2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest.components;
23 import java.io.ByteArrayInputStream;
25 import java.io.IOException;
27 import java.net.URISyntaxException;
28 import java.nio.charset.StandardCharsets;
29 import java.nio.file.Files;
30 import java.nio.file.Path;
31 import java.nio.file.Paths;
32 import java.util.ArrayList;
33 import java.util.Arrays;
34 import java.util.HashMap;
35 import java.util.LinkedList;
36 import java.util.List;
38 import java.util.UUID;
39 import javax.persistence.EntityManager;
40 import javax.persistence.Query;
41 import org.apache.commons.lang3.StringEscapeUtils;
42 import org.onap.policy.common.logging.eelf.MessageCodes;
43 import org.onap.policy.common.logging.eelf.PolicyLogger;
44 import org.onap.policy.common.logging.flexlogger.FlexLogger;
45 import org.onap.policy.common.logging.flexlogger.Logger;
46 import org.onap.policy.controlloop.policy.builder.BuilderException;
47 import org.onap.policy.controlloop.policy.builder.Results;
48 import org.onap.policy.controlloop.policy.guard.Constraint;
49 import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
50 import org.onap.policy.controlloop.policy.guard.Guard;
51 import org.onap.policy.controlloop.policy.guard.GuardPolicy;
52 import org.onap.policy.controlloop.policy.guard.MatchParameters;
53 import org.onap.policy.controlloop.policy.guard.builder.ControlLoopGuardBuilder;
54 import org.onap.policy.pap.xacml.rest.XACMLPapServlet;
55 import org.onap.policy.rest.adapter.PolicyRestAdapter;
56 import org.onap.policy.rest.dao.CommonClassDao;
57 import org.onap.policy.rest.jpa.DecisionSettings;
58 import org.onap.policy.rest.jpa.FunctionDefinition;
59 import org.onap.policy.utils.PolicyUtils;
60 import org.onap.policy.xacml.api.XACMLErrorConstants;
61 import org.onap.policy.xacml.std.pip.engines.aaf.AAFEngine;
62 import org.onap.policy.xacml.util.XACMLPolicyScanner;
63 import com.att.research.xacml.api.XACML3;
64 import com.att.research.xacml.api.pap.PAPException;
65 import com.att.research.xacml.std.IdentifierImpl;
66 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionType;
67 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionsType;
68 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
69 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
70 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ApplyType;
71 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
72 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
73 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
74 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ConditionType;
75 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
76 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
77 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
78 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
79 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
80 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
81 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
82 import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableDefinitionType;
83 import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableReferenceType;
85 public class DecisionPolicy extends Policy {
87 private static final Logger LOGGER = FlexLogger.getLogger(DecisionPolicy.class);
89 public static final String FUNCTION_NOT = "urn:oasis:names:tc:xacml:1.0:function:not";
90 private static final String AAFPROVIDER = "AAF";
91 public static final String GUARD_YAML = "GUARD_YAML";
92 public static final String GUARD_BL_YAML = "GUARD_BL_YAML";
93 public static final String RAINY_DAY = "Rainy_Day";
94 private static final String XACML_GUARD_TEMPLATE = "Decision_GuardPolicyTemplate.xml";
95 private static final String XACML_BLGUARD_TEMPLATE = "Decision_GuardBLPolicyTemplate.xml";
97 private static final String ONAPNAME = "ONAPName";
98 private static final String POLICY_NAME = "PolicyName";
99 private static final String DESCRIPTION = "description";
102 List<String> dynamicLabelRuleAlgorithms = new LinkedList<>();
103 List<String> dynamicFieldComboRuleAlgorithms = new LinkedList<>();
104 List<String> dynamicFieldOneRuleAlgorithms = new LinkedList<>();
105 List<String> dynamicFieldTwoRuleAlgorithms = new LinkedList<>();
106 List<String> dataTypeList = new LinkedList<>();
108 private CommonClassDao commonClassDao;
110 public DecisionPolicy() {
114 public DecisionPolicy(PolicyRestAdapter policyAdapter, CommonClassDao commonClassDao) {
115 this.policyAdapter = policyAdapter;
116 this.commonClassDao = commonClassDao;
120 public Map<String, String> savePolicies() throws PAPException {
122 Map<String, String> successMap = new HashMap<>();
123 if (isPolicyExists()) {
124 successMap.put("EXISTS", "This Policy already exist on the PAP");
128 if (!isPreparedToSave()) {
129 // Prep and configure the policy for saving
133 // Until here we prepared the data and here calling the method to create xml.
134 Path newPolicyPath = null;
135 newPolicyPath = Paths.get(policyAdapter.getNewFileName());
137 successMap = createPolicy(newPolicyPath, getCorrectPolicyDataObject());
142 * Scan the Raw Policy data and set to PolicyAdapter.
144 private void readRawPolicyData() {
146 if ("API".equalsIgnoreCase(policyAdapter.getApiflag())) {
147 policy = XACMLPolicyScanner.readPolicy(new ByteArrayInputStream(StringEscapeUtils
148 .unescapeXml(policyAdapter.getRawXacmlPolicy()).getBytes(StandardCharsets.UTF_8)));
150 policy = XACMLPolicyScanner.readPolicy(
151 new ByteArrayInputStream(policyAdapter.getRawXacmlPolicy().getBytes(StandardCharsets.UTF_8)));
153 String policyRawDesc;
154 if (policy instanceof PolicySetType) {
156 ((PolicySetType) policy).getDescription() + "@#RuleProvider@#Decision_Raw@#RuleProvider@#";
157 ((PolicySetType) policy).setDescription(policyRawDesc);
159 policyRawDesc = ((PolicyType) policy).getDescription() + "@#RuleProvider@#Decision_Raw@#RuleProvider@#";
160 ((PolicyType) policy).setDescription(policyRawDesc);
162 policyAdapter.setPolicyData(policy);
163 policyAdapter.setData(policy);
164 setPreparedToSave(true);
168 // This is the method for preparing the policy for saving. We have broken it out
169 // separately because the fully configured policy is used for multiple things
171 public boolean prepareToSave() throws PAPException {
173 if (isPreparedToSave()) {
174 // we have already done this
179 String policyID = policyAdapter.getPolicyID();
180 version = policyAdapter.getHighestVersion();
182 if ("Raw".equals(policyAdapter.getRuleProvider())) {
186 // Create the Instance for pojo, PolicyType object is used in marshalling.
187 if ("Decision".equals(policyAdapter.getPolicyType())) {
188 PolicyType policyConfig = new PolicyType();
190 policyConfig.setVersion(Integer.toString(version));
191 policyConfig.setPolicyId(policyID);
192 policyConfig.setTarget(new TargetType());
193 policyAdapter.setData(policyConfig);
195 policyName = policyAdapter.getNewFileName();
197 if (policyAdapter.getRuleProvider().equals(GUARD_YAML)
198 || policyAdapter.getRuleProvider().equals(GUARD_BL_YAML)) {
199 Map<String, String> yamlParams = new HashMap<>();
200 String blackListEntryType = policyAdapter.getBlackListEntryType() != null
201 ? policyAdapter.getBlackListEntryType() : "Use Manual Entry";
202 String description = policyAdapter.getPolicyDescription() != null ? policyAdapter.getPolicyDescription()
203 : "YAML Guard Policy";
204 yamlParams.put(DESCRIPTION, description + "@blEntry@" + blackListEntryType + "@blEntry@");
205 String fileName = policyAdapter.getNewFileName();
206 String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length());
207 if ((name == null) || ("".equals(name))) {
208 name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length());
210 yamlParams.put(POLICY_NAME, name);
211 yamlParams.put(ONAPNAME, policyAdapter.getOnapName());
212 Map<String, String> params = policyAdapter.getDynamicFieldConfigAttributes();
213 yamlParams.putAll(params);
214 // Call YAML to XACML
216 PolicyType decisionPolicy = getGuardPolicy(yamlParams, policyAdapter.getRuleProvider());
217 decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId());
218 decisionPolicy.setVersion(Integer.toString(version));
219 policyAdapter.setPolicyData(decisionPolicy);
220 policyAdapter.setData(decisionPolicy);
221 } catch (BuilderException e) {
223 throw new PAPException(e);
225 } else if (policyAdapter.getData() != null) {
226 PolicyType decisionPolicy = (PolicyType) policyAdapter.getData();
228 decisionPolicy.setDescription(policyAdapter.getPolicyDescription());
230 decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId());
231 AllOfType allOfOne = new AllOfType();
232 String fileName = policyAdapter.getNewFileName();
233 String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length());
234 if ((name == null) || ("".equals(name))) {
235 name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length());
237 allOfOne.getMatch().add(createMatch(POLICY_NAME, name));
239 AllOfType allOf = new AllOfType();
242 allOf.getMatch().add(createMatch(ONAPNAME, (policyAdapter.getOnapName())));
244 Map<String, String> dynamicFieldComponentAttributes = policyAdapter.getDynamicFieldConfigAttributes();
245 if (policyAdapter.getRuleProvider() != null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)) {
246 dynamicFieldComponentAttributes = new HashMap<>();
249 // If there is any dynamic field attributes create the matches here
250 for (String keyField : dynamicFieldComponentAttributes.keySet()) {
251 String key = keyField;
252 String value = dynamicFieldComponentAttributes.get(key);
253 MatchType dynamicMatch = createDynamicMatch(key, value);
254 allOf.getMatch().add(dynamicMatch);
257 AnyOfType anyOf = new AnyOfType();
258 anyOf.getAllOf().add(allOfOne);
259 anyOf.getAllOf().add(allOf);
261 TargetType target = new TargetType();
262 target.getAnyOf().add(anyOf);
263 decisionPolicy.setTarget(target);
265 Map<String, String> dynamicFieldDecisionSettings = policyAdapter.getDynamicSettingsMap();
266 if (policyAdapter.getRuleProvider() != null && (policyAdapter.getRuleProvider().equals(AAFPROVIDER)
267 || policyAdapter.getRuleProvider().equals(RAINY_DAY))) {
268 dynamicFieldDecisionSettings = new HashMap<>();
271 // settings are dynamic so check how many rows are added and add all
272 for (String keyField : dynamicFieldDecisionSettings.keySet()) {
273 String key = keyField;
274 String value = dynamicFieldDecisionSettings.get(key);
275 String dataType = getDataType(key);
276 VariableDefinitionType dynamicVariable = createDynamicVariable(key, value, dataType);
277 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(dynamicVariable);
280 Map<String, String> dynamicFieldTreatmentAttributes = policyAdapter.getRainydayMap();
281 if (policyAdapter.getRuleProvider().equals(RAINY_DAY)) {
282 for (String keyField : dynamicFieldTreatmentAttributes.keySet()) {
283 String errorcode = keyField;
284 String treatment = dynamicFieldTreatmentAttributes.get(errorcode);
285 createRainydayRule(decisionPolicy, errorcode, treatment, true);
288 createRule(decisionPolicy, true);
289 createRule(decisionPolicy, false);
293 setPreparedToSave(true);
297 public PolicyType getGuardPolicy(Map<String, String> yamlParams, String ruleProvider) throws BuilderException {
299 ControlLoopGuardBuilder builder = ControlLoopGuardBuilder.Factory.buildControlLoopGuard(new Guard());
300 MatchParameters matchParameters = new MatchParameters(yamlParams.get("actor"), yamlParams.get("recipe"));
301 matchParameters.setControlLoopName(yamlParams.get("clname"));
302 if (yamlParams.containsKey("targets")) {
303 String targetString = yamlParams.get("targets");
304 List<String> targets = null;
305 if (targetString != null && !targetString.isEmpty()) {
306 if (targetString.contains(",")) {
307 targets = Arrays.asList(targetString.split(","));
309 targets = new ArrayList<>();
310 targets.add(targetString);
313 matchParameters.setTargets(targets);
315 GuardPolicy policy1 = new GuardPolicy(
316 (policyAdapter.getUuid() != null ? policyAdapter.getUuid() : UUID.randomUUID().toString()),
317 yamlParams.get(POLICY_NAME), yamlParams.get(DESCRIPTION), matchParameters);
318 builder = builder.addGuardPolicy(policy1);
319 Map<String, String> activeTimeRange = new HashMap<>();
320 activeTimeRange.put("start", yamlParams.get("guardActiveStart"));
321 activeTimeRange.put("end", yamlParams.get("guardActiveEnd"));
322 String blackListString = yamlParams.get("blackList");
323 List<String> blackList = null;
324 if (blackListString != null && !blackListString.trim().isEmpty()) {
325 if (blackListString.contains(",")) {
326 blackList = Arrays.asList(blackListString.split(","));
328 blackList = new ArrayList<>();
329 blackList.add(blackListString);
332 if (yamlParams.containsKey("appendBlackList")) {
333 String appendBlackListString = yamlParams.get("appendBlackList");
334 List<String> appendBlackList = null;
335 if (appendBlackListString != null && !appendBlackListString.trim().isEmpty()) {
336 appendBlackList = Arrays.asList(appendBlackListString.split(","));
337 for (int i = 0; i < appendBlackList.size(); i++) {
338 blackList.remove(appendBlackList.get(i));
343 Path xacmlTemplatePath;
344 ClassLoader classLoader = getClass().getClassLoader();
345 Constraint cons = new Constraint();
346 switch (ruleProvider) {
348 templateFile = new File(classLoader.getResource(XACML_BLGUARD_TEMPLATE).getFile());
349 xacmlTemplatePath = templateFile.toPath();
350 cons.setActive_time_range(activeTimeRange);
351 if (blackList == null || blackList.isEmpty()) {
352 throw new BuilderException("blackList is required");
354 cons.setBlacklist(blackList);
357 templateFile = new File(classLoader.getResource(XACML_GUARD_TEMPLATE).getFile());
358 xacmlTemplatePath = templateFile.toPath();
359 Map<String, String> timeWindow = new HashMap<>();
360 if (!PolicyUtils.isInteger(yamlParams.get("timeWindow"))) {
361 throw new BuilderException("time window is not in Integer format.");
363 String timeUnits = yamlParams.get("timeUnits");
364 if (timeUnits == null
365 || !("minute".equalsIgnoreCase(timeUnits) || "hour".equalsIgnoreCase(timeUnits)
366 || "day".equalsIgnoreCase(timeUnits) || "week".equalsIgnoreCase(timeUnits)
367 || "month".equalsIgnoreCase(timeUnits) || "year".equalsIgnoreCase(timeUnits))) {
368 throw new BuilderException("time Units is not in proper format.");
370 timeWindow.put("value", yamlParams.get("timeWindow"));
371 timeWindow.put("units", yamlParams.get("timeUnits"));
372 cons = new Constraint(Integer.parseInt(yamlParams.get("limit")), timeWindow, activeTimeRange);
375 builder = builder.addLimitConstraint(policy1.getId(), cons);
376 // Build the specification
377 Results results = builder.buildSpecification();
379 ControlLoopGuard yamlGuardObject = SafePolicyBuilder.loadYamlGuard(results.getSpecification());
380 String xacmlTemplateContent;
382 xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
383 HashMap<String, String> yamlSpecs = new HashMap<>();
384 yamlSpecs.put(POLICY_NAME, yamlParams.get(POLICY_NAME));
385 yamlSpecs.put(DESCRIPTION, yamlParams.get(DESCRIPTION));
386 yamlSpecs.put(ONAPNAME, yamlParams.get(ONAPNAME));
387 yamlSpecs.put("actor", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getActor());
388 yamlSpecs.put("recipe", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getRecipe());
389 yamlSpecs.put("clname",
390 yamlGuardObject.getGuards().getFirst().getMatch_parameters().getControlLoopName());
391 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
392 .getFreq_limit_per_target() != null) {
393 yamlSpecs.put("limit", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
394 .getFreq_limit_per_target().toString());
396 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window() != null) {
397 yamlSpecs.put("twValue", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
398 .getTime_window().get("value"));
399 yamlSpecs.put("twUnits", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
400 .getTime_window().get("units"));
402 yamlSpecs.put("guardActiveStart", yamlGuardObject.getGuards().getFirst().getLimit_constraints()
403 .getFirst().getActive_time_range().get("start"));
404 yamlSpecs.put("guardActiveEnd", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
405 .getActive_time_range().get("end"));
406 String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent, yamlSpecs,
407 yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getBlacklist(),
408 yamlGuardObject.getGuards().getFirst().getMatch_parameters().getTargets());
409 // Convert the Policy into Stream input to Policy Adapter.
410 Object policy = XACMLPolicyScanner
411 .readPolicy(new ByteArrayInputStream(xacmlPolicyContent.getBytes(StandardCharsets.UTF_8)));
412 return (PolicyType) policy;
413 } catch (IOException e) {
414 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(),
417 } catch (BuilderException e) {
418 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(), e);
424 private DecisionSettings findDecisionSettingsBySettingId(String settingId) {
425 DecisionSettings decisionSetting = null;
427 EntityManager em = XACMLPapServlet.getEmf().createEntityManager();
428 Query getDecisionSettings = em.createNamedQuery("DecisionSettings.findAll");
429 List<?> decisionSettingsList = getDecisionSettings.getResultList();
431 for (Object id : decisionSettingsList) {
432 decisionSetting = (DecisionSettings) id;
433 if (decisionSetting.getXacmlId().equals(settingId)) {
437 return decisionSetting;
440 private void createRule(PolicyType decisionPolicy, boolean permitRule) {
441 RuleType rule = new RuleType();
443 rule.setRuleId(policyAdapter.getRuleID());
446 rule.setEffect(EffectType.PERMIT);
448 rule.setEffect(EffectType.DENY);
450 rule.setTarget(new TargetType());
452 // Create Target in Rule
453 AllOfType allOfInRule = new AllOfType();
455 // Creating match for ACCESS in rule target
456 MatchType accessMatch = new MatchType();
457 AttributeValueType accessAttributeValue = new AttributeValueType();
458 accessAttributeValue.setDataType(STRING_DATATYPE);
459 accessAttributeValue.getContent().add("DECIDE");
460 accessMatch.setAttributeValue(accessAttributeValue);
461 AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
462 URI accessURI = null;
464 accessURI = new URI(ACTION_ID);
465 } catch (URISyntaxException e) {
466 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
468 accessAttributeDesignator.setCategory(CATEGORY_ACTION);
469 accessAttributeDesignator.setDataType(STRING_DATATYPE);
470 accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
471 accessMatch.setAttributeDesignator(accessAttributeDesignator);
472 accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
474 dynamicLabelRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmLabels();
475 dynamicFieldComboRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmCombo();
476 dynamicFieldOneRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField1();
477 dynamicFieldTwoRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField2();
479 if (policyAdapter.getRuleProvider() != null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)) {
480 // Values for AAF Provider are here for XML Creation.
481 ConditionType condition = new ConditionType();
482 ApplyType decisionApply = new ApplyType();
484 AttributeValueType value1 = new AttributeValueType();
485 value1.setDataType(BOOLEAN_DATATYPE);
486 value1.getContent().add("true");
488 AttributeDesignatorType value2 = new AttributeDesignatorType();
489 value2.setAttributeId(AAFEngine.AAF_RESULT);
490 value2.setCategory(CATEGORY_RESOURCE);
491 value2.setDataType(BOOLEAN_DATATYPE);
492 value2.setMustBePresent(false);
494 ApplyType innerDecisionApply = new ApplyType();
495 innerDecisionApply.setFunctionId(FUNCTION_BOOLEAN_ONE_AND_ONLY);
496 innerDecisionApply.getExpression().add(new ObjectFactory().createAttributeDesignator(value2));
498 decisionApply.setFunctionId(XACML3.ID_FUNCTION_BOOLEAN_EQUAL.stringValue());
499 decisionApply.getExpression().add(new ObjectFactory().createAttributeValue(value1));
500 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
501 condition.setExpression(new ObjectFactory().createApply(decisionApply));
503 ApplyType notOuterApply = new ApplyType();
504 notOuterApply.setFunctionId(FUNCTION_NOT);
505 notOuterApply.getExpression().add(condition.getExpression());
506 condition.setExpression(new ObjectFactory().createApply(notOuterApply));
508 rule.setCondition(condition);
509 allOfInRule.getMatch().add(accessMatch);
511 AnyOfType anyOfInRule = new AnyOfType();
512 anyOfInRule.getAllOf().add(allOfInRule);
514 TargetType targetInRule = new TargetType();
515 targetInRule.getAnyOf().add(anyOfInRule);
517 rule.setTarget(targetInRule);
519 AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
520 AdviceExpressionType adviceExpression = new AdviceExpressionType();
521 adviceExpression.setAdviceId(AAFPROVIDER);
522 adviceExpression.setAppliesTo(EffectType.DENY);
523 AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
524 assignment.setAttributeId("aaf.response");
525 assignment.setCategory(CATEGORY_RESOURCE);
526 AttributeDesignatorType value = new AttributeDesignatorType();
527 value.setAttributeId(AAFEngine.AAF_RESPONSE);
528 value.setCategory(CATEGORY_RESOURCE);
529 value.setDataType(STRING_DATATYPE);
530 value.setMustBePresent(false);
531 assignment.setExpression(new ObjectFactory().createAttributeDesignator(value));
532 adviceExpression.getAttributeAssignmentExpression().add(assignment);
533 adviceExpressions.getAdviceExpression().add(adviceExpression);
534 rule.setAdviceExpressions(adviceExpressions);
536 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
537 policyAdapter.setPolicyData(decisionPolicy);
539 } else if (dynamicLabelRuleAlgorithms != null && !dynamicLabelRuleAlgorithms.isEmpty()) {
540 boolean isCompound = false;
541 ConditionType condition = new ConditionType();
542 int index = dynamicFieldOneRuleAlgorithms.size() - 1;
544 for (String labelAttr : dynamicLabelRuleAlgorithms) {
545 // if the rule algorithm as a label means it is a compound
546 if (dynamicFieldOneRuleAlgorithms.get(index).equals(labelAttr)) {
547 ApplyType decisionApply = new ApplyType();
549 String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
550 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
551 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
552 decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
553 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
554 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
555 condition.setExpression(new ObjectFactory().createApply(decisionApply));
559 // if rule algorithm not a compound
561 condition.setExpression(new ObjectFactory()
562 .createApply(getInnerDecisionApply(dynamicLabelRuleAlgorithms.get(index))));
566 ApplyType notOuterApply = new ApplyType();
567 notOuterApply.setFunctionId(FUNCTION_NOT);
568 notOuterApply.getExpression().add(condition.getExpression());
569 condition.setExpression(new ObjectFactory().createApply(notOuterApply));
571 rule.setCondition(condition);
572 allOfInRule.getMatch().add(accessMatch);
574 AnyOfType anyOfInRule = new AnyOfType();
575 anyOfInRule.getAllOf().add(allOfInRule);
577 TargetType targetInRule = new TargetType();
578 targetInRule.getAnyOf().add(anyOfInRule);
580 rule.setTarget(targetInRule);
582 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
583 policyAdapter.setPolicyData(decisionPolicy);
586 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Unsupported data object."
587 + policyAdapter.getData().getClass().getCanonicalName());
592 private void createRainydayRule(PolicyType decisionPolicy, String errorcode, String treatment, boolean permitRule) {
593 RuleType rule = new RuleType();
595 rule.setRuleId(UUID.randomUUID().toString());
598 rule.setEffect(EffectType.PERMIT);
600 rule.setEffect(EffectType.DENY);
602 rule.setTarget(new TargetType());
604 // Create Target in Rule
605 AllOfType allOfInRule = new AllOfType();
607 // Creating match for DECIDE in rule target
608 MatchType accessMatch = new MatchType();
609 AttributeValueType accessAttributeValue = new AttributeValueType();
610 accessAttributeValue.setDataType(STRING_DATATYPE);
611 accessAttributeValue.getContent().add("DECIDE");
612 accessMatch.setAttributeValue(accessAttributeValue);
613 AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
614 URI accessURI = null;
616 accessURI = new URI(ACTION_ID);
617 } catch (URISyntaxException e) {
618 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
620 accessAttributeDesignator.setCategory(CATEGORY_ACTION);
621 accessAttributeDesignator.setDataType(STRING_DATATYPE);
622 accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
623 accessMatch.setAttributeDesignator(accessAttributeDesignator);
624 accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
626 allOfInRule.getMatch().add(accessMatch);
628 // Creating match for ErrorCode in rule target
629 MatchType errorcodeMatch = new MatchType();
630 AttributeValueType errorcodeAttributeValue = new AttributeValueType();
631 errorcodeAttributeValue.setDataType(STRING_DATATYPE);
632 errorcodeAttributeValue.getContent().add(errorcode);
633 errorcodeMatch.setAttributeValue(errorcodeAttributeValue);
634 AttributeDesignatorType errorcodeAttributeDesignator = new AttributeDesignatorType();
635 errorcodeAttributeDesignator.setCategory(CATEGORY_RESOURCE);
636 errorcodeAttributeDesignator.setDataType(STRING_DATATYPE);
637 errorcodeAttributeDesignator.setAttributeId("ErrorCode");
638 errorcodeMatch.setAttributeDesignator(errorcodeAttributeDesignator);
639 errorcodeMatch.setMatchId(FUNCTION_STRING_REGEXP_MATCH);
641 allOfInRule.getMatch().add(errorcodeMatch);
643 AnyOfType anyOfInRule = new AnyOfType();
644 anyOfInRule.getAllOf().add(allOfInRule);
646 TargetType targetInRule = new TargetType();
647 targetInRule.getAnyOf().add(anyOfInRule);
649 rule.setTarget(targetInRule);
651 AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
652 AdviceExpressionType adviceExpression = new AdviceExpressionType();
653 adviceExpression.setAdviceId(RAINY_DAY);
654 adviceExpression.setAppliesTo(EffectType.PERMIT);
656 AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
657 assignment.setAttributeId("treatment");
658 assignment.setCategory(CATEGORY_RESOURCE);
660 AttributeValueType treatmentAttributeValue = new AttributeValueType();
661 treatmentAttributeValue.setDataType(STRING_DATATYPE);
662 treatmentAttributeValue.getContent().add(treatment);
663 assignment.setExpression(new ObjectFactory().createAttributeValue(treatmentAttributeValue));
665 adviceExpression.getAttributeAssignmentExpression().add(assignment);
666 adviceExpressions.getAdviceExpression().add(adviceExpression);
667 rule.setAdviceExpressions(adviceExpressions);
668 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
669 policyAdapter.setPolicyData(decisionPolicy);
673 // if compound setting the inner apply here
674 protected ApplyType getInnerDecisionApply(String value1Label) {
675 ApplyType decisionApply = new ApplyType();
677 // check the index for the label.
678 for (String labelAttr : dynamicLabelRuleAlgorithms) {
679 if (labelAttr.equals(value1Label)) {
680 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
681 populateDataTypeList(value1);
683 // check if the row contains label again
684 for (String labelValue : dynamicLabelRuleAlgorithms) {
685 if (labelValue.equals(value1)) {
686 return getCompoundDecisionApply(index);
690 // Getting the values from the form.
691 String functionKey = dynamicFieldComboRuleAlgorithms.get(index);
692 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
693 decisionApply.setFunctionId(getFunctionDefinitionId(functionKey));
694 // if two text field are rule attributes.
695 if ((value1.contains(RULE_VARIABLE)) && (value2.contains(RULE_VARIABLE))) {
696 ApplyType innerDecisionApply1 = new ApplyType();
697 ApplyType innerDecisionApply2 = new ApplyType();
698 AttributeDesignatorType attributeDesignator1 = new AttributeDesignatorType();
699 AttributeDesignatorType attributeDesignator2 = new AttributeDesignatorType();
700 // If selected function is Integer function set integer functionID
701 if (functionKey.toLowerCase().contains("integer")) {
702 innerDecisionApply1.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
703 innerDecisionApply2.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
704 attributeDesignator1.setDataType(INTEGER_DATATYPE);
705 attributeDesignator2.setDataType(INTEGER_DATATYPE);
707 // If selected function is not a Integer function set String functionID
708 innerDecisionApply1.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
709 innerDecisionApply2.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
710 attributeDesignator1.setDataType(STRING_DATATYPE);
711 attributeDesignator2.setDataType(STRING_DATATYPE);
713 attributeDesignator1.setCategory(CATEGORY_RESOURCE);
714 attributeDesignator2.setCategory(CATEGORY_RESOURCE);
715 // Here set actual field values
717 .setAttributeId(value1.contains("resource:") ? value1.substring(9) : value1.substring(8));
719 .setAttributeId(value1.contains("resource:") ? value1.substring(9) : value1.substring(8));
720 innerDecisionApply1.getExpression()
721 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator1));
722 innerDecisionApply2.getExpression()
723 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator2));
724 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply1));
725 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply2));
727 // if either of one text field is rule attribute.
728 if (!value1.startsWith("S_")) {
729 ApplyType innerDecisionApply = new ApplyType();
730 AttributeDesignatorType attributeDesignator = new AttributeDesignatorType();
731 AttributeValueType decisionConditionAttributeValue = new AttributeValueType();
733 if (functionKey.toLowerCase().contains("integer")) {
734 innerDecisionApply.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
735 decisionConditionAttributeValue.setDataType(INTEGER_DATATYPE);
736 attributeDesignator.setDataType(INTEGER_DATATYPE);
738 innerDecisionApply.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
739 decisionConditionAttributeValue.setDataType(STRING_DATATYPE);
740 attributeDesignator.setDataType(STRING_DATATYPE);
743 String attributeId = null;
744 String attributeValue = null;
746 // Find which textField has rule attribute and set it as
747 // attributeId and the other as attributeValue.
748 attributeId = value1;
749 attributeValue = value2;
751 if (attributeId != null) {
752 attributeDesignator.setCategory(CATEGORY_RESOURCE);
753 attributeDesignator.setAttributeId(attributeId);
755 decisionConditionAttributeValue.getContent().add(attributeValue);
756 innerDecisionApply.getExpression()
757 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator));
758 decisionApply.getExpression()
759 .add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
760 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
762 value1 = value1.substring(2, value1.length());
763 VariableReferenceType variableReferenceType = new VariableReferenceType();
764 variableReferenceType.setVariableId(value1);
766 String dataType = dataTypeList.get(index);
768 AttributeValueType decisionConditionAttributeValue = new AttributeValueType();
769 decisionConditionAttributeValue.setDataType(dataType);
770 decisionConditionAttributeValue.getContent().add(value2);
771 decisionApply.getExpression()
772 .add(new ObjectFactory().createVariableReference(variableReferenceType));
773 decisionApply.getExpression()
774 .add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
780 return decisionApply;
783 // if the rule algorithm is multiple compound one setting the apply
784 protected ApplyType getCompoundDecisionApply(int index) {
785 ApplyType decisionApply = new ApplyType();
786 String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
787 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
788 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
789 decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
790 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
791 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
792 return decisionApply;
795 private VariableDefinitionType createDynamicVariable(String key, String value, String dataType) {
796 VariableDefinitionType dynamicVariable = new VariableDefinitionType();
797 AttributeValueType dynamicAttributeValue = new AttributeValueType();
799 dynamicAttributeValue.setDataType(dataType);
800 dynamicAttributeValue.getContent().add(value);
802 dynamicVariable.setVariableId(key);
803 dynamicVariable.setExpression(new ObjectFactory().createAttributeValue(dynamicAttributeValue));
805 return dynamicVariable;
809 private void populateDataTypeList(String value1) {
810 String dataType = null;
811 if (value1.contains("S_")) {
812 value1 = value1.substring(2, value1.length());
813 DecisionSettings decisionSettings = findDecisionSettingsBySettingId(value1.substring(2, value1.length()));
814 if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
815 dataType = STRING_DATATYPE;
816 } else if (decisionSettings != null
817 && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
818 dataType = BOOLEAN_DATATYPE;
820 dataType = INTEGER_DATATYPE;
826 dataTypeList.add(dataType);
830 private String getDataType(String key) {
832 DecisionSettings decisionSettings = findDecisionSettingsBySettingId(key);
833 String dataType = null;
835 if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
836 dataType = STRING_DATATYPE;
837 } else if (decisionSettings != null && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
838 dataType = BOOLEAN_DATATYPE;
840 dataType = INTEGER_DATATYPE;
847 public Object getCorrectPolicyDataObject() {
848 return policyAdapter.getData();
851 public String getFunctionDefinitionId(String key) {
852 FunctionDefinition object =
853 (FunctionDefinition) commonClassDao.getDataById(FunctionDefinition.class, "shortname", key);
854 if (object != null) {
855 return object.getXacmlid();