XACMLPrivilegeUtils.java revision 78d425f83177385e7e1dc33cca56dcd6b1f116bf
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: XACMLPrivilegeUtils.java,v 1.4 2010/01/10 06:39:42 dillidorai Exp $
*
* Portions Copyrighted 2011-2014 ForgeRock AS
* Portions Copyrighted 2014 Nomura Research Institute, Ltd
*/
/**
* Class with utility methods to map from
* <code>com.sun.identity.entity.Privilege</code>
* to
* </code>com.sun.identity.entitlement.xacml3.core.Policy</code>
*/
public class XACMLPrivilegeUtils {
// Used in ResourceAttribute serialisation.
/**
* Constructs XACMLPrivilegeUtils
*/
private XACMLPrivilegeUtils() {
}
return "";
}
}
return "";
}
try {
} catch (JAXBException je) {
//TOODO: handle, propogate exception
"JAXBException while mapping privilege to policy:", je);
}
return stringWriter.toString();
}
return "";
}
try {
} catch (JAXBException je) {
}
return stringWriter.toString();
}
public static void writeXMLToStream(PolicySet policySet, OutputStream outputStream) throws EntitlementException {
try {
} catch (JAXBException je) {
}
}
try {
} catch (JAXBException je) {
} catch (EntitlementException ee) {
PrivilegeManager.debug.error("Caught EntitlementException while converting Privilege to Policy", ee);
}
return policy;
}
private static Policy privilegeToPolicyInternal(Privilege privilege) throws JAXBException, EntitlementException {
/*
* See entitelement meeting minutes - 22apr09
*
* privilege name would map to policy id
*
* application name would map to application category attribute
*
* entitlement resource names would map to xacml policy target
*
* entitlement excluded resource names would map to xacml rule target
*
* simple one level entitlement subjects (without or, and etc)
* would map to policy target
*
* all entitlement subjects would also map to xacml rule condition
*
* entitlement conditions would map to xacml rule condition
*
* entitlement resource attributes would map to rule advice expression
*
* at present xacml obligation support is out of scope
*/
return null;
}
if (entitlement != null) {
}
if (applicationName != null) {
}
if (entitlementName != null) {
}
+ "T"
+ "T"
// PolicyIssuer policyIssuer = null; // optional, TODO
// TODO: use privilege version in future
// Defaults policyDefaults = null; // optional, TODO
// String ruleCombiningAlgId = "rca"; // required
// XACML Target contains a list of AnyOf(s)
// XACML AnyOf contains a list of AllOf(s)
// XACML AllOf contains a list of Match(s)
/* TODO: detect simple subjects and set attribute value and designator
List<AnyOf> anyOfSubjectList = entitlementSubjectToAnyOfList(es);
if (anyOfSubjectList != null) {
targetAnyOfList.addAll(anyOfSubjectList);
}
*/
if (anyOfSubject != null) {
}
if (anyOfResourceList != null) {
}
if (anyOfApplication != null) {
}
if (anyOfActionList != null) {
}
// PermitRule, DenyRule
if (actionValues != null) {
} else {
}
}
}
Condition condition = eSubjectConditionToXCondition(privilege.getSubject(), privilege.getCondition());
// Include resource attributes (ResourceProvider) as AdviceExpressions
}
if (!permitActions.isEmpty()) {
if (anyOfPermitActionList != null) {
}
}
}
if (!denyActions.isEmpty()) {
if (anyOfDenyActionList != null) {
}
}
}
return policy;
}
//TODO: implement privilegeNameToPolicyId() correctly
return privilegeName;
}
// TODO: not used now, use, test, fix and verify
return null;
}
if (es instanceof UserSubject) {
// attributeDesignator.setIssuer(issuer); TODO: verify and fix
boolean mustBePresent = true;
}
return anyOfList;
}
public static AnyOf entitlementSubjectToAnyOf(
return null;
}
//attributeDesignator.setIssuer(issuer); //TODO: verify and fix
boolean mustBePresent = true;
return anyOf;
}
return null;
}
}
return anyOfList;
}
return anyOf;
}
return null;
}
}
return anyOfList;
}
return null;
}
// attributeDesignator.setIssuer(issuer); TODO: verify and fix
boolean mustBePresent = true;
return match;
}
return null;
}
// attributeDesignator.setIssuer(issuer); TODO: verify and fix
boolean mustBePresent = true;
return match;
}
return null;
}
// attributeDesignator.setIssuer(issuer); // TODO: verify and fix
boolean mustBePresent = true;
return match;
}
return null;
}
// attributeDesignator.setIssuer(issuer); // TODO: verify and fix
boolean mustBePresent = false;
return match;
}
public static Condition eSubjectConditionToXCondition(
throws JAXBException {
// TODO: add custom xml attribute to idenity as privilge subject
}
// TODO: add custom xml attribute to idenity as privilge condition
}
}
return condition;
}
// TODO: return the correct algorithm id based on application
}
throws EntitlementException {
return null;
}
privileges.add(p);
}
}
return privileges;
}
long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
/*
* Construct entitlement from Rule target
* Get resource names, excluded resource names, action names from Rule Match element
* One Match for Action
* One Rule per value
*/
if (entitlementName != null) {
}
// Process AdviceExpressions from Export into ResourceAttributes
Set<ResourceAttribute> ras = schemaFactory.adviceExpressionsToResourceAttributes(policy.getAdviceExpressions());
return privilege;
}
// FIXME: do some transform, not required at this time
return policyId;
}
if (obj instanceof VariableDefinition) {
}
}
}
return val;
}
return 0;
}
"yyyy-MM-dd:HH:mm:ss.SSSS");
long time = 0;
try {
//TODO: log debug warning
}
return time;
}
try {
} catch (JAXBException je) {
//TODO: log error, jaxbexception
}
return policySet;
}
if (privileges == null) {
return null;
}
}
return policySet;
}
throws JAXBException {
// FIXME: is there a better choice?
// policySet could contain policies for different applications
return policySet;
}
throws JAXBException {
// FIXME: is there a better choice?
// policySet could contain policies for different applications
}
}
return policySet;
}
throws JAXBException {
return policySet;
}
return policySet;
}
}
}
}
return matches;
}
return null;
}
if (attributeValue != null) {
// FIXME: log a warning if more than one element
}
}
}
}
return resourceNames;
}
return null;
}
if (attributeValue != null) {
// FIXME: log a warning if more than one element
}
}
}
}
return actionNames;
}
throws JSONException {
return null;
}
if (attributeValue != null) {
break;
}
}
}
}
if (jsonString != null) {
}
return jo;
}
return null;
}
}
}
return ruleList;
}
return null;
}
return null;
}
}
}
return actionValues;
}
return null;
}
return null;
}
functionId)) {
if (dataType.startsWith(
break;
}
}
}
}
}
}
}
}
}
break;
}
}
return es;
}
static EntitlementCondition getEntitlementConditionFromPolicy(Policy policy) throws EntitlementException {
return null;
}
return null;
}
functionId)) {
if (dataType.startsWith(
break;
}
}
}
}
}
}
}
}
break;
}
}
}
return ec;
}
//FIXME: remove
"XACMLProvilegeUtils.streamToPolicySet(), core_pkg:"
return null;
}
return ps;
}
return null;
}
}
}
return policies;
}
return null;
}
if (i != 0) {
return null;
}
} else {
+ "createEntitlementSubject()"
+ "not an EntitlementSubject", null);
}
}
}
return es;
}
static EntitlementCondition createEntitlementCondition(String dataType, String value) throws EntitlementException {
return null;
}
if (i != 0) {
return null;
}
} else {
+ "createEntitlementCondition()"
+ "not an EntitlementCondition", null);
}
}
}
return ec;
}
return null;
}
try {
} catch (ClassNotFoundException e) {
+ "hit exception", e);
} catch (IllegalAccessException e) {
+ "hit exception", e);
} catch (InstantiationException e) {
+ "hit exception", e);
}
return ob;
}
try {
} catch (JAXBException je) {
"JAXBException while mapping referral to policy:", je);
}
return policy;
}
public static Policy referralToPolicyInternal(ReferralPrivilege privilege) throws JAXBException, JSONException {
return null;
}
+ "T"
+ "T"
// PolicyIssuer policyIssuer = null; // optional, TODO
// TODO: use privilege version in future
// Defaults policyDefaults = null; // optional, TODO
// XACML Target contains a list of AnyOf(s)
// XACML AnyOf contains a list of AllOf(s)
// XACML AllOf contains a list of Match(s)
if (anyOfRealmsAppsResources != null) {
}
return policy;
}
}
public static ReferralPrivilege policyToReferral(Policy policy) throws EntitlementException, JSONException {
long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
return referral;
}
boolean mustBePresent = false;
return anyOf;
}
}