2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 package org.onap.policy.utils;
23 import java.security.Principal;
24 import java.util.Properties;
26 import org.apache.log4j.Logger;
27 import org.onap.aaf.cadi.Access.Level;
28 import org.onap.aaf.cadi.CadiException;
29 import org.onap.aaf.cadi.PropAccess;
30 import org.onap.aaf.cadi.aaf.AAFPermission;
31 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
32 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
33 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
34 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
35 import org.onap.aaf.cadi.locator.PropertyLocator;
36 import org.onap.aaf.cadi.principal.UnAuthPrincipal;
39 * AAF Client: Generic AAF Client implementation to connect to AAF Resources to
40 * validate permissions and authorization.
43 public class AAFPolicyClientImpl implements AAFPolicyClient {
44 private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName());
46 private static final String ENVIRONMENT = "ENVIRONMENT";
47 private static AAFPolicyClientImpl instance = null;
48 private static Properties cadiprops = new Properties();
49 private static AAFCon<?> aafCon = null;
50 private static AAFLurPerm aafLurPerm = null;
51 private static AAFAuthn<?> aafAuthn = null;
52 private static PropAccess access = null;
54 private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException {
59 * Gets the instance of the AAFClient instance. Needs Proper properties with
60 * CLIENT_ID, CLIENT_KEY and ENVIRONMENT
63 * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
64 * @return AAFClient instance.
65 * @throws AAFPolicyException
68 public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException {
69 if (instance == null) {
70 logger.info("Creating AAFClient Instance ");
71 instance = new AAFPolicyClientImpl(properties);
76 // To set Property values && Connections.
77 private static void setup(Properties properties) throws AAFPolicyException {
78 if (properties != null && !properties.isEmpty()) {
79 cadiprops = properties;
80 access = new PolicyAccess(cadiprops,
81 Level.valueOf(cadiprops.getProperty("cadi_loglevel", Level.DEBUG.toString())));
83 logger.error("Required Property value is missing : " + ENVIRONMENT);
84 throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT);
90 * Updates the Properties file in case if required.
93 * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
94 * @throws AAFPolicyException
98 public void updateProperties(Properties properties) throws AAFPolicyException {
103 * Checks the Authentication and Permissions for the given values.
106 * Username must be registered under the Name space.
108 * Password pertaining to the Username.
112 * Permissions Instance.
114 * Permissions Action.
118 public boolean checkAuthPerm(String userName, String pass, String type, String instance, String action) {
119 return checkAuth(userName, pass) && checkPerm(userName, pass, type, instance, action);
123 * Checks the Authentication of the UserName and Password Given.
129 * @return True or False.
132 public boolean checkAuth(String userName, String pass) {
133 if (aafAuthn == null) {
139 String aafAuthResponse = aafAuthn.validate(userName, pass);
140 if (aafAuthResponse==null) {
143 logger.warn("User, " + userName + ", failed to authenticate with AAF. \n"
144 + "AAF Response is " + aafAuthResponse);
148 } catch (Exception e) {
149 logger.error(e.getMessage() + e);
156 * Checks Permissions for the given UserName, Password and Type, Instance
166 * Permissions Instance.
168 * Permissions Action.
169 * @return True or False.
172 public boolean checkPerm(String userName, String pass, String type, String instance, String action) {
174 Boolean result = false;
176 if (aafCon != null && aafLurPerm != null) {
178 aafCon.basicAuth(userName, pass);
179 AAFPermission perm = new AAFPermission(cadiprops.getProperty("policy.aaf.namespace"), type,
181 final Principal p = new UnAuthPrincipal(userName);
182 result = aafLurPerm.fish(p, perm);
183 } catch (CadiException e) {
184 logger.error(e.getMessage() + e);
185 aafLurPerm.destroy();
189 } while (i < 2 && !result); // Try once more to check if this can be passed. AAF has some issues.
193 private static boolean setUpAAF() {
195 aafCon = new AAFConHttp(access,
196 new PropertyLocator("https://" + cadiprops.getProperty("aaf_fqdn") + ":8100"));
197 aafLurPerm = aafCon.newLur();
198 aafAuthn = aafCon.newAuthn(aafLurPerm);
200 } catch (Exception e) {
201 logger.error("Error while setting up AAF Connection " + e.getMessage() + e);