issrg.test.ptb
Class PermisTestBench

java.lang.Object
  extended by issrg.test.ptb.PermisTestBench

public class PermisTestBench
extends java.lang.Object

This is the class for the Permis Test Bench Program. This application can be used for two purposes:

  • It can generate authorisation decisions based on the following inputs:
  • It is able to compare two different authorisation decision files, previously generated, in order to check whether there are differences between the decision obtained for the same input request.

    Version:
    0.1
    Author:
    O Canovas, O Otenko

    Field Summary
    protected  PTBClock clock
               
    protected static java.io.PrintStream err
               
    protected  boolean isXML
               
    protected  java.lang.String oID
               
    protected static java.io.PrintStream out
               
    protected  PBAAPI pbaApi
               
    protected  PermisAction permisAction
               
    protected  PermisTarget permisTarget
               
    protected  PolicyFinder pfinder
               
    protected  java.lang.String rqNumber
               
    protected  java.lang.String SOA
               
    protected  SignatureVerifier sv
               
    protected  java.lang.String userDN
               
    protected  VirtualRepository vr
               
     
    Constructor Summary
    PermisTestBench()
              Constructs a Permis Test Bench.
     
    Method Summary
    protected  void authenticate(java.security.Principal user)
               
     void checkDecisionFiles(java.lang.String f1, java.lang.String f2, java.lang.String diff)
              Compares two decision files.
    protected  byte[] getRequestHash(java.lang.String rqFile)
              Obtains the hash value of a request file
     boolean initialisePBAAPI()
              Initialises the PBA API, that is, specifies the policy's OID, the distinguished name of the SOA, the attribute repository to be used, and the implementation of the SignatureInterface interface that is responsible for verifying the digital signatures of the attribute certificates
    protected  boolean loadAC(VirtualRepository vr, java.lang.String filename)
              Loads attribute certificates in order to insert them into the virtual repository
    protected  java.lang.String[] loadDecision(java.io.BufferedReader in)
              Reads the information related to a decision contained in a decision file.
    protected  java.lang.String[] loadDecisionHeader(java.io.BufferedReader in)
              Reads the decision header.
     boolean loadRepositoryFile(java.lang.String filename, boolean check)
              Reads the repository specification file.
    protected  boolean loadRequest(java.io.BufferedReader in)
              Reads a request contained in the request specification file.
     void loadRequestsAndGenerateDecisions(java.lang.String rqFile, java.lang.String decisionFile)
              Coordinates the rest of protected methods in order to read all the requests contained in rqFile and to generate the authositaion decisions that will be stored in decisionFile
    protected  java.lang.String[] loadVarValue(java.io.BufferedReader in)
              Reads (attribute,value) pairs from a buffered reader.
     void loadXML(java.lang.String filename)
               
    static void main(java.lang.String[] args)
               
    static void printUsage()
              Prints how to use this application
    protected  boolean writeDecisionData(java.io.BufferedWriter out, java.lang.String rqNumber, java.lang.String code, java.lang.String info, java.lang.String additionalInfo)
              Writes the decision information related to a particular request.
    protected  boolean writeDecisionHeader(java.io.BufferedWriter out, java.lang.String rqFile)
              Writes the decision header.
    protected  boolean writeDiffHeader(java.io.BufferedWriter out, java.lang.String[] h1, java.lang.String[] h2, java.lang.String f1, java.lang.String f2)
              Reads the decision header.
     
    Methods inherited from class java.lang.Object
    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
     

    Field Detail

    out

    protected static java.io.PrintStream out

    err

    protected static java.io.PrintStream err

    SOA

    protected java.lang.String SOA

    oID

    protected java.lang.String oID

    pbaApi

    protected PBAAPI pbaApi

    clock

    protected PTBClock clock

    permisAction

    protected PermisAction permisAction

    permisTarget

    protected PermisTarget permisTarget

    userDN

    protected java.lang.String userDN

    rqNumber

    protected java.lang.String rqNumber

    sv

    protected SignatureVerifier sv

    vr

    protected VirtualRepository vr

    pfinder

    protected PolicyFinder pfinder

    isXML

    protected boolean isXML
    Constructor Detail

    PermisTestBench

    public PermisTestBench()
    Constructs a Permis Test Bench. It has no parameters, and its main function is to initialise the Virtual Repository

    Method Detail

    main

    public static void main(java.lang.String[] args)

    printUsage

    public static void printUsage()
    Prints how to use this application


    loadAC

    protected boolean loadAC(VirtualRepository vr,
                             java.lang.String filename)
    Loads attribute certificates in order to insert them into the virtual repository

    Parameters:
    vr - is the virtual repository
    filename - is the name of the file containing the attribute certificate
    Returns:
    true if the certificate was successfully inserted

    loadRepositoryFile

    public boolean loadRepositoryFile(java.lang.String filename,
                                      boolean check)
    Reads the repository specification file. That file must have the following format (the number of entries, NOE, specifies the minimun and maximun number):

    • SOA_DN="distinguished name of the SOA"; NOE [1,1]
    • POLICY_OID="OID of the policy to enforce"; NOE [1,1]
    • CA="name of the file containing the identity certificate of the CA"; NOE [1,1]
    • SOA_CERT="name of the file containing the identity certificate of a SOA"; NOE [1,N]
    • POLICY_AC="name of the file containing the AC including the XML policy"; NOE [1,1]
    • AC="name of the file containing an AC to be stored"; NOE [0,N]
    • CURRENT_TIME="YYYY-MM-DD HH:MM:SS"; NOE [0,1]

    If a line starts with #, it will be considered as a comment (it is ignored).

    Moreover, this method also initialises the SignatureVerifier implementation to be used during the decision process.

    Parameters:
    filename - is the name of the file specifying the repository
    check - indicates whether the digital signatures will be verified
    Returns:
    true if the AttributeRepository and the SignatureVerifier were initialised

    loadVarValue

    protected java.lang.String[] loadVarValue(java.io.BufferedReader in)
    Reads (attribute,value) pairs from a buffered reader. This method processes each line of the buffered reader looking for the PARAMETER=VALUE pattern. Once that pattern is found, it returns an array of Strings containing the name of the parameter in the first element and the value in the second element. On the other hand, when the end of the buffered reader is reached, it returns null.

    Parameters:
    in - is the buffered reader
    Returns:
    String[2]: String[0] is the name of the parameter; String[1] is the value; null if EOF

    initialisePBAAPI

    public boolean initialisePBAAPI()
    Initialises the PBA API, that is, specifies the policy's OID, the distinguished name of the SOA, the attribute repository to be used, and the implementation of the SignatureInterface interface that is responsible for verifying the digital signatures of the attribute certificates

    Returns:
    boolean indicating whether the PBA API was successfully initialised

    loadRequest

    protected boolean loadRequest(java.io.BufferedReader in)
    Reads a request contained in the request specification file. Each request must have the following format (the number of entries, NOE, specifies the minimun and maximun number):

    • RQ_NUMBER="number of the request being processed"; NOE [1,1]
    • (USER_DN || USER)="distinguished name of the requestor"; NOE [1,1]
    • (TARGET_DN || TARGET)="name of the requested resource (DN or URI)"; NOE [1,1]
    • ACTION="action being requested"; NOE [1,1]
    • ARG_TYPE="type of the argument"; NOE [0,N]
    • ARG_VALUE="value of the argument"; NOE [0,N]

    If a line starts with #, it will be considered as a comment (it is ignored).

    Those field must appear in the order above specified.

    Parameters:
    in - is buffered reader related to the request file
    Returns:
    true if the request is well-formed and it has been successfully read

    writeDecisionHeader

    protected boolean writeDecisionHeader(java.io.BufferedWriter out,
                                          java.lang.String rqFile)
    Writes the decision header. These are the fields filled by this method:

    • REQUEST_FILE="name of the file containing the requests"; NOE [1,1]
    • REQUEST_FILE_HASH="hash value of the request file"; NOE [1,1]
    • EVALUATION_DATE="date on which the decisions were taken"; NOE [1,1]

    Parameters:
    out - is buffered writer related to the decision file
    rqFile - the name of the file of the input requests
    Returns:
    true if the decision header was written

    writeDecisionData

    protected boolean writeDecisionData(java.io.BufferedWriter out,
                                        java.lang.String rqNumber,
                                        java.lang.String code,
                                        java.lang.String info,
                                        java.lang.String additionalInfo)
    Writes the decision information related to a particular request. These are the fields filled by this method:

    • RQ_NUMBER="number of the request"; NOE [1,1]
    • RESULT_CODE="0: allowed; 1: not allowed; 2: Invalid input; 3: Run-time error"; NOE [1,1]
    • RESULT_INFO="code description"; NOE [1,1]
    • ADDITIONAL_INFO="additional info about exceptions or errors"; NOE [1,1]

    Parameters:
    out - is buffered writer related to the decision file
    rqNumber - is the number of the request
    code - represents the decision code taken by the PDP
    info - contains a verbose interpretation of the decision code
    additionalInfo - provides data related to exceptions or malformed requests
    Returns:
    true if the decision was written

    loadRequestsAndGenerateDecisions

    public void loadRequestsAndGenerateDecisions(java.lang.String rqFile,
                                                 java.lang.String decisionFile)
    Coordinates the rest of protected methods in order to read all the requests contained in rqFile and to generate the authositaion decisions that will be stored in decisionFile

    Parameters:
    rqFile - is the name of the file containing the requests
    decisionFile - is the name of the file that is going to contain the decisions

    loadDecisionHeader

    protected java.lang.String[] loadDecisionHeader(java.io.BufferedReader in)
    Reads the decision header. These are the fields read by this method:

    • REQUEST_FILE="name of the file containing the requests"; NOE [1,1]
    • REQUEST_FILE_HASH="hash value of the request file"; NOE [1,1]
    • EVALUATION_DATE="date on which the decisions were taken"; NOE [1,1]

    Parameters:
    in - is buffered reader related to the decision file
    Returns:
    String[3] containing: [0] name of the request file, [1] hash value, [2] date; null if EOF

    loadDecision

    protected java.lang.String[] loadDecision(java.io.BufferedReader in)
    Reads the information related to a decision contained in a decision file. These are the fields read by this method:

    • RQ_NUMBER="number of the request"; NOE [1,1]
    • RESULT_CODE="0: allowed; 1: not allowed; 2: Invalid input; 3: Run-time error"; NOE [1,1]
    • RESULT_INFO="code description"; NOE [1,1]
    • ADDITIONAL_INFO="additional info about exceptions or errors"; NOE [1,1]

    Parameters:
    in - is buffered reader related to the decision file
    Returns:
    String[4]: [0] request number; [1] result code; [2] info; [3] additional info; null if EOF

    checkDecisionFiles

    public void checkDecisionFiles(java.lang.String f1,
                                   java.lang.String f2,
                                   java.lang.String diff)
    Compares two decision files. As a result, a diff file is generated according to the following format:

    HEADER: (see writeDiffHeader)

    FOR EACH DECISION:

    • [Checking request "number of request"]
    • [(OK) Decision codes are equal || (WN) Decision codes differ "code1" VS "code2"]
    • [(OK) Messages are the same || (WN) Messages Differ]
    • [(OK) No additional information provided || (OK) Additional notes are the same || (WN) Notes differ]

    Parameters:
    f1 - is one of the decision files
    f2 - is the other decision file
    diff - is the name of the file which is going to contain the differences

    getRequestHash

    protected byte[] getRequestHash(java.lang.String rqFile)
    Obtains the hash value of a request file

    Parameters:
    rqFile - is name of the request file
    Returns:
    byte[] containing the SHA-1 hash of the file

    writeDiffHeader

    protected boolean writeDiffHeader(java.io.BufferedWriter out,
                                      java.lang.String[] h1,
                                      java.lang.String[] h2,
                                      java.lang.String f1,
                                      java.lang.String f2)
    Reads the decision header. These are the fields read by this method:

    • REQUEST_FILE="name of the file containing the requests"; NOE [1,1]
    • REQUEST_FILE_HASH="hash value of the request file"; NOE [1,1]
    • EVALUATION_DATE="date on which the decisions were taken"; NOE [1,1]

    Parameters:
    out - is buffered writer related to the diff file
    h1 - contains the 3 fields of the header included in the first decision file
    h2 - contains the 3 fields of the header included in the second decision file
    f1 - is the name of the first decision file
    f2 - is the name of the second decision file
    Returns:
    true if the diff header was successfully written

    loadXML

    public void loadXML(java.lang.String filename)

    authenticate

    protected void authenticate(java.security.Principal user)