2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest.components;
23 import com.att.research.xacml.api.XACML3;
24 import com.att.research.xacml.api.pap.PAPException;
25 import com.att.research.xacml.std.IdentifierImpl;
26 import java.io.ByteArrayInputStream;
28 import java.io.IOException;
30 import java.net.URISyntaxException;
31 import java.nio.charset.StandardCharsets;
32 import java.nio.file.Files;
33 import java.nio.file.Path;
34 import java.nio.file.Paths;
35 import java.util.ArrayList;
36 import java.util.Arrays;
37 import java.util.HashMap;
38 import java.util.LinkedList;
39 import java.util.List;
41 import java.util.UUID;
43 import org.apache.commons.lang3.StringEscapeUtils;
44 import org.onap.policy.common.logging.eelf.MessageCodes;
45 import org.onap.policy.common.logging.eelf.PolicyLogger;
46 import org.onap.policy.common.logging.flexlogger.FlexLogger;
47 import org.onap.policy.common.logging.flexlogger.Logger;
48 import org.onap.policy.controlloop.policy.builder.BuilderException;
49 import org.onap.policy.controlloop.policy.builder.Results;
50 import org.onap.policy.controlloop.policy.guard.Constraint;
51 import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
52 import org.onap.policy.controlloop.policy.guard.Guard;
53 import org.onap.policy.controlloop.policy.guard.GuardPolicy;
54 import org.onap.policy.controlloop.policy.guard.MatchParameters;
55 import org.onap.policy.controlloop.policy.guard.builder.ControlLoopGuardBuilder;
56 import org.onap.policy.rest.adapter.PolicyRestAdapter;
57 import org.onap.policy.rest.dao.CommonClassDao;
58 import org.onap.policy.rest.jpa.DecisionSettings;
59 import org.onap.policy.rest.jpa.FunctionDefinition;
60 import org.onap.policy.utils.PolicyUtils;
61 import org.onap.policy.xacml.api.XACMLErrorConstants;
62 import org.onap.policy.xacml.std.pip.engines.aaf.AAFEngine;
63 import org.onap.policy.xacml.util.XACMLPolicyScanner;
64 import org.springframework.beans.factory.annotation.Autowired;
65 import org.springframework.stereotype.Component;
66 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionType;
67 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionsType;
68 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
69 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
70 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ApplyType;
71 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
72 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
73 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
74 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ConditionType;
75 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
76 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
77 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
78 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
79 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
80 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
81 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
82 import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableDefinitionType;
83 import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableReferenceType;
87 public class DecisionPolicy extends Policy {
89 private static final Logger LOGGER = FlexLogger.getLogger(DecisionPolicy.class);
91 public static final String FUNCTION_NOT = "urn:oasis:names:tc:xacml:1.0:function:not";
92 private static final String AAFPROVIDER = "AAF";
93 public static final String GUARD_YAML = "GUARD_YAML";
94 public static final String GUARD_BL_YAML = "GUARD_BL_YAML";
95 public static final String GUARD_MIN_MAX = "GUARD_MIN_MAX";
96 public static final String RAINY_DAY = "Rainy_Day";
97 public static final String MS_MODEL = "MicroService_Model";
98 private static final String XACML_GUARD_TEMPLATE = "Decision_GuardPolicyTemplate.xml";
99 private static final String XACML_BLGUARD_TEMPLATE = "Decision_GuardBLPolicyTemplate.xml";
100 private static final String XACML_GUARD_MIN_MAX_TEMPLATE = "Decision_GuardMinMaxPolicyTemplate.xml";
102 private static final String ONAPNAME = "ONAPName";
103 private static final String POLICY_NAME = "PolicyName";
104 private static final String DESCRIPTION = "description";
107 List<String> dynamicLabelRuleAlgorithms = new LinkedList<>();
108 List<String> dynamicFieldComboRuleAlgorithms = new LinkedList<>();
109 List<String> dynamicFieldOneRuleAlgorithms = new LinkedList<>();
110 List<String> dynamicFieldTwoRuleAlgorithms = new LinkedList<>();
111 List<String> dataTypeList = new LinkedList<>();
113 private static CommonClassDao commonClassDao;
115 public DecisionPolicy() {
120 public DecisionPolicy(CommonClassDao commonClassDao) {
121 DecisionPolicy.commonClassDao = commonClassDao;
124 public DecisionPolicy(PolicyRestAdapter policyAdapter) {
125 this.policyAdapter = policyAdapter;
126 this.commonClassDao = commonClassDao;
130 public Map<String, String> savePolicies() throws PAPException {
132 Map<String, String> successMap = new HashMap<>();
133 if (isPolicyExists()) {
134 successMap.put("EXISTS", "This Policy already exist on the PAP");
138 if (!isPreparedToSave()) {
139 // Prep and configure the policy for saving
143 // Until here we prepared the data and here calling the method to create xml.
144 Path newPolicyPath = null;
145 newPolicyPath = Paths.get(policyAdapter.getNewFileName());
147 successMap = createPolicy(newPolicyPath, getCorrectPolicyDataObject());
152 * Scan the Raw Policy data and set to PolicyAdapter.
154 private void readRawPolicyData() {
156 if ("API".equalsIgnoreCase(policyAdapter.getApiflag())) {
157 policy = XACMLPolicyScanner.readPolicy(new ByteArrayInputStream(StringEscapeUtils
158 .unescapeXml(policyAdapter.getRawXacmlPolicy()).getBytes(StandardCharsets.UTF_8)));
160 policy = XACMLPolicyScanner.readPolicy(
161 new ByteArrayInputStream(policyAdapter.getRawXacmlPolicy().getBytes(StandardCharsets.UTF_8)));
163 String policyRawDesc;
164 if (policy instanceof PolicySetType) {
166 ((PolicySetType) policy).getDescription() + "@#RuleProvider@#Decision_Raw@#RuleProvider@#";
167 ((PolicySetType) policy).setDescription(policyRawDesc);
169 policyRawDesc = ((PolicyType) policy).getDescription() + "@#RuleProvider@#Decision_Raw@#RuleProvider@#";
170 ((PolicyType) policy).setDescription(policyRawDesc);
172 policyAdapter.setPolicyData(policy);
173 policyAdapter.setData(policy);
174 setPreparedToSave(true);
178 // This is the method for preparing the policy for saving. We have broken it out
179 // separately because the fully configured policy is used for multiple things
181 public boolean prepareToSave() throws PAPException {
183 if (isPreparedToSave()) {
184 // we have already done this
189 String policyID = policyAdapter.getPolicyID();
190 version = policyAdapter.getHighestVersion();
192 if ("Raw".equals(policyAdapter.getRuleProvider())) {
196 // Create the Instance for pojo, PolicyType object is used in marshalling.
197 if ("Decision".equals(policyAdapter.getPolicyType())) {
198 PolicyType policyConfig = new PolicyType();
200 policyConfig.setVersion(Integer.toString(version));
201 policyConfig.setPolicyId(policyID);
202 policyConfig.setTarget(new TargetType());
203 policyAdapter.setData(policyConfig);
205 policyName = policyAdapter.getNewFileName();
207 if(policyAdapter.getRuleProvider().equals(GUARD_YAML) ||
208 policyAdapter.getRuleProvider().equals(GUARD_BL_YAML) ||
209 policyAdapter.getRuleProvider().equals(GUARD_MIN_MAX)){
211 Map<String, String> yamlParams = new HashMap<>();
212 String blackListEntryType = policyAdapter.getBlackListEntryType() != null
213 ? policyAdapter.getBlackListEntryType() : "Use Manual Entry";
214 String description = policyAdapter.getPolicyDescription() != null ? policyAdapter.getPolicyDescription()
215 : "YAML Guard Policy";
216 yamlParams.put(DESCRIPTION, description + "@blEntry@" + blackListEntryType + "@blEntry@");
217 String fileName = policyAdapter.getNewFileName();
218 String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length());
219 if ((name == null) || ("".equals(name))) {
220 name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length());
222 yamlParams.put(POLICY_NAME, name);
223 yamlParams.put(ONAPNAME, policyAdapter.getOnapName());
224 Map<String, String> params = policyAdapter.getDynamicFieldConfigAttributes();
225 yamlParams.putAll(params);
226 // Call YAML to XACML
228 PolicyType decisionPolicy = getGuardPolicy(yamlParams, policyAdapter.getRuleProvider());
229 decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId());
230 decisionPolicy.setVersion(Integer.toString(version));
231 policyAdapter.setPolicyData(decisionPolicy);
232 policyAdapter.setData(decisionPolicy);
233 } catch (BuilderException e) {
235 throw new PAPException(e);
237 } else if (policyAdapter.getData() != null) {
238 PolicyType decisionPolicy = (PolicyType) policyAdapter.getData();
240 decisionPolicy.setDescription(policyAdapter.getPolicyDescription());
242 decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId());
243 AllOfType allOfOne = new AllOfType();
244 String fileName = policyAdapter.getNewFileName();
245 String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length());
246 if ((name == null) || ("".equals(name))) {
247 name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length());
249 allOfOne.getMatch().add(createMatch(POLICY_NAME, name));
251 AllOfType allOf = new AllOfType();
254 allOf.getMatch().add(createMatch(ONAPNAME, (policyAdapter.getOnapName())));
256 Map<String, String> dynamicFieldComponentAttributes = policyAdapter.getDynamicFieldConfigAttributes();
257 if (policyAdapter.getRuleProvider() != null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)) {
258 dynamicFieldComponentAttributes = new HashMap<>();
261 // If there is any dynamic field attributes create the matches here
262 for (String keyField : dynamicFieldComponentAttributes.keySet()) {
263 String key = keyField;
264 String value = dynamicFieldComponentAttributes.get(key);
265 MatchType dynamicMatch = createDynamicMatch(key, value);
266 allOf.getMatch().add(dynamicMatch);
269 AnyOfType anyOf = new AnyOfType();
270 anyOf.getAllOf().add(allOfOne);
271 anyOf.getAllOf().add(allOf);
273 TargetType target = new TargetType();
274 target.getAnyOf().add(anyOf);
275 decisionPolicy.setTarget(target);
277 Map<String, String> dynamicFieldDecisionSettings = policyAdapter.getDynamicSettingsMap();
278 if (policyAdapter.getRuleProvider() != null && (policyAdapter.getRuleProvider().equals(AAFPROVIDER)
279 || policyAdapter.getRuleProvider().equals(RAINY_DAY))) {
280 dynamicFieldDecisionSettings = new HashMap<>();
283 // settings are dynamic so check how many rows are added and add all
284 for (String keyField : dynamicFieldDecisionSettings.keySet()) {
285 String key = keyField;
286 String value = dynamicFieldDecisionSettings.get(key);
287 String dataType = getDataType(key);
288 VariableDefinitionType dynamicVariable = createDynamicVariable(key, value, dataType);
289 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(dynamicVariable);
292 Map<String, String> dynamicFieldTreatmentAttributes = policyAdapter.getRainydayMap();
293 if (policyAdapter.getRuleProvider().equals(RAINY_DAY)) {
294 for (String keyField : dynamicFieldTreatmentAttributes.keySet()) {
295 String errorcode = keyField;
296 String treatment = dynamicFieldTreatmentAttributes.get(errorcode);
297 createRainydayRule(decisionPolicy, errorcode, treatment, true);
300 createRule(decisionPolicy, true);
301 createRule(decisionPolicy, false);
305 setPreparedToSave(true);
309 public PolicyType getGuardPolicy(Map<String, String> yamlParams, String ruleProvider) throws BuilderException {
311 ControlLoopGuardBuilder builder = ControlLoopGuardBuilder.Factory.buildControlLoopGuard(new Guard());
312 MatchParameters matchParameters = new MatchParameters(yamlParams.get("actor"), yamlParams.get("recipe"));
313 matchParameters.setControlLoopName(yamlParams.get("clname"));
314 if (yamlParams.containsKey("targets")) {
315 String targetString = yamlParams.get("targets");
316 List<String> targets = null;
317 if (targetString != null && !targetString.isEmpty()) {
318 if (targetString.contains(",")) {
319 targets = Arrays.asList(targetString.split(","));
321 targets = new ArrayList<>();
322 targets.add(targetString);
325 matchParameters.setTargets(targets);
327 GuardPolicy policy1 = new GuardPolicy(
328 (policyAdapter.getUuid() != null ? policyAdapter.getUuid() : UUID.randomUUID().toString()),
329 yamlParams.get(POLICY_NAME), yamlParams.get(DESCRIPTION), matchParameters);
330 builder = builder.addGuardPolicy(policy1);
331 Map<String, String> activeTimeRange = new HashMap<>();
332 activeTimeRange.put("start", yamlParams.get("guardActiveStart"));
333 activeTimeRange.put("end", yamlParams.get("guardActiveEnd"));
334 String blackListString = yamlParams.get("blackList");
335 List<String> blackList = null;
336 if (blackListString != null && !blackListString.trim().isEmpty()) {
337 if (blackListString.contains(",")) {
338 blackList = Arrays.asList(blackListString.split(","));
340 blackList = new ArrayList<>();
341 blackList.add(blackListString);
344 if (yamlParams.containsKey("appendBlackList")) {
345 String appendBlackListString = yamlParams.get("appendBlackList");
346 List<String> appendBlackList = null;
347 if (appendBlackListString != null && !appendBlackListString.trim().isEmpty()) {
348 appendBlackList = Arrays.asList(appendBlackListString.split(","));
349 for (int i = 0; i < appendBlackList.size(); i++) {
350 blackList.remove(appendBlackList.get(i));
355 Path xacmlTemplatePath;
356 ClassLoader classLoader = getClass().getClassLoader();
357 Constraint cons = new Constraint();
358 switch (ruleProvider) {
360 templateFile = new File(classLoader.getResource(XACML_BLGUARD_TEMPLATE).getFile());
361 xacmlTemplatePath = templateFile.toPath();
362 cons.setActive_time_range(activeTimeRange);
363 if (blackList == null || blackList.isEmpty()) {
364 throw new BuilderException("blackList is required");
366 cons.setBlacklist(blackList);
369 templateFile = new File(classLoader.getResource(XACML_GUARD_MIN_MAX_TEMPLATE).getFile());
370 xacmlTemplatePath = templateFile.toPath();
371 cons = new Constraint(Integer.parseInt(yamlParams.get("min")),
372 Integer.parseInt(yamlParams.get("max")), activeTimeRange);
375 templateFile = new File(classLoader.getResource(XACML_GUARD_TEMPLATE).getFile());
376 xacmlTemplatePath = templateFile.toPath();
377 Map<String, String> timeWindow = new HashMap<>();
378 if (!PolicyUtils.isInteger(yamlParams.get("timeWindow"))) {
379 throw new BuilderException("time window is not in Integer format.");
381 String timeUnits = yamlParams.get("timeUnits");
382 if (timeUnits == null
383 || !("minute".equalsIgnoreCase(timeUnits) || "hour".equalsIgnoreCase(timeUnits)
384 || "day".equalsIgnoreCase(timeUnits) || "week".equalsIgnoreCase(timeUnits)
385 || "month".equalsIgnoreCase(timeUnits) || "year".equalsIgnoreCase(timeUnits))) {
386 throw new BuilderException("time Units is not in proper format.");
388 timeWindow.put("value", yamlParams.get("timeWindow"));
389 timeWindow.put("units", yamlParams.get("timeUnits"));
390 cons = new Constraint(Integer.parseInt(yamlParams.get("limit")), timeWindow, activeTimeRange);
394 builder = builder.addLimitConstraint(policy1.getId(), cons);
395 // Build the specification
396 Results results = builder.buildSpecification();
398 ControlLoopGuard yamlGuardObject = SafePolicyBuilder.loadYamlGuard(results.getSpecification());
399 String xacmlTemplateContent;
401 xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
402 HashMap<String, String> yamlSpecs = new HashMap<>();
403 yamlSpecs.put(POLICY_NAME, yamlParams.get(POLICY_NAME));
404 yamlSpecs.put(DESCRIPTION, yamlParams.get(DESCRIPTION));
405 yamlSpecs.put(ONAPNAME, yamlParams.get(ONAPNAME));
406 yamlSpecs.put("actor", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getActor());
407 yamlSpecs.put("recipe", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getRecipe());
408 yamlSpecs.put("clname",
409 yamlGuardObject.getGuards().getFirst().getMatch_parameters().getControlLoopName());
410 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
411 .getFreq_limit_per_target() != null) {
412 yamlSpecs.put("limit", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
413 .getFreq_limit_per_target().toString());
415 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window() != null) {
416 yamlSpecs.put("twValue", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
417 .getTime_window().get("value"));
418 yamlSpecs.put("twUnits", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
419 .getTime_window().get("units"));
422 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().
423 getFirst().getMaxVnfCount() != null) {
424 yamlSpecs.put("max", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
425 .getMaxVnfCount().toString());
427 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().
428 getFirst().getMinVnfCount() != null) {
429 yamlSpecs.put("min", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
430 .getMinVnfCount().toString());
433 yamlSpecs.put("guardActiveStart", yamlGuardObject.getGuards().getFirst().getLimit_constraints()
434 .getFirst().getActive_time_range().get("start"));
435 yamlSpecs.put("guardActiveEnd", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
436 .getActive_time_range().get("end"));
437 String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent, yamlSpecs,
438 yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getBlacklist(),
439 yamlGuardObject.getGuards().getFirst().getMatch_parameters().getTargets());
441 // Convert the Policy into Stream input to Policy Adapter.
442 Object policy = XACMLPolicyScanner
443 .readPolicy(new ByteArrayInputStream(xacmlPolicyContent.getBytes(StandardCharsets.UTF_8)));
445 return (PolicyType) policy;
446 } catch (IOException e) {
447 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(),
450 } catch (BuilderException e) {
451 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(), e);
457 private DecisionSettings findDecisionSettingsBySettingId(String settingId) {
458 return (DecisionSettings) commonClassDao.getEntityItem(DecisionSettings.class, "xacml_id", settingId);
461 private void createRule(PolicyType decisionPolicy, boolean permitRule) {
462 RuleType rule = new RuleType();
464 rule.setRuleId(policyAdapter.getRuleID());
467 rule.setEffect(EffectType.PERMIT);
469 rule.setEffect(EffectType.DENY);
471 rule.setTarget(new TargetType());
473 // Create Target in Rule
474 AllOfType allOfInRule = new AllOfType();
476 // Creating match for ACCESS in rule target
477 MatchType accessMatch = new MatchType();
478 AttributeValueType accessAttributeValue = new AttributeValueType();
479 accessAttributeValue.setDataType(STRING_DATATYPE);
480 accessAttributeValue.getContent().add("DECIDE");
481 accessMatch.setAttributeValue(accessAttributeValue);
482 AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
483 URI accessURI = null;
485 accessURI = new URI(ACTION_ID);
486 } catch (URISyntaxException e) {
487 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
489 accessAttributeDesignator.setCategory(CATEGORY_ACTION);
490 accessAttributeDesignator.setDataType(STRING_DATATYPE);
491 accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
492 accessMatch.setAttributeDesignator(accessAttributeDesignator);
493 accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
495 dynamicLabelRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmLabels();
496 dynamicFieldComboRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmCombo();
497 dynamicFieldOneRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField1();
498 dynamicFieldTwoRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField2();
500 if (policyAdapter.getRuleProvider() != null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)) {
501 // Values for AAF Provider are here for XML Creation.
502 ConditionType condition = new ConditionType();
503 ApplyType decisionApply = new ApplyType();
505 AttributeValueType value1 = new AttributeValueType();
506 value1.setDataType(BOOLEAN_DATATYPE);
507 value1.getContent().add("true");
509 AttributeDesignatorType value2 = new AttributeDesignatorType();
510 value2.setAttributeId(AAFEngine.AAF_RESULT);
511 value2.setCategory(CATEGORY_RESOURCE);
512 value2.setDataType(BOOLEAN_DATATYPE);
513 value2.setMustBePresent(false);
515 ApplyType innerDecisionApply = new ApplyType();
516 innerDecisionApply.setFunctionId(FUNCTION_BOOLEAN_ONE_AND_ONLY);
517 innerDecisionApply.getExpression().add(new ObjectFactory().createAttributeDesignator(value2));
519 decisionApply.setFunctionId(XACML3.ID_FUNCTION_BOOLEAN_EQUAL.stringValue());
520 decisionApply.getExpression().add(new ObjectFactory().createAttributeValue(value1));
521 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
522 condition.setExpression(new ObjectFactory().createApply(decisionApply));
524 ApplyType notOuterApply = new ApplyType();
525 notOuterApply.setFunctionId(FUNCTION_NOT);
526 notOuterApply.getExpression().add(condition.getExpression());
527 condition.setExpression(new ObjectFactory().createApply(notOuterApply));
529 rule.setCondition(condition);
530 allOfInRule.getMatch().add(accessMatch);
532 AnyOfType anyOfInRule = new AnyOfType();
533 anyOfInRule.getAllOf().add(allOfInRule);
535 TargetType targetInRule = new TargetType();
536 targetInRule.getAnyOf().add(anyOfInRule);
538 rule.setTarget(targetInRule);
540 AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
541 AdviceExpressionType adviceExpression = new AdviceExpressionType();
542 adviceExpression.setAdviceId(AAFPROVIDER);
543 adviceExpression.setAppliesTo(EffectType.DENY);
544 AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
545 assignment.setAttributeId("aaf.response");
546 assignment.setCategory(CATEGORY_RESOURCE);
547 AttributeDesignatorType value = new AttributeDesignatorType();
548 value.setAttributeId(AAFEngine.AAF_RESPONSE);
549 value.setCategory(CATEGORY_RESOURCE);
550 value.setDataType(STRING_DATATYPE);
551 value.setMustBePresent(false);
552 assignment.setExpression(new ObjectFactory().createAttributeDesignator(value));
553 adviceExpression.getAttributeAssignmentExpression().add(assignment);
554 adviceExpressions.getAdviceExpression().add(adviceExpression);
555 rule.setAdviceExpressions(adviceExpressions);
557 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
558 policyAdapter.setPolicyData(decisionPolicy);
560 } else if (dynamicLabelRuleAlgorithms != null && !dynamicLabelRuleAlgorithms.isEmpty()) {
561 boolean isCompound = false;
562 ConditionType condition = new ConditionType();
563 int index = dynamicFieldOneRuleAlgorithms.size() - 1;
565 for (String labelAttr : dynamicLabelRuleAlgorithms) {
566 // if the rule algorithm as a label means it is a compound
567 if (dynamicFieldOneRuleAlgorithms.get(index).equals(labelAttr)) {
568 ApplyType decisionApply = new ApplyType();
570 String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
571 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
572 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
573 decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
574 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
575 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
576 condition.setExpression(new ObjectFactory().createApply(decisionApply));
580 // if rule algorithm not a compound
582 condition.setExpression(new ObjectFactory()
583 .createApply(getInnerDecisionApply(dynamicLabelRuleAlgorithms.get(index))));
587 ApplyType notOuterApply = new ApplyType();
588 notOuterApply.setFunctionId(FUNCTION_NOT);
589 notOuterApply.getExpression().add(condition.getExpression());
590 condition.setExpression(new ObjectFactory().createApply(notOuterApply));
592 rule.setCondition(condition);
593 allOfInRule.getMatch().add(accessMatch);
595 AnyOfType anyOfInRule = new AnyOfType();
596 anyOfInRule.getAllOf().add(allOfInRule);
598 TargetType targetInRule = new TargetType();
599 targetInRule.getAnyOf().add(anyOfInRule);
601 rule.setTarget(targetInRule);
603 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
604 policyAdapter.setPolicyData(decisionPolicy);
607 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Unsupported data object."
608 + policyAdapter.getData().getClass().getCanonicalName());
613 private void createRainydayRule(PolicyType decisionPolicy, String errorcode, String treatment, boolean permitRule) {
614 RuleType rule = new RuleType();
616 rule.setRuleId(UUID.randomUUID().toString());
619 rule.setEffect(EffectType.PERMIT);
621 rule.setEffect(EffectType.DENY);
623 rule.setTarget(new TargetType());
625 // Create Target in Rule
626 AllOfType allOfInRule = new AllOfType();
628 // Creating match for DECIDE in rule target
629 MatchType accessMatch = new MatchType();
630 AttributeValueType accessAttributeValue = new AttributeValueType();
631 accessAttributeValue.setDataType(STRING_DATATYPE);
632 accessAttributeValue.getContent().add("DECIDE");
633 accessMatch.setAttributeValue(accessAttributeValue);
634 AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
635 URI accessURI = null;
637 accessURI = new URI(ACTION_ID);
638 } catch (URISyntaxException e) {
639 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
641 accessAttributeDesignator.setCategory(CATEGORY_ACTION);
642 accessAttributeDesignator.setDataType(STRING_DATATYPE);
643 accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
644 accessMatch.setAttributeDesignator(accessAttributeDesignator);
645 accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
647 allOfInRule.getMatch().add(accessMatch);
649 // Creating match for ErrorCode in rule target
650 MatchType errorcodeMatch = new MatchType();
651 AttributeValueType errorcodeAttributeValue = new AttributeValueType();
652 errorcodeAttributeValue.setDataType(STRING_DATATYPE);
653 errorcodeAttributeValue.getContent().add(errorcode);
654 errorcodeMatch.setAttributeValue(errorcodeAttributeValue);
655 AttributeDesignatorType errorcodeAttributeDesignator = new AttributeDesignatorType();
656 errorcodeAttributeDesignator.setCategory(CATEGORY_RESOURCE);
657 errorcodeAttributeDesignator.setDataType(STRING_DATATYPE);
658 errorcodeAttributeDesignator.setAttributeId("ErrorCode");
659 errorcodeMatch.setAttributeDesignator(errorcodeAttributeDesignator);
660 errorcodeMatch.setMatchId(FUNCTION_STRING_REGEXP_MATCH);
662 allOfInRule.getMatch().add(errorcodeMatch);
664 AnyOfType anyOfInRule = new AnyOfType();
665 anyOfInRule.getAllOf().add(allOfInRule);
667 TargetType targetInRule = new TargetType();
668 targetInRule.getAnyOf().add(anyOfInRule);
670 rule.setTarget(targetInRule);
672 AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
673 AdviceExpressionType adviceExpression = new AdviceExpressionType();
674 adviceExpression.setAdviceId(RAINY_DAY);
675 adviceExpression.setAppliesTo(EffectType.PERMIT);
677 AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
678 assignment.setAttributeId("treatment");
679 assignment.setCategory(CATEGORY_RESOURCE);
681 AttributeValueType treatmentAttributeValue = new AttributeValueType();
682 treatmentAttributeValue.setDataType(STRING_DATATYPE);
683 treatmentAttributeValue.getContent().add(treatment);
684 assignment.setExpression(new ObjectFactory().createAttributeValue(treatmentAttributeValue));
686 adviceExpression.getAttributeAssignmentExpression().add(assignment);
687 adviceExpressions.getAdviceExpression().add(adviceExpression);
688 rule.setAdviceExpressions(adviceExpressions);
689 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
690 policyAdapter.setPolicyData(decisionPolicy);
694 // if compound setting the inner apply here
695 protected ApplyType getInnerDecisionApply(String value1Label) {
696 ApplyType decisionApply = new ApplyType();
698 // check the index for the label.
699 for (String labelAttr : dynamicLabelRuleAlgorithms) {
700 if (labelAttr.equals(value1Label)) {
701 String attributeId = dynamicFieldOneRuleAlgorithms.get(index);
702 populateDataTypeList(attributeId);
704 // check if the row contains label again
705 for (String labelValue : dynamicLabelRuleAlgorithms) {
706 if (labelValue.equals(attributeId)) {
707 return getCompoundDecisionApply(index);
711 // Getting the values from the form.
712 String functionKey = dynamicFieldComboRuleAlgorithms.get(index);
713 String attributeValue = dynamicFieldTwoRuleAlgorithms.get(index);
714 decisionApply.setFunctionId(getFunctionDefinitionId(functionKey));
715 // if two text field are rule attributes.
716 if ((attributeId.contains(RULE_VARIABLE)) && (attributeValue.contains(RULE_VARIABLE))) {
717 applyTwoTextFieldRuleAttribute(decisionApply, attributeId, functionKey);
719 // if either of one text field is rule attribute.
720 if (!attributeId.startsWith("S_")) {
721 ApplyType innerDecisionApply = generateApplyTypeDataType(functionKey);
722 AttributeDesignatorType attributeDesignator = generateAttributeDesignatorDataType(functionKey);
723 AttributeValueType decisionConditionAttributeValue = generateAttributeValueTypeDataType(functionKey);
725 if (attributeId != null) {
726 attributeDesignator.setCategory(CATEGORY_RESOURCE);
727 attributeDesignator.setAttributeId(attributeId);
729 decisionConditionAttributeValue.getContent().add(attributeValue);
730 innerDecisionApply.getExpression()
731 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator));
732 decisionApply.getExpression()
733 .add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
734 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
736 attributeId = attributeId.substring(2, attributeId.length());
737 VariableReferenceType variableReferenceType = new VariableReferenceType();
738 variableReferenceType.setVariableId(attributeId);
740 String dataType = dataTypeList.get(index);
742 AttributeValueType decisionConditionAttributeValue = new AttributeValueType();
743 decisionConditionAttributeValue.setDataType(dataType);
744 decisionConditionAttributeValue.getContent().add(attributeValue);
745 decisionApply.getExpression()
746 .add(new ObjectFactory().createVariableReference(variableReferenceType));
747 decisionApply.getExpression()
748 .add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
754 return decisionApply;
757 // if the rule algorithm is multiple compound one setting the apply
758 protected ApplyType getCompoundDecisionApply(int index) {
759 ApplyType decisionApply = new ApplyType();
760 String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
761 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
762 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
763 decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
764 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
765 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
766 return decisionApply;
769 private VariableDefinitionType createDynamicVariable(String key, String value, String dataType) {
770 VariableDefinitionType dynamicVariable = new VariableDefinitionType();
771 AttributeValueType dynamicAttributeValue = new AttributeValueType();
773 dynamicAttributeValue.setDataType(dataType);
774 dynamicAttributeValue.getContent().add(value);
776 dynamicVariable.setVariableId(key);
777 dynamicVariable.setExpression(new ObjectFactory().createAttributeValue(dynamicAttributeValue));
779 return dynamicVariable;
783 private void populateDataTypeList(String value1) {
784 String dataType = null;
785 if (value1.contains("S_")) {
786 value1 = value1.substring(2, value1.length());
787 DecisionSettings decisionSettings = findDecisionSettingsBySettingId(value1.substring(2, value1.length()));
788 if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
789 dataType = STRING_DATATYPE;
790 } else if (decisionSettings != null
791 && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
792 dataType = BOOLEAN_DATATYPE;
794 dataType = INTEGER_DATATYPE;
800 dataTypeList.add(dataType);
804 private String getDataType(String key) {
806 DecisionSettings decisionSettings = findDecisionSettingsBySettingId(key);
807 String dataType = null;
809 if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
810 dataType = STRING_DATATYPE;
811 } else if (decisionSettings != null && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
812 dataType = BOOLEAN_DATATYPE;
814 dataType = INTEGER_DATATYPE;
821 public Object getCorrectPolicyDataObject() {
822 return policyAdapter.getData();
825 public String getFunctionDefinitionId(String key) {
826 FunctionDefinition object =
827 (FunctionDefinition) commonClassDao.getEntityItem(FunctionDefinition.class, "short_name", key);
828 if (object != null) {
829 return object.getXacmlid();
834 private AttributeDesignatorType generateAttributeDesignatorDataType(String functionKey) {
835 AttributeDesignatorType attributeDesignator = new AttributeDesignatorType();
836 switch(functionKey.toLowerCase())
839 attributeDesignator.setDataType(INTEGER_DATATYPE);
842 attributeDesignator.setDataType(STRING_DATATYPE);
844 return attributeDesignator;
847 private ApplyType generateApplyTypeDataType(String functionKey) {
848 ApplyType applyType = new ApplyType();
849 switch(functionKey.toLowerCase())
852 applyType.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
855 applyType.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
860 private AttributeValueType generateAttributeValueTypeDataType(String functionKey) {
861 AttributeValueType applyType = new AttributeValueType();
862 switch(functionKey.toLowerCase())
865 applyType.setDataType(INTEGER_DATATYPE);
868 applyType.setDataType(STRING_DATATYPE);
873 private void applyTwoTextFieldRuleAttribute(ApplyType decisionApply, String value1, String functionKey) {
874 decisionApply.getExpression().add(new ObjectFactory().createApply(generateApplyTypeDataType(value1, functionKey)));
875 decisionApply.getExpression().add(new ObjectFactory().createApply(generateApplyTypeDataType(value1, functionKey)));
878 private ApplyType generateApplyTypeDataType(String value1, String functionKey) {
879 ApplyType innerApply = generateApplyTypeDataType(functionKey);
880 AttributeDesignatorType attributeDesignator = generateAttributeDesignatorDataType(functionKey);
882 attributeDesignator.setCategory(CATEGORY_RESOURCE);
883 // Here set actual field values
885 .setAttributeId(value1.contains("resource:") ? value1.substring(9) : value1.substring(8));
886 innerApply.getExpression()
887 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator));