Back to index

nordugrid-arc-nox  1.1.0~rc6
testinterface_arc.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include <iostream>
00006 #include <signal.h>
00007 #include <string>
00008 
00009 #include <arc/security/ArcPDP/Evaluator.h>
00010 #include <arc/security/ArcPDP/EvaluatorLoader.h>
00011 #include <arc/security/ArcPDP/Request.h>
00012 #include <arc/security/ArcPDP/Response.h>
00013 #include <arc/XMLNode.h>
00014 #include <arc/ArcConfig.h>
00015 //#include <arc/loader/ClassLoader.h>
00016 #include <arc/Logger.h>
00017 #include <arc/security/ArcPDP/attr/AttributeValue.h>
00018 #ifdef WIN32
00019 #include <arc/win32.h>
00020 #endif
00021 
00022 int main(void){
00023   signal(SIGTTOU,SIG_IGN);
00024   signal(SIGTTIN,SIG_IGN);
00025   signal(SIGPIPE,SIG_IGN);
00026   Arc::Logger logger(Arc::Logger::rootLogger, "PDPTest");
00027   Arc::LogStream logcerr(std::cerr);
00028   Arc::Logger::rootLogger.addDestination(logcerr);
00029   logger.msg(Arc::INFO, "Start test");
00030 
00031   ArcSec::EvaluatorLoader eval_loader;
00032 
00033   //TEST: ArcEvaluator, ArcPolicy, ArcRequest
00034 
00035   //Load the Evaluator
00036   ArcSec::Evaluator* eval = NULL;
00037   std::string evaluator = "arc.evaluator";
00038   eval = eval_loader.getEvaluator(evaluator);  
00039   if(eval == NULL) {
00040     logger.msg(Arc::ERROR, "Can not dynamically produce Evaluator");
00041     return 0;  
00042   }
00043 
00044   Arc::XMLNode policynode("\
00045    <Policy xmlns=\"http://www.nordugrid.org/ws/schemas/policy-arc\" PolicyId='sm-example:policy1' CombiningAlg='Deny-Overrides'>\
00046     <Rule RuleId='rule1' Effect='Permit'>\
00047      <Subjects>\
00048       <Subject Type='string'>/O=NorduGrid/OU=UIO/CN=test</Subject>\
00049       <Subject Type='string'>/vo.knowarc/usergroupA</Subject>\
00050       <Subject>\
00051        <SubFraction Type='string'>/O=Grid/OU=KnowARC/CN=XYZ</SubFraction>\
00052        <SubFraction Type='string'>urn:mace:shibboleth:examples</SubFraction>\
00053       </Subject>\
00054      </Subjects>\
00055      <Resources>\
00056       <Resource Type='string'>file://home/test</Resource>\
00057      </Resources>\
00058      <Actions Type='string'>\
00059       <Action>read</Action>\
00060       <Action>stat</Action>\
00061       <Action>list</Action>\
00062      </Actions>\
00063      <Conditions>\
00064       <Condition Type='period'>2007-09-10T20:30:20/P1Y1M</Condition>\
00065      </Conditions>\
00066     </Rule>\
00067    </Policy>");
00068   std::string policy_str; policynode.GetXML(policy_str);
00069 
00070   ArcSec::Policy* policy = NULL;
00071   std::string policyclassname = "arc.policy";
00073   ArcSec::SourceFile policy_source("Policy_Example.xml");
00074   //ArcSec::Source policy_source(policy_str);
00075   //ArcSec::Source policy_source(policynode);
00076   policy = eval_loader.getPolicy(policyclassname, policy_source);
00077   if(policy == NULL)
00078     logger.msg(Arc::ERROR, "Can not dynamically produce Policy");
00079 
00080   Arc::XMLNode reqnode("\
00081      <ra:Request xmlns:ra=\"http://www.nordugrid.org/schemas/request-arc\">\
00082       <ra:RequestItem>\
00083        <ra:Subject>\
00084         <ra:Attribute ra:Type='string'>/O=NorduGrid/OU=UIO/CN=test</ra:Attribute>\
00085         <ra:Attribute ra:Type='x500Name'>/O=NorduGrid/OU=UIO/CN=admin</ra:Attribute>\
00086        </ra:Subject>\
00087        <ra:Resource ra:Type='string'>file://home/test</ra:Resource>\
00088        <ra:Action>\
00089         <ra:Attribute ra:Type='string'>read</ra:Attribute>\
00090        </ra:Action>\
00091        <ra:Context ra:Type='period'>2007-09-10T20:30:20/P1Y1M</ra:Context>\
00092       </ra:RequestItem>\
00093      </ra:Request>");
00094   std::string request_str; reqnode.GetXML(request_str);
00095 
00096   ArcSec::Request* request = NULL;
00097   std::string requestclassname = "arc.request";
00099   //ArcSec::Source request_source(reqnode);
00100   ArcSec::Source request_source(request_str);
00101   //ArcSec::SourceFile request_source("Request.xml");
00102   request = eval_loader.getRequest(requestclassname, request_source);
00103 
00104   if(request == NULL)
00105     logger.msg(Arc::ERROR, "Can not dynamically produce Request");
00106 
00108   eval->addPolicy(policy_source);
00109   //eval->addPolicy(policy);
00110  
00111    ArcSec::Response *resp = NULL;
00112  
00114   resp = eval->evaluate(request_source);
00115 
00121   //resp = eval->evaluate(request_source, policy);
00122   //resp = eval->evaluate(request, policy_source);
00123   //resp = eval->evaluate(request_source, policy_source);  
00124   //resp = eval->evaluate(request, policy);
00125 
00127   logger.msg(Arc::INFO, "There is %d subjects, which satisfy at least one policy", (resp->getResponseItems()).size());
00128   ArcSec::ResponseList rlist = resp->getResponseItems();
00129   int size = rlist.size();
00130   for(int i = 0; i< size; i++){
00131     ArcSec::ResponseItem* respitem = rlist[i];
00132     ArcSec::RequestTuple* tp = respitem->reqtp;
00133     ArcSec::Subject::iterator it;
00134     ArcSec::Subject subject = tp->sub;
00135     for (it = subject.begin(); it!= subject.end(); it++){
00136       ArcSec::AttributeValue *attrval;
00137       ArcSec::RequestAttribute *attr;
00138       attr = dynamic_cast<ArcSec::RequestAttribute*>(*it);
00139       if(attr){
00140         attrval = (*it)->getAttributeValue();
00141         if(attrval) logger.msg(Arc::INFO,"Attribute Value inside Subject: %s", attrval->encode());
00142       }
00143     }
00145     //Scan each <RequestItem/> (since the original <RequestItem/> has been splitted, 
00146     //here there is only one <Subject>, <Resource>, <Action>, <Context> under <RequestItem/>), 
00147     //then scan each <Attribute/> under <Subject/>. Since we only return the <RequestItem/>
00148     //which has satisfied the policy, and <Subject> is a must element for <RequestItem>, if 
00149     //there is <Attribute/> exists, we can say the <RequestItem> satisfies the policy.
00150     if(subject.size()>0)
00151       logger.msg(Arc::INFO, "The request has passed the policy evaluation");
00152   }
00153 
00154   if(resp){
00155     delete resp;
00156     resp = NULL;
00157   } 
00158   if(eval) delete eval;
00159   if(request) delete request;
00160 
00161   return 0;
00162 }