* ============LICENSE_START=======================================================
* ONAP-XACML
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
import org.onap.policy.common.logging.eelf.MessageCodes;
import org.onap.policy.common.logging.eelf.PolicyLogger;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeSelectorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ConditionType;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
/**
* class XACMLPolicyScanner
- *
+ *
* This class traverses the hierarchy of a XACML 3.0 policy. You can optionally pass a Callback class
- * and override any desired methods to retrieve information from a policy.
- *
+ * and override any desired methods to retrieve information from a policy.
+ *
*
*/
public class XACMLPolicyScanner {
-
+
private static final Log logger = LogFactory.getLog(XACMLPolicyScanner.class);
private Object policyObject = null;
private Callback callback = null;
-
+
public XACMLPolicyScanner(Path filename, Callback callback) {
try (InputStream is = Files.newInputStream(filename)) {
this.policyObject = XACMLPolicyScanner.readPolicy(is);
}
this.callback = callback;
}
-
+
public XACMLPolicyScanner(InputStream filename, Callback callback) {
try (InputStream is = filename) {
this.policyObject = XACMLPolicyScanner.readPolicy(is);
}
this.callback = callback;
}
-
+
public XACMLPolicyScanner(PolicySetType policySet, Callback callback) {
this.policyObject = policySet;
this.callback = callback;
}
-
+
public XACMLPolicyScanner(PolicySetType policySet) {
this(policySet, null);
}
-
+
public XACMLPolicyScanner(PolicyType policy, Callback callback) {
this.policyObject = policy;
this.callback = callback;
}
-
+
public XACMLPolicyScanner(PolicyType policy) {
this(policy, null);
}
-
+
/**
* Sets the callback interface to be used.
- *
+ *
* @param cb
*/
public void setCallback(Callback cb) {
this.callback = cb;
}
-
+
/**
* Saves the given callback object then calls the scan() method.
- *
+ *
* @param cb
* @return
*/
this.callback = cb;
return this.scan();
}
-
+
/**
- *
+ *
* This begins the scanning of the contained object.
- *
+ *
* @return - The PolicySet/Policy that was scanned.
*/
public Object scan() {
if (this.policyObject == null) {
return null;
}
- if (this.callback != null) {
- if (this.callback.onBeginScan(this.policyObject) == CallbackResult.STOP) {
- return this.policyObject;
- }
+ if (this.callback != null && this.callback.onBeginScan(this.policyObject) == CallbackResult.STOP) {
+ return this.policyObject;
}
if (this.policyObject instanceof PolicyType) {
this.scanPolicy(null, (PolicyType) this.policyObject);
}
return this.policyObject;
}
-
+
/**
* This performs the scan of a PolicySet
- *
+ *
* @param parent - Its parent PolicySet. Can be null if this is the root.
* @param policySet - The PolicySet object.
* @return CallbackResult - CONTINUE to continue, STOP to terminate scanning.
if (logger.isTraceEnabled()) {
logger.trace("scanning policy set: " + policySet.getPolicySetId() + " " + policySet.getDescription());
}
- if (this.callback != null) {
- if (this.callback.onPreVisitPolicySet(parent, policySet) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPreVisitPolicySet(parent, policySet) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
//
// Scan its info
//
List<JAXBElement<?>> list = policySet.getPolicySetOrPolicyOrPolicySetIdReference();
for (JAXBElement<?> element: list) {
- if (element.getName().getLocalPart().equals("PolicySet")) {
- if (this.scanPolicySet(policySet, (PolicySetType)element.getValue()) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
- } else if (element.getName().getLocalPart().equals("Policy")) {
- if (this.scanPolicy(policySet, (PolicyType)element.getValue()) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
- } else if (element.getValue() instanceof IdReferenceType) {
- if (element.getName().getLocalPart().equals("PolicySetIdReference")) {
-
- } else if (element.getName().getLocalPart().equals("PolicyIdReference")) {
-
- }
+ if ("PolicySet".equals(element.getName().getLocalPart()) &&
+ this.scanPolicySet(policySet, (PolicySetType)element.getValue()) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
+ } else if ("Policy".equals(element.getName().getLocalPart()) &&
+ this.scanPolicy(policySet, (PolicyType)element.getValue()) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
} else {
logger.warn("generating policy sets found unsupported element: " + element.getName().getNamespaceURI());
}
}
- if (this.callback != null) {
- if (this.callback.onPostVisitPolicySet(parent, policySet) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPostVisitPolicySet(parent, policySet) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
return CallbackResult.CONTINUE;
}
-
+
/**
- *
+ *
* This performs scanning of the Policy object.
- *
+ *
* @param parent - The parent PolicySet of the policy. This can be null if this is a root Policy.
* @param policy - The policy being scanned.
* @return CallbackResult - CONTINUE to continue, STOP to terminate scanning.
if (logger.isTraceEnabled()) {
logger.trace("scanning policy: " + policy.getPolicyId() + " " + policy.getDescription());
}
- if (this.callback != null) {
- if (this.callback.onPreVisitPolicy(parent, policy) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPreVisitPolicy(parent, policy) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
//
// Scan its info
if (logger.isTraceEnabled()) {
logger.trace("scanning rule: " + rule.getRuleId() + " " + rule.getDescription());
}
- if (this.callback != null) {
- if (this.callback.onPreVisitRule(policy, rule) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPreVisitRule(policy, rule) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
if (this.scanTarget(rule, rule.getTarget()) == CallbackResult.STOP) {
return CallbackResult.STOP;
if (this.scanAdvice(rule, rule.getAdviceExpressions()) == CallbackResult.STOP) {
return CallbackResult.STOP;
}
- if (this.callback != null) {
- if (this.callback.onPostVisitRule(policy, rule) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPostVisitRule(policy, rule) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
} else if (o instanceof VariableDefinitionType) {
- if (this.callback != null) {
- if (this.callback.onVariable(policy, (VariableDefinitionType) o) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onVariable(policy, (VariableDefinitionType) o) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
} else {
if (logger.isDebugEnabled()) {
}
}
}
- if (this.callback != null) {
- if (this.callback.onPostVisitPolicy(parent, policy) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPostVisitPolicy(parent, policy) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
return CallbackResult.CONTINUE;
}
-
+
/**
* Scans the given target for attributes. Its sole purpose is to return attributes found.
- *
+ *
* @param parent - The parent PolicySet/Policy/Rule for the target.
* @param target - The target.
* @return CallbackResult - CONTINUE to continue, STOP to terminate scanning.
} else {
logger.warn("NULL designator/selector or value for match.");
}
- if (attribute != null && this.callback != null) {
- if (this.callback.onAttribute(parent, target, attribute) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (attribute != null && this.callback != null && this.callback.onAttribute(parent, target, attribute) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
}
}
}
return CallbackResult.CONTINUE;
}
-
+
/**
* Scan the list of obligations.
- *
+ *
* @param parent - The parent PolicySet/Policy/Rule for the obligation.
* @param obligationExpressionsType - All the obligation expressions.
* @return CallbackResult - CONTINUE to continue, STOP to terminate scanning.
return CallbackResult.CONTINUE;
}
List<ObligationExpressionType> expressions = obligationExpressionsType.getObligationExpression();
- if (expressions == null || expressions.size() == 0) {
+ if (expressions == null || expressions.isEmpty()) {
return CallbackResult.CONTINUE;
}
for (ObligationExpressionType expression : expressions) {
ob.addAttributeAssignment(attribute);
}
}
- if (this.callback != null) {
- if (this.callback.onObligation(parent, expression, ob) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onObligation(parent, expression, ob) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
}
return CallbackResult.CONTINUE;
}
/**
- *
+ *
* Scans the list of advice expressions returning each individually.
- *
+ *
* @param parent - The parent PolicySet/Policy/Rule for the advice.
* @param adviceExpressionstype - The list of advice expressions.
* @return CallbackResult - CONTINUE to continue, STOP to terminate scanning.
return CallbackResult.CONTINUE;
}
List<AdviceExpressionType> expressions = adviceExpressionstype.getAdviceExpression();
- if (expressions == null || expressions.size() == 0) {
+ if (expressions == null || expressions.isEmpty()) {
return CallbackResult.CONTINUE;
}
for (AdviceExpressionType expression : expressions) {
ob.addAttributeAssignment(attribute);
}
}
- if (this.callback != null) {
- if (this.callback.onAdvice(parent, expression, ob) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onAdvice(parent, expression, ob) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
}
return CallbackResult.CONTINUE;
}
-
+
/**
* Scans the list of variable definitions.
- *
+ *
* @param policy - Policy object containing the variable definition.
* @param list - List of variable definitions.
* @return CallbackResult - CONTINUE to continue, STOP to terminate scanning.
return CallbackResult.CONTINUE;
}
for (Object o : list) {
- if (o instanceof VariableDefinitionType) {
- if (this.callback != null) {
- if (this.callback.onVariable(policy, (VariableDefinitionType) o) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
- }
+ if (o instanceof VariableDefinitionType && this.callback != null && this.callback.onVariable(policy, (VariableDefinitionType) o) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
}
-
+
return CallbackResult.CONTINUE;
}
-
+
/**
* Scans the list of conditions.
- *
+ *
* @param rule
* @param condition
* @return
*/
protected CallbackResult scanConditions(RuleType rule, ConditionType condition) {
- if (condition != null) {
- if (this.callback != null) {
- if (this.callback.onCondition(rule, condition) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
- }
+ if (condition != null && this.callback != null && this.callback.onCondition(rule, condition) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
return CallbackResult.CONTINUE;
}
-
+
/**
* Reads the XACML XML policy file in and returns the version contained in the root Policy/PolicySet element.
- *
+ *
* @param policy - The policy file.
* @return - The version string from the file (uninterpreted)
- * @throws IOException
+ * @throws IOException
*/
public static String getVersion(Path policy) throws IOException {
Object data = null;
}
return getVersion(data);
}
-
+
/**
* Reads the Policy/PolicySet element object and returns its current version.
- *
+ *
* @param data - Either a PolicySet or Policy XACML type object.
* @return - The integer version value. -1 if it doesn't exist or was un-parsable.
*/
}
return null;
}
-
+
/**
* Returns the Policy or PolicySet ID.
- *
+ *
* @param data - A XACML 3.0 Policy or PolicySet element object.
* @return The policy/policyset's policy ID
*/
return null;
}
}
-
+
public static List<String> getCreatedByModifiedBy(Path policyPath) throws IOException{
String createdBy = "";
String modifiedBy= "";
}
return Arrays.asList(createdBy, modifiedBy);
}
-
+
//get the Created Name of the User on reading the Xml file
public static String getCreatedBy(Path policyPath) throws IOException{
String userId = "";
}
return userId;
}
-
+
//get the Modified Name of the User on reading the Xml file
public static String getModifiedBy(Path policyPath) throws IOException{
String modifiedBy = "";
/**
* readPolicy - does the work to read in policy data from a file.
- *
+ *
* @param policy - The path to the policy file.
* @return - The policy data object. This *should* be either a PolicySet or a Policy.
*/
// Parse the policy file
//
Document doc = db.parse(is);
- //
- // Because there is no root defined in xacml,
- // find the first element
- //
- NodeList nodes = doc.getChildNodes();
- Node node = nodes.item(0);
- Element e = null;
- if (node.getNodeType() == Node.ELEMENT_NODE) {
- e = (Element) node;
+ Element e = doc.getDocumentElement();
+ //
+ // Is it a 3.0 policy?
+ //
+ if ("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17".equals(e.getNamespaceURI())) {
//
- // Is it a 3.0 policy?
+ // A policyset or policy could be the root
//
- if (e.getNamespaceURI().equals("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17")) {
+ if (e.getNodeName().endsWith("Policy")) {
//
- // A policyset or policy could be the root
+ // Now we can create the context for the policy set
+ // and unmarshall the policy into a class.
//
- if (e.getNodeName().endsWith("Policy")) {
- //
- // Now we can create the context for the policy set
- // and unmarshall the policy into a class.
- //
- JAXBContext context = JAXBContext.newInstance(PolicyType.class);
- Unmarshaller um = context.createUnmarshaller();
- JAXBElement<PolicyType> root = um.unmarshal(e, PolicyType.class);
- //
- // Here is our policy set class
- //
- return root.getValue();
- } else if (e.getNodeName().endsWith("PolicySet")) {
- //
- // Now we can create the context for the policy set
- // and unmarshall the policy into a class.
- //
- JAXBContext context = JAXBContext.newInstance(PolicySetType.class);
- Unmarshaller um = context.createUnmarshaller();
- JAXBElement<PolicySetType> root = um.unmarshal(e, PolicySetType.class);
- //
- // Here is our policy set class
- //
- return root.getValue();
- } else {
- if (logger.isDebugEnabled()) {
- logger.debug("Not supported yet: " + e.getNodeName());
- }
- }
+ JAXBContext context = JAXBContext.newInstance(PolicyType.class);
+ Unmarshaller um = context.createUnmarshaller();
+ JAXBElement<PolicyType> root = um.unmarshal(e, PolicyType.class);
+ //
+ // Here is our policy set class
+ //
+ return root.getValue();
+ } else if (e.getNodeName().endsWith("PolicySet")) {
+ //
+ // Now we can create the context for the policy set
+ // and unmarshall the policy into a class.
+ //
+ JAXBContext context = JAXBContext.newInstance(PolicySetType.class);
+ Unmarshaller um = context.createUnmarshaller();
+ JAXBElement<PolicySetType> root = um.unmarshal(e, PolicySetType.class);
+ //
+ // Here is our policy set class
+ //
+ return root.getValue();
} else {
- logger.warn("unsupported namespace: " + e.getNamespaceURI());
+ if (logger.isDebugEnabled()) {
+ logger.debug("Not supported yet: " + e.getNodeName());
+ }
}
} else {
- if (logger.isDebugEnabled()) {
- logger.debug("No root element contained in policy " +
- " Name: " + node.getNodeName() + " type: " + node.getNodeType() +
- " Value: " + node.getNodeValue());
- }
+ logger.warn("unsupported namespace: " + e.getNamespaceURI());
}
} catch (Exception e) {
PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPolicyScanner", "Exception in readPolicy");