2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.openecomp.policy.pdp.rest.config;
22 import java.io.FileInputStream;
23 import java.io.IOException;
24 import java.io.InputStream;
25 import java.nio.file.Files;
26 import java.nio.file.Path;
27 import java.nio.file.Paths;
28 import java.util.ArrayList;
29 import java.util.Arrays;
30 import java.util.Base64;
31 import java.util.HashMap;
33 import java.util.Properties;
34 import java.util.StringTokenizer;
36 import org.openecomp.policy.api.PolicyEngineException;
37 import org.openecomp.policy.common.logging.eelf.MessageCodes;
38 import org.openecomp.policy.common.logging.eelf.PolicyLogger;
39 import org.openecomp.policy.rest.XACMLRestProperties;
40 import org.openecomp.policy.utils.AAFPolicyClient;
41 import org.openecomp.policy.utils.AAFPolicyException;
42 import org.openecomp.policy.utils.PolicyUtils;
43 import org.openecomp.policy.xacml.api.XACMLErrorConstants;
45 import com.att.research.xacml.util.XACMLProperties;
47 public class PDPApiAuth {
48 private static String environment = null;
49 private static Path clientPath = null;
50 private static Map<String,ArrayList<String>> clientMap = null;
51 private static Long oldModified = null;
52 private static AAFPolicyClient aafClient = null;
55 * Set Property by reading the properties File.
57 public static void setProperty() {
58 environment = XACMLProperties.getProperty("ENVIRONMENT", "DEVL");
59 String clientFile = XACMLProperties.getProperty(XACMLRestProperties.PROP_PEP_IDFILE);
61 clientPath = Paths.get(clientFile);
64 aafClient = AAFPolicyClient.getInstance(XACMLProperties.getProperties());
65 } catch (AAFPolicyException | IOException e) {
66 PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "AAF Client Not instantiated properly.");
71 * Return Environment value of the PDP servlet.
73 public static String getEnvironment() {
74 if(environment==null){
81 * Security check for authentication and authorizations.
83 public static boolean checkPermissions(String clientEncoding, String requestID,
86 String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding);
87 if(userNamePass==null){
88 String usernameAndPassword = null;
89 byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding);
90 usernameAndPassword = new String(decodedBytes, "UTF-8");
91 StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
92 String username = tokenizer.nextToken();
93 String password = tokenizer.nextToken();
94 userNamePass= new String[]{username, password};
96 PolicyLogger.info("User " + userNamePass[0] + " is Accessing Policy Engine API.");
97 Boolean result = false;
98 // Check Backward Compatibility.
100 result = clientAuth(userNamePass);
102 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS, e, "");
106 String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace");
107 String aafResource = XACMLProperties.getProperty("policy.aaf.resource");
108 if(!userNamePass[0].contains("@") && aafPolicyNameSpace!= null){
109 userNamePass[0] = userNamePass[0] + "@" + aafPolicyNameSpace;
111 if(aafResource != null){
112 resource = aafResource + resource;
114 PolicyLogger.info("Contacting AAF in : " + environment);
115 result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], resource, environment, ".*");
116 }catch (NullPointerException e){
122 PolicyLogger.error(MessageCodes.ERROR_PERMISSIONS, e, "");
127 private static Boolean clientAuth(String[] userNamePass) throws Exception{
128 if(clientPath==null){
131 if (Files.notExists(clientPath)) {
133 }else if(clientPath.toString().endsWith(".properties")) {
135 readProps(clientPath);
136 if (clientMap.containsKey(userNamePass[0]) && clientMap.get(userNamePass[0]).get(0).equals(userNamePass[1])) {
139 }catch(PolicyEngineException e){
146 private static Map<String, ArrayList<String>> readProps(Path clientPath) throws PolicyEngineException{
147 if(oldModified!=null){
148 Long newModified = clientPath.toFile().lastModified();
149 if (newModified == oldModified) {
154 Properties clientProp = new Properties();
156 in = new FileInputStream(clientPath.toFile());
158 } catch (IOException e) {
159 PolicyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
160 throw new PolicyEngineException(XACMLErrorConstants.ERROR_SYSTEM_ERROR +"Cannot Load the Properties file", e);
162 // Read the Properties and Load the Clients and their scopes.
163 clientMap = new HashMap<>();
165 for (Object propKey : clientProp.keySet()) {
166 String clientID = (String)propKey;
167 String clientValue = clientProp.getProperty(clientID);
168 if (clientValue != null) {
169 if (clientValue.contains(",")) {
170 ArrayList<String> clientValues = new ArrayList<String>(Arrays.asList(clientValue.split("\\s*,\\s*")));
171 if(clientValues.get(0)!=null || clientValues.get(1)!=null || clientValues.get(0).isEmpty() || clientValues.get(1).isEmpty()){
172 clientMap.put(clientID, clientValues);
177 if (clientMap.isEmpty()) {
178 PolicyLogger.debug(XACMLErrorConstants.ERROR_PERMISSIONS + "No Clients ID , Client Key and Scopes are available. Cannot serve any Clients !!");
179 throw new PolicyEngineException("Empty Client file");
181 oldModified = clientPath.toFile().lastModified();