[aaf/cadi.git] / aaf / src / main / java / com / att / cadi / aaf / v2_0 / AbsAAFLur.java

/*******************************************************************************\r
 * ============LICENSE_START====================================================\r
 * * org.onap.aaf\r
 * * ===========================================================================\r
 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
 * * ===========================================================================\r
 * * Licensed under the Apache License, Version 2.0 (the "License");\r
 * * you may not use this file except in compliance with the License.\r
 * * You may obtain a copy of the License at\r
 * * \r
 *  *      http://www.apache.org/licenses/LICENSE-2.0\r
 * * \r
 *  * Unless required by applicable law or agreed to in writing, software\r
 * * distributed under the License is distributed on an "AS IS" BASIS,\r
 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * * See the License for the specific language governing permissions and\r
 * * limitations under the License.\r
 * * ============LICENSE_END====================================================\r
 * *\r
 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
 * *\r
 ******************************************************************************/\r
package com.att.cadi.aaf.v2_0;\r
\r
import java.net.URISyntaxException;\r
import java.security.Principal;\r
import java.util.ArrayList;\r
import java.util.Date;\r
import java.util.List;\r
\r
import com.att.aft.dme2.api.DME2Exception;\r
import com.att.cadi.AbsUserCache;\r
import com.att.cadi.Access.Level;\r
import com.att.cadi.CachingLur;\r
import com.att.cadi.Permission;\r
import com.att.cadi.StrLur;\r
import com.att.cadi.Transmutate;\r
import com.att.cadi.User;\r
import com.att.cadi.config.Config;\r
import com.att.cadi.aaf.AAFPermission;\r
import com.att.cadi.aaf.AAFTransmutate;\r
import com.att.inno.env.APIException;\r
import com.att.inno.env.util.Split;\r
\r
public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PERM> implements StrLur, CachingLur<PERM> {\r
        protected static final byte[] BLANK_PASSWORD = new byte[0];\r
        protected static final Transmutate<Principal> transmutate = new AAFTransmutate();\r
        private String[] debug = null;\r
        public AAFCon<?> aaf;\r
        private String[] supports;\r
\r
        public AbsAAFLur(AAFCon<?> con) throws DME2Exception, URISyntaxException, APIException {\r
                super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount);\r
                aaf = con;\r
                setLur(this);\r
                supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");\r
        }\r
\r
        public AbsAAFLur(AAFCon<?> con, AbsUserCache<PERM> auc) throws DME2Exception, URISyntaxException, APIException {\r
                super(auc);\r
                aaf = con;\r
                setLur(this);\r
                supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");\r
        }\r
\r
        @Override\r
        public void setDebug(String ids) {\r
                this.debug = ids==null?null:Split.split(',', ids);\r
        }\r
        \r
        protected abstract User<PERM> loadUser(Principal bait);\r
        protected abstract User<PERM> loadUser(String name);\r
        public final boolean supports(String userName) {\r
                if(userName!=null) {\r
                        for(String s : supports) {\r
                                if(userName.endsWith(s))\r
                                        return true;\r
                        }\r
                }\r
                return false;\r
        }\r
        \r
        protected abstract boolean isCorrectPermType(Permission pond);\r
        \r
        // This is where you build AAF CLient Code.  Answer the question "Is principal "bait" in the "pond"\r
        public boolean fish(Principal bait, Permission pond) {\r
                return fish(bait.getName(), pond);\r
        }\r
\r
        public void fishAll(Principal bait, List<Permission> perms) {\r
                fishAll(bait.getName(),perms);\r
        }\r
\r
        // This is where you build AAF CLient Code.  Answer the question "Is principal "bait" in the "pond"\r
        public boolean fish(String bait, Permission pond) {\r
                if(isDebug(bait)) {\r
                        boolean rv = false;\r
                        StringBuilder sb = new StringBuilder("Log for ");\r
                        sb.append(bait);\r
                        if(supports(bait)) {\r
                                User<PERM> user = getUser(bait);\r
                                if(user==null) {\r
                                        sb.append("\n\tUser is not in Cache");\r
                                } else {\r
                                        if(user.noPerms())sb.append("\n\tUser has no Perms");\r
                                        if(user.permExpired()) {\r
                                                sb.append("\n\tUser's perm expired [");\r
                                                sb.append(new Date(user.permExpires()));\r
                                                sb.append(']');\r
                                        } else {\r
                                                sb.append("\n\tUser's perm expires [");\r
                                                sb.append(new Date(user.permExpires()));\r
                                                sb.append(']');\r
                                        }\r
                                }\r
                                if(user==null || (user.noPerms() && user.permExpired())) {\r
                                        user = loadUser(bait);\r
                                        sb.append("\n\tloadUser called");\r
                                }\r
                                if(user==null) {\r
                                        sb.append("\n\tUser was not Loaded");\r
                                } else if(user.contains(pond)) {\r
                                        sb.append("\n\tUser contains ");\r
                                        sb.append(pond.getKey());\r
                                        rv = true;\r
                                } else {\r
                                        sb.append("\n\tUser does not contain ");\r
                                        sb.append(pond.getKey());\r
                                        List<Permission> perms = new ArrayList<Permission>();\r
                                        user.copyPermsTo(perms);\r
                                        for(Permission p : perms) {\r
                                                sb.append("\n\t\t");\r
                                                sb.append(p.getKey());\r
                                        }\r
                                }\r
                        } else {\r
                                sb.append("AAF Lur does not support [");\r
                                sb.append(bait);\r
                                sb.append("]");\r
                        }\r
                        aaf.access.log(Level.INFO, sb);\r
                        return rv;\r
                } else {\r
                        if(supports(bait)) {\r
                                User<PERM> user = getUser(bait);\r
                                if(user==null || (user.noPerms() && user.permExpired())) {\r
                                        user = loadUser(bait);\r
                                }\r
                                return user==null?false:user.contains(pond);\r
                        }\r
                        return false;\r
                }\r
        }\r
\r
        public void fishAll(String bait, List<Permission> perms) {\r
                if(isDebug(bait)) {\r
                        StringBuilder sb = new StringBuilder("Log for ");\r
                        sb.append(bait);\r
                        if(supports(bait)) {\r
                                User<PERM> user = getUser(bait);\r
                                if(user==null) {\r
                                        sb.append("\n\tUser is not in Cache");\r
                                } else {\r
                                        if(user.noPerms())sb.append("\n\tUser has no Perms");\r
                                        if(user.permExpired()) {\r
                                                sb.append("\n\tUser's perm expired [");\r
                                                sb.append(new Date(user.permExpires()));\r
                                                sb.append(']');\r
                                        } else {\r
                                                sb.append("\n\tUser's perm expires [");\r
                                                sb.append(new Date(user.permExpires()));\r
                                                sb.append(']');\r
                                        }\r
                                }\r
                                if(user==null || (user.noPerms() && user.permExpired())) {\r
                                        user = loadUser(bait);\r
                                        sb.append("\n\tloadUser called");\r
                                }\r
                                if(user==null) {\r
                                        sb.append("\n\tUser was not Loaded");\r
                                } else {\r
                                        sb.append("\n\tCopying Perms ");\r
                                        user.copyPermsTo(perms);\r
                                        for(Permission p : perms) {\r
                                                sb.append("\n\t\t");\r
                                                sb.append(p.getKey());\r
                                        }\r
                                }\r
                        } else {\r
                                sb.append("AAF Lur does not support [");\r
                                sb.append(bait);\r
                                sb.append("]");\r
                        }\r
                        aaf.access.log(Level.INFO, sb);\r
                } else {\r
                        if(supports(bait)) {\r
                                User<PERM> user = getUser(bait);\r
                                if(user==null || (user.noPerms() && user.permExpired())) user = loadUser(bait);\r
                                if(user!=null) {\r
                                        user.copyPermsTo(perms);\r
                                }\r
                        }\r
                }\r
        }\r
        \r
        @Override\r
        public void remove(String user) {\r
                super.remove(user);\r
        }\r
\r
        private boolean isDebug(String bait) {\r
                if(debug!=null) {\r
                        if(debug.length==1 && "all".equals(debug[0]))return true;\r
                        for(String s : debug) {\r
                                if(s.equals(bait))return true;\r
                        }\r
                }\r
                return false;\r
        }\r
        /**\r
         * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found.\r
         * \r
         * @param bait\r
         * @param obj\r
         * @param type\r
         * @param instance\r
         * @param actions\r
         */\r
        public<A> void fishOneOf(String bait, A obj, String type, String instance, List<Action<A>> actions) {\r
                User<PERM> user = getUser(bait);\r
                if(user==null || (user.noPerms() && user.permExpired()))user = loadUser(bait);\r
//              return user==null?false:user.contains(pond);\r
                if(user!=null) {\r
                        ReuseAAFPermission perm = new ReuseAAFPermission(type,instance);\r
                        for(Action<A> action : actions) {\r
                                perm.setAction(action.getName());\r
                                if(user.contains(perm)) {\r
                                        if(action.exec(obj))return;\r
                                }\r
                        }\r
                }\r
        }\r
        \r
        public static interface Action<A> {\r
                public String getName();\r
                /**\r
                 *  Return false to continue, True to end now\r
                 * @return\r
                 */\r
                public boolean exec(A a);\r
        }\r
        \r
        private class ReuseAAFPermission extends AAFPermission {\r
                public ReuseAAFPermission(String type, String instance) {\r
                        super(type,instance,null);\r
                }\r
\r
                public void setAction(String s) {\r
                        action = s;\r
                }\r
                \r
                /**\r
                 * This function understands that AAF Keys are hierarchical, :A:B:C, \r
                 *  Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit\r
                 * @return\r
                 */\r
        }\r
}\r