Clover Coverage Report
Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT
663   1,066   167   31.57
294   809   0.28   21
21     8.9  
1    
 
 
  GetAttributesTest       Line # 90 663 167 21.3% 0.21267894
 
No Tests
 
1    /*
2    * Copyright (c) 2006, University of Kent
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are met:
7    *
8    * Redistributions of source code must retain the above copyright notice, this
9    * list of conditions and the following disclaimer.
10    *
11    * Redistributions in binary form must reproduce the above copyright notice,
12    * this list of conditions and the following disclaimer in the documentation
13    * and/or other materials provided with the distribution.
14    *
15    * 1. Neither the name of the University of Kent nor the names of its
16    * contributors may be used to endorse or promote products derived from this
17    * software without specific prior written permission.
18    *
19    * 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
20    * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21    * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22    * PURPOSE ARE DISCLAIMED.
23    *
24    * 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
25    * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26    * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27    * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28    * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29    * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30    * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31    * POSSIBILITY OF SUCH DAMAGE.
32    *
33    * 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
34    * IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
35    * SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
36    * SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
37    * GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
38    * TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
39    * IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
40    * SERIOUS FAULTS, IN THIS SOFTWARE.
41    *
42    * 5. This license is governed, except to the extent that local laws
43    * necessarily apply, by the laws of England and Wales.
44    */
45    /*
46    * PermisWebService.java
47    *
48    * Created on 30 January 2006, 14:34
49    *
50    * By Linying Su
51    *
52    * To change this template, choose Tools | Options and locate the template under
53    * the Source Creation and Management node. Right-click the template and choose
54    * Open. You can then make changes to the template in the Source Editor.
55    */
56   
57    package issrg.test;
58   
59    import issrg.pba.rbac.x509.RepositoryACPolicyFinder;
60    import issrg.pba.rbac.xmlpolicy.ifstatement.EnvironmentNode;
61    import issrg.pba.rbac.*;
62    import issrg.pba.*;
63    import issrg.utils.handler.AttributeAndValidityPeriod;
64    import issrg.utils.handler.AttributeStatement;
65    import issrg.utils.handler.Binary;
66    import issrg.utils.handler.EncodeXML;
67    import issrg.utils.handler.HandlerServiceException;
68    import issrg.utils.handler.Interpreter;
69    import issrg.utils.handler.SubjectAttributeReference;
70    import issrg.utils.handler.URL;
71    import issrg.utils.handler.XMLParser;
72    import java.io.*;
73    import java.util.*;
74    import issrg.utils.RFC2253NameParser;
75    import issrg.utils.RFC2253ParsingException;
76    import issrg.utils.repository.*;
77    import issrg.security.*;
78    import javax.xml.parsers.*;
79    import org.w3c.dom.*;
80    import issrg.config.files.*;
81    import org.apache.log4j.Logger;
82    import org.apache.log4j.BasicConfigurator;
83   
84   
85   
86    /**
87    *
88    * @author Linying Su
89    */
 
90    public class GetAttributesTest extends Clock {
91   
92    private static PermisRBAC pba = null;
93    static final Date STARTUP=new GregorianCalendar().getTime();
94    private Date time=STARTUP; // by default the clock is set to the time of the application startup
95    private Document doc = null;
96    private GetAttributesTest theClock = null;
97   
98    static PrintStream out = System.out;
99    static PrintStream err = System.err;
100    static String theParentDir = null;
101   
 
102  1 toggle public static void main(String [] args){
103  1 System.setProperty("line.separator", "\r\n");
104  1 if (args.length<1 || args.length>2){
105  0 out.println("Usage: GetAttributesTest [configFile [outputFile]]\n\n<configFile> is a file in format:\n# comments\n<empty lines>\nini: clear | init | (soa | url | rootca | oid | pkc | pkcattribute | ac | acattribute=...)\nenv: clear | (clock | variable=value)\narg: type=value\nusr: dn\ntgt: dn | url\nact: action\ninc: anotherBatchFile\n...: <same format as the previous instruction>\n\nIf <batchFile> is missing, standard input is used. If <outputFile> is missing,\nstandard output is used.");
106  0 if (args.length>2) return;
107    }
108   
109  1 if (args.length==2){
110  1 try{
111  1 out = new PrintStream(new FileOutputStream(args[1]));
112    }catch(IOException ioe){
113  0 out.println("This shouldn't have happened! "+ioe.getMessage());
114    }
115    }
116   
117  1 err=out;
118  1 System.setErr(err);
119  1 try {
120  1 CustomisePERMIS.registerACExtensions();
121    } catch(PbaException pe){
122    // you shouldn't get this error
123  0 pe.printStackTrace(err);
124    }
125    // now both the error stream and output stream are the same stream - easy to log
126   
127    // now let's set the time to UTC, so that the logs are consistent
128  1 java.util.TimeZone tz = java.util.TimeZone.getDefault();
129  1 tz.setRawOffset(0);
130  1 java.util.TimeZone.setDefault(tz);
131   
132  1 try{
133  1 GetAttributesTest test = new GetAttributesTest();
134  1 test.initialise(args[0]);
135  1 out.println(new EncodeXML().encode(test.getAttributes(),0));
136    } catch (HandlerServiceException pe) {
137  0 out.println("error:"+pe);
138  0 out.close();
139    } finally {
140  1 out.close(); // flush and close the output stream
141    }
142    }
143   
144    /**
145    * Creates a new instance of PermisWebService
146    */
147   
 
148  2 toggle public GetAttributesTest() throws HandlerServiceException {
149  2 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
150  2 factory.setValidating(false);
151  2 try {
152  2 this.doc = factory.newDocumentBuilder().newDocument();
153    } catch (ParserConfigurationException pe) {
154  0 throw new HandlerServiceException("error:"+pe);
155    }
156    // if this CVS is run as a web service, the following statement should be commentted out.
157    //if (this.pba==null) this.initialise("init.bat");
158    }
159   
 
160  1 toggle public void initialise(String name) throws HandlerServiceException {
161  1 String soa = null;
162  1 String oid = null;
163  1 AttributeRepository [] ar = null;
164  1 VirtualRepository vr = null;
165  1 SignatureVerifier sv=null;
166  1 Hashtable files = new Hashtable();
167  1 String inputFilename="standard input";
168  1 InputStream in = System.in;
169  1 File parentDir = null;
170   
171  1 try{
172  1 inputFilename=new File(name).toURL().getPath();
173  0 if (files.get(inputFilename)!=null) throw new IOException("can't process "+inputFilename+" recursively");
174  1 File inFile = new File(name);
175  1 in = new FileInputStream(inFile);
176  1 parentDir=inFile.getParentFile();
177  1 if (theParentDir==null) theParentDir=new File(parentDir.getAbsolutePath()).toURL().getPath();
178  1 if (inputFilename.startsWith(theParentDir)) inputFilename=inputFilename.substring(theParentDir.length());
179    }catch(IOException ioe){
180  0 err.println(ioe.getMessage());
181  0 return;
182    }
183  1 files.put(inputFilename, inputFilename);
184   
185  1 out.println("Processing instructions from "+inputFilename);
186   
187  1 Hashtable setup = new Hashtable();
188   
189  1 String prev=""; // this is the instruction in the previous loop
190   
191   
192  1 BufferedReader br=new BufferedReader(new InputStreamReader(in));
193  1 String s=null;
194  1 int line=0;
195  1 try{
196  1 while(true){
197  6 try{
198  6 s=br.readLine();
199  6 boolean breakNow=s==null;
200  6 if (breakNow){
201  1 s="ini: clear"; // this line will cause the final processing of the data collected since the last "ini:"
202    }else{
203  5 line++;
204  5 out.print("# "+line+"\r\n"+s+"\r\n# ");
205    }
206   
207  6 if (s==""){
208  0 out.println("empty line - ignored");
209  6 }else if (s.trim().startsWith("#")){
210  0 out.println("comment - ignored");
211    }else{
212  6 String instruction = s.substring(0, 4).intern();
213  6 boolean newInstr = instruction!="...:";
214  6 if (newInstr) prev=instruction;
215  4 else instruction=prev.intern();
216   
217  6 String rhs = s.substring(4);
218   
219  6 int idx=rhs.indexOf("=");
220  6 String var=rhs, val="";
221  6 if (idx>0){ // found an assignment - then split it into variable and value
222  4 var=rhs.substring(0, idx).trim().intern();
223  4 if ((idx+1)<rhs.length()) val=rhs.substring(idx+1);
224    }
225  6 rhs=rhs.trim().intern();
226   
227    // now rhs is the right-hand-side of the instruction
228    // var is the variable in the assignment, val is the value of the variable.
229   
230  6 if (instruction=="inc:"){ // include another batch file
231  0 out.println("include batch "+rhs);
232  0 this.initialise(rhs); // call it recursively
233  0 out.println("# resume processing of "+inputFilename);
234  6 }else if (instruction=="ini:"){ // setting initialisation parameters for PERMIS RBAC
235  6 if (newInstr){ // a new "ini:" instruction group encountered, or end of file
236    // now is the time to go through all the combinations
237    // ignore
238  2 if (breakNow) break; // end of file reached
239    }
240  5 if (rhs=="init"){
241  1 out.println("initialising PERMIS RBAC...");
242  1 CustomisePERMIS.setSystemClock("issrg.test.GetAttributesTest");
243  1 theClock = (GetAttributesTest)CustomisePERMIS.getSystemClock();
244   
245  1 try{
246  1 soa = (String)setup.get("soa");
247  1 oid = (String)setup.get("oid");
248  1 String rootca = (String)setup.get("rootca");
249  1 byte [] rootcaPKC = null;
250  1 Vector url = (Vector)setup.get("url");
251  1 Vector pkc = (Vector)setup.get("pkc");
252  1 Vector ac = (Vector)setup.get("ac");
253   
254  1 String acattribute = (String)setup.get("acattribute");
255  1 String pkcattribute = (String)setup.get("pkcattribute");
256  1 if (acattribute==null) acattribute=CustomisePERMIS.getAttributeCertificateAttribute();
257  0 else CustomisePERMIS.setAttributeCertificateAttribute(acattribute);
258   
259  1 if (pkcattribute==null) pkcattribute=CustomisePERMIS.getUserCertificateAttribute();
260  0 else CustomisePERMIS.setUserCertificateAttribute(pkcattribute);
261   
262  0 if (soa==null || oid==null) throw new Exception("Mandatory parameters missing: SOA DN and OID of the Policy must be specified");
263   
264  0 if (rootca!=null && pkc==null) pkc=new Vector();
265  0 if (rootca!=null) pkc.add(0, rootca);
266   
267  1 ar = new AttributeRepository[(url==null?0:url.size())+(ac==null?0:1)];
268  1 AttributeRepository [] pr = new AttributeRepository[(url==null?0:url.size())+(pkc==null?0:1)];
269   
270  1 if (url!=null){
271  0 out.println("# connecting to repositories...");
272  0 for (int i=url.size(); i-->0; ){
273  0 out.print("# "+url.get(i)+"...");
274  0 ar[i]=URLHandler.getRepositoryByURL((String)url.get(i));
275  0 pr[i]=ar[i];
276  0 out.println("ok");
277    }
278  0 out.println("# done");
279    }
280   
281  1 if (ac!=null){
282  1 out.println("# loading ACs from files...");
283  1 vr=new VirtualRepository();
284  1 ar[ar.length-1]=vr;
285   
286  3 for(int i=ac.size(); i-->0; ){
287  2 out.print("# "+ac.get(i)+"...");
288  2 File f=new File((String)ac.get(i));
289  2 if (!f.isAbsolute()){
290  2 f=new File(parentDir, f.getPath());
291    }
292  2 byte [] b=new byte[(int)f.length()];
293  2 new FileInputStream(f).read(b);
294  2 vr.populate(issrg.ac.AttributeCertificate.getHolderDN(b), acattribute, b);
295  2 out.println("ok");
296    }
297  1 out.println("# done");
298    }
299   
300  1 if (pkc!=null){ // now rootca is always the first in the list
301  0 out.println("# loading PKCs from files...");
302  0 vr=new VirtualRepository();
303  0 pr[pr.length-1]=vr;
304  0 for(int i=pkc.size(); i-->0; ){ // rootca PKC will always be loaded last
305  0 out.print("# "+pkc.get(i)+"...");
306  0 File f=new File((String)pkc.get(i));
307  0 if (!f.isAbsolute()){
308  0 f=new File(parentDir, f.getPath());
309    }
310  0 rootcaPKC=new byte[(int)f.length()];
311  0 new FileInputStream(f).read(rootcaPKC);
312  0 vr.populate(new iaik.x509.X509Certificate(rootcaPKC).getSubjectDN().getName(), pkcattribute, rootcaPKC);
313  0 out.println("ok");
314    }
315  0 out.println("# done");
316    // now rootcaPKC is the byte array pointing to the last PKC read - the root CA PKC
317    }
318   
319  1 if (rootcaPKC!=null){
320  0 out.println("# setting signature verification...");
321  0 DefaultVerifier dv = new DefaultVerifier();
322  0 dv.setRootCA(rootcaPKC);
323  0 dv.setPKCRepository(new PKCRepository(new MultiRepository(pr)));
324  0 sv=new SimpleSignatureVerifier(dv);
325  0 out.println("# done");
326    } else{
327  1 out.println("# signature verification is disabled");
328    }
329  1 out.println("# creating PERMIS RBAC object...");
330  1 CustomisePERMIS.configureX509Flavour();
331  1 MultiRepository mr = new MultiRepository(ar);
332  1 this.pba = new PermisRBAC(new RepositoryACPolicyFinder(mr, oid, new LDAPDNPrincipal(soa), sv), mr, null);
333  1 out.println("# done");
334    } catch (Exception pe){
335  0 out.println("# failed");
336  0 pe.printStackTrace();
337    }
338  4 } else if (rhs=="clear"){
339  0 out.println("reset initialisation parameters for PERMIS RBAC");
340  0 setup = new Hashtable();
341    } else{
342  4 out.println("setting initialisation parameters for PERMIS RBAC");
343    //soa | oid | rootca | url | pkc | ac
344  4 if (var=="soa" || var=="oid" || var=="rootca" || var=="acattribute" || var=="pkcattribute"){
345  0 if (setup.get(var)!=null) out.println("# "+var+" is already set to "+setup.get(var)+" - ignored");
346  2 else setup.put(var, val);
347  2 } else if (var=="url" || var=="pkc" || var=="ac"){
348  2 Vector v=(Vector)setup.get(var);
349  2 if (v==null){
350  1 out.println("# set "+var+" to "+val);
351  1 v=new Vector();
352  1 setup.put(var, v);
353    } else{
354  1 out.println("# add "+val+" to collection of "+var);
355    }
356  2 if (var=="url") {
357  0 issrg.utils.ParsedURL pu=issrg.utils.ParsedURL.parseURL(val);
358  0 if (pu!=null) v.add(val);
359  2 } else v.add(val);
360    } else{
361  0 throw new Exception("unknown setting: "+var);
362    }
363    }
364    } else{
365  0 throw new Exception("Invalid instruction line");
366    }
367    }
368    }catch(PbaException pe){
369  0 out.println("Error occured while processing line "+line+": "+pe.getMessage());
370    // don't print the stack trace and don't break the loop - PbaExceptions are part of testing
371    }
372    }
373    }catch(Exception e){
374  0 out.println("Stopped @ "+line+": "+s);
375  0 e.printStackTrace();
376    }
377   
378  1 files.remove(inputFilename);
379    }
380   
 
381  0 toggle private Element createRequestContext(String DNIn) throws HandlerServiceException {
382  0 Element token = this.doc.createElement("wst:RequestSecurityToken");
383  0 token.setAttribute("xmlns:wst","http://schemas.xmlsoap.org/ws/2005/02/trust");
384  0 Element tokenType = this.doc.createElement("wst:TokenType");
385  0 Text text1 = this.doc.createTextNode("urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML");
386  0 tokenType.appendChild(text1);
387  0 Element requestType = this.doc.createElement("wst:RequestType");
388  0 Text text2 = this.doc.createTextNode("http://schemas.xmlsoap.org/ws/2005/02/trust/validate");
389  0 requestType.appendChild(text2);
390  0 Element claim = this.doc.createElement("wst:Claims");
391  0 claim.setAttribute("Dialect","urn:oasis:names:tc:SAML:2.0:assertion:AuthnStatementType");
392  0 Element assertion = this.doc.createElement("saml:Assertion");
393  0 assertion.setAttribute("ID", "Permis-Credential-Validation-Service-V1.0");
394  0 assertion.setAttribute("IssueInstant", this.getTime().toString());
395  0 assertion.setAttribute("Version","2.0");
396  0 assertion.setAttribute("xmlns:saml","urn:oasis:names:tc:SAML:2.0:assertion");
397  0 Element issuer = this.doc.createElement("saml:Issuer");
398  0 Text text3 = this.doc.createTextNode("http://issrg.cs.kent.ac.uk/axis/services/PermisWebService");
399  0 issuer.appendChild(text3);
400  0 Element subject = this.doc.createElement("saml:Subject");
401  0 Element name = this.doc.createElement("saml:NameID");
402  0 name.setAttribute("Format","urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName");
403  0 Text text4 = this.doc.createTextNode(DNIn);
404  0 name.appendChild(text4);
405  0 subject.appendChild(name);
406  0 Element condition = this.doc.createElement("saml:Condition");
407  0 condition.setAttribute("NotBefore",this.getTime().toString());
408  0 condition.setAttribute("NotOnOrAfter",this.getTime().toString());
409  0 assertion.appendChild(issuer);
410  0 assertion.appendChild(subject);
411  0 assertion.appendChild(condition);
412  0 claim.appendChild(assertion);
413  0 token.appendChild(tokenType);
414  0 token.appendChild(requestType);
415  0 token.appendChild(claim);
416  0 return token;
417    }
418   
 
419  0 toggle private Element extractAttributeStatement(Element xmlIn) throws Exception {
420  0 NodeList list0 = xmlIn.getChildNodes();
421  0 for (int i=0; i<list0.getLength(); i++) {
422  0 Node node0 = list0.item(i);
423  0 if (Text.class.isAssignableFrom(node0.getClass())) continue;
424  0 if (node0.getNodeName().equals("wst:RequestedSecurityToken")) {
425  0 NodeList list1 = node0.getChildNodes();
426  0 for (int j=0; j<list1.getLength(); j++) {
427  0 Node node1 = list1.item(j);
428  0 if (Text.class.isAssignableFrom(node1.getClass())) continue;
429  0 if (node1.getNodeName().equals("saml:Assertion")) {
430  0 NodeList list2 = node1.getChildNodes();
431  0 for (int k=0; k<list2.getLength(); k++) {
432  0 Node node2 = list2.item(k);
433  0 if (Text.class.isAssignableFrom(node2.getClass())) continue;
434  0 if (node2.getNodeName().equals("saml:AttributeStatement")) {
435  0 return (Element)node2;
436    }
437    }
438    }
439    }
440    }
441    }
442  0 return null;
443    }
444    // get XACML request context
 
445  0 toggle public Element getCreds(String DNIn, String type) throws Exception {
446  0 Element request = this.doc.createElement("Request");
447  0 request.setAttribute("xmlns","urn:oasis:names:tc:xacml:1.0:context");
448  0 request.setAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance");
449  0 Element typeTag = this.doc.createElement(type);
450  0 typeTag.setAttribute("DN",DNIn);
451  0 Element context = this.createRequestContext(DNIn);
452  0 String response = this.getCreds(context);
453  0 XMLParser parser = new XMLParser(response);
454  0 Element msg = parser.getXmlElement();
455  0 Element statement = this.extractAttributeStatement(msg);
456  0 if (statement==null) {
457  0 request.appendChild(typeTag);
458  0 return request;
459    }
460  0 NodeList list = statement.getChildNodes();
461  0 for (int i=0; i<list.getLength(); i++) {
462  0 Node node = list.item(i);
463  0 if (Text.class.isAssignableFrom(node.getClass())) continue;
464  0 if (node.getNodeName().equals("saml:Attribute")) {
465  0 Element ele = (Element)node;
466  0 String name = ele.getAttribute("Name");
467  0 Element attribute = this.doc.createElement("Attribute");
468  0 String stype = type.toLowerCase();
469  0 String id = new String("urn:oasis:names:tc:xacml:1.0:");
470  0 id += stype+":"+name;
471  0 attribute.setAttribute("AttributeId",id);
472  0 attribute.setAttribute("DataType","http://www.w3.org/2001/XMLSchema#string");
473  0 NodeList list1 = node.getChildNodes();
474  0 for (int j=0; j<list1.getLength(); j++) {
475  0 Node node1 = list1.item(j);
476  0 if (Text.class.isAssignableFrom(node1.getClass())) continue;
477  0 if (node1.getNodeName().equals("saml:AttributeValue")) {
478  0 Element value = this.doc.createElement("AttributeValue");
479  0 NodeList list2 = node1.getChildNodes();
480  0 for (int k=0; k<list2.getLength(); k++) {
481  0 Node node2 = list2.item(k);
482  0 if (Text.class.isAssignableFrom(node2.getClass())) {
483  0 String val = node2.getNodeValue();
484  0 val = val.trim();
485  0 Text text = this.doc.createTextNode(val);
486  0 value.appendChild(text);
487    }
488    }
489  0 attribute.appendChild(value);
490    }
491    }
492  0 typeTag.appendChild(attribute);
493    }
494    }
495  0 request.appendChild(typeTag);
496  0 return request;
497    }
498   
499    // get ws-trust security tokens
 
500  0 toggle public String getCreds(Element contextIn) throws Exception {
501  0 Interpreter inter = new Interpreter(contextIn);
502  0 String DNIn = inter.getSubjectDN();
503  0 String ValidLDAPDN = RFC2253NameParser.toCanonicalDN(DNIn);
504  0 if (ValidLDAPDN==null) {
505  0 Element response = this.getResponse(null,inter.getContextRef(),"invalid","invalid DN");
506  0 return new EncodeXML().encode(response,0);
507    }
508  0 ArrayList listOfACs = new ArrayList();
509  0 if (inter.getModel()==Interpreter.PULL) {
510  0 SubjectAttributeReference[] subAttRefs = inter.getSubAttrRefs();
511  0 for (int i=0; i<subAttRefs.length; i++) {
512  0 String url = subAttRefs[i].getReference();
513  0 URL urlC = new URL(url);
514  0 String method = urlC.getMethod();
515  0 String address = urlC.getAddress();
516  0 String port = urlC.getPort();
517  0 String base = urlC.getBaseDN();
518  0 if (base==null) base="dc=issrg,dc=uok";
519  0 if (port==null) port="-1";
520  0 int pN = new Integer(port).intValue();
521    /*
522    ArrayList list = this.getAttributeCertificates(ValidLDAPDN,method,address,pN,base);
523    if (list!=null) listOfACs.addAll(list);
524    */
525    }
526  0 } else if (inter.getModel()==Interpreter.PUSH) {
527  0 AttributeStatement[] statement = inter.getAttributeStatements();
528  0 for (int i=0; i<statement.length; i++) {
529  0 AttributeStatement attSt = statement[i];
530  0 String url = attSt.getRepository();
531  0 String[] ACs = attSt.getBinaryTokens();
532  0 ArrayList localList = new ArrayList();
533  0 for (int j=0; j<ACs.length; j++) {
534  0 String binary = ACs[j];
535  0 if (binary==null) continue;
536  0 byte [] b=new byte[binary.length()];
537  0 b = binary.getBytes();
538    /*
539    Base64 base64 = new Base64();
540    byte [] ac = base64.decode(b);
541    String AcDN = issrg.ac.AttributeCertificate.getHolderDN(ac);
542    String ValidLDAPDN1 = RFC2253NameParser.toCanonicalDN(AcDN);
543    if (ValidLDAPDN1==null) continue;
544    if (!DNIn.equals(AcDN)) continue;
545    Binary cert = new Binary(ac);
546    listOfACs.add(cert);
547    localList.add(cert);
548    */
549    }
550  0 if (url!=null) {
551  0 Binary [] localACs = new Binary[localList.size()];
552  0 localACs = (Binary[])localList.toArray(localACs);
553  0 byte[][] creds = new byte[localACs.length][];
554  0 for (int k=0; k<localACs.length; k++) creds[k] = localACs[k].getBinaryValue();
555  0 URL urlC = new URL(url);
556  0 String method = urlC.getMethod();
557  0 String address = urlC.getAddress();
558  0 String port = urlC.getPort();
559  0 String base = urlC.getBaseDN();
560  0 if (base==null) base="dc=issrg,dc=uok";
561  0 if (port==null) port="-1";
562  0 int pN = new Integer(port).intValue();
563    /*
564    try {this.addAttributeCertificates(DNIn,creds,method,address,pN,base);}
565    catch (Exception e) {
566    Element response = this.getResponse(null,inter.getContextRef(),"invalid","can not store the ACs in "+url);
567    return new EncodeXML().encode(response,0);
568    }
569    */
570    }
571    }
572  0 } else if (inter.getModel()==Interpreter.INDETERMINATE) {
573  0 Element response = this.getResponse(null,inter.getContextRef(),"invalid","invalid request context");
574  0 return new EncodeXML().encode(response,0);
575    }
576  0 LDAPDNPrincipal user = new LDAPDNPrincipal(ValidLDAPDN);
577  0 try {
578  0 Subject subject = null;
579  0 Binary [] ACs = new Binary[listOfACs.size()];
580  0 ACs = (Binary[])listOfACs.toArray(ACs);
581  0 if (ACs.length==0) subject=this.pba.getCreds(user);
582    else {
583  0 byte[][] creds = new byte[ACs.length][];
584  0 for (int i=0; i<ACs.length; i++) creds[i] = ACs[i].getBinaryValue();
585  0 subject=this.pba.getCreds(user,creds);
586    }
587  0 if (subject==null) {
588  0 Element response = this.getResponse(null,inter.getContextRef(),"invalid","Subject is null");
589  0 return new EncodeXML().encode(response,0);
590    }
591  0 Credentials creds=subject.exportCreds();
592  0 Element samlAssertion = null;
593  0 samlAssertion = this.getSamlAssertion(creds, DNIn);
594  0 Element response = this.getResponse(samlAssertion,inter.getContextRef(),"valid",null);
595  0 return new EncodeXML().encode(response,0);
596    } catch (Exception e) {
597  0 Element response = this.getResponse(null,inter.getContextRef(),"invalid",e.getLocalizedMessage());
598  0 return new EncodeXML().encode(response,0);
599    }
600    }
601   
 
602  0 toggle private Element getSamlAssertion(Credentials creds,String DNIn) throws Exception {
603  0 Element subAtts = null;
604  0 ArrayList list = this.getAttributesAndValidityPeriods(creds);
605  0 subAtts = doc.createElement("saml:Assertion");
606  0 subAtts.setAttribute("ID", "Permis-Credential-Validation-Service-V1.0");
607  0 subAtts.setAttribute("IssueInstant", this.getTime().toString());
608  0 subAtts.setAttribute("Version","2.0");
609  0 subAtts.setAttribute("xmlns:saml","urn:oasis:names:tc:SAML:2.0:assertion");
610  0 if (list.size()<1) return subAtts;
611  0 Element issuer = doc.createElement("saml:Issuer");
612  0 Text text1 = doc.createTextNode("http://issrg.cs.kent.ac.uk/axis/services/PermisWebService");
613  0 issuer.appendChild(text1);
614  0 subAtts.appendChild(issuer);
615  0 Element subject = doc.createElement("saml:Subject");
616  0 Element identifier = doc.createElement("saml:NameID");
617  0 identifier.setAttribute("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName");
618  0 Text text2 = doc.createTextNode(DNIn);
619  0 identifier.appendChild(text2);
620  0 subject.appendChild(identifier);
621  0 subAtts.appendChild(subject);
622  0 Element condition = doc.createElement("saml:Conditions");
623  0 Element statement = doc.createElement("saml:AttributeStatement");
624  0 Date notBefore = null, notAfter = null;
625  0 for (Iterator i=list.iterator();i.hasNext();) {
626  0 AttributeAndValidityPeriod pair = (AttributeAndValidityPeriod)i.next();
627  0 Element attribute = doc.createElement("saml:Attribute");
628  0 attribute.setAttribute("Name", pair.getRoleType());
629  0 Element attributeValue = doc.createElement("saml:AttributeValue");
630  0 Text text = doc.createTextNode(pair.getRoleValue().trim());
631  0 attributeValue.appendChild(text);
632  0 attribute.appendChild(attributeValue);
633  0 statement.appendChild(attribute);
634  0 if (notBefore==null) notBefore = pair.getNotBefore();
635  0 else if (notBefore.before(pair.getNotBefore())) notBefore = pair.getNotBefore();
636  0 if (notAfter==null) notAfter = pair.getNotAfter();
637  0 else if (notAfter.after(pair.getNotAfter())) notAfter = pair.getNotAfter();
638    }
639  0 condition.setAttribute("NotBefore", notBefore.toString());
640  0 condition.setAttribute("NotOnOrAfter", notAfter.toString());
641  0 subAtts.appendChild(condition);
642  0 subAtts.appendChild(statement);
643  0 return subAtts;
644    }
645   
 
646  0 toggle private Element getResponse(Element samlIn,String ctxRefIn, String status, String reason) throws Exception {
647  0 Element res = doc.createElement("wst:RequestSecurityTokenResponse");
648  0 res.setAttribute("xmlns:wst","http://schemas.xmlsoap.org/ws/2005/02/trust");
649  0 if (ctxRefIn!=null)
650  0 res.setAttribute("Context",ctxRefIn);
651  0 Element tokenType = doc.createElement("wst:TokenType");
652  0 Text text1 = doc.createTextNode("urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML");
653  0 tokenType.appendChild(text1);
654  0 res.appendChild(tokenType);
655  0 if (status.equals("valid")) {
656  0 Element requested = doc.createElement("wst:RequestedSecurityToken");
657  0 requested.appendChild(samlIn);
658  0 res.appendChild(requested);
659    }
660  0 Element statusCode = doc.createElement("wst:Status");
661  0 Element code = doc.createElement("wst:Code");
662  0 Text text2 = null;
663  0 if (status.equals("valid")) {
664  0 text2 = doc.createTextNode("http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid");
665    } else {
666  0 text2 = doc.createTextNode("http://schemas.xmlsoap.org/ws/2005/02/trust/status/invalid");
667    }
668  0 code.appendChild(text2);
669  0 statusCode.appendChild(code);
670  0 if (reason!=null) {
671  0 Element reasonCode = doc.createElement("wst:Reason");
672  0 Text text3 = doc.createTextNode(reason);
673  0 reasonCode.appendChild(text3);
674  0 statusCode.appendChild(reasonCode);
675    }
676  0 res.appendChild(statusCode);
677  0 return res;
678    }
679   
 
680  0 toggle private ArrayList getAttributesAndValidityPeriods(Credentials creds) {
681  0 ArrayList list = new ArrayList();
682  0 AttributeAndValidityPeriod pair = null;
683  0 if (ExpirableCredentials.class.isAssignableFrom(creds.getClass())) {
684  0 ExpirableCredentials ecs = (ExpirableCredentials)creds;
685  0 RoleBasedCredentials rbcs = (RoleBasedCredentials)ecs.getExpirable();
686  0 ValidityPeriod vp = ecs.getValidityPeriod();
687  0 pair = new AttributeAndValidityPeriod(rbcs, vp);
688  0 list.add(pair);
689    } else {
690  0 SetOfSubsetsCredentials screds = (SetOfSubsetsCredentials)creds;
691  0 Vector vector = screds.getValue();
692  0 for (Iterator i=vector.iterator();i.hasNext();) {
693  0 Credentials subsets = (Credentials)i.next();
694  0 ArrayList subList = new ArrayList();
695  0 subList = this.getAttributesAndValidityPeriods(subsets);
696  0 list.addAll(subList);
697    }
698    }
699  0 return list;
700    }
701   
702    /**
703    * The time is stopped forever, so the latch returns the same as getTime()
704    */
 
705  0 toggle public Date latch(){
706  0 return this.getTime();
707    }
708   
 
709  0 toggle public Date getTime(){
710  0 return this.time;
711    }
712   
713    /**
714    * This method returns the time encoded as a string.
715    *
716    * @param timeString - the time to set; the format is the same as the string representation of time in the policy, e.g. "2005-09-25T23:59:59"
717    * @return the Date representing the specified time.
718    */
 
719  0 toggle public Date toTime(String timeString) throws IllegalArgumentException{
720  0 int [] t = new Time(timeString).getEvaluationTime();
721  0 Calendar c = new GregorianCalendar();
722  0 c.set(t[0], t[1], t[2], t[3], t[4], t[5]);
723  0 return c.getTime();
724    }
725   
726    /**
727    * This method sets the current time. Initially the time is set to
728    * the time of the application startup.
729    *
730    * @param time - the time to set.
731    */
 
732  0 toggle public void setTime(Date time){
733  0 this.time=time;
734    }
735   
 
736  0 toggle private byte[][] getUniqueValues(byte[][] valueIn) {
737  0 ArrayList result = new ArrayList();
738  0 result.add(valueIn[0]);
739  0 for (int i=1; i<valueIn.length; i++) {
740  0 boolean found = false;
741  0 for (Iterator j=result.iterator();j.hasNext();) {
742  0 byte[] node = (byte[])j.next();
743  0 boolean equal = false;
744  0 if (node.length==valueIn[i].length) {
745  0 equal=true;
746  0 for (int k=0; k<node.length; k++) {
747  0 if (node[k]!=valueIn[i][k]) equal=false;
748  0 if (!equal) break;
749    }
750  0 if (equal) found= true;
751  0 if (found) break;
752    }
753    }
754  0 if (!found) result.add(valueIn[i]);
755    }
756  0 byte[][] fr = new byte[result.size()][];
757  0 fr = (byte[][])result.toArray(fr);
758  0 return fr;
759    }
760    /*
761    private void addAttributeCertificates(String dn, byte[][] acIn, String method, String address, int port, String baseDN) throws Exception {
762    if (acIn.length==0) return;
763    byte[][] ac = this.getUniqueValues(acIn);
764    if (method==null) method="ldap";
765    if (!method.equals("ldap")) return;
766    LDAPConnection ldap = new LDAPConnection();
767    ldap.connect(address,port>0?port:389);
768    ldap.bind("cn=root,dc=issrg,dc=uok","secret");
769    LDAPEntry foundEntry = null;
770    dn +=","+baseDN;
771    try {
772    foundEntry = ldap.read(dn);
773    } catch (LDAPException ee) {
774    int code = ee.getLDAPResultCode();
775    if (code==ee.NO_SUCH_OBJECT) throw new Exception("no account");
776    else throw new Exception("LDAP failure: "+ee);
777    }
778    LDAPAttributeSet set = foundEntry.getAttributeSet();
779    boolean exist = false;
780    for (int i=0;i<set.size();i++) {
781    LDAPAttribute att = set.elementAt(i);
782    if (att.getName().equals("attributeCertificateAttribute")) {
783    exist = true;
784    for (int k=0; k<ac.length; k++) {
785    Enumeration values = att.getByteValues();
786    boolean found = false;
787    while (values.hasMoreElements()) {
788    byte[] value = (byte[])values.nextElement();
789    boolean eq = false;
790    if (value.length==ac[k].length) {
791    eq = true;
792    for (int j=0;j<ac[k].length;j++) {
793    if (ac[k][j]!=value[j]) {
794    eq = false;
795    break;
796    }
797    }
798    if (eq) found = true;
799    }
800    if (found) break;
801    }
802    if (!found) {
803    LDAPAttribute attr = new LDAPAttribute("attributeCertificateAttribute",ac[k]);
804    LDAPModification singleChange = new LDAPModification( LDAPModification.ADD, attr);
805    ldap.modify(dn, singleChange );
806    }
807    }
808    }
809    }
810    if (!exist) {
811    for (int k=0; k<ac.length; k++) {
812    LDAPAttribute attr = new LDAPAttribute("attributeCertificateAttribute",ac[k]);
813    LDAPModification singleChange = new LDAPModification( LDAPModification.ADD, attr);
814    ldap.modify(dn, singleChange );
815    }
816    }
817    }
818   
819    private ArrayList getAttributeCertificates(String dn, String method, String address, int port, String baseDN) throws Exception {
820    ArrayList result=null;
821    if (method==null) method="ldap";
822    if (!method.equals("ldap")) return null;
823    LDAPConnection ldap = new LDAPConnection();
824    ldap.connect(address,port>0?port:389);
825    ldap.bind("cn=root,dc=issrg,dc=uok","secret");
826    LDAPEntry foundEntry = null;
827    dn +=","+baseDN;
828    try {
829    foundEntry = ldap.read(dn);
830    } catch (LDAPException ee) {
831    return null;
832    }
833    LDAPAttributeSet set = foundEntry.getAttributeSet();
834    for (int i=0;i<set.size();i++) {
835    LDAPAttribute att = set.elementAt(i);
836    if (att.getName().equals("attributeCertificateAttribute")) {
837    result = new ArrayList();
838    Enumeration enums = att.getByteValues();
839    while (enums.hasMoreElements()) {
840    byte[] ac = (byte[])enums.nextElement();
841    Binary cert = new Binary(ac);
842    result.add(cert);
843    }
844    }
845    }
846    return result;
847    }
848    */
849    // get environmental attributes from the current policy
 
850  1 toggle public Element getAttributes() throws HandlerServiceException {
851  1 Element attribute = this.doc.createElement("Attributes");
852  1 attribute.setAttribute("xmlns","urn:oasis:names:tc:xacml:1.0:context");
853  1 out.println("call PermisRBAC to get environmental attributes");
854  1 EnvironmentNode [] nodes = this.pba.getEnvAttributes();
855  1 ArrayList list = new ArrayList();
856  3 for (int i=0; i<nodes.length; i++) {
857  2 EnvironmentNode node = nodes[i];
858  2 Map map = node.getAttributes();
859  2 String name = (String)map.get(node.PARAMETER_ATTRIBUTE);
860  0 if (list.contains(name)) continue;
861  2 list.add(name);
862  2 String type = node.getType();
863  2 type = type.toLowerCase();
864  2 Element attr = this.doc.createElement("Attribute");
865  2 attr.setAttribute("AttributeId","urn:oasis:names:tc:xacml:1.0:environment:"+name);
866  2 attr.setAttribute("DataType","http://www.w3.org/2001/XMLSchema#"+type);
867  2 attribute.appendChild(attr);
868    }
869  1 return attribute;
870    }
871    // make an authz decision and return XACML response
 
872  0 toggle public Element decision(Element reqCtx) throws HandlerServiceException {
873  0 Subject subject = null;
874  0 PermisTarget target = null;
875  0 Hashtable env = new Hashtable();
876  0 Element response = this.doc.createElement("Response");
877  0 response.setAttribute("xmlns","");
878  0 Element result = this.doc.createElement("Result");
879  0 result.setAttribute("ResourceId",this.getId(reqCtx,"Resource"));
880  0 Element status = this.doc.createElement("Status");
881  0 Element statuscode = this.doc.createElement("StatusCode");
882  0 statuscode.setAttribute("Value","urn:oasis:names:tc:xacml:1.0:status:ok");
883  0 status.appendChild(statuscode);
884  0 Element decision = this.doc.createElement("Decision");
885  0 try {
886  0 String subjectDN = this.getId(reqCtx,"Subject");
887  0 subject = this.pba.getCreds(new LDAPDNPrincipal(subjectDN));
888  0 String tgt = this.getId(reqCtx,"Resource");
889  0 String proto = null;
890  0 try{
891  0 proto=URLHandler.getProtocolName(tgt);
892    }catch(BadURLException bue){ /* ignore it */ }
893  0 if (proto!=null && URLHandler.getURLHandler(proto)!=null){ // it is a URL then
894  0 target = new PermisTarget(tgt);
895    }else{ // well, it must be a LDAP DN then
896  0 target = new PermisTarget(tgt, null); // this time it is treated as a DN + a null array of object classes
897    }
898  0 Action act = new PermisAction(this.getActionType(reqCtx), (Argument[])this.getActionParameters(reqCtx).toArray(new Argument[0]));
899  0 this.setEnvironment(reqCtx,env);
900  0 Response res = this.pba.authzDecision(subject,act,target,env);
901  0 if (res.isAuthorised()) {
902  0 Text text = this.doc.createTextNode("Permit");
903  0 decision.appendChild(text);
904  0 result.appendChild(decision);
905  0 result.appendChild(status);
906  0 Obligations obls = res.getObligations();
907  0 String obligations = obls.toString();
908  0 XMLParser parser = new XMLParser(obligations);
909  0 Element msg = parser.getXmlElement();
910  0 result.appendChild(msg);
911    } else {
912  0 Text text = this.doc.createTextNode("NotApplicable");
913  0 decision.appendChild(text);
914  0 result.appendChild(decision);
915  0 result.appendChild(status);
916    }
917    } catch (PbaException pe) {
918  0 throw new HandlerServiceException("error: "+pe);
919    } catch (RFC2253ParsingException re) {
920  0 throw new HandlerServiceException("error: "+re);
921    }
922  0 response.appendChild(result);
923  0 return response;
924    }
925   
 
926  0 toggle private String getId(Element reqCtx, String type) throws HandlerServiceException {
927  0 if (reqCtx.getNodeName().equals("Request")) {
928  0 NodeList list = reqCtx.getChildNodes();
929  0 for (int i=0; i<list.getLength(); i++) {
930  0 Node node = list.item(i);
931  0 if (Text.class.isAssignableFrom(node.getClass())) continue;
932  0 if (node.getNodeName().equals(type)) {
933  0 Element ele = (Element)node;
934  0 String dn = ele.getAttribute("DN");
935  0 if (dn==null) throw new HandlerServiceException("missing DN attribute in "+type);
936  0 else return dn;
937    }
938    }
939    }
940  0 throw new HandlerServiceException("invalid request context");
941    }
942   
 
943  0 toggle private String getActionType(Element reqCtx) throws HandlerServiceException {
944  0 if (reqCtx.getNodeName().equals("Request")) {
945  0 NodeList list = reqCtx.getChildNodes();
946  0 for (int i=0; i<list.getLength(); i++) {
947  0 Node node = list.item(i);
948  0 if (Text.class.isAssignableFrom(node.getClass())) continue;
949  0 if (node.getNodeName().equals("Action")) {
950  0 NodeList list1 = node.getChildNodes();
951  0 for (int j=0; j<list1.getLength(); j++) {
952  0 Node node1 = list1.item(j);
953  0 if (Text.class.isAssignableFrom(node1.getClass())) continue;
954  0 if (node1.getNodeName().equals("Attribute")) {
955  0 Element ele = (Element)node1;
956  0 String attrName = ele.getAttribute("AttributeId");
957  0 if (attrName.equals("urn:oasis:names:tc:xacml:1.0:action:type")) {
958  0 NodeList list2 = node1.getChildNodes();
959  0 for (int k=0; k<list2.getLength(); k++) {
960  0 Node node2 = list2.item(k);
961  0 if (Text.class.isAssignableFrom(node2.getClass())) continue;
962  0 if (node2.getNodeName().equals("AttributeValue")) {
963  0 NodeList list3 = node2.getChildNodes();
964  0 if (list3.getLength()!=1) throw new HandlerServiceException("invalid action attribute value");
965  0 if (Text.class.isAssignableFrom(list3.item(0).getClass())) {
966  0 String value = list3.item(0).getNodeValue();
967  0 value = value.trim();
968  0 return value;
969    }
970    }
971    }
972    }
973    }
974    }
975    }
976    }
977    }
978  0 throw new HandlerServiceException("invalid request context: missing aaction type");
979    }
980   
 
981  0 toggle private Vector getActionParameters(Element reqCtx) throws HandlerServiceException {
982  0 Vector arguments=new Vector();
983  0 if (reqCtx.getNodeName().equals("Request")) {
984  0 NodeList list = reqCtx.getChildNodes();
985  0 for (int i=0; i<list.getLength(); i++) {
986  0 Node node = list.item(i);
987  0 if (Text.class.isAssignableFrom(node.getClass())) continue;
988  0 if (node.getNodeName().equals("Action")) {
989  0 NodeList list1 = node.getChildNodes();
990  0 for (int j=0; j<list1.getLength(); j++) {
991  0 Node node1 = list1.item(j);
992  0 if (Text.class.isAssignableFrom(node1.getClass())) continue;
993  0 if (node1.getNodeName().equals("Attribute")) {
994  0 Element ele = (Element)node1;
995  0 String attrName = ele.getAttribute("AttributeId");
996  0 String pattern = new String("urn:oasis:names:tc:xacml:1.0:action:");
997  0 int index = attrName.indexOf(pattern);
998  0 if (index==0) {
999  0 String arg = attrName.substring(pattern.length());
1000  0 NodeList list2 = node1.getChildNodes();
1001  0 for (int k=0; k<list2.getLength(); k++) {
1002  0 Node node2 = list2.item(k);
1003  0 if (Text.class.isAssignableFrom(node2.getClass())) continue;
1004  0 if (node2.getNodeName().equals("AttributeValue")) {
1005  0 NodeList list3 = node2.getChildNodes();
1006  0 if (list3.getLength()!=1) throw new HandlerServiceException("invalid action attribute value");
1007  0 if (Text.class.isAssignableFrom(list3.item(0).getClass())) {
1008  0 String value = list3.item(0).getNodeValue();
1009  0 value = value.trim();
1010  0 arguments.add(new PermisArgument(arg, value));
1011    }
1012    }
1013    }
1014    }
1015    }
1016    }
1017    }
1018    }
1019    }
1020  0 return arguments;
1021    }
1022   
 
1023  0 toggle private void setEnvironment(Element reqCtx, Hashtable env) throws HandlerServiceException {
1024  0 if (reqCtx.getNodeName().equals("Request")) {
1025  0 NodeList list = reqCtx.getChildNodes();
1026  0 for (int i=0; i<list.getLength(); i++) {
1027  0 Node node = list.item(i);
1028  0 if (Text.class.isAssignableFrom(node.getClass())) continue;
1029  0 if (node.getNodeName().equals("Action")) {
1030  0 NodeList list1 = node.getChildNodes();
1031  0 for (int j=0; j<list1.getLength(); j++) {
1032  0 Node node1 = list1.item(j);
1033  0 if (Text.class.isAssignableFrom(node1.getClass())) continue;
1034  0 if (node1.getNodeName().equals("Attribute")) {
1035  0 Element ele = (Element)node1;
1036  0 String attrName = ele.getAttribute("AttributeId");
1037  0 String pattern = new String("urn:oasis:names:tc:xacml:1.0:environment:");
1038  0 int index = attrName.indexOf(pattern);
1039  0 if (index==0) {
1040  0 String arg = attrName.substring(pattern.length());
1041  0 NodeList list2 = node1.getChildNodes();
1042  0 for (int k=0; k<list2.getLength(); k++) {
1043  0 Node node2 = list2.item(k);
1044  0 if (Text.class.isAssignableFrom(node2.getClass())) continue;
1045  0 if (node2.getNodeName().equals("AttributeValue")) {
1046  0 NodeList list3 = node2.getChildNodes();
1047  0 if (list3.getLength()!=1) throw new HandlerServiceException("invalid action attribute value");
1048  0 if (Text.class.isAssignableFrom(list3.item(0).getClass())) {
1049  0 String value = list3.item(0).getNodeValue();
1050  0 value = value.trim();
1051  0 if (arg.intern()=="clock"){
1052  0 theClock.setTime(theClock.toTime(value));
1053    } else {
1054  0 env.put(arg, value);
1055    }
1056    }
1057    }
1058    }
1059    }
1060    }
1061    }
1062    }
1063    }
1064    }
1065    }
1066    }