Clover

Clover Coverage Report

Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT

FRAMES NO FRAMES SHOW HELP

Statistics for file SimplePERMISACPolicyFinder.java:
Stmts:	93	LOC:	270	Total cmp:	32	Stmts/Method:	23.25
Branches:	54	NCLOC:	139	Cmp density:	0.38	Methods/Class:	4
Methods:	4			Avg method cmp:	8.75
Classes:	1
Filtered

Expand All

SimplePERMISACPolicyFinder

Line # 61

Total Statements 93

Complexity 32

TOTAL Coverage 60.9%

0.6092715

No Tests

Collapse All

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this

* list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,

* this list of conditions and the following disclaimer in the documentation

* and/or other materials provided with the distribution.

* 1. Neither the name of the University of Kent nor the names of its

* contributors may be used to endorse or promote products derived from this

* software without specific prior written permission.

* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

* PURPOSE ARE DISCLAIMED.

* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

* POSSIBILITY OF SUCH DAMAGE.

* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE

* IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS

* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS

* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH

* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH

* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY

* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE

* SERIOUS FAULTS, IN THIS SOFTWARE.

* 5. This license is governed, except to the extent that local laws

* necessarily apply, by the laws of England and Wales.

package issrg.pba.rbac.x509;

import issrg.pba.*;

import issrg.pba.rbac.*;

import java.security.Principal;

import org.apache.log4j.Logger;

import issrg.SAWS.*; // added for MSoD

/**

* This is a simple Policy Finder that can be instantiated from an instance of

* an X.509 Attribute Certificate. It is useful to extend from: collect the

* Attribute Certificates, then invoke initPolicyFromACArray to initialise the

* Policy Finder.

* @author gansen

public class SimplePERMISACPolicyFinder extends PolicyFinder{

private Logger logger = Logger.getLogger("issrg.pba.rbac.x509.SimplePERMISACPolicyFinder");

private issrg.pba.AuthzTokenParser tokenParser=CustomisePERMIS.getAuthTokenParser();

protected SimplePERMISACPolicyFinder(){

super();

}

/**

* This constructor builds a Policy Finder given an AC, the identifier of

* the policy and the identity of the policy issuer. Only if the AC holds

* the required policy construction succeeds. This constructor invokes the

* initPolicyFromACArray directly, see that method description for

* additional details.

* @param acBinary - the array of byte arrays, each representing a

* BER-encoded or Base64 encoding of a BER-encoded X.509 AC

* @param policyID - the identifier of the policy to use

* @param SOA - the Principal naming the issuer of the policy (must be the

* Holder and Issuer of the self-signed Attribute Certificate)

* @param SV - the SignatureVerifier to use; if null, digital signatures on

* the ACs are not checked (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)

public SimplePERMISACPolicyFinder(byte[] acBinary, String PolicyId, Principal SOA,

SignatureVerifier SV) throws PbaException {

this();

initPolicyFromACArray(new byte[][]{acBinary}, PolicyId, SOA, SV);

}

//Bassem: added to input log level

public SimplePERMISACPolicyFinder(byte[] acBinary, String PolicyId, Principal SOA,

SignatureVerifier SV, int SATLevel) throws PbaException {

this();

satLevel=SATLevel;

initPolicyFromACArray(new byte[][]{acBinary}, PolicyId, SOA, SV);

}

/**

* This method looks for the right policy among an array of X.509 Attribute

* Certificates. The policy is identified by its Policy ID (OID in PERMIS

100

* XML) and the name of the issuer of the policy. The signatures on the

101

* ACs are validated using the SignatureVerifier provided, if any.

102

103

* @param acBinary - the array of byte arrays, each representing a

104

* BER-encoded or Base64 encoding of a BER-encoded X.509 AC

105

* @param policyID - the identifier of the policy to use

106

* @param SOA - the Principal naming the issuer of the policy (must be the

107

* Holder and Issuer of the self-signed Attribute Certificate)

108

* @param SV - the SignatureVerifier to use; if null, digital signatures on

109

* the ACs are not checked (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)

110

111

112

protected void initPolicyFromACArray(byte[][] acBinary, String policyID, Principal SOA,

113

SignatureVerifier SV) throws PbaException{

114

this.policyOID=policyID.intern();

115

this.sv=SV;

116

117

//Bassem

118

this.soa=SOA.getName();

119

// added for MSoD

120

//Bassem: should create a SAWS if MSoDpolicy exists or if SATlevel>No-info

121

if(sawsServer==null){

122

if(satLevel>SAWSLogLevelConstant.NO_INFO){

123

//Bassem:

124

System.out.println("creating a saws server in simpleACpolicyFinder because of loglevels");

125

sawsServer = new SAWSServer();

126

}

127

}

128

129

130

131

issrg.utils.repository.TokenLocator soaTokenLocator=new issrg.pba.repository.UserEntry(SOA);

132

133

try{

134

issrg.pba.PolicyParser pp = null;

135

Throwable lastError = null; // this variable keeps the errors encountered during parsing the attributes

136

137

String message = "No ACs have been provided";

138

139

boolean selfSignedExists = false;

140

boolean signatureVerified = false;

141

boolean policyAttrExists = false;

142

boolean correctPolicyOID = false;

143

byte[] byteAC=null;

144

issrg.ac.AttributeCertificate ac=null;

145

146

if (acBinary!=null && acBinary.length>0){

147

148

policy_found:

149

for (int i=0; i<acBinary.length; i++){

150

try{

151

byteAC=acBinary[i];

152

ac = issrg.ac.AttributeCertificate.guessEncoding(byteAC);

153

154

if (!(SOA.equals(new LDAPDNPrincipal(issrg.ac.Util.generalNamesToString(ac.getACInfo().getHolder().getEntityName())))

155

&& SOA.equals(new LDAPDNPrincipal(issrg.ac.Util.generalNamesToString(ac.getACInfo().getIssuer().getV1Form()==null?ac.getACInfo().getIssuer().getV2Form().getIssuerName():ac.getACInfo().getIssuer().getV1Form()))))){

156

// not self-issued and is not issued by the SOA

157

continue; // pick next AC

158

}

159

}catch(Exception e){

160

//error occurs, we just ignore and search for the next one

161

lastError=lastError==null ? e : new issrg.utils.ExceptionPairException(lastError, e);

162

continue;

163

}

164

165

if((satLevel>SAWSLogLevelConstant.NO_INFO)&& (sawsServer!=null)){

166

//Bassem: should add the policy information

167

StartedRecord rec2=new StartedRecord(ac.toString());

168

sawsServer.sendLogRecord(rec2.toBytes());

169

// System.out.println("Writing Starting Policy succeeded to SAWS server");

170

}

171

selfSignedExists = true;

172

signatureVerified = false;

173

if (SV!=null) {

174

try{

175

if (!SV.checkSignature(ac.getToBeSignedByteArray(byteAC),

176

(byte[])ac.getSignatureValue().getValue(),

177

ac.getSignatureAlgorithm().getAlgorithm().getID(),

178

soaTokenLocator)) continue;

179

}catch(PbaException pe){

180

lastError=lastError==null ? (Exception)pe : (Exception)new issrg.utils.ExceptionPairException(lastError, pe);

181

continue;

182

}

183

}

184

185

signatureVerified = true;

186

187

policyAttrExists = false;

188

189

java.util.Vector attributes = ac.getACInfo().getAttributes();

190

for (int j=attributes.size(); j-->0; ){

191

issrg.ac.Attribute a = (issrg.ac.Attribute)attributes.get(j);

192

if (a.getType().intern() == issrg.ac.attributes.PMIXMLPolicy.PMI_XML_POLICY_ATTRIBUTE_OID){ // a-ha! :-)

193

policyAttrExists = true;

194

correctPolicyOID = false;

195

196

java.util.Vector values = a.getValues();

197

for (int k=values.size(); k-->0; ){ // looking for the needed Policy there

198

try{

199

issrg.ac.attributes.PMIXMLPolicy pmiPolicy = new issrg.ac.attributes.PMIXMLPolicy((issrg.ac.AttributeValue)values.get(k));

200

pp = new issrg.pba.rbac.xmlpolicy.XMLPolicyParser(removeSystemTag(pmiPolicy.getPolicy()));

201

if (pp.getPolicyID().intern()==policyOID){

202

203

correctPolicyOID = true;

204

if (logger.isDebugEnabled()){

205

logger.debug("Policy Finder Policy:\n"+pmiPolicy.getPolicy());

206

}

207

break policy_found;

208

}

209

}catch (Throwable th){

210

lastError=lastError==null ? th : new issrg.utils.ExceptionPairException(lastError, th);

211

}

212

}

213

214

}

215

pp=null;

216

}

217

}

218

219

if (!correctPolicyOID) message = "No valid AC with a pmiXMLPolicy attribute has a policy with OID "+policyOID;

220

if (!policyAttrExists) message = "Found no valid AC with a pmiXMLPolicy attribute";

221

if (!signatureVerified) message = "Signature verification failed on all self-signed ACs";

222

if (!selfSignedExists) message = "Found no self-signed AC (issuer=holder=SOA)";

223

}

224

225

if (pp==null){ // then there was some error during processing the bunch of ACs

226

PbaException exx= new PbaException(message, lastError);

227

//Bassem: added for SAWS log

228

if((satLevel>SAWSLogLevelConstant.POLICY_CHANGE)&& sawsServer!=null)

229

sawsServer.sendLogRecord(new ExceptionSAWSRecord(exx).toBytes());

230

throw exx;

231

}

232

233

this.parsedPolicy=pp;

234

235

236

237

238

239

if (pp.getMSoDSet() != null) {

240

RetainedADI retainedADI = new RetainedADI(); // to be initialised further by logs

241

//Bassem: new SAWSServer if SAWSServer=null, that is, it is not created above

242

if(sawsServer==null){

243

System.out.println("creating a saws server in simpleACpolicyFinder because of MSoDPolicy");

244

sawsServer = new SAWSServer();

245

}

246

247

msodPolicySet = new issrg.pba.rbac.policies.MSoDPolicySet(pp.getMSoDSet(), retainedADI, sawsServer, pp);

248

}

249

250

allocationPolicy=new issrg.pba.rbac.policies.AllocationPolicy(pp.getAssignmentRules());

251

252

//The following was changed for MSoD ***************************

253

if (msodPolicySet == null)

254

accessPolicy = new issrg.pba.rbac.policies.AccessPolicy(pp.getAccessRules());

255

else

256

accessPolicy = new issrg.pba.rbac.policies.AccessPolicy(pp.getAccessRules(), msodPolicySet);

257

258

259

}catch (Throwable th){

260

PbaException exx= new PbaException(" Policy finder Could not initialise", th);

261

//Bassem: added for SAWS log

262

if((satLevel>SAWSLogLevelConstant.POLICY_CHANGE)&& sawsServer!=null){

263

sawsServer.sendLogRecord(new ExceptionSAWSRecord(exx).toBytes());

264

//should close the log here since no PF object will be created, so this cannot be managed by the application

265

sawsServer.closeLog();

266

}

267

throw exx;

268

}

269

}

270

}