Clover Coverage Report
Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT
62   249   23   10.33
36   112   0.45   6
6     4.67  
1    
 
 
  MSoDRule       Line # 66 62 23 91.3% 0.91346157
 
No Tests
 
1    /*
2    * Copyright (c) 2006, University of Kent
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are met:
7    *
8    * Redistributions of source code must retain the above copyright notice, this
9    * list of conditions and the following disclaimer.
10    *
11    * Redistributions in binary form must reproduce the above copyright notice,
12    * this list of conditions and the following disclaimer in the documentation
13    * and/or other materials provided with the distribution.
14    *
15    * 1. Neither the name of the University of Kent nor the names of its
16    * contributors may be used to endorse or promote products derived from this
17    * software without specific prior written permission.
18    *
19    * 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
20    * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21    * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22    * PURPOSE ARE DISCLAIMED.
23    *
24    * 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
25    * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26    * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27    * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28    * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29    * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30    * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31    * POSSIBILITY OF SUCH DAMAGE.
32    *
33    * 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
34    * IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
35    * SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
36    * SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
37    * GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
38    * TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
39    * IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
40    * SERIOUS FAULTS, IN THIS SOFTWARE.
41    *
42    * 5. This license is governed, except to the extent that local laws
43    * necessarily apply, by the laws of England and Wales.
44    */
45   
46    package issrg.pba.rbac.policies;
47   
48   
49    import issrg.pba.PbaException;
50    import issrg.pba.rbac.xmlpolicy.XMLPolicyParser;
51    import issrg.pba.rbac.Argument;
52    import java.util.Map;
53    import java.util.Hashtable;
54    import java.util.Vector;
55    import issrg.pba.rbac.*;
56   
57    /**
58    * This is the class representing the MSoD rule. It determines
59    * whether the request is allowed by this MSoD rule.
60    * <p>
61    *
62    * @author W. Xu
63    * @version 0.1
64    */
65   
 
66    public class MSoDRule {
67   
68    /**
69    * This is where the MSoD Rules are stored
70    */
71    protected java.util.Vector mmerVec; // an mmer vector
72    protected java.util.Vector mmepVec; // an mmep vector
73   
74    protected String contextName;
75    protected ContextNamePrincipal policyDN = null;
76   
77    String firstAction, firstTarget, lastAction, lastTarget;
78   
 
79  0 toggle protected MSoDRule(){}
80   
81    /**
82    * This constructor creates the MSoDRule object.
83    *
84    * @params context is the policy context for this MSoD rule
85    * @params firstAction is the first action in this policy context
86    * @params firstTarget is the target of the first action
87    * @params lastAction is the last action in this policy context
88    * @params lastTarget is the target of the last action
89    * @params mmerv is a vector of the MMER rules in the MSoD policy for this policy context
90    * @params mmepv is a vector of the MMEP rules in the MSoD policy for this policy context
91    *
92    */
 
93  28 toggle public MSoDRule(String context, String firstAction,String firstTarget, String lastAction,String lastTarget, java.util.Vector mmerv, java.util.Vector mmepv) {
94  28 contextName = context;
95  28 this.firstAction = firstAction;
96  28 this.firstTarget = firstTarget;
97  28 this.lastAction = lastAction;
98  28 this.lastTarget = lastTarget;
99  28 mmerVec = mmerv;
100  28 mmepVec = mmepv;
101  28 try {
102  28 policyDN = new ContextNamePrincipal(contextName);
103    }
104    catch (Exception e) {
105  0 e.printStackTrace(System.err);
106    }
107   
108    }
109   
110    /**
111    * This method is for determining if a context instance is governed by this MSoD rule, ie if the context instance is contained
112    * by the policy context in this MSoD rule.
113    *
114    * @param instanceDN is the input context instance.
115    *
116    * @return true if instanceDN is contained by the policy context of this MSoD rule; otherwise false.
117    */
 
118  334 toggle public boolean contains(ContextNamePrincipal instanceDN){
119   
120  334 if ( policyDN.contains(instanceDN) ) { // for hierarchical naming structure
121  49 return true;
122    }
123  285 return false;
124    }
125   
126    /**
127    * This method returns the policy context of this MSoD rule.
128    *
129    * @return the ContextNamePrincipal of this MSoD rule.
130    */
 
131  3 toggle public ContextNamePrincipal getPolicyContext(){
132  3 return policyDN;
133   
134    }
135   
136    /**
137    * This method is to determine if the input action and target is the last step in this context.
138    *
139    * @param actionName is the action.
140    * @param targetName is the target of the action
141    *
142    * @return true if the action and target is the last step in this context in this MSoD rule; otherwise false.
143    */
 
144  33 toggle public boolean isLastStep(String actionName, String targetName){
145  33 if ((lastAction!= null && lastTarget!= null) && actionName.compareTo(lastAction)==0 && targetName.compareTo(lastTarget) == 0) {
146  3 return true;
147    }
148  30 return false;
149    }
150   
151    /**
152    * This method is to determine if this MSoD rule applies to this user access request.
153    * If this MSoD rule applies, then it means the user access request has broken the MSoD rule and it should be forbidden by this
154    * MSoD rule, and this method will return true; otherwise this method will return false.
155    *
156    * @param retainedADI is the retained ADI, it contains the access request decisions in history
157    * @param creds is the user credential
158    * @param subject is the user subject
159    * @param a is the user action
160    * @param t is the user requested target
161    * @param environment is the environment of the decision by PERMIS
162    * @param instanceDN is the context instance name of this user requested action
163    *
164    * @return true if this MSoD rule applies to this user requested access; otherwise false.
165    */
 
166  32 toggle public boolean separationOfDutiesApplies( RetainedADI retainedADI,
167    issrg.pba.Credentials creds,
168    issrg.pba.Subject subject, issrg.pba.Action a,
169    issrg.pba.Target t, java.util.Map environment,
170    ContextNamePrincipal instanceDN){
171  32 String userID = (String) ( (issrg.pba.rbac.PermisSubject)subject).getName();
172   
173  32 Vector userCredsVec = ((SetOfSubsetsCredentials)creds).getValue();
174    //array of ExpirableCredentials, possessed by the user
175   
176  32 String actionName = a.getActionName();
177  32 String targetName = ((PermisTarget)t).getName();
178   
179  32 Vector roleVec = null;
180  32 Vector historyVector = retainedADI.getHistoryRecords(policyDN, instanceDN, userID) ; // vector of Decision Record
181  32 issrg.pba.Credentials historySSC = null; // SSC is short for SetOfSubsetsCredentials
182   
183  32 int historySize = (historyVector==null)?0:historyVector.size();
184  45 for (int j = 0; j< historySize ; ++j ) {
185  13 DecisionRecord dr = (DecisionRecord) historyVector.get(j);
186  13 if (historySSC == null) {
187  12 historySSC = dr.getCreds();
188    } else {
189  1 historySSC.union(dr.getCreds() );
190    }
191    }
192  32 if (historySSC!= null) {
193  12 roleVec = ((SetOfSubsetsCredentials)historySSC).getValue();
194    }
195   
196  32 if (mmerVec != null ) {
197  32 boolean matchResult = false;
198  56 for (int i = 0; i<mmerVec.size(); ++i) {
199  32 MMERUnit mmerUnit = (MMERUnit) mmerVec.get(i);
200  32 mmerUnit.startMatch();
201  32 matchResult = mmerUnit.MMERMatches(userCredsVec);
202  32 if (matchResult ){ // if true: ForbiddenCardinality reached
203  6 return true;
204  26 } else if (mmerUnit.getMatchCount() == 0 ) {
205  6 continue; // this mmerUnit doesn't apply to this access request; so try next
206    }
207   
208  20 if (historyVector == null) {
209  0 continue;
210    }
211   
212  20 if (roleVec!=null && mmerUnit.MMERMatches(roleVec ) ) { // if true: ForbiddenCardinality reached
213  2 return true;
214    }
215    }
216    }
217   
218  24 if (historyVector == null) { // because without past history, the current action should
219    //always be granted if TAP allows it
220  0 return false;
221    }
222  24 if ( mmepVec != null ) {
223  24 boolean matchResult = false;
224  54 for (int i = 0; i<mmepVec.size(); ++i) {
225  38 MMEPUnit mmepUnit = (MMEPUnit) mmepVec.get(i);
226  38 mmepUnit.startMatch();
227  38 matchResult = mmepUnit.MMEPMatches(actionName, targetName);
228   
229  38 if ( mmepUnit.getMatchCount() == 0 ) {
230  13 continue; // this mmepUnit doesn't apply to this access request; so try next
231    }
232   
233  25 historySize = historyVector.size();
234  28 for (int j = 0; j< historySize ; ++j ) {
235  11 DecisionRecord dr = (DecisionRecord) historyVector.get(j);
236  11 if ( mmepUnit.MMEPMatches(dr.getAction(), dr.getTarget() ) ) {
237  8 return true;
238    }
239    }
240    }
241    }
242   
243  16 return false;
244    }
245   
246   
247    }
248   
249