2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest.components;
23 import java.io.ByteArrayInputStream;
25 import java.io.IOException;
27 import java.net.URISyntaxException;
28 import java.nio.charset.StandardCharsets;
29 import java.nio.file.Files;
30 import java.nio.file.Path;
31 import java.nio.file.Paths;
32 import java.util.ArrayList;
33 import java.util.Arrays;
34 import java.util.HashMap;
35 import java.util.LinkedList;
36 import java.util.List;
38 import java.util.UUID;
39 import javax.persistence.EntityManager;
40 import javax.persistence.Query;
41 import org.apache.commons.lang3.StringEscapeUtils;
42 import org.onap.policy.common.logging.eelf.MessageCodes;
43 import org.onap.policy.common.logging.eelf.PolicyLogger;
44 import org.onap.policy.common.logging.flexlogger.FlexLogger;
45 import org.onap.policy.common.logging.flexlogger.Logger;
46 import org.onap.policy.controlloop.policy.builder.BuilderException;
47 import org.onap.policy.controlloop.policy.builder.Results;
48 import org.onap.policy.controlloop.policy.guard.Constraint;
49 import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
50 import org.onap.policy.controlloop.policy.guard.Guard;
51 import org.onap.policy.controlloop.policy.guard.GuardPolicy;
52 import org.onap.policy.controlloop.policy.guard.MatchParameters;
53 import org.onap.policy.controlloop.policy.guard.builder.ControlLoopGuardBuilder;
54 import org.onap.policy.pap.xacml.rest.XACMLPapServlet;
55 import org.onap.policy.rest.adapter.PolicyRestAdapter;
56 import org.onap.policy.rest.dao.CommonClassDao;
57 import org.onap.policy.rest.jpa.DecisionSettings;
58 import org.onap.policy.rest.jpa.FunctionDefinition;
59 import org.onap.policy.utils.PolicyUtils;
60 import org.onap.policy.xacml.api.XACMLErrorConstants;
61 import org.onap.policy.xacml.std.pip.engines.aaf.AAFEngine;
62 import org.onap.policy.xacml.util.XACMLPolicyScanner;
63 import com.att.research.xacml.api.XACML3;
64 import com.att.research.xacml.api.pap.PAPException;
65 import com.att.research.xacml.std.IdentifierImpl;
66 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionType;
67 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionsType;
68 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
69 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
70 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ApplyType;
71 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
72 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
73 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
74 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ConditionType;
75 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
76 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
77 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
78 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
79 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
80 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
81 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
82 import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableDefinitionType;
83 import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableReferenceType;
85 public class DecisionPolicy extends Policy {
87 private static final Logger LOGGER = FlexLogger.getLogger(DecisionPolicy.class);
89 public static final String FUNCTION_NOT = "urn:oasis:names:tc:xacml:1.0:function:not";
90 private static final String AAFPROVIDER = "AAF";
91 public static final String GUARD_YAML = "GUARD_YAML";
92 public static final String GUARD_BL_YAML = "GUARD_BL_YAML";
93 public static final String GUARD_MIN_MAX = "GUARD_MIN_MAX";
94 public static final String RAINY_DAY = "Rainy_Day";
95 private static final String XACML_GUARD_TEMPLATE = "Decision_GuardPolicyTemplate.xml";
96 private static final String XACML_BLGUARD_TEMPLATE = "Decision_GuardBLPolicyTemplate.xml";
97 private static final String XACML_GUARD_MIN_MAX_TEMPLATE = "Decision_GuardMinMaxPolicyTemplate.xml";
99 private static final String ONAPNAME = "ONAPName";
100 private static final String POLICY_NAME = "PolicyName";
101 private static final String DESCRIPTION = "description";
104 List<String> dynamicLabelRuleAlgorithms = new LinkedList<>();
105 List<String> dynamicFieldComboRuleAlgorithms = new LinkedList<>();
106 List<String> dynamicFieldOneRuleAlgorithms = new LinkedList<>();
107 List<String> dynamicFieldTwoRuleAlgorithms = new LinkedList<>();
108 List<String> dataTypeList = new LinkedList<>();
110 private CommonClassDao commonClassDao;
112 public DecisionPolicy() {
116 public DecisionPolicy(PolicyRestAdapter policyAdapter, CommonClassDao commonClassDao) {
117 this.policyAdapter = policyAdapter;
118 this.commonClassDao = commonClassDao;
122 public Map<String, String> savePolicies() throws PAPException {
124 Map<String, String> successMap = new HashMap<>();
125 if (isPolicyExists()) {
126 successMap.put("EXISTS", "This Policy already exist on the PAP");
130 if (!isPreparedToSave()) {
131 // Prep and configure the policy for saving
135 // Until here we prepared the data and here calling the method to create xml.
136 Path newPolicyPath = null;
137 newPolicyPath = Paths.get(policyAdapter.getNewFileName());
139 successMap = createPolicy(newPolicyPath, getCorrectPolicyDataObject());
144 * Scan the Raw Policy data and set to PolicyAdapter.
146 private void readRawPolicyData() {
148 if ("API".equalsIgnoreCase(policyAdapter.getApiflag())) {
149 policy = XACMLPolicyScanner.readPolicy(new ByteArrayInputStream(StringEscapeUtils
150 .unescapeXml(policyAdapter.getRawXacmlPolicy()).getBytes(StandardCharsets.UTF_8)));
152 policy = XACMLPolicyScanner.readPolicy(
153 new ByteArrayInputStream(policyAdapter.getRawXacmlPolicy().getBytes(StandardCharsets.UTF_8)));
155 String policyRawDesc;
156 if (policy instanceof PolicySetType) {
158 ((PolicySetType) policy).getDescription() + "@#RuleProvider@#Decision_Raw@#RuleProvider@#";
159 ((PolicySetType) policy).setDescription(policyRawDesc);
161 policyRawDesc = ((PolicyType) policy).getDescription() + "@#RuleProvider@#Decision_Raw@#RuleProvider@#";
162 ((PolicyType) policy).setDescription(policyRawDesc);
164 policyAdapter.setPolicyData(policy);
165 policyAdapter.setData(policy);
166 setPreparedToSave(true);
170 // This is the method for preparing the policy for saving. We have broken it out
171 // separately because the fully configured policy is used for multiple things
173 public boolean prepareToSave() throws PAPException {
175 if (isPreparedToSave()) {
176 // we have already done this
181 String policyID = policyAdapter.getPolicyID();
182 version = policyAdapter.getHighestVersion();
184 if ("Raw".equals(policyAdapter.getRuleProvider())) {
188 // Create the Instance for pojo, PolicyType object is used in marshalling.
189 if ("Decision".equals(policyAdapter.getPolicyType())) {
190 PolicyType policyConfig = new PolicyType();
192 policyConfig.setVersion(Integer.toString(version));
193 policyConfig.setPolicyId(policyID);
194 policyConfig.setTarget(new TargetType());
195 policyAdapter.setData(policyConfig);
197 policyName = policyAdapter.getNewFileName();
199 if(policyAdapter.getRuleProvider().equals(GUARD_YAML) ||
200 policyAdapter.getRuleProvider().equals(GUARD_BL_YAML) ||
201 policyAdapter.getRuleProvider().equals(GUARD_MIN_MAX)){
203 Map<String, String> yamlParams = new HashMap<>();
204 String blackListEntryType = policyAdapter.getBlackListEntryType() != null
205 ? policyAdapter.getBlackListEntryType() : "Use Manual Entry";
206 String description = policyAdapter.getPolicyDescription() != null ? policyAdapter.getPolicyDescription()
207 : "YAML Guard Policy";
208 yamlParams.put(DESCRIPTION, description + "@blEntry@" + blackListEntryType + "@blEntry@");
209 String fileName = policyAdapter.getNewFileName();
210 String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length());
211 if ((name == null) || ("".equals(name))) {
212 name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length());
214 yamlParams.put(POLICY_NAME, name);
215 yamlParams.put(ONAPNAME, policyAdapter.getOnapName());
216 Map<String, String> params = policyAdapter.getDynamicFieldConfigAttributes();
217 yamlParams.putAll(params);
218 // Call YAML to XACML
220 PolicyType decisionPolicy = getGuardPolicy(yamlParams, policyAdapter.getRuleProvider());
221 decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId());
222 decisionPolicy.setVersion(Integer.toString(version));
223 policyAdapter.setPolicyData(decisionPolicy);
224 policyAdapter.setData(decisionPolicy);
225 } catch (BuilderException e) {
227 throw new PAPException(e);
229 } else if (policyAdapter.getData() != null) {
230 PolicyType decisionPolicy = (PolicyType) policyAdapter.getData();
232 decisionPolicy.setDescription(policyAdapter.getPolicyDescription());
234 decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId());
235 AllOfType allOfOne = new AllOfType();
236 String fileName = policyAdapter.getNewFileName();
237 String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length());
238 if ((name == null) || ("".equals(name))) {
239 name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length());
241 allOfOne.getMatch().add(createMatch(POLICY_NAME, name));
243 AllOfType allOf = new AllOfType();
246 allOf.getMatch().add(createMatch(ONAPNAME, (policyAdapter.getOnapName())));
248 Map<String, String> dynamicFieldComponentAttributes = policyAdapter.getDynamicFieldConfigAttributes();
249 if (policyAdapter.getRuleProvider() != null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)) {
250 dynamicFieldComponentAttributes = new HashMap<>();
253 // If there is any dynamic field attributes create the matches here
254 for (String keyField : dynamicFieldComponentAttributes.keySet()) {
255 String key = keyField;
256 String value = dynamicFieldComponentAttributes.get(key);
257 MatchType dynamicMatch = createDynamicMatch(key, value);
258 allOf.getMatch().add(dynamicMatch);
261 AnyOfType anyOf = new AnyOfType();
262 anyOf.getAllOf().add(allOfOne);
263 anyOf.getAllOf().add(allOf);
265 TargetType target = new TargetType();
266 target.getAnyOf().add(anyOf);
267 decisionPolicy.setTarget(target);
269 Map<String, String> dynamicFieldDecisionSettings = policyAdapter.getDynamicSettingsMap();
270 if (policyAdapter.getRuleProvider() != null && (policyAdapter.getRuleProvider().equals(AAFPROVIDER)
271 || policyAdapter.getRuleProvider().equals(RAINY_DAY))) {
272 dynamicFieldDecisionSettings = new HashMap<>();
275 // settings are dynamic so check how many rows are added and add all
276 for (String keyField : dynamicFieldDecisionSettings.keySet()) {
277 String key = keyField;
278 String value = dynamicFieldDecisionSettings.get(key);
279 String dataType = getDataType(key);
280 VariableDefinitionType dynamicVariable = createDynamicVariable(key, value, dataType);
281 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(dynamicVariable);
284 Map<String, String> dynamicFieldTreatmentAttributes = policyAdapter.getRainydayMap();
285 if (policyAdapter.getRuleProvider().equals(RAINY_DAY)) {
286 for (String keyField : dynamicFieldTreatmentAttributes.keySet()) {
287 String errorcode = keyField;
288 String treatment = dynamicFieldTreatmentAttributes.get(errorcode);
289 createRainydayRule(decisionPolicy, errorcode, treatment, true);
292 createRule(decisionPolicy, true);
293 createRule(decisionPolicy, false);
297 setPreparedToSave(true);
301 public PolicyType getGuardPolicy(Map<String, String> yamlParams, String ruleProvider) throws BuilderException {
303 ControlLoopGuardBuilder builder = ControlLoopGuardBuilder.Factory.buildControlLoopGuard(new Guard());
304 MatchParameters matchParameters = new MatchParameters(yamlParams.get("actor"), yamlParams.get("recipe"));
305 matchParameters.setControlLoopName(yamlParams.get("clname"));
306 if (yamlParams.containsKey("targets")) {
307 String targetString = yamlParams.get("targets");
308 List<String> targets = null;
309 if (targetString != null && !targetString.isEmpty()) {
310 if (targetString.contains(",")) {
311 targets = Arrays.asList(targetString.split(","));
313 targets = new ArrayList<>();
314 targets.add(targetString);
317 matchParameters.setTargets(targets);
319 GuardPolicy policy1 = new GuardPolicy(
320 (policyAdapter.getUuid() != null ? policyAdapter.getUuid() : UUID.randomUUID().toString()),
321 yamlParams.get(POLICY_NAME), yamlParams.get(DESCRIPTION), matchParameters);
322 builder = builder.addGuardPolicy(policy1);
323 Map<String, String> activeTimeRange = new HashMap<>();
324 activeTimeRange.put("start", yamlParams.get("guardActiveStart"));
325 activeTimeRange.put("end", yamlParams.get("guardActiveEnd"));
326 String blackListString = yamlParams.get("blackList");
327 List<String> blackList = null;
328 if (blackListString != null && !blackListString.trim().isEmpty()) {
329 if (blackListString.contains(",")) {
330 blackList = Arrays.asList(blackListString.split(","));
332 blackList = new ArrayList<>();
333 blackList.add(blackListString);
336 if (yamlParams.containsKey("appendBlackList")) {
337 String appendBlackListString = yamlParams.get("appendBlackList");
338 List<String> appendBlackList = null;
339 if (appendBlackListString != null && !appendBlackListString.trim().isEmpty()) {
340 appendBlackList = Arrays.asList(appendBlackListString.split(","));
341 for (int i = 0; i < appendBlackList.size(); i++) {
342 blackList.remove(appendBlackList.get(i));
347 Path xacmlTemplatePath;
348 ClassLoader classLoader = getClass().getClassLoader();
349 Constraint cons = new Constraint();
350 switch (ruleProvider) {
352 templateFile = new File(classLoader.getResource(XACML_BLGUARD_TEMPLATE).getFile());
353 xacmlTemplatePath = templateFile.toPath();
354 cons.setActive_time_range(activeTimeRange);
355 if (blackList == null || blackList.isEmpty()) {
356 throw new BuilderException("blackList is required");
358 cons.setBlacklist(blackList);
361 templateFile = new File(classLoader.getResource(XACML_GUARD_MIN_MAX_TEMPLATE).getFile());
362 xacmlTemplatePath = templateFile.toPath();
363 cons = new Constraint(Integer.parseInt(yamlParams.get("min")),
364 Integer.parseInt(yamlParams.get("max")), activeTimeRange);
367 templateFile = new File(classLoader.getResource(XACML_GUARD_TEMPLATE).getFile());
368 xacmlTemplatePath = templateFile.toPath();
369 Map<String, String> timeWindow = new HashMap<>();
370 if (!PolicyUtils.isInteger(yamlParams.get("timeWindow"))) {
371 throw new BuilderException("time window is not in Integer format.");
373 String timeUnits = yamlParams.get("timeUnits");
374 if (timeUnits == null
375 || !("minute".equalsIgnoreCase(timeUnits) || "hour".equalsIgnoreCase(timeUnits)
376 || "day".equalsIgnoreCase(timeUnits) || "week".equalsIgnoreCase(timeUnits)
377 || "month".equalsIgnoreCase(timeUnits) || "year".equalsIgnoreCase(timeUnits))) {
378 throw new BuilderException("time Units is not in proper format.");
380 timeWindow.put("value", yamlParams.get("timeWindow"));
381 timeWindow.put("units", yamlParams.get("timeUnits"));
382 cons = new Constraint(Integer.parseInt(yamlParams.get("limit")), timeWindow, activeTimeRange);
386 builder = builder.addLimitConstraint(policy1.getId(), cons);
387 // Build the specification
388 Results results = builder.buildSpecification();
390 ControlLoopGuard yamlGuardObject = SafePolicyBuilder.loadYamlGuard(results.getSpecification());
391 String xacmlTemplateContent;
393 xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
394 HashMap<String, String> yamlSpecs = new HashMap<>();
395 yamlSpecs.put(POLICY_NAME, yamlParams.get(POLICY_NAME));
396 yamlSpecs.put(DESCRIPTION, yamlParams.get(DESCRIPTION));
397 yamlSpecs.put(ONAPNAME, yamlParams.get(ONAPNAME));
398 yamlSpecs.put("actor", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getActor());
399 yamlSpecs.put("recipe", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getRecipe());
400 yamlSpecs.put("clname",
401 yamlGuardObject.getGuards().getFirst().getMatch_parameters().getControlLoopName());
402 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
403 .getFreq_limit_per_target() != null) {
404 yamlSpecs.put("limit", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
405 .getFreq_limit_per_target().toString());
407 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window() != null) {
408 yamlSpecs.put("twValue", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
409 .getTime_window().get("value"));
410 yamlSpecs.put("twUnits", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
411 .getTime_window().get("units"));
414 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().
415 getFirst().getMaxVnfCount() != null) {
416 yamlSpecs.put("max", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
417 .getMaxVnfCount().toString());
419 if (yamlGuardObject.getGuards().getFirst().getLimit_constraints().
420 getFirst().getMinVnfCount() != null) {
421 yamlSpecs.put("min", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
422 .getMinVnfCount().toString());
425 yamlSpecs.put("guardActiveStart", yamlGuardObject.getGuards().getFirst().getLimit_constraints()
426 .getFirst().getActive_time_range().get("start"));
427 yamlSpecs.put("guardActiveEnd", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst()
428 .getActive_time_range().get("end"));
429 String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent, yamlSpecs,
430 yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getBlacklist(),
431 yamlGuardObject.getGuards().getFirst().getMatch_parameters().getTargets());
433 // Convert the Policy into Stream input to Policy Adapter.
434 Object policy = XACMLPolicyScanner
435 .readPolicy(new ByteArrayInputStream(xacmlPolicyContent.getBytes(StandardCharsets.UTF_8)));
437 return (PolicyType) policy;
438 } catch (IOException e) {
439 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(),
442 } catch (BuilderException e) {
443 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(), e);
449 private DecisionSettings findDecisionSettingsBySettingId(String settingId) {
450 DecisionSettings decisionSetting = null;
452 EntityManager em = XACMLPapServlet.getEmf().createEntityManager();
453 Query getDecisionSettings = em.createNamedQuery("DecisionSettings.findAll");
454 List<?> decisionSettingsList = getDecisionSettings.getResultList();
456 for (Object id : decisionSettingsList) {
457 decisionSetting = (DecisionSettings) id;
458 if (decisionSetting.getXacmlId().equals(settingId)) {
462 return decisionSetting;
465 private void createRule(PolicyType decisionPolicy, boolean permitRule) {
466 RuleType rule = new RuleType();
468 rule.setRuleId(policyAdapter.getRuleID());
471 rule.setEffect(EffectType.PERMIT);
473 rule.setEffect(EffectType.DENY);
475 rule.setTarget(new TargetType());
477 // Create Target in Rule
478 AllOfType allOfInRule = new AllOfType();
480 // Creating match for ACCESS in rule target
481 MatchType accessMatch = new MatchType();
482 AttributeValueType accessAttributeValue = new AttributeValueType();
483 accessAttributeValue.setDataType(STRING_DATATYPE);
484 accessAttributeValue.getContent().add("DECIDE");
485 accessMatch.setAttributeValue(accessAttributeValue);
486 AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
487 URI accessURI = null;
489 accessURI = new URI(ACTION_ID);
490 } catch (URISyntaxException e) {
491 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
493 accessAttributeDesignator.setCategory(CATEGORY_ACTION);
494 accessAttributeDesignator.setDataType(STRING_DATATYPE);
495 accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
496 accessMatch.setAttributeDesignator(accessAttributeDesignator);
497 accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
499 dynamicLabelRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmLabels();
500 dynamicFieldComboRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmCombo();
501 dynamicFieldOneRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField1();
502 dynamicFieldTwoRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField2();
504 if (policyAdapter.getRuleProvider() != null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)) {
505 // Values for AAF Provider are here for XML Creation.
506 ConditionType condition = new ConditionType();
507 ApplyType decisionApply = new ApplyType();
509 AttributeValueType value1 = new AttributeValueType();
510 value1.setDataType(BOOLEAN_DATATYPE);
511 value1.getContent().add("true");
513 AttributeDesignatorType value2 = new AttributeDesignatorType();
514 value2.setAttributeId(AAFEngine.AAF_RESULT);
515 value2.setCategory(CATEGORY_RESOURCE);
516 value2.setDataType(BOOLEAN_DATATYPE);
517 value2.setMustBePresent(false);
519 ApplyType innerDecisionApply = new ApplyType();
520 innerDecisionApply.setFunctionId(FUNCTION_BOOLEAN_ONE_AND_ONLY);
521 innerDecisionApply.getExpression().add(new ObjectFactory().createAttributeDesignator(value2));
523 decisionApply.setFunctionId(XACML3.ID_FUNCTION_BOOLEAN_EQUAL.stringValue());
524 decisionApply.getExpression().add(new ObjectFactory().createAttributeValue(value1));
525 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
526 condition.setExpression(new ObjectFactory().createApply(decisionApply));
528 ApplyType notOuterApply = new ApplyType();
529 notOuterApply.setFunctionId(FUNCTION_NOT);
530 notOuterApply.getExpression().add(condition.getExpression());
531 condition.setExpression(new ObjectFactory().createApply(notOuterApply));
533 rule.setCondition(condition);
534 allOfInRule.getMatch().add(accessMatch);
536 AnyOfType anyOfInRule = new AnyOfType();
537 anyOfInRule.getAllOf().add(allOfInRule);
539 TargetType targetInRule = new TargetType();
540 targetInRule.getAnyOf().add(anyOfInRule);
542 rule.setTarget(targetInRule);
544 AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
545 AdviceExpressionType adviceExpression = new AdviceExpressionType();
546 adviceExpression.setAdviceId(AAFPROVIDER);
547 adviceExpression.setAppliesTo(EffectType.DENY);
548 AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
549 assignment.setAttributeId("aaf.response");
550 assignment.setCategory(CATEGORY_RESOURCE);
551 AttributeDesignatorType value = new AttributeDesignatorType();
552 value.setAttributeId(AAFEngine.AAF_RESPONSE);
553 value.setCategory(CATEGORY_RESOURCE);
554 value.setDataType(STRING_DATATYPE);
555 value.setMustBePresent(false);
556 assignment.setExpression(new ObjectFactory().createAttributeDesignator(value));
557 adviceExpression.getAttributeAssignmentExpression().add(assignment);
558 adviceExpressions.getAdviceExpression().add(adviceExpression);
559 rule.setAdviceExpressions(adviceExpressions);
561 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
562 policyAdapter.setPolicyData(decisionPolicy);
564 } else if (dynamicLabelRuleAlgorithms != null && !dynamicLabelRuleAlgorithms.isEmpty()) {
565 boolean isCompound = false;
566 ConditionType condition = new ConditionType();
567 int index = dynamicFieldOneRuleAlgorithms.size() - 1;
569 for (String labelAttr : dynamicLabelRuleAlgorithms) {
570 // if the rule algorithm as a label means it is a compound
571 if (dynamicFieldOneRuleAlgorithms.get(index).equals(labelAttr)) {
572 ApplyType decisionApply = new ApplyType();
574 String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
575 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
576 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
577 decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
578 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
579 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
580 condition.setExpression(new ObjectFactory().createApply(decisionApply));
584 // if rule algorithm not a compound
586 condition.setExpression(new ObjectFactory()
587 .createApply(getInnerDecisionApply(dynamicLabelRuleAlgorithms.get(index))));
591 ApplyType notOuterApply = new ApplyType();
592 notOuterApply.setFunctionId(FUNCTION_NOT);
593 notOuterApply.getExpression().add(condition.getExpression());
594 condition.setExpression(new ObjectFactory().createApply(notOuterApply));
596 rule.setCondition(condition);
597 allOfInRule.getMatch().add(accessMatch);
599 AnyOfType anyOfInRule = new AnyOfType();
600 anyOfInRule.getAllOf().add(allOfInRule);
602 TargetType targetInRule = new TargetType();
603 targetInRule.getAnyOf().add(anyOfInRule);
605 rule.setTarget(targetInRule);
607 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
608 policyAdapter.setPolicyData(decisionPolicy);
611 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Unsupported data object."
612 + policyAdapter.getData().getClass().getCanonicalName());
617 private void createRainydayRule(PolicyType decisionPolicy, String errorcode, String treatment, boolean permitRule) {
618 RuleType rule = new RuleType();
620 rule.setRuleId(UUID.randomUUID().toString());
623 rule.setEffect(EffectType.PERMIT);
625 rule.setEffect(EffectType.DENY);
627 rule.setTarget(new TargetType());
629 // Create Target in Rule
630 AllOfType allOfInRule = new AllOfType();
632 // Creating match for DECIDE in rule target
633 MatchType accessMatch = new MatchType();
634 AttributeValueType accessAttributeValue = new AttributeValueType();
635 accessAttributeValue.setDataType(STRING_DATATYPE);
636 accessAttributeValue.getContent().add("DECIDE");
637 accessMatch.setAttributeValue(accessAttributeValue);
638 AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
639 URI accessURI = null;
641 accessURI = new URI(ACTION_ID);
642 } catch (URISyntaxException e) {
643 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
645 accessAttributeDesignator.setCategory(CATEGORY_ACTION);
646 accessAttributeDesignator.setDataType(STRING_DATATYPE);
647 accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
648 accessMatch.setAttributeDesignator(accessAttributeDesignator);
649 accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
651 allOfInRule.getMatch().add(accessMatch);
653 // Creating match for ErrorCode in rule target
654 MatchType errorcodeMatch = new MatchType();
655 AttributeValueType errorcodeAttributeValue = new AttributeValueType();
656 errorcodeAttributeValue.setDataType(STRING_DATATYPE);
657 errorcodeAttributeValue.getContent().add(errorcode);
658 errorcodeMatch.setAttributeValue(errorcodeAttributeValue);
659 AttributeDesignatorType errorcodeAttributeDesignator = new AttributeDesignatorType();
660 errorcodeAttributeDesignator.setCategory(CATEGORY_RESOURCE);
661 errorcodeAttributeDesignator.setDataType(STRING_DATATYPE);
662 errorcodeAttributeDesignator.setAttributeId("ErrorCode");
663 errorcodeMatch.setAttributeDesignator(errorcodeAttributeDesignator);
664 errorcodeMatch.setMatchId(FUNCTION_STRING_REGEXP_MATCH);
666 allOfInRule.getMatch().add(errorcodeMatch);
668 AnyOfType anyOfInRule = new AnyOfType();
669 anyOfInRule.getAllOf().add(allOfInRule);
671 TargetType targetInRule = new TargetType();
672 targetInRule.getAnyOf().add(anyOfInRule);
674 rule.setTarget(targetInRule);
676 AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
677 AdviceExpressionType adviceExpression = new AdviceExpressionType();
678 adviceExpression.setAdviceId(RAINY_DAY);
679 adviceExpression.setAppliesTo(EffectType.PERMIT);
681 AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
682 assignment.setAttributeId("treatment");
683 assignment.setCategory(CATEGORY_RESOURCE);
685 AttributeValueType treatmentAttributeValue = new AttributeValueType();
686 treatmentAttributeValue.setDataType(STRING_DATATYPE);
687 treatmentAttributeValue.getContent().add(treatment);
688 assignment.setExpression(new ObjectFactory().createAttributeValue(treatmentAttributeValue));
690 adviceExpression.getAttributeAssignmentExpression().add(assignment);
691 adviceExpressions.getAdviceExpression().add(adviceExpression);
692 rule.setAdviceExpressions(adviceExpressions);
693 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
694 policyAdapter.setPolicyData(decisionPolicy);
698 // if compound setting the inner apply here
699 protected ApplyType getInnerDecisionApply(String value1Label) {
700 ApplyType decisionApply = new ApplyType();
702 // check the index for the label.
703 for (String labelAttr : dynamicLabelRuleAlgorithms) {
704 if (labelAttr.equals(value1Label)) {
705 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
706 populateDataTypeList(value1);
708 // check if the row contains label again
709 for (String labelValue : dynamicLabelRuleAlgorithms) {
710 if (labelValue.equals(value1)) {
711 return getCompoundDecisionApply(index);
715 // Getting the values from the form.
716 String functionKey = dynamicFieldComboRuleAlgorithms.get(index);
717 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
718 decisionApply.setFunctionId(getFunctionDefinitionId(functionKey));
719 // if two text field are rule attributes.
720 if ((value1.contains(RULE_VARIABLE)) && (value2.contains(RULE_VARIABLE))) {
721 ApplyType innerDecisionApply1 = new ApplyType();
722 ApplyType innerDecisionApply2 = new ApplyType();
723 AttributeDesignatorType attributeDesignator1 = new AttributeDesignatorType();
724 AttributeDesignatorType attributeDesignator2 = new AttributeDesignatorType();
725 // If selected function is Integer function set integer functionID
726 if (functionKey.toLowerCase().contains("integer")) {
727 innerDecisionApply1.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
728 innerDecisionApply2.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
729 attributeDesignator1.setDataType(INTEGER_DATATYPE);
730 attributeDesignator2.setDataType(INTEGER_DATATYPE);
732 // If selected function is not a Integer function set String functionID
733 innerDecisionApply1.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
734 innerDecisionApply2.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
735 attributeDesignator1.setDataType(STRING_DATATYPE);
736 attributeDesignator2.setDataType(STRING_DATATYPE);
738 attributeDesignator1.setCategory(CATEGORY_RESOURCE);
739 attributeDesignator2.setCategory(CATEGORY_RESOURCE);
740 // Here set actual field values
742 .setAttributeId(value1.contains("resource:") ? value1.substring(9) : value1.substring(8));
744 .setAttributeId(value1.contains("resource:") ? value1.substring(9) : value1.substring(8));
745 innerDecisionApply1.getExpression()
746 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator1));
747 innerDecisionApply2.getExpression()
748 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator2));
749 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply1));
750 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply2));
752 // if either of one text field is rule attribute.
753 if (!value1.startsWith("S_")) {
754 ApplyType innerDecisionApply = new ApplyType();
755 AttributeDesignatorType attributeDesignator = new AttributeDesignatorType();
756 AttributeValueType decisionConditionAttributeValue = new AttributeValueType();
758 if (functionKey.toLowerCase().contains("integer")) {
759 innerDecisionApply.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
760 decisionConditionAttributeValue.setDataType(INTEGER_DATATYPE);
761 attributeDesignator.setDataType(INTEGER_DATATYPE);
763 innerDecisionApply.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
764 decisionConditionAttributeValue.setDataType(STRING_DATATYPE);
765 attributeDesignator.setDataType(STRING_DATATYPE);
768 String attributeId = null;
769 String attributeValue = null;
771 // Find which textField has rule attribute and set it as
772 // attributeId and the other as attributeValue.
773 attributeId = value1;
774 attributeValue = value2;
776 if (attributeId != null) {
777 attributeDesignator.setCategory(CATEGORY_RESOURCE);
778 attributeDesignator.setAttributeId(attributeId);
780 decisionConditionAttributeValue.getContent().add(attributeValue);
781 innerDecisionApply.getExpression()
782 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator));
783 decisionApply.getExpression()
784 .add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
785 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
787 value1 = value1.substring(2, value1.length());
788 VariableReferenceType variableReferenceType = new VariableReferenceType();
789 variableReferenceType.setVariableId(value1);
791 String dataType = dataTypeList.get(index);
793 AttributeValueType decisionConditionAttributeValue = new AttributeValueType();
794 decisionConditionAttributeValue.setDataType(dataType);
795 decisionConditionAttributeValue.getContent().add(value2);
796 decisionApply.getExpression()
797 .add(new ObjectFactory().createVariableReference(variableReferenceType));
798 decisionApply.getExpression()
799 .add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
805 return decisionApply;
808 // if the rule algorithm is multiple compound one setting the apply
809 protected ApplyType getCompoundDecisionApply(int index) {
810 ApplyType decisionApply = new ApplyType();
811 String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
812 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
813 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
814 decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
815 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
816 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
817 return decisionApply;
820 private VariableDefinitionType createDynamicVariable(String key, String value, String dataType) {
821 VariableDefinitionType dynamicVariable = new VariableDefinitionType();
822 AttributeValueType dynamicAttributeValue = new AttributeValueType();
824 dynamicAttributeValue.setDataType(dataType);
825 dynamicAttributeValue.getContent().add(value);
827 dynamicVariable.setVariableId(key);
828 dynamicVariable.setExpression(new ObjectFactory().createAttributeValue(dynamicAttributeValue));
830 return dynamicVariable;
834 private void populateDataTypeList(String value1) {
835 String dataType = null;
836 if (value1.contains("S_")) {
837 value1 = value1.substring(2, value1.length());
838 DecisionSettings decisionSettings = findDecisionSettingsBySettingId(value1.substring(2, value1.length()));
839 if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
840 dataType = STRING_DATATYPE;
841 } else if (decisionSettings != null
842 && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
843 dataType = BOOLEAN_DATATYPE;
845 dataType = INTEGER_DATATYPE;
851 dataTypeList.add(dataType);
855 private String getDataType(String key) {
857 DecisionSettings decisionSettings = findDecisionSettingsBySettingId(key);
858 String dataType = null;
860 if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
861 dataType = STRING_DATATYPE;
862 } else if (decisionSettings != null && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
863 dataType = BOOLEAN_DATATYPE;
865 dataType = INTEGER_DATATYPE;
872 public Object getCorrectPolicyDataObject() {
873 return policyAdapter.getData();
876 public String getFunctionDefinitionId(String key) {
877 FunctionDefinition object =
878 (FunctionDefinition) commonClassDao.getDataById(FunctionDefinition.class, "shortname", key);
879 if (object != null) {
880 return object.getXacmlid();
Code Review / policy / engine.git / blob