CachedMapBasedSimplePolicyRepository.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.utils.xacml;

  23. import java.io.ByteArrayOutputStream;
  24. import java.io.IOException;
  25. import java.math.BigInteger;
  26. import java.security.MessageDigest;
  27. import java.security.NoSuchAlgorithmException;
  28. import java.util.ArrayList;
  29. import java.util.Arrays;
  30. import java.util.Collection;
  31. import java.util.HashMap;
  32. import java.util.List;
  33. import java.util.Map;

  35. import org.herasaf.xacml.core.WritingException;
  36. import org.herasaf.xacml.core.context.impl.AttributeType;
  37. import org.herasaf.xacml.core.context.impl.RequestType;
  38. import org.herasaf.xacml.core.context.impl.ResourceType;
  39. import org.herasaf.xacml.core.dataTypeAttribute.impl.StringDataTypeAttribute;
  40. import org.herasaf.xacml.core.function.Function;
  41. import org.herasaf.xacml.core.function.impl.equalityPredicates.StringEqualFunction;
  42. import org.herasaf.xacml.core.policy.Evaluatable;
  43. import org.herasaf.xacml.core.policy.EvaluatableID;
  44. import org.herasaf.xacml.core.policy.PolicyMarshaller;
  45. import org.herasaf.xacml.core.policy.impl.ActionAttributeDesignatorType;
  46. import org.herasaf.xacml.core.policy.impl.ActionMatchType;
  47. import org.herasaf.xacml.core.policy.impl.ActionsType;
  48. import org.herasaf.xacml.core.policy.impl.EvaluatableIDImpl;
  49. import org.herasaf.xacml.core.policy.impl.ObjectFactory;
  50. import org.herasaf.xacml.core.policy.impl.PolicyType;
  51. import org.herasaf.xacml.core.policy.impl.ResourceAttributeDesignatorType;
  52. import org.herasaf.xacml.core.policy.impl.ResourceMatchType;
  53. import org.herasaf.xacml.core.policy.impl.ResourcesType;
  54. import org.herasaf.xacml.core.policy.impl.TargetType;
  55. import org.herasaf.xacml.core.simplePDP.OrderedMapBasedSimplePolicyRepository;
  56. import org.slf4j.Logger;

  58. /**
  59.  * CachedMapBasedSimplePolicyRepository
  60.  *
  61.  * @author Bussu Giovanni (bussu@link.it)
  62.  * @author $Author$
  63.  * @version $Rev$, $Date$
  64.  */
  65. public class CachedMapBasedSimplePolicyRepository extends
  66. OrderedMapBasedSimplePolicyRepository {

  68.     private Map<EvaluatableID, String> cacheMap;
  69.     private MessageDigest md;
  70.     private Logger log;
  71.     /**
  72.      * Indicazione se usare la risorsa (con attribute id dato da RESOURCE_ATTRIBUTE_ID_TO_MATCH)
  73.      * o la action (con attribute id dato da ACTION_ATTRIBUTE_ID_TO_MATCH)
  74.      * per capire qual e' la policy da usare
  75.      */
  76.     public static final boolean USE_RESOURCE_TO_MATCH_POLICY = true;
  77.     
  78.     
  79.     public static final String RESOURCE_ATTRIBUTE_ID_TO_MATCH = "___resource-id___";
  80.     public static final String ACTION_ATTRIBUTE_ID_TO_MATCH = "urn:oasis:names:tc:xacml:1.0:action:action-id";

  82.     public CachedMapBasedSimplePolicyRepository(Logger log) throws PolicyException {
  83.         super();
  84.         this.cacheMap = new HashMap<EvaluatableID, String>();
  85.         this.log = log;
  86.         try {
  87.             this.md = MessageDigest.getInstance("SHA-256");
  88.         } catch (NoSuchAlgorithmException e) {
  89.             throw new PolicyException(e);
  90.         }
  91.     }

  93.     public boolean existsPolicy(EvaluatableID id, String policyString) {
  94.         return this.cacheMap.containsKey(id) && this.cacheMap.get(id).equals(this.hash(policyString));
  95.     }

  97.     public void deploy(Evaluatable evaluatable, String policyString) {
  98.         if(super.individualEvaluatables.containsKey(evaluatable.getId())) {
  99.             this.undeploy(evaluatable.getId());
  100.         }
  101.         super.deploy(evaluatable);
  102.         this.cacheMap.put(evaluatable.getId(), this.hash(policyString));
  103.     }

  105.     @Override
  106.     public void deploy(Evaluatable evaluatable) {
  107.         if(USE_RESOURCE_TO_MATCH_POLICY) {
  108.             addResourceToPolicy((PolicyType)evaluatable, evaluatable.getId().toString());
  109.         } else {
  110.             addActionToPolicy((PolicyType)evaluatable, evaluatable.getId().toString());
  111.         }

  113.         if(super.individualEvaluatables.containsKey(evaluatable.getId())) {
  114.             this.undeploy(evaluatable.getId());
  115.         }
  116.         super.deploy(evaluatable);
  117.         this.cacheMap.put(evaluatable.getId(), this.hash(unmarshallPolicy(evaluatable)));
  118.     }

  120.     private static void addActionToPolicy(PolicyType policy1, String key) {
  121.         
  122.         ObjectFactory factory = new ObjectFactory();
  123.         
  124.         TargetType target = factory.createTargetType();
  125.         
  126.         if(policy1.getTarget() != null) {
  127.             target = policy1.getTarget();
  128.         }

  130.         org.herasaf.xacml.core.policy.impl.ActionType action =  factory.createActionType();

  132.         ActionMatchType actionMatch = factory.createActionMatchType();
  133.         Function function = new StringEqualFunction();
  134.         actionMatch.setMatchFunction(function);
  135.         ActionAttributeDesignatorType attributeDesignator = factory.createActionAttributeDesignatorType();
  136.         attributeDesignator.setMustBePresent(true);
  137.         attributeDesignator.setAttributeId(ACTION_ATTRIBUTE_ID_TO_MATCH);
  138.         attributeDesignator.setDataType(new StringDataTypeAttribute());
  139.         actionMatch.setActionAttributeDesignator(attributeDesignator);
  140.         org.herasaf.xacml.core.policy.impl.AttributeValueType attributeValue = new org.herasaf.xacml.core.policy.impl.AttributeValueType();
  141.         attributeValue.getContent().add(key);
  142.         attributeValue.setDataType(new StringDataTypeAttribute());
  143.         actionMatch.setAttributeValue(attributeValue);
  144.         action.getActionMatches().add(actionMatch);
  145.         ActionsType actions = factory.createActionsType();
  146.         actions.getActions().add(action);
  147.         target.setActions(actions);
  148.         policy1.setTarget(target);
  149.     }

  151.     private static void addResourceToPolicy(PolicyType policy1, String key) {
  152.         
  153.         ObjectFactory factory = new ObjectFactory();
  154.         
  155.         TargetType target = factory.createTargetType();
  156.         
  157.         if(policy1.getTarget() != null) {
  158.             target = policy1.getTarget();
  159.         }

  161.         org.herasaf.xacml.core.policy.impl.ResourceType resource =  factory.createResourceType();

  163.         ResourceMatchType resourceMatch = factory.createResourceMatchType();
  164.         Function function = new StringEqualFunction();
  165.         resourceMatch.setMatchFunction(function);
  166.         ResourceAttributeDesignatorType attributeDesignator = factory.createResourceAttributeDesignatorType();
  167.         attributeDesignator.setMustBePresent(true);
  168.         attributeDesignator.setAttributeId(RESOURCE_ATTRIBUTE_ID_TO_MATCH);
  169.         attributeDesignator.setDataType(new StringDataTypeAttribute());
  170.         resourceMatch.setResourceAttributeDesignator(attributeDesignator);
  171.         org.herasaf.xacml.core.policy.impl.AttributeValueType attributeValue = new org.herasaf.xacml.core.policy.impl.AttributeValueType();
  172.         attributeValue.getContent().add(key);
  173.         attributeValue.setDataType(new StringDataTypeAttribute());
  174.         resourceMatch.setAttributeValue(attributeValue);
  175.         resource.getResourceMatches().add(resourceMatch);
  176.         ResourcesType resources = factory.createResourcesType();
  177.         resources.getResources().add(resource);
  178.         target.setResources(resources);
  179.         policy1.setTarget(target);
  180.     }

  182.     public String unmarshallPolicy(Evaluatable eval) {
  183.         ByteArrayOutputStream baos = null;
  184.         try{
  185.             baos = new ByteArrayOutputStream();
  186.             PolicyMarshaller.marshal(eval, baos);
  187.             return baos.toString();
  188.         } catch(WritingException e) {
  189.             return null;
  190.         } finally {
  191.             if(baos != null) {
  192.                 try {
  193.                     baos.flush();
  194.                 } catch (IOException e) {}
  195.                 try {
  196.                     baos.close();
  197.                 } catch (IOException e) {}
  198.             }
  199.         }
  200.     }
  201.     
  202.     public void deploy(Collection<Evaluatable> evaluatables, String policyString) {
  203.         for (Evaluatable eval : evaluatables) {
  204.             this.deploy(eval, this.hash(policyString));
  205.         }
  206.     }

  208.     @Override
  209.     public void undeploy(EvaluatableID evaluatable) {
  210.         super.undeploy(evaluatable);
  211.         this.cacheMap.remove(evaluatable);
  212.     }

  214.     public void undeploy(Collection<EvaluatableID> evaluatables, String policyString) {
  215.         super.undeploy(evaluatables);
  216.         for (EvaluatableID eval : evaluatables) {
  217.             this.cacheMap.remove(eval);
  218.         }
  219.     }


  222.     private String hash(String policyString) {
  223.         String digest = toHex(this.md.digest(policyString.getBytes()));
  224.         return digest;
  225.     }

  227.     private static String toHex(byte[] bytes) {
  228.         BigInteger bi = new BigInteger(1, bytes);
  229.         return String.format("%0" + (bytes.length << 1) + "X", bi);
  230.     }
  231.     
  232.     @Override
  233.     public List<Evaluatable> getEvaluatables(RequestType request) {
  234.         try {
  235.             String key = getKey(request);
  236.             this.log.info("KEY: " + key);
  237.             if(key != null) {
  238.                 EvaluatableIDImpl policyId = new EvaluatableIDImpl(key);
  239.                 Evaluatable eval = super.getEvaluatable(policyId);
  240.                 this.log.info("eval is null? " + (eval == null));
  241.                 if(eval != null) {
  242.                     ByteArrayOutputStream baos = new ByteArrayOutputStream();
  243.                     PolicyMarshaller.marshal(eval, baos);
  244.                     this.log.info("eval:" +new String(baos.toByteArray()));
  245.                 }
  246.                 return Arrays.asList(eval);
  247.             } else {
  248.                 return new ArrayList<Evaluatable>();
  249.             }
  250.         } catch(Exception e){}
  251.         return super.getEvaluatables(request);              
  252.     }

  254.     private String getKey(RequestType request) {
  255.         try {
  256.             if(USE_RESOURCE_TO_MATCH_POLICY) {
  257.                 for(ResourceType resource: request.getResources()) {
  258.                     for(AttributeType attribute: resource.getAttributes()) {
  259.                         if(attribute.getAttributeId().equals(RESOURCE_ATTRIBUTE_ID_TO_MATCH)) {
  260.                             return (String) attribute.getAttributeValues().get(0).getContent().get(0); 
  261.                         }
  262.                     }
  263.                 }
  264.                 return null;
  265.             } else {
  266.                 for(AttributeType attribute: request.getAction().getAttributes()) {
  267.                     if(attribute.getAttributeId().equals(ACTION_ATTRIBUTE_ID_TO_MATCH)) {
  268.                         return (String) attribute.getAttributeValues().get(0).getContent().get(0); 
  269.                     }
  270.                 }
  271.                 return null;
  272.             }
  273.             
  274.         } catch(Exception e) {
  275.             return null;
  276.         }
  277.     }

  279. }
Created with JaCoCo 0.8.8.202204050719