1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package com.att.authz.cm.service;
\r
25 import java.lang.reflect.Constructor;
\r
26 import java.util.ArrayList;
\r
27 import java.util.EnumSet;
\r
28 import java.util.List;
\r
29 import java.util.Map;
\r
30 import java.util.Properties;
\r
31 import java.util.TreeMap;
\r
33 import com.att.aft.dme2.api.DME2Exception;
\r
34 //import com.att.aft.dme2.api.DME2FilterHolder;
\r
35 //import com.att.aft.dme2.api.DME2FilterHolder.RequestDispatcherType;
\r
36 import com.att.aft.dme2.api.DME2Manager;
\r
37 import com.att.aft.dme2.api.DME2Server;
\r
38 import com.att.aft.dme2.api.DME2ServerProperties;
\r
39 import com.att.aft.dme2.api.DME2ServiceHolder;
\r
40 import com.att.aft.dme2.api.util.DME2FilterHolder;
\r
41 import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;
\r
42 import com.att.aft.dme2.api.util.DME2ServletHolder;
\r
43 //import com.att.aft.dme2.api.DME2ServletHolder;
\r
44 import com.att.authz.cm.api.API_Artifact;
\r
45 import com.att.authz.cm.api.API_Cert;
\r
46 import com.att.authz.cm.ca.CA;
\r
47 import com.att.authz.cm.facade.Facade1_0;
\r
48 import com.att.authz.cm.facade.FacadeFactory;
\r
49 import com.att.authz.cm.mapper.Mapper.API;
\r
50 import com.att.authz.env.AuthzEnv;
\r
51 import com.att.authz.env.AuthzTrans;
\r
52 import com.att.authz.env.AuthzTransFilter;
\r
53 import com.att.authz.server.AbsServer;
\r
54 import com.att.cache.Cache;
\r
55 import com.att.cache.Cache.Dated;
\r
56 import com.att.cadi.Access;
\r
57 import com.att.cadi.Access.Level;
\r
58 import com.att.cadi.CadiException;
\r
59 import com.att.cadi.TrustChecker;
\r
60 import com.att.cadi.aaf.v2_0.AAFAuthn;
\r
61 import com.att.cadi.aaf.v2_0.AAFCon;
\r
62 import com.att.cadi.aaf.v2_0.AAFConHttp;
\r
63 import com.att.cadi.aaf.v2_0.AAFLurPerm;
\r
64 import com.att.cadi.aaf.v2_0.AAFTrustChecker;
\r
65 import com.att.cadi.config.Config;
\r
66 import com.att.cssa.rserv.HttpMethods;
\r
67 import com.att.inno.env.APIException;
\r
68 import com.att.inno.env.Data;
\r
69 import com.att.inno.env.Env;
\r
70 import com.att.inno.env.Trans;
\r
71 import com.att.inno.env.util.Split;
\r
73 public class CertManAPI extends AbsServer {
\r
75 private static final String USER_PERMS = "userPerms";
\r
76 private static final Map<String,CA> certAuths = new TreeMap<String,CA>();
\r
77 private static final String AAF_CERTMAN_CA_PREFIX = null;
\r
78 public Facade1_0 facade1_0; // this is the default Facade
\r
79 public Facade1_0 facade1_0_XML; // this is the XML Facade
\r
80 public Map<String, Dated> cacheUser;
\r
81 public AAFAuthn<?> aafAuthn;
\r
82 public AAFLurPerm aafLurPerm;
\r
84 private String[] EMPTY;
\r
85 private AAFCon<?> aafcon;
\r
88 * Construct AuthzAPI with all the Context Supporting Routes that Authz needs
\r
94 * @throws APIException
\r
96 public CertManAPI(AuthzEnv env) throws Exception {
\r
97 super(env,"CertMan");
\r
98 env.setLog4JNames("log4j.properties","authz","cm","audit","init","trace");
\r
100 //aafcon = new AAFConHttp(env);
\r
102 aafLurPerm = aafcon.newLur();
\r
103 // Note: If you need both Authn and Authz construct the following:
\r
104 aafAuthn = aafcon.newAuthn(aafLurPerm);
\r
106 String aaf_env = env.getProperty(Config.AAF_ENV);
\r
107 if(aaf_env==null) {
\r
108 throw new APIException("aaf_env needs to be set");
\r
111 // Initialize Facade for all uses
\r
112 AuthzTrans trans = env.newTrans();
\r
114 // Load Supported Certificate Authorities by property
\r
115 for(String key : env.existingStaticSlotNames()) {
\r
116 if(key.startsWith(AAF_CERTMAN_CA_PREFIX)) {
\r
117 int idx = key.indexOf('.');
\r
118 String[] params = Split.split(';', env.getProperty(key));
\r
119 if(params.length>1) {
\r
120 @SuppressWarnings("unchecked")
\r
121 Class<CA> cac = (Class<CA>)Class.forName((String)params[0]);
\r
122 Class<?> ptype[] = new Class<?>[params.length+1];
\r
123 ptype[0]=Trans.class;
\r
124 ptype[1]=String.class;
\r
125 Object pinst[] = new Object[params.length+1];
\r
127 pinst[1]= key.substring(idx+1);
\r
128 for(int i=1;i<params.length;++i) {
\r
130 ptype[idx]=String.class;
\r
131 pinst[idx]=params[i];
\r
133 Constructor<CA> cons = cac.getConstructor(ptype);
\r
134 CA ca = cons.newInstance(pinst);
\r
135 certAuths.put(ca.getName(),ca);
\r
139 if(certAuths.size()==0) {
\r
140 throw new APIException("No Certificate Authorities have been configured in CertMan");
\r
143 CMService service = new CMService(trans, this);
\r
144 // note: Service knows how to shutdown Cluster on Shutdown, etc. See Constructor
\r
145 facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON); // Default Facade
\r
146 facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML);
\r
149 synchronized(env) {
\r
150 if(cacheUser == null) {
\r
151 cacheUser = Cache.obtain(USER_PERMS);
\r
152 Cache.startCleansing(env, USER_PERMS);
\r
153 Cache.addShutdownHook(); // Setup Shutdown Hook to close cache
\r
157 ////////////////////////////////////////////////////////////////////////////
\r
159 ////////////////////////////////////////////////////////////////////////
\r
160 API_Cert.init(this);
\r
161 API_Artifact.init(this);
\r
163 StringBuilder sb = new StringBuilder();
\r
164 trans.auditTrail(2, sb);
\r
165 trans.init().log(sb);
\r
168 public CA getCA(String key) {
\r
169 return certAuths.get(key);
\r
172 public String[] getTrustChain(String key) {
\r
173 CA ca = certAuths.get(key);
\r
177 return ca.getTrustChain();
\r
182 * Setup XML and JSON implementations for each supported Version type
\r
184 * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
\r
185 * to do Versions and Content switches
\r
188 public void route(HttpMethods meth, String path, API api, Code code) throws Exception {
\r
189 String version = "1.0";
\r
190 // Get Correct API Class from Mapper
\r
191 Class<?> respCls = facade1_0.mapper().getClass(api);
\r
192 if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
\r
193 // setup Application API HTML ContentTypes for JSON and Route
\r
194 String application = applicationJSON(respCls, version);
\r
195 route(env,meth,path,code,application,"application/json;version="+version,"*/*");
\r
197 // setup Application API HTML ContentTypes for XML and Route
\r
198 application = applicationXML(respCls, version);
\r
199 route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version);
\r
201 // Add other Supported APIs here as created
\r
204 public void routeAll(HttpMethods meth, String path, API api, Code code) throws Exception {
\r
205 route(env,meth,path,code,""); // this will always match
\r
210 * Start up AuthzAPI as DME2 Service
\r
213 * @throws DME2Exception
\r
214 * @throws CadiException
\r
216 public void startDME2(Properties props) throws DME2Exception, CadiException {
\r
217 DME2Manager dme2 = new DME2Manager("AAF Certman DME2Manager", props);
\r
220 DME2ServiceHolder svcHolder;
\r
221 List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();
\r
222 svcHolder = new DME2ServiceHolder();
\r
223 String serviceName = env.getProperty("DMEServiceName",null);
\r
224 if(serviceName!=null) {
\r
225 svcHolder.setServiceURI(serviceName);
\r
226 svcHolder.setManager(dme2);
\r
227 svcHolder.setContext("/");
\r
231 DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/cert"});
\r
232 srvHolder.setContextPath("/*");
\r
233 slist.add(srvHolder);
\r
235 EnumSet<RequestDispatcherType> edlist = EnumSet.of(
\r
236 RequestDispatcherType.REQUEST,
\r
237 RequestDispatcherType.FORWARD,
\r
238 RequestDispatcherType.ASYNC
\r
241 ///////////////////////
\r
243 ///////////////////////
\r
244 List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();
\r
246 // Secure all GUI interactions with AuthzTransFilter
\r
247 flist.add(new DME2FilterHolder(
\r
248 new AuthzTransFilter(env,aafcon,TrustChecker.NOTRUST),
\r
252 svcHolder.setFilters(flist);
\r
253 svcHolder.setServletHolders(slist);
\r
255 DME2Server dme2svr = dme2.getServer();
\r
256 DME2ServerProperties dsprops = dme2svr.getServerProperties();
\r
257 dsprops.setGracefulShutdownTimeMs(1000);
\r
259 env.init().log("Starting AAF Certman Jetty/DME2 server...");
\r
262 // if(env.getProperty("NO_REGISTER",null)!=null)
\r
263 dme2.bindService(svcHolder);
\r
264 env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());
\r
265 while(true) { // Per DME2 Examples...
\r
266 Thread.sleep(5000);
\r
268 } catch(InterruptedException e) {
\r
269 env.init().log("AAF Jetty Server interrupted!");
\r
270 } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process
\r
271 env.init().log(e,"DME2 Initialization Error");
\r
276 env.init().log("Properties must contain DMEServiceName");
\r
280 public static void main(String[] args) {
\r
281 setup(CertManAPI.class, "certman.props");
\r
Code Review / aaf / authz.git / blob