1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package com.att.cadi.aaf.v2_0;
\r
25 import java.net.URI;
\r
26 import java.net.URISyntaxException;
\r
27 import java.security.Principal;
\r
29 import com.att.cadi.AbsUserCache;
\r
30 import com.att.cadi.Access;
\r
31 import com.att.cadi.CadiException;
\r
32 import com.att.cadi.CadiWrap;
\r
33 import com.att.cadi.Connector;
\r
34 import com.att.cadi.LocatorException;
\r
35 import com.att.cadi.Lur;
\r
36 import com.att.cadi.SecuritySetter;
\r
37 import com.att.cadi.aaf.AAFPermission;
\r
38 import com.att.cadi.aaf.marshal.CertsMarshal;
\r
39 import com.att.cadi.client.Rcli;
\r
40 import com.att.cadi.client.Retryable;
\r
41 import com.att.cadi.config.Config;
\r
42 import com.att.cadi.config.SecurityInfo;
\r
43 import com.att.cadi.lur.EpiLur;
\r
44 import com.att.cadi.principal.BasicPrincipal;
\r
45 import com.att.inno.env.APIException;
\r
46 import com.att.inno.env.util.Split;
\r
47 import com.att.rosetta.env.RosettaDF;
\r
48 import com.att.rosetta.env.RosettaEnv;
\r
50 import aaf.v2_0.Certs;
\r
51 import aaf.v2_0.Perms;
\r
52 import aaf.v2_0.Users;
\r
54 public abstract class AAFCon<CLIENT> implements Connector {
\r
55 public static final String AAF_VERSION = "2.0";
\r
57 final public Access access;
\r
59 final public int timeout, cleanInterval, connTimeout;
\r
60 final public int highCount, userExpires, usageRefreshTriggerCount;
\r
61 private Rcli<CLIENT> client = null;
\r
62 final public RosettaDF<Perms> permsDF;
\r
63 final public RosettaDF<Certs> certsDF;
\r
64 final public RosettaDF<Users> usersDF;
\r
65 private String realm;
\r
66 public final String app;
\r
67 protected SecuritySetter<CLIENT> ss;
\r
68 protected SecurityInfo<CLIENT> si;
\r
69 protected final URI initURI;
\r
71 public Rcli<CLIENT> client(String apiVersion) throws CadiException {
\r
73 client = rclient(initURI,ss);
\r
74 client.apiVersion(apiVersion)
\r
75 .readTimeout(connTimeout);
\r
80 protected AAFCon(Access access, String tag, SecurityInfo<CLIENT> si) throws CadiException{
\r
82 this.access = access;
\r
86 String mechid = access.getProperty(Config.AAF_MECHID, null);
\r
87 String encpass = access.getProperty(Config.AAF_MECHPASS, null);
\r
89 String alias = access.getProperty(Config.CADI_ALIAS, mechid);
\r
91 throw new CadiException(Config.CADI_ALIAS + " or " + Config.AAF_MECHID + " required.");
\r
93 si.defSS=ss = x509Alias(alias);
\r
95 if(mechid!=null && encpass !=null) {
\r
96 si.defSS=ss=basicAuth(mechid, encpass);
\r
98 si.defSS=ss=new SecuritySetter<CLIENT>() {
\r
101 public String getID() {
\r
106 public void setSecurity(CLIENT client) throws CadiException {
\r
107 throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");
\r
114 timeout = Integer.parseInt(access.getProperty(Config.AAF_READ_TIMEOUT, Config.AAF_READ_TIMEOUT_DEF));
\r
115 cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF));
\r
116 highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim());
\r
117 connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim());
\r
118 userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());
\r
119 usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based
\r
122 initURI = new URI(access.getProperty(tag,null));
\r
123 if(initURI==null) {
\r
124 throw new CadiException(tag + " property is required.");
\r
127 app=reverseDomain(ss.getID());
\r
128 realm="openecomp.org";
\r
130 RosettaEnv env = new RosettaEnv();
\r
131 permsDF = env.newDataFactory(Perms.class);
\r
132 usersDF = env.newDataFactory(Users.class);
\r
133 certsDF = env.newDataFactory(Certs.class);
\r
134 certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling
\r
135 } catch (APIException|URISyntaxException e) {
\r
136 throw new CadiException("AAFCon cannot be configured",e);
\r
141 * Return the backing AAFCon, if there is a Lur Setup that is AAF.
\r
143 * If there is no AAFLur setup, it will return "null"
\r
144 * @param servletRequest
\r
147 public static final AAFCon<?> obtain(Object servletRequest) {
\r
148 if(servletRequest instanceof CadiWrap) {
\r
149 Lur lur = ((CadiWrap)servletRequest).getLur();
\r
151 if(lur instanceof EpiLur) {
\r
152 AbsAAFLur<?> aal = (AbsAAFLur<?>) ((EpiLur)lur).subLur(AbsAAFLur.class);
\r
157 if(lur instanceof AbsAAFLur) {
\r
158 return ((AbsAAFLur<?>)lur).aaf;
\r
166 public AAFAuthn<CLIENT> newAuthn() throws APIException {
\r
168 return new AAFAuthn<CLIENT>(this);
\r
169 } catch (APIException e) {
\r
171 } catch (Exception e) {
\r
172 throw new APIException(e);
\r
176 public AAFAuthn<CLIENT> newAuthn(AbsUserCache<AAFPermission> c) throws APIException {
\r
178 return new AAFAuthn<CLIENT>(this,c);
\r
179 } catch (APIException e) {
\r
181 } catch (Exception e) {
\r
182 throw new APIException(e);
\r
186 public AAFLurPerm newLur() throws CadiException {
\r
188 return new AAFLurPerm(this);
\r
189 } catch (CadiException e) {
\r
191 } catch (Exception e) {
\r
192 throw new CadiException(e);
\r
196 public AAFLurPerm newLur(AbsUserCache<AAFPermission> c) throws APIException {
\r
198 return new AAFLurPerm(this,c);
\r
199 } catch (APIException e) {
\r
201 } catch (Exception e) {
\r
202 throw new APIException(e);
\r
207 * Take a Fully Qualified User, and get a Namespace from it.
\r
211 public static String reverseDomain(String user) {
\r
212 StringBuilder sb = null;
\r
213 String[] split = Split.split('.',user);
\r
215 for(int i=split.length-1;i>=0;--i) {
\r
217 sb = new StringBuilder();
\r
222 if((at = split[i].indexOf('@'))>0) {
\r
223 sb.append(split[i].subSequence(at+1, split[i].length()));
\r
225 sb.append(split[i]);
\r
229 return sb==null?"":sb.toString();
\r
232 protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;
\r
234 public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;
\r
237 public abstract SecuritySetter<CLIENT> basicAuth(String user, String password) throws CadiException;
\r
239 public abstract SecuritySetter<CLIENT> transferSS(Principal principal) throws CadiException;
\r
241 public abstract SecuritySetter<CLIENT> basicAuthSS(BasicPrincipal principal) throws CadiException;
\r
243 public abstract SecuritySetter<CLIENT> x509Alias(String alias) throws APIException, CadiException;
\r
246 public String getRealm() {
\r
251 public SecuritySetter<CLIENT> set(SecuritySetter<CLIENT> ss) {
\r
254 client.setSecuritySetter(ss);
\r
259 public SecurityInfo<CLIENT> securityInfo() {
\r
263 public String defID() {
\r
270 public void invalidate() throws CadiException {
\r
272 client.invalidate();
\r