edu.nyu.cs.pdsg.drbac
Class LocalProver

java.lang.Object
  extended byedu.nyu.cs.pdsg.drbac.LocalProver

public class LocalProver
extends java.lang.Object

This class contains all of the functionality for proving a subject-object relationship using credentials in the local repository. The Wallet.prove() method instantiates one of these, as does the DiscoveryEngine class.


Field Summary
private  AttributeSet constraints
           
private  Role object
           
private  SearchAccumulator objSearchAccum
           
private  Role subject
           
private  SearchAccumulator subSearchAccum
           
 
Constructor Summary
LocalProver(Role s, Role o)
          Prove a relationship between the subject and object, without attribute constraints
LocalProver(Role s, Role o, AttributeSet constraints)
          The constructor initializes the accumulators with the ultimate subject, object, and attributeset desired
LocalProver(SearchAccumulator subSearchAccum, Role o, AttributeSet constraints)
          This version of the constructor is used in answering remote queries that are part of subject searches.
LocalProver(SearchAccumulator subSearchAccum, SearchAccumulator objSearchAccum, AttributeSet constraints)
          This version of the constructor is used in answering remote queries that are part of bi-directional searches.
 
Method Summary
 AttributeSets getAttrSetsForObj(Role r)
          Return the attribute sets that have been discovered for a given role in the objSearchAccum
 AttributeSets getAttrSetsForSub(Role r)
          Return the attribute sets that have been discovered for a given role in the subSearchAccum
 SearchAccumulator getObjAccum()
           
 SearchAccumulator getSubAccum()
           
(package private)  boolean objAccumContains(Role r)
           
 SearchResultContainer objectProve()
          Do an object-towards-subject search using the subject, object, and constraints that this LocalProver was initialized with
(package private)  SearchResultContainer objectProve(Role currObject, AttributeSet accumulatedAttrs)
          Perform a search from an object other than the object that this prover was initialized with.
private  SearchResult oSearch(Role currObj, AttributeSet currAttrSet, AttributeSet desiredAttrSet, SearchAccumulator sac)
          Discover all the subjects that reach a particular object with a certain set of contraints.
private  SearchResult oSearchRecurse(Role currObj, AttributeSet currAttrSet, AttributeSet desiredAttrSet, SearchAccumulator sac)
          Recursive step of oSearch
 ProofMonitor prove(ProofChangedListener caller)
          Method used by a client application to determine if a trust relationship holds.
private  SearchResult sSearch(Role s, AttributeSet sas, Role o, AttributeSet oas, SearchAccumulator sac)
          Assuming a directed graph representation of Delegation Wallet, a Subject role is a vertex and a Delegation is the edge to another Object role vertex.
private  SearchResult sSearchRecurse(Role s, AttributeSet sas, Role o, AttributeSet oas, SearchAccumulator sac)
          Recursive step of sSearch
(package private)  boolean subAccumContains(Role r)
           
 SearchResultContainer subjectProve()
          Do a search from subject to object.
(package private)  SearchResultContainer subjectProve(Role currSubject, AttributeSet accumulatedAttrs)
          Perform a search from a subject other than the subject that this prover was initialized with.
 SearchResultContainer uncheckedObjectSearch(Role currObj, AttributeSet currAttrSet, AttributeSet constraints, SearchAccumulator sac)
          This version of objectSearch doesn't check the object since it's already in the search accumulator.
 SearchResultContainer uncheckedSubjectSearch(Role s, AttributeSet sas, Role o, AttributeSet oas, SearchAccumulator sac)
          This version of subjectSearch doesn't check the subject since it's already in the search accumulator.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

subSearchAccum

private SearchAccumulator subSearchAccum

objSearchAccum

private SearchAccumulator objSearchAccum

subject

private Role subject

object

private Role object

constraints

private AttributeSet constraints
Constructor Detail

LocalProver

public LocalProver(Role s,
                   Role o,
                   AttributeSet constraints)
The constructor initializes the accumulators with the ultimate subject, object, and attributeset desired


LocalProver

public LocalProver(Role s,
                   Role o)
Prove a relationship between the subject and object, without attribute constraints


LocalProver

public LocalProver(SearchAccumulator subSearchAccum,
                   Role o,
                   AttributeSet constraints)
This version of the constructor is used in answering remote queries that are part of subject searches. They send their own search accumulator Note that this version leaves the instance variable "subject" null, and therefore should be used only for answering remote queries or in other instances where a subject is provided at the time of search.


LocalProver

public LocalProver(SearchAccumulator subSearchAccum,
                   SearchAccumulator objSearchAccum,
                   AttributeSet constraints)
This version of the constructor is used in answering remote queries that are part of bi-directional searches. Note that this version leaves the instance variable "subject" null, and therefore should be used only for answering remote queries or in other instances where a subject and object are provided at the time of search.

Method Detail

getSubAccum

public SearchAccumulator getSubAccum()

getObjAccum

public SearchAccumulator getObjAccum()

getAttrSetsForSub

public AttributeSets getAttrSetsForSub(Role r)
Return the attribute sets that have been discovered for a given role in the subSearchAccum


getAttrSetsForObj

public AttributeSets getAttrSetsForObj(Role r)
Return the attribute sets that have been discovered for a given role in the objSearchAccum


objAccumContains

boolean objAccumContains(Role r)

subAccumContains

boolean subAccumContains(Role r)

prove

public ProofMonitor prove(ProofChangedListener caller)
Method used by a client application to determine if a trust relationship holds. Constructs a Proof Monitor and returns it to a calling application on the local machine. The proof will have valid or invalid status, which the application will need to check.

Parameters:
caller - the object which will be informed if the proof changes validity
Returns:
a ProofMonitor containing information about the proof, as well as current validity; or null if the proof was unsuccessful

subjectProve

public SearchResultContainer subjectProve()
Do a search from subject to object. Uses the subject, object and constraints that the LocalProver was initialized with


subjectProve

SearchResultContainer subjectProve(Role currSubject,
                                   AttributeSet accumulatedAttrs)
Perform a search from a subject other than the subject that this prover was initialized with. The subject comes with a set of attributes that it has accumulated. This is used by the discovery code to "pick up a search in the middle" when it has received new delegations from a remote host.


objectProve

public SearchResultContainer objectProve()
Do an object-towards-subject search using the subject, object, and constraints that this LocalProver was initialized with


objectProve

SearchResultContainer objectProve(Role currObject,
                                  AttributeSet accumulatedAttrs)
Perform a search from an object other than the object that this prover was initialized with. The object comes with a set of attributes that it has accumulated. This is used by the discovery code to "pick up a search in the middle" when it has received new delegations from a remote host.


uncheckedSubjectSearch

public SearchResultContainer uncheckedSubjectSearch(Role s,
                                                    AttributeSet sas,
                                                    Role o,
                                                    AttributeSet oas,
                                                    SearchAccumulator sac)
This version of subjectSearch doesn't check the subject since it's already in the search accumulator.


uncheckedObjectSearch

public SearchResultContainer uncheckedObjectSearch(Role currObj,
                                                   AttributeSet currAttrSet,
                                                   AttributeSet constraints,
                                                   SearchAccumulator sac)
This version of objectSearch doesn't check the object since it's already in the search accumulator.


sSearch

private SearchResult sSearch(Role s,
                             AttributeSet sas,
                             Role o,
                             AttributeSet oas,
                             SearchAccumulator sac)
Assuming a directed graph representation of Delegation Wallet, a Subject role is a vertex and a Delegation is the edge to another Object role vertex.

Parameters:
s - the current vertex of the search
sas - the attribute set of the delegation edge
o - the object vertex of the search
oas - the constraints of the search
sac - the class to hold accumulated results

sSearchRecurse

private SearchResult sSearchRecurse(Role s,
                                    AttributeSet sas,
                                    Role o,
                                    AttributeSet oas,
                                    SearchAccumulator sac)
Recursive step of sSearch


oSearch

private SearchResult oSearch(Role currObj,
                             AttributeSet currAttrSet,
                             AttributeSet desiredAttrSet,
                             SearchAccumulator sac)
Discover all the subjects that reach a particular object with a certain set of contraints. Use a DFS.

Parameters:
currObj - the current vertex of the search
currAttrSet - the attribute set of the delegation edge
desiredAttrSet - the constraints of the search
sac - the class to hold accumulated results

oSearchRecurse

private SearchResult oSearchRecurse(Role currObj,
                                    AttributeSet currAttrSet,
                                    AttributeSet desiredAttrSet,
                                    SearchAccumulator sac)
Recursive step of oSearch



Copyright (c) 2002-2003 New York University RLAB