You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openaz.apache.org by pd...@apache.org on 2015/04/13 17:38:40 UTC
[40/51] [partial] incubator-openaz git commit: Initial seed of merged
of AT&T and JP Morgan code
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngine.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngine.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngine.java
new file mode 100755
index 0000000..c3c0bfb
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngine.java
@@ -0,0 +1,255 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp;
+
+import java.net.URI;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.att.research.xacml.api.AttributeCategory;
+import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.Result;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacml.api.pdp.PDPEngine;
+import com.att.research.xacml.api.pdp.PDPException;
+import com.att.research.xacml.api.pdp.ScopeResolver;
+import com.att.research.xacml.api.trace.TraceEngine;
+import com.att.research.xacml.api.trace.TraceEngineFactory;
+import com.att.research.xacml.api.trace.Traceable;
+import com.att.research.xacml.std.StdIndividualDecisionRequestGenerator;
+import com.att.research.xacml.std.StdMutableResponse;
+import com.att.research.xacml.std.StdMutableResult;
+import com.att.research.xacml.std.StdResult;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.trace.StdTraceEvent;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContextFactory;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.policy.PolicyDef;
+import com.att.research.xacmlatt.pdp.policy.PolicyFinderResult;
+
+/**
+ * ATTPDPEngine implements the {@link com.att.research.xacml.api.pdp.PDPEngine} interface using the XACML 3.0 specification.
+ *
+ * @author car
+ * @version $Revision: 1.3 $
+ */
+public class ATTPDPEngine implements PDPEngine, Traceable {
+ private static final Status STATUS_ADVICE_NA = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Advice not allowed in combined decision");
+ private static final Status STATUS_OBLIGATIONS_NA = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Obligations not allowed in combined decision");
+ private static final Status STATUS_COMBINE_FAILED = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Individual decisions do not match");
+ private static final Result RESULT_ECTX_NULL = new StdMutableResult(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Null EvaluationContext"));
+
+ /*
+ * These are the profiles that this reference implementation of the PDP engine supports
+ */
+ private static final Set<URI> PROFILES = new HashSet<URI>();
+ static {
+ PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_COMBINED_DECISION.getUri());
+ PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_REFERENCE.getUri());
+ PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_REPEATED_ATTRIBUTE_CATEGORIES.getUri());
+ PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_SCOPE.getUri());
+ PROFILES.add(XACML3.ID_PROFILE_MULTIPLE_XPATH_EXPRESSION.getUri());
+ }
+
+ private EvaluationContextFactory evaluationContextFactory;
+ private Decision defaultDecision = Decision.INDETERMINATE;
+ private ScopeResolver scopeResolver;
+ private TraceEngine traceEngine;
+ private Log logger = LogFactory.getLog(this.getClass());
+
+ protected TraceEngine getTraceEngine() {
+ if (this.traceEngine == null) {
+ synchronized(this) {
+ if (this.traceEngine == null) {
+ try {
+ this.traceEngine = TraceEngineFactory.newInstance().getTraceEngine();
+ } catch (FactoryException ex) {
+ this.logger.error("FactoryException creating TraceEngine instance: " + ex.toString(), ex);
+ throw new IllegalStateException("FactoryException creating TraceEngine instance", ex);
+ }
+ }
+ }
+ }
+ return this.traceEngine;
+ }
+
+ public ATTPDPEngine(EvaluationContextFactory evaluationContextFactoryIn, ScopeResolver scopeResolverIn) {
+ this.evaluationContextFactory = evaluationContextFactoryIn;
+ this.scopeResolver = scopeResolverIn;
+ }
+
+ public ATTPDPEngine(EvaluationContextFactory evaluationContextFactoryIn, Decision defaultDecisionIn, ScopeResolver scopeResolverIn) {
+ this(evaluationContextFactoryIn, scopeResolverIn);
+ this.defaultDecision = defaultDecisionIn;
+ }
+
+ public ATTPDPEngine(EvaluationContextFactory evaluationContextFactoryIn, Decision defaultDecisionIn, ScopeResolver scopeResolverIn, Properties properties) {
+ this(evaluationContextFactoryIn, defaultDecisionIn, scopeResolverIn);
+ }
+
+ protected Result processRequest(EvaluationContext evaluationContext) {
+ try {
+ PolicyFinderResult<PolicyDef> policyFinderResult = evaluationContext.getRootPolicyDef();
+ if (policyFinderResult.getStatus() != null && !policyFinderResult.getStatus().isOk()) {
+ return new StdMutableResult(policyFinderResult.getStatus());
+ }
+ PolicyDef policyDefRoot = policyFinderResult.getPolicyDef();
+ if (policyDefRoot == null) {
+ switch(this.defaultDecision) {
+ case DENY:
+ case NOTAPPLICABLE:
+ case PERMIT:
+ return new StdMutableResult(this.defaultDecision, new StdStatus(StdStatusCode.STATUS_CODE_OK, "No applicable policy"));
+ case INDETERMINATE:
+ case INDETERMINATE_DENY:
+ case INDETERMINATE_DENYPERMIT:
+ case INDETERMINATE_PERMIT:
+ return new StdMutableResult(this.defaultDecision, new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No applicable policy"));
+ }
+ }
+ Result result = policyDefRoot.evaluate(evaluationContext);
+ if (result.getStatus().isOk()) {
+ Collection<AttributeCategory> listRequestAttributesIncludeInResult = evaluationContext.getRequest().getRequestAttributesIncludedInResult();
+ if (listRequestAttributesIncludeInResult != null && listRequestAttributesIncludeInResult.size() > 0) {
+ StdMutableResult stdMutableResult = new StdMutableResult(result);
+ stdMutableResult.addAttributeCategories(listRequestAttributesIncludeInResult);
+ result = new StdResult(stdMutableResult);
+ }
+ }
+ return result;
+ } catch (EvaluationException ex) {
+ return new StdMutableResult(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, ex.getMessage()));
+ }
+ }
+
+ @Override
+ public Response decide(Request pepRequest) throws PDPException {
+ /*
+ * Validate the request
+ */
+ TraceEngine traceEngineThis = this.getTraceEngine();
+ if (traceEngineThis.isTracing()) {
+ traceEngineThis.trace(new StdTraceEvent<Request>("Input Request", this, pepRequest));
+ }
+ Status statusRequest = pepRequest.getStatus();
+ if (statusRequest != null && !statusRequest.isOk()) {
+ return new StdMutableResponse(statusRequest);
+ }
+
+ /*
+ * Split the original request up into individual decision requests
+ */
+ StdIndividualDecisionRequestGenerator stdIndividualDecisionRequestGenerator = new StdIndividualDecisionRequestGenerator(this.scopeResolver, pepRequest);
+ /*
+ * Determine if we are combining multiple results into a single result
+ */
+ boolean bCombineResults = pepRequest.getCombinedDecision();
+ StdMutableResult stdResultCombined = null;
+
+ /*
+ * Iterate over all of the individual decision requests and process them, combining them into the final response
+ */
+ StdMutableResponse stdResponse = new StdMutableResponse();
+ Iterator<Request> iterRequestsIndividualDecision = stdIndividualDecisionRequestGenerator.getIndividualDecisionRequests();
+ if (iterRequestsIndividualDecision == null || !iterRequestsIndividualDecision.hasNext()) {
+ return new StdMutableResponse(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No individual decision requests"));
+ }
+
+ while (iterRequestsIndividualDecision.hasNext()) {
+ Request requestIndividualDecision = iterRequestsIndividualDecision.next();
+ if (traceEngineThis.isTracing()) {
+ traceEngineThis.trace(new StdTraceEvent<Request>("Individual Request", this, requestIndividualDecision));
+ }
+ Result resultIndividualDecision = null;
+ if (requestIndividualDecision.getStatus() != null && !requestIndividualDecision.getStatus().isOk()) {
+ resultIndividualDecision = new StdMutableResult(requestIndividualDecision.getStatus());
+ } else {
+ EvaluationContext evaluationContext = this.evaluationContextFactory.getEvaluationContext(requestIndividualDecision);
+ if (evaluationContext == null) {
+ resultIndividualDecision = RESULT_ECTX_NULL;
+ } else {
+ resultIndividualDecision = this.processRequest(evaluationContext);
+ }
+ }
+
+ assert(resultIndividualDecision != null);
+ if (traceEngineThis.isTracing()) {
+ traceEngineThis.trace(new StdTraceEvent<Result>("Individual Result", this, resultIndividualDecision));
+ }
+ if (bCombineResults) {
+ Decision decision = resultIndividualDecision.getDecision();
+ Status status = resultIndividualDecision.getStatus();
+ if (resultIndividualDecision.getAssociatedAdvice().size() > 0) {
+ decision = Decision.INDETERMINATE;
+ status = STATUS_ADVICE_NA;
+ } else if (resultIndividualDecision.getObligations().size() > 0) {
+ decision = Decision.INDETERMINATE;
+ status = STATUS_OBLIGATIONS_NA;
+ }
+
+ if (stdResultCombined == null) {
+ stdResultCombined = new StdMutableResult(decision, status);
+ } else {
+ if (stdResultCombined.getDecision() != resultIndividualDecision.getDecision()) {
+ stdResultCombined.setDecision(Decision.INDETERMINATE);
+ stdResultCombined.setStatus(STATUS_COMBINE_FAILED);
+ }
+ }
+ stdResultCombined.addPolicyIdentifiers(resultIndividualDecision.getPolicyIdentifiers());
+ stdResultCombined.addPolicySetIdentifiers(resultIndividualDecision.getPolicySetIdentifiers());
+ stdResultCombined.addAttributeCategories(resultIndividualDecision.getAttributes());
+ if (traceEngineThis.isTracing()) {
+ traceEngineThis.trace(new StdTraceEvent<Result>("Combined result", this, stdResultCombined));
+ }
+ } else {
+ stdResponse.add(resultIndividualDecision);
+ }
+ }
+
+ if (bCombineResults) {
+ stdResponse.add(stdResultCombined);
+ }
+ return stdResponse;
+ }
+
+ @Override
+ public Collection<URI> getProfiles() {
+ return Collections.unmodifiableCollection(PROFILES);
+ }
+
+ @Override
+ public boolean hasProfile(URI uriProfile) {
+ return PROFILES.contains(uriProfile);
+ }
+
+ @Override
+ public String getTraceId() {
+ return this.getClass().getCanonicalName();
+ }
+
+ @Override
+ public Traceable getCause() {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.java
new file mode 100755
index 0000000..7bd165a
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/ATTPDPEngineFactory.java
@@ -0,0 +1,56 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp;
+
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.att.research.xacml.api.pdp.PDPEngine;
+import com.att.research.xacml.api.pdp.PDPEngineFactory;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContextFactory;
+
+/**
+ * ATTPDPEngineFactory extends {@link com.att.research.xacml.api.pdp.PDPEngineFactory} by implementing the abstract
+ * <code>newEngine</code> method to create a {@link ATTPDPEngine} instance and initialize it
+ * with policies and PIP instances based on configuration information provided to the factory.
+ *
+ * @author car
+ * @version $Revision: 1.4 $
+ */
+public class ATTPDPEngineFactory extends PDPEngineFactory {
+ private Log logger = LogFactory.getLog(this.getClass());
+
+ public ATTPDPEngineFactory() {
+ }
+
+ @Override
+ public PDPEngine newEngine() throws FactoryException {
+ EvaluationContextFactory evaluationContextFactory = EvaluationContextFactory.newInstance();
+ if (evaluationContextFactory == null) {
+ this.logger.error("Null EvaluationContextFactory");
+ throw new FactoryException("Null EvaluationContextFactory");
+ }
+ return new ATTPDPEngine(evaluationContextFactory, this.getDefaultBehavior(), this.getScopeResolver());
+ }
+
+ @Override
+ public PDPEngine newEngine(Properties properties) throws FactoryException {
+ EvaluationContextFactory evaluationContextFactory = EvaluationContextFactory.newInstance(properties);
+ if (evaluationContextFactory == null) {
+ this.logger.error("Null EvaluationContextFactory");
+ throw new FactoryException("Null EvaluationContextFactory");
+ }
+ return new ATTPDPEngine(evaluationContextFactory, this.getDefaultBehavior(), this.getScopeResolver(), properties);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Evaluatable.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Evaluatable.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Evaluatable.java
new file mode 100755
index 0000000..24adb1d
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Evaluatable.java
@@ -0,0 +1,23 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.eval;
+
+/**
+ * Evaluatable is the interface objects implement to indicate they can be evaluated with an {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext}
+ * and return an {@link com.att.research.xacmlatt.pdp.eval.EvaluationResult}.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public interface Evaluatable {
+ public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException;
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContext.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContext.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContext.java
new file mode 100755
index 0000000..321fff1
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContext.java
@@ -0,0 +1,73 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.eval;
+
+import com.att.research.xacml.api.IdReferenceMatch;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.pip.PIPException;
+import com.att.research.xacml.api.pip.PIPFinder;
+import com.att.research.xacml.api.pip.PIPRequest;
+import com.att.research.xacml.api.pip.PIPResponse;
+import com.att.research.xacml.api.trace.TraceEngine;
+import com.att.research.xacmlatt.pdp.policy.Policy;
+import com.att.research.xacmlatt.pdp.policy.PolicyDef;
+import com.att.research.xacmlatt.pdp.policy.PolicyFinderResult;
+import com.att.research.xacmlatt.pdp.policy.PolicySet;
+
+/**
+ * EvaluationContext provides the interface that the PDP uses to evaluate its set of Policies and PolicySets against
+ * a {@link com.att.research.xacml.api.Request}.
+ *
+ * @author car
+ * @version $Revision: 1.2 $
+ */
+public interface EvaluationContext extends PIPFinder, TraceEngine {
+ /**
+ * Gets the original <code>Request</code> provided to the <code>ATTPDPEngine</code>'s <code>decide</code> method.
+ *
+ * @return the <code>Request</code> provided to the <code>ATTPDPEngine</code>'s <code>decide</code> method.
+ */
+ public Request getRequest();
+
+ /**
+ * Gets the root {@link com.att.research.xacmlatt.pdp.policy.PolicyDef} from the policy store
+ * configured by the particular implementation of the <code>PolicyFinderFactory</code> class.
+ *
+ * @return a <code>PolicyFinderResult</code> with the root <code>PolicyDef</code>
+ */
+ public abstract PolicyFinderResult<PolicyDef> getRootPolicyDef();
+
+ /**
+ * Gets the {@link com.att.research.xacmlatt.pdp.policy.Policy} that matches the given {@link com.att.research.xacml.api.IdReferenceMatch}.
+ *
+ * @param idReferenceMatch the <code>IdReferenceMatch</code> to search for
+ * @return a <code>PolicyFinderResult</code> with the <code>Policy</code> matching the given <code>IdReferenceMatch</code>
+ */
+ public abstract PolicyFinderResult<Policy> getPolicy(IdReferenceMatch idReferenceMatch);
+
+ /**
+ * Gets the {@link com.att.research.xacmlatt.pdp.policy.PolicySet} that matches the given {@link com.att.research.xacml.api.IdReferenceMatch}.
+ *
+ * @param idReferenceMatch the <code>IdReferenceMatch</code> to search for
+ * @return a <code>PolicyFinderResult</code> with the <code>PolicySet</code> matching the given <code>IdReferenceMatch</code>.
+ */
+ public abstract PolicyFinderResult<PolicySet> getPolicySet(IdReferenceMatch idReferenceMatch);
+
+ /**
+ * Gets the {@link com.att.research.xacml.api.pip.PIPResponse} containing {@link com.att.research.xacml.api.Attribute}s that
+ * match the given {@link com.att.research.xacml.api.pip.PIPRequest} from this <code>EvaluationContext</code>.
+ *
+ * @param pipRequest the <code>PIPRequest</code> specifying which <code>Attribute</code>s to retrieve
+ * @return the <code>PIPResponse</code> containing the {@link com.att.research.xacml.api.Status} and <code>Attribute</code>s
+ * @throws EvaluationException if there is an error retrieving the <code>Attribute</code>s
+ */
+ public PIPResponse getAttributes(PIPRequest pipRequest) throws PIPException;
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.java
new file mode 100755
index 0000000..d814961
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextException.java
@@ -0,0 +1,42 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.eval;
+
+/**
+ * EvaluationContextException extends <code>Exception</code> to represent errors thrown by
+ * methods in the {@link EvaluationContext} and {@link EvaluationContextFactory}.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class EvaluationContextException extends Exception {
+ private static final long serialVersionUID = -8270506903118536839L;
+
+ public EvaluationContextException() {
+ }
+
+ public EvaluationContextException(String message) {
+ super(message);
+ }
+
+ public EvaluationContextException(Throwable cause) {
+ super(cause);
+ }
+
+ public EvaluationContextException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public EvaluationContextException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+ super(message, cause, enableSuppression, writableStackTrace);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.java
new file mode 100755
index 0000000..4f54deb
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationContextFactory.java
@@ -0,0 +1,79 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.eval;
+
+import java.util.Properties;
+
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.pip.PIPFinder;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacml.util.FactoryFinder;
+import com.att.research.xacmlatt.pdp.policy.PolicyFinder;
+import com.att.research.xacmlatt.pdp.util.ATTPDPProperties;
+
+/**
+ * EvaluationContextFactory provides methods for creating {@link EvaluationContext} objects
+ * based on configuration information found in standard places. (TODO: Detail what these are)
+ *
+ * @author car
+ * @version $Revision: 1.3 $
+ */
+public abstract class EvaluationContextFactory {
+ private static final String FACTORYID = ATTPDPProperties.PROP_EVALUATIONCONTEXTFACTORY;
+ private static final String DEFAULT_FACTORY_CLASSNAME = "com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory";
+
+ protected EvaluationContextFactory() {
+ }
+
+ protected EvaluationContextFactory(Properties properties) {
+ }
+
+ public static EvaluationContextFactory newInstance() throws FactoryException {
+ return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, EvaluationContextFactory.class);
+ }
+
+ public static EvaluationContextFactory newInstance(Properties properties) throws FactoryException {
+ return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, EvaluationContextFactory.class, properties);
+ }
+
+ public static EvaluationContextFactory newInstance(String className, ClassLoader classLoader) throws FactoryException {
+ return FactoryFinder.newInstance(className, EvaluationContextFactory.class, classLoader, false);
+ }
+
+ public static EvaluationContextFactory newInstance(String className) throws FactoryException {
+ return FactoryFinder.newInstance(className, EvaluationContextFactory.class, null, true);
+ }
+
+ /**
+ * Gets a new {@link com.att.research.xacml.pdp.eval.EvaluationContext} for the given {@link com.att.research.xacml.api.Request}.
+ *
+ * @param request the <code>Request</code> for the new <code>EvaluationContext</code>
+ * @return a new <code>EvaluationContext</code> for the given <code>Request</code>
+ */
+ public abstract EvaluationContext getEvaluationContext(Request request);
+
+ /**
+ * Sets the {@link com.att.research.xacmlatt.pdp.policy.PolicyFinder} for this <code>EvaluationContextFactory</code> to an
+ * explicit instance instead of the default or configured value.
+ *
+ * @param policyFinder the <code>PolicyFinder</code> to use in creating new <code>EvaluationContext</code>s.
+ */
+ public abstract void setPolicyFinder(PolicyFinder policyFinder);
+
+ /**
+ * Sets the {@link com.att.research.xacml.api.pip.PIPFinder} for this <code>EvaluationContextFactory</code> to an
+ * explicit instance instaed of the default or configured value.
+ *
+ * @param pipFinder the <code>PIPFinder</code> to use in creating new <code>EvaluationContext</code>s.
+ */
+ public abstract void setPIPFinder(PIPFinder pipFinder);
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationException.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationException.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationException.java
new file mode 100755
index 0000000..0a0b49a
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationException.java
@@ -0,0 +1,43 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.eval;
+
+/**
+ * EvaluationException extends <code>Exception</code> to represent errors returned by methods of the
+ * {@link Evaluatable} interface and the {@link Matchable} interface.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class EvaluationException extends Exception {
+ private static final long serialVersionUID = 302250127793947492L;
+
+ public EvaluationException() {
+ }
+
+ public EvaluationException(String message) {
+ super(message);
+ }
+
+ public EvaluationException(Throwable cause) {
+ super(cause);
+ }
+
+ public EvaluationException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public EvaluationException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+ super(message, cause, enableSuppression, writableStackTrace);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationResult.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationResult.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationResult.java
new file mode 100755
index 0000000..78828e5
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/EvaluationResult.java
@@ -0,0 +1,80 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.eval;
+
+import java.util.Collection;
+
+import com.att.research.xacml.api.Advice;
+import com.att.research.xacml.api.AttributeCategory;
+import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.IdReference;
+import com.att.research.xacml.api.Obligation;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.std.StdMutableResult;
+
+/**
+ * EvaluationResult extends {@link com.att.research.xacml.std.StdMutableResult} with methods useful within a PDP implementation
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class EvaluationResult extends StdMutableResult {
+ public EvaluationResult() {
+ super();
+ }
+
+ public EvaluationResult(Decision decisionIn, Status statusIn) {
+ super(decisionIn, statusIn);
+ }
+
+ public EvaluationResult(Status statusIn) {
+ super(statusIn);
+ }
+
+ public EvaluationResult(Decision decisionIn) {
+ super(decisionIn);
+ }
+
+ public EvaluationResult(Decision decisionIn,
+ Collection<Obligation> obligationsIn,
+ Collection<Advice> adviceIn,
+ Collection<AttributeCategory> attributesIn,
+ Collection<IdReference> policyIdentifiersIn,
+ Collection<IdReference> policySetIdentifiersIn) {
+ super(decisionIn, obligationsIn, adviceIn, attributesIn, policyIdentifiersIn, policySetIdentifiersIn);
+ }
+
+ /**
+ * Creates an <code>EvaluationResult</code> generally from a {@link com.att.research.xacmlatt.pdp.policy.Rule} <code>evaluation</code>
+ * call.
+ *
+ * @param decisionIn the <code>Decision</code>
+ * @param obligationsIn the <code>Collection</code> of <code>Obligation</code>s
+ * @param adviceIn the <code>Collection</code> of <code>Advice</code> objects
+ */
+ public EvaluationResult(Decision decisionIn, Collection<Obligation> obligationsIn, Collection<Advice> adviceIn) {
+ super(decisionIn, obligationsIn, adviceIn, null, null, null);
+ }
+
+ public void merge(EvaluationResult evaluationResult) {
+ if (this.getStatus() == null) {
+ this.setStatus(evaluationResult.getStatus());
+ } else {
+ this.getStatus().merge(evaluationResult.getStatus());
+ }
+ this.addObligations(evaluationResult.getObligations());
+ this.addAdvice(evaluationResult.getAssociatedAdvice());
+ this.addAttributeCategories(evaluationResult.getAttributes());
+ this.addPolicyIdentifiers(evaluationResult.getPolicyIdentifiers());
+ this.addPolicySetIdentifiers(evaluationResult.getPolicySetIdentifiers());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/MatchResult.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/MatchResult.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/MatchResult.java
new file mode 100755
index 0000000..4398b79
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/MatchResult.java
@@ -0,0 +1,71 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.eval;
+
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.std.StdStatus;
+
+/**
+ * MatchResult is the value returned by the {@link Matchable} interface.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class MatchResult {
+ public static enum MatchCode {
+ INDETERMINATE,
+ MATCH,
+ NOMATCH
+ }
+
+ public static MatchResult MM_MATCH = new MatchResult(MatchCode.MATCH);
+ public static MatchResult MM_NOMATCH = new MatchResult(MatchCode.NOMATCH);
+
+ private MatchCode matchCode;
+ private Status status;
+
+ public MatchResult(MatchCode matchCodeIn, Status statusIn) {
+ this.matchCode = matchCodeIn;
+ this.status = statusIn;
+ }
+
+ public MatchResult(MatchCode matchCodeIn) {
+ this(matchCodeIn, StdStatus.STATUS_OK);
+ }
+
+ public MatchResult(Status statusIn) {
+ this(MatchCode.INDETERMINATE, statusIn);
+ }
+
+ public MatchCode getMatchCode() {
+ return this.matchCode;
+ }
+
+ public Status getStatus() {
+ return this.status;
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+
+ stringBuilder.append("matchCode=");
+ stringBuilder.append(this.getMatchCode());
+ Status thisStatus = this.getStatus();
+ if (thisStatus != null) {
+ stringBuilder.append(", status=");
+ stringBuilder.append(thisStatus.toString());
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Matchable.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Matchable.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Matchable.java
new file mode 100755
index 0000000..0550b07
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/Matchable.java
@@ -0,0 +1,30 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.eval;
+
+/**
+ * Matchable is the interface objects implement to indicate they are part of a XACML Target matching tree.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public interface Matchable {
+ /**
+ * Matches this <code>Matchable</code> in the given {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext} and
+ * returns a {@link com.att.research.xacmlatt.pdp.eval.MatchResult}.
+ *
+ * @param evaluationContext the <code>EvaluationContext</code> to use in matching
+ * @return a <code>MatchResult</code> indicating whether this <code>Matchable</code> matches against the given <code>EvaluationContext</code>.
+ * @throws EvaluationException if there is an error testing the match.
+ */
+ public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException;
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/package-info.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/package-info.java
new file mode 100755
index 0000000..eb01ff5
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/eval/package-info.java
@@ -0,0 +1,19 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.eval;
+
+/**
+ * com.att.research.xacmlatt.pdp.eval contains interfaces and classes used in evaluating and matching XACML policy components.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/package-info.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/package-info.java
new file mode 100755
index 0000000..b6c251b
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp;
+
+/**
+ * com.att.research.xacmlatt.pdp contains a reference implementation of the {@link com.att.research.xacml.pdp.PDPEngine} interface
+ * developed at AT&T Laboratories.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AdviceExpression.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AdviceExpression.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AdviceExpression.java
new file mode 100755
index 0000000..9ef9adc
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AdviceExpression.java
@@ -0,0 +1,201 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import com.att.research.xacml.api.Advice;
+import com.att.research.xacml.api.AttributeAssignment;
+import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdMutableAdvice;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.util.StringUtils;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+
+/**
+ * AdviceExpression extends {@link PolicyComponent} to implement the XACML AdviceExpression element.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class AdviceExpression extends PolicyComponent {
+ private List<AttributeAssignmentExpression> listAttributeAssignmentExpressions = new ArrayList<AttributeAssignmentExpression>();
+ private Identifier adviceId;
+ private RuleEffect appliesTo;
+
+ protected List<AttributeAssignmentExpression> getAttributeAssignmentExpressionList() {
+ return this.listAttributeAssignmentExpressions;
+ }
+
+ protected void clearAttributeAssignmentExpressionList() {
+ this.getAttributeAssignmentExpressionList().clear();
+ }
+
+ public AdviceExpression(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public AdviceExpression(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public AdviceExpression() {
+ }
+
+ public AdviceExpression(Identifier adviceIdIn, RuleEffect ruleEffectIn, Collection<AttributeAssignmentExpression> attributeAssignmentExpressions) {
+ this.adviceId = adviceIdIn;
+ this.appliesTo = ruleEffectIn;
+ if (attributeAssignmentExpressions != null) {
+ this.listAttributeAssignmentExpressions.addAll(attributeAssignmentExpressions);
+ }
+ }
+
+ public Identifier getAdviceId() {
+ return this.adviceId;
+ }
+
+ public void setAdviceId(Identifier identifier) {
+ this.adviceId = identifier;
+ }
+
+ public RuleEffect getAppliesTo() {
+ return this.appliesTo;
+ }
+
+ public void setAppliesTo(RuleEffect ruleEffect) {
+ this.appliesTo = ruleEffect;
+ }
+
+ public Iterator<AttributeAssignmentExpression> getAttributeAssignmentExpressions() {
+ return this.getAttributeAssignmentExpressionList().iterator();
+ }
+
+ public void setAttributeAssignmentExpressions(Collection<AttributeAssignmentExpression> attributeAssignmentExpressions) {
+ this.clearAttributeAssignmentExpressionList();
+ if (attributeAssignmentExpressions != null) {
+
+ }
+ }
+
+ public void addAttributeAssignmentExpression(AttributeAssignmentExpression attributeAssignmentExpression) {
+ this.getAttributeAssignmentExpressionList().add(attributeAssignmentExpression);
+ }
+
+ public void addAttributeAssignmentExpressions(Collection<AttributeAssignmentExpression> attributeAssignmentExpressions) {
+ this.getAttributeAssignmentExpressionList().addAll(attributeAssignmentExpressions);
+ }
+
+ /**
+ * Evaluates the <code>AttributeAssignmentExpression</code>s in this <code>AdviceExpression</code> to generate an
+ * {@link com.att.research.xacml.api.Advice} object.
+ *
+ * @param evaluationContext the {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext} in which to evaluate the <code>AttributeAssignmentExpression</code>s
+ * @param policyDefaults the {@link PolicyDefaults} for the evaluation
+ * @return a new <code>Advice</code> evaluated from this <code>AdviceExpression</code>
+ * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException if there is an error in the evaluation
+ */
+ public Advice evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException {
+ if (!this.validate()) {
+ return null;
+ }
+
+ List<AttributeAssignment> attributeAssignments = new ArrayList<AttributeAssignment>();
+ Iterator<AttributeAssignmentExpression> iterAttributeAssignmentExpressions = this.getAttributeAssignmentExpressions();
+ if (iterAttributeAssignmentExpressions != null) {
+ while (iterAttributeAssignmentExpressions.hasNext()) {
+ AttributeAssignmentResult attributeAssignmentResult = iterAttributeAssignmentExpressions.next().evaluate(evaluationContext, policyDefaults);
+ if (attributeAssignmentResult.isOk() && attributeAssignmentResult.getNumAttributeAssignments() > 0) {
+ Iterator<AttributeAssignment> iterAttributeAssignments = attributeAssignmentResult.getAttributeAssignments();
+ while (iterAttributeAssignments.hasNext()) {
+ attributeAssignments.add(iterAttributeAssignments.next());
+ }
+ }
+ }
+ }
+
+ return new StdMutableAdvice(this.getAdviceId(), attributeAssignments);
+ }
+
+ /**
+ * Evaluates a <code>Collection</code> of <code>AdviceExpression</code>s in the given <code>EvaluationContext</code> and returns
+ * a <code>List</code> of <code>Advice</code>s.
+ *
+ * @param evaluationContext
+ * @param policyDefaults
+ * @param listAdviceExpressions
+ * @return
+ * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException
+ */
+ public static List<Advice> evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults, Decision decision, Collection<AdviceExpression> listAdviceExpressions) throws EvaluationException {
+ List<Advice> listAdvices = new ArrayList<Advice>();
+ Iterator<AdviceExpression> iterAdviceExpressions = listAdviceExpressions.iterator();
+ while (iterAdviceExpressions.hasNext()) {
+ AdviceExpression adviceExpression = iterAdviceExpressions.next();
+ adviceExpression.validateComponent();
+ if ( ! adviceExpression.isOk()) {
+ throw new EvaluationException(adviceExpression.getStatusMessage());
+ }
+ if (decision == null || adviceExpression.getAppliesTo().getDecision().equals(decision)) {
+ Advice advice = adviceExpression.evaluate(evaluationContext, policyDefaults);
+ if (advice != null) {
+ listAdvices.add(advice);
+ }
+ }
+ }
+ return listAdvices;
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (this.getAdviceId() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AdviceId");
+ return false;
+ } else if (this.getAppliesTo() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AppliesTo");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ Object objectToDump;
+ if ((objectToDump = this.getAdviceId()) != null) {
+ stringBuilder.append(",adviceId=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ if ((objectToDump = this.getAppliesTo()) != null) {
+ stringBuilder.append(",appliesTo=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ if ((objectToDump = StringUtils.toString(this.getAttributeAssignmentExpressions())) != null) {
+ stringBuilder.append(",attributeAssignmentExpressions=");
+ stringBuilder.append((String)objectToDump);
+ }
+
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AllOf.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AllOf.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AllOf.java
new file mode 100755
index 0000000..721750a
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AllOf.java
@@ -0,0 +1,136 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.util.StringUtils;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.eval.MatchResult;
+import com.att.research.xacmlatt.pdp.eval.Matchable;
+
+/**
+ * AnyOf extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} and implements the {@link com.att.research.xacmlatt.pdp.policy.Matchable}
+ * interface to represent XACML AllOf elements in a XACML Target.
+ *
+ * @author car
+ * @version $Revision
+ */
+public class AllOf extends PolicyComponent implements Matchable {
+ private List<Match> matches;
+
+ protected List<Match> getMatchList(boolean bNoNulls) {
+ if (this.matches == null && bNoNulls) {
+ this.matches = new ArrayList<Match>();
+ }
+ return this.matches;
+ }
+
+ protected void clearMatchList() {
+ if (this.matches != null) {
+ this.matches.clear();
+ }
+ }
+
+ public AllOf(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public AllOf(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public AllOf() {
+ }
+
+ public Iterator<Match> getMatches() {
+ return (this.matches == null ? null : this.matches.iterator());
+ }
+
+ public void setMatches(Collection<Match> matchesIn) {
+ this.clearMatchList();
+ if (matchesIn != null) {
+ this.addMatches(matchesIn);
+ }
+ }
+
+ public void addMatch(Match match) {
+ List<Match> matchList = this.getMatchList(true);
+ matchList.add(match);
+ }
+
+ public void addMatches(Collection<Match> matchesIn) {
+ List<Match> matchList = this.getMatchList(true);
+ matchList.addAll(matchesIn);
+ }
+
+ @Override
+ public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException {
+ if (!this.validate()) {
+ return new MatchResult(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ }
+ Iterator<Match> iterMatches = this.getMatches();
+ assert(iterMatches != null && iterMatches.hasNext());
+
+ MatchResult matchResultFallThrough = MatchResult.MM_MATCH;
+ while (iterMatches.hasNext()) {
+ MatchResult matchResultMatch = iterMatches.next().match(evaluationContext);
+ assert(matchResultMatch != null);
+ switch(matchResultMatch.getMatchCode()) {
+ case INDETERMINATE:
+ if (matchResultFallThrough.getMatchCode() != MatchResult.MatchCode.INDETERMINATE) {
+ matchResultFallThrough = matchResultMatch;
+ }
+ break;
+ case MATCH:
+ break;
+ case NOMATCH:
+ return matchResultMatch;
+ }
+ }
+ return matchResultFallThrough;
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ Iterator<Match> iterMatches = this.getMatches();
+ if (iterMatches == null || !iterMatches.hasNext()) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing matches");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ String stringMatches = StringUtils.toString(this.getMatches());
+ if (stringMatches != null) {
+ stringBuilder.append(",matches=");
+ stringBuilder.append(stringMatches);
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AnyOf.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AnyOf.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AnyOf.java
new file mode 100755
index 0000000..749904f
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AnyOf.java
@@ -0,0 +1,150 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.util.StringUtils;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.eval.MatchResult;
+import com.att.research.xacmlatt.pdp.eval.Matchable;
+
+/**
+ * AnyOf extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} and implements the {@link com.att.research.xacmlatt.pdp.policy.Matchable}
+ * interface to represent XACML AnyOf elements in a XACML Target.
+ *
+ * @author car
+ * @version $Revision
+ */
+public class AnyOf extends PolicyComponent implements Matchable {
+ private List<AllOf> allOfs;
+
+ protected List<AllOf> getAllOfList(boolean bNoNull) {
+ if (this.allOfs == null && bNoNull) {
+ this.allOfs = new ArrayList<AllOf>();
+ }
+ return this.allOfs;
+ }
+
+ protected void clearAllOfList() {
+ if (this.allOfs != null) {
+ this.allOfs.clear();
+ }
+ }
+
+ public AnyOf(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public AnyOf(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public AnyOf() {
+ }
+
+ public AnyOf(Collection<AllOf> allOfsIn) {
+ if (allOfsIn != null) {
+ this.addAllOfs(allOfsIn);
+ }
+ }
+
+ public Iterator<AllOf> getAllOfs() {
+ return (this.allOfs == null ? null : this.allOfs.iterator());
+ }
+
+ public void setAllOfs(Collection<AllOf> allOfsIn) {
+ this.clearAllOfList();
+ if (allOfsIn != null) {
+ this.addAllOfs(allOfsIn);
+ }
+ }
+
+ public void addAllOf(AllOf allOf) {
+ List<AllOf> listAllOfs = this.getAllOfList(true);
+ listAllOfs.add(allOf);
+ }
+
+ public void addAllOfs(Collection<AllOf> allOfs) {
+ List<AllOf> listAllOfs = this.getAllOfList(true);
+ listAllOfs.addAll(allOfs);
+ }
+
+ @Override
+ public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException {
+ if (!this.validate()) {
+ return new MatchResult(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ }
+ Iterator<AllOf> iterAllOfs = this.getAllOfs();
+ if (iterAllOfs == null || !iterAllOfs.hasNext()) {
+ return MatchResult.MM_NOMATCH;
+ }
+
+ /*
+ * Assume "No Match" until we find a match or an indeterminate result
+ */
+ MatchResult matchResultFallThrough = MatchResult.MM_NOMATCH;
+ while (iterAllOfs.hasNext()) {
+ MatchResult matchResultAllOf = iterAllOfs.next().match(evaluationContext);
+ assert(matchResultAllOf != null);
+ switch(matchResultAllOf.getMatchCode()) {
+ case INDETERMINATE:
+ /*
+ * Keep the first indeterminate value to return if no other match is found
+ */
+ if (matchResultFallThrough.getMatchCode() != MatchResult.MatchCode.INDETERMINATE) {
+ matchResultFallThrough = matchResultAllOf;
+ }
+ break;
+ case MATCH:
+ return matchResultAllOf;
+ case NOMATCH:
+ break;
+ }
+ }
+ return matchResultFallThrough;
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ Iterator<AllOf> iterAllOfs = this.getAllOfs();
+ if (iterAllOfs == null || !iterAllOfs.hasNext()) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AllOf elements in AnyOf");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ String iterToDump = StringUtils.toString(this.getAllOfs());
+ if (iterToDump != null) {
+ stringBuilder.append(",allOfs=");
+ stringBuilder.append(iterToDump);
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.java
new file mode 100755
index 0000000..047fff8
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentExpression.java
@@ -0,0 +1,166 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import com.att.research.xacml.api.AttributeAssignment;
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdMutableAttributeAssignment;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+
+/**
+ * AttributeAssignmentExpression extends {@link PolicyComponent} to represent a
+ * XACML AttributeAssignmentExpression element.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class AttributeAssignmentExpression extends PolicyComponent {
+ private static final AttributeAssignmentResult AAR_NULL_EXPRESSION = new AttributeAssignmentResult(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Null expression"));
+ private static final AttributeAssignmentResult AAR_NULL_EXPRESSION_RESULT = new AttributeAssignmentResult(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Null expression result"));
+
+ private Expression expression;
+ private Identifier attributeId;
+ private Identifier category;
+ private String issuer;
+
+ public AttributeAssignmentExpression(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public AttributeAssignmentExpression(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public AttributeAssignmentExpression() {
+ }
+
+ public AttributeAssignmentExpression(Identifier categoryIn, Identifier attributeIdIn, String issuerIn, Expression expressionIn) {
+ this.category = categoryIn;
+ this.attributeId = attributeIdIn;
+ this.issuer = issuerIn;
+ this.expression = expressionIn;
+ }
+
+ public Identifier getCategory() {
+ return this.category;
+ }
+
+ public void setCategory(Identifier identifier) {
+ this.category = identifier;
+ }
+
+ public Identifier getAttributeId() {
+ return this.attributeId;
+ }
+
+ public void setAttributeId(Identifier identifier) {
+ this.attributeId = identifier;
+ }
+
+ public String getIssuer() {
+ return this.issuer;
+ }
+
+ public void setIssuer(String string) {
+ this.issuer = string;
+ }
+
+ public Expression getExpression() {
+ return this.expression;
+ }
+
+ public void setExpression(Expression expressionIn) {
+ this.expression = expressionIn;
+ }
+
+ public AttributeAssignmentResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException {
+ if (!this.validate()) {
+ return new AttributeAssignmentResult(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ }
+
+ Expression thisExpression = this.getExpression();
+ if (thisExpression == null) {
+ return AAR_NULL_EXPRESSION;
+ }
+
+ ExpressionResult thisExpressionResult = thisExpression.evaluate(evaluationContext, policyDefaults);
+ if (thisExpressionResult == null) {
+ return AAR_NULL_EXPRESSION_RESULT;
+ } else if (!thisExpressionResult.isOk()) {
+ return new AttributeAssignmentResult(thisExpressionResult.getStatus());
+ } else {
+ List<AttributeAssignment> listAttributeAssignments = new ArrayList<AttributeAssignment>();
+ if (thisExpressionResult.isBag()) {
+ Bag bagValues = thisExpressionResult.getBag();
+ if (bagValues == null || bagValues.size() == 0) {
+ listAttributeAssignments.add(new StdMutableAttributeAssignment(this.getCategory(), this.getAttributeId(), this.getIssuer(), null));
+ } else {
+ Iterator<AttributeValue<?>> iterBagValues = bagValues.getAttributeValues();
+ while (iterBagValues.hasNext()) {
+ AttributeValue<?> attributeValue = iterBagValues.next();
+ listAttributeAssignments.add(new StdMutableAttributeAssignment(this.getCategory(), this.getAttributeId(), this.getIssuer(), attributeValue));
+ }
+ }
+ } else {
+ listAttributeAssignments.add(new StdMutableAttributeAssignment(this.getCategory(), this.getAttributeId(), this.getIssuer(), thisExpressionResult.getValue()));
+ }
+ return new AttributeAssignmentResult(listAttributeAssignments);
+ }
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (this.getAttributeId() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AttributeId");
+ return false;
+ } else if (this.getExpression() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Expression");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ Object objectToDump;
+ if ((objectToDump = this.getCategory()) != null) {
+ stringBuilder.append(",category=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ if ((objectToDump = this.getAttributeId()) != null) {
+ stringBuilder.append(",attributeId=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ if ((objectToDump = this.getExpression()) != null) {
+ stringBuilder.append(",expression=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.java
new file mode 100755
index 0000000..cc6c549
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/AttributeAssignmentResult.java
@@ -0,0 +1,95 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import com.att.research.xacml.api.AttributeAssignment;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.util.StringUtils;
+
+/**
+ * AttributeAssignmentResult is the object returned by the <code>evaluate</code> method of an {@link com.att.research.xacmlatt.pdp.policy.AttributeAssignmentExpression}.
+ * It contains a {@link com.att.research.xacml.api.Status} and an optional collection of {@link com.att.research.xacml.api.AttributeAssignment}
+ * elements.
+ *
+ * @author car
+ * @version $Revision$
+ */
+public class AttributeAssignmentResult {
+ private Status status;
+ private List<AttributeAssignment> listAttributeAssignments;
+
+ protected List<AttributeAssignment> getListAttributeAssignments() {
+ return this.listAttributeAssignments;
+ }
+
+ public AttributeAssignmentResult(Status statusIn, Collection<AttributeAssignment> listAttributeAssignmentsIn) {
+ this.status = statusIn;
+ if (listAttributeAssignmentsIn != null && listAttributeAssignmentsIn.size() > 0) {
+ this.listAttributeAssignments = new ArrayList<AttributeAssignment>();
+ this.listAttributeAssignments.addAll(listAttributeAssignmentsIn);
+ }
+ }
+
+ public AttributeAssignmentResult(Status statusIn) {
+ this(statusIn, null);
+ }
+
+ public AttributeAssignmentResult(Collection<AttributeAssignment> listAttributeAssignmentsIn) {
+ this(StdStatus.STATUS_OK, listAttributeAssignmentsIn);
+ }
+
+ public Status getStatus() {
+ return this.status;
+ }
+
+ public boolean isOk() {
+ return (this.getStatus() == null || this.getStatus().isOk());
+ }
+
+ public Iterator<AttributeAssignment> getAttributeAssignments() {
+ List<AttributeAssignment> thisListAttributeAssignments = this.getListAttributeAssignments();
+ return (thisListAttributeAssignments == null ? null : thisListAttributeAssignments.iterator());
+ }
+
+ public int getNumAttributeAssignments() {
+ List<AttributeAssignment> thisListAttributeAssignments = this.getListAttributeAssignments();
+ return (thisListAttributeAssignments == null ? 0 : thisListAttributeAssignments.size());
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+ boolean needsComma = false;
+
+ Object objectToDump;
+ if ((objectToDump = this.getStatus()) != null) {
+ stringBuilder.append("status=");
+ stringBuilder.append(objectToDump.toString());
+ needsComma = true;
+ }
+
+ Iterator<?> iterToDump;
+ if ((iterToDump = this.getAttributeAssignments()) != null) {
+ if (needsComma) {
+ stringBuilder.append(',');
+ }
+ stringBuilder.append(StringUtils.toString(iterToDump));
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Bag.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Bag.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Bag.java
new file mode 100755
index 0000000..47b7773
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/Bag.java
@@ -0,0 +1,93 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import com.att.research.xacml.api.AttributeValue;
+
+/**
+ * Bag represents a collection of XACML attribute values for the same attribute.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class Bag {
+ public static final Bag EMPTY = new Bag();
+
+ private List<AttributeValue<?>> attributeValues = new ArrayList<AttributeValue<?>>();
+
+ /**
+ * Gets the <code>List</code> of <code>AttributeValue</code>s for this <code>Bag</code>.
+ *
+ * @return the <code>List</code> of <code>AttributeValue</code>s for this <code>Bag</code>
+ */
+ public List<AttributeValue<?>> getAttributeValueList() {
+ return this.attributeValues;
+ }
+
+ /**
+ * Creates a new, empty <code>Bag</code>.
+ */
+ public Bag() {
+ }
+
+ /**
+ * Creates a new <code>Bag</code> by copying the {@link com.att.research.xacml.api.AttributeValue}s from the
+ * given <code>Collection</code>.
+ *
+ * @param attributeValuesIn the <code>Collection</code> of <code>AttributeValue</code>s for this <code>Bag</code>.
+ *
+ public Bag(Collection<AttributeValue<?>> attributeValuesIn) {
+ if (attributeValuesIn != null) {
+ this.attributeValues.addAll(attributeValuesIn);
+ }
+ }
+
+ public Bag(Iterator<AttributeValue<?>> iterAttributeValuesIn) {
+ if (iterAttributeValuesIn != null) {
+ while (iterAttributeValuesIn.hasNext()) {
+ this.attributeValues.add(iterAttributeValuesIn.next());
+ }
+ }
+ }
+ */
+
+ /**
+ * Adds an <code>AttributeValue</code> to this <code>Bag</code>>
+ *
+ * @param attributeValue the <code>AttributeValue</code> to add
+ */
+ public void add(AttributeValue<?> attributeValue) {
+ this.attributeValues.add(attributeValue);
+ }
+
+ /**
+ * Gets the number of <code>AttributeValue</code>s in this <code>Bag</code>.
+ *
+ * @return the number of <code>AttributeValue</code>s in this <code>Bag</code>.
+ */
+ public int size() {
+ return this.getAttributeValueList().size();
+ }
+
+ /**
+ * Gets an <code>Iterator</code> over all of the <code>AttributeValue</code>s in this <code>Bag</code>.
+ *
+ * @return an <code>Iterator</code> over all of the <code>AttributeValue</code>s in this <code>Bag</code>.
+ */
+ public Iterator<AttributeValue<?>> getAttributeValues() {
+ return this.getAttributeValueList().iterator();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombinerParameter.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombinerParameter.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombinerParameter.java
new file mode 100755
index 0000000..8277428
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombinerParameter.java
@@ -0,0 +1,149 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdStatusCode;
+
+/**
+ * CombinerParameter extends {@link PolicyComponent} to represent a XACML CombinerParameter element.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class CombinerParameter extends PolicyComponent {
+ private String name;
+ private AttributeValue<?> attributeValue;
+
+ @Override
+ protected boolean validateComponent() {
+ if (this.getName() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing parameter name");
+ return false;
+ } else if (this.getAttributeValue() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing attribute value");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+ /**
+ * Creates a new <code>CombinerParameter</code> with the given <code>String</code> name, <code>AttributeValue</code>,
+ * {@link com.att.research.xacml.api.StatusCode} and <code>String</code> status message.
+ *
+ * @param nameIn the <code>String</code> name of the <code>CombinerParameter</code>
+ * @param attributeValueIn the <code>AttributeValue</code> of the <code>CombinerParameter</code>
+ * @param statusCodeIn the <code>StatusCode</code> of the <code>CombinerParameter</code>
+ * @param statusMessageIn the <code>String</code> status message of the <code>CombinerParameter</code>
+ */
+ public CombinerParameter(String nameIn, AttributeValue<?> attributeValueIn, StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ this.name = nameIn;
+ this.attributeValue = attributeValueIn;
+ }
+
+ /**
+ * Creates a new <code>CombinerParameter</code> for an error condition with the given <code>StatusCode</code> and
+ * <code>String</code> status message.
+ *
+ * @param statusCodeIn the <code>StatusCode</code> of the <code>CombinerParameter</code>
+ * @param statusMessageIn the <code>String</code> status message of the <code>CombinerParameter</code>
+ */
+ public CombinerParameter(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ /**
+ * Creates a new <code>CombinerParameter</code> for an error condition with the given <code>StatusCode</code> and
+ * null status message.
+ *
+ * @param statusCodeIn the <code>StatusCode</code> of the <code>CombinerParameter</code>
+ */
+ public CombinerParameter(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ /**
+ * Creates a new <code>CombinerParameter</code> with a default <code>StatusCode</code>, null status message, and the given
+ * <code>String</code> name and <code>AttributeValue</code>>
+ *
+ * @param nameIn the <code>String</code> name of the <code>CombinerParameter</code>
+ * @param attributeValueIn the <code>AttributeValue</code> of the <code>CombinerParameter</code>
+ */
+ public CombinerParameter(String nameIn, AttributeValue<?> attributeValueIn) {
+ super();
+ this.name = nameIn;
+ this.attributeValue = attributeValueIn;
+ }
+
+ public CombinerParameter() {
+
+ }
+
+ /**
+ * Gets the <code>String</code> name of this <code>CombinerParameter</code>.
+ *
+ * @return the <code>String</code> name of this <code>CombinerParameter</code>
+ */
+ public String getName() {
+ return this.name;
+ }
+
+ /**
+ * Sets the name of this <code>CombinerParameter</code> to the given <code>String</code>.
+ *
+ * @param nameIn the <code>String</code> name for this <code>CombinerParameter</code>.
+ */
+ public void setName(String nameIn) {
+ this.name = nameIn;
+ }
+
+ /**
+ * Gets the <code>AttributeValue</code> of this <code>CombinerParameter</code>.
+ *
+ * @return the <code>AttributeValue</code> of this <code>CombinerParameter</code>
+ */
+ public AttributeValue<?> getAttributeValue() {
+ return this.attributeValue;
+ }
+
+ /**
+ * Sets the <code>AttributeValue</code> for this <code>CombinerParameter</code>>
+ *
+ * @param attributeValueIn the <code>AttributeValue</code> for this <code>CombinerParameter</code>>
+ */
+ public void setAttributeValue(AttributeValue<?> attributeValueIn) {
+ this.attributeValue = attributeValueIn;
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ Object objectToDump;
+ if ((objectToDump = this.getName()) != null) {
+ stringBuilder.append(",name=");
+ stringBuilder.append((String)objectToDump);
+ }
+ if ((objectToDump = this.getAttributeValue()) != null) {
+ stringBuilder.append(",attributeValue=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.java
new file mode 100755
index 0000000..d161efa
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithm.java
@@ -0,0 +1,49 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.List;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacmlatt.pdp.eval.Evaluatable;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.eval.EvaluationResult;
+
+/**
+ * CombiningAlgorithm is the interface for objects that implement XACML combining algorithms for rules, policies, and policy sets.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ *
+ * @param <T> the type of object to be combined
+ * @param <U> the type of the identifier for <code>T</code>
+ */
+public interface CombiningAlgorithm<T extends Evaluatable> {
+ /**
+ * Gets the {@link com.att.research.xacml.api.Identifier} for this <code>CombiningAlgorithm</code>.
+ *
+ * @return the <code>Identifier</code> for this <code>CombiningAlgorithm</code>
+ */
+ public Identifier getId();
+
+ /**
+ * Evaluates as many of the <code>CombiningElement</code>s supplied with the given <code>CombinerParameter</code>s based on
+ * the particular combining algorithm and combines their <code>EvaluationResult</code>s into a single <code>EvaluationResult</code>.
+ *
+ * @param evaluationContext the <code>EvaluationContext</code> in which to evaluate each of the <code>CombiningElement</code>s
+ * @param elements the <code>List</code> of <code>CombiningElement</code>s to evaluate
+ * @param combinerParameters the <code>List</code> of <code>CombinerParameter</code>s to apply to the combining algorithm
+ * @return the combined <code>EvaluationResult</code>
+ * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException if there is an error in the <code>evaluate</code> method of any of the <code>CombiningElement</code>s
+ */
+ public EvaluationResult combine(EvaluationContext evaluationContext, List<CombiningElement<T>> elements, List<CombinerParameter> combinerParameters) throws EvaluationException;
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.java
new file mode 100755
index 0000000..b6b278e
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningAlgorithmFactory.java
@@ -0,0 +1,91 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.Properties;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacml.util.FactoryFinder;
+import com.att.research.xacmlatt.pdp.util.ATTPDPProperties;
+
+/**
+ * CombiningAlgorithmFactory is an abstract class for mapping function {@link com.att.research.xacml.api.Identifier} ids to
+ * {@link CombiningAlgorithm} objects.
+ *
+ * @author car
+ * @version $Revision: 1.3 $
+ */
+public abstract class CombiningAlgorithmFactory {
+ private static final String FACTORYID = ATTPDPProperties.PROP_COMBININGALGORITHMFACTORY;
+ private static final String DEFAULT_FACTORY_CLASSNAME = "com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory";
+
+ protected CombiningAlgorithmFactory() {
+ }
+
+ protected CombiningAlgorithmFactory(Properties properties) {
+ }
+
+ /**
+ * Maps the given <code>Identifier</code> representing a XACML rule combining algorithm to a <code>CombiningAlgorithm</code> object.
+ *
+ * @param combiningAlgorithmId the <code>Identifier</code> of the <code>CombiningAlgorithm</code> to retrieve
+ * @return the <code>CombiningAlgorithm</code> for the given <code>Identifier</code> or null if not found
+ */
+ public abstract CombiningAlgorithm<Rule> getRuleCombiningAlgorithm(Identifier combiningAlgorithmId);
+
+ /**
+ * Maps the given <code>Identifier</code> representing a XACML policy combinign algorithm to a <code>CombiningAlgorithm</code> object.
+ *
+ * @param combiningAlgorithmId the <code.Identifier</code> of the <code>CombiningAlgorithm</code> to retrieve
+ * @return the <code>CombiningAlgorithm</code> for the given <code>Identifier</code> or null if not found
+ */
+ public abstract CombiningAlgorithm<PolicySetChild> getPolicyCombiningAlgorithm(Identifier combiningAlgorithmId);
+
+ /**
+ * Creates an instance of the <code>CombiningAlgorithmFactory</code> using default configuration information.
+ *
+ * @return the default <code>CombiningAlgorithmFactory</code>
+ */
+ public static CombiningAlgorithmFactory newInstance() throws FactoryException {
+ return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, CombiningAlgorithmFactory.class);
+ }
+
+ /**
+ * Creates an instance of the <code>CombiningAlgorithmFactory</code> using default configuration information.
+ *
+ * @return the default <code>CombiningAlgorithmFactory</code>
+ */
+ public static CombiningAlgorithmFactory newInstance(Properties properties) throws FactoryException {
+ return FactoryFinder.find(FACTORYID, DEFAULT_FACTORY_CLASSNAME, CombiningAlgorithmFactory.class, properties);
+ }
+
+ /**
+ * Creates an instance of the <code>CombiningAlgorithmFactory</code> using the given class name.
+ *
+ * @param className the <code>String</code> class name of the <code>CombiningAlgorithmFactory</code> to create
+ * @return the <code>CombiningAlgorithmFactory</code> for the given class name.
+ */
+ public static CombiningAlgorithmFactory newInstance(String className) throws FactoryException {
+ return FactoryFinder.newInstance(className, CombiningAlgorithmFactory.class, null, true);
+ }
+
+ /**
+ * Creates an instance of the <code>CombiningAlgorithmFactory</code> using the given class name using the given <code>ClassLoader</code>.
+ *
+ * @param className the <code>String</code> class name of the <code>CombiningAlgorithmFactory</code> to create
+ * @param classLoader the <code>ClassLoader</code> to use to load the class with the given class name
+ * @return the <code>CombiningAlgorithmFactory</code> for the given class name
+ */
+ public static CombiningAlgorithmFactory newInstance(String className, ClassLoader classLoader) throws FactoryException {
+ return FactoryFinder.newInstance(className, CombiningAlgorithmFactory.class, classLoader, false);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningElement.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningElement.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningElement.java
new file mode 100755
index 0000000..8890b1a
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/CombiningElement.java
@@ -0,0 +1,82 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import com.att.research.xacmlatt.pdp.eval.Evaluatable;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.eval.EvaluationResult;
+
+/**
+ * CombiningElement wraps an {@link com.att.research.xacmlatt.pdp.evl.Evaluatable} with a set of
+ * {@link com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter}s for use with a
+ * {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm} to get a combined {@link com.att.research.xacmlatt.pdp.eval.EvaluationResult}
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ *
+ * @param <T> the java class extending <code>Evaluatable</code> of the objects to be combined
+ */
+public class CombiningElement<T extends Evaluatable> {
+ private T evaluatable;
+ private List<CombinerParameter> targetedCombinerParameters;
+
+ /**
+ * Creates a new <code>CombiningElement</code> with the given <code>Evaluatable</code> and <code>List</code> of
+ * <code>TargetedCombinerParameter</code>.
+ *
+ * @param evaluatableIn the <code>Evaluatable</code>
+ * @param targetedCombinerParametersIn the <code>List</code> of <code>TargetedCombinerParameter</code>s.
+ */
+ public CombiningElement(T evaluatableIn, Collection<CombinerParameter> targetedCombinerParametersIn) {
+ this.evaluatable = evaluatableIn;
+ if (targetedCombinerParametersIn != null) {
+ this.targetedCombinerParameters = new ArrayList<CombinerParameter>();
+ this.targetedCombinerParameters.addAll(targetedCombinerParametersIn);
+ }
+ }
+
+ /**
+ * Gets the <code>Evaluatable</code> for this <code>CombiningElement</code>.
+ *
+ * @return the <code>Evaluatable</code> for this <code>CombiningElement</code>
+ */
+ public T getEvaluatable() {
+ return this.evaluatable;
+ }
+
+ /**
+ * Gets an <code>Iterator</code> over the <code>TargetedCombinerParameters</code> for this
+ * <code>CombiningElement</code>.
+ *
+ * @return an <code>Iterator</code> over the <code>TargetedCombinerParameters</code> for this <code>CombiningElement</code>
+ */
+ public Iterator<CombinerParameter> getTargetedCombinerParameters() {
+ return (this.targetedCombinerParameters == null ? null : this.targetedCombinerParameters.iterator());
+ }
+
+ /**
+ * Evaluates this <code>CombiningElement</code> in the given {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext}.
+ *
+ * @param evaluationContext the <code>EvaluationContext</code>
+ * @return the {@link com.att.research.xacmlatt.pdp.eval.EvaluationResult} from the <code>Evaluatable</code>
+ * @throws com.att.research.xacmlatt.pdp.eval.EvaluationException if there is an error in the <code>evaluate</code> method of the <code>Evaluatable</code>
+ */
+ public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException {
+ return this.getEvaluatable().evaluate(evaluationContext);
+ }
+
+}