Révision 19b58bab
Ajouté par Remy Menard il y a plus de 11 ans
ETa/ETa/src/main/java/fr/unicaen/iota/eta/capture/CaptureCheck.java | ||
---|---|---|
/*
|
||
* This program is a part of the IoTa Project.
|
||
* This program is a part of the IoTa project.
|
||
*
|
||
* Copyright © 2011-2012 Université de Caen Basse-Normandie, GREYC
|
||
* Copyright © 2011-2013 Université de Caen Basse-Normandie, GREYC
|
||
* Copyright © 2011 Orange Labs
|
||
*
|
||
* This program is free software: you can redistribute it and/or modify
|
||
... | ... | |
*/
|
||
package fr.unicaen.iota.eta.capture;
|
||
|
||
import fr.unicaen.iota.eta.utils.Utils;
|
||
import fr.unicaen.iota.mu.Constants;
|
||
import fr.unicaen.iota.xacml.XACMLConstantsEventType;
|
||
import fr.unicaen.iota.xacml.pep.ExtensionEvent;
|
||
import fr.unicaen.iota.xacml.pep.XACMLEPCISEvent;
|
||
import fr.unicaen.iota.xacml.pep.XACMLEPCISMasterData;
|
||
import fr.unicaen.iota.xi.client.EPCISPEP;
|
||
import fr.unicaen.iota.xi.utils.Utils;
|
||
import java.util.Date;
|
||
import java.util.Iterator;
|
||
import java.util.List;
|
||
import javax.xml.bind.JAXBElement;
|
||
import org.fosstrak.epcis.model.*;
|
||
import org.fosstrak.epcis.utils.TimeParser;
|
||
import org.w3c.dom.Element;
|
||
... | ... | |
* Checks the capture events by XACML requests to the XACML module.
|
||
*
|
||
* @param epcisEventList The capture events.
|
||
* @param user The user name to check.
|
||
* @return <code>true</code> if the capture is permitted.
|
||
*/
|
||
public boolean xacmlCheck(List<EPCISEventType> epcisEventList, String user, String owner) {
|
||
public boolean xacmlCheck(List<EPCISEventType> epcisEventList, String user) {
|
||
for (EPCISEventType epcisEvent : epcisEventList) {
|
||
String owner = Utils.getEventOwner(epcisEvent);
|
||
if (owner == null) {
|
||
owner = user;
|
||
}
|
||
if (epcisEvent instanceof ObjectEventType) {
|
||
if (!checkObjectEvent((ObjectEventType) epcisEvent, user, owner)) {
|
||
return false;
|
||
... | ... | |
* Checks access rights to an aggregation event.
|
||
*
|
||
* @param baseEvent The aggregation capture event to check.
|
||
* @param user The user name to check.
|
||
* @param owner The owner name to check.
|
||
* @return <code>true</code> if the aggregation capture event is permitted.
|
||
*/
|
||
private boolean checkAggregationEvent(AggregationEventType aggregationEvent, String user, String owner) {
|
||
... | ... | |
String extensionName = element.getLocalName();
|
||
String value = element.getTextContent();
|
||
|
||
if (Constants.URN_IOTA.equals(namespace) &&
|
||
(Constants.EXTENSION_OWNER_ID.equals(extensionName)
|
||
|| Constants.EXTENSION_SIGNATURE.equals(extensionName)
|
||
|| Constants.EXTENSION_SIGNER_ID.equals(extensionName))) {
|
||
continue;
|
||
}
|
||
|
||
// Gets the extension value
|
||
Object extensionValue = null;
|
||
try {
|
||
... | ... | |
* Checks access rights to an object event.
|
||
*
|
||
* @param objectEvent The object capture event to check.
|
||
* @param user The user name to check.
|
||
* @param owner The owner name to check.
|
||
* @return <code>true</code> if the object capture event is permitted.
|
||
*/
|
||
private boolean checkObjectEvent(ObjectEventType objectEvent, String user, String owner) {
|
||
... | ... | |
String extensionName = element.getLocalName();
|
||
String value = element.getTextContent();
|
||
|
||
if (Constants.URN_IOTA.equals(namespace) &&
|
||
(Constants.EXTENSION_OWNER_ID.equals(extensionName)
|
||
|| Constants.EXTENSION_SIGNATURE.equals(extensionName)
|
||
|| Constants.EXTENSION_SIGNER_ID.equals(extensionName))) {
|
||
continue;
|
||
}
|
||
|
||
// Gets the extension value
|
||
Object extensionValue = null;
|
||
try {
|
||
... | ... | |
* Checks access rights to a quantity event.
|
||
*
|
||
* @param quantityEvent The quantity capture event to check.
|
||
* @param user The user name to check.
|
||
* @param owner The owner name to check.
|
||
* @return <code>true</code> if the quantity capture event is permitted.
|
||
*/
|
||
private boolean checkQuantityEvent(QuantityEventType quantityEvent, String user, String owner) {
|
||
... | ... | |
String extensionName = element.getLocalName();
|
||
String value = element.getTextContent();
|
||
|
||
if (Constants.URN_IOTA.equals(namespace) &&
|
||
(Constants.EXTENSION_OWNER_ID.equals(extensionName)
|
||
|| Constants.EXTENSION_SIGNATURE.equals(extensionName)
|
||
|| Constants.EXTENSION_SIGNER_ID.equals(extensionName))) {
|
||
continue;
|
||
}
|
||
|
||
// Gets the extension value
|
||
Object extensionValue = null;
|
||
try {
|
||
... | ... | |
* Checks access rights to a transaction event.
|
||
*
|
||
* @param transactionEvent The transaction capture event to check.
|
||
* @param user The user name to check.
|
||
* @param owner The owner name to chec.
|
||
* @return <code>true</code> if the transaction capture event is permitted.
|
||
*/
|
||
private boolean checkTransactionEvent(TransactionEventType transactionEvent, String user, String owner) {
|
||
... | ... | |
String extensionName = element.getLocalName();
|
||
String value = element.getTextContent();
|
||
|
||
if (Constants.URN_IOTA.equals(namespace) &&
|
||
(Constants.EXTENSION_OWNER_ID.equals(extensionName)
|
||
|| Constants.EXTENSION_SIGNATURE.equals(extensionName)
|
||
|| Constants.EXTENSION_SIGNER_ID.equals(extensionName))) {
|
||
continue;
|
||
}
|
||
|
||
// Gets the extension value
|
||
Object extensionValue = null;
|
||
try {
|
||
... | ... | |
*/
|
||
public boolean xacmlCheck(XACMLEPCISEvent xacmlEvent, String user) {
|
||
int xacmlResponse = epcisPEP.captureEvent(user, xacmlEvent);
|
||
return Utils.responseIsPermit(xacmlResponse);
|
||
return fr.unicaen.iota.xi.utils.Utils.responseIsPermit(xacmlResponse);
|
||
}
|
||
|
||
/**
|
||
* Filters the list of master data.
|
||
*
|
||
* Checks the list of master data.
|
||
* @param vocList The list of master data to filter.
|
||
* @param user The user name to check.
|
||
* @param owner The owner to check.
|
||
* @return <code>true</code> if permitted.
|
||
*/
|
||
public boolean xacmlCheckMasterD(List<VocabularyType> vocList, String user, String owner) {
|
||
boolean onePermit = false;
|
||
public boolean xacmlCheckMasterD(List<VocabularyType> vocList, String user) {
|
||
for (VocabularyType voc : vocList) {
|
||
if (xacmlCheckMasterDType(voc.getVocabularyElementList().getVocabularyElement(), user, owner)) {
|
||
onePermit = true;
|
||
if (!xacmlCheckMasterDType(voc.getVocabularyElementList().getVocabularyElement(), user)) {
|
||
return false;
|
||
}
|
||
}
|
||
return onePermit;
|
||
return true;
|
||
}
|
||
|
||
/**
|
||
* Filters the list of master data, by element type.
|
||
* Checks the list of master data, by element type.
|
||
*
|
||
* @param vocElList The list of master data to filter.
|
||
* @param user The user name to check
|
||
* @param owner The owner to check.
|
||
* @return <code>true</code> if permitted.
|
||
*/
|
||
private boolean xacmlCheckMasterDType(List<VocabularyElementType> vocElList, String user, String owner) {
|
||
private boolean xacmlCheckMasterDType(List<VocabularyElementType> vocElList, String user) {
|
||
Iterator<VocabularyElementType> iterVoc = vocElList.iterator();
|
||
boolean onePermit = false;
|
||
while (iterVoc.hasNext()) {
|
||
VocabularyElementType vocEl = iterVoc.next();
|
||
String id = vocEl.getId();
|
||
XACMLEPCISMasterData xacmlMasterData = new XACMLEPCISMasterData(owner, id);
|
||
if (!xacmlCheckMasterData(xacmlMasterData, user)) {
|
||
iterVoc.remove();
|
||
} else {
|
||
onePermit = true;
|
||
boolean ownerFound = false;
|
||
for (Object object : vocEl.getAny()) {
|
||
JAXBElement elem = (JAXBElement) object;
|
||
if (Constants.URN_IOTA.equals(elem.getName().getNamespaceURI()) &&
|
||
Constants.EXTENSION_OWNER_ID.equals(elem.getName().getLocalPart())) {
|
||
String owner = elem.getValue().toString();
|
||
XACMLEPCISMasterData xacmlMasterData = new XACMLEPCISMasterData(owner, id);
|
||
if (!xacmlCheckMasterData(xacmlMasterData, user)) {
|
||
return false;
|
||
}
|
||
ownerFound = true;
|
||
break;
|
||
}
|
||
}
|
||
if (!ownerFound) {
|
||
return false;
|
||
}
|
||
}
|
||
return onePermit;
|
||
return true;
|
||
}
|
||
|
||
/**
|
||
... | ... | |
*/
|
||
private boolean xacmlCheckMasterData(XACMLEPCISMasterData xacmlMasterData, String user) {
|
||
int xacmlResponse = epcisPEP.captureMasterData(user, xacmlMasterData);
|
||
return Utils.responseIsPermit(xacmlResponse);
|
||
return fr.unicaen.iota.xi.utils.Utils.responseIsPermit(xacmlResponse);
|
||
}
|
||
}
|
Formats disponibles : Unified diff
Version 1.9
- use TLS for secured links
- SigMa is now fully functionnal
- completed documention
- a lot of bugs fixed!
- signature creation from the canonical form of the event
- signature creation using ECDSA algorithm
- signature is correctly verified
- manage the extension identifying the owner of the event
- if no identity is provided, the identity of the certificate is used
- access to the web interface of policy management is made by
certificate
- if no identity is provided, the identity of the certificate is used
- create and use certificates for TLS
- configure Apache Tomcat for TLS
- show SigMa library (SigMa-Commons)