Context Navigation

source: fedd/abac-src/ttg/trust/SimpleTTNode.java @ 8780cbec

axis_examplecompt_changesinfo-opsversion-1.30version-2.00version-3.01version-3.02

Last change on this file since 8780cbec was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago
ABAC sources from Cobham
Property mode set to `100644`
File size: 13.3 KB

Line
1	package com.nailabs.abac.trust;
2
3	import edu.stanford.peer.rbtm.credential.*;
4	import edu.stanford.peer.rbtm.util.*;
5	import com.nailabs.abac.process.*;
6
7	import java.util.*;
8
9	/**
10	* A simple trust target node which contains a standard target of the form:
11	* <V: A.r <<-- S>.
12	*
13	* @version $Id: SimpleTTNode.java,v 1.51 2003/02/28 01:04:31 jjacobs Exp $
14	*/
15	public class SimpleTTNode extends StandardTTNode {
16	/** Child nodes which form control edges in the TTG */
17	protected TTGNodeSet controlChildren = new TTGNodeSet();
18
19	/** Linking goals to whoch this node is a solution */
20	protected TTGNodeSet linkingSolutionParents = new TTGNodeSet();
21
22	/** A flag to signal whether to complete step (4) in opponentSensProcess */
23	protected boolean isSensFrontiered = false;
24
25	/** Constructor which used a single trust target */
26	public SimpleTTNode(TrustTarget target) {
27	super(target);
28	processor = new ProcessingState(false, false);
29	subName = "StandardTarget";
30	}
31
32	/** Convenience constructor which also creates a trust target */
33	public SimpleTTNode(Entity v, Role r, EntityExpression subject)
34	throws CredentialParsingException, TrustTargetParsingException
35	{
36	this(new TrustTarget(v, (EntityExpression)r, subject));
37	}
38
39	/** Convenience accessor method for the target role expression */
40	public Role getRoleExpression() {
41	return (Role)((TrustTarget)getGoal()).getTargetRole();
42	}
43
44	/** Processing that occurs if this negotiation context is the verifier */
45	public void verifierProcess(NegotiationContext context) {
46	TTGNodeSet children = new TTGNodeSet();
47	FrontierManager frontier = context.getFrontier();
48	TTG graph = context.getGraph();
49	Iterator subjects =
50	frontier.getCredentialsDefiningRole(getRoleExpression());
51	debug("satisfaction", "found subjects for "+ getRoleExpression() +
52	" = " + (subjects.hasNext()));
53	while(subjects.hasNext()) {
54	StaticCredential cred = (StaticCredential)subjects.next();
55	EntityExpression e = cred.getSubject();
56	debug("satisfaction", "e = " + e);
57	ResultEvidenceMap map = frontier.getOppoFrontier(e);
58	if(map == null)break; // no e prime's so go to next e
59	Iterator oppoFrontier = map.resultSet().iterator();
60	while(oppoFrontier.hasNext()) {
61	EntityExpression ePrime =(EntityExpression)oppoFrontier.next();
62	//add edge not node
63	TrustTarget childTarget = createTarget(context, ePrime);
64	//TTGNode child = graph.getNode((Goal)childTarget);
65	//perform the operation on graph & add to message w/ evidence
66	if(!implicationChildren.values().contains(childTarget)) {
67	HashSet chain = frontier.getOppoChain(e, ePrime);
68	chain.add(cred);
69	debug("evidence",
70	"chain(" + e + "," + ePrime + ") = " + chain);
71	graph.addImplicationEdge(getGoal(), childTarget, chain);
72	//add child to list of child for the worklist
73	children.add(graph.getNodeByHash(childTarget));
74	}
75	}
76	}
77	graph.setVerifierProcessed(getGoal());
78	}
79
80	/** opponent process non-sensitive target or its subject isn't opponent */
81	private void opponentProcess(NegotiationContext context,
82	ResultEvidenceMap frontier, boolean isSimp)
83	throws CredentialParsingException, TrustTargetParsingException {
84	TTGNodeSet children = new TTGNodeSet();
85	Role aDotR = getRoleExpression();
86	Entity s = (Entity)getSubject();
87	Entity v = (Entity)getVerifier();
88	Entity o = context.getOpponent();
89	TTG graph = context.getGraph();
90
91	debug("process", "frontier = " + frontier.toString());
92	// (1) If S is a member of simpFrontier(A.r), or
93	// (1) If O is a member of sensFrontier(A.r)
94	if(frontier.resultSet().contains(s)) {
95	debug("process", "frontier contains subject");
96	// then O can add implication edge T <--< <V: S <<-- S>
97	// or O can add implication edge T <--< <V: O <<-- O>
98	TrustTarget child = new TrustTarget(v, s, s);
99	TrivialTTNode childNode =(TrivialTTNode)graph.getNodeByHash(child);
100	if(!implicationChildren.values().contains(childNode)) {
101	HashSet evidence = (isSimp)?
102	context.getFrontier().getSimpChain(aDotR, s):
103	context.getFrontier().getSensChain(aDotR, s);
104	// this case should always happen but possibly might not
105	graph.addImplicationEdge(getGoal(), child, evidence);
106	children.add(graph.getNodeByHash(child));
107	}
108	}
109	// (2) If S not a member of simpFrontier or
110	// O is not a member of sensFrontier
111	else {
112	debug("process","fontier doesn't contain subject " + s);
113	// then for each e in sens- or simp-Frontier(A.r)
114	Iterator expressions = frontier.resultSet().iterator();
115	while(expressions.hasNext()) {
116	EntityExpression e = (EntityExpression)expressions.next();
117	// that is not an entity
118	if(e instanceof Entity)continue;
119	TrustTarget child = new TrustTarget(v, e, s);
120	TargetNode childNode = (TargetNode)graph.getNodeByHash(child);
121	if(!implicationChildren.values().contains(childNode)) {
122	// O can add an implication edge T <--< <V: e <-- S>
123	// or an implication edge T <--< <V: e <-- O>
124	HashSet evidence = (isSimp)?
125	context.getFrontier().getSimpChain(aDotR, e):
126	context.getFrontier().getSensChain(aDotR, e);
127	graph.addImplicationEdge(getGoal(), child, evidence);
128	children.add(graph.getNodeByHash(child));
129	}
130	}
131	}
132	// (3) If this node is satisfied or both (1) & (2) are done
133	graph.setOpponentProcessed(getGoal());
134	}
135
136	/** opponent process a sensitive role */
137	private void opponentSensProcess(NegotiationContext context)
138	throws CredentialParsingException, TrustTargetParsingException {
139	TTGNodeSet children = new TTGNodeSet();
140	EntityExpression s = getSubject();
141	// In the crrent case self is always the opponent of the verifier.
142	Entity o = context.getSelf(); //context.getOpponent();
143	Entity v = getVerifier();
144	Role aDotR = getRoleExpression();
145	EntityExpression self = context.getSelf();
146	TTG graph = context.getGraph();
147	TargetNode ackChild, acChild = null;
148	FrontierManager frontier = context.getFrontier();
149
150	debug("process", "------------Begin opponentSensProcess-------------");
151	// (1) add control edge T <--< <O: eAck <<-- V>
152	EntityExpression eAck = context.getAck(aDotR);
153
154	TrustTarget ackTarget = new TrustTarget((Entity)self, eAck, v);
155	ackChild = (TargetNode)graph.getNodeByHash(ackTarget);
156	if(!controlChildren.values().contains(ackChild)) {
157	graph.addControlEdge(getGoal(), (Goal)ackTarget);
158	ackChild = (TargetNode)graph.getNodeByHash(ackTarget);
159	children.add(ackChild);
160	}
161	debug("process", "---------- Begin step 2-------------------------");
162	// (2) If <O: eAck <<-- V) is satisfied and if O has the credential
163	// A.r <-- O in its credential store
164	StaticCredential cred = new StaticCredential(aDotR, o);
165	EntityExpression eAC = context.getAC(cred);
166	if(ackChild.getSatisfactionValue() == SatisfactionState.SATISFIED) {
167	// Is A.r <-- O in its credential store?
168	debug("process", "eAC = " + eAC);
169	debug("process", "cred = " + cred);
170	// The importance here is that cred exists not that cred is self-
171	// reachable. This is a sanity check.
172	if(context.getFrontier().isSelfReachable(cred)) {
173	// O can add the control edge T <--< <O: eAC <-- V>, where
174	// AC = AC(O)[A.r <- O]
175	if(eAC != null) {
176	Goal acTarget = (Goal)new TrustTarget(o, eAC, v);
177	acChild = (TargetNode)graph.getNodeByHash(acTarget);
178	debug("process", "acChild = " + acChild);
179	if(!controlChildren.values().contains(acChild)) {
180	graph.addControlEdge(getGoal(), acTarget);
181	acChild = (TargetNode)graph.getNodeByHash(acTarget);
182	children.add(acChild);
183	}
184	}
185	debug("process", "---------- Begin step 3----------------------");
186	// (3) If <O: eAC <<-- V> is satisfied, O can add the
187	// implication edge T <-- <V: O <<-- O>
188	if(acChild == null \|\|
189	acChild.getSatisfactionValue()==SatisfactionState.SATISFIED){
190	TargetNode cnode =
191	(TargetNode)graph.getNodeByHash(new TrustTarget(v, o, o));
192	TrustTarget child = new TrustTarget(v, o, o);
193	debug("process", "child = " + child);
194	if(!implicationChildren.values().contains(cnode)) {
195	//frontier.getSensChain(aDotR, o);
196	HashSet chain = new HashSet();
197	chain.add(cred);
198	graph.addImplicationEdge(getGoal(), child, chain);
199	children.add(graph.getNodeByHash(child));
200	}
201	debug("process", "---------- Begin step 5-----------------------");
202	// (5) Mark T as opponent processed
203	graph.setOpponentProcessed(getGoal());
204	return;
205	}
206	}
207	else {
208	// (5) Mark T as opponent procressed (because there is no AC policy)
209	graph.setOpponentProcessed(getGoal());
210	return;
211	}
212	}
213	// (4) For e in sensFrontier(A.r) that is not an entity,
214	// O can add an implication edge T <--< <V: e <<-- O>
215	// TBD: this needs to be modified to be the frontiers of all
216	// the children credentials of A.r
217	debug("process", "Entering Step 4");
218	debug("process", "A.r = " + aDotR + ", o = " + o + ", v = " + v);
219	Iterator creds = frontier.getCredentialsDefiningRole(aDotR);
220
221	while(creds.hasNext()) {
222	StaticCredential definingCred = (StaticCredential)creds.next();
223	EntityExpression subjectRole = definingCred.getSubject();
224	ResultEvidenceMap sensFrontier = frontier.getSensFrontier(subjectRole);
225	Iterator sens = sensFrontier.resultSet().iterator();
226	debug("process", "sensfrontier = " + sensFrontier.resultSet());
227	debug("process", "subject role = " + subjectRole);
228
229	while(sens.hasNext() && !isSensFrontiered) {
230	EntityExpression e = (EntityExpression)sens.next();
231	debug("process", "found sensitive role = " + e);
232	if(e instanceof Entity)continue; // skip entities
233	TrustTarget tt = new TrustTarget(v, e, o);
234	TargetNode frontierChild = (TargetNode)graph.getNodeByHash(tt);
235	if(!implicationChildren.values().contains(frontierChild)) {
236	HashSet chain = frontier.getSensChain(subjectRole, e);
237	chain.add(definingCred);
238	graph.addImplicationEdge(getGoal(), tt, chain);
239	children.add(graph.getNode(tt));
240	}
241	}
242	isSensFrontiered = true;
243	}
244	debug("process", "------------End opponentSensProcess-------------");
245
246	}
247
248	/**
249	* Processing that occurs if the negotiation for this context is the
250	* the opponent. This method matches the algorithm in section 5.4
251	*/
252	public void opponentProcess(NegotiationContext context) {
253	EntityExpression s = getSubject();
254	//Entity o = context.getOpponent();
255	Entity o = context.getSelf();
256	Role aDotR = getRoleExpression();
257	FrontierManager frontier = context.getFrontier();
258	debug("process", "opponent processing -- " + toString());
259	try {
260	if(!o.equals(s)) {
261	debug("process", "opponent processing with simp frontier");
262	opponentProcess(context, frontier.getSimpFrontier(aDotR), true);
263	}
264	else if(frontier.isSensitive(aDotR)) {
265	debug("process",
266	"opponent processing sensitive role: " + aDotR);
267	opponentSensProcess(context);
268	}
269	else {
270	debug("process", "opponent processing with sens frontier");
271	opponentProcess(context, frontier.getSensFrontier(aDotR), false);
272	}
273	} catch(Exception ex) {
274	debug("process", "WARNING ONLY!");
275	ex.printStackTrace();
276	debug("process", "WARNING ONLY!");
277	}
278	}
279
280
281	private boolean addControlEdge(Entity v,
282	EntityExpression e,
283	EntityExpression s) {
284	return false;
285	}
286
287
288	/**
289	* Records the new state and then propagates it to the parent listeners.
290	* @param state The new satisfaction state to be propagated.
291	*/
292	public TTGNodeSet receive(TrustTarget source, SatisfactionState state) {
293	TTGNodeSet results = super.receive(source, state);
294	Iterator i = linkingSolutionParents.values().iterator();
295	while(i.hasNext()) {
296	try { // this will fail if the parent is a linking goal
297	LinkingGoalNode parent = (LinkingGoalNode)i.next();
298	TTGNodeSet branchResult =
299	parent.receive((TrustTarget)getGoal(), state);
300	if(branchResult == null && branchResult.size() > 0) {
301	results.addAll(branchResult);
302	}
303	}
304	catch(Exception ex) { // to print out exception uncomment
305	ex.printStackTrace();
306	}
307	}
308	return results;
309	}
310
311	/** Add a linking solution parent to this node */
312	public void addLinkingSolutionParent(LinkingGoalNode parent) {
313	if(parent != null){
314	debug("node", "adding implication parent");
315	linkingSolutionParents.add(parent);
316	parent.receive((TrustTarget)getGoal(), satisfier);
317	}
318	}
319
320	/** Add a control child to this node */
321	public void addControlChild(TargetNode child) {
322	controlChildren.add(child);
323	}
324
325	/**
326	* Convenience method for creating a target and catching potential
327	* exceptions that may occur.
328	*/
329	protected TrustTarget createTarget(NegotiationContext context,
330	EntityExpression ex) {
331	try {
332	return new TrustTarget(context.getSelf(), ex, getSubject());
333	}
334	catch(Exception x) {
335	x.printStackTrace();
336	}
337	return null;
338	}
339	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: