In [None]:
# pep.py

import time
import logging
import psutil
import os
import uuid
import requests
import csv
from flask import Flask, request, jsonify

app = Flask(__name__)

class PEP:
    def __init__(self, pe_url, authenticator_url, pa_url, pep_url):
        self.pe_url = pe_url
        self.authenticator_url = authenticator_url
        self.pa_url = pa_url
        self.pep_url = pep_url  # URL where this PEP is accessible
        self.banned_ids = set()
        self.setup_logging()
        self.setup_csv_logging()
        # Register with PA
        self.register_with_pa()

    def setup_logging(self):
        # Configure the logging module
        logging.basicConfig(
            filename='pep.log',
            level=logging.INFO,
            format='%(asctime)s %(levelname)s: %(message)s'
        )

    def setup_csv_logging(self):
        # Open the CSV file in append mode
        self.csv_file = open('pep_requests.csv', 'a', newline='')
        self.csv_writer = csv.writer(self.csv_file)
        # Write headers if the file is empty
        if os.stat('pep_requests.csv').st_size == 0:
            self.csv_writer.writerow(['Request ID', 'Timestamp', 'Sender', 'Destination Entity', 'Processing Time (s)', 'Total CPU Time (s)'])

    def register_with_pa(self):
        try:
            payload = {
                'pep_url': self.pep_url,
                'request_id': str(uuid.uuid4())
            }
            response = requests.post(f'{self.pa_url}/register_pep', json=payload)
            response.raise_for_status()
            logging.info(f"PEP: Registered with PA at '{self.pa_url}'.")
        except Exception as e:
            logging.error(f"PEP Error: Failed to register with PA: {e}")

    def update_banned_ids(self, banned_ids):
        """
        Receives the updated list of banned IDs from the PA.
        """
        self.banned_ids = set(banned_ids)
        logging.info(f"PEP: Updated banned IDs list: {self.banned_ids}")

    def handle_request(self, entity_id, resource_id, request_data, request_id):
        """
        Handles incoming access requests.
        """
        # Log the request receipt
        logging.info(f"Request ID: {request_id} | PEP: Received request from '{entity_id}' for resource '{resource_id}'")

        # Authenticate the entity
        auth_status = self.authenticate_entity(entity_id, request_data, request_id)
        logging.info(f"Request ID: {request_id} | PEP: Entity '{entity_id}' authentication status: {auth_status}")

        # Check if entity_id is in the banned IDs list
        if entity_id in self.banned_ids:
            logging.warning(f"Request ID: {request_id} | PEP: Entity '{entity_id}' is banned. Rejecting request.")
            self.deny_access(entity_id, resource_id, request_data, request_id)
            return 'deny'

        # Process access request through PE
        access_decision = self.process_access_request(entity_id, resource_id, auth_status, request_id)

        # Enforce the access decision
        if access_decision == 'allow':
            self.allow_access(entity_id, resource_id, request_data, request_id)
        else:
            self.deny_access(entity_id, resource_id, request_data, request_id)

        return access_decision

    def authenticate_entity(self, entity_id, request_data, request_id):
        try:
            payload = {
                'entity_id': entity_id,
                'request_data': request_data,
                'request_id': request_id
            }
            response = requests.post(f'{self.authenticator_url}/authenticate', json=payload)
            response.raise_for_status()
            auth_data = response.json()
            auth_status = auth_data.get('authentication_status', 'unauthenticated')
            return auth_status
        except Exception as e:
            logging.error(f"Request ID: {request_id} | PEP Error: Failed to authenticate entity '{entity_id}': {e}")
            return 'unauthenticated'

    def process_access_request(self, entity_id, resource_id, profile_status, request_id):
        try:
            payload = {
                'entity_id': entity_id,
                'resource_id': resource_id,
                'profile_status': profile_status,
                'request_id': request_id
            }
            response = requests.post(f'{self.pe_url}/process_access_request', json=payload)
            response.raise_for_status()
            data = response.json()
            access_decision = data.get('access_decision', 'deny')
            logging.info(f"Request ID: {request_id} | PEP: Access decision from PE: {access_decision}")
            return access_decision
        except Exception as e:
            logging.error(f"Request ID: {request_id} | PEP Error: Failed to process access request for entity '{entity_id}': {e}")
            return 'deny'

    def allow_access(self, entity_id, resource_id, request_data, request_id):
        logging.info(f"Request ID: {request_id} | PEP: Access granted to '{entity_id}' for resource '{resource_id}'")
        # Implement the logic for allowing access
        # In a networked environment, this might involve forwarding the request to the resource
        # or informing the entity that access is granted
        # For this example, we'll simply log the access grant

    def deny_access(self, entity_id, resource_id, request_data, request_id):
        logging.info(f"Request ID: {request_id} | PEP: Access denied to '{entity_id}' for resource '{resource_id}'")
        # Implement the logic for denying access
        # For this example, we'll simply log the access denial

    def log_request(self, request_id, sender, destination, processing_time, total_cpu_time):
        timestamp = time.strftime('%Y-%m-%d %H:%M:%S')
        self.csv_writer.writerow([request_id, timestamp, sender, destination, f"{processing_time:.6f}", f"{total_cpu_time:.6f}"])
        self.csv_file.flush()

    def __del__(self):
        self.csv_file.close()

# Flask API Endpoints

PEP_instance = None  # Will be initialized later

@app.route('/handle_request', methods=['POST'])
def handle_request_endpoint():
    try:
        json_data = request.get_json()
        entity_id = json_data.get('entity_id')
        resource_id = json_data.get('resource_id')
        request_data = json_data.get('request_data', {})
        request_id = json_data.get('request_id', str(uuid.uuid4()))

        # Start CPU and timing measurements
        process = psutil.Process(os.getpid())
        cpu_times_start = process.cpu_times()
        start_time = time.time()

        # Call PEP's handle_request method
        access_decision = PEP_instance.handle_request(entity_id, resource_id, request_data, request_id)

        # End CPU and timing measurements
        end_time = time.time()
        cpu_times_end = process.cpu_times()

        # Calculate CPU time and processing time
        user_cpu_time = cpu_times_end.user - cpu_times_start.user
        system_cpu_time = cpu_times_end.system - cpu_times_start.system
        total_cpu_time = user_cpu_time + system_cpu_time
        processing_time = end_time - start_time

        # Log the performance data and write to CSV
        PEP_instance.log_request(request_id, entity_id, resource_id, processing_time, total_cpu_time)

        response = {
            'request_id': request_id,
            'access_decision': access_decision
        }
        return jsonify(response), 200
    except Exception as e:
        logging.error(f"Error in handle_request_endpoint: {e}")
        return jsonify({'error': str(e)}), 500

@app.route('/update_banned_ids', methods=['POST'])
def update_banned_ids_endpoint():
    try:
        json_data = request.get_json()
        banned_ids = json_data.get('banned_ids', [])
        PEP_instance.update_banned_ids(banned_ids)
        response = {'status': 'Banned IDs updated successfully'}
        return jsonify(response), 200
    except Exception as e:
        logging.error(f"Error in update_banned_ids_endpoint: {e}")
        return jsonify({'error': str(e)}), 500

if __name__ == '__main__':
    # Set the URLs of the Authenticator, PE, and PA
    authenticator_url = 'http://192.52.33.29:5001'  # Replace with actual IP
    pe_url = 'http://192.52.33.4:5000'  # Replace with actual IP
    pa_url = 'http://192.52.34.155:5000'  # Replace with actual IP
    pep_url = 'http://127.0.0.1:5000'  # Replace with actual IP

    # Create an instance of PEP
    PEP_instance = PEP(pe_url, authenticator_url, pa_url, pep_url)

    # Run the Flask app on all interfaces, port 5000
    app.run(host='0.0.0.0', port=5000)