Esempio n. 1
0
  public static void main(String... args) {
    try {
      DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
      documentBuilderFactory.setNamespaceAware(true);
      DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();

      for (String fileName : args) {
        File filePolicy = new File(fileName);
        if (filePolicy.exists() && filePolicy.canRead()) {
          try {
            Document documentPolicy = documentBuilder.parse(filePolicy);
            if (documentPolicy.getFirstChild() == null) {
              System.err.println(fileName + ": Error: No PolicySet found");
            } else if (!XACML3.ELEMENT_POLICYSET.equals(
                documentPolicy.getFirstChild().getLocalName()))
              System.err.println(fileName + ": Error: Not a PolicySet document");
            else {
              PolicySet policySet =
                  DOMPolicySet.newInstance(documentPolicy.getFirstChild(), null, null);
              System.out.println(fileName + ": validate()=" + policySet.validate());
              System.out.println(StringUtils.prettyPrint(policySet.toString()));
            }
          } catch (Exception ex) {
            System.err.println("Exception processing policy set file \"" + fileName + "\"");
            ex.printStackTrace(System.err);
          }
        } else {
          System.err.println("Cannot read policy set file \"" + fileName + "\"");
        }
      }
    } catch (Exception ex) {
      ex.printStackTrace(System.err);
      System.exit(1);
    }
    System.exit(0);
  }
Esempio n. 2
0
  /**
   * Creates a new <code>PolicySet</code> by parsing the given <code>Node</code> representing a
   * XACML PolicySet element.
   *
   * @param nodePolicySet the <code>Node</code> representing the XACML PolicySetelement
   * @param policyDefaultsParent the {@link com.att.research.xacmlatt.pdp.policy.PolicyDefaults}
   *     from the parent element
   * @return a new <code>PolicySet</code> parsed from the given <code>Node</code>
   * @throws DOMStructureException if there is an error parsing the <code>Node</code>
   */
  public static PolicySet newInstance(
      Node nodePolicySet, PolicySet policySetParent, PolicyDefaults policyDefaultsParent)
      throws DOMStructureException {
    Element elementPolicySet = DOMUtil.getElement(nodePolicySet);
    boolean bLenient = DOMProperties.isLenient();

    PolicySet domPolicySet = new PolicySet(policySetParent);

    Iterator<?> iterator;
    Identifier identifier;
    Integer integer;

    try {
      NodeList children = elementPolicySet.getChildNodes();
      int numChildren;
      if (children != null && (numChildren = children.getLength()) > 0) {
        /*
         * Run through once, quickly, to set the PolicyDefaults for the new DOMPolicySet
         */
        for (int i = 0; i < numChildren; i++) {
          Node child = children.item(i);
          if (DOMUtil.isNamespaceElement(child, XACML3.XMLNS)
              && XACML3.ELEMENT_POLICYDEFAULTS.equals(child.getLocalName())) {
            if (domPolicySet.getPolicyDefaults() != null && !bLenient) {
              throw DOMUtil.newUnexpectedElementException(child, nodePolicySet);
            }
            domPolicySet.setPolicyDefaults(
                DOMPolicyDefaults.newInstance(child, policyDefaultsParent));
          }
        }
        if (domPolicySet.getPolicyDefaults() == null) {
          domPolicySet.setPolicyDefaults(policyDefaultsParent);
        }

        /*
         * Now process the other elements so we can pull up the parent policy defaults
         */
        for (int i = 0; i < numChildren; i++) {
          Node child = children.item(i);
          if (DOMUtil.isElement(child)) {
            if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) {
              String childName = child.getLocalName();
              if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) {
                if (domPolicySet.getDescription() != null && !bLenient) {
                  throw DOMUtil.newUnexpectedElementException(child, nodePolicySet);
                }
                domPolicySet.setDescription(child.getTextContent());
              } else if (XACML3.ELEMENT_POLICYISSUER.equals(childName)) {
                if (domPolicySet.getPolicyIssuer() != null && !bLenient) {
                  throw DOMUtil.newUnexpectedElementException(child, nodePolicySet);
                }
                domPolicySet.setPolicyIssuer(DOMPolicyIssuer.newInstance(child));
              } else if (XACML3.ELEMENT_POLICYSETDEFAULTS.equals(childName)) {
              } else if (XACML3.ELEMENT_TARGET.equals(childName)) {
                if (domPolicySet.getTarget() != null && !bLenient) {
                  throw DOMUtil.newUnexpectedElementException(child, nodePolicySet);
                }
                domPolicySet.setTarget(DOMTarget.newInstance(child));
              } else if (XACML3.ELEMENT_POLICYSET.equals(childName)) {
                domPolicySet.addChild(
                    DOMPolicySet.newInstance(
                        child, domPolicySet, domPolicySet.getPolicyDefaults()));
              } else if (XACML3.ELEMENT_POLICY.equals(childName)) {
                domPolicySet.addChild(
                    DOMPolicy.newInstance(child, domPolicySet, domPolicySet.getPolicyDefaults()));
              } else if (XACML3.ELEMENT_POLICYIDREFERENCE.equals(childName)) {
                domPolicySet.addChild(DOMPolicyIdReference.newInstance(child, domPolicySet));
              } else if (XACML3.ELEMENT_POLICYSETIDREFERENCE.equals(childName)) {
                domPolicySet.addChild(DOMPolicySetIdReference.newInstance(child, domPolicySet));
              } else if (XACML3.ELEMENT_COMBINERPARAMETERS.equals(childName)) {
                domPolicySet.addCombinerParameters(DOMCombinerParameter.newList(child));
              } else if (XACML3.ELEMENT_POLICYCOMBINERPARAMETERS.equals(childName)) {
                domPolicySet.addPolicyCombinerParameter(
                    DOMPolicyCombinerParameter.newInstance(child));
              } else if (XACML3.ELEMENT_POLICYSETCOMBINERPARAMETERS.equals(childName)) {
                domPolicySet.addPolicyCombinerParameter(
                    DOMPolicySetCombinerParameter.newInstance(child));
              } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) {
                if ((iterator = domPolicySet.getObligationExpressions()) != null
                    && iterator.hasNext()
                    && !bLenient) {
                  throw DOMUtil.newUnexpectedElementException(child, nodePolicySet);
                }
                domPolicySet.setObligationExpressions(DOMObligationExpression.newList(child, null));
              } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) {
                if ((iterator = domPolicySet.getAdviceExpressions()) != null
                    && iterator.hasNext()
                    && !bLenient) {
                  throw DOMUtil.newUnexpectedElementException(child, nodePolicySet);
                }
                domPolicySet.setAdviceExpressions(DOMAdviceExpression.newList(child, null));
              } else if (!bLenient) {
                throw DOMUtil.newUnexpectedElementException(child, nodePolicySet);
              }
            } else if (!bLenient) {
              throw DOMUtil.newUnexpectedElementException(child, nodePolicySet);
            }
          }
        }
      }
      if (domPolicySet.getTarget() == null && !bLenient) {
        throw DOMUtil.newMissingElementException(
            nodePolicySet, XACML3.XMLNS, XACML3.ELEMENT_TARGET);
      }

      /*
       * Get the attributes
       */
      domPolicySet.setIdentifier(
          DOMUtil.getIdentifierAttribute(
              elementPolicySet, XACML3.ATTRIBUTE_POLICYSETID, !bLenient));
      domPolicySet.setVersion(
          DOMUtil.getVersionAttribute(elementPolicySet, XACML3.ATTRIBUTE_VERSION, !bLenient));

      identifier =
          DOMUtil.getIdentifierAttribute(
              elementPolicySet, XACML3.ATTRIBUTE_POLICYCOMBININGALGID, !bLenient);
      CombiningAlgorithm<PolicySetChild> combiningAlgorithm = null;
      try {
        combiningAlgorithm =
            CombiningAlgorithmFactory.newInstance().getPolicyCombiningAlgorithm(identifier);
      } catch (FactoryException ex) {
        if (!bLenient) {
          throw new DOMStructureException("Failed to get CombinginAlgorithm", ex);
        }
      }
      if (combiningAlgorithm == null && !bLenient) {
        throw new DOMStructureException(
            elementPolicySet,
            "Unknown policy combining algorithm \""
                + identifier
                + "\" in \""
                + DOMUtil.getNodeLabel(nodePolicySet));
      } else {
        domPolicySet.setPolicyCombiningAlgorithm(combiningAlgorithm);
      }

      if ((integer =
              DOMUtil.getIntegerAttribute(elementPolicySet, XACML3.ATTRIBUTE_MAXDELEGATIONDEPTH))
          != null) {
        domPolicySet.setMaxDelegationDepth(integer);
      }
    } catch (DOMStructureException ex) {
      domPolicySet.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage());
      if (DOMProperties.throwsExceptions()) {
        throw ex;
      }
    }

    return domPolicySet;
  }