Clover

Clover Coverage Report

Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT

FRAMES NO FRAMES SHOW HELP

Statistics for file MSoDRule.java:
Stmts:	62	LOC:	249	Total cmp:	23	Stmts/Method:	10.33
Branches:	36	NCLOC:	112	Cmp density:	0.45	Methods/Class:	6
Methods:	6			Avg method cmp:	4.67
Classes:	1
Filtered

Expand All

MSoDRule

Line # 66

Total Statements 62

Complexity 23

TOTAL Coverage 91.3%

0.91346157

No Tests

Collapse All

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this

* list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,

* this list of conditions and the following disclaimer in the documentation

* and/or other materials provided with the distribution.

* 1. Neither the name of the University of Kent nor the names of its

* contributors may be used to endorse or promote products derived from this

* software without specific prior written permission.

* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

* PURPOSE ARE DISCLAIMED.

* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

* POSSIBILITY OF SUCH DAMAGE.

* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE

* IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS

* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS

* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH

* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH

* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY

* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE

* SERIOUS FAULTS, IN THIS SOFTWARE.

* 5. This license is governed, except to the extent that local laws

* necessarily apply, by the laws of England and Wales.

package issrg.pba.rbac.policies;

import issrg.pba.PbaException;

import issrg.pba.rbac.xmlpolicy.XMLPolicyParser;

import issrg.pba.rbac.Argument;

import java.util.Map;

import java.util.Hashtable;

import java.util.Vector;

import issrg.pba.rbac.*;

/**

* This is the class representing the MSoD rule. It determines

* whether the request is allowed by this MSoD rule.

* <p>

* @author W. Xu

* @version 0.1

public class MSoDRule {

/**

* This is where the MSoD Rules are stored

protected java.util.Vector mmerVec; // an mmer vector

protected java.util.Vector mmepVec; // an mmep vector

protected String contextName;

protected ContextNamePrincipal policyDN = null;

String firstAction, firstTarget, lastAction, lastTarget;

protected MSoDRule(){}

/**

* This constructor creates the MSoDRule object.

* @params context is the policy context for this MSoD rule

* @params firstAction is the first action in this policy context

* @params firstTarget is the target of the first action

* @params lastAction is the last action in this policy context

* @params lastTarget is the target of the last action

* @params mmerv is a vector of the MMER rules in the MSoD policy for this policy context

* @params mmepv is a vector of the MMEP rules in the MSoD policy for this policy context

public MSoDRule(String context, String firstAction,String firstTarget, String lastAction,String lastTarget, java.util.Vector mmerv, java.util.Vector mmepv) {

contextName = context;

this.firstAction = firstAction;

this.firstTarget = firstTarget;

this.lastAction = lastAction;

this.lastTarget = lastTarget;

mmerVec = mmerv;

100

mmepVec = mmepv;

101

try {

102

policyDN = new ContextNamePrincipal(contextName);

103

}

104

catch (Exception e) {

105

e.printStackTrace(System.err);

106

}

107

108

}

109

110

/**

111

* This method is for determining if a context instance is governed by this MSoD rule, ie if the context instance is contained

112

* by the policy context in this MSoD rule.

113

114

* @param instanceDN is the input context instance.

115

116

* @return true if instanceDN is contained by the policy context of this MSoD rule; otherwise false.

117

118

334

public boolean contains(ContextNamePrincipal instanceDN){

119

120

334

if ( policyDN.contains(instanceDN) ) { // for hierarchical naming structure

121

return true;

122

}

123

285

return false;

124

}

125

126

/**

127

* This method returns the policy context of this MSoD rule.

128

129

* @return the ContextNamePrincipal of this MSoD rule.

130

131

public ContextNamePrincipal getPolicyContext(){

132

return policyDN;

133

134

}

135

136

/**

137

* This method is to determine if the input action and target is the last step in this context.

138

139

* @param actionName is the action.

140

* @param targetName is the target of the action

141

142

* @return true if the action and target is the last step in this context in this MSoD rule; otherwise false.

143

144

public boolean isLastStep(String actionName, String targetName){

145

if ((lastAction!= null && lastTarget!= null) && actionName.compareTo(lastAction)==0 && targetName.compareTo(lastTarget) == 0) {

146

return true;

147

}

148

return false;

149

}

150

151

/**

152

* This method is to determine if this MSoD rule applies to this user access request.

153

* If this MSoD rule applies, then it means the user access request has broken the MSoD rule and it should be forbidden by this

154

* MSoD rule, and this method will return true; otherwise this method will return false.

155

156

* @param retainedADI is the retained ADI, it contains the access request decisions in history

157

* @param creds is the user credential

158

* @param subject is the user subject

159

* @param a is the user action

160

* @param t is the user requested target

161

* @param environment is the environment of the decision by PERMIS

162

* @param instanceDN is the context instance name of this user requested action

163

164

* @return true if this MSoD rule applies to this user requested access; otherwise false.

165

166

public boolean separationOfDutiesApplies( RetainedADI retainedADI,

167

issrg.pba.Credentials creds,

168

issrg.pba.Subject subject, issrg.pba.Action a,

169

issrg.pba.Target t, java.util.Map environment,

170

ContextNamePrincipal instanceDN){

171

String userID = (String) ( (issrg.pba.rbac.PermisSubject)subject).getName();

172

173

Vector userCredsVec = ((SetOfSubsetsCredentials)creds).getValue();

174

//array of ExpirableCredentials, possessed by the user

175

176

String actionName = a.getActionName();

177

String targetName = ((PermisTarget)t).getName();

178

179

Vector roleVec = null;

180

Vector historyVector = retainedADI.getHistoryRecords(policyDN, instanceDN, userID) ; // vector of Decision Record

181

issrg.pba.Credentials historySSC = null; // SSC is short for SetOfSubsetsCredentials

182

183

int historySize = (historyVector==null)?0:historyVector.size();

184

for (int j = 0; j< historySize ; ++j ) {

185

DecisionRecord dr = (DecisionRecord) historyVector.get(j);

186

if (historySSC == null) {

187

historySSC = dr.getCreds();

188

} else {

189

historySSC.union(dr.getCreds() );

190

}

191

}

192

if (historySSC!= null) {

193

roleVec = ((SetOfSubsetsCredentials)historySSC).getValue();

194

}

195

196

if (mmerVec != null ) {

197

boolean matchResult = false;

198

for (int i = 0; i<mmerVec.size(); ++i) {

199

MMERUnit mmerUnit = (MMERUnit) mmerVec.get(i);

200

mmerUnit.startMatch();

201

matchResult = mmerUnit.MMERMatches(userCredsVec);

202

if (matchResult ){ // if true: ForbiddenCardinality reached

203

return true;

204

} else if (mmerUnit.getMatchCount() == 0 ) {

205

continue; // this mmerUnit doesn't apply to this access request; so try next

206

}

207

208

if (historyVector == null) {

209

continue;

210

}

211

212

if (roleVec!=null && mmerUnit.MMERMatches(roleVec ) ) { // if true: ForbiddenCardinality reached

213

return true;

214

}

215

}

216

}

217

218

if (historyVector == null) { // because without past history, the current action should

219

//always be granted if TAP allows it

220

return false;

221

}

222

if ( mmepVec != null ) {

223

boolean matchResult = false;

224

for (int i = 0; i<mmepVec.size(); ++i) {

225

MMEPUnit mmepUnit = (MMEPUnit) mmepVec.get(i);

226

mmepUnit.startMatch();

227

matchResult = mmepUnit.MMEPMatches(actionName, targetName);

228

229

if ( mmepUnit.getMatchCount() == 0 ) {

230

continue; // this mmepUnit doesn't apply to this access request; so try next

231

}

232

233

historySize = historyVector.size();

234

for (int j = 0; j< historySize ; ++j ) {

235

DecisionRecord dr = (DecisionRecord) historyVector.get(j);

236

if ( mmepUnit.MMEPMatches(dr.getAction(), dr.getTarget() ) ) {

237

return true;

238

}

239

}

240

}

241

}

242

243

return false;

244

}

245

246

247

}

248

249