Clover

Clover Coverage Report

Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT

FRAMES NO FRAMES SHOW HELP

Statistics for file DefaultRuleComparator.java:
Stmts:	111	LOC:	240	Total cmp:	54	Stmts/Method:	18.5
Branches:	70	NCLOC:	127	Cmp density:	0.53	Methods/Class:	6
Methods:	6			Avg method cmp:	9.83
Classes:	1
Filtered

Expand All

DefaultRuleComparator

Line # 67

Total Statements 111

Complexity 54

TOTAL Coverage 79.7%

0.79679143

Show Tests (1) Select All Deselect All
Highlight	Test Contribution	Test	Result
	0.7058824	issrg.test.ds.TestDS.testIssuing issrg.test.ds.TestDS.testIssuing	1 PASS

Collapse All

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this

* list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,

* this list of conditions and the following disclaimer in the documentation

* and/or other materials provided with the distribution.

* 1. Neither the name of the University of Kent nor the names of its

* contributors may be used to endorse or promote products derived from this

* software without specific prior written permission.

* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

* PURPOSE ARE DISCLAIMED.

* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

* POSSIBILITY OF SUCH DAMAGE.

* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE

* IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS

* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS

* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH

* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH

* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY

* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE

* SERIOUS FAULTS, IN THIS SOFTWARE.

* 5. This license is governed, except to the extent that local laws

* necessarily apply, by the laws of England and Wales.

* DefaultComparator.java

* Created on February 21, 2006, 9:49 AM

package issrg.pba.rbac.xmlpolicy;

import issrg.pba.Credentials;

import issrg.pba.DelegatableToken;

import issrg.pba.ParsedToken;

import issrg.pba.rbac.ExpirableCredentials;

import issrg.pba.rbac.SetOfSubsetsCredentials;

import issrg.pba.rbac.policies.AssignmentRule;

import java.util.Arrays;

import java.util.Date;

import java.util.Iterator;

import java.util.Vector;

import org.apache.log4j.*;

public class DefaultRuleComparator implements issrg.pba.rbac.RuleComparator, java.util.Comparator {

private Logger logger = Logger.getLogger(DefaultRuleComparator.class);

Object assertion;

/** Creates a new instance of DefaultComparator */

public DefaultRuleComparator() {

}

/**

* This function compare two object o1 and o2 according to the assertion. They are two DelegateableToken objects.

* Order of priority: credentials - validity period - delegation depth.

* Get the delegateable credentials of the two objects and try to compare them with the credentials in the assertion by the

* morePriority function. If one object has more priority than the other then return the value -1 or 1.

* Compare two validity periods of the two objects. If one has more priority then return -1 or 1.

* Compare two delegation depths then return -1 or 1.

* @param o1 is the first object. It is a DelegateableToken object

* @param o2 is the second object. It is a DelegateableToken object.

* @return -1 if o1 is greater or equal o2, otherwise return 1

public int compare(Object o1, Object o2) {

if (!(o1 instanceof ParsedToken && o2 instanceof ParsedToken && o1!=null && o2!=null)) throw new ClassCastException("Two parameters should not be null and must be the instance of ParsedToken class");

DelegatableToken obj1 = (DelegatableToken) o1;

DelegatableToken obj2 = (DelegatableToken) o2;

Credentials credsTok1 = obj1.getDelegateableCredentials();

Credentials credsTok2 = obj2.getDelegateableCredentials();

Credentials assertCred;

if (assertion instanceof AssignmentRule) assertCred = ((AssignmentRule) assertion).getCredentials(); else assertCred = (Credentials) assertion;

Credentials con1, con2;

con1 = credsTok1.intersection(assertCred);

100

con2 = credsTok2.intersection(assertCred);

101

int states = morePriority(con1, con2);

102

if (states == -1) return -1;

103

if (states == 1) return 1;

104

//from here two roleValues are not compareable or they are the same. Continue checking validity time and delegation depth

105

if (con1 instanceof SetOfSubsetsCredentials && con2 instanceof SetOfSubsetsCredentials) {

106

Credentials f1, f2;

107

f1 = (Credentials) ((SetOfSubsetsCredentials)con1).getValue().get(0);

108

f2 = (Credentials) ((SetOfSubsetsCredentials)con2).getValue().get(0);

109

if (f1 instanceof ExpirableCredentials && f2 instanceof ExpirableCredentials) {

110

issrg.pba.rbac.ValidityPeriod vp1 = ((ExpirableCredentials) f1).getValidityPeriod();

111

issrg.pba.rbac.ValidityPeriod vp2 = ((ExpirableCredentials) f2).getValidityPeriod();

112

Date na1 = vp1.getNotAfter();

113

Date nb1 = vp1.getNotBefore();

114

Date na2 = vp2.getNotAfter();

115

Date nb2 = vp2.getNotBefore();

116

if ((nb1.compareTo(nb2) < 0) && (na1.compareTo(na2) >= 0)) return -1;

117

if ((nb1.compareTo(nb2) == 0) && (na1.compareTo(na2) > 0)) return -1;

118

if ((nb2.compareTo(nb1) < 0) && (na2.compareTo(na1) >= 0)) return 1;

119

if ((nb2.compareTo(nb1) == 0) && (na2.compareTo(na1) > 0)) return 1;

120

}

121

}

122

//from here two rolesValues are not compareable (or they are the same) and validity time are not compareable

123

if (assertion instanceof Credentials) return 1;

124

int tok1Depth = obj1.getDepth();

125

int tok2Depth = obj2.getDepth();

126

int requestedDepth = ((AssignmentRule) assertion).getDelegationDepth();

127

if ((tok1Depth == -1) || ((tok1Depth > requestedDepth) && (requestedDepth > -1))) return -1;

128

if ((tok2Depth == -1) || ((tok2Depth > requestedDepth) && (requestedDepth > -1))) return 1;

129

if (tok1Depth >= tok2Depth) return -1; else return 1;

130

}

131

132

/**

133

*This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion,

134

* and sort relevant RARs according to the assertion

135

*@param assertion is either a credentials or a RoleAssignmentRule of the holder that needs to be validated

136

*@param tokens stores all the RARs of issuer

137

*@param holder is the holder of the assertion

138

*@return an array of ParsedToken that is sorted according to the assertion.

139

140

141

560

public synchronized ParsedToken[] predict(Object assertion, Vector tokens, issrg.utils.repository.Entry holder){

142

560

this.assertion = assertion;

143

560

Credentials assertCred;

144

560

if (assertion instanceof AssignmentRule) assertCred = ((AssignmentRule) assertion).getCredentials(); else assertCred = (Credentials) assertion;

145

560

Vector tokensClone = (Vector) tokens.clone();

146

560

SetOfSubsetsCredentials empty = new SetOfSubsetsCredentials();

147

1151

for (Iterator i = tokensClone.iterator(); i.hasNext();) {

148

591

ParsedToken t = (ParsedToken) i.next();

149

591

if (!(t instanceof DelegatableToken)) {

150

i.remove();

151

continue;

152

}

153

573

DelegatableToken dt = (DelegatableToken)t;

154

573

if (dt.getDelegateableCredentials().intersection(assertCred).equals(empty)

155

|| !dt.getSubjectDomain().contains(holder))

156

132

i.remove();

157

}

158

560

ParsedToken[] ret;

159

560

ret = (ParsedToken[]) tokensClone.toArray(new ParsedToken[0]);

160

560

Arrays.sort(ret, this);

161

560

return ret;

162

163

}

164

165

private boolean flag = false;

166

167

1177

public void setFlag (boolean manySOAs) {

168

1177

flag = manySOAs;

169

}

170

171

/** This function test whether the constrained assertion is good enough

172

*@param asRAR is the RoleAssignmentRule of the issuer

173

*@param vaRAR is the validated RoleAssignmentRule of the issuer. Both of these RoleAssignmentRules may be null.

174

*If they are null, it means RoleAssignmentRule of the issuer is totally trusted and we do not care about it.

175

*@param assertion is either a credentials or a RoleAssignmentRule of the holder that needs to be validated

176

*@param validated is a validated credentials or a Vecor of validated RoleAssignmentRules of the holder

177

*@return a boolean value. If it is true then the issuer's RAR is good enough for validating the request and

178

*we do not need to use another issuer'RAR for validating the request. Otherwise, we need to use another RAR

179

*to validate the request.

180

181

182

2360

public boolean isSufficient(AssignmentRule asRAR, AssignmentRule vaRAR, Object assertion, Object validated) {

183

2360

if (asRAR==null && vaRAR==null)

184

{

185

1576

if (!flag) return true;

186

else {

187

1133

if (validated instanceof Credentials) {

188

1126

if (((Credentials) validated).equals(new SetOfSubsetsCredentials())) return false; else return true;

189

} else {

190

if (validated instanceof Vector) {

191

if (!((Vector)validated).isEmpty()) return true; else return false;

192

} else return false;

193

}

194

}

195

}

196

197

784

if (validated instanceof Credentials) {

198

687

if (((Credentials) validated).equals(new SetOfSubsetsCredentials())) return false; else return true;

199

} else {

200

if (validated instanceof Vector) {

201

if (!((Vector)validated).isEmpty()) return true; else return false;

202

} else return false;

203

}

204

205

}

206

207

/**

208

* This function compares two Credentials to find the one that more appropriate to the request.

209

210

211

*@param current is the first Credentials

212

*@param cred is the second Credentials

213

214

*@return -1 if current is greater than cred, 0 if they are equal or not comparable, 1 if current is less than cred

215

216

217

private int morePriority(Credentials current, Credentials cred) {

218

if (current instanceof SetOfSubsetsCredentials && cred instanceof SetOfSubsetsCredentials) {

219

Vector t = ((SetOfSubsetsCredentials)current).getValue();

220

Vector fromCurrent = new Vector();

221

for (int i = 0; i < t.size(); i++) {

222

if (!(t.get(i) instanceof ExpirableCredentials)) return 0;

223

fromCurrent.add(((ExpirableCredentials) t.get(i)).getExpirable());

224

}

225

t = ((SetOfSubsetsCredentials) cred).getValue();

226

Vector fromCred = new Vector();

227

for (int i = 0; i < t.size(); i++) {

228

if (!(t.get(i) instanceof ExpirableCredentials)) return 0;

229

fromCred.add(((ExpirableCredentials) t.get(i)).getExpirable());

230

}

231

SetOfSubsetsCredentials currentSet = new SetOfSubsetsCredentials(fromCurrent);

232

SetOfSubsetsCredentials credSet = new SetOfSubsetsCredentials(fromCred);

233

if (currentSet.contains(credSet) && !currentSet.equals(credSet)) return -1;

234

if (credSet.contains(currentSet) && !currentSet.equals(credSet)) return 1;

235

return 0; //return 0 here if the two set are the same or neither of them contains the other

236

}

237

return 0;

238

}

239

}

240