issrg.test.ptb
Class PermisTestBench

java.lang.Object
  issrg.test.ptb.PermisTestBench

public class PermisTestBench
extends java.lang.Object

This is the class for the Permis Test Bench Program. This application can be used for two purposes:

It can generate authorisation decisions based on the following inputs:

• Name of the file containing the information about the identity and attribute certificates to be used during the decision process
• Name of the file containing the set of requests (user, target, action, and arguments)

It is able to compare two different authorisation decision files, previously generated, in order to check whether there are differences between the decision obtained for the same input request.

Version:

0.1

Author:

O Canovas, O Otenko

Field Summary

protected PTBClock	clock
protected static java.io.PrintStream	err
protected boolean	isXML
protected java.lang.String	oID
protected static java.io.PrintStream	out
protected PBAAPI	pbaApi
protected PermisAction	permisAction
protected PermisTarget	permisTarget
protected PolicyFinder	pfinder
protected java.lang.String	rqNumber
protected java.lang.String	SOA
protected SignatureVerifier	sv
protected java.lang.String	userDN
protected VirtualRepository	vr

Constructor Summary

PermisTestBench()
Constructs a Permis Test Bench.

Method Summary

protected void	authenticate(java.security.Principal user)
void	checkDecisionFiles(java.lang.String f1, java.lang.String f2, java.lang.String diff) Compares two decision files.
protected byte[]	getRequestHash(java.lang.String rqFile) Obtains the hash value of a request file
boolean	initialisePBAAPI() Initialises the PBA API, that is, specifies the policy's OID, the distinguished name of the SOA, the attribute repository to be used, and the implementation of the SignatureInterface interface that is responsible for verifying the digital signatures of the attribute certificates
protected boolean	loadAC(VirtualRepository vr, java.lang.String filename) Loads attribute certificates in order to insert them into the virtual repository
protected java.lang.String[]	loadDecision(java.io.BufferedReader in) Reads the information related to a decision contained in a decision file.
protected java.lang.String[]	loadDecisionHeader(java.io.BufferedReader in) Reads the decision header.
boolean	loadRepositoryFile(java.lang.String filename, boolean check) Reads the repository specification file.
protected boolean	loadRequest(java.io.BufferedReader in) Reads a request contained in the request specification file.
void	loadRequestsAndGenerateDecisions(java.lang.String rqFile, java.lang.String decisionFile) Coordinates the rest of protected methods in order to read all the requests contained in rqFile and to generate the authositaion decisions that will be stored in decisionFile
protected java.lang.String[]	loadVarValue(java.io.BufferedReader in) Reads (attribute,value) pairs from a buffered reader.
void	loadXML(java.lang.String filename)
static void	main(java.lang.String[] args)
static void	printUsage() Prints how to use this application
protected boolean	writeDecisionData(java.io.BufferedWriter out, java.lang.String rqNumber, java.lang.String code, java.lang.String info, java.lang.String additionalInfo) Writes the decision information related to a particular request.
protected boolean	writeDecisionHeader(java.io.BufferedWriter out, java.lang.String rqFile) Writes the decision header.
protected boolean	writeDiffHeader(java.io.BufferedWriter out, java.lang.String[] h1, java.lang.String[] h2, java.lang.String f1, java.lang.String f2) Reads the decision header.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

out

protected static java.io.PrintStream out

err

protected static java.io.PrintStream err

SOA

protected java.lang.String SOA

oID

protected java.lang.String oID

pbaApi

protected PBAAPI pbaApi

clock

protected PTBClock clock

permisAction

protected PermisAction permisAction

permisTarget

protected PermisTarget permisTarget

userDN

protected java.lang.String userDN

rqNumber

protected java.lang.String rqNumber

sv

protected SignatureVerifier sv

vr

protected VirtualRepository vr

pfinder

protected PolicyFinder pfinder

isXML

protected boolean isXML

Constructor Detail

PermisTestBench

public PermisTestBench()

Constructs a Permis Test Bench. It has no parameters, and its main function is to initialise the Virtual Repository

Method Detail

main

public static void main(java.lang.String[] args)

printUsage

public static void printUsage()

Prints how to use this application

loadAC

protected boolean loadAC(VirtualRepository vr,
                         java.lang.String filename)

Loads attribute certificates in order to insert them into the virtual repository

Parameters:

vr - is the virtual repository

filename - is the name of the file containing the attribute certificate

Returns:

true if the certificate was successfully inserted

loadRepositoryFile

public boolean loadRepositoryFile(java.lang.String filename,
                                  boolean check)

Reads the repository specification file. That file must have the following format (the number of entries, NOE, specifies the minimun and maximun number):

• SOA_DN="distinguished name of the SOA"; NOE [1,1]
• POLICY_OID="OID of the policy to enforce"; NOE [1,1]
• CA="name of the file containing the identity certificate of the CA"; NOE [1,1]
• SOA_CERT="name of the file containing the identity certificate of a SOA"; NOE [1,N]
• POLICY_AC="name of the file containing the AC including the XML policy"; NOE [1,1]
• AC="name of the file containing an AC to be stored"; NOE [0,N]
• CURRENT_TIME="YYYY-MM-DD HH:MM:SS"; NOE [0,1]

If a line starts with #, it will be considered as a comment (it is ignored).

Moreover, this method also initialises the SignatureVerifier implementation to be used during the decision process.

Parameters:

filename - is the name of the file specifying the repository

check - indicates whether the digital signatures will be verified

Returns:

true if the AttributeRepository and the SignatureVerifier were initialised

loadVarValue

protected java.lang.String[] loadVarValue(java.io.BufferedReader in)

Reads (attribute,value) pairs from a buffered reader. This method processes each line of the buffered reader looking for the PARAMETER=VALUE pattern. Once that pattern is found, it returns an array of Strings containing the name of the parameter in the first element and the value in the second element. On the other hand, when the end of the buffered reader is reached, it returns null.

Parameters:

in - is the buffered reader

Returns:

String[2]: String[0] is the name of the parameter; String[1] is the value; null if EOF

initialisePBAAPI

public boolean initialisePBAAPI()

Initialises the PBA API, that is, specifies the policy's OID, the distinguished name of the SOA, the attribute repository to be used, and the implementation of the SignatureInterface interface that is responsible for verifying the digital signatures of the attribute certificates

Returns:

boolean indicating whether the PBA API was successfully initialised

loadRequest

protected boolean loadRequest(java.io.BufferedReader in)

Reads a request contained in the request specification file. Each request must have the following format (the number of entries, NOE, specifies the minimun and maximun number):

• RQ_NUMBER="number of the request being processed"; NOE [1,1]
• (USER_DN || USER)="distinguished name of the requestor"; NOE [1,1]
• (TARGET_DN || TARGET)="name of the requested resource (DN or URI)"; NOE [1,1]
• ACTION="action being requested"; NOE [1,1]
• ARG_TYPE="type of the argument"; NOE [0,N]
• ARG_VALUE="value of the argument"; NOE [0,N]

If a line starts with #, it will be considered as a comment (it is ignored).

Those field must appear in the order above specified.

Parameters:

in - is buffered reader related to the request file

Returns:

true if the request is well-formed and it has been successfully read

writeDecisionHeader

protected boolean writeDecisionHeader(java.io.BufferedWriter out,
                                      java.lang.String rqFile)

Writes the decision header. These are the fields filled by this method:

• REQUEST_FILE="name of the file containing the requests"; NOE [1,1]
• REQUEST_FILE_HASH="hash value of the request file"; NOE [1,1]
• EVALUATION_DATE="date on which the decisions were taken"; NOE [1,1]

Parameters:

out - is buffered writer related to the decision file

rqFile - the name of the file of the input requests

Returns:

true if the decision header was written

writeDecisionData

protected boolean writeDecisionData(java.io.BufferedWriter out,
                                    java.lang.String rqNumber,
                                    java.lang.String code,
                                    java.lang.String info,
                                    java.lang.String additionalInfo)

Writes the decision information related to a particular request. These are the fields filled by this method:

• RQ_NUMBER="number of the request"; NOE [1,1]
• RESULT_CODE="0: allowed; 1: not allowed; 2: Invalid input; 3: Run-time error"; NOE [1,1]
• RESULT_INFO="code description"; NOE [1,1]
• ADDITIONAL_INFO="additional info about exceptions or errors"; NOE [1,1]

Parameters:

out - is buffered writer related to the decision file

rqNumber - is the number of the request

code - represents the decision code taken by the PDP

info - contains a verbose interpretation of the decision code

additionalInfo - provides data related to exceptions or malformed requests

Returns:

true if the decision was written

loadRequestsAndGenerateDecisions

public void loadRequestsAndGenerateDecisions(java.lang.String rqFile,
                                             java.lang.String decisionFile)

Coordinates the rest of protected methods in order to read all the requests contained in rqFile and to generate the authositaion decisions that will be stored in decisionFile

Parameters:

rqFile - is the name of the file containing the requests

decisionFile - is the name of the file that is going to contain the decisions

loadDecisionHeader

protected java.lang.String[] loadDecisionHeader(java.io.BufferedReader in)

Reads the decision header. These are the fields read by this method:

• REQUEST_FILE="name of the file containing the requests"; NOE [1,1]
• REQUEST_FILE_HASH="hash value of the request file"; NOE [1,1]
• EVALUATION_DATE="date on which the decisions were taken"; NOE [1,1]

Parameters:

in - is buffered reader related to the decision file

Returns:

String[3] containing: [0] name of the request file, [1] hash value, [2] date; null if EOF

loadDecision

protected java.lang.String[] loadDecision(java.io.BufferedReader in)

Reads the information related to a decision contained in a decision file. These are the fields read by this method:

• RQ_NUMBER="number of the request"; NOE [1,1]
• RESULT_CODE="0: allowed; 1: not allowed; 2: Invalid input; 3: Run-time error"; NOE [1,1]
• RESULT_INFO="code description"; NOE [1,1]
• ADDITIONAL_INFO="additional info about exceptions or errors"; NOE [1,1]

Parameters:

in - is buffered reader related to the decision file

Returns:

String[4]: [0] request number; [1] result code; [2] info; [3] additional info; null if EOF

checkDecisionFiles

public void checkDecisionFiles(java.lang.String f1,
                               java.lang.String f2,
                               java.lang.String diff)

Compares two decision files. As a result, a diff file is generated according to the following format:

HEADER: (see writeDiffHeader)

FOR EACH DECISION:

• [Checking request "number of request"]
• [(OK) Decision codes are equal || (WN) Decision codes differ "code1" VS "code2"]
• [(OK) Messages are the same || (WN) Messages Differ]
• [(OK) No additional information provided || (OK) Additional notes are the same || (WN) Notes differ]

Parameters:

f1 - is one of the decision files

f2 - is the other decision file

diff - is the name of the file which is going to contain the differences

getRequestHash

protected byte[] getRequestHash(java.lang.String rqFile)

Obtains the hash value of a request file

Parameters:

rqFile - is name of the request file

Returns:

byte[] containing the SHA-1 hash of the file

writeDiffHeader

protected boolean writeDiffHeader(java.io.BufferedWriter out,
                                  java.lang.String[] h1,
                                  java.lang.String[] h2,
                                  java.lang.String f1,
                                  java.lang.String f2)

Reads the decision header. These are the fields read by this method:

• REQUEST_FILE="name of the file containing the requests"; NOE [1,1]
• REQUEST_FILE_HASH="hash value of the request file"; NOE [1,1]
• EVALUATION_DATE="date on which the decisions were taken"; NOE [1,1]

Parameters:

out - is buffered writer related to the diff file

h1 - contains the 3 fields of the header included in the first decision file

h2 - contains the 3 fields of the header included in the second decision file

f1 - is the name of the first decision file

f2 - is the name of the second decision file

Returns:

true if the diff header was successfully written

loadXML

public void loadXML(java.lang.String filename)

authenticate

protected void authenticate(java.security.Principal user)