You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openaz.apache.org by pd...@apache.org on 2015/04/13 17:38:31 UTC
[31/51] [partial] incubator-openaz git commit: Initial seed of merged
of AT&T and JP Morgan code
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionRegexpMatch.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionRegexpMatch.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionRegexpMatch.java
new file mode 100755
index 0000000..ad442ae
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionRegexpMatch.java
@@ -0,0 +1,117 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+
+import java.util.List;
+
+import com.att.research.xacml.api.DataType;
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+/**
+ * FunctionDefinitionRegexMatch implements {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} to
+ * implement the XACML 'type'-regex-match predicates as functions taking two arguments, the first of <code>String</code>,
+ * representing a regular expression, and the second of the type for that specific predicate,
+ * and returning a <code>Boolean</code> for whether the regular expression matches the string representation of the second argument.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * string-regexp-match
+ * anyURI-regexp-match
+ * x500Name-regexp-match
+ * rfc822Name-regexp-match (in sub-class {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition.FunctionDefinitionRegexpMatchRFC822} )
+ * ipAddress-regexp-match
+ * dnsName-regexp-match
+ *
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ * @param <I> the java class for the data type of the function Input arguments
+ */
+public class FunctionDefinitionRegexpMatch<I> extends FunctionDefinitionBase<Boolean, I> {
+
+
+ /**
+ * Constructor - need dataTypeArgs input because of java Generic type-erasure during compilation.
+ *
+ * @param idIn
+ * @param dataTypeArgsIn
+ */
+ public FunctionDefinitionRegexpMatch(Identifier idIn, DataType<I> dataTypeArgsIn) {
+ super(idIn, DataTypes.DT_BOOLEAN, dataTypeArgsIn, false);
+ }
+
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+
+ if (arguments == null || arguments.size() != 2) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Expected 2 arguments, got " +
+ ((arguments == null) ? "null" : arguments.size()) ));
+ }
+
+ // get the regular expression
+ FunctionArgument regexpArgument = arguments.get(0);
+
+ ConvertedArgument<String> convertedArgument = new ConvertedArgument<String>(regexpArgument, DataTypes.DT_STRING, false);
+ if ( ! convertedArgument.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedArgument.getStatus()));
+ }
+
+ // String regexpValue = (String)regexpArgument.getValue().getValue();
+ String regexpValue = convertedArgument.getValue();
+
+
+ // now get the element to match
+ FunctionArgument elementArgument = arguments.get(1);
+
+ ConvertedArgument<I> convertedElement = new ConvertedArgument<I>(elementArgument, this.getDataTypeArgs(), false);
+ if ( ! convertedElement.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedElement.getStatus()));
+ }
+
+ I elementValueObject = convertedElement.getValue();
+
+ String elementValueString;
+ try {
+ elementValueString = this.getDataTypeArgs().toStringValue(elementValueObject);
+ } catch (DataTypeException e) {
+ String message = e.getMessage();
+ if (e.getCause() != null) {
+ message = e.getCause().getMessage();
+ }
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message));
+ }
+
+ // ConvertedArgument checks for null value, so do not need to do again here
+
+ if (elementValueString.matches(regexpValue)) {
+ return ER_TRUE;
+ } else {
+ return ER_FALSE;
+ }
+
+ }
+
+
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionSet.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionSet.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionSet.java
new file mode 100755
index 0000000..1595a47
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionSet.java
@@ -0,0 +1,230 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.DataType;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.Bag;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+/**
+ * FunctionDefinitionSet implements {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} to
+ * implement the XACML Set predicates as functions taking two arguments of <code>Bag</code> the same primitive type
+ * and returning either a <code>Boolean</code> or a <code>Bag</code> of the same primitive type.
+ * <P>
+ * The ipAddress, dnsName and xPathExpression do not have set functions defined for them in section 10.2.8 of the Release 3 XACML spec.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * string-bag
+ * boolean-bag
+ * integer-bag
+ * double-bag
+ * time-bag
+ * date-bag
+ * dateTime-bag
+ * anyURI-bag
+ * hexBinary-bag
+ * base64Binary-bag
+ * dayTimeDuration-bag (version 1 and3)
+ * yearMonthDuration-bag (version 1 and 3)
+ * x500Name-bag
+ * rfc822Name-bag
+ *
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ * @param <I> the java class for the data type of the function Input arguments
+ * @param <O> the java class for the data type of the function Output
+ */
+public class FunctionDefinitionSet<O,I> extends FunctionDefinitionBase<O, I> {
+
+ /**
+ * List of comparison operations.
+ *
+ * @author glenngriffin
+ *
+ */
+ public enum OPERATION {INTERSECTION, AT_LEAST_ONE_MEMBER_OF, UNION, SUBSET, SET_EQUALS };
+
+ // the operation for this instance of the class
+ private OPERATION operation;
+
+
+ /**
+ * Constructor - need dataType input because of java Generic type-erasure during compilation.
+ *
+ * @param idIn
+ * @param dataTypeArgsIn
+ */
+ public FunctionDefinitionSet(Identifier idIn, DataType<O> dataTypeIn, DataType<I> dataTypeArgsIn, OPERATION opIn) {
+ super(idIn, dataTypeIn, dataTypeArgsIn, ((opIn == OPERATION.INTERSECTION || opIn == OPERATION.UNION) ? true : false) );
+ operation = opIn;
+ }
+
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+
+ if (arguments == null || arguments.size() != 2) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Expected 2 arguments, got " +
+ ((arguments == null) ? "null" : arguments.size()) ));
+ }
+
+ // get first bag
+ FunctionArgument bagArgument = arguments.get(0);
+ ConvertedArgument<Bag> convertedBagArgument = new ConvertedArgument<Bag>(bagArgument, null, true);
+
+ if ( ! convertedBagArgument.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedBagArgument.getStatus()));
+ }
+
+ Bag bag1 = convertedBagArgument.getBag();
+ List<AttributeValue<?>> list1 = (List<AttributeValue<?>>) bag1.getAttributeValueList();
+
+ // get second bag
+ bagArgument = arguments.get(1);
+ convertedBagArgument = new ConvertedArgument<Bag>(bagArgument, null, true);
+
+ if ( ! convertedBagArgument.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedBagArgument.getStatus()));
+ }
+
+ Bag bag2 = convertedBagArgument.getBag();
+ List<AttributeValue<?>> list2 = (List<AttributeValue<?>>) bag2.getAttributeValueList();
+
+ // arguments are ready BUT they have NOT had duplicates removed
+
+ ExpressionResult expressionResult = null;
+
+ // some functions return a bag rather than boolean
+ Bag outBag;
+ List<AttributeValue<?>> outList;
+
+
+ switch (operation) {
+ case INTERSECTION:
+ outList = new ArrayList<AttributeValue<?>>();
+
+ for (AttributeValue<?> element : list1) {
+ if (outList.contains(element)) {
+ continue;
+ }
+ if (list2.contains(element)) {
+ outList.add(element);
+ }
+ }
+
+ // now have the intersection; put it in a bag
+
+ outBag = new Bag();
+
+ for (AttributeValue<?> element : outList) {
+ outBag.add(element);
+ }
+
+ expressionResult = ExpressionResult.newBag(outBag);
+ return expressionResult;
+
+
+ case AT_LEAST_ONE_MEMBER_OF:
+ // look for elements from the first list in the second.
+ // duplicates do not matter because if the element is not there it does not matter that we look for it again,
+ // and if it is there we stop the first time we see it.
+ // If the first bag is empty, this should fail because no element from the first set can be found in the second set
+ // (because there IS no element in first set).
+ for (AttributeValue<?> element : list1) {
+ if (list2.contains(element)) {
+ return ER_TRUE;
+ }
+ }
+ // did not find any element from list 1 in list 2
+ return ER_FALSE;
+
+ case UNION:
+ outList = new ArrayList<AttributeValue<?>>();
+
+ for (AttributeValue<?> element : list1) {
+ if (outList.contains(element)) {
+ continue;
+ }
+ outList.add((AttributeValue<?>) element);
+ }
+ for (AttributeValue<?> element : list2) {
+ if (outList.contains(element)) {
+ continue;
+ }
+ outList.add((AttributeValue<?>) element);
+ }
+
+ // now have the intersection; put it in a bag
+
+ outBag = new Bag();
+
+ for (AttributeValue<?> element : outList) {
+ outBag.add(element);
+ }
+
+ expressionResult = ExpressionResult.newBag(outBag);
+ return expressionResult;
+
+
+ case SUBSET:
+ // all elements from list 1 must exist in list 2.
+ // duplicates do not matter because if an element is not found the first time we stop immediately,
+ // and if it is found the first time it will also be found for the duplicate.
+ // If the first set is empty we return TRUE because all elements (i.e. none) in the first set are in the second.
+ for (AttributeValue<?> element : list1) {
+ if ( ! list2.contains(element)) {
+ return ER_FALSE;
+ }
+ }
+ // all elements in list1 were found
+ return ER_TRUE;
+
+
+ case SET_EQUALS:
+ // we cannot do a direct one-to-one compare because the lists may contain duplicates. Also they may not be ordered the same.
+ // So we ask:
+ // are all elements in list 1 in list 2 (ignoring duplicates)
+ // are all elements in list 2 in list 1 (ignoring duplicates)
+ for (AttributeValue<?> element : list1) {
+ if ( ! list2.contains(element)) {
+ return ER_FALSE;
+ }
+ }
+ for (AttributeValue<?> element : list2) {
+ if ( ! list1.contains(element)) {
+ return ER_FALSE;
+ }
+ }
+ // all elements in each are part of the other
+ return ER_TRUE;
+ }
+
+ // all cases should have been covered by above - should never get here
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Could not evaluate Set function " + operation));
+
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringConversion.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringConversion.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringConversion.java
new file mode 100755
index 0000000..bde0bbe
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringConversion.java
@@ -0,0 +1,117 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.research.xacml.api.DataType;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.std.StdAttributeValue;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+/**
+ * FunctionDefinitionNumberTypeConversion extends {@link com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to
+ * implement the XACML predicates for converting <code>String</code> to <code>DataType<?></code> and vice versa.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * boolean-from-string
+ * string-from-boolean
+ * integer-from-string
+ * string-from-integer
+ * double-from-string
+ * string-from-double
+ * time-from-string
+ * string-from-time
+ * date-from-string
+ * string-from-date
+ * dateTime-from-string
+ * string-from-dateTime
+ * anyURI-from-string
+ * string-from-anyURI
+ * dayTimeDuration-from-string
+ * string-from-dayTimeDuration
+ * yearMonthDuration-from-string
+ * string-from-yearMonthDuration
+ * x500Name-from-string
+ * string-from-x500Name
+ * rfc822Name-from-string
+ * string-from-rfc822Name
+ * ipAddress-from-string
+ * string-from-ipAddress
+ * dnsName-from-string
+ * string-from-dnsName
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ * @param <O> the java class for the data type of the function Output
+ * @param <I> the java class for the data type of the function Input argument
+ */
+public class FunctionDefinitionStringConversion<O,I> extends FunctionDefinitionHomogeneousSimple<O, I> {
+
+ public FunctionDefinitionStringConversion(Identifier idIn, DataType<O> outputType, DataType<I> argType) {
+ super(idIn, outputType, argType, 1);
+ }
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+ List<I> convertedArguments = new ArrayList<I>();
+ Status status = this.validateArguments(arguments, convertedArguments);
+
+ /*
+ * If the function arguments are not correct, just return an error status immediately
+ */
+ if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) {
+ return ExpressionResult.newError(getFunctionStatus(status));
+ }
+
+ /*
+ * Do different conversion depending on which way we are going (to/from String)
+ */
+ if (this.getDataTypeId().equals(DataTypes.DT_STRING.getId())) {
+ // converting TO String
+ try {
+ String output = this.getDataTypeArgs().toStringValue(convertedArguments.get(0));
+ return ExpressionResult.newSingle(new StdAttributeValue<String>(this.getDataTypeId(), output));
+ } catch (Exception e) {
+ String message = e.getMessage();
+ if (e.getCause() != null) {
+ message = e.getCause().getMessage();
+ }
+ // untested - not clear how this could happen
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message));
+ }
+ } else {
+ // converting FROM String to object of DataType
+ try {
+ O output = this.getDataType().convert(convertedArguments.get(0));
+ return ExpressionResult.newSingle(new StdAttributeValue<O>(this.getDataTypeId(), output));
+ } catch (Exception e) {
+ String message = e.getMessage();
+ if (e.getCause() != null) {
+ message = e.getCause().getMessage();
+ }
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() + " " + message ));
+ }
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringEqualIgnoreCase.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringEqualIgnoreCase.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringEqualIgnoreCase.java
new file mode 100755
index 0000000..b8aae7d
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringEqualIgnoreCase.java
@@ -0,0 +1,55 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.std.datatypes.DataTypes;
+
+/**
+ * FunctionDefinitionStringEqualIgnoreCase extends {@link FunctionDefinitionEquality} for
+ * <code>String</code> arguments by testing for equality without regard to case.
+ *
+ * The specification actually says that the strings are first converted to lower case using the string-normalize-to-lower-case function.
+ * This code ASSUMES that
+ * <UL>
+ * <LI> the normalize function just calls the Java toLowerCase() function, and
+ * <LI> the Java VM is consistent in that equalsIgnoreCase provides the same result as calling toLowerCase on each string and doing a compare.
+ * </UL>
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * string-equal-ignore-case
+ *
+ *
+ * @author car
+ * @version $Revision: 1.2 $
+ */
+public class FunctionDefinitionStringEqualIgnoreCase extends FunctionDefinitionEquality<String> {
+
+ /**
+ * ASSUMES that equalsIgnoreCase provides the same result as calling string-normalize-to-lower-case on both strings and then comparing.
+ */
+ @Override
+ protected boolean isEqual(String s1, String s2) {
+ return s1.equalsIgnoreCase(s2);
+ }
+
+ /**
+ * Creates a new <code>FunctionDefinitionStringEqualIgnoreCase</code> with the given <code>Identifier</code>.
+ *
+ * @param idIn the <code>Identifier</code> for the new <code>FunctionDefinitionStringEqualIgnoreCase</code>
+ */
+ public FunctionDefinitionStringEqualIgnoreCase(Identifier idIn) {
+ super(idIn, DataTypes.DT_STRING);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringFunctions.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringFunctions.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringFunctions.java
new file mode 100755
index 0000000..bc5515d
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringFunctions.java
@@ -0,0 +1,256 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+
+import java.math.BigInteger;
+import java.util.List;
+
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.DataType;
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.XACML;
+import com.att.research.xacml.std.StdAttributeValue;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+/**
+ * FunctionDefinitionStringFunctions implements {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} to
+ * implement the XACML String Functions predicates except for the conversions between <code>String</code> and <code>DataType</code>
+ * which are contained in <code>FunctionDefinitionStringConversion</code>.
+ * The functions in this file do not have a lot in common except that the return data type is known and the input argument types are
+ * either known or of the generic type.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * string-concatenate
+ * string-starts-with
+ * anyURI-starts-with
+ * string-ends-with
+ * anyURI-ends-with
+ * string-contains
+ * anyURI-contains
+ * string-substring
+ * anyURI-substring
+ *
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ * @param <I> the java class for the data type of the function Input arguments
+ * @param <O> the java class for the data type of the function Output -
+ * needed because different functions within this class have different output types
+ */
+public class FunctionDefinitionStringFunctions<O, I> extends FunctionDefinitionBase<O, I> {
+
+ /**
+ * List of String operations.
+ *
+ * @author glenngriffin
+ *
+ */
+ public enum OPERATION {CONCATENATE, STARTS_WITH, ENDS_WITH, CONTAINS, SUBSTRING };
+
+ // operation to be used in this instance of the StringFunctions class
+ private final OPERATION operation;
+
+
+ /**
+ * Constructor - need dataTypeArgs input because of java Generic type-erasure during compilation.
+ *
+ * @param idIn
+ * @param dataTypeArgsIn
+ */
+ public FunctionDefinitionStringFunctions(Identifier idIn, DataType<O> dataTypeIn, DataType<I> dataTypeArgsIn, OPERATION op) {
+ super(idIn, dataTypeIn, dataTypeArgsIn, false);
+ this.operation = op;
+ }
+
+
+ @SuppressWarnings("incomplete-switch")
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+
+ if (arguments == null ||
+ (operation == OPERATION.CONCATENATE && arguments.size() < 2) ||
+ (operation == OPERATION.SUBSTRING && arguments.size() != 3) ||
+ (operation != OPERATION.SUBSTRING && operation != OPERATION.CONCATENATE && arguments.size() != 2) ) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Expected " +
+ ((operation == OPERATION.SUBSTRING) ? 3 : (operation == OPERATION.CONCATENATE ? "2 or more " : 2)) + " arguments, got " +
+ ((arguments == null) ? "null" : arguments.size()) ));
+ }
+
+
+
+ ExpressionResult expressionResult = null;
+
+ String firstArgumentAsString = null;
+ String secondArgumentAsString = null;
+
+ Integer secondArgumentAsInteger = null;
+ Integer thirdArgumentAsInteger = null;
+
+ // most of the functions take 2 args, but SUBSTRING takes 3 AND concatenate takes 2 or more
+ if (operation == OPERATION.CONCATENATE) {
+ StringBuilder builder = new StringBuilder();
+ for (int i = 0; i < arguments.size(); i++) {
+ FunctionArgument functionArgument = arguments.get(i);
+ ConvertedArgument<I> convertedArgument = new ConvertedArgument<I>(functionArgument, this.getDataTypeArgs(), false);
+ if ( ! convertedArgument.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedArgument.getStatus()));
+ }
+ try {
+ String argumentAsString = this.getDataTypeArgs().toStringValue( convertedArgument.getValue());
+ builder.append(argumentAsString);
+ } catch (DataTypeException e) {
+ String message = e.getMessage();
+ if (e.getCause() != null) {
+ message = e.getCause().getMessage();
+ }
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message ));
+ }
+ }
+ AttributeValue<String> stringResult = new StdAttributeValue<String>(XACML.ID_DATATYPE_STRING,
+ builder.toString() );
+ expressionResult = ExpressionResult.newSingle(stringResult);
+ return expressionResult;
+
+ } else if (operation == OPERATION.SUBSTRING) {
+ // first arg is of generic type
+ FunctionArgument functionArgument = arguments.get(0);
+ ConvertedArgument<I> convertedArgument0 = new ConvertedArgument<I>(functionArgument, this.getDataTypeArgs(), false);
+ if ( ! convertedArgument0.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedArgument0.getStatus()));
+ }
+ try {
+ firstArgumentAsString = this.getDataTypeArgs().toStringValue( convertedArgument0.getValue());
+ } catch (DataTypeException e) {
+ String message = e.getMessage();
+ if (e.getCause() != null) {
+ message = e.getCause().getMessage();
+ }
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message ));
+ }
+
+ functionArgument = arguments.get(1);
+ ConvertedArgument<BigInteger> convertedArgumentInt = new ConvertedArgument<BigInteger>(functionArgument, DataTypes.DT_INTEGER, false);
+ if ( ! convertedArgumentInt.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedArgumentInt.getStatus()));
+ }
+ secondArgumentAsInteger = convertedArgumentInt.getValue().intValue();
+ if (secondArgumentAsInteger < 0 || secondArgumentAsInteger > firstArgumentAsString.length()) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " +
+ "Start point '" + secondArgumentAsInteger + "' out of range 0-" + firstArgumentAsString.length() +
+ " for string='" + firstArgumentAsString + "'"));
+ }
+
+
+ functionArgument = arguments.get(2);
+ convertedArgumentInt = new ConvertedArgument<BigInteger>(functionArgument, DataTypes.DT_INTEGER, false);
+ if ( ! convertedArgumentInt.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedArgumentInt.getStatus()));
+ }
+ thirdArgumentAsInteger = convertedArgumentInt.getValue().intValue();
+ // special case: -1 means "to end of string"
+ if (thirdArgumentAsInteger < -1 || thirdArgumentAsInteger > firstArgumentAsString.length()) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " +
+ "End point '" + thirdArgumentAsInteger + "' out of range 0-" + firstArgumentAsString.length() +
+ " for string='" + firstArgumentAsString + "'"));
+ }
+ if (thirdArgumentAsInteger != -1 && thirdArgumentAsInteger < secondArgumentAsInteger) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " +
+ "End point '" + thirdArgumentAsInteger + "' less than start point '" + secondArgumentAsString + "'" +
+ " for string='" + firstArgumentAsString + "'"));
+ }
+
+ } else {
+ // expect 2 args, one String and one of Generic type
+ FunctionArgument functionArgument = arguments.get(0);
+ ConvertedArgument<String> convertedArgument0 = new ConvertedArgument<String>(functionArgument, DataTypes.DT_STRING, false);
+ if ( ! convertedArgument0.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedArgument0.getStatus()));
+ }
+ firstArgumentAsString = convertedArgument0.getValue();
+
+
+ functionArgument = arguments.get(1);
+ ConvertedArgument<I> convertedArgument1 = new ConvertedArgument<I>(functionArgument, this.getDataTypeArgs(), false);
+ if ( ! convertedArgument1.isOk()) {
+ return ExpressionResult.newError(getFunctionStatus(convertedArgument1.getStatus()));
+ }
+ try {
+ secondArgumentAsString = this.getDataTypeArgs().toStringValue( convertedArgument1.getValue());
+ } catch (DataTypeException e) {
+ String message = e.getMessage();
+ if (e.getCause() != null) {
+ message = e.getCause().getMessage();
+ }
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message +
+ " " + message ));
+ }
+
+
+ }
+
+ // arguments are ready - do the operation
+
+ switch (operation) {
+ case STARTS_WITH:
+ if (secondArgumentAsString.startsWith(firstArgumentAsString)) {
+ return ER_TRUE;
+ } else {
+ return ER_FALSE;
+ }
+
+
+ case ENDS_WITH:
+ if (secondArgumentAsString.endsWith(firstArgumentAsString)) {
+ return ER_TRUE;
+ } else {
+ return ER_FALSE;
+ }
+
+ case CONTAINS:
+ if (secondArgumentAsString.contains(firstArgumentAsString)) {
+ return ER_TRUE;
+ } else {
+ return ER_FALSE;
+ }
+
+ case SUBSTRING:
+ String substring = null;
+ if (thirdArgumentAsInteger == -1) {
+ // from start point to end of string
+ substring = firstArgumentAsString.substring(secondArgumentAsInteger);
+ } else {
+ substring = firstArgumentAsString.substring(secondArgumentAsInteger, thirdArgumentAsInteger);
+ }
+ AttributeValue<String> stringResult = new StdAttributeValue<String>(XACML.ID_DATATYPE_STRING, substring);
+ expressionResult = ExpressionResult.newSingle(stringResult);
+ break;
+ }
+
+
+ return expressionResult;
+
+ }
+
+
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringNormalize.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringNormalize.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringNormalize.java
new file mode 100755
index 0000000..11d6359
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionStringNormalize.java
@@ -0,0 +1,108 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.api.XACML;
+import com.att.research.xacml.std.StdAttributeValue;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypeString;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+/**
+ * FunctionDefinitionStringNormalize extends {@link com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to
+ * implement the XACML String normalization predicates as functions taking one <code>String</code> arg and returning a single value of the same type.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * string-normalize-space
+ * string-normalize-to-lower-case
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ */
+public class FunctionDefinitionStringNormalize extends FunctionDefinitionHomogeneousSimple<String, String> {
+
+ /**
+ * List of string normalization operations.
+ *
+ * @author glenngriffin
+ *
+ */
+ public enum OPERATION {SPACE, LOWER_CASE };
+
+ // operation to be used in this instance of the Arightmetic class
+ private final OPERATION operation;
+
+
+ // result variables used by all functions
+ AttributeValue<String> result;
+
+
+ /**
+ * Constructor
+ *
+ * @param idIn
+ * @param dataTypeArgsIn
+ * @param op
+ */
+ public FunctionDefinitionStringNormalize(Identifier idIn, OPERATION op) {
+ // for Arithmetic functions, the output type is the same as the input type (no mixing of Ints and Doubles!)
+ super(idIn, DataTypes.DT_STRING, DataTypeString.newInstance(), 1);
+
+ // save the operation and data type to be used in this instance
+ operation = op;
+
+ }
+
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+ List<String> convertedArguments = new ArrayList<String>();
+ Status status = this.validateArguments(arguments, convertedArguments);
+
+ /*
+ * If the function arguments are not correct, just return an error status immediately
+ */
+ if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) {
+ return ExpressionResult.newError(getFunctionStatus(status));
+ }
+
+ /*
+ * Now perform the requested operation.
+ */
+ ExpressionResult expressionResult = null;
+
+ switch (operation) {
+ case SPACE:
+ result = new StdAttributeValue<String>(XACML.ID_DATATYPE_STRING, convertedArguments.get(0).trim() );
+ break;
+ case LOWER_CASE:
+ result = new StdAttributeValue<String>(XACML.ID_DATATYPE_STRING, convertedArguments.get(0).toLowerCase() );
+ break;
+ }
+
+ expressionResult = ExpressionResult.newSingle(result);
+
+ return expressionResult;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionTimeInRange.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionTimeInRange.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionTimeInRange.java
new file mode 100755
index 0000000..bf7ba8b
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionTimeInRange.java
@@ -0,0 +1,96 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.research.xacml.api.DataType;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacml.std.datatypes.ISO8601Time;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+/**
+ * FunctionDefinitionTimeInRange implements {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} to
+ * implement the XACML time-in-range predicates as a function taking three arguments of type <code>Time</code>
+ * and returning a <code>Boolean</code>.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * time-in-range
+ *
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ * @param <I> the java class for the data type of the function Input arguments.
+ */
+public class FunctionDefinitionTimeInRange<I> extends FunctionDefinitionHomogeneousSimple<Boolean, I> {
+
+
+
+
+ /**
+ * Constructor - need dataType input because of java Generic type-erasure during compilation.
+ *
+ * @param idIn
+ * @param dataTypeArgsIn
+ */
+ public FunctionDefinitionTimeInRange(Identifier idIn, DataType<I> dataTypeArgsIn) {
+ super(idIn, DataTypes.DT_BOOLEAN, dataTypeArgsIn, 3);
+ }
+
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+
+ List<I> convertedArguments = new ArrayList<I>();
+ Status status = this.validateArguments(arguments, convertedArguments);
+
+ /*
+ * If the function arguments are not correct, just return an error status immediately
+ */
+ if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) {
+ return ExpressionResult.newError(getFunctionStatus(status));
+ }
+
+ int compareResultLow;
+ int compareResultHigh;
+ try {
+
+ compareResultLow = ((ISO8601Time) convertedArguments.get(1)).compareTo((ISO8601Time)convertedArguments.get(0));
+ compareResultHigh = ((ISO8601Time)convertedArguments.get(2)).compareTo((ISO8601Time)convertedArguments.get(0));
+ } catch (Exception e) {
+ String message = e.getMessage();
+ if (e.getCause() != null) {
+ message = e.getCause().getMessage();
+ }
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " " + message));
+ }
+
+ // is arg 0 within the inclusive range of the other two?
+ if (compareResultLow <=0 && compareResultHigh >= 0) {
+ return ER_TRUE;
+ } else {
+ return ER_FALSE;
+ }
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionURIStringConcatenate.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionURIStringConcatenate.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionURIStringConcatenate.java
new file mode 100755
index 0000000..cf9a375
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionURIStringConcatenate.java
@@ -0,0 +1,114 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+import java.net.URI;
+import java.util.List;
+
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.api.XACML;
+import com.att.research.xacml.std.StdAttributeValue;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+/**
+ * FunctionDefinitionURIStringConcatenate extends {@link FunctionDefinitionHomogeneousSimple} to
+ * implement the XACML uri-string-concatenate predicate as a function taking one <code>URI</code> and one or more <code>String</code> arguments
+ * and returning a single <code>URI</code> value.
+ *
+ * THIS FUNCTION IS DEPRECATED IN 3.0 BUT NOT REMOVED.
+ * To provide backward compatibility for previously built XACML policies we include it in our R3 version.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * uri-string-concatenate
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ */
+@Deprecated
+public class FunctionDefinitionURIStringConcatenate extends FunctionDefinitionBase<URI, URI> {
+
+
+ /**
+ * Constructor
+ *
+ * @param idIn
+ * @param dataTypeArgsIn
+ * @param op
+ */
+ public FunctionDefinitionURIStringConcatenate(Identifier idIn) {
+ super(idIn, DataTypes.DT_ANYURI, DataTypes.DT_ANYURI, false);
+ }
+
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+
+ if (arguments == null || arguments.size() < 2) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, getShortFunctionId() + " Expected 2 or more arguments, got " +
+ ((arguments == null) ? "null" : arguments.size()) ));
+ }
+
+ // get the string to search for
+ ConvertedArgument<URI> uriArgument = new ConvertedArgument<URI>(arguments.get(0), DataTypes.DT_ANYURI, false);
+ if ( ! uriArgument.isOk()) {
+ Status decoratedStatus = new StdStatus(uriArgument.getStatus().getStatusCode(), uriArgument.getStatus().getStatusMessage() + " at arg index 0" );
+ return ExpressionResult.newError(getFunctionStatus(decoratedStatus));
+ }
+ String uriString = uriArgument.getValue().toString();
+
+ // remaining arguments are strings
+ String[] stringValues = new String[arguments.size() - 1];
+
+ for (int i = 1; i < arguments.size(); i++) {
+
+ ConvertedArgument<String> stringArgument = new ConvertedArgument<String>(arguments.get(i), DataTypes.DT_STRING, false);
+ if ( ! stringArgument.isOk()) {
+ Status decoratedStatus = new StdStatus(stringArgument.getStatus().getStatusCode(), stringArgument.getStatus().getStatusMessage() + " at arg index " + i );
+ return ExpressionResult.newError(getFunctionStatus(decoratedStatus));
+ }
+
+ stringValues[i-1] = stringArgument.getValue();
+
+ }
+
+
+ // add each of the strings onto the URI
+ for (int i = 0; i < stringValues.length; i++) {
+ uriString += stringValues[i];
+ }
+
+ URI resultURI = null;
+ try {
+ resultURI = DataTypes.DT_ANYURI.convert(uriString);
+ } catch (DataTypeException e) {
+ String message = e.getMessage();
+ if (e.getCause() != null) {
+ message = e.getCause().getMessage();
+ }
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, getShortFunctionId() +
+ " Final string '" + uriString + "' not URI, " + message));
+ }
+
+ return ExpressionResult.newSingle(new StdAttributeValue<URI>(XACML.ID_DATATYPE_ANYURI, resultURI));
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionX500NameMatch.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionX500NameMatch.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionX500NameMatch.java
new file mode 100755
index 0000000..7f5069c
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionX500NameMatch.java
@@ -0,0 +1,98 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+/**
+ * FunctionDefinitionX500NameMatch extends {@link com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to
+ * implement the XACML X500Name match predicate as functions taking two <code>X500Name</code> arguments and returning a single <code>Boolean</code> value.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * x500Name-match
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ */
+public class FunctionDefinitionX500NameMatch extends FunctionDefinitionHomogeneousSimple<Boolean, X500Principal> {
+
+
+ /**
+ * Constructor
+ *
+ * @param idIn
+ * @param dataTypeArgsIn
+ * @param op
+ */
+ public FunctionDefinitionX500NameMatch(Identifier idIn) {
+ super(idIn, DataTypes.DT_BOOLEAN, DataTypes.DT_X500NAME, 2);
+ }
+
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+ List<X500Principal> convertedArguments = new ArrayList<X500Principal>();
+ Status status = this.validateArguments(arguments, convertedArguments);
+
+ /*
+ * If the function arguments are not correct, just return an error status immediately
+ */
+ if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) {
+ return ExpressionResult.newError(getFunctionStatus(status));
+ }
+
+ /*
+ * Now perform the match.
+ */
+
+ /*
+ * The spec writer's comments at:
+ * https://lists.oasis-open.org/archives/xacml/200906/msg00019.html
+ * say that the first sequence must exactly match the END of the second sequence.
+ */
+
+ String[] searchFor = convertedArguments.get(0).getName().split(",");
+ String[] searchIn = convertedArguments.get(1).getName().split(",");
+
+ // if first is bigger than 2nd there is no way we can match
+ if (searchFor.length > searchIn.length) {
+ return ER_FALSE;
+ }
+
+ // start from back-end of both lists - everything should match up to the length of the input
+ for (int i = 0; i < searchFor.length; i++) {
+ String searchForTerm = searchFor[searchFor.length - i - 1];
+ String searchInTerm = searchIn[searchIn.length - i - 1];
+ if (searchForTerm == null || searchInTerm == null ||
+ ! searchForTerm.trim().equals(searchInTerm.trim())) {
+ return ER_FALSE;
+ }
+ }
+
+
+ return ER_TRUE;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionXPath.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionXPath.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionXPath.java
new file mode 100755
index 0000000..22ed22c
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/FunctionDefinitionXPath.java
@@ -0,0 +1,249 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std.functions;
+
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.xpath.XPathExpression;
+
+import org.w3c.dom.NodeList;
+
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.DataType;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.RequestAttributes;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.api.XACML;
+import com.att.research.xacml.std.StdAttributeValue;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacml.std.datatypes.XPathExpressionWrapper;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+
+
+/**
+ * FunctionDefinitionXPath extends {@link com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to
+ * implement the XACML XPath predicates as functions taking one or two <code>XPathExpression</code> arguments and returning
+ * either an <code>Integer</code> or a <code>Boolean</code>.
+ *
+ * XACML version 1.0 and 2.0 used <code>String</code> data type as input.
+ * We do NOT support those functions because of ambiguity in the meaning of those Strings.
+ * The root of the XPath changed from the Request level in 2.0 to the Content level in 3.0.
+ * Also the 2.0 Requests contain only one Content, located in the resources category, while 3.0 allows Requests to contain Content in multiple categories.
+ *
+ * In the first implementation of XACML we had separate files for each XACML Function.
+ * This release combines multiple Functions in fewer files to minimize code duplication.
+ * This file supports the following XACML codes:
+ * xpath-node-count
+ * xpath-node-equals
+ * xpath-node-match
+ *
+ * @author glenngriffin
+ * @version $Revision: 1.1 $
+ *
+ * @param <O> the java class for the data type of the function Output
+
+ *
+ */
+public class FunctionDefinitionXPath<O> extends FunctionDefinitionHomogeneousSimple<O, XPathExpressionWrapper> {
+
+ /**
+ * List of string normalization operations.
+ *
+ * @author glenngriffin
+ *
+ */
+ public enum OPERATION {COUNT, EQUAL, MATCH };
+
+ // operation to be used in this instance of the Arightmetic class
+ private final OPERATION operation;
+
+
+ // result variables used by all functions
+ AttributeValue<String> result;
+
+
+ /**
+ * Constructor
+ *
+ * @param idIn
+ * @param dataTypeArgsIn
+ * @param op
+ */
+ public FunctionDefinitionXPath(Identifier idIn, DataType<O> dataTypeIn, OPERATION op) {
+ super(idIn, dataTypeIn, DataTypes.DT_XPATHEXPRESSION, ( (op == OPERATION.COUNT) ? 1 : 2 ) );
+ // save the operation and data type to be used in this instance
+ operation = op;
+
+ }
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
+
+ List<NodeList> nodeListList = new ArrayList<NodeList>();
+
+ List<XPathExpressionWrapper> convertedArguments = new ArrayList<XPathExpressionWrapper>();
+ Status status = this.validateArguments(arguments, convertedArguments);
+
+ /*
+ * If the function arguments are not correct, just return an error status immediately
+ */
+ if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) {
+ return ExpressionResult.newError(getFunctionStatus(status));
+ }
+
+ // check the evaluationContext and Request for null
+ if (evaluationContext == null) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() +
+ " Got null EvaluationContext"));
+ }
+ if (evaluationContext.getRequest() == null) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() +
+ " Got null Request in EvaluationContext"));
+ }
+
+
+ // each argument is an XPath that needs to be evaluated against the Content part of some Category (specified in the argument)
+ for (int i = 0; i < arguments.size(); i++) {
+ FunctionArgument functionArgument = arguments.get(i);
+ if (functionArgument.isBag()) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Got bag at index " + i));
+ }
+ AttributeValue<?> attributeValueFunctionArgument = functionArgument.getValue();
+ if (attributeValueFunctionArgument == null) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() + " Got null value at index " + i));
+ }
+ Identifier xpathCategory = attributeValueFunctionArgument.getXPathCategory();
+ if (xpathCategory == null) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() +
+ " Got null Category at index " + i));
+ }
+
+ Iterator<RequestAttributes> it = evaluationContext.getRequest().getRequestAttributes(xpathCategory);
+ if (it == null) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() +
+ " Got null Iterator at index " + i));
+ }
+
+ NodeList nodeList = null;
+
+ while (it.hasNext()) {
+ if (nodeList != null) {
+ // the request has more than one Content entry for the same Category - error
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() +
+ " More than one Content section for id '" + xpathCategory + "'" ));
+ }
+ RequestAttributes requestAttributes = it.next();
+
+ // if there is no Content section then we return either 0 or FALSE
+ if (requestAttributes.getContentRoot() == null) {
+ if (operation == OPERATION.COUNT){
+ return ExpressionResult.newSingle(new StdAttributeValue<BigInteger>(XACML.ID_DATATYPE_INTEGER, new BigInteger("0") ));
+ } else {
+ return ER_FALSE;
+ }
+ }
+
+ try {
+ XPathExpression xPathExpression = convertedArguments.get(i).getXpathExpressionWrapped();
+ nodeList = requestAttributes.getContentNodeListByXpathExpression(xPathExpression);
+ } catch (Exception e) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, this.getShortFunctionId() +
+ " XPath produces null result at '" + convertedArguments.get(i).getPath() + "' at index " + i ));
+ }
+
+
+ }
+
+ if (nodeList == null) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, this.getShortFunctionId() +
+ " XPathExpression returned null at index " + i));
+ }
+
+ // add this nodeList to the list of lists
+ nodeListList.add(nodeList);
+ }
+
+
+ /*
+ * Now perform the requested operation.
+ */
+ ExpressionResult expressionResult = null;
+
+ switch (operation) {
+ case COUNT:
+ Integer listLength = new Integer(nodeListList.get(0).getLength());
+ expressionResult = ExpressionResult.newSingle(new StdAttributeValue<BigInteger>(XACML.ID_DATATYPE_INTEGER,
+ new BigInteger(listLength.toString()) ));
+ return expressionResult;
+
+
+ case EQUAL:
+ // true if any node in first list equals any node in second set.
+ // The spec says: "Two nodes are considered equal if they have the same identity."
+ // we use the isSameNode method in Node to determine that.
+ for (int index0 = 0; index0 < nodeListList.get(0).getLength(); index0++) {
+ for (int index1 = 0; index1 < nodeListList.get(1).getLength(); index1++) {
+ if (nodeListList.get(0).item(index0).isSameNode(nodeListList.get(1).item(index1))) {
+ return ER_TRUE;
+ }
+ }
+ }
+ // none from the first list found in the second
+ return ER_FALSE;
+
+
+ case MATCH:
+ // this is looking to see if any of the nodes in the second set are children of (or equal to) the nodes in the first set
+ // Call recursive check for that.
+ expressionResult = nodeListMatch(nodeListList.get(0), nodeListList.get(1));
+ return expressionResult;
+ }
+
+ expressionResult = ExpressionResult.newSingle(result);
+
+ return expressionResult;
+ }
+
+ /**
+ * Recursive method checking to see if anything in list 2 equals anything in list 1 OR list 1's child nodes
+ * @param list1
+ * @param list2
+ * @return
+ */
+ private ExpressionResult nodeListMatch(NodeList list1, NodeList list2) {
+ // look for match with current contents of list 1
+ for (int index1 = 0; index1 < list1.getLength(); index1++) {
+ for (int index2 = 0; index2 < list2.getLength(); index2++) {
+ if (list1.item(index1).isSameNode(list2.item(index2))) {
+ return ER_TRUE;
+ }
+ }
+ }
+ // look for match with children of list 1
+ for (int index1 = 0; index1 < list1.getLength(); index1++) {
+ if (nodeListMatch(list1.item(index1).getChildNodes(), list2) == ER_TRUE) {
+ return ER_TRUE;
+ }
+ // this one had no children that matched, so check the next element in list1
+ }
+
+ // no match anywhere
+ return ER_FALSE;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/package-info.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/package-info.java
new file mode 100755
index 0000000..2122dd9
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/functions/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.std.functions;
+
+/**
+ * com.att.research.xacmlatt.pdp.policy.expressions contains class definitions that represent specific XACML function
+ * implementations for target and condition evaluation and variable definitions.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/package-info.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/package-info.java
new file mode 100755
index 0000000..fe69353
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.std;
+
+/**
+ * com.att.research.xacmlatt.pdp.std contains classes that provide reference implementations of various extensible components
+ * in the PDP implementation.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/util/ATTPDPProperties.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/util/ATTPDPProperties.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/util/ATTPDPProperties.java
new file mode 100755
index 0000000..2b932ba
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/util/ATTPDPProperties.java
@@ -0,0 +1,29 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.util;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.std.IdentifierImpl;
+import com.att.research.xacml.util.XACMLProperties;
+
+public class ATTPDPProperties extends XACMLProperties {
+ public static final String PROP_EVALUATIONCONTEXTFACTORY = "xacml.att.evaluationContextFactory";
+ public static final String PROP_COMBININGALGORITHMFACTORY = "xacml.att.combiningAlgorithmFactory";
+ public static final String PROP_FUNCTIONDEFINITIONFACTORY = "xacml.att.functionDefinitionFactory";
+ public static final String PROP_POLICYFINDERFACTORY = "xacml.att.policyFinderFactory";
+ public static final String PROP_POLICYFINDERFACTORY_COMBINEROOTPOLICIES = "xacml.att.policyFinderFactory.combineRootPolicies";
+
+ public static final Identifier ID_POLICY_COMBINEDPERMITOVERRIDES = new IdentifierImpl("urn:com:att:xacml:3.0:policy-combining-algorithm:combined-permit-overrides");
+
+ protected ATTPDPProperties() {
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine$1.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine$1.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine$1.class
new file mode 100644
index 0000000..61fbdd6
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine$1.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine.class
new file mode 100644
index 0000000..56e339d
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngine.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.class
new file mode 100644
index 0000000..647988e
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Evaluatable.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Evaluatable.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Evaluatable.class
new file mode 100644
index 0000000..435ab9c
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Evaluatable.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContext.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContext.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContext.class
new file mode 100644
index 0000000..25802a3
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContext.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.class
new file mode 100644
index 0000000..ab03f3e
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.class
new file mode 100644
index 0000000..8e508d2
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationException.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationException.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationException.class
new file mode 100644
index 0000000..2f424aa
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationException.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationResult.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationResult.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationResult.class
new file mode 100644
index 0000000..c73f36d
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/EvaluationResult.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult$MatchCode.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult$MatchCode.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult$MatchCode.class
new file mode 100644
index 0000000..8306ba6
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult$MatchCode.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult.class
new file mode 100644
index 0000000..9ec087c
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/MatchResult.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Matchable.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Matchable.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Matchable.class
new file mode 100644
index 0000000..d24eb17
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/eval/Matchable.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AdviceExpression.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AdviceExpression.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AdviceExpression.class
new file mode 100644
index 0000000..ccb1e74
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AdviceExpression.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf$1.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf$1.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf$1.class
new file mode 100644
index 0000000..cdf3dc3
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf$1.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf.class
new file mode 100644
index 0000000..58d2ced
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AllOf.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf$1.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf$1.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf$1.class
new file mode 100644
index 0000000..101274e
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf$1.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf.class
new file mode 100644
index 0000000..4942daf
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AnyOf.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.class
new file mode 100644
index 0000000..ef8fe7e
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.class
new file mode 100644
index 0000000..3fb1237
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Bag.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Bag.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Bag.class
new file mode 100644
index 0000000..2bc997b
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Bag.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombinerParameter.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombinerParameter.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombinerParameter.class
new file mode 100644
index 0000000..ee80fd2
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombinerParameter.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.class
new file mode 100644
index 0000000..5157663
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.class
new file mode 100644
index 0000000..ad60823
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningElement.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningElement.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningElement.class
new file mode 100644
index 0000000..225cf1d
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/CombiningElement.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Condition.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Condition.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Condition.class
new file mode 100644
index 0000000..2a74ea6
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Condition.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Expression.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Expression.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Expression.class
new file mode 100644
index 0000000..0e0aea0
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/Expression.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultBag.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultBag.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultBag.class
new file mode 100644
index 0000000..051dbef
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultBag.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultEmptyBag.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultEmptyBag.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultEmptyBag.class
new file mode 100644
index 0000000..30c0841
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultEmptyBag.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultError.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultError.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultError.class
new file mode 100644
index 0000000..9c507c0
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultError.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultSingle.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultSingle.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultSingle.class
new file mode 100644
index 0000000..dddaa10
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult$ExpressionResultSingle.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult.class
new file mode 100644
index 0000000..1c431ba
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResult.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResultBoolean.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResultBoolean.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResultBoolean.class
new file mode 100644
index 0000000..c337941
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/ExpressionResultBoolean.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgument.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgument.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgument.class
new file mode 100644
index 0000000..d5cb5ed
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgument.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentAttributeValue.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentAttributeValue.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentAttributeValue.class
new file mode 100644
index 0000000..12ef034
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentAttributeValue.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentBag.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentBag.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentBag.class
new file mode 100644
index 0000000..1abf718
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentBag.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentExpression.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentExpression.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentExpression.class
new file mode 100644
index 0000000..8ba8dd4
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionArgumentExpression.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionDefinition.class
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionDefinition.class b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionDefinition.class
new file mode 100644
index 0000000..6367b3f
Binary files /dev/null and b/openaz-xacml-pdp/target/classes/com/att/research/xacmlatt/pdp/policy/FunctionDefinition.class differ