PolicyEditorUtil.java

/components/entitlement/org.wso2.carbon.identity.entitlement.ui/src/main/java/org/wso2/carbon/identity/entitlement/ui/util/PolicyEditorUtil.java

Large files files are truncated, but you can click here to view the full file

/*
*  Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
*  WSO2 Inc. licenses this file to you under the Apache License,
*  Version 2.0 (the "License"); you may not use this file except
*  in compliance with the License.
*  You may obtain a copy of the License at
*
*    http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied.  See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.entitlement.ui.util;

import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.AXIOMUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.wso2.balana.utils.Constants.PolicyConstants;
import org.wso2.balana.utils.exception.PolicyBuilderException;
import org.wso2.balana.utils.policy.PolicyBuilder;
import org.wso2.balana.utils.policy.dto.*;
import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
import org.wso2.carbon.identity.entitlement.common.PolicyEditorEngine;
import org.wso2.carbon.identity.entitlement.common.PolicyEditorException;
import org.wso2.carbon.identity.entitlement.common.dto.PolicyEditorDataHolder;
import org.wso2.carbon.identity.entitlement.ui.EntitlementPolicyConstants;
import org.wso2.carbon.identity.entitlement.ui.EntitlementPolicyCreationException;
import org.wso2.carbon.identity.entitlement.ui.PolicyEditorConstants;
import org.wso2.carbon.identity.entitlement.ui.dto.*;

import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import java.util.*;

/**
 * Util class that helps to create the XACML policy which is defined by the XACML basic policy editor
 */
public class PolicyEditorUtil {

    private static Log log = LogFactory.getLog(PolicyEditorUtil.class);

    /**
     * map of apply element w.r.t identifier
     */
    private static Map<String, ApplyElementDTO> applyElementMap = new HashMap<String, ApplyElementDTO>();

    /**
     * Create XACML policy with the simplest input attributes
     *
     * @param policyEditorDTO
     * @return
     * @throws PolicyEditorException
     */
    public static String createSOAPolicy(SimplePolicyEditorDTO policyEditorDTO) throws PolicyEditorException {

        BasicPolicyDTO basicPolicyDTO = new BasicPolicyDTO();
        BasicTargetDTO basicTargetDTO = null;
        List<BasicRuleDTO> ruleElementDTOs = new ArrayList<BasicRuleDTO>();

        PolicyEditorDataHolder holder = PolicyEditorEngine.getInstance().
                getPolicyEditorData(EntitlementConstants.PolicyEditor.RBAC);

        //create policy element
        basicPolicyDTO.setPolicyId(policyEditorDTO.getPolicyId());
        // setting rule combining algorithm
        basicPolicyDTO.setRuleAlgorithm(PolicyConstants.RuleCombiningAlog.FIRST_APPLICABLE_ID);
        basicPolicyDTO.setDescription(policyEditorDTO.getDescription());

        if (PolicyEditorConstants.SOA_CATEGORY_USER.equals(policyEditorDTO.getAppliedCategory())) {

            if (policyEditorDTO.getUserAttributeValue() != null &&
                    !PolicyEditorConstants.FunctionIdentifier.ANY.
                            equals(policyEditorDTO.getUserAttributeValue().trim())) {

                basicTargetDTO = new BasicTargetDTO();
                String selectedDataType = null;

                if (policyEditorDTO.getUserAttributeId() == null) {
                    basicTargetDTO.setSubjectId(PolicyEditorConstants.SUBJECT_ID_DEFAULT);
                } else {
                    basicTargetDTO.setSubjectId(holder.getAttributeIdUri(policyEditorDTO.getUserAttributeId()));
                    if ((selectedDataType = holder.getDataTypeUriForAttribute(policyEditorDTO.getUserAttributeId())) != null) {
                        basicTargetDTO.setSubjectDataType(selectedDataType);
                    }
                }

                if (basicTargetDTO.getSubjectDataType() == null) {
                    basicTargetDTO.setSubjectDataType(PolicyConstants.DataType.STRING);
                }

                String function = findFunction(policyEditorDTO.getUserAttributeValue(),
                        basicTargetDTO.getSubjectDataType());
                String value = findAttributeValue(policyEditorDTO.getUserAttributeValue());
                basicTargetDTO.setSubjectList(value);
                basicTargetDTO.setFunctionOnSubjects(function);
            }

            List<SimplePolicyEditorElementDTO> elementDTOs = policyEditorDTO.getSimplePolicyEditorElementDTOs();

            if (elementDTOs != null) {
                int ruleNo = 1;
                for (SimplePolicyEditorElementDTO dto : elementDTOs) {
                    BasicRuleDTO ruleElementDTO = new BasicRuleDTO();

                    if (dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())) {
                        addResourceElement(ruleElementDTO, dto);
                    }

                    if (dto.getActionValue() != null && dto.getActionValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getActionValue().trim())) {
                        addActionElement(ruleElementDTO, dto);
                    }

                    if (dto.getEnvironmentValue() != null && dto.getEnvironmentValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getEnvironmentValue().trim())) {
                        addEnvironmentElement(ruleElementDTO, dto);
                    }

                    ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
                    ruleElementDTO.setRuleId("Rule-" + ruleNo);
                    ruleElementDTOs.add(ruleElementDTO);
                    ruleNo++;
                }

                BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
                ruleElementDTO.setRuleId("Deny-Rule");
                ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
                ruleElementDTOs.add(ruleElementDTO);
            }
        } else if (PolicyEditorConstants.SOA_CATEGORY_RESOURCE.equals(policyEditorDTO.getAppliedCategory())) {

            if (policyEditorDTO.getResourceValue() != null &&
                    !PolicyEditorConstants.FunctionIdentifier.ANY.equals(policyEditorDTO.getResourceValue().trim())) {
                basicTargetDTO = new BasicTargetDTO();

                basicTargetDTO.setResourceId(PolicyEditorConstants.RESOURCE_ID_DEFAULT);
                basicTargetDTO.setResourceDataType(PolicyConstants.DataType.STRING);

                String function = findFunction(policyEditorDTO.getResourceValue(),
                        basicTargetDTO.getResourceDataType());
                String value = findAttributeValue(policyEditorDTO.getResourceValue());
                basicTargetDTO.setResourceList(value);
                basicTargetDTO.setFunctionOnResources(function);
            }

            List<SimplePolicyEditorElementDTO> elementDTOs = policyEditorDTO.getSimplePolicyEditorElementDTOs();

            if (elementDTOs != null) {
                int ruleNo = 1;
                for (SimplePolicyEditorElementDTO dto : elementDTOs) {
                    BasicRuleDTO ruleElementDTO = new BasicRuleDTO();

                    if (dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())) {

                        addResourceElement(ruleElementDTO, dto);
                    }

                    if (dto.getUserAttributeValue() != null && dto.getUserAttributeValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getUserAttributeValue().trim())) {

                        addSubjectElement(ruleElementDTO, dto);
                    }

                    if (dto.getActionValue() != null && dto.getActionValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getActionValue().trim())) {

                        addActionElement(ruleElementDTO, dto);
                    }

                    if (dto.getEnvironmentValue() != null && dto.getEnvironmentValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getEnvironmentValue().trim())) {

                        addEnvironmentElement(ruleElementDTO, dto);
                    }

                    ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
                    ruleElementDTO.setRuleId("Rule-" + ruleNo);
                    ruleElementDTOs.add(ruleElementDTO);
                    ruleNo++;
                }

                BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
                ruleElementDTO.setRuleId("Deny-Rule");
                ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
                ruleElementDTOs.add(ruleElementDTO);
            }
        } else if (PolicyEditorConstants.SOA_CATEGORY_ACTION.equals(policyEditorDTO.getAppliedCategory())) {

            if (policyEditorDTO.getActionValue() != null &&
                    !PolicyEditorConstants.FunctionIdentifier.ANY.equals(policyEditorDTO.getActionValue().trim())) {

                basicTargetDTO = new BasicTargetDTO();

                basicTargetDTO.setActionId(PolicyEditorConstants.ACTION_ID_DEFAULT);
                basicTargetDTO.setActionDataType(PolicyConstants.DataType.STRING);

                String function = findFunction(policyEditorDTO.getActionValue(),
                        basicTargetDTO.getActionDataType());
                String value = findAttributeValue(policyEditorDTO.getActionValue());
                basicTargetDTO.setActionList(value);
                basicTargetDTO.setFunctionOnActions(function);

            }
            List<SimplePolicyEditorElementDTO> elementDTOs = policyEditorDTO.getSimplePolicyEditorElementDTOs();

            if (elementDTOs != null) {
                int ruleNo = 1;
                for (SimplePolicyEditorElementDTO dto : elementDTOs) {
                    BasicRuleDTO ruleElementDTO = new BasicRuleDTO();

                    if (dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())) {
                        addResourceElement(ruleElementDTO, dto);
                    }

                    if (dto.getUserAttributeValue() != null && dto.getUserAttributeValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getUserAttributeValue().trim())) {
                        addSubjectElement(ruleElementDTO, dto);
                    }

                    if (dto.getEnvironmentValue() != null && dto.getEnvironmentValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getEnvironmentValue().trim())) {
                        addEnvironmentElement(ruleElementDTO, dto);
                    }

                    ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
                    ruleElementDTO.setRuleId("Rule-" + ruleNo);
                    ruleElementDTOs.add(ruleElementDTO);
                    ruleNo++;
                }

                BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
                ruleElementDTO.setRuleId("Deny-Rule");
                ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
                ruleElementDTOs.add(ruleElementDTO);
            }
        } else if (PolicyEditorConstants.SOA_CATEGORY_ENVIRONMENT.equals(policyEditorDTO.getAppliedCategory())) {

            if (policyEditorDTO.getEnvironmentValue() != null &&
                    !PolicyEditorConstants.FunctionIdentifier.ANY.equals(policyEditorDTO.getEnvironmentValue().trim())) {

                basicTargetDTO = new BasicTargetDTO();

                String selectedDataType = null;

                if (policyEditorDTO.getEnvironmentId() == null) {
                    basicTargetDTO.setEnvironmentId(PolicyEditorConstants.ENVIRONMENT_ID_DEFAULT);
                } else {
                    basicTargetDTO.setEnvironmentId(holder.getAttributeIdUri(policyEditorDTO.getEnvironmentId()));
                    if ((selectedDataType = holder.getDataTypeUriForAttribute(policyEditorDTO.getEnvironmentId())) != null) {
                        basicTargetDTO.setEnvironmentDataType(selectedDataType);
                    }
                }

                if (basicTargetDTO.getEnvironmentDataType() == null) {
                    basicTargetDTO.setEnvironmentDataType(PolicyConstants.DataType.STRING);
                }


                String function = findFunction(policyEditorDTO.getEnvironmentValue(),
                        basicTargetDTO.getEnvironmentDataType());
                String value = findAttributeValue(policyEditorDTO.getEnvironmentValue());
                basicTargetDTO.setEnvironmentList(value);
                basicTargetDTO.setFunctionOnEnvironment(function);

            }
            List<SimplePolicyEditorElementDTO> elementDTOs = policyEditorDTO.getSimplePolicyEditorElementDTOs();

            if (elementDTOs != null) {
                int ruleNo = 1;
                for (SimplePolicyEditorElementDTO dto : elementDTOs) {
                    BasicRuleDTO ruleElementDTO = new BasicRuleDTO();

                    if (dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())) {
                        addResourceElement(ruleElementDTO, dto);
                    }

                    if (dto.getUserAttributeValue() != null && dto.getUserAttributeValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getUserAttributeValue().trim())) {
                        addSubjectElement(ruleElementDTO, dto);
                    }

                    if (dto.getActionValue() != null && dto.getActionValue().trim().length() > 0 &&
                            !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getActionValue().trim())) {
                        addActionElement(ruleElementDTO, dto);
                    }

                    ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
                    ruleElementDTO.setRuleId("Rule-" + ruleNo);
                    ruleElementDTOs.add(ruleElementDTO);
                    ruleNo++;
                }

                BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
                ruleElementDTO.setRuleId("Deny-Rule");
                ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
                ruleElementDTOs.add(ruleElementDTO);
            }
        }

        if (basicTargetDTO != null) {
            basicPolicyDTO.setTargetDTO(basicTargetDTO);
        }

        if (ruleElementDTOs.size() > 0) {
            basicPolicyDTO.setBasicRuleDTOs(ruleElementDTOs);
        }

        try {
            return PolicyBuilder.getInstance().build(basicPolicyDTO);
        } catch (PolicyBuilderException e) {
            log.error(e);
            throw new PolicyEditorException("Error while building policy");
        }
    }

    /**
     * Helper method to create SOA policy
     *
     * @param ruleElementDTO
     * @param editorElementDTO
     */
    private static void addResourceElement(BasicRuleDTO ruleElementDTO,
                                           SimplePolicyEditorElementDTO editorElementDTO) {


        ruleElementDTO.setResourceId(PolicyEditorConstants.RESOURCE_ID_DEFAULT);
        ruleElementDTO.setResourceDataType(PolicyConstants.DataType.STRING);
        String function = findFunction(editorElementDTO.getResourceValue(),
                ruleElementDTO.getResourceDataType());
        String value = findAttributeValue(editorElementDTO.getResourceValue());
        ruleElementDTO.setResourceList(value);
        ruleElementDTO.setFunctionOnResources(function);
    }

    /**
     * Helper method to create SOA policy
     *
     * @param ruleElementDTO
     * @param editorElementDTO
     */
    private static void addSubjectElement(BasicRuleDTO ruleElementDTO,
                                          SimplePolicyEditorElementDTO editorElementDTO) {

        String selectedDataType = null;
        PolicyEditorDataHolder holder = PolicyEditorEngine.getInstance().
                getPolicyEditorData(EntitlementConstants.PolicyEditor.RBAC);

        if (editorElementDTO.getUserAttributeId() == null) {
            ruleElementDTO.setSubjectId(PolicyEditorConstants.SUBJECT_ID_DEFAULT);
        } else {
            ruleElementDTO.setSubjectId(holder.getAttributeIdUri(editorElementDTO.getUserAttributeId()));
            if ((selectedDataType = holder.getDataTypeUriForAttribute(editorElementDTO.getUserAttributeId())) != null) {
                ruleElementDTO.setSubjectDataType(selectedDataType);
            }
        }

        if (ruleElementDTO.getSubjectDataType() == null) {
            ruleElementDTO.setSubjectDataType(PolicyConstants.DataType.STRING);
        }
        String function = findFunction(editorElementDTO.getUserAttributeValue(),
                ruleElementDTO.getSubjectDataType());
        String value = findAttributeValue(editorElementDTO.getUserAttributeValue());
        ruleElementDTO.setSubjectList(value);
        ruleElementDTO.setFunctionOnSubjects(function);
    }

    /**
     * Helper method to create SOA policy
     *
     * @param ruleElementDTO
     * @param editorElementDTO
     */
    private static void addActionElement(BasicRuleDTO ruleElementDTO,
                                         SimplePolicyEditorElementDTO editorElementDTO) {

        ruleElementDTO.setActionId(PolicyEditorConstants.ACTION_ID_DEFAULT);
        ruleElementDTO.setActionDataType(PolicyConstants.DataType.STRING);

        String function = findFunction(editorElementDTO.getActionValue(),
                ruleElementDTO.getActionDataType());
        String value = findAttributeValue(editorElementDTO.getActionValue());
        ruleElementDTO.setActionList(value);
        ruleElementDTO.setFunctionOnActions(function);
    }

    /**
     * Helper method to create SOA policy
     *
     * @param ruleElementDTO
     * @param editorElementDTO
     */
    private static void addEnvironmentElement(BasicRuleDTO ruleElementDTO,
                                              SimplePolicyEditorElementDTO editorElementDTO) {

        String selectedDataType = null;
        PolicyEditorDataHolder holder = PolicyEditorEngine.getInstance().
                getPolicyEditorData(EntitlementConstants.PolicyEditor.RBAC);
        if (editorElementDTO.getEnvironmentId() == null) {
            ruleElementDTO.setEnvironmentId(PolicyEditorConstants.ENVIRONMENT_ID_DEFAULT);
        } else {
            ruleElementDTO.setEnvironmentId(holder.getAttributeIdUri(editorElementDTO.getEnvironmentId()));
            if ((selectedDataType = holder.getDataTypeUriForAttribute(editorElementDTO.getEnvironmentId())) != null) {
                ruleElementDTO.setEnvironmentDataType(selectedDataType);
            }
        }

        if (ruleElementDTO.getEnvironmentDataType() == null) {
            ruleElementDTO.setEnvironmentDataType(PolicyConstants.DataType.STRING);
        }

        String function = findFunction(editorElementDTO.getEnvironmentValue(),
                ruleElementDTO.getEnvironmentDataType());
        String value = findAttributeValue(editorElementDTO.getEnvironmentValue());
        ruleElementDTO.setEnvironmentDataType(ruleElementDTO.getEnvironmentDataType());
        ruleElementDTO.setEnvironmentList(value);
        ruleElementDTO.setFunctionOnEnvironment(function);

    }

    /**
     * Helper method to create SOA policy
     *
     * @param value
     * @param dataType
     * @return
     */
    private static String findFunction(String value, String dataType) {

        if (value == null) {
            return PolicyConstants.Functions.FUNCTION_EQUAL;
        }

        value = value.replace("&gt;", ">");
        value = value.replace("&lt;", "<");

        // only time range finction are valid for following data types
        if (PolicyConstants.DataType.DATE.equals(dataType) ||
                PolicyConstants.DataType.INT.equals(dataType) ||
                PolicyConstants.DataType.TIME.equals(dataType) ||
                PolicyConstants.DataType.DATE_TIME.equals(dataType) ||
                PolicyConstants.DataType.DOUBLE.equals(dataType) ||
                PolicyConstants.DataType.STRING.equals(dataType)) {

            if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.EQUAL_RANGE)) {
                if (value.contains(PolicyEditorConstants.FunctionIdentifier.RANGE_CLOSE)) {
                    return PolicyConstants.Functions.FUNCTION_GREATER_EQUAL_AND_LESS;
                } else {
                    return PolicyConstants.Functions.FUNCTION_GREATER_EQUAL_AND_LESS_EQUAL;
                }
            }

            if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.RANGE)) {
                if (value.contains(PolicyEditorConstants.FunctionIdentifier.EQUAL_RANGE_CLOSE)) {
                    return PolicyConstants.Functions.FUNCTION_GREATER_AND_LESS_EQUAL;
                } else {
                    return PolicyConstants.Functions.FUNCTION_GREATER_AND_LESS;
                }
            }

            if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.GREATER)) {
                return PolicyConstants.Functions.FUNCTION_GREATER;
            } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.GREATER_EQUAL)) {
                return PolicyConstants.Functions.FUNCTION_GREATER_EQUAL;
            } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.LESS)) {
                return PolicyConstants.Functions.FUNCTION_LESS;
            } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.LESS_EQUAL)) {
                return PolicyConstants.Functions.FUNCTION_LESS_EQUAL;
            }
        }

        if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.REGEX)) {
            return PolicyConstants.Functions.FUNCTION_EQUAL_MATCH_REGEXP;
        }

        if (value.contains(PolicyEditorConstants.FunctionIdentifier.OR)) {
            return PolicyConstants.Functions.FUNCTION_AT_LEAST_ONE;
        }

        if (value.contains(PolicyEditorConstants.FunctionIdentifier.AND)) {
            return PolicyConstants.Functions.FUNCTION_SET_EQUALS;
        }

        return PolicyConstants.Functions.FUNCTION_EQUAL;
    }

    /**
     * Helper method to create SOA policy
     *
     * @param value
     * @return
     */
    private static String findAttributeValue(String value) {

        if (value == null) {
            return null;
        }

        value = value.replace("&gt;", ">");
        value = value.replace("&lt;", "<");

        if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.EQUAL_RANGE) ||
                value.startsWith(PolicyEditorConstants.FunctionIdentifier.RANGE) ||
                value.startsWith(PolicyEditorConstants.FunctionIdentifier.REGEX)) {

            return value.substring(1, value.length() - 1).trim();

        } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.GREATER) ||
                value.startsWith(PolicyEditorConstants.FunctionIdentifier.LESS)) {
            return value.substring(1).trim();
        } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.GREATER_EQUAL) ||
                value.startsWith(PolicyEditorConstants.FunctionIdentifier.LESS_EQUAL)) {
            return value.substring(2).trim();
        }

        if (value.contains(PolicyEditorConstants.FunctionIdentifier.AND)) {
            value = value.replace(PolicyEditorConstants.FunctionIdentifier.AND,
                    PolicyEditorConstants.ATTRIBUTE_SEPARATOR);
        }

        if (value.contains(PolicyEditorConstants.FunctionIdentifier.OR)) {
            value = value.replace(PolicyEditorConstants.FunctionIdentifier.OR,
                    PolicyEditorConstants.ATTRIBUTE_SEPARATOR);
        }

        return value.trim();
    }


// TODO for what?
//    public static String createRules(List<SimplePolicyEditorElementDTO> elementDTOs, Document doc)
//                                                                    throws  PolicyEditorException {
//
//        List<BasicRuleDTO> ruleElementDTOs = new ArrayList<BasicRuleDTO>();
//        if(elementDTOs != null){
//            int ruleNo = 1;
//            for(SimplePolicyEditorElementDTO dto : elementDTOs){
//                BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
//
//                if(dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
//                    !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())){
//                    ruleElementDTO.setResourceDataType(PolicyEditorConstants.DataType.STRING);
//                    ruleElementDTO.setResourceId(PolicyEditorConstants.RESOURCE_ID_DEFAULT);
//                    ruleElementDTO.setResourceList(dto.getResourceValue());
//                    ruleElementDTO.setFunctionOnResources(getBasicPolicyEditorFunction(dto.
//                                                                    getFunctionOnResources()));
//                }
//
//                if(dto.getUserAttributeValue() != null && dto.getUserAttributeValue().trim().length() > 0 &&
//                    !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getUserAttributeValue().trim())){
//                    ruleElementDTO.setSubjectDataType(PolicyEditorConstants.DataType.STRING);
//                    ruleElementDTO.setSubjectId(dto.getUserAttributeId());
//                    ruleElementDTO.setSubjectList(dto.getUserAttributeValue());
//                    ruleElementDTO.setFunctionOnSubjects(getBasicPolicyEditorFunction(dto.
//                                                                        getFunctionOnUsers()));
//                }
//
//                if(dto.getActionValue() != null && dto.getActionValue().trim().length() > 0 &&
//                    !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getActionValue().trim())){
//                    ruleElementDTO.setActionDataType(PolicyEditorConstants.DataType.STRING);
//                    ruleElementDTO.setActionList(dto.getActionValue());
//                    ruleElementDTO.setActionId(PolicyEditorConstants.ACTION_ID_DEFAULT);
//                    ruleElementDTO.setFunctionOnActions(getBasicPolicyEditorFunction(dto.
//                                                                    getFunctionOnActions()));
//                }
//
//                if(dto.getEnvironmentValue() != null && dto.getEnvironmentValue().trim().length() > 0 &&
//                    !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getEnvironmentValue().trim())){
//                    ruleElementDTO.setEnvironmentId(dto.getEnvironmentId());
//                    ruleElementDTO.setEnvironmentList(dto.getEnvironmentValue());
//                    ruleElementDTO.setEnvironmentDataType(PolicyEditorConstants.DataType.STRING);
//                    ruleElementDTO.setFunctionOnEnvironment(getBasicPolicyEditorFunction(dto.
//                                                                getFunctionOnEnvironments()));
//                }
//
//                if(dto.getOperationType() != null && PolicyEditorConstants.PreFunctions.CAN_DO.
//                                                        equals(dto.getOperationType().trim())){
//                    ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
//                } else {
//                    ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
//                }
//                ruleElementDTO.setRuleId("Rule-" + System.currentTimeMillis() + "-" + ruleNo);
//                ruleElementDTOs.add(ruleElementDTO);
//                ruleNo ++;
//            }
//        }
//
//         if(ruleElementDTOs.size() > 0){
//            for(BasicRuleDTO dto : ruleElementDTOs){
//                Element rule = null;
//                try {
//                    rule = BasicPolicyHelper.createRuleElement(dto, doc);
//                } catch (PolicyBuilderException e) {
//                    throw new PolicyEditorException("Error while creating rule element");
//                }
//                doc.appendChild(rule);
//            }
//        }
//
//        return PolicyCreatorUtil.getStringFromDocument(doc);
//    }


    /**
     * Creates DOM representation of the XACML rule element.
     *
     * @param ruleDTO RuleDTO
     * @return
     * @throws PolicyEditorException throws
     */
    public static RuleElementDTO createRuleElementDTO(RuleDTO ruleDTO) throws PolicyEditorException {

        RuleElementDTO ruleElementDTO = new RuleElementDTO();

        ruleElementDTO.setRuleId(ruleDTO.getRuleId());
        ruleElementDTO.setRuleEffect(ruleDTO.getRuleEffect());
        TargetDTO targetDTO = ruleDTO.getTargetDTO();
        List<ExtendAttributeDTO> dynamicAttributeDTOs = ruleDTO.getAttributeDTOs();
        List<ObligationDTO> obligationDTOs = ruleDTO.getObligationDTOs();

        if (dynamicAttributeDTOs != null && dynamicAttributeDTOs.size() > 0) {
            Map<String, ExtendAttributeDTO> dtoMap = new HashMap<String, ExtendAttributeDTO>();
            //1st creating map of dynamic attribute elements
            for (ExtendAttributeDTO dto : dynamicAttributeDTOs) {
                dtoMap.put("${" + dto.getId().trim() + "}", dto);
            }
            //creating map of apply element with identifier
            for (ExtendAttributeDTO dto : dynamicAttributeDTOs) {
                ApplyElementDTO applyElementDTO = createApplyElement(dto, dtoMap);
                if (applyElementDTO == null) {
                    continue;
                }
                applyElementMap.put("${" + dto.getId().trim() + "}", applyElementDTO);
            }
        }

        if (targetDTO != null && targetDTO.getRowDTOList() != null && targetDTO.getRowDTOList().size() > 0) {
            TargetElementDTO targetElementDTO = createTargetElementDTO(ruleDTO.getTargetDTO());
            if (targetElementDTO != null) {
                ruleElementDTO.setTargetElementDTO(targetElementDTO);
            }
        }

        if (ruleDTO.getRowDTOList() != null && ruleDTO.getRowDTOList().size() > 0) {
            ConditionElementDT0 conditionElementDT0 = createConditionDTO(ruleDTO.getRowDTOList());
            if (conditionElementDT0 != null) {
                ruleElementDTO.setConditionElementDT0(conditionElementDT0);
            }
        }

        if (obligationDTOs != null && obligationDTOs.size() > 0) {
            for (ObligationDTO obligationDTO : obligationDTOs) {
                ObligationElementDTO elementDTO = createObligationElement(obligationDTO);
                if (elementDTO != null) {
                    ruleElementDTO.addObligationElementDTO(elementDTO);
                }
            }
        }

        return ruleElementDTO;
    }

    /**
     * creates DOM representation of the XACML obligation/advice element.
     *
     * @param obligationDTOs List  of ObligationDTO
     * @return
     * @throws PolicyEditorException throws
     */
    public static List<ObligationElementDTO> createObligation(List<ObligationDTO> obligationDTOs)
            throws PolicyEditorException {

        List<ObligationElementDTO> obligationElementDTOs = new ArrayList<ObligationElementDTO>();
        List<Element> returnList = new ArrayList<Element>();

        if (obligationDTOs != null) {
            for (ObligationDTO obligationDTO : obligationDTOs) {
                ObligationElementDTO elementDTO = createObligationElement(obligationDTO);
                if (elementDTO != null) {
                    obligationElementDTOs.add(elementDTO);
                }
            }
        }

        return obligationElementDTOs;
    }


    /**
     * @param dynamicAttributeDTO
     * @param map
     * @return
     */
    private static ApplyElementDTO createApplyElement(ExtendAttributeDTO dynamicAttributeDTO,
                                                      Map<String, ExtendAttributeDTO> map) {

        if (PolicyEditorConstants.DYNAMIC_SELECTOR_CATEGORY.equals(dynamicAttributeDTO.getSelector())) {

            String category = dynamicAttributeDTO.getCategory();
            String attributeId = dynamicAttributeDTO.getAttributeId();
            String attributeDataType = dynamicAttributeDTO.getDataType();

            if (category != null && category.trim().length() > 0 && attributeDataType != null &&
                    attributeDataType.trim().length() > 0) {
                AttributeDesignatorDTO designatorDTO = new AttributeDesignatorDTO();
                designatorDTO.setCategory(category);
                designatorDTO.setAttributeId(attributeId);
                designatorDTO.setDataType(attributeDataType);
                designatorDTO.setMustBePresent("true");

                ApplyElementDTO applyElementDTO = new ApplyElementDTO();
                applyElementDTO.setAttributeDesignators(designatorDTO);
                applyElementDTO.setFunctionId(processFunction("bag", attributeDataType));
                return applyElementDTO;
            }

        } else {

            String function = dynamicAttributeDTO.getFunction();
            String attributeValue = dynamicAttributeDTO.getAttributeValue();
            String attributeId = dynamicAttributeDTO.getAttributeId();
            String attributeDataType = dynamicAttributeDTO.getDataType();

            if (attributeValue != null && function != null) {
                String[] values = attributeValue.split(",");

                if (values != null && values.length > 0) {

                    if (function.contains("concatenate")) {
                        ApplyElementDTO applyElementDTO = new ApplyElementDTO();
                        applyElementDTO.setFunctionId(processFunction(function, attributeDataType, "2.0"));
                        // there can be any number of inputs
                        for (String value : values) {
                            if (map.containsKey(value)) {
                                applyElementDTO.setApplyElement(createApplyElement(map.get(value), map));
                            } else {
                                AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
                                valueElementDTO.setAttributeDataType(attributeDataType);
                                valueElementDTO.setAttributeValue(value);
                                applyElementDTO.setAttributeValueElementDTO(valueElementDTO);
                            }
                        }

                        return applyElementDTO;
                    }
                }
            }
        }

        return null;
    }


    private static ObligationElementDTO createObligationElement(ObligationDTO obligationDTO) {

        String id = obligationDTO.getObligationId();
        String effect = obligationDTO.getEffect();
        String type = obligationDTO.getType();

        if (id != null && id.trim().length() > 0 && effect != null) {

            ObligationElementDTO elementDTO = new ObligationElementDTO();
            elementDTO.setId(id);
            elementDTO.setEffect(effect);
            if ("Advice".equals(type)) {
                elementDTO.setType(ObligationElementDTO.ADVICE);
            } else {
                elementDTO.setType(ObligationElementDTO.OBLIGATION);
            }

            String attributeValue = obligationDTO.getAttributeValue();
            String attributeDataType = obligationDTO.getAttributeValueDataType();
            String resultingAttributeId = obligationDTO.getResultAttributeId();

            if (attributeValue != null && attributeValue.trim().length() > 0 &&
                    resultingAttributeId != null && resultingAttributeId.trim().length() > 0) {

                AttributeAssignmentElementDTO assignmentElementDTO = new
                        AttributeAssignmentElementDTO();
                assignmentElementDTO.setAttributeId(resultingAttributeId);
                if (attributeValue.contains(",")) {
                    String[] values = attributeValue.split(",");
                    ApplyElementDTO applyElementDTO = new ApplyElementDTO();
                    applyElementDTO.setFunctionId(processFunction("bag", attributeDataType));
                    for (String value : values) {
                        if (applyElementMap.containsKey(value)) {
                            applyElementDTO.setApplyElement(applyElementMap.get(value));
                        } else {
                            AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
                            valueElementDTO.setAttributeDataType(attributeDataType);
                            valueElementDTO.setAttributeValue(value);
                            applyElementDTO.setAttributeValueElementDTO(valueElementDTO);
                        }
                    }
                    assignmentElementDTO.setApplyElementDTO(applyElementDTO);
                } else {
                    if (applyElementMap.containsKey(attributeValue)) {
                        assignmentElementDTO.setApplyElementDTO(applyElementMap.get(attributeValue));
                    } else {
                        AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
                        valueElementDTO.setAttributeDataType(attributeDataType);
                        valueElementDTO.setAttributeValue(attributeValue);
                        assignmentElementDTO.setValueElementDTO(valueElementDTO);
                    }
                }

                elementDTO.addAssignmentElementDTO(assignmentElementDTO);
            }

            return elementDTO;
        }

        return null;
    }

    /**
     * Creates <code>ConditionElementDT0</code> Object that represents the XACML Condition element
     *
     * @param rowDTOs
     * @return
     * @throws PolicyEditorException
     */
    public static ConditionElementDT0 createConditionDTO(List<RowDTO> rowDTOs) throws PolicyEditorException {

        ConditionElementDT0 rootApplyDTO = new ConditionElementDT0();

        ArrayList<RowDTO> temp = new ArrayList<RowDTO>();
        Set<ArrayList<RowDTO>> listSet = new HashSet<ArrayList<RowDTO>>();

        for (int i = 0; i < rowDTOs.size(); i++) {

            if (i == 0) {
                temp.add(rowDTOs.get(0));
                continue;
            }

            String combineFunction = rowDTOs.get(i - 1).getCombineFunction();

            if (PolicyEditorConstants.COMBINE_FUNCTION_AND.equals(combineFunction)) {
                temp.add(rowDTOs.get(i));
            }

            if (PolicyEditorConstants.COMBINE_FUNCTION_OR.equals(combineFunction)) {
                listSet.add(temp);
                temp = new ArrayList<RowDTO>();
                temp.add(rowDTOs.get(i));
            }
        }

        listSet.add(temp);

        if (listSet.size() > 1) {
            ApplyElementDTO orApplyDTO = new ApplyElementDTO();
            orApplyDTO.setFunctionId(processFunction("or"));
            for (ArrayList<RowDTO> rowDTOArrayList : listSet) {
                if (rowDTOArrayList.size() > 1) {
                    ApplyElementDTO andApplyDTO = new ApplyElementDTO();
                    andApplyDTO.setFunctionId(processFunction("and"));
                    for (RowDTO rowDTO : rowDTOArrayList) {
                        ApplyElementDTO applyElementDTO = createApplyElement(rowDTO);
                        andApplyDTO.setApplyElement(applyElementDTO);
                    }
                    orApplyDTO.setApplyElement(andApplyDTO);

                } else if (rowDTOArrayList.size() == 1) {
                    RowDTO rowDTO = rowDTOArrayList.get(0);
                    ApplyElementDTO andApplyDTO = createApplyElement(rowDTO);
                    orApplyDTO.setApplyElement(andApplyDTO);
                }
            }
            rootApplyDTO.setApplyElement(orApplyDTO);
        } else if (listSet.size() == 1) {
            ArrayList<RowDTO> rowDTOArrayList = listSet.iterator().next();
            if (rowDTOArrayList.size() > 1) {
                ApplyElementDTO andApplyDTO = new ApplyElementDTO();
                andApplyDTO.setFunctionId(processFunction("and"));
                for (RowDTO rowDTO : rowDTOArrayList) {
                    ApplyElementDTO applyElementDTO = createApplyElement(rowDTO);
                    andApplyDTO.setApplyElement(applyElementDTO);
                }
                rootApplyDTO.setApplyElement(andApplyDTO);
            } else if (rowDTOArrayList.size() == 1) {
                RowDTO rowDTO = rowDTOArrayList.get(0);
                ApplyElementDTO andApplyDTO = createApplyElement(rowDTO);
                rootApplyDTO.setApplyElement(andApplyDTO);
            }
        }

        return rootApplyDTO;
    }

    /**
     * Creates <code>ApplyElementDTO</code> Object that represents the XACML Apply element
     *
     * @param rowDTO
     * @return
     * @throws PolicyEditorException
     */
    public static ApplyElementDTO createApplyElement(RowDTO rowDTO) throws PolicyEditorException {

        String preFunction = rowDTO.getPreFunction();
        String function = rowDTO.getFunction();
        String dataType = rowDTO.getAttributeDataType();
        String attributeValue = rowDTO.getAttributeValue();

        if (function == null || function.trim().length() < 1) {
            throw new PolicyEditorException("Can not create Apply element:" +
                    "Missing required function Id");
        }

        if (attributeValue == null || attributeValue.trim().length() < 1) {
            throw new PolicyEditorException("Can not create Apply element:" +
                    "Missing required attribute value");
        }

        ApplyElementDTO applyElementDTO = null;

        AttributeDesignatorDTO designatorDTO = new AttributeDesignatorDTO();
        designatorDTO.setCategory(rowDTO.getCategory());
        designatorDTO.setAttributeId(rowDTO.getAttributeId());
        designatorDTO.setDataType(dataType);
        designatorDTO.setMustBePresent("true");


        if (rowDTO.getFunction().contains("less") || rowDTO.getFunction().contains("greater")) {
            applyElementDTO = processGreaterLessThanFunctions(function, dataType, attributeValue,
                    designatorDTO);
        } else if (PolicyConstants.Functions.FUNCTION_EQUAL.equals(rowDTO.getFunction())) {
            applyElementDTO = processEqualFunctions(function, dataType, attributeValue, designatorDTO);
        } else {
            applyElementDTO = processBagFunction(function, dataType, attributeValue, designatorDTO);
        }


        if (PolicyConstants.PreFunctions.PRE_FUNCTION_NOT.equals(preFunction)) {
            ApplyElementDTO notApplyElementDTO = new ApplyElementDTO();
            notApplyElementDTO.setFunctionId(processFunction("not"));
            notApplyElementDTO.setApplyElement(applyElementDTO);
            applyElementDTO = notApplyElementDTO;
        }

        return applyElementDTO;
    }

    /**
     * Creates <code>TargetElementDTO</code> Object that represents the XACML Target element
     *
     * @param targetDTO
     * @return
     */
    public static TargetElementDTO createTargetElementDTO(TargetDTO targetDTO) {

        AllOfElementDTO allOfElementDTO = new AllOfElementDTO();
        AnyOfElementDTO anyOfElementDTO = new AnyOfElementDTO();
        TargetElementDTO targetElementDTO = new TargetElementDTO();

        List<RowDTO> rowDTOs = targetDTO.getRowDTOList();
        ArrayList<RowDTO> tempRowDTOs = new ArrayList<RowDTO>();

        // pre function processing
        for (RowDTO rowDTO : rowDTOs) {
            if (PolicyEditorConstants.PreFunctions.PRE_FUNCTION_ARE.equals(rowDTO.getPreFunction())) {
                String[] attributeValues = rowDTO.getAttributeValue().split(PolicyEditorConstants.ATTRIBUTE_SEPARATOR);
                allOfElementDTO = new AllOfElementDTO();
                for (int j = 0; j < attributeValues.length; j++) {
                    RowDTO newDto = new RowDTO(rowDTO);
                    newDto.setAttributeValue(attributeValues[j]);
                    if (j != attributeValues.length - 1) {
                        newDto.setCombineFunction(PolicyEditorConstants.COMBINE_FUNCTION_AND);
                    }
                    tempRowDTOs.add(newDto);
                }
            } else {
                tempRowDTOs.add(rowDTO);
            }
        }

        if (tempRowDTOs.size() > 0) {
            for (int i = 0; i < tempRowDTOs.size(); i++) {
                if (i == 0) {
                    MatchElementDTO matchElementDTO = createTargetMatch(tempRowDTOs.get(0));
                    if (matchElementDTO != null) {
                        allOfElementDTO.addMatchElementDTO(matchElementDTO);
                    }
                    continue;
                }

                String combineFunction = tempRowDTOs.get(i - 1).getCombineFunction();

                if (PolicyEditorConstants.COMBINE_FUNCTION_AND.equals(combineFunction)) {
                    MatchElementDTO matchElementDTO = createTargetMatch(tempRowDTOs.get(i));
                    if (matchElementDTO != null) {
                        allOfElementDTO.addMatchElementDTO(matchElementDTO);
                    }

                }

                if (PolicyEditorConstants.COMBINE_FUNCTION_OR.equals(combineFunction)) {
                    anyOfElementDTO.addAllOfElementDTO(allOfElementDTO);
                    allOfElementDTO = new AllOfElementDTO();
                    MatchElementDTO matchElementDTO = createTargetMatch(tempRowDTOs.get(i));
                    if (matchElementDTO != null) {
                        allOfElementDTO.addMatchElementDTO(matchElementDTO);
                    }
                }
            }
            anyOfElementDTO.addAllOfElementDTO(allOfElementDTO);
            targetElementDTO.addAnyOfElementDTO(anyOfElementDTO);
        }
        return targetElementDTO;
    }


    /**
     * process Bag functions
     *
     * @param function
     * @param dataType
     * @param attributeValue
     * @param designatorDTO
     * @return
     */
    public static ApplyElementDTO processBagFunction(String function, String dataType,
                                                     String attributeValue, AttributeDesignatorDTO designatorDTO) {

        if (PolicyConstants.Functions.FUNCTION_IS_IN.equals(function)) {
            ApplyElementDTO applyElementDTO = new ApplyElementDTO();
            applyElementDTO.setFunctionId(processFunction("is-in", dataType));
            if (applyElementMap.containsKey(attributeValue)) {
                applyElementDTO.setApplyElement(applyElementMap.get(attributeValue));
            } else {
                AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
                valueElementDTO.setAttributeDataType(dataType);
                valueElementDTO.setAttributeValue(attributeValue);
                applyElementDTO.setAttributeValueElementDTO(valueElementDTO);
            }

            applyElementDTO.setAttributeDesignators(designatorDTO);
            return applyElementDTO;

        } else if (PolicyConstants.Functions.FUNCTION_AT_LEAST_ONE.equals(function) ||
                PolicyConstants.Functions.FUNCTION_SET_EQUALS.equals(function)) {

            ApplyElementDTO applyElementDTO = new ApplyElementDTO();
            if (PolicyConstants.Functions.FUNCTION_AT_LEAST_ONE.equals(function)) {
                applyElementDTO.setFunctionId(processFunction("at-least-one-member-of", dataType));
            } else {
                applyElementDTO.setFunctionId(processFunction("set-equals", dataType));
            }

            String[] values = attributeValue.split(PolicyEditorConstants.ATTRIBUTE_SEPARATOR);

            ApplyElementDTO applyBagElementDTO = new ApplyElementDTO();
            applyBagElementDTO.setFunctionId(processFunction("bag", dataType));
            for (String value : values) {
                if (applyElementMap.containsKey(value)) {
                    applyBagElementDTO.setApplyElement(applyElementMap.get(value));
                } else {
                    AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
                    valueElementDTO.setAttributeDataType(dataType);
                    valueElementDTO.setAttributeValue(value);
                    applyBagElementDTO.setAttributeValueElementDTO(valueElementDTO);
                }
            }

            applyElementDTO.setAttributeDesignators(designatorDTO);
            applyElementDTO.setApplyElement(applyBagElementDTO);

            return applyElementDTO;
        }

        return null;
    }

    /**
     * Process  equal function
     *
     * @param function
     * @param dataType
  …
Large files files are truncated, but you can click here to view the full file