source: java/net/deterlab/abac/Role.java @ 8fac851

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 8fac851 was cac4c76, checked in by Mike Ryan <mikeryan@…>, 13 years ago

support for creating intersection roles and adding them to the
credential graph. Implied edges are properly created in the credential
graph, but they are not returned in queries.
  • Property mode set to 100644
File size: 4.3 KB
Line 
1package net.deterlab.abac;
2
3/**
4 * Represents a role, which is a vertex in a Credential graph.
5 */
6public class Role {
7    private String m_string;
8    private String[] m_parts;
9    private String m_A_r1, m_r2;
10    private String m_prefix;
11    private Role[] m_prereqs;
12
13    /**
14     * Create a role from a string. A single role must be of the format "A",
15     * "A.r1", or "A.r1.r2", where A is a principal and r1 and r2 are role
16     * names. This constructor also supports intersection roles: a sequence of
17     * two or more roles separated by " &amp; ".
18     *
19     * If the string does not have this format, the constructor throws a
20     * RuntimeException.
21     */
22    public Role(String s) throws RuntimeException {
23        m_string = s;
24
25        // intersection roles have at least two roles separated by " & "
26        String[] isect_roles = s.split(" & ");
27
28        // ordinary role
29        if (isect_roles.length == 1)
30            single_role();
31
32        // intersection role: make a list of prereqs
33        else {
34            m_prereqs = new Role[isect_roles.length];
35            for (int i = 0; i < isect_roles.length; ++i)
36                m_prereqs[i] = new Role(isect_roles[i]);
37
38            // this make is_principal etc. work properly
39            m_parts = new String[0];
40        }
41    }
42
43    /**
44     * Initialize a single non-intersection role. See constructor for details of
45     * role format. Will throw RuntimeException if the role is invalid.
46     */
47    private void single_role() throws RuntimeException {
48        m_parts = m_string.split("\\.");
49        if (m_parts.length > 3)
50            throw new RuntimeException("Not a valid role: " + m_string);
51
52        // linking role: prefix is A.r1 from A.r1.r2
53        if (is_linking()) {
54            m_A_r1 = m_parts[0] + "." + m_parts[1];
55            m_r2 = m_parts[2];
56            m_prefix = m_A_r1;
57        }
58
59        // role: prefix is A from A.r1
60        else if (is_role())
61            m_prefix = m_parts[0];
62
63        // principal: prefix is the whole thing
64        else
65            m_prefix = m_string;
66    }
67
68    /**
69     * Returns true iff the role is a principal.
70     */
71    public boolean is_principal() { return m_parts.length == 1; }
72
73    /**
74     * Returns true iff the role is a role (i.e., A.r1).
75     */
76    public boolean is_role() { return m_parts.length == 2; }
77
78    /**
79     * Returns true iff the role is a linking role (i.e., A.r1.r2).
80     */
81    public boolean is_linking() { return m_parts.length == 3; }
82
83    /**
84     * Returns true iff the role represents an intersection role.
85     */
86    public boolean is_intersection() { return m_prereqs != null; }
87
88    /**
89     * Returns the first two elements of a linking role's name. This typically
90     * refers to another role in the graph. This will throw a runtime
91     * exception if the node is not a linking role.
92     */
93    public String A_r1() throws RuntimeException {
94        if (!is_linking())
95            throw new RuntimeException("Not a linking role");
96        return m_A_r1;
97    }
98
99    /**
100     * Return the last element of a linking role's name. This will throw a
101     * runtime exception if the node is not a linking role.
102     */
103    public String r2() throws RuntimeException {
104        if (!is_linking())
105            throw new RuntimeException("Not a linking role");
106        return m_r2;
107    }
108
109    /**
110     * Returns the principal part of a role or principal. This is everything
111     * except the last element of the name.
112     */
113    public String principal_part() {
114        return m_prefix;
115    }
116
117    /**
118     * Returns true if the principal part of the name matches a prefix. This
119     * is used when filtering graphs.
120     */
121    public boolean matches(String prefix) {
122        return prefix.length() == 0 || m_prefix.equals(prefix);
123    }
124
125    /**
126     * Get the roles that form the prerequisites to this intersection. Throws
127     * a runtime exception if this is not an intersection role.
128     */
129    public Role[] prereqs() throws RuntimeException {
130        if (!is_intersection())
131            throw new RuntimeException("Not an intersection role.");
132
133        return m_prereqs;
134    }
135
136    public String toString() {
137        return m_string;
138    }
139
140    public boolean equals(Object v2) {
141        if (v2 instanceof Role)
142            return m_string.equals(((Role)v2).m_string);
143        return false;
144    }
145
146    public int hashCode() {
147        return m_string.hashCode();
148    }
149}
Note: See TracBrowser for help on using the repository browser.