Back to index

nordugrid-arc-nox  1.1.0~rc6
XACMLRule.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include <fstream>
00006 #include <iostream>
00007 #include <arc/security/ArcPDP/attr/AttributeValue.h>
00008 #include <arc/security/ArcPDP/attr/BooleanAttribute.h>
00009 #include "XACMLRule.h"
00010 #include <list>
00011 
00012 #include <arc/security/ArcPDP/fn/EqualFunction.h>
00013 
00014 Arc::Logger ArcSec::XACMLRule::logger(Arc::Logger::rootLogger, "XACMLRule");
00015 
00016 using namespace Arc;
00017 using namespace ArcSec;
00018 
00019 XACMLRule::XACMLRule(XMLNode& node, EvaluatorContext* ctx) : Policy(node), 
00020   target(NULL), condition(NULL) {
00021   rulenode = node;
00022   evalres.node = node;
00023   evalres.effect = "Not_applicable";
00024 
00025   attrfactory = (AttributeFactory*)(*ctx);
00026   fnfactory = (FnFactory*)(*ctx);
00027   
00028   id = (std::string)(node.Attribute("RuleId"));
00029   description = (std::string)(node["Description"]);
00030   if((std::string)(node.Attribute("Effect"))=="Permit")
00031     effect="Permit";
00032   else if((std::string)(node.Attribute("Effect"))=="Deny")
00033     effect="Deny";
00034   else
00035     logger.msg(Arc::ERROR, "Invalid Effect");
00036 
00037   XMLNode targetnode = node["Target"];
00038   if(((bool)targetnode) && ((bool)(targetnode.Child()))) 
00039     target = new XACMLTarget(targetnode, ctx);
00040 
00041   XMLNode conditionnode = node["Condition"];
00042   if((bool)conditionnode) condition = new XACMLCondition(conditionnode, ctx);
00043 }
00044 
00045 MatchResult XACMLRule::match(EvaluationCtx* ctx){
00046   MatchResult res;
00047   if(target != NULL) res = target->match(ctx);
00048   else { logger.msg(Arc::ERROR, "No target available inside the rule"); res = INDETERMINATE; }
00049   return res;
00050 }
00051 
00052 Result XACMLRule::eval(EvaluationCtx* ctx){
00053   Result result = DECISION_NOT_APPLICABLE;
00054   if(target != NULL) {
00055     MatchResult matchres = target->match(ctx);
00056     if(matchres == NO_MATCH)  return result;
00057     else if(matchres == INDETERMINATE) {result = DECISION_INDETERMINATE; return result;}
00058   }
00059 
00060   //evaluate the "Condition"
00061   bool cond_res = false;
00062   if(condition != NULL) {
00063     std::list<AttributeValue*> res_list = condition->evaluate(ctx);
00064     AttributeValue* attrval = *(res_list.begin()); 
00065     //Suppose only one "bool" attribute value in the evaluation result.
00066     BooleanAttribute bool_attr(true);
00067     if(attrval->equal(&bool_attr))
00068       cond_res = true;
00069     if(attrval) delete attrval;
00070     if(!cond_res) { result = DECISION_INDETERMINATE; return result; } 
00071   }
00072 
00073   if (effect == "Permit") { 
00074     result = DECISION_PERMIT;
00075     evalres.effect = "Permit";
00076   }
00077   else if (effect == "Deny") {
00078     result = DECISION_DENY;
00079     evalres.effect = "Deny";
00080   }
00081   return result;
00082 }
00083 
00084 std::string XACMLRule::getEffect(){
00085   return effect;
00086 }
00087 
00088 EvalResult& XACMLRule::getEvalResult(){
00089   return evalres;
00090 }
00091 
00092 XACMLRule::~XACMLRule(){
00093   if(target != NULL) delete target;
00094   if(condition != NULL) delete condition;
00095 }