org/objectweb/proactive/ext/security/PolicyServer.java

00001 /* 
00002  * ################################################################
00003  * 
00004  * ProActive: The Java(TM) library for Parallel, Distributed, 
00005  *            Concurrent computing with Security and Mobility
00006  * 
00007  * Copyright (C) 1997-2007 INRIA/University of Nice-Sophia Antipolis
00008  * Contact: proactive@objectweb.org
00009  * 
00010  * This library is free software; you can redistribute it and/or
00011  * modify it under the terms of the GNU Lesser General Public
00012  * License as published by the Free Software Foundation; either
00013  * version 2.1 of the License, or any later version.
00014  *  
00015  * This library is distributed in the hope that it will be useful,
00016  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00017  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00018  * Lesser General Public License for more details.
00019  * 
00020  * You should have received a copy of the GNU Lesser General Public
00021  * License along with this library; if not, write to the Free Software
00022  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
00023  * USA
00024  *  
00025  *  Initial developer(s):               The ProActive Team
00026  *                        http://www.inria.fr/oasis/ProActive/contacts.html
00027  *  Contributor(s): 
00028  * 
00029  * ################################################################
00030  */ 
00031 package org.objectweb.proactive.ext.security;
00032 
00033 import java.io.ByteArrayInputStream;
00034 import java.io.ByteArrayOutputStream;
00035 import java.io.FileInputStream;
00036 import java.io.FileNotFoundException;
00037 import java.io.IOException;
00038 import java.io.ObjectInputStream;
00039 import java.io.ObjectOutputStream;
00040 import java.io.Serializable;
00041 import java.security.KeyStore;
00042 import java.security.KeyStoreException;
00043 import java.security.NoSuchAlgorithmException;
00044 import java.security.NoSuchProviderException;
00045 import java.security.cert.CertificateEncodingException;
00046 import java.security.cert.CertificateException;
00047 import java.security.cert.X509Certificate;
00048 import java.util.ArrayList;
00049 
00050 import org.apache.log4j.Logger;
00051 import org.objectweb.proactive.core.util.log.Loggers;
00052 import org.objectweb.proactive.core.util.log.ProActiveLogger;
00053 import org.objectweb.proactive.ext.security.exceptions.ComputePolicyException;
00054 import org.objectweb.proactive.ext.security.exceptions.SecurityNotAvailableException;
00055 import org.objectweb.proactive.ext.security.securityentity.DefaultEntity;
00056 import org.objectweb.proactive.ext.security.securityentity.Entity;
00057 
00058 
00064 public class PolicyServer implements Serializable, Cloneable {
00065     static Logger log = ProActiveLogger.getLogger(Loggers.SECURITY);
00066     private static int REQUIRED = 1;
00067     private static int DENIED = -1;
00068     private static int OPTIONAL = 0;
00069     protected ArrayList<PolicyRule> policyRules;
00070     protected String policyRulesFileLocation;
00071     protected String applicationName;
00072     protected transient KeyStore keyStore;
00073     protected byte[] encodedKeyStore;
00074 
00075     public PolicyServer() {
00076         ProActiveSecurity.loadProvider();
00077     }
00078 
00079     public PolicyServer(PolicyRule[] policyRules) {
00080         this.policyRules = new ArrayList<PolicyRule>();
00081         for (int i = 0; i < policyRules.length; i++) {
00082             this.policyRules.add(policyRules[i]);
00083         }
00084     }
00085 
00086     public PolicyServer(ArrayList<PolicyRule> policyRules) {
00087         this.policyRules = policyRules;
00088     }
00089 
00090     public PolicyServer(KeyStore keyStore, ArrayList<PolicyRule> policyRules) {
00091         this.policyRules = policyRules;
00092         this.keyStore = keyStore;
00093     }
00094 
00095     private int convert(String name) {
00096         if (name.equals("required") || name.equals("allowed") ||
00097                 name.equals("authorized")) {
00098             return REQUIRED;
00099         } else if (name.equals("denied")) {
00100             return DENIED;
00101         } else {
00102             return OPTIONAL;
00103         }
00104     }
00105 
00106     public SecurityContext getPolicy(SecurityContext securityContext)
00107         throws SecurityNotAvailableException {
00108         ArrayList<Entity> entitiesFrom = securityContext.getEntitiesFrom();
00109         ArrayList<Entity> entitiesTo = securityContext.getEntitiesTo();
00110 
00111         if (policyRules == null) {
00112             ProActiveLogger.getLogger(Loggers.SECURITY_POLICY).debug("trying to find a policy whereas none has been set" +
00113                 this + "    " + policyRules);
00114             throw new SecurityNotAvailableException();
00115         }
00116 
00117         PolicyRule policy = null;
00118         PolicyRule matchingPolicy = null;
00119         PolicyRule defaultPolicy = new PolicyRule();
00120         Communication communication;
00121 
00122         if ((entitiesFrom == null) || (entitiesFrom.size() == 0)) {
00123             entitiesFrom = new ArrayList<Entity>();
00124             entitiesFrom.add(new DefaultEntity());
00125         }
00126         if ((entitiesTo == null) || (entitiesTo.size() == 0)) {
00127             entitiesTo = new ArrayList<Entity>();
00128             entitiesTo.add(new DefaultEntity());
00129         }
00130 
00131         boolean matchingFrom;
00132         boolean matchingTo;
00133         boolean matchingFromDefault;
00134         boolean matchingToDefault;
00135         matchingFrom = matchingTo = matchingFromDefault = matchingToDefault = false;
00136         int length = policyRules.size();
00137 
00138         if (ProActiveLogger.getLogger(Loggers.SECURITY_POLICYSERVER)
00139                                .isDebugEnabled()) {
00140             String s = "================================\nFrom :";
00141             for (int i = 0; i < entitiesFrom.size(); i++)
00142                 s += (((Entity) entitiesFrom.get(i)) + " ");
00143             s += "\nTo :";
00144             for (int i = 0; i < entitiesTo.size(); i++)
00145                 s += (((Entity) entitiesTo.get(i)) + " ");
00146             ProActiveLogger.getLogger(Loggers.SECURITY_POLICYSERVER).debug(s +
00147                 "\n=================================\n");
00148         }
00149 
00150         // iterate on all rules
00151         for (int i = 0; i < length; i++) {
00152             // retreiving a rule 
00153             policy = (PolicyRule) policyRules.get(i);
00154 
00155             ArrayList policyEntitiesFrom = policy.getEntitiesFrom();
00156 
00157             // testing if From tag matches From entities 
00158             for (int j = 0; !matchingFrom && (j < policyEntitiesFrom.size());
00159                     j++) {
00160                 // from rules entities
00161                 Entity policyEntityFrom = (Entity) policyEntitiesFrom.get(j);
00162 
00163                 //System.out.println("testing from" + policyEntityFrom);
00164                 for (int z = 0; !matchingFrom && (z < entitiesFrom.size());
00165                         z++) {
00166                     Entity entity = (Entity) entitiesFrom.get(z);
00167 
00168                     //System.out.println("testing from -------------" + entity);
00169                     if (policyEntityFrom instanceof DefaultEntity) {
00170                         matchingFromDefault = true;
00171                     } else if (policyEntityFrom.equals(entity)) {
00172                         //System.out.println("Matching From " + policyEntityFrom);
00173                         matchingFrom = true;
00174                     }
00175                 }
00176             }
00177 
00178             // testing To rules
00179             ArrayList policyEntitiesTo = policy.getEntitiesTo();
00180 
00181             for (int j = 0; !matchingTo && (j < policyEntitiesTo.size());
00182                     j++) {
00183                 // retrieves To rule entities 
00184                 Entity policyEntityTo = (Entity) policyEntitiesTo.get(j);
00185 
00186                 //System.out.println("testing to" + policyEntityTo );
00187                 for (int z = 0; !matchingTo && (z < entitiesTo.size()); z++) {
00188                     Entity entity = (Entity) entitiesTo.get(z);
00189 
00190                     //  System.out.println("testing to -------------" + entity);
00191                     if (policyEntityTo instanceof DefaultEntity) {
00192                         matchingToDefault = true;
00193                     } else if (policyEntityTo.equals(entity)) {
00194                         //              System.out.println("Matching To " + policyEntityTo);
00195                         matchingTo = true;
00196                     }
00197                 }
00198             }
00199 
00200             //    System.out.println("testing to  matching :" + matchingTo +
00201             //       " -- matchingToDefault " + matchingToDefault);
00202             if (matchingFrom && matchingTo) {
00203                 matchingPolicy = policy;
00204                 ProActiveLogger.getLogger(Loggers.SECURITY_POLICY).debug("matching policy is " +
00205                     policy);
00206                 break;
00207             }
00208             if (matchingToDefault && matchingFromDefault) {
00209                 defaultPolicy = policy;
00210             }
00211 
00212             matchingToDefault = matchingFromDefault = false;
00213             matchingTo = matchingFrom = false;
00214             //System.out.println("----------- reset matching, next rule ---------");
00215         }
00216 
00217         if (matchingPolicy == null) {
00218             matchingPolicy = defaultPolicy;
00219         }
00220 
00221         if (matchingPolicy == null) {
00222             ProActiveLogger.getLogger(Loggers.SECURITY_POLICY).warn("default Policy is null !!!!!!!!!!!!!!");
00223         }
00224 
00225         ProActiveLogger.getLogger(Loggers.SECURITY_POLICY).debug("Found Policy : " +
00226             matchingPolicy);
00227 
00228         //  TODOSECURITY split receive of a request or a reply 
00229         if ((securityContext.getType() == SecurityContext.COMMUNICATION_RECEIVE_REQUEST_FROM) ||
00230                 (securityContext.getType() == SecurityContext.COMMUNICATION_RECEIVE_REPLY_FROM)) {
00231             communication = matchingPolicy.getCommunicationReply();
00232             communication.setCommunication(1);
00233             securityContext.setReceiveReply(communication);
00234             securityContext.setReceiveRequest(communication);
00235         } else {
00236             communication = matchingPolicy.getCommunicationRequest();
00237             ProActiveLogger.getLogger(Loggers.SECURITY_POLICY).debug("communication is " +
00238                 communication);
00239             communication.setCommunication(1);
00240             securityContext.setSendReply(communication);
00241             securityContext.setSendRequest(communication);
00242         }
00243 
00244         if (securityContext.getType() == SecurityContext.MIGRATION_TO) {
00245             securityContext.setMigration(matchingPolicy.isMigration());
00246         }
00247 
00248         return securityContext;
00249     }
00250 
00251     public Communication getPolicyTo(String type, String virtualNodeFrom,
00252         String virtualNodeTo) throws SecurityNotAvailableException {
00253         //        if (p == null) {
00254         //            logger.debug("SEcurityNamfndjdhuidss crac r cd boium");
00255         //            throw new SecurityNotAvailableException();
00256         //        }
00257         if (true) {
00258             throw new RuntimeException("DEPRECATED METHOD : UPDATE !!!");
00259         }
00260         return null;
00261     }
00262 
00263     public int[] computePolicy(int[] from, int[] to)
00264         throws ComputePolicyException {
00265         //    logger.info("calculating composed policy");
00266         if (((from[0] == REQUIRED) && (to[0] == DENIED)) ||
00267                 ((from[1] == REQUIRED) && (to[1] == DENIED)) ||
00268                 ((from[2] == REQUIRED) && (to[2] == DENIED)) ||
00269                 ((from[0] == DENIED) && (to[0] == REQUIRED)) ||
00270                 ((from[1] == DENIED) && (to[1] == REQUIRED)) ||
00271                 ((from[2] == DENIED) && (to[2] == REQUIRED))) {
00272             throw new ComputePolicyException("incompatible policies");
00273         }
00274 
00275         return new int[] { from[0] + to[0], from[1] + to[1], from[2] + to[2] };
00276     }
00277 
00278     public boolean CanSendRequestTo(X509Certificate distantOA) {
00279         return false;
00280     }
00281 
00282     public boolean CanReceiveRequestFrom(X509Certificate distantOA) {
00283         return false;
00284     }
00285 
00286     public boolean CanSendReplyTo(X509Certificate distantOA) {
00287         return false;
00288     }
00289 
00290     public boolean CanReceiveReplyFrom(X509Certificate distantOA) {
00291         return false;
00292     }
00293 
00294     public boolean CanMigrateTo(X509Certificate distantOA) {
00295         return false;
00296     }
00297 
00298     public boolean canMigrateTo(String type, String from, String to) {
00299         try {
00300             System.out.println("Migration from " + from + "to" + to);
00301             ArrayList<Entity> arrayFrom = new ArrayList<Entity>();
00302             ArrayList<Entity> arrayTo = new ArrayList<Entity>();
00303 
00304             SecurityContext sc = new SecurityContext(SecurityContext.MIGRATION_TO,
00305                     arrayFrom, arrayTo);
00306             return getPolicy(sc).isMigration();
00307         } catch (SecurityNotAvailableException e) {
00308             // no security all is permitted
00309             return true;
00310         }
00311     }
00312 
00313     public String toString() {
00314         String s = null;
00315         s = "ApplicationName : " + applicationName + "\nfile: " +
00316             policyRulesFileLocation + "\n";
00317         for (int i = 0; i < policyRules.size(); i++) {
00318             s += policyRules.get(i);
00319         }
00320 
00321         return s;
00322     }
00323 
00324     // implements Serializable
00325     private void writeObject(java.io.ObjectOutputStream out)
00326         throws IOException {
00327         if (keyStore != null) {
00328             ByteArrayOutputStream bout = null;
00329             try {
00330                 //  keyStore = KeyStore.getInstance("PKCS12", "BC");
00331                 //keyStore.load(null, null);
00332                 //
00333                 // if you haven't set the friendly name and local key id above
00334                 // the name below will be the name of the key
00335                 //
00336 
00337                 /*
00338                    if (certificate != null) {
00339                        keyStore.setCertificateEntry("entityCertificate", certificate);
00340                    }
00341                    keyStore.setCertificateEntry("applicationCertificate",
00342                        applicationCertificate);
00343                  */
00344                 bout = new ByteArrayOutputStream();
00345 
00346                 keyStore.store(bout, "ha".toCharArray());
00347 
00348                 encodedKeyStore = bout.toByteArray();
00349                 keyStore = null;
00350                 bout.close();
00351             } catch (CertificateEncodingException e) {
00352                 e.printStackTrace();
00353             } catch (IOException e) {
00354                 e.printStackTrace();
00355             } catch (KeyStoreException e) {
00356                 // TODOSECURITYSECURITY Auto-generated catch block
00357                 e.printStackTrace();
00358             } catch (NoSuchAlgorithmException e) {
00359                 // TODOSECURITYSECURITY Auto-generated catch block
00360                 e.printStackTrace();
00361             } catch (CertificateException e) {
00362                 // TODOSECURITYSECURITY Auto-generated catch block
00363                 e.printStackTrace();
00364             }
00365         }
00366         out.defaultWriteObject();
00367     }
00368 
00369     private void readObject(java.io.ObjectInputStream in)
00370         throws IOException, ClassNotFoundException {
00371         in.defaultReadObject();
00372         if (encodedKeyStore != null) {
00373             try {
00374                 keyStore = KeyStore.getInstance("PKCS12", "BC");
00375                 keyStore.load(new ByteArrayInputStream(encodedKeyStore),
00376                     "ha".toCharArray());
00377                 encodedKeyStore = null;
00378             } catch (KeyStoreException e) {
00379                 e.printStackTrace();
00380             } catch (NoSuchProviderException e) {
00381                 e.printStackTrace();
00382             } catch (NoSuchAlgorithmException e) {
00383                 e.printStackTrace();
00384             } catch (CertificateException e) {
00385                 e.printStackTrace();
00386             } catch (IOException e) {
00387                 e.printStackTrace();
00388             }
00389         }
00390     }
00391 
00395     public void setPolicies(ArrayList<PolicyRule> policies) {
00396         ProActiveLogger.getLogger(Loggers.SECURITY_POLICY).info("storing policies");
00397         this.policyRules = policies;
00398     }
00399 
00403     public void setPolicyRulesFileLocation(String uri) {
00404         // for debug only
00405         // set security file path 
00406         policyRulesFileLocation = uri;
00407     }
00408 
00412     public X509Certificate getApplicationCertificate() {
00413         try {
00414             return (X509Certificate) this.keyStore.getCertificate(SecurityConstants.KEYSTORE_APPLICATION_PATH);
00415         } catch (KeyStoreException e) {
00416             e.printStackTrace();
00417         }
00418         return null;
00419     }
00420 
00425     public void setApplicationName(String applicationName) {
00426         this.applicationName = applicationName;
00427     }
00428 
00429     public String getApplicationName() {
00430         return applicationName;
00431     }
00432 
00433     public Object clone() throws CloneNotSupportedException {
00434         PolicyServer clone = null;
00435 
00436         try {
00437             ByteArrayOutputStream bout = new ByteArrayOutputStream();
00438             ObjectOutputStream out = new ObjectOutputStream(bout);
00439 
00440             out.writeObject(this);
00441             out.flush();
00442             bout.close();
00443 
00444             bout.close();
00445 
00446             ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(
00447                         bout.toByteArray()));
00448 
00449             clone = (PolicyServer) ois.readObject();
00450         } catch (IOException e) {
00451             e.printStackTrace();
00452         } catch (ClassNotFoundException e) {
00453             e.printStackTrace();
00454         }
00455 
00456         return clone;
00457     }
00458 
00459     public KeyStore getKeyStore() {
00460         return keyStore;
00461     }
00462 
00463     public void setKeyStore(KeyStore keyStore) {
00464         this.keyStore = keyStore;
00465     }
00466 
00467     public void setPKCS12Keystore(String pkcs12Keystore) {
00468         try {
00469             keyStore = KeyStore.getInstance("PKCS12", "BC");
00470             keyStore.load(new FileInputStream(pkcs12Keystore),
00471                 "ha".toCharArray());
00472         } catch (KeyStoreException e) {
00473             e.printStackTrace();
00474         } catch (NoSuchProviderException e) {
00475             e.printStackTrace();
00476         } catch (NoSuchAlgorithmException e) {
00477             e.printStackTrace();
00478         } catch (CertificateException e) {
00479             e.printStackTrace();
00480         } catch (FileNotFoundException e) {
00481             e.printStackTrace();
00482         } catch (IOException e) {
00483             e.printStackTrace();
00484         }
00485     }
00486 }
Generated on Mon Jan 22 15:16:11 2007 for ProActive by  doxygen 1.5.1