Context Navigation

source: fedd/abac-src/ttg/process/FrontierManager.java @ cdb62d9

axis_examplecompt_changesinfo-opsversion-2.00version-3.01version-3.02

Last change on this file since cdb62d9 was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago
ABAC sources from Cobham
Property mode set to `100644`
File size: 13.4 KB

Line
1	package com.nailabs.abac.process;
2
3	import com.nailabs.abac.test.Debug;
4	import com.nailabs.abac.credential.RtmlFrontier;
5	import edu.stanford.peer.rbtm.credential.*;
6	import edu.stanford.peer.rbtm.engine.*;
7	import edu.stanford.peer.rbtm.test.*;
8	import edu.stanford.peer.rbtm.util.*;
9
10	import java.util.*;
11
12	/**
13	* A manager class for frontier functions. Each set of functions should
14	* be unique to a principal. The manager is a singleton object with a method
15	* for obtaining a set of specific frontiers.
16	*/
17	public class FrontierManager extends com.nailabs.abac.test.TestEngine
18	implements java.io.Serializable {
19
20	/** Singleton reference table for sharing frontiers. */
21	static Hashtable frontiers = new Hashtable(5);
22
23	/** The principal identifier, which is an Entity name */
24	protected Entity self;
25
26	/**
27	* The configuration hashmap. Section name is key and stringified
28	* line vectors are the values
29	*/
30	protected HashMap conf;
31
32	/** The set of issuer traceable credentials */
33	protected HashSet cSuperI = new HashSet();
34
35	/** The set of subject traceable credentials */
36	protected HashSet cSuperS = new HashSet();
37
38	/** The set of subject traceable <emp>roles</emp> */
39	protected HashSet subjectTraces = new HashSet();
40
41	protected HashSet issuerTracesDef = new HashSet();
42
43	protected HashSet issuerTracesAll = new HashSet();
44
45	/** a search engine which uses the <code>oppo()</code> predicate */
46	protected GraphEngine oppoLocal;
47
48	/** a search engine which uses the <code>oppo()</code> predicate */
49	protected GraphEngine oppoFrontier;
50
51	/** a search engine which uses the <code>sens()</code> predicate */
52	protected GraphEngine sensFrontier;
53
54	/** a search engine which uses the <code>simp()</code> predicate */
55	protected GraphEngine simpFrontier;
56
57	/** the acknowledgement policy for this principal entity */
58	protected AckPolicy ackPolicy;
59
60	/** the access control policy for this principal entity */
61	protected ACPolicy acPolicy;
62
63	/** constructor for subclasses */
64	protected FrontierManager() { }
65
66	/** default constructor, only used internally */
67	protected FrontierManager(HashMap config) {
68	init(config);
69	}
70
71	/**
72	* initialization is no longer in constructor, so subclasses can
73	* manipulate the configuration hash map.
74	*/
75	protected void init(HashMap config) {
76	//int track = TRACK_ALL;
77
78	// (0) get the configurations entity identifier
79	this.self =(Entity) config.get("EntityID");
80
81	// (1) load acknowledgement(ACK) policy
82	ackPolicy = (AckPolicy)config.get("AckPolicy");
83
84	// (2) load access control (AC) policy
85	acPolicy = (ACPolicy)config.get("AccessControl");
86
87	// (3) load issuer traceable roles
88	issuerTracesAll = (HashSet)config.get("IssuerTracesAll");
89	issuerTracesDef = (HashSet)config.get("IssuerTracesDef");
90
91	// (4) load subject traceale roles
92	subjectTraces = (HashSet)config.get("SubjectTraceable");
93
94	// (5) construct sensitive roles predicate from the ack policy
95	Sens sens = new Sens(ackPolicy.getSensitiveRoles());
96
97	// (6) construct opponent predicate from the issuer traceable roles
98	Oppo oppo = new Oppo(new Vector(issuerTracesDef));
99	oppo.addSubjects(new Vector(issuerTracesAll));
100
101	// (7) construct the frontier functions with their predicates
102	oppoLocal = new GraphEngine();
103	//System.out.println("------> Sensitive Graph");
104	sensFrontier = new GraphEngine(sens);
105	//System.out.println("------> Opponent Graph");
106	oppoFrontier = new GraphEngine(oppo);
107	//System.out.println("------> Simple Graph");
108	simpFrontier = new GraphEngine(new Simp());
109
110	// TBD: Does this really need to be separated into two mutually exclusive
111	// credential sets?
112	// (8) add policy reachable credentials
113	System.out.println("------> Policy Reachable");
114	HashSet policyReachable = (HashSet)config.get("PolicyReachable");
115	Iterator ci = policyReachable.iterator();
116	while(ci.hasNext()) {
117	addPolicyReachable((StaticCredential)ci.next());
118	}
119
120	// (9) add self reachable credentials
121	System.out.println("------> Self Traceable");
122	HashSet selfReachable = (HashSet)config.get("SelfReachable");
123	Iterator cs = selfReachable.iterator();
124	while(cs.hasNext()) {
125	addSelfReachable((StaticCredential)cs.next());
126	}
127
128	}
129	public static void addFrontier(HashMap config) {
130	Entity key = (Entity)config.get("EntityID");
131	boolean hasRTML = config.containsKey("RTML");
132	System.out.println("Begin Configuration for " + key);
133	if(frontiers.contains(key.toString()))
134	System.out.println("WARNING overwriting frontier manager for " +
135	key);
136	FrontierManager frontier = hasRTML? new RtmlFrontier(config):
137	new FrontierManager(config);
138	frontiers.put(key.toString(), frontier);
139	System.out.println("End Configuration for " + key);
140	}
141
142	/** public instance accessor method for a specific frontier set */
143	public static FrontierManager getFrontier(Entity self) {
144	System.out.println("self = " + self);
145	FrontierManager instance =
146	(FrontierManager)frontiers.get(self.toString());
147	return instance;
148	}
149
150	/** public accessor for a list of instance keys */
151	public static Set getFrontiers() { return frontiers.keySet(); }
152
153	/** the unique identifier for this set of frontier functions */
154	public Entity getSelf() { return self; }
155
156	/** Extract the role name from a role expression (e.g. r from <A.r<--S>) */
157	protected RoleName getRoleName(StaticCredential cred) {
158	return getRoleName(cred.getDefinedRole());
159	}
160
161	/** Extract the role name from a role expression (e.g. r from A.r) */
162	protected RoleName getRoleName(EntityExpression expr) {
163	if(expr != null && (expr instanceof Role)) {
164	return ((Role)expr).getName();
165	}
166	return null;
167	}
168
169	/** adds an issuer traceable credential to the frontier set */
170	public void addSelfReachable(StaticCredential cred) {
171	if(isSubjectTraceable(getRoleName(cred))) {
172	sensFrontier.addCredential(cred);
173	simpFrontier.addCredential(cred);
174	cSuperS.add(cred);
175	}
176	}
177
178	/** extracts issuer traceable roles from the credntial */
179	public void addPolicyReachable(StaticCredential cred) {
180	if(isIssuerTraceable(getRoleName(cred))) {
181	oppoFrontier.addCredential(cred);
182	oppoLocal.addCredential(cred);
183	cSuperI.add(cred);
184	}
185	}
186
187
188	/** adds an issuer-traces-all role to this frontier set */
189	public void addIssuerTracesAll(RoleName role) {
190	issuerTracesAll.add(role);
191	}
192
193	/** adds an issuer-traces-def role to this frontier set */
194	public void addIssuerTracesDef(RoleName role) {
195	issuerTracesDef.add(role);
196	}
197
198	/** adds an subject traceable credential to the frontier set */
199	public void addSubjectTraceable(RoleName role) {
200	subjectTraces.add(role);
201	}
202
203	public ResultEvidenceMap getOppoLocal(EntityExpression expr) {
204	//a specialized backward search for the LinkTTNode
205	Debug.rbtmStart();
206	System.out.println("-------BEGIN-LOCAL-SEARCH------------");
207	ResultEvidenceMap map = oppoLocal.backwardSearch(expr);
208	System.out.println("-------END-LOCAL-SEARCH--------------");
209	Debug.rbtmStop();
210	return map;
211	}
212
213	/** gets the frontier of policy traceable roles */
214	public ResultEvidenceMap getOppoFrontier(EntityExpression expr) {
215	// retrieve solutions AND evidence here
216	Debug.rbtmStart();
217	System.out.println("-------BEGIN-OPPO-SEARCH------------");
218	ResultEvidenceMap map = oppoFrontier.backwardSearch(expr);
219	System.out.println("-------END-OPPO-SEARCH--------------");
220	Debug.rbtmStop();
221	return map;
222	}
223
224	/** gets the frontier of sensitive roles */
225	public ResultEvidenceMap getSensFrontier(EntityExpression expr) {
226	Debug.rbtmStart();
227	System.out.println("-------BEGIN-SENS-SEARCH------------");
228	System.out.println("searching for " + expr);
229	ResultEvidenceMap map = sensFrontier.backwardSearch(expr);
230	System.out.println("map = " + map);
231	System.out.println("--------END-SENS-SEARCH-------------");
232	System.out.flush();
233	Debug.rbtmStop();
234	return map;
235	}
236
237	/** get the frontier of non-role entity expressions */
238	public ResultEvidenceMap getSimpFrontier(EntityExpression expr) {
239	Debug.rbtmStart();
240	System.out.println("-------BEGIN-SIMP-SEARCH------------");
241	ResultEvidenceMap map = simpFrontier.backwardSearch(expr);
242	System.out.println("--------END-SIMP-SEARCH------------");
243	Debug.rbtmStop();
244	return map;
245	}
246
247	public HashSet getOppoChain(EntityExpression root, EntityExpression leaf) {
248	HashSet results = new HashSet();
249	try {
250	getOppoFrontier(root);
251	Debug.rbtmStart();
252	System.out.println("Getting oppo chain from " + root + " to " +
253	leaf);
254	results = oppoFrontier.getChain(root, leaf);
255	Debug.rbtmStop();
256	} catch(Exception ex) {
257	ex.printStackTrace();
258	}
259	Debug.rbtmStop();
260	return results;
261	}
262
263	public HashSet getSensChain(EntityExpression root, EntityExpression leaf) {
264	//if(!getSensFrontier(root).containsResult(leaf)) {
265	//return null;
266	//}
267	try {
268	getSensFrontier(root);
269	Debug.rbtmStart();
270	System.out.println("---------BEGIN-SENS-CHAIN----------");
271	System.out.println("Getting sens chain from " + root + " to " +
272	leaf);
273	HashSet results = sensFrontier.getChain(root, leaf);
274	System.out.println("results = " + results);
275	System.out.println("-----------END-SENS-CHAIN----------\n");
276	Debug.rbtmStop();
277	return results;
278	} catch(Exception ex) {
279	ex.printStackTrace();
280	}
281	System.out.println("-----------END-SENS-CHAIN----------\n");
282	Debug.rbtmStop();
283	return new HashSet();
284	}
285
286	public HashSet getSimpChain(EntityExpression root, EntityExpression leaf) {
287	System.out.println("Getting simp chain from " + root + " to " + leaf);
288	getSimpFrontier(root);
289	Debug.rbtmStart();
290	HashSet results = simpFrontier.getChain(root, leaf);
291	Debug.rbtmStop();
292	return results;
293	}
294
295	public Iterator getCredentialsDefiningRole(RoleName name) {
296	Iterator i;
297	int count = 0;
298	HashSet results = new HashSet();
299
300	Debug.rbtmStart();
301	System.out.println("Finding credential defining the role name: "+name);
302	i = oppoFrontier.findCredentialsDefiningRole(name);
303	while(i.hasNext()) {
304	results.add(i.next());
305	System.out.println("count = " + ++count);
306	}
307	i = sensFrontier.findCredentialsDefiningRole(name);
308	while(i.hasNext()) {
309	results.add(i.next());
310	System.out.println("count = " + ++count);
311	}
312	Debug.rbtmStop();
313	Debug.debug("process", "\nDefining creds = " + results);
314	return results.iterator();
315	}
316
317	/** accessor for finding credentials which define a specified role */
318	public Iterator getCredentialsDefiningRole(Role role) {
319	Iterator i;
320	int count = 0;
321	HashSet results = new HashSet();
322
323	Debug.rbtmStart();
324	System.out.println("Finding credential defining the role: <" +
325	role.getBase() + "." + role.getName() + ">" );
326
327	i = oppoFrontier.findCredentialsDefiningRole(role);
328	while(i.hasNext()) {
329	results.add(i.next());
330	System.out.println("count = " + ++count);
331	}
332	System.out.println("oppoFrontier = " + oppoFrontier);
333	i = sensFrontier.findCredentialsDefiningRole(role);
334	while(i.hasNext()) {
335	results.add(i.next());
336	System.out.println("count = " + ++count);
337	}
338	Debug.debug("process", "\nDefining creds = " + results);
339
340	Debug.rbtmStop();
341	return results.iterator();
342	}
343
344	/** Is the specified credential policy traceable? */
345	public boolean isPolicyTraceable(StaticCredential cred) {
346	return cSuperI.contains(cred);
347	}
348
349	/** Can the specified credential be traced back to this negotiator? */
350	public boolean isSelfReachable(StaticCredential cred) {
351	return cSuperS.contains(cred);
352	}
353
354	public boolean isSubjectTraceable(RoleName role) {
355	return subjectTraces.contains(role);
356	}
357
358	public boolean isIssuerTracesDef(RoleName name) {
359	return (issuerTracesDef.contains(name));
360	}
361
362	public boolean isIssuerTracesAll(RoleName name) {
363	return (issuerTracesAll.contains(name));
364	}
365
366	public boolean isIssuerTraceable(RoleName role) {
367	return (issuerTracesAll.contains(role) \|\| issuerTracesDef.contains(role));
368	}
369
370	public boolean isSensitive(EntityExpression expr) {
371	return sensFrontier.getPredicate().test(expr);
372	}
373
374	public boolean subjectTracesAll(RoleName name) {
375	return subjectTraces.contains(name);
376	}
377
378	public AckPolicy getAckPolicy() { return ackPolicy; }
379
380	public EntityExpression getAck(EntityExpression expr) {
381	return ackPolicy.requires(expr);
382	}
383
384	public ACPolicy getACPolicy() { return acPolicy; }
385
386	public EntityExpression getAC(Credential cred) {
387	if(acPolicy == null)return null;
388	return acPolicy.requires(cred);
389	}
390
391	protected void addSensitiveRole(Role name) {
392	Sens sens = (Sens)sensFrontier.getPredicate();
393	sens.addSensCred(name);
394	}
395
396	public String toString() {
397	StringBuffer buff = new StringBuffer("[FrontierManager self = ");
398	buff.append(self);
399	buff.append("\n sens = ").append(sensFrontier);
400	buff.append("\n\n oppo = ").append(oppoFrontier);
401	buff.append("\n\n simp = ").append(simpFrontier);
402	return buff.append("]").toString();
403	}
404
405	}
406
407
408

Note: See TracBrowser for help on using the repository browser.

Download in other formats: