source: fedd/abac-src/ttg/trust/LinkingGoalNode.java @ 8780cbec

axis_examplecompt_changesinfo-opsversion-1.30version-2.00version-3.01version-3.02
Last change on this file since 8780cbec was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago

ABAC sources from Cobham

  • Property mode set to 100644
File size: 8.1 KB
Line 
1/*
2 * Copyrighted (C) 2002, Networks Associates Technology, Inc.
3 * All rights reserved
4 */
5package com.nailabs.abac.trust;
6
7import com.nailabs.abac.process.*;
8import com.nailabs.abac.test.*;
9import edu.stanford.peer.rbtm.credential.*;
10import java.util.*;
11import java.io.*;
12
13/**
14 * A trust target graph node, representing a linking goal. This node has a
15 * triplet uniqueness based on the verifier, rolename, and subject. It can
16 * have multiple parents (via linking monintor edges) and multiple childen
17 * (via linking solution edges).
18 */
19public class LinkingGoalNode extends TTGNode implements SatisfactionListener {
20
21    // Node state information constants
22
23    /** Reserved for future use */
24    public static final String OPAQUE = "opaque";
25
26    private CompletionState state = new CompletionState();
27   
28    private int completionCount = 0;
29
30    /** string constructor */
31    public LinkingGoalNode(String goal) 
32        throws TrustTargetParsingException, CredentialParsingException {
33        this(new LinkingGoal(goal));
34    }
35   
36    /** parsed object constructor */
37    public LinkingGoalNode(Entity verifier, RoleName target, Entity subject) 
38        throws TrustTargetParsingException, CredentialParsingException {
39        this(new LinkingGoal(verifier, target, subject));
40    }
41
42    /** default constructor */
43    public LinkingGoalNode(LinkingGoal goal) {
44        super(goal);
45        subName = "LinkingGoal";
46        state.addObserver(this);
47    }
48
49    /**
50     * Notify observers that this node's completion state has been changed.
51     */
52    public void update(Observable obs, Object obj) {
53        if(obs == state) {
54            setChanged();
55            notifyObservers(state);
56        } else {
57            super.update(obs, obj);
58        }
59    }
60
61
62    /**
63     * Each distinct node type should know how to process itself, so this
64     * method should be overridden in subclasses.
65     * @param context A context w/helper functions required for processing
66     */
67    public void verifierProcess(NegotiationContext context) {
68        //this case should not occur
69    }
70 
71    /**
72     * Each distinct node type should know how to process itself, so this
73     * method should be overridden in subclasses.
74     * @param context A context w/helper functions required for processing
75     */
76    public void opponentProcess(NegotiationContext context) {
77        TTG graph = context.getGraph();
78        LinkingGoal goal = (LinkingGoal)getGoal();
79        FrontierManager f = context.getFrontier();
80        Entity verifier = goal.getVerifier();
81        EntityExpression subject = goal.getSubject();
82        HashSet solutions = new HashSet();
83
84        debug("linking-goal", "Opponent processing " + goal);
85        // (1) O adds a linking solution edge G <--< <V: A.r2 <<-?- S>, for
86        //     any A.r2 which is an element of sensitiveRole(O) or
87        //     A.r2 defined by a credentials in CsuperS(O)
88
89        // collect the sensitive roles which match with r2
90        Iterator sensitiveRoles =
91            f.getAckPolicy().getSensitiveRoles().iterator();
92        while(sensitiveRoles.hasNext()) {
93            Role sensitive = (Role)sensitiveRoles.next();
94            if(sensitive.getName().equals(getTargetRoleName())) {
95                solutions.add(sensitive);
96                debug("linking-goal", "found sensitive role = " + sensitive);
97            }
98        }
99        // add the roles (r2) where it is definied by a credential
100        Iterator defined = f.getCredentialsDefiningRole(getTargetRoleName());
101        if(!defined.hasNext()) {
102            debug("linking-goal", "no credentials foudn defining role: " +
103                  getTargetRoleName());
104        }
105        while(defined.hasNext()) {
106            StaticCredential credential = (StaticCredential)defined.next();
107            Role solution = credential.getDefinedRole();
108            solutions.add(solution);
109            debug("linking-goal", "found matching r2 = " + solution);
110        }
111        // iterate through the solution and add the linking solution edges
112        Iterator i = solutions.iterator();
113        while(i.hasNext()) {
114            try {
115                Role solution = (Role)i.next();
116                TrustTarget child = 
117                    new TrustTarget(verifier, solution, subject);
118                graph.addLinkingSolutionEdge(goal, child);
119            } catch(Exception ex) {
120                ex.printStackTrace();
121            }
122        }
123        // (2) O can mark this node opponent-processed only after (1) is done.
124        graph.setOpponentProcessed(goal);
125    }
126
127    public void addLinkingImplicationEdges(TrustTarget target) {
128        NegotiationContext context = getContext();
129        FrontierManager fm = context.getFrontier();
130
131        Entity v = getVerifier();
132        Entity b =  ((Role)target.getTargetRole()).getBase();
133        TTG graph = getContext().getGraph();
134        Iterator i = parents.values().iterator();
135       
136        while(i.hasNext()) {
137            try {
138                LinkTTNode parent = (LinkTTNode)i.next();
139                RoleName r1 =  parent.getFirstRole().getName();   
140                boolean subjectTraceable = fm.isSubjectTraceable(r1);
141                if(context.getSelf().equals(getVerifier())) { 
142                    // if we're the verifier
143                    if(!subjectTraceable) {     
144                        // check r1 that is not subject traceable
145                        TrustTarget parentTarget = 
146                            (TrustTarget)parent.getGoal();
147                        TrustTarget child = 
148                            new TrustTarget(v, parent.getFirstRole(), b);
149                        graph.addLinkingImplicationEdge(parentTarget, child); 
150                    }
151                } else {
152                    // else we are the opponent
153                    if(subjectTraceable) {
154                        // check r1 that is not subject traceable
155                        TrustTarget parentTarget = 
156                            (TrustTarget)parent.getGoal();
157                        TrustTarget child = 
158                            new TrustTarget(v, parent.getFirstRole(), b);
159                        graph.addLinkingImplicationEdge(parentTarget, child); 
160                    }               
161                }
162            } catch(Exception ex) {
163                ex.printStackTrace();
164            }
165        }
166    }
167
168    /**
169     * A linking goal uses this interface to act as a monitor for its own
170     * completion state and to add linking-implication edges
171     */ 
172    public TTGNodeSet receive(TrustTarget target, SatisfactionState state) {
173        // a satisfied linking solution does step 2 in linked role processing
174        if(state.getState() == SatisfactionState.SATISFIED) {
175            debug("linking-goal", "received SATISFIED from " + target);
176            addLinkingImplicationEdges(target);
177        }
178        // Just in case we get unknown satisfaction state propagation check
179        //for it here to make certain we have an accurate completion count
180        if(state.getState() != SatisfactionState.UNKNOWN) {
181            completionCount++;
182            if(completionCount <= children.size()) {
183                this.state.setComplete(true);
184            }
185        }
186        // if this node is complete, we should notify the parent(s)
187        if(isComplete()) {
188            Iterator i = parents.values().iterator();
189            notifyObservers(this.state);
190
191            while(i.hasNext()) {
192                LinkTTNode parent = (LinkTTNode)i.next();
193                parent.receive((LinkingGoal)getGoal(), 
194                               new CompletionState(true) );
195            }
196        }
197        return new TTGNodeSet();
198    }
199
200    public boolean isComplete() { 
201        return state.isComplete();
202    }
203
204    /** convenience method for extracting the target role name for this node */
205    public RoleName getTargetRoleName() {
206        return ((LinkingGoal)getGoal()).getTargetRoleName();
207    }
208
209    public String toXML() {
210        // Add node state here (eg. in/complete, etc.)
211        StringBuffer state = new StringBuffer("state=\"");
212        state.append(this.state);
213        // Add linking solutions if any */
214        return toXML(state.toString(), "");
215    }
216
217}
218
219
220
Note: See TracBrowser for help on using the repository browser.