbtmStop();
234        return map;
235    }
236   
237    /** get the frontier of non-role entity expressions */
238    public ResultEvidenceMap getSimpFrontier(EntityExpression expr) {
239        Debug.rbtmStart();
240        System.out.println("-------BEGIN-SIMP-SEARCH------------");
241        ResultEvidenceMap map = simpFrontier.backwardSearch(expr);
242        System.out.println("--------END-SIMP-SEARCH------------");
243        Debug.rbtmStop();
244        return map;
245    }
246
247    public HashSet getOppoChain(EntityExpression root, EntityExpression leaf) {
248        HashSet results = new HashSet();
249        try {
250            getOppoFrontier(root);
251            Debug.rbtmStart();
252            System.out.println("Getting oppo chain from " + root + " to " + 
253                               leaf);
254            results = oppoFrontier.getChain(root, leaf);
255            Debug.rbtmStop();
256        } catch(Exception ex) {
257            ex.printStackTrace();
258        }
259        Debug.rbtmStop();
260        return results;
261    }
262
263    public HashSet getSensChain(EntityExpression root, EntityExpression leaf) {
264        //if(!getSensFrontier(root).containsResult(leaf)) {
265        //return null;
266        //}
267        try {
268            getSensFrontier(root);
269            Debug.rbtmStart();
270            System.out.println("---------BEGIN-SENS-CHAIN----------");
271            System.out.println("Getting sens chain from " + root + " to " + 
272                               leaf);
273            HashSet results = sensFrontier.getChain(root, leaf);
274            System.out.println("results = " + results);
275            System.out.println("-----------END-SENS-CHAIN----------\n");
276            Debug.rbtmStop();
277            return results;
278        } catch(Exception ex) {
279            ex.printStackTrace();
280        } 
281        System.out.println("-----------END-SENS-CHAIN----------\n");
282        Debug.rbtmStop();
283        return new HashSet();
284    }
285
286    public HashSet getSimpChain(EntityExpression root, EntityExpression leaf) {
287        System.out.println("Getting simp chain from " + root + " to " + leaf);
288        getSimpFrontier(root);
289        Debug.rbtmStart();
290        HashSet results = simpFrontier.getChain(root, leaf);
291        Debug.rbtmStop();
292        return results;
293    }
294
295    public Iterator getCredentialsDefiningRole(RoleName name) {
296        Iterator i;
297        int count = 0;
298        HashSet results = new HashSet();
299   
300        Debug.rbtmStart();
301        System.out.println("Finding credential defining the role name: "+name);
302        i = oppoFrontier.findCredentialsDefiningRole(name);
303        while(i.hasNext()) {
304            results.add(i.next());
305            System.out.println("count = " + ++count);
306        }
307        i = sensFrontier.findCredentialsDefiningRole(name);
308        while(i.hasNext()) {
309            results.add(i.next());
310            System.out.println("count = " + ++count);
311        }
312        Debug.rbtmStop();
313        Debug.debug("process", "\nDefining creds = " + results);
314        return results.iterator();
315    }
316
317    /** accessor for finding credentials which define a specified role */
318    public Iterator getCredentialsDefiningRole(Role role) {
319        Iterator i;
320        int count = 0;
321        HashSet results = new HashSet();
322   
323        Debug.rbtmStart();
324        System.out.println("Finding credential defining the role: <" + 
325                           role.getBase() + "." +  role.getName() + ">" );
326       
327        i = oppoFrontier.findCredentialsDefiningRole(role);
328        while(i.hasNext()) {
329            results.add(i.next());
330            System.out.println("count = " + ++count);
331        }
332        System.out.println("oppoFrontier = " + oppoFrontier);
333        i = sensFrontier.findCredentialsDefiningRole(role);
334        while(i.hasNext()) {
335            results.add(i.next());
336            System.out.println("count = " + ++count);
337        }
338        Debug.debug("process", "\nDefining creds = " + results);
339
340        Debug.rbtmStop();
341        return results.iterator();
342    }
343
344    /** Is the specified credential policy traceable? */
345    public boolean isPolicyTraceable(StaticCredential cred) {
346        return cSuperI.contains(cred);
347    }
348
349    /** Can the specified credential be traced back to this negotiator? */
350    public boolean isSelfReachable(StaticCredential cred) {
351        return cSuperS.contains(cred);
352    }
353
354    public boolean isSubjectTraceable(RoleName role) {
355        return subjectTraces.contains(role);
356    }
357
358    public boolean isIssuerTracesDef(RoleName name) {
359        return (issuerTracesDef.contains(name));
360    }
361
362    public boolean isIssuerTracesAll(RoleName name) {
363        return (issuerTracesAll.contains(name));
364    }
365
366    public boolean isIssuerTraceable(RoleName role) {
367    return (issuerTracesAll.contains(role) || issuerTracesDef.contains(role));
368    }
369
370    public boolean isSensitive(EntityExpression expr) {
371        return sensFrontier.getPredicate().test(expr);
372    }
373   
374    public boolean subjectTracesAll(RoleName name) {
375        return subjectTraces.contains(name);
376    }
377
378    public AckPolicy getAckPolicy() { return ackPolicy; }
379
380    public EntityExpression getAck(EntityExpression expr) {
381        return ackPolicy.requires(expr);
382    }
383   
384    public ACPolicy getACPolicy() { return acPolicy; }
385
386    public EntityExpression getAC(Credential cred) {
387        if(acPolicy == null)return null;
388        return acPolicy.requires(cred);
389    }
390
391    protected void addSensitiveRole(Role name) {
392        Sens sens = (Sens)sensFrontier.getPredicate();
393        sens.addSensCred(name);
394    }
395
396    public String toString() {
397        StringBuffer buff = new StringBuffer("[FrontierManager self = ");
398        buff.append(self);
399        buff.append("\n sens = ").append(sensFrontier);
400        buff.append("\n\n oppo = ").append(oppoFrontier);
401        buff.append("\n\n simp = ").append(simpFrontier);
402        return buff.append("]").toString();
403    }
404
405}
406
407
408
Note: See TracBrowser for help on using the repository browser.