Context Navigation

source: fedd/abac-src/ttg/trust/SimpleTTNode.java @ df783c1

axis_examplecompt_changesinfo-opsversion-2.00version-3.01version-3.02

Last change on this file since df783c1 was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago
ABAC sources from Cobham
Property mode set to `100644`
File size: 13.3 KB

Rev	Line
[8780cbec]	1	package com.nailabs.abac.trust;
	2
	3	import edu.stanford.peer.rbtm.credential.*;
	4	import edu.stanford.peer.rbtm.util.*;
	5	import com.nailabs.abac.process.*;
	6
	7	import java.util.*;
	8
	9	/**
	10	* A simple trust target node which contains a standard target of the form:
	11	* <V: A.r <<-- S>.
	12	*
	13	* @version $Id: SimpleTTNode.java,v 1.51 2003/02/28 01:04:31 jjacobs Exp $
	14	*/
	15	public class SimpleTTNode extends StandardTTNode {
	16	/** Child nodes which form control edges in the TTG */
	17	protected TTGNodeSet controlChildren = new TTGNodeSet();
	18
	19	/** Linking goals to whoch this node is a solution */
	20	protected TTGNodeSet linkingSolutionParents = new TTGNodeSet();
	21
	22	/** A flag to signal whether to complete step (4) in opponentSensProcess */
	23	protected boolean isSensFrontiered = false;
	24
	25	/** Constructor which used a single trust target */
	26	public SimpleTTNode(TrustTarget target) {
	27	super(target);
	28	processor = new ProcessingState(false, false);
	29	subName = "StandardTarget";
	30	}
	31
	32	/** Convenience constructor which also creates a trust target */
	33	public SimpleTTNode(Entity v, Role r, EntityExpression subject)
	34	throws CredentialParsingException, TrustTargetParsingException
	35	{
	36	this(new TrustTarget(v, (EntityExpression)r, subject));
	37	}
	38
	39	/** Convenience accessor method for the target role expression */
	40	public Role getRoleExpression() {
	41	return (Role)((TrustTarget)getGoal()).getTargetRole();
	42	}
	43
	44	/** Processing that occurs if this negotiation context is the verifier */
	45	public void verifierProcess(NegotiationContext context) {
	46	TTGNodeSet children = new TTGNodeSet();
	47	FrontierManager frontier = context.getFrontier();
	48	TTG graph = context.getGraph();
	49	Iterator subjects =
	50	frontier.getCredentialsDefiningRole(getRoleExpression());
	51	debug("satisfaction", "found subjects for "+ getRoleExpression() +
	52	" = " + (subjects.hasNext()));
	53	while(subjects.hasNext()) {
	54	StaticCredential cred = (StaticCredential)subjects.next();
	55	EntityExpression e = cred.getSubject();
	56	debug("satisfaction", "e = " + e);
	57	ResultEvidenceMap map = frontier.getOppoFrontier(e);
	58	if(map == null)break; // no e prime's so go to next e
	59	Iterator oppoFrontier = map.resultSet().iterator();
	60	while(oppoFrontier.hasNext()) {
	61	EntityExpression ePrime =(EntityExpression)oppoFrontier.next();
	62	//add edge not node
	63	TrustTarget childTarget = createTarget(context, ePrime);
	64	//TTGNode child = graph.getNode((Goal)childTarget);
	65	//perform the operation on graph & add to message w/ evidence
	66	if(!implicationChildren.values().contains(childTarget)) {
	67	HashSet chain = frontier.getOppoChain(e, ePrime);
	68	chain.add(cred);
	69	debug("evidence",
	70	"chain(" + e + "," + ePrime + ") = " + chain);
	71	graph.addImplicationEdge(getGoal(), childTarget, chain);
	72	//add child to list of child for the worklist
	73	children.add(graph.getNodeByHash(childTarget));
	74	}
	75	}
	76	}
	77	graph.setVerifierProcessed(getGoal());
	78	}
	79
	80	/** opponent process non-sensitive target or its subject isn't opponent */
	81	private void opponentProcess(NegotiationContext context,
	82	ResultEvidenceMap frontier, boolean isSimp)
	83	throws CredentialParsingException, TrustTargetParsingException {
	84	TTGNodeSet children = new TTGNodeSet();
	85	Role aDotR = getRoleExpression();
	86	Entity s = (Entity)getSubject();
	87	Entity v = (Entity)getVerifier();
	88	Entity o = context.getOpponent();
	89	TTG graph = context.getGraph();
	90
	91	debug("process", "frontier = " + frontier.toString());
	92	// (1) If S is a member of simpFrontier(A.r), or
	93	// (1) If O is a member of sensFrontier(A.r)
	94	if(frontier.resultSet().contains(s)) {
	95	debug("process", "frontier contains subject");
	96	// then O can add implication edge T <--< <V: S <<-- S>
	97	// or O can add implication edge T <--< <V: O <<-- O>
	98	TrustTarget child = new TrustTarget(v, s, s);
	99	TrivialTTNode childNode =(TrivialTTNode)graph.getNodeByHash(child);
	100	if(!implicationChildren.values().contains(childNode)) {
	101	HashSet evidence = (isSimp)?
	102	context.getFrontier().getSimpChain(aDotR, s):
	103	context.getFrontier().getSensChain(aDotR, s);
	104	// this case should always happen but possibly might not
	105	graph.addImplicationEdge(getGoal(), child, evidence);
	106	children.add(graph.getNodeByHash(child));
	107	}
	108	}
	109	// (2) If S not a member of simpFrontier or
	110	// O is not a member of sensFrontier
	111	else {
	112	debug("process","fontier doesn't contain subject " + s);
	113	// then for each e in sens- or simp-Frontier(A.r)
	114	Iterator expressions = frontier.resultSet().iterator();
	115	while(expressions.hasNext()) {
	116	EntityExpression e = (EntityExpression)expressions.next();
	117	// that is not an entity
	118	if(e instanceof Entity)continue;
	119	TrustTarget child = new TrustTarget(v, e, s);
	120	TargetNode childNode = (TargetNode)graph.getNodeByHash(child);
	121	if(!implicationChildren.values().contains(childNode)) {
	122	// O can add an implication edge T <--< <V: e <-- S>
	123	// or an implication edge T <--< <V: e <-- O>
	124	HashSet evidence = (isSimp)?
	125	context.getFrontier().getSimpChain(aDotR, e):
	126	context.getFrontier().getSensChain(aDotR, e);
	127	graph.addImplicationEdge(getGoal(), child, evidence);
	128	children.add(graph.getNodeByHash(child));
	129	}
	130	}
	131	}
	132	// (3) If this node is satisfied or both (1) & (2) are done
	133	graph.setOpponentProcessed(getGoal());
	134	}
	135
	136	/** opponent process a sensitive role */
	137	private void opponentSensProcess(NegotiationContext context)
	138	throws CredentialParsingException, TrustTargetParsingException {
	139	TTGNodeSet children = new TTGNodeSet();
	140	EntityExpression s = getSubject();
	141	// In the crrent case self is always the opponent of the verifier.
	142	Entity o = context.getSelf(); //context.getOpponent();
	143	Entity v = getVerifier();
	144	Role aDotR = getRoleExpression();
	145	EntityExpression self = context.getSelf();
	146	TTG graph = context.getGraph();
	147	TargetNode ackChild, acChild = null;
	148	FrontierManager frontier = context.getFrontier();
	149
	150	debug("process", "------------Begin opponentSensProcess-------------");
	151	// (1) add control edge T <--< <O: eAck <<-- V>
	152	EntityExpression eAck = context.getAck(aDotR);
	153
	154	TrustTarget ackTarget = new TrustTarget((Entity)self, eAck, v);
	155	ackChild = (TargetNode)graph.getNodeByHash(ackTarget);
	156	if(!controlChildren.values().contains(ackChild)) {
	157	graph.addControlEdge(getGoal(), (Goal)ackTarget);
	158	ackChild = (TargetNode)graph.getNodeByHash(ackTarget);
	159	children.add(ackChild);
	160	}
	161	debug("process", "---------- Begin step 2-------------------------");
	162	// (2) If <O: eAck <<-- V) is satisfied and if O has the credential
	163	// A.r <-- O in its credential store
	164	StaticCredential cred = new StaticCredential(aDotR, o);
	165	EntityExpression eAC = context.getAC(cred);
	166	if(ackChild.getSatisfactionValue() == SatisfactionState.SATISFIED) {
	167	// Is A.r <-- O in its credential store?
	168	debug("process", "eAC = " + eAC);
	169	debug("process", "cred = " + cred);
	170	// The importance here is that cred exists not that cred is self-
	171	// reachable. This is a sanity check.
	172	if(context.getFrontier().isSelfReachable(cred)) {
	173	// O can add the control edge T <--< <O: eAC <-- V>, where
	174	// AC = AC(O)[A.r <- O]
	175	if(eAC != null) {
	176	Goal acTarget = (Goal)new TrustTarget(o, eAC, v);
	177	acChild = (TargetNode)graph.getNodeByHash(acTarget);
	178	debug("process", "acChild = " + acChild);
	179	if(!controlChildren.values().contains(acChild)) {
	180	graph.addControlEdge(getGoal(), acTarget);
	181	acChild = (TargetNode)graph.getNodeByHash(acTarget);
	182	children.add(acChild);
	183	}
	184	}
	185	debug("process", "---------- Begin step 3----------------------");
	186	// (3) If <O: eAC <<-- V> is satisfied, O can add the
	187	// implication edge T <-- <V: O <<-- O>
	188	if(acChild == null \|\|
	189	acChild.getSatisfactionValue()==SatisfactionState.SATISFIED){
	190	TargetNode cnode =
	191	(TargetNode)graph.getNodeByHash(new TrustTarget(v, o, o));
	192	TrustTarget child = new TrustTarget(v, o, o);
	193	debug("process", "child = " + child);
	194	if(!implicationChildren.values().contains(cnode)) {
	195	//frontier.getSensChain(aDotR, o);
	196	HashSet chain = new HashSet();
	197	chain.add(cred);
	198	graph.addImplicationEdge(getGoal(), child, chain);
	199	children.add(graph.getNodeByHash(child));
	200	}
	201	debug("process", "---------- Begin step 5-----------------------");
	202	// (5) Mark T as opponent processed
	203	graph.setOpponentProcessed(getGoal());
	204	return;
	205	}
	206	}
	207	else {
	208	// (5) Mark T as opponent procressed (because there is no AC policy)
	209	graph.setOpponentProcessed(getGoal());
	210	return;
	211	}
	212	}
	213	// (4) For e in sensFrontier(A.r) that is not an entity,
	214	// O can add an implication edge T <--< <V: e <<-- O>
	215	// TBD: this needs to be modified to be the frontiers of all
	216	// the children credentials of A.r
	217	debug("process", "Entering Step 4");
	218	debug("process", "A.r = " + aDotR + ", o = " + o + ", v = " + v);
	219	Iterator creds = frontier.getCredentialsDefiningRole(aDotR);
	220
	221	while(creds.hasNext()) {
	222	StaticCredential definingCred = (StaticCredential)creds.next();
	223	EntityExpression subjectRole = definingCred.getSubject();
	224	ResultEvidenceMap sensFrontier = frontier.getSensFrontier(subjectRole);
	225	Iterator sens = sensFrontier.resultSet().iterator();
	226	debug("process", "sensfrontier = " + sensFrontier.resultSet());
	227	debug("process", "subject role = " + subjectRole);
	228
	229	while(sens.hasNext() && !isSensFrontiered) {
	230	EntityExpression e = (EntityExpression)sens.next();
	231	debug("process", "found sensitive role = " + e);
	232	if(e instanceof Entity)continue; // skip entities
	233	TrustTarget tt = new TrustTarget(v, e, o);
	234	TargetNode frontierChild = (TargetNode)graph.getNodeByHash(tt);
	235	if(!implicationChildren.values().contains(frontierChild)) {
	236	HashSet chain = frontier.getSensChain(subjectRole, e);
	237	chain.add(definingCred);
	238	graph.addImplicationEdge(getGoal(), tt, chain);
	239	children.add(graph.getNode(tt));
	240	}
	241	}
	242	isSensFrontiered = true;
	243	}
	244	debug("process", "------------End opponentSensProcess-------------");
	245
	246	}
	247
	248	/**
	249	* Processing that occurs if the negotiation for this context is the
	250	* the opponent. This method matches the algorithm in section 5.4
	251	*/
	252	public void opponentProcess(NegotiationContext context) {
	253	EntityExpression s = getSubject();
	254	//Entity o = context.getOpponent();
	255	Entity o = context.getSelf();
	256	Role aDotR = getRoleExpression();
	257	FrontierManager frontier = context.getFrontier();
	258	debug("process", "opponent processing -- " + toString());
	259	try {
	260	if(!o.equals(s)) {
	261	debug("process", "opponent processing with simp frontier");
	262	opponentProcess(context, frontier.getSimpFrontier(aDotR), true);
	263	}
	264	else if(frontier.isSensitive(aDotR)) {
	265	debug("process",
	266	"opponent processing sensitive role: " + aDotR);
	267	opponentSensProcess(context);
	268	}
	269	else {
	270	debug("process", "opponent processing with sens frontier");
	271	opponentProcess(context, frontier.getSensFrontier(aDotR), false);
	272	}
	273	} catch(Exception ex) {
	274	debug("process", "WARNING ONLY!");
	275	ex.printStackTrace();
	276	debug("process", "WARNING ONLY!");
	277	}
	278	}
	279
	280
	281	private boolean addControlEdge(Entity v,
	282	EntityExpression e,
	283	EntityExpression s) {
	284	return false;
	285	}
	286
	287
	288	/**
	289	* Records the new state and then propagates it to the parent listeners.
	290	* @param state The new satisfaction state to be propagated.
	291	*/
	292	public TTGNodeSet receive(TrustTarget source, SatisfactionState state) {
	293	TTGNodeSet results = super.receive(source, state);
	294	Iterator i = linkingSolutionParents.values().iterator();
	295	while(i.hasNext()) {
	296	try { // this will fail if the parent is a linking goal
	297	LinkingGoalNode parent = (LinkingGoalNode)i.next();
	298	TTGNodeSet branchResult =
	299	parent.receive((TrustTarget)getGoal(), state);
	300	if(branchResult == null && branchResult.size() > 0) {
	301	results.addAll(branchResult);
	302	}
	303	}
	304	catch(Exception ex) { // to print out exception uncomment
	305	ex.printStackTrace();
	306	}
	307	}
	308	return results;
	309	}
	310
	311	/** Add a linking solution parent to this node */
	312	public void addLinkingSolutionParent(LinkingGoalNode parent) {
	313	if(parent != null){
	314	debug("node", "adding implication parent");
	315	linkingSolutionParents.add(parent);
	316	parent.receive((TrustTarget)getGoal(), satisfier);
	317	}
	318	}
	319
	320	/** Add a control child to this node */
	321	public void addControlChild(TargetNode child) {
	322	controlChildren.add(child);
	323	}
	324
	325	/**
	326	* Convenience method for creating a target and catching potential
	327	* exceptions that may occur.
	328	*/
	329	protected TrustTarget createTarget(NegotiationContext context,
	330	EntityExpression ex) {
	331	try {
	332	return new TrustTarget(context.getSelf(), ex, getSubject());
	333	}
	334	catch(Exception x) {
	335	x.printStackTrace();
	336	}
	337	return null;
	338	}
	339	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: