http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctions.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctions.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctions.java new file mode 100755 index 0000000..b46dab1 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctions.java @@ -0,0 +1,479 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std; + +import java.math.BigInteger; +import java.net.URI; + +import javax.security.auth.x500.X500Principal; + +import com.att.research.xacml.api.XACML1; +import com.att.research.xacml.api.XACML2; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.datatypes.Base64Binary; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacml.std.datatypes.HexBinary; +import com.att.research.xacml.std.datatypes.IPAddress; +import com.att.research.xacml.std.datatypes.ISO8601Date; +import com.att.research.xacml.std.datatypes.ISO8601DateTime; +import com.att.research.xacml.std.datatypes.ISO8601Time; +import com.att.research.xacml.std.datatypes.RFC2396DomainName; +import com.att.research.xacml.std.datatypes.RFC822Name; +import com.att.research.xacml.std.datatypes.XPathDayTimeDuration; +import com.att.research.xacml.std.datatypes.XPathYearMonthDuration; +import com.att.research.xacmlatt.pdp.policy.FunctionDefinition; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionAccessPermitted; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionArithmetic; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionBag; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionBagIsIn; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionBagOneAndOnly; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionBagSize; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionComparison; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionDateTimeArithmetic; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionEquality; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionHigherOrderBag; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionLogical; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionNumberTypeConversion; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionRFC822NameMatch; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionRegexpMatch; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionSet; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionStringConversion; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionStringEqualIgnoreCase; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionStringFunctions; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionStringNormalize; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionTimeInRange; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionURIStringConcatenate; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionX500NameMatch; +import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionXPath; + +/** + * StdFunctions contains the {@link com.att.research.xacml.api.Identifier} values for the standard XACML functions. + * + * @author car + * @version $Revision: 1.2 $ + */ +@SuppressWarnings("deprecation") +public class StdFunctions { + protected StdFunctions() { + } + + public static final String FD_PREFIX = "FD_"; + + /* + * A.3.1 Equality predicates + */ + + public static final FunctionDefinition FD_STRING_EQUAL = new FunctionDefinitionEquality<String>(XACML3.ID_FUNCTION_STRING_EQUAL, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_EQUAL_IGNORE_CASE = new FunctionDefinitionStringEqualIgnoreCase(XACML3.ID_FUNCTION_STRING_EQUAL_IGNORE_CASE); + public static final FunctionDefinition FD_BOOLEAN_EQUAL = new FunctionDefinitionEquality<Boolean>(XACML3.ID_FUNCTION_BOOLEAN_EQUAL, DataTypes.DT_BOOLEAN); + public static final FunctionDefinition FD_INTEGER_EQUAL = new FunctionDefinitionEquality<BigInteger>(XACML3.ID_FUNCTION_INTEGER_EQUAL, DataTypes.DT_INTEGER); + public static final FunctionDefinition FD_DOUBLE_EQUAL = new FunctionDefinitionEquality<Double>(XACML3.ID_FUNCTION_DOUBLE_EQUAL, DataTypes.DT_DOUBLE); + public static final FunctionDefinition FD_DATE_EQUAL = new FunctionDefinitionEquality<ISO8601Date>(XACML3.ID_FUNCTION_DATE_EQUAL, DataTypes.DT_DATE); + public static final FunctionDefinition FD_TIME_EQUAL = new FunctionDefinitionEquality<ISO8601Time>(XACML3.ID_FUNCTION_TIME_EQUAL, DataTypes.DT_TIME); + public static final FunctionDefinition FD_DATETIME_EQUAL = new FunctionDefinitionEquality<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_EQUAL, DataTypes.DT_DATETIME); + + // only difference between R3 and older (R1) versions of durations seem to be the identifiers, so send calls to the same place in either case + public static final FunctionDefinition FD_DAYTIMEDURATION_EQUAL_VERSION1 = new FunctionDefinitionEquality<XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_EQUAL, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_DAYTIMEDURATION_EQUAL = new FunctionDefinitionEquality<XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_EQUAL, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_EQUAL_VERSION1 = new FunctionDefinitionEquality<XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_EQUAL, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_EQUAL = new FunctionDefinitionEquality<XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_EQUAL, DataTypes.DT_YEARMONTHDURATION); + + // continue on with latest versions + public static final FunctionDefinition FD_ANYURI_EQUAL = new FunctionDefinitionEquality<URI>(XACML3.ID_FUNCTION_ANYURI_EQUAL, DataTypes.DT_ANYURI); + public static final FunctionDefinition FD_X500NAME_EQUAL = new FunctionDefinitionEquality<X500Principal>(XACML3.ID_FUNCTION_X500NAME_EQUAL, DataTypes.DT_X500NAME); + public static final FunctionDefinition FD_RFC822NAME_EQUAL = new FunctionDefinitionEquality<RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_EQUAL, DataTypes.DT_RFC822NAME); + public static final FunctionDefinition FD_HEXBINARY_EQUAL = new FunctionDefinitionEquality<HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_EQUAL, DataTypes.DT_HEXBINARY); + public static final FunctionDefinition FD_BASE64BINARY_EQUAL = new FunctionDefinitionEquality<Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_EQUAL, DataTypes.DT_BASE64BINARY); + + + + + /* + * Arithmetic Functions (See A.3.2) + */ + + public static final FunctionDefinition FD_INTEGER_ADD = new FunctionDefinitionArithmetic<BigInteger>(XACML3.ID_FUNCTION_INTEGER_ADD, DataTypes.DT_INTEGER, FunctionDefinitionArithmetic.OPERATION.ADD, 2); + public static final FunctionDefinition FD_DOUBLE_ADD = new FunctionDefinitionArithmetic<Double>(XACML3.ID_FUNCTION_DOUBLE_ADD, DataTypes.DT_DOUBLE, FunctionDefinitionArithmetic.OPERATION.ADD, 2); + public static final FunctionDefinition FD_INTEGER_SUBTRACT = new FunctionDefinitionArithmetic<BigInteger>(XACML3.ID_FUNCTION_INTEGER_SUBTRACT, DataTypes.DT_INTEGER, FunctionDefinitionArithmetic.OPERATION.SUBTRACT, 2); + public static final FunctionDefinition FD_DOUBLE_SUBTRACT = new FunctionDefinitionArithmetic<Double>(XACML3.ID_FUNCTION_DOUBLE_SUBTRACT, DataTypes.DT_DOUBLE, FunctionDefinitionArithmetic.OPERATION.SUBTRACT, 2); + public static final FunctionDefinition FD_INTEGER_MULTIPLY = new FunctionDefinitionArithmetic<BigInteger>(XACML3.ID_FUNCTION_INTEGER_MULTIPLY, DataTypes.DT_INTEGER, FunctionDefinitionArithmetic.OPERATION.MULTIPLY, 2); + public static final FunctionDefinition FD_DOUBLE_MULTIPLY = new FunctionDefinitionArithmetic<Double>(XACML3.ID_FUNCTION_DOUBLE_MULTIPLY, DataTypes.DT_DOUBLE, FunctionDefinitionArithmetic.OPERATION.MULTIPLY, 2); + public static final FunctionDefinition FD_INTEGER_DIVIDE = new FunctionDefinitionArithmetic<BigInteger>(XACML3.ID_FUNCTION_INTEGER_DIVIDE, DataTypes.DT_INTEGER, FunctionDefinitionArithmetic.OPERATION.DIVIDE, 2); + public static final FunctionDefinition FD_DOUBLE_DIVIDE = new FunctionDefinitionArithmetic<Double>(XACML3.ID_FUNCTION_DOUBLE_DIVIDE, DataTypes.DT_DOUBLE, FunctionDefinitionArithmetic.OPERATION.DIVIDE, 2); + public static final FunctionDefinition FD_INTEGER_MOD = new FunctionDefinitionArithmetic<BigInteger>(XACML3.ID_FUNCTION_INTEGER_MOD, DataTypes.DT_INTEGER, FunctionDefinitionArithmetic.OPERATION.MOD, 2); + public static final FunctionDefinition FD_INTEGER_ABS = new FunctionDefinitionArithmetic<BigInteger>(XACML3.ID_FUNCTION_INTEGER_ABS, DataTypes.DT_INTEGER, FunctionDefinitionArithmetic.OPERATION.ABS, 1); + public static final FunctionDefinition FD_DOUBLE_ABS = new FunctionDefinitionArithmetic<Double>(XACML3.ID_FUNCTION_DOUBLE_ABS, DataTypes.DT_DOUBLE, FunctionDefinitionArithmetic.OPERATION.ABS, 1); + public static final FunctionDefinition FD_ROUND = new FunctionDefinitionArithmetic<Double>(XACML3.ID_FUNCTION_ROUND, DataTypes.DT_DOUBLE, FunctionDefinitionArithmetic.OPERATION.ROUND, 1); + public static final FunctionDefinition FD_FLOOR = new FunctionDefinitionArithmetic<Double>(XACML3.ID_FUNCTION_FLOOR, DataTypes.DT_DOUBLE, FunctionDefinitionArithmetic.OPERATION.FLOOR, 1); + + + + + /* + * String Conversion Functions (See A.3.3) + */ + public static final FunctionDefinition FD_STRING_NORMALIZE_SPACE = new FunctionDefinitionStringNormalize(XACML3.ID_FUNCTION_STRING_NORMALIZE_SPACE, FunctionDefinitionStringNormalize.OPERATION.SPACE); + public static final FunctionDefinition FD_STRING_NORMALIZE_TO_LOWER_CASE = new FunctionDefinitionStringNormalize(XACML3.ID_FUNCTION_STRING_NORMALIZE_TO_LOWER_CASE, FunctionDefinitionStringNormalize.OPERATION.LOWER_CASE); + + /* + * Numeric Data-Type Conversion Functions (See A.3.4) + */ + public static final FunctionDefinition FD_DOUBLE_TO_INTEGER = new FunctionDefinitionNumberTypeConversion<BigInteger,Double>(XACML3.ID_FUNCTION_DOUBLE_TO_INTEGER, DataTypes.DT_INTEGER, DataTypes.DT_DOUBLE); + public static final FunctionDefinition FD_INTEGER_TO_DOUBLE = new FunctionDefinitionNumberTypeConversion<Double,BigInteger>(XACML3.ID_FUNCTION_INTEGER_TO_DOUBLE, DataTypes.DT_DOUBLE, DataTypes.DT_INTEGER); + + + /* + * Logical Functions (See A.3.5) + */ + public static final FunctionDefinition FD_OR = new FunctionDefinitionLogical(XACML3.ID_FUNCTION_OR, FunctionDefinitionLogical.OPERATION.OR); + public static final FunctionDefinition FD_AND = new FunctionDefinitionLogical(XACML3.ID_FUNCTION_AND, FunctionDefinitionLogical.OPERATION.AND); + public static final FunctionDefinition FD_N_OF = new FunctionDefinitionLogical(XACML3.ID_FUNCTION_N_OF, FunctionDefinitionLogical.OPERATION.N_OF); + public static final FunctionDefinition FD_NOT = new FunctionDefinitionLogical(XACML3.ID_FUNCTION_NOT, FunctionDefinitionLogical.OPERATION.NOT); + + + /* + * Numeric Comparison Functions (See A.3.6 of xacml-3.0-core-spec-os-en.doc) + */ + public static final FunctionDefinition FD_INTEGER_GREATER_THAN = new FunctionDefinitionComparison<BigInteger>(XACML3.ID_FUNCTION_INTEGER_GREATER_THAN, DataTypes.DT_INTEGER, FunctionDefinitionComparison.OPERATION.GREATER_THAN); + public static final FunctionDefinition FD_INTEGER_GREATER_THAN_OR_EQUAL = new FunctionDefinitionComparison<BigInteger>(XACML3.ID_FUNCTION_INTEGER_GREATER_THAN_OR_EQUAL, DataTypes.DT_INTEGER, FunctionDefinitionComparison.OPERATION.GREATER_THAN_EQUAL); + public static final FunctionDefinition FD_INTEGER_LESS_THAN = new FunctionDefinitionComparison<BigInteger>(XACML3.ID_FUNCTION_INTEGER_LESS_THAN, DataTypes.DT_INTEGER, FunctionDefinitionComparison.OPERATION.LESS_THAN); + public static final FunctionDefinition FD_INTEGER_LESS_THAN_OR_EQUAL = new FunctionDefinitionComparison<BigInteger>(XACML3.ID_FUNCTION_INTEGER_LESS_THAN_OR_EQUAL, DataTypes.DT_INTEGER, FunctionDefinitionComparison.OPERATION.LESS_THAN_EQUAL); + public static final FunctionDefinition FD_DOUBLE_GREATER_THAN = new FunctionDefinitionComparison<Double>(XACML3.ID_FUNCTION_DOUBLE_GREATER_THAN, DataTypes.DT_DOUBLE, FunctionDefinitionComparison.OPERATION.GREATER_THAN); + public static final FunctionDefinition FD_DOUBLE_GREATER_THAN_OR_EQUAL = new FunctionDefinitionComparison<Double>(XACML3.ID_FUNCTION_DOUBLE_GREATER_THAN_OR_EQUAL, DataTypes.DT_DOUBLE, FunctionDefinitionComparison.OPERATION.GREATER_THAN_EQUAL); + public static final FunctionDefinition FD_DOUBLE_LESS_THAN = new FunctionDefinitionComparison<Double>(XACML3.ID_FUNCTION_DOUBLE_LESS_THAN, DataTypes.DT_DOUBLE, FunctionDefinitionComparison.OPERATION.LESS_THAN); + public static final FunctionDefinition FD_DOUBLE_LESS_THAN_OR_EQUAL = new FunctionDefinitionComparison<Double>(XACML3.ID_FUNCTION_DOUBLE_LESS_THAN_OR_EQUAL, DataTypes.DT_DOUBLE, FunctionDefinitionComparison.OPERATION.LESS_THAN_EQUAL); + + + /* + * Date and Time Arithmetic Functions (See A.3.7) + */ + public static final FunctionDefinition FD_DATETIME_ADD_DAYTIMEDURATION = new FunctionDefinitionDateTimeArithmetic<ISO8601DateTime,XPathDayTimeDuration>(XACML3.ID_FUNCTION_DATETIME_ADD_DAYTIMEDURATION, DataTypes.DT_DATETIME, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.ADD); + public static final FunctionDefinition FD_DATETIME_ADD_DAYTIMEDURATION_VERSION1 = new FunctionDefinitionDateTimeArithmetic<ISO8601DateTime,XPathDayTimeDuration>(XACML1.ID_FUNCTION_DATETIME_ADD_DAYTIMEDURATION, DataTypes.DT_DATETIME, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.ADD); + public static final FunctionDefinition FD_DATETIME_ADD_YEARMONTHDURATION = new FunctionDefinitionDateTimeArithmetic<ISO8601DateTime,XPathYearMonthDuration>(XACML3.ID_FUNCTION_DATETIME_ADD_YEARMONTHDURATION, DataTypes.DT_DATETIME, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.ADD); + public static final FunctionDefinition FD_DATETIME_ADD_YEARMONTHDURATION_VERSION1 = new FunctionDefinitionDateTimeArithmetic<ISO8601DateTime,XPathYearMonthDuration>(XACML1.ID_FUNCTION_DATETIME_ADD_YEARMONTHDURATION, DataTypes.DT_DATETIME, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.ADD); + + public static final FunctionDefinition FD_DATETIME_SUBTRACT_DAYTIMEDURATION = new FunctionDefinitionDateTimeArithmetic<ISO8601DateTime,XPathDayTimeDuration>(XACML3.ID_FUNCTION_DATETIME_SUBTRACT_DAYTIMEDURATION, DataTypes.DT_DATETIME, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.SUBTRACT); + public static final FunctionDefinition FD_DATETIME_SUBTRACT_DAYTIMEDURATION_VERSION1 = new FunctionDefinitionDateTimeArithmetic<ISO8601DateTime,XPathDayTimeDuration>(XACML1.ID_FUNCTION_DATETIME_SUBTRACT_DAYTIMEDURATION, DataTypes.DT_DATETIME, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.SUBTRACT); + public static final FunctionDefinition FD_DATETIME_SUBTRACT_YEARMONTHDURATION = new FunctionDefinitionDateTimeArithmetic<ISO8601DateTime,XPathYearMonthDuration>(XACML3.ID_FUNCTION_DATETIME_SUBTRACT_YEARMONTHDURATION, DataTypes.DT_DATETIME, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.SUBTRACT); + public static final FunctionDefinition FD_DATETIME_SUBTRACT_YEARMONTHDURATION_VERSION1 = new FunctionDefinitionDateTimeArithmetic<ISO8601DateTime,XPathYearMonthDuration>(XACML1.ID_FUNCTION_DATETIME_SUBTRACT_YEARMONTHDURATION, DataTypes.DT_DATETIME, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.SUBTRACT); + + public static final FunctionDefinition FD_DATE_ADD_YEARMONTHDURATION = new FunctionDefinitionDateTimeArithmetic<ISO8601Date,XPathYearMonthDuration>(XACML3.ID_FUNCTION_DATE_ADD_YEARMONTHDURATION, DataTypes.DT_DATE, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.ADD); + public static final FunctionDefinition FD_DATE_ADD_YEARMONTHDURATION_VERSION1 = new FunctionDefinitionDateTimeArithmetic<ISO8601Date,XPathYearMonthDuration>(XACML1.ID_FUNCTION_DATE_ADD_YEARMONTHDURATION, DataTypes.DT_DATE, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.ADD); + public static final FunctionDefinition FD_DATE_SUBTRACT_YEARMONTHDURATION = new FunctionDefinitionDateTimeArithmetic<ISO8601Date,XPathYearMonthDuration>(XACML3.ID_FUNCTION_DATE_SUBTRACT_YEARMONTHDURATION, DataTypes.DT_DATE, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.SUBTRACT); + public static final FunctionDefinition FD_DATE_SUBTRACT_YEARMONTHDURATION_VERSION1 = new FunctionDefinitionDateTimeArithmetic<ISO8601Date,XPathYearMonthDuration>(XACML1.ID_FUNCTION_DATE_SUBTRACT_YEARMONTHDURATION, DataTypes.DT_DATE, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionDateTimeArithmetic.OPERATION.SUBTRACT); + + + /* + * Non Numeric Comparison Functions (See A.3.8) + */ + public static final FunctionDefinition FD_STRING_GREATER_THAN = new FunctionDefinitionComparison<String>(XACML3.ID_FUNCTION_STRING_GREATER_THAN, DataTypes.DT_STRING, FunctionDefinitionComparison.OPERATION.GREATER_THAN); + public static final FunctionDefinition FD_STRING_GREATER_THAN_OR_EQUAL = new FunctionDefinitionComparison<String>(XACML3.ID_FUNCTION_STRING_GREATER_THAN_OR_EQUAL, DataTypes.DT_STRING, FunctionDefinitionComparison.OPERATION.GREATER_THAN_EQUAL); + public static final FunctionDefinition FD_STRING_LESS_THAN = new FunctionDefinitionComparison<String>(XACML3.ID_FUNCTION_STRING_LESS_THAN, DataTypes.DT_STRING, FunctionDefinitionComparison.OPERATION.LESS_THAN); + public static final FunctionDefinition FD_STRING_LESS_THAN_OR_EQUAL = new FunctionDefinitionComparison<String>(XACML3.ID_FUNCTION_STRING_LESS_THAN_OR_EQUAL, DataTypes.DT_STRING, FunctionDefinitionComparison.OPERATION.LESS_THAN_EQUAL); + public static final FunctionDefinition FD_TIME_GREATER_THAN = new FunctionDefinitionComparison<ISO8601Time>(XACML3.ID_FUNCTION_TIME_GREATER_THAN, DataTypes.DT_TIME, FunctionDefinitionComparison.OPERATION.GREATER_THAN); + public static final FunctionDefinition FD_TIME_GREATER_THAN_OR_EQUAL = new FunctionDefinitionComparison<ISO8601Time>(XACML3.ID_FUNCTION_TIME_GREATER_THAN_OR_EQUAL, DataTypes.DT_TIME, FunctionDefinitionComparison.OPERATION.GREATER_THAN_EQUAL); + public static final FunctionDefinition FD_TIME_LESS_THAN = new FunctionDefinitionComparison<ISO8601Time>(XACML3.ID_FUNCTION_TIME_LESS_THAN, DataTypes.DT_TIME, FunctionDefinitionComparison.OPERATION.LESS_THAN); + public static final FunctionDefinition FD_TIME_LESS_THAN_OR_EQUAL = new FunctionDefinitionComparison<ISO8601Time>(XACML3.ID_FUNCTION_TIME_LESS_THAN_OR_EQUAL, DataTypes.DT_TIME, FunctionDefinitionComparison.OPERATION.LESS_THAN_EQUAL); + public static final FunctionDefinition FD_TIME_IN_RANGE = new FunctionDefinitionTimeInRange<ISO8601Time>(XACML3.ID_FUNCTION_TIME_IN_RANGE, DataTypes.DT_TIME); + public static final FunctionDefinition FD_DATE_GREATER_THAN = new FunctionDefinitionComparison<ISO8601Date>(XACML3.ID_FUNCTION_DATE_GREATER_THAN, DataTypes.DT_DATE, FunctionDefinitionComparison.OPERATION.GREATER_THAN); + public static final FunctionDefinition FD_DATE_GREATER_THAN_OR_EQUAL = new FunctionDefinitionComparison<ISO8601Date>(XACML3.ID_FUNCTION_DATE_GREATER_THAN_OR_EQUAL, DataTypes.DT_DATE, FunctionDefinitionComparison.OPERATION.GREATER_THAN_EQUAL); + public static final FunctionDefinition FD_DATE_LESS_THAN = new FunctionDefinitionComparison<ISO8601Date>(XACML3.ID_FUNCTION_DATE_LESS_THAN, DataTypes.DT_DATE, FunctionDefinitionComparison.OPERATION.LESS_THAN); + public static final FunctionDefinition FD_DATE_LESS_THAN_OR_EQUAL = new FunctionDefinitionComparison<ISO8601Date>(XACML3.ID_FUNCTION_DATE_LESS_THAN_OR_EQUAL, DataTypes.DT_DATE, FunctionDefinitionComparison.OPERATION.LESS_THAN_EQUAL); + public static final FunctionDefinition FD_DATETIME_GREATER_THAN = new FunctionDefinitionComparison<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_GREATER_THAN, DataTypes.DT_DATETIME, FunctionDefinitionComparison.OPERATION.GREATER_THAN); + public static final FunctionDefinition FD_DATETIME_GREATER_THAN_OR_EQUAL = new FunctionDefinitionComparison<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_GREATER_THAN_OR_EQUAL, DataTypes.DT_DATETIME, FunctionDefinitionComparison.OPERATION.GREATER_THAN_EQUAL); + public static final FunctionDefinition FD_DATETIME_LESS_THAN = new FunctionDefinitionComparison<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_LESS_THAN, DataTypes.DT_DATETIME, FunctionDefinitionComparison.OPERATION.LESS_THAN); + public static final FunctionDefinition FD_DATETIME_LESS_THAN_OR_EQUAL = new FunctionDefinitionComparison<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_LESS_THAN_OR_EQUAL, DataTypes.DT_DATETIME, FunctionDefinitionComparison.OPERATION.LESS_THAN_EQUAL); + + + + /* + * String functions (See A.3.9 of xacml-3.0-core-spec-os-en.doc) + */ + public static final FunctionDefinition FD_BOOLEAN_FROM_STRING = new FunctionDefinitionStringConversion<Boolean,String>(XACML3.ID_FUNCTION_BOOLEAN_FROM_STRING, DataTypes.DT_BOOLEAN, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_BOOLEAN = new FunctionDefinitionStringConversion<String,Boolean>(XACML3.ID_FUNCTION_STRING_FROM_BOOLEAN, DataTypes.DT_STRING, DataTypes.DT_BOOLEAN); + public static final FunctionDefinition FD_INTEGER_FROM_STRING = new FunctionDefinitionStringConversion<BigInteger,String>(XACML3.ID_FUNCTION_INTEGER_FROM_STRING, DataTypes.DT_INTEGER, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_INTEGER = new FunctionDefinitionStringConversion<String,BigInteger>(XACML3.ID_FUNCTION_STRING_FROM_INTEGER, DataTypes.DT_STRING, DataTypes.DT_INTEGER); + public static final FunctionDefinition FD_DOUBLE_FROM_STRING = new FunctionDefinitionStringConversion<Double,String>(XACML3.ID_FUNCTION_DOUBLE_FROM_STRING, DataTypes.DT_DOUBLE, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_DOUBLE = new FunctionDefinitionStringConversion<String,Double>(XACML3.ID_FUNCTION_STRING_FROM_DOUBLE, DataTypes.DT_STRING, DataTypes.DT_DOUBLE); + public static final FunctionDefinition FD_TIME_FROM_STRING = new FunctionDefinitionStringConversion<ISO8601Time,String>(XACML3.ID_FUNCTION_TIME_FROM_STRING, DataTypes.DT_TIME, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_TIME = new FunctionDefinitionStringConversion<String,ISO8601Time>(XACML3.ID_FUNCTION_STRING_FROM_TIME, DataTypes.DT_STRING, DataTypes.DT_TIME); + public static final FunctionDefinition FD_DATE_FROM_STRING = new FunctionDefinitionStringConversion<ISO8601Date,String>(XACML3.ID_FUNCTION_DATE_FROM_STRING, DataTypes.DT_DATE, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_DATE = new FunctionDefinitionStringConversion<String,ISO8601Date>(XACML3.ID_FUNCTION_STRING_FROM_DATE, DataTypes.DT_STRING, DataTypes.DT_DATE); + public static final FunctionDefinition FD_DATETIME_FROM_STRING = new FunctionDefinitionStringConversion<ISO8601DateTime,String>(XACML3.ID_FUNCTION_DATETIME_FROM_STRING, DataTypes.DT_DATETIME, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_DATETIME = new FunctionDefinitionStringConversion<String,ISO8601DateTime>(XACML3.ID_FUNCTION_STRING_FROM_DATETIME, DataTypes.DT_STRING, DataTypes.DT_DATETIME); + public static final FunctionDefinition FD_ANYURI_FROM_STRING = new FunctionDefinitionStringConversion<URI,String>(XACML3.ID_FUNCTION_ANYURI_FROM_STRING, DataTypes.DT_ANYURI, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_ANYURI = new FunctionDefinitionStringConversion<String,URI>(XACML3.ID_FUNCTION_STRING_FROM_ANYURI, DataTypes.DT_STRING, DataTypes.DT_ANYURI); + public static final FunctionDefinition FD_DAYTIMEDURATION_FROM_STRING = new FunctionDefinitionStringConversion<XPathDayTimeDuration,String>(XACML3.ID_FUNCTION_DAYTIMEDURATION_FROM_STRING, DataTypes.DT_DAYTIMEDURATION, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_DAYTIMEDURATION = new FunctionDefinitionStringConversion<String,XPathDayTimeDuration>(XACML3.ID_FUNCTION_STRING_FROM_DAYTIMEDURATION, DataTypes.DT_STRING, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_FROM_STRING = new FunctionDefinitionStringConversion<XPathYearMonthDuration,String>(XACML3.ID_FUNCTION_YEARMONTHDURATION_FROM_STRING, DataTypes.DT_YEARMONTHDURATION, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_YEARMONTHDURATION = new FunctionDefinitionStringConversion<String,XPathYearMonthDuration>(XACML3.ID_FUNCTION_STRING_FROM_YEARMONTHDURATION, DataTypes.DT_STRING, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_X500NAME_FROM_STRING = new FunctionDefinitionStringConversion<X500Principal,String>(XACML3.ID_FUNCTION_X500NAME_FROM_STRING, DataTypes.DT_X500NAME, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_X500NAME = new FunctionDefinitionStringConversion<String,X500Principal>(XACML3.ID_FUNCTION_STRING_FROM_X500NAME, DataTypes.DT_STRING, DataTypes.DT_X500NAME); + public static final FunctionDefinition FD_RFC822NAME_FROM_STRING = new FunctionDefinitionStringConversion<RFC822Name,String>(XACML3.ID_FUNCTION_RFC822NAME_FROM_STRING, DataTypes.DT_RFC822NAME, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_RFC822NAME = new FunctionDefinitionStringConversion<String,RFC822Name>(XACML3.ID_FUNCTION_STRING_FROM_RFC822NAME, DataTypes.DT_STRING, DataTypes.DT_RFC822NAME); + public static final FunctionDefinition FD_IPADDRESS_FROM_STRING = new FunctionDefinitionStringConversion<IPAddress,String>(XACML3.ID_FUNCTION_IPADDRESS_FROM_STRING, DataTypes.DT_IPADDRESS, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_IPADDRESS = new FunctionDefinitionStringConversion<String,IPAddress>(XACML3.ID_FUNCTION_STRING_FROM_IPADDRESS, DataTypes.DT_STRING, DataTypes.DT_IPADDRESS); + public static final FunctionDefinition FD_DNSNAME_FROM_STRING = new FunctionDefinitionStringConversion<RFC2396DomainName,String>(XACML3.ID_FUNCTION_DNSNAME_FROM_STRING, DataTypes.DT_DNSNAME, DataTypes.DT_STRING); + public static final FunctionDefinition FD_STRING_FROM_DNSNAME = new FunctionDefinitionStringConversion<String,RFC2396DomainName>(XACML3.ID_FUNCTION_STRING_FROM_DNSNAME, DataTypes.DT_STRING, DataTypes.DT_DNSNAME); + + // String Functions not converting Strings to/from DataType objects + public static final FunctionDefinition FD_STRING_CONCATENATE = new FunctionDefinitionStringFunctions<String,String>(XACML3.ID_FUNCTION_STRING_CONCATENATE, DataTypes.DT_STRING, DataTypes.DT_STRING, FunctionDefinitionStringFunctions.OPERATION.CONCATENATE); + public static final FunctionDefinition FD_STRING_STARTS_WITH = new FunctionDefinitionStringFunctions<Boolean,String>(XACML3.ID_FUNCTION_STRING_STARTS_WITH, DataTypes.DT_BOOLEAN, DataTypes.DT_STRING, FunctionDefinitionStringFunctions.OPERATION.STARTS_WITH); + public static final FunctionDefinition FD_ANYURI_STARTS_WITH = new FunctionDefinitionStringFunctions<Boolean, URI>(XACML3.ID_FUNCTION_ANYURI_STARTS_WITH, DataTypes.DT_BOOLEAN, DataTypes.DT_ANYURI, FunctionDefinitionStringFunctions.OPERATION.STARTS_WITH); + public static final FunctionDefinition FD_STRING_ENDS_WITH = new FunctionDefinitionStringFunctions<Boolean,String>(XACML3.ID_FUNCTION_STRING_ENDS_WITH, DataTypes.DT_BOOLEAN, DataTypes.DT_STRING, FunctionDefinitionStringFunctions.OPERATION.ENDS_WITH); + public static final FunctionDefinition FD_ANYURI_ENDS_WITH = new FunctionDefinitionStringFunctions<Boolean, URI>(XACML3.ID_FUNCTION_ANYURI_ENDS_WITH, DataTypes.DT_BOOLEAN, DataTypes.DT_ANYURI, FunctionDefinitionStringFunctions.OPERATION.ENDS_WITH); + public static final FunctionDefinition FD_STRING_CONTAINS = new FunctionDefinitionStringFunctions<Boolean,String>(XACML3.ID_FUNCTION_STRING_CONTAINS, DataTypes.DT_BOOLEAN, DataTypes.DT_STRING, FunctionDefinitionStringFunctions.OPERATION.CONTAINS); + public static final FunctionDefinition FD_ANYURI_CONTAINS = new FunctionDefinitionStringFunctions<Boolean, URI>(XACML3.ID_FUNCTION_ANYURI_CONTAINS, DataTypes.DT_BOOLEAN, DataTypes.DT_ANYURI, FunctionDefinitionStringFunctions.OPERATION.CONTAINS); + public static final FunctionDefinition FD_STRING_SUBSTRING = new FunctionDefinitionStringFunctions<String,String>(XACML3.ID_FUNCTION_STRING_SUBSTRING, DataTypes.DT_STRING, DataTypes.DT_STRING, FunctionDefinitionStringFunctions.OPERATION.SUBSTRING); + public static final FunctionDefinition FD_ANYURI_SUBSTRING = new FunctionDefinitionStringFunctions<String, URI>(XACML3.ID_FUNCTION_ANYURI_SUBSTRING, DataTypes.DT_STRING, DataTypes.DT_ANYURI, FunctionDefinitionStringFunctions.OPERATION.SUBSTRING); + + /* + * Bag functions (See A.3.10) + */ + public static final FunctionDefinition FD_STRING_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<String>(XACML3.ID_FUNCTION_STRING_ONE_AND_ONLY, DataTypes.DT_STRING); + public static final FunctionDefinition FD_BOOLEAN_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<Boolean>(XACML3.ID_FUNCTION_BOOLEAN_ONE_AND_ONLY, DataTypes.DT_BOOLEAN); + public static final FunctionDefinition FD_INTEGER_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<BigInteger>(XACML3.ID_FUNCTION_INTEGER_ONE_AND_ONLY, DataTypes.DT_INTEGER); + public static final FunctionDefinition FD_DOUBLE_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<Double>(XACML3.ID_FUNCTION_DOUBLE_ONE_AND_ONLY, DataTypes.DT_DOUBLE); + public static final FunctionDefinition FD_TIME_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<ISO8601Time>(XACML3.ID_FUNCTION_TIME_ONE_AND_ONLY, DataTypes.DT_TIME); + public static final FunctionDefinition FD_DATE_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<ISO8601Date>(XACML3.ID_FUNCTION_DATE_ONE_AND_ONLY, DataTypes.DT_DATE); + public static final FunctionDefinition FD_DATETIME_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_ONE_AND_ONLY, DataTypes.DT_DATETIME); + public static final FunctionDefinition FD_ANYURI_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<URI>(XACML3.ID_FUNCTION_ANYURI_ONE_AND_ONLY, DataTypes.DT_ANYURI); + public static final FunctionDefinition FD_HEXBINARY_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_ONE_AND_ONLY, DataTypes.DT_HEXBINARY); + public static final FunctionDefinition FD_BASE64BINARY_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_ONE_AND_ONLY, DataTypes.DT_BASE64BINARY); + public static final FunctionDefinition FD_DAYTIMEDURATION_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_ONE_AND_ONLY, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_DAYTIMEDURATION_ONE_AND_ONLY_VERSION1 = new FunctionDefinitionBagOneAndOnly<XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_ONE_AND_ONLY, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_ONE_AND_ONLY, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_ONE_AND_ONLY_VERSION1 = new FunctionDefinitionBagOneAndOnly<XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_ONE_AND_ONLY, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_X500NAME_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<X500Principal>(XACML3.ID_FUNCTION_X500NAME_ONE_AND_ONLY, DataTypes.DT_X500NAME); + public static final FunctionDefinition FD_RFC822NAME_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_ONE_AND_ONLY, DataTypes.DT_RFC822NAME); + public static final FunctionDefinition FD_IPADDRESS_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<IPAddress>(XACML3.ID_FUNCTION_IPADDRESS_ONE_AND_ONLY, DataTypes.DT_IPADDRESS); + public static final FunctionDefinition FD_DNSNAME_ONE_AND_ONLY = new FunctionDefinitionBagOneAndOnly<RFC2396DomainName>(XACML3.ID_FUNCTION_DNSNAME_ONE_AND_ONLY, DataTypes.DT_DNSNAME); + + public static final FunctionDefinition FD_STRING_BAG_SIZE = new FunctionDefinitionBagSize<String>(XACML3.ID_FUNCTION_STRING_BAG_SIZE, DataTypes.DT_STRING); + public static final FunctionDefinition FD_BOOLEAN_BAG_SIZE = new FunctionDefinitionBagSize<Boolean>(XACML3.ID_FUNCTION_BOOLEAN_BAG_SIZE, DataTypes.DT_BOOLEAN); + public static final FunctionDefinition FD_INTEGER_BAG_SIZE = new FunctionDefinitionBagSize<BigInteger>(XACML3.ID_FUNCTION_INTEGER_BAG_SIZE, DataTypes.DT_INTEGER); + public static final FunctionDefinition FD_DOUBLE_BAG_SIZE = new FunctionDefinitionBagSize<Double>(XACML3.ID_FUNCTION_DOUBLE_BAG_SIZE, DataTypes.DT_DOUBLE); + public static final FunctionDefinition FD_TIME_BAG_SIZE = new FunctionDefinitionBagSize<ISO8601Time>(XACML3.ID_FUNCTION_TIME_BAG_SIZE, DataTypes.DT_TIME); + public static final FunctionDefinition FD_DATE_BAG_SIZE = new FunctionDefinitionBagSize<ISO8601Date>(XACML3.ID_FUNCTION_DATE_BAG_SIZE, DataTypes.DT_DATE); + public static final FunctionDefinition FD_DATETIME_BAG_SIZE = new FunctionDefinitionBagSize<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_BAG_SIZE, DataTypes.DT_DATETIME); + public static final FunctionDefinition FD_ANYURI_BAG_SIZE = new FunctionDefinitionBagSize<URI>(XACML3.ID_FUNCTION_ANYURI_BAG_SIZE, DataTypes.DT_ANYURI); + public static final FunctionDefinition FD_HEXBINARY_BAG_SIZE = new FunctionDefinitionBagSize<HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_BAG_SIZE, DataTypes.DT_HEXBINARY); + public static final FunctionDefinition FD_BASE64BINARY_BAG_SIZE = new FunctionDefinitionBagSize<Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_BAG_SIZE, DataTypes.DT_BASE64BINARY); + public static final FunctionDefinition FD_DAYTIMEDURATION_BAG_SIZE = new FunctionDefinitionBagSize<XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_BAG_SIZE, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_DAYTIMEDURATION_BAG_SIZE_VERSION1 = new FunctionDefinitionBagSize<XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_BAG_SIZE, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_BAG_SIZE = new FunctionDefinitionBagSize<XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_BAG_SIZE, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_BAG_SIZE_VERSION1 = new FunctionDefinitionBagSize<XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_BAG_SIZE, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_X500NAME_BAG_SIZE = new FunctionDefinitionBagSize<X500Principal>(XACML3.ID_FUNCTION_X500NAME_BAG_SIZE, DataTypes.DT_X500NAME); + public static final FunctionDefinition FD_RFC822NAME_BAG_SIZE = new FunctionDefinitionBagSize<RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_BAG_SIZE, DataTypes.DT_RFC822NAME); + public static final FunctionDefinition FD_IPADDRESS_BAG_SIZE = new FunctionDefinitionBagSize<IPAddress>(XACML3.ID_FUNCTION_IPADDRESS_BAG_SIZE, DataTypes.DT_IPADDRESS); + public static final FunctionDefinition FD_DNSNAME_BAG_SIZE = new FunctionDefinitionBagSize<RFC2396DomainName>(XACML3.ID_FUNCTION_DNSNAME_BAG_SIZE, DataTypes.DT_DNSNAME); + + public static final FunctionDefinition FD_STRING_IS_IN = new FunctionDefinitionBagIsIn<String>(XACML3.ID_FUNCTION_STRING_IS_IN, DataTypes.DT_STRING); + public static final FunctionDefinition FD_BOOLEAN_IS_IN = new FunctionDefinitionBagIsIn<Boolean>(XACML3.ID_FUNCTION_BOOLEAN_IS_IN, DataTypes.DT_BOOLEAN); + public static final FunctionDefinition FD_INTEGER_IS_IN = new FunctionDefinitionBagIsIn<BigInteger>(XACML3.ID_FUNCTION_INTEGER_IS_IN, DataTypes.DT_INTEGER); + public static final FunctionDefinition FD_DOUBLE_IS_IN = new FunctionDefinitionBagIsIn<Double>(XACML3.ID_FUNCTION_DOUBLE_IS_IN, DataTypes.DT_DOUBLE); + public static final FunctionDefinition FD_TIME_IS_IN = new FunctionDefinitionBagIsIn<ISO8601Time>(XACML3.ID_FUNCTION_TIME_IS_IN, DataTypes.DT_TIME); + public static final FunctionDefinition FD_DATE_IS_IN = new FunctionDefinitionBagIsIn<ISO8601Date>(XACML3.ID_FUNCTION_DATE_IS_IN, DataTypes.DT_DATE); + public static final FunctionDefinition FD_DATETIME_IS_IN = new FunctionDefinitionBagIsIn<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_IS_IN, DataTypes.DT_DATETIME); + public static final FunctionDefinition FD_ANYURI_IS_IN = new FunctionDefinitionBagIsIn<URI>(XACML3.ID_FUNCTION_ANYURI_IS_IN, DataTypes.DT_ANYURI); + public static final FunctionDefinition FD_HEXBINARY_IS_IN = new FunctionDefinitionBagIsIn<HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_IS_IN, DataTypes.DT_HEXBINARY); + public static final FunctionDefinition FD_BASE64BINARY_IS_IN = new FunctionDefinitionBagIsIn<Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_IS_IN, DataTypes.DT_BASE64BINARY); + public static final FunctionDefinition FD_DAYTIMEDURATION_IS_IN = new FunctionDefinitionBagIsIn<XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_IS_IN, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_DAYTIMEDURATION_IS_IN_VERSION1 = new FunctionDefinitionBagIsIn<XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_IS_IN, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_IS_IN = new FunctionDefinitionBagIsIn<XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_IS_IN, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_IS_IN_VERSION1 = new FunctionDefinitionBagIsIn<XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_IS_IN, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_X500NAME_IS_IN = new FunctionDefinitionBagIsIn<X500Principal>(XACML3.ID_FUNCTION_X500NAME_IS_IN, DataTypes.DT_X500NAME); + public static final FunctionDefinition FD_RFC822NAME_IS_IN = new FunctionDefinitionBagIsIn<RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_IS_IN, DataTypes.DT_RFC822NAME); + public static final FunctionDefinition FD_IPADDRESS_IS_IN = new FunctionDefinitionBagIsIn<IPAddress>(XACML3.ID_FUNCTION_IPADDRESS_IS_IN, DataTypes.DT_IPADDRESS); + public static final FunctionDefinition FD_DNSNAME_IS_IN = new FunctionDefinitionBagIsIn<RFC2396DomainName>(XACML3.ID_FUNCTION_DNSNAME_IS_IN, DataTypes.DT_DNSNAME); + + public static final FunctionDefinition FD_STRING_BAG = new FunctionDefinitionBag<String>(XACML3.ID_FUNCTION_STRING_BAG, DataTypes.DT_STRING); + public static final FunctionDefinition FD_BOOLEAN_BAG = new FunctionDefinitionBag<Boolean>(XACML3.ID_FUNCTION_BOOLEAN_BAG, DataTypes.DT_BOOLEAN); + public static final FunctionDefinition FD_INTEGER_BAG = new FunctionDefinitionBag<BigInteger>(XACML3.ID_FUNCTION_INTEGER_BAG, DataTypes.DT_INTEGER); + public static final FunctionDefinition FD_DOUBLE_BAG = new FunctionDefinitionBag<Double>(XACML3.ID_FUNCTION_DOUBLE_BAG, DataTypes.DT_DOUBLE); + public static final FunctionDefinition FD_TIME_BAG = new FunctionDefinitionBag<ISO8601Time>(XACML3.ID_FUNCTION_TIME_BAG, DataTypes.DT_TIME); + public static final FunctionDefinition FD_DATE_BAG = new FunctionDefinitionBag<ISO8601Date>(XACML3.ID_FUNCTION_DATE_BAG, DataTypes.DT_DATE); + public static final FunctionDefinition FD_DATETIME_BAG = new FunctionDefinitionBag<ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_BAG, DataTypes.DT_DATETIME); + public static final FunctionDefinition FD_ANYURI_BAG = new FunctionDefinitionBag<URI>(XACML3.ID_FUNCTION_ANYURI_BAG, DataTypes.DT_ANYURI); + public static final FunctionDefinition FD_HEXBINARY_BAG = new FunctionDefinitionBag<HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_BAG, DataTypes.DT_HEXBINARY); + public static final FunctionDefinition FD_BASE64BINARY_BAG = new FunctionDefinitionBag<Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_BAG, DataTypes.DT_BASE64BINARY); + public static final FunctionDefinition FD_DAYTIMEDURATION_BAG = new FunctionDefinitionBag<XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_BAG, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_DAYTIMEDURATION_BAG_VERSION1 = new FunctionDefinitionBag<XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_BAG, DataTypes.DT_DAYTIMEDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_BAG = new FunctionDefinitionBag<XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_BAG, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_YEARMONTHDURATION_BAG_VERSION1 = new FunctionDefinitionBag<XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_BAG, DataTypes.DT_YEARMONTHDURATION); + public static final FunctionDefinition FD_X500NAME_BAG = new FunctionDefinitionBag<X500Principal>(XACML3.ID_FUNCTION_X500NAME_BAG, DataTypes.DT_X500NAME); + public static final FunctionDefinition FD_RFC822NAME_BAG = new FunctionDefinitionBag<RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_BAG, DataTypes.DT_RFC822NAME); + public static final FunctionDefinition FD_IPADDRESS_BAG = new FunctionDefinitionBag<IPAddress>(XACML3.ID_FUNCTION_IPADDRESS_BAG, DataTypes.DT_IPADDRESS); + public static final FunctionDefinition FD_DNSNAME_BAG = new FunctionDefinitionBag<RFC2396DomainName>(XACML3.ID_FUNCTION_DNSNAME_BAG, DataTypes.DT_DNSNAME); + + + /* + * Set Functions (See A.3.11) + * + * (According to section 10.2.8, this doesn't seem to include + * IPAddress or DNSName datatype). This is because Xacml 3.0 did NOT + * define an equality operator for these 2 types. See discussion: + * + * https://lists.oasis-open.org/archives/xacml/201104/msg00014.html + * + * Also section 10.2.8 is missing XPathExpression versions of these functions. + * + */ + public static final FunctionDefinition FD_STRING_INTERSECTION = new FunctionDefinitionSet<String,String>(XACML3.ID_FUNCTION_STRING_INTERSECTION, DataTypes.DT_STRING, DataTypes.DT_STRING, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_BOOLEAN_INTERSECTION = new FunctionDefinitionSet<Boolean,Boolean>(XACML3.ID_FUNCTION_BOOLEAN_INTERSECTION, DataTypes.DT_BOOLEAN, DataTypes.DT_BOOLEAN, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_INTEGER_INTERSECTION = new FunctionDefinitionSet<BigInteger,BigInteger>(XACML3.ID_FUNCTION_INTEGER_INTERSECTION, DataTypes.DT_INTEGER, DataTypes.DT_INTEGER, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_DOUBLE_INTERSECTION = new FunctionDefinitionSet<Double,Double>(XACML3.ID_FUNCTION_DOUBLE_INTERSECTION, DataTypes.DT_DOUBLE, DataTypes.DT_DOUBLE, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_TIME_INTERSECTION = new FunctionDefinitionSet<ISO8601Time,ISO8601Time>(XACML3.ID_FUNCTION_TIME_INTERSECTION, DataTypes.DT_TIME, DataTypes.DT_TIME, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_DATE_INTERSECTION = new FunctionDefinitionSet<ISO8601Date,ISO8601Date>(XACML3.ID_FUNCTION_DATE_INTERSECTION, DataTypes.DT_DATE, DataTypes.DT_DATE, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_DATETIME_INTERSECTION = new FunctionDefinitionSet<ISO8601DateTime, ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_INTERSECTION, DataTypes.DT_DATETIME, DataTypes.DT_DATETIME, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_ANYURI_INTERSECTION = new FunctionDefinitionSet<URI, URI>(XACML3.ID_FUNCTION_ANYURI_INTERSECTION, DataTypes.DT_ANYURI, DataTypes.DT_ANYURI, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_HEXBINARY_INTERSECTION = new FunctionDefinitionSet<HexBinary,HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_INTERSECTION, DataTypes.DT_HEXBINARY, DataTypes.DT_HEXBINARY, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_BASE64BINARY_INTERSECTION = new FunctionDefinitionSet<Base64Binary,Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_INTERSECTION, DataTypes.DT_BASE64BINARY, DataTypes.DT_BASE64BINARY, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_DAYTIMEDURATION_INTERSECTION = new FunctionDefinitionSet<XPathDayTimeDuration,XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_INTERSECTION, DataTypes.DT_DAYTIMEDURATION, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_DAYTIMEDURATION_INTERSECTION_VERSION1 = new FunctionDefinitionSet<XPathDayTimeDuration,XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_INTERSECTION, DataTypes.DT_DAYTIMEDURATION, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_YEARMONTHDURATION_INTERSECTION = new FunctionDefinitionSet<XPathYearMonthDuration,XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_INTERSECTION, DataTypes.DT_YEARMONTHDURATION, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_YEARMONTHDURATION_INTERSECTION_VERSION1 = new FunctionDefinitionSet<XPathYearMonthDuration,XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_INTERSECTION, DataTypes.DT_YEARMONTHDURATION, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_X500NAME_INTERSECTION = new FunctionDefinitionSet<X500Principal,X500Principal>(XACML3.ID_FUNCTION_X500NAME_INTERSECTION, DataTypes.DT_X500NAME, DataTypes.DT_X500NAME, FunctionDefinitionSet.OPERATION.INTERSECTION); + public static final FunctionDefinition FD_RFC822NAME_INTERSECTION = new FunctionDefinitionSet<RFC822Name,RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_INTERSECTION, DataTypes.DT_RFC822NAME, DataTypes.DT_RFC822NAME, FunctionDefinitionSet.OPERATION.INTERSECTION); + + public static final FunctionDefinition FD_STRING_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,String>(XACML3.ID_FUNCTION_STRING_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_STRING, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_BOOLEAN_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,Boolean>(XACML3.ID_FUNCTION_BOOLEAN_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_BOOLEAN, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_INTEGER_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,BigInteger>(XACML3.ID_FUNCTION_INTEGER_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_INTEGER, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_DOUBLE_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,Double>(XACML3.ID_FUNCTION_DOUBLE_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_DOUBLE, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_TIME_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,ISO8601Time>(XACML3.ID_FUNCTION_TIME_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_TIME, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_DATE_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,ISO8601Date>(XACML3.ID_FUNCTION_DATE_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_DATE, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_DATETIME_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean, ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_DATETIME, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_ANYURI_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean, URI>(XACML3.ID_FUNCTION_ANYURI_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_ANYURI, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_HEXBINARY_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_HEXBINARY, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_BASE64BINARY_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_BASE64BINARY, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_DAYTIMEDURATION_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_DAYTIMEDURATION_AT_LEAST_ONE_MEMBER_OF_VERSION1 = new FunctionDefinitionSet<Boolean,XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_YEARMONTHDURATION_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_YEARMONTHDURATION_AT_LEAST_ONE_MEMBER_OF_VERSION1 = new FunctionDefinitionSet<Boolean,XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_X500NAME_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,X500Principal>(XACML3.ID_FUNCTION_X500NAME_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_X500NAME, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + public static final FunctionDefinition FD_RFC822NAME_AT_LEAST_ONE_MEMBER_OF = new FunctionDefinitionSet<Boolean,RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_AT_LEAST_ONE_MEMBER_OF, DataTypes.DT_BOOLEAN, DataTypes.DT_RFC822NAME, FunctionDefinitionSet.OPERATION.AT_LEAST_ONE_MEMBER_OF); + + public static final FunctionDefinition FD_STRING_UNION = new FunctionDefinitionSet<String,String>(XACML3.ID_FUNCTION_STRING_UNION, DataTypes.DT_STRING, DataTypes.DT_STRING, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_BOOLEAN_UNION = new FunctionDefinitionSet<Boolean,Boolean>(XACML3.ID_FUNCTION_BOOLEAN_UNION, DataTypes.DT_BOOLEAN, DataTypes.DT_BOOLEAN, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_INTEGER_UNION = new FunctionDefinitionSet<BigInteger,BigInteger>(XACML3.ID_FUNCTION_INTEGER_UNION, DataTypes.DT_INTEGER, DataTypes.DT_INTEGER, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_DOUBLE_UNION = new FunctionDefinitionSet<Double,Double>(XACML3.ID_FUNCTION_DOUBLE_UNION, DataTypes.DT_DOUBLE, DataTypes.DT_DOUBLE, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_TIME_UNION = new FunctionDefinitionSet<ISO8601Time,ISO8601Time>(XACML3.ID_FUNCTION_TIME_UNION, DataTypes.DT_TIME, DataTypes.DT_TIME, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_DATE_UNION = new FunctionDefinitionSet<ISO8601Date,ISO8601Date>(XACML3.ID_FUNCTION_DATE_UNION, DataTypes.DT_DATE, DataTypes.DT_DATE, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_DATETIME_UNION = new FunctionDefinitionSet<ISO8601DateTime, ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_UNION, DataTypes.DT_DATETIME, DataTypes.DT_DATETIME, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_ANYURI_UNION = new FunctionDefinitionSet<URI, URI>(XACML3.ID_FUNCTION_ANYURI_UNION, DataTypes.DT_ANYURI, DataTypes.DT_ANYURI, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_HEXBINARY_UNION = new FunctionDefinitionSet<HexBinary,HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_UNION, DataTypes.DT_HEXBINARY, DataTypes.DT_HEXBINARY, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_BASE64BINARY_UNION = new FunctionDefinitionSet<Base64Binary,Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_UNION, DataTypes.DT_BASE64BINARY, DataTypes.DT_BASE64BINARY, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_DAYTIMEDURATION_UNION = new FunctionDefinitionSet<XPathDayTimeDuration,XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_UNION, DataTypes.DT_DAYTIMEDURATION, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_DAYTIMEDURATION_UNION_VERSION1 = new FunctionDefinitionSet<XPathDayTimeDuration,XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_UNION, DataTypes.DT_DAYTIMEDURATION, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_YEARMONTHDURATION_UNION = new FunctionDefinitionSet<XPathYearMonthDuration,XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_UNION, DataTypes.DT_YEARMONTHDURATION, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_YEARMONTHDURATION_UNION_VERSION1 = new FunctionDefinitionSet<XPathYearMonthDuration,XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_UNION, DataTypes.DT_YEARMONTHDURATION, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_X500NAME_UNION = new FunctionDefinitionSet<X500Principal,X500Principal>(XACML3.ID_FUNCTION_X500NAME_UNION, DataTypes.DT_X500NAME, DataTypes.DT_X500NAME, FunctionDefinitionSet.OPERATION.UNION); + public static final FunctionDefinition FD_RFC822NAME_UNION = new FunctionDefinitionSet<RFC822Name,RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_UNION, DataTypes.DT_RFC822NAME, DataTypes.DT_RFC822NAME, FunctionDefinitionSet.OPERATION.UNION); + + public static final FunctionDefinition FD_STRING_SUBSET = new FunctionDefinitionSet<Boolean,String>(XACML3.ID_FUNCTION_STRING_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_STRING, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_BOOLEAN_SUBSET = new FunctionDefinitionSet<Boolean,Boolean>(XACML3.ID_FUNCTION_BOOLEAN_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_BOOLEAN, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_INTEGER_SUBSET = new FunctionDefinitionSet<Boolean,BigInteger>(XACML3.ID_FUNCTION_INTEGER_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_INTEGER, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_DOUBLE_SUBSET = new FunctionDefinitionSet<Boolean,Double>(XACML3.ID_FUNCTION_DOUBLE_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_DOUBLE, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_TIME_SUBSET = new FunctionDefinitionSet<Boolean,ISO8601Time>(XACML3.ID_FUNCTION_TIME_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_TIME, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_DATE_SUBSET = new FunctionDefinitionSet<Boolean,ISO8601Date>(XACML3.ID_FUNCTION_DATE_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_DATE, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_DATETIME_SUBSET = new FunctionDefinitionSet<Boolean, ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_DATETIME, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_ANYURI_SUBSET = new FunctionDefinitionSet<Boolean, URI>(XACML3.ID_FUNCTION_ANYURI_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_ANYURI, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_HEXBINARY_SUBSET = new FunctionDefinitionSet<Boolean,HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_HEXBINARY, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_BASE64BINARY_SUBSET = new FunctionDefinitionSet<Boolean,Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_BASE64BINARY, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_DAYTIMEDURATION_SUBSET = new FunctionDefinitionSet<Boolean,XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_DAYTIMEDURATION_SUBSET_VERSION1 = new FunctionDefinitionSet<Boolean,XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_YEARMONTHDURATION_SUBSET = new FunctionDefinitionSet<Boolean,XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_YEARMONTHDURATION_SUBSET_VERSION1 = new FunctionDefinitionSet<Boolean,XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_X500NAME_SUBSET = new FunctionDefinitionSet<Boolean,X500Principal>(XACML3.ID_FUNCTION_X500NAME_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_X500NAME, FunctionDefinitionSet.OPERATION.SUBSET); + public static final FunctionDefinition FD_RFC822NAME_SUBSET = new FunctionDefinitionSet<Boolean,RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_SUBSET, DataTypes.DT_BOOLEAN, DataTypes.DT_RFC822NAME, FunctionDefinitionSet.OPERATION.SUBSET); + + public static final FunctionDefinition FD_STRING_SET_EQUALS = new FunctionDefinitionSet<Boolean,String>(XACML3.ID_FUNCTION_STRING_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_STRING, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_BOOLEAN_SET_EQUALS = new FunctionDefinitionSet<Boolean,Boolean>(XACML3.ID_FUNCTION_BOOLEAN_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_BOOLEAN, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_INTEGER_SET_EQUALS = new FunctionDefinitionSet<Boolean,BigInteger>(XACML3.ID_FUNCTION_INTEGER_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_INTEGER, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_DOUBLE_SET_EQUALS = new FunctionDefinitionSet<Boolean,Double>(XACML3.ID_FUNCTION_DOUBLE_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_DOUBLE, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_TIME_SET_EQUALS = new FunctionDefinitionSet<Boolean,ISO8601Time>(XACML3.ID_FUNCTION_TIME_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_TIME, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_DATE_SET_EQUALS = new FunctionDefinitionSet<Boolean,ISO8601Date>(XACML3.ID_FUNCTION_DATE_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_DATE, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_DATETIME_SET_EQUALS = new FunctionDefinitionSet<Boolean, ISO8601DateTime>(XACML3.ID_FUNCTION_DATETIME_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_DATETIME, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_ANYURI_SET_EQUALS = new FunctionDefinitionSet<Boolean, URI>(XACML3.ID_FUNCTION_ANYURI_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_ANYURI, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_HEXBINARY_SET_EQUALS = new FunctionDefinitionSet<Boolean,HexBinary>(XACML3.ID_FUNCTION_HEXBINARY_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_HEXBINARY, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_BASE64BINARY_SET_EQUALS = new FunctionDefinitionSet<Boolean,Base64Binary>(XACML3.ID_FUNCTION_BASE64BINARY_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_BASE64BINARY, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_DAYTIMEDURATION_SET_EQUALS = new FunctionDefinitionSet<Boolean,XPathDayTimeDuration>(XACML3.ID_FUNCTION_DAYTIMEDURATION_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_DAYTIMEDURATION_SET_EQUALS_VERSION1 = new FunctionDefinitionSet<Boolean,XPathDayTimeDuration>(XACML1.ID_FUNCTION_DAYTIMEDURATION_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_DAYTIMEDURATION, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_YEARMONTHDURATION_SET_EQUALS = new FunctionDefinitionSet<Boolean,XPathYearMonthDuration>(XACML3.ID_FUNCTION_YEARMONTHDURATION_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_YEARMONTHDURATION_SET_EQUALS_VERSION1 = new FunctionDefinitionSet<Boolean,XPathYearMonthDuration>(XACML1.ID_FUNCTION_YEARMONTHDURATION_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_YEARMONTHDURATION, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_X500NAME_SET_EQUALS = new FunctionDefinitionSet<Boolean,X500Principal>(XACML3.ID_FUNCTION_X500NAME_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_X500NAME, FunctionDefinitionSet.OPERATION.SET_EQUALS); + public static final FunctionDefinition FD_RFC822NAME_SET_EQUALS = new FunctionDefinitionSet<Boolean,RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_SET_EQUALS, DataTypes.DT_BOOLEAN, DataTypes.DT_RFC822NAME, FunctionDefinitionSet.OPERATION.SET_EQUALS); + + + /* + * Higher Order Bag functions (See A.3.12) + */ + public static final FunctionDefinition FD_ANY_OF = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML3.ID_FUNCTION_ANY_OF, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ANY_OF); + public static final FunctionDefinition FD_ANY_OF_VERSION1 = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML1.ID_FUNCTION_ANY_OF, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ANY_OF); + public static final FunctionDefinition FD_ALL_OF = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML3.ID_FUNCTION_ALL_OF, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ALL_OF); + public static final FunctionDefinition FD_ALL_OF_VERSION1 = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML1.ID_FUNCTION_ALL_OF, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ALL_OF); + public static final FunctionDefinition FD_ANY_OF_ANY = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML3.ID_FUNCTION_ANY_OF_ANY, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ANY_OF_ANY); + public static final FunctionDefinition FD_ANY_OF_ANY_VERSION1 = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML1.ID_FUNCTION_ANY_OF_ANY, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ANY_OF_ANY); + public static final FunctionDefinition FD_ALL_OF_ANY = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML3.ID_FUNCTION_ALL_OF_ANY, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ALL_OF_ANY); + public static final FunctionDefinition FD_ANY_OF_ALL = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML3.ID_FUNCTION_ANY_OF_ALL, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ANY_OF_ALL); + public static final FunctionDefinition FD_ALL_OF_ALL = new FunctionDefinitionHigherOrderBag<Boolean,Object>(XACML3.ID_FUNCTION_ALL_OF_ALL, DataTypes.DT_BOOLEAN, null, FunctionDefinitionHigherOrderBag.OPERATION.ALL_OF_ALL); + public static final FunctionDefinition FD_MAP = new FunctionDefinitionHigherOrderBag<Object,Object>(XACML3.ID_FUNCTION_MAP, null, null, FunctionDefinitionHigherOrderBag.OPERATION.MAP); + public static final FunctionDefinition FD_MAP_VERSION1 = new FunctionDefinitionHigherOrderBag<Object,Object>(XACML1.ID_FUNCTION_MAP, null, null, FunctionDefinitionHigherOrderBag.OPERATION.MAP); + + + /* + * Regular Expression functions (See A.3.13) + */ + public static final FunctionDefinition FD_STRING_REGEXP_MATCH = new FunctionDefinitionRegexpMatch<String>(XACML3.ID_FUNCTION_STRING_REGEXP_MATCH, DataTypes.DT_STRING); + public static final FunctionDefinition FD_ANYURI_REGEXP_MATCH = new FunctionDefinitionRegexpMatch<URI>(XACML3.ID_FUNCTION_ANYURI_REGEXP_MATCH, DataTypes.DT_ANYURI); + public static final FunctionDefinition FD_IPADDRESS_REGEXP_MATCH = new FunctionDefinitionRegexpMatch<IPAddress>(XACML3.ID_FUNCTION_IPADDRESS_REGEXP_MATCH, DataTypes.DT_IPADDRESS); + public static final FunctionDefinition FD_DNSNAME_REGEXP_MATCH = new FunctionDefinitionRegexpMatch<RFC2396DomainName>(XACML3.ID_FUNCTION_DNSNAME_REGEXP_MATCH, DataTypes.DT_DNSNAME); + public static final FunctionDefinition FD_RFC822NAME_REGEXP_MATCH = new FunctionDefinitionRegexpMatch<RFC822Name>(XACML3.ID_FUNCTION_RFC822NAME_REGEXP_MATCH, DataTypes.DT_RFC822NAME); + public static final FunctionDefinition FD_X500NAME_REGEXP_MATCH = new FunctionDefinitionRegexpMatch<X500Principal>(XACML3.ID_FUNCTION_X500NAME_REGEXP_MATCH, DataTypes.DT_X500NAME); + + + /* + * Special Match functions (See A.3.14) + */ + public static final FunctionDefinition FD_X500NAME_MATCH = new FunctionDefinitionX500NameMatch(XACML3.ID_FUNCTION_X500NAME_MATCH); + public static final FunctionDefinition FD_RFC822NAME_MATCH = new FunctionDefinitionRFC822NameMatch(XACML3.ID_FUNCTION_RFC822NAME_MATCH); + + /* + * XPath based functions (See A.3.15) + * + * THESE ARE OPTIONAL + * + */ + public static final FunctionDefinition FD_XPATH_NODE_COUNT = new FunctionDefinitionXPath<BigInteger>(XACML3.ID_FUNCTION_XPATH_NODE_COUNT, DataTypes.DT_INTEGER, FunctionDefinitionXPath.OPERATION.COUNT); +// public static final FunctionDefinition FD_XPATH_NODE_COUNT_VERSION1 = new FunctionDefinitionXPath<BigInteger>(XACML1.ID_FUNCTION_XPATH_NODE_COUNT, DataTypes.DT_INTEGER, FunctionDefinitionXPath.OPERATION.COUNT); + public static final FunctionDefinition FD_XPATH_NODE_EQUAL = new FunctionDefinitionXPath<Boolean>(XACML3.ID_FUNCTION_XPATH_NODE_EQUAL, DataTypes.DT_BOOLEAN, FunctionDefinitionXPath.OPERATION.EQUAL); +// public static final FunctionDefinition FD_XPATH_NODE_EQUAL_VERSION1 = new FunctionDefinitionXPath<Boolean>(XACML1.ID_FUNCTION_XPATH_NODE_EQUAL, DataTypes.DT_BOOLEAN, FunctionDefinitionXPath.OPERATION.EQUAL); + public static final FunctionDefinition FD_XPATH_NODE_MATCH = new FunctionDefinitionXPath<Boolean>(XACML3.ID_FUNCTION_XPATH_NODE_MATCH, DataTypes.DT_BOOLEAN, FunctionDefinitionXPath.OPERATION.MATCH); +// public static final FunctionDefinition FD_XPATH_NODE_MATCH_VERSION1 = new FunctionDefinitionXPath<Boolean>(XACML1.ID_FUNCTION_XPATH_NODE_MATCH, DataTypes.DT_BOOLEAN, FunctionDefinitionXPath.OPERATION.MATCH); + + + /* + * Other functions (See A.3.16) + * + * THIS ONE IS OPTIONAL + * + */ + public static final FunctionDefinition FD_ACCESS_PERMITTED = new FunctionDefinitionAccessPermitted(XACML3.ID_FUNCTION_ACCESS_PERMITTED); + + + /* + * Deprecated functions (See A.4) + * + */ + public static final FunctionDefinition FD_URI_STRING_CONCATENATE = new FunctionDefinitionURIStringConcatenate(XACML2.ID_FUNCTION_URI_STRING_CONCATENATE); + + +}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdPolicyFinder.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdPolicyFinder.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdPolicyFinder.java new file mode 100755 index 0000000..4463fba --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdPolicyFinder.java @@ -0,0 +1,373 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std; + +import java.io.InputStream; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URL; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import com.att.research.xacml.api.IdReferenceMatch; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Version; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.eval.MatchResult; +import com.att.research.xacmlatt.pdp.policy.Policy; +import com.att.research.xacmlatt.pdp.policy.PolicyDef; +import com.att.research.xacmlatt.pdp.policy.PolicyFinder; +import com.att.research.xacmlatt.pdp.policy.PolicyFinderResult; +import com.att.research.xacmlatt.pdp.policy.PolicySet; +import com.att.research.xacmlatt.pdp.policy.PolicySetChild; +import com.att.research.xacmlatt.pdp.policy.dom.DOMPolicyDef; + +/** + * StdPolicyFinder implements the {@link com.att.research.xacmlatt.pdp.policy.PolicyFinder} interface to look up policies + * by their internal ID or an externally visible ID. + * + * @author car + * @version $Revision: 1.4 $ + */ +public class StdPolicyFinder implements PolicyFinder { + private static final PolicyFinderResult<PolicyDef> PFR_MULTIPLE = new StdPolicyFinderResult<PolicyDef>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Multiple applicable root policies")); + private static final PolicyFinderResult<PolicyDef> PFR_NOT_FOUND = new StdPolicyFinderResult<PolicyDef>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No matching root policy found")); + + private static final PolicyFinderResult<Policy> PFR_POLICY_NOT_FOUND = new StdPolicyFinderResult<Policy>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No matching policy found")); + private static final PolicyFinderResult<Policy> PFR_NOT_A_POLICY = new StdPolicyFinderResult<Policy>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Not a policy")); + private static final PolicyFinderResult<PolicySet> PFR_POLICYSET_NOT_FOUND = new StdPolicyFinderResult<PolicySet>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No matching policy set found")); + private static final PolicyFinderResult<PolicySet> PFR_NOT_A_POLICYSET = new StdPolicyFinderResult<PolicySet>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Not a policy set")); + + private Log logger = LogFactory.getLog(this.getClass()); + private List<PolicyDef> listRoots = new ArrayList<PolicyDef>(); + private Map<Identifier,List<PolicyDef>> mapPolicies = new HashMap<Identifier,List<PolicyDef>>(); + + public static class StdPolicyFinderException extends Exception { + private static final long serialVersionUID = -8969282995787463288L; + public StdPolicyFinderException(String msg) { + super(msg); + } + public StdPolicyFinderException(String msg, Throwable cause) { + super(msg, cause); + } + } + + private void storeInPolicyMap(PolicyDef policyDef) { + List<PolicyDef> listPolicyDefs = this.mapPolicies.get(policyDef.getIdentifier()); + if (listPolicyDefs == null) { + listPolicyDefs = new ArrayList<PolicyDef>(); + this.mapPolicies.put(policyDef.getIdentifier(), listPolicyDefs); + } + listPolicyDefs.add(policyDef); + } + + private <T extends PolicyDef> List<T> getFromPolicyMap(IdReferenceMatch idReferenceMatch, Class<T> classPolicyDef) { + /* + * Get all of the PolicyDefs for the Identifier in the reference match + */ + List<PolicyDef> listPolicyDefForId = this.mapPolicies.get(idReferenceMatch.getId()); + if (listPolicyDefForId == null) { + return null; + } + + /* + * Iterate over all of the PolicyDefs that were found and select only the ones that match + * the version request and the isPolicySet + */ + List<T> listPolicyDefMatches = null; + Iterator<PolicyDef> iterPolicyDefs = listPolicyDefForId.iterator(); + while (iterPolicyDefs.hasNext()) { + PolicyDef policyDef = iterPolicyDefs.next(); + if (classPolicyDef.isInstance(policyDef) && policyDef.matches(idReferenceMatch)) { + if (listPolicyDefMatches == null) { + listPolicyDefMatches = new ArrayList<T>(); + } + listPolicyDefMatches.add(classPolicyDef.cast(policyDef)); + } + } + + return listPolicyDefMatches; + } + + private <T extends PolicyDef> T getBestMatchN(List<T> matches) { + T bestMatch = null; + Version bestVersion = null; + Iterator<T> iterMatches = matches.iterator(); + + while (iterMatches.hasNext()) { + T match = iterMatches.next(); + if (bestMatch == null) { + bestMatch = match; + bestVersion = match.getVersion(); + } else { + Version matchVersion = match.getVersion(); + if (matchVersion != null) { + if (matchVersion.compareTo(bestVersion) > 0) { + bestMatch = match; + bestVersion = matchVersion; + } + } + } + } + return bestMatch; + } + + private <T extends PolicyDef> T getBestMatch(List<T> matches) { + switch(matches.size()) { + case 0: + return null; + case 1: + return matches.get(0); + default: + return this.getBestMatchN(matches); + } + } + + private PolicyDef loadPolicyDefFromURI(URI uri) throws StdPolicyFinderException { + PolicyDef policyDef = null; + InputStream inputStream = null; + try { + this.logger.info("Loading policy from URI " + uri.toString()); + URL url = uri.toURL(); + this.logger.debug("Loading policy from URL " + url.toString()); + + inputStream = url.openStream(); + policyDef = DOMPolicyDef.load(inputStream); + } catch (MalformedURLException ex) { + this.logger.debug("Unknown protocol for URI " + uri.toString()); + return null; + } catch (Exception ex) { + this.logger.error("Exception loading policy definition", ex); + throw new StdPolicyFinderException("Exception loading policy def from \"" + uri.toString() + "\": " + ex.getMessage(), ex); + } finally { + if (inputStream != null) { + try { + inputStream.close(); + } catch (Exception ex) { + + } + } + } + return policyDef; + } + + /** + * Looks up the given {@link com.att.research.xacml.api.Identifier} in the map first. If not found, and the <code>Identifier</code> contains + * a URL, then attempts to retrieve the document from the URL and caches it. + * + * @param idReferenceMatch the <code>IdReferenceMatch</code> to look up + * @return a <code>PolicyFinderResult</code> with the requested <code>Policy</code> or an error status + */ + private PolicyFinderResult<Policy> lookupPolicyByIdentifier(IdReferenceMatch idReferenceMatch) { + List<Policy> listCachedPolicies = this.getFromPolicyMap(idReferenceMatch, Policy.class); + if (listCachedPolicies == null) { + Identifier id = idReferenceMatch.getId(); + if (id != null) { + URI uri = id.getUri(); + if (uri != null && uri.isAbsolute()) { + PolicyDef policyDef = null; + try { + policyDef = this.loadPolicyDefFromURI(uri); + } catch (StdPolicyFinderException ex) { + return new StdPolicyFinderResult<Policy>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, ex.getMessage())); + } + if (policyDef != null) { + if (policyDef instanceof Policy) { + List<PolicyDef> listPolicyDefs = new ArrayList<PolicyDef>(); + listPolicyDefs.add(policyDef); + this.mapPolicies.put(id, listPolicyDefs); + this.mapPolicies.put(policyDef.getIdentifier(), listPolicyDefs); + return new StdPolicyFinderResult<Policy>((Policy)policyDef); + } else { + return PFR_NOT_A_POLICY; + } + } else { + return PFR_POLICY_NOT_FOUND; + } + } + } + } + if (listCachedPolicies != null) { + return new StdPolicyFinderResult<Policy>(this.getBestMatch(listCachedPolicies)); + } else { + return PFR_POLICY_NOT_FOUND; + } + } + + /** + * Looks up the given {@link com.att.research.xacml.api.Identifier} in the map first. If not found, and the <code>Identifier</code> contains + * a URL, then attempts to retrieve the document from the URL and caches it. + * + * @param idReferenceMatch the <code>IdReferenceMatch</code> to look up + * @return a <code>PolicyFinderResult</code> with the requested <code>PolicySet</code> or an error status + */ + private PolicyFinderResult<PolicySet> lookupPolicySetByIdentifier(IdReferenceMatch idReferenceMatch) { + List<PolicySet> listCachedPolicySets = this.getFromPolicyMap(idReferenceMatch, PolicySet.class); + if (listCachedPolicySets == null) { + Identifier id = idReferenceMatch.getId(); + if (id != null) { + URI uri = id.getUri(); + if (uri != null && uri.isAbsolute()) { + PolicyDef policyDef = null; + try { + policyDef = this.loadPolicyDefFromURI(uri); + } catch (StdPolicyFinderException ex) { + return new StdPolicyFinderResult<PolicySet>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, ex.getMessage())); + } + if (policyDef != null) { + if (policyDef instanceof PolicySet) { + List<PolicyDef> listPolicyDefs = new ArrayList<PolicyDef>(); + listPolicyDefs.add(policyDef); + this.mapPolicies.put(id, listPolicyDefs); + this.mapPolicies.put(policyDef.getIdentifier(), listPolicyDefs); + return new StdPolicyFinderResult<PolicySet>((PolicySet)policyDef); + } else { + return PFR_NOT_A_POLICYSET; + } + } else { + return PFR_POLICYSET_NOT_FOUND; + } + } + } + } + if (listCachedPolicySets != null) { + return new StdPolicyFinderResult<PolicySet>(this.getBestMatch(listCachedPolicySets)); + } else { + return PFR_POLICYSET_NOT_FOUND; + } + } + + /** + * Adds the given <code>PolicyDef</code> to the map of loaded <code>PolicyDef</code>s and adds + * its child <code>PolicyDef</code>s recursively. + * + * @param policyDef the <code>PolicyDef</code> to add + */ + private void updatePolicyMap(PolicyDef policyDef) { + this.storeInPolicyMap(policyDef); + if (policyDef instanceof PolicySet) { + Iterator<PolicySetChild> iterChildren = ((PolicySet)policyDef).getChildren(); + if (iterChildren != null) { + while (iterChildren.hasNext()) { + PolicySetChild policySetChild = iterChildren.next(); + if (policySetChild instanceof PolicyDef) { + this.updatePolicyMap((PolicyDef)policySetChild); + } + } + } + } + } + + public StdPolicyFinder(Collection<PolicyDef> listRootPolicies, Collection<PolicyDef> referencedPolicyDefs) { + if (listRootPolicies != null) { + for (PolicyDef policyDef: listRootPolicies) { + this.listRoots.add(policyDef); + this.updatePolicyMap(policyDef); + } + } + if (referencedPolicyDefs != null) { + for (PolicyDef policyDef: referencedPolicyDefs) { + this.storeInPolicyMap(policyDef); + } + } + } + + /** + * Creates a new <code>StdPolicyFinder</code> with the given <code>PolicyDef</code> as the root element. + * + * @param rootPolicyDef the <code>PolicyDef</code> acting as the root element + */ + public StdPolicyFinder(PolicyDef rootPolicyDef, Collection<PolicyDef> referencedPolicyDefs) { + if (rootPolicyDef != null) { + this.listRoots.add(rootPolicyDef); + this.updatePolicyMap(rootPolicyDef); + } + + if (referencedPolicyDefs != null) { + for (PolicyDef policyDef: referencedPolicyDefs) { + this.storeInPolicyMap(policyDef); + } + } + } + + public StdPolicyFinder(List<PolicyDef> rootPolicies, List<PolicyDef> referencedPolicies, Properties properties) { + this(rootPolicies, referencedPolicies); + } + + @Override + public PolicyFinderResult<PolicyDef> getRootPolicyDef(EvaluationContext evaluationContext) { + PolicyDef policyDefFirstMatch = null; + Iterator<PolicyDef> iterRootPolicies = this.listRoots.iterator(); + PolicyFinderResult<PolicyDef> firstIndeterminate = null; + while (iterRootPolicies.hasNext()) { + PolicyDef policyDef = iterRootPolicies.next(); + MatchResult matchResult = null; + try { + matchResult = policyDef.match(evaluationContext); + switch(matchResult.getMatchCode()) { + case INDETERMINATE: + if (firstIndeterminate == null) { + firstIndeterminate = new StdPolicyFinderResult<PolicyDef>(matchResult.getStatus()); + } + break; + case MATCH: + if (policyDefFirstMatch == null) { + policyDefFirstMatch = policyDef; + } else { + return PFR_MULTIPLE; + } + break; + case NOMATCH: + break; + } + } catch (EvaluationException ex) { + if (firstIndeterminate == null) { + firstIndeterminate = new StdPolicyFinderResult<PolicyDef>(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, ex.getMessage())); + } + } + } + + if (policyDefFirstMatch == null) { + if (firstIndeterminate != null) { + return firstIndeterminate; + } else { + return PFR_NOT_FOUND; + } + } else { + return new StdPolicyFinderResult<PolicyDef>(policyDefFirstMatch); + } + } + + @Override + public PolicyFinderResult<Policy> getPolicy(IdReferenceMatch idReferenceMatch) { + return this.lookupPolicyByIdentifier(idReferenceMatch); + } + + @Override + public PolicyFinderResult<PolicySet> getPolicySet(IdReferenceMatch idReferenceMatch) { + return this.lookupPolicySetByIdentifier(idReferenceMatch); + } + + public void addReferencedPolicy(PolicyDef policyDef) { + this.updatePolicyMap(policyDef); + } +}
