2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
6 * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.policy.utils;
24 import java.security.Principal;
25 import java.util.Properties;
27 import org.apache.log4j.Logger;
28 import org.onap.aaf.cadi.Access.Level;
29 import org.onap.aaf.cadi.CadiException;
30 import org.onap.aaf.cadi.PropAccess;
31 import org.onap.aaf.cadi.aaf.AAFPermission;
32 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
33 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
34 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
35 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
36 import org.onap.aaf.cadi.locator.PropertyLocator;
37 import org.onap.aaf.cadi.principal.UnAuthPrincipal;
40 * AAF Client: Generic AAF Client implementation to connect to AAF Resources to
41 * validate permissions and authorization.
44 public class AAFPolicyClientImpl implements AAFPolicyClient {
45 private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName());
47 private static final String ENVIRONMENT = "ENVIRONMENT";
48 private static AAFPolicyClientImpl instance = null;
49 private static Properties cadiprops = new Properties();
50 private static AAFCon<?> aafCon = null;
51 private static AAFLurPerm aafLurPerm = null;
52 private static AAFAuthn<?> aafAuthn = null;
53 private static PropAccess access = null;
55 private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException {
60 * Gets the instance of the AAFClient instance. Needs Proper properties with
61 * CLIENT_ID, CLIENT_KEY and ENVIRONMENT
64 * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
65 * @return AAFClient instance.
66 * @throws AAFPolicyException
69 public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException {
70 if (instance == null) {
71 logger.info("Creating AAFClient Instance ");
72 instance = new AAFPolicyClientImpl(properties);
77 // To set Property values && Connections.
78 private static void setup(Properties properties) throws AAFPolicyException {
79 if (properties != null && !properties.isEmpty()) {
80 cadiprops = properties;
81 access = new PolicyAccess(cadiprops,
82 Level.valueOf(cadiprops.getProperty("cadi_loglevel", Level.DEBUG.toString())));
84 logger.error("Required Property value is missing : " + ENVIRONMENT);
85 throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT);
91 * Updates the Properties file in case if required.
94 * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
95 * @throws AAFPolicyException
99 public void updateProperties(Properties properties) throws AAFPolicyException {
104 * Checks the Authentication and Permissions for the given values.
107 * Username must be registered under the Name space.
109 * Password pertaining to the Username.
113 * Permissions Instance.
115 * Permissions Action.
119 public boolean checkAuthPerm(String userName, String pass, String type, String instance, String action) {
120 return checkAuth(userName, pass) && checkPerm(userName, pass, type, instance, action);
124 * Checks the Authentication of the UserName and Password Given.
130 * @return True or False.
133 public boolean checkAuth(String userName, String pass) {
134 if (aafAuthn == null) {
140 String aafAuthResponse = aafAuthn.validate(userName, pass);
141 if (aafAuthResponse == null) {
144 logger.warn("User, " + userName + ", failed to authenticate with AAF. \n" + "AAF Response is "
150 } catch (Exception e) {
151 logger.error(e.getMessage() + e);
158 * Checks Permissions for the given UserName, Password and Type, Instance
168 * Permissions Instance.
170 * Permissions Action.
171 * @return True or False.
174 public boolean checkPerm(String userName, String pass, String type, String instance, String action) {
176 Boolean result = false;
178 if (aafCon != null && aafLurPerm != null) {
180 aafCon.basicAuth(userName, pass);
182 new AAFPermission(cadiprops.getProperty("policy.aaf.namespace"), type, instance, action);
183 final Principal p = new UnAuthPrincipal(userName);
184 result = aafLurPerm.fish(p, perm);
185 } catch (CadiException e) {
186 logger.error(e.getMessage() + e);
187 aafLurPerm.destroy();
192 while (index < 2 && !result); // Try once more to check if this can be passed. AAF has some issues.
196 private static boolean setUpAaf() {
198 aafCon = new AAFConHttp(access,
199 new PropertyLocator("https://" + cadiprops.getProperty("aaf_fqdn") + ":8100"));
200 aafLurPerm = aafCon.newLur();
201 aafAuthn = aafCon.newAuthn(aafLurPerm);
203 } catch (Exception e) {
204 logger.error("Error while setting up AAF Connection " + e.getMessage() + e);