/GeneralPDP/Scenario/DkalToXacmlEndPoint.fs
F# | 115 lines | 88 code | 14 blank | 13 comment | 10 complexity | 213557a1aec1a8eb2e98129b3e652fa4 MD5 | raw file
Possible License(s): Apache-2.0, GPL-3.0, LGPL-3.0, BSD-3-Clause
- namespace Microsoft.Research.GeneralPDP.Scenario
-
- open Microsoft.Research.GeneralPDP.Translations.ToXACML.DkalPolicyTranslator
- open Microsoft.Research.GeneralPDP.Translations.ToXACML.DkalRequestTranslator
- open Microsoft.Research.GeneralPDP.Translations.ToXACML.DkalResponseTranslator
- open Microsoft.Research.GeneralPDP.Translations.ToXACML.DkalTermTranslator
- open Microsoft.Research.GeneralPDP.Translations.ToDKAL.XacmlResponseTranslator
- open Microsoft.Research.GeneralPDP.DKAL.Engine.ParsingCtxFactory
- open Microsoft.Research.GeneralPDP.DKAL.Engine.Basics
- open Microsoft.Research.GeneralPDP.XACML.Ast
- open Microsoft.Research.DkalEngine
- open Microsoft.Research.DkalEngine.Ast
- open Basics
- open Message
- open EndPoint
- open EndPointImageFactory
-
- open Microsoft.Msagl.Drawing
-
- open System.Drawing
- open System.Collections.Generic
-
- module DkalToXacmlEndPoint =
-
- type DkalToXacmlEndPoint(id: EndPointId, xacmlId: EndPointId, dkalId: EndPointId,
- ?pctx: ParsingCtx, ?dkalPolicy: DkalPolicy) =
- inherit EndPoint(id)
-
- let dkalRequestTranslator = DkalRequestTranslator()
- let dkalResponseTranslator = DkalResponseTranslator()
- let pctx = match pctx with
- | None -> let pctx, _ = xacmlAwareParsingCtx(id)
- pctx
- | Some pctx -> pctx
- let ppalMe = pctx.LookupOrAddPrincipal(id)
- let xacmlResponseTranslator = XacmlResponseTranslator(pctx)
-
- let pendingResponses = new Queue<Infon * EndPointId * int>()
-
- override ep.Process (m: IMessage) =
- match m.Content with
- | XacmlResponseContent(resp) ->
- if pendingResponses.Count > 0 then
- let (reqInfon, reqSender, reqId) = pendingResponses.Dequeue()
- // forward definite answer
- if resp.Decision = Permit || resp.Decision = Deny then
- let dkalResponse = xacmlResponseTranslator.TranslateResponse reqId reqSender resp
- ep.Send({sender= id;
- receiver= reqSender;
- content= InfonContent(App(pctx.LookupFunction("said"), [Const(Principal(ppalMe)); dkalResponse]))})
- else
- // ask dkal if no definite answer from XACML
- // let signature = App(pctx.LookupFunction("Ev.signedBy"),
- // [Const(Principal(pctx.LookupOrAddPrincipal(id))); reqInfon; Const(Int(42))])
- // let justified = App(pctx.LookupFunction("justified"), [reqInfon; signature])
- ep.Send({sender= id;
- receiver= dkalId;
- content= InfonContent(reqInfon)})
- else
- ep.Fail "I received an XACML response but no one had asked a request"
- | InfonContent(infon) ->
- if m.Sender = dkalId then
- // infon comes from my dkal engine, it must be a response
- try
- let reqPpal, resp = dkalResponseTranslator.TranslateResponse(infon)
- let strippedResponseInfon = (DkalTermTranslator()).StripSignatures(infon)
- let impostedInfon = match strippedResponseInfon with
- | App(f, [_; d]) when f.name = "said" -> App(f, [Const(Principal(ppalMe)); d])
- | _ -> failwith "expecting 'said' in response infon"
- ep.Send({sender= id;
- receiver= reqPpal;
- content= InfonContent(impostedInfon)})
- with
- | DkalResponseTranslatorException(e) -> printfn "%O" e
- else
- // infon comes from somewhere else, it must be a request (or something else)
- try
- let reqId, pep, req, unusedInfons = dkalRequestTranslator.TranslateRequest(infon)
- pendingResponses.Enqueue((infon, m.Sender, reqId))
- ep.Send({sender= id;
- receiver= xacmlId;
- content= XacmlRequestContent(req)})
- // inform of unused infons
- for inf in unusedInfons do
- printfn "Unused infon when translating request: %O" (inf.ToSX())
- with
- | DkalRequestTranslatorException(e) -> printfn "%O" e
- | _ -> "I don't understand content " + m.Content.ToString() |> ep.Fail
-
- override ep.CleanUp() = ()
-
- override ep.StartUp() =
- match dkalPolicy with
- | None -> ()
- | Some pcy ->
- let tr = DkalPolicyTranslator()
- let xacmlPolicy, unusedAssertions = tr.TranslateCommRules(pcy)
- // send policy to xacml
- ep.Send({sender= id;
- receiver= xacmlId;
- content= XacmlPolicyContent(xacmlPolicy)})
- if not unusedAssertions.IsEmpty then
- printfn "there are unused assertions after translation"
- // send unused assertions (if any) to dkal
- (*ep.Send({sender= id;
- receiver= dkalId;
- content= DkalAssertionsContent(unusedAssertions)})*)
-
-
- override ep.Image = Some (image (ep :> IEndPoint).Color EmptyDrawing)
-
- override ep.ApplyStyle (n: Node) =
- n.LabelText <- ep.Description
-
- override ep.Description = ep.Id + ": DKAL->XACML"