| 1 | package net.deterlab.abac; |
|---|
| 2 | |
|---|
| 3 | /** |
|---|
| 4 | * Represents a role, which is a vertex in a Credential graph. |
|---|
| 5 | */ |
|---|
| 6 | public class Role { |
|---|
| 7 | private String m_string; |
|---|
| 8 | private String[] m_parts; |
|---|
| 9 | private String m_A_r1, m_r2; |
|---|
| 10 | private String m_prefix; |
|---|
| 11 | private Role[] m_prereqs; |
|---|
| 12 | |
|---|
| 13 | /** |
|---|
| 14 | * Create a role from a string. A single role must be of the format "A", |
|---|
| 15 | * "A.r1", or "A.r1.r2", where A is a principal and r1 and r2 are role |
|---|
| 16 | * names. This constructor also supports intersection roles: a sequence of |
|---|
| 17 | * two or more roles separated by "&". The whitespace surrounding & |
|---|
| 18 | * is arbitrary. |
|---|
| 19 | * |
|---|
| 20 | * If the string does not have this format, the constructor throws a |
|---|
| 21 | * RuntimeException. |
|---|
| 22 | */ |
|---|
| 23 | public Role(String s) throws RuntimeException { |
|---|
| 24 | m_string = s; |
|---|
| 25 | |
|---|
| 26 | // intersection roles have at least two roles separated by "&" |
|---|
| 27 | String[] isect_roles = s.split("&"); |
|---|
| 28 | |
|---|
| 29 | // ordinary role |
|---|
| 30 | if (isect_roles.length == 1) |
|---|
| 31 | single_role(); |
|---|
| 32 | |
|---|
| 33 | // intersection role: make a list of prereqs |
|---|
| 34 | else { |
|---|
| 35 | m_prereqs = new Role[isect_roles.length]; |
|---|
| 36 | for (int i = 0; i < isect_roles.length; ++i) |
|---|
| 37 | m_prereqs[i] = new Role(isect_roles[i].trim()); // trim() handles arbitrary whitespace |
|---|
| 38 | |
|---|
| 39 | // this make is_principal etc. work properly |
|---|
| 40 | m_parts = new String[0]; |
|---|
| 41 | } |
|---|
| 42 | } |
|---|
| 43 | |
|---|
| 44 | /** |
|---|
| 45 | * Initialize a single non-intersection role. See constructor for details of |
|---|
| 46 | * role format. Will throw RuntimeException if the role is invalid. |
|---|
| 47 | */ |
|---|
| 48 | private void single_role() throws RuntimeException { |
|---|
| 49 | m_parts = m_string.split("\\."); |
|---|
| 50 | if (m_parts.length > 3) |
|---|
| 51 | throw new RuntimeException("Not a valid role: " + m_string); |
|---|
| 52 | |
|---|
| 53 | // linking role: prefix is A.r1 from A.r1.r2 |
|---|
| 54 | if (is_linking()) { |
|---|
| 55 | m_A_r1 = m_parts[0] + "." + m_parts[1]; |
|---|
| 56 | m_r2 = m_parts[2]; |
|---|
| 57 | m_prefix = m_A_r1; |
|---|
| 58 | } |
|---|
| 59 | |
|---|
| 60 | // role: prefix is A from A.r1 |
|---|
| 61 | else if (is_role()) |
|---|
| 62 | m_prefix = m_parts[0]; |
|---|
| 63 | |
|---|
| 64 | // principal: prefix is the whole thing |
|---|
| 65 | else |
|---|
| 66 | m_prefix = m_string; |
|---|
| 67 | } |
|---|
| 68 | |
|---|
| 69 | /** |
|---|
| 70 | * Returns true iff the role is a principal. |
|---|
| 71 | */ |
|---|
| 72 | public boolean is_principal() { return m_parts.length == 1; } |
|---|
| 73 | |
|---|
| 74 | /** |
|---|
| 75 | * Returns true iff the role is a role (i.e., A.r1). |
|---|
| 76 | */ |
|---|
| 77 | public boolean is_role() { return m_parts.length == 2; } |
|---|
| 78 | |
|---|
| 79 | /** |
|---|
| 80 | * Returns true iff the role is a linking role (i.e., A.r1.r2). |
|---|
| 81 | */ |
|---|
| 82 | public boolean is_linking() { return m_parts.length == 3; } |
|---|
| 83 | |
|---|
| 84 | /** |
|---|
| 85 | * Returns true iff the role represents an intersection role. |
|---|
| 86 | */ |
|---|
| 87 | public boolean is_intersection() { return m_prereqs != null; } |
|---|
| 88 | |
|---|
| 89 | /** |
|---|
| 90 | * Returns the first two elements of a linking role's name. This typically |
|---|
| 91 | * refers to another role in the graph. This will throw a runtime |
|---|
| 92 | * exception if the node is not a linking role. |
|---|
| 93 | */ |
|---|
| 94 | public String A_r1() throws RuntimeException { |
|---|
| 95 | if (!is_linking()) |
|---|
| 96 | throw new RuntimeException("Not a linking role"); |
|---|
| 97 | return m_A_r1; |
|---|
| 98 | } |
|---|
| 99 | |
|---|
| 100 | /** |
|---|
| 101 | * Return the last element of a linking role's name. This will throw a |
|---|
| 102 | * runtime exception if the node is not a linking role. |
|---|
| 103 | */ |
|---|
| 104 | public String r2() throws RuntimeException { |
|---|
| 105 | if (!is_linking()) |
|---|
| 106 | throw new RuntimeException("Not a linking role"); |
|---|
| 107 | return m_r2; |
|---|
| 108 | } |
|---|
| 109 | |
|---|
| 110 | /** |
|---|
| 111 | * Returns the principal part of a role or principal. This is everything |
|---|
| 112 | * except the last element of the name. |
|---|
| 113 | */ |
|---|
| 114 | public String principal_part() { |
|---|
| 115 | return m_prefix; |
|---|
| 116 | } |
|---|
| 117 | |
|---|
| 118 | /** |
|---|
| 119 | * Returns true if the principal part of the name matches a prefix. This |
|---|
| 120 | * is used when filtering graphs. |
|---|
| 121 | */ |
|---|
| 122 | public boolean matches(String prefix) { |
|---|
| 123 | return prefix.length() == 0 || m_prefix.equals(prefix); |
|---|
| 124 | } |
|---|
| 125 | |
|---|
| 126 | /** |
|---|
| 127 | * Get the roles that form the prerequisites to this intersection. Throws |
|---|
| 128 | * a runtime exception if this is not an intersection role. |
|---|
| 129 | */ |
|---|
| 130 | public Role[] prereqs() throws RuntimeException { |
|---|
| 131 | if (!is_intersection()) |
|---|
| 132 | throw new RuntimeException("Not an intersection role."); |
|---|
| 133 | |
|---|
| 134 | return m_prereqs; |
|---|
| 135 | } |
|---|
| 136 | |
|---|
| 137 | public String toString() { |
|---|
| 138 | return m_string; |
|---|
| 139 | } |
|---|
| 140 | |
|---|
| 141 | public boolean equals(Object v2) { |
|---|
| 142 | if (v2 instanceof Role) |
|---|
| 143 | return m_string.equals(((Role)v2).m_string); |
|---|
| 144 | return false; |
|---|
| 145 | } |
|---|
| 146 | |
|---|
| 147 | public int hashCode() { |
|---|
| 148 | return m_string.hashCode(); |
|---|
| 149 | } |
|---|
| 150 | } |
|---|
