- cons.setBlacklist(blackList);
- break;
- default:
- templateFile = new File(classLoader.getResource(XACML_GUARD_TEMPLATE).getFile());
- xacmlTemplatePath = templateFile.toPath();
- Map<String,String> timeWindow = new HashMap<>();
- if(!PolicyUtils.isInteger(yamlParams.get("timeWindow"))){
- throw new BuilderException("time window is not in Integer format.");
- }
- String timeUnits = yamlParams.get("timeUnits");
- if(timeUnits==null || !(timeUnits.equalsIgnoreCase("minute") || timeUnits.equalsIgnoreCase("hour") || timeUnits.equalsIgnoreCase("day")
- || timeUnits.equalsIgnoreCase("week") || timeUnits.equalsIgnoreCase("month")||timeUnits.equalsIgnoreCase("year"))){
- throw new BuilderException("time Units is not in proper format.");
- }
- timeWindow.put("value", yamlParams.get("timeWindow"));
- timeWindow.put("units", yamlParams.get("timeUnits"));
- cons = new Constraint(Integer.parseInt(yamlParams.get("limit")),timeWindow,activeTimeRange);
- break;
- }
- builder = builder.addLimitConstraint(policy1.getId(), cons);
- // Build the specification
- Results results = builder.buildSpecification();
- // YAML TO XACML
- ControlLoopGuard yamlGuardObject = SafePolicyBuilder.loadYamlGuard(results.getSpecification());
- String xacmlTemplateContent;
- try {
- xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
- HashMap<String, String> yamlSpecs = new HashMap<>();
- yamlSpecs.put(POLICY_NAME, yamlParams.get(POLICY_NAME));
- yamlSpecs.put(DESCRIPTION, yamlParams.get(DESCRIPTION));
- yamlSpecs.put(ONAPNAME, yamlParams.get(ONAPNAME));
- yamlSpecs.put("actor", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getActor());
- yamlSpecs.put("recipe", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getRecipe());
- yamlSpecs.put("clname", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getControlLoopName());
- if(yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getFreq_limit_per_target()!=null){
- yamlSpecs.put("limit", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getFreq_limit_per_target().toString());
- }
- if(yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window()!=null){
- yamlSpecs.put("twValue", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window().get("value"));
- yamlSpecs.put("twUnits", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window().get("units"));
- }
- yamlSpecs.put("guardActiveStart", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getActive_time_range().get("start"));
- yamlSpecs.put("guardActiveEnd", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getActive_time_range().get("end"));
- String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent,yamlSpecs, yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getBlacklist(), yamlGuardObject.getGuards().getFirst().getMatch_parameters().getTargets());
- // Convert the Policy into Stream input to Policy Adapter.
- Object policy = XACMLPolicyScanner.readPolicy(new ByteArrayInputStream(xacmlPolicyContent.getBytes(StandardCharsets.UTF_8)));
- return (PolicyType) policy;
- } catch (IOException e) {
- LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage() , e);
- }
- } catch (BuilderException e) {
- LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage() ,e);
- throw e;
- }
- return null;
- }
-
- private DecisionSettings findDecisionSettingsBySettingId(String settingId) {
- DecisionSettings decisionSetting = null;
-
- EntityManager em = XACMLPapServlet.getEmf().createEntityManager();
- Query getDecisionSettings = em.createNamedQuery("DecisionSettings.findAll");
- List<?> decisionSettingsList = getDecisionSettings.getResultList();
-
- for (Object id : decisionSettingsList) {
- decisionSetting = (DecisionSettings) id;
- if (decisionSetting.getXacmlId().equals(settingId)) {
- break;
- }
- }
- return decisionSetting;
- }
-
- private void createRule(PolicyType decisionPolicy, boolean permitRule) {
- RuleType rule = new RuleType();
-
- rule.setRuleId(policyAdapter.getRuleID());
-
- if (permitRule) {
- rule.setEffect(EffectType.PERMIT);
- } else {
- rule.setEffect(EffectType.DENY);
- }
- rule.setTarget(new TargetType());
-
- // Create Target in Rule
- AllOfType allOfInRule = new AllOfType();
-
- // Creating match for ACCESS in rule target
- MatchType accessMatch = new MatchType();
- AttributeValueType accessAttributeValue = new AttributeValueType();
- accessAttributeValue.setDataType(STRING_DATATYPE);
- accessAttributeValue.getContent().add("DECIDE");
- accessMatch.setAttributeValue(accessAttributeValue);
- AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
- URI accessURI = null;
- try {
- accessURI = new URI(ACTION_ID);
- } catch (URISyntaxException e) {
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
- }
- accessAttributeDesignator.setCategory(CATEGORY_ACTION);
- accessAttributeDesignator.setDataType(STRING_DATATYPE);
- accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
- accessMatch.setAttributeDesignator(accessAttributeDesignator);
- accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
-
- dynamicLabelRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmLabels();
- dynamicFieldComboRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmCombo();
- dynamicFieldOneRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField1();
- dynamicFieldTwoRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField2();
-
- if(policyAdapter.getRuleProvider()!=null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)){
- // Values for AAF Provider are here for XML Creation.
- ConditionType condition = new ConditionType();
- ApplyType decisionApply = new ApplyType();
-
- AttributeValueType value1 = new AttributeValueType();
- value1.setDataType(BOOLEAN_DATATYPE);
- value1.getContent().add("true");
-
- AttributeDesignatorType value2 = new AttributeDesignatorType();
- value2.setAttributeId(AAFEngine.AAF_RESULT);
- value2.setCategory(CATEGORY_RESOURCE);
- value2.setDataType(BOOLEAN_DATATYPE);
- value2.setMustBePresent(false);
-
- ApplyType innerDecisionApply = new ApplyType();
- innerDecisionApply.setFunctionId(FUNCTION_BOOLEAN_ONE_AND_ONLY);
- innerDecisionApply.getExpression().add(new ObjectFactory().createAttributeDesignator(value2));
-
- decisionApply.setFunctionId(XACML3.ID_FUNCTION_BOOLEAN_EQUAL.stringValue());
- decisionApply.getExpression().add(new ObjectFactory().createAttributeValue(value1));
- decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
- condition.setExpression(new ObjectFactory().createApply(decisionApply));
- if (!permitRule) {
- ApplyType notOuterApply = new ApplyType();
- notOuterApply.setFunctionId(FUNCTION_NOT);
- notOuterApply.getExpression().add(condition.getExpression());
- condition.setExpression(new ObjectFactory().createApply(notOuterApply));
- }
- rule.setCondition(condition);
- allOfInRule.getMatch().add(accessMatch);
-
- AnyOfType anyOfInRule = new AnyOfType();
- anyOfInRule.getAllOf().add(allOfInRule);
-
- TargetType targetInRule = new TargetType();
- targetInRule.getAnyOf().add(anyOfInRule);
-
- rule.setTarget(targetInRule);
- if(!permitRule){
- AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
- AdviceExpressionType adviceExpression = new AdviceExpressionType();
- adviceExpression.setAdviceId(AAFPROVIDER);
- adviceExpression.setAppliesTo(EffectType.DENY);
- AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
- assignment.setAttributeId("aaf.response");
- assignment.setCategory(CATEGORY_RESOURCE);
- AttributeDesignatorType value = new AttributeDesignatorType();
- value.setAttributeId(AAFEngine.AAF_RESPONSE);
- value.setCategory(CATEGORY_RESOURCE);
- value.setDataType(STRING_DATATYPE);
- value.setMustBePresent(false);
- assignment.setExpression(new ObjectFactory().createAttributeDesignator(value));
- adviceExpression.getAttributeAssignmentExpression().add(assignment);
- adviceExpressions.getAdviceExpression().add(adviceExpression);
- rule.setAdviceExpressions(adviceExpressions);
- }
- decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
- policyAdapter.setPolicyData(decisionPolicy);
-
- }else if (dynamicLabelRuleAlgorithms != null && !dynamicLabelRuleAlgorithms.isEmpty()) {
- boolean isCompound = false;
- ConditionType condition = new ConditionType();
- int index = dynamicFieldOneRuleAlgorithms.size() - 1;
-
- for (String labelAttr : dynamicLabelRuleAlgorithms) {
- // if the rule algorithm as a label means it is a compound
- if (dynamicFieldOneRuleAlgorithms.get(index).equals(labelAttr)) {
- ApplyType decisionApply = new ApplyType();
-
- String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
- String value1 = dynamicFieldOneRuleAlgorithms.get(index);
- String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
- decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
- decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
- decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
- condition.setExpression(new ObjectFactory().createApply(decisionApply));
- isCompound = true;
- }
-
- // if rule algorithm not a compound
- if (!isCompound) {
- condition.setExpression(new ObjectFactory().createApply(getInnerDecisionApply(dynamicLabelRuleAlgorithms.get(index))));
- }
- }
- if (!permitRule) {
- ApplyType notOuterApply = new ApplyType();
- notOuterApply.setFunctionId(FUNCTION_NOT);
- notOuterApply.getExpression().add(condition.getExpression());
- condition.setExpression(new ObjectFactory().createApply(notOuterApply));
- }
- rule.setCondition(condition);
- allOfInRule.getMatch().add(accessMatch);
-
- AnyOfType anyOfInRule = new AnyOfType();
- anyOfInRule.getAllOf().add(allOfInRule);
-
- TargetType targetInRule = new TargetType();
- targetInRule.getAnyOf().add(anyOfInRule);
-
- rule.setTarget(targetInRule);
-
- decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
- policyAdapter.setPolicyData(decisionPolicy);
-
- } else {
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Unsupported data object."+ policyAdapter.getData().getClass().getCanonicalName());
- }
-
- }
-
- private void createRainydayRule(PolicyType decisionPolicy, String errorcode, String treatment, boolean permitRule) {
- RuleType rule = new RuleType();
-
- rule.setRuleId(UUID.randomUUID().toString());
-
- if (permitRule) {
- rule.setEffect(EffectType.PERMIT);
- } else {
- rule.setEffect(EffectType.DENY);
- }
- rule.setTarget(new TargetType());
-
- // Create Target in Rule
- AllOfType allOfInRule = new AllOfType();
-
- // Creating match for DECIDE in rule target
- MatchType accessMatch = new MatchType();
- AttributeValueType accessAttributeValue = new AttributeValueType();
- accessAttributeValue.setDataType(STRING_DATATYPE);
- accessAttributeValue.getContent().add("DECIDE");
- accessMatch.setAttributeValue(accessAttributeValue);
- AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
- URI accessURI = null;
- try {
- accessURI = new URI(ACTION_ID);
- } catch (URISyntaxException e) {
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
- }
- accessAttributeDesignator.setCategory(CATEGORY_ACTION);
- accessAttributeDesignator.setDataType(STRING_DATATYPE);
- accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
- accessMatch.setAttributeDesignator(accessAttributeDesignator);
- accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
-
- allOfInRule.getMatch().add(accessMatch);
-
- // Creating match for ErrorCode in rule target
- MatchType errorcodeMatch = new MatchType();
- AttributeValueType errorcodeAttributeValue = new AttributeValueType();
- errorcodeAttributeValue.setDataType(STRING_DATATYPE);
- errorcodeAttributeValue.getContent().add(errorcode);
- errorcodeMatch.setAttributeValue(errorcodeAttributeValue);
- AttributeDesignatorType errorcodeAttributeDesignator = new AttributeDesignatorType();
- errorcodeAttributeDesignator.setCategory(CATEGORY_RESOURCE);
- errorcodeAttributeDesignator.setDataType(STRING_DATATYPE);
- errorcodeAttributeDesignator.setAttributeId("ErrorCode");
- errorcodeMatch.setAttributeDesignator(errorcodeAttributeDesignator);
- errorcodeMatch.setMatchId(FUNCTION_STRING_REGEXP_MATCH);
-
- allOfInRule.getMatch().add(errorcodeMatch);
-
- AnyOfType anyOfInRule = new AnyOfType();
- anyOfInRule.getAllOf().add(allOfInRule);
-
- TargetType targetInRule = new TargetType();
- targetInRule.getAnyOf().add(anyOfInRule);
-
- rule.setTarget(targetInRule);
-
- AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
- AdviceExpressionType adviceExpression = new AdviceExpressionType();
- adviceExpression.setAdviceId(RAINY_DAY);
- adviceExpression.setAppliesTo(EffectType.PERMIT);
-
- AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
- assignment.setAttributeId("treatment");
- assignment.setCategory(CATEGORY_RESOURCE);
-
- AttributeValueType treatmentAttributeValue = new AttributeValueType();
- treatmentAttributeValue.setDataType(STRING_DATATYPE);
- treatmentAttributeValue.getContent().add(treatment);
- assignment.setExpression(new ObjectFactory().createAttributeValue(treatmentAttributeValue));
-
- adviceExpression.getAttributeAssignmentExpression().add(assignment);
- adviceExpressions.getAdviceExpression().add(adviceExpression);
- rule.setAdviceExpressions(adviceExpressions);
- decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
- policyAdapter.setPolicyData(decisionPolicy);
-
- }
-
- // if compound setting the inner apply here
- protected ApplyType getInnerDecisionApply(String value1Label) {
- ApplyType decisionApply = new ApplyType();
- int index = 0;
- // check the index for the label.
- for (String labelAttr : dynamicLabelRuleAlgorithms) {
- if (labelAttr.equals(value1Label)) {
- String value1 = dynamicFieldOneRuleAlgorithms.get(index);
- populateDataTypeList(value1);
-
- // check if the row contains label again
- for (String labelValue : dynamicLabelRuleAlgorithms) {
- if (labelValue.equals(value1)) {
- return getCompoundDecisionApply(index);
- }
- }
-
- // Getting the values from the form.
- String functionKey = dynamicFieldComboRuleAlgorithms.get(index);
- String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
- decisionApply.setFunctionId(getFunctionDefinitionId(functionKey));
- // if two text field are rule attributes.
- if ((value1.contains(RULE_VARIABLE)) && (value2.contains(RULE_VARIABLE))) {
- ApplyType innerDecisionApply1 = new ApplyType();
- ApplyType innerDecisionApply2 = new ApplyType();
- AttributeDesignatorType attributeDesignator1 = new AttributeDesignatorType();
- AttributeDesignatorType attributeDesignator2 = new AttributeDesignatorType();
- //If selected function is Integer function set integer functionID
- if(functionKey.toLowerCase().contains("integer")){
- innerDecisionApply1.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY );
- innerDecisionApply2.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
- attributeDesignator1.setDataType(INTEGER_DATATYPE);
- attributeDesignator2.setDataType(INTEGER_DATATYPE);
- } else{
- //If selected function is not a Integer function set String functionID
- innerDecisionApply1.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
- innerDecisionApply2.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
- attributeDesignator1.setDataType(STRING_DATATYPE);
- attributeDesignator2.setDataType(STRING_DATATYPE);
- }
- attributeDesignator1.setCategory(CATEGORY_RESOURCE);
- attributeDesignator2.setCategory(CATEGORY_RESOURCE);
- //Here set actual field values
- attributeDesignator1.setAttributeId(value1. contains("resource:")?value1.substring( 9):value1.substring(8));
- attributeDesignator2.setAttributeId(value1. contains("resource:")?value1.substring( 9):value1.substring(8));
- innerDecisionApply1.getExpression().add(new ObjectFactory().createAttributeDesignator( attributeDesignator1));
- innerDecisionApply2.getExpression().add(new ObjectFactory().createAttributeDesignator( attributeDesignator2));
- decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply1));
- decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply2));
- } else {
- // if either of one text field is rule attribute.
- if (!value1.startsWith("S_")) {
- ApplyType innerDecisionApply = new ApplyType();
- AttributeDesignatorType attributeDesignator = new AttributeDesignatorType();
- AttributeValueType decisionConditionAttributeValue = new AttributeValueType();
-
- if (functionKey.toLowerCase().contains("integer")) {
- innerDecisionApply.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
- decisionConditionAttributeValue.setDataType(INTEGER_DATATYPE);
- attributeDesignator.setDataType(INTEGER_DATATYPE);
- } else {
- innerDecisionApply.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
- decisionConditionAttributeValue.setDataType(STRING_DATATYPE);
- attributeDesignator.setDataType(STRING_DATATYPE);
- }
-
- String attributeId = null;
- String attributeValue = null;
-
- // Find which textField has rule attribute and set it as
- // attributeId and the other as attributeValue.
- attributeId = value1;
- attributeValue = value2;
-
- if (attributeId != null) {
- attributeDesignator.setCategory(CATEGORY_RESOURCE);
- attributeDesignator.setAttributeId(attributeId);
- }
- decisionConditionAttributeValue.getContent().add(attributeValue);
- innerDecisionApply.getExpression().add(new ObjectFactory().createAttributeDesignator(attributeDesignator));
- decisionApply.getExpression().add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
- decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
- } else {
- value1 = value1.substring(2, value1.length());
- VariableReferenceType variableReferenceType = new VariableReferenceType();
- variableReferenceType.setVariableId(value1);
-
- String dataType = dataTypeList.get(index);
-
- AttributeValueType decisionConditionAttributeValue = new AttributeValueType();
- decisionConditionAttributeValue.setDataType(dataType);
- decisionConditionAttributeValue.getContent().add(value2);
- decisionApply.getExpression().add(new ObjectFactory().createVariableReference(variableReferenceType));
- decisionApply.getExpression().add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
- }
- }
- }
- index++;
- }
- return decisionApply;
- }
-
- // if the rule algorithm is multiple compound one setting the apply
- protected ApplyType getCompoundDecisionApply(int index) {
- ApplyType decisionApply = new ApplyType();
- String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
- String value1 = dynamicFieldOneRuleAlgorithms.get(index);
- String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
- decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
- decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
- decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
- return decisionApply;
- }
-
- private VariableDefinitionType createDynamicVariable(String key, String value, String dataType) {
- VariableDefinitionType dynamicVariable = new VariableDefinitionType();
- AttributeValueType dynamicAttributeValue = new AttributeValueType();
-
- dynamicAttributeValue.setDataType(dataType);
- dynamicAttributeValue.getContent().add(value);
-
- dynamicVariable.setVariableId(key);
- dynamicVariable.setExpression(new ObjectFactory().createAttributeValue(dynamicAttributeValue));
-
- return dynamicVariable;
-
- }
-
- private void populateDataTypeList(String value1) {
- String dataType = null;
- if(value1.contains("S_")) {
- value1 = value1.substring(2, value1.length());
- DecisionSettings decisionSettings = findDecisionSettingsBySettingId(value1.substring(2, value1.length()));
- if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
- dataType = STRING_DATATYPE;
- } else if (decisionSettings != null && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
- dataType = BOOLEAN_DATATYPE;
- } else {
- dataType = INTEGER_DATATYPE;
- }
- } else {
- dataType = "OTHER";
- }
-
- dataTypeList.add(dataType);
- }
-
-
- private String getDataType(String key) {
-
- DecisionSettings decisionSettings = findDecisionSettingsBySettingId(key);
- String dataType = null;
-
- if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
- dataType = STRING_DATATYPE;
- } else if (decisionSettings != null && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
- dataType = BOOLEAN_DATATYPE;
- } else {
- dataType = INTEGER_DATATYPE;
- }
-
- return dataType;
- }
-
- @Override
- public Object getCorrectPolicyDataObject() {
- return policyAdapter.getData();
- }
-
- public String getFunctionDefinitionId(String key){
- FunctionDefinition object = (FunctionDefinition) commonClassDao.getDataById(FunctionDefinition.class, "short_name", key);
- if(object != null){
- return object.getXacmlid();
- }
- return null;