2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * Modifications Copyright (C) 2019 IBM.
7 * ===========================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END====================================================
24 package org.onap.aaf.auth.cm;
26 import java.lang.reflect.Constructor;
27 import java.lang.reflect.InvocationTargetException;
29 import java.util.Map.Entry;
30 import java.util.TreeMap;
32 import javax.servlet.Filter;
34 import org.onap.aaf.auth.cache.Cache;
35 import org.onap.aaf.auth.cache.Cache.Dated;
36 import org.onap.aaf.auth.cm.api.API_Artifact;
37 import org.onap.aaf.auth.cm.api.API_Cert;
38 import org.onap.aaf.auth.cm.ca.CA;
39 import org.onap.aaf.auth.cm.facade.Facade1_0;
40 import org.onap.aaf.auth.cm.facade.FacadeFactory;
41 import org.onap.aaf.auth.cm.mapper.Mapper.API;
42 import org.onap.aaf.auth.cm.service.CMService;
43 import org.onap.aaf.auth.cm.service.Code;
44 import org.onap.aaf.auth.cm.validation.CertmanValidator;
45 import org.onap.aaf.auth.dao.CassAccess;
46 import org.onap.aaf.auth.dao.cass.LocateDAO;
47 import org.onap.aaf.auth.direct.DirectLocatorCreator;
48 import org.onap.aaf.auth.direct.DirectRegistrar;
49 import org.onap.aaf.auth.env.AuthzEnv;
50 import org.onap.aaf.auth.env.AuthzTrans;
51 import org.onap.aaf.auth.env.AuthzTransFilter;
52 import org.onap.aaf.auth.rserv.HttpMethods;
53 import org.onap.aaf.auth.server.AbsService;
54 import org.onap.aaf.auth.server.JettyServiceStarter;
55 import org.onap.aaf.auth.server.Log4JLogIt;
56 import org.onap.aaf.cadi.Access;
57 import org.onap.aaf.cadi.Access.Level;
58 import org.onap.aaf.cadi.CadiException;
59 import org.onap.aaf.cadi.LocatorException;
60 import org.onap.aaf.cadi.PropAccess;
61 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
62 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
63 import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker;
64 import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator;
65 import org.onap.aaf.cadi.config.Config;
66 import org.onap.aaf.cadi.register.Registrant;
67 import org.onap.aaf.misc.env.APIException;
68 import org.onap.aaf.misc.env.Data;
69 import org.onap.aaf.misc.env.Env;
70 import org.onap.aaf.misc.env.util.Split;
72 import com.datastax.driver.core.Cluster;
74 public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> {
76 private static final String USER_PERMS = "userPerms";
77 private static final String CM_ALLOW_TMP = "cm_allow_tmp";
78 private static final Map<String,CA> certAuths = new TreeMap<>();
79 public static Facade1_0 facade1_0; // this is the default Facade
80 public static Facade1_0 facade1_0_XML; // this is the XML Facade
81 public static Map<String, Dated> cacheUser;
82 public static AAFAuthn<?> aafAuthn;
83 public static AAFLurPerm aafLurPerm;
84 public final Cluster cluster;
85 public final LocateDAO locateDAO;
86 public static AuthzEnv envLog;
90 public CMService getService() {
94 * Construct AuthzAPI with all the Context Supporting Routes that Authz needs
100 * @throws APIException
102 public AAF_CM(AuthzEnv env) throws Exception {
103 super(env.access(),env);
104 aafLurPerm = aafCon().newLur();
105 // Note: If you need both Authn and Authz construct the following:
106 aafAuthn = aafCon().newAuthn(aafLurPerm);
108 String aafEnv = env.getProperty(Config.AAF_ENV);
110 throw new APIException("aaf_env needs to be set");
113 // Check for allowing /tmp in Properties
114 String allowTmp = env.getProperty(CM_ALLOW_TMP);
115 if("true".equalsIgnoreCase(allowTmp)) {
116 CertmanValidator.allowTmp();
120 // Initialize Facade for all uses
121 AuthzTrans trans = env.newTrans();
123 cluster = org.onap.aaf.auth.dao.CassAccess.cluster(env,null);
124 locateDAO = new LocateDAO(trans,cluster,CassAccess.KEYSPACE);
126 // Have AAFLocator object Create DirectLocators for Location needs
127 AbsAAFLocator.setCreator(new DirectLocatorCreator(env, locateDAO));
129 // Load Supported Certificate Authorities by property
130 // Note: Some will be dynamic Properties, so we need to look through all
131 for (Entry<Object, Object> es : env.access().getProperties().entrySet()) {
132 String key = es.getKey().toString();
133 if (key.startsWith(CA.CM_CA_PREFIX)) {
134 int idx = key.indexOf('.');
135 if (idx==key.lastIndexOf('.')) { // else it's a regular property
136 env.log(Level.INIT, "Loading Certificate Authority Module: " + key.substring(idx+1));
137 String[] segs = Split.split(',', env.getProperty(key));
139 String[][] multiParams = new String[segs.length-1][];
140 for (int i=0;i<multiParams.length;++i) {
141 multiParams[i]=Split.split(';',segs[1+i]);
143 @SuppressWarnings("unchecked")
144 Class<CA> cac = (Class<CA>)Class.forName(segs[0]);
145 Constructor<CA> cons = cac.getConstructor(new Class<?>[] {
146 Access.class,String.class,String.class,String[][].class
148 Object pinst[] = new Object[4];
150 pinst[1]= key.substring(idx+1);
152 pinst[3] = multiParams;
154 CA ca = cons.newInstance(pinst);
155 certAuths.put(ca.getName(),ca);
156 } catch (InvocationTargetException e) {
157 access.log(e, "Loading", segs[0]);
163 if (certAuths.size()==0) {
164 throw new APIException("No Certificate Authorities have been configured in CertMan");
167 service = getService();
168 if(service == null) {
169 service = new CMService(trans, this);
171 // note: Service knows how to shutdown Cluster on Shutdown, etc. See Constructor
172 facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON); // Default Facade
173 facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML);
177 if (cacheUser == null) {
178 cacheUser = Cache.obtain(USER_PERMS);
179 Cache.startCleansing(env, USER_PERMS);
183 ////////////////////////////////////////////////////////////////////////////
185 ////////////////////////////////////////////////////////////////////////
187 API_Artifact.init(this);
189 StringBuilder sb = new StringBuilder();
190 trans.auditTrail(2, sb);
191 trans.init().log(sb);
194 public CA getCA(String key) {
195 return certAuths.get(key);
200 * Setup XML and JSON implementations for each supported Version type
202 * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
203 * to do Versions and Content switches
206 public void route(HttpMethods meth, String path, API api, Code code) throws Exception {
207 String version = "1.0";
208 // Get Correct API Class from Mapper
209 Class<?> respCls = facade1_0.mapper().getClass(api);
210 if (respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
211 // setup Application API HTML ContentTypes for JSON and Route
212 String application = applicationJSON(respCls, version);
213 route(env,meth,path,code,application,"application/json;version="+version,"*/*");
215 // setup Application API HTML ContentTypes for XML and Route
216 application = applicationXML(respCls, version);
217 route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version);
219 // Add other Supported APIs here as created
222 public void routeAll(HttpMethods meth, String path, API api, Code code) {
223 route(env,meth,path,code,""); // this will always match
227 public Filter[] _filters(Object ... additionalTafLurs) throws CadiException, LocatorException {
229 return new Filter[] {
230 new AuthzTransFilter(env,aafCon(),
231 new AAFTrustChecker((Env)env),
234 } catch (NumberFormatException e) {
235 throw new CadiException("Invalid Property information", e);
239 @SuppressWarnings("unchecked")
241 public Registrant<AuthzEnv>[] registrants(final int port) throws CadiException, LocatorException {
242 return new Registrant[] {
243 new DirectRegistrar(access,locateDAO,port)
247 public void destroy() {
249 locateDAO.close(env.newTransNoAvg());
253 public static void main(final String[] args) {
255 Log4JLogIt logIt = new Log4JLogIt(args, "cm");
256 PropAccess propAccess = new PropAccess(logIt,args);
258 new JettyServiceStarter<AuthzEnv,AuthzTrans>(
259 new AAF_CM(new AuthzEnv(propAccess)),true)
261 } catch (Exception e) {
264 } catch (APIException e) {
265 e.printStackTrace(System.err);