Search in sources :

Example 21 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getEntitlementConditionFromPolicy.

static EntitlementCondition getEntitlementConditionFromPolicy(Policy policy) throws EntitlementException {
    if (policy == null) {
        return null;
    }
    List<Rule> rules = getRules(policy);
    if (rules == null) {
        return null;
    }
    EntitlementCondition ec = null;
    for (Rule rule : rules) {
        Condition condition = rule.getCondition();
        JAXBElement jaxbElement = condition.getExpression();
        if (jaxbElement.getDeclaredType().equals(Apply.class)) {
            Apply apply = (Apply) jaxbElement.getValue();
            String functionId = apply.getFunctionId();
            if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
                List<JAXBElement<?>> expressionList = apply.getExpression();
                for (JAXBElement jaxe : expressionList) {
                    if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
                        AttributeValue av = (AttributeValue) jaxe.getValue();
                        String dataType = av.getDataType();
                        if (dataType.startsWith(XACMLConstants.JSON_CONDITION_DATATYPE)) {
                            List<Object> valueList = av.getContent();
                            String value = null;
                            if (valueList != null) {
                                for (Object ob : valueList) {
                                    if (ob instanceof String) {
                                        value = (String) ob;
                                        break;
                                    }
                                }
                            }
                            if (value != null) {
                                ec = createEntitlementCondition(dataType, value);
                            }
                        }
                    }
                }
            }
            if (ec != null) {
                break;
            }
        }
    }
    return ec;
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) Condition(com.sun.identity.entitlement.xacml3.core.Condition) EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) Apply(com.sun.identity.entitlement.xacml3.core.Apply) JSONObject(org.json.JSONObject) Rule(com.sun.identity.entitlement.xacml3.core.Rule) JAXBElement(javax.xml.bind.JAXBElement)

Example 22 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method eSubjectConditionToXCondition.

public static Condition eSubjectConditionToXCondition(EntitlementSubject es, EntitlementCondition ec) throws JAXBException {
    Condition condition = null;
    if (es != null || ec != null) {
        condition = new Condition();
        JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
        Apply apply = new Apply();
        apply.setFunctionId(XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED);
        List applyExpressions = apply.getExpression();
        if (es != null) {
            String esString = es.getState();
            // TODO: add custom xml attribute to idenity as privilge subject
            AttributeValue esv = new AttributeValue();
            Map<QName, String> otherAttrs = esv.getOtherAttributes();
            QName qn = new QName("privilegeComponent");
            otherAttrs.put(qn, "entitlementSubject");
            String dataType = XACMLConstants.JSON_SUBJECT_DATATYPE + ":" + es.getClass().getName();
            esv.setDataType(dataType);
            esv.getContent().add(esString);
            JAXBElement esve = objectFactory.createAttributeValue(esv);
            applyExpressions.add(esve);
        }
        if (ec != null) {
            String ecString = ec.getState();
            // TODO: add custom xml attribute to idenity as privilge condition
            AttributeValue ecv = new AttributeValue();
            Map<QName, String> otherAttrs = ecv.getOtherAttributes();
            QName qn = new QName("privilegeComponent");
            otherAttrs.put(qn, "entitlementCondition");
            String dataType = XACMLConstants.JSON_CONDITION_DATATYPE + ":" + ec.getClass().getName();
            ecv.setDataType(dataType);
            ecv.getContent().add(ecString);
            JAXBElement ecve = objectFactory.createAttributeValue(ecv);
            applyExpressions.add(ecve);
        }
        JAXBElement applyElement = objectFactory.createApply(apply);
        condition.setExpression(applyElement);
    }
    return condition;
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) Condition(com.sun.identity.entitlement.xacml3.core.Condition) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) Apply(com.sun.identity.entitlement.xacml3.core.Apply) QName(javax.xml.namespace.QName) JAXBContext(javax.xml.bind.JAXBContext) List(java.util.List) ArrayList(java.util.ArrayList) JAXBElement(javax.xml.bind.JAXBElement)

Example 23 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getActionNamesFromMatches.

static Set<String> getActionNamesFromMatches(List<Match> matches) {
    if (matches == null) {
        return null;
    }
    Set<String> actionNames = new HashSet<String>();
    for (Match match : matches) {
        String matchId = match.getMatchId();
        if ((matchId != null) && matchId.indexOf(":action-match:") != -1) {
            AttributeValue attributeValue = match.getAttributeValue();
            if (attributeValue != null) {
                List<Object> contentList = attributeValue.getContent();
                if ((contentList != null) && !contentList.isEmpty()) {
                    // FIXME: log a warning if more than one element
                    Object obj = contentList.get(0);
                    actionNames.add(obj.toString());
                }
            }
        }
    }
    return actionNames;
}
Also used : AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) JSONObject(org.json.JSONObject) HashSet(java.util.HashSet) Match(com.sun.identity.entitlement.xacml3.core.Match)

Example 24 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project verify-hub by alphagov.

the class VerifiedAttributesLoggerTest method shouldLogDateOfBirthHistory.

@Test
public void shouldLogDateOfBirthHistory() throws Exception {
    Attribute dateOfBirthAttribute = new AttributeBuilder().buildObject();
    dateOfBirthAttribute.setName(IdaConstants.Attributes_1_1.DateOfBirth.NAME);
    AttributeValue oldDateOfBirthAttributeValue = new DateAttributeValueBuilder().withTo(DateTime.now().minusDays(1)).withVerified(true).build();
    AttributeValue currentDateOfBirthAttributeValue = new DateAttributeValueBuilder().withTo(null).build();
    dateOfBirthAttribute.getAttributeValues().add(oldDateOfBirthAttributeValue);
    dateOfBirthAttribute.getAttributeValues().add(currentDateOfBirthAttributeValue);
    List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().withDateOfBirth(dateOfBirthAttribute).build().getAttributes();
    AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
    Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
    assertThat(attributesMap.get(IdaConstants.Attributes_1_1.DateOfBirth.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(true, "less than 180 days"), new VerifiedAttributeLogData(false, null)));
}
Also used : AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder) AttributeValue(org.opensaml.saml.saml2.core.AttributeValue) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatementLogData(uk.gov.ida.hub.samlengine.logging.data.AttributeStatementLogData) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) DateAttributeValueBuilder(uk.gov.ida.saml.core.test.builders.DateAttributeValueBuilder) VerifiedAttributeLogData(uk.gov.ida.hub.samlengine.logging.data.VerifiedAttributeLogData) Test(org.junit.Test)

Example 25 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project verify-hub by alphagov.

the class VerifiedAttributesLoggerTest method shouldLogPreviousAddressHistory.

@Test
public void shouldLogPreviousAddressHistory() throws Exception {
    AttributeValue previousAddressAttributeValue = new AddressAttributeValueBuilder_1_1().withFrom(DateTime.now().minusYears(10)).withTo(DateTime.now().minusYears(1)).withVerified(false).build();
    Attribute previousAddressAttribute = new AttributeBuilder().buildObject();
    previousAddressAttribute.setName(IdaConstants.Attributes_1_1.PreviousAddress.NAME);
    previousAddressAttribute.getAttributeValues().add(previousAddressAttributeValue);
    List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().addPreviousAddress(previousAddressAttribute).build().getAttributes();
    AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
    Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
    assertThat(attributesMap.get(IdaConstants.Attributes_1_1.PreviousAddress.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(false, "more than 180 days")));
}
Also used : AttributeValue(org.opensaml.saml.saml2.core.AttributeValue) AddressAttributeValueBuilder_1_1(uk.gov.ida.saml.core.test.builders.AddressAttributeValueBuilder_1_1) AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatementLogData(uk.gov.ida.hub.samlengine.logging.data.AttributeStatementLogData) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) VerifiedAttributeLogData(uk.gov.ida.hub.samlengine.logging.data.VerifiedAttributeLogData) Test(org.junit.Test)

Aggregations

AttributeValue (com.sun.identity.entitlement.xacml3.core.AttributeValue)20 Match (com.sun.identity.entitlement.xacml3.core.Match)10 JSONObject (org.json.JSONObject)9 AttributeDesignator (com.sun.identity.entitlement.xacml3.core.AttributeDesignator)7 List (java.util.List)7 ImmutableList (com.google.common.collect.ImmutableList)6 Test (org.junit.Test)6 Attribute (org.opensaml.saml.saml2.core.Attribute)6 AttributeValue (org.opensaml.saml.saml2.core.AttributeValue)6 AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)6 AttributeStatementLogData (uk.gov.ida.hub.samlengine.logging.data.AttributeStatementLogData)6 VerifiedAttributeLogData (uk.gov.ida.hub.samlengine.logging.data.VerifiedAttributeLogData)6 AnyOf (com.sun.identity.entitlement.xacml3.core.AnyOf)5 JAXBElement (javax.xml.bind.JAXBElement)5 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)4 Condition (com.sun.identity.entitlement.xacml3.core.Condition)4 Rule (com.sun.identity.entitlement.xacml3.core.Rule)4 HashSet (java.util.HashSet)4 AllOf (com.sun.identity.entitlement.xacml3.core.AllOf)3 Apply (com.sun.identity.entitlement.xacml3.core.Apply)3