1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.cadi.aaf.v2_0;
\r
26 import java.net.URI;
\r
27 import java.net.URISyntaxException;
\r
28 import java.security.Principal;
\r
30 import com.att.cadi.AbsUserCache;
\r
31 import com.att.cadi.Access;
\r
32 import com.att.cadi.CadiException;
\r
33 import com.att.cadi.CadiWrap;
\r
34 import com.att.cadi.Connector;
\r
35 import com.att.cadi.LocatorException;
\r
36 import com.att.cadi.Lur;
\r
37 import com.att.cadi.SecuritySetter;
\r
38 import com.att.cadi.aaf.AAFPermission;
\r
39 import com.att.cadi.aaf.marshal.CertsMarshal;
\r
40 import com.att.cadi.client.Rcli;
\r
41 import com.att.cadi.client.Retryable;
\r
42 import com.att.cadi.config.Config;
\r
43 import com.att.cadi.config.SecurityInfo;
\r
44 import com.att.cadi.lur.EpiLur;
\r
45 import com.att.cadi.principal.BasicPrincipal;
\r
46 import com.att.inno.env.APIException;
\r
47 import com.att.inno.env.util.Split;
\r
48 import com.att.rosetta.env.RosettaDF;
\r
49 import com.att.rosetta.env.RosettaEnv;
\r
51 import aaf.v2_0.Certs;
\r
52 import aaf.v2_0.Perms;
\r
53 import aaf.v2_0.Users;
\r
55 public abstract class AAFCon<CLIENT> implements Connector {
\r
56 public static final String AAF_VERSION = "2.0";
\r
58 final public Access access;
\r
60 final public int timeout, cleanInterval, connTimeout;
\r
61 final public int highCount, userExpires, usageRefreshTriggerCount;
\r
62 private Rcli<CLIENT> client = null;
\r
63 final public RosettaDF<Perms> permsDF;
\r
64 final public RosettaDF<Certs> certsDF;
\r
65 final public RosettaDF<Users> usersDF;
\r
66 private String realm;
\r
67 public final String app;
\r
68 protected SecuritySetter<CLIENT> ss;
\r
69 protected SecurityInfo<CLIENT> si;
\r
70 protected final URI initURI;
\r
72 public Rcli<CLIENT> client(String apiVersion) throws CadiException {
\r
74 client = rclient(initURI,ss);
\r
75 client.apiVersion(apiVersion)
\r
76 .readTimeout(connTimeout);
\r
81 protected AAFCon(Access access, String tag, SecurityInfo<CLIENT> si) throws CadiException{
\r
83 this.access = access;
\r
87 String mechid = access.getProperty(Config.AAF_MECHID, null);
\r
88 String encpass = access.getProperty(Config.AAF_MECHPASS, null);
\r
90 String alias = access.getProperty(Config.CADI_ALIAS, mechid);
\r
92 throw new CadiException(Config.CADI_ALIAS + " or " + Config.AAF_MECHID + " required.");
\r
94 si.defSS=ss = x509Alias(alias);
\r
96 if(mechid!=null && encpass !=null) {
\r
97 si.defSS=ss=basicAuth(mechid, encpass);
\r
99 si.defSS=ss=new SecuritySetter<CLIENT>() {
\r
102 public String getID() {
\r
107 public void setSecurity(CLIENT client) throws CadiException {
\r
108 throw new CadiException("AAFCon has not been initialized with Credentials (SecuritySetter)");
\r
115 timeout = Integer.parseInt(access.getProperty(Config.AAF_READ_TIMEOUT, Config.AAF_READ_TIMEOUT_DEF));
\r
116 cleanInterval = Integer.parseInt(access.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF));
\r
117 highCount = Integer.parseInt(access.getProperty(Config.AAF_HIGH_COUNT, Config.AAF_HIGH_COUNT_DEF).trim());
\r
118 connTimeout = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF).trim());
\r
119 userExpires = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim());
\r
120 usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based
\r
123 initURI = new URI(access.getProperty(tag,null));
\r
124 if(initURI==null) {
\r
125 throw new CadiException(tag + " property is required.");
\r
128 app=reverseDomain(ss.getID());
\r
129 realm="openecomp.org";
\r
131 RosettaEnv env = new RosettaEnv();
\r
132 permsDF = env.newDataFactory(Perms.class);
\r
133 usersDF = env.newDataFactory(Users.class);
\r
134 certsDF = env.newDataFactory(Certs.class);
\r
135 certsDF.rootMarshal(new CertsMarshal()); // Speedier Marshaling
\r
136 } catch (APIException|URISyntaxException e) {
\r
137 throw new CadiException("AAFCon cannot be configured",e);
\r
142 * Return the backing AAFCon, if there is a Lur Setup that is AAF.
\r
144 * If there is no AAFLur setup, it will return "null"
\r
145 * @param servletRequest
\r
148 public static final AAFCon<?> obtain(Object servletRequest) {
\r
149 if(servletRequest instanceof CadiWrap) {
\r
150 Lur lur = ((CadiWrap)servletRequest).getLur();
\r
152 if(lur instanceof EpiLur) {
\r
153 AbsAAFLur<?> aal = (AbsAAFLur<?>) ((EpiLur)lur).subLur(AbsAAFLur.class);
\r
158 if(lur instanceof AbsAAFLur) {
\r
159 return ((AbsAAFLur<?>)lur).aaf;
\r
167 public AAFAuthn<CLIENT> newAuthn() throws APIException {
\r
169 return new AAFAuthn<CLIENT>(this);
\r
170 } catch (APIException e) {
\r
172 } catch (Exception e) {
\r
173 throw new APIException(e);
\r
177 public AAFAuthn<CLIENT> newAuthn(AbsUserCache<AAFPermission> c) throws APIException {
\r
179 return new AAFAuthn<CLIENT>(this,c);
\r
180 } catch (APIException e) {
\r
182 } catch (Exception e) {
\r
183 throw new APIException(e);
\r
187 public AAFLurPerm newLur() throws CadiException {
\r
189 return new AAFLurPerm(this);
\r
190 } catch (CadiException e) {
\r
192 } catch (Exception e) {
\r
193 throw new CadiException(e);
\r
197 public AAFLurPerm newLur(AbsUserCache<AAFPermission> c) throws APIException {
\r
199 return new AAFLurPerm(this,c);
\r
200 } catch (APIException e) {
\r
202 } catch (Exception e) {
\r
203 throw new APIException(e);
\r
208 * Take a Fully Qualified User, and get a Namespace from it.
\r
212 public static String reverseDomain(String user) {
\r
213 StringBuilder sb = null;
\r
214 String[] split = Split.split('.',user);
\r
216 for(int i=split.length-1;i>=0;--i) {
\r
218 sb = new StringBuilder();
\r
223 if((at = split[i].indexOf('@'))>0) {
\r
224 sb.append(split[i].subSequence(at+1, split[i].length()));
\r
226 sb.append(split[i]);
\r
230 return sb==null?"":sb.toString();
\r
233 protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;
\r
235 public abstract<RET> RET best(Retryable<RET> retryable) throws LocatorException, CadiException, APIException;
\r
238 public abstract SecuritySetter<CLIENT> basicAuth(String user, String password) throws CadiException;
\r
240 public abstract SecuritySetter<CLIENT> transferSS(Principal principal) throws CadiException;
\r
242 public abstract SecuritySetter<CLIENT> basicAuthSS(BasicPrincipal principal) throws CadiException;
\r
244 public abstract SecuritySetter<CLIENT> x509Alias(String alias) throws APIException, CadiException;
\r
247 public String getRealm() {
\r
252 public SecuritySetter<CLIENT> set(SecuritySetter<CLIENT> ss) {
\r
255 client.setSecuritySetter(ss);
\r
260 public SecurityInfo<CLIENT> securityInfo() {
\r
264 public String defID() {
\r
271 public void invalidate() throws CadiException {
\r
273 client.invalidate();
\r